refactored DH group nonce exchange

author: Andreas Steffen <andreas.steffen@strongswan.org> 2011-10-08 22:17:50 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2011-11-28 18:25:50 +0100
commit: c50f881f6aaa55288369a913df551eb95934b299 (patch)
tree: 18fc6eb24fc2c3c5d531ab2abec9f3001dfed4fc /src/libimcv
parent: 4ee4da47f87725025374b712c69c70177ae4eefc (diff)
download: strongswan-c50f881f6aaa55288369a913df551eb95934b299.tar.bz2
strongswan-c50f881f6aaa55288369a913df551eb95934b299.tar.xz
2 files changed, 12 insertions, 166 deletions
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c
index a263622b4..12e9b8014 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c
@@ -45,6 +45,8 @@ static const char imc_name[] = "Attestation";
 
 #define IMC_VENDOR_ID				PEN_TCG
 #define IMC_SUBTYPE					PA_SUBTYPE_TCG_PTS
+
+#define DEFAULT_NONCE_LEN			20
 #define EXTEND_PCR					16
 
 static imc_agent_t *imc_attestation;
@@ -71,10 +73,9 @@ static linked_list_t *evidences = NULL;
 static pts_dh_group_t supported_dh_groups = 0;
 
 /**
- * High Entropy Random Data
- * used in calculation of shared secret for the assessment session
+ * Supported PTS Diffie Hellman Groups
  */
-static char *responder_nonce = NULL;
+static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
 
 /**
  * List of buffered Simple Component Evidences
@@ -90,15 +91,13 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
 							  TNC_Version max_version,
 							  TNC_Version *actual_version)
 {
-	rng_t *rng;
-	
 	if (imc_attestation)
 	{
 		DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
 		return TNC_RESULT_ALREADY_INITIALIZED;
 	}
-	if (!pts_meas_probe_algorithms(&supported_algorithms) ||
-		!pts_probe_dh_groups(&supported_dh_groups))
+	if (!pts_meas_algo_probe(&supported_algorithms) ||
+		!pts_dh_group_probe(&supported_dh_groups))
 	{
 		return TNC_RESULT_FATAL;
 	}
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c
index d31cca423..cd3e02eef 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation.c
@@ -45,6 +45,8 @@ static const char imv_name[] = "Attestation";
 #define IMV_VENDOR_ID			PEN_TCG
 #define IMV_SUBTYPE				PA_SUBTYPE_TCG_PTS
 
+#define NONCE_LEN_LIMIT			16
+
 static imv_agent_t *imv_attestation;
 
 /**
@@ -60,13 +62,7 @@ static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
 /**
  * Supported PTS Diffie Hellman Groups
  */
-static pts_dh_group_t supported_dh_groups = 0;
-
-/**
- * High Entropy Random Data
- * used in calculation of shared secret for the assessment session
- */
-static char *initiator_nonce = NULL;
+static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
 
 /**
  * PTS file measurement database
@@ -97,7 +93,6 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
 							  TNC_Version *actual_version)
 {
 	char *hash_alg, *dh_group, *uri, *cadir;
-	rng_t *rng;
 
