Tobias Brunner
64bef354d4
imc: get_default_pwd_status(), as it currently is, works on Windows too
...
This fixes the build on Windows.
2015-08-19 12:10:09 +02:00
Andreas Steffen
b19ef52d51
Added reason string support to HCD IMV
2015-08-18 21:25:39 +02:00
Andreas Steffen
627e4b9659
Fixed patches format delimited by CR/LF
2015-08-18 21:25:39 +02:00
Andreas Steffen
18472ac21c
Use PWG HCD PA-TNC subtypes to transport HCD attributes
2015-08-18 21:25:39 +02:00
Andreas Steffen
6b68719dd3
Add default password determination capability to os_info
2015-08-18 21:25:39 +02:00
Andreas Steffen
9e13c2b2cc
Reintroduced ietf_attr_fwd_enabled()
2015-08-18 21:25:39 +02:00
Andreas Steffen
860df6bf75
Defined PWG HCD PA-TNC subtypes
2015-08-18 21:25:39 +02:00
Andreas Steffen
9c2e0a50a3
Added os_info support to HCD IMC
2015-08-18 21:25:38 +02:00
Andreas Steffen
9e88bb987d
Subscribed Scanner IMC/IMV to IETF_FIREWALL PA subtype
2015-08-18 21:25:38 +02:00
Andreas Steffen
b48ffcb1b3
Implemented HCD IMC and IMV
2015-08-18 21:25:38 +02:00
Andreas Steffen
21b8051c10
Completed implementation of PWG HCD attributes
2015-08-18 21:25:38 +02:00
Andreas Steffen
981653a437
Defined generic non-nul terminated string PA-TNC attribute
2015-08-18 21:25:38 +02:00
Andreas Steffen
6a11c8a3f3
Support of HCD Firewall Setting PA-TNC attribute
2015-08-18 21:25:38 +02:00
Andreas Steffen
abb8a1ecd2
Defined generic boolean PA-TNC attribute
2015-08-18 21:25:38 +02:00
Andreas Steffen
5e1b06ff08
Defined PWG HCD IF-M attributes
2015-08-18 21:25:38 +02:00
Andreas Steffen
10f25a3dd9
Fixed the implemention of the IF-M segmentation protocol
...
The first segment only fit if the segmentation envelope attribute
was preceded by a Max Attribute Size Response attribute. The
improved implementation fills up the first PA-TNC message with
the first segment up to the maximum message size.
2015-08-18 21:24:26 +02:00
Andreas Steffen
bd60bcc3c2
Updated SWID attribute list
2015-06-02 06:51:41 +02:00
Andreas Steffen
dedd0ad07c
Check for NULL installed packages enumerator
2015-05-24 11:15:36 +02:00
Andreas Steffen
5d5a74b077
Fixed os_info path in strongswan.conf
2015-05-24 11:13:51 +02:00
Andreas Steffen
d6b75c9563
List attribute request entries also during build
2015-05-24 09:17:29 +02:00
Andreas Steffen
e6952442f2
Exempt ignored PA-TNC attributes from error handling
2015-05-20 06:13:15 +02:00
Andreas Steffen
79b5a33c11
imv_policy_manager: Added capability to execute an allow or block shell command string
2015-04-26 10:55:24 +02:00
Tobias Brunner
d1e7b31e80
Fix years in some copyright statements
2015-04-16 09:21:00 +02:00
Martin Willi
161a015782
utils: Use chunk_equals_const() for all cryptographic purposes
2015-04-14 12:02:51 +02:00
Martin Willi
a777155ffe
diffie-hellman: Add a bool return value to set_other_public_value()
2015-03-23 17:54:03 +01:00
Martin Willi
42431690e0
diffie-hellman: Add a bool return value to get_my_public_value()
2015-03-23 17:54:03 +01:00
Martin Willi
8a7dbf3c2a
libimcv: Allow pts_t.set_peer_public_value() to fail
2015-03-23 17:54:02 +01:00
Martin Willi
83cda57e2d
libimcv: Allow pts_t.get_my_public_value() to fail
2015-03-23 17:54:02 +01:00
Martin Willi
bace1d6479
diffie-hellman: Use bool instead of status_t as get_shared_secret() return value
...
