]>
Commit | Line | Data |
---|---|---|
d4c8fe3c | 1 | /* |
19ef2aec | 2 | * Copyright (C) 2011-2022 Andreas Steffen |
d4c8fe3c | 3 | * |
19ef2aec | 4 | * Copyright (C) secunet Security Networks AG |
3f19a951 | 5 | * |
d4c8fe3c AS |
6 | * This program is free software; you can redistribute it and/or modify it |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
15 | */ | |
16 | ||
17 | #include "imcv.h" | |
74eb850d AS |
18 | #include "ietf/ietf_attr.h" |
19 | #include "ita/ita_attr.h" | |
5e1b06ff | 20 | #include "pwg/pwg_attr.h" |
d6fb2cc6 AS |
21 | #include "tcg/tcg_attr.h" |
22 | #include "pts/components/pts_component.h" | |
23 | #include "pts/components/pts_component_manager.h" | |
24 | #include "pts/components/tcg/tcg_comp_func_name.h" | |
25 | #include "pts/components/ita/ita_comp_func_name.h" | |
26 | #include "pts/components/ita/ita_comp_ima.h" | |
27 | #include "pts/components/ita/ita_comp_tboot.h" | |
28 | #include "pts/components/ita/ita_comp_tgrub.h" | |
d4c8fe3c | 29 | |
f05b4272 | 30 | #include <utils/debug.h> |
bca34c37 | 31 | #include <utils/utils.h> |
74eb850d | 32 | #include <pen/pen.h> |
d4c8fe3c | 33 | |
09e5f15a | 34 | #ifdef HAVE_SYSLOG |
d4c8fe3c | 35 | #include <syslog.h> |
09e5f15a | 36 | #endif |
d4c8fe3c | 37 | |
668fbd49 TB |
38 | #ifndef IPSEC_SCRIPT |
39 | #define IPSEC_SCRIPT "ipsec" | |
40 | #endif | |
41 | ||
a6266485 | 42 | #define IMCV_DEBUG_LEVEL 1 |
c8719a07 | 43 | #define IMCV_DEFAULT_POLICY_SCRIPT IPSEC_SCRIPT " _imv_policy" |
a6266485 | 44 | |
e01b02e1 | 45 | |
d4c8fe3c | 46 | /** |
74eb850d | 47 | * PA-TNC attribute manager |
d4c8fe3c | 48 | */ |
74eb850d AS |
49 | pa_tnc_attr_manager_t *imcv_pa_tnc_attributes; |
50 | ||
4894bfa2 AS |
51 | /** |
52 | * Global list of IMV sessions | |
53 | */ | |
54 | imv_session_manager_t *imcv_sessions; | |
55 | ||
a6266485 AS |
56 | /** |
57 | * Global IMV database | |
58 | */ | |
59 | imv_database_t *imcv_db; | |
60 | ||
d6fb2cc6 AS |
61 | /** |
62 | * PTS Functional Component manager | |
63 | */ | |
64 | pts_component_manager_t *imcv_pts_components; | |
65 | ||
74eb850d AS |
66 | /** |
67 | * Reference count for libimcv | |
68 | */ | |
69 | static refcount_t libimcv_ref = 0; | |
70 | ||
71 | /** | |
72 | * Reference count for libstrongswan | |
73 | */ | |
74 | static refcount_t libstrongswan_ref = 0; | |
d4c8fe3c AS |
75 | |
76 | /** | |
e01b02e1 | 77 | * Global configuration of imcv dbg function |
d4c8fe3c | 78 | */ |
e01b02e1 AS |
79 | static int imcv_debug_level; |
80 | static bool imcv_stderr_quiet; | |
d4c8fe3c | 81 | |
3f19a951 AS |
82 | /** |
83 | * Described in header. | |
84 | */ | |
85 | void imcv_list_pa_tnc_attribute_type(char *label, pen_t vendor_id, uint32_t type) | |
86 | { | |
87 | enum_name_t *pa_attr_names; | |
88 | ||
89 | pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes, | |
90 | vendor_id); | |
91 | if (pa_attr_names) | |
92 | { | |
93 | DBG2(DBG_TNC, "%s PA-TNC attribute type '%N/%N' 0x%06x/0x%08x", | |
94 | label, pen_names, vendor_id, pa_attr_names, type, vendor_id, type); | |
95 | } | |
96 | else | |
97 | { | |
98 | DBG2(DBG_TNC, "%s PA-TNC attribute type '%N' 0x%06x/0x%08x", | |
99 | label, pen_names, vendor_id, vendor_id, type); | |
100 | } | |
101 | } | |
102 | ||
d4c8fe3c | 103 | /** |
e01b02e1 | 104 | * imvc dbg function |
d4c8fe3c | 105 | */ |
e01b02e1 | 106 | static void imcv_dbg(debug_t group, level_t level, char *fmt, ...) |
