From: Andreas Steffen Date: Tue, 22 Nov 2011 20:18:13 +0000 (+0100) Subject: refactored simple_evid_final attribute X-Git-Tag: 4.6.2~172 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=db103fada4ba34c1a0ff8584fe3122231bea2277;p=thirdparty%2Fstrongswan.git refactored simple_evid_final attribute --- diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c index f65f6faee2..94773afe78 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c @@ -405,9 +405,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, case TCG_PTS_GEN_ATTEST_EVID: { pts_simple_evid_final_flag_t flags; - pts_meas_algorithms_t composite_algorithm = 0; + pts_meas_algorithms_t comp_hash_algorithm; pts_comp_evidence_t *evid; - chunk_t pcr_composite, quote_signature; + chunk_t pcr_composite, quote_sig; bool use_quote2; /* Send buffered Simple Component Evidences */ @@ -424,20 +424,19 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, "libimcv.plugins.imc-attestation.use_quote2", TRUE); /* Quote */ - if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_signature)) + if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_sig)) { DBG1(DBG_IMC, "error occured during TPM quote operation"); return FALSE; } /* Send Simple Evidence Final attribute */ - flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2: - PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO; - composite_algorithm |= PTS_MEAS_ALGO_SHA1; + flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 : + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO; + comp_hash_algorithm == PTS_MEAS_ALGO_SHA1; - attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags, - composite_algorithm, pcr_composite, - quote_signature, chunk_empty); + attr = tcg_pts_attr_simple_evid_final_create(flags, + comp_hash_algorithm, pcr_composite, quote_sig); attr_list->insert_last(attr_list, attr); break; } diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c index c0f30abca7..194bb8b4db 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c @@ -298,86 +298,55 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, case TCG_PTS_SIMPLE_EVID_FINAL: { tcg_pts_attr_simple_evid_final_t *attr_cast; - pts_simple_evid_final_flag_t flags; - pts_meas_algorithms_t composite_algorithm; - chunk_t pcr_comp; - chunk_t tpm_quote_sign; - chunk_t evid_sign; - bool evid_signature_included = FALSE, use_quote2 = FALSE, - ver_info_included = FALSE; + u_int8_t flags; + pts_meas_algorithms_t comp_hash_algorithm; + chunk_t pcr_comp, tpm_quote_sig, evid_sig; chunk_t pcr_composite, quote_info; + bool use_quote2, use_ver_info; attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr; - evid_signature_included = attr_cast->is_evid_sign_included(attr_cast); - flags = attr_cast->get_flags(attr_cast); - - /** Optional Composite Hash Algorithm field is always present - * Field has value of all zeroes if not used. - * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 - */ - composite_algorithm = attr_cast->get_comp_hash_algorithm(attr_cast); + flags = attr_cast->get_quote_info(attr_cast, &comp_hash_algorithm, + &pcr_comp, &tpm_quote_sig); - if (flags != PTS_SIMPLE_EVID_FINAL_FLAG_NO) + if (flags != PTS_SIMPLE_EVID_FINAL_NO) { - if ((flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2) || - (flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER)) - { - use_quote2 = TRUE; - } - if (flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER) - { - ver_info_included = TRUE; - } - - pcr_comp = attr_cast->get_pcr_comp(attr_cast); - tpm_quote_sign = attr_cast->get_tpm_quote_sign(attr_cast); - - if (!pcr_comp.ptr || !tpm_quote_sign.ptr) - { - DBG1(DBG_IMV, "PCR composite: %B", &pcr_comp); - DBG1(DBG_IMV, "TPM Quote Signature: %B", &tpm_quote_sign); - DBG1(DBG_IMV, "Either PCR Composite or Quote Signature missing"); - return FALSE; - } + use_quote2 = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 || + flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER); + use_ver_info = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER); /* Construct PCR Composite and TPM Quote Info structures */ - if (!pts->get_quote_info(pts, use_quote2, ver_info_included, - composite_algorithm, &pcr_composite, "e_info)) + if (!pts->get_quote_info(pts, use_quote2, use_ver_info, + comp_hash_algorithm, &pcr_composite, "e_info)) { - DBG1(DBG_IMV, "unable to contruct TPM Quote Info"); + DBG1(DBG_IMV, "unable to compute TPM Quote Info"); return FALSE; } if (!chunk_equals(pcr_comp, pcr_composite)) { - DBG1(DBG_IMV, "received PCR Composite didn't match " - "with constructed"); - chunk_clear(&pcr_composite); - chunk_clear("e_info); + DBG1(DBG_IMV, "received and computed PCR Composite match"); + free(pcr_composite.ptr); + free(quote_info.ptr); return FALSE; } - DBG2(DBG_IMV, "received PCR Composite matches with constructed"); - chunk_clear(&pcr_composite); + DBG2(DBG_IMV, "received and computed PCR Composite do not match"); + free(pcr_composite.ptr); - if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sign)) + if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig)) { - chunk_clear("e_info); + free(quote_info.ptr); return FALSE; } - - DBG2(DBG_IMV, "signature verification succeeded for " - "TPM Quote Info"); - chunk_clear("e_info); + DBG2(DBG_IMV, "TPM Quote Info signature verification successful"); + free(quote_info.ptr); } - if (evid_signature_included) + if (attr_cast->get_evid_sig(attr_cast, &evid_sig)) { /** TODO: What to do with Evidence Signature */ - evid_sign = attr_cast->get_evid_sign(attr_cast); - DBG1(DBG_IMV, "This version of Attestation IMV can not handle" - " Optional Evidence Signature field"); + DBG1(DBG_IMV, "This version of the Attestation IMV can not " + "handle Evidence Signatures"); } - break; } diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am index 7bed466cd8..707d920b0b 100644 --- a/src/libpts/Makefile.am +++ b/src/libpts/Makefile.am @@ -11,6 +11,7 @@ libpts_la_SOURCES = \ pts/pts_error.h pts/pts_error.c \ pts/pts_proto_caps.h \ pts/pts_req_func_comp_evid.h \ + pts/pts_simple_evid_final.h \ pts/pts_creds.h pts/pts_creds.c \ pts/pts_database.h pts/pts_database.c \ pts/pts_dh_group.h pts/pts_dh_group.c \ diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h index 73065ec20a..c6a5ffbb4e 100644 --- a/src/libpts/pts/pts.h +++ b/src/libpts/pts/pts.h @@ -30,6 +30,7 @@ typedef struct pts_t pts_t; #include "pts_file_meta.h" #include "pts_dh_group.h" #include "pts_req_func_comp_evid.h" +#include "pts_simple_evid_final.h" #include "components/pts_comp_func_name.h" #include "components/tcg/tcg_comp_func_name.h" #include "components/ita/ita_comp_func_name.h" diff --git a/src/libpts/pts/pts_simple_evid_final.h b/src/libpts/pts/pts_simple_evid_final.h new file mode 100644 index 0000000000..0c8dea0cc1 --- /dev/null +++ b/src/libpts/pts/pts_simple_evid_final.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2011 Sansar Choinyambuu + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pts_simple_evid_final pts_rsimple_evid_final + * @{ @ingroup pts + */ + +#ifndef PTS_SIMPLE_EVID_FINAL_H_ +#define PTS_SIMPLE_EVID_FINAL_H_ + +typedef enum pts_simple_evid_final_flag_t pts_simple_evid_final_flag_t; + +#include + +/** + * PTS Simple Evidence Final Flags + */ +enum pts_simple_evid_final_flag_t { + /** TPM PCR Composite and TPM Quote Signature not included */ + PTS_SIMPLE_EVID_FINAL_NO = 0x00, + /** TPM PCR Composite and TPM Quote Signature included + * using TPM_QUOTE_INFO */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO = 0x40, + /** TPM PCR Composite and TPM Quote Signature included + * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO not appended */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 = 0x80, + /** TPM PCR Composite and TPM Quote Signature included + * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO appended */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER = 0xC0, + /** Evidence Signature included */ + PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20, +}; + +#endif /** PTS_SIMPLE_EVID_FINAL_H_ @}*/ diff --git a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c index 58a3e3a0f6..a621164bf8 100644 --- a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c +++ b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c @@ -14,6 +14,7 @@ */ #include "tcg_pts_attr_simple_evid_final.h" +#include "pts/pts_simple_evid_final.h" #include #include @@ -29,23 +30,23 @@ typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_sim * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Flags | Reserved | Optional Composite Hash Alg | + * | Flags | Reserved | Optional Composite Hash Alg | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Optional TPM PCR Composite Length | + * | Optional TPM PCR Composite Length | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * ~ Optional TPM PCR Composite (Variable Length) ~ + * ~ Optional TPM PCR Composite (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Optional TPM Quote Signature Length | + * | Optional TPM Quote Signature Length | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * ~ Optional TPM Quote Signature (Variable Length) ~ + * ~ Optional TPM Quote Signature (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * ~ Optional Evidence Signature (Variable Length) ~ + * ~ Optional Evidence Signature (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ #define PTS_SIMPLE_EVID_FINAL_SIZE 2 #define PTS_SIMPLE_EVID_FINAL_RESERVED 0x00 - +#define PTS_SIMPLE_EVID_FINAL_FLAG_MASK 0xC0 /** * Private data of an tcg_pts_attr_simple_evid_final_t object. */ @@ -76,15 +77,10 @@ struct private_tcg_pts_attr_simple_evid_final_t { */ bool noskip_flag; - /** - * Is Evidence Signature included - */ - bool evid_sign_included; - /** * Set of flags for Simple Evidence Final */ - pts_simple_evid_final_flag_t flags; + u_int8_t flags; /** * Optional Composite Hash Algorithm @@ -99,12 +95,17 @@ struct private_tcg_pts_attr_simple_evid_final_t { /** * Optional TPM Quote Signature */ - chunk_t tpm_quote_sign; + chunk_t tpm_quote_sig; + + /** + * Is Evidence Signature included? + */ + bool has_evid_sig; /** * Optional Evidence Signature */ - chunk_t evid_sign; + chunk_t evid_sig; }; @@ -138,32 +139,30 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void, this->noskip_flag = noskip; } +METHOD(pa_tnc_attr_t, destroy, void, + private_tcg_pts_attr_simple_evid_final_t *this) +{ + free(this->value.ptr); + free(this->pcr_comp.ptr); + free(this->tpm_quote_sig.ptr); + free(this->evid_sig.ptr); + free(this); +} + METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_simple_evid_final_t *this) { bio_writer_t *writer; - u_int8_t flags = 0; + u_int8_t flags; - writer = bio_writer_create(PTS_SIMPLE_EVID_FINAL_SIZE); + flags = this->flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK; - /* Determine the flags to set*/ - if (this->flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO) - { - flags += 64; - } - else if (this->flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2) + if (this->has_evid_sig) { - flags += 128; + flags |= PTS_SIMPLE_EVID_FINAL_EVID_SIG; } - else if (this->flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER) - { - flags += 192; - } - if (this->evid_sign_included) - { - flags += 32; - } - + + writer = bio_writer_create(PTS_SIMPLE_EVID_FINAL_SIZE); writer->write_uint8 (writer, flags); writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED); @@ -174,19 +173,18 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint16(writer, this->comp_hash_algorithm); /* Optional fields */ - if (this->pcr_comp.ptr && this->pcr_comp.len > 0) + if (this->flags != PTS_SIMPLE_EVID_FINAL_NO) { writer->write_uint32 (writer, this->pcr_comp.len); writer->write_data (writer, this->pcr_comp); + + writer->write_uint32 (writer, this->tpm_quote_sig.len); + writer->write_data (writer, this->tpm_quote_sig); } - if (this->tpm_quote_sign.ptr && this->tpm_quote_sign.len > 0) - { - writer->write_uint32 (writer, this->tpm_quote_sign.len); - writer->write_data (writer, this->tpm_quote_sign); - } - if (this->evid_sign.ptr && this->evid_sign.len > 0) + + if (this->has_evid_sig) { - writer->write_data (writer, this->evid_sign); + writer->write_data (writer, this->evid_sig); } this->value = chunk_clone(writer->get_buf(writer)); @@ -197,9 +195,10 @@ METHOD(pa_tnc_attr_t, process, status_t, private_tcg_pts_attr_simple_evid_final_t *this, u_int32_t *offset) { bio_reader_t *reader; - u_int8_t flags; - u_int8_t reserved; + u_int8_t flags, reserved; u_int16_t algorithm; + u_int32_t pcr_comp_len, tpm_quote_sig_len, evid_sig_len; + if (this->value.len < PTS_SIMPLE_EVID_FINAL_SIZE) { @@ -210,31 +209,12 @@ METHOD(pa_tnc_attr_t, process, status_t, reader = bio_reader_create(this->value); reader->read_uint8(reader, &flags); - - /* Determine the flags to set*/ - if (!((flags >> 7) & 1) && !((flags >> 6) & 1)) - { - this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_NO; - } - else if (!((flags >> 7) & 1) && ((flags >> 6) & 1)) - { - this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO; - } - else if (((flags >> 7) & 1) && !((flags >> 6) & 1)) - { - this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2; - } - else if (((flags >> 7) & 1) && ((flags >> 6) & 1)) - { - this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER; - } - if ((flags >> 5) & 1) - { - this->evid_sign_included = TRUE; - } - reader->read_uint8(reader, &reserved); + this->flags = flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK; + + this->has_evid_sig = (flags & PTS_SIMPLE_EVID_FINAL_EVID_SIG) != 0; + /** Optional Composite Hash Algorithm field is always present * Field has value of all zeroes if not used. * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 @@ -243,8 +223,8 @@ METHOD(pa_tnc_attr_t, process, status_t, reader->read_uint16(reader, &algorithm); this->comp_hash_algorithm = algorithm; - /* Optional Composite Hash Algorithm and TPM PCR Composite field is included */ - if (this->flags != PTS_SIMPLE_EVID_FINAL_FLAG_NO) + /* Optional Composite Hash Algorithm and TPM PCR Composite fields */ + if (this->flags != PTS_SIMPLE_EVID_FINAL_NO) { u_int32_t pcr_comp_len, tpm_quote_sign_len; @@ -257,79 +237,66 @@ METHOD(pa_tnc_attr_t, process, status_t, reader->read_data(reader, pcr_comp_len, &this->pcr_comp); this->pcr_comp = chunk_clone(this->pcr_comp); - reader->read_uint32(reader, &tpm_quote_sign_len); - reader->read_data(reader, tpm_quote_sign_len, &this->tpm_quote_sign); - this->tpm_quote_sign = chunk_clone(this->tpm_quote_sign); + /* TODO check if enough message data is available */ + reader->read_uint32(reader, &tpm_quote_sig_len); + reader->read_data(reader, tpm_quote_sig_len, &this->tpm_quote_sig); + this->tpm_quote_sig = chunk_clone(this->tpm_quote_sig); } - /* Optional Evidence Signature field is included */ - if (this->evid_sign_included) + /* Optional Evidence Signature field */ + if (this->has_evid_sig) { - u_int32_t evid_sign_len = reader->remaining(reader); - reader->read_data(reader, evid_sign_len, &this->evid_sign); - this->evid_sign = chunk_clone(this->evid_sign); + evid_sig_len = reader->remaining(reader); + reader->read_data(reader, evid_sig_len, &this->evid_sig); + this->evid_sig = chunk_clone(this->evid_sig); } reader->destroy(reader); return SUCCESS; } -METHOD(pa_tnc_attr_t, destroy, void, - private_tcg_pts_attr_simple_evid_final_t *this) -{ - free(this->value.ptr); - free(this->pcr_comp.ptr); - free(this->tpm_quote_sign.ptr); - free(this->evid_sign.ptr); - free(this); -} - -METHOD(tcg_pts_attr_simple_evid_final_t, is_evid_sign_included, bool, - private_tcg_pts_attr_simple_evid_final_t *this) -{ - return this->evid_sign_included; -} - -METHOD(tcg_pts_attr_simple_evid_final_t, get_flags, pts_simple_evid_final_flag_t, - private_tcg_pts_attr_simple_evid_final_t *this) +METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, u_int8_t, + private_tcg_pts_attr_simple_evid_final_t *this, + pts_meas_algorithms_t *comp_hash_algo, chunk_t *pcr_comp, chunk_t *tpm_quote_sig) { + if (comp_hash_algo) + { + *comp_hash_algo = this->comp_hash_algorithm; + } + if (pcr_comp) + { + *pcr_comp = this->pcr_comp; + } + if (tpm_quote_sig) + { + *tpm_quote_sig = this->tpm_quote_sig; + } return this->flags; } -METHOD(tcg_pts_attr_simple_evid_final_t, get_comp_hash_algorithm, pts_meas_algorithms_t, - private_tcg_pts_attr_simple_evid_final_t *this) +METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sig, bool, + private_tcg_pts_attr_simple_evid_final_t *this, chunk_t *evid_sig) { - return this->comp_hash_algorithm; -} - -METHOD(tcg_pts_attr_simple_evid_final_t, get_pcr_comp, chunk_t, - private_tcg_pts_attr_simple_evid_final_t *this) -{ - return this->pcr_comp; -} - -METHOD(tcg_pts_attr_simple_evid_final_t, get_tpm_quote_sign, chunk_t, - private_tcg_pts_attr_simple_evid_final_t *this) -{ - return this->tpm_quote_sign; + if (evid_sig) + { + *evid_sig = this->evid_sig; + } + return this->has_evid_sig; } -METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sign, chunk_t, - private_tcg_pts_attr_simple_evid_final_t *this) +METHOD(tcg_pts_attr_simple_evid_final_t, set_evid_sig, void, + private_tcg_pts_attr_simple_evid_final_t *this, chunk_t evid_sig) { - return this->evid_sign; + this->evid_sig = chunk_clone(evid_sig); + this->has_evid_sig = TRUE; } /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create( - bool evid_sign_included, - pts_simple_evid_final_flag_t flags, - pts_meas_algorithms_t comp_hash_algorithm, - chunk_t pcr_comp, - chunk_t tpm_quote_sign, - chunk_t evid_sign) +pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags, + pts_meas_algorithms_t comp_hash_algorithm, + chunk_t pcr_comp, chunk_t tpm_quote_sig) { private_tcg_pts_attr_simple_evid_final_t *this; @@ -345,21 +312,16 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create( .process = _process, .destroy = _destroy, }, - .is_evid_sign_included = _is_evid_sign_included, - .get_flags = _get_flags, - .get_comp_hash_algorithm = _get_comp_hash_algorithm, - .get_pcr_comp = _get_pcr_comp, - .get_tpm_quote_sign = _get_tpm_quote_sign, - .get_evid_sign = _get_evid_sign, + .get_quote_info = _get_quote_info, + .get_evid_sig = _get_evid_sig, + .set_evid_sig = _set_evid_sig, }, .vendor_id = PEN_TCG, .type = TCG_PTS_SIMPLE_EVID_FINAL, - .evid_sign_included = evid_sign_included, .flags = flags, .comp_hash_algorithm = comp_hash_algorithm, .pcr_comp = chunk_clone(pcr_comp), - .tpm_quote_sign = chunk_clone(tpm_quote_sign), - .evid_sign = chunk_clone(evid_sign), + .tpm_quote_sig = chunk_clone(tpm_quote_sig), ); return &this->public.pa_tnc_attribute; @@ -385,12 +347,9 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(chunk_t data) .process = _process, .destroy = _destroy, }, - .is_evid_sign_included = _is_evid_sign_included, - .get_flags= _get_flags, - .get_comp_hash_algorithm = _get_comp_hash_algorithm, - .get_pcr_comp = _get_pcr_comp, - .get_tpm_quote_sign = _get_tpm_quote_sign, - .get_evid_sign = _get_evid_sign, + .get_quote_info = _get_quote_info, + .get_evid_sig = _get_evid_sig, + .set_evid_sig = _set_evid_sig, }, .vendor_id = PEN_TCG, .type = TCG_PTS_SIMPLE_EVID_FINAL, diff --git a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.h b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.h index 4957cbcb80..3d98bfce74 100644 --- a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.h +++ b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.h @@ -22,29 +22,11 @@ #define TCG_PTS_ATTR_SIMPLE_EVID_FINAL_H_ typedef struct tcg_pts_attr_simple_evid_final_t tcg_pts_attr_simple_evid_final_t; -typedef enum pts_simple_evid_final_flag_t pts_simple_evid_final_flag_t; #include "tcg_attr.h" #include "tcg_pts_attr_meas_algo.h" #include "pa_tnc/pa_tnc_attr.h" -/** - * PTS Simple Evidence Final Flags - */ -enum pts_simple_evid_final_flag_t { - /** No Optional TPM PCR Composite nor Optional TPM Quote Signature fields included */ - PTS_SIMPLE_EVID_FINAL_FLAG_NO = 1, - /** Optional TPM PCR Composite and Optional TPM Quote Signature fields included */ - /** using TPM_QUOTE_INFO */ - PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO = 2, - /** Optional TPM PCR Composite and Optional TPM Quote Signature fields included */ - /** using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO was not appended */ - PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2 = 3, - /** Optional TPM PCR Composite and Optional TPM Quote Signature fields included */ - /** using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO was appended */ - PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER = 4, -}; - /** * Class implementing the TCG PTS Simple Evidence Final attribute * @@ -57,66 +39,47 @@ struct tcg_pts_attr_simple_evid_final_t { pa_tnc_attr_t pa_tnc_attribute; /** - * Is Optional Evidence Signature Included + * Get Optional PCR Composite and TPM Quote Signature * - * @return TRUE if included, FALSE otherwise + * @param comp_hash_algo Optional Composite Hash Algorithm + * @param pcr_comp Optional PCR Composite + * @param tpm_quote sig Optional TPM Quote Signature + * @return PTS_SIMPLE_EVID_FINAL flags */ - bool (*is_evid_sign_included)(tcg_pts_attr_simple_evid_final_t *this); + u_int8_t (*get_quote_info)(tcg_pts_attr_simple_evid_final_t *this, + pts_meas_algorithms_t *comp_hash_algo, + chunk_t *pcr_comp, chunk_t *tpm_quote_sig); /** - * Get flags for PTS Simple Evidence Final + * Get Optional Evidence Signature * - * @return Set of flags + * @evid_sig Optional Evidence Signature + * @return TRUE if Evidence Signature is available */ - pts_simple_evid_final_flag_t (*get_flags)(tcg_pts_attr_simple_evid_final_t *this); + bool (*get_evid_sig)(tcg_pts_attr_simple_evid_final_t *this, chunk_t *evid_sig); /** - * Get Optional Composite Hash Algorithm - * - * @return Composite Hash Algorithm - */ - pts_meas_algorithms_t (*get_comp_hash_algorithm)(tcg_pts_attr_simple_evid_final_t *this); - - /** - * Get Optional TPM PCR Composite - * - * @return PCR Composite - */ - chunk_t (*get_pcr_comp)(tcg_pts_attr_simple_evid_final_t *this); - - /** - * Get Optional TPM Quote Signature - * - * @return TPM Quote Signature - */ - chunk_t (*get_tpm_quote_sign)(tcg_pts_attr_simple_evid_final_t *this); - - /** - * Get Optional Evidence Signature + * Set Optional Evidence Signature * - * @return Optional Evidence Signature + * @evid_sig Optional Evidence Signature */ - chunk_t (*get_evid_sign)(tcg_pts_attr_simple_evid_final_t *this); + void (*set_evid_sig)(tcg_pts_attr_simple_evid_final_t *this, chunk_t evid_sig); }; /** * Creates an tcg_pts_attr_simple_evid_final_t object * - * @param evid_sign_included Evidence Signature included * @param flags Set of flags * @param comp_hash_algorithm Composite Hash Algorithm * @param pcr_comp Optional TPM PCR Composite * @param tpm_quote_sign Optional TPM Quote Signature - * @param evid_sign Optional Evidence Signature */ pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create( - bool evid_sign_included, - pts_simple_evid_final_flag_t flags, + u_int8_t flags, pts_meas_algorithms_t comp_hash_algorithm, chunk_t pcr_comp, - chunk_t tpm_quote_sign, - chunk_t evid_sign); + chunk_t tpm_quote_sign); /** * Creates an tcg_pts_attr_simple_evid_final_t object from received data