From: Andreas Steffen Date: Mon, 21 Nov 2011 00:09:36 +0000 (+0100) Subject: refactored simple component evidence X-Git-Tag: 4.6.2~180 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cb3ecd5aa55bc6170f210f8d86dff35540faa9a8;p=thirdparty%2Fstrongswan.git refactored simple component evidence --- diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c index 937b8b472d..9c60302488 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c @@ -182,8 +182,6 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, pa_tnc_msg->destroy(pa_tnc_msg); } - evidences = linked_list_create(); - return result; } @@ -202,7 +200,6 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, imc_state_t *state; imc_attestation_state_t *attestation_state; enumerator_t *enumerator; - pts_t *pts; TNC_Result result; if (!imc_attestation) @@ -217,7 +214,6 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, return TNC_RESULT_FATAL; } attestation_state = (imc_attestation_state_t*)state; - pts = attestation_state->get_pts(attestation_state); /* parse received PA-TNC message and automatically handle any errors */ result = imc_attestation->receive_message(imc_attestation, connection_id, @@ -269,7 +265,7 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, else if (attr->get_vendor_id(attr) == PEN_TCG) { if (!imc_attestation_process(attr, attr_list, attestation_state, - supported_algorithms, supported_dh_groups, evidences)) + supported_algorithms, supported_dh_groups)) { result = TNC_RESULT_FATAL; } @@ -324,7 +320,6 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) return TNC_RESULT_NOT_INITIALIZED; } - DESTROY_IF(evidences); libpts_deinit(); imc_attestation->destroy(imc_attestation); diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c index f8d56d9241..5f9ca19ecd 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c @@ -22,6 +22,8 @@ #include "imc_attestation_process.h" #include + +#include #include #include @@ -47,132 +49,10 @@ #define DEFAULT_NONCE_LEN 20 -/** - * Set parameters of Simple Component Evidence - */ -static bool set_simple_comp_evid_params(pts_t *pts, pts_comp_func_name_t *name, - u_int8_t sequence, tcg_pts_attr_simple_comp_evid_params_t *out) -{ - tcg_pts_attr_simple_comp_evid_params_t params; - time_t measurement_time_t; - struct tm *time_now; - char *utc_time; - - params.name = name; - params.pcr_info_included = TRUE; - params.flags = PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID; - params.depth = 0; - - /* The measurements done by tboot and trustedGRUB are SHA1 hashes */ - params.hash_algorithm = TRUSTED_HASH_ALGO; - params.transformation = PTS_PCR_TRANSFORM_NO; - - measurement_time_t = time(NULL); - if (!measurement_time_t) - { - params.measurement_time = chunk_create("0000-00-00T00:00:00Z", 20); - params.measurement_time = chunk_clone(params.measurement_time); - } - else - { - time_now = localtime(&measurement_time_t); - if (asprintf(&utc_time, - "%d-%.2d-%.2dT%.2d:%.2d:%.2dZ", - time_now->tm_year + 1900, - time_now->tm_mon + 1, - time_now->tm_mday, - time_now->tm_hour, - time_now->tm_min, - time_now->tm_sec) < 0) - { - DBG1(DBG_IMC, "could not format local time to UTC"); - return FALSE; - } - params.measurement_time = chunk_create(utc_time, 20); - params.measurement_time = chunk_clone(params.measurement_time); - free(utc_time); - } - - params.policy_uri = chunk_empty; - - /* Provisional/temporal implementation for components except tboot */ - if (params.name->get_name(params.name) == PTS_ITA_COMP_FUNC_NAME_TGRUB) - { - params.extended_pcr = PCR_DEBUG; - - params.measurement = chunk_alloc(HASH_SIZE_SHA1); - memset(params.measurement.ptr, 0, HASH_SIZE_SHA1); - - params.pcr_before = chunk_alloc(PCR_LEN); - memset(params.pcr_before.ptr, 0, PCR_LEN); - - if(!pts->read_pcr(pts, params.extended_pcr, ¶ms.pcr_after)) - { - DBG1(DBG_IMC, "error occured while reading PCR: %d", - params.extended_pcr); - return FALSE; - } - } - /* Set parameters which varies from component to component */ - else if (params.name->get_name(params.name) == PTS_ITA_COMP_FUNC_NAME_TBOOT) - { - char *measurement, *pcr_before, *pcr_after; - - if (sequence == 1) - { - params.extended_pcr = PCR_TBOOT_POLICY; - measurement = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr17_meas", NULL); - pcr_before = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr17_before", NULL); - pcr_after = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr17_after", NULL); - } - else - { - params.extended_pcr = PCR_TBOOT_MLE; - measurement = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr18_meas", NULL); - pcr_before = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr18_before", NULL); - pcr_after = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr18_after", NULL); - } - - if (!measurement || !pcr_before || !pcr_after) - { - DBG1(DBG_IMC, "tboot: configure measurement, before and after value" - " for PCR%d", params.extended_pcr); - return FALSE; - } - - params.measurement = chunk_from_hex( - chunk_create(measurement, strlen(measurement)), NULL); - params.pcr_before = chunk_from_hex( - chunk_create(pcr_before, strlen(pcr_before)), NULL); - params.pcr_after = chunk_from_hex( - chunk_create(pcr_after, strlen(pcr_after)), NULL); - - } - else - { - DBG1(DBG_IMC, "unsupported Functional Component Name: Vendor ID: %d" - " Name: %d, Qualifier: %d", - params.name->get_vendor_id(params.name), - params.name->get_name(params.name), - params.name->get_qualifier(params.name)); - return FALSE; - } - - *out = params; - return TRUE; -} - bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, imc_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, - pts_dh_group_t supported_dh_groups, - linked_list_t *evidences) + pts_dh_group_t supported_dh_groups) { chunk_t attr_info; pts_t *pts; @@ -441,8 +321,11 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, tcg_pts_attr_req_func_comp_evid_t *attr_cast; pts_proto_caps_flag_t negotiated_caps; pts_comp_func_name_t *name; + pts_comp_evidence_t *evid; + pts_component_t *comp; u_int32_t depth; u_int8_t flags; + status_t status; enumerator_t *e; attr_info = attr->get_value(attr); @@ -454,7 +337,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, e = attr_cast->create_enumerator(attr_cast); while (e->enumerate(e, &flags, &depth, &name)) { - name->log(name, " "); + name->log(name, "* "); negotiated_caps = pts->get_proto_caps(pts); if (flags & PTS_REQ_FUNC_COMP_FLAG_TTC) @@ -488,107 +371,64 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, attr_list->insert_last(attr_list, attr); break; } - if (depth != 0) + if (depth > 0) { - DBG1(DBG_IMC, "current version of Attestation IMC does not " - "support sub component measurement deeper than " - "zero. Measuring top level component only."); + DBG1(DBG_IMC, "the Attestation IMC currently does not " + "support sub component measurements"); return FALSE; } - - /* Check if Unknown or Wildcard was set for qualifier */ - if (name->get_qualifier(name) & PTS_QUALIFIER_WILDCARD) - { - DBG2(DBG_IMC, "wildcard was set for the qualifier of functional" - " component. Identifying the component with " - "name binary enumeration"); - } - else if (name->get_qualifier(name) & PTS_QUALIFIER_UNKNOWN) + name = name->clone(name); + comp = pts_components->create(pts_components, name); + if (!comp) { - DBG2(DBG_IMC, "unknown was set for the qualifier of functional" - " component. Identifying the component with " - "name binary enumeration"); + DBG2(DBG_IMC, " not registered: no evidence provided"); + name->destroy(name); + continue; } - else if ((name->get_qualifier(name) >> PTS_ITA_QUALIFIER_TYPE_SIZE) - & PTS_ITA_QUALIFIER_TYPE_TRUSTED) - { - tcg_pts_attr_simple_comp_evid_params_t params; - if (name->get_name(name) == PTS_ITA_COMP_FUNC_NAME_TBOOT) - { - u_int8_t i; - for (i = 1; i <= TBOOT_SEQUENCE_COUNT; i++) - { - /* Set parameters of Simple Component Evidence */ - if (!set_simple_comp_evid_params(pts, name, i, ¶ms)) - { - DBG1(DBG_IMC, "error occured while setting " - " parameters for Simple