pa_tnc_msg->destroy(pa_tnc_msg);
}
- evidences = linked_list_create();
-
return result;
}
imc_state_t *state;
imc_attestation_state_t *attestation_state;
enumerator_t *enumerator;
- pts_t *pts;
TNC_Result result;
if (!imc_attestation)
return TNC_RESULT_FATAL;
}
attestation_state = (imc_attestation_state_t*)state;
- pts = attestation_state->get_pts(attestation_state);
/* parse received PA-TNC message and automatically handle any errors */
result = imc_attestation->receive_message(imc_attestation, connection_id,
else if (attr->get_vendor_id(attr) == PEN_TCG)
{
if (!imc_attestation_process(attr, attr_list, attestation_state,
- supported_algorithms, supported_dh_groups, evidences))
+ supported_algorithms, supported_dh_groups))
{
result = TNC_RESULT_FATAL;
}
return TNC_RESULT_NOT_INITIALIZED;
}
- DESTROY_IF(evidences);
libpts_deinit();
imc_attestation->destroy(imc_attestation);
#include "imc_attestation_process.h"
#include <ietf/ietf_attr_pa_tnc_error.h>
+
+#include <libpts.h>
#include <pts/pts.h>
#include <tcg/tcg_pts_attr_proto_caps.h>
#define DEFAULT_NONCE_LEN 20
-/**
- * Set parameters of Simple Component Evidence
- */
-static bool set_simple_comp_evid_params(pts_t *pts, pts_comp_func_name_t *name,
- u_int8_t sequence, tcg_pts_attr_simple_comp_evid_params_t *out)
-{
- tcg_pts_attr_simple_comp_evid_params_t params;
- time_t measurement_time_t;
- struct tm *time_now;
- char *utc_time;
-
- params.name = name;
- params.pcr_info_included = TRUE;
- params.flags = PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID;
- params.depth = 0;
-
- /* The measurements done by tboot and trustedGRUB are SHA1 hashes */
- params.hash_algorithm = TRUSTED_HASH_ALGO;
- params.transformation = PTS_PCR_TRANSFORM_NO;
-
- measurement_time_t = time(NULL);
- if (!measurement_time_t)
- {
- params.measurement_time = chunk_create("0000-00-00T00:00:00Z", 20);
- params.measurement_time = chunk_clone(params.measurement_time);
- }
- else
- {
- time_now = localtime(&measurement_time_t);
- if (asprintf(&utc_time,
- "%d-%.2d-%.2dT%.2d:%.2d:%.2dZ",
- time_now->tm_year + 1900,
- time_now->tm_mon + 1,
- time_now->tm_mday,
- time_now->tm_hour,
- time_now->tm_min,
- time_now->tm_sec) < 0)
- {
- DBG1(DBG_IMC, "could not format local time to UTC");
- return FALSE;
- }
- params.measurement_time = chunk_create(utc_time, 20);
- params.measurement_time = chunk_clone(params.measurement_time);
- free(utc_time);
- }
-
- params.policy_uri = chunk_empty;
-
- /* Provisional/temporal implementation for components except tboot */
- if (params.name->get_name(params.name) == PTS_ITA_COMP_FUNC_NAME_TGRUB)
- {
- params.extended_pcr = PCR_DEBUG;
-
- params.measurement = chunk_alloc(HASH_SIZE_SHA1);
- memset(params.measurement.ptr, 0, HASH_SIZE_SHA1);
-
- params.pcr_before = chunk_alloc(PCR_LEN);
- memset(params.pcr_before.ptr, 0, PCR_LEN);
-
- if(!pts->read_pcr(pts, params.extended_pcr, ¶ms.pcr_after))
- {
- DBG1(DBG_IMC, "error occured while reading PCR: %d",
- params.extended_pcr);
- return FALSE;
- }
- }
- /* Set parameters which varies from component to component */
- else if (params.name->get_name(params.name) == PTS_ITA_COMP_FUNC_NAME_TBOOT)
- {
- char *measurement, *pcr_before, *pcr_after;
-
- if (sequence == 1)
- {
- params.extended_pcr = PCR_TBOOT_POLICY;
- measurement = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr17_meas", NULL);
- pcr_before = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr17_before", NULL);
- pcr_after = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr17_after", NULL);
- }
- else
- {
- params.extended_pcr = PCR_TBOOT_MLE;
- measurement = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr18_meas", NULL);
- pcr_before = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr18_before", NULL);
- pcr_after = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr18_after", NULL);
- }
-
- if (!measurement || !pcr_before || !pcr_after)
- {
- DBG1(DBG_IMC, "tboot: configure measurement, before and after value"
- " for PCR%d", params.extended_pcr);
- return FALSE;
- }
-
- params.measurement = chunk_from_hex(
- chunk_create(measurement, strlen(measurement)), NULL);
- params.pcr_before = chunk_from_hex(
- chunk_create(pcr_before, strlen(pcr_before)), NULL);
- params.pcr_after = chunk_from_hex(
- chunk_create(pcr_after, strlen(pcr_after)), NULL);
-
- }
- else
- {
- DBG1(DBG_IMC, "unsupported Functional Component Name: Vendor ID: %d"
- " Name: %d, Qualifier: %d",
- params.name->get_vendor_id(params.name),
- params.name->get_name(params.name),
- params.name->get_qualifier(params.name));
- return FALSE;
- }
-
- *out = params;
- return TRUE;
-}
-
bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
imc_attestation_state_t *attestation_state,
pts_meas_algorithms_t supported_algorithms,
- pts_dh_group_t supported_dh_groups,
- linked_list_t *evidences)
+ pts_dh_group_t supported_dh_groups)
{
chunk_t attr_info;
pts_t *pts;
tcg_pts_attr_req_func_comp_evid_t *attr_cast;
pts_proto_caps_flag_t negotiated_caps;
pts_comp_func_name_t *name;
+ pts_comp_evidence_t *evid;
+ pts_component_t *comp;
u_int32_t depth;
u_int8_t flags;
+ status_t status;
enumerator_t *e;
attr_info = attr->get_value(attr);
e = attr_cast->create_enumerator(attr_cast);
while (e->enumerate(e, &flags, &depth, &name))
{
- name->log(name, " ");
+ name->log(name, "* ");
negotiated_caps = pts->get_proto_caps(pts);
if (flags & PTS_REQ_FUNC_COMP_FLAG_TTC)
attr_list->insert_last(attr_list, attr);
break;
}
- if (depth != 0)
+ if (depth > 0)
{
- DBG1(DBG_IMC, "current version of Attestation IMC does not "
- "support sub component measurement deeper than "
- "zero. Measuring top level component only.");
+ DBG1(DBG_IMC, "the Attestation IMC currently does not "
+ "support sub component measurements");
return FALSE;
}
-
- /* Check if Unknown or Wildcard was set for qualifier */
- if (name->get_qualifier(name) & PTS_QUALIFIER_WILDCARD)
- {
- DBG2(DBG_IMC, "wildcard was set for the qualifier of functional"
- " component. Identifying the component with "
- "name binary enumeration");
- }
- else if (name->get_qualifier(name) & PTS_QUALIFIER_UNKNOWN)
+ name = name->clone(name);
+ comp = pts_components->create(pts_components, name);
+ if (!comp)
{
- DBG2(DBG_IMC, "unknown was set for the qualifier of functional"
- " component. Identifying the component with "
- "name binary enumeration");
+ DBG2(DBG_IMC, " not registered: no evidence provided");
+ name->destroy(name);
+ continue;
}
- else if ((name->get_qualifier(name) >> PTS_ITA_QUALIFIER_TYPE_SIZE)
- & PTS_ITA_QUALIFIER_TYPE_TRUSTED)
- {
- tcg_pts_attr_simple_comp_evid_params_t params;
- if (name->get_name(name) == PTS_ITA_COMP_FUNC_NAME_TBOOT)
- {
- u_int8_t i;
- for (i = 1; i <= TBOOT_SEQUENCE_COUNT; i++)
- {
- /* Set parameters of Simple Component Evidence */
- if (!set_simple_comp_evid_params(pts, name, i, ¶ms))
- {
- DBG1(DBG_IMC, "error occured while setting "
- " parameters for Simple Component Evidence");
- return FALSE;
- }
- /* Buffer Simple Component Evidence attribute */
- attr = tcg_pts_attr_simple_comp_evid_create(params);
- evidences->insert_last(evidences, attr);
-
- }
- break;
- }
- else
+ /* do the component evidence measurement[s] */
+ do
+ {
+ status = comp->measure(comp, pts, &evid);
+ if (status == FAILED)
{
- /* Set parameters of Simple Component Evidence */
- if (!set_simple_comp_evid_params(pts, name, 0, ¶ms))
- {
- DBG1(DBG_IMC, "error occured while setting parameters"
- "for Simple Component Evidence");
- return FALSE;
- }
-
- /* Buffer Simple Component Evidence attribute */
- attr = tcg_pts_attr_simple_comp_evid_create(params);
- evidences->insert_last(evidences, attr);
-
break;
}
