ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Changes due to new implementation of Request Functional Component Evidence attribute

This commit is contained in:
Sansar Choinyambuu 2011-11-16 16:44:42 +01:00 committed by Andreas Steffen
parent 42b08a4d05
commit 72e7504919
8 changed files with 347 additions and 426 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

319
src/libimcv/plugins/imc_attestation/imc_attestation_process.c
View File

@ -352,56 +352,6 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
attr_list->insert_last(attr_list, attr);
break;
}
case TCG_PTS_REQ_FILE_META:
{
tcg_pts_attr_req_file_meta_t *attr_cast;
char *pathname;
bool is_directory;
u_int8_t delimiter;
pts_file_meta_t *metadata;
attr_info = attr->get_value(attr);
attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
is_directory = attr_cast->get_directory_flag(attr_cast);
delimiter = attr_cast->get_delimiter(attr_cast);
pathname = attr_cast->get_pathname(attr_cast);
valid_path = pts->is_path_valid(pts, pathname, &pts_error);
if (valid_path && pts_error)
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
pts_error, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
else if (!valid_path)
{
break;
}
if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_INVALID_DELIMITER, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
/* Get File Metadata and send them to PTS-IMV */
DBG2(DBG_IMC, "metadata request for %s '%s'",
is_directory ? "directory" : "file",
pathname);
metadata = pts->get_metadata(pts, pathname, is_directory);
if (!metadata)
{
/* TODO handle error codes from measurements */
return FALSE;
}
attr = tcg_pts_attr_unix_file_meta_create(metadata);
attr->set_noskip_flag(attr, TRUE);
attr_list->insert_last(attr_list, attr);
break;
}
case TCG_PTS_REQ_FILE_MEAS:
{
tcg_pts_attr_req_file_meas_t *attr_cast;
@ -455,133 +405,196 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
attr_list->insert_last(attr_list, attr);
break;
}
case TCG_PTS_REQ_FILE_META:
{
tcg_pts_attr_req_file_meta_t *attr_cast;
char *pathname;
bool is_directory;
u_int8_t delimiter;
pts_file_meta_t *metadata;
attr_info = attr->get_value(attr);
attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
is_directory = attr_cast->get_directory_flag(attr_cast);
delimiter = attr_cast->get_delimiter(attr_cast);
pathname = attr_cast->get_pathname(attr_cast);
valid_path = pts->is_path_valid(pts, pathname, &pts_error);
if (valid_path && pts_error)
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
pts_error, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
else if (!valid_path)
{
break;
}
if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_INVALID_DELIMITER, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
/* Get File Metadata and send them to PTS-IMV */
DBG2(DBG_IMC, "metadata request for %s '%s'",
is_directory ? "directory" : "file",
pathname);
metadata = pts->get_metadata(pts, pathname, is_directory);
if (!metadata)
{
/* TODO handle error codes from measurements */
return FALSE;
}
attr = tcg_pts_attr_unix_file_meta_create(metadata);
attr->set_noskip_flag(attr, TRUE);
attr_list->insert_last(attr_list, attr);
break;
}
case TCG_PTS_REQ_FUNCT_COMP_EVID:
{
tcg_pts_attr_req_funct_comp_evid_t *attr_cast;
pts_proto_caps_flag_t negotiated_caps;
enumerator_t *e;
pts_funct_comp_evid_req_t *requests;
funct_comp_evid_req_entry_t *entry;
u_int32_t requests_count;
pts_attr_req_funct_comp_evid_flag_t flags;
