diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-11-28 23:18:33 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-11-28 23:18:33 +0100 |
| commit | f0d4756eb0452fc2c71ce834c648ea62878dc8b9 (patch) | |
| tree | e812f7157d8431ec13ebe75ab57cb38113da5521 /src | |
| parent | e8a491c01a90777e6afb9f04332755c27030856a (diff) | |
| download | strongswan-f0d4756eb0452fc2c71ce834c648ea62878dc8b9.tar.bz2 strongswan-f0d4756eb0452fc2c71ce834c648ea62878dc8b9.tar.xz | |
allow update of file hashes
Diffstat (limited to 'src')
| -rw-r--r-- | src/libpts/plugins/imv_attestation/attest_db.c | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c index 944ed837e..73a8c744e 100644 --- a/src/libpts/plugins/imv_attestation/attest_db.c +++ b/src/libpts/plugins/imv_attestation/attest_db.c @@ -1344,7 +1344,7 @@ METHOD(attest_db_t, list_measurements, void, bool insert_file_hash(private_attest_db_t *this, pts_meas_algorithms_t algo, chunk_t measurement, int fid, int did, bool ima, - int *hashes_added) + int *hashes_added, int *hashes_updated) { enumerator_t *e; chunk_t hash; @@ -1363,8 +1363,22 @@ bool insert_file_hash(private_attest_db_t *this, pts_meas_algorithms_t algo, } if (e->enumerate(e, &hash)) { - label = chunk_equals(measurement, hash) ? - "exists and equals" : "exists and differs"; + if (chunk_equals(measurement, hash)) + { + label = "exists and equals"; + } + else + { + if (this->db->execute(this->db, NULL, + "UPDATE file_hashes SET hash = ? WHERE algo = ? " + "AND file = ? AND directory = ? AND product = ? and key = 0", + DB_BLOB, measurement, DB_INT, algo, DB_UINT, fid, DB_UINT, did, + DB_UINT, this->pid) == 1) + { + label = "updated"; + (*hashes_updated)++; + } + } } else { @@ -1416,7 +1430,8 @@ METHOD(attest_db_t, add, bool, hasher_t *hasher = NULL; bool ima = FALSE; int fid, did; - int files_added = 0, hashes_added = 0, ima_hashes_added = 0; + int files_added = 0, hashes_added = 0, hashes_updated = 0; + int ima_hashes_added = 0, ima_hashes_updated = 0; enumerator_t *enumerator, *e; if (this->algo == PTS_MEAS_ALGO_SHA1_IMA) @@ -1480,7 +1495,8 @@ METHOD(attest_db_t, add, bool, /* compute file measurement hash */ if (!insert_file_hash(this, this->algo, measurement, - fid, did, FALSE, &hashes_added)) + fid, did, FALSE, + &hashes_added, &hashes_updated)) { break; } @@ -1501,21 +1517,27 @@ METHOD(attest_db_t, add, bool, break; } if (!insert_file_hash(this, PTS_MEAS_ALGO_SHA1_IMA, measurement, - fid, did, TRUE, &ima_hashes_added)) + fid, did, TRUE, + &ima_hashes_added, &ima_hashes_updated)) { break; } } enumerator->destroy(enumerator); - printf("%d measurements, added %d new files, %d new file hashes", - measurements->get_file_count(measurements), - files_added, hashes_added); + printf("%d measurements, added %d new files, %d file hashes", + measurements->get_file_count(measurements), files_added, + hashes_added); if (ima) { - printf(" , %d new ima hashes", ima_hashes_added); + printf(", %d ima hashes", ima_hashes_added, ima_hashes_updated); hasher->destroy(hasher); } + printf(", updated %d file hashes", hashes_updated); + if (ima) + { + printf(", %d ima hashes", ima_hashes_updated); + } printf("\n"); measurements->destroy(measurements); success = TRUE; |