ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

register aik certificate via ipsec attest

This commit is contained in:
Andreas Steffen 2011-12-25 14:30:52 +01:00
parent 84da59f609
commit cb4da3f610
5 changed files with 65 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
configure.in
View File

@ -799,25 +799,25 @@ ADD_PLUGIN([pkcs11], [s libcharon pki])
ADD_PLUGIN([aes], [s libcharon pluto openac scepclient pki scripts])
ADD_PLUGIN([des], [s libcharon pluto openac scepclient pki scripts])
ADD_PLUGIN([blowfish], [s libcharon pluto openac scepclient pki scripts])
ADD_PLUGIN([sha1], [s libcharon pluto openac scepclient pki scripts medsrv])
ADD_PLUGIN([sha2], [s libcharon pluto openac scepclient pki scripts medsrv])
ADD_PLUGIN([sha1], [s libcharon pluto openac scepclient pki scripts medsrv attest])
ADD_PLUGIN([sha2], [s libcharon pluto openac scepclient pki scripts medsrv attest])
ADD_PLUGIN([md4], [s libcharon openac manager scepclient pki])
ADD_PLUGIN([md5], [s libcharon pluto openac scepclient pki scripts])
ADD_PLUGIN([random], [s libcharon pluto openac scepclient pki scripts medsrv])
ADD_PLUGIN([x509], [s libcharon pluto openac scepclient pki scripts])
ADD_PLUGIN([md5], [s libcharon pluto openac scepclient pki scripts attest])
ADD_PLUGIN([random], [s libcharon pluto openac scepclient pki scripts medsrv attest])
ADD_PLUGIN([x509], [s libcharon pluto openac scepclient pki scripts attest])
ADD_PLUGIN([revocation], [s libcharon])
ADD_PLUGIN([constraints], [s libcharon])
ADD_PLUGIN([pubkey], [s libcharon])
ADD_PLUGIN([pkcs1], [s libcharon pluto openac scepclient pki scripts manager medsrv])
ADD_PLUGIN([pkcs1], [s libcharon pluto openac scepclient pki scripts manager medsrv attest])
ADD_PLUGIN([pgp], [s libcharon pluto])
ADD_PLUGIN([dnskey], [s pluto])
ADD_PLUGIN([pem], [s libcharon pluto openac scepclient pki scripts manager medsrv])
ADD_PLUGIN([pem], [s libcharon pluto openac scepclient pki scripts manager medsrv attest])
ADD_PLUGIN([padlock], [s libcharon])
ADD_PLUGIN([openssl], [s libcharon pluto openac scepclient pki scripts manager medsrv])
ADD_PLUGIN([gcrypt], [s libcharon pluto openac scepclient pki scripts manager medsrv])
ADD_PLUGIN([af-alg], [s libcharon pluto openac scepclient pki scripts medsrv])
ADD_PLUGIN([openssl], [s libcharon pluto openac scepclient pki scripts manager medsrv attest])
ADD_PLUGIN([gcrypt], [s libcharon pluto openac scepclient pki scripts manager medsrv attest])
ADD_PLUGIN([af-alg], [s libcharon pluto openac scepclient pki scripts medsrv attest])
ADD_PLUGIN([fips-prf], [s libcharon])
ADD_PLUGIN([gmp], [s libcharon pluto openac scepclient pki scripts manager medsrv])
ADD_PLUGIN([gmp], [s libcharon pluto openac scepclient pki scripts manager medsrv attest])
ADD_PLUGIN([agent], [s libcharon])
ADD_PLUGIN([xcbc], [s libcharon])
ADD_PLUGIN([hmac], [s libcharon pluto scripts])

