X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=blobdiff_plain;f=src%2Flibpts%2Ftcg%2Ftcg_pts_attr_simple_evid_final.c;h=c6a5af3e17f8969f31cc3d3a335f5c341f220e1a;hp=31550201f4520cf1b557da0d13e697bc6a0c4366;hb=cb66320fee1f23d0b3ec3b42aec00a80c7ffdcbd;hpb=e1aebc940aad17183928265c874c719ce5b46653;ds=inline diff --git a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c index 3155020..c6a5af3 100644 --- a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c +++ b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c @@ -75,6 +75,11 @@ struct private_tcg_pts_attr_simple_evid_final_t { * Noskip flag */ bool noskip_flag; + + /** + * Is Evidence Signature included + */ + bool evid_sign_included; /** * Set of flags for Simple Evidence Final @@ -137,16 +142,38 @@ METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_simple_evid_final_t *this) { bio_writer_t *writer; + u_int8_t flags = 0; writer = bio_writer_create(PTS_SIMPLE_EVID_FINAL_SIZE); - writer->write_uint8 (writer, this->flags); + + /* Determine the flags to set*/ + if (this->flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO) + { + flags += 64; + } + else if (this->flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2) + { + flags += 128; + } + else if (this->flags == PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER) + { + flags += 192; + } + if (this->evid_sign_included) + { + flags += 32; + } + + writer->write_uint8 (writer, flags); writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED); + /** Optional Composite Hash Algorithm field is always present + * Field has value of all zeroes if not used. + * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 + */ + writer->write_uint16(writer, this->comp_hash_algorithm); + /* Optional fields */ - if (this->comp_hash_algorithm) - { - writer->write_uint16(writer, this->comp_hash_algorithm); - } if (this->pcr_comp.ptr && this->pcr_comp.len > 0) { writer->write_uint32 (writer, this->pcr_comp.len); @@ -183,26 +210,56 @@ METHOD(pa_tnc_attr_t, process, status_t, reader = bio_reader_create(this->value); reader->read_uint8(reader, &flags); - this->flags = flags; + + /* Determine the flags to set*/ + if (!((flags >> 7) & 1) && !((flags >> 6) & 1)) + { + this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_NO; + } + else if (!((flags >> 7) & 1) && ((flags >> 6) & 1)) + { + this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO; + } + else if (((flags >> 7) & 1) && !((flags >> 6) & 1)) + { + this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2; + } + else if (((flags >> 7) & 1) && ((flags >> 6) & 1)) + { + this->flags = PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER; + } + if ((flags >> 5) & 1) + { + this->evid_sign_included = TRUE; + } + reader->read_uint8(reader, &reserved); + + /** Optional Composite Hash Algorithm field is always present + * Field has value of all zeroes if not used. + * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 + */ + + reader->read_uint16(reader, &algorithm); + this->comp_hash_algorithm = algorithm; /* Optional Composite Hash Algorithm and TPM PCR Composite field is included */ - if ((flags >> 6) & PTS_SIMPLE_EVID_FINAL_FLAG_NO) + if (this->flags != PTS_SIMPLE_EVID_FINAL_FLAG_NO) { - u_int32_t pcr_comp_len; - u_int32_t tpm_quote_sign_len; - reader->read_uint16(reader, &algorithm); - this->comp_hash_algorithm = algorithm; + u_int32_t pcr_comp_len, tpm_quote_sign_len; + reader->read_uint32(reader, &pcr_comp_len); reader->read_data(reader, pcr_comp_len, &this->pcr_comp); this->pcr_comp = chunk_clone(this->pcr_comp); + + this->pcr_comp = chunk_empty; reader->read_uint32(reader, &tpm_quote_sign_len); reader->read_data(reader, tpm_quote_sign_len, &this->tpm_quote_sign); this->tpm_quote_sign = chunk_clone(this->tpm_quote_sign); } /* Optional Evidence Signature field is included */ - if (this->flags & PTS_SIMPLE_EVID_FINAL_FLAG_EVID) + if (this->evid_sign_included) { u_int32_t evid_sign_len = reader->remaining(reader); reader->read_data(reader, evid_sign_len, &this->evid_sign); @@ -223,6 +280,12 @@ METHOD(pa_tnc_attr_t, destroy, void, free(this); } +METHOD(tcg_pts_attr_simple_evid_final_t, is_evid_sign_included, bool, + private_tcg_pts_attr_simple_evid_final_t *this) +{ + return this->evid_sign_included; +} + METHOD(tcg_pts_attr_simple_evid_final_t, get_flags, pts_simple_evid_final_flag_t, private_tcg_pts_attr_simple_evid_final_t *this) { @@ -257,6 +320,7 @@ METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sign, chunk_t, * Described in header. */ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create( + bool evid_sign_included, pts_simple_evid_final_flag_t flags, pts_meas_algorithms_t comp_hash_algorithm, chunk_t pcr_comp, @@ -277,7 +341,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create( .process = _process, .destroy = _destroy, }, - .get_flags= _get_flags, + .is_evid_sign_included = _is_evid_sign_included, + .get_flags = _get_flags, .get_comp_hash_algorithm = _get_comp_hash_algorithm, .get_pcr_comp = _get_pcr_comp, .get_tpm_quote_sign = _get_tpm_quote_sign, @@ -285,11 +350,12 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create( }, .vendor_id = PEN_TCG, .type = TCG_PTS_SIMPLE_EVID_FINAL, + .evid_sign_included = evid_sign_included, .flags = flags, .comp_hash_algorithm = comp_hash_algorithm, - .pcr_comp = pcr_comp, - .tpm_quote_sign = tpm_quote_sign, - .evid_sign = evid_sign, + .pcr_comp = chunk_clone(pcr_comp), + .tpm_quote_sign = chunk_clone(tpm_quote_sign), + .evid_sign = chunk_clone(evid_sign), ); return &this->public.pa_tnc_attribute; @@ -315,6 +381,7 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(chunk_t data) .process = _process, .destroy = _destroy, }, + .is_evid_sign_included = _is_evid_sign_included, .get_flags= _get_flags, .get_comp_hash_algorithm = _get_comp_hash_algorithm, .get_pcr_comp = _get_pcr_comp,