u_int32_t sub_comp_depth;
u_int32_t comp_name_vendor_id;
u_int32_t sub_comp_depth, comp_name_vendor_id;
u_int8_t family;
pts_qualifier_t qualifier;
pts_ita_funct_comp_name_t name;
attr_info = attr->get_value(attr);
attr_cast = (tcg_pts_attr_req_funct_comp_evid_t*)attr;
negotiated_caps = pts->get_proto_caps(pts);
flags = attr_cast->get_flags(attr_cast);
requests = attr_cast->get_requests(attr_cast);
requests_count = requests->get_req_count(requests);
if (flags & PTS_REQ_FUNC_COMP_FLAG_TTC)
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_UNABLE_DET_TTC, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
if (flags & PTS_REQ_FUNC_COMP_FLAG_VER &&
!(negotiated_caps & PTS_PROTO_CAPS_V))
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_UNABLE_LOCAL_VAL, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
if (flags & PTS_REQ_FUNC_COMP_FLAG_CURR &&
!(negotiated_caps & PTS_PROTO_CAPS_C))
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_UNABLE_CUR_EVID, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
if (flags & PTS_REQ_FUNC_COMP_FLAG_PCR &&
!(negotiated_caps & PTS_PROTO_CAPS_T))
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_UNABLE_DET_PCR, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
DBG1(DBG_IMC, "IMV requests evidence%s for: %d functional components",
(requests_count == 1) ? "":"s", requests_count);
sub_comp_depth = attr_cast->get_sub_component_depth(attr_cast);
if (sub_comp_depth != 0)
e = requests->create_enumerator(requests);
while (e->enumerate(e, &entry))
{
DBG1(DBG_IMC, "current version of Attestation IMC does not "
"support sub component measurement deeper than "
"zero. Measuring top level component only.");
return FALSE;
}
flags = entry->flags;
sub_comp_depth = entry->sub_comp_depth;
comp_name_vendor_id = entry->vendor_id;
family = entry->family;
qualifier = entry->qualifier;
name = entry->name;
negotiated_caps = pts->get_proto_caps(pts);
comp_name_vendor_id = attr_cast->get_comp_funct_name_vendor_id(
attr_cast);
if (comp_name_vendor_id != PEN_ITA)
{
DBG1(DBG_IMC, "current version of Attestation IMC supports"
"only functional component namings by ITA");
return FALSE;
}
DBG1(DBG_IMC, "Requested Evidence flags: %d, depth: %d,"
" vendor_id: %d, family: %d, qualifier %d, name: %d",
flags, sub_comp_depth, comp_name_vendor_id, family,
qualifier, name);
family = attr_cast->get_family(attr_cast);
if (family)
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_INVALID_NAME_FAM, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
if (flags & PTS_REQ_FUNC_COMP_FLAG_TTC)
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_UNABLE_DET_TTC, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
if (flags & PTS_REQ_FUNC_COMP_FLAG_VER &&
!(negotiated_caps & PTS_PROTO_CAPS_V))
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_UNABLE_LOCAL_VAL, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
if (flags & PTS_REQ_FUNC_COMP_FLAG_CURR &&
!(negotiated_caps & PTS_PROTO_CAPS_C))
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_UNABLE_CUR_EVID, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
if (flags & PTS_REQ_FUNC_COMP_FLAG_PCR &&
!(negotiated_caps & PTS_PROTO_CAPS_T))
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_UNABLE_DET_PCR, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
if (sub_comp_depth != 0)
{
DBG1(DBG_IMC, "current version of Attestation IMC does not "
"support sub component measurement deeper than "
