[PATCH] ima_evm_utils: emit the per TPM PCR bank "boot_aggregate" values

From: Mimi Zohar <zohar@linux.ibm.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>, Petr Vorel <pvorel@suse.cz>,
	Maurizio Drocco <maurizio.drocco@ibm.com>
Subject: [PATCH] ima_evm_utils: emit the per TPM PCR bank "boot_aggregate" values
Date: Mon, 15 Jun 2020 13:58:39 -0400	[thread overview]
Message-ID: <1592243919-29915-1-git-send-email-zohar@linux.ibm.com> (raw)

Instead of emitting the per TPM PCR bank "boot_aggregate" values one
at a time, store them in a buffer and emit them all at once.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 53 insertions(+), 2 deletions(-)

diff --git a/src/evmctl.c b/src/evmctl.c
index 675980823636..1d065ceed886 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1937,11 +1937,36 @@ static void calc_bootaggr(struct tpm_bank_info *bank)
 	}
 
 out:
-	printf("%s:", bank->algo_name);
-	imaevm_hexdump(bank->digest, bank->digest_size);
 #if OPENSSL_VERSION_NUMBER >= 0x10100000
 	EVP_MD_CTX_free(pctx);
 #endif
+
+}
+
+/*
+ * The "boot_aggregate" format is the TPM PCR bank algorithm, a colon
+ * separator, followed by a per bank TPM PCR bank specific digest.
+ * Store the TPM PCR bank specific "boot_aggregate" value as a newline
+ * terminated string in the provided buffer.
+ */
+static int append_bootaggr(char *bootaggr, struct tpm_bank_info *tpm_banks)
+{
+	uint8_t *buf;
+	int j;
+
+	strcpy(bootaggr, tpm_banks->algo_name);
+	j = strlen(tpm_banks->algo_name);
+	bootaggr[j++] = ':';
+
+	for (buf = tpm_banks->digest;
+	     buf < (tpm_banks->digest + tpm_banks->digest_size);
+	     buf++) {
+		bootaggr[j++] = hex_asc_hi(*buf);
+		bootaggr[j++] = hex_asc_lo(*buf);
+	}
+
+	bootaggr[j++] = '\n';
+	return j;
 }
 
 /*
@@ -1953,7 +1978,10 @@ out:
 static int cmd_ima_bootaggr(struct command *cmd)
 {
 	struct tpm_bank_info *tpm_banks;
+	int bootaggr_len = 0;
+	char *bootaggr;
 	int num_banks = 0;
+	int offset = 0;
 	int i;
 
 	tpm_banks = init_tpm_banks(&num_banks);
@@ -1963,11 +1991,34 @@ static int cmd_ima_bootaggr(struct command *cmd)
 		return -1;
 	}
 
+	/*
+	 * Allocate enough memory for the per TPM 2.0 PCR bank algorithm,
+	 * the colon separator, the boot_aggregate digest and newline.
+	 *
+	 * Format: <hash algorithm name>:<boot_aggregate digest>\n ...
+	 */
+	for (i = 0; i < num_banks; i++) {
+		if (!tpm_banks[i].supported)
+			continue;
+		bootaggr_len += strlen(tpm_banks[i].algo_name) + 1;
+		bootaggr_len += (tpm_banks[i].digest_size * 2) + 1;
+	}
+	bootaggr = malloc(bootaggr_len);
+
+	/*
+	 * Calculate and convert the per TPM 2.0 PCR bank algorithm
+	 * "boot_aggregate" digest from binary to asciihex.  Store the
+	 * "boot_aggregate" values as a list of newline terminated
+	 * strings.
+	 */
 	for (i = 0; i < num_banks; i++) {
 		if (!tpm_banks[i].supported)
 			continue;
 		calc_bootaggr(&tpm_banks[i]);
+		offset += append_bootaggr(bootaggr + offset, tpm_banks + i);
 	}
+	printf("%s", bootaggr);
+	free(bootaggr);
 	return 0;
 }
 
-- 
2.7.5

