2 * Copyright (C) 2011-2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
25 #include <utils/debug.h>
29 #include <pts/pts_meas_algo.h>
31 #include "attest_db.h"
32 #include "attest_usage.h"
35 * global debug output variables
37 static int debug_level
= 1;
38 static bool stderr_quiet
= TRUE
;
43 static void attest_dbg(debug_t group
, level_t level
, char *fmt
, ...)
45 int priority
= LOG_INFO
;
47 char *current
= buffer
, *next
;
50 if (level
<= debug_level
)
55 vfprintf(stderr
, fmt
, args
);
56 fprintf(stderr
, "\n");
60 /* write in memory buffer first */
62 vsnprintf(buffer
, sizeof(buffer
), fmt
, args
);
65 /* do a syslog with every line */
68 next
= strchr(current
, '\n');
73 syslog(priority
, "%s\n", current
);
80 * global attestation database object
85 * atexit handler to close db on shutdown
87 static void cleanup(void)
89 attest
->destroy(attest
);
95 static void do_args(int argc
, char *argv
[])
110 /* reinit getopt state */
117 struct option long_opts
[] = {
118 { "help", no_argument
, NULL
, 'h' },
119 { "components", no_argument
, NULL
, 'c' },
120 { "files", no_argument
, NULL
, 'f' },
121 { "keys", no_argument
, NULL
, 'k' },
122 { "products", no_argument
, NULL
, 'p' },
123 { "hashes", no_argument
, NULL
, 'H' },
124 { "measurements", no_argument
, NULL
, 'm' },
125 { "add", no_argument
, NULL
, 'a' },
126 { "delete", no_argument
, NULL
, 'd' },
127 { "del", no_argument
, NULL
, 'd' },
128 { "aik", required_argument
, NULL
, 'A' },
129 { "component", required_argument
, NULL
, 'C' },
130 { "comp", required_argument
, NULL
, 'C' },
131 { "directory", required_argument
, NULL
, 'D' },
132 { "dir", required_argument
, NULL
, 'D' },
133 { "file", required_argument
, NULL
, 'F' },
134 { "sha1-ima", no_argument
, NULL
, 'I' },
135 { "key", required_argument
, NULL
, 'K' },
136 { "owner", required_argument
, NULL
, 'O' },
137 { "product", required_argument
, NULL
, 'P' },
138 { "relative", no_argument
, NULL
, 'R' },
139 { "rel", no_argument
, NULL
, 'R' },
140 { "sequence", required_argument
, NULL
, 'S' },
141 { "seq", required_argument
, NULL
, 'S' },
142 { "sha1", no_argument
, NULL
, '1' },
143 { "sha256", no_argument
, NULL
, '2' },
144 { "sha384", no_argument
, NULL
, '3' },
145 { "did", required_argument
, NULL
, '4' },
146 { "fid", required_argument
, NULL
, '5' },
147 { "pid", required_argument
, NULL
, '6' },
148 { "cid", required_argument
, NULL
, '7' },
149 { "kid", required_argument
, NULL
, '8' },
153 c
= getopt_long(argc
, argv
, "", long_opts
, NULL
);
177 op
= OP_MEASUREMENTS
;
187 certificate_t
*aik_cert
;
188 public_key_t
*aik_key
;
191 aik_cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
,
192 CERT_X509
, BUILD_FROM_FILE
, optarg
, BUILD_END
);
195 printf("AIK certificate '%s' could not be loaded\n", optarg
);
198 aik_key
= aik_cert
->get_public_key(aik_cert
);
199 aik_cert
->destroy(aik_cert
);
203 printf("AIK public key could not be retrieved\n");
206 if (!aik_key
->get_fingerprint(aik_key
, KEYID_PUBKEY_INFO_SHA1
,
209 printf("AIK fingerprint could not be computed\n");
210 aik_key
->destroy(aik_key
);
213 aik
= chunk_clone(aik
);
214 aik_key
->destroy(aik_key
);
216 if (!attest
->set_key(attest
, aik
, op
== OP_ADD
))
223 if (!attest
->set_component(attest
, optarg
, op
== OP_ADD
))
229 if (!attest
->set_directory(attest
, optarg
, op
== OP_ADD
))
235 if (!attest
->set_file(attest
, optarg
, op
== OP_ADD
))
241 attest
->set_algo(attest
, PTS_MEAS_ALGO_SHA1_IMA
);
247 aik
= chunk_from_hex(chunk_create(optarg
, strlen(optarg
)), NULL
);
248 if (!attest
->set_key(attest
, aik
, op
== OP_ADD
))
255 attest
->set_owner(attest
, optarg
);
258 if (!attest
->set_product(attest
, optarg
, op
== OP_ADD
))
264 attest
->set_relative(attest
);
267 attest
->set_sequence(attest
, atoi(optarg
));
270 attest
->set_algo(attest
, PTS_MEAS_ALGO_SHA1
);
273 attest
->set_algo(attest
, PTS_MEAS_ALGO_SHA256
);
276 attest
->set_algo(attest
, PTS_MEAS_ALGO_SHA384
);
279 if (!attest
->set_did(attest
, atoi(optarg
)))
285 if (!attest
->set_fid(attest
, atoi(optarg
)))
291 if (!attest
->set_pid(attest
, atoi(optarg
)))
297 if (!attest
->set_cid(attest
, atoi(optarg
)))
303 if (!attest
->set_kid(attest
, atoi(optarg
)))
318 attest
->list_products(attest
);
321 attest
->list_keys(attest
);
324 attest
->list_components(attest
);
327 attest
->list_files(attest
);
330 attest
->list_hashes(attest
);
332 case OP_MEASUREMENTS
:
333 attest
->list_measurements(attest
);
339 attest
->delete(attest
);
347 int main(int argc
, char *argv
[])
351 /* enable attest debugging hook */
353 openlog("attest", 0, LOG_DEBUG
);
355 atexit(library_deinit
);
357 /* initialize library */
358 if (!library_init(NULL
))
360 exit(SS_RC_LIBSTRONGSWAN_INTEGRITY
);
362 if (!lib
->plugins
->load(lib
->plugins
, NULL
,
363 lib
->settings
->get_str(lib
->settings
, "attest.load", PLUGINS
)))
365 exit(SS_RC_INITIALIZATION_FAILED
);
368 uri
= lib
->settings
->get_str(lib
->settings
, "attest.database", NULL
);
371 fprintf(stderr
, "database URI attest.database not set.\n");
372 exit(SS_RC_INITIALIZATION_FAILED
);
374 attest
= attest_db_create(uri
);
377 exit(SS_RC_INITIALIZATION_FAILED
);