ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

improved performance of database access by caching primary keys

This commit is contained in:
Andreas Steffen 2011-11-28 14:27:03 +01:00
parent eba8c01d8b
commit 4932278e4b
4 changed files with 102 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/libpts/pts/components/ita/ita_comp_ima.c
View File

@ -51,6 +51,11 @@ struct pts_ita_comp_ima_t {
*/ */
pts_comp_func_name_t *name; pts_comp_func_name_t *name;
/**
* AIK keyid
*/
chunk_t keyid;
/** /**
* Sub-component depth * Sub-component depth
*/ */
@ -62,9 +67,14 @@ struct pts_ita_comp_ima_t {
pts_database_t *pts_db; pts_database_t *pts_db;
/** /**
* AIK keyid * Primary key for Component Functional Name database entry
*/ */
chunk_t keyid; int cid;
/**
* Primary key for AIK database entry
*/
int kid;
/** /**
* Component is registering measurements * Component is registering measurements
@ -289,8 +299,9 @@ METHOD(pts_component_t, verify, status_t,
DBG1(DBG_PTS, "pts database not available"); DBG1(DBG_PTS, "pts database not available");
return FAILED; return FAILED;
} }
if (this->pts_db->get_comp_measurement_count(this->pts_db, this->name, if (this->pts_db->get_comp_measurement_count(this->pts_db,
this->keyid, algo, &this->count) != SUCCESS) this->name, this->keyid, algo,
&this->cid, &this->kid, &this->count) != SUCCESS)
{ {
return FAILED; return FAILED;
} }
@ -314,8 +325,8 @@ METHOD(pts_component_t, verify, status_t,
if (this->is_registering) if (this->is_registering)
{ {
if (this->pts_db->insert_comp_measurement(this->pts_db, measurement, if (this->pts_db->insert_comp_measurement(this->pts_db, measurement,
this->name, this->keyid, ++this->seq_no, this->cid, this->kid, ++this->seq_no,
extended_pcr, algo) != SUCCESS) extended_pcr, algo) != SUCCESS)
{ {
return FAILED; return FAILED;
} }
@ -324,8 +335,8 @@ METHOD(pts_component_t, verify, status_t,
else else
{ {
if (this->pts_db->check_comp_measurement(this->pts_db, measurement, if (this->pts_db->check_comp_measurement(this->pts_db, measurement,
this->name, this->keyid, ++this->seq_no, this->cid, this->kid, ++this->seq_no,
extended_pcr, algo) != SUCCESS) extended_pcr, algo) != SUCCESS)
{ {
return FAILED; return FAILED;
} }
@ -378,8 +389,8 @@ METHOD(pts_component_t, destroy, void,
} }
if (this->is_registering) if (this->is_registering)
{ {
count = this->pts_db->delete_comp_measurements(this->pts_db, this->name, count = this->pts_db->delete_comp_measurements(this->pts_db,
this->keyid); this->cid, this->kid);
vid = this->name->get_vendor_id(this->name); vid = this->name->get_vendor_id(this->name);
name = this->name->get_name(this->name); name = this->name->get_name(this->name);
names = pts_components->get_comp_func_names(pts_components, vid); names = pts_components->get_comp_func_names(pts_components, vid);

