diff options
Diffstat (limited to 'src/libpts/plugins/imc_attestation')
7 files changed, 405 insertions, 251 deletions
diff --git a/src/libpts/plugins/imc_attestation/Makefile.am b/src/libpts/plugins/imc_attestation/Makefile.am index 9d78b935a..18c756884 100644 --- a/src/libpts/plugins/imc_attestation/Makefile.am +++ b/src/libpts/plugins/imc_attestation/Makefile.am @@ -1,8 +1,11 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libpts -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv -I$(top_srcdir)/src/libpts - -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic imcv_LTLIBRARIES = imc-attestation.la @@ -15,4 +18,3 @@ imc_attestation_la_SOURCES = imc_attestation.c \ imc_attestation_process.h imc_attestation_process.c imc_attestation_la_LDFLAGS = -module -avoid-version - diff --git a/src/libpts/plugins/imc_attestation/Makefile.in b/src/libpts/plugins/imc_attestation/Makefile.in index 583d2dfee..b129f9274 100644 --- a/src/libpts/plugins/imc_attestation/Makefile.in +++ b/src/libpts/plugins/imc_attestation/Makefile.in @@ -1,9 +1,9 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -45,10 +62,11 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; @@ -72,6 +90,12 @@ am__nobase_list = $(am__nobase_strip_setup); \ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(imcvdir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imc_attestation_la_DEPENDENCIES = \ @@ -81,45 +105,74 @@ imc_attestation_la_DEPENDENCIES = \ am_imc_attestation_la_OBJECTS = imc_attestation.lo \ imc_attestation_state.lo imc_attestation_process.lo imc_attestation_la_OBJECTS = $(am_imc_attestation_la_OBJECTS) -imc_attestation_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(imc_attestation_la_LDFLAGS) $(LDFLAGS) -o $@ -DEFAULT_INCLUDES = -I.@am__isrc@ +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +imc_attestation_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(imc_attestation_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(imc_attestation_la_SOURCES) DIST_SOURCES = $(imc_attestation_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BFDLIB = @BFDLIB@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ @@ -128,13 +181,16 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GENHTML = @GENHTML@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ @@ -147,6 +203,7 @@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MYSQLCFLAG = @MYSQLCFLAG@ MYSQLCONFIG = @MYSQLCONFIG@ @@ -174,11 +231,13 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ @@ -186,6 +245,7 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ @@ -194,8 +254,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -204,14 +262,19 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ -default_pkcs11 = @default_pkcs11@ +dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ h_plugins = @h_plugins@ @@ -225,17 +288,17 @@ imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ -libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ maemo_CFLAGS = @maemo_CFLAGS@ maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ @@ -245,16 +308,15 @@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ -pluto_plugins = @pluto_plugins@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ @@ -282,10 +344,15 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv -I$(top_srcdir)/src/libpts +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libpts + +AM_CFLAGS = \ + -rdynamic -AM_CFLAGS = -rdynamic imcv_LTLIBRARIES = imc-attestation.la imc_attestation_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ @@ -332,7 +399,6 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__aclocal_m4_deps): install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(imcvdir)" || $(MKDIR_P) "$(DESTDIR)$(imcvdir)" @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -340,6 +406,8 @@ install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \ } @@ -361,8 +429,8 @@ clean-imcvLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -imc-attestation.la: $(imc_attestation_la_OBJECTS) $(imc_attestation_la_DEPENDENCIES) - $(imc_attestation_la_LINK) -rpath $(imcvdir) $(imc_attestation_la_OBJECTS) $(imc_attestation_la_LIBADD) $(LIBS) +imc-attestation.la: $(imc_attestation_la_OBJECTS) $(imc_attestation_la_DEPENDENCIES) $(EXTRA_imc_attestation_la_DEPENDENCIES) + $(AM_V_CCLD)$(imc_attestation_la_LINK) -rpath $(imcvdir) $(imc_attestation_la_OBJECTS) $(imc_attestation_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -375,25 +443,25 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_attestation_state.