/** * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3 */ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, TNC_Version min_version, TNC_Version max_version, TNC_Version *actual_version) { if (imc_attestation) { DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name); return TNC_RESULT_ALREADY_INITIALIZED; } if (!pts_meas_algo_probe(&supported_algorithms) || !pts_dh_group_probe(&supported_dh_groups)) { return TNC_RESULT_FATAL; } imc_attestation = imc_agent_create(imc_name, msg_types, 1, imc_id, actual_version); if (!imc_attestation) { return TNC_RESULT_FATAL; } libpts_init(); if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) { DBG1(DBG_IMC, "no common IF-IMC version"); return TNC_RESULT_NO_COMMON_VERSION; } return TNC_RESULT_SUCCESS; }
/** * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3 */ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, TNC_Version min_version, TNC_Version max_version, TNC_Version *actual_version) { bool mandatory_dh_groups; if (imc_attestation) { DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name); return TNC_RESULT_ALREADY_INITIALIZED; } imc_attestation = imc_agent_create(imc_name, msg_types, countof(msg_types), imc_id, actual_version); if (!imc_attestation) { return TNC_RESULT_FATAL; } mandatory_dh_groups = lib->settings->get_bool(lib->settings, "%s.plugins.imc-attestation.mandatory_dh_groups", TRUE, lib->ns); if (!pts_meas_algo_probe(&supported_algorithms) || !pts_dh_group_probe(&supported_dh_groups, mandatory_dh_groups)) { imc_attestation->destroy(imc_attestation); imc_attestation = NULL; return TNC_RESULT_FATAL; } libpts_init(); if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) { DBG1(DBG_IMC, "no common IF-IMC version"); return TNC_RESULT_NO_COMMON_VERSION; } return TNC_RESULT_SUCCESS; }
/** * Handle a TCG attribute */ static void handle_tcg_attribute(imc_android_state_t *state, pen_type_t attr_type, pa_tnc_attr_t *attr, imc_msg_t *out_msg) { pts_t *pts; pts = state->get_pts(state); switch (attr_type.type) { case TCG_PTS_REQ_PROTO_CAPS: { tcg_pts_attr_proto_caps_t *attr_cast; pts_proto_caps_flag_t caps; attr_cast = (tcg_pts_attr_proto_caps_t*)attr; caps = attr_cast->get_flags(attr_cast) & pts->get_proto_caps(pts); pts->set_proto_caps(pts, caps); attr = tcg_pts_attr_proto_caps_create(caps, FALSE); out_msg->add_attribute(out_msg, attr); break; } case TCG_PTS_MEAS_ALGO: { tcg_pts_attr_meas_algo_t *attr_cast; pts_meas_algorithms_t supported, algo; if (!pts_meas_algo_probe(&supported)) { attr = pts_hash_alg_error_create(PTS_MEAS_ALGO_NONE); out_msg->add_attribute(out_msg, attr); break; } attr_cast = (tcg_pts_attr_meas_algo_t*)attr; algo = pts_meas_algo_select(supported, attr_cast->get_algorithms(attr_cast)); if (algo == PTS_MEAS_ALGO_NONE) { attr = pts_hash_alg_error_create(supported); out_msg->add_attribute(out_msg, attr); break; } pts->set_meas_algorithm(pts, algo); attr = tcg_pts_attr_meas_algo_create(algo, TRUE); out_msg->add_attribute(out_msg, attr); break; } case TCG_PTS_REQ_FILE_MEAS: { tcg_pts_attr_req_file_meas_t *attr_cast; pts_file_meas_t *measurements; pts_error_code_t pts_error; uint32_t delim; uint16_t req_id; bool is_dir; char *path; attr_cast = (tcg_pts_attr_req_file_meas_t*)attr; path = attr_cast->get_pathname(attr_cast); if (!pts->is_path_valid(pts, path, &pts_error)) { /* silently ignore internal errors */ break; } else if (pts_error) { attr = ietf_attr_pa_tnc_error_create(pen_type_create(PEN_TCG, pts_error), attr->get_value(attr)); out_msg->add_attribute(out_msg, attr); break; } delim = attr_cast->get_delimiter(attr_cast); if (delim != SOLIDUS_UTF && delim != REVERSE_SOLIDUS_UTF) { attr = ietf_attr_pa_tnc_error_create(pen_type_create(PEN_TCG, TCG_PTS_INVALID_DELIMITER), attr->get_value(attr)); out_msg->add_attribute(out_msg, attr); break; } req_id = attr_cast->get_request_id(attr_cast); is_dir = attr_cast->get_directory_flag(attr_cast); DBG1(DBG_IMC, "measurement request %d for %s '%s'", req_id, is_dir ? "directory" : "file", path); measurements = pts_file_meas_create_from_path(req_id, path, is_dir, TRUE, pts->get_meas_algorithm(pts)); if (!measurements) { attr = ietf_attr_pa_tnc_error_create(pen_type_create(PEN_TCG, TCG_PTS_FILE_NOT_FOUND), attr->get_value(attr)); out_msg->add_attribute(out_msg, attr); break; } attr = tcg_pts_attr_file_meas_create(measurements); attr->set_noskip_flag(attr, TRUE); out_msg->add_attribute(out_msg, attr); break; } default: DBG1(DBG_IMC, "received unsupported TCG attribute '%N'", tcg_attr_names, attr_type.type); break; } }
/** * see section 3.8.1 of TCG TNC IF-IMV Specification 1.3 */ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id, TNC_Version min_version, TNC_Version max_version, TNC_Version *actual_version) { char *hash_alg, *dh_group, *uri, *cadir; if (imv_attestation) { DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name); return TNC_RESULT_ALREADY_INITIALIZED; } if (!pts_meas_algo_probe(&supported_algorithms) || !pts_dh_group_probe(&supported_dh_groups)) { return TNC_RESULT_FATAL; } imv_attestation = imv_agent_create(imv_name, msg_types, countof(msg_types), imv_id, actual_version); if (!imv_attestation) { return TNC_RESULT_FATAL; } libpts_init(); if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1) { DBG1(DBG_IMV, "no common IF-IMV version"); return TNC_RESULT_NO_COMMON_VERSION; } hash_alg = lib->settings->get_str(lib->settings, "libimcv.plugins.imv-attestation.hash_algorithm", "sha256"); dh_group = lib->settings->get_str(lib->settings, "libimcv.plugins.imv-attestation.dh_group", "ecp256"); if (!pts_meas_algo_update(hash_alg, &supported_algorithms) || !pts_dh_group_update(dh_group, &supported_dh_groups)) { return TNC_RESULT_FATAL; } /* create a PTS credential manager */ pts_credmgr = credential_manager_create(); /* create PTS credential set */ cadir = lib->settings->get_str(lib->settings, "libimcv.plugins.imv-attestation.cadir", NULL); pts_creds = pts_creds_create(cadir); if (pts_creds) { pts_credmgr->add_set(pts_credmgr, pts_creds->get_set(pts_creds)); } /* attach file measurement database */ uri = lib->settings->get_str(lib->settings, "libimcv.plugins.imv-attestation.database", NULL); pts_db = pts_database_create(uri); return TNC_RESULT_SUCCESS; }