Implemented handling of File Metadata

author: Sansar Choinyambuu <schoinya@hsr.ch> 2011-09-14 15:41:57 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2011-11-28 15:01:53 +0100
commit: c5b346d1d096722a1c9dadfac5ffdd201e4d1a8b (patch)
tree: 69726dd19496f9d385779f1753a83d903b8350d9 /src
parent: 381b3452f3fe97d0dbe925ff15f2c126798d3a24 (diff)
download: strongswan-c5b346d1d096722a1c9dadfac5ffdd201e4d1a8b.tar.bz2
strongswan-c5b346d1d096722a1c9dadfac5ffdd201e4d1a8b.tar.xz
3 files changed, 137 insertions, 182 deletions
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c
index 9234777db..ddc152b6c 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c
@@ -28,7 +28,6 @@
 
 #include <tcg/tcg_pts_attr_proto_caps.h>
 #include <tcg/tcg_pts_attr_meas_algo.h>
-
 #include <tncif_pa_subtypes.h>
 
 #include <pen/pen.h>
@@ -256,187 +255,7 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
 			if (!imc_attestation_process(attr, attr_list, attestation_state,
 				supported_algorithms, supported_dh_groups, evidences))
 			{
-				case TCG_PTS_REQ_PROTO_CAPS:
-				{
-					tcg_pts_attr_proto_caps_t *attr_cast;
-					pts_proto_caps_flag_t imc_flags, imv_flags;
-
-					attr_cast = (tcg_pts_attr_proto_caps_t*)attr;
-					imv_flags = attr_cast->get_flags(attr_cast);
-					imc_flags = pts->get_proto_caps(pts);
-					pts->set_proto_caps(pts, imc_flags & imv_flags);
-
-					/* Send PTS Protocol Capabilities attribute */
-					attr = tcg_pts_attr_proto_caps_create(imc_flags & imv_flags,
-														  FALSE);
-					attr_list->insert_last(attr_list, attr);
-					break;
-				}
-				case TCG_PTS_MEAS_ALGO:
-				{
-					tcg_pts_attr_meas_algo_t *attr_cast;
-					pts_meas_algorithms_t selected_algorithm;
-	
-					attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
-					selected_algorithm = attr_cast->get_algorithms(attr_cast);
-
-					if ((supported_algorithms & PTS_MEAS_ALGO_SHA384) &&
-						(selected_algorithm & PTS_MEAS_ALGO_SHA384))
-					{
-						pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA384);
-					}
-					else if ((supported_algorithms & PTS_MEAS_ALGO_SHA256) &&
-							 (selected_algorithm & PTS_MEAS_ALGO_SHA256))
-					{
-						pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA256);
-					}
-
-					else if ((supported_algorithms & PTS_MEAS_ALGO_SHA1) &&
-							 (selected_algorithm & PTS_MEAS_ALGO_SHA1))
-					{
-						pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA1);
-					}
-					else
-					{
-						attr = pts_hash_alg_error_create(supported_algorithms);
-						attr_list->insert_last(attr_list, attr);
-						break;
-					}
-
-					/* Send Measurement Algorithm Selection attribute */
-					selected_algorithm = pts->get_meas_algorithm(pts);
-					attr = tcg_pts_attr_meas_algo_create(selected_algorithm,
-														 TRUE);
-					attr_list->insert_last(attr_list, attr);
-					break;
-				}
-	
-				case TCG_PTS_GET_TPM_VERSION_INFO:
-				{
-					chunk_t tpm_version_info, attr_info;
-
-					if (!pts->get_tpm_version_info(pts, &tpm_version_info))
-					{
-						attr_info = attr->get_value(attr);
-						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-									TCG_PTS_TPM_VERS_NOT_SUPPORTED, attr_info);
-						attr_list->insert_last(attr_list, attr);
-						break;
-					}
-	
-					/* Send TPM Version Info attribute */
-					attr = tcg_pts_attr_tpm_version_info_create(tpm_version_info);
-					attr_list->insert_last(attr_list, attr);
-					break;
-				}
-	
-				case TCG_PTS_GET_AIK:
-				{
-					certificate_t *aik;
-
-					aik = pts->get_aik(pts);
-					if (!aik)
-					{
