ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

implemented Linux IMA functional component

This commit is contained in:
Andreas Steffen 2011-11-26 00:24:23 +01:00
parent eeefca6b56
commit 86a6f698cb
12 changed files with 1232 additions and 291 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/libpts/Makefile.am
View File

@ -24,6 +24,7 @@ libpts_la_SOURCES = \
pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \

4
src/libpts/libpts.c
View File

@ -18,6 +18,7 @@
#include "pts/components/pts_component_manager.h"
#include "pts/components/tcg/tcg_comp_func_name.h"
#include "pts/components/ita/ita_comp_func_name.h"
#include "pts/components/ita/ita_comp_ima.h"
#include "pts/components/ita/ita_comp_tboot.h"
#include "pts/components/ita/ita_comp_tgrub.h"
@ -62,6 +63,9 @@ bool libpts_init(void)
pts_components->add_component(pts_components, PEN_ITA,
PTS_ITA_COMP_FUNC_NAME_TBOOT,
pts_ita_comp_tboot_create);
pts_components->add_component(pts_components, PEN_ITA,
PTS_ITA_COMP_FUNC_NAME_IMA,
pts_ita_comp_ima_create);
DBG1(DBG_LIB, "libpts initialized");
}

936
src/libpts/plugins/imv_attestation/data.sql
View File

@ -176,150 +176,6 @@ INSERT INTO files (
0, '/etc/tnc_config'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr00'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr01'
);
INSERT INTO files ( /* 25 */
type, path
) VALUES (
2, 'pcr02'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr03'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr04'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr05'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr06'
);
INSERT INTO files ( /* 30 */
type, path
) VALUES (
2, 'pcr07'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr08'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr09'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr10'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr11'
);
INSERT INTO files ( /* 35 */
type, path
) VALUES (
2, 'pcr12'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr13'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr14'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr15'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr16'
);
INSERT INTO files ( /* 40 */
type, path
) VALUES (
2, 'pcr17'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr18'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr19'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr20'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr21'
);
INSERT INTO files ( /* 45 */
type, path
) VALUES (
2, 'pcr22'
);
INSERT INTO files (
type, path
) VALUES (
2, 'pcr23'
);
/* Components */
INSERT INTO components (
@ -555,19 +411,19 @@ INSERT INTO product_file (
/* Product Component */
INSERT INTO product_component (
product, component, depth, sequence
product, component, depth, seq_no
) VALUES (
4, 2, 0, 1
);
INSERT INTO product_component (
product, component, depth, sequence
product, component, depth, seq_no
) VALUES (
7, 1, 0, 1
7, 3, 0, 1
);
INSERT INTO product_component (
product, component, depth, sequence
product, component, depth, seq_no
) VALUES (
7, 2, 0, 2
);
@ -1439,77 +1295,789 @@ INSERT INTO file_hashes (
20, 7, 7, 8192, X'84200bd318bb022915150842ddf4002e061ef593604ad0d07021dc662cc40bfa749cce084ddf25d0e5137f6380f613d8'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
/* Component Hashes */
/* ITA TBOOT Functional Component */
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
23, 7, 3, 32768, X'284ae59c737c4d1ddf785374cbb59a4c8d635590'
2, 4, 1, 17, 32768, X'9704353630674bfe21b86b64a7b0f99c297cf902'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
24, 7, 3, 32768, X'311087044256d9c3a0b570ba3124cbb4d46f1197'
2, 4, 2, 18, 32768, X'8397d8048ee36d7955e38da16fc33e86ef61d6b0'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
25, 7, 3, 32768, X'b1f1f675427640aaa77bef93f26a333f0d57c9c5'
2, 7, 1, 17, 32768, X'd537d437f058136eb3d7be517dbe7647b623c619'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
26, 7, 3, 32768, X'b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236'
2, 7, 2, 18, 32768, X'160d2b04d11eb225fb148615b699081869e15b6c'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
/* ITA IMA Functional Component */
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
27, 7, 3, 32768, X'781c3cee5c3468a09f5ebee8e7d534acea0d2513'
3, 7, 1, 0, 32768, X'4d894eef0ae7cb124740df4f6c5c35aa0fe7dae8'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
28, 7, 3, 32768, X'fec194a9d8f3af2b3876d4bfbbebf980e87e36e9'
3, 7, 2, 0, 32768, X'f2c846e7f335f7b9e9dd0a44f48c48e1986750c7'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
29, 7, 3, 32768, X'ee1b0f997d7517b286bc9d73a4cf742c65a769be'
3, 7, 3, 0, 32768, X'db0b68f3ad06b5c0c35deb56af22b8f0bc23ea50'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
30, 7, 3, 32768, X'b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236'
3, 7, 4, 0, 32768, X'a662680c8564f92cf20c5857d781ed3f0806da5d'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
40, 4, 2, 32768, X'9704353630674bfe21b86b64a7b0f99c297cf902'
3, 7, 5, 0, 32768, X'10bfa817da3a9e5760fbe78f216502e8ca4f94ef'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
40, 7, 2, 32768, X'd537d437f058136eb3d7be517dbe7647b623c619'
3, 7, 6, 0, 32768, X'd0e1af1be845f570e44612613c4ddf3f08996151'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
41, 4, 2, 32768, X'8397d8048ee36d7955e38da16fc33e86ef61d6b0'
3, 7, 7, 0, 32768, X'f05553c39e8130c7bb5db6cd6a6bf627311a9b01'
);
INSERT INTO file_hashes (
file, product, component, algo, hash
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
41, 7, 2, 32768, X'160d2b04d11eb225fb148615b699081869e15b6c'
