Annotation of embedaddon/strongswan/src/libimcv/plugins/imc_attestation/imc_attestation.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2011-2012 Sansar Choinyambuu
! 3: * Copyright (C) 2011-2014 Andreas Steffen
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: #include "imc_attestation_state.h"
! 18: #include "imc_attestation_process.h"
! 19:
! 20: #include <imc/imc_agent.h>
! 21: #include <imc/imc_msg.h>
! 22: #include <ietf/ietf_attr.h>
! 23: #include <ietf/ietf_attr_pa_tnc_error.h>
! 24: #include <ietf/ietf_attr_product_info.h>
! 25: #include <ietf/ietf_attr_string_version.h>
! 26: #include <ietf/ietf_attr_assess_result.h>
! 27: #include <tcg/pts/tcg_pts_attr_proto_caps.h>
! 28: #include <tcg/pts/tcg_pts_attr_meas_algo.h>
! 29: #include <os_info/os_info.h>
! 30: #include <pts/pts_error.h>
! 31:
! 32: #include <tncif_pa_subtypes.h>
! 33:
! 34: #include <pen/pen.h>
! 35: #include <utils/debug.h>
! 36: #include <collections/linked_list.h>
! 37:
! 38: /* IMC definitions */
! 39:
! 40: static const char imc_name[] = "Attestation";
! 41:
! 42: static pen_type_t msg_types[] = {
! 43: { PEN_TCG, PA_SUBTYPE_TCG_PTS }
! 44: };
! 45:
! 46: static imc_agent_t *imc_attestation;
! 47:
! 48: /**
! 49: * Supported PTS measurement algorithms
! 50: */
! 51: static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
! 52:
! 53: /**
! 54: * Supported PTS Diffie Hellman Groups
! 55: */
! 56: static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
! 57:
! 58: /**
! 59: * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
! 60: */
! 61: TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id,
! 62: TNC_Version min_version,
! 63: TNC_Version max_version,
! 64: TNC_Version *actual_version)
! 65: {
! 66: bool mandatory_dh_groups;
! 67:
! 68: if (imc_attestation)
! 69: {
! 70: DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
! 71: return TNC_RESULT_ALREADY_INITIALIZED;
! 72: }
! 73: imc_attestation = imc_agent_create(imc_name, msg_types, countof(msg_types),
! 74: imc_id, actual_version);
! 75: if (!imc_attestation)
! 76: {
! 77: return TNC_RESULT_FATAL;
! 78: }
! 79:
! 80: mandatory_dh_groups = lib->settings->get_bool(lib->settings,
! 81: "%s.plugins.imc-attestation.mandatory_dh_groups", TRUE, lib->ns);
! 82:
! 83: if (!pts_meas_algo_probe(&supported_algorithms) ||
! 84: !pts_dh_group_probe(&supported_dh_groups, mandatory_dh_groups))
! 85: {
! 86: imc_attestation->destroy(imc_attestation);
! 87: imc_attestation = NULL;
! 88: return TNC_RESULT_FATAL;
! 89: }
! 90:
! 91: if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
! 92: {
! 93: DBG1(DBG_IMC, "no common IF-IMC version");
! 94: return TNC_RESULT_NO_COMMON_VERSION;
! 95: }
! 96: return TNC_RESULT_SUCCESS;
! 97: }
! 98:
! 99: /**
! 100: * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
! 101: */
! 102: TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
! 103: TNC_ConnectionID connection_id,
! 104: TNC_ConnectionState new_state)
! 105: {
! 106: imc_state_t *state;
! 107:
! 108: if (!imc_attestation)
! 109: {
! 110: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
! 111: return TNC_RESULT_NOT_INITIALIZED;
! 112: }
! 113: switch (new_state)
! 114: {
! 115: case TNC_CONNECTION_STATE_CREATE:
! 116: state = imc_attestation_state_create(connection_id);
! 117: return imc_attestation->create_state(imc_attestation, state);
! 118: case TNC_CONNECTION_STATE_DELETE:
! 119: return imc_attestation->delete_state(imc_attestation, connection_id);
! 120: default:
! 121: return imc_attestation->change_state(imc_attestation, connection_id,
! 122: new_state, NULL);
! 123: }
! 124: }
! 125:
! 126:
! 127: /**
! 128: * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
! 129: */
! 130: TNC_Result TNC_IMC_API TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
! 131: TNC_ConnectionID connection_id)
! 132: {
! 133: if (!imc_attestation)
! 134: {
! 135: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
! 136: return TNC_RESULT_NOT_INITIALIZED;
! 137: }
! 138:
! 139: return TNC_RESULT_SUCCESS;
! 140: }
! 141:
! 142: static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
! 143: {
! 144: imc_msg_t *out_msg;
! 145: imc_attestation_state_t *attestation_state;
! 146: enumerator_t *enumerator;
! 147: pa_tnc_attr_t *attr;
! 148: pen_type_t type;
! 149: TNC_Result result;
! 150: bool fatal_error = FALSE;
! 151:
! 152: /* generate an outgoing PA-TNC message - we might need it */
! 153: out_msg = imc_msg_create_as_reply(in_msg);
! 154:
! 155: /* parse received PA-TNC message and handle local and remote errors */
! 156: result = in_msg->receive(in_msg, out_msg, &fatal_error);
! 157: if (result != TNC_RESULT_SUCCESS)
! 158: {
! 159: out_msg->destroy(out_msg);
! 160: return result;
! 161: }
! 162:
! 163: /* analyze PA-TNC attributes */
! 164: enumerator = in_msg->create_attribute_enumerator(in_msg);
