Add/CheckOff/Check pending functional component evidence requests

6 files changed, 148 insertions, 33 deletions

diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c
index 2dffa211c..cbcff319a 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation.c
@@ -550,10 +550,16 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
 	if (attestation_state->get_handshake_state(attestation_state) ==
 		IMV_ATTESTATION_STATE_END)
 	{
-		if (attestation_state->get_request_count(attestation_state))
+		if (attestation_state->get_file_meas_request_count(attestation_state))
 		{
 			DBG1(DBG_IMV, "failure due to %d pending file measurements",
-				 attestation_state->get_request_count(attestation_state));
+				attestation_state->get_file_meas_request_count(attestation_state));
+			attestation_state->set_measurement_error(attestation_state);
+		}
+		if (attestation_state->get_comp_evid_request_count(attestation_state))
+		{
+			DBG1(DBG_IMV, "failure due to %d pending simple component evidences",
+				attestation_state->get_comp_evid_request_count(attestation_state));
 			attestation_state->set_measurement_error(attestation_state);
 		}
 		if (attestation_state->get_measurement_error(attestation_state))
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
index 570bc8652..83568fe2b 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
@@ -193,8 +193,8 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
 			while (enumerator->enumerate(enumerator, &id, &type, &pathname))
 			{
 				is_dir = (type != 0);
-				request_id = attestation_state->add_request(attestation_state,
-															id, is_dir);
+				request_id = attestation_state->add_file_meas_request(
+							attestation_state, id, is_dir);
 				DBG2(DBG_IMV, "measurement request %d for %s '%s'",
 					 request_id, is_dir ? "directory" : "file", pathname);
 				attr = tcg_pts_attr_req_file_meas_create(is_dir, request_id,
@@ -227,6 +227,8 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
 									sub_comp_depth, PEN_ITA, qualifier, name);
 			attr->set_noskip_flag(attr, TRUE);
 			msg->add_attribute(msg, attr);
+			attestation_state->add_comp_evid_request( attestation_state,
+													  PEN_ITA, qualifier, name);
 			
 			/* Send Request Functional Component Evidence attribute */
 			name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE;
@@ -234,6 +236,8 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
 									sub_comp_depth, PEN_ITA, qualifier, name);
 			attr->set_noskip_flag(attr, TRUE);
 			msg->add_attribute(msg, attr);
+			attestation_state->add_comp_evid_request(attestation_state,
+													 PEN_ITA, qualifier, name);
 			
 			/* Send Generate Attestation Evidence attribute */
 			attr = tcg_pts_attr_gen_attest_evid_create();
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
index 5c9cb987d..6c19d6bee 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@@ -237,6 +237,13 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			}
 
 			name = attr_cast->get_comp_funct_name(attr_cast);
+			if (!attestation_state->check_off_comp_evid_request(attestation_state,
+				comp_vendor_id, qualifier, name))
+			{
+				DBG1(DBG_IMV, "  no entry found for component evidence request");
+				break;
+			}
+			
 			measurement_type = attr_cast->get_measurement_type(attr_cast);
 			hash_algorithm = attr_cast->get_hash_algorithm(attr_cast);
 			transformation = attr_cast->get_pcr_trans(attr_cast);
@@ -385,10 +392,11 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
 				 request_id, file_count, (file_count == 1) ? "":"s");
 
-			if (!attestation_state->check_off_request(attestation_state,
+			if (!attestation_state->check_off_file_meas_request(attestation_state,
 				request_id, &file_id, &is_dir))
 			{
-				DBG1(DBG_IMV, "  no entry found for this request");
+				DBG1(DBG_IMV, "  no entry found for file measurement request %d",
+					 request_id);
 				break;
 			}
 
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
index 59ae434b8..db2bad1f4 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
@@ -20,18 +20,28 @@
 #include <debug.h>
 
 typedef struct private_imv_attestation_state_t private_imv_attestation_state_t;
-typedef struct request_t request_t;
+typedef struct file_meas_request_t file_meas_request_t;
+typedef struct comp_evid_request_t comp_evid_request_t;
 
 /**
  * PTS File/Directory Measurement request entry
  */
-struct request_t {
+struct file_meas_request_t {
 	u_int16_t id;
 	int file_id;
 	bool is_dir;
 };
 
 /**
+ * Functional Component Evidence Request entry
+ */
+struct comp_evid_request_t {
+	u_int32_t vendor_id;
+	pts_qualifier_t qualifier;
+	pts_ita_funct_comp_name_t name;
+};
+
+/**
  * Private data of an imv_attestation_state_t object.
  */
 struct private_imv_attestation_state_t {
@@ -67,14 +77,19 @@ struct private_imv_attestation_state_t {
 	TNC_IMV_Evaluation_Result eval;
 
