Implemented handling of DH Parameters Response and Finish attributes
Implemented calculating session secrets
This commit is contained in:
parent
a2ca89676b
commit
c10867f40b
|
@ -68,6 +68,12 @@ static pts_meas_algorithms_t supported_algorithms = 0;
|
||||||
*/
|
*/
|
||||||
static pts_dh_group_t supported_dh_groups = 0;
|
static pts_dh_group_t supported_dh_groups = 0;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* High Entropy Random Data
|
||||||
|
* used in calculation of shared secret for the assessment session
|
||||||
|
*/
|
||||||
|
static chunk_t responder_nonce;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* see section 3.7.1 of TCG TNC IF-IMC Specification 1.2
|
* see section 3.7.1 of TCG TNC IF-IMC Specification 1.2
|
||||||
*/
|
*/
|
||||||
|
@ -290,9 +296,21 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
|
||||||
tcg_pts_attr_dh_nonce_params_req_t *attr_cast;
|
tcg_pts_attr_dh_nonce_params_req_t *attr_cast;
|
||||||
u_int8_t min_nonce_len;
|
u_int8_t min_nonce_len;
|
||||||
pts_dh_group_t offered_dh_groups, selected_dh_group;
|
pts_dh_group_t offered_dh_groups, selected_dh_group;
|
||||||
|
rng_t *rng;
|
||||||
|
chunk_t responder_pub_val;
|
||||||
|
char buf[NONCE_LEN];
|
||||||
|
|
||||||
attr_cast = (tcg_pts_attr_dh_nonce_params_req_t*)attr;
|
attr_cast = (tcg_pts_attr_dh_nonce_params_req_t*)attr;
|
||||||
min_nonce_len = attr_cast->get_min_nonce_len(attr_cast);
|
min_nonce_len = attr_cast->get_min_nonce_len(attr_cast);
|
||||||
|
if (NONCE_LEN < min_nonce_len || NONCE_LEN <= 16)
|
||||||
|
{
|
||||||
|
attr_info = attr->get_value(attr);
|
||||||
|
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
|
||||||
|
TCG_PTS_BAD_NONCE_LENGTH, attr_info);
|
||||||
|
attr_list->insert_last(attr_list, attr);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
offered_dh_groups = attr_cast->get_dh_groups(attr_cast);
|
offered_dh_groups = attr_cast->get_dh_groups(attr_cast);
|
||||||
|
|
||||||
if ((supported_dh_groups & PTS_DH_GROUP_IKE20) &&
|
if ((supported_dh_groups & PTS_DH_GROUP_IKE20) &&
|
||||||
|
@ -331,13 +349,58 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
|
||||||
|
|
||||||
/* Send DH Nonce Parameters Response attribute */
|
/* Send DH Nonce Parameters Response attribute */
|
||||||
selected_dh_group = pts->get_dh_group(pts);
|
selected_dh_group = pts->get_dh_group(pts);
|
||||||
/* TODO: Implement */
|
if (!pts->create_dh(pts, selected_dh_group))
|
||||||
|
{
|
||||||
|
return TNC_RESULT_FATAL;
|
||||||
|
}
|
||||||
|
responder_pub_val = pts->get_my_pub_val(pts);
|
||||||
|
|
||||||
|
/* create a responder nonce */
|
||||||
|
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
|
||||||
|
if (rng)
|
||||||
|
{
|
||||||
|
rng->get_bytes(rng, sizeof(buf), buf);
|
||||||
|
rng->destroy(rng);
|
||||||
|
}
|
||||||
|
responder_nonce = chunk_create(buf, sizeof(buf));
|
||||||
|
|
||||||
|
attr = tcg_pts_attr_dh_nonce_params_resp_create(NONCE_LEN,
|
||||||
|
selected_dh_group, supported_algorithms,
|
||||||
|
responder_nonce, responder_pub_val);
|
||||||
|
attr_list->insert_last(attr_list, attr);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case TCG_PTS_DH_NONCE_FINISH:
|
case TCG_PTS_DH_NONCE_FINISH:
|
||||||
{
|
{
|
||||||
/* TODO: Implement */
|
tcg_pts_attr_dh_nonce_finish_t *attr_cast;
|
||||||
|
u_int8_t nonce_len;
|
||||||
|
pts_meas_algorithms_t selected_algorithm;
|
||||||
|
chunk_t initiator_nonce, initiator_pub_val;
|
||||||
|
|
||||||
|
attr_cast = (tcg_pts_attr_dh_nonce_finish_t*)attr;