+ attestation_state->add_evidence(attestation_state, evid);
}
- else
- {
- DBG1(DBG_IMC, "Functional Component with unsupported type: %d"
- "was requested for evidence",
- (name->get_qualifier(name) >> PTS_ITA_QUALIFIER_TYPE_SIZE));
- break;
- }
+ while (status == NEED_MORE);
+ comp->destroy(comp);
}
e->destroy(e);
break;
}
case TCG_PTS_GEN_ATTEST_EVID:
{
- enumerator_t *e;
pts_simple_evid_final_flag_t flags;
pts_meas_algorithms_t composite_algorithm = 0;
+ pts_comp_evidence_t *evidence;
chunk_t pcr_composite, quote_signature;
- u_int32_t num_of_evidences, i = 0;
+ u_int32_t i, evid_count, extended_pcr;
u_int32_t *pcrs;
bool use_quote2;
/* Send buffered Simple Component Evidences */
- num_of_evidences = evidences->get_count(evidences);
- pcrs = (u_int32_t*)malloc(sizeof(u_int32_t)*num_of_evidences);
+ evid_count = attestation_state->get_evid_count(attestation_state);
+ pcrs = (u_int32_t*)malloc(sizeof(u_int32_t)*evid_count);
- e = evidences->create_enumerator(evidences);
- while (e->enumerate(e, &attr))
+ for (i = 0; i < evid_count; i++)
{
- tcg_pts_attr_simple_comp_evid_t *attr_cast;
- u_int32_t extended_pcr;
-
- attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
- extended_pcr = attr_cast->get_extended_pcr(attr_cast);
+ evidence = attestation_state->next_evidence(attestation_state);
+ extended_pcr = evidence->get_extended_pcr(evidence);
- /* Add extended PCR number to PCR list to quote */
- /* Duplicated PCR numbers have no influence */
+ /**
+ * Add extended PCR number to PCR list to quote
+ * Duplicated PCR numbers have no influence
+ */
pcrs[i] = extended_pcr;
- i++;
- /* Send Simple Compoenent Evidence */
+
+ /* Send Simple Component Evidence */
+ attr = tcg_pts_attr_simple_comp_evid_create(evidence);
attr_list->insert_last(attr_list, attr);
}
FALSE : TRUE;
/* Quote */
- if (!pts->quote_tpm(pts, use_quote2, pcrs, num_of_evidences,
+ if (!pts->quote_tpm(pts, use_quote2, pcrs, evid_count,
&pcr_composite, "e_signature))
{
DBG1(DBG_IMC, "error occured during TPM quote operation");
- DESTROY_IF(e);
- DESTROY_IF(evidences);
return FALSE;
}
composite_algorithm, pcr_composite,
quote_signature, chunk_empty);
attr_list->insert_last(attr_list, attr);
-
- DESTROY_IF(e);
- DESTROY_IF(evidences);
-
break;
}
/* TODO: Not implemented yet */
#include "imc_attestation_state.h"
#include <library.h>
-#include <utils/linked_list.h>
#include <pa_tnc/pa_tnc_attr.h>
* @param attestation_state attestation state of a given connection
* @param supported_algorithms supported PTS measurement algorithms
* @param supported_dh_groups supported DH groups
- * @param evidences evidence
* @return TRUE if successful
*/
bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
imc_attestation_state_t *attestation_state,
pts_meas_algorithms_t supported_algorithms,
- pts_dh_group_t supported_dh_groups,
- linked_list_t *evidences);
+ pts_dh_group_t supported_dh_groups);
#endif /** IMC_ATTESTATION_PROCESS_H_ @}*/
#include "imc_attestation_state.h"
+#include <utils/linked_list.h>
#include <debug.h>
typedef struct private_imc_attestation_state_t private_imc_attestation_state_t;
*/
pts_t *pts;
+ /**
+ * PTS Component Evidence list
+ */
+ linked_list_t *list;
+
};
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
this->state = new_state;
}
+
METHOD(imc_state_t, destroy, void,
private_imc_attestation_state_t *this)
{
this->pts->destroy(this->pts);
+ this->list->destroy_offset(this->list, offsetof(pts_comp_evidence_t, destroy));
free(this);
}
return this->pts;
}
+METHOD(imc_attestation_state_t, add_evidence, void,
+ private_imc_attestation_state_t *this, pts_comp_evidence_t *evidence)
+{
+ this->list->insert_last(this->list, evidence);
+}
+
+METHOD(imc_attestation_state_t, get_evid_count, int,
+ private_imc_attestation_state_t *this)
+{
+ return this->list->get_count(this->list);
+}
+
+METHOD(imc_attestation_state_t, next_evidence, pts_comp_evidence_t*,
+ private_imc_attestation_state_t *this)
+{
+ pts_comp_evidence_t *evidence;
+
+ if (this->list->remove_first(this->list, (void**)&evidence) == SUCCESS)
+ {
+ return evidence;
+ }
+ else
+ {
+ return NULL;
+ }
+}
/**
* Described in header.
*/
.destroy = _destroy,
},
.get_pts = _get_pts,
+ .add_evidence = _add_evidence,
+ .get_evid_count = _get_evid_count,
+ .next_evidence = _next_evidence,
},
.connection_id = connection_id,
.state = TNC_CONNECTION_STATE_CREATE,
.pts = pts_create(TRUE),
+ .list = linked_list_create(),
);
platform_info = lib->settings->get_str(lib->settings,
#include <imc/imc_state.h>
#include <pts/pts.h>
+#include <pts/components/pts_comp_evidence.h>
#include <library.h>
typedef struct imc_attestation_state_t imc_attestation_state_t;
*/
pts_t* (*get_pts)(imc_attestation_state_t *this);
+ /**
+ * Add an entry to the Component Evidence list
+ *
+ * @param entry Component Evidence entry
+ */
+ void (*add_evidence)(imc_attestation_state_t *this, pts_comp_evidence_t *entry);
+
+ /**
+ * Get the number of entries in the Component Evidence list
+ *
+ * @return number of Component Evidence entries
+ */
+ int (*get_evid_count)(imc_attestation_state_t *this);
+
+ /**
+ * Removes next Component Evidence entry from list and returns it
+ *
+ * @return Next Component Evidence entry
+ */
+ pts_comp_evidence_t* (*next_evidence)(imc_attestation_state_t *this);
+
};
/**
TNC_ConnectionState new_state)
{
imv_state_t *state;
- imv_attestation_state_t *attestation_state;
- TNC_Result result;
if (!imv_attestation)
{
case TNC_CONNECTION_STATE_DELETE:
return imv_attestation->delete_state(imv_attestation, connection_id);
case TNC_CONNECTION_STATE_HANDSHAKE:
- result = imv_attestation->change_state(imv_attestation,
- connection_id, new_state, &state);
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- attestation_state = (imv_attestation_state_t*)state;
-
- return TNC_RESULT_SUCCESS;
default:
return imv_attestation->change_state(imv_attestation, connection_id,
new_state, NULL);
case TCG_PTS_SIMPLE_COMP_EVID:
{
tcg_pts_attr_simple_comp_evid_t *attr_cast;
- bool pcr_info_inclided, component_meas_found = FALSE;
- pts_attr_simple_comp_evid_flag_t flags;
- u_int32_t depth, extended_pcr;
- u_int8_t measurement_type;
pts_comp_func_name_t *name;
- pts_component_t *component;
- pts_meas_algorithms_t hash_algorithm;
- pts_pcr_transform_t transformation;
- chunk_t measurement_time, policy_uri;
- chunk_t pcr_before, pcr_after, measurement, comp_hash;
- enumerator_t *enumerator;
- char *platform_info;
+ pts_comp_evidence_t *evidence;
+ pts_component_t *comp;
+ u_int32_t depth;
+ status_t status;
attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
- attr_info = attr->get_value(attr);
-
- pcr_info_inclided = attr_cast->is_pcr_info_included(attr_cast);
- flags = attr_cast->get_flags(attr_cast);
- depth = attr_cast->get_sub_component_depth(attr_cast);
- if (depth != 0)
- {
- DBG1(DBG_IMV, "Current version of Attestation IMV does not"
- " support sub component measurement deeper than zero");
- }
- name = attr_cast->get_comp_func_name(attr_cast);
- if (name->get_vendor_id(name) != PEN_ITA)
- {
- DBG1(DBG_IMV, "Current version of Attestation IMV supports"
- "only functional component namings by ITA ");
- break;
- }
-
- /* Check Family */
- if (name->get_qualifier(name) & PTS_SIMPLE_COMP_EVID_FAMILY_MASK)
- {
- attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
- TCG_PTS_INVALID_NAME_FAM, attr_info);
- attr_list->insert_last(attr_list, attr);
- break;
- }
+ evidence = attr_cast->get_comp_evidence(attr_cast);
+ name = evidence->get_comp_func_name(evidence, &depth);
- /* Check if Unknown or Wildcard was set for qualifier */
- if (name->get_qualifier(name) & PTS_QUALIFIER_WILDCARD)
- {
- DBG1(DBG_IMV, "Wildcard was set for the qualifier "
