Skip to content

Instantly share code, notes, and snippets.

@dnoliver

dnoliver/ima-boot_aggregate.c

Created May 10, 2019 20:31
Show Gist options
  • Save dnoliver/ac0252834252152726988ffc7c37ee12 to your computer and use it in GitHub Desktop.
Save dnoliver/ac0252834252152726988ffc7c37ee12 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ima-boot_aggregate.c
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include "config.h"
#include "test.h"
#if HAVE_OPENSSL_SHA_H
#include <openssl/sha.h>
#endif
#define MAX_EVENT_SIZE 200000
#define EVENT_HEADER_SIZE 32
#define MAX_EVENT_DATA_SIZE (MAX_EVENT_SIZE - EVENT_HEADER_SIZE)
#define NUM_PCRS 8 /* PCR registers 0-7 in boot aggregate */
char *TCID = "ima_boot_aggregate";
int TST_TOTAL = 1;
#ifndef DEBUG
int DEBUG = 1;
#endif
static void display_sha1_digest(unsigned char *pcr)
{
int i;
for (i = 0; i < 20; i++)
printf("%02x", *(pcr + i) & 0xff);
printf("\n");
}
int main(int argc, char *argv[])
{
#if HAVE_OPENSSL_SHA_H
unsigned char boot_aggregate[SHA_DIGEST_LENGTH];
struct {
struct {
u_int32_t pcr;
int type;
unsigned char digest[SHA_DIGEST_LENGTH];
u_int32_t len;
} header;
unsigned char data[MAX_EVENT_DATA_SIZE];
} event;
struct {
unsigned char digest[SHA_DIGEST_LENGTH];
} pcr[NUM_PCRS];
FILE *fp;
int i;
SHA_CTX c;
if (argc != 2) {
printf("format: %s binary_bios_measurement file\n", argv[0]);
return 1;
}
fp = fopen(argv[1], "r");
if (!fp) {
perror("unable to open pcr file\n");
return 1;
}
/* Initialize psuedo PCR registers 0 - 7 */
for (i = 0; i < NUM_PCRS; i++)
memset(&pcr[i].digest, 0, SHA_DIGEST_LENGTH);
/* Extend the pseudo PCRs with the event digest */
while (fread(&event, sizeof(event.header), 1, fp)) {
if (DEBUG) {
printf("PCR=%03u ", event.header.pcr);
display_sha1_digest(event.header.digest);
}
SHA1_Init(&c);
SHA1_Update(&c, pcr[event.header.pcr].digest, 20);
SHA1_Update(&c, event.header.digest, 20);
SHA1_Final(pcr[event.header.pcr].digest, &c);
if (event.header.len > MAX_EVENT_DATA_SIZE) {
printf("Error event too long %u\n", event.header.len);
// TODO: hack for comparison error between signed and unsigned thing apparently.
// The event that causes it have 21 as it size, so just fseek 21 to continue parsing
fseek(fp, 21, SEEK_CUR);
//break;
}
else {
fseek(fp, event.header.len, SEEK_CUR);
}
}
fclose(fp);
/* Extend the boot aggregate with the pseudo PCR digest values */
memset(&boot_aggregate, 0, SHA_DIGEST_LENGTH);
SHA1_Init(&c);
for (i = 0; i < NUM_PCRS; i++) {
if (DEBUG) {
printf("PCR-%2.2x: ", i);
display_sha1_digest(pcr[i].digest);
}
SHA1_Update(&c, pcr[i].digest, 20);
}
SHA1_Final(boot_aggregate, &c);
printf("boot_aggregate:");
display_sha1_digest(boot_aggregate);
#else
tst_resm(TCONF, "System doesn't have openssl/sha.h");
#endif
tst_exit();
}
@dnoliver
Copy link
Author

Output of test program after hack, the event.header.len gets converted to 2908756463!

