diff options
| author | Sansar Choinyambuu <schoinya@hsr.ch> | 2011-10-19 13:54:29 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-11-28 19:06:35 +0100 |
| commit | db15e3a0d9fb9f4a84f08845f7ed1f96c669de3d (patch) | |
| tree | 965b97a2ff5fd8a732b077804e7176643fd1e3f0 /src | |
| parent | 54c0e80f92e6ae98c8efdf4e67ae57f566ddcfcc (diff) | |
| download | strongswan-db15e3a0d9fb9f4a84f08845f7ed1f96c669de3d.tar.bz2 strongswan-db15e3a0d9fb9f4a84f08845f7ed1f96c669de3d.tar.xz | |
Changed definition of pcr_value in pcr_entry_t structure
Implemented function to check if recevied PCR after value matches with any configured pcr value
Diffstat (limited to 'src')
| -rw-r--r-- | src/libpts/pts/pts.c | 40 | ||||
| -rw-r--r-- | src/libpts/pts/pts.h | 7 |
2 files changed, 47 insertions, 0 deletions
diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index 0f850f292..1178a0f90 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -984,6 +984,45 @@ static u_int32_t get_max_pcr_index(private_pts_t *this) return ret; } +METHOD(pts_t, does_pcr_value_match, bool, + private_pts_t *this, chunk_t pcr_after_value) +{ + linked_list_t *entries; + enumerator_t *e; + pcr_entry_t *pcr_entry; + bool match_found = FALSE; + + if (!load_pcr_entries(&entries)) + { + DBG1(DBG_PTS, "failed to load PCR entries"); + return FALSE; + } + + e = entries->create_enumerator(entries); + while (e->enumerate(e, &pcr_entry)) + { + if (chunk_equals(chunk_create(pcr_entry->pcr_value, PCR_LEN), pcr_after_value)) + { + DBG1(DBG_PTS, "PCR %d value matched with configured value", + pcr_entry->pcr_number); + match_found = TRUE; + break; + } + } + + DESTROY_IF(e); + DESTROY_IF(entries); + free(pcr_entry); + + if (match_found) + { + return TRUE; + } + + DBG1(DBG_PTS, "PCR after value didn't match with any of the configured values"); + return FALSE; +} + /** * 1. build a TCPA_PCR_COMPOSITE structure which contains (pcrCompositeBuf) * TCPA_PCR_SELECTION structure (bitmask length + bitmask) @@ -1045,6 +1084,7 @@ METHOD(pts_t, get_quote_info, bool, u_int32_t index = pcr_entry->pcr_number; mask_bytes[index / 8] |= (1 << (index % 8)); } + e->destroy(e); for (i = 0; i< bitmask_len ; i++) diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h index 5b8d8986f..41f81e40f 100644 --- a/src/libpts/pts/pts.h +++ b/src/libpts/pts/pts.h @@ -389,6 +389,13 @@ struct pts_t { chunk_t *pcr_composite, chunk_t *quote_signature); /** + * Check PCR after value in Simple Component Evidence matches configured value + * + * @return FALSE in case of any error or non-match, TRUE otherwise + */ + bool (*does_pcr_value_match)(pts_t *this, chunk_t pcr_after_value); + + /** * Constructs and returns PCR Quote Digest structure expected from IMC * * @param digest Output variable to store quote digest |