Began implementing handline of Functional Component Measuring attributes

4 files changed, 195 insertions, 55 deletions

diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c
index f5ed6a38b..ee8248528 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c
@@ -260,15 +260,15 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
 				case TCG_PTS_REQ_PROTO_CAPS:
 				{
 					tcg_pts_attr_proto_caps_t *attr_cast;
-					pts_proto_caps_flag_t imc_flags, imv_flags;
+					pts_proto_caps_flag_t imc_caps, imv_caps;
 
 					attr_cast = (tcg_pts_attr_proto_caps_t*)attr;
-					imv_flags = attr_cast->get_flags(attr_cast);
-					imc_flags = pts->get_proto_caps(pts);
-					pts->set_proto_caps(pts, imc_flags & imv_flags);
+					imv_caps = attr_cast->get_flags(attr_cast);
+					imc_caps = pts->get_proto_caps(pts);
+					pts->set_proto_caps(pts, imc_caps & imv_caps);
 
 					/* Send PTS Protocol Capabilities attribute */
-					attr = tcg_pts_attr_proto_caps_create(imc_flags & imv_flags,
+					attr = tcg_pts_attr_proto_caps_create(imc_caps & imv_caps,
 														  FALSE);
 					attr_list->insert_last(attr_list, attr);
 					break;
@@ -350,9 +350,134 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
 	
