check if TNC client has a valid and registered AIK
[strongswan.git] / src / libpts / pts / pts_database.h
index b07b8be..a9a68ac 100644 (file)
@@ -24,6 +24,7 @@
 typedef struct pts_database_t pts_database_t;
 
 #include "pts_meas_algo.h"
+#include "components/pts_comp_func_name.h"
 #include <library.h>
 
 /**
@@ -35,8 +36,8 @@ struct pts_database_t {
        /**
        * Get files/directories to be measured by PTS
        *
-       * @param product                software product (os, vpn client, etc.)
-       * @return                               enumerator over all matching files/directories
+       * @param product                Software product (os, vpn client, etc.)
+       * @return                               Enumerator over all matching files/directories
        */
        enumerator_t* (*create_file_meas_enumerator)(pts_database_t *this,
                                                                                                 char *product);
@@ -44,46 +45,96 @@ struct pts_database_t {
        /**
        * Get files/directories to request metadata of
        *
-       * @param product                software product (os, vpn client, etc.)
-       * @return                               enumerator over all matching files/directories
+       * @param product                Software product (os, vpn client, etc.)
+       * @return                               Enumerator over all matching files/directories
        */
        enumerator_t* (*create_file_meta_enumerator)(pts_database_t *this,
                                                                                                 char *product);
 
        /**
+       * Get stored measurement hash for single file or directory entries
+       *
+       * @param product                Software product (os, vpn client, etc.)
+       * @param algo                   Hash algorithm used for measurement
+       * @param id                             Primary key of measured file/directory
+       * @param is_dir                 TRUE if directory was measured
+       * @return                               Enumerator over all matching measurement hashes
+       */
+       enumerator_t* (*create_file_hash_enumerator)(pts_database_t *this,
+                                                               char *product, pts_meas_algorithms_t algo,
+                                                               int id, bool is_dir);
+
+       /**
+       * Check if an AIK given by its keyid is registered in the database
+       *
+       * @param keyid                  AIK keyid (SHA-1 hash of the AIK public key info)
+       * @param kid                    Primary key of AIK entry in keys table
+       * @return                               SUCCESS if AIK is present, FAILED otherwise
+       */
+       status_t (*check_aik_keyid)(pts_database_t *this, chunk_t keyid, int *kid);
+
+       /**
        * Get functional components to request evidence of
        *
-       * @param product                software product (os, vpn client, etc.)
-       * @return                               enumerator over all matching components
+       * @param kid                    Primary key of AIK entry in keys table
+       * @return                               Enumerator over all matching components
        */
-       enumerator_t* (*create_comp_evid_enumerator)(pts_database_t *this,
-                                                                                                char *product);
+       enumerator_t* (*create_comp_evid_enumerator)(pts_database_t *this, int kid);
 
        /**
-       * Get stored measurement hash for single file or directory entries
+       * Check a functional component measurement against value stored in database
        *
-       * @param product                software product (os, vpn client, etc.)
-       * @param algo                   hash algorithm used for measurement
-       * @param id                             primary key of measured file/directory
-       * @param is_dir                 TRUE if directory was measured
-       * @return                               enumerator over all matching measurement hashes
+       * @param measurement    measurement hash
+       * @param cid                    Primary key of Component Functional Name entry
+       * @param kid                    Primary key of AIK entry in keys table
+       * @param seq_no                 Measurement sequence number
+       * @param prc                    Number of the PCR the measurement was extended into
+       * @param algo                   Hash algorithm used for measurement
+       * @return                               SUCCESS if check was successful
+       */
+       status_t (*check_comp_measurement)(pts_database_t *this, chunk_t measurement,
+                                                                          int cid, int kid, int seq_no, int pcr,
+                                                                          pts_meas_algorithms_t algo);
+
+       /**
+       * Insert a functional component measurement into the database
+       *
+       * @param measurement    Measurement hash
+       * @param cid                    Primary key of Component Functional Name entry
+       * @param kid                    Primary key of AIK entry in keys table
+       * @param seq_no                 Measurement sequence number
+       * @param prc                    Number of the PCR the measurement was extended into
+       * @param algo                   Hash algorithm used for measurement
+       * @return                               SUCCESS if INSERT was successful
+       */
+       status_t (*insert_comp_measurement)(pts_database_t *this, chunk_t measurement,
+                                                                               int cid, int kid, int seq_no, int pcr,
+                                                                               pts_meas_algorithms_t algo);
+
+       /**
+       * Delete functional component measurements from the database
+       *
+       * @param cid                    Primary key of Component Functional Name entry
+       * @param kid                    Primary key of AIK entry in keys table
+       * @return                               number of deleted measurement entries
        */
-       enumerator_t* (*create_file_hash_enumerator)(
-                                                                                       pts_database_t *this, char *product,
-                                                                                       pts_meas_algorithms_t algo,
-                                                                                       int id, bool is_dir);
+       int (*delete_comp_measurements)(pts_database_t *this, int cid, int kid);
 
        /**
-       * Get stored measurement hash for functional component entries
+       * Get the number of measurements for a functional component and AIK
        *
-       * @param product                software product (os, vpn client, etc.)
-       * @param algo                   hash algorithm used for measurement
-       * @param comp_name              functional component name object
-       * @return                               enumerator over all matching measurement hashes
+       * @param comp_name              Component Functional Name
+       * @param keyid                  SHA-1 hash of AIK public key info
+       * @param algo                   Hash algorithm used for measurement
+       * @param cid                    Primary key of Component Functional Name entry
+       * @param kid                    Primary key of AIK entry in keys table
+       * @param count                  measurement count
+       * @return                               SUCCESS if COUNT was successful
        */
-       enumerator_t* (*create_comp_hash_enumerator)(pts_database_t *this,
-                                               char *product, pts_meas_algorithms_t algo,
-                                               pts_comp_func_name_t *comp_name);
+       status_t (*get_comp_measurement_count)(pts_database_t *this,
+                                                       pts_comp_func_name_t *comp_name, chunk_t keyid,
+                                                       pts_meas_algorithms_t algo, int *cid, int *kid,
+                                                       int *count);
 
        /**
        * Destroys a pts_database_t object.