Martin Willi
bace1d6479
diffie-hellman: Use bool instead of status_t as get_shared_secret() return value
...
While such a change is not unproblematic, keeping status_t makes the API
inconsistent once we introduce return values for the public value operations.
2015-03-23 17:54:02 +01:00
Andreas Steffen
08feb4548a
Replace kid by aik_id in ITA TBOOT functional component
2015-03-16 17:15:28 +01:00
Andreas Steffen
b6685211fb
Create TPM TBOOT Measurement group
2015-03-15 12:24:05 +01:00
Andreas Steffen
8fa9312f09
Updated products in imv database
2015-03-08 17:18:34 +01:00
Andreas Steffen
20f90d7160
attest: output trusted flag and device description
2015-03-08 17:17:11 +01:00
Andreas Steffen
00cd79b678
Make access requestor IP address available to TNC server
2015-03-08 17:17:11 +01:00
Tobias Brunner
436cdae840
unit-tests: Base attributes get adopted by seg-env/seg-contract
2015-03-03 17:05:16 +01:00
Tobias Brunner
a2b400b16b
seg-env: Destroy base attribute if segmentation is not possible
2015-03-03 17:05:16 +01:00
Andreas Steffen
8f5521cbac
Fixed a memory leak in the attribute segmentation code
2015-02-27 15:13:26 +01:00
Andreas Steffen
ca316734e8
Updated Ubuntu 14.04 kernel version
2015-02-27 08:45:37 +01:00
Andreas Steffen
ecf605c6e1
trusted_enumerate requires an additional argument
2015-01-21 23:54:53 +01:00
Tobias Brunner
027c19b097
pts: Do not override status with SUCCESS if length is invalid
2014-12-23 15:40:01 +01:00
Andreas Steffen
05b835c587
Remove unneeded get_count() method
2014-10-17 17:59:43 +02:00
Andreas Steffen
1c2416013c
Process TCG/PTS File Measurement attribute incrementally
2014-10-17 16:11:40 +02:00
Andreas Steffen
82d2142f98
Exempt TCG/SEG attributes from unsupported case statement
2014-10-16 13:38:51 +02:00
Andreas Steffen
08385de6e2
Request IF-M segmentation contract for TCG/PTS subtype
2014-10-16 07:49:42 +02:00
Tobias Brunner
da241b6c75
libimcv: Add generic constructor for PA-TNC attributes
2014-10-15 13:55:13 +02:00
Tobias Brunner
6de42cd323
swid-inventory: Remove unused variable end_of_tag
2014-10-14 17:11:41 +02:00
Tobias Brunner
668fbd4907
libimcv: Add fallback if IPSEC_SCRIPT is not defined
...
This is the case on Android.
2014-10-13 18:16:47 +02:00
Tobias Brunner
ba0355c4ae
libimcv: Updated Android.mk to latest Makefile.am
2014-10-13 18:16:40 +02:00
Tobias Brunner
ffa800ce9d
libimcv: Remove reference to libpts
2014-10-13 17:17:45 +02:00
Tobias Brunner
17eed801e7
libimcv: Fix Doxygen comments after merging libpts into libimcv
2014-10-13 17:11:57 +02:00
Avesh Agarwal
c8719a073d
libimcv: Fix harcoded IMCV_DEFAULT_POLICY_SCRIPT name
...
I came across an issue with src/libimcv/imcv.c where
IMCV_DEFAULT_POLICY_SCRIPT is hardcoded.
It fails where ipsec_script is renamed to, for example, strongswan from
default ipsec.