 				/* PTS-based Attestation Evidence */
 				case TCG_PTS_REQ_FUNCT_COMP_EVID:
+				{
+					tcg_pts_attr_req_funct_comp_evid_t *attr_cast;
+					pts_proto_caps_flag_t negotiated_caps;
+					pts_attr_req_funct_comp_evid_flag_t flags;
+					u_int32_t sub_comp_depth;
+					u_int32_t comp_name_vendor_id;
+					u_int8_t family;
+					pts_qualifier_t qualifier;
+					pts_funct_comp_name_t name;
+					
+					attr_info = attr->get_value(attr);
+					attr_cast = (tcg_pts_attr_req_funct_comp_evid_t*)attr;
+					negotiated_caps = pts->get_proto_caps(pts);
+					flags = attr_cast->get_flags(attr_cast);
+
+					if (flags & PTS_REQ_FUNC_COMP_FLAG_TTC)
+					{
+						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+										TCG_PTS_UNABLE_DET_TTC, attr_info);
+						attr_list->insert_last(attr_list, attr);
+						break;
+					}
+					if (flags & PTS_REQ_FUNC_COMP_FLAG_VER &&
+						!(negotiated_caps & PTS_PROTO_CAPS_V))
+					{
+						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+										TCG_PTS_UNABLE_LOCAL_VAL, attr_info);
+						attr_list->insert_last(attr_list, attr);
+						break;
+					}
+					if (flags & PTS_REQ_FUNC_COMP_FLAG_CURR &&
+						!(negotiated_caps & PTS_PROTO_CAPS_C))
+					{
+						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+										TCG_PTS_UNABLE_CUR_EVID, attr_info);
+						attr_list->insert_last(attr_list, attr);
+						break;
+					}
+					if (flags & PTS_REQ_FUNC_COMP_FLAG_PCR &&
+						!(negotiated_caps & PTS_PROTO_CAPS_T))
+					{
+						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+										TCG_PTS_UNABLE_DET_PCR, attr_info);
+						attr_list->insert_last(attr_list, attr);
+						break;
+					}
+
+					sub_comp_depth = attr_cast->get_sub_component_depth(attr_cast);
+					/* TODO: Implement checking of components with its sub-components */
+					if (sub_comp_depth != 1)
+					{
+						DBG1(DBG_IMC, "Current version of Attestation IMC does not support"
+									  "sub component measurement deeper than 1. "
+									   "Measuring top level component only.");
+					}
+					
+					comp_name_vendor_id = attr_cast->get_comp_funct_name_vendor_id(attr_cast);
+					if (comp_name_vendor_id != PEN_TCG)
+					{
+						DBG1(DBG_IMC, "Current version of Attestation IMC supports"
+									  "only functional component namings by TCG ");
+						break;
+					}
+					
+					family = attr_cast->get_family(attr_cast);
+					if (family)
+					{
+						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+										TCG_PTS_INVALID_NAME_FAM, attr_info);
+						attr_list->insert_last(attr_list, attr);
+						break;
+					}
+
+					qualifier = attr_cast->get_qualifier(attr_cast);
+					/* Check if Unknown or Wildcard was set for qualifier */
+					if (qualifier.kernel && qualifier.sub_component &&
+									(qualifier.type & PTS_FUNC_COMP_TYPE_ALL))
+					{
+						DBG2(DBG_IMC, "Wildcard was set for the qualifier of functional"
+							" component. Identifying the component with name binary enumeration");
+					}
+					else if (!qualifier.kernel && !qualifier.sub_component &&
+									(qualifier.type & PTS_FUNC_COMP_TYPE_UNKNOWN))
+					{
+						DBG2(DBG_IMC, "Unknown was set for the qualifier of functional"
+							" component. Identifying the component with name binary enumeration");
+					}
+					else
+					{
+						/* TODO: Implement what todo with received qualifier */
+					}
+					
+					name = attr_cast->get_comp_funct_name(attr_cast);
+					switch (name)
+					{
+						case PTS_FUNC_COMP_NAME_BIOS:
+						{
+							/* TODO: Implement BIOS measurement */
+							DBG1(DBG_IMC, "TODO: Implement BIOS measurement");
+							break;
+						}
+						case PTS_FUNC_COMP_NAME_IGNORE:
+						case PTS_FUNC_COMP_NAME_CRTM:
+						case PTS_FUNC_COMP_NAME_PLATFORM_EXT:
+						case PTS_FUNC_COMP_NAME_BOARD:
+						case PTS_FUNC_COMP_NAME_INIT_LOADER:
+						case PTS_FUNC_COMP_NAME_OPT_ROMS:
+						default:
+						{
+							DBG1(DBG_IMC, "Unsupported Functional Component Name");
+							break;
+						}
+					}
+					
 					break;
+				}
 				case TCG_PTS_GEN_ATTEST_EVID:
+				{
+					pts_simple_evid_final_flag_t flags;
+					/* TODO: TPM quote operation over included PCR's */
+					
+					/* Send Simple Evidence Final attribute */
+					flags = PTS_SIMPLE_EVID_FINAL_FLAG_NO;
+					attr = tcg_pts_attr_simple_evid_final_create(flags, 0,
+											chunk_empty, chunk_empty, chunk_empty);
+					attr_list->insert_last(attr_list, attr);
 					break;
+				}
 				case TCG_PTS_REQ_FILE_META:
 				{
 					tcg_pts_attr_req_file_meta_t *attr_cast;
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c
index 1eb76b93c..0574ba068 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation.c
@@ -249,7 +249,7 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
 			bool is_dir;
 
 			attestation_state->set_handshake_state(attestation_state,
-										IMV_ATTESTATION_STATE_END);
+										IMV_ATTESTATION_STATE_COMP_EVID);
 
