#include "ita_comp_func_name.h"
#include "pts/components/pts_component.h"
+#include "pts/components/pts_comp_evidence.h"
#include <debug.h>
#include <pen/pen.h>
pts_comp_evidence_t *evid;
char *meas_hex, *pcr_before_hex, *pcr_after_hex;
chunk_t measurement, pcr_before, pcr_after;
+ size_t hash_size, pcr_len;
pts_pcr_transform_t pcr_transform;
pts_meas_algorithms_t hash_algo;
}
hash_algo = pts->get_meas_algorithm(pts);
- switch (hash_algo)
- {
- case PTS_MEAS_ALGO_SHA1:
- pcr_transform = PTS_PCR_TRANSFORM_MATCH;
- case PTS_MEAS_ALGO_SHA256:
- case PTS_MEAS_ALGO_SHA384:
- pcr_transform = PTS_PCR_TRANSFORM_LONG;
- case PTS_MEAS_ALGO_NONE:
- default:
- pcr_transform = PTS_PCR_TRANSFORM_NO;
- }
+ hash_size = pts_meas_algo_hash_size(hash_algo);
+ pcr_len = pts->get_pcr_len(pts);
+ pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
+ /* get and check the measurement data */
measurement = chunk_from_hex(
chunk_create(meas_hex, strlen(meas_hex)), NULL);
pcr_before = chunk_from_hex(
chunk_create(pcr_before_hex, strlen(pcr_before_hex)), NULL);
pcr_after = chunk_from_hex(
chunk_create(pcr_after_hex, strlen(pcr_after_hex)), NULL);
+ if (pcr_before.len != pcr_len || pcr_after.len != pcr_len ||
+ measurement.len != hash_size)
+ {
+ DBG1(DBG_PTS, "TBOOT measurement or pcr data have the wrong size");
+ free(measurement.ptr);
+ free(pcr_before.ptr);
+ free(pcr_after.ptr);
+ return FAILED;
+ }
evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
this->depth, this->extended_pcr,
this->measurement_time, measurement);
evid->set_pcr_info(evid, pcr_before, pcr_after);
-
-
return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
}
chunk_t measurement, pcr_before, pcr_after;
pts_pcr_transform_t pcr_transform;
pts_meas_algorithms_t hash_algo;
+ size_t hash_size, pcr_len;
/* Provisional implementation for TGRUB */
extended_pcr = PCR_DEBUG;
}
hash_algo = pts->get_meas_algorithm(pts);
- switch (hash_algo)
- {
- case PTS_MEAS_ALGO_SHA1:
- pcr_transform = PTS_PCR_TRANSFORM_MATCH;
- case PTS_MEAS_ALGO_SHA256:
- case PTS_MEAS_ALGO_SHA384:
- pcr_transform = PTS_PCR_TRANSFORM_LONG;
- case PTS_MEAS_ALGO_NONE:
- default:
- pcr_transform = PTS_PCR_TRANSFORM_NO;
- }
+ hash_size = pts_meas_algo_hash_size(hash_algo);
+ pcr_len = pts->get_pcr_len(pts);
+ pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
- measurement = chunk_alloc(HASH_SIZE_SHA1);
+ measurement = chunk_alloc(hash_size);
memset(measurement.ptr, 0x00, measurement.len);
- pcr_before = chunk_alloc(PCR_LEN);
+ pcr_before = chunk_alloc(pcr_len);
memset(pcr_before.ptr, 0x00, pcr_before.len);
evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
.verify = _verify,
.destroy = _destroy,
},
- .name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TBOOT,
+ .name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TGRUB,
qualifier),
.depth = depth,
);
{
return this->extended_pcr;
}
+
METHOD(pts_comp_evidence_t, get_measurement, chunk_t,
private_pts_comp_evidence_t *this, u_int32_t *extended_pcr,
pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform,
return &this->public;
}
+/**
+ * See header
+ */
+pts_pcr_transform_t pts_meas_algo_to_pcr_transform(pts_meas_algorithms_t algo,
