Construct PCR Composite using information received in Simple Component Evidence attributes
This commit is contained in:
parent
e130cc77ee
commit
f0a5e5bdac
|
@ -810,7 +810,7 @@ METHOD(pts_t, quote_tpm, bool,
|
||||||
TSS_VALIDATION valData;
|
TSS_VALIDATION valData;
|
||||||
u_int32_t i;
|
u_int32_t i;
|
||||||
TSS_RESULT result;
|
TSS_RESULT result;
|
||||||
chunk_t pcr_comp, quote_sign;
|
chunk_t quote_sign;
|
||||||
|
|
||||||
result = Tspi_Context_Create(&hContext);
|
result = Tspi_Context_Create(&hContext);
|
||||||
if (result != TSS_SUCCESS)
|
if (result != TSS_SUCCESS)
|
||||||
|
@ -991,40 +991,31 @@ static u_int32_t get_max_pcr_index(private_pts_t *this)
|
||||||
METHOD(pts_t, does_pcr_value_match, bool,
|
METHOD(pts_t, does_pcr_value_match, bool,
|
||||||
private_pts_t *this, chunk_t pcr_after_value)
|
private_pts_t *this, chunk_t pcr_after_value)
|
||||||
{
|
{
|
||||||
linked_list_t *entries;
|
|
||||||
enumerator_t *e;
|
enumerator_t *e;
|
||||||
pcr_entry_t *pcr_entry;
|
pcr_entry_t *entry;
|
||||||
bool match_found = FALSE;
|
|
||||||
|
|
||||||
if (!load_pcr_entries(&entries))
|
if (!this->pcrs)
|
||||||
{
|
{
|
||||||
DBG1(DBG_PTS, "failed to load PCR entries");
|
this->pcrs = linked_list_create();
|
||||||
return FALSE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
e = entries->create_enumerator(entries);
|
e = this->pcrs->create_enumerator(this->pcrs);
|
||||||
while (e->enumerate(e, &pcr_entry))
|
while (e->enumerate(e, &entry))
|
||||||
{
|
{
|
||||||
if (strncmp(pcr_entry->pcr_value, pcr_after_value.ptr, PCR_LEN) == 0)
|
if (entry->pcr_number == new->pcr_number)
|
||||||
{
|
{
|
||||||
DBG1(DBG_PTS, "PCR %d value matched with configured value",
|
DBG4(DBG_PTS, "updating already added PCR%d value",
|
||||||
pcr_entry->pcr_number);
|
entry->pcr_number);
|
||||||
match_found = TRUE;
|
this->pcrs->remove_at(this->pcrs, e);
|
||||||
|
free(entry);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
DESTROY_IF(e);
|
DESTROY_IF(e);
|
||||||
DESTROY_IF(entries);
|
|
||||||
free(pcr_entry);
|
|
||||||
|
|
||||||
if (match_found)
|
|
||||||
{
|
|
||||||
return TRUE;
|
|
||||||
}
|
|
||||||
|
|
||||||
DBG1(DBG_PTS, "PCR after value didn't match with any of the configured values");
|
this->pcrs->insert_last(this->pcrs, new);
|
||||||
return FALSE;
|
|
||||||
|
/* TODO: Sort pcr entries with pcr index */
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1088,7 +1079,6 @@ METHOD(pts_t, get_quote_info, bool,
|
||||||
u_int32_t index = pcr_entry->pcr_number;
|
u_int32_t index = pcr_entry->pcr_number;
|
||||||
mask_bytes[index / 8] |= (1 << (index % 8));
|
mask_bytes[index / 8] |= (1 << (index % 8));
|
||||||
}
|
}
|
||||||
|
|
||||||
e->destroy(e);
|
e->destroy(e);
|
||||||
|
|
||||||
for (i = 0; i< bitmask_len ; i++)
|
for (i = 0; i< bitmask_len ; i++)
|
||||||
|
|
|
@ -389,19 +389,20 @@ struct pts_t {
|
||||||
chunk_t *pcr_composite, chunk_t *quote_signature);
|
chunk_t *pcr_composite, chunk_t *quote_signature);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check PCR after value in Simple Component Evidence matches configured value
|
* Add extended PCR with its corresponding value
|
||||||
*
|
*
|
||||||
* @return FALSE in case of any error or non-match, TRUE otherwise
|
* @return FALSE in case of any error or non-match, TRUE otherwise
|
||||||
*/
|
*/
|
||||||
bool (*does_pcr_value_match)(pts_t *this, chunk_t pcr_after_value);
|
void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructs and returns TPM Quote Info structure expected from IMC
|
* Constructs and returns TPM Quote Info structure expected from IMC
|
||||||
*
|
*
|
||||||
* @param digest Output variable to store quote digest
|
* @param pcr_composite Output variable to store PCR Composite
|
||||||
|
* @param quote_info Output variable to store TPM Quote Info
|
||||||
* @return FALSE in case of any error, TRUE otherwise
|
* @return FALSE in case of any error, TRUE otherwise
|
||||||
*/
|
*/
|
||||||
bool (*get_quote_info)(pts_t *this, chunk_t *quote_info);
|
bool (*get_quote_info)(pts_t *this, chunk_t *pcr_composite, chunk_t *quote_info);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructs and returns PCR Quote Digest structure expected from IMC
|
* Constructs and returns PCR Quote Digest structure expected from IMC
|
||||||
|
|
Loading…
Reference in New Issue