src/libimcv/tcg/pts/tcg_pts_attr_aik.c

   1 /*
   2  * Copyright (C) 2011-2012 Sansar Choinyambuu
   3  * Copyright (C) 2011-2014 Andreas Steffen
   4  *
   5  * Copyright (C) secunet Security Networks AG
   6  *
   7  * This program is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by the
   9  * Free Software Foundation; either version 2 of the License, or (at your
  10  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  11  *
  12  * This program is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  14  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  15  * for more details.
  16  */
  17
  18 #include "tcg_pts_attr_aik.h"
  19
  20 #include <pa_tnc/pa_tnc_msg.h>
  21 #include <bio/bio_writer.h>
  22 #include <bio/bio_reader.h>
  23 #include <utils/debug.h>
  24
  25 typedef struct private_tcg_pts_attr_aik_t private_tcg_pts_attr_aik_t;
  26
  27 /**
  28  * Attestation Identity Key
  29  * see section 3.13 of PTS Protocol: Binding to TNC IF-M Specification
  30  *
  31  *                                         1                               2                               3
  32  *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  33  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  34  *  |    Flags      |   Attestation Identity Key (Variable Length)  ~
  35  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  36  *  |              Attestation Identity Key (Variable Length)               ~
  37  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  38  */
  39
  40 #define PTS_AIK_SIZE                            4
  41 #define PTS_AIK_FLAGS_NONE                      0
  42 #define PTS_AIK_FLAGS_NAKED_KEY         (1<<7)
  43 /**
  44  * Private data of an tcg_pts_attr_aik_t object.
  45  */
  46 struct private_tcg_pts_attr_aik_t {
  47
  48         /**
  49          * Public members of tcg_pts_attr_aik_t
  50          */
  51         tcg_pts_attr_aik_t public;
  52
  53         /**
  54          * Vendor-specific attribute type
  55          */
  56         pen_type_t type;
  57
  58         /**
  59          * Length of attribute value
  60          */
  61         size_t length;
  62
  63         /**
  64          * Attribute value or segment
  65          */
  66         chunk_t value;
  67
  68         /**
  69          * Noskip flag
  70          */
  71         bool noskip_flag;
  72
  73         /**
  74          * AIK Certificate or Public Key
  75          */
  76         certificate_t *aik;
  77
  78         /**
  79          * Reference count
  80          */
  81         refcount_t ref;
  82 };
  83
  84 METHOD(pa_tnc_attr_t, get_type, pen_type_t,
  85         private_tcg_pts_attr_aik_t *this)
  86 {
  87         return this->type;
  88 }
  89
  90 METHOD(pa_tnc_attr_t, get_value, chunk_t,
  91         private_tcg_pts_attr_aik_t *this)
  92 {
  93         return this->value;
  94 }
  95
  96 METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
  97         private_tcg_pts_attr_aik_t *this)
  98 {
  99         return this->noskip_flag;
 100 }
 101
 102 METHOD(pa_tnc_attr_t, set_noskip_flag,void,
 103         private_tcg_pts_attr_aik_t *this, bool noskip)
 104 {
 105         this->noskip_flag = noskip;
 106 }
 107
 108 METHOD(pa_tnc_attr_t, build, void,
 109         private_tcg_pts_attr_aik_t *this)
 110 {
 111         bio_writer_t *writer;
 112         uint8_t flags = PTS_AIK_FLAGS_NONE;
 113         cred_encoding_type_t encoding_type = CERT_ASN1_DER;
 114         chunk_t aik_blob;
 115
 116         if (this->value.ptr)
 117         {
 118                 return;
 119         }
 120         if (this->aik->get_type(this->aik) == CERT_TRUSTED_PUBKEY)
 121         {
 122                 flags |= PTS_AIK_FLAGS_NAKED_KEY;
 123                 encoding_type = PUBKEY_SPKI_ASN1_DER;
 124         }
 125         if (!this->aik->get_encoding(this->aik, encoding_type, &aik_blob))
 126         {
 127                 DBG1(DBG_TNC, "encoding of Attestation Identity Key failed");
 128                 aik_blob = chunk_empty;
 129         }
 130         writer = bio_writer_create(PTS_AIK_SIZE);
 131         writer->write_uint8(writer, flags);
 132         writer->write_data (writer, aik_blob);
 133         this->value = writer->extract_buf(writer);
 134         this->length = this->value.len;
 135         writer->destroy(writer);
 136         free(aik_blob.ptr);
 137 }
 138
 139 METHOD(pa_tnc_attr_t, process, status_t,
 140         private_tcg_pts_attr_aik_t *this, uint32_t *offset)
