From ad23066895728662a4158a010b6d96fabb5e8f3c Mon Sep 17 00:00:00 2001 From: Seiji Munetoh Date: Thu, 5 Jan 2012 16:18:28 +0900 Subject: [PATCH 1/1] Added v0.2.5 support. but limited due to the IF-M capability change. Both collector and verifier update to v0.2.6 --- ChangeLog | 3 +++ include/openpts_ifm.h | 9 +++++++++ src/ifm.c | 35 +++++++++++++++++++++++++++++++++++ src/ptsc.c | 26 ++++++++++++++++++-------- src/verifier.c | 2 +- 5 files changed, 66 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index be67e40..0f40939 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ openpts (0.2.6) unstable; urgency=low * Renew validation models (models/*uml), default ptsc.conf * Added UEFI BIOS validation models * Refactoring Infineon v1.2 TPM workaround + * IF-M capability msg was changed. + * Collector support both v0.2.5 and v0.2.6. + * Verifier support v0.2.6 collector only. * Bug fixes -- Seiji Munetoh Thu, 5 Jan 2012 14:40:00 +0900 diff --git a/include/openpts_ifm.h b/include/openpts_ifm.h index 8046583..9af6d04 100644 --- a/include/openpts_ifm.h +++ b/include/openpts_ifm.h @@ -81,6 +81,7 @@ typedef struct { // TODO TBD #define OPENPTS_CAPABILITIES 0x00000001 +#define OPENPTS_CAPABILITIES_025 0x000F0001 // v0.2.5 #define DH_NONCE_PARAMETERS_REQUEST 0x00000002 #define DH_NONCE_PARAMETORS_RESPONSE 0x00000003 #define DH_NONCE_FINISH 0x00000004 @@ -207,6 +208,14 @@ typedef struct { PTS_UUID new_manifest_uuid; // 16 } OPENPTS_IF_M_Capability; +typedef struct { + BYTE flag[4]; // 4 + TPM_VERSION tpm_version; // 4 + TSS_VERSION tss_version; // 4 + TSS_VERSION pts_version; // 4 set by configure.in + PTS_UUID platform_uuid; // 16 + PTS_UUID manifest_uuid; // 16 +} OPENPTS_IF_M_Capability_025; /* OPENPTS_ERROR */ // TODO refer rfc5792 PA-TNC diff --git a/src/ifm.c b/src/ifm.c index ce55b9c..cd5bb0a 100644 --- a/src/ifm.c +++ b/src/ifm.c @@ -412,7 +412,42 @@ BYTE* getPtsTlvMessage(OPENPTS_CONTEXT *ctx, int type, int *len) { break; } + /* Collector --> Verifier (v0.2.5) */ + case OPENPTS_CAPABILITIES_025: + { + length = sizeof(OPENPTS_IF_M_Capability_025); + + buf = getTlvBuffer(OPENPTS_CAPABILITIES, length); // v0.2.5 + if (buf == NULL) { + LOG(LOG_ERR, "getTlvBuffer() is null"); + goto error; + } + + ptr = 12; + /* Send versions */ + memcpy(&buf[ptr + 0], &ctx->conf->pts_flag, 4); + memcpy(&buf[ptr + 4], &ctx->conf->tpm_version, 4); + memcpy(&buf[ptr + 8], &ctx->conf->tss_version, 4); + memcpy(&buf[ptr + 12], &ctx->conf->pts_version, 4); + /* Send Platform UUID, ctx->uuid */ + memcpy(&buf[ptr + 16], ctx->conf->uuid->uuid, 16); + /* Send RM UUID */ + if (ctx->conf->rm_uuid == NULL) { + // TODO verifier does not have Rm UUID. just send Verifier's UUID + DEBUG("writePtsTlvToSock() RM uuid is NULL, => send platform UUID\n"); + memcpy(&buf[ptr + 32], ctx->conf->uuid->uuid, 16); + } else if (ctx->conf->rm_uuid->uuid == NULL) { + // TODO verifier? + DEBUG("writePtsTlvToSock() RM uuid is