2014-10-13 16:15:33 +02:00
Andreas Steffen
8b812065f0
Support of multiple directed segmentation contracts
2014-10-11 14:50:08 +02:00
Andreas Steffen
ab99939628
unit-tests: Updated Makefile
2014-10-11 14:50:08 +02:00
Andreas Steffen
a05ca71d07
unit-tests: Added test for seg_contract_manager
2014-10-11 14:50:08 +02:00
Andreas Steffen
4af020be37
Updated build-database.sh script to 3.13.0-37 kernel
2014-10-11 11:40:43 +02:00
Andreas Steffen
b95b664644
Incremental parsing fixes
2014-10-05 22:52:59 +02:00
Andreas Steffen
1bea00651d
Added add_segment() method to TCG/PTS attributes
2014-10-05 19:43:27 +02:00
Andreas Steffen
01be87d086
Added add_segment() method to TCG/SEG attributes
2014-10-05 19:14:38 +02:00
Andreas Steffen
a5dfe7a29a
OS IMV proposes IF-M segmentation contract
...
The OS IMV sends a TCG IF-M Segmentation contract request.
All IETF standard attributes support segmentation. Additionally
the IETF Installed Packages standard attributes supports
incremental processing while segments are received.
2014-10-05 18:43:55 +02:00
Andreas Steffen
fc47211740
SWID IMC proposes IF-M segmentation contracts
2014-10-05 18:43:55 +02:00
Andreas Steffen
30774ee5d6
unit-tests: Updated libimcv test suite
2014-10-05 18:43:54 +02:00
Andreas Steffen
9a515a8856
Added add_segment() method to IETF attributes
2014-10-05 18:43:54 +02:00
Andreas Steffen
97ec4cb055
Added add_segment() method to ITA attributes
2014-10-05 18:43:54 +02:00
Andreas Steffen
903a427008
Implemented incremental processing of SWID tag [ID] inventory attribute
2014-10-05 18:43:54 +02:00
Andreas Steffen
eba0cbcee3
Implemented add_segment method for PA-TNC attributes
2014-10-05 12:55:38 +02:00
Andreas Steffen
e77df5a1f6
Added total length parameter in PA-TNC attribute constructor
2014-10-05 12:55:38 +02:00
Andreas Steffen
ebfd8278f9
Assignment of flags starts with bit 0
2014-10-05 12:55:38 +02:00
Andreas Steffen
95e1524a64
Register the reception of the AIK attribute
2014-10-05 12:55:38 +02:00
Andreas Steffen
4f5b435fe9
Unit tests for libimcv
2014-10-05 12:55:38 +02:00
Andreas Steffen
e23cad3564
Compacted chunk creation in ita_attr_command constructor
2014-10-05 12:55:38 +02:00
Andreas Steffen
d6fb2cc6e3
Merged libpts into libimcv
2014-10-05 12:55:37 +02:00
Andreas Steffen
c4d0987609
Added out message queue for imv_msg receive method
2014-10-05 12:55:37 +02:00
Andreas Steffen
e911ac9a5f
Implemented IF-M segmentation
2014-10-05 12:55:37 +02:00
Andreas Steffen
89d12654b3
Added request variable to get_info_string method
2014-10-03 22:25:09 +02:00
Andreas Steffen
f50968976b
Implemented IF-M segmentation contracts
2014-10-03 22:25:09 +02:00
Andreas Steffen
38b5f527e2
Allow to treat specified Attribute-Type-Not-Supported errors as non-fatal
2014-10-03 22:25:09 +02:00
Andreas Steffen
eafe8795ca
Added Debian 7.6 to IMV database
2014-08-06 08:04:42 +02:00
Andreas Steffen
78ec8c6085
unused os_info_t object removed
2014-08-06 07:55:54 +02:00
Andreas Steffen
3b96147353
Determine type of unsupported PA-TNC attribute in error message
2014-07-16 15:57:15 +02:00
Andreas Steffen
644fc4e1ff
Added Android 4.4.4 to IMV database
2014-06-27 08:27:28 +02:00
Andreas Steffen
d82aa931db
Auxiliary swid_tagstats table boosts performance
2014-06-23 13:32:50 +02:00
Andreas Steffen
927dff2366
The policy_started check is not needed any more
2014-06-18 14:01:02 +02:00
Andreas Steffen
8fc0eae37b
Added Android 4.3 and 4.4.3 to imv database
2014-06-10 16:19:00 +02:00
Tobias Brunner
35e08cde3c
android: Add all Android.mk files to the tarball
2014-06-06 10:12:26 +02:00
Martin Willi
fc50731376
imv: Provide database table scheme for MySQL
2014-06-04 15:53:10 +02:00
Martin Willi
ecc6c2e8a4
libimcv: Pass TNC_SESSION_ID as argument instead as a environment variable
...
