diff options
Diffstat (limited to 'src/libimcv/pts')
23 files changed, 386 insertions, 764 deletions
diff --git a/src/libimcv/pts/components/ita/ita_comp_ima.h b/src/libimcv/pts/components/ita/ita_comp_ima.h index 546d0a4b2..0577eccd9 100644 --- a/src/libimcv/pts/components/ita/ita_comp_ima.h +++ b/src/libimcv/pts/components/ita/ita_comp_ima.h @@ -29,7 +29,7 @@ * @param depth Sub-component depth * @param pts_db PTS measurement database */ -pts_component_t* pts_ita_comp_ima_create(u_int32_t depth, +pts_component_t* pts_ita_comp_ima_create(uint32_t depth, pts_database_t *pts_db); #endif /** PTS_ITA_COMP_IMA_H_ @}*/ diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.c b/src/libimcv/pts/components/ita/ita_comp_tboot.c index 3d990f6f2..324c41f12 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tboot.c +++ b/src/libimcv/pts/components/ita/ita_comp_tboot.c @@ -43,7 +43,7 @@ struct pts_ita_comp_tboot_t { /** * Sub-component depth */ - u_int32_t depth; + uint32_t depth; /** * PTS measurement database @@ -93,20 +93,20 @@ METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*, return this->name; } -METHOD(pts_component_t, get_evidence_flags, u_int8_t, +METHOD(pts_component_t, get_evidence_flags, uint8_t, pts_ita_comp_tboot_t *this) { return PTS_REQ_FUNC_COMP_EVID_PCR; } -METHOD(pts_component_t, get_depth, u_int32_t, +METHOD(pts_component_t, get_depth, uint32_t, pts_ita_comp_tboot_t *this) { return this->depth; } METHOD(pts_component_t, measure, status_t, - pts_ita_comp_tboot_t *this, u_int8_t qualifier, pts_t *pts, + pts_ita_comp_tboot_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t **evidence) { @@ -117,7 +117,7 @@ METHOD(pts_component_t, measure, status_t, pts_comp_evidence_t *evid; char *meas_hex, *pcr_before_hex, *pcr_after_hex; chunk_t measurement, pcr_before, pcr_after; - u_int32_t extended_pcr; + uint32_t extended_pcr; switch (this->seq_no++) { @@ -183,11 +183,11 @@ METHOD(pts_component_t, measure, status_t, } METHOD(pts_component_t, verify, status_t, - pts_ita_comp_tboot_t *this, u_int8_t qualifier,pts_t *pts, + pts_ita_comp_tboot_t *this, uint8_t qualifier,pts_t *pts, pts_comp_evidence_t *evidence) { bool has_pcr_info; - u_int32_t extended_pcr, vid, name; + uint32_t extended_pcr, vid, name; enum_name_t *names; pts_meas_algorithms_t algo; pts_pcr_transform_t transform; @@ -264,7 +264,7 @@ METHOD(pts_component_t, verify, status_t, } METHOD(pts_component_t, finalize, bool, - pts_ita_comp_tboot_t *this, u_int8_t qualifier, bio_writer_t *result) + pts_ita_comp_tboot_t *this, uint8_t qualifier, bio_writer_t *result) { char result_buf[BUF_LEN]; @@ -304,7 +304,7 @@ METHOD(pts_component_t, destroy, void, pts_ita_comp_tboot_t *this) { int count; - u_int32_t vid, name; + uint32_t vid, name; enum_name_t *names; if (ref_put(&this->ref)) @@ -328,7 +328,7 @@ METHOD(pts_component_t, destroy, void, /** * See header */ -pts_component_t *pts_ita_comp_tboot_create(u_int32_t depth, +pts_component_t *pts_ita_comp_tboot_create(uint32_t depth, pts_database_t *pts_db) { pts_ita_comp_tboot_t *this; diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.h b/src/libimcv/pts/components/ita/ita_comp_tboot.h index 1e1a14831..0459500cc 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tboot.h +++ b/src/libimcv/pts/components/ita/ita_comp_tboot.h @@ -29,7 +29,7 @@ * @param depth Sub-component depth * @param pts_db PTS measurement database */ -pts_component_t* pts_ita_comp_tboot_create(u_int32_t depth, +pts_component_t* pts_ita_comp_tboot_create(uint32_t depth, pts_database_t *pts_db); #endif /** PTS_ITA_COMP_TBOOT_H_ @}*/ diff --git a/src/libimcv/pts/components/ita/ita_comp_tgrub.c b/src/libimcv/pts/components/ita/ita_comp_tgrub.c index e9555726a..a5a1a9b96 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tgrub.c +++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.c @@ -42,7 +42,7 @@ struct pts_ita_comp_tgrub_t { /** * Sub-component depth */ - u_int32_t depth; + uint32_t depth; /** * PTS measurement database @@ -62,27 +62,27 @@ METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*, return this->name; } -METHOD(pts_component_t, get_evidence_flags, u_int8_t, +METHOD(pts_component_t, get_evidence_flags, uint8_t, pts_ita_comp_tgrub_t *this) { return PTS_REQ_FUNC_COMP_EVID_PCR; } -METHOD(pts_component_t, get_depth, u_int32_t, +METHOD(pts_component_t, get_depth, uint32_t, pts_ita_comp_tgrub_t *this) { return this->depth; } METHOD(pts_component_t, measure, status_t, - pts_ita_comp_tgrub_t *this, u_int8_t qualifier, pts_t *pts, + pts_ita_comp_tgrub_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t **evidence) { size_t pcr_len; pts_pcr_transform_t pcr_transform; pts_meas_algorithms_t hash_algo; pts_comp_evidence_t *evid; - u_int32_t extended_pcr; + uint32_t extended_pcr; time_t measurement_time; chunk_t measurement, pcr_before, pcr_after; @@ -90,7 +90,7 @@ METHOD(pts_component_t, measure, status_t, extended_pcr = PCR_DEBUG; time(&measurement_time); - if (!pts->read_pcr(pts, extended_pcr, &pcr_after)) + if (!pts->read_pcr(pts, extended_pcr, &pcr_after, HASH_SHA1)) { DBG1(DBG_PTS, "error occurred while reading PCR: %d", extended_pcr); return FAILED; @@ -116,11 +116,11 @@ METHOD(pts_component_t, measure, status_t, } METHOD(pts_component_t, verify, status_t, - pts_ita_comp_tgrub_t *this, u_int8_t qualifier, pts_t *pts, + pts_ita_comp_tgrub_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t *evidence) { bool has_pcr_info; - u_int32_t extended_pcr; + uint32_t extended_pcr; pts_meas_algorithms_t algo; pts_pcr_transform_t transform; pts_pcr_t *pcrs; @@ -155,7 +155,7 @@ METHOD(pts_component_t, verify, status_t, } METHOD(pts_component_t, finalize, bool, - pts_ita_comp_tgrub_t *this, u_int8_t qualifier, bio_writer_t *result) + pts_ita_comp_tgrub_t *this, uint8_t qualifier, bio_writer_t *result) { return FALSE; } @@ -180,7 +180,7 @@ METHOD(pts_component_t, destroy, void, /** * See header */ -pts_component_t *pts_ita_comp_tgrub_create(u_int32_t depth, +pts_component_t *pts_ita_comp_tgrub_create(uint32_t depth, pts_database_t *pts_db) { pts_ita_comp_tgrub_t *this; diff --git a/src/libimcv/pts/components/ita/ita_comp_tgrub.h b/src/libimcv/pts/components/ita/ita_comp_tgrub.h index 59913c82d..7c856ebb9 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tgrub.h +++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.h @@ -29,7 +29,7 @@ * @param depth Sub-component depth * @param pts_db PTS measurement database */ -pts_component_t* pts_ita_comp_tgrub_create(u_int32_t depth, +pts_component_t* pts_ita_comp_tgrub_create(uint32_t depth, pts_database_t *pts_db); #endif /** PTS_ITA_COMP_TGRUB_H_ @}*/ diff --git a/src/libimcv/pts/components/pts_comp_evidence.c b/src/libimcv/pts/components/pts_comp_evidence.c index 08c3d5e9a..f039deb7a 100644 --- a/src/libimcv/pts/components/pts_comp_evidence.c +++ b/src/libimcv/pts/components/pts_comp_evidence.c @@ -37,7 +37,7 @@ struct private_pts_comp_evidence_t { /** * Sub-Component Depth */ - u_int32_t depth; + uint32_t depth; /** * Measurement Time @@ -62,7 +62,7 @@ struct private_pts_comp_evidence_t { /** * PCR the measurement was extended into */ - u_int32_t extended_pcr; + uint32_t