- "of functional component");
- return FALSE;
- }
- else if (name->get_qualifier(name) & PTS_QUALIFIER_UNKNOWN)
- {
- DBG1(DBG_IMV, "Unknown feature was set for the qualifier "
- "of functional component");
- return FALSE;
- }
-
- component = attestation_state->check_off_component(attestation_state,
- name);
- if (!component)
+ comp = attestation_state->check_off_component(attestation_state, name);
+ if (!comp)
{
DBG1(DBG_IMV, " no entry found for component evidence request");
+ evidence->destroy(evidence);
break;
}
- component->verify(component);
- component->destroy(component);
-
- measurement_type = attr_cast->get_measurement_type(attr_cast);
- hash_algorithm = attr_cast->get_hash_algorithm(attr_cast);
- transformation = attr_cast->get_pcr_trans(attr_cast);
- measurement_time = attr_cast->get_measurement_time(attr_cast);
- measurement = attr_cast->get_comp_measurement(attr_cast);
-
- platform_info = pts->get_platform_info(pts);
- if (!pts_db || !platform_info)
- {
- DBG1(DBG_IMV, "%s%s%s not available",
- (pts_db) ? "" : "pts database",
- (!pts_db && !platform_info) ? "and" : "",
- (platform_info) ? "" : "platform info");
- break;
- }
-
- if (name->get_name(name) != PTS_ITA_COMP_FUNC_NAME_TBOOT &&
- name->get_name(name) != PTS_ITA_COMP_FUNC_NAME_TGRUB)
- {
- DBG1(DBG_IMV, "Unknown functional component name: \"%d\"",
- name->get_name(name));
- return FALSE;
- }
+ status = comp->verify(comp, pts, pts_db, evidence);
- enumerator = pts_db->create_comp_hash_enumerator(pts_db,
- platform_info, PTS_MEAS_ALGO_SHA1, name);
- if (!enumerator)
- {
- break;
- }
- while (enumerator->enumerate(enumerator, &comp_hash))
+ switch (status)
{
- if (chunk_equals(comp_hash, measurement))
- {
- DBG2(DBG_IMV, "Matching Functional Component Measurement:"
- "%B", &measurement);
- component_meas_found = TRUE;
+ default:
+ case FAILED:
+ attestation_state->set_measurement_error(attestation_state);
+ /* fall through to next case */
+ case SUCCESS:
+ comp->destroy(comp);
break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (!component_meas_found)
- {
- DBG1(DBG_IMV, "Unmatching Functional Component Measurement:"
- "%B, expected: %B", &measurement, &comp_hash);
- attestation_state->set_measurement_error(attestation_state);
- }
-
- /* Call getters of optional fields when corresponding flag is set */
- if (pcr_info_inclided)
- {
- pcr_entry_t *entry;
-
- extended_pcr = attr_cast->get_extended_pcr(attr_cast);
- pcr_before = attr_cast->get_pcr_before_value(attr_cast);
- pcr_after = attr_cast->get_pcr_after_value(attr_cast);
-
- DBG3(DBG_IMV,"PCR: %d was extended with %B",
- extended_pcr, &measurement);
- DBG3(DBG_IMV,"PCR: %d before value: %B",
- extended_pcr, &pcr_before);
- DBG3(DBG_IMV,"PCR: %d after value: %B",
- extended_pcr, &pcr_after);
-
- entry = malloc_thing(pcr_entry_t);
- entry->pcr_number = extended_pcr;
- memcpy(entry->pcr_value, pcr_after.ptr, PCR_LEN);
- pts->add_pcr_entry(pts, entry);
- }
- if (flags != PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID)
- {
- policy_uri = attr_cast->get_policy_uri(attr_cast);
- DBG1(DBG_IMV, "This version of Attestation IMV can not handle"
- " Verification Policies");
+ case NEED_MORE:
+ /* re-enter component into list */
+ attestation_state->add_component(attestation_state, comp);
}
-
+ evidence->destroy(evidence);
break;
}
case TCG_PTS_SIMPLE_EVID_FINAL:
pts/pts_meas_algo.h pts/pts_meas_algo.c \
pts/components/pts_component.h \
pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
+ pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
#include "ita_comp_tboot.h"
#include "ita_comp_func_name.h"
-#include "pts/pts_func_comp_evid_req.h"
#include "pts/components/pts_component.h"
#include <debug.h>
struct pts_ita_comp_tboot_t {
/**
- * Public pts_component_manager_t interface.
+ * Public pts_component_t interface.
*/
pts_component_t public;
* Component Functional Name
*/
pts_comp_func_name_t *name;
+
+ /**
+ * Extended PCR last handled
+ */
+ u_int32_t extended_pcr;
+
+ /**
+ * Time of TBOOT measurement
+ */
+ time_t measurement_time;
+
};
METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
return PTS_REQ_FUNC_COMP_FLAG_PCR;
}
-METHOD(pts_component_t, measure, bool,
- pts_ita_comp_tboot_t *this)
+METHOD(pts_component_t, measure, status_t,
+ pts_ita_comp_tboot_t *this, pts_t *pts, pts_comp_evidence_t **evidence)
{
- /* TODO measure the tboot functional component */
- return FALSE;
+ pts_comp_evidence_t *evid;
+ char *meas_hex, *pcr_before_hex, *pcr_after_hex;
+ chunk_t measurement, pcr_before, pcr_after;
+
+ switch (this->extended_pcr)
+ {
+ case 0:
+ /* dummy data since currently the TBOOT log is not retrieved */
+ time(&this->measurement_time);
+ meas_hex = lib->settings->get_str(lib->settings,
+ "libimcv.plugins.imc-attestation.pcr17_meas", NULL);
+ pcr_before_hex = lib->settings->get_str(lib->settings,
+ "libimcv.plugins.imc-attestation.pcr17_before", NULL);
+ pcr_after_hex = lib->settings->get_str(lib->settings,
+ "libimcv.plugins.imc-attestation.pcr17_after", NULL);
+ this->extended_pcr = PCR_TBOOT_POLICY;
+ break;
+ case PCR_TBOOT_POLICY:
+ /* dummy data since currently the TBOOT log is not retrieved */
+ meas_hex = lib->settings->get_str(lib->settings,
+ "libimcv.plugins.imc-attestation.pcr18_meas", NULL);
+ pcr_before_hex = lib->settings->get_str(lib->settings,
+ "libimcv.plugins.imc-attestation.pcr18_before", NULL);
+ pcr_after_hex = lib->settings->get_str(lib->settings,
+ "libimcv.plugins.imc-attestation.pcr18_after", NULL);
+ this->extended_pcr = PCR_TBOOT_MLE;
+ break;
+ default:
+ return FAILED;
+ }
+
+ measurement = chunk_from_hex(
+ chunk_create(meas_hex, strlen(meas_hex)), NULL);
+ pcr_before = chunk_from_hex(
+ chunk_create(pcr_before_hex, strlen(pcr_before_hex)), NULL);
+ pcr_after = chunk_from_hex(
+ chunk_create(pcr_after_hex, strlen(pcr_after_hex)), NULL);
+
+ evid = *evidence = pts_comp_evidence_create(this->name, 0,
+ this->extended_pcr,
+ PTS_MEAS_ALGO_SHA1, PTS_PCR_TRANSFORM_NO,
+ this->measurement_time, measurement);
+ evid->set_pcr_info(evid, pcr_before, pcr_after);
+
+ return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
}
-METHOD(pts_component_t, verify, bool,
- pts_ita_comp_tboot_t *this)
+METHOD(pts_component_t, verify, status_t,
+ pts_ita_comp_tboot_t *this, pts_t *pts, pts_database_t *pts_db,
+ pts_comp_evidence_t *evidence)
{
- /* TODO verify the measurement of the tboot functional component */
- return FALSE;
+ bool has_pcr_info;
+ u_int32_t extended_pcr;
+ pts_meas_algorithms_t algo;
+ pts_pcr_transform_t transform;
+ time_t measurement_time;
+ chunk_t measurement, pcr_before, pcr_after;
+ pcr_entry_t *entry;
+
+ switch (this->extended_pcr)
+ {
+ case 0:
+ this->extended_pcr = PCR_TBOOT_POLICY;
+ break;
+ case PCR_TBOOT_POLICY:
+ this->extended_pcr = PCR_TBOOT_MLE;
+ break;
+ default:
+ return FAILED;
+ }
+
+ measurement = evidence->get_measurement(evidence, &extended_pcr,
+ &algo, &transform, &measurement_time);
+ if (extended_pcr != this->extended_pcr)
+ {
+ return FAILED;
+ }
+
+ /* TODO check measurement in database */
+
+ has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
+ if (has_pcr_info)
+ {
+ entry = malloc_thing(pcr_entry_t);
+ entry->pcr_number = extended_pcr;
+ memcpy(entry->pcr_value, pcr_after.ptr, PCR_LEN);
+ pts->add_pcr_entry(pts, entry);
+ }
+
+ return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
}
METHOD(pts_component_t, destroy, void,
#include "ita_comp_tgrub.h"
#include "ita_comp_func_name.h"
-#include "pts/pts_func_comp_evid_req.h"
#include "pts/components/pts_component.h"
#include <debug.h>
struct pts_ita_comp_tgrub_t {
/**
- * Public pts_component_manager_t interface.
