Factored IMC/V Attestation build/process of Component Functional Name

src/libimcv/plugins/imc_attestation/imc_attestation_process.c

@@ -50,11 +50,10 @@
 /**
  * Set parameters of Simple Component Evidence
  */
-static bool set_simple_comp_evid_params(pts_ita_funct_comp_name_t name,
-								tcg_pts_attr_simple_comp_evid_params_t *out)
+static bool set_simple_comp_evid_params(pts_t *pts, pts_comp_func_name_t *name,
+				u_int8_t sequence, tcg_pts_attr_simple_comp_evid_params_t *out)
 {
 	tcg_pts_attr_simple_comp_evid_params_t params;
-	pts_qualifier_t qualifier;
 	time_t measurement_time_t;
 	struct tm *time_now;
 	char *utc_time;
@@ -63,12 +62,7 @@ static bool set_simple_comp_evid_params(pts_ita_funct_comp_name_t name,
 	params.pcr_info_included = TRUE;
 	params.flags = PTS_SIMPLE_COMP_EVID_FLAG_NO_VALID;
 	params.depth = 0;
-	params.vendor_id = PEN_ITA;
 
-	qualifier.kernel = FALSE;
-	qualifier.sub_component = FALSE;
-	qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED;
-	params.qualifier = qualifier;
 	/* The measurements done by tboot and trustedGRUB are SHA1 hashes */
 	params.hash_algorithm = TRUSTED_HASH_ALGO;
 	params.transformation = PTS_PCR_TRANSFORM_NO;
@@ -101,23 +95,30 @@ static bool set_simple_comp_evid_params(pts_ita_funct_comp_name_t name,
 	
 	params.policy_uri = chunk_empty;
 
-	/* Provisional/temporal implementation for trsutedGRUB measurements */
-	if (params.name != PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY &&
-		params.name != PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE)
+	/* Provisional/temporal implementation for components except tboot */
+	if (params.name->get_name(params.name) == PTS_ITA_COMP_FUNC_NAME_TGRUB)
 	{
+		params.extended_pcr = PCR_DEBUG;
+		
 		params.measurement = chunk_alloc(HASH_SIZE_SHA1);
 		memset(params.measurement.ptr, 0, HASH_SIZE_SHA1);
+		
 		params.pcr_before = chunk_alloc(PCR_LEN);
 		memset(params.pcr_before.ptr, 0, PCR_LEN);
+		
+		if(!pts->read_pcr(pts, params.extended_pcr,	&params.pcr_after))
+		{
+			DBG1(DBG_IMC, "error occured while reading PCR: %d",
+				 params.extended_pcr);
+			return FALSE;
+		}
 	}
-
 	/* Set parameters which varies from component to component */
-	if (params.name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY ||
-		params.name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE)
+	else if (params.name->get_name(params.name) == PTS_ITA_COMP_FUNC_NAME_TBOOT)
 	{
 		char *measurement, *pcr_before, *pcr_after;
 
-		if (params.name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY)
+		if (sequence == 1)
 		{
 			params.extended_pcr = PCR_TBOOT_POLICY;
 			measurement = lib->settings->get_str(lib->settings,
@@ -153,33 +154,13 @@ static bool set_simple_comp_evid_params(pts_ita_funct_comp_name_t name,
 			chunk_create(pcr_after, strlen(pcr_after)), NULL);
 		
 	}
-	else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_MBR_STAGE1)
-	{
-		params.extended_pcr = PCR_TGRUB_MBR_STAGE1;
-	}
-	else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_STAGE2_PART1)
-	{
-		params.extended_pcr = PCR_TGRUB_STAGE2_PART1;
-	}
-	else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_STAGE2_PART2)
-	{
-		params.extended_pcr = PCR_TGRUB_STAGE2_PART2;
-	}
-	else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_CMD_LINE_ARGS)
-	{
-		params.extended_pcr = PCR_TGRUB_CMD_LINE_ARGS;
-	}
-	else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_CHECKFILE)
-	{
-		params.extended_pcr = PCR_TGRUB_CHECKFILE;
-	}
-	else if (params.name == PTS_ITA_FUNC_COMP_NAME_TGRUB_LOADED_FILES)
-	{
-		params.extended_pcr = PCR_TGRUB_LOADED_FILES;
-	}
 	else
 	{
-		DBG1(DBG_IMC, "unsupported Functional Component Name: %d", params.name);
+		DBG1(DBG_IMC, "unsupported Functional Component Name: Vendor ID: %d"
+					  " Name: %d, Qualifier: %d", 
+						params.name->get_vendor_id(params.name),
+						params.name->get_name(params.name),
+						params.name->get_qualifier(params.name));
 		return FALSE;
 	}
 	
