differences incurred by rebasing - thanks Linus
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 21:03:46 +0000 (22:03 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 21:03:46 +0000 (22:03 +0100)
src/libpts/plugins/imc_attestation/imc_attestation.c
src/libpts/plugins/imv_attestation/attest.c
src/libpts/plugins/imv_attestation/imv_attestation.c
src/libpts/pts/pts.c
src/libpts/pts/pts.h
src/libpts/pts/pts_dh_group.h
src/libpts/tcg/tcg_pts_attr_simple_evid_final.c

index 9c60302..e25b238 100644 (file)
@@ -28,6 +28,7 @@
 
 #include <tcg/tcg_pts_attr_proto_caps.h>
 #include <tcg/tcg_pts_attr_meas_algo.h>
+
 #include <tncif_pa_subtypes.h>
 
 #include <pen/pen.h>
@@ -54,28 +55,6 @@ static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
 static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
 
 /**
- * List of buffered Simple Component Evidences
- * To be sent on reception of Generate Attestation Evidence attribute
- */
-static linked_list_t *evidences = NULL;
-
-/**
- * Supported PTS Diffie Hellman Groups
- */
-static pts_dh_group_t supported_dh_groups = 0;
-
-/**
- * Supported PTS Diffie Hellman Groups
- */
-static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
-
-/**
- * List of buffered Simple Component Evidences
- * To be sent on reception of Generate Attestation Evidence attribute
- */
-static linked_list_t *evidences = NULL;
-
-/**
  * see section 3.7.1 of TCG TNC IF-IMC Specification 1.2
  */
 TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
@@ -268,6 +247,7 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
                                supported_algorithms, supported_dh_groups))
                        {
                                result = TNC_RESULT_FATAL;
+                               break;
                        }
                }
        }
index ac91b5a..82c1f18 100644 (file)
@@ -125,11 +125,8 @@ static void do_args(int argc, char *argv[])
                        { "add", no_argument, NULL, 'a' },
                        { "delete", no_argument, NULL, 'd' },
                        { "del", no_argument, NULL, 'd' },
-                       { "products", no_argument, NULL, 'p' },
-                       { "hashes", no_argument, NULL, 'H' },
-                       { "add", no_argument, NULL, 'a' },
-                       { "delete", no_argument, NULL, 'd' },
-                       { "del", no_argument, NULL, 'd' },
+                       { "component", required_argument, NULL, 'C' },
+                       { "comp", required_argument, NULL, 'C' },
                        { "directory", required_argument, NULL, 'D' },
                        { "dir", required_argument, NULL, 'D' },
                        { "file", required_argument, NULL, 'F' },
@@ -191,21 +188,6 @@ static void do_args(int argc, char *argv[])
                                        exit(EXIT_FAILURE);
                                }
                                continue;
-                       case 'H':
-                               op = OP_HASHES;
-                               continue;
-                       case 'a':
-                               op = OP_ADD;
-                               continue;
-                       case 'd':
-                               op = OP_DEL;
-                               continue;
-                       case 'D':
-                               if (!attest->set_directory(attest, optarg, op == OP_ADD))
-                               {
-                                       exit(EXIT_FAILURE);
-                               }
-                               continue;
                        case 'F':
                                if (!attest->set_file(attest, optarg, op == OP_ADD))
                                {
@@ -299,9 +281,6 @@ static void do_args(int argc, char *argv[])
                case OP_DEL:
                        attest->delete(attest);
                        break;
-               case OP_HASHES:
-                       attest->list_hashes(attest);
-                       break;
                default:
                        usage();
                        exit(EXIT_FAILURE);
index 3469979..7d8445c 100644 (file)
@@ -58,11 +58,6 @@ static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
 static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
 
 /**
- * Supported PTS Diffie Hellman Groups
- */
-static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
-
-/**
  * PTS file measurement database
  */
 static pts_database_t *pts_db;
@@ -97,10 +92,6 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
        {
                return TNC_RESULT_FATAL;
        }
-       if (!pts_probe_dh_groups(&supported_dh_groups))
-       {
-               return TNC_RESULT_FATAL;
-       }
        imv_attestation = imv_agent_create(imv_name, IMV_VENDOR_ID, IMV_SUBTYPE,
                                                                           imv_id, actual_version);
        if (!imv_attestation)
@@ -127,28 +118,6 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
                return TNC_RESULT_FATAL;
        }
 
