this->aik = aik->get_ref(aik);
}
-/**
- * Compute a hash over a file
- */
-static bool hash_file(hasher_t *hasher, char *pathname, u_char *hash)
+METHOD(pts_t, hash_file, bool,
+ private_pts_t *this, hasher_t *hasher, char *pathname, u_char *hash)
{
u_char buffer[PTS_BUF_SIZE];
FILE *file;
/* measure regular files only */
if (S_ISREG(st.st_mode) && *rel_name != '.')
{
- if (!hash_file(hasher, abs_name, hash))
+ if (!hash_file(this, hasher, abs_name, hash))
{
enumerator->destroy(enumerator);
hasher->destroy(hasher);
{
char *filename;
- if (!hash_file(hasher, pathname, hash))
+ if (!hash_file(this, hasher, pathname, hash))
{
hasher->destroy(hasher);
measurements->destroy(measurements);
return metadata;
}
+METHOD(pts_t, read_pcr, bool,
+ private_pts_t *this, u_int32_t pcr_num, chunk_t *output)
+{
+ TSS_HCONTEXT hContext;
+ TSS_HTPM hTPM;
+ TSS_RESULT result;
+ u_int32_t pcr_length;
+ chunk_t pcr_value;
+
+ result = Tspi_Context_Create(&hContext);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", result);
+ return FALSE;
+ }
+
+ result = Tspi_Context_Connect(hContext, NULL);
+ if (result != TSS_SUCCESS)
+ {
+ goto err;
+ }
+ result = Tspi_Context_GetTpmObject (hContext, &hTPM);
+ if (result != TSS_SUCCESS)
+ {
+ goto err;
+ }
+ result = Tspi_TPM_PcrRead(hTPM, pcr_num, &pcr_length, &pcr_value.ptr);
+ if (result != TSS_SUCCESS)
+ {
+ goto err;
+ }
+
+ *output = pcr_value;
+ *output = chunk_clone(*output);
+
+ Tspi_Context_Close(hContext);
+ DBG3(DBG_PTS, "PCR %d value:%B", pcr_num, output);
+ return TRUE;
+
+ err:
+ DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result);
+ Tspi_Context_Close(hContext);
+ return FALSE;
+}
+
+METHOD(pts_t, extend_pcr, bool,
+ private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output)
+{
+ TSS_HCONTEXT hContext;
+ TSS_HTPM hTPM;
+ TSS_RESULT result;
+ u_int32_t pcr_length;
+ chunk_t pcr_value;
+
+ result = Tspi_Context_Create(&hContext);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", result);
+ return FALSE;
+ }
+ result = Tspi_Context_Connect(hContext, NULL);
+ if (result != TSS_SUCCESS)
+ {
+ goto err;
+ }
+ result = Tspi_Context_GetTpmObject (hContext, &hTPM);
+ if (result != TSS_SUCCESS)
+ {
+ goto err;
+ }
+ result = Tspi_TPM_PcrExtend(hTPM, pcr_num, 20, input.ptr, NULL, &pcr_length, &pcr_value.ptr);
+ if (result != TSS_SUCCESS)
+ {
+ goto err;
+ }
+
+ *output = pcr_value;
+ *output = chunk_clone(*output);
+
+ Tspi_Context_Close(hContext);
+ DBG3(DBG_PTS, "PCR %d extended with: %B", pcr_num, &input);
+ DBG3(DBG_PTS, "PCR %d value after extend: %B", pcr_num, output);
+
+ return TRUE;
+
+ err:
+ DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result);
+ Tspi_Context_Close(hContext);
+ return FALSE;
+}
+
+METHOD(pts_t, quote_tpm, bool,
+ private_pts_t *this, u_int32_t pcr_num, chunk_t *output)
+{
+ TSS_HCONTEXT hContext;
+ TSS_HTPM hTPM;
+ TSS_HKEY hIdentKey;
+ TSS_HPCRS hPcrComposite;
+ TSS_RESULT result;
+
+ result = Tspi_Context_Create(&hContext);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", result);
+ return FALSE;
+ }
+ result = Tspi_Context_Connect(hContext, NULL);
+ if (result != TSS_SUCCESS)
+ {
+ goto err;
+ }
+ result = Tspi_Context_GetTpmObject (hContext, &hTPM);
+ if (result != TSS_SUCCESS)
+ {
+ goto err;
+ }
+
+ Tspi_Context_Close(hContext);
+ return TRUE;
+
+ err:
+ DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result);
+ Tspi_Context_Close(hContext);
+ return FALSE;
+}
METHOD(pts_t, destroy, void,
private_pts_t *this)
goto err;
}
this->tpm_version_info = chunk_clone(this->tpm_version_info);
+ Tspi_Context_Close(hContext);
return TRUE;
err:
.get_aik = _get_aik,
.set_aik = _set_aik,
.is_path_valid = _is_path_valid,
+ .hash_file = _hash_file,
.do_measurements = _do_measurements,
.get_metadata = _get_metadata,
+ .read_pcr = _read_pcr,
+ .extend_pcr = _extend_pcr,
+ .quote_tpm = _quote_tpm,
.destroy = _destroy,
},
.proto_caps = PTS_PROTO_CAPS_V,
*/
bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
+ /**
+ * Compute a hash over a file
+ * @param hasher Hasher to be used
+ * @param pathname Absolute path of a file
+ * @param hash Buffer to keep hash output
+ * @return TRUE if path is valid and hashing succeeded, FALSE otherwise
+ */
+ bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
+
/**
* Do PTS File Measurements
*
*/
pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_directory);
+ /**
+ * Reads given PCR value and returns it
+ *
+ * @param pcr_num Number of PCR to read
+ * @param pcr_value Chunk to save pcr read output
+ * @return NULL in case of TSS error, PCR value otherwise
+ */
+ bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
+
+ /**
+ * Extends given PCR with given value
+ *
+ * @param pcr_num Number of PCR to extend
+ * @param input Value to extend
+ * @param output Chunk to save PCR value after extension
+ * @return FALSE in case of TSS error, TRUE otherwise
+ */
+ bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output);
+
+ /**
+ * Quote over PCR's
+ *
+ * @param pcrs Set of PCR's to make quotation over
+ * @param quote Chunk to save quote operation output
+ * @return FALSE in case of TSS error, TRUE otherwise
+ */
+ bool (*quote_tpm)(pts_t *this, u_int32_t pcrs, chunk_t *quote);
+
/**
* Destroys a pts_t object.
*/
projects / thirdparty / strongswan.git / commitdiff