+ size_t pcr_len)
+{
+ size_t hash_size;
+
+ hash_size = pts_meas_algo_hash_size(algo);
+ if (hash_size == 0)
+ {
+ return PTS_PCR_TRANSFORM_NO;
+ }
+ if (hash_size == pcr_len)
+ {
+ return PTS_PCR_TRANSFORM_MATCH;
+ }
+ if (hash_size > pcr_len)
+ {
+ return PTS_PCR_TRANSFORM_LONG;
+ }
+ return PTS_PCR_TRANSFORM_SHORT;
+}
+
time_t measurement_time,
chunk_t measurement);
+/**
+ * Determine transform to fit measurement hash into PCR register
+ *
+ * @param algo Measurement hash algorithm
+ * @param pcr_len Length of the PCR registers in bytes
+ * @return PCR transform type
+ */
+pts_pcr_transform_t pts_meas_algo_to_pcr_transform(pts_meas_algorithms_t algo,
+ size_t pcr_len);
+
#endif /** PTS_COMP_EVIDENCE_H_ @}*/
#define PTS_BUF_SIZE 4096
+/**
+ * Maximum number of PCR's of TPM, TPM Spec 1.2
+ */
+#define PCR_MAX_NUM 24
+
+/**
+ * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
+ */
+#define PCR_LEN 20
+
typedef struct private_pts_t private_pts_t;
/**
print_tpm_version_info(this);
}
+METHOD(pts_t, get_pcr_len, size_t,
+ private_pts_t *this)
+{
+ return this->pcr_len;
+}
+
/**
* Load an AIK Blob (TSS_TSPATTRIB_KEYBLOB_BLOB attribute)
*/
.set_platform_info = _set_platform_info,
.get_tpm_version_info = _get_tpm_version_info,
.set_tpm_version_info = _set_tpm_version_info,
+ .get_pcr_len = _get_pcr_len,
.get_aik = _get_aik,
.set_aik = _set_aik,
.is_path_valid = _is_path_valid,
if (has_tpm(this))
{
this->has_tpm = TRUE;
+ this->pcr_len = PCR_LEN;
this->proto_caps |= PTS_PROTO_CAPS_T | PTS_PROTO_CAPS_D;
load_aik(this);
load_aik_blob(this);
#define PCR_DEBUG 16
/**
- * Number of sequences for functional components
- */
-#define TBOOT_SEQUENCE_COUNT 2
-#define TGRUB_SEQUENCE_COUNT 6
-
-/**
* Length of the generated nonce used for calculation of shared secret
*/
#define ASSESSMENT_SECRET_LEN 20
/**
- * Maximum number of PCR's of TPM, TPM Spec 1.2
- */
-#define PCR_MAX_NUM 24
-
-/**
- * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
- */
-#define PCR_LEN 20
-
-/**
* Lenght of the TPM_QUOTE_INFO structure, TPM Spec 1.2
*/
#define TPM_QUOTE_INFO_LEN 48
void (*set_tpm_version_info)(pts_t *this, chunk_t info);
/**
+ * Get the length of the TPM PCR registers
+ *
+ * @return Length of PCR registers in bytes, 0 if undefined
+ */
+ size_t (*get_pcr_len)(pts_t *this);
+
+ /**
* Get Attestation Identity Certificate or Public Key
*
* @return AIK Certificate or Public Key
return HASH_UNKNOWN;
}
}
+
+/**
+ * Described in header.
+ */
+size_t pts_meas_algo_hash_size(pts_meas_algorithms_t algorithm)
+{
+ switch (algorithm)
+ {
+ case PTS_MEAS_ALGO_SHA1:
+ return HASH_SIZE_SHA1;
+ case PTS_MEAS_ALGO_SHA256:
+ return HASH_SIZE_SHA256;
+ case PTS_MEAS_ALGO_SHA384:
+ return HASH_SIZE_SHA384;
+ case PTS_MEAS_ALGO_NONE:
+ default:
+ return 0;
+ }
+}
+
*/
hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm);
+/**
+ * Return the hash size of a pts_meas_algorithm
+ *
+ * @param algorithm PTS measurement algorithm type
+ * @return hash size in bytes
+ */
+size_t pts_meas_algo_hash_size(pts_meas_algorithms_t algorithm);
+
#endif /** PTS_MEAS_ALGO_H_ @}*/
projects / strongswan.git / commitdiff