![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to imv_attestation_build.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / plugins / imv_attestation|
Return to imv_attestation_build.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / plugins / imv_attestation |
1.1 misho 1: /*
2: * Copyright (C) 2011-2012 Sansar Choinyambuu
1.1.1.2 ! misho 3: * Copyright (C) 2011-2020 Andreas Steffen
1.1 misho 4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #include "imv_attestation_build.h"
18: #include "imv_attestation_state.h"
19:
20: #include <tcg/pts/tcg_pts_attr_dh_nonce_params_req.h>
21: #include <tcg/pts/tcg_pts_attr_dh_nonce_finish.h>
22: #include <tcg/pts/tcg_pts_attr_get_tpm_version_info.h>
23: #include <tcg/pts/tcg_pts_attr_get_aik.h>
24: #include <tcg/pts/tcg_pts_attr_req_func_comp_evid.h>
25: #include <tcg/pts/tcg_pts_attr_gen_attest_evid.h>
1.1.1.2 ! misho 26: #include <generic/generic_attr_string.h>
! 27: #include <ita/ita_attr.h>
1.1 misho 28:
29: #include <utils/debug.h>
30:
31: bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
32: pts_dh_group_t supported_dh_groups,
33: pts_database_t *pts_db)
34: {
35: imv_attestation_state_t *attestation_state;
36: imv_attestation_handshake_state_t handshake_state;
37: pts_t *pts;
38: pa_tnc_attr_t *attr = NULL;
39:
40: attestation_state = (imv_attestation_state_t*)state;
41: handshake_state = attestation_state->get_handshake_state(attestation_state);
42: pts = attestation_state->get_pts(attestation_state);
43:
44: switch (handshake_state)
45: {
46: case IMV_ATTESTATION_STATE_NONCE_REQ:
47: {
48: int min_nonce_len;
49:
50: /* Send DH nonce parameters request attribute */
51: min_nonce_len = lib->settings->get_int(lib->settings,
52: "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
53: attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
54: supported_dh_groups);
55: attr->set_noskip_flag(attr, TRUE);
56: out_msg->add_attribute(out_msg, attr);
57:
58: attestation_state->set_handshake_state(attestation_state,
59: IMV_ATTESTATION_STATE_TPM_INIT);
60: break;
61: }
62: case IMV_ATTESTATION_STATE_TPM_INIT:
63: {
64: pts_meas_algorithms_t selected_algorithm;
65: chunk_t initiator_value, initiator_nonce;
66:
67: if (!(state->get_action_flags(state) & IMV_ATTESTATION_DH_NONCE))
68: {
69: break;
70: }
71:
72: /* Send DH nonce finish attribute */
1.1.1.2 ! misho 73: selected_algorithm = pts->get_dh_hash_algorithm(pts);
1.1 misho 74: if (!pts->get_my_public_value(pts, &initiator_value,
75: &initiator_nonce))
76: {
77: return FALSE;
78: }
79: attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
80: initiator_value, initiator_nonce);
81: attr->set_noskip_flag(attr, TRUE);
82: out_msg->add_attribute(out_msg, attr);
83:
84: /* Send Get TPM Version attribute */
85: attr = tcg_pts_attr_get_tpm_version_info_create();
86: attr->set_noskip_flag(attr, TRUE);
87: out_msg->add_attribute(out_msg, attr);
88:
89: /* Send Get AIK attribute */
90: attr = tcg_pts_attr_get_aik_create();
91: attr->set_noskip_flag(attr, TRUE);
92: out_msg->add_attribute(out_msg, attr);
93:
94: attestation_state->set_handshake_state(attestation_state,
95: IMV_ATTESTATION_STATE_COMP_EVID);
96: break;
97: }
98: case IMV_ATTESTATION_STATE_COMP_EVID:
99: {
100: tcg_pts_attr_req_func_comp_evid_t *attr_cast;
101: enumerator_t *enumerator;
102: pts_comp_func_name_t *name;
103: uint8_t flags;
104: uint32_t depth;
105: bool first_component = TRUE;
106:
107: if (!(state->get_action_flags(state) & IMV_ATTESTATION_AIK))
108: {
109: break;
110: }
111:
112: attestation_state->set_handshake_state(attestation_state,
113: IMV_ATTESTATION_STATE_END);
114:
115: if (!pts->get_aik_id(pts))
116: {
117: attestation_state->set_measurement_error(attestation_state,
118: IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
119: return FALSE;
120: }
121:
122: enumerator = attestation_state->create_component_enumerator(
123: attestation_state);
124: while (enumerator->enumerate(enumerator, &flags, &depth, &name))
125: {
126: if (first_component)
127: {
128: attr = tcg_pts_attr_req_func_comp_evid_create();
129: attr->set_noskip_flag(attr, TRUE);
130: first_component = FALSE;
131: DBG2(DBG_IMV, "evidence request by");
132: }
133: name->log(name, " ");
134:
135: /* TODO check flags against negotiated_caps */
136: attr_cast = (tcg_pts_attr_req_func_comp_evid_t *)attr;
137: attr_cast->add_component(attr_cast, flags, depth, name);
138: }
139: enumerator->destroy(enumerator);
140:
141: if (attr)
142: {
1.1.1.2 ! misho 143: /* Send Get Symlinks attribute */
! 144: out_msg->add_attribute(out_msg, generic_attr_string_create(
! 145: chunk_from_str("/"),
! 146: pen_type_create(PEN_ITA, ITA_ATTR_GET_SYMLINKS)));
! 147:
1.1 misho 148: /* Send Request Functional Component Evidence attribute */
149: out_msg->add_attribute(out_msg, attr);
150:
151: /* Send Generate Attestation Evidence attribute */
152: attr = tcg_pts_attr_gen_attest_evid_create();
153: attr->set_noskip_flag(attr, TRUE);
154: out_msg->add_attribute(out_msg, attr);
155:
156: attestation_state->set_handshake_state(attestation_state,
157: IMV_ATTESTATION_STATE_EVID_FINAL);
158: }
159: break;
160: }
161: default:
162: break;
163: }
164:
165: return TRUE;
166: }