![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pts_database.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / pts|
Return to pts_database.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / pts |
1.1 misho 1: /*
2: * Copyright (C) 2011-2012 Sansar Choinyambuu
3: * Copyright (C) 2012-2017 Andreas Steffen
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #define _GNU_SOURCE
18: #include <stdio.h>
19: #include <libgen.h>
20:
21: #include "pts_database.h"
22:
23: #include <utils/debug.h>
24: #include <crypto/hashers/hasher.h>
25:
26:
27: typedef struct private_pts_database_t private_pts_database_t;
28:
29: /**
30: * Private data of a pts_database_t object.
31: *
32: */
33: struct private_pts_database_t {
34:
35: /**
36: * Public pts_database_t interface.
37: */
38: pts_database_t public;
39:
40: /**
41: * database instance
42: */
43: database_t *db;
44:
45: };
46:
47: METHOD(pts_database_t, get_pathname, char*,
48: private_pts_database_t *this, bool is_dir, int id)
49: {
50: enumerator_t *e;
51: char *path, *name, *sep, *pathname = NULL;
52:
53: if (is_dir)
54: {
55: e = this->db->query(this->db,
56: "SELECT path FROM directories WHERE id = ?",
57: DB_INT, id, DB_TEXT);
58: if (!e || !e->enumerate(e, &path))
59: {
60: pathname = NULL;
61: }
62: else
63: {
64: pathname = strdup(path);
65: }
66: }
67: else
68: {
69: e = this->db->query(this->db,
70: "SELECT d.path, f.name FROM files AS f "
71: "JOIN directories AS d ON d.id = f.dir WHERE f.id = ?",
72: DB_INT, id, DB_TEXT, DB_TEXT);
73: if (e && e->enumerate(e, &path, &name))
74: {
75: if (path[0] == '/')
76: { /* Unix style absolute path */
77: sep = "/";
78: }
79: else
80: { /* Windows absolute path */
81: sep = "\\";
82: }
83: if (asprintf(&pathname, "%s%s%s",
84: path, streq(path, "/") ? "" : sep, name) == -1)
85: {
86: pathname = NULL;
87: }
88: }
89: }
90: DESTROY_IF(e);
91:
92: return pathname;
93: }
94:
95: METHOD(pts_database_t, create_file_hash_enumerator, enumerator_t*,
96: private_pts_database_t *this, int pid, pts_meas_algorithms_t algo,
97: bool is_dir, int id)
98: {
99: enumerator_t *e;
100:
101: if (is_dir)
102: {
103: e = this->db->query(this->db,
104: "SELECT f.id, f.name, fh.hash FROM file_hashes AS fh "
105: "JOIN files AS f ON f.id = fh.file "
106: "JOIN directories as d ON d.id = f.dir "
107: "JOIN versions as v ON v.id = fh.version "
108: "WHERE v.product = ? AND fh.algo = ? AND d.id = ? "
109: "ORDER BY f.name",
110: DB_INT, pid, DB_INT, algo, DB_INT, id, DB_INT, DB_TEXT, DB_TEXT);
111: }
112: else
113: {
114: e = this->db->query(this->db,
115: "SELECT f.id, f.name, fh.hash FROM file_hashes AS fh "
116: "JOIN files AS f ON f.id = fh.file "
117: "JOIN versions AS v ON v.id = fh.version "
118: "WHERE v.product = ? AND fh.algo = ? AND fh.file = ?",
119: DB_INT, pid, DB_INT, algo, DB_INT, id, DB_INT, DB_TEXT, DB_TEXT);
120: }
121: return e;
122: }
123:
124:
125: METHOD(pts_database_t, get_product_version, bool,
126: private_pts_database_t *this, int pid, int *vid)
127: {
128: enumerator_t *e;
129: int pkg_id;
130:
131: /* does empty package name already exist? */
132: e = this->db->query(this->db,
133: "SELECT id FROM packages WHERE name = ''", DB_INT);
134: if (!e)
135: {
136: return FALSE;
137: }
138: if (!e->enumerate(e, &pkg_id))
139: {
140: /* create generic product version entry */
141: if (this->db->execute(this->db, &pkg_id,
142: "INSERT INTO packages (name) VALUES ('')") != 1)
143: {
144: DBG1(DBG_PTS, "could not insert package into database");
145: e->destroy(e);
146: return FALSE;
147: }
148: }
149: e->destroy(e);
150:
151: /* does generic product version already exist? */
152: e = this->db->query(this->db,
