transfer IMA file measurements via PA-TNC
[strongswan.git] / src / libpts / pts / components / ita / ita_comp_tboot.c
index 57b8091..8ac8335 100644 (file)
@@ -1,6 +1,5 @@
 /*
- * Copyright (C) 2011 Andreas Steffen
- *
+ * Copyright (C) 2011-2012 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -42,6 +41,11 @@ struct pts_ita_comp_tboot_t {
        pts_comp_func_name_t *name;
 
        /**
+        * AIK keyid
+        */
+       chunk_t keyid;
+
+       /**
         * Sub-component depth
         */
        u_int32_t depth;
@@ -52,9 +56,14 @@ struct pts_ita_comp_tboot_t {
        pts_database_t *pts_db;
 
        /**
-        * AIK keyid
+        * Primary key for Component Functional Name database entry
         */
-       chunk_t keyid;
+       int cid;
+
+       /**
+        * Primary key for AIK database entry
+        */
+       int kid;
 
        /**
         * Component is registering measurements 
@@ -97,7 +106,9 @@ METHOD(pts_component_t, get_depth, u_int32_t,
 }
 
 METHOD(pts_component_t, measure, status_t,
-       pts_ita_comp_tboot_t *this, pts_t *pts, pts_comp_evidence_t **evidence)
+       pts_ita_comp_tboot_t *this, pts_t *pts, pts_comp_evidence_t **evidence,
+       pts_file_meas_t **measurements)
+
 {
        pts_comp_evidence_t *evid;
        char *meas_hex, *pcr_before_hex, *pcr_after_hex;
@@ -134,6 +145,11 @@ METHOD(pts_component_t, measure, status_t,
                        return FAILED;
        }
 
+       if (meas_hex == NULL || pcr_before_hex == NULL || pcr_after_hex == NULL)
+       {
+               return FAILED;
+       }
+
        hash_algo = pts->get_meas_algorithm(pts);
        hash_size = pts_meas_algo_hash_size(hash_algo);
        pcr_len = pts->get_pcr_len(pts);
@@ -175,6 +191,7 @@ METHOD(pts_component_t, verify, status_t,
        pts_pcr_transform_t transform;
        time_t measurement_time;
        chunk_t measurement, pcr_before, pcr_after;
+       status_t status;
 
        measurement = evidence->get_measurement(evidence, &extended_pcr,
                                                                &algo, &transform, &measurement_time);
@@ -192,10 +209,12 @@ METHOD(pts_component_t, verify, status_t,
                        DBG1(DBG_PTS, "pts database not available");
                        return FAILED;
                }
-               if (this->pts_db->get_comp_measurement_count(this->pts_db, this->name,
-                                                       this->keyid, algo, &this->count) != SUCCESS)
+               status = this->pts_db->get_comp_measurement_count(this->pts_db,
+                                                               this->name, this->keyid, algo, &this->cid,
+                                                               &this->kid, &this->count);
+               if (status != SUCCESS)
                {
-                       return FAILED;
+                       return status;
                }
                vid = this->name->get_vendor_id(this->name);
                name = this->name->get_name(this->name);
@@ -216,21 +235,23 @@ METHOD(pts_component_t, verify, status_t,
 
        if (this->is_registering)
        {
-               if (this->pts_db->insert_comp_measurement(this->pts_db, measurement,
-                                                                       this->name, this->keyid, ++this->seq_no,
-                                                                       extended_pcr, algo) != SUCCESS)
+               status = this->pts_db->insert_comp_measurement(this->pts_db,
+                                                               measurement, this->cid, this->kid,
+                                                               ++this->seq_no, extended_pcr, algo);
+               if (status != SUCCESS)
                {
-                       return FAILED;
+                       return status;
                }
                this->count = this->seq_no + 1;
        }
        else
        {
-               if (this->pts_db->check_comp_measurement(this->pts_db, measurement,
-                                                                       this->name, this->keyid, ++this->seq_no,
-                                                                       extended_pcr, algo) != SUCCESS)
+               status = this->pts_db->check_comp_measurement(this->pts_db,
+                                                               measurement, this->cid, this->kid,
+                                                               ++this->seq_no, extended_pcr, algo);
+               if (status != SUCCESS)
                {
-                       return FAILED;
+                       return status;
                }
        }
 
@@ -243,28 +264,35 @@ METHOD(pts_component_t, verify, status_t,
                }
        }
 
-       return (this->seq_no < this->count) ? NEED_MORE : SUCCESS;
+       return SUCCESS;
 }
 
-METHOD(pts_component_t, check_off_registrations, bool,
+METHOD(pts_component_t, finalize, bool,
        pts_ita_comp_tboot_t *this)
 {
        u_int32_t vid, name;
        enum_name_t *names;
                
-       if (!this->is_registering)
+       vid = this->name->get_vendor_id(this->name);
+       name = this->name->get_name(this->name);
+       names = pts_components->get_comp_func_names(pts_components, vid);
+
+       if (this->is_registering)
        {
+               /* close registration */
+               this->is_registering = FALSE;
+
+               DBG1(DBG_PTS, "registered %d %N '%N' functional component evidence "
+                                         "measurements", this->seq_no, pen_names, vid, names, name);
+       }
+       else if (this->seq_no < this->count)
+       {
+               DBG1(DBG_PTS, "%d of %d %N '%N' functional component evidence "
+                                         "measurements missing", this->count - this->seq_no,
+                                          this->count, pen_names, vid, names, name);
                return FALSE;
        }
 
-       /* Finalize registration */
-       this->is_registering = FALSE;
-
-       vid = this->name->get_vendor_id(this->name);
-       name = this->name->get_name(this->name);
-       names = pts_components->get_comp_func_names(pts_components, vid);
-       DBG1(DBG_PTS, "registered %d %N '%N' functional component evidence "
-                                 "measurements", this->seq_no, pen_names, vid, names, name);
        return TRUE;
 }
 
@@ -277,8 +305,8 @@ METHOD(pts_component_t, destroy, void,
 
        if (this->is_registering)
        {
-               count = this->pts_db->delete_comp_measurements(this->pts_db, this->name,
-                                                                                                          this->keyid);
+               count = this->pts_db->delete_comp_measurements(this->pts_db,
+                                                                                                          this->cid, this->kid);
                vid = this->name->get_vendor_id(this->name);
                name = this->name->get_name(this->name);
                names = pts_components->get_comp_func_names(pts_components, vid);
@@ -305,7 +333,7 @@ pts_component_t *pts_ita_comp_tboot_create(u_int8_t qualifier, u_int32_t depth,
                        .get_depth = _get_depth,
                        .measure = _measure,
                        .verify = _verify,
-                       .check_off_registrations = _check_off_registrations,
+                       .finalize = _finalize,
                        .destroy = _destroy,
                },
                .name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TBOOT,