diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-09-08 00:49:19 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-09-08 12:20:57 +0200 |
commit | 582bda55dd2dc2e8a92bed5669207ebcf902403d (patch) | |
tree | 9511cb68a86bfee49d103f0d79086b322b3d1caf /src/libimcv/tcg | |
parent | 925f54d36ece8f26d817d732fabf8ea6b9ad75d9 (diff) | |
download | strongswan-582bda55dd2dc2e8a92bed5669207ebcf902403d.tar.bz2 strongswan-582bda55dd2dc2e8a92bed5669207ebcf902403d.tar.xz |
refactored measurement verification
Diffstat (limited to 'src/libimcv/tcg')
-rw-r--r-- | src/libimcv/tcg/pts/pts_database.c | 72 | ||||
-rw-r--r-- | src/libimcv/tcg/pts/pts_database.h | 32 | ||||
-rw-r--r-- | src/libimcv/tcg/pts/pts_file_meas.c | 48 | ||||
-rw-r--r-- | src/libimcv/tcg/pts/pts_file_meas.h | 15 |
4 files changed, 89 insertions, 78 deletions
diff --git a/src/libimcv/tcg/pts/pts_database.c b/src/libimcv/tcg/pts/pts_database.c index f38e5dd10..594ddd0f7 100644 --- a/src/libimcv/tcg/pts/pts_database.c +++ b/src/libimcv/tcg/pts/pts_database.c @@ -54,68 +54,33 @@ METHOD(pts_database_t, create_file_enumerator, enumerator_t*, return e; } -METHOD(pts_database_t, create_files_in_dir_enumerator, enumerator_t*, - private_pts_database_t *this, int id) +METHOD(pts_database_t, create_hash_enumerator, enumerator_t*, + private_pts_database_t *this, char *product, pts_meas_algorithms_t algo, + int id, bool is_dir) { enumerator_t *e; - /* look for all entries in file_hashes belonging to a same directory*/ - e = this->db->query(this->db, - "SELECT DISTINCT f.path FROM files AS f " - "JOIN file_hashes AS fh ON f.id = fh.file " - "WHERE fh.directory = ?", - DB_INT, id, DB_TEXT); - return e; -} - -METHOD(pts_database_t, check_measurement, bool, - private_pts_database_t *this, chunk_t received_hash, char *product, int id, char *file_name, pts_meas_algorithms_t algorithm, bool is_dir) -{ - enumerator_t *e; - chunk_t db_measurement; - - /* look for all entries belonging to a product, file and directory in file_hashes table */ - - e = (is_dir) ? this->db->query(this->db, - "SELECT fh.hash FROM file_hashes AS fh " - "JOIN files AS f ON fh.file = f.id " - "JOIN products AS p ON fh.product = p.id " - "WHERE f.path = ? AND p.name = ? AND fh.directory = ? AND fh.algo = ?", - DB_TEXT, file_name, DB_TEXT, product, DB_INT, id, DB_INT, algorithm, DB_BLOB) : - - this->db->query(this->db, - "SELECT fh.hash FROM file_hashes AS fh " + if (is_dir) + { + e = this->db->query(this->db, + "SELECT f.path, fh.hash FROM file_hashes AS fh " "JOIN files AS f ON fh.file = f.id " "JOIN products AS p ON fh.product = p.id " - "WHERE p.name = ? AND f.id = ? AND fh.algo = ?", - DB_TEXT, product, DB_INT, id, DB_INT, algorithm, DB_BLOB); - - if (!e) - { - DBG1(DBG_TNC, " database enumerator failed"); - return FALSE; + "WHERE p.name = ? AND fh.directory = ? AND fh.algo = ?", + DB_TEXT, product, DB_INT, id, DB_INT, algo, DB_TEXT, DB_BLOB); } - if (!e->enumerate(e, &db_measurement)) + else { - DBG2(DBG_TNC, " measurement for '%s' not found" - " in database", file_name); - e->destroy(e); - /* Ignore the measurements for which we do not have the hash saved in database */ - return TRUE; - } - if (chunk_equals(db_measurement, received_hash)) - { - DBG2(DBG_TNC, " %#B for '%s' is ok", - &received_hash, file_name); - return TRUE; + e = this->db->query(this->db, + "SELECT f.path, fh.hash FROM file_hashes AS fh " + "JOIN files AS f ON fh.file = f.id " + "JOIN products AS p ON fh.product = p.id " + "WHERE p.name = ? AND fh.file = ? AND fh.algo = ?", + DB_TEXT, product, DB_INT, id, DB_INT, algo, DB_TEXT, DB_BLOB); } - - DBG1(DBG_IMV, " %#B for '%s' does not match %#B", - &received_hash, file_name, &db_measurement); - return FALSE; + return e; } - METHOD(pts_database_t, destroy, void, private_pts_database_t *this) { @@ -133,8 +98,7 @@ pts_database_t *pts_database_create(char *uri) INIT(this, .public = { .create_file_enumerator = _create_file_enumerator, - .create_files_in_dir_enumerator = _create_files_in_dir_enumerator, - .check_measurement = _check_measurement, + .create_hash_enumerator = _create_hash_enumerator, .destroy = _destroy, }, .db = lib->db->create(lib->db, uri), diff --git a/src/libimcv/tcg/pts/pts_database.h b/src/libimcv/tcg/pts/pts_database.h index d69b0c1c4..f2a6854a5 100644 --- a/src/libimcv/tcg/pts/pts_database.h +++ b/src/libimcv/tcg/pts/pts_database.h @@ -35,33 +35,23 @@ struct pts_database_t { /** * Get files to be measured by PTS * - * @product