#define IMC_VENDOR_ID PEN_TCG
#define IMC_SUBTYPE PA_SUBTYPE_TCG_PTS
+
+#define DEFAULT_NONCE_LEN 20
#define EXTEND_PCR 16
static imc_agent_t *imc_attestation;
/**
* Supported PTS measurement algorithms
*/
-static pts_meas_algorithms_t supported_algorithms = 0;
-
-/**
- * Supported PTS Diffie Hellman Groups
- */
-static pts_dh_group_t supported_dh_groups = 0;
+static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
/**
- * High Entropy Random Data
- * used in calculation of shared secret for the assessment session
+ * Supported PTS Diffie Hellman Groups
*/
-static char *responder_nonce = NULL;
+static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
/**
* List of buffered Simple Component Evidences
TNC_Version max_version,
TNC_Version *actual_version)
{
- rng_t *rng;
-
if (imc_attestation)
{
DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
return TNC_RESULT_ALREADY_INITIALIZED;
}
- if (!pts_meas_probe_algorithms(&supported_algorithms) ||
- !pts_probe_dh_groups(&supported_dh_groups))
+ if (!pts_meas_algo_probe(&supported_algorithms) ||
+ !pts_dh_group_probe(&supported_dh_groups))
{
return TNC_RESULT_FATAL;
}
}
libpts_init();
-
- /* create a responder nonce */
- responder_nonce = (char*)malloc(NONCE_LEN);
- rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (rng)
- {
- rng->get_bytes(rng, NONCE_LEN, responder_nonce);
- rng->destroy(rng);
- }
if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
{
attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
offered_algorithms = attr_cast->get_algorithms(attr_cast);
-
- if ((supported_algorithms & PTS_MEAS_ALGO_SHA384) &&
- (offered_algorithms & PTS_MEAS_ALGO_SHA384))
- {
- pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA384);
- }
- else if ((supported_algorithms & PTS_MEAS_ALGO_SHA256) &&
- (offered_algorithms & PTS_MEAS_ALGO_SHA256))
- {
- pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA256);
- }
-
- else if ((supported_algorithms & PTS_MEAS_ALGO_SHA1) &&
- (offered_algorithms & PTS_MEAS_ALGO_SHA1))
- {
- pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA1);
- }
- else
+ selected_algorithm = pts_meas_algo_select(supported_algorithms,
+ offered_algorithms);
+ if (selected_algorithm == PTS_MEAS_ALGO_NONE)
{
attr = pts_hash_alg_error_create(supported_algorithms);
attr_list->insert_last(attr_list, attr);
}
/* Send Measurement Algorithm Selection attribute */
- selected_algorithm = pts->get_meas_algorithm(pts);
+ pts->set_meas_algorithm(pts, selected_algorithm);
attr = tcg_pts_attr_meas_algo_create(selected_algorithm,
TRUE);
attr_list->insert_last(attr_list, attr);
case TCG_PTS_DH_NONCE_PARAMS_REQ:
{
tcg_pts_attr_dh_nonce_params_req_t *attr_cast;
- u_int8_t min_nonce_len;
pts_dh_group_t offered_dh_groups, selected_dh_group;
- chunk_t responder_pub_val;
+ chunk_t responder_value, responder_nonce;
+ int nonce_len, min_nonce_len;
+
+ nonce_len = lib->settings->get_int(lib->settings,
+ "libimcv.plugins.imc-attestation.nonce_len",
+ DEFAULT_NONCE_LEN);
attr_cast = (tcg_pts_attr_dh_nonce_params_req_t*)attr;
min_nonce_len = attr_cast->get_min_nonce_len(attr_cast);
- if (NONCE_LEN < min_nonce_len || NONCE_LEN <= 16)
+ if (min_nonce_len > 0 && nonce_len < min_nonce_len)
{
attr_info = attr->get_value(attr);
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
}
offered_dh_groups = attr_cast->get_dh_groups(attr_cast);
-
- if ((supported_dh_groups & PTS_DH_GROUP_IKE20) &&
- (offered_dh_groups & PTS_DH_GROUP_IKE20))
- {
- selected_dh_group = PTS_DH_GROUP_IKE20;
- }
- else if ((supported_dh_groups & PTS_DH_GROUP_IKE19) &&
- (offered_dh_groups & PTS_DH_GROUP_IKE19))
- {
- selected_dh_group = PTS_DH_GROUP_IKE19;
- }
- else if ((supported_dh_groups & PTS_DH_GROUP_IKE14) &&
- (offered_dh_groups & PTS_DH_GROUP_IKE14))
- {
- selected_dh_group = PTS_DH_GROUP_IKE14;
- }
- else if ((supported_dh_groups & PTS_DH_GROUP_IKE5) &&
- (offered_dh_groups & PTS_DH_GROUP_IKE5))
- {
- selected_dh_group = PTS_DH_GROUP_IKE5;
- }
- else if ((supported_dh_groups & PTS_DH_GROUP_IKE2) &&
- (offered_dh_groups & PTS_DH_GROUP_IKE2))
- {
- selected_dh_group = PTS_DH_GROUP_IKE2;
- }
- else
+ selected_dh_group = pts_dh_group_select(supported_dh_groups,
+ offered_dh_groups);
+ if (selected_dh_group == PTS_DH_GROUP_NONE)
{
attr_info = attr->get_value(attr);
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
break;
}
- /* Create own DH factor */
- if (!pts->create_dh(pts, selected_dh_group))
+ /* Create own DH factor and nonce */
+ if (!pts->create_dh_nonce(pts, selected_dh_group, nonce_len))
{
goto err;
}
- pts->get_my_public_value(pts, &responder_pub_val);
+ pts->get_my_public_value(pts, &responder_value,
+ &responder_nonce);
/* Send DH Nonce Parameters Response attribute */
- attr = tcg_pts_attr_dh_nonce_params_resp_create(NONCE_LEN,
- selected_dh_group, supported_algorithms,
- chunk_create(responder_nonce, NONCE_LEN),
