Use python-based swidGenerator to generated SWID tags
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 10 Apr 2014 08:25:39 +0000 (10:25 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 15 Apr 2014 07:21:06 +0000 (09:21 +0200)
38 files changed:
conf/plugins/imc-swid.opt
src/libimcv/ietf/ietf_attr_installed_packages.c
src/libimcv/ietf/ietf_attr_installed_packages.h
src/libimcv/imv/data.sql
src/libimcv/pa_tnc/pa_tnc_attr.h
src/libimcv/pa_tnc/pa_tnc_msg.c
src/libimcv/pa_tnc/pa_tnc_msg.h
src/libimcv/plugins/imc_os/imc_os.c
src/libpts/plugins/imc_swid/imc_swid.c
src/libpts/plugins/imv_swid/imv_swid_agent.c
src/libpts/plugins/imv_swid/imv_swid_state.c
src/libpts/plugins/imv_swid/imv_swid_state.h
src/libpts/swid/swid_inventory.c
src/libpts/swid/swid_inventory.h
src/libpts/swid/swid_tag.c
src/libpts/swid/swid_tag.h
src/libpts/swid/swid_tag_id.c
src/libpts/swid/swid_tag_id.h
src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c
src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h
src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c
src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h
testing/scripts/build-baseimage
testing/scripts/recipes/014_swid_generator.mk [new file with mode: 0644]
testing/testing.conf
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql
testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/pts/data1.sql
testing/tests/tnc/tnccs-20-os/evaltest.dat
testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data1.sql
testing/tests/tnc/tnccs-20-os/pretest.dat
testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql
testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/strongswan.conf
testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat
testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql
testing/tests/tnc/tnccs-20-pts/evaltest.dat
testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data1.sql

index 67f7c79..e14c94a 100644 (file)
@@ -1,2 +1,11 @@
 charon.plugins.imc-swid.swid_directory = ${prefix}/share
        Directory where SWID tags are located.
+
+charon.plugins.imc-swid.swid_generator = /usr/local/bin/swid_generator
+       SWID generator command to be executed.
+
+charon.plugins.imc-swid.pretty = FALSE
+       Generate XML-encoded SWID tags with pretty indentation.
+
+charon.plugins.imc-swid.full = FALSE
+       Include file information in the XML-encoded SWID tags.
index 462805e..f33f643 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -41,8 +41,6 @@ typedef struct package_entry_t package_entry_t;
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-#define INSTALLED_PACKAGES_MIN_SIZE            4
-
 /**
  * Private data of an ietf_attr_installed_packages_t object.
  */
@@ -132,7 +130,7 @@ METHOD(pa_tnc_attr_t, build, void,
        {
                return;
        }
-       writer = bio_writer_create(INSTALLED_PACKAGES_MIN_SIZE);
+       writer = bio_writer_create(IETF_INSTALLED_PACKAGES_MIN_SIZE);
        writer->write_uint16(writer, 0x0000);
        writer->write_uint16(writer, this->packages->get_count(this->packages));
 
@@ -160,7 +158,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 
        *offset = 0;
 
-       if (this->value.len < INSTALLED_PACKAGES_MIN_SIZE)
+       if (this->value.len < IETF_INSTALLED_PACKAGES_MIN_SIZE)
        {
                DBG1(DBG_TNC, "insufficient data for IETF installed packages");
                return FAILED;
@@ -168,7 +166,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
        reader = bio_reader_create(this->value);
        reader->read_uint16(reader, &reserved);
        reader->read_uint16(reader, &count);
-       *offset = INSTALLED_PACKAGES_MIN_SIZE;
+       *offset = IETF_INSTALLED_PACKAGES_MIN_SIZE;
 
        while (reader->remaining(reader))
        {
index b79c404..e19d0f4 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@ typedef struct ietf_attr_installed_packages_t ietf_attr_installed_packages_t;
 #include "ietf_attr.h"
 #include "pa_tnc/pa_tnc_attr.h"
 
+#define IETF_INSTALLED_PACKAGES_MIN_SIZE       4
 
 /**
  * Class implementing the IETF PA-TNC Installed Packages attribute.
index 3a1d760..dfc8b27 100644 (file)
@@ -216,6 +216,30 @@ INSERT INTO products (                     /* 36 */
  'Ubuntu 14.04 x86_64'
 );
 
+INSERT INTO products (                 /* 37 */
+  name
+) VALUES (
+ 'Debian 7.3 i686'
+);
+
+INSERT INTO products (                 /* 38 */
+  name
+) VALUES (
+ 'Debian 7.3 x86_64'
+);
+
+INSERT INTO products (                 /* 39 */
+  name
+) VALUES (
+ 'Debian 7.4 i686'
+);
+
+INSERT INTO products (                 /* 40 */
+  name
+) VALUES (
+ 'Debian 7.4 x86_64'
+);
+
 /* Directories */
 
 INSERT INTO directories (              /*  1 */
@@ -669,6 +693,18 @@ INSERT INTO groups_product_defaults (
 INSERT INTO groups_product_defaults (
   group_id, product_id
 ) VALUES (
+  4, 37
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 39
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
   5, 2
 );
 
@@ -699,6 +735,18 @@ INSERT INTO groups_product_defaults (
 INSERT INTO groups_product_defaults (
   group_id, product_id
 ) VALUES (
+  5, 38
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 40
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
   6, 9
 );
 
index e2ce06e..1e0c339 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@ typedef struct pa_tnc_attr_t pa_tnc_attr_t;
 #include <library.h>
 #include <pen/pen.h>
 
+#define PA_TNC_ATTR_HEADER_SIZE                12
+
 /**
  * Interface for an RFC 5792 PA-TNC Posture Attribute.
  *
@@ -71,7 +73,7 @@ struct pa_tnc_attr_t {
         * @param                                       relative error offset within attribute body
         * @return                                      result status
         */
-       status_t (*process)(pa_tnc_attr_t *this, u_int32_t *offset);
+       status_t (*process)(pa_tnc_attr_t *this, uint32_t *offset);
 
        /**
         * Get a new reference to the PA-TNC attribute
index 140463b..77d383b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -23,7 +23,6 @@
 #include <pen/pen.h>
 #include <utils/debug.h>
 
-
 typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
 
 /**
@@ -38,7 +37,6 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-#define PA_TNC_HEADER_SIZE     8
 #define PA_TNC_RESERVED                0x000000
 
 /**
@@ -59,7 +57,6 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
 
 #define PA_TNC_ATTR_FLAG_NONE                  0x00
 #define PA_TNC_ATTR_FLAG_NOSKIP                        (1<<7)
-#define PA_TNC_ATTR_HEADER_SIZE                        12
 #define PA_TNC_ATTR_INFO_SIZE                  8
 
 /**
@@ -86,7 +83,7 @@ struct private_pa_tnc_msg_t {
        /**
         * Message identifier
         */
-       u_int32_t identifier;
+       uint32_t identifier;
 
        /**
         * Current PA-TNC Message size
@@ -139,13 +136,13 @@ METHOD(pa_tnc_msg_t, build, bool,
        pa_tnc_attr_t *attr;
        enum_name_t *pa_attr_names;
        pen_type_t type;
-       u_int8_t flags;
+       uint8_t flags;
        chunk_t value;
        nonce_gen_t *ng;
 
        /* generate a nonce as a message identifier */
        ng = lib->crypto->create_nonce_gen(lib->crypto);
-       if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&this->identifier))
+       if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&this->identifier))
        {
                DBG1(DBG_TNC, "failed to generate random PA-TNC message identifier");
                DESTROY_IF(ng);
@@ -205,8 +202,8 @@ METHOD(pa_tnc_msg_t, process, status_t,
 {
        bio_reader_t *reader;
        pa_tnc_attr_t *error;
-       u_int8_t version;
-       u_int32_t reserved, offset, attr_offset;
+       uint8_t version;
+       uint32_t reserved, offset, attr_offset;
        pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
 