3, 7, 8, 0, 32768, X'96ef1ad4efc5be2b894a12e5bffddcd496044a08'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 9, 0, 32768, X'e9055f2050b99b9127b6feef3164cb8ead8eb2eb'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 10, 0, 32768, X'6f8150aa3423544ea59ea10025993e660568cc08'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 11, 0, 32768, X'f843e55c9061fec89f2aeb369a74b73fe8eb09e4'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 12, 0, 32768, X'1d1efd1cb89be96f8fdf20ee0b67a89670659208'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 13, 0, 32768, X'f907598ec6fcc5779ff9091ba0925c1d58500352'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 14, 0, 32768, X'42f32d6fba099b0eea2e9a480dc8d4482e20412e'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 15, 0, 32768, X'e8a7cd52522ebacf4637a2b875494cda1c26bd8c'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 16, 0, 32768, X'd62d2c550fd06cae76f3e9c4d63f5fc22e34d4fe'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 17, 0, 32768, X'dc1293a87cab43024a4eaeb684a0186e33dacfe3'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 18, 0, 32768, X'03df488f642a9614ed718bf149fb7289d124189a'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 19, 0, 32768, X'46f1426433c57ee44b5593584308f8b7ac414e17'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 20, 0, 32768, X'1a837850cff01cd311948abd611174fa5699804b'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 21, 0, 32768, X'1c15052b28ac97e6e1cd0b4671fe75607c07de02'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 22, 0, 32768, X'1839bc8b6cd9351565a6bacb57f0e35562962cba'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 23, 0, 32768, X'f428189580a77b142b3de6cd3c183cb0a24dba6f'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 24, 0, 32768, X'f9b7302c9212a5398057ddea9c7506b265c3276f'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 25, 0, 32768, X'3af5d2929b9606b94b404a45deed9a9d673f49b7'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 26, 0, 32768, X'51a7df78bd7a23399b2824ec053f2abe5e4ee049'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 27, 0, 32768, X'2a3675f5efce9151670e9d4ec41e2edf4708d336'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 28, 0, 32768, X'a0cc14b4fde29d7251673af434b2ab246e5acf5a'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 29, 0, 32768, X'5932b35ba45894e65d6aa1afbe2101f677e17000'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 30, 0, 32768, X'ee12ad673d19d8f436ea7832e64935a0ddf9930e'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 31, 0, 32768, X'7bd9b4947ae9b600e6a2d61ead80104d878bb9d2'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 32, 0, 32768, X'849c60fc7b366717aea2295a37b341e40626dd28'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 33, 0, 32768, X'cdd448834760041cc30edd09f41ae36cbf9459ef'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 34, 0, 32768, X'9471225809633ae61f2693711cd878ba2ac59ef9'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 35, 0, 32768, X'4aaa26a4d1389b2400138269d3415bb492cc4312'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 36, 0, 32768, X'a08b0c957c8f741e273e8aa9a88d87b32b860228'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 37, 0, 32768, X'7ecbc26a2272256969e4c626998570c7e013be9c'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 38, 0, 32768, X'12dcf52c5a92b64dd5113031379f27b9f42d5c49'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 39, 0, 32768, X'ca1b8cc8e8ee8b209fc7b55656c3f6ac0b8f86fd'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 40, 0, 32768, X'8566865ae43d19574e85f9f3b6376715ffb3c707'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 41, 0, 32768, X'39c9fda07d57fc185b37bac70ba1068d6e7c41d3'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 42, 0, 32768, X'96a2c8b6caf11da5a37b41706217d4e94bb627c0'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 43, 0, 32768, X'6ee8c5a500af82a1fdf42e5122196fad4f2bbc06'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 44, 0, 32768, X'd2f71dff59d0ab86d0ada6ea288227602d6cf371'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 45, 0, 32768, X'095c8df0b106947e2c62a4458b13f38c6fc4f982'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 46, 0, 32768, X'706071d37157e1030900df60e6efaf897fbab1ec'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 47, 0, 32768, X'97f093c5ab5e2baf9b6f1473b631d3db2595fe99'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 48, 0, 32768, X'c12dd08ffbb4c09e3c282dd7f94cdcc9148ab866'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 49, 0, 32768, X'fb3df3be6d847db26e07eb61312bdc533bda53d2'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 50, 0, 32768, X'88195da5656b80c68bd3e131fb673b197281c2b0'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 51, 0, 32768, X'28353744f0fab757b1a870de007b6c8821d4723e'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 52, 0, 32768, X'9338b619160d4fb1a844acc95b0556b3d6109a77'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 53, 0, 32768, X'cd7f42895c6e4f9752f8b34184059d7ad4e5e6ce'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 54, 0, 32768, X'da5611278bf6855a44e5b1b5d62c76822a81674d'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 55, 0, 32768, X'eb4148c57806114b755416ba96b282fcc99ac2d1'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 56, 0, 32768, X'5e05f61508a391480dc83f741920a5de059546bc'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 57, 0, 32768, X'a23b279883915b0dc3313081924366ea5e75bdc1'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 58, 2, 32768, X'ef7511b5248557ae637f46b552f8af59020f2b00'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 59, 2, 32768, X'6240c588a2d7740f5c2c9523bff7d98334998d77'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 60, 2, 32768, X'808ce28868d844d547e0c2cc4271c14be2a568b6'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 61, 2, 32768, X'd736a206033ecbefc09e909f0d2d72c38d49d50b'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 62, 2, 32768, X'387a7087c3159f7d0a6388d722c200a599b4703b'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 63, 2, 32768, X'b6a679dda488042eee3cf9a525a9ae88b9514229'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 64, 2, 32768, X'693b89dc96682f85b389208ec052f4853fd971eb'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 65, 2, 32768, X'e4b83a6888c69eeb1c65c7ff50ee39897ca51008'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 66, 2, 32768, X'9e0735ad94f4d10faa43f75d02c4edb9b7eb91d4'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 67, 2, 32768, X'881dd3cb2f1f0e3323bf8c5586dfaba2ffcb1a55'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 68, 