153: "SELECT id FROM versions WHERE product = ? AND package = ?",
154: DB_INT, pid, DB_INT, pkg_id);
155: if (!e)
156: {
157: return FALSE;
158: }
159: if (!e->enumerate(e, vid))
160: {
161: /* create generic product version entry */
162: if (this->db->execute(this->db, vid,
163: "INSERT INTO versions (product, package) VALUES (?, ?)",
164: DB_INT, pid, DB_INT, pkg_id) != 1)
165: {
166: DBG1(DBG_PTS, "could not insert version into database");
167: e->destroy(e);
168: return FALSE;
169: }
170: }
171: e->destroy(e);
172:
173: return TRUE;
174: }
175:
176: METHOD(pts_database_t, add_file_measurement, bool,
177: private_pts_database_t *this, int vid, pts_meas_algorithms_t algo,
178: chunk_t measurement, char *filename, bool is_dir, int id)
179: {
180: enumerator_t *e;
181: char *name;
182: uint8_t hash_buf[HASH_SIZE_SHA512];
183: uint8_t hex_meas_buf[2*HASH_SIZE_SHA512+1], *hex_hash_buf;
184: chunk_t hash, hex_hash, hex_meas;
185: int hash_id, fid;
186: bool success = TRUE;
187:
188: if (is_dir)
189: {
190: /* does filename entry already exist? */
191: e = this->db->query(this->db,
192: "SELECT id FROM files WHERE name = ? AND dir = ?",
193: DB_TEXT, filename, DB_INT, id, DB_INT);
194: if (!e)
195: {
196: return FALSE;
197: }
198: if (!e->enumerate(e, &fid))
199: {
200: /* create filename entry */
201: if (this->db->execute(this->db, &fid,
202: "INSERT INTO files (name, dir) VALUES (?, ?)",
203: DB_TEXT, filename, DB_INT, id) != 1)
204: {
205: DBG1(DBG_PTS, "could not insert filename into database");
206: success = FALSE;
207: }
208: }
209: e->destroy(e);
210: }
211: else
212: {
213: fid = id;
214:
215: /* verify filename */
216: e = this->db->query(this->db,
217: "SELECT name FROM files WHERE id = ?", DB_INT, fid, DB_TEXT);
218: if (!e)
219: {
220: return FALSE;
221: }
222: if (!e->enumerate(e, &name) || !streq(name, filename))
223: {
224: DBG1(DBG_PTS, "filename of reference measurement does not match");
225: success = FALSE;
226: }
227: e->destroy(e);
228: }
229:
230: if (!success)
231: {
232: return FALSE;
233: }
234:
235: /* does hash measurement value already exist? */
236: e = this->db->query(this->db,
237: "SELECT id, hash FROM file_hashes "
238: "WHERE algo = ? AND file = ? AND version = ?",
239: DB_INT, algo, DB_INT, fid, DB_INT, vid, DB_INT, DB_TEXT);
240: if (!e)
241: {
242: return FALSE;
243: }
244: if (e->enumerate(e, &hash_id, &hex_hash_buf))
245: {
246: hex_hash = chunk_from_str(hex_hash_buf);
247: hash = chunk_from_hex(hex_hash, hash_buf);
248:
249: if (!chunk_equals(measurement, hash))
250: {
251: /* update hash measurement value */
252: if (this->db->execute(this->db, &hash_id,
253: "UPDATE file_hashes SET hash = ? WHERE id = ?",
254: DB_BLOB, measurement, DB_INT, hash_id) != 1)
255: {
256: success = FALSE;
257: }
258: }
259: }
260: else
261: {
262: hex_meas = chunk_to_hex(measurement, hex_meas_buf, FALSE);
263: hex_meas_buf[hex_meas.len] = '\0';
264:
265: /* insert hash measurement value */
266: if (this->db->execute(this->db, &hash_id,
267: "INSERT INTO file_hashes (file, version, algo, hash) "
268: "VALUES (?, ?, ?, ?)", DB_INT, fid, DB_INT, vid,
269: DB_INT, algo, DB_TEXT, hex_meas_buf) != 1)
270: {
271: success = FALSE;
272: }
273: }
274: e->destroy(e);
275:
276: return success;
277: }
278:
279: METHOD(pts_database_t, create_file_meas_enumerator, enumerator_t*,
280: private_pts_database_t *this, int pid, pts_meas_algorithms_t algo,
281: char *filename)
282: {
283: enumerator_t *e;
284: char *dir, *file;
285:
286: if (strlen(filename) < 1)
287: {
288: return NULL;
289: }
290:
291: /* separate filename into directory and basename components */
292: dir = path_dirname(filename);
293: file = path_basename(filename);
294:
295: if (*dir == '.')
