Implemented handling of DH Parameters Response and Finish attributes

Implemented calculating session secrets

src/libimcv/plugins/imc_attestation/imc_attestation.c

@@ -68,6 +68,12 @@ static pts_meas_algorithms_t supported_algorithms = 0;
  */
 static pts_dh_group_t supported_dh_groups = 0;
 
+/**
+ * High Entropy Random Data
+ * used in calculation of shared secret for the assessment session
+ */
+static chunk_t responder_nonce;
+
 /**
  * see section 3.7.1 of TCG TNC IF-IMC Specification 1.2
  */
@@ -290,9 +296,21 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
 					tcg_pts_attr_dh_nonce_params_req_t *attr_cast;
 					u_int8_t min_nonce_len;
 					pts_dh_group_t offered_dh_groups, selected_dh_group;
-
+					rng_t *rng;
+					chunk_t responder_pub_val;
+					char buf[NONCE_LEN];
+					
 					attr_cast = (tcg_pts_attr_dh_nonce_params_req_t*)attr;
 					min_nonce_len = attr_cast->get_min_nonce_len(attr_cast);
+					if (NONCE_LEN < min_nonce_len || NONCE_LEN <= 16)
+					{
+						attr_info = attr->get_value(attr);
+						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+									TCG_PTS_BAD_NONCE_LENGTH, attr_info);
+						attr_list->insert_last(attr_list, attr);
+						break;
+					}
+					
 					offered_dh_groups = attr_cast->get_dh_groups(attr_cast);
 
 					if ((supported_dh_groups & PTS_DH_GROUP_IKE20) &&
@@ -331,13 +349,58 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
 
 					/* Send DH Nonce Parameters Response attribute */
 					selected_dh_group = pts->get_dh_group(pts);
-					/* TODO: Implement */
+					if (!pts->create_dh(pts, selected_dh_group))
+					{
+						return TNC_RESULT_FATAL;
+					}
+					responder_pub_val = pts->get_my_pub_val(pts);
 					
+					/* create a responder nonce */
+					rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+					if (rng)
+					{
+						rng->get_bytes(rng, sizeof(buf), buf);
+						rng->destroy(rng);
+					}
+					responder_nonce = chunk_create(buf, sizeof(buf));
+					
+					attr = tcg_pts_attr_dh_nonce_params_resp_create(NONCE_LEN,
+								selected_dh_group, supported_algorithms,
+								responder_nonce, responder_pub_val);
+					attr_list->insert_last(attr_list, attr);
 					break;
 				}
 				case TCG_PTS_DH_NONCE_FINISH:
 				{
-					/* TODO: Implement */
+					tcg_pts_attr_dh_nonce_finish_t *attr_cast;
+					u_int8_t nonce_len;
+					pts_meas_algorithms_t selected_algorithm;
+   					chunk_t initiator_nonce, initiator_pub_val;
+
+					attr_cast = (tcg_pts_attr_dh_nonce_finish_t*)attr;
+					nonce_len = attr_cast->get_nonce_len(attr_cast);
+					if (nonce_len < 0 || nonce_len <= 16)
+					{
+						attr_info = attr->get_value(attr);
+						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+									TCG_PTS_BAD_NONCE_LENGTH, attr_info);
+						attr_list->insert_last(attr_list, attr);
+						break;
+					}
+
+					selected_algorithm = attr_cast->get_hash_algo(attr_cast);
+					initiator_pub_val = attr_cast->get_initiator_pub_val(attr_cast);
+					initiator_nonce = attr_cast->get_initiator_nonce(attr_cast);
+					
+					DBG3(DBG_IMC, "Initiator nonce: %B", &initiator_nonce);
+					DBG3(DBG_IMC, "Responder nonce: %B", &responder_nonce);
+					pts->set_other_pub_val(pts, initiator_pub_val);
+					if (!pts->calculate_secret(pts, initiator_nonce,
+										responder_nonce, selected_algorithm))
+					{
+						return TNC_RESULT_FATAL;
+					}
+					
 					break;
 				}
 				case TCG_PTS_MEAS_ALGO:
@@ -729,6 +792,7 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
 		return TNC_RESULT_NOT_INITIALIZED;
 	}
 