|
||||||
|
nonce_len = attr_cast->get_nonce_len(attr_cast);
|
||||||
|
if (nonce_len < 0 || nonce_len <= 16)
|
||||||
|
{
|
||||||
|
attr_info = attr->get_value(attr);
|
||||||
|
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
|
||||||
|
TCG_PTS_BAD_NONCE_LENGTH, attr_info);
|
||||||
|
attr_list->insert_last(attr_list, attr);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
selected_algorithm = attr_cast->get_hash_algo(attr_cast);
|
||||||
|
initiator_pub_val = attr_cast->get_initiator_pub_val(attr_cast);
|
||||||
|
initiator_nonce = attr_cast->get_initiator_nonce(attr_cast);
|
||||||
|
|
||||||
|
DBG3(DBG_IMC, "Initiator nonce: %B", &initiator_nonce);
|
||||||
|
DBG3(DBG_IMC, "Responder nonce: %B", &responder_nonce);
|
||||||
|
pts->set_other_pub_val(pts, initiator_pub_val);
|
||||||
|
if (!pts->calculate_secret(pts, initiator_nonce,
|
||||||
|
responder_nonce, selected_algorithm))
|
||||||
|
{
|
||||||
|
return TNC_RESULT_FATAL;
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case TCG_PTS_MEAS_ALGO:
|
case TCG_PTS_MEAS_ALGO:
|
||||||
|
@ -729,6 +792,7 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
|
||||||
return TNC_RESULT_NOT_INITIALIZED;
|
return TNC_RESULT_NOT_INITIALIZED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
free(responder_nonce.ptr);
|
||||||
libpts_deinit();
|
libpts_deinit();
|
||||||
|
|
||||||
imc_attestation->destroy(imc_attestation);
|
imc_attestation->destroy(imc_attestation);
|
||||||
|
|
|
@ -72,6 +72,12 @@ static pts_meas_algorithms_t supported_algorithms = 0;
|
||||||
*/
|
*/
|
||||||
static pts_dh_group_t supported_dh_groups = 0;
|
static pts_dh_group_t supported_dh_groups = 0;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* High Entropy Random Data
|
||||||
|
* used in calculation of shared secret for the assessment session
|
||||||
|
*/
|
||||||
|
static chunk_t initiator_nonce;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* PTS file measurement database
|
* PTS file measurement database
|
||||||
*/
|
*/
|
||||||
|
@ -87,6 +93,11 @@ static pts_creds_t *pts_creds;
|
||||||
*/
|
*/
|
||||||
static credential_manager_t *pts_credmgr;
|
static credential_manager_t *pts_credmgr;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TRUE if DH Nonce Parameters Request attribute is sent
|
||||||
|
*/
|
||||||
|
static bool dh_nonce_req_sent = FALSE;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* see section 3.7.1 of TCG TNC IF-IMV Specification 1.2
|
* see section 3.7.1 of TCG TNC IF-IMV Specification 1.2
|
||||||
*/
|
*/
|
||||||
|
@ -246,7 +257,7 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
|
||||||
|
|
||||||
msg = pa_tnc_msg_create();
|
msg = pa_tnc_msg_create();
|
||||||
|
|
||||||
|
switch_state:
|
||||||
/* Switch on the attribute type IMV has received */
|
/* Switch on the attribute type IMV has received */
|
||||||
switch (handshake_state)
|
switch (handshake_state)
|
||||||
{
|
{
|
||||||
|
@ -266,40 +277,61 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
|
||||||
msg->add_attribute(msg, attr);
|
msg->add_attribute(msg, attr);
|
||||||
|
|
||||||
attestation_state->set_handshake_state(attestation_state,
|
attestation_state->set_handshake_state(attestation_state,
|
||||||
IMV_ATTESTATION_STATE_DH_NONCE);
|
IMV_ATTESTATION_STATE_TPM_INIT);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case IMV_ATTESTATION_STATE_DH_NONCE:
|
case IMV_ATTESTATION_STATE_TPM_INIT:
|
||||||
{
|
{
|
||||||
bool request_sent = FALSE;