extended_pcr; /** * PCR value before extension @@ -92,7 +92,7 @@ struct private_pts_comp_evidence_t { }; METHOD(pts_comp_evidence_t, get_comp_func_name, pts_comp_func_name_t*, - private_pts_comp_evidence_t *this, u_int32_t *depth) + private_pts_comp_evidence_t *this, uint32_t *depth) { if (depth) { @@ -101,14 +101,14 @@ METHOD(pts_comp_evidence_t, get_comp_func_name, pts_comp_func_name_t*, return this->name; } -METHOD(pts_comp_evidence_t, get_extended_pcr, u_int32_t, +METHOD(pts_comp_evidence_t, get_extended_pcr, uint32_t, private_pts_comp_evidence_t *this) { return this->extended_pcr; } METHOD(pts_comp_evidence_t, get_measurement, chunk_t, - private_pts_comp_evidence_t *this, u_int32_t *extended_pcr, + private_pts_comp_evidence_t *this, uint32_t *extended_pcr, pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform, time_t *measurement_time) { @@ -193,8 +193,8 @@ METHOD(pts_comp_evidence_t, destroy, void, * See header */ pts_comp_evidence_t *pts_comp_evidence_create(pts_comp_func_name_t *name, - u_int32_t depth, - u_int32_t extended_pcr, + uint32_t depth, + uint32_t extended_pcr, pts_meas_algorithms_t algo, pts_pcr_transform_t transform, time_t measurement_time, diff --git a/src/libimcv/pts/components/pts_comp_evidence.h b/src/libimcv/pts/components/pts_comp_evidence.h index 55776ce8b..6178c2abd 100644 --- a/src/libimcv/pts/components/pts_comp_evidence.h +++ b/src/libimcv/pts/components/pts_comp_evidence.h @@ -70,14 +70,14 @@ struct pts_comp_evidence_t { * @result Component Functional Name */ pts_comp_func_name_t* (*get_comp_func_name)(pts_comp_evidence_t *this, - u_int32_t *depth); + uint32_t *depth); /** * Gets the PCR the measurement was extended into * * @result PCR the measurement was extended into */ - u_int32_t (*get_extended_pcr)(pts_comp_evidence_t *this); + uint32_t (*get_extended_pcr)(pts_comp_evidence_t *this); /** * Gets the measurement and the algorithms used @@ -89,7 +89,7 @@ struct pts_comp_evidence_t { * @result Measurement hash value */ chunk_t (*get_measurement)(pts_comp_evidence_t *this, - u_int32_t *extended_pcr, + uint32_t *extended_pcr, pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform, time_t *measurement_time); @@ -150,8 +150,8 @@ struct pts_comp_evidence_t { * @param measurement Measurement hash value */ pts_comp_evidence_t* pts_comp_evidence_create(pts_comp_func_name_t *name, - u_int32_t depth, - u_int32_t extended_pcr, + uint32_t depth, + uint32_t extended_pcr, pts_meas_algorithms_t algo, pts_pcr_transform_t transform, time_t measurement_time, diff --git a/src/libimcv/pts/components/pts_comp_func_name.c b/src/libimcv/pts/components/pts_comp_func_name.c index e12522ed1..00494e1ad 100644 --- a/src/libimcv/pts/components/pts_comp_func_name.c +++ b/src/libimcv/pts/components/pts_comp_func_name.c @@ -35,40 +35,40 @@ struct private_pts_comp_func_name_t { /** * PTS Component Functional Name Vendor ID */ - u_int32_t vid; + uint32_t vid; /** * PTS Component Functional Name */ - u_int32_t name; + uint32_t name; /** * PTS Component Functional Name Qualifier */ - u_int8_t qualifier; + uint8_t qualifier; }; -METHOD(pts_comp_func_name_t, get_vendor_id, u_int32_t, +METHOD(pts_comp_func_name_t, get_vendor_id, uint32_t, private_pts_comp_func_name_t *this) { return this->vid; } -METHOD(pts_comp_func_name_t, get_name, u_int32_t, +METHOD(pts_comp_func_name_t, get_name, uint32_t, private_pts_comp_func_name_t *this) { return this->name; } -METHOD(pts_comp_func_name_t, get_qualifier, u_int8_t, +METHOD(pts_comp_func_name_t, get_qualifier, uint8_t, private_pts_comp_func_name_t *this) { return this->qualifier; } METHOD(pts_comp_func_name_t, set_qualifier, void, - private_pts_comp_func_name_t *this, u_int8_t qualifier) + private_pts_comp_func_name_t *this, uint8_t qualifier) { this->qualifier = qualifier; } @@ -117,12 +117,12 @@ METHOD(pts_comp_func_name_t, log_, void, if (names && types) { - DBG2(DBG_PTS, "%s%N functional component '%N' [%s] '%N'", + DBG3(DBG_PTS, "%s%N functional component '%N' [%s] '%N'", label, pen_names, this->vid, names, this->name, flags, types, type); } else { - DBG2(DBG_PTS, "%s0x%06x functional component 0x%08x 0x%02x", + DBG3(DBG_PTS, "%s0x%06x functional component 0x%08x 0x%02x", label, this->vid, this->name, this->qualifier); } } @@ -136,8 +136,8 @@ METHOD(pts_comp_func_name_t, destroy, void, /** * See header */ -pts_comp_func_name_t* pts_comp_func_name_create(u_int32_t vid, u_int32_t name, - u_int8_t qualifier) +pts_comp_func_name_t* pts_comp_func_name_create(uint32_t vid, uint32_t name, + uint8_t qualifier) { private_pts_comp_func_name_t *this; diff --git a/src/libimcv/pts/components/pts_comp_func_name.h b/src/libimcv/pts/components/pts_comp_func_name.h index 90ad7083f..cb069c404 100644 --- a/src/libimcv/pts/components/pts_comp_func_name.h +++ b/src/libimcv/pts/components/pts_comp_func_name.h @@ -38,28 +38,28 @@ struct pts_comp_func_name_t { * * @return PTS Component Functional Name Vendor ID */ - u_int32_t (*get_vendor_id)(pts_comp_func_name_t *this); + uint32_t (*get_vendor_id)(pts_comp_func_name_t *this); /** * Get the PTS Component Functional Name * * @return PTS Component Functional Name */ - u_int32_t (*get_name)(pts_comp_func_name_t *this); + uint32_t (*get_name)(pts_comp_func_name_t *this); /** * Get the PTS Component Functional Name Qualifier * * @return PTS Component Functional Name Qualifier */ - u_int8_t (*get_qualifier)(pts_comp_func_name_t *this); + uint8_t (*get_qualifier)(pts_comp_func_name_t *this); /** * Set the PTS Component Functional Name Qualifier * * @param qualifier PTS Component Functional Name Qualifier to be set */ - void (*set_qualifier)(pts_comp_func_name_t *this, u_int8_t qualifier); + void (*set_qualifier)(pts_comp_func_name_t *this, uint8_t qualifier); /** * Check to PTS Component Functional Names for equality @@ -97,7 +97,7 @@ struct pts_comp_func_name_t { * @param name PTS Component Functional Name * @param qualifier PTS Component Functional Name Qualifier */ -pts_comp_func_name_t* pts_comp_func_name_create(u_int32_t vid, u_int32_t name, - u_int8_t qualifier); +pts_comp_func_name_t* pts_comp_func_name_create(uint32_t vid, uint32_t name, + uint8_t qualifier); #endif /** PTS_FUNC_COMP_NAME_H_ @}*/ diff --git a/src/libimcv/pts/components/pts_component.h b/src/libimcv/pts/components/pts_component.h index 71b1ad59c..1ca4458bf 100644 --- a/src/libimcv/pts/components/pts_component.h +++ b/src/libimcv/pts/components/pts_component.h @@ -49,14 +49,14 @@ struct pts_component_t { * * @return PTS Component Functional Name */ - u_int8_t (*get_evidence_flags)(pts_component_t *this); + uint8_t (*get_evidence_flags)(pts_component_t *this); /** * Get the PTS Sub-component Depth * * @return PTS Sub-component Depth */ - u_int32_t (*get_depth)(pts_component_t *this); + uint32_t (*get_depth)(pts_component_t *this); /** * Do evidence measurements on the PTS Functional Component @@ -67,7 +67,7 @@ struct pts_component_t { * @param measurements additional file measurements (NULL if not present) * @return status return code */ - status_t (*measure)(pts_component_t *this, u_int8_t qualifier, pts_t *pts, + status_t (*measure)(pts_component_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t** evidence); /** @@ -78,7 +78,7 @@ struct pts_component_t { * @param evidence component evidence measurement to be verified * @return status return code */ - status_t (*verify)(pts_component_t *this, u_int8_t qualifier, pts_t *pts, + status_t (*verify)(pts_component_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t *evidence); /** @@ -89,7 +89,7 @@ struct pts_component_t { * @param result writer appending concise measurement result * @return TRUE if finalization successful */ - bool (*finalize)(pts_component_t *this, u_int8_t qualifier, + bool (*finalize)(pts_component_t *this, uint8_t qualifier, bio_writer_t *result); /** diff --git a/src/libimcv/pts/components/pts_component_manager.c b/src/libimcv/pts/components/pts_component_manager.c index 9c1375b79..4f0004fe8 100644 --- a/src/libimcv/pts/components/pts_component_manager.c +++ b/src/libimcv/pts/components/pts_component_manager.c @@ -77,7 +77,7 @@ struct component_entry_t { /** * Vendor-Specific Component Functional Name */ - u_int32_t name; + uint32_t name; /** * Functional Component creation method @@ -165,7 +165,7 @@ METHOD(pts_component_manager_t, get_qualifier_type_names, enum_name_t*, } METHOD(pts_component_manager_t, add_component, void, - private_pts_component_manager_t *this, pen_t vendor_id, u_int32_t name, + private_pts_component_manager_t *this, pen_t vendor_id, uint32_t name, pts_component_create_t create) { enumerator_t *enumerator; @@ -210,13 +210,13 @@ METHOD(pts_component_manager_t, remove_vendor, void, enumerator->destroy(enumerator); } -METHOD(pts_component_manager_t, get_qualifier, u_int8_t, +METHOD(pts_component_manager_t, get_qualifier, uint8_t, private_pts_component_manager_t *this, pts_comp_func_name_t *name, char *flags) { enumerator_t *enumerator; vendor_entry_t *entry; - u_int8_t qualifier, size, flag, type = 0; + uint8_t qualifier, size, flag, type = 0; int i; enumerator = this->list->create_enumerator(this->list); @@ -252,7 +252,7 @@ METHOD(pts_component_manager_t, get_qualifier, u_int8_t, METHOD(pts_component_manager_t, create, pts_component_t*, private_pts_component_manager_t *this, - pts_comp_func_name_t *name, u_int32_t depth, pts_database_t *pts_db) + pts_comp_func_name_t *name, uint32_t depth, pts_database_t *pts_db) { enumerator_t *enumerator, *e2; vendor_entry_t *entry; diff --git a/src/libimcv/pts/components/pts_component_manager.h b/src/libimcv/pts/components/pts_component_manager.h index 00f8765ca..bd1974b92 100644 --- a/src/libimcv/pts/components/pts_component_manager.h +++ b/src/libimcv/pts/components/pts_component_manager.h @@ -30,7 +30,7 @@ typedef struct pts_component_manager_t pts_component_manager_t; #include <library.h> #include <pen/pen.h> -typedef pts_component_t* (*pts_component_create_t)(u_int32_t depth, +typedef pts_component_t* (*pts_component_create_t)(uint32_t depth, pts_database_t *pts_db); /** @@ -61,7 +61,7 @@ struct pts_component_manager_t { * @param create Functional Component creation method */ void (*add_component)(pts_component_manager_t *this, pen_t vendor_id, - u_int32_t name, pts_component_create_t create); + uint32_t name, pts_component_create_t create); /** * Remove vendor-specific components and associated namespace @@ -95,7 +95,7 @@ struct pts_component_manager_t { * @param flags Qualifier Flags as a string in a char buffer * @return Qualifier Type */ - u_int8_t (*get_qualifier)(pts_component_manager_t *this, + uint8_t (*get_qualifier)(pts_component_manager_t *this, pts_comp_func_name_t *name, char *flags); /** @@ -107,7 +107,7 @@ struct pts_component_manager_t { * @return Component object if supported, NULL else */ pts_component_t* (*create)(pts_component_manager_t *this, - pts_comp_func_name_t *name, u_int32_t depth, + pts_comp_func_name_t *name, uint32_t depth, pts_database_t *pts_db); /** diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c index 1ca72098e..2ba949e40 100644 --- a/src/libimcv/pts/pts.c +++ b/src/libimcv/pts/pts.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2012-2014 Andreas Steffen + * Copyright (C) 2012-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,21 +21,8 @@ #include <bio/bio_writer.h> #include <bio/bio_reader.h> -#ifdef TSS_TROUSERS -#ifdef _BASETSD_H_ -/* MinGW defines _BASETSD_H_, but TSS checks for _BASETSD_H */ -# define _BASETSD_H -#endif -#include <trousers/tss.h> -#include <trousers/trousers.h> -#else -#ifndef TPM_TAG_QUOTE_INFO2 -#define TPM_TAG_QUOTE_INFO2 0x0036 -#endif -#ifndef TPM_LOC_ZERO -#define TPM_LOC_ZERO 0x01 -#endif -#endif +#include <tpm_tss.h> +#include <tpm_tss_trousers.h> #include <sys/types.h> #include <sys/stat.h> @@ -43,6 +30,13 @@ #include <unistd.h> #include <errno.h> +#ifndef TPM_TAG_QUOTE_INFO2 +#define TPM_TAG_QUOTE_INFO2 0x0036 +#endif +#ifndef TPM_LOC_ZERO +#define TPM_LOC_ZERO 0x01 +#endif + typedef struct private_pts_t private_pts_t; /** @@ -102,9 +96,9 @@ struct private_pts_t { bool is_imc; /** - * Do we have an activated TPM + * Active TPM */ - bool has_tpm; + tpm_tss_t *tpm; /** * Contains a TPM_CAP_VERSION_INFO struct @@ -112,14 +106,14 @@ struct private_pts_t { chunk_t tpm_version_info; /** - * Contains TSS Blob structure for AIK + * AIK object handle */ - chunk_t aik_blob; + uint32_t aik_handle; /** - * Contains a Attestation Identity Key or Certificate + * Contains an Attestation Identity Key Certificate */ - certificate_t *aik; + certificate_t *aik_cert; /** * Primary key referening AIK in database @@ -191,7 +185,6 @@ METHOD(pts_t, set_dh_hash_algorithm, void, } } - METHOD(pts_t, create_dh_nonce, bool, private_pts_t *this, pts_dh_group_t group, int nonce_len) { @@ -306,41 +299,6 @@ METHOD(pts_t, calculate_secret, bool, return TRUE; } -#ifdef TSS_TROUSERS - -/** - * Print TPM 1.2 Version Info - */ -static void print_tpm_version_info(private_pts_t *this) -{ - TPM_CAP_VERSION_INFO *info; - - info = (TPM_CAP_VERSION_INFO*)this->tpm_version_info.ptr; - - if (this->tpm_version_info.len >= - sizeof(*info) - sizeof(info->vendorSpecific)) - { - DBG2(DBG_PTS, "TPM Version Info: Chip Version: %u.%u.%u.%u, " - "Spec Level: %u, Errata Rev: %u, Vendor ID: %.4s", - info->version.major, info->version.minor, - info->version.revMajor, info->version.revMinor, - untoh16(&info->specLevel), info->errataRev, info->tpmVendorID); - } - else - { - DBG1(DBG_PTS, "could not parse tpm version info"); - } -} - -#else - -static void print_tpm_version_info(private_pts_t *this) -{ - DBG1(DBG_PTS, "unknown TPM version: no TSS implementation available"); -} - -#endif /* TSS_TROUSERS */ - METHOD(pts_t, get_platform_id, int, private_pts_t *this) { @@ -356,104 +314,135 @@ METHOD(pts_t, set_platform_id, void, METHOD(pts_t, get_tpm_version_info, bool, private_pts_t *this, chunk_t *info) { - if (!this->has_tpm) - { - return FALSE; - } - *info = this->tpm_version_info; - print_tpm_version_info(this); - return TRUE; + *info = this->tpm ? this->tpm->get_version_info(this->tpm) : + this->tpm_version_info; + return info->len > 0; } METHOD(pts_t, set_tpm_version_info, void, private_pts_t *this, chunk_t info) { this->tpm_version_info = chunk_clone(info); - print_tpm_version_info(this); -} - -/** - * Load an