case TCG_PTS_SIMPLE_EVID_FINAL:
{
tcg_pts_attr_simple_evid_final_t *attr_cast;
- pts_simple_evid_final_flag_t flags;
- pts_meas_algorithms_t composite_algorithm;
- chunk_t pcr_comp;
- chunk_t tpm_quote_sign;
- chunk_t evid_sign;
- bool evid_signature_included = FALSE, use_quote2 = FALSE,
- ver_info_included = FALSE;
+ u_int8_t flags;
+ pts_meas_algorithms_t comp_hash_algorithm;
+ chunk_t pcr_comp, tpm_quote_sig, evid_sig;
chunk_t pcr_composite, quote_info;
+ bool use_quote2, use_ver_info;
attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
- evid_signature_included = attr_cast->is_evid_sign_included(attr_cast);
- flags = attr_cast->get_flags(attr_cast);
-
- /** Optional Composite Hash Algorithm field is always present
- * Field has value of all zeroes if not used.
- * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
- */
- composite_algorithm = attr_cast->get_comp_hash_algorithm(attr_cast);
+ flags = attr_cast->get_quote_info(attr_cast, &comp_hash_algorithm,
+ &pcr_comp, &tpm_quote_sig);
- if (flags != PTS_SIMPLE_EVID_FINAL_FLAG_NO)
+ if (flags != PTS_SIMPLE_EVID_FINAL_NO)
{
- if ((flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2) ||
- (flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER))
- {
- use_quote2 = TRUE;
- }
- if (flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER)
- {
- ver_info_included = TRUE;
- }
-
- pcr_comp = attr_cast->get_pcr_comp(attr_cast);
- tpm_quote_sign = attr_cast->get_tpm_quote_sign(attr_cast);
-
- if (!pcr_comp.ptr || !tpm_quote_sign.ptr)
- {
- DBG1(DBG_IMV, "PCR composite: %B", &pcr_comp);
- DBG1(DBG_IMV, "TPM Quote Signature: %B", &tpm_quote_sign);
- DBG1(DBG_IMV, "Either PCR Composite or Quote Signature missing");
- return FALSE;
- }
+ use_quote2 = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 ||
+ flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER);
+ use_ver_info = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER);
/* Construct PCR Composite and TPM Quote Info structures */
- if (!pts->get_quote_info(pts, use_quote2, ver_info_included,
- composite_algorithm, &pcr_composite, "e_info))
+ if (!pts->get_quote_info(pts, use_quote2, use_ver_info,
+ comp_hash_algorithm, &pcr_composite, "e_info))
{
- DBG1(DBG_IMV, "unable to contruct TPM Quote Info");
+ DBG1(DBG_IMV, "unable to compute TPM Quote Info");
return FALSE;
}
if (!chunk_equals(pcr_comp, pcr_composite))
{
- DBG1(DBG_IMV, "received PCR Composite didn't match "
- "with constructed");
- chunk_clear(&pcr_composite);
- chunk_clear("e_info);
+ DBG1(DBG_IMV, "received and computed PCR Composite match");
+ free(pcr_composite.ptr);
+ free(quote_info.ptr);
return FALSE;
}
- DBG2(DBG_IMV, "received PCR Composite matches with constructed");
- chunk_clear(&pcr_composite);
+ DBG2(DBG_IMV, "received and computed PCR Composite do not match");
+ free(pcr_composite.ptr);
- if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sign))
+ if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
{
- chunk_clear("e_info);
+ free(quote_info.ptr);
return FALSE;
}
-
- DBG2(DBG_IMV, "signature verification succeeded for "
- "TPM Quote Info");
- chunk_clear("e_info);
+ DBG2(DBG_IMV, "TPM Quote Info signature verification successful");
+ free(quote_info.ptr);
}
- if (evid_signature_included)
+ if (attr_cast->get_evid_sig(attr_cast, &evid_sig))
{
/** TODO: What to do with Evidence Signature */
- evid_sign = attr_cast->get_evid_sign(attr_cast);
- DBG1(DBG_IMV, "This version of Attestation IMV can not handle"
- " Optional Evidence Signature field");
+ DBG1(DBG_IMV, "This version of the Attestation IMV can not "
+ "handle Evidence Signatures");
}
-
break;
}
*/
#include "tcg_pts_attr_simple_evid_final.h"
+#include "pts/pts_simple_evid_final.h"
#include <pa_tnc/pa_tnc_msg.h>
#include <bio/bio_writer.h>
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | Reserved | Optional Composite Hash Alg |
+ * | Flags | Reserved | Optional Composite Hash Alg |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Optional TPM PCR Composite Length |
+ * | Optional TPM PCR Composite Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional TPM PCR Composite (Variable Length) ~
+ * ~ Optional TPM PCR Composite (Variable Length) ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Optional TPM Quote Signature Length |
+ * | Optional TPM Quote Signature Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional TPM Quote Signature (Variable Length) ~
+ * ~ Optional TPM Quote Signature (Variable Length) ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional Evidence Signature (Variable Length) ~
+ * ~ Optional Evidence Signature (Variable Length) ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
#define PTS_SIMPLE_EVID_FINAL_SIZE 2
#define PTS_SIMPLE_EVID_FINAL_RESERVED 0x00
-
+#define PTS_SIMPLE_EVID_FINAL_FLAG_MASK 0xC0
/**
* Private data of an tcg_pts_attr_simple_evid_final_t object.