|
|
||||||
|
|
||||||
/* Jump to Measurement state if IMC has no TPM */
|
/* Jump to Measurement state if IMC has no TPM */
|
||||||
if(!(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T))
|
if(!(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T))
|
||||||
{
|
{
|
||||||
attestation_state->set_handshake_state(attestation_state,
|
handshake_state = IMV_ATTESTATION_STATE_MEAS;
|
||||||
IMV_ATTESTATION_STATE_MEAS);
|
DBG3(DBG_IMV, "TPM is not available on IMC side, ",
|
||||||
|
"jumping to measurement phase");
|
||||||
|
goto switch_state;
|
||||||
}
|
}
|
||||||
else if (!request_sent)
|
|
||||||
|
if (!dh_nonce_req_sent)
|
||||||
{
|
{
|
||||||
/* Send DH nonce parameters request attribute */
|
/* Send DH nonce parameters request attribute */
|
||||||
attr = tcg_pts_attr_dh_nonce_params_req_create(0, supported_dh_groups);
|
attr = tcg_pts_attr_dh_nonce_params_req_create(0, supported_dh_groups);
|
||||||
attr->set_noskip_flag(attr, TRUE);
|
attr->set_noskip_flag(attr, TRUE);
|
||||||
msg->add_attribute(msg, attr);
|
msg->add_attribute(msg, attr);
|
||||||
request_sent = TRUE;
|
dh_nonce_req_sent = TRUE;
|
||||||
}
|
}
|
||||||
else if (request_sent)
|
else
|
||||||
{
|
{
|
||||||
|
pts_meas_algorithms_t selected_algorithm;
|
||||||
|
chunk_t initiator_pub_val;
|
||||||
|
|
||||||
/* Send DH nonce finish attribute */
|
/* Send DH nonce finish attribute */
|
||||||
|
selected_algorithm = pts->get_meas_algorithm(pts);
|
||||||
|
initiator_pub_val = pts->get_my_pub_val(pts);
|
||||||
|
attr = tcg_pts_attr_dh_nonce_finish_create(NONCE_LEN,
|
||||||
|
selected_algorithm, initiator_nonce,
|
||||||
|
initiator_pub_val);
|
||||||
|
attr->set_noskip_flag(attr, TRUE);
|
||||||
|
msg->add_attribute(msg, attr);
|
||||||
|
|
||||||
|
/* Send Get TPM Version attribute */
|
||||||
|
attr = tcg_pts_attr_get_tpm_version_info_create();
|
||||||
|
attr->set_noskip_flag(attr, TRUE);
|
||||||
|
msg->add_attribute(msg, attr);
|
||||||
|
|
||||||
|
/* Send Get AIK attribute */
|
||||||
|
attr = tcg_pts_attr_get_aik_create();
|
||||||
|
attr->set_noskip_flag(attr, TRUE);
|
||||||
|
msg->add_attribute(msg, attr);
|
||||||
|
|
||||||
attestation_state->set_handshake_state(attestation_state,
|
attestation_state->set_handshake_state(attestation_state,
|
||||||
IMV_ATTESTATION_STATE_MEAS);
|
IMV_ATTESTATION_STATE_MEAS);
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
case IMV_ATTESTATION_STATE_MEAS:
|
case IMV_ATTESTATION_STATE_MEAS:
|
||||||
{
|
{
|
||||||
|
|
||||||
enumerator_t *enumerator;
|
enumerator_t *enumerator;
|
||||||
u_int32_t delimiter = SOLIDUS_UTF;
|
u_int32_t delimiter = SOLIDUS_UTF;
|
||||||
char *platform_info, *pathname;
|
char *platform_info, *pathname;
|
||||||
|
@ -310,19 +342,6 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
|
||||||
attestation_state->set_handshake_state(attestation_state,
|
attestation_state->set_handshake_state(attestation_state,
|
||||||
IMV_ATTESTATION_STATE_COMP_EVID);
|
IMV_ATTESTATION_STATE_COMP_EVID);
|
||||||
|
|
||||||
/* Does the PTS-IMC have TPM support? */
|
|
||||||
{
|
|
||||||
/* Send Get TPM Version attribute */
|
|
||||||
attr = tcg_pts_attr_get_tpm_version_info_create();
|
|
||||||
attr->set_noskip_flag(attr, TRUE);
|
|
||||||
msg->add_attribute(msg, attr);
|
|
||||||
|
|
||||||
/* Send Get AIK attribute */
|
|
||||||
attr = tcg_pts_attr_get_aik_create();
|
|
||||||
attr->set_noskip_flag(attr, TRUE);
|
|
||||||
