u_int32_t delimiter = SOLIDUS_UTF;
char *platform_info, *pathname;
int id, type;
- bool is_directory;
+ bool is_dir;
/* Does the PTS-IMC have TPM support? */
if (pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T)
}
while (enumerator->enumerate(enumerator, &id, &type, &pathname))
{
- is_directory = (type != 0);
+ is_dir = (type != 0);
DBG2(DBG_IMV, "measurement request %d for %s '%s'",
- id, is_directory ? "directory" : "file", pathname);
- attr = tcg_pts_attr_req_file_meas_create(is_directory, id,
- delimiter, pathname);
+ id, is_dir ? "directory" : "file", pathname);
+ attr = tcg_pts_attr_req_file_meas_create(is_dir, id, delimiter,
+ pathname);
attr->set_noskip_flag(attr, TRUE);
msg->add_attribute(msg, attr);
- attestation_state->add_requested_file(attestation_state, id , type);
+ attestation_state->add_request(attestation_state, id , is_dir);
}
enumerator->destroy(enumerator);
chunk_t measurement;
char *platform_info, *filename;
enumerator_t *e_meas;
- bool is_directory;
+ bool is_dir;
linked_list_t *files_in_dir_with_meas;
files_in_dir_with_meas = linked_list_create();
DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
request_id, file_count, (file_count == 1) ? "":"s");
- if (!attestation_state->is_request_dir(attestation_state, request_id, &is_directory))
+ if (!attestation_state->check_off_request(attestation_state,
+ request_id, &is_dir))
{
- DBG1(DBG_IMV, "received measurement with id: %d was not requested", request_id);
- fatal_error = TRUE;
+ DBG1(DBG_IMV, " no entry found for this request");
break;
}
- if (!is_directory)
- {
- attestation_state->remove_requested_file(attestation_state, request_id);
- }
- else
+ if (is_dir)
{
enumerator_t *e;
char *file;
e_meas = measurements->create_enumerator(measurements);
while (e_meas->enumerate(e_meas, &filename, &measurement))
{
- bool hash_matched;
-
- hash_matched = pts_db->check_measurement(pts_db,
- measurement, platform_info,
- request_id, filename, algo, is_directory);
- if (!hash_matched)
+ bool hash_match;
+
+ hash_match = pts_db->check_measurement(pts_db, measurement,
+ platform_info, request_id, filename, algo, is_dir);
+
+ if (!hash_match)
{
measurement_error = TRUE;
}
-
- if (is_directory &&
- files_in_dir_with_meas->remove(files_in_dir_with_meas,
- filename, (bool (*)(void*,void*))string_cmp))
+
+ if (is_dir && files_in_dir_with_meas->remove(files_in_dir_with_meas,
+ filename, (bool (*)(void*,void*))string_equals))
{
DBG3(DBG_IMV, "Removed %s from expected files list", filename);
}
}
- if (is_directory &&
+ if (is_dir &&
!files_in_dir_with_meas->get_count(files_in_dir_with_meas))
{
- attestation_state->remove_requested_file(attestation_state, request_id);
- DBG3(DBG_IMV, "Received all expected files measured for request: %d", request_id);
+ DBG3(DBG_IMV, "recevied all expected file measurements for request: %d", request_id);
}
files_in_dir_with_meas->destroy_function(files_in_dir_with_meas, free);
if (attestation_state->get_handshake_state(attestation_state) &
IMV_ATTESTATION_STATE_END)
- {
- if (measurement_error || attestation_state->get_requests_count(attestation_state))
+ {
+ if (attestation_state->get_request_count(attestation_state))
+ {
+ DBG1(DBG_IMV, "failure due to %d pending file measurements",
+ attestation_state->get_request_count(attestation_state));
+ measurement_error = TRUE;
+ }
+ if (measurement_error)
{
- file_request_t *entry;
- enumerator_t *e;
- int request;
-
- e = attestation_state->create_requests_enumerator(attestation_state);
- while (e->enumerate(e, &request))
- {
- DBG1(DBG_IMV, "%s measurement not received for request: %d",
- (entry->is_dir) ? "Directory" : "File", entry->request_id);
- }
- e->destroy(e);
-
state->set_recommendation(state,
TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR);
#include "imv_attestation_state.h"
#include <utils/lexparser.h>
+#include <utils/linked_list.h>
#include <debug.h>
typedef struct private_imv_attestation_state_t private_imv_attestation_state_t;
+typedef struct request_t request_t;
+
+/**
+ * PTS File/Directory Measurement request entry
+ */
+struct request_t {
+ int id;
+ bool is_dir;
+};
/**
* Private data of an imv_attestation_state_t object.
