refactored DH group nonce exchange
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 8 Oct 2011 20:17:50 +0000 (22:17 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 13:39:50 +0000 (14:39 +0100)
src/libimcv/plugins/imc_attestation/imc_attestation.c
src/libimcv/plugins/imv_attestation/imv_attestation.c
src/libpts/pts/pts.c
src/libpts/pts/pts.h
src/libpts/pts/pts_dh_group.c
src/libpts/pts/pts_meas_algo.c
src/libpts/tcg/tcg_pts_attr_dh_nonce_finish.c
src/libpts/tcg/tcg_pts_attr_dh_nonce_finish.h
src/libpts/tcg/tcg_pts_attr_dh_nonce_params_resp.c
src/libpts/tcg/tcg_pts_attr_dh_nonce_params_resp.h

index dab132c..4d93cb8 100644 (file)
@@ -57,6 +57,8 @@ static const char imc_name[] = "Attestation";
 
 #define IMC_VENDOR_ID                          PEN_TCG
 #define IMC_SUBTYPE                                    PA_SUBTYPE_TCG_PTS
+
+#define DEFAULT_NONCE_LEN                      20
 #define EXTEND_PCR                                     16
 
 static imc_agent_t *imc_attestation;
@@ -64,18 +66,12 @@ static imc_agent_t *imc_attestation;
 /**
  * Supported PTS measurement algorithms
  */
-static pts_meas_algorithms_t supported_algorithms = 0;
-/**
- * Supported PTS Diffie Hellman Groups
- */
-static pts_dh_group_t supported_dh_groups = 0;
+static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
 
 /**
- * High Entropy Random Data
- * used in calculation of shared secret for the assessment session
+ * Supported PTS Diffie Hellman Groups
  */
-static char *responder_nonce = NULL;
+static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
 
 /**
  * List of buffered Simple Component Evidences
@@ -91,15 +87,13 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
                                                          TNC_Version max_version,
                                                          TNC_Version *actual_version)
 {
-       rng_t *rng;
-       
        if (imc_attestation)
        {
                DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
                return TNC_RESULT_ALREADY_INITIALIZED;
        }
-       if (!pts_meas_probe_algorithms(&supported_algorithms) ||
-               !pts_probe_dh_groups(&supported_dh_groups))
+       if (!pts_meas_algo_probe(&supported_algorithms) ||
+               !pts_dh_group_probe(&supported_dh_groups))
        {
                return TNC_RESULT_FATAL;
        }
@@ -111,15 +105,6 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
        }
 
        libpts_init();
-
-       /* create a responder nonce */
-       responder_nonce = (char*)malloc(NONCE_LEN);
-       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (rng)
-       {
-               rng->get_bytes(rng, NONCE_LEN, responder_nonce);
-               rng->destroy(rng);
-       }
        
        if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
        {
@@ -317,24 +302,9 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
 
                                        attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
                                        offered_algorithms = attr_cast->get_algorithms(attr_cast);
-
-                                       if ((supported_algorithms & PTS_MEAS_ALGO_SHA384) &&
-                                               (offered_algorithms & PTS_MEAS_ALGO_SHA384))
-                                       {
-                                               pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA384);
-                                       }
-                                       else if ((supported_algorithms & PTS_MEAS_ALGO_SHA256) &&
-                                                        (offered_algorithms & PTS_MEAS_ALGO_SHA256))
-                                       {
-                                               pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA256);
-                                       }
-
-                                       else if ((supported_algorithms & PTS_MEAS_ALGO_SHA1) &&
-                                                        (offered_algorithms & PTS_MEAS_ALGO_SHA1))
-                                       {
-                                               pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA1);
-                                       }
-                                       else
+                                       selected_algorithm = pts_meas_algo_select(supported_algorithms,
+                                                                                                                         offered_algorithms);
+                                       if (selected_algorithm == PTS_MEAS_ALGO_NONE)
                                        {
                                                attr = pts_hash_alg_error_create(supported_algorithms);
                                                attr_list->insert_last(attr_list, attr);
@@ -342,7 +312,7 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
                                        }
 
                                        /* Send Measurement Algorithm Selection attribute */
-                                       selected_algorithm = pts->get_meas_algorithm(pts);
+                                       pts->set_meas_algorithm(pts, selected_algorithm);
                                        attr = tcg_pts_attr_meas_algo_create(selected_algorithm,
                                                                                                                 TRUE);
                                        attr_list->insert_last(attr_list, attr);
@@ -351,13 +321,17 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
                                case TCG_PTS_DH_NONCE_PARAMS_REQ:
                                {
                                        tcg_pts_attr_dh_nonce_params_req_t *attr_cast;
-                                       u_int8_t min_nonce_len;
                                        pts_dh_group_t offered_dh_groups, selected_dh_group;
-                                       chunk_t responder_pub_val;
+                                       chunk_t responder_value, responder_nonce;
+                                       int nonce_len, min_nonce_len;
+
+                                       nonce_len = lib->settings->get_int(lib->settings,
+                                                                       "libimcv.plugins.imc-attestation.nonce_len",
+                                                                        DEFAULT_NONCE_LEN);
 
                                        attr_cast = (tcg_pts_attr_dh_nonce_params_req_t*)attr;
                                        min_nonce_len = attr_cast->get_min_nonce_len(attr_cast);
-                                       if (NONCE_LEN < min_nonce_len || NONCE_LEN <= 16)
+                                       if (min_nonce_len > 0 && nonce_len < min_nonce_len)
                                        {
                                                attr_info = attr->get_value(attr);
                                                attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
@@ -367,33 +341,9 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
                                        }
 
                                        offered_dh_groups = attr_cast->get_dh_groups(attr_cast);
-
-                                       if ((supported_dh_groups & PTS_DH_GROUP_IKE20) &&
-                                               (offered_dh_groups & PTS_DH_GROUP_IKE20))
-                                       {
-                                               selected_dh_group = PTS_DH_GROUP_IKE20;
-                                       }
-                                       else if ((supported_dh_groups & PTS_DH_GROUP_IKE19) &&
-                                                        (offered_dh_groups & PTS_DH_GROUP_IKE19))
-                                       {
-                                               selected_dh_group = PTS_DH_GROUP_IKE19;
-                                       }
-                                       else if ((supported_dh_groups & PTS_DH_GROUP_IKE14) &&
-                                                        (offered_dh_groups & PTS_DH_GROUP_IKE14))
-                                       {
-                                               selected_dh_group = PTS_DH_GROUP_IKE14;
-                                       }
-                                       else if ((supported_dh_groups & PTS_DH_GROUP_IKE5) &&
-                                                        (offered_dh_groups & PTS_DH_GROUP_IKE5))
-                                       {
-                                               selected_dh_group = PTS_DH_GROUP_IKE5;
-                                       }
-                                       else if ((supported_dh_groups & PTS_DH_GROUP_IKE2) &&
-                                                        (offered_dh_groups & PTS_DH_GROUP_IKE2))
-                                       {
-                                               selected_dh_group = PTS_DH_GROUP_IKE2;
-                                       }
-                                       else
+                                       selected_dh_group = pts_dh_group_select(supported_dh_groups,
+                                                                                                                       offered_dh_groups);
+                                       if (selected_dh_group == PTS_DH_GROUP_NONE)
                                        {
                                                attr_info = attr->get_value(attr);
                                                attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
@@ -402,31 +352,42 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
                                                break;
                                        }
 