 			/* Does the PTS-IMC have TPM support? */
 			if (pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T)
@@ -305,6 +305,34 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
 			break;
 		}
 		case IMV_ATTESTATION_STATE_COMP_EVID:
+		{
+			pts_attr_req_funct_comp_evid_flag_t flags;
+			u_int32_t sub_comp_depth;
+			pts_qualifier_t qualifier;
+			pts_funct_comp_name_t name;
+			
+			attestation_state->set_handshake_state(attestation_state,
+										IMV_ATTESTATION_STATE_END);
+
+			flags = PTS_REQ_FUNC_COMP_FLAG_PCR;
+			sub_comp_depth = 1;
+			qualifier.kernel = FALSE;
+			qualifier.sub_component = FALSE;
+			qualifier.type = PTS_FUNC_COMP_TYPE_ALL;
+			name = PTS_FUNC_COMP_NAME_BIOS;
+			
+			/* Send Request Functional Component Evidence attribute */
+			attr = tcg_pts_attr_req_funct_comp_evid_create(flags, sub_comp_depth,
+														PEN_TCG, qualifier, name);
+			attr->set_noskip_flag(attr, TRUE);
+			msg->add_attribute(msg, attr);
+			/* Send Generate Attestation Evidence attribute */
+			attr = tcg_pts_attr_gen_attest_evid_create();
+			attr->set_noskip_flag(attr, TRUE);
+			msg->add_attribute(msg, attr);
+			
+			break;
+		}
 		case IMV_ATTESTATION_STATE_IML:
 			DBG1(DBG_IMV, "Attestation IMV has nothing to send: \"%s\"",
 				 handshake_state);
@@ -497,9 +525,21 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
 	
 				/* PTS-based Attestation Evidence */
 				case TCG_PTS_SIMPLE_COMP_EVID:
+				{
+					/** TODO: Implement saving the PCR number, Hash Algo = communicated one,
+					 * PCR transform (truncate SHA256, SHA384), PCR before and after values
+					 */ 
 					break;
+				}
+					
 				case TCG_PTS_SIMPLE_EVID_FINAL:
+				{
+					/** TODO: Implement construct Quote structure over saved values from
+					 * TCG_PTS_SIMPLE_COMP_EVID and compare with received one
+					 */ 
 					break;
+				}
+					
 				case TCG_PTS_FILE_MEAS:
 				{
 					tcg_pts_attr_file_meas_t *attr_cast;
diff --git a/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c b/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c
index 0f460580b..18f151f30 100644
--- a/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c
+++ b/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c
@@ -160,30 +160,11 @@ METHOD(pa_tnc_attr_t, build, void,
 	private_tcg_pts_attr_req_funct_comp_evid_t *this)
 {
 	bio_writer_t *writer;
-	u_int8_t flags = 0;
 	u_int8_t qualifier = 0;
 
 	writer = bio_writer_create(PTS_REQ_FUNCT_COMP_EVID_SIZE);
 	
-	/* Determine the flags to set*/
-	if (this->flags & PTS_REQ_FUNC_COMP_FLAG_PCR)
-	{
-		flags += 128;
-	}
-	if (this->flags & PTS_REQ_FUNC_COMP_FLAG_CURR)
-	{
-		flags += 64;
-	}
-	if (this->flags & PTS_REQ_FUNC_COMP_FLAG_VER)
-	{
-		flags += 32;
-	}
-	if (this->flags & PTS_REQ_FUNC_COMP_FLAG_TTC)
-	{
-		flags += 16;
-	}
-	writer->write_uint8(writer, flags);
-	
+	writer->write_uint8(writer, this->flags);
 	writer->write_uint24 (writer, this->depth);
 	writer->write_uint24 (writer, this->comp_vendor_id);
 	
@@ -253,14 +234,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	{
 		this->family += 2;
 	}
-	
-	/* TODO: Generate an IF-M error attribute indicating */
-	/* TCG_PTS_INVALID_NAME_FAM */
-	//if (&this->comp_vendor_id==PEN_TCG && this->family != PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM)
-	//{
-	//	DBG1(DBG_TNC, "Functional Name Encoding Family is not set to 00");
-	//}
-	
+		
 	if (((fam_and_qualifier >> 5) & 1) )
 	{
 		this->qualifier.kernel = true;
@@ -270,10 +244,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 		this->qualifier.sub_component = true;
 	}
 	this->qualifier.type = ( fam_and_qualifier & 0xF );
-	/* TODO: Check the type is defined in pts_attr_req_funct_comp_type_t */
-	
 	reader->read_uint32(reader, &this->name);
-	/* TODO: Check the name is defined in pts_funct_comp_name_t */
 
