2 * This file is part of the OpenPTS project.
4 * The Initial Developer of the Original Code is International
5 * Business Machines Corporation. Portions created by IBM
6 * Corporation are Copyright (C) 2010 International Business
7 * Machines Corporation. All Rights Reserved.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the Common Public License as published by
11 * IBM Corporation; either version 1 of the License, or (at your option)
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * Common Public License for more details.
19 * You should have received a copy of the Common Public License
20 * along with this program; if not, a copy can be viewed at
21 * http://www.opensource.org/licenses/cpl1.0.php.
26 * \brief AIDE I/F APIs
27 * @author Seiji Munetoh <munetoh@users.sourceforge.jp>
29 * cleanup 2011-07-06 SM
31 * 1) Integrity check with AIDE
33 * $ ./configure --with-aide
36 * 2) Integrity check with AIDE and SQLite (fast?)
38 * # yum install sqlite-devel
40 * $ ./configure --with-aide --with-sqlite
49 * PostgreSQL XXsec (TBD)
52 * http://www.gnu.org/s/libc/manual/html_node/Hash-Search-Function.html
54 * binary digest did not work well, thus try base64 string in stead binary blob.
65 #include <search.h> // hash table
79 * TODO(munetoh) new -> add?
81 AIDE_METADATA * newAideMetadata() {
82 AIDE_METADATA *metadata;
83 metadata = (AIDE_METADATA *) xmalloc(sizeof(AIDE_METADATA));
84 if (metadata == NULL) {
85 // ERROR("no memory\n");
88 memset(metadata, 0, sizeof(AIDE_METADATA));
98 * TODO(munetoh) sep. all and single
100 void freeAideMetadata(AIDE_METADATA *md) {
101 if (md == NULL) return;
103 if (md->next != NULL) {
104 freeAideMetadata(md->next);
108 if (md->name != NULL) xfree(md->name);
109 if (md->lname != NULL) xfree(md->lname);
110 if (md->sha1 != NULL) xfree(md->sha1);
111 if (md->sha256 != NULL) xfree(md->sha256);
112 if (md->ima_name != NULL) xfree(md->ima_name);
113 if (md->hash_key != NULL) xfree(md->hash_key);
124 int addAideMetadata(AIDE_CONTEXT *ctx, AIDE_METADATA *md) {
128 if (ctx->start == NULL) {
142 // #define AIDE_CHBY_LIST 1
143 #define AIDE_CHBY_LIST 0
145 #define AIDE_HASH_TABLE_SIZE 16000
151 #define AIDE_HASH_CHECK_SIZE SHA1_DIGEST_SIZE
152 // #define AIDE_HASH_CHECK_SIZE 20
157 AIDE_CONTEXT * newAideContext() {
161 // DEBUG("newAideContext()\n");
163 ctx = xmalloc(sizeof(AIDE_CONTEXT));
167 memset(ctx, 0, sizeof(AIDE_CONTEXT));
170 // TODO set the size in openpts.h
171 ctx->aide_md_table = xmalloc(sizeof(struct hsearch_data));
173 memset(ctx->aide_md_table, 0, sizeof(struct hsearch_data));
174 rc = hcreate_r(AIDE_HASH_TABLE_SIZE, ctx->aide_md_table); // hash table for metadata
176 ERROR("hcreate faild, errno=%x\n", errno);
179 ctx->aide_md_table_size = 0;
181 ctx->aide_in_table = xmalloc(sizeof(struct hsearch_data));
183 memset(ctx->aide_in_table, 0, sizeof(struct hsearch_data));
185 rc = hcreate_r(AIDE_HASH_TABLE_SIZE, ctx->aide_in_table); // hash table for ignore name
187 ERROR("hcreate faild\n");
190 ctx->aide_in_table_size = 0;
192 DEBUG("newAideContext %p\n", ctx);
196 if (ctx != NULL) xfree(ctx);
203 void freeAideIgnoreList(AIDE_LIST *list) {
208 if (list->next != NULL) {
209 freeAideIgnoreList(list->next);
214 if (list->name != NULL) {
226 void freeAideContext(AIDE_CONTEXT *ctx) {
229 ERROR("ctx is NULL\n");
232 DEBUG("freeAideContext %p \n", ctx);
234 // DEBUG("aide_md_table_size = %d\n", ctx->aide_md_table_size);
235 // DEBUG("aide_in_table_size = %d\n", ctx->aide_in_table_size);
238 hdestroy_r(ctx->aide_md_table);
239 hdestroy_r(ctx->aide_in_table);
241 xfree(ctx->aide_md_table);
242 xfree(ctx->aide_in_table);
245 if (ctx->sqlite_db != NULL) {
247 sqlite3_close(ctx->sqlite_db);
251 /* free metadata chain */
252 if (ctx->start != NULL) {
253 freeAideMetadata(ctx->start);
256 /* free ignore list */
257 if (ctx->ignore_name_start != NULL) {
258 // DEBUG("free tx->ignore_name_start\n");
259 freeAideIgnoreList(ctx->ignore_name_start);
268 * load AIDE db file (giped)
270 name lname attr sha1 sha256
271 /bin/vi 0 1073750017 C9ID19uSxnrv/Bt0uYbloaVO1SQ= VTYuAxsuG4pmWHP9ZCTO1KUsYk2uwTvwiCJ/OxzsVd0=
273 /bin/dnsdomainname hostname 3 0 0
277 #define AIDE_SPEC_BUF_SIZE 1024
278 #define AIDE_MAX_ITEM_NUM 20
279 #define AIDE_MAX_ITEM_SIZE 10
281 // TODO(munetoh) add more...