msg->add_attribute(msg, attr);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Get Platform and OS of the PTS-IMC */
|
/* Get Platform and OS of the PTS-IMC */
|
||||||
platform_info = pts->get_platform_info(pts);
|
platform_info = pts->get_platform_info(pts);
|
||||||
|
|
||||||
|
@ -423,6 +442,8 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
|
||||||
TNC_Result result;
|
TNC_Result result;
|
||||||
bool fatal_error = FALSE;
|
bool fatal_error = FALSE;
|
||||||
bool measurement_error = FALSE;
|
bool measurement_error = FALSE;
|
||||||
|
linked_list_t *attr_list;
|
||||||
|
chunk_t attr_info;
|
||||||
|
|
||||||
if (!imv_attestation)
|
if (!imv_attestation)
|
||||||
{
|
{
|
||||||
|
@ -449,6 +470,7 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
attr_list = linked_list_create();
|
||||||
/* analyze PA-TNC attributes */
|
/* analyze PA-TNC attributes */
|
||||||
enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
|
enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
|
||||||
while (enumerator->enumerate(enumerator, &attr))
|
while (enumerator->enumerate(enumerator, &attr))
|
||||||
|
@ -522,11 +544,6 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
|
||||||
pts->set_proto_caps(pts, flags);
|
pts->set_proto_caps(pts, flags);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case TCG_PTS_DH_NONCE_PARAMS_RESP:
|
|
||||||
{
|
|
||||||
/* TODO: Implement */
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
case TCG_PTS_MEAS_ALGO_SELECTION:
|
case TCG_PTS_MEAS_ALGO_SELECTION:
|
||||||
{
|
{
|
||||||
tcg_pts_attr_meas_algo_t *attr_cast;
|
tcg_pts_attr_meas_algo_t *attr_cast;
|
||||||
|
@ -537,6 +554,84 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
|
||||||
pts->set_meas_algorithm(pts, selected_algorithm);
|
pts->set_meas_algorithm(pts, selected_algorithm);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
case TCG_PTS_DH_NONCE_PARAMS_RESP:
|
||||||
|
{
|
||||||
|
tcg_pts_attr_dh_nonce_params_resp_t *attr_cast;
|
||||||
|
u_int8_t nonce_len;
|
||||||
|
pts_dh_group_t dh_group;
|
||||||
|
pts_meas_algorithms_t offered_algorithms, selected_algorithm;
|
||||||
|
chunk_t responder_nonce;
|
||||||
|
chunk_t responder_pub_val;
|
||||||
|
rng_t *rng;
|
||||||
|
char buf[NONCE_LEN];
|
||||||
|
|
||||||
|
attr_cast = (tcg_pts_attr_dh_nonce_params_resp_t*)attr;
|
||||||
|
|
||||||
|
nonce_len = attr_cast->get_nonce_len(attr_cast);
|
||||||
|
if (nonce_len < 0 || nonce_len <= 16)
|
||||||
|
{
|
||||||
|
attr_info = attr->get_value(attr);
|
||||||
|
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
|
||||||
|
TCG_PTS_BAD_NONCE_LENGTH, attr_info);
|
||||||
|
attr_list->insert_last(attr_list, attr);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
dh_group = attr_cast->get_dh_group(attr_cast);
|
||||||
|
|
||||||
|
offered_algorithms = attr_cast->get_hash_algo_set(attr_cast);
|
||||||
|
if ((supported_algorithms & PTS_MEAS_ALGO_SHA384) &&
|
||||||
|
(offered_algorithms & PTS_MEAS_ALGO_SHA384))
|
||||||
|
{
|
||||||
|
pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA384);
|
||||||
|
}
|
||||||
|
else if ((supported_algorithms & PTS_MEAS_ALGO_SHA256) &&
|
||||||
|
(offered_algorithms & PTS_MEAS_ALGO_SHA256))
|
||||||
|
{
|
||||||
|
pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA256);
|
||||||
|
}
|
||||||
|
|
||||||
|
else if ((supported_algorithms & PTS_MEAS_ALGO_SHA1) &&
|
||||||
|
(offered_algorithms & PTS_MEAS_ALGO_SHA1))
|
||||||
|
{
|
||||||
|
pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA1);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
