diff options
| author | Sansar Choinyambuu <schoinya@hsr.ch> | 2011-11-18 09:40:22 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-11-28 21:20:23 +0100 |
| commit | 0975b00d06e0564675e52367a95d3c4ed05ea05d (patch) | |
| tree | 479682bc82862392a50f236ea1cff8cd02ef0aa4 /src/libimcv | |
| parent | 40cfe6db6a04bcb04249c0c4991faab0c5e667ee (diff) | |
| download | strongswan-0975b00d06e0564675e52367a95d3c4ed05ea05d.tar.bz2 strongswan-0975b00d06e0564675e52367a95d3c4ed05ea05d.tar.xz | |
component_hashes new table added
measurements added for tboot component
create_comp_hash_enumerator modified accordingly
Diffstat (limited to 'src/libimcv')
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/data.sql | 118 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/imv_attestation_process.c | 2 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/tables.sql | 12 |
3 files changed, 30 insertions, 102 deletions
diff --git a/src/libimcv/plugins/imv_attestation/data.sql b/src/libimcv/plugins/imv_attestation/data.sql index dada7cbbb..28116a5e4 100644 --- a/src/libimcv/plugins/imv_attestation/data.sql +++ b/src/libimcv/plugins/imv_attestation/data.sql @@ -176,18 +176,6 @@ INSERT INTO files ( 0, '/etc/tnc_config', 1 ); -INSERT INTO files ( - type, path -) VALUES ( - 0, 'tboot_pcr17' -); - -INSERT INTO files ( - type, path -) VALUES ( - 0, 'tboot_pcr18' -); - /* Components */ INSERT INTO components ( @@ -243,18 +231,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 1, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 1, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 2, 2 ); @@ -285,18 +261,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 2, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 2, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 3, 3 ); @@ -315,18 +279,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 3, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 3, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 4, 3 ); @@ -357,18 +309,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 4, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 4, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 5, 3 ); @@ -399,18 +339,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 5, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 5, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 6, 3 ); @@ -441,18 +369,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 6, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 6, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 7, 1 ); @@ -486,28 +402,30 @@ INSERT INTO product_file ( 7, 22 ); -INSERT INTO product_file ( - product, file +/* Product Component */ + +INSERT INTO product_component ( + product, component ) VALUES ( - 7, 23 + 4, 1 ); -INSERT INTO product_file ( - product, file +INSERT INTO product_component ( + product, component ) VALUES ( - 7, 24 + 4, 2 ); INSERT INTO product_component ( - product, component, sequence + product, component ) VALUES ( - 7, 1, 1 + 7, 1 ); INSERT INTO product_component ( - product, component, sequence + product, component ) VALUES ( - 7, 2, 2 + 7, 2 ); /* File Hashes */ @@ -1377,14 +1295,14 @@ INSERT INTO file_hashes ( 20, 7, 7, 8192, X'84200bd318bb022915150842ddf4002e061ef593604ad0d07021dc662cc40bfa749cce084ddf25d0e5137f6380f613d8' ); -INSERT INTO file_hashes ( - file, product, algo, hash +INSERT INTO component_hashes ( + component, product, sequence, algo, hash ) VALUES ( - 23, 4, 32768, X'9704353630674bfe21b86b64a7b0f99c297cf902' + 2, 4, 1, 32768, X'9704353630674bfe21b86b64a7b0f99c297cf902' ); -INSERT INTO file_hashes ( - file, product, algo, hash +INSERT INTO component_hashes ( + component, product, sequence, algo, hash ) VALUES ( - 24, 4, 32768, X'8397d8048ee36d7955e38da16fc33e86ef61d6b0' + 2, 4, 2, 32768, X'8397d8048ee36d7955e38da16fc33e86ef61d6b0' ); diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c index 4b01b5644..538ba423f 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c @@ -216,7 +216,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, } /* check hashes from database against measurements */ - e_hash = pts_db->create_hash_enumerator(pts_db, + e_hash = pts_db->create_file_hash_enumerator(pts_db, platform_info, algo, file_id, is_dir); if (!measurements->verify(measurements, e_hash, is_dir)) { diff --git a/src/libimcv/plugins/imv_attestation/tables.sql b/src/libimcv/plugins/imv_attestation/tables.sql index 2de14f4d6..e7b58a5de 100644 --- a/src/libimcv/plugins/imv_attestation/tables.sql +++ b/src/libimcv/plugins/imv_attestation/tables.sql @@ -39,7 +39,7 @@ CREATE TABLE product_component ( product INTEGER NOT NULL, component INTEGER NOT NULL, sequence INTEGER DEFAULT 0, - PRIMARY KEY (product, component) + PRIMARY KEY (product, component, sequence) ); DROP TABLE IF EXISTS file_hashes; @@ -52,3 +52,13 @@ CREATE TABLE file_hashes ( PRIMARY KEY(file, directory, product, algo) ); +DROP TABLE IF EXISTS component_hashes; +CREATE TABLE component_hashes ( + component INTEGER NOT NULL, + product INTEGER NOT NULL, + sequence INTEGER DEFAULT 0, + algo INTEGER NOT NULL, + hash BLOB NOT NULL, + PRIMARY KEY(component, product, sequence, algo) +); + |