Using the database entries for generating Functional Component Evidence Requests

author Sansar Choinyambuu <schoinya@hsr.ch>

Mon, 14 Nov 2011 16:10:35 +0000 (17:10 +0100)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Mon, 28 Nov 2011 20:20:23 +0000 (21:20 +0100)
author Sansar Choinyambuu <schoinya@hsr.ch>
Mon, 14 Nov 2011 16:10:35 +0000 (17:10 +0100)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 20:20:23 +0000 (21:20 +0100)
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c

index 8ff68e1e5f2689548eac0d28903e3e90e117ad87..04fc6a43b857121a78e74ad356ea6bce42c7d13c 100644 (file)
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
@@ -410,6 +410,109 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                         attr_list->insert_last(attr_list, attr);
                         break;
                 }
+               case TCG_PTS_REQ_FILE_META:
+               {
+                       tcg_pts_attr_req_file_meta_t *attr_cast;
+                       char *pathname;
+                       bool is_directory;
+                       u_int8_t delimiter;
+                       pts_file_meta_t *metadata;
+
+                       attr_info = attr->get_value(attr);
+                       attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
+                       is_directory = attr_cast->get_directory_flag(attr_cast);
+                       delimiter = attr_cast->get_delimiter(attr_cast);
+                       pathname = attr_cast->get_pathname(attr_cast);
+
+                       valid_path = pts->is_path_valid(pts, pathname, &pts_error);
+                       if (valid_path && pts_error)
+                       {
+                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               pts_error, attr_info);
+                               attr_list->insert_last(attr_list, attr);
+                               break;
+                       }
+                       else if (!valid_path)
+                       {
+                               break;
+                       }
+                       if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
+                       {
+                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               TCG_PTS_INVALID_DELIMITER, attr_info);
+                               attr_list->insert_last(attr_list, attr);
+                               break;
+                       }
+                       /* Get File Metadata and send them to PTS-IMV */
+                       DBG2(DBG_IMC, "metadata request for %s '%s'",
+                                       is_directory ? "directory" : "file",
+                                       pathname);
+                       metadata = pts->get_metadata(pts, pathname, is_directory);
+
+                       if (!metadata)
+                       {
+                               /* TODO handle error codes from measurements */
+                               return FALSE;
+                       }
+                       attr = tcg_pts_attr_unix_file_meta_create(metadata);
+                       attr->set_noskip_flag(attr, TRUE);
+                       attr_list->insert_last(attr_list, attr);
+
+                       break;
+               }
+               case TCG_PTS_REQ_FILE_MEAS:
+               {
+                       tcg_pts_attr_req_file_meas_t *attr_cast;
+                       char *pathname;
+                       u_int16_t request_id;
+                       bool is_directory;
+                       u_int32_t delimiter;
+                       pts_file_meas_t *measurements;
+
+                       attr_info = attr->get_value(attr);
+                       attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
+                       is_directory = attr_cast->get_directory_flag(attr_cast);
+                       request_id = attr_cast->get_request_id(attr_cast);
+                       delimiter = attr_cast->get_delimiter(attr_cast);
+                       pathname = attr_cast->get_pathname(attr_cast);
+                       valid_path = pts->is_path_valid(pts, pathname, &pts_error);
+
+                       if (valid_path && pts_error)
+                       {
+                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               pts_error, attr_info);
+                               attr_list->insert_last(attr_list, attr);
+                               break;
+                       }
+                       else if (!valid_path)
+                       {
+                               break;
+                       }
+
+                       if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
+                       {
+                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               TCG_PTS_INVALID_DELIMITER, attr_info);
+                               attr_list->insert_last(attr_list, attr);
+                               break;
+                       }
+
+                       /* Do PTS File Measurements and send them to PTS-IMV */
+                       DBG2(DBG_IMC, "measurement request %d for %s '%s'",
+                                request_id, is_directory ? "directory" : "file",
+                                pathname);
+                       measurements = pts->do_measurements(pts, request_id,
+                                                                       pathname, is_directory);
+                       if (!measurements)
+                       {
+                               /* TODO handle error codes from measurements */
+                               return FALSE;
+                       }
+                       attr = tcg_pts_attr_file_meas_create(measurements);
+                       attr->set_noskip_flag(attr, TRUE);
+                       attr_list->insert_last(attr_list, attr);
+                       break;
+               }
                 case TCG_PTS_REQ_FUNCT_COMP_EVID:
                 {
                         tcg_pts_attr_req_funct_comp_evid_t *attr_cast;
@@ -514,7 +617,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                                                   "for Simple Component Evidence");
                                         return FALSE;
                                 }
-                               
+
                                 /* Get PCR after value from log when TBOOT is measuring entity */
                                 if (!(name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY ||
                                                 name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE) &&
@@ -524,7 +627,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                                  params.extended_pcr);
                                         return FALSE;
                                 }
-                               
+
                                 /* Buffer Simple Component Evidence attribute */
                                 attr = tcg_pts_attr_simple_comp_evid_create(params);
                                 evidences->insert_last(evidences, attr);
@@ -552,13 +655,13 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                         /* Send buffered Simple Component Evidences */
                         num_of_evidences = evidences->get_count(evidences);
                         pcrs = (u_int32_t*)malloc(sizeof(u_int32_t)*num_of_evidences);
-                       
+
                         e = evidences->create_enumerator(evidences);
                         while (e->enumerate(e, &attr))
                         {
                                 tcg_pts_attr_simple_comp_evid_t *attr_cast;
                                 u_int32_t extended_pcr;
-                                               
+
                                 attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
                                 extended_pcr = attr_cast->get_extended_pcr(attr_cast);
  
