From 065eb7395f287e1c3c53a78eb1d14922fa7c2a3d Mon Sep 17 00:00:00 2001 From: Niteesh Dubey Date: Tue, 7 Feb 2023 20:35:04 +0000 Subject: [PATCH 1/2] get digests --- eventlog.py | 31 +++++++++++++++++++++++++ list_digests.py | 61 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+) create mode 100755 list_digests.py diff --git a/eventlog.py b/eventlog.py index f36c98e..ee11821 100644 --- a/eventlog.py +++ b/eventlog.py @@ -285,3 +285,34 @@ def validate (self): for evt in self: if not evt.validate(): return False return True + + +def algid_valid (algid: int) -> bool: + if algid in EfiEventDigest.hashalgmap: + return True + return False + +def eventtype_valid (evtype: str) -> bool: + if evtype in Event.__members__: + return True + return False + +def get_digests (evlog: EventLog, evtype: str, **kwargs) -> list: + + algid=kwargs.get('hash_algid',None) + pcr=kwargs.get('pcr_index',None) + + digest_list=[] + + for ev in evlog: + if Event(ev.evtype).name == evtype: + if pcr: + if ev.evpcr != pcr: continue + if algid: + digest=ev.digests[algid].toJson() + digest_list.append(digest['Digest']) + else: + for v in ev.digests.values(): + digest_list.append(v.toJson()) + + return digest_list diff --git a/list_digests.py b/list_digests.py new file mode 100755 index 0000000..73cc91a --- /dev/null +++ b/list_digests.py @@ -0,0 +1,61 @@ +#!/usr/bin/env python3 + +import eventlog +import argparse + +def parser_main(): + parser = argparse.ArgumentParser( + description="Get list of digests for a given event type" + ) + parser.add_argument( + "-f", + "--file", + help="measured boot log binary file", + ) + parser.add_argument( + "-e", + "--event", + help="event type", + ) + parser.add_argument( + "-a", + "--algid", + default="11", + help="algorithm id", + ) + parser.add_argument( + "-p", + "--pcr", + help="pcr index", + ) + return parser + +def main(): + p = parser_main() + args = p.parse_args() + + assert (args.file),"file is required" + assert (args.event),"event type is required" + + with open (args.file, 'rb') as f: + buffer = f.read() + + if not eventlog.eventtype_valid(args.event): + print('Invalid event type') + return + + if args.algid: + algid = int(args.algid) + if not eventlog.algid_valid(algid): + print ('Invalid hash algorithm id.') + return + + log=eventlog.EventLog(buffer, len(buffer)) + if args.pcr: + dg_list = eventlog.get_digests(log, args.event, hash_algid=algid, pcr_index=int(args.pcr)) + else: + dg_list = eventlog.get_digests(log, args.event, hash_algid=algid) + print(dg_list) + +if __name__ == "__main__": + main() From 7e564048b6b598e0ed22ae52ee604d616d447dc7 Mon Sep 17 00:00:00 2001 From: Niteesh Dubey Date: Tue, 7 Feb 2023 21:36:46 +0000 Subject: [PATCH 2/2] match digest --- eventlog.py | 31 +++++++++++++------- list_digests.py | 61 --------------------------------------- match_digest.py | 76 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+), 71 deletions(-) delete mode 100755 list_digests.py create mode 100755 match_digest.py diff --git a/eventlog.py b/eventlog.py index ee11821..0c88c89 100644 --- a/eventlog.py +++ b/eventlog.py @@ -287,19 +287,14 @@ def validate (self): return True -def algid_valid (algid: int) -> bool: - if algid in EfiEventDigest.hashalgmap: - return True - return False - -def eventtype_valid (evtype: str) -> bool: - if evtype in Event.__members__: - return True - return False - def get_digests (evlog: EventLog, evtype: str, **kwargs) -> list: + assert evtype in Event.