attest displays dates either in local time or UTC
[strongswan.git] / src / libpts / plugins / imv_attestation / imv_attestation_state.c
index a093e63..93da9ae 100644 (file)
 
 #include "imv_attestation_state.h"
 
-#include <utils/lexparser.h>
-#include <utils/linked_list.h>
-#include <debug.h>
+#include <libpts.h>
+
+#include <imv/imv_lang_string.h>
+#include "imv/imv_reason_string.h"
+
+#include <collections/linked_list.h>
+#include <utils/debug.h>
 
 typedef struct private_imv_attestation_state_t private_imv_attestation_state_t;
 typedef struct file_meas_request_t file_meas_request_t;
-
-/**
- * PTS File/Directory Measurement request entry
- */
-struct file_meas_request_t {
-       u_int16_t id;
-       int file_id;
-       bool is_dir;
-};
+typedef struct func_comp_t func_comp_t;
 
 /**
  * Private data of an imv_attestation_state_t object.
@@ -50,7 +46,7 @@ struct private_imv_attestation_state_t {
         * TNCCS connection state
         */
        TNC_ConnectionState state;
-       
+
        /**
         * Does the TNCCS connection support long message types?
         */
@@ -102,32 +98,84 @@ struct private_imv_attestation_state_t {
        pts_t *pts;
 
        /**
-        * Measurement error
+        * Measurement error flags
+        */
+       u_int32_t measurement_error;
+
+       /**
+        * TNC Reason String
         */
-       bool measurement_error;
+       imv_reason_string_t *reason_string;
 
 };
 
-typedef struct entry_t entry_t;
+/**
+ * PTS File/Directory Measurement request entry
+ */
+struct file_meas_request_t {
+       u_int16_t id;
+       int file_id;
+       bool is_dir;
+};
 
 /**
- * Define an internal reason string entry
+ * PTS Functional Component entry
  */
-struct entry_t {
-       char *lang;
-       char *string;
+struct func_comp_t {
+       pts_component_t *comp;
+       u_int8_t qualifier;
 };
 
 /**
- * Table of multi-lingual reason string entries 
+ * Frees a func_comp_t object
  */
-static entry_t reasons[] = {
-       { "en", "IMV Attestation: Incorrect/pending file measurement/component"
-                       " evidence or invalid TPM Quote signature received" },
-       { "mn", "IMV Attestation:  Буруу/хүлээгдэж байгаа файл/компонент хэмжилт "
-                       "эсвэл буруу TPM Quote гарын үсэг" },
-       { "de", "IMV Attestation: Falsche/Fehlende Dateimessung/Komponenten Beweis "
-                       "oder ungültige TPM Quote Unterschrift ist erhalten" },
+static void free_func_comp(func_comp_t *this)
+{
+       this->comp->destroy(this->comp);
+       free(this);
+}
+
+/**
+ * Supported languages
+ */
+static char* languages[] = { "en", "de", "mn" };
+
+/**
+ * Table of reason strings
+ */
+static imv_lang_string_t reason_file_meas_fail[] = {
+       { "en", "Incorrect file measurement" },
+       { "de", "Falsche Dateimessung" },
+       { "mn", "Буруу байгаа файл" },
+       { NULL, NULL }
+};
+
+static imv_lang_string_t reason_file_meas_pend[] = {
+       { "en", "Pending file measurement" },
+       { "de", "Ausstehende Dateimessung" },
+       { "mn", "Xүлээгдэж байгаа файл" },
+       { NULL, NULL }
+};
+
+static imv_lang_string_t reason_comp_evid_fail[] = {
+       { "en", "Incorrect component evidence" },
+       { "de", "Falsche Komponenten-Evidenz" },
+       { "mn", "Буруу компонент хэмжилт" },
+       { NULL, NULL }
+};
+
+static imv_lang_string_t reason_comp_evid_pend[] = {
+       { "en", "Pending component evidence" },
+       { "de", "Ausstehende Komponenten-Evidenz" },
+       { "mn", "Xүлээгдэж компонент хэмжилт" },
+       { NULL, NULL }
+};
+
+static imv_lang_string_t reason_tpm_quote_fail[] = {
+       { "en", "Invalid TPM Quote signature received" },
+       { "de", "Falsche TPM Quote Signature erhalten" },
+       { "mn", "Буруу TPM Quote гарын үсэг" },
+       { NULL, NULL }
 };
 
 METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
@@ -190,55 +238,59 @@ METHOD(imv_state_t, set_recommendation, void,
 }
 
 METHOD(imv_state_t, get_reason_string, bool,
-       private_imv_attestation_state_t *this, chunk_t preferred_language,
-       chunk_t *reason_string, chunk_t *reason_language)
+       private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
+       chunk_t *reason_string, char **reason_language)
 {
-       chunk_t pref_lang, lang;
-       u_char *pos;
-       int i;
+       *reason_language = imv_lang_string_select_lang(language_enumerator,
+                                                                                         languages, countof(languages));
 
-       while (eat_whitespace(&preferred_language))
-       {
-               if (!extract_token(&pref_lang, ',', &preferred_language))
-               {
-                       /* last entry in a comma-separated list or single entry */
-                       pref_lang = preferred_language;
-               }
+       /* Instantiate a TNC Reason String object */
+       DESTROY_IF(this->reason_string);
+       this->reason_string = imv_reason_string_create(*reason_language);
 
-               /* eat trailing whitespace */
-               pos = pref_lang.ptr + pref_lang.len - 1;
-               while (pref_lang.len && *pos-- == ' ')
-               {
-                       pref_lang.len--;
-               }
-
-               for (i = 0 ; i < countof(reasons); i++)
-               {
-                       lang = chunk_create(reasons[i].lang, strlen(reasons[i].lang));
-                       if (chunk_equals(lang, pref_lang))
-                       {
-                               *reason_language = lang;
-                               *reason_string = chunk_create(reasons[i].string,
-                                                                               strlen(reasons[i].string));
-                               return TRUE;
-                       }
-               }
+       if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL)
+       {
+               this->reason_string->add_reason(this->reason_string,
+                                                                               reason_file_meas_fail);
        }
+       if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_PEND)
+       {
+               this->reason_string->add_reason(this->reason_string,
+                                                                               reason_file_meas_pend);
+       }
+       if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_FAIL)
+       {
+               this->reason_string->add_reason(this->reason_string,
+                                                                               reason_comp_evid_fail);
+       }
+       if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_PEND)
+       {
+               this->reason_string->add_reason(this->reason_string,
+                                                                               reason_comp_evid_pend);
+       }
+       if (this->measurement_error & IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL)
+       {
+               this->reason_string->add_reason(this->reason_string,
+                                                                               reason_tpm_quote_fail);
+       }
+       *reason_string = this->reason_string->get_encoding(this->reason_string);
 
-       /* no preferred language match found - use the default language */
-       *reason_string =   chunk_create(reasons[0].string,
-                                                                       strlen(reasons[0].string));
-       *reason_language = chunk_create(reasons[0].lang,
-                                                                       strlen(reasons[0].lang));
        return TRUE;
 }
 
+METHOD(imv_state_t, get_remediation_instructions, bool,
+       private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
+       chunk_t *string, char **lang_code, char **uri)
+{
+       return FALSE;
+}
+
 METHOD(imv_state_t, destroy, void,
        private_imv_attestation_state_t *this)
 {
+       DESTROY_IF(this->reason_string);
        this->file_meas_requests->destroy_function(this->file_meas_requests, free);
-       this->components->destroy_offset(this->components,
-                                                                        offsetof(pts_component_t, destroy));
+       this->components->destroy_function(this->components, (void *)free_func_comp);
        this->pts->destroy(this->pts);
        free(this);
 }
@@ -283,7 +335,7 @@ METHOD(imv_attestation_state_t, check_off_file_meas_request, bool,
        enumerator_t *enumerator;
        file_meas_request_t *request;
        bool found = FALSE;
-       
+
        enumerator = this->file_meas_requests->create_enumerator(this->file_meas_requests);
        while (enumerator->enumerate(enumerator, &request))
        {
@@ -307,24 +359,69 @@ METHOD(imv_attestation_state_t, get_file_meas_request_count, int,
        return this->file_meas_requests->get_count(this->file_meas_requests);
 }
 
-METHOD(imv_attestation_state_t, add_component, void,
-       private_imv_attestation_state_t *this, pts_component_t *entry)
+METHOD(imv_attestation_state_t, create_component, pts_component_t*,
+       private_imv_attestation_state_t *this, pts_comp_func_name_t *name,
+       u_int32_t depth, pts_database_t *pts_db)
 {
-       this->components->insert_last(this->components, entry);
+       enumerator_t *enumerator;
+       func_comp_t *entry, *new_entry;
+       pts_component_t *component;
+       bool found = FALSE;
+
+       enumerator = this->components->create_enumerator(this->components);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (name->equals(name, entry->comp->get_comp_func_name(entry->comp)))
+               {
+                       found = TRUE;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+
+       if (found)
+       {
+               if (name->get_qualifier(name) == entry->qualifier)
+               {
+                       /* duplicate entry */
+                       return NULL;
+               }
+               new_entry = malloc_thing(func_comp_t);
+               new_entry->qualifier = name->get_qualifier(name);
+               new_entry->comp = entry->comp->get_ref(entry->comp);
+               this->components->insert_last(this->components, new_entry);
+               return entry->comp;
+       }
+       else
+       {
+               component = pts_components->create(pts_components, name, depth, pts_db);
+               if (!component)
+               {
+                       /* unsupported component */
+                       return NULL;
+               }
+               new_entry = malloc_thing(func_comp_t);
+               new_entry->qualifier = name->get_qualifier(name);
+               new_entry->comp = component;
+               this->components->insert_last(this->components, new_entry);
+               return component;
+       }
 }
 
 METHOD(imv_attestation_state_t, get_component, pts_component_t*,
        private_imv_attestation_state_t *this, pts_comp_func_name_t *name)
 {
        enumerator_t *enumerator;
-       pts_component_t *entry, *found = NULL;
+       func_comp_t *entry;
+       pts_component_t *found = NULL;
 
        enumerator = this->components->create_enumerator(this->components);
        while (enumerator->enumerate(enumerator, &entry))
        {
-               if (name->equals(name, entry->get_comp_func_name(entry)))
+               if (name->equals(name, entry->comp->get_comp_func_name(entry->comp)) &&
+                       name->get_qualifier(name) == entry->qualifier)
                {
-                       found = entry;
+                       found = entry->comp;
                        break;
                }
        }
@@ -332,31 +429,31 @@ METHOD(imv_attestation_state_t, get_component, pts_component_t*,
        return found;
 }
 
-METHOD(imv_attestation_state_t, get_measurement_error, bool,
+METHOD(imv_attestation_state_t, get_measurement_error, u_int32_t,
        private_imv_attestation_state_t *this)
 {
        return this->measurement_error;
 }
 
 METHOD(imv_attestation_state_t, set_measurement_error, void,
-       private_imv_attestation_state_t *this)
+       private_imv_attestation_state_t *this, u_int32_t error)
 {
-       this->measurement_error = TRUE;
+       this->measurement_error |= error;
 }
 
 METHOD(imv_attestation_state_t, finalize_components, void,
        private_imv_attestation_state_t *this)
 {
-       pts_component_t *entry;
+       func_comp_t *entry;
 
        while (this->components->remove_last(this->components,
                                                                                (void**)&entry) == SUCCESS)
        {
-               if (!entry->finalize(entry))
+               if (!entry->comp->finalize(entry->comp, entry->qualifier))
                {
-                       _set_measurement_error(this);
+                       set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
                }
-               entry->destroy(entry);
+               free_func_comp(entry);
        }
 }
 
@@ -372,7 +469,6 @@ METHOD(imv_attestation_state_t, components_finalized, bool,
 imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
 {
        private_imv_attestation_state_t *this;
-       char *platform_info;
 
        INIT(this,
                .public = {
@@ -387,6 +483,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
                                .get_recommendation = _get_recommendation,
                                .set_recommendation = _set_recommendation,
                                .get_reason_string = _get_reason_string,
+                               .get_remediation_instructions = _get_remediation_instructions,
                                .destroy = _destroy,
                        },
                        .get_handshake_state = _get_handshake_state,
@@ -395,7 +492,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
                        .add_file_meas_request = _add_file_meas_request,
                        .check_off_file_meas_request = _check_off_file_meas_request,
                        .get_file_meas_request_count = _get_file_meas_request_count,
-                       .add_component = _add_component,
+                       .create_component = _create_component,
                        .get_component = _get_component,
                        .finalize_components = _finalize_components,
                        .components_finalized = _components_finalized,
@@ -412,12 +509,5 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
                .pts = pts_create(FALSE),
        );
 
-       platform_info = lib->settings->get_str(lib->settings,
-                                                "libimcv.plugins.imv-attestation.platform_info", NULL);
-       if (platform_info)
-       {
-               this->pts->set_platform_info(this->pts, platform_info);
-       }
-       
        return &this->public.interface;
 }