#include <debug.h>
#define DEFAULT_NONCE_LEN 20
-#define EXTEND_PCR 16
+
+/**
+ * Set parameters of Simple Component Evidence
+ */
+static bool set_simple_comp_evid_params(pts_ita_funct_comp_name_t name,
+ tcg_pts_attr_simple_comp_evid_params_t *out)
+{
+ tcg_pts_attr_simple_comp_evid_params_t params;
+ pts_qualifier_t qualifier;
+ time_t measurement_time_t;
+ struct tm *time_now;
+ char *utc_time;
+
+ params.name = name;
+ params.pcr_info_included = TRUE;
+ params.flags = PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID;
+ params.depth = 0;
+ params.vendor_id = PEN_ITA;
+
+ qualifier.kernel = FALSE;
+ qualifier.sub_component = FALSE;
+ qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED;
+ params.qualifier = qualifier;
+ /* The measurements done by tboot and trustedGRUB are SHA1 hashes */
+ params.hash_algorithm = TRUSTED_HASH_ALGO;
+ params.transformation = PTS_PCR_TRANSFORM_NO;
+
+ measurement_time_t = time(NULL);
+ if (!measurement_time_t)
+ {
+ params.measurement_time = chunk_create("0000-00-00T00:00:00Z", 20);
+ params.measurement_time = chunk_clone(params.measurement_time);
+ }
+ else
+ {
+ time_now = localtime(&measurement_time_t);
+ if (asprintf(&utc_time,
+ "%d-%2.2d-%2.2dT%2.2d:%2.2d:%2.2dZ",
+ time_now->tm_year + 1900,
+ time_now->tm_mon + 1,
+ time_now->tm_mday,
+ time_now->tm_hour,
+ time_now->tm_min,
+ time_now->tm_sec) < 0)
+ {
+ DBG1(DBG_IMC, "could not format local time to UTC");
+ return FALSE;
+ }
+ params.measurement_time = chunk_create(utc_time, 20);
+ params.measurement_time = chunk_clone(params.measurement_time);
+ free(utc_time);
+ }
+ params.policy_uri = chunk_empty;
+ params.measurement = chunk_empty;
+
+ params.pcr_before = chunk_alloc(PCR_LEN);
+ memset(params.pcr_before.ptr, 0, PCR_LEN);
+
+ /* Set extended PCR, which varies from component to component */
+ if (params.name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY)
+ {
+ params.extended_pcr = PCR_TBOOT_POLICY;
+ }
+ else if (params.name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE)
+ {
+ params.extended_pcr = PCR_TBOOT_MLE;
+ }
+ else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_MBR_STAGE1)
+ {
+ params.extended_pcr = PCR_TGRUB_MBR_STAGE1;
+ }
+ else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_STAGE2_PART1)
+ {
+ params.extended_pcr = PCR_TGRUB_STAGE2_PART1;
+ }
+ else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_STAGE2_PART2)
+ {
+ params.extended_pcr = PCR_TGRUB_STAGE2_PART2;
+ }
+ else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_CMD_LINE_ARGS)
+ {
+ params.extended_pcr = PCR_TGRUB_CMD_LINE_ARGS;
+ }
+ else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_CHECKFILE)
+ {
+ params.extended_pcr = PCR_TGRUB_CHECKFILE;
+ }
+ else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_LOADED_FILES)
+ {
+ params.extended_pcr = PCR_TGRUB_LOADED_FILES;
+ }
+ else
+ {
+ DBG1(DBG_IMC, "unsupported Functional Component Name: %d", params.name);
+ return FALSE;
+ }
+
+ *out = params;
+ return TRUE;
+}
bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
imc_attestation_state_t *attestation_state,
u_int32_t comp_name_vendor_id;
