moved building of attributes to imv_attestation_build
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 9 Oct 2011 17:37:48 +0000 (19:37 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 13:39:50 +0000 (14:39 +0100)
src/libimcv/plugins/imv_attestation/Makefile.am
src/libimcv/plugins/imv_attestation/imv_attestation.c
src/libimcv/plugins/imv_attestation/imv_attestation_build.c [new file with mode: 0644]
src/libimcv/plugins/imv_attestation/imv_attestation_build.h [new file with mode: 0644]

index e52a4f3..c6eb46d 100644 (file)
@@ -12,7 +12,8 @@ imv_attestation_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
 
 imv_attestation_la_SOURCES = imv_attestation.c \
        imv_attestation_state.h imv_attestation_state.c \
-       imv_attestation_process.h imv_attestation_process.c
+       imv_attestation_process.h imv_attestation_process.c \
+       imv_attestation_build.h imv_attestation_build.c
 
 imv_attestation_la_LDFLAGS = -module -avoid-version
 
index 329f03e..1a1358f 100644 (file)
@@ -15,6 +15,7 @@
 
 #include "imv_attestation_state.h"
 #include "imv_attestation_process.h"
+#include "imv_attestation_build.h"
 
 #include <imv/imv_agent.h>
 #include <pa_tnc/pa_tnc_msg.h>
 #include <pts/pts_creds.h>
 
 #include <tcg/tcg_attr.h>
-#include <tcg/tcg_pts_attr_proto_caps.h>
-#include <tcg/tcg_pts_attr_meas_algo.h>
-#include <tcg/tcg_pts_attr_dh_nonce_params_req.h>
-#include <tcg/tcg_pts_attr_dh_nonce_finish.h>
-#include <tcg/tcg_pts_attr_get_tpm_version_info.h>
-#include <tcg/tcg_pts_attr_get_aik.h>
-#include <tcg/tcg_pts_attr_req_funct_comp_evid.h>
-#include <tcg/tcg_pts_attr_gen_attest_evid.h>
-#include <tcg/tcg_pts_attr_req_file_meas.h>
-#include <tcg/tcg_pts_attr_req_file_meta.h>
 
 #include <tncif_pa_subtypes.h>
 
@@ -191,11 +182,8 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id,
 static TNC_Result send_message(TNC_ConnectionID connection_id)
 {
        pa_tnc_msg_t *msg;
-       pa_tnc_attr_t *attr;
-       pts_t *pts;
        imv_state_t *state;
        imv_attestation_state_t *attestation_state;
-       imv_attestation_handshake_state_t handshake_state;
        TNC_Result result;
 
        if (!imv_attestation->get_state(imv_attestation, connection_id, &state))
@@ -203,174 +191,19 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
                return TNC_RESULT_FATAL;
        }
        attestation_state = (imv_attestation_state_t*)state;
-       handshake_state = attestation_state->get_handshake_state(attestation_state);
-       pts = attestation_state->get_pts(attestation_state);
-
        msg = pa_tnc_msg_create();
 