282 #define AIDE_ITEM_NAME 0 // char
283 #define AIDE_ITEM_LNAME 1 // int
284 #define AIDE_ITEM_ATTR 2 // int
285 #define AIDE_ITEM_SHA1 3 // base64
286 #define AIDE_ITEM_SHA256 4 // base64
287 #define AIDE_ITEM_SHA512 5 // base64
288 #define AIDE_ITEM_PERM 6 //
289 #define AIDE_ITEM_UID 7 //
290 #define AIDE_ITEM_GID 8 //
291 #define AIDE_ITEM_ACL 9 //
292 #define AIDE_ITEM_XATTRS 10 //
294 int getAideItemIndex(char *buf) {
295 if (!strncmp(buf, "name", 4)) {
296 return AIDE_ITEM_NAME;
297 } else if (!strncmp(buf, "lname", 5)) {
298 return AIDE_ITEM_LNAME;
299 } else if (!strncmp(buf, "attr", 4)) {
300 return AIDE_ITEM_ATTR;
301 } else if (!strncmp(buf, "sha1", 4)) {
302 return AIDE_ITEM_SHA1;
303 } else if (!strncmp(buf, "sha256", 6)) {
304 return AIDE_ITEM_SHA256;
305 } else if (!strncmp(buf, "sha512", 6)) {
306 return AIDE_ITEM_SHA512;
307 } else if (!strncmp(buf, "perm", 4)) {
308 return AIDE_ITEM_PERM;
309 } else if (!strncmp(buf, "acl", 4)) {
310 return AIDE_ITEM_ACL;
311 } else if (!strncmp(buf, "uid", 4)) {
312 return AIDE_ITEM_UID;
313 } else if (!strncmp(buf, "gid", 4)) {
314 return AIDE_ITEM_GID;
315 } else if (!strncmp(buf, "xattrs", 6)) {
316 return AIDE_ITEM_XATTRS;
318 ERROR("Unknown AIDE item [%s]\n", buf);
325 * load AIDE database from file
327 * filename base64(digest)
332 int loadAideDatabaseFile(AIDE_CONTEXT *ctx, char *filename) {
334 char buf[AIDE_SPEC_BUF_SIZE];
335 int items[AIDE_MAX_ITEM_NUM];
351 DEBUG("loadAideDatabaseFile - start, filename=[%s]\n", filename);
353 fp = gzopen(filename, "r");
355 ERROR("%s missing\n", filename);
359 while (gzgets(fp, buf, sizeof(buf)) != NULL) {
360 if (!strncmp(buf, "#", 1)) {
361 } else if (!strncmp(buf, "@@begin_db", 10)) {
363 } else if (!strncmp(buf, "@@end_db", 8)) {
365 } else if (!strncmp(buf, "@@db_spec", 9)) {
368 end = buf + strlen(buf);
374 while ((ptr < end) && (*ptr == 0x20)) {
375 printf("skip %d ", *ptr);
380 sep = strstr(ptr, " ");
382 ERROR("bad data, %s\n", buf);
389 items[item_num] = getAideItemIndex(ptr);
391 if (items[item_num] < 0) {
397 if (sep + 3 > end) break; // TODO(munetoh)
402 if (item_num > AIDE_MAX_ITEM_NUM) {
403 ERROR("loadAideDatabaseFile - %d items > %d \n", item_num, AIDE_MAX_ITEM_NUM);
406 DEBUG("loadAideDatabaseFile - has %d items\n", item_num);
407 } else if (body == 2) { /* DB items */
409 md = newAideMetadata();
413 end = buf + strlen(buf);
416 // *end = 0; // TODO(munetoh) remove \n
421 for (i = 0; i < item_num; i++) {
423 if (i != item_num - 1) {
424 // printf("SEP %d %d\n",i, item_num);
425 sep = strstr(ptr, " ");
427 ERROR("bad data, %s\n", buf);
428 freeAideMetadata(md);
435 /* check the null string*/
436 if (!strncmp(ptr, "0", strlen(ptr))) {
438 } else if (!strncmp(ptr, "0\n", strlen(ptr))) {
445 case AIDE_ITEM_NAME: // char
447 md->name = smalloc_assert(ptr);
450 case AIDE_ITEM_LNAME: // char
452 md->lname = smalloc_assert(ptr);