__members__ + algid=kwargs.get('hash_algid',None) + if algid: + assert algid in EfiEventDigest.hashalgmap + pcr=kwargs.get('pcr_index',None) digest_list=[] @@ -316,3 +311,19 @@ def get_digests (evlog: EventLog, evtype: str, **kwargs) -> list: digest_list.append(v.toJson()) return digest_list + +def match_digest (evlog: EventLog, evtype: str, algid: int, digest: str, **kwargs) -> bool: + + assert evtype in Event.__members__ + assert algid in EfiEventDigest.hashalgmap + + pcr=kwargs.get('pcr_index',None) + + for ev in evlog: + if pcr: + if ev.evpcr != pcr: continue + if algid: + dg=ev.digests[algid].toJson() + if dg['Digest'] == digest: + return True + return False diff --git a/list_digests.py b/list_digests.py deleted file mode 100755 index 73cc91a..0000000 --- a/list_digests.py +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env python3 - -import eventlog -import argparse - -def parser_main(): - parser = argparse.ArgumentParser( - description="Get list of digests for a given event type" - ) - parser.add_argument( - "-f", - "--file", - help="measured boot log binary file", - ) - parser.add_argument( - "-e", - "--event", - help="event type", - ) - parser.add_argument( - "-a", - "--algid", - default="11", - help="algorithm id", - ) - parser.add_argument( - "-p", - "--pcr", - help="pcr index", - ) - return parser - -def main(): - p = parser_main() - args = p.parse_args() - - assert (args.file),"file is required" - assert (args.event),"event type is required" - - with open (args.file, 'rb') as f: - buffer = f.read() - - if not eventlog.eventtype_valid(args.event): - print('Invalid event type') - return - - if args.algid: - algid = int(args.algid) - if not eventlog.algid_valid(algid): - print ('Invalid hash algorithm id.') - return - - log=eventlog.EventLog(buffer, len(buffer)) - if args.pcr: - dg_list = eventlog.get_digests(log, args.event, hash_algid=algid, pcr_index=int(args.pcr)) - else: - dg_list = eventlog.get_digests(log, args.event, hash_algid=algid) - print(dg_list) - -if __name__ == "__main__": - main() diff --git a/match_digest.py b/match_digest.py new file mode 100755 index 0000000..72626c3 --- /dev/null +++ b/match_digest.py @@ -0,0 +1,76 @@ +#!/usr/bin/env python3 + +import eventlog +import argparse + +def parser_main(): + parser = argparse.ArgumentParser( + description="List/Match the digest[s]" + ) + parser.add_argument( + "-f", + "--file", + help="measured boot log binary file", + ) + parser.add_argument( + "-d", + "--digest", + help="digest value", + ) + parser.add_argument( + "-e", + "--event", + help="event type", + ) + parser.add_argument( + "-a", + "--algid", + default="11", + help="algorithm id", + ) + parser.add_argument( + "-p", + "--pcr", + help="pcr index", + ) + return parser + +def main(): + p = parser_main() + args = p.parse_args() + + assert (args.file),"file is required" + assert (args.event),"event type is required" + + with open (args.file, 'rb') as f: + buffer = f.read() + + if args.event not in eventlog.Event.__members__: + print('Invalid event type') + return + + algid = int(args.algid) + if algid not in eventlog.EfiEventDigest.hashalgmap: + print ('Invalid hash algorithm id.') + return + + log=eventlog.EventLog(buffer, len(buffer)) + + if not args.digest: + if args.pcr: + dg_list = eventlog.get_digests(log, args.event, hash_algid=algid, pcr_index=int(args.pcr)) + else: + dg_list = eventlog.get_digests(log, args.event, hash_algid=algid) + print(dg_list) + else: + if args.pcr: + matched = eventlog.match_digest(log, args.event, algid, args.digest, pcr_index=int(args.pcr)) + else: + matched = eventlog.match_digest(log, args.event, algid, args.digest, algid) + if matched: + print('Digest matched!') + else: + print('Digest does not match!') + +if __name__ == "__main__": + main()