projects / strongswan.git / blob
? search:


4f77ba09379e93304663dd258e366bfe1f6290d8
[strongswan.git] / src / libpts / plugins / imc_attestation / imc_attestation.c
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_attestation_state.h"
17 #include "imc_attestation_process.h"
18
19 #include <imc/imc_agent.h>
20 #include <pa_tnc/pa_tnc_msg.h>
21 #include <ietf/ietf_attr.h>
22 #include <ietf/ietf_attr_pa_tnc_error.h>
23 #include <ietf/ietf_attr_product_info.h>
24
25 #include <libpts.h>
26
27 #include <pts/pts_error.h>
28
29 #include <tcg/tcg_pts_attr_proto_caps.h>
30 #include <tcg/tcg_pts_attr_meas_algo.h>
31
32 #include <tncif_pa_subtypes.h>
33
34 #include <pen/pen.h>
35 #include <debug.h>
36 #include <utils/linked_list.h>
37
38 /* IMC definitions */
39
40 static const char imc_name[] = "Attestation";
41
42 #define IMC_VENDOR_ID PEN_TCG
43 #define IMC_SUBTYPE PA_SUBTYPE_TCG_PTS
44
45 static imc_agent_t *imc_attestation;
46
47 /**
48 * Supported PTS measurement algorithms
49 */
50 static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
51
52 /**
53 * Supported PTS Diffie Hellman Groups
54 */
55 static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
56
57 /**
58 * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
59 */
60 TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
61 TNC_Version min_version,
62 TNC_Version max_version,
63 TNC_Version *actual_version)
64 {
65 if (imc_attestation)
66 {
67 DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
68 return TNC_RESULT_ALREADY_INITIALIZED;
69 }
70 if (!pts_meas_algo_probe(&supported_algorithms) ||
71 !pts_dh_group_probe(&supported_dh_groups))
72 {
73 return TNC_RESULT_FATAL;
74 }
75 imc_attestation = imc_agent_create(imc_name, IMC_VENDOR_ID, IMC_SUBTYPE,
76 imc_id, actual_version);
77 if (!imc_attestation)
78 {
79 return TNC_RESULT_FATAL;
80 }
81
82 libpts_init();
83
84 if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
85 {
86 DBG1(DBG_IMC, "no common IF-IMC version");
87 return TNC_RESULT_NO_COMMON_VERSION;
88 }
89 return TNC_RESULT_SUCCESS;
90 }
91
92 /**
93 * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
94 */
95 TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
96 TNC_ConnectionID connection_id,
97 TNC_ConnectionState new_state)
98 {
99 imc_state_t *state;
100
101 if (!imc_attestation)
102 {
103 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
104 return TNC_RESULT_NOT_INITIALIZED;
105 }
106 switch (new_state)
107 {
108 case TNC_CONNECTION_STATE_CREATE:
109 state = imc_attestation_state_create(connection_id);
110 return imc_attestation->create_state(imc_attestation, state);
111 case TNC_CONNECTION_STATE_DELETE:
112 return imc_attestation->delete_state(imc_attestation, connection_id);
113 case TNC_CONNECTION_STATE_HANDSHAKE:
114 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
115 case TNC_CONNECTION_STATE_ACCESS_NONE:
116 default:
117 return imc_attestation->change_state(imc_attestation, connection_id,
118 new_state, NULL);
119 }
120 }
121
122
123 /**
124 * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
125 */
126 TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
127 TNC_ConnectionID connection_id)
128 {
129 imc_state_t *state;
130 imc_attestation_state_t *attestation_state;
131 pts_t *pts;
132 char *platform_info;
133 TNC_Result result = TNC_RESULT_SUCCESS;
134
135 if (!imc_attestation)
136 {
137 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
138 return TNC_RESULT_NOT_INITIALIZED;
139 }
140
141 /* get current IMC state */
142 if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
143 {
144 return TNC_RESULT_FATAL;
145 }
146 attestation_state = (imc_attestation_state_t*)state;
147 pts = attestation_state->get_pts(attestation_state);
148
149 platform_info = pts->get_platform_info(pts);
150 if (platform_info)
151 {
152 pa_tnc_msg_t *pa_tnc_msg;
153 pa_tnc_attr_t *attr;
154
155 pa_tnc_msg = pa_tnc_msg_create();
156 attr = ietf_attr_product_info_create(0, 0, platform_info);
157 pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
158 pa_tnc_msg->build(pa_tnc_msg);
159 result = imc_attestation->send_message(imc_attestation, connection_id,
160 FALSE, 0, TNC_IMVID_ANY,
161 pa_tnc_msg->get_encoding(pa_tnc_msg));
162 pa_tnc_msg->destroy(pa_tnc_msg);
163 }
164
165 return result;
166 }
167
168 static TNC_Result receive_message(TNC_IMCID imc_id,
169 TNC_ConnectionID connection_id,
170 TNC_UInt32 msg_flags,
171 chunk_t msg,
172 TNC_VendorID msg_vid,
173 TNC_MessageSubtype msg_subtype,
174 TNC_UInt32 src_imv_id,
175 TNC_UInt32 dst_imc_id)
176 {
177 pa_tnc_msg_t *pa_tnc_msg;
178 pa_tnc_attr_t *attr;
179 linked_list_t *attr_list;
180 imc_state_t *state;
181 imc_attestation_state_t *attestation_state;
182 enumerator_t *enumerator;
183 TNC_Result result;
184
185 if (!imc_attestation)
186 {
187 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
188 return TNC_RESULT_NOT_INITIALIZED;
189 }
190
191 /* get current IMC state */
192 if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
193 {
194 return TNC_RESULT_FATAL;
195 }
196 attestation_state = (imc_attestation_state_t*)state;
197
198 /* parse received PA-TNC message and automatically handle any errors */
199 result = imc_attestation->receive_message(imc_attestation, state, msg,
200 msg_vid, msg_subtype, src_imv_id, dst_imc_id, &pa_tnc_msg);
201
202 /* no parsed PA-TNC attributes available if an error occurred */
203 if (!pa_tnc_msg)
204 {
205 return result;
206 }
207
208 /* preprocess any IETF standard error attributes */
209 result = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg) ?