u_int8_t family;
pts_qualifier_t qualifier;
- pts_funct_comp_name_t name;
+ pts_ita_funct_comp_name_t name;
attr_info = attr->get_value(attr);
attr_cast = (tcg_pts_attr_req_funct_comp_evid_t*)attr;
}
sub_comp_depth = attr_cast->get_sub_component_depth(attr_cast);
- /* TODO: Implement checking of components with its sub-components */
if (sub_comp_depth != 0)
{
DBG1(DBG_IMC, "current version of Attestation IMC does not "
"support sub component measurement deeper than "
"zero. Measuring top level component only.");
+ return FALSE;
}
comp_name_vendor_id = attr_cast->get_comp_funct_name_vendor_id(
attr_cast);
- if (comp_name_vendor_id != PEN_TCG)
+ if (comp_name_vendor_id != PEN_ITA)
{
DBG1(DBG_IMC, "current version of Attestation IMC supports"
- "only functional component namings by TCG ");
- break;
+ "only functional component namings by ITA");
+ return FALSE;
}
family = attr_cast->get_family(attr_cast);
/* Check if Unknown or Wildcard was set for qualifier */
if (qualifier.kernel && qualifier.sub_component &&
- (qualifier.type & PTS_FUNC_COMP_TYPE_ALL))
+ (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_ALL))
{
DBG2(DBG_IMC, "wildcard was set for the qualifier of functional"
" component. Identifying the component with "
"name binary enumeration");
}
else if (!qualifier.kernel && !qualifier.sub_component &&
- (qualifier.type & PTS_FUNC_COMP_TYPE_UNKNOWN))
+ (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_UNKNOWN))
{
DBG2(DBG_IMC, "unknown was set for the qualifier of functional"
" component. Identifying the component with "
"name binary enumeration");
}
- else
+ else if (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_TRUSTED)
{
- /* TODO: Implement what todo with received qualifier */
- }
+ tcg_pts_attr_simple_comp_evid_params_t params;
- name = attr_cast->get_comp_funct_name(attr_cast);
- switch (name)
- {
- case PTS_FUNC_COMP_NAME_BIOS:
+ /* Set parameters of Simple Component Evidence */
+ name = attr_cast->get_comp_funct_name(attr_cast);
+ if (!set_simple_comp_evid_params(name, ¶ms))
{
- tcg_pts_attr_simple_comp_evid_params_t params;
- pts_qualifier_t qualifier;
- time_t measurement_time_t;
- struct tm *time_now;
- char *utc_time;
- hasher_t *hasher;
- u_char hash_output[HASH_SIZE_SHA384];
- hash_algorithm_t hash_alg;
-
- /* TODO: Implement BIOS measurement */
- DBG1(DBG_IMC, "experimental implementation:"
- " Extend TPM with etc/tnc_config file");
- params.pcr_info_included = TRUE;
- params.flags = PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID;
- params.depth = 0;
- params.vendor_id = PEN_TCG;
-
- qualifier.kernel = FALSE;
- qualifier.sub_component = FALSE;
- qualifier.type = PTS_FUNC_COMP_TYPE_TNC;
- params.qualifier = qualifier;
-
- params.name = PTS_FUNC_COMP_NAME_BIOS;
- params.extended_pcr = EXTEND_PCR;
- params.hash_algorithm = pts->get_meas_algorithm(pts);
-
- if (!params.pcr_info_included)
- {
- params.transformation = PTS_PCR_TRANSFORM_NO;
- }
- else if (pts->get_meas_algorithm(pts) & PTS_MEAS_ALGO_SHA1)
- {
- params.transformation = PTS_PCR_TRANSFORM_MATCH;
- }
- else if (pts->get_meas_algorithm(pts) & PTS_MEAS_ALGO_SHA256)