+ * Public pts_component_t interface.
*/
pts_component_t public;
return PTS_REQ_FUNC_COMP_FLAG_PCR;
}
-METHOD(pts_component_t, measure, bool,
- pts_ita_comp_tgrub_t *this)
+METHOD(pts_component_t, measure, status_t,
+ pts_ita_comp_tgrub_t *this, pts_t *pts, pts_comp_evidence_t **evidence)
{
- /* TODO measure the tgrub functional component */
- return FALSE;
+ pts_comp_evidence_t *evid;
+ u_int32_t extended_pcr;
+ time_t measurement_time;
+ chunk_t measurement, pcr_before, pcr_after;
+
+ /* Provisional implementation for TGRUB */
+ extended_pcr = PCR_DEBUG;
+ time(&measurement_time);
+
+ if (!pts->read_pcr(pts, extended_pcr, &pcr_after))
+ {
+ DBG1(DBG_PTS, "error occured while reading PCR: %d", extended_pcr);
+ return FAILED;
+ }
+
+ measurement = chunk_alloc(HASH_SIZE_SHA1);
+ memset(measurement.ptr, 0x00, measurement.len);
+
+ pcr_before = chunk_alloc(PCR_LEN);
+ memset(pcr_before.ptr, 0x00, pcr_before.len);
+
+ evid = *evidence = pts_comp_evidence_create(this->name, 0, extended_pcr,
+ PTS_MEAS_ALGO_SHA1, PTS_PCR_TRANSFORM_NO,
+ measurement_time, measurement);
+ evid->set_pcr_info(evid, pcr_before, pcr_after);
+
+ return SUCCESS;
}
-METHOD(pts_component_t, verify, bool,
- pts_ita_comp_tgrub_t *this)
+METHOD(pts_component_t, verify, status_t,
+ pts_ita_comp_tgrub_t *this, pts_t *pts, pts_database_t *pts_db,
+ pts_comp_evidence_t *evidence)
{
- /* TODO verify the measurement of the tgrub functional component */
- return FALSE;
+ bool has_pcr_info;
+ u_int32_t extended_pcr;
+ pts_meas_algorithms_t algo;
+ pts_pcr_transform_t transform;
+ time_t measurement_time;
+ chunk_t measurement, pcr_before, pcr_after;
+ pcr_entry_t *entry;
+
+ measurement = evidence->get_measurement(evidence, &extended_pcr,
+ &algo, &transform, &measurement_time);
+ if (extended_pcr != PCR_DEBUG)
+ {
+ return FAILED;
+ }
+
+ /* TODO check measurement in database */
+
+ has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
+ if (has_pcr_info)
+ {
+ entry = malloc_thing(pcr_entry_t);
+ entry->pcr_number = extended_pcr;
+ memcpy(entry->pcr_value, pcr_after.ptr, PCR_LEN);
+ pts->add_pcr_entry(pts, entry);
+ }
+
+ return SUCCESS;
}
METHOD(pts_component_t, destroy, void,
--- /dev/null
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu, Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pts/components/pts_comp_evidence.h"
+
+#include <debug.h>
+
+typedef struct private_pts_comp_evidence_t private_pts_comp_evidence_t;
+
+/**
+ * Private data of a pts_comp_evidence_t object.
+ */
+struct private_pts_comp_evidence_t {
+
+ /**
+ * Public pts_comp_evidence_t interface.
+ */
+ pts_comp_evidence_t public;
+
+ /**
+ * Component Functional Name
+ */
+ pts_comp_func_name_t *name;
+
+ /**
+ * Sub-Component Depth
+ */
+ u_int32_t depth;
+
+ /**
+ * Measurement Time
+ */
+ time_t measurement_time;
+
+ /**
+ * Measurement Time
+ */
+ chunk_t measurement;
+
+ /**
+ * Measurement Hash Algorithm
+ */
+ pts_meas_algorithms_t hash_algorithm;
+
+ /**
+ * Is PCR Information included?
