Implemented handling of File Metadata
authorSansar Choinyambuu <schoinya@hsr.ch>
Wed, 14 Sep 2011 13:41:57 +0000 (15:41 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 14:01:53 +0000 (15:01 +0100)
src/libimcv/plugins/imc_attestation/imc_attestation.c
src/libimcv/plugins/imv_attestation/imv_attestation.c
src/libpts/tcg/tcg_pts_attr_unix_file_meta.c

index 9234777..ddc152b 100644 (file)
@@ -28,7 +28,6 @@
 
 #include <tcg/tcg_pts_attr_proto_caps.h>
 #include <tcg/tcg_pts_attr_meas_algo.h>
-
 #include <tncif_pa_subtypes.h>
 
 #include <pen/pen.h>
@@ -256,187 +255,7 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
                        if (!imc_attestation_process(attr, attr_list, attestation_state,
                                supported_algorithms, supported_dh_groups, evidences))
                        {
-                               case TCG_PTS_REQ_PROTO_CAPS:
-                               {
-                                       tcg_pts_attr_proto_caps_t *attr_cast;
-                                       pts_proto_caps_flag_t imc_flags, imv_flags;
-
-                                       attr_cast = (tcg_pts_attr_proto_caps_t*)attr;
-                                       imv_flags = attr_cast->get_flags(attr_cast);
-                                       imc_flags = pts->get_proto_caps(pts);
-                                       pts->set_proto_caps(pts, imc_flags & imv_flags);
-
-                                       /* Send PTS Protocol Capabilities attribute */
-                                       attr = tcg_pts_attr_proto_caps_create(imc_flags & imv_flags,
-                                                                                                                 FALSE);
-                                       attr_list->insert_last(attr_list, attr);
-                                       break;
-                               }
-                               case TCG_PTS_MEAS_ALGO:
-                               {
-                                       tcg_pts_attr_meas_algo_t *attr_cast;
-                                       pts_meas_algorithms_t selected_algorithm;
-       
-                                       attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
-                                       selected_algorithm = attr_cast->get_algorithms(attr_cast);
-
-                                       if ((supported_algorithms & PTS_MEAS_ALGO_SHA384) &&
-                                               (selected_algorithm & PTS_MEAS_ALGO_SHA384))
-                                       {
-                                               pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA384);
-                                       }
-                                       else if ((supported_algorithms & PTS_MEAS_ALGO_SHA256) &&
-                                                        (selected_algorithm & PTS_MEAS_ALGO_SHA256))
-                                       {
-                                               pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA256);
-                                       }
-
-                                       else if ((supported_algorithms & PTS_MEAS_ALGO_SHA1) &&
-                                                        (selected_algorithm & PTS_MEAS_ALGO_SHA1))
-                                       {
-                                               pts->set_meas_algorithm(pts, PTS_MEAS_ALGO_SHA1);
-                                       }
-                                       else
-                                       {
-                                               attr = pts_hash_alg_error_create(supported_algorithms);
-                                               attr_list->insert_last(attr_list, attr);
-                                               break;
-                                       }
-
-                                       /* Send Measurement Algorithm Selection attribute */
-                                       selected_algorithm = pts->get_meas_algorithm(pts);
-                                       attr = tcg_pts_attr_meas_algo_create(selected_algorithm,
-                                                                                                                TRUE);
-                                       attr_list->insert_last(attr_list, attr);
-                                       break;
-                               }
-       
-                               case TCG_PTS_GET_TPM_VERSION_INFO:
-                               {
-                                       chunk_t tpm_version_info, attr_info;
-
-                                       if (!pts->get_tpm_version_info(pts, &tpm_version_info))
-                                       {
-                                               attr_info = attr->get_value(attr);
-                                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                       TCG_PTS_TPM_VERS_NOT_SUPPORTED, attr_info);
-                                               attr_list->insert_last(attr_list, attr);
-                                               break;
-                                       }
-       
-                                       /* Send TPM Version Info attribute */
-                                       attr = tcg_pts_attr_tpm_version_info_create(tpm_version_info);
-                                       attr_list->insert_last(attr_list, attr);
-                                       break;
-                               }
-       
-                               case TCG_PTS_GET_AIK:
-                               {
-                                       certificate_t *aik;
-
-                                       aik = pts->get_aik(pts);
-                                       if (!aik)
-                                       {
-                                               DBG1(DBG_IMC, "no AIK certificate or public key available");
-                                               break;
-                                       }
-       
-                                       /* Send AIK attribute */
-                                       attr = tcg_pts_attr_aik_create(aik);
-                                       attr_list->insert_last(attr_list, attr);
