Using the database entries for generating Functional Component Evidence Requests

Using database entries to match received component measurement hashes
author: Sansar Choinyambuu <schoinya@hsr.ch> 2011-11-14 17:10:35 +0100
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2011-11-28 21:20:23 +0100
commit: 77cf6271ad06f7f1c09d7e7c79325a451f723cec (patch)
tree: ac2287d62d2a61fc709e9744df2bd2539500bbc5 /src
parent: b4a9274ce117fc2e311d66ab7f1e869a13a31cb6 (diff)
download: strongswan-77cf6271ad06f7f1c09d7e7c79325a451f723cec.tar.bz2
strongswan-77cf6271ad06f7f1c09d7e7c79325a451f723cec.tar.xz
5 files changed, 308 insertions, 216 deletions
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
index 8ff68e1e5..04fc6a43b 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
@@ -410,6 +410,109 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			attr_list->insert_last(attr_list, attr);
 			break;
 		}
+		case TCG_PTS_REQ_FILE_META:
+		{
+			tcg_pts_attr_req_file_meta_t *attr_cast;
+			char *pathname;
+			bool is_directory;
+			u_int8_t delimiter;
+			pts_file_meta_t *metadata;
+
+			attr_info = attr->get_value(attr);
+			attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
+			is_directory = attr_cast->get_directory_flag(attr_cast);
+			delimiter = attr_cast->get_delimiter(attr_cast);
+			pathname = attr_cast->get_pathname(attr_cast);
+
+			valid_path = pts->is_path_valid(pts, pathname, &pts_error);
+			if (valid_path && pts_error)
+			{
+				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+										pts_error, attr_info);
+				attr_list->insert_last(attr_list, attr);
+				break;
+			}
+			else if (!valid_path)
+			{
+				break;
+			}
+			if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
+			{
+				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+										TCG_PTS_INVALID_DELIMITER, attr_info);
+				attr_list->insert_last(attr_list, attr);
+				break;
+			}
+			/* Get File Metadata and send them to PTS-IMV */
+			DBG2(DBG_IMC, "metadata request for %s '%s'",
+					is_directory ? "directory" : "file",
+					pathname);
+			metadata = pts->get_metadata(pts, pathname, is_directory);
+
+			if (!metadata)
+			{
+				/* TODO handle error codes from measurements */
+				return FALSE;
+			}
+			attr = tcg_pts_attr_unix_file_meta_create(metadata);
+			attr->set_noskip_flag(attr, TRUE);
+			attr_list->insert_last(attr_list, attr);
+
+			break;
+		}
+		case TCG_PTS_REQ_FILE_MEAS:
+		{
+			tcg_pts_attr_req_file_meas_t *attr_cast;
+			char *pathname;
+			u_int16_t request_id;
+			bool is_directory;
+			u_int32_t delimiter;
+			pts_file_meas_t *measurements;
+
+			attr_info = attr->get_value(attr);
+			attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
+			is_directory = attr_cast->get_directory_flag(attr_cast);
+			request_id = attr_cast->get_request_id(attr_cast);
+			delimiter = attr_cast->get_delimiter(attr_cast);
+			pathname = attr_cast->get_pathname(attr_cast);
+			valid_path = pts->is_path_valid(pts, pathname, &pts_error);
+
+			if (valid_path && pts_error)
+			{
+				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+										pts_error, attr_info);
+				attr_list->insert_last(attr_list, attr);
+				break;
+			}
+			else if (!valid_path)
+			{
+				break;
+			}
+
+			if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
+			{
+				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+										TCG_PTS_INVALID_DELIMITER, attr_info);
+				attr_list->insert_last(attr_list, attr);
+				break;
+			}
+
+			/* Do PTS File Measurements and send them to PTS-IMV */
+			DBG2(DBG_IMC, "measurement request %d for %s '%s'",
+				 request_id, is_directory ? "directory" : "file",
+				 pathname);
+			measurements = pts->do_measurements(pts, request_id,
+									pathname, is_directory);
+			if (!measurements)
+			{
+				/* TODO handle error codes from measurements */
+				return FALSE;
+			}
+			attr = tcg_pts_attr_file_meas_create(measurements);
+			attr->set_noskip_flag(attr, TRUE);
+			attr_list->insert_last(attr_list, attr);
+			break;
+		}
 		case TCG_PTS_REQ_FUNCT_COMP_EVID:
 		{
 			tcg_pts_attr_req_funct_comp_evid_t *attr_cast;
@@ -514,7 +617,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 								  "for Simple Component Evidence");
 					return FALSE;
 				}
-				
+
 				/* Get PCR after value from log when TBOOT is measuring entity */
 				if (!(name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY ||
 						name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE) &&
@@ -524,7 +627,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 						 params.extended_pcr);
 					return FALSE;
 				}
-				
+
 				/* Buffer Simple Component Evidence attribute */
 				attr = tcg_pts_attr_simple_comp_evid_create(params);
 				evidences->insert_last(evidences, attr);
@@ -552,13 +655,13 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			/* Send buffered Simple Component Evidences */
 			num_of_evidences = evidences->get_count(evidences);
 			pcrs = (u_int32_t*)malloc(sizeof(u_int32_t)*num_of_evidences);
-			
+
 			e = evidences->create_enumerator(evidences);
 			while (e->enumerate(e, &attr))
 			{
 				tcg_pts_attr_simple_comp_evid_t *attr_cast;
 				u_int32_t extended_pcr;
-						
+
 				attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
 				extended_pcr = attr_cast->get_extended_pcr(attr_cast);
 
