refactored simple component evidence
[strongswan.git] / src / libimcv / plugins / imc_attestation / imc_attestation.c
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_attestation_state.h"
17 #include "imc_attestation_process.h"
18
19 #include <imc/imc_agent.h>
20 #include <pa_tnc/pa_tnc_msg.h>
21 #include <ietf/ietf_attr.h>
22 #include <ietf/ietf_attr_pa_tnc_error.h>
23 #include <ietf/ietf_attr_product_info.h>
24
25 #include <libpts.h>
26
27 #include <pts/pts_error.h>
28
29 #include <tcg/tcg_pts_attr_proto_caps.h>
30 #include <tcg/tcg_pts_attr_meas_algo.h>
31 #include <tncif_pa_subtypes.h>
32
33 #include <pen/pen.h>
34 #include <debug.h>
35 #include <utils/linked_list.h>
36
37 /* IMC definitions */
38
39 static const char imc_name[] = "Attestation";
40
41 #define IMC_VENDOR_ID PEN_TCG
42 #define IMC_SUBTYPE PA_SUBTYPE_TCG_PTS
43
44 static imc_agent_t *imc_attestation;
45
46 /**
47 * Supported PTS measurement algorithms
48 */
49 static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
50
51 /**
52 * Supported PTS Diffie Hellman Groups
53 */
54 static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
55
56 /**
57 * List of buffered Simple Component Evidences
58 * To be sent on reception of Generate Attestation Evidence attribute
59 */
60 static linked_list_t *evidences = NULL;
61
62 /**
63 * Supported PTS Diffie Hellman Groups
64 */
65 static pts_dh_group_t supported_dh_groups = 0;
66
67 /**
68 * Supported PTS Diffie Hellman Groups
69 */
70 static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
71
72 /**
73 * List of buffered Simple Component Evidences
74 * To be sent on reception of Generate Attestation Evidence attribute
75 */
76 static linked_list_t *evidences = NULL;
77
78 /**
79 * see section 3.7.1 of TCG TNC IF-IMC Specification 1.2
80 */
81 TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
82 TNC_Version min_version,
83 TNC_Version max_version,
84 TNC_Version *actual_version)
85 {
86 if (imc_attestation)
87 {
88 DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
89 return TNC_RESULT_ALREADY_INITIALIZED;
90 }
91 if (!pts_meas_algo_probe(&supported_algorithms) ||
92 !pts_dh_group_probe(&supported_dh_groups))
93 {
94 return TNC_RESULT_FATAL;
95 }
96 imc_attestation = imc_agent_create(imc_name, IMC_VENDOR_ID, IMC_SUBTYPE,
97 imc_id, actual_version);
98 if (!imc_attestation)
99 {
100 return TNC_RESULT_FATAL;
101 }
102
103 libpts_init();
104
105 if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
106 {
107 DBG1(DBG_IMC, "no common IF-IMC version");
108 return TNC_RESULT_NO_COMMON_VERSION;
109 }
110 return TNC_RESULT_SUCCESS;
111 }
112
113 /**
114 * see section 3.7.2 of TCG TNC IF-IMC Specification 1.2
115 */
116 TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
117 TNC_ConnectionID connection_id,
118 TNC_ConnectionState new_state)
119 {
120 imc_state_t *state;
121
122 if (!imc_attestation)
123 {
124 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
125 return TNC_RESULT_NOT_INITIALIZED;
126 }
127 switch (new_state)
128 {
129 case TNC_CONNECTION_STATE_CREATE:
130 state = imc_attestation_state_create(connection_id);
131 return imc_attestation->create_state(imc_attestation, state);
132 case TNC_CONNECTION_STATE_DELETE:
133 return imc_attestation->delete_state(imc_attestation, connection_id);
134 case TNC_CONNECTION_STATE_HANDSHAKE:
135 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
136 case TNC_CONNECTION_STATE_ACCESS_NONE:
137 default:
138 return imc_attestation->change_state(imc_attestation, connection_id,
139 new_state, NULL);
140 }
141 }
142
143
144 /**
145 * see section 3.7.3 of TCG TNC IF-IMC Specification 1.2
146 */
147 TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
148 TNC_ConnectionID connection_id)
149 {
150 imc_state_t *state;
151 imc_attestation_state_t *attestation_state;
152 pts_t *pts;
153 char *platform_info;
154 TNC_Result result = TNC_RESULT_SUCCESS;
155
156 if (!imc_attestation)
157 {
158 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
159 return TNC_RESULT_NOT_INITIALIZED;
160 }
161
162 /* get current IMC state */
163 if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
164 {
165 return TNC_RESULT_FATAL;
166 }
167 attestation_state = (imc_attestation_state_t*)state;
168 pts = attestation_state->get_pts(attestation_state);
169
170 platform_info = pts->get_platform_info(pts);
171 if (platform_info)
172 {
173 pa_tnc_msg_t *pa_tnc_msg;
174 pa_tnc_attr_t *attr;
175
176 pa_tnc_msg = pa_tnc_msg_create();
177 attr = ietf_attr_product_info_create(0, 0, platform_info);
178 pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
179 pa_tnc_msg->build(pa_tnc_msg);
