* Renew validation models (models/*uml), default ptsc.conf
* Added UEFI BIOS validation models
* Refactoring Infineon v1.2 TPM workaround
+ * IF-M capability msg was changed.
+ * Collector support both v0.2.5 and v0.2.6.
+ * Verifier support v0.2.6 collector only.
* Bug fixes
-- Seiji Munetoh <munetoh@users.sourceforge.jp> Thu, 5 Jan 2012 14:40:00 +0900
// TODO TBD
#define OPENPTS_CAPABILITIES 0x00000001
+#define OPENPTS_CAPABILITIES_025 0x000F0001 // v0.2.5
#define DH_NONCE_PARAMETERS_REQUEST 0x00000002
#define DH_NONCE_PARAMETORS_RESPONSE 0x00000003
#define DH_NONCE_FINISH 0x00000004
PTS_UUID new_manifest_uuid; // 16
} OPENPTS_IF_M_Capability;
+typedef struct {
+ BYTE flag[4]; // 4
+ TPM_VERSION tpm_version; // 4
+ TSS_VERSION tss_version; // 4
+ TSS_VERSION pts_version; // 4 set by configure.in
+ PTS_UUID platform_uuid; // 16
+ PTS_UUID manifest_uuid; // 16
+} OPENPTS_IF_M_Capability_025;
/* OPENPTS_ERROR */
// TODO refer rfc5792 PA-TNC
break;
}
+ /* Collector --> Verifier (v0.2.5) */
+ case OPENPTS_CAPABILITIES_025:
+ {
+ length = sizeof(OPENPTS_IF_M_Capability_025);
+
+ buf = getTlvBuffer(OPENPTS_CAPABILITIES, length); // v0.2.5
+ if (buf == NULL) {
+ LOG(LOG_ERR, "getTlvBuffer() is null");
+ goto error;
+ }
+
+ ptr = 12;
+ /* Send versions */
+ memcpy(&buf[ptr + 0], &ctx->conf->pts_flag, 4);
+ memcpy(&buf[ptr + 4], &ctx->conf->tpm_version, 4);
+ memcpy(&buf[ptr + 8], &ctx->conf->tss_version, 4);
+ memcpy(&buf[ptr + 12], &ctx->conf->pts_version, 4);
+ /* Send Platform UUID, ctx->uuid */
+ memcpy(&buf[ptr + 16], ctx->conf->uuid->uuid, 16);
+ /* Send RM UUID */
+ if (ctx->conf->rm_uuid == NULL) {
+ // TODO verifier does not have Rm UUID. just send Verifier's UUID
+ DEBUG("writePtsTlvToSock() RM uuid is NULL, => send platform UUID\n");
+ memcpy(&buf[ptr + 32], ctx->conf->uuid->uuid, 16);
+ } else if (ctx->conf->rm_uuid->uuid == NULL) {
+ // TODO verifier?
+ DEBUG("writePtsTlvToSock() RM uuid is NULL, => send platform UUID, file = %s\n",
+ ctx->conf->rm_uuid->filename);
+
+ memcpy(&buf[ptr + 32], ctx->conf->uuid->uuid, 16);
+ } else {
+ memcpy(&buf[ptr + 32], ctx->conf->rm_uuid->uuid, 16);
+ }
+ break;
+ }
/* Collector --> Verifier */
case TPM_PUBKEY:
{
case OPENPTS_CAPABILITIES:
DEBUG("IF-M OPENPTS_CAPABILITIES\n");
/* check the UUID */
- if (read_tlv->length != sizeof(OPENPTS_IF_M_Capability)) { // TODO use defined name
- LOG(LOG_ERR, "Bad PTS_CAPABILITIES, len = %d != %d\n",
- read_tlv->length, sizeof(OPENPTS_IF_M_Capability));
- terminate = 1;
- } else {
+ // v0.2.5 : length is 48
+ // v0.2.6 : length is 64
+ // + new_manifest_uuid (not used by collector side)
+ if ((read_tlv->length == 48) || (read_tlv->length == 64)){
// TODO copy
OPENPTS_IF_M_Capability *cap;
cap = (OPENPTS_IF_M_Capability *) read_tlv->value;
LOG(LOG_INFO, "verifier (UUID=%s)\n", ctx->str_uuid);
/* send PTS_CAPABILITIES msg. to verifier (=UUID) */
- rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_CAPABILITIES);
+ if (read_tlv->length == 48) {
+ rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_CAPABILITIES_025);
+ } else {
+ rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_CAPABILITIES);
+ }
if (rc < 0) {
LOG(LOG_ERR, "Send CAPABILITY answer failed - quit");
terminate = 1;
}
+ } else {
+ LOG(LOG_ERR, "Bad PTS_CAPABILITIES, len = %d != %d\n",
+ read_tlv->length, sizeof(OPENPTS_IF_M_Capability));
+ terminate = 1;
}
break;
break;
default:
LOG(LOG_ERR, "PTS IF-M type 0x%08x is not supported\n", read_tlv->type);
- LOG(LOG_INFO, "send OPENPTS_ERROR msg to verifier, then terminate the conenction");
+ LOG(LOG_INFO, "send OPENPTS_ERROR msg to verifier");
ctx->ifm_errno = PTS_UNRECOGNIZED_COMMAND;
if (ctx->ifm_strerror != NULL) {
xfree(ctx->ifm_strerror);
}
ctx->ifm_strerror = smalloc_assert("Unknown message type");
rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_ERROR); // ifm.c
- terminate = 1;
+ // Fedora15,16 v0.2.5 build with --with-aide
+ // Thus do not terminate the connection by unknown message
+ // terminate = 1;
+ // LOG(LOG_INFO, "terminate the connection");
break;
} // switch case
DEBUG("RM UUID : %s\n", target_conf->rm_uuid->str);
#ifdef CONFIG_AUTO_RM_UPDATE
- /* Possible New RM Set from Collector */
+ /* Possible New RM Set from Collector. from v0.2.6 */
if (isFlagSet(target_conf->pts_flag[0], OPENPTS_FLAG0_NEWRM_EXIST)) {
DEBUG("Discovered pending RM on target -> extracting UUID\n");
conf->target_newrm_exist = 1;