@@ -573,7 +676,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                         use_quote2 = (lib->settings->get_int(lib->settings,
                                         "libimcv.plugins.imc-attestation.quote_version", 1) == 1) ?
                                                         FALSE : TRUE;
-                       
+
                         /* Quote */
                         if (!pts->quote_tpm(pts, use_quote2, pcrs, num_of_evidences,
                                 &pcr_composite, &quote_signature))
@@ -583,123 +686,20 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                 DESTROY_IF(evidences);
                                 return FALSE;
                         }
-       
+
                         /* Send Simple Evidence Final attribute */
                         flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2:
                                                                  PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO;
                         composite_algorithm |= PTS_MEAS_ALGO_SHA1;
-                       
+
                         attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags,
                                                                 composite_algorithm, pcr_composite,
                                                                 quote_signature, chunk_empty);
                         attr_list->insert_last(attr_list, attr);
-                                       
+
                         DESTROY_IF(e);
                         DESTROY_IF(evidences);
-                                       
-                       break;
-               }
-               case TCG_PTS_REQ_FILE_META:
-               {
-                       tcg_pts_attr_req_file_meta_t *attr_cast;
-                       char *pathname;
-                       bool is_directory;
-                       u_int8_t delimiter;
-                       pts_file_meta_t *metadata;
-
-                       attr_info = attr->get_value(attr);
-                       attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
-                       is_directory = attr_cast->get_directory_flag(attr_cast);
-                       delimiter = attr_cast->get_delimiter(attr_cast);
-                       pathname = attr_cast->get_pathname(attr_cast);
-
-                       valid_path = pts->is_path_valid(pts, pathname, &pts_error);
-                       if (valid_path && pts_error)
-                       {
-                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                               pts_error, attr_info);
-                               attr_list->insert_last(attr_list, attr);
-                               break;
-                       }
-                       else if (!valid_path)
-                       {
-                               break;
-                       }
-                       if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
-                       {
-                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                               TCG_PTS_INVALID_DELIMITER, attr_info);
-                               attr_list->insert_last(attr_list, attr);
-                               break;
-                       }
-                       /* Get File Metadata and send them to PTS-IMV */
-                       DBG2(DBG_IMC, "metadata request for %s '%s'",
-                                       is_directory ? "directory" : "file",
-                                       pathname);
-                       metadata = pts->get_metadata(pts, pathname, is_directory);
-
-                       if (!metadata)
-                       {
-                               /* TODO handle error codes from measurements */
-                               return FALSE;
-                       }
-                       attr = tcg_pts_attr_unix_file_meta_create(metadata);
-                       attr->set_noskip_flag(attr, TRUE);
-                       attr_list->insert_last(attr_list, attr);
-
-                       break;
-               }
-               case TCG_PTS_REQ_FILE_MEAS:
-               {
-                       tcg_pts_attr_req_file_meas_t *attr_cast;
-                       char *pathname;
-                       u_int16_t request_id;
-                       bool is_directory;
-                       u_int32_t delimiter;
-                       pts_file_meas_t *measurements;
-
-                       attr_info = attr->get_value(attr);
-                       attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
-                       is_directory = attr_cast->get_directory_flag(attr_cast);
-                       request_id = attr_cast->get_request_id(attr_cast);
-                       delimiter = attr_cast->get_delimiter(attr_cast);
-                       pathname = attr_cast->get_pathname(attr_cast);
-                       valid_path = pts->is_path_valid(pts, pathname, &pts_error);
-
-                       if (valid_path && pts_error)
-                       {
-                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                               pts_error, attr_info);
-                               attr_list->insert_last(attr_list, attr);
-                               break;
-                       }
-                       else if (!valid_path)
-                       {
-                               break;
-                       }
-
-                       if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
-                       {
-                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                               TCG_PTS_INVALID_DELIMITER, attr_info);
-                               attr_list->insert_last(attr_list, attr);
-                               break;
-                       }
  
