252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import sys import common import keylime_logging import hashlib import struct import re import os import ConfigParser logger = keylime_logging.init_logging('ima') # setup config config = ConfigParser.RawConfigParser() config.read(common.CONFIG_FILE) # m = ima_measure_re.match(measure_line) # measure = m.group('file_hash') # filename = m.group('file_path') START_HASH = '0000000000000000000000000000000000000000'.decode('hex') FF_HASH = 'ffffffffffffffffffffffffffffffffffffffff'.decode('hex') # struct event { # struct { # u_int32_t pcr;
material are those of the author(s) and do not necessarily reflect the views of the Assistant Secretary of Defense for Research and Engineering. Copyright 2015 Massachusetts Institute of Technology. The software/firmware is provided to you on an As-Is basis Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import common import keylime_logging logger = keylime_logging.init_logging('cloudverifier') import json import ConfigParser import traceback import sys import tornado.ioloop import tornado.web import functools from tornado import httpserver from tornado.httpclient import AsyncHTTPClient from tornado.httputil import url_concat import cloud_verifier_common import revocation_notifier config = ConfigParser.SafeConfigParser()
The software/firmware is provided to you on an As-Is basis Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import cmd_exec import common import keylime_logging import os import ConfigParser logger = keylime_logging.init_logging('secure_mount') # read the config file config = ConfigParser.RawConfigParser() config.read(common.CONFIG_FILE) def check_mounted(secdir): whatsmounted = cmd_exec.run("mount", lock=False)['retout'] for line in whatsmounted: tokens = line.split() tmpfs = False if len(tokens) < 3: continue if tokens[0] == 'tmpfs': tmpfs = True
Assistant Secretary of Defense for Research and Engineering. Copyright 2015 Massachusetts Institute of Technology. The software/firmware is provided to you on an As-Is basis Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import common import keylime_logging logger = keylime_logging.init_logging('cloudagent') import BaseHTTPServer from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler from SocketServer import ThreadingMixIn import threading from urlparse import urlparse import json import base64 import ConfigParser import uuid import crypto import os import sys import registrar_client
Copyright 2017 Massachusetts Institute of Technology. The software/firmware is provided to you on an As-Is basis Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import common import keylime_logging logger = keylime_logging.init_logging('keylime_sqlite') import os import sqlite3 import json class KeylimeDB(): db_filename = None # in the form key, SQL type cols_db = None # these are the columns that contain json data and need marshalling json_cols_db = None # in the form key : default value exclude_db = None def __init__(self, dbname, cols_db, json_cols_db, exclude_db):
Assistant Secretary of Defense for Research and Engineering. Copyright 2015 Massachusetts Institute of Technology. The software/firmware is provided to you on an As-Is basis Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import common import keylime_logging logger = keylime_logging.init_logging('registrar-common') import BaseHTTPServer from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler from SocketServer import ThreadingMixIn from urlparse import urlparse import json import threading import sys import crypto import base64 import ConfigParser import registrar_client import signal import time import hashlib
import sys import tornado.ioloop import tornado.web import tornado_requests import functools from tornado import httpserver from tornado.httpclient import AsyncHTTPClient from tornado.httputil import url_concat import revocation_notifier import cloud_verifier_common import tenant import base64 import common import keylime_logging logger = keylime_logging.init_logging('tenant_webapp') config = ConfigParser.SafeConfigParser() config.read(common.CONFIG_FILE) tenant_templ = tenant.Tenant() class Agent_Init_Types: FILE = '0' KEYFILE = '1' CA_DIR = '2' class BaseHandler(tornado.web.RequestHandler): def write_error(self, status_code, **kwargs):
import zmq import common import keylime_logging import ConfigParser import json import crypto import threading import functools import time import os import sys from multiprocessing import Process import signal logger = keylime_logging.init_logging('revocation_notifier') config = ConfigParser.SafeConfigParser() config.read(common.CONFIG_FILE) broker_proc = None def start_broker(): def worker(): context = zmq.Context(1) frontend = context.socket(zmq.SUB) frontend.bind("ipc:///tmp/keylime.verifier.ipc") frontend.setsockopt(zmq.SUBSCRIBE, "")
def gencrl(_, a, b): logger = keylime_logging.init_logging('ca_impl_openssl') logger.warning("CRL creation with openssl is not supported") return ""
import struct import sys import time import tempfile from uuid import UUID import json import tpm_obj # get the tpm object tpm = tpm_obj.getTPM(need_hw_tpm=True) sys.path.append(os.path.dirname(__file__)) from tpm_initialize import get_mod_from_pem # Logging boiler plate logger = keylime_logging.init_logging('vtpmmgr') logger.setLevel(logging.INFO) # ./utils/encaik -ek ~/tmp/LLSRC-tci/scripts/llsrc-vtpm-host0_pubek.pem -ik ~/tmp/LLSRC-tci/scripts/llsrc-vtpm-host0_pubek.pem -ok key.blob -oak key.aes # cd /home/rudd/tmp/tpm4720/libtpm # VTPM Command Ordinals. Taken from Xen's stubdoms/vtpmmgr/vtpm_manager.h VTPM_ORD_GROUP_LIST = 0x02000101 VTPM_ORD_GROUP_NEW = 0x02000102 VTPM_ORD_GROUP_DEL = 0x02000103 VTPM_ORD_GROUP_ACTIVATE = 0x02000104 VTPM_ORD_GROUP_SHOW = 0x02000107 VTPM_ORD_VTPM_LIST = 0x02000201 VTPM_ORD_VTPM_NEW = 0x02000204
import threading import traceback import ca_util import common import keylime_logging import tornado.ioloop import tornado.web from tornado import httpserver import keylime.web_util from keylime import json sys.path.insert(0, "../../keylime/") logger = keylime_logging.init_logging("agent_monitor") initscript = None class BaseHandler(tornado.web.RequestHandler): def write_error(self, status_code, **kwargs): self.set_header("Content-Type", "text/json") if self.settings.get("serve_traceback") and "exc_info" in kwargs: # in debug mode, try to send a traceback lines = [] for line in traceback.format_exception(*kwargs["exc_info"]): lines.append(line) self.finish( json.dumps({ "code": status_code,
import M2Crypto from M2Crypto import m2 import os import re import secure_mount from sets import Set import string import subprocess import sys import tempfile import threading import time from tpm_abstract import * from tpm_ek_ca import * logger = keylime_logging.init_logging('tpm1') # read the config file config = ConfigParser.RawConfigParser() config.read(common.CONFIG_FILE) class tpm1(AbstractTPM): def __init__(self, need_hw_tpm=False): AbstractTPM.__init__(self, need_hw_tpm) # shared lock to serialize access to tools self.tpmutilLock = threading.Lock() # TPM 1.2 supports fixed set of algorithms self.supported['hash'] = Set([Hash_Algorithms.SHA1])
import keylime_logging import registrar_client import os import crypto import ssl import socket import ca_util import sqlite3 import revocation_notifier import keylime_sqlite import ConfigParser import tpm_obj from tpm_abstract import TPM_Utilities, Hash_Algorithms, Encrypt_Algorithms, Sign_Algorithms # setup logging logger = keylime_logging.init_logging('cloudverifier_common') # setup config config = ConfigParser.SafeConfigParser() config.read(common.CONFIG_FILE) class