From 72e75049199c96e38b043c60e0b06eb92ac90537 Mon Sep 17 00:00:00 2001 From: Sansar Choinyambuu Date: Wed, 16 Nov 2011 16:44:42 +0100 Subject: [PATCH] Changes due to new implementation of Request Functional Component Evidence attribute --- .../imc_attestation/imc_attestation_process.c | 285 +++++++++--------- .../imv_attestation/imv_attestation_build.c | 51 ++-- .../imv_attestation/imv_attestation_state.c | 9 +- .../imv_attestation/imv_attestation_state.h | 7 +- src/libpts/pts/pts.h | 1 + src/libpts/pts/pts_funct_comp_name.h | 10 + .../tcg/tcg_pts_attr_req_funct_comp_evid.c | 280 ++++++++--------- .../tcg/tcg_pts_attr_req_funct_comp_evid.h | 94 +----- 8 files changed, 329 insertions(+), 408 deletions(-) diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c index 72c751c854..349a2acca6 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c @@ -352,21 +352,23 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, attr_list->insert_last(attr_list, attr); break; } - case TCG_PTS_REQ_FILE_META: + case TCG_PTS_REQ_FILE_MEAS: { - tcg_pts_attr_req_file_meta_t *attr_cast; + tcg_pts_attr_req_file_meas_t *attr_cast; char *pathname; + u_int16_t request_id; bool is_directory; - u_int8_t delimiter; - pts_file_meta_t *metadata; + u_int32_t delimiter; + pts_file_meas_t *measurements; attr_info = attr->get_value(attr); - attr_cast = (tcg_pts_attr_req_file_meta_t*)attr; + attr_cast = (tcg_pts_attr_req_file_meas_t*)attr; is_directory = attr_cast->get_directory_flag(attr_cast); + request_id = attr_cast->get_request_id(attr_cast); delimiter = attr_cast->get_delimiter(attr_cast); pathname = attr_cast->get_pathname(attr_cast); - valid_path = pts->is_path_valid(pts, pathname, &pts_error); + if (valid_path && pts_error) { attr = ietf_attr_pa_tnc_error_create(PEN_TCG, @@ -378,6 +380,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, { break; } + if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF) { attr = ietf_attr_pa_tnc_error_create(PEN_TCG, @@ -385,40 +388,38 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, attr_list->insert_last(attr_list, attr); break; } - /* Get File Metadata and send them to PTS-IMV */ - DBG2(DBG_IMC, "metadata request for %s '%s'", - is_directory ? "directory" : "file", - pathname); - metadata = pts->get_metadata(pts, pathname, is_directory); - if (!metadata) + /* Do PTS File Measurements and send them to PTS-IMV */ + DBG2(DBG_IMC, "measurement request %d for %s '%s'", + request_id, is_directory ? "directory" : "file", + pathname); + measurements = pts->do_measurements(pts, request_id, + pathname, is_directory); + if (!measurements) { /* TODO handle error codes from measurements */ return FALSE; } - attr = tcg_pts_attr_unix_file_meta_create(metadata); + attr = tcg_pts_attr_file_meas_create(measurements); attr->set_noskip_flag(attr, TRUE); attr_list->insert_last(attr_list, attr); - break; } - case TCG_PTS_REQ_FILE_MEAS: + case TCG_PTS_REQ_FILE_META: { - tcg_pts_attr_req_file_meas_t *attr_cast; + tcg_pts_attr_req_file_meta_t *attr_cast; char *pathname; - u_int16_t request_id; bool is_directory; - u_int32_t delimiter; - pts_file_meas_t *measurements; + u_int8_t delimiter; + pts_file_meta_t *metadata; attr_info = attr->get_value(attr); - attr_cast = (tcg_pts_attr_req_file_meas_t*)attr; + attr_cast = (tcg_pts_attr_req_file_meta_t*)attr; is_directory = attr_cast->get_directory_flag(attr_cast); - request_id = attr_cast->get_request_id(attr_cast); delimiter = attr_cast->get_delimiter(attr_cast); pathname = attr_cast->get_pathname(attr_cast); - valid_path = pts->is_path_valid(pts, pathname, &pts_error); + valid_path = pts->is_path_valid(pts, pathname, &pts_error); if (valid_path && pts_error) { attr = ietf_attr_pa_tnc_error_create(PEN_TCG, @@ -430,7 +431,6 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, { break; } - if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF) { attr = ietf_attr_pa_tnc_error_create(PEN_TCG, @@ -438,150 +438,163 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, attr_list->insert_last(attr_list, attr); break; } + /* Get File Metadata and send them to PTS-IMV */ + DBG2(DBG_IMC, "metadata request for %s '%s'", + is_directory ? "directory" : "file", + pathname); + metadata = pts->get_metadata(pts, pathname, is_directory); - /* Do PTS File Measurements and send them to PTS-IMV */ - DBG2(DBG_IMC, "measurement request %d for %s '%s'", - request_id, is_directory ? "directory" : "file", - pathname); - measurements = pts->do_measurements(pts, request_id, - pathname, is_directory); - if (!measurements) + if (!metadata) { /* TODO handle error codes from measurements */ return FALSE; } - attr = tcg_pts_attr_file_meas_create(measurements); + attr = tcg_pts_attr_unix_file_meta_create(metadata); attr->set_noskip_flag(attr, TRUE); attr_list->insert_last(attr_list, attr); + break; } case TCG_PTS_REQ_FUNCT_COMP_EVID: { tcg_pts_attr_req_funct_comp_evid_t *attr_cast; pts_proto_caps_flag_t negotiated_caps; + enumerator_t *e; + pts_funct_comp_evid_req_t *requests; + funct_comp_evid_req_entry_t *entry; + u_int32_t requests_count; pts_attr_req_funct_comp_evid_flag_t flags; - u_int32_t sub_comp_depth; - u_int32_t comp_name_vendor_id; + u_int32_t sub_comp_depth, comp_name_vendor_id; u_int8_t family; pts_qualifier_t qualifier; pts_ita_funct_comp_name_t name; attr_info = attr->get_value(attr); attr_cast = (tcg_pts_attr_req_funct_comp_evid_t*)attr; - negotiated_caps = pts->get_proto_caps(pts); - flags = attr_cast->get_flags(attr_cast); + requests = attr_cast->get_requests(attr_cast); + requests_count = requests->get_req_count(requests); - if (flags & PTS_REQ_FUNC_COMP_FLAG_TTC) - { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_UNABLE_DET_TTC, attr_info); - attr_list->insert_last(attr_list, attr); - break; - } - if (flags & PTS_REQ_FUNC_COMP_FLAG_VER && - !(negotiated_caps & PTS_PROTO_CAPS_V)) - { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_UNABLE_LOCAL_VAL, attr_info); - attr_list->insert_last(attr_list, attr); - break; - } - if (flags & PTS_REQ_FUNC_COMP_FLAG_CURR && - !(negotiated_caps & PTS_PROTO_CAPS_C)) - { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_UNABLE_CUR_EVID, attr_info); - attr_list->insert_last(attr_list, attr); - break; - } - if (flags & PTS_REQ_FUNC_COMP_FLAG_PCR && - !(negotiated_caps & PTS_PROTO_CAPS_T)) - { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_UNABLE_DET_PCR, attr_info); - attr_list->insert_last(attr_list, attr); - break; - } + DBG1(DBG_IMC, "IMV requests evidence%s for: %d functional components", + (requests_count == 1) ? "":"s", requests_count); - sub_comp_depth = attr_cast->get_sub_component_depth(attr_cast); - if (sub_comp_depth != 0) + e = requests->create_enumerator(requests); + while (e->enumerate(e, &entry)) { - DBG1(DBG_IMC, "current version of Attestation IMC does not " - "support sub component measurement deeper than " - "zero. Measuring top level component only."); - return FALSE; - } - - comp_name_vendor_id = attr_cast->get_comp_funct_name_vendor_id( - attr_cast); - if (comp_name_vendor_id != PEN_ITA) - { - DBG1(DBG_IMC, "current version of Attestation IMC supports" - "only functional component namings by ITA"); - return FALSE; - } - - family = attr_cast->get_family(attr_cast); - if (family) - { - attr = ietf_attr_pa_tnc_error_create(PEN_TCG, - TCG_PTS_INVALID_NAME_FAM, attr_info); - attr_list->insert_last(attr_list, attr); - break; - } - - qualifier = attr_cast->get_qualifier(attr_cast); - - /* Check if Unknown or Wildcard was set for qualifier */ - if (qualifier.kernel && qualifier.sub_component && - (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_ALL)) - { - DBG2(DBG_IMC, "wildcard was set for the qualifier of functional" - " component. Identifying the component with " - "name binary enumeration"); - } - else if (!qualifier.kernel && !qualifier.sub_component && - (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_UNKNOWN)) - { - DBG2(DBG_IMC, "unknown was set for the qualifier of functional" - " component. Identifying the component with " - "name binary enumeration"); - } - else if (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_TRUSTED) - { - tcg_pts_attr_simple_comp_evid_params_t params; - - /* Set parameters of