software product (os, vpn client, etc.) - * @return enumerator over all files matching a given release + * @param product software product (os, vpn client, etc.) + * @return enumerator over all matching files */ enumerator_t* (*create_file_enumerator)(pts_database_t *this, char *product); /** - * Get Enumerator over files in a given directory with measurements + * Get stored measurement hash for single file or directory entries * - * @id primary key in files table, directory column in file_hashes table - * @return enumerator over all measurements matching a given release + * @param product software product (os, vpn client, etc.) + * @param algo hash algorithm used for measurement + * @param id primary key of measured file/directory + * @param is_dir TRUE if directory was measured + * @return enumerator over all matching measurement hashes */ - enumerator_t* (*create_files_in_dir_enumerator)(pts_database_t *this, int id); - - /** - * Get Hash measurement of a file in a folder with given id and hashing algorithm type - * - * @received_hash measurement of a file to match with database entry - * @product software product (os, vpn client, etc.) - * @id primary key in files table - * @file_name path in files table, obligatory for the files in directory - * @algorithm measurement algorithm type - * @is_dir TRUE if file is requested as content in a directory - * @return enumerator over all measurements matching a given release - */ - bool (*check_measurement)(pts_database_t *this, chunk_t received_hash, - char *product, int id, char *file_name, pts_meas_algorithms_t algorithm, bool is_dir); - + enumerator_t* (*create_hash_enumerator)(pts_database_t *this, char *product, + pts_meas_algorithms_t algo, + int id, bool is_dir); /** * Destroys a pts_database_t object. diff --git a/src/libimcv/tcg/pts/pts_file_meas.c b/src/libimcv/tcg/pts/pts_file_meas.c index 70bd5034d..82089499f 100644 --- a/src/libimcv/tcg/pts/pts_file_meas.c +++ b/src/libimcv/tcg/pts/pts_file_meas.c @@ -16,6 +16,7 @@ #include "pts_file_meas.h" #include <utils/linked_list.h> +#include <debug.h> typedef struct private_pts_file_meas_t private_pts_file_meas_t; @@ -106,6 +107,52 @@ METHOD(pts_file_meas_t, create_enumerator, enumerator_t*, (void*)entry_filter, NULL, NULL); } +METHOD(pts_file_meas_t, verify, bool, + private_pts_file_meas_t *this, enumerator_t *e_hash, bool is_dir) +{ + char *filename; + chunk_t measurement; + entry_t *entry; + enumerator_t *enumerator; + bool found, success = TRUE; + + while (e_hash->enumerate(e_hash, &filename, &measurement)) + { + found = FALSE; + + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, &entry)) + { + if (!is_dir || streq(filename, entry->filename)) + { + found = TRUE; + break; + } + } + enumerator->destroy(enumerator); + + if (!found) + { + DBG1(DBG_TNC, " no measurement found for '%s'", filename); + success = FALSE; + } + if (chunk_equals(measurement, entry->measurement)) + { + DBG2(DBG_TNC, " %#B for '%s' is ok", &measurement, filename); + } + else + { + DBG1(DBG_TNC, " %#B for '%s' is incorrect", &measurement, filename); + success = FALSE; + } + if (!is_dir) + { + break; + } + } + return success; +} + METHOD(pts_file_meas_t, destroy, void, private_pts_file_meas_t *this) { @@ -126,6 +173,7 @@ pts_file_meas_t *pts_file_meas_create(u_int16_t request_id) .get_file_count = _get_file_count, .add = _add, .create_enumerator = _create_enumerator, + .verify = _verify, .destroy = _destroy, }, .request_id = request_id, diff --git a/src/libimcv/tcg/pts/pts_file_meas.h b/src/libimcv/tcg/pts/pts_file_meas.h index fabd08b58..3ebb5c2a0 100644 --- a/src/libimcv/tcg/pts/pts_file_meas.h +++ b/src/libimcv/tcg/pts/pts_file_meas.h @@ -53,11 +53,20 @@ struct pts_file_meas_t { void (*add)(pts_file_meas_t *this, char *filename, chunk_t measurement); /** - * Create a PTS File Measurement enumerator + * Create a PTS File Measurement enumerator + * + * @return Enumerator returning filename and measurement + */ + enumerator_t* (*create_enumerator)(pts_file_meas_t *this); + + /** + * Verify stored hashes against PTS File Measurements * - * @return Enumerator returning filename and measurement + * @param e_hash Hash enumerator + * @paraem is_dir TRUE for directory contents hashes + * @return TRUE if all hashes match a measurement */ - enumerator_t* (*create_enumerator)(pts_file_meas_t *this); + bool (*verify)(pts_file_meas_t *this, enumerator_t *e_hash, bool is_dir); /** * Destroys a pts_file_meas_t object. |