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -500,10 +568,15 @@ install-am: all-am installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libpts/plugins/imc_attestation/imc_attestation.c index 4f77ba093..bb327e936 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -17,10 +17,13 @@ #include "imc_attestation_process.h" #include <imc/imc_agent.h> -#include <pa_tnc/pa_tnc_msg.h> +#include <imc/imc_msg.h> #include <ietf/ietf_attr.h> #include <ietf/ietf_attr_pa_tnc_error.h> #include <ietf/ietf_attr_product_info.h> +#include <ietf/ietf_attr_string_version.h> +#include <ietf/ietf_attr_assess_result.h> +#include <os_info/os_info.h> #include <libpts.h> @@ -32,15 +35,16 @@ #include <tncif_pa_subtypes.h> #include <pen/pen.h> -#include <debug.h> -#include <utils/linked_list.h> +#include <utils/debug.h> +#include <collections/linked_list.h> /* IMC definitions */ static const char imc_name[] = "Attestation"; -#define IMC_VENDOR_ID PEN_TCG -#define IMC_SUBTYPE PA_SUBTYPE_TCG_PTS +static pen_type_t msg_types[] = { + { PEN_TCG, PA_SUBTYPE_TCG_PTS } +}; static imc_agent_t *imc_attestation; @@ -72,7 +76,7 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, { return TNC_RESULT_FATAL; } - imc_attestation = imc_agent_create(imc_name, IMC_VENDOR_ID, IMC_SUBTYPE, + imc_attestation = imc_agent_create(imc_name, msg_types, countof(msg_types), imc_id, actual_version); if (!imc_attestation) { @@ -80,7 +84,7 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, } libpts_init(); - + if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) { DBG1(DBG_IMC, "no common IF-IMC version"); @@ -108,9 +112,17 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_attestation_state_create(connection_id); return imc_attestation->create_state(imc_attestation, state); + case TNC_CONNECTION_STATE_HANDSHAKE: + if (imc_attestation->change_state(imc_attestation, connection_id, + new_state, &state) != TNC_RESULT_SUCCESS) + { + return TNC_RESULT_FATAL; + } + state->set_result(state, imc_id, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_attestation->delete_state(imc_attestation, connection_id); - case TNC_CONNECTION_STATE_HANDSHAKE: case TNC_CONNECTION_STATE_ACCESS_ISOLATED: case TNC_CONNECTION_STATE_ACCESS_NONE: default: @@ -126,121 +138,67 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, TNC_ConnectionID connection_id) { - imc_state_t *state; - imc_attestation_state_t *attestation_state; - pts_t *pts; - char *platform_info; - TNC_Result result = TNC_RESULT_SUCCESS; - if (!imc_attestation) { DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); return TNC_RESULT_NOT_INITIALIZED; } - /* get current IMC state */ - if (!imc_attestation->get_state(imc_attestation, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - attestation_state = (imc_attestation_state_t*)state; - pts = attestation_state->get_pts(attestation_state); - - platform_info = pts->get_platform_info(pts); - if (platform_info) - { - pa_tnc_msg_t *pa_tnc_msg; - pa_tnc_attr_t *attr; - - pa_tnc_msg = pa_tnc_msg_create(); - attr = ietf_attr_product_info_create(0, 0, platform_info); - pa_tnc_msg->add_attribute(pa_tnc_msg, attr); - pa_tnc_msg->build(pa_tnc_msg); - result = imc_attestation->send_message(imc_attestation, connection_id, - FALSE, 0, TNC_IMVID_ANY, - pa_tnc_msg->get_encoding(pa_tnc_msg)); - pa_tnc_msg->destroy(pa_tnc_msg); - } - - return result; + return TNC_RESULT_SUCCESS; } -static TNC_Result receive_message(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) +static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) { - pa_tnc_msg_t *pa_tnc_msg; - pa_tnc_attr_t *attr; - linked_list_t *attr_list; - imc_state_t *state; + imc_msg_t *out_msg; imc_attestation_state_t *attestation_state; enumerator_t *enumerator; + pa_tnc_attr_t *attr; + pen_type_t type; TNC_Result result; + bool fatal_error = FALSE; - if (!imc_attestation) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - - /* get current IMC state */ - if (!imc_attestation->get_state(imc_attestation, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - attestation_state = (imc_attestation_state_t*)state; - - /* parse received PA-TNC message and automatically handle any errors */ - result = imc_attestation->receive_message(imc_attestation, state, msg, - msg_vid, msg_subtype, src_imv_id, dst_imc_id, &pa_tnc_msg); - - /* no parsed PA-TNC attributes available if an error occurred */ - if (!pa_tnc_msg) + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) { return result; } - - /* preprocess any IETF standard error attributes */ - result = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg) ? - TNC_RESULT_FATAL : TNC_RESULT_SUCCESS; - - attr_list = linked_list_create(); + out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ - enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg); + enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) { - if (attr->get_vendor_id(attr) == PEN_IETF && - attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR) - { - ietf_attr_pa_tnc_error_t *error_attr; - pen_t error_vendor_id; - pa_tnc_error_code_t error_code; - chunk_t msg_info; - - error_attr = (ietf_attr_pa_tnc_error_t*)attr; - error_vendor_id = error_attr->get_vendor_id(error_attr); + type = attr->get_type(attr); - if (error_vendor_id == PEN_TCG) + if (type.vendor_id == PEN_IETF) + { + if (type.type == IETF_ATTR_PA_TNC_ERROR) { + ietf_attr_pa_tnc_error_t *error_attr; + pen_type_t error_code; + chunk_t msg_info; + + error_attr = (ietf_attr_pa_tnc_error_t*)attr; error_code = error_attr->get_error_code(error_attr); - msg_info = error_attr->get_msg_info(error_attr); - DBG1(DBG_IMC, "received TCG-PTS error '%N'", - pts_error_code_names, error_code); - DBG1(DBG_IMC, "error information: %B", &msg_info); + if (error_code.vendor_id == PEN_TCG) + { + msg_info = error_attr->get_msg_info(error_attr); - result = TNC_RESULT_FATAL; + DBG1(DBG_IMC, "received TCG-PTS error '%N'", + pts_error_code_names, error_code.type); + DBG1(DBG_IMC, "error information: %B", &msg_info); + + result = TNC_RESULT_FATAL; + } } } - else if (attr->get_vendor_id(attr) == PEN_TCG) + else if (type.vendor_id == PEN_TCG) { - if (!imc_attestation_process(attr, attr_list, attestation_state, + attestation_state = (imc_attestation_state_t*)state; + + if (!imc_attestation_process(attr, out_msg, attestation_state, supported_algorithms, supported_dh_groups)) { result = TNC_RESULT_FATAL; @@ -249,27 +207,14 @@ static TNC_Result receive_message(TNC_IMCID imc_id, } } enumerator->destroy(enumerator); - pa_tnc_msg->destroy(pa_tnc_msg); - if (result == TNC_RESULT_SUCCESS && attr_list->get_count(attr_list)) + if (result == TNC_RESULT_SUCCESS) { - pa_tnc_msg = pa_tnc_msg_create(); - - enumerator = attr_list->create_enumerator(attr_list); - while (enumerator->enumerate(enumerator, &attr)) - { - pa_tnc_msg->add_attribute(pa_tnc_msg, attr); - } - enumerator->destroy(enumerator); - - pa_tnc_msg->build(pa_tnc_msg); - result = imc_attestation->send_message(imc_attestation, connection_id, - FALSE, 0, TNC_IMVID_ANY, - pa_tnc_msg->get_encoding(pa_tnc_msg)); - pa_tnc_msg->destroy(pa_tnc_msg); + /* send PA-TNC message with the excl flag set */ + result = out_msg->send(out_msg, TRUE); } + out_msg->destroy(out_msg); - attr_list->destroy(attr_list); return result; } @@ -282,14 +227,26 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { - TNC_VendorID msg_vid; - TNC_MessageSubtype msg_subtype; + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_attestation) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_attestation->get_state(imc_attestation, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } - msg_vid = msg_type >> 8; - msg_subtype = msg_type & TNC_SUBTYPE_ANY; + in_msg = imc_msg_create_from_data(imc_attestation, state, connection_id, + msg_type, chunk_create(msg, msg_len)); + result = receive_message(state, in_msg); + in_msg->destroy(in_msg); - return receive_message(imc_id, connection_id, 0, chunk_create(msg, msg_len), - msg_vid, msg_subtype, 0, TNC_IMCID_ANY); + return result; } /** @@ -305,9 +262,26 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id) { - return receive_message(imc_id, connection_id, msg_flags, - chunk_create(msg, msg_len), msg_vid, msg_subtype, - src_imv_id, dst_imc_id); + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_attestation) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_attestation->get_state(imc_attestation, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_long_data(imc_attestation, state, connection_id, + src_imv_id, dst_imc_id, msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; } /** diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.c b/src/libpts/plugins/imc_attestation/imc_attestation_process.c index b70c05370..88d24dd88 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation_process.