@@ -573,7 +676,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			use_quote2 = (lib->settings->get_int(lib->settings,
 					"libimcv.plugins.imc-attestation.quote_version", 1) == 1) ?
 							FALSE : TRUE;
-			
+
 			/* Quote */
 			if (!pts->quote_tpm(pts, use_quote2, pcrs, num_of_evidences,
 				&pcr_composite, &quote_signature))
@@ -583,123 +686,20 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 				DESTROY_IF(evidences);
 				return FALSE;
 			}
-	
+
 			/* Send Simple Evidence Final attribute */
 			flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2:
 								 PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO;
 			composite_algorithm |= PTS_MEAS_ALGO_SHA1;
-			
+
 			attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags,
 								composite_algorithm, pcr_composite,
 								quote_signature, chunk_empty);
 			attr_list->insert_last(attr_list, attr);
-					
+
 			DESTROY_IF(e);
 			DESTROY_IF(evidences);
-					
-			break;
-		}
-		case TCG_PTS_REQ_FILE_META:
-		{
-			tcg_pts_attr_req_file_meta_t *attr_cast;
-			char *pathname;
-			bool is_directory;
-			u_int8_t delimiter;
-			pts_file_meta_t *metadata;
-
-			attr_info = attr->get_value(attr);
-			attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
-			is_directory = attr_cast->get_directory_flag(attr_cast);
-			delimiter = attr_cast->get_delimiter(attr_cast);
-			pathname = attr_cast->get_pathname(attr_cast);
-
-			valid_path = pts->is_path_valid(pts, pathname, &pts_error);
-			if (valid_path && pts_error)
-			{
-				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										pts_error, attr_info);
-				attr_list->insert_last(attr_list, attr);
-				break;
-			}
-			else if (!valid_path)
-			{
-				break;
-			}
-			if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
-			{
-				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										TCG_PTS_INVALID_DELIMITER, attr_info);
-				attr_list->insert_last(attr_list, attr);
-				break;
-			}
-			/* Get File Metadata and send them to PTS-IMV */
-			DBG2(DBG_IMC, "metadata request for %s '%s'",
-					is_directory ? "directory" : "file",
-					pathname);
-			metadata = pts->get_metadata(pts, pathname, is_directory);
-
-			if (!metadata)
-			{
-				/* TODO handle error codes from measurements */
-				return FALSE;
-			}
-			attr = tcg_pts_attr_unix_file_meta_create(metadata);
-			attr->set_noskip_flag(attr, TRUE);
-			attr_list->insert_last(attr_list, attr);
-
-			break;
-		}
-		case TCG_PTS_REQ_FILE_MEAS:
-		{
-			tcg_pts_attr_req_file_meas_t *attr_cast;
-			char *pathname;
-			u_int16_t request_id;
-			bool is_directory;
-			u_int32_t delimiter;
-			pts_file_meas_t *measurements;
-
-			attr_info = attr->get_value(attr);
-			attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
-			is_directory = attr_cast->get_directory_flag(attr_cast);
-			request_id = attr_cast->get_request_id(attr_cast);
-			delimiter = attr_cast->get_delimiter(attr_cast);
-			pathname = attr_cast->get_pathname(attr_cast);
-			valid_path = pts->is_path_valid(pts, pathname, &pts_error);
-
-			if (valid_path && pts_error)
-			{
-				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										pts_error, attr_info);
-				attr_list->insert_last(attr_list, attr);
-				break;
-			}
-			else if (!valid_path)
-			{
-				break;
-			}
-
-			if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
-			{
-				attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-										TCG_PTS_INVALID_DELIMITER, attr_info);
-				attr_list->insert_last(attr_list, attr);
-				break;
-			}
 