        /* process message header */
@@ -237,8 +234,8 @@ METHOD(pa_tnc_msg_t, process, status_t,
        while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
        {
                pen_t vendor_id;
-               u_int8_t flags;
-               u_int32_t type, length;
+               uint8_t flags;
+               uint32_t type, length;
                chunk_t value, attr_info;
                pa_tnc_attr_t *attr;
                enum_name_t *pa_attr_names;
@@ -372,7 +369,7 @@ METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
                        ietf_attr_pa_tnc_error_t *error_attr;
                        pen_type_t error_code;
                        chunk_t msg_info, attr_info;
-                       u_int32_t offset;
+                       uint32_t offset;
 
                        error_attr = (ietf_attr_pa_tnc_error_t*)attr;
                        error_code = error_attr->get_error_code(error_attr);
index 218d3d6..84814b9 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
 typedef struct pa_tnc_msg_t pa_tnc_msg_t;
 
 #define PA_TNC_VERSION         0x01
+#define PA_TNC_HEADER_SIZE     8
 
 #include "pa_tnc_attr.h"
 
index 7d84249..ed2cfdd 100644 (file)
@@ -353,11 +353,12 @@ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
         * Compute the maximum IETF Installed Packages attribute size
         * leaving space for an additional ITA Angel attribute
         */
-       max_attr_size = state->get_max_msg_len(state) - 8 - 12;
+       max_attr_size = state->get_max_msg_len(state) -
+                                       PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
 
        /* At least one IETF Installed Packages attribute is sent */
        attr = ietf_attr_installed_packages_create();
-       attr_size = 12 + 4;
+       attr_size = PA_TNC_ATTR_HEADER_SIZE + IETF_INSTALLED_PACKAGES_MIN_SIZE;
 
        enumerator = os->create_package_enumerator(os);
        if (enumerator)
@@ -384,7 +385,8 @@ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
 
                                /* create the next IETF Installed Packages attribute */
                                attr = ietf_attr_installed_packages_create();
-                               attr_size = 12 + 4;
+                               attr_size = PA_TNC_ATTR_HEADER_SIZE +
+                                                       IETF_INSTALLED_PACKAGES_MIN_SIZE;
                        }
                        attr_cast = (ietf_attr_installed_packages_t*)attr;
                        attr_cast->add(attr_cast, name, version);
index d4aaeff..265f467 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
 
 #include <imc/imc_agent.h>
 #include <imc/imc_msg.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_angel.h>
 
 #include <tncif_pa_subtypes.h>
 
 #include <pen/pen.h>
 #include <utils/debug.h>
 
+#define SWID_GENERATOR "/usr/local/bin/swid_generator"
 
 /* IMC definitions */
 
@@ -128,12 +131,156 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
        return TNC_RESULT_SUCCESS;
 }
 
-static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
+/**
+ * Add one or multiple SWID Inventory attributes to the send queue
+ */
+static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
+                                                          uint32_t request_id, bool full_tags,
+                                                          swid_inventory_t *targets)
 {
-       imc_msg_t *out_msg;
+       pa_tnc_attr_t *attr, *attr_angel;
        imc_swid_state_t *swid_state;
+       swid_inventory_t *swid_inventory;
+       char *swid_directory, *swid_generator;
+       uint32_t eid_epoch;
+       size_t max_attr_size, attr_size, entry_size;
+       bool first = TRUE, swid_pretty, swid_full;
        enumerator_t *enumerator;
+
+       swid_directory = lib->settings->get_str(lib->settings,
+                                                               "%s.plugins.imc-swid.swid_directory",
+                                                                SWID_DIRECTORY, lib->ns);
+       swid_generator = lib->settings->get_str(lib->settings,
+                                                               "%s.plugins.imc-swid.swid_generator",
+                                                                SWID_GENERATOR, lib->ns);
+       swid_pretty = lib->settings->get_bool(lib->settings,
+                                                               "%s.plugins.imc-swid.swid_pretty",
+                                                                FALSE, lib->ns);
+       swid_full = lib->settings->get_bool(lib->settings,
+                                                               "%s.plugins.imc-swid.swid_full",
+                                                                FALSE, lib->ns);
+
+       swid_inventory = swid_inventory_create(full_tags);
+       if (!swid_inventory->collect(swid_inventory, swid_directory, swid_generator,
+                                                                targets, swid_pretty, swid_full))
+       {
+               swid_inventory->destroy(swid_inventory);
+               attr = swid_error_create(TCG_SWID_ERROR, request_id,
+                                                                0, "error in SWID tag collection");
+               msg->add_attribute(msg, attr);
+               return FALSE;
+       }
+       DBG1(DBG_IMC, "collected %d SWID tag%s%s",
+                swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
+                swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
+
+       swid_state = (imc_swid_state_t*)state;
+       eid_epoch = swid_state->get_eid_epoch(swid_state);
+
+       /**
+        * Compute the maximum TCG Tag [ID] Inventory attribute size
+        * leaving space for an additional ITA Angel attribute
+        */
+       max_attr_size = state->get_max_msg_len(state) -
+                                       PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
+
+       if (full_tags)
+       {
+               tcg_swid_attr_tag_inv_t *swid_attr;
+               swid_tag_t *tag;
+               chunk_t encoding, tag_file_path;
+
+               /* At least one TCG Tag Inventory attribute is sent */
+               attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE;
+               attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
+
+               enumerator = swid_inventory->create_enumerator(swid_inventory);
+               while (enumerator->enumerate(enumerator, &tag))
+               {
+                       tag_file_path = tag->get_tag_file_path(tag);
+                       encoding = tag->get_encoding(tag);
+                       entry_size = 2 + tag_file_path.len + 4 + encoding.len;
+
+                       if (attr_size + entry_size > max_attr_size)
+                       {
+                               if (first)
+                               {
+                                       /**
+                                        * Send an ITA Start Angel attribute to the IMV signalling
+                                        * that multiple TGC SWID Tag Inventory attributes follow
+                                        */
+                                       attr_angel = ita_attr_angel_create(TRUE);
+                                       msg->add_attribute(msg, attr_angel);
+                                       first = FALSE;
+                               }
+                               msg->add_attribute(msg, attr);
+
+                               /* create the next TCG SWID Tag Inventory attribute */
+                               attr_size = PA_TNC_ATTR_HEADER_SIZE +
+                                                       TCG_SWID_TAG_INV_MIN_SIZE;
+                               attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
+                       }
+                       swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
+                       swid_attr->add(swid_attr, tag->get_ref(tag));
+                       attr_size += entry_size;
+               }
+               enumerator->destroy(enumerator);
+       }
+       else
+       {
+               tcg_swid_attr_tag_id_inv_t *swid_id_attr;
+               swid_tag_id_t *tag_id;
+               chunk_t tag_creator, unique_sw_id, tag_file_path;
+
+               /* At least one TCG Tag ID Inventory attribute is sent */
+               attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_ID_INV_MIN_SIZE;
+               attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
+               swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
+
+               enumerator = swid_inventory->create_enumerator(swid_inventory);
+               while (enumerator->enumerate(enumerator, &tag_id))
+               {
+                       tag_creator = tag_id->get_tag_creator(tag_id);
+                       unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
+                       entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len +
+                                                2 + tag_file_path.len;
+
+                       if (attr_size + entry_size > max_attr_size)
+                       {
+                               if (first)
+                               {
+                                       /**
+                                        * Send an ITA Start Angel attribute to the IMV signalling
+                                        * that multiple TGC SWID Tag ID Inventory attributes follow
+                                        */
+                                       attr_angel = ita_attr_angel_create(TRUE);
+                                       msg->add_attribute(msg, attr_angel);
+                                       first = FALSE;
+                               }
+                               msg->add_attribute(msg, attr);
+
+                               /* create the next TCG SWID Tag ID Inventory attribute */
+                               attr_size = PA_TNC_ATTR_HEADER_SIZE +
+                                                       TCG_SWID_TAG_ID_INV_MIN_SIZE;
+                               attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
+                       }
+                       swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
+                       swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id));
+                       attr_size += entry_size;
+               }
+               enumerator->destroy(enumerator);
+       }
+       msg->add_attribute(msg, attr);
+       swid_inventory->destroy(swid_inventory);
+
+       return TRUE;
+}
+
+static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
+{
+       imc_msg_t *out_msg;
        pa_tnc_attr_t *attr;
+       enumerator_t *enumerator;
        pen_type_t type;
        TNC_Result result;
        bool fatal_error = FALSE;
@@ -145,18 +292,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
                return result;
        }
        out_msg = imc_msg_create_as_reply(in_msg);
-       swid_state = (imc_swid_state_t*)state;
 
