TNC_IMV_Action_Recommendation rec;
imv_workitem_t *workitem;
enumerator_t *enumerator;
- char *result_str;
int pending_file_meas = 0;
+ char *result_str;
+ chunk_t result_buf;
+ bio_writer_t *result;
enumerator = session->create_workitem_enumerator(session);
if (enumerator)
{
continue;
}
+ result = bio_writer_create(128);
+
switch (workitem->get_type(workitem))
{
case IMV_WORKITEM_FILE_REF_MEAS:
case IMV_WORKITEM_FILE_MEAS:
case IMV_WORKITEM_DIR_REF_MEAS:
case IMV_WORKITEM_DIR_MEAS:
- result_str = "Pending file measurements";
+ result_str = "pending file measurements";
pending_file_meas++;
break;
case IMV_WORKITEM_TPM_ATTEST:
- attestation_state->finalize_components(attestation_state);
- result_str = "Pending component evidence";
+ attestation_state->finalize_components(attestation_state,
+ result);
+ result->write_data(result,
+ chunk_from_str("; Pending component evidence"));
+ result->write_uint8(result, '\0');
+ result_buf = result->get_buf(result);
+ result_str = result_buf.ptr;
break;
default:
continue;
state->update_recommendation(state, rec, eval);
imcv_db->finalize_workitem(imcv_db, workitem);
workitem->destroy(workitem);
+ result->destroy(result);
}
enumerator->destroy(enumerator);
uint8_t flags;
pts_meas_algorithms_t comp_hash_algorithm;
chunk_t pcr_comp, tpm_quote_sig, evid_sig;
- chunk_t pcr_composite, quote_info;
+ chunk_t pcr_composite, quote_info, result_buf;
imv_workitem_t *workitem;
+ imv_reason_string_t *reason_string;
enumerator_t *enumerator;
bool use_quote2, use_ver_info;
+ bio_writer_t *result;
attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
flags = attr_cast->get_quote_info(attr_cast, &comp_hash_algorithm,
* Finalize any pending measurement registrations and check
* if all expected component measurements were received
*/
- attestation_state->finalize_components(attestation_state);
+ result = bio_writer_create(128);
+ attestation_state->finalize_components(attestation_state,
+ result);
enumerator = session->create_workitem_enumerator(session);
while (enumerator->enumerate(enumerator, &workitem))
{
TNC_IMV_Action_Recommendation rec;
TNC_IMV_Evaluation_Result eval;
- char *result_str;
uint32_t error;
error = attestation_state->get_measurement_error(
IMV_ATTESTATION_ERROR_COMP_EVID_PEND |
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL))
{
- imv_reason_string_t *reason_string;
- chunk_t result;
-
reason_string = imv_reason_string_create("en", ", ");
attestation_state->add_comp_evid_reasons(
attestation_state, reason_string);
- result = reason_string->get_encoding(reason_string);
- result_str = strndup(result.ptr, result.len);
+ result->write_data(result, chunk_from_str("; "));
+ result->write_data(result,
+ reason_string->get_encoding(reason_string));
reason_string->destroy(reason_string);
eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
}
else
{
- result_str = strdup("attestation successful");
eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
}
session->remove_workitem(session, enumerator);
- rec = workitem->set_result(workitem, result_str, eval);
+
+ result->write_uint8(result, '\0');
+ result_buf = result->get_buf(result);
+ rec = workitem->set_result(workitem, result_buf.ptr,
+ eval);
state->update_recommendation(state, rec, eval);
imcv_db->finalize_workitem(imcv_db, workitem);
workitem->destroy(workitem);
- free(result_str);
attestation_state->set_handshake_state(attestation_state,
IMV_ATTESTATION_STATE_END);
break;
}
+ result->destroy(result);
}
enumerator->destroy(enumerator);
}
}