"zero. Measuring top level component only.");
return FALSE;
}
if (comp_name_vendor_id != PEN_ITA)
{
DBG1(DBG_IMC, "current version of Attestation IMC supports"
"only functional component namings by ITA");
return FALSE;
}
if (family)
{
attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
TCG_PTS_INVALID_NAME_FAM, attr_info);
attr_list->insert_last(attr_list, attr);
break;
}
qualifier = attr_cast->get_qualifier(attr_cast);
/* Check if Unknown or Wildcard was set for qualifier */
if (qualifier.kernel && qualifier.sub_component &&
(qualifier.type & PTS_ITA_FUNC_COMP_TYPE_ALL))
{
DBG2(DBG_IMC, "wildcard was set for the qualifier of functional"
" component. Identifying the component with "
"name binary enumeration");
}
else if (!qualifier.kernel && !qualifier.sub_component &&
/* Check if Unknown or Wildcard was set for qualifier */
if (qualifier.kernel && qualifier.sub_component &&
(qualifier.type & PTS_ITA_FUNC_COMP_TYPE_ALL))
{
DBG2(DBG_IMC, "wildcard was set for the qualifier of functional"
" component. Identifying the component with "
"name binary enumeration");
}
else if (!qualifier.kernel && !qualifier.sub_component &&
(qualifier.type & PTS_ITA_FUNC_COMP_TYPE_UNKNOWN))
{
DBG2(DBG_IMC, "unknown was set for the qualifier of functional"
" component. Identifying the component with "
"name binary enumeration");
}
else if (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_TRUSTED)
{
tcg_pts_attr_simple_comp_evid_params_t params;
/* Set parameters of Simple Component Evidence */
name = attr_cast->get_comp_funct_name(attr_cast);
if (!set_simple_comp_evid_params(name, &params))
{
DBG1(DBG_IMC, "error occured while setting parameters"
"for Simple Component Evidence");
return FALSE;
DBG2(DBG_IMC, "unknown was set for the qualifier of functional"
" component. Identifying the component with "
"name binary enumeration");
}
else if (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_TRUSTED)
{
tcg_pts_attr_simple_comp_evid_params_t params;
/* Get PCR after value from log when TBOOT is measuring entity */
if (!(name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY ||
/* Set parameters of Simple Component Evidence */
if (!set_simple_comp_evid_params(name, &params))
{
DBG1(DBG_IMC, "error occured while setting parameters"
"for Simple Component Evidence");
return FALSE;
}
/* Get PCR after value from log when TBOOT is measuring entity */
if (!(name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY ||
name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE) &&
!pts->read_pcr(pts, params.extended_pcr, &params.pcr_after))
{
DBG1(DBG_IMC, "error occured while reading PCR: %d",
params.extended_pcr);
return FALSE;
!pts->read_pcr(pts, params.extended_pcr, &params.pcr_after))
{
DBG1(DBG_IMC, "error occured while reading PCR: %d",
params.extended_pcr);
return FALSE;
}
/* Buffer Simple Component Evidence attribute */
attr = tcg_pts_attr_simple_comp_evid_create(params);
evidences->insert_last(evidences, attr);
break;
}
else
{
DBG1(DBG_IMC, "Functional Component with unsupported type: %d"
"was requested for evidence", qualifier.type);
break;
}
/* Buffer Simple Component Evidence attribute */
attr = tcg_pts_attr_simple_comp_evid_create(params);
evidences->insert_last(evidences, attr);
break;
}
else
{
DBG1(DBG_IMC, "Functional Component with unsupported type: %d"
"was requested for evidence", qualifier.type);
break;
}
e->destroy(e);
break;
}
case TCG_PTS_GEN_ATTEST_EVID:

51
src/libimcv/plugins/imv_attestation/imv_attestation_build.c
View File

@ -207,22 +207,15 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
}
case IMV_ATTESTATION_STATE_COMP_EVID:
{
pts_attr_req_funct_comp_evid_flag_t flags;
u_int32_t sub_comp_depth;
pts_qualifier_t qualifier;
pts_ita_funct_comp_name_t name;
enumerator_t *enumerator;
char *platform_info, *pathname;
pts_funct_comp_evid_req_t *requests = NULL;
funct_comp_evid_req_entry_t *entry;
bool first_req = TRUE;
attestation_state->set_handshake_state(attestation_state,
IMV_ATTESTATION_STATE_END);
flags = PTS_REQ_FUNC_COMP_FLAG_PCR;
sub_comp_depth = 0;
qualifier.kernel = FALSE;
qualifier.sub_component = FALSE;
qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED;
/* Get Platform and OS of the PTS-IMC */
platform_info = pts->get_platform_info(pts);
if (!pts_db || !platform_info)
@ -244,13 +237,23 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
}
while (enumerator->enumerate(enumerator, &pathname))
{
entry = malloc_thing(funct_comp_evid_req_entry_t);
entry->flags = PTS_REQ_FUNC_COMP_FLAG_PCR;
entry->sub_comp_depth = 0;
entry->vendor_id = PEN_ITA;
entry->family = PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM;
entry->qualifier.kernel = FALSE;
entry->qualifier.sub_component = FALSE;
entry->qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED;
if (strcmp(pathname, TBOOT_POLICY_STR) == 0)
{
name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY;
entry->name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY;
}
else if (strcmp(pathname, TBOOT_MLE_STR) == 0)
{
name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE;
entry->name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE;
}
else
{
@ -260,17 +263,23 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
return FALSE;
}
/* Send Request Functional Component Evidence attribute */
attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
sub_comp_depth, PEN_ITA, qualifier, name);
attr->set_noskip_flag(attr, TRUE);
msg->add_attribute(msg, attr);
attestation_state->add_comp_evid_request( attestation_state,
PEN_ITA, qualifier, name);
if (first_req)
{
/* Create a requests object */
requests = pts_funct_comp_evid_req_create();
first_req = FALSE;
}
requests->add(requests, entry);
attestation_state->add_comp_evid_request(attestation_state, entry);
}
enumerator->destroy(enumerator);
/* Send Request Functional Component Evidence attribute */
attr = tcg_pts_attr_req_funct_comp_evid_create(requests);
attr->set_noskip_flag(attr, TRUE);
msg->add_attribute(msg, attr);
/* Send Generate Attestation Evidence attribute */
attr = tcg_pts_attr_gen_attest_evid_create();
attr->set_noskip_flag(attr, TRUE);

9
src/libimcv/plugins/imv_attestation/imv_attestation_state.c
View File

@ -271,15 +271,14 @@ METHOD(imv_attestation_state_t, get_file_meas_request_count, int,
}
METHOD(imv_attestation_state_t, add_comp_evid_request, void,
private_imv_attestation_state_t *this, u_int32_t vendor_id,
pts_qualifier_t qualifier, pts_ita_funct_comp_name_t comp_name)
private_imv_attestation_state_t *this, funct_comp_evid_req_entry_t *entry)
{
comp_evid_request_t *request;
request = malloc_thing(comp_evid_request_t);
request->vendor_id = vendor_id;
request->qualifier = qualifier;
request->name = comp_name;
request->vendor_id = entry->vendor_id;
request->qualifier = entry->qualifier;
request->name = entry->name;
this->comp_evid_requests->insert_last(this->comp_evid_requests, request);
}

7
src/libimcv/plugins/imv_attestation/imv_attestation_state.h
View File

@ -105,13 +105,10 @@ struct imv_attestation_state_t {
/**
* Add an entry to the list of pending Function Component Evidences
*
* @param vendor_id Functional Component Name Vendor ID
* @param qualifier Qualifier of the requested Functional Component
* @param comp_name Name of the requested Functional Component
* @param entry Functional Component Evidence Request
*/
void (*add_comp_evid_request)(imv_attestation_state_t *this,
u_int32_t vendor_id, pts_qualifier_t qualifier,
pts_ita_funct_comp_name_t comp_name);
funct_comp_evid_req_entry_t *entry);
/**
* Returns the number of pending Function Component Evidences

1
src/libpts/pts/pts.h
View File

@ -31,6 +31,7 @@ typedef struct pcr_entry_t pcr_entry_t;
#include "pts_file_meta.h"
#include "pts_dh_group.h"
#include "pts_funct_comp_name.h"
#include "pts_funct_comp_evid_req.h"
#include <library.h>
#include <utils/linked_list.h>

10
src/libpts/pts/pts_funct_comp_name.h
View File

@ -26,6 +26,7 @@ typedef enum pts_funct_comp_name_t pts_funct_comp_name_t;
typedef enum pts_ita_funct_comp_type_t pts_ita_funct_comp_type_t;
typedef enum pts_ita_funct_comp_name_t pts_ita_funct_comp_name_t;
typedef struct pts_qualifier_t pts_qualifier_t;
typedef struct pts_comp_funct_name_t pts_comp_funct_name_t;
/**
* PTS Component Functional Type for Qualifier field
@ -115,4 +116,13 @@ struct pts_qualifier_t {
pts_ita_funct_comp_type_t type;
};
/**
* Component Functional Name
*/
struct pts_comp_funct_name_t {
u_int32_t vendor_id;
u_int8_t family_qualifier;
u_int32_t name;
};
#endif /** PTS_FUNCT_COMP_NAME_H_ @}*/

