Began implementing handline of Functional Component Measuring attributes
authorSansar Choinyambuu <schoinya@hsr.ch>
Fri, 16 Sep 2011 14:13:50 +0000 (16:13 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 13:34:20 +0000 (14:34 +0100)
src/libimcv/plugins/imc_attestation/imc_attestation.c
src/libimcv/plugins/imv_attestation/imv_attestation.c
src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c
src/libpts/tcg/tcg_pts_attr_simple_evid_final.c

index f5ed6a3..ee82485 100644 (file)
@@ -260,15 +260,15 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
                                case TCG_PTS_REQ_PROTO_CAPS:
                                {
                                        tcg_pts_attr_proto_caps_t *attr_cast;
-                                       pts_proto_caps_flag_t imc_flags, imv_flags;
+                                       pts_proto_caps_flag_t imc_caps, imv_caps;
 
                                        attr_cast = (tcg_pts_attr_proto_caps_t*)attr;
-                                       imv_flags = attr_cast->get_flags(attr_cast);
-                                       imc_flags = pts->get_proto_caps(pts);
-                                       pts->set_proto_caps(pts, imc_flags & imv_flags);
+                                       imv_caps = attr_cast->get_flags(attr_cast);
+                                       imc_caps = pts->get_proto_caps(pts);
+                                       pts->set_proto_caps(pts, imc_caps & imv_caps);
 
                                        /* Send PTS Protocol Capabilities attribute */
-                                       attr = tcg_pts_attr_proto_caps_create(imc_flags & imv_flags,
+                                       attr = tcg_pts_attr_proto_caps_create(imc_caps & imv_caps,
                                                                                                                  FALSE);
                                        attr_list->insert_last(attr_list, attr);
                                        break;
@@ -350,9 +350,134 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
        
