attest displays dates either in local time or UTC
[strongswan.git] / src / libpts / plugins / imv_attestation / attest.c
index 82c1f18..1cdacae 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2012 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -22,7 +22,7 @@
 #include <syslog.h>
 
 #include <library.h>
-#include <debug.h>
+#include <utils/debug.h>
 
 #include <imcv.h>
 #include <libpts.h>
@@ -34,7 +34,7 @@
 /**
  * global debug output variables
  */
-static int debug_level = 0;
+static int debug_level = 1;
 static bool stderr_quiet = TRUE;
 
 /**
@@ -99,9 +99,11 @@ static void do_args(int argc, char *argv[])
                OP_USAGE,
                OP_KEYS,
                OP_COMPONENTS,
+               OP_DEVICES,
                OP_FILES,
                OP_HASHES,
                OP_MEASUREMENTS,
+               OP_PACKAGES,
                OP_PRODUCTS,
                OP_ADD,
                OP_DEL,
@@ -117,22 +119,35 @@ static void do_args(int argc, char *argv[])
                struct option long_opts[] = {
                        { "help", no_argument, NULL, 'h' },
                        { "components", no_argument, NULL, 'c' },
+                       { "devices", no_argument, NULL, 'e' },
                        { "files", no_argument, NULL, 'f' },
                        { "keys", no_argument, NULL, 'k' },
+                       { "packages", no_argument, NULL, 'g' },
                        { "products", no_argument, NULL, 'p' },
                        { "hashes", no_argument, NULL, 'H' },
-                       { "measurements", no_argument, NULL, 'M' },
+                       { "measurements", no_argument, NULL, 'm' },
                        { "add", no_argument, NULL, 'a' },
                        { "delete", no_argument, NULL, 'd' },
                        { "del", no_argument, NULL, 'd' },
+                       { "aik", required_argument, NULL, 'A' },
+                       { "blacklist", no_argument, NULL, 'B' },
                        { "component", required_argument, NULL, 'C' },
                        { "comp", required_argument, NULL, 'C' },
                        { "directory", required_argument, NULL, 'D' },
                        { "dir", required_argument, NULL, 'D' },
                        { "file", required_argument, NULL, 'F' },
+                       { "sha1-ima", no_argument, NULL, 'I' },
+                       { "package", required_argument, NULL, 'G' },
                        { "key", required_argument, NULL, 'K' },
                        { "owner", required_argument, NULL, 'O' },
                        { "product", required_argument, NULL, 'P' },
+                       { "relative", no_argument, NULL, 'R' },
+                       { "rel", no_argument, NULL, 'R' },
+                       { "sequence", required_argument, NULL, 'S' },
+                       { "seq", required_argument, NULL, 'S' },
+                       { "utc", no_argument, NULL, 'U' },
+                       { "version", required_argument, NULL, 'V' },
+                       { "security", no_argument, NULL, 'Y' },
                        { "sha1", no_argument, NULL, '1' },
                        { "sha256", no_argument, NULL, '2' },
                        { "sha384", no_argument, NULL, '3' },
@@ -141,6 +156,7 @@ static void do_args(int argc, char *argv[])
                        { "pid", required_argument, NULL, '6' },
                        { "cid", required_argument, NULL, '7' },
                        { "kid", required_argument, NULL, '8' },
+                       { "gid", required_argument, NULL, '9' },
                        { 0,0,0,0 }
                };
 