296: { /* relative pathname */
297: e = this->db->query(this->db,
298: "SELECT fh.hash FROM file_hashes AS fh "
299: "JOIN files AS f ON f.id = fh.file "
300: "JOIN versions AS v ON v.id = fh.version "
301: "WHERE v.product = ? AND f.name = ? AND fh.algo = ? "
302: "ORDER BY v.time DESC",
303: DB_INT, pid, DB_TEXT, file, DB_INT, algo, DB_TEXT);
304: }
305: else
306: { /* absolute pathname */
307: int did;
308:
309: /* find directory entry first */
310: e = this->db->query(this->db,
311: "SELECT id FROM directories WHERE path = ?",
312: DB_TEXT, dir, DB_INT);
313:
314: if (!e || !e->enumerate(e, &did))
315: {
316: goto err;
317: }
318: e->destroy(e);
319:
320: e = this->db->query(this->db,
321: "SELECT fh.hash FROM file_hashes AS fh "
322: "JOIN files AS f ON f.id = fh.file "
323: "JOIN versions AS v ON v.id = fh.version "
324: "WHERE v.product = ? AND f.dir = ? AND f.name = ? AND fh.algo = ? "
325: "ORDER BY v.time DESC",
326: DB_INT, pid, DB_INT, did, DB_TEXT, file, DB_INT, algo, DB_TEXT);
327: }
328:
329: err:
330: free(file);
331: free(dir);
332:
333: return e;
334: }
335:
336: METHOD(pts_database_t, check_comp_measurement, status_t,
337: private_pts_database_t *this, chunk_t measurement, int cid, int aik_id,
338: int seq_no, int pcr, pts_meas_algorithms_t algo)
339: {
340: enumerator_t *e;
341: chunk_t hash;
342: status_t status = NOT_FOUND;
343:
344: e = this->db->query(this->db,
345: "SELECT hash FROM component_hashes "
346: "WHERE component = ? AND key = ? "
347: "AND seq_no = ? AND pcr = ? AND algo = ? ",
348: DB_INT, cid, DB_INT, aik_id, DB_INT, seq_no,
349: DB_INT, pcr, DB_INT, algo, DB_BLOB);
350: if (!e)
351: {
352: DBG1(DBG_PTS, "no database query enumerator returned");
353: return FAILED;
354: }
355:
356: while (e->enumerate(e, &hash))
357: {
358: if (chunk_equals(hash, measurement))
359: {
360: status = SUCCESS;
361: break;
362: }
363: else
364: {
365: DBG1(DBG_PTS, "PCR %2d no matching component measurement #%d "
366: "found in database", pcr, seq_no);
367: DBG1(DBG_PTS, " expected: %#B", &hash);
368: DBG1(DBG_PTS, " received: %#B", &measurement);
369: status = VERIFY_ERROR;
370: break;
371: }
372: }
373: e->destroy(e);
374:
375: if (status == NOT_FOUND)
376: {
377: DBG1(DBG_PTS, "PCR %2d no measurement #%d "
378: "found in database", pcr, seq_no);
379: }
380:
381: return status;
382: }
383:
384: METHOD(pts_database_t, insert_comp_measurement, status_t,
385: private_pts_database_t *this, chunk_t measurement, int cid, int aik_id,
386: int seq_no, int pcr, pts_meas_algorithms_t algo)
387: {
388: int id;
389:
390: if (this->db->execute(this->db, &id,
391: "INSERT INTO component_hashes "
392: "(component, key, seq_no, pcr, algo, hash) "
393: "VALUES (?, ?, ?, ?, ?, ?)",
394: DB_INT, cid, DB_INT, aik_id, DB_INT, seq_no, DB_INT, pcr,
395: DB_INT, algo, DB_BLOB, measurement) == 1)
396: {
397: return SUCCESS;
398: }
399:
400: DBG1(DBG_PTS, "could not insert component measurement into database");
401: return FAILED;
402: }
403:
404: METHOD(pts_database_t, delete_comp_measurements, int,
405: private_pts_database_t *this, int cid, int aik_id)
406: {
407: return this->db->execute(this->db, NULL,
408: "DELETE FROM component_hashes "
409: "WHERE component = ? AND key = ?",
410: DB_INT, cid, DB_INT, aik_id);
411: }
412:
413: METHOD(pts_database_t, get_comp_measurement_count, status_t,
414: private_pts_database_t *this, pts_comp_func_name_t *comp_name,
415: int aik_id, pts_meas_algorithms_t algo, int *cid, int *count)
416: {
417: enumerator_t *e;
418: status_t status = SUCCESS;
419:
420: /* Initialize count */
421: *count = 0;
422:
423: /* Get the primary key of the Component Functional Name */
424: e = this->db->query(this->db,
425: "SELECT id FROM components "
426: " WHERE vendor_id = ? AND name = ? AND qualifier = ?",
427: DB_INT, comp_name->get_vendor_id(comp_name),
428: DB_INT, comp_name->get_name(comp_name),
429: DB_INT, comp_name->get_qualifier(comp_name),
430: DB_INT);
431: if (!e)
432: {
433: DBG1(DBG_PTS, "no database query enumerator returned");
434: return FAILED;
435: }
436: if (!e->enumerate(e, cid))
437: {
438: DBG1(DBG_PTS, "component functional name not found in database");
439: e->destroy(e);
440: return FAILED;
441: }
442: e->destroy(e);
443:
444: /* Get the number of stored measurements for a given AIK and component */
445: e = this->db->query(this->db,
446: "SELECT COUNT(*) FROM component_hashes AS ch "
447: "WHERE component = ? AND key = ? AND algo = ?",
448: DB_INT, *cid, DB_INT, aik_id, DB_INT, algo, DB_INT);
449: if (!e)
450: {
451: DBG1(DBG_PTS, "no database query enumerator returned");
452: return FAILED;
453: }
454: if (!e->enumerate(e, count))
455: {
456: DBG1(DBG_PTS, "no component measurement count returned from database");
457: status = FAILED;
458: }
459: e->destroy(e);
460:
461: return status;
462: }
463:
464: METHOD(pts_database_t, destroy, void,
465: private_pts_database_t *this)
466: {
467: free(this);
468: }
469:
470: /**
471: * See header
472: */
473: pts_database_t *pts_database_create(imv_database_t *imv_db)
474: {
475: private_pts_database_t *this;
476:
477: if (!imv_db)
478: {
479: return NULL;
480: }
481:
482: INIT(this,
483: .public = {
484: .get_pathname = _get_pathname,
485: .create_file_hash_enumerator = _create_file_hash_enumerator,
486: .get_product_version = _get_product_version,
487: .add_file_measurement = _add_file_measurement,
488: .create_file_meas_enumerator = _create_file_meas_enumerator,
489: .check_comp_measurement = _check_comp_measurement,
490: .insert_comp_measurement = _insert_comp_measurement,
491: .delete_comp_measurements = _delete_comp_measurements,
492: .get_comp_measurement_count = _get_comp_measurement_count,
493: .destroy = _destroy,
494: },
495: .db = imv_db->get_database(imv_db),
496: );
497:
498: return &this->public;
499: }