-                       /* Do PTS File Measurements and send them to PTS-IMV */
-                       DBG2(DBG_IMC, "measurement request %d for %s '%s'",
-                                request_id, is_directory ? "directory" : "file",
-                                pathname);
-                       measurements = pts->do_measurements(pts, request_id,
-                                                                       pathname, is_directory);
-                       if (!measurements)
-                       {
-                               /* TODO handle error codes from measurements */
-                               return FALSE;
-                       }
-                       attr = tcg_pts_attr_file_meas_create(measurements);
-                       attr->set_noskip_flag(attr, TRUE);
-                       attr_list->insert_last(attr_list, attr);
                         break;
                 }
                 /* TODO: Not implemented yet */
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c

index 83568fe2b3c3068619a83dc73a1ea12e9cc9040c..3f21afae6d5c41092e4b6c0ae8dcbfe0695c95d2 100644 (file)
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
@@ -211,6 +211,8 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
                         u_int32_t sub_comp_depth;
                         pts_qualifier_t qualifier;
                         pts_ita_funct_comp_name_t name;
+                       enumerator_t *enumerator;
+                       char *platform_info, *pathname;
  
                         attestation_state->set_handshake_state(attestation_state,
                                                                                 IMV_ATTESTATION_STATE_END);
@@ -221,29 +223,59 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
                         qualifier.sub_component = FALSE;
                         qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED;
  
-                       /* Send Request Functional Component Evidence attribute */
-                       name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY;
-                       attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
-                                                                       sub_comp_depth, PEN_ITA, qualifier, name);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-                       attestation_state->add_comp_evid_request( attestation_state,
-                                                                                                         PEN_ITA, qualifier, name);
+                       /* Get Platform and OS of the PTS-IMC */
+                       platform_info = pts->get_platform_info(pts);
+                       if (!pts_db || !platform_info)
+                       {
+                               DBG1(DBG_IMV, "%s%s%s not available",
+                                       (pts_db) ? "" : "pts database",
+                                       (!pts_db && !platform_info) ? "and" : "",
+                                       (platform_info) ? "" : "platform info");
+                               break;
+                       }
+                       DBG1(DBG_IMV, "platform is '%s'", platform_info);
+
                         