-			/* Do PTS File Measurements and send them to PTS-IMV */
-			DBG2(DBG_IMC, "measurement request %d for %s '%s'",
-				 request_id, is_directory ? "directory" : "file",
-				 pathname);
-			measurements = pts->do_measurements(pts, request_id,
-									pathname, is_directory);
-			if (!measurements)
-			{
-				/* TODO handle error codes from measurements */
-				return FALSE;
-			}
-			attr = tcg_pts_attr_file_meas_create(measurements);
-			attr->set_noskip_flag(attr, TRUE);
-			attr_list->insert_last(attr_list, attr);
 			break;
 		}
 		/* TODO: Not implemented yet */
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
index 83568fe2b..3f21afae6 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
@@ -211,6 +211,8 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
 			u_int32_t sub_comp_depth;
 			pts_qualifier_t qualifier;
 			pts_ita_funct_comp_name_t name;
+			enumerator_t *enumerator;
+			char *platform_info, *pathname;
 
 			attestation_state->set_handshake_state(attestation_state,
 										IMV_ATTESTATION_STATE_END);
@@ -221,29 +223,59 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
 			qualifier.sub_component = FALSE;
 			qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED;
 
-			/* Send Request Functional Component Evidence attribute */
-			name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY;
-			attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
-									sub_comp_depth, PEN_ITA, qualifier, name);
-			attr->set_noskip_flag(attr, TRUE);
-			msg->add_attribute(msg, attr);
-			attestation_state->add_comp_evid_request( attestation_state,
-													  PEN_ITA, qualifier, name);
+			/* Get Platform and OS of the PTS-IMC */
+			platform_info = pts->get_platform_info(pts);
+			if (!pts_db || !platform_info)
+			{
+				DBG1(DBG_IMV, "%s%s%s not available",
+					(pts_db) ? "" : "pts database",
+					(!pts_db && !platform_info) ? "and" : "",
+					(platform_info) ? "" : "platform info");
+				break;
+			}
+			DBG1(DBG_IMV, "platform is '%s'", platform_info);
+
 			
-			/* Send Request Functional Component Evidence attribute */
-			name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE;
-			attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
+			enumerator = pts_db->create_comp_evid_enumerator(pts_db,
+															 platform_info);
+			if (!enumerator)
+			{
+				break;
+			}
+			while (enumerator->enumerate(enumerator, &pathname))
+			{
+				if (strcmp(pathname, TBOOT_POLICY_STR) == 0)
+				{
+					name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY;
+				}
+				else if (strcmp(pathname, TBOOT_MLE_STR) == 0)
+				{
+					name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE;
+				}
+				else
+				{
+					DBG1(DBG_IMV, "Unknown functional component name: \"%s\"",
+						 pathname);
+					enumerator->destroy(enumerator);
+					return FALSE;
+				}
+
+				/* Send Request Functional Component Evidence attribute */
+				attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
 									sub_comp_depth, PEN_ITA, qualifier, name);
-			attr->set_noskip_flag(attr, TRUE);
-			msg->add_attribute(msg, attr);
-			attestation_state->add_comp_evid_request(attestation_state,
-													 PEN_ITA, qualifier, name);
+				attr->set_noskip_flag(attr, TRUE);
+				msg->add_attribute(msg, attr);
+				attestation_state->add_comp_evid_request( attestation_state,
+									 PEN_ITA, qualifier, name);
+			}
+			enumerator->destroy(enumerator);
+			
 			
