From 74eb850dc0ff5fd62ee9d71dfb82a54189a258c9 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Sat, 10 Sep 2011 22:35:43 +0200 Subject: [PATCH] introduced a PA-TNC attribute manager --- src/libimcv/Makefile.am | 8 +- src/libimcv/ietf/ietf_attr.c | 31 ++++ src/libimcv/ietf/ietf_attr.h | 10 ++ src/libimcv/imcv.c | 47 +++++- src/libimcv/imcv.h | 7 + src/libimcv/ita/ita_attr.c | 14 ++ src/libimcv/ita/ita_attr.h | 10 ++ src/libimcv/pa_tnc/pa_tnc_attr.c | 138 ---------------- src/libimcv/pa_tnc/pa_tnc_attr.h | 19 --- src/libimcv/pa_tnc/pa_tnc_attr_manager.c | 155 ++++++++++++++++++ src/libimcv/pa_tnc/pa_tnc_attr_manager.h | 85 ++++++++++ src/libimcv/pa_tnc/pa_tnc_msg.c | 36 +--- .../plugins/imc_attestation/imc_attestation.c | 16 +- .../plugins/imv_attestation/imv_attestation.c | 16 +- src/libpts/Makefile.am | 1 + src/libpts/libpts.c | 62 +++++++ src/libpts/libpts.h | 42 +++++ src/libpts/tcg/tcg_attr.c | 67 ++++++++ src/libpts/tcg/tcg_attr.h | 9 + 19 files changed, 568 insertions(+), 205 deletions(-) delete mode 100644 src/libimcv/pa_tnc/pa_tnc_attr.c create mode 100644 src/libimcv/pa_tnc/pa_tnc_attr_manager.c create mode 100644 src/libimcv/pa_tnc/pa_tnc_attr_manager.h create mode 100644 src/libpts/libpts.c create mode 100644 src/libpts/libpts.h diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index 1bbfd29f69..1b240a1d9a 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -15,16 +15,12 @@ libimcv_la_SOURCES = \ ietf/ietf_attr_product_info.h ietf/ietf_attr_product_info.c \ ita/ita_attr.h ita/ita_attr.c \ ita/ita_attr_command.h ita/ita_attr_command.c \ + pa_tnc/pa_tnc_attr.h \ pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \ - pa_tnc/pa_tnc_attr.h pa_tnc/pa_tnc_attr.c + pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c SUBDIRS = . -if USE_PTS - INCLUDES += -I$(top_srcdir)/src/libpts - AM_CFLAGS = -DUSE_PTS -endif - if USE_IMC_TEST SUBDIRS += plugins/imc_test endif diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c index 04ee0397d8..89c6fc8dbb 100644 --- a/src/libimcv/ietf/ietf_attr.c +++ b/src/libimcv/ietf/ietf_attr.c @@ -13,6 +13,9 @@ */ #include "ietf_attr.h" +#include "ietf/ietf_attr_pa_tnc_error.h" +#include "ietf/ietf_attr_port_filter.h" +#include "ietf/ietf_attr_product_info.h" ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, "Testing", @@ -30,3 +33,31 @@ ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, "Factory Default Password Enabled", ); +/** + * See header + */ +pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value) +{ + switch (type) + { + case IETF_ATTR_PORT_FILTER: + return ietf_attr_port_filter_create_from_data(value); + case IETF_ATTR_PA_TNC_ERROR: + return ietf_attr_pa_tnc_error_create_from_data(value); + case IETF_ATTR_PRODUCT_INFORMATION: + return ietf_attr_product_info_create_from_data(value); + case IETF_ATTR_TESTING: + case IETF_ATTR_ATTRIBUTE_REQUEST: + case IETF_ATTR_NUMERIC_VERSION: + case IETF_ATTR_STRING_VERSION: + case IETF_ATTR_OPERATIONAL_STATUS: + case IETF_ATTR_INSTALLED_PACKAGES: + case IETF_ATTR_ASSESSMENT_RESULT: + case IETF_ATTR_REMEDIATION_INSTRUCTIONS: + case IETF_ATTR_FORWARDING_ENABLED: + case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: + case IETF_ATTR_RESERVED: + default: + return NULL; + } +} diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h index facfbf1a82..a1ba42565e 100644 --- a/src/libimcv/ietf/ietf_attr.h +++ b/src/libimcv/ietf/ietf_attr.h @@ -21,6 +21,8 @@ #ifndef IETF_ATTR_H_ #define IETF_ATTR_H_ +#include "pa_tnc/pa_tnc_attr.h" + #include typedef enum ietf_attr_t ietf_attr_t; @@ -50,4 +52,12 @@ enum ietf_attr_t { */ extern enum_name_t *ietf_attr_names; +/** + * Create an IETF PA-TNC attribute from data + * + * @param type attribute type + * @param value attribute value + */ +pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value); + #endif /** IETF_ATTR_H_ @}*/ diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c index 9b06e064e8..a8c0af47b4 100644 --- a/src/libimcv/imcv.c +++ b/src/libimcv/imcv.c @@ -13,18 +13,31 @@ */ #include "imcv.h" +#include "ietf/ietf_attr.h" +#include "ita/ita_attr.h" -#include "utils.h" +#include #include +#include #include #define IMCV_DEBUG_LEVEL 1 /** - * Reference count for IMC/IMV instances + * PA-TNC attribute manager */ -refcount_t ref = 0; +pa_tnc_attr_manager_t *imcv_pa_tnc_attributes; + +/** + * Reference count for libimcv + */ +static refcount_t libimcv_ref = 0; + +/** + * Reference count for libstrongswan + */ +static refcount_t libstrongswan_ref = 0; /** * Global configuration of imcv dbg function @@ -81,9 +94,9 @@ bool libimcv_init(void) if (lib) { /* did main program initialize libstrongswan? */ - if (ref == 0) + if (libstrongswan_ref == 0) { - ref_get(&ref); + ref_get(&libstrongswan_ref); } } else @@ -94,7 +107,8 @@ bool libimcv_init(void) return FALSE; } - if (!lib->plugins->load(lib->plugins, NULL, "random")) + if (!lib->plugins->load(lib->plugins, NULL, + "sha1 sha2 random gmp pubkey x509")) { library_deinit(); return FALSE; @@ -109,10 +123,20 @@ bool libimcv_init(void) /* activate the imcv debugging hook */ dbg = imcv_dbg; openlog("imcv", 0, LOG_DAEMON); + } + ref_get(&libstrongswan_ref); + if (libimcv_ref == 0) + { + /* initialize the PA-TNC attribute manager */ + imcv_pa_tnc_attributes = pa_tnc_attr_manager_create(); + imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF, + ietf_attr_create_from_data, ietf_attr_names); + imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA, + ita_attr_create_from_data, ita_attr_names); DBG1(DBG_LIB, "libimcv initialized"); } - ref_get(&ref); + ref_get(&libimcv_ref); return TRUE; } @@ -122,11 +146,16 @@ bool libimcv_init(void) */ void libimcv_deinit(void) { - if (ref_put(&ref)) + if (ref_put(&libimcv_ref)) { + imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF); + imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA); + DESTROY_IF(imcv_pa_tnc_attributes); DBG1(DBG_LIB, "libimcv terminated"); + } + if (ref_put(&libstrongswan_ref)) + { library_deinit(); } } - diff --git a/src/libimcv/imcv.h b/src/libimcv/imcv.h index 85c33502d7..a1a5a5f437 100644 --- a/src/libimcv/imcv.h +++ b/src/libimcv/imcv.h @@ -25,6 +25,8 @@ #ifndef IMCV_H_ #define IMCV_H_ +#include "pa_tnc/pa_tnc_attr_manager.h" + #include /** @@ -39,4 +41,9 @@ bool libimcv_init(void); */ void libimcv_deinit(void); +/** + * PA-TNC attribute manager + */ +extern pa_tnc_attr_manager_t* imcv_pa_tnc_attributes; + #endif /** IMCV_H_ @}*/ diff --git a/src/libimcv/ita/ita_attr.c b/src/libimcv/ita/ita_attr.c index 7dda74294a..ec23c11eaa 100644 --- a/src/libimcv/ita/ita_attr.c +++ b/src/libimcv/ita/ita_attr.c @@ -14,8 +14,22 @@ */ #include "ita_attr.h" +#include "ita/ita_attr_command.h" ENUM(ita_attr_names, ITA_ATTR_COMMAND, ITA_ATTR_COMMAND, "Command", ); +/** + * See header + */ +pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, chunk_t value) +{ + switch (type) + { + case ITA_ATTR_COMMAND: + return ita_attr_command_create_from_data(value); + default: + return NULL; + } +} diff --git a/src/libimcv/ita/ita_attr.h b/src/libimcv/ita/ita_attr.h index a1b233ee6f..82debdd1e5 100644 --- a/src/libimcv/ita/ita_attr.h +++ b/src/libimcv/ita/ita_attr.h @@ -21,6 +21,8 @@ #ifndef ITA_ATTR_H_ #define ITA_ATTR_H_ +#include "pa_tnc/pa_tnc_attr.h" + #include typedef enum ita_attr_t ita_attr_t; @@ -37,4 +39,12 @@ enum ita_attr_t { */ extern enum_name_t *ita_attr_names; +/** + * Create a ITA PA-TNC attribute from data + * + * @param type attribute type + * @param value attribute value + */ +pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, chunk_t value); + #endif /** ITA_ATTR_H_ @}*/ diff --git a/src/libimcv/pa_tnc/pa_tnc_attr.c b/src/libimcv/pa_tnc/pa_tnc_attr.c deleted file mode 100644 index c927e23e01..0000000000 --- a/src/libimcv/pa_tnc/pa_tnc_attr.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (C) 2011 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "pa_tnc_attr.h" -#include "ietf/ietf_attr.h" -#include "ietf/ietf_attr_pa_tnc_error.h" -#include "ietf/ietf_attr_port_filter.h" -#include "ietf/ietf_attr_product_info.h" - -#ifdef USE_PTS -#include "tcg/tcg_attr.h" -#include "tcg/tcg_pts_attr_proto_caps.h" -#include "tcg/tcg_pts_attr_meas_algo.h" -#include "tcg/tcg_pts_attr_get_tpm_version_info.h" -#include "tcg/tcg_pts_attr_tpm_version_info.h" -#include "tcg/tcg_pts_attr_get_aik.h" -#include "tcg/tcg_pts_attr_aik.h" -#include "tcg/tcg_pts_attr_req_funct_comp_evid.h" -#include "tcg/tcg_pts_attr_gen_attest_evid.h" -#include "tcg/tcg_pts_attr_simple_comp_evid.h" -#include "tcg/tcg_pts_attr_simple_evid_final.h" -#include "tcg/tcg_pts_attr_req_file_meas.h" -#include "tcg/tcg_pts_attr_file_meas.h" -#endif /* USE_PTS */ - -#include "ita/ita_attr.h" -#include "ita/ita_attr_command.h" - -/** - * See header - */ -pa_tnc_attr_t* pa_tnc_attr_create_from_data(pen_t vendor_id, u_int32_t type, - chunk_t value) -{ - switch (vendor_id) - { - case PEN_IETF: - switch (type) - { - case IETF_ATTR_PORT_FILTER: - return ietf_attr_port_filter_create_from_data(value); - case IETF_ATTR_PA_TNC_ERROR: - return ietf_attr_pa_tnc_error_create_from_data(value); - case IETF_ATTR_PRODUCT_INFORMATION: - return ietf_attr_product_info_create_from_data(value); - case IETF_ATTR_TESTING: - case IETF_ATTR_ATTRIBUTE_REQUEST: - case IETF_ATTR_NUMERIC_VERSION: - case IETF_ATTR_STRING_VERSION: - case IETF_ATTR_OPERATIONAL_STATUS: - case IETF_ATTR_INSTALLED_PACKAGES: - case IETF_ATTR_ASSESSMENT_RESULT: - case IETF_ATTR_REMEDIATION_INSTRUCTIONS: - case IETF_ATTR_FORWARDING_ENABLED: - case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: - case IETF_ATTR_RESERVED: - default: - break; - } - break; -#ifdef USE_PTS - case PEN_TCG: - switch (type) - { - case TCG_PTS_REQ_PROTO_CAPS: - return tcg_pts_attr_proto_caps_create_from_data(value, TRUE); - case TCG_PTS_PROTO_CAPS: - return tcg_pts_attr_proto_caps_create_from_data(value, FALSE); - case TCG_PTS_MEAS_ALGO: - return tcg_pts_attr_meas_algo_create_from_data(value, FALSE); - case TCG_PTS_MEAS_ALGO_SELECTION: - return tcg_pts_attr_meas_algo_create_from_data(value, TRUE); - case TCG_PTS_GET_TPM_VERSION_INFO: - return tcg_pts_attr_get_tpm_version_info_create_from_data(value); - case TCG_PTS_TPM_VERSION_INFO: - return