 	if (imv_attestation)
 	{
@@ -154,7 +149,9 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
 	 */
 	dh_group = lib->settings->get_str(lib->settings,
 				"libimcv.plugins.imv-attestation.dh_group", "ecp256");
-	if (!pts_update_supported_dh_groups(dh_group, &supported_dh_groups))
+
+	if (!pts_meas_algo_update(hash_alg, &supported_algorithms) ||
+		!pts_dh_group_update(dh_group, &supported_dh_groups))
 	{
 		return TNC_RESULT_FATAL;
 	}
@@ -241,156 +238,7 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
 	}
 	else
 	{
-<<<<<<< HEAD
 		result = TNC_RESULT_FATAL;
-=======
-		case IMV_ATTESTATION_STATE_INIT:
-		{
-			pts_proto_caps_flag_t flags;
-
-			/* Send Request Protocol Capabilities attribute */
-			flags = pts->get_proto_caps(pts);
-			attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
-			attr->set_noskip_flag(attr, TRUE);
-			msg->add_attribute(msg, attr);
-
-			/* Send Measurement Algorithms attribute */
-			attr = tcg_pts_attr_meas_algo_create(supported_algorithms, FALSE);
-			attr->set_noskip_flag(attr, TRUE);
-			msg->add_attribute(msg, attr);
-
-			attestation_state->set_handshake_state(attestation_state,
-										IMV_ATTESTATION_STATE_TPM_INIT);
-			break;
-		}
-		case IMV_ATTESTATION_STATE_TPM_INIT:
-		{
-			if (!dh_nonce_req_sent)
-			{
-				/* Send DH nonce parameters request attribute */
-				attr = tcg_pts_attr_dh_nonce_params_req_create(0, supported_dh_groups);
-				attr->set_noskip_flag(attr, TRUE);
-				msg->add_attribute(msg, attr);
-				dh_nonce_req_sent = TRUE;
-			}
-			else
-			{
-				pts_meas_algorithms_t selected_algorithm;
-				chunk_t initiator_pub_val;
-
-				/* Send DH nonce finish attribute */
-				selected_algorithm = pts->get_meas_algorithm(pts);
-				pts->get_my_public_value(pts, &initiator_pub_val);
-
-				attr = tcg_pts_attr_dh_nonce_finish_create(NONCE_LEN,
-									selected_algorithm,
-									chunk_create(initiator_nonce, NONCE_LEN),
-									initiator_pub_val);
-				attr->set_noskip_flag(attr, TRUE);
-				msg->add_attribute(msg, attr);
-
-				/* Send Get TPM Version attribute */
-				attr = tcg_pts_attr_get_tpm_version_info_create();
-				attr->set_noskip_flag(attr, TRUE);
-				msg->add_attribute(msg, attr);
-
-				/* Send Get AIK attribute */
-				attr = tcg_pts_attr_get_aik_create();
-				attr->set_noskip_flag(attr, TRUE);
-				msg->add_attribute(msg, attr);
-
-				attestation_state->set_handshake_state(attestation_state,
-										IMV_ATTESTATION_STATE_MEAS);
-			}
-
-			break;
-		}
-		case IMV_ATTESTATION_STATE_MEAS:
-		{
-
-			enumerator_t *enumerator;
-			u_int32_t delimiter = SOLIDUS_UTF;
-			char *platform_info, *pathname;
-			u_int16_t request_id;
-			int id, type;
-			bool is_dir;
-
-			attestation_state->set_handshake_state(attestation_state,
-										IMV_ATTESTATION_STATE_COMP_EVID);
-
-			/* Get Platform and OS of the PTS-IMC */
-			platform_info = pts->get_platform_info(pts);
-
-			if (!pts_db || !platform_info)
-			{
-				DBG1(DBG_IMV, "%s%s%s not available",
-					(pts_db) ? "" : "pts database",
-					(!pts_db && !platform_info) ? "and" : "",
-					(platform_info) ? "" : "platform info");
-				break;
-			}
-			DBG1(DBG_IMV, "platform is '%s'", platform_info);
-
-			/* Send Request File Metadata attribute */
-			attr = tcg_pts_attr_req_file_meta_create(FALSE, SOLIDUS_UTF, "/etc/tnc_config");
-			attr->set_noskip_flag(attr, TRUE);
-			msg->add_attribute(msg, attr);
-
-			/* Send Request File Measurement attribute */
-			enumerator = pts_db->create_file_enumerator(pts_db, platform_info);
-			if (!enumerator)
-			{
-				break;
-			}
-			while (enumerator->enumerate(enumerator, &id, &type, &pathname))
-			{
-				is_dir = (type != 0);
-				request_id = attestation_state->add_request(attestation_state,
-															id, is_dir);
-				DBG2(DBG_IMV, "measurement request %d for %s '%s'",
-					 request_id, is_dir ? "directory" : "file", pathname);
-				attr = tcg_pts_attr_req_file_meas_create(is_dir, request_id,
-													 delimiter, pathname);
-				attr->set_noskip_flag(attr, TRUE);
-				msg->add_attribute(msg, attr);
-			}
-			enumerator->destroy(enumerator);
-			break;
-		}
-		case IMV_ATTESTATION_STATE_COMP_EVID:
-		{
-			pts_attr_req_funct_comp_evid_flag_t flags;
-			u_int32_t sub_comp_depth;
-			pts_qualifier_t qualifier;
-			pts_funct_comp_name_t name;
-
-			attestation_state->set_handshake_state(attestation_state,
-										IMV_ATTESTATION_STATE_END);
-
-			flags = PTS_REQ_FUNC_COMP_FLAG_PCR;
-			sub_comp_depth = 0;
-			qualifier.kernel = FALSE;
-			qualifier.sub_component = FALSE;
-			qualifier.type = PTS_FUNC_COMP_TYPE_ALL;
-			name = PTS_FUNC_COMP_NAME_BIOS;
-
-			/* Send Request Functional Component Evidence attribute */
-			attr = tcg_pts_attr_req_funct_comp_evid_create(flags, sub_comp_depth,
-														PEN_TCG, qualifier, name);
-			attr->set_noskip_flag(attr, TRUE);
-			msg->add_attribute(msg, attr);
-			/* Send Generate Attestation Evidence attribute */
-			attr = tcg_pts_attr_gen_attest_evid_create();
-			attr->set_noskip_flag(attr, TRUE);
-			msg->add_attribute(msg, attr);
-
-			break;
-		}
-		default:
-			DBG1(DBG_IMV, "Attestation IMV is in unknown state: \"%s\"",
-				 handshake_state);
-			return TNC_RESULT_FATAL;
->>>>>>> fixed setting of PTS DH group
 	}
 	msg->destroy(msg);
 
@@ -637,7 +485,6 @@ TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id)
 	}
 	DESTROY_IF(pts_db);
 	DESTROY_IF(pts_credmgr);
-	free(initiator_nonce);
 
 	libpts_deinit();
author	Andreas Steffen <andreas.steffen@strongswan.org>	2011-10-08 22:17:50 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2011-11-28 18:25:50 +0100
commit	c50f881f6aaa55288369a913df551eb95934b299 (patch)
tree	18fc6eb24fc2c3c5d531ab2abec9f3001dfed4fc /src/libimcv
parent	4ee4da47f87725025374b712c69c70177ae4eefc (diff)
download	strongswan-c50f881f6aaa55288369a913df551eb95934b299.tar.bz2 strongswan-c50f881f6aaa55288369a913df551eb95934b299.tar.xz