-						DBG1(DBG_IMC, "no AIK certificate or public key available");
-						break;
-					}
-	
-					/* Send AIK attribute */
-					attr = tcg_pts_attr_aik_create(aik);
-					attr_list->insert_last(attr_list, attr);
-					break;
-				}
-	
-				/* PTS-based Attestation Evidence */
-				case TCG_PTS_REQ_FUNCT_COMP_EVID:
-					break;
-				case TCG_PTS_GEN_ATTEST_EVID:
-					break;
-				case TCG_PTS_REQ_FILE_MEAS:
-				{
-					tcg_pts_attr_req_file_meas_t *attr_cast;
-					char *pathname;
-					u_int16_t request_id;
-					bool is_directory;
-					u_int32_t delimiter;
-					pts_file_meas_t *measurements;
-					pts_error_code_t pts_error;
-					chunk_t attr_info;
-					
-					attr_info = attr->get_value(attr);
-					attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
-					is_directory = attr_cast->get_directory_flag(attr_cast);
-					request_id = attr_cast->get_request_id(attr_cast);
-					delimiter = attr_cast->get_delimiter(attr_cast);
-					pathname = attr_cast->get_pathname(attr_cast);
-					
-					if (pts->is_path_valid(pts, pathname, &pts_error) && pts_error)
-					{
-						attr_info = attr->get_value(attr);
-						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-												pts_error, attr_info);
-						attr_list->insert_last(attr_list, attr);
-						break;
-					}
-					else if (!pts->is_path_valid(pts, pathname, &pts_error))
-					{
-						break;
-					}
-					
-					if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
-					{
-						attr_info = attr->get_value(attr);
-						attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-												TCG_PTS_INVALID_DELIMITER, attr_info);
-						attr_list->insert_last(attr_list, attr);
-						break;
-					}
-
-					/* Do PTS File Measurements and send them to PTS-IMV */
-					DBG2(DBG_IMC, "measurement request %d for %s '%s'",
-						 request_id, is_directory ? "directory" : "file",
-						 pathname);
-					measurements = pts->do_measurements(pts, request_id,
-											pathname, is_directory);
-					if (!measurements)
-					{
-						/* TODO handle error codes from measurements */
-						return TNC_RESULT_FATAL;
-					}
-					attr = tcg_pts_attr_file_meas_create(measurements);
-					attr->set_noskip_flag(attr, TRUE);
-					attr_list->insert_last(attr_list, attr);
-					break;
-				}
-				/* TODO: Not implemented yet */
-				case TCG_PTS_DH_NONCE_PARAMS_REQ:
-				case TCG_PTS_DH_NONCE_FINISH:
-				case TCG_PTS_REQ_FILE_META:
-				case TCG_PTS_REQ_INTEG_MEAS_LOG:
-				/* Attributes using XML */
-				case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META:
-				case TCG_PTS_UPDATE_TEMPL_REF_MANI:
-				/* On Windows only*/
-				case TCG_PTS_REQ_REGISTRY_VALUE:
-				/* Received on IMV side only*/
-				case TCG_PTS_PROTO_CAPS:
-				case TCG_PTS_DH_NONCE_PARAMS_RESP:
-				case TCG_PTS_MEAS_ALGO_SELECTION:
-				case TCG_PTS_TPM_VERSION_INFO:
-				case TCG_PTS_TEMPL_REF_MANI_SET_META:
-				case TCG_PTS_AIK:
-				case TCG_PTS_SIMPLE_COMP_EVID:
-				case TCG_PTS_SIMPLE_EVID_FINAL:
-				case TCG_PTS_VERIFICATION_RESULT:
-				case TCG_PTS_INTEG_REPORT:
-				case TCG_PTS_UNIX_FILE_META:
-				case TCG_PTS_FILE_MEAS:
-				case TCG_PTS_INTEG_MEAS_LOG:
-				default:
-					DBG1(DBG_IMC, "received unsupported attribute '%N'",
-						tcg_attr_names, attr->get_type(attr));
-					break;
->>>>>>> File not Found, Invalid path, Invalid Delimiter PTS errors case checks implemented
+				result = TNC_RESULT_FATAL;
 			}
 		}
 	}
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c
index 10ee35ef0..0558bde21 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation.c
@@ -30,6 +30,23 @@
 #include <pts/pts_creds.h>
 
