libtpms/man/man3/TPMLIB_GetInfo.pod

=head1 NAME

TPMLIB_GetInfo    - Get Information about the TPM implementation

=head1 LIBRARY

TPM library (libtpms, -ltpms)

=head1 SYNOPSIS

B<#include <libtpms/tpm_library.h>>

B<char *TPMLIB_GetInfo(TPMLIB_InfoFlags flags);>

=head1 DESCRIPTION

The B<TPMLIB_GetInfo()> function allows to query for TPM implementation
specifics and get a JSON string in return. Which data is to be returned
can be specified in the flags parameter that may be a logical 'or' concatenation
of flags. If passed flags are not supported, nothing is returned . If a 0 is
passed in, an empty JSON Object '{}' is returned.

The following flags are defined and return JSON objects as shown:

=over 4

=item B<TPMLIB_INFO_TPMSPECIFICATION>

{"TPMSpecification":{"family":"1.2","level":2,"revision":116}}

=item B<TPMLIB_INFO_TPMATTRIBUTES>

{"TPMAttributes":{"manufacturer":"id:00001014","version":"id:00740001","model":"swtpm"}}

=item B<TPMLIB_INFO_TPMFEATURES> (since v0.8.0)

{"TPMFeatures":{"RSAKeySizes":[1024,2048,3072]}}

This JSON object may be extended in the future.

=item B<TPMLIB_INFO_RUNTIME_ALGORITHMS> (since v0.10.0)

 {
   "RuntimeAlgorithms": {
     "Implemented": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac," \
                    "aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384," \
                    "sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa," \
                    "sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108," \
                    "ecc,ecc-min-size=192,ecc-nist,ecc-bn,ecc-nist-p192," \
                    "ecc-nist-p224,ecc-nist-p256,ecc-nist-p384," \
                    "ecc-nist-p521,"ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256," \
                    "symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb," \
                    "cbc,cfb,ecb",
     "CanBeDisabled": "tdes,sha1,sha512,rsassa,rsaes,rsapss,ecmqv,ecc-nist," \
                      "ecc-bn,ecc-nist-p192,ecc-nist-p224,ecc-nist-p521," \
                      "ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,camellia,cmac," \
                      "ctr,ofb,cbc,ecb",
     "Enabled": "rsa,rsa-min-size=1024,hmac,aes,aes-min-size=128,mgf1," \
                "keyedhash,xor,sha256,sha384,null,oaep,ecdsa,ecdh,ecdaa," \
                "sm2,ecschnorr,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc," \
                "ecc-min-size=192,ecc-bn,ecc-nist-p192,ecc-nist-p224," \
                "ecc-nist-p256,ecc-nist-p384,ecc-nist-p521,ecc-bn-p256," \
                "ecc-bn-p638,ecc-sm2-p256,symcipher,camellia," \
                "camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
     "Disabled": "tdes,sha1,sha512,rsassa,rsaes,rsapss,ecmqv,ecc-nist"
   }
 }

This JSON object enumerates all I<implemented> algorithms as well as supported
elliptic curve cryptography (ECC) curves. Those verbs enumerated under
I<CanBeDisabled> represent algorithms and ECC curves that a user may omit from
a profile, thus making them unavailable to applications. The verbs enumerated
under I<Enabled> and I<Disabled> represent algorithms that are enabled and
disabled in the currently active profile.

The verbs I<ecc-nist> and I<ecc-bn> are shortcuts enabling all currently
implemented ECC NIST curves (ecc-nist-p192, ecc-nist-p256, ...) and BN
(Baretto-Naehrig) curves (ecc-bn-p256, ecc-bn-p638). If omitted then the
individual curves can still be enumerated individually to enable them.
Since I<ecc-nist-p256> and I<ecc-nist-p384> cannot be disabled, they must
be enumerated if the I<ecc-nist> shortcut is not used.

Minimum key sizes for rsa, ecc, tdes, aes, and camellia are also described.

When new algorithms and ECC curves are added to the TPM in the future, then
this JSON object will return more algorithms.

=item B<TPMLIB_INFO_RUNTIME_COMMANDS> (since v0.10.0)

{
  "RuntimeCommands": {
    "Implemented": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159," \
                   "0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178," \
                   "0x17a-0x193,0x197,0x199-0x19a",
    "CanBeDisabled": "0x11f,0x121-0x122,0x124-0x128,0x12a-0x12e,0x130," \
                     "0x132-0x13b,0x13d-0x140,0x142,0x146-0x147,0x149-0x14d," \
                     "0x14f-0x152,0x154-0x155,0x159,0x15b,0x15d-0x15e," \
                     "0x160-0x164,0x167-0x168,0x16a-0x172,0x174,0x177-0x178," \
                     "0x17b,0x17f-0x181,0x183-0x184,0x187-0x193,0x197," \
                     0x199-0x19a",
    "Enabled": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e," \
               "0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197," \
               "0x199-0x19a",
    "Disabled": ""
  }
}

This JSON object enumerates all I<implemented> commands by their hexadecimal
numbers and shows which ones can be disabled, which ones are currently
enabled and which ones are disabled.

=item B<TPMLIB_INFO_ACTIVE_PROFILE> (since v0.10.0)

This JSON object shows the currently active profile.

 {
   "ActiveProfile": {
     "Name": "null",
     "StateFormatLevel": 1,
     "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159," \
                 "0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178," \
                 "0x17a-0x193,0x197",
     "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac," \
                   "aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384," \
                   "sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa," \
                   "sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108," \
                   "ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia," \
                   "camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
     "Description": "The profile enables the commands and algorithms that " \
                    "were enabled in libtpms v0.9. This profile is " \
                    "automatically used when the state does not have a " \
                    "profile, for example when it was created by " \
                    "libtpms v0.9 or before."
   }
 }

The above profile is the 'null' profile. If the null profile is used then
the state will again be readable by libtpms v0.9.

=item B<TPMLIB_INFO_AVAILABLE_PROFILES> (since v0.10.0)

This JSON object enumerates available profiles.

 {
   "AvailableProfiles": [
     {
       "Name": "default-v1",
       "StateFormatLevel": 4,
       "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,...",
       "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,...",
       "Description": "This profile enables all currently supported ...",
     },
     {
       "Name": "null",
       "StateFormatLevel": 1,
       "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,...",
       "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,...",
       "Description": "The profile enables the commands and algorithms ...",
     },
     ....
   ]
 }

Future versions of libtpms may enumerate other profiles.

=back

=head1 RETURN VALUE

This function returns a JSON string on success and a NULL pointer if a memory
allocation failure occurred.

The caller must free() the returned string.

=head1 SEE ALSO

=cut