-       /**
-        * Specify supported PTS Diffie-Hellman groups
-        *
-        * modp1024: PTS_DH_GROUP_IKE2
-        * modp1536: PTS_DH_GROUP_IKE2  | PTS_DH_GROUP_IKE5
-        * modp2048: PTS_DH_GROUP_IKE2  | PTS_DH_GROUP_IKE5  | PTS_DH_GROUP_IKE14
-        * ecp256:   PTS_DH_GROUP_IKE2  | PTS_DH_GROUP_IKE5  | PTS_DH_GROUP_IKE14 |
-        *           PTS_DH_GROUP_IKE19
-        * ecp384:   PTS_DH_GROUP_IKE2  | PTS_DH_GROUP_IKE5  | PTS_DH_GROUP_IKE14 |
-        *           PTS_DH_GROUP_IKE19 | PTS_DH_GROUP_IKE20
-        *
-        * we expect the PTS-IMC to select the strongest supported group
-        */
-       dh_group = lib->settings->get_str(lib->settings,
-                               "libimcv.plugins.imv-attestation.dh_group", "ecp256");
-
-       if (!pts_meas_algo_update(hash_alg, &supported_algorithms) ||
-               !pts_dh_group_update(dh_group, &supported_dh_groups))
-       {
-               return TNC_RESULT_FATAL;
-       }
-
        /* create a PTS credential manager */
        pts_credmgr = credential_manager_create();
 
@@ -211,175 +180,16 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
        attestation_state = (imv_attestation_state_t*)state;
        msg = pa_tnc_msg_create();
 
