if (session)
{
+ TNC_IMV_Evaluation_Result eval;
+ TNC_IMV_Action_Recommendation rec;
imv_workitem_t *workitem;
enumerator_t *enumerator;
+ char *result_str;
int pending_file_meas = 0;
enumerator = session->create_workitem_enumerator(session);
case IMV_WORKITEM_FILE_MEAS:
case IMV_WORKITEM_DIR_REF_MEAS:
case IMV_WORKITEM_DIR_MEAS:
+ session->remove_workitem(session, enumerator);
+ result_str = "pending file measurements";
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
pending_file_meas++;
break;
default:
if (comp->verify(comp, name->get_qualifier(name), pts,
evidence) != SUCCESS)
{
+ state->update_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
+ TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_COMP_EVID_FAIL);
name->log(name, " measurement mismatch for ");
{
DBG1(DBG_IMV, "received PCR Composite does not match "
"constructed one");
+ state->update_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
+ TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
- free(pcr_composite.ptr);
- free(quote_info.ptr);
- break;
+ goto quote_error;
}
DBG2(DBG_IMV, "received PCR Composite matches constructed one");
- free(pcr_composite.ptr);
if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
{
+ state->update_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
+ TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
- free(quote_info.ptr);
- break;
+ goto quote_error;
}
DBG2(DBG_IMV, "TPM Quote Info signature verification successful");
+
+quote_error:
+ free(pcr_composite.ptr);
free(quote_info.ptr);
/**