-                                       /* Create own DH factor */
-                                       if (!pts->create_dh(pts, selected_dh_group))
+                                       /* Create own DH factor and nonce */
+                                       if (!pts->create_dh_nonce(pts, selected_dh_group, nonce_len))
                                        {
                                                goto err;
                                        }
-                                       pts->get_my_public_value(pts, &responder_pub_val);
+                                       pts->get_my_public_value(pts, &responder_value,
+                                                                                                 &responder_nonce);
 
                                        /* Send DH Nonce Parameters Response attribute */
-                                       attr = tcg_pts_attr_dh_nonce_params_resp_create(NONCE_LEN,
-                                                               selected_dh_group, supported_algorithms,
-                                                               chunk_create(responder_nonce, NONCE_LEN),
-                                                               responder_pub_val);
+                                       attr = tcg_pts_attr_dh_nonce_params_resp_create(
+                                                                       selected_dh_group, supported_algorithms,
+                                                                       responder_nonce, responder_value);
                                        attr_list->insert_last(attr_list, attr);
                                        break;
                                }
                                case TCG_PTS_DH_NONCE_FINISH:
                                {
                                        tcg_pts_attr_dh_nonce_finish_t *attr_cast;
-                                       u_int8_t nonce_len;
                                        pts_meas_algorithms_t selected_algorithm;
-                                       chunk_t initiator_nonce, initiator_pub_val, responder_non;
+                                       chunk_t initiator_nonce, initiator_value;
+                                       int nonce_len;
 
                                        attr_cast = (tcg_pts_attr_dh_nonce_finish_t*)attr;
-                                       nonce_len = attr_cast->get_nonce_len(attr_cast);
-                                       if (nonce_len < 0 || nonce_len <= 16)
+                                       selected_algorithm = attr_cast->get_hash_algo(attr_cast);
+                                       if (!(selected_algorithm & supported_algorithms))
+                                       {
+                                               DBG1(DBG_IMC, "PTS-IMV selected unsupported "
+                                                                         "DH hash algorithm");
+                                               return TNC_RESULT_FATAL;
+                                       }
+                                       pts->set_dh_hash_algorithm(pts, selected_algorithm);
+
+                                       initiator_value = attr_cast->get_initiator_value(attr_cast);
+                                       initiator_nonce = attr_cast->get_initiator_nonce(attr_cast);
+                                       nonce_len = initiator_nonce.len;
+                                       if (nonce_len <= 16) /* TODO */
                                        {
                                                attr_info = attr->get_value(attr);
                                                attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
@@ -434,18 +395,10 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
                                                attr_list->insert_last(attr_list, attr);
                                                break;
                                        }
-
-                                       selected_algorithm = attr_cast->get_hash_algo(attr_cast);
-                                       initiator_pub_val = attr_cast->get_initiator_pub_val(attr_cast);
-                                       initiator_nonce = attr_cast->get_initiator_nonce(attr_cast);
-                                       responder_non = chunk_create(responder_nonce, NONCE_LEN);
-                                       
-                                       DBG3(DBG_IMC, "Initiator nonce: %B", &initiator_nonce);
-                                       DBG3(DBG_IMC, "Responder nonce: %B", &responder_non);
                                        
-                                       pts->set_peer_public_value(pts, initiator_pub_val);
-                                       if (!pts->calculate_secret(pts, initiator_nonce,
-                                                                               responder_non, selected_algorithm))
+                                       pts->set_peer_public_value(pts, initiator_value,
+                                                                                                       initiator_nonce);
+                                       if (!pts->calculate_secret(pts))
                                        {
                                                goto err;
                                        }
@@ -663,7 +616,7 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
                                                        }
                                                        
                                                        /* Create a hasher */
-                                                       hash_alg = pts_meas_to_hash_algorithm(pts->get_meas_algorithm(pts));
+                                                       hash_alg = pts_meas_algo_to_hash(pts->get_meas_algorithm(pts));
                                                        hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
                                                        if (!hasher)
                                                        {
@@ -979,7 +932,6 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
                return TNC_RESULT_NOT_INITIALIZED;
        }
 
-       free(responder_nonce);
        DESTROY_IF(evidences);
        libpts_deinit();
 
index 3afa795..dadd77b 100644 (file)
@@ -60,23 +60,19 @@ static const char imv_name[] = "Attestation";
 #define IMV_VENDOR_ID                  PEN_TCG
 #define IMV_SUBTYPE                            PA_SUBTYPE_TCG_PTS
 
+#define NONCE_LEN_LIMIT                        16
+
 static imv_agent_t *imv_attestation;
 
 /**
  * Supported PTS measurement algorithms
  */
-static pts_meas_algorithms_t supported_algorithms = 0;
+static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
 
 /**
  * Supported PTS Diffie Hellman Groups
  */
-static pts_dh_group_t supported_dh_groups = 0;
-
-/**
- * High Entropy Random Data
- * used in calculation of shared secret for the assessment session
- */
-static char *initiator_nonce = NULL;
+static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
 
 /**
  * PTS file measurement database
@@ -107,18 +103,14 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
                                                          TNC_Version *actual_version)
 {
        char *hash_alg, *dh_group, *uri, *cadir;
-       rng_t *rng;
 
        if (imv_attestation)
        {
                DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
                return TNC_RESULT_ALREADY_INITIALIZED;
        }
-       if (!pts_meas_probe_algorithms(&supported_algorithms))
-       {
-               return TNC_RESULT_FATAL;
-       }
-       if (!pts_probe_dh_groups(&supported_dh_groups))
+       if (!pts_meas_algo_probe(&supported_algorithms) ||
+               !pts_dh_group_probe(&supported_dh_groups))
        {
                return TNC_RESULT_FATAL;
        }
@@ -131,15 +123,6 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
 
        libpts_init();
        
-       /* Create a initiator nonce */
-       initiator_nonce = (char*)malloc(NONCE_LEN);
-       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (rng)
-       {
-               rng->get_bytes(rng, NONCE_LEN, initiator_nonce);
-               rng->destroy(rng);
-       }
-
        if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1)
        {
                DBG1(DBG_IMV, "no common IF-IMV version");
@@ -157,17 +140,7 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
         */
        hash_alg = lib->settings->get_str(lib->settings,
                                "libimcv.plugins.imv-attestation.hash_algorithm", "sha256");
-       if (!strcaseeq(hash_alg, "sha384") && !strcaseeq(hash_alg, "sha2_384"))
-       {
-               /* remove SHA384 algorithm */
-               supported_algorithms &= ~PTS_MEAS_ALGO_SHA384;
-       }
-       if (strcaseeq(hash_alg, "sha1"))
-       {
-               /* remove SHA256 algorithm */
-               supported_algorithms &= ~PTS_MEAS_ALGO_SHA256;
-       }
-
+       
        /**
         * Specify supported PTS Diffie-Hellman groups
         *
@@ -183,7 +156,9 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
         */
        dh_group = lib->settings->get_str(lib->settings,
                                "libimcv.plugins.imv-attestation.dh_group", "ecp256");
-       if (!pts_update_supported_dh_groups(dh_group, &supported_dh_groups))
+
+       if (!pts_meas_algo_update(hash_alg, &supported_algorithms) ||
+               !pts_dh_group_update(dh_group, &supported_dh_groups))
        {
                return TNC_RESULT_FATAL;
        }
@@ -304,8 +279,13 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
                {
                        if (!dh_nonce_req_sent)
                        {
+                               int min_nonce_len;
+
                                /* Send DH nonce parameters request attribute */
-                               attr = tcg_pts_attr_dh_nonce_params_req_create(0, supported_dh_groups);
+                               min_nonce_len = lib->settings->get_int(lib->settings,
+                                               "libimcv.plugins.imv-attestation.min_nonce_len", 0);
+                               attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
+                                                                                                                supported_dh_groups);
                                attr->set_noskip_flag(attr, TRUE);
                                msg->add_attribute(msg, attr);
                                dh_nonce_req_sent = TRUE;
@@ -313,16 +293,13 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
                        else
                        {
                                pts_meas_algorithms_t selected_algorithm;
-                               chunk_t initiator_pub_val;
+                               chunk_t initiator_value, initiator_nonce;
 