! 165: while (enumerator->enumerate(enumerator, &attr))
! 166: {
! 167: type = attr->get_type(attr);
! 168:
! 169: if (type.vendor_id == PEN_IETF)
! 170: {
! 171: if (type.type == IETF_ATTR_PA_TNC_ERROR)
! 172: {
! 173: ietf_attr_pa_tnc_error_t *error_attr;
! 174: pen_type_t error_code;
! 175: chunk_t msg_info;
! 176:
! 177: error_attr = (ietf_attr_pa_tnc_error_t*)attr;
! 178: error_code = error_attr->get_error_code(error_attr);
! 179:
! 180: if (error_code.vendor_id == PEN_TCG)
! 181: {
! 182: msg_info = error_attr->get_msg_info(error_attr);
! 183:
! 184: DBG1(DBG_IMC, "received TCG-PTS error '%N'",
! 185: pts_error_code_names, error_code.type);
! 186: DBG1(DBG_IMC, "error information: %B", &msg_info);
! 187:
! 188: result = TNC_RESULT_FATAL;
! 189: }
! 190: }
! 191: }
! 192: else if (type.vendor_id == PEN_TCG)
! 193: {
! 194: attestation_state = (imc_attestation_state_t*)state;
! 195:
! 196: if (!imc_attestation_process(attr, out_msg, attestation_state,
! 197: supported_algorithms, supported_dh_groups))
! 198: {
! 199: result = TNC_RESULT_FATAL;
! 200: break;
! 201: }
! 202: }
! 203: }
! 204: enumerator->destroy(enumerator);
! 205:
! 206: if (result == TNC_RESULT_SUCCESS)
! 207: {
! 208: /* send PA-TNC message with the EXCL flag set */
! 209: result = out_msg->send(out_msg, TRUE);
! 210: }
! 211: out_msg->destroy(out_msg);
! 212:
! 213: return result;
! 214: }
! 215:
! 216: /**
! 217: * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
! 218: */
! 219: TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
! 220: TNC_ConnectionID connection_id,
! 221: TNC_BufferReference msg,
! 222: TNC_UInt32 msg_len,
! 223: TNC_MessageType msg_type)
! 224: {
! 225: imc_state_t *state;
! 226: imc_msg_t *in_msg;
! 227: TNC_Result result;
! 228:
! 229: if (!imc_attestation)
! 230: {
! 231: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
! 232: return TNC_RESULT_NOT_INITIALIZED;
! 233: }
! 234: if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
! 235: {
! 236: return TNC_RESULT_FATAL;
! 237: }
! 238:
! 239: in_msg = imc_msg_create_from_data(imc_attestation, state, connection_id,
! 240: msg_type, chunk_create(msg, msg_len));
! 241: result = receive_message(state, in_msg);
! 242: in_msg->destroy(in_msg);
! 243:
! 244: return result;
! 245: }
! 246:
! 247: /**
! 248: * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
! 249: */
! 250: TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
! 251: TNC_ConnectionID connection_id,
! 252: TNC_UInt32 msg_flags,
! 253: TNC_BufferReference msg,
! 254: TNC_UInt32 msg_len,
! 255: TNC_VendorID msg_vid,
! 256: TNC_MessageSubtype msg_subtype,
! 257: TNC_UInt32 src_imv_id,
! 258: TNC_UInt32 dst_imc_id)
! 259: {
! 260: imc_state_t *state;
! 261: imc_msg_t *in_msg;
! 262: TNC_Result result;
! 263:
! 264: if (!imc_attestation)
! 265: {
! 266: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
! 267: return TNC_RESULT_NOT_INITIALIZED;
! 268: }
! 269: if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
! 270: {
! 271: return TNC_RESULT_FATAL;
! 272: }
! 273: in_msg = imc_msg_create_from_long_data(imc_attestation, state, connection_id,
! 274: src_imv_id, dst_imc_id, msg_vid, msg_subtype,
! 275: chunk_create(msg, msg_len));
! 276: result =receive_message(state, in_msg);
! 277: in_msg->destroy(in_msg);
! 278:
! 279: return result;
! 280: }
! 281:
! 282: /**
! 283: * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
! 284: */
! 285: TNC_Result TNC_IMC_API TNC_IMC_BatchEnding(TNC_IMCID imc_id,
! 286: TNC_ConnectionID connection_id)
! 287: {
! 288: if (!imc_attestation)
! 289: {
! 290: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
! 291: return TNC_RESULT_NOT_INITIALIZED;
! 292: }
! 293: return TNC_RESULT_SUCCESS;
! 294: }
! 295:
! 296: /**
! 297: * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
! 298: */
! 299: TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id)
! 300: {
! 301: if (!imc_attestation)
! 302: {
! 303: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
! 304: return TNC_RESULT_NOT_INITIALIZED;
! 305: }
! 306: imc_attestation->destroy(imc_attestation);
! 307: imc_attestation = NULL;
! 308:
! 309: return TNC_RESULT_SUCCESS;
! 310: }
! 311:
! 312: /**
! 313: * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
! 314: */
! 315: TNC_Result TNC_IMC_API TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
! 316: TNC_TNCC_BindFunctionPointer bind_function)
! 317: {
! 318: if (!imc_attestation)
! 319: {
! 320: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
! 321: return TNC_RESULT_NOT_INITIALIZED;
! 322: }
! 323: return imc_attestation->bind_functions(imc_attestation, bind_function);
! 324: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to imc_attestation.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / plugins / imc_attestation