282
src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c
View File

@ -30,11 +30,20 @@ typedef struct private_tcg_pts_attr_req_funct_comp_evid_t private_tcg_pts_attr_r
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
*
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Flags | Sub-component Depth |
* | Flags | Sub-component Depth (for Component #1) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Component Functional Name |
* | Component Functional Name #1 |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Component Functional Name #1 |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | ........ |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Flags | Sub-component Depth (for Component #N) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Component Functional Name #N |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Component Functional Name #N |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*
*/
/**
@ -63,7 +72,6 @@ typedef struct private_tcg_pts_attr_req_funct_comp_evid_t private_tcg_pts_attr_r
*/
#define PTS_REQ_FUNCT_COMP_EVID_SIZE 12
#define PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM 0x00
/**
* Private data of an tcg_pts_attr_req_funct_comp_evid_t object.
@ -94,36 +102,11 @@ struct private_tcg_pts_attr_req_funct_comp_evid_t {
* Noskip flag
*/
bool noskip_flag;
/**
* Set of flags for Request Functional Component
*/
pts_attr_req_funct_comp_evid_flag_t flags;
/**
* Sub-component Depth
* PTS Functional Component Evidence Requests
*/
u_int32_t depth;
/**
* Component Functional Name Vendor ID
*/
u_int32_t comp_vendor_id;
/**
* Functional Name Encoding Family
*/
u_int8_t family;
/**
* Functional Name Category Qualifier
*/
pts_qualifier_t qualifier;
/**
* Component Functional Name
*/
pts_ita_funct_comp_name_t name;
pts_funct_comp_evid_req_t *requests;
};
METHOD(pa_tnc_attr_t, get_vendor_id, pen_t,
@ -160,31 +143,38 @@ METHOD(pa_tnc_attr_t, build, void,
private_tcg_pts_attr_req_funct_comp_evid_t *this)
{
bio_writer_t *writer;
enumerator_t *enumerator;
u_int8_t qualifier = 0;
funct_comp_evid_req_entry_t *entry;
writer = bio_writer_create(PTS_REQ_FUNCT_COMP_EVID_SIZE);
writer->write_uint8(writer, this->flags);
writer->write_uint24 (writer, this->depth);
writer->write_uint24 (writer, this->comp_vendor_id);
if (this->family != PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM)
enumerator = this->requests->create_enumerator(this->requests);
while (enumerator->enumerate(enumerator, &entry))
{
DBG1(DBG_TNC, "Functional Name Encoding Family is not set to 00");
writer->write_uint8(writer, entry->flags);
writer->write_uint24 (writer, entry->sub_comp_depth);
writer->write_uint24 (writer, entry->vendor_id);
if (entry->family != PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM)
{
DBG1(DBG_TNC, "Functional Name Encoding Family is not set to 00");
}
qualifier += entry->qualifier.type;
if (entry->qualifier.kernel)
{
qualifier += 16;
}
if (entry->qualifier.sub_component)
{
qualifier += 32;
}
writer->write_uint8 (writer, qualifier);
writer->write_uint32 (writer, entry->name);
}
qualifier += this->qualifier.type;
if (this->qualifier.kernel)
{
qualifier += 16;
}
if (this->qualifier.sub_component)
{
qualifier += 32;
}