@@ -464,11 +445,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			funct_comp_evid_req_entry_t *entry;
 			u_int32_t requests_count;
 			pts_attr_req_funct_comp_evid_flag_t flags;
-			u_int32_t sub_comp_depth, comp_name_vendor_id;
-			u_int8_t family;
-			pts_qualifier_t qualifier;
-			pts_ita_funct_comp_name_t name;
-
+			u_int32_t sub_comp_depth;
+			pts_comp_func_name_t *name;
+			
 			attr_info = attr->get_value(attr);
 			attr_cast = (tcg_pts_attr_req_funct_comp_evid_t*)attr;
 			requests = attr_cast->get_requests(attr_cast);
@@ -482,16 +461,13 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			{
 				flags = entry->flags;
 				sub_comp_depth = entry->sub_comp_depth;
-				comp_name_vendor_id = entry->vendor_id;
-				family = entry->family;
-				qualifier = entry->qualifier;
-				name = entry->name;
+				name = entry->name->clone(entry->name);
 				negotiated_caps = pts->get_proto_caps(pts);
 
 				DBG1(DBG_IMC, "Requested Evidence flags: %d, depth: %d,"
-							  " vendor_id: %d, family: %d, qualifier %d, name: %d",
-								flags, sub_comp_depth, comp_name_vendor_id, family,
-								qualifier, name);
+							  " vendor_id: %d, qualifier %d, name: %d",
+								flags, sub_comp_depth, name->get_vendor_id(name),
+								name->get_qualifier(name), name->get_name(name));
 
 				if (flags & PTS_REQ_FUNC_COMP_FLAG_TTC)
 				{
@@ -531,13 +507,14 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 							"zero. Measuring top level component only.");
 					return FALSE;
 				}
-				if (comp_name_vendor_id != PEN_ITA)
+				if (name->get_vendor_id(name) != PEN_ITA)
 				{
 					DBG1(DBG_IMC, "current version of Attestation IMC supports"
 								  "only functional component namings by ITA");
 					return FALSE;
 				}
-				if (family)
+				/* Check Family */
+				if (name->get_qualifier(name) & PTS_REQ_FUNCT_COMP_FAMILY_MASK)
 				{
 					attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
 										TCG_PTS_INVALID_NAME_FAM, attr_info);
@@ -546,51 +523,64 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 				}
 
 				/* Check if Unknown or Wildcard was set for qualifier */
-				if (qualifier.kernel && qualifier.sub_component &&
-					(qualifier.type & PTS_ITA_FUNC_COMP_TYPE_ALL))
+				if (name->get_qualifier(name) & PTS_QUALIFIER_WILDCARD)
 				{
 					DBG2(DBG_IMC, "wildcard was set for the qualifier of functional"
 								  " component. Identifying the component with "
 								  "name binary enumeration");
 				}
-				else if (!qualifier.kernel && !qualifier.sub_component &&
-					(qualifier.type & PTS_ITA_FUNC_COMP_TYPE_UNKNOWN))
+				else if (name->get_qualifier(name) & PTS_QUALIFIER_UNKNOWN)
 				{
 					DBG2(DBG_IMC, "unknown was set for the qualifier of functional"
 								  " component. Identifying the component with "
 								  "name binary enumeration");
 				}
-				else if (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_TRUSTED)
+				else if ((name->get_qualifier(name) >> PTS_ITA_QUALIFIER_TYPE_SIZE)
+					& PTS_ITA_QUALIFIER_TYPE_TRUSTED)
 				{
 					tcg_pts_attr_simple_comp_evid_params_t params;
 
