Implemented matching of Optional PCR Composite field value when Hashing was done to reduce the size of it

Optional Composite Hash Algorithm field is always present, has value of all zeroes if was not used

2 files changed, 16 insertions, 8 deletions

diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
index cbb3dc3d5..874820202 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
@@ -441,6 +441,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 		{
 			enumerator_t *e;
 			pts_simple_evid_final_flag_t flags;
+			pts_meas_algorithms_t composite_algorithm = 0;
 			chunk_t pcr_composite, quote_signature;
 			u_int32_t num_of_evidences, i = 0;
 			u_int32_t *pcrs;
@@ -478,9 +479,11 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 	
 			/* Send Simple Evidence Final attribute */
 			flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO;
+			composite_algorithm |= PTS_MEAS_ALGO_SHA1;
 			
-			attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags, 0,
-								pcr_composite, quote_signature, chunk_empty);
+			attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags,
+								composite_algorithm, pcr_composite,
+								quote_signature, chunk_empty);
 			attr_list->insert_last(attr_list, attr);
 					
 			DESTROY_IF(e);
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
index aa2b0fe17..1ba627ec9 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@@ -283,17 +283,21 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 		{
 			tcg_pts_attr_simple_evid_final_t *attr_cast;
 			pts_simple_evid_final_flag_t flags;
+			pts_meas_algorithms_t composite_algorithm;
 			chunk_t pcr_comp;
 			chunk_t tpm_quote_sign;
 			chunk_t evid_sign;
 			bool evid_signature_included;
-					
-			/** TODO: Ignoring Composite Hash Algorithm field
-			 * No flag defined which indicates the precense of it
-			 */
+			
 			attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
 			evid_signature_included = attr_cast->is_evid_sign_included(attr_cast);
 			flags = attr_cast->get_flags(attr_cast);
+			
+			/** Optional Composite Hash Algorithm field is always present
+			 * Field has value of all zeroes if not used.
+			 * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
+			 */
+			composite_algorithm = attr_cast->get_comp_hash_algorithm(attr_cast);
 
 			if ((flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2) ||
 				(flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER))
@@ -310,13 +314,14 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 				tpm_quote_sign = attr_cast->get_tpm_quote_sign(attr_cast);
 
 				/* Construct PCR Composite and TPM Quote Info structures*/
-				if (!pts->get_quote_info(pts, &pcr_composite, &quote_info))
+				if (!pts->get_quote_info(pts, composite_algorithm,
+					&pcr_composite, &quote_info))
 				{
 					DBG1(DBG_IMV, "unable to contruct TPM Quote Info");
 					return FALSE;
 				}
 
-				/* Check calculated PCR composite structure matches with received */
+				/* Check calculated PCR composite matches with received */
 				if (pcr_comp.ptr && !chunk_equals(pcr_comp, pcr_composite))
 				{
 					DBG1(DBG_IMV, "received PCR Compsosite didn't match"