writer->write_uint8 (writer, qualifier);
writer->write_uint32 (writer, this->name);
enumerator->destroy(enumerator);
this->value = chunk_clone(writer->get_buf(writer));
writer->destroy(writer);
}
@ -193,8 +183,11 @@ METHOD(pa_tnc_attr_t, process, status_t,
private_tcg_pts_attr_req_funct_comp_evid_t *this, u_int32_t *offset)
{
bio_reader_t *reader;
u_int8_t flags;
u_int8_t fam_and_qualifier;
u_int8_t flags, fam_and_qualifier, family = 0;
status_t status = FAILED;
funct_comp_evid_req_entry_t *entry = NULL;
u_int32_t sub_comp_depth, vendor_id, comp_name;
pts_qualifier_t qualifier;
if (this->value.len < PTS_REQ_FUNCT_COMP_EVID_SIZE)
{
@ -202,108 +195,106 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
reader->read_uint8(reader, &flags);
this->flags = flags;
this->requests = pts_funct_comp_evid_req_create();
reader->read_uint24(reader, &this->depth);
reader->read_uint24(reader, &this->comp_vendor_id);
reader->read_uint8(reader, &fam_and_qualifier);
if (((fam_and_qualifier >> 6) & 1) )
while (reader->remaining(reader))
{
this->family += 1;
}
if (((fam_and_qualifier >> 7) & 1) )
{
this->family += 2;
}
if (!reader->read_uint8(reader, &flags))
{
DBG1(DBG_TNC, "insufficient data for PTS Request Functional"
" Component Evidence Flags");
goto end;
}
if (!reader->read_uint24(reader, &sub_comp_depth))
{
DBG1(DBG_TNC, "insufficient data for PTS Request Functional"
" Component Evidence Sub Component Depth");
goto end;
}
if (!reader->read_uint24(reader, &vendor_id))
{
DBG1(DBG_TNC, "insufficient data for PTS Request Functional"
" Component Evidence Component Name Vendor ID");
goto end;
}
if (!reader->read_uint8(reader, &fam_and_qualifier))
{
DBG1(DBG_TNC, "insufficient data for PTS Request Functional"
" Component Evidence Family and Qualifier");
goto end;
}
if (!reader->read_uint32(reader, &comp_name))
{
DBG1(DBG_TNC, "insufficient data for PTS Request Functional"
" Component Evidence Component Functional Name");
goto end;
}
DBG1(DBG_TNC, "Fam and Qualifier: %d", fam_and_qualifier);
entry = malloc_thing(funct_comp_evid_req_entry_t);
if (((fam_and_qualifier >> 6) & 1) )
{
family += 1;
}
if (((fam_and_qualifier >> 7) & 1) )
{
family += 2;
}
if (((fam_and_qualifier >> 5) & 1) )
{
this->qualifier.kernel = true;
if (((fam_and_qualifier >> 5) & 1) )
{
qualifier.kernel = TRUE;
}
if (((fam_and_qualifier >> 4) & 1) )
{
qualifier.sub_component = TRUE;
}
qualifier.type = (fam_and_qualifier & 0xFF);
entry->flags = flags;
entry->sub_comp_depth = sub_comp_depth;
entry->vendor_id = vendor_id;
entry->family = family;
entry->qualifier = qualifier;
entry->name = comp_name;
this->requests->add(this->requests, entry);
}
if (((fam_and_qualifier >> 4) & 1) )
{
this->qualifier.sub_component = true;
}
this->qualifier.type = ( fam_and_qualifier & 0xF );
reader->read_uint32(reader, &this->name);
status = SUCCESS;
end:
if (entry)
{
free(entry);
}
reader->destroy(reader);
return SUCCESS;
return status;
}
METHOD(pa_tnc_attr_t, destroy, void,
private_tcg_pts_attr_req_funct_comp_evid_t *this)
{
this->requests->destroy(this->requests);
free(this->value.ptr);
free(this);
}
METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_flags, pts_attr_req_funct_comp_evid_flag_t,
private_tcg_pts_attr_req_funct_comp_evid_t *this)
METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_requests,
pts_funct_comp_evid_req_t*,
private_tcg_pts_attr_req_funct_comp_evid_t *this)
{
return this->flags;
}
METHOD(tcg_pts_attr_req_funct_comp_evid_t, set_flags, void,
private_tcg_pts_attr_req_funct_comp_evid_t *this, pts_attr_req_funct_comp_evid_flag_t flags)
{
this->flags = flags;
}
METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_sub_component_depth, u_int32_t,
private_tcg_pts_attr_req_funct_comp_evid_t *this)
{
return this->depth;
}
METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_comp_funct_name_vendor_id, u_int32_t,
private_tcg_pts_attr_req_funct_comp_evid_t *this)
{
return this->comp_vendor_id;
}
METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_family, u_int8_t,
private_tcg_pts_attr_req_funct_comp_evid_t *this)
{
return this->family;
}
METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_qualifier, pts_qualifier_t,
private_tcg_pts_attr_req_funct_comp_evid_t *this)
{
return this->qualifier;
}
METHOD(tcg_pts_attr_req_funct_comp_evid_t, set_qualifier, void,
private_tcg_pts_attr_req_funct_comp_evid_t *this, pts_qualifier_t qualifier)
{
this->qualifier = qualifier;
}
METHOD(tcg_pts_attr_req_funct_comp_evid_t, get_comp_funct_name, pts_ita_funct_comp_name_t,
private_tcg_pts_attr_req_funct_comp_evid_t *this)
{
return this->name;
}
METHOD(tcg_pts_attr_req_funct_comp_evid_t, set_comp_funct_name, void,
private_tcg_pts_attr_req_funct_comp_evid_t *this, pts_ita_funct_comp_name_t name)
{
this->name = name;
return this->requests;
}
/**
* Described in header.
*/
pa_tnc_attr_t *tcg_pts_attr_req_funct_comp_evid_create(
pts_attr_req_funct_comp_evid_flag_t flags,
u_int32_t depth, u_int32_t vendor_id,
pts_qualifier_t qualifier,
pts_ita_funct_comp_name_t name)
pts_funct_comp_evid_req_t *requests)
{
private_tcg_pts_attr_req_funct_comp_evid_t *this;
@ -319,24 +310,11 @@ pa_tnc_attr_t *tcg_pts_attr_req_funct_comp_evid_create(
.process = _process,
.destroy = _destroy,
},
.get_flags= _get_flags,
.set_flags= _set_flags,
.get_sub_component_depth = _get_sub_component_depth,
.get_comp_funct_name_vendor_id = _get_comp_funct_name_vendor_id,
.get_family = _get_family,
.get_qualifier = _get_qualifier,
.set_qualifier = _set_qualifier,
.get_comp_funct_name = _get_comp_funct_name,
.set_comp_funct_name = _set_comp_funct_name,
.get_requests = _get_requests,
},
.vendor_id = PEN_TCG,
.type = TCG_PTS_REQ_FUNCT_COMP_EVID,
.flags = flags,
.depth = depth,
.comp_vendor_id = vendor_id,
.family = PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM,
.qualifier = qualifier,
.name = name,
.requests = requests,
);
return &this->public.pa_tnc_attribute;
@ -362,15 +340,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_funct_comp_evid_create_from_data(chunk_t data)
.process = _process,
.destroy = _destroy,
},
.get_flags= _get_flags,
.set_flags= _set_flags,
.get_sub_component_depth = _get_sub_component_depth,
.get_comp_funct_name_vendor_id = _get_comp_funct_name_vendor_id,
.get_family = _get_family,
.get_qualifier = _get_qualifier,
.set_qualifier = _set_qualifier,
.get_comp_funct_name = _get_comp_funct_name,
.set_comp_funct_name = _set_comp_funct_name,
.get_requests = _get_requests,
},
.vendor_id = PEN_TCG,
.type = TCG_PTS_REQ_FUNCT_COMP_EVID,