        /* analyze PA-TNC attributes */
        enumerator = in_msg->create_attribute_enumerator(in_msg);
        while (enumerator->enumerate(enumerator, &attr))
        {
                tcg_swid_attr_req_t *attr_req;
-               u_int8_t flags;
-               u_int32_t request_id, eid_epoch;
-               swid_inventory_t *swid_inventory, *targets;
-               char *swid_directory;
+               uint8_t flags;
+               uint32_t request_id;
                bool full_tags;
+               swid_inventory_t *targets;
 
                type = attr->get_type(attr);
 
@@ -169,7 +314,6 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
                flags = attr_req->get_flags(attr_req);
                request_id = attr_req->get_request_id(attr_req);
                targets = attr_req->get_targets(attr_req);
-               eid_epoch = swid_state->get_eid_epoch(swid_state);
 
                if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
                {
@@ -180,33 +324,10 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
                }
                full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
 
-               swid_directory = lib->settings->get_str(lib->settings,
-                                                               "%s.plugins.imc-swid.swid_directory",
-                                                                SWID_DIRECTORY, lib->ns);
-               swid_inventory = swid_inventory_create(full_tags);
-               if (!swid_inventory->collect(swid_inventory, swid_directory, targets))
+               if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets))
                {
-                       swid_inventory->destroy(swid_inventory);
-                       attr = swid_error_create(TCG_SWID_ERROR, request_id,
-                                                                        0, "error in SWID tag collection");
-                       out_msg->add_attribute(out_msg, attr);
                        break;
                }
-               DBG1(DBG_IMC, "collected %d SWID tag%s%s",
-                        swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
-                        swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
-
-               if (full_tags)
-               {
-                       attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1,
-                                                                                               swid_inventory);
-               }
-               else
-               {
-                       attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1,
-                                                                                               swid_inventory);
-               }
-               out_msg->add_attribute(out_msg, attr);
        }
        enumerator->destroy(enumerator);
 
index 743037b..70ff80e 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@
 #include <ietf/ietf_attr_pa_tnc_error.h>
 #include <imv/imv_agent.h>
 #include <imv/imv_msg.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_angel.h>
 
 #include <tncif_names.h>
 #include <tncif_pa_subtypes.h>
@@ -89,6 +91,7 @@ METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
 static TNC_Result receive_msg(private_imv_swid_agent_t *this,
                                                          imv_state_t *state, imv_msg_t *in_msg)
 {
+       imv_swid_state_t *swid_state;
        imv_msg_t *out_msg;
        imv_session_t *session;
        enumerator_t *enumerator;
@@ -103,6 +106,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
                return result;
        }
 
+       swid_state = (imv_swid_state_t*)state;
        session = state->get_session(state);
 
        /* analyze PA-TNC attributes */
@@ -112,7 +116,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
                TNC_IMV_Evaluation_Result eval;
                TNC_IMV_Action_Recommendation rec;
                pen_type_t type;
-               u_int32_t request_id, last_eid, eid_epoch;
+               uint32_t request_id, last_eid, eid_epoch;
                swid_inventory_t *inventory;
                int tag_count;
                char result_str[BUF_LEN], *tag_item;
@@ -127,7 +131,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
                        pen_type_t error_code;
                        chunk_t msg_info, description;
                        bio_reader_t *reader;
-                       u_int32_t request_id = 0, max_attr_size;
+                       uint32_t request_id = 0, max_attr_size;
                        bool success;
 
                        error_attr = (ietf_attr_pa_tnc_error_t*)attr;
@@ -166,6 +170,20 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
                                reader->destroy(reader);
                        }
                }
+               else if (type.vendor_id == PEN_ITA)
+               {
+                       switch (type.type)
+                       {
+                               case ITA_ATTR_START_ANGEL:
+                                       swid_state->set_angel_count(swid_state, TRUE);
+                                       break;
+                               case ITA_ATTR_STOP_ANGEL:
+                                       swid_state->set_angel_count(swid_state, FALSE);
+                                       break;
+                               default:
+                                       break;
+                       }
+               }
                else if (type.vendor_id != PEN_TCG)
                {
                        continue;
@@ -193,7 +211,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
                                {
                                        tag_creator = tag_id->get_tag_creator(tag_id);
                                        unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
-                                       DBG3(DBG_IMV, "  %.*s_%.*s.swidtag",
+                                       DBG3(DBG_IMV, "  %.*s_%.*s",
                                                 tag_creator.len, tag_creator.ptr,
                                                 unique_sw_id.len, unique_sw_id.ptr);
                                }
@@ -239,6 +257,8 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
                        default:
                                continue;
                 }
+               tag_count = inventory->get_count(inventory);
+               swid_state->set_count(swid_state, tag_count);
 
                ew = session->create_workitem_enumerator(session);
                while (ew->enumerate(ew, &workitem))
@@ -257,16 +277,20 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
                        continue;
                }
 
-               eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
-               tag_count = inventory->get_count(inventory);
-               snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
-                                tag_count, tag_item, (tag_count == 1) ? "" : "s");
-               session->remove_workitem(session, ew);
-               ew->destroy(ew);
-               rec = found->set_result(found, result_str, eval);
-               state->update_recommendation(state, rec, eval);
-               imcv_db->finalize_workitem(imcv_db, found);
-               found->destroy(found);
+               if (!swid_state->get_angel_count(swid_state))
+               {
+                       swid_state->get_count(swid_state, &tag_count);
+                       snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
+                                        tag_count, tag_item, (tag_count == 1) ? "" : "s");
+                       session->remove_workitem(session, ew);
+                       ew->destroy(ew);
+
+                       eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+                       rec = found->set_result(found, result_str, eval);
+                       state->update_recommendation(state, rec, eval);
+                       imcv_db->finalize_workitem(imcv_db, found);
+                       found->destroy(found);
+               }
        }
        enumerator->destroy(enumerator);
 
@@ -342,8 +366,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
        TNC_IMVID imv_id;
        TNC_Result result = TNC_RESULT_SUCCESS;
        bool no_workitems = TRUE;
-       u_int32_t request_id;
-       u_int8_t flags;
+       uint32_t request_id;
+       uint8_t flags;
        enumerator_t *enumerator;
 
        if (!this->agent->get_state(this->agent, id, &state))
index 156a6bb..3afeaed 100644 (file)
@@ -95,6 +95,16 @@ struct private_imv_swid_state_t {
         */
        imv_remediation_string_t *remediation_string;
 
