Allow reason strings to be used as workitem result string

author: Andreas Steffen <andreas.steffen@strongswan.org> 2013-12-31 13:13:32 +0100
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2014-01-13 12:06:17 +0100
commit: 81d49c5cfd19d8cc0531f2ffec560852e3ae033d (patch)
tree: ebfc1121cf7b22816ee3711a858bb83923ac1e6e /src/libpts
parent: 6009b6e0dd2ea3dbb033958b09448b5c602d6fc0 (diff)
download: strongswan-81d49c5cfd19d8cc0531f2ffec560852e3ae033d.tar.bz2
strongswan-81d49c5cfd19d8cc0531f2ffec560852e3ae033d.tar.xz
4 files changed, 68 insertions, 40 deletions
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
index 0b960acce..fbfde3e8e 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
@@ -551,18 +551,22 @@ METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
 					case IMV_WORKITEM_FILE_MEAS:
 					case IMV_WORKITEM_DIR_REF_MEAS:
 					case IMV_WORKITEM_DIR_MEAS:
-						session->remove_workitem(session, enumerator);
-						result_str = "pending file measurements";
-						eval = TNC_IMV_EVALUATION_RESULT_ERROR;
-						rec = workitem->set_result(workitem, result_str, eval);
-						state->update_recommendation(state, rec, eval);
-						imcv_db->finalize_workitem(imcv_db, workitem);
-						workitem->destroy(workitem);
+						result_str = "Pending file measurements";
 						pending_file_meas++;
 						break;
-					default:
+					case IMV_WORKITEM_TPM_ATTEST:
+						attestation_state->finalize_components(attestation_state);
+						result_str = "Pending component evidence";
 						break;
+					default:
+						continue;
 				}
+				session->remove_workitem(session, enumerator);
+				eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+				rec = workitem->set_result(workitem, result_str, eval);
+				state->update_recommendation(state, rec, eval);
+				imcv_db->finalize_workitem(imcv_db, workitem);
+				workitem->destroy(workitem);
 			}
 			enumerator->destroy(enumerator);
 
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
index f5f11627c..bd1109a1b 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
@@ -424,9 +424,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
 				{
 					DBG1(DBG_IMV, "received PCR Composite does not match "
 								  "constructed one");
-					state->update_recommendation(state,
-								TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
-								TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
 					attestation_state->set_measurement_error(attestation_state,
 										IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
 					goto quote_error;
@@ -435,9 +432,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
 
 				if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
 				{
-					state->update_recommendation(state,
-								TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
-								TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
 					attestation_state->set_measurement_error(attestation_state,
 										IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
 					goto quote_error;
@@ -471,12 +465,20 @@ quote_error:
 									 IMV_ATTESTATION_ERROR_COMP_EVID_PEND |
 									 IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL))
 						{
-							result_str = "attestation failed";
-							eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+							imv_reason_string_t *reason_string;
+							chunk_t result;
+
+							reason_string = imv_reason_string_create("en", ", ");
+							attestation_state->add_comp_evid_reasons(
+											attestation_state, reason_string);
+							result = reason_string->get_encoding(reason_string);
+							result_str = strndup(result.ptr, result.len);
+							reason_string->destroy(reason_string);
+							eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
 						}
 						else
 						{
-							result_str = "attestation successful";
+							result_str = strdup("attestation successful");
 							eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
 						}
 						session->remove_workitem(session, enumerator);
@@ -484,6 +486,7 @@ quote_error:
 						state->update_recommendation(state, rec, eval);
 						imcv_db->finalize_workitem(imcv_db, workitem);
 						workitem->destroy(workitem);
+						free(result_str);
 						break;
 					}
 				}
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
index 47011751d..200de1e19 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
@@ -290,42 +290,48 @@ METHOD(imv_state_t, update_recommendation, void,
 	this->eval = tncif_policy_update_evaluation(this->eval, eval);
 }
 
