From: Sansar Choinyambuu Date: Fri, 4 Nov 2011 08:57:17 +0000 (+0100) Subject: Fixed bug in construction of PCR_SELECT structure X-Git-Tag: 4.6.2~265 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e28c937fe3fc517c47272df34cb11b35addadc0;p=thirdparty%2Fstrongswan.git Fixed bug in construction of PCR_SELECT structure --- diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index 9b490cde0d..0f850f292f 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -957,6 +957,33 @@ METHOD(pts_t, add_pcr_entry, void, this->pcrs->insert_last(this->pcrs, new); } +/** + * Get the maximum PCR index received in pcr_after_value field + */ +static u_int32_t get_max_pcr_index(private_pts_t *this) +{ + enumerator_t *e; + pcr_entry_t *pcr_entry; + u_int32_t ret = 0; + + if (this->pcrs->get_count(this->pcrs) == 0) + { + return -1; + } + + e = this->pcrs->create_enumerator(this->pcrs); + while (e->enumerate(e, &pcr_entry)) + { + if (pcr_entry->pcr_number > ret) + { + ret = pcr_entry->pcr_number; + } + } + e->destroy(e); + + return ret; +} + /** * 1. build a TCPA_PCR_COMPOSITE structure which contains (pcrCompositeBuf) * TCPA_PCR_SELECTION structure (bitmask length + bitmask) @@ -990,24 +1017,27 @@ METHOD(pts_t, get_quote_info, bool, enumerator_t *e; pcr_entry_t *pcr_entry; chunk_t pcr_composite, hash_pcr_composite; - u_int32_t pcr_composite_len; + u_int32_t pcr_composite_len, i, maximum_pcr_index, bitmask_len; bio_writer_t *writer; - u_int8_t mask_bytes[PCR_MASK_LEN] = {0,0,0}, i; hasher_t *hasher; - if (this->pcrs->get_count(this->pcrs) == 0) + maximum_pcr_index = get_max_pcr_index(this); + if (maximum_pcr_index == -1) { DBG1(DBG_PTS, "PCR entries unavailable, unable to construct " "TPM Quote Info"); return FALSE; } - - pcr_composite_len = 2 + PCR_MASK_LEN + 4 + + + bitmask_len = maximum_pcr_index/8 +1; + u_int8_t mask_bytes[MAX_NUM_PCR/8] = {0}; + + pcr_composite_len = 2 + bitmask_len + 4 + this->pcrs->get_count(this->pcrs) * PCR_LEN; writer = bio_writer_create(pcr_composite_len); /* Lenght of the bist mask field */ - writer->write_uint16(writer, PCR_MASK_LEN); + writer->write_uint16(writer, bitmask_len); /* Bit mask indicating selected PCRs */ e = this->pcrs->create_enumerator(this->pcrs); while (e->enumerate(e, &pcr_entry)) @@ -1017,7 +1047,7 @@ METHOD(pts_t, get_quote_info, bool, } e->destroy(e); - for (i = 0; i< PCR_MASK_LEN ; i++) + for (i = 0; i< bitmask_len ; i++) { writer->write_uint8(writer, mask_bytes[i]); } diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h index 79e33016e5..a4d6eda200 100644 --- a/src/libpts/pts/pts.h +++ b/src/libpts/pts/pts.h @@ -43,7 +43,6 @@ typedef struct pcr_entry_t pcr_entry_t; /** * PCR indices used for measurements of various functional components */ -/** Commented the real PCR indices out, use just PCR16 for debugging #define PCR_BIOS 0 #define PCR_PLATFORM_EXT 1 #define PCR_MOTHERBOARD 1 @@ -59,23 +58,7 @@ typedef struct pcr_entry_t pcr_entry_t; #define PCR_TGRUB_CMD_LINE_ARGS 12 #define PCR_TGRUB_CHECKFILE 13 #define PCR_TGRUB_LOADED_FILES 14 -*/ -#define PCR_BIOS 16 -#define PCR_PLATFORM_EXT 16 -#define PCR_MOTHERBOARD 16 -#define PCR_OPTION_ROMS 16 -#define PCR_IPL 16 - -#define PCR_TBOOT_POLICY 16 -#define PCR_TBOOT_MLE 16 - -#define PCR_TGRUB_MBR_STAGE1 16 -#define PCR_TGRUB_STAGE2_PART1 16 -#define PCR_TGRUB_STAGE2_PART2 16 -#define PCR_TGRUB_CMD_LINE_ARGS 16 -#define PCR_TGRUB_CHECKFILE 16 -#define PCR_TGRUB_LOADED_FILES 16 /** * Length of the generated nonce used for calculation of shared secret @@ -97,11 +80,6 @@ typedef struct pcr_entry_t pcr_entry_t; */ #define TPM_QUOTE_INFO_LEN 48 -/** - * Bitmask Lenght for PCR Composite structure - */ -#define PCR_MASK_LEN MAX_NUM_PCR/8 - /** * Hashing algorithm used by tboot and trustedGRUB */