- {
- params.transformation = PTS_PCR_TRANSFORM_LONG;
- }
-
- /* Create a hasher */
- hash_alg = pts_meas_algo_to_hash(pts->get_meas_algorithm(pts));
- hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
- if (!hasher)
- {
- DBG1(DBG_IMC, " hasher %N not available",
- hash_algorithm_names, hash_alg);
- return FALSE;
- }
-
- if (!pts->hash_file(pts, hasher, "/etc/tnc_config",
- hash_output))
- {
- hasher->destroy(hasher);
- return FALSE;
- }
-
- measurement_time_t = time(NULL);
- if (!measurement_time_t)
- {
- params.measurement_time = chunk_create(
- "0000-00-00T00:00:00Z", 20);
- }
- else
- {
- time_now = localtime(&measurement_time_t);
- if (asprintf(&utc_time,
- "%d-%2.2d-%2.2dT%2.2d:%2.2d:%2.2dZ",
- time_now->tm_year + 1900,
- time_now->tm_mon + 1,
- time_now->tm_mday,
- time_now->tm_hour,
- time_now->tm_min,
- time_now->tm_sec) < 0)
- {
- DBG1(DBG_IMC, "could not format local time to UTC");
- hasher->destroy(hasher);
- return FALSE;
- }
- params.measurement_time = chunk_create(utc_time, 20);
- params.measurement_time = chunk_clone(
- params.measurement_time);
- free(utc_time);
-
- }
-
- params.measurement = chunk_create(hash_output,
- hasher->get_hash_size(hasher));
- hasher->destroy(hasher);
-
- params.policy_uri = chunk_empty;
- if (!pts->read_pcr(pts, EXTEND_PCR, ¶ms.pcr_before))
- {
- DBG1(DBG_IMC, "error occured while reading PCR: %d",
- EXTEND_PCR);
- return FALSE;
- }
-
- if (!pts->extend_pcr(pts, EXTEND_PCR,
- params.measurement, ¶ms.pcr_after))
- {
- DBG1(DBG_IMC, "error occured while extending PCR: %d",
- EXTEND_PCR);
- return FALSE;
- }
-
- /* Buffer Simple Component Evidence attribute */
- attr = tcg_pts_attr_simple_comp_evid_create(params);
- evidences->insert_last(evidences, attr);
-
- break;
+ DBG1(DBG_IMC, "error occured while setting parameters"
+ "for Simple Component Evidence");
+ return FALSE;
}
- case PTS_FUNC_COMP_NAME_IGNORE:
- case PTS_FUNC_COMP_NAME_CRTM:
- case PTS_FUNC_COMP_NAME_PLATFORM_EXT:
- case PTS_FUNC_COMP_NAME_BOARD:
- case PTS_FUNC_COMP_NAME_INIT_LOADER:
- case PTS_FUNC_COMP_NAME_OPT_ROMS:
- default:
+
+ if (!pts->read_pcr(pts, params.extended_pcr, ¶ms.pcr_after))
{
- DBG1(DBG_IMC, "unsupported Functional Component Name");
- break;
+ DBG1(DBG_IMC, "error occured while reading PCR: %d",
+ params.extended_pcr);
+ return FALSE;
}
+
+ /* Buffer Simple Component Evidence attribute */
+ attr = tcg_pts_attr_simple_comp_evid_create(params);
+ evidences->insert_last(evidences, attr);
+ break;
+ }
+ else
+ {
+ DBG1(DBG_IMC, "Functional Component with unsupported type: %d"
+ "was requested for evidence", qualifier.type);
+ break;
}
+
break;
}
case TCG_PTS_GEN_ATTEST_EVID:
pts_attr_req_funct_comp_evid_flag_t flags;
u_int32_t sub_comp_depth;
pts_qualifier_t qualifier;
- pts_funct_comp_name_t name;
+ pts_ita_funct_comp_name_t name;
attestation_state->set_handshake_state(attestation_state,
IMV_ATTESTATION_STATE_END);
sub_comp_depth = 0;
qualifier.kernel = FALSE;
qualifier.sub_component = FALSE;
- qualifier.type = PTS_FUNC_COMP_TYPE_ALL;
- name = PTS_FUNC_COMP_NAME_BIOS;
+ qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED;
