Optional Composite Hash Algorithm field is always present, has value of all zeroes if was not used
{
enumerator_t *e;
pts_simple_evid_final_flag_t flags;
+ pts_meas_algorithms_t composite_algorithm = 0;
chunk_t pcr_composite, quote_signature;
u_int32_t num_of_evidences, i = 0;
u_int32_t *pcrs;
/* Send Simple Evidence Final attribute */
flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO;
+ composite_algorithm |= PTS_MEAS_ALGO_SHA1;
- attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags, 0,
- pcr_composite, quote_signature, chunk_empty);
+ attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags,
+ composite_algorithm, pcr_composite,
+ quote_signature, chunk_empty);
attr_list->insert_last(attr_list, attr);
DESTROY_IF(e);
{
tcg_pts_attr_simple_evid_final_t *attr_cast;
pts_simple_evid_final_flag_t flags;
+ pts_meas_algorithms_t composite_algorithm;
chunk_t pcr_comp;
chunk_t tpm_quote_sign;
chunk_t evid_sign;
bool evid_signature_included;
-
- /** TODO: Ignoring Composite Hash Algorithm field
- * No flag defined which indicates the precense of it
- */
+
attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
evid_signature_included = attr_cast->is_evid_sign_included(attr_cast);
flags = attr_cast->get_flags(attr_cast);
+
+ /** Optional Composite Hash Algorithm field is always present
+ * Field has value of all zeroes if not used.
+ * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
+ */
+ composite_algorithm = attr_cast->get_comp_hash_algorithm(attr_cast);
if ((flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2) ||
(flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER))
tpm_quote_sign = attr_cast->get_tpm_quote_sign(attr_cast);
/* Construct PCR Composite and TPM Quote Info structures*/
- if (!pts->get_quote_info(pts, &pcr_composite, "e_info))
+ if (!pts->get_quote_info(pts, composite_algorithm,
+ &pcr_composite, "e_info))
{
DBG1(DBG_IMV, "unable to contruct TPM Quote Info");
return FALSE;
}
- /* Check calculated PCR composite structure matches with received */
+ /* Check calculated PCR composite matches with received */
if (pcr_comp.ptr && !chunk_equals(pcr_comp, pcr_composite))
{
DBG1(DBG_IMV, "received PCR Compsosite didn't match"
*/
METHOD(pts_t, get_quote_info, bool,
- private_pts_t *this, chunk_t *out_pcr_composite, chunk_t *out_quote_info)
+ private_pts_t *this, pts_meas_algorithms_t composite_algo,
+ chunk_t *out_pcr_composite, chunk_t *out_quote_info)
{
enumerator_t *e;
pcr_entry_t *pcr_entry;
- chunk_t pcr_composite;
+ chunk_t pcr_composite, hash_pcr_composite;
u_int32_t pcr_composite_len;
bio_writer_t *writer;
u_int8_t mask_bytes[PCR_MASK_LEN] = {0,0,0}, i;
writer->write_uint8(writer, 'O');
writer->write_uint8(writer, 'T');
- /* SHA1 hash of PCR Composite Structure */
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- hasher->allocate_hash(hasher, pcr_composite, out_pcr_composite);
- DBG4(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite);
+ /* Output the TPM_PCR_COMPOSITE expected from IMC */
+ if (composite_algo)
+ {
+ hash_algorithm_t algo;
+
+ algo = pts_meas_algo_to_hash(composite_algo);
+ hasher = lib->crypto->create_hasher(lib->crypto, algo);
- chunk_clear(&pcr_composite);
+ /* Hash the PCR Composite Structure */
+ hasher->allocate_hash(hasher, pcr_composite, out_pcr_composite);
+ DBG4(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite);
+ hasher->destroy(hasher);
+ }
+ else
+ {
+ *out_pcr_composite = chunk_clone(pcr_composite);
+ DBG4(DBG_PTS, "calculated PCR Composite: %B", out_pcr_composite);
+ }
+
+ /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ hasher->allocate_hash(hasher, pcr_composite, &hash_pcr_composite);
hasher->destroy(hasher);
- writer->write_data(writer, *out_pcr_composite);
+
+ writer->write_data(writer, hash_pcr_composite);
+ chunk_clear(&pcr_composite);
+ chunk_clear(&hash_pcr_composite);
if (!this->secret.ptr)
{
* @param quote_info Output variable to store TPM Quote Info
* @return FALSE in case of any error, TRUE otherwise
*/
- bool (*get_quote_info)(pts_t *this, chunk_t *pcr_composite,
- chunk_t *quote_info);
+ bool (*get_quote_info)(pts_t *this, pts_meas_algorithms_t composite_algo,
+ chunk_t *pcr_composite, chunk_t *quote_info);
/**
* Constructs and returns PCR Quote Digest structure expected from IMC
writer->write_uint8 (writer, flags);
writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED);
+ /** Optional Composite Hash Algorithm field is always present
+ * Field has value of all zeroes if not used.
+ * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
+ */
+ writer->write_uint16(writer, this->comp_hash_algorithm);
+
/* Optional fields */
- if (this->comp_hash_algorithm)
- {
- writer->write_uint16(writer, this->comp_hash_algorithm);
- }
if (this->pcr_comp.ptr && this->pcr_comp.len > 0)
{
writer->write_uint32 (writer, this->pcr_comp.len);
bio_reader_t *reader;
u_int8_t flags;
u_int8_t reserved;
- /** u_int16_t algorithm;*/
+ u_int16_t algorithm;
if (this->value.len < PTS_SIMPLE_EVID_FINAL_SIZE)
{
}
reader->read_uint8(reader, &reserved);
+
+ /** Optional Composite Hash Algorithm field is always present
+ * Field has value of all zeroes if not used.
+ * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
+ */
+
+ reader->read_uint16(reader, &algorithm);
+ this->comp_hash_algorithm = algorithm;
/* Optional Composite Hash Algorithm and TPM PCR Composite field is included */
if (this->flags != PTS_SIMPLE_EVID_FINAL_FLAG_NO)
{
u_int32_t pcr_comp_len, tpm_quote_sign_len;
- /** TODO: Ignoring Hashing algorithm field
- * There is no flag defined which indicates the precense of it
- * reader->read_uint16(reader, &algorithm);
- * this->comp_hash_algorithm = algorithm;
- */
-
reader->read_uint32(reader, &pcr_comp_len);
reader->read_data(reader, pcr_comp_len, &this->pcr_comp);
this->pcr_comp = chunk_clone(this->pcr_comp);
projects / thirdparty / strongswan.git / commitdiff
