]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libimcv/pts/components/ita/ita_comp_tgrub.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright headers after acquisition by secunet
[thirdparty/strongswan.git] / src / libimcv / pts / components / ita / ita_comp_tgrub.c
1 /*
2 * Copyright (C) 2011-2020 Andreas Steffen
3 *
4 * Copyright (C) secunet Security Networks AG
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "ita_comp_tgrub.h"
18 #include "ita_comp_func_name.h"
19
20 #include "pts/components/pts_component.h"
21
22 #include <utils/debug.h>
23 #include <pen/pen.h>
24
25 typedef struct pts_ita_comp_tgrub_t pts_ita_comp_tgrub_t;
26
27 /**
28 * Private data of a pts_ita_comp_tgrub_t object.
29 *
30 */
31 struct pts_ita_comp_tgrub_t {
32
33 /**
34 * Public pts_component_t interface.
35 */
36 pts_component_t public;
37
38 /**
39 * Component Functional Name
40 */
41 pts_comp_func_name_t *name;
42
43 /**
44 * Sub-component depth
45 */
46 uint32_t depth;
47
48 /**
49 * PTS measurement database
50 */
51 pts_database_t *pts_db;
52
53 /**
54 * Reference count
55 */
56 refcount_t ref;
57
58 };
59
60 METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
61 pts_ita_comp_tgrub_t *this)
62 {
63 return this->name;
64 }
65
66 METHOD(pts_component_t, get_evidence_flags, uint8_t,
67 pts_ita_comp_tgrub_t *this)
68 {
69 return PTS_REQ_FUNC_COMP_EVID_PCR;
70 }
71
72 METHOD(pts_component_t, get_depth, uint32_t,
73 pts_ita_comp_tgrub_t *this)
74 {
75 return this->depth;
76 }
77
78 METHOD(pts_component_t, measure, status_t,
79 pts_ita_comp_tgrub_t *this, uint8_t qualifier, pts_t *pts,
80 pts_comp_evidence_t **evidence)
81 {
82 size_t pcr_len;
83 pts_pcr_transform_t pcr_transform;
84 pts_meas_algorithms_t hash_algo;
85 pts_comp_evidence_t *evid;
86 uint32_t extended_pcr;
87 time_t measurement_time;
88 chunk_t measurement, pcr_before, pcr_after;
89
90 /* Provisional implementation for TGRUB */
91 extended_pcr = PCR_DEBUG;
92 time(&measurement_time);
93
94 if (!pts->read_pcr(pts, extended_pcr, &pcr_after, HASH_SHA1))
95 {
96 DBG1(DBG_PTS, "error occurred while reading PCR: %d", extended_pcr);
97 return FAILED;
98 }
99
100 hash_algo = PTS_MEAS_ALGO_SHA1;
101 pcr_len = HASH_SIZE_SHA1;
102 pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
103
104 measurement = chunk_alloc(pcr_len);
105 memset(measurement.ptr, 0x00, measurement.len);
106
107 pcr_before = chunk_alloc(pcr_len);
108 memset(pcr_before.ptr, 0x00, pcr_before.len);
109
110 evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
111 this->depth, extended_pcr,
112 hash_algo, pcr_transform,
113 measurement_time, measurement);
114 evid->set_pcr_info(evid, pcr_before, pcr_after);
115
116 return SUCCESS;
117 }
118
119 METHOD(pts_component_t, verify, status_t,
120 pts_ita_comp_tgrub_t *this, uint8_t qualifier, pts_t *pts,
121 pts_comp_evidence_t *evidence)
122 {
123 bool has_pcr_info;
124 uint32_t extended_pcr;
125 pts_meas_algorithms_t algo;
126 pts_pcr_transform_t transform;
127 pts_pcr_t *pcrs;
128 time_t measurement_time;
129 chunk_t pcr_before, pcr_after;
130 chunk_t measurement __attribute__((unused));
131
132 pcrs = pts->get_pcrs(pts);
133 if (!pcrs)
134 {
135 return FAILED;
136 }
137 measurement = evidence->get_measurement(evidence, &extended_pcr,
138 &algo, &transform, &measurement_time);
139 if (extended_pcr != PCR_DEBUG)
140 {
141 return FAILED;
142 }
143
144 /* TODO check measurement in database */
145
146 has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
147 if (has_pcr_info)
148 {
149 if (!chunk_equals_const(pcr_before, pcrs->get(pcrs, extended_pcr)))
150 {
151 DBG1(DBG_PTS, "PCR %2u: pcr_before is not equal to pcr value");
152 }
153 if (pcrs->set(pcrs, extended_pcr, pcr_after))
154 {
155 return SUCCESS;
156 }
157 }
158
159 return SUCCESS;
160 }
161
162 METHOD(pts_component_t, finalize, bool,
163 pts_ita_comp_tgrub_t *this, uint8_t qualifier, bio_writer_t *result)
164 {
165 return FALSE;
166 }
167
168 METHOD(pts_component_t, get_ref, pts_component_t*,
169 pts_ita_comp_tgrub_t *this)
170 {
171 ref_get(&this->ref);
172 return &this->public;
173 }
174
175 METHOD(pts_component_t, destroy, void,
176 pts_ita_comp_tgrub_t *this)
177 {
178 if (ref_put(&this->ref))
179 {
180 this->name->destroy(this->name);
181 free(this);
182 }
183 }
184
185 /**
186 * See header
187 */
188 pts_component_t *pts_ita_comp_tgrub_create(uint32_t depth,
189 pts_database_t *pts_db)
190 {
191 pts_ita_comp_tgrub_t *this;
192
193 INIT(this,
194 .public = {
195 .get_comp_func_name = _get_comp_func_name,
196 .get_evidence_flags = _get_evidence_flags,
197 .get_depth = _get_depth,
198 .measure = _measure,
199 .verify = _verify,
200 .finalize = _finalize,
201 .get_ref = _get_ref,
202 .destroy = _destroy,
203 },
204 .name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TGRUB,
205 PTS_ITA_QUALIFIER_FLAG_KERNEL |
206 PTS_ITA_QUALIFIER_TYPE_TRUSTED),
207 .depth = depth,
208 .pts_db = pts_db,
209 .ref = 1,
210 );
211
212 return &this->public;
213 }
Unnamed repository; edit this file 'description' to name the repository.