/* Send Request Functional Component Evidence attribute */
+ name = PTS_ITA_FUNC_COMP_NAME_TGRUB_STAGE2_PART1;
attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
- sub_comp_depth, PEN_TCG, qualifier, name);
+ sub_comp_depth, PEN_ITA, qualifier, name);
attr->set_noskip_flag(attr, TRUE);
msg->add_attribute(msg, attr);
+
+ /* Send Request Functional Component Evidence attribute */
+ name = PTS_ITA_FUNC_COMP_NAME_TGRUB_STAGE2_PART2;
+ attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
+ sub_comp_depth, PEN_ITA, qualifier, name);
+ attr->set_noskip_flag(attr, TRUE);
+ msg->add_attribute(msg, attr);
+
/* Send Generate Attestation Evidence attribute */
attr = tcg_pts_attr_gen_attest_evid_create();
attr->set_noskip_flag(attr, TRUE);
u_int32_t depth, comp_vendor_id, extended_pcr;
u_int8_t family, measurement_type;
pts_qualifier_t qualifier;
- pts_funct_comp_name_t name;
+ pts_ita_funct_comp_name_t name;
pts_meas_algorithms_t hash_algorithm;
pts_pcr_transform_t transformation;
chunk_t measurement_time, policy_uri;
pcr_info_inclided = attr_cast->is_pcr_info_included(attr_cast);
flags = attr_cast->get_flags(attr_cast);
depth = attr_cast->get_sub_component_depth(attr_cast);
- /* TODO: Implement check of components with its sub-components */
if (depth != 0)
{
DBG1(DBG_IMV, "Current version of Attestation IMV does not"
}
comp_vendor_id = attr_cast->get_spec_comp_funct_name_vendor_id(
attr_cast);
- if (comp_vendor_id != PEN_TCG)
+ if (comp_vendor_id != PEN_ITA)
{
DBG1(DBG_IMV, "Current version of Attestation IMV supports"
- "only functional component namings by TCG ");
+ "only functional component namings by ITA ");
break;
}
family = attr_cast->get_family(attr_cast);
/* Check if Unknown or Wildcard was set for qualifier */
if (qualifier.kernel && qualifier.sub_component &&
- (qualifier.type & PTS_FUNC_COMP_TYPE_ALL))
+ (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_ALL))
{
DBG1(DBG_IMV, "Wildcard was set for the qualifier "
"of functional component");
return FALSE;
}
else if (!qualifier.kernel && !qualifier.sub_component &&
- (qualifier.type & PTS_FUNC_COMP_TYPE_UNKNOWN))
+ (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_UNKNOWN))
{
DBG1(DBG_IMV, "Unknown feature was set for the qualifier "
"of functional component");
return FALSE;
}
- else
- {
- /* TODO: Implement what todo with received qualifier */
- }
-
+
name = attr_cast->get_comp_funct_name(attr_cast);
measurement_type = attr_cast->get_measurement_type(attr_cast);
hash_algorithm = attr_cast->get_hash_algorithm(attr_cast);
pcr_after = attr_cast->get_pcr_after_value(attr_cast);
measurement = attr_cast->get_comp_measurement(attr_cast);
- DBG4(DBG_IMV,"PCR: %d was extended with %B",
+ DBG3(DBG_IMV,"PCR: %d was extended with %B",
extended_pcr, &measurement);
- DBG4(DBG_IMV,"PCR: %d before value: %B",
+ DBG3(DBG_IMV,"PCR: %d before value: %B",
extended_pcr, &pcr_before);
- DBG4(DBG_IMV,"PCR: %d after value: %B",
+ DBG3(DBG_IMV,"PCR: %d after value: %B",
extended_pcr, &pcr_after);
entry = malloc_thing(pcr_entry_t);
entry->pcr_number = extended_pcr;