-       if (handshake_state == IMV_ATTESTATION_STATE_NONCE_REQ &&
-               !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T))
+       if (imv_attestation_build(msg, attestation_state, supported_algorithms,
+                                                         supported_dh_groups, pts_db))
        {
-               DBG1(DBG_IMV, "PTS-IMC has no TPM capability - "
-                                         "advancing to PTS measurement phase");
-               handshake_state = IMV_ATTESTATION_STATE_MEAS;
+               msg->build(msg);
+               result = imv_attestation->send_message(imv_attestation, connection_id,
+                                                                                          msg->get_encoding(msg));
        }
-
-       /* Switch on the attribute type IMV has received */
-       switch (handshake_state)
+       else
        {
-               case IMV_ATTESTATION_STATE_INIT:
-               {
-                       pts_proto_caps_flag_t flags;
-
-                       /* Send Request Protocol Capabilities attribute */
-                       flags = pts->get_proto_caps(pts);
-                       attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       /* Send Measurement Algorithms attribute */
-                       attr = tcg_pts_attr_meas_algo_create(supported_algorithms, FALSE);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_NONCE_REQ);
-                       break;
-               }
-               case IMV_ATTESTATION_STATE_NONCE_REQ:
-               {
-                       int min_nonce_len;
-
-                       /* Send DH nonce parameters request attribute */
-                       min_nonce_len = lib->settings->get_int(lib->settings,
-                                               "libimcv.plugins.imv-attestation.min_nonce_len", 0);
-                       attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
-                                                                                                        supported_dh_groups);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_TPM_INIT);
-                       break;
-               }
-               case IMV_ATTESTATION_STATE_TPM_INIT:
-               {
-                       pts_meas_algorithms_t selected_algorithm;
-                       chunk_t initiator_value, initiator_nonce;
-
-                       /* Send DH nonce finish attribute */
-                       selected_algorithm = pts->get_meas_algorithm(pts);
-                       pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
-                       attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
-                                                                                initiator_value, initiator_nonce);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       /* Send Get TPM Version attribute */
-                       attr = tcg_pts_attr_get_tpm_version_info_create();
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       /* Send Get AIK attribute */
-                       attr = tcg_pts_attr_get_aik_create();
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_MEAS);
-                       break;
-               }
-               case IMV_ATTESTATION_STATE_MEAS:
-               {
-
-                       enumerator_t *enumerator;
-                       u_int32_t delimiter = SOLIDUS_UTF;
-                       char *platform_info, *pathname;
-                       u_int16_t request_id;
-                       int id, type;
-                       bool is_dir;
-
-                       attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_COMP_EVID);
-
-                       /* Get Platform and OS of the PTS-IMC */
-                       platform_info = pts->get_platform_info(pts);
-
-                       if (!pts_db || !platform_info)
-                       {
-                               DBG1(DBG_IMV, "%s%s%s not available",
-                                       (pts_db) ? "" : "pts database",
-                                       (!pts_db && !platform_info) ? "and" : "",
-                                       (platform_info) ? "" : "platform info");
-                               break;
-                       }
-                       DBG1(DBG_IMV, "platform is '%s'", platform_info);
-
-                       /* Send Request File Metadata attribute */
-                       attr = tcg_pts_attr_req_file_meta_create(FALSE, SOLIDUS_UTF, "/etc/tnc_config");
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       /* Send Request File Measurement attribute */
-                       enumerator = pts_db->create_file_enumerator(pts_db, platform_info);
-                       if (!enumerator)
-                       {
-                               break;
-                       }
-                       while (enumerator->enumerate(enumerator, &id, &type, &pathname))
-                       {
-                               is_dir = (type != 0);
-                               request_id = attestation_state->add_request(attestation_state,
-                                                                                                                       id, is_dir);
-                               DBG2(DBG_IMV, "measurement request %d for %s '%s'",
-                                        request_id, is_dir ? "directory" : "file", pathname);
-                               attr = tcg_pts_attr_req_file_meas_create(is_dir, request_id,
-                                                                                                        delimiter, pathname);
-                               attr->set_noskip_flag(attr, TRUE);
-                               msg->add_attribute(msg, attr);
-                       }
-                       enumerator->destroy(enumerator);
-                       break;
-               }
-               case IMV_ATTESTATION_STATE_COMP_EVID:
-               {
-                       pts_attr_req_funct_comp_evid_flag_t flags;
-                       u_int32_t sub_comp_depth;
-                       pts_qualifier_t qualifier;
-                       pts_funct_comp_name_t name;
-
-                       attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_END);
-
-                       flags = PTS_REQ_FUNC_COMP_FLAG_PCR;
-                       sub_comp_depth = 0;
-                       qualifier.kernel = FALSE;
-                       qualifier.sub_component = FALSE;
-                       qualifier.type = PTS_FUNC_COMP_TYPE_ALL;
-                       name = PTS_FUNC_COMP_NAME_BIOS;
-
-                       /* Send Request Functional Component Evidence attribute */
-                       attr = tcg_pts_attr_req_funct_comp_evid_create(flags, sub_comp_depth,
-                                                                                                               PEN_TCG, qualifier, name);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-                       /* Send Generate Attestation Evidence attribute */
-                       attr = tcg_pts_attr_gen_attest_evid_create();
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-
-                       break;
-               }
-               default:
-                       DBG1(DBG_IMV, "Attestation IMV is in unknown state: \"%s\"",
-                                handshake_state);
-                       return TNC_RESULT_FATAL;
+               result = TNC_RESULT_FATAL;
        }
-
-       msg->build(msg);
-       result = imv_attestation->send_message(imv_attestation, connection_id,
-                                                                                  msg->get_encoding(msg));
        msg->destroy(msg);
 