                                /* Send DH nonce finish attribute */
                                selected_algorithm = pts->get_meas_algorithm(pts);
-                               pts->get_my_public_value(pts, &initiator_pub_val);
-
-                               attr = tcg_pts_attr_dh_nonce_finish_create(NONCE_LEN,
-                                                                       selected_algorithm,
-                                                                       chunk_create(initiator_nonce, NONCE_LEN),
-                                                                       initiator_pub_val);
+                               pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
+                               attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
+                                                                                initiator_value, initiator_nonce);
                                attr->set_noskip_flag(attr, TRUE);
                                msg->add_attribute(msg, attr);
 
@@ -484,6 +461,7 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
        }
 
        attr_list = linked_list_create();
+
        /* analyze PA-TNC attributes */
        enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
        while (enumerator->enumerate(enumerator, &attr))
@@ -564,21 +542,32 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
 
                                        attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
                                        selected_algorithm = attr_cast->get_algorithms(attr_cast);
+                                       if (!(selected_algorithm & supported_algorithms))
+                                       {
+                                               DBG1(DBG_IMV, "PTS-IMC selected unsupported "
+                                                                         "measurement algorithm");
+                                               return TNC_RESULT_FATAL;
+                                       }
                                        pts->set_meas_algorithm(pts, selected_algorithm);
                                        break;
                                }
                                case TCG_PTS_DH_NONCE_PARAMS_RESP:
                                {
                                        tcg_pts_attr_dh_nonce_params_resp_t *attr_cast;
-                                       u_int8_t nonce_len;
+                                       int nonce_len, min_nonce_len;
                                        pts_dh_group_t dh_group;
                                        pts_meas_algorithms_t offered_algorithms, selected_algorithm;
-                                       chunk_t responder_nonce, initiator_non, responder_pub_val;
+                                       chunk_t responder_value, responder_nonce;
 
                                        attr_cast = (tcg_pts_attr_dh_nonce_params_resp_t*)attr;
+                                       responder_nonce = attr_cast->get_responder_nonce(attr_cast);
 
-                                       nonce_len = attr_cast->get_nonce_len(attr_cast);
-                                       if (nonce_len < 0 || nonce_len <= 16)
+                                       /* check compliance of responder nonce length */
+                                       min_nonce_len = lib->settings->get_int(lib->settings,
+                                               "libimcv.plugins.imv-attestation.min_nonce_len", 0);
+                                       nonce_len = responder_nonce.len;
+                                       if (nonce_len <= NONCE_LEN_LIMIT ||
+                                          (min_nonce_len > 0 && nonce_len < min_nonce_len))
                                        {
                                                attr_info = attr->get_value(attr);
                                                attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
@@ -588,33 +577,34 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
                                        }
 
                                        dh_group = attr_cast->get_dh_group(attr_cast);
+                                       if (!(dh_group & supported_dh_groups))
+                                       {
+                                               DBG1(DBG_IMV, "PTS-IMC selected unsupported DH group");
+                                               return TNC_RESULT_FATAL;
+                                       }
 
                                        offered_algorithms = attr_cast->get_hash_algo_set(attr_cast);
-                                       if (!(offered_algorithms & PTS_MEAS_ALGO_SHA1) &&
-                                               !(offered_algorithms & PTS_MEAS_ALGO_SHA256) &&
-                                               !(offered_algorithms & PTS_MEAS_ALGO_SHA384))
+                                       selected_algorithm = pts_meas_algo_select(supported_algorithms,
+                                                                                                                         offered_algorithms);
+                                       if (selected_algorithm == PTS_MEAS_ALGO_NONE)
                                        {
                                                attr = pts_hash_alg_error_create(supported_algorithms);
                                                attr_list->insert_last(attr_list, attr);
                                                break;
                                        }
-                                       /* Use already negotiated measurement algorithm */
-                                       selected_algorithm = pts->get_meas_algorithm(pts);
-                                       responder_nonce = attr_cast->get_responder_nonce(attr_cast);
-                                       responder_pub_val = attr_cast->get_responder_pub_val(attr_cast);
-                                       initiator_non = chunk_create(initiator_nonce, NONCE_LEN);
-                                       
-                                       /* Calculate secret assessment value */
-                                       if (!pts->create_dh(pts, dh_group))
+                                       pts->set_dh_hash_algorithm(pts, selected_algorithm);
+
+                                       if (!pts->create_dh_nonce(pts, dh_group, nonce_len))
                                        {
                                                return TNC_RESULT_FATAL;
                                        }
-                                       pts->set_peer_public_value(pts, responder_pub_val);
 
-                                       DBG3(DBG_IMV, "Initiator nonce: %B", &initiator_non);
-                                       DBG3(DBG_IMV, "Responder nonce: %B", &responder_nonce);
-                                       if (!pts->calculate_secret(pts, initiator_non,
-                                                       responder_nonce, selected_algorithm))
+                                       responder_value = attr_cast->get_responder_value(attr_cast);
+                                       pts->set_peer_public_value(pts, responder_value,
+                                                                                                       responder_nonce);
+
+                                       /* Calculate secret assessment value */
+                                       if (!pts->calculate_secret(pts))
                                        {
                                                return TNC_RESULT_FATAL;
                                        }
@@ -1010,7 +1000,6 @@ TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id)
        }
        DESTROY_IF(pts_db);
        DESTROY_IF(pts_credmgr);
-       free(initiator_nonce);
 
        libpts_deinit();
 
index 76b8ab4..4c35146 100644 (file)
@@ -51,11 +51,26 @@ struct private_pts_t {
        pts_meas_algorithms_t algorithm;
 
        /**
-        * PTS Diffie Hellman Secret
+        * DH Hash Algorithm
+        */
+       pts_meas_algorithms_t dh_hash_algorithm;
+
+       /**
+        * PTS Diffie-Hellman Secret
         */
        diffie_hellman_t *dh;
 
        /**
+        * PTS Diffie-Hellman Initiator Nonce
+        */
+       chunk_t initiator_nonce;
+
+       /**
+        * PTS Diffie-Hellman Responder Nonce
+        */
+       chunk_t responder_nonce;
+
+       /**
         * Secret assessment value to be used for TPM Quote as an external data
         */
        chunk_t secret;
@@ -66,6 +81,11 @@ struct private_pts_t {
        char *platform_info;
 
