aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libimcv/imv/imv_reason_string.c11
-rw-r--r--src/libimcv/imv/imv_reason_string.h3
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.c2
-rw-r--r--src/libimcv/plugins/imv_scanner/imv_scanner_state.c2
-rw-r--r--src/libimcv/plugins/imv_test/imv_test_state.c2
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_agent.c20
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_process.c21
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_state.c51
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_state.h16
9 files changed, 82 insertions, 46 deletions
diff --git a/src/libimcv/imv/imv_reason_string.c b/src/libimcv/imv/imv_reason_string.c
index d1447ec35..c09b7bdba 100644
--- a/src/libimcv/imv/imv_reason_string.c
+++ b/src/libimcv/imv/imv_reason_string.c
@@ -35,6 +35,11 @@ struct private_imv_reason_string_t {
char *lang;
/**
+ * Separator concatenating multiple reasons
+ */
+ char *separator;
+
+ /**
* Contains the concatenated reasons
*/
chunk_t reasons;
@@ -51,7 +56,8 @@ METHOD(imv_reason_string_t, add_reason, void,
if (this->reasons.len)
{
/* append any further reasons */
- this->reasons = chunk_cat("mcc", this->reasons, chunk_from_chars('\n'),
+ this->reasons = chunk_cat("mcc", this->reasons,
+ chunk_from_str(this->separator),
chunk_create(s_reason, strlen(s_reason)));
}
else
@@ -77,7 +83,7 @@ METHOD(imv_reason_string_t, destroy, void,
/**
* Described in header.
*/
-imv_reason_string_t *imv_reason_string_create(char *lang)
+imv_reason_string_t *imv_reason_string_create(char *lang, char *separator)
{
private_imv_reason_string_t *this;
@@ -88,6 +94,7 @@ imv_reason_string_t *imv_reason_string_create(char *lang)
.destroy = _destroy,
},
.lang = lang,
+ .separator = separator,
);
return &this->public;
diff --git a/src/libimcv/imv/imv_reason_string.h b/src/libimcv/imv/imv_reason_string.h
index cb4c27f93..c35ec36cc 100644
--- a/src/libimcv/imv/imv_reason_string.h
+++ b/src/libimcv/imv/imv_reason_string.h
@@ -58,7 +58,8 @@ struct imv_reason_string_t {
* Creates an Reason String object
*
* @param lang Preferred language
+ * @param separator String separating multiple reasons
*/
- imv_reason_string_t* imv_reason_string_create(char *lang);
+ imv_reason_string_t* imv_reason_string_create(char *lang, char *separator);
#endif /** IMV_REASON_STRING_H_ @}*/
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index f6d904c3c..f7e9a6bc6 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -421,7 +421,7 @@ METHOD(imv_state_t, get_reason_string, bool,
/* Instantiate a TNC Reason String object */
DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
if (this->count_update || this->count_blacklist)
{
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 4c570c46a..6658683e6 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -281,7 +281,7 @@ METHOD(imv_state_t, get_reason_string, bool,
/* Instantiate a TNC Reason String object */
DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
if (this->rec != TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
{
this->reason_string->add_reason(this->reason_string, reasons);
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index 0da09df67..f05db8027 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -228,7 +228,7 @@ METHOD(imv_state_t, get_reason_string, bool,
/* Instantiate a TNC Reason String object */
DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
this->reason_string->add_reason(this->reason_string, reasons);
*reason_string = this->reason_string->get_encoding(this->reason_string);
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
index 0b960acce..fbfde3e8e 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
@@ -551,18 +551,22 @@ METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
case IMV_WORKITEM_FILE_MEAS:
case IMV_WORKITEM_DIR_REF_MEAS:
case IMV_WORKITEM_DIR_MEAS:
- session->remove_workitem(session, enumerator);
- result_str = "pending file measurements";
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
+ result_str = "Pending file measurements";
pending_file_meas++;
break;
- default:
+ case IMV_WORKITEM_TPM_ATTEST:
+ attestation_state->finalize_components(attestation_state);
+ result_str = "Pending component evidence";
break;
+ default:
+ continue;
}
+ session->remove_workitem(session, enumerator);
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
}
enumerator->destroy(enumerator);
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
index f5f11627c..bd1109a1b 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
@@ -424,9 +424,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
{
DBG1(DBG_IMV, "received PCR Composite does not match "
"constructed one");
- state->update_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
goto quote_error;
@@ -435,9 +432,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
{
- state->update_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
goto quote_error;
@@ -471,12 +465,20 @@ quote_error:
IMV_ATTESTATION_ERROR_COMP_EVID_PEND |
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL))
{
- result_str = "attestation failed";
- eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ imv_reason_string_t *reason_string;
+ chunk_t result;
+
+ reason_string = imv_reason_string_create("en", ", ");
+ attestation_state->add_comp_evid_reasons(
+ attestation_state, reason_string);
+ result = reason_string->get_encoding(reason_string);
+ result_str = strndup(result.ptr, result.len);
+ reason_string->destroy(reason_string);
+ eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
}
else
{
- result_str = "attestation successful";
+ result_str = strdup("attestation successful");
eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
}
session->remove_workitem(session, enumerator);
@@ -484,6 +486,7 @@ quote_error:
state->update_recommendation(state, rec, eval);
imcv_db->finalize_workitem(imcv_db, workitem);
workitem->destroy(workitem);
+ free(result_str);
break;
}
}
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
index 47011751d..200de1e19 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
@@ -290,42 +290,48 @@ METHOD(imv_state_t, update_recommendation, void,
this->eval = tncif_policy_update_evaluation(this->eval, eval);
}
-METHOD(imv_state_t, get_reason_string, bool,
- private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
- chunk_t *reason_string, char **reason_language)
+METHOD(imv_attestation_state_t, add_file_meas_reasons, void,
+ private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
{
- *reason_language = imv_lang_string_select_lang(language_enumerator,
- languages, countof(languages));
-
- /* Instantiate a TNC Reason String object */
- DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
-
if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL)
{
- this->reason_string->add_reason(this->reason_string,
- reason_file_meas_fail);
+ reason_string->add_reason(reason_string, reason_file_meas_fail);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_PEND)
{
- this->reason_string->add_reason(this->reason_string,
- reason_file_meas_pend);
+ reason_string->add_reason(reason_string, reason_file_meas_pend);
}
+}
+
+METHOD(imv_attestation_state_t, add_comp_evid_reasons, void,
+ private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
+{
if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_FAIL)
{
- this->reason_string->add_reason(this->reason_string,
- reason_comp_evid_fail);
+ reason_string->add_reason(reason_string, reason_comp_evid_fail);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_PEND)
{
- this->reason_string->add_reason(this->reason_string,
- reason_comp_evid_pend);
+ reason_string->add_reason(reason_string, reason_comp_evid_pend);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL)
{
- this->reason_string->add_reason(this->reason_string,
- reason_tpm_quote_fail);
+ reason_string->add_reason(reason_string, reason_tpm_quote_fail);
}
+}
+
+METHOD(imv_state_t, get_reason_string, bool,
+ private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
+ chunk_t *reason_string, char **reason_language)
+{
+ *reason_language = imv_lang_string_select_lang(language_enumerator,
+ languages, countof(languages));
+
+ /* Instantiate a TNC Reason String object */
+ DESTROY_IF(this->reason_string);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
+ add_file_meas_reasons(this, this->reason_string);
+ add_comp_evid_reasons(this, this->reason_string);
*reason_string = this->reason_string->get_encoding(this->reason_string);
return TRUE;
@@ -461,9 +467,6 @@ METHOD(imv_attestation_state_t, finalize_components, void,
if (!entry->comp->finalize(entry->comp, entry->qualifier))
{
set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
- update_recommendation(this,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_ERROR);
}
free_func_comp(entry);
}
@@ -514,6 +517,8 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
.components_finalized = _components_finalized,
.get_measurement_error = _get_measurement_error,
.set_measurement_error = _set_measurement_error,
+ .add_file_meas_reasons = _add_file_meas_reasons,
+ .add_comp_evid_reasons = _add_comp_evid_reasons,
},
.connection_id = connection_id,
.state = TNC_CONNECTION_STATE_CREATE,
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
index 27d1ae8db..6ee9ed11e 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
@@ -25,6 +25,7 @@
#define IMV_ATTESTATION_STATE_H_
#include <imv/imv_state.h>
+#include <imv/imv_reason_string.h>
#include <pts/pts.h>
#include <pts/pts_database.h>
#include <pts/components/pts_component.h>
@@ -150,6 +151,21 @@ struct imv_attestation_state_t {
void (*set_measurement_error)(imv_attestation_state_t *this,
u_int32_t error);
+ /**
+ * Returns a concatenation of File Measurement reason strings
+ *
+ * @param reason_string Concatenated reason strings
+ */
+ void (*add_file_meas_reasons)(imv_attestation_state_t *this,
+ imv_reason_string_t *reason_string);
+
+ /**
+ * Returns a concatenation of Component Evidence reason strings
+ *
+ * @param reason_string Concatenated reason strings
+ */
+ void (*add_comp_evid_reasons)(imv_attestation_state_t *this,
+ imv_reason_string_t *reason_string);
};
/**
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 00:40:52 +0000