TNC_IMV_Evaluation_Result eval;
/**
- * PTS object
+ * List of PTS File/Directory Measurement requests
*/
- pts_t *pts;
+ linked_list_t *requests;
/**
- * Requested files and directories
+ * PTS object
*/
- linked_list_t *requested_files;
+ pts_t *pts;
};
METHOD(imv_state_t, destroy, void,
private_imv_attestation_state_t *this)
{
+ this->requests->destroy_function(this->requests, free);
this->pts->destroy(this->pts);
- this->requested_files->destroy_function(this->requested_files, free);
free(this);
}
return this->pts;
}
-METHOD(imv_attestation_state_t, create_requests_enumerator, enumerator_t*,
- private_imv_attestation_state_t *this)
+METHOD(imv_attestation_state_t, add_request, void,
+ private_imv_attestation_state_t *this, int id, bool is_dir)
{
- enumerator_t *e;
- e = this->requested_files->create_enumerator(this->requested_files);
- return e;
-}
+ request_t *request;
-METHOD(imv_attestation_state_t, get_requests_count, int,
- private_imv_attestation_state_t *this)
-{
- return this->requested_files->get_count(this->requested_files);
+ request = malloc_thing(request_t);
+ request->id = id;
+ request->is_dir = is_dir;
+ this->requests->insert_last(this->requests, request);
}
-
-METHOD(imv_attestation_state_t, add_requested_file, void,
- private_imv_attestation_state_t *this, int request_id, int is_dir)
+METHOD(imv_attestation_state_t, check_off_request, bool,
+ private_imv_attestation_state_t *this, int id, bool* is_dir)
{
- file_request_t *entry;
-
- entry = malloc_thing(file_request_t);
- entry->request_id = request_id;
- entry->is_dir = is_dir;
- this->requested_files->insert_last(this->requested_files, entry);
-}
-
-/**
- * Comparison function to match an file request entry with its request_id
- */
-static bool request_match(file_request_t *current_list_item, int request_id)
-{
- return (current_list_item->request_id == request_id);
-}
-
-METHOD(imv_attestation_state_t, remove_requested_file, bool,
- private_imv_attestation_state_t *this, int request_id)
-{
- file_request_t *entry;
-
- if (this->requested_files->find_first(this->requested_files,
- (linked_list_match_t)request_match, (void**)&entry, request_id) != SUCCESS)
+ enumerator_t *enumerator;
+ request_t *request;
+ bool found = FALSE;
+
+ enumerator = this->requests->create_enumerator(this->requests);
+ while (enumerator->enumerate(enumerator, &request))
{
- DBG1(DBG_IMV, "request entry with id: %d not found", request_id);
- return FALSE;
+ if (request->id == id)
+ {
+ found = TRUE;
+ *is_dir = request->is_dir;
+ this->requests->remove_at(this->requests, enumerator);
+ free(request);
+ break;
+ }
}
-
- this->requested_files->remove(this->requested_files, entry, NULL);
- return TRUE;
+ enumerator->destroy(enumerator);
+ return found;
}
-METHOD(imv_attestation_state_t, is_request_dir, bool,
- private_imv_attestation_state_t *this, int request_id, bool *is_dir)
+METHOD(imv_attestation_state_t, get_request_count, int,
+ private_imv_attestation_state_t *this)
{
- file_request_t *entry;
-
- if (this->requested_files->find_first(this->requested_files,
- (linked_list_match_t)request_match, (void**)&entry, request_id) != SUCCESS)
- {
- DBG1(DBG_IMV, "request entry with id: %d not found", request_id);
- return FALSE;
- }
-
- *is_dir = (entry->is_dir);
- return TRUE;
+ return this->requests->get_count(this->requests);
}
-
/**
* Described in header.