 	/**
-	 * Request counter
+	 * File Measurement Request counter
 	 */
-	u_int16_t request_counter;
+	u_int16_t file_meas_request_counter;
 
 	/**
 	 * List of PTS File/Directory Measurement requests
 	 */
-	linked_list_t *requests;
+	linked_list_t *file_meas_requests;
+
+	/**
+	 * List of Functional Component Evidence requests
+	 */
+	linked_list_t *comp_evid_requests;
 
 	/**
 	 * PTS object
@@ -82,7 +97,7 @@ struct private_imv_attestation_state_t {
 	pts_t *pts;
 
 	/**
-	 * File Measurement error
+	 * Measurement error
 	 */
 	bool measurement_error;
 
@@ -182,7 +197,8 @@ METHOD(imv_state_t, get_reason_string, bool,
 METHOD(imv_state_t, destroy, void,
 	private_imv_attestation_state_t *this)
 {
-	this->requests->destroy_function(this->requests, free);
+	this->file_meas_requests->destroy_function(this->file_meas_requests, free);
+	this->comp_evid_requests->destroy_function(this->comp_evid_requests, free);
 	this->pts->destroy(this->pts);
 	free(this);
 }
@@ -206,29 +222,29 @@ METHOD(imv_attestation_state_t, get_pts, pts_t*,
 	return this->pts;
 }
 
-METHOD(imv_attestation_state_t, add_request, u_int16_t,
+METHOD(imv_attestation_state_t, add_file_meas_request, u_int16_t,
 	private_imv_attestation_state_t *this, int file_id, bool is_dir)
 {
-	request_t *request;
+	file_meas_request_t *request;
 
-	request = malloc_thing(request_t);
-	request->id = ++this->request_counter;
+	request = malloc_thing(file_meas_request_t);
+	request->id = ++this->file_meas_request_counter;
 	request->file_id = file_id;
 	request->is_dir = is_dir;
-	this->requests->insert_last(this->requests, request);
+	this->file_meas_requests->insert_last(this->file_meas_requests, request);
 
-	return this->request_counter;
+	return this->file_meas_request_counter;
 }
 
-METHOD(imv_attestation_state_t, check_off_request, bool,
+METHOD(imv_attestation_state_t, check_off_file_meas_request, bool,
 	private_imv_attestation_state_t *this, u_int16_t id, int *file_id,
 	bool* is_dir)
 {
 	enumerator_t *enumerator;
-	request_t *request;
+	file_meas_request_t *request;
 	bool found = FALSE;
 	
-	enumerator = this->requests->create_enumerator(this->requests);
+	enumerator = this->file_meas_requests->create_enumerator(this->file_meas_requests);
 	while (enumerator->enumerate(enumerator, &request))
 	{
 		if (request->id == id)
@@ -236,7 +252,53 @@ METHOD(imv_attestation_state_t, check_off_request, bool,
 			found = TRUE;
 			*file_id = request->file_id;
 			*is_dir = request->is_dir;
-			this->requests->remove_at(this->requests, enumerator);
+			this->file_meas_requests->remove_at(this->file_meas_requests, enumerator);
+			free(request);
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	return found;
+}
+
+METHOD(imv_attestation_state_t, get_file_meas_request_count, int,
+	private_imv_attestation_state_t *this)
+{
+	return this->file_meas_requests->get_count(this->file_meas_requests);
+}
+
+METHOD(imv_attestation_state_t, add_comp_evid_request, void,
+	private_imv_attestation_state_t *this, u_int32_t vendor_id,
+	pts_qualifier_t qualifier, pts_ita_funct_comp_name_t comp_name)
+{
+	comp_evid_request_t *request;
+
+	request = malloc_thing(comp_evid_request_t);
+	request->vendor_id = vendor_id;
+	request->qualifier = qualifier;
+	request->name = comp_name;
+	this->comp_evid_requests->insert_last(this->comp_evid_requests, request);
+}
+
+METHOD(imv_attestation_state_t, check_off_comp_evid_request, bool,
+	private_imv_attestation_state_t *this, u_int32_t vendor_id,
+	pts_qualifier_t qualifier, pts_ita_funct_comp_name_t comp_name)
+{
+	enumerator_t *enumerator;
+	comp_evid_request_t *request;
+	bool found = FALSE;
+
+	enumerator = this->comp_evid_requests->create_enumerator(this->comp_evid_requests);
+	while (enumerator->enumerate(enumerator, &request))
+	{
+		if (request->vendor_id == vendor_id &&
+			request->qualifier.kernel == qualifier.kernel &&
+			request->qualifier.sub_component == qualifier.sub_component &&
+			request->qualifier.type == qualifier.type &&
+			request->name == comp_name)
+		{
+			found = TRUE;
+			this->comp_evid_requests->remove_at(this->comp_evid_requests, enumerator);
 			free(request);
 			break;
 		}
@@ -245,10 +307,10 @@ METHOD(imv_attestation_state_t, check_off_request, bool,
 	return found;
 }
 
