defined various measurement hash and pcr functions

8 files changed, 110 insertions, 43 deletions

diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.c b/src/libpts/pts/components/ita/ita_comp_tboot.c
index 2f798de11..6b514e5c7 100644
--- a/src/libpts/pts/components/ita/ita_comp_tboot.c
+++ b/src/libpts/pts/components/ita/ita_comp_tboot.c
@@ -18,6 +18,7 @@
 #include "ita_comp_func_name.h"
 
 #include "pts/components/pts_component.h"
+#include "pts/components/pts_comp_evidence.h"
 
 #include <debug.h>
 #include <pen/pen.h>
@@ -81,6 +82,7 @@ METHOD(pts_component_t, measure, status_t,
 	pts_comp_evidence_t *evid;
 	char *meas_hex, *pcr_before_hex, *pcr_after_hex;
 	chunk_t measurement, pcr_before, pcr_after;
+	size_t hash_size, pcr_len;
 	pts_pcr_transform_t pcr_transform;
 	pts_meas_algorithms_t hash_algo;
 	
@@ -112,24 +114,26 @@ METHOD(pts_component_t, measure, status_t,
 	}
 
 	hash_algo = pts->get_meas_algorithm(pts);
-	switch (hash_algo)
-	{
-		case PTS_MEAS_ALGO_SHA1:
-			pcr_transform = PTS_PCR_TRANSFORM_MATCH;
-		case PTS_MEAS_ALGO_SHA256:
-		case PTS_MEAS_ALGO_SHA384:
-			pcr_transform = PTS_PCR_TRANSFORM_LONG;
-		case PTS_MEAS_ALGO_NONE:
-		default:
-			pcr_transform = PTS_PCR_TRANSFORM_NO;
-	}
+	hash_size = pts_meas_algo_hash_size(hash_algo);
+	pcr_len = pts->get_pcr_len(pts);
+	pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
 
+	/* get and check the measurement data */
 	measurement = chunk_from_hex(
 					chunk_create(meas_hex, strlen(meas_hex)), NULL);
 	pcr_before = chunk_from_hex(
 					chunk_create(pcr_before_hex, strlen(pcr_before_hex)), NULL);
 	pcr_after = chunk_from_hex(
 					chunk_create(pcr_after_hex, strlen(pcr_after_hex)), NULL);
+	if (pcr_before.len != pcr_len || pcr_after.len != pcr_len ||
+		measurement.len != hash_size)
+	{
+		DBG1(DBG_PTS, "TBOOT measurement or pcr data have the wrong size");
+		free(measurement.ptr);
+		free(pcr_before.ptr);
+		free(pcr_after.ptr);
+		return FAILED;
+	}
 
 	evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
 								this->depth, this->extended_pcr,
@@ -137,8 +141,6 @@ METHOD(pts_component_t, measure, status_t,
 								this->measurement_time, measurement);
 	evid->set_pcr_info(evid, pcr_before, pcr_after);
 
-
-
 	return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
 }
 
diff --git a/src/libpts/pts/components/ita/ita_comp_tgrub.c b/src/libpts/pts/components/ita/ita_comp_tgrub.c
index d54333361..168f116dc 100644
--- a/src/libpts/pts/components/ita/ita_comp_tgrub.c
+++ b/src/libpts/pts/components/ita/ita_comp_tgrub.c
@@ -73,6 +73,7 @@ METHOD(pts_component_t, measure, status_t,
 	chunk_t measurement, pcr_before, pcr_after;
 	pts_pcr_transform_t pcr_transform;
 	pts_meas_algorithms_t hash_algo;
+	size_t hash_size, pcr_len;
 
 	/* Provisional implementation for TGRUB */
 	extended_pcr = PCR_DEBUG;
@@ -85,22 +86,14 @@ METHOD(pts_component_t, measure, status_t,
 	}
 
 	hash_algo = pts->get_meas_algorithm(pts);
-	switch (hash_algo)
-	{
-		case PTS_MEAS_ALGO_SHA1:
-			pcr_transform = PTS_PCR_TRANSFORM_MATCH;
-		case PTS_MEAS_ALGO_SHA256:
-		case PTS_MEAS_ALGO_SHA384:
-			pcr_transform = PTS_PCR_TRANSFORM_LONG;
-		case PTS_MEAS_ALGO_NONE:
-		default:
-			pcr_transform = PTS_PCR_TRANSFORM_NO;
-	}
+	hash_size = pts_meas_algo_hash_size(hash_algo);
+	pcr_len = pts->get_pcr_len(pts);
+	pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
 
