From f09ac3a9f9c25829e5730de982287e2425e54b08 Mon Sep 17 00:00:00 2001 From: Krystian Hebel Date: Tue, 16 Apr 2024 13:53:23 +0200 Subject: [PATCH] sbin/tpm-evt-log-utils.awk: split common utils to separate file This also changes the way hexdump is printed - it now includes newline character. Other than that, no functional changes intended. Signed-off-by: Krystian Hebel --- anti-evil-maid.spec.in | 1 + sbin/tpm-evt-log-utils.awk | 74 ++++++++++++++++++++++++++++++++ sbin/tpm2-evt-log-parser.awk | 68 +---------------------------- sbin/txt-tpm1-evt-log-parser.awk | 55 +----------------------- 4 files changed, 78 insertions(+), 120 deletions(-) create mode 100644 sbin/tpm-evt-log-utils.awk diff --git a/anti-evil-maid.spec.in b/anti-evil-maid.spec.in index 2c38b93..d99cba6 100644 --- a/anti-evil-maid.spec.in +++ b/anti-evil-maid.spec.in @@ -49,6 +49,7 @@ cp -r systemd $RPM_BUILD_ROOT/usr/lib /usr/sbin/anti-evil-maid-lib-tpm2 /usr/sbin/anti-evil-maid-seal /usr/sbin/anti-evil-maid-tpm-setup +/usr/sbin/tpm-evt-log-utils.awk /usr/sbin/tpm2-evt-log-parser.awk /usr/sbin/txt-tpm1-evt-log-parser.awk /usr/share/doc/anti-evil-maid/README diff --git a/sbin/tpm-evt-log-utils.awk b/sbin/tpm-evt-log-utils.awk new file mode 100644 index 0000000..b96b7e4 --- /dev/null +++ b/sbin/tpm-evt-log-utils.awk @@ -0,0 +1,74 @@ +# This file contains a set of utility functions common for TPM1.2 and 2.0 + +function assert(condition, string) +{ + if (!condition) { + print string + exit 1 + } +} + +function ord_init( _i) +{ + for (_i = 0; _i < 256; _i++) { + ord[sprintf("%c", _i)] = _i + } +} + +function x2n(hex, width, _i) +{ + mult = 1 + num = 0 + for (_i = 0; _i < width; _i++) { + num += ord[substr(hex, _i+1, 1)] * mult + mult *= 256 + } + return num +} + +function hex_noprint(hex, len, _i, _str) +{ + _str = "" + for (_i = 0; _i < len; _i++) { + _str = _str sprintf("%02x", ord[substr(hex, _i+1, 1)]) + } + return _str +} + +function hexdump(hex, len) +{ + print hex_noprint(hex, len) +} + +function alg_name(id) +{ + switch (id) { + case 0x0004: return "SHA1" + case 0x000b: return "SHA256" + case 0x000c: return "SHA384" + case 0x000d: return "SHA512" + case 0x0012: return "SM3-256" + case 0x0027: return "SHA3-256" + case 0x0028: return "SHA3-384" + case 0x0029: return "SHA3-512" + default: return sprintf("unknown (%#06x)", id) + } +} + +function string_or_hex(str, len) +{ + _len = len + if (_len > 128) + _len = 128 + # String must start with a series of printable characters ... + if (match(str, "[[:graph:][:blank:]]*", a) != 1) { + hexdump(str, _len) + # ... long until the end, with "optional" (i.e. bad implementation) \0. + } else if (len != a[0, "length"] && + (len != a[0, "length"] + 1 || index(str, "\0") != len)) { + hexdump(str, _len) + } else + printf("%.*s\n", _len, a[0]) + if (_len != len) + printf("... (event truncated to %d first bytes, was %d)\n", _len, len) +} diff --git a/sbin/tpm2-evt-log-parser.awk b/sbin/tpm2-evt-log-parser.awk index 8a20f36..542a990 100755 --- a/sbin/tpm2-evt-log-parser.awk +++ b/sbin/tpm2-evt-log-parser.awk @@ -1,71 +1,6 @@ #!