Doing so works on Windows as well.
2014-06-04 15:53:10 +02:00
Martin Willi
9b7d1a3b33
libimcv: Be a little more verbose about the Windows system reported
2014-06-04 15:53:10 +02:00
Martin Willi
ede10dd974
imv: Return an empty enumerator instead of null, as expected by callers
2014-06-04 15:53:10 +02:00
Martin Willi
5388389bef
imc-os: Add missing TNC_IMC_API definitions, fixes warnings on Windows
2014-06-04 15:53:10 +02:00
Martin Willi
0c512610cc
imv-os: Don't build pacman on Windows
2014-06-04 15:53:09 +02:00
Martin Willi
1cd9bb49d8
libimcv: Use TNC_IMV_API prefix on TNC functions for correct declspec
2014-06-04 15:53:07 +02:00
Martin Willi
6b98c00285
libimcv: Silence integer to pointer cast warnings
2014-06-04 15:53:07 +02:00
Martin Willi
9bac2c9e40
libimcv: Port os_info (partially) to Windows
2014-06-04 15:53:06 +02:00
Martin Willi
09e5f15a13
libimcv: Disable default syslog() logging if not supported
2014-06-04 15:53:06 +02:00
Martin Willi
fb7cb97d6e
libimcv: Link against ws_w32 on Windows
2014-06-04 15:53:06 +02:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Andreas Steffen
32cb700cd0
Added Debian 7.5 product and all Debian armv6l products
2014-05-31 20:37:56 +02:00
Andreas Steffen
7b05b0bc28
Fixed typo in tables.sql
2014-05-31 20:37:56 +02:00
Andreas Steffen
a123f470f0
Additional index to improve performance
2014-05-31 20:37:56 +02:00
Andreas Steffen
ba6c27f063
Added all SWID tables and example regids
2014-05-21 14:00:31 +02:00
Andreas Steffen
887a88d55b
Similar statistics for packages and file measurements
2014-05-01 09:17:33 +02:00
Tobias Brunner
289456d26a
libimcv: Updated Android.mk
2014-04-25 14:26:31 +02:00
Andreas Steffen
f5a1cfe3f8
pacman.sh now fetches Ubuntu 14.04 security updates
2014-04-24 09:08:07 +02:00
Andreas Steffen
1d7324133b
Indicate IMV in assessment log statement
2014-04-15 09:21:06 +02:00
Andreas Steffen
3e7044b45e
Implemented segmented SWID tag attributes on IMV side
2014-04-15 09:21:06 +02:00
Andreas Steffen
8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
Andreas Steffen
8505ce1cc6
Updated imv database templates
2014-04-15 09:21:05 +02:00
Andreas Steffen
40e8c67392
Use cached pid for product-based package access
2014-04-15 09:21:05 +02:00
Andreas Steffen
48f37c448c
Make Attestation IMV independent of OS IMV
2014-04-15 09:21:05 +02:00
Andreas Steffen
4894bfa227
Separated IMV session management from IMV policy database
2014-04-15 09:21:05 +02:00
Andreas Steffen
c54c26dd17
Implemented configurable Device ID in OS IMC
2014-04-15 09:21:05 +02:00
Andreas Steffen
37ef086ea7
Added Ubuntu 14.04 to IMV database
2014-03-31 22:22:58 +02:00
Andreas Steffen
a21d4096e5
Use logical AND function
2014-02-23 16:44:32 +01:00
Tobias Brunner
ab13364c65
uclibc only defines strndup(3) if _GNU_SOURCE is defined
...
