diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/data.sql | 118 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/imv_attestation_process.c | 2 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/tables.sql | 12 | ||||
| -rw-r--r-- | src/libpts/pts/pts_database.c | 21 | ||||
| -rw-r--r-- | src/libpts/pts/pts_database.h | 10 |
5 files changed, 48 insertions, 115 deletions
diff --git a/src/libimcv/plugins/imv_attestation/data.sql b/src/libimcv/plugins/imv_attestation/data.sql index dada7cbbb..28116a5e4 100644 --- a/src/libimcv/plugins/imv_attestation/data.sql +++ b/src/libimcv/plugins/imv_attestation/data.sql @@ -176,18 +176,6 @@ INSERT INTO files ( 0, '/etc/tnc_config', 1 ); -INSERT INTO files ( - type, path -) VALUES ( - 0, 'tboot_pcr17' -); - -INSERT INTO files ( - type, path -) VALUES ( - 0, 'tboot_pcr18' -); - /* Components */ INSERT INTO components ( @@ -243,18 +231,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 1, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 1, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 2, 2 ); @@ -285,18 +261,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 2, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 2, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 3, 3 ); @@ -315,18 +279,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 3, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 3, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 4, 3 ); @@ -357,18 +309,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 4, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 4, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 5, 3 ); @@ -399,18 +339,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 5, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 5, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 6, 3 ); @@ -441,18 +369,6 @@ INSERT INTO product_file ( INSERT INTO product_file ( product, file ) VALUES ( - 6, 23 -); - -INSERT INTO product_file ( - product, file -) VALUES ( - 6, 24 -); - -INSERT INTO product_file ( - product, file -) VALUES ( 7, 1 ); @@ -486,28 +402,30 @@ INSERT INTO product_file ( 7, 22 ); -INSERT INTO product_file ( - product, file +/* Product Component */ + +INSERT INTO product_component ( + product, component ) VALUES ( - 7, 23 + 4, 1 ); -INSERT INTO product_file ( - product, file +INSERT INTO product_component ( + product, component ) VALUES ( - 7, 24 + 4, 2 ); INSERT INTO product_component ( - product, component, sequence + product, component ) VALUES ( - 7, 1, 1 + 7, 1 ); INSERT INTO product_component ( - product, component, sequence + product, component ) VALUES ( - 7, 2, 2 + 7, 2 ); /* File Hashes */ @@ -1377,14 +1295,14 @@ INSERT INTO file_hashes ( 20, 7, 7, 8192, X'84200bd318bb022915150842ddf4002e061ef593604ad0d07021dc662cc40bfa749cce084ddf25d0e5137f6380f613d8' ); -INSERT INTO file_hashes ( - file, product, algo, hash +INSERT INTO component_hashes ( + component, product, sequence, algo, hash ) VALUES ( - 23, 4, 32768, X'9704353630674bfe21b86b64a7b0f99c297cf902' + 2, 4, 1, 32768, X'9704353630674bfe21b86b64a7b0f99c297cf902' ); -INSERT INTO file_hashes ( - file, product, algo, hash +INSERT INTO component_hashes ( + component, product, sequence, algo, hash ) VALUES ( - 24, 4, 32768, X'8397d8048ee36d7955e38da16fc33e86ef61d6b0' + 2, 4, 2, 32768, X'8397d8048ee36d7955e38da16fc33e86ef61d6b0' ); diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c index 4b01b5644..538ba423f 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c @@ -216,7 +216,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, } /* check hashes from database against measurements */ - e_hash = pts_db->create_hash_enumerator(pts_db, + e_hash = pts_db->create_file_hash_enumerator(pts_db, platform_info, algo, file_id, is_dir); if (!measurements->verify(measurements, e_hash, is_dir)) { diff --git a/src/libimcv/plugins/imv_attestation/tables.sql b/src/libimcv/plugins/imv_attestation/tables.sql