charon.plugins.imc-swid.swid_directory = ${prefix}/share
Directory where SWID tags are located.
+
+charon.plugins.imc-swid.swid_generator = /usr/local/bin/swid_generator
+ SWID generator command to be executed.
+
+charon.plugins.imc-swid.pretty = FALSE
+ Generate XML-encoded SWID tags with pretty indentation.
+
+charon.plugins.imc-swid.full = FALSE
+ Include file information in the XML-encoded SWID tags.
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
-#define INSTALLED_PACKAGES_MIN_SIZE 4
-
/**
* Private data of an ietf_attr_installed_packages_t object.
*/
{
return;
}
- writer = bio_writer_create(INSTALLED_PACKAGES_MIN_SIZE);
+ writer = bio_writer_create(IETF_INSTALLED_PACKAGES_MIN_SIZE);
writer->write_uint16(writer, 0x0000);
writer->write_uint16(writer, this->packages->get_count(this->packages));
*offset = 0;
- if (this->value.len < INSTALLED_PACKAGES_MIN_SIZE)
+ if (this->value.len < IETF_INSTALLED_PACKAGES_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF installed packages");
return FAILED;
reader = bio_reader_create(this->value);
reader->read_uint16(reader, &reserved);
reader->read_uint16(reader, &count);
- *offset = INSTALLED_PACKAGES_MIN_SIZE;
+ *offset = IETF_INSTALLED_PACKAGES_MIN_SIZE;
while (reader->remaining(reader))
{
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include "ietf_attr.h"
#include "pa_tnc/pa_tnc_attr.h"
+#define IETF_INSTALLED_PACKAGES_MIN_SIZE 4
/**
* Class implementing the IETF PA-TNC Installed Packages attribute.
'Ubuntu 14.04 x86_64'
);
+INSERT INTO products ( /* 37 */
+ name
+) VALUES (
+ 'Debian 7.3 i686'
+);
+
+INSERT INTO products ( /* 38 */
+ name
+) VALUES (
+ 'Debian 7.3 x86_64'
+);
+
+INSERT INTO products ( /* 39 */
+ name
+) VALUES (
+ 'Debian 7.4 i686'
+);
+
+INSERT INTO products ( /* 40 */
+ name
+) VALUES (
+ 'Debian 7.4 x86_64'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
4, 27
);
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 4, 37
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 4, 39
+);
+
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
5, 28
);
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 5, 38
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 5, 40
+);
+
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include <library.h>
#include <pen/pen.h>
+#define PA_TNC_ATTR_HEADER_SIZE 12
+
/**
* Interface for an RFC 5792 PA-TNC Posture Attribute.
*
* @param relative error offset within attribute body
* @return result status
*/
- status_t (*process)(pa_tnc_attr_t *this, u_int32_t *offset);
+ status_t (*process)(pa_tnc_attr_t *this, uint32_t *offset);
/**
* Get a new reference to the PA-TNC attribute
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include <pen/pen.h>
#include <utils/debug.h>
-
typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
/**
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
-#define PA_TNC_HEADER_SIZE 8
#define PA_TNC_RESERVED 0x000000
/**
#define PA_TNC_ATTR_FLAG_NONE 0x00
#define PA_TNC_ATTR_FLAG_NOSKIP (1<<7)
-#define PA_TNC_ATTR_HEADER_SIZE 12
#define PA_TNC_ATTR_INFO_SIZE 8
/**
/**
* Message identifier
*/
- u_int32_t identifier;
+ uint32_t identifier;
/**
* Current PA-TNC Message size
pa_tnc_attr_t *attr;
enum_name_t *pa_attr_names;
pen_type_t type;
- u_int8_t flags;
+ uint8_t flags;
chunk_t value;
nonce_gen_t *ng;
/* generate a nonce as a message identifier */
ng = lib->crypto->create_nonce_gen(lib->crypto);
- if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&this->identifier))
+ if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&this->identifier))
{
DBG1(DBG_TNC, "failed to generate random PA-TNC message identifier");
DESTROY_IF(ng);
{
bio_reader_t *reader;
pa_tnc_attr_t *error;
- u_int8_t version;
- u_int32_t reserved, offset, attr_offset;
+ uint8_t version;
+ uint32_t reserved, offset, attr_offset;
pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
/* process message header */
while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
{
pen_t vendor_id;
- u_int8_t flags;
- u_int32_t type, length;
+ uint8_t flags;
+ uint32_t type, length;
chunk_t value, attr_info;
pa_tnc_attr_t *attr;
enum_name_t *pa_attr_names;
ietf_attr_pa_tnc_error_t *error_attr;
pen_type_t error_code;
chunk_t msg_info, attr_info;
- u_int32_t offset;
+ uint32_t offset;
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
error_code = error_attr->get_error_code(error_attr);
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
typedef struct pa_tnc_msg_t pa_tnc_msg_t;
#define PA_TNC_VERSION 0x01
+#define PA_TNC_HEADER_SIZE 8
#include "pa_tnc_attr.h"
* Compute the maximum IETF Installed Packages attribute size
* leaving space for an additional ITA Angel attribute
*/
- max_attr_size = state->get_max_msg_len(state) - 8 - 12;
+ max_attr_size = state->get_max_msg_len(state) -
+ PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
/* At least one IETF Installed Packages attribute is sent */
attr = ietf_attr_installed_packages_create();
- attr_size = 12 + 4;
+ attr_size = PA_TNC_ATTR_HEADER_SIZE + IETF_INSTALLED_PACKAGES_MIN_SIZE;
enumerator = os->create_package_enumerator(os);
if (enumerator)
/* create the next IETF Installed Packages attribute */
attr = ietf_attr_installed_packages_create();
- attr_size = 12 + 4;
+ attr_size = PA_TNC_ATTR_HEADER_SIZE +
+ IETF_INSTALLED_PACKAGES_MIN_SIZE;
}
attr_cast = (ietf_attr_installed_packages_t*)attr;
attr_cast->add(attr_cast, name, version);