2, 32768, X'6461d3771999c3a4b3c15bf4e38da30b91bc1b17'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 69, 6, 32768, X'fcad787f7771637d659638d92b5eee9385b3d7b9'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 70, 0, 32768, X'4b90d9178efc5cf9a9ddf4f8bcc49008785d76ec'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 71, 2, 32768, X'e79e468b1921b2293a80c5917efa6a45c379e810'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 72, 2, 32768, X'be1bdec0aa74b4dcb079943e70528096cca985f8'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 73, 2, 32768, X'bc3a1d50aaffa207d2e6645228bb4f1cd40c88e0'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 74, 2, 32768, X'96ea8b0ccfb43fa6da4e98d8f51609cf8eabd91e'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 75, 2, 32768, X'd05ef7250cc103540601fb8956c89c3ba1f47a4e'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 76, 2, 32768, X'd5c28da6b58a66fba125e99c6b6d0e36a1b18315'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 77, 2, 32768, X'0ba611dd45de9acbe3d0da0d2e478e4aa77ff515'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 78, 4, 32768, X'9b4d80cfefc7d5576c4d9f224872505896ef2798'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 79, 2, 32768, X'e79e468b1921b2293a80c5917efa6a45c379e810'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 80, 2, 32768, X'be1bdec0aa74b4dcb079943e70528096cca985f8'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 81, 2, 32768, X'e79e468b1921b2293a80c5917efa6a45c379e810'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 82, 2, 32768, X'be1bdec0aa74b4dcb079943e70528096cca985f8'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 83, 1, 32768, X'230b3bf13c752834decf47f5a86a75582abee51c'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 84, 1, 32768, X'61f59f7782bb39610dbb6b1f57033c161810a267'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 85, 1, 32768, X'c744cac6af7621524fc3a2b0a9a135a32b33c81b'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 86, 1, 32768, X'8a7532af1862f9f61ed08d2b92b82a2ecc99c54f'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 87, 1, 32768, X'ba8fa710d303b3b2a594cba1cb73797c970ffa0b'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 88, 1, 32768, X'a46c5c8b58e67fbe9d3203bae335c0e39f68eff9'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 89, 1, 32768, X'67476198f63603b84afa235970611cd614560cf2'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 90, 2, 32768, X'cdf4d79ac0a10d46a1d9d7ec9642883c71f77fc7'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 91, 2, 32768, X'436067385bf6cd43e2f65f8d70d264af8fca876d'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 92, 2, 32768, X'4916c4e9f1e91b34bd8acef1f827f0b444bdb858'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 93, 2, 32768, X'c66007c47ea62816006d220bbb8fc9d5681c4cc6'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 94, 2, 32768, X'85782c59534d3915298da3da35101891a84be99e'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 95, 2, 32768, X'335f1897c44fef511bed7eb4394375bc2a36dbc3'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 96, 2, 32768, X'82ca255a4c2655eca1516b4249dcdd1edb892eef'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 97, 2, 32768, X'1086445009abbad955b9e915be04ac9afc74567d'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 98, 2, 32768, X'18fe7ae42869e2b3b11bf67215ef4f1c2e260251'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 99, 2, 32768, X'061efe921cad309990e63ed35a7b833e2eabfd2f'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 100, 2, 32768, X'aab5803005883807e91538fdc71968edf81f367c'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 101, 2, 32768, X'aab5803005883807e91538fdc71968edf81f367c'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 102, 2, 32768, X'0ba199b3cd6991a884fe30f40e89d3d603aa5cbd'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 103, 2, 32768, X'0ba199b3cd6991a884fe30f40e89d3d603aa5cbd'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 104, 2, 32768, X'2a5aa44e77a223d701a53b0f9af6d13cf8443b2a'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 105, 2, 32768, X'2a5aa44e77a223d701a53b0f9af6d13cf8443b2a'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 106, 2, 32768, X'c32ab71e81421207255b2665316a9049ddff3653'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 107, 2, 32768, X'c32ab71e81421207255b2665316a9049ddff3653'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 108, 2, 32768, X'cafaeff88886bf0d07b0a6527341da22c08b609d'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 109, 2, 32768, X'cafaeff88886bf0d07b0a6527341da22c08b609d'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 110, 2, 32768, X'68d74b6eacdc3360615744c6aaddb357df9bdbec'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 111, 2, 32768, X'68d74b6eacdc3360615744c6aaddb357df9bdbec'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 112, 2, 32768, X'ac254b04f277ca7e887a4141bf5ed0cf62600d10'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 113, 2, 32768, X'ac254b04f277ca7e887a4141bf5ed0cf62600d10'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 114, 1, 32768, X'4f135c9ee49ca7fbfea079e5d6714802f0405407'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 115, 0, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 116, 1, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 117, 2, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 118, 3, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 119, 4, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 120, 5, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 121, 6, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 122, 7, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 123, 4, 32768, X'c1e25c3f6b0dc78d57296aa2870ca6f782ccf80f'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 124, 4, 32768, X'67a0a98bc4d6321142895a4d938b342f6959c1a9'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 125, 4, 32768, X'06d60b3a0dee9bb9beb2f0b04aff2e75bd1d2860'
);
INSERT INTO component_hashes (
component, product, seq_no, pcr, algo, hash
) VALUES (
3, 7, 126, 5, 32768, X'1b87003b6c7d90483713c90100cca3e62392b9bc'
);

