• R/O
  • HTTP
  • SSH
  • HTTPS

openpts: 提交

Repo for OpenPTS version 0.2.X


Commit MetaInfo

修订版ad23066895728662a4158a010b6d96fabb5e8f3c (tree)
时间2012-01-05 16:18:28
作者Seiji Munetoh <munetoh@jp.i...>
CommiterSeiji Munetoh

Log Message

Added v0.2.5 support. but limited due to the IF-M capability change. Both collector and verifier update to v0.2.6

更改概述

差异

--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,9 @@ openpts (0.2.6) unstable; urgency=low
1111 * Renew validation models (models/*uml), default ptsc.conf
1212 * Added UEFI BIOS validation models
1313 * Refactoring Infineon v1.2 TPM workaround
14+ * IF-M capability msg was changed.
15+ * Collector support both v0.2.5 and v0.2.6.
16+ * Verifier support v0.2.6 collector only.
1417 * Bug fixes
1518
1619 -- Seiji Munetoh <munetoh@users.sourceforge.jp> Thu, 5 Jan 2012 14:40:00 +0900
--- a/include/openpts_ifm.h
+++ b/include/openpts_ifm.h
@@ -81,6 +81,7 @@ typedef struct {
8181 // TODO TBD
8282
8383 #define OPENPTS_CAPABILITIES 0x00000001
84+#define OPENPTS_CAPABILITIES_025 0x000F0001 // v0.2.5
8485 #define DH_NONCE_PARAMETERS_REQUEST 0x00000002
8586 #define DH_NONCE_PARAMETORS_RESPONSE 0x00000003
8687 #define DH_NONCE_FINISH 0x00000004
@@ -207,6 +208,14 @@ typedef struct {
207208 PTS_UUID new_manifest_uuid; // 16
208209 } OPENPTS_IF_M_Capability;
209210
211+typedef struct {
212+ BYTE flag[4]; // 4
213+ TPM_VERSION tpm_version; // 4
214+ TSS_VERSION tss_version; // 4
215+ TSS_VERSION pts_version; // 4 set by configure.in
216+ PTS_UUID platform_uuid; // 16
217+ PTS_UUID manifest_uuid; // 16
218+} OPENPTS_IF_M_Capability_025;
210219
211220 /* OPENPTS_ERROR */
212221 // TODO refer rfc5792 PA-TNC
--- a/src/ifm.c
+++ b/src/ifm.c
@@ -412,7 +412,42 @@ BYTE* getPtsTlvMessage(OPENPTS_CONTEXT *ctx, int type, int *len) {
412412
413413 break;
414414 }
415+ /* Collector --> Verifier (v0.2.5) */
416+ case OPENPTS_CAPABILITIES_025:
417+ {
418+ length = sizeof(OPENPTS_IF_M_Capability_025);
419+
420+ buf = getTlvBuffer(OPENPTS_CAPABILITIES, length); // v0.2.5
421+ if (buf == NULL) {
422+ LOG(LOG_ERR, "getTlvBuffer() is null");
423+ goto error;
424+ }
425+
426+ ptr = 12;
427+ /* Send versions */
428+ memcpy(&buf[ptr + 0], &ctx->conf->pts_flag, 4);
429+ memcpy(&buf[ptr + 4], &ctx->conf->tpm_version, 4);
430+ memcpy(&buf[ptr + 8], &ctx->conf->tss_version, 4);
431+ memcpy(&buf[ptr + 12], &ctx->conf->pts_version, 4);
432+ /* Send Platform UUID, ctx->uuid */
433+ memcpy(&buf[ptr + 16], ctx->conf->uuid->uuid, 16);
415434
435+ /* Send RM UUID */
436+ if (ctx->conf->rm_uuid == NULL) {
437+ // TODO verifier does not have Rm UUID. just send Verifier's UUID
438+ DEBUG("writePtsTlvToSock() RM uuid is NULL, => send platform UUID\n");
439+ memcpy(&buf[ptr + 32], ctx->conf->uuid->uuid, 16);
440+ } else if (ctx->conf->rm_uuid->uuid == NULL) {
441+ // TODO verifier?
442+ DEBUG("writePtsTlvToSock() RM uuid is NULL, => send platform UUID, file = %s\n",
443+ ctx->conf->rm_uuid->filename);
444+
445+ memcpy(&buf[ptr + 32], ctx->conf->uuid->uuid, 16);