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include <imc/imc_agent.h>
#include <imc/imc_msg.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_angel.h>
#include <tncif_pa_subtypes.h>
#include <pen/pen.h>
#include <utils/debug.h>
+#define SWID_GENERATOR "/usr/local/bin/swid_generator"
/* IMC definitions */
return TNC_RESULT_SUCCESS;
}
-static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
+/**
+ * Add one or multiple SWID Inventory attributes to the send queue
+ */
+static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
+ uint32_t request_id, bool full_tags,
+ swid_inventory_t *targets)
{
- imc_msg_t *out_msg;
+ pa_tnc_attr_t *attr, *attr_angel;
imc_swid_state_t *swid_state;
+ swid_inventory_t *swid_inventory;
+ char *swid_directory, *swid_generator;
+ uint32_t eid_epoch;
+ size_t max_attr_size, attr_size, entry_size;
+ bool first = TRUE, swid_pretty, swid_full;
enumerator_t *enumerator;
+
+ swid_directory = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-swid.swid_directory",
+ SWID_DIRECTORY, lib->ns);
+ swid_generator = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-swid.swid_generator",
+ SWID_GENERATOR, lib->ns);
+ swid_pretty = lib->settings->get_bool(lib->settings,
+ "%s.plugins.imc-swid.swid_pretty",
+ FALSE, lib->ns);
+ swid_full = lib->settings->get_bool(lib->settings,
+ "%s.plugins.imc-swid.swid_full",
+ FALSE, lib->ns);
+
+ swid_inventory = swid_inventory_create(full_tags);
+ if (!swid_inventory->collect(swid_inventory, swid_directory, swid_generator,
+ targets, swid_pretty, swid_full))
+ {
+ swid_inventory->destroy(swid_inventory);
+ attr = swid_error_create(TCG_SWID_ERROR, request_id,
+ 0, "error in SWID tag collection");
+ msg->add_attribute(msg, attr);
+ return FALSE;
+ }
+ DBG1(DBG_IMC, "collected %d SWID tag%s%s",
+ swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
+ swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
+
+ swid_state = (imc_swid_state_t*)state;
+ eid_epoch = swid_state->get_eid_epoch(swid_state);
+
+ /**
+ * Compute the maximum TCG Tag [ID] Inventory attribute size
+ * leaving space for an additional ITA Angel attribute
+ */
+ max_attr_size = state->get_max_msg_len(state) -
+ PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
+
+ if (full_tags)
+ {
+ tcg_swid_attr_tag_inv_t *swid_attr;
+ swid_tag_t *tag;
+ chunk_t encoding, tag_file_path;
+
+ /* At least one TCG Tag Inventory attribute is sent */
+ attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE;
+ attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
+
+ enumerator = swid_inventory->create_enumerator(swid_inventory);
+ while (enumerator->enumerate(enumerator, &tag))
+ {
+ tag_file_path = tag->get_tag_file_path(tag);
+ encoding = tag->get_encoding(tag);
+ entry_size = 2 + tag_file_path.len + 4 + encoding.len;
+
+ if (attr_size + entry_size > max_attr_size)
+ {
+ if (first)
+ {
+ /**
+ * Send an ITA Start Angel attribute to the IMV signalling
+ * that multiple TGC SWID Tag Inventory attributes follow
+ */
+ attr_angel = ita_attr_angel_create(TRUE);
+ msg->add_attribute(msg, attr_angel);
+ first = FALSE;
+ }
+ msg->add_attribute(msg, attr);
+
+ /* create the next TCG SWID Tag Inventory attribute */
+ attr_size = PA_TNC_ATTR_HEADER_SIZE +
+ TCG_SWID_TAG_INV_MIN_SIZE;
+ attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
+ }
+ swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
+ swid_attr->add(swid_attr, tag->get_ref(tag));
+ attr_size += entry_size;
+ }
+ enumerator->destroy(enumerator);
+ }
+ else
+ {
+ tcg_swid_attr_tag_id_inv_t *swid_id_attr;
+ swid_tag_id_t *tag_id;
+ chunk_t tag_creator, unique_sw_id, tag_file_path;
+
+ /* At least one TCG Tag ID Inventory attribute is sent */
+ attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_ID_INV_MIN_SIZE;
+ attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
+ swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
+
+ enumerator = swid_inventory->create_enumerator(swid_inventory);
+ while (enumerator->enumerate(enumerator, &tag_id))
+ {
+ tag_creator = tag_id->get_tag_creator(tag_id);
+ unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
+ entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len +
+ 2 + tag_file_path.len;
+
+ if (attr_size + entry_size > max_attr_size)
+ {
+ if (first)
+ {
+ /**
+ * Send an ITA Start Angel attribute to the IMV signalling
+ * that multiple TGC SWID Tag ID Inventory attributes follow
+ */
+ attr_angel = ita_attr_angel_create(TRUE);
+ msg->add_attribute(msg, attr_angel);
+ first = FALSE;
+ }
+ msg->add_attribute(msg, attr);
+
+ /* create the next TCG SWID Tag ID Inventory attribute */
+ attr_size = PA_TNC_ATTR_HEADER_SIZE +
+ TCG_SWID_TAG_ID_INV_MIN_SIZE;
+ attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
+ }
+ swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
+ swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id));
+ attr_size += entry_size;
+ }
+ enumerator->destroy(enumerator);
+ }
+ msg->add_attribute(msg, attr);
+ swid_inventory->destroy(swid_inventory);
+
+ return TRUE;
+}
+
+static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
+{
+ imc_msg_t *out_msg;
pa_tnc_attr_t *attr;
+ enumerator_t *enumerator;
pen_type_t type;
TNC_Result result;
bool fatal_error = FALSE;
return result;
}
out_msg = imc_msg_create_as_reply(in_msg);
- swid_state = (imc_swid_state_t*)state;
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
