Added result information to TPMRA workitems
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 12 Apr 2014 08:56:16 +0000 (10:56 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 15 Apr 2014 07:21:06 +0000 (09:21 +0200)
On the occasion got rid of complicated functional component stuff

src/libpts/plugins/imv_attestation/imv_attestation_agent.c
src/libpts/plugins/imv_attestation/imv_attestation_process.c
src/libpts/plugins/imv_attestation/imv_attestation_state.c
src/libpts/plugins/imv_attestation/imv_attestation_state.h
src/libpts/pts/components/ita/ita_comp_ima.c
src/libpts/pts/components/ita/ita_comp_tboot.c
src/libpts/pts/components/ita/ita_comp_tgrub.c
src/libpts/pts/components/pts_component.h

index 397f146..9e59709 100644 (file)
@@ -767,8 +767,10 @@ METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
                TNC_IMV_Action_Recommendation rec;
                imv_workitem_t *workitem;
                enumerator_t *enumerator;
-               char *result_str;
                int pending_file_meas = 0;
+               char *result_str;
+               chunk_t result_buf;
+               bio_writer_t *result;
 
                enumerator = session->create_workitem_enumerator(session);
                if (enumerator)
@@ -779,18 +781,25 @@ METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
                                {
                                        continue;
                                }
+                               result = bio_writer_create(128);
+
                                switch (workitem->get_type(workitem))
                                {
                                        case IMV_WORKITEM_FILE_REF_MEAS:
                                        case IMV_WORKITEM_FILE_MEAS:
                                        case IMV_WORKITEM_DIR_REF_MEAS:
                                        case IMV_WORKITEM_DIR_MEAS:
-                                               result_str = "Pending file measurements";
+                                               result_str = "pending file measurements";
                                                pending_file_meas++;
                                                break;
                                        case IMV_WORKITEM_TPM_ATTEST:
-                                               attestation_state->finalize_components(attestation_state);
-                                               result_str = "Pending component evidence";
+                                               attestation_state->finalize_components(attestation_state,
+                                                                                                                          result);
+                                               result->write_data(result,
+                                                               chunk_from_str("; Pending component evidence"));
+                                               result->write_uint8(result, '\0');
+                                               result_buf = result->get_buf(result);
+                                               result_str = result_buf.ptr;
                                                break;
                                        default:
                                                continue;
@@ -801,6 +810,7 @@ METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
                                state->update_recommendation(state, rec, eval);
                                imcv_db->finalize_workitem(imcv_db, workitem);
                                workitem->destroy(workitem);
+                               result->destroy(result);
                        }
                        enumerator->destroy(enumerator);
 
index 03834c7..9af07de 100644 (file)
@@ -419,10 +419,12 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
                        uint8_t flags;
                        pts_meas_algorithms_t comp_hash_algorithm;
                        chunk_t pcr_comp, tpm_quote_sig, evid_sig;
-                       chunk_t pcr_composite, quote_info;
+                       chunk_t pcr_composite, quote_info, result_buf;
                        imv_workitem_t *workitem;
+                       imv_reason_string_t *reason_string;
                        enumerator_t *enumerator;
                        bool use_quote2, use_ver_info;
+                       bio_writer_t *result;
 
                        attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
                        flags = attr_cast->get_quote_info(attr_cast, &comp_hash_algorithm,
@@ -468,7 +470,9 @@ quote_error:
                                 * Finalize any pending measurement registrations and check
                                 * if all expected component measurements were received
                                 */
-                               attestation_state->finalize_components(attestation_state);
+                               result = bio_writer_create(128);
+                               attestation_state->finalize_components(attestation_state,
+                                                                                                          result);
 
                                enumerator = session->create_workitem_enumerator(session);
                                while (enumerator->enumerate(enumerator, &workitem))
@@ -477,7 +481,6 @@ quote_error:
                                        {
                                                TNC_IMV_Action_Recommendation rec;
                                                TNC_IMV_Evaluation_Result eval;
-                                               char *result_str;
                                                uint32_t error;
 
                                                error = attestation_state->get_measurement_error(
@@ -486,32 +489,33 @@ quote_error:
                                                                         IMV_ATTESTATION_ERROR_COMP_EVID_PEND |
                                                                         IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL))
                                                {
-                                                       imv_reason_string_t *reason_string;
-                                                       chunk_t result;
-
                                                        reason_string = imv_reason_string_create("en", ", ");
                                                        attestation_state->add_comp_evid_reasons(
                                                                                        attestation_state, reason_string);
-                                                       result = reason_string->get_encoding(reason_string);
-                                                       result_str = strndup(result.ptr, result.len);
+                                                       result->write_data(result, chunk_from_str("; "));
+                                                       result->write_data(result,
+                                                                       reason_string->get_encoding(reason_string));
                                                        reason_string->destroy(reason_string);
                                                        eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
                                                }
                                                else
                                                {
-                                                       result_str = strdup("attestation successful");
                                                        eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
                                                }
                                                session->remove_workitem(session, enumerator);
-                                               rec = workitem->set_result(workitem, result_str, eval);
+
+                                               result->write_uint8(result, '\0');
+                                               result_buf = result->get_buf(result);
+                                               rec = workitem->set_result(workitem, result_buf.ptr,
+                                                                                                                        eval);
                                                state->update_recommendation(state, rec, eval);
                                                imcv_db->finalize_workitem(imcv_db, workitem);
                                                workitem->destroy(workitem);
-                                               free(result_str);
                                                attestation_state->set_handshake_state(attestation_state,
                                                                                                        IMV_ATTESTATION_STATE_END);
                                                break;
                                        }
+                                       result->destroy(result);
                                }
                                enumerator->destroy(enumerator);
                        }
index 253b8f6..11afbc2 100644 (file)
@@ -467,15 +467,25 @@ METHOD(imv_attestation_state_t, set_measurement_error, void,
 }
 
 METHOD(imv_attestation_state_t, finalize_components, void,
-       private_imv_attestation_state_t *this)
+       private_imv_attestation_state_t *this, bio_writer_t *result)
 {
        func_comp_t *entry;
+       bool first = TRUE;
 
        while (this->components->remove_last(this->components,
                                                                                (void**)&entry) == SUCCESS)
        {
+               if (first)
+               {
+                       first = FALSE;
+               }
+               else
+               {
+                       result->write_data(result, chunk_from_str("; "));
+               }
                if (!entry->comp->finalize(entry->comp,
-                                                                  entry->name->get_qualifier(entry->name)))
+                                                                  entry->name->get_qualifier(entry->name),
+                                                                  result))
                {
                        set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
                }
index 49cdee3..c3aea04 100644 (file)
@@ -29,7 +29,9 @@
 #include <pts/pts.h>
 #include <pts/pts_database.h>
 #include <pts/components/pts_component.h>
+
 #include <library.h>
+#include <bio/bio_writer.h>
 
 typedef struct imv_attestation_state_t imv_attestation_state_t;
 typedef enum imv_attestation_flag_t imv_attestation_flag_t;
@@ -140,8 +142,11 @@ struct imv_attestation_state_t {
        /**
         * Tell the Functional Components to finalize any measurement registrations
         * and to check if all expected measurements were received
+        *
+        * @param result                        Writer appending component measurement results
         */
-       void (*finalize_components)(imv_attestation_state_t *this);
+       void (*finalize_components)(imv_attestation_state_t *this,
+                                                               bio_writer_t *result);
 
        /**
         * Indicates the types of measurement errors that occurred
index 04bc84e..e913dcc 100644 (file)
@@ -798,16 +798,12 @@ METHOD(pts_component_t, verify, status_t,
 }
 
 METHOD(pts_component_t, finalize, bool,
-       pts_ita_comp_ima_t *this, u_int8_t qualifier)
+       pts_ita_comp_ima_t *this, u_int8_t qualifier, bio_writer_t *result)
 {
-       u_int32_t vid, name;
-       enum_name_t *names;
+       char result_buf[BUF_LEN];
        bool success = TRUE;
 
        this->name->set_qualifier(this->name, qualifier);
-       vid = this->name->get_vendor_id(this->name);
-       name = this->name->get_name(this->name);
-       names = pts_components->get_comp_func_names(pts_components, vid);
 
        if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
                                          PTS_ITA_QUALIFIER_TYPE_TRUSTED))
@@ -818,16 +814,21 @@ METHOD(pts_component_t, finalize, bool,
                        /* close registration */
                        this->is_bios_registering = FALSE;
 
-                       DBG1(DBG_PTS, "registered %d %N '%N' BIOS evidence measurements",
-                                                  this->seq_no, pen_names, vid, names, name);
+                       snprintf(result_buf, BUF_LEN, "registered %d BIOS evidence "
+                                        "measurements", this->seq_no);
                }
                else if (this->seq_no < this->bios_count)
                {
-                       DBG1(DBG_PTS, "%d of %d %N '%N' BIOS evidence measurements missing",
-                                                  this->bios_count - this->seq_no, this->bios_count,
-                                                  pen_names, vid, names, name);
+                       snprintf(result_buf, BUF_LEN, "%d of %d BIOS evidence "
+                                        "measurements missing", this->bios_count - this->seq_no,
+                                        this->bios_count);
                        success = FALSE;
                }
+               else
+               {
+                       snprintf(result_buf, BUF_LEN, "%d BIOS evidence "
+                                        "measurements are ok", this->bios_count);
+               }
        }
        else if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
                                                   PTS_ITA_QUALIFIER_TYPE_OS))
@@ -838,26 +839,29 @@ METHOD(pts_component_t, finalize, bool,
                        /* close registration */
                        this->is_ima_registering = FALSE;
 
-                       DBG1(DBG_PTS, "registered %N '%N' boot aggregate evidence "
-                                                 "measurement", pen_names, vid, names, name);
+                       snprintf(result_buf, BUF_LEN, "registered boot aggregate "
+                                        "evidence measurement");
                }
-               if (this->count)
+               else if (this->count)
                {
-                       DBG1(DBG_PTS, "processed %d %N '%N' file evidence measurements: "
-                                                 "%d ok, %d unknown, %d differ, %d failed",
-                                                  this->count, pen_names, vid, names, name,
-                                                  this->count_ok, this->count_unknown,
-                                                  this->count_differ, this->count_failed);
+                       snprintf(result_buf, BUF_LEN, "processed %d file evidence "
+                                        "measurements: %d ok, %d unknown, %d differ, %d failed",
+                                        this->count, this->count_ok, this->count_unknown,
+                                        this->count_differ, this->count_failed);
                        success = !this->count_differ && !this->count_failed;
                }
        }
        else
        {
-               DBG1(DBG_PTS, "unsupported functional component name qualifier");
+               snprintf(result_buf, BUF_LEN, "unsupported functional component name "
+                                "qualifier");
                success = FALSE;
        }
        this->name->set_qualifier(this->name, PTS_QUALIFIER_UNKNOWN);
 
+       DBG1(DBG_PTS, "%s", result_buf);
+       result->write_data(result, chunk_from_str(result_buf));
+
        return success;
 }
 
@@ -872,34 +876,30 @@ METHOD(pts_component_t, destroy, void,
        pts_ita_comp_ima_t *this)
 {
        int count;
-       u_int32_t vid, name;
-       enum_name_t *names;
 
        if (ref_put(&this->ref))
        {
-               vid = this->name->get_vendor_id(this->name);
-               name = this->name->get_name(this->name);
-               names = pts_components->get_comp_func_names(pts_components, vid);
 
                if (this->is_bios_registering)
                {
                        count = this->pts_db->delete_comp_measurements(this->pts_db,
                                                                                                this->bios_cid, this->aik_id);
-                       DBG1(DBG_PTS, "deleted %d registered %N '%N' BIOS evidence "
-                                                 "measurements", count, pen_names, vid, names, name);
+                       DBG1(DBG_PTS, "deleted %d registered BIOS evidence measurements",
+                                                  count);
                }
                if (this->is_ima_registering)
                {
                        count = this->pts_db->delete_comp_measurements(this->pts_db,
                                                                                                this->ima_cid, this->aik_id);
-                       DBG1(DBG_PTS, "deleted registered %N '%N' boot aggregate evidence "
-                                                 "measurement", pen_names, vid, names, name);
+                       DBG1(DBG_PTS, "deleted registered boot aggregate evidence "
+                                                 "measurement");
                }
                this->bios_list->destroy_function(this->bios_list,
                                                                                 (void *)free_bios_entry);
                this->ima_list->destroy_function(this->ima_list,
                                                                                 (void *)free_ima_entry);
                this->name->destroy(this->name);
+               
                free(this);
        }
 }
index 05cbb9f..67be1ca 100644 (file)
@@ -269,30 +269,31 @@ METHOD(pts_component_t, verify, status_t,
 }
 
 METHOD(pts_component_t, finalize, bool,
-       pts_ita_comp_tboot_t *this, u_int8_t qualifier)
+       pts_ita_comp_tboot_t *this, u_int8_t qualifier, bio_writer_t *result)
 {
-       u_int32_t vid, name;
-       enum_name_t *names;
-
-       vid = this->name->get_vendor_id(this->name);
-       name = this->name->get_name(this->name);
-       names = pts_components->get_comp_func_names(pts_components, vid);
+       char result_buf[BUF_LEN];
 
        if (this->is_registering)
        {
                /* close registration */
                this->is_registering = FALSE;
 
-               DBG1(DBG_PTS, "registered %d %N '%N' functional component evidence "
-                                         "measurements", this->seq_no, pen_names, vid, names, name);
+               snprintf(result_buf, BUF_LEN, "registered %d evidence measurements",
+                                this->seq_no);
        }
        else if (this->seq_no < this->count)
        {
-               DBG1(DBG_PTS, "%d of %d %N '%N' functional component evidence "
-                                         "measurements missing", this->count - this->seq_no,
-                                          this->count, pen_names, vid, names, name);
+               snprintf(result_buf, BUF_LEN, "%d of %d evidence measurements "
+                                "missing", this->count - this->seq_no, this->count);
                return FALSE;
        }
+       else
+       {
+               snprintf(result_buf, BUF_LEN, "%d evidence measurements are ok",
+                                this->count);
+       }
+       DBG1(DBG_PTS, "%s", result_buf);
+       result->write_data(result, chunk_from_str(result_buf));
 
        return TRUE;
 }
index e3acd87..7d8da7f 100644 (file)
@@ -49,7 +49,6 @@ struct pts_ita_comp_tgrub_t {
         */
        pts_database_t *pts_db;
 
-
        /**
         * Reference count
         */
@@ -155,7 +154,7 @@ METHOD(pts_component_t, verify, status_t,
 }
 
 METHOD(pts_component_t, finalize, bool,
-       pts_ita_comp_tgrub_t *this, u_int8_t qualifier)
+       pts_ita_comp_tgrub_t *this, u_int8_t qualifier, bio_writer_t *result)
 {
        return FALSE;
 }
index da339a5..71b1ad5 100644 (file)
@@ -30,6 +30,7 @@ typedef struct pts_component_t pts_component_t;
 #include "pts/components/pts_comp_evidence.h"
 
 #include <library.h>
+#include <bio/bio_writer.h>
 
 /**
  * PTS Functional Component Interface 
@@ -85,9 +86,11 @@ struct pts_component_t {
         * and check for missing measurements
         *
         * @param qualifier             PTS Component Functional Name Qualifier
+        * @param result                writer appending concise measurement result
         * @return                              TRUE if finalization successful
         */
-       bool (*finalize)(pts_component_t *this, u_int8_t qualifier);
+       bool (*finalize)(pts_component_t *this, u_int8_t qualifier,
+                                        bio_writer_t *result);
 
        /**
         * Get a new reference to the PTS Functional Component