-					/* Set parameters of Simple Component Evidence */
-					if (!set_simple_comp_evid_params(name, &params))
+					if (name->get_name(name) == PTS_ITA_COMP_FUNC_NAME_TBOOT)
 					{
-						DBG1(DBG_IMC, "error occured while setting parameters"
-									  "for Simple Component Evidence");
-						return FALSE;
-					}
+						u_int8_t i;
+						for (i = 1; i <= TBOOT_SEQUENCE_COUNT; i++)
+						{
+							 /* Set parameters of Simple Component Evidence */
+							 if (!set_simple_comp_evid_params(pts, name, i, &params))
+							 {
+								 DBG1(DBG_IMC, "error occured while setting "
+									" parameters for Simple Component Evidence");
+								 return FALSE;
+							 }
+							 /* Buffer Simple Component Evidence attribute */
+							attr = tcg_pts_attr_simple_comp_evid_create(params);
+							evidences->insert_last(evidences, attr);
 
-					/* Get PCR after value from log when TBOOT is measuring entity */
-					if (!(name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY ||
-						name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE) &&
-						!pts->read_pcr(pts, params.extended_pcr, &params.pcr_after))
+						}
+						break;
+					}
+					else
 					{
-						DBG1(DBG_IMC, "error occured while reading PCR: %d",
-							 params.extended_pcr);
-						return FALSE;
-					}
+						/* Set parameters of Simple Component Evidence */
+						if (!set_simple_comp_evid_params(pts, name, 0, &params))
+						{
+							DBG1(DBG_IMC, "error occured while setting parameters"
+										  "for Simple Component Evidence");
+							return FALSE;
+						}
+						
+						/* Buffer Simple Component Evidence attribute */
+						attr = tcg_pts_attr_simple_comp_evid_create(params);
+						evidences->insert_last(evidences, attr);
 
-					/* Buffer Simple Component Evidence attribute */
-					attr = tcg_pts_attr_simple_comp_evid_create(params);
-					evidences->insert_last(evidences, attr);
-					break;
+						break;
+					}
 				}
 				else
 				{
 					DBG1(DBG_IMC, "Functional Component with unsupported type: %d"
-								  "was requested for evidence", qualifier.type);
+								  "was requested for evidence",
+					(name->get_qualifier(name) >> PTS_ITA_QUALIFIER_TYPE_SIZE));
 					break;
 				}
 			}

src/libimcv/plugins/imv_attestation/imv_attestation_build.c

@@ -209,11 +209,15 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
 		case IMV_ATTESTATION_STATE_COMP_EVID:
 		{
 			enumerator_t *enumerator;
-			char flags[8];
+			/* TODO: pts_components undeclared */
+			/*char flags[8];
+			int type;
+			*/
 			char *platform_info;
 			pts_funct_comp_evid_req_t *requests = NULL;
 			funct_comp_evid_req_entry_t *entry;
-			int vid, name, qualifier, type;
+			int vid, name, qualifier;
+			
 			bool first_req = TRUE;
 
 			attestation_state->set_handshake_state(attestation_state,
@@ -244,7 +248,8 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
 				entry->sub_comp_depth = 0;
 				entry->name = pts_comp_func_name_create(vid, name, qualifier);
 
-				type = pts_components->get_qualifier(pts_components,
+				/* TODO: pts_components undeclared */
+				/*type = pts_components->get_qualifier(pts_components,
 													 entry->name, &flags);
 
 				DBG2(DBG_TNC, "%N functional component '%N' with qualifier %s '%N'",
@@ -253,7 +258,7 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
 					 name, flags,
 					 pts_components->get_qualifier_type_names(pts_components, vid),
 					 type);
-
+				*/
 				if (first_req)
 				{
 					/* Create a requests object */

src/libimcv/plugins/imv_attestation/imv_attestation_process.c

@@ -263,19 +263,17 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 		case TCG_PTS_SIMPLE_COMP_EVID:
 		{
 			tcg_pts_attr_simple_comp_evid_t *attr_cast;
-			bool pcr_info_inclided, component_meas_error = FALSE;
+			bool pcr_info_inclided, component_meas_found = FALSE;
 			pts_attr_simple_comp_evid_flag_t flags;
-			u_int32_t depth, comp_vendor_id, extended_pcr;
+			u_int32_t depth, extended_pcr;
 			u_int8_t  measurement_type;
-			pts_qualifier_t qualifier;
-			pts_ita_funct_comp_name_t name;
+			pts_comp_func_name_t *name;
 			pts_meas_algorithms_t hash_algorithm;
 			pts_pcr_transform_t transformation;
 			chunk_t measurement_time, policy_uri;
 			chunk_t pcr_before, pcr_after, measurement, comp_hash;
 			enumerator_t *enumerator;
 			char *platform_info;
-			const char *component_name;
 