while (enumerator->enumerate(enumerator, &attr))
{
tcg_swid_attr_req_t *attr_req;
- u_int8_t flags;
- u_int32_t request_id, eid_epoch;
- swid_inventory_t *swid_inventory, *targets;
- char *swid_directory;
+ uint8_t flags;
+ uint32_t request_id;
bool full_tags;
+ swid_inventory_t *targets;
type = attr->get_type(attr);
flags = attr_req->get_flags(attr_req);
request_id = attr_req->get_request_id(attr_req);
targets = attr_req->get_targets(attr_req);
- eid_epoch = swid_state->get_eid_epoch(swid_state);
if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
{
}
full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
- swid_directory = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-swid.swid_directory",
- SWID_DIRECTORY, lib->ns);
- swid_inventory = swid_inventory_create(full_tags);
- if (!swid_inventory->collect(swid_inventory, swid_directory, targets))
+ if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets))
{
- swid_inventory->destroy(swid_inventory);
- attr = swid_error_create(TCG_SWID_ERROR, request_id,
- 0, "error in SWID tag collection");
- out_msg->add_attribute(out_msg, attr);
break;
}
- DBG1(DBG_IMC, "collected %d SWID tag%s%s",
- swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
- swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
-
- if (full_tags)
- {
- attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1,
- swid_inventory);
- }
- else
- {
- attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1,
- swid_inventory);
- }
- out_msg->add_attribute(out_msg, attr);
}
enumerator->destroy(enumerator);
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include <ietf/ietf_attr_pa_tnc_error.h>
#include <imv/imv_agent.h>
#include <imv/imv_msg.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_angel.h>
#include <tncif_names.h>
#include <tncif_pa_subtypes.h>
static TNC_Result receive_msg(private_imv_swid_agent_t *this,
imv_state_t *state, imv_msg_t *in_msg)
{
+ imv_swid_state_t *swid_state;
imv_msg_t *out_msg;
imv_session_t *session;
enumerator_t *enumerator;
return result;
}
+ swid_state = (imv_swid_state_t*)state;
session = state->get_session(state);
/* analyze PA-TNC attributes */
TNC_IMV_Evaluation_Result eval;
TNC_IMV_Action_Recommendation rec;
pen_type_t type;
- u_int32_t request_id, last_eid, eid_epoch;
+ uint32_t request_id, last_eid, eid_epoch;
swid_inventory_t *inventory;
int tag_count;
char result_str[BUF_LEN], *tag_item;
pen_type_t error_code;
chunk_t msg_info, description;
bio_reader_t *reader;
- u_int32_t request_id = 0, max_attr_size;
+ uint32_t request_id = 0, max_attr_size;
bool success;
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
reader->destroy(reader);
}
}
+ else if (type.vendor_id == PEN_ITA)
+ {
+ switch (type.type)
+ {
+ case ITA_ATTR_START_ANGEL:
+ swid_state->set_angel_count(swid_state, TRUE);
+ break;
+ case ITA_ATTR_STOP_ANGEL:
+ swid_state->set_angel_count(swid_state, FALSE);
+ break;
+ default:
+ break;
+ }
+ }
else if (type.vendor_id != PEN_TCG)
{
continue;
{
tag_creator = tag_id->get_tag_creator(tag_id);
unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- DBG3(DBG_IMV, " %.*s_%.*s.swidtag",
+ DBG3(DBG_IMV, " %.*s_%.*s",
tag_creator.len, tag_creator.ptr,
unique_sw_id.len, unique_sw_id.ptr);
}
default:
continue;
}
+ tag_count = inventory->get_count(inventory);
+ swid_state->set_count(swid_state, tag_count);
ew = session->create_workitem_enumerator(session);
while (ew->enumerate(ew, &workitem))
continue;
}
- eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
- tag_count = inventory->get_count(inventory);
- snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
- tag_count, tag_item, (tag_count == 1) ? "" : "s");
- session->remove_workitem(session, ew);
- ew->destroy(ew);
- rec = found->set_result(found, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, found);
- found->destroy(found);
+ if (!swid_state->get_angel_count(swid_state))
+ {
+ swid_state->get_count(swid_state, &tag_count);
+ snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
+ tag_count, tag_item, (tag_count == 1) ? "" : "s");
+ session->remove_workitem(session, ew);
+ ew->destroy(ew);
+
+ eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ rec = found->set_result(found, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, found);
+ found->destroy(found);
+ }
}
enumerator->destroy(enumerator);
TNC_IMVID imv_id;
TNC_Result result = TNC_RESULT_SUCCESS;
bool no_workitems = TRUE;
- u_int32_t request_id;
- u_int8_t flags;
+ uint32_t request_id;
+ uint8_t flags;
enumerator_t *enumerator;
if (!this->agent->get_state(this->agent, id, &state))
*/
imv_remediation_string_t *remediation_string;
+ /**
+ * Number of processed SWID Tags or SWID Tag IDs
+ */
+ int count;
+
+ /**
+ * Angel count
+ */
+ int angel_count;
+
};
METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
return this->handshake_state;
}
+METHOD(imv_swid_state_t, set_count, void,
+ private_imv_swid_state_t *this, int count)
+{
+ this->count += count;
+}
+
+METHOD(imv_swid_state_t, get_count, void,
+ private_imv_swid_state_t *this, int *count)
+{
+ if (count)
+ {
+ *count = this->count;
+ }
+}
+
+METHOD(imv_swid_state_t, set_angel_count, void,
+ private_imv_swid_state_t *this, bool start)
+{
+ this->angel_count += start ? 1 : -1;
+}
+
+METHOD(imv_swid_state_t, get_angel_count, int,
+ private_imv_swid_state_t *this)
+{
+ return this->angel_count;
+}
+
/**
* Described in header.
