diff options
| author | Sansar Choinyambuu <schoinya@hsr.ch> | 2011-10-28 16:17:27 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-11-28 14:39:52 +0100 |
| commit | cb83fb3b72691dc5db1ee83c6d40b6489a7efce8 (patch) | |
| tree | 5f1ed01c30567f9ff6346252a22f3841a38e7908 | |
| parent | 6c5c5b6a2e6050d3598536a7df3cfbfb04c9e55e (diff) | |
| download | strongswan-cb83fb3b72691dc5db1ee83c6d40b6489a7efce8.tar.bz2 strongswan-cb83fb3b72691dc5db1ee83c6d40b6489a7efce8.tar.xz | |
Both D and T flags required to be set for PTS Component Measurement
DH Finish is sent only when D flag is set in TPM_INIT phase
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/imv_attestation_build.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c index bea77d12f..6837073f1 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c @@ -42,6 +42,8 @@ bool imv_attestation_build(pa_tnc_msg_t *msg, handshake_state = attestation_state->get_handshake_state(attestation_state); pts = attestation_state->get_pts(attestation_state); + /* D-H attributes are redundant */ + /* when D-H Nonce Exchange is not selected on IMC side */ if (handshake_state == IMV_ATTESTATION_STATE_NONCE_REQ && !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D)) { @@ -49,6 +51,8 @@ bool imv_attestation_build(pa_tnc_msg_t *msg, "advancing to TPM Initialization phase"); handshake_state = IMV_ATTESTATION_STATE_TPM_INIT; } + /* TPM Version Info, AIK attributes are redundant */ + /* when TPM is not available on IMC side */ if (handshake_state == IMV_ATTESTATION_STATE_TPM_INIT && !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T)) { @@ -56,8 +60,11 @@ bool imv_attestation_build(pa_tnc_msg_t *msg, "advancing to File Measurement phase"); handshake_state = IMV_ATTESTATION_STATE_MEAS; } + /* Component Measurement cannot be done without D-H Nonce Exchange */ + /* or TPM on IMC side */ if (handshake_state == IMV_ATTESTATION_STATE_COMP_EVID && - !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T)) + (!(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T) || + !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D)) ) { DBG1(DBG_IMV, "PTS-IMC has not got TPM available," "skipping Component Measurement phase"); @@ -107,13 +114,16 @@ bool imv_attestation_build(pa_tnc_msg_t *msg, pts_meas_algorithms_t selected_algorithm; chunk_t initiator_value, initiator_nonce; - /* Send DH nonce finish attribute */ - selected_algorithm = pts->get_meas_algorithm(pts); - pts->get_my_public_value(pts, &initiator_value, &initiator_nonce); - attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm, - initiator_value, initiator_nonce); - attr->set_noskip_flag(attr, TRUE); - msg->add_attribute(msg, attr); + if ((pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D)) + { + /* Send DH nonce finish attribute */ + selected_algorithm = pts->get_meas_algorithm(pts); + pts->get_my_public_value(pts, &initiator_value, &initiator_nonce); + attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm, + initiator_value, initiator_nonce); + attr->set_noskip_flag(attr, TRUE); + msg->add_attribute(msg, attr); + } /* Send Get TPM Version attribute */ attr = tcg_pts_attr_get_tpm_version_info_create(); |