AIK Blob (TSS_TSPATTRIB_KEYBLOB_BLOB attribute) - */ -static void load_aik_blob(private_pts_t *this) -{ - char *path; - chunk_t *map; - - path = lib->settings->get_str(lib->settings, - "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns); - if (path) - { - map = chunk_map(path, FALSE); - if (map) - { - DBG2(DBG_PTS, "loaded AIK Blob from '%s'", path); - DBG3(DBG_PTS, "AIK Blob: %B", map); - this->aik_blob = chunk_clone(*map); - chunk_unmap(map); - } - else - { - DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s", - path, strerror(errno)); - } - } - else - { - DBG1(DBG_PTS, "AIK Blob is not available"); - } + /* print_tpm_version_info(this); */ } /** - * Load an AIK certificate or public key + * Load an AIK handle and an optional AIK certificate and + * in the case of a TPM 1.2 an AIK private key blob plus matching public key, * the certificate having precedence over the public key if both are present */ static void load_aik(private_pts_t *this) { - char *cert_path, *key_path; + char *handle_str, *cert_path, *key_path, *blob_path; + chunk_t aik_pubkey = chunk_empty; + handle_str = lib->settings->get_str(lib->settings, + "%s.plugins.imc-attestation.aik_handle", NULL, lib->ns); cert_path = lib->settings->get_str(lib->settings, "%s.plugins.imc-attestation.aik_cert", NULL, lib->ns); key_path = lib->settings->get_str(lib->settings, "%s.plugins.imc-attestation.aik_pubkey", NULL, lib->ns); + blob_path = lib->settings->get_str(lib->settings, + "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns); + if (handle_str) + { + this->aik_handle = strtoll(handle_str, NULL, 16); + } if (cert_path) { - this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, + this->aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, cert_path, BUILD_END); - if (this->aik) + if (this->aik_cert) { DBG2(DBG_PTS, "loaded AIK certificate from '%s'", cert_path); - return; } } - if (key_path) + + if (this->tpm->get_version(this->tpm) == TPM_VERSION_1_2) { - this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, - CERT_TRUSTED_PUBKEY, BUILD_FROM_FILE, - key_path, BUILD_END); - if (this->aik) + tpm_tss_trousers_t *tpm_12; + chunk_t aik_blob = chunk_empty; + chunk_t *map; + + /* get AIK private key blob */ + if (blob_path) { - DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path); - return; + map = chunk_map(blob_path, FALSE); + if (map) + { + DBG2(DBG_PTS, "loaded AIK Blob from '%s'", blob_path); + DBG3(DBG_PTS, "AIK Blob: %B", map); + aik_blob = chunk_clone(*map); + chunk_unmap(map); + } + else + { + DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s", + blob_path, strerror(errno)); + } } + else + { + DBG1(DBG_PTS, "AIK Blob is not available"); + } + + /* get AIK public key */ + if (key_path) + { + map = chunk_map(key_path, FALSE); + if (map) + { + DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path); + aik_pubkey = chunk_clone(*map); + chunk_unmap(map); + } + else + { + DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s", + key_path, strerror(errno)); + } + } + else + { + DBG1(DBG_PTS, "AIK public key is not available"); + } + + /* Load AIK item into TPM 1.2 object */ + tpm_12 = (tpm_tss_trousers_t *)this->tpm; + tpm_12->load_aik(tpm_12, aik_blob, aik_pubkey, this->aik_handle); } - DBG1(DBG_PTS, "neither AIK certificate nor public key is available"); + /* if no signed X.509 AIK certificate is available use public key instead */ + if (!this->aik_cert) + { + aik_pubkey = this->tpm->get_public(this->tpm, this->aik_handle); + if (aik_pubkey.len > 0) + { + this->aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_TRUSTED_PUBKEY, BUILD_BLOB, + aik_pubkey, BUILD_END); + chunk_free(&aik_pubkey); + } + else + { + DBG1(DBG_PTS, "neither AIK certificate nor public key is available"); + } + } } METHOD(pts_t, get_aik, certificate_t*, private_pts_t *this) { - return this->aik; + return this->aik_cert; } METHOD(pts_t, set_aik, void, private_pts_t *this, certificate_t *aik, int aik_id) { - DESTROY_IF(this->aik); - this->aik = aik->get_ref(aik); + DESTROY_IF(this->aik_cert); + this->aik_cert = aik->get_ref(aik); this->aik_id = aik_id; } @@ -611,312 +600,64 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*, return metadata; } - -#ifdef TSS_TROUSERS - METHOD(pts_t, read_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value) + private_pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg) { - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_RESULT result; - BYTE *buf; - UINT32 len; - - bool success = FALSE; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", result); - return FALSE; - } - - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_TPM_PcrRead(hTPM, pcr_num, &len, &buf); - if (result != TSS_SUCCESS) - { - goto err; - } - *pcr_value = chunk_clone(chunk_create(buf, len)); - DBG3(DBG_PTS, "PCR %d value:%B", pcr_num, pcr_value); - success = TRUE; - -err: - if (!success) - { - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - } - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - - return success; + return this->tpm ? this->tpm->read_pcr(this->tpm, pcr_num, pcr_value, alg) + : FALSE; } METHOD(pts_t, extend_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output) + private_pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, chunk_t data, + hash_algorithm_t alg) { - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_RESULT result; - u_int32_t pcr_length; - chunk_t pcr_value = chunk_empty; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) + if (!this->tpm->extend_pcr(this->tpm, pcr_num, pcr_value, data, alg)) { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", - result); return FALSE; } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err; - } - - pcr_value = chunk_alloc(PTS_PCR_LEN); - result = Tspi_TPM_PcrExtend(hTPM, pcr_num, PTS_PCR_LEN, input.ptr, - NULL, &pcr_length, &pcr_value.ptr); - if (result != TSS_SUCCESS) - { - goto err; - } - - *output = pcr_value; - *output = chunk_clone(*output); - - DBG3(DBG_PTS, "PCR %d extended with: %B", pcr_num, &input); - DBG3(DBG_PTS, "PCR %d value after extend: %B", pcr_num, output); - - chunk_clear(&pcr_value); - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); + DBG3(DBG_PTS, "PCR %d extended with: %#B", pcr_num, &data); + DBG3(DBG_PTS, "PCR %d after extension: %#B", pcr_num, pcr_value); return TRUE; - -err: - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - - chunk_clear(&pcr_value); - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - - return FALSE; } -METHOD(pts_t, quote_tpm, bool, - private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig) +METHOD(pts_t, quote, bool, + private_pts_t *this, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig) { - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_HKEY hAIK; - TSS_HKEY hSRK; - TSS_HPOLICY srkUsagePolicy; - TSS_UUID SRK_UUID = TSS_UUID_SRK; - BYTE secret[] = TSS_WELL_KNOWN_SECRET; - TSS_HPCRS hPcrComposite; - TSS_VALIDATION valData; - TSS_RESULT result; - chunk_t quote_info; - BYTE* versionInfo; - u_int32_t versionInfoSize, pcr; + chunk_t pcr_value, pcr_computed; + uint32_t pcr, pcr_sel = 0; enumerator_t *enumerator; - bool success = FALSE; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", - result); - return FALSE; - } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err1; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err1; - } - - /* Retrieve SRK from TPM and set the authentication to well known secret*/ - result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, - SRK_UUID, &hSRK); - if (result != TSS_SUCCESS) - { - goto err1; - } - - result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); - if (result != TSS_SUCCESS) - { - goto err1; - } - result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, - 20, secret); - if (result != TSS_SUCCESS) - { - goto err1; - } - result = Tspi_Context_LoadKeyByBlob (hContext, hSRK, this->aik_blob.len, - this->aik_blob.ptr, &hAIK); - if (result != TSS_SUCCESS) - { - goto err1; - } - - /* Create PCR composite object */ - result = use_quote2 ? - Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, - TSS_PCRS_STRUCT_INFO_SHORT, &hPcrComposite) : - Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, - TSS_PCRS_STRUCT_DEFAULT, &hPcrComposite); - if (result != TSS_SUCCESS) - { - goto err2; - } - - /* Select PCRs */ + /* select PCRs */ + DBG2(DBG_PTS, "PCR values hashed into PCR Composite:"); enumerator = this->pcrs->create_enumerator(this->pcrs); while (enumerator->enumerate(enumerator, &pcr)) { - result = use_quote2 ? - Tspi_PcrComposite_SelectPcrIndexEx(hPcrComposite, pcr, - TSS_PCRS_DIRECTION_RELEASE) : - Tspi_PcrComposite_SelectPcrIndex(hPcrComposite, pcr); - if (result != TSS_SUCCESS) + if (this->tpm->read_pcr(this->tpm, pcr, &pcr_value, HASH_SHA1)) { - break; - } - } - enumerator->destroy(enumerator); + pcr_computed = this->pcrs->get(this->pcrs, pcr); + DBG2(DBG_PTS, "PCR %2d %#B %s", pcr, &pcr_value, + chunk_equals(pcr_value, pcr_computed) ? "ok" : "differs"); + chunk_free(&pcr_value); + }; - if (result != TSS_SUCCESS) - { - goto err3; + /* add PCR to selection list */ + pcr_sel |= (1 << pcr); } - - /* Set the Validation Data */ - valData.ulExternalDataLength = this->secret.len; - valData.rgbExternalData = (BYTE *)this->secret.ptr; - + enumerator->destroy(enumerator); /* TPM Quote */ - result = use_quote2 ? - Tspi_TPM_Quote2(hTPM, hAIK, FALSE, hPcrComposite, &valData, - &versionInfoSize, &versionInfo): - Tspi_TPM_Quote(hTPM, hAIK, hPcrComposite, &valData); - if (result != TSS_SUCCESS) - { - goto err4; - } - - /* Set output chunks */ - *pcr_comp = chunk_alloc(HASH_SIZE_SHA1); - - if (use_quote2) - { - /* TPM_Composite_Hash is last 20 bytes of TPM_Quote_Info2 structure */ - memcpy(pcr_comp->ptr, valData.rgbData + valData.ulDataLength - HASH_SIZE_SHA1, - HASH_SIZE_SHA1); - } - else - { - /* TPM_Composite_Hash is 8-28th bytes of TPM_Quote_Info structure */ - memcpy(pcr_comp->ptr, valData.rgbData + 8, HASH_SIZE_SHA1); - } - DBG3(DBG_PTS, "Hash of PCR Composite: %#B", pcr_comp); - - quote_info = chunk_create(valData.rgbData, valData.ulDataLength); - DBG3(DBG_PTS, "TPM Quote Info: %B","e_info); - - *quote_sig = chunk_clone(chunk_create(valData.rgbValidationData, - valData.ulValidationDataLength)); - DBG3(DBG_PTS, "TPM Quote Signature: %B",quote_sig); - - success = TRUE; - - /* Cleanup */ -err4: - Tspi_Context_FreeMemory(hContext, NULL); - -err3: - Tspi_Context_CloseObject(hContext, hPcrComposite); - -err2: - Tspi_Context_CloseObject(hContext, hAIK); - -err1: - Tspi_Context_Close(hContext); - if (!success) - { - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - } - return success; -} - -#else /* TSS_TROUSERS */ - -METHOD(pts_t, read_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value) -{ - return FALSE; -} - -METHOD(pts_t, extend_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output) -{ - return FALSE; -} - -METHOD(pts_t, quote_tpm, bool, - private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig) -{ - return FALSE; + return this->tpm->quote(this->tpm, this->aik_handle, pcr_sel, HASH_SHA1, + this->secret, quote_mode, quote_info, quote_sig); } -#endif /* TSS_TROUSERS */ - -/** - * TPM_QUOTE_INFO structure: - * 4 bytes of version - * 4 bytes 'Q' 'U' 'O' 'T' - * 20 byte SHA1 of TCPA_PCR_COMPOSITE - * 20 byte nonce - * - * TPM_QUOTE_INFO2 structure: - * 2 bytes Tag 0x0036 TPM_Tag_Quote_info2 - * 4 bytes 'Q' 'U' 'T' '2' - * 20 bytes nonce - * 26 bytes PCR_INFO_SHORT - */ - -METHOD(pts_t, get_quote_info, bool, - private_pts_t *this, bool use_quote2, bool use_ver_info, - pts_meas_algorithms_t comp_hash_algo, - chunk_t *out_pcr_comp, chunk_t *out_quote_info) +METHOD(pts_t, get_quote, bool, + private_pts_t *this, tpm_tss_quote_info_t *quote_info, chunk_t *quoted) { - chunk_t selection, pcr_comp, hash_pcr_comp; - bio_writer_t *writer; - hasher_t *hasher; + tpm_tss_pcr_composite_t *pcr_composite; + bool success; if (!this->pcrs->get_count(this->pcrs)) { @@ -930,128 +671,93 @@ METHOD(pts_t, get_quote_info, bool, "unable to construct TPM Quote Info"); return FALSE; } - if (use_quote2 && use_ver_info && !this->tpm_version_info.ptr) - { - DBG1(DBG_PTS, "TPM Version Information unavailable, ", - "unable to construct TPM Quote Info2"); - return FALSE; - } - - pcr_comp = this->pcrs->get_composite(this->pcrs); - - - /* Output the TPM_PCR_COMPOSITE expected from IMC */ - if (comp_hash_algo) + if (quote_info->get_quote_mode(quote_info) == TPM_QUOTE2_VERSION_INFO) { - hash_algorithm_t algo; - - algo = pts_meas_algo_to_hash(comp_hash_algo); - hasher = lib->crypto->create_hasher(lib->crypto, algo); - - /* Hash the PCR Composite Structure */ - if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp)) + if (!this->tpm_version_info.ptr) { - DESTROY_IF(hasher); - free(pcr_comp.ptr); + DBG1(DBG_PTS, "TPM Version Information unavailable, ", + "unable to construct TPM Quote Info2"); return FALSE; } - DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp); - hasher->destroy(hasher); + quote_info->set_version_info(quote_info, this->tpm_version_info); } - else - { - *out_pcr_comp = chunk_clone(pcr_comp); - } - - /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */ - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp)) - { - DESTROY_IF(hasher); - chunk_free(out_pcr_comp); - free(pcr_comp.ptr); - return FALSE; - } - hasher->destroy(hasher); - - /* Construct TPM_QUOTE_INFO/TPM_QUOTE_INFO2 structure */ - writer = bio_writer_create(TPM_QUOTE_INFO_LEN); - - if (use_quote2) - { - /* TPM Structure Tag */ - writer->write_uint16(writer, TPM_TAG_QUOTE_INFO2); - - /* Magic QUT2 value */ - writer->write_data(writer, chunk_create("QUT2", 4)); - - /* Secret assessment value 20 bytes (nonce) */ - writer->write_data(writer, this->secret); - - /* PCR selection */ - selection.ptr = pcr_comp.ptr; - selection.len = 2 + this->pcrs->get_selection_size(this->pcrs); - writer->write_data(writer, selection); - - /* TPM Locality Selection */ - writer->write_uint8(writer, TPM_LOC_ZERO); - - /* PCR Composite Hash */ - writer->write_data(writer, hash_pcr_comp); - - if (use_ver_info) - { - /* TPM version Info */ - writer->write_data(writer, this->tpm_version_info); - } - } - else - { - /* Version number */ - writer->write_data(writer, chunk_from_chars(1, 1, 0, 0)); - - /* Magic QUOT value */ - writer->write_data(writer, chunk_create("QUOT", 