/usr/bin/gawk -bf @load "readfile" - -function assert(condition, string) -{ - if (!condition) { - print string - exit 1 - } -} - -function ord_init() -{ - for (_i = 0; _i < 256; _i++) { - ord[sprintf("%c", _i)] = _i - } -} - -function x2n(hex, width) -{ - mult = 1 - num = 0 - for (_i = 0; _i < width; _i++) { - num += ord[substr(hex, _i+1, 1)] * mult - mult *= 256 - } - return num -} - -function hexdump(hex, len) -{ - for (_i = 0; _i < len; _i++) { - printf("%02x", ord[substr(hex, _i+1, 1)]) - } -} - -function alg_name(id) -{ - switch (id) { - case 0x0004: return "SHA1" - case 0x000b: return "SHA256" - case 0x000c: return "SHA384" - case 0x000d: return "SHA512" - case 0x0012: return "SM3-256" - case 0x0027: return "SHA3-256" - case 0x0028: return "SHA3-384" - case 0x0029: return "SHA3-512" - default: return sprintf("unknown (%#06x)", id) - } -} - -function string_or_hex(str, len) -{ - _len = len - if (_len > 128) - _len = 128 - # String must start with a series of printable characters ... - if (match(str, "[[:graph:][:blank:]]*", a) != 1) { - hexdump(str, _len) - # ... long until the end, with "optional" (i.e. bad implementation) \0. - } else if (len != a[0, "length"] && - (len != a[0, "length"] + 1 || index(str, "\0") != len)) { - hexdump(str, _len) - } else - printf("%.*s", _len, a[0]) - if (_len != len) - printf("... (event truncated to %d first bytes, was %d)", _len, len) -} +@include "/sbin/tpm-evt-log-utils.awk" BEGIN { PROCINFO["readfile"] @@ -124,7 +59,6 @@ BEGIN { $4 = substr($4, 3) printf(" %s: ", alg_name(a[1])) hexdump($4, a[2]) - printf("\n") $4 = substr($4, a[2]+1) } printf(" Event: ") diff --git a/sbin/txt-tpm1-evt-log-parser.awk b/sbin/txt-tpm1-evt-log-parser.awk index f22488f..9b9f86d 100755 --- a/sbin/txt-tpm1-evt-log-parser.awk +++ b/sbin/txt-tpm1-evt-log-parser.awk @@ -1,56 +1,6 @@ #!/usr/bin/gawk -bf @load "readfile" - -function assert(condition, string) -{ - if (!condition) { - print string - exit 1 - } -} - -function ord_init() -{ - for (_i = 0; _i < 256; _i++) { - ord[sprintf("%c", _i)] = _i - } -} - -function x2n(hex, width) -{ - mult = 1 - num = 0 - for (_i = 0; _i < width; _i++) { - num += ord[substr(hex, _i+1, 1)] * mult - mult *= 256 - } - return num -} - -function hexdump(hex, len) -{ - for (_i = 0; _i < len; _i++) { - printf("%02x", ord[substr(hex, _i+1, 1)]) - } -} - -function string_or_hex(str, len) -{ - _len = len - if (_len > 128) - _len = 128 - # String must start with a series of printable characters ... - if (match(str, "[[:graph:][:blank:]]*", a) != 1) { - hexdump(str, _len) - # ... long until the end, with "optional" (i.e. bad implementation) \0. - } else if (len != a[0, "length"] && - (len != a[0, "length"] + 1 || index(str, "\0") != len)) { - hexdump(str, _len) - } else - printf("%.*s", _len, a[0]) - if (_len != len) - printf("... (event truncated to %d first bytes, was %d)", _len, len) -} +@include "/sbin/tpm-evt-log-utils.awk" BEGIN { PROCINFO["readfile"] @@ -119,10 +69,9 @@ BEGIN { printf(" Digests:\n") printf(" SHA1: ") hexdump($3, 20) - printf("\n") printf(" Event: ") string_or_hex($5, x2n($4, 4)) - printf("\n\n") + printf("\n") $0 = substr($5, x2n($4, 4) + 1) } }