455 case AIDE_ITEM_ATTR: // int
456 md->attr = atoi(ptr);
458 case AIDE_ITEM_SHA1: // base64
461 md->sha1 = decodeBase64(
463 SHA1_BASE64_DIGEST_SIZE,
465 if (md->sha1 == NULL) {
466 ERROR("decodeBase64 fail");
469 if (len != SHA1_DIGEST_SIZE) {
470 ERROR("bad SHA1 size %d %s\n", len, ptr);
471 // printf("base64 [%s] => [", ptr);
472 printHex("digest", md->sha1, len, "\n");
477 case AIDE_ITEM_SHA256: // base64
479 md->sha256 = decodeBase64(
481 SHA256_BASE64_DIGEST_SIZE,
483 if (md->sha256 == NULL) {
484 ERROR("decodeBase64 fail");
487 if (len != SHA256_DIGEST_SIZE) {
488 ERROR("bad SHA256 size %d\n", len);
489 printf("base64 [%s] => [", ptr);
490 printHex("", (BYTE *)ptr, 2, " ");
492 printHex("", md->sha256, len, " ");
497 case AIDE_ITEM_SHA512: // base64
499 md->sha512 = decodeBase64(
501 SHA512_BASE64_DIGEST_SIZE,
503 if (md->sha512 == NULL) {
504 ERROR("decodeBase64 fail");
507 if (len != SHA512_DIGEST_SIZE) {
508 ERROR("bad SHA512 size %d\n", len);
509 printf("base64 [%s] => [", ptr);
510 printHex("", (BYTE *)ptr, 2, "");
512 printHex("", md->sha512, len, "");
517 case AIDE_ITEM_XATTRS:
518 // DEBUG("AIDE_ITEM_XATTRS\n");
521 // DEBUG("Unknown item[%d] %d\n", i, items[i]);
528 md->status = OPENPTS_AIDE_MD_STATUS_NEW;
529 addAideMetadata(ctx, md);
531 /* save to the hash table */
532 if (sha1_b64_ptr != NULL) {
533 // TODO SHA1 only, add hash agility later
535 sha1_b64_ptr[SHA1_BASE64_DIGEST_SIZE] = 0; // jXgiZyt0yUbP4QhAq9WFsLF/FL4= 28
536 md->hash_key = xmalloc(strlen(sha1_b64_ptr) +1);
538 memcpy(md->hash_key, sha1_b64_ptr, strlen(sha1_b64_ptr) + 1);
540 e.key = (char *)md->hash_key;
542 rc = hsearch_r(e, ENTER, &ep, ctx->aide_md_table);
545 if (errno == ENOMEM) {
546 ERROR(" hsearch_r failed, table is full, errno=%x\n", errno);
548 ERROR(" hsearch_r failed, errno=%x\n", errno);
551 // CAUTION too many messages, use for debugging the unit test
552 // DEBUG("Hash Table <- %4d [%s] %s\n", ctx->aide_md_table_size, md->hash_key, md->name);
553 ctx->aide_md_table_size++;
558 if (ctx->start == NULL) {
569 // ignore printf("??? [%s]\n", buf);
574 DEBUG("loadAideDatabaseFile - has %d entries\n", ctx->metadata_num);
575 DEBUG("loadAideDatabaseFile - done\n");
577 return ctx->metadata_num;
582 * read AIDE ignore name
590 int readAideIgnoreNameFile(AIDE_CONTEXT *ctx, char *filename) {
591 int rc = PTS_SUCCESS;
600 DEBUG("readAideIgnoreNameFile - start, filename=[%s]\n", filename);
602 /* Open file for read */
603 fp = fopen(filename, "r");
605 DEBUG("%s missing\n", filename);
611 while (fgets(line, BUF_SIZE, fp) != NULL) { // read line
612 /* ignore comment, null line */
613 if (line[0] == '#') {
619 if (line[len-1] == 0x0a) line[len-1] = 0;
621 DEBUG("%4d [%s]\n", cnt, line);
624 list = xmalloc(sizeof(AIDE_LIST));
628 goto error; // return -1;
630 memset(list, 0, sizeof(AIDE_LIST));
631 list->name = smalloc_assert(line);
634 if (ctx->ignore_name_start == NULL) {