-<<<<<<< HEAD
        if (imv_attestation_build(msg, attestation_state, supported_algorithms,
                                                          supported_dh_groups, pts_db))
        {
                msg->build(msg);
                result = imv_attestation->send_message(imv_attestation, connection_id,
                                                                                           msg->get_encoding(msg));
-=======
-       if (handshake_state == IMV_ATTESTATION_STATE_NONCE_REQ &&
-               !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T))
-       {
-               DBG1(DBG_IMV, "PTS-IMC has no TPM capability - "
-                                         "advancing to PTS measurement phase");
-               handshake_state = IMV_ATTESTATION_STATE_MEAS;
->>>>>>> added the IMV_ATTESTATION_STATE_NONCE_REQ state
        }
        else
        {
-<<<<<<< HEAD
                result = TNC_RESULT_FATAL;
-=======
-               case IMV_ATTESTATION_STATE_INIT:
-               {
-                       pts_proto_caps_flag_t flags;
-
-                       /* Send Request Protocol Capabilities attribute */
-                       flags = pts->get_proto_caps(pts);
-                       attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       /* Send Measurement Algorithms attribute */
-                       attr = tcg_pts_attr_meas_algo_create(supported_algorithms, FALSE);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_NONCE_REQ);
-                       break;
-               }
-               case IMV_ATTESTATION_STATE_NONCE_REQ:
-               {
-                       int min_nonce_len;
-
-                       /* Send DH nonce parameters request attribute */
-                       min_nonce_len = lib->settings->get_int(lib->settings,
-                                               "libimcv.plugins.imv-attestation.min_nonce_len", 0);
-                       attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
-                                                                                                        supported_dh_groups);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_TPM_INIT);
-                       break;
-               }
-               case IMV_ATTESTATION_STATE_TPM_INIT:
-               {
-                       pts_meas_algorithms_t selected_algorithm;
-                       chunk_t initiator_value, initiator_nonce;
-
-                       /* Send DH nonce finish attribute */
-                       selected_algorithm = pts->get_meas_algorithm(pts);
-                       pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
-                       attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
-                                                                                initiator_value, initiator_nonce);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       /* Send Get TPM Version attribute */
-                       attr = tcg_pts_attr_get_tpm_version_info_create();
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       /* Send Get AIK attribute */
-                       attr = tcg_pts_attr_get_aik_create();
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_MEAS);
-                       break;
-               }
-               case IMV_ATTESTATION_STATE_MEAS:
-               {
-
-                       enumerator_t *enumerator;
-                       u_int32_t delimiter = SOLIDUS_UTF;
-                       char *platform_info, *pathname;
-                       u_int16_t request_id;
-                       int id, type;
-                       bool is_dir;
-
-                       attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_COMP_EVID);
-
-                       /* Get Platform and OS of the PTS-IMC */
-                       platform_info = pts->get_platform_info(pts);
-
-                       if (!pts_db || !platform_info)
-                       {
-                               DBG1(DBG_IMV, "%s%s%s not available",
-                                       (pts_db) ? "" : "pts database",
-                                       (!pts_db && !platform_info) ? "and" : "",
-                                       (platform_info) ? "" : "platform info");
-                               break;
-                       }
-                       DBG1(DBG_IMV, "platform is '%s'", platform_info);
-
-                       /* Send Request File Metadata attribute */
-                       attr = tcg_pts_attr_req_file_meta_create(FALSE, SOLIDUS_UTF, "/etc/tnc_config");
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       /* Send Request File Measurement attribute */
-                       enumerator = pts_db->create_file_enumerator(pts_db, platform_info);
-                       if (!enumerator)
-                       {
-                               break;
-                       }
-                       while (enumerator->enumerate(enumerator, &id, &type, &pathname))
-                       {
-                               is_dir = (type != 0);
-                               request_id = attestation_state->add_request(attestation_state,
-                                                                                                                       id, is_dir);
-                               DBG2(DBG_IMV, "measurement request %d for %s '%s'",
-                                        request_id, is_dir ? "directory" : "file", pathname);
-                               attr = tcg_pts_attr_req_file_meas_create(is_dir, request_id,
-                                                                                                        delimiter, pathname);
-                               attr->set_noskip_flag(attr, TRUE);
-                               msg->add_attribute(msg, attr);
-                       }
-                       enumerator->destroy(enumerator);
-                       break;
-               }
-               case IMV_ATTESTATION_STATE_COMP_EVID:
-               {
-                       pts_attr_req_funct_comp_evid_flag_t flags;
-                       u_int32_t sub_comp_depth;
-                       pts_qualifier_t qualifier;
-                       pts_funct_comp_name_t name;
-
-                       attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_END);
-
-                       flags = PTS_REQ_FUNC_COMP_FLAG_PCR;
-                       sub_comp_depth = 0;
-                       qualifier.kernel = FALSE;
-                       qualifier.sub_component = FALSE;
-                       qualifier.type = PTS_FUNC_COMP_TYPE_ALL;
-                       name = PTS_FUNC_COMP_NAME_BIOS;
-
-                       /* Send Request Functional Component Evidence attribute */
-                       attr = tcg_pts_attr_req_funct_comp_evid_create(flags, sub_comp_depth,
-                                                                                                               PEN_TCG, qualifier, name);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-                       /* Send Generate Attestation Evidence attribute */
-                       attr = tcg_pts_attr_gen_attest_evid_create();
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       break;
-               }
-               default:
-                       DBG1(DBG_IMV, "Attestation IMV is in unknown state: \"%s\"",
-                                handshake_state);
-                       return TNC_RESULT_FATAL;
->>>>>>> added the IMV_ATTESTATION_STATE_NONCE_REQ state
        }
        msg->destroy(msg);
 
index c30a557..dbd66be 100644 (file)
@@ -1111,33 +1111,6 @@ METHOD(pts_t, add_pcr, bool,
        return TRUE;
 }
 
