![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to imc_attestation.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / plugins / imc_attestation|
Return to imc_attestation.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / plugins / imc_attestation |
1.1 misho 1: /*
2: * Copyright (C) 2011-2012 Sansar Choinyambuu
1.1.1.2 ! misho 3: * Copyright (C) 2011-2020 Andreas Steffen
1.1 misho 4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #include "imc_attestation_state.h"
18: #include "imc_attestation_process.h"
19:
20: #include <imc/imc_agent.h>
21: #include <imc/imc_msg.h>
22: #include <ietf/ietf_attr.h>
23: #include <ietf/ietf_attr_pa_tnc_error.h>
24: #include <ietf/ietf_attr_product_info.h>
25: #include <ietf/ietf_attr_string_version.h>
26: #include <ietf/ietf_attr_assess_result.h>
1.1.1.2 ! misho 27: #include <ita/ita_attr_symlinks.h>
1.1 misho 28: #include <tcg/pts/tcg_pts_attr_proto_caps.h>
29: #include <tcg/pts/tcg_pts_attr_meas_algo.h>
30: #include <os_info/os_info.h>
31: #include <pts/pts_error.h>
32:
33: #include <tncif_pa_subtypes.h>
34:
35: #include <pen/pen.h>
36: #include <utils/debug.h>
37: #include <collections/linked_list.h>
38:
39: /* IMC definitions */
40:
41: static const char imc_name[] = "Attestation";
42:
43: static pen_type_t msg_types[] = {
44: { PEN_TCG, PA_SUBTYPE_TCG_PTS }
45: };
46:
47: static imc_agent_t *imc_attestation;
48:
49: /**
50: * Supported PTS measurement algorithms
51: */
52: static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
53:
54: /**
55: * Supported PTS Diffie Hellman Groups
56: */
57: static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
58:
59: /**
60: * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
61: */
62: TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id,
63: TNC_Version min_version,
64: TNC_Version max_version,
65: TNC_Version *actual_version)
66: {
67: bool mandatory_dh_groups;
68:
69: if (imc_attestation)
70: {
71: DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
72: return TNC_RESULT_ALREADY_INITIALIZED;
73: }
74: imc_attestation = imc_agent_create(imc_name, msg_types, countof(msg_types),
75: imc_id, actual_version);
76: if (!imc_attestation)
77: {
78: return TNC_RESULT_FATAL;
79: }
80:
81: mandatory_dh_groups = lib->settings->get_bool(lib->settings,
82: "%s.plugins.imc-attestation.mandatory_dh_groups", TRUE, lib->ns);
83:
84: if (!pts_meas_algo_probe(&supported_algorithms) ||
85: !pts_dh_group_probe(&supported_dh_groups, mandatory_dh_groups))
86: {
87: imc_attestation->destroy(imc_attestation);
88: imc_attestation = NULL;
89: return TNC_RESULT_FATAL;
90: }
91:
92: if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
93: {
94: DBG1(DBG_IMC, "no common IF-IMC version");
95: return TNC_RESULT_NO_COMMON_VERSION;
96: }
97: return TNC_RESULT_SUCCESS;
98: }
99:
100: /**
101: * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
102: */
103: TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
104: TNC_ConnectionID connection_id,
105: TNC_ConnectionState new_state)
106: {
107: imc_state_t *state;
108:
109: if (!imc_attestation)
110: {
111: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
112: return TNC_RESULT_NOT_INITIALIZED;
113: }
114: switch (new_state)
115: {
116: case TNC_CONNECTION_STATE_CREATE:
117: state = imc_attestation_state_create(connection_id);
118: return imc_attestation->create_state(imc_attestation, state);
119: case TNC_CONNECTION_STATE_DELETE:
120: return imc_attestation->delete_state(imc_attestation, connection_id);
121: default:
122: return imc_attestation->change_state(imc_attestation, connection_id,
123: new_state, NULL);
124: }
125: }
126:
127:
128: /**
129: * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
130: */
131: TNC_Result TNC_IMC_API TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
132: TNC_ConnectionID connection_id)
133: {
134: if (!imc_attestation)
135: {
136: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
137: return TNC_RESULT_NOT_INITIALIZED;
138: }
139:
140: return TNC_RESULT_SUCCESS;
141: }
142:
143: static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
144: {
145: imc_msg_t *out_msg;
146: imc_attestation_state_t *attestation_state;
147: enumerator_t *enumerator;
148: pa_tnc_attr_t *attr;
149: pen_type_t type;
150: TNC_Result result;
151: bool fatal_error = FALSE;
152:
153: /* generate an outgoing PA-TNC message - we might need it */
154: out_msg = imc_msg_create_as_reply(in_msg);
155:
156: /* parse received PA-TNC message and handle local and remote errors */
157: result = in_msg->receive(in_msg, out_msg, &fatal_error);
158: if (result != TNC_RESULT_SUCCESS)
159: {
160: out_msg->destroy(out_msg);
161: return result;
162: }
163:
164: /* analyze PA-TNC attributes */
165: enumerator = in_msg->create_attribute_enumerator(in_msg);
166: while (enumerator->enumerate(enumerator, &attr))