+ */
+ bool has_pcr_info;
+
+ /**
+ * PCR the measurement was extended into
+ */
+ u_int32_t extended_pcr;
+
+ /**
+ * PCR value before extension
+ */
+ chunk_t pcr_before;
+
+ /**
+ * PCR value after extension
+ */
+ chunk_t pcr_after;
+
+ /**
+ * Transformation used for extending measurement into PCR
+ */
+ pts_pcr_transform_t transform;
+
+ /**
+ * Component Validation Result
+ */
+ pts_comp_evid_validation_t validation;
+
+ /**
+ * Verification Policy URI
+ */
+ chunk_t policy_uri;
+
+};
+
+METHOD(pts_comp_evidence_t, get_comp_func_name, pts_comp_func_name_t*,
+ private_pts_comp_evidence_t *this, u_int32_t *depth)
+{
+ if (depth)
+ {
+ *depth = this->depth;
+ }
+ return this->name;
+}
+
+METHOD(pts_comp_evidence_t, get_extended_pcr, u_int32_t,
+ private_pts_comp_evidence_t *this)
+{
+ return this->extended_pcr;
+}
+METHOD(pts_comp_evidence_t, get_measurement, chunk_t,
+ private_pts_comp_evidence_t *this, u_int32_t *extended_pcr,
+ pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform,
+ time_t *measurement_time)
+{
+ if (extended_pcr)
+ {
+ *extended_pcr = this->extended_pcr;
+ }
+ if (algo)
+ {
+ *algo = this->hash_algorithm;
+ }
+ if (transform)
+ {
+ *transform = this->transform;
+ }
+ if (measurement_time)
+ {
+ *measurement_time = this->measurement_time;
+ }
+ return this->measurement;
+}
+
+METHOD(pts_comp_evidence_t, get_pcr_info, bool,
+ private_pts_comp_evidence_t *this, chunk_t *pcr_before, chunk_t *pcr_after)
+{
+ if (pcr_before)
+ {
+ *pcr_before = this->pcr_before;
+ }
+ if (pcr_after)
+ {
+ *pcr_after = this->pcr_after;
+ }
+ return this->has_pcr_info;
+}
+
+METHOD(pts_comp_evidence_t, set_pcr_info, void,
+ private_pts_comp_evidence_t *this, chunk_t pcr_before, chunk_t pcr_after)
+{
+ this->has_pcr_info = TRUE;
+ this->pcr_before = pcr_before;
+ this->pcr_after = pcr_after;
+
+ DBG2(DBG_PTS, "PCR %2d before value : %#B", this->extended_pcr, &pcr_before);
+ DBG2(DBG_PTS, "PCR %2d after value : %#B", this->extended_pcr, &pcr_after);
+}
+
+METHOD(pts_comp_evidence_t, get_validation, pts_comp_evid_validation_t,
+ private_pts_comp_evidence_t *this, chunk_t *uri)
+{
+ if (uri)
+ {
+ *uri = this->policy_uri;
+ }
+ return this->validation;
+}
+
+METHOD(pts_comp_evidence_t, set_validation, void,
+ private_pts_comp_evidence_t *this, pts_comp_evid_validation_t validation,
+ chunk_t uri)
+{
+ this->validation = validation;
+ this->policy_uri = chunk_clone(uri);
+}
+
+METHOD(pts_comp_evidence_t, destroy, void,
+ private_pts_comp_evidence_t *this)
+{
+ this->name->destroy(this->name);
+ free(this->measurement.ptr);
+ free(this->pcr_before.ptr);
+ free(this->pcr_after.ptr);
+ free(this->policy_uri.ptr);
+ free(this);
+}
+
+/**
+ * See header
+ */
+pts_comp_evidence_t *pts_comp_evidence_create(pts_comp_func_name_t *name,
+ u_int32_t depth,
+ u_int32_t extended_pcr,
+ pts_meas_algorithms_t algo,
+ pts_pcr_transform_t transform,
+ time_t measurement_time,
+ chunk_t measurement)
+{
+ private_pts_comp_evidence_t *this;
+
+ INIT(this,
+ .public = {
+ .get_comp_func_name = _get_comp_func_name,
+ .get_extended_pcr = _get_extended_pcr,
+ .get_measurement = _get_measurement,
+ .get_pcr_info = _get_pcr_info,
+ .set_pcr_info = _set_pcr_info,
+ .get_validation = _get_validation,
+ .set_validation = _set_validation,
+ .destroy = _destroy,
+ },
+ .name = name->clone(name),
+ .depth = depth,
+ .extended_pcr = extended_pcr,
+ .hash_algorithm = algo,
+ .transform = transform,
+ .measurement_time = measurement_time,
+ .measurement = measurement,
+ );
+
+ name->log(name, "");
+ DBG2(DBG_PTS, "PCR %2d extended with: %#B", extended_pcr, &measurement);
+
+ return &this->public;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu, Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pts_comp_evidence pts_comp_evidence
+ * @{ @ingroup pts
+ */
+
+#ifndef PTS_COMP_EVIDENCE_H_
+#define PTS_COMP_EVIDENCE_H_
+
+typedef struct pts_comp_evidence_t pts_comp_evidence_t;
+typedef enum pts_pcr_transform_t pts_pcr_transform_t;
+typedef enum pts_comp_evid_validation_t pts_comp_evid_validation_t;
+
+#include "pts/pts_meas_algo.h"
+#include "pts/components/pts_comp_func_name.h"
+
+#include <library.h>
+
+/**
+ * PTS PCR Transformations
+ */
+enum pts_pcr_transform_t {
+ /** No Transformation */
+ PTS_PCR_TRANSFORM_NO = 0,
+ /** Hash Value matched PCR size */
+ PTS_PCR_TRANSFORM_MATCH = 1,
+ /** Hash value shorter than PCR size */
+ PTS_PCR_TRANSFORM_SHORT = 2,
+ /** Hash value longer than PCR size */
+ PTS_PCR_TRANSFORM_LONG = 3,
+};
+
+/**
+ * PTS Component Evidence Validation Result Flags
+ */
+enum pts_comp_evid_validation_t {
+ /** No Validation was attempted */
+ PTS_COMP_EVID_VALIDATION_NONE = 0x00,
+ /** Attempted validation, unable to verify */
+ PTS_COMP_EVID_VALIDATION_UNABLE = 0x20,
+ /** Attempted validation, verification failed */
+ PTS_COMP_EVID_VALIDATION_FAILED = 0x40,
+ /** Attempted validation, verification passed */
+ PTS_COMP_EVID_VALIDATION_PASSED = 0x60,
+};
+
+/**
+ * PTS Functional Component Interface
+ */
+struct pts_comp_evidence_t {
+
+ /**
+ * Gets the Component Functional Name and Sub-Component Depth
+ *
+ * @param depth Sub-Component Depth
+ * @result Component Functional Name
+ */
+ pts_comp_func_name_t* (*get_comp_func_name)(pts_comp_evidence_t *this,
+ u_int32_t *depth);
+
+ /**
+ * Gets the PCR the measurement was extended into
+ *
+ * @result PCR the measurement was extended into
+ */
+ u_int32_t (*get_extended_pcr)(pts_comp_evidence_t *this);
+
+ /**
+ * Gets the measurement and the algorithms used
+ *
+ * @param extended_pcr PCR the measurement was extended into
+ * @param algo Measurement hash algorithm
+ * @param transform Transformation used for PCR extension
+ * @param measurement_time Time the measurement was taken
+ * @result Measurement hash value
+ */
+ chunk_t (*get_measurement)(pts_comp_evidence_t *this,
+ u_int32_t *extended_pcr,
+ pts_meas_algorithms_t *algo,
+ pts_pcr_transform_t *transform,
+ time_t *measurement_time);
+
+ /**
+ * Gets the PCR information if available
+ *
+ * @param pcr_before PCR value before extension
+ * @param pcr_after PCR value after extension
+ * @result TRUE if PCR information is available
+ */
+ bool (*get_pcr_info)(pts_comp_evidence_t *this, chunk_t *pcr_before,
+ chunk_t *pcr_after);
+
+ /**
+ * Sets PCR information if available
+ *
+ * @param pcr_before PCR value before extension
+ * @param pcr_after PCR value after extension
+ */
+ void (*set_pcr_info)(pts_comp_evidence_t *this, chunk_t pcr_before,
+ chunk_t pcr_after);
+
+ /**
+ * Gets Validation Result if available
+ *
+ * @param uri Verification Policy URI
+ * @return validation Validation Result
+ */
+ pts_comp_evid_validation_t (*get_validation)(pts_comp_evidence_t *this,
+ chunk_t *uri);
+
+ /**
+ * Sets Validation Result if available
+ *
+ * @param validation Validation Result
+ * @param uri Verification Policy URI
+ */
+ void (*set_validation)(pts_comp_evidence_t *this,
+ pts_comp_evid_validation_t validation, chunk_t uri);
+
+ /**
+ * Destroys a pts_comp_evidence_t object.
+ */
+ void (*destroy)(pts_comp_evidence_t *this);
+
+};
+
+/**
+ * Creates a pts_comp_evidence_t object
+ *
+ * @param name Component Functional Name
+ * @param depth Sub-component depth
+ * @param extended_pcr PCR the measurement was extended into
+ * @param algo Measurement hash algorithm
+ * @param transform Transformation used for PCR extension
+ * @param measurement_time Time the measurement was taken, 0 if unknown
+ * @param measurement Measurement hash value
+ */
+pts_comp_evidence_t* pts_comp_evidence_create(pts_comp_func_name_t *name,
+ u_int32_t depth,
+ u_int32_t extended_pcr,
+ pts_meas_algorithms_t algo,
+ pts_pcr_transform_t transform,
+ time_t measurement_time,
+ chunk_t measurement);
+
+#endif /** PTS_COMP_EVIDENCE_H_ @}*/
typedef struct pts_component_t pts_component_t;
+#include "pts/pts.h"
+#include "pts/pts_database.h"
#include "pts/components/pts_comp_func_name.h"
+#include "pts/components/pts_comp_evidence.h"
#include <library.h>
u_int8_t (*get_evidence_flags)(pts_component_t *this);
/**
- * Do measurements on the PTS Functional Component
+ * Do evidence measurements on the PTS Functional Component
*
- * @return TRUE if component measurements are successful
+ * @param pts PTS interface
+ * @param evidence returns component evidence measureemt
+ * @return status return code
*/
- bool (*measure)(pts_component_t *this);
+ status_t (*measure)(pts_component_t *this, pts_t *pts,
+ pts_comp_evidence_t** evidence);
/**
- * Verify the measurements of the PTS Functional Component
+ * Verify the evidence measurements of the PTS Functional Component
*
- * @return TRUE if verification is successful
+ * @param pts PTS interface
+ * @param pts_db PTS measurement database
+ * @param evidence component evidence measurement to be verified
+ * @return status return code
*/
- bool (*verify)(pts_component_t *this);
+ status_t (*verify)(pts_component_t *this, pts_t *pts,
+ pts_database_t *pts_db,
+ pts_comp_evidence_t *evidence);
/**
* Destroys a pts_component_t object.