16
src/libpts/plugins/imv_attestation/tables.sql
View File

@ -39,7 +39,7 @@ CREATE TABLE product_component (
product INTEGER NOT NULL,
component INTEGER NOT NULL,
depth INTEGER DEFAULT 0,
sequence INTEGER DEFAULT 0,
seq_no INTEGER DEFAULT 0,
PRIMARY KEY (product, component)
);
@ -48,8 +48,18 @@ CREATE TABLE file_hashes (
file INTEGER NOT NULL,
directory INTEGER DEFAULT 0,
product INTEGER NOT NULL,
component INTEGER DEFAULT 0,
algo INTEGER NOT NULL,
hash BLOB NOT NULL,
PRIMARY KEY(file, directory, product, component, algo)
PRIMARY KEY(file, directory, product, algo)
);
DROP TABLE IF EXISTS component_hashes;
CREATE TABLE component_hashes (
component INTEGER NOT NULL,
product INTEGER NOT NULL,
seq_no INTEGER NOT NULL,
pcr INTEGER NOT NULL,
algo INTEGER NOT NULL,
hash BLOB NOT NULL,
PRIMARY KEY(component, product, seq_no, algo)
);

5
src/libpts/pts/components/ita/ita_comp_func_name.c
View File

@ -36,9 +36,10 @@ ENUM_NEXT(pts_ita_qualifier_type_names, PTS_ITA_QUALIFIER_TYPE_ALL,
ENUM_END(pts_ita_qualifier_type_names, PTS_ITA_QUALIFIER_TYPE_ALL);
ENUM(pts_ita_comp_func_names, PTS_ITA_COMP_FUNC_NAME_IGNORE,
PTS_ITA_COMP_FUNC_NAME_TBOOT,
PTS_ITA_COMP_FUNC_NAME_IMA,
"Ignore",
"Trusted GRUB Boot Loader",
"Trusted Boot"
"Trusted Boot",
"Linux IMA"
);

2
src/libpts/pts/components/ita/ita_comp_func_name.h
View File

@ -76,6 +76,8 @@ enum pts_ita_comp_func_name_t {
PTS_ITA_COMP_FUNC_NAME_TGRUB = 0x0001,
/** Trusted Boot */
PTS_ITA_COMP_FUNC_NAME_TBOOT = 0x0002,
/** Linux Integrity Measurement Architecture */
PTS_ITA_COMP_FUNC_NAME_IMA = 0x0003,
};
extern enum_name_t *pts_ita_comp_func_names;