167: {
168: type = attr->get_type(attr);
169:
170: if (type.vendor_id == PEN_IETF)
171: {
172: if (type.type == IETF_ATTR_PA_TNC_ERROR)
173: {
174: ietf_attr_pa_tnc_error_t *error_attr;
175: pen_type_t error_code;
176: chunk_t msg_info;
177:
178: error_attr = (ietf_attr_pa_tnc_error_t*)attr;
179: error_code = error_attr->get_error_code(error_attr);
180:
181: if (error_code.vendor_id == PEN_TCG)
182: {
183: msg_info = error_attr->get_msg_info(error_attr);
184:
185: DBG1(DBG_IMC, "received TCG-PTS error '%N'",
186: pts_error_code_names, error_code.type);
187: DBG1(DBG_IMC, "error information: %B", &msg_info);
188:
189: result = TNC_RESULT_FATAL;
190: }
191: }
192: }
193: else if (type.vendor_id == PEN_TCG)
194: {
195: attestation_state = (imc_attestation_state_t*)state;
196:
197: if (!imc_attestation_process(attr, out_msg, attestation_state,
198: supported_algorithms, supported_dh_groups))
199: {
200: result = TNC_RESULT_FATAL;
201: break;
202: }
203: }
1.1.1.2 ! misho 204: else if (type.vendor_id == PEN_ITA)
! 205: {
! 206: if (type.type == ITA_ATTR_GET_SYMLINKS)
! 207: {
! 208: pts_symlinks_t *symlinks;
! 209: chunk_t dir;
! 210: pts_t *pts;
! 211:
! 212: dir = attr->get_value(attr);
! 213: attestation_state = (imc_attestation_state_t*)state;
! 214: pts = attestation_state->get_pts(attestation_state);
! 215: symlinks = pts->extract_symlinks(pts, dir);
! 216: if (symlinks)
! 217: {
! 218: attr = ita_attr_symlinks_create(symlinks);
! 219: out_msg->add_attribute(out_msg, attr);
! 220: }
! 221: }
! 222: }
1.1 misho 223: }
224: enumerator->destroy(enumerator);
225:
226: if (result == TNC_RESULT_SUCCESS)
227: {
228: /* send PA-TNC message with the EXCL flag set */
229: result = out_msg->send(out_msg, TRUE);
230: }
231: out_msg->destroy(out_msg);
232:
233: return result;
234: }
235:
236: /**
237: * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
238: */
239: TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
240: TNC_ConnectionID connection_id,
241: TNC_BufferReference msg,
242: TNC_UInt32 msg_len,
243: TNC_MessageType msg_type)
244: {
245: imc_state_t *state;
246: imc_msg_t *in_msg;
247: TNC_Result result;
248:
249: if (!imc_attestation)
250: {
251: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
252: return TNC_RESULT_NOT_INITIALIZED;
253: }
254: if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
255: {
256: return TNC_RESULT_FATAL;
257: }
258:
259: in_msg = imc_msg_create_from_data(imc_attestation, state, connection_id,
260: msg_type, chunk_create(msg, msg_len));
261: result = receive_message(state, in_msg);
262: in_msg->destroy(in_msg);
263:
264: return result;
265: }
266:
267: /**
268: * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
269: */
270: TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
271: TNC_ConnectionID connection_id,
272: TNC_UInt32 msg_flags,
273: TNC_BufferReference msg,
274: TNC_UInt32 msg_len,
275: TNC_VendorID msg_vid,
276: TNC_MessageSubtype msg_subtype,
277: TNC_UInt32 src_imv_id,
278: TNC_UInt32 dst_imc_id)
279: {
280: imc_state_t *state;
281: imc_msg_t *in_msg;
282: TNC_Result result;
283:
284: if (!imc_attestation)
285: {
286: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
287: return TNC_RESULT_NOT_INITIALIZED;
288: }
289: if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
290: {
291: return TNC_RESULT_FATAL;
292: }
293: in_msg = imc_msg_create_from_long_data(imc_attestation, state, connection_id,
294: src_imv_id, dst_imc_id, msg_vid, msg_subtype,
295: chunk_create(msg, msg_len));
296: result =receive_message(state, in_msg);
297: in_msg->destroy(in_msg);
298:
299: return result;
300: }
301:
302: /**
303: * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
304: */
305: TNC_Result TNC_IMC_API TNC_IMC_BatchEnding(TNC_IMCID imc_id,
306: TNC_ConnectionID connection_id)
307: {
308: if (!imc_attestation)
309: {
310: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
311: return TNC_RESULT_NOT_INITIALIZED;
312: }
313: return TNC_RESULT_SUCCESS;
314: }
315:
316: /**
317: * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
318: */
319: TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id)
320: {
321: if (!imc_attestation)
322: {
323: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
324: return TNC_RESULT_NOT_INITIALIZED;
325: }
326: imc_attestation->destroy(imc_attestation);
327: imc_attestation = NULL;
328:
329: return TNC_RESULT_SUCCESS;
330: }
331:
332: /**
333: * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
334: */
335: TNC_Result TNC_IMC_API TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
336: TNC_TNCC_BindFunctionPointer bind_function)
337: {
338: if (!imc_attestation)
339: {
340: DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
341: return TNC_RESULT_NOT_INITIALIZED;
342: }
343: return imc_attestation->bind_functions(imc_attestation, bind_function);
344: }