ikev1: Handle queued TRANSACTION messages only after processing replies
[strongswan.git] / src / libimcv / plugins / imv_attestation / imv_attestation_build.c
1 /*
2 * Copyright (C) 2011-2012 Sansar Choinyambuu
3 * Copyright (C) 2011-2014 Andreas Steffen
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "imv_attestation_build.h"
18 #include "imv_attestation_state.h"
19
20 #include <tcg/pts/tcg_pts_attr_dh_nonce_params_req.h>
21 #include <tcg/pts/tcg_pts_attr_dh_nonce_finish.h>
22 #include <tcg/pts/tcg_pts_attr_get_tpm_version_info.h>
23 #include <tcg/pts/tcg_pts_attr_get_aik.h>
24 #include <tcg/pts/tcg_pts_attr_req_func_comp_evid.h>
25 #include <tcg/pts/tcg_pts_attr_gen_attest_evid.h>
26
27 #include <utils/debug.h>
28
29 bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
30 pts_dh_group_t supported_dh_groups,
31 pts_database_t *pts_db)
32 {
33 imv_attestation_state_t *attestation_state;
34 imv_attestation_handshake_state_t handshake_state;
35 pts_t *pts;
36 pa_tnc_attr_t *attr = NULL;
37
38 attestation_state = (imv_attestation_state_t*)state;
39 handshake_state = attestation_state->get_handshake_state(attestation_state);
40 pts = attestation_state->get_pts(attestation_state);
41
42 switch (handshake_state)
43 {
44 case IMV_ATTESTATION_STATE_NONCE_REQ:
45 {
46 int min_nonce_len;
47
48 /* Send DH nonce parameters request attribute */
49 min_nonce_len = lib->settings->get_int(lib->settings,
50 "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
51 attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
52 supported_dh_groups);
53 attr->set_noskip_flag(attr, TRUE);
54 out_msg->add_attribute(out_msg, attr);
55
56 attestation_state->set_handshake_state(attestation_state,
57 IMV_ATTESTATION_STATE_TPM_INIT);
58 break;
59 }
60 case IMV_ATTESTATION_STATE_TPM_INIT:
61 {
62 pts_meas_algorithms_t selected_algorithm;
63 chunk_t initiator_value, initiator_nonce;
64
65 if (!(state->get_action_flags(state) & IMV_ATTESTATION_DH_NONCE))
66 {
67 break;
68 }
69
70 /* Send DH nonce finish attribute */
71 selected_algorithm = pts->get_meas_algorithm(pts);
72 if (!pts->get_my_public_value(pts, &initiator_value,
73 &initiator_nonce))
74 {
75 return FALSE;
76 }
77 attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
78 initiator_value, initiator_nonce);
79 attr->set_noskip_flag(attr, TRUE);
80 out_msg->add_attribute(out_msg, attr);
81
82 /* Send Get TPM Version attribute */
83 attr = tcg_pts_attr_get_tpm_version_info_create();
84 attr->set_noskip_flag(attr, TRUE);
85 out_msg->add_attribute(out_msg, attr);
86
87 /* Send Get AIK attribute */
88 attr = tcg_pts_attr_get_aik_create();
89 attr->set_noskip_flag(attr, TRUE);
90 out_msg->add_attribute(out_msg, attr);
91
92 attestation_state->set_handshake_state(attestation_state,
93 IMV_ATTESTATION_STATE_COMP_EVID);
94 break;
95 }
96 case IMV_ATTESTATION_STATE_COMP_EVID:
97 {
98 tcg_pts_attr_req_func_comp_evid_t *attr_cast;
99 enumerator_t *enumerator;
100 pts_comp_func_name_t *name;
101 uint8_t flags;
102 uint32_t depth;
103 bool first_component = TRUE;
104
105 if (!(state->get_action_flags(state) & IMV_ATTESTATION_AIK))
106 {
107 break;
108 }
109
110 attestation_state->set_handshake_state(attestation_state,
111 IMV_ATTESTATION_STATE_END);
112
113 if (!pts->get_aik_id(pts))
114 {
115 attestation_state->set_measurement_error(attestation_state,
116 IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
117 return FALSE;
118 }
119
120 enumerator = attestation_state->create_component_enumerator(
121 attestation_state);
122 while (enumerator->enumerate(enumerator, &flags, &depth, &name))
123 {
124 if (first_component)
125 {
126 attr = tcg_pts_attr_req_func_comp_evid_create();
127 attr->set_noskip_flag(attr, TRUE);
128 first_component = FALSE;
129 DBG2(DBG_IMV, "evidence request by");
130 }
131 name->log(name, " ");
132
133 /* TODO check flags against negotiated_caps */
134 attr_cast = (tcg_pts_attr_req_func_comp_evid_t *)attr;
135 attr_cast->add_component(attr_cast, flags, depth, name);
136 }
137 enumerator->destroy(enumerator);
138
139 if (attr)
140 {
141 /* Send Request Functional Component Evidence attribute */
142 out_msg->add_attribute(out_msg, attr);
143
144 /* Send Generate Attestation Evidence attribute */
145 attr = tcg_pts_attr_gen_attest_evid_create();
146 attr->set_noskip_flag(attr, TRUE);
147 out_msg->add_attribute(out_msg, attr);
148
149 attestation_state->set_handshake_state(attestation_state,
150 IMV_ATTESTATION_STATE_EVID_FINAL);
151 }
152 break;
153 }
154 default:
155 break;
156 }
157
158 return TRUE;
159 }