*/
},
.set_handshake_state = _set_handshake_state,
.get_handshake_state = _get_handshake_state,
+ .set_count = _set_count,
+ .get_count = _get_count,
+ .set_angel_count = _set_angel_count,
+ .get_angel_count = _get_angel_count,
},
.state = TNC_CONNECTION_STATE_CREATE,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
*/
imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this);
+ /**
+ * Increase/Decrease the ITA Angel count
+ *
+ * @param start TRUE increases and FALSE decreases count by one
+ */
+ void (*set_angel_count)(imv_swid_state_t *this, bool start);
+
+ /**
+ * Set [or with multiple attributes increment] SWID Tag [ID] counters
+ *
+ * @param count Number of received SWID Tags or SWID Tag IDs
+ */
+ void (*set_count)(imv_swid_state_t *this, int count);
+
+ /**
+ * Set [or with multiple attributes increment] SWID Tag [ID] counters
+ *
+ * @param count Number of received SWID Tags or SWID Tag IDs
+ */
+ void (*get_count)(imv_swid_state_t *this, int *count);
+
+ /**
+ * Get the ITA Angel count
+ *
+ * @return ITA Angel count
+ */
+ int (*get_angel_count)(imv_swid_state_t *this);
+
};
/**
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include "swid_tag_id.h"
#include <collections/linked_list.h>
+#include <bio/bio_writer.h>
#include <utils/debug.h>
#include <stdio.h>
linked_list_t *list;
};
+static status_t generate_tags(private_swid_inventory_t *this, char *generator,
+ swid_inventory_t *targets, bool pretty, bool full)
+{
+ FILE *file;
+ char command[512], line[2048];
+ chunk_t tag_creator, unique_sw_id, tag_file_path = chunk_empty;
+ swid_tag_id_t *tag_id;
+ swid_tag_t *tag;
+ status_t status = SUCCESS;
+
+ /* Assemble the SWID generator command */
+ snprintf(command, sizeof(command), "%s %s%s%s\n", generator,
+ (this->full_tags) ? "swid" : "software-id",
+ (this->full_tags && pretty) ? " --pretty" : "",
+ (this->full_tags && full) ? " --full" : "");
+
+ /* Open a pipe stream for reading the output of the dpkg-query commmand */
+ file = popen(command, "r");
+ if (!file)
+ {
+ DBG1(DBG_IMC, "failed to run swid_generator command");
+ return NOT_SUPPORTED;
+ }
+ if (this->full_tags)
+ {
+ bio_writer_t *writer;
+ chunk_t tag_encoding;
+ bool more_tags = TRUE, end_of_tag;
+
+ DBG2(DBG_IMC, "SWID tags generated by package manager:");
+ while (more_tags)
+ {
+ end_of_tag = FALSE;
+ writer = bio_writer_create(512);
+ do
+ {
+ if (fgets(line, sizeof(line), file) <= 0)
+ {
+ more_tags = FALSE;
+ end_of_tag = TRUE;
+ break;
+ }
+ if (line[0] == '\n')
+ {
+ end_of_tag = TRUE;
+ break;
+ }
+ else
+ {
+ writer->write_data(writer, chunk_from_str(line));
+ }
+ }
+ while (!end_of_tag);
+
+ tag_encoding = writer->get_buf(writer);
+
+ /* remove trailing newline if present */
+ if (tag_encoding.len > 0 &&
+ tag_encoding.ptr[tag_encoding.len - 1] == '\n')
+ {
+ tag_encoding.len--;
+ }
+ DBG2(DBG_IMC, " %.*s", tag_encoding.len, tag_encoding.ptr);
+
+ tag = swid_tag_create(tag_encoding, tag_file_path);
+ this->list->insert_last(this->list, tag);
+ writer->destroy(writer);
+ }
+ }
+ else
+ {
+ DBG2(DBG_IMC, "SWID tag IDs generated by package manager:");
+ while (TRUE)
+ {
+ char *separator;
+ size_t len;
+
+ if (fgets(line, sizeof(line), file) <= 0)
+ {
+ goto end;
+ }
+ len = strlen(line);
+
+ /* remove trailing newline if present */
+ if (len > 0 && line[len - 1] == '\n')
+ {
+ len--;
+ }
+ DBG2(DBG_IMC, " %.*s", len, line);
+
+ separator = strchr(line, '_');
+ if (!separator)
+ {
+ DBG1(DBG_IMC, "separatation of regid from unique software ID "
+ "failed");
+ status = FAILED;
+ goto end;
+ }
+ tag_creator = chunk_create(line, separator - line);
+ separator++;
+
+ unique_sw_id = chunk_create(separator, len - (separator - line));
+ tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
+ this->list->insert_last(this->list, tag_id);
+
+ if (fgets(line, sizeof(line), file) <= 0)
+ {
+ goto end;
+ }
+ }
+ }
+
+end:
+ pclose(file);
+ return status;
+}
+
static bool collect_tags(private_swid_inventory_t *this, char *pathname,
swid_inventory_t *targets)
{
{
char * start, *stop;
chunk_t tag_creator;
- chunk_t unique_sw_id = chunk_empty, unique_seq_id = chunk_empty;
+ chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty;
if (!strstr(rel_name, "regid."))
{
continue;
goto end;
}
tag_creator = chunk_create(start, stop-start);
-
start = stop + 1;
- stop = strchr(start, '_');
- if (stop)
- {
- unique_sw_id = chunk_create(start, stop-start);
- start = stop + 1;
- }
stop = strstr(start, ".swidtag");
if (!stop)
DBG1(DBG_IMC, " swidtag postfix not found");
goto end;
}
- if (unique_sw_id.ptr)
- {
- unique_seq_id = chunk_create(start, stop-start);
- }
- else
- {
- unique_sw_id = chunk_create(start, stop-start);
- }
+ unique_sw_id = chunk_create(start, stop-start);
+ tag_file_path = chunk_from_str(abs_name);
/* In case of a targeted request */
if (targets->get_count(targets))
goto end;
}
- tag = swid_tag_create(*xml_tag, unique_seq_id);
+ tag = swid_tag_create(*xml_tag, tag_file_path);
this->list->insert_last(this->list, tag);
chunk_unmap(xml_tag);
}
{
swid_tag_id_t *tag_id;
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, unique_seq_id);
+ tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
this->list->insert_last(this->list, tag_id);
}
-
}
success = TRUE;
}
METHOD(swid_inventory_t, collect, bool,
- private_swid_inventory_t *this, char *directory, swid_inventory_t *targets)
+ private_swid_inventory_t *this, char *directory, char *generator,
+ swid_inventory_t *targets, bool pretty, bool full)
{
+ /**
+ * Tags are generated by a package manager
+ */
+ generate_tags(this, generator, targets, pretty, full);
+
+ /**
+ * Collect swidtag files by iteratively entering all directories in
+ * the tree under the "directory" path.
