[thirdparty/strongswan.git] / src / libpts / tcg / tcg_pts_attr_aik.c

/*
 * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "tcg_pts_attr_aik.h"

#include <pa_tnc/pa_tnc_msg.h>
#include <bio/bio_writer.h>
#include <bio/bio_reader.h>
#include <utils/debug.h>

typedef struct private_tcg_pts_attr_aik_t private_tcg_pts_attr_aik_t;

/**
 * Attestation Identity Key
 * see section 3.13 of PTS Protocol: Binding to TNC IF-M Specification
 *
 *					   1				   2				   3
 *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 *  |	 Flags	    |	Attestation Identity Key (Variable Length)  ~
 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 *  |		   Attestation Identity Key (Variable Length)		    ~
 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 */

#define PTS_AIK_SIZE				4
#define PTS_AIK_FLAGS_NONE			0
#define PTS_AIK_FLAGS_NAKED_KEY		(1<<7)
/**
 * Private data of an tcg_pts_attr_aik_t object.
 */
struct private_tcg_pts_attr_aik_t {

	/**
	 * Public members of tcg_pts_attr_aik_t
	 */
	tcg_pts_attr_aik_t public;

	/**
	 * Vendor-specific attribute type
	 */
	pen_type_t type;

	/**
	 * Attribute value
	 */
	chunk_t value;

	/**
	 * Noskip flag
	 */
	bool noskip_flag;

	/**
	 * AIK Certificate or Public Key
	 */
	certificate_t *aik;

	/**
	 * Reference count
	 */
	refcount_t ref;
};

METHOD(pa_tnc_attr_t, get_type, pen_type_t,
	private_tcg_pts_attr_aik_t *this)
{
	return this->type;
}

METHOD(pa_tnc_attr_t, get_value, chunk_t,
	private_tcg_pts_attr_aik_t *this)
{
	return this->value;
}

METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
	private_tcg_pts_attr_aik_t *this)
{
	return this->noskip_flag;
}

METHOD(pa_tnc_attr_t, set_noskip_flag,void,
	private_tcg_pts_attr_aik_t *this, bool noskip)
{
	this->noskip_flag = noskip;
}

METHOD(pa_tnc_attr_t, build, void,
	private_tcg_pts_attr_aik_t *this)
{
	bio_writer_t *writer;
	u_int8_t flags = PTS_AIK_FLAGS_NONE;
	cred_encoding_type_t encoding_type = CERT_ASN1_DER;
	chunk_t aik_blob;

	if (this->value.ptr)
	{
		return;
	}
	if (this->aik->get_type(this->aik) == CERT_TRUSTED_PUBKEY)
	{
		flags |= PTS_AIK_FLAGS_NAKED_KEY;
		encoding_type = PUBKEY_SPKI_ASN1_DER;
	}
	if (!this->aik->get_encoding(this->aik, encoding_type, &aik_blob))
	{
		DBG1(DBG_TNC, "encoding of Attestation Identity Key failed");
		aik_blob = chunk_empty;
	}
	writer = bio_writer_create(PTS_AIK_SIZE);
	writer->write_uint8(writer, flags);
	writer->write_data (writer, aik_blob);
	this->value = chunk_clone(writer->get_buf(writer));
	free(aik_blob.ptr);
	writer->destroy(writer);
}

METHOD(pa_tnc_attr_t, process, status_t,
	private_tcg_pts_attr_aik_t *this, u_int32_t *offset)
{
	bio_reader_t *reader;
	u_int8_t flags;
	certificate_type_t type;
	chunk_t aik_blob;

	if (this->value.len < PTS_AIK_SIZE)
	{
		DBG1(DBG_TNC, "insufficient data for Attestation Identity Key");
		*offset = 0;
		return FAILED;
	}
	reader = bio_reader_create(this->value);
	reader->read_uint8(reader, &flags);
	reader->read_data (reader, reader->remaining(reader), &aik_blob);

	type = (flags & PTS_AIK_FLAGS_NAKED_KEY) ? CERT_TRUSTED_PUBKEY : CERT_X509;

	this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
								   BUILD_BLOB_PEM, aik_blob, BUILD_END);
	reader->destroy(reader);

	if (!this->aik)
	{
		DBG1(DBG_TNC, "parsing of Attestation Identity Key failed");
		*offset = 0;
		return FAILED;
	}
	return SUCCESS;
}

METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
	private_tcg_pts_attr_aik_t *this)
{
	ref_get(&this->ref);
	return &this->public.pa_tnc_attribute;
}

METHOD(pa_tnc_attr_t, destroy, void,
	private_tcg_pts_attr_aik_t *this)
{
	if (ref_put(&this->ref))
	{
		DESTROY_IF(this->aik);
		free(this->value.ptr);
		free(this);
	}
}

METHOD(tcg_pts_attr_aik_t, get_aik, certificate_t*,
	private_tcg_pts_attr_aik_t *this)
{
	return this->aik;
}

/**
 * Described in header.
 */
pa_tnc_attr_t *tcg_pts_attr_aik_create(certificate_t *aik)
{
	private_tcg_pts_attr_aik_t *this;

	INIT(this,
		.public = {
			.pa_tnc_attribute = {
				.get_type = _get_type,
				.get_value = _get_value,
				.get_noskip_flag = _get_noskip_flag,
				.set_noskip_flag = _set_noskip_flag,
				.build = _build,
				.process = _process,
				.get_ref = _get_ref,
				.destroy = _destroy,
			},
			.get_aik = _get_aik,
		},
		.type = { PEN_TCG, TCG_PTS_AIK },
		.aik = aik->get_ref(aik),
		.ref = 1,
	);

	return &this->public.pa_tnc_attribute;
}


/**
 * Described in header.
 */
pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(chunk_t data)
{
	private_tcg_pts_attr_aik_t *this;

	INIT(this,
		.public = {
			.pa_tnc_attribute = {
				.get_type = _get_type,
				.get_value = _get_value,
				.get_noskip_flag = _get_noskip_flag,
				.set_noskip_flag = _set_noskip_flag,
				.build = _build,
				.process = _process,
				.get_ref = _get_ref,
				.destroy = _destroy,
			},
			.get_aik = _get_aik,
		},
		.type = { PEN_TCG, TCG_PTS_AIK },
		.value = chunk_clone(data),
		.ref = 1,
	);

