component_hashes new table added

measurements added for tboot component create_comp_hash_enumerator modified accordingly
2011-11-18 09:40:22 +01:00 · 2011-11-18 09:40:22 +01:00 · 0975b00d06
parent 40cfe6db6a
commit 0975b00d06
5 changed files with 50 additions and 117 deletions
--- a/src/libimcv/plugins/imv_attestation/data.sql
+++ b/src/libimcv/plugins/imv_attestation/data.sql
@ -176,18 +176,6 @@ INSERT INTO files (
  0, '/etc/tnc_config', 1
 );

-INSERT INTO files (
-  type, path
-) VALUES (
-  0, 'tboot_pcr17'
-);
-
-INSERT INTO files (
-  type, path
-) VALUES (
-  0, 'tboot_pcr18'
-);
-
 /* Components */

 INSERT INTO components (
@ -240,18 +228,6 @@ INSERT INTO product_file (
  1, 22
 );

-INSERT INTO product_file (
-  product, file
-) VALUES (
-  1, 23
-);
-
-INSERT INTO product_file (
-  product, file
-) VALUES (
-  1, 24
-);
-
 INSERT INTO product_file (
  product, file
 ) VALUES (
@ -282,18 +258,6 @@ INSERT INTO product_file (
  2, 22
 );

-INSERT INTO product_file (
-  product, file
-) VALUES (
-  2, 23
-);
-
-INSERT INTO product_file (
-  product, file
-) VALUES (
-  2, 24
-);
-
 INSERT INTO product_file (
  product, file
 ) VALUES (
@ -312,18 +276,6 @@ INSERT INTO product_file (
  3, 22
 );

-INSERT INTO product_file (
-  product, file
-) VALUES (
-  3, 23
-);
-
-INSERT INTO product_file (
-  product, file
-) VALUES (
-  3, 24
-);
-
 INSERT INTO product_file (
  product, file
 ) VALUES (
@ -354,18 +306,6 @@ INSERT INTO product_file (
  4, 22
 );

-INSERT INTO product_file (
-  product, file
-) VALUES (
-  4, 23
-);
-
-INSERT INTO product_file (
-  product, file
-) VALUES (
-  4, 24
-);
-
 INSERT INTO product_file (
  product, file
 ) VALUES (
@ -396,18 +336,6 @@ INSERT INTO product_file (
  5, 22
 );

-INSERT INTO product_file (
-  product, file
-) VALUES (
-  5, 23
-);
-
-INSERT INTO product_file (
-  product, file
-) VALUES (
-  5, 24
-);
-
 INSERT INTO product_file (
  product, file
 ) VALUES (
@ -438,18 +366,6 @@ INSERT INTO product_file (
  6, 22
 );

-INSERT INTO product_file (
-  product, file
-) VALUES (
-  6, 23
-);
-
-INSERT INTO product_file (
-  product, file
-) VALUES (
-  6, 24
-);
-
 INSERT INTO product_file (
  product, file
 ) VALUES (
@ -486,28 +402,30 @@ INSERT INTO product_file (
  7, 22
 );

-INSERT INTO product_file (
-  product, file
-) VALUES (
-  7, 23
-);
+/* Product Component */

-INSERT INTO product_file (
-  product, file
+INSERT INTO product_component (
+  product, component
 ) VALUES (
-  7, 24
+  4, 1
 );

 INSERT INTO product_component (
-  product, component, sequence
+  product, component
 ) VALUES (
-  7, 1, 1
+  4, 2
 );

 INSERT INTO product_component (
-  product, component, sequence
+  product, component
 ) VALUES (
-  7, 2, 2
+  7, 1
+);
+
+INSERT INTO product_component (
+  product, component
+) VALUES (
+  7, 2
 );

 /* File Hashes */
@ -1377,14 +1295,14 @@ INSERT INTO file_hashes (
  20, 7, 7, 8192, X'84200bd318bb022915150842ddf4002e061ef593604ad0d07021dc662cc40bfa749cce084ddf25d0e5137f6380f613d8'
 );

-INSERT INTO file_hashes (
-  file, product, algo, hash
+INSERT INTO component_hashes (
+  component, product, sequence, algo, hash
 ) VALUES (
-  23, 4, 32768, X'9704353630674bfe21b86b64a7b0f99c297cf902'
+  2, 4, 1, 32768, X'9704353630674bfe21b86b64a7b0f99c297cf902'
 );

-INSERT INTO file_hashes (
-  file, product, algo, hash
+INSERT INTO component_hashes (
+  component, product, sequence, algo, hash
 ) VALUES (
-  24, 4, 32768, X'8397d8048ee36d7955e38da16fc33e86ef61d6b0'
+  2, 4, 2, 32768, X'8397d8048ee36d7955e38da16fc33e86ef61d6b0'
 );
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@ -216,7 +216,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			}

