diff options
Diffstat (limited to 'src/libimcv')
93 files changed, 1194 insertions, 6675 deletions
diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk index 9f3172074..cde6ce23f 100644 --- a/src/libimcv/Android.mk +++ b/src/libimcv/Android.mk @@ -75,10 +75,6 @@ libimcv_la_SOURCES := \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ - swid/swid_error.h swid/swid_error.c \ - swid/swid_inventory.h swid/swid_inventory.c \ - swid/swid_tag.h swid/swid_tag.c \ - swid/swid_tag_id.h swid/swid_tag_id.c \ swid_gen/swid_gen.h swid_gen/swid_gen.c \ swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \ swima/swima_data_model.h swima/swima_data_model.c \ @@ -108,10 +104,7 @@ libimcv_la_SOURCES := \ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \ - tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \ - tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ - tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ - tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c + tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c LOCAL_SRC_FILES := $(filter %.c,$(libimcv_la_SOURCES)) diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index a6397c5ff..444de3f42 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -96,10 +96,6 @@ libimcv_la_SOURCES = \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ - swid/swid_error.h swid/swid_error.c \ - swid/swid_inventory.h swid/swid_inventory.c \ - swid/swid_tag.h swid/swid_tag.c \ - swid/swid_tag_id.h swid/swid_tag_id.c \ swid_gen/swid_gen.h swid_gen/swid_gen.c \ swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \ swima/swima_data_model.h swima/swima_data_model.c \ @@ -129,10 +125,7 @@ libimcv_la_SOURCES = \ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \ - tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \ - tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ - tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ - tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c + tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy Android.mk @@ -183,14 +176,6 @@ if USE_IMV_ATTESTATION SUBDIRS += plugins/imv_attestation endif -if USE_IMC_SWID - SUBDIRS += plugins/imc_swid -endif - -if USE_IMV_SWID - SUBDIRS += plugins/imv_swid -endif - if USE_IMC_SWIMA SUBDIRS += plugins/imc_swima endif diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in index ef2c9c35b..105442d20 100644 --- a/src/libimcv/Makefile.in +++ b/src/libimcv/Makefile.in @@ -101,12 +101,10 @@ ipsec_PROGRAMS = imv_policy_manager$(EXEEXT) @USE_IMV_OS_TRUE@am__append_7 = plugins/imv_os @USE_IMC_ATTESTATION_TRUE@am__append_8 = plugins/imc_attestation @USE_IMV_ATTESTATION_TRUE@am__append_9 = plugins/imv_attestation -@USE_IMC_SWID_TRUE@am__append_10 = plugins/imc_swid -@USE_IMV_SWID_TRUE@am__append_11 = plugins/imv_swid -@USE_IMC_SWIMA_TRUE@am__append_12 = plugins/imc_swima -@USE_IMV_SWIMA_TRUE@am__append_13 = plugins/imv_swima -@USE_IMC_HCD_TRUE@am__append_14 = plugins/imc_hcd -@USE_IMV_HCD_TRUE@am__append_15 = plugins/imv_hcd +@USE_IMC_SWIMA_TRUE@am__append_10 = plugins/imc_swima +@USE_IMV_SWIMA_TRUE@am__append_11 = plugins/imv_swima +@USE_IMC_HCD_TRUE@am__append_12 = plugins/imc_hcd +@USE_IMV_HCD_TRUE@am__append_13 = plugins/imv_hcd TESTS = imcv_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libimcv @@ -202,12 +200,11 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ pts/components/tcg/tcg_comp_func_name.lo pwg/pwg_attr.lo \ pwg/pwg_attr_vendor_smi_code.lo rest/rest.lo \ seg/seg_contract.lo seg/seg_contract_manager.lo seg/seg_env.lo \ - swid/swid_error.lo swid/swid_inventory.lo swid/swid_tag.lo \ - swid/swid_tag_id.lo swid_gen/swid_gen.lo \ - swid_gen/swid_gen_info.lo swima/swima_data_model.lo \ - swima/swima_record.lo swima/swima_event.lo \ - swima/swima_events.lo swima/swima_inventory.lo \ - swima/swima_collector.lo swima/swima_error.lo tcg/tcg_attr.lo \ + swid_gen/swid_gen.lo swid_gen/swid_gen_info.lo \ + swima/swima_data_model.lo swima/swima_record.lo \ + swima/swima_event.lo swima/swima_events.lo \ + swima/swima_inventory.lo swima/swima_collector.lo \ + swima/swima_error.lo tcg/tcg_attr.lo \ tcg/pts/tcg_pts_attr_proto_caps.lo \ tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \ @@ -226,9 +223,7 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ tcg/pts/tcg_pts_attr_unix_file_meta.lo \ tcg/seg/tcg_seg_attr_max_size.lo \ tcg/seg/tcg_seg_attr_seg_env.lo \ - tcg/seg/tcg_seg_attr_next_seg.lo tcg/swid/tcg_swid_attr_req.lo \ - tcg/swid/tcg_swid_attr_tag_id_inv.lo \ - tcg/swid/tcg_swid_attr_tag_inv.lo + tcg/seg/tcg_seg_attr_next_seg.lo libimcv_la_OBJECTS = $(am_libimcv_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -378,8 +373,8 @@ am__tty_colors = { \ DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \ plugins/imv_scanner plugins/imc_os plugins/imv_os \ plugins/imc_attestation plugins/imv_attestation \ - plugins/imc_swid plugins/imv_swid plugins/imc_swima \ - plugins/imv_swima plugins/imc_hcd plugins/imv_hcd + plugins/imc_swima plugins/imv_swima plugins/imc_hcd \ + plugins/imv_hcd am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ @@ -506,7 +501,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -532,6 +526,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -552,8 +548,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -608,8 +602,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -638,8 +630,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ @@ -737,10 +733,6 @@ libimcv_la_SOURCES = \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ - swid/swid_error.h swid/swid_error.c \ - swid/swid_inventory.h swid/swid_inventory.c \ - swid/swid_tag.h swid/swid_tag.c \ - swid/swid_tag_id.h swid/swid_tag_id.c \ swid_gen/swid_gen.h swid_gen/swid_gen.c \ swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \ swima/swima_data_model.h swima/swima_data_model.c \ @@ -770,10 +762,7 @@ libimcv_la_SOURCES = \ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \ - tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \ - tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ - tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ - tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c + tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy Android.mk @@ -791,8 +780,7 @@ imv_policy_manager_LDADD = \ SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \ $(am__append_5) $(am__append_6) $(am__append_7) \ $(am__append_8) $(am__append_9) $(am__append_10) \ - $(am__append_11) $(am__append_12) $(am__append_13) \ - $(am__append_14) $(am__append_15) + $(am__append_11) $(am__append_12) $(am__append_13) imcv_tests_SOURCES = \ ita/ita_attr_command.c \ pa_tnc/pa_tnc_attr_manager.c \ @@ -1102,19 +1090,6 @@ seg/seg_contract.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp) seg/seg_contract_manager.lo: seg/$(am__dirstamp) \ seg/$(DEPDIR)/$(am__dirstamp) seg/seg_env.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp) -swid/$(am__dirstamp): - @$(MKDIR_P) swid - @: > swid/$(am__dirstamp) -swid/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) swid/$(DEPDIR) - @: > swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_error.lo: swid/$(am__dirstamp) \ - swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_inventory.lo: swid/$(am__dirstamp) \ - swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_tag_id.lo: swid/$(am__dirstamp) \ - swid/$(DEPDIR)/$(am__dirstamp) swid_gen/$(am__dirstamp): @$(MKDIR_P) swid_gen @: > swid_gen/$(am__dirstamp) @@ -1204,18 +1179,6 @@ tcg/seg/tcg_seg_attr_seg_env.lo: tcg/seg/$(am__dirstamp) \ tcg/seg/$(DEPDIR)/$(am__dirstamp) tcg/seg/tcg_seg_attr_next_seg.lo: tcg/seg/$(am__dirstamp) \ tcg/seg/$(DEPDIR)/$(am__dirstamp) -tcg/swid/$(am__dirstamp): - @$(MKDIR_P) tcg/swid - @: > tcg/swid/$(am__dirstamp) -tcg/swid/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) tcg/swid/$(DEPDIR) - @: > tcg/swid/$(DEPDIR)/$(am__dirstamp) -tcg/swid/tcg_swid_attr_req.lo: tcg/swid/$(am__dirstamp) \ - tcg/swid/$(DEPDIR)/$(am__dirstamp) -tcg/swid/tcg_swid_attr_tag_id_inv.lo: tcg/swid/$(am__dirstamp) \ - tcg/swid/$(DEPDIR)/$(am__dirstamp) -tcg/swid/tcg_swid_attr_tag_inv.lo: tcg/swid/$(am__dirstamp) \ - tcg/swid/$(DEPDIR)/$(am__dirstamp) libimcv.la: $(libimcv_la_OBJECTS) $(libimcv_la_DEPENDENCIES) $(EXTRA_libimcv_la_DEPENDENCIES) $(AM_V_CCLD)$(libimcv_la_LINK) -rpath $(ipseclibdir) $(libimcv_la_OBJECTS) $(libimcv_la_LIBADD) $(LIBS) @@ -1405,8 +1368,6 @@ mostlyclean-compile: -rm -f seg/*.$(OBJEXT) -rm -f seg/*.lo -rm -f suites/*.$(OBJEXT) - -rm -f swid/*.$(OBJEXT) - -rm -f swid/*.lo -rm -f swid_gen/*.$(OBJEXT) -rm -f swid_gen/*.lo -rm -f swima/*.$(OBJEXT) @@ -1417,8 +1378,6 @@ mostlyclean-compile: -rm -f tcg/pts/*.lo -rm -f tcg/seg/*.$(OBJEXT) -rm -f tcg/seg/*.lo - -rm -f tcg/swid/*.$(OBJEXT) - -rm -f tcg/swid/*.lo distclean-compile: -rm -f *.tab.c @@ -1505,10 +1464,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_env.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_error.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_inventory.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag_id.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen_info.Plo@am__quote@ @@ -1547,9 +1502,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_max_size.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_next_seg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_seg_env.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_req.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_id_inv.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_inv.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -1889,13 +1841,11 @@ clean-libtool: -rm -rf pwg/.libs pwg/_libs -rm -rf rest/.libs rest/_libs -rm -rf seg/.libs seg/_libs - -rm -rf swid/.libs swid/_libs -rm -rf swid_gen/.libs swid_gen/_libs -rm -rf swima/.libs swima/_libs -rm -rf tcg/.libs tcg/_libs -rm -rf tcg/pts/.libs tcg/pts/_libs -rm -rf tcg/seg/.libs tcg/seg/_libs - -rm -rf tcg/swid/.libs tcg/swid/_libs install-dist_templatesDATA: $(dist_templates_DATA) @$(NORMAL_INSTALL) @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ @@ -2233,8 +2183,6 @@ distclean-generic: -rm -f seg/$(am__dirstamp) -rm -f suites/$(DEPDIR)/$(am__dirstamp) -rm -f suites/$(am__dirstamp) - -rm -f swid/$(DEPDIR)/$(am__dirstamp) - -rm -f swid/$(am__dirstamp) -rm -f swid_gen/$(DEPDIR)/$(am__dirstamp) -rm -f swid_gen/$(am__dirstamp) -rm -f swima/$(DEPDIR)/$(am__dirstamp) @@ -2245,8 +2193,6 @@ distclean-generic: -rm -f tcg/pts/$(am__dirstamp) -rm -f tcg/seg/$(DEPDIR)/$(am__dirstamp) -rm -f tcg/seg/$(am__dirstamp) - -rm -f tcg/swid/$(DEPDIR)/$(am__dirstamp) - -rm -f tcg/swid/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -2257,7 +2203,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-ipsecPROGRAMS \ clean-ipseclibLTLIBRARIES clean-libtool mostlyclean-am distclean: distclean-recursive - -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) + -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -2304,7 +2250,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) + -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c index 44e0ef24f..b1bcd9214 100644 --- a/src/libimcv/ietf/ietf_attr.c +++ b/src/libimcv/ietf/ietf_attr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2017 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -30,9 +30,7 @@ #include "ietf/swima/ietf_swima_attr_sw_ev.h" #include "generic/generic_attr_bool.h" - -ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING, - IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, +ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_SRC_METADATA_RESP, "Testing", "Attribute Request", "Product Information", @@ -46,10 +44,6 @@ ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING, "Remediation Instructions", "Forwarding Enabled", "Factory Default Password Enabled", -); -ENUM_NEXT(ietf_attr_names, IETF_ATTR_SWIMA_REQUEST, - IETF_ATTR_SRC_METADATA_RESP, - IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, "SWIMA Request", "SW Identifier Inventory", "SW Identifier Events", @@ -60,7 +54,6 @@ ENUM_NEXT(ietf_attr_names, IETF_ATTR_SWIMA_REQUEST, "SW Source Metadata Request", "SW Source Metadata Response", ); -ENUM_END(ietf_attr_names, IETF_ATTR_SRC_METADATA_RESP); /** * See header diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h index cbf4a49a2..0f802fd45 100644 --- a/src/libimcv/ietf/ietf_attr.h +++ b/src/libimcv/ietf/ietf_attr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2017 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -32,7 +32,7 @@ typedef enum ietf_attr_t ietf_attr_t; */ enum ietf_attr_t { - /* RFC 5792 */ + /* RFC 5792 PA-TNC */ IETF_ATTR_TESTING = 0, IETF_ATTR_ATTRIBUTE_REQUEST = 1, IETF_ATTR_PRODUCT_INFORMATION = 2, @@ -47,16 +47,16 @@ enum ietf_attr_t { IETF_ATTR_FORWARDING_ENABLED = 11, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED = 12, - /* draft-ietf-sacm-nea-swid-patnc */ - IETF_ATTR_SWIMA_REQUEST = 17, - IETF_ATTR_SW_ID_INVENTORY = 18, - IETF_ATTR_SW_ID_EVENTS = 19, - IETF_ATTR_SW_INVENTORY = 20, - IETF_ATTR_SW_EVENTS = 21, - IETF_ATTR_SUBSCRIPTION_STATUS_REQ = 22, - IETF_ATTR_SUBSCRIPTION_STATUS_RESP = 23, - IETF_ATTR_SRC_METADATA_REQ = 24, - IETF_ATTR_SRC_METADATA_RESP = 25, + /* RFC 8412 SWIMA */ + IETF_ATTR_SWIMA_REQUEST = 13, + IETF_ATTR_SW_ID_INVENTORY = 14, + IETF_ATTR_SW_ID_EVENTS = 15, + IETF_ATTR_SW_INVENTORY = 16, + IETF_ATTR_SW_EVENTS = 17, + IETF_ATTR_SUBSCRIPTION_STATUS_REQ = 18, + IETF_ATTR_SUBSCRIPTION_STATUS_RESP = 19, + IETF_ATTR_SRC_METADATA_REQ = 20, + IETF_ATTR_SRC_METADATA_RESP = 21, IETF_ATTR_RESERVED = 0xffffffff, }; diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c index 75f279298..e543c63ea 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2017 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -20,23 +20,18 @@ #include <bio/bio_reader.h> #include <utils/debug.h> -ENUM_BEGIN(pa_tnc_error_code_names, PA_ERROR_RESERVED, - PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, +ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED, + PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE, "Reserved", "Invalid Parameter", "Version Not Supported", - "Attribute Type Not Supported" -); -ENUM_NEXT(pa_tnc_error_code_names, PA_ERROR_SWIMA, - PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE, - PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, + "Attribute Type Not Supported", "SWIMA Error", "SWIMA Subscription Denied", "SWIMA Response Too Large", "SWIMA Subscription Fulfillment Error", "SWIMA Subscription ID Reuse" ); -ENUM_END(pa_tnc_error_code_names, PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE); typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t; diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h index dd0be72ff..d5cba97b6 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2017 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ typedef enum pa_tnc_error_code_t pa_tnc_error_code_t; #include "pa_tnc/pa_tnc_attr.h" /** - * IETF Standard PA-TNC Error Codes as defined in section 4.2.8 of RFC 5792 + * IETF Standard PA-TNC Error Codes */ enum pa_tnc_error_code_t { @@ -39,12 +39,12 @@ enum pa_tnc_error_code_t { PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3, PA_ERROR_PA_TNC_MSG_ROOF = 3, - /* draft-ietf-sacm-nea-swid-patnc (SWIMA) */ - PA_ERROR_SWIMA = 32, - PA_ERROR_SWIMA_SUBSCRIPTION_DENIED = 33, - PA_ERROR_SWIMA_RESPONSE_TOO_LARGE = 34, - PA_ERROR_SWIMA_SUBSCRIPTION_FULFILLMENT = 35, - PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE = 36 + /* RFC 8412 SWIMA */ + PA_ERROR_SWIMA = 4, + PA_ERROR_SWIMA_SUBSCRIPTION_DENIED = 5, + PA_ERROR_SWIMA_RESPONSE_TOO_LARGE = 6, + PA_ERROR_SWIMA_SUBSCRIPTION_FULFILLMENT = 7, + PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE = 8 }; /** diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_req.c b/src/libimcv/ietf/swima/ietf_swima_attr_req.c index d67497373..12212ec18 100644 --- a/src/libimcv/ietf/swima/ietf_swima_attr_req.c +++ b/src/libimcv/ietf/swima/ietf_swima_attr_req.c @@ -26,7 +26,7 @@ typedef struct private_ietf_swima_attr_req_t private_ietf_swima_attr_req_t; /** * SW Request - * see section 5.7 of IETF SW Inventory Message and Attributes for PA-TNC + * see section 5.7 of RFC 8412 SWIMA * * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -191,7 +191,7 @@ METHOD(pa_tnc_attr_t, process, status_t, return FAILED; } *offset += 2 + sw_id.len; - + sw_record = swima_record_create(0, sw_id, chunk_empty); this->targets->add(this->targets, sw_record); } diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c index e315c3dbb..47f499518 100644 --- a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c @@ -27,7 +27,7 @@ typedef struct private_ietf_swima_attr_sw_ev_t private_ietf_swima_attr_sw_ev_t; /** * Software [Identifier] Events - * see sections 5.9/5.11 of IETF SW Inventory Message and Attributes for PA-TNC + * see sections 5.9/5.11 of RFC 8412 SWIMA * * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -165,16 +165,40 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void, this->noskip_flag = noskip; } +/** + * This function is shared with ietf_swima_attr_sw_inv.c + **/ +void ietf_swima_attr_sw_ev_build_sw_record(bio_writer_t *writer, + uint8_t action, swima_record_t *sw_record, bool has_record) +{ + pen_type_t data_model; + chunk_t sw_locator; + + data_model = sw_record->get_data_model(sw_record); + + writer->write_uint32(writer, sw_record->get_record_id(sw_record)); + writer->write_uint24(writer, data_model.vendor_id); + writer->write_uint8 (writer, data_model.type); + writer->write_uint8 (writer, sw_record->get_source_id(sw_record)); + writer->write_uint8 (writer, action); + writer->write_data16(writer, sw_record->get_sw_id(sw_record, &sw_locator)); + writer->write_data16(writer, sw_locator); + + if (has_record) + { + writer->write_data32(writer, sw_record->get_record(sw_record)); + } +} + METHOD(pa_tnc_attr_t, build, void, private_ietf_swima_attr_sw_ev_t *this) { bio_writer_t *writer; swima_event_t *sw_event; swima_record_t *sw_record; - chunk_t timestamp, sw_id, sw_locator, record; - pen_type_t data_model; - uint32_t eid, record_id, last_eid, last_consulted_eid, eid_epoch; - uint8_t action, source_id; + chunk_t timestamp; + uint32_t last_eid, last_consulted_eid, eid_epoch; + uint8_t action; enumerator_t *enumerator; if (this->value.ptr) @@ -195,29 +219,14 @@ METHOD(pa_tnc_attr_t, build, void, enumerator = this->events->create_enumerator(this->events); while (enumerator->enumerate(enumerator, &sw_event)) { - eid = sw_event->get_eid(sw_event, ×tamp); action = sw_event->get_action(sw_event); sw_record = sw_event->get_sw_record(sw_event); - record_id = sw_record->get_record_id(sw_record); - data_model = sw_record->get_data_model(sw_record); - source_id = sw_record->get_source_id(sw_record); - sw_id = sw_record->get_sw_id(sw_record, &sw_locator); - writer->write_uint32(writer, eid); + writer->write_uint32(writer, sw_event->get_eid(sw_event, ×tamp)); writer->write_data (writer, timestamp); - writer->write_uint32(writer, record_id); - writer->write_uint24(writer, data_model.vendor_id); - writer->write_uint8 (writer, data_model.type); - writer->write_uint8 (writer, source_id); - writer->write_uint8 (writer, action); - writer->write_data16(writer, sw_id); - writer->write_data16(writer, sw_locator); - - if (this->type.type == IETF_ATTR_SW_EVENTS) - { - record = sw_record->get_record(sw_record); - writer->write_data32(writer, record); - } + + ietf_swima_attr_sw_ev_build_sw_record(writer, action, sw_record, + this->type.type == IETF_ATTR_SW_EVENTS); } enumerator->destroy(enumerator); @@ -227,15 +236,56 @@ METHOD(pa_tnc_attr_t, build, void, writer->destroy(writer); } +/** + * This function is shared with ietf_swima_attr_sw_inv.c + **/ +bool ietf_swima_attr_sw_ev_process_sw_record(bio_reader_t *reader, + uint8_t *action, swima_record_t **sw_record, bool has_record) +{ + pen_type_t data_model; + swima_record_t *sw_rec; + uint32_t data_model_pen, record_id; + uint8_t data_model_type, source_id, reserved; + chunk_t sw_id, sw_locator, record = chunk_empty; + + if (!reader->read_uint32(reader, &record_id) || + !reader->read_uint24(reader, &data_model_pen) || + !reader->read_uint8 (reader, &data_model_type) || + !reader->read_uint8 (reader, &source_id) || + !reader->read_uint8 (reader, &reserved) || + !reader->read_data16(reader, &sw_id) || + !reader->read_data16(reader, &sw_locator)) + { + return FALSE; + } + + if (action) + { + *action = reserved; + } + + if (has_record && !reader->read_data32(reader, &record)) + { + return FALSE; + } + + data_model = pen_type_create(data_model_pen, data_model_type); + sw_rec = swima_record_create(record_id, sw_id, sw_locator); + sw_rec->set_data_model(sw_rec, data_model); + sw_rec->set_source_id(sw_rec, source_id); + sw_rec->set_record(sw_rec, record); + *sw_record = sw_rec; + + return TRUE; +} + METHOD(pa_tnc_attr_t, process, status_t, private_ietf_swima_attr_sw_ev_t *this, uint32_t *offset) { bio_reader_t *reader; - uint32_t data_model_pen, record_id; uint32_t eid, eid_epoch, last_eid, last_consulted_eid; - uint8_t data_model_type, source_id, action; - pen_type_t data_model; - chunk_t sw_id, sw_locator, record, timestamp; + uint8_t action; + chunk_t timestamp; swima_event_t *sw_event; swima_record_t *sw_record; status_t status = NEED_MORE; @@ -273,38 +323,24 @@ METHOD(pa_tnc_attr_t, process, status_t, { if (!reader->read_uint32(reader, &eid) || !reader->read_data (reader, SW_EV_TIMESTAMP_SIZE, ×tamp) || - !reader->read_uint32(reader, &record_id) || - !reader->read_uint24(reader, &data_model_pen) || - !reader->read_uint8 (reader, &data_model_type) || - !reader->read_uint8 (reader, &source_id) || - !reader->read_uint8 (reader, &action) || - !reader->read_data16(reader, &sw_id) || - !reader->read_data16(reader, &sw_locator)) + !ietf_swima_attr_sw_ev_process_sw_record(reader, &action, &sw_record, + this->type.type == IETF_ATTR_SW_EVENTS)) { goto end; } - record = chunk_empty; - if (action == 0 || action > SWIMA_EVENT_ACTION_LAST) + if (action == SWIMA_EVENT_ACTION_NONE || + action > SWIMA_EVENT_ACTION_LAST) { DBG1(DBG_TNC, "invalid event action value for %N/%N", pen_names, PEN_IETF, ietf_attr_names, this->type.type); *offset = this->offset; + sw_record->destroy(sw_record); reader->destroy(reader); return FAILED; } - if (this->type.type == IETF_ATTR_SW_EVENTS && - !reader->read_data32(reader, &record)) - { - goto end; - } - data_model = pen_type_create(data_model_pen, data_model_type); - sw_record = swima_record_create(record_id, sw_id, sw_locator); - sw_record->set_data_model(sw_record, data_model); - sw_record->set_source_id(sw_record, source_id); - sw_record->set_record(sw_record, record); sw_event = swima_event_create(eid, timestamp, action, sw_record); this->events->add(this->events, sw_event); this->offset += this->value.len - reader->remaining(reader); diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c index ee5b16b92..8035dbb07 100644 --- a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c @@ -26,7 +26,7 @@ typedef struct private_ietf_swima_attr_sw_inv_t private_ietf_swima_attr_sw_inv_t /** * Software [Identifier] Inventory - * see sections 5.8/5.10 of IETF SW Inventory Message and Attributes for PA-TNC + * see sections 5.8/5.10 of RFC 8412 SWIMA * * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -43,7 +43,9 @@ typedef struct private_ietf_swima_attr_sw_inv_t private_ietf_swima_attr_sw_inv_t * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Data Model Type PEN |Data Model Type| * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Source ID Num | Software Identifier Length |Software Id (v)| + * | Source ID Num | Reserved | Software Identifier Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Software Identifier (Variable Length) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Software Locator Length | Software Locator (Var. Len) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -148,15 +150,18 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void, this->noskip_flag = noskip; } +/** + * This function is shared with ietf_swima_attr_sw_ev.c + **/ +extern void ietf_swima_attr_sw_ev_build_sw_record(bio_writer_t *writer, + uint8_t action, swima_record_t *sw_record, bool has_record); + METHOD(pa_tnc_attr_t, build, void, private_ietf_swima_attr_sw_inv_t *this) { bio_writer_t *writer; swima_record_t *sw_record; - chunk_t sw_id, sw_locator, record; - pen_type_t data_model; - uint32_t record_id, last_eid, eid_epoch; - uint8_t source_id; + uint32_t last_eid, eid_epoch; enumerator_t *enumerator; if (this->value.ptr) @@ -175,23 +180,8 @@ METHOD(pa_tnc_attr_t, build, void, enumerator = this->inventory->create_enumerator(this->inventory); while (enumerator->enumerate(enumerator, &sw_record)) { - record_id = sw_record->get_record_id(sw_record); - data_model = sw_record->get_data_model(sw_record); - source_id = sw_record->get_source_id(sw_record); - sw_id = sw_record->get_sw_id(sw_record, &sw_locator); - - writer->write_uint32(writer, record_id); - writer->write_uint24(writer, data_model.vendor_id); - writer->write_uint8 (writer, data_model.type); - writer->write_uint8 (writer, source_id); - writer->write_data16(writer, sw_id); - writer->write_data16(writer, sw_locator); - - if (this->type.type == IETF_ATTR_SW_INVENTORY) - { - record = sw_record->get_record(sw_record); - writer->write_data32(writer, record); - } + ietf_swima_attr_sw_ev_build_sw_record(writer, 0x00, sw_record, + this->type.type == IETF_ATTR_SW_INVENTORY); } enumerator->destroy(enumerator); @@ -201,14 +191,17 @@ METHOD(pa_tnc_attr_t, build, void, writer->destroy(writer); } +/** + * This function is shared with ietf_swima_attr_sw_ev.c + **/ +extern bool ietf_swima_attr_sw_ev_process_sw_record(bio_reader_t *reader, + uint8_t *action, swima_record_t **sw_record, bool has_record); + METHOD(pa_tnc_attr_t, process, status_t, private_ietf_swima_attr_sw_inv_t *this, uint32_t *offset) { bio_reader_t *reader; - uint32_t data_model_pen, record_id, last_eid, eid_epoch; - uint8_t data_model_type, source_id; - pen_type_t data_model; - chunk_t sw_id, sw_locator, record; + uint32_t last_eid, eid_epoch; swima_record_t *sw_record; status_t status = NEED_MORE; @@ -241,27 +234,12 @@ METHOD(pa_tnc_attr_t, process, status_t, while (this->record_count) { - if (!reader->read_uint32(reader, &record_id) || - !reader->read_uint24(reader, &data_model_pen) || - !reader->read_uint8 (reader, &data_model_type) || - !reader->read_uint8 (reader, &source_id) || - !reader->read_data16(reader, &sw_id) || - !reader->read_data16(reader, &sw_locator)) + if (!ietf_swima_attr_sw_ev_process_sw_record(reader, NULL, &sw_record, + this->type.type == IETF_ATTR_SW_INVENTORY)) { goto end; } - record = chunk_empty; - if (this->type.type == IETF_ATTR_SW_INVENTORY && - !reader->read_data32(reader, &record)) - { - goto end; - } - data_model = pen_type_create(data_model_pen, data_model_type); - sw_record = swima_record_create(record_id, sw_id, sw_locator); - sw_record->set_data_model(sw_record, data_model); - sw_record->set_source_id(sw_record, source_id); - sw_record->set_record(sw_record, record); this->inventory->add(this->inventory, sw_record); this->offset += this->value.len - reader->remaining(reader); this->value = reader->peek(reader); diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index 3a7a16bc2..ec44d587f 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -74,6 +74,11 @@ struct private_imc_agent_t { rwlock_t *connection_lock; /** + * Is the transport protocol PT-TLS? + */ + bool has_pt_tls; + + /** * Inform a TNCC about the set of message types the IMC is able to receive * * @param imc_id IMC ID assigned by TNCC @@ -372,6 +377,8 @@ METHOD(imc_agent_t, create_state, TNC_Result, DBG2(DBG_IMC, " over %s %s with maximum PA-TNC message size of %u bytes", t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len); + this->has_pt_tls = streq(t_p, "IF-T for TLS"); + free(tnccs_p); free(tnccs_v); free(t_p); @@ -403,6 +410,7 @@ METHOD(imc_agent_t, change_state, TNC_Result, imc_state_t **state_p) { imc_state_t *state; + TNC_ConnectionState old_state; switch (new_state) { @@ -418,7 +426,7 @@ METHOD(imc_agent_t, change_state, TNC_Result, this->id, this->name, connection_id); return TNC_RESULT_FATAL; } - state->change_state(state, new_state); + old_state = state->change_state(state, new_state); DBG2(DBG_IMC, "IMC %u \"%s\" changed state of Connection ID %u to '%N'", this->id, this->name, connection_id, TNC_Connection_State_names, new_state); @@ -426,6 +434,13 @@ METHOD(imc_agent_t, change_state, TNC_Result, { *state_p = state; } + if (new_state == TNC_CONNECTION_STATE_HANDSHAKE && + old_state != TNC_CONNECTION_STATE_CREATE) + { + state->reset(state); + DBG2(DBG_IMC, "IMC %u \"%s\" reset state of Connection ID %u", + this->id, this->name, connection_id); + } break; case TNC_CONNECTION_STATE_CREATE: DBG1(DBG_IMC, "state '%N' should be handled by create_state()", @@ -531,6 +546,12 @@ METHOD(imc_agent_t, get_non_fatal_attr_types, linked_list_t*, return this->non_fatal_attr_types; } +METHOD(imc_agent_t, has_pt_tls, bool, + private_imc_agent_t *this) +{ + return this->has_pt_tls; +} + METHOD(imc_agent_t, destroy, void, private_imc_agent_t *this) { @@ -575,6 +596,7 @@ imc_agent_t *imc_agent_create(const char *name, .create_id_enumerator = _create_id_enumerator, .add_non_fatal_attr_type = _add_non_fatal_attr_type, .get_non_fatal_attr_types = _get_non_fatal_attr_types, + .has_pt_tls = _has_pt_tls, .destroy = _destroy, }, .name = name, diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h index bac1b4832..27c749954 100644 --- a/src/libimcv/imc/imc_agent.h +++ b/src/libimcv/imc/imc_agent.h @@ -182,6 +182,13 @@ struct imc_agent_t { linked_list_t* (*get_non_fatal_attr_types)(imc_agent_t *this); /** + * Is the transport protocol PT-TLS? + * + * return TRUE if PT-TLS + */ + bool (*has_pt_tls)(imc_agent_t *this); + + /** * Destroys an imc_agent_t object */ void (*destroy)(imc_agent_t *this); diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h index d8aeab996..bd55f7356 100644 --- a/src/libimcv/imc/imc_state.h +++ b/src/libimcv/imc/imc_state.h @@ -92,8 +92,10 @@ struct imc_state_t { * Change the connection state * * @param new_state new connection state + * @return old connection state */ - void (*change_state)(imc_state_t *this, TNC_ConnectionState new_state); + TNC_ConnectionState (*change_state)(imc_state_t *this, + TNC_ConnectionState new_state); /** * Set the Assessment/Evaluation Result @@ -115,6 +117,11 @@ struct imc_state_t { TNC_IMV_Evaluation_Result *result); /** + * Resets the state for a new measurement cycle triggered by a SRETRY batch + */ + void (*reset)(imc_state_t *this); + + /** * Destroys an imc_state_t object */ void (*destroy)(imc_state_t *this); diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index 860573c31..5d5283620 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -556,6 +556,24 @@ INSERT INTO products ( /* 93 */ 'Debian 8.10 x86_64' ); +INSERT INTO products ( /* 94 */ + name +) VALUES ( + 'Debian 8.11 i686' +); + +INSERT INTO products ( /* 95 */ + name +) VALUES ( + 'Debian 8.11 x86_64' +); + +INSERT INTO products ( /* 96 */ + name +) VALUES ( + 'Ubuntu 18.04 x86_64' +); + /* Directories */ INSERT INTO directories ( /* 1 */ @@ -968,19 +986,19 @@ INSERT INTO groups ( /* 10 */ 'Ref. Linux', 8 ); -INSERT INTO groups ( /* 11 */ +INSERT INTO groups ( /* 11 */ name ) VALUES ( 'TPM BIOS' ); -INSERT INTO groups ( /* 12 */ +INSERT INTO groups ( /* 12 */ name ) VALUES ( 'TPM IMA' ); -INSERT INTO groups ( /* 13 */ +INSERT INTO groups ( /* 13 */ name ) VALUES ( 'TPM BIOS/IMA' @@ -998,7 +1016,7 @@ INSERT INTO groups ( /* 15 */ 'Debian armv7l', 2 ); -INSERT INTO groups ( /* 16 */ +INSERT INTO groups ( /* 16 */ name ) VALUES ( 'TPM TBOOT' @@ -1123,6 +1141,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 4, 94 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 5, 2 ); @@ -1237,6 +1261,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 5, 95 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 6, 9 ); @@ -1387,6 +1417,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 7, 96 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 3, 21 ); diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index bb0b3b75b..14623ad8d 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -492,6 +492,7 @@ METHOD(imv_agent_t, change_state, TNC_Result, imv_state_t **state_p) { imv_state_t *state; + TNC_ConnectionState old_state; switch (new_state) { @@ -506,7 +507,7 @@ METHOD(imv_agent_t, change_state, TNC_Result, this->id, this->name, connection_id); return TNC_RESULT_FATAL; } - state->change_state(state, new_state); + old_state = state->change_state(state, new_state); DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'", this->id, this->name, connection_id, TNC_Connection_State_names, new_state); @@ -514,6 +515,13 @@ METHOD(imv_agent_t, change_state, TNC_Result, { *state_p = state; } + if (new_state == TNC_CONNECTION_STATE_HANDSHAKE && + old_state != TNC_CONNECTION_STATE_CREATE) + { + state->reset(state); + DBG2(DBG_IMV, "IMV %u \"%s\" reset state of Connection ID %u", + this->id, this->name, connection_id); + } break; case TNC_CONNECTION_STATE_CREATE: DBG1(DBG_IMV, "state '%N' should be handled by create_state()", @@ -643,7 +651,7 @@ METHOD(enumerator_t, language_enumerator_enumerate, bool, if (pos) { len = pos - this->lang_pos; - this->lang_pos += len + 1, + this->lang_pos += len + 1; this->lang_len -= len + 1; } else diff --git a/src/libimcv/imv/imv_database.c b/src/libimcv/imv/imv_database.c index b444abdbb..03f583204 100644 --- a/src/libimcv/imv/imv_database.c +++ b/src/libimcv/imv/imv_database.c @@ -143,7 +143,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session) } /* create a new session entry */ - created = session->get_creation_time(session); + created = time(NULL); conn_id = session->get_connection_id(session); this->db->execute(this->db, &session_id, "INSERT INTO sessions (time, connection, product, device) " @@ -161,6 +161,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session) return FALSE; } session->set_session_id(session, session_id, pid, did); + session->set_creation_time(session, created); enumerator = session->create_ar_identities_enumerator(session); while (enumerator->enumerate(enumerator, &tnc_id)) diff --git a/src/libimcv/imv/imv_session.c b/src/libimcv/imv/imv_session.c index bc6b5a8d1..830dd48d4 100644 --- a/src/libimcv/imv/imv_session.c +++ b/src/libimcv/imv/imv_session.c @@ -121,6 +121,12 @@ METHOD(imv_session_t, get_connection_id, TNC_ConnectionID, return this->conn_id; } +METHOD(imv_session_t, set_creation_time, void, + private_imv_session_t *this, time_t created) +{ + this->created = created; +} + METHOD(imv_session_t, get_creation_time, time_t, private_imv_session_t *this) { @@ -259,7 +265,7 @@ METHOD(imv_session_t, destroy, void, /** * See header */ -imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created, +imv_session_t *imv_session_create(TNC_ConnectionID conn_id, linked_list_t *ar_identities) { private_imv_session_t *this; @@ -269,6 +275,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created, .set_session_id = _set_session_id, .get_session_id = _get_session_id, .get_connection_id = _get_connection_id, + .set_creation_time = _set_creation_time, .get_creation_time = _get_creation_time, .create_ar_identities_enumerator = _create_ar_identities_enumerator, .get_os_info = _get_os_info, @@ -286,7 +293,6 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created, .destroy = _destroy, }, .conn_id = conn_id, - .created = created, .ar_identities = ar_identities, .os_info = imv_os_info_create(), .workitems = linked_list_create(), diff --git a/src/libimcv/imv/imv_session.h b/src/libimcv/imv/imv_session.h index 107716f30..a2f6fc2a8 100644 --- a/src/libimcv/imv/imv_session.h +++ b/src/libimcv/imv/imv_session.h @@ -63,6 +63,13 @@ struct imv_session_t { TNC_ConnectionID (*get_connection_id)(imv_session_t *this); /** + * Set session creation time + * + * @param created Session creation time + */ + void (*set_creation_time)(imv_session_t *this, time_t created); + + /** * Get session creation time * * @return Session creation time @@ -170,10 +177,9 @@ struct imv_session_t { * Create an imv_session_t instance * * @param id Associated Connection ID - * @param created Session creation time * @param ar_identities List of Access Requestor identities */ -imv_session_t* imv_session_create(TNC_ConnectionID id, time_t created, - linked_list_t *ar_identities); +imv_session_t* imv_session_create(TNC_ConnectionID id, + linked_list_t *ar_identities); #endif /** IMV_SESSION_H_ @}*/ diff --git a/src/libimcv/imv/imv_session_manager.c b/src/libimcv/imv/imv_session_manager.c index c97602998..2e3cfa466 100644 --- a/src/libimcv/imv/imv_session_manager.c +++ b/src/libimcv/imv/imv_session_manager.c @@ -51,7 +51,6 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*, enumerator_t *enumerator; tncif_identity_t *tnc_id; imv_session_t *current, *session = NULL; - time_t created; this->mutex->lock(this->mutex); @@ -105,8 +104,7 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*, enumerator->destroy(enumerator); /* create a new session entry */ - created = time(NULL); - session = imv_session_create(conn_id, created, ar_identities); + session = imv_session_create(conn_id, ar_identities); this->sessions->insert_last(this->sessions, session); this->mutex->unlock(this->mutex); diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h index 30ed612b3..4571da2fa 100644 --- a/src/libimcv/imv/imv_state.h +++ b/src/libimcv/imv/imv_state.h @@ -119,8 +119,10 @@ struct imv_state_t { * Change the connection state * * @param new_state new connection state + * @return old connection state */ - void (*change_state)(imv_state_t *this, TNC_ConnectionState new_state); + TNC_ConnectionState (*change_state)(imv_state_t *this, + TNC_ConnectionState new_state); /** * Get IMV action recommendation and evaluation result @@ -182,6 +184,11 @@ struct imv_state_t { char **uri); /** + * Resets the state for a new measurement cycle triggered by a SRETRY batch + */ + void (*reset)(imv_state_t *this); + + /** * Destroys an imv_state_t object */ void (*destroy)(imv_state_t *this); diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in index bc079ff12..4817d3fc5 100644 --- a/src/libimcv/plugins/imc_attestation/Makefile.in +++ b/src/libimcv/plugins/imc_attestation/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c index 0dd88b6a7..f592a5134 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c @@ -115,19 +115,8 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_attestation_state_create(connection_id); return imc_attestation->create_state(imc_attestation, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_attestation->change_state(imc_attestation, connection_id, - new_state, &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_attestation->delete_state(imc_attestation, connection_id); - case TNC_CONNECTION_STATE_ACCESS_ISOLATED: - case TNC_CONNECTION_STATE_ACCESS_NONE: default: return imc_attestation->change_state(imc_attestation, connection_id, new_state, NULL); diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c index b789a2104..f8e0b8d2c 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c @@ -131,10 +131,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_attestation_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -155,6 +159,21 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_attestation_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->components->destroy_offset(this->components, + offsetof(pts_component_t, destroy)); + this->components = linked_list_create(); + this->list->destroy_offset(this->list, + offsetof(pts_comp_evidence_t, destroy)); + this->list = linked_list_create(); + this->pts->destroy(this->pts); + this->pts = pts_create(TRUE); +} + METHOD(imc_state_t, destroy, void, private_imc_attestation_state_t *this) { @@ -238,6 +257,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, .get_pts = _get_pts, diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in index 1b71b26d0..e6074a35c 100644 --- a/src/libimcv/plugins/imc_hcd/Makefile.in +++ b/src/libimcv/plugins/imc_hcd/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd.c b/src/libimcv/plugins/imc_hcd/imc_hcd.c index b631683ce..09ba8bc0b 100644 --- a/src/libimcv/plugins/imc_hcd/imc_hcd.c +++ b/src/libimcv/plugins/imc_hcd/imc_hcd.c @@ -141,15 +141,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_hcd_state_create(connection_id); return imc_hcd->create_state(imc_hcd, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_hcd->change_state(imc_hcd, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_hcd->delete_state(imc_hcd, connection_id); default: @@ -348,7 +339,7 @@ static void add_certification_state(imc_msg_t *msg) if (hex_string) { blob = chunk_from_hex(chunk_from_str(hex_string), NULL); - + DBG2(DBG_IMC, " %N: %B", pwg_attr_names, PWG_HCD_CERTIFICATION_STATE, &blob); attr = generic_attr_chunk_create(blob, @@ -373,7 +364,7 @@ static void add_configuration_state(imc_msg_t *msg) if (hex_string) { blob = chunk_from_hex(chunk_from_str(hex_string), NULL); - + DBG2(DBG_IMC, " %N: %B", pwg_attr_names, PWG_HCD_CONFIGURATION_STATE, &blob); attr = generic_attr_chunk_create(blob, @@ -412,7 +403,7 @@ static void add_quadruple(imc_msg_t *msg, char *section, quadruple_t *quad) "%s.plugins.imc-hcd.subtypes.%s.%s.%s.string_version", "", lib->ns, section, quad->section, app); hex_version = lib->settings->get_str(lib->settings, - "%s.plugins.imc-hcd.subtypes.%s.%s.%s.version", + "%s.plugins.imc-hcd.subtypes.%s.%s.%s.version", hex_version_default, lib->ns, section, quad->section, app); /* convert hex string into binary chunk */ diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c index 60ccdce81..b2207f28a 100644 --- a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c +++ b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c @@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_hcd_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_hcd_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_hcd_state_t *this) { @@ -161,6 +171,7 @@ imc_state_t *imc_hcd_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, }, diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index e62c04bea..4821d43f7 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index d7b508ab9..a10492e04 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -103,15 +103,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_os_state_create(connection_id); return imc_os->create_state(imc_os, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_os->change_state(imc_os, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_os->delete_state(imc_os, connection_id); default: diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c index a38696a81..d26454719 100644 --- a/src/libimcv/plugins/imc_os/imc_os_state.c +++ b/src/libimcv/plugins/imc_os/imc_os_state.c @@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_os_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_os_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_os_state_t *this) { @@ -161,6 +171,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, }, diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index a054a475b..c55ac867c 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -335,6 +334,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -355,8 +356,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -411,8 +410,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,8 +438,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c index 93ed4271b..c4fc254cf 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c @@ -85,15 +85,6 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_scanner_state_create(connection_id); return imc_scanner->create_state(imc_scanner, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_scanner->change_state(imc_scanner, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_scanner->delete_state(imc_scanner, connection_id); default: diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c index c1b7a50e4..2a2214841 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c @@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_scanner_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_scanner_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_scanner_state_t *this) { @@ -161,6 +171,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, }, diff --git a/src/libimcv/plugins/imc_swid/Makefile.am b/src/libimcv/plugins/imc_swid/Makefile.am deleted file mode 100644 index 22f2e3762..000000000 --- a/src/libimcv/plugins/imc_swid/Makefile.am +++ /dev/null @@ -1,36 +0,0 @@ -regid = strongswan.org -unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) -swid_tag = $(regid)__$(unique_sw_id).swidtag - -swiddir = $(pkgdatadir)/swidtag -dist_swid_DATA = $(swid_tag) -EXTRA_DIST = $(regid)__strongSwan.swidtag.in -CLEANFILES = $(regid)__strongSwan*.swidtag - -$(swid_tag) : $(regid)__strongSwan.swidtag.in - $(AM_V_GEN) \ - sed \ - -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ - -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ - -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ - -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ - $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ - -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv \ - -DSWID_DIRECTORY=\"${prefix}/share\" - -AM_CFLAGS = \ - $(PLUGIN_CFLAGS) - -imcv_LTLIBRARIES = imc-swid.la - -imc_swid_la_LIBADD = \ - $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la - -imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c - -imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in deleted file mode 100644 index f58935f2e..000000000 --- a/src/libimcv/plugins/imc_swid/Makefile.in +++ /dev/null @@ -1,831 +0,0 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2014 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - - -VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/libimcv/plugins/imc_swid -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ - $(top_srcdir)/m4/config/ltoptions.m4 \ - $(top_srcdir)/m4/config/ltsugar.m4 \ - $(top_srcdir)/m4/config/ltversion.m4 \ - $(top_srcdir)/m4/config/lt~obsolete.m4 \ - $(top_srcdir)/m4/macros/split-package-version.m4 \ - $(top_srcdir)/m4/macros/with.m4 \ - $(top_srcdir)/m4/macros/enable-disable.m4 \ - $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(dist_swid_DATA) \ - $(am__DIST_COMMON) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)" -LTLIBRARIES = $(imcv_LTLIBRARIES) -imc_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la -am_imc_swid_la_OBJECTS = imc_swid.lo imc_swid_state.lo -imc_swid_la_OBJECTS = $(am_imc_swid_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -imc_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(imc_swid_la_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(imc_swid_la_SOURCES) -DIST_SOURCES = $(imc_swid_la_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -DATA = $(dist_swid_DATA) -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -ALLOCA = @ALLOCA@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -ATOMICLIB = @ATOMICLIB@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BFDLIB = @BFDLIB@ -BTLIB = @BTLIB@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ -COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLIB = @DLLIB@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -EASY_INSTALL = @EASY_INSTALL@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ -GEM = @GEM@ -GENHTML = @GENHTML@ -GPERF = @GPERF@ -GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ -GPRBUILD = @GPRBUILD@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LCOV = @LCOV@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MYSQLCFLAG = @MYSQLCFLAG@ -MYSQLCONFIG = @MYSQLCONFIG@ -MYSQLLIB = @MYSQLLIB@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_LIB = @OPENSSL_LIB@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ -PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ -PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ -PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PERL = @PERL@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ -PTHREADLIB = @PTHREADLIB@ -PYTHON = @PYTHON@ -PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -PY_TEST = @PY_TEST@ -RANLIB = @RANLIB@ -RTLIB = @RTLIB@ -RUBY = @RUBY@ -RUBYGEMDIR = @RUBYGEMDIR@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -SOCKLIB = @SOCKLIB@ -STRIP = @STRIP@ -UNWINDLIB = @UNWINDLIB@ -VERSION = @VERSION@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -aikgen_plugins = @aikgen_plugins@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -attest_plugins = @attest_plugins@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -c_plugins = @c_plugins@ -charon_natt_port = @charon_natt_port@ -charon_plugins = @charon_plugins@ -charon_udp_port = @charon_udp_port@ -clearsilver_LIBS = @clearsilver_LIBS@ -cmd_plugins = @cmd_plugins@ -datadir = @datadir@ -datarootdir = @datarootdir@ -dev_headers = @dev_headers@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -fips_mode = @fips_mode@ -fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -imcvdir = @imcvdir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -ipsec_script = @ipsec_script@ -ipsec_script_upper = @ipsec_script_upper@ -ipsecdir = @ipsecdir@ -ipsecgroup = @ipsecgroup@ -ipseclibdir = @ipseclibdir@ -ipsecuser = @ipsecuser@ -json_CFLAGS = @json_CFLAGS@ -json_LIBS = @json_LIBS@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libfuzzer = @libfuzzer@ -libiptc_CFLAGS = @libiptc_CFLAGS@ -libiptc_LIBS = @libiptc_LIBS@ -linux_headers = @linux_headers@ -localedir = @localedir@ -localstatedir = @localstatedir@ -manager_plugins = @manager_plugins@ -mandir = @mandir@ -medsrv_plugins = @medsrv_plugins@ -mkdir_p = @mkdir_p@ -nm_CFLAGS = @nm_CFLAGS@ -nm_LIBS = @nm_LIBS@ -nm_ca_dir = @nm_ca_dir@ -nm_plugins = @nm_plugins@ -oldincludedir = @oldincludedir@ -p_plugins = @p_plugins@ -pcsclite_CFLAGS = @pcsclite_CFLAGS@ -pcsclite_LIBS = @pcsclite_LIBS@ -pdfdir = @pdfdir@ -piddir = @piddir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -pki_plugins = @pki_plugins@ -plugindir = @plugindir@ -pool_plugins = @pool_plugins@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -random_device = @random_device@ -resolv_conf = @resolv_conf@ -routing_table = @routing_table@ -routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ -runstatedir = @runstatedir@ -s_plugins = @s_plugins@ -sbindir = @sbindir@ -scepclient_plugins = @scepclient_plugins@ -scripts_plugins = @scripts_plugins@ -sharedstatedir = @sharedstatedir@ -soup_CFLAGS = @soup_CFLAGS@ -soup_LIBS = @soup_LIBS@ -srcdir = @srcdir@ -starter_plugins = @starter_plugins@ -strongswan_conf = @strongswan_conf@ -strongswan_options = @strongswan_options@ -swanctldir = @swanctldir@ -sysconfdir = @sysconfdir@ -systemd_CFLAGS = @systemd_CFLAGS@ -systemd_LIBS = @systemd_LIBS@ -systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ -systemd_daemon_LIBS = @systemd_daemon_LIBS@ -systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ -systemd_journal_LIBS = @systemd_journal_LIBS@ -systemdsystemunitdir = @systemdsystemunitdir@ -t_plugins = @t_plugins@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -tss2_CFLAGS = @tss2_CFLAGS@ -tss2_LIBS = @tss2_LIBS@ -tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ -tss2_socket_LIBS = @tss2_socket_LIBS@ -tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ -tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ -urandom_device = @urandom_device@ -xml_CFLAGS = @xml_CFLAGS@ -xml_LIBS = @xml_LIBS@ -regid = strongswan.org -unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) -swid_tag = $(regid)__$(unique_sw_id).swidtag -swiddir = $(pkgdatadir)/swidtag -dist_swid_DATA = $(swid_tag) -EXTRA_DIST = $(regid)__strongSwan.swidtag.in -CLEANFILES = $(regid)__strongSwan*.swidtag -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv \ - -DSWID_DIRECTORY=\"${prefix}/share\" - -AM_CFLAGS = \ - $(PLUGIN_CFLAGS) - -imcv_LTLIBRARIES = imc-swid.la -imc_swid_la_LIBADD = \ - $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la - -imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c -imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES) - @$(NORMAL_INSTALL) - @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \ - } - -uninstall-imcvLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \ - done - -clean-imcvLTLIBRARIES: - -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES) - @list='$(imcv_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -imc-swid.la: $(imc_swid_la_OBJECTS) $(imc_swid_la_DEPENDENCIES) $(EXTRA_imc_swid_la_DEPENDENCIES) - $(AM_V_CCLD)$(imc_swid_la_LINK) -rpath $(imcvdir) $(imc_swid_la_OBJECTS) $(imc_swid_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swid.