*/
*/
bool noskip_flag;
- /**
- * Is Evidence Signature included
- */
- bool evid_sign_included;
-
/**
* Set of flags for Simple Evidence Final
*/
- pts_simple_evid_final_flag_t flags;
+ u_int8_t flags;
/**
* Optional Composite Hash Algorithm
/**
* Optional TPM Quote Signature
*/
- chunk_t tpm_quote_sign;
+ chunk_t tpm_quote_sig;
+
+ /**
+ * Is Evidence Signature included?
+ */
+ bool has_evid_sig;
/**
* Optional Evidence Signature
*/
- chunk_t evid_sign;
+ chunk_t evid_sig;
};
this->noskip_flag = noskip;
}
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_simple_evid_final_t *this)
+{
+ free(this->value.ptr);
+ free(this->pcr_comp.ptr);
+ free(this->tpm_quote_sig.ptr);
+ free(this->evid_sig.ptr);
+ free(this);
+}
+
METHOD(pa_tnc_attr_t, build, void,
private_tcg_pts_attr_simple_evid_final_t *this)
{
bio_writer_t *writer;
- u_int8_t flags = 0;
+ u_int8_t flags;
- writer = bio_writer_create(PTS_SIMPLE_EVID_FINAL_SIZE);
+ flags = this->flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK;
- /* Determine the flags to set*/
- if (this->flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO)
- {
- flags += 64;
- }
- else if (this->flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2)
+ if (this->has_evid_sig)
{
- flags += 128;
+ flags |= PTS_SIMPLE_EVID_FINAL_EVID_SIG;
}
- else if (this->flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER)
- {
- flags += 192;
- }
- if (this->evid_sign_included)
- {
- flags += 32;
- }
-
+
+ writer = bio_writer_create(PTS_SIMPLE_EVID_FINAL_SIZE);
writer->write_uint8 (writer, flags);
writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED);
writer->write_uint16(writer, this->comp_hash_algorithm);
/* Optional fields */
- if (this->pcr_comp.ptr && this->pcr_comp.len > 0)
+ if (this->flags != PTS_SIMPLE_EVID_FINAL_NO)
{
writer->write_uint32 (writer, this->pcr_comp.len);
writer->write_data (writer, this->pcr_comp);
+
+ writer->write_uint32 (writer, this->tpm_quote_sig.len);
+ writer->write_data (writer, this->tpm_quote_sig);
}
- if (this->tpm_quote_sign.ptr && this->tpm_quote_sign.len > 0)
- {
- writer->write_uint32 (writer, this->tpm_quote_sign.len);
- writer->write_data (writer, this->tpm_quote_sign);
- }
- if (this->evid_sign.ptr && this->evid_sign.len > 0)
+
+ if (this->has_evid_sig)
{
- writer->write_data (writer, this->evid_sign);
+ writer->write_data (writer, this->evid_sig);
}
this->value = chunk_clone(writer->get_buf(writer));
private_tcg_pts_attr_simple_evid_final_t *this, u_int32_t *offset)
{
bio_reader_t *reader;
- u_int8_t flags;
- u_int8_t reserved;
+ u_int8_t flags, reserved;
u_int16_t algorithm;
+ u_int32_t pcr_comp_len, tpm_quote_sig_len, evid_sig_len;
+
if (this->value.len < PTS_SIMPLE_EVID_FINAL_SIZE)
{
reader = bio_reader_create(this->value);
reader->read_uint8(reader, &flags);
-
- /* Determine the flags to set*/
- if (!((flags >> 7) & 1) && !((flags >> 6) & 1))
- {
- this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_NO;
- }
- else if (!((flags >> 7) & 1) && ((flags >> 6) & 1))
- {
- this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO;
- }
- else if (((flags >> 7) & 1) && !((flags >> 6) & 1))
- {