 			/* Send Generate Attestation Evidence attribute */
 			attr = tcg_pts_attr_gen_attest_evid_create();
 			attr->set_noskip_flag(attr, TRUE);
 			msg->add_attribute(msg, attr);
-
+			
 			break;
 		}
 		default:
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
index 6c19d6bee..28b1c159b 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@@ -177,10 +177,93 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			pts->set_aik(pts, aik);
 			break;
 		}
+		case TCG_PTS_FILE_MEAS:
+		{
+			tcg_pts_attr_file_meas_t *attr_cast;
+			u_int16_t request_id;
+			int file_count, file_id;
+			pts_meas_algorithms_t algo;
+			pts_file_meas_t *measurements;
+			char *platform_info;
+			enumerator_t *e_hash;
+			bool is_dir;
+
+			platform_info = pts->get_platform_info(pts);
+			if (!pts_db || !platform_info)
+			{
+				DBG1(DBG_IMV, "%s%s%s not available",
+					(pts_db) ? "" : "pts database",
+					(!pts_db && !platform_info) ? "and" : "",
+					(platform_info) ? "" : "platform info");
+				break;
+			}
+
+			attr_cast = (tcg_pts_attr_file_meas_t*)attr;
+			measurements = attr_cast->get_measurements(attr_cast);
+			algo = pts->get_meas_algorithm(pts);
+			request_id = measurements->get_request_id(measurements);
+			file_count = measurements->get_file_count(measurements);
+
+			DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
+				 request_id, file_count, (file_count == 1) ? "":"s");
+
+			if (!attestation_state->check_off_file_meas_request(attestation_state,
+				request_id, &file_id, &is_dir))
+			{
+				DBG1(DBG_IMV, "  no entry found for file measurement request %d",
+					 request_id);
+				break;
+			}
+
+			/* check hashes from database against measurements */
+			e_hash = pts_db->create_hash_enumerator(pts_db,
+							platform_info, algo, file_id, is_dir);
+			if (!measurements->verify(measurements, e_hash, is_dir))
+			{
+				attestation_state->set_measurement_error(attestation_state);
+			}
+			e_hash->destroy(e_hash);
+			break;
+		}
+		case TCG_PTS_UNIX_FILE_META:
+		{
+			tcg_pts_attr_file_meta_t *attr_cast;
+			int file_count;
+			pts_file_meta_t *metadata;
+			pts_file_metadata_t *entry;
+			time_t created, modified, accessed;
+			bool utc = FALSE;
+			enumerator_t *e;
+
+			attr_cast = (tcg_pts_attr_file_meta_t*)attr;
+			metadata = attr_cast->get_metadata(attr_cast);
+			file_count = metadata->get_file_count(metadata);
+
+			DBG1(DBG_IMV, "metadata request returned %d file%s:",
+				 file_count, (file_count == 1) ? "":"s");
+
+			e = metadata->create_enumerator(metadata);
+			while (e->enumerate(e, &entry))
+			{
+				DBG1(DBG_IMV, " '%s' (%"PRIu64" bytes)"
+							  " owner %"PRIu64", group %"PRIu64", type %N",
+					 entry->filename, entry->filesize, entry->owner,
+					 entry->group, pts_file_type_names, entry->type);
+
+				created = entry->created;
+				modified = entry->modified;
+				accessed = entry->accessed;
+
+				DBG1(DBG_IMV, "    created %T, modified %T, accessed %T",
+					 &created, utc, &modified, utc, &accessed, utc);
+			}
+			e->destroy(e);
+			break;
+		}
 		case TCG_PTS_SIMPLE_COMP_EVID:
 		{
 			tcg_pts_attr_simple_comp_evid_t *attr_cast;
-			bool pcr_info_inclided;
+			bool pcr_info_inclided, component_meas_error = FALSE;
 			pts_attr_simple_comp_evid_flag_t flags;
 			u_int32_t depth, comp_vendor_id, extended_pcr;
 			u_int8_t family, measurement_type;
@@ -189,8 +272,11 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			pts_meas_algorithms_t hash_algorithm;
 			pts_pcr_transform_t transformation;
 			chunk_t measurement_time, policy_uri;
-			chunk_t pcr_before, pcr_after, measurement;
-					
+			chunk_t pcr_before, pcr_after, measurement, comp_hash;
+			enumerator_t *enumerator;
+			char *platform_info;
+			const char *component_name;
+
 			attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
 			attr_info = attr->get_value(attr);
 