Component Evidence"); - return FALSE; - } - /* Buffer Simple Component Evidence attribute */ - attr = tcg_pts_attr_simple_comp_evid_create(params); - evidences->insert_last(evidences, attr); - - } - break; - } - else + /* do the component evidence measurement[s] */ + do + { + status = comp->measure(comp, pts, &evid); + if (status == FAILED) { - /* Set parameters of Simple Component Evidence */ - if (!set_simple_comp_evid_params(pts, name, 0, ¶ms)) - { - DBG1(DBG_IMC, "error occured while setting parameters" - "for Simple Component Evidence"); - return FALSE; - } - - /* Buffer Simple Component Evidence attribute */ - attr = tcg_pts_attr_simple_comp_evid_create(params); - evidences->insert_last(evidences, attr); - break; } + attestation_state->add_evidence(attestation_state, evid); } - else - { - DBG1(DBG_IMC, "Functional Component with unsupported type: %d" - "was requested for evidence", - (name->get_qualifier(name) >> PTS_ITA_QUALIFIER_TYPE_SIZE)); - break; - } + while (status == NEED_MORE); + comp->destroy(comp); } e->destroy(e); break; } case TCG_PTS_GEN_ATTEST_EVID: { - enumerator_t *e; pts_simple_evid_final_flag_t flags; pts_meas_algorithms_t composite_algorithm = 0; + pts_comp_evidence_t *evidence; chunk_t pcr_composite, quote_signature; - u_int32_t num_of_evidences, i = 0; + u_int32_t i, evid_count, extended_pcr; u_int32_t *pcrs; bool use_quote2; /* Send buffered Simple Component Evidences */ - num_of_evidences = evidences->get_count(evidences); - pcrs = (u_int32_t*)malloc(sizeof(u_int32_t)*num_of_evidences); + evid_count = attestation_state->get_evid_count(attestation_state); + pcrs = (u_int32_t*)malloc(sizeof(u_int32_t)*evid_count); - e = evidences->create_enumerator(evidences); - while (e->enumerate(e, &attr)) + for (i = 0; i < evid_count; i++) { - tcg_pts_attr_simple_comp_evid_t *attr_cast; - u_int32_t extended_pcr; - - attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr; - extended_pcr = attr_cast->get_extended_pcr(attr_cast); + evidence = attestation_state->next_evidence(attestation_state); + extended_pcr = evidence->get_extended_pcr(evidence); - /* Add extended PCR number to PCR list to quote */ - /* Duplicated PCR numbers have no influence */ + /** + * Add extended PCR number to PCR list to quote + * Duplicated PCR numbers have no influence + */ pcrs[i] = extended_pcr; - i++; - /* Send Simple Compoenent Evidence */ + + /* Send Simple Component Evidence */ + attr = tcg_pts_attr_simple_comp_evid_create(evidence); attr_list->insert_last(attr_list, attr); } @@ -597,12 +437,10 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, FALSE : TRUE; /* Quote */ - if (!pts->quote_tpm(pts, use_quote2, pcrs, num_of_evidences, + if (!pts->quote_tpm(pts, use_quote2, pcrs, evid_count, &pcr_composite, "e_signature)) { DBG1(DBG_IMC, "error occured during TPM quote operation"); - DESTROY_IF(e); - DESTROY_IF(evidences); return FALSE; } @@ -615,10 +453,6 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, composite_algorithm, pcr_composite, quote_signature, chunk_empty); attr_list->insert_last(attr_list, attr); - - DESTROY_IF(e); - DESTROY_IF(evidences); - break; } /* TODO: Not implemented yet */ diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.h b/src/libimcv/plugins/imc_attestation/imc_attestation_process.h index d2d4447164..b6dca1f563 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.h +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.h @@ -25,7 +25,6 @@ #include "imc_attestation_state.h" #include -#include #include @@ -40,13 +39,11 @@ * @param attestation_state attestation state of a given connection * @param supported_algorithms supported PTS measurement algorithms * @param supported_dh_groups supported DH groups - * @param evidences evidence * @return TRUE if successful */ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, imc_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, - pts_dh_group_t supported_dh_groups, - linked_list_t *evidences); + pts_dh_group_t supported_dh_groups); #endif /** IMC_ATTESTATION_PROCESS_H_ @}*/ diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c index 9087b711c0..4a99cf800b 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c @@ -15,6 +15,7 @@ #include "imc_attestation_state.h" +#include #include typedef struct private_imc_attestation_state_t private_imc_attestation_state_t; @@ -44,6 +45,11 @@ struct private_imc_attestation_state_t { */ pts_t *pts; + /** + * PTS Component Evidence list + */ + linked_list_t *list; + }; METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, @@ -58,10 +64,12 @@ METHOD(imc_state_t, change_state, void, this->state = new_state; } + METHOD(imc_state_t, destroy, void, private_imc_attestation_state_t *this) { this->pts->destroy(this->pts); + this->list->destroy_offset(this->list, offsetof(pts_comp_evidence_t, destroy)); free(this); } @@ -71,6 +79,32 @@ METHOD(imc_attestation_state_t, get_pts, pts_t*, return this->pts; } +METHOD(imc_attestation_state_t, add_evidence, void, + private_imc_attestation_state_t *this, pts_comp_evidence_t *evidence) +{ + this->list->insert_last(this->list, evidence); +} + +METHOD(imc_attestation_state_t, get_evid_count, int, + private_imc_attestation_state_t *this) +{ + return this->list->get_count(this->list); +} + +METHOD(imc_attestation_state_t, next_evidence, pts_comp_evidence_t*, + private_imc_attestation_state_t *this) +{ + pts_comp_evidence_t *evidence; + + if (this->list->remove_first(this->list, (void**)&evidence) == SUCCESS) + { + return evidence; + } + else + { + return NULL; + } +} /** * Described in header. */ @@ -87,10 +121,14 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) .destroy = _destroy, }, .get_pts = _get_pts, + .add_evidence = _add_evidence, + .get_evid_count = _get_evid_count, + .next_evidence = _next_evidence, }, .connection_id = connection_id, .state = TNC_CONNECTION_STATE_CREATE, .pts = pts_create(TRUE), + .list = linked_list_create(), ); platform_info = lib->settings->get_str(lib->settings, diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.h b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h index d083f3b57e..3b9ebaf22b 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.h +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h @@ -24,6 +24,7 @@ #include #include +#include #include typedef struct imc_attestation_state_t imc_attestation_state_t; @@ -45,6 +46,27 @@ struct imc_attestation_state_t { */ pts_t* (*get_pts)(imc_attestation_state_t *this); + /** + * Add an entry to the Component Evidence list + * + * @param entry Component Evidence entry + */ + void (*add_evidence)(imc_attestation_state_t *this, pts_comp_evidence_t *entry); + + /** + * Get the number of entries in the Component Evidence list + * + * @return number of Component Evidence entries + */ + int (*get_evid_count)(imc_attestation_state_t *this); + + /** + * Removes next Component Evidence entry from list and returns it + * + * @return Next Component Evidence entry + */ + pts_comp_evidence_t* (*next_evidence)(imc_attestation_state_t *this); + }; /** diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c index 8d61a295ac..3469979d1f 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation.c @@ -177,8 +177,6 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, TNC_ConnectionState new_state) { imv_state_t *state; - imv_attestation_state_t *attestation_state; - TNC_Result result; if (!imv_attestation) { @@ -193,15 +191,6 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, case TNC_CONNECTION_STATE_DELETE: return imv_attestation->delete_state(imv_attestation, connection_id); case TNC_CONNECTION_STATE_HANDSHAKE: - result = imv_attestation->change_state(imv_attestation, - connection_id, new_state, &state); - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - attestation_state = (imv_attestation_state_t*)state; - - return TNC_RESULT_SUCCESS; default: return imv_attestation->change_state(imv_attestation, connection_id, new_state, NULL); diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c