![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tpm_tss_quote_info.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtpmtss|
Return to tpm_tss_quote_info.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtpmtss |
1.1 misho 1: /*
2: * Copyright (C) 2016 Andreas Steffen
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include <tpm_tss_quote_info.h>
17:
18: #include <bio/bio_writer.h>
19:
20: #ifndef TPM_TAG_QUOTE_INFO2
21: #define TPM_TAG_QUOTE_INFO2 0x0036
22: #endif
23: #ifndef TPM_LOC_ZERO
24: #define TPM_LOC_ZERO 0x01
25: #endif
26:
27: typedef struct private_tpm_tss_quote_info_t private_tpm_tss_quote_info_t;
28:
29: /**
30: * Private data of an tpm_tss_quote_info_t object.
31: */
32: struct private_tpm_tss_quote_info_t {
33:
34: /**
35: * Public tpm_tss_quote_info_t interface.
36: */
37: tpm_tss_quote_info_t public;
38:
39: /**
40: * TPM Quote Mode
41: */
42: tpm_quote_mode_t quote_mode;
43:
44: /**
45: * TPM Qualified Signer
46: */
47: chunk_t qualified_signer;
48:
49: /**
50: * TPM Clock Info
51: */
52: chunk_t clock_info;
53:
54: /**
55: * TPM Version Info
56: */
57: chunk_t version_info;
58:
59: /**
60: * TPM PCR Selection
61: */
62: chunk_t pcr_select;
63:
64: /**
65: * TPM PCR Composite Hash
66: */
67: chunk_t pcr_digest;
68:
69: /**
70: * TPM PCR Composite Hash algorithm
71: */
72: hash_algorithm_t pcr_digest_alg;
73:
74: /**
75: * Reference count
76: */
77: refcount_t ref;
78:
79: };
80:
81: METHOD(tpm_tss_quote_info_t, get_quote_mode, tpm_quote_mode_t,
82: private_tpm_tss_quote_info_t *this)
83: {
84: return this->quote_mode;
85: }
86:
87: METHOD(tpm_tss_quote_info_t, get_pcr_digest_alg, hash_algorithm_t,
88: private_tpm_tss_quote_info_t *this)
89: {
90: return this->pcr_digest_alg;
91: }
92:
93: METHOD(tpm_tss_quote_info_t, get_pcr_digest, chunk_t,
94: private_tpm_tss_quote_info_t *this)
95: {
96: return this->pcr_digest;
97: }
98:
99: METHOD(tpm_tss_quote_info_t, get_quote, bool,
100: private_tpm_tss_quote_info_t *this, chunk_t nonce,
101: tpm_tss_pcr_composite_t *composite, chunk_t *quoted)
102: {
103: chunk_t pcr_composite, pcr_digest;
104: bio_writer_t *writer;
105: hasher_t *hasher;
106: bool equal_digests;
107:
108: /* Construct PCR Composite */
109: writer = bio_writer_create(32);
110:
111: switch (this->quote_mode)
112: {
113: case TPM_QUOTE:
114: case TPM_QUOTE2:
115: case TPM_QUOTE2_VERSION_INFO:
116: writer->write_data16(writer, composite->pcr_select);
117: writer->write_data32(writer, composite->pcr_composite);
118:
119: break;
120: case TPM_QUOTE_TPM2:
121: writer->write_data(writer, composite->pcr_composite);
122: break;
123: case TPM_QUOTE_NONE:
124: break;
125: }
126:
127: pcr_composite = writer->extract_buf(writer);
128: writer->destroy(writer);
129:
130: DBG2(DBG_PTS, "constructed PCR Composite: %B", &pcr_composite);
131:
132: /* Compute PCR Composite Hash */
133: hasher = lib->crypto->create_hasher(lib->crypto, this->pcr_digest_alg);
134: if (!hasher || !hasher->allocate_hash(hasher, pcr_composite, &pcr_digest))
135: {
136: DESTROY_IF(hasher);
137: chunk_free(&pcr_composite);
138: return FALSE;
139: }
140: hasher->destroy(hasher);
141: chunk_free(&pcr_composite);
142:
143: DBG2(DBG_PTS, "constructed PCR Composite digest: %B", &pcr_digest);
144:
145: equal_digests = chunk_equals(pcr_digest, this->pcr_digest);
146:
147: /* Construct Quote Info */
148: writer = bio_writer_create(32);
149:
150: switch (this->quote_mode)
151: {
152: case TPM_QUOTE:
153: /* Version number */
154: writer->write_data(writer, chunk_from_chars(1, 1, 0, 0));
155:
156: /* Magic QUOT value */
157: writer->write_data(writer, chunk_from_str("QUOT"));
158:
159: /* PCR Composite Hash */
160: writer->write_data(writer, pcr_digest);
161:
162: /* Secret assessment value 20 bytes (nonce) */
163: writer->write_data(writer, nonce);
164: break;
165: case TPM_QUOTE2:
166: case TPM_QUOTE2_VERSION_INFO:
167: /* TPM Structure Tag */
168: writer->write_uint16(writer, TPM_TAG_QUOTE_INFO2);
169:
170: /* Magic QUT2 value */
171: writer->write_data(writer, chunk_from_str("QUT2"));
172:
173: /* Secret assessment value 20 bytes (nonce) */
174: writer->write_data(writer, nonce);
175:
176: /* PCR selection */
177: writer->write_data16(writer, composite->pcr_select);
178:
179: /* TPM Locality Selection */
180: writer->write_uint8(writer, TPM_LOC_ZERO);
181:
182: /* PCR Composite Hash */
183: writer->write_data(writer, pcr_digest);
184:
185: if (this->quote_mode == TPM_QUOTE2_VERSION_INFO)
186: {
187: /* TPM version Info */
188: writer->write_data(writer, this->version_info);
189: }
190: break;
191: case TPM_QUOTE_TPM2:
192: /* Magic */
193: writer->write_data(writer, chunk_from_chars(0xff,0x54,0x43,0x47));
194:
195: /* Type */
196: writer->write_uint16(writer, 0x8018);
197:
198: /* Qualified Signer */
199: writer->write_data16(writer, this->qualified_signer);
200:
201: /* Extra Data */
202: writer->write_data16(writer, nonce);
203:
204: /* Clock Info */
205: writer->write_data(writer, this->clock_info);
206:
207: /* Firmware Version */
208: writer->write_data(writer, this->version_info);
209:
210: /* PCR Selection */
211: writer->write_data(writer, this->pcr_select);
212:
213: /* PCR Composite Hash */
214: writer->write_data16(writer, pcr_digest);
215: break;
216: case TPM_QUOTE_NONE:
217: break;
218: }
219: chunk_free(&pcr_digest);
220: *quoted = writer->extract_buf(writer);
221: writer->destroy(writer);
222:
223: DBG2(DBG_PTS, "constructed TPM Quote Info: %B", quoted);
224:
225: if (!equal_digests)
226: {
227: DBG1(DBG_IMV, "received PCR Composite digest does not match "
228: "constructed one");
229: chunk_free(quoted);
230: }
231: return equal_digests;
232: }
233:
234: METHOD(tpm_tss_quote_info_t, set_version_info, void,
235: private_tpm_tss_quote_info_t *this, chunk_t version_info)
236: {
237: chunk_free(&this->version_info);
238: this->version_info = chunk_clone(version_info);
239: }
240:
241: METHOD(tpm_tss_quote_info_t, get_version_info, chunk_t,
242: private_tpm_tss_quote_info_t *this)
243: {
244: return this->version_info;
245: }
246:
247: METHOD(tpm_tss_quote_info_t, set_tpm2_info, void,
248: private_tpm_tss_quote_info_t *this, chunk_t qualified_signer,
249: chunk_t clock_info, chunk_t pcr_select)
250: {
251: chunk_free(&this->qualified_signer);
252: this->qualified_signer = chunk_clone(qualified_signer);
253:
254: chunk_free(&this->clock_info);
255: this->clock_info = chunk_clone(clock_info);
256:
257: chunk_free(&this->pcr_select);
258: this->pcr_select = chunk_clone(pcr_select);
259: }
260:
261: METHOD(tpm_tss_quote_info_t, get_tpm2_info, void,
262: private_tpm_tss_quote_info_t *this, chunk_t *qualified_signer,
263: chunk_t *clock_info, chunk_t *pcr_select)
264: {
265: if (qualified_signer)
266: {
267: *qualified_signer = this->qualified_signer;
268: }
269: if (clock_info)
270: {
271: *clock_info = this->clock_info;
272: }
273: if (pcr_select)
274: {
275: *pcr_select = this->pcr_select;
276: }
277: }
278:
279: METHOD(tpm_tss_quote_info_t, get_ref, tpm_tss_quote_info_t*,
280: private_tpm_tss_quote_info_t *this)
281: {
282: ref_get(&this->ref);
283:
284: return &this->public;
285: }
286:
287: METHOD(tpm_tss_quote_info_t, destroy, void,
288: private_tpm_tss_quote_info_t *this)
289: {
290: if (ref_put(&this->ref))
291: {
292: chunk_free(&this->qualified_signer);
293: chunk_free(&this->clock_info);
294: chunk_free(&this->version_info);
295: chunk_free(&this->pcr_select);
296: chunk_free(&this->pcr_digest);
297: free(this);
298: }
299: }
300:
301: /**
302: * See header
303: */
304: tpm_tss_quote_info_t *tpm_tss_quote_info_create(tpm_quote_mode_t quote_mode,
305: hash_algorithm_t pcr_digest_alg, chunk_t pcr_digest)
306:
307: {
308: private_tpm_tss_quote_info_t *this;
309:
310: INIT(this,
311: .public = {
312: .get_quote_mode = _get_quote_mode,
313: .get_pcr_digest_alg = _get_pcr_digest_alg,
314: .get_pcr_digest = _get_pcr_digest,
315: .get_quote = _get_quote,
316: .set_version_info = _set_version_info,
317: .get_version_info = _get_version_info,
318: .set_tpm2_info = _set_tpm2_info,
319: .get_tpm2_info = _get_tpm2_info,
320: .get_ref = _get_ref,
321: .destroy = _destroy,
322: },
323: .quote_mode = quote_mode,
324: .pcr_digest_alg = pcr_digest_alg,
325: .pcr_digest = chunk_clone(pcr_digest),
326: .ref = 1,
327: );
328:
329: return &this->public;
330: }