636 ctx->ignore_name_start = list;
637 ctx->ignore_name_end = list;
641 ctx->ignore_name_end->next = list;
642 ctx->ignore_name_end = list;
648 e.data = (void *)list;
649 rc = hsearch_r(e, ENTER, &ep, ctx->aide_in_table);
651 if (errno == ENOMEM) {
652 ERROR(" hsearch_r failed, ignore name table is full, errno=%x\n", errno);
654 ERROR(" hsearch_r failed, errno=%x\n", errno);
657 ctx->aide_in_table_size++;
666 DEBUG("readAideIgnoreNameFile - done, num = %d\n", cnt);
673 * print all AIDE data, for TEST and DEBUG
675 int printAideData(AIDE_CONTEXT *ctx) {
679 DEBUG("printAideData - start\n");
680 DEBUG("printAideData - num = %d\n", ctx->metadata_num);
684 for (i = 0; i < ctx->metadata_num; i++) {
686 if ( md->name != NULL) printf("%30s ", md->name);
687 if ( md->lname != NULL) printf("%20s ", md->lname);
688 if ( md->attr != 0) printf("%08X ", md->attr);
689 if (md->sha1 != NULL)
690 printHex("", md->sha1, 20, " ");
694 if (md->sha256 != NULL)
695 printHex("", md->sha256, 32, " ");
703 DEBUG("printAideData - end\n");
709 int hexcmp(BYTE *d1, BYTE *d2, int len) {
712 for (i = 0; i < len; i++) {
713 if (d1[i] != d2[i]) {
722 // TODO(munetoh) how this work?
723 void copyAideMetadata(AIDE_METADATA *dst, AIDE_METADATA *src) {
724 if (dst->name == NULL) {
725 dst->name = xmalloc(strlen(src->name) + 1);
726 memcpy(dst->name, src->name, strlen(src->name) + 1);
731 * check AIDE MD vs given MD (SHA1)
733 * TODO(munetoh) obsolute use checkEventByAide()
735 int checkFileByAide(AIDE_CONTEXT *ctx, AIDE_METADATA *metadata) {
743 if (metadata == NULL) {
749 for (i = 0; i < ctx->metadata_num; i++) {
753 if ((metadata->sha1 != NULL) && (md->sha1 != NULL)) {
754 if (!hexcmp(metadata->sha1, md->sha1, SHA1_DIGEST_SIZE)) {
756 DEBUG_FSM("checkFileByAide - HIT name=[%s]\n", md->name);
757 md->status = OPENPTS_AIDE_MD_STATUS_HIT;
758 copyAideMetadata(metadata, md);
764 DEBUG_FSM("checkFileByAide - MISS\n");
776 int checkIgnoreList(AIDE_CONTEXT *ctx, char *name) {
782 ERROR("checkIgnoreList() - name is null\n");
786 list = ctx->ignore_name_start;
787 while (list != NULL) {
788 // TODO(munetoh) not check the all string
789 if (list->name != NULL) {
790 len = strlen(list->name);
791 if (!strncmp(name, list->name, len)) {
793 DEBUG("HIT %s\n", name);
797 ERROR("checkIgnoreList() - list->name is null\n");
809 * check Eventlog with AIDE DB
812 * event->rgbEvent[0] - [20] <= SHA1 digest of the File
820 * skip this check 33sec -> 2sec
823 int checkEventByAide(AIDE_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
824 TSS_PCR_EVENT *event;
837 #endif // AIDE_CHBY_LIST
838 #endif // CONFIG_SQLITE
840 // DEBUG("checkEventByAide - start\n");
843 ERROR("checkEventByAide - AIDE_CONTEXT is NULL\n");
847 if (eventWrapper == NULL) {
848 ERROR("OcheckEventByAide - PENPTS_PCR_EVENT_WRAPPER is NULL\n");
852 event = eventWrapper->event;
854 // 20100627 ignore pseudo event
