diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-11-22 21:18:13 +0100 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-11-28 21:22:51 +0100 |
commit | db103fada4ba34c1a0ff8584fe3122231bea2277 (patch) | |
tree | 02ac1fe2573989b8bcfd32f6385a6ee5dd0ef59b /src/libimcv | |
parent | 8d851141b77718c0650373d7efd84119cece43e5 (diff) | |
download | strongswan-db103fada4ba34c1a0ff8584fe3122231bea2277.tar.bz2 strongswan-db103fada4ba34c1a0ff8584fe3122231bea2277.tar.xz |
refactored simple_evid_final attribute
Diffstat (limited to 'src/libimcv')
-rw-r--r-- | src/libimcv/plugins/imc_attestation/imc_attestation_process.c | 17 | ||||
-rw-r--r-- | src/libimcv/plugins/imv_attestation/imv_attestation_process.c | 81 |
2 files changed, 33 insertions, 65 deletions
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c index f65f6faee..94773afe7 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c @@ -405,9 +405,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, case TCG_PTS_GEN_ATTEST_EVID: { pts_simple_evid_final_flag_t flags; - pts_meas_algorithms_t composite_algorithm = 0; + pts_meas_algorithms_t comp_hash_algorithm; pts_comp_evidence_t *evid; - chunk_t pcr_composite, quote_signature; + chunk_t pcr_composite, quote_sig; bool use_quote2; /* Send buffered Simple Component Evidences */ @@ -424,20 +424,19 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, "libimcv.plugins.imc-attestation.use_quote2", TRUE); /* Quote */ - if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_signature)) + if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_sig)) { DBG1(DBG_IMC, "error occured during TPM quote operation"); return FALSE; } /* Send Simple Evidence Final attribute */ - flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2: - PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO; - composite_algorithm |= PTS_MEAS_ALGO_SHA1; + flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 : + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO; + comp_hash_algorithm == PTS_MEAS_ALGO_SHA1; - attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags, - composite_algorithm, pcr_composite, - quote_signature, chunk_empty); + attr = tcg_pts_attr_simple_evid_final_create(flags, + comp_hash_algorithm, pcr_composite, quote_sig); attr_list->insert_last(attr_list, attr); break; } diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c index c0f30abca..194bb8b4d 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c @@ -298,86 +298,55 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, case TCG_PTS_SIMPLE_EVID_FINAL: { tcg_pts_attr_simple_evid_final_t *attr_cast; - pts_simple_evid_final_flag_t flags; - pts_meas_algorithms_t composite_algorithm; - chunk_t pcr_comp; - chunk_t tpm_quote_sign; - chunk_t evid_sign; - bool evid_signature_included = FALSE, use_quote2 = FALSE, - ver_info_included = FALSE; + u_int8_t flags; + pts_meas_algorithms_t comp_hash_algorithm; + chunk_t pcr_comp, tpm_quote_sig, evid_sig; chunk_t pcr_composite, quote_info; + bool use_quote2, use_ver_info; attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr; - evid_signature_included = attr_cast->is_evid_sign_included(attr_cast); - flags = attr_cast->get_flags(attr_cast); - - /** Optional Composite Hash Algorithm field is always present - * Field has value of all zeroes if not used. - * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 - */ - composite_algorithm = attr_cast->get_comp_hash_algorithm(attr_cast); + flags = attr_cast->get_quote_info(attr_cast, &comp_hash_algorithm, + &pcr_comp, &tpm_quote_sig); - if (flags != PTS_SIMPLE_EVID_FINAL_FLAG_NO) + if (flags != PTS_SIMPLE_EVID_FINAL_NO) { - if ((flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2) || - (flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER)) - { - use_quote2 = TRUE; - } - if (flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER) - { - ver_info_included = TRUE; - } - - pcr_comp = attr_cast->get_pcr_comp(attr_cast); - tpm_quote_sign = attr_cast->get_tpm_quote_sign(attr_cast); - - if (!pcr_comp.ptr || !tpm_quote_sign.ptr) - { - DBG1(DBG_IMV, "PCR composite: %B", &pcr_comp); - DBG1(DBG_IMV, "TPM Quote Signature: %B", &tpm_quote_sign); - DBG1(DBG_IMV, "Either PCR Composite or Quote Signature missing"); - return FALSE; - } + use_quote2 = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 || + flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER); + use_ver_info = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER); /* Construct PCR Composite and TPM Quote Info structures */ - if (!pts->get_quote_info(pts, use_quote2, ver_info_included, - composite_algorithm, &pcr_composite, "e_info)) + if (!pts->get_quote_info(pts, use_quote2, use_ver_info, + comp_hash_algorithm, &pcr_composite, "e_info)) { - DBG1(DBG_IMV, "unable to contruct TPM Quote Info"); + DBG1(DBG_IMV, "unable to compute TPM Quote Info"); return FALSE; } if (!chunk_equals(pcr_comp, pcr_composite)) { - DBG1(DBG_IMV, "received PCR Composite didn't match " - "with constructed"); - chunk_clear(&pcr_composite); - chunk_clear("e_info); + DBG1(DBG_IMV, "received and computed PCR Composite match"); + free(pcr_composite.ptr); + free(quote_info.ptr); return FALSE; } - DBG2(DBG_IMV, "received PCR Composite matches with constructed"); - chunk_clear(&pcr_composite); + DBG2(DBG_IMV, "received and computed PCR Composite do not match"); + free(pcr_composite.ptr); - if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sign)) + if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig)) { - chunk_clear("e_info); + free(quote_info.ptr); return FALSE; } - - DBG2(DBG_IMV, "signature verification succeeded for " - "TPM Quote Info"); - chunk_clear("e_info); + DBG2(DBG_IMV, "TPM Quote Info signature verification successful"); + free(quote_info.ptr); } - if (evid_signature_included) + if (attr_cast->get_evid_sig(attr_cast, &evid_sig)) { /** TODO: What to do with Evidence Signature */ - evid_sign = attr_cast->get_evid_sign(attr_cast); - DBG1(DBG_IMV, "This version of Attestation IMV can not handle" - " Optional Evidence Signature field"); + DBG1(DBG_IMV, "This version of the Attestation IMV can not " + "handle Evidence Signatures"); } - break; } |