/**
* see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
*/
TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
TNC_Version min_version,
TNC_Version max_version,
TNC_Version *actual_version)
{
if (imc_attestation)
{
DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
return TNC_RESULT_ALREADY_INITIALIZED;
}
if (!pts_meas_algo_probe(&supported_algorithms) ||
!pts_dh_group_probe(&supported_dh_groups))
{
return TNC_RESULT_FATAL;
}
imc_attestation = imc_agent_create(imc_name, msg_types, 1, imc_id,
actual_version);
if (!imc_attestation)
{
return TNC_RESULT_FATAL;
}
libpts_init();
if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
{
DBG1(DBG_IMC, "no common IF-IMC version");
return TNC_RESULT_NO_COMMON_VERSION;
}
return TNC_RESULT_SUCCESS;
}
/**
* see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
*/
TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
TNC_Version min_version,
TNC_Version max_version,
TNC_Version *actual_version)
{
bool mandatory_dh_groups;
if (imc_attestation)
{
DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
return TNC_RESULT_ALREADY_INITIALIZED;
}
imc_attestation = imc_agent_create(imc_name, msg_types, countof(msg_types),
imc_id, actual_version);
if (!imc_attestation)
{
return TNC_RESULT_FATAL;
}
mandatory_dh_groups = lib->settings->get_bool(lib->settings,
"%s.plugins.imc-attestation.mandatory_dh_groups", TRUE, lib->ns);
if (!pts_meas_algo_probe(&supported_algorithms) ||
!pts_dh_group_probe(&supported_dh_groups, mandatory_dh_groups))
{
imc_attestation->destroy(imc_attestation);
imc_attestation = NULL;
return TNC_RESULT_FATAL;
}
libpts_init();
if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
{
DBG1(DBG_IMC, "no common IF-IMC version");
return TNC_RESULT_NO_COMMON_VERSION;
}
return TNC_RESULT_SUCCESS;
}
/**
* Handle a TCG attribute
*/
static void handle_tcg_attribute(imc_android_state_t *state,
pen_type_t attr_type, pa_tnc_attr_t *attr,
imc_msg_t *out_msg)
{
pts_t *pts;
pts = state->get_pts(state);
switch (attr_type.type)
{
case TCG_PTS_REQ_PROTO_CAPS:
{
tcg_pts_attr_proto_caps_t *attr_cast;
pts_proto_caps_flag_t caps;
attr_cast = (tcg_pts_attr_proto_caps_t*)attr;
caps = attr_cast->get_flags(attr_cast) & pts->get_proto_caps(pts);
pts->set_proto_caps(pts, caps);
attr = tcg_pts_attr_proto_caps_create(caps, FALSE);
out_msg->add_attribute(out_msg, attr);
break;
}
case TCG_PTS_MEAS_ALGO:
{
tcg_pts_attr_meas_algo_t *attr_cast;
pts_meas_algorithms_t supported, algo;
if (!pts_meas_algo_probe(&supported))
{
attr = pts_hash_alg_error_create(PTS_MEAS_ALGO_NONE);
out_msg->add_attribute(out_msg, attr);
break;
}
attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
algo = pts_meas_algo_select(supported,
attr_cast->get_algorithms(attr_cast));
if (algo == PTS_MEAS_ALGO_NONE)
{
attr = pts_hash_alg_error_create(supported);
out_msg->add_attribute(out_msg, attr);
break;
}
pts->set_meas_algorithm(pts, algo);
attr = tcg_pts_attr_meas_algo_create(algo, TRUE);
out_msg->add_attribute(out_msg, attr);
break;
}
case TCG_PTS_REQ_FILE_MEAS:
{
tcg_pts_attr_req_file_meas_t *attr_cast;
pts_file_meas_t *measurements;
pts_error_code_t pts_error;
uint32_t delim;
uint16_t req_id;
bool is_dir;
char *path;
attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
path = attr_cast->get_pathname(attr_cast);
if (!pts->is_path_valid(pts, path, &pts_error))
{ /* silently ignore internal errors */
break;
}
else if (pts_error)
{
attr = ietf_attr_pa_tnc_error_create(pen_type_create(PEN_TCG,
pts_error), attr->get_value(attr));
out_msg->add_attribute(out_msg, attr);
break;
}
delim = attr_cast->get_delimiter(attr_cast);
if (delim != SOLIDUS_UTF && delim != REVERSE_SOLIDUS_UTF)
{
attr = ietf_attr_pa_tnc_error_create(pen_type_create(PEN_TCG,
TCG_PTS_INVALID_DELIMITER), attr->get_value(attr));
out_msg->add_attribute(out_msg, attr);
break;
}
req_id = attr_cast->get_request_id(attr_cast);
is_dir = attr_cast->get_directory_flag(attr_cast);
DBG1(DBG_IMC, "measurement request %d for %s '%s'", req_id,
is_dir ? "directory" : "file", path);
measurements = pts_file_meas_create_from_path(req_id, path, is_dir,
TRUE, pts->get_meas_algorithm(pts));
if (!measurements)
{
attr = ietf_attr_pa_tnc_error_create(pen_type_create(PEN_TCG,
TCG_PTS_FILE_NOT_FOUND), attr->get_value(attr));
out_msg->add_attribute(out_msg, attr);
break;
}
attr = tcg_pts_attr_file_meas_create(measurements);
attr->set_noskip_flag(attr, TRUE);
out_msg->add_attribute(out_msg, attr);
break;
}
default:
DBG1(DBG_IMC, "received unsupported TCG attribute '%N'",
tcg_attr_names, attr_type.type);
break;
}
}
/**
* see section 3.8.1 of TCG TNC IF-IMV Specification 1.3
*/
TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
TNC_Version min_version,
TNC_Version max_version,
TNC_Version *actual_version)
{
char *hash_alg, *dh_group, *uri, *cadir;
if (imv_attestation)
{
DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
return TNC_RESULT_ALREADY_INITIALIZED;
}
if (!pts_meas_algo_probe(&supported_algorithms) ||
!pts_dh_group_probe(&supported_dh_groups))
{
return TNC_RESULT_FATAL;
}
imv_attestation = imv_agent_create(imv_name, msg_types, countof(msg_types),
imv_id, actual_version);
if (!imv_attestation)
{
return TNC_RESULT_FATAL;
}
libpts_init();
if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1)
{
DBG1(DBG_IMV, "no common IF-IMV version");
return TNC_RESULT_NO_COMMON_VERSION;
}
hash_alg = lib->settings->get_str(lib->settings,
"libimcv.plugins.imv-attestation.hash_algorithm", "sha256");
dh_group = lib->settings->get_str(lib->settings,
"libimcv.plugins.imv-attestation.dh_group", "ecp256");
if (!pts_meas_algo_update(hash_alg, &supported_algorithms) ||
!pts_dh_group_update(dh_group, &supported_dh_groups))
{
return TNC_RESULT_FATAL;
}
/* create a PTS credential manager */
pts_credmgr = credential_manager_create();
/* create PTS credential set */
cadir = lib->settings->get_str(lib->settings,
"libimcv.plugins.imv-attestation.cadir", NULL);
pts_creds = pts_creds_create(cadir);
if (pts_creds)
{
pts_credmgr->add_set(pts_credmgr, pts_creds->get_set(pts_creds));
}
/* attach file measurement database */
uri = lib->settings->get_str(lib->settings,
"libimcv.plugins.imv-attestation.database", NULL);
pts_db = pts_database_create(uri);
return TNC_RESULT_SUCCESS;
}