+       /**
+        * Number of processed SWID Tags or SWID Tag IDs
+        */
+       int count;
+
+       /**
+        * Angel count
+        */
+       int angel_count;
+
 };
 
 METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
@@ -223,6 +233,33 @@ METHOD(imv_swid_state_t, get_handshake_state, imv_swid_handshake_state_t,
        return this->handshake_state;
 }
 
+METHOD(imv_swid_state_t, set_count, void,
+       private_imv_swid_state_t *this, int count)
+{
+       this->count           += count;
+}
+
+METHOD(imv_swid_state_t, get_count, void,
+       private_imv_swid_state_t *this, int *count)
+{
+       if (count)
+       {
+               *count = this->count;
+       }
+}
+
+METHOD(imv_swid_state_t, set_angel_count, void,
+       private_imv_swid_state_t *this, bool start)
+{
+       this->angel_count += start ? 1 : -1;
+}
+
+METHOD(imv_swid_state_t, get_angel_count, int,
+       private_imv_swid_state_t *this)
+{
+       return this->angel_count;
+}
+
 /**
  * Described in header.
  */
@@ -253,6 +290,10 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
                        },
                        .set_handshake_state = _set_handshake_state,
                        .get_handshake_state = _get_handshake_state,
+                       .set_count = _set_count,
+                       .get_count = _get_count,
+                       .set_angel_count = _set_angel_count,
+                       .get_angel_count = _get_angel_count,
                },
                .state = TNC_CONNECTION_STATE_CREATE,
                .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
index d6e5840..7263fe9 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -64,6 +64,34 @@ struct imv_swid_state_t {
         */
        imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this);
 
+       /**
+        * Increase/Decrease the ITA Angel count
+        *
+        * @param start                 TRUE increases and FALSE decreases count by one
+        */
+       void (*set_angel_count)(imv_swid_state_t *this, bool start);
+
+       /**
+        * Set [or with multiple attributes increment] SWID Tag [ID] counters
+        *
+        * @param count                         Number of received SWID Tags or SWID Tag IDs
+        */
+       void (*set_count)(imv_swid_state_t *this, int count);
+
+       /**
+        * Set [or with multiple attributes increment] SWID Tag [ID] counters
+        *
+        * @param count                         Number of received SWID Tags or SWID Tag IDs
+        */
+       void (*get_count)(imv_swid_state_t *this, int *count);
+
+       /**
+        * Get the ITA Angel count
+        *
+        * @return                              ITA Angel count
+        */
+       int (*get_angel_count)(imv_swid_state_t *this);
+
 };
 
 /**
index a71682f..9e85647 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -18,6 +18,7 @@
 #include "swid_tag_id.h"
 
 #include <collections/linked_list.h>
+#include <bio/bio_writer.h>
 #include <utils/debug.h>
 
 #include <stdio.h>
@@ -51,6 +52,123 @@ struct private_swid_inventory_t {
        linked_list_t *list;
 };
 
+static status_t generate_tags(private_swid_inventory_t *this, char *generator,
+                                                         swid_inventory_t *targets, bool pretty, bool full)
+{
+       FILE *file;
+       char command[512], line[2048];
+       chunk_t tag_creator, unique_sw_id, tag_file_path = chunk_empty;
+       swid_tag_id_t *tag_id;
+       swid_tag_t *tag;
+       status_t status = SUCCESS;
+
+       /* Assemble the SWID generator command */
+       snprintf(command, sizeof(command), "%s %s%s%s\n", generator,
+                       (this->full_tags)           ? "swid" : "software-id",
+                       (this->full_tags && pretty) ? " --pretty" : "",
+                       (this->full_tags && full)   ? " --full" : "");
+
+       /* Open a pipe stream for reading the output of the dpkg-query commmand */
+       file = popen(command, "r");
+       if (!file)
+       {
+               DBG1(DBG_IMC, "failed to run swid_generator command");
+               return NOT_SUPPORTED;
+       }
+       if (this->full_tags)
+       {
+               bio_writer_t *writer;
+               chunk_t tag_encoding;
+               bool more_tags = TRUE, end_of_tag;
+
+               DBG2(DBG_IMC, "SWID tags generated by package manager:");
+               while (more_tags)
+               {
+                       end_of_tag = FALSE;
+                       writer = bio_writer_create(512);
+                       do
+                       {
+                               if (fgets(line, sizeof(line), file) <= 0)
+                               {
+                                       more_tags = FALSE;
+                                       end_of_tag = TRUE;
+                                       break;
+                               }
+                               if (line[0] == '\n')
+                               {
+                                       end_of_tag = TRUE;
+                                       break;
+                               }
+                               else
+                               {
+                                       writer->write_data(writer, chunk_from_str(line));
+                               }
+                       }
+                       while (!end_of_tag);
+
+                       tag_encoding = writer->get_buf(writer);
+
+                       /* remove trailing newline if present */
+                       if (tag_encoding.len > 0 &&
+                               tag_encoding.ptr[tag_encoding.len - 1] == '\n')
+                       {
+                               tag_encoding.len--;
+                       }
+                       DBG2(DBG_IMC, "  %.*s", tag_encoding.len, tag_encoding.ptr);
+
+                       tag = swid_tag_create(tag_encoding, tag_file_path);
+                       this->list->insert_last(this->list, tag);
+                       writer->destroy(writer);
+               }
+       }
+       else
+       {
+               DBG2(DBG_IMC, "SWID tag IDs generated by package manager:");
+               while (TRUE)
+               {
+                       char *separator;
+                       size_t len;
+
+                       if (fgets(line, sizeof(line), file) <= 0)
+                       {
+                               goto end;
+                       }
+                       len = strlen(line);
+
+                       /* remove trailing newline if present */
+                       if (len > 0 && line[len - 1] == '\n')
+                       {
+                               len--;
+                       }
+                       DBG2(DBG_IMC, "  %.*s", len, line);
+
+                       separator = strchr(line, '_');
+                       if (!separator)
+                       {
+                               DBG1(DBG_IMC, "separatation of regid from unique software ID "
+                                                         "failed");
+                               status = FAILED;
+                               goto end;
+                       }
+                       tag_creator = chunk_create(line, separator - line);
+                       separator++;
+
+                       unique_sw_id = chunk_create(separator, len - (separator - line));
+                       tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
+                       this->list->insert_last(this->list, tag_id);
+
+                       if (fgets(line, sizeof(line), file) <= 0)
+                       {
+                               goto end;
+                       }
+               }
+       }
+
+end:
+       pclose(file);
+       return status;
+}
+
 static bool collect_tags(private_swid_inventory_t *this, char *pathname,
                                                 swid_inventory_t *targets)
 {
@@ -72,7 +190,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
        {
                char * start, *stop;
                chunk_t tag_creator;
-               chunk_t unique_sw_id = chunk_empty, unique_seq_id = chunk_empty;
+               chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty;
                if (!strstr(rel_name, "regid."))
                {
                        continue;
@@ -121,14 +239,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
                        goto end;
                }
                tag_creator = chunk_create(start, stop-start);
-
                start = stop + 1;
-               stop = strchr(start, '_');
-               if (stop)
-               {
-                       unique_sw_id = chunk_create(start, stop-start);
-                       start = stop + 1;
-               }
 
                stop = strstr(start, ".swidtag");
                if (!stop)
@@ -137,14 +248,8 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
                        DBG1(DBG_IMC, "  swidtag postfix not found");
                        goto end;
                }
-               if (unique_sw_id.ptr)
-               {
-                       unique_seq_id = chunk_create(start, stop-start);
-               }
-               else
-               {
-                       unique_sw_id = chunk_create(start, stop-start);
-               }
+               unique_sw_id = chunk_create(start, stop-start);
+               tag_file_path = chunk_from_str(abs_name);
 