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swid_state.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-dist_swidDATA: $(dist_swid_DATA) - @$(NORMAL_INSTALL) - @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(swiddir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(swiddir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(swiddir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(swiddir)" || exit $$?; \ - done - -uninstall-dist_swidDATA: - @$(NORMAL_UNINSTALL) - @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(swiddir)'; $(am__uninstall_files_from_dir) - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) $(DATA) -installdirs: - for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-dist_swidDATA install-imcvLTLIBRARIES - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-dist_swidDATA uninstall-imcvLTLIBRARIES - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dist_swidDATA install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-imcvLTLIBRARIES install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-dist_swidDATA \ - uninstall-imcvLTLIBRARIES - -.PRECIOUS: Makefile - - -$(swid_tag) : $(regid)__strongSwan.swidtag.in - $(AM_V_GEN) \ - sed \ - -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ - -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ - -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ - -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ - $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/libimcv/plugins/imc_swid/imc_swid.c b/src/libimcv/plugins/imc_swid/imc_swid.c deleted file mode 100644 index 1468a59cc..000000000 --- a/src/libimcv/plugins/imc_swid/imc_swid.c +++ /dev/null @@ -1,417 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "imc_swid_state.h" - -#include <imc/imc_agent.h> -#include <imc/imc_msg.h> -#include "tcg/seg/tcg_seg_attr_max_size.h" -#include "tcg/seg/tcg_seg_attr_seg_env.h" -#include "tcg/swid/tcg_swid_attr_req.h" -#include "tcg/swid/tcg_swid_attr_tag_inv.h" -#include "tcg/swid/tcg_swid_attr_tag_id_inv.h" -#include "swid/swid_inventory.h" -#include "swid/swid_error.h" - -#include <tncif_pa_subtypes.h> - -#include <pen/pen.h> -#include <utils/debug.h> - -/* IMC definitions */ - -static const char imc_name[] = "SWID"; - -static pen_type_t msg_types[] = { - { PEN_TCG, PA_SUBTYPE_TCG_SWID } -}; - -static imc_agent_t *imc_swid; - -/** - * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) -{ - if (imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name); - return TNC_RESULT_ALREADY_INITIALIZED; - } - imc_swid = imc_agent_create(imc_name, msg_types, countof(msg_types), - imc_id, actual_version); - if (!imc_swid) - { - return TNC_RESULT_FATAL; - } - if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) - { - DBG1(DBG_IMC, "no common IF-IMC version"); - return TNC_RESULT_NO_COMMON_VERSION; - } - return TNC_RESULT_SUCCESS; -} - -/** - * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) -{ - imc_state_t *state; - - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - switch (new_state) - { - case TNC_CONNECTION_STATE_CREATE: - state = imc_swid_state_create(connection_id); - return imc_swid->create_state(imc_swid, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_swid->change_state(imc_swid, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; - case TNC_CONNECTION_STATE_DELETE: - return imc_swid->delete_state(imc_swid, connection_id); - default: - return imc_swid->change_state(imc_swid, connection_id, - new_state, NULL); - } -} - -/** - * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) -{ - imc_state_t *state; - imc_msg_t *out_msg; - pa_tnc_attr_t *attr; - seg_contract_t *contract; - seg_contract_manager_t *contracts; - size_t max_attr_size = SWID_MAX_ATTR_SIZE; - size_t max_seg_size; - char buf[BUF_LEN]; - TNC_Result result = TNC_RESULT_SUCCESS; - - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imc_swid->get_state(imc_swid, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - - /* Determine maximum PA-TNC attribute segment size */ - max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE - - PA_TNC_ATTR_HEADER_SIZE - - TCG_SEG_ATTR_SEG_ENV_HEADER; - - /* Announce support of PA-TNC segmentation to IMV */ - contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size, - TRUE, imc_id, TRUE); - contract->get_info_string(contract, buf, BUF_LEN, TRUE); - DBG2(DBG_IMC, "%s", buf); - contracts = state->get_contracts(state); - contracts->add_contract(contracts, contract); - attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); - - /* send PA-TNC message with the excl flag not set */ - out_msg = imc_msg_create(imc_swid, state, connection_id, imc_id, - TNC_IMVID_ANY, msg_types[0]); - out_msg->add_attribute(out_msg, attr); - result = out_msg->send(out_msg, FALSE); - out_msg->destroy(out_msg); - - return result; -} - -/** - * Add one or multiple SWID Inventory attributes to the send queue - */ -static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, - uint32_t request_id, bool full_tags, - swid_inventory_t *targets) -{ - pa_tnc_attr_t *attr, *attr_error; - imc_swid_state_t *swid_state; - swid_inventory_t *swid_inventory; - char *swid_directory; - uint32_t eid_epoch; - bool swid_pretty, swid_full; - enumerator_t *enumerator; - - swid_directory = lib->settings->get_str(lib->settings, - "%s.plugins.imc-swid.swid_directory", - SWID_DIRECTORY, lib->ns); - swid_pretty = lib->settings->get_bool(lib->settings, - "%s.plugins.imc-swid.swid_pretty", - FALSE, lib->ns); - swid_full = lib->settings->get_bool(lib->settings, - "%s.plugins.imc-swid.swid_full", - FALSE, lib->ns); - - swid_inventory = swid_inventory_create(full_tags); - if (!swid_inventory->collect(swid_inventory, swid_directory, targets, - swid_pretty, swid_full)) - { - swid_inventory->destroy(swid_inventory); - attr_error = swid_error_create(TCG_SWID_ERROR, request_id, - 0, "error in SWID tag collection"); - msg->add_attribute(msg, attr_error); - return FALSE; - } - DBG1(DBG_IMC, "collected %d SWID tag%s%s", - swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID", - swid_inventory->get_count(swid_inventory) == 1 ? "" : "s"); - - swid_state = (imc_swid_state_t*)state; - eid_epoch = swid_state->get_eid_epoch(swid_state); - - if (full_tags) - { - tcg_swid_attr_tag_inv_t *swid_attr; - swid_tag_t *tag; - - /* Send a TCG SWID Tag Inventory attribute */ - attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1); - swid_attr = (tcg_swid_attr_tag_inv_t*)attr; - - enumerator = swid_inventory->create_enumerator(swid_inventory); - while (enumerator->enumerate(enumerator, &tag)) - { - swid_attr->add(swid_attr, tag->get_ref(tag)); - } - enumerator->destroy(enumerator); - } - else - { - tcg_swid_attr_tag_id_inv_t *swid_id_attr; - swid_tag_id_t *tag_id; - - /* Send a TCG SWID Tag ID Inventory attribute */ - attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1); - swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr; - - enumerator = swid_inventory->create_enumerator(swid_inventory); - while (enumerator->enumerate(enumerator, &tag_id)) - { - swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id)); - } - enumerator->destroy(enumerator); - } - - msg->add_attribute(msg, attr); - swid_inventory->destroy(swid_inventory); - - return TRUE; -} - -static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) -{ - imc_msg_t *out_msg; - pa_tnc_attr_t *attr; - enumerator_t *enumerator; - pen_type_t type; - TNC_Result result; - bool fatal_error = FALSE; - - /* generate an outgoing PA-TNC message - we might need it */ - out_msg = imc_msg_create_as_reply(in_msg); - - /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, out_msg, &fatal_error); - if (result != TNC_RESULT_SUCCESS) - { - out_msg->destroy(out_msg); - return result; - } - - /* analyze PA-TNC attributes */ - enumerator = in_msg->create_attribute_enumerator(in_msg); - while (enumerator->enumerate(enumerator, &attr)) - { - tcg_swid_attr_req_t *attr_req; - uint8_t flags; - uint32_t request_id; - bool full_tags; - swid_inventory_t *targets; - - type = attr->get_type(attr); - - if (type.vendor_id != PEN_TCG || type.type != TCG_SWID_REQUEST) - { - continue; - } - - attr_req = (tcg_swid_attr_req_t*)attr; - flags = attr_req->get_flags(attr_req); - request_id = attr_req->get_request_id(attr_req); - targets = attr_req->get_targets(attr_req); - - if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C)) - { - attr = swid_error_create(TCG_SWID_SUBSCRIPTION_DENIED, request_id, - 0, "no subscription available yet"); - out_msg->add_attribute(out_msg, attr); - break; - } - full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0; - - if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets)) - { - break; - } - } - enumerator->destroy(enumerator); - - if (fatal_error) - { - result = TNC_RESULT_FATAL; - } - else - { - /* send PA-TNC message with the EXCL flag set */ - result = out_msg->send(out_msg, TRUE); - } - out_msg->destroy(out_msg); - - return result; -} - -/** - * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3 - - */ -TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) -{ - imc_state_t *state; - imc_msg_t *in_msg; - TNC_Result result; - - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imc_swid->get_state(imc_swid, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imc_msg_create_from_data(imc_swid, state, connection_id, msg_type, - chunk_create(msg, msg_len)); - result = receive_message(state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -/** - * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) -{ - imc_state_t *state; - imc_msg_t *in_msg; - TNC_Result result; - - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imc_swid->get_state(imc_swid, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imc_msg_create_from_long_data(imc_swid, state, connection_id, - src_imv_id, dst_imc_id,msg_vid, msg_subtype, - chunk_create(msg, msg_len)); - result =receive_message(state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -/** - * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) -{ - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - return TNC_RESULT_SUCCESS; -} - -/** - * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) -{ - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - imc_swid->destroy(imc_swid); - imc_swid = NULL; - - return TNC_RESULT_SUCCESS; -} - -/** - * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, - TNC_TNCC_BindFunctionPointer bind_function) -{ - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - return imc_swid->bind_functions(imc_swid, bind_function); -} diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.c b/src/libimcv/plugins/imc_swid/imc_swid_state.c deleted file mode 100644 index 8d5e8e089..000000000 --- a/src/libimcv/plugins/imc_swid/imc_swid_state.c +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "imc_swid_state.h" - -#include <tncif_names.h> - -#include <utils/debug.h> - -typedef struct private_imc_swid_state_t private_imc_swid_state_t; - -/** - * Private data of an imc_swid_state_t object. - */ -struct private_imc_swid_state_t { - - /** - * Public members of imc_swid_state_t - */ - imc_swid_state_t public; - - /** - * TNCCS connection ID - */ - TNC_ConnectionID connection_id; - - /** - * TNCCS connection state - */ - TNC_ConnectionState state; - - /** - * Assessment/Evaluation Result - */ - TNC_IMV_Evaluation_Result result; - - /** - * Does the TNCCS connection support long message types? - */ - bool has_long; - - /** - * Does the TNCCS connection support exclusive delivery? - */ - bool has_excl; - - /** - * Maximum PA-TNC message size for this TNCCS connection - */ - uint32_t max_msg_len; - - /** - * PA-TNC attribute segmentation contracts associated with TNCCS connection - */ - seg_contract_manager_t *contracts; - - /** - * Event ID Epoch - */ - uint32_t eid_epoch; -}; - -METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, - private_imc_swid_state_t *this) -{ - return this->connection_id; -} - -METHOD(imc_state_t, has_long, bool, - private_imc_swid_state_t *this) -{ - return this->has_long; -} - -METHOD(imc_state_t, has_excl, bool, - private_imc_swid_state_t *this) -{ - return this->has_excl; -} - -METHOD(imc_state_t, set_flags, void, - private_imc_swid_state_t *this, bool has_long, bool has_excl) -{ - this->has_long = has_long; - this->has_excl = has_excl; -} - -METHOD(imc_state_t, set_max_msg_len, void, - private_imc_swid_state_t *this, uint32_t max_msg_len) -{ - this->max_msg_len = max_msg_len; -} - -METHOD(imc_state_t, get_max_msg_len, uint32_t, - private_imc_swid_state_t *this) -{ - return this->max_msg_len; -} - -METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, - private_imc_swid_state_t *this) -{ - return this->contracts; -} - -METHOD(imc_state_t, change_state, void, - private_imc_swid_state_t *this, TNC_ConnectionState new_state) -{ - this->state = new_state; -} - -METHOD(imc_state_t, set_result, void, - private_imc_swid_state_t *this, TNC_IMCID id, - TNC_IMV_Evaluation_Result result) -{ - this->result = result; -} - -METHOD(imc_state_t, get_result, bool, - private_imc_swid_state_t *this, TNC_IMCID id, - TNC_IMV_Evaluation_Result *result) -{ - if (result) - { - *result = this->result; - } - return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; -} - -METHOD(imc_state_t, destroy, void, - private_imc_swid_state_t *this) -{ - this->contracts->destroy(this->contracts); - free(this); -} - -METHOD(imc_swid_state_t, get_eid_epoch, uint32_t, - private_imc_swid_state_t *this) -{ - return this->eid_epoch; -} - -/** - * Described in header. - */ -imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id) -{ - private_imc_swid_state_t *this; - uint32_t eid_epoch; - nonce_gen_t *ng; - - ng = lib->crypto->create_nonce_gen(lib->crypto); - if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&eid_epoch)) - { - DBG1(DBG_TNC, "failed to generate random EID epoch value"); - DESTROY_IF(ng); - return NULL; - } - ng->destroy(ng); - - DBG1(DBG_IMC, "creating random EID epoch 0x%08x", eid_epoch); - - INIT(this, - .public = { - .interface = { - .get_connection_id = _get_connection_id, - .has_long = _has_long, - .has_excl = _has_excl, - .set_flags = _set_flags, - .set_max_msg_len = _set_max_msg_len, - .get_max_msg_len = _get_max_msg_len, - .get_contracts = _get_contracts, - .change_state = _change_state, - .set_result = _set_result, - .get_result = _get_result, - .destroy = _destroy, - }, - .get_eid_epoch = _get_eid_epoch, - }, - .state = TNC_CONNECTION_STATE_CREATE, - .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, - .connection_id = connection_id, - .contracts = seg_contract_manager_create(), - .eid_epoch = eid_epoch, - ); - - - return &this->public.interface; -} - - diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h deleted file mode 100644 index c658549c8..000000000 --- a/src/libimcv/plugins/imc_swid/imc_swid_state.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (C) 2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup imc_swid imc_swid - * @ingroup libimcv_plugins - * - * @defgroup imc_swid_state_t imc_swid_state - * @{ @ingroup imc_swid - */ - -#ifndef IMC_SWID_STATE_H_ -#define IMC_SWID_STATE_H_ - -#include <imc/imc_state.h> -#include <library.h> - -typedef struct imc_swid_state_t imc_swid_state_t; - -/** - * Internal state of an imc_swid_t connection instance - */ -struct imc_swid_state_t { - - /** - * imc_state_t interface - */ - imc_state_t interface; - - /** - * Get Event ID Epoch - * - * @return Event ID Epoch - */ - uint32_t (*get_eid_epoch)(imc_swid_state_t *this); - -}; - -/** - * Create an imc_swid_state_t instance - * - * @param id connection ID - */ -imc_state_t* imc_swid_state_create(TNC_ConnectionID id); - -#endif /** IMC_SWID_STATE_H_ @}*/ diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in deleted file mode 100644 index 0e5aa8d4d..000000000 --- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in +++ /dev/null @@ -1,11 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<SoftwareIdentity - name="strongSwan" - tagId="strongSwan-@VERSION_MAJOR@-@VERSION_MINOR@-@VERSION_BUILD@@VERSION_REVIEW@" - version="@VERSION_MAJOR@.@VERSION_MINOR@.@VERSION_BUILD@@VERSION_REVIEW@" versionScheme="alphanumeric" - xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> - <Entity - name="strongSwan Project" - regid="strongswan.org" - role="softwareCreator licensor tagCreator"/> -</SoftwareIdentity> diff --git a/src/libimcv/plugins/imc_swima/Makefile.am b/src/libimcv/plugins/imc_swima/Makefile.am index 4a29e7949..e31f98d33 100644 --- a/src/libimcv/plugins/imc_swima/Makefile.am +++ b/src/libimcv/plugins/imc_swima/Makefile.am @@ -19,11 +19,13 @@ $(swid_tag) : $(regid)__strongSwan.swidtag.in AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -DSW_COLLECTOR=\"${prefix}/sbin/sw-collector\" AM_CFLAGS = \ $(PLUGIN_CFLAGS) $(json_CFLAGS) + imcv_LTLIBRARIES = imc-swima.la imc_swima_la_LIBADD = \ diff --git a/src/libimcv/plugins/imc_swima/Makefile.in b/src/libimcv/plugins/imc_swima/Makefile.in index ed2191921..62805151e 100644 --- a/src/libimcv/plugins/imc_swima/Makefile.in +++ b/src/libimcv/plugins/imc_swima/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ @@ -460,7 +461,8 @@ CLEANFILES = $(regid)__strongSwan*.swidtag AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -DSW_COLLECTOR=\"${prefix}/sbin/sw-collector\" AM_CFLAGS = \ $(PLUGIN_CFLAGS) $(json_CFLAGS) diff --git a/src/libimcv/plugins/imc_swima/imc_swima.c b/src/libimcv/plugins/imc_swima/imc_swima.c index 67080e050..be258d335 100644 --- a/src/libimcv/plugins/imc_swima/imc_swima.c +++ b/src/libimcv/plugins/imc_swima/imc_swima.c @@ -30,6 +30,17 @@ #include <pen/pen.h> #include <utils/debug.h> +#include <errno.h> +#include <poll.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/inotify.h> +#include <unistd.h> + +#ifndef SW_COLLECTOR +#define SW_COLLECTOR NULL +#endif + /* IMC definitions */ static const char imc_name[] = "SWIMA"; @@ -68,6 +79,75 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, } /** + * Poll for IN_CLOSE_WRITE event on the apt history.log + */ +static bool poll_history_log(void) +{ + int fd, wd, res; + nfds_t nfds; + struct pollfd fds[1]; + char *history_path; + bool success = FALSE; + + history_path = lib->settings->get_str(lib->settings, "sw-collector.history", + NULL); + if (!history_path) + { + DBG1(DBG_IMC, "sw-collector.history path not set"); + return FALSE; + } + + /* Create the file descriptor for accessing the inotify API */ + fd = inotify_init1(IN_NONBLOCK); + if (fd == -1) + { + DBG1(DBG_IMC, "inotify file descriptor could not be created"); + return FALSE; + } + + /* Watch for CLOSE_WRITE events on history log */ + wd = inotify_add_watch(fd, history_path, IN_CLOSE_WRITE); + if (wd == -1) + { + DBG1(DBG_IMC, "cannot watch '%s'", history_path); + goto end; + } + + /* Prepare for polling */ + nfds = 1; + + /* Inotify input */ + fds[0].fd = fd; + fds[0].events = POLLIN; + + while (1) + { + DBG1(DBG_IMC, " waiting for write event on history.log ..."); + + res = poll(fds, nfds, -1); + if (res == -1) + { + DBG1(DBG_IMC, " poll failed: %s", strerror(errno)); + if (errno == EINTR) + { + continue; + } + goto end; + } + if (res > 0 && fds[0].revents & POLLIN) + { + DBG1(DBG_IMC, " poll successful"); + success = TRUE; + break; + } + } + +end: + close(fd); + return success; +} + +/** * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3 */ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, @@ -75,6 +155,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, TNC_ConnectionState new_state) { imc_state_t *state; + imc_swima_state_t *swima_state; + imc_swima_subscription_t *subscription; + TNC_IMV_Evaluation_Result res; + TNC_Result result; + uint32_t eid, eid_epoch; if (!imc_swima) { @@ -86,14 +171,42 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_swima_state_create(connection_id); return imc_swima->create_state(imc_swima, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_swima->change_state(imc_swima, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) + case TNC_CONNECTION_STATE_ACCESS_ALLOWED: + case TNC_CONNECTION_STATE_ACCESS_ISOLATED: + case TNC_CONNECTION_STATE_ACCESS_NONE: + /* get updated IMC state */ + result = imc_swima->change_state(imc_swima, connection_id, + new_state, &state); + if (result != TNC_RESULT_SUCCESS) { return TNC_RESULT_FATAL; } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + swima_state = (imc_swima_state_t*)state; + + /* do a handshake retry? */ + if (swima_state->get_subscription(swima_state, &subscription)) + { + /* update earliest EID in subscription target */ + if (state->get_result(state, imc_id, &res) && + res == TNC_IMV_EVALUATION_RESULT_COMPLIANT) + { + eid = subscription->targets->get_eid(subscription->targets, + &eid_epoch); + if (eid > 0) + { + eid = swima_state->get_earliest_eid(swima_state); + subscription->targets->set_eid(subscription->targets, eid, + eid_epoch); + } + } + DBG1(DBG_IMC, "SWIMA subscription %u:", subscription->request_id); + if (!poll_history_log()) + { + return TNC_RESULT_FATAL; + } + return imc_swima->request_handshake_retry(imc_id, connection_id, + TNC_RETRY_REASON_IMC_PERIODIC); + } return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_swima->delete_state(imc_swima, connection_id); @@ -104,61 +217,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, } /** - * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) -{ - imc_state_t *state; - imc_msg_t *out_msg; - pa_tnc_attr_t *attr; - seg_contract_t *contract; - seg_contract_manager_t *contracts; - size_t max_attr_size = SWIMA_MAX_ATTR_SIZE; - size_t max_seg_size; - char buf[BUF_LEN]; - TNC_Result result = TNC_RESULT_SUCCESS; - - if (!imc_swima) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imc_swima->get_state(imc_swima, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - - /* Determine maximum PA-TNC attribute segment size */ - max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE - - PA_TNC_ATTR_HEADER_SIZE - - TCG_SEG_ATTR_SEG_ENV_HEADER; - - /* Announce support of PA-TNC segmentation to IMV */ - contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size, - TRUE, imc_id, TRUE); - contract->get_info_string(contract, buf, BUF_LEN, TRUE); - DBG2(DBG_IMC, "%s", buf); - contracts = state->get_contracts(state); - contracts->add_contract(contracts, contract); - attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); - - /* send PA-TNC message with the excl flag not set */ - out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id, - TNC_IMVID_ANY, msg_types[0]); - out_msg->add_attribute(out_msg, attr); - result = out_msg->send(out_msg, FALSE); - out_msg->destroy(out_msg); - - return result; -} - -/** * Add SWID Inventory or Event attribute to the send queue */ static void fulfill_request(imc_state_t *state, imc_msg_t *msg, - uint32_t request_id, bool sw_id_only, - swima_inventory_t *targets) + uint32_t request_id, bool sw_id_only, + swima_inventory_t *targets) { pa_tnc_attr_t *attr; swima_collector_t *collector; @@ -174,6 +237,8 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg, { swima_events_t *sw_ev; ietf_swima_attr_sw_ev_t *sw_ev_attr; + imc_swima_state_t *swima_state; + uint32_t eid_epoch, last_eid = 0; sw_ev = collector->collect_events(collector, sw_id_only, targets); if (!sw_ev) @@ -185,8 +250,14 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg, } else { items = sw_ev->get_count(sw_ev); - DBG1(DBG_IMC, "collected %d SW%s event%s", items, id_str, - items == 1 ? "" : "s"); + last_eid = sw_ev->get_eid(sw_ev, &eid_epoch, NULL); + + DBG1(DBG_IMC, "collected %d SW%s event%s at last eid %d of epoch 0x%08x", + items, id_str, items == 1 ? "" : "s", last_eid, eid_epoch); + + /* Store the earliest EID for the next subscription round */ + swima_state = (imc_swima_state_t*)state; + swima_state->set_earliest_eid(swima_state, last_eid + 1); /* Send an IETF SW [Identity] Events attribute */ attr = ietf_swima_attr_sw_ev_create(IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, @@ -226,9 +297,78 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg, collector->destroy(collector); } +/** + * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) +{ + imc_state_t *state; + imc_swima_state_t *swima_state; + imc_msg_t *out_msg; + pa_tnc_attr_t *attr; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + imc_swima_subscription_t *subscription; + size_t max_attr_size = SWIMA_MAX_ATTR_SIZE; + size_t max_seg_size; + char buf[BUF_LEN]; + TNC_Result result = TNC_RESULT_SUCCESS; + + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_swima->get_state(imc_swima, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + swima_state = (imc_swima_state_t*)state; + + if (swima_state->get_subscription(swima_state, &subscription)) + { + if (system(SW_COLLECTOR) != 0) + { + DBG1(DBG_IMC, "calling %s failed", SW_COLLECTOR); + return TNC_RESULT_FATAL; + } + out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id, + subscription->imv_id, msg_types[0]); + fulfill_request(state, out_msg, subscription->request_id, + subscription->sw_id_only, subscription->targets); + } + else + { + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER; + + /* Announce support of PA-TNC segmentation to IMV */ + contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size, + TRUE, imc_id, TRUE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMC, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); + + /* send PA-TNC message with the excl flag not set */ + out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id, + TNC_IMVID_ANY, msg_types[0]); + out_msg->add_attribute(out_msg, attr); + } + result = out_msg->send(out_msg, FALSE); + out_msg->destroy(out_msg); + + return result; +} + static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) { imc_msg_t *out_msg; + imc_swima_state_t *swima_state; pa_tnc_attr_t *attr; enumerator_t *enumerator; pen_type_t type; @@ -255,7 +395,6 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) uint32_t request_id; bool sw_id_only; swima_inventory_t *targets; - type = attr->get_type(attr); if (type.vendor_id != PEN_IETF || type.type != IETF_ATTR_SWIMA_REQUEST) @@ -267,15 +406,55 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) flags = attr_req->get_flags(attr_req); request_id = attr_req->get_request_id(attr_req); targets = attr_req->get_targets(attr_req); + sw_id_only = (flags & IETF_SWIMA_ATTR_REQ_FLAG_R); if (flags & (IETF_SWIMA_ATTR_REQ_FLAG_S | IETF_SWIMA_ATTR_REQ_FLAG_C)) { - attr = swima_error_create(PA_ERROR_SWIMA_SUBSCRIPTION_DENIED, - request_id, 0, "no subscription available yet"); - out_msg->add_attribute(out_msg, attr); - break; + if (imc_swima->has_pt_tls(imc_swima) && + lib->settings->get_bool(lib->settings, + "%s.plugins.imc-swima.subscriptions", FALSE, lib->ns)) + { + imc_swima_subscription_t *subscription; + + swima_state = (imc_swima_state_t*)state; + + if (flags & IETF_SWIMA_ATTR_REQ_FLAG_C) + { + if (swima_state->get_subscription(swima_state, &subscription)) + { + DBG1(DBG_IMC, "SWIMA subscription %u cleared", + subscription->request_id); + swima_state->set_subscription(swima_state, NULL, FALSE); + } + } + else + { + INIT(subscription, + .imv_id = in_msg->get_src_id(in_msg), + .request_id = request_id, + .targets = targets->get_ref(targets), + .sw_id_only = sw_id_only, + ); + + swima_state->set_subscription(swima_state, subscription, + TRUE); + DBG1(DBG_IMC, "SWIMA subscription %u established", + subscription->request_id); + if (system(SW_COLLECTOR) != 0) + { + DBG1(DBG_IMC, "calling %s failed", SW_COLLECTOR); + out_msg->destroy(out_msg); + return TNC_RESULT_FATAL; + } + } + } + else + { + attr = swima_error_create(PA_ERROR_SWIMA_SUBSCRIPTION_DENIED, + request_id, 0, "subscriptions not enabled"); + out_msg->add_attribute(out_msg, attr); + } } - sw_id_only = (flags & IETF_SWIMA_ATTR_REQ_FLAG_R); fulfill_request(state, out_msg, request_id, sw_id_only, targets); break; diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.c b/src/libimcv/plugins/imc_swima/imc_swima_state.c index 70b2434a4..55d887055 100644 --- a/src/libimcv/plugins/imc_swima/imc_swima_state.c +++ b/src/libimcv/plugins/imc_swima/imc_swima_state.c @@ -65,8 +65,33 @@ struct private_imc_swima_state_t { * PA-TNC attribute segmentation contracts associated with TNCCS connection */ seg_contract_manager_t *contracts; + + /** + * Has a subscription been established? + */ + bool has_subscription; + + /** + * State information on subscriptions + */ + imc_swima_subscription_t *subscription; + + /** + * Earliest EID for the next subscription round + */ + uint32_t earliest_eid; + }; +static void free_subscription(imc_swima_subscription_t *this) +{ + if (this) + { + this->targets->destroy(this->targets); + free(this); + } +} + METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, private_imc_swima_state_t *this) { @@ -110,10 +135,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_swima_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,13 +163,59 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_swima_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_swima_state_t *this) { + free(this->subscription); this->contracts->destroy(this->contracts); free(this); } +METHOD(imc_swima_state_t, set_subscription, void, + private_imc_swima_state_t *this, imc_swima_subscription_t *subscription, + bool set) +{ + free_subscription(this->subscription); + this->has_subscription = set; + + if (set) + { + this->subscription = subscription; + } + else + { + this->subscription = NULL; + } +} + +METHOD(imc_swima_state_t, get_subscription, bool, + private_imc_swima_state_t *this, imc_swima_subscription_t **subscription) +{ + if (subscription) + { + *subscription = this->subscription; + } + return this->has_subscription; +} + +METHOD(imc_swima_state_t, set_earliest_eid, void, + private_imc_swima_state_t *this, uint32_t eid) +{ + this->earliest_eid = eid; +} + +METHOD(imc_swima_state_t, get_earliest_eid, uint32_t, + private_imc_swima_state_t *this) +{ + return this->earliest_eid; +} + /** * Described in header. */ @@ -161,15 +236,20 @@ imc_state_t *imc_swima_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, + .set_subscription = _set_subscription, + .get_subscription = _get_subscription, + .set_earliest_eid = _set_earliest_eid, + .get_earliest_eid = _get_earliest_eid, }, .state = TNC_CONNECTION_STATE_CREATE, .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, .contracts = seg_contract_manager_create(), ); - + return &this->public.interface; } diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.h b/src/libimcv/plugins/imc_swima/imc_swima_state.h index 4e4e3b1bf..92a674ff8 100644 --- a/src/libimcv/plugins/imc_swima/imc_swima_state.h +++ b/src/libimcv/plugins/imc_swima/imc_swima_state.h @@ -25,9 +25,38 @@ #define IMC_SWIMA_STATE_H_ #include <imc/imc_state.h> +#include <swima/swima_inventory.h> #include <library.h> typedef struct imc_swima_state_t imc_swima_state_t; +typedef struct imc_swima_subscription_t imc_swima_subscription_t; + +/** + * State information on subscriptions + */ +struct imc_swima_subscription_t { + + /** + * IMV which sent the subscription request + */ + TNC_IMVID imv_id; + + /** + * SWIMA Request ID + */ + uint32_t request_id; + + /** + * SWIMA Request targets + */ + swima_inventory_t *targets; + + /** + * Retrieve SW Identifieres only + */ + bool sw_id_only; + +}; /** * Internal state of an imc_swima_t connection instance @@ -39,6 +68,37 @@ struct imc_swima_state_t { */ imc_state_t interface; + /** + * Set or clear a subscription + * + * @param subscription state information on subscription + * @param set TRUE sets and FALSE clears a subscripton + */ + void (*set_subscription)(imc_swima_state_t *this, + imc_swima_subscription_t *subscription, bool set); + + /** + * Get the subscription status + * + * @param subscription state information on subscription + * @return TRUE if subscription is set + */ + bool (*get_subscription)(imc_swima_state_t *this, + imc_swima_subscription_t**subscription); + + /** + * Set the earliest EID for the next subscription round + * + * @param eid Earliest EID for events or 0 for inventories + */ + void (*set_earliest_eid)(imc_swima_state_t *this, uint32_t eid); + + /** + * Get earliest EID for the next subscription round + * + * @return Earliest EID for events or 0 for inventories + */ + uint32_t (*get_earliest_eid)(imc_swima_state_t *this); }; /** diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag deleted file mode 100644 index 4ce168623..000000000 --- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag +++ /dev/null @@ -1,11 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<SoftwareIdentity - name="strongSwan" - tagId="strongSwan-5-6-3" - version="5.6.3" versionScheme="alphanumeric" - xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> - <Entity - name="strongSwan Project" - regid="strongswan.org" - role="softwareCreator licensor tagCreator"/> -</SoftwareIdentity> diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-7-0.swidtag index 4ce168623..fa6e121b5 100644 --- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag +++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-7-0.swidtag @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="utf-8"?> <SoftwareIdentity name="strongSwan" - tagId="strongSwan-5-6-3" - version="5.6.3" versionScheme="alphanumeric" + tagId="strongSwan-5-7-0" + version="5.7.0" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> <Entity name="strongSwan Project" diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index fc6d2f6fb..2231f93bc 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c index 047c82502..86d59a76a 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.c +++ b/src/libimcv/plugins/imc_test/imc_test_state.c @@ -141,10 +141,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_test_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -202,6 +206,12 @@ METHOD(imc_state_t, get_result, bool, return eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_test_state_t *this) +{ + /* nothing to reset */ +} + METHOD(imc_state_t, destroy, void, private_imc_test_state_t *this) { @@ -277,6 +287,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, .get_command = _get_command, diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in index f9eb9d6ed..98930d3f3 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.in +++ b/src/libimcv/plugins/imv_attestation/Makefile.in @@ -322,7 +322,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -348,6 +347,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -368,8 +369,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -424,8 +423,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -454,8 +451,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c index fb894f393..bc435df7f 100644 --- a/src/libimcv/plugins/imv_attestation/attest_db.c +++ b/src/libimcv/plugins/imv_attestation/attest_db.c @@ -187,7 +187,7 @@ char* print_cfn(pts_comp_func_name_t *cfn) int type, vid, name, qualifier, n; enum_name_t *names, *types; - vid = cfn->get_vendor_id(cfn), + vid = cfn->get_vendor_id(cfn); name = cfn->get_name(cfn); qualifier = cfn->get_qualifier(cfn); n = snprintf(buf, BUF_LEN, "0x%06x/0x%08x-0x%02x", vid, name, qualifier); diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c index d63940797..3d9e0ab1f 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c @@ -250,10 +250,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_attestation_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -338,6 +342,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_attestation_state_t *this) +{ + DESTROY_IF(this->reason_string); + this->reason_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_ATTESTATION_STATE_INIT; + this->measurement_error = 0; + this->components->destroy_function(this->components, (void *)free_func_comp); + this->components = linked_list_create(); + this->pts->destroy(this->pts); + this->pts = pts_create(FALSE); +} + METHOD(imv_state_t, destroy, void, private_imv_attestation_state_t *this) { @@ -532,6 +554,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .get_handshake_state = _get_handshake_state, diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in index 99bf6d916..7bf503e0c 100644 --- a/src/libimcv/plugins/imv_hcd/Makefile.in +++ b/src/libimcv/plugins/imv_hcd/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c index bfe6dd619..e2b6eaed9 100644 --- a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c +++ b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c @@ -213,10 +213,14 @@ METHOD(imv_state_t, update_recommendation, void, this->eval = tncif_policy_update_evaluation(this->eval, eval); } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_hcd_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_reason_string, bool, @@ -246,6 +250,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_hcd_state_t *this) +{ + DESTROY_IF(this->reason_string); + this->reason_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->handshake_state = IMV_HCD_STATE_INIT; + this->subtype_action_flags[0].action_flags = IMV_HCD_ATTR_NONE; + this->subtype_action_flags[1].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[2].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[3].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[4].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[5].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->action_flags = &this->subtype_action_flags[0].action_flags; +} + METHOD(imv_state_t, destroy, void, private_imv_hcd_state_t *this) { @@ -320,6 +342,7 @@ imv_state_t *imv_hcd_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index d5a6f07f1..4e8f8ea19 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -335,6 +334,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -355,8 +356,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -411,8 +410,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,8 +438,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c index 3fa3d0965..bb1e8a806 100644 --- a/src/libimcv/plugins/imv_os/imv_os_agent.c +++ b/src/libimcv/plugins/imv_os/imv_os_agent.c @@ -539,7 +539,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, /* Determine maximum PA-TNC attribute segment size */ max_seg_size = state->get_max_msg_len(state) - - PA_TNC_HEADER_SIZE + - PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE - TCG_SEG_ATTR_SEG_ENV_HEADER; @@ -614,7 +614,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, if (result != TNC_RESULT_SUCCESS) { return result; - } + } return this->agent->provide_recommendation(this->agent, state); } else @@ -686,7 +686,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, { continue; } - eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; switch (workitem->get_type(workitem)) { @@ -721,7 +720,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, TNC_IMV_EVALUATION_RESULT_COMPLIANT; snprintf(result_str, BUF_LEN, "unknown sources%s enabled", fail ? "" : " not"); - break; + break; case IMV_WORKITEM_FORWARDING: if (!(received & IMV_OS_ATTR_FORWARDING_ENABLED)) { @@ -749,14 +748,11 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, default: continue; } - if (eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW) - { - session->remove_workitem(session, enumerator); - rec = workitem->set_result(workitem, result_str, eval); - state->update_recommendation(state, rec, eval); - imcv_db->finalize_workitem(imcv_db, workitem); - workitem->destroy(workitem); - } + session->remove_workitem(session, enumerator); + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); } enumerator->destroy(enumerator); @@ -772,7 +768,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, return result; } return this->agent->provide_recommendation(this->agent, state); - } + } } /* send non-empty PA-TNC message with excl flag not set */ diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c index af5daf0fc..dd8fcf594 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.c +++ b/src/libimcv/plugins/imv_os/imv_os_state.c @@ -362,10 +362,14 @@ METHOD(imv_state_t, update_recommendation, void, this->eval = tncif_policy_update_evaluation(this->eval, eval); } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_os_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_reason_string, bool, @@ -466,6 +470,32 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return TRUE; } +METHOD(imv_state_t, reset, void, + private_imv_os_state_t *this) +{ + DESTROY_IF(this->reason_string); + DESTROY_IF(this->remediation_string); + this->reason_string = NULL; + this->remediation_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_OS_STATE_INIT; + this->count = 0; + this->count_security = 0; + this->count_blacklist = 0; + this->count_ok = 0; + this->os_settings = 0; + this->missing = 0; + + this->update_packages->destroy_function(this->update_packages, free); + this->remove_packages->destroy_function(this->remove_packages, free); + this->update_packages = linked_list_create(); + this->remove_packages = linked_list_create(); +} + METHOD(imv_state_t, destroy, void, private_imv_os_state_t *this) { @@ -590,6 +620,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index 2649f499d..7c31a23fa 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c index 8f9593f17..64ab5c4eb 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c @@ -222,10 +222,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_scanner_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -303,6 +307,26 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return TRUE; } +METHOD(imv_state_t, reset, void, + private_imv_scanner_state_t *this) +{ + DESTROY_IF(this->reason_string); + DESTROY_IF(this->remediation_string); + this->reason_string = NULL; + this->remediation_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_SCANNER_STATE_INIT; + + DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute); + this->port_filter_attr = NULL; + this->violating_ports->destroy_function(this->violating_ports, free); + this->violating_ports = linked_list_create(); +} + METHOD(imv_state_t, destroy, void, private_imv_scanner_state_t *this) { @@ -373,6 +397,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, @@ -391,5 +416,3 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) return &this->public.interface; } - - diff --git a/src/libimcv/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am deleted file mode 100644 index e573ea0d8..000000000 --- a/src/libimcv/plugins/imv_swid/Makefile.am +++ /dev/null @@ -1,21 +0,0 @@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libtpmtss \ - -I$(top_srcdir)/src/libimcv - -AM_CFLAGS = \ - $(PLUGIN_CFLAGS) $(json_CFLAGS) - -imcv_LTLIBRARIES = imv-swid.la - -imv_swid_la_LIBADD = \ - $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(json_LIBS) - -imv_swid_la_SOURCES = \ - imv_swid.c imv_swid_state.h imv_swid_state.c \ - imv_swid_agent.h imv_swid_agent.c - -imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in deleted file mode 100644 index faccb683e..000000000 --- a/src/libimcv/plugins/imv_swid/Makefile.in +++ /dev/null @@ -1,797 +0,0 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2014 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/libimcv/plugins/imv_swid -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ - $(top_srcdir)/m4/config/ltoptions.m4 \ - $(top_srcdir)/m4/config/ltsugar.m4 \ - $(top_srcdir)/m4/config/ltversion.m4 \ - $(top_srcdir)/m4/config/lt~obsolete.m4 \ - $(top_srcdir)/m4/macros/split-package-version.m4 \ - $(top_srcdir)/m4/macros/with.m4 \ - $(top_srcdir)/m4/macros/enable-disable.m4 \ - $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(imcvdir)" -LTLIBRARIES = $(imcv_LTLIBRARIES) -am__DEPENDENCIES_1 = -imv_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) -am_imv_swid_la_OBJECTS = imv_swid.lo imv_swid_state.lo \ - imv_swid_agent.lo -imv_swid_la_OBJECTS = $(am_imv_swid_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -imv_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(imv_swid_la_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(imv_swid_la_SOURCES) -DIST_SOURCES = $(imv_swid_la_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -ALLOCA = @ALLOCA@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -ATOMICLIB = @ATOMICLIB@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BFDLIB = @BFDLIB@ -BTLIB = @BTLIB@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ -COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLIB = @DLLIB@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -EASY_INSTALL = @EASY_INSTALL@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ -GEM = @GEM@ -GENHTML = @GENHTML@ -GPERF = @GPERF@ -GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ -GPRBUILD = @GPRBUILD@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LCOV = @LCOV@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MYSQLCFLAG = @MYSQLCFLAG@ -MYSQLCONFIG = @MYSQLCONFIG@ -MYSQLLIB = @MYSQLLIB@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_LIB = @OPENSSL_LIB@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ -PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ -PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ -PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PERL = @PERL@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ -PTHREADLIB = @PTHREADLIB@ -PYTHON = @PYTHON@ -PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -PY_TEST = @PY_TEST@ -RANLIB = @RANLIB@ -RTLIB = @RTLIB@ -RUBY = @RUBY@ -RUBYGEMDIR = @RUBYGEMDIR@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -SOCKLIB = @SOCKLIB@ -STRIP = @STRIP@ -UNWINDLIB = @UNWINDLIB@ -VERSION = @VERSION@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -aikgen_plugins = @aikgen_plugins@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -attest_plugins = @attest_plugins@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -c_plugins = @c_plugins@ -charon_natt_port = @charon_natt_port@ -charon_plugins = @charon_plugins@ -charon_udp_port = @charon_udp_port@ -clearsilver_LIBS = @clearsilver_LIBS@ -cmd_plugins = @cmd_plugins@ -datadir = @datadir@ -datarootdir = @datarootdir@ -dev_headers = @dev_headers@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -fips_mode = @fips_mode@ -fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -imcvdir = @imcvdir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -ipsec_script = @ipsec_script@ -ipsec_script_upper = @ipsec_script_upper@ -ipsecdir = @ipsecdir@ -ipsecgroup = @ipsecgroup@ -ipseclibdir = @ipseclibdir@ -ipsecuser = @ipsecuser@ -json_CFLAGS = @json_CFLAGS@ -json_LIBS = @json_LIBS@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libfuzzer = @libfuzzer@ -libiptc_CFLAGS = @libiptc_CFLAGS@ -libiptc_LIBS = @libiptc_LIBS@ -linux_headers = @linux_headers@ -localedir = @localedir@ -localstatedir = @localstatedir@ -manager_plugins = @manager_plugins@ -mandir = @mandir@ -medsrv_plugins = @medsrv_plugins@ -mkdir_p = @mkdir_p@ -nm_CFLAGS = @nm_CFLAGS@ -nm_LIBS = @nm_LIBS@ -nm_ca_dir = @nm_ca_dir@ -nm_plugins = @nm_plugins@ -oldincludedir = @oldincludedir@ -p_plugins = @p_plugins@ -pcsclite_CFLAGS = @pcsclite_CFLAGS@ -pcsclite_LIBS = @pcsclite_LIBS@ -pdfdir = @pdfdir@ -piddir = @piddir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -pki_plugins = @pki_plugins@ -plugindir = @plugindir@ -pool_plugins = @pool_plugins@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -random_device = @random_device@ -resolv_conf = @resolv_conf@ -routing_table = @routing_table@ -routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ -runstatedir = @runstatedir@ -s_plugins = @s_plugins@ -sbindir = @sbindir@ -scepclient_plugins = @scepclient_plugins@ -scripts_plugins = @scripts_plugins@ -sharedstatedir = @sharedstatedir@ -soup_CFLAGS = @soup_CFLAGS@ -soup_LIBS = @soup_LIBS@ -srcdir = @srcdir@ -starter_plugins = @starter_plugins@ -strongswan_conf = @strongswan_conf@ -strongswan_options = @strongswan_options@ -swanctldir = @swanctldir@ -sysconfdir = @sysconfdir@ -systemd_CFLAGS = @systemd_CFLAGS@ -systemd_LIBS = @systemd_LIBS@ -systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ -systemd_daemon_LIBS = @systemd_daemon_LIBS@ -systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ -systemd_journal_LIBS = @systemd_journal_LIBS@ -systemdsystemunitdir = @systemdsystemunitdir@ -t_plugins = @t_plugins@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -tss2_CFLAGS = @tss2_CFLAGS@ -tss2_LIBS = @tss2_LIBS@ -tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ -tss2_socket_LIBS = @tss2_socket_LIBS@ -tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ -tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ -urandom_device = @urandom_device@ -xml_CFLAGS = @xml_CFLAGS@ -xml_LIBS = @xml_LIBS@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libtpmtss \ - -I$(top_srcdir)/src/libimcv - -AM_CFLAGS = \ - $(PLUGIN_CFLAGS) $(json_CFLAGS) - -imcv_LTLIBRARIES = imv-swid.la -imv_swid_la_LIBADD = \ - $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(json_LIBS) - -imv_swid_la_SOURCES = \ - imv_swid.c imv_swid_state.h imv_swid_state.c \ - imv_swid_agent.h imv_swid_agent.c - -imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES) - @$(NORMAL_INSTALL) - @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \ - } - -uninstall-imcvLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \ - done - -clean-imcvLTLIBRARIES: - -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES) - @list='$(imcv_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -imv-swid.la: $(imv_swid_la_OBJECTS) $(imv_swid_la_DEPENDENCIES) $(EXTRA_imv_swid_la_DEPENDENCIES) - $(AM_V_CCLD)$(imv_swid_la_LINK) -rpath $(imcvdir) $(imv_swid_la_OBJECTS) $(imv_swid_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_agent.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_state.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: - for dir in "$(DESTDIR)$(imcvdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-imcvLTLIBRARIES - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-imcvLTLIBRARIES - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am \ - install-imcvLTLIBRARIES install-info install-info-am \ - install-man install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ - uninstall-am uninstall-imcvLTLIBRARIES - -.PRECIOUS: Makefile - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/libimcv/plugins/imv_swid/imv_swid.c b/src/libimcv/plugins/imv_swid/imv_swid.c deleted file mode 100644 index cab011580..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (C) 2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "imv_swid_agent.h" - -static const char imv_name[] = "SWID"; -static const imv_agent_create_t imv_agent_create = imv_swid_agent_create; - -/* include generic TGC TNC IF-IMV API code below */ - -#include <imv/imv_if.h> - diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.c b/src/libimcv/plugins/imv_swid/imv_swid_agent.c deleted file mode 100644 index 2884a169c..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_agent.c +++ /dev/null @@ -1,727 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#define _GNU_SOURCE -#include <stdio.h> - -#include "imv_swid_agent.h" -#include "imv_swid_state.h" - -#include <imcv.h> -#include <imv/imv_agent.h> -#include <imv/imv_msg.h> -#include <ietf/ietf_attr_pa_tnc_error.h> -#include "rest/rest.h" -#include "tcg/seg/tcg_seg_attr_max_size.h" -#include "tcg/seg/tcg_seg_attr_seg_env.h" -#include "tcg/swid/tcg_swid_attr_req.h" -#include "tcg/swid/tcg_swid_attr_tag_inv.h" -#include "tcg/swid/tcg_swid_attr_tag_id_inv.h" -#include "swid/swid_error.h" -#include "swid/swid_inventory.h" - -#include <tncif_names.h> -#include <tncif_pa_subtypes.h> - -#include <pen/pen.h> -#include <utils/debug.h> -#include <bio/bio_reader.h> - -typedef struct private_imv_swid_agent_t private_imv_swid_agent_t; - -/* Subscribed PA-TNC message subtypes */ -static pen_type_t msg_types[] = { - { PEN_TCG, PA_SUBTYPE_TCG_SWID } -}; - -/** - * Flag set when corresponding attribute has been received - */ -enum imv_swid_attr_t { - IMV_SWID_ATTR_TAG_INV = (1<<0), - IMV_SWID_ATTR_TAG_ID_INV = (1<<1) -}; - -/** - * Private data of an imv_swid_agent_t object. - */ -struct private_imv_swid_agent_t { - - /** - * Public members of imv_swid_agent_t - */ - imv_agent_if_t public; - - /** - * IMV agent responsible for generic functions - */ - imv_agent_t *agent; - - /** - * REST API to strongTNC manager - */ - rest_t *rest_api; - -}; - -METHOD(imv_agent_if_t, bind_functions, TNC_Result, - private_imv_swid_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function) -{ - return this->agent->bind_functions(this->agent, bind_function); -} - -METHOD(imv_agent_if_t, notify_connection_change, TNC_Result, - private_imv_swid_agent_t *this, TNC_ConnectionID id, - TNC_ConnectionState new_state) -{ - imv_state_t *state; - - switch (new_state) - { - case TNC_CONNECTION_STATE_CREATE: - state = imv_swid_state_create(id); - return this->agent->create_state(this->agent, state); - case TNC_CONNECTION_STATE_DELETE: - return this->agent->delete_state(this->agent, id); - default: - return this->agent->change_state(this->agent, id, new_state, NULL); - } -} - -/** - * Process a received message - */ -static TNC_Result receive_msg(private_imv_swid_agent_t *this, - imv_state_t *state, imv_msg_t *in_msg) -{ - imv_swid_state_t *swid_state; - imv_msg_t *out_msg; - enumerator_t *enumerator; - pa_tnc_attr_t *attr; - TNC_Result result; - bool fatal_error = FALSE; - - /* generate an outgoing PA-TNC message - we might need it */ - out_msg = imv_msg_create_as_reply(in_msg); - - /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, out_msg, &fatal_error); - if (result != TNC_RESULT_SUCCESS) - { - out_msg->destroy(out_msg); - return result; - } - - swid_state = (imv_swid_state_t*)state; - - /* analyze PA-TNC attributes */ - enumerator = in_msg->create_attribute_enumerator(in_msg); - while (enumerator->enumerate(enumerator, &attr)) - { - uint32_t request_id = 0, last_eid, eid_epoch; - swid_inventory_t *inventory; - pen_type_t type; - - type = attr->get_type(attr); - - if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR) - { - ietf_attr_pa_tnc_error_t *error_attr; - pen_type_t error_code; - chunk_t msg_info, description; - bio_reader_t *reader; - uint32_t max_attr_size; - bool success; - - error_attr = (ietf_attr_pa_tnc_error_t*)attr; - error_code = error_attr->get_error_code(error_attr); - - if (error_code.vendor_id == PEN_TCG) - { - fatal_error = TRUE; - msg_info = error_attr->get_msg_info(error_attr); - reader = bio_reader_create(msg_info); - success = reader->read_uint32(reader, &request_id); - - DBG1(DBG_IMV, "received TCG error '%N' for request %d", - swid_error_code_names, error_code.type, request_id); - if (!success) - { - reader->destroy(reader); - continue; - } - if (error_code.type == TCG_SWID_RESPONSE_TOO_LARGE) - { - if (!reader->read_uint32(reader, &max_attr_size)) - { - reader->destroy(reader); - continue; - } - DBG1(DBG_IMV, " maximum PA-TNC attribute size is %u bytes", - max_attr_size); - } - description = reader->peek(reader); - if (description.len) - { - DBG1(DBG_IMV, " description: %.*s", description.len, - description.ptr); - } - reader->destroy(reader); - } - } - else if (type.vendor_id != PEN_TCG) - { - continue; - } - - switch (type.type) - { - case TCG_SWID_TAG_ID_INVENTORY: - { - tcg_swid_attr_tag_id_inv_t *attr_cast; - uint32_t missing; - int tag_id_count; - - state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV); - - attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr; - request_id = attr_cast->get_request_id(attr_cast); - last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch); - inventory = attr_cast->get_inventory(attr_cast); - tag_id_count = inventory->get_count(inventory); - missing = attr_cast->get_tag_id_count(attr_cast); - swid_state->set_missing(swid_state, missing); - - DBG2(DBG_IMV, "received SWID tag ID inventory with %d item%s " - "for request %d at eid %d of epoch 0x%08x, %d item%s to " - "follow", tag_id_count, (tag_id_count == 1) ? "" : "s", - request_id, last_eid, eid_epoch, missing, - (missing == 1) ? "" : "s"); - - if (request_id == swid_state->get_request_id(swid_state)) - { - swid_state->set_swid_inventory(swid_state, inventory); - swid_state->set_count(swid_state, tag_id_count, 0, - in_msg->get_src_id(in_msg)); - } - else - { - DBG1(DBG_IMV, "no workitem found for SWID tag ID inventory " - "with request ID %d", request_id); - } - attr_cast->clear_inventory(attr_cast); - break; - } - case TCG_SWID_TAG_INVENTORY: - { - tcg_swid_attr_tag_inv_t *attr_cast; - swid_tag_t *tag; - chunk_t tag_encoding; - json_object *jobj, *jarray, *jstring; - char *tag_str; - uint32_t missing; - int tag_count; - enumerator_t *e; - - state->set_action_flags(state, IMV_SWID_ATTR_TAG_INV); - - attr_cast = (tcg_swid_attr_tag_inv_t*)attr; - request_id = attr_cast->get_request_id(attr_cast); - last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch); - inventory = attr_cast->get_inventory(attr_cast); - tag_count = inventory->get_count(inventory); - missing = attr_cast->get_tag_count(attr_cast); - swid_state->set_missing(swid_state, missing); - - DBG2(DBG_IMV, "received SWID tag inventory with %d item%s for " - "request %d at eid %d of epoch 0x%08x, %d item%s to follow", - tag_count, (tag_count == 1) ? "" : "s", request_id, - last_eid, eid_epoch, missing, (missing == 1) ? "" : "s"); - - if (request_id == swid_state->get_request_id(swid_state)) - { - swid_state->set_count(swid_state, 0, tag_count, - in_msg->get_src_id(in_msg)); - - if (this->rest_api) - { - jobj = json_object_new_object(); - jarray = json_object_new_array(); - json_object_object_add(jobj, "data", jarray); - - e = inventory->create_enumerator(inventory); - while (e->enumerate(e, &tag)) - { - tag_encoding = tag->get_encoding(tag); - tag_str = strndup(tag_encoding.ptr, tag_encoding.len); - DBG3(DBG_IMV, "%s", tag_str); - jstring = json_object_new_string(tag_str); - json_object_array_add(jarray, jstring); - free(tag_str); - } - e->destroy(e); - - if (this->rest_api->post(this->rest_api, - "swid/add-tags/", jobj, NULL) != SUCCESS) - { - DBG1(DBG_IMV, "error in REST API add-tags request"); - } - json_object_put(jobj); - } - } - else - { - DBG1(DBG_IMV, "no workitem found for SWID tag inventory " - "with request ID %d", request_id); - } - attr_cast->clear_inventory(attr_cast); - break; - } - default: - break; - } - } - enumerator->destroy(enumerator); - - if (fatal_error) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - result = out_msg->send_assessment(out_msg); - if (result == TNC_RESULT_SUCCESS) - { - result = this->agent->provide_recommendation(this->agent, state); - } - } - else - { - /* send PA-TNC message with the EXCL flag set */ - result = out_msg->send(out_msg, TRUE); - } - out_msg->destroy(out_msg); - - return result; -} - -METHOD(imv_agent_if_t, receive_message, TNC_Result, - private_imv_swid_agent_t *this, TNC_ConnectionID id, - TNC_MessageType msg_type, chunk_t msg) -{ - imv_state_t *state; - imv_msg_t *in_msg; - TNC_Result result; - - if (!this->agent->get_state(this->agent, id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg); - result = receive_msg(this, state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -METHOD(imv_agent_if_t, receive_message_long, TNC_Result, - private_imv_swid_agent_t *this, TNC_ConnectionID id, - TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, - TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg) -{ - imv_state_t *state; - imv_msg_t *in_msg; - TNC_Result result; - - if (!this->agent->get_state(this->agent, id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imv_msg_create_from_long_data(this->agent, state, id, - src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg); - result = receive_msg(this, state, in_msg); - in_msg->destroy(in_msg); - - return result; - -} - -METHOD(imv_agent_if_t, batch_ending, TNC_Result, - private_imv_swid_agent_t *this, TNC_ConnectionID id) -{ - imv_msg_t *out_msg; - imv_state_t *state; - imv_session_t *session; - imv_workitem_t *workitem; - imv_swid_state_t *swid_state; - imv_swid_handshake_state_t handshake_state; - pa_tnc_attr_t *attr; - TNC_IMVID imv_id; - TNC_Result result = TNC_RESULT_SUCCESS; - bool no_workitems = TRUE; - uint32_t request_id, received; - uint8_t flags; - enumerator_t *enumerator; - - if (!this->agent->get_state(this->agent, id, &state)) - { - return TNC_RESULT_FATAL; - } - swid_state = (imv_swid_state_t*)state; - handshake_state = swid_state->get_handshake_state(swid_state); - session = state->get_session(state); - imv_id = this->agent->get_id(this->agent); - - if (handshake_state == IMV_SWID_STATE_END) - { - return TNC_RESULT_SUCCESS; - } - - /* Create an empty out message - we might need it */ - out_msg = imv_msg_create(this->agent, state, id, imv_id, - swid_state->get_imc_id(swid_state), - msg_types[0]); - - if (!imcv_db) - { - DBG2(DBG_IMV, "no workitems available - no evaluation possible"); - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ALLOW, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END); - - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - return this->agent->provide_recommendation(this->agent, state); - } - - /* Look for SWID tag workitem and create SWID tag request */ - if (handshake_state == IMV_SWID_STATE_INIT && - session->get_policy_started(session)) - { - size_t max_attr_size = SWID_MAX_ATTR_SIZE; - size_t max_seg_size; - seg_contract_t *contract; - seg_contract_manager_t *contracts; - char buf[BUF_LEN]; - - enumerator = session->create_workitem_enumerator(session); - if (enumerator) - { - while (enumerator->enumerate(enumerator, &workitem)) - { - if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY || - workitem->get_type(workitem) != IMV_WORKITEM_SWID_TAGS) - { - continue; - } - - flags = TCG_SWID_ATTR_REQ_FLAG_NONE; - if (strchr(workitem->get_arg_str(workitem), 'R')) - { - flags |= TCG_SWID_ATTR_REQ_FLAG_R; - } - if (strchr(workitem->get_arg_str(workitem), 'S')) - { - flags |= TCG_SWID_ATTR_REQ_FLAG_S; - } - if (strchr(workitem->get_arg_str(workitem), 'C')) - { - flags |= TCG_SWID_ATTR_REQ_FLAG_C; - } - - /* Determine maximum PA-TNC attribute segment size */ - max_seg_size = state->get_max_msg_len(state) - - PA_TNC_HEADER_SIZE - - PA_TNC_ATTR_HEADER_SIZE - - TCG_SEG_ATTR_SEG_ENV_HEADER; - - /* Announce support of PA-TNC segmentation to IMC */ - contract = seg_contract_create(msg_types[0], max_attr_size, - max_seg_size, TRUE, imv_id, FALSE); - contract->get_info_string(contract, buf, BUF_LEN, TRUE); - DBG2(DBG_IMV, "%s", buf); - contracts = state->get_contracts(state); - contracts->add_contract(contracts, contract); - attr = tcg_seg_attr_max_size_create(max_attr_size, - max_seg_size, TRUE); - out_msg->add_attribute(out_msg, attr); - - /* Issue a SWID request */ - request_id = workitem->get_id(workitem); - swid_state->set_request_id(swid_state, request_id); - attr = tcg_swid_attr_req_create(flags, request_id, 0); - out_msg->add_attribute(out_msg, attr); - workitem->set_imv_id(workitem, imv_id); - no_workitems = FALSE; - DBG2(DBG_IMV, "IMV %d issues SWID request %d", - imv_id, request_id); - break; - } - enumerator->destroy(enumerator); - - if (no_workitems) - { - DBG2(DBG_IMV, "IMV %d has no workitems - " - "no evaluation requested", imv_id); - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ALLOW, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - } - handshake_state = IMV_SWID_STATE_WORKITEMS; - swid_state->set_handshake_state(swid_state, handshake_state); - } - } - - received = state->get_action_flags(state); - - if (handshake_state == IMV_SWID_STATE_WORKITEMS && - (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) && - swid_state->get_missing(swid_state) == 0) - { - TNC_IMV_Evaluation_Result eval; - TNC_IMV_Action_Recommendation rec; - char result_str[BUF_LEN], *error_str = "", *command; - char *target, *separator; - int tag_id_count, tag_count, i; - chunk_t tag_creator, unique_sw_id; - json_object *jrequest, *jresponse, *jvalue; - tcg_swid_attr_req_t *cast_attr; - swid_tag_id_t *tag_id; - status_t status = SUCCESS; - - if (this->rest_api && (received & IMV_SWID_ATTR_TAG_ID_INV)) - { - if (asprintf(&command, "sessions/%d/swid-measurement/", - session->get_session_id(session, NULL, NULL)) < 0) - { - error_str = "allocation of command string failed"; - status = FAILED; - } - else - { - jrequest = swid_state->get_swid_inventory(swid_state); - status = this->rest_api->post(this->rest_api, command, - jrequest, &jresponse); - if (status == FAILED) - { - error_str = "error in REST API swid-measurement request"; - } - free(command); - } - } - - switch (status) - { - case SUCCESS: - enumerator = session->create_workitem_enumerator(session); - while (enumerator->enumerate(enumerator, &workitem)) - { - if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS) - { - swid_state->get_count(swid_state, &tag_id_count, - &tag_count); - snprintf(result_str, BUF_LEN, "received inventory of " - "%d SWID tag ID%s and %d SWID tag%s", - tag_id_count, (tag_id_count == 1) ? "" : "s", - tag_count, (tag_count == 1) ? "" : "s"); - session->remove_workitem(session, enumerator); - - eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT; - rec = workitem->set_result(workitem, result_str, eval); - state->update_recommendation(state, rec, eval); - imcv_db->finalize_workitem(imcv_db, workitem); - workitem->destroy(workitem); - break; - } - } - enumerator->destroy(enumerator); - break; - case NEED_MORE: - if (received & IMV_SWID_ATTR_TAG_INV) - { - error_str = "not all requested SWID tags were received"; - status = FAILED; - json_object_put(jresponse); - break; - } - if (json_object_get_type(jresponse) != json_type_array) - { - error_str = "response was not a json_array"; - status = FAILED; - json_object_put(jresponse); - break; - } - - /* Create a TCG SWID Request attribute */ - attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE, - swid_state->get_request_id(swid_state), 0); - tag_id_count = json_object_array_length(jresponse); - DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count, - (tag_id_count == 1) ? "" : "s"); - swid_state->set_missing(swid_state, tag_id_count); - - for (i = 0; i < tag_id_count; i++) - { - jvalue = json_object_array_get_idx(jresponse, i); - if (json_object_get_type(jvalue) != json_type_string) - { - error_str = "json_string element expected in json_array"; - status = FAILED; - json_object_put(jresponse); - break; - } - target = (char*)json_object_get_string(jvalue); - DBG1(DBG_IMV, " %s", target); - - /* Separate target into tag_creator and unique_sw_id */ - separator = strstr(target, "__"); - if (!separator) - { - error_str = "separation of regid from " - "unique software ID failed"; - break; - } - tag_creator = chunk_create(target, separator - target); - separator += 2; - unique_sw_id = chunk_create(separator, strlen(target) - - tag_creator.len - 2); - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, - chunk_empty); - cast_attr = (tcg_swid_attr_req_t*)attr; - cast_attr->add_target(cast_attr, tag_id); - } - json_object_put(jresponse); - - out_msg->add_attribute(out_msg, attr); - break; - case FAILED: - default: - break; - } - - if (status == FAILED) - { - enumerator = session->create_workitem_enumerator(session); - while (enumerator->enumerate(enumerator, &workitem)) - { - if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS) - { - session->remove_workitem(session, enumerator); - eval = TNC_IMV_EVALUATION_RESULT_ERROR; - rec = workitem->set_result(workitem, error_str, eval); - state->update_recommendation(state, rec, eval); - imcv_db->finalize_workitem(imcv_db, workitem); - workitem->destroy(workitem); - break; - } - } - enumerator->destroy(enumerator); - } - } - - /* finalized all workitems ? */ - if (handshake_state == IMV_SWID_STATE_WORKITEMS && - session->get_workitem_count(session, imv_id) == 0) - { - result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END); - - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - return this->agent->provide_recommendation(this->agent, state); - } - - /* send non-empty PA-TNC message with excl flag not set */ - if (out_msg->get_attribute_count(out_msg)) - { - result = out_msg->send(out_msg, FALSE); - } - out_msg->destroy(out_msg); - - return result; -} - -METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result, - private_imv_swid_agent_t *this, TNC_ConnectionID id) -{ - imv_state_t *state; - - if (!this->agent->get_state(this->agent, id, &state)) - { - return TNC_RESULT_FATAL; - } - return this->agent->provide_recommendation(this->agent, state); -} - -METHOD(imv_agent_if_t, destroy, void, - private_imv_swid_agent_t *this) -{ - DESTROY_IF(this->rest_api); - this->agent->destroy(this->agent); - free(this); -} - -/** - * Described in header. - */ -imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id, - TNC_Version *actual_version) -{ - private_imv_swid_agent_t *this; - imv_agent_t *agent; - char *rest_api_uri; - u_int rest_api_timeout; - - agent = imv_agent_create(name, msg_types, countof(msg_types), id, - actual_version); - if (!agent) - { - return NULL; - } - agent->add_non_fatal_attr_type(agent, - pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ)); - - INIT(this, - .public = { - .bind_functions = _bind_functions, - .notify_connection_change = _notify_connection_change, - .receive_message = _receive_message, - .receive_message_long = _receive_message_long, - .batch_ending = _batch_ending, - .solicit_recommendation = _solicit_recommendation, - .destroy = _destroy, - }, - .agent = agent, - ); - - rest_api_uri = lib->settings->get_str(lib->settings, - "%s.plugins.imv-swid.rest_api_uri", NULL, lib->ns); - rest_api_timeout = lib->settings->get_int(lib->settings, - "%s.plugins.imv-swid.rest_api_timeout", 120, lib->ns); - if (rest_api_uri) - { - this->rest_api = rest_create(rest_api_uri, rest_api_timeout); - } - - return &this->public; -} - diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.h b/src/libimcv/plugins/imv_swid/imv_swid_agent.h deleted file mode 100644 index 4218040bc..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_agent.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (C) 2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup imv_swid_agent_t imv_swid_agent - * @{ @ingroup imv_swid - */ - -#ifndef IMV_SWID_AGENT_H_ -#define IMV_SWID_AGENT_H_ - -#include <imv/imv_agent_if.h> - -/** - * Creates an SWID IMV agent - * - * @param name Name of the IMV - * @param id ID of the IMV - * @param actual_version TNC IF-IMV version - */ -imv_agent_if_t* imv_swid_agent_create(const char* name, TNC_IMVID id, - TNC_Version *actual_version); - -#endif /** IMV_SWID_AGENT_H_ @}*/ diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.c b/src/libimcv/plugins/imv_swid/imv_swid_state.c deleted file mode 100644 index 50e9f489a..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_state.c +++ /dev/null @@ -1,417 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "imv_swid_state.h" - -#include <imv/imv_lang_string.h> -#include <imv/imv_reason_string.h> -#include <imv/imv_remediation_string.h> -#include <swid/swid_tag_id.h> - -#include <tncif_policy.h> - -#include <utils/lexparser.h> -#include <utils/debug.h> - -typedef struct private_imv_swid_state_t private_imv_swid_state_t; - -/** - * Private data of an imv_swid_state_t object. - */ -struct private_imv_swid_state_t { - - /** - * Public members of imv_swid_state_t - */ - imv_swid_state_t public; - - /** - * TNCCS connection ID - */ - TNC_ConnectionID connection_id; - - /** - * TNCCS connection state - */ - TNC_ConnectionState state; - - /** - * Does the TNCCS connection support long message types? - */ - bool has_long; - - /** - * Does the TNCCS connection support exclusive delivery? - */ - bool has_excl; - - /** - * Maximum PA-TNC message size for this TNCCS connection - */ - uint32_t max_msg_len; - - /** - * Flags set for completed actions - */ - uint32_t action_flags; - - /** - * IMV database session associated with TNCCS connection - */ - imv_session_t *session; - - /** - * PA-TNC attribute segmentation contracts associated with TNCCS connection - */ - seg_contract_manager_t *contracts; - - /** - * IMV action recommendation - */ - TNC_IMV_Action_Recommendation rec; - - /** - * IMV evaluation result - */ - TNC_IMV_Evaluation_Result eval; - - /** - * IMV Scanner handshake state - */ - imv_swid_handshake_state_t handshake_state; - - /** - * TNC Reason String - */ - imv_reason_string_t *reason_string; - - /** - * IETF Remediation Instructions String - */ - imv_remediation_string_t *remediation_string; - - /** - * SWID Tag Request ID - */ - uint32_t request_id; - - /** - * Number of processed SWID Tag IDs - */ - int tag_id_count; - - /** - * Number of processed SWID Tags - */ - int tag_count; - - /** - * Number of missing SWID Tags or Tag IDs - */ - uint32_t missing; - - /** - * SWID IMC ID - */ - TNC_UInt32 imc_id; - - /** - * Top level JSON object - */ - json_object *jobj; - - /** - * JSON array containing an inventory of SWID Tag IDs - */ - json_object *jarray; - -}; - -METHOD(imv_state_t, get_connection_id, TNC_ConnectionID, - private_imv_swid_state_t *this) -{ - return this->connection_id; -} - -METHOD(imv_state_t, has_long, bool, - private_imv_swid_state_t *this) -{ - return this->has_long; -} - -METHOD(imv_state_t, has_excl, bool, - private_imv_swid_state_t *this) -{ - return this->has_excl; -} - -METHOD(imv_state_t, set_flags, void, - private_imv_swid_state_t *this, bool has_long, bool has_excl) -{ - this->has_long = has_long; - this->has_excl = has_excl; -} - -METHOD(imv_state_t, set_max_msg_len, void, - private_imv_swid_state_t *this, uint32_t max_msg_len) -{ - this->max_msg_len = max_msg_len; -} - -METHOD(imv_state_t, get_max_msg_len, uint32_t, - private_imv_swid_state_t *this) -{ - return this->max_msg_len; -} - -METHOD(imv_state_t, set_action_flags, void, - private_imv_swid_state_t *this, uint32_t flags) -{ - this->action_flags |= flags; -} - -METHOD(imv_state_t, get_action_flags, uint32_t, - private_imv_swid_state_t *this) -{ - return this->action_flags; -} - -METHOD(imv_state_t, set_session, void, - private_imv_swid_state_t *this, imv_session_t *session) -{ - this->session = session; -} - -METHOD(imv_state_t, get_session, imv_session_t*, - private_imv_swid_state_t *this) -{ - return this->session; -} - -METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, - private_imv_swid_state_t *this) -{ - return this->contracts; -} - -METHOD(imv_state_t, change_state, void, - private_imv_swid_state_t *this, TNC_ConnectionState new_state) -{ - this->state = new_state; -} - -METHOD(imv_state_t, get_recommendation, void, - private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation *rec, - TNC_IMV_Evaluation_Result *eval) -{ - *rec = this->rec; - *eval = this->eval; -} - -METHOD(imv_state_t, set_recommendation, void, - private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec, - TNC_IMV_Evaluation_Result eval) -{ - this->rec = rec; - this->eval = eval; -} - -METHOD(imv_state_t, update_recommendation, void, - private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec, - TNC_IMV_Evaluation_Result eval) -{ - this->rec = tncif_policy_update_recommendation(this->rec, rec); - this->eval = tncif_policy_update_evaluation(this->eval, eval); -} - -METHOD(imv_state_t, get_reason_string, bool, - private_imv_swid_state_t *this, enumerator_t *language_enumerator, - chunk_t *reason_string, char **reason_language) -{ - return FALSE; -} - -METHOD(imv_state_t, get_remediation_instructions, bool, - private_imv_swid_state_t *this, enumerator_t *language_enumerator, - chunk_t *string, char **lang_code, char **uri) -{ - return FALSE; -} - -METHOD(imv_state_t, destroy, void, - private_imv_swid_state_t *this) -{ - json_object_put(this->jobj); - DESTROY_IF(this->session); - DESTROY_IF(this->reason_string); - DESTROY_IF(this->remediation_string); - this->contracts->destroy(this->contracts); - free(this); -} - -METHOD(imv_swid_state_t, set_handshake_state, void, - private_imv_swid_state_t *this, imv_swid_handshake_state_t new_state) -{ - this->handshake_state = new_state; -} - -METHOD(imv_swid_state_t, get_handshake_state, imv_swid_handshake_state_t, - private_imv_swid_state_t *this) -{ - return this->handshake_state; -} - -METHOD(imv_swid_state_t, set_request_id, void, - private_imv_swid_state_t *this, uint32_t request_id) -{ - this->request_id = request_id; -} - -METHOD(imv_swid_state_t, get_request_id, uint32_t, - private_imv_swid_state_t *this) -{ - return this->request_id; -} - -METHOD(imv_swid_state_t, set_swid_inventory, void, - private_imv_swid_state_t *this, swid_inventory_t *inventory) -{ - chunk_t tag_creator, sw_id; - char software_id[BUF_LEN]; - json_object *jstring; - swid_tag_id_t *tag_id; - enumerator_t *enumerator; - - enumerator = inventory->create_enumerator(inventory); - while (enumerator->enumerate(enumerator, &tag_id)) - { - /* Construct software ID from tag creator and unique software ID */ - tag_creator = tag_id->get_tag_creator(tag_id); - sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - snprintf(software_id, BUF_LEN, "%.*s__%.*s", - (int)tag_creator.len, tag_creator.ptr, - (int)sw_id.len, sw_id.ptr); - DBG3(DBG_IMV, " %s", software_id); - - /* Add software ID to JSON array */ - jstring = json_object_new_string(software_id); - json_object_array_add(this->jarray, jstring); - } - enumerator->destroy(enumerator); -} - -METHOD(imv_swid_state_t, get_swid_inventory, json_object*, - private_imv_swid_state_t *this) -{ - return this->jobj; -} - -METHOD(imv_swid_state_t, set_missing, void, - private_imv_swid_state_t *this, uint32_t count) -{ - this->missing = count; -} - -METHOD(imv_swid_state_t, get_missing, uint32_t, - private_imv_swid_state_t *this) -{ - return this->missing; -} - -METHOD(imv_swid_state_t, set_count, void, - private_imv_swid_state_t *this, int tag_id_count, int tag_count, - TNC_UInt32 imc_id) -{ - this->tag_id_count += tag_id_count; - this->tag_count += tag_count; - this->imc_id = imc_id; -} - -METHOD(imv_swid_state_t, get_count, void, - private_imv_swid_state_t *this, int *tag_id_count, int *tag_count) -{ - if (tag_id_count) - { - *tag_id_count = this->tag_id_count; - } - if (tag_count) - { - *tag_count = this->tag_count; - } -} - -METHOD(imv_swid_state_t, get_imc_id, TNC_UInt32, - private_imv_swid_state_t *this) -{ - return this->imc_id; -} - -/** - * Described in header. - */ -imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id) -{ - private_imv_swid_state_t *this; - - INIT(this, - .public = { - .interface = { - .get_connection_id = _get_connection_id, - .has_long = _has_long, - .has_excl = _has_excl, - .set_flags = _set_flags, - .set_max_msg_len = _set_max_msg_len, - .get_max_msg_len = _get_max_msg_len, - .set_action_flags = _set_action_flags, - .get_action_flags = _get_action_flags, - .set_session = _set_session, - .get_session= _get_session, - .get_contracts = _get_contracts, - .change_state = _change_state, - .get_recommendation = _get_recommendation, - .set_recommendation = _set_recommendation, - .update_recommendation = _update_recommendation, - .get_reason_string = _get_reason_string, - .get_remediation_instructions = _get_remediation_instructions, - .destroy = _destroy, - }, - .set_handshake_state = _set_handshake_state, - .get_handshake_state = _get_handshake_state, - .set_request_id = _set_request_id, - .get_request_id = _get_request_id, - .set_swid_inventory = _set_swid_inventory, - .get_swid_inventory = _get_swid_inventory, - .set_missing = _set_missing, - .get_missing = _get_missing, - .set_count = _set_count, - .get_count = _get_count, - .get_imc_id = _get_imc_id, - }, - .state = TNC_CONNECTION_STATE_CREATE, - .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, - .connection_id = connection_id, - .contracts = seg_contract_manager_create(), - .imc_id = TNC_IMCID_ANY, - .jobj = json_object_new_object(), - .jarray = json_object_new_array(), - ); - - json_object_object_add(this->jobj, "data", this->jarray); - - return &this->public.interface; -} - - diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.h b/src/libimcv/plugins/imv_swid/imv_swid_state.h deleted file mode 100644 index 5fe99ecdc..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_state.h +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright (C) 2013-2016 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup imv_swid imv_swid - * @ingroup libimcv_plugins - * - * @defgroup imv_swid_state_t imv_swid_state - * @{ @ingroup imv_swid - */ - -#ifndef IMV_SWID_STATE_H_ -#define IMV_SWID_STATE_H_ - -#include <imv/imv_state.h> -#include <swid/swid_inventory.h> -#include <library.h> - -#include <json.h> - -typedef struct imv_swid_state_t imv_swid_state_t; -typedef enum imv_swid_handshake_state_t imv_swid_handshake_state_t; - -/** - * IMV OS Handshake States (state machine) - */ -enum imv_swid_handshake_state_t { - IMV_SWID_STATE_INIT, - IMV_SWID_STATE_WORKITEMS, - IMV_SWID_STATE_END -}; - -/** - * Internal state of an imv_swid_t connection instance - */ -struct imv_swid_state_t { - - /** - * imv_state_t interface - */ - imv_state_t interface; - - /** - * Set state of the handshake - * - * @param new_state the handshake state of IMV - */ - void (*set_handshake_state)(imv_swid_state_t *this, - imv_swid_handshake_state_t new_state); - - /** - * Get state of the handshake - * - * @return the handshake state of IMV - */ - imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this); - - /** - * Set the SWID request ID - * - * @param request_id SWID request ID to be set - */ - void (*set_request_id)(imv_swid_state_t *this, uint32_t request_id); - - /** - * Get the SWID request ID - * - * @return SWID request ID - */ - uint32_t (*get_request_id)(imv_swid_state_t *this); - - /** - * Set or extend the SWID Tag ID inventory in the state - * - * @param inventory SWID Tags ID inventory to be added - */ - void (*set_swid_inventory)(imv_swid_state_t *this, swid_inventory_t *inventory); - - /** - * Get the encoding of the complete SWID Tag ID inventory - * - * @return SWID Tags ID inventory as a JSON array - */ - json_object* (*get_swid_inventory)(imv_swid_state_t *this); - - /** - * Set the number of still missing SWID Tags or Tag IDs - * - * @param count Number of missing SWID Tags or Tag IDs - */ - void (*set_missing)(imv_swid_state_t *this, uint32_t count); - - /** - * Get the number of still missing SWID Tags or Tag IDs - * - * @result Number of missing SWID Tags or Tag IDs - */ - uint32_t (*get_missing)(imv_swid_state_t *this); - - /** - * Set [or with multiple attributes increment] SWID Tag [ID] counters - * - * @param tag_id_count Number of received SWID Tag IDs - * @param tag_count Number of received SWID Tags - * @param imc_id SWID IMC ID - */ - void (*set_count)(imv_swid_state_t *this, int tag_id_count, int tag_count, - TNC_UInt32 imc_id); - - /** - * Set [or with multiple attributes increment] SWID Tag [ID] counters - * - * @param tag_id_count Number of received SWID Tag IDs - * @param tag_count Number of received SWID Tags - */ - void (*get_count)(imv_swid_state_t *this, int *tag_id_count, int *tag_count); - - /** - * Get SWID IMC ID - * - * @return SWID IMC ID - */ - TNC_UInt32 (*get_imc_id)(imv_swid_state_t *this); -}; - -/** - * Create an imv_swid_state_t instance - * - * @param id connection ID - */ -imv_state_t* imv_swid_state_create(TNC_ConnectionID id); - -#endif /** IMV_SWID_STATE_H_ @}*/ diff --git a/src/libimcv/plugins/imv_swima/Makefile.in b/src/libimcv/plugins/imv_swima/Makefile.in index e2132b576..a9c7715ec 100644 --- a/src/libimcv/plugins/imv_swima/Makefile.in +++ b/src/libimcv/plugins/imv_swima/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.c b/src/libimcv/plugins/imv_swima/imv_swima_agent.c index 1d9944200..52f1baf03 100644 --- a/src/libimcv/plugins/imv_swima/imv_swima_agent.c +++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c @@ -187,11 +187,17 @@ static TNC_Result receive_msg(private_imv_swima_agent_t *this, } description = reader->peek(reader); if (description.len) - { + { DBG1(DBG_IMV, " description: %.*s", description.len, description.ptr); } reader->destroy(reader); + if (error_code.type == PA_ERROR_SWIMA_SUBSCRIPTION_DENIED) + { + swima_state->set_subscription(swima_state, FALSE); + DBG1(DBG_IMV, "SWIMA subscription %u cleared", + swima_state->get_request_id(swima_state)); + } break; } case IETF_ATTR_SW_ID_INVENTORY: @@ -474,7 +480,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, seg_contract_t *contract; seg_contract_manager_t *contracts; swima_inventory_t *targets; - uint32_t earliest_eid = 0; + uint32_t old_request_id = 0, earliest_eid = 0; char buf[BUF_LEN]; enumerator = session->create_workitem_enumerator(session); @@ -487,7 +493,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, { continue; } - + + earliest_eid = workitem->get_arg_int(workitem); + request_id = workitem->get_id(workitem); + workitem->set_imv_id(workitem, imv_id); + no_workitems = FALSE; + old_request_id = swima_state->get_request_id(swima_state); + flags = IETF_SWIMA_ATTR_REQ_FLAG_NONE; if (strchr(workitem->get_arg_str(workitem), 'R')) { @@ -496,47 +508,57 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, if (strchr(workitem->get_arg_str(workitem), 'S')) { flags |= IETF_SWIMA_ATTR_REQ_FLAG_S; + swima_state->set_subscription(swima_state, TRUE); + if (!old_request_id) + { + DBG1(DBG_IMV, "SWIMA subscription %u requested", + request_id); + } } if (strchr(workitem->get_arg_str(workitem), 'C')) { flags |= IETF_SWIMA_ATTR_REQ_FLAG_C; + swima_state->set_subscription(swima_state, FALSE); } - earliest_eid = workitem->get_arg_int(workitem); - - /* Determine maximum PA-TNC attribute segment size */ - max_seg_size = state->get_max_msg_len(state) - - PA_TNC_HEADER_SIZE - - PA_TNC_ATTR_HEADER_SIZE - - TCG_SEG_ATTR_SEG_ENV_HEADER; - - /* Announce support of PA-TNC segmentation to IMC */ - contract = seg_contract_create(msg_types[0], max_attr_size, - max_seg_size, TRUE, imv_id, FALSE); - contract->get_info_string(contract, buf, BUF_LEN, TRUE); - DBG2(DBG_IMV, "%s", buf); - contracts = state->get_contracts(state); - contracts->add_contract(contracts, contract); - attr = tcg_seg_attr_max_size_create(max_attr_size, - max_seg_size, TRUE); - out_msg->add_attribute(out_msg, attr); - - /* Issue a SWID request */ - request_id = workitem->get_id(workitem); - swima_state->set_request_id(swima_state, request_id); - attr = ietf_swima_attr_req_create(flags, request_id); - /* Request software identifier events */ - targets = swima_inventory_create(); - targets->set_eid(targets, earliest_eid, 0); - cast_attr = (ietf_swima_attr_req_t*)attr; - cast_attr->set_targets(cast_attr, targets); - targets->destroy(targets); + if (!old_request_id) + { + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER; + + /* Announce support of PA-TNC segmentation to IMC */ + contract = seg_contract_create(msg_types[0], max_attr_size, + max_seg_size, TRUE, imv_id, FALSE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMV, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, + max_seg_size, TRUE); + out_msg->add_attribute(out_msg, attr); + } - out_msg->add_attribute(out_msg, attr); - workitem->set_imv_id(workitem, imv_id); - no_workitems = FALSE; - DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest eid %d", - imv_id, request_id, earliest_eid); + if (!old_request_id || + !swima_state->get_subscription(swima_state)) + { + /* Issue a SWID request */ + swima_state->set_request_id(swima_state, request_id); + attr = ietf_swima_attr_req_create(flags, request_id); + + /* Request software identifier events */ + targets = swima_inventory_create(); + targets->set_eid(targets, earliest_eid, 0); + cast_attr = (ietf_swima_attr_req_t*)attr; + cast_attr->set_targets(cast_attr, targets); + targets->destroy(targets); + + out_msg->add_attribute(out_msg, attr); + DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest " + "eid %d", imv_id, request_id, earliest_eid); + } break; } enumerator->destroy(enumerator); @@ -565,7 +587,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, TNC_IMV_Action_Recommendation rec; char result_str[BUF_LEN], *format = NULL, *cmd = NULL, *command; char *target_str, *error_str = ""; - int sw_id_count, tag_count, i, res; + int sw_id_count, tag_count, i, res, written; json_object *jrequest, *jresponse, *jvalue; ietf_swima_attr_req_t *cast_attr; swima_inventory_t *targets; @@ -617,16 +639,24 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, &tag_count); if (format) { - snprintf(result_str, BUF_LEN, format, + written = snprintf(result_str, BUF_LEN, format, sw_id_count, (sw_id_count == 1) ? "" : "s", tag_count, (tag_count == 1) ? "" : "s"); } else { - snprintf(result_str, BUF_LEN, "received %d SWID tag" - "%s", tag_count, (tag_count == 1) ? "" : "s"); + written = snprintf(result_str, BUF_LEN, + "received %d SWID tag%s", + tag_count, (tag_count == 1) ? "" : "s"); } + if (swima_state->get_subscription(swima_state) && + written > 0 && written < BUF_LEN) + { + snprintf(result_str + written, BUF_LEN - written, + " from subscription %u", + swima_state->get_request_id(swima_state)); + } session->remove_workitem(session, enumerator); eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT; diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.c b/src/libimcv/plugins/imv_swima/imv_swima_state.c index 03500bc2d..7d9631d3f 100644 --- a/src/libimcv/plugins/imv_swima/imv_swima_state.c +++ b/src/libimcv/plugins/imv_swima/imv_swima_state.c @@ -101,6 +101,11 @@ struct private_imv_swima_state_t { imv_remediation_string_t *remediation_string; /** + * Has a subscription been established? + */ + bool has_subscription; + + /** * SWID Tag Request ID */ uint32_t request_id; @@ -204,10 +209,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_swima_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -248,13 +257,28 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_swima_state_t *this) +{ + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_SWIMA_STATE_INIT; + this->sw_id_count = 0; + this->tag_count = 0; + this->missing = 0; + + json_object_put(this->jobj); + this->jobj = json_object_new_object(); +} + METHOD(imv_state_t, destroy, void, private_imv_swima_state_t *this) { json_object_put(this->jobj); DESTROY_IF(this->session); - DESTROY_IF(this->reason_string); - DESTROY_IF(this->remediation_string); this->contracts->destroy(this->contracts); free(this); } @@ -426,6 +450,18 @@ METHOD(imv_swima_state_t, get_imc_id, TNC_UInt32, return this->imc_id; } +METHOD(imv_swima_state_t, set_subscription, void, + private_imv_swima_state_t *this, bool set) +{ + this->has_subscription = set; +} + +METHOD(imv_swima_state_t, get_subscription, bool, + private_imv_swima_state_t *this) +{ + return this->has_subscription; +} + /** * Described in header. */ @@ -453,6 +489,7 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, @@ -467,6 +504,8 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id) .set_count = _set_count, .get_count = _get_count, .get_imc_id = _get_imc_id, + .set_subscription = _set_subscription, + .get_subscription = _get_subscription, }, .state = TNC_CONNECTION_STATE_CREATE, .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.h b/src/libimcv/plugins/imv_swima/imv_swima_state.h index 4fa32daf4..e2f805189 100644 --- a/src/libimcv/plugins/imv_swima/imv_swima_state.h +++ b/src/libimcv/plugins/imv_swima/imv_swima_state.h @@ -141,6 +141,20 @@ struct imv_swima_state_t { * @return SWID IMC ID */ TNC_UInt32 (*get_imc_id)(imv_swima_state_t *this); + + /** + * Set or clear a subscription + * + * @param set TRUE sets and FALSE clears a subscripton + */ + void (*set_subscription)(imv_swima_state_t *this, bool set); + + /** + * Get the subscription status + * + * @return TRUE if subscription is set + */ + bool (*get_subscription)(imv_swima_state_t *this); }; /** diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index b583a32c2..d9b1725d2 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -335,6 +334,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -355,8 +356,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -411,8 +410,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,8 +438,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c index c20d00bd1..fe6bf18b2 100644 --- a/src/libimcv/plugins/imv_test/imv_test_state.c +++ b/src/libimcv/plugins/imv_test/imv_test_state.c @@ -173,10 +173,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_test_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -226,6 +230,20 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_test_state_t *this) +{ + DESTROY_IF(this->reason_string); + this->reason_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->imcs->destroy_function(this->imcs, free); + this->imcs = linked_list_create(); + +} + + METHOD(imv_state_t, destroy, void, private_imv_test_state_t *this) { @@ -326,6 +344,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .add_imc = _add_imc, diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c index 3cf439f35..56bb821cd 100644 --- a/src/libimcv/pts/pts.c +++ b/src/libimcv/pts/pts.c @@ -323,7 +323,6 @@ METHOD(pts_t, set_tpm_version_info, void, private_pts_t *this, chunk_t info) { this->tpm_version_info = chunk_clone(info); - /* print_tpm_version_info(this); */ } /** diff --git a/src/libimcv/suites/test_imcv_swima.c b/src/libimcv/suites/test_imcv_swima.c index a579f7378..b3207fb93 100644 --- a/src/libimcv/suites/test_imcv_swima.c +++ b/src/libimcv/suites/test_imcv_swima.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 Andreas Steffen + * Copyright (C) 2017-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -182,7 +182,7 @@ START_TEST(test_imcv_swima_sw_req) targets = c_attr->get_targets(c_attr); ck_assert(targets->get_eid(targets, NULL) == req_data[_i].earliest_eid); - + enumerator = targets->create_enumerator(targets); ck_assert(enumerator); n = 0; @@ -268,67 +268,69 @@ static sw_inv_data_t sw_inv_data[] = { chunk_from_chars( 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD2, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, - 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, - 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, - 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, - 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, - 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, - 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74, + 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, + 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, + 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, - 0x74, 0x79, 0x3E) + 0x74, 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, + 0x61, 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, + 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, + 0x69, 0x74, 0x79, 0x3E) }, { IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd3, 0x12345678, 0x00000030, chunk_from_chars( 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD3, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, - 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, - 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, - 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00) + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74, + 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, + 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, + 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, + 0x00) }, { IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd4, 0x12345678, 0x00000034, chunk_from_chars( 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD4, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, - 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, - 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, - 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, - 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, - 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, - 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74, + 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, + 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, + 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, - 0x74, 0x79, 0x3E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, - 0x19, 0x11, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, - 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, - 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, - 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, - 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, - 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, - 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x20, 0x74, - 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x64, 0x65, 0x66, 0x22, - 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, - 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x3E) + 0x74, 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, + 0x61, 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, + 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, + 0x69, 0x74, 0x79, 0x3E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, + 0x2A, 0x19, 0x11, 0x00, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, + 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, + 0x5F, 0x36, 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, + 0x31, 0x61, 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, + 0x61, 0x65, 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, + 0x30, 0x61, 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, + 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, + 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x64, 0x65, + 0x66, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, + 0x79, 0x3E) }, { IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd5, 0x12345678, 0x00000034, chunk_from_chars( 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD5, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, - 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, - 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, - 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, 0x19, 0x11, 0x00, - 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, - 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, 0x32, 0x32, 0x35, - 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, 0x30, 0x31, 0x2D, - 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, 0x61, 0x36, 0x2D, - 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, 0x62, 0x31, 0x66, - 0x31, 0x61, 0x00, 0x00) + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74, + 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, + 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, + 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, 0x19, 0x11, + 0x00, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, + 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, 0x32, + 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, 0x30, + 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, 0x61, + 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, 0x62, + 0x31, 0x66, 0x31, 0x61, 0x00, 0x00) } }; @@ -351,7 +353,7 @@ START_TEST(test_imcv_swima_inv) sw_id_only); sw_inv = swima_inventory_create(); - sw_inv->set_eid(sw_inv, sw_inv_data[_i].last_eid, sw_inv_data[_i].eid_epoch); + sw_inv->set_eid(sw_inv, sw_inv_data[_i].last_eid, sw_inv_data[_i].eid_epoch); for (n = 0; n < _i/2; n++) { sw_id = chunk_from_str(sw_id_str[n]); @@ -445,15 +447,17 @@ END_TEST * 23 data_model_type * 24 segment 5 - 1 octet * 24 source_id - * 25 sw_id - * 26 segment 6 - 2 octets - * 58 sw_locator - * 59 segment 7 - 33 octets - * 60 record - * 62 segment 8 - 3 octets - * 113 sw record 2 - * 114 segment 9 - 52 octets - * 230 segment 10 - 116 octets + * 25 segment 6 - 1 octet + * 25 reserved + * 26 sw_id + * 27 segment 7 - 2 octets + * 59 sw_locator + * 60 segment 8 - 33 octets + * 61 record + * 63 segment 9 - 3 octets + * 114 sw record 2 + * 115 segment 10 - 52 octets + * 231 segment 11 - 117 octets */ START_TEST(test_imcv_swima_sw_inv_trunc) @@ -509,26 +513,32 @@ START_TEST(test_imcv_swima_sw_inv_trunc) attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == NEED_MORE); - /* Segment 6 truncates sw_id */ + /* Segment 6 truncates reserved */ data = chunk_skip(sw_inv_data[4].value, 24); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 7 truncates sw_id */ + data = chunk_skip(sw_inv_data[4].value, 25); data.len = 2; attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == NEED_MORE); - /* Segment 7 truncates sw_locator */ - data = chunk_skip(sw_inv_data[4].value, 26); + /* Segment 8 truncates sw_locator */ + data = chunk_skip(sw_inv_data[4].value, 27); data.len = 33; attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == NEED_MORE); - /* Segment 8 truncates record */ - data = chunk_skip(sw_inv_data[4].value, 59); + /* Segment 9 truncates record */ + data = chunk_skip(sw_inv_data[4].value, 60); data.len = 3; attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == NEED_MORE); - /* Segment 9 truncates second sw_record */ - data = chunk_skip(sw_inv_data[4].value, 62); + /* Segment 10 truncates second sw_record */ + data = chunk_skip(sw_inv_data[4].value, 63); data.len = 52; attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == SUCCESS); @@ -539,9 +549,9 @@ START_TEST(test_imcv_swima_sw_inv_trunc) ck_assert(sw_inv->get_count(sw_inv) == 1); c_attr->clear_inventory(c_attr); - /* Segment 10 truncates second sw_record */ - data = chunk_skip(sw_inv_data[4].value, 114); - data.len = 116; + /* Segment 11 truncates second sw_record */ + data = chunk_skip(sw_inv_data[4].value, 115); + data.len = 117; attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == SUCCESS); @@ -626,7 +636,7 @@ static sw_ev_data_t sw_ev_data[] = { 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, @@ -644,7 +654,7 @@ static sw_ev_data_t sw_ev_data[] = { 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00) @@ -656,7 +666,7 @@ static sw_ev_data_t sw_ev_data[] = { 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, @@ -688,7 +698,7 @@ static sw_ev_data_t sw_ev_data[] = { 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, @@ -827,8 +837,8 @@ END_TEST * * 0 constant header * 16 segment 1 - 16 octets - * 20 eid - * 22 segment 2 - 6 octets + * 20 eid + * 22 segment 2 - 6 octets * 24 timestamp * 26 segment 3 - 4 octets * 44 record_id diff --git a/src/libimcv/swid/swid_error.c b/src/libimcv/swid/swid_error.c deleted file mode 100644 index 7c7427fb1..000000000 --- a/src/libimcv/swid/swid_error.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (C) 2011 Sansar Choinyambuu - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "swid_error.h" - -#include <bio/bio_writer.h> -#include <ietf/ietf_attr_pa_tnc_error.h> - -ENUM(swid_error_code_names, TCG_SWID_ERROR, TCG_SWID_RESPONSE_TOO_LARGE, - "SWID Error", - "SWID Subscription Denied", - "SWID Response Too Large" -); - -/** - * Described in header. - */ -pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request_id, - uint32_t max_attr_size, char *description) -{ - bio_writer_t *writer; - chunk_t msg_info; - pa_tnc_attr_t *attr; - pen_type_t error_code; - - error_code = pen_type_create( PEN_TCG, code); - writer = bio_writer_create(4); - writer->write_uint32(writer, request_id); - if (code == TCG_SWID_RESPONSE_TOO_LARGE) - { - writer->write_uint32(writer, max_attr_size); - } - if (description) - { - writer->write_data(writer, chunk_from_str(description)); - } - msg_info = writer->get_buf(writer); - attr = ietf_attr_pa_tnc_error_create(error_code, msg_info); - writer->destroy(writer); - - return attr; -} - diff --git a/src/libimcv/swid/swid_error.h b/src/libimcv/swid/swid_error.h deleted file mode 100644 index 2ed099186..000000000 --- a/src/libimcv/swid/swid_error.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (C) 2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup swid_error swid_error - * @{ @ingroup libimcv_swid - */ - -#ifndef SWID_ERROR_H_ -#define SWID_ERROR_H_ - -typedef enum swid_error_code_t swid_error_code_t; - -#include "pa_tnc/pa_tnc_attr.h" - -#include <library.h> - - -/** - * SWID Error Codes - * see section 3.14.2 of PTS Protocol: Binding to TNC IF-M Specification - */ -enum swid_error_code_t { - TCG_SWID_ERROR = 0x20, - TCG_SWID_SUBSCRIPTION_DENIED = 0x21, - TCG_SWID_RESPONSE_TOO_LARGE = 0x22 -}; - -/** - * enum name for swid_error_code_t. - */ -extern enum_name_t *swid_error_code_names; - -/** - * Creates a SWID Error Attribute - * see section 4.12 of TNC SWID Message and Attributes for IF-M - * - * @param code SWID error code - * @param request SWID request ID - * @param max_attr_size Maximum IF-M attribute size (if applicable) - * @param description Optional description string or NULL - */ -pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request, - uint32_t max_attr_size, char *description); - -#endif /** SWID_ERROR_H_ @}*/ diff --git a/src/libimcv/swid/swid_inventory.c b/src/libimcv/swid/swid_inventory.c deleted file mode 100644 index 5f6e50cb7..000000000 --- a/src/libimcv/swid/swid_inventory.c +++ /dev/null @@ -1,342 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "swid_inventory.h" -#include "swid_tag.h" -#include "swid_tag_id.h" -#include "swid_gen/swid_gen.h" - -#include <collections/linked_list.h> -#include <utils/lexparser.h> -#include <utils/debug.h> - -#include <stdio.h> -#include <fcntl.h> -#include <unistd.h> -#include <sys/stat.h> -#include <libgen.h> -#include <errno.h> - -typedef struct private_swid_inventory_t private_swid_inventory_t; - -/** - * Private data of a swid_inventory_t object. - * - */ -struct private_swid_inventory_t { - - /** - * Public swid_inventory_t interface. - */ - swid_inventory_t public; - - /** - * Full SWID tags or just SWID tag IDs - */ - bool full_tags; - - /** - * List of SWID tags or tag IDs - */ - linked_list_t *list; -}; - -static status_t generate_tags(private_swid_inventory_t *this, - swid_inventory_t *targets, bool pretty, bool full) -{ - swid_gen_t *swid_gen; - swid_tag_t *tag; - swid_tag_id_t *tag_id; - enumerator_t *enumerator; - status_t status = SUCCESS; - chunk_t out; - - swid_gen = swid_gen_create(); - - if (targets->get_count(targets) == 0) - { - DBG2(DBG_IMC, "SWID tag%s generation by package manager", - this->full_tags ? "" : " ID"); - - enumerator = swid_gen->create_tag_enumerator(swid_gen, !this->full_tags, - full, pretty); - if (enumerator) - { - while (enumerator->enumerate(enumerator, &out)) - { - if (this->full_tags) - { - chunk_t swid_tag = out; - - tag = swid_tag_create(swid_tag, chunk_empty); - this->list->insert_last(this->list, tag); - } - else - { - chunk_t tag_creator, sw_id = out; - - if (extract_token_str(&tag_creator, "__", &sw_id)) - { - tag_id = swid_tag_id_create(tag_creator, sw_id, - chunk_empty); - this->list->insert_last(this->list, tag_id); - } - else - { - DBG1(DBG_IMC, "separation of regid from unique " - "software ID failed"); - status = FAILED; - chunk_free(&out); - break; - } - } - chunk_free(&out); - } - enumerator->destroy(enumerator); - } - else - { - status = NOT_SUPPORTED; - } - } - else if (this->full_tags) - { - DBG2(DBG_IMC, "targeted SWID tag generation"); - - enumerator = targets->create_enumerator(targets); - while (enumerator->enumerate(enumerator, &tag_id)) - { - char software_id[BUF_LEN], *swid_tag; - chunk_t tag_creator, sw_id; - - /* Construct software ID from tag creator and unique software ID */ - tag_creator = tag_id->get_tag_creator(tag_id); - sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - snprintf(software_id, BUF_LEN, "%.*s__%.*s", - (int)tag_creator.len, tag_creator.ptr, - (int)sw_id.len, sw_id.ptr); - - swid_tag = swid_gen->generate_tag(swid_gen, software_id, NULL, NULL, - full, pretty); - if (swid_tag) - { - tag = swid_tag_create(chunk_from_str(swid_tag), chunk_empty); - this->list->insert_last(this->list, tag); - free(swid_tag); - } - } - enumerator->destroy(enumerator); - } - swid_gen->destroy(swid_gen); - - return status; -} - -static bool collect_tags(private_swid_inventory_t *this, char *pathname, - swid_inventory_t *targets, bool is_swidtag_dir) -{ - char *rel_name, *abs_name; - struct stat st; - bool success = FALSE; - enumerator_t *enumerator; - - enumerator = enumerator_create_directory(pathname); - if (!enumerator) - { - DBG1(DBG_IMC, "directory '%s' can not be opened, %s", - pathname, strerror(errno)); - return FALSE; - } - if (is_swidtag_dir) - { - DBG2(DBG_IMC, "entering %s", pathname); - } - - while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st)) - { - char *separator, *suffix; - chunk_t tag_creator; - chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty; - - if (S_ISDIR(st.st_mode)) - { - if (!collect_tags(this, abs_name, targets, is_swidtag_dir || - streq(rel_name, "swidtag"))) - { - goto end; - } - continue; - } - if (!is_swidtag_dir) - { - continue; - } - - /* found a swidtag file? */ - suffix = strstr(rel_name, ".swidtag"); - if (!suffix) - { - continue; - } - - /* parse the swidtag filename into its components */ - separator = strstr(rel_name, "__"); - if (!separator) - { - DBG1(DBG_IMC, " %s", rel_name); - DBG1(DBG_IMC, " '__' separator not found"); - goto end; - } - tag_creator = chunk_create(rel_name, separator-rel_name); - - unique_sw_id = chunk_create(separator+2, suffix-separator-2); - tag_file_path = chunk_from_str(abs_name); - - /* In case of a targeted request */ - if (targets->get_count(targets)) - { - chunk_t target_unique_sw_id, target_tag_creator; - enumerator_t *target_enumerator; - swid_tag_id_t *tag_id; - bool match = FALSE; - - target_enumerator = targets->create_enumerator(targets); - while (target_enumerator->enumerate(target_enumerator, &tag_id)) - { - target_unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - target_tag_creator = tag_id->get_tag_creator(tag_id); - - if (chunk_equals(target_unique_sw_id, unique_sw_id) && - chunk_equals(target_tag_creator, tag_creator)) - { - match = TRUE; - break; - } - } - target_enumerator->destroy(target_enumerator); - - if (!match) - { - continue; - } - } - DBG2(DBG_IMC, " %s", rel_name); - - if (this->full_tags) - { - swid_tag_t *tag; - chunk_t *xml_tag; - - xml_tag = chunk_map(abs_name, FALSE); - if (!xml_tag) - { - DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name, - strerror(errno)); - goto end; - } - - tag = swid_tag_create(*xml_tag, tag_file_path); - this->list->insert_last(this->list, tag); - chunk_unmap(xml_tag); - } - else - { - swid_tag_id_t *tag_id; - - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path); - this->list->insert_last(this->list, tag_id); - } - } - success = TRUE; - -end: - enumerator->destroy(enumerator); - if (is_swidtag_dir) - { - DBG2(DBG_IMC, "leaving %s", pathname); - } - - return success; -} - -METHOD(swid_inventory_t, collect, bool, - private_swid_inventory_t *this, char *directory, swid_inventory_t *targets, - bool pretty, bool full) -{ - /** - * Tags are generated by a package manager - */ - generate_tags(this, targets, pretty, full); - - /** - * Collect swidtag files by iteratively entering all directories in - * the tree under the "directory" path. - */ - return collect_tags(this, directory, targets, FALSE); -} - -METHOD(swid_inventory_t, add, void, - private_swid_inventory_t *this, void *item) -{ - this->list->insert_last(this->list, item); -} - -METHOD(swid_inventory_t, get_count, int, - private_swid_inventory_t *this) -{ - return this->list->get_count(this->list); -} - -METHOD(swid_inventory_t, create_enumerator, enumerator_t*, - private_swid_inventory_t *this) -{ - return this->list->create_enumerator(this->list); -} - -METHOD(swid_inventory_t, destroy, void, - private_swid_inventory_t *this) -{ - if (this->full_tags) - { - this->list->destroy_offset(this->list, offsetof(swid_tag_t, destroy)); - } - else - { - this->list->destroy_offset(this->list, offsetof(swid_tag_id_t, destroy)); - } - free(this); -} - -/** - * See header - */ -swid_inventory_t *swid_inventory_create(bool full_tags) -{ - private_swid_inventory_t *this; - - INIT(this, - .public = { - .collect = _collect, - .add = _add, - .get_count = _get_count, - .create_enumerator = _create_enumerator, - .destroy = _destroy, - }, - .full_tags = full_tags, - .list = linked_list_create(), - ); - - return &this->public; -} diff --git a/src/libimcv/swid/swid_inventory.h b/src/libimcv/swid/swid_inventory.h deleted file mode 100644 index ba2518e26..000000000 --- a/src/libimcv/swid/swid_inventory.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup swid_inventory swid_inventory - * @{ @ingroup libimcv_swid - */ - -#ifndef SWID_INVENTORY_H_ -#define SWID_INVENTORY_H_ - -#include <library.h> - -/* Maximum size of a SWID Tag Inventory: 100 MB */ -#define SWID_MAX_ATTR_SIZE 100000000 - -typedef struct swid_inventory_t swid_inventory_t; - -/** - * Class managing SWID tag inventory - */ -struct swid_inventory_t { - - /** - * Collect the SWID tags stored on the endpoint - * - * @param directory SWID directory path - * @param targets List of target tag IDs - * @param pretty Generate indented XML SWID tags - * @param full Include file information in SWID tags - * @return TRUE if successful - */ - bool (*collect)(swid_inventory_t *this, char *directory, - swid_inventory_t *targets, bool pretty, bool full); - - /** - * Collect the SWID tags stored on the endpoint - * - * @param item SWID tag or tag ID to be added - */ - void (*add)(swid_inventory_t *this, void *item); - - /** - * Get the number of collected SWID tags - * - * @return Number of collected SWID tags - */ - int (*get_count)(swid_inventory_t *this); - - /** - * Create a SWID tag inventory enumerator - * - * @return Enumerator returning either tag ID or full tag - */ - enumerator_t* (*create_enumerator)(swid_inventory_t *this); - - /** - * Destroys a swid_inventory_t object. - */ - void (*destroy)(swid_inventory_t *this); - -}; - -/** - * Creates a swid_inventory_t object - * - * @param full_tags TRUE if full tags, FALSE if tag IDs only - */ -swid_inventory_t* swid_inventory_create(bool full_tags); - -#endif /** SWID_INVENTORY_H_ @}*/ diff --git a/src/libimcv/swid/swid_tag.c b/src/libimcv/swid/swid_tag.c deleted file mode 100644 index c77c75700..000000000 --- a/src/libimcv/swid/swid_tag.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "swid_tag.h" - -typedef struct private_swid_tag_t private_swid_tag_t; - -/** - * Private data of a swid_tag_t object. - * - */ -struct private_swid_tag_t { - - /** - * Public swid_tag_t interface. - */ - swid_tag_t public; - - /** - * UTF-8 XML encoding of SWID tag - */ - chunk_t encoding; - - /** - * Optional Tag Identifier Instance ID - */ - chunk_t instance_id; - - /** - * Reference count - */ - refcount_t ref; -}; - -METHOD(swid_tag_t, get_encoding, chunk_t, - private_swid_tag_t *this) -{ - return this->encoding; -} - -METHOD(swid_tag_t, get_instance_id, chunk_t, - private_swid_tag_t *this) -{ - return this->instance_id; -} - -METHOD(swid_tag_t, get_ref, swid_tag_t*, - private_swid_tag_t *this) -{ - ref_get(&this->ref); - return &this->public; -} - -METHOD(swid_tag_t, destroy, void, - private_swid_tag_t *this) -{ - if (ref_put(&this->ref)) - { - free(this->encoding.ptr); - free(this->instance_id.ptr); - free(this); - } -} - -/** - * See header - */ -swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t instance_id) -{ - private_swid_tag_t *this; - - INIT(this, - .public = { - .get_encoding = _get_encoding, - .get_instance_id = _get_instance_id, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .encoding = chunk_clone(encoding), - .ref = 1, - ); - - if (instance_id.len > 0) - { - this->instance_id = chunk_clone(instance_id); - } - - return &this->public; -} - diff --git a/src/libimcv/swid/swid_tag.h b/src/libimcv/swid/swid_tag.h deleted file mode 100644 index 22c14b1aa..000000000 --- a/src/libimcv/swid/swid_tag.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup swid_tag swid_tag - * @{ @ingroup libimcv_swid - */ - -#ifndef SWID_TAG_H_ -#define SWID_TAG_H_ - -#include <library.h> - -typedef struct swid_tag_t swid_tag_t; - - -/** - * Class storing a SWID Tag - */ -struct swid_tag_t { - - /** - * Get UTF-8 XML encoding of SWID tag - * - * @return XML encoding of SWID tag - */ - chunk_t (*get_encoding)(swid_tag_t *this); - - /** - * Get the optional Tag Identifier Instance ID - * - * @return Optional Tag Identifier Instance ID - */ - chunk_t (*get_instance_id)(swid_tag_t *this); - - /** - * Get a new reference to the swid_tag object - * - * @return this, with an increased refcount - */ - swid_tag_t* (*get_ref)(swid_tag_t *this); - - /** - * Destroys a swid_tag_t object. - */ - void (*destroy)(swid_tag_t *this); - -}; - -/** - * Creates a swid_tag_t object - * - * @param encoding XML encoding of SWID tag - * @param instance_id Tag Identifier Instance ID or empty chunk - */ -swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t instance_id); - -#endif /** SWID_TAG_H_ @}*/ diff --git a/src/libimcv/swid/swid_tag_id.c b/src/libimcv/swid/swid_tag_id.c deleted file mode 100644 index 2dc6e3141..000000000 --- a/src/libimcv/swid/swid_tag_id.c +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "swid_tag_id.h" - -typedef struct private_swid_tag_id_t private_swid_tag_id_t; - -/** - * Private data of a swid_tag_id_t object. - * - */ -struct private_swid_tag_id_t { - - /** - * Public swid_tag_id_t interface. - */ - swid_tag_id_t public; - - /** - * Tag Creator - */ - chunk_t tag_creator; - - /** - * Unique Software ID - */ - chunk_t unique_sw_id; - - /** - * Optional Tag Identifier Instance ID - */ - chunk_t instance_id; - - /** - * Reference count - */ - refcount_t ref; -}; - -METHOD(swid_tag_id_t, get_tag_creator, chunk_t, - private_swid_tag_id_t *this) -{ - return this->tag_creator; -} - -METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t, - private_swid_tag_id_t *this, chunk_t *instance_id) -{ - if (instance_id) - { - *instance_id = this->instance_id; - } - return this->unique_sw_id; -} - -METHOD(swid_tag_id_t, get_ref, swid_tag_id_t*, - private_swid_tag_id_t *this) -{ - ref_get(&this->ref); - return &this->public; -} - -METHOD(swid_tag_id_t, destroy, void, - private_swid_tag_id_t *this) -{ - if (ref_put(&this->ref)) - { - free(this->tag_creator.ptr); - free(this->unique_sw_id.ptr); - free(this->instance_id.ptr); - free(this); - } -} - -/** - * See header - */ -swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id, - chunk_t instance_id) -{ - private_swid_tag_id_t *this; - - INIT(this, - .public = { - .get_tag_creator = _get_tag_creator, - .get_unique_sw_id = _get_unique_sw_id, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .tag_creator = chunk_clone(tag_creator), - .unique_sw_id = chunk_clone(unique_sw_id), - .ref = 1, - ); - - if (instance_id.len > 0) - { - this->instance_id = chunk_clone(instance_id); - } - - return &this->public; -} - diff --git a/src/libimcv/swid/swid_tag_id.h b/src/libimcv/swid/swid_tag_id.h deleted file mode 100644 index a2be290ae..000000000 --- a/src/libimcv/swid/swid_tag_id.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup swid_tag_id swid_tag_id - * @{ @ingroup libimcv_swid - */ - -#ifndef SWID_TAG_ID_H_ -#define SWID_TAG_ID_H_ - -#include <library.h> - -typedef struct swid_tag_id_t swid_tag_id_t; - - -/** - * Class storing a SWID Tag ID - */ -struct swid_tag_id_t { - - /** - * Get the Tag Creator - * - * @return Tag Creator - */ - chunk_t (*get_tag_creator)(swid_tag_id_t *this); - - /** - * Get the Unique Software ID and optional Tag File Path - * - * @param instance_id Optional Tag Identifier Instance ID - * @return Unique Software ID - */ - chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *instance_id); - - /** - * Get a new reference to the swid_tag_id object - * - * @return this, with an increased refcount - */ - swid_tag_id_t* (*get_ref)(swid_tag_id_t *this); - - /** - * Destroys a swid_tag_id_t object. - */ - void (*destroy)(swid_tag_id_t *this); - -}; - -/** - * Creates a swid_tag_id_t object - * - * @param tag_creator Tag Creator - * @param unique_sw_id Unique Software ID - * @param instance_id Tag Identifier Instance ID or empty chunk - */ -swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id, - chunk_t instance_id); - -#endif /** SWID_TAG_ID_H_ @}*/ diff --git a/src/libimcv/swima/swima_collector.c b/src/libimcv/swima/swima_collector.c index 096093b01..d2b50616f 100644 --- a/src/libimcv/swima/swima_collector.c +++ b/src/libimcv/swima/swima_collector.c @@ -13,6 +13,8 @@ * for more details. */ +#define _GNU_SOURCE /* for asprintf() */ + #include "swima_collector.h" #include <swid_gen/swid_gen.h> @@ -319,7 +321,7 @@ static status_t generate_tags(private_swima_collector_t *this, static bool collect_tags(private_swima_collector_t *this, char *pathname, swima_inventory_t *targets, bool is_swidtag_dir) { - char *rel_name, *abs_name, *suffix, *pos; + char *rel_name, *abs_name, *suffix, *pos, *uri; chunk_t *swid_tag, sw_id, sw_locator; swima_record_t *sw_record; struct stat st; @@ -433,8 +435,12 @@ static bool collect_tags(private_swima_collector_t *this, char *pathname, } DBG2(DBG_IMC, " %s", rel_name); + sw_locator = chunk_empty; pos = strstr(pathname, "/swidtag"); - sw_locator = pos ? chunk_create(pathname, pos - pathname) : chunk_empty; + if (pos && asprintf(&uri, "file://%.*s", pos - pathname, pathname) > 0) + { + sw_locator = chunk_from_str(uri); + } sw_record = swima_record_create(0, sw_id, sw_locator); sw_record->set_source_id(sw_record, SOURCE_ID_COLLECTOR); if (!this->sw_id_only) @@ -442,8 +448,10 @@ static bool collect_tags(private_swima_collector_t *this, char *pathname, sw_record->set_record(sw_record, *swid_tag); } this->inventory->add(this->inventory, sw_record); + chunk_unmap(swid_tag); chunk_free(&sw_id); + chunk_free(&sw_locator); } success = TRUE; diff --git a/src/libimcv/swima/swima_data_model.c b/src/libimcv/swima/swima_data_model.c index f444724c1..f38d92145 100644 --- a/src/libimcv/swima/swima_data_model.c +++ b/src/libimcv/swima/swima_data_model.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 Andreas Steffen + * Copyright (C) 2017-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -19,10 +19,10 @@ * ISO/IEC 19770-2-2015: Information Technology - Software Asset Management - * Part 2: Software Identification Tag */ -pen_type_t swima_data_model_iso_2015_swid_xml = { PEN_IETF, 1 }; +pen_type_t swima_data_model_iso_2015_swid_xml = { PEN_IETF, 0 }; /** * ISO/IEC 19770-2-2009: Information Technology - Software Asset Management - * Part 2: Software Identification Tag */ -pen_type_t swima_data_model_iso_2009_swid_xml = { PEN_IETF, 2 }; +pen_type_t swima_data_model_iso_2009_swid_xml = { PEN_IETF, 1 }; diff --git a/src/libimcv/swima/swima_event.h b/src/libimcv/swima/swima_event.h index fe69d6aad..7391f3e9f 100644 --- a/src/libimcv/swima/swima_event.h +++ b/src/libimcv/swima/swima_event.h @@ -25,6 +25,7 @@ #include <library.h> +#define SWIMA_EVENT_ACTION_NONE 0 #define SWIMA_EVENT_ACTION_CREATION 1 #define SWIMA_EVENT_ACTION_DELETION 2 #define SWIMA_EVENT_ACTION_ALTERATION 3 diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c index d8acf0625..60e969a1c 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -165,6 +165,7 @@ METHOD(pa_tnc_attr_t, process, status_t, if (this->value.len < PTS_REQ_FILE_META_SIZE) { DBG1(DBG_TNC, "insufficient data for Request File Metadata"); + return FAILED; } reader = bio_reader_create(this->value); diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c index 9438fa062..c704e7d38 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -261,8 +261,9 @@ static const int tm_leap_1970 = 477; */ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time) { - int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec, tm_secs; + int tm_year, tm_mon, tm_day, tm_hour, tm_min, tm_sec; int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap; + time_t tm_days, tm_secs; char buf[BUF_LEN]; if (memeq(utc_undefined_time_str, utc_time.ptr, utc_time.len)) @@ -278,12 +279,24 @@ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time) } /* representation of months as 0..11 */ + if (tm_mon < 1 || tm_mon > 12) + { + return FALSE; + } tm_mon--; /* representation of days as 0..30 */ + if (tm_day < 1 || tm_day > 31) + { + return FALSE; + } tm_day--; /* number of leap years between last year and 1970? */ + if (tm_year < 1970) + { + return FALSE; + } tm_leap_4 = (tm_year - 1) / 4; tm_leap_100 = tm_leap_4 / 25; tm_leap_400 = tm_leap_100 / 4; @@ -325,6 +338,7 @@ METHOD(pa_tnc_attr_t, process, status_t, if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE) { DBG1(DBG_TNC, "insufficient data for Simple Component Evidence"); + return FAILED; } reader = bio_reader_create(this->value); diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c index 267c85776..ea175bdfe 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c @@ -71,7 +71,7 @@ enum pts_simple_evid_final_flag_t { /** TPM PCR Composite and TPM Quote Signature not included */ PTS_SIMPLE_EVID_FINAL_NO = 0x00, /** TPM Quote Info and TPM Quite Signature included - * using TPM 2.0 Quote Info format */ + * using TPM 2.0 Quote Info format */ PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2 = 0x10, /** Evidence Signature included */ PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20, @@ -208,7 +208,7 @@ METHOD(pa_tnc_attr_t, build, void, return; } - quote_mode = this->quote_info->get_quote_mode(this->quote_info); + quote_mode = this->quote_info->get_quote_mode(this->quote_info); switch (quote_mode) { case TPM_QUOTE: @@ -258,7 +258,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data16(writer, version_info); writer->write_data16(writer, pcr_select); } - + if (quote_mode != TPM_QUOTE_NONE) { writer->write_data32(writer, this->quote_sig); @@ -377,7 +377,7 @@ METHOD(pa_tnc_attr_t, process, status_t, this->quote_info->set_version_info(this->quote_info, version_info); } - + if (quote_mode != TPM_QUOTE_NONE) { if (!reader->read_data32(reader, "e_sig)) diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c deleted file mode 100644 index be35ee49d..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.c +++ /dev/null @@ -1,351 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "tcg_swid_attr_req.h" - -#include "swid/swid_tag_id.h" - -#include <pa_tnc/pa_tnc_msg.h> -#include <bio/bio_writer.h> -#include <bio/bio_reader.h> -#include <utils/debug.h> -#include <collections/linked_list.h> - -typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t; - -/** - * SWID Request - * see section 4.7 of TCG TNC SWID Message and Attributes for IF-M - * - * 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * |C|S|R| Reserved| Tag ID Count | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Request ID | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Earliest EID | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Tag Creator Length | Tag Creator (variable length) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Unique Software ID Length |Unique Software ID (var length)| - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ - -#define SWID_REQ_RESERVED_MASK 0xE0 - -/** - * Private data of an tcg_swid_attr_req_t object. - */ -struct private_tcg_swid_attr_req_t { - - /** - * Public members of tcg_swid_attr_req_t - */ - tcg_swid_attr_req_t public; - - /** - * Vendor-specific attribute type - */ - pen_type_t type; - - /** - * Length of attribute value - */ - size_t length; - - - /** - * Attribute value or segment - */ - chunk_t value; - - /** - * Noskip flag - */ - bool noskip_flag; - - /** - * SWID request flags - */ - uint8_t flags; - - /** - * Request ID - */ - uint32_t request_id; - - /** - * Earliest EID - */ - uint32_t earliest_eid; - - /** - * List of Target Tag Identifiers - */ - swid_inventory_t *targets; - - /** - * Reference count - */ - refcount_t ref; -}; - -METHOD(pa_tnc_attr_t, get_type, pen_type_t, - private_tcg_swid_attr_req_t *this) -{ - return this->type; -} - -METHOD(pa_tnc_attr_t, get_value, chunk_t, - private_tcg_swid_attr_req_t *this) -{ - return this->value; -} - -METHOD(pa_tnc_attr_t, get_noskip_flag, bool, - private_tcg_swid_attr_req_t *this) -{ - return this->noskip_flag; -} - -METHOD(pa_tnc_attr_t, set_noskip_flag,void, - private_tcg_swid_attr_req_t *this, bool noskip) -{ - this->noskip_flag = noskip; -} - -METHOD(pa_tnc_attr_t, build, void, - private_tcg_swid_attr_req_t *this) -{ - bio_writer_t *writer; - chunk_t tag_creator, unique_sw_id; - swid_tag_id_t *tag_id; - enumerator_t *enumerator; - - if (this->value.ptr) - { - return; - } - - writer = bio_writer_create(TCG_SWID_REQ_MIN_SIZE); - writer->write_uint8 (writer, this->flags); - writer->write_uint24(writer, this->targets->get_count(this->targets)); - writer->write_uint32(writer, this->request_id); - writer->write_uint32(writer, this->earliest_eid); - - enumerator = this->targets->create_enumerator(this->targets); - while (enumerator->enumerate(enumerator, &tag_id)) - { - tag_creator = tag_id->get_tag_creator(tag_id); - unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - writer->write_data16(writer, tag_creator); - writer->write_data16(writer, unique_sw_id); - } - enumerator->destroy(enumerator); - - this->value = writer->extract_buf(writer); - this->length = this->value.len; - writer->destroy(writer); -} - -METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_swid_attr_req_t *this, uint32_t *offset) -{ - bio_reader_t *reader; - uint32_t tag_id_count; - chunk_t tag_creator, unique_sw_id; - swid_tag_id_t *tag_id; - - *offset = 0; - - if (this->value.len < this->length) - { - return NEED_MORE; - } - if (this->value.len < TCG_SWID_REQ_MIN_SIZE) - { - DBG1(DBG_TNC, "insufficient data for SWID Request"); - return FAILED; - } - - reader = bio_reader_create(this->value); - reader->read_uint8 (reader, &this->flags); - reader->read_uint24(reader, &tag_id_count); - reader->read_uint32(reader, &this->request_id); - reader->read_uint32(reader, &this->earliest_eid); - - if (this->request_id == 0) - { - *offset = 4; - return FAILED; - } - *offset = TCG_SWID_REQ_MIN_SIZE; - - this->flags &= SWID_REQ_RESERVED_MASK; - - while (tag_id_count--) - { - if (!reader->read_data16(reader, &tag_creator)) - { - DBG1(DBG_TNC, "insufficient data for Tag Creator field"); - reader->destroy(reader); - return FAILED; - } - *offset += 2 + tag_creator.len; - - if (!reader->read_data16(reader, &unique_sw_id)) - { - DBG1(DBG_TNC, "insufficient data for Unique Software ID"); - reader->destroy(reader); - return FAILED; - } - *offset += 2 + unique_sw_id.len; - - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, chunk_empty); - this->targets->add(this->targets, tag_id); - } - reader->destroy(reader); - - return SUCCESS; -} - -METHOD(pa_tnc_attr_t, add_segment, void, - private_tcg_swid_attr_req_t *this, chunk_t segment) -{ - this->value = chunk_cat("mc", this->value, segment); -} - -METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, - private_tcg_swid_attr_req_t *this) -{ - ref_get(&this->ref); - return &this->public.pa_tnc_attribute; -} - -METHOD(pa_tnc_attr_t, destroy, void, - private_tcg_swid_attr_req_t *this) -{ - if (ref_put(&this->ref)) - { - this->targets->destroy(this->targets); - free(this->value.ptr); - free(this); - } -} - -METHOD(tcg_swid_attr_req_t, get_flags, uint8_t, - private_tcg_swid_attr_req_t *this) -{ - return this->flags; -} - -METHOD(tcg_swid_attr_req_t, get_request_id, uint32_t, - private_tcg_swid_attr_req_t *this) -{ - return this->request_id; -} - -METHOD(tcg_swid_attr_req_t, get_earliest_eid, uint32_t, - private_tcg_swid_attr_req_t *this) -{ - return this->earliest_eid; -} - -METHOD(tcg_swid_attr_req_t, add_target, void, - private_tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id) -{ - this->targets->add(this->targets, tag_id); -} - -METHOD(tcg_swid_attr_req_t, get_targets, swid_inventory_t*, - private_tcg_swid_attr_req_t *this) -{ - return this->targets; -} - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id, - uint32_t eid) -{ - private_tcg_swid_attr_req_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .get_flags = _get_flags, - .get_request_id = _get_request_id, - .get_earliest_eid = _get_earliest_eid, - .add_target = _add_target, - .get_targets = _get_targets, - }, - .type = { PEN_TCG, TCG_SWID_REQUEST }, - .flags = flags & SWID_REQ_RESERVED_MASK, - .request_id = request_id, - .earliest_eid = eid, - .targets = swid_inventory_create(FALSE), - .ref = 1, - ); - - return &this->public.pa_tnc_attribute; -} - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(size_t length, chunk_t data) -{ - private_tcg_swid_attr_req_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .get_flags = _get_flags, - .get_request_id = _get_request_id, - .get_earliest_eid = _get_earliest_eid, - .add_target = _add_target, - .get_targets = _get_targets, - }, - .type = { PEN_TCG, TCG_SWID_REQUEST }, - .length = length, - .value = chunk_clone(data), - .targets = swid_inventory_create(FALSE), - .ref = 1, - ); - - return &this->public.pa_tnc_attribute; -} diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h deleted file mode 100644 index 2c85aaf6d..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.h +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup tcg_swid_attr_req tcg_swid_attr_req - * @{ @ingroup tcg_attr - */ - -#ifndef TCG_SWID_ATTR_REQ_H_ -#define TCG_SWID_ATTR_REQ_H_ - -#define TCG_SWID_REQ_MIN_SIZE 12 - -typedef struct tcg_swid_attr_req_t tcg_swid_attr_req_t; -typedef enum tcg_swid_attr_req_flag_t tcg_swid_attr_req_flag_t; - -enum tcg_swid_attr_req_flag_t { - TCG_SWID_ATTR_REQ_FLAG_NONE = 0, - TCG_SWID_ATTR_REQ_FLAG_C = (1 << 7), - TCG_SWID_ATTR_REQ_FLAG_S = (1 << 6), - TCG_SWID_ATTR_REQ_FLAG_R = (1 << 5) -}; - -#include "tcg/tcg_attr.h" -#include "swid/swid_tag_id.h" -#include "swid/swid_inventory.h" -#include "pa_tnc/pa_tnc_attr.h" - -/** - * Class implementing the TCG SWID Request attribute - */ -struct tcg_swid_attr_req_t { - - /** - * Public PA-TNC attribute interface - */ - pa_tnc_attr_t pa_tnc_attribute; - - /** - * Get SWID request flags - * - * @return Flags - */ - uint8_t (*get_flags)(tcg_swid_attr_req_t *this); - - /** - * Get Request ID - * - * @return Request ID - */ - uint32_t (*get_request_id)(tcg_swid_attr_req_t *this); - - /** - * Get Earliest EID - * - * @return Event ID - */ - uint32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this); - - /** - * Add Tag ID - * - * @param tag_id SWID Tag ID (is not cloned by constructor!) - */ - void (*add_target)(tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id); - - /** - * Create Tag ID enumerator - * - * @return Get a list of target tag IDs - */ - swid_inventory_t* (*get_targets)(tcg_swid_attr_req_t *this); - -}; - -/** - * Creates an tcg_swid_attr_req_t object - * - * @param flags Sets the C|S|R flags - * @param request_id Request ID - * @param eid Earliest Event ID - */ -pa_tnc_attr_t* tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id, - uint32_t eid); - -/** - * Creates an tcg_swid_attr_req_t object from received data - * - * @param length Total length of attribute value - * @param value Unparsed attribute value (might be a segment) - */ -pa_tnc_attr_t* tcg_swid_attr_req_create_from_data(size_t length, chunk_t value); - -#endif /** TCG_SWID_ATTR_REQ_H_ @}*/ diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c deleted file mode 100644 index 560d5878f..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "tcg_swid_attr_tag_id_inv.h" - -#include <pa_tnc/pa_tnc_msg.h> -#include <bio/bio_writer.h> -#include <bio/bio_reader.h> -#include <utils/debug.h> - - -typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_inv_t; - -/** - * SWID Tag Identifier Inventory - * see section 4.8 of TCG TNC SWID Message and Attributes for IF-M - * - * 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Reserved | Tag ID Count | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Request ID Copy | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | EID Epoch | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Last EID | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Tag Creator Length | Tag Creator (variable length) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Unique Software ID Length |Unique Software ID (var length)| - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Instance ID Length | Instance ID (variable length) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ - -#define TCG_SWID_TAG_ID_INV_RESERVED 0x00 - -/** - * Private data of an tcg_swid_attr_tag_id_inv_t object. - */ -struct private_tcg_swid_attr_tag_id_inv_t { - - /** - * Public members of tcg_swid_attr_tag_id_inv_t - */ - tcg_swid_attr_tag_id_inv_t public; - - /** - * Vendor-specific attribute type - */ - pen_type_t type; - - /** - * Length of attribute value - */ - size_t length; - - /** - * Offset up to which attribute value has been processed - */ - size_t offset; - - /** - * Current position of attribute value pointer - */ - chunk_t value; - - /** - * Contains complete attribute or current segment - */ - chunk_t segment; - - /** - * Noskip flag - */ - bool noskip_flag; - - /** - * Request ID - */ - uint32_t request_id; - - /** - * Event ID Epoch - */ - uint32_t eid_epoch; - - /** - * Last Event ID - */ - uint32_t last_eid; - - /** - * Number of SWID Tag IDs in attribute - */ - uint32_t tag_id_count; - - /** - * SWID Tag ID Inventory - */ - swid_inventory_t *inventory; - - /** - * Reference count - */ - refcount_t ref; -}; - -METHOD(pa_tnc_attr_t, get_type, pen_type_t, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->type; -} - -METHOD(pa_tnc_attr_t, get_value, chunk_t, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->value; -} - -METHOD(pa_tnc_attr_t, get_noskip_flag, bool, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->noskip_flag; -} - -METHOD(pa_tnc_attr_t, set_noskip_flag,void, - private_tcg_swid_attr_tag_id_inv_t *this, bool noskip) -{ - this->noskip_flag = noskip; -} - -METHOD(pa_tnc_attr_t, build, void, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - bio_writer_t *writer; - swid_tag_id_t *tag_id; - chunk_t tag_creator, unique_sw_id, instance_id; - enumerator_t *enumerator; - - if (this->value.ptr) - { - return; - } - - writer = bio_writer_create(TCG_SWID_TAG_ID_INV_MIN_SIZE); - writer->write_uint8 (writer, TCG_SWID_TAG_ID_INV_RESERVED); - writer->write_uint24(writer, this->inventory->get_count(this->inventory)); - writer->write_uint32(writer, this->request_id); - writer->write_uint32(writer, this->eid_epoch); - writer->write_uint32(writer, this->last_eid); - - enumerator = this->inventory->create_enumerator(this->inventory); - while (enumerator->enumerate(enumerator, &tag_id)) - { - tag_creator = tag_id->get_tag_creator(tag_id); - unique_sw_id = tag_id->get_unique_sw_id(tag_id, &instance_id); - writer->write_data16(writer, tag_creator); - writer->write_data16(writer, unique_sw_id); - writer->write_data16(writer, instance_id); - } - enumerator->destroy(enumerator); - - this->value = writer->extract_buf(writer); - this->segment = this->value; - this->length = this->value.len; - writer->destroy(writer); -} - -METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset) -{ - bio_reader_t *reader; - uint8_t reserved; - chunk_t tag_creator, unique_sw_id, instance_id; - swid_tag_id_t *tag_id; - status_t status = NEED_MORE; - - if (this->offset == 0) - { - if (this->length < TCG_SWID_TAG_ID_INV_MIN_SIZE) - { - DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG, - tcg_attr_names, this->type.type); - *offset = this->offset; - return FAILED; - } - if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE) - { - return NEED_MORE; - } - reader = bio_reader_create(this->value); - reader->read_uint8 (reader, &reserved); - reader->read_uint24(reader, &this->tag_id_count); - reader->read_uint32(reader, &this->request_id); - reader->read_uint32(reader, &this->eid_epoch); - reader->read_uint32(reader, &this->last_eid); - this->offset = TCG_SWID_TAG_ID_INV_MIN_SIZE; - this->value = reader->peek(reader); - reader->destroy(reader); - } - - reader = bio_reader_create(this->value); - - while (this->tag_id_count) - { - if (!reader->read_data16(reader, &tag_creator) || - !reader->read_data16(reader, &unique_sw_id) || - !reader->read_data16(reader, &instance_id)) - { - goto end; - } - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, instance_id); - this->inventory->add(this->inventory, tag_id); - this->offset += this->value.len - reader->remaining(reader); - this->value = reader->peek(reader); - - /* at least one tag ID was processed */ - status = SUCCESS; - this->tag_id_count--; - } - - if (this->length != this->offset) - { - DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG, - tcg_attr_names, this->type.type); - *offset = this->offset; - status = FAILED; - } - -end: - reader->destroy(reader); - return status; -} - -METHOD(pa_tnc_attr_t, add_segment, void, - private_tcg_swid_attr_tag_id_inv_t *this, chunk_t segment) -{ - this->value = chunk_cat("cc", this->value, segment); - chunk_free(&this->segment); - this->segment = this->value; -} - -METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - ref_get(&this->ref); - return &this->public.pa_tnc_attribute; -} - -METHOD(pa_tnc_attr_t, destroy, void, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - if (ref_put(&this->ref)) - { - this->inventory->destroy(this->inventory); - free(this->segment.ptr); - free(this); - } -} - -METHOD(tcg_swid_attr_tag_id_inv_t, add, void, - private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id) -{ - this->inventory->add(this->inventory, tag_id); -} - -METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, uint32_t, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->request_id; -} - -METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t, - private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *eid_epoch) -{ - if (eid_epoch) - { - *eid_epoch = this->eid_epoch; - } - return this->last_eid; -} - -METHOD(tcg_swid_attr_tag_id_inv_t, get_tag_id_count, uint32_t, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->tag_id_count; -} - -METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->inventory; -} - -METHOD(tcg_swid_attr_tag_id_inv_t, clear_inventory, void, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - this->inventory->destroy(this->inventory); - this->inventory = swid_inventory_create(FALSE); -} - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id, - uint32_t eid_epoch, - uint32_t eid) -{ - private_tcg_swid_attr_tag_id_inv_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .add = _add, - .get_request_id = _get_request_id, - .get_last_eid = _get_last_eid, - .get_tag_id_count = _get_tag_id_count, - .get_inventory = _get_inventory, - .clear_inventory = _clear_inventory, - }, - .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY }, - .request_id = request_id, - .eid_epoch = eid_epoch, - .last_eid = eid, - .inventory = swid_inventory_create(FALSE), - .ref = 1, - ); - - return &this->public.pa_tnc_attribute; -} - - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(size_t length, - chunk_t data) -{ - private_tcg_swid_attr_tag_id_inv_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .add = _add, - .get_request_id = _get_request_id, - .get_last_eid = _get_last_eid, - .get_tag_id_count = _get_tag_id_count, - .get_inventory = _get_inventory, - .clear_inventory = _clear_inventory, - }, - .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY }, - .length = length, - .segment = chunk_clone(data), - .inventory = swid_inventory_create(FALSE), - .ref = 1, - ); - - /* received either complete attribute value or first segment */ - this->value = this->segment; - - return &this->public.pa_tnc_attribute; -} diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h deleted file mode 100644 index e9db9b3c6..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup tcg_swid_attr_tag_id_inv tcg_swid_attr_tag_id_inv - * @{ @ingroup tcg_attr - */ - -#ifndef TCG_SWID_ATTR_TAG_ID_INV_H_ -#define TCG_SWID_ATTR_TAG_ID_INV_H_ - -typedef struct tcg_swid_attr_tag_id_inv_t tcg_swid_attr_tag_id_inv_t; - -#include "tcg/tcg_attr.h" -#include "swid/swid_tag_id.h" -#include "swid/swid_inventory.h" - -#include <pa_tnc/pa_tnc_attr.h> - -#define TCG_SWID_TAG_ID_INV_MIN_SIZE 16 - -/** - * Class implementing the TCG SWID Tag Identifier Inventory attribute - * - */ -struct tcg_swid_attr_tag_id_inv_t { - - /** - * Public PA-TNC attribute interface - */ - pa_tnc_attr_t pa_tnc_attribute; - - /** - * Add a Tag ID to the attribute - * - * @param tag_id SWID Tag ID to be added - */ - void (*add)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id); - - /** - * Get Request ID - * - * @return Request ID - */ - uint32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this); - - /** - * Get Last Event ID - * - * @param eid_epoch Event ID Epoch - * @return Last Event ID - */ - uint32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this, - uint32_t *eid_epoch); - - /** - * Get count of remaining SWID tag IDs - * - * @return SWID Tag ID count - */ - uint32_t (*get_tag_id_count)(tcg_swid_attr_tag_id_inv_t *this); - - /** - * Get Inventory of SWID tag IDs - * - * @result SWID Tag ID Inventory - */ - swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_id_inv_t *this); - - /** - * Remove all SWID Tag IDs from the Inventory - */ - void (*clear_inventory)(tcg_swid_attr_tag_id_inv_t *this); - -}; - -/** - * Creates an tcg_swid_attr_tag_id_inv_t object - * - * @param request_id Copy of the Request ID - * @param eid_epoch Event ID Epoch - * @param eid Last Event ID - */ -pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id, - uint32_t eid_epoch, - uint32_t eid); - -/** - * Creates an tcg_swid_attr_tag_id_inv_t object from received data - * - * @param length Total length of attribute value - * @param value Unparsed attribute value (might be a segment) - */ -pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create_from_data(size_t length, - chunk_t value); - -#endif /** TCG_SWID_ATTR_TAG_ID_INV_H_ @}*/ diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c deleted file mode 100644 index 013482441..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c +++ /dev/null @@ -1,389 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "tcg_swid_attr_tag_inv.h" - -#include <pa_tnc/pa_tnc_msg.h> -#include <bio/bio_writer.h> -#include <bio/bio_reader.h> -#include <utils/debug.h> - - -typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t; - -/** - * SWID Tag Inventory - * see section 4.10 of TCG TNC SWID Message and Attributes for IF-M - * - * 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Reserved | Tag ID Count | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Request ID Copy | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | EID Epoch | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Last EID | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Instance ID Length | Instance ID (var. length) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Tag Length | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Tag (Variable) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ - -#define TCG_SWID_TAG_INV_RESERVED 0x00 - -/** - * Private data of an tcg_swid_attr_tag_inv_t object. - */ -struct private_tcg_swid_attr_tag_inv_t { - - /** - * Public members of tcg_swid_attr_tag_inv_t - */ - tcg_swid_attr_tag_inv_t public; - - /** - * Vendor-specific attribute type - */ - pen_type_t type; - - /** - * Length of attribute value - */ - size_t length; - - /** - * Offset up to which attribute value has been processed - */ - size_t offset; - - /** - * Current position of attribute value pointer - */ - chunk_t value; - - /** - * Contains complete attribute or current segment - */ - chunk_t segment; - - /** - * Noskip flag - */ - bool noskip_flag; - - /** - * Request ID - */ - uint32_t request_id; - - /** - * Event ID Epoch - */ - uint32_t eid_epoch; - - /** - * Last Event ID - */ - uint32_t last_eid; - - /** - * Number of SWID Tags in attribute - */ - uint32_t tag_count; - - /** - * SWID Tag Inventory - */ - swid_inventory_t *inventory; - - /** - * Reference count - */ - refcount_t ref; -}; - -METHOD(pa_tnc_attr_t, get_type, pen_type_t, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->type; -} - -METHOD(pa_tnc_attr_t, get_value, chunk_t, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->value; -} - -METHOD(pa_tnc_attr_t, get_noskip_flag, bool, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->noskip_flag; -} - -METHOD(pa_tnc_attr_t, set_noskip_flag,void, - private_tcg_swid_attr_tag_inv_t *this, bool noskip) -{ - this->noskip_flag = noskip; -} - -METHOD(pa_tnc_attr_t, build, void, - private_tcg_swid_attr_tag_inv_t *this) -{ - bio_writer_t *writer; - swid_tag_t *tag; - enumerator_t *enumerator; - - if (this->value.ptr) - { - return; - } - - writer = bio_writer_create(TCG_SWID_TAG_INV_MIN_SIZE); - writer->write_uint8 (writer, TCG_SWID_TAG_INV_RESERVED); - writer->write_uint24(writer, this->inventory->get_count(this->inventory)); - writer->write_uint32(writer, this->request_id); - writer->write_uint32(writer, this->eid_epoch); - writer->write_uint32(writer, this->last_eid); - - enumerator = this->inventory->create_enumerator(this->inventory); - while (enumerator->enumerate(enumerator, &tag)) - { - writer->write_data16(writer, tag->get_instance_id(tag)); - writer->write_data32(writer, tag->get_encoding(tag)); - } - enumerator->destroy(enumerator); - - this->value = writer->extract_buf(writer); - this->segment = this->value; - this->length = this->value.len; - writer->destroy(writer); -} - -METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset) -{ - bio_reader_t *reader; - uint8_t reserved; - chunk_t tag_encoding, instance_id; - swid_tag_t *tag; - status_t status = NEED_MORE; - - if (this->offset == 0) - { - if (this->length < TCG_SWID_TAG_INV_MIN_SIZE) - { - DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG, - tcg_attr_names, this->type.type); - *offset = this->offset; - return FAILED; - } - if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE) - { - return NEED_MORE; - } - reader = bio_reader_create(this->value); - reader->read_uint8 (reader, &reserved); - reader->read_uint24(reader, &this->tag_count); - reader->read_uint32(reader, &this->request_id); - reader->read_uint32(reader, &this->eid_epoch); - reader->read_uint32(reader, &this->last_eid); - this->offset = TCG_SWID_TAG_INV_MIN_SIZE; - this->value = reader->peek(reader); - reader->destroy(reader); - } - - reader = bio_reader_create(this->value); - - while (this->tag_count) - { - if (!reader->read_data16(reader, &instance_id) || - !reader->read_data32(reader, &tag_encoding)) - { - goto end; - } - tag = swid_tag_create(tag_encoding, instance_id); - this->inventory->add(this->inventory, tag); - this->offset += this->value.len - reader->remaining(reader); - this->value = reader->peek(reader); - - /* at least one tag was processed */ - status = SUCCESS; - this->tag_count--; - } - - if (this->length != this->offset) - { - DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG, - tcg_attr_names, this->type.type); - *offset = this->offset; - status = FAILED; - } - -end: - reader->destroy(reader); - return status; -} - -METHOD(pa_tnc_attr_t, add_segment, void, - private_tcg_swid_attr_tag_inv_t *this, chunk_t segment) -{ - this->value = chunk_cat("cc", this->value, segment); - chunk_free(&this->segment); - this->segment = this->value; -} - -METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, - private_tcg_swid_attr_tag_inv_t *this) -{ - ref_get(&this->ref); - return &this->public.pa_tnc_attribute; -} - -METHOD(pa_tnc_attr_t, destroy, void, - private_tcg_swid_attr_tag_inv_t *this) -{ - if (ref_put(&this->ref)) - { - this->inventory->destroy(this->inventory); - free(this->segment.ptr); - free(this); - } -} - -METHOD(tcg_swid_attr_tag_inv_t, add, void, - private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag) -{ - this->inventory->add(this->inventory, tag); -} - -METHOD(tcg_swid_attr_tag_inv_t, get_request_id, uint32_t, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->request_id; -} - -METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t, - private_tcg_swid_attr_tag_inv_t *this, uint32_t *eid_epoch) -{ - if (eid_epoch) - { - *eid_epoch = this->eid_epoch; - } - return this->last_eid; -} - -METHOD(tcg_swid_attr_tag_inv_t, get_tag_count, uint32_t, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->tag_count; -} - -METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->inventory; -} - -METHOD(tcg_swid_attr_tag_inv_t, clear_inventory, void, - private_tcg_swid_attr_tag_inv_t *this) -{ - this->inventory->destroy(this->inventory); - this->inventory = swid_inventory_create(TRUE); -} - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id, - uint32_t eid_epoch, uint32_t eid) -{ - private_tcg_swid_attr_tag_inv_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .add = _add, - .get_request_id = _get_request_id, - .get_last_eid = _get_last_eid, - .get_tag_count = _get_tag_count, - .get_inventory = _get_inventory, - .clear_inventory = _clear_inventory, - }, - .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY }, - .request_id = request_id, - .eid_epoch = eid_epoch, - .last_eid = eid, - .inventory = swid_inventory_create(TRUE), - .ref = 1, - ); - - return &this->public.pa_tnc_attribute; -} - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(size_t length, - chunk_t data) -{ - private_tcg_swid_attr_tag_inv_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .add = _add, - .get_request_id = _get_request_id, - .get_last_eid = _get_last_eid, - .get_tag_count = _get_tag_count, - .get_inventory = _get_inventory, - .clear_inventory = _clear_inventory, - }, - .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY }, - .length = length, - .segment = chunk_clone(data), - .inventory = swid_inventory_create(TRUE), - .ref = 1, - ); - - /* received either complete attribute value or first segment */ - this->value = this->segment; - - return &this->public.pa_tnc_attribute; -} diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h deleted file mode 100644 index 43ebd9e2a..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup tcg_swid_attr_tag_inv tcg_swid_attr_tag_inv - * @{ @ingroup tcg_attr - */ - -#ifndef TCG_SWID_ATTR_TAG_INV_H_ -#define TCG_SWID_ATTR_TAG_INV_H_ - -typedef struct tcg_swid_attr_tag_inv_t tcg_swid_attr_tag_inv_t; - -#include "tcg/tcg_attr.h" -#include "swid/swid_tag.h" -#include "swid/swid_inventory.h" - -#include <pa_tnc/pa_tnc_attr.h> - -#define TCG_SWID_TAG_INV_MIN_SIZE 16 - -/** - * Class implementing the TCG SWID Tag Inventory attribute - * - */ -struct tcg_swid_attr_tag_inv_t { - - /** - * Public PA-TNC attribute interface - */ - pa_tnc_attr_t pa_tnc_attribute; - - /** - * Add a Tag ID to the attribute - * - * @param tag SWID Tag to be added - */ - void (*add)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag); - /** - * Get Request ID - * - * @return Request ID - */ - uint32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this); - - /** - * Get Last Event ID - * - * @param eid_epoch Event ID Epoch - * @return Last Event ID - */ - uint32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this, - uint32_t *eid_epoch); - - /** - * Get count of remaining SWID tags - * - * @return SWID Tag count - */ - uint32_t (*get_tag_count)(tcg_swid_attr_tag_inv_t *this); - - /** - * Get Inventory of SWID tags - * - * @result SWID Tag Inventory - */ - swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_inv_t *this); - - /** - * Remove all SWID Tags from the Inventory - */ - void (*clear_inventory)(tcg_swid_attr_tag_inv_t *this); - -}; - -/** - * Creates an tcg_swid_attr_tag_inv_t object - * - * @param request_id Copy of the Request ID - * @param eid_epoch Event ID Epoch - * @param eid Last Event ID - */ -pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id, - uint32_t eid_epoch, - uint32_t eid); - -/** - * Creates an tcg_swid_attr_tag_inv_t object from received data - * - * @param length Total length of attribute value - * @param value Unparsed attribute value (might be a segment) - */ -pa_tnc_attr_t* tcg_swid_attr_tag_inv_create_from_data(size_t length, - chunk_t value); - -#endif /** TCG_SWID_ATTR_TAG_INV_H_ @}*/ diff --git a/src/libimcv/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c index ab1fa43a5..f6b1df7ec 100644 --- a/src/libimcv/tcg/tcg_attr.c +++ b/src/libimcv/tcg/tcg_attr.c @@ -31,9 +31,6 @@ #include "tcg/pts/tcg_pts_attr_file_meas.h" #include "tcg/pts/tcg_pts_attr_req_file_meta.h" #include "tcg/pts/tcg_pts_attr_unix_file_meta.h" -#include "tcg/swid/tcg_swid_attr_req.h" -#include "tcg/swid/tcg_swid_attr_tag_id_inv.h" -#include "tcg/swid/tcg_swid_attr_tag_inv.h" #include "tcg/seg/tcg_seg_attr_max_size.h" #include "tcg/seg/tcg_seg_attr_seg_env.h" #include "tcg/seg/tcg_seg_attr_next_seg.h" @@ -189,12 +186,6 @@ pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t v { switch (type) { - case TCG_SWID_REQUEST: - return tcg_swid_attr_req_create_from_data(length, value); - case TCG_SWID_TAG_ID_INVENTORY: - return tcg_swid_attr_tag_id_inv_create_from_data(length, value); - case TCG_SWID_TAG_INVENTORY: - return tcg_swid_attr_tag_inv_create_from_data(length, value); case TCG_SEG_MAX_ATTR_SIZE_REQ: return tcg_seg_attr_max_size_create_from_data(length, value, TRUE); case TCG_SEG_MAX_ATTR_SIZE_RESP: @@ -253,6 +244,9 @@ pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t v case TCG_PTS_UNIX_FILE_META: return tcg_pts_attr_unix_file_meta_create_from_data(length, value); /* unsupported TCG/SWID attributes */ + case TCG_SWID_REQUEST: + case TCG_SWID_TAG_ID_INVENTORY: + case TCG_SWID_TAG_INVENTORY: case TCG_SWID_TAG_ID_EVENTS: case TCG_SWID_TAG_EVENTS: case TCG_SWID_SUBSCRIPTION_STATUS_REQ: |