4)); - - /* PCR Composite Hash */ - writer->write_data(writer, hash_pcr_comp); - - /* Secret assessment value 20 bytes (nonce) */ - writer->write_data(writer, this->secret); - } - - /* TPM Quote Info */ - *out_quote_info = writer->extract_buf(writer); - DBG3(DBG_PTS, "constructed TPM Quote Info: %B", out_quote_info); + pcr_composite = this->pcrs->get_composite(this->pcrs); - writer->destroy(writer); - free(pcr_comp.ptr); - free(hash_pcr_comp.ptr); + success = quote_info->get_quote(quote_info, this->secret, + pcr_composite, quoted); + chunk_free(&pcr_composite->pcr_select); + chunk_free(&pcr_composite->pcr_composite); + free(pcr_composite); - return TRUE; + return success; } METHOD(pts_t, verify_quote_signature, bool, - private_pts_t *this, chunk_t data, chunk_t signature) + private_pts_t *this, hash_algorithm_t digest_alg, chunk_t digest, + chunk_t signature) { - public_key_t *aik_pub_key; + public_key_t *aik_pubkey; + signature_scheme_t scheme; - aik_pub_key = this->aik->get_public_key(this->aik); - if (!aik_pub_key) + aik_pubkey = this->aik_cert->get_public_key(this->aik_cert); + if (!aik_pubkey) { DBG1(DBG_PTS, "failed to get public key from AIK certificate"); return FALSE; } - if (!aik_pub_key->verify(aik_pub_key, SIGN_RSA_EMSA_PKCS1_SHA1, - data, signature)) + /* Determine signing scheme */ + switch (aik_pubkey->get_type(aik_pubkey)) + { + case KEY_RSA: + switch (digest_alg) + { + case HASH_SHA1: + scheme = SIGN_RSA_EMSA_PKCS1_SHA1; + break; + case HASH_SHA256: + scheme = SIGN_RSA_EMSA_PKCS1_SHA256; + break; + case HASH_SHA384: + scheme = SIGN_RSA_EMSA_PKCS1_SHA384; + break; + case HASH_SHA512: + scheme = SIGN_RSA_EMSA_PKCS1_SHA512; + break; + default: + scheme = SIGN_UNKNOWN; + } + break; + case KEY_ECDSA: + switch (digest_alg) + { + case HASH_SHA256: + scheme = SIGN_ECDSA_256; + break; + case HASH_SHA384: + scheme = SIGN_ECDSA_384; + break; + case HASH_SHA512: + scheme = SIGN_ECDSA_521; + break; + default: + scheme = SIGN_UNKNOWN; + } + break; + default: + DBG1(DBG_PTS, "%N AIK key type not supported", key_type_names, + aik_pubkey->get_type(aik_pubkey)); + return FALSE; + } + + if (!aik_pubkey->verify(aik_pubkey, scheme, digest, signature)) { DBG1(DBG_PTS, "signature verification failed for TPM Quote Info"); - DESTROY_IF(aik_pub_key); + DESTROY_IF(aik_pubkey); return FALSE; } - aik_pub_key->destroy(aik_pub_key); + aik_pubkey->destroy(aik_pubkey); return TRUE; } @@ -1064,78 +770,17 @@ METHOD(pts_t, get_pcrs, pts_pcr_t*, METHOD(pts_t, destroy, void, private_pts_t *this) { + DESTROY_IF(this->tpm); DESTROY_IF(this->pcrs); - DESTROY_IF(this->aik); + DESTROY_IF(this->aik_cert); DESTROY_IF(this->dh); free(this->initiator_nonce.ptr); free(this->responder_nonce.ptr); free(this->secret.ptr); - free(this->aik_blob.ptr); free(this->tpm_version_info.ptr); free(this); } - -#ifdef TSS_TROUSERS - -/** - * Check for a TPM by querying for TPM Version Info - */ -static bool has_tpm(private_pts_t *this) -{ - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_RESULT result; - u_int32_t version_info_len; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", - result); - return FALSE; - } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_TPM_GetCapability(hTPM, TSS_TPMCAP_VERSION_VAL, 0, NULL, - &version_info_len, - &this->tpm_version_info.ptr); - this->tpm_version_info.len = version_info_len; - if (result != TSS_SUCCESS) - { - goto err; - } - this->tpm_version_info = chunk_clone(this->tpm_version_info); - - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - return TRUE; - - err: - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - return FALSE; -} - -#else /* TSS_TROUSERS */ - -static bool has_tpm(private_pts_t *this) -{ - return FALSE; -} - -#endif /* TSS_TROUSERS */ - - /** * See header */ @@ -1174,9 +819,9 @@ pts_t *pts_create(bool is_imc) .get_metadata = _get_metadata, .read_pcr = _read_pcr, .extend_pcr = _extend_pcr, - .quote_tpm = _quote_tpm, + .quote = _quote, .get_pcrs = _get_pcrs, - .get_quote_info = _get_quote_info, + .get_quote = _get_quote, .verify_quote_signature = _verify_quote_signature, .destroy = _destroy, }, @@ -1189,12 +834,11 @@ pts_t *pts_create(bool is_imc) if (is_imc) { - if (has_tpm(this)) + this->tpm = tpm_tss_probe(TPM_VERSION_ANY); + if (this->tpm) { - this->has_tpm = TRUE; this->proto_caps |= PTS_PROTO_CAPS_T | PTS_PROTO_CAPS_D; load_aik(this); - load_aik_blob(this); } } else diff --git a/src/libimcv/pts/pts.h b/src/libimcv/pts/pts.h index d525306dd..f3da659dc 100644 --- a/src/libimcv/pts/pts.h +++ b/src/libimcv/pts/pts.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu - * Copyright (C) 2012-2014 Andreas Steffen + * Copyright (C) 2012-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -32,9 +32,10 @@ typedef struct pts_t pts_t; #include "pts_dh_group.h" #include "pts_pcr.h" #include "pts_req_func_comp_evid.h" -#include "pts_simple_evid_final.h" #include "components/pts_comp_func_name.h" +#include <tpm_tss_quote_info.h> + #include <library.h> #include <collections/linked_list.h> @@ -71,11 +72,6 @@ typedef struct pts_t pts_t; #define ASSESSMENT_SECRET_LEN 20 /** - * Length of the TPM_QUOTE_INFO structure, TPM Spec 1.2 - */ -#define TPM_QUOTE_INFO_LEN 48 - -/** * Hashing algorithm used by tboot and trustedGRUB */ #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1 @@ -236,39 +232,39 @@ struct pts_t { pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_dir); /** - * Reads given PCR value and returns it - * Expects owner secret to be WELL_KNOWN_SECRET + * Retrieve the current value of a PCR register in a given PCR bank * - * @param pcr_num Number of PCR to read - * @param pcr_value Chunk to save pcr read output - * @return NULL in case of TSS error, PCR value otherwise + * @param pcr_num PCR number + * @param pcr_value PCR value returned + * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) + * @return TRUE if PCR value retrieval succeeded */ - bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value); + bool (*read_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg); /** - * Extends given PCR with given value - * Expects owner secret to be WELL_KNOWN_SECRET + * Extend a PCR register in a given PCR bank with a hash value * - * @param pcr_num Number of PCR to extend - * @param input Value to extend - * @param output Chunk to save PCR value after extension - * @return FALSE in case of TSS error, TRUE otherwise + * @param pcr_num PCR number + * @param pcr_value extended PCR value returned + * @param hash data to be extended into the PCR + * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) + * @return TRUE if PCR extension succeeded */ - bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input, - chunk_t *output); + bool (*extend_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, + chunk_t data, hash_algorithm_t alg); /** * Quote over PCR's * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK * - * @param use_quote2 Version of the Quote function to be used - * @param pcr_comp Chunk to save PCR composite structure - * @param quote_sig Chunk to save quote operation output - * without external data (anti-replay protection) - * @return FALSE