31
src/libpts/pts/components/ita/ita_comp_tboot.c
View File

@ -41,6 +41,11 @@ struct pts_ita_comp_tboot_t {
*/ */
pts_comp_func_name_t *name; pts_comp_func_name_t *name;
/**
* AIK keyid
*/
chunk_t keyid;
/** /**
* Sub-component depth * Sub-component depth
*/ */
@ -52,9 +57,14 @@ struct pts_ita_comp_tboot_t {
pts_database_t *pts_db; pts_database_t *pts_db;
/** /**
* AIK keyid * Primary key for Component Functional Name database entry
*/ */
chunk_t keyid; int cid;
/**
* Primary key for AIK database entry
*/
int kid;
/** /**
* Component is registering measurements * Component is registering measurements
@ -192,8 +202,9 @@ METHOD(pts_component_t, verify, status_t,
DBG1(DBG_PTS, "pts database not available"); DBG1(DBG_PTS, "pts database not available");
return FAILED; return FAILED;
} }
if (this->pts_db->get_comp_measurement_count(this->pts_db, this->name, if (this->pts_db->get_comp_measurement_count(this->pts_db,
this->keyid, algo, &this->count) != SUCCESS) this->name, this->keyid, algo,
&this->cid, &this->kid, &this->count) != SUCCESS)
{ {
return FAILED; return FAILED;
} }
@ -217,8 +228,8 @@ METHOD(pts_component_t, verify, status_t,
if (this->is_registering) if (this->is_registering)
{ {
if (this->pts_db->insert_comp_measurement(this->pts_db, measurement, if (this->pts_db->insert_comp_measurement(this->pts_db, measurement,
this->name, this->keyid, ++this->seq_no, this->cid, this->kid, ++this->seq_no,
extended_pcr, algo) != SUCCESS) extended_pcr, algo) != SUCCESS)
{ {
return FAILED; return FAILED;
} }
@ -227,8 +238,8 @@ METHOD(pts_component_t, verify, status_t,
else else
{ {
if (this->pts_db->check_comp_measurement(this->pts_db, measurement, if (this->pts_db->check_comp_measurement(this->pts_db, measurement,
this->name, this->keyid, ++this->seq_no, this->cid, this->kid, ++this->seq_no,
extended_pcr, algo) != SUCCESS) extended_pcr, algo) != SUCCESS)
{ {
return FAILED; return FAILED;
} }
@ -277,8 +288,8 @@ METHOD(pts_component_t, destroy, void,
if (this->is_registering) if (this->is_registering)
{ {
count = this->pts_db->delete_comp_measurements(this->pts_db, this->name, count = this->pts_db->delete_comp_measurements(this->pts_db,
this->keyid); this->cid, this->kid);
vid = this->name->get_vendor_id(this->name); vid = this->name->get_vendor_id(this->name);
name = this->name->get_name(this->name); name = this->name->get_name(this->name);
names = pts_components->get_comp_func_names(pts_components, vid); names = pts_components->get_comp_func_names(pts_components, vid);

