1 files changed, 120 insertions, 45 deletions
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index 647a44957..c624d26b1 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -17,6 +17,7 @@
 
 #include <imc/imc_agent.h>
 #include <imc/imc_msg.h>
+#include <imc/imc_os_info.h>
 #include <ietf/ietf_attr.h>
 #include <ietf/ietf_attr_attr_request.h>
 #include <ietf/ietf_attr_default_pwd_enabled.h>
@@ -31,7 +32,6 @@
 #include <ita/ita_attr_settings.h>
 #include <ita/ita_attr_angel.h>
 #include <ita/ita_attr_device_id.h>
-#include <os_info/os_info.h>
 
 #include <tncif_pa_subtypes.h>
 
@@ -47,15 +47,15 @@ static pen_type_t msg_types[] = {
 };
 
 static imc_agent_t *imc_os;
-static os_info_t *os;
+static imc_os_info_t *os;
 
 /**
  * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
-							  TNC_Version min_version,
-							  TNC_Version max_version,
-							  TNC_Version *actual_version)
+TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id,
+										  TNC_Version min_version,
+										  TNC_Version max_version,
+										  TNC_Version *actual_version)
 {
 	if (imc_os)
 	{
@@ -69,7 +69,7 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
 		return TNC_RESULT_FATAL;
 	}
 
-	os = os_info_create();
+	os = imc_os_info_create();
 	if (!os)
 	{
 		imc_os->destroy(imc_os);
@@ -89,9 +89,8 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
 /**
  * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
-										  TNC_ConnectionID connection_id,
-										  TNC_ConnectionState new_state)
+TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
+				TNC_ConnectionID connection_id, TNC_ConnectionState new_state)
 {
 	imc_state_t *state;
 
@@ -238,23 +237,97 @@ static void add_default_pwd_enabled(imc_msg_t *msg)
 static void add_device_id(imc_msg_t *msg)
 {
 	pa_tnc_attr_t *attr;
-	chunk_t value;
-	char *name;
+	chunk_t value = chunk_empty, keyid;
+	char *name, *device_id, *cert_path;
+	certificate_t *cert = NULL;
+	public_key_t *pubkey;
+
+	/* Get the device ID as a character string */
+	device_id = lib->settings->get_str(lib->settings,
+						"%s.plugins.imc-os.device_id", NULL, lib->ns);
+	if (device_id)
+	{
+		value = chunk_clone(chunk_from_str(device_id));
+	}
+
+	if (value.len == 0)
+	{
+		/* Derive the device ID from a raw public key */
+		cert_path = lib->settings->get_str(lib->settings,
+							"%s.plugins.imc-os.device_pubkey", NULL, lib->ns);
+		if (cert_path)
+		{
+			cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+									  CERT_TRUSTED_PUBKEY, BUILD_FROM_FILE,
+									  cert_path, BUILD_END);
+			if (cert)
+			{
+				DBG2(DBG_IMC, "loaded device public key from '%s'", cert_path);
+			}
+			else
+			{
+				DBG1(DBG_IMC, "loading device public key from '%s' failed",
+							   cert_path);
+			}
+		}
+
+		if (!cert)
+		{
+			/* Derive the device ID from the public key contained in a certificate */
+			cert_path = lib->settings->get_str(lib->settings,
+								"%s.plugins.imc-os.device_cert", NULL, lib->ns);
+			if (cert_path)
+			{
+				cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+										  CERT_X509, BUILD_FROM_FILE,
+										  cert_path, BUILD_END);
+				if (cert)
+				{
+					DBG2(DBG_IMC, "loaded device certificate from '%s'", cert_path);
+				}
+				else
+				{
+					DBG1(DBG_IMC, "loading device certificate from '%s' failed",
+								   cert_path);
+				}
+			}
+		}
 
-	name = os->get_type(os) == OS_TYPE_ANDROID ?
-				  "android_id" : "/var/lib/dbus/machine-id";
-	value = os->get_setting(os, name);
+		/* Compute the SHA-1 keyid of the retrieved device public key */
+		if (cert)
+		{
+			pubkey = cert->get_public_key(cert);
+			if (pubkey)
+			{
+				if (pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_INFO_SHA1,
+											&keyid))
+				{
+					value = chunk_to_hex(keyid, NULL, FALSE);
+				}
+				pubkey->destroy(pubkey);
+			}
+			cert->destroy(cert);
+		}
+	}
 
 	if (value.len == 0)
 	{
-		DBG1(DBG_IMC, "no device ID available");
-		return;
+		/* Derive the device ID from some unique OS settings */
+		name = os->get_type(os) == OS_TYPE_ANDROID ?
+					  "android_id" : "/var/lib/dbus/machine-id";
+		value = os->get_setting(os, name);
+
+		/* Trim trailing newline character */
+		if (value.len > 0 && value.ptr[value.len - 1] == '\n')
+		{
+			value.len--;
+		}
 	}
 
-	/* trim trailing newline character */
-	if (value.ptr[value.len - 1] == '\n')
+	if (value.len == 0)
 	{
-		value.len--;
+		DBG1(DBG_IMC, "no device ID available");
+		return;
 	}
 
 	DBG1(DBG_IMC, "device ID is %.*s", value.len, value.ptr);
@@ -279,11 +352,12 @@ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
 	 * Compute the maximum IETF Installed Packages attribute size
 	 * leaving space for an additional ITA Angel attribute
 	 */
-	max_attr_size = state->get_max_msg_len(state) - 8 - 12;
+	max_attr_size = state->get_max_msg_len(state) -
+					PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
 
 	/* At least one IETF Installed Packages attribute is sent */
 	attr = ietf_attr_installed_packages_create();
-	attr_size = 12 + 4;
+	attr_size = PA_TNC_ATTR_HEADER_SIZE + IETF_INSTALLED_PACKAGES_MIN_SIZE;
 
 	enumerator = os->create_package_enumerator(os);
 	if (enumerator)
@@ -310,7 +384,8 @@ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
 
 				/* create the next IETF Installed Packages attribute */
 				attr = ietf_attr_installed_packages_create();
-				attr_size = 12 + 4;
+				attr_size = PA_TNC_ATTR_HEADER_SIZE +
+							IETF_INSTALLED_PACKAGES_MIN_SIZE;
 			}
 			attr_cast = (ietf_attr_installed_packages_t*)attr;
 			attr_cast->add(attr_cast, name, version);
@@ -370,8 +445,8 @@ static void add_settings(enumerator_t *enumerator, imc_msg_t *msg)
 /**
  * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
-								  TNC_ConnectionID connection_id)
+TNC_Result TNC_IMC_API TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
+											  TNC_ConnectionID connection_id)
 {
 	imc_state_t *state;
 	imc_msg_t *out_msg;
@@ -518,11 +593,11 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
  * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
 
  */
-TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
-								  TNC_ConnectionID connection_id,
-								  TNC_BufferReference msg,
-								  TNC_UInt32 msg_len,
-								  TNC_MessageType msg_type)
+TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
+											  TNC_ConnectionID connection_id,
+											  TNC_BufferReference msg,
+											  TNC_UInt32 msg_len,
+											  TNC_MessageType msg_type)
 {
 	imc_state_t *state;
 	imc_msg_t *in_msg;
@@ -548,15 +623,15 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
 /**
  * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
  */
-TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
-									  TNC_ConnectionID connection_id,
-									  TNC_UInt32 msg_flags,
-									  TNC_BufferReference msg,
-									  TNC_UInt32 msg_len,
-									  TNC_VendorID msg_vid,
-									  TNC_MessageSubtype msg_subtype,
-									  TNC_UInt32 src_imv_id,
-									  TNC_UInt32 dst_imc_id)
+TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
+												  TNC_ConnectionID connection_id,
+												  TNC_UInt32 msg_flags,
+												  TNC_BufferReference msg,
+												  TNC_UInt32 msg_len,
+												  TNC_VendorID msg_vid,
+												  TNC_MessageSubtype msg_subtype,
+												  TNC_UInt32 src_imv_id,
+												  TNC_UInt32 dst_imc_id)
 {
 	imc_state_t *state;
 	imc_msg_t *in_msg;
@@ -583,8 +658,8 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
 /**
  * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
-							   TNC_ConnectionID connection_id)
+TNC_Result TNC_IMC_API TNC_IMC_BatchEnding(TNC_IMCID imc_id,
+										   TNC_ConnectionID connection_id)
 {
 	if (!imc_os)
 	{
@@ -597,7 +672,7 @@ TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
 /**
  * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
+TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id)
 {
 	if (!imc_os)
 	{
@@ -616,8 +691,8 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
 /**
  * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
-									   TNC_TNCC_BindFunctionPointer bind_function)
+TNC_Result TNC_IMC_API TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
+									TNC_TNCC_BindFunctionPointer bind_function)
 {
 	if (!imc_os)
 	{