331
src/libpts/pts/components/ita/ita_comp_ima.c Normal file
View File

@ -0,0 +1,331 @@
/*
* Copyright (C) 2011 Andreas Steffen
*
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "ita_comp_ima.h"
#include "ita_comp_func_name.h"
#include "pts/components/pts_component.h"
#include <debug.h>
#include <pen/pen.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#define IMA_SECURITY_DIR "/sys/kernel/security/tpm0/"
#define IMA_BIOS_MEASUREMENT_PATH IMA_SECURITY_DIR "binary_bios_measurements"
#define IMA_PCR_MAX 8
#define IMA_SEQUENCE 126
typedef struct pts_ita_comp_ima_t pts_ita_comp_ima_t;
/**
* Private data of a pts_ita_comp_ima_t object.
*
*/
struct pts_ita_comp_ima_t {
/**
* Public pts_component_t interface.
*/
pts_component_t public;
/**
* Component Functional Name
*/
pts_comp_func_name_t *name;
/**
* Sub-component depth
*/
u_int32_t depth;
/**
* IMA BIOS measurement time
*/
time_t bios_measurement_time;
/**
* IMA BIOS measurements
*/
linked_list_t *list;
/**
* Measurement sequence number
*/
int seq_no;
/**
* Shadow PCR registers
*/
chunk_t pcrs[IMA_PCR_MAX];
};
typedef struct entry_t entry_t;
/**
* Linux IMA measurement entry
*/
struct entry_t {
/**
* PCR register
*/
u_int32_t pcr;
/**
* SHA1 measurement hash
*/
chunk_t measurement;
};
/**
* Free an entry_t object
*/
static void free_entry(entry_t *this)
{
free(this->measurement.ptr);
free(this);
}
/**
* Load a PCR measurement file and determine the creation date
*/
static bool load_measurements(char *file, linked_list_t *list, time_t *created)
{
u_int32_t pcr, num, len;
entry_t *entry;
struct stat st;
ssize_t res;
int fd;
fd = open(file, O_RDONLY);
if (fd == -1)
{
DBG1(DBG_PTS, " opening '%s' failed: %s", file, strerror(errno));
return FALSE;
}
if (fstat(fd, &st) == -1)
{
DBG1(DBG_PTS, " getting statistics of '%s' failed: %s", file,
strerror(errno));
close(fd);
return FALSE;
}
*created = st.st_ctime;
while (TRUE)
{
res = read(fd, &pcr, 4);
if (res == 0)
{
DBG2(DBG_PTS, "loaded bios measurements '%s' (%d entries)",
file, list->get_count(list));
close(fd);
return TRUE;
}
entry = malloc_thing(entry_t);
entry->pcr = pcr;
entry->measurement = chunk_alloc(HASH_SIZE_SHA1);
if (res != 4)
{
break;
}
if (read(fd, &num, 4) != 4)
{
break;
}
if (read(fd, entry->measurement.ptr, HASH_SIZE_SHA1) != HASH_SIZE_SHA1)
{
break;
}
if (read(fd, &len, 4) != 4)
{
break;
}
if (lseek(fd, len, SEEK_CUR) == -1)
{
break;
}
list->insert_last(list, entry);
}
DBG1(DBG_PTS, "loading bios measurements '%s' failed: %s",
file, strerror(errno));
close(fd);
return FALSE;
}
METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
pts_ita_comp_ima_t *this)
{
return this->name;
}
METHOD(pts_component_t, get_evidence_flags, u_int8_t,
pts_ita_comp_ima_t *this)
{
return PTS_REQ_FUNC_COMP_EVID_PCR;
}
METHOD(pts_component_t, get_depth, u_int32_t,
pts_ita_comp_ima_t *this)
{
return this->depth;
}
METHOD(pts_component_t, measure, status_t,
pts_ita_comp_ima_t *this, pts_t *pts, pts_comp_evidence_t **evidence)
{
pts_comp_evidence_t *evid;
chunk_t pcr_before, pcr_after;
