moved attribute processing to imc_attestation_process
[strongswan.git] / src / libimcv / plugins / imc_attestation / imc_attestation.c
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_attestation_state.h"
17 #include "imc_attestation_process.h"
18
19 #include <imc/imc_agent.h>
20 #include <pa_tnc/pa_tnc_msg.h>
21 #include <ietf/ietf_attr.h>
22 #include <ietf/ietf_attr_pa_tnc_error.h>
23 #include <ietf/ietf_attr_product_info.h>
24
25 #include <libpts.h>
26
27 #include <pts/pts_error.h>
28
29 #include <tcg/tcg_pts_attr_proto_caps.h>
30 #include <tcg/tcg_pts_attr_meas_algo.h>
31
32 #include <tncif_pa_subtypes.h>
33
34 #include <pen/pen.h>
35 #include <debug.h>
36 #include <utils/linked_list.h>
37
38 /* IMC definitions */
39
40 static const char imc_name[] = "Attestation";
41
42 #define IMC_VENDOR_ID PEN_TCG
43 #define IMC_SUBTYPE PA_SUBTYPE_TCG_PTS
44
45 static imc_agent_t *imc_attestation;
46
47 /**
48 * Supported PTS measurement algorithms
49 */
50 static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
51
52 /**
53 * Supported PTS Diffie Hellman Groups
54 */
55 static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
56
57 /**
58 * List of buffered Simple Component Evidences
59 * To be sent on reception of Generate Attestation Evidence attribute
60 */
61 static linked_list_t *evidences = NULL;
62
63 /**
64 * see section 3.7.1 of TCG TNC IF-IMC Specification 1.2
65 */
66 TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
67 TNC_Version min_version,
68 TNC_Version max_version,
69 TNC_Version *actual_version)
70 {
71 if (imc_attestation)
72 {
73 DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
74 return TNC_RESULT_ALREADY_INITIALIZED;
75 }
76 if (!pts_meas_algo_probe(&supported_algorithms) ||
77 !pts_dh_group_probe(&supported_dh_groups))
78 {
79 return TNC_RESULT_FATAL;
80 }
81 imc_attestation = imc_agent_create(imc_name, IMC_VENDOR_ID, IMC_SUBTYPE,
82 imc_id, actual_version);
83 if (!imc_attestation)
84 {
85 return TNC_RESULT_FATAL;
86 }
87
88 libpts_init();
89
90 if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
91 {
92 DBG1(DBG_IMC, "no common IF-IMC version");
93 return TNC_RESULT_NO_COMMON_VERSION;
94 }
95 return TNC_RESULT_SUCCESS;
96 }
97
98 /**
99 * see section 3.7.2 of TCG TNC IF-IMC Specification 1.2
100 */
101 TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
102 TNC_ConnectionID connection_id,
103 TNC_ConnectionState new_state)
104 {
105 imc_state_t *state;
106 /* TODO: Not used so far */
107 //imc_attestation_state_t *attestation_state;
108
109 if (!imc_attestation)
110 {
111 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
112 return TNC_RESULT_NOT_INITIALIZED;
113 }
114 switch (new_state)
115 {
116 case TNC_CONNECTION_STATE_CREATE:
117 state = imc_attestation_state_create(connection_id);
118 return imc_attestation->create_state(imc_attestation, state);
119 case TNC_CONNECTION_STATE_DELETE:
120 return imc_attestation->delete_state(imc_attestation, connection_id);
121 case TNC_CONNECTION_STATE_HANDSHAKE:
122 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
123 case TNC_CONNECTION_STATE_ACCESS_NONE:
124 default:
125 return imc_attestation->change_state(imc_attestation, connection_id,
126 new_state, NULL);
127 }
128 }
129
130
131 /**
132 * see section 3.7.3 of TCG TNC IF-IMC Specification 1.2
133 */
134 TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
135 TNC_ConnectionID connection_id)
136 {
137 imc_state_t *state;
138 imc_attestation_state_t *attestation_state;
139 pts_t *pts;
140 char *platform_info;
141 TNC_Result result = TNC_RESULT_SUCCESS;
142
143 if (!imc_attestation)
144 {
145 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
146 return TNC_RESULT_NOT_INITIALIZED;
147 }
148
149 /* get current IMC state */
150 if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
151 {
152 return TNC_RESULT_FATAL;
153 }
154 attestation_state = (imc_attestation_state_t*)state;
155 pts = attestation_state->get_pts(attestation_state);
156
157 platform_info = pts->get_platform_info(pts);
158 if (platform_info)
159 {
160 pa_tnc_msg_t *pa_tnc_msg;
161 pa_tnc_attr_t *attr;
162
163 pa_tnc_msg = pa_tnc_msg_create();
164 attr = ietf_attr_product_info_create(0, 0, platform_info);
165 pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
166 pa_tnc_msg->build(pa_tnc_msg);
167 result = imc_attestation->send_message(imc_attestation, connection_id,
168 pa_tnc_msg->get_encoding(pa_tnc_msg));
169 pa_tnc_msg->destroy(pa_tnc_msg);
170 }
171
172 evidences = linked_list_create();
173
174 return result;
175 }
176
177 /**