        return result;
@@ -484,7 +317,7 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
                else if (attr->get_vendor_id(attr) == PEN_TCG)
                {
                        if (!imv_attestation_process(attr, attr_list, attestation_state,
-                               supported_algorithms, supported_dh_groups, pts_db, pts_credmgr))
+                               supported_algorithms,supported_dh_groups, pts_db, pts_credmgr))
                        {
                                result = TNC_RESULT_FATAL;
                                break;
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
new file mode 100644 (file)
index 0000000..fc3d446
--- /dev/null
@@ -0,0 +1,205 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_attestation_build.h"
+#include "imv_attestation_state.h"
+
+#include <tcg/tcg_pts_attr_proto_caps.h>
+#include <tcg/tcg_pts_attr_meas_algo.h>
+#include <tcg/tcg_pts_attr_dh_nonce_params_req.h>
+#include <tcg/tcg_pts_attr_dh_nonce_finish.h>
+#include <tcg/tcg_pts_attr_get_tpm_version_info.h>
+#include <tcg/tcg_pts_attr_get_aik.h>
+#include <tcg/tcg_pts_attr_req_funct_comp_evid.h>
+#include <tcg/tcg_pts_attr_gen_attest_evid.h>
+#include <tcg/tcg_pts_attr_req_file_meas.h>
+#include <tcg/tcg_pts_attr_req_file_meta.h>
+
+#include <debug.h>
+
+bool imv_attestation_build(pa_tnc_msg_t *msg,
+                                                  imv_attestation_state_t *attestation_state,
+                                                  pts_meas_algorithms_t supported_algorithms,
+                                                  pts_dh_group_t supported_dh_groups,
+                                                  pts_database_t *pts_db)
+{
+       imv_attestation_handshake_state_t handshake_state;
+       pts_t *pts;
+       pa_tnc_attr_t *attr;
+
+       handshake_state = attestation_state->get_handshake_state(attestation_state);
+       pts = attestation_state->get_pts(attestation_state);
+
+       if (handshake_state == IMV_ATTESTATION_STATE_NONCE_REQ &&
+               !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T))
+       {
+               DBG1(DBG_IMV, "PTS-IMC has no TPM capability - "
+                                         "advancing to PTS measurement phase");
+               handshake_state = IMV_ATTESTATION_STATE_MEAS;
+       }
+
+       /* Switch on the attribute type IMV has received */
+       switch (handshake_state)
+       {
+               case IMV_ATTESTATION_STATE_INIT:
+               {
+                       pts_proto_caps_flag_t flags;
+
+                       /* Send Request Protocol Capabilities attribute */
+                       flags = pts->get_proto_caps(pts);
+                       attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+
+                       /* Send Measurement Algorithms attribute */
+                       attr = tcg_pts_attr_meas_algo_create(supported_algorithms, FALSE);
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+
+                       attestation_state->set_handshake_state(attestation_state,
+                                                                               IMV_ATTESTATION_STATE_NONCE_REQ);
+                       break;
+               }
+               case IMV_ATTESTATION_STATE_NONCE_REQ:
+               {
+                       int min_nonce_len;
+
+                       /* Send DH nonce parameters request attribute */
+                       min_nonce_len = lib->settings->get_int(lib->settings,
+                                               "libimcv.plugins.imv-attestation.min_nonce_len", 0);
+                       attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
+                                                                                                        supported_dh_groups);
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+
+                       attestation_state->set_handshake_state(attestation_state,
+                                                                               IMV_ATTESTATION_STATE_TPM_INIT);
+                       break;
+               }
+               case IMV_ATTESTATION_STATE_TPM_INIT:
+               {
+                       pts_meas_algorithms_t selected_algorithm;
+                       chunk_t initiator_value, initiator_nonce;
+
+                       /* Send DH nonce finish attribute */
+                       selected_algorithm = pts->get_meas_algorithm(pts);
+                       pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
+                       attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
+                                                                                initiator_value, initiator_nonce);
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+
+                       /* Send Get TPM Version attribute */
+                       attr = tcg_pts_attr_get_tpm_version_info_create();
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+
+                       /* Send Get AIK attribute */
+                       attr = tcg_pts_attr_get_aik_create();
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+
+                       attestation_state->set_handshake_state(attestation_state,
+                                                                               IMV_ATTESTATION_STATE_MEAS);
+                       break;
+               }
+               case IMV_ATTESTATION_STATE_MEAS:
+               {
+
+                       enumerator_t *enumerator;
+                       u_int32_t delimiter = SOLIDUS_UTF;
+                       char *platform_info, *pathname;
+                       u_int16_t request_id;
+                       int id, type;