attr = pts_hash_alg_error_create(supported_algorithms);
|
||||||
|
attr_list->insert_last(attr_list, attr);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
selected_algorithm = pts->get_meas_algorithm(pts);
|
||||||
|
responder_nonce = attr_cast->get_responder_nonce(attr_cast);
|
||||||
|
responder_pub_val = attr_cast->get_responder_pub_val(attr_cast);
|
||||||
|
|
||||||
|
/* Calculate secret assessment value */
|
||||||
|
if (!pts->create_dh(pts, dh_group))
|
||||||
|
{
|
||||||
|
return TNC_RESULT_FATAL;
|
||||||
|
}
|
||||||
|
pts->set_other_pub_val(pts, responder_pub_val);
|
||||||
|
|
||||||
|
/* Create a initiator nonce */
|
||||||
|
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
|
||||||
|
if (rng)
|
||||||
|
{
|
||||||
|
rng->get_bytes(rng, sizeof(buf), buf);
|
||||||
|
rng->destroy(rng);
|
||||||
|
}
|
||||||
|
initiator_nonce = chunk_create(buf, sizeof(buf));
|
||||||
|
|
||||||
|
DBG3(DBG_IMV, "Initiator nonce: %B", &initiator_nonce);
|
||||||
|
DBG3(DBG_IMV, "Responder nonce: %B", &responder_nonce);
|
||||||
|
if (!pts->calculate_secret(pts, initiator_nonce,
|
||||||
|
responder_nonce, selected_algorithm))
|
||||||
|
{
|
||||||
|
return TNC_RESULT_FATAL;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
case TCG_PTS_TPM_VERSION_INFO:
|
case TCG_PTS_TPM_VERSION_INFO:
|
||||||
{
|
{
|
||||||
tcg_pts_attr_tpm_version_info_t *attr_cast;
|
tcg_pts_attr_tpm_version_info_t *attr_cast;
|
||||||
|
@ -718,6 +813,25 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
|
||||||
connection_id);
|
connection_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (attr_list->get_count(attr_list))
|
||||||
|
{
|
||||||
|
pa_tnc_msg = pa_tnc_msg_create();
|
||||||
|
|
||||||
|
enumerator = attr_list->create_enumerator(attr_list);
|
||||||
|
while (enumerator->enumerate(enumerator, &attr))
|
||||||
|
{
|
||||||
|
pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
|
||||||
|
}
|
||||||
|
enumerator->destroy(enumerator);
|
||||||
|
|
||||||
|
pa_tnc_msg->build(pa_tnc_msg);
|
||||||
|
result = imv_attestation->send_message(imv_attestation, connection_id,
|
||||||
|
pa_tnc_msg->get_encoding(pa_tnc_msg));
|
||||||
|
pa_tnc_msg->destroy(pa_tnc_msg);
|
||||||
|
attr_list->destroy(attr_list);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
if (attestation_state->get_handshake_state(attestation_state) &
|
if (attestation_state->get_handshake_state(attestation_state) &
|
||||||
IMV_ATTESTATION_STATE_END)
|
IMV_ATTESTATION_STATE_END)
|
||||||
{
|
{
|
||||||
|
@ -807,6 +921,7 @@ TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id)
|
||||||
}
|
}
|
||||||
DESTROY_IF(pts_db);
|
DESTROY_IF(pts_db);
|
||||||
DESTROY_IF(pts_credmgr);
|
DESTROY_IF(pts_credmgr);
|
||||||
|
free(initiator_nonce.ptr);
|
||||||
|
|
||||||
libpts_deinit();
|
libpts_deinit();
|
||||||
|
|
||||||
|
|
|
@ -56,14 +56,14 @@ struct private_pts_t {
|
||||||
pts_dh_group_t dh_group;
|
pts_dh_group_t dh_group;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Contains a Diffie Hellman Nonce
|
* Contains a Diffie Hellman object
|
||||||
*/
|
*/
|
||||||
chunk_t dh_nonce;
|
diffie_hellman_t *dh;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Contains a Diffie Hellman Public Value
|
* Secret assessment value to be used for TPM Quote as an external data
|
||||||
*/
|
*/
|
||||||
chunk_t dh_public_value;
|
chunk_t secret;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Platform and OS Info
|
* Platform and OS Info
|
||||||
|
