[thirdparty/strongswan.git] / src / libimcv / imcv.c

/*
 * Copyright (C) 2011-2022 Andreas Steffen
 *
 * Copyright (C) secunet Security Networks AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "imcv.h"
#include "ietf/ietf_attr.h"
#include "ita/ita_attr.h"
#include "pwg/pwg_attr.h"
#include "tcg/tcg_attr.h"
#include "pts/components/pts_component.h"
#include "pts/components/pts_component_manager.h"
#include "pts/components/tcg/tcg_comp_func_name.h"
#include "pts/components/ita/ita_comp_func_name.h"
#include "pts/components/ita/ita_comp_ima.h"
#include "pts/components/ita/ita_comp_tboot.h"
#include "pts/components/ita/ita_comp_tgrub.h"

#include <utils/debug.h>
#include <utils/utils.h>
#include <pen/pen.h>

#ifdef HAVE_SYSLOG
#include <syslog.h>
#endif

#ifndef IPSEC_SCRIPT
#define IPSEC_SCRIPT "ipsec"
#endif

#define IMCV_DEBUG_LEVEL			1
#define IMCV_DEFAULT_POLICY_SCRIPT	IPSEC_SCRIPT " _imv_policy"


/**
 * PA-TNC attribute manager
 */
pa_tnc_attr_manager_t *imcv_pa_tnc_attributes;

/**
 * Global list of IMV sessions
 */
imv_session_manager_t *imcv_sessions;

/**
 * Global IMV database
 */
imv_database_t *imcv_db;

/**
 * PTS Functional Component manager
 */
pts_component_manager_t *imcv_pts_components;

/**
 * Reference count for libimcv
 */
static refcount_t libimcv_ref = 0;

/**
 * Reference count for libstrongswan
 */
static refcount_t libstrongswan_ref = 0;

/**
 * Global configuration of imcv dbg function
 */
static int  imcv_debug_level;
static bool imcv_stderr_quiet;

/**
 * Described in header.
 */
void imcv_list_pa_tnc_attribute_type(char *label, pen_t vendor_id, uint32_t type)
{
	enum_name_t *pa_attr_names;

	pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
													  vendor_id);
	if (pa_attr_names)
	{
		DBG2(DBG_TNC, "%s PA-TNC attribute type '%N/%N' 0x%06x/0x%08x",
			 label, pen_names, vendor_id, pa_attr_names, type, vendor_id, type);
	}
	else
	{
		DBG2(DBG_TNC, "%s PA-TNC attribute type '%N' 0x%06x/0x%08x",
			 label, pen_names, vendor_id, vendor_id, type);
	}
}

/**
 * imvc dbg function
 */
static void imcv_dbg(debug_t group, level_t level, char *fmt, ...)
{
	va_list args;

	if (level <= imcv_debug_level)
	{
		if (!imcv_stderr_quiet)
		{
			va_start(args, fmt);
			fprintf(stderr, "[HSR] ");
			vfprintf(stderr, fmt, args);
			fprintf(stderr, "\n");
			va_end(args);
		}

#ifdef HAVE_SYSLOG
		{
			int priority = LOG_INFO;
			char buffer[8192];
			char *current = buffer, *next;

			/* write in memory buffer first */
			va_start(args, fmt);
			vsnprintf(buffer, sizeof(buffer), fmt, args);
			va_end(args);

			/* do a syslog with every line */
			while (current)
			{
				next = strchr(current, '\n');
				if (next)
				{
					*(next++) = '\0';
				}
				syslog(priority, "[HSR] %s\n", current);
				current = next;
			}
		}
#endif /* HAVE_SYSLOG */
	}
}

/**
 * Described in header.
 */
bool libimcv_init(bool is_imv)
{
	/* initialize libstrongswan library only once */
	if (lib)
	{
		/* did main program initialize libstrongswan? */
		if (!ref_cur(&libstrongswan_ref))
		{
			ref_get(&libstrongswan_ref);
		}
	}
	else
	{
		/* we are the first to initialize libstrongswan */
		if (!library_init(NULL, "libimcv"))
		{
			return FALSE;
		}