tcg_pts_attr_tpm_version_info_create_from_data(value); - case TCG_PTS_GET_AIK: - return tcg_pts_attr_get_aik_create_from_data(value); - case TCG_PTS_AIK: - return tcg_pts_attr_aik_create_from_data(value); - case TCG_PTS_REQ_FUNCT_COMP_EVID: - return tcg_pts_attr_req_funct_comp_evid_create_from_data(value); - case TCG_PTS_GEN_ATTEST_EVID: - return tcg_pts_attr_gen_attest_evid_create_from_data(value); - case TCG_PTS_SIMPLE_COMP_EVID: - return tcg_pts_attr_simple_comp_evid_create_from_data(value); - case TCG_PTS_SIMPLE_EVID_FINAL: - return tcg_pts_attr_simple_evid_final_create_from_data(value); - case TCG_PTS_REQ_FILE_MEAS: - return tcg_pts_attr_req_file_meas_create_from_data(value); - case TCG_PTS_FILE_MEAS: - return tcg_pts_attr_file_meas_create_from_data(value); - case TCG_PTS_DH_NONCE_PARAMS_REQ: - case TCG_PTS_DH_NONCE_PARAMS_RESP: - case TCG_PTS_DH_NONCE_FINISH: - case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META: - case TCG_PTS_TEMPL_REF_MANI_SET_META: - case TCG_PTS_UPDATE_TEMPL_REF_MANI: - case TCG_PTS_VERIFICATION_RESULT: - case TCG_PTS_INTEG_REPORT: - case TCG_PTS_REQ_FILE_META: - case TCG_PTS_WIN_FILE_META: - case TCG_PTS_UNIX_FILE_META: - case TCG_PTS_REQ_REGISTRY_VALUE: - case TCG_PTS_REGISTRY_VALUE: - case TCG_PTS_REQ_INTEG_MEAS_LOG: - case TCG_PTS_INTEG_MEAS_LOG: - default: - break; - } - break; -#endif /* HAVE _PTS */ - case PEN_ITA: - switch (type) - { - case ITA_ATTR_COMMAND: - return ita_attr_command_create_from_data(value); - default: - break; - } - break; - default: - break; - } - return NULL; -} diff --git a/src/libimcv/pa_tnc/pa_tnc_attr.h b/src/libimcv/pa_tnc/pa_tnc_attr.h index 07dd9935e8..b6057a70bd 100644 --- a/src/libimcv/pa_tnc/pa_tnc_attr.h +++ b/src/libimcv/pa_tnc/pa_tnc_attr.h @@ -26,14 +26,6 @@ typedef struct pa_tnc_attr_t pa_tnc_attr_t; #include #include -/** - * Return the PA-TNC attribute names for a given PEN - * - * @param pen Private Enterprise Number (PEN) - * @return pa_attr_names if found, NULL else - */ -extern enum_name_t *get_pa_attr_names(pen_t pen); - /** * Interface for an RFC 5792 PA-TNC Posture Attribute. * @@ -101,15 +93,4 @@ struct pa_tnc_attr_t { void (*destroy)(pa_tnc_attr_t *this); }; -/** - * Create a PA-TNC attribute from data - * - * @param vendor_id attribute vendor ID - * @param type attribute type - * @param value attribute value - * - */ -pa_tnc_attr_t* pa_tnc_attr_create_from_data(pen_t vendor_id, u_int32_t type, - chunk_t value); - #endif /** PA_TNC_ATTR_H_ @}*/ diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.c b/src/libimcv/pa_tnc/pa_tnc_attr_manager.c new file mode 100644 index 0000000000..1de89d87d9 --- /dev/null +++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.c @@ -0,0 +1,155 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pa_tnc_attr_manager.h" + +#include +#include + +typedef struct private_pa_tnc_attr_manager_t private_pa_tnc_attr_manager_t; +typedef struct entry_t entry_t; + +struct entry_t { + pen_t vendor_id; + enum_name_t *attr_names; + pa_tnc_attr_create_t attr_create; +}; + +/** + * Private data of a pa_tnc_attr_manager_t object. + * + */ +struct private_pa_tnc_attr_manager_t { + + /** + * Public pa_tnc_attr_manager_t interface. + */ + pa_tnc_attr_manager_t public; + + /** + * List of PA-TNC vendor attributes + */ + linked_list_t *list; +}; + +METHOD(pa_tnc_attr_manager_t, add_vendor, void, + private_pa_tnc_attr_manager_t *this, pen_t