+ */
return collect_tags(this, directory, targets);
}
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* Collect the SWID tags stored on the endpoint
*
* @param directory SWID directory path
+ * @param generator Path to SWID generator
* @param targets List of target tag IDs
+ * @param pretty Generate indented XML SWID tags
+ * @param full Include file information in SWID tags
* @return TRUE if successful
*/
- bool (*collect)(swid_inventory_t *this, char *directory,
- swid_inventory_t *targets);
+ bool (*collect)(swid_inventory_t *this, char *directory, char *generator,
+ swid_inventory_t *targets, bool pretty, bool full);
/**
* Collect the SWID tags stored on the endpoint
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
chunk_t encoding;
/**
- * Optional Unique Sequence ID
+ * Optional Tag File Path
*/
- chunk_t unique_seq_id;
+ chunk_t tag_file_path;
+ /**
+ * Reference count
+ */
+ refcount_t ref;
};
METHOD(swid_tag_t, get_encoding, chunk_t,
return this->encoding;
}
-METHOD(swid_tag_t, get_unique_seq_id, chunk_t,
+METHOD(swid_tag_t, get_tag_file_path, chunk_t,
private_swid_tag_t *this)
{
- return this->unique_seq_id;
+ return this->tag_file_path;
+}
+
+METHOD(swid_tag_t, get_ref, swid_tag_t*,
+ private_swid_tag_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public;
}
METHOD(swid_tag_t, destroy, void,
private_swid_tag_t *this)
{
- free(this->encoding.ptr);
- free(this->unique_seq_id.ptr);
- free(this);
+ if (ref_put(&this->ref))
+ {
+ free(this->encoding.ptr);
+ free(this->tag_file_path.ptr);
+ free(this);
+ }
}
/**
* See header
*/
-swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t unique_seq_id)
+swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t tag_file_path)
{
private_swid_tag_t *this;
INIT(this,
.public = {
.get_encoding = _get_encoding,
- .get_unique_seq_id = _get_unique_seq_id,
+ .get_tag_file_path = _get_tag_file_path,
+ .get_ref = _get_ref,
.destroy = _destroy,
},
.encoding = chunk_clone(encoding),
+ .ref = 1,
);
- if (unique_seq_id.len > 0)
+ if (tag_file_path.len > 0)
{
- this->unique_seq_id = chunk_clone(unique_seq_id);
+ this->tag_file_path = chunk_clone(tag_file_path);
}
return &this->public;
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
chunk_t (*get_encoding)(swid_tag_t *this);
/**
- * Get th Optional Unique Sequence ID
+ * Get th Optional Tag File Path
*
- * @return Optional Unique Sequence ID
+ * @return Optional Tag File Path
*/
- chunk_t (*get_unique_seq_id)(swid_tag_t *this);
+ chunk_t (*get_tag_file_path)(swid_tag_t *this);
+
+ /**
+ * Get a new reference to the swid_tag object
+ *
+ * @return this, with an increased refcount
+ */
+ swid_tag_t* (*get_ref)(swid_tag_t *this);
/**
* Destroys a swid_tag_t object.
* Creates a swid_tag_t object
*
* @param encoding XML encoding of SWID tag
- * @param unique_seq_id Unique Sequence ID or empty chunk
+ * @param tag_file_path Tag File Path or empty chunk
*/
-swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t unique_seq_id);
+swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t tag_file_path);
#endif /** SWID_TAG_H_ @}*/
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
chunk_t unique_sw_id;
/**
- * Optional Unique Sequence ID
+ * Tag File Path
*/
- chunk_t unique_seq_id;
+ chunk_t tag_file_path;
+ /**
+ * Reference count
+ */
+ refcount_t ref;
};
METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
}
METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t,
- private_swid_tag_id_t *this, chunk_t *unique_seq_id)
+ private_swid_tag_id_t *this, chunk_t *tag_file_path)
{
- if (unique_seq_id)
+ if (tag_file_path)
{
- *unique_seq_id = this->unique_seq_id;
+ *tag_file_path = this->tag_file_path;
}
return this->unique_sw_id;
}
+METHOD(swid_tag_id_t, get_ref, swid_tag_id_t*,
+ private_swid_tag_id_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public;
+}
+
METHOD(swid_tag_id_t, destroy, void,
private_swid_tag_id_t *this)
{
- free(this->tag_creator.ptr);
- free(this->unique_sw_id.ptr);
- free(this->unique_seq_id.ptr);
- free(this);
+ if (ref_put(&this->ref))
+ {
+ free(this->tag_creator.ptr);
+ free(this->unique_sw_id.ptr);
+ free(this->tag_file_path.ptr);
+ free(this);
+ }
}
/**
* See header
*/
swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
- chunk_t unique_seq_id)
+ chunk_t tag_file_path)
{
private_swid_tag_id_t *this;
.public = {
.get_tag_creator = _get_tag_creator,
.get_unique_sw_id = _get_unique_sw_id,
+ .get_ref = _get_ref,
.destroy = _destroy,
},
.tag_creator = chunk_clone(tag_creator),
.unique_sw_id = chunk_clone(unique_sw_id),
+ .ref = 1,
);
- if (unique_seq_id.len > 0)
+ if (tag_file_path.len > 0)
{
- this->unique_seq_id = chunk_clone(unique_seq_id);
+ this->tag_file_path = chunk_clone(tag_file_path);
}
return &this->public;
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
chunk_t (*get_tag_creator)(swid_tag_id_t *this);
/**
- * Get the Unique Software ID and optional Unique Sequence ID
+ * Get the Unique Software ID and optional Tag File Path
*
- * @param Optional Unique Sequence ID
+ * @param Optional Tag File Path
* @return Unique Software ID
*/
- chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *unique_seq_id);
+ chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *tag_file_path);
+
+ /**
+ * Get a new reference to the swid_tag_id object
+ *
+ * @return this, with an increased refcount
+ */
+ swid_tag_id_t* (*get_ref)(swid_tag_id_t *this);
/**
* Destroys a swid_tag_id_t object.