 			attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
 			attr_info = attr->get_value(attr);
@@ -288,43 +286,39 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 				DBG1(DBG_IMV, "Current version of Attestation IMV does not"
 						" support sub component measurement deeper than zero");
 			}
-			comp_vendor_id = attr_cast->get_spec_comp_funct_name_vendor_id(
-														attr_cast);
-			if (comp_vendor_id != PEN_ITA)
+			name = attr_cast->get_comp_func_name(attr_cast);
+			if (name->get_vendor_id(name) != PEN_ITA)
 			{
 				DBG1(DBG_IMV, "Current version of Attestation IMV supports"
 							  "only functional component namings by ITA ");
 				break;
 			}
-			family = attr_cast->get_family(attr_cast);
-			if (family)
+
+			/* Check Family */
+			if (name->get_qualifier(name) & PTS_SIMPLE_COMP_EVID_FAMILY_MASK)
 			{
 				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
 								TCG_PTS_INVALID_NAME_FAM, attr_info);
 				attr_list->insert_last(attr_list, attr);
 				break;
 			}
-			qualifier = attr_cast->get_qualifier(attr_cast);
 
 			/* Check if Unknown or Wildcard was set for qualifier */
-			if (qualifier.kernel && qualifier.sub_component &&
-			   (qualifier.type & PTS_ITA_FUNC_COMP_TYPE_ALL))
+			if (name->get_qualifier(name) & PTS_QUALIFIER_WILDCARD)
 			{
 				DBG1(DBG_IMV, "Wildcard was set for the qualifier "
 							  "of functional component");
 				return FALSE;
 			}
-			else if (!qualifier.kernel && !qualifier.sub_component &&
-					(qualifier.type & PTS_ITA_FUNC_COMP_TYPE_UNKNOWN))
+			else if (name->get_qualifier(name) & PTS_QUALIFIER_UNKNOWN)
 			{
 				DBG1(DBG_IMV, "Unknown feature was set for the qualifier "
 							  "of functional component");
 				return FALSE;
 			}
 
-			name = attr_cast->get_comp_funct_name(attr_cast);
-			if (!attestation_state->check_off_comp_evid_request(attestation_state,
-				comp_vendor_id, qualifier, name))
+			if (!attestation_state->check_off_comp_evid_request(
+					attestation_state, name))
 			{
 				DBG1(DBG_IMV, "  no entry found for component evidence request");
 				break;
@@ -346,44 +340,36 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 				break;
 			}
 
-			if (name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY)
+			if (name->get_name(name) != PTS_ITA_COMP_FUNC_NAME_TBOOT &&
+				name->get_name(name) != PTS_ITA_COMP_FUNC_NAME_TGRUB)
 			{
-				component_name = TBOOT_POLICY_STR;
-			}
-			else if (name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE)
-			{
-				component_name = TBOOT_MLE_STR;
-			}
-			else
-			{
-					DBG1(DBG_IMV, "Unknown functional component name: \"%d\"",
-						 name);
-					return FALSE;
+				DBG1(DBG_IMV, "Unknown functional component name: \"%d\"",
+					 name->get_name(name));
+				return FALSE;
 			}
+			
 			enumerator = pts_db->create_comp_hash_enumerator(pts_db,
-					platform_info, PTS_MEAS_ALGO_SHA1, (char *)component_name);
+					platform_info, PTS_MEAS_ALGO_SHA1, name);
 			if (!enumerator)
 			{
 				break;
 			}
 			while (enumerator->enumerate(enumerator, &comp_hash))
 			{
-				if (!chunk_equals(comp_hash, measurement))
-				{
-					DBG1(DBG_IMV, "Unmatching Functional Component Measurement:"
-							"%B, expected: %B", &measurement, &comp_hash);
-					component_meas_error = TRUE;
-				}
-				else
+				if (chunk_equals(comp_hash, measurement))
 				{
 					DBG2(DBG_IMV, "Matching Functional Component Measurement:"
 							"%B", &measurement);
+					component_meas_found = TRUE;
+					break;
 				}
 			}
 			enumerator->destroy(enumerator);
 
