Started implementing handling of DH Nonce attributes

author Sansar Choinyambuu <schoinya@hsr.ch>

Wed, 21 Sep 2011 14:32:25 +0000 (16:32 +0200)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Mon, 28 Nov 2011 14:48:38 +0000 (15:48 +0100)
author Sansar Choinyambuu <schoinya@hsr.ch>
Wed, 21 Sep 2011 14:32:25 +0000 (16:32 +0200)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 14:48:38 +0000 (15:48 +0100)
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c

index 46e4b73844950cd23a5de83474e913c100735479..99fbdc1cf80a9927ca79ed01b70195d42a049b87 100644 (file)
--- a/src/libimcv/plugins/imc_attestation/imc_attestation.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c
@@ -62,6 +62,11 @@ static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
   */
  static linked_list_t *evidences = NULL;
  
+/**
+ * Supported PTS Diffie Hellman Groups
+ */
+static pts_dh_group_t supported_dh_groups = 0;
+
  /**
   * see section 3.7.1 of TCG TNC IF-IMC Specification 1.2
   */
@@ -80,6 +85,10 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
         {
                 return TNC_RESULT_FATAL;
         }
+       if (!pts_probe_dh_groups(&supported_dh_groups))
+       {
+               return TNC_RESULT_FATAL;
+       }
         imc_attestation = imc_agent_create(imc_name, IMC_VENDOR_ID, IMC_SUBTYPE,
                                                                            imc_id, actual_version);
         if (!imc_attestation)
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c

index 10ee35ef0e0cbeed722a8c2197c4c87f4254e99d..87832a730bd6bfdef69564651155619ddade6a47 100644 (file)
--- a/src/libimcv/plugins/imv_attestation/imv_attestation.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation.c
@@ -57,6 +57,11 @@ static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
   */
  static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
  
+/**
+ * Supported PTS Diffie Hellman Groups
+ */
+static pts_dh_group_t supported_dh_groups = 0;
+
  /**
   * PTS file measurement database
   */
@@ -92,6 +97,10 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
         {
                 return TNC_RESULT_FATAL;
         }
+       if (!pts_probe_dh_groups(&supported_dh_groups))
+       {
+               return TNC_RESULT_FATAL;
+       }
         imv_attestation = imv_agent_create(imv_name, IMV_VENDOR_ID, IMV_SUBTYPE,
                                                                            imv_id, actual_version);
         if (!imv_attestation)
@@ -118,6 +127,24 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
                 return TNC_RESULT_FATAL;
         }
  
+       /**
+        * Specify supported PTS Diffie Hellman Groups
+        *
+        * ike2: PTS_DH_GROUP_IKE2
+        * ike5: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5
+        * ike14: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14
+        * ike19: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE19
+        * ike20: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE19 | PTS_DH_GROUP_IKE20
+        *
+        * we expect the PTS-IMC to select the strongest supported group
+        */
+       dh_group = lib->settings->get_str(lib->settings,
+                               "libimcv.plugins.imv-attestation.dh_group", "ike19");
+       if (!pts_update_supported_dh_groups(dh_group, &supported_dh_groups))
+       {
+               return TNC_RESULT_FATAL;
+       }
+
         /* create a PTS credential manager */
         pts_credmgr = credential_manager_create();
  
diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am

index bf0cbf920df305e6fc3c0dbad7a6b51de44f4af6..4f8d483f4113917aadd86636f0416de6fd3c262d 100644 (file)
--- a/src/libpts/Makefile.am
+++ b/src/libpts/Makefile.am
@@ -17,6 +17,7 @@ libpts_la_SOURCES = \
         pts/pts_file_meta.h pts/pts_file_meta.c \
         pts/pts_file_type.h pts/pts_file_type.c \
         pts/pts_meas_algo.h pts/pts_meas_algo.c \
+       pts/pts_dh_group.h pts/pts_dh_group.c \
         tcg/tcg_attr.h tcg/tcg_attr.c \
         tcg/tcg_pts_attr_proto_caps.h tcg/tcg_pts_attr_proto_caps.c \
         tcg/tcg_pts_attr_dh_nonce_params_req.h tcg/tcg_pts_attr_dh_nonce_params_req.c \
diff --git a/src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.h b/src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.h

index 1700771564f6c6d3290e3369ae5ebe9e41db89cb..bc9cb3fd999af305db9bc1c784fdf1a01974ba66 100644 (file)
--- a/src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.h
+++ b/src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.h
@@ -21,8 +21,7 @@
  #ifndef TCG_PTS_ATTR_DH_NONCE_PARAMS_REQ_H_
  #define TCG_PTS_ATTR_DH_NONCE_PARAMS_REQ_H_
  
-typedef struct tcg_pts_attr_dh_nonce_params_req_t
-                                       tcg_pts_attr_dh_nonce_params_req_t;
+typedef struct tcg_pts_attr_dh_nonce_params_req_t tcg_pts_attr_dh_nonce_params_req_t;
  
  #include "tcg_attr.h"
  #include "pa_tnc/pa_tnc_attr.h"
author	Sansar Choinyambuu <schoinya@hsr.ch>
	Wed, 21 Sep 2011 14:32:25 +0000 (16:32 +0200)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Mon, 28 Nov 2011 14:48:38 +0000 (15:48 +0100)
src/libimcv/plugins/imc_attestation/imc_attestation.c		patch \| blob \| blame \| history
src/libimcv/plugins/imv_attestation/imv_attestation.c		patch \| blob \| blame \| history
src/libpts/Makefile.am		patch \| blob \| blame \| history
src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.h		patch \| blob \| blame \| history