differentiate attestation reason strings

author: Andreas Steffen <andreas.steffen@strongswan.org> 2012-11-28 14:14:41 +0100
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2012-11-28 14:14:41 +0100
commit: b8f0bf00b7a569fc17f6e052d452ed87ed6988a1 (patch)
tree: 8beb334d712d855c3747be8dfe6cd05ad505c3dc /src
parent: 7b6cc33eb258a0ce22687525864a4234a221ff66 (diff)
download: strongswan-b8f0bf00b7a569fc17f6e052d452ed87ed6988a1.tar.bz2
strongswan-b8f0bf00b7a569fc17f6e052d452ed87ed6988a1.tar.xz
4 files changed, 96 insertions, 24 deletions
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation.c b/src/libpts/plugins/imv_attestation/imv_attestation.c
index 8adca9897..834366d5b 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation.c
@@ -332,7 +332,8 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 		{
 			DBG1(DBG_IMV, "failure due to %d pending file measurements",
 				attestation_state->get_file_meas_request_count(attestation_state));
-			attestation_state->set_measurement_error(attestation_state);
+			attestation_state->set_measurement_error(attestation_state,
+								IMV_ATTESTATION_ERROR_FILE_MEAS_PEND);
 		}
 		if (attestation_state->get_measurement_error(attestation_state))
 		{
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
index db623f71f..4541075ef 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
@@ -233,7 +233,8 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
 								platform_info, algo, file_id, is_dir);
 				if (!measurements->verify(measurements, e_hash, is_dir))
 				{
-					attestation_state->set_measurement_error(attestation_state);
+					attestation_state->set_measurement_error(attestation_state,
+										IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL);
 				}
 				e_hash->destroy(e_hash);
 			}
@@ -299,7 +300,8 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
 			if (comp->verify(comp, name->get_qualifier(name), pts,
 							 evidence) != SUCCESS)
 			{
-				attestation_state->set_measurement_error(attestation_state);
+				attestation_state->set_measurement_error(attestation_state,
+									IMV_ATTESTATION_ERROR_COMP_EVID_FAIL);
 				name->log(name, "  measurement mismatch for ");
 			}
 			break;
@@ -335,17 +337,21 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
 				{
 					DBG1(DBG_IMV, "received PCR Composite does not match "
 								  "constructed one");
+					attestation_state->set_measurement_error(attestation_state,
+										IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
 					free(pcr_composite.ptr);
 					free(quote_info.ptr);
-					return FALSE;
+					break;
 				}
 				DBG2(DBG_IMV, "received PCR Composite matches constructed one");
 				free(pcr_composite.ptr);
 
 				if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
 				{
+					attestation_state->set_measurement_error(attestation_state,
+										IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
 					free(quote_info.ptr);
-					return FALSE;
+					break;
 				}
 				DBG2(DBG_IMV, "TPM Quote Info signature verification successful");
 				free(quote_info.ptr);
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
index e6cb113e7..fd73054c9 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
@@ -99,9 +99,9 @@ struct private_imv_attestation_state_t {
 	pts_t *pts;
 
 	/**
-	 * Measurement error
+	 * Measurement error flags
 	 */
-	bool measurement_error;
+	u_int32_t measurement_error;
 
 	/**
 	 * TNC Reason String
@@ -144,13 +144,38 @@ static char* languages[] = { "en", "mn", "de" };
 /**
  * Table of reason strings
  */
-static imv_lang_string_t reasons[] = {
-	{ "en", "IMV Attestation: Incorrect/pending file measurement/component"
-			" evidence or invalid TPM Quote signature received" },
-	{ "mn", "IMV Attestation:  Буруу/хүлээгдэж байгаа файл/компонент хэмжилт "
-			"эсвэл буруу TPM Quote гарын үсэг" },
-	{ "de", "IMV Attestation: Falsche/Fehlende Dateimessung/Komponenten Beweis "
-			"oder ungültige TPM Quote Unterschrift ist erhalten" },
+static imv_lang_string_t reason_file_meas_fail[] = {
+	{ "en", "Incorrect file measurement" },
+	{ "de", "Falsche Dateimessung" },
+	{ "mn", "Буруу байгаа файл" },
+	{ NULL, NULL }
+};
+
+static imv_lang_string_t reason_file_meas_pend[] = {
+	{ "en", "Pending file measurement" },
+	{ "de", "Ausstehende Dateimessung" },
+	{ "mn", "Xүлээгдэж байгаа файл" },
+	{ NULL, NULL }
+};
+
+static imv_lang_string_t reason_comp_evid_fail[] = {
+	{ "en", "Incorrect component evidence" },
+	{ "de", "Falsche Komponenten-Evidenz" },
+	{ "mn", "Буруу компонент хэмжилт" },
+	{ NULL, NULL }
+};
+
+static imv_lang_string_t reason_comp_evid_pend[] = {
+	{ "en", "Pending component evidence" },
+	{ "de", "Ausstehende Komponenten-Evidenz" },
+	{ "mn", "Xүлээгдэж компонент хэмжилт" },
+	{ NULL, NULL }
+};
+
+static imv_lang_string_t reason_tpm_quote_fail[] = {
+	{ "en", "Invalid TPM Quote signature received" },
+	{ "de", "Falsche TPM Quote Signature erhalten" },
+	{ "mn", "Буруу TPM Quote гарын үсэг" },
 	{ NULL, NULL }
 };
 