- strncpy(entry->pcr_value, pcr_after.ptr, PCR_LEN);
+ memcpy(entry->pcr_value, pcr_after.ptr, PCR_LEN);
pts->add_pcr_entry(pts, entry);
-
}
if (flags != PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID)
{
}
if (flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO)
{
- chunk_t pcr_composite, quote_info, quote_digest;
- hasher_t *hasher;
+ chunk_t pcr_composite, quote_info;
pcr_comp = attr_cast->get_pcr_comp(attr_cast);
tpm_quote_sign = attr_cast->get_tpm_quote_sign(attr_cast);
+ if (!pcr_comp.ptr || !tpm_quote_sign.ptr)
+ {
+ DBG1(DBG_IMV, "PCR composite: %B", &pcr_comp);
+ DBG1(DBG_IMV, "TPM Quote Signature: %B", &tpm_quote_sign);
+ DBG1(DBG_IMV, "Either PCR Composite or Quote Signature missing");
+ return FALSE;
+ }
+
/* Construct PCR Composite and TPM Quote Info structures*/
if (!pts->get_quote_info(pts, composite_algorithm,
&pcr_composite, "e_info))
DBG1(DBG_IMV, "unable to contruct TPM Quote Info");
return FALSE;
}
-
+
/* Check calculated PCR composite matches with received */
- if (pcr_comp.ptr && !chunk_equals(pcr_comp, pcr_composite))
+ if (!chunk_equals(pcr_comp, pcr_composite))
{
DBG1(DBG_IMV, "received PCR Compsosite didn't match"
" with constructed");
}
DBG2(DBG_IMV, "received PCR Composite matches with constructed");
chunk_clear(&pcr_composite);
-
- /* SHA1(TPM Quote Info) expected from IMC */
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- hasher->allocate_hash(hasher, quote_info, "e_digest);
- hasher->destroy(hasher);
- chunk_clear("e_info);
-
- if (tpm_quote_sign.ptr &&
- !pts->verify_quote_signature(pts, quote_digest,
- tpm_quote_sign))
+
+ if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sign))
{
- chunk_clear("e_digest);
+ chunk_clear("e_info);
return FALSE;
}
DBG2(DBG_IMV, "signature verification succeeded for "
"TPM Quote Info");
- chunk_clear("e_digest);
+ chunk_clear("e_info);
}
if (evid_signature_included)
#include <sys/utsname.h>
#include <errno.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
#define PTS_BUF_SIZE 4096
typedef struct private_pts_t private_pts_t;
DBG1(DBG_PTS, "shared DH secret computation failed");
return FALSE;
}
- DBG4(DBG_PTS, "shared DH secret: %B", &shared_secret);
+ DBG3(DBG_PTS, "shared DH secret: %B", &shared_secret);
/* Calculate the secret assessment value */
hash_alg = pts_meas_algo_to_hash(this->dh_hash_algorithm);
* argument of the TPM Quote command
*/
this->secret.len = min(this->secret.len, 20);
- DBG4(DBG_PTS, "secret assessment value: %B", &this->secret);
+ DBG3(DBG_PTS, "secret assessment value: %B", &this->secret);
return TRUE;
}
*pcr_composite = chunk_clone(*pcr_composite);
DBG3(DBG_PTS, "Hash of PCR Composite: %B",pcr_composite);
+ chunk_t tmp = chunk_create(valData.rgbData, valData.ulDataLength);
+ DBG3(DBG_PTS, "TPM Quote Info: %B",&tmp);
+
quote_sign = chunk_alloc(valData.ulValidationDataLength);
memcpy(quote_sign.ptr, valData.rgbValidationData,
valData.ulValidationDataLength);
return FALSE;
}
-/**
- * Comparison function for pcr_entry_t struct
- */
-static int pcr_entry_compare(const pcr_entry_t *a, const pcr_entry_t *b)
-{
- return (a->pcr_number - b->pcr_number);
-}
-
