projects / strongswan.git / blob
? search:


9923204ffa01070fe41061bf90f6d786efa76ce6
[strongswan.git] / src / libimcv / plugins / imv_attestation / imv_attestation_state.c
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imv_attestation_state.h"
17
18 #include <utils/lexparser.h>
19 #include <utils/linked_list.h>
20 #include <debug.h>
21
22 typedef struct private_imv_attestation_state_t private_imv_attestation_state_t;
23 typedef struct file_meas_request_t file_meas_request_t;
24
25 /**
26 * PTS File/Directory Measurement request entry
27 */
28 struct file_meas_request_t {
29 u_int16_t id;
30 int file_id;
31 bool is_dir;
32 };
33
34 /**
35 * Private data of an imv_attestation_state_t object.
36 */
37 struct private_imv_attestation_state_t {
38
39 /**
40 * Public members of imv_attestation_state_t
41 */
42 imv_attestation_state_t public;
43
44 /**
45 * TNCCS connection ID
46 */
47 TNC_ConnectionID connection_id;
48
49 /**
50 * TNCCS connection state
51 */
52 TNC_ConnectionState state;
53
54 /**
55 * IMV Attestation handshake state
56 */
57 imv_attestation_handshake_state_t handshake_state;
58
59 /**
60 * IMV action recommendation
61 */
62 TNC_IMV_Action_Recommendation rec;
63
64 /**
65 * IMV evaluation result
66 */
67 TNC_IMV_Evaluation_Result eval;
68
69 /**
70 * File Measurement Request counter
71 */
72 u_int16_t file_meas_request_counter;
73
74 /**
75 * List of PTS File/Directory Measurement requests
76 */
77 linked_list_t *file_meas_requests;
78
79 /**
80 * List of Functional Component Evidence requests
81 */
82 linked_list_t *comp_evid_requests;
83
84 /**
85 * PTS object
86 */
87 pts_t *pts;
88
89 /**
90 * Measurement error
91 */
92 bool measurement_error;
93
94 };
95
96 typedef struct entry_t entry_t;
97
98 /**
99 * Define an internal reason string entry
100 */
101 struct entry_t {
102 char *lang;
103 char *string;
104 };
105
106 /**
107 * Table of multi-lingual reason string entries
108 */
109 static entry_t reasons[] = {
110 { "en", "IMV Attestation: Incorrect/pending file measurement/component"
111 " evidence or invalid TPM Quote signature received" },
112 { "mn", "IMV Attestation: Буруу/хүлээгдэж байгаа файл/компонент хэмжилт "
113 "эсвэл буруу TPM Quote гарын үсэг" },
114 { "de", "IMV Attestation: Falsche/Fehlende Dateimessung/Komponenten Beweis "
115 "oder ungültige TPM Quote Unterschrift ist erhalten" },
116 };
117
118 METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
119 private_imv_attestation_state_t *this)
120 {
121 return this->connection_id;
122 }
123
124 METHOD(imv_state_t, change_state, void,
125 private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
126 {
127 this->state = new_state;
128 }
129
130 METHOD(imv_state_t, get_recommendation, void,
131 private_imv_attestation_state_t *this, TNC_IMV_Action_Recommendation *rec,
132 TNC_IMV_Evaluation_Result *eval)
133 {
134 *rec = this->rec;
135 *eval = this->eval;
136 }
137
138 METHOD(imv_state_t, set_recommendation, void,
139 private_imv_attestation_state_t *this, TNC_IMV_Action_Recommendation rec,
140 TNC_IMV_Evaluation_Result eval)
141 {
142 this->rec = rec;
143 this->eval = eval;
144 }
145
146 METHOD(imv_state_t, get_reason_string, bool,
147 private_imv_attestation_state_t *this, chunk_t preferred_language,
148 chunk_t *reason_string, chunk_t *reason_language)
149 {
150 chunk_t pref_lang, lang;
151 u_char *pos;
152 int i;
153
154 while (eat_whitespace(&preferred_language))
155 {
156 if (!extract_token(&pref_lang, ',', &preferred_language))
157 {
158 /* last entry in a comma-separated list or single entry */
159 pref_lang = preferred_language;
160 }
161
162 /* eat trailing whitespace */
163 pos = pref_lang.ptr + pref_lang.len - 1;
164 while (pref_lang.len && *pos-- == ' ')
165 {
166 pref_lang.len--;
167 }
168
169 for (i = 0 ; i < countof(reasons); i++)
170 {
171 lang = chunk_create(reasons[i].lang, strlen(reasons[i].lang));
172 if (chunk_equals(lang, pref_lang))
173 {
174 *reason_language = lang;
175 *reason_string = chunk_create(reasons[i].string,
176 strlen(reasons[i].string));
177 return TRUE;
178 }
179 }
180 }
181
182 /* no preferred language match found - use the default language */
183 *reason_string = chunk_create(reasons[0].string,
184 strlen(reasons[0].string));
185 *reason_language = chunk_create(reasons[0].lang,
186 strlen(reasons[0].lang));
187 return TRUE;
188 }
189
190 METHOD(imv_state_t, destroy, void,
191 private_imv_attestation_state_t *this)
192 {
193 this->file_meas_requests->destroy_function(this->file_meas_requests, free);
194 this->comp_evid_requests->destroy_function(this->comp_evid_requests, free);
195 this->pts->destroy(this->pts);
196 free(this);
197 }
198
199 METHOD(imv_attestation_state_t, get_handshake_state,
200 imv_attestation_handshake_state_t, private_imv_attestation_state_t *this)
201 {
202 return this->handshake_state;
203 }
204
205 METHOD(imv_attestation_state_t, set_handshake_state, void,