90
src/libpts/pts/pts_database.c
View File

@ -114,8 +114,7 @@ METHOD(pts_database_t, create_comp_evid_enumerator, enumerator_t*,
} }
METHOD(pts_database_t, check_comp_measurement, status_t, METHOD(pts_database_t, check_comp_measurement, status_t,
private_pts_database_t *this, chunk_t measurement, private_pts_database_t *this, chunk_t measurement, int cid, int kid,
pts_comp_func_name_t *comp_name, chunk_t keyid,
int seq_no, int pcr, pts_meas_algorithms_t algo) int seq_no, int pcr, pts_meas_algorithms_t algo)
{ {
enumerator_t *e; enumerator_t *e;
@ -123,16 +122,11 @@ METHOD(pts_database_t, check_comp_measurement, status_t,
status_t status = NOT_FOUND; status_t status = NOT_FOUND;
e = this->db->query(this->db, e = this->db->query(this->db,
"SELECT ch.hash FROM component_hashes AS ch " "SELECT hash FROM component_hashes "
"JOIN keys AS k ON ch.key = k.id " "WHERE component = ? AND key = ? "
"JOIN components AS c ON ch.component = c.id " "AND seq_no = ? AND pcr = ? AND algo = ? ",
"WHERE c.vendor_id = ? AND c.name = ? AND c.qualifier = ? " DB_INT, cid, DB_INT, kid, DB_INT, seq_no,
"AND k.keyid = ? AND ch.seq_no = ? AND ch.pcr = ? AND ch.algo = ? ", DB_INT, pcr, DB_INT, algo, DB_BLOB);
DB_INT, comp_name->get_vendor_id(comp_name),
DB_INT, comp_name->get_name(comp_name),
DB_INT, comp_name->get_qualifier(comp_name),
DB_BLOB, keyid, DB_INT, seq_no, DB_INT, pcr, DB_INT, algo,
DB_BLOB);
if (!e) if (!e)
{ {
DBG1(DBG_PTS, "no database query enumerator returned"); DBG1(DBG_PTS, "no database query enumerator returned");
@ -168,23 +162,17 @@ METHOD(pts_database_t, check_comp_measurement, status_t,
} }
METHOD(pts_database_t, insert_comp_measurement, status_t, METHOD(pts_database_t, insert_comp_measurement, status_t,
private_pts_database_t *this, chunk_t measurement, private_pts_database_t *this, chunk_t measurement, int cid, int kid,
pts_comp_func_name_t *comp_name, chunk_t keyid,
int seq_no, int pcr, pts_meas_algorithms_t algo) int seq_no, int pcr, pts_meas_algorithms_t algo)
{ {
int id; int id;
if (this->db->execute(this->db, &id, if (this->db->execute(this->db, &id,
"INSERT INTO component_hashes " "INSERT INTO component_hashes "
"(component, key, seq_no, pcr, algo, hash) VALUES (" "(component, key, seq_no, pcr, algo, hash) "
"(SELECT id FROM components" "VALUES (?, ?, ?, ?, ?, ?)",
" WHERE vendor_id = ? AND name = ? AND qualifier = ?), " DB_INT, cid, DB_INT, kid, DB_INT, seq_no, DB_INT, pcr,
"(SELECT id FROM keys WHERE keyid = ?), ?, ?, ?, ?)", DB_INT, algo, DB_BLOB, measurement) == 1)
DB_INT, comp_name->get_vendor_id(comp_name),
DB_INT, comp_name->get_name(comp_name),
DB_INT, comp_name->get_qualifier(comp_name),
DB_BLOB, keyid, DB_INT, seq_no, DB_INT, pcr,
DB_INT, algo, DB_BLOB, measurement) == 1)
{ {
return SUCCESS; return SUCCESS;
} }
@ -194,39 +182,33 @@ METHOD(pts_database_t, insert_comp_measurement, status_t,
} }
METHOD(pts_database_t, delete_comp_measurements, int, METHOD(pts_database_t, delete_comp_measurements, int,
private_pts_database_t *this, pts_comp_func_name_t *comp_name, chunk_t keyid) private_pts_database_t *this, int cid, int kid)
{ {
return this->db->execute(this->db, NULL, return this->db->execute(this->db, NULL,
"DELETE FROM component_hashes WHERE " "DELETE FROM component_hashes "
"component = (SELECT id FROM components" "WHERE component = ? AND key = ?",
" WHERE vendor_id = ? AND name = ? AND qualifier = ?) AND " DB_INT, cid, DB_INT, kid);
"key = (SELECT id FROM keys WHERE keyid = ?)",
DB_INT, comp_name->get_vendor_id(comp_name),
DB_INT, comp_name->get_name(comp_name),
DB_INT, comp_name->get_qualifier(comp_name),
DB_BLOB, keyid);
} }
METHOD(pts_database_t, get_comp_measurement_count, status_t, METHOD(pts_database_t, get_comp_measurement_count, status_t,
private_pts_database_t *this, pts_comp_func_name_t *comp_name, private_pts_database_t *this, pts_comp_func_name_t *comp_name,
chunk_t keyid, pts_meas_algorithms_t algo, int *count) chunk_t keyid, pts_meas_algorithms_t algo, int *cid, int *kid, int *count)
{ {
enumerator_t *e; enumerator_t *e;
int kid;
status_t status = SUCCESS; status_t status = SUCCESS;
/* Initialize count */ /* Initialize count */
*count = 0; *count = 0;
/* Is the AIK registered? */ /* If the AIK is registered get the primary key */
e = this->db->query(this->db, e = this->db->query(this->db,
"SELECT id FROM keys WHERE keyid = ?", DB_BLOB, keyid, DB_INT); "SELECT id FROM keys WHERE keyid = ?", DB_BLOB, keyid, DB_INT);
if (!e) if (!e)
{ {
DBG1(DBG_PTS, "no database query enumerator returned"); DBG1(DBG_PTS, "no database query enumerator returned");
return FAILED; return FAILED;
} }
if (!e->enumerate(e, &kid)) if (!e->enumerate(e, kid))
{ {
DBG1(DBG_PTS, "AIK %#B is not registered in database", &keyid); DBG1(DBG_PTS, "AIK %#B is not registered in database", &keyid);
e->destroy(e); e->destroy(e);
@ -234,16 +216,32 @@ METHOD(pts_database_t, get_comp_measurement_count, status_t,
} }
e->destroy(e); e->destroy(e);
/* Get the primary key of the Component Functional Name */
e = this->db->query(this->db,
"SELECT id FROM components "
" WHERE vendor_id = ? AND name = ? AND qualifier = ?",
DB_INT, comp_name->get_vendor_id(comp_name),
DB_INT, comp_name->get_name(comp_name),
DB_INT, comp_name->get_qualifier(comp_name),
DB_INT);
if (!e)
{
DBG1(DBG_PTS, "no database query enumerator returned");
return FAILED;
}
if (!e->enumerate(e, cid))
{
DBG1(DBG_PTS, "component functional name not found in database");
e->destroy(e);
return FAILED;
}
e->destroy(e);
/* Get the number of stored measurements for a given AIK and component */ /* Get the number of stored measurements for a given AIK and component */
e = this->db->query(this->db, e = this->db->query(this->db,
"SELECT COUNT(*) FROM component_hashes AS ch " "SELECT COUNT(*) FROM component_hashes AS ch "
"JOIN components AS c ON ch.component = c.id " "WHERE component = ? AND key = ? AND algo = ?",
"WHERE c.vendor_id = ? AND c.name = ? AND c.qualifier = ? " DB_INT, *cid, DB_INT, *kid, DB_INT, algo, DB_INT);
"AND ch.key = ? AND ch.algo = ? ",
DB_INT, comp_name->get_vendor_id(comp_name),
DB_INT, comp_name->get_name(comp_name),
DB_INT, comp_name->get_qualifier(comp_name),
DB_INT, kid, DB_INT, algo, DB_INT);
if (!e) if (!e)
{ {
DBG1(DBG_PTS, "no database query enumerator returned"); DBG1(DBG_PTS, "no database query enumerator returned");