*
* @param tag_creator Tag Creator
* @param unique_sw_id Unique Software ID
- * @param unique_seq_id Unique Sequence ID or empty chunk
+ * @param tag_file_path Tag File Path or empty chunk
*/
swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
- chunk_t unique_seq_id);
+ chunk_t tag_file_path);
#endif /** SWID_TAG_ID_H_ @}*/
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Unique Software ID Length |Unique Software ID (var length)|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Unique Sequence ID Length |Unique Sequence ID (var length)|
+ * | Tag File Path Length | Tag File Path (var. length) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
-#define SWID_TAG_ID_INV_SIZE 16
-#define SWID_TAG_ID_INV_RESERVED 0x00
+#define TCG_SWID_TAG_ID_INV_RESERVED 0x00
/**
* Private data of an tcg_swid_attr_tag_id_inv_t object.
/**
* Request ID
*/
- u_int32_t request_id;
+ uint32_t request_id;
/**
* Event ID Epoch
*/
- u_int32_t eid_epoch;
+ uint32_t eid_epoch;
/**
* Last Event ID
*/
- u_int32_t last_eid;
+ uint32_t last_eid;
/**
* SWID Tag ID Inventory
{
bio_writer_t *writer;
swid_tag_id_t *tag_id;
- chunk_t tag_creator, unique_sw_id, unique_seq_id;
+ chunk_t tag_creator, unique_sw_id, tag_file_path;
enumerator_t *enumerator;
if (this->value.ptr)
return;
}
- writer = bio_writer_create(SWID_TAG_ID_INV_SIZE);
- writer->write_uint8 (writer, SWID_TAG_ID_INV_RESERVED);
+ writer = bio_writer_create(TCG_SWID_TAG_ID_INV_MIN_SIZE);
+ writer->write_uint8 (writer, TCG_SWID_TAG_ID_INV_RESERVED);
writer->write_uint24(writer, this->inventory->get_count(this->inventory));
writer->write_uint32(writer, this->request_id);
writer->write_uint32(writer, this->eid_epoch);
while (enumerator->enumerate(enumerator, &tag_id))
{
tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, &unique_seq_id);
+ unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
writer->write_data16(writer, tag_creator);
writer->write_data16(writer, unique_sw_id);
- writer->write_data16(writer, unique_seq_id);
+ writer->write_data16(writer, tag_file_path);
}
enumerator->destroy(enumerator);
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_tag_id_inv_t *this, u_int32_t *offset)
+ private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t tag_id_count;
- u_int8_t reserved;
- chunk_t tag_creator, unique_sw_id, unique_seq_id;
+ uint32_t tag_id_count;
+ uint8_t reserved;
+ chunk_t tag_creator, unique_sw_id, tag_file_path;
swid_tag_id_t *tag_id;
- if (this->value.len < SWID_TAG_ID_INV_SIZE)
+ if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for SWID Tag Identifier Inventory");
*offset = 0;
reader->read_uint32(reader, &this->request_id);
reader->read_uint32(reader, &this->eid_epoch);
reader->read_uint32(reader, &this->last_eid);
- *offset = SWID_TAG_ID_INV_SIZE;
+ *offset = TCG_SWID_TAG_ID_INV_MIN_SIZE;
while (tag_id_count--)
{
}
*offset += 2 + unique_sw_id.len;
- if (!reader->read_data16(reader, &unique_seq_id))
+ if (!reader->read_data16(reader, &tag_file_path))
{
- DBG1(DBG_TNC, "insufficient data for Unique Sequence ID");
+ DBG1(DBG_TNC, "insufficient data for Tag File Path");
return FAILED;
}
- *offset += 2 + unique_seq_id.len;
+ *offset += 2 + tag_file_path.len;
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, unique_seq_id);
+ tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
this->inventory->add(this->inventory, tag_id);
}
reader->destroy(reader);
}
}
-METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, u_int32_t,
+METHOD(tcg_swid_attr_tag_id_inv_t, add, void,
+ private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id)
+{
+ this->inventory->add(this->inventory, tag_id);
+}
+
+METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, uint32_t,
private_tcg_swid_attr_tag_id_inv_t *this)
{
return this->request_id;
}
-METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, u_int32_t,
- private_tcg_swid_attr_tag_id_inv_t *this, u_int32_t *eid_epoch)
+METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t,
+ private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *eid_epoch)
{
if (eid_epoch)
{
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
- u_int32_t eid_epoch,
- u_int32_t eid,
- swid_inventory_t *inventory)
+pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
+ uint32_t eid_epoch,
+ uint32_t eid)
{
private_tcg_swid_attr_tag_id_inv_t *this;
.get_ref = _get_ref,
.destroy = _destroy,
},
+ .add = _add,
.get_request_id = _get_request_id,
.get_last_eid = _get_last_eid,
.get_inventory = _get_inventory,
.request_id = request_id,
.eid_epoch = eid_epoch,
.last_eid = eid,
- .inventory = inventory,
+ .inventory = swid_inventory_create(FALSE),
.ref = 1,
);
.get_ref = _get_ref,
.destroy = _destroy,
},
+ .add = _add,
.get_request_id = _get_request_id,
.get_last_eid = _get_last_eid,
.get_inventory = _get_inventory,
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include <pa_tnc/pa_tnc_attr.h>
+#define TCG_SWID_TAG_ID_INV_MIN_SIZE 16
+
/**
* Class implementing the TCG SWID Tag Identifier Inventory attribute
*
*/
pa_tnc_attr_t pa_tnc_attribute;
+ /**
+ * Add a Tag ID to the attribute
+ *
+ * @tag_id SWID Tag ID to be added
+ */
+ void (*add)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id);
+
/**