NULL, => send platform UUID, file = %s\n", + ctx->conf->rm_uuid->filename); + + memcpy(&buf[ptr + 32], ctx->conf->uuid->uuid, 16); + } else { + memcpy(&buf[ptr + 32], ctx->conf->rm_uuid->uuid, 16); + } + break; + } /* Collector --> Verifier */ case TPM_PUBKEY: { diff --git a/src/ptsc.c b/src/ptsc.c index d0f697a..65e6491 100644 --- a/src/ptsc.c +++ b/src/ptsc.c @@ -125,11 +125,10 @@ int collector(OPENPTS_CONFIG *conf) { case OPENPTS_CAPABILITIES: DEBUG("IF-M OPENPTS_CAPABILITIES\n"); /* check the UUID */ - if (read_tlv->length != sizeof(OPENPTS_IF_M_Capability)) { // TODO use defined name - LOG(LOG_ERR, "Bad PTS_CAPABILITIES, len = %d != %d\n", - read_tlv->length, sizeof(OPENPTS_IF_M_Capability)); - terminate = 1; - } else { + // v0.2.5 : length is 48 + // v0.2.6 : length is 64 + // + new_manifest_uuid (not used by collector side) + if ((read_tlv->length == 48) || (read_tlv->length == 64)){ // TODO copy OPENPTS_IF_M_Capability *cap; cap = (OPENPTS_IF_M_Capability *) read_tlv->value; @@ -144,11 +143,19 @@ int collector(OPENPTS_CONFIG *conf) { LOG(LOG_INFO, "verifier (UUID=%s)\n", ctx->str_uuid); /* send PTS_CAPABILITIES msg. to verifier (=UUID) */ - rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_CAPABILITIES); + if (read_tlv->length == 48) { + rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_CAPABILITIES_025); + } else { + rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_CAPABILITIES); + } if (rc < 0) { LOG(LOG_ERR, "Send CAPABILITY answer failed - quit"); terminate = 1; } + } else { + LOG(LOG_ERR, "Bad PTS_CAPABILITIES, len = %d != %d\n", + read_tlv->length, sizeof(OPENPTS_IF_M_Capability)); + terminate = 1; } break; @@ -310,14 +317,17 @@ int collector(OPENPTS_CONFIG *conf) { break; default: LOG(LOG_ERR, "PTS IF-M type 0x%08x is not supported\n", read_tlv->type); - LOG(LOG_INFO, "send OPENPTS_ERROR msg to verifier, then terminate the conenction"); + LOG(LOG_INFO, "send OPENPTS_ERROR msg to verifier"); ctx->ifm_errno = PTS_UNRECOGNIZED_COMMAND; if (ctx->ifm_strerror != NULL) { xfree(ctx->ifm_strerror); } ctx->ifm_strerror = smalloc_assert("Unknown message type"); rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_ERROR); // ifm.c - terminate = 1; + // Fedora15,16 v0.2.5 build with --with-aide + // Thus do not terminate the connection by unknown message + // terminate = 1; + // LOG(LOG_INFO, "terminate the connection"); break; } // switch case diff --git a/src/verifier.c b/src/verifier.c index 24744dc..97dc99e 100644 --- a/src/verifier.c +++ b/src/verifier.c @@ -358,7 +358,7 @@ int verifierHandleCapability( DEBUG("RM UUID : %s\n", target_conf->rm_uuid->str); #ifdef CONFIG_AUTO_RM_UPDATE - /* Possible New RM Set from Collector */ + /* Possible New RM Set from Collector. from v0.2.6 */ if (isFlagSet(target_conf->pts_flag[0], OPENPTS_FLAG0_NEWRM_EXIST)) { DEBUG("Discovered pending RM on target -> extracting UUID\n"); conf->target_newrm_exist = 1; -- 2.11.0