- responder_pub_val);
+ attr = tcg_pts_attr_dh_nonce_params_resp_create(
+ selected_dh_group, supported_algorithms,
+ responder_nonce, responder_value);
attr_list->insert_last(attr_list, attr);
break;
}
case TCG_PTS_DH_NONCE_FINISH:
{
tcg_pts_attr_dh_nonce_finish_t *attr_cast;
- u_int8_t nonce_len;
pts_meas_algorithms_t selected_algorithm;
- chunk_t initiator_nonce, initiator_pub_val, responder_non;
+ chunk_t initiator_nonce, initiator_value;
+ int nonce_len;
attr_cast = (tcg_pts_attr_dh_nonce_finish_t*)attr;
- nonce_len = attr_cast->get_nonce_len(attr_cast);
- if (nonce_len < 0 || nonce_len <= 16)
+ selected_algorithm = attr_cast->get_hash_algo(attr_cast);
+ if (!(selected_algorithm & supported_algorithms))
+ {
+ DBG1(DBG_IMC, "PTS-IMV selected unsupported "
+ "DH hash algorithm");
+ return TNC_RESULT_FATAL;
+ }
+ pts->set_dh_hash_algorithm(pts, selected_algorithm);
+
+ initiator_value = attr_cast->get_initiator_value(attr_cast);
+ initiator_nonce = attr_cast->get_initiator_nonce(attr_cast);
+ nonce_len = initiator_nonce.len;
+ if (nonce_len <= 16) /* TODO */
{
attr_info = attr->get_value(attr);
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
attr_list->insert_last(attr_list, attr);
break;
}
-
- selected_algorithm = attr_cast->get_hash_algo(attr_cast);
- initiator_pub_val = attr_cast->get_initiator_pub_val(attr_cast);
- initiator_nonce = attr_cast->get_initiator_nonce(attr_cast);
- responder_non = chunk_create(responder_nonce, NONCE_LEN);
-
- DBG3(DBG_IMC, "Initiator nonce: %B", &initiator_nonce);
- DBG3(DBG_IMC, "Responder nonce: %B", &responder_non);
- pts->set_peer_public_value(pts, initiator_pub_val);
- if (!pts->calculate_secret(pts, initiator_nonce,
- responder_non, selected_algorithm))
+ pts->set_peer_public_value(pts, initiator_value,
+ initiator_nonce);
+ if (!pts->calculate_secret(pts))
{
goto err;
}
}
/* Create a hasher */
- hash_alg = pts_meas_to_hash_algorithm(pts->get_meas_algorithm(pts));
+ hash_alg = pts_meas_algo_to_hash(pts->get_meas_algorithm(pts));
hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
if (!hasher)
{
return TNC_RESULT_NOT_INITIALIZED;
}
- free(responder_nonce);
DESTROY_IF(evidences);
libpts_deinit();
#define IMV_VENDOR_ID PEN_TCG
#define IMV_SUBTYPE PA_SUBTYPE_TCG_PTS
+#define NONCE_LEN_LIMIT 16
+
static imv_agent_t *imv_attestation;
/**
* Supported PTS measurement algorithms
*/
-static pts_meas_algorithms_t supported_algorithms = 0;
+static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
/**
* Supported PTS Diffie Hellman Groups
*/
-static pts_dh_group_t supported_dh_groups = 0;
-
-/**
- * High Entropy Random Data
- * used in calculation of shared secret for the assessment session
- */
-static char *initiator_nonce = NULL;
+static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
/**
* PTS file measurement database
TNC_Version *actual_version)
{
char *hash_alg, *dh_group, *uri, *cadir;
- rng_t *rng;
if (imv_attestation)
{
DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
return TNC_RESULT_ALREADY_INITIALIZED;
}
- if (!pts_meas_probe_algorithms(&supported_algorithms))
- {
- return TNC_RESULT_FATAL;
- }
- if (!pts_probe_dh_groups(&supported_dh_groups))
+ if (!pts_meas_algo_probe(&supported_algorithms) ||
+ !pts_dh_group_probe(&supported_dh_groups))
{
return TNC_RESULT_FATAL;
}
libpts_init();
- /* Create a initiator nonce */
- initiator_nonce = (char*)malloc(NONCE_LEN);
- rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (rng)
- {
- rng->get_bytes(rng, NONCE_LEN, initiator_nonce);
- rng->destroy(rng);
- }
-
if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1)
{
DBG1(DBG_IMV, "no common IF-IMV version");
*/
hash_alg = lib->settings->get_str(lib->settings,
"libimcv.plugins.imv-attestation.hash_algorithm", "sha256");
- if (!strcaseeq(hash_alg, "sha384") && !strcaseeq(hash_alg, "sha2_384"))
- {
- /* remove SHA384 algorithm */
- supported_algorithms &= ~PTS_MEAS_ALGO_SHA384;
- }
- if (strcaseeq(hash_alg, "sha1"))
- {
- /* remove SHA256 algorithm */
- supported_algorithms &= ~PTS_MEAS_ALGO_SHA256;
- }
-
+
/**
* Specify supported PTS Diffie-Hellman groups
*
*/
dh_group = lib->settings->get_str(lib->settings,
"libimcv.plugins.imv-attestation.dh_group", "ecp256");
- if (!pts_update_supported_dh_groups(dh_group, &supported_dh_groups))
+
+ if (!pts_meas_algo_update(hash_alg, &supported_algorithms) ||
+ !pts_dh_group_update(dh_group, &supported_dh_groups))
{
return TNC_RESULT_FATAL;
}
{
if (!dh_nonce_req_sent)
{
+ int min_nonce_len;
+
/* Send DH nonce parameters request attribute */
- attr = tcg_pts_attr_dh_nonce_params_req_create(0, supported_dh_groups);
+ min_nonce_len = lib->settings->get_int(lib->settings,
+ "libimcv.plugins.imv-attestation.min_nonce_len", 0);
+ attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
+ supported_dh_groups);
attr->set_noskip_flag(attr, TRUE);