#include <bio/bio_reader.h>
#include <debug.h>
+#include <time.h>
+
typedef struct private_tcg_pts_attr_simple_comp_evid_t private_tcg_pts_attr_simple_comp_evid_t;
/**
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | Sub-Component Depth |
+ * | Flags | Sub-Component Depth |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Specific Functional Component |
+ * | Specific Functional Component |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Specific Functional Component |
+ * | Specific Functional Component |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measure. Type | Extended into PCR |
+ * | Measure. Type | Extended into PCR |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Hash Algorithm | PCR Transform | Reserved |
+ * | Hash Algorithm | PCR Transform | Reserved |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement Date/Time |
+ * | Measurement Date/Time |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement Date/Time |
+ * | Measurement Date/Time |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement Date/Time |
+ * | Measurement Date/Time |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement Date/Time |
+ * | Measurement Date/Time |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement Date/Time |
+ * | Measurement Date/Time |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Optional Policy URI Length | Opt. Verification Policy URI ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional Verification Policy URI ~
+ * ~ Optional Verification Policy URI ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Optional PCR Length | Optional PCR Before Value ~
+ * | Optional PCR Length | Optional PCR Before Value ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional PCR Before Value (Variable Length) ~
+ * ~ Optional PCR Before Value (Variable Length) ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional PCR After Value (Variable Length) ~
+ * ~ Optional PCR After Value (Variable Length) ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Component Measurement (Variable Length) ~
+ * ~ Component Measurement (Variable Length) ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Component Functional Name Vendor ID |Fam| Qualifier |
+ * | Component Functional Name Vendor ID |Fam| Qualifier |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Component Functional Name |
+ * | Component Functional Name |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*
*/
#define PTS_SIMPLE_COMP_EVID_SIZE 40
-#define PTS_SIMPLE_COMP_EVID_MEASUREMENT_TIME_SIZE 20
+#define PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE 20
#define PTS_SIMPLE_COMP_EVID_RESERVED 0x00
+#define PTS_SIMPLE_COMP_EVID_FAMILY_MASK 0xC0
+#define PTS_SIMPLE_COMP_EVID_VALIDATION_MASK 0x60
+#define PTS_SIMPLE_COMP_EVID_MEAS_TYPE (1<<7)
+#define PTS_SIMPLE_COMP_EVID_FLAG_PCR (1<<7)
/**
* Private data of an tcg_pts_attr_simple_comp_evid_t object.
bool noskip_flag;
/**
- * Set of flags for Simple Component Evidence
- */
- pts_attr_simple_comp_evid_flag_t flags;
-
- /**
- * PCR Information included
- */
- bool pcr_info_included;
-
- /**
- * Sub-component Depth
- */
- u_int32_t depth;
-
- /**
- * Component Functional Name
- */
- pts_comp_func_name_t *name;
-
- /**
- * Measurement type
- */
- u_int8_t measurement_type;
-
- /**
- * Which PCR the functional component is extended into
- */
- u_int32_t extended_pcr;
-
- /**
- * Hash Algorithm
- */
- pts_meas_algorithms_t hash_algorithm;
-
- /**
- * Transformation type for PCR
- */
- pts_pcr_transform_t transformation;
-
- /**
- * Measurement time
- */
- chunk_t measurement_time;
-
- /**
- * Optional Policy URI
- */
- chunk_t policy_uri;
-
- /**
- * Optional PCR before value
- */
- chunk_t pcr_before;
-
- /**
- * Optional PCR after value
- */
- chunk_t pcr_after;
-
- /**
- * Component Measurement
+ * PTS Component Evidence
*/
- chunk_t measurement;
+ pts_comp_evidence_t *evidence;
};
private_tcg_pts_attr_simple_comp_evid_t *this)
{
bio_writer_t *writer;
- u_int8_t flags = 0;
+ bool has_pcr_info;
+ char *utc_time_str, utc_time_buf[25];
+ u_int8_t flags;
+ u_int32_t depth, extended_pcr;
+ pts_comp_func_name_t *name;
+ pts_meas_algorithms_t hash_algorithm;
+ pts_pcr_transform_t transform;
+ pts_comp_evid_validation_t validation;
+ time_t measurement_time;
+ chunk_t measurement, utc_time, pcr_before, pcr_after, policy_uri;
+
+ /* Extract parameters from comp_evidence_t object */
+ name = this->evidence->get_comp_func_name(this->evidence,
+ &depth);
+ measurement = this->evidence->get_measurement(this->evidence,
+ &extended_pcr, &hash_algorithm, &transform,
+ &measurement_time);
+ has_pcr_info = this->evidence->get_pcr_info(this->evidence,
+ &pcr_before, &pcr_after);
+ validation = this->evidence->get_validation(this->evidence,
+ &policy_uri);
- writer = bio_writer_create(PTS_SIMPLE_COMP_EVID_SIZE);
/* Determine the flags to set*/
- if (this->pcr_info_included)
+ flags = validation;
+ if (has_pcr_info)
{
- flags += 128;
+ flags |= PTS_SIMPLE_COMP_EVID_FLAG_PCR;
}
- if (this->flags == PTS_SIMPLE_COMP_EVID_FLAG_NO_VER)
- {
- flags += 32;
- }
- else if (this->flags == PTS_SIMPLE_COMP_EVID_FLAG_VER_FAIL)
+
+ /* Form the UTC measurement time string */
+ if (measurement_time == UNDEFINED_TIME)
{
- flags += 64;
+ utc_time_str = "0000-00-00T00:00:00Z";
}
- else if (this->flags == PTS_SIMPLE_COMP_EVID_FLAG_VER_PASS)
+ else
{
- flags += 96;
+ struct tm t;
+
+ gmtime_r(&measurement_time, &t);
+ utc_time_str = utc_time_buf;
+ sprintf(utc_time_str, "%04d-%.02d-%.02dT%.02d:%.02d:%.02dZ",
+ t.tm_year + 1900, t.tm_mon + 1, t.tm_mday,
+ t.tm_hour, t.tm_min, t.tm_sec);
}
+ utc_time = chunk_create(utc_time_str, PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE);
+
+ writer = bio_writer_create(PTS_SIMPLE_COMP_EVID_SIZE);
writer->write_uint8 (writer, flags);
- writer->write_uint24(writer, this->depth);
- writer->write_uint24(writer, this->name->get_vendor_id(this->name));
- writer->write_uint8 (writer, this->name->get_qualifier(this->name));
- writer->write_uint32(writer, this->name->get_name(this->name));
- writer->write_uint8 (writer, (this->measurement_type << 7));
- writer->write_uint24(writer, this->extended_pcr);
- writer->write_uint16(writer, this->hash_algorithm);
- writer->write_uint8 (writer, this->transformation);
- writer->write_data (writer, this->measurement_time);
+ writer->write_uint24(writer, depth);
+ writer->write_uint24(writer, name->get_vendor_id(name));
+ writer->write_uint8 (writer, name->get_qualifier(name));
+ writer->write_uint32(writer, name->get_name(name));
+ writer->write_uint8 (writer, PTS_SIMPLE_COMP_EVID_MEAS_TYPE);
+ writer->write_uint24(writer, extended_pcr);
+ writer->write_uint16(writer, hash_algorithm);
+ writer->write_uint8 (writer, transform);
+ writer->write_uint8 (writer, PTS_SIMPLE_COMP_EVID_RESERVED);
+ writer->write_data (writer, utc_time);
/* Optional fields */
- if (this->policy_uri.ptr && this->policy_uri.len > 0)
+ if (validation == PTS_COMP_EVID_VALIDATION_FAILED ||
+ validation == PTS_COMP_EVID_VALIDATION_PASSED)
{
- writer->write_uint16(writer, this->policy_uri.len);
- writer->write_data (writer, this->policy_uri);
+ writer->write_uint16(writer, policy_uri.len);
+ writer->write_data (writer, policy_uri);
}
- if (this->pcr_before.ptr && this->pcr_after.ptr &&
- this->pcr_before.len == this->pcr_after.len &&
- this->pcr_before.len > 0 && this->pcr_after.len > 0)
+ if (has_pcr_info)
{
- writer->write_uint16(writer, this->pcr_before.len);
- writer->write_data (writer, this->pcr_before);
- writer->write_data (writer, this->pcr_after);
+ writer->write_uint16(writer, pcr_before.len);
+ writer->write_data (writer, pcr_before);