-METHOD(pts_t, does_pcr_value_match, bool,
-       private_pts_t *this, chunk_t pcr_after_value)
-{
-       enumerator_t *e;
-       pcr_entry_t *entry;
-       
-       if (!this->pcrs)
-       {
-               this->pcrs = linked_list_create();
-       }
-
-       e = this->pcrs->create_enumerator(this->pcrs);
-       while (e->enumerate(e, &entry))
-       {
-               if (entry->pcr_number == new->pcr_number)
-               {
-                       DBG4(DBG_PTS, "updating already added PCR%d value",
-                                entry->pcr_number);
-                       this->pcrs->remove_at(this->pcrs, e);
-                       free(entry);
-                       break;
-               }
-       }
-       DESTROY_IF(e);
-       this->pcrs->insert_last(this->pcrs, new);
-}
-
 /**
  * TPM_QUOTE_INFO structure:
  *     4 bytes of version
@@ -1229,26 +1202,6 @@ METHOD(pts_t, get_quote_info, bool,
        hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp);
        hasher->destroy(hasher);
 
-       writer->write_data(writer, hash_pcr_composite);
-       chunk_clear(&pcr_composite);
-       chunk_clear(&hash_pcr_composite);
-
-               /* Hash the PCR Composite Structure */
-               hasher->allocate_hash(hasher, pcr_composite, out_pcr_composite);
-               DBG4(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite);
-               hasher->destroy(hasher);
-       }
-       else
-       {
-               *out_pcr_composite = chunk_clone(pcr_composite);
-               DBG3(DBG_PTS, "calculated PCR Composite: %B", out_pcr_composite);
-       }
-
-       /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */
-       hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-       hasher->allocate_hash(hasher, pcr_composite, &hash_pcr_composite);
-       hasher->destroy(hasher);
-
        /* Construct TPM_QUOTE_INFO/TPM_QUOTE_INFO2 structure */
        writer = bio_writer_create(TPM_QUOTE_INFO_LEN);
 
@@ -1330,15 +1283,7 @@ METHOD(pts_t, verify_quote_signature, bool,
                DESTROY_IF(aik_pub_key);
                return FALSE;
        }
-       */
 
-       if (!aik_pub_key->get_encoding(aik_pub_key,
-               PUBKEY_SPKI_ASN1_DER, &key_encoding))
-       {
-               DBG1(DBG_PTS, "failed to get encoding of AIK public key");
-               goto cleanup;
-       }
-       
        aik_pub_key->destroy(aik_pub_key);
        return TRUE;
 }
index e1cba91..814beff 100644 (file)
@@ -161,37 +161,6 @@ struct pts_t {
        bool (*calculate_secret) (pts_t *this);
 
        /**
-        * Set PTS Diffie Hellman Object
-        *
-        * @param dh                    D-H object
-        */
-       bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
-
-       /**
-        * Get my Diffie-Hellman public value
-        *
-        * @param value                         My public DH value
-        * @param nonce                         My DH nonce
-        */
-       void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
-
-       /**
-        * Set peer Diffie.Hellman public value
-        *
-        * @param value                         Peer public DH value
-        * @param nonce                         Peer DH nonce
-        */
-       void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
-
-       /**
-        * Calculates secret assessment value to be used for TPM Quote as ExternalData
-        *
-        * @return                                      TRUE unless both DH public values
-        *                                                      and nonces are set
-        */
-       bool (*calculate_secret) (pts_t *this);
-
-       /**
         * Get Platform and OS Info
         *
         * @return                                      Platform and OS info
@@ -261,8 +230,7 @@ struct pts_t {
        bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
 
        /**
-        * Compute a hash over a file
-        *
+       * Compute a hash over a file
         * @param hasher                        Hasher to be used
         * @param pathname                      Absolute path of a file
         * @param hash                          Buffer to keep hash output
@@ -369,68 +337,6 @@ struct pts_t {
         bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
 