+	free(responder_nonce.ptr);
 	libpts_deinit();
 
 	imc_attestation->destroy(imc_attestation);

src/libimcv/plugins/imv_attestation/imv_attestation.c

@@ -72,6 +72,12 @@ static pts_meas_algorithms_t supported_algorithms = 0;
  */
 static pts_dh_group_t supported_dh_groups = 0;
 
+/**
+ * High Entropy Random Data
+ * used in calculation of shared secret for the assessment session
+ */
+static chunk_t initiator_nonce;
+
 /**
  * PTS file measurement database
  */
@@ -87,6 +93,11 @@ static pts_creds_t *pts_creds;
  */
 static credential_manager_t *pts_credmgr;
 
+/**
+ * TRUE if DH Nonce Parameters Request attribute is sent
+ */
+static bool dh_nonce_req_sent = FALSE;
+
 /**
  * see section 3.7.1 of TCG TNC IF-IMV Specification 1.2
  */
@@ -246,7 +257,7 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
 	
 	msg = pa_tnc_msg_create();
 	
-
+	switch_state:
 	/* Switch on the attribute type IMV has received */
 	switch (handshake_state)
 	{
@@ -266,40 +277,61 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
 			msg->add_attribute(msg, attr);
 
 			attestation_state->set_handshake_state(attestation_state,
-										IMV_ATTESTATION_STATE_DH_NONCE);
+										IMV_ATTESTATION_STATE_TPM_INIT);
 			break;
 		}
-		case IMV_ATTESTATION_STATE_DH_NONCE:
+		case IMV_ATTESTATION_STATE_TPM_INIT:
 		{
-			bool request_sent = FALSE;
-
 			/* Jump to Measurement state if IMC has no TPM */
 			if(!(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T))
 			{
-				attestation_state->set_handshake_state(attestation_state,
-										IMV_ATTESTATION_STATE_MEAS);
+				handshake_state = IMV_ATTESTATION_STATE_MEAS;
+				DBG3(DBG_IMV, "TPM is not available on IMC side, ",
+							  "jumping to measurement phase");
+				goto switch_state;
 			}
-			else if (!request_sent)
+			
+			if (!dh_nonce_req_sent)
 			{
 				/* Send DH nonce parameters request attribute */
 				attr = tcg_pts_attr_dh_nonce_params_req_create(0, supported_dh_groups);
 				attr->set_noskip_flag(attr, TRUE);
 				msg->add_attribute(msg, attr);
-				request_sent = TRUE;
+				dh_nonce_req_sent = TRUE;
 			}
-			else if (request_sent)
+			else
 			{
+				pts_meas_algorithms_t selected_algorithm;
+				chunk_t initiator_pub_val;
+
 				/* Send DH nonce finish attribute */
+				selected_algorithm = pts->get_meas_algorithm(pts);
+				initiator_pub_val = pts->get_my_pub_val(pts);
+				attr = tcg_pts_attr_dh_nonce_finish_create(NONCE_LEN,
+									selected_algorithm, initiator_nonce,
+									initiator_pub_val);
+				attr->set_noskip_flag(attr, TRUE);
+				msg->add_attribute(msg, attr);
+
+				/* Send Get TPM Version attribute */
+				attr = tcg_pts_attr_get_tpm_version_info_create();
+				attr->set_noskip_flag(attr, TRUE);
+				msg->add_attribute(msg, attr);
+
+				/* Send Get AIK attribute */
+				attr = tcg_pts_attr_get_aik_create();
+				attr->set_noskip_flag(attr, TRUE);
+				msg->add_attribute(msg, attr);
+
 				attestation_state->set_handshake_state(attestation_state,
 										IMV_ATTESTATION_STATE_MEAS);
 			}
 
 			break;
-			
 		}
-
 		case IMV_ATTESTATION_STATE_MEAS:
 		{
+			
 			enumerator_t *enumerator;
 			u_int32_t delimiter = SOLIDUS_UTF;
 			char *platform_info, *pathname;
@@ -310,19 +342,6 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
 			attestation_state->set_handshake_state(attestation_state,
 										IMV_ATTESTATION_STATE_COMP_EVID);
 