vendor_id, + pa_tnc_attr_create_t attr_create, enum_name_t *attr_names) +{ + entry_t *entry; + + entry = malloc_thing(entry_t); + entry->vendor_id = vendor_id; + entry->attr_create = attr_create; + entry->attr_names = attr_names; + + this->list->insert_last(this->list, entry); + DBG2(DBG_TNC, "added %N attributes", pen_names, vendor_id); +} + +METHOD(pa_tnc_attr_manager_t, remove_vendor, void, + private_pa_tnc_attr_manager_t *this, pen_t vendor_id) +{ + enumerator_t *enumerator; + entry_t *entry; + + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->vendor_id == vendor_id) + { + this->list->remove_at(this->list, enumerator); + free(entry); + DBG2(DBG_TNC, "removed %N attributes", pen_names, vendor_id); + } + } + enumerator->destroy(enumerator); +} + +METHOD(pa_tnc_attr_manager_t, get_names, enum_name_t*, + private_pa_tnc_attr_manager_t *this, pen_t vendor_id) +{ + enumerator_t *enumerator; + entry_t *entry; + enum_name_t *attr_names = NULL; + + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->vendor_id == vendor_id) + { + attr_names = entry->attr_names; + break; + } + } + enumerator->destroy(enumerator); + + return attr_names; +} + +METHOD(pa_tnc_attr_manager_t, create, pa_tnc_attr_t*, + private_pa_tnc_attr_manager_t *this, pen_t vendor_id, u_int32_t type, + chunk_t value) +{ + enumerator_t *enumerator; + entry_t *entry; + pa_tnc_attr_t *attr = NULL; + + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->vendor_id == vendor_id) + { + if (entry->attr_create) + { + attr = entry->attr_create(type, value); + } + break; + } + } + enumerator->destroy(enumerator); + + return attr; +} + +METHOD(pa_tnc_attr_manager_t, destroy, void, + private_pa_tnc_attr_manager_t *this) +{ + this->list->destroy_function(this->list, free); + free(this); +} + +/** + * See header + */ +pa_tnc_attr_manager_t *pa_tnc_attr_manager_create(void) +{ + private_pa_tnc_attr_manager_t *this; + + INIT(this, + .public = { + .add_vendor = _add_vendor, + .remove_vendor = _remove_vendor, + .get_names = _get_names, + .create = _create, + .destroy = _destroy, + }, + .list = linked_list_create(), + ); + + return &this->public; +} + diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h new file mode 100644 index 0000000000..40c3ab3355 --- /dev/null +++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pa_tnc_attr_manager pa_tnc_attr_manager + * @{ @ingroup libimcv + */ + +#ifndef PA_TNC_ATTR_MANAGER_H_ +#define PA_TNC_ATTR_MANAGER_H_ + +typedef struct pa_tnc_attr_manager_t pa_tnc_attr_manager_t; + +#include "pa_tnc_attr.h" + +#include + +typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(u_int32_t type, chunk_t value); + +/** + * Manages PA-TNC attributes for arbitrary PENs + */ +struct pa_tnc_attr_manager_t { + + /** + * Add vendor-specific attribute names and creation method + * + * @param vendor_id Private Enterprise Number (PEN) + * @param attr_create Vendor-specific attribute create method + * @param attr_names Vendor-specific attribute names + */ + void (*add_vendor)(pa_tnc_attr_manager_t *this, pen_t vendor_id, + pa_tnc_attr_create_t attr_create, + enum_name_t *attr_names); + + /** + * Remove vendor-specific attribute names and creation method + * + * @param vendor_id Private Enterprise Number (PEN) + */ + void (*remove_vendor)(pa_tnc_attr_manager_t *this, pen_t vendor_id); + + /* + * Return the PA-TNC attribute names for a given vendor ID + * + * @param