]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libpts/plugins/imv_attestation/attest.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Moved debug.[ch] to utils folder
[thirdparty/strongswan.git] / src / libpts / plugins / imv_attestation / attest.c
1 /*
2 * Copyright (C) 2011-2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <getopt.h>
18 #include <unistd.h>
19 #include <stdio.h>
20 #include <string.h>
21 #include <errno.h>
22 #include <syslog.h>
23
24 #include <library.h>
25 #include <utils/debug.h>
26
27 #include <imcv.h>
28 #include <libpts.h>
29 #include <pts/pts_meas_algo.h>
30
31 #include "attest_db.h"
32 #include "attest_usage.h"
33
34 /**
35 * global debug output variables
36 */
37 static int debug_level = 1;
38 static bool stderr_quiet = TRUE;
39
40 /**
41 * attest dbg function
42 */
43 static void attest_dbg(debug_t group, level_t level, char *fmt, ...)
44 {
45 int priority = LOG_INFO;
46 char buffer[8192];
47 char *current = buffer, *next;
48 va_list args;
49
50 if (level <= debug_level)
51 {
52 if (!stderr_quiet)
53 {
54 va_start(args, fmt);
55 vfprintf(stderr, fmt, args);
56 fprintf(stderr, "\n");
57 va_end(args);
58 }
59
60 /* write in memory buffer first */
61 va_start(args, fmt);
62 vsnprintf(buffer, sizeof(buffer), fmt, args);
63 va_end(args);
64
65 /* do a syslog with every line */
66 while (current)
67 {
68 next = strchr(current, '\n');
69 if (next)
70 {
71 *(next++) = '\0';
72 }
73 syslog(priority, "%s\n", current);
74 current = next;
75 }
76 }
77 }
78
79 /**
80 * global attestation database object
81 */
82 attest_db_t *attest;
83
84 /**
85 * atexit handler to close db on shutdown
86 */
87 static void cleanup(void)
88 {
89 attest->destroy(attest);
90 libpts_deinit();
91 libimcv_deinit();
92 closelog();
93 }
94
95 static void do_args(int argc, char *argv[])
96 {
97 enum {
98 OP_UNDEF,
99 OP_USAGE,
100 OP_KEYS,
101 OP_COMPONENTS,
102 OP_FILES,
103 OP_HASHES,
104 OP_MEASUREMENTS,
105 OP_PRODUCTS,
106 OP_ADD,
107 OP_DEL,
108 } op = OP_UNDEF;
109
110 /* reinit getopt state */
111 optind = 0;
112
113 while (TRUE)
114 {
115 int c;
116
117 struct option long_opts[] = {
118 { "help", no_argument, NULL, 'h' },
119 { "components", no_argument, NULL, 'c' },
120 { "files", no_argument, NULL, 'f' },
121 { "keys", no_argument, NULL, 'k' },
122 { "products", no_argument, NULL, 'p' },
123 { "hashes", no_argument, NULL, 'H' },
124 { "measurements", no_argument, NULL, 'm' },
125 { "add", no_argument, NULL, 'a' },
126 { "delete", no_argument, NULL, 'd' },
127 { "del", no_argument, NULL, 'd' },
128 { "aik", required_argument, NULL, 'A' },
129 { "component", required_argument, NULL, 'C' },
130 { "comp", required_argument, NULL, 'C' },
131 { "directory", required_argument, NULL, 'D' },
132 { "dir", required_argument, NULL, 'D' },
133 { "file", required_argument, NULL, 'F' },
134 { "sha1-ima", no_argument, NULL, 'I' },
135 { "key", required_argument, NULL, 'K' },
136 { "owner", required_argument, NULL, 'O' },
137 { "product", required_argument, NULL, 'P' },
138 { "relative", no_argument, NULL, 'R' },
139 { "rel", no_argument, NULL, 'R' },
140 { "sequence", required_argument, NULL, 'S' },
141 { "seq", required_argument, NULL, 'S' },
142 { "sha1", no_argument, NULL, '1' },
143 { "sha256", no_argument, NULL, '2' },
144 { "sha384", no_argument, NULL, '3' },
145 { "did", required_argument, NULL, '4' },
146 { "fid", required_argument, NULL, '5' },
147 { "pid", required_argument, NULL, '6' },
148 { "cid", required_argument, NULL, '7' },
149 { "kid", required_argument, NULL, '8' },
150 { 0,0,0,0 }
151 };
152
153 c = getopt_long(argc, argv, "", long_opts, NULL);
154 switch (c)
155 {
156 case EOF:
157 break;
158 case 'h':
159 op = OP_USAGE;
160 break;
161 case 'c':
162 op = OP_COMPONENTS;
163 continue;
164 case 'f':
165 op = OP_FILES;
166 continue;
167 case 'k':
168 op = OP_KEYS;
169 continue;
170 case 'p':
171 op = OP_PRODUCTS;
172 continue;
173 case 'H':
174 op = OP_HASHES;
175 continue;
176 case 'm':
177 op = OP_MEASUREMENTS;
178 continue;
179 case 'a':
180 op = OP_ADD;
181 continue;
182 case 'd':
183 op = OP_DEL;
184 continue;
185 case 'A':
186 {
187 certificate_t *aik_cert;
188 public_key_t *aik_key;
189 chunk_t aik;
190
191 aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