30
src/libpts/pts/pts_database.h
View File

@ -77,41 +77,40 @@ struct pts_database_t {
* Check a functional component measurement against value stored in database * Check a functional component measurement against value stored in database
* *
* @param measurement measurement hash * @param measurement measurement hash
* @param comp_name Component Functional Name * @param cid Primary key of Component Functional Name entry
* @param keyid SHA-1 hash of AIK public key info * @param kid Primary key of AIK entry in keys table
* @param seq_no Measurement sequence number * @param seq_no Measurement sequence number
* @param prc Number of the PCR the measurement was extended into * @param prc Number of the PCR the measurement was extended into
* @param algo Hash algorithm used for measurement * @param algo Hash algorithm used for measurement
* @return SUCCESS if check was successful * @return SUCCESS if check was successful
*/ */
status_t (*check_comp_measurement)(pts_database_t *this, chunk_t measurement, status_t (*check_comp_measurement)(pts_database_t *this, chunk_t measurement,
pts_comp_func_name_t *comp_name, chunk_t keyid, int cid, int kid, int seq_no, int pcr,
int seq_no, int pcr, pts_meas_algorithms_t algo); pts_meas_algorithms_t algo);
/** /**
* Insert a functional component measurement into the database * Insert a functional component measurement into the database
* *
* @param measurement measurement hash * @param measurement Measurement hash
* @param comp_name Component Functional Name * @param cid Primary key of Component Functional Name entry
* @param keyid SHA-1 hash of AIK public key info * @param kid Primary key of AIK entry in keys table
* @param seq_no Measurement sequence number * @param seq_no Measurement sequence number
* @param prc Number of the PCR the measurement was extended into * @param prc Number of the PCR the measurement was extended into
* @param algo Hash algorithm used for measurement * @param algo Hash algorithm used for measurement
* @return SUCCESS if INSERT was successful * @return SUCCESS if INSERT was successful
*/ */
status_t (*insert_comp_measurement)(pts_database_t *this, chunk_t measurement, status_t (*insert_comp_measurement)(pts_database_t *this, chunk_t measurement,
pts_comp_func_name_t *comp_name, chunk_t keyid, int cid, int kid, int seq_no, int pcr,
int seq_no, int pcr, pts_meas_algorithms_t algo); pts_meas_algorithms_t algo);
/** /**
* Delete functional component measurements from the database * Delete functional component measurements from the database
* *
* @param comp_name Component Functional Name * @param cid Primary key of Component Functional Name entry
* @param keyid SHA-1 hash of AIK public key info * @param kid Primary key of AIK entry in keys table
* @return number of deleted measurement entries * @return number of deleted measurement entries
*/ */
int (*delete_comp_measurements)(pts_database_t *this, int (*delete_comp_measurements)(pts_database_t *this, int cid, int kid);
pts_comp_func_name_t *comp_name, chunk_t keyid);
/** /**
* Get the number of measurements for a functional component and AIK * Get the number of measurements for a functional component and AIK
@ -119,12 +118,15 @@ struct pts_database_t {
* @param comp_name Component Functional Name * @param comp_name Component Functional Name
* @param keyid SHA-1 hash of AIK public key info * @param keyid SHA-1 hash of AIK public key info
* @param algo Hash algorithm used for measurement * @param algo Hash algorithm used for measurement
* @param cid Primary key of Component Functional Name entry
* @param kid Primary key of AIK entry in keys table
* @param count measurement count * @param count measurement count
* @return SUCCESS if COUNT was successful * @return SUCCESS if COUNT was successful
*/ */
status_t (*get_comp_measurement_count)(pts_database_t *this, status_t (*get_comp_measurement_count)(pts_database_t *this,
pts_comp_func_name_t *comp_name, chunk_t keyid, pts_comp_func_name_t *comp_name, chunk_t keyid,
pts_meas_algorithms_t algo, int *count); pts_meas_algorithms_t algo, int *cid, int *kid,
int *count);
/** /**
* Destroys a pts_database_t object. * Destroys a pts_database_t object.