vendor_id Private Enterprise Number (PEN) + * @return PA-TNC attribute names if found, NULL else + */ + enum_name_t* (*get_names)(pa_tnc_attr_manager_t *this, pen_t vendor_id); + + /** + * Create a PA-TNC attribute object from data for a given vendor ID and type + * + * @param vendor_id Private Enterprise Number (PEN) + * @param type PA-TNC attribute type + * @param value PA-TNC attribute value as encoded data + * @return PA-TNC attribute object if supported, NULL else + */ + pa_tnc_attr_t* (*create)(pa_tnc_attr_manager_t *this, pen_t vendor_id, + u_int32_t type, chunk_t value); + + /** + * Destroys a pa_tnc_attr_manager_t object. + */ + void (*destroy)(pa_tnc_attr_manager_t *this); +}; + +/** + * Create a PA-TNC attribute manager + */ +pa_tnc_attr_manager_t* pa_tnc_attr_manager_create(void); + +#endif /** PA_TNC_ATTR_MANAGER_H_ @}*/ diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c index 2b29d7403b..f8d3b9d0e8 100644 --- a/src/libimcv/pa_tnc/pa_tnc_msg.c +++ b/src/libimcv/pa_tnc/pa_tnc_msg.c @@ -14,14 +14,9 @@ * for more details. */ +#include "imcv.h" #include "pa_tnc_msg.h" -#include "ietf/ietf_attr.h" #include "ietf/ietf_attr_pa_tnc_error.h" -#include "ita/ita_attr.h" - -#ifdef USE_PTS -#include "tcg/tcg_attr.h" -#endif /* USE_PTS */ #include #include @@ -148,7 +143,8 @@ METHOD(pa_tnc_msg_t, build, void, flags = attr->get_noskip_flag(attr) ? PA_TNC_ATTR_FLAG_NOSKIP : PA_TNC_ATTR_FLAG_NONE; - pa_attr_names = get_pa_attr_names(vendor_id); + pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes, + vendor_id); if (pa_attr_names) { DBG2(DBG_TNC, "creating PA-TNC attribute type '%N/%N' " @@ -226,7 +222,8 @@ METHOD(pa_tnc_msg_t, process, status_t, reader->read_uint32(reader, &type); reader->read_uint32(reader, &length); - pa_attr_names = get_pa_attr_names(vendor_id); + pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes, + vendor_id); if (pa_attr_names) { DBG2(DBG_TNC, "processing PA-TNC attribute type '%N/%N' " @@ -260,7 +257,8 @@ METHOD(pa_tnc_msg_t, process, status_t, } DBG3(DBG_TNC, "%B", &value); - attr = pa_tnc_attr_create_from_data(vendor_id, type, value); + attr = imcv_pa_tnc_attributes->create(imcv_pa_tnc_attributes, + vendor_id, type, value); if (!attr) { if (flags & PA_TNC_ATTR_FLAG_NOSKIP) @@ -369,23 +367,3 @@ pa_tnc_msg_t *pa_tnc_msg_create(void) return pa_tnc_msg_create_from_data(chunk_empty); } -/** - * See header - */ -enum_name_t* get_pa_attr_names(pen_t pen) -{ - switch (pen) - { - case PEN_IETF: - return ietf_attr_names; -#ifdef USE_PTS - case PEN_TCG: - return tcg_attr_names; -#endif /* USE_PTS */ - case PEN_ITA: - return ita_attr_names; - default: - return NULL; - } -} - diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c index 3b23cacb0d..3c26f9b5ce 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c @@ -21,6 +21,8 @@ #include #include +#include + #include #include @@ -69,12 +71,19 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name); return TNC_RESULT_ALREADY_INITIALIZED; } + if (!pts_meas_probe_algorithms(&supported_algorithms)) + { + return TNC_RESULT_FATAL; + } imc_attestation = imc_agent_create(imc_name, IMC_VENDOR_ID, IMC_SUBTYPE, - imc_id, actual_version); - if (!imc_attestation || !pts_meas_probe_algorithms(&supported_algorithms)) + imc_id, actual_version); + if (!imc_attestation) { return TNC_RESULT_FATAL; } + + libpts_init(); + if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) { DBG1(DBG_IMC, "no