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -23,7 +23,6 @@ #include <ietf/ietf_attr_pa_tnc_error.h> -#include <libpts.h> #include <pts/pts.h> #include <tcg/tcg_pts_attr_proto_caps.h> @@ -44,12 +43,12 @@ #include <tcg/tcg_pts_attr_req_file_meta.h> #include <tcg/tcg_pts_attr_unix_file_meta.h> -#include <debug.h> +#include <utils/debug.h> #include <utils/lexparser.h> #define DEFAULT_NONCE_LEN 20 -bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, +bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, imc_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups) @@ -57,10 +56,13 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, chunk_t attr_info; pts_t *pts; pts_error_code_t pts_error; + pen_type_t attr_type; bool valid_path; pts = attestation_state->get_pts(attestation_state); - switch (attr->get_type(attr)) + attr_type = attr->get_type(attr); + + switch (attr_type.type) { case TCG_PTS_REQ_PROTO_CAPS: { @@ -74,7 +76,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send PTS Protocol Capabilities attribute */ attr = tcg_pts_attr_proto_caps_create(imc_caps & imv_caps, FALSE); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_MEAS_ALGO: @@ -89,14 +91,14 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (selected_algorithm == PTS_MEAS_ALGO_NONE) { attr = pts_hash_alg_error_create(supported_algorithms); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } /* Send Measurement Algorithm Selection attribute */ pts->set_meas_algorithm(pts, selected_algorithm); attr = tcg_pts_attr_meas_algo_create(selected_algorithm, TRUE); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_DH_NONCE_PARAMS_REQ: @@ -116,7 +118,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, (min_nonce_len > 0 && nonce_len < min_nonce_len)) { attr = pts_dh_nonce_error_create(nonce_len, PTS_MAX_NONCE_LEN); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } @@ -126,7 +128,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (selected_dh_group == PTS_DH_GROUP_NONE) { attr = pts_dh_group_error_create(supported_dh_groups); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } @@ -140,7 +142,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send DH Nonce Parameters Response attribute */ attr = tcg_pts_attr_dh_nonce_params_resp_create(selected_dh_group, supported_algorithms, responder_nonce, responder_value); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_DH_NONCE_FINISH: @@ -171,7 +173,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, "have differing lengths"); return FALSE; } - + pts->set_peer_public_value(pts, initiator_value, initiator_nonce); if (!pts->calculate_secret(pts)) { @@ -182,19 +184,19 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, case TCG_PTS_GET_TPM_VERSION_INFO: { chunk_t tpm_version_info, attr_info; + pen_type_t error_code = { PEN_TCG, TCG_PTS_TPM_VERS_NOT_SUPPORTED }; if (!pts->get_tpm_version_info(pts, &tpm_version_info)) { attr_info = attr->get_value(attr); - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_TPM_VERS_NOT_SUPPORTED, attr_info); - attr_list->insert_last(attr_list, attr); + attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); + msg->add_attribute(msg, attr); break; } /* Send TPM Version Info attribute */ attr = tcg_pts_attr_tpm_version_info_create(tpm_version_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_GET_AIK: @@ -210,7 +212,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send AIK attribute */ attr = tcg_pts_attr_aik_create(aik); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_REQ_FILE_MEAS: @@ -221,6 +223,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, bool is_directory; u_int32_t delimiter; pts_file_meas_t *measurements; + pen_type_t error_code; attr_info = attr->get_value(attr); attr_cast = (tcg_pts_attr_req_file_meas_t*)attr; @@ -232,9 +235,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (valid_path && pts_error) { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - pts_error, attr_info); - attr_list->insert_last(attr_list, attr); + error_code = pen_type_create(PEN_TCG, pts_error); + attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); + msg->add_attribute(msg, attr); break; } else if (!valid_path) @@ -244,9 +247,10 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF) { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_INVALID_DELIMITER, attr_info); - attr_list->insert_last(attr_list, attr); + error_code = pen_type_create(PEN_TCG, + TCG_PTS_INVALID_DELIMITER); + attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); + msg->add_attribute(msg, attr); break; } @@ -254,8 +258,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, DBG2(DBG_IMC, "measurement request %d for %s '%s'", request_id, is_directory ? "directory" : "file", pathname); - measurements = pts->do_measurements(pts, request_id, - pathname, is_directory); + measurements = pts_file_meas_create_from_path(request_id, + pathname, is_directory, TRUE, + pts->get_meas_algorithm(pts)); if (!measurements) { /* TODO handle error codes from measurements */ @@ -263,7 +268,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, } attr = tcg_pts_attr_file_meas_create(measurements); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_REQ_FILE_META: @@ -273,6 +278,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, bool is_directory; u_int8_t delimiter; pts_file_meta_t *metadata; + pen_type_t error_code; attr_info = attr->get_value(attr); attr_cast = (tcg_pts_attr_req_file_meta_t*)attr; @@ -283,9 +289,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, valid_path = pts->is_path_valid(pts, pathname, &pts_error); if (valid_path && pts_error) { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - pts_error, attr_info); - attr_list->insert_last(attr_list, attr); + error_code = pen_type_create(PEN_TCG, pts_error); + attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); + msg->add_attribute(msg, attr); break; } else if (!valid_path) @@ -294,9 +300,10 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, } if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF) { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_INVALID_DELIMITER, attr_info); - attr_list->insert_last(attr_list, attr); + error_code = pen_type_create(PEN_TCG, + TCG_PTS_INVALID_DELIMITER); + attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); + msg->add_attribute(msg, attr); break; } /* Get File Metadata and send them to PTS-IMV */ @@ -312,8 +319,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, } attr = tcg_pts_attr_unix_file_meta_create(metadata); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); - + msg->add_attribute(msg, attr); break; } case TCG_PTS_REQ_FUNC_COMP_EVID: @@ -323,11 +329,12 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, pts_comp_func_name_t *name; pts_comp_evidence_t *evid; pts_component_t *comp; + pen_type_t error_code; u_int32_t depth; u_int8_t flags; status_t status; enumerator_t *e; - + attr_info = attr->get_value(attr); attr_cast = (tcg_pts_attr_req_func_comp_evid_t*)attr; @@ -342,33 +349,37 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (flags & PTS_REQ_FUNC_COMP_EVID_TTC) { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_UNABLE_DET_TTC, attr_info); - attr_list->insert_last(attr_list, attr); + error_code = pen_type_create(PEN_TCG, + TCG_PTS_UNABLE_DET_TTC); + attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); + msg->add_attribute(msg, attr); break; } if (flags & PTS_REQ_FUNC_COMP_EVID_VER && !(negotiated_caps & PTS_PROTO_CAPS_V)) { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_UNABLE_LOCAL_VAL, attr_info); - attr_list->insert_last(attr_list, attr); + error_code = pen_type_create(PEN_TCG, + TCG_PTS_UNABLE_LOCAL_VAL); + attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); + msg->add_attribute(msg, attr); break; } if (flags & PTS_REQ_FUNC_COMP_EVID_CURR && !(negotiated_caps & PTS_PROTO_CAPS_C)) { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_UNABLE_CUR_EVID, attr_info); - attr_list->insert_last(attr_list, attr); + error_code = pen_type_create(PEN_TCG, + TCG_PTS_UNABLE_CUR_EVID); + attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); + msg->add_attribute(msg, attr); break; } if (flags & PTS_REQ_FUNC_COMP_EVID_PCR && !(negotiated_caps & PTS_PROTO_CAPS_T)) { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_UNABLE_DET_PCR, attr_info); - attr_list->insert_last(attr_list, attr); + error_code = pen_type_create(PEN_TCG, + TCG_PTS_UNABLE_DET_PCR); + attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); + msg->add_attribute(msg, attr); break; } if (depth > 0) @@ -377,17 +388,19 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, "support sub component measurements"); return FALSE; } - comp = pts_components->create(pts_components, name, depth, NULL); + comp = attestation_state->create_component(attestation_state, + name, depth); if (!comp) { DBG2(DBG_IMC, " not registered: no evidence provided"); continue; } - /* do the component evidence measurement[s] */ + /* do the component evidence