	return &this->public.pa_tnc_attribute;
}
Commit	Line	Data
3b80bce8	1	/*
dbb7859f	2	* Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
3b80bce8 SC	3	* HSR Hochschule fuer Technik Rapperswil
	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
	14	*/
	15
	16	#include "tcg_pts_attr_aik.h"
	17
	18	#include <pa_tnc/pa_tnc_msg.h>
	19	#include <bio/bio_writer.h>
	20	#include <bio/bio_reader.h>
f05b4272	21	#include <utils/debug.h>
3b80bce8 SC	22
	23	typedef struct private_tcg_pts_attr_aik_t private_tcg_pts_attr_aik_t;
	24
	25	/**
10b7ff90 AS	26	* Attestation Identity Key
10b7ff90 AS	27	* see section 3.13 of PTS Protocol: Binding to TNC IF-M Specification
3b80bce8	28	*
05a1b347	29	* 1 2 3
3b80bce8	30	* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
3b80bce8	31	* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
05a1b347	32	* \| Flags \| Attestation Identity Key (Variable Length) ~
3b80bce8	33	* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
05a1b347	34	* \| Attestation Identity Key (Variable Length) ~
3b80bce8	35	* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
3b80bce8 SC	36	*/
3b80bce8 SC	37
d3b0c23c AS	38	#define PTS_AIK_SIZE 4
	39	#define PTS_AIK_FLAGS_NONE 0
	40	#define PTS_AIK_FLAGS_NAKED_KEY (1<<7)
3b80bce8	41	/**
1f3f3021	42	* Private data of an tcg_pts_attr_aik_t object.
3b80bce8 SC	43	*/
	44	struct private_tcg_pts_attr_aik_t {
	45
	46	/**
1f3f3021	47	* Public members of tcg_pts_attr_aik_t
3b80bce8 SC	48	*/
	49	tcg_pts_attr_aik_t public;
	50
	51	/**
dbb7859f	52	* Vendor-specific attribute type
3b80bce8	53	*/
dbb7859f	54	pen_type_t type;
3b80bce8 SC	55
	56	/**
	57	* Attribute value
	58	*/
	59	chunk_t value;
f05b4272	60
3b80bce8 SC	61	/**
	62	* Noskip flag
	63	*/
	64	bool noskip_flag;
	65
	66	/**
d3b0c23c	67	* AIK Certificate or Public Key
3b80bce8	68	*/
d3b0c23c	69	certificate_t *aik;
8982b702 AS	70
	71	/**
	72	* Reference count
	73	*/
	74	refcount_t ref;
3b80bce8 SC	75	};
3b80bce8 SC	76
dbb7859f	77	METHOD(pa_tnc_attr_t, get_type, pen_type_t,
3b80bce8 SC	78	private_tcg_pts_attr_aik_t *this)
	79	{
	80	return this->type;
	81	}
	82
	83	METHOD(pa_tnc_attr_t, get_value, chunk_t,
	84	private_tcg_pts_attr_aik_t *this)
	85	{
	86	return this->value;
	87	}
	88
	89	METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
	90	private_tcg_pts_attr_aik_t *this)
	91	{
	92	return this->noskip_flag;
	93	}
	94
	95	METHOD(pa_tnc_attr_t, set_noskip_flag,void,
	96	private_tcg_pts_attr_aik_t *this, bool noskip)
	97	{
	98	this->noskip_flag = noskip;
	99	}
	100
	101	METHOD(pa_tnc_attr_t, build, void,
	102	private_tcg_pts_attr_aik_t *this)
	103	{
	104	bio_writer_t *writer;
d3b0c23c	105	u_int8_t flags = PTS_AIK_FLAGS_NONE;
f1b54894	106	cred_encoding_type_t encoding_type = CERT_ASN1_DER;
d3b0c23c	107	chunk_t aik_blob;
3b80bce8	108
ea67a75b AS	109	if (this->value.ptr)
	110	{
	111	return;
	112	}
d3b0c23c	113	if (this->aik->get_type(this->aik) == CERT_TRUSTED_PUBKEY)
05a1b347	114	{
d3b0c23c	115	flags \|= PTS_AIK_FLAGS_NAKED_KEY;
f1b54894	116	encoding_type = PUBKEY_SPKI_ASN1_DER;
05a1b347	117	}
f1b54894	118	if (!this->aik->get_encoding(this->aik, encoding_type, &aik_blob))
d3b0c23c AS	119	{
	120	DBG1(DBG_TNC, "encoding of Attestation Identity Key failed");
	121	aik_blob = chunk_empty;
	122	}
	123	writer = bio_writer_create(PTS_AIK_SIZE);
	124	writer->write_uint8(writer, flags);
	125	writer->write_data (writer, aik_blob);
3b80bce8	126	this->value = chunk_clone(writer->get_buf(writer));
3ca2e65f	127	free(aik_blob.ptr);
3b80bce8 SC	128	writer->destroy(writer);
	129	}
	130
	131	METHOD(pa_tnc_attr_t, process, status_t,
1f3f3021	132	private_tcg_pts_attr_aik_t this, u_int32_t offset)
3b80bce8 SC	133	{
	134	bio_reader_t *reader;
	135	u_int8_t flags;
d3b0c23c AS	136	certificate_type_t type;
d3b0c23c AS	137	chunk_t aik_blob;
f05b4272	138
3b80bce8 SC	139	if (this->value.len < PTS_AIK_SIZE)
	140	{
	141	DBG1(DBG_TNC, "insufficient data for Attestation Identity Key");
1f3f3021	142	*offset = 0;
3b80bce8 SC	143	return FAILED;
	144	}
	145	reader = bio_reader_create(this->value);
3b80bce8	146	reader->read_uint8(reader, &flags);
d3b0c23c AS	147	reader->read_data (reader, reader->remaining(reader), &aik_blob);
	148
	149	type = (flags & PTS_AIK_FLAGS_NAKED_KEY) ? CERT_TRUSTED_PUBKEY : CERT_X509;
	150
	151	this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
	152	BUILD_BLOB_PEM, aik_blob, BUILD_END);
3b80bce8 SC	153	reader->destroy(reader);
3b80bce8 SC	154
d3b0c23c AS	155	if (!this->aik)
	156	{
	157	DBG1(DBG_TNC, "parsing of Attestation Identity Key failed");
	158	*offset = 0;
	159	return FAILED;
	160	}
05a1b347	161	return SUCCESS;
3b80bce8 SC	162	}
3b80bce8 SC	163
8982b702 AS	164	METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
	165	private_tcg_pts_attr_aik_t *this)
	166	{
	167	ref_get(&this->ref);
	168	return &this->public.pa_tnc_attribute;
	169	}
	170
3b80bce8 SC	171	METHOD(pa_tnc_attr_t, destroy, void,
	172	private_tcg_pts_attr_aik_t *this)
	173	{
8982b702 AS	174	if (ref_put(&this->ref))
	175	{
	176	DESTROY_IF(this->aik);
	177	free(this->value.ptr);
	178	free(this);
	179	}
3b80bce8 SC	180	}
3b80bce8 SC	181
d3b0c23c	182	METHOD(tcg_pts_attr_aik_t, get_aik, certificate_t*,
3b80bce8 SC	183	private_tcg_pts_attr_aik_t *this)
	184	{
	185	return this->aik;
	186	}
	187
3b80bce8 SC	188	/**
	189	* Described in header.
	190	*/
d3b0c23c	191	pa_tnc_attr_t tcg_pts_attr_aik_create(certificate_t aik)
3b80bce8 SC	192	{
	193	private_tcg_pts_attr_aik_t *this;
	194
	195	INIT(this,
	196	.public = {
	197	.pa_tnc_attribute = {
3b80bce8 SC	198	.get_type = _get_type,
	199	.get_value = _get_value,
	200	.get_noskip_flag = _get_noskip_flag,
	201	.set_noskip_flag = _set_noskip_flag,
	202	.build = _build,
	203	.process = _process,
8982b702	204	.get_ref = _get_ref,
3b80bce8 SC	205	.destroy = _destroy,
3b80bce8 SC	206	},
1f3f3021	207	.get_aik = _get_aik,
3b80bce8	208	},
dbb7859f	209	.type = { PEN_TCG, TCG_PTS_AIK },
d3b0c23c	210	.aik = aik->get_ref(aik),
8982b702	211	.ref = 1,
3b80bce8 SC	212	);
	213
	214	return &this->public.pa_tnc_attribute;
	215	}
	216
	217
	218	/**
	219	* Described in header.
	220	*/
1f3f3021	221	pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(chunk_t data)
3b80bce8 SC	222	{
	223	private_tcg_pts_attr_aik_t *this;
	224
	225	INIT(this,
	226	.public = {
	227	.pa_tnc_attribute = {
3b80bce8 SC	228	.get_type = _get_type,
	229	.get_value = _get_value,
	230	.get_noskip_flag = _get_noskip_flag,
	231	.set_noskip_flag = _set_noskip_flag,
	232	.build = _build,
	233	.process = _process,
8982b702	234	.get_ref = _get_ref,
3b80bce8 SC	235	.destroy = _destroy,
3b80bce8 SC	236	},
1f3f3021	237	.get_aik = _get_aik,
3b80bce8	238	},
dbb7859f	239	.type = { PEN_TCG, TCG_PTS_AIK },
3b80bce8	240	.value = chunk_clone(data),
8982b702	241	.ref = 1,
3b80bce8 SC	242	);
	243
	244	return &this->public.pa_tnc_attribute;
	245	}