*/
.get_handshake_state = _get_handshake_state,
.set_handshake_state = _set_handshake_state,
.get_pts = _get_pts,
- .create_requests_enumerator = _create_requests_enumerator,
- .get_requests_count = _get_requests_count,
- .add_requested_file = _add_requested_file,
- .remove_requested_file = _remove_requested_file,
- .is_request_dir = _is_request_dir,
+ .add_request = _add_request,
+ .check_off_request = _check_off_request,
+ .get_request_count = _get_request_count,
},
.connection_id = connection_id,
.state = TNC_CONNECTION_STATE_CREATE,
.handshake_state = IMV_ATTESTATION_STATE_INIT,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+ .requests = linked_list_create(),
.pts = pts_create(FALSE),
- .requested_files = linked_list_create(),
);
platform_info = lib->settings->get_str(lib->settings,
#include <imv/imv_state.h>
#include <tcg/pts/pts.h>
#include <library.h>
-#include <utils/linked_list.h>
typedef struct imv_attestation_state_t imv_attestation_state_t;
typedef enum imv_attestation_handshake_state_t imv_attestation_handshake_state_t;
-typedef struct file_request_t file_request_t;
/**
* IMV Attestation Handshake States (state machine)
};
/**
- * Defines an structure to hold requested file/directory
- */
-struct file_request_t {
- int request_id;
- int is_dir;
-};
-
-/**
* Internal state of an imv_attestation_t connection instance
*/
struct imv_attestation_state_t {
pts_t* (*get_pts)(imv_attestation_state_t *this);
/**
- * Add an entry to list of requested files/directories
+ * Add an entry to the list of pending file/directory measurement requests
*
- * @param request_id unique request id
- * @param is_dir 0 for file and 1 for directory
+ * @param id unique request ID
+ * @param is_dir TRUE if directory
*/
- void (*add_requested_file)(imv_attestation_state_t *this, int request_id, int is_dir);
+ void (*add_request)(imv_attestation_state_t *this, int id, bool is_dir);
/**
- * Creates enumerator over the list of requested file/directories
+ * Returns the number of pending file/directory measurement requests
*
- * @return enumerator over requested files/directories list
+ * @return number of pending requests
*/
- enumerator_t* (*create_requests_enumerator)(imv_attestation_state_t *this);
+ int (*get_request_count)(imv_attestation_state_t *this);
/**
- * Returns number of entries in the list of requested file/directories
+ * Check for presence of request_id and if found remove it from the list
*
- * @return number of entries in the list of requested file/directories
+ * @param id unique request ID
+ * @param is_dir return TRUE if request was for a directory
+ * @return TRUE if request ID found, FALSE otherwise
*/
- int (*get_requests_count)(imv_attestation_state_t *this);
+ bool (*check_off_request)(imv_attestation_state_t *this, int id,
+ bool *is_dir);
- /**
- * Removes an entry with matching request_id from list of requested files/directories
- *
- * @param request_id unique request id
- * @return TRUE if request entry found, FALSE otherwise
- */
- bool (*remove_requested_file)(imv_attestation_state_t *this, int request_id);
-
- /**
- * Returns TRUE if entry with given ID is directory and FALSE otherwise
- *
- * @param request_id unique request id
- * @return TRUE if request entry found, FALSE otherwise
- */
- bool (*is_request_dir)(imv_attestation_state_t *this, int request_id, bool *is_dir);
};
/**