180 result = imc_attestation->send_message(imc_attestation, connection_id,
181 pa_tnc_msg->get_encoding(pa_tnc_msg));
182 pa_tnc_msg->destroy(pa_tnc_msg);
183 }
184
185 return result;
186 }
187
188 /**
189 * see section 3.7.4 of TCG TNC IF-IMC Specification 1.2
190 */
191 TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
192 TNC_ConnectionID connection_id,
193 TNC_BufferReference msg,
194 TNC_UInt32 msg_len,
195 TNC_MessageType msg_type)
196 {
197 pa_tnc_msg_t *pa_tnc_msg;
198 pa_tnc_attr_t *attr;
199 linked_list_t *attr_list;
200 imc_state_t *state;
201 imc_attestation_state_t *attestation_state;
202 enumerator_t *enumerator;
203 TNC_Result result;
204
205 if (!imc_attestation)
206 {
207 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
208 return TNC_RESULT_NOT_INITIALIZED;
209 }
210
211 /* get current IMC state */
212 if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
213 {
214 return TNC_RESULT_FATAL;
215 }
216 attestation_state = (imc_attestation_state_t*)state;
217
218 /* parse received PA-TNC message and automatically handle any errors */
219 result = imc_attestation->receive_message(imc_attestation, connection_id,
220 chunk_create(msg, msg_len), msg_type,
221 &pa_tnc_msg);
222
223 /* no parsed PA-TNC attributes available if an error occurred */
224 if (!pa_tnc_msg)
225 {
226 return result;
227 }
228
229 attr_list = linked_list_create();
230 result = TNC_RESULT_SUCCESS;
231
232 /* analyze PA-TNC attributes */
233 enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
234 while (enumerator->enumerate(enumerator, &attr))
235 {
236 if (attr->get_vendor_id(attr) == PEN_IETF &&
237 attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
238 {
239 ietf_attr_pa_tnc_error_t *error_attr;
240 pa_tnc_error_code_t error_code;
241 chunk_t msg_info, attr_info;
242 u_int32_t offset;
243
244 error_attr = (ietf_attr_pa_tnc_error_t*)attr;
245 error_code = error_attr->get_error_code(error_attr);
246 msg_info = error_attr->get_msg_info(error_attr);
247
248 DBG1(DBG_IMC, "received PA-TNC error '%N' concerning message %#B",
249 pa_tnc_error_code_names, error_code, &msg_info);
250 switch (error_code)
251 {
252 case PA_ERROR_INVALID_PARAMETER:
253 offset = error_attr->get_offset(error_attr);
254 DBG1(DBG_IMC, " occurred at offset of %u bytes", offset);
255 break;
256 case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
257 attr_info = error_attr->get_attr_info(error_attr);
258 DBG1(DBG_IMC, " unsupported attribute %#B", &attr_info);
259 break;
260 default:
261 break;
262 }
263 result = TNC_RESULT_FATAL;
264 }
265 else if (attr->get_vendor_id(attr) == PEN_TCG)
266 {
267 if (!imc_attestation_process(attr, attr_list, attestation_state,
268 supported_algorithms, supported_dh_groups))
269 {
270 result = TNC_RESULT_FATAL;
271 }
272 }
273 }
274 enumerator->destroy(enumerator);
275 pa_tnc_msg->destroy(pa_tnc_msg);
276
277 if (result == TNC_RESULT_SUCCESS && attr_list->get_count(attr_list))
278 {
279 pa_tnc_msg = pa_tnc_msg_create();
280
281 enumerator = attr_list->create_enumerator(attr_list);
282 while (enumerator->enumerate(enumerator, &attr))
283 {
284 pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
285 }
286 enumerator->destroy(enumerator);
287
288 pa_tnc_msg->build(pa_tnc_msg);
289 result = imc_attestation->send_message(imc_attestation, connection_id,
290 pa_tnc_msg->get_encoding(pa_tnc_msg));
291 pa_tnc_msg->destroy(pa_tnc_msg);
292 }
293
294 attr_list->destroy(attr_list);
295 return result;
296 }
297
298 /**
299 * see section 3.7.5 of TCG TNC IF-IMC Specification 1.2
300 */
301 TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
302 TNC_ConnectionID connection_id)
303 {
304 if (!imc_attestation)
305 {
306 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
307 return TNC_RESULT_NOT_INITIALIZED;
308 }
309 return TNC_RESULT_SUCCESS;
310 }
311
312 /**
313 * see section 3.7.6 of TCG TNC IF-IMC Specification 1.2
314 */
315 TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
316 {
317 if (!imc_attestation)
318 {
319 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
320 return TNC_RESULT_NOT_INITIALIZED;
321 }
322
323 libpts_deinit();
324
325 imc_attestation->destroy(imc_attestation);
326 imc_attestation = NULL;
327
328 return TNC_RESULT_SUCCESS;
329 }
330
331 /**
332 * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.2
333 */
334 TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
335 TNC_TNCC_BindFunctionPointer bind_function)
336 {
337 if (!imc_attestation)
338 {
339 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
340 return TNC_RESULT_NOT_INITIALIZED;
341 }
342 return imc_attestation->bind_functions(imc_attestation, bind_function);
343 }