+                       bool is_dir;
+
+                       attestation_state->set_handshake_state(attestation_state,
+                                                                               IMV_ATTESTATION_STATE_COMP_EVID);
+
+                       /* Get Platform and OS of the PTS-IMC */
+                       platform_info = pts->get_platform_info(pts);
+
+                       if (!pts_db || !platform_info)
+                       {
+                               DBG1(DBG_IMV, "%s%s%s not available",
+                                       (pts_db) ? "" : "pts database",
+                                       (!pts_db && !platform_info) ? "and" : "",
+                                       (platform_info) ? "" : "platform info");
+                               break;
+                       }
+                       DBG1(DBG_IMV, "platform is '%s'", platform_info);
+
+                       /* Send Request File Metadata attribute */
+                       attr = tcg_pts_attr_req_file_meta_create(FALSE, SOLIDUS_UTF, "/etc/tnc_config");
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+
+                       /* Send Request File Measurement attribute */
+                       enumerator = pts_db->create_file_enumerator(pts_db, platform_info);
+                       if (!enumerator)
+                       {
+                               break;
+                       }
+                       while (enumerator->enumerate(enumerator, &id, &type, &pathname))
+                       {
+                               is_dir = (type != 0);
+                               request_id = attestation_state->add_request(attestation_state,
+                                                                                                                       id, is_dir);
+                               DBG2(DBG_IMV, "measurement request %d for %s '%s'",
+                                        request_id, is_dir ? "directory" : "file", pathname);
+                               attr = tcg_pts_attr_req_file_meas_create(is_dir, request_id,
+                                                                                                        delimiter, pathname);
+                               attr->set_noskip_flag(attr, TRUE);
+                               msg->add_attribute(msg, attr);
+                       }
+                       enumerator->destroy(enumerator);
+                       break;
+               }
+               case IMV_ATTESTATION_STATE_COMP_EVID:
+               {
+                       pts_attr_req_funct_comp_evid_flag_t flags;
+                       u_int32_t sub_comp_depth;
+                       pts_qualifier_t qualifier;
+                       pts_funct_comp_name_t name;
+
+                       attestation_state->set_handshake_state(attestation_state,
+                                                                               IMV_ATTESTATION_STATE_END);
+
+                       flags = PTS_REQ_FUNC_COMP_FLAG_PCR;
+                       sub_comp_depth = 0;
+                       qualifier.kernel = FALSE;
+                       qualifier.sub_component = FALSE;
+                       qualifier.type = PTS_FUNC_COMP_TYPE_ALL;
+                       name = PTS_FUNC_COMP_NAME_BIOS;
+
+                       /* Send Request Functional Component Evidence attribute */
+                       attr = tcg_pts_attr_req_funct_comp_evid_create(flags, sub_comp_depth,
+                                                                                                               PEN_TCG, qualifier, name);
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+                       /* Send Generate Attestation Evidence attribute */
+                       attr = tcg_pts_attr_gen_attest_evid_create();
+                       attr->set_noskip_flag(attr, TRUE);
+                       msg->add_attribute(msg, attr);
+
+                       break;
+               }
+               default:
+                       DBG1(DBG_IMV, "Attestation IMV is in unknown state: \"%s\"",
+                                handshake_state);
+                       return FALSE;
+       }
+       return TRUE;
+}
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_build.h b/src/libimcv/plugins/imv_attestation/imv_attestation_build.h
new file mode 100644 (file)
index 0000000..e397e84
--- /dev/null
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ *
+ * @defgroup imv_attestation_build_t imv_attestation_build
+ * @{ @ingroup imv_attestation_build
+ */
+
+#ifndef IMV_ATTESTATION_BUILD_H_
+#define IMV_ATTESTATION_BUILD_H_
+
+#include "imv_attestation_state.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <library.h>
+
+#include <pts/pts_database.h>
+#include <pts/pts_dh_group.h>
+#include <pts/pts_meas_algo.h>
+
+/**
+ * Process a TCG PTS attribute
+ *
+ * @param msg                                  PA-TNC message to be built
+ * @param attestation_state            attestation state of a given connection
+ * @param supported_algorithms supported PTS measurement algorithms
+ * @param supported_dh_groups  supported DH groups
+ * @param pts_db                               PTS configuration database
+ * @return                                             TRUE if successful
+ */
+bool imv_attestation_build(pa_tnc_msg_t *msg,
+                                                  imv_attestation_state_t *attestation_state,
+                                                  pts_meas_algorithms_t supported_algorithms,
+                                                  pts_dh_group_t supported_dh_groups,
+                                                  pts_database_t *pts_db);
+
+#endif /** IMV_ATTESTATION_BUILD_H_ @}*/