206 private_imv_attestation_state_t *this,
207 imv_attestation_handshake_state_t new_state)
208 {
209 this->handshake_state = new_state;
210 }
211
212 METHOD(imv_attestation_state_t, get_pts, pts_t*,
213 private_imv_attestation_state_t *this)
214 {
215 return this->pts;
216 }
217
218 METHOD(imv_attestation_state_t, add_file_meas_request, u_int16_t,
219 private_imv_attestation_state_t *this, int file_id, bool is_dir)
220 {
221 file_meas_request_t *request;
222
223 request = malloc_thing(file_meas_request_t);
224 request->id = ++this->file_meas_request_counter;
225 request->file_id = file_id;
226 request->is_dir = is_dir;
227 this->file_meas_requests->insert_last(this->file_meas_requests, request);
228
229 return this->file_meas_request_counter;
230 }
231
232 METHOD(imv_attestation_state_t, check_off_file_meas_request, bool,
233 private_imv_attestation_state_t *this, u_int16_t id, int *file_id,
234 bool* is_dir)
235 {
236 enumerator_t *enumerator;
237 file_meas_request_t *request;
238 bool found = FALSE;
239
240 enumerator = this->file_meas_requests->create_enumerator(this->file_meas_requests);
241 while (enumerator->enumerate(enumerator, &request))
242 {
243 if (request->id == id)
244 {
245 found = TRUE;
246 *file_id = request->file_id;
247 *is_dir = request->is_dir;
248 this->file_meas_requests->remove_at(this->file_meas_requests, enumerator);
249 free(request);
250 break;
251 }
252 }
253 enumerator->destroy(enumerator);
254 return found;
255 }
256
257 METHOD(imv_attestation_state_t, get_file_meas_request_count, int,
258 private_imv_attestation_state_t *this)
259 {
260 return this->file_meas_requests->get_count(this->file_meas_requests);
261 }
262
263 METHOD(imv_attestation_state_t, add_comp_evid_request, void,
264 private_imv_attestation_state_t *this, funct_comp_evid_req_entry_t *entry)
265 {
266 pts_comp_func_name_t *request;
267
268 request = entry->name->clone(entry->name);
269 this->comp_evid_requests->insert_last(this->comp_evid_requests, request);
270 }
271
272 METHOD(imv_attestation_state_t, check_off_comp_evid_request, bool,
273 private_imv_attestation_state_t *this, pts_comp_func_name_t *name)
274 {
275 enumerator_t *enumerator;
276 pts_comp_func_name_t *request;
277 bool found = FALSE;
278
279 enumerator = this->comp_evid_requests->create_enumerator(this->comp_evid_requests);
280 while (enumerator->enumerate(enumerator, &request))
281 {
282 if (name->equals(name, request))
283 {
284 found = TRUE;
285 this->comp_evid_requests->remove_at(this->comp_evid_requests, enumerator);
286 free(request);
287 break;
288 }
289 }
290 enumerator->destroy(enumerator);
291 return found;
292 }
293
294 METHOD(imv_attestation_state_t, get_comp_evid_request_count, int,
295 private_imv_attestation_state_t *this)
296 {
297 return this->comp_evid_requests->get_count(this->comp_evid_requests);
298 }
299
300 METHOD(imv_attestation_state_t, get_measurement_error, bool,
301 private_imv_attestation_state_t *this)
302 {
303 return this->measurement_error;
304 }
305
306 METHOD(imv_attestation_state_t, set_measurement_error, void,
307 private_imv_attestation_state_t *this)
308 {
309 this->measurement_error = TRUE;
310 }
311
312 /**
313 * Described in header.
314 */
315 imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
316 {
317 private_imv_attestation_state_t *this;
318 char *platform_info;
319
320 INIT(this,
321 .public = {
322 .interface = {
323 .get_connection_id = _get_connection_id,
324 .change_state = _change_state,
325 .get_recommendation = _get_recommendation,
326 .set_recommendation = _set_recommendation,
327 .get_reason_string = _get_reason_string,
328 .destroy = _destroy,
329 },
330 .get_handshake_state = _get_handshake_state,
331 .set_handshake_state = _set_handshake_state,
332 .get_pts = _get_pts,
333 .add_file_meas_request = _add_file_meas_request,
334 .check_off_file_meas_request = _check_off_file_meas_request,
335 .get_file_meas_request_count = _get_file_meas_request_count,
336 .add_comp_evid_request = _add_comp_evid_request,
337 .check_off_comp_evid_request = _check_off_comp_evid_request,
338 .get_comp_evid_request_count = _get_comp_evid_request_count,
339 .get_measurement_error = _get_measurement_error,
340 .set_measurement_error = _set_measurement_error,
341 },
342 .connection_id = connection_id,
343 .state = TNC_CONNECTION_STATE_CREATE,
344 .handshake_state = IMV_ATTESTATION_STATE_INIT,
345 .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
346 .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
347 .file_meas_requests = linked_list_create(),
348 .comp_evid_requests = linked_list_create(),
349 .pts = pts_create(FALSE),
350 );
351
352 platform_info = lib->settings->get_str(lib->settings,
353 "libimcv.plugins.imv-attestation.platform_info", NULL);
354 if (platform_info)
355 {
356 this->pts->set_platform_info(this->pts, platform_info);
357 }
358
359 return &this->public.interface;
360 }
strongSwan - IPsec VPN