@@ -243,12 +329,64 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 				DBG1(DBG_IMV, "  no entry found for component evidence request");
 				break;
 			}
-			
+
 			measurement_type = attr_cast->get_measurement_type(attr_cast);
 			hash_algorithm = attr_cast->get_hash_algorithm(attr_cast);
 			transformation = attr_cast->get_pcr_trans(attr_cast);
 			measurement_time = attr_cast->get_measurement_time(attr_cast);
+			measurement = attr_cast->get_comp_measurement(attr_cast);
+
+			platform_info = pts->get_platform_info(pts);
+			if (!pts_db || !platform_info)
+			{
+				DBG1(DBG_IMV, "%s%s%s not available",
+					(pts_db) ? "" : "pts database",
+					(!pts_db && !platform_info) ? "and" : "",
+					(platform_info) ? "" : "platform info");
+				break;
+			}
 
+			if (name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY)
+			{
+				component_name = TBOOT_POLICY_STR;
+			}
+			else if (name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE)
+			{
+				component_name = TBOOT_MLE_STR;
+			}
+			else
+			{
+					DBG1(DBG_IMV, "Unknown functional component name: \"%d\"",
+						 name);
+					return FALSE;
+			}
+			enumerator = pts_db->create_comp_hash_enumerator(pts_db,
+					platform_info, PTS_MEAS_ALGO_SHA1, (char *)component_name);
+			if (!enumerator)
+			{
+				break;
+			}
+			while (enumerator->enumerate(enumerator, &comp_hash))
+			{
+				if (!chunk_equals(comp_hash, measurement))
+				{
+					DBG1(DBG_IMV, "Unmatching Functional Component Measurement:"
+							"%B, expected: %B", &measurement, &comp_hash);
+					component_meas_error = TRUE;
+				}
+				else
+				{
+					DBG2(DBG_IMV, "Matching Functional Component Measurement:"
+							"%B, expected: %B", &measurement, &comp_hash);
+				}
+			}
+			enumerator->destroy(enumerator);
+
+			if (component_meas_error)
+			{
+				attestation_state->set_measurement_error(attestation_state);
+			}
+			
 			/* Call getters of optional fields when corresponding flag is set */
 			if (pcr_info_inclided)
 			{
@@ -257,8 +395,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 				extended_pcr = attr_cast->get_extended_pcr(attr_cast);
 				pcr_before = attr_cast->get_pcr_before_value(attr_cast);
 				pcr_after = attr_cast->get_pcr_after_value(attr_cast);
-				measurement = attr_cast->get_comp_measurement(attr_cast);
-
+				
 				DBG3(DBG_IMV,"PCR: %d was extended with %B",
 					 extended_pcr, &measurement);
 				DBG3(DBG_IMV,"PCR: %d before value: %B",
@@ -291,11 +428,11 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			bool evid_signature_included = FALSE, use_quote2 = FALSE,
 												ver_info_included = FALSE;
 			chunk_t pcr_composite, quote_info;
-			
+
 			attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
 			evid_signature_included = attr_cast->is_evid_sign_included(attr_cast);
 			flags = attr_cast->get_flags(attr_cast);
-			
+
 			/** Optional Composite Hash Algorithm field is always present
 			 * Field has value of all zeroes if not used.
 			 * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
@@ -366,85 +503,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 
 			break;
 		}
-		case TCG_PTS_FILE_MEAS:
-		{
-			tcg_pts_attr_file_meas_t *attr_cast;
-			u_int16_t request_id;
-			int file_count, file_id;
-			pts_meas_algorithms_t algo;
-			pts_file_meas_t *measurements;
-			char *platform_info;
-			enumerator_t *e_hash;
-			bool is_dir;
-
-			platform_info = pts->get_platform_info(pts);
-			if (!pts_db || !platform_info)
-			{
-				break;
-			}
-
-			attr_cast = (tcg_pts_attr_file_meas_t*)attr;
-			measurements = attr_cast->get_measurements(attr_cast);
-			algo = pts->get_meas_algorithm(pts);
-			request_id = measurements->get_request_id(measurements);
-			file_count = measurements->get_file_count(measurements);
-
-			DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
-				 request_id, file_count, (file_count == 1) ? "":"s");
-
-			if (!attestation_state->check_off_file_meas_request(attestation_state,
-				request_id, &file_id, &is_dir))
-			{
-				DBG1(DBG_IMV, "  no entry found for file measurement request %d",
-					 request_id);
-				break;
-			}
-
-			/* check hashes from database against measurements */
-			e_hash = pts_db->create_hash_enumerator(pts_db,
-							platform_info, algo, file_id, is_dir);
-			if (!measurements->verify(measurements, e_hash, is_dir))
-			{
-				attestation_state->set_measurement_error(attestation_state);
-			}
-			e_hash->destroy(e_hash);
-			break;
-		}
-		case TCG_PTS_UNIX_FILE_META:
-		{
-			tcg_pts_attr_file_meta_t *attr_cast;
-			int file_count;
-			pts_file_meta_t *metadata;
-			pts_file_metadata_t *entry;
-			time_t created, modified, accessed;
-			bool utc = FALSE;
-			enumerator_t *e;
-
-			attr_cast = (tcg_pts_attr_file_meta_t*)attr;
-			metadata = attr_cast->get_metadata(attr_cast);
-			file_count = metadata->get_file_count(metadata);
-
-			DBG1(DBG_IMV, "metadata request returned %d file%s:",
-				 file_count, (file_count == 1) ? "":"s");
-
-			e = metadata->create_enumerator(metadata);
-			while (e->enumerate(e, &entry))
-			{
-				DBG1(DBG_IMV, " '%s' (%"PRIu64" bytes)"
-							  " owner %"PRIu64", group %"PRIu64", type %N",
-					 entry->filename, entry->filesize, entry->owner,
-					 entry->group, pts_file_type_names, entry->type);
-
-				created = entry->created;
-				modified = entry->modified;
-				accessed = entry->accessed;
-
-				DBG1(DBG_IMV, "    created %T, modified %T, accessed %T",
-					 &created, utc, &modified, utc, &accessed, utc);
-			}
-			e->destroy(e);
-			break;
-		}
 