-METHOD(imv_attestation_state_t, get_request_count, int,
+METHOD(imv_attestation_state_t, get_comp_evid_request_count, int,
 	private_imv_attestation_state_t *this)
 {
-	return this->requests->get_count(this->requests);
+	return this->comp_evid_requests->get_count(this->comp_evid_requests);
 }
 
 METHOD(imv_attestation_state_t, get_measurement_error, bool,
@@ -284,9 +346,12 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
 			.get_handshake_state = _get_handshake_state,
 			.set_handshake_state = _set_handshake_state,
 			.get_pts = _get_pts,
-			.add_request = _add_request,
-			.check_off_request = _check_off_request,
-			.get_request_count = _get_request_count,
+			.add_file_meas_request = _add_file_meas_request,
+			.check_off_file_meas_request = _check_off_file_meas_request,
+			.get_file_meas_request_count = _get_file_meas_request_count,
+			.add_comp_evid_request = _add_comp_evid_request,
+			.check_off_comp_evid_request = _check_off_comp_evid_request,
+			.get_comp_evid_request_count = _get_comp_evid_request_count,
 			.get_measurement_error = _get_measurement_error,
 			.set_measurement_error = _set_measurement_error,
 		},
@@ -295,7 +360,8 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
 		.handshake_state = IMV_ATTESTATION_STATE_INIT,
 		.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
 		.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
-		.requests = linked_list_create(),
+		.file_meas_requests = linked_list_create(),
+		.comp_evid_requests = linked_list_create(),
 		.pts = pts_create(FALSE),
 	);
 
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.h b/src/libimcv/plugins/imv_attestation/imv_attestation_state.h
index f1ab616bb..c329b89de 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.h
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.h
@@ -81,7 +81,7 @@ struct imv_attestation_state_t {
 	 * @param is_dir			TRUE if directory
 	 * @return					unique request ID
 	 */
-	u_int16_t (*add_request)(imv_attestation_state_t *this, int file_id,
+	u_int16_t (*add_file_meas_request)(imv_attestation_state_t *this, int file_id,
 							 bool is_dir);
 
 	/**
@@ -89,7 +89,7 @@ struct imv_attestation_state_t {
 	 *
 	 * @return					number of pending requests
 	 */
-	int (*get_request_count)(imv_attestation_state_t *this);
+	int (*get_file_meas_request_count)(imv_attestation_state_t *this);
 
 	/**
 	 * Check for presence of request_id and if found remove it from the list
@@ -99,8 +99,38 @@ struct imv_attestation_state_t {
 	 * @param is_dir			return TRUE if request was for a directory
 	 * @return					TRUE if request ID found, FALSE otherwise
 	 */
-	bool (*check_off_request)(imv_attestation_state_t *this, u_int16_t id,
-							  int *file_id, bool *is_dir);
+	bool (*check_off_file_meas_request)(imv_attestation_state_t *this,
+						u_int16_t id, int *file_id, bool *is_dir);
+
+	/**
+	 * Add an entry to the list of pending Function Component Evidences
+	 *
+	 * @param vendor_id			Functional Component Name Vendor ID
+	 * @param qualifier			Qualifier of the requested Functional Component
+	 * @param comp_name			Name of the requested Functional Component
+	 */
+	void (*add_comp_evid_request)(imv_attestation_state_t *this,
+				u_int32_t vendor_id, pts_qualifier_t qualifier,
+				pts_ita_funct_comp_name_t comp_name);
+
+	/**
+	 * Returns the number of pending Function Component Evidences
+	 *
+	 * @return					number of pending evidences
+	 */
+	int (*get_comp_evid_request_count)(imv_attestation_state_t *this);
+
+	/**
+	 * Check for presence of Component Evidence Request and remove if exists
+	 *
+	 * @param vendor_id			Functional Component Name Vendor ID
+	 * @param qualifier			Qualifier of the requested Functional Component
+	 * @param comp_name			Name of the requested Functional Component
+	 * @return					TRUE if component request found, FALSE otherwise
+	 */
+	bool (*check_off_comp_evid_request)(imv_attestation_state_t *this,
+					u_int32_t vendor_id, pts_qualifier_t qualifier,
+					pts_ita_funct_comp_name_t comp_name);
 
 	/**
 	 * Indicates if a file measurement error occurred
diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h
index b3298b0e4..6028e2e5a 100644
--- a/src/libpts/pts/pts.h
+++ b/src/libpts/pts/pts.h
@@ -30,6 +30,7 @@ typedef struct pcr_entry_t pcr_entry_t;
 #include "pts_file_meas.h"
 #include "pts_file_meta.h"
 #include "pts_dh_group.h"
+#include "pts_funct_comp_name.h"
 
 #include <library.h>
 #include <utils/linked_list.h>