d4c8fe3c | 107 | { |
d4c8fe3c AS |
108 | va_list args; |
109 | ||
e01b02e1 | 110 | if (level <= imcv_debug_level) |
d4c8fe3c | 111 | { |
e01b02e1 | 112 | if (!imcv_stderr_quiet) |
d4c8fe3c AS |
113 | { |
114 | va_start(args, fmt); | |
ad963975 | 115 | fprintf(stderr, "[HSR] "); |
d4c8fe3c AS |
116 | vfprintf(stderr, fmt, args); |
117 | fprintf(stderr, "\n"); | |
118 | va_end(args); | |
119 | } | |
120 | ||
09e5f15a | 121 | #ifdef HAVE_SYSLOG |
d4c8fe3c | 122 | { |
09e5f15a MW |
123 | int priority = LOG_INFO; |
124 | char buffer[8192]; | |
125 | char *current = buffer, *next; | |
126 | ||
127 | /* write in memory buffer first */ | |
128 | va_start(args, fmt); | |
129 | vsnprintf(buffer, sizeof(buffer), fmt, args); | |
130 | va_end(args); | |
131 | ||
132 | /* do a syslog with every line */ | |
133 | while (current) | |
d4c8fe3c | 134 | { |
09e5f15a MW |
135 | next = strchr(current, '\n'); |
136 | if (next) | |
137 | { | |
138 | *(next++) = '\0'; | |
139 | } | |
140 | syslog(priority, "[HSR] %s\n", current); | |
141 | current = next; | |
d4c8fe3c | 142 | } |
d4c8fe3c | 143 | } |
09e5f15a | 144 | #endif /* HAVE_SYSLOG */ |
d4c8fe3c AS |
145 | } |
146 | } | |
147 | ||
148 | /** | |
149 | * Described in header. | |
150 | */ | |
a6266485 | 151 | bool libimcv_init(bool is_imv) |
d4c8fe3c AS |
152 | { |
153 | /* initialize libstrongswan library only once */ | |
154 | if (lib) | |
155 | { | |
156 | /* did main program initialize libstrongswan? */ | |
5126e7c0 | 157 | if (!ref_cur(&libstrongswan_ref)) |
d4c8fe3c | 158 | { |
74eb850d | 159 | ref_get(&libstrongswan_ref); |
d4c8fe3c AS |
160 | } |
161 | } | |
162 | else | |
163 | { | |
164 | /* we are the first to initialize libstrongswan */ | |
34d3bfcf | 165 | if (!library_init(NULL, "libimcv")) |
d4c8fe3c AS |
166 | { |
167 | return FALSE; | |
168 | } | |
169 | ||
e01b02e1 AS |
170 | /* set the debug level and stderr output */ |
171 | imcv_debug_level = lib->settings->get_int(lib->settings, | |
172 | "libimcv.debug_level", IMCV_DEBUG_LEVEL); | |
173 | imcv_stderr_quiet = lib->settings->get_int(lib->settings, | |
ad963975 | 174 | "libimcv.stderr_quiet", FALSE); |
f05b4272 | 175 | |
e01b02e1 AS |
176 | /* activate the imcv debugging hook */ |
177 | dbg = imcv_dbg; | |
09e5f15a | 178 | #ifdef HAVE_SYSLOG |
d4c8fe3c | 179 | openlog("imcv", 0, LOG_DAEMON); |
09e5f15a | 180 | #endif |
6e58f0a3 | 181 | |
b18a5317 | 182 | if (!lib->plugins->load(lib->plugins, |
71d740ca AS |
183 | lib->settings->get_str(lib->settings, "libimcv.load", |
184 | "random nonce gmp pubkey x509"))) | |
6e58f0a3 AS |
185 | { |
186 | library_deinit(); | |
187 | return FALSE; | |
188 | } | |
74eb850d AS |
189 | } |
190 | ref_get(&libstrongswan_ref); | |
d4c8fe3c | 191 | |
1ec34763 TB |
192 | lib->settings->add_fallback(lib->settings, "%s.imcv", "libimcv", lib->ns); |
193 | lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins", | |
194 | lib->ns); | |
195 | ||
5126e7c0 | 196 | if (!ref_cur(&libimcv_ref)) |
74eb850d | 197 | { |
a6266485 AS |
198 | char *uri, *script; |
199 | ||
5126e7c0 TB |
200 | libtpmtss_init(); |
201 | ||
74eb850d | 202 | /* initialize the PA-TNC attribute manager */ |
19ef2aec | 203 | imcv_pa_tnc_attributes = pa_tnc_attr_manager_create(); |
74eb850d AS |
204 | imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF, |
205 | ietf_attr_create_from_data, ietf_attr_names); | |