* Get Request ID
*
* @return Request ID
*/
- u_int32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
+ uint32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
/**
* Get Last Event ID
* @param eid_epoch Event ID Epoch
* @return Last Event ID
*/
- u_int32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
- u_int32_t *eid_epoch);
+ uint32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
+ uint32_t *eid_epoch);
/**
* Get Inventory of SWID tag IDs
* @param request_id Copy of the Request ID
* @param eid_epoch Event ID Epoch
* @param eid Last Event ID
- * @param inventory SWID Tag Inventory
*/
-pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
- u_int32_t eid_epoch,
- u_int32_t eid,
- swid_inventory_t *inventory);
+pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
+ uint32_t eid_epoch,
+ uint32_t eid);
/**
* Creates an tcg_swid_attr_tag_id_inv_t object from received data
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Last EID |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Unique Sequence ID Length |Unique Sequence ID (var length)|
+ * | Tag File Path Length | Tag File Path (var length) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Tag Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
-#define SWID_TAG_INV_SIZE 16
-#define SWID_TAG_INV_RESERVED 0x00
+#define TCG_SWID_TAG_INV_RESERVED 0x00
/**
* Private data of an tcg_swid_attr_tag_inv_t object.
/**
* Request ID
*/
- u_int32_t request_id;
+ uint32_t request_id;
/**
* Event ID Epoch
*/
- u_int32_t eid_epoch;
+ uint32_t eid_epoch;
/**
* Last Event ID
*/
- u_int32_t last_eid;
+ uint32_t last_eid;
/**
* SWID Tag Inventory
return;
}
- writer = bio_writer_create(SWID_TAG_INV_SIZE);
- writer->write_uint8 (writer, SWID_TAG_INV_RESERVED);
+ writer = bio_writer_create(TCG_SWID_TAG_INV_MIN_SIZE);
+ writer->write_uint8 (writer, TCG_SWID_TAG_INV_RESERVED);
writer->write_uint24(writer, this->inventory->get_count(this->inventory));
writer->write_uint32(writer, this->request_id);
writer->write_uint32(writer, this->eid_epoch);
enumerator = this->inventory->create_enumerator(this->inventory);
while (enumerator->enumerate(enumerator, &tag))
{
- writer->write_data16(writer, tag->get_unique_seq_id(tag));
+ writer->write_data16(writer, tag->get_tag_file_path(tag));
writer->write_data32(writer, tag->get_encoding(tag));
}
enumerator->destroy(enumerator);
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_tag_inv_t *this, u_int32_t *offset)
+ private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t tag_count;
- u_int8_t reserved;
- chunk_t tag_encoding, unique_seq_id;
+ uint32_t tag_count;
+ uint8_t reserved;
+ chunk_t tag_encoding, tag_file_path;
swid_tag_t *tag;
- if (this->value.len < SWID_TAG_INV_SIZE)
+ if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for SWID Tag Inventory");
*offset = 0;
reader->read_uint32(reader, &this->request_id);
reader->read_uint32(reader, &this->eid_epoch);
reader->read_uint32(reader, &this->last_eid);
- *offset = SWID_TAG_INV_SIZE;
+ *offset = TCG_SWID_TAG_INV_MIN_SIZE;
while (tag_count--)
{
- if (!reader->read_data16(reader, &unique_seq_id))
+ if (!reader->read_data16(reader, &tag_file_path))
{
- DBG1(DBG_TNC, "insufficient data for Unique Sequence ID");
+ DBG1(DBG_TNC, "insufficient data for Tag File Path");
return FAILED;
}
- *offset += 2 + unique_seq_id.len;
+ *offset += 2 + tag_file_path.len;
if (!reader->read_data32(reader, &tag_encoding))
{
}
*offset += 4 + tag_encoding.len;
- tag = swid_tag_create(tag_encoding, unique_seq_id);
+ tag = swid_tag_create(tag_encoding, tag_file_path);
this->inventory->add(this->inventory, tag);
}
reader->destroy(reader);
}
}
-METHOD(tcg_swid_attr_tag_inv_t, get_request_id, u_int32_t,
+METHOD(tcg_swid_attr_tag_inv_t, add, void,
+ private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag)
+{
+ this->inventory->add(this->inventory, tag);
+}
+
+METHOD(tcg_swid_attr_tag_inv_t, get_request_id, uint32_t,
private_tcg_swid_attr_tag_inv_t *this)
{
return this->request_id;
}
-METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, u_int32_t,
- private_tcg_swid_attr_tag_inv_t *this, u_int32_t *eid_epoch)
+METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t,
+ private_tcg_swid_attr_tag_inv_t *this, uint32_t *eid_epoch)
{
if (eid_epoch)
{
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
- u_int32_t eid_epoch, u_int32_t eid,
- swid_inventory_t *inventory)
+pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id,
+ uint32_t eid_epoch, uint32_t eid)
{
private_tcg_swid_attr_tag_inv_t *this;
.get_ref = _get_ref,
.destroy = _destroy,
},
+ .add = _add,
.get_request_id = _get_request_id,
.get_last_eid = _get_last_eid,
.get_inventory = _get_inventory,
.request_id = request_id,
.eid_epoch = eid_epoch,
.last_eid = eid,
- .inventory = inventory,
+ .inventory = swid_inventory_create(TRUE),
.ref = 1,
);
.get_ref = _get_ref,
.destroy = _destroy,
},
+ .add = _add,
.get_request_id = _get_request_id,
.get_last_eid = _get_last_eid,
.get_inventory = _get_inventory,
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include <pa_tnc/pa_tnc_attr.h>
+#define TCG_SWID_TAG_INV_MIN_SIZE 16
+
/**
* Class implementing the TCG SWID Tag Inventory attribute
*
*/
