1 files changed, 60 insertions, 92 deletions

diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c
index 3ab9b92e6..2fff4c901 100644
--- a/src/libpts/pts/pts.c
+++ b/src/libpts/pts/pts.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -21,6 +22,10 @@
 #include <bio/bio_reader.h>
 
 #ifdef TSS_TROUSERS
+#ifdef _BASETSD_H_
+/* MinGW defines _BASETSD_H_, but TSS checks for _BASETSD_H */
+# define _BASETSD_H
+#endif
 #include <trousers/tss.h>
 #include <trousers/trousers.h>
 #else
@@ -34,7 +39,6 @@
 
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <sys/utsname.h>
 #include <libgen.h>
 #include <unistd.h>
 #include <errno.h>
@@ -88,9 +92,9 @@ struct private_pts_t {
 	chunk_t secret;
 
 	/**
-	 * Platform and OS Info
+	 * Primary key of platform entry in database
 	 */
-	char *platform_info;
+	int platform_id;
 
 	/**
 	 * TRUE if IMC-PTS, FALSE if IMV-PTS
@@ -118,6 +122,11 @@ struct private_pts_t {
  	certificate_t *aik;
 
 	/**
+	 * Primary key referening AIK in database
+	 */
+	int aik_id;
+
+	/**
 	 * Shadow PCR set
 	 */
 	pts_pcr_t *pcrs;
@@ -296,29 +305,23 @@ METHOD(pts_t, calculate_secret, bool,
  */
 static void print_tpm_version_info(private_pts_t *this)
 {
-	TPM_CAP_VERSION_INFO versionInfo;
-	UINT64 offset = 0;
-	TSS_RESULT result;
+	TPM_CAP_VERSION_INFO *info;
 
-	result = Trspi_UnloadBlob_CAP_VERSION_INFO(&offset,
-						this->tpm_version_info.ptr, &versionInfo);
-	if (result != TSS_SUCCESS)
+	info = (TPM_CAP_VERSION_INFO*)this->tpm_version_info.ptr;
+
+	if (this->tpm_version_info.len >=
+			sizeof(*info) - sizeof(info->vendorSpecific))
 	{
-		DBG1(DBG_PTS, "could not parse tpm version info: tss error 0x%x",
-			 result);
+		DBG2(DBG_PTS, "TPM Version Info: Chip Version: %u.%u.%u.%u, "
+			 "Spec Level: %u, Errata Rev: %u, Vendor ID: %.4s",
+			 info->version.major, info->version.minor,
+			 info->version.revMajor, info->version.revMinor,
+			 untoh16(&info->specLevel), info->errataRev, info->tpmVendorID);
 	}
 	else
 	{
-		DBG2(DBG_PTS, "TPM 1.2 Version Info: Chip Version: %hhu.%hhu.%hhu.%hhu,"
-					  " Spec Level: %hu, Errata Rev: %hhu, Vendor ID: %.4s [%.*s]",
-					  versionInfo.version.major, versionInfo.version.minor,
-					  versionInfo.version.revMajor, versionInfo.version.revMinor,
-					  versionInfo.specLevel, versionInfo.errataRev,
-					  versionInfo.tpmVendorID, versionInfo.vendorSpecificSize,
-					  versionInfo.vendorSpecificSize ?
-					  (char*)versionInfo.vendorSpecific : "");
+		DBG1(DBG_PTS, "could not parse tpm version info");
 	}
-	free(versionInfo.vendorSpecific);
 }
 
 #else
@@ -330,22 +333,16 @@ static void print_tpm_version_info(private_pts_t *this)
 
 #endif /* TSS_TROUSERS */
 
-METHOD(pts_t, get_platform_info, char*,
+METHOD(pts_t, get_platform_id, int,
 	private_pts_t *this)
 {
-	return this->platform_info;
+	return this->platform_id;
 }
 
-METHOD(pts_t, set_platform_info, void,
-	private_pts_t *this, chunk_t name, chunk_t version)
+METHOD(pts_t, set_platform_id, void,
+	private_pts_t *this, int pid)
 {
-	int len = name.len + 1 + version.len + 1;
-
-	/* platform info is a concatenation of OS name and OS version */
-	free(this->platform_info);
-	this->platform_info = malloc(len);
-	snprintf(this->platform_info, len, "%.*s %.*s", (int)name.len, name.ptr,
-			(int)version.len, version.ptr);
+	this->platform_id = pid;
 }
 
 METHOD(pts_t, get_tpm_version_info, bool,
@@ -372,42 +369,31 @@ METHOD(pts_t, set_tpm_version_info, void,
  */
 static void load_aik_blob(private_pts_t *this)
 {
-	char *blob_path;
-	FILE *fp;
-	u_int32_t aikBlobLen;
+	char *path;
+	chunk_t *map;
 