 			/* check hashes from database against measurements */
-			e_hash = pts_db->create_hash_enumerator(pts_db,
+			e_hash = pts_db->create_file_hash_enumerator(pts_db,
 							platform_info, algo, file_id, is_dir);
 			if (!measurements->verify(measurements, e_hash, is_dir))
 			{
--- a/src/libimcv/plugins/imv_attestation/tables.sql
+++ b/src/libimcv/plugins/imv_attestation/tables.sql
@ -39,7 +39,7 @@ CREATE TABLE product_component (
  product INTEGER NOT NULL,
  component INTEGER NOT NULL,
  sequence INTEGER DEFAULT 0,
-  PRIMARY KEY (product, component)
+  PRIMARY KEY (product, component, sequence)
 );

 DROP TABLE IF EXISTS file_hashes;
@ -52,3 +52,13 @@ CREATE TABLE file_hashes (
  PRIMARY KEY(file, directory, product, algo)
 );

+DROP TABLE IF EXISTS component_hashes;
+CREATE TABLE component_hashes (
+  component INTEGER NOT NULL,
+  product INTEGER NOT NULL,
+  sequence INTEGER DEFAULT 0,
+  algo INTEGER NOT NULL,
+  hash BLOB NOT NULL,
+  PRIMARY KEY(component, product, sequence, algo)
+);
+
--- a/src/libpts/pts/pts_database.c
+++ b/src/libpts/pts/pts_database.c
@ -85,7 +85,7 @@ METHOD(pts_database_t, create_comp_evid_enumerator, enumerator_t*,
 }


-METHOD(pts_database_t, create_hash_enumerator, enumerator_t*,
+METHOD(pts_database_t, create_file_hash_enumerator, enumerator_t*,
 	private_pts_database_t *this, char *product, pts_meas_algorithms_t algo,
 	int id, bool is_dir)
 {
@ -114,17 +114,20 @@ METHOD(pts_database_t, create_hash_enumerator, enumerator_t*,
 }

 METHOD(pts_database_t, create_comp_hash_enumerator, enumerator_t*,
-	private_pts_database_t *this, char *product,
-	pts_meas_algorithms_t algo, char *comp_name)
+	private_pts_database_t *this, char *product, pts_meas_algorithms_t algo,
+	pts_comp_func_name_t *comp_name)
 {
 	enumerator_t *e;
 	
 	e = this->db->query(this->db,
-				"SELECT fh.hash FROM file_hashes AS fh "
-				"JOIN files AS f ON fh.file = f.id "
-				"JOIN products AS p ON fh.product = p.id "
-				"WHERE p.name = ? AND f.path = ? AND fh.algo = ? ",
-				DB_TEXT, product, DB_TEXT, comp_name, DB_INT, algo, DB_BLOB);
+				"SELECT ch.hash FROM component_hashes AS ch "
+				"JOIN components AS c ON ch.component = c.id "
+				"JOIN products AS p ON ch.product = p.id "
+				"WHERE p.name = ? AND c.vendor_id = ? "
+				"AND c.name = ? AND c.qualifier = ? AND ch.algo = ? ",
+				DB_TEXT, product, DB_INT, comp_name->vendor_id,
+				DB_INT, comp_name->name, DB_INT, comp_name->qualifier,
+				DB_INT, algo, DB_BLOB);

 	return e;
 }
@ -148,7 +151,7 @@ pts_database_t *pts_database_create(char *uri)
 			.create_file_meas_enumerator = _create_file_meas_enumerator,
 			.create_file_meta_enumerator = _create_file_meta_enumerator,
 			.create_comp_evid_enumerator = _create_comp_evid_enumerator,
-			.create_hash_enumerator = _create_hash_enumerator,
+			.create_file_hash_enumerator = _create_file_hash_enumerator,
 			.create_comp_hash_enumerator = _create_comp_hash_enumerator,
 			.destroy = _destroy,
 		},
--- a/src/libpts/pts/pts_database.h
+++ b/src/libpts/pts/pts_database.h
@ -68,7 +68,8 @@ struct pts_database_t {
 	* @param is_dir			TRUE if directory was measured
 	* @return				enumerator over all matching measurement hashes
 	*/
-	enumerator_t* (*create_hash_enumerator)(pts_database_t *this, char *product,
+	enumerator_t* (*create_file_hash_enumerator)(
+											pts_database_t *this, char *product,
 											pts_meas_algorithms_t algo,
 											int id, bool is_dir);

@ -77,11 +78,12 @@ struct pts_database_t {
 	*
 	* @param product		software product (os, vpn client, etc.)
 	* @param algo			hash algorithm used for measurement
-	* @param comp_name		value of path column in files table
+	* @param comp_name		functional component name object
 	* @return				enumerator over all matching measurement hashes
 	*/
-	enumerator_t* (*create_comp_hash_enumerator)(pts_database_t *this, char *product,
-									pts_meas_algorithms_t algo, char *comp_name);
+	enumerator_t* (*create_comp_hash_enumerator)(pts_database_t *this,
+						char *product, pts_meas_algorithms_t algo,
+						pts_comp_func_name_t *comp_name);

 	/**
 	* Destroys a pts_database_t object.