-			/* Does the PTS-IMC have TPM support? */
-			{
-				/* Send Get TPM Version attribute */
-				attr = tcg_pts_attr_get_tpm_version_info_create();
-				attr->set_noskip_flag(attr, TRUE);
-				msg->add_attribute(msg, attr);
-	
-				/* Send Get AIK attribute */
-				attr = tcg_pts_attr_get_aik_create();
-				attr->set_noskip_flag(attr, TRUE);
-				msg->add_attribute(msg, attr);
-			}
-
 			/* Get Platform and OS of the PTS-IMC */
 			platform_info = pts->get_platform_info(pts);
 
@@ -423,6 +442,8 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
 	TNC_Result result;
 	bool fatal_error = FALSE;
 	bool measurement_error = FALSE;
+	linked_list_t *attr_list;
+	chunk_t attr_info;
 
 	if (!imv_attestation)
 	{
@@ -449,6 +470,7 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
 		return result;
 	}
 
+	attr_list = linked_list_create();
 	/* analyze PA-TNC attributes */
 	enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
 	while (enumerator->enumerate(enumerator, &attr))
@@ -522,11 +544,6 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
 					pts->set_proto_caps(pts, flags);
 					break;
 				}
-				case TCG_PTS_DH_NONCE_PARAMS_RESP:
-				{
-					/* TODO: Implement */
-					break;
-				}
 				case TCG_PTS_MEAS_ALGO_SELECTION:
 				{
 					tcg_pts_attr_meas_algo_t *attr_cast;
@@ -537,6 +554,84 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
 					pts->set_meas_algorithm(pts, selected_algorithm);
 					break;
 				}
+				case TCG_PTS_DH_NONCE_PARAMS_RESP:
+				{
+					tcg_pts_attr_dh_nonce_params_resp_t *attr_cast;
+					u_int8_t nonce_len;
+					pts_dh_group_t dh_group;
+					pts_meas_algorithms_t offered_algorithms, selected_algorithm;
+					chunk_t responder_nonce;
+					chunk_t responder_pub_val;
+					rng_t *rng;
+					char buf[NONCE_LEN];
+
+					attr_cast = (tcg_pts_attr_dh_nonce_params_resp_t*)attr;
+					
+					nonce_len = attr_cast->get_nonce_len(attr_cast);
+					if (nonce_len < 0 || nonce_len <= 16)
+					{
+						attr_info = attr->get_value(attr);
+						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+									TCG_PTS_BAD_NONCE_LENGTH, attr_info);
+						attr_list->insert_last(attr_list, attr);
+						break;
+					}
+					
+					dh_group = attr_cast->get_dh_group(attr_cast);
+					
+					offered_algorithms = attr_cast->get_hash_algo_set(attr_cast);
+					if ((supported_algorithms & PTS_MEAS_ALGO_SHA384) &&
+						(offered_algorithms & PTS_MEAS_ALGO_SHA384))
+					{
+						pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA384);
+					}
+					else if ((supported_algorithms & PTS_MEAS_ALGO_SHA256) &&
+							 (offered_algorithms & PTS_MEAS_ALGO_SHA256))
+					{
+						pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA256);
+					}
+
+					else if ((supported_algorithms & PTS_MEAS_ALGO_SHA1) &&
+							 (offered_algorithms & PTS_MEAS_ALGO_SHA1))
+					{
+						pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA1);
+					}
+					else
+					{
+						attr = pts_hash_alg_error_create(supported_algorithms);
+						attr_list->insert_last(attr_list, attr);
+						break;
+					}
+
+					selected_algorithm = pts->get_meas_algorithm(pts);
+					responder_nonce = attr_cast->get_responder_nonce(attr_cast);
+					responder_pub_val = attr_cast->get_responder_pub_val(attr_cast);
+
+					/* Calculate secret assessment value */
+					if (!pts->create_dh(pts, dh_group))
+					{
+						return TNC_RESULT_FATAL;
+					}
+					pts->set_other_pub_val(pts, responder_pub_val);
+					
+					/* Create a initiator nonce */
+					rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+					if (rng)
+					{
+						rng->get_bytes(rng, sizeof(buf), buf);
+						rng->destroy(rng);
+					}
+					initiator_nonce = chunk_create(buf, sizeof(buf));
+					
+					DBG3(DBG_IMV, "Initiator nonce: %B", &initiator_nonce);
+					DBG3(DBG_IMV, "Responder nonce: %B", &responder_nonce);
+					if (!pts->calculate_secret(pts, initiator_nonce,
+										responder_nonce, selected_algorithm))
+					{
+						return TNC_RESULT_FATAL;
+					}
+					break;
+				}
 				case TCG_PTS_TPM_VERSION_INFO:
 				{
 					tcg_pts_attr_tpm_version_info_t *attr_cast;
@@ -718,6 +813,25 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
 													   connection_id);
 	}
 