        /**
+        * TRUE if IMC-PTS, FALSE if IMV-PTS
+        */
+       bool is_imc;
+
+       /**
         * Do we have an activated TPM
         */
        bool has_tpm;
@@ -89,7 +109,7 @@ METHOD(pts_t, get_proto_caps, pts_proto_caps_flag_t,
 }
 
 METHOD(pts_t, set_proto_caps, void,
-          private_pts_t *this, pts_proto_caps_flag_t flags)
+       private_pts_t *this, pts_proto_caps_flag_t flags)
 {
        this->proto_caps = flags;
        DBG2(DBG_PTS, "supported PTS protocol capabilities: %s%s%s%s%s",
@@ -101,102 +121,141 @@ METHOD(pts_t, set_proto_caps, void,
 }
 
 METHOD(pts_t, get_meas_algorithm, pts_meas_algorithms_t,
-          private_pts_t *this)
+       private_pts_t *this)
 {
        return this->algorithm;
 }
 
 METHOD(pts_t, set_meas_algorithm, void,
-          private_pts_t *this, pts_meas_algorithms_t algorithm)
+       private_pts_t *this, pts_meas_algorithms_t algorithm)
 {
        hash_algorithm_t hash_alg;
 
-       hash_alg = pts_meas_to_hash_algorithm(algorithm);
+       hash_alg = pts_meas_algo_to_hash(algorithm);
        DBG2(DBG_PTS, "selected PTS measurement algorithm is %N",
-                hash_algorithm_names, hash_alg);
+                                  hash_algorithm_names, hash_alg);
        if (hash_alg != HASH_UNKNOWN)
        {
                this->algorithm = algorithm;
        }
 }
 
-METHOD(pts_t, create_dh, bool,
-          private_pts_t *this, pts_dh_group_t group)
+METHOD(pts_t, get_dh_hash_algorithm, pts_meas_algorithms_t,
+       private_pts_t *this)
+{
+       return this->dh_hash_algorithm;
+}
+
+METHOD(pts_t, set_dh_hash_algorithm, void,
+       private_pts_t *this, pts_meas_algorithms_t algorithm)
+{
+       hash_algorithm_t hash_alg;
+
+       hash_alg = pts_meas_algo_to_hash(algorithm);
+       DBG2(DBG_PTS, "selected DH hash algorithm is %N",
+                                  hash_algorithm_names, hash_alg);
+       if (hash_alg != HASH_UNKNOWN)
+       {
+               this->dh_hash_algorithm = algorithm;
+       }
+}
+
+
+METHOD(pts_t, create_dh_nonce, bool,
+       private_pts_t *this, pts_dh_group_t group, int nonce_len)
 {
        diffie_hellman_group_t dh_group;
+       chunk_t *nonce;
+       rng_t *rng;
 
-       dh_group = pts_dh_group_to_strongswan_dh_group(group);
-       if (dh_group != MODP_NONE)
+       dh_group = pts_dh_group_to_ike(group);
+       DBG2(DBG_PTS, "selected PTS DH group is %N",
+                                  diffie_hellman_group_names, dh_group);
+       DESTROY_IF(this->dh);
+       this->dh = lib->crypto->create_dh(lib->crypto, dh_group);
+
+       rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+       if (!rng)
        {
-               this->dh = lib->crypto->create_dh(lib->crypto, dh_group);
-               DBG2(DBG_PTS, "selected PTS DH group is %N",
-                        diffie_hellman_group_names, dh_group);
-               return TRUE;
+               DBG1(DBG_PTS, "no rng available");
+               return FALSE;
        }
-       DBG1(DBG_PTS, "unable to create DH group %N",
-                        diffie_hellman_group_names, dh_group);
+       DBG2(DBG_PTS, "nonce length is %d", nonce_len);
+       nonce = this->is_imc ? &this->responder_nonce : &this->initiator_nonce;
+       chunk_free(nonce);
+       rng->allocate_bytes(rng, nonce_len, nonce);
+       rng->destroy(rng);
 
-       return FALSE;
+       return TRUE;
 }
 
 METHOD(pts_t, get_my_public_value, void,
-          private_pts_t *this, chunk_t *value)
+       private_pts_t *this, chunk_t *value, chunk_t *nonce)
 {
        this->dh->get_my_public_value(this->dh, value);
+       *nonce = this->is_imc ? this->responder_nonce : this->initiator_nonce;
 }
 
 METHOD(pts_t, set_peer_public_value, void,
-          private_pts_t *this, chunk_t value)
+       private_pts_t *this, chunk_t value, chunk_t nonce)
 {
        this->dh->set_other_public_value(this->dh, value);
+
+       nonce = chunk_clone(nonce);
+       if (this->is_imc)
+       {
+               this->initiator_nonce = nonce;
+       }
+       else
+       {
+               this->responder_nonce = nonce;
+       }
 }
 
 METHOD(pts_t, calculate_secret, bool,
-          private_pts_t *this, chunk_t initiator_nonce, chunk_t responder_nonce,
-          pts_meas_algorithms_t algorithm)
+       private_pts_t *this)
 {
        hasher_t *hasher;
        hash_algorithm_t hash_alg;
-       u_char output[HASH_SIZE_SHA384];
        chunk_t shared_secret;
 
-       /* Create a hasher */
-       hash_alg = pts_meas_to_hash_algorithm(algorithm);
-       hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
-       if (!hasher)
+       /* Check presence of nonces */
+       if (!this->initiator_nonce.len || !this->responder_nonce.len)
        {
-               DBG1(DBG_PTS, "  hasher %N not available", hash_algorithm_names, hash_alg);
+               DBG1(DBG_PTS, "initiator and/or responder nonce is not available");
                return FALSE;
        }
+       DBG3(DBG_PTS, "initiator nonce: %B", &this->initiator_nonce);
+       DBG3(DBG_PTS, "responder nonce: %B", &this->responder_nonce);
 
+       /* Calculate the DH secret */
        if (this->dh->get_shared_secret(this->dh, &shared_secret) != SUCCESS)
        {
-               DBG1(DBG_PTS, "shared secret couldn't be calculated");
-               hasher->destroy(hasher);
+               DBG1(DBG_PTS, "shared DH secret computation failed");
                return FALSE;
        }
+       DBG4(DBG_PTS, "shared DH secret: %B", &shared_secret);
 
-       hasher->get_hash(hasher, chunk_create("1", sizeof("1")), NULL);
-       hasher->get_hash(hasher, initiator_nonce, NULL);
-       hasher->get_hash(hasher, responder_nonce, NULL);
-       hasher->get_hash(hasher, shared_secret, output);
-
-       /**
-        * Link the hash output to the secret and set the length
-        * Truncate the output to 20 bytes to fit ExternalDate argument of TPM Quote
-        */
-       this->secret = chunk_create(output, HASH_SIZE_SHA1);
-       DBG3(DBG_PTS, "secret assessment value: %B", &this->secret);
+       /* Calculate the secret assessment value */
+       hash_alg = pts_meas_algo_to_hash(this->dh_hash_algorithm);
+       hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
 
-       chunk_free(&shared_secret);
+       hasher->allocate_hash(hasher, chunk_from_chars('1'), NULL);
+       hasher->allocate_hash(hasher, this->initiator_nonce, NULL);
+       hasher->allocate_hash(hasher, this->responder_nonce, NULL);
+       hasher->allocate_hash(hasher, shared_secret, &this->secret);
        hasher->destroy(hasher);
-       return TRUE;
-}
 