msg->add_attribute(msg, attr);
dh_nonce_req_sent = TRUE;
else
{
pts_meas_algorithms_t selected_algorithm;
- chunk_t initiator_pub_val;
+ chunk_t initiator_value, initiator_nonce;
/* Send DH nonce finish attribute */
selected_algorithm = pts->get_meas_algorithm(pts);
- pts->get_my_public_value(pts, &initiator_pub_val);
-
- attr = tcg_pts_attr_dh_nonce_finish_create(NONCE_LEN,
- selected_algorithm,
- chunk_create(initiator_nonce, NONCE_LEN),
- initiator_pub_val);
+ pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
+ attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
+ initiator_value, initiator_nonce);
attr->set_noskip_flag(attr, TRUE);
msg->add_attribute(msg, attr);
}
attr_list = linked_list_create();
+
/* analyze PA-TNC attributes */
enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
while (enumerator->enumerate(enumerator, &attr))
attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
selected_algorithm = attr_cast->get_algorithms(attr_cast);
+ if (!(selected_algorithm & supported_algorithms))
+ {
+ DBG1(DBG_IMV, "PTS-IMC selected unsupported "
+ "measurement algorithm");
+ return TNC_RESULT_FATAL;
+ }
pts->set_meas_algorithm(pts, selected_algorithm);
break;
}
case TCG_PTS_DH_NONCE_PARAMS_RESP:
{
tcg_pts_attr_dh_nonce_params_resp_t *attr_cast;
- u_int8_t nonce_len;
+ int nonce_len, min_nonce_len;
pts_dh_group_t dh_group;
pts_meas_algorithms_t offered_algorithms, selected_algorithm;
- chunk_t responder_nonce, initiator_non, responder_pub_val;
+ chunk_t responder_value, responder_nonce;
attr_cast = (tcg_pts_attr_dh_nonce_params_resp_t*)attr;
+ responder_nonce = attr_cast->get_responder_nonce(attr_cast);
- nonce_len = attr_cast->get_nonce_len(attr_cast);
- if (nonce_len < 0 || nonce_len <= 16)
+ /* check compliance of responder nonce length */
+ min_nonce_len = lib->settings->get_int(lib->settings,
+ "libimcv.plugins.imv-attestation.min_nonce_len", 0);
+ nonce_len = responder_nonce.len;
+ if (nonce_len <= NONCE_LEN_LIMIT ||
+ (min_nonce_len > 0 && nonce_len < min_nonce_len))
{
attr_info = attr->get_value(attr);
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
}
dh_group = attr_cast->get_dh_group(attr_cast);
+ if (!(dh_group & supported_dh_groups))
+ {
+ DBG1(DBG_IMV, "PTS-IMC selected unsupported DH group");
+ return TNC_RESULT_FATAL;
+ }
offered_algorithms = attr_cast->get_hash_algo_set(attr_cast);
- if (!(offered_algorithms & PTS_MEAS_ALGO_SHA1) &&
- !(offered_algorithms & PTS_MEAS_ALGO_SHA256) &&
- !(offered_algorithms & PTS_MEAS_ALGO_SHA384))
+ selected_algorithm = pts_meas_algo_select(supported_algorithms,
+ offered_algorithms);
+ if (selected_algorithm == PTS_MEAS_ALGO_NONE)
{
attr = pts_hash_alg_error_create(supported_algorithms);
attr_list->insert_last(attr_list, attr);
break;
}
- /* Use already negotiated measurement algorithm */
- selected_algorithm = pts->get_meas_algorithm(pts);
- responder_nonce = attr_cast->get_responder_nonce(attr_cast);
- responder_pub_val = attr_cast->get_responder_pub_val(attr_cast);
- initiator_non = chunk_create(initiator_nonce, NONCE_LEN);
-
- /* Calculate secret assessment value */
- if (!pts->create_dh(pts, dh_group))
+ pts->set_dh_hash_algorithm(pts, selected_algorithm);
+
+ if (!pts->create_dh_nonce(pts, dh_group, nonce_len))
{
return TNC_RESULT_FATAL;
}
- pts->set_peer_public_value(pts, responder_pub_val);
- DBG3(DBG_IMV, "Initiator nonce: %B", &initiator_non);
- DBG3(DBG_IMV, "Responder nonce: %B", &responder_nonce);
- if (!pts->calculate_secret(pts, initiator_non,
- responder_nonce, selected_algorithm))
+ responder_value = attr_cast->get_responder_value(attr_cast);
+ pts->set_peer_public_value(pts, responder_value,
+ responder_nonce);
+
+ /* Calculate secret assessment value */
+ if (!pts->calculate_secret(pts))
{
return TNC_RESULT_FATAL;
}
}
DESTROY_IF(pts_db);
DESTROY_IF(pts_credmgr);
- free(initiator_nonce);
libpts_deinit();
pts_meas_algorithms_t algorithm;
/**
- * PTS Diffie Hellman Secret
+ * DH Hash Algorithm
+ */
+ pts_meas_algorithms_t dh_hash_algorithm;
+
+ /**
+ * PTS Diffie-Hellman Secret
*/
diffie_hellman_t *dh;
+ /**
+ * PTS Diffie-Hellman Initiator Nonce
+ */
+ chunk_t initiator_nonce;
+
+ /**
+ * PTS Diffie-Hellman Responder Nonce
+ */
+ chunk_t responder_nonce;
+
/**
* Secret assessment value to be used for TPM Quote as an external data
*/
*/
char *platform_info;
+ /**
+ * TRUE if IMC-PTS, FALSE if IMV-PTS
+ */
+ bool is_imc;
+
/**
* Do we have an activated TPM
*/
}
METHOD(pts_t, set_proto_caps, void,
- private_pts_t *this, pts_proto_caps_flag_t flags)
+ private_pts_t *this, pts_proto_caps_flag_t flags)
{
this->proto_caps = flags;
DBG2(DBG_PTS, "supported PTS protocol capabilities: %s%s%s%s%s",
}
METHOD(pts_t, get_meas_algorithm, pts_meas_algorithms_t,
- private_pts_t *this)
+ private_pts_t *this)
{
return this->algorithm;
}
METHOD(pts_t, set_meas_algorithm, void,