While such a change is not unproblematic, keeping status_t makes the API
inconsistent once we introduce return values for the public value operations.
2015-03-23 17:54:02 +01:00
Andreas Steffen
08feb4548a
Replace kid by aik_id in ITA TBOOT functional component
2015-03-16 17:15:28 +01:00
Andreas Steffen
b6685211fb
Create TPM TBOOT Measurement group
2015-03-15 12:24:05 +01:00
Andreas Steffen
8fa9312f09
Updated products in imv database
2015-03-08 17:18:34 +01:00
Andreas Steffen
20f90d7160
attest: output trusted flag and device description
2015-03-08 17:17:11 +01:00
Andreas Steffen
00cd79b678
Make access requestor IP address available to TNC server
2015-03-08 17:17:11 +01:00
Tobias Brunner
436cdae840
unit-tests: Base attributes get adopted by seg-env/seg-contract
2015-03-03 17:05:16 +01:00
Tobias Brunner
a2b400b16b
seg-env: Destroy base attribute if segmentation is not possible
2015-03-03 17:05:16 +01:00
Andreas Steffen
8f5521cbac
Fixed a memory leak in the attribute segmentation code
2015-02-27 15:13:26 +01:00
Andreas Steffen
ca316734e8
Updated Ubuntu 14.04 kernel version
2015-02-27 08:45:37 +01:00
Andreas Steffen
ecf605c6e1
trusted_enumerate requires an additional argument
2015-01-21 23:54:53 +01:00
Tobias Brunner
027c19b097
pts: Do not override status with SUCCESS if length is invalid
2014-12-23 15:40:01 +01:00
Andreas Steffen
05b835c587
Remove unneeded get_count() method
2014-10-17 17:59:43 +02:00
Andreas Steffen
1c2416013c
Process TCG/PTS File Measurement attribute incrementally
2014-10-17 16:11:40 +02:00
Andreas Steffen
82d2142f98
Exempt TCG/SEG attributes from unsupported case statement
2014-10-16 13:38:51 +02:00
Andreas Steffen
08385de6e2
Request IF-M segmentation contract for TCG/PTS subtype
2014-10-16 07:49:42 +02:00
Tobias Brunner
da241b6c75
libimcv: Add generic constructor for PA-TNC attributes
2014-10-15 13:55:13 +02:00
Tobias Brunner
6de42cd323
swid-inventory: Remove unused variable end_of_tag
2014-10-14 17:11:41 +02:00
Tobias Brunner
668fbd4907
libimcv: Add fallback if IPSEC_SCRIPT is not defined
...
This is the case on Android.
2014-10-13 18:16:47 +02:00
Tobias Brunner
ba0355c4ae
libimcv: Updated Android.mk to latest Makefile.am
2014-10-13 18:16:40 +02:00
Tobias Brunner
ffa800ce9d
libimcv: Remove reference to libpts
2014-10-13 17:17:45 +02:00
Tobias Brunner
17eed801e7
libimcv: Fix Doxygen comments after merging libpts into libimcv
2014-10-13 17:11:57 +02:00
Avesh Agarwal
c8719a073d
libimcv: Fix harcoded IMCV_DEFAULT_POLICY_SCRIPT name
...
I came across an issue with src/libimcv/imcv.c where
IMCV_DEFAULT_POLICY_SCRIPT is hardcoded.
It fails where ipsec_script is renamed to, for example, strongswan from
default ipsec.
