store functional components in database

2011-11-18 02:15:15 +01:00 · 2011-11-18 02:15:15 +01:00 · 40cfe6db6a
parent 17f69fbcb5
commit 40cfe6db6a
4 changed files with 94 additions and 63 deletions
--- a/src/libimcv/plugins/imv_attestation/data.sql
+++ b/src/libimcv/plugins/imv_attestation/data.sql
@ -46,146 +46,160 @@ INSERT INTO products (

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, '/lib/i386-linux-gnu/libdl.so.2', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, '/lib/x86_64-linux-gnu/libdl.so.2', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, '/lib/libdl.so.2', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, '/sbin/iptables', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, '/lib/libxtables.so.5', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, '/lib/libxtables.so.2', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  1, '/lib/xtables/', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libxt_udp.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libxt_tcp.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libxt_esp.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libxt_policy.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libxt_conntrack.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libipt_SNAT.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libipt_DNAT.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libipt_MASQUERADE.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libipt_LOG.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, '/sbin/ip6tables', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libip6t_LOG.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libxt_mark.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  0, 'libxt_MARK.so', 1
 );

 INSERT INTO files (
  type, path, measurement
- ) VALUES (
+) VALUES (
  1, '/lib/iptables', 1
 );

 INSERT INTO files (
  type, path, metadata
- ) VALUES (
+) VALUES (
  0, '/etc/tnc_config', 1
 );

 INSERT INTO files (
-  type, path, component
- ) VALUES (
-  0, 'tboot_pcr17', 1
+  type, path
+) VALUES (
+  0, 'tboot_pcr17'
 );

 INSERT INTO files (
-  type, path, component
- ) VALUES (
-  0, 'tboot_pcr18', 1
+  type, path
+) VALUES (
+  0, 'tboot_pcr18'
+);
+
+/* Components */
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 1, 33  /* ITA TGRUB */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 2, 33  /* ITA TBOOT */
 );

 /* Product-File */
@ -484,6 +498,18 @@ INSERT INTO product_file (
  7, 24
 );

+INSERT INTO product_component (
+  product, component, sequence
+) VALUES (
+  7, 1, 1
+);
+
+INSERT INTO product_component (
+  product, component, sequence
+) VALUES (
+  7, 2, 2
+);
+
 /* File Hashes */

 INSERT INTO file_hashes (
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
@ -16,6 +16,7 @@
 #include "imv_attestation_build.h"
 #include "imv_attestation_state.h"

+#include <libpts.h>
 #include <tcg/tcg_pts_attr_proto_caps.h>
 #include <tcg/tcg_pts_attr_meas_algo.h>
 #include <tcg/tcg_pts_attr_dh_nonce_params_req.h>
@ -208,9 +209,11 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
 		case IMV_ATTESTATION_STATE_COMP_EVID:
 		{
 			enumerator_t *enumerator;
-			char *platform_info, *pathname;
+			char flags[8];
+			char *platform_info;
 			pts_funct_comp_evid_req_t *requests = NULL;
 			funct_comp_evid_req_entry_t *entry;
+			int vid, name, qualifier, type;
 			bool first_req = TRUE;

 			attestation_state->set_handshake_state(attestation_state,
@ -229,41 +232,28 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
 			DBG1(DBG_IMV, "platform is '%s'", platform_info);

 			
-			enumerator = pts_db->create_comp_evid_enumerator(pts_db,
-															 platform_info);
+			enumerator = pts_db->create_comp_evid_enumerator(pts_db, platform_info);
 			if (!enumerator)
 			{
 				break;
 			}
-			while (enumerator->enumerate(enumerator, &pathname))
+			while (enumerator->enumerate(enumerator, &vid, &name, &qualifier))
 			{
 				entry = malloc_thing(funct_comp_evid_req_entry_t);
-				
 				entry->flags = PTS_REQ_FUNC_COMP_FLAG_PCR;
 				entry->sub_comp_depth = 0;
-				entry->vendor_id = PEN_ITA;
-				entry->family = PTS_REQ_FUNCT_COMP_FAM_BIN_ENUM;
-				entry->qualifier.kernel = FALSE;
-				entry->qualifier.sub_component = FALSE;
-				entry->qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED;
-				
-				if (strcmp(pathname, TBOOT_POLICY_STR) == 0)
-				{
-					entry->name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY;
-				}
-				else if (strcmp(pathname, TBOOT_MLE_STR) == 0)
-				{
-					entry->name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE;
-				}
-				else
-				{
-					DBG1(DBG_IMV, "Unknown functional component name: \"%s\"",
-						 pathname);
-					enumerator->destroy(enumerator);
-					return FALSE;
-				}
+				entry->name = pts_comp_func_name_create(vid, name, qualifier);
+
+				type = pts_components->get_qualifier(pts_components,
+													 entry->name, &flags);
+
+				DBG2(DBG_TNC, "%N functional component '%N' with qualifier %s '%N'",
+					 pen_names, vid,
+					 pts_components->get_comp_func_names(pts_components, vid),
+					 name, flags,
+					 pts_components->get_qualifier_type_names(pts_components, vid),
+					 type);

-				
 				if (first_req)
 				{
 					/* Create a requests object */
--- a/src/libimcv/plugins/imv_attestation/tables.sql
+++ b/src/libimcv/plugins/imv_attestation/tables.sql
@ -6,8 +6,15 @@ CREATE TABLE files (
  type INTEGER NOT NULL,
  path TEXT NOT NULL,
  measurement INTEGER DEFAULT 0,
-  metadata INTEGER DEFAULT 0,
-  component INTEGER DEFAULT 0
+  metadata INTEGER DEFAULT 0
+);
+
+DROP TABLE IF EXISTS components;
+CREATE TABLE components (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  vendor_id INTEGER NOT NULL,
+  name INTEGER NOT NULL,
+  qualifier INTEGER DEFAULT 0
 );

 DROP TABLE IF EXISTS products;
@ -27,6 +34,14 @@ CREATE TABLE product_file (
  PRIMARY KEY (product, file)
 );

+DROP TABLE IF EXISTS product_component;
+CREATE TABLE product_component (
+  product INTEGER NOT NULL,
+  component INTEGER NOT NULL,
+  sequence INTEGER DEFAULT 0,
+  PRIMARY KEY (product, component)
+);
+
 DROP TABLE IF EXISTS file_hashes;
 CREATE TABLE file_hashes (
  file INTEGER NOT NULL,
--- a/src/libpts/pts/pts_database.c
+++ b/src/libpts/pts/pts_database.c
@ -74,13 +74,13 @@ METHOD(pts_database_t, create_comp_evid_enumerator, enumerator_t*,
 {
 	enumerator_t *e;

-	/* look for all entries belonging to a product in the files table */
+	/* look for all entries belonging to a product in the components table */
 	e = this->db->query(this->db,
-				"SELECT f.path FROM files AS f "
-				"JOIN product_file AS pf ON f.id = pf.file "
-				"JOIN products AS p ON p.id = pf.product "
-				"WHERE p.name = ? AND f.component = 1",
-				DB_TEXT, product, DB_TEXT);
+				"SELECT c.vendor_id, c.name, c.qualifier FROM components AS c "
+				"JOIN product_component AS pc ON c.id = pc.component "
+				"JOIN products AS p ON p.id = pc.product "
+				"WHERE p.name = ? ORDER BY pf.order",
+				DB_TEXT, product, DB_INT, DB_INT, DB_INT);
 	return e;
 }