		/* set the debug level and stderr output */
		imcv_debug_level =  lib->settings->get_int(lib->settings,
									"libimcv.debug_level", IMCV_DEBUG_LEVEL);
		imcv_stderr_quiet = lib->settings->get_int(lib->settings,
									"libimcv.stderr_quiet", FALSE);

		/* activate the imcv debugging hook */
		dbg = imcv_dbg;
#ifdef HAVE_SYSLOG
		openlog("imcv", 0, LOG_DAEMON);
#endif

		if (!lib->plugins->load(lib->plugins,
				lib->settings->get_str(lib->settings, "libimcv.load",
					"random nonce gmp pubkey x509")))
		{
			library_deinit();
			return FALSE;
		}
	}
	ref_get(&libstrongswan_ref);

	lib->settings->add_fallback(lib->settings, "%s.imcv", "libimcv", lib->ns);
	lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
								lib->ns);

	if (!ref_cur(&libimcv_ref))
	{
		char *uri, *script;

		libtpmtss_init();

		/* initialize the PA-TNC attribute manager */
		imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
		imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
							ietf_attr_create_from_data, ietf_attr_names);
		imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA,
							ita_attr_create_from_data, ita_attr_names);
		imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_PWG,
							pwg_attr_create_from_data, pwg_attr_names);
		imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG,
							tcg_attr_create_from_data, tcg_attr_names);

		imcv_pts_components = pts_component_manager_create();
		imcv_pts_components->add_vendor(imcv_pts_components, PEN_TCG,
					pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE,
					pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names);
		imcv_pts_components->add_vendor(imcv_pts_components, PEN_ITA,
					pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE,
					pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names);

		imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
									  PTS_ITA_COMP_FUNC_NAME_TGRUB,
									  pts_ita_comp_tgrub_create);
		imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
									  PTS_ITA_COMP_FUNC_NAME_TBOOT,
									  pts_ita_comp_tboot_create);
		imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
									  PTS_ITA_COMP_FUNC_NAME_IMA,
									  pts_ita_comp_ima_create);
		if (is_imv)
		{
			/* instantiate global IMV session manager */
			imcv_sessions = imv_session_manager_create();

			/* instantiate and attach global IMV database if URI is valid */
			uri = lib->settings->get_str(lib->settings,
						"%s.imcv.database", NULL, lib->ns);
			script = lib->settings->get_str(lib->settings,
						"%s.imcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT,
						lib->ns);
			if (uri)
			{
				imcv_db = imv_database_create(uri, script);
			}
		}
		DBG1(DBG_LIB, "libimcv initialized");
	}
	ref_get(&libimcv_ref);

	return TRUE;
}

/**
 * Described in header.
 */
void libimcv_deinit(void)
{
	if (ref_put(&libimcv_ref))
	{
		imcv_pts_components->remove_vendor(imcv_pts_components, PEN_TCG);
		imcv_pts_components->remove_vendor(imcv_pts_components, PEN_ITA);
		imcv_pts_components->destroy(imcv_pts_components);

		imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF);
		imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA);
		imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_PWG);
		imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG);
		DESTROY_IF(imcv_pa_tnc_attributes);
		imcv_pa_tnc_attributes = NULL;
		DESTROY_IF(imcv_db);
		DESTROY_IF(imcv_sessions);
		DBG1(DBG_LIB, "libimcv terminated");

