src/libpts/pts/components/ita/ita_comp_tboot.c

   1 /*
   2  * Copyright (C) 2011 Andreas Steffen
   3  *
   4  * HSR Hochschule fuer Technik Rapperswil
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include "ita_comp_tboot.h"
  18 #include "ita_comp_func_name.h"
  19
  20 #include "pts/components/pts_component.h"
  21
  22 #include <debug.h>
  23 #include <pen/pen.h>
  24
  25 typedef struct pts_ita_comp_tboot_t pts_ita_comp_tboot_t;
  26
  27 /**
  28  * Private data of a pts_ita_comp_tboot_t object.
  29  *
  30  */
  31 struct pts_ita_comp_tboot_t {
  32
  33         /**
  34          * Public pts_component_t interface.
  35          */
  36         pts_component_t public;
  37
  38         /**
  39          * Component Functional Name
  40          */
  41         pts_comp_func_name_t *name;
  42
  43         /**
  44          * Extended PCR last handled
  45          */
  46         u_int32_t extended_pcr;
  47
  48         /**
  49          * Time of TBOOT measurement
  50          */
  51         time_t measurement_time;
  52
  53 };
  54
  55 METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
  56         pts_ita_comp_tboot_t *this)
  57 {
  58         return this->name;
  59 }
  60
  61 METHOD(pts_component_t, get_evidence_flags, u_int8_t,
  62         pts_ita_comp_tboot_t *this)
  63 {
  64         return PTS_REQ_FUNC_COMP_FLAG_PCR;
  65 }
  66
  67 METHOD(pts_component_t, measure, status_t,
  68         pts_ita_comp_tboot_t *this, pts_t *pts, pts_comp_evidence_t **evidence)
  69 {
  70         pts_comp_evidence_t *evid;
  71         char *meas_hex, *pcr_before_hex, *pcr_after_hex;
  72         chunk_t measurement, pcr_before, pcr_after;
  73
  74         switch (this->extended_pcr)
  75         {
  76                 case 0:
  77                         /* dummy data since currently the TBOOT log is not retrieved */
  78                         time(&this->measurement_time);
  79                         meas_hex = lib->settings->get_str(lib->settings,
  80                                                 "libimcv.plugins.imc-attestation.pcr17_meas", NULL);
  81                         pcr_before_hex = lib->settings->get_str(lib->settings,
  82                                                 "libimcv.plugins.imc-attestation.pcr17_before", NULL);
  83                         pcr_after_hex = lib->settings->get_str(lib->settings,
  84                                                 "libimcv.plugins.imc-attestation.pcr17_after", NULL);
  85                         this->extended_pcr = PCR_TBOOT_POLICY;
  86                         break;
  87                 case PCR_TBOOT_POLICY:
  88                         /* dummy data since currently the TBOOT log is not retrieved */
  89                         meas_hex = lib->settings->get_str(lib->settings,
  90                                                 "libimcv.plugins.imc-attestation.pcr18_meas", NULL);
  91                         pcr_before_hex = lib->settings->get_str(lib->settings,
  92                                                 "libimcv.plugins.imc-attestation.pcr18_before", NULL);
  93                         pcr_after_hex = lib->settings->get_str(lib->settings,
  94                                                 "libimcv.plugins.imc-attestation.pcr18_after", NULL);
  95                         this->extended_pcr = PCR_TBOOT_MLE;
  96                         break;
  97                 default:
  98                         return FAILED;
  99         }
 100
 101         measurement = chunk_from_hex(
 102                                         chunk_create(meas_hex, strlen(meas_hex)), NULL);
 103         pcr_before = chunk_from_hex(
 104                                         chunk_create(pcr_before_hex, strlen(pcr_before_hex)), NULL);
 105         pcr_after = chunk_from_hex(
 106                                         chunk_create(pcr_after_hex, strlen(pcr_after_hex)), NULL);
 107
 108         evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
 109                                                                 0, this->extended_pcr,
 110                                                                 PTS_MEAS_ALGO_SHA1, PTS_PCR_TRANSFORM_NO,
 111                                                                 this->measurement_time, measurement);
 112         evid->set_pcr_info(evid, pcr_before, pcr_after);
 113
 114         return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
 115 }
 116
 117 METHOD(pts_component_t, verify, status_t,
 118         pts_ita_comp_tboot_t *this, pts_t *pts, pts_database_t *pts_db,
 119         pts_comp_evidence_t *evidence)
 120 {
 121         bool has_pcr_info;
 122         u_int32_t extended_pcr;
 123         pts_meas_algorithms_t algo;
 124         pts_pcr_transform_t transform;
 125         time_t measurement_time;
 126         chunk_t measurement, pcr_before, pcr_after;
 127         pcr_entry_t *entry;
 128
 129         switch (this->extended_pcr)
 130         {
 131                 case 0:
 132                         this->extended_pcr = PCR_TBOOT_POLICY;
 133                         break;
 134                 case PCR_TBOOT_POLICY:
 135                         this->extended_pcr = PCR_TBOOT_MLE;
 136                         break;
 137                 default:
 138                         return FAILED;
 139         }
 140
 141         measurement = evidence->get_measurement(evidence, &extended_pcr,
 142                                                                 &algo, &transform, &measurement_time);
 143         if (extended_pcr != this->extended_pcr)
 144         {
 145                 return FAILED;
 146         }
 147
 148         /* TODO check measurement in database */
 149
 150         has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
 151         if (has_pcr_info)
 152         {
 153                 entry = malloc_thing(pcr_entry_t);
 154                 entry->pcr_number = extended_pcr;
 155                 memcpy(entry->pcr_value, pcr_after.ptr, PCR_LEN);
 156                 pts->add_pcr_entry(pts, entry);
 157         }
 158
 159         return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
 160 }
 161
 162 METHOD(pts_component_t, destroy, void,
 163         pts_ita_comp_tboot_t *this)
 164 {
 165         this->name->destroy(this->name);
 166         free(this);
 167 }
 168
 169 /**
 170  * See header
 171  */
 172 pts_component_t *pts_ita_comp_tboot_create(u_int8_t qualifier)
 173 {
 174         pts_ita_comp_tboot_t *this;
 175
 176         INIT(this,
 177                 .public = {
 178                         .get_comp_func_name = _get_comp_func_name,
 179                         .get_evidence_flags = _get_evidence_flags,
 180                         .measure = _measure,
 181                         .verify = _verify,
 182                         .destroy = _destroy,
 183                 },
 184                 .name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TBOOT,
 185                                                                                   qualifier),
 186         );
 187
 188         return &this->public;
 189 }
 190