                /* In case of a targeted request */
                if (targets->get_count(targets))
@@ -187,7 +292,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
                                goto end;
                        }
 
-                       tag = swid_tag_create(*xml_tag, unique_seq_id);
+                       tag = swid_tag_create(*xml_tag, tag_file_path);
                        this->list->insert_last(this->list, tag);
                        chunk_unmap(xml_tag);
                }
@@ -195,10 +300,9 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
                {
                        swid_tag_id_t *tag_id;
 
-                       tag_id = swid_tag_id_create(tag_creator, unique_sw_id, unique_seq_id);
+                       tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
                        this->list->insert_last(this->list, tag_id);
                }
-
        }
        success = TRUE;
 
@@ -210,8 +314,18 @@ end:
 }
 
 METHOD(swid_inventory_t, collect, bool,
-       private_swid_inventory_t *this, char *directory, swid_inventory_t *targets)
+       private_swid_inventory_t *this, char *directory, char *generator,
+       swid_inventory_t *targets, bool pretty, bool full)
 {
+       /**
+        * Tags are generated by a package manager
+        */
+       generate_tags(this, generator, targets, pretty, full);
+
+       /**
+        * Collect swidtag files by iteratively entering all directories in
+        * the tree under the "directory" path.
+        */
        return collect_tags(this, directory, targets);
 }
 
index 68d3047..7de8bb2 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -34,11 +34,14 @@ struct swid_inventory_t {
         * Collect the SWID tags stored on the endpoint
         *
         * @param directory             SWID directory path
+        * @param generator             Path to SWID generator
         * @param targets               List of target tag IDs
+        * @param pretty                Generate indented XML SWID tags
+        * @param full                  Include file information in SWID tags
         * @return                              TRUE if successful
         */
-       bool (*collect)(swid_inventory_t *this, char *directory,
-                                       swid_inventory_t *targets);
+       bool (*collect)(swid_inventory_t *this, char *directory, char *generator,
+                                       swid_inventory_t *targets, bool pretty, bool full);
 
        /**
         * Collect the SWID tags stored on the endpoint
index 0b65196..c71d5d2 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -34,10 +34,14 @@ struct private_swid_tag_t {
        chunk_t encoding;
 
        /**
-        * Optional Unique Sequence ID
+        * Optional Tag File Path
         */
-       chunk_t unique_seq_id;
+       chunk_t tag_file_path;
 
+       /**
+        * Reference count
+        */
+       refcount_t ref;
 };
 
 METHOD(swid_tag_t, get_encoding, chunk_t,
@@ -46,39 +50,51 @@ METHOD(swid_tag_t, get_encoding, chunk_t,
        return this->encoding;
 }
 
-METHOD(swid_tag_t, get_unique_seq_id, chunk_t,
+METHOD(swid_tag_t, get_tag_file_path, chunk_t,
        private_swid_tag_t *this)
 {
-       return this->unique_seq_id;
+       return this->tag_file_path;
+}
+
+METHOD(swid_tag_t, get_ref, swid_tag_t*,
+       private_swid_tag_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public;
 }
 
 METHOD(swid_tag_t, destroy, void,
        private_swid_tag_t *this)
 {
-       free(this->encoding.ptr);
-       free(this->unique_seq_id.ptr);
-       free(this);
+       if (ref_put(&this->ref))
+       {
+               free(this->encoding.ptr);
+               free(this->tag_file_path.ptr);
+               free(this);
+       }
 }
 
 /**
  * See header
  */
-swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t unique_seq_id)
+swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t tag_file_path)
 {
        private_swid_tag_t *this;
 
        INIT(this,
                .public = {
                        .get_encoding = _get_encoding,
-                       .get_unique_seq_id = _get_unique_seq_id,
+                       .get_tag_file_path = _get_tag_file_path,
+                       .get_ref = _get_ref,
                        .destroy = _destroy,
                },
                .encoding = chunk_clone(encoding),
+               .ref = 1,
        );
 
-       if (unique_seq_id.len > 0)
+       if (tag_file_path.len > 0)
        {
-               this->unique_seq_id = chunk_clone(unique_seq_id);
+               this->tag_file_path = chunk_clone(tag_file_path);
        }
 
        return &this->public;
index 9d3f863..e20c538 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -39,11 +39,18 @@ struct swid_tag_t {
        chunk_t (*get_encoding)(swid_tag_t *this);
 
        /**
-        * Get th Optional Unique Sequence ID
+        * Get th Optional Tag File Path
         *
-        * @return                              Optional Unique Sequence ID
+        * @return                              Optional Tag File Path
         */
-       chunk_t (*get_unique_seq_id)(swid_tag_t *this);
+       chunk_t (*get_tag_file_path)(swid_tag_t *this);
+
+       /**
+        * Get a new reference to the swid_tag object
+        *
+        * @return                      this, with an increased refcount
+        */
+       swid_tag_t* (*get_ref)(swid_tag_t *this);
 
        /**
         * Destroys a swid_tag_t object.
@@ -56,8 +63,8 @@ struct swid_tag_t {
  * Creates a swid_tag_t object
  *
  * @param encoding                     XML encoding of SWID tag
- * @param unique_seq_id                Unique Sequence ID or empty chunk 
+ * @param tag_file_path                Tag File Path or empty chunk
  */
-swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t unique_seq_id);
+swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t tag_file_path);
 
 #endif /** SWID_TAG_H_ @}*/
index 7ad486d..8bede28 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -39,10 +39,14 @@ struct private_swid_tag_id_t {
        chunk_t unique_sw_id;
 
        /**
-        * Optional Unique Sequence ID
+        * Tag File Path
         */
-       chunk_t unique_seq_id;
+       chunk_t tag_file_path;
 
+       /**
+        * Reference count
+        */
+       refcount_t ref;
 };
 
 METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
@@ -52,29 +56,39 @@ METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
 }
 
 METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t,
-       private_swid_tag_id_t *this, chunk_t *unique_seq_id)
+       private_swid_tag_id_t *this, chunk_t *tag_file_path)
 {
-       if (unique_seq_id)
+       if (tag_file_path)
        {
-               *unique_seq_id = this->unique_seq_id;
+               *tag_file_path = this->tag_file_path;
        }
        return this->unique_sw_id;
 }
 
+METHOD(swid_tag_id_t, get_ref, swid_tag_id_t*,
+       private_swid_tag_id_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public;
+}
+
 METHOD(swid_tag_id_t, destroy, void,
        private_swid_tag_id_t *this)
 {
-       free(this->tag_creator.ptr);
-       free(this->unique_sw_id.ptr);
-       free(this->unique_seq_id.ptr);
-       free(this);
+       if (ref_put(&this->ref))
+       {
+               free(this->tag_creator.ptr);
+               free(this->unique_sw_id.ptr);
+               free(this->tag_file_path.ptr);
+               free(this);
+       }
 }
 
 /**
  * See header
  */
 swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
-                                                                 chunk_t unique_seq_id)
+                                                                 chunk_t tag_file_path)
 {
        private_swid_tag_id_t *this;
 
@@ -82,15 +96,17 @@ swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
                .public = {
                        .get_tag_creator = _get_tag_creator,
                        .get_unique_sw_id = _get_unique_sw_id,
+                       .get_ref = _get_ref,
                        .destroy = _destroy,
                },
                .tag_creator = chunk_clone(tag_creator),
                .unique_sw_id = chunk_clone(unique_sw_id),
+               .ref = 1,
        );
 