2014-10-13 16:15:33 +02:00
Andreas Steffen
8b812065f0
Support of multiple directed segmentation contracts
2014-10-11 14:50:08 +02:00
Andreas Steffen
ab99939628
unit-tests: Updated Makefile
2014-10-11 14:50:08 +02:00
Andreas Steffen
a05ca71d07
unit-tests: Added test for seg_contract_manager
2014-10-11 14:50:08 +02:00
Andreas Steffen
4af020be37
Updated build-database.sh script to 3.13.0-37 kernel
2014-10-11 11:40:43 +02:00
Andreas Steffen
b95b664644
Incremental parsing fixes
2014-10-05 22:52:59 +02:00
Andreas Steffen
1bea00651d
Added add_segment() method to TCG/PTS attributes
2014-10-05 19:43:27 +02:00
Andreas Steffen
01be87d086
Added add_segment() method to TCG/SEG attributes
2014-10-05 19:14:38 +02:00
Andreas Steffen
a5dfe7a29a
OS IMV proposes IF-M segmentation contract
...
The OS IMV sends a TCG IF-M Segmentation contract request.
All IETF standard attributes support segmentation. Additionally
the IETF Installed Packages standard attributes supports
incremental processing while segments are received.
2014-10-05 18:43:55 +02:00
Andreas Steffen
fc47211740
SWID IMC proposes IF-M segmentation contracts
2014-10-05 18:43:55 +02:00
Andreas Steffen
30774ee5d6
unit-tests: Updated libimcv test suite
2014-10-05 18:43:54 +02:00
Andreas Steffen
9a515a8856
Added add_segment() method to IETF attributes
2014-10-05 18:43:54 +02:00
Andreas Steffen
97ec4cb055
Added add_segment() method to ITA attributes
2014-10-05 18:43:54 +02:00
Andreas Steffen
903a427008
Implemented incremental processing of SWID tag [ID] inventory attribute
2014-10-05 18:43:54 +02:00
Andreas Steffen
eba0cbcee3
Implemented add_segment method for PA-TNC attributes
2014-10-05 12:55:38 +02:00
Andreas Steffen
e77df5a1f6
Added total length parameter in PA-TNC attribute constructor
2014-10-05 12:55:38 +02:00
Andreas Steffen
ebfd8278f9
Assignment of flags starts with bit 0
2014-10-05 12:55:38 +02:00
Andreas Steffen
95e1524a64
Register the reception of the AIK attribute
2014-10-05 12:55:38 +02:00
Andreas Steffen
4f5b435fe9
Unit tests for libimcv
2014-10-05 12:55:38 +02:00
Andreas Steffen
e23cad3564
Compacted chunk creation in ita_attr_command constructor
2014-10-05 12:55:38 +02:00
Andreas Steffen
d6fb2cc6e3
Merged libpts into libimcv
2014-10-05 12:55:37 +02:00
Andreas Steffen
c4d0987609
Added out message queue for imv_msg receive method
2014-10-05 12:55:37 +02:00
Andreas Steffen
e911ac9a5f
Implemented IF-M segmentation
2014-10-05 12:55:37 +02:00
Andreas Steffen
89d12654b3
Added request variable to get_info_string method
2014-10-03 22:25:09 +02:00
Andreas Steffen
f50968976b
Implemented IF-M segmentation contracts
2014-10-03 22:25:09 +02:00
Andreas Steffen
38b5f527e2
Allow to treat specified Attribute-Type-Not-Supported errors as non-fatal
2014-10-03 22:25:09 +02:00
Andreas Steffen
eafe8795ca
Added Debian 7.6 to IMV database
2014-08-06 08:04:42 +02:00
Andreas Steffen
78ec8c6085
unused os_info_t object removed
2014-08-06 07:55:54 +02:00
Andreas Steffen
3b96147353
Determine type of unsupported PA-TNC attribute in error message
2014-07-16 15:57:15 +02:00
Andreas Steffen
644fc4e1ff
Added Android 4.4.4 to IMV database
2014-06-27 08:27:28 +02:00
Andreas Steffen
d82aa931db
Auxiliary swid_tagstats table boosts performance
2014-06-23 13:32:50 +02:00
Andreas Steffen
927dff2366
The policy_started check is not needed any more
2014-06-18 14:01:02 +02:00
Andreas Steffen
8fc0eae37b
Added Android 4.3 and 4.4.3 to imv database
2014-06-10 16:19:00 +02:00
Tobias Brunner
35e08cde3c
android: Add all Android.mk files to the tarball
2014-06-06 10:12:26 +02:00
Martin Willi
fc50731376
imv: Provide database table scheme for MySQL
2014-06-04 15:53:10 +02:00
Martin Willi
ecc6c2e8a4
libimcv: Pass TNC_SESSION_ID as argument instead as a environment variable
...