-METHOD(imv_state_t, get_reason_string, bool,
-	private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
-	chunk_t *reason_string, char **reason_language)
+METHOD(imv_attestation_state_t, add_file_meas_reasons, void,
+	private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
 {
-	*reason_language = imv_lang_string_select_lang(language_enumerator,
-											  languages, countof(languages));
-
-	/* Instantiate a TNC Reason String object */
-	DESTROY_IF(this->reason_string);
-	this->reason_string = imv_reason_string_create(*reason_language);
-
 	if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL)
 	{
-		this->reason_string->add_reason(this->reason_string,
-										reason_file_meas_fail);
+		reason_string->add_reason(reason_string, reason_file_meas_fail);
 	}
 	if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_PEND)
 	{
-		this->reason_string->add_reason(this->reason_string,
-										reason_file_meas_pend);
+		reason_string->add_reason(reason_string, reason_file_meas_pend);
 	}
+}
+
+METHOD(imv_attestation_state_t, add_comp_evid_reasons, void,
+	private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
+{
 	if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_FAIL)
 	{
-		this->reason_string->add_reason(this->reason_string,
-										reason_comp_evid_fail);
+		reason_string->add_reason(reason_string, reason_comp_evid_fail);
 	}
 	if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_PEND)
 	{
-		this->reason_string->add_reason(this->reason_string,
-										reason_comp_evid_pend);
+		reason_string->add_reason(reason_string, reason_comp_evid_pend);
 	}
 	if (this->measurement_error & IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL)
 	{
-		this->reason_string->add_reason(this->reason_string,
-										reason_tpm_quote_fail);
+		reason_string->add_reason(reason_string, reason_tpm_quote_fail);
 	}
+}
+
+METHOD(imv_state_t, get_reason_string, bool,
+	private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
+	chunk_t *reason_string, char **reason_language)
+{
+	*reason_language = imv_lang_string_select_lang(language_enumerator,
+											  languages, countof(languages));
+
+	/* Instantiate a TNC Reason String object */
+	DESTROY_IF(this->reason_string);
+	this->reason_string = imv_reason_string_create(*reason_language, "\n");
+	add_file_meas_reasons(this, this->reason_string);
+	add_comp_evid_reasons(this, this->reason_string);
 	*reason_string = this->reason_string->get_encoding(this->reason_string);
 
 	return TRUE;
@@ -461,9 +467,6 @@ METHOD(imv_attestation_state_t, finalize_components, void,
 		if (!entry->comp->finalize(entry->comp, entry->qualifier))
 		{
 			set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
-			update_recommendation(this,
-					 TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
-					 TNC_IMV_EVALUATION_RESULT_ERROR);
 		}
 		free_func_comp(entry);
 	}
@@ -514,6 +517,8 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
 			.components_finalized = _components_finalized,
 			.get_measurement_error = _get_measurement_error,
 			.set_measurement_error = _set_measurement_error,
+			.add_file_meas_reasons = _add_file_meas_reasons,
+			.add_comp_evid_reasons = _add_comp_evid_reasons,
 		},
 		.connection_id = connection_id,
 		.state = TNC_CONNECTION_STATE_CREATE,
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
index 27d1ae8db..6ee9ed11e 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
@@ -25,6 +25,7 @@
 #define IMV_ATTESTATION_STATE_H_
 
 #include <imv/imv_state.h>
+#include <imv/imv_reason_string.h>
 #include <pts/pts.h>
 #include <pts/pts_database.h>
 #include <pts/components/pts_component.h>
@@ -150,6 +151,21 @@ struct imv_attestation_state_t {
 	void (*set_measurement_error)(imv_attestation_state_t *this,
 								  u_int32_t error);
 
+	/**
+	 * Returns a concatenation of File Measurement reason strings
+	 *
+	 * @param reason_string		Concatenated reason strings
+	 */
+	void (*add_file_meas_reasons)(imv_attestation_state_t *this,
+								  imv_reason_string_t *reason_string);
+
+	/**
+	 * Returns a concatenation of Component Evidence reason strings
+	 *
+	 * @param reason_string		Concatenated reason strings
+	 */
+	void (*add_comp_evid_reasons)(imv_attestation_state_t *this,
+								  imv_reason_string_t *reason_string);
 };
 
 /**
author	Andreas Steffen <andreas.steffen@strongswan.org>	2013-12-31 13:13:32 +0100
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2014-01-13 12:06:17 +0100
commit	81d49c5cfd19d8cc0531f2ffec560852e3ae033d (patch)
tree	ebfc1121cf7b22816ee3711a858bb83923ac1e6e /src/libpts
parent	6009b6e0dd2ea3dbb033958b09448b5c602d6fc0 (diff)
download	strongswan-81d49c5cfd19d8cc0531f2ffec560852e3ae033d.tar.bz2 strongswan-81d49c5cfd19d8cc0531f2ffec560852e3ae033d.tar.xz