- private_pts_t *this, pts_meas_algorithms_t algorithm)
+ private_pts_t *this, pts_meas_algorithms_t algorithm)
{
hash_algorithm_t hash_alg;
- hash_alg = pts_meas_to_hash_algorithm(algorithm);
+ hash_alg = pts_meas_algo_to_hash(algorithm);
DBG2(DBG_PTS, "selected PTS measurement algorithm is %N",
- hash_algorithm_names, hash_alg);
+ hash_algorithm_names, hash_alg);
if (hash_alg != HASH_UNKNOWN)
{
this->algorithm = algorithm;
}
}
-METHOD(pts_t, create_dh, bool,
- private_pts_t *this, pts_dh_group_t group)
+METHOD(pts_t, get_dh_hash_algorithm, pts_meas_algorithms_t,
+ private_pts_t *this)
+{
+ return this->dh_hash_algorithm;
+}
+
+METHOD(pts_t, set_dh_hash_algorithm, void,
+ private_pts_t *this, pts_meas_algorithms_t algorithm)
+{
+ hash_algorithm_t hash_alg;
+
+ hash_alg = pts_meas_algo_to_hash(algorithm);
+ DBG2(DBG_PTS, "selected DH hash algorithm is %N",
+ hash_algorithm_names, hash_alg);
+ if (hash_alg != HASH_UNKNOWN)
+ {
+ this->dh_hash_algorithm = algorithm;
+ }
+}
+
+
+METHOD(pts_t, create_dh_nonce, bool,
+ private_pts_t *this, pts_dh_group_t group, int nonce_len)
{
diffie_hellman_group_t dh_group;
+ chunk_t *nonce;
+ rng_t *rng;
- dh_group = pts_dh_group_to_strongswan_dh_group(group);
- if (dh_group != MODP_NONE)
+ dh_group = pts_dh_group_to_ike(group);
+ DBG2(DBG_PTS, "selected PTS DH group is %N",
+ diffie_hellman_group_names, dh_group);
+ DESTROY_IF(this->dh);
+ this->dh = lib->crypto->create_dh(lib->crypto, dh_group);
+
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (!rng)
{
- this->dh = lib->crypto->create_dh(lib->crypto, dh_group);
- DBG2(DBG_PTS, "selected PTS DH group is %N",
- diffie_hellman_group_names, dh_group);
- return TRUE;
+ DBG1(DBG_PTS, "no rng available");
+ return FALSE;
}
- DBG1(DBG_PTS, "unable to create DH group %N",
- diffie_hellman_group_names, dh_group);
+ DBG2(DBG_PTS, "nonce length is %d", nonce_len);
+ nonce = this->is_imc ? &this->responder_nonce : &this->initiator_nonce;
+ chunk_free(nonce);
+ rng->allocate_bytes(rng, nonce_len, nonce);
+ rng->destroy(rng);
- return FALSE;
+ return TRUE;
}
METHOD(pts_t, get_my_public_value, void,
- private_pts_t *this, chunk_t *value)
+ private_pts_t *this, chunk_t *value, chunk_t *nonce)
{
this->dh->get_my_public_value(this->dh, value);
+ *nonce = this->is_imc ? this->responder_nonce : this->initiator_nonce;
}
METHOD(pts_t, set_peer_public_value, void,
- private_pts_t *this, chunk_t value)
+ private_pts_t *this, chunk_t value, chunk_t nonce)
{
this->dh->set_other_public_value(this->dh, value);
+
+ nonce = chunk_clone(nonce);
+ if (this->is_imc)
+ {
+ this->initiator_nonce = nonce;
+ }
+ else
+ {
+ this->responder_nonce = nonce;
+ }
}
METHOD(pts_t, calculate_secret, bool,
- private_pts_t *this, chunk_t initiator_nonce, chunk_t responder_nonce,
- pts_meas_algorithms_t algorithm)
+ private_pts_t *this)
{
hasher_t *hasher;
hash_algorithm_t hash_alg;
- u_char output[HASH_SIZE_SHA384];
chunk_t shared_secret;
- /* Create a hasher */
- hash_alg = pts_meas_to_hash_algorithm(algorithm);
- hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
- if (!hasher)
+ /* Check presence of nonces */
+ if (!this->initiator_nonce.len || !this->responder_nonce.len)
{
- DBG1(DBG_PTS, " hasher %N not available", hash_algorithm_names, hash_alg);
+ DBG1(DBG_PTS, "initiator and/or responder nonce is not available");
return FALSE;
}
+ DBG3(DBG_PTS, "initiator nonce: %B", &this->initiator_nonce);
+ DBG3(DBG_PTS, "responder nonce: %B", &this->responder_nonce);
+ /* Calculate the DH secret */
if (this->dh->get_shared_secret(this->dh, &shared_secret) != SUCCESS)
{
- DBG1(DBG_PTS, "shared secret couldn't be calculated");
- hasher->destroy(hasher);
+ DBG1(DBG_PTS, "shared DH secret computation failed");
return FALSE;
}
+ DBG4(DBG_PTS, "shared DH secret: %B", &shared_secret);
- hasher->get_hash(hasher, chunk_create("1", sizeof("1")), NULL);
- hasher->get_hash(hasher, initiator_nonce, NULL);
- hasher->get_hash(hasher, responder_nonce, NULL);
- hasher->get_hash(hasher, shared_secret, output);
-
- /**
- * Link the hash output to the secret and set the length
- * Truncate the output to 20 bytes to fit ExternalDate argument of TPM Quote
- */
- this->secret = chunk_create(output, HASH_SIZE_SHA1);
- DBG3(DBG_PTS, "secret assessment value: %B", &this->secret);
+ /* Calculate the secret assessment value */
+ hash_alg = pts_meas_algo_to_hash(this->dh_hash_algorithm);
+ hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
- chunk_free(&shared_secret);
+ hasher->allocate_hash(hasher, chunk_from_chars('1'), NULL);
+ hasher->allocate_hash(hasher, this->initiator_nonce, NULL);
+ hasher->allocate_hash(hasher, this->responder_nonce, NULL);
+ hasher->allocate_hash(hasher, shared_secret, &this->secret);
hasher->destroy(hasher);
- return TRUE;
-}
-METHOD(pts_t, get_secret, chunk_t,
- private_pts_t *this)
-{