 #include <tcg/tcg_attr.h>
+<<<<<<< HEAD
+=======
+#include <tcg/tcg_pts_attr_proto_caps.h>
+#include <tcg/tcg_pts_attr_meas_algo.h>
+#include <tcg/tcg_pts_attr_get_tpm_version_info.h>
+#include <tcg/tcg_pts_attr_tpm_version_info.h>
+#include <tcg/tcg_pts_attr_get_aik.h>
+#include <tcg/tcg_pts_attr_aik.h>
+#include <tcg/tcg_pts_attr_req_funct_comp_evid.h>
+#include <tcg/tcg_pts_attr_gen_attest_evid.h>
+#include <tcg/tcg_pts_attr_simple_comp_evid.h>
+#include <tcg/tcg_pts_attr_simple_evid_final.h>
+#include <tcg/tcg_pts_attr_req_file_meas.h>
+#include <tcg/tcg_pts_attr_file_meas.h>
+#include <tcg/tcg_pts_attr_req_file_meta.h>
+#include <tcg/tcg_pts_attr_unix_file_meta.h>
+>>>>>>> Implemented handling of File Metadata
 
 #include <tncif_pa_subtypes.h>
 
@@ -194,6 +211,7 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
 	if (imv_attestation_build(msg, attestation_state, supported_algorithms,
 							  supported_dh_groups, pts_db))
 	{
+<<<<<<< HEAD
 		msg->build(msg);
 		result = imv_attestation->send_message(imv_attestation, connection_id,
 											   msg->get_encoding(msg));
@@ -201,6 +219,102 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
 	else
 	{
 		result = TNC_RESULT_FATAL;
+=======
+		case IMV_ATTESTATION_STATE_INIT:
+		{
+			pts_proto_caps_flag_t flags;
+
+			/* Send Request Protocol Capabilities attribute */
+			flags = pts->get_proto_caps(pts);
+			attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
+			attr->set_noskip_flag(attr, TRUE);
+			msg->add_attribute(msg, attr);
+	
+			/* Send Measurement Algorithms attribute */
+			attr = tcg_pts_attr_meas_algo_create(supported_algorithms, FALSE);
+			attr->set_noskip_flag(attr, TRUE);
+			msg->add_attribute(msg, attr);
+
+			attestation_state->set_handshake_state(attestation_state,
+										IMV_ATTESTATION_STATE_MEAS);
+			break;
+		}
+
+		case IMV_ATTESTATION_STATE_MEAS:
+		{
+			enumerator_t *enumerator;
+			u_int32_t delimiter = SOLIDUS_UTF;
+			char *platform_info, *pathname;
+			u_int16_t request_id;
+			int id, type;
+			bool is_dir;
+
+			attestation_state->set_handshake_state(attestation_state,
+										IMV_ATTESTATION_STATE_END);
+
+			/* Does the PTS-IMC have TPM support? */
+			if (pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T)
+			{
+				/* Send Get TPM Version attribute */
+				attr = tcg_pts_attr_get_tpm_version_info_create();
+				attr->set_noskip_flag(attr, TRUE);
+				msg->add_attribute(msg, attr);
+	
+				/* Send Get AIK attribute */
+				attr = tcg_pts_attr_get_aik_create();
+				attr->set_noskip_flag(attr, TRUE);
+				msg->add_attribute(msg, attr);
+			}
+
+			/* Get Platform and OS of the PTS-IMC */
+			platform_info = pts->get_platform_info(pts);
+
+			if (!pts_db || !platform_info)
+			{
+				DBG1(DBG_IMV, "%s%s%s not available",
+					(pts_db) ? "" : "pts database",
+					(!pts_db && !platform_info) ? "and" : "",
+					(platform_info) ? "" : "platform info");
+				break;
+			}
+			DBG1(DBG_IMV, "platform is '%s'", platform_info);
+
+			/* Send Request File Metadata attribute */
+			attr = tcg_pts_attr_req_file_meta_create(FALSE, SOLIDUS_UTF, "/etc/tnc_config");
+			attr->set_noskip_flag(attr, TRUE);
+			msg->add_attribute(msg, attr);
+
+			/* Send Request File Measurement attribute */
+			enumerator = pts_db->create_file_enumerator(pts_db, platform_info);
+			if (!enumerator)
+			{
+				break;
+			}
+			while (enumerator->enumerate(enumerator, &id, &type, &pathname))
+			{
+				is_dir = (type != 0);
+				request_id = attestation_state->add_request(attestation_state,
+															id, is_dir);
+				DBG2(DBG_IMV, "measurement request %d for %s '%s'",
+					 request_id, is_dir ? "directory" : "file", pathname);
+				attr = tcg_pts_attr_req_file_meas_create(is_dir, request_id,
+													 delimiter, pathname);
+				attr->set_noskip_flag(attr, TRUE);
+				msg->add_attribute(msg, attr);
+			}
+			enumerator->destroy(enumerator);
+			break;
+		}
+		case IMV_ATTESTATION_STATE_COMP_EVID:
+		case IMV_ATTESTATION_STATE_IML:
+			DBG1(DBG_IMV, "Attestation IMV has nothing to send: \"%s\"",
+				 handshake_state);
+			return TNC_RESULT_FATAL;
+		default:
+			DBG1(DBG_IMV, "Attestation IMV is in unknown state: \"%s\"",
+				 handshake_state);
+			return TNC_RESULT_FATAL;
+>>>>>>> Implemented handling of File Metadata
 	}
 	msg->destroy(msg);
 