-	blob_path = lib->settings->get_str(lib->settings,
+	path = lib->settings->get_str(lib->settings,
 						"%s.plugins.imc-attestation.aik_blob", NULL, lib->ns);
-
-	if (blob_path)
+	if (path)
 	{
-		/* Read aik key blob from a file */
-		if ((fp = fopen(blob_path, "r")) == NULL)
-		{
-			DBG1(DBG_PTS, "unable to open AIK Blob file: %s", blob_path);
-			return;
-		}
-
-		fseek(fp, 0, SEEK_END);
-		aikBlobLen = ftell(fp);
-		fseek(fp, 0L, SEEK_SET);
-
-		this->aik_blob = chunk_alloc(aikBlobLen);
-		if (fread(this->aik_blob.ptr, 1, aikBlobLen, fp) == aikBlobLen)
+		map = chunk_map(path, FALSE);
+		if (map)
 		{
-			DBG2(DBG_PTS, "loaded AIK Blob from '%s'", blob_path);
-			DBG3(DBG_PTS, "AIK Blob: %B", &this->aik_blob);
+			DBG2(DBG_PTS, "loaded AIK Blob from '%s'", path);
+			DBG3(DBG_PTS, "AIK Blob: %B", map);
+			this->aik_blob = chunk_clone(*map);
+			chunk_unmap(map);
 		}
 		else
 		{
-			DBG1(DBG_PTS, "unable to read AIK Blob file '%s'", blob_path);
-			chunk_free(&this->aik_blob);
+			DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s",
+				 path, strerror(errno));
 		}
-		fclose(fp);
-		return;
 	}
-
-	DBG1(DBG_PTS, "AIK Blob is not available");
+	else
+	{
+		DBG1(DBG_PTS, "AIK Blob is not available");
+	}
 }
 
 /**
@@ -421,7 +407,7 @@ static void load_aik(private_pts_t *this)
 	cert_path = lib->settings->get_str(lib->settings,
 						"%s.plugins.imc-attestation.aik_cert", NULL, lib->ns);
 	key_path = lib->settings->get_str(lib->settings,
-						"%s.plugins.imc-attestation.aik_key", NULL, lib->ns);
+						"%s.plugins.imc-attestation.aik_pubkey", NULL, lib->ns);
 
 	if (cert_path)
 	{
@@ -456,37 +442,17 @@ METHOD(pts_t, get_aik, certificate_t*,
 }
 
 METHOD(pts_t, set_aik, void,
-	private_pts_t *this, certificate_t *aik)
+	private_pts_t *this, certificate_t *aik, int aik_id)
 {
 	DESTROY_IF(this->aik);
 	this->aik = aik->get_ref(aik);
+	this->aik_id = aik_id;
 }
 
-METHOD(pts_t, get_aik_keyid, bool,
-	private_pts_t *this, chunk_t *keyid)
+METHOD(pts_t, get_aik_id, int,
+	private_pts_t *this)
 {
-	public_key_t *public;
-	bool success;
-
-	if (!this->aik)
-	{
-		DBG1(DBG_PTS, "no AIK certificate available");
-		return FALSE;
-	}
-	public = this->aik->get_public_key(this->aik);
-	if (!public)
-	{
-		DBG1(DBG_PTS, "no AIK public key available");
-		return FALSE;
-	}
-	success = public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, keyid);
-	if (!success)
-	{
-		DBG1(DBG_PTS, "no SHA-1 AIK public key info ID available");
-	}
-	public->destroy(public);
-
-	return success;
+	return this->aik_id;
 }
 
 METHOD(pts_t, is_path_valid, bool,
@@ -557,6 +523,7 @@ static bool file_metadata(char *pathname, pts_file_metadata_t **entry)
 	{
 		this->type = PTS_FILE_FIFO;
 	}
+#ifndef WIN32
 	else if (S_ISLNK(st.st_mode))
 	{
 		this->type = PTS_FILE_SYM_LINK;
@@ -565,6 +532,7 @@ static bool file_metadata(char *pathname, pts_file_metadata_t **entry)
 	{
 		this->type = PTS_FILE_SOCKET;
 	}
+#endif /* WIN32 */
 	else
 	{
 		this->type = PTS_FILE_OTHER;
@@ -644,7 +612,8 @@ METHOD(pts_t, read_pcr, bool,
 	TSS_HCONTEXT hContext;
 	TSS_HTPM hTPM;
 	TSS_RESULT result;
-	chunk_t rgbPcrValue;
+	BYTE *buf;
+	UINT32 len;
 
 	bool success = FALSE;
 
@@ -665,12 +634,12 @@ METHOD(pts_t, read_pcr, bool,
 	{
 		goto err;
 	}
-	result = Tspi_TPM_PcrRead(hTPM, pcr_num, (UINT32*)&rgbPcrValue.len, &rgbPcrValue.ptr);
+	result = Tspi_TPM_PcrRead(hTPM, pcr_num, &len, &buf);
 	if (result != TSS_SUCCESS)
 	{
 		goto err;
 	}
-	*pcr_value = chunk_clone(rgbPcrValue);
+	*pcr_value = chunk_clone(chunk_create(buf, len));
 	DBG3(DBG_PTS, "PCR %d value:%B", pcr_num, pcr_value);
 	success = TRUE;
 
@@ -1093,7 +1062,6 @@ METHOD(pts_t, destroy, void,
 	free(this->initiator_nonce.ptr);
 	free(this->responder_nonce.ptr);
 	free(this->secret.ptr);
-	free(this->platform_info);
 	free(this->aik_blob.ptr);
 	free(this->tpm_version_info.ptr);
 	free(this);
@@ -1187,13 +1155,13 @@ pts_t *pts_create(bool is_imc)
 			.get_my_public_value = _get_my_public_value,
 			.set_peer_public_value = _set_peer_public_value,
 			.calculate_secret = _calculate_secret,
-			.get_platform_info = _get_platform_info,
-			.set_platform_info = _set_platform_info,
+			.get_platform_id = _get_platform_id,
+			.set_platform_id = _set_platform_id,
 			.get_tpm_version_info = _get_tpm_version_info,
 			.set_tpm_version_info = _set_tpm_version_info,
 			.get_aik = _get_aik,
 			.set_aik = _set_aik,
-			.get_aik_keyid = _get_aik_keyid,
+			.get_aik_id = _get_aik_id,
 			.is_path_valid = _is_path_valid,
 			.get_metadata = _get_metadata,
 			.read_pcr = _read_pcr,