- return this->secret;
+ /* The DH secret must be destroyed */
+ chunk_clear(&shared_secret);
+
+ /*
+ * Truncate the hash to 20 bytes to fit the ExternalData
+ * argument of the TPM Quote command
+ */
+ this->secret.len = min(this->secret.len, 20);
+ DBG4(DBG_PTS, "secret assessment value: %B", &this->secret);
+ return TRUE;
}
/**
}
METHOD(pts_t, get_platform_info, char*,
- private_pts_t *this)
+ private_pts_t *this)
{
return this->platform_info;
}
METHOD(pts_t, set_platform_info, void,
- private_pts_t *this, char *info)
+ private_pts_t *this, char *info)
{
free(this->platform_info);
this->platform_info = strdup(info);
}
METHOD(pts_t, get_tpm_version_info, bool,
- private_pts_t *this, chunk_t *info)
+ private_pts_t *this, chunk_t *info)
{
if (!this->has_tpm)
{
}
METHOD(pts_t, set_tpm_version_info, void,
- private_pts_t *this, chunk_t info)
+ private_pts_t *this, chunk_t info)
{
this->tpm_version_info = chunk_clone(info);
print_tpm_version_info(this);
}
METHOD(pts_t, get_aik, certificate_t*,
- private_pts_t *this)
+ private_pts_t *this)
{
return this->aik;
}
METHOD(pts_t, set_aik, void,
- private_pts_t *this, certificate_t *aik)
+ private_pts_t *this, certificate_t *aik)
{
DESTROY_IF(this->aik);
this->aik = aik->get_ref(aik);
}
METHOD(pts_t, hash_file, bool,
- private_pts_t *this, hasher_t *hasher, char *pathname, u_char *hash)
+ private_pts_t *this, hasher_t *hasher, char *pathname, u_char *hash)
{
u_char buffer[PTS_BUF_SIZE];
FILE *file;
return filename;
}
-METHOD(pts_t, is_path_valid, bool, private_pts_t *this, char *path,
- pts_error_code_t *error_code)
+METHOD(pts_t, is_path_valid, bool,
+ private_pts_t *this, char *path, pts_error_code_t *error_code)
{
struct stat st;
}
METHOD(pts_t, do_measurements, pts_file_meas_t*,
- private_pts_t *this, u_int16_t request_id, char *pathname, bool is_directory)
+ private_pts_t *this, u_int16_t request_id, char *pathname, bool is_directory)
{
hasher_t *hasher;
hash_algorithm_t hash_alg;
pts_file_meas_t *measurements;
/* Create a hasher */
- hash_alg = pts_meas_to_hash_algorithm(this->algorithm);
+ hash_alg = pts_meas_algo_to_hash(this->algorithm);
hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
if (!hasher)
{
}
METHOD(pts_t, get_metadata, pts_file_meta_t*,
- private_pts_t *this, char *pathname, bool is_directory)
+ private_pts_t *this, char *pathname, bool is_directory)
{
pts_file_meta_t *metadata;
pts_file_metadata_t *entry;
}
METHOD(pts_t, read_pcr, bool,
- private_pts_t *this, u_int32_t pcr_num, chunk_t *output)
+ private_pts_t *this, u_int32_t pcr_num, chunk_t *output)
{
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
}
METHOD(pts_t, extend_pcr, bool,
- private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output)
+ private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output)
{
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
}
METHOD(pts_t, quote_tpm, bool,
- private_pts_t *this, linked_list_t *pcrs,
- chunk_t *pcr_composite, chunk_t *quote_signature)
+ private_pts_t *this, linked_list_t *pcrs, chunk_t *pcr_composite,
+ chunk_t *quote_signature)
{
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
}
METHOD(pts_t, destroy, void,
- private_pts_t *this)
+ private_pts_t *this)
{
DESTROY_IF(this->aik);
DESTROY_IF(this->dh);
+ free(this->initiator_nonce.ptr);
+ free(this->responder_nonce.ptr);
free(this->platform_info);
free(this->tpm_version_info.ptr);
free(this);
private_pts_t *this;
INIT(this,
- .public = {
- .get_proto_caps = _get_proto_caps,
- .set_proto_caps = _set_proto_caps,
- .get_meas_algorithm = _get_meas_algorithm,
- .set_meas_algorithm = _set_meas_algorithm,
- .create_dh = _create_dh,
- .get_my_public_value = _get_my_public_value,
- .set_peer_public_value = _set_peer_public_value,
- .calculate_secret = _calculate_secret,
- .get_secret = _get_secret,
- .get_platform_info = _get_platform_info,
- .set_platform_info = _set_platform_info,
- .get_tpm_version_info = _get_tpm_version_info,
- .set_tpm_version_info = _set_tpm_version_info,
- .get_aik = _get_aik,
- .set_aik = _set_aik,
- .is_path_valid = _is_path_valid,
- .hash_file = _hash_file,
- .do_measurements = _do_measurements,
- .get_metadata = _get_metadata,
- .read_pcr = _read_pcr,
- .extend_pcr = _extend_pcr,
- .quote_tpm = _quote_tpm,
- .destroy = _destroy,
- },
- .proto_caps = PTS_PROTO_CAPS_V,
- .algorithm = PTS_MEAS_ALGO_SHA256,
+ .public = {
+ .get_proto_caps = _get_proto_caps,
+ .set_proto_caps = _set_proto_caps,
+ .get_meas_algorithm = _get_meas_algorithm,
+ .set_meas_algorithm = _set_meas_algorithm,
+ .get_dh_hash_algorithm = _get_dh_hash_algorithm,
+ .set_dh_hash_algorithm = _set_dh_hash_algorithm,
+ .create_dh_nonce = _create_dh_nonce,
+ .get_my_public_value = _get_my_public_value,
+ .set_peer_public_value = _set_peer_public_value,
+ .calculate_secret = _calculate_secret,
+ .get_platform_info = _get_platform_info,