-	measurement = chunk_alloc(HASH_SIZE_SHA1);
+	measurement = chunk_alloc(hash_size);
 	memset(measurement.ptr, 0x00, measurement.len);
 		
-	pcr_before = chunk_alloc(PCR_LEN);
+	pcr_before = chunk_alloc(pcr_len);
 	memset(pcr_before.ptr, 0x00, pcr_before.len);
 
 	evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
@@ -167,7 +160,7 @@ pts_component_t *pts_ita_comp_tgrub_create(u_int8_t qualifier, u_int32_t depth)
 			.verify = _verify,
 			.destroy = _destroy,
 		},
-		.name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TBOOT,
+		.name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TGRUB,
 										  qualifier),
 		.depth = depth,
 	);
diff --git a/src/libpts/pts/components/pts_comp_evidence.c b/src/libpts/pts/components/pts_comp_evidence.c
index a1e590243..9eb8dae75 100644
--- a/src/libpts/pts/components/pts_comp_evidence.c
+++ b/src/libpts/pts/components/pts_comp_evidence.c
@@ -106,6 +106,7 @@ METHOD(pts_comp_evidence_t, get_extended_pcr, u_int32_t,
 {
 	return this->extended_pcr;
 }
+
 METHOD(pts_comp_evidence_t, get_measurement, chunk_t,
 	private_pts_comp_evidence_t *this, u_int32_t *extended_pcr,
 	pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform,
@@ -224,3 +225,27 @@ pts_comp_evidence_t *pts_comp_evidence_create(pts_comp_func_name_t *name,
 	return &this->public;
 }
 
+/**
+ * See header
+ */
+pts_pcr_transform_t pts_meas_algo_to_pcr_transform(pts_meas_algorithms_t algo,
+												   size_t pcr_len)
+{
+	size_t hash_size;
+
+	hash_size = pts_meas_algo_hash_size(algo);
+	if (hash_size == 0)
+	{
+		return PTS_PCR_TRANSFORM_NO;
+	}
+	if (hash_size == pcr_len)
+	{
+		return PTS_PCR_TRANSFORM_MATCH;
+	}
+	if (hash_size > pcr_len)
+	{
+		return PTS_PCR_TRANSFORM_LONG;
+	}
+	return PTS_PCR_TRANSFORM_SHORT;
+}
+
diff --git a/src/libpts/pts/components/pts_comp_evidence.h b/src/libpts/pts/components/pts_comp_evidence.h
index a6b1bf768..fe86aa940 100644
--- a/src/libpts/pts/components/pts_comp_evidence.h
+++ b/src/libpts/pts/components/pts_comp_evidence.h
@@ -157,4 +157,14 @@ pts_comp_evidence_t* pts_comp_evidence_create(pts_comp_func_name_t *name,
 											  time_t measurement_time,
 											  chunk_t measurement);
 
+/**
+ * Determine transform to fit measurement hash into PCR register
+ *
+ * @param algo					Measurement hash algorithm 
+ * @param pcr_len				Length of the PCR registers in bytes
+ * @return						PCR transform type
+ */
+pts_pcr_transform_t pts_meas_algo_to_pcr_transform(pts_meas_algorithms_t algo,
+												   size_t pcr_len);
+
 #endif /** PTS_COMP_EVIDENCE_H_ @}*/
diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c
index 496dc885c..873678043 100644
--- a/src/libpts/pts/pts.c
+++ b/src/libpts/pts/pts.c
@@ -29,6 +29,16 @@
 
 #define PTS_BUF_SIZE	4096
 
+/**
+ * Maximum number of PCR's of TPM, TPM Spec 1.2
+ */
+#define PCR_MAX_NUM				24
+
+/**
+ * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
+ */
+#define PCR_LEN					20
+
 typedef struct private_pts_t private_pts_t;
 
 /**
@@ -349,6 +359,12 @@ METHOD(pts_t, set_tpm_version_info, void,
 	print_tpm_version_info(this);
 }
 