51
src/libpts/plugins/imv_attestation/attest.c
View File

@ -34,7 +34,7 @@
/**
* global debug output variables
*/
static int debug_level = 0;
static int debug_level = 2;
static bool stderr_quiet = TRUE;
/**
@ -121,10 +121,11 @@ static void do_args(int argc, char *argv[])
{ "keys", no_argument, NULL, 'k' },
{ "products", no_argument, NULL, 'p' },
{ "hashes", no_argument, NULL, 'H' },
{ "measurements", no_argument, NULL, 'M' },
{ "measurements", no_argument, NULL, 'm' },
{ "add", no_argument, NULL, 'a' },
{ "delete", no_argument, NULL, 'd' },
{ "del", no_argument, NULL, 'd' },
{ "aik", required_argument, NULL, 'A' },
{ "component", required_argument, NULL, 'C' },
{ "comp", required_argument, NULL, 'C' },
{ "directory", required_argument, NULL, 'D' },
@ -167,7 +168,7 @@ static void do_args(int argc, char *argv[])
case 'H':
op = OP_HASHES;
continue;
case 'M':
case 'm':
op = OP_MEASUREMENTS;
continue;
case 'a':
@ -176,6 +177,43 @@ static void do_args(int argc, char *argv[])
case 'd':
op = OP_DEL;
continue;
case 'A':
{
certificate_t *aik_cert;
public_key_t *aik_key;
chunk_t aik;
aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_X509, BUILD_FROM_FILE, optarg, BUILD_END);
if (!aik_cert)
{
printf("AIK certificate '%s' could not be loaded\n", optarg);
exit(EXIT_FAILURE);
}
aik_key = aik_cert->get_public_key(aik_cert);
aik_cert->destroy(aik_cert);
if (!aik_key)
{
printf("AIK public key could not be retrieved\n");
exit(EXIT_FAILURE);
}
if (!aik_key->get_fingerprint(aik_key, KEYID_PUBKEY_INFO_SHA1,
&aik))
{
printf("AIK fingerprint could not be computed\n");
aik_key->destroy(aik_key);
exit(EXIT_FAILURE);
}
aik = chunk_clone(aik);
aik_key->destroy(aik_key);
if (!attest->set_key(attest, aik, op == OP_ADD))
{
exit(EXIT_FAILURE);
}
continue;
}
case 'C':
if (!attest->set_component(attest, optarg, op == OP_ADD))
{
@ -195,11 +233,16 @@ static void do_args(int argc, char *argv[])
}
continue;
case 'K':
if (!attest->set_key(attest, optarg, op == OP_ADD))
{
chunk_t aik;
aik = chunk_from_hex(chunk_create(optarg, strlen(optarg)), NULL);
if (!attest->set_key(attest, aik, op == OP_ADD))
{
exit(EXIT_FAILURE);
}
continue;
}
case 'O':
attest->set_owner(attest, optarg);
continue;

5
src/libpts/plugins/imv_attestation/attest_db.c
View File

@ -402,7 +402,7 @@ METHOD(attest_db_t, set_fid, bool,
}
METHOD(attest_db_t, set_key, bool,
private_attest_db_t *this, char *key, bool create)
private_attest_db_t *this, chunk_t key, bool create)
{
enumerator_t *e;
char *owner;
@ -412,7 +412,7 @@ METHOD(attest_db_t, set_key, bool,
printf("key has already been set\n");
return FALSE;
}
this->key = chunk_from_hex(chunk_create(key, strlen(key)), NULL);
this->key = key;
e = this->db->query(this->db, "SELECT id, owner FROM keys WHERE keyid= ?",
DB_BLOB, this->key, DB_INT, DB_TEXT);
@ -420,6 +420,7 @@ METHOD(attest_db_t, set_key, bool,
{
if (e->enumerate(e, &this->kid, &owner))
{
free(this->owner);
this->owner = strdup(owner);
this->key_set = TRUE;
}

2
src/libpts/plugins/imv_attestation/attest_db.h
View File

@ -91,7 +91,7 @@ struct attest_db_t {
* @param create if TRUE create database entry if it doesn't exist
* @return TRUE if successful
*/
bool (*set_key)(attest_db_t *this, char *key, bool create);
bool (*set_key)(attest_db_t *this, chunk_t key, bool create);
/**
* Set primary key of the AIK to be queried

6
src/libpts/plugins/imv_attestation/attest_usage.c
View File

@ -56,7 +56,7 @@ Usage:\n\
Show a list of component measurements for a given component or\n\
its primary key as an optional selector.\n\
\n\
ipsec attest --measurements [--sha1|--sha256|--sha384] [--key <digest>|--kid <id>]\n\
ipsec attest --measurements [--sha1|--sha256|--sha384] [--key <digest>|--kid <id>|--aik <path>]\n\
Show a list of component measurements for a given AIK or\n\
its primary key as an optional selector.\n\
\n\
@ -64,7 +64,7 @@ Usage:\n\
Add a file, directory, product or component entry\n\
Component <cfn> entries must be of the form <vendor_id>/<name>-<qualifier>\n\
\n\
ipsec attest --add [--owner <name>] --key <digest>\n\
ipsec attest --add [--owner <name>] --key <digest>|--aik <path>\n\
Add an AIK public key digest entry preceded by an optional owner name\n\
\n\
ipsec attest --del --file <path>|--fid <id>|--dir <path>|--did <id>\n\
@ -73,7 +73,7 @@ Usage:\n\
ipsec attest --del --product <name>|--pid <id>|--component <cfn>|--cid <id>\n\
Delete a product or component entry referenced either by value or primary key\n\
\n\
ipsec attest --del --key <digest>|--kid <id>\n\
ipsec attest --del --key <digest>|--kid <id>|--aik <path>\n\
Delete an AIK entry referenced either by value or primary key\n\
\n");
}