-       if (unique_seq_id.len > 0)
+       if (tag_file_path.len > 0)
        {
-               this->unique_seq_id = chunk_clone(unique_seq_id);
+               this->tag_file_path = chunk_clone(tag_file_path);
        }
 
        return &this->public;
index d471596..d2a783b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -39,12 +39,19 @@ struct swid_tag_id_t {
        chunk_t (*get_tag_creator)(swid_tag_id_t *this);
 
        /**
-        * Get the Unique Software ID and optional Unique Sequence ID
+        * Get the Unique Software ID and optional Tag File Path
         *
-        * @param                               Optional Unique Sequence ID
+        * @param                               Optional Tag File Path
         * @return                              Unique Software ID
         */
-       chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *unique_seq_id);
+       chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *tag_file_path);
+
+       /**
+        * Get a new reference to the swid_tag_id object
+        *
+        * @return                      this, with an increased refcount
+        */
+       swid_tag_id_t* (*get_ref)(swid_tag_id_t *this);
 
        /**
         * Destroys a swid_tag_id_t object.
@@ -58,9 +65,9 @@ struct swid_tag_id_t {
  *
  * @param tag_creator          Tag Creator
  * @param unique_sw_id         Unique Software ID
- * @param unique_seq_id                Unique Sequence ID or empty chunk 
+ * @param tag_file_path                Tag File Path or empty chunk
  */
 swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
-                                                                 chunk_t unique_seq_id);
+                                                                 chunk_t tag_file_path);
 
 #endif /** SWID_TAG_ID_H_ @}*/
index 429919e..33aa16d 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -42,12 +42,11 @@ typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_i
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  *  |    Unique Software ID Length  |Unique Software ID (var length)|
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *  |   Unique Sequence ID Length   |Unique Sequence ID (var length)|
+ *  |      Tag File Path Length     |  Tag File Path (var. length)  |
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-#define SWID_TAG_ID_INV_SIZE                   16
-#define SWID_TAG_ID_INV_RESERVED               0x00
+#define TCG_SWID_TAG_ID_INV_RESERVED   0x00
 
 /**
  * Private data of an tcg_swid_attr_tag_id_inv_t object.
@@ -77,17 +76,17 @@ struct private_tcg_swid_attr_tag_id_inv_t {
        /**
         * Request ID
         */
-       u_int32_t request_id;
+       uint32_t request_id;
 
        /**
         * Event ID Epoch
         */
-       u_int32_t eid_epoch;
+       uint32_t eid_epoch;
 
        /**
         * Last Event ID
         */
-       u_int32_t last_eid;
+       uint32_t last_eid;
 
        /**
         * SWID Tag ID Inventory
@@ -129,7 +128,7 @@ METHOD(pa_tnc_attr_t, build, void,
 {
        bio_writer_t *writer;
        swid_tag_id_t *tag_id;
-       chunk_t tag_creator, unique_sw_id, unique_seq_id;
+       chunk_t tag_creator, unique_sw_id, tag_file_path;
        enumerator_t *enumerator;
 
        if (this->value.ptr)
@@ -137,8 +136,8 @@ METHOD(pa_tnc_attr_t, build, void,
                return;
        }
 
-       writer = bio_writer_create(SWID_TAG_ID_INV_SIZE);
-       writer->write_uint8 (writer, SWID_TAG_ID_INV_RESERVED);
+       writer = bio_writer_create(TCG_SWID_TAG_ID_INV_MIN_SIZE);
+       writer->write_uint8 (writer, TCG_SWID_TAG_ID_INV_RESERVED);
        writer->write_uint24(writer, this->inventory->get_count(this->inventory));
        writer->write_uint32(writer, this->request_id);
        writer->write_uint32(writer, this->eid_epoch);
@@ -148,10 +147,10 @@ METHOD(pa_tnc_attr_t, build, void,
        while (enumerator->enumerate(enumerator, &tag_id))
        {
                tag_creator = tag_id->get_tag_creator(tag_id);
-               unique_sw_id = tag_id->get_unique_sw_id(tag_id, &unique_seq_id);
+               unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
                writer->write_data16(writer, tag_creator);
                writer->write_data16(writer, unique_sw_id);
-               writer->write_data16(writer, unique_seq_id);
+               writer->write_data16(writer, tag_file_path);
        }
        enumerator->destroy(enumerator);
 
@@ -160,15 +159,15 @@ METHOD(pa_tnc_attr_t, build, void,
 }
 
 METHOD(pa_tnc_attr_t, process, status_t,
-       private_tcg_swid_attr_tag_id_inv_t *this, u_int32_t *offset)
+       private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset)
 {
        bio_reader_t *reader;
-       u_int32_t tag_id_count;
-       u_int8_t reserved;
-       chunk_t tag_creator, unique_sw_id, unique_seq_id;
+       uint32_t tag_id_count;
+       uint8_t reserved;
+       chunk_t tag_creator, unique_sw_id, tag_file_path;
        swid_tag_id_t *tag_id;
 
-       if (this->value.len < SWID_TAG_ID_INV_SIZE)
+       if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE)
        {
                DBG1(DBG_TNC, "insufficient data for SWID Tag Identifier Inventory");
                *offset = 0;
@@ -181,7 +180,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
        reader->read_uint32(reader, &this->request_id);
        reader->read_uint32(reader, &this->eid_epoch);
        reader->read_uint32(reader, &this->last_eid);
-       *offset = SWID_TAG_ID_INV_SIZE;
+       *offset = TCG_SWID_TAG_ID_INV_MIN_SIZE;
 
        while (tag_id_count--)
        {
@@ -199,14 +198,14 @@ METHOD(pa_tnc_attr_t, process, status_t,
                }
                *offset += 2 + unique_sw_id.len;
                
-               if (!reader->read_data16(reader, &unique_seq_id))
+               if (!reader->read_data16(reader, &tag_file_path))
                {
-                       DBG1(DBG_TNC, "insufficient data for Unique Sequence ID");
+                       DBG1(DBG_TNC, "insufficient data for Tag File Path");
                        return FAILED;
                }
-               *offset += 2 + unique_seq_id.len;
+               *offset += 2 + tag_file_path.len;
 
-               tag_id = swid_tag_id_create(tag_creator, unique_sw_id, unique_seq_id);
+               tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
                this->inventory->add(this->inventory, tag_id);
        }
        reader->destroy(reader);
@@ -232,14 +231,20 @@ METHOD(pa_tnc_attr_t, destroy, void,
        }
 }
 
-METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, u_int32_t,
+METHOD(tcg_swid_attr_tag_id_inv_t, add, void,
+       private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id)
+{
+       this->inventory->add(this->inventory, tag_id);
+}
+
+METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, uint32_t,
        private_tcg_swid_attr_tag_id_inv_t *this)
 {
        return this->request_id;
 }
 
-METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, u_int32_t,
-       private_tcg_swid_attr_tag_id_inv_t *this, u_int32_t *eid_epoch)
+METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t,
+       private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *eid_epoch)
 {
        if (eid_epoch)
        {
@@ -257,10 +262,9 @@ METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*,
 /**
  * Described in header.
  */
-pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
-                                                                                          u_int32_t eid_epoch,
-                                                                                          u_int32_t eid,
-                                                                                          swid_inventory_t *inventory)
+pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
+                                                                                          uint32_t eid_epoch,
+                                                                                          uint32_t eid)
 {
        private_tcg_swid_attr_tag_id_inv_t *this;
 
@@ -276,6 +280,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
                                .get_ref = _get_ref,
                                .destroy = _destroy,
                        },
+                       .add = _add,
                        .get_request_id = _get_request_id,
                        .get_last_eid = _get_last_eid,
                        .get_inventory = _get_inventory,
@@ -284,7 +289,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
                .request_id = request_id,
                .eid_epoch = eid_epoch,
                .last_eid = eid,
-               .inventory = inventory,
+               .inventory = swid_inventory_create(FALSE),
                .ref = 1,
        );
 
