Geek asks and answers

How can I extend the extension of a PCR value, for example, SHA1SUM?

this is somewhat related to the message in: Run an OR for the two sha1sum hash outputs

I have a sample TPM measurement set, for example. following:

10 1ca03ef9cca98b0a04e5b01dabe1ff825ff0280a ima 0ea26e75253dc2fda7e4210980537d035e2fb9f8         boot_aggregate
10 7f36b991f8ae94141753bcb2cf78936476d82f1d ima d0eee5a3d35f0a6912b5c6e51d00a360e859a668 /init
10 8bc0209c604fd4d3b54b6089eac786a4e0cb1fbf ima cc57839b8e5c4c58612daaf6fff48abd4bac1bd7 /init
10 d30b96ced261df085c800968fe34abe5fa0e3f4d ima 1712b5017baec2d24c8165dfc1b98168cdf6aa25 ld-linux-x86-64.so.2

In accordance with the TPM specification, also mentioned in the above publication, the operation of continuing PCR: PCR: = SHA1 (PCR data ||), that is, "combine the old PCR value with the data, hash the concatenated string and save the hash in PCR." In addition, several of the many documents and presentations I found mention that data is a hash of downloadable software.

However, when I perform a type operation echo H(PCR)||H(data) | sha1sum, I do not get the correct resulting value. Ie when calculating (using the above hashes):, the echo 1ca03ef9cca98b0a04e5b01dabe1ff825ff0280a0ea26e75253dc2fda7e4210980537d035e2fb9f8 | sha1sumvalue is resuting NOT 7f36b991f8ae94141753bcb2cf78936476d82f1d.

Do I understand TPM_Extend correctly? if so, why is the resulting hash different from the one in the sample dimension file?

Thank! /P

+3
source share
1 answer

To answer your first question: your understanding of the extension operation is more or less correct. But you have 2 problems:

  • You misinterpret what you copied here.
  • You cannot calculate hashes like you do on the shell

, , Linux IMA. template-hash

template-hash: SHA1(filedata-hash | filename-hint) 
filedata-hash: SHA1(filedata)

, : SHA1(0ea26e75253dc2fda7e4210980537d035e2fb9f8 | "boot_aggregate") 1ca03ef9cca98b0a04e5b01dabe1ff825ff0280a.

, - 256- - 0-padded. ( ;))

, : PCR.

- Ruby, :

require 'digest/sha1'
filedata_hash = ["0ea26e75253dc2fda7e4210980537d035e2fb9f8"].pack('H*')
filename_hint = "boot_aggregate".ljust(256, "\x00")
puts Digest::SHA1.hexdigest(filedata_hash + filename_hint)

:

, ASCII. , . 1ca03ef9cca98b0a04e5b01dabe1ff825ff0280a 160- - - SHA1. , SHA1 320 .

,

printf "\x1c\xa0\x3e\xf9\xcc\xa9\x8b\x0a\x04\xe5\xb0\x1d\xab\xe1\xff\x82\x5f\xf0\x28\x0a\x0e\xa2\x6e\x75\x25\x3d\xc2\xfd\xa7\xe4\x21\x09\x80\x53\x7d\x03\x5e\x2f\xb9\xf8" | sha1sum

\xXX printf XX .

d14f958b2804cc930f2f5226494bd60ee5174cfa, .

+2

More articles:


All Articles