index 2de14f4d6..e7b58a5de 100644 --- a/src/libimcv/plugins/imv_attestation/tables.sql +++ b/src/libimcv/plugins/imv_attestation/tables.sql @@ -39,7 +39,7 @@ CREATE TABLE product_component ( product INTEGER NOT NULL, component INTEGER NOT NULL, sequence INTEGER DEFAULT 0, - PRIMARY KEY (product, component) + PRIMARY KEY (product, component, sequence) ); DROP TABLE IF EXISTS file_hashes; @@ -52,3 +52,13 @@ CREATE TABLE file_hashes ( PRIMARY KEY(file, directory, product, algo) ); +DROP TABLE IF EXISTS component_hashes; +CREATE TABLE component_hashes ( + component INTEGER NOT NULL, + product INTEGER NOT NULL, + sequence INTEGER DEFAULT 0, + algo INTEGER NOT NULL, + hash BLOB NOT NULL, + PRIMARY KEY(component, product, sequence, algo) +); + diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c index 0db5c2089..57613bd5c 100644 --- a/src/libpts/pts/pts_database.c +++ b/src/libpts/pts/pts_database.c @@ -85,7 +85,7 @@ METHOD(pts_database_t, create_comp_evid_enumerator, enumerator_t*, } -METHOD(pts_database_t, create_hash_enumerator, enumerator_t*, +METHOD(pts_database_t, create_file_hash_enumerator, enumerator_t*, private_pts_database_t *this, char *product, pts_meas_algorithms_t algo, int id, bool is_dir) { @@ -114,17 +114,20 @@ METHOD(pts_database_t, create_hash_enumerator, enumerator_t*, } METHOD(pts_database_t, create_comp_hash_enumerator, enumerator_t*, - private_pts_database_t *this, char *product, - pts_meas_algorithms_t algo, char *comp_name) + private_pts_database_t *this, char *product, pts_meas_algorithms_t algo, + pts_comp_func_name_t *comp_name) { enumerator_t *e; e = this->db->query(this->db, - "SELECT fh.hash FROM file_hashes AS fh " - "JOIN files AS f ON fh.file = f.id " - "JOIN products AS p ON fh.product = p.id " - "WHERE p.name = ? AND f.path = ? AND fh.algo = ? ", - DB_TEXT, product, DB_TEXT, comp_name, DB_INT, algo, DB_BLOB); + "SELECT ch.hash FROM component_hashes AS ch " + "JOIN components AS c ON ch.component = c.id " + "JOIN products AS p ON ch.product = p.id " + "WHERE p.name = ? AND c.vendor_id = ? " + "AND c.name = ? AND c.qualifier = ? AND ch.algo = ? ", + DB_TEXT, product, DB_INT, comp_name->vendor_id, + DB_INT, comp_name->name, DB_INT, comp_name->qualifier, + DB_INT, algo, DB_BLOB); return e; } @@ -148,7 +151,7 @@ pts_database_t *pts_database_create(char *uri) .create_file_meas_enumerator = _create_file_meas_enumerator, .create_file_meta_enumerator = _create_file_meta_enumerator, .create_comp_evid_enumerator = _create_comp_evid_enumerator, - .create_hash_enumerator = _create_hash_enumerator, + .create_file_hash_enumerator = _create_file_hash_enumerator, .create_comp_hash_enumerator = _create_comp_hash_enumerator, .destroy = _destroy, }, diff --git a/src/libpts/pts/pts_database.h b/src/libpts/pts/pts_database.h index 0279f4e9e..b07b8beab 100644 --- a/src/libpts/pts/pts_database.h +++ b/src/libpts/pts/pts_database.h @@ -68,7 +68,8 @@ struct pts_database_t { * @param is_dir TRUE if directory was measured * @return enumerator over all matching measurement hashes */ - enumerator_t* (*create_hash_enumerator)(pts_database_t *this, char *product, + enumerator_t* (*create_file_hash_enumerator)( + pts_database_t *this, char *product, pts_meas_algorithms_t algo, int id, bool is_dir); @@ -77,11 +78,12 @@ struct pts_database_t { * * @param product software product (os, vpn client, etc.) * @param algo hash algorithm used for measurement - * @param comp_name value of path column in files table + * @param comp_name functional component name object * @return enumerator over all matching measurement hashes */ - enumerator_t* (*create_comp_hash_enumerator)(pts_database_t *this, char *product, - pts_meas_algorithms_t algo, char *comp_name); + enumerator_t* (*create_comp_hash_enumerator)(pts_database_t *this, + char *product, pts_meas_algorithms_t algo, + pts_comp_func_name_t *comp_name); /** * Destroys a pts_database_t object. |