@@ -311,6 +316,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(chunk_t data)
                                .get_ref = _get_ref,
                                .destroy = _destroy,
                        },
+                       .add = _add,
                        .get_request_id = _get_request_id,
                        .get_last_eid = _get_last_eid,
                        .get_inventory = _get_inventory,
index 1a0cbe7..9072ddc 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -29,6 +29,8 @@ typedef struct tcg_swid_attr_tag_id_inv_t tcg_swid_attr_tag_id_inv_t;
 
 #include <pa_tnc/pa_tnc_attr.h>
 
+#define TCG_SWID_TAG_ID_INV_MIN_SIZE   16
+
 /**
  * Class implementing the TCG SWID Tag Identifier Inventory attribute
  *
@@ -41,11 +43,18 @@ struct tcg_swid_attr_tag_id_inv_t {
        pa_tnc_attr_t pa_tnc_attribute;
 
        /**
+        * Add a Tag ID to the attribute
+        *
+        * @tag_id                                      SWID Tag ID to be added
+        */
+       void (*add)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id);
+
+       /**
         * Get Request ID
         *
         * @return                                      Request ID
         */
-       u_int32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
+       uint32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
 
        /**
         * Get Last Event ID
@@ -53,8 +62,8 @@ struct tcg_swid_attr_tag_id_inv_t {
         * @param eid_epoch                     Event ID Epoch
         * @return                                      Last Event ID
         */
-       u_int32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
-                                                         u_int32_t *eid_epoch);
+       uint32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
+                                                        uint32_t *eid_epoch);
 
        /**
         * Get Inventory of SWID tag IDs
@@ -71,12 +80,10 @@ struct tcg_swid_attr_tag_id_inv_t {
  * @param request_id                   Copy of the Request ID
  * @param eid_epoch                            Event ID Epoch
  * @param eid                                  Last Event ID
- * @param inventory                            SWID Tag Inventory
  */
-pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
-                                                                                          u_int32_t eid_epoch,
-                                                                                          u_int32_t eid,
-                                                                                          swid_inventory_t *inventory);
+pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
+                                                                                          uint32_t eid_epoch,
+                                                                                          uint32_t eid);
 
 /**
  * Creates an tcg_swid_attr_tag_id_inv_t object from received data
index 82b9ef9..fbb94c6 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -38,7 +38,7 @@ typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  *  |                           Last EID                            |
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *  |   Unique Sequence ID Length   |Unique Sequence ID (var length)|
+ *  |    Tag File Path Length       |  Tag File Path (var length)   |
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  *  |                          Tag Length                           |
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -46,8 +46,7 @@ typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-#define SWID_TAG_INV_SIZE                      16
-#define SWID_TAG_INV_RESERVED          0x00
+#define TCG_SWID_TAG_INV_RESERVED      0x00
 
 /**
  * Private data of an tcg_swid_attr_tag_inv_t object.
@@ -77,17 +76,17 @@ struct private_tcg_swid_attr_tag_inv_t {
        /**
         * Request ID
         */
-       u_int32_t request_id;
+       uint32_t request_id;
 
        /**
         * Event ID Epoch
         */
-       u_int32_t eid_epoch;
+       uint32_t eid_epoch;
 
        /**
         * Last Event ID
         */
-       u_int32_t last_eid;
+       uint32_t last_eid;
 
        /**
         * SWID Tag Inventory
@@ -136,8 +135,8 @@ METHOD(pa_tnc_attr_t, build, void,
                return;
        }
 
-       writer = bio_writer_create(SWID_TAG_INV_SIZE);
-       writer->write_uint8 (writer, SWID_TAG_INV_RESERVED);
+       writer = bio_writer_create(TCG_SWID_TAG_INV_MIN_SIZE);
+       writer->write_uint8 (writer, TCG_SWID_TAG_INV_RESERVED);
        writer->write_uint24(writer, this->inventory->get_count(this->inventory));
        writer->write_uint32(writer, this->request_id);
        writer->write_uint32(writer, this->eid_epoch);
@@ -146,7 +145,7 @@ METHOD(pa_tnc_attr_t, build, void,
        enumerator = this->inventory->create_enumerator(this->inventory);
        while (enumerator->enumerate(enumerator, &tag))
        {
-               writer->write_data16(writer, tag->get_unique_seq_id(tag));
+               writer->write_data16(writer, tag->get_tag_file_path(tag));
                writer->write_data32(writer, tag->get_encoding(tag));
        }
        enumerator->destroy(enumerator);
@@ -156,15 +155,15 @@ METHOD(pa_tnc_attr_t, build, void,
 }
 
 METHOD(pa_tnc_attr_t, process, status_t,
-       private_tcg_swid_attr_tag_inv_t *this, u_int32_t *offset)
+       private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset)
 {
        bio_reader_t *reader;
-       u_int32_t tag_count;
-       u_int8_t reserved;
-       chunk_t tag_encoding, unique_seq_id;
+       uint32_t tag_count;
+       uint8_t reserved;
+       chunk_t tag_encoding, tag_file_path;
        swid_tag_t *tag;
 
-       if (this->value.len < SWID_TAG_INV_SIZE)
+       if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE)
        {
                DBG1(DBG_TNC, "insufficient data for SWID Tag Inventory");
                *offset = 0;
@@ -177,16 +176,16 @@ METHOD(pa_tnc_attr_t, process, status_t,
        reader->read_uint32(reader, &this->request_id);
        reader->read_uint32(reader, &this->eid_epoch);
        reader->read_uint32(reader, &this->last_eid);
-       *offset = SWID_TAG_INV_SIZE;
+       *offset = TCG_SWID_TAG_INV_MIN_SIZE;
 
        while (tag_count--)
        {
-               if (!reader->read_data16(reader, &unique_seq_id))
+               if (!reader->read_data16(reader, &tag_file_path))
                {
-                       DBG1(DBG_TNC, "insufficient data for Unique Sequence ID");
+                       DBG1(DBG_TNC, "insufficient data for Tag File Path");
                        return FAILED;
                }
-               *offset += 2 + unique_seq_id.len;
+               *offset += 2 + tag_file_path.len;
 
                if (!reader->read_data32(reader, &tag_encoding))
                {
@@ -195,7 +194,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
                }
                *offset += 4 + tag_encoding.len;
 
-               tag = swid_tag_create(tag_encoding, unique_seq_id);
+               tag = swid_tag_create(tag_encoding, tag_file_path);
                this->inventory->add(this->inventory, tag);
        }
        reader->destroy(reader);
@@ -221,14 +220,20 @@ METHOD(pa_tnc_attr_t, destroy, void,
        }
 }
 
-METHOD(tcg_swid_attr_tag_inv_t, get_request_id, u_int32_t,
+METHOD(tcg_swid_attr_tag_inv_t, add, void,
+       private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag)
+{
+       this->inventory->add(this->inventory, tag);
+}
+
+METHOD(tcg_swid_attr_tag_inv_t, get_request_id, uint32_t,
        private_tcg_swid_attr_tag_inv_t *this)
 {
        return this->request_id;
 }
 
-METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, u_int32_t,
-       private_tcg_swid_attr_tag_inv_t *this, u_int32_t *eid_epoch)
+METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t,
+       private_tcg_swid_attr_tag_inv_t *this, uint32_t *eid_epoch)
 {
        if (eid_epoch)
        {
@@ -246,9 +251,8 @@ METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*,
 /**
  * Described in header.
  */
-pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
-                                                                                       u_int32_t eid_epoch, u_int32_t eid,
-                                                                                       swid_inventory_t *inventory)
+pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id,
+                                                                                       uint32_t eid_epoch, uint32_t eid)
 {
        private_tcg_swid_attr_tag_inv_t *this;
 