-METHOD(pts_t, get_secret, chunk_t,
-          private_pts_t *this)
-{
-       return this->secret;
+       /* The DH secret must be destroyed */
+       chunk_clear(&shared_secret);
+
+       /*
+        * Truncate the hash to 20 bytes to fit the ExternalData
+        * argument of the TPM Quote command
+        */
+       this->secret.len = min(this->secret.len, 20);
+       DBG4(DBG_PTS, "secret assessment value: %B", &this->secret);
+       return TRUE;
 }
 
 /**
@@ -227,20 +286,20 @@ static void print_tpm_version_info(private_pts_t *this)
 }
 
 METHOD(pts_t, get_platform_info, char*,
-          private_pts_t *this)
+       private_pts_t *this)
 {
        return this->platform_info;
 }
 
 METHOD(pts_t, set_platform_info, void,
-          private_pts_t *this, char *info)
+       private_pts_t *this, char *info)
 {
        free(this->platform_info);
        this->platform_info = strdup(info);
 }
 
 METHOD(pts_t, get_tpm_version_info, bool,
-          private_pts_t *this, chunk_t *info)
+       private_pts_t *this, chunk_t *info)
 {
        if (!this->has_tpm)
        {
@@ -252,7 +311,7 @@ METHOD(pts_t, get_tpm_version_info, bool,
 }
 
 METHOD(pts_t, set_tpm_version_info, void,
-          private_pts_t *this, chunk_t info)
+       private_pts_t *this, chunk_t info)
 {
        this->tpm_version_info = chunk_clone(info);
        print_tpm_version_info(this);
@@ -297,20 +356,20 @@ static void load_aik(private_pts_t *this)
 }
 
 METHOD(pts_t, get_aik, certificate_t*,
-          private_pts_t *this)
+       private_pts_t *this)
 {
        return this->aik;       
 }
 
 METHOD(pts_t, set_aik, void,
-          private_pts_t *this, certificate_t *aik)
+       private_pts_t *this, certificate_t *aik)
 {
        DESTROY_IF(this->aik);
        this->aik = aik->get_ref(aik);
 }
 
 METHOD(pts_t, hash_file, bool,
-          private_pts_t *this, hasher_t *hasher, char *pathname, u_char *hash)
+       private_pts_t *this, hasher_t *hasher, char *pathname, u_char *hash)
 {
        u_char buffer[PTS_BUF_SIZE];
        FILE *file;
@@ -357,8 +416,8 @@ static char* get_filename(char *pathname)
        return filename;
 }
 
-METHOD(pts_t, is_path_valid, bool, private_pts_t *this, char *path,
-                                               pts_error_code_t *error_code)
+METHOD(pts_t, is_path_valid, bool,
+       private_pts_t *this, char *path, pts_error_code_t *error_code)
 {
        struct stat st;
 
@@ -389,7 +448,7 @@ METHOD(pts_t, is_path_valid, bool, private_pts_t *this, char *path,
 }
 
 METHOD(pts_t, do_measurements, pts_file_meas_t*,
-          private_pts_t *this, u_int16_t request_id, char *pathname, bool is_directory)
+       private_pts_t *this, u_int16_t request_id, char *pathname, bool is_directory)
 {
        hasher_t *hasher;
        hash_algorithm_t hash_alg;
@@ -398,7 +457,7 @@ METHOD(pts_t, do_measurements, pts_file_meas_t*,
        pts_file_meas_t *measurements;
 
        /* Create a hasher */
-       hash_alg = pts_meas_to_hash_algorithm(this->algorithm);
+       hash_alg = pts_meas_algo_to_hash(this->algorithm);
        hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
        if (!hasher)
        {
@@ -529,7 +588,7 @@ static bool file_metadata(char *pathname, pts_file_metadata_t **entry)
 }
 
 METHOD(pts_t, get_metadata, pts_file_meta_t*,
-          private_pts_t *this, char *pathname, bool is_directory)
+       private_pts_t *this, char *pathname, bool is_directory)
 {
        pts_file_meta_t *metadata;
        pts_file_metadata_t *entry;
@@ -601,7 +660,7 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*,
 }
 
 METHOD(pts_t, read_pcr, bool,
-          private_pts_t *this, u_int32_t pcr_num, chunk_t *output)
+       private_pts_t *this, u_int32_t pcr_num, chunk_t *output)
 {
        TSS_HCONTEXT hContext;
        TSS_HTPM hTPM;
@@ -649,7 +708,7 @@ METHOD(pts_t, read_pcr, bool,
 }
 
 METHOD(pts_t, extend_pcr, bool,
-          private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output)
+       private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output)
 {
        TSS_HCONTEXT hContext;
        TSS_HTPM hTPM;
@@ -699,8 +758,8 @@ METHOD(pts_t, extend_pcr, bool,
 }
 
 METHOD(pts_t, quote_tpm, bool,
-          private_pts_t *this, linked_list_t *pcrs,
-          chunk_t *pcr_composite, chunk_t *quote_signature)
+       private_pts_t *this, linked_list_t *pcrs, chunk_t *pcr_composite,
+       chunk_t *quote_signature)
 {
        TSS_HCONTEXT hContext;
        TSS_HTPM hTPM;
@@ -886,10 +945,12 @@ METHOD(pts_t, quote_tpm, bool,
 }
 
 METHOD(pts_t, destroy, void,
-          private_pts_t *this)
+       private_pts_t *this)
 {
        DESTROY_IF(this->aik);
        DESTROY_IF(this->dh);
+       free(this->initiator_nonce.ptr);
+       free(this->responder_nonce.ptr);
        free(this->platform_info);
        free(this->tpm_version_info.ptr);
        free(this);
@@ -1051,33 +1112,36 @@ pts_t *pts_create(bool is_imc)
        private_pts_t *this;
 
