Fixed bug in construction of PCR_SELECT structure
authorSansar Choinyambuu <schoinya@hsr.ch>
Fri, 4 Nov 2011 08:57:17 +0000 (09:57 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 13:39:53 +0000 (14:39 +0100)
src/libpts/pts/pts.c
src/libpts/pts/pts.h

index 9b490cd..0f850f2 100644 (file)
@@ -958,6 +958,33 @@ METHOD(pts_t, add_pcr_entry, void,
 }
 
 /**
 }
 
 /**
+ * Get the maximum PCR index received in pcr_after_value field
+ */
+static u_int32_t get_max_pcr_index(private_pts_t *this)
+{
+       enumerator_t *e;
+       pcr_entry_t *pcr_entry;
+       u_int32_t ret = 0;
+
+       if (this->pcrs->get_count(this->pcrs) == 0)
+       {
+               return -1;
+       }
+       
+       e = this->pcrs->create_enumerator(this->pcrs);
+       while (e->enumerate(e, &pcr_entry))
+       {
+               if (pcr_entry->pcr_number > ret)
+               {
+                       ret = pcr_entry->pcr_number;
+               }
+       }
+       e->destroy(e);
+
+       return ret;
+}
+
+/**
  * 1. build a TCPA_PCR_COMPOSITE structure which contains (pcrCompositeBuf)
  * TCPA_PCR_SELECTION structure (bitmask length + bitmask)
  * UINT32 (network order) gives the number of bytes following (pcr entries * 20)
  * 1. build a TCPA_PCR_COMPOSITE structure which contains (pcrCompositeBuf)
  * TCPA_PCR_SELECTION structure (bitmask length + bitmask)
  * UINT32 (network order) gives the number of bytes following (pcr entries * 20)
@@ -990,24 +1017,27 @@ METHOD(pts_t, get_quote_info, bool,
        enumerator_t *e;
        pcr_entry_t *pcr_entry;
        chunk_t pcr_composite, hash_pcr_composite;
        enumerator_t *e;
        pcr_entry_t *pcr_entry;
        chunk_t pcr_composite, hash_pcr_composite;
-       u_int32_t pcr_composite_len;
+       u_int32_t pcr_composite_len, i, maximum_pcr_index, bitmask_len;
        bio_writer_t *writer;
        bio_writer_t *writer;
-       u_int8_t mask_bytes[PCR_MASK_LEN] = {0,0,0}, i;
        hasher_t *hasher;
 
        hasher_t *hasher;
 
-       if (this->pcrs->get_count(this->pcrs) == 0)
+       maximum_pcr_index = get_max_pcr_index(this);
+       if (maximum_pcr_index == -1)
        {
                DBG1(DBG_PTS, "PCR entries unavailable, unable to construct "
                                          "TPM Quote Info");
                return FALSE;
        }
        {
                DBG1(DBG_PTS, "PCR entries unavailable, unable to construct "
                                          "TPM Quote Info");
                return FALSE;
        }
-
-       pcr_composite_len = 2 + PCR_MASK_LEN + 4 +
+       
+       bitmask_len = maximum_pcr_index/8 +1;
+       u_int8_t mask_bytes[MAX_NUM_PCR/8] = {0};
+       
+       pcr_composite_len = 2 + bitmask_len + 4 +
                                                this->pcrs->get_count(this->pcrs) * PCR_LEN;
        
        writer = bio_writer_create(pcr_composite_len);
        /* Lenght of the bist mask field */
                                                this->pcrs->get_count(this->pcrs) * PCR_LEN;
        
        writer = bio_writer_create(pcr_composite_len);
        /* Lenght of the bist mask field */
-       writer->write_uint16(writer, PCR_MASK_LEN);
+       writer->write_uint16(writer, bitmask_len);
        /* Bit mask indicating selected PCRs */
        e = this->pcrs->create_enumerator(this->pcrs);
        while (e->enumerate(e, &pcr_entry))
        /* Bit mask indicating selected PCRs */
        e = this->pcrs->create_enumerator(this->pcrs);
        while (e->enumerate(e, &pcr_entry))
@@ -1017,7 +1047,7 @@ METHOD(pts_t, get_quote_info, bool,
        }
        e->destroy(e);
 
        }
        e->destroy(e);
 
-       for (i = 0; i< PCR_MASK_LEN ; i++)
+       for (i = 0; i< bitmask_len ; i++)
        {
                writer->write_uint8(writer, mask_bytes[i]);
        }
        {
                writer->write_uint8(writer, mask_bytes[i]);
        }
index 79e3301..a4d6eda 100644 (file)
@@ -43,7 +43,6 @@ typedef struct pcr_entry_t pcr_entry_t;
 /**
  * PCR indices used for measurements of various functional components
  */
 /**
  * PCR indices used for measurements of various functional components
  */
-/** Commented the real PCR indices out, use just PCR16 for debugging
 #define PCR_BIOS                                               0
 #define PCR_PLATFORM_EXT                               1
 #define PCR_MOTHERBOARD                                        1
 #define PCR_BIOS                                               0
 #define PCR_PLATFORM_EXT                               1
 #define PCR_MOTHERBOARD                                        1
@@ -59,23 +58,7 @@ typedef struct pcr_entry_t pcr_entry_t;
 #define PCR_TGRUB_CMD_LINE_ARGS                        12
 #define PCR_TGRUB_CHECKFILE                            13
 #define PCR_TGRUB_LOADED_FILES                 14
 #define PCR_TGRUB_CMD_LINE_ARGS                        12
 #define PCR_TGRUB_CHECKFILE                            13
 #define PCR_TGRUB_LOADED_FILES                 14
-*/
 
 
-#define PCR_BIOS                                               16
-#define PCR_PLATFORM_EXT                               16
-#define PCR_MOTHERBOARD                                        16
-#define PCR_OPTION_ROMS                                        16
-#define PCR_IPL                                                        16
-
-#define PCR_TBOOT_POLICY                               16
-#define PCR_TBOOT_MLE                                  16
-
-#define PCR_TGRUB_MBR_STAGE1                   16
-#define PCR_TGRUB_STAGE2_PART1                 16
-#define PCR_TGRUB_STAGE2_PART2                 16
-#define PCR_TGRUB_CMD_LINE_ARGS                        16
-#define PCR_TGRUB_CHECKFILE                            16
-#define PCR_TGRUB_LOADED_FILES                 16
 
 /**
  * Length of the generated nonce used for calculation of shared secret
 
 /**
  * Length of the generated nonce used for calculation of shared secret
@@ -98,11 +81,6 @@ typedef struct pcr_entry_t pcr_entry_t;
 #define TPM_QUOTE_INFO_LEN             48
 
 /**
 #define TPM_QUOTE_INFO_LEN             48
 
 /**
- * Bitmask Lenght for PCR Composite structure
- */
-#define PCR_MASK_LEN                   MAX_NUM_PCR/8
-
-/**
  * Hashing algorithm used by tboot and trustedGRUB
  */
 #define TRUSTED_HASH_ALGO              PTS_MEAS_ALGO_SHA1
  * Hashing algorithm used by tboot and trustedGRUB
  */
 #define TRUSTED_HASH_ALGO              PTS_MEAS_ALGO_SHA1