+ writer->write_data (writer, pcr_after);
}
- if (this->measurement.ptr && this->measurement.len > 0)
- {
- writer->write_data (writer, this->measurement);
- }
+ writer->write_data(writer, measurement);
this->value = chunk_clone(writer->get_buf(writer));
writer->destroy(writer);
private_tcg_pts_attr_simple_comp_evid_t *this, u_int32_t *offset)
{
bio_reader_t *reader;
- u_int8_t flags, fam_and_qualifier, qualifier;
- u_int8_t measurement_type, transformation;
- u_int16_t algorithm;
- u_int32_t vendor_id, name, measurement_len;
-
+ pts_comp_func_name_t *name;
+ u_int8_t flags, fam_and_qualifier, qualifier, reserved;
+ u_int8_t measurement_type, transform, validation;
+ u_int16_t hash_algorithm, len;
+ u_int32_t depth, vendor_id, comp_name, extended_pcr;
+ chunk_t measurement, utc_time, policy_uri, pcr_before, pcr_after;
+ time_t measurement_time;
+ bool has_pcr_info = FALSE, has_validation = FALSE;
+
if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Simple Component Evidence");
}
reader = bio_reader_create(this->value);
- reader->read_uint8(reader, &flags);
- /* Determine the flags to set*/
- if ((flags >> 7) & 1)
- {
- this->pcr_info_included = TRUE;
- }
- if (!((flags >> 6) & 1) && !((flags >> 5) & 1))
- {
- this->flags = PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID;
- }
- else if (!((flags >> 6) & 1) && ((flags >> 5) & 1))
- {
- this->flags = PTS_SIMPLE_COMP_EVID_FLAG_NO_VER;
- }
- else if (((flags >> 6) & 1) && !((flags >> 5) & 1))
- {
- this->flags = PTS_SIMPLE_COMP_EVID_FLAG_VER_FAIL;
- }
- else if (((flags >> 6) & 1) && ((flags >> 5) & 1))
- {
- this->flags = PTS_SIMPLE_COMP_EVID_FLAG_VER_PASS;
- }
-
- reader->read_uint24(reader, &this->depth);
+ reader->read_uint8 (reader, &flags);
+ reader->read_uint24(reader, &depth);
reader->read_uint24(reader, &vendor_id);
reader->read_uint8 (reader, &fam_and_qualifier);
- reader->read_uint32(reader, &name);
+ reader->read_uint32(reader, &comp_name);
reader->read_uint8 (reader, &measurement_type);
- reader->read_uint24(reader, &this->extended_pcr);
- reader->read_uint16(reader, &algorithm);
- reader->read_uint8 (reader, &transformation);
- reader->read_data (reader, PTS_SIMPLE_COMP_EVID_MEASUREMENT_TIME_SIZE,
- &this->measurement_time);
+ reader->read_uint24(reader, &extended_pcr);
+ reader->read_uint16(reader, &hash_algorithm);
+ reader->read_uint8 (reader, &transform);
+ reader->read_uint8 (reader, &reserved);
+ reader->read_data (reader, PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE, &utc_time);
- qualifier = fam_and_qualifier & (!PTS_SIMPLE_COMP_EVID_FAMILY_MASK);
-
- this->name = pts_comp_func_name_create(vendor_id, name, qualifier);
- this->measurement_type = (measurement_type >> 7 ) & 1;
- this->hash_algorithm = algorithm;
- this->transformation = transformation;
- this->measurement_time = chunk_clone(this->measurement_time);
-
- /* Optional Policy URI field is included */
- if ((this->flags == PTS_SIMPLE_COMP_EVID_FLAG_VER_FAIL) ||
- (this->flags == PTS_SIMPLE_COMP_EVID_FLAG_VER_PASS))
+ if (measurement_type != PTS_SIMPLE_COMP_EVID_MEAS_TYPE)
{
- u_int16_t policy_uri_len;
- reader->read_uint16(reader, &policy_uri_len);
- reader->read_data(reader, policy_uri_len, &this->policy_uri);
- this->policy_uri = chunk_clone(this->policy_uri);
+ DBG1(DBG_TNC, "unsupported Measurement Type in Simple Component Evidence");
+ *offset = 12;
+ reader->destroy(reader);
+ return FAILED;
+ }
+
+ validation = flags & PTS_SIMPLE_COMP_EVID_VALIDATION_MASK;
+ qualifier = fam_and_qualifier & ~PTS_SIMPLE_COMP_EVID_FAMILY_MASK;
+
+ /* TODO Parse the UTC time string */
+ measurement_time = 0;
+
+ /* Is optional Policy URI field included? */
+ if (validation == PTS_COMP_EVID_VALIDATION_FAILED ||
+ validation == PTS_COMP_EVID_VALIDATION_PASSED)
+ {
+ reader->read_uint16(reader, &len);
+ reader->read_data(reader, len, &policy_uri);
+ has_validation = TRUE;
}
- /* Optional PCR value fields are included */
- if (this->pcr_info_included)
+ /* Are optional PCR value fields included? */
+ if (flags & PTS_SIMPLE_COMP_EVID_FLAG_PCR)
{
- u_int16_t pcr_value_len;
- reader->read_uint16(reader, &pcr_value_len);
- reader->read_data(reader, pcr_value_len, &this->pcr_before);
- this->pcr_before = chunk_clone(this->pcr_before);
- reader->read_data(reader, pcr_value_len, &this->pcr_after);
- this->pcr_after = chunk_clone(this->pcr_after);
+ reader->read_uint16(reader, &len);
+ reader->read_data(reader, len, &pcr_before);
+ reader->read_data(reader, len, &pcr_after);
+ has_pcr_info = TRUE;
}
- measurement_len = reader->remaining(reader);
- reader->read_data(reader, measurement_len, &this->measurement);
- this->measurement = chunk_clone(this->measurement);
+ /* Measurement field comes at the very end */
+ reader->read_data(reader,reader->remaining(reader), &measurement);
reader->destroy(reader);
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- free(this->value.ptr);
- free(this->measurement_time.ptr);
- free(this->policy_uri.ptr);
- free(this->pcr_before.ptr);
- free(this->pcr_after.ptr);
- free(this->measurement.ptr);
- free(this);
-}
-
-METHOD(tcg_pts_attr_simple_comp_evid_t, is_pcr_info_included, bool,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->pcr_info_included;
-}
-
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_flags, pts_attr_simple_comp_evid_flag_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->flags;
-}
-
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_sub_component_depth, u_int32_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->depth;
-}
-
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_comp_func_name, pts_comp_func_name_t*,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->name;
-}
-
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_measurement_type, u_int8_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->measurement_type;
-}
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_extended_pcr, u_int32_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->extended_pcr;
-}
+ /* Create Component Functional Name object */
+ name = pts_comp_func_name_create(vendor_id, comp_name, qualifier);
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_hash_algorithm, pts_meas_algorithms_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->hash_algorithm;
-}
+ /* Create Component Evidence object */
+ measurement = chunk_clone(measurement);
+ this->evidence = pts_comp_evidence_create(name, depth, extended_pcr,
+ hash_algorithm, transform,
+ measurement_time, measurement);
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_pcr_trans, pts_pcr_transform_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->transformation;
-}
-
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_measurement_time, chunk_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->measurement_time;
-}
-
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_policy_uri, chunk_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->policy_uri;
-}
-
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_pcr_before_value, chunk_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->pcr_before;
-}
+ /* Add options */
+ if (has_validation)
+ {
+ policy_uri = chunk_clone(policy_uri);
+ this->evidence->set_validation(this->evidence, validation, policy_uri);
+ }
+ if (has_pcr_info)
+ {
+ pcr_before = chunk_clone(pcr_before);
+ pcr_after = chunk_clone(pcr_after);
+ this->evidence->set_pcr_info(this->evidence, pcr_before, pcr_after);
+ }
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_pcr_after_value, chunk_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->pcr_after;
+ return SUCCESS;
}
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_pcr_len, u_int16_t,