855 if (event->eventType == OPENPTS_PSEUDO_EVENT_TYPE) {
856 ERROR("validateImaMeasurement - event->eventType == OPENPTS_PSEUDO_EVENT_TYPE\n");
860 if (event->rgbEvent == NULL) {
865 if (event->ulPcrValueLength != SHA1_DIGEST_SIZE) {
866 DEBUG("bad digest size\n");
870 /* OK, let's find the HIT */
878 ERROR("encodeBase64 fail");
881 rc = verifyBySQLite(ctx, (char*)buf);
884 if (rc == OPENPTS_RESULT_VALID) {
886 // md = (AIDE_METADATA *) ep->data;
887 // DEBUG_FSM("checkFileByAide - HIT name=[%s]\n", md->name);
888 // md->status = OPENPTS_AIDE_MD_STATUS_HIT;
889 // md->event_wrapper = eventWrapper; // n:1
890 // eventWrapper->aide_metadata = md; // 1:n
891 // this output many lines:-P
892 // DEBUG("HIT [%s] \n",b64);
895 #else // CONFIG_SQLITE
899 for (i = 0; i < ctx->metadata_num; i++) {
901 DEBUG("AIDE MeataData is NULL\n");
905 if (md->sha1 != NULL) {
906 if (memcmp(event->rgbEvent, md->sha1, SHA1_DIGEST_SIZE) == 0) {
908 DEBUG_FSM("checkFileByAide - HIT name=[%s]\n", md->name);
909 md->status = OPENPTS_AIDE_MD_STATUS_HIT;
910 md->event_wrapper = eventWrapper; // n:1
911 eventWrapper->aide_metadata = md; // 1:n
912 // copyAideMetadata(metadata, md);
918 DEBUG_FSM("checkFileByAide - MISS\n");
926 ERROR("encodeBase64 fail");
929 e.key = (char *) buf; // size?
930 e.data = NULL; // just initialized for static analysys
936 // after (hash) BINARY
940 // after (hash) BASE64 :-(
948 rc = hsearch_r(e, FIND, &ep, ctx->aide_md_table);
951 // DEBUG("MD HIT\n");
952 md = (AIDE_METADATA *) ep->data;
953 DEBUG_FSM("checkFileByAide - HIT name=[%s]\n", md->name);
954 md->status = OPENPTS_AIDE_MD_STATUS_HIT;
955 md->event_wrapper = eventWrapper; // n:1
956 eventWrapper->aide_metadata = md; // 1:n
957 // DEBUG("HIT [%s] %s\n",b64, md->name);
960 // DEBUG("MISS [%s] MISS\n",b64);
964 #endif // CONFIG_SQLITE
966 /* check ignore list */
969 name = (char *)event->rgbEvent;
970 name += SHA1_DIGEST_SIZE;
972 name = snmalloc(name, (event->ulEventLength - SHA1_DIGEST_SIZE));
975 rc = checkIgnoreList(ctx, name);
992 * Get AIDE metadata by name
994 * "name" must be unique but
995 * if multiple entries has sama name this returns first one. :-P
997 AIDE_METADATA *getMetadataFromAideByName(AIDE_CONTEXT *ctx, char *name) {
1011 for (i = 0; i < ctx->metadata_num; i++) {
1015 if (md->name != NULL) {
1016 if (!strcmp(md->name, name)) {
1018 DEBUG("checkFileByAide HIT %s\n", name);
1028 * Convert the following char to %XX
1030 * Caller have to free out buffer;
1046 int escapeFilename(char **out, char *in) {
1053 /* rough malloc new buffer */
1054 buf = xmalloc(len*3);
1061 for (i = 0; i < len; i++) {
1062 if (in[i] == 0x20) {
1067 } else if (in[i] == 0x25) {
1072 } else if (in[i] == 0x3A) {
1077 } else if (in[i] == 0x40) {
1082 } else if (in[i] == 0x5B) {
1087 } else if (in[i] == 0x5D) {
1092 } else if (in[i] == 0x7B) {
1097 } else if (in[i] == 0x7D) {
1102 } else if (in[i] == 0x7E) {