446+ } else {
447+ memcpy(&buf[ptr + 32], ctx->conf->rm_uuid->uuid, 16);
448+ }
449+ break;
450+ }
416451 /* Collector --> Verifier */
417452 case TPM_PUBKEY:
418453 {
--- a/src/ptsc.c
+++ b/src/ptsc.c
@@ -125,11 +125,10 @@ int collector(OPENPTS_CONFIG *conf) {
125125 case OPENPTS_CAPABILITIES:
126126 DEBUG("IF-M OPENPTS_CAPABILITIES\n");
127127 /* check the UUID */
128- if (read_tlv->length != sizeof(OPENPTS_IF_M_Capability)) { // TODO use defined name
129- LOG(LOG_ERR, "Bad PTS_CAPABILITIES, len = %d != %d\n",
130- read_tlv->length, sizeof(OPENPTS_IF_M_Capability));
131- terminate = 1;
132- } else {
128+ // v0.2.5 : length is 48
129+ // v0.2.6 : length is 64
130+ // + new_manifest_uuid (not used by collector side)
131+ if ((read_tlv->length == 48) || (read_tlv->length == 64)){
133132 // TODO copy
134133 OPENPTS_IF_M_Capability *cap;
135134 cap = (OPENPTS_IF_M_Capability *) read_tlv->value;
@@ -144,11 +143,19 @@ int collector(OPENPTS_CONFIG *conf) {
144143 LOG(LOG_INFO, "verifier (UUID=%s)\n", ctx->str_uuid);
145144
146145 /* send PTS_CAPABILITIES msg. to verifier (=UUID) */
147- rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_CAPABILITIES);
146+ if (read_tlv->length == 48) {
147+ rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_CAPABILITIES_025);
148+ } else {
149+ rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_CAPABILITIES);
150+ }
148151 if (rc < 0) {
149152 LOG(LOG_ERR, "Send CAPABILITY answer failed - quit");
150153 terminate = 1;
151154 }
155+ } else {
156+ LOG(LOG_ERR, "Bad PTS_CAPABILITIES, len = %d != %d\n",
157+ read_tlv->length, sizeof(OPENPTS_IF_M_Capability));
158+ terminate = 1;
152159 }
153160 break;
154161
@@ -310,14 +317,17 @@ int collector(OPENPTS_CONFIG *conf) {
310317 break;
311318 default:
312319 LOG(LOG_ERR, "PTS IF-M type 0x%08x is not supported\n", read_tlv->type);
313- LOG(LOG_INFO, "send OPENPTS_ERROR msg to verifier, then terminate the conenction");
320+ LOG(LOG_INFO, "send OPENPTS_ERROR msg to verifier");
314321 ctx->ifm_errno = PTS_UNRECOGNIZED_COMMAND;
315322 if (ctx->ifm_strerror != NULL) {
316323 xfree(ctx->ifm_strerror);
317324 }
318325 ctx->ifm_strerror = smalloc_assert("Unknown message type");
319326 rc = writePtsTlv(ctx, STDOUT_FILENO, OPENPTS_ERROR); // ifm.c
320- terminate = 1;
327+ // Fedora15,16 v0.2.5 build with --with-aide
328+ // Thus do not terminate the connection by unknown message
329+ // terminate = 1;
330+ // LOG(LOG_INFO, "terminate the connection");
321331 break;
322332 } // switch case
323333
--- a/src/verifier.c
+++ b/src/verifier.c
@@ -358,7 +358,7 @@ int verifierHandleCapability(
358358 DEBUG("RM UUID : %s\n", target_conf->rm_uuid->str);
359359
360360 #ifdef CONFIG_AUTO_RM_UPDATE
361- /* Possible New RM Set from Collector */
361+ /* Possible New RM Set from Collector. from v0.2.6 */
362362 if (isFlagSet(target_conf->pts_flag[0], OPENPTS_FLAG0_NEWRM_EXIST)) {
363363 DEBUG("Discovered pending RM on target -> extracting UUID\n");
364364 conf->target_newrm_exist = 1;
Show on old repository browser