+METHOD(pts_t, get_pcr_len, size_t,
+	private_pts_t *this)
+{
+	return this->pcr_len;
+}
+
 /**
  * Load an AIK Blob (TSS_TSPATTRIB_KEYBLOB_BLOB attribute)
  */
@@ -1491,6 +1507,7 @@ pts_t *pts_create(bool is_imc)
 			.set_platform_info = _set_platform_info,
 			.get_tpm_version_info = _get_tpm_version_info,
 			.set_tpm_version_info = _set_tpm_version_info,
+			.get_pcr_len = _get_pcr_len,
 			.get_aik = _get_aik,
 			.set_aik = _set_aik,
 			.is_path_valid = _is_path_valid,
@@ -1519,6 +1536,7 @@ pts_t *pts_create(bool is_imc)
 		if (has_tpm(this))
 		{
 			this->has_tpm = TRUE;
+			this->pcr_len = PCR_LEN;
 			this->proto_caps |= PTS_PROTO_CAPS_T | PTS_PROTO_CAPS_D;
 			load_aik(this);
 			load_aik_blob(this);
diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h
index 095fe0718..3a40c1e1d 100644
--- a/src/libpts/pts/pts.h
+++ b/src/libpts/pts/pts.h
@@ -68,27 +68,11 @@ typedef struct pts_t pts_t;
 #define PCR_DEBUG						16
 
 /**
- * Number of sequences for functional components
- */
-#define TBOOT_SEQUENCE_COUNT			2
-#define TGRUB_SEQUENCE_COUNT			6
-
-/**
  * Length of the generated nonce used for calculation of shared secret
  */
 #define ASSESSMENT_SECRET_LEN	20
 
 /**
- * Maximum number of PCR's of TPM, TPM Spec 1.2
- */
-#define PCR_MAX_NUM				24
-
-/**
- * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
- */
-#define PCR_LEN					20
-
-/**
  * Lenght of the TPM_QUOTE_INFO structure, TPM Spec 1.2
  */
 #define TPM_QUOTE_INFO_LEN		48
@@ -241,6 +225,13 @@ struct pts_t {
 	void (*set_tpm_version_info)(pts_t *this, chunk_t info);
 
 	/**
+	 * Get the length of the TPM PCR registers
+	 *
+	 * @return					Length of PCR registers in bytes, 0 if undefined
+	 */
+	size_t (*get_pcr_len)(pts_t *this);
+
+	/**
 	 * Get Attestation Identity Certificate or Public Key
 	 *
 	 * @return					AIK Certificate or Public Key
diff --git a/src/libpts/pts/pts_meas_algo.c b/src/libpts/pts/pts_meas_algo.c
index e8f3aa378..865857d3c 100644
--- a/src/libpts/pts/pts_meas_algo.c
+++ b/src/libpts/pts/pts_meas_algo.c
@@ -148,3 +148,23 @@ hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm)
 			return HASH_UNKNOWN;
 	}
 }
+
+/**
+ * Described in header.
+ */
+size_t pts_meas_algo_hash_size(pts_meas_algorithms_t algorithm)
+{
+	switch (algorithm)
+	{
+		case PTS_MEAS_ALGO_SHA1:
+			return HASH_SIZE_SHA1;
+		case PTS_MEAS_ALGO_SHA256:
+			return HASH_SIZE_SHA256;
+		case PTS_MEAS_ALGO_SHA384:
+			return HASH_SIZE_SHA384;
+		case PTS_MEAS_ALGO_NONE:
+		default:
+			return 0;
+	}
+}
+
diff --git a/src/libpts/pts/pts_meas_algo.h b/src/libpts/pts/pts_meas_algo.h
index bb34a6ac3..1d96a4946 100644
--- a/src/libpts/pts/pts_meas_algo.h
+++ b/src/libpts/pts/pts_meas_algo.h
@@ -94,4 +94,12 @@ pts_meas_algorithms_t pts_meas_algo_select(pts_meas_algorithms_t supported_algos
  */
 hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm);
 
+/**
+ * Return the hash size of a pts_meas_algorithm
+ *
+ * @param algorithm		PTS measurement algorithm type
+ * @return				hash size in bytes
+ */
+size_t pts_meas_algo_hash_size(pts_meas_algorithms_t algorithm);
+
 #endif /** PTS_MEAS_ALGO_H_ @}*/