-static int pcr_entry_compare_qsort(const void *a, const void *b)
-{
- return pcr_entry_compare(*(const pcr_entry_t *const *)a
- , *(const pcr_entry_t *const *)b);
-}
-
METHOD(pts_t, add_pcr_entry, void,
private_pts_t *this, pcr_entry_t *new)
{
{
if (entry->pcr_number == new->pcr_number)
{
- DBG4(DBG_PTS, "updating already added PCR%d value",
+ DBG3(DBG_PTS, "updating already added PCR%d value",
entry->pcr_number);
this->pcrs->remove_at(this->pcrs, e);
free(entry);
}
}
DESTROY_IF(e);
-
this->pcrs->insert_last(this->pcrs, new);
-
- qsort(this->pcrs, this->pcrs->get_count(this->pcrs),
- sizeof(pcr_entry_t *), pcr_entry_compare_qsort);
}
/**
pcr_composite_len = 2 + PCR_MASK_LEN + 4 +
this->pcrs->get_count(this->pcrs) * PCR_LEN;
-
+
writer = bio_writer_create(pcr_composite_len);
/* Lenght of the bist mask field */
writer->write_uint16(writer, PCR_MASK_LEN);
/* PCR Composite structure */
pcr_composite = chunk_clone(writer->get_buf(writer));
+ DBG3(DBG_PTS, "PCR Composite: %B", &pcr_composite);
writer->destroy(writer);
writer = bio_writer_create(TPM_QUOTE_INFO_LEN);
/* Hash the PCR Composite Structure */
hasher->allocate_hash(hasher, pcr_composite, out_pcr_composite);
- DBG4(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite);
+ DBG3(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite);
hasher->destroy(hasher);
}
else
{
*out_pcr_composite = chunk_clone(pcr_composite);
- DBG4(DBG_PTS, "calculated PCR Composite: %B", out_pcr_composite);
+ DBG3(DBG_PTS, "calculated PCR Composite: %B", out_pcr_composite);
}
/* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */
writer->write_data(writer, this->secret);
/* TPM Quote Info */
*out_quote_info = chunk_clone(writer->get_buf(writer));
- DBG4(DBG_PTS, "Calculated TPM Quote Info: %B", out_quote_info);
+ DBG3(DBG_PTS, "Calculated TPM Quote Info: %B", out_quote_info);
writer->destroy(writer);
return TRUE;
return FALSE;
}
- if (!aik_pub_key->verify(aik_pub_key, SIGN_RSA_SHA1, data, signature))
+ if (!aik_pub_key->verify(aik_pub_key, SIGN_RSA_EMSA_PKCS1_SHA1,
+ data, signature))
{
DBG1(DBG_PTS, "signature verification failed for TPM Quote Info");
DESTROY_IF(aik_pub_key);
#define SOLIDUS_UTF 0x2F
#define REVERSE_SOLIDUS_UTF 0x5C
+/**
+ * PCR indices used for measurements of various functional components
+ */
+/** Commented the real PCR indices out, use just PCR16 for debugging
+#define PCR_BIOS 0
+#define PCR_PLATFORM_EXT 1
+#define PCR_MOTHERBOARD 1
+#define PCR_OPTION_ROMS 2
+#define PCR_IPL 4
+
+#define PCR_TBOOT_POLICY 17
+#define PCR_TBOOT_MLE 18
+
+#define PCR_TGRUB_MBR_STAGE1 4
+#define PCR_TGRUB_STAGE2_PART1 8
+#define PCR_TGRUB_STAGE2_PART2 9
+#define PCR_TGRUB_CMD_LINE_ARGS 12
+#define PCR_TGRUB_CHECKFILE 13
+#define PCR_TGRUB_LOADED_FILES 14
+*/
+
+#define PCR_BIOS 16
+#define PCR_PLATFORM_EXT 16
+#define PCR_MOTHERBOARD 16
+#define PCR_OPTION_ROMS 16
+#define PCR_IPL 16
+
+#define PCR_TBOOT_POLICY 16
+#define PCR_TBOOT_MLE 16
+
+#define PCR_TGRUB_MBR_STAGE1 16
+#define PCR_TGRUB_STAGE2_PART1 16
+#define PCR_TGRUB_STAGE2_PART2 16
+#define PCR_TGRUB_CMD_LINE_ARGS 16
+#define PCR_TGRUB_CHECKFILE 16
+#define PCR_TGRUB_LOADED_FILES 16