@ -141,10 +141,90 @@ METHOD(pts_t, set_dh_group, void,
|
||||||
diffie_hellman_group_names, dh_group);
|
diffie_hellman_group_names, dh_group);
|
||||||
if (dh_group != MODP_NONE)
|
if (dh_group != MODP_NONE)
|
||||||
{
|
{
|
||||||
this->dh_group = dh_group;
|
this->dh_group = group;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
METHOD(pts_t, create_dh, bool,
|
||||||
|
private_pts_t *this, pts_dh_group_t group)
|
||||||
|
{
|
||||||
|
diffie_hellman_group_t dh_group;
|
||||||
|
|
||||||
|
dh_group = pts_dh_group_to_strongswan_dh_group(group);
|
||||||
|
if (dh_group != MODP_NONE)
|
||||||
|
{
|
||||||
|
this->dh = lib->crypto->create_dh(lib->crypto, dh_group);
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
DBG1(DBG_PTS, "Unable to create Diffie Hellman object with group %N",
|
||||||
|
diffie_hellman_group_names, dh_group);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(pts_t, get_my_pub_val, chunk_t,
|
||||||
|
private_pts_t *this)
|
||||||
|
{
|
||||||
|
chunk_t public_value;
|
||||||
|
|
||||||
|
this->dh->get_my_public_value(this->dh, &public_value);
|
||||||
|
DBG3(DBG_PTS, "My Public value:%B", &public_value);
|
||||||
|
return public_value;
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(pts_t, set_other_pub_val, void,
|
||||||
|
private_pts_t *this, chunk_t value)
|
||||||
|
{
|
||||||
|
DBG3(DBG_PTS, "Partner's Public value:%B", &value);
|
||||||
|
this->dh->set_other_public_value(this->dh, value);
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(pts_t, calculate_secret, bool,
|
||||||
|
private_pts_t *this, chunk_t initiator_nonce, chunk_t responder_nonce,
|
||||||
|
pts_meas_algorithms_t algorithm)
|
||||||
|
{
|
||||||
|
hasher_t *hasher;
|
||||||
|
hash_algorithm_t hash_alg;
|
||||||
|
u_char output[HASH_SIZE_SHA384];
|
||||||
|
chunk_t shared_secret;
|
||||||
|
|
||||||
|
/* Create a hasher */
|
||||||
|
hash_alg = pts_meas_to_hash_algorithm(algorithm);
|
||||||
|
hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
|
||||||
|
if (!hasher)
|
||||||
|
{
|
||||||
|
DBG1(DBG_PTS, " hasher %N not available", hash_algorithm_names, hash_alg);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this->dh->get_shared_secret(this->dh, &shared_secret) != SUCCESS)
|
||||||
|
{
|
||||||
|
DBG1(DBG_PTS, "Shared secret couldn't be calculated");
|
||||||
|
hasher->destroy(hasher);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
hasher->get_hash(hasher, chunk_create("1", sizeof("1")), NULL);
|
||||||
|
hasher->get_hash(hasher, initiator_nonce, NULL);
|
||||||
|
hasher->get_hash(hasher, responder_nonce, NULL);
|
||||||
|
hasher->get_hash(hasher, shared_secret, output);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Link the hash output to the secret and set the length
|
||||||
|
* Truncate the output to 20 bytes to fit ExternalDate argument of TPM Quote
|
||||||
|
*/
|
||||||
|
this->secret = chunk_create(output, HASH_SIZE_SHA1);
|
||||||
|
DBG3(DBG_PTS, "Secret assessment value: %B", &this->secret);
|
||||||
|
|
||||||
|
hasher->destroy(hasher);
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(pts_t, get_secret, chunk_t,
|
||||||
|
private_pts_t *this)
|
||||||
|
{
|
||||||
|
return this->secret;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Print TPM 1.2 Version Info
|
* Print TPM 1.2 Version Info
|
||||||
*/
|
*/
|
||||||
|
@ -553,8 +633,7 @@ METHOD(pts_t, destroy, void,
|
||||||
private_pts_t *this)
|
private_pts_t *this)
|
||||||
{
|
{
|
||||||
DESTROY_IF(this->aik);
|