        INIT(this,
-                .public = {
-                        .get_proto_caps = _get_proto_caps,
-                        .set_proto_caps = _set_proto_caps,
-                        .get_meas_algorithm = _get_meas_algorithm,
-                        .set_meas_algorithm = _set_meas_algorithm,
-                        .create_dh = _create_dh,
-                        .get_my_public_value = _get_my_public_value,
-                        .set_peer_public_value = _set_peer_public_value,
-                        .calculate_secret = _calculate_secret,
-                        .get_secret = _get_secret,
-                        .get_platform_info = _get_platform_info,
-                        .set_platform_info = _set_platform_info,
-                        .get_tpm_version_info = _get_tpm_version_info,
-                        .set_tpm_version_info = _set_tpm_version_info,
-                        .get_aik = _get_aik,
-                        .set_aik = _set_aik,
-                        .is_path_valid = _is_path_valid,
-                        .hash_file = _hash_file,
-                        .do_measurements = _do_measurements,
-                        .get_metadata = _get_metadata,
-                        .read_pcr = _read_pcr,
-                        .extend_pcr = _extend_pcr,
-                        .quote_tpm = _quote_tpm,
-                        .destroy = _destroy,
-                },
-                .proto_caps = PTS_PROTO_CAPS_V,
-                .algorithm = PTS_MEAS_ALGO_SHA256,
+               .public = {
+                       .get_proto_caps = _get_proto_caps,
+                       .set_proto_caps = _set_proto_caps,
+                       .get_meas_algorithm = _get_meas_algorithm,
+                       .set_meas_algorithm = _set_meas_algorithm,
+                       .get_dh_hash_algorithm = _get_dh_hash_algorithm,
+                       .set_dh_hash_algorithm = _set_dh_hash_algorithm,
+                       .create_dh_nonce = _create_dh_nonce,
+                       .get_my_public_value = _get_my_public_value,
+                       .set_peer_public_value = _set_peer_public_value,
+                       .calculate_secret = _calculate_secret,
+                       .get_platform_info = _get_platform_info,
+                       .set_platform_info = _set_platform_info,
+                       .get_tpm_version_info = _get_tpm_version_info,
+                       .set_tpm_version_info = _set_tpm_version_info,
+                       .get_aik = _get_aik,
+                       .set_aik = _set_aik,
+                       .is_path_valid = _is_path_valid,
+                       .hash_file = _hash_file,
+                       .do_measurements = _do_measurements,
+                       .get_metadata = _get_metadata,
+                       .read_pcr = _read_pcr,
+                       .extend_pcr = _extend_pcr,
+                       .quote_tpm = _quote_tpm,
+                       .destroy = _destroy,
+               },
+               .is_imc = is_imc,
+               .proto_caps = PTS_PROTO_CAPS_V,
+               .algorithm = PTS_MEAS_ALGO_SHA256,
+               .dh_hash_algorithm = PTS_MEAS_ALGO_SHA256,
        );
 
        if (is_imc)
index 3f6a456..e8a0aaf 100644 (file)
@@ -40,12 +40,7 @@ typedef struct pts_t pts_t;
 #define REVERSE_SOLIDUS_UTF            0x5C
 
 /**
- * Lenght of the generated nonce used for calculation of shared secret
- */
-#define NONCE_LEN                              20
-
-/**
- * Lenght of the generated nonce used for calculation of shared secret
+ * Length of the generated nonce used for calculation of shared secret
  */
 #define ASSESSMENT_SECRET_LEN  20
 
@@ -55,12 +50,12 @@ typedef struct pts_t pts_t;
 #define MAX_NUM_PCR                            24
 
 /**
- * Number of bytes can be savedin a PCR of TPM, TPM Spec 1.2
+ * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
  */
 #define PCR_LEN                                        20
 
 /**
- * Class implementing the TCG Platform Trust System (PTS)
+ * Class implementing the TCG Platform Trust Service (PTS)
  *
  */
 struct pts_t {
@@ -82,57 +77,64 @@ struct pts_t {
        /**
         * Get PTS Measurement Algorithm
         *
-        * @return                                      Measurement algorithm
+        * @return                                      PTS measurement algorithm
         */
        pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
 
        /**
         * Set PTS Measurement Algorithm
         *
-        * @param algorithm                     Measurement algorithm
+        * @param algorithm                     PTS measurement algorithm
         */
        void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
 
        /**
-        * Set PTS Diffie-Hellman object
+        * Get DH Hash Algorithm
+        *
+        * @return                                      DH hash algorithm
+        */
+       pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
+
+       /**
+        * Set DH Hash Algorithm
+        *
+        * @param algorithm                     DH hash algorithm
+        */
+       void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
+
+       /**
+        * Create PTS Diffie-Hellman object and nonce
+        *
+        * @param group                         PTS DH group
+        * @param nonce_len                     Nonce length
+        * @return                                      TRUE if creation was successful
         *
-        * @param dh                            DH object
         */
-       bool (*create_dh)(pts_t *this, pts_dh_group_t group);
+       bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
 
        /**
         * Get my Diffie-Hellman public value
         *
         * @param value                         My public DH value
+        * @param nonce                         My DH nonce
         */
-       void (*get_my_public_value)(pts_t *this, chunk_t *value);
+       void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
 
        /**
         * Set peer Diffie.Hellman public value
         *
         * @param value                         Peer public DH value
+        * @param nonce                         Peer DH nonce
         */
-       void (*set_peer_public_value) (pts_t *this, chunk_t value);
+       void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
 
        /**
-        * Calculates secret assessment value to be used for TPM Quote as an external data
+        * Calculates secret assessment value to be used for TPM Quote as ExternalData
         *
-        * @param initiator_nonce       Initiator nonce (IMV nonce)
-        * @param responder_nonce       Responder nonce (IMC nonce)
-        * @param algorithm                     Hashing algorithm
         * @return                                      TRUE unless both DH public values
         *                                                      and nonces are set
         */
-       bool (*calculate_secret) (pts_t *this, chunk_t initiator_nonce,
-                                                         chunk_t responder_nonce,
-                                                         pts_meas_algorithms_t algorithm);
-
-       /**
-        * Returns secret assessment value to be used for TPM Quote as an external data
-        *
-        * @return                                      Secret assessment value
-        */
-       chunk_t (*get_secret) (pts_t *this);
+       bool (*calculate_secret) (pts_t *this);
 
        /**
         * Get Platform and OS Info
index 441bb9e..fb14132 100644 (file)
@@ -88,33 +88,33 @@ bool pts_dh_group_update(char *dh_group, pts_dh_group_t *dh_groups)
                /* nothing to update, all groups are supported */
                return TRUE;
        }
-       else if (strcaseeq(dh_group, "ecp256"))
+       if (strcaseeq(dh_group, "ecp256"))
        {
                /* remove DH group 20 */
                *dh_groups &= ~PTS_DH_GROUP_IKE20;
                return TRUE;
        }
-       else if (strcaseeq(dh_group, "modp2048"))
+       if (strcaseeq(dh_group, "modp2048"))
        {
                /* remove DH groups 19 and 20 */
                *dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19);
                return TRUE;
        }
-       else if (strcaseeq(dh_group, "modp1536"))
+       if (strcaseeq(dh_group, "modp1536"))
        {
                /* remove DH groups 14, 19 and 20 */
                *dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 |
                                                PTS_DH_GROUP_IKE14);
                return TRUE;
        }
-       else if (strcaseeq(dh_group, "modp1024"))
+       if (strcaseeq(dh_group, "modp1024"))
        {
                /* remove DH groups 5, 14, 19 and 20 */
                *dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 |
                                                PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE5);
                return TRUE;
        }
-       DBG1(DBG_PTS, "unknown DH group: %s configured", dh_group);
+       DBG1(DBG_PTS, "unknown DH group '%s' configured", dh_group);
        return FALSE;
 }
 
index 040643d..cf5c724 100644 (file)
@@ -96,7 +96,7 @@ bool pts_meas_algo_update(char *hash_alg, pts_meas_algorithms_t *algorithms)
                *algorithms &= ~(PTS_MEAS_ALGO_SHA384 | PTS_MEAS_ALGO_SHA256);
                return TRUE;
        }
-       DBG1(DBG_PTS, "unknown hash algorithm: %s configured", hash_alg);
+       DBG1(DBG_PTS, "unknown hash algorithm '%s' configured", hash_alg);
        return FALSE;
 }
 
index 25fca24..a99f862 100644 (file)
@@ -72,11 +72,6 @@ struct private_tcg_pts_attr_dh_nonce_finish_t {
        bool noskip_flag;
        
