ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

defined various measurement hash and pcr functions

This commit is contained in:
Andreas Steffen 2011-11-25 13:18:13 +01:00
parent 057cf96d5b
commit eeefca6b56
8 changed files with 110 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/libpts/pts/components/ita/ita_comp_tboot.c
View File

@ -18,6 +18,7 @@
#include "ita_comp_func_name.h"
#include "pts/components/pts_component.h"
#include "pts/components/pts_comp_evidence.h"
#include <debug.h>
#include <pen/pen.h>
@ -81,6 +82,7 @@ METHOD(pts_component_t, measure, status_t,
pts_comp_evidence_t *evid;
char *meas_hex, *pcr_before_hex, *pcr_after_hex;
chunk_t measurement, pcr_before, pcr_after;
size_t hash_size, pcr_len;
pts_pcr_transform_t pcr_transform;
pts_meas_algorithms_t hash_algo;
@ -112,24 +114,26 @@ METHOD(pts_component_t, measure, status_t,
}
hash_algo = pts->get_meas_algorithm(pts);
switch (hash_algo)
{
case PTS_MEAS_ALGO_SHA1:
pcr_transform = PTS_PCR_TRANSFORM_MATCH;
case PTS_MEAS_ALGO_SHA256:
case PTS_MEAS_ALGO_SHA384:
pcr_transform = PTS_PCR_TRANSFORM_LONG;
case PTS_MEAS_ALGO_NONE:
default:
pcr_transform = PTS_PCR_TRANSFORM_NO;
}
hash_size = pts_meas_algo_hash_size(hash_algo);
pcr_len = pts->get_pcr_len(pts);
pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
/* get and check the measurement data */
measurement = chunk_from_hex(
chunk_create(meas_hex, strlen(meas_hex)), NULL);
pcr_before = chunk_from_hex(
chunk_create(pcr_before_hex, strlen(pcr_before_hex)), NULL);
pcr_after = chunk_from_hex(
chunk_create(pcr_after_hex, strlen(pcr_after_hex)), NULL);
if (pcr_before.len != pcr_len || pcr_after.len != pcr_len ||
measurement.len != hash_size)
{
DBG1(DBG_PTS, "TBOOT measurement or pcr data have the wrong size");
free(measurement.ptr);
free(pcr_before.ptr);
free(pcr_after.ptr);
return FAILED;
}
evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
this->depth, this->extended_pcr,
@ -137,8 +141,6 @@ METHOD(pts_component_t, measure, status_t,
this->measurement_time, measurement);
evid->set_pcr_info(evid, pcr_before, pcr_after);
return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
}

21
src/libpts/pts/components/ita/ita_comp_tgrub.c
View File

@ -73,6 +73,7 @@ METHOD(pts_component_t, measure, status_t,
chunk_t measurement, pcr_before, pcr_after;
pts_pcr_transform_t pcr_transform;
pts_meas_algorithms_t hash_algo;
size_t hash_size, pcr_len;
/* Provisional implementation for TGRUB */
extended_pcr = PCR_DEBUG;
@ -85,22 +86,14 @@ METHOD(pts_component_t, measure, status_t,
}
hash_algo = pts->get_meas_algorithm(pts);
switch (hash_algo)
{
case PTS_MEAS_ALGO_SHA1:
pcr_transform = PTS_PCR_TRANSFORM_MATCH;
case PTS_MEAS_ALGO_SHA256:
case PTS_MEAS_ALGO_SHA384:
pcr_transform = PTS_PCR_TRANSFORM_LONG;
case PTS_MEAS_ALGO_NONE:
default:
pcr_transform = PTS_PCR_TRANSFORM_NO;
}
hash_size = pts_meas_algo_hash_size(hash_algo);
pcr_len = pts->get_pcr_len(pts);
pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
measurement = chunk_alloc(HASH_SIZE_SHA1);
measurement = chunk_alloc(hash_size);
memset(measurement.ptr, 0x00, measurement.len);
pcr_before = chunk_alloc(PCR_LEN);
pcr_before = chunk_alloc(pcr_len);
memset(pcr_before.ptr, 0x00, pcr_before.len);
evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
@ -167,7 +160,7 @@ pts_component_t *pts_ita_comp_tgrub_create(u_int8_t qualifier, u_int32_t depth)
.verify = _verify,
.destroy = _destroy,
},
.name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TBOOT,
.name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TGRUB,
qualifier),
.depth = depth,
);

25
src/libpts/pts/components/pts_comp_evidence.c
View File

@ -106,6 +106,7 @@ METHOD(pts_comp_evidence_t, get_extended_pcr, u_int32_t,
{
return this->extended_pcr;
}
METHOD(pts_comp_evidence_t, get_measurement, chunk_t,
private_pts_comp_evidence_t *this, u_int32_t *extended_pcr,
pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform,
@ -224,3 +225,27 @@ pts_comp_evidence_t *pts_comp_evidence_create(pts_comp_func_name_t *name,
return &this->public;
}
/**
* See header
*/
pts_pcr_transform_t pts_meas_algo_to_pcr_transform(pts_meas_algorithms_t algo,
size_t pcr_len)
{
size_t hash_size;
hash_size = pts_meas_algo_hash_size(algo);
if (hash_size == 0)
{
return PTS_PCR_TRANSFORM_NO;
}
if (hash_size == pcr_len)
{
return PTS_PCR_TRANSFORM_MATCH;
}
if (hash_size > pcr_len)
{
return PTS_PCR_TRANSFORM_LONG;
}
return PTS_PCR_TRANSFORM_SHORT;
}

