Imported Upstream version 5.0.1

5 files changed, 212 insertions, 84 deletions

diff --git a/src/libpts/plugins/imc_attestation/Makefile.in b/src/libpts/plugins/imc_attestation/Makefile.in
index 583d2dfee..4734379bf 100644
--- a/src/libpts/plugins/imc_attestation/Makefile.in
+++ b/src/libpts/plugins/imc_attestation/Makefile.in
@@ -49,6 +49,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
@@ -84,7 +85,7 @@ imc_attestation_la_OBJECTS = $(am_imc_attestation_la_OBJECTS)
 imc_attestation_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(imc_attestation_la_LDFLAGS) $(LDFLAGS) -o $@
-DEFAULT_INCLUDES = -I.@am__isrc@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
 am__mv = mv -f
@@ -110,6 +111,7 @@ AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
+BFDLIB = @BFDLIB@
 BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
@@ -204,11 +206,14 @@ build_os = @build_os@
 build_vendor = @build_vendor@
 builddir = @builddir@
 c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
 clearsilver_LIBS = @clearsilver_LIBS@
 datadir = @datadir@
 datarootdir = @datarootdir@
 dbusservicedir = @dbusservicedir@
-default_pkcs11 = @default_pkcs11@
+dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
@@ -225,11 +230,12 @@ imcvdir = @imcvdir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
 ipsecdir = @ipsecdir@
 ipsecgroup = @ipsecgroup@
 ipseclibdir = @ipseclibdir@
 ipsecuser = @ipsecuser@
-libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
 libexecdir = @libexecdir@
 linux_headers = @linux_headers@
@@ -245,6 +251,7 @@ mkdir_p = @mkdir_p@
 nm_CFLAGS = @nm_CFLAGS@
 nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
 oldincludedir = @oldincludedir@
 openac_plugins = @openac_plugins@
 p_plugins = @p_plugins@
@@ -254,7 +261,6 @@ pdfdir = @pdfdir@
 piddir = @piddir@
 pki_plugins = @pki_plugins@
 plugindir = @plugindir@
-pluto_plugins = @pluto_plugins@
 pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libpts/plugins/imc_attestation/imc_attestation.c
index 4f77ba093..7cb2a0671 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation.c
+++ b/src/libpts/plugins/imc_attestation/imc_attestation.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -21,6 +21,7 @@
 #include <ietf/ietf_attr.h>
 #include <ietf/ietf_attr_pa_tnc_error.h>
 #include <ietf/ietf_attr_product_info.h>
+#include <ietf/ietf_attr_assess_result.h>
 
 #include <libpts.h>
 
@@ -108,9 +109,17 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
 		case TNC_CONNECTION_STATE_CREATE:
 			state = imc_attestation_state_create(connection_id);
 			return imc_attestation->create_state(imc_attestation, state);
+		case TNC_CONNECTION_STATE_HANDSHAKE:
+			if (imc_attestation->change_state(imc_attestation, connection_id,
+				new_state, &state) != TNC_RESULT_SUCCESS)
+			{
+				return TNC_RESULT_FATAL;
+			}
+			state->set_result(state, imc_id,
+							  TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+			return TNC_RESULT_SUCCESS;
 		case TNC_CONNECTION_STATE_DELETE:
 			return imc_attestation->delete_state(imc_attestation, connection_id);
-		case TNC_CONNECTION_STATE_HANDSHAKE:
 		case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
 		case TNC_CONNECTION_STATE_ACCESS_NONE:
 		default:
@@ -149,17 +158,15 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
 	platform_info = pts->get_platform_info(pts);
 	if (platform_info)
 	{
-		pa_tnc_msg_t *pa_tnc_msg;
+		linked_list_t *attr_list;
 		pa_tnc_attr_t *attr;
 
-		pa_tnc_msg = pa_tnc_msg_create();
+		attr_list = linked_list_create();
 		attr = ietf_attr_product_info_create(0, 0, platform_info);
-		pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
-		pa_tnc_msg->build(pa_tnc_msg);
+		attr_list->insert_last(attr_list, attr);
 		result = imc_attestation->send_message(imc_attestation, connection_id,
-										FALSE, 0, TNC_IMVID_ANY,
-										pa_tnc_msg->get_encoding(pa_tnc_msg));
-		pa_tnc_msg->destroy(pa_tnc_msg);
+										FALSE, 0, TNC_IMVID_ANY, attr_list);
+		attr_list->destroy(attr_list);
 	}
 
 	return result;
@@ -176,11 +183,13 @@ static TNC_Result receive_message(TNC_IMCID imc_id,
 {
 	pa_tnc_msg_t *pa_tnc_msg;
 	pa_tnc_attr_t *attr;
+	pen_type_t type;
 	linked_list_t *attr_list;
 	imc_state_t *state;
 	imc_attestation_state_t *attestation_state;
 	enumerator_t *enumerator;
 	TNC_Result result;
+	TNC_UInt32 target_imc_id;
 
 	if (!imc_attestation)
 	{
@@ -204,6 +213,7 @@ static TNC_Result receive_message(TNC_IMCID imc_id,
 	{
 		return result;
 	}
+	target_imc_id = (dst_imc_id == TNC_IMCID_ANY) ? imc_id : dst_imc_id;
 	