-                                       break;
-                               }
-       
-                               /* PTS-based Attestation Evidence */
-                               case TCG_PTS_REQ_FUNCT_COMP_EVID:
-                                       break;
-                               case TCG_PTS_GEN_ATTEST_EVID:
-                                       break;
-                               case TCG_PTS_REQ_FILE_MEAS:
-                               {
-                                       tcg_pts_attr_req_file_meas_t *attr_cast;
-                                       char *pathname;
-                                       u_int16_t request_id;
-                                       bool is_directory;
-                                       u_int32_t delimiter;
-                                       pts_file_meas_t *measurements;
-                                       pts_error_code_t pts_error;
-                                       chunk_t attr_info;
-                                       
-                                       attr_info = attr->get_value(attr);
-                                       attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
-                                       is_directory = attr_cast->get_directory_flag(attr_cast);
-                                       request_id = attr_cast->get_request_id(attr_cast);
-                                       delimiter = attr_cast->get_delimiter(attr_cast);
-                                       pathname = attr_cast->get_pathname(attr_cast);
-                                       
-                                       if (pts->is_path_valid(pts, pathname, &pts_error) && pts_error)
-                                       {
-                                               attr_info = attr->get_value(attr);
-                                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                                               pts_error, attr_info);
-                                               attr_list->insert_last(attr_list, attr);
-                                               break;
-                                       }
-                                       else if (!pts->is_path_valid(pts, pathname, &pts_error))
-                                       {
-                                               break;
-                                       }
-                                       
-                                       if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
-                                       {
-                                               attr_info = attr->get_value(attr);
-                                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                                               TCG_PTS_INVALID_DELIMITER, attr_info);
-                                               attr_list->insert_last(attr_list, attr);
-                                               break;
-                                       }
-
-                                       /* Do PTS File Measurements and send them to PTS-IMV */
-                                       DBG2(DBG_IMC, "measurement request %d for %s '%s'",
-                                                request_id, is_directory ? "directory" : "file",
-                                                pathname);
-                                       measurements = pts->do_measurements(pts, request_id,
-                                                                                       pathname, is_directory);
-                                       if (!measurements)
-                                       {
-                                               /* TODO handle error codes from measurements */
-                                               return TNC_RESULT_FATAL;
-                                       }
-                                       attr = tcg_pts_attr_file_meas_create(measurements);
-                                       attr->set_noskip_flag(attr, TRUE);
-                                       attr_list->insert_last(attr_list, attr);
-                                       break;
-                               }
-                               /* TODO: Not implemented yet */
-                               case TCG_PTS_DH_NONCE_PARAMS_REQ:
-                               case TCG_PTS_DH_NONCE_FINISH:
-                               case TCG_PTS_REQ_FILE_META:
-                               case TCG_PTS_REQ_INTEG_MEAS_LOG:
-                               /* Attributes using XML */
-                               case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META:
-                               case TCG_PTS_UPDATE_TEMPL_REF_MANI:
-                               /* On Windows only*/
-                               case TCG_PTS_REQ_REGISTRY_VALUE:
-                               /* Received on IMV side only*/
-                               case TCG_PTS_PROTO_CAPS:
-                               case TCG_PTS_DH_NONCE_PARAMS_RESP:
-                               case TCG_PTS_MEAS_ALGO_SELECTION:
-                               case TCG_PTS_TPM_VERSION_INFO:
-                               case TCG_PTS_TEMPL_REF_MANI_SET_META:
-                               case TCG_PTS_AIK:
-                               case TCG_PTS_SIMPLE_COMP_EVID:
-                               case TCG_PTS_SIMPLE_EVID_FINAL:
-                               case TCG_PTS_VERIFICATION_RESULT:
-                               case TCG_PTS_INTEG_REPORT:
-                               case TCG_PTS_UNIX_FILE_META:
-                               case TCG_PTS_FILE_MEAS:
-                               case TCG_PTS_INTEG_MEAS_LOG:
-                               default:
-                                       DBG1(DBG_IMC, "received unsupported attribute '%N'",
-                                               tcg_attr_names, attr->get_type(attr));
-                                       break;
->>>>>>> File not Found, Invalid path, Invalid Delimiter PTS errors case checks implemented
+                               result = TNC_RESULT_FATAL;
                        }
                }
        }
index 10ee35e..0558bde 100644 (file)
 #include <pts/pts_creds.h>
 
