diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-10-17 09:58:00 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-10-17 10:02:53 +0200 |
| commit | f8a70254a908f09f74f40cafe16e16f6d166147e (patch) | |
| tree | 69b3fa3757ae4a6c67ce24a6c11930f746289c8c /src/libpts | |
| parent | 154cae09e34e8951a605100adbb3a4076823c2cd (diff) | |
| download | strongswan-f8a70254a908f09f74f40cafe16e16f6d166147e.tar.bz2 strongswan-f8a70254a908f09f74f40cafe16e16f6d166147e.tar.xz | |
refactored PA-TNC message handling by IMCs
Diffstat (limited to 'src/libpts')
4 files changed, 81 insertions, 92 deletions
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libpts/plugins/imc_attestation/imc_attestation.c index a2b118d23..ee3d5c82e 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation.c @@ -17,6 +17,7 @@ #include "imc_attestation_process.h" #include <imc/imc_agent.h> +#include <imc/imc_msg.h> #include <pa_tnc/pa_tnc_msg.h> #include <ietf/ietf_attr.h> #include <ietf/ietf_attr_pa_tnc_error.h> @@ -147,57 +148,26 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, return TNC_RESULT_SUCCESS; } -static TNC_Result receive_message(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) +static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) { - pa_tnc_msg_t *pa_tnc_msg; - pa_tnc_attr_t *attr; - pen_type_t type; - linked_list_t *attr_list; - imc_state_t *state; + imc_msg_t *out_msg; imc_attestation_state_t *attestation_state; enumerator_t *enumerator; + pa_tnc_attr_t *attr; + pen_type_t type; TNC_Result result; - TNC_UInt32 target_imc_id; - - if (!imc_attestation) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - - /* get current IMC state */ - if (!imc_attestation->get_state(imc_attestation, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - attestation_state = (imc_attestation_state_t*)state; + bool fatal_error = FALSE; - /* parse received PA-TNC message and automatically handle any errors */ - result = imc_attestation->receive_message(imc_attestation, state, msg, - msg_vid, msg_subtype, src_imv_id, dst_imc_id, &pa_tnc_msg); - - /* no parsed PA-TNC attributes available if an error occurred */ - if (!pa_tnc_msg) + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) { return result; } - target_imc_id = (dst_imc_id == TNC_IMCID_ANY) ? imc_id : dst_imc_id; - - /* preprocess any IETF standard error attributes */ - result = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg) ? - TNC_RESULT_FATAL : TNC_RESULT_SUCCESS; - - attr_list = linked_list_create(); + out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ - enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg); + enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) { type = attr->get_type(attr); @@ -224,18 +194,12 @@ static TNC_Result receive_message(TNC_IMCID imc_id, result = TNC_RESULT_FATAL; } } - else if (type.type == IETF_ATTR_ASSESSMENT_RESULT) - { - ietf_attr_assess_result_t *ietf_attr; - - ietf_attr = (ietf_attr_assess_result_t*)attr; - state->set_result(state, target_imc_id, - ietf_attr->get_result(ietf_attr)); - } } else if (type.vendor_id == PEN_TCG) { - if (!imc_attestation_process(attr, attr_list, attestation_state, + attestation_state = (imc_attestation_state_t*)state; + + if (!imc_attestation_process(attr, out_msg, attestation_state, supported_algorithms, supported_dh_groups)) { result = TNC_RESULT_FATAL; @@ -244,15 +208,13 @@ static TNC_Result receive_message(TNC_IMCID imc_id, } } enumerator->destroy(enumerator); - pa_tnc_msg->destroy(pa_tnc_msg); - if (result == TNC_RESULT_SUCCESS && attr_list->get_count(attr_list)) + if (result == TNC_RESULT_SUCCESS) { - result = imc_attestation->send_message(imc_attestation, connection_id, - FALSE, 0, TNC_IMVID_ANY, PEN_TCG, PA_SUBTYPE_TCG_PTS, - attr_list); + /* send PA-TNC message with the excl flag set */ + result = out_msg->send(out_msg, TRUE); } - attr_list->destroy(attr_list); + out_msg->destroy(out_msg); return result; } @@ -266,14 +228,26 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { - TNC_VendorID msg_vid; - TNC_MessageSubtype msg_subtype; + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; - msg_vid = msg_type >> 8; - msg_subtype = msg_type & TNC_SUBTYPE_ANY; + if (!imc_attestation) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_attestation->get_state(imc_attestation, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + + in_msg = imc_msg_create_from_data(imc_attestation, state, connection_id, + msg_type, chunk_create(msg, msg_len)); + result = receive_message(state, in_msg); + in_msg->destroy(in_msg); - return receive_message(imc_id, connection_id, 0, chunk_create(msg, msg_len), - msg_vid, msg_subtype, 0, TNC_IMCID_ANY); + return result; } /** @@ -289,9 +263,26 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id) { - return receive_message(imc_id, connection_id, msg_flags, - chunk_create(msg, msg_len), msg_vid, msg_subtype, - src_imv_id, dst_imc_id); + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_attestation) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_attestation->get_state(imc_attestation, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_long_data(imc_attestation, state, connection_id, + src_imv_id, dst_imc_id, msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; } /** diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.c b/src/libpts/plugins/imc_attestation/imc_attestation_process.c index bd2fa649d..8ee02e467 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation_process.c @@ -48,7 +48,7 @@ #define DEFAULT_NONCE_LEN 20 -bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, +bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, imc_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups) @@ -76,7 +76,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send PTS Protocol Capabilities attribute */ attr = tcg_pts_attr_proto_caps_create(imc_caps & imv_caps, FALSE); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_MEAS_ALGO: @@ -91,14 +91,14 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (selected_algorithm == PTS_MEAS_ALGO_NONE) { attr = pts_hash_alg_error_create(supported_algorithms); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } /* Send Measurement Algorithm Selection attribute */ pts->set_meas_algorithm(pts, selected_algorithm); attr = tcg_pts_attr_meas_algo_create(selected_algorithm, TRUE); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_DH_NONCE_PARAMS_REQ: @@ -118,7 +118,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, (min_nonce_len > 0 && nonce_len < min_nonce_len)) { attr = pts_dh_nonce_error_create(nonce_len, PTS_MAX_NONCE_LEN); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } @@ -128,7 +128,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (selected_dh_group == PTS_DH_GROUP_NONE) { attr = pts_dh_group_error_create(supported_dh_groups); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } @@ -142,7 +142,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send DH Nonce Parameters Response attribute */ attr = tcg_pts_attr_dh_nonce_params_resp_create(selected_dh_group, supported_algorithms, responder_nonce, responder_value); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_DH_NONCE_FINISH: @@ -190,13 +190,13 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, { attr_info = attr->get_value(attr); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } /* Send TPM Version Info attribute */ attr = tcg_pts_attr_tpm_version_info_create(tpm_version_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_GET_AIK: @@ -212,7 +212,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send AIK attribute */ attr = tcg_pts_attr_aik_create(aik); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_REQ_FILE_MEAS: @@ -237,7 +237,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, { error_code = pen_type_create(PEN_TCG, pts_error); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } else if (!valid_path) @@ -250,7 +250,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_INVALID_DELIMITER); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } @@ -268,7 +268,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, } attr = tcg_pts_attr_file_meas_create(measurements); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_REQ_FILE_META: @@ -291,7 +291,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, { error_code = pen_type_create(PEN_TCG, pts_error); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } else if (!valid_path) @@ -303,7 +303,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_INVALID_DELIMITER); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } /* Get File Metadata and send them to PTS-IMV */ @@ -319,8 +319,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, } attr = tcg_pts_attr_unix_file_meta_create(metadata); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); - + msg->add_attribute(msg, attr); break; } case TCG_PTS_REQ_FUNC_COMP_EVID: @@ -353,7 +352,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_UNABLE_DET_TTC); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } if (flags & PTS_REQ_FUNC_COMP_EVID_VER && @@ -362,7 +361,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_UNABLE_LOCAL_VAL); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } if (flags & PTS_REQ_FUNC_COMP_EVID_CURR && @@ -371,7 +370,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_UNABLE_CUR_EVID); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } if (flags & PTS_REQ_FUNC_COMP_EVID_PCR && @@ -380,7 +379,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_UNABLE_DET_PCR); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } if (depth > 0) @@ -425,7 +424,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, while (attestation_state->next_evidence(attestation_state, &evid)) { attr = tcg_pts_attr_simple_comp_evid_create(evid); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); } use_quote2 = lib->settings->get_bool(lib->settings, @@ -443,7 +442,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, attr = tcg_pts_attr_simple_evid_final_create(flags, comp_hash_algorithm, pcr_composite, quote_sig); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } /* TODO: Not implemented yet */ diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.h b/src/libpts/plugins/imc_attestation/imc_attestation_process.h index b6dca1f56..5ada104fa 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_process.h +++ b/src/libpts/plugins/imc_attestation/imc_attestation_process.h @@ -26,6 +26,7 @@ #include <library.h> +#include <imc/imc_msg.h> #include <pa_tnc/pa_tnc_attr.h> #include <pts/pts_dh_group.h> @@ -35,13 +36,13 @@ * Process a TCG PTS attribute * * @param attr PA-TNC attribute to be processed - * @param attr_list list with PA-TNC error attributes + * @param msg outbound PA-TNC message to be assembled * @param attestation_state attestation state of a given connection * @param supported_algorithms supported PTS measurement algorithms * @param supported_dh_groups supported DH groups * @return TRUE if successful */ -bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, +bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, imc_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups); diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.c b/src/libpts/plugins/imc_attestation/imc_attestation_state.c index 23cbd84d8..b3d35102b 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation_state.c @@ -129,8 +129,6 @@ METHOD(imc_state_t, set_result, void, private_imc_attestation_state_t *this, TNC_IMCID id, TNC_IMV_Evaluation_Result result) { - DBG1(DBG_IMC, "set assessment result for IMC %u to '%N'", - id, TNC_IMV_Evaluation_Result_names, result); this->result = result; } |