1120 * Convert IML TSS/file(ptscd.conf) to AIDE DB
1122 * ctx get the IML before call this func
1123 * filename output AIDE DB filename
1125 * TODO(munetoh) IMA_31 only
1127 int convertImlToAideDbFile(OPENPTS_CONTEXT *ctx, char *filename) {
1130 OPENPTS_SNAPSHOT *ss;
1131 OPENPTS_PCR_EVENT_WRAPPER *eventWrapper;
1132 TSS_PCR_EVENT *event;
1135 char *aide_filename = NULL;
1138 DEBUG("convertImlToAideDbFile %s\n", filename);
1140 /* file open for write */
1141 fp = gzopen(filename, "wb");
1143 ERROR("%s fail to open\n", filename);
1148 gzprintf(fp, "@@begin_db\n");
1149 gzprintf(fp, "# This file was generated by OpenPTS\n");
1150 gzprintf(fp, "@@db_spec name sha1 \n");
1153 ss = getSnapshotFromTable(ctx->ss_table, 10, 1); // TODO def or conf
1155 ERROR("events is missing\n");
1158 eventWrapper = ss->start;
1159 if (eventWrapper == NULL) {
1160 ERROR("events is missing\n");
1164 event = eventWrapper->event;
1166 // DEBUG("PCR[%d]\n", ss->pcrIndex);
1167 // DEBUG("event_num %d\n", ss->event_num);
1169 // for (i = 0; i < ctx->eventNum; i++) {
1170 for (i = 0; i < ctx->ss_table->event_num; i++) { // TODO ss->event_num?
1171 // DEBUG("SM DEBUG event %p\n",event);
1173 if (event == NULL) {
1174 ERROR("event is NULL\n");
1178 if (event->rgbEvent == NULL) {
1179 ERROR("event->rgbEvent is NULL\n");
1183 // TODO 2010-10-05 SM
1184 // AIDE convert the following chars in filename
1185 // SPACE 0x20 -> "%20"
1195 // gzprintf(fp, "%s ",&eventWrapper->event->rgbEvent[20]);
1197 /* filename (allocated) */
1198 len = escapeFilename(&aide_filename, (char *) &eventWrapper->event->rgbEvent[20]);
1200 ERROR("convertImlToAideDbFile - no mem?\n");
1201 gzprintf(fp, "bad_filename ");
1203 gzprintf(fp, "%s ", aide_filename);
1204 xfree(aide_filename);
1205 aide_filename = NULL;
1210 (unsigned char *)event->rgbEvent,
1214 ERROR("encodeBase64 fail");
1217 gzprintf(fp, "%s \n", buf);
1220 // printf("%d %s\n", i, buf);
1222 eventWrapper = eventWrapper->next_pcr;
1223 if (eventWrapper == NULL) break;
1224 event = eventWrapper->event;
1228 gzprintf(fp, "@@end_db\n");
1231 gzseek(fp, 1L, SEEK_CUR); // add one \n
1234 if (aide_filename != NULL) xfree(aide_filename);
1236 DEBUG("convertImlToAideDbFile - done\n");
1238 return i+1; // event num
1242 * reduce the size of AIDE DB
1245 * AIDE-DB IMA-IML AIDE-DB
1246 * --------------------------
1251 * --------------------------
1254 * return AIDE entry count
1257 int writeReducedAidbDatabase(AIDE_CONTEXT *ctx, char *filename) {
1265 DEBUG("writeReducedAidbDatabase %s\n", filename);
1271 /* file open for write */
1272 fp = gzopen(filename, "wb");
1274 ERROR("%s fail to open\n", filename);
1279 gzprintf(fp, "@@begin_db\n");
1280 gzprintf(fp, "# This file was generated by OpenPTS\n");
1281 gzprintf(fp, "@@db_spec name sha1 \n");
1286 for (i = 0; i < ctx->metadata_num; i++) {
1291 if (md->status == OPENPTS_AIDE_MD_STATUS_HIT) {
1294 (unsigned char *)md->sha1,
1298 ERROR("encodeBase64 fail");
1301 gzprintf(fp, "%s ", md->name);
1302 gzprintf(fp, "%s \n", buf);
1311 gzprintf(fp, "@@end_db\n");
1314 gzseek(fp, 1L, SEEK_CUR); // add one \n
1317 DEBUG("convertImlToAideDbFile - done\n");
1323 #ifdef CONFIG_SQLITE
1325 * Convert AIDE BD file to SQLite DB file
1328 * 0 PTS_SUCCESS success
1329 * PTS_INTERNAL_ERROR ERROR
1331 int convertAideDbfileToSQLiteDbFile(char * aide_filename, char * sqlite_filename) {
1332 int rc = PTS_SUCCESS;
1342 if (aide_filename == NULL) {
1343 ERROR("AIDE file is null\n");
1344 return PTS_INTERNAL_ERROR;
1346 if (sqlite_filename == NULL) {
1347 ERROR("sqlite file is null\n");
1348 return PTS_INTERNAL_ERROR;
1352 /* new AIDE context */
1353 ctx = newAideContext();
1355 /* read AIDE DB file -> ctx */
1356 rc = loadAideDatabaseFile(ctx, aide_filename);
1358 ERROR("read AIDE DB %s fail, rc = %d", aide_filename, rc);
1365 /* rm existing DB file */
1366 remove(sqlite_filename);
1369 sqlite3_open(sqlite_filename, &db);
1371 ERROR("open AIDE DB fail\n");
1372 rc = PTS_INTERNAL_ERROR;
1377 "CREATE TABLE sample (id INTEGER PRIMARY KEY, digest TEXT NOT NULL, "
1378 "name TEXT NOT NULL, state INTEGER NOT NULL)",
1380 // DEBUG("CREATE err=%s\n", err);
1383 sqlite3_exec(db, "BEGIN", NULL, NULL, &err);
1384 // DEBUG("BEGIN err=%s\n", err);
1389 for (i = 0; i < ctx->metadata_num; i++) {
1390 if (md->hash_key != NULL) {
1391 sql = sqlite3_mprintf(
1392 "INSERT INTO sample (id, digest, name, state) VALUES (%d, '%s','%s', %d)",
1393 j, md->hash_key, md->name, 0);
1394 sqlite3_exec(db, sql, NULL, NULL, &err);
1395 // DEBUG("INSERT err=%s\n", err);
1402 sqlite3_exec(db, "COMMIT", NULL, NULL, &err);
1403 // DEBUG("COMMIT err=%s\n", err);
1406 sqlite3_exec(db, "CREATE INDEX digestindex ON sample(digest)", NULL, NULL, &err);
1407 // DEBUG("CREATE INDEX err=%s\n", err);
1416 freeAideContext(ctx);
1422 * load (open) SQLite DB file
1424 int loadSQLiteDatabaseFile(AIDE_CONTEXT *ctx, char *filename) {
1427 ERROR("ctx == NULL\n");
1428 return PTS_INTERNAL_ERROR;
1430 if (filename == NULL) {
1431 ERROR("filename == NULL\n");
1432 return PTS_INTERNAL_ERROR;
1436 sqlite3_open(filename, &ctx->sqlite_db);
1437 if (ctx->sqlite_db == NULL) {
1438 ERROR("open AIDE SQLite DB %s fail\n", filename);
1439 return PTS_INTERNAL_ERROR;
1448 int verifyBySQLite(AIDE_CONTEXT *ctx, char * key) {
1456 ERROR("ctx == NULL\n");
1457 return PTS_INTERNAL_ERROR;
1459 if (ctx->sqlite_db == NULL) {
1460 ERROR("ctx->sqlite_db == NULL\n");
1461 return PTS_INTERNAL_ERROR;
1464 sql = sqlite3_mprintf("SELECT * from sample where digest = '%s'", key);
1465 sqlite3_get_table(ctx->sqlite_db, sql, &result, &row, &col, &err);
1466 // DEBUG("%2d %d %s\n",row,col, md->hash_key);
1469 return OPENPTS_RESULT_VALID;
1472 // ERROR("row = %d\n",row);
1477 sqlite3_free_table(result);
1481 return OPENPTS_RESULT_UNKNOWN;
1483 #endif // CONFIG_SQLITE
OSDN Git Service
