From: Andreas Steffen Date: Fri, 18 Nov 2011 01:15:15 +0000 (+0100) Subject: store functional components in database X-Git-Tag: 4.6.2~193 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=40cfe6db6a04bcb04249c0c4991faab0c5e667ee;p=thirdparty%2Fstrongswan.git store functional components in database --- diff --git a/src/libimcv/plugins/imv_attestation/data.sql b/src/libimcv/plugins/imv_attestation/data.sql index 356ee08050..dada7cbbb5 100644 --- a/src/libimcv/plugins/imv_attestation/data.sql +++ b/src/libimcv/plugins/imv_attestation/data.sql @@ -46,146 +46,160 @@ INSERT INTO products ( INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, '/lib/i386-linux-gnu/libdl.so.2', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, '/lib/x86_64-linux-gnu/libdl.so.2', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, '/lib/libdl.so.2', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, '/sbin/iptables', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, '/lib/libxtables.so.5', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, '/lib/libxtables.so.2', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 1, '/lib/xtables/', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libxt_udp.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libxt_tcp.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libxt_esp.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libxt_policy.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libxt_conntrack.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libipt_SNAT.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libipt_DNAT.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libipt_MASQUERADE.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libipt_LOG.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, '/sbin/ip6tables', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libip6t_LOG.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libxt_mark.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 0, 'libxt_MARK.so', 1 ); INSERT INTO files ( type, path, measurement - ) VALUES ( +) VALUES ( 1, '/lib/iptables', 1 ); INSERT INTO files ( type, path, metadata - ) VALUES ( +) VALUES ( 0, '/etc/tnc_config', 1 ); INSERT INTO files ( - type, path, component - ) VALUES ( - 0, 'tboot_pcr17', 1 + type, path +) VALUES ( + 0, 'tboot_pcr17' ); INSERT INTO files ( - type, path, component - ) VALUES ( - 0, 'tboot_pcr18', 1 + type, path +) VALUES ( + 0, 'tboot_pcr18' +); + +/* Components */ + +INSERT INTO components ( + vendor_id, name, qualifier +) VALUES ( + 36906, 1, 33 /* ITA TGRUB */ +); + +INSERT INTO components ( + vendor_id, name, qualifier +) VALUES ( + 36906, 2, 33 /* ITA TBOOT */ ); /* Product-File */ @@ -484,6 +498,18 @@ INSERT INTO product_file ( 7, 24 ); +INSERT INTO product_component ( + product, component, sequence +) VALUES ( + 7, 1, 1 +); + +INSERT INTO product_component ( + product, component, sequence +) VALUES ( + 7, 2, 2 +); + /* File Hashes */ INSERT INTO file_hashes ( diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c index eae62f9010..17edb768a0 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c @@ -16,6 +16,7 @@ #include "imv_attestation_build.h" #include "imv_attestation_state.h" +#include #include #include #include @@ -208,9 +209,11 @@ bool imv_attestation_build(pa_tnc_msg_t *msg, case IMV_ATTESTATION_STATE_COMP_EVID: { enumerator_t *enumerator; - char *platform_info, *pathname; + char flags[8]; + char *platform_info; pts_funct_comp_evid_req_t *requests = NULL; funct_comp_evid_req_entry_t *entry; + int vid, name, qualifier, type; bool first_req = TRUE; attestation_state->set_handshake_state(attestation_state, @@ -229,41 +232,28 @@ bool imv_attestation_build(pa_tnc_msg_t *msg, DBG1(DBG_IMV, "platform is '%s'", platform_info); - enumerator = pts_db->create_comp_evid_enumerator(pts_db, - platform_info); + enumerator = pts_db->create_comp_evid_enumerator(pts_db, platform_info); if (!enumerator) { break; } - while (enumerator->enumerate(enumerator, &pathname)) + while (enumerator->enumerate(enumerator, &vid, &name, &qualifier)) { entry = malloc_thing(funct_comp_evid_req_entry_t); - entry->flags = PTS_REQ_FUNC_COMP_FLAG_PCR; entry->sub_comp_depth = 0; - entry->vendor_id = PEN_ITA; - entry->family = PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM; - entry->qualifier.kernel = FALSE; - entry->qualifier.sub_component = FALSE; - entry->qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED; - - if (strcmp(pathname, TBOOT_POLICY_STR) == 0) - { - entry->name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY; - } - else if (strcmp(pathname, TBOOT_MLE_STR) == 0) - { - entry->name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE; - } - else - { - DBG1(DBG_IMV, "Unknown functional component name: \"%s\"", - pathname); - enumerator->destroy(enumerator); - return FALSE; - } + entry->name = pts_comp_func_name_create(vid, name, qualifier); + + type = pts_components->get_qualifier(pts_components, + entry->name, &flags); + + DBG2(DBG_TNC, "%N functional component '%N' with qualifier %s '%N'", + pen_names, vid, + pts_components->get_comp_func_names(pts_components, vid), + name, flags, + pts_components->get_qualifier_type_names(pts_components, vid), + type); - if (first_req) { /* Create a requests object */ diff --git a/src/libimcv/plugins/imv_attestation/tables.sql b/src/libimcv/plugins/imv_attestation/tables.sql index e96c55748d..2de14f4d60 100644 --- a/src/libimcv/plugins/imv_attestation/tables.sql +++ b/src/libimcv/plugins/imv_attestation/tables.sql @@ -6,8 +6,15 @@ CREATE TABLE files ( type INTEGER NOT NULL, path TEXT NOT NULL, measurement INTEGER DEFAULT 0, - metadata INTEGER DEFAULT 0, - component INTEGER DEFAULT 0 + metadata INTEGER DEFAULT 0 +); + +DROP TABLE IF EXISTS components; +CREATE TABLE components ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + vendor_id INTEGER NOT NULL, + name INTEGER NOT NULL, + qualifier INTEGER DEFAULT 0 ); DROP TABLE IF EXISTS products; @@ -27,6 +34,14 @@ CREATE TABLE product_file ( PRIMARY KEY (product, file) ); +DROP TABLE IF EXISTS product_component; +CREATE TABLE product_component ( + product INTEGER NOT NULL, + component INTEGER NOT NULL, + sequence INTEGER DEFAULT 0, + PRIMARY KEY (product, component) +); + DROP TABLE IF EXISTS file_hashes; CREATE TABLE file_hashes ( file INTEGER NOT NULL, diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c index 6b5393b8f9..0db5c2089f 100644 --- a/src/libpts/pts/pts_database.c +++ b/src/libpts/pts/pts_database.c @@ -74,13 +74,13 @@ METHOD(pts_database_t, create_comp_evid_enumerator, enumerator_t*, { enumerator_t *e; - /* look for all entries belonging to a product in the files table */ + /* look for all entries belonging to a product in the components table */ e = this->db->query(this->db, - "SELECT f.path FROM files AS f " - "JOIN product_file AS pf ON f.id = pf.file " - "JOIN products AS p ON p.id = pf.product " - "WHERE p.name = ? AND f.component = 1", - DB_TEXT, product, DB_TEXT); + "SELECT c.vendor_id, c.name, c.qualifier FROM components AS c " + "JOIN product_component AS pc ON c.id = pc.component " + "JOIN products AS p ON p.id = pc.product " + "WHERE p.name = ? ORDER BY pf.order", + DB_TEXT, product, DB_INT, DB_INT, DB_INT); return e; }