+METHOD(pa_tnc_attr_t, destroy, void,
private_tcg_pts_attr_simple_comp_evid_t *this)
{
- if (this->pcr_before.ptr && this->pcr_after.ptr &&
- this->pcr_before.len == this->pcr_after.len &&
- this->pcr_before.len > 0 && this->pcr_after.len > 0)
- {
- return this->pcr_before.len;
- }
- return 0;
+ this->evidence->destroy(this->evidence);
+ free(this);
}
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_comp_measurement, chunk_t,
+METHOD(tcg_pts_attr_simple_comp_evid_t, get_comp_evidence, pts_comp_evidence_t*,
private_tcg_pts_attr_simple_comp_evid_t *this)
{
- return this->measurement;
+ return this->evidence;
}
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(tcg_pts_attr_simple_comp_evid_params_t params)
+pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid)
{
private_tcg_pts_attr_simple_comp_evid_t *this;
.process = _process,
.destroy = _destroy,
},
- .is_pcr_info_included = _is_pcr_info_included,
- .get_flags= _get_flags,
- .get_sub_component_depth = _get_sub_component_depth,
- .get_comp_func_name = _get_comp_func_name,
- .get_measurement_type = _get_measurement_type,
- .get_extended_pcr = _get_extended_pcr,
- .get_hash_algorithm = _get_hash_algorithm,
- .get_pcr_trans = _get_pcr_trans,
- .get_measurement_time = _get_measurement_time,
- .get_policy_uri = _get_policy_uri,
- .get_pcr_before_value = _get_pcr_before_value,
- .get_pcr_after_value = _get_pcr_after_value,
- .get_pcr_len = _get_pcr_len,
- .get_comp_measurement = _get_comp_measurement,
+ .get_comp_evidence = _get_comp_evidence,
},
.vendor_id = PEN_TCG,
.type = TCG_PTS_SIMPLE_COMP_EVID,
- .pcr_info_included = params.pcr_info_included,
- .flags = params.flags,
- .depth = params.depth,
- .name = params.name,
- .extended_pcr = params.extended_pcr,
- .hash_algorithm = params.hash_algorithm,
- .transformation = params.transformation,
- .measurement_time = params.measurement_time,
- .policy_uri = chunk_clone(params.policy_uri),
- .pcr_before = params.pcr_before,
- .pcr_after = params.pcr_after,
- .measurement = params.measurement,
+ .evidence = evid,
);
return &this->public.pa_tnc_attribute;
.process = _process,
.destroy = _destroy,
},
- .is_pcr_info_included = _is_pcr_info_included,
- .get_flags= _get_flags,
- .get_sub_component_depth = _get_sub_component_depth,
- .get_comp_func_name = _get_comp_func_name,
- .get_measurement_type = _get_measurement_type,
- .get_extended_pcr = _get_extended_pcr,
- .get_hash_algorithm = _get_hash_algorithm,
- .get_pcr_trans = _get_pcr_trans,
- .get_measurement_time = _get_measurement_time,
- .get_policy_uri = _get_policy_uri,
- .get_pcr_before_value = _get_pcr_before_value,
- .get_pcr_after_value = _get_pcr_after_value,
- .get_pcr_len = _get_pcr_len,
- .get_comp_measurement = _get_comp_measurement,
+ .get_comp_evidence = _get_comp_evidence,
},
.vendor_id = PEN_TCG,
.type = TCG_PTS_SIMPLE_COMP_EVID,
#define TCG_PTS_ATTR_SIMPLE_COMP_EVID_H_
typedef struct tcg_pts_attr_simple_comp_evid_t tcg_pts_attr_simple_comp_evid_t;
-typedef enum pts_attr_simple_comp_evid_flag_t pts_attr_simple_comp_evid_flag_t;
-typedef enum pts_pcr_transform_t pts_pcr_transform_t;
-typedef struct tcg_pts_attr_simple_comp_evid_params_t tcg_pts_attr_simple_comp_evid_params_t;
#include "tcg_attr.h"
-#include "pts/pts_meas_algo.h"
-#include "pts/components/pts_comp_func_name.h"
+#include "pts/components/pts_comp_evidence.h"
#include "pa_tnc/pa_tnc_attr.h"
-#define PTS_SIMPLE_COMP_EVID_FAMILY_MASK 0xC0
-
-/**
- * PTS Simple Component Evidence Flags
- */
-enum pts_attr_simple_comp_evid_flag_t {
- /** No Validation was attempted */
- PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID = 1,
- /** Attempted validation, unable to verify */
- PTS_SIMPLE_COMP_EVID_FLAG_NO_VER = 2,
- /** Attempted validation, verification failed */
- PTS_SIMPLE_COMP_EVID_FLAG_VER_FAIL = 3,
- /** Attempted validation, verification passed */
- PTS_SIMPLE_COMP_EVID_FLAG_VER_PASS = 4,
-};
-
-/**
- * PTS PCR Transformations
- */
-enum pts_pcr_transform_t {
- /** No Transformation */
- PTS_PCR_TRANSFORM_NO = 0,
- /** Hash Value matched PCR size */
- PTS_PCR_TRANSFORM_MATCH = 1,
- /** Hash value shorter than PCR size */
- PTS_PCR_TRANSFORM_SHORT = 2,
- /** Hash value longer than PCR size */
- PTS_PCR_TRANSFORM_LONG = 3,
-};
-
-/**
- * Parameters for Simple Component Evidence Attribute
- */
-struct tcg_pts_attr_simple_comp_evid_params_t {
- bool pcr_info_included;
- pts_attr_simple_comp_evid_flag_t flags;
- u_int32_t depth;
- pts_comp_func_name_t *name;
- u_int32_t extended_pcr;
- pts_meas_algorithms_t hash_algorithm;
- pts_pcr_transform_t transformation;
- chunk_t measurement_time;
- chunk_t policy_uri;
- chunk_t pcr_before;
- chunk_t pcr_after;
- chunk_t measurement;
-};
-
/**
* Class implementing the TCG PTS Simple Component Evidence attribute
*
pa_tnc_attr_t pa_tnc_attribute;
/**
- * Is Optional PCR Information fields included
- *
- * @return TRUE if included, FALSE otherwise
- */
- bool (*is_pcr_info_included)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get flags for PTS Simple Component Evidence
- *
- * @return Set of flags
- */
- pts_attr_simple_comp_evid_flag_t (*get_flags)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get Sub-component Depth
- *
- * @return Sub-component Depth
- */
- u_int32_t (*get_sub_component_depth)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get Special Component Functional Name
- *
- * @return Component Functional Name
- */
- pts_comp_func_name_t* (*get_comp_func_name)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get Measurement Type
- *
- * @return Measurement Type
- */
- u_int8_t (*get_measurement_type)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get which PCR the functional component is extended into
- *
- * @return Number of PCR
- */
- u_int32_t (*get_extended_pcr)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get Hash Algorithm
- *
- * @return Hash Algorithm
- */
- pts_meas_algorithms_t (*get_hash_algorithm)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get PCR Transformation
- *
- * @return Transformation type of PCR
- */
- pts_pcr_transform_t (*get_pcr_trans)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get Measurement Time
- *
- * @return Measurement time
- */
- chunk_t (*get_measurement_time)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get Optional Policy URI
- *
- * @return Policy URI
- */
- chunk_t (*get_policy_uri)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get Optional PCR Length
- *
- * @return Length of PCR before/after values
- */
- u_int16_t (*get_pcr_len)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get Optional PCR before value
- *
- * @return PCR before value
- */
- chunk_t (*get_pcr_before_value)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get Optional PCR after value
- *
- * @return PCR after value
- */
- chunk_t (*get_pcr_after_value)(tcg_pts_attr_simple_comp_evid_t *this);
-
- /**
- * Get Component Measurement
+ * Get Component Evidence
*
- * @return Component Measurement Hash
+ * @return Component Evidence
*/
- chunk_t (*get_comp_measurement)(tcg_pts_attr_simple_comp_evid_t *this);
+ pts_comp_evidence_t* (*get_comp_evidence)(tcg_pts_attr_simple_comp_evid_t *this);
};
/**
* Creates an tcg_pts_attr_simple_comp_evid_t object
*
- * @param params Struct of parameters
+ * @param evid Component Evidence
*/
-pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create(tcg_pts_attr_simple_comp_evid_params_t params);
+pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid);
/**
* Creates an tcg_pts_attr_simple_comp_evid_t object from received data
projects / thirdparty / strongswan.git / commitdiff