in case of TSS error, TRUE otherwise + * @param quote_mode type of Quote signature + * @param quote_info returns various info covered by Quote signature + * @param quote_sig returns Quote signature + * @return FALSE in case of Quote error, TRUE otherwise */ - bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp, - chunk_t *quote_sig); + bool (*quote)(pts_t *this, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig); /** * Get the shadow PCR set @@ -277,28 +273,26 @@ struct pts_t { */ pts_pcr_t* (*get_pcrs)(pts_t *this); - /** - * Constructs and returns TPM Quote Info structure expected from IMC + /** + * Computes digest of the constructed TPM Quote Info structure * - * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed - * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2 - * @param comp_hash_algo Composite Hash Algorithm - * @param pcr_comp Output variable to store PCR Composite - * @param quote_info Output variable to store TPM Quote Info + * @param quote_info TPM Quote Info as received from IMC + * @param quoted Encoding of TPM Quote Info * @return FALSE in case of any error, TRUE otherwise */ - bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included, - pts_meas_algorithms_t comp_hash_algo, - chunk_t *pcr_comp, chunk_t *quote_info); + bool (*get_quote)(pts_t *this, tpm_tss_quote_info_t *quote_info, + chunk_t *quoted); /** * Constructs and returns PCR Quote Digest structure expected from IMC * - * @param data Calculated TPM Quote Digest + * @param digest_alg Hash algorithm used for TPM Quote Digest + * @param digest Calculated TPM Quote Digest * @param signature TPM Quote Signature received from IMC * @return FALSE if signature is not verified */ - bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature); + bool (*verify_quote_signature)(pts_t *this, hash_algorithm_t digest_alg, + chunk_t digest, chunk_t signature); /** * Destroys a pts_t object. diff --git a/src/libimcv/pts/pts_file_meas.c b/src/libimcv/pts/pts_file_meas.c index 966d54ba2..6cfb86cb3 100644 --- a/src/libimcv/pts/pts_file_meas.c +++ b/src/libimcv/pts/pts_file_meas.c @@ -39,7 +39,7 @@ struct private_pts_file_meas_t { /** * ID of PTS File Measurement Request */ - u_int16_t request_id; + uint16_t request_id; /** * List of File Measurements @@ -70,7 +70,7 @@ static void free_entry(entry_t *entry) } } -METHOD(pts_file_meas_t, get_request_id, u_int16_t, +METHOD(pts_file_meas_t, get_request_id, uint16_t, private_pts_file_meas_t *this) { return this->request_id; @@ -266,7 +266,7 @@ METHOD(pts_file_meas_t, destroy, void, /** * See header */ -pts_file_meas_t *pts_file_meas_create(u_int16_t request_id) +pts_file_meas_t *pts_file_meas_create(uint16_t request_id) { private_pts_file_meas_t *this; @@ -334,7 +334,7 @@ static bool hash_file(hasher_t *hasher, char *pathname, u_char *hash) /** * See header */ -pts_file_meas_t *pts_file_meas_create_from_path(u_int16_t request_id, +pts_file_meas_t *pts_file_meas_create_from_path(uint16_t request_id, char *pathname, bool is_dir, bool use_rel_name, pts_meas_algorithms_t alg) { diff --git a/src/libimcv/pts/pts_file_meas.h b/src/libimcv/pts/pts_file_meas.h index 4bf28e280..514006925 100644 --- a/src/libimcv/pts/pts_file_meas.h +++ b/src/libimcv/pts/pts_file_meas.h @@ -38,7 +38,7 @@ struct pts_file_meas_t { * * @return ID of PTS File Measurement Request */ - u_int16_t (*get_request_id)(pts_file_meas_t *this); + uint16_t (*get_request_id)(pts_file_meas_t *this); /** * Get the number of measured files @@ -94,7 +94,7 @@ struct pts_file_meas_t { * * @param request_id ID of PTS File Measurement Request */ -pts_file_meas_t* pts_file_meas_create(u_int16_t request_id); +pts_file_meas_t* pts_file_meas_create(uint16_t request_id); /** * Creates a pts_file_meas_t object measuring a file/directory @@ -105,7 +105,7 @@ pts_file_meas_t* pts_file_meas_create(u_int16_t request_id); * @param use_rel_name TRUE if relative filenames are to be used * @param alg PTS hash measurement algorithm to be used */ -pts_file_meas_t* pts_file_meas_create_from_path(u_int16_t request_id, +pts_file_meas_t* pts_file_meas_create_from_path(uint16_t request_id, char* pathname, bool is_dir, bool use_rel_name, pts_meas_algorithms_t alg); diff --git a/src/libimcv/pts/pts_file_meta.h b/src/libimcv/pts/pts_file_meta.h index 3f1813306..b02b142db 100644 --- a/src/libimcv/pts/pts_file_meta.h +++ b/src/libimcv/pts/pts_file_meta.h @@ -34,12 +34,12 @@ typedef struct pts_file_metadata_t pts_file_metadata_t; */ struct pts_file_metadata_t { pts_file_type_t type; - u_int64_t filesize; - u_int64_t created; - u_int64_t modified; - u_int64_t accessed; - u_int64_t owner; - u_int64_t group; + uint64_t filesize; + uint64_t created; + uint64_t modified; + uint64_t accessed; + uint64_t owner; + uint64_t group; char *filename; }; diff --git a/src/libimcv/pts/pts_ima_bios_list.c b/src/libimcv/pts/pts_ima_bios_list.c index 5051b6c2d..7caa514a5 100644 --- a/src/libimcv/pts/pts_ima_bios_list.c +++ b/src/libimcv/pts/pts_ima_bios_list.c @@ -61,6 +61,8 @@ enum event_type_t { EV_EFI_PLATFORM_FIRMWARE_BLOB = 0x80000008, EV_EFI_HANDOFF_TABLES = 0x80000009, + EV_EFI_HCRTM_EVENT = 0x80000010, + EV_EFI_VARIABLE_AUTHORITY = 0x800000E0 }; @@ -85,7 +87,6 @@ ENUM_BEGIN(event_type_names, EV_PREBOOT_CERT, EV_OMIT_BOOT_DEVICE_EVENTS, "Nonhost Info", "Omit Boot Device Events" ); - ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES, EV_OMIT_BOOT_DEVICE_EVENTS, "EFI Event Base", @@ -99,8 +100,12 @@ ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES, "EFI Platform Firmware Blob", "EFI Handoff Tables" ); -ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY, +ENUM_NEXT(event_type_names, EV_EFI_HCRTM_EVENT, EV_EFI_HCRTM_EVENT, EV_EFI_HANDOFF_TABLES, + "EFI HCRTM Event" +); +ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY, + EV_EFI_HCRTM_EVENT, "EFI Variable Authority" ); ENUM_END(event_type_names, EV_EFI_VARIABLE_AUTHORITY); diff --git a/src/libimcv/pts/pts_meas_algo.c b/src/libimcv/pts/pts_meas_algo.c index c06371123..246c37714 100644 --- a/src/libimcv/pts/pts_meas_algo.c +++ b/src/libimcv/pts/pts_meas_algo.c @@ -158,6 +158,24 @@ hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm) /** * Described in header. */ +pts_meas_algorithms_t pts_meas_algo_from_hash(hash_algorithm_t algorithm) +{ + switch (algorithm) + { + case HASH_SHA1: + return PTS_MEAS_ALGO_SHA1; + case HASH_SHA256: + return PTS_MEAS_ALGO_SHA256; + case HASH_SHA384: + return PTS_MEAS_ALGO_SHA384; + default: + return PTS_MEAS_ALGO_NONE; + } +} + +/** + * Described in header. + */ size_t pts_meas_algo_hash_size(pts_meas_algorithms_t algorithm) { switch (algorithm) diff --git a/src/libimcv/pts/pts_meas_algo.h b/src/libimcv/pts/pts_meas_algo.h index eec7e7981..d70310679 100644 --- a/src/libimcv/pts/pts_meas_algo.h +++ b/src/libimcv/pts/pts_meas_algo.h @@ -96,6 +96,14 @@ pts_meas_algorithms_t pts_meas_algo_select(pts_meas_algorithms_t supported_algos hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm); /** + * Convert hash_algorithm_t to pts_meas_algorithms_t + * + * @param algorithm PTS measurement algorithm type + * @return libstrongswan hash algorithm type + */ +pts_meas_algorithms_t