@@ -223,7 +248,32 @@ METHOD(imv_state_t, get_reason_string, bool,
 	/* Instantiate a TNC Reason String object */
 	DESTROY_IF(this->reason_string);
 	this->reason_string = imv_reason_string_create(*reason_language);
-	this->reason_string->add_reason(this->reason_string, reasons);
+
+	if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL)
+	{
+		this->reason_string->add_reason(this->reason_string,
+										reason_file_meas_fail);
+	}
+	if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_PEND)
+	{
+		this->reason_string->add_reason(this->reason_string,
+										reason_file_meas_pend);
+	}
+	if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_FAIL)
+	{
+		this->reason_string->add_reason(this->reason_string,
+										reason_comp_evid_fail);
+	}
+	if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_PEND)
+	{
+		this->reason_string->add_reason(this->reason_string,
+										reason_comp_evid_pend);
+	}
+	if (this->measurement_error & IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL)
+	{
+		this->reason_string->add_reason(this->reason_string,
+										reason_tpm_quote_fail);
+	}
 	*reason_string = this->reason_string->get_encoding(this->reason_string);
 
 	return TRUE;
@@ -380,16 +430,16 @@ METHOD(imv_attestation_state_t, get_component, pts_component_t*,
 	return found;
 }
 
-METHOD(imv_attestation_state_t, get_measurement_error, bool,
+METHOD(imv_attestation_state_t, get_measurement_error, u_int32_t,
 	private_imv_attestation_state_t *this)
 {
 	return this->measurement_error;
 }
 
 METHOD(imv_attestation_state_t, set_measurement_error, void,
-	private_imv_attestation_state_t *this)
+	private_imv_attestation_state_t *this, u_int32_t error)
 {
-	this->measurement_error = TRUE;
+	this->measurement_error |= error;
 }
 
 METHOD(imv_attestation_state_t, finalize_components, void,
@@ -402,7 +452,7 @@ METHOD(imv_attestation_state_t, finalize_components, void,
 	{
 		if (!entry->comp->finalize(entry->comp, entry->qualifier))
 		{
-			_set_measurement_error(this);
+			set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
 		}
 		free_func_comp(entry);
 	}
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
index 901d4b19d..f64314e71 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
@@ -30,6 +30,7 @@
 
 typedef struct imv_attestation_state_t imv_attestation_state_t;
 typedef enum imv_attestation_handshake_state_t imv_attestation_handshake_state_t;
+typedef enum imv_meas_error_t imv_meas_error_t;
 
 /**
  * IMV Attestation Handshake States (state machine)
@@ -45,6 +46,17 @@ enum imv_attestation_handshake_state_t {
 };
 
 /**
+ * IMV Measurement Error Types
+ */
+enum imv_meas_error_t {
+	IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL =  1,
+	IMV_ATTESTATION_ERROR_FILE_MEAS_PEND =  2,
+	IMV_ATTESTATION_ERROR_COMP_EVID_FAIL =  4,
+	IMV_ATTESTATION_ERROR_COMP_EVID_PEND =  8,
+	IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL = 16
+};
+
+/**
  * Internal state of an imv_attestation_t connection instance
  */
 struct imv_attestation_state_t {
@@ -139,16 +151,19 @@ struct imv_attestation_state_t {
 	bool (*components_finalized)(imv_attestation_state_t *this);
 
 	/**
-	 * Indicates if a file measurement error occurred
+	 * Indicates the types of measurement errors that occurred
 	 *
-	 * @return					TRUE in case of measurement error
+	 * @return					Measurement error flags
 	 */
-	bool (*get_measurement_error)(imv_attestation_state_t *this);
+	u_int32_t (*get_measurement_error)(imv_attestation_state_t *this);
 
 	/**
-	 * Call if a file measurement error is encountered
+	 * Call if a measurement error is encountered
+	 *
+	 * @param error				Measurement error type
 	 */
-	void (*set_measurement_error)(imv_attestation_state_t *this);
+	void (*set_measurement_error)(imv_attestation_state_t *this,
+								  u_int32_t error);
 
 };
author	Andreas Steffen <andreas.steffen@strongswan.org>	2012-11-28 14:14:41 +0100
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2012-11-28 14:14:41 +0100
commit	b8f0bf00b7a569fc17f6e052d452ed87ed6988a1 (patch)
tree	8beb334d712d855c3747be8dfe6cd05ad505c3dc /src
parent	7b6cc33eb258a0ce22687525864a4234a221ff66 (diff)
download	strongswan-b8f0bf00b7a569fc17f6e052d452ed87ed6988a1.tar.bz2 strongswan-b8f0bf00b7a569fc17f6e052d452ed87ed6988a1.tar.xz