- this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2;
- }
- else if (((flags >> 7) & 1) && ((flags >> 6) & 1))
- {
- this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER;
- }
- if ((flags >> 5) & 1)
- {
- this->evid_sign_included = TRUE;
- }
-
reader->read_uint8(reader, &reserved);
+ this->flags = flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK;
+
+ this->has_evid_sig = (flags & PTS_SIMPLE_EVID_FINAL_EVID_SIG) != 0;
+
/** Optional Composite Hash Algorithm field is always present
* Field has value of all zeroes if not used.
* Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
reader->read_uint16(reader, &algorithm);
this->comp_hash_algorithm = algorithm;
- /* Optional Composite Hash Algorithm and TPM PCR Composite field is included */
- if (this->flags != PTS_SIMPLE_EVID_FINAL_FLAG_NO)
+ /* Optional Composite Hash Algorithm and TPM PCR Composite fields */
+ if (this->flags != PTS_SIMPLE_EVID_FINAL_NO)
{
u_int32_t pcr_comp_len, tpm_quote_sign_len;
reader->read_data(reader, pcr_comp_len, &this->pcr_comp);
this->pcr_comp = chunk_clone(this->pcr_comp);
- reader->read_uint32(reader, &tpm_quote_sign_len);
- reader->read_data(reader, tpm_quote_sign_len, &this->tpm_quote_sign);
- this->tpm_quote_sign = chunk_clone(this->tpm_quote_sign);
+ /* TODO check if enough message data is available */
+ reader->read_uint32(reader, &tpm_quote_sig_len);
+ reader->read_data(reader, tpm_quote_sig_len, &this->tpm_quote_sig);
+ this->tpm_quote_sig = chunk_clone(this->tpm_quote_sig);
}
- /* Optional Evidence Signature field is included */
- if (this->evid_sign_included)
+ /* Optional Evidence Signature field */
+ if (this->has_evid_sig)
{
- u_int32_t evid_sign_len = reader->remaining(reader);
- reader->read_data(reader, evid_sign_len, &this->evid_sign);
- this->evid_sign = chunk_clone(this->evid_sign);
+ evid_sig_len = reader->remaining(reader);
+ reader->read_data(reader, evid_sig_len, &this->evid_sig);
+ this->evid_sig = chunk_clone(this->evid_sig);
}
reader->destroy(reader);
return SUCCESS;
}
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_simple_evid_final_t *this)
-{
- free(this->value.ptr);
- free(this->pcr_comp.ptr);
- free(this->tpm_quote_sign.ptr);
- free(this->evid_sign.ptr);
- free(this);
-}
-
-METHOD(tcg_pts_attr_simple_evid_final_t, is_evid_sign_included, bool,
- private_tcg_pts_attr_simple_evid_final_t *this)
-{
- return this->evid_sign_included;
-}
-
-METHOD(tcg_pts_attr_simple_evid_final_t, get_flags, pts_simple_evid_final_flag_t,
- private_tcg_pts_attr_simple_evid_final_t *this)
+METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, u_int8_t,
+ private_tcg_pts_attr_simple_evid_final_t *this,
+ pts_meas_algorithms_t *comp_hash_algo, chunk_t *pcr_comp, chunk_t *tpm_quote_sig)
{
+ if (comp_hash_algo)
+ {
+ *comp_hash_algo = this->comp_hash_algorithm;
+ }
+ if (pcr_comp)
+ {
+ *pcr_comp = this->pcr_comp;
+ }
+ if (tpm_quote_sig)
+ {
+ *tpm_quote_sig = this->tpm_quote_sig;
+ }
return this->flags;
}
-METHOD(tcg_pts_attr_simple_evid_final_t, get_comp_hash_algorithm, pts_meas_algorithms_t,
- private_tcg_pts_attr_simple_evid_final_t *this)
+METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sig, bool,