		libtpmtss_deinit();
	}
	if (ref_put(&libstrongswan_ref))
	{
		library_deinit();
	}
}
Commit	Line	Data
d4c8fe3c	1	/*
19ef2aec	2	* Copyright (C) 2011-2022 Andreas Steffen
d4c8fe3c	3	*
19ef2aec	4	* Copyright (C) secunet Security Networks AG
3f19a951	5	*
d4c8fe3c AS	6	* This program is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the
	8	* Free Software Foundation; either version 2 of the License, or (at your
	9	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	10	*
	11	* This program is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	13	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	14	* for more details.
	15	*/
	16
	17	#include "imcv.h"
74eb850d AS	18	#include "ietf/ietf_attr.h"
74eb850d AS	19	#include "ita/ita_attr.h"
5e1b06ff	20	#include "pwg/pwg_attr.h"
d6fb2cc6 AS	21	#include "tcg/tcg_attr.h"
	22	#include "pts/components/pts_component.h"
	23	#include "pts/components/pts_component_manager.h"
	24	#include "pts/components/tcg/tcg_comp_func_name.h"
	25	#include "pts/components/ita/ita_comp_func_name.h"
	26	#include "pts/components/ita/ita_comp_ima.h"
	27	#include "pts/components/ita/ita_comp_tboot.h"
	28	#include "pts/components/ita/ita_comp_tgrub.h"
d4c8fe3c	29
f05b4272	30	#include <utils/debug.h>
bca34c37	31	#include <utils/utils.h>
74eb850d	32	#include <pen/pen.h>
d4c8fe3c	33
09e5f15a	34	#ifdef HAVE_SYSLOG
d4c8fe3c	35	#include <syslog.h>
09e5f15a	36	#endif
d4c8fe3c	37
668fbd49 TB	38	#ifndef IPSEC_SCRIPT
	39	#define IPSEC_SCRIPT "ipsec"
	40	#endif
	41
a6266485	42	#define IMCV_DEBUG_LEVEL 1
c8719a07	43	#define IMCV_DEFAULT_POLICY_SCRIPT IPSEC_SCRIPT " _imv_policy"
a6266485	44
e01b02e1	45
d4c8fe3c	46	/**
74eb850d	47	* PA-TNC attribute manager
d4c8fe3c	48	*/
74eb850d AS	49	pa_tnc_attr_manager_t *imcv_pa_tnc_attributes;
74eb850d AS	50
4894bfa2 AS	51	/**
	52	* Global list of IMV sessions
	53	*/
	54	imv_session_manager_t *imcv_sessions;
	55
a6266485 AS	56	/**
	57	* Global IMV database
	58	*/
	59	imv_database_t *imcv_db;
	60
d6fb2cc6 AS	61	/**
	62	* PTS Functional Component manager
	63	*/
	64	pts_component_manager_t *imcv_pts_components;
	65
74eb850d AS	66	/**
	67	* Reference count for libimcv
	68	*/
	69	static refcount_t libimcv_ref = 0;
	70
	71	/**
	72	* Reference count for libstrongswan
	73	*/
	74	static refcount_t libstrongswan_ref = 0;
d4c8fe3c AS	75
d4c8fe3c AS	76	/**
e01b02e1	77	* Global configuration of imcv dbg function
d4c8fe3c	78	*/
e01b02e1 AS	79	static int imcv_debug_level;
e01b02e1 AS	80	static bool imcv_stderr_quiet;
d4c8fe3c	81
3f19a951 AS	82	/**
	83	* Described in header.
	84	*/
	85	void imcv_list_pa_tnc_attribute_type(char *label, pen_t vendor_id, uint32_t type)
	86	{
	87	enum_name_t *pa_attr_names;
	88
	89	pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
	90	vendor_id);
	91	if (pa_attr_names)
	92	{
	93	DBG2(DBG_TNC, "%s PA-TNC attribute type '%N/%N' 0x%06x/0x%08x",
	94	label, pen_names, vendor_id, pa_attr_names, type, vendor_id, type);
	95	}
	96	else
	97	{
	98	DBG2(DBG_TNC, "%s PA-TNC attribute type '%N' 0x%06x/0x%08x",
	99	label, pen_names, vendor_id, vendor_id, type);