diff --git a/src/libpts/tcg/tcg_pts_attr_unix_file_meta.c b/src/libpts/tcg/tcg_pts_attr_unix_file_meta.c
index ecdc4c928..8c9d42895 100644
--- a/src/libpts/tcg/tcg_pts_attr_unix_file_meta.c
+++ b/src/libpts/tcg/tcg_pts_attr_unix_file_meta.c
@@ -152,6 +152,7 @@ METHOD(pa_tnc_attr_t, build, void,
 	enumerator = this->metadata->create_enumerator(this->metadata);
 	while (enumerator->enumerate(enumerator, &entry))
 	{
+<<<<<<< HEAD
 		writer->write_uint16(writer, PTS_FILE_METADATA_SIZE +
 									 strlen(entry->filename));
 		writer->write_uint8 (writer, entry->type);
@@ -164,6 +165,27 @@ METHOD(pa_tnc_attr_t, build, void,
 		writer->write_uint64(writer, entry->group);
 		writer->write_data  (writer, chunk_create(entry->filename,
 												  strlen(entry->filename)));
+=======
+		writer->write_uint16(writer, PTS_FILE_METADATA_SIZE + strlen(entry->filename));
+		writer->write_uint8 (writer, entry->type);
+		writer->write_uint8 (writer, PTS_FILE_MEAS_RESERVED);
+
+		/* Write the 64 bit integer fields as two 32 bit parts */
+		writer->write_uint32(writer, entry->filesize >> 32);
+		writer->write_uint32(writer, entry->filesize & 0xffffffff);
+		writer->write_uint32(writer, ((u_int64_t)entry->create_time) >> 32);
+		writer->write_uint32(writer, ((u_int64_t)entry->create_time) & 0xffffffff);
+		writer->write_uint32(writer, ((u_int64_t)entry->last_modify_time) >> 32);
+		writer->write_uint32(writer, ((u_int64_t)entry->last_modify_time) & 0xffffffff);
+		writer->write_uint32(writer, ((u_int64_t)entry->last_access_time) >> 32);
+		writer->write_uint32(writer, ((u_int64_t)entry->last_access_time) & 0xffffffff);
+		writer->write_uint32(writer, entry->owner_id >> 32);
+		writer->write_uint32(writer, entry->owner_id & 0xffffffff);
+		writer->write_uint32(writer, entry->group_id >> 32);
+		writer->write_uint32(writer, entry->group_id & 0xffffffff);
+		
+		writer->write_data  (writer, chunk_create(entry->filename, strlen(entry->filename)));
+>>>>>>> Implemented handling of File Metadata
 	}
 	enumerator->destroy(enumerator);
author	Sansar Choinyambuu <schoinya@hsr.ch>	2011-09-14 15:41:57 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2011-11-28 15:01:53 +0100
commit	c5b346d1d096722a1c9dadfac5ffdd201e4d1a8b (patch)
tree	69726dd19496f9d385779f1753a83d903b8350d9 /src
parent	381b3452f3fe97d0dbe925ff15f2c126798d3a24 (diff)
download	strongswan-c5b346d1d096722a1c9dadfac5ffdd201e4d1a8b.tar.bz2 strongswan-c5b346d1d096722a1c9dadfac5ffdd201e4d1a8b.tar.xz