Doing so works on Windows as well.
2014-06-04 15:53:10 +02:00
Martin Willi
9b7d1a3b33
libimcv: Be a little more verbose about the Windows system reported
2014-06-04 15:53:10 +02:00
Martin Willi
ede10dd974
imv: Return an empty enumerator instead of null, as expected by callers
2014-06-04 15:53:10 +02:00
Martin Willi
5388389bef
imc-os: Add missing TNC_IMC_API definitions, fixes warnings on Windows
2014-06-04 15:53:10 +02:00
Martin Willi
0c512610cc
imv-os: Don't build pacman on Windows
2014-06-04 15:53:09 +02:00
Martin Willi
1cd9bb49d8
libimcv: Use TNC_IMV_API prefix on TNC functions for correct declspec
2014-06-04 15:53:07 +02:00
Martin Willi
6b98c00285
libimcv: Silence integer to pointer cast warnings
2014-06-04 15:53:07 +02:00
Martin Willi
9bac2c9e40
libimcv: Port os_info (partially) to Windows
2014-06-04 15:53:06 +02:00
Martin Willi
09e5f15a13
libimcv: Disable default syslog() logging if not supported
2014-06-04 15:53:06 +02:00
Martin Willi
fb7cb97d6e
libimcv: Link against ws_w32 on Windows
2014-06-04 15:53:06 +02:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Andreas Steffen
32cb700cd0
Added Debian 7.5 product and all Debian armv6l products
2014-05-31 20:37:56 +02:00
Andreas Steffen
7b05b0bc28
Fixed typo in tables.sql
2014-05-31 20:37:56 +02:00
Andreas Steffen
a123f470f0
Additional index to improve performance
2014-05-31 20:37:56 +02:00
Andreas Steffen
ba6c27f063
Added all SWID tables and example regids
2014-05-21 14:00:31 +02:00
Andreas Steffen
887a88d55b
Similar statistics for packages and file measurements
2014-05-01 09:17:33 +02:00
Tobias Brunner
289456d26a
libimcv: Updated Android.mk
2014-04-25 14:26:31 +02:00
Andreas Steffen
f5a1cfe3f8
pacman.sh now fetches Ubuntu 14.04 security updates
2014-04-24 09:08:07 +02:00
Andreas Steffen
1d7324133b
Indicate IMV in assessment log statement
2014-04-15 09:21:06 +02:00
Andreas Steffen
3e7044b45e
Implemented segmented SWID tag attributes on IMV side
2014-04-15 09:21:06 +02:00
Andreas Steffen
8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
Andreas Steffen
8505ce1cc6
Updated imv database templates
2014-04-15 09:21:05 +02:00
Andreas Steffen
40e8c67392
Use cached pid for product-based package access
2014-04-15 09:21:05 +02:00
Andreas Steffen
48f37c448c
Make Attestation IMV independent of OS IMV
2014-04-15 09:21:05 +02:00
Andreas Steffen
4894bfa227
Separated IMV session management from IMV policy database
2014-04-15 09:21:05 +02:00
Andreas Steffen
c54c26dd17
Implemented configurable Device ID in OS IMC
2014-04-15 09:21:05 +02:00
Andreas Steffen
37ef086ea7
Added Ubuntu 14.04 to IMV database
2014-03-31 22:22:58 +02:00
Andreas Steffen
a21d4096e5
Use logical AND function
2014-02-23 16:44:32 +01:00
Tobias Brunner
ab13364c65
uclibc only defines strndup(3) if _GNU_SOURCE is defined
...
References #516 .
