diff options
| -rw-r--r-- | src/libimcv/plugins/imc_attestation/imc_attestation_process.c | 7 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/imv_attestation_process.c | 17 | ||||
| -rw-r--r-- | src/libpts/pts/pts.c | 36 | ||||
| -rw-r--r-- | src/libpts/pts/pts.h | 4 | ||||
| -rw-r--r-- | src/libpts/tcg/tcg_pts_attr_simple_evid_final.c | 26 |
5 files changed, 61 insertions, 29 deletions
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c index cbb3dc3d5..874820202 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c @@ -441,6 +441,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, { enumerator_t *e; pts_simple_evid_final_flag_t flags; + pts_meas_algorithms_t composite_algorithm = 0; chunk_t pcr_composite, quote_signature; u_int32_t num_of_evidences, i = 0; u_int32_t *pcrs; @@ -478,9 +479,11 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send Simple Evidence Final attribute */ flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO; + composite_algorithm |= PTS_MEAS_ALGO_SHA1; - attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags, 0, - pcr_composite, quote_signature, chunk_empty); + attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags, + composite_algorithm, pcr_composite, + quote_signature, chunk_empty); attr_list->insert_last(attr_list, attr); DESTROY_IF(e); diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c index aa2b0fe17..1ba627ec9 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c @@ -283,17 +283,21 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, { tcg_pts_attr_simple_evid_final_t *attr_cast; pts_simple_evid_final_flag_t flags; + pts_meas_algorithms_t composite_algorithm; chunk_t pcr_comp; chunk_t tpm_quote_sign; chunk_t evid_sign; bool evid_signature_included; - - /** TODO: Ignoring Composite Hash Algorithm field - * No flag defined which indicates the precense of it - */ + attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr; evid_signature_included = attr_cast->is_evid_sign_included(attr_cast); flags = attr_cast->get_flags(attr_cast); + + /** Optional Composite Hash Algorithm field is always present + * Field has value of all zeroes if not used. + * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 + */ + composite_algorithm = attr_cast->get_comp_hash_algorithm(attr_cast); if ((flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2) || (flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER)) @@ -310,13 +314,14 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, tpm_quote_sign = attr_cast->get_tpm_quote_sign(attr_cast); /* Construct PCR Composite and TPM Quote Info structures*/ - if (!pts->get_quote_info(pts, &pcr_composite, "e_info)) + if (!pts->get_quote_info(pts, composite_algorithm, + &pcr_composite, "e_info)) { DBG1(DBG_IMV, "unable to contruct TPM Quote Info"); return FALSE; } - /* Check calculated PCR composite structure matches with received */ + /* Check calculated PCR composite matches with received */ if (pcr_comp.ptr && !chunk_equals(pcr_comp, pcr_composite)) { DBG1(DBG_IMV, "received PCR Compsosite didn't match" diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index df84e1cfc..29327e15f 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -1003,11 +1003,12 @@ METHOD(pts_t, add_pcr_entry, void, */ METHOD(pts_t, get_quote_info, bool, - private_pts_t *this, chunk_t *out_pcr_composite, chunk_t *out_quote_info) + private_pts_t *this, pts_meas_algorithms_t composite_algo, + chunk_t *out_pcr_composite, chunk_t *out_quote_info) { enumerator_t *e; pcr_entry_t *pcr_entry; - chunk_t pcr_composite; + chunk_t pcr_composite, hash_pcr_composite; u_int32_t pcr_composite_len; bio_writer_t *writer; u_int8_t mask_bytes[PCR_MASK_LEN] = {0,0,0}, i; @@ -1068,14 +1069,33 @@ METHOD(pts_t, get_quote_info, bool, writer->write_uint8(writer, 'O'); writer->write_uint8(writer, 'T'); - /* SHA1 hash of PCR Composite Structure */ - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - hasher->allocate_hash(hasher, pcr_composite, out_pcr_composite); - DBG4(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite); + /* Output the TPM_PCR_COMPOSITE expected from IMC */ + if (composite_algo) + { + hash_algorithm_t algo; + + algo = pts_meas_algo_to_hash(composite_algo); + hasher = lib->crypto->create_hasher(lib->crypto, algo); - chunk_clear(&pcr_composite); + /* Hash the PCR Composite Structure */ + hasher->allocate_hash(hasher, pcr_composite, out_pcr_composite); + DBG4(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite); + hasher->destroy(hasher); + } + else + { + *out_pcr_composite = chunk_clone(pcr_composite); + DBG4(DBG_PTS, "calculated PCR Composite: %B", out_pcr_composite); + } + + /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */ + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + hasher->allocate_hash(hasher, pcr_composite, &hash_pcr_composite); hasher->destroy(hasher); - writer->write_data(writer, *out_pcr_composite); + + writer->write_data(writer, hash_pcr_composite); + chunk_clear(&pcr_composite); + chunk_clear(&hash_pcr_composite); if (!this->secret.ptr) { diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h index 932bf2f69..84175d7ce 100644 --- a/src/libpts/pts/pts.h +++ b/src/libpts/pts/pts.h @@ -289,8 +289,8 @@ struct pts_t { * @param quote_info Output variable to store TPM Quote Info * @return FALSE in case of any error, TRUE otherwise */ - bool (*get_quote_info)(pts_t *this, chunk_t *pcr_composite, - chunk_t *quote_info); + bool (*get_quote_info)(pts_t *this, pts_meas_algorithms_t composite_algo, + chunk_t *pcr_composite, chunk_t *quote_info); /** * Constructs and returns PCR Quote Digest structure expected from IMC diff --git a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c index 833b1017e..c6a5af3e1 100644 --- a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c +++ b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c @@ -167,11 +167,13 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint8 (writer, flags); writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED); + /** Optional Composite Hash Algorithm field is always present + * Field has value of all zeroes if not used. + * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 + */ + writer->write_uint16(writer, this->comp_hash_algorithm); + /* Optional fields */ - if (this->comp_hash_algorithm) - { - writer->write_uint16(writer, this->comp_hash_algorithm); - } if (this->pcr_comp.ptr && this->pcr_comp.len > 0) { writer->write_uint32 (writer, this->pcr_comp.len); @@ -197,7 +199,7 @@ METHOD(pa_tnc_attr_t, process, status_t, bio_reader_t *reader; u_int8_t flags; u_int8_t reserved; - /** u_int16_t algorithm;*/ + u_int16_t algorithm; if (this->value.len < PTS_SIMPLE_EVID_FINAL_SIZE) { @@ -232,18 +234,20 @@ METHOD(pa_tnc_attr_t, process, status_t, } reader->read_uint8(reader, &reserved); + + /** Optional Composite Hash Algorithm field is always present + * Field has value of all zeroes if not used. + * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 + */ + + reader->read_uint16(reader, &algorithm); + this->comp_hash_algorithm = algorithm; /* Optional Composite Hash Algorithm and TPM PCR Composite field is included */ if (this->flags != PTS_SIMPLE_EVID_FINAL_FLAG_NO) { u_int32_t pcr_comp_len, tpm_quote_sign_len; - /** TODO: Ignoring Hashing algorithm field - * There is no flag defined which indicates the precense of it - * reader->read_uint16(reader, &algorithm); - * this->comp_hash_algorithm = algorithm; - */ - reader->read_uint32(reader, &pcr_comp_len); reader->read_data(reader, pcr_comp_len, &this->pcr_comp); this->pcr_comp = chunk_clone(this->pcr_comp); |