DESTROY_IF(this->aik);
|
||||||
free(this->dh_nonce.ptr);
|
DESTROY_IF(this->dh);
|
||||||
free(this->dh_public_value.ptr);
|
|
||||||
free(this->platform_info);
|
free(this->platform_info);
|
||||||
free(this->tpm_version_info.ptr);
|
free(this->tpm_version_info.ptr);
|
||||||
free(this);
|
free(this);
|
||||||
|
@ -722,6 +801,11 @@ pts_t *pts_create(bool is_imc)
|
||||||
.set_meas_algorithm = _set_meas_algorithm,
|
.set_meas_algorithm = _set_meas_algorithm,
|
||||||
.get_dh_group = _get_dh_group,
|
.get_dh_group = _get_dh_group,
|
||||||
.set_dh_group = _set_dh_group,
|
.set_dh_group = _set_dh_group,
|
||||||
|
.create_dh = _create_dh,
|
||||||
|
.get_my_pub_val = _get_my_pub_val,
|
||||||
|
.set_other_pub_val = _set_other_pub_val,
|
||||||
|
.calculate_secret = _calculate_secret,
|
||||||
|
.get_secret = _get_secret,
|
||||||
.get_platform_info = _get_platform_info,
|
.get_platform_info = _get_platform_info,
|
||||||
.set_platform_info = _set_platform_info,
|
.set_platform_info = _set_platform_info,
|
||||||
.get_tpm_version_info = _get_tpm_version_info,
|
.get_tpm_version_info = _get_tpm_version_info,
|
||||||
|
|
|
@ -38,6 +38,11 @@ typedef struct pts_t pts_t;
|
||||||
#define SOLIDUS_UTF 0x2F
|
#define SOLIDUS_UTF 0x2F
|
||||||
#define REVERSE_SOLIDUS_UTF 0x5C
|
#define REVERSE_SOLIDUS_UTF 0x5C
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Lenght of the generated nonce used for calculation of shared secret
|
||||||
|
*/
|
||||||
|
#define NONCE_LEN 20
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class implementing the TCG Platform Trust System (PTS)
|
* Class implementing the TCG Platform Trust System (PTS)
|
||||||
*
|
*
|
||||||
|
@ -86,6 +91,46 @@ struct pts_t {
|
||||||
*/
|
*/
|
||||||
void (*set_dh_group)(pts_t *this, pts_dh_group_t dh_group);
|
void (*set_dh_group)(pts_t *this, pts_dh_group_t dh_group);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set PTS Diffie Hellman Object
|
||||||
|
*
|
||||||
|
* @param dh D-H object
|
||||||
|
*/
|
||||||
|
bool (*create_dh)(pts_t *this, pts_dh_group_t group);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets Own Diffie Hellman Public Value
|
||||||
|
*
|
||||||
|
* @return D-H Public Value
|
||||||
|
*/
|
||||||
|
chunk_t (*get_my_pub_val)(pts_t *this);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the public value of partner.
|
||||||
|
*
|
||||||
|
* @param value public value of partner
|
||||||
|
*/
|
||||||
|
void (*set_other_pub_val) (pts_t *this, chunk_t value);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Calculates secret assessment value to be used for TPM Quote as an external data
|
||||||
|
*
|
||||||
|
* @param initiator_nonce Initiator nonce (IMV nonce)
|
||||||
|
* @param responder_nonce Responder nonce (IMC nonce)
|
||||||
|
* @param algorithm Hashing algorithm
|
||||||
|
* @return TRUE, FALSE if not both DH public values and
|
||||||
|
* nonces are set
|
||||||
|
*/
|
||||||
|
bool (*calculate_secret) (pts_t *this, chunk_t initiator_nonce,
|
||||||
|
chunk_t responder_nonce, pts_meas_algorithms_t algorithm);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns secret assessment value to be used for TPM Quote as an external data
|
||||||
|
*
|
||||||
|
* @return Secret assessment value
|
||||||
|
*/
|
||||||
|
chunk_t (*get_secret) (pts_t *this);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get Platform and OS Info
|
* Get Platform and OS Info
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in New Issue