 #include <tcg/tcg_attr.h>
+<<<<<<< HEAD
+=======
+#include <tcg/tcg_pts_attr_proto_caps.h>
+#include <tcg/tcg_pts_attr_meas_algo.h>
+#include <tcg/tcg_pts_attr_get_tpm_version_info.h>
+#include <tcg/tcg_pts_attr_tpm_version_info.h>
+#include <tcg/tcg_pts_attr_get_aik.h>
+#include <tcg/tcg_pts_attr_aik.h>
+#include <tcg/tcg_pts_attr_req_funct_comp_evid.h>
+#include <tcg/tcg_pts_attr_gen_attest_evid.h>
+#include <tcg/tcg_pts_attr_simple_comp_evid.h>
+#include <tcg/tcg_pts_attr_simple_evid_final.h>
+#include <tcg/tcg_pts_attr_req_file_meas.h>
+#include <tcg/tcg_pts_attr_file_meas.h>
+#include <tcg/tcg_pts_attr_req_file_meta.h>
+#include <tcg/tcg_pts_attr_unix_file_meta.h>
+>>>>>>> Implemented handling of File Metadata
 
 #include <tncif_pa_subtypes.h>
 
@@ -194,6 +211,7 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
        if (imv_attestation_build(msg, attestation_state, supported_algorithms,
                                                          supported_dh_groups, pts_db))
        {
+<<<<<<< HEAD
                msg->build(msg);
                result = imv_attestation->send_message(imv_attestation, connection_id,
                                                                                           msg->get_encoding(msg));
@@ -201,6 +219,102 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
        else
        {
                result = TNC_RESULT_FATAL;
+=======
+               case IMV_ATTESTATION_STATE_INIT:
+               {
+                       pts_proto_caps_flag_t flags;
+
+                       /* Send Request Protocol Capabilities attribute */
+                       flags = pts->get_proto_caps(pts);
+                       attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+       
+                       /* Send Measurement Algorithms attribute */
+                       attr = tcg_pts_attr_meas_algo_create(supported_algorithms, FALSE);
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+
+                       attestation_state->set_handshake_state(attestation_state,
+                                                                               IMV_ATTESTATION_STATE_MEAS);
+                       break;
+               }
+
+               case IMV_ATTESTATION_STATE_MEAS:
+               {
+                       enumerator_t *enumerator;
+                       u_int32_t delimiter = SOLIDUS_UTF;
+                       char *platform_info, *pathname;
+                       u_int16_t request_id;
+                       int id, type;
+                       bool is_dir;
+
+                       attestation_state->set_handshake_state(attestation_state,
+                                                                               IMV_ATTESTATION_STATE_END);
+
+                       /* Does the PTS-IMC have TPM support? */
+                       if (pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T)
+                       {
+                               /* Send Get TPM Version attribute */
+                               attr = tcg_pts_attr_get_tpm_version_info_create();
+                               attr->set_noskip_flag(attr, TRUE);
+                               msg->add_attribute(msg, attr);
+       
+                               /* Send Get AIK attribute */
+                               attr = tcg_pts_attr_get_aik_create();
+                               attr->set_noskip_flag(attr, TRUE);
+                               msg->add_attribute(msg, attr);
+                       }
+
+                       /* Get Platform and OS of the PTS-IMC */
+                       platform_info = pts->get_platform_info(pts);
+
+                       if (!pts_db || !platform_info)
+                       {
+                               DBG1(DBG_IMV, "%s%s%s not available",
+                                       (pts_db) ? "" : "pts database",
+                                       (!pts_db && !platform_info) ? "and" : "",
+                                       (platform_info) ? "" : "platform info");
+                               break;
+                       }
+                       DBG1(DBG_IMV, "platform is '%s'", platform_info);
+
+                       /* Send Request File Metadata attribute */
+                       attr = tcg_pts_attr_req_file_meta_create(FALSE, SOLIDUS_UTF, "/etc/tnc_config");
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+
+                       /* Send Request File Measurement attribute */
+                       enumerator = pts_db->create_file_enumerator(pts_db, platform_info);
+                       if (!enumerator)
+                       {
+                               break;
+                       }
+                       while (enumerator->enumerate(enumerator, &id, &type, &pathname))
+                       {
+                               is_dir = (type != 0);
+                               request_id = attestation_state->add_request(attestation_state,
+                                                                                                                       id, is_dir);
+                               DBG2(DBG_IMV, "measurement request %d for %s '%s'",
+                                        request_id, is_dir ? "directory" : "file", pathname);
+                               attr = tcg_pts_attr_req_file_meas_create(is_dir, request_id,
+                                                                                                        delimiter, pathname);
+                               attr->set_noskip_flag(attr, TRUE);
+                               msg->add_attribute(msg, attr);
+                       }
+                       enumerator->destroy(enumerator);
+                       break;
+               }
+               case IMV_ATTESTATION_STATE_COMP_EVID:
+               case IMV_ATTESTATION_STATE_IML:
+                       DBG1(DBG_IMV, "Attestation IMV has nothing to send: \"%s\"",
+                                handshake_state);
+                       return TNC_RESULT_FATAL;
+               default:
+                       DBG1(DBG_IMV, "Attestation IMV is in unknown state: \"%s\"",
+                                handshake_state);
+                       return TNC_RESULT_FATAL;
+>>>>>>> Implemented handling of File Metadata
        }
        msg->destroy(msg);
 
