check if TNC client has a valid and registered AIK
[strongswan.git] / src / libpts / pts / pts_database.h
index 3ed0b5b..a9a68ac 100644 (file)
@@ -52,15 +52,6 @@ struct pts_database_t {
                                                                                                 char *product);
 
        /**
-       * Get functional components to request evidence of
-       *
-       * @param product                Software product (os, vpn client, etc.)
-       * @return                               Enumerator over all matching components
-       */
-       enumerator_t* (*create_comp_evid_enumerator)(pts_database_t *this,
-                                                                                                char *product);
-
-       /**
        * Get stored measurement hash for single file or directory entries
        *
        * @param product                Software product (os, vpn client, etc.)
@@ -74,19 +65,76 @@ struct pts_database_t {
                                                                int id, bool is_dir);
 
        /**
+       * Check if an AIK given by its keyid is registered in the database
+       *
+       * @param keyid                  AIK keyid (SHA-1 hash of the AIK public key info)
+       * @param kid                    Primary key of AIK entry in keys table
+       * @return                               SUCCESS if AIK is present, FAILED otherwise
+       */
+       status_t (*check_aik_keyid)(pts_database_t *this, chunk_t keyid, int *kid);
+
+       /**
+       * Get functional components to request evidence of
+       *
+       * @param kid                    Primary key of AIK entry in keys table
+       * @return                               Enumerator over all matching components
+       */
+       enumerator_t* (*create_comp_evid_enumerator)(pts_database_t *this, int kid);
+
+       /**
        * Check a functional component measurement against value stored in database
        *
        * @param measurement    measurement hash
-       * @param comp_name              Component Functional Name
-       * @param product                Software product (os, vpn client, etc.)
+       * @param cid                    Primary key of Component Functional Name entry
+       * @param kid                    Primary key of AIK entry in keys table
        * @param seq_no                 Measurement sequence number
        * @param prc                    Number of the PCR the measurement was extended into
        * @param algo                   Hash algorithm used for measurement
-       * @return                               return code
+       * @return                               SUCCESS if check was successful
        */
        status_t (*check_comp_measurement)(pts_database_t *this, chunk_t measurement,
-                                                       pts_comp_func_name_t *comp_name, char *product,
-                                                       int seq_no, int pcr, pts_meas_algorithms_t algo);
+                                                                          int cid, int kid, int seq_no, int pcr,
+                                                                          pts_meas_algorithms_t algo);
+
+       /**
+       * Insert a functional component measurement into the database
+       *
+       * @param measurement    Measurement hash
+       * @param cid                    Primary key of Component Functional Name entry
+       * @param kid                    Primary key of AIK entry in keys table
+       * @param seq_no                 Measurement sequence number
+       * @param prc                    Number of the PCR the measurement was extended into
+       * @param algo                   Hash algorithm used for measurement
+       * @return                               SUCCESS if INSERT was successful
+       */
+       status_t (*insert_comp_measurement)(pts_database_t *this, chunk_t measurement,
+                                                                               int cid, int kid, int seq_no, int pcr,
+                                                                               pts_meas_algorithms_t algo);
+
+       /**
+       * Delete functional component measurements from the database
+       *
+       * @param cid                    Primary key of Component Functional Name entry
+       * @param kid                    Primary key of AIK entry in keys table
+       * @return                               number of deleted measurement entries
+       */
+       int (*delete_comp_measurements)(pts_database_t *this, int cid, int kid);
+
+       /**
+       * Get the number of measurements for a functional component and AIK
+       *
+       * @param comp_name              Component Functional Name
+       * @param keyid                  SHA-1 hash of AIK public key info
+       * @param algo                   Hash algorithm used for measurement
+       * @param cid                    Primary key of Component Functional Name entry
+       * @param kid                    Primary key of AIK entry in keys table
+       * @param count                  measurement count
+       * @return                               SUCCESS if COUNT was successful
+       */
+       status_t (*get_comp_measurement_count)(pts_database_t *this,
+                                                       pts_comp_func_name_t *comp_name, chunk_t keyid,
+                                                       pts_meas_algorithms_t algo, int *cid, int *kid,
+                                                       int *count);
 
        /**
        * Destroys a pts_database_t object.