-                       /* Send Request Functional Component Evidence attribute */
-                       name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE;
-                       attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
+                       enumerator = pts_db->create_comp_evid_enumerator(pts_db,
+                                                                                                                        platform_info);
+                       if (!enumerator)
+                       {
+                               break;
+                       }
+                       while (enumerator->enumerate(enumerator, &pathname))
+                       {
+                               if (strcmp(pathname, TBOOT_POLICY_STR) == 0)
+                               {
+                                       name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY;
+                               }
+                               else if (strcmp(pathname, TBOOT_MLE_STR) == 0)
+                               {
+                                       name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE;
+                               }
+                               else
+                               {
+                                       DBG1(DBG_IMV, "Unknown functional component name: \"%s\"",
+                                                pathname);
+                                       enumerator->destroy(enumerator);
+                                       return FALSE;
+                               }
+
+                               /* Send Request Functional Component Evidence attribute */
+                               attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
                                                                         sub_comp_depth, PEN_ITA, qualifier, name);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-                       attestation_state->add_comp_evid_request(attestation_state,
-                                                                                                        PEN_ITA, qualifier, name);
+                               attr->set_noskip_flag(attr, TRUE);
+                               msg->add_attribute(msg, attr);
+                               attestation_state->add_comp_evid_request( attestation_state,
+                                                                        PEN_ITA, qualifier, name);
+                       }
+                       enumerator->destroy(enumerator);
+                       
                         
                         /* Send Generate Attestation Evidence attribute */
                         attr = tcg_pts_attr_gen_attest_evid_create();
                         attr->set_noskip_flag(attr, TRUE);
                         msg->add_attribute(msg, attr);
-
+                       
                         break;
                 }
                 default:
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c