@@ -264,6 +268,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
                                .get_ref = _get_ref,
                                .destroy = _destroy,
                        },
+                       .add = _add,
                        .get_request_id = _get_request_id,
                        .get_last_eid = _get_last_eid,
                        .get_inventory = _get_inventory,
@@ -272,7 +277,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
                .request_id = request_id,
                .eid_epoch = eid_epoch,
                .last_eid = eid,
-               .inventory = inventory,
+               .inventory = swid_inventory_create(TRUE),
                .ref = 1,
        );
 
@@ -299,6 +304,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(chunk_t data)
                                .get_ref = _get_ref,
                                .destroy = _destroy,
                        },
+                       .add = _add,
                        .get_request_id = _get_request_id,
                        .get_last_eid = _get_last_eid,
                        .get_inventory = _get_inventory,
index 433f55e..fcb49b2 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -29,6 +29,8 @@ typedef struct tcg_swid_attr_tag_inv_t tcg_swid_attr_tag_inv_t;
 
 #include <pa_tnc/pa_tnc_attr.h>
 
+#define TCG_SWID_TAG_INV_MIN_SIZE      16
+
 /**
  * Class implementing the TCG SWID Tag Inventory attribute
  *
@@ -41,11 +43,17 @@ struct tcg_swid_attr_tag_inv_t {
        pa_tnc_attr_t pa_tnc_attribute;
 
        /**
+        * Add a Tag ID to the attribute
+        *
+        * @tag                                         SWID Tag to be added
+        */
+       void (*add)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag);
+       /**
         * Get Request ID
         *
         * @return                                      Request ID
         */
-       u_int32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
+       uint32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
 
        /**
         * Get Last Event ID
@@ -53,8 +61,8 @@ struct tcg_swid_attr_tag_inv_t {
         * @param eid_epoch                     Event ID Epoch
         * @return                                      Last Event ID
         */
-       u_int32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
-                                                         u_int32_t *eid_epoch);
+       uint32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
+                                                         uint32_t *eid_epoch);
 
        /**
         * Get Inventory of SWID tags
@@ -71,12 +79,10 @@ struct tcg_swid_attr_tag_inv_t {
  * @param request_id                   Copy of the Request ID
  * @param eid_epoch                            Event ID Epoch
  * @param eid                                  Last Event ID
- * @param inventory                            SWID Tag Inventory
  */
-pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(u_int32_t request_id,
-                                                                                       u_int32_t eid_epoch,
-                                                                                       u_int32_t eid,
-                                                                                       swid_inventory_t *inventory);
+pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id,
+                                                                                       uint32_t eid_epoch,
+                                                                                       uint32_t eid);
 
 /**
  * Creates an tcg_swid_attr_tag_inv_t object from received data
index b6b8854..549bbc7 100755 (executable)
@@ -17,7 +17,8 @@ INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libxerces-c2-dev,libltdl-dev
 INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core
 INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils,screen
 INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev
-INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev
+INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev,ca-certificates,unzip
+INC=$INC,python,python-setuptools
 SERVICES="apache2 dbus isc-dhcp-server slapd bind9"
 INC=$INC,${SERVICES// /,}
 
diff --git a/testing/scripts/recipes/014_swid_generator.mk b/testing/scripts/recipes/014_swid_generator.mk
new file mode 100644 (file)
index 0000000..ab7e562
--- /dev/null
@@ -0,0 +1,16 @@
+#!/usr/bin/make
+
+PKG = swidGenerator
+ZIP = $(PKG)-master.zip
+SRC = https://github.com/tnc-ba/$(PKG)/archive/master.zip
+
+all: install
+
+$(ZIP):
+       wget --ca-directory="/usr/share/ca-certificates/mozilla" $(SRC) -O $(ZIP)
+
+$(PKG)-master: $(ZIP)
+       unzip $(ZIP)
+
+install: $(PKG)-master
+       cd $(PKG)-master && python setup.py install
index 8e0c81e..9b9b7d0 100644 (file)
@@ -24,14 +24,14 @@ fi
 : ${TESTDIR=/srv/strongswan-testing}
 
 # Kernel configuration
-: ${KERNELVERSION=3.13.2}
+: ${KERNELVERSION=3.13.5}
 : ${KERNEL=linux-$KERNELVERSION}
 : ${KERNELTARBALL=$KERNEL.tar.xz}
 : ${KERNELCONFIG=$DIR/../config/kernel/config-3.13}
 : ${KERNELPATCH=ha-3.13-abicompat.patch.bz2}
 
 # strongSwan version used in tests
-: ${SWANVERSION=5.1.2}
+: ${SWANVERSION=5.2.0}
 
 # Build directory where the guest kernel and images will be built
 : ${BUILDDIR=$TESTDIR/build}
@@ -54,7 +54,7 @@ fi
 : ${BASEIMGSUITE=wheezy}
 : ${BASEIMGARCH=amd64}
 : ${BASEIMG=$IMGDIR/debian-$BASEIMGSUITE-$BASEIMGARCH.$IMGEXT}
-: ${BASEIMGMIRROR=http://cdn.debian.net/debian}
+: ${BASEIMGMIRROR=http://http.debian.net/debian}
 
 # Root image settings
 # The root image is the origin of all guest images. It is a clone of the base
index 2bb7e79..b33933e 100644 (file)
@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */
index 5eb9440..78e74d5 100644 (file)
@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
 moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
index 2bb7e79..b33933e 100644 (file)
@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */
index 21a7278..da7591e 100644 (file)
@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --sessions 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --sessions 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --sessions 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
+moon:: ipsec attest --sessions 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
 moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
index 6682a5a..26cce31 100644 (file)
@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */
@@ -27,7 +27,7 @@ INSERT INTO identities (
 INSERT INTO sessions (
   time, connection, identity, device, product, rec
 ) VALUES (
-  NOW, 1, 1, 1, 28, 0
+  NOW, 1, 1, 1, 40, 0
 );
 
 /* Results */
index 0ac88dd..d991ee3 100644 (file)
@@ -15,6 +15,6 @@ carol::sleep 1
 carol::ipsec up home
 dave::ipsec up home
 dave::sleep 1
-moon::ipsec attest --packages --product 'Debian 7.2 x86_64'
+moon::ipsec attest --packages --product 'Debian 7.4 x86_64'
 moon::ipsec attest --sessions
 moon::ipsec attest --devices
index 7159221..b70fb6a 100644 (file)
@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */
@@ -27,7 +27,7 @@ INSERT INTO identities (
 INSERT INTO sessions (
   time, connection, identity, device, product, rec
 ) VALUES (
-  NOW, 1, 1, 1, 28, 0
+  NOW, 1, 1, 1, 40, 0
 );
 
 /* Results */
index de2fea2..685a652 100644 (file)
@@ -20,6 +20,10 @@ libtnccs {
   }
 }
 
+libtls {
+  suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+}
+
 pt-tls-client {
   load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
 }
index 39b2577..0fa2acb 100644 (file)
@@ -17,6 +17,10 @@ libtnccs {
   }
 }
 
+libtls {
+  suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+}
+
 pt-tls-client {
   load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
 }
index 5eb9440..78e74d5 100644 (file)
@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
 moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
index 2bb7e79..b33933e 100644 (file)
@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */
index fd8bba4..da61afd 100644 (file)
@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
index 2bb7e79..b33933e 100644 (file)
@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */