From cee1a863851ad3c6b39ee93ef8787682fcfc73e5 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Wed, 4 Sep 2013 21:00:54 +0200 Subject: [PATCH] Proceed with attestation only if Attestation IMC returns a discovery response --- .../imv_attestation/imv_attestation_agent.c | 5 ++--- .../imv_attestation/imv_attestation_build.c | 17 +++++++++++++++-- .../imv_attestation/imv_attestation_build.h | 4 ++-- .../imv_attestation/imv_attestation_state.h | 1 + 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c index 9da9ae0b0c..2c5df2df22 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c @@ -440,9 +440,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, } /* check the IMV state for the next PA-TNC attributes to send */ - if (!imv_attestation_build(out_msg, attestation_state, - this->supported_algorithms, - this->supported_dh_groups, this->pts_db)) + if (!imv_attestation_build(out_msg, state, this->supported_algorithms, + this->supported_dh_groups, this->pts_db)) { state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.c b/src/libpts/plugins/imv_attestation/imv_attestation_build.c index 2d3ff83605..1fbde2c6dc 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_build.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.c @@ -28,18 +28,29 @@ #include bool imv_attestation_build(imv_msg_t *out_msg, - imv_attestation_state_t *attestation_state, + imv_state_t *state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups, pts_database_t *pts_db) { + imv_attestation_state_t *attestation_state; imv_attestation_handshake_state_t handshake_state; pts_t *pts; pa_tnc_attr_t *attr = NULL; + attestation_state = (imv_attestation_state_t*)state; handshake_state = attestation_state->get_handshake_state(attestation_state); pts = attestation_state->get_pts(attestation_state); + /** + * Received a response form the Attestation IMC so we can proceeed + */ + if (handshake_state == IMV_ATTESTATION_STATE_DISCOVERY && + (state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO)) + { + handshake_state = IMV_ATTESTATION_STATE_NONCE_REQ; + } + /** * Skip DH Nonce Parameters Request attribute when * DH Nonce Exchange is not selected by PTS-IMC side @@ -80,9 +91,11 @@ bool imv_attestation_build(imv_msg_t *out_msg, out_msg->add_attribute(out_msg, attr); attestation_state->set_handshake_state(attestation_state, - IMV_ATTESTATION_STATE_NONCE_REQ); + IMV_ATTESTATION_STATE_DISCOVERY); break; } + case IMV_ATTESTATION_STATE_DISCOVERY: + break; case IMV_ATTESTATION_STATE_NONCE_REQ: { int min_nonce_len; diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.h b/src/libpts/plugins/imv_attestation/imv_attestation_build.h index 108f6f9238..4b7c9ff3d0 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_build.h +++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.h @@ -34,14 +34,14 @@ * Process a TCG PTS attribute * * @param out_msg outbound PA-TNC message to be built - * @param attestation_state attestation state of a given connection + * @param _state state of a given connection * @param supported_algorithms supported PTS measurement algorithms * @param supported_dh_groups supported DH groups * @param pts_db PTS configuration database * @return TRUE if successful */ bool imv_attestation_build(imv_msg_t *out_msg, - imv_attestation_state_t *attestation_state, + imv_state_t *state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups, pts_database_t *pts_db); diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libpts/plugins/imv_attestation/imv_attestation_state.h index f3edd5fa11..27d1ae8db5 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h +++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.h @@ -50,6 +50,7 @@ enum imv_attestation_flag_t { */ enum imv_attestation_handshake_state_t { IMV_ATTESTATION_STATE_INIT, + IMV_ATTESTATION_STATE_DISCOVERY, IMV_ATTESTATION_STATE_NONCE_REQ, IMV_ATTESTATION_STATE_TPM_INIT, IMV_ATTESTATION_STATE_COMP_EVID, -- 2.47.2