METHOD(imv_attestation_state_t, finalize_components, void,
- private_imv_attestation_state_t *this)
+ private_imv_attestation_state_t *this, bio_writer_t *result)
{
func_comp_t *entry;
+ bool first = TRUE;
while (this->components->remove_last(this->components,
(void**)&entry) == SUCCESS)
{
+ if (first)
+ {
+ first = FALSE;
+ }
+ else
+ {
+ result->write_data(result, chunk_from_str("; "));
+ }
if (!entry->comp->finalize(entry->comp,
- entry->name->get_qualifier(entry->name)))
+ entry->name->get_qualifier(entry->name),
+ result))
{
set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
}
#include <pts/pts.h>
#include <pts/pts_database.h>
#include <pts/components/pts_component.h>
+
#include <library.h>
+#include <bio/bio_writer.h>
typedef struct imv_attestation_state_t imv_attestation_state_t;
typedef enum imv_attestation_flag_t imv_attestation_flag_t;
/**
* Tell the Functional Components to finalize any measurement registrations
* and to check if all expected measurements were received
+ *
+ * @param result Writer appending component measurement results
*/
- void (*finalize_components)(imv_attestation_state_t *this);
+ void (*finalize_components)(imv_attestation_state_t *this,
+ bio_writer_t *result);
/**
* Indicates the types of measurement errors that occurred
}
METHOD(pts_component_t, finalize, bool,
- pts_ita_comp_ima_t *this, u_int8_t qualifier)
+ pts_ita_comp_ima_t *this, u_int8_t qualifier, bio_writer_t *result)
{
- u_int32_t vid, name;
- enum_name_t *names;
+ char result_buf[BUF_LEN];
bool success = TRUE;
this->name->set_qualifier(this->name, qualifier);
- vid = this->name->get_vendor_id(this->name);
- name = this->name->get_name(this->name);
- names = pts_components->get_comp_func_names(pts_components, vid);
if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
PTS_ITA_QUALIFIER_TYPE_TRUSTED))
/* close registration */
this->is_bios_registering = FALSE;
- DBG1(DBG_PTS, "registered %d %N '%N' BIOS evidence measurements",
- this->seq_no, pen_names, vid, names, name);
+ snprintf(result_buf, BUF_LEN, "registered %d BIOS evidence "
+ "measurements", this->seq_no);
}
else if (this->seq_no < this->bios_count)
{
- DBG1(DBG_PTS, "%d of %d %N '%N' BIOS evidence measurements missing",
- this->bios_count - this->seq_no, this->bios_count,
- pen_names, vid, names, name);
+ snprintf(result_buf, BUF_LEN, "%d of %d BIOS evidence "
+ "measurements missing", this->bios_count - this->seq_no,
+ this->bios_count);
success = FALSE;
}
+ else
+ {
+ snprintf(result_buf, BUF_LEN, "%d BIOS evidence "
+ "measurements are ok", this->bios_count);
+ }
}
else if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
PTS_ITA_QUALIFIER_TYPE_OS))
/* close registration */
this->is_ima_registering = FALSE;
- DBG1(DBG_PTS, "registered %N '%N' boot aggregate evidence "
- "measurement", pen_names, vid, names, name);
+ snprintf(result_buf, BUF_LEN, "registered boot aggregate "
+ "evidence measurement");
}
- if (this->count)
+ else if (this->count)
{
- DBG1(DBG_PTS, "processed %d %N '%N' file evidence measurements: "
- "%d ok, %d unknown, %d differ, %d failed",
- this->count, pen_names, vid, names, name,
- this->count_ok, this->count_unknown,
- this->count_differ, this->count_failed);
+ snprintf(result_buf, BUF_LEN, "processed %d file evidence "
+ "measurements: %d ok, %d unknown, %d differ, %d failed",
+ this->count, this->count_ok, this->count_unknown,
+ this->count_differ, this->count_failed);
success = !this->count_differ && !this->count_failed;
}
}
else
{
- DBG1(DBG_PTS, "unsupported functional component name qualifier");