        /**
-        * Length of nonce
-        */
-       u_int8_t nonce_len;
-
-       /**
         * Selected Hashing Algorithm
         */
        pts_meas_algorithms_t hash_algo;
@@ -84,7 +79,7 @@ struct private_tcg_pts_attr_dh_nonce_finish_t {
        /**
         * DH Initiator Public Value
         */
-       chunk_t initiator_pub_val;
+       chunk_t initiator_value;
 
        /**
         * DH Initiator Nonce
@@ -129,9 +124,9 @@ METHOD(pa_tnc_attr_t, build, void,
 
        writer = bio_writer_create(PTS_DH_NONCE_FINISH_SIZE);
        writer->write_uint8 (writer, PTS_DH_NONCE_FINISH_RESERVED);
-       writer->write_uint8 (writer, this->nonce_len);
+       writer->write_uint8 (writer, this->initiator_nonce.len);
        writer->write_uint16(writer, this->hash_algo);
-       writer->write_data  (writer, this->initiator_pub_val);
+       writer->write_data  (writer, this->initiator_value);
        writer->write_data  (writer, this->initiator_nonce);
        
        this->value = chunk_clone(writer->get_buf(writer));
@@ -142,7 +137,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
        private_tcg_pts_attr_dh_nonce_finish_t *this, u_int32_t *offset)
 {
        bio_reader_t *reader;
-       u_int8_t reserved;
+       u_int8_t reserved, nonce_len;
        u_int16_t hash_algo;
 
        if (this->value.len < PTS_DH_NONCE_FINISH_SIZE)
@@ -153,15 +148,14 @@ METHOD(pa_tnc_attr_t, process, status_t,
        }
        reader = bio_reader_create(this->value);
        reader->read_uint8 (reader, &reserved);
-       reader->read_uint8 (reader, &this->nonce_len);
+       reader->read_uint8 (reader, &nonce_len);
        reader->read_uint16(reader, &hash_algo);
+       reader->read_data(reader, reader->remaining(reader) - nonce_len,
+                                                         &this->initiator_value);
+       reader->read_data(reader, nonce_len, &this->initiator_nonce);
        this->hash_algo = hash_algo;
-       reader->read_data(reader, reader->remaining(reader) - this->nonce_len,
-                                                                               &this->initiator_pub_val);
-       this->initiator_pub_val = chunk_clone(this->initiator_pub_val);
-       reader->read_data(reader, this->nonce_len, &this->initiator_nonce);
+       this->initiator_value = chunk_clone(this->initiator_value);
        this->initiator_nonce = chunk_clone(this->initiator_nonce);
-       
        reader->destroy(reader);
 
        return SUCCESS;
@@ -171,27 +165,21 @@ METHOD(pa_tnc_attr_t, destroy, void,
        private_tcg_pts_attr_dh_nonce_finish_t *this)
 {
        free(this->value.ptr);
-       free(this->initiator_pub_val.ptr);
+       free(this->initiator_value.ptr);
        free(this->initiator_nonce.ptr);
        free(this);
 }
 
-METHOD(tcg_pts_attr_dh_nonce_finish_t, get_nonce_len, u_int8_t,
-       private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
-       return this->nonce_len;
-}
-
 METHOD(tcg_pts_attr_dh_nonce_finish_t, get_hash_algo, pts_meas_algorithms_t,
        private_tcg_pts_attr_dh_nonce_finish_t *this)
 {
        return this->hash_algo;
 }
 
-METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_pub_val, chunk_t,
+METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_value, chunk_t,
        private_tcg_pts_attr_dh_nonce_finish_t *this)
 {
-       return this->initiator_pub_val;
+       return this->initiator_value;
 }
 
 METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_nonce, chunk_t,
@@ -203,10 +191,9 @@ METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_nonce, chunk_t,
 /**
  * Described in header.
  */
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create(u_int8_t nonce_len,
-                                                                                               pts_meas_algorithms_t hash_algo,
-                                                                                               chunk_t initiator_nonce,
-                                                                                               chunk_t initiator_pub_val)
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create(pts_meas_algorithms_t hash_algo,
+                                                                                                  chunk_t initiator_value,
+                                                                                                  chunk_t initiator_nonce)
 {
        private_tcg_pts_attr_dh_nonce_finish_t *this;
 
@@ -222,17 +209,15 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create(u_int8_t nonce_len,
                                .process = _process,
                                .destroy = _destroy,
                        },
-                       .get_nonce_len = _get_nonce_len,
                        .get_hash_algo = _get_hash_algo,
                        .get_initiator_nonce = _get_initiator_nonce,
-                       .get_initiator_pub_val = _get_initiator_pub_val,
+                       .get_initiator_value = _get_initiator_value,
                },
                .vendor_id = PEN_TCG,
                .type = TCG_PTS_DH_NONCE_FINISH,
-               .nonce_len = nonce_len,
                .hash_algo = hash_algo,
+               .initiator_value = initiator_value,
                .initiator_nonce = chunk_clone(initiator_nonce),
-               .initiator_pub_val = initiator_pub_val,
        );
 
        return &this->public.pa_tnc_attribute;
@@ -257,10 +242,9 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value)
                                .process = _process,
                                .destroy = _destroy,
                        },
-                       .get_nonce_len = _get_nonce_len,
                        .get_hash_algo = _get_hash_algo,
                        .get_initiator_nonce = _get_initiator_nonce,
-                       .get_initiator_pub_val = _get_initiator_pub_val,
+                       .get_initiator_value = _get_initiator_value,
                },
                .vendor_id = PEN_TCG,
                .type = TCG_PTS_DH_NONCE_FINISH,
index c92c999..d3964a6 100644 (file)
@@ -56,7 +56,7 @@ struct tcg_pts_attr_dh_nonce_finish_t {
         *
         * @return                              DH Initiator Public Value
         */
-       chunk_t (*get_initiator_pub_val)(tcg_pts_attr_dh_nonce_finish_t *this);
+       chunk_t (*get_initiator_value)(tcg_pts_attr_dh_nonce_finish_t *this);
 
        /**
         * Get DH Initiator Nonce
@@ -70,15 +70,13 @@ struct tcg_pts_attr_dh_nonce_finish_t {
 /**
  * Creates an tcg_pts_attr_dh_nonce_finish_t object
  *
- * @param nonce_len                                    Length of nonce
  * @param hash_algo                                    Selected hash algorithm
+ * @param initiator_value                      DH Initiator Public Value
  * @param initiator_nonce                      DH Initiator Nonce
- * @param initiator_pub_val                    DH Initiator Public value
  */
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create(u_int8_t nonce_len,
-                                                                                               pts_meas_algorithms_t hash_algo,
-                                                                                               chunk_t initiator_nonce,
-                                                                                               chunk_t initiator_pub_val);
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create(pts_meas_algorithms_t hash_algo,
+                                                                                                  chunk_t initiator_value,
+                                                                                                  chunk_t initiator_nonce);
 
 /**
  * Creates an tcg_pts_attr_dh_nonce_finish_t object from received data
index 0b3b9da..a07fcc5 100644 (file)
@@ -74,11 +74,6 @@ struct private_tcg_pts_attr_dh_nonce_params_resp_t {
        bool noskip_flag;
        
        /**
-        * Length of nonce
-        */
-       u_int8_t nonce_len;
-
-       /**
         * Selected Diffie Hellman group
         */
        pts_dh_group_t dh_group;
@@ -96,7 +91,7 @@ struct private_tcg_pts_attr_dh_nonce_params_resp_t {
        /**
         * DH Responder Public Value
         */
-       chunk_t responder_pub_val;
+       chunk_t responder_value;
        
 };
 
@@ -137,11 +132,11 @@ METHOD(pa_tnc_attr_t, build, void,
 
        writer = bio_writer_create(PTS_DH_NONCE_PARAMS_RESP_SIZE);
        writer->write_uint24(writer, PTS_DH_NONCE_PARAMS_RESP_RESERVED);
-       writer->write_uint8 (writer, this->nonce_len);
+       writer->write_uint8 (writer, this->responder_nonce.len);
        writer->write_uint16(writer, this->dh_group);
        writer->write_uint16(writer, this->hash_algo_set);
        writer->write_data  (writer, this->responder_nonce);
-       writer->write_data  (writer, this->responder_pub_val);
+       writer->write_data  (writer, this->responder_value);
        
        this->value = chunk_clone(writer->get_buf(writer));
        writer->destroy(writer);
@@ -152,6 +147,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 {
        bio_reader_t *reader;
        u_int32_t reserved;
+       u_int8_t nonce_len;
        u_int16_t dh_group, hash_algo_set;
 
        if (this->value.len < PTS_DH_NONCE_PARAMS_RESP_SIZE)
@@ -162,15 +158,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
        }
        reader = bio_reader_create(this->value);
        reader->read_uint24(reader, &reserved);
-       reader->read_uint8 (reader, &this->nonce_len);
+       reader->read_uint8 (reader, &nonce_len);
        reader->read_uint16(reader, &dh_group);
-       this->dh_group = dh_group;
        reader->read_uint16(reader, &hash_algo_set);
+       reader->read_data(reader, nonce_len, &this->responder_nonce);
+       reader->read_data(reader, reader->remaining(reader), &this->responder_value);
+       this->dh_group = dh_group;
        this->hash_algo_set = hash_algo_set;
-       reader->read_data(reader, this->nonce_len, &this->responder_nonce);
        this->responder_nonce = chunk_clone(this->responder_nonce);
-       reader->read_data(reader, reader->remaining(reader), &this->responder_pub_val);
-       this->responder_pub_val = chunk_clone(this->responder_pub_val);
+       this->responder_value = chunk_clone(this->responder_value);
        reader->destroy(reader);
 
        return SUCCESS;
@@ -181,16 +177,10 @@ METHOD(pa_tnc_attr_t, destroy, void,
 {
        free(this->value.ptr);
        free(this->responder_nonce.ptr);
-       free(this->responder_pub_val.ptr);
+       free(this->responder_value.ptr);
        free(this);
 }
 
-METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_nonce_len, u_int8_t,
-       private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
-       return this->nonce_len;
-}
-
 METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_dh_group, pts_dh_group_t,
        private_tcg_pts_attr_dh_nonce_params_resp_t *this)
 {
@@ -209,20 +199,19 @@ METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_responder_nonce, chunk_t,
        return this->responder_nonce;
 }
 
-METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_responder_pub_val, chunk_t,
+METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_responder_value, chunk_t,
        private_tcg_pts_attr_dh_nonce_params_resp_t *this)
 {
-       return this->responder_pub_val;
+       return this->responder_value;
 }
 
 /**
  * Described in header.
  */
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(u_int8_t nonce_len,
-                                                                                               pts_dh_group_t dh_group,
-                                                                                               pts_meas_algorithms_t hash_algo_set,
-                                                                                               chunk_t responder_nonce,
-                                                                                               chunk_t responder_pub_val)
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
+                                                                                       pts_meas_algorithms_t hash_algo_set,
+                                                                                       chunk_t responder_nonce,
+                                                                                       chunk_t responder_value)
 {
        private_tcg_pts_attr_dh_nonce_params_resp_t *this;
 
@@ -238,19 +227,17 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(u_int8_t nonce_len,
                                .process = _process,
                                .destroy = _destroy,
                        },
-                       .get_nonce_len = _get_nonce_len,
                        .get_dh_group = _get_dh_group,
                        .get_hash_algo_set = _get_hash_algo_set,
                        .get_responder_nonce = _get_responder_nonce,
-                       .get_responder_pub_val = _get_responder_pub_val,
+                       .get_responder_value = _get_responder_value,
                },
                .vendor_id = PEN_TCG,
                .type = TCG_PTS_DH_NONCE_PARAMS_RESP,
-               .nonce_len = nonce_len,
                .dh_group = dh_group,
                .hash_algo_set = hash_algo_set,
                .responder_nonce = chunk_clone(responder_nonce),
-               .responder_pub_val = responder_pub_val,
+               .responder_value = responder_value,
        );
 
        return &this->public.pa_tnc_attribute;
@@ -275,11 +262,10 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value)
                                .process = _process,
                                .destroy = _destroy,
                        },
-                       .get_nonce_len = _get_nonce_len,
                        .get_dh_group = _get_dh_group,
                        .get_hash_algo_set = _get_hash_algo_set,
                        .get_responder_nonce = _get_responder_nonce,
-                       .get_responder_pub_val = _get_responder_pub_val,
+                       .get_responder_value = _get_responder_value,
                },
                .vendor_id = PEN_TCG,
                .type = TCG_PTS_DH_NONCE_PARAMS_RESP,
index 6b40c22..c81ff9f 100644 (file)
@@ -39,13 +39,6 @@ struct tcg_pts_attr_dh_nonce_params_resp_t {
        pa_tnc_attr_t pa_tnc_attribute;
 
        /**
-        * Get nonce length
-        *
-        * @return                              Length of nonce
-        */
-       u_int8_t (*get_nonce_len)(tcg_pts_attr_dh_nonce_params_resp_t *this);
-
-       /**
         * Get selected Diffie Hellman Group
         *
         * @return                              Selected Diffie Hellman Group
@@ -71,24 +64,22 @@ struct tcg_pts_attr_dh_nonce_params_resp_t {
         *
         * @return                              DH Responder Public Value
         */
-       chunk_t (*get_responder_pub_val)(tcg_pts_attr_dh_nonce_params_resp_t *this);
+       chunk_t (*get_responder_value)(tcg_pts_attr_dh_nonce_params_resp_t *this);
        
 };
 
 /**
  * Creates an tcg_pts_attr_dh_nonce_params_resp_t object
  *
- * @param nonce_len                                    Length of nonce
  * @param dh_group                                     Selected DH group
  * @param hash_algo_set                                Set of supported hash algorithms
  * @param responder_nonce                      DH Responder Nonce
  * @param responder_pub_val                    DH Responder Public value
  */
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create(u_int8_t nonce_len,
-                                                                                               pts_dh_group_t dh_group,
-                                                                                               pts_meas_algorithms_t hash_algo_set,
-                                                                                               chunk_t responder_nonce,
-                                                                                               chunk_t responder_pub_val);
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
+                                                                                       pts_meas_algorithms_t hash_algo_set,
+                                                                                       chunk_t responder_nonce,
+                                                                                       chunk_t responder_value);
 
 /**
  * Creates an tcg_pts_attr_dh_nonce_params_resp_t object from received data