index 6c19d6bee25d53c3f18b9681bd12eeb4902a361f..28b1c159b63b75df75fadf919059526812fba2d3 100644 (file)
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@@ -177,10 +177,93 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                         pts->set_aik(pts, aik);
                         break;
                 }
+               case TCG_PTS_FILE_MEAS:
+               {
+                       tcg_pts_attr_file_meas_t *attr_cast;
+                       u_int16_t request_id;
+                       int file_count, file_id;
+                       pts_meas_algorithms_t algo;
+                       pts_file_meas_t *measurements;
+                       char *platform_info;
+                       enumerator_t *e_hash;
+                       bool is_dir;
+
+                       platform_info = pts->get_platform_info(pts);
+                       if (!pts_db || !platform_info)
+                       {
+                               DBG1(DBG_IMV, "%s%s%s not available",
+                                       (pts_db) ? "" : "pts database",
+                                       (!pts_db && !platform_info) ? "and" : "",
+                                       (platform_info) ? "" : "platform info");
+                               break;
+                       }
+
+                       attr_cast = (tcg_pts_attr_file_meas_t*)attr;
+                       measurements = attr_cast->get_measurements(attr_cast);
+                       algo = pts->get_meas_algorithm(pts);
+                       request_id = measurements->get_request_id(measurements);
+                       file_count = measurements->get_file_count(measurements);
+
+                       DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
+                                request_id, file_count, (file_count == 1) ? "":"s");
+
+                       if (!attestation_state->check_off_file_meas_request(attestation_state,
+                               request_id, &file_id, &is_dir))
+                       {
+                               DBG1(DBG_IMV, "  no entry found for file measurement request %d",
+                                        request_id);
+                               break;
+                       }
+
+                       /* check hashes from database against measurements */
+                       e_hash = pts_db->create_hash_enumerator(pts_db,
+                                                       platform_info, algo, file_id, is_dir);
+                       if (!measurements->verify(measurements, e_hash, is_dir))
+                       {
+                               attestation_state->set_measurement_error(attestation_state);
+                       }
+                       e_hash->destroy(e_hash);
+                       break;
+               }
+               case TCG_PTS_UNIX_FILE_META:
+               {
+                       tcg_pts_attr_file_meta_t *attr_cast;
+                       int file_count;
+                       pts_file_meta_t *metadata;
+                       pts_file_metadata_t *entry;
+                       time_t created, modified, accessed;
+                       bool utc = FALSE;
+                       enumerator_t *e;
+
+                       attr_cast = (tcg_pts_attr_file_meta_t*)attr;
+                       metadata = attr_cast->get_metadata(attr_cast);
+                       file_count = metadata->get_file_count(metadata);
+
+                       DBG1(DBG_IMV, "metadata request returned %d file%s:",
+                                file_count, (file_count == 1) ? "":"s");
+
+                       e = metadata->create_enumerator(metadata);
+                       while (e->enumerate(e, &entry))
+                       {
+                               DBG1(DBG_IMV, " '%s' (%"PRIu64" bytes)"
+                                                         " owner %"PRIu64", group %"PRIu64", type %N",
+                                        entry->filename, entry->filesize, entry->owner,
+                                        entry->group, pts_file_type_names, entry->type);
+
+                               created = entry->created;
+                               modified = entry->modified;
+                               accessed = entry->accessed;
+
+                               DBG1(DBG_IMV, "    created %T, modified %T, accessed %T",
+                                        &created, utc, &modified, utc, &accessed, utc);
+                       }
+                       e->destroy(e);
+                       break;
+               }
                 case TCG_PTS_SIMPLE_COMP_EVID:
                 {
                         tcg_pts_attr_simple_comp_evid_t *attr_cast;
-                       bool pcr_info_inclided;
+                       bool pcr_info_inclided, component_meas_error = FALSE;
                         pts_attr_simple_comp_evid_flag_t flags;
                         u_int32_t depth, comp_vendor_id, extended_pcr;
                         u_int8_t family, measurement_type;
@@ -189,8 +272,11 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                         pts_meas_algorithms_t hash_algorithm;
                         pts_pcr_transform_t transformation;
                         chunk_t measurement_time, policy_uri;
-                       chunk_t pcr_before, pcr_after, measurement;
-                                       
+                       chunk_t pcr_before, pcr_after, measurement, comp_hash;
+                       enumerator_t *enumerator;
+                       char *platform_info;
+                       const char *component_name;
+
                         attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
                         attr_info = attr->get_value(attr);
  
@@ -243,12 +329,64 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                 DBG1(DBG_IMV, "  no entry found for component evidence request");
                                 break;
                         }
-                       
+
                         measurement_type = attr_cast->get_measurement_type(attr_cast);
                         hash_algorithm = attr_cast->get_hash_algorithm(attr_cast);
                         transformation = attr_cast->get_pcr_trans(attr_cast);
                         measurement_time = attr_cast->get_measurement_time(attr_cast);
+                       measurement = attr_cast->get_comp_measurement(attr_cast);
+
+                       platform_info = pts->get_platform_info(pts);
+                       if (!pts_db || !platform_info)
+                       {
+                               DBG1(DBG_IMV, "%s%s%s not available",
+                                       (pts_db) ? "" : "pts database",
+                                       (!pts_db && !platform_info) ? "and" : "",
+                                       (platform_info) ? "" : "platform info");
+                               break;
+                       }
  