+
/**
* Length of the generated nonce used for calculation of shared secret
*/
/**
* Bitmask Lenght for PCR Composite structure
*/
-#define PCR_MASK_LEN MAX_NUM_PCR / 8
+#define PCR_MASK_LEN MAX_NUM_PCR/8
+
+/**
+ * Hashing algorithm used by tboot and trustedGRUB
+ */
+#define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
/**
* PCR Entry structure which contains PCR number and current value
typedef enum pts_funct_comp_type_t pts_funct_comp_type_t;
typedef enum pts_funct_comp_name_t pts_funct_comp_name_t;
+typedef enum pts_ita_funct_comp_type_t pts_ita_funct_comp_type_t;
+typedef enum pts_ita_funct_comp_name_t pts_ita_funct_comp_name_t;
typedef struct pts_qualifier_t pts_qualifier_t;
/**
/** Trusted Platform */
PTS_FUNC_COMP_TYPE_TRUSTED = 0x1,
/** Operating System */
- PTS_FUNC_COMP_TYPE_OS = 0x2,
+ PTS_FUNC_COMP_TYPE_OS = 0x2,
/** Graphical User Interface */
PTS_FUNC_COMP_TYPE_GUI = 0x3,
/** Application */
PTS_FUNC_COMP_NAME_OPT_ROMS = 0x0006,
};
+/**
+ * PTS Component Functional Type for Qualifier field in ITA namespace
+ */
+enum pts_ita_funct_comp_type_t {
+ /** Unknown */
+ PTS_ITA_FUNC_COMP_TYPE_UNKNOWN = 0x0,
+ /** Trusted Platform */
+ PTS_ITA_FUNC_COMP_TYPE_TRUSTED = 0x1,
+ /** All matching Components */
+ PTS_ITA_FUNC_COMP_TYPE_ALL = 0xF,
+};
+
+/**
+ * PTS Component Functional Name Binary Enumeration in ITA namespace
+ */
+enum pts_ita_funct_comp_name_t {
+ /** Components measured into PCR17 during tboot */
+ PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY = 0x0000,
+ /** Components measured into PCR18 during tboot */
+ PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE = 0x0001,
+ /** MBR information and stage1 during boot by trustedGRUB */
+ PTS_ITA_FUNC_COMP_NAME_TGRUB_MBR_STAGE1 = 0x0002,
+ /** bootloader information stage2 part1 during boot by trustedGRUB */
+ PTS_ITA_FUNC_COMP_NAME_TGRUB_STAGE2_PART1 = 0x0003,
+ /** bootloader information stage2 part2 during boot by trustedGRUB */
+ PTS_ITA_FUNC_COMP_NAME_TGRUB_STAGE2_PART2 = 0x0004,
+ /** all commandline arguments from menu.lst and those entered in the shell
+ * during boot by trustedGRUB */
+ PTS_ITA_FUNC_COMP_NAME_TGRUB_CMD_LINE_ARGS = 0x0005,
+ /** all files checked via the checkfile-routine during boot by trustedGRUB */
+ PTS_ITA_FUNC_COMP_NAME_TGRUB_CHECKFILE = 0x0006,
+ /** all files which are actually loaded during boot by trustedGRUB */
+ PTS_ITA_FUNC_COMP_NAME_TGRUB_LOADED_FILES = 0x0007,
+};
+
/**
* Qualifier for Functional Component
*/
struct pts_qualifier_t {
bool kernel;
bool sub_component;
- pts_funct_comp_type_t type;
+ pts_ita_funct_comp_type_t type;
};
#endif /** PTS_FUNCT_COMP_NAME_H_ @}*/
/**
* Component Functional Name
*/
- pts_funct_comp_name_t name;
+ pts_ita_funct_comp_name_t name;
};
METHOD(pa_tnc_attr_t, get_vendor_id, pen_t,
this->qualifier = qualifier;
}
-METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_comp_funct_name, pts_funct_comp_name_t,
+METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_comp_funct_name, pts_ita_funct_comp_name_t,
private_tcg_pts_attr_req_funct_comp_evid_t *this)
{
return this->name;
}
