From: Andreas Steffen Date: Thu, 24 Nov 2011 10:40:38 +0000 (+0100) Subject: slightly refactored ita_comp_tboot X-Git-Tag: 4.6.2~159 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f275b5432b2173f329ab987be2ea65b950205972;p=thirdparty%2Fstrongswan.git slightly refactored ita_comp_tboot --- diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.c b/src/libpts/pts/components/ita/ita_comp_tboot.c index df5d61c900..2f798de117 100644 --- a/src/libpts/pts/components/ita/ita_comp_tboot.c +++ b/src/libpts/pts/components/ita/ita_comp_tboot.c @@ -154,14 +154,15 @@ METHOD(pts_component_t, verify, status_t, chunk_t measurement, pcr_before, pcr_after, hash; enumerator_t *enumerator; char *file, *platform_info; + status_t status = NOT_FOUND; platform_info = pts->get_platform_info(pts); if (!pts_db || !platform_info) { DBG1(DBG_PTS, "%s%s%s not available", - (pts_db) ? "" : "pts database", - (!pts_db && !platform_info) ? "and" : "", - (platform_info) ? "" : "platform info"); + (pts_db) ? "" : "pts database", + (!pts_db && !platform_info) ? "and" : "", + (platform_info) ? "" : "platform info"); return FAILED; } @@ -169,11 +170,11 @@ METHOD(pts_component_t, verify, status_t, { case 0: this->extended_pcr = PCR_TBOOT_POLICY; - file = "tboot_pcr17"; + file = "pcr17"; break; case PCR_TBOOT_POLICY: this->extended_pcr = PCR_TBOOT_MLE; - file = "tboot_pcr18"; + file = "pcr18"; break; default: return FAILED; @@ -183,41 +184,42 @@ METHOD(pts_component_t, verify, status_t, &algo, &transform, &measurement_time); if (extended_pcr != this->extended_pcr) { + DBG1(DBG_PTS, "expected PCR %2d but received measurement for PCR %2d", + this->extended_pcr, extended_pcr); return FAILED; } /* check measurement in database */ - enumerator = pts_db->create_comp_hash_enumerator(pts_db, file, - platform_info, this->name, TRUSTED_HASH_ALGO); - if (!enumerator->enumerate(enumerator, &hash)) - { - DBG1(DBG_PTS, "no measurement found in database for component:%s " - "for platform: %s with hash algorithm %N", - file, platform_info, pts_meas_algorithm_names, TRUSTED_HASH_ALGO); - } - enumerator->destroy(enumerator); - enumerator = pts_db->create_comp_hash_enumerator(pts_db, file, platform_info, this->name, TRUSTED_HASH_ALGO); while (enumerator->enumerate(enumerator, &hash)) { - if (!chunk_equals(hash, measurement)) + if (chunk_equals(hash, measurement)) { - DBG1(DBG_PTS, "PCR %2d: no matching TBOOT component measurement " + DBG2(DBG_PTS, "PCR %2d matching TBOOT component measurement " "found in database", this->extended_pcr); - DBG1(DBG_PTS, " expected: %#B", &hash); - DBG1(DBG_PTS, " received: %#B", &measurement); - return FAILED; + status = SUCCESS; + break; } else { - DBG2(DBG_PTS, "PCR %2d: matching TBOOT component measurement " + DBG1(DBG_PTS, "PCR %2d no matching TBOOT component measurement " "found in database", this->extended_pcr); + DBG1(DBG_PTS, " expected: %#B", &hash); + DBG1(DBG_PTS, " received: %#B", &measurement); + status = FAILED; break; } } enumerator->destroy(enumerator); + if (status == NOT_FOUND) + { + DBG1(DBG_PTS, "PCR %2d no measurement found in database", + this->extended_pcr); + return FAILED; + } + has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after); if (has_pcr_info) {