 	reader->destroy(reader);
 	return SUCCESS;
@@ -345,9 +316,9 @@ METHOD(tcg_pts_attr_req_funct_comp_evid_t, set_comp_funct_name, void,
  */
 pa_tnc_attr_t *tcg_pts_attr_req_funct_comp_evid_create(
 									pts_attr_req_funct_comp_evid_flag_t flags,
-									   u_int32_t depth, u_int32_t vendor_id,
-									  pts_qualifier_t qualifier,
-									  pts_funct_comp_name_t name)
+									u_int32_t depth, u_int32_t vendor_id,
+									pts_qualifier_t qualifier,
+									pts_funct_comp_name_t name)
 {
 	private_tcg_pts_attr_req_funct_comp_evid_t *this;
 
diff --git a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c
index fa2f6e5c6..6081cbac1 100644
--- a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c
+++ b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c
@@ -43,7 +43,7 @@ typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_sim
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-#define PTS_SIMPLE_EVID_FINAL_SIZE			4
+#define PTS_SIMPLE_EVID_FINAL_SIZE			2
 #define PTS_SIMPLE_EVID_FINAL_RESERVED		0x00
 
 /**
@@ -158,11 +158,15 @@ METHOD(pa_tnc_attr_t, build, void,
 	{
 		flags += 32;
 	}
+	
 	writer->write_uint8 (writer, flags);
 	writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED);
-	writer->write_uint16(writer, this->comp_hash_algorithm);
-
+	
 	/* Optional fields */
+	if (this->comp_hash_algorithm)
+	{
+		writer->write_uint16(writer, this->comp_hash_algorithm);
+	}
 	if (this->pcr_comp.ptr && this->pcr_comp.len > 0)
 	{
 		writer->write_uint32 (writer, this->pcr_comp.len);
@@ -199,9 +203,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	reader = bio_reader_create(this->value);
 	
 	reader->read_uint8(reader, &flags);
+	reader->read_uint8(reader, &reserved);
 	
 	/* Determine the flags to set*/
-	if (!((flags >> 7) & 1) && !((flags >> 6) & 1))
+	if ((flags >> 5) & 1)
+	{
+		this->flags |= PTS_SIMPLE_EVID_FINAL_FLAG_EVID;
+	}
+	
+	if (!((flags >> 6) & PTS_SIMPLE_EVID_FINAL_FLAG_NO))
 	{
 		this->flags |= PTS_SIMPLE_EVID_FINAL_FLAG_NO;
 	}
@@ -217,20 +227,14 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	{
 		this->flags |= PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER;
 	}
-	if ((flags >> 5) & 1)
-	{
-		this->flags |= PTS_SIMPLE_EVID_FINAL_FLAG_EVID;
-	}
-	
-	reader->read_uint8(reader, &reserved);
-	reader->read_uint16(reader, &algorithm);
-	this->comp_hash_algorithm = algorithm;
-	
-	/*  Optional TPM PCR Composite field is included */
-	if (!(this->flags & PTS_SIMPLE_EVID_FINAL_FLAG_NO))
+
+	/*  Optional Composite Hash Algorithm and TPM PCR Composite field is included */
+	if ((flags >> 6) & PTS_SIMPLE_EVID_FINAL_FLAG_NO)
 	{
 		u_int32_t pcr_comp_len;
 		u_int32_t tpm_quote_sign_len;
+		reader->read_uint16(reader, &algorithm);
+		this->comp_hash_algorithm = algorithm;
 		reader->read_uint32(reader, &pcr_comp_len);
 		reader->read_data(reader, pcr_comp_len, &this->pcr_comp);
 		this->pcr_comp = chunk_clone(this->pcr_comp);