2014-02-19 16:11:47 +01:00
Andreas Steffen
f03441c4dd
pacman.sh creates /etc/pts/dists directory if it doesn't exist yet
2014-02-13 13:21:47 +01:00
Tobias Brunner
1ec3476398
libimcv: Move settings to <ns>.imcv and <ns>.plugins with fallback
2014-02-12 14:34:34 +01:00
Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Tobias Brunner
de7f5305d9
libimcv: Install SQL files in /usr/share/strongswan/templates/database
2014-02-12 14:08:34 +01:00
Andreas Steffen
d6804e3041
Added missing semicolon in SQL statements
2014-02-05 10:15:56 +01:00
Andreas Steffen
523c2874fb
Added Android 4.3.1 to products database table
2014-02-04 19:49:34 +01:00
Andreas Steffen
2a43f7fd9e
Added new Android versions to PTS database
2014-02-04 06:59:01 +01:00
Andreas Steffen
eeaa8a2417
Added TPMRA workitem support in PTS database
2014-01-16 01:46:55 +01:00
Andreas Steffen
81d49c5cfd
Allow reason strings to be used as workitem result string
2014-01-13 12:06:17 +01:00
Andreas Steffen
6009b6e0dd
Attestation IMV processes TPMRA workitem
2014-01-13 12:06:17 +01:00
Andreas Steffen
3254f8b00a
Added TPM Remote Attestation (TPMRA) workitem
2014-01-10 11:55:21 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Andreas Steffen
b891c22aa9
Updated and split data.sql
2013-10-23 00:26:02 +02:00
Andreas Steffen
50d7a55c96
Support Ubuntu 13.10 measurements
2013-10-21 21:33:30 +02:00
Tobias Brunner
be8179abd2
Build all IMC/IMVs with -no-undefined
2013-09-12 01:44:50 +02:00
Tobias Brunner
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
Andreas Steffen
5ec08a6a05
Make sure libstrongswan is initialized first in IMCs and IMVs
2013-09-11 20:58:18 +02:00
Andreas Steffen
9b8137fdd3
Added tags table and some tag samples
2013-09-05 11:29:23 +02:00
Andreas Steffen
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
Andreas Steffen
70a80ef5d4
Output handler of a given workitem
2013-08-16 14:14:13 +02:00
Andreas Steffen
b38d9d5a54
Implemented SWID prototype IMC/IMV pair
2013-08-15 23:34:23 +02:00
Tobias Brunner
e5455e9413
imv-os: check_packages() fails if product query fails
2013-07-24 16:17:22 +02:00
Tobias Brunner
346a4a1fc2
imv-scanner: Properly check snprintf() return value
2013-07-24 16:17:22 +02:00
Tobias Brunner
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Tobias Brunner
d27f225d9a
Use strpfx() helper where appropriate
2013-07-08 18:49:30 +02:00
Tobias Brunner
6bce8e1cfb
libimcv: Properly deinitialize libimcv
...
Other users of imcv_pa_tnc_attributes (libpts) check if it is NULL before
removing vendor IDs.
2013-07-08 18:49:28 +02:00
Tobias Brunner
2c693364a8
imv-scanner: Only add a reason string if there is something to report
2013-07-08 18:49:26 +02:00
Tobias Brunner
1973743443
libimcv: Android.mk added
2013-07-08 18:49:25 +02:00
Andreas Steffen
51bc6a6e74
Cosmetics
2013-07-08 17:58:14 +02:00
Andreas Steffen
34f894b6cc
Scanner IMV without workitems provides immediate recommendation, too
2013-07-08 17:53:05 +02:00
Andreas Steffen
ea6ab9fb49
skip enforcement if a recent measurement was successful
2013-07-08 16:08:05 +02:00
Andreas Steffen
69c4e34859
Always return a result string for a processed workitem
2013-07-04 22:55:58 +02:00
Andreas Steffen
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
Andreas Steffen
6c969fee94
Don't backup old package lists
2013-07-01 10:00:43 +02:00
Tobias Brunner
b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00