Using the database entries for generating Functional Component Evidence Requests
authorSansar Choinyambuu <schoinya@hsr.ch>
Mon, 14 Nov 2011 16:10:35 +0000 (17:10 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 20:20:23 +0000 (21:20 +0100)
Using database entries to match received component measurement hashes

src/libimcv/plugins/imc_attestation/imc_attestation_process.c
src/libimcv/plugins/imv_attestation/imv_attestation_build.c
src/libimcv/plugins/imv_attestation/imv_attestation_process.c
src/libpts/pts/pts.h
src/libpts/pts/pts_database.c

index 8ff68e1..04fc6a4 100644 (file)
@@ -410,6 +410,109 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                        attr_list->insert_last(attr_list, attr);
                        break;
                }
+               case TCG_PTS_REQ_FILE_META:
+               {
+                       tcg_pts_attr_req_file_meta_t *attr_cast;
+                       char *pathname;
+                       bool is_directory;
+                       u_int8_t delimiter;
+                       pts_file_meta_t *metadata;
+
+                       attr_info = attr->get_value(attr);
+                       attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
+                       is_directory = attr_cast->get_directory_flag(attr_cast);
+                       delimiter = attr_cast->get_delimiter(attr_cast);
+                       pathname = attr_cast->get_pathname(attr_cast);
+
+                       valid_path = pts->is_path_valid(pts, pathname, &pts_error);
+                       if (valid_path && pts_error)
+                       {
+                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               pts_error, attr_info);
+                               attr_list->insert_last(attr_list, attr);
+                               break;
+                       }
+                       else if (!valid_path)
+                       {
+                               break;
+                       }
+                       if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
+                       {
+                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               TCG_PTS_INVALID_DELIMITER, attr_info);
+                               attr_list->insert_last(attr_list, attr);
+                               break;
+                       }
+                       /* Get File Metadata and send them to PTS-IMV */
+                       DBG2(DBG_IMC, "metadata request for %s '%s'",
+                                       is_directory ? "directory" : "file",
+                                       pathname);
+                       metadata = pts->get_metadata(pts, pathname, is_directory);
+
+                       if (!metadata)
+                       {
+                               /* TODO handle error codes from measurements */
+                               return FALSE;
+                       }
+                       attr = tcg_pts_attr_unix_file_meta_create(metadata);
+                       attr->set_noskip_flag(attr, TRUE);
+                       attr_list->insert_last(attr_list, attr);
+
+                       break;
+               }
+               case TCG_PTS_REQ_FILE_MEAS:
+               {
+                       tcg_pts_attr_req_file_meas_t *attr_cast;
+                       char *pathname;
+                       u_int16_t request_id;
+                       bool is_directory;
+                       u_int32_t delimiter;
+                       pts_file_meas_t *measurements;
+
+                       attr_info = attr->get_value(attr);
+                       attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
+                       is_directory = attr_cast->get_directory_flag(attr_cast);
+                       request_id = attr_cast->get_request_id(attr_cast);
+                       delimiter = attr_cast->get_delimiter(attr_cast);
+                       pathname = attr_cast->get_pathname(attr_cast);
+                       valid_path = pts->is_path_valid(pts, pathname, &pts_error);
+
+                       if (valid_path && pts_error)
+                       {
+                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               pts_error, attr_info);
+                               attr_list->insert_last(attr_list, attr);
+                               break;
+                       }
+                       else if (!valid_path)
+                       {
+                               break;
+                       }
+
+                       if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
+                       {
+                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
+                                                                               TCG_PTS_INVALID_DELIMITER, attr_info);
+                               attr_list->insert_last(attr_list, attr);
+                               break;
+                       }
+
+                       /* Do PTS File Measurements and send them to PTS-IMV */
+                       DBG2(DBG_IMC, "measurement request %d for %s '%s'",
+                                request_id, is_directory ? "directory" : "file",
+                                pathname);
+                       measurements = pts->do_measurements(pts, request_id,
+                                                                       pathname, is_directory);
+                       if (!measurements)
+                       {
+                               /* TODO handle error codes from measurements */
+                               return FALSE;
+                       }
+                       attr = tcg_pts_attr_file_meas_create(measurements);
+                       attr->set_noskip_flag(attr, TRUE);
+                       attr_list->insert_last(attr_list, attr);
+                       break;
+               }
                case TCG_PTS_REQ_FUNCT_COMP_EVID:
                {
                        tcg_pts_attr_req_funct_comp_evid_t *attr_cast;
@@ -514,7 +617,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                                                  "for Simple Component Evidence");
                                        return FALSE;
                                }
-                               
+
                                /* Get PCR after value from log when TBOOT is measuring entity */
                                if (!(name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY ||
                                                name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE) &&
@@ -524,7 +627,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                                 params.extended_pcr);
                                        return FALSE;
                                }
-                               
+
                                /* Buffer Simple Component Evidence attribute */
                                attr = tcg_pts_attr_simple_comp_evid_create(params);
                                evidences->insert_last(evidences, attr);
@@ -552,13 +655,13 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                        /* Send buffered Simple Component Evidences */
                        num_of_evidences = evidences->get_count(evidences);
                        pcrs = (u_int32_t*)malloc(sizeof(u_int32_t)*num_of_evidences);
-                       
+
                        e = evidences->create_enumerator(evidences);
                        while (e->enumerate(e, &attr))
                        {
                                tcg_pts_attr_simple_comp_evid_t *attr_cast;
                                u_int32_t extended_pcr;
-                                               
+
                                attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
                                extended_pcr = attr_cast->get_extended_pcr(attr_cast);
 