Simple Component Evidence */ - name = attr_cast->get_comp_funct_name(attr_cast); - if (!set_simple_comp_evid_params(name, ¶ms)) + flags = entry->flags; + sub_comp_depth = entry->sub_comp_depth; + comp_name_vendor_id = entry->vendor_id; + family = entry->family; + qualifier = entry->qualifier; + name = entry->name; + negotiated_caps = pts->get_proto_caps(pts); + + DBG1(DBG_IMC, "Requested Evidence flags: %d, depth: %d," + " vendor_id: %d, family: %d, qualifier %d, name: %d", + flags, sub_comp_depth, comp_name_vendor_id, family, + qualifier, name); + + if (flags & PTS_REQ_FUNC_COMP_FLAG_TTC) + { + attr = ietf_attr_pa_tnc_error_create(PEN_TCG, + TCG_PTS_UNABLE_DET_TTC, attr_info); + attr_list->insert_last(attr_list, attr); + break; + } + if (flags & PTS_REQ_FUNC_COMP_FLAG_VER && + !(negotiated_caps & PTS_PROTO_CAPS_V)) + { + attr = ietf_attr_pa_tnc_error_create(PEN_TCG, + TCG_PTS_UNABLE_LOCAL_VAL, attr_info); + attr_list->insert_last(attr_list, attr); + break; + } + if (flags & PTS_REQ_FUNC_COMP_FLAG_CURR && + !(negotiated_caps & PTS_PROTO_CAPS_C)) + { + attr = ietf_attr_pa_tnc_error_create(PEN_TCG, + TCG_PTS_UNABLE_CUR_EVID, attr_info); + attr_list->insert_last(attr_list, attr); + break; + } + if (flags & PTS_REQ_FUNC_COMP_FLAG_PCR && + !(negotiated_caps & PTS_PROTO_CAPS_T)) + { + attr = ietf_attr_pa_tnc_error_create(PEN_TCG, + TCG_PTS_UNABLE_DET_PCR, attr_info); + attr_list->insert_last(attr_list, attr); + break; + } + if (sub_comp_depth != 0) { - DBG1(DBG_IMC, "error occured while setting parameters" - "for Simple Component Evidence"); + DBG1(DBG_IMC, "current version of Attestation IMC does not " + "support sub component measurement deeper than " + "zero. Measuring top level component only."); return FALSE; } - - /* Get PCR after value from log when TBOOT is measuring entity */ - if (!(name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY || - name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE) && - !pts->read_pcr(pts, params.extended_pcr, ¶ms.pcr_after)) + if (comp_name_vendor_id != PEN_ITA) { - DBG1(DBG_IMC, "error occured while reading PCR: %d", - params.extended_pcr); + DBG1(DBG_IMC, "current version of Attestation IMC supports" + "only functional component namings by ITA"); return FALSE; } + if (family) + { + attr = ietf_attr_pa_tnc_error_create(PEN_TCG, + TCG_PTS_INVALID_NAME_FAM, attr_info); + attr_list->insert_last(attr_list, attr); + break; + } - /* Buffer Simple Component Evidence attribute */ - attr = tcg_pts_attr_simple_comp_evid_create(params); - evidences->insert_last(evidences, attr); - break; - } - else - { - DBG1(DBG_IMC, "Functional Component with unsupported type: %d" - "was requested for evidence", qualifier.type); - break; + /* Check if Unknown or Wildcard was set for qualifier */ + if (qualifier.kernel && qualifier.sub_component && + (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_ALL)) + { + DBG2(DBG_IMC, "wildcard was set for the qualifier of functional" + " component. Identifying the component with " + "name binary enumeration"); + } + else if (!qualifier.kernel && !qualifier.sub_component && + (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_UNKNOWN)) + { + DBG2(DBG_IMC, "unknown was set for the qualifier of functional" + " component. Identifying the component with " + "name binary enumeration"); + } + else if (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_TRUSTED) + { + tcg_pts_attr_simple_comp_evid_params_t params; + + /* Set parameters of Simple Component Evidence */ + if (!set_simple_comp_evid_params(name, ¶ms)) + { + DBG1(DBG_IMC, "error occured while setting parameters" + "for Simple Component Evidence"); + return FALSE; + } + + /* Get PCR after value from log when TBOOT is measuring entity */ + if (!