pts_pcr_transform_t pcr_transform;
pts_meas_algorithms_t hash_algo;
size_t pcr_len;
entry_t *entry;
hasher_t *hasher;
hash_algo = PTS_MEAS_ALGO_SHA1;
pcr_len = pts->get_pcr_len(pts);
pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
if (this->list->get_count(this->list) == 0)
{
if (!load_measurements(IMA_BIOS_MEASUREMENT_PATH, this->list,
&this->bios_measurement_time))
{
return FAILED;
}
}
if (this->list->remove_first(this->list, (void**)&entry) != SUCCESS)
{
DBG1(DBG_PTS, "could not retrieve measurement entry");
return FAILED;
}
pcr_before = chunk_clone(this->pcrs[entry->pcr]);
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
hasher->get_hash(hasher, pcr_before, NULL);
hasher->get_hash(hasher, entry->measurement, this->pcrs[entry->pcr].ptr);
hasher->destroy(hasher);
pcr_after = chunk_clone(this->pcrs[entry->pcr]);
evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
this->depth, entry->pcr, hash_algo, pcr_transform,
this->bios_measurement_time, entry->measurement);
evid->set_pcr_info(evid, pcr_before, pcr_after);
free(entry);
return (this->list->get_count(this->list)) ? NEED_MORE : SUCCESS;
}
METHOD(pts_component_t, verify, status_t,
pts_ita_comp_ima_t *this, pts_t *pts, pts_database_t *pts_db,
pts_comp_evidence_t *evidence)
{
bool has_pcr_info;
char *platform_info;
u_int32_t extended_pcr;
pts_meas_algorithms_t algo;
pts_pcr_transform_t transform;
time_t measurement_time;
chunk_t measurement, pcr_before, pcr_after;
platform_info = pts->get_platform_info(pts);
if (!pts_db || !platform_info)
{
DBG1(DBG_PTS, "%s%s%s not available",
(pts_db) ? "" : "pts database",
(!pts_db && !platform_info) ? "and" : "",
(platform_info) ? "" : "platform info");
return FAILED;
}
measurement = evidence->get_measurement(evidence, &extended_pcr,
&algo, &transform, &measurement_time);
if (pts_db->check_comp_measurement(pts_db, measurement, this->name,
platform_info, ++this->seq_no, extended_pcr, algo) != SUCCESS)
{
return FAILED;
}
has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
if (has_pcr_info)
{
if (!pts->add_pcr(pts, extended_pcr, pcr_before, pcr_after))
{
return FAILED;
}
}
return (this->seq_no < IMA_SEQUENCE) ? NEED_MORE : SUCCESS;
}
METHOD(pts_component_t, destroy, void,
pts_ita_comp_ima_t *this)
{
int i;
for (i = 0; i < IMA_PCR_MAX; i++)
{
free(this->pcrs[i].ptr);
}
this->list->destroy_function(this->list, (void *)free_entry);
this->name->destroy(this->name);
free(this);
}
/**
* See header
*/
pts_component_t *pts_ita_comp_ima_create(u_int8_t qualifier, u_int32_t depth)
{
pts_ita_comp_ima_t *this;
int i;
INIT(this,
.public = {
.get_comp_func_name = _get_comp_func_name,
.get_evidence_flags = _get_evidence_flags,
.get_depth = _get_depth,
.measure = _measure,
.verify = _verify,
.destroy = _destroy,
},
.name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_IMA,
qualifier),
.depth = depth,
.list = linked_list_create(),
);
for (i = 0; i < IMA_PCR_MAX; i++)
{
this->pcrs[i] = chunk_alloc(HASH_SIZE_SHA1);
memset(this->pcrs[i].ptr, 0x00, HASH_SIZE_SHA1);
}
return &this->public;
}