 	/* preprocess any IETF standard error attributes */
 	result = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg) ?
@@ -215,30 +225,40 @@ static TNC_Result receive_message(TNC_IMCID imc_id,
 	enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
 	while (enumerator->enumerate(enumerator, &attr))
 	{
-		if (attr->get_vendor_id(attr) == PEN_IETF &&
-			attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
-		{
-			ietf_attr_pa_tnc_error_t *error_attr;
-			pen_t error_vendor_id;
-			pa_tnc_error_code_t error_code;
-			chunk_t msg_info;
+		type = attr->get_type(attr);
 
-			error_attr = (ietf_attr_pa_tnc_error_t*)attr;
-			error_vendor_id = error_attr->get_vendor_id(error_attr);
-
-			if (error_vendor_id == PEN_TCG)
+		if (type.vendor_id == PEN_IETF)
+		{
+			if (type.type == IETF_ATTR_PA_TNC_ERROR)
 			{
+				ietf_attr_pa_tnc_error_t *error_attr;
+				pen_type_t error_code;
+				chunk_t msg_info;
+
+				error_attr = (ietf_attr_pa_tnc_error_t*)attr;
 				error_code = error_attr->get_error_code(error_attr);
-				msg_info = error_attr->get_msg_info(error_attr);
 
-				DBG1(DBG_IMC, "received TCG-PTS error '%N'",
-					 pts_error_code_names, error_code);
-				DBG1(DBG_IMC, "error information: %B", &msg_info);
+				if (error_code.vendor_id == PEN_TCG)
+				{
+					msg_info = error_attr->get_msg_info(error_attr);
 
-				result = TNC_RESULT_FATAL;
+					DBG1(DBG_IMC, "received TCG-PTS error '%N'",
+						 pts_error_code_names, error_code.type);
+					DBG1(DBG_IMC, "error information: %B", &msg_info);
+
+					result = TNC_RESULT_FATAL;
+				}
+			}
+			else if (type.type == IETF_ATTR_ASSESSMENT_RESULT)
+			{
+				ietf_attr_assess_result_t *ietf_attr;
+
+				ietf_attr = (ietf_attr_assess_result_t*)attr;
+				state->set_result(state, target_imc_id,
+								  ietf_attr->get_result(ietf_attr));
 			}
 		}
-		else if (attr->get_vendor_id(attr) == PEN_TCG)
+		else if (type.vendor_id == PEN_TCG)
 		{
 			if (!imc_attestation_process(attr, attr_list, attestation_state,
 				supported_algorithms, supported_dh_groups))
@@ -253,23 +273,11 @@ static TNC_Result receive_message(TNC_IMCID imc_id,
 
 	if (result == TNC_RESULT_SUCCESS && attr_list->get_count(attr_list))
 	{
-		pa_tnc_msg = pa_tnc_msg_create();
-
-		enumerator = attr_list->create_enumerator(attr_list);
-		while (enumerator->enumerate(enumerator, &attr))
-		{
-			pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
-		}
-		enumerator->destroy(enumerator);
-
-		pa_tnc_msg->build(pa_tnc_msg);
 		result = imc_attestation->send_message(imc_attestation, connection_id,
-										FALSE, 0, TNC_IMVID_ANY,
-										pa_tnc_msg->get_encoding(pa_tnc_msg));
-		pa_tnc_msg->destroy(pa_tnc_msg);
+										FALSE, 0, TNC_IMVID_ANY, attr_list);
 	}
-
 	attr_list->destroy(attr_list);
+
 	return result;
 }
 
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.c b/src/libpts/plugins/imc_attestation/imc_attestation_process.c
index b70c05370..bd2fa649d 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation_process.c
+++ b/src/libpts/plugins/imc_attestation/imc_attestation_process.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -23,7 +23,6 @@
 