index ecdc4c9..8c9d428 100644 (file)
@@ -152,6 +152,7 @@ METHOD(pa_tnc_attr_t, build, void,
        enumerator = this->metadata->create_enumerator(this->metadata);
        while (enumerator->enumerate(enumerator, &entry))
        {
+<<<<<<< HEAD
                writer->write_uint16(writer, PTS_FILE_METADATA_SIZE +
                                                                         strlen(entry->filename));
                writer->write_uint8 (writer, entry->type);
@@ -164,6 +165,27 @@ METHOD(pa_tnc_attr_t, build, void,
                writer->write_uint64(writer, entry->group);
                writer->write_data  (writer, chunk_create(entry->filename,
                                                                                                  strlen(entry->filename)));
+=======
+               writer->write_uint16(writer, PTS_FILE_METADATA_SIZE + strlen(entry->filename));
+               writer->write_uint8 (writer, entry->type);
+               writer->write_uint8 (writer, PTS_FILE_MEAS_RESERVED);
+
+               /* Write the 64 bit integer fields as two 32 bit parts */
+               writer->write_uint32(writer, entry->filesize >> 32);
+               writer->write_uint32(writer, entry->filesize & 0xffffffff);
+               writer->write_uint32(writer, ((u_int64_t)entry->create_time) >> 32);
+               writer->write_uint32(writer, ((u_int64_t)entry->create_time) & 0xffffffff);
+               writer->write_uint32(writer, ((u_int64_t)entry->last_modify_time) >> 32);
+               writer->write_uint32(writer, ((u_int64_t)entry->last_modify_time) & 0xffffffff);
+               writer->write_uint32(writer, ((u_int64_t)entry->last_access_time) >> 32);
+               writer->write_uint32(writer, ((u_int64_t)entry->last_access_time) & 0xffffffff);
+               writer->write_uint32(writer, entry->owner_id >> 32);
+               writer->write_uint32(writer, entry->owner_id & 0xffffffff);
+               writer->write_uint32(writer, entry->group_id >> 32);
+               writer->write_uint32(writer, entry->group_id & 0xffffffff);
+               
+               writer->write_data  (writer, chunk_create(entry->filename, strlen(entry->filename)));
+>>>>>>> Implemented handling of File Metadata
        }
        enumerator->destroy(enumerator);