                                /* PTS-based Attestation Evidence */
                                case TCG_PTS_REQ_FUNCT_COMP_EVID:
+                               {
+                                       tcg_pts_attr_req_funct_comp_evid_t *attr_cast;
+                                       pts_proto_caps_flag_t negotiated_caps;
+                                       pts_attr_req_funct_comp_evid_flag_t flags;
+                                       u_int32_t sub_comp_depth;
+                                       u_int32_t comp_name_vendor_id;
+                                       u_int8_t family;
+                                       pts_qualifier_t qualifier;
+                                       pts_funct_comp_name_t name;
+                                       
+                                       attr_info = attr->get_value(attr);
+                                       attr_cast = (tcg_pts_attr_req_funct_comp_evid_t*)attr;
+                                       negotiated_caps = pts->get_proto_caps(pts);
+                                       flags = attr_cast->get_flags(attr_cast);
+
+                                       if (flags & PTS_REQ_FUNC_COMP_FLAG_TTC)
+                                       {
+                                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               TCG_PTS_UNABLE_DET_TTC, attr_info);
+                                               attr_list->insert_last(attr_list, attr);
+                                               break;
+                                       }
+                                       if (flags & PTS_REQ_FUNC_COMP_FLAG_VER &&
+                                               !(negotiated_caps & PTS_PROTO_CAPS_V))
+                                       {
+                                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               TCG_PTS_UNABLE_LOCAL_VAL, attr_info);
+                                               attr_list->insert_last(attr_list, attr);
+                                               break;
+                                       }
+                                       if (flags & PTS_REQ_FUNC_COMP_FLAG_CURR &&
+                                               !(negotiated_caps & PTS_PROTO_CAPS_C))
+                                       {
+                                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               TCG_PTS_UNABLE_CUR_EVID, attr_info);
+                                               attr_list->insert_last(attr_list, attr);
+                                               break;
+                                       }
+                                       if (flags & PTS_REQ_FUNC_COMP_FLAG_PCR &&
+                                               !(negotiated_caps & PTS_PROTO_CAPS_T))
+                                       {
+                                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               TCG_PTS_UNABLE_DET_PCR, attr_info);
+                                               attr_list->insert_last(attr_list, attr);
+                                               break;
+                                       }
+
+                                       sub_comp_depth = attr_cast->get_sub_component_depth(attr_cast);
+                                       /* TODO: Implement checking of components with its sub-components */
+                                       if (sub_comp_depth != 1)
+                                       {
+                                               DBG1(DBG_IMC, "Current version of Attestation IMC does not support"
+                                                                         "sub component measurement deeper than 1. "
+                                                                          "Measuring top level component only.");
+                                       }
+                                       
+                                       comp_name_vendor_id = attr_cast->get_comp_funct_name_vendor_id(attr_cast);
+                                       if (comp_name_vendor_id != PEN_TCG)
+                                       {
+                                               DBG1(DBG_IMC, "Current version of Attestation IMC supports"
+                                                                         "only functional component namings by TCG ");
+                                               break;
+                                       }
+                                       
+                                       family = attr_cast->get_family(attr_cast);
+                                       if (family)
+                                       {
+                                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               TCG_PTS_INVALID_NAME_FAM, attr_info);
+                                               attr_list->insert_last(attr_list, attr);
+                                               break;
+                                       }
+
+                                       qualifier = attr_cast->get_qualifier(attr_cast);
+                                       /* Check if Unknown or Wildcard was set for qualifier */
+                                       if (qualifier.kernel && qualifier.sub_component &&
+                                                                       (qualifier.type & PTS_FUNC_COMP_TYPE_ALL))
+                                       {
+                                               DBG2(DBG_IMC, "Wildcard was set for the qualifier of functional"
+                                                       " component. Identifying the component with name binary enumeration");
+                                       }
+                                       else if (!qualifier.kernel && !qualifier.sub_component &&
+                                                                       (qualifier.type & PTS_FUNC_COMP_TYPE_UNKNOWN))
+                                       {
+                                               DBG2(DBG_IMC, "Unknown was set for the qualifier of functional"
+                                                       " component. Identifying the component with name binary enumeration");
+                                       }
+                                       else
+                                       {
+                                               /* TODO: Implement what todo with received qualifier */
+                                       }
+                                       
+                                       name = attr_cast->get_comp_funct_name(attr_cast);
+                                       switch (name)
+                                       {
+                                               case PTS_FUNC_COMP_NAME_BIOS:
+                                               {
+                                                       /* TODO: Implement BIOS measurement */
+                                                       DBG1(DBG_IMC, "TODO: Implement BIOS measurement");
+                                                       break;
+                                               }
+                                               case PTS_FUNC_COMP_NAME_IGNORE:
+                                               case PTS_FUNC_COMP_NAME_CRTM:
+                                               case PTS_FUNC_COMP_NAME_PLATFORM_EXT:
+                                               case PTS_FUNC_COMP_NAME_BOARD:
+                                               case PTS_FUNC_COMP_NAME_INIT_LOADER:
+                                               case PTS_FUNC_COMP_NAME_OPT_ROMS:
+                                               default:
+                                               {
+                                                       DBG1(DBG_IMC, "Unsupported Functional Component Name");
+                                                       break;
+                                               }
+                                       }
+                                       
                                        break;
+                               }
                                case TCG_PTS_GEN_ATTEST_EVID:
+                               {
+                                       pts_simple_evid_final_flag_t flags;
+                                       /* TODO: TPM quote operation over included PCR's */
+                                       
+                                       /* Send Simple Evidence Final attribute */
+                                       flags = PTS_SIMPLE_EVID_FINAL_FLAG_NO;
+                                       attr = tcg_pts_attr_simple_evid_final_create(flags, 0,
+                                                                                       chunk_empty, chunk_empty, chunk_empty);
+                                       attr_list->insert_last(attr_list, attr);
                                        break;
+                               }
                                case TCG_PTS_REQ_FILE_META:
                                {
                                        tcg_pts_attr_req_file_meta_t *attr_cast;
index 1eb76b9..0574ba0 100644 (file)
@@ -249,7 +249,7 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
                        bool is_dir;
 
                        attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_END);
+                                                                               IMV_ATTESTATION_STATE_COMP_EVID);
 
                        /* Does the PTS-IMC have TPM support? */
                        if (pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T)
@@ -305,6 +305,34 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
                        break;
                }
                case IMV_ATTESTATION_STATE_COMP_EVID:
+               {
+                       pts_attr_req_funct_comp_evid_flag_t flags;
+                       u_int32_t sub_comp_depth;
+                       pts_qualifier_t qualifier;
+                       pts_funct_comp_name_t name;
+                       
+                       attestation_state->set_handshake_state(attestation_state,
+                                                                               IMV_ATTESTATION_STATE_END);
+
+                       flags = PTS_REQ_FUNC_COMP_FLAG_PCR;
+                       sub_comp_depth = 1;
+                       qualifier.kernel = FALSE;
+                       qualifier.sub_component = FALSE;
+                       qualifier.type = PTS_FUNC_COMP_TYPE_ALL;
+                       name = PTS_FUNC_COMP_NAME_BIOS;
+                       
+                       /* Send Request Functional Component Evidence attribute */
+                       attr = tcg_pts_attr_req_funct_comp_evid_create(flags, sub_comp_depth,
+                                                                                                               PEN_TCG, qualifier, name);
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+                       /* Send Generate Attestation Evidence attribute */
+                       attr = tcg_pts_attr_gen_attest_evid_create();
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+                       
+                       break;
+               }
                case IMV_ATTESTATION_STATE_IML:
                        DBG1(DBG_IMV, "Attestation IMV has nothing to send: \"%s\"",
                                 handshake_state);
@@ -497,9 +525,21 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
        
                                /* PTS-based Attestation Evidence */
                                case TCG_PTS_SIMPLE_COMP_EVID:
+                               {
+                                       /** TODO: Implement saving the PCR number, Hash Algo = communicated one,
+                                        * PCR transform (truncate SHA256, SHA384), PCR before and after values
+                                        */ 
                                        break;
+                               }
+                                       
                                case TCG_PTS_SIMPLE_EVID_FINAL:
+                               {
+                                       /** TODO: Implement construct Quote structure over saved values from
+                                        * TCG_PTS_SIMPLE_COMP_EVID and compare with received one
+                                        */ 
                                        break;
+                               }
+                                       
                                case TCG_PTS_FILE_MEAS:
                                {
                                        tcg_pts_attr_file_meas_t *attr_cast;
index 0f46058..18f151f 100644 (file)
@@ -160,30 +160,11 @@ METHOD(pa_tnc_attr_t, build, void,
        private_tcg_pts_attr_req_funct_comp_evid_t *this)
 {
        bio_writer_t *writer;
-       u_int8_t flags = 0;
        u_int8_t qualifier = 0;
 
        writer = bio_writer_create(PTS_REQ_FUNCT_COMP_EVID_SIZE);
        
-       /* Determine the flags to set*/
-       if (this->flags & PTS_REQ_FUNC_COMP_FLAG_PCR)
-       {
-               flags += 128;
-       }
-       if (this->flags & PTS_REQ_FUNC_COMP_FLAG_CURR)
-       {
-               flags += 64;
-       }
-       if (this->flags & PTS_REQ_FUNC_COMP_FLAG_VER)
-       {
-               flags += 32;
-       }
-       if (this->flags & PTS_REQ_FUNC_COMP_FLAG_TTC)
-       {
-               flags += 16;
-       }
-       writer->write_uint8(writer, flags);
-       
+       writer->write_uint8(writer, this->flags);
        writer->write_uint24 (writer, this->depth);
        writer->write_uint24 (writer, this->comp_vendor_id);
        