34
src/libpts/pts/components/ita/ita_comp_ima.h Normal file
View File

@ -0,0 +1,34 @@
/*
* Copyright (C) 2011 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup pts_ita_comp_func_name pts_ita_comp_func_name
* @{ @ingroup pts
*/
#ifndef PTS_ITA_COMP_IMA_H_
#define PTS_ITA_COMP_IMA_H_
#include "pts/components/pts_component.h"
/**
* Create a PTS ITS Functional Component object
*
* @param qualifier PTS Component Functional Name Qualifier
*
*/
pts_component_t* pts_ita_comp_ima_create(u_int8_t qualifier, u_int32_t depth);
#endif /** PTS_ITA_COMP_IMA_H_ @}*/

83
src/libpts/pts/components/ita/ita_comp_tboot.c
View File

@ -23,6 +23,8 @@
#include <debug.h>
#include <pen/pen.h>
#define TBOOT_SEQUENCE 2
typedef struct pts_ita_comp_tboot_t pts_ita_comp_tboot_t;
/**
@ -46,16 +48,16 @@ struct pts_ita_comp_tboot_t {
*/
u_int32_t depth;
/**
* Extended PCR last handled
*/
u_int32_t extended_pcr;
/**
* Time of TBOOT measurement
*/
time_t measurement_time;
/**
* Measurement sequence number
*/
int seq_no;
};
METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
@ -83,10 +85,11 @@ METHOD(pts_component_t, measure, status_t,
char *meas_hex, *pcr_before_hex, *pcr_after_hex;
chunk_t measurement, pcr_before, pcr_after;
size_t hash_size, pcr_len;
u_int32_t extended_pcr;
pts_pcr_transform_t pcr_transform;
pts_meas_algorithms_t hash_algo;
switch (this->extended_pcr)
switch (this->seq_no++)
{
case 0:
/* dummy data since currently the TBOOT log is not retrieved */
@ -97,9 +100,9 @@ METHOD(pts_component_t, measure, status_t,
"libimcv.plugins.imc-attestation.pcr17_before", NULL);
pcr_after_hex = lib->settings->get_str(lib->settings,
"libimcv.plugins.imc-attestation.pcr17_after", NULL);
this->extended_pcr = PCR_TBOOT_POLICY;
extended_pcr = PCR_TBOOT_POLICY;
break;
case PCR_TBOOT_POLICY:
case 1:
/* dummy data since currently the TBOOT log is not retrieved */
meas_hex = lib->settings->get_str(lib->settings,
"libimcv.plugins.imc-attestation.pcr18_meas", NULL);
@ -107,7 +110,7 @@ METHOD(pts_component_t, measure, status_t,
"libimcv.plugins.imc-attestation.pcr18_before", NULL);
pcr_after_hex = lib->settings->get_str(lib->settings,
"libimcv.plugins.imc-attestation.pcr18_after", NULL);
this->extended_pcr = PCR_TBOOT_MLE;
extended_pcr = PCR_TBOOT_MLE;
break;
default:
return FAILED;
@ -136,12 +139,12 @@ METHOD(pts_component_t, measure, status_t,
}
evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
this->depth, this->extended_pcr,
this->depth, extended_pcr,
hash_algo, pcr_transform,
this->measurement_time, measurement);
evid->set_pcr_info(evid, pcr_before, pcr_after);
return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
return (this->seq_no < TBOOT_SEQUENCE) ? NEED_MORE : SUCCESS;
}
METHOD(pts_component_t, verify, status_t,
@ -149,14 +152,12 @@ METHOD(pts_component_t, verify, status_t,
pts_comp_evidence_t *evidence)
{
bool has_pcr_info;
char *platform_info;
u_int32_t extended_pcr;
pts_meas_algorithms_t algo;
pts_pcr_transform_t transform;
time_t measurement_time;
chunk_t measurement, pcr_before, pcr_after, hash;
enumerator_t *enumerator;
char *file, *platform_info;
status_t status = NOT_FOUND;
platform_info = pts->get_platform_info(pts);
if (!pts_db || !platform_info)
@ -167,58 +168,12 @@ METHOD(pts_component_t, verify, status_t,
(platform_info) ? "" : "platform info");
return FAILED;
}
switch (this->extended_pcr)
{
case 0:
this->extended_pcr = PCR_TBOOT_POLICY;
file = "pcr17";
break;
case PCR_TBOOT_POLICY:
this->extended_pcr = PCR_TBOOT_MLE;
file = "pcr18";
break;
default:
return FAILED;
}
measurement = evidence->get_measurement(evidence, &extended_pcr,
&algo, &transform, &measurement_time);
if (extended_pcr != this->extended_pcr)
{
DBG1(DBG_PTS, "expected PCR %2d but received measurement for PCR %2d",
this->extended_pcr, extended_pcr);
return FAILED;
}
/* check measurement in database */
enumerator = pts_db->create_comp_hash_enumerator(pts_db, file,
platform_info, this->name, TRUSTED_HASH_ALGO);
while (enumerator->enumerate(enumerator, &hash))
{
if (chunk_equals(hash, measurement))
{
DBG2(DBG_PTS, "PCR %2d matching TBOOT component measurement "
"found in database", this->extended_pcr);
status = SUCCESS;
break;
}
else
{
DBG1(DBG_PTS, "PCR %2d no matching TBOOT component measurement "
"found in database", this->extended_pcr);
DBG1(DBG_PTS, " expected: %#B", &hash);
DBG1(DBG_PTS, " received: %#B", &measurement);
status = FAILED;
break;
}
}
enumerator->destroy(enumerator);
&algo, &transform, &measurement_time);
if (status == NOT_FOUND)
if (pts_db->check_comp_measurement(pts_db, measurement, this->name,
platform_info, ++this->seq_no, extended_pcr, algo) != SUCCESS)
{
DBG1(DBG_PTS, "PCR %2d no measurement found in database",
this->extended_pcr);
return FAILED;
}
@ -231,7 +186,7 @@ METHOD(pts_component_t, verify, status_t,
}
}
return (this->extended_pcr == PCR_TBOOT_MLE) ? SUCCESS : NEED_MORE;
return (this->seq_no < TBOOT_SEQUENCE) ? NEED_MORE : SUCCESS;
}
METHOD(pts_component_t, destroy, void,

2
src/libpts/pts/pts.c
View File

@ -626,7 +626,7 @@ static bool file_metadata(char *pathname, pts_file_metadata_t **entry)
if (stat(pathname, &st))
{
DBG1(DBG_PTS, "Unable to obtain statistics about '%s'", pathname);
DBG1(DBG_PTS, "unable to obtain statistics about '%s'", pathname);
return FALSE;
}

68
src/libpts/pts/pts_database.c
View File

@ -80,7 +80,7 @@ METHOD(pts_database_t, create_comp_evid_enumerator, enumerator_t*,
"FROM components AS c "
"JOIN product_component AS pc ON c.id = pc.component "
"JOIN products AS p ON p.id = pc.product "
"WHERE p.name = ? ORDER BY pc.sequence",
"WHERE p.name = ? ORDER BY pc.seq_no",
DB_TEXT, product, DB_INT, DB_INT, DB_INT, DB_INT);
return e;
}
@ -114,26 +114,60 @@ METHOD(pts_database_t, create_file_hash_enumerator, enumerator_t*,
return e;
}
METHOD(pts_database_t, create_comp_hash_enumerator, enumerator_t*,
private_pts_database_t *this, char *file, char *product,
pts_comp_func_name_t *comp_name, pts_meas_algorithms_t algo)
METHOD(pts_database_t, check_comp_measurement, status_t,
private_pts_database_t *this, chunk_t measurement,
pts_comp_func_name_t *comp_name, char *product,
int seq_no, int pcr, pts_meas_algorithms_t algo)
{
enumerator_t *e;
chunk_t hash;
status_t status = NOT_FOUND;
e = this->db->query(this->db,
"SELECT fh.hash FROM file_hashes AS fh "
"JOIN files AS f ON fh.file = f.id "
"JOIN products AS p ON fh.product = p.id "
"JOIN components AS c ON fh.component = c.id "
"WHERE f.path = ? AND p.name = ? AND c.vendor_id = ? "
"AND c.name = ? AND c.qualifier = ? AND fh.algo = ? ",
DB_TEXT, file, DB_TEXT, product,
DB_INT, comp_name->get_vendor_id(comp_name),
DB_INT, comp_name->get_name(comp_name),
DB_INT, comp_name->get_qualifier(comp_name),
DB_INT, algo, DB_BLOB);
"SELECT ch.hash FROM component_hashes AS ch "
"JOIN products AS p ON ch.product = p.id "
"JOIN components AS c ON ch.component = c.id "
"WHERE c.vendor_id = ? AND c.name = ? AND c.qualifier = ? "
"AND p.name = ? AND ch.seq_no = ? AND ch.pcr = ? AND ch.algo = ? ",
DB_INT, comp_name->get_vendor_id(comp_name),
DB_INT, comp_name->get_name(comp_name),
DB_INT, comp_name->get_qualifier(comp_name),
DB_TEXT, product, DB_INT, seq_no, DB_INT, pcr, DB_INT, algo,
DB_BLOB);
if (!e)
{
DBG1(DBG_PTS, "no database query enumerator returned");
return FAILED;
}
return e;
while (e->enumerate(e, &hash))
{
if (chunk_equals(hash, measurement))
{
DBG2(DBG_PTS, "PCR %2d matching component measurement #%d "
"found in database", pcr, seq_no);
status = SUCCESS;
break;
}
else
{
DBG1(DBG_PTS, "PCR %2d no matching component measurement #%d "
"found in database", pcr, seq_no);
DBG1(DBG_PTS, " expected: %#B", &hash);
DBG1(DBG_PTS, " received: %#B", &measurement);
status = FAILED;
break;
}
}
e->destroy(e);
if (status == NOT_FOUND)
{
DBG1(DBG_PTS, "PCR %2d no measurement #%d "
"found in database", pcr, seq_no);
}
return status;
}
METHOD(pts_database_t, destroy, void,
@ -156,7 +190,7 @@ pts_database_t *pts_database_create(char *uri)
.create_file_meta_enumerator = _create_file_meta_enumerator,
.create_comp_evid_enumerator = _create_comp_evid_enumerator,
.create_file_hash_enumerator = _create_file_hash_enumerator,
.create_comp_hash_enumerator = _create_comp_hash_enumerator,
.check_comp_measurement = _check_comp_measurement,
.destroy = _destroy,
},
.db = lib->db->create(lib->db, uri),

41
src/libpts/pts/pts_database.h
View File

@ -36,8 +36,8 @@ struct pts_database_t {
/**
* Get files/directories to be measured by PTS
*
* @param product software product (os, vpn client, etc.)
* @return enumerator over all matching files/directories
* @param product Software product (os, vpn client, etc.)
* @return Enumerator over all matching files/directories
*/
enumerator_t* (*create_file_meas_enumerator)(pts_database_t *this,
char *product);
@ -45,8 +45,8 @@ struct pts_database_t {
/**
* Get files/directories to request metadata of
*
* @param product software product (os, vpn client, etc.)
* @return enumerator over all matching files/directories
* @param product Software product (os, vpn client, etc.)
* @return Enumerator over all matching files/directories
*/
enumerator_t* (*create_file_meta_enumerator)(pts_database_t *this,
char *product);
@ -54,8 +54,8 @@ struct pts_database_t {
/**
* Get functional components to request evidence of
*
* @param product software product (os, vpn client, etc.)
* @return enumerator over all matching components
* @param product Software product (os, vpn client, etc.)
* @return Enumerator over all matching components
*/
enumerator_t* (*create_comp_evid_enumerator)(pts_database_t *this,
char *product);
@ -63,29 +63,30 @@ struct pts_database_t {
/**
* Get stored measurement hash for single file or directory entries
*
* @param product software product (os, vpn client, etc.)
* @param algo hash algorithm used for measurement
* @param id primary key of measured file/directory
* @param product Software product (os, vpn client, etc.)
* @param algo Hash algorithm used for measurement
* @param id Primary key of measured file/directory
* @param is_dir TRUE if directory was measured
* @return enumerator over all matching measurement hashes
* @return Enumerator over all matching measurement hashes
*/
enumerator_t* (*create_file_hash_enumerator)(pts_database_t *this,
char *product, pts_meas_algorithms_t algo,
int id, bool is_dir);
/**
* Get stored measurement hash for functional component entries
* Check a functional component measurement against value stored in database
*
* @param file file path in files table
* @param product software product (os, vpn client, etc.)
* @param algo hash algorithm used for measurement
* @param comp_name functional component name object
* @return enumerator over all matching measurement hashes
* @param measurement measurement hash
* @param comp_name Component Functional Name
* @param product Software product (os, vpn client, etc.)
* @param seq_no Measurement sequence number
* @param prc Number of the PCR the measurement was extended into
* @param algo Hash algorithm used for measurement
* @return return code
*/
enumerator_t* (*create_comp_hash_enumerator)(pts_database_t *this,
char *file, char *product,
pts_comp_func_name_t *comp_name,
pts_meas_algorithms_t algo);
status_t (*check_comp_measurement)(pts_database_t *this, chunk_t measurement,
pts_comp_func_name_t *comp_name, char *product,
int seq_no, int pcr, pts_meas_algorithms_t algo);
/**
* Destroys a pts_database_t object.