index 37e97df729..d9af63428b 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c @@ -263,148 +263,39 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, case TCG_PTS_SIMPLE_COMP_EVID: { tcg_pts_attr_simple_comp_evid_t *attr_cast; - bool pcr_info_inclided, component_meas_found = FALSE; - pts_attr_simple_comp_evid_flag_t flags; - u_int32_t depth, extended_pcr; - u_int8_t measurement_type; pts_comp_func_name_t *name; - pts_component_t *component; - pts_meas_algorithms_t hash_algorithm; - pts_pcr_transform_t transformation; - chunk_t measurement_time, policy_uri; - chunk_t pcr_before, pcr_after, measurement, comp_hash; - enumerator_t *enumerator; - char *platform_info; + pts_comp_evidence_t *evidence; + pts_component_t *comp; + u_int32_t depth; + status_t status; attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr; - attr_info = attr->get_value(attr); - - pcr_info_inclided = attr_cast->is_pcr_info_included(attr_cast); - flags = attr_cast->get_flags(attr_cast); - depth = attr_cast->get_sub_component_depth(attr_cast); - if (depth != 0) - { - DBG1(DBG_IMV, "Current version of Attestation IMV does not" - " support sub component measurement deeper than zero"); - } - name = attr_cast->get_comp_func_name(attr_cast); - if (name->get_vendor_id(name) != PEN_ITA) - { - DBG1(DBG_IMV, "Current version of Attestation IMV supports" - "only functional component namings by ITA "); - break; - } - - /* Check Family */ - if (name->get_qualifier(name) & PTS_SIMPLE_COMP_EVID_FAMILY_MASK) - { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_INVALID_NAME_FAM, attr_info); - attr_list->insert_last(attr_list, attr); - break; - } + evidence = attr_cast->get_comp_evidence(attr_cast); + name = evidence->get_comp_func_name(evidence, &depth); - /* Check if Unknown or Wildcard was set for qualifier */ - if (name->get_qualifier(name) & PTS_QUALIFIER_WILDCARD) - { - DBG1(DBG_IMV, "Wildcard was set for the qualifier " - "of functional component"); - return FALSE; - } - else if (name->get_qualifier(name) & PTS_QUALIFIER_UNKNOWN) - { - DBG1(DBG_IMV, "Unknown feature was set for the qualifier " - "of functional component"); - return FALSE; - } - - component = attestation_state->check_off_component(attestation_state, - name); - if (!component) + comp = attestation_state->check_off_component(attestation_state, name); + if (!comp) { DBG1(DBG_IMV, " no entry found for component evidence request"); + evidence->destroy(evidence); break; } - component->verify(component); - component->destroy(component); - - measurement_type = attr_cast->get_measurement_type(attr_cast); - hash_algorithm = attr_cast->get_hash_algorithm(attr_cast); - transformation = attr_cast->get_pcr_trans(attr_cast); - measurement_time = attr_cast->get_measurement_time(attr_cast); - measurement = attr_cast->get_comp_measurement(attr_cast); - - platform_info = pts->get_platform_info(pts); - if (!pts_db || !platform_info) - { - DBG1(DBG_IMV, "%s%s%s not available", - (pts_db) ? "" : "pts database", - (!pts_db && !platform_info) ? "and" : "", - (platform_info) ? "" : "platform info"); - break; - } - - if (name->get_name(name) != PTS_ITA_COMP_FUNC_NAME_TBOOT && - name->get_name(name) != PTS_ITA_COMP_FUNC_NAME_TGRUB) - { - DBG1(DBG_IMV, "Unknown functional component name: \"%d\"", - name->get_name(name)); - return FALSE; - } + status = comp->verify(comp, pts, pts_db, evidence); - enumerator = pts_db->create_comp_hash_enumerator(pts_db, - platform_info, PTS_MEAS_ALGO_SHA1, name); - if (!enumerator) - { - break; - } - while (enumerator->enumerate(enumerator, &comp_hash)) + switch (status) { - if (chunk_equals(comp_hash, measurement)) - { - DBG2(DBG_IMV, "Matching Functional Component Measurement:" - "%B", &measurement); - component_meas_found = TRUE; + default: + case FAILED: + attestation_state->set_measurement_error(attestation_state); + /* fall through to next case */ + case SUCCESS: + comp->destroy(comp); break; - } - } - enumerator->destroy(enumerator); - - if (!component_meas_found) - { - DBG1(DBG_IMV, "Unmatching Functional Component Measurement:" - "%B, expected: %B", &measurement, &comp_hash); - attestation_state->set_measurement_error(attestation_state); - } - - /* Call getters of optional fields when corresponding flag is set */ - if (pcr_info_inclided) - { - pcr_entry_t *entry; - - extended_pcr = attr_cast->get_extended_pcr(attr_cast); - pcr_before = attr_cast->get_pcr_before_value(attr_cast); - pcr_after = attr_cast->get_pcr_after_value(attr_cast); - - DBG3(DBG_IMV,"PCR: %d was extended with %B", - extended_pcr, &measurement); - DBG3(DBG_IMV,"PCR: %d before value: %B", - extended_pcr, &pcr_before); - DBG3(DBG_IMV,"PCR: %d after value: %B", - extended_pcr, &pcr_after); - - entry = malloc_thing(pcr_entry_t); - entry->pcr_number = extended_pcr; - memcpy(entry->pcr_value, pcr_after.ptr, PCR_LEN); - pts->add_pcr_entry(pts, entry); - } - if (flags != PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID) - { - policy_uri = attr_cast->get_policy_uri(attr_cast); - DBG1(DBG_IMV, "This version of Attestation IMV can not handle" - " Verification Policies"); + case NEED_MORE: + /* re-enter component into list */ + attestation_state->add_component(attestation_state, comp); } - + evidence->destroy(evidence); break; } case TCG_PTS_SIMPLE_EVID_FINAL: diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am index b1c9f2532e..72c90f6c2b 100644 --- a/src/libpts/Makefile.am +++ b/src/libpts/Makefile.am @@ -20,6 +20,7 @@ libpts_la_SOURCES = \ pts/pts_meas_algo.h pts/pts_meas_algo.c \ pts/components/pts_component.h \ pts/components/pts_component_manager.h pts/components/pts_component_manager.c \ + pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \ pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \ pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \ pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \ diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.c b/src/libpts/pts/components/ita/ita_comp_tboot.c index 895a0b5646..7d1e67a06f 100644 --- a/src/libpts/pts/components/ita/ita_comp_tboot.c +++ b/src/libpts/pts/components/ita/ita_comp_tboot.c @@ -17,7 +17,6 @@ #include "ita_comp_tboot.h" #include "ita_comp_func_name.h" -#include "pts/pts_func_comp_evid_req.h" #include "pts/components/pts_component.h" #include @@ -32,7 +31,7 @@ typedef struct pts_ita_comp_tboot_t pts_ita_comp_tboot_t; struct pts_ita_comp_tboot_t { /** - * Public pts_component_manager_t interface. + * Public pts_component_t interface. */ pts_component_t public; @@ -40,6 +39,17 @@ struct pts_ita_comp_tboot_t { * Component Functional Name */ pts_comp_func_name_t *name; + + /** + * Extended PCR last handled + */ + u_int32_t extended_pcr; + + /** + * Time of TBOOT measurement + */ + time_t measurement_time; + }; METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*, @@ -54,18 +64,99 @@ METHOD(pts_component_t, get_evidence_flags, u_int8_t, return PTS_REQ_FUNC_COMP_FLAG_PCR; } -METHOD(pts_component_t, measure, bool, - pts_ita_comp_tboot_t *this) +METHOD(pts_component_t, measure, status_t, + pts_ita_comp_tboot_t *this, pts_t *pts, pts_comp_evidence_t **evidence) { - /* TODO measure the tboot functional component */ - return FALSE; + pts_comp_evidence_t *evid; + char *meas_hex, *pcr_before_hex, *pcr_after_hex; + chunk_t measurement, pcr_before, pcr_after; + + switch (this->extended_pcr) + { + case 0: + /* dummy data since currently the TBOOT log is not retrieved */ + time(&this->measurement_time); + meas_hex = lib->settings->get_str(lib->settings, + "libimcv.plugins.imc-attestation.pcr17_meas", NULL); + pcr_before_hex = lib->settings->get_str(lib->settings, + "libimcv.plugins.imc-attestation.pcr17_before", NULL); + pcr_after_hex = lib->settings->get_str(lib->settings, + "libimcv.plugins.imc-attestation.pcr17_after", NULL); + this->extended_pcr = PCR_TBOOT_POLICY; + break; + case PCR_TBOOT_POLICY: + /* dummy data since currently the TBOOT log is not retrieved */ + meas_hex = lib->settings->get_str(lib->settings, + "libimcv.plugins.imc-attestation.pcr18_meas", NULL); + pcr_before_hex = lib->settings->get_str(lib->settings, + "libimcv.plugins.imc-attestation.pcr18_before", NULL); + pcr_after_hex = lib->settings->get_str(lib->settings, + "libimcv.plugins.imc-attestation.pcr18_after", NULL); + this->extended_pcr = PCR_TBOOT_MLE; + break; + default: + return FAILED; + } + + measurement = chunk_from_hex( + chunk_create(meas_hex, strlen(meas_hex)), NULL); + pcr_before = chunk_from_hex( + chunk_create(pcr_before_hex, strlen(pcr_before_hex)), NULL); + pcr_after = chunk_from_hex( + chunk_create(pcr_after_hex, strlen(pcr_after_hex)), NULL); + + evid = *evidence = pts_comp_evidence_create(this->name, 0, + this->extended_pcr, + PTS_MEAS_ALGO_SHA1, PTS_PCR_TRANSFORM_NO, + this->measurement_time, measurement); + evid->set_pcr_info(evid, pcr_before, pcr_after); + + return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE; } -METHOD(pts_component_t, verify, bool, - pts_ita_comp_tboot_t *this) +METHOD(pts_component_t, verify, status_t, + pts_ita_comp_tboot_t *this, pts_t *pts, pts_database_t *pts_db, + pts_comp_evidence_t *evidence) { - /* TODO verify the measurement of the tboot functional component */ - return FALSE; + bool has_pcr_info; + u_int32_t extended_pcr; + pts_meas_algorithms_t algo; + pts_pcr_transform_t transform; + time_t measurement_time; + chunk_t measurement, pcr_before, pcr_after; + pcr_entry_t *entry; + + switch (this->extended_pcr) + { + case 0: + this->extended_pcr = PCR_TBOOT_POLICY; + break; + case PCR_TBOOT_POLICY: + this->extended_pcr = PCR_TBOOT_MLE; + break; + default: + return FAILED; + } + + measurement = evidence->get_measurement(evidence, &extended_pcr, + &algo, &transform, &measurement_time); + if (extended_pcr != this->extended_pcr) + { + return FAILED; + } + + /* TODO check measurement in database */ + + has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after); + if (has_pcr_info) + { + entry = malloc_thing(pcr_entry_t); + entry->pcr_number = extended_pcr; + memcpy(entry->pcr_value, pcr_after.ptr, PCR_LEN); + pts->add_pcr_entry(pts, entry); + } + + return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE; } METHOD(pts_component_t, destroy, void, diff --git a/src/libpts/pts/components/ita/ita_comp_tgrub.c b/src/libpts/pts/components/ita/ita_comp_tgrub.c index 75525683ad..aae3bf4745 100644 --- a/src/libpts/pts/components/ita/ita_comp_tgrub.c +++ b/src/libpts/pts/components/ita/ita_comp_tgrub.c @@ -17,7 +17,6 @@ #include "ita_comp_tgrub.h" #include "ita_comp_func_name.h" -#include "pts/pts_func_comp_evid_req.h" #include "pts/components/pts_component.h" #include @@ -32,7 +31,7 @@ typedef struct pts_ita_comp_tgrub_t pts_ita_comp_tgrub_t; struct pts_ita_comp_tgrub_t { /** - * Public pts_component_manager_t interface. + * Public pts_component_t interface. */ pts_component_t public; @@ -54,18 +53,69 @@ METHOD(pts_component_t, get_evidence_flags, u_int8_t, return PTS_REQ_FUNC_COMP_FLAG_PCR; } -METHOD(pts_component_t, measure, bool, - pts_ita_comp_tgrub_t *this) +METHOD(pts_component_t, measure, status_t, + pts_ita_comp_tgrub_t *this, pts_t *pts, pts_comp_evidence_t **evidence) { - /* TODO measure the tgrub functional component */ - return FALSE; + pts_comp_evidence_t *evid; + u_int32_t extended_pcr; + time_t measurement_time; + chunk_t measurement, pcr_before, pcr_after; + + /* Provisional implementation for TGRUB */ + extended_pcr = PCR_DEBUG; + time(&measurement_time); + + if (!pts->read_pcr(pts, extended_pcr, &pcr_after)) + { + DBG1(DBG_PTS, "error occured while reading PCR: %d", extended_pcr); + return FAILED; + } + + measurement = chunk_alloc(HASH_SIZE_SHA1); + memset(measurement.ptr, 0x00, measurement.len); + + pcr_before = chunk_alloc(PCR_LEN); + memset(pcr_before.ptr, 0x00, pcr_before.len); + + evid = *evidence = pts_comp_evidence_create(this->name, 0, extended_pcr, + PTS_MEAS_ALGO_SHA1, PTS_PCR_TRANSFORM_NO, + measurement_time, measurement); + evid->set_pcr_info(evid, pcr_before, pcr_after); + + return SUCCESS; } -METHOD(pts_component_t, verify, bool, - pts_ita_comp_tgrub_t *this) +METHOD(pts_component_t, verify, status_t, + pts_ita_comp_tgrub_t *this, pts_t *pts, pts_database_t *pts_db, + pts_comp_evidence_t *evidence) { - /* TODO verify the measurement of the tgrub functional component */ - return FALSE; + bool has_pcr_info; + u_int32_t extended_pcr; + pts_meas_algorithms_t algo; + pts_pcr_transform_t transform; + time_t measurement_time; + chunk_t measurement, pcr_before, pcr_after; + pcr_entry_t *entry; + + measurement = evidence->get_measurement(evidence, &extended_pcr, + &algo, &transform, &measurement_time); + if (extended_pcr != PCR_DEBUG) + { + return FAILED; + } + + /* TODO check measurement in database */ + + has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after); + if (has_pcr_info) + { + entry = malloc_thing(pcr_entry_t); + entry->pcr_number = extended_pcr; + memcpy(entry->pcr_value, pcr_after.ptr, PCR_LEN); + pts->add_pcr_entry(pts, entry); + } + + return SUCCESS; } METHOD(pts_component_t, destroy, void, diff --git a/src/libpts/pts/components/pts_comp_evidence.c b/src/libpts/pts/components/pts_comp_evidence.c new file mode 100644 index 0000000000..d4d73c08b0 --- /dev/null +++ b/src/libpts/pts/components/pts_comp_evidence.c @@ -0,0 +1,225 @@ +/* + * Copyright (C) 2011 Sansar Choinyambuu, Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pts/components/pts_comp_evidence.h" + +#include + +typedef struct private_pts_comp_evidence_t private_pts_comp_evidence_t; + +/** + * Private data of a pts_comp_evidence_t object. + */ +struct private_pts_comp_evidence_t { + + /** + * Public pts_comp_evidence_t interface. + */ + pts_comp_evidence_t public; + + /** + * Component Functional Name + */ + pts_comp_func_name_t *name; + + /** + * Sub-Component Depth + */ + u_int32_t depth; + + /** + * Measurement Time + */ + time_t measurement_time; + + /** + * Measurement Time + */ + chunk_t measurement; + + /** + * Measurement Hash Algorithm + */ + pts_meas_algorithms_t hash_algorithm; + + /** + * Is PCR Information included? + */ + bool has_pcr_info; + + /** + * PCR the measurement was extended into + */ + u_int32_t extended_pcr; + + /** + * PCR value before extension + */ + chunk_t pcr_before; + + /** + * PCR value after extension + */ + chunk_t pcr_after; + + /** + * Transformation used for extending measurement into PCR + */ + pts_pcr_transform_t transform; + + /** + * Component Validation Result + */ + pts_comp_evid_validation_t validation; + + /** + * Verification Policy URI + */ + chunk_t policy_uri; + +}; + +METHOD(pts_comp_evidence_t, get_comp_func_name, pts_comp_func_name_t*, + private_pts_comp_evidence_t *this, u_int32_t *depth) +{ + if (depth) + { + *depth = this->depth; + } + return this->name; +} + +METHOD(pts_comp_evidence_t, get_extended_pcr, u_int32_t, + private_pts_comp_evidence_t *this) +{ + return this->extended_pcr; +} +METHOD(pts_comp_evidence_t, get_measurement, chunk_t, + private_pts_comp_evidence_t *this, u_int32_t *extended_pcr, + pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform, + time_t *measurement_time) +{ + if (extended_pcr) + { + *extended_pcr = this->extended_pcr; + } + if (algo) + { + *algo = this->hash_algorithm; + } + if (transform) + { + *transform = this->transform; + } + if (measurement_time) + { + *measurement_time = this->measurement_time; + } + return this->measurement; +} + +METHOD(pts_comp_evidence_t, get_pcr_info, bool, + private_pts_comp_evidence_t *this, chunk_t *pcr_before, chunk_t *pcr_after) +{ + if (pcr_before) + { + *pcr_before = this->pcr_before; + } + if (pcr_after) + { + *pcr_after = this->pcr_after; + } + return this->has_pcr_info; +} + +METHOD(pts_comp_evidence_t, set_pcr_info, void, + private_pts_comp_evidence_t *this, chunk_t pcr_before, chunk_t pcr_after) +{ + this->has_pcr_info = TRUE; + this->pcr_before = pcr_before; + this->pcr_after = pcr_after; + + DBG2(DBG_PTS, "PCR %2d before value : %#B", this->extended_pcr, &pcr_before); + DBG2(DBG_PTS, "PCR %2d after value : %#B", this->extended_pcr, &pcr_after); +} + +METHOD(pts_comp_evidence_t, get_validation, pts_comp_evid_validation_t, + private_pts_comp_evidence_t *this, chunk_t *uri) +{ + if (uri) + { + *uri = this->policy_uri; + } + return this->validation; +} + +METHOD(pts_comp_evidence_t, set_validation, void, + private_pts_comp_evidence_t *this, pts_comp_evid_validation_t validation, + chunk_t uri) +{ + this->validation = validation; + this->policy_uri = chunk_clone(uri); +} + +METHOD(pts_comp_evidence_t, destroy, void, + private_pts_comp_evidence_t *this) +{ + this->name->destroy(this->name); + free(this->measurement.ptr); + free(this->pcr_before.ptr); + free(this->pcr_after.ptr); + free(this->policy_uri.ptr); + free(this); +} + +/** + * See header + */ +pts_comp_evidence_t *pts_comp_evidence_create(pts_comp_func_name_t *name, + u_int32_t depth, + u_int32_t extended_pcr, + pts_meas_algorithms_t algo, + pts_pcr_transform_t transform, + time_t measurement_time, + chunk_t measurement) +{ + private_pts_comp_evidence_t *this; + + INIT(this, + .public = { + .get_comp_func_name = _get_comp_func_name, + .get_extended_pcr = _get_extended_pcr, + .get_measurement = _get_measurement, + .get_pcr_info = _get_pcr_info, + .set_pcr_info = _set_pcr_info, + .get_validation = _get_validation, + .set_validation = _set_validation, + .destroy = _destroy, + }, + .name = name->clone(name), + .depth = depth, + .extended_pcr = extended_pcr, + .hash_algorithm = algo, + .transform = transform, + .measurement_time = measurement_time, + .measurement = measurement, + ); + + name->log(name, ""); + DBG2(DBG_PTS, "PCR %2d extended with: %#B", extended_pcr, &measurement); + + return &this->public; +} + diff --git a/src/libpts/pts/components/pts_comp_evidence.h b/src/libpts/pts/components/pts_comp_evidence.h new file mode 100644 index 0000000000..a6b1bf768e --- /dev/null +++ b/src/libpts/pts/components/pts_comp_evidence.h @@ -0,0 +1,160 @@ +/* + * Copyright (C) 2011 Sansar Choinyambuu, Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pts_comp_evidence pts_comp_evidence + * @{ @ingroup pts + */ + +#ifndef PTS_COMP_EVIDENCE_H_ +#define PTS_COMP_EVIDENCE_H_ + +typedef struct pts_comp_evidence_t pts_comp_evidence_t; +typedef enum pts_pcr_transform_t pts_pcr_transform_t; +typedef enum pts_comp_evid_validation_t pts_comp_evid_validation_t; + +#include "pts/pts_meas_algo.h" +#include "pts/components/pts_comp_func_name.h" + +#include + +/** + * PTS PCR Transformations + */ +enum pts_pcr_transform_t { + /** No Transformation */ + PTS_PCR_TRANSFORM_NO = 0, + /** Hash Value matched PCR size */ + PTS_PCR_TRANSFORM_MATCH = 1, + /** Hash value shorter than PCR size */ + PTS_PCR_TRANSFORM_SHORT = 2, + /** Hash value longer than PCR size */ + PTS_PCR_TRANSFORM_LONG = 3, +}; + +/** + * PTS Component Evidence Validation Result Flags + */ +enum pts_comp_evid_validation_t { + /** No Validation was attempted */ + PTS_COMP_EVID_VALIDATION_NONE = 0x00, + /** Attempted validation, unable to verify */ + PTS_COMP_EVID_VALIDATION_UNABLE = 0x20, + /** Attempted validation, verification failed */ + PTS_COMP_EVID_VALIDATION_FAILED = 0x40, + /** Attempted validation, verification passed */ + PTS_COMP_EVID_VALIDATION_PASSED = 0x60, +}; + +/** + * PTS Functional Component Interface + */ +struct pts_comp_evidence_t { + + /** + * Gets the Component Functional Name and Sub-Component Depth + * + * @param depth Sub-Component Depth + * @result Component Functional Name + */ + pts_comp_func_name_t* (*get_comp_func_name)(pts_comp_evidence_t *this, + u_int32_t *depth); + + /** + * Gets the PCR the measurement was extended into + * + * @result PCR the measurement was extended into + */ + u_int32_t (*get_extended_pcr)(pts_comp_evidence_t *this); + + /** + * Gets the measurement and the algorithms used + * + * @param extended_pcr PCR the measurement was extended into + * @param algo Measurement hash algorithm + * @param transform Transformation used for PCR extension + * @param measurement_time Time the measurement was taken + * @result Measurement hash value + */ + chunk_t (*get_measurement)(pts_comp_evidence_t *this, + u_int32_t *extended_pcr, + pts_meas_algorithms_t *algo, + pts_pcr_transform_t *transform, + time_t *measurement_time); + + /** + * Gets the PCR information if available + * + * @param pcr_before PCR value before extension + * @param pcr_after PCR value after extension + * @result TRUE if PCR information is available + */ + bool (*get_pcr_info)(pts_comp_evidence_t *this, chunk_t *pcr_before, + chunk_t *pcr_after); + + /** + * Sets PCR information if available + * + * @param pcr_before PCR value before extension + * @param pcr_after PCR value after extension + */ + void (*set_pcr_info)(pts_comp_evidence_t *this, chunk_t pcr_before, + chunk_t pcr_after); + + /** + * Gets Validation Result if available + * + * @param uri Verification Policy URI + * @return validation Validation Result + */ + pts_comp_evid_validation_t (*get_validation)(pts_comp_evidence_t *this, + chunk_t *uri); + + /** + * Sets Validation Result if available + * + * @param validation Validation Result + * @param uri Verification Policy URI + */ + void (*set_validation)(pts_comp_evidence_t *this, + pts_comp_evid_validation_t validation, chunk_t uri); + + /** + * Destroys a pts_comp_evidence_t object. + */ + void (*destroy)(pts_comp_evidence_t *this); + +}; + +/** + * Creates a pts_comp_evidence_t object + * + * @param name Component Functional Name + * @param depth Sub-component depth + * @param extended_pcr PCR the measurement was extended into + * @param algo Measurement hash algorithm + * @param transform Transformation used for PCR extension + * @param measurement_time Time the measurement was taken, 0 if unknown + * @param measurement Measurement hash value + */ +pts_comp_evidence_t* pts_comp_evidence_create(pts_comp_func_name_t *name, + u_int32_t depth, + u_int32_t extended_pcr, + pts_meas_algorithms_t algo, + pts_pcr_transform_t transform, + time_t measurement_time, + chunk_t measurement); + +#endif /** PTS_COMP_EVIDENCE_H_ @}*/ diff --git a/src/libpts/pts/components/pts_component.h b/src/libpts/pts/components/pts_component.h index 1596cccd65..0950beda8f 100644 --- a/src/libpts/pts/components/pts_component.h +++ b/src/libpts/pts/components/pts_component.h @@ -23,7 +23,10 @@ typedef struct pts_component_t pts_component_t; +#include "pts/pts.h" +#include "pts/pts_database.h" #include "pts/components/pts_comp_func_name.h" +#include "pts/components/pts_comp_evidence.h" #include @@ -47,18 +50,26 @@ struct pts_component_t { u_int8_t (*get_evidence_flags)(pts_component_t *this); /** - * Do measurements on the PTS Functional Component + * Do evidence measurements on the PTS Functional Component * - * @return TRUE if component measurements are successful + * @param pts PTS interface + * @param evidence returns component evidence measureemt + * @return status return code */ - bool (*measure)(pts_component_t *this); + status_t (*measure)(pts_component_t *this, pts_t *pts, + pts_comp_evidence_t** evidence); /** - * Verify the measurements of the PTS Functional Component + * Verify the evidence measurements of the PTS Functional Component * - * @return TRUE if verification is successful + * @param pts PTS interface + * @param pts_db PTS measurement database + * @param evidence component evidence measurement to be verified + * @return status return code */ - bool (*verify)(pts_component_t *this); + status_t (*verify)(pts_component_t *this, pts_t *pts, + pts_database_t *pts_db, + pts_comp_evidence_t *evidence); /** * Destroys a pts_component_t object. diff --git a/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c b/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c index b48b0c309e..9d700b2341 100644 --- a/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c +++ b/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c @@ -20,6 +20,8 @@ #include #include +#include + typedef struct