+                       if (name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY)
+                       {
+                               component_name = TBOOT_POLICY_STR;
+                       }
+                       else if (name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE)
+                       {
+                               component_name = TBOOT_MLE_STR;
+                       }
+                       else
+                       {
+                                       DBG1(DBG_IMV, "Unknown functional component name: \"%d\"",
+                                                name);
+                                       return FALSE;
+                       }
+                       enumerator = pts_db->create_comp_hash_enumerator(pts_db,
+                                       platform_info, PTS_MEAS_ALGO_SHA1, (char *)component_name);
+                       if (!enumerator)
+                       {
+                               break;
+                       }
+                       while (enumerator->enumerate(enumerator, &comp_hash))
+                       {
+                               if (!chunk_equals(comp_hash, measurement))
+                               {
+                                       DBG1(DBG_IMV, "Unmatching Functional Component Measurement:"
+                                                       "%B, expected: %B", &measurement, &comp_hash);
+                                       component_meas_error = TRUE;
+                               }
+                               else
+                               {
+                                       DBG2(DBG_IMV, "Matching Functional Component Measurement:"
+                                                       "%B, expected: %B", &measurement, &comp_hash);
+                               }
+                       }
+                       enumerator->destroy(enumerator);
+
+                       if (component_meas_error)
+                       {
+                               attestation_state->set_measurement_error(attestation_state);
+                       }
+                       
                         /* Call getters of optional fields when corresponding flag is set */
                         if (pcr_info_inclided)
                         {
@@ -257,8 +395,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                 extended_pcr = attr_cast->get_extended_pcr(attr_cast);
                                 pcr_before = attr_cast->get_pcr_before_value(attr_cast);
                                 pcr_after = attr_cast->get_pcr_after_value(attr_cast);
-                               measurement = attr_cast->get_comp_measurement(attr_cast);
-
+                               
                                 DBG3(DBG_IMV,"PCR: %d was extended with %B",
                                          extended_pcr, &measurement);
                                 DBG3(DBG_IMV,"PCR: %d before value: %B",
@@ -291,11 +428,11 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                         bool evid_signature_included = FALSE, use_quote2 = FALSE,
                                                                                                 ver_info_included = FALSE;
                         chunk_t pcr_composite, quote_info;
-                       
+
                         attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
                         evid_signature_included = attr_cast->is_evid_sign_included(attr_cast);
                         flags = attr_cast->get_flags(attr_cast);
-                       
+
                         /** Optional Composite Hash Algorithm field is always present
                          * Field has value of all zeroes if not used.
                          * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
@@ -366,85 +503,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
  
                         break;
                 }
-               case TCG_PTS_FILE_MEAS:
-               {
-                       tcg_pts_attr_file_meas_t *attr_cast;
-                       u_int16_t request_id;
-                       int file_count, file_id;
-                       pts_meas_algorithms_t algo;
-                       pts_file_meas_t *measurements;
-                       char *platform_info;
-                       enumerator_t *e_hash;
-                       bool is_dir;
-
-                       platform_info = pts->get_platform_info(pts);
-                       if (!pts_db || !platform_info)
-                       {
-                               break;
-                       }
-
-                       attr_cast = (tcg_pts_attr_file_meas_t*)attr;
-                       measurements = attr_cast->get_measurements(attr_cast);
-                       algo = pts->get_meas_algorithm(pts);
-                       request_id = measurements->get_request_id(measurements);
-                       file_count = measurements->get_file_count(measurements);
-
-                       DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
-                                request_id, file_count, (file_count == 1) ? "":"s");
-
-                       if (!attestation_state->check_off_file_meas_request(attestation_state,
-                               request_id, &file_id, &is_dir))
-                       {
-                               DBG1(DBG_IMV, "  no entry found for file measurement request %d",
-                                        request_id);
-                               break;
-                       }
-
-                       /* check hashes from database against measurements */
-                       e_hash = pts_db->create_hash_enumerator(pts_db,
-                                                       platform_info, algo, file_id, is_dir);
-                       if (!measurements->verify(measurements, e_hash, is_dir))
-                       {
-                               attestation_state->set_measurement_error(attestation_state);
-                       }
-                       e_hash->destroy(e_hash);
-                       break;
-               }
-               case TCG_PTS_UNIX_FILE_META:
-               {
-                       tcg_pts_attr_file_meta_t *attr_cast;
-                       int file_count;
-                       pts_file_meta_t *metadata;
-                       pts_file_metadata_t *entry;
-                       time_t created, modified, accessed;
-                       bool utc = FALSE;
-                       enumerator_t *e;
-
-                       attr_cast = (tcg_pts_attr_file_meta_t*)attr;
-                       metadata = attr_cast->get_metadata(attr_cast);
-                       file_count = metadata->get_file_count(metadata);
-
-                       DBG1(DBG_IMV, "metadata request returned %d file%s:",
-                                file_count, (file_count == 1) ? "":"s");
-
-                       e = metadata->create_enumerator(metadata);
-                       while (e->enumerate(e, &entry))
-                       {
-                               DBG1(DBG_IMV, " '%s' (%"PRIu64" bytes)"
-                                                         " owner %"PRIu64", group %"PRIu64", type %N",
-                                        entry->filename, entry->filesize, entry->owner,
-                                        entry->group, pts_file_type_names, entry->type);
-
-                               created = entry->created;
-                               modified = entry->modified;
-                               accessed = entry->accessed;
-
-                               DBG1(DBG_IMV, "    created %T, modified %T, accessed %T",
-                                        &created, utc, &modified, utc, &accessed, utc);
-                       }
-                       e->destroy(e);
-                       break;
-               }
  
