Proceed with attestation only if Attestation IMC returns a discovery response

diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
index 9da9ae0b0c0c160fb47640a053bcc5f49b54c059..2c5df2df220b04701d89e66a4c01007638dac79a 100644 (file)
--- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
@@ -440,9 +440,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
        }
 
        /* check the IMV state for the next PA-TNC attributes to send */
-       if (!imv_attestation_build(out_msg, attestation_state,
-                                                         this->supported_algorithms,
-                                                         this->supported_dh_groups, this->pts_db))
+       if (!imv_attestation_build(out_msg, state, this->supported_algorithms,
+                                                          this->supported_dh_groups, this->pts_db))
        {
                state->set_recommendation(state,
                                                                TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,

diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.c b/src/libpts/plugins/imv_attestation/imv_attestation_build.c
index 2d3ff83605152176816f614ebfc4a77ffcc449a4..1fbde2c6dc86e03de55f3bb950eb7b0c9a705768 100644 (file)
--- a/src/libpts/plugins/imv_attestation/imv_attestation_build.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.c
@@ -28,18 +28,29 @@
 #include <utils/debug.h>
 
 bool imv_attestation_build(imv_msg_t *out_msg,
-                                                  imv_attestation_state_t *attestation_state,
+                                                  imv_state_t *state,
                                                   pts_meas_algorithms_t supported_algorithms,
                                                   pts_dh_group_t supported_dh_groups,
                                                   pts_database_t *pts_db)
 {
+       imv_attestation_state_t *attestation_state;
        imv_attestation_handshake_state_t handshake_state;
        pts_t *pts;
        pa_tnc_attr_t *attr = NULL;
 
+       attestation_state = (imv_attestation_state_t*)state;
        handshake_state = attestation_state->get_handshake_state(attestation_state);
        pts = attestation_state->get_pts(attestation_state);
 
+       /**
+        * Received a response form the Attestation IMC so we can proceeed
+        */
+       if (handshake_state == IMV_ATTESTATION_STATE_DISCOVERY &&
+          (state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO))
+       {
+               handshake_state = IMV_ATTESTATION_STATE_NONCE_REQ;
+       }
+
        /**
         * Skip DH Nonce Parameters Request attribute when
         *   DH Nonce Exchange is not selected by PTS-IMC side
@@ -80,9 +91,11 @@ bool imv_attestation_build(imv_msg_t *out_msg,
                        out_msg->add_attribute(out_msg, attr);
 
                        attestation_state->set_handshake_state(attestation_state,
-                                                                               IMV_ATTESTATION_STATE_NONCE_REQ);
+                                                                               IMV_ATTESTATION_STATE_DISCOVERY);
                        break;
                }
+               case IMV_ATTESTATION_STATE_DISCOVERY:
+                       break;
                case IMV_ATTESTATION_STATE_NONCE_REQ:
                {
                        int min_nonce_len;

diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.h b/src/libpts/plugins/imv_attestation/imv_attestation_build.h
index 108f6f92381dc9e24df63ffa83eab777b2f7c805..4b7c9ff3d0b2a608da7704cb9e4d2c3b4e4b24a2 100644 (file)
--- a/src/libpts/plugins/imv_attestation/imv_attestation_build.h
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.h
@@ -34,14 +34,14 @@
  * Process a TCG PTS attribute
  *
  * @param out_msg                              outbound PA-TNC message to be built
- * @param attestation_state            attestation state of a given connection
+ * @param _state                               state of a given connection
  * @param supported_algorithms supported PTS measurement algorithms
  * @param supported_dh_groups  supported DH groups
  * @param pts_db                               PTS configuration database
  * @return                                             TRUE if successful
  */
 bool imv_attestation_build(imv_msg_t *out_msg,
-                                                  imv_attestation_state_t *attestation_state,
+                                                  imv_state_t *state,
                                                   pts_meas_algorithms_t supported_algorithms,
                                                   pts_dh_group_t supported_dh_groups,
                                                   pts_database_t *pts_db);

diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
index f3edd5fa11adfe6ae37c4891ee0e038fcf3d2678..27d1ae8db58640ad8b8c53f722d85846c58115ca 100644 (file)
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
@@ -50,6 +50,7 @@ enum imv_attestation_flag_t {
  */
 enum imv_attestation_handshake_state_t {
        IMV_ATTESTATION_STATE_INIT,
+       IMV_ATTESTATION_STATE_DISCOVERY,
        IMV_ATTESTATION_STATE_NONCE_REQ,
        IMV_ATTESTATION_STATE_TPM_INIT,
        IMV_ATTESTATION_STATE_COMP_EVID,