private_tcg_pts_attr_simple_comp_evid_t private_tcg_pts_attr_simple_comp_evid_t; /** @@ -29,37 +31,37 @@ typedef struct private_tcg_pts_attr_simple_comp_evid_t private_tcg_pts_attr_simp * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Flags | Sub-Component Depth | + * | Flags | Sub-Component Depth | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Specific Functional Component | + * | Specific Functional Component | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Specific Functional Component | + * | Specific Functional Component | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Measure. Type | Extended into PCR | + * | Measure. Type | Extended into PCR | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Hash Algorithm | PCR Transform | Reserved | + * | Hash Algorithm | PCR Transform | Reserved | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Measurement Date/Time | + * | Measurement Date/Time | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Measurement Date/Time | + * | Measurement Date/Time | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Measurement Date/Time | + * | Measurement Date/Time | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Measurement Date/Time | + * | Measurement Date/Time | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Measurement Date/Time | + * | Measurement Date/Time | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Optional Policy URI Length | Opt. Verification Policy URI ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * ~ Optional Verification Policy URI ~ + * ~ Optional Verification Policy URI ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Optional PCR Length | Optional PCR Before Value ~ + * | Optional PCR Length | Optional PCR Before Value ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * ~ Optional PCR Before Value (Variable Length) ~ + * ~ Optional PCR Before Value (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * ~ Optional PCR After Value (Variable Length) ~ + * ~ Optional PCR After Value (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * ~ Component Measurement (Variable Length) ~ + * ~ Component Measurement (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ @@ -70,16 +72,20 @@ typedef struct private_tcg_pts_attr_simple_comp_evid_t private_tcg_pts_attr_simp * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Component Functional Name Vendor ID |Fam| Qualifier | + * | Component Functional Name Vendor ID |Fam| Qualifier | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Component Functional Name | + * | Component Functional Name | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * */ #define PTS_SIMPLE_COMP_EVID_SIZE 40 -#define PTS_SIMPLE_COMP_EVID_MEASUREMENT_TIME_SIZE 20 +#define PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE 20 #define PTS_SIMPLE_COMP_EVID_RESERVED 0x00 +#define PTS_SIMPLE_COMP_EVID_FAMILY_MASK 0xC0 +#define PTS_SIMPLE_COMP_EVID_VALIDATION_MASK 0x60 +#define PTS_SIMPLE_COMP_EVID_MEAS_TYPE (1<<7) +#define PTS_SIMPLE_COMP_EVID_FLAG_PCR (1<<7) /** * Private data of an tcg_pts_attr_simple_comp_evid_t object. @@ -112,69 +118,9 @@ struct private_tcg_pts_attr_simple_comp_evid_t { bool noskip_flag; /** - * Set of flags for Simple Component Evidence - */ - pts_attr_simple_comp_evid_flag_t flags; - - /** - * PCR Information included - */ - bool pcr_info_included; - - /** - * Sub-component Depth - */ - u_int32_t depth; - - /** - * Component Functional Name - */ - pts_comp_func_name_t *name; - - /** - * Measurement type - */ - u_int8_t measurement_type; - - /** - * Which PCR the functional component is extended into - */ - u_int32_t extended_pcr; - - /** - * Hash Algorithm - */ - pts_meas_algorithms_t hash_algorithm; - - /** - * Transformation type for PCR - */ - pts_pcr_transform_t transformation; - - /** - * Measurement time - */ - chunk_t measurement_time; - - /** - * Optional Policy URI - */ - chunk_t policy_uri; - - /** - * Optional PCR before value - */ - chunk_t pcr_before; - - /** - * Optional PCR after value - */ - chunk_t pcr_after; - - /** - * Component Measurement + * PTS Component Evidence */ - chunk_t measurement; + pts_comp_evidence_t *evidence; }; @@ -212,57 +158,81 @@ METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_simple_comp_evid_t *this) { bio_writer_t *writer; - u_int8_t flags = 0; + bool has_pcr_info; + char *utc_time_str, utc_time_buf[25]; + u_int8_t flags; + u_int32_t depth, extended_pcr; + pts_comp_func_name_t *name; + pts_meas_algorithms_t hash_algorithm; + pts_pcr_transform_t transform; + pts_comp_evid_validation_t validation; + time_t measurement_time; + chunk_t measurement, utc_time, pcr_before, pcr_after, policy_uri; + + /* Extract parameters from comp_evidence_t object */ + name = this->evidence->get_comp_func_name(this->evidence, + &depth); + measurement = this->evidence->get_measurement(this->evidence, + &extended_pcr, &hash_algorithm, &transform, + &measurement_time); + has_pcr_info = this->evidence->get_pcr_info(this->evidence, + &pcr_before, &pcr_after); + validation = this->evidence->get_validation(this->evidence, + &policy_uri); - writer = bio_writer_create(PTS_SIMPLE_COMP_EVID_SIZE); /* Determine the flags to set*/ - if (this->pcr_info_included) + flags = validation; + if (has_pcr_info) { - flags += 128; + flags |= PTS_SIMPLE_COMP_EVID_FLAG_PCR; } - if (this->flags == PTS_SIMPLE_COMP_EVID_FLAG_NO_VER) - { - flags += 32; - } - else if (this->flags == PTS_SIMPLE_COMP_EVID_FLAG_VER_FAIL) + + /* Form the UTC measurement time string */ + if (measurement_time == UNDEFINED_TIME) { - flags += 64; + utc_time_str = "0000-00-00T00:00:00Z"; } - else if (this->flags == PTS_SIMPLE_COMP_EVID_FLAG_VER_PASS) + else { - flags += 96; + struct tm t; + + gmtime_r(&measurement_time, &t); + utc_time_str = utc_time_buf; + sprintf(utc_time_str, "%04d-%.02d-%.02dT%.02d:%.02d:%.02dZ", + t.tm_year + 1900, t.tm_mon + 1, t.tm_mday, + t.tm_hour, t.tm_min, t.tm_sec); } + utc_time = chunk_create(utc_time_str, PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE); + + writer = bio_writer_create(PTS_SIMPLE_COMP_EVID_SIZE); writer->write_uint8 (writer, flags); - writer->write_uint24(writer, this->depth); - writer->write_uint24(writer, this->name->get_vendor_id(this->name)); - writer->write_uint8 (writer, this->name->get_qualifier(this->name)); - writer->write_uint32(writer, this->name->get_name(this->name)); - writer->write_uint8 (writer, (this->measurement_type << 7)); - writer->write_uint24(writer, this->extended_pcr); - writer->write_uint16(writer, this->hash_algorithm); - writer->write_uint8 (writer, this->transformation); - writer->write_data (writer, this->measurement_time); + writer->write_uint24(writer, depth); + writer->write_uint24(writer, name->get_vendor_id(name)); + writer->write_uint8 (writer, name->get_qualifier(name)); + writer->write_uint32(writer, name->get_name(name)); + writer->write_uint8 (writer, PTS_SIMPLE_COMP_EVID_MEAS_TYPE); + writer->write_uint24(writer, extended_pcr); + writer->write_uint16(writer, hash_algorithm); + writer->write_uint8 (writer, transform); + writer->write_uint8 (writer, PTS_SIMPLE_COMP_EVID_RESERVED); + writer->write_data (writer, utc_time); /* Optional fields */ - if (this->policy_uri.ptr && this->policy_uri.len > 0) + if (validation == PTS_COMP_EVID_VALIDATION_FAILED || + validation == PTS_COMP_EVID_VALIDATION_PASSED) { - writer->write_uint16(writer, this->policy_uri.len); - writer->write_data (writer, this->policy_uri); + writer->write_uint16(writer, policy_uri.len); + writer->write_data (writer, policy_uri); } - if (this->pcr_before.ptr && this->pcr_after.ptr && - this->pcr_before.len == this->pcr_after.len && - this->pcr_before.len > 0 && this->pcr_after.len > 0) + if (has_pcr_info) { - writer->write_uint16(writer, this->pcr_before.len); - writer->write_data (writer, this->pcr_before); - writer->write_data (writer, this->pcr_after); + writer->write_uint16(writer, pcr_before.len); + writer->write_data (writer, pcr_before); + writer->write_data (writer, pcr_after); } - if (this->measurement.ptr && this->measurement.len > 0) - { - writer->write_data (writer, this->measurement); - } + writer->write_data(writer, measurement); this->value = chunk_clone(writer->get_buf(writer)); writer->destroy(writer); @@ -272,11 +242,15 @@ METHOD(pa_tnc_attr_t, process, status_t, private_tcg_pts_attr_simple_comp_evid_t *this, u_int32_t *offset) { bio_reader_t *reader; - u_int8_t flags, fam_and_qualifier, qualifier; - u_int8_t measurement_type, transformation; - u_int16_t algorithm; - u_int32_t vendor_id, name, measurement_len; - + pts_comp_func_name_t *name; + u_int8_t flags, fam_and_qualifier, qualifier, reserved; + u_int8_t measurement_type, transform, validation; + u_int16_t hash_algorithm, len; + u_int32_t depth, vendor_id, comp_name, extended_pcr; + chunk_t measurement, utc_time, policy_uri, pcr_before, pcr_after; + time_t measurement_time; + bool has_pcr_info = FALSE, has_validation = FALSE; + if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE) { DBG1(DBG_TNC, "insufficient data for Simple Component Evidence"); @@ -285,182 +259,96 @@ METHOD(pa_tnc_attr_t, process, status_t, } reader = bio_reader_create(this->value); - reader->read_uint8(reader, &flags); - /* Determine the flags to set*/ - if ((flags >> 7) & 1) - { - this->pcr_info_included = TRUE; - } - if (!((flags >> 6) & 1) && !((flags >> 5) & 1)) - { - this->flags = PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID; - } - else if (!((flags >> 6) & 1) && ((flags >> 5) & 1)) - { - this->flags = PTS_SIMPLE_COMP_EVID_FLAG_NO_VER; - } - else if (((flags >> 6) & 1) && !((flags >> 5) & 1)) - { - this->flags = PTS_SIMPLE_COMP_EVID_FLAG_VER_FAIL; - } - else if (((flags >> 6) & 1) && ((flags >> 5) & 1)) - { - this->flags = PTS_SIMPLE_COMP_EVID_FLAG_VER_PASS; - } - - reader->read_uint24(reader, &this->depth); + reader->read_uint8 (reader, &flags); + reader->read_uint24(reader, &depth); reader->read_uint24(reader, &vendor_id); reader->read_uint8 (reader, &fam_and_qualifier); - reader->read_uint32(reader, &name); + reader->read_uint32(reader, &comp_name); reader->read_uint8 (reader, &measurement_type); - reader->read_uint24(reader, &this->extended_pcr); - reader->read_uint16(reader, &algorithm); - reader->read_uint8 (reader, &transformation); - reader->read_data (reader, PTS_SIMPLE_COMP_EVID_MEASUREMENT_TIME_SIZE, - &this->measurement_time); + reader->read_uint24(reader, &extended_pcr); + reader->read_uint16(reader, &hash_algorithm); + reader->read_uint8 (reader, &transform); + reader->read_uint8 (reader, &reserved); + reader->read_data (reader, PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE, &utc_time); - qualifier = fam_and_qualifier & (!PTS_SIMPLE_COMP_EVID_FAMILY_MASK); - - this->name = pts_comp_func_name_create(vendor_id, name, qualifier); - this->measurement_type = (measurement_type >> 7 ) & 1; - this->hash_algorithm = algorithm; - this->transformation = transformation; - this->measurement_time = chunk_clone(this->measurement_time); - - /* Optional Policy URI field is included */ - if ((this->flags == PTS_SIMPLE_COMP_EVID_FLAG_VER_FAIL) || - (this->flags == PTS_SIMPLE_COMP_EVID_FLAG_VER_PASS)) + if (measurement_type != PTS_SIMPLE_COMP_EVID_MEAS_TYPE) { - u_int16_t policy_uri_len; - reader->read_uint16(reader, &policy_uri_len); - reader->read_data(reader, policy_uri_len, &this->policy_uri); - this->policy_uri = chunk_clone(this->policy_uri); + DBG1(DBG_TNC, "unsupported Measurement Type in Simple Component Evidence"); + *offset = 12; + reader->destroy(reader); + return FAILED; + } + + validation = flags & PTS_SIMPLE_COMP_EVID_VALIDATION_MASK; + qualifier = fam_and_qualifier & ~PTS_SIMPLE_COMP_EVID_FAMILY_MASK; + + /* TODO Parse the UTC time string */ + measurement_time = 0; + + /* Is optional Policy URI field included? */ + if (validation == PTS_COMP_EVID_VALIDATION_FAILED || + validation == PTS_COMP_EVID_VALIDATION_PASSED) + { + reader->read_uint16(reader, &len); + reader->read_data(reader, len, &policy_uri); + has_validation = TRUE; } - /* Optional PCR value fields are included */ - if (this->pcr_info_included) + /* Are optional PCR value fields included? */ + if (flags & PTS_SIMPLE_COMP_EVID_FLAG_PCR) { - u_int16_t pcr_value_len; - reader->read_uint16(reader, &pcr_value_len); - reader->read_data(reader, pcr_value_len, &this->pcr_before); - this->pcr_before = chunk_clone(this->pcr_before); - reader->read_data(reader, pcr_value_len, &this->pcr_after); - this->pcr_after = chunk_clone(this->pcr_after); + reader->read_uint16(reader, &len); + reader->read_data(reader, len, &pcr_before); + reader->read_data(reader, len, &pcr_after); + has_pcr_info = TRUE; } - measurement_len = reader->remaining(reader); - reader->read_data(reader, measurement_len, &this->measurement); - this->measurement = chunk_clone(this->measurement); + /* Measurement field comes at the very end */ + reader->read_data(reader,reader->remaining(reader), &measurement); reader->destroy(reader); - return SUCCESS; -} - -METHOD(pa_tnc_attr_t, destroy, void, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - free(this->value.ptr); - free(this->measurement_time.ptr); - free(this->policy_uri.ptr); - free(this->pcr_before.ptr); - free(this->pcr_after.ptr); - free(this->measurement.ptr); - free(this); -} - -METHOD(tcg_pts_attr_simple_comp_evid_t, is_pcr_info_included, bool, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->pcr_info_included; -} - -METHOD(tcg_pts_attr_simple_comp_evid_t, get_flags, pts_attr_simple_comp_evid_flag_t, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->flags; -} - -METHOD(tcg_pts_attr_simple_comp_evid_t, get_sub_component_depth, u_int32_t, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->depth; -} - -METHOD(tcg_pts_attr_simple_comp_evid_t, get_comp_func_name, pts_comp_func_name_t*, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->name; -} - -METHOD(tcg_pts_attr_simple_comp_evid_t, get_measurement_type, u_int8_t, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->measurement_type; -} -METHOD(tcg_pts_attr_simple_comp_evid_t, get_extended_pcr, u_int32_t, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->extended_pcr; -} + /* Create Component Functional Name object */ + name = pts_comp_func_name_create(vendor_id, comp_name, qualifier); -METHOD(tcg_pts_attr_simple_comp_evid_t, get_hash_algorithm, pts_meas_algorithms_t, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->hash_algorithm; -} + /* Create Component Evidence object */ + measurement = chunk_clone(measurement); + this->evidence = pts_comp_evidence_create(name, depth, extended_pcr, + hash_algorithm, transform, + measurement_time, measurement); -METHOD(tcg_pts_attr_simple_comp_evid_t, get_pcr_trans, pts_pcr_transform_t, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->transformation; -} - -METHOD(tcg_pts_attr_simple_comp_evid_t, get_measurement_time, chunk_t, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->measurement_time; -} - -METHOD(tcg_pts_attr_simple_comp_evid_t, get_policy_uri, chunk_t, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->policy_uri; -} - -METHOD(tcg_pts_attr_simple_comp_evid_t, get_pcr_before_value, chunk_t, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->pcr_before; -} + /* Add options */ + if (has_validation) + { + policy_uri = chunk_clone(policy_uri); + this->evidence->set_validation(this->evidence, validation, policy_uri); + } + if (has_pcr_info) + { + pcr_before = chunk_clone(pcr_before); + pcr_after = chunk_clone(pcr_after); + this->evidence->set_pcr_info(this->evidence, pcr_before, pcr_after); + } -METHOD(tcg_pts_attr_simple_comp_evid_t, get_pcr_after_value, chunk_t, - private_tcg_pts_attr_simple_comp_evid_t *this) -{ - return this->pcr_after; + return SUCCESS; } -METHOD(tcg_pts_attr_simple_comp_evid_t, get_pcr_len, u_int16_t, +METHOD(pa_tnc_attr_t, destroy, void, private_tcg_pts_attr_simple_comp_evid_t *this) { - if (this->pcr_before.ptr && this->pcr_after.ptr && - this->pcr_before.len == this->pcr_after.len && - this->pcr_before.len > 0 && this->pcr_after.len > 0) - { - return this->pcr_before.len; - } - return 0; + this->evidence->destroy(this->evidence); + free(this); } -METHOD(tcg_pts_attr_simple_comp_evid_t, get_comp_measurement, chunk_t, +METHOD(tcg_pts_attr_simple_comp_evid_t, get_comp_evidence, pts_comp_evidence_t*, private_tcg_pts_attr_simple_comp_evid_t *this) { - return this->measurement; + return this->evidence; } /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(tcg_pts_attr_simple_comp_evid_params_t params) +pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid) { private_tcg_pts_attr_simple_comp_evid_t *this; @@ -476,35 +364,11 @@ pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(tcg_pts_attr_simple_comp_evi .process = _process, .destroy = _destroy, }, - .is_pcr_info_included = _is_pcr_info_included, - .get_flags= _get_flags, - .get_sub_component_depth = _get_sub_component_depth, - .get_comp_func_name = _get_comp_func_name, - .get_measurement_type = _get_measurement_type, - .get_extended_pcr = _get_extended_pcr, - .get_hash_algorithm = _get_hash_algorithm, - .get_pcr_trans = _get_pcr_trans, - .get_measurement_time = _get_measurement_time, - .get_policy_uri = _get_policy_uri, - .get_pcr_before_value = _get_pcr_before_value, - .get_pcr_after_value = _get_pcr_after_value, - .get_pcr_len = _get_pcr_len, - .get_comp_measurement = _get_comp_measurement, + .get_comp_evidence = _get_comp_evidence, }, .vendor_id = PEN_TCG, .type = TCG_PTS_SIMPLE_COMP_EVID, - .pcr_info_included = params.pcr_info_included, - .flags = params.flags, - .depth = params.depth, - .name = params.name, - .extended_pcr = params.extended_pcr, - .hash_algorithm = params.hash_algorithm, - .transformation = params.transformation, - .measurement_time = params.measurement_time, - .policy_uri = chunk_clone(params.policy_uri), - .pcr_before = params.pcr_before, - .pcr_after = params.pcr_after, - .measurement = params.measurement, + .evidence = evid, ); return &this->public.pa_tnc_attribute; @@ -530,20 +394,7 @@ pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create_from_data(chunk_t data) .process = _process, .destroy = _destroy, }, - .is_pcr_info_included = _is_pcr_info_included, - .get_flags= _get_flags, - .get_sub_component_depth = _get_sub_component_depth, - .get_comp_func_name = _get_comp_func_name, - .get_measurement_type = _get_measurement_type, - .get_extended_pcr = _get_extended_pcr, - .get_hash_algorithm = _get_hash_algorithm, - .get_pcr_trans = _get_pcr_trans, - .get_measurement_time = _get_measurement_time, - .get_policy_uri = _get_policy_uri, - .get_pcr_before_value = _get_pcr_before_value, - .get_pcr_after_value = _get_pcr_after_value, - .get_pcr_len = _get_pcr_len, - .get_comp_measurement = _get_comp_measurement, + .get_comp_evidence = _get_comp_evidence, }, .vendor_id = PEN_TCG, .type = TCG_PTS_SIMPLE_COMP_EVID, diff --git a/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.h b/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.h index d4693b9c6f..3a80904c86 100644 --- a/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.h +++ b/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.h @@ -22,63 +22,11 @@ #define TCG_PTS_ATTR_SIMPLE_COMP_EVID_H_ typedef struct tcg_pts_attr_simple_comp_evid_t tcg_pts_attr_simple_comp_evid_t; -typedef enum pts_attr_simple_comp_evid_flag_t pts_attr_simple_comp_evid_flag_t; -typedef enum pts_pcr_transform_t pts_pcr_transform_t; -typedef struct tcg_pts_attr_simple_comp_evid_params_t tcg_pts_attr_simple_comp_evid_params_t; #include "tcg_attr.h" -#include "pts/pts_meas_algo.h" -#include "pts/components/pts_comp_func_name.h" +#include "pts/components/pts_comp_evidence.h" #include "pa_tnc/pa_tnc_attr.h" -#define PTS_SIMPLE_COMP_EVID_FAMILY_MASK 0xC0 - -/** - * PTS Simple Component Evidence Flags - */ -enum pts_attr_simple_comp_evid_flag_t { - /** No Validation was attempted */ - PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID = 1, - /** Attempted validation, unable to verify */ - PTS_SIMPLE_COMP_EVID_FLAG_NO_VER = 2, - /** Attempted validation, verification failed */ - PTS_SIMPLE_COMP_EVID_FLAG_VER_FAIL = 3, - /** Attempted validation, verification passed */ - PTS_SIMPLE_COMP_EVID_FLAG_VER_PASS = 4, -}; - -/** - * PTS PCR Transformations - */ -enum pts_pcr_transform_t { - /** No Transformation */ - PTS_PCR_TRANSFORM_NO = 0, - /** Hash Value matched PCR size */ - PTS_PCR_TRANSFORM_MATCH = 1, - /** Hash value shorter than PCR size */ - PTS_PCR_TRANSFORM_SHORT = 2, - /** Hash value longer than PCR size */ - PTS_PCR_TRANSFORM_LONG = 3, -}; - -/** - * Parameters for Simple Component Evidence Attribute - */ -struct tcg_pts_attr_simple_comp_evid_params_t { - bool pcr_info_included; - pts_attr_simple_comp_evid_flag_t flags; - u_int32_t depth; - pts_comp_func_name_t *name; - u_int32_t extended_pcr; - pts_meas_algorithms_t hash_algorithm; - pts_pcr_transform_t transformation; - chunk_t measurement_time; - chunk_t policy_uri; - chunk_t pcr_before; - chunk_t pcr_after; - chunk_t measurement; -}; - /** * Class implementing the TCG PTS Simple Component Evidence attribute * @@ -91,111 +39,20 @@ struct tcg_pts_attr_simple_comp_evid_t { pa_tnc_attr_t pa_tnc_attribute; /** - * Is Optional PCR Information fields included - * - * @return TRUE if included, FALSE otherwise - */ - bool (*is_pcr_info_included)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get flags for PTS Simple Component Evidence - * - * @return Set of flags - */ - pts_attr_simple_comp_evid_flag_t (*get_flags)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get Sub-component Depth - * - * @return Sub-component Depth - */ - u_int32_t (*get_sub_component_depth)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get Special Component Functional Name - * - * @return Component Functional Name - */ - pts_comp_func_name_t* (*get_comp_func_name)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get Measurement Type - * - * @return Measurement Type - */ - u_int8_t (*get_measurement_type)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get which PCR the functional component is extended into - * - * @return Number of PCR - */ - u_int32_t (*get_extended_pcr)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get Hash Algorithm - * - * @return Hash Algorithm - */ - pts_meas_algorithms_t (*get_hash_algorithm)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get PCR Transformation - * - * @return Transformation type of PCR - */ - pts_pcr_transform_t (*get_pcr_trans)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get Measurement Time - * - * @return Measurement time - */ - chunk_t (*get_measurement_time)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get Optional Policy URI - * - * @return Policy URI - */ - chunk_t (*get_policy_uri)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get Optional PCR Length - * - * @return Length of PCR before/after values - */ - u_int16_t (*get_pcr_len)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get Optional PCR before value - * - * @return PCR before value - */ - chunk_t (*get_pcr_before_value)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get Optional PCR after value - * - * @return PCR after value - */ - chunk_t (*get_pcr_after_value)(tcg_pts_attr_simple_comp_evid_t *this); - - /** - * Get Component Measurement + * Get Component Evidence * - * @return Component Measurement Hash + * @return Component Evidence */ - chunk_t (*get_comp_measurement)(tcg_pts_attr_simple_comp_evid_t *this); + pts_comp_evidence_t* (*get_comp_evidence)(tcg_pts_attr_simple_comp_evid_t *this); }; /** * Creates an tcg_pts_attr_simple_comp_evid_t object * - * @param params Struct of parameters + * @param evid Component Evidence */ -pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create(tcg_pts_attr_simple_comp_evid_params_t params); +pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid); /** * Creates an tcg_pts_attr_simple_comp_evid_t object from received data