                 /* TODO: Not implemented yet */
                 case TCG_PTS_INTEG_MEAS_LOG:
diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h

index 6028e2e5aa96a670e116b3e63d13dfa0c1208ca1..af49de7af5c9a5f387c1bea41916f9e284c907ab 100644 (file)
--- a/src/libpts/pts/pts.h
+++ b/src/libpts/pts/pts.h
@@ -60,6 +60,8 @@ typedef struct pcr_entry_t pcr_entry_t;
  #define PCR_TGRUB_CHECKFILE                            13
  #define PCR_TGRUB_LOADED_FILES                 14
  
+#define TBOOT_POLICY_STR                               (const char *)("tboot_pcr17")
+#define TBOOT_MLE_STR                                  (const char *)("tboot_pcr18")
  
  /**
   * Length of the generated nonce used for calculation of shared secret
diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c

index 1e5602b55ff4dfba802d0d3849f064d5e88b881b..6b5393b8f9d75ede4e9a43e3359ed9030617068f 100644 (file)
--- a/src/libpts/pts/pts_database.c
+++ b/src/libpts/pts/pts_database.c
@@ -76,11 +76,11 @@ METHOD(pts_database_t, create_comp_evid_enumerator, enumerator_t*,
  
         /* look for all entries belonging to a product in the files table */
         e = this->db->query(this->db,
-                               "SELECT f.type, f.path FROM files AS f "
+                               "SELECT f.path FROM files AS f "
                                 "JOIN product_file AS pf ON f.id = pf.file "
                                 "JOIN products AS p ON p.id = pf.product "
                                 "WHERE p.name = ? AND f.component = 1",
-                               DB_TEXT, product, DB_INT, DB_TEXT);
+                               DB_TEXT, product, DB_TEXT);
         return e;
  }
author	Sansar Choinyambuu <schoinya@hsr.ch>
	Mon, 14 Nov 2011 16:10:35 +0000 (17:10 +0100)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Mon, 28 Nov 2011 20:20:23 +0000 (21:20 +0100)
src/libimcv/plugins/imc_attestation/imc_attestation_process.c		patch \| blob \| blame \| history
src/libimcv/plugins/imv_attestation/imv_attestation_build.c		patch \| blob \| blame \| history
src/libimcv/plugins/imv_attestation/imv_attestation_process.c		patch \| blob \| blame \| history
src/libpts/pts/pts.h		patch \| blob \| blame \| history
src/libpts/pts/pts_database.c		patch \| blob \| blame \| history