METHOD(tcg_pts_attr_req_funct_comp_evid_t, set_comp_funct_name, void,
- private_tcg_pts_attr_req_funct_comp_evid_t *this, pts_funct_comp_name_t name)
+ private_tcg_pts_attr_req_funct_comp_evid_t *this, pts_ita_funct_comp_name_t name)
{
this->name = name;
}
pts_attr_req_funct_comp_evid_flag_t flags,
u_int32_t depth, u_int32_t vendor_id,
pts_qualifier_t qualifier,
- pts_funct_comp_name_t name)
+ pts_ita_funct_comp_name_t name)
{
private_tcg_pts_attr_req_funct_comp_evid_t *this;
*
* @return Component Functional Name
*/
- pts_funct_comp_name_t (*get_comp_funct_name)(tcg_pts_attr_req_funct_comp_evid_t *this);
+ pts_ita_funct_comp_name_t (*get_comp_funct_name)(tcg_pts_attr_req_funct_comp_evid_t *this);
/**
* @param name Component Functional Name
*/
void (*set_comp_funct_name)(tcg_pts_attr_req_funct_comp_evid_t *this,
- pts_funct_comp_name_t name);
+ pts_ita_funct_comp_name_t name);
};
pa_tnc_attr_t* tcg_pts_attr_req_funct_comp_evid_create(pts_attr_req_funct_comp_evid_flag_t flags,
u_int32_t depth, u_int32_t vendor_id,
pts_qualifier_t qualifier,
- pts_funct_comp_name_t name);
+ pts_ita_funct_comp_name_t name);
/**
* Creates an tcg_pts_attr_req_funct_comp_evid_t object from received data
/**
* Component Functional Name
*/
- pts_funct_comp_name_t name;
+ pts_ita_funct_comp_name_t name;
/**
* Measurement type
writer->write_data (writer, this->pcr_before);
writer->write_data (writer, this->pcr_after);
}
-
- writer->write_data (writer, this->measurement);
+
+ if (this->measurement.ptr && this->measurement.len > 0)
+ {
+ writer->write_data (writer, this->measurement);
+ }
this->value = chunk_clone(writer->get_buf(writer));
writer->destroy(writer);
return this->qualifier;
}
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_comp_funct_name, pts_funct_comp_name_t,
+METHOD(tcg_pts_attr_simple_comp_evid_t, get_comp_funct_name, pts_ita_funct_comp_name_t,
private_tcg_pts_attr_simple_comp_evid_t *this)
{
return this->name;
.extended_pcr = params.extended_pcr,
.hash_algorithm = params.hash_algorithm,
.transformation = params.transformation,
- .measurement_time = chunk_clone(params.measurement_time),
+ .measurement_time = params.measurement_time,
.policy_uri = chunk_clone(params.policy_uri),
.pcr_before = params.pcr_before,
.pcr_after = params.pcr_after,
u_int32_t depth;
u_int32_t vendor_id;
pts_qualifier_t qualifier;
- pts_funct_comp_name_t name;
+ pts_ita_funct_comp_name_t name;
u_int32_t extended_pcr;
pts_meas_algorithms_t hash_algorithm;
pts_pcr_transform_t transformation;
*
* @return Component Functional Name
*/
- pts_funct_comp_name_t (*get_comp_funct_name)(tcg_pts_attr_simple_comp_evid_t *this);
+ pts_ita_funct_comp_name_t (*get_comp_funct_name)(tcg_pts_attr_simple_comp_evid_t *this);
/**
* Get Measurement Type
reader->read_data(reader, pcr_comp_len, &this->pcr_comp);
this->pcr_comp = chunk_clone(this->pcr_comp);
- this->pcr_comp = chunk_empty;
reader->read_uint32(reader, &tpm_quote_sign_len);
reader->read_data(reader, tpm_quote_sign_len, &this->tpm_quote_sign);
this->tpm_quote_sign = chunk_clone(this->tpm_quote_sign);
projects / thirdparty / strongswan.git / commitdiff