 #include <ietf/ietf_attr_pa_tnc_error.h>
 
-#include <libpts.h>
 #include <pts/pts.h>
 
 #include <tcg/tcg_pts_attr_proto_caps.h>
@@ -57,10 +56,13 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 	chunk_t attr_info;
 	pts_t *pts;
 	pts_error_code_t pts_error;
+	pen_type_t attr_type;
 	bool valid_path;
 
 	pts = attestation_state->get_pts(attestation_state);
-	switch (attr->get_type(attr))
+	attr_type = attr->get_type(attr);
+
+	switch (attr_type.type)
 	{
 		case TCG_PTS_REQ_PROTO_CAPS:
 		{
@@ -182,12 +184,12 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 		case TCG_PTS_GET_TPM_VERSION_INFO:
 		{
 			chunk_t tpm_version_info, attr_info;
+			pen_type_t error_code = { PEN_TCG, TCG_PTS_TPM_VERS_NOT_SUPPORTED };
 
 			if (!pts->get_tpm_version_info(pts, &tpm_version_info))
 			{
 				attr_info = attr->get_value(attr);
-				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-							TCG_PTS_TPM_VERS_NOT_SUPPORTED, attr_info);
+				attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
 				attr_list->insert_last(attr_list, attr);
 				break;
 			}
@@ -221,6 +223,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			bool is_directory;
 			u_int32_t delimiter;
 			pts_file_meas_t *measurements;
+			pen_type_t error_code;
 
 			attr_info = attr->get_value(attr);
 			attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
@@ -232,8 +235,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 
 			if (valid_path && pts_error)
 			{
-				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										pts_error, attr_info);
+				error_code = pen_type_create(PEN_TCG, pts_error);
+				attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
 				attr_list->insert_last(attr_list, attr);
 				break;
 			}
@@ -244,8 +247,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 
 			if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
 			{
-				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										TCG_PTS_INVALID_DELIMITER, attr_info);
+				error_code = pen_type_create(PEN_TCG,
+											 TCG_PTS_INVALID_DELIMITER);
+				attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
 				attr_list->insert_last(attr_list, attr);
 				break;
 			}
@@ -254,8 +258,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			DBG2(DBG_IMC, "measurement request %d for %s '%s'",
 				 request_id, is_directory ? "directory" : "file",
 				 pathname);
-			measurements = pts->do_measurements(pts, request_id,
-									pathname, is_directory);
+			measurements = pts_file_meas_create_from_path(request_id,
+										pathname, is_directory, TRUE,
+										pts->get_meas_algorithm(pts));
 			if (!measurements)
 			{
 				/* TODO handle error codes from measurements */
@@ -273,6 +278,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			bool is_directory;
 			u_int8_t delimiter;
 			pts_file_meta_t *metadata;
+			pen_type_t error_code;
 
 			attr_info = attr->get_value(attr);
 			attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
@@ -283,8 +289,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			valid_path = pts->is_path_valid(pts, pathname, &pts_error);
 			if (valid_path && pts_error)
 			{
-				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										pts_error, attr_info);
+				error_code = pen_type_create(PEN_TCG, pts_error);
+				attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
 				attr_list->insert_last(attr_list, attr);
 				break;
 			}
@@ -294,8 +300,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			}
 			if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
 			{
-				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										TCG_PTS_INVALID_DELIMITER, attr_info);
+				error_code = pen_type_create(PEN_TCG,
+											 TCG_PTS_INVALID_DELIMITER);
+				attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
 				attr_list->insert_last(attr_list, attr);
 				break;
 			}
@@ -323,6 +330,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			pts_comp_func_name_t *name;
 			pts_comp_evidence_t *evid;
 			pts_component_t *comp;
+			pen_type_t error_code;
 			u_int32_t depth;
 			u_int8_t flags;
 			status_t status;
@@ -342,32 +350,36 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 
 				if (flags & PTS_REQ_FUNC_COMP_EVID_TTC)
 				{
-					attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-											TCG_PTS_UNABLE_DET_TTC, attr_info);
+					error_code = pen_type_create(PEN_TCG,
+												 TCG_PTS_UNABLE_DET_TTC); 
+					attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
 					attr_list->insert_last(attr_list, attr);
 					break;
 				}
 				if (flags & PTS_REQ_FUNC_COMP_EVID_VER &&
 					!(negotiated_caps & PTS_PROTO_CAPS_V))
 				{
-					attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										TCG_PTS_UNABLE_LOCAL_VAL, attr_info);
+					error_code = pen_type_create(PEN_TCG,
+												 TCG_PTS_UNABLE_LOCAL_VAL);
+					attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
 					attr_list->insert_last(attr_list, attr);
 					break;
 				}
 				if (flags & PTS_REQ_FUNC_COMP_EVID_CURR &&
 					!(negotiated_caps & PTS_PROTO_CAPS_C))
 				{
-					attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										TCG_PTS_UNABLE_CUR_EVID, attr_info);
+					error_code = pen_type_create(PEN_TCG,
+												 TCG_PTS_UNABLE_CUR_EVID);
+					attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
 					attr_list->insert_last(attr_list, attr);
 					break;
 				}
 				if (flags & PTS_REQ_FUNC_COMP_EVID_PCR &&
 					!(negotiated_caps & PTS_PROTO_CAPS_T))
 				{
-					attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										TCG_PTS_UNABLE_DET_PCR, attr_info);
+					error_code = pen_type_create(PEN_TCG,
+												 TCG_PTS_UNABLE_DET_PCR);
+					attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
 					attr_list->insert_last(attr_list, attr);
 					break;
 				}
@@ -377,17 +389,19 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 								  "support sub component measurements");
 					return FALSE;
 				}
-				comp = pts_components->create(pts_components, name, depth, NULL);
+				comp = attestation_state->create_component(attestation_state,
+														   name, depth);
 				if (!comp)
 				{
 					DBG2(DBG_IMC, "    not registered: no evidence provided");
 					continue;
 				}
 