206 | imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA, | |
207 | ita_attr_create_from_data, ita_attr_names); | |
5e1b06ff AS |
208 | imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_PWG, |
209 | pwg_attr_create_from_data, pwg_attr_names); | |
d6fb2cc6 AS |
210 | imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG, |
211 | tcg_attr_create_from_data, tcg_attr_names); | |
212 | ||
213 | imcv_pts_components = pts_component_manager_create(); | |
214 | imcv_pts_components->add_vendor(imcv_pts_components, PEN_TCG, | |
215 | pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE, | |
216 | pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names); | |
217 | imcv_pts_components->add_vendor(imcv_pts_components, PEN_ITA, | |
218 | pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE, | |
219 | pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names); | |
220 | ||
221 | imcv_pts_components->add_component(imcv_pts_components, PEN_ITA, | |
222 | PTS_ITA_COMP_FUNC_NAME_TGRUB, | |
223 | pts_ita_comp_tgrub_create); | |
224 | imcv_pts_components->add_component(imcv_pts_components, PEN_ITA, | |
225 | PTS_ITA_COMP_FUNC_NAME_TBOOT, | |
226 | pts_ita_comp_tboot_create); | |
227 | imcv_pts_components->add_component(imcv_pts_components, PEN_ITA, | |
228 | PTS_ITA_COMP_FUNC_NAME_IMA, | |
229 | pts_ita_comp_ima_create); | |
a6266485 AS |
230 | if (is_imv) |
231 | { | |
4894bfa2 AS |
232 | /* instantiate global IMV session manager */ |
233 | imcv_sessions = imv_session_manager_create(); | |
234 | ||
235 | /* instantiate and attach global IMV database if URI is valid */ | |
a6266485 | 236 | uri = lib->settings->get_str(lib->settings, |
1ec34763 | 237 | "%s.imcv.database", NULL, lib->ns); |
a6266485 | 238 | script = lib->settings->get_str(lib->settings, |
1ec34763 TB |
239 | "%s.imcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT, |
240 | lib->ns); | |
a6266485 AS |
241 | if (uri) |
242 | { | |
243 | imcv_db = imv_database_create(uri, script); | |
244 | } | |
245 | } | |
d4c8fe3c AS |
246 | DBG1(DBG_LIB, "libimcv initialized"); |
247 | } | |
74eb850d | 248 | ref_get(&libimcv_ref); |
d4c8fe3c AS |
249 | |
250 | return TRUE; | |
251 | } | |
252 | ||
253 | /** | |
254 | * Described in header. | |
255 | */ | |
256 | void libimcv_deinit(void) | |
257 | { | |
74eb850d | 258 | if (ref_put(&libimcv_ref)) |
d4c8fe3c | 259 | { |
d6fb2cc6 AS |
260 | imcv_pts_components->remove_vendor(imcv_pts_components, PEN_TCG); |
261 | imcv_pts_components->remove_vendor(imcv_pts_components, PEN_ITA); | |
262 | imcv_pts_components->destroy(imcv_pts_components); | |
263 | ||
74eb850d AS |
264 | imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF); |
265 | imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA); | |
5e1b06ff | 266 | imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_PWG); |
d6fb2cc6 | 267 | imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG); |
74eb850d | 268 | DESTROY_IF(imcv_pa_tnc_attributes); |
6bce8e1c | 269 | imcv_pa_tnc_attributes = NULL; |
a6266485 | 270 | DESTROY_IF(imcv_db); |
4894bfa2 | 271 | DESTROY_IF(imcv_sessions); |
d4c8fe3c | 272 | DBG1(DBG_LIB, "libimcv terminated"); |
5126e7c0 TB |
273 | |
274 | libtpmtss_deinit(); | |
74eb850d AS |
275 | } |
276 | if (ref_put(&libstrongswan_ref)) | |
277 | { | |
f05b4272 | 278 | library_deinit(); |
d4c8fe3c AS |
279 | } |
280 | } |