210 TNC_RESULT_FATAL : TNC_RESULT_SUCCESS;
211
212 attr_list = linked_list_create();
213
214 /* analyze PA-TNC attributes */
215 enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
216 while (enumerator->enumerate(enumerator, &attr))
217 {
218 if (attr->get_vendor_id(attr) == PEN_IETF &&
219 attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
220 {
221 ietf_attr_pa_tnc_error_t *error_attr;
222 pen_t error_vendor_id;
223 pa_tnc_error_code_t error_code;
224 chunk_t msg_info;
225
226 error_attr = (ietf_attr_pa_tnc_error_t*)attr;
227 error_vendor_id = error_attr->get_vendor_id(error_attr);
228
229 if (error_vendor_id == PEN_TCG)
230 {
231 error_code = error_attr->get_error_code(error_attr);
232 msg_info = error_attr->get_msg_info(error_attr);
233
234 DBG1(DBG_IMC, "received TCG-PTS error '%N'",
235 pts_error_code_names, error_code);
236 DBG1(DBG_IMC, "error information: %B", &msg_info);
237
238 result = TNC_RESULT_FATAL;
239 }
240 }
241 else if (attr->get_vendor_id(attr) == PEN_TCG)
242 {
243 if (!imc_attestation_process(attr, attr_list, attestation_state,
244 supported_algorithms, supported_dh_groups))
245 {
246 result = TNC_RESULT_FATAL;
247 break;
248 }
249 }
250 }
251 enumerator->destroy(enumerator);
252 pa_tnc_msg->destroy(pa_tnc_msg);
253
254 if (result == TNC_RESULT_SUCCESS && attr_list->get_count(attr_list))
255 {
256 pa_tnc_msg = pa_tnc_msg_create();
257
258 enumerator = attr_list->create_enumerator(attr_list);
259 while (enumerator->enumerate(enumerator, &attr))
260 {
261 pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
262 }
263 enumerator->destroy(enumerator);
264
265 pa_tnc_msg->build(pa_tnc_msg);
266 result = imc_attestation->send_message(imc_attestation, connection_id,
267 FALSE, 0, TNC_IMVID_ANY,
268 pa_tnc_msg->get_encoding(pa_tnc_msg));
269 pa_tnc_msg->destroy(pa_tnc_msg);
270 }
271
272 attr_list->destroy(attr_list);
273 return result;
274 }
275
276 /**
277 * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
278 */
279 TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
280 TNC_ConnectionID connection_id,
281 TNC_BufferReference msg,
282 TNC_UInt32 msg_len,
283 TNC_MessageType msg_type)
284 {
285 TNC_VendorID msg_vid;
286 TNC_MessageSubtype msg_subtype;
287
288 msg_vid = msg_type >> 8;
289 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
290
291 return receive_message(imc_id, connection_id, 0, chunk_create(msg, msg_len),
292 msg_vid, msg_subtype, 0, TNC_IMCID_ANY);
293 }
294
295 /**
296 * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
297 */
298 TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
299 TNC_ConnectionID connection_id,
300 TNC_UInt32 msg_flags,
301 TNC_BufferReference msg,
302 TNC_UInt32 msg_len,
303 TNC_VendorID msg_vid,
304 TNC_MessageSubtype msg_subtype,
305 TNC_UInt32 src_imv_id,
306 TNC_UInt32 dst_imc_id)
307 {
308 return receive_message(imc_id, connection_id, msg_flags,
309 chunk_create(msg, msg_len), msg_vid, msg_subtype,
310 src_imv_id, dst_imc_id);
311 }
312
313 /**
314 * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
315 */
316 TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
317 TNC_ConnectionID connection_id)
318 {
319 if (!imc_attestation)
320 {
321 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
322 return TNC_RESULT_NOT_INITIALIZED;
323 }
324 return TNC_RESULT_SUCCESS;
325 }
326
327 /**
328 * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
329 */
330 TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
331 {
332 if (!imc_attestation)
333 {
334 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
335 return TNC_RESULT_NOT_INITIALIZED;
336 }
337
338 libpts_deinit();
339
340 imc_attestation->destroy(imc_attestation);
341 imc_attestation = NULL;
342
343 return TNC_RESULT_SUCCESS;
344 }
345
346 /**
347 * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
348 */
349 TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
350 TNC_TNCC_BindFunctionPointer bind_function)
351 {
352 if (!imc_attestation)
353 {
354 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
355 return TNC_RESULT_NOT_INITIALIZED;
356 }
357 return imc_attestation->bind_functions(imc_attestation, bind_function);
358 }
strongSwan - IPsec VPN