	100	}
	101	}
	102
d4c8fe3c	103	/**
e01b02e1	104	* imvc dbg function
d4c8fe3c	105	*/
e01b02e1	106	static void imcv_dbg(debug_t group, level_t level, char *fmt, ...)
d4c8fe3c	107	{
d4c8fe3c AS	108	va_list args;
d4c8fe3c AS	109
e01b02e1	110	if (level <= imcv_debug_level)
d4c8fe3c	111	{
e01b02e1	112	if (!imcv_stderr_quiet)
d4c8fe3c AS	113	{
d4c8fe3c AS	114	va_start(args, fmt);
ad963975	115	fprintf(stderr, "[HSR] ");
d4c8fe3c AS	116	vfprintf(stderr, fmt, args);
	117	fprintf(stderr, "\n");
	118	va_end(args);
	119	}
	120
09e5f15a	121	#ifdef HAVE_SYSLOG
d4c8fe3c	122	{
09e5f15a MW	123	int priority = LOG_INFO;
	124	char buffer[8192];
	125	char current = buffer, next;
	126
	127	/* write in memory buffer first */
	128	va_start(args, fmt);
	129	vsnprintf(buffer, sizeof(buffer), fmt, args);
	130	va_end(args);
	131
	132	/* do a syslog with every line */
	133	while (current)
d4c8fe3c	134	{
09e5f15a MW	135	next = strchr(current, '\n');
	136	if (next)
	137	{
	138	*(next++) = '\0';
	139	}
	140	syslog(priority, "[HSR] %s\n", current);
	141	current = next;
d4c8fe3c	142	}
d4c8fe3c	143	}
09e5f15a	144	#endif /* HAVE_SYSLOG */
d4c8fe3c AS	145	}
	146	}
	147
	148	/**
	149	* Described in header.
	150	*/
a6266485	151	bool libimcv_init(bool is_imv)
d4c8fe3c AS	152	{
	153	/* initialize libstrongswan library only once */
	154	if (lib)
	155	{
	156	/* did main program initialize libstrongswan? */
5126e7c0	157	if (!ref_cur(&libstrongswan_ref))
d4c8fe3c	158	{
74eb850d	159	ref_get(&libstrongswan_ref);
d4c8fe3c AS	160	}
	161	}
	162	else
	163	{
	164	/* we are the first to initialize libstrongswan */
34d3bfcf	165	if (!library_init(NULL, "libimcv"))
d4c8fe3c AS	166	{
	167	return FALSE;
	168	}
	169
e01b02e1 AS	170	/* set the debug level and stderr output */
	171	imcv_debug_level = lib->settings->get_int(lib->settings,
	172	"libimcv.debug_level", IMCV_DEBUG_LEVEL);
	173	imcv_stderr_quiet = lib->settings->get_int(lib->settings,
ad963975	174	"libimcv.stderr_quiet", FALSE);
f05b4272	175
e01b02e1 AS	176	/* activate the imcv debugging hook */
e01b02e1 AS	177	dbg = imcv_dbg;
09e5f15a	178	#ifdef HAVE_SYSLOG
d4c8fe3c	179	openlog("imcv", 0, LOG_DAEMON);
09e5f15a	180	#endif
6e58f0a3	181
b18a5317	182	if (!lib->plugins->load(lib->plugins,
71d740ca AS	183	lib->settings->get_str(lib->settings, "libimcv.load",
71d740ca AS	184	"random nonce gmp pubkey x509")))
6e58f0a3 AS	185	{
	186	library_deinit();
	187	return FALSE;
	188	}
74eb850d AS	189	}
74eb850d AS	190	ref_get(&libstrongswan_ref);
d4c8fe3c	191
1ec34763 TB	192	lib->settings->add_fallback(lib->settings, "%s.imcv", "libimcv", lib->ns);
	193	lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
	194	lib->ns);
	195
5126e7c0	196	if (!ref_cur(&libimcv_ref))
74eb850d	197	{
a6266485 AS	198	char uri, script;
a6266485 AS	199
5126e7c0 TB	200	libtpmtss_init();
5126e7c0 TB	201
74eb850d	202	/* initialize the PA-TNC attribute manager */
19ef2aec	203	imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
74eb850d AS	204	imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
