moved send_message() in front of recommendation evaluation
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 18 Dec 2011 20:05:52 +0000 (21:05 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 18 Dec 2011 20:05:52 +0000 (21:05 +0100)
src/libpts/plugins/imv_attestation/imv_attestation.c
src/libpts/plugins/imv_attestation/imv_attestation_build.c
src/libpts/plugins/imv_attestation/imv_attestation_process.c
src/libpts/pts/pts.c

index 4aa3936..0106870 100644 (file)
@@ -352,6 +352,9 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
        }
        attr_list->destroy(attr_list);
 
+       /* check the IMV state for the next PA-TNC attributes to send */
+       result = send_message(connection_id);
+
        if (attestation_state->get_handshake_state(attestation_state) ==
                IMV_ATTESTATION_STATE_END)
        {
@@ -383,7 +386,7 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
                                                                                                           connection_id);
        }
 
-       return send_message(connection_id);
+       return result;
 }
 
 /**
index 1efe2e7..0186eb1 100644 (file)
@@ -67,19 +67,6 @@ bool imv_attestation_build(linked_list_t *attr_list,
                handshake_state = IMV_ATTESTATION_STATE_MEAS;
        }
 
-       /**
-        * Skip Component Measurements when
-        *   neither DH Nonce Exchange nor a TPM are available on the PTS-IMC side
-        */
-       if (handshake_state == IMV_ATTESTATION_STATE_COMP_EVID &&
-               (!(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T) ||
-               !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D)) )
-       {
-               DBG2(DBG_IMV, "PTS-IMC made no TPM available - "
-                                         "skipping Component Measurements");
-               handshake_state = IMV_ATTESTATION_STATE_END;
-       }
-
        switch (handshake_state)
        {
                case IMV_ATTESTATION_STATE_INIT:
@@ -223,11 +210,18 @@ bool imv_attestation_build(linked_list_t *attr_list,
                        int vid, name, qualifier;
                        u_int8_t flags;
                        u_int32_t depth;
-                       bool first = TRUE;
+                       bool first = TRUE, first_component = TRUE;
 
                        attestation_state->set_handshake_state(attestation_state,
                                                                                IMV_ATTESTATION_STATE_END);
 
+                       if (!(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T) ||
+                               !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D))
+                       {
+                               DBG2(DBG_IMV, "PTS-IMC made no TPM available - "
+                                                         "skipping Component Measurements");
+                               break;
+                       }
                        if (!pts->get_aik_keyid(pts, &keyid))
                        {
                                break;
@@ -243,10 +237,14 @@ bool imv_attestation_build(linked_list_t *attr_list,
                        {
                                break;
                        }
-                       DBG2(DBG_IMV, "evidence request by");
                        while (enumerator->enumerate(enumerator, &vid, &name,
                                &qualifier, &depth))
                        {
+                               if (first)
+                               {
+                                       DBG2(DBG_IMV, "evidence request by");
+                                       first = FALSE;
+                               }
                                comp_name = pts_comp_func_name_create(vid, name, qualifier);
                                comp_name->log(comp_name, "  ");
 
@@ -259,11 +257,11 @@ bool imv_attestation_build(linked_list_t *attr_list,
                                        continue;
                                }
                                attestation_state->add_component(attestation_state, comp);
-                               if (first)
+                               if (first_component)
                                {
                                        attr = tcg_pts_attr_req_func_comp_evid_create();
                                        attr->set_noskip_flag(attr, TRUE);
-                                       first = FALSE;
+                                       first_component = FALSE;
                                }
                                flags = comp->get_evidence_flags(comp);
                                /* TODO check flags against negotiated_caps */
index 805a08c..660d082 100644 (file)
@@ -356,7 +356,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                        if (attr_cast->get_evid_sig(attr_cast, &evid_sig))
                        {
                                /** TODO: What to do with Evidence Signature */
-                               DBG1(DBG_IMV, "This version of the Attestation IMV can not "
+                               DBG1(DBG_IMV, "this version of the Attestation IMV can not "
                                                          "handle Evidence Signatures");
                        }
                        break;
index b31ab3d..6469f7c 100644 (file)
@@ -1525,7 +1525,7 @@ pts_t *pts_create(bool is_imc)
                {
                        this->has_tpm = TRUE;
                        this->pcr_len = PCR_LEN;
-                       /* this->proto_caps |= PTS_PROTO_CAPS_T | PTS_PROTO_CAPS_D; */
+                       this->proto_caps |= PTS_PROTO_CAPS_T | PTS_PROTO_CAPS_D;
                        load_aik(this);
                        load_aik_blob(this);
                }