measurement[s] and cache them */ do { - status = comp->measure(comp, pts, &evid); + status = comp->measure(comp, name->get_qualifier(name), + pts, &evid); if (status == FAILED) { break; @@ -395,7 +408,6 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, attestation_state->add_evidence(attestation_state, evid); } while (status == NEED_MORE); - comp->destroy(comp); } e->destroy(e); break; @@ -408,14 +420,11 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, chunk_t pcr_composite, quote_sig; bool use_quote2; - /* Send buffered Simple Component Evidences */ + /* Send cached Component Evidence entries */ while (attestation_state->next_evidence(attestation_state, &evid)) { - pts->select_pcr(pts, evid->get_extended_pcr(evid)); - - /* Send Simple Component Evidence */ attr = tcg_pts_attr_simple_comp_evid_create(evid); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); } use_quote2 = lib->settings->get_bool(lib->settings, @@ -433,7 +442,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, attr = tcg_pts_attr_simple_evid_final_create(flags, comp_hash_algorithm, pcr_composite, quote_sig); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } /* TODO: Not implemented yet */ diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.h b/src/libpts/plugins/imc_attestation/imc_attestation_process.h index b6dca1f56..a2f1b4e3c 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_process.h +++ b/src/libpts/plugins/imc_attestation/imc_attestation_process.h @@ -14,9 +14,8 @@ */ /** - * * @defgroup imc_attestation_process_t imc_attestation_process - * @{ @ingroup imc_attestation_process + * @{ @ingroup imc_attestation */ #ifndef IMC_ATTESTATION_PROCESS_H_ @@ -26,6 +25,7 @@ #include <library.h> +#include <imc/imc_msg.h> #include <pa_tnc/pa_tnc_attr.h> #include <pts/pts_dh_group.h> @@ -35,13 +35,13 @@ * Process a TCG PTS attribute * * @param attr PA-TNC attribute to be processed - * @param attr_list list with PA-TNC error attributes + * @param msg outbound PA-TNC message to be assembled * @param attestation_state attestation state of a given connection * @param supported_algorithms supported PTS measurement algorithms * @param supported_dh_groups supported DH groups * @return TRUE if successful */ -bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, +bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, imc_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups); diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.c b/src/libpts/plugins/imc_attestation/imc_attestation_state.c index 72a55f60e..4fcbdfa8a 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,10 +15,15 @@ #include "imc_attestation_state.h" -#include <utils/linked_list.h> -#include <debug.h> +#include <libpts.h> + +#include <tncif_names.h> + +#include <collections/linked_list.h> +#include <utils/debug.h> typedef struct private_imc_attestation_state_t private_imc_attestation_state_t; +typedef struct func_comp_t func_comp_t; /** * Private data of an imc_attestation_state_t object. @@ -41,6 +46,11 @@ struct private_imc_attestation_state_t { TNC_ConnectionState state; /** + * Assessment/Evaluation Result + */ + TNC_IMV_Evaluation_Result result; + + /** * Does the TNCCS connection support long message types? */ bool has_long; @@ -51,12 +61,22 @@ struct private_imc_attestation_state_t { bool has_excl; /** + * Maximum PA-TNC message size for this TNCCS connection + */ + u_int32_t max_msg_len; + + /** * PTS object */ pts_t *pts; /** - * PTS Component Evidence list + * List of Functional Components + */ + linked_list_t *components; + + /** + * Functional Component Evidence cache list */ linked_list_t *list; @@ -87,18 +107,50 @@ METHOD(imc_state_t, set_flags, void, this->has_excl = has_excl; } +METHOD(imc_state_t, set_max_msg_len, void, + private_imc_attestation_state_t *this, u_int32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imc_state_t, get_max_msg_len, u_int32_t, + private_imc_attestation_state_t *this) +{ + return this->max_msg_len; +} + METHOD(imc_state_t, change_state, void, private_imc_attestation_state_t *this, TNC_ConnectionState new_state) { this->state = new_state; } +METHOD(imc_state_t, set_result, void, + private_imc_attestation_state_t *this, TNC_IMCID id, + TNC_IMV_Evaluation_Result result) +{ + this->result = result; +} + +METHOD(imc_state_t, get_result, bool, + private_imc_attestation_state_t *this, TNC_IMCID id, + TNC_IMV_Evaluation_Result *result) +{ + if (result) + { + *result = this->result; + } + return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} METHOD(imc_state_t, destroy, void, private_imc_attestation_state_t *this) { this->pts->destroy(this->pts); - this->list->destroy_offset(this->list, offsetof(pts_comp_evidence_t, destroy)); + this->components->destroy_offset(this->components, + offsetof(pts_component_t, destroy)); + this->list->destroy_offset(this->list, + offsetof(pts_comp_evidence_t, destroy)); free(this); } @@ -108,10 +160,42 @@ METHOD(imc_attestation_state_t, get_pts, pts_t*, return this->pts; } +METHOD(imc_attestation_state_t, create_component, pts_component_t*, + private_imc_attestation_state_t *this, pts_comp_func_name_t *name, + u_int32_t depth) +{ + enumerator_t *enumerator; + pts_component_t *component; + bool found = FALSE; + + enumerator = this->components->create_enumerator(this->components); + while (enumerator->enumerate(enumerator, &component)) + { + if (name->equals(name, component->get_comp_func_name(component))) + { + found = TRUE; + break; + } + } + enumerator->destroy(enumerator); + + if (!found) + { + component = pts_components->create(pts_components, name, depth, NULL); + if (!component) + { + return NULL; + } + this->components->insert_last(this->components, component); + + } + return component; +} + METHOD(imc_attestation_state_t, add_evidence, void, - private_imc_attestation_state_t *this, pts_comp_evidence_t *evidence) + private_imc_attestation_state_t *this, pts_comp_evidence_t *evid) { - this->list->insert_last(this->list, evidence); + this->list->insert_last(this->list, evid); } METHOD(imc_attestation_state_t, next_evidence, bool, @@ -126,7 +210,6 @@ METHOD(imc_attestation_state_t, next_evidence, bool, imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) { private_imc_attestation_state_t *this; - char *platform_info; INIT(this, .public = { @@ -135,26 +218,26 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) .has_long = _has_long, .has_excl = _has_excl, .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, .change_state = _change_state, + .set_result = _set_result, + .get_result = _get_result, .destroy = _destroy, }, .get_pts = _get_pts, + .create_component = _create_component, .add_evidence = _add_evidence, .next_evidence = _next_evidence, }, .connection_id = connection_id, .state = TNC_CONNECTION_STATE_CREATE, + .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .pts = pts_create(TRUE), + .components = linked_list_create(), .list = linked_list_create(), ); - platform_info = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.platform_info", NULL); - if (platform_info) - { - this->pts->set_platform_info(this->pts, platform_info); - } - return &this->public.interface; } diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.h b/src/libpts/plugins/imc_attestation/imc_attestation_state.h index 22b0bba23..4b93931c3 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_state.h +++ b/src/libpts/plugins/imc_attestation/imc_attestation_state.h @@ -14,9 +14,11 @@ */ /** + * @defgroup imc_attestation imc_attestation + * @ingroup libpts_plugins * * @defgroup imc_attestation_state_t imc_attestation_state - * @{ @ingroup imc_attestation_state + * @{ @ingroup imc_attestation */ #ifndef IMC_ATTESTATION_STATE_H_ @@ -24,6 +26,7 @@ #include <imc/imc_state.h> #include <pts/pts.h> +#include <pts/components/pts_component.h> #include <pts/components/pts_comp_evidence.h> #include <library.h> @@ -47,14 +50,24 @@ struct imc_attestation_state_t { pts_t* (*get_pts)(imc_attestation_state_t *this); /** - * Add an entry to the Component Evidence list + * Create and add an entry to the list of Functional Components * - * @param entry Component Evidence entry + * @param name Component Functional Name + * @param depth Sub-component Depth + * @return created functional component instance or NULL */ - void (*add_evidence)(imc_attestation_state_t *this, pts_comp_evidence_t *entry); + pts_component_t* (*create_component)(imc_attestation_state_t *this, + pts_comp_func_name_t *name, u_int32_t depth); /** - * Removes next Component Evidence entry from list and returns it + * Add an entry to the Component Evidence cache list + * + * @param evid Component Evidence entry + */ + void (*add_evidence)(imc_attestation_state_t *this, pts_comp_evidence_t *evid); + + /** + * Removes next entry from the Component Evidence cache list and returns it * * @param evid Next Component Evidence entry * @return TRUE if next entry is available |