(name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY || + name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE) && + !pts->read_pcr(pts, params.extended_pcr, ¶ms.pcr_after)) + { + DBG1(DBG_IMC, "error occured while reading PCR: %d", + params.extended_pcr); + return FALSE; + } + + /* Buffer Simple Component Evidence attribute */ + attr = tcg_pts_attr_simple_comp_evid_create(params); + evidences->insert_last(evidences, attr); + break; + } + else + { + DBG1(DBG_IMC, "Functional Component with unsupported type: %d" + "was requested for evidence", qualifier.type); + break; + } } - + e->destroy(e); break; } case TCG_PTS_GEN_ATTEST_EVID: diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c index 3f21afae6d..eae62f9010 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c @@ -207,22 +207,15 @@ bool imv_attestation_build(pa_tnc_msg_t *msg, } case IMV_ATTESTATION_STATE_COMP_EVID: { - pts_attr_req_funct_comp_evid_flag_t flags; - u_int32_t sub_comp_depth; - pts_qualifier_t qualifier; - pts_ita_funct_comp_name_t name; enumerator_t *enumerator; char *platform_info, *pathname; + pts_funct_comp_evid_req_t *requests = NULL; + funct_comp_evid_req_entry_t *entry; + bool first_req = TRUE; attestation_state->set_handshake_state(attestation_state, IMV_ATTESTATION_STATE_END); - flags = PTS_REQ_FUNC_COMP_FLAG_PCR; - sub_comp_depth = 0; - qualifier.kernel = FALSE; - qualifier.sub_component = FALSE; - qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED; - /* Get Platform and OS of the PTS-IMC */ platform_info = pts->get_platform_info(pts); if (!pts_db || !platform_info) @@ -244,13 +237,23 @@ bool imv_attestation_build(pa_tnc_msg_t *msg, } while (enumerator->enumerate(enumerator, &pathname)) { + entry = malloc_thing(funct_comp_evid_req_entry_t); + + entry->flags = PTS_REQ_FUNC_COMP_FLAG_PCR; + entry->sub_comp_depth = 0; + entry->vendor_id = PEN_ITA; + entry->family = PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM; + entry->qualifier.kernel = FALSE; + entry->qualifier.sub_component = FALSE; + entry->qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED; + if (strcmp(pathname, TBOOT_POLICY_STR) == 0) { - name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY; + entry->name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY; } else if (strcmp(pathname, TBOOT_MLE_STR) == 0) { - name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE; + entry->name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE; } else { @@ -260,17 +263,23 @@ bool imv_attestation_build(pa_tnc_msg_t *msg, return FALSE; } - /* Send Request Functional Component Evidence attribute */ - attr = tcg_pts_attr_req_funct_comp_evid_create(flags, - sub_comp_depth, PEN_ITA, qualifier, name); - attr->set_noskip_flag(attr, TRUE); - msg->add_attribute(msg, attr); - attestation_state->add_comp_evid_request( attestation_state, - PEN_ITA, qualifier, name); + + if (first_req) + { + /* Create a requests object */ + requests = pts_funct_comp_evid_req_create(); + first_req = FALSE; + } + requests->add(requests, entry); + attestation_state->add_comp_evid_request(attestation_state, entry); } enumerator->destroy(enumerator); - - + + /* Send Request Functional Component Evidence attribute */ + attr = tcg_pts_attr_req_funct_comp_evid_create(requests); + attr->set_noskip_flag(attr, TRUE); + msg->add_attribute(msg, attr); + /* Send Generate Attestation Evidence attribute */ attr = tcg_pts_attr_gen_attest_evid_create(); attr->set_noskip_flag(attr, TRUE); diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c index 8a6aa1e029..518ab41f4f 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c @@ -271,15 +271,14 @@ METHOD(imv_attestation_state_t, get_file_meas_request_count, int, } METHOD(imv_attestation_state_t, add_comp_evid_request, void, - private_imv_attestation_state_t *this, u_int32_t vendor_id, - pts_qualifier_t qualifier, pts_ita_funct_comp_name_t comp_name) + private_imv_attestation_state_t *this, funct_comp_evid_req_entry_t *entry) { comp_evid_request_t *request; request = malloc_thing(comp_evid_request_t); - request->vendor_id = vendor_id; - request->qualifier = qualifier; - request->name = comp_name; + request->vendor_id = entry->vendor_id; + request->qualifier = entry->qualifier; + request->name = entry->name; this->comp_evid_requests->insert_last(this->comp_evid_requests, request); } diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.h b/src/libimcv/plugins/imv_attestation/imv_attestation_state.h