+ snprintf(result_buf, BUF_LEN, "unsupported functional component name "
+ "qualifier");
success = FALSE;
}
this->name->set_qualifier(this->name, PTS_QUALIFIER_UNKNOWN);
+ DBG1(DBG_PTS, "%s", result_buf);
+ result->write_data(result, chunk_from_str(result_buf));
+
return success;
}
pts_ita_comp_ima_t *this)
{
int count;
- u_int32_t vid, name;
- enum_name_t *names;
if (ref_put(&this->ref))
{
- vid = this->name->get_vendor_id(this->name);
- name = this->name->get_name(this->name);
- names = pts_components->get_comp_func_names(pts_components, vid);
if (this->is_bios_registering)
{
count = this->pts_db->delete_comp_measurements(this->pts_db,
this->bios_cid, this->aik_id);
- DBG1(DBG_PTS, "deleted %d registered %N '%N' BIOS evidence "
- "measurements", count, pen_names, vid, names, name);
+ DBG1(DBG_PTS, "deleted %d registered BIOS evidence measurements",
+ count);
}
if (this->is_ima_registering)
{
count = this->pts_db->delete_comp_measurements(this->pts_db,
this->ima_cid, this->aik_id);
- DBG1(DBG_PTS, "deleted registered %N '%N' boot aggregate evidence "
- "measurement", pen_names, vid, names, name);
+ DBG1(DBG_PTS, "deleted registered boot aggregate evidence "
+ "measurement");
}
this->bios_list->destroy_function(this->bios_list,
(void *)free_bios_entry);
this->ima_list->destroy_function(this->ima_list,
(void *)free_ima_entry);
this->name->destroy(this->name);
+
free(this);
}
}
}
METHOD(pts_component_t, finalize, bool,
- pts_ita_comp_tboot_t *this, u_int8_t qualifier)
+ pts_ita_comp_tboot_t *this, u_int8_t qualifier, bio_writer_t *result)
{
- u_int32_t vid, name;
- enum_name_t *names;
-
- vid = this->name->get_vendor_id(this->name);
- name = this->name->get_name(this->name);
- names = pts_components->get_comp_func_names(pts_components, vid);
+ char result_buf[BUF_LEN];
if (this->is_registering)
{
/* close registration */
this->is_registering = FALSE;
- DBG1(DBG_PTS, "registered %d %N '%N' functional component evidence "
- "measurements", this->seq_no, pen_names, vid, names, name);
+ snprintf(result_buf, BUF_LEN, "registered %d evidence measurements",
+ this->seq_no);
}
else if (this->seq_no < this->count)
{
- DBG1(DBG_PTS, "%d of %d %N '%N' functional component evidence "
- "measurements missing", this->count - this->seq_no,
- this->count, pen_names, vid, names, name);
+ snprintf(result_buf, BUF_LEN, "%d of %d evidence measurements "
+ "missing", this->count - this->seq_no, this->count);
return FALSE;
}
+ else
+ {
+ snprintf(result_buf, BUF_LEN, "%d evidence measurements are ok",
+ this->count);
+ }
+ DBG1(DBG_PTS, "%s", result_buf);
+ result->write_data(result, chunk_from_str(result_buf));
return TRUE;
}
*/
pts_database_t *pts_db;
-
/**
* Reference count
*/
}
METHOD(pts_component_t, finalize, bool,
- pts_ita_comp_tgrub_t *this, u_int8_t qualifier)
+ pts_ita_comp_tgrub_t *this, u_int8_t qualifier, bio_writer_t *result)
{
return FALSE;
}
#include "pts/components/pts_comp_evidence.h"
#include <library.h>
+#include <bio/bio_writer.h>
/**
* PTS Functional Component Interface
* and check for missing measurements
*
* @param qualifier PTS Component Functional Name Qualifier
+ * @param result writer appending concise measurement result
* @return TRUE if finalization successful
*/
- bool (*finalize)(pts_component_t *this, u_int8_t qualifier);
+ bool (*finalize)(pts_component_t *this, u_int8_t qualifier,
+ bio_writer_t *result);
/**
* Get a new reference to the PTS Functional Component
projects / thirdparty / strongswan.git / commitdiff