	205	ietf_attr_create_from_data, ietf_attr_names);
	206	imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA,
	207	ita_attr_create_from_data, ita_attr_names);
5e1b06ff AS	208	imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_PWG,
5e1b06ff AS	209	pwg_attr_create_from_data, pwg_attr_names);
d6fb2cc6 AS	210	imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG,
	211	tcg_attr_create_from_data, tcg_attr_names);
	212
	213	imcv_pts_components = pts_component_manager_create();
	214	imcv_pts_components->add_vendor(imcv_pts_components, PEN_TCG,
	215	pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE,
	216	pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names);
	217	imcv_pts_components->add_vendor(imcv_pts_components, PEN_ITA,
	218	pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE,
	219	pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names);
	220
	221	imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
	222	PTS_ITA_COMP_FUNC_NAME_TGRUB,
	223	pts_ita_comp_tgrub_create);
	224	imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
	225	PTS_ITA_COMP_FUNC_NAME_TBOOT,
	226	pts_ita_comp_tboot_create);
	227	imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
	228	PTS_ITA_COMP_FUNC_NAME_IMA,
	229	pts_ita_comp_ima_create);
a6266485 AS	230	if (is_imv)
a6266485 AS	231	{
4894bfa2 AS	232	/* instantiate global IMV session manager */
	233	imcv_sessions = imv_session_manager_create();
	234
	235	/* instantiate and attach global IMV database if URI is valid */
a6266485	236	uri = lib->settings->get_str(lib->settings,
1ec34763	237	"%s.imcv.database", NULL, lib->ns);
a6266485	238	script = lib->settings->get_str(lib->settings,
1ec34763 TB	239	"%s.imcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT,
1ec34763 TB	240	lib->ns);
a6266485 AS	241	if (uri)
	242	{
	243	imcv_db = imv_database_create(uri, script);
	244	}
	245	}
d4c8fe3c AS	246	DBG1(DBG_LIB, "libimcv initialized");
d4c8fe3c AS	247	}
74eb850d	248	ref_get(&libimcv_ref);
d4c8fe3c AS	249
	250	return TRUE;
	251	}
	252
	253	/**
	254	* Described in header.
	255	*/
	256	void libimcv_deinit(void)
	257	{
74eb850d	258	if (ref_put(&libimcv_ref))
d4c8fe3c	259	{
d6fb2cc6 AS	260	imcv_pts_components->remove_vendor(imcv_pts_components, PEN_TCG);
	261	imcv_pts_components->remove_vendor(imcv_pts_components, PEN_ITA);
	262	imcv_pts_components->destroy(imcv_pts_components);
	263
74eb850d AS	264	imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF);
74eb850d AS	265	imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA);
5e1b06ff	266	imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_PWG);
d6fb2cc6	267	imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG);
74eb850d	268	DESTROY_IF(imcv_pa_tnc_attributes);
6bce8e1c	269	imcv_pa_tnc_attributes = NULL;
a6266485	270	DESTROY_IF(imcv_db);
4894bfa2	271	DESTROY_IF(imcv_sessions);
d4c8fe3c	272	DBG1(DBG_LIB, "libimcv terminated");
5126e7c0 TB	273
5126e7c0 TB	274	libtpmtss_deinit();
74eb850d AS	275	}
	276	if (ref_put(&libstrongswan_ref))
	277	{
f05b4272	278	library_deinit();
d4c8fe3c AS	279	}
d4c8fe3c AS	280	}