 		/* TODO: Not implemented yet */
 		case TCG_PTS_INTEG_MEAS_LOG:
diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h
index 6028e2e5a..af49de7af 100644
--- a/src/libpts/pts/pts.h
+++ b/src/libpts/pts/pts.h
@@ -60,6 +60,8 @@ typedef struct pcr_entry_t pcr_entry_t;
 #define PCR_TGRUB_CHECKFILE				13
 #define PCR_TGRUB_LOADED_FILES			14
 
+#define TBOOT_POLICY_STR				(const char *)("tboot_pcr17")
+#define TBOOT_MLE_STR					(const char *)("tboot_pcr18")
 
 /**
  * Length of the generated nonce used for calculation of shared secret
diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c
index 1e5602b55..6b5393b8f 100644
--- a/src/libpts/pts/pts_database.c
+++ b/src/libpts/pts/pts_database.c
@@ -76,11 +76,11 @@ METHOD(pts_database_t, create_comp_evid_enumerator, enumerator_t*,
 
 	/* look for all entries belonging to a product in the files table */
 	e = this->db->query(this->db,
-				"SELECT f.type, f.path FROM files AS f "
+				"SELECT f.path FROM files AS f "
 				"JOIN product_file AS pf ON f.id = pf.file "
 				"JOIN products AS p ON p.id = pf.product "
 				"WHERE p.name = ? AND f.component = 1",
-				DB_TEXT, product, DB_INT, DB_TEXT);
+				DB_TEXT, product, DB_TEXT);
 	return e;
 }
author	Sansar Choinyambuu <schoinya@hsr.ch>	2011-11-14 17:10:35 +0100
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2011-11-28 21:20:23 +0100
commit	77cf6271ad06f7f1c09d7e7c79325a451f723cec (patch)
tree	ac2287d62d2a61fc709e9744df2bd2539500bbc5 /src
parent	b4a9274ce117fc2e311d66ab7f1e869a13a31cb6 (diff)
download	strongswan-77cf6271ad06f7f1c09d7e7c79325a451f723cec.tar.bz2 strongswan-77cf6271ad06f7f1c09d7e7c79325a451f723cec.tar.xz