common IF-IMC version"); @@ -474,6 +483,9 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); return TNC_RESULT_NOT_INITIALIZED; } + + libpts_deinit(); + imc_attestation->destroy(imc_attestation); imc_attestation = NULL; diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c index 096ee5aab2..6443ad9045 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation.c @@ -21,6 +21,8 @@ #include #include +#include + #include #include #include @@ -89,12 +91,19 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id, DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name); return TNC_RESULT_ALREADY_INITIALIZED; } + if (!pts_meas_probe_algorithms(&supported_algorithms)) + { + return TNC_RESULT_FATAL; + } imv_attestation = imv_agent_create(imv_name, IMV_VENDOR_ID, IMV_SUBTYPE, - imv_id, actual_version); - if (!imv_attestation || !pts_meas_probe_algorithms(&supported_algorithms)) + imv_id, actual_version); + if (!imv_attestation) { return TNC_RESULT_FATAL; } + + libpts_init(); + if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1) { DBG1(DBG_IMV, "no common IF-IMV version"); @@ -662,6 +671,9 @@ TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id) } DESTROY_IF(pts_db); DESTROY_IF(pts_credmgr); + + libpts_deinit(); + imv_attestation->destroy(imv_attestation); imv_attestation = NULL; diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am index fde1790c60..ee729c2879 100644 --- a/src/libpts/Makefile.am +++ b/src/libpts/Makefile.am @@ -6,6 +6,7 @@ ipseclib_LTLIBRARIES = libpts.la libpts_la_LIBADD = -ltspi libpts_la_SOURCES = \ + libpts.h libpts.c \ pts/pts.h pts/pts.c \ pts/pts_error.h pts/pts_error.c \ pts/pts_proto_caps.h pts/pts_funct_comp_name.h pts/pts_file_type.h \ diff --git a/src/libpts/libpts.c b/src/libpts/libpts.c new file mode 100644 index 0000000000..bd4c3a411b --- /dev/null +++ b/src/libpts/libpts.c @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "libpts.h" +#include "tcg/tcg_attr.h" + +#include + +#include + +/** + * Reference count for IMC/IMV instances + */ +static refcount_t libpts_ref = 0; + +/** + * Described in header. + */ +bool libpts_init(void) +{ + if (libpts_ref == 0) + { + if (!imcv_pa_tnc_attributes) + { + return FALSE; + } + imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG, + tcg_attr_create_from_data, tcg_attr_names); + DBG1(DBG_LIB, "libpts initialized"); + } + ref_get(&libpts_ref); + + return TRUE; +} + +/** + * Described in header. + */ +void libpts_deinit(void) +{ + if (ref_put(&libpts_ref)) + { + if (!imcv_pa_tnc_attributes) + { + return; + } + imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG); + DBG1(DBG_LIB, "libpts terminated"); + } +} + diff --git a/src/libpts/libpts.h b/src/libpts/libpts.h new file mode 100644 index 0000000000..4c771d2361 --- /dev/null +++ b/src/libpts/libpts.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup libpts libpts + * + * @defgroup iplugins plugins + * @ingroup libpts + * + * @addtogroup libpts + * @{ + */ + +#ifndef LIBPTS_H_ +#define LIBPTS_H_ + +#include + +/** + * Initialize libpts. + * + * @return FALSE if initialization failed + */ +bool libpts_init(void); + +/** + * Deinitialize libpts. + */ +void libpts_deinit(void); + +#endif /** LIBPTS_H_ @}*/ diff --git a/src/libpts/tcg/tcg_attr.c b/src/libpts/tcg/tcg_attr.c index 1ff3b8b3ff..51acb6792b 100644 --- a/src/libpts/tcg/tcg_attr.c +++ b/src/libpts/tcg/tcg_attr.c @@ -13,6 +13,18 @@ */ #include "tcg_attr.h" +#include "tcg/tcg_pts_attr_proto_caps.h" +#include "tcg/tcg_pts_attr_meas_algo.h" +#include "tcg/tcg_pts_attr_get_tpm_version_info.h" +#include "tcg/tcg_pts_attr_tpm_version_info.h" +#include "tcg/tcg_pts_attr_get_aik.h" +#include "tcg/tcg_pts_attr_aik.h" +#include "tcg/tcg_pts_attr_req_funct_comp_evid.h" +#include "tcg/tcg_pts_attr_gen_attest_evid.h" +#include "tcg/tcg_pts_attr_simple_comp_evid.h" +#include "tcg/tcg_pts_attr_simple_evid_final.h" +#include "tcg/tcg_pts_attr_req_file_meas.h" +#include "tcg/tcg_pts_attr_file_meas.h" ENUM_BEGIN(tcg_attr_names, TCG_PTS_REQ_FUNCT_COMP_EVID, TCG_PTS_REQ_FUNCT_COMP_EVID, @@ -130,3 +142,58 @@ ENUM_NEXT(tcg_attr_names, TCG_PTS_AIK, TCG_PTS_GET_AIK, "Attestation Identity Key"); ENUM_END(tcg_attr_names, TCG_PTS_AIK); + +/** + * See header + */ +pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, chunk_t value) +{ + switch (type) + { + case TCG_PTS_REQ_PROTO_CAPS: + return tcg_pts_attr_proto_caps_create_from_data(value, TRUE); + case TCG_PTS_PROTO_CAPS: + return tcg_pts_attr_proto_caps_create_from_data(value, FALSE); + case TCG_PTS_MEAS_ALGO: + return tcg_pts_attr_meas_algo_create_from_data(value, FALSE); + case TCG_PTS_MEAS_ALGO_SELECTION: + return tcg_pts_attr_meas_algo_create_from_data(value, TRUE); + case TCG_PTS_GET_TPM_VERSION_INFO: + return tcg_pts_attr_get_tpm_version_info_create_from_data(value); + case TCG_PTS_TPM_VERSION_INFO: + return tcg_pts_attr_tpm_version_info_create_from_data(value); + case TCG_PTS_GET_AIK: + return tcg_pts_attr_get_aik_create_from_data(value); + case TCG_PTS_AIK: + return tcg_pts_attr_aik_create_from_data(value); + case TCG_PTS_REQ_FUNCT_COMP_EVID: + return tcg_pts_attr_req_funct_comp_evid_create_from_data(value); + case TCG_PTS_GEN_ATTEST_EVID: + return tcg_pts_attr_gen_attest_evid_create_from_data(value); + case TCG_PTS_SIMPLE_COMP_EVID: + return tcg_pts_attr_simple_comp_evid_create_from_data(value); + case TCG_PTS_SIMPLE_EVID_FINAL: + return tcg_pts_attr_simple_evid_final_create_from_data(value); + case TCG_PTS_REQ_FILE_MEAS: + return tcg_pts_attr_req_file_meas_create_from_data(value); + case TCG_PTS_FILE_MEAS: + return tcg_pts_attr_file_meas_create_from_data(value); + case TCG_PTS_DH_NONCE_PARAMS_REQ: + case TCG_PTS_DH_NONCE_PARAMS_RESP: + case TCG_PTS_DH_NONCE_FINISH: + case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META: + case TCG_PTS_TEMPL_REF_MANI_SET_META: + case TCG_PTS_UPDATE_TEMPL_REF_MANI: + case TCG_PTS_VERIFICATION_RESULT: + case TCG_PTS_INTEG_REPORT: + case TCG_PTS_REQ_FILE_META: + case TCG_PTS_WIN_FILE_META: + case TCG_PTS_UNIX_FILE_META: + case TCG_PTS_REQ_REGISTRY_VALUE: + case TCG_PTS_REGISTRY_VALUE: + case TCG_PTS_REQ_INTEG_MEAS_LOG: + case TCG_PTS_INTEG_MEAS_LOG: + default: + return NULL; + } +} diff --git a/src/libpts/tcg/tcg_attr.h b/src/libpts/tcg/tcg_attr.h index d90227d2e8..71ecc1e0ab 100644 --- a/src/libpts/tcg/tcg_attr.h +++ b/src/libpts/tcg/tcg_attr.h @@ -21,6 +21,7 @@ #ifndef TCG_ATTR_H_ #define TCG_ATTR_H_ +#include #include typedef enum tcg_attr_t tcg_attr_t; @@ -69,4 +70,12 @@ enum tcg_attr_t { */ extern enum_name_t *tcg_attr_names; +/** + * Create a TCG PA-TNC attribute from data + * + * @param type attribute type + * @param value attribute value + */ +pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, chunk_t value); + #endif /** TCG_ATTR_H_ @}*/ -- 2.47.2