+ .set_platform_info = _set_platform_info,
+ .get_tpm_version_info = _get_tpm_version_info,
+ .set_tpm_version_info = _set_tpm_version_info,
+ .get_aik = _get_aik,
+ .set_aik = _set_aik,
+ .is_path_valid = _is_path_valid,
+ .hash_file = _hash_file,
+ .do_measurements = _do_measurements,
+ .get_metadata = _get_metadata,
+ .read_pcr = _read_pcr,
+ .extend_pcr = _extend_pcr,
+ .quote_tpm = _quote_tpm,
+ .destroy = _destroy,
+ },
+ .is_imc = is_imc,
+ .proto_caps = PTS_PROTO_CAPS_V,
+ .algorithm = PTS_MEAS_ALGO_SHA256,
+ .dh_hash_algorithm = PTS_MEAS_ALGO_SHA256,
);
if (is_imc)
#define REVERSE_SOLIDUS_UTF 0x5C
/**
- * Lenght of the generated nonce used for calculation of shared secret
- */
-#define NONCE_LEN 20
-
-/**
- * Lenght of the generated nonce used for calculation of shared secret
+ * Length of the generated nonce used for calculation of shared secret
*/
#define ASSESSMENT_SECRET_LEN 20
#define MAX_NUM_PCR 24
/**
- * Number of bytes can be savedin a PCR of TPM, TPM Spec 1.2
+ * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
*/
#define PCR_LEN 20
/**
- * Class implementing the TCG Platform Trust System (PTS)
+ * Class implementing the TCG Platform Trust Service (PTS)
*
*/
struct pts_t {
/**
* Get PTS Measurement Algorithm
*
- * @return Measurement algorithm
+ * @return PTS measurement algorithm
*/
pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
/**
* Set PTS Measurement Algorithm
*
- * @param algorithm Measurement algorithm
+ * @param algorithm PTS measurement algorithm
*/
void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
/**
- * Set PTS Diffie-Hellman object
+ * Get DH Hash Algorithm
+ *
+ * @return DH hash algorithm
+ */
+ pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
+
+ /**
+ * Set DH Hash Algorithm
+ *
+ * @param algorithm DH hash algorithm
+ */
+ void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
+
+ /**
+ * Create PTS Diffie-Hellman object and nonce
+ *
+ * @param group PTS DH group
+ * @param nonce_len Nonce length
+ * @return TRUE if creation was successful
*
- * @param dh DH object
*/
- bool (*create_dh)(pts_t *this, pts_dh_group_t group);
+ bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
/**
* Get my Diffie-Hellman public value
*
* @param value My public DH value
+ * @param nonce My DH nonce
*/
- void (*get_my_public_value)(pts_t *this, chunk_t *value);
+ void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
/**
* Set peer Diffie.Hellman public value
*
* @param value Peer public DH value
+ * @param nonce Peer DH nonce
*/
- void (*set_peer_public_value) (pts_t *this, chunk_t value);
+ void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
/**
- * Calculates secret assessment value to be used for TPM Quote as an external data
+ * Calculates secret assessment value to be used for TPM Quote as ExternalData
*
- * @param initiator_nonce Initiator nonce (IMV nonce)
- * @param responder_nonce Responder nonce (IMC nonce)
- * @param algorithm Hashing algorithm
* @return TRUE unless both DH public values
* and nonces are set
*/
- bool (*calculate_secret) (pts_t *this, chunk_t initiator_nonce,
- chunk_t responder_nonce,
- pts_meas_algorithms_t algorithm);
-
- /**
- * Returns secret assessment value to be used for TPM Quote as an external data
- *
- * @return Secret assessment value
- */
- chunk_t (*get_secret) (pts_t *this);
+ bool (*calculate_secret) (pts_t *this);
/**
* Get Platform and OS Info
/* nothing to update, all groups are supported */
return TRUE;
}
- else if (strcaseeq(dh_group, "ecp256"))
+ if (strcaseeq(dh_group, "ecp256"))
{
/* remove DH group 20 */
*dh_groups &= ~PTS_DH_GROUP_IKE20;
return TRUE;
}
- else if (strcaseeq(dh_group, "modp2048"))
+ if (strcaseeq(dh_group, "modp2048"))
{
/* remove DH groups 19 and 20 */
*dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19);
return TRUE;
}
- else if (strcaseeq(dh_group, "modp1536"))
+ if (strcaseeq(dh_group, "modp1536"))
{
/* remove DH groups 14, 19 and 20 */
*dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 |
PTS_DH_GROUP_IKE14);
return TRUE;
}
- else if (strcaseeq(dh_group, "modp1024"))
+ if (strcaseeq(dh_group, "modp1024"))
{
/* remove DH groups 5, 14, 19 and 20 */
*dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 |
PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE5);
return TRUE;
}
- DBG1(DBG_PTS, "unknown DH group: %s configured", dh_group);
+ DBG1(DBG_PTS, "unknown DH group '%s' configured", dh_group);
return FALSE;
}
*algorithms &= ~(PTS_MEAS_ALGO_SHA384 | PTS_MEAS_ALGO_SHA256);
return TRUE;
}
- DBG1(DBG_PTS, "unknown hash algorithm: %s configured", hash_alg);
+ DBG1(DBG_PTS, "unknown hash algorithm '%s' configured", hash_alg);
return FALSE;
}
*/
bool noskip_flag;
- /**
- * Length of nonce
- */
- u_int8_t nonce_len;
-
/**
* Selected Hashing Algorithm
*/
/**
* DH Initiator Public Value
*/