+	if (attr_list->get_count(attr_list))
+	{
+		pa_tnc_msg = pa_tnc_msg_create();
+
+		enumerator = attr_list->create_enumerator(attr_list);
+		while (enumerator->enumerate(enumerator, &attr))
+		{
+			pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
+		}
+		enumerator->destroy(enumerator);
+
+		pa_tnc_msg->build(pa_tnc_msg);
+		result = imv_attestation->send_message(imv_attestation, connection_id,
+							pa_tnc_msg->get_encoding(pa_tnc_msg));
+		pa_tnc_msg->destroy(pa_tnc_msg);
+		attr_list->destroy(attr_list);
+		return result;
+	}
+
 	if (attestation_state->get_handshake_state(attestation_state) &
 		IMV_ATTESTATION_STATE_END)
 	{
@@ -807,6 +921,7 @@ TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id)
 	}
 	DESTROY_IF(pts_db);
 	DESTROY_IF(pts_credmgr);
+	free(initiator_nonce.ptr);
 
 	libpts_deinit();
 

src/libpts/pts/pts.c

@@ -56,14 +56,14 @@ struct private_pts_t {
 	pts_dh_group_t dh_group;
 
 	/**
-	 * Contains a Diffie Hellman Nonce
+	 * Contains a Diffie Hellman object
 	 */
-	chunk_t dh_nonce;
+	diffie_hellman_t *dh;
 
 	/**
-	 * Contains a Diffie Hellman Public Value
+	 * Secret assessment value to be used for TPM Quote as an external data
 	 */
-	chunk_t dh_public_value;
+	chunk_t secret;
 
 	/**
 	 * Platform and OS Info
@@ -141,10 +141,90 @@ METHOD(pts_t, set_dh_group, void,
 		 diffie_hellman_group_names, dh_group);
 	if (dh_group != MODP_NONE)
 	{
-		this->dh_group = dh_group;
+		this->dh_group = group;
 	}
 }
 