index c329b89deb..310f702dc0 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.h +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.h @@ -105,13 +105,10 @@ struct imv_attestation_state_t { /** * Add an entry to the list of pending Function Component Evidences * - * @param vendor_id Functional Component Name Vendor ID - * @param qualifier Qualifier of the requested Functional Component - * @param comp_name Name of the requested Functional Component + * @param entry Functional Component Evidence Request */ void (*add_comp_evid_request)(imv_attestation_state_t *this, - u_int32_t vendor_id, pts_qualifier_t qualifier, - pts_ita_funct_comp_name_t comp_name); + funct_comp_evid_req_entry_t *entry); /** * Returns the number of pending Function Component Evidences diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h index af49de7af5..4fb247ce30 100644 --- a/src/libpts/pts/pts.h +++ b/src/libpts/pts/pts.h @@ -31,6 +31,7 @@ typedef struct pcr_entry_t pcr_entry_t; #include "pts_file_meta.h" #include "pts_dh_group.h" #include "pts_funct_comp_name.h" +#include "pts_funct_comp_evid_req.h" #include #include diff --git a/src/libpts/pts/pts_funct_comp_name.h b/src/libpts/pts/pts_funct_comp_name.h index 25b1028d64..db63c7100b 100644 --- a/src/libpts/pts/pts_funct_comp_name.h +++ b/src/libpts/pts/pts_funct_comp_name.h @@ -26,6 +26,7 @@ typedef enum pts_funct_comp_name_t pts_funct_comp_name_t; typedef enum pts_ita_funct_comp_type_t pts_ita_funct_comp_type_t; typedef enum pts_ita_funct_comp_name_t pts_ita_funct_comp_name_t; typedef struct pts_qualifier_t pts_qualifier_t; +typedef struct pts_comp_funct_name_t pts_comp_funct_name_t; /** * PTS Component Functional Type for Qualifier field @@ -115,4 +116,13 @@ struct pts_qualifier_t { pts_ita_funct_comp_type_t type; }; +/** + * Component Functional Name + */ +struct pts_comp_funct_name_t { + u_int32_t vendor_id; + u_int8_t family_qualifier; + u_int32_t name; +}; + #endif /** PTS_FUNCT_COMP_NAME_H_ @}*/ diff --git a/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c b/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c index 7f08f57de8..f1249d64a3 100644 --- a/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c +++ b/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c @@ -30,11 +30,20 @@ typedef struct private_tcg_pts_attr_req_funct_comp_evid_t private_tcg_pts_attr_r * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Flags | Sub-component Depth | + * | Flags | Sub-component Depth (for Component #1) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Component Functional Name | + * | Component Functional Name #1 | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Component Functional Name #1 | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | ........ | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Flags | Sub-component Depth (for Component #N) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Component Functional Name #N | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Component Functional Name #N | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * */ /** @@ -63,7 +72,6 @@ typedef struct private_tcg_pts_attr_req_funct_comp_evid_t private_tcg_pts_attr_r */ #define PTS_REQ_FUNCT_COMP_EVID_SIZE 12 -#define PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM 0x00 /** * Private data of an tcg_pts_attr_req_funct_comp_evid_t object. @@ -94,36 +102,11 @@ struct private_tcg_pts_attr_req_funct_comp_evid_t { * Noskip flag */ bool noskip_flag; - - /** - * Set of flags for Request Functional Component - */ - pts_attr_req_funct_comp_evid_flag_t flags; /** - * Sub-component Depth + * PTS Functional Component Evidence Requests */ - u_int32_t depth; - - /** - * Component Functional Name Vendor ID - */ - u_int32_t comp_vendor_id; - - /** - * Functional Name Encoding Family - */ - u_int8_t family; - - /** - * Functional Name Category Qualifier - */ - pts_qualifier_t qualifier; - - /** - * Component Functional Name - */ - pts_ita_funct_comp_name_t name; + pts_funct_comp_evid_req_t *requests; }; METHOD(pa_tnc_attr_t, get_vendor_id, pen_t, @@ -160,31 +143,38 @@ METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_req_funct_comp_evid_t *this) { bio_writer_t *writer; + enumerator_t *enumerator; u_int8_t qualifier = 0; + funct_comp_evid_req_entry_t *entry; writer = bio_writer_create(PTS_REQ_FUNCT_COMP_EVID_SIZE); - - writer->write_uint8(writer, this->flags); - writer->write_uint24 (writer, this->depth); - writer->write_uint24 (writer, this->comp_vendor_id); - - if (this->family != PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM) - { - DBG1(DBG_TNC, "Functional Name Encoding Family is not set to 00"); - } - - qualifier += this->qualifier.type; - if (this->qualifier.kernel) - { - qualifier += 16; - } - if (this->qualifier.sub_component) + + enumerator = this->requests->create_enumerator(this->requests); + while (enumerator->enumerate(enumerator, &entry)) { - qualifier += 32; + writer->write_uint8(writer, entry->flags); + writer->write_uint24 (writer, entry->sub_comp_depth); + writer->write_uint24 (writer, entry->vendor_id); + + if (entry->family != PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM) + { + DBG1(DBG_TNC, "Functional Name Encoding Family is not set to 00"); + } + + qualifier += entry->qualifier.type; + if (entry->qualifier.kernel) + { + qualifier += 16; + } + if (entry->qualifier.sub_component) + { + qualifier += 32; + } + writer->write_uint8 (writer, qualifier); + writer->write_uint32 (writer, entry->name); } - writer->write_uint8 (writer, qualifier); - writer->write_uint32 (writer, this->name); - + enumerator->destroy(enumerator); + this->value = chunk_clone(writer->get_buf(writer)); writer->destroy(writer); } @@ -193,8 +183,11 @@ METHOD(pa_tnc_attr_t, process, status_t, private_tcg_pts_attr_req_funct_comp_evid_t *this, u_int32_t *offset) { bio_reader_t *reader; - u_int8_t flags; - u_int8_t fam_and_qualifier; + u_int8_t flags, fam_and_qualifier, family = 0; + status_t status = FAILED; + funct_comp_evid_req_entry_t *entry = NULL; + u_int32_t sub_comp_depth, vendor_id, comp_name; + pts_qualifier_t qualifier; if (this->value.len < PTS_REQ_FUNCT_COMP_EVID_SIZE) { @@ -202,108 +195,106 @@ METHOD(pa_tnc_attr_t, process, status_t, *offset = 0; return FAILED; } - reader = bio_reader_create(this->value); - reader->read_uint8(reader, &flags); - this->flags = flags; + reader = bio_reader_create(this->value); + this->requests = pts_funct_comp_evid_req_create(); - reader->read_uint24(reader, &this->depth); - reader->read_uint24(reader, &this->comp_vendor_id); - reader->read_uint8(reader, &fam_and_qualifier); - - if (((fam_and_qualifier >> 6) & 1) ) - { - this->family += 1; - } - if (((fam_and_qualifier >> 7) & 1) ) + while (reader->remaining(reader)) { - this->family += 2; - } + if (!reader->read_uint8(reader, &flags)) + { + DBG1(DBG_TNC, "insufficient data for PTS Request Functional" + " Component Evidence Flags"); + goto end; + } + if (!reader->read_uint24(reader, &sub_comp_depth)) + { + DBG1(DBG_TNC, "insufficient data for PTS Request Functional" + " Component Evidence Sub Component Depth"); + goto end; + } + if (!reader->read_uint24(reader, &vendor_id)) + { + DBG1(DBG_TNC, "insufficient data for PTS Request Functional" + " Component Evidence Component Name Vendor ID"); + goto end; + } + if (!reader->read_uint8(reader, &fam_and_qualifier)) + { + DBG1(DBG_TNC, "insufficient data for PTS Request Functional" + " Component Evidence Family and Qualifier"); + goto end; + } + if (!reader->read_uint32(reader, &comp_name)) + { + DBG1(DBG_TNC, "insufficient data for PTS Request Functional" + " Component Evidence Component Functional Name"); + goto end; + } + + DBG1(DBG_TNC, "Fam and Qualifier: %d", fam_and_qualifier); + + entry = malloc_thing(funct_comp_evid_req_entry_t); + + if (((fam_and_qualifier >> 6) & 1) ) + { + family += 1; + } + if (((fam_and_qualifier >> 7) & 1) ) + { + family += 2; + } - if (((fam_and_qualifier >> 5) & 1) ) - { - this->qualifier.kernel = true; + if (((fam_and_qualifier >> 5) & 1) ) + { + qualifier.kernel = TRUE; + } + if (((fam_and_qualifier >> 4) & 1) ) + { + qualifier.sub_component = TRUE; + } + qualifier.type = (fam_and_qualifier & 0xFF); + + entry->flags = flags; + entry->sub_comp_depth = sub_comp_depth; + entry->vendor_id = vendor_id; + entry->family = family; + entry->qualifier = qualifier; + entry->name = comp_name; + + this->requests->add(this->requests, entry); } - if (((fam_and_qualifier >> 4) & 1) ) + status = SUCCESS; + +end: + if (entry) { - this->qualifier.sub_component = true; + free(entry); } - this->qualifier.type = ( fam_and_qualifier & 0xF ); - reader->read_uint32(reader, &this->name); - reader->destroy(reader); - return SUCCESS; + return status; } METHOD(pa_tnc_attr_t, destroy, void, private_tcg_pts_attr_req_funct_comp_evid_t *this) { + this->requests->destroy(this->requests); free(this->value.ptr); free(this); } -METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_flags, pts_attr_req_funct_comp_evid_flag_t, - private_tcg_pts_attr_req_funct_comp_evid_t *this) -{ - return this->flags; -} - -METHOD(tcg_pts_attr_req_funct_comp_evid_t, set_flags, void, - private_tcg_pts_attr_req_funct_comp_evid_t *this, pts_attr_req_funct_comp_evid_flag_t flags) -{ - this->flags = flags; -} - -METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_sub_component_depth, u_int32_t, - private_tcg_pts_attr_req_funct_comp_evid_t *this) -{ - return this->depth; -} - -METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_comp_funct_name_vendor_id, u_int32_t, - private_tcg_pts_attr_req_funct_comp_evid_t *this) -{ - return this->comp_vendor_id; -} - -METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_family, u_int8_t, - private_tcg_pts_attr_req_funct_comp_evid_t *this) -{ - return this->family; -} - -METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_qualifier, pts_qualifier_t, - private_tcg_pts_attr_req_funct_comp_evid_t *this) -{ - return this->qualifier; -} - -METHOD(tcg_pts_attr_req_funct_comp_evid_t, set_qualifier, void, - private_tcg_pts_attr_req_funct_comp_evid_t *this, pts_qualifier_t qualifier) -{ - this->qualifier = qualifier; -} - -METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_comp_funct_name, pts_ita_funct_comp_name_t, - private_tcg_pts_attr_req_funct_comp_evid_t *this) -{ - return this->name; -} - -METHOD(tcg_pts_attr_req_funct_comp_evid_t, set_comp_funct_name, void, - private_tcg_pts_attr_req_funct_comp_evid_t *this, pts_ita_funct_comp_name_t name) +METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_requests, + pts_funct_comp_evid_req_t*, + private_tcg_pts_attr_req_funct_comp_evid_t *this) { - this->name = name; + return this->requests; } /** * Described in header. */ pa_tnc_attr_t *tcg_pts_attr_req_funct_comp_evid_create( - pts_attr_req_funct_comp_evid_flag_t flags, - u_int32_t depth, u_int32_t vendor_id, - pts_qualifier_t qualifier, - pts_ita_funct_comp_name_t name) + pts_funct_comp_evid_req_t *requests) { private_tcg_pts_attr_req_funct_comp_evid_t *this; @@ -319,24 +310,11 @@ pa_tnc_attr_t *tcg_pts_attr_req_funct_comp_evid_create( .process = _process, .destroy = _destroy, }, - .get_flags= _get_flags, - .set_flags= _set_flags, - .get_sub_component_depth = _get_sub_component_depth, - .get_comp_funct_name_vendor_id = _get_comp_funct_name_vendor_id, - .get_family = _get_family, - .get_qualifier = _get_qualifier, - .set_qualifier = _set_qualifier, - .get_comp_funct_name = _get_comp_funct_name, - .set_comp_funct_name = _set_comp_funct_name, + .get_requests = _get_requests, }, .vendor_id = PEN_TCG, .type = TCG_PTS_REQ_FUNCT_COMP_EVID, - .flags = flags, - .depth = depth, - .comp_vendor_id = vendor_id, - .family = PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM, - .qualifier = qualifier, - .name = name, + .requests = requests, ); return &this->public.pa_tnc_attribute; @@ -362,15 +340,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_funct_comp_evid_create_from_data(chunk_t data) .process = _process, .destroy = _destroy, }, - .get_flags= _get_flags, - .set_flags= _set_flags, - .get_sub_component_depth = _get_sub_component_depth, - .get_comp_funct_name_vendor_id = _get_comp_funct_name_vendor_id, - .get_family = _get_family, - .get_qualifier = _get_qualifier, - .set_qualifier = _set_qualifier, - .get_comp_funct_name = _get_comp_funct_name, - .set_comp_funct_name = _set_comp_funct_name, + .get_requests = _get_requests, }, .vendor_id = PEN_TCG, .type = TCG_PTS_REQ_FUNCT_COMP_EVID, diff --git a/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.h b/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.h index bddedb0df6..668906a3d7 100644 --- a/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.h +++ b/src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.h @@ -22,25 +22,12 @@ #define TCG_PTS_ATTR_REQ_FUNCT_COMP_EVID_H_ typedef struct tcg_pts_attr_req_funct_comp_evid_t tcg_pts_attr_req_funct_comp_evid_t; -typedef enum pts_attr_req_funct_comp_evid_flag_t pts_attr_req_funct_comp_evid_flag_t; #include "tcg_attr.h" #include "pts/pts_funct_comp_name.h" +#include "pts/pts_funct_comp_evid_req.h" #include "pa_tnc/pa_tnc_attr.h" -/** - * PTS Request Functional Component Evidence Flags - */ -enum pts_attr_req_funct_comp_evid_flag_t { - /** Transitive Trust Chain flag */ - PTS_REQ_FUNC_COMP_FLAG_TTC = (1<<7), - /** Verify Component flag */ - PTS_REQ_FUNC_COMP_FLAG_VER = (1<<6), - /** Current Evidence flag */ - PTS_REQ_FUNC_COMP_FLAG_CURR = (1<<5), - /** PCR Information flag */ - PTS_REQ_FUNC_COMP_FLAG_PCR = (1<<4), -}; /** * Class implementing the TCG PTS Request Functional Component Evidence attribute @@ -54,71 +41,12 @@ struct tcg_pts_attr_req_funct_comp_evid_t { pa_tnc_attr_t pa_tnc_attribute; /** - * Get flags for PTS Request Functional Component Evidence - * - * @return Set of flags - */ - pts_attr_req_funct_comp_evid_flag_t (*get_flags)(tcg_pts_attr_req_funct_comp_evid_t *this); - - /** - * Set flags for PTS Request Functional Component Evidence - * - * @param flags Set of flags - */ - void (*set_flags)(tcg_pts_attr_req_funct_comp_evid_t *this, - pts_attr_req_funct_comp_evid_flag_t flags); - - /** - * Get Sub-component Depth - * - * @return Sub-component Depth - */ - u_int32_t (*get_sub_component_depth)(tcg_pts_attr_req_funct_comp_evid_t *this); - - /** - * Get Component Functional Name Vendor ID - * - * @return Component Functional Name Vendor ID - */ - u_int32_t (*get_comp_funct_name_vendor_id)(tcg_pts_attr_req_funct_comp_evid_t *this); - - /** - * Get Family - * - * @return Functional Name Family - */ - u_int8_t (*get_family)(tcg_pts_attr_req_funct_comp_evid_t *this); - - /** - * Get Qualifier - * - * @return Functional Name Category Qualifier - */ - pts_qualifier_t (*get_qualifier)(tcg_pts_attr_req_funct_comp_evid_t *this); - - /** - * Set qualifier for Component Functional Name - * - * @param qualifier Functional Name Category Qualifier - */ - void (*set_qualifier)(tcg_pts_attr_req_funct_comp_evid_t *this, - pts_qualifier_t qualifier); - - /** - * Get Component Functional Name - * - * @return Component Functional Name - */ - pts_ita_funct_comp_name_t (*get_comp_funct_name)(tcg_pts_attr_req_funct_comp_evid_t *this); - - - /** - * Set Component Functional Name + * Get PTS Functional Component Evidence Requests * - * @param name Component Functional Name + * @return PTS Functional Component Evidence Requests */ - void (*set_comp_funct_name)(tcg_pts_attr_req_funct_comp_evid_t *this, - pts_ita_funct_comp_name_t name); + pts_funct_comp_evid_req_t* (*get_requests)( + tcg_pts_attr_req_funct_comp_evid_t *this); }; @@ -126,16 +54,10 @@ struct tcg_pts_attr_req_funct_comp_evid_t { /** * Creates an tcg_pts_attr_req_funct_comp_evid_t object * - * @param flags Set of flags - * @param depth Sub-component Depth - * @param vendor_id Component Functional Name Vendor ID - * @param qualifier Functional Name Category Qualifier - * @param name Component Functional Name + * @param requests Linked list of PTS Functional Component Evidence Requests */ -pa_tnc_attr_t* tcg_pts_attr_req_funct_comp_evid_create(pts_attr_req_funct_comp_evid_flag_t flags, - u_int32_t depth, u_int32_t vendor_id, - pts_qualifier_t qualifier, - pts_ita_funct_comp_name_t name); +pa_tnc_attr_t* tcg_pts_attr_req_funct_comp_evid_create( + pts_funct_comp_evid_req_t *requests); /** * Creates an tcg_pts_attr_req_funct_comp_evid_t object from received data -- 2.47.2