[intel@localhost ima]$ ./ima-tests/ima_boot_aggregate binary_bios_measurements
PCR=000 b82348694aec52ea153bf8da687c5c013221bdaa
PCR=000 c42fedad268200cb1d15f97841c344e79dae3320
PCR=000 bdf1d76e5e91e166a13d257a61558dd0549ec707
PCR=007 d4fdd1f14d4041494deb8fc990c45343d2277d08
PCR=007 4567b80d1c5e6024484bbc50a4b1d79ee79f7e0d
PCR=007 13f02fbc7383ed7c89017e0b32f60e38e282056c
PCR=007 3e033d47d535bc944ce52c8407fdc8ff7d22f23a
PCR=007 9e04b683b1ade74270dc6083dd716acc63a33310
PCR=007 9069ca78e7450a285173431b3e52c5c25299e473
PCR=002 83ff2c5a209d7209091d4d67001d818be3421208
PCR=000 9069ca78e7450a285173431b3e52c5c25299e473
PCR=001 9069ca78e7450a285173431b3e52c5c25299e473
PCR=002 9069ca78e7450a285173431b3e52c5c25299e473
PCR=003 9069ca78e7450a285173431b3e52c5c25299e473
PCR=004 9069ca78e7450a285173431b3e52c5c25299e473
PCR=005 9069ca78e7450a285173431b3e52c5c25299e473
PCR=006 9069ca78e7450a285173431b3e52c5c25299e473
PCR=005 c07becf4608850aac2b3144d8943c4848f8eff0a
PCR=001 7021408194ecb8f1482df39eff1f31a49948ac8a
PCR=001 b03c27650f13a36cef0d2a5671b64f72df2b2cf3
PCR=001 66abb9980310348970b579ac365c9bfaf68458b2
PCR=001 704b76d9e1841a0c0db8db29a4b1e5d61075a11a
PCR=001 915f864f5e69637ddacb1ae8ff844fe314cb7fb9
PCR=001 4168300bfa13fa76028f0ca5e91dbd5f55c701e1
PCR=001 1d44fb0c458fc7f0f45d8b5b67d44f4df714ec2c
PCR=001 185f3892c0fa7cde7088640fc198fc730a4da248
PCR=007 8b5866854c0b829dd967a1d9f100a3920d412792
PCR=004 ad9a72bdb69a17abe85d948e6bbbb89141da2543
PCR=004 f97fdb7e67f5308f16cd0f2acdba3569697e233f
PCR=007 d93c2ca019730c8cbbd243dc88d0d1396a83ef75
PCR=008 b5cdd08fbb1631e2808be85875c9891895d2de15
PCR=008 e4ae050801f9d486642d44030b07ab28f2373bc8
PCR=008 521d69d66f3869bb523a0c16a0f0c9d1a5e08276
PCR=008 eb884be5efb176883b4268d3bd06f3a4cd4fa905
PCR=008 6912877e8cdd113b82fae87240c904b42935d300
PCR=008 11aeae3e11208de5c3384f2d437e5c501a6ef356
PCR=008 dd7e62298c965febcd2b6ddf96ca878c5d63d2ed
PCR=008 ac8fb28e9bace9bf0c33fc0f2eadb7ac90431bf9
PCR=008 eb884be5efb176883b4268d3bd06f3a4cd4fa905
PCR=008 e58b12cded94638e8f2230828ecc9f91fe79522e
PCR=008 11aeae3e11208de5c3384f2d437e5c501a6ef356
PCR=008 d65e183600be132851d123839bf39344e7b96b0d
PCR=008 714c8a0d8016cf3a55618a3349203867be7569ff
PCR=008 5d38462106be2e285ee683a70c4f5217fc00ddaa
PCR=008 11508a4f33a725550c7fe10f171d7edccb96de3c
PCR=008 2973344df9d391073c46cd9bc0f0d7f26240cb97
PCR=008 eeacbb0d7dc05c7ddf5b80d203279d01bf7c5f1a
PCR=008 96d3960de65cca7d0c3ce01ca5634b10d40fa312
PCR=008 0de99e58aa672313a94cc754906bfa5daa4e8169
PCR=008 11aeae3e11208de5c3384f2d437e5c501a6ef356
PCR=008 eb884be5efb176883b4268d3bd06f3a4cd4fa905
PCR=008 7f53ffcfe174739e53157f01ed48c6b6ca08b72e
PCR=008 9f1c280515cbd54cb67bea3d2346758b9805e3a9
PCR=008 138380aa79473a349f839400d8ae2f9fce4ba152
PCR=008 fc60b3c05bfaf9e9ad6284a74dfce340092c5103
PCR=008 77f21cdfeb584076491c7ce6897bc78eb1f441a4
PCR=008 087d3bf6374b89913d6098fc8352b367a39a78df
PCR=008 321314a00169b9047b77f378415dbcf73c03b43c
PCR=008 c7457f4d04d938327e72ee2d4561a148bec58a8d
PCR=008 83786f6fc514cc55c46be331cf092f7fc3cc4efc
PCR=008 5cb990d44042676317fcf740ce941f667792c73b
PCR=008 c68a088ec50231f28fc39cb2157a6ca17fd6d17d
PCR=008 93942812bc4f676d57bfb6c765bda5131b118f8a
PCR=008 acfe2a0c309be0a03fb8b045ea932daf1148a4bc
PCR=008 d7046f1d333ac889655ad995a8c1cbb77cb14b2c
PCR=008 df8f93b2484e725497770dec29e137107ce8944b
PCR=008 d8d7b7f1b86243953dee3c6b9a90b28fed9db909
PCR=008 574b7ff1e615922423e4f1f73e32301b93604fa6
PCR=008 11aeae3e11208de5c3384f2d437e5c501a6ef356
PCR=008 7bb7ebf34270485e684f887c8c9b10cd0f8f1603
PCR=008 f7733920ad0601a23ebb5f2a45e55fc7b3bab10d
PCR=008 0f45725024a04bfb1c187fc218963611de8be024
PCR=008 2a804d25c133fa9d5f181aa8db30f0e29156f27a
PCR=008 6d37753504a7b54954d24923502e3b3d9a3140d8
PCR=008 11aeae3e11208de5c3384f2d437e5c501a6ef356
PCR=008 3df51a1bbd68a48cbc95ce5b53d299b8ec3adb43
PCR=008 3840d9c8006a12eb3946de633f248c0e3cdabb70
PCR=009 a3d2744ea1acb343f49fe2a6441c0b057a0ac64c
Error event too long 2908756463
PCR=004 a3d2744ea1acb343f49fe2a6441c0b057a0ac64c
PCR=007 d93c2ca019730c8cbbd243dc88d0d1396a83ef75
PCR=008 f7aabb3cf05325657296a919c75b7f0fe64b50e4
PCR=008 c4303b42a6137ba0e3c94a701e8f8af0c213f285
PCR-00: c9919f0bd5ff50392c6436b717afbfde258efcdd
PCR-01: cdee9e307f13981fc895fee52d9ecbc4bfd5930d
PCR-02: e1c1e7a9758a3eb8cf70758083e02d4b28fbc31c
PCR-03: b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
PCR-04: 3c74ce49f245047a830c2f1476e281aaf833fbd2
PCR-05: 4b0e0977e233b632dee0de54d9f5baeb173f326e
PCR-06: b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
PCR-07: f1c0600ab4096ee9152e7c926e62ccb9d83e2fed
boot_aggregate:57a9c8394e38dc00a2da48c59872b06f9ed8af1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment