refactored file measurement request list
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 7 Sep 2011 20:39:03 +0000 (22:39 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 8 Sep 2011 10:19:42 +0000 (12:19 +0200)
src/libimcv/plugins/imv_attestation/imv_attestation.c
src/libimcv/plugins/imv_attestation/imv_attestation_state.c
src/libimcv/plugins/imv_attestation/imv_attestation_state.h

index eb958f9..4a87e87 100644 (file)
@@ -240,7 +240,7 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
                        u_int32_t delimiter = SOLIDUS_UTF;
                        char *platform_info, *pathname;
                        int id, type;
-                       bool is_directory;
+                       bool is_dir;
 
                        /* Does the PTS-IMC have TPM support? */
                        if (pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T)
@@ -277,14 +277,14 @@ static TNC_Result send_message(TNC_ConnectionID connection_id)
                        }
                        while (enumerator->enumerate(enumerator, &id, &type, &pathname))
                        {
-                               is_directory = (type != 0);
+                               is_dir = (type != 0);
                                DBG2(DBG_IMV, "measurement request %d for %s '%s'",
-                                        id, is_directory ? "directory" : "file", pathname);
-                               attr = tcg_pts_attr_req_file_meas_create(is_directory, id,
-                                                                                                       delimiter, pathname);
+                                        id, is_dir ? "directory" : "file", pathname);
+                               attr = tcg_pts_attr_req_file_meas_create(is_dir, id, delimiter,
+                                                                                                                pathname);
                                attr->set_noskip_flag(attr, TRUE);
                                msg->add_attribute(msg, attr);
-                               attestation_state->add_requested_file(attestation_state, id , type);
+                               attestation_state->add_request(attestation_state, id , is_dir);
                        }
                        enumerator->destroy(enumerator);
 
@@ -491,7 +491,7 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
                                        chunk_t measurement;
                                        char *platform_info, *filename;
                                        enumerator_t *e_meas;
-                                       bool is_directory;
+                                       bool is_dir;
                                        linked_list_t *files_in_dir_with_meas;
 
                                        files_in_dir_with_meas = linked_list_create();
@@ -510,17 +510,13 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
                                        DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
                                                 request_id, file_count, (file_count == 1) ? "":"s");
 
-                                       if (!attestation_state->is_request_dir(attestation_state, request_id, &is_directory))
+                                       if (!attestation_state->check_off_request(attestation_state,
+                                               request_id, &is_dir))
                                        {
-                                               DBG1(DBG_IMV, "received measurement with id: %d was not requested", request_id);
-                                               fatal_error = TRUE;
+                                               DBG1(DBG_IMV, "  no entry found for this request"); 
                                                break;
                                        }
-                                       if (!is_directory)
-                                       {
-                                               attestation_state->remove_requested_file(attestation_state, request_id);
-                                       }
-                                       else
+                                       if (is_dir)
                                        {
                                                enumerator_t *e;
                                                char *file;
@@ -540,29 +536,27 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
                                        e_meas = measurements->create_enumerator(measurements);
                                        while (e_meas->enumerate(e_meas, &filename, &measurement))
                                        {
-                                               bool hash_matched;
-                                               
-                                               hash_matched = pts_db->check_measurement(pts_db,
-                                                                                               measurement, platform_info,
-                                                                                               request_id, filename, algo, is_directory);
-                                               if (!hash_matched)
+                                               bool hash_match;
+
+                                               hash_match = pts_db->check_measurement(pts_db, measurement,
+                                                                               platform_info, request_id, filename, algo, is_dir);
+
+                                               if (!hash_match)
                                                {
                                                        measurement_error = TRUE;
                                                }
-                                               
-                                               if (is_directory &&
-                                                       files_in_dir_with_meas->remove(files_in_dir_with_meas,
-                                                                               filename, (bool (*)(void*,void*))string_cmp))
+
+                                               if (is_dir && files_in_dir_with_meas->remove(files_in_dir_with_meas,
+                                                                               filename, (bool (*)(void*,void*))string_equals))
                                                {
                                                        DBG3(DBG_IMV, "Removed %s from expected files list", filename);
                                                }
                                        }
 
-                                       if (is_directory && 
+                                       if (is_dir &&
                                                !files_in_dir_with_meas->get_count(files_in_dir_with_meas))
                                        {
-                                               attestation_state->remove_requested_file(attestation_state, request_id);
-                                               DBG3(DBG_IMV, "Received all expected files measured for request: %d", request_id);
+                                               DBG3(DBG_IMV, "recevied all expected file measurements for request: %d", request_id);
                                        }
 
                                        files_in_dir_with_meas->destroy_function(files_in_dir_with_meas, free);
@@ -617,21 +611,15 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
 
        if (attestation_state->get_handshake_state(attestation_state) &
                IMV_ATTESTATION_STATE_END)
-       {       
-               if (measurement_error || attestation_state->get_requests_count(attestation_state))
+       {
+               if (attestation_state->get_request_count(attestation_state))
+               {
+                       DBG1(DBG_IMV, "failure due to %d pending file measurements",
+                                attestation_state->get_request_count(attestation_state));
+                       measurement_error = TRUE;
+               }
+               if (measurement_error)
                {
-                       file_request_t *entry;
-                       enumerator_t *e;
-                       int request;
-                       
-                       e = attestation_state->create_requests_enumerator(attestation_state);
-                       while (e->enumerate(e, &request))
-                       {
-                               DBG1(DBG_IMV, "%s measurement not received for request: %d",
-                                        (entry->is_dir) ? "Directory" : "File", entry->request_id);
-                       }
-                       e->destroy(e);
-                       
                        state->set_recommendation(state,
                                                                TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
                                                                TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR);
index 00f8542..0e11f75 100644 (file)
 #include "imv_attestation_state.h"
 
 #include <utils/lexparser.h>
+#include <utils/linked_list.h>
 #include <debug.h>
 
 typedef struct private_imv_attestation_state_t private_imv_attestation_state_t;
+typedef struct request_t request_t;
+
+/**
+ * PTS File/Directory Measurement request entry
+ */
+struct request_t {
+       int id;
+       bool is_dir;
+};
 
 /**
  * Private data of an imv_attestation_state_t object.
@@ -56,14 +66,14 @@ struct private_imv_attestation_state_t {
        TNC_IMV_Evaluation_Result eval;
 
        /**
-        * PTS object
+        * List of PTS File/Directory Measurement requests
         */
-       pts_t *pts;
+       linked_list_t *requests;
 
        /**
-        * Requested files and directories
+        * PTS object
         */
-       linked_list_t *requested_files;
+       pts_t *pts;
 
 };
 
@@ -161,8 +171,8 @@ METHOD(imv_state_t, get_reason_string, bool,
 METHOD(imv_state_t, destroy, void,
        private_imv_attestation_state_t *this)
 {
+       this->requests->destroy_function(this->requests, free);
        this->pts->destroy(this->pts);
-       this->requested_files->destroy_function(this->requested_files, free);
        free(this);
 }
 
@@ -184,73 +194,46 @@ METHOD(imv_attestation_state_t, get_pts, pts_t*,
        return this->pts;
 }
 
-METHOD(imv_attestation_state_t, create_requests_enumerator, enumerator_t*,
-       private_imv_attestation_state_t *this)
+METHOD(imv_attestation_state_t, add_request, void,
+       private_imv_attestation_state_t *this, int id, bool is_dir)
 {
-       enumerator_t *e;
-       e = this->requested_files->create_enumerator(this->requested_files);
-       return e;
-}
+       request_t *request;
 
-METHOD(imv_attestation_state_t, get_requests_count, int,
-       private_imv_attestation_state_t *this)
-{
-       return this->requested_files->get_count(this->requested_files);
+       request = malloc_thing(request_t);
+       request->id = id;
+       request->is_dir = is_dir;
+       this->requests->insert_last(this->requests, request);
 }
 
-
-METHOD(imv_attestation_state_t, add_requested_file, void,
-       private_imv_attestation_state_t *this, int request_id, int is_dir)
+METHOD(imv_attestation_state_t, check_off_request, bool,
+       private_imv_attestation_state_t *this, int id, bool* is_dir)
 {
-       file_request_t *entry;
-
-       entry = malloc_thing(file_request_t);
-       entry->request_id = request_id;
-       entry->is_dir = is_dir;
-       this->requested_files->insert_last(this->requested_files, entry);
-}
-
-/**
- * Comparison function to match an file request entry with its request_id
- */
-static bool request_match(file_request_t *current_list_item, int request_id)
-{
-       return (current_list_item->request_id == request_id);
-}
-
-METHOD(imv_attestation_state_t, remove_requested_file, bool,
-       private_imv_attestation_state_t *this, int request_id)
-{
-       file_request_t *entry;
-
-       if (this->requested_files->find_first(this->requested_files,
-                       (linked_list_match_t)request_match, (void**)&entry, request_id) != SUCCESS)
+       enumerator_t *enumerator;
+       request_t *request;
+       bool found = FALSE;
+       
+       enumerator = this->requests->create_enumerator(this->requests);
+       while (enumerator->enumerate(enumerator, &request))
        {
-               DBG1(DBG_IMV, "request entry with id: %d not found", request_id);
-               return FALSE;
+               if (request->id == id)
+               {
+                       found = TRUE;
+                       *is_dir = request->is_dir;
+                       this->requests->remove_at(this->requests, enumerator);
+                       free(request);
+                       break;
+               }
        }
-
-       this->requested_files->remove(this->requested_files, entry, NULL);
-       return TRUE;
+       enumerator->destroy(enumerator);
+       return found;
 }
 
-METHOD(imv_attestation_state_t, is_request_dir, bool,
-       private_imv_attestation_state_t *this, int request_id, bool *is_dir)
+METHOD(imv_attestation_state_t, get_request_count, int,
+       private_imv_attestation_state_t *this)
 {
-       file_request_t *entry;
-
-       if (this->requested_files->find_first(this->requested_files,
-                       (linked_list_match_t)request_match, (void**)&entry, request_id) != SUCCESS)
-       {
-               DBG1(DBG_IMV, "request entry with id: %d not found", request_id);
-               return FALSE;
-       }
-       
-       *is_dir = (entry->is_dir);
-       return TRUE;
+       return this->requests->get_count(this->requests);
 }
 
-
 /**
  * Described in header.
  */
@@ -272,19 +255,17 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
                        .get_handshake_state = _get_handshake_state,
                        .set_handshake_state = _set_handshake_state,
                        .get_pts = _get_pts,
-                       .create_requests_enumerator = _create_requests_enumerator,
-                       .get_requests_count = _get_requests_count,
-                       .add_requested_file = _add_requested_file,
-                       .remove_requested_file = _remove_requested_file,
-                       .is_request_dir = _is_request_dir,
+                       .add_request = _add_request,
+                       .check_off_request = _check_off_request,
+                       .get_request_count = _get_request_count,
                },
                .connection_id = connection_id,
                .state = TNC_CONNECTION_STATE_CREATE,
                .handshake_state = IMV_ATTESTATION_STATE_INIT,
                .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
                .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+               .requests = linked_list_create(),
                .pts = pts_create(FALSE),
-               .requested_files = linked_list_create(),
        );
 
        platform_info = lib->settings->get_str(lib->settings,
index 09bf04c..44cb68e 100644 (file)
 #include <imv/imv_state.h>
 #include <tcg/pts/pts.h>
 #include <library.h>
-#include <utils/linked_list.h>
 
 typedef struct imv_attestation_state_t imv_attestation_state_t;
 typedef enum imv_attestation_handshake_state_t imv_attestation_handshake_state_t;
-typedef struct file_request_t file_request_t;
 
 /**
  * IMV Attestation Handshake States (state machine)
@@ -43,14 +41,6 @@ enum imv_attestation_handshake_state_t {
 };
 
 /**
- * Defines an structure to hold requested file/directory
- */
-struct file_request_t {
-       int request_id;
-       int is_dir;
-};
-
-/**
  * Internal state of an imv_attestation_t connection instance
  */
 struct imv_attestation_state_t {
@@ -83,42 +73,30 @@ struct imv_attestation_state_t {
        pts_t* (*get_pts)(imv_attestation_state_t *this);
 
        /**
-        * Add an entry to list of requested files/directories
+        * Add an entry to the list of pending file/directory measurement requests
         *
-        * @param request_id                            unique request id
-        * @param is_dir                                        0 for file and 1 for directory
+        * @param id                            unique request ID
+        * @param is_dir                        TRUE if directory 
         */
-       void (*add_requested_file)(imv_attestation_state_t *this, int request_id, int is_dir);
+       void (*add_request)(imv_attestation_state_t *this, int id, bool is_dir);
 
        /**
-        * Creates enumerator over the list of requested file/directories
+        * Returns the number of pending file/directory measurement requests
         *
-        * @return                                                      enumerator over requested files/directories list
+        * @return                                      number of pending requests
         */
-       enumerator_t* (*create_requests_enumerator)(imv_attestation_state_t *this);
+       int (*get_request_count)(imv_attestation_state_t *this);
 
        /**
-        * Returns number of entries in the list of requested file/directories
+        * Check for presence of request_id and if found remove it from the list
         *
-        * @return                                                      number of entries in the list of requested file/directories
+        * @param id                            unique request ID
+        * @param is_dir                        return TRUE if request was for a directory
+        * @return                                      TRUE if request ID found, FALSE otherwise
         */
-       int (*get_requests_count)(imv_attestation_state_t *this);
+       bool (*check_off_request)(imv_attestation_state_t *this, int id,
+                                                         bool *is_dir);
 
-       /**
-        * Removes an entry with matching request_id from list of requested files/directories
-        *
-        * @param request_id                            unique request id
-        * @return                                                      TRUE if request entry found, FALSE otherwise
-        */
-       bool (*remove_requested_file)(imv_attestation_state_t *this, int request_id);
-
-       /**
-        * Returns TRUE if entry with given ID is directory and FALSE otherwise
-        *
-        * @param request_id                            unique request id
-        * @return                                                      TRUE if request entry found, FALSE otherwise
-        */
-       bool (*is_request_dir)(imv_attestation_state_t *this, int request_id, bool *is_dir);
 };
 
 /**