@@ -253,14 +234,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
        {
                this->family += 2;
        }
-       
-       /* TODO: Generate an IF-M error attribute indicating */
-       /* TCG_PTS_INVALID_NAME_FAM */
-       //if (&this->comp_vendor_id==PEN_TCG && this->family != PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM)
-       //{
-       //      DBG1(DBG_TNC, "Functional Name Encoding Family is not set to 00");
-       //}
-       
+               
        if (((fam_and_qualifier >> 5) & 1) )
        {
                this->qualifier.kernel = true;
@@ -270,10 +244,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
                this->qualifier.sub_component = true;
        }
        this->qualifier.type = ( fam_and_qualifier & 0xF );
-       /* TODO: Check the type is defined in pts_attr_req_funct_comp_type_t */
-       
        reader->read_uint32(reader, &this->name);
-       /* TODO: Check the name is defined in pts_funct_comp_name_t */
 
        reader->destroy(reader);
        return SUCCESS;
@@ -345,9 +316,9 @@ METHOD(tcg_pts_attr_req_funct_comp_evid_t, set_comp_funct_name, void,
  */
 pa_tnc_attr_t *tcg_pts_attr_req_funct_comp_evid_create(
                                                                        pts_attr_req_funct_comp_evid_flag_t flags,
-                                                                          u_int32_t depth, u_int32_t vendor_id,
-                                                                         pts_qualifier_t qualifier,
-                                                                         pts_funct_comp_name_t name)
+                                                                       u_int32_t depth, u_int32_t vendor_id,
+                                                                       pts_qualifier_t qualifier,
+                                                                       pts_funct_comp_name_t name)
 {
        private_tcg_pts_attr_req_funct_comp_evid_t *this;
 
index fa2f6e5..6081cba 100644 (file)
@@ -43,7 +43,7 @@ typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_sim
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-#define PTS_SIMPLE_EVID_FINAL_SIZE                     4
+#define PTS_SIMPLE_EVID_FINAL_SIZE                     2
 #define PTS_SIMPLE_EVID_FINAL_RESERVED         0x00
 
 /**
@@ -158,11 +158,15 @@ METHOD(pa_tnc_attr_t, build, void,
        {
                flags += 32;
        }
+       
        writer->write_uint8 (writer, flags);
        writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED);
-       writer->write_uint16(writer, this->comp_hash_algorithm);
-
+       
        /* Optional fields */
+       if (this->comp_hash_algorithm)
+       {
+               writer->write_uint16(writer, this->comp_hash_algorithm);
+       }
        if (this->pcr_comp.ptr && this->pcr_comp.len > 0)
        {
                writer->write_uint32 (writer, this->pcr_comp.len);
@@ -199,9 +203,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
        reader = bio_reader_create(this->value);
        
        reader->read_uint8(reader, &flags);
+       reader->read_uint8(reader, &reserved);
        
        /* Determine the flags to set*/
-       if (!((flags >> 7) & 1) && !((flags >> 6) & 1))
+       if ((flags >> 5) & 1)
+       {
+               this->flags |= PTS_SIMPLE_EVID_FINAL_FLAG_EVID;
+       }
+       
+       if (!((flags >> 6) & PTS_SIMPLE_EVID_FINAL_FLAG_NO))
        {
                this->flags |= PTS_SIMPLE_EVID_FINAL_FLAG_NO;
        }
@@ -217,20 +227,14 @@ METHOD(pa_tnc_attr_t, process, status_t,
        {
                this->flags |= PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2_CAP_VER;
        }
-       if ((flags >> 5) & 1)
-       {
-               this->flags |= PTS_SIMPLE_EVID_FINAL_FLAG_EVID;
-       }
-       
-       reader->read_uint8(reader, &reserved);
-       reader->read_uint16(reader, &algorithm);
-       this->comp_hash_algorithm = algorithm;
-       
-       /*  Optional TPM PCR Composite field is included */
-       if (!(this->flags & PTS_SIMPLE_EVID_FINAL_FLAG_NO))
+
+       /*  Optional Composite Hash Algorithm and TPM PCR Composite field is included */
+       if ((flags >> 6) & PTS_SIMPLE_EVID_FINAL_FLAG_NO)
        {
                u_int32_t pcr_comp_len;
                u_int32_t tpm_quote_sign_len;
+               reader->read_uint16(reader, &algorithm);
+               this->comp_hash_algorithm = algorithm;
                reader->read_uint32(reader, &pcr_comp_len);
                reader->read_data(reader, pcr_comp_len, &this->pcr_comp);
                this->pcr_comp = chunk_clone(this->pcr_comp);