Discussion:
[TrouSerS-users] Event Log explanation
Massimo Gaggiano
2015-06-07 02:08:19 UTC
Permalink
Hi all,
I use IBM Software TPM and the last version of Trousers.
I'm practicing with PCR extension and Event Log and I'd like some
explanations.

1) How does PcrExtend() calculate the 'pcrValue' output param ?
(since starting with an empty PCR, I did expect after the first
extend that was the input data's SHA1 digest,
but evidently I'm wrong)

2) Shouldn't 'pcrEvent[0].versionInfo.bMajor' and 'bMinor' be set
to 1 and 2, respectively?

3) How does PcrExtend() calculate the 'pcrEvents[0].rgbPcrValue'
output param?

4) Is there a way to delete the whole event log?

Here is my code in summary:

UINT32 pcrValueLen;
BYTE *pcrValue;
Tspi_TPM_PcrRead(hTPM, 16, &pcrValueLen, &pcrValue);
printf("Read PCR 16");
print_ptrBYTE_as_hex("pcrValue", pcrValue, pcrValueLen);

TSS_PCR_EVENT pcrEvent;
pcrEvent.versionInfo.bMajor = (BYTE) 0x67;
pcrEvent.versionInfo.bMinor = (BYTE) 0x89;
pcrEvent.versionInfo.bRevMajor = (BYTE) 0x23;
pcrEvent.versionInfo.bRevMinor = (BYTE) 0x45;
pcrEvent.ulPcrIndex = 16;
pcrEvent.eventType = (UINT32) 9876;
pcrEvent.ulPcrValueLength = (UINT32) 0;
pcrEvent.rgbPcrValue = (BYTE *) NULL;
const char *event = "Event information";
pcrEvent.ulEventLength = (UINT32) strlen(event);
pcrEvent.rgbEvent = (BYTE *) event;

const char *data = "s";
UINT32 dataLen = strlen(data);
Tspi_TPM_PcrExtend(hTPM, pcrIndex, \
dataLen, (BYTE *)data, &pcrEvent, &pcrValueLen, &pcrValue);
printf("Extend PCR 16");
print_ptrBYTE_as_hex("pcrValue", pcrValue, pcrValueLen);

UINT32 eventNumber;
TSS_PCR_EVENT *pcrEvents;
Tspi_TPM_GetEventLog(hTPM, &eventNumber, &pcrEvents);
printf("eventNumber: %d \n", eventNumber);

for(int i=0; i < eventNumber; i++)
{
printf("\n pcrEvents[%d]: \n", i);
printf("versionInfo.bMajor: %x \n", pcrEvents[i].versionInfo.bMajor);
printf("versionInfo.bMinor: %x \n", pcrEvents[i].versionInfo.bMinor);
printf("versionInfo.bRevMajor: %x \n", \
pcrEvents[i].versionInfo.bRevMajor);
printf("versionInfo.bRevMinor: %x \n", \
pcrEvents[i].versionInfo.bRevMinor);
printf("ulPcrIndex: %d \n", pcrEvents[i].ulPcrIndex);
printf("eventType: %d \n", pcrEvents[i].eventType);
printf("ulPcrValueLength: %d \n", pcrEvents[i].ulPcrValueLength);
print_ptrBYTE_as_hex("rgbPcrValue", pcrEvents[i].rgbPcrValue, \
pcrEvents[i].ulPcrValueLength);
printf("ulEventLength: %d \n", pcrEvents[i].ulEventLength);
printf("rgbEvent: %s \n", (char *)pcrEvents[i].rgbEvent);
}

OUTPUT:

Read PCR 16
pcrValue:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Extend PCR 16
pcrValue:
2D 87 5E 9C 9F 52 17 41 C3 0C 09 C8 79 D7 F6 5E 1A 3E AA 08

eventNumber: 1

pcrEvents[0]:
versionInfo.bMajor: 1
versionInfo.bMinor: 1
versionInfo.bRevMajor: 0
versionInfo.bRevMinor: 0
ulPcrIndex: 16
eventType: 9876
ulPcrValueLength: 20
rgbPcrValue:
A8 C6 70 D5 83 8B 7B DF 42 ED 5F 61 E8 60 52 73 94 C2 FA 5F
ulEventLength: 17
rgbEvent: Event information

---

Thank you very very much.
Max

------------------------------------------------------------------------------
Ken Goldman
2015-06-08 13:16:53 UTC
Permalink
Post by Massimo Gaggiano
Hi all,
I use IBM Software TPM and the last version of Trousers.
I'm practicing with PCR extension and Event Log and I'd like some
explanations.
1) How does PcrExtend() calculate the 'pcrValue' output param ?
(since starting with an empty PCR, I did expect after the first
extend that was the input data's SHA1 digest,
but evidently I'm wrong)
1 - See 16.1 TPM_Extend Action 5 for the actual calculation.

2 - See Part 1 4.4 Platform Configuration Register (PCR) to understand
the concept of a PCR and how it relates to security.




------------------------------------------------------------------------------
Massimo Gaggiano
2015-06-10 02:24:23 UTC
Permalink
Hi all,
I think I don't get the sense of the "||" concatenation.

I know that PcrExtend() 'pcrValue' output value is
SHA-1(initial_value || new_20_bytes).

I reset PCR 16 and I extend PCR 16 with both BYTE data[20] =
{'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0'}
and char *data = "12345678901234567890", getting the same pcrValue in
output - 58 78 F2 7B 26 48 3D CE BA B4 EB 21 2E 2C 19 C2 A1 3A 0D D4 .

Can you tell me what data should I give in input to
Tspi_Hash_UpdateValue() to obtain the same digest?

I tried with
{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0'}
but GetHashValue() gives me a different digest
(D1 D6 C8 AD D6 C8 D4 75 42 5D EC 88 74 56 47 F1 6A 04 FC 8E).

Thank you very much.
Max


------------------------------------------------------------------------------
Massimo Gaggiano
2015-06-10 02:55:37 UTC
Permalink
Please discard this thread.
Sorry.
________________________________
Da: Massimo Gaggiano<mailto:***@hotmail.com>
Inviato: ‎10/‎06/‎2015 04:25
A: TrouSerS-***@lists.sourceforge.net<mailto:TrouSerS-***@lists.sourceforge.net>
Oggetto: [TrouSerS-users] Concatenation "||" semantics

Hi all,
I think I don't get the sense of the "||" concatenation.

I know that PcrExtend() 'pcrValue' output value is
SHA-1(initial_value || new_20_bytes).

I reset PCR 16 and I extend PCR 16 with both BYTE data[20] =
{'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0'}
and char *data = "12345678901234567890", getting the same pcrValue in
output - 58 78 F2 7B 26 48 3D CE BA B4 EB 21 2E 2C 19 C2 A1 3A 0D D4 .

Can you tell me what data should I give in input to
Tspi_Hash_UpdateValue() to obtain the same digest?

I tried with
{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0'}
but GetHashValue() gives me a different digest
(D1 D6 C8 AD D6 C8 D4 75 42 5D EC 88 74 56 47 F1 6A 04 FC 8E).

Thank you very much.
Max


------------------------------------------------------------------------------
Continue reading on narkive:
Loading...