-				/* do the component evidence measurement[s] */
+				/* do the component evidence measurement[s] and cache them */
 				do
 				{
-					status = comp->measure(comp, pts, &evid);
+					status = comp->measure(comp, name->get_qualifier(name),
+										   pts, &evid);
 					if (status == FAILED)
 					{
 						break;
@@ -395,7 +409,6 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 					attestation_state->add_evidence(attestation_state, evid);
 				}
 				while (status == NEED_MORE);
-				comp->destroy(comp);
 			}
 			e->destroy(e);
 			break;
@@ -408,12 +421,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			chunk_t pcr_composite, quote_sig;
 			bool use_quote2;
 
-			/* Send buffered Simple Component Evidences */
+			/* Send cached Component Evidence entries */
 			while (attestation_state->next_evidence(attestation_state, &evid))
 			{
-				pts->select_pcr(pts, evid->get_extended_pcr(evid));
-
-				/* Send Simple Component Evidence */
 				attr = tcg_pts_attr_simple_comp_evid_create(evid);
 				attr_list->insert_last(attr_list, attr);
 			}
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.c b/src/libpts/plugins/imc_attestation/imc_attestation_state.c
index 72a55f60e..8ebabafa2 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation_state.c
+++ b/src/libpts/plugins/imc_attestation/imc_attestation_state.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -15,10 +15,15 @@
 
 #include "imc_attestation_state.h"
 
+#include <libpts.h>
+
+#include <tncif_names.h>
+
 #include <utils/linked_list.h>
 #include <debug.h>
 
 typedef struct private_imc_attestation_state_t private_imc_attestation_state_t;
+typedef struct func_comp_t func_comp_t;
 
 /**
  * Private data of an imc_attestation_state_t object.
@@ -41,6 +46,11 @@ struct private_imc_attestation_state_t {
 	TNC_ConnectionState state;
 
 	/**
+	 * Assessment/Evaluation Result
+	 */
+	TNC_IMV_Evaluation_Result result;
+
+	/**
 	 * Does the TNCCS connection support long message types?
 	 */
 	bool has_long;
@@ -51,12 +61,22 @@ struct private_imc_attestation_state_t {
 	bool has_excl;
 
 	/**
+	 * Maximum PA-TNC message size for this TNCCS connection
+	 */
+	u_int32_t max_msg_len;
+
+	/**
 	 * PTS object
 	 */
 	pts_t *pts;
 
 	/**
-	 * PTS Component Evidence list
+	 * List of Functional Components
+	 */
+	linked_list_t *components;
+
+	/**
+	 * Functional Component Evidence cache list
 	 */
 	linked_list_t *list;
 
@@ -87,18 +107,52 @@ METHOD(imc_state_t, set_flags, void,
 	this->has_excl = has_excl;
 }
 
+METHOD(imc_state_t, set_max_msg_len, void,
+	private_imc_attestation_state_t *this, u_int32_t max_msg_len)
+{
+	this->max_msg_len = max_msg_len;
+}
+
+METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+	private_imc_attestation_state_t *this)
+{
+	return this->max_msg_len;
+}
+
 METHOD(imc_state_t, change_state, void,
 	private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
 {
 	this->state = new_state;
 }
 
+METHOD(imc_state_t, set_result, void,
+	private_imc_attestation_state_t *this, TNC_IMCID id,
+	TNC_IMV_Evaluation_Result result)
+{
+	DBG1(DBG_IMC, "set assessment result for IMC %u to '%N'",
+		 id, TNC_IMV_Evaluation_Result_names, result);
+	this->result = result;
+}
+
+METHOD(imc_state_t, get_result, bool,
+	private_imc_attestation_state_t *this, TNC_IMCID id,
+	TNC_IMV_Evaluation_Result *result)
+{
+	if (result)
+	{
+		*result = this->result;
+	}
+	return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
 
 METHOD(imc_state_t, destroy, void,
 	private_imc_attestation_state_t *this)
 {
 	this->pts->destroy(this->pts);
-	this->list->destroy_offset(this->list, offsetof(pts_comp_evidence_t, destroy));
+	this->components->destroy_offset(this->components,
+							offsetof(pts_component_t, destroy));
+	this->list->destroy_offset(this->list,
+							offsetof(pts_comp_evidence_t, destroy));
 	free(this);
 }
 
@@ -108,10 +162,42 @@ METHOD(imc_attestation_state_t, get_pts, pts_t*,
 	return this->pts;
 }
 
+METHOD(imc_attestation_state_t, create_component, pts_component_t*,
+	private_imc_attestation_state_t *this, pts_comp_func_name_t *name,
+	u_int32_t depth)
+{
+	enumerator_t *enumerator;
+	pts_component_t *component;
+	bool found = FALSE;
+
+	enumerator = this->components->create_enumerator(this->components);
+	while (enumerator->enumerate(enumerator, &component))
+	{
+		if (name->equals(name, component->get_comp_func_name(component)))
+		{
+			found = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	if (!found)
+	{
+		component = pts_components->create(pts_components, name, depth, NULL);
+		if (!component)
+		{
+			return NULL;
+		}
+		this->components->insert_last(this->components, component);
+
+	}
+	return component;
+}
+
 METHOD(imc_attestation_state_t, add_evidence, void,
-	private_imc_attestation_state_t *this, pts_comp_evidence_t *evidence)
+	private_imc_attestation_state_t *this, pts_comp_evidence_t *evid)
 {
-	this->list->insert_last(this->list, evidence);
+	this->list->insert_last(this->list, evid);
 }
 
 METHOD(imc_attestation_state_t, next_evidence, bool,
@@ -135,16 +221,23 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
 				.has_long = _has_long,
 				.has_excl = _has_excl,
 				.set_flags = _set_flags,
+				.set_max_msg_len = _set_max_msg_len,
+				.get_max_msg_len = _get_max_msg_len,
 				.change_state = _change_state,
+				.set_result = _set_result,
+				.get_result = _get_result,
 				.destroy = _destroy,
 			},
 			.get_pts = _get_pts,
+			.create_component = _create_component,
 			.add_evidence = _add_evidence,
 			.next_evidence = _next_evidence,
 		},
 		.connection_id = connection_id,
 		.state = TNC_CONNECTION_STATE_CREATE,
+		.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
 		.pts = pts_create(TRUE),
+		.components = linked_list_create(),
 		.list = linked_list_create(),
 	);
 
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.h b/src/libpts/plugins/imc_attestation/imc_attestation_state.h
index 22b0bba23..e4fca71bb 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation_state.h
+++ b/src/libpts/plugins/imc_attestation/imc_attestation_state.h
@@ -24,6 +24,7 @@
 
 #include <imc/imc_state.h>
 #include <pts/pts.h>
+#include <pts/components/pts_component.h>
 #include <pts/components/pts_comp_evidence.h>
 #include <library.h>
 
@@ -47,14 +48,24 @@ struct imc_attestation_state_t {
 	pts_t* (*get_pts)(imc_attestation_state_t *this);
 
 	/**
-	 * Add an entry to the Component Evidence list
+	 * Create and add an entry to the list of Functional Components
 	 *
-	 * @param entry				Component Evidence entry
+	 * @param name				Component Functional Name
+	 * @param depth				Sub-component Depth
+	 * @return					created functional component instance or NULL
 	 */
-	void (*add_evidence)(imc_attestation_state_t *this, pts_comp_evidence_t *entry);
+	pts_component_t* (*create_component)(imc_attestation_state_t *this,
+							 pts_comp_func_name_t *name, u_int32_t depth);
 
 	/**
-	 * Removes next Component Evidence entry from list and returns it
+	 * Add an entry to the Component Evidence cache list
+	 *
+	 * @param evid				Component Evidence entry
+	 */
+	void (*add_evidence)(imc_attestation_state_t *this, pts_comp_evidence_t *evid);
+
+	/**
+	 * Removes next entry from the Component Evidence cache list and returns it
 	 *
 	 * @param evid				Next Component Evidence entry
 	 * @return					TRUE if next entry is available