- chunk_t initiator_pub_val;
+ chunk_t initiator_value;
/**
* DH Initiator Nonce
writer = bio_writer_create(PTS_DH_NONCE_FINISH_SIZE);
writer->write_uint8 (writer, PTS_DH_NONCE_FINISH_RESERVED);
- writer->write_uint8 (writer, this->nonce_len);
+ writer->write_uint8 (writer, this->initiator_nonce.len);
writer->write_uint16(writer, this->hash_algo);
- writer->write_data (writer, this->initiator_pub_val);
+ writer->write_data (writer, this->initiator_value);
writer->write_data (writer, this->initiator_nonce);
this->value = chunk_clone(writer->get_buf(writer));
private_tcg_pts_attr_dh_nonce_finish_t *this, u_int32_t *offset)
{
bio_reader_t *reader;
- u_int8_t reserved;
+ u_int8_t reserved, nonce_len;
u_int16_t hash_algo;
if (this->value.len < PTS_DH_NONCE_FINISH_SIZE)
}
reader = bio_reader_create(this->value);
reader->read_uint8 (reader, &reserved);
- reader->read_uint8 (reader, &this->nonce_len);
+ reader->read_uint8 (reader, &nonce_len);
reader->read_uint16(reader, &hash_algo);
+ reader->read_data(reader, reader->remaining(reader) - nonce_len,
+ &this->initiator_value);
+ reader->read_data(reader, nonce_len, &this->initiator_nonce);
this->hash_algo = hash_algo;
- reader->read_data(reader, reader->remaining(reader) - this->nonce_len,
- &this->initiator_pub_val);
- this->initiator_pub_val = chunk_clone(this->initiator_pub_val);
- reader->read_data(reader, this->nonce_len, &this->initiator_nonce);
+ this->initiator_value = chunk_clone(this->initiator_value);
this->initiator_nonce = chunk_clone(this->initiator_nonce);
-
reader->destroy(reader);
return SUCCESS;
private_tcg_pts_attr_dh_nonce_finish_t *this)
{
free(this->value.ptr);
- free(this->initiator_pub_val.ptr);
+ free(this->initiator_value.ptr);
free(this->initiator_nonce.ptr);
free(this);
}
-METHOD(tcg_pts_attr_dh_nonce_finish_t, get_nonce_len, u_int8_t,
- private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
- return this->nonce_len;
-}
-
METHOD(tcg_pts_attr_dh_nonce_finish_t, get_hash_algo, pts_meas_algorithms_t,
private_tcg_pts_attr_dh_nonce_finish_t *this)
{
return this->hash_algo;
}
-METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_pub_val, chunk_t,
+METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_value, chunk_t,
private_tcg_pts_attr_dh_nonce_finish_t *this)
{
- return this->initiator_pub_val;
+ return this->initiator_value;
}
METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_nonce, chunk_t,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create(u_int8_t nonce_len,
- pts_meas_algorithms_t hash_algo,
- chunk_t initiator_nonce,
- chunk_t initiator_pub_val)
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create(pts_meas_algorithms_t hash_algo,
+ chunk_t initiator_value,
+ chunk_t initiator_nonce)
{
private_tcg_pts_attr_dh_nonce_finish_t *this;
.process = _process,
.destroy = _destroy,
},
- .get_nonce_len = _get_nonce_len,
.get_hash_algo = _get_hash_algo,
.get_initiator_nonce = _get_initiator_nonce,
- .get_initiator_pub_val = _get_initiator_pub_val,
+ .get_initiator_value = _get_initiator_value,
},
.vendor_id = PEN_TCG,
.type = TCG_PTS_DH_NONCE_FINISH,
- .nonce_len = nonce_len,
.hash_algo = hash_algo,
+ .initiator_value = initiator_value,
.initiator_nonce = chunk_clone(initiator_nonce),
- .initiator_pub_val = initiator_pub_val,
);
return &this->public.pa_tnc_attribute;
.process = _process,
.destroy = _destroy,
},
- .get_nonce_len = _get_nonce_len,
.get_hash_algo = _get_hash_algo,
.get_initiator_nonce = _get_initiator_nonce,
- .get_initiator_pub_val = _get_initiator_pub_val,
+ .get_initiator_value = _get_initiator_value,
},
.vendor_id = PEN_TCG,
.type = TCG_PTS_DH_NONCE_FINISH,
*
* @return DH Initiator Public Value
*/
- chunk_t (*get_initiator_pub_val)(tcg_pts_attr_dh_nonce_finish_t *this);
+ chunk_t (*get_initiator_value)(tcg_pts_attr_dh_nonce_finish_t *this);
/**
* Get DH Initiator Nonce
/**
* Creates an tcg_pts_attr_dh_nonce_finish_t object
*
- * @param nonce_len Length of nonce
* @param hash_algo Selected hash algorithm
+ * @param initiator_value DH Initiator Public Value
* @param initiator_nonce DH Initiator Nonce
- * @param initiator_pub_val DH Initiator Public value
*/
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create(u_int8_t nonce_len,
- pts_meas_algorithms_t hash_algo,
- chunk_t initiator_nonce,
- chunk_t initiator_pub_val);
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create(pts_meas_algorithms_t hash_algo,
+ chunk_t initiator_value,
+ chunk_t initiator_nonce);
/**
* Creates an tcg_pts_attr_dh_nonce_finish_t object from received data
*/
bool noskip_flag;
- /**
- * Length of nonce
- */
- u_int8_t nonce_len;
-
/**
* Selected Diffie Hellman group
*/
/**
* DH Responder Public Value
*/
- chunk_t responder_pub_val;
+ chunk_t responder_value;
};
writer = bio_writer_create(PTS_DH_NONCE_PARAMS_RESP_SIZE);
