From 6ac3ff9b308e27f8cd2dff46f7aaa97721fd2a3a Mon Sep 17 00:00:00 2001 From: emanuel Date: Wed, 6 Jul 2022 17:50:29 +0100 Subject: [PATCH] TPM verify entry proof sec.req fix --- src/tpm.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/tpm.c b/src/tpm.c index b81eb67..b0d5d76 100644 --- a/src/tpm.c +++ b/src/tpm.c @@ -406,7 +406,7 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur TollingType_t* type_rx = tpm_rx->tpm->tollingType; uint64_t client_id, nonce, info_id; - const uint32_t buf_len = 1024; + const uint32_t buf_len = 1200; uint8_t buf[buf_len]; uint8_t tpm_uper[buf_len]; @@ -587,7 +587,7 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur sreq->choice.verify.type = tpm_rx->tpmSignature->type; buf[0] = 4; - enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, buf+1, 2047); + enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, buf+1, buf_len-1); syslog_debug("[facilities]->[security] SecurityRequest.verify (%ldB)", enc.encoded+1); zmq_send(security_socket, buf, enc.encoded+1, 0); int32_t rl = zmq_recv(security_socket, buf, buf_len, 0); @@ -614,6 +614,7 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur srep = NULL; } + // TPM tpm = calloc(1, sizeof(TPM_t)); @@ -699,7 +700,11 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur memcpy(sreq->choice.sign.data.buf, buf, enc.encoded); buf[0] = 4; - enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, buf+1, 2047); + enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, buf+1, buf_len-1); + if (enc.encoded == -1) { + syslog_err("[facilities] [tolling] error encoding SecurityRequest (%s)", enc.failed_type->name); + goto cleanup; + } syslog_debug("[facilities]->[security] SecurityRequest.sign (%ldB)", enc.encoded+1); zmq_send(security_socket, buf, enc.encoded+1, 0); int rc = zmq_recv(security_socket, buf, buf_len, 0); @@ -715,6 +720,7 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur goto cleanup; } + tpm->tpmSignature = calloc(1, sizeof(TpmSignature_t)); tpm->tpmSignature->r.size = srep->data->choice.sign.r.size; tpm->tpmSignature->r.buf = malloc(srep->data->choice.sign.r.size); memcpy(tpm->tpmSignature->r.buf, srep->data->choice.sign.r.buf, srep->data->choice.sign.r.size); @@ -726,6 +732,11 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur memcpy(tpm->tpmSignature->signer.buf, srep->data->choice.sign.signer.buf, srep->data->choice.sign.signer.size); tpm->tpmSignature->type = srep->data->choice.sign.type; + ASN_STRUCT_FREE(asn_DEF_SecurityRequest, sreq); + ASN_STRUCT_FREE(asn_DEF_SecurityReply, srep); + sreq = NULL; + srep = NULL; + // encode TPM enc = uper_encode_to_buffer(&asn_DEF_TPM, NULL, tpm, tpm_uper, buf_len); if (enc.encoded == -1) { @@ -802,8 +813,8 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur } syslog_debug("[facilities] [tolling]<- SecurityReply.tlsSend <-[security] | size:%dB", rc); - asn_dec_rval_t dec = oer_decode(NULL, &asn_DEF_SecurityReply, (void**) &srep, buf, buf_len); - + asn_dec_rval_t dec = oer_decode(NULL, &asn_DEF_SecurityReply, (void**) &srep, buf, rc); + if (dec.code || srep->returnCode != SecurityReplyReturnCode_accepted || !srep->data ||