References #516 .
2014-02-19 16:11:47 +01:00
Andreas Steffen
f03441c4dd
pacman.sh creates /etc/pts/dists directory if it doesn't exist yet
2014-02-13 13:21:47 +01:00
Tobias Brunner
1ec3476398
libimcv: Move settings to <ns>.imcv and <ns>.plugins with fallback
2014-02-12 14:34:34 +01:00
Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Tobias Brunner
de7f5305d9
libimcv: Install SQL files in /usr/share/strongswan/templates/database
2014-02-12 14:08:34 +01:00
Andreas Steffen
d6804e3041
Added missing semicolon in SQL statements
2014-02-05 10:15:56 +01:00
Andreas Steffen
523c2874fb
Added Android 4.3.1 to products database table
2014-02-04 19:49:34 +01:00
Andreas Steffen
2a43f7fd9e
Added new Android versions to PTS database
2014-02-04 06:59:01 +01:00
Andreas Steffen
eeaa8a2417
Added TPMRA workitem support in PTS database
2014-01-16 01:46:55 +01:00
Andreas Steffen
81d49c5cfd
Allow reason strings to be used as workitem result string
2014-01-13 12:06:17 +01:00
Andreas Steffen
6009b6e0dd
Attestation IMV processes TPMRA workitem
2014-01-13 12:06:17 +01:00
Andreas Steffen
3254f8b00a
Added TPM Remote Attestation (TPMRA) workitem
2014-01-10 11:55:21 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Andreas Steffen
b891c22aa9
Updated and split data.sql
2013-10-23 00:26:02 +02:00
Andreas Steffen
50d7a55c96
Support Ubuntu 13.10 measurements
2013-10-21 21:33:30 +02:00
Tobias Brunner
be8179abd2
Build all IMC/IMVs with -no-undefined
2013-09-12 01:44:50 +02:00
Tobias Brunner
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
Andreas Steffen
5ec08a6a05
Make sure libstrongswan is initialized first in IMCs and IMVs
2013-09-11 20:58:18 +02:00
Andreas Steffen
9b8137fdd3
Added tags table and some tag samples
2013-09-05 11:29:23 +02:00
Andreas Steffen
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
Andreas Steffen
70a80ef5d4
Output handler of a given workitem
2013-08-16 14:14:13 +02:00
Andreas Steffen
b38d9d5a54
Implemented SWID prototype IMC/IMV pair
2013-08-15 23:34:23 +02:00
Tobias Brunner
e5455e9413
imv-os: check_packages() fails if product query fails
2013-07-24 16:17:22 +02:00
Tobias Brunner
346a4a1fc2
imv-scanner: Properly check snprintf() return value
2013-07-24 16:17:22 +02:00
Tobias Brunner
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Tobias Brunner
d27f225d9a
Use strpfx() helper where appropriate
2013-07-08 18:49:30 +02:00
Tobias Brunner
6bce8e1cfb
libimcv: Properly deinitialize libimcv
...
Other users of imcv_pa_tnc_attributes (libpts) check if it is NULL before
removing vendor IDs.