@@ -573,7 +676,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                        use_quote2 = (lib->settings->get_int(lib->settings,
                                        "libimcv.plugins.imc-attestation.quote_version", 1) == 1) ?
                                                        FALSE : TRUE;
-                       
+
                        /* Quote */
                        if (!pts->quote_tpm(pts, use_quote2, pcrs, num_of_evidences,
                                &pcr_composite, &quote_signature))
@@ -583,123 +686,20 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                DESTROY_IF(evidences);
                                return FALSE;
                        }
-       
+
                        /* Send Simple Evidence Final attribute */
                        flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO2:
                                                                 PTS_SIMPLE_EVID_FINAL_FLAG_TPM_QUOTE_INFO;
                        composite_algorithm |= PTS_MEAS_ALGO_SHA1;
-                       
+
                        attr = tcg_pts_attr_simple_evid_final_create(FALSE, flags,
                                                                composite_algorithm, pcr_composite,
                                                                quote_signature, chunk_empty);
                        attr_list->insert_last(attr_list, attr);
-                                       
+
                        DESTROY_IF(e);
                        DESTROY_IF(evidences);
-                                       
-                       break;
-               }
-               case TCG_PTS_REQ_FILE_META:
-               {
-                       tcg_pts_attr_req_file_meta_t *attr_cast;
-                       char *pathname;
-                       bool is_directory;
-                       u_int8_t delimiter;
-                       pts_file_meta_t *metadata;
-
-                       attr_info = attr->get_value(attr);
-                       attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
-                       is_directory = attr_cast->get_directory_flag(attr_cast);
-                       delimiter = attr_cast->get_delimiter(attr_cast);
-                       pathname = attr_cast->get_pathname(attr_cast);
-
-                       valid_path = pts->is_path_valid(pts, pathname, &pts_error);
-                       if (valid_path && pts_error)
-                       {
-                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                               pts_error, attr_info);
-                               attr_list->insert_last(attr_list, attr);
-                               break;
-                       }
-                       else if (!valid_path)
-                       {
-                               break;
-                       }
-                       if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
-                       {
-                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                               TCG_PTS_INVALID_DELIMITER, attr_info);
-                               attr_list->insert_last(attr_list, attr);
-                               break;
-                       }
-                       /* Get File Metadata and send them to PTS-IMV */
-                       DBG2(DBG_IMC, "metadata request for %s '%s'",
-                                       is_directory ? "directory" : "file",
-                                       pathname);
-                       metadata = pts->get_metadata(pts, pathname, is_directory);
-
-                       if (!metadata)
-                       {
-                               /* TODO handle error codes from measurements */
-                               return FALSE;
-                       }
-                       attr = tcg_pts_attr_unix_file_meta_create(metadata);
-                       attr->set_noskip_flag(attr, TRUE);
-                       attr_list->insert_last(attr_list, attr);
-
-                       break;
-               }
-               case TCG_PTS_REQ_FILE_MEAS:
-               {
-                       tcg_pts_attr_req_file_meas_t *attr_cast;
-                       char *pathname;
-                       u_int16_t request_id;
-                       bool is_directory;
-                       u_int32_t delimiter;
-                       pts_file_meas_t *measurements;
-
-                       attr_info = attr->get_value(attr);
-                       attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
-                       is_directory = attr_cast->get_directory_flag(attr_cast);
-                       request_id = attr_cast->get_request_id(attr_cast);
-                       delimiter = attr_cast->get_delimiter(attr_cast);
-                       pathname = attr_cast->get_pathname(attr_cast);
-                       valid_path = pts->is_path_valid(pts, pathname, &pts_error);
-
-                       if (valid_path && pts_error)
-                       {
-                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                               pts_error, attr_info);
-                               attr_list->insert_last(attr_list, attr);
-                               break;
-                       }
-                       else if (!valid_path)
-                       {
-                               break;
-                       }
-
-                       if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
-                       {
-                               attr = ietf_attr_pa_tnc_error_create(PEN_TCG,
-                                                                               TCG_PTS_INVALID_DELIMITER, attr_info);
-                               attr_list->insert_last(attr_list, attr);
-                               break;
-                       }
 
