![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to imv_attestation_build.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / plugins / imv_attestation|
Return to imv_attestation_build.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / plugins / imv_attestation |
1.1 misho 1: /*
2: * Copyright (C) 2011-2012 Sansar Choinyambuu
3: * Copyright (C) 2011-2014 Andreas Steffen
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #include "imv_attestation_build.h"
18: #include "imv_attestation_state.h"
19:
20: #include <tcg/pts/tcg_pts_attr_dh_nonce_params_req.h>
21: #include <tcg/pts/tcg_pts_attr_dh_nonce_finish.h>
22: #include <tcg/pts/tcg_pts_attr_get_tpm_version_info.h>
23: #include <tcg/pts/tcg_pts_attr_get_aik.h>
24: #include <tcg/pts/tcg_pts_attr_req_func_comp_evid.h>
25: #include <tcg/pts/tcg_pts_attr_gen_attest_evid.h>
26:
27: #include <utils/debug.h>
28:
29: bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
30: pts_dh_group_t supported_dh_groups,
31: pts_database_t *pts_db)
32: {
33: imv_attestation_state_t *attestation_state;
34: imv_attestation_handshake_state_t handshake_state;
35: pts_t *pts;
36: pa_tnc_attr_t *attr = NULL;
37:
38: attestation_state = (imv_attestation_state_t*)state;
39: handshake_state = attestation_state->get_handshake_state(attestation_state);
40: pts = attestation_state->get_pts(attestation_state);
41:
42: switch (handshake_state)
43: {
44: case IMV_ATTESTATION_STATE_NONCE_REQ:
45: {
46: int min_nonce_len;
47:
48: /* Send DH nonce parameters request attribute */
49: min_nonce_len = lib->settings->get_int(lib->settings,
50: "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
51: attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
52: supported_dh_groups);
53: attr->set_noskip_flag(attr, TRUE);
54: out_msg->add_attribute(out_msg, attr);
55:
56: attestation_state->set_handshake_state(attestation_state,
57: IMV_ATTESTATION_STATE_TPM_INIT);
58: break;
59: }
60: case IMV_ATTESTATION_STATE_TPM_INIT:
61: {
62: pts_meas_algorithms_t selected_algorithm;
63: chunk_t initiator_value, initiator_nonce;
64:
65: if (!(state->get_action_flags(state) & IMV_ATTESTATION_DH_NONCE))
66: {
67: break;
68: }
69:
70: /* Send DH nonce finish attribute */
71: selected_algorithm = pts->get_meas_algorithm(pts);
72: if (!pts->get_my_public_value(pts, &initiator_value,
73: &initiator_nonce))
74: {
75: return FALSE;
76: }
77: attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
78: initiator_value, initiator_nonce);
79: attr->set_noskip_flag(attr, TRUE);
80: out_msg->add_attribute(out_msg, attr);
81:
82: /* Send Get TPM Version attribute */
83: attr = tcg_pts_attr_get_tpm_version_info_create();
84: attr->set_noskip_flag(attr, TRUE);
85: out_msg->add_attribute(out_msg, attr);
86:
87: /* Send Get AIK attribute */
88: attr = tcg_pts_attr_get_aik_create();
89: attr->set_noskip_flag(attr, TRUE);
90: out_msg->add_attribute(out_msg, attr);
91:
92: attestation_state->set_handshake_state(attestation_state,
93: IMV_ATTESTATION_STATE_COMP_EVID);
94: break;
95: }
96: case IMV_ATTESTATION_STATE_COMP_EVID:
97: {
98: tcg_pts_attr_req_func_comp_evid_t *attr_cast;
99: enumerator_t *enumerator;
100: pts_comp_func_name_t *name;
101: uint8_t flags;
102: uint32_t depth;
103: bool first_component = TRUE;
104:
105: if (!(state->get_action_flags(state) & IMV_ATTESTATION_AIK))
106: {
107: break;
108: }
109:
110: attestation_state->set_handshake_state(attestation_state,
111: IMV_ATTESTATION_STATE_END);
112:
113: if (!pts->get_aik_id(pts))
114: {
115: attestation_state->set_measurement_error(attestation_state,
116: IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
117: return FALSE;
118: }
119:
120: enumerator = attestation_state->create_component_enumerator(
121: attestation_state);
122: while (enumerator->enumerate(enumerator, &flags, &depth, &name))
123: {
124: if (first_component)
125: {
126: attr = tcg_pts_attr_req_func_comp_evid_create();
127: attr->set_noskip_flag(attr, TRUE);
128: first_component = FALSE;
129: DBG2(DBG_IMV, "evidence request by");
130: }
131: name->log(name, " ");
132:
133: /* TODO check flags against negotiated_caps */
134: attr_cast = (tcg_pts_attr_req_func_comp_evid_t *)attr;
135: attr_cast->add_component(attr_cast, flags, depth, name);
136: }
137: enumerator->destroy(enumerator);
138:
139: if (attr)
140: {
141: /* Send Request Functional Component Evidence attribute */
142: out_msg->add_attribute(out_msg, attr);
143:
144: /* Send Generate Attestation Evidence attribute */
145: attr = tcg_pts_attr_gen_attest_evid_create();
146: attr->set_noskip_flag(attr, TRUE);
147: out_msg->add_attribute(out_msg, attr);
148:
149: attestation_state->set_handshake_state(attestation_state,
150: IMV_ATTESTATION_STATE_EVID_FINAL);
151: }
152: break;
153: }
154: default:
155: break;
156: }
157:
158: return TRUE;
159: }