2013-07-08 18:49:28 +02:00
Tobias Brunner
2c693364a8
imv-scanner: Only add a reason string if there is something to report
2013-07-08 18:49:26 +02:00
Tobias Brunner
1973743443
libimcv: Android.mk added
2013-07-08 18:49:25 +02:00
Andreas Steffen
51bc6a6e74
Cosmetics
2013-07-08 17:58:14 +02:00
Andreas Steffen
34f894b6cc
Scanner IMV without workitems provides immediate recommendation, too
2013-07-08 17:53:05 +02:00
Andreas Steffen
ea6ab9fb49
skip enforcement if a recent measurement was successful
2013-07-08 16:08:05 +02:00
Andreas Steffen
69c4e34859
Always return a result string for a processed workitem
2013-07-04 22:55:58 +02:00
Andreas Steffen
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
Andreas Steffen
6c969fee94
Don't backup old package lists
2013-07-01 10:00:43 +02:00
Tobias Brunner
b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00
Andreas Steffen
71c7b43541
Support blacklist field in PTS database
2013-06-26 12:07:09 +02:00
Andreas Steffen
de8de88fa7
Updated PTS demo database
2013-06-26 10:14:25 +02:00
Andreas Steffen
f4dcbe3bf2
Device can be member of multiple groups
2013-06-25 18:43:07 +02:00
Andreas Steffen
72631301eb
Some IMV policy managers expect a TEXT string
2013-06-25 12:47:07 +02:00
Andreas Steffen
59c9ec107f
Assign default group to newly created devices
2013-06-25 11:49:32 +02:00
Andreas Steffen
632e5b0b99
Set device creation date if it hasn't been set yet
2013-06-24 20:18:16 +02:00
Andreas Steffen
69c4715bf8
Send PA-TNC assessment result even if no workitems are available
2013-06-24 00:22:38 +02:00
Andreas Steffen
02497901d0
Some pacman fixes
2013-06-23 16:23:19 +02:00
Andreas Steffen
6b081a4c21
Some PTS database fixes
2013-06-21 23:25:25 +02:00
Andreas Steffen
45eb318ed4
Implemented pacman in a more reliable way
2013-06-21 23:25:25 +02:00
Andreas Steffen
4fe7294bb3
Define protocol string
2013-06-21 23:25:25 +02:00
Andreas Steffen
41dabbad41
Generate result string for port scan workitems
2013-06-21 23:25:25 +02:00
Andreas Steffen
8fbfe03e4e
Ignore non-matching protocols
2013-06-21 23:25:25 +02:00
Andreas Steffen
e5dd8a1d34
Introduced workitems to Scanner IMV
2013-06-21 23:25:24 +02:00
Andreas Steffen
da99df1443
Added ITA components to database
2013-06-21 23:25:24 +02:00
Andreas Steffen
4cf568a785
Shortened names of default policy groups
2013-06-21 23:25:24 +02:00
Andreas Steffen
19ce03be73
Store device with product ID
2013-06-21 23:25:24 +02:00
Andreas Steffen
bf250acb06
Database changes needed to integrate Cygnet backend
2013-06-21 23:25:24 +02:00
Andreas Steffen
01afff71cb
Implemented get|set_action_flag() methods
2013-06-21 23:25:24 +02:00
Andreas Steffen
a45a2c9291
Implemented hierarchical policy groups
2013-06-21 23:25:24 +02:00
Andreas Steffen
b1da8368d0
Introduced workitems to Attestation IMV
2013-06-21 23:25:23 +02:00
Andreas Steffen
c174c116fe
Converted all IMVs to use generic IF-IMV API
2013-06-21 23:25:23 +02:00
Andreas Steffen
ea2663ec03
Remove the constructor from the IMV agent interface
2013-06-21 23:25:23 +02:00
Andreas Steffen
97f0a7ea77
Defined a generic IMV agent interface
2013-06-21 23:25:23 +02:00
Andreas Steffen
7513a09ee5
Moved all functionality into imv_os_agent_t class turning imv_os_t into an IF-IMV skeleton
2013-06-21 23:25:23 +02:00
Andreas Steffen
99c6a5f8a4
Moved batch_ending into separate source file
2013-06-21 23:25:23 +02:00
Andreas Steffen
e1db511bbd
do not process workitems with NULL result
2013-06-21 23:25:23 +02:00
Andreas Steffen
c219d7e31f
fixed enumeration of workitems for a given session
2013-06-21 23:25:23 +02:00