        /**
-        * Reads given PCR value and returns it
-        * Expects owner secret to be WELL_KNOWN_SECRET
-        *
-        * @param pcr_num                       Number of PCR to read
-        * @param pcr_value                     Chunk to save pcr read output
-        * @return                                      NULL in case of TSS error, PCR value otherwise
-        */
-       bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
-
-       /**
-        * Extends given PCR with given value
-        * Expects owner secret to be WELL_KNOWN_SECRET
-        *
-        * @param pcr_num                       Number of PCR to extend
-        * @param input                         Value to extend
-        * @param output                        Chunk to save PCR value after extension
-        * @return                                      FALSE in case of TSS error, TRUE otherwise
-        */
-       bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
-                                          chunk_t *output);
-
-       /**
-        * Quote over PCR's
-        * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
-        *
-        * @param pcrs                          Array of PCR's to make quotation over
-        * @param num_of_pcrs           Number of elements in pcrs array
-        * @param pcr_composite         Chunk to save pcr composite structure
-        * @param quote_signature       Chunk to save quote operation output
-        *                                                      without external data (anti-replay protection)
-        * @return                                      FALSE in case of TSS error, TRUE otherwise
-        */
-        bool (*quote_tpm)(pts_t *this, u_int32_t *pcrs, u_int32_t num_of_pcrs,
-                                          chunk_t *pcr_composite, chunk_t *quote_signature);
-
-        /**
-        * Add extended PCR with its corresponding value
-        *
-        * @return                      FALSE in case of any error or non-match, TRUE otherwise
-        */
-        void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
-
-        /**
-        * Constructs and returns TPM Quote Info structure expected from IMC
-        *
-        * @param pcr_composite                 Output variable to store PCR Composite
-        * @param quote_info                    Output variable to store TPM Quote Info
-        * @return                                      FALSE in case of any error, TRUE otherwise
-        */
-        bool (*get_quote_info)(pts_t *this, chunk_t *pcr_composite,
-                                                       chunk_t *quote_info);
-
-        /**
-        * Constructs and returns PCR Quote Digest structure expected from IMC
-        *
-        * @param data                          Calculated TPM Quote Digest
-        * @param signature                     TPM Quote Signature received from IMC
-        * @return                      FALSE in case signature is not verified, TRUE otherwise
-        */
-        bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
-
-       /**
         * Destroys a pts_t object.
         */
        void (*destroy)(pts_t *this);
@@ -445,4 +351,3 @@ struct pts_t {
 pts_t* pts_create(bool is_imc);
 
 #endif /** PTS_H_ @}*/
-
index 1734daa..8664a4b 100644 (file)
@@ -94,17 +94,6 @@ pts_dh_group_t pts_dh_group_select(pts_dh_group_t supported_dh_groups,
                                                                   pts_dh_group_t offered_dh_groups);
 
 /**
- * Select the strongest supported Diffie-Hellman group
- * among a set of offered DH groups
- *
- * @param dh_group             set of supported DH groups
- * @param groups               set of offered DH groups
- * @return                             selected DH group
- */
-pts_dh_group_t pts_dh_group_select(pts_dh_group_t supported_dh_groups,
-                                                                  pts_dh_group_t offered_dh_groups);
-
-/**
  * Convert pts_dh_group_t to diffie_hellman_group_t
  *
  * @param dh_group                     PTS DH group type
index 7e3dcd0..999c22b 100644 (file)
@@ -226,15 +226,18 @@ METHOD(pa_tnc_attr_t, process, status_t,
        /*  Optional Composite Hash Algorithm and TPM PCR Composite fields */
        if (this->flags != PTS_SIMPLE_EVID_FINAL_NO)
        {
-               u_int32_t pcr_comp_len, tpm_quote_sign_len;
-               
-               /** TODO: Ignoring Hashing algorithm field
-                * There is no flag defined which indicates the precense of it
-                * reader->read_uint16(reader, &algorithm);
-                * this->comp_hash_algorithm = algorithm;
-                */
-               reader->read_uint32(reader, &pcr_comp_len);
-               reader->read_data(reader, pcr_comp_len, &this->pcr_comp);
+               if (!reader->read_uint32(reader, &pcr_comp_len))
+               {
+                       DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
+                                                 "PCR Composite Lenght");
+                       goto end;
+               }
+               if (!reader->read_data(reader, pcr_comp_len, &this->pcr_comp))
+               {
+                       DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
+                                                 "PCR Composite");
+                       goto end;
+               }
                this->pcr_comp = chunk_clone(this->pcr_comp);
                
                if (!reader->read_uint32(reader, &tpm_quote_sig_len))