 141 {
 142         bio_reader_t *reader;
 143         uint8_t flags;
 144         certificate_type_t type;
 145         chunk_t aik_blob;
 146
 147         *offset = 0;
 148
 149         if (this->value.len < this->length)
 150         {
 151                 return NEED_MORE;
 152         }
 153         if (this->value.len < PTS_AIK_SIZE)
 154         {
 155                 DBG1(DBG_TNC, "insufficient data for Attestation Identity Key");
 156                 return FAILED;
 157         }
 158         reader = bio_reader_create(this->value);
 159         reader->read_uint8(reader, &flags);
 160         reader->read_data (reader, reader->remaining(reader), &aik_blob);
 161
 162         type = (flags & PTS_AIK_FLAGS_NAKED_KEY) ? CERT_TRUSTED_PUBKEY : CERT_X509;
 163
 164         this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
 165                                                                    BUILD_BLOB_PEM, aik_blob, BUILD_END);
 166         reader->destroy(reader);
 167
 168         if (!this->aik)
 169         {
 170                 DBG1(DBG_TNC, "parsing of Attestation Identity Key failed");
 171                 *offset = 0;
 172                 return FAILED;
 173         }
 174         return SUCCESS;
 175 }
 176
 177 METHOD(pa_tnc_attr_t, add_segment, void,
 178         private_tcg_pts_attr_aik_t *this, chunk_t segment)
 179 {
 180         this->value = chunk_cat("mc", this->value, segment);
 181 }
 182
 183 METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
 184         private_tcg_pts_attr_aik_t *this)
 185 {
 186         ref_get(&this->ref);
 187         return &this->public.pa_tnc_attribute;
 188 }
 189
 190 METHOD(pa_tnc_attr_t, destroy, void,
 191         private_tcg_pts_attr_aik_t *this)
 192 {
 193         if (ref_put(&this->ref))
 194         {
 195                 DESTROY_IF(this->aik);
 196                 free(this->value.ptr);
 197                 free(this);
 198         }
 199 }
 200
 201 METHOD(tcg_pts_attr_aik_t, get_aik, certificate_t*,
 202         private_tcg_pts_attr_aik_t *this)
 203 {
 204         return this->aik;
 205 }
 206
 207 /**
 208  * Described in header.
 209  */
 210 pa_tnc_attr_t *tcg_pts_attr_aik_create(certificate_t *aik)
 211 {
 212         private_tcg_pts_attr_aik_t *this;
 213
 214         INIT(this,
 215                 .public = {
 216                         .pa_tnc_attribute = {
 217                                 .get_type = _get_type,
 218                                 .get_value = _get_value,
 219                                 .get_noskip_flag = _get_noskip_flag,
 220                                 .set_noskip_flag = _set_noskip_flag,
 221                                 .build = _build,
 222                                 .process = _process,
 223                                 .add_segment = _add_segment,
 224                                 .get_ref = _get_ref,
 225                                 .destroy = _destroy,
 226                         },
 227                         .get_aik = _get_aik,
 228                 },
 229                 .type = { PEN_TCG, TCG_PTS_AIK },
 230                 .aik = aik->get_ref(aik),
 231                 .ref = 1,
 232         );
 233
 234         return &this->public.pa_tnc_attribute;
 235 }
 236
 237
 238 /**
 239  * Described in header.
 240  */
 241 pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(size_t length, chunk_t data)
 242 {
 243         private_tcg_pts_attr_aik_t *this;
 244
 245         INIT(this,
 246                 .public = {
 247                         .pa_tnc_attribute = {
 248                                 .get_type = _get_type,
 249                                 .get_value = _get_value,
 250                                 .get_noskip_flag = _get_noskip_flag,
 251                                 .set_noskip_flag = _set_noskip_flag,
 252                                 .build = _build,
 253                                 .process = _process,
 254                                 .add_segment = _add_segment,
 255                                 .get_ref = _get_ref,
 256                                 .destroy = _destroy,
 257                         },
 258                         .get_aik = _get_aik,
 259                 },
 260                 .type = { PEN_TCG, TCG_PTS_AIK },
 261                 .length = length,
 262                 .value = chunk_clone(data),
 263                 .ref = 1,
 264         );
 265
 266         return &this->public.pa_tnc_attribute;
 267 }