writer->write_uint24(writer, PTS_DH_NONCE_PARAMS_RESP_RESERVED);
- writer->write_uint8 (writer, this->nonce_len);
+ writer->write_uint8 (writer, this->responder_nonce.len);
writer->write_uint16(writer, this->dh_group);
writer->write_uint16(writer, this->hash_algo_set);
writer->write_data (writer, this->responder_nonce);
- writer->write_data (writer, this->responder_pub_val);
+ writer->write_data (writer, this->responder_value);
this->value = chunk_clone(writer->get_buf(writer));
writer->destroy(writer);
{
bio_reader_t *reader;
u_int32_t reserved;
+ u_int8_t nonce_len;
u_int16_t dh_group, hash_algo_set;
if (this->value.len < PTS_DH_NONCE_PARAMS_RESP_SIZE)
}
reader = bio_reader_create(this->value);
reader->read_uint24(reader, &reserved);
- reader->read_uint8 (reader, &this->nonce_len);
+ reader->read_uint8 (reader, &nonce_len);
reader->read_uint16(reader, &dh_group);
- this->dh_group = dh_group;
reader->read_uint16(reader, &hash_algo_set);
+ reader->read_data(reader, nonce_len, &this->responder_nonce);
+ reader->read_data(reader, reader->remaining(reader), &this->responder_value);
+ this->dh_group = dh_group;
this->hash_algo_set = hash_algo_set;
- reader->read_data(reader, this->nonce_len, &this->responder_nonce);
this->responder_nonce = chunk_clone(this->responder_nonce);
- reader->read_data(reader, reader->remaining(reader), &this->responder_pub_val);
- this->responder_pub_val = chunk_clone(this->responder_pub_val);
+ this->responder_value = chunk_clone(this->responder_value);
reader->destroy(reader);
return SUCCESS;
{
free(this->value.ptr);
free(this->responder_nonce.ptr);
- free(this->responder_pub_val.ptr);
+ free(this->responder_value.ptr);
free(this);
}
-METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_nonce_len, u_int8_t,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- return this->nonce_len;
-}
-
METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_dh_group, pts_dh_group_t,
private_tcg_pts_attr_dh_nonce_params_resp_t *this)
{
return this->responder_nonce;
}
-METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_responder_pub_val, chunk_t,
+METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_responder_value, chunk_t,
private_tcg_pts_attr_dh_nonce_params_resp_t *this)
{
- return this->responder_pub_val;
+ return this->responder_value;
}
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(u_int8_t nonce_len,
- pts_dh_group_t dh_group,
- pts_meas_algorithms_t hash_algo_set,
- chunk_t responder_nonce,
- chunk_t responder_pub_val)
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
+ pts_meas_algorithms_t hash_algo_set,
+ chunk_t responder_nonce,
+ chunk_t responder_value)
{
private_tcg_pts_attr_dh_nonce_params_resp_t *this;
.process = _process,
.destroy = _destroy,
},
- .get_nonce_len = _get_nonce_len,
.get_dh_group = _get_dh_group,
.get_hash_algo_set = _get_hash_algo_set,
.get_responder_nonce = _get_responder_nonce,
- .get_responder_pub_val = _get_responder_pub_val,
+ .get_responder_value = _get_responder_value,
},
.vendor_id = PEN_TCG,
.type = TCG_PTS_DH_NONCE_PARAMS_RESP,
- .nonce_len = nonce_len,
.dh_group = dh_group,
.hash_algo_set = hash_algo_set,
.responder_nonce = chunk_clone(responder_nonce),
- .responder_pub_val = responder_pub_val,
+ .responder_value = responder_value,
);
return &this->public.pa_tnc_attribute;
.process = _process,
.destroy = _destroy,
},
- .get_nonce_len = _get_nonce_len,
.get_dh_group = _get_dh_group,
.get_hash_algo_set = _get_hash_algo_set,
.get_responder_nonce = _get_responder_nonce,
- .get_responder_pub_val = _get_responder_pub_val,
+ .get_responder_value = _get_responder_value,
},
.vendor_id = PEN_TCG,
.type = TCG_PTS_DH_NONCE_PARAMS_RESP,
*/
pa_tnc_attr_t pa_tnc_attribute;
- /**
- * Get nonce length
- *
- * @return Length of nonce
- */
- u_int8_t (*get_nonce_len)(tcg_pts_attr_dh_nonce_params_resp_t *this);
-
/**
* Get selected Diffie Hellman Group
*
*
* @return DH Responder Public Value
*/
- chunk_t (*get_responder_pub_val)(tcg_pts_attr_dh_nonce_params_resp_t *this);
+ chunk_t (*get_responder_value)(tcg_pts_attr_dh_nonce_params_resp_t *this);
};
/**
* Creates an tcg_pts_attr_dh_nonce_params_resp_t object
*
- * @param nonce_len Length of nonce
* @param dh_group Selected DH group
* @param hash_algo_set Set of supported hash algorithms
* @param responder_nonce DH Responder Nonce
* @param responder_pub_val DH Responder Public value
*/
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create(u_int8_t nonce_len,
- pts_dh_group_t dh_group,
- pts_meas_algorithms_t hash_algo_set,
- chunk_t responder_nonce,
- chunk_t responder_pub_val);
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
+ pts_meas_algorithms_t hash_algo_set,
+ chunk_t responder_nonce,
+ chunk_t responder_value);
/**
* Creates an tcg_pts_attr_dh_nonce_params_resp_t object from received data
projects / thirdparty / strongswan.git / commitdiff