178 * see section 3.7.4 of TCG TNC IF-IMC Specification 1.2
179 */
180 TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
181 TNC_ConnectionID connection_id,
182 TNC_BufferReference msg,
183 TNC_UInt32 msg_len,
184 TNC_MessageType msg_type)
185 {
186 pa_tnc_msg_t *pa_tnc_msg;
187 pa_tnc_attr_t *attr;
188 linked_list_t *attr_list;
189 imc_state_t *state;
190 imc_attestation_state_t *attestation_state;
191 enumerator_t *enumerator;
192 pts_t *pts;
193 TNC_Result result;
194
195 if (!imc_attestation)
196 {
197 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
198 return TNC_RESULT_NOT_INITIALIZED;
199 }
200
201 /* get current IMC state */
202 if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
203 {
204 return TNC_RESULT_FATAL;
205 }
206 attestation_state = (imc_attestation_state_t*)state;
207 pts = attestation_state->get_pts(attestation_state);
208
209 /* parse received PA-TNC message and automatically handle any errors */
210 result = imc_attestation->receive_message(imc_attestation, connection_id,
211 chunk_create(msg, msg_len), msg_type,
212 &pa_tnc_msg);
213
214 /* no parsed PA-TNC attributes available if an error occurred */
215 if (!pa_tnc_msg)
216 {
217 return result;
218 }
219
220 attr_list = linked_list_create();
221 result = TNC_RESULT_SUCCESS;
222
223 /* analyze PA-TNC attributes */
224 enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
225 while (enumerator->enumerate(enumerator, &attr))
226 {
227 if (attr->get_vendor_id(attr) == PEN_IETF &&
228 attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
229 {
230 ietf_attr_pa_tnc_error_t *error_attr;
231 pa_tnc_error_code_t error_code;
232 chunk_t msg_info, attr_info;
233 u_int32_t offset;
234
235 error_attr = (ietf_attr_pa_tnc_error_t*)attr;
236 error_code = error_attr->get_error_code(error_attr);
237 msg_info = error_attr->get_msg_info(error_attr);
238
239 DBG1(DBG_IMC, "received PA-TNC error '%N' concerning message %#B",
240 pa_tnc_error_code_names, error_code, &msg_info);
241 switch (error_code)
242 {
243 case PA_ERROR_INVALID_PARAMETER:
244 offset = error_attr->get_offset(error_attr);
245 DBG1(DBG_IMC, " occurred at offset of %u bytes", offset);
246 break;
247 case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
248 attr_info = error_attr->get_attr_info(error_attr);
249 DBG1(DBG_IMC, " unsupported attribute %#B", &attr_info);
250 break;
251 default:
252 break;
253 }
254 result = TNC_RESULT_FATAL;
255 }
256 else if (attr->get_vendor_id(attr) == PEN_TCG)
257 {
258 if (!imc_attestation_process(attr, attr_list, attestation_state,
259 supported_algorithms, supported_dh_groups, evidences))
260 {
261 result = TNC_RESULT_FATAL;
262 break;
263 }
264 }
265 }
266 enumerator->destroy(enumerator);
267 pa_tnc_msg->destroy(pa_tnc_msg);
268
269 if (result == TNC_RESULT_SUCCESS && attr_list->get_count(attr_list))
270 {
271 pa_tnc_msg = pa_tnc_msg_create();
272
273 enumerator = attr_list->create_enumerator(attr_list);
274 while (enumerator->enumerate(enumerator, &attr))
275 {
276 pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
277 }
278 enumerator->destroy(enumerator);
279
280 pa_tnc_msg->build(pa_tnc_msg);
281 result = imc_attestation->send_message(imc_attestation, connection_id,
282 pa_tnc_msg->get_encoding(pa_tnc_msg));
283 pa_tnc_msg->destroy(pa_tnc_msg);
284 }
285
286 attr_list->destroy(attr_list);
287 return result;
288 }
289
290 /**
291 * see section 3.7.5 of TCG TNC IF-IMC Specification 1.2
292 */
293 TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
294 TNC_ConnectionID connection_id)
295 {
296 if (!imc_attestation)
297 {
298 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
299 return TNC_RESULT_NOT_INITIALIZED;
300 }
301 return TNC_RESULT_SUCCESS;
302 }
303
304 /**
305 * see section 3.7.6 of TCG TNC IF-IMC Specification 1.2
306 */
307 TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
308 {
309 if (!imc_attestation)
310 {
311 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
312 return TNC_RESULT_NOT_INITIALIZED;
313 }
314
315 DESTROY_IF(evidences);
316 libpts_deinit();
317
318 imc_attestation->destroy(imc_attestation);
319 imc_attestation = NULL;
320
321 return TNC_RESULT_SUCCESS;
322 }
323
324 /**
325 * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.2
326 */
327 TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
328 TNC_TNCC_BindFunctionPointer bind_function)
329 {
330 if (!imc_attestation)
331 {
332 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
333 return TNC_RESULT_NOT_INITIALIZED;
334 }
335 return imc_attestation->bind_functions(imc_attestation, bind_function);
336 }