Implemented creating and handling of Optional PCR Composite field in Simple Evidence Final attribute

src/libimcv/plugins/imv_attestation/imv_attestation_process.c

@@ -314,27 +314,28 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 				if (pcr_comp.ptr && !chunk_equals(pcr_comp, pcr_composite))
 				{
 					DBG1(DBG_IMV, "received PCR Compsosite didn't match with constructed");
-					free(pcr_composite.ptr);
-					free(quote_info.ptr);
+					chunk_clear(&pcr_composite);
+					chunk_clear(&quote_info);
 					return FALSE;
 				}
-				free(pcr_composite.ptr);
+				DBG2(DBG_IMV, "received PCR Composite matches with constructed");
+				chunk_clear(&pcr_composite);
 				
 				/* SHA1(TPM Quote Info) expected from IMC */
 				hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
 				hasher->allocate_hash(hasher, quote_info, &quote_digest);
 				hasher->destroy(hasher);
+				chunk_clear(&quote_info);
 				
 				if (tpm_quote_sign.ptr &&
 					!pts->verify_quote_signature(pts, quote_digest, tpm_quote_sign))
 				{
-					free(quote_digest.ptr);
-					free(quote_info.ptr);
+					chunk_clear(&quote_digest);
 					return FALSE;
 				}
+				
 				DBG2(DBG_IMV, "signature verification succeeded for TPM Quote Info");
-				free(quote_digest.ptr);
-				free(quote_info.ptr);
+				chunk_clear(&quote_digest);
 			}
 			
 			if (evid_signature_included)

src/libpts/pts/pts.c

@@ -832,7 +832,7 @@ METHOD(pts_t, quote_tpm, bool,
 	TSS_VALIDATION valData;
 	u_int32_t i;
 	TSS_RESULT result;
-	chunk_t quote_sign;
+	chunk_t pcr_comp, quote_sign;
 
 	result = Tspi_Context_Create(&hContext);
 	if (result != TSS_SUCCESS)
@@ -913,14 +913,18 @@ METHOD(pts_t, quote_tpm, bool,
 	}
 
 	/* Set output chunks */
-	*pcr_composite = chunk_empty;
+	pcr_comp = chunk_alloc(HASH_SIZE_SHA1);
+	memcpy(pcr_comp.ptr, valData.rgbData + 8, HASH_SIZE_SHA1);
+	*pcr_composite = pcr_comp;
+	*pcr_composite = chunk_clone(*pcr_composite);
+	DBG3(DBG_PTS, "Hash of PCR Composite: %B",pcr_composite);
 	
 	quote_sign = chunk_alloc(valData.ulValidationDataLength);
 	memcpy(quote_sign.ptr, valData.rgbValidationData,
 							  valData.ulValidationDataLength);
 	*quote_signature = quote_sign;
 	*quote_signature = chunk_clone(*quote_signature);
-	DBG3(DBG_PTS, "Quote sign: %B",quote_signature);
+	DBG3(DBG_PTS, "TOM Quote Signature: %B",quote_signature);
 
 	chunk_clear(&quote_sign);
 	Tspi_Context_FreeMemory(hContext, NULL);
@@ -1008,7 +1012,7 @@ METHOD(pts_t, get_quote_info, bool,
 {
 	enumerator_t *e;
 	pcr_entry_t *pcr_entry;
-	chunk_t pcr_composite, hash_pcr_composite, quote_info;
+	chunk_t pcr_composite;
 	u_int32_t pcr_composite_len;
 	bio_writer_t *writer;
 	u_int8_t mask_bytes[PCR_MASK_LEN] = {0,0,0}, i;
@@ -1053,8 +1057,6 @@ METHOD(pts_t, get_quote_info, bool,
 	
 	/* PCR Composite structure */
 	pcr_composite = chunk_clone(writer->get_buf(writer));
-	*out_pcr_composite = pcr_composite;
-	DBG4(DBG_PTS, "Calculated PCR Composite: %B", out_pcr_composite);
 	writer->destroy(writer);
 
 	writer = bio_writer_create(TPM_QUOTE_INFO_LEN);
@@ -1072,28 +1074,28 @@ METHOD(pts_t, get_quote_info, bool,
 
 	/* SHA1 hash of PCR Composite Structure */
 	hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-	hasher->allocate_hash(hasher, pcr_composite, &hash_pcr_composite);
-	hasher->destroy(hasher);
-	writer->write_data(writer, hash_pcr_composite);
+	hasher->allocate_hash(hasher, pcr_composite, out_pcr_composite);
+	DBG4(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite);
 
+	chunk_clear(&pcr_composite);
+	hasher->destroy(hasher);
+	writer->write_data(writer, *out_pcr_composite);
+	
 	if (!this->secret.ptr)
 	{
 		DBG1(DBG_PTS, "Secret assessment value unavailable",
 			 "unable to construct TPM Quote Info");
-		chunk_clear(&pcr_composite);
-		chunk_clear(&hash_pcr_composite);
+		chunk_clear(out_pcr_composite);
 		writer->destroy(writer);
 		return FALSE;
 	}
 	/* Secret assessment value 20 bytes (nonce) */
 	writer->write_data(writer, this->secret);
 	/* TPM Quote Info */
-	quote_info = chunk_clone(writer->get_buf(writer));
-	*out_quote_info = quote_info;
+	*out_quote_info = chunk_clone(writer->get_buf(writer));
 	DBG4(DBG_PTS, "Calculated TPM Quote Info: %B", out_quote_info);
-	
 	writer->destroy(writer);
-	chunk_clear(&hash_pcr_composite);
+	
 	return TRUE;
 }
 

src/libpts/tcg/tcg_pts_attr_simple_evid_final.c

@@ -236,8 +236,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	/*  Optional Composite Hash Algorithm and TPM PCR Composite field is included */
 	if (this->flags != PTS_SIMPLE_EVID_FINAL_FLAG_NO)
 	{
-		/** u_int32_t pcr_comp_len;*/
-		u_int32_t tpm_quote_sign_len;
+		u_int32_t pcr_comp_len, tpm_quote_sign_len;
 		
 		/** TODO: Ignoring Hashing algorithm field
 		 * There is no flag defined which indicates the precense of it
@@ -245,12 +244,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
 		 * this->comp_hash_algorithm = algorithm;
 		 */
 
-		/** TODO: Ignoring PCR Composite field
-		 * Which data to send in this field from IMC?
-		 * reader->read_uint32(reader, &pcr_comp_len);
-		 * reader->read_data(reader, pcr_comp_len, &this->pcr_comp);
-		 * this->pcr_comp = chunk_clone(this->pcr_comp);
-		 */
+		reader->read_uint32(reader, &pcr_comp_len);
+		reader->read_data(reader, pcr_comp_len, &this->pcr_comp);
+		this->pcr_comp = chunk_clone(this->pcr_comp);
+		
 		this->pcr_comp = chunk_empty;
 		reader->read_uint32(reader, &tpm_quote_sign_len);
 		reader->read_data(reader, tpm_quote_sign_len, &this->tpm_quote_sign);