-			if (component_meas_error)
+			if (!component_meas_found)
 			{
+				DBG1(DBG_IMV, "Unmatching Functional Component Measurement:"
+								"%B, expected: %B", &measurement, &comp_hash);
 				attestation_state->set_measurement_error(attestation_state);
 			}
 			

src/libpts/pts/components/pts_comp_func_name.c

@@ -18,9 +18,6 @@
 
 #include <debug.h>
 
-#define PTS_QUALIFIER_UNKNOWN		0x00
-#define PTS_QUALIFIER_WILDCARD		0x3F
-
 typedef struct private_pts_comp_func_name_t private_pts_comp_func_name_t;
 
 /**

src/libpts/pts/components/pts_comp_func_name.h

@@ -25,6 +25,9 @@ typedef struct pts_comp_func_name_t pts_comp_func_name_t;
 
 #include <library.h>
 
+#define PTS_QUALIFIER_UNKNOWN		0x00
+#define PTS_QUALIFIER_WILDCARD		0x3F
+
 /**
  * PTS Component Functional Name object
  */

src/libpts/pts/pts.h

@@ -31,6 +31,11 @@ typedef struct pcr_entry_t pcr_entry_t;
 #include "pts_file_meta.h"
 #include "pts_dh_group.h"
 #include "pts_funct_comp_evid_req.h"
+#include "components/pts_comp_func_name.h"
+#include "components/tcg/tcg_comp_func_name.h"
+#include "components/ita/ita_comp_func_name.h"
+#include "components/ita/ita_comp_tboot.h"
+#include "components/ita/ita_comp_tgrub.h"
 
 #include <library.h>
 #include <utils/linked_list.h>
@@ -60,8 +65,13 @@ typedef struct pcr_entry_t pcr_entry_t;
 #define PCR_TGRUB_CHECKFILE				13
 #define PCR_TGRUB_LOADED_FILES			14
 
-#define TBOOT_POLICY_STR				(const char *)("tboot_pcr17")
-#define TBOOT_MLE_STR					(const char *)("tboot_pcr18")
+#define PCR_DEBUG						16
+
+/**
+ * Number of sequences for functional components
+ */
+#define TBOOT_SEQUENCE_COUNT			2
+#define TGRUB_SEQUENCE_COUNT			6
 
 /**
  * Length of the generated nonce used for calculation of shared secret

src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.c

@@ -59,7 +59,6 @@ typedef struct private_tcg_pts_attr_req_funct_comp_evid_t private_tcg_pts_attr_r
  */
  
 #define PTS_REQ_FUNCT_COMP_EVID_SIZE		12
-#define PTS_REQ_FUNCT_COMP_FAMILY_MASK		0xC0
 
 /**
  * Private data of an tcg_pts_attr_req_funct_comp_evid_t object.

src/libpts/tcg/tcg_pts_attr_req_funct_comp_evid.h

@@ -28,6 +28,8 @@ typedef struct tcg_pts_attr_req_funct_comp_evid_t tcg_pts_attr_req_funct_comp_ev
 #include "pts/pts_funct_comp_evid_req.h"
 #include "pa_tnc/pa_tnc_attr.h"
 
+#define PTS_REQ_FUNCT_COMP_FAMILY_MASK		0xC0
+
 /**
  * Class implementing the TCG PTS Request Functional Component Evidence attribute
  *

src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c

@@ -80,7 +80,6 @@ typedef struct private_tcg_pts_attr_simple_comp_evid_t private_tcg_pts_attr_simp
 #define PTS_SIMPLE_COMP_EVID_SIZE					40
 #define PTS_SIMPLE_COMP_EVID_MEASUREMENT_TIME_SIZE	20
 #define PTS_SIMPLE_COMP_EVID_RESERVED				0x00
-#define PTS_SIMPLE_COMP_EVID_FAMILY_MASK			0xC0
 
 /**
  * Private data of an tcg_pts_attr_simple_comp_evid_t object.

src/libpts/tcg/tcg_pts_attr_simple_comp_evid.h

@@ -31,6 +31,8 @@ typedef struct tcg_pts_attr_simple_comp_evid_params_t tcg_pts_attr_simple_comp_e
 #include "pts/components/pts_comp_func_name.h" 
 #include "pa_tnc/pa_tnc_attr.h"
 
+#define PTS_SIMPLE_COMP_EVID_FAMILY_MASK			0xC0
+
 /**
  * PTS Simple Component Evidence Flags
  */