pa_tnc_attr_t pa_tnc_attribute;
+ /**
+ * Add a Tag ID to the attribute
+ *
+ * @tag SWID Tag to be added
+ */
+ void (*add)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag);
/**
* Get Request ID
*
* @return Request ID
*/
- u_int32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
+ uint32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
/**
* Get Last Event ID
* @param eid_epoch Event ID Epoch
* @return Last Event ID
*/
- u_int32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
- u_int32_t *eid_epoch);
+ uint32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
+ uint32_t *eid_epoch);
/**
* Get Inventory of SWID tags
* @param request_id Copy of the Request ID
* @param eid_epoch Event ID Epoch
* @param eid Last Event ID
- * @param inventory SWID Tag Inventory
*/
-pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(u_int32_t request_id,
- u_int32_t eid_epoch,
- u_int32_t eid,
- swid_inventory_t *inventory);
+pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id,
+ uint32_t eid_epoch,
+ uint32_t eid);
/**
* Creates an tcg_swid_attr_tag_inv_t object from received data
INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core
INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils,screen
INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev
-INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev
+INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev,ca-certificates,unzip
+INC=$INC,python,python-setuptools
SERVICES="apache2 dbus isc-dhcp-server slapd bind9"
INC=$INC,${SERVICES// /,}
--- /dev/null
+#!/usr/bin/make
+
+PKG = swidGenerator
+ZIP = $(PKG)-master.zip
+SRC = https://github.com/tnc-ba/$(PKG)/archive/master.zip
+
+all: install
+
+$(ZIP):
+ wget --ca-directory="/usr/share/ca-certificates/mozilla" $(SRC) -O $(ZIP)
+
+$(PKG)-master: $(ZIP)
+ unzip $(ZIP)
+
+install: $(PKG)-master
+ cd $(PKG)-master && python setup.py install
: ${TESTDIR=/srv/strongswan-testing}
# Kernel configuration
-: ${KERNELVERSION=3.13.2}
+: ${KERNELVERSION=3.13.5}
: ${KERNEL=linux-$KERNELVERSION}
: ${KERNELTARBALL=$KERNEL.tar.xz}
: ${KERNELCONFIG=$DIR/../config/kernel/config-3.13}
: ${KERNELPATCH=ha-3.13-abicompat.patch.bz2}
# strongSwan version used in tests
-: ${SWANVERSION=5.1.2}
+: ${SWANVERSION=5.2.0}
# Build directory where the guest kernel and images will be built
: ${BUILDDIR=$TESTDIR/build}
: ${BASEIMGSUITE=wheezy}
: ${BASEIMGARCH=amd64}
: ${BASEIMG=$IMGDIR/debian-$BASEIMGSUITE-$BASEIMGARCH.$IMGEXT}
-: ${BASEIMGMIRROR=http://cdn.debian.net/debian}
+: ${BASEIMGMIRROR=http://http.debian.net/debian}
# Root image settings
# The root image is the origin of all guest images. It is a clone of the base
INSERT INTO devices ( /* 1 */
value, product, created
) VALUES (
- 'aabbccddeeff11223344556677889900', 28, 1372330615
+ 'aabbccddeeff11223344556677889900', 40, 1372330615
);
/* Groups Members */
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
INSERT INTO devices ( /* 1 */
value, product, created
) VALUES (
- 'aabbccddeeff11223344556677889900', 28, 1372330615
+ 'aabbccddeeff11223344556677889900', 40, 1372330615
);
/* Groups Members */
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --sessions 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --sessions 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --sessions 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
+moon:: ipsec attest --sessions 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
INSERT INTO devices ( /* 1 */
value, product, created
) VALUES (
- 'aabbccddeeff11223344556677889900', 28, 1372330615
+ 'aabbccddeeff11223344556677889900', 40, 1372330615
);
/* Groups Members */
INSERT INTO sessions (
time, connection, identity, device, product, rec
) VALUES (
- NOW, 1, 1, 1, 28, 0
+ NOW, 1, 1, 1, 40, 0
);
/* Results */
carol::ipsec up home
dave::ipsec up home
dave::sleep 1
-moon::ipsec attest --packages --product 'Debian 7.2 x86_64'
+moon::ipsec attest --packages --product 'Debian 7.4 x86_64'
moon::ipsec attest --sessions
moon::ipsec attest --devices
INSERT INTO devices ( /* 1 */
value, product, created
) VALUES (
- 'aabbccddeeff11223344556677889900', 28, 1372330615
+ 'aabbccddeeff11223344556677889900', 40, 1372330615
);
/* Groups Members */
INSERT INTO sessions (
time, connection, identity, device, product, rec
) VALUES (
- NOW, 1, 1, 1, 28, 0
+ NOW, 1, 1, 1, 40, 0
);
/* Results */
}
}
+libtls {
+ suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+}
+
pt-tls-client {
load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
}
}
}
+libtls {
+ suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+}
+
pt-tls-client {
load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
}
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
INSERT INTO devices ( /* 1 */
value, product, created
) VALUES (
- 'aabbccddeeff11223344556677889900', 28, 1372330615
+ 'aabbccddeeff11223344556677889900', 40, 1372330615
);
/* Groups Members */
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
INSERT INTO devices ( /* 1 */
value, product, created
) VALUES (
- 'aabbccddeeff11223344556677889900', 28, 1372330615
+ 'aabbccddeeff11223344556677889900', 40, 1372330615
);
/* Groups Members */
projects / thirdparty / strongswan.git / commitdiff