+METHOD(pts_t, create_dh, bool,
+	   private_pts_t *this, pts_dh_group_t group)
+{
+	diffie_hellman_group_t dh_group;
+
+	dh_group = pts_dh_group_to_strongswan_dh_group(group);
+	if (dh_group != MODP_NONE)
+	{
+		this->dh = lib->crypto->create_dh(lib->crypto, dh_group);
+		return TRUE;
+	}
+	DBG1(DBG_PTS, "Unable to create Diffie Hellman object with group %N",
+		diffie_hellman_group_names, dh_group);
+	return FALSE;
+}
+
+METHOD(pts_t, get_my_pub_val, chunk_t,
+	   private_pts_t *this)
+{
+	chunk_t public_value;
+
+	this->dh->get_my_public_value(this->dh, &public_value);
+	DBG3(DBG_PTS, "My Public value:%B", &public_value);
+	return public_value;
+}
+
+METHOD(pts_t, set_other_pub_val, void,
+	   private_pts_t *this, chunk_t value)
+{
+	DBG3(DBG_PTS, "Partner's Public value:%B", &value);
+	this->dh->set_other_public_value(this->dh, value);
+}
+
+METHOD(pts_t, calculate_secret, bool,
+	   private_pts_t *this, chunk_t initiator_nonce, chunk_t responder_nonce,
+	   pts_meas_algorithms_t algorithm)
+{
+	hasher_t *hasher;
+	hash_algorithm_t hash_alg;
+	u_char output[HASH_SIZE_SHA384];
+	chunk_t shared_secret;
+	
+	/* Create a hasher */
+	hash_alg = pts_meas_to_hash_algorithm(algorithm);
+	hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+	if (!hasher)
+	{
+		DBG1(DBG_PTS, "  hasher %N not available", hash_algorithm_names, hash_alg);
+		return FALSE;
+	}
+	
+	if (this->dh->get_shared_secret(this->dh, &shared_secret) != SUCCESS)
+	{
+		DBG1(DBG_PTS, "Shared secret couldn't be calculated");
+		hasher->destroy(hasher);
+		return FALSE;
+	}
+
+	hasher->get_hash(hasher, chunk_create("1", sizeof("1")), NULL);
+	hasher->get_hash(hasher, initiator_nonce, NULL);
+	hasher->get_hash(hasher, responder_nonce, NULL);
+	hasher->get_hash(hasher, shared_secret, output);
+
+	/**
+	 * Link the hash output to the secret and set the length
+	 * Truncate the output to 20 bytes to fit ExternalDate argument of TPM Quote
+	 */
+	this->secret = chunk_create(output, HASH_SIZE_SHA1);
+	DBG3(DBG_PTS, "Secret assessment value: %B", &this->secret);
+	
+	hasher->destroy(hasher);
+	return TRUE;
+}
+
+METHOD(pts_t, get_secret, chunk_t,
+	   private_pts_t *this)
+{
+	return this->secret;
+}
+
 /**
  * Print TPM 1.2 Version Info
  */
@@ -553,8 +633,7 @@ METHOD(pts_t, destroy, void,
 	   private_pts_t *this)
 {
 	DESTROY_IF(this->aik);
-	free(this->dh_nonce.ptr);
-	free(this->dh_public_value.ptr);
+	DESTROY_IF(this->dh);
 	free(this->platform_info);
 	free(this->tpm_version_info.ptr);
 	free(this);
@@ -722,6 +801,11 @@ pts_t *pts_create(bool is_imc)
 			 .set_meas_algorithm = _set_meas_algorithm,
 			 .get_dh_group = _get_dh_group,
 			 .set_dh_group = _set_dh_group,
+			 .create_dh = _create_dh,
+			 .get_my_pub_val = _get_my_pub_val,
+			 .set_other_pub_val = _set_other_pub_val,
+			 .calculate_secret = _calculate_secret,
+			 .get_secret = _get_secret,
 			 .get_platform_info = _get_platform_info,
 			 .set_platform_info = _set_platform_info,
 			 .get_tpm_version_info = _get_tpm_version_info,

src/libpts/pts/pts.h

@@ -38,6 +38,11 @@ typedef struct pts_t pts_t;
 #define SOLIDUS_UTF				0x2F
 #define REVERSE_SOLIDUS_UTF		0x5C
 
+/**
+ * Lenght of the generated nonce used for calculation of shared secret
+ */
+#define NONCE_LEN				20
+
 /**
  * Class implementing the TCG Platform Trust System (PTS)
  *
@@ -86,6 +91,46 @@ struct pts_t {
 	 */
 	void (*set_dh_group)(pts_t *this, pts_dh_group_t dh_group);
 
+	/**
+	 * Set PTS Diffie Hellman Object
+	 *
+	 * @param dh			D-H object
+	 */
+	bool (*create_dh)(pts_t *this, pts_dh_group_t group);
+
+	/**
+	 * Gets Own Diffie Hellman Public Value
+	 *
+	 * @return				D-H Public Value
+	 */
+	chunk_t (*get_my_pub_val)(pts_t *this);
+
+	/**
+	 * Sets the public value of partner.
+	 *
+	 * @param value		public value of partner
+	 */
+	void (*set_other_pub_val) (pts_t *this, chunk_t value);
+
+	/**
+	 * Calculates secret assessment value to be used for TPM Quote as an external data
+	 *
+	 * @param initiator_nonce		Initiator nonce (IMV nonce)
+	 * @param responder_nonce		Responder nonce (IMC nonce)
+	 * @param algorithm				Hashing algorithm
+	 * @return						TRUE, FALSE if not both DH public values and
+	 *															 nonces are set
+	 */
+	bool (*calculate_secret) (pts_t *this, chunk_t initiator_nonce,
+						chunk_t responder_nonce, pts_meas_algorithms_t algorithm);
+
+	/**
+	 * Returns secret assessment value to be used for TPM Quote as an external data
+	 *
+	 * @return			Secret assessment value
+	 */
+	chunk_t (*get_secret) (pts_t *this);
+
 	/**
 	 * Get Platform and OS Info
 	 *