int MeasurePolicy()

in lsvmutils/policy.c [487:640]

• 137 lines of code
• 15 McCabe index (conditional complexity)

int MeasurePolicy(
    const Vars* vars,
    EFI_TCG2_PROTOCOL *protocol,
    const Policy* policy,
    BOOLEAN log,
    PCRBanks* banks,
    Error* err)
{
    int rc = -1;
    UINT32 i;

    ClearErr(err);

    /* Check for null parameters */
    if (!policy)
        goto done;

    Memset(banks, 0, sizeof(PCRBanks));

    for (i = 0; i < policy->nentries; i++)
    {
        const PolicyEntry* ent = &policy->entries[i];
        SHA1Hash sha1;
        SHA256Hash sha256;
        UINT32 pcr = ent->pcr;

        /* Set this bit in the PCR mask */
        banks->pcrMask |= (1 << pcr);

        /* Measure this entry */
        switch (ent->type)
        {
            case POLICY_EFIVAR:
            {
                if (MeasureEFIVariable(
                    vars,
                    protocol,
                    TRUE, /* predictive */
                    ent->pcr,
                    ent->path,
                    &banks->pcrs1[ent->pcr],
                    &banks->pcrs256[ent->pcr],
                    &sha1,
                    &sha256) != 0)
                {
                    SetErr(err, TCS("measurement failed: %s"), ent->path);
                    goto done;
                }

                break;
            }
            case POLICY_PEIMAGE:
            {

                if (MeasurePEImage(
                    protocol,
                    TRUE, /* predictive */
                    ent->pcr,
                    ent->path,
                    &banks->pcrs1[ent->pcr],
                    &banks->pcrs256[ent->pcr],
                    &sha1,
                    &sha256) != 0)
                {
                    SetErr(err, TCS("measurement failed: %s"), ent->path);
                    goto done;
                }

                break;
            }
            case POLICY_BINARY:
            {
                if (MeasureBinaryFile(
                    vars,
                    protocol,
                    TRUE, /* predictive */
                    ent->pcr,
                    ent->path,
                    &banks->pcrs1[ent->pcr],
                    &banks->pcrs256[ent->pcr],
                    &sha1,
                    &sha256) != 0)
                {
                    SetErr(err, TCS("measurement failed: %s"), ent->path);
                    goto done;
                }
                break;
            }
            case POLICY_BINARY32:
            {
                if (MeasureBinaryFilePad32(
                    vars,
                    protocol,
                    TRUE, /* predictive */
                    ent->pcr,
                    ent->path,
                    &banks->pcrs1[ent->pcr],
                    &banks->pcrs256[ent->pcr],
                    &sha1,
                    &sha256) != 0)
                {
                    SetErr(err, TCS("measurement failed: %s"), ent->path);
                    goto done;
                }
                break;
            }
            case POLICY_CAP:
            {
                if (MeasureCap(
                    protocol,
                    TRUE, /* predictive */
                    ent->pcr,
                    &banks->pcrs1[ent->pcr],
                    &banks->pcrs256[ent->pcr],
                    &sha1,
                    &sha256) != 0)
                {
                    SetErr(err, TCS("measurement failed: %s"), ent->path);
                    goto done;
                }

                break;
            }
            case POLICY_PCR:
            {
                /* Used only to add PCR to mask above */
                break;
            }
            default:
            {
                SetErr(err, TCS("internal error"));
                goto done;
            }
        }

        if (log)
        {
            PRINTF("=== %s\n", ent->path);
            {
                SHA1Str str = SHA1ToStr(&sha1);
                PRINTF("SHA1=%s\n", str.buf);
            }
            {
                SHA256Str str = SHA256ToStr(&sha256);
                PRINTF("SHA256=%s\n", str.buf);
            }
        }
    }

    rc = 0;

done:
    return rc;
}