@@ -155,9 +171,15 @@ static void do_args(int argc, char *argv[])
                        case 'c':
                                op = OP_COMPONENTS;
                                continue;
+                       case 'e':
+                               op = OP_DEVICES;
+                               continue;
                        case 'f':
                                op = OP_FILES;
                                continue;
+                       case 'g':
+                               op = OP_PACKAGES;
+                               continue;
                        case 'k':
                                op = OP_KEYS;
                                continue;
@@ -167,7 +189,7 @@ static void do_args(int argc, char *argv[])
                        case 'H':
                                op = OP_HASHES;
                                continue;
-                       case 'M':
+                       case 'm':
                                op = OP_MEASUREMENTS;
                                continue;
                        case 'a':
@@ -176,6 +198,46 @@ static void do_args(int argc, char *argv[])
                        case 'd':
                                op = OP_DEL;
                                continue;
+                       case 'A':
+                       {
+                               certificate_t *aik_cert;
+                               public_key_t *aik_key;
+                               chunk_t aik;
+
+                               aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+                                                               CERT_X509, BUILD_FROM_FILE, optarg, BUILD_END);
+                               if (!aik_cert)
+                               {
+                                       printf("AIK certificate '%s' could not be loaded\n", optarg);
+                                       exit(EXIT_FAILURE);
+                               }
+                               aik_key = aik_cert->get_public_key(aik_cert);
+                               aik_cert->destroy(aik_cert);
+
+                               if (!aik_key)
+                               {
+                                       printf("AIK public key could not be retrieved\n");
+                                       exit(EXIT_FAILURE);
+                               }
+                               if (!aik_key->get_fingerprint(aik_key, KEYID_PUBKEY_INFO_SHA1,
+                                                                                         &aik))
+                               {
+                                       printf("AIK fingerprint could not be computed\n");
+                                       aik_key->destroy(aik_key);
+                                       exit(EXIT_FAILURE);
+                               }
+                               aik = chunk_clone(aik);
+                               aik_key->destroy(aik_key);
+
+                               if (!attest->set_key(attest, aik, op == OP_ADD))
+                               {
+                                       exit(EXIT_FAILURE);
+                               }
+                               continue;
+                       }
+                       case 'B':
+                               attest->set_security(attest, OS_PACKAGE_STATE_BLACKLIST);
+                               continue;
                        case 'C':
                                if (!attest->set_component(attest, optarg, op == OP_ADD))
                                {
@@ -194,12 +256,26 @@ static void do_args(int argc, char *argv[])
                                        exit(EXIT_FAILURE);
                                }
                                continue;
+                       case 'G':
+                               if (!attest->set_package(attest, optarg, op == OP_ADD))
+                               {
+                                       exit(EXIT_FAILURE);
+                               }
+                               continue;
+                       case 'I':
+                               attest->set_algo(attest, PTS_MEAS_ALGO_SHA1_IMA);
+                               continue;
                        case 'K':
-                               if (!attest->set_key(attest, optarg, op == OP_ADD))
+                       {
+                               chunk_t aik;
+
+                               aik = chunk_from_hex(chunk_create(optarg, strlen(optarg)), NULL);
+                               if (!attest->set_key(attest, aik, op == OP_ADD))
                                {
                                        exit(EXIT_FAILURE);
                                }
                                continue;
+                       }
                        case 'O':
                                attest->set_owner(attest, optarg);
                                continue;
@@ -209,6 +285,24 @@ static void do_args(int argc, char *argv[])
                                        exit(EXIT_FAILURE);
                                }
                                continue;
+                       case 'R':
+                               attest->set_relative(attest);
+                               continue;
+                       case 'S':
+                               attest->set_sequence(attest, atoi(optarg));
+                               continue;
+                       case 'U':
+                               attest->set_utc(attest);
+                               continue;
+                       case 'V':
+                               if (!attest->set_version(attest, optarg))
+                               {
+                                       exit(EXIT_FAILURE);
+                               }
+                               continue;
+                       case 'Y':
+                               attest->set_security(attest, OS_PACKAGE_STATE_SECURITY);
+                               continue;
                        case '1':
                                attest->set_algo(attest, PTS_MEAS_ALGO_SHA1);
                                continue;
@@ -248,6 +342,12 @@ static void do_args(int argc, char *argv[])
                                        exit(EXIT_FAILURE);
                                }
                                continue;
+                       case '9':
+                               if (!attest->set_gid(attest, atoi(optarg)))
+                               {
+                                       exit(EXIT_FAILURE);
+                               }
+                               continue;
                }
                break;
        }
@@ -257,6 +357,9 @@ static void do_args(int argc, char *argv[])
                case OP_USAGE:
                        usage();
                        break;
+               case OP_PACKAGES:
+                       attest->list_packages(attest);
+                       break;
                case OP_PRODUCTS:
                        attest->list_products(attest);
                        break;
@@ -266,6 +369,9 @@ static void do_args(int argc, char *argv[])
                case OP_COMPONENTS:
                        attest->list_components(attest);
                        break;
+               case OP_DEVICES:
+                       attest->list_devices(attest);
+                       break;
                case OP_FILES:
                        attest->list_files(attest);
                        break;