+ private_tcg_pts_attr_simple_evid_final_t *this, chunk_t *evid_sig)
{
- return this->comp_hash_algorithm;
-}
-
-METHOD(tcg_pts_attr_simple_evid_final_t, get_pcr_comp, chunk_t,
- private_tcg_pts_attr_simple_evid_final_t *this)
-{
- return this->pcr_comp;
-}
-
-METHOD(tcg_pts_attr_simple_evid_final_t, get_tpm_quote_sign, chunk_t,
- private_tcg_pts_attr_simple_evid_final_t *this)
-{
- return this->tpm_quote_sign;
+ if (evid_sig)
+ {
+ *evid_sig = this->evid_sig;
+ }
+ return this->has_evid_sig;
}
-METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sign, chunk_t,
- private_tcg_pts_attr_simple_evid_final_t *this)
+METHOD(tcg_pts_attr_simple_evid_final_t, set_evid_sig, void,
+ private_tcg_pts_attr_simple_evid_final_t *this, chunk_t evid_sig)
{
- return this->evid_sign;
+ this->evid_sig = chunk_clone(evid_sig);
+ this->has_evid_sig = TRUE;
}
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(
- bool evid_sign_included,
- pts_simple_evid_final_flag_t flags,
- pts_meas_algorithms_t comp_hash_algorithm,
- chunk_t pcr_comp,
- chunk_t tpm_quote_sign,
- chunk_t evid_sign)
+pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags,
+ pts_meas_algorithms_t comp_hash_algorithm,
+ chunk_t pcr_comp, chunk_t tpm_quote_sig)
{
private_tcg_pts_attr_simple_evid_final_t *this;
.process = _process,
.destroy = _destroy,
},
- .is_evid_sign_included = _is_evid_sign_included,
- .get_flags = _get_flags,
- .get_comp_hash_algorithm = _get_comp_hash_algorithm,
- .get_pcr_comp = _get_pcr_comp,
- .get_tpm_quote_sign = _get_tpm_quote_sign,
- .get_evid_sign = _get_evid_sign,
+ .get_quote_info = _get_quote_info,
+ .get_evid_sig = _get_evid_sig,
+ .set_evid_sig = _set_evid_sig,
},
.vendor_id = PEN_TCG,
.type = TCG_PTS_SIMPLE_EVID_FINAL,
- .evid_sign_included = evid_sign_included,
.flags = flags,
.comp_hash_algorithm = comp_hash_algorithm,
.pcr_comp = chunk_clone(pcr_comp),
- .tpm_quote_sign = chunk_clone(tpm_quote_sign),
- .evid_sign = chunk_clone(evid_sign),
+ .tpm_quote_sig = chunk_clone(tpm_quote_sig),
);
return &this->public.pa_tnc_attribute;
.process = _process,
.destroy = _destroy,
},
- .is_evid_sign_included = _is_evid_sign_included,
- .get_flags= _get_flags,
- .get_comp_hash_algorithm = _get_comp_hash_algorithm,
- .get_pcr_comp = _get_pcr_comp,
- .get_tpm_quote_sign = _get_tpm_quote_sign,
- .get_evid_sign = _get_evid_sign,
+ .get_quote_info = _get_quote_info,
+ .get_evid_sig = _get_evid_sig,
+ .set_evid_sig = _set_evid_sig,
},
.vendor_id = PEN_TCG,
.type = TCG_PTS_SIMPLE_EVID_FINAL,
#define TCG_PTS_ATTR_SIMPLE_EVID_FINAL_H_
typedef struct tcg_pts_attr_simple_evid_final_t tcg_pts_attr_simple_evid_final_t;
-typedef enum pts_simple_evid_final_flag_t pts_simple_evid_final_flag_t;
#include "tcg_attr.h"
#include "tcg_pts_attr_meas_algo.h"
#include "pa_tnc/pa_tnc_attr.h"
-/**
- * PTS Simple Evidence Final Flags
- */
-enum pts_simple_evid_final_flag_t {
- /** No Optional TPM PCR Composite nor Optional TPM Quote Signature fields included */
- PTS_SIMPLE_EVID_FINAL_FLAG_NO = 1,
- /** Optional TPM PCR Composite and Optional TPM Quote Signature fields included */
- /** using TPM_QUOTE_INFO */
- PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO = 2,
- /** Optional TPM PCR Composite and Optional TPM Quote Signature fields included */
- /** using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO was not appended */
- PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2 = 3,
- /** Optional TPM PCR Composite and Optional TPM Quote Signature fields included */
- /** using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO was appended */
- PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER = 4,
-};
-
/**
* Class implementing the TCG PTS Simple Evidence Final attribute
*
pa_tnc_attr_t pa_tnc_attribute;
/**
- * Is Optional Evidence Signature Included
+ * Get Optional PCR Composite and TPM Quote Signature
*
- * @return TRUE if included, FALSE otherwise
+ * @param comp_hash_algo Optional Composite Hash Algorithm
+ * @param pcr_comp Optional PCR Composite
+ * @param tpm_quote sig Optional TPM Quote Signature
+ * @return PTS_SIMPLE_EVID_FINAL flags
*/
- bool (*is_evid_sign_included)(tcg_pts_attr_simple_evid_final_t *this);
+ u_int8_t (*get_quote_info)(tcg_pts_attr_simple_evid_final_t *this,
+ pts_meas_algorithms_t *comp_hash_algo,
+ chunk_t *pcr_comp, chunk_t *tpm_quote_sig);
/**
- * Get flags for PTS Simple Evidence Final
+ * Get Optional Evidence Signature
*
- * @return Set of flags
+ * @evid_sig Optional Evidence Signature
+ * @return TRUE if Evidence Signature is available
*/
- pts_simple_evid_final_flag_t (*get_flags)(tcg_pts_attr_simple_evid_final_t *this);
+ bool (*get_evid_sig)(tcg_pts_attr_simple_evid_final_t *this, chunk_t *evid_sig);
/**
- * Get Optional Composite Hash Algorithm
- *
- * @return Composite Hash Algorithm
- */
- pts_meas_algorithms_t (*get_comp_hash_algorithm)(tcg_pts_attr_simple_evid_final_t *this);
-
- /**
- * Get Optional TPM PCR Composite
- *
- * @return PCR Composite
- */
- chunk_t (*get_pcr_comp)(tcg_pts_attr_simple_evid_final_t *this);
-
- /**
- * Get Optional TPM Quote Signature
- *
- * @return TPM Quote Signature
- */
- chunk_t (*get_tpm_quote_sign)(tcg_pts_attr_simple_evid_final_t *this);
-
- /**
- * Get Optional Evidence Signature
+ * Set Optional Evidence Signature
*
- * @return Optional Evidence Signature
+ * @evid_sig Optional Evidence Signature
*/
- chunk_t (*get_evid_sign)(tcg_pts_attr_simple_evid_final_t *this);
+ void (*set_evid_sig)(tcg_pts_attr_simple_evid_final_t *this, chunk_t evid_sig);
};
/**
* Creates an tcg_pts_attr_simple_evid_final_t object
*
- * @param evid_sign_included Evidence Signature included
* @param flags Set of flags
* @param comp_hash_algorithm Composite Hash Algorithm
* @param pcr_comp Optional TPM PCR Composite
* @param tpm_quote_sign Optional TPM Quote Signature
- * @param evid_sign Optional Evidence Signature
*/
pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create(
- bool evid_sign_included,
- pts_simple_evid_final_flag_t flags,
+ u_int8_t flags,
pts_meas_algorithms_t comp_hash_algorithm,
chunk_t pcr_comp,
- chunk_t tpm_quote_sign,
- chunk_t evid_sign);
+ chunk_t tpm_quote_sign);
/**
* Creates an tcg_pts_attr_simple_evid_final_t object from received data
projects / thirdparty / strongswan.git / commitdiff