94
src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.h
View File

@ -22,25 +22,12 @@
#define TCG_PTS_ATTR_REQ_FUNCT_COMP_EVID_H_
typedef struct tcg_pts_attr_req_funct_comp_evid_t tcg_pts_attr_req_funct_comp_evid_t;
typedef enum pts_attr_req_funct_comp_evid_flag_t pts_attr_req_funct_comp_evid_flag_t;
#include "tcg_attr.h"
#include "pts/pts_funct_comp_name.h"
#include "pts/pts_funct_comp_evid_req.h"
#include "pa_tnc/pa_tnc_attr.h"
/**
* PTS Request Functional Component Evidence Flags
*/
enum pts_attr_req_funct_comp_evid_flag_t {
/** Transitive Trust Chain flag */
PTS_REQ_FUNC_COMP_FLAG_TTC = (1<<7),
/** Verify Component flag */
PTS_REQ_FUNC_COMP_FLAG_VER = (1<<6),
/** Current Evidence flag */
PTS_REQ_FUNC_COMP_FLAG_CURR = (1<<5),
/** PCR Information flag */
PTS_REQ_FUNC_COMP_FLAG_PCR = (1<<4),
};
/**
* Class implementing the TCG PTS Request Functional Component Evidence attribute
@ -54,71 +41,12 @@ struct tcg_pts_attr_req_funct_comp_evid_t {
pa_tnc_attr_t pa_tnc_attribute;
/**
* Get flags for PTS Request Functional Component Evidence
* Get PTS Functional Component Evidence Requests
*
* @return Set of flags
* @return PTS Functional Component Evidence Requests
*/
pts_attr_req_funct_comp_evid_flag_t (*get_flags)(tcg_pts_attr_req_funct_comp_evid_t *this);
/**
* Set flags for PTS Request Functional Component Evidence
*
* @param flags Set of flags
*/
void (*set_flags)(tcg_pts_attr_req_funct_comp_evid_t *this,
pts_attr_req_funct_comp_evid_flag_t flags);
/**
* Get Sub-component Depth
*
* @return Sub-component Depth
*/
u_int32_t (*get_sub_component_depth)(tcg_pts_attr_req_funct_comp_evid_t *this);
/**
* Get Component Functional Name Vendor ID
*
* @return Component Functional Name Vendor ID
*/
u_int32_t (*get_comp_funct_name_vendor_id)(tcg_pts_attr_req_funct_comp_evid_t *this);
/**
* Get Family
*
* @return Functional Name Family
*/
u_int8_t (*get_family)(tcg_pts_attr_req_funct_comp_evid_t *this);
/**
* Get Qualifier
*
* @return Functional Name Category Qualifier
*/
pts_qualifier_t (*get_qualifier)(tcg_pts_attr_req_funct_comp_evid_t *this);
/**
* Set qualifier for Component Functional Name
*
* @param qualifier Functional Name Category Qualifier
*/
void (*set_qualifier)(tcg_pts_attr_req_funct_comp_evid_t *this,
pts_qualifier_t qualifier);
/**
* Get Component Functional Name
*
* @return Component Functional Name
*/
pts_ita_funct_comp_name_t (*get_comp_funct_name)(tcg_pts_attr_req_funct_comp_evid_t *this);
/**
* Set Component Functional Name
*
* @param name Component Functional Name
*/
void (*set_comp_funct_name)(tcg_pts_attr_req_funct_comp_evid_t *this,
pts_ita_funct_comp_name_t name);
pts_funct_comp_evid_req_t* (*get_requests)(
tcg_pts_attr_req_funct_comp_evid_t *this);
};
@ -126,16 +54,10 @@ struct tcg_pts_attr_req_funct_comp_evid_t {
/**
* Creates an tcg_pts_attr_req_funct_comp_evid_t object
*
* @param flags Set of flags
* @param depth Sub-component Depth
* @param vendor_id Component Functional Name Vendor ID
* @param qualifier Functional Name Category Qualifier
* @param name Component Functional Name
* @param requests Linked list of PTS Functional Component Evidence Requests
*/
pa_tnc_attr_t* tcg_pts_attr_req_funct_comp_evid_create(pts_attr_req_funct_comp_evid_flag_t flags,
u_int32_t depth, u_int32_t vendor_id,
pts_qualifier_t qualifier,
pts_ita_funct_comp_name_t name);
pa_tnc_attr_t* tcg_pts_attr_req_funct_comp_evid_create(
pts_funct_comp_evid_req_t *requests);
/**
* Creates an tcg_pts_attr_req_funct_comp_evid_t object from received data