192 CERT_X509, BUILD_FROM_FILE, optarg, BUILD_END);
193 if (!aik_cert)
194 {
195 printf("AIK certificate '%s' could not be loaded\n", optarg);
196 exit(EXIT_FAILURE);
197 }
198 aik_key = aik_cert->get_public_key(aik_cert);
199 aik_cert->destroy(aik_cert);
200
201 if (!aik_key)
202 {
203 printf("AIK public key could not be retrieved\n");
204 exit(EXIT_FAILURE);
205 }
206 if (!aik_key->get_fingerprint(aik_key, KEYID_PUBKEY_INFO_SHA1,
207 &aik))
208 {
209 printf("AIK fingerprint could not be computed\n");
210 aik_key->destroy(aik_key);
211 exit(EXIT_FAILURE);
212 }
213 aik = chunk_clone(aik);
214 aik_key->destroy(aik_key);
215
216 if (!attest->set_key(attest, aik, op == OP_ADD))
217 {
218 exit(EXIT_FAILURE);
219 }
220 continue;
221 }
222 case 'C':
223 if (!attest->set_component(attest, optarg, op == OP_ADD))
224 {
225 exit(EXIT_FAILURE);
226 }
227 continue;
228 case 'D':
229 if (!attest->set_directory(attest, optarg, op == OP_ADD))
230 {
231 exit(EXIT_FAILURE);
232 }
233 continue;
234 case 'F':
235 if (!attest->set_file(attest, optarg, op == OP_ADD))
236 {
237 exit(EXIT_FAILURE);
238 }
239 continue;
240 case 'I':
241 attest->set_algo(attest, PTS_MEAS_ALGO_SHA1_IMA);
242 continue;
243 case 'K':
244 {
245 chunk_t aik;
246
247 aik = chunk_from_hex(chunk_create(optarg, strlen(optarg)), NULL);
248 if (!attest->set_key(attest, aik, op == OP_ADD))
249 {
250 exit(EXIT_FAILURE);
251 }
252 continue;
253 }
254 case 'O':
255 attest->set_owner(attest, optarg);
256 continue;
257 case 'P':
258 if (!attest->set_product(attest, optarg, op == OP_ADD))
259 {
260 exit(EXIT_FAILURE);
261 }
262 continue;
263 case 'R':
264 attest->set_relative(attest);
265 continue;
266 case 'S':
267 attest->set_sequence(attest, atoi(optarg));
268 continue;
269 case '1':
270 attest->set_algo(attest, PTS_MEAS_ALGO_SHA1);
271 continue;
272 case '2':
273 attest->set_algo(attest, PTS_MEAS_ALGO_SHA256);
274 continue;
275 case '3':
276 attest->set_algo(attest, PTS_MEAS_ALGO_SHA384);
277 continue;
278 case '4':
279 if (!attest->set_did(attest, atoi(optarg)))
280 {
281 exit(EXIT_FAILURE);
282 }
283 continue;
284 case '5':
285 if (!attest->set_fid(attest, atoi(optarg)))
286 {
287 exit(EXIT_FAILURE);
288 }
289 continue;
290 case '6':
291 if (!attest->set_pid(attest, atoi(optarg)))
292 {
293 exit(EXIT_FAILURE);
294 }
295 continue;
296 case '7':
297 if (!attest->set_cid(attest, atoi(optarg)))
298 {
299 exit(EXIT_FAILURE);
300 }
301 continue;
302 case '8':
303 if (!attest->set_kid(attest, atoi(optarg)))
304 {
305 exit(EXIT_FAILURE);
306 }
307 continue;
308 }
309 break;
310 }
311
312 switch (op)
313 {
314 case OP_USAGE:
315 usage();
316 break;
317 case OP_PRODUCTS:
318 attest->list_products(attest);
319 break;
320 case OP_KEYS:
321 attest->list_keys(attest);
322 break;
323 case OP_COMPONENTS:
324 attest->list_components(attest);
325 break;
326 case OP_FILES:
327 attest->list_files(attest);
328 break;
329 case OP_HASHES:
330 attest->list_hashes(attest);
331 break;
332 case OP_MEASUREMENTS:
333 attest->list_measurements(attest);
334 break;
335 case OP_ADD:
336 attest->add(attest);
337 break;
338 case OP_DEL:
339 attest->delete(attest);
340 break;
341 default:
342 usage();
343 exit(EXIT_FAILURE);
344 }
345 }
346
347 int main(int argc, char *argv[])
348 {
349 char *uri;
350
351 /* enable attest debugging hook */
352 dbg = attest_dbg;
353 openlog("attest", 0, LOG_DEBUG);
354
355 atexit(library_deinit);
356
357 /* initialize library */
358 if (!library_init(NULL))
359 {
360 exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
361 }
362 if (!lib->plugins->load(lib->plugins, NULL,
363 lib->settings->get_str(lib->settings, "attest.load", PLUGINS)))
364 {
365 exit(SS_RC_INITIALIZATION_FAILED);
366 }
367
368 uri = lib->settings->get_str(lib->settings, "attest.database", NULL);
369 if (!uri)
370 {
371 fprintf(stderr, "database URI attest.database not set.\n");
372 exit(SS_RC_INITIALIZATION_FAILED);
373 }
374 attest = attest_db_create(uri);
375 if (!attest)
376 {
377 exit(SS_RC_INITIALIZATION_FAILED);
378 }
379 atexit(cleanup);
380 libimcv_init();
381 libpts_init();
382
383 do_args(argc, argv);
384
385 exit(EXIT_SUCCESS);
386 }
387
Unnamed repository; edit this file 'description' to name the repository.