10
src/libpts/pts/components/pts_comp_evidence.h
View File

@ -157,4 +157,14 @@ pts_comp_evidence_t* pts_comp_evidence_create(pts_comp_func_name_t *name,
time_t measurement_time,
chunk_t measurement);
/**
* Determine transform to fit measurement hash into PCR register
*
* @param algo Measurement hash algorithm
* @param pcr_len Length of the PCR registers in bytes
* @return PCR transform type
*/
pts_pcr_transform_t pts_meas_algo_to_pcr_transform(pts_meas_algorithms_t algo,
size_t pcr_len);
#endif /** PTS_COMP_EVIDENCE_H_ @}*/

18
src/libpts/pts/pts.c
View File

@ -29,6 +29,16 @@
#define PTS_BUF_SIZE 4096
/**
* Maximum number of PCR's of TPM, TPM Spec 1.2
*/
#define PCR_MAX_NUM 24
/**
* Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
*/
#define PCR_LEN 20
typedef struct private_pts_t private_pts_t;
/**
@ -349,6 +359,12 @@ METHOD(pts_t, set_tpm_version_info, void,
print_tpm_version_info(this);
}
METHOD(pts_t, get_pcr_len, size_t,
private_pts_t *this)
{
return this->pcr_len;
}
/**
* Load an AIK Blob (TSS_TSPATTRIB_KEYBLOB_BLOB attribute)
*/
@ -1491,6 +1507,7 @@ pts_t *pts_create(bool is_imc)
.set_platform_info = _set_platform_info,
.get_tpm_version_info = _get_tpm_version_info,
.set_tpm_version_info = _set_tpm_version_info,
.get_pcr_len = _get_pcr_len,
.get_aik = _get_aik,
.set_aik = _set_aik,
.is_path_valid = _is_path_valid,
@ -1519,6 +1536,7 @@ pts_t *pts_create(bool is_imc)
if (has_tpm(this))
{
this->has_tpm = TRUE;
this->pcr_len = PCR_LEN;
this->proto_caps |= PTS_PROTO_CAPS_T | PTS_PROTO_CAPS_D;
load_aik(this);
load_aik_blob(this);

23
src/libpts/pts/pts.h
View File

@ -67,27 +67,11 @@ typedef struct pts_t pts_t;
#define PCR_DEBUG 16
/**
* Number of sequences for functional components
*/
#define TBOOT_SEQUENCE_COUNT 2
#define TGRUB_SEQUENCE_COUNT 6
/**
* Length of the generated nonce used for calculation of shared secret
*/
#define ASSESSMENT_SECRET_LEN 20
/**
* Maximum number of PCR's of TPM, TPM Spec 1.2
*/
#define PCR_MAX_NUM 24
/**
* Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
*/
#define PCR_LEN 20
/**
* Lenght of the TPM_QUOTE_INFO structure, TPM Spec 1.2
*/
@ -240,6 +224,13 @@ struct pts_t {
*/
void (*set_tpm_version_info)(pts_t *this, chunk_t info);
/**
* Get the length of the TPM PCR registers
*
* @return Length of PCR registers in bytes, 0 if undefined
*/
size_t (*get_pcr_len)(pts_t *this);
/**
* Get Attestation Identity Certificate or Public Key
*

20
src/libpts/pts/pts_meas_algo.c
View File

@ -148,3 +148,23 @@ hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm)
return HASH_UNKNOWN;
}
}
/**
* Described in header.
*/
size_t pts_meas_algo_hash_size(pts_meas_algorithms_t algorithm)
{
switch (algorithm)
{
case PTS_MEAS_ALGO_SHA1:
return HASH_SIZE_SHA1;
case PTS_MEAS_ALGO_SHA256:
return HASH_SIZE_SHA256;
case PTS_MEAS_ALGO_SHA384:
return HASH_SIZE_SHA384;
case PTS_MEAS_ALGO_NONE:
default:
return 0;
}
}

8
src/libpts/pts/pts_meas_algo.h
View File

@ -94,4 +94,12 @@ pts_meas_algorithms_t pts_meas_algo_select(pts_meas_algorithms_t supported_algos
*/
hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm);
/**
* Return the hash size of a pts_meas_algorithm
*
* @param algorithm PTS measurement algorithm type
* @return hash size in bytes
*/
size_t pts_meas_algo_hash_size(pts_meas_algorithms_t algorithm);
#endif /** PTS_MEAS_ALGO_H_ @}*/