pts_meas_algo_from_hash(hash_algorithm_t algorithm); + +/** * Return the hash size of a pts_meas_algorithm * * @param algorithm PTS measurement algorithm type diff --git a/src/libimcv/pts/pts_pcr.c b/src/libimcv/pts/pts_pcr.c index 0af93b608..d514532c5 100644 --- a/src/libimcv/pts/pts_pcr.c +++ b/src/libimcv/pts/pts_pcr.c @@ -40,17 +40,17 @@ struct private_pts_pcr_t { /** * Number of extended PCR registers */ - u_int32_t pcr_count; + uint32_t pcr_count; /** * Highest extended PCR register */ - u_int32_t pcr_max; + uint32_t pcr_max; /** * Bitmap of extended PCR registers */ - u_int8_t pcr_select[PTS_PCR_MAX_NUM / 8]; + uint8_t pcr_select[PTS_PCR_MAX_NUM / 8]; /** * Hasher used to extend shadow PCRs @@ -59,16 +59,16 @@ struct private_pts_pcr_t { }; -METHOD(pts_pcr_t, get_count, u_int32_t, +METHOD(pts_pcr_t, get_count, uint32_t, private_pts_pcr_t *this) { return this->pcr_count; } METHOD(pts_pcr_t, select_pcr, bool, - private_pts_pcr_t *this, u_int32_t pcr) + private_pts_pcr_t *this, uint32_t pcr) { - u_int32_t i, f; + uint32_t i, f; if (pcr >= PTS_PCR_MAX_NUM) { @@ -106,7 +106,7 @@ typedef struct { /** implements enumerator_t */ enumerator_t public; /** current PCR */ - u_int32_t pcr; + uint32_t pcr; /** back reference to parent */ private_pts_pcr_t *pcrs; } pcr_enumerator_t; @@ -116,11 +116,11 @@ typedef struct { */ static bool pcr_enumerator_enumerate(pcr_enumerator_t *this, ...) { - u_int32_t *pcr, i, f; + uint32_t *pcr, i, f; va_list args; va_start(args, this); - pcr = va_arg(args, u_int32_t*); + pcr = va_arg(args, uint32_t*); va_end(args); while (this->pcr <= this->pcrs->pcr_max) @@ -158,13 +158,13 @@ METHOD(pts_pcr_t, create_enumerator, enumerator_t*, } METHOD(pts_pcr_t, get, chunk_t, - private_pts_pcr_t *this, u_int32_t pcr) + private_pts_pcr_t *this, uint32_t pcr) { return (pcr < PTS_PCR_MAX_NUM) ? this->pcrs[pcr] : chunk_empty; } METHOD(pts_pcr_t, set, bool, - private_pts_pcr_t *this, u_int32_t pcr, chunk_t value) + private_pts_pcr_t *this, uint32_t pcr, chunk_t value) { if (value.len != PTS_PCR_LEN) { @@ -180,7 +180,7 @@ METHOD(pts_pcr_t, set, bool, } METHOD(pts_pcr_t, extend, chunk_t, - private_pts_pcr_t *this, u_int32_t pcr, chunk_t measurement) + private_pts_pcr_t *this, uint32_t pcr, chunk_t measurement) { if (measurement.len != PTS_PCR_LEN) { @@ -200,26 +200,25 @@ METHOD(pts_pcr_t, extend, chunk_t, return this->pcrs[pcr]; } -METHOD(pts_pcr_t, get_composite, chunk_t, +METHOD(pts_pcr_t, get_composite, tpm_tss_pcr_composite_t*, private_pts_pcr_t *this) { - chunk_t composite; + tpm_tss_pcr_composite_t *pcr_composite; enumerator_t *enumerator; - u_int16_t selection_size; - u_int32_t pcr_field_size, pcr; + uint16_t selection_size; + uint32_t pcr_field_size, pcr; u_char *pos; selection_size = get_selection_size(this); pcr_field_size = this->pcr_count * PTS_PCR_LEN; - composite = chunk_alloc(2 + selection_size + 4 + pcr_field_size); - pos = composite.ptr; - htoun16(pos, selection_size); - pos += 2; - memcpy(pos, this->pcr_select, selection_size); - pos += selection_size; - htoun32(pos, pcr_field_size); - pos += 4; + INIT(pcr_composite, + .pcr_select = chunk_alloc(selection_size), + .pcr_composite = chunk_alloc(pcr_field_size), + ); + + memcpy(pcr_composite->pcr_select.ptr, this->pcr_select, selection_size); + pos = pcr_composite->pcr_composite.ptr; enumerator = create_enumerator(this); while (enumerator->enumerate(enumerator, &pcr)) @@ -229,14 +228,13 @@ METHOD(pts_pcr_t, get_composite, chunk_t, } enumerator->destroy(enumerator); - DBG3(DBG_PTS, "constructed PCR Composite: %B", &composite); - return composite; + return pcr_composite; } METHOD(pts_pcr_t, destroy, void, private_pts_pcr_t *this) { - u_int32_t i; + uint32_t i; for (i = 0; i < PTS_PCR_MAX_NUM; i++) { @@ -253,7 +251,7 @@ pts_pcr_t *pts_pcr_create(void) { private_pts_pcr_t *this; hasher_t *hasher; - u_int32_t i; + uint32_t i; hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) diff --git a/src/libimcv/pts/pts_pcr.h b/src/libimcv/pts/pts_pcr.h index f638b5ee4..df84c679f 100644 --- a/src/libimcv/pts/pts_pcr.h +++ b/src/libimcv/pts/pts_pcr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ typedef struct pts_pcr_t pts_pcr_t; #include <library.h> +#include <tpm_tss_quote_info.h> + /** * Maximum number of PCR's of TPM, TPM Spec 1.2 */ @@ -45,7 +47,7 @@ struct pts_pcr_t { * * @return number of selected PCRs */ - u_int32_t (*get_count)(pts_pcr_t *this); + uint32_t (*get_count)(pts_pcr_t *this); /** * Mark a PCR as selected @@ -53,7 +55,7 @@ struct pts_pcr_t { * @param pcr index of PCR * @return TRUE if PCR index exists */ - bool (*select_pcr)(pts_pcr_t *this, u_int32_t pcr); + bool (*select_pcr)(pts_pcr_t *this, uint32_t pcr); /** * Get the size of the selection field in bytes @@ -75,7 +77,7 @@ struct pts_pcr_t { * @param pcr index of PCR * @return content of PCR */ - chunk_t (*get)(pts_pcr_t *this, u_int32_t pcr); + chunk_t (*get)(pts_pcr_t *this, uint32_t pcr); /** * Set the content of a PCR @@ -84,7 +86,7 @@ struct pts_pcr_t { * @param value new value of PCR * @return TRUE if value could be set */ - bool (*set)(pts_pcr_t *this, u_int32_t pcr, chunk_t value); + bool (*set)(pts_pcr_t *this, uint32_t pcr, chunk_t value); /** * Extend the content of a PCR @@ -93,14 +95,14 @@ struct pts_pcr_t { * @param measurement measurment value to be extended into PCR * @return new content of PCR */ - chunk_t (*extend)(pts_pcr_t *this, u_int32_t pcr, chunk_t measurement); + chunk_t (*extend)(pts_pcr_t *this, uint32_t pcr, chunk_t measurement); /** * Create a PCR Composite object over all selected PCRs * * @return PCR Composite object (must be freed) */ - chunk_t (*get_composite)(pts_pcr_t *this); + tpm_tss_pcr_composite_t* (*get_composite)(pts_pcr_t *this); /** diff --git a/src/libimcv/pts/pts_simple_evid_final.h b/src/libimcv/pts/pts_simple_evid_final.h deleted file mode 100644 index 0c8dea0cc..000000000 --- a/src/libimcv/pts/pts_simple_evid_final.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2011 Sansar Choinyambuu - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup pts_simple_evid_final pts_rsimple_evid_final - * @{ @ingroup pts - */ - -#ifndef PTS_SIMPLE_EVID_FINAL_H_ -#define PTS_SIMPLE_EVID_FINAL_H_ - -typedef enum pts_simple_evid_final_flag_t pts_simple_evid_final_flag_t; - -#include <library.h> - -/** - * PTS Simple Evidence Final Flags - */ -enum pts_simple_evid_final_flag_t { - /** TPM PCR Composite and TPM Quote Signature not included */ - PTS_SIMPLE_EVID_FINAL_NO = 0x00, - /** TPM PCR Composite and TPM Quote Signature included - * using TPM_QUOTE_INFO */ - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO = 0x40, - /** TPM PCR Composite and TPM Quote Signature included - * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO not appended */ - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 = 0x80, - /** TPM PCR Composite and TPM Quote Signature included - * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO appended */ - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER = 0xC0, - /** Evidence Signature included */ - PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20, -}; - -#endif /** PTS_SIMPLE_EVID_FINAL_H_ @}*/ |