-                       /* Do PTS File Measurements and send them to PTS-IMV */
-                       DBG2(DBG_IMC, "measurement request %d for %s '%s'",
-                                request_id, is_directory ? "directory" : "file",
-                                pathname);
-                       measurements = pts->do_measurements(pts, request_id,
-                                                                       pathname, is_directory);
-                       if (!measurements)
-                       {
-                               /* TODO handle error codes from measurements */
-                               return FALSE;
-                       }
-                       attr = tcg_pts_attr_file_meas_create(measurements);
-                       attr->set_noskip_flag(attr, TRUE);
-                       attr_list->insert_last(attr_list, attr);
                        break;
                }
                /* TODO: Not implemented yet */
index 83568fe..3f21afa 100644 (file)
@@ -211,6 +211,8 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
                        u_int32_t sub_comp_depth;
                        pts_qualifier_t qualifier;
                        pts_ita_funct_comp_name_t name;
+                       enumerator_t *enumerator;
+                       char *platform_info, *pathname;
 
                        attestation_state->set_handshake_state(attestation_state,
                                                                                IMV_ATTESTATION_STATE_END);
@@ -221,29 +223,59 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
                        qualifier.sub_component = FALSE;
                        qualifier.type = PTS_ITA_FUNC_COMP_TYPE_TRUSTED;
 
-                       /* Send Request Functional Component Evidence attribute */
-                       name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY;
-                       attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
-                                                                       sub_comp_depth, PEN_ITA, qualifier, name);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-                       attestation_state->add_comp_evid_request( attestation_state,
-                                                                                                         PEN_ITA, qualifier, name);
+                       /* Get Platform and OS of the PTS-IMC */
+                       platform_info = pts->get_platform_info(pts);
+                       if (!pts_db || !platform_info)
+                       {
+                               DBG1(DBG_IMV, "%s%s%s not available",
+                                       (pts_db) ? "" : "pts database",
+                                       (!pts_db && !platform_info) ? "and" : "",
+                                       (platform_info) ? "" : "platform info");
+                               break;
+                       }
+                       DBG1(DBG_IMV, "platform is '%s'", platform_info);
+
                        
-                       /* Send Request Functional Component Evidence attribute */
-                       name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE;
-                       attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
+                       enumerator = pts_db->create_comp_evid_enumerator(pts_db,
+                                                                                                                        platform_info);
+                       if (!enumerator)
+                       {
+                               break;
+                       }
+                       while (enumerator->enumerate(enumerator, &pathname))
+                       {
+                               if (strcmp(pathname, TBOOT_POLICY_STR) == 0)
+                               {
+                                       name = PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY;
+                               }
+                               else if (strcmp(pathname, TBOOT_MLE_STR) == 0)
+                               {
+                                       name = PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE;
+                               }
+                               else
+                               {
+                                       DBG1(DBG_IMV, "Unknown functional component name: \"%s\"",
+                                                pathname);
+                                       enumerator->destroy(enumerator);
+                                       return FALSE;
+                               }
+
+                               /* Send Request Functional Component Evidence attribute */
+                               attr = tcg_pts_attr_req_funct_comp_evid_create(flags,
                                                                        sub_comp_depth, PEN_ITA, qualifier, name);
-                       attr->set_noskip_flag(attr, TRUE);
-                       msg->add_attribute(msg, attr);
-                       attestation_state->add_comp_evid_request(attestation_state,
-                                                                                                        PEN_ITA, qualifier, name);
+                               attr->set_noskip_flag(attr, TRUE);
+                               msg->add_attribute(msg, attr);
+                               attestation_state->add_comp_evid_request( attestation_state,
+                                                                        PEN_ITA, qualifier, name);
+                       }
+                       enumerator->destroy(enumerator);
+                       
                        
                        /* Send Generate Attestation Evidence attribute */
                        attr = tcg_pts_attr_gen_attest_evid_create();
                        attr->set_noskip_flag(attr, TRUE);
                        msg->add_attribute(msg, attr);
-
+                       
                        break;
                }
                default:
index 6c19d6b..28b1c15 100644 (file)
@@ -177,10 +177,93 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                        pts->set_aik(pts, aik);
                        break;
                }
+               case TCG_PTS_FILE_MEAS:
+               {
+                       tcg_pts_attr_file_meas_t *attr_cast;
+                       u_int16_t request_id;
+                       int file_count, file_id;
+                       pts_meas_algorithms_t algo;
+                       pts_file_meas_t *measurements;
+                       char *platform_info;
+                       enumerator_t *e_hash;
+                       bool is_dir;
+
+                       platform_info = pts->get_platform_info(pts);
+                       if (!pts_db || !platform_info)
+                       {
+                               DBG1(DBG_IMV, "%s%s%s not available",
+                                       (pts_db) ? "" : "pts database",
+                                       (!pts_db && !platform_info) ? "and" : "",
+                                       (platform_info) ? "" : "platform info");
+                               break;
+                       }
+
+                       attr_cast = (tcg_pts_attr_file_meas_t*)attr;
+                       measurements = attr_cast->get_measurements(attr_cast);
+                       algo = pts->get_meas_algorithm(pts);
+                       request_id = measurements->get_request_id(measurements);
+                       file_count = measurements->get_file_count(measurements);
+
+                       DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
+                                request_id, file_count, (file_count == 1) ? "":"s");
+
+                       if (!attestation_state->check_off_file_meas_request(attestation_state,
+                               request_id, &file_id, &is_dir))
+                       {
+                               DBG1(DBG_IMV, "  no entry found for file measurement request %d",
+                                        request_id);
+                               break;
+                       }
+
+                       /* check hashes from database against measurements */
+                       e_hash = pts_db->create_hash_enumerator(pts_db,
+                                                       platform_info, algo, file_id, is_dir);
+                       if (!measurements->verify(measurements, e_hash, is_dir))
+                       {
+                               attestation_state->set_measurement_error(attestation_state);
+                       }
+                       e_hash->destroy(e_hash);
+                       break;
+               }
+               case TCG_PTS_UNIX_FILE_META:
+               {
+                       tcg_pts_attr_file_meta_t *attr_cast;
+                       int file_count;
+                       pts_file_meta_t *metadata;
+                       pts_file_metadata_t *entry;
+                       time_t created, modified, accessed;
+                       bool utc = FALSE;
+                       enumerator_t *e;
+
+                       attr_cast = (tcg_pts_attr_file_meta_t*)attr;
+                       metadata = attr_cast->get_metadata(attr_cast);
+                       file_count = metadata->get_file_count(metadata);
+
+                       DBG1(DBG_IMV, "metadata request returned %d file%s:",
+                                file_count, (file_count == 1) ? "":"s");
+
+                       e = metadata->create_enumerator(metadata);
+                       while (e->enumerate(e, &entry))
+                       {
+                               DBG1(DBG_IMV, " '%s' (%"PRIu64" bytes)"
+                                                         " owner %"PRIu64", group %"PRIu64", type %N",
+                                        entry->filename, entry->filesize, entry->owner,
+                                        entry->group, pts_file_type_names, entry->type);
+
+                               created = entry->created;
+                               modified = entry->modified;
+                               accessed = entry->accessed;
+
+                               DBG1(DBG_IMV, "    created %T, modified %T, accessed %T",
+                                        &created, utc, &modified, utc, &accessed, utc);
+                       }
+                       e->destroy(e);
+                       break;
+               }
                case TCG_PTS_SIMPLE_COMP_EVID:
                {
                        tcg_pts_attr_simple_comp_evid_t *attr_cast;
-                       bool pcr_info_inclided;
+                       bool pcr_info_inclided, component_meas_error = FALSE;
                        pts_attr_simple_comp_evid_flag_t flags;
                        u_int32_t depth, comp_vendor_id, extended_pcr;
                        u_int8_t family, measurement_type;
@@ -189,8 +272,11 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                        pts_meas_algorithms_t hash_algorithm;
                        pts_pcr_transform_t transformation;
                        chunk_t measurement_time, policy_uri;
-                       chunk_t pcr_before, pcr_after, measurement;
-                                       
+                       chunk_t pcr_before, pcr_after, measurement, comp_hash;
+                       enumerator_t *enumerator;
+                       char *platform_info;
+                       const char *component_name;
+
                        attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
                        attr_info = attr->get_value(attr);
 
@@ -243,12 +329,64 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                DBG1(DBG_IMV, "  no entry found for component evidence request");
                                break;
                        }
-                       
+
                        measurement_type = attr_cast->get_measurement_type(attr_cast);
                        hash_algorithm = attr_cast->get_hash_algorithm(attr_cast);
                        transformation = attr_cast->get_pcr_trans(attr_cast);
                        measurement_time = attr_cast->get_measurement_time(attr_cast);
+                       measurement = attr_cast->get_comp_measurement(attr_cast);
+
+                       platform_info = pts->get_platform_info(pts);
+                       if (!pts_db || !platform_info)
+                       {
+                               DBG1(DBG_IMV, "%s%s%s not available",
+                                       (pts_db) ? "" : "pts database",
+                                       (!pts_db && !platform_info) ? "and" : "",
+                                       (platform_info) ? "" : "platform info");
+                               break;
+                       }
 
+                       if (name == PTS_ITA_FUNC_COMP_NAME_TBOOT_POLICY)
+                       {
+                               component_name = TBOOT_POLICY_STR;
+                       }
+                       else if (name == PTS_ITA_FUNC_COMP_NAME_TBOOT_MLE)
+                       {
+                               component_name = TBOOT_MLE_STR;
+                       }
+                       else
+                       {
+                                       DBG1(DBG_IMV, "Unknown functional component name: \"%d\"",
+                                                name);
+                                       return FALSE;
+                       }
+                       enumerator = pts_db->create_comp_hash_enumerator(pts_db,
+                                       platform_info, PTS_MEAS_ALGO_SHA1, (char *)component_name);
+                       if (!enumerator)
+                       {
+                               break;
+                       }
+                       while (enumerator->enumerate(enumerator, &comp_hash))
+                       {
+                               if (!chunk_equals(comp_hash, measurement))
+                               {
+                                       DBG1(DBG_IMV, "Unmatching Functional Component Measurement:"
+                                                       "%B, expected: %B", &measurement, &comp_hash);
+                                       component_meas_error = TRUE;
+                               }
+                               else
+                               {
+                                       DBG2(DBG_IMV, "Matching Functional Component Measurement:"
+                                                       "%B, expected: %B", &measurement, &comp_hash);
+                               }
+                       }
+                       enumerator->destroy(enumerator);
+
+                       if (component_meas_error)
+                       {
+                               attestation_state->set_measurement_error(attestation_state);
+                       }
+                       
                        /* Call getters of optional fields when corresponding flag is set */
                        if (pcr_info_inclided)
                        {
@@ -257,8 +395,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                extended_pcr = attr_cast->get_extended_pcr(attr_cast);
                                pcr_before = attr_cast->get_pcr_before_value(attr_cast);
                                pcr_after = attr_cast->get_pcr_after_value(attr_cast);
-                               measurement = attr_cast->get_comp_measurement(attr_cast);
-
+                               
                                DBG3(DBG_IMV,"PCR: %d was extended with %B",
                                         extended_pcr, &measurement);
                                DBG3(DBG_IMV,"PCR: %d before value: %B",
@@ -291,11 +428,11 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                        bool evid_signature_included = FALSE, use_quote2 = FALSE,
                                                                                                ver_info_included = FALSE;
                        chunk_t pcr_composite, quote_info;
-                       
+
                        attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
                        evid_signature_included = attr_cast->is_evid_sign_included(attr_cast);
                        flags = attr_cast->get_flags(attr_cast);
-                       
+
                        /** Optional Composite Hash Algorithm field is always present
                         * Field has value of all zeroes if not used.
                         * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
@@ -366,85 +503,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 
                        break;
                }
-               case TCG_PTS_FILE_MEAS:
-               {
-                       tcg_pts_attr_file_meas_t *attr_cast;
-                       u_int16_t request_id;
-                       int file_count, file_id;
-                       pts_meas_algorithms_t algo;
-                       pts_file_meas_t *measurements;
-                       char *platform_info;
-                       enumerator_t *e_hash;
-                       bool is_dir;
-
-                       platform_info = pts->get_platform_info(pts);
-                       if (!pts_db || !platform_info)
-                       {
-                               break;
-                       }
-
-                       attr_cast = (tcg_pts_attr_file_meas_t*)attr;
-                       measurements = attr_cast->get_measurements(attr_cast);
-                       algo = pts->get_meas_algorithm(pts);
-                       request_id = measurements->get_request_id(measurements);
-                       file_count = measurements->get_file_count(measurements);
-
-                       DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
-                                request_id, file_count, (file_count == 1) ? "":"s");
-
-                       if (!attestation_state->check_off_file_meas_request(attestation_state,
-                               request_id, &file_id, &is_dir))
-                       {
-                               DBG1(DBG_IMV, "  no entry found for file measurement request %d",
-                                        request_id);
-                               break;
-                       }
-
-                       /* check hashes from database against measurements */
-                       e_hash = pts_db->create_hash_enumerator(pts_db,
-                                                       platform_info, algo, file_id, is_dir);
-                       if (!measurements->verify(measurements, e_hash, is_dir))
-                       {
-                               attestation_state->set_measurement_error(attestation_state);
-                       }
-                       e_hash->destroy(e_hash);
-                       break;
-               }
-               case TCG_PTS_UNIX_FILE_META:
-               {
-                       tcg_pts_attr_file_meta_t *attr_cast;
-                       int file_count;
-                       pts_file_meta_t *metadata;
-                       pts_file_metadata_t *entry;
-                       time_t created, modified, accessed;
-                       bool utc = FALSE;
-                       enumerator_t *e;
-
-                       attr_cast = (tcg_pts_attr_file_meta_t*)attr;
-                       metadata = attr_cast->get_metadata(attr_cast);
-                       file_count = metadata->get_file_count(metadata);
-
-                       DBG1(DBG_IMV, "metadata request returned %d file%s:",
-                                file_count, (file_count == 1) ? "":"s");
-
-                       e = metadata->create_enumerator(metadata);
-                       while (e->enumerate(e, &entry))
-                       {
-                               DBG1(DBG_IMV, " '%s' (%"PRIu64" bytes)"
-                                                         " owner %"PRIu64", group %"PRIu64", type %N",
-                                        entry->filename, entry->filesize, entry->owner,
-                                        entry->group, pts_file_type_names, entry->type);
-
-                               created = entry->created;
-                               modified = entry->modified;
-                               accessed = entry->accessed;
-
-                               DBG1(DBG_IMV, "    created %T, modified %T, accessed %T",
-                                        &created, utc, &modified, utc, &accessed, utc);
-                       }
-                       e->destroy(e);
-                       break;
-               }
 
                /* TODO: Not implemented yet */
                case TCG_PTS_INTEG_MEAS_LOG:
index 6028e2e..af49de7 100644 (file)
@@ -60,6 +60,8 @@ typedef struct pcr_entry_t pcr_entry_t;
 #define PCR_TGRUB_CHECKFILE                            13
 #define PCR_TGRUB_LOADED_FILES                 14
 
+#define TBOOT_POLICY_STR                               (const char *)("tboot_pcr17")
+#define TBOOT_MLE_STR                                  (const char *)("tboot_pcr18")
 
 /**
  * Length of the generated nonce used for calculation of shared secret
index 1e5602b..6b5393b 100644 (file)
@@ -76,11 +76,11 @@ METHOD(pts_database_t, create_comp_evid_enumerator, enumerator_t*,
 
        /* look for all entries belonging to a product in the files table */
        e = this->db->query(this->db,
-                               "SELECT f.type, f.path FROM files AS f "
+                               "SELECT f.path FROM files AS f "
                                "JOIN product_file AS pf ON f.id = pf.file "
                                "JOIN products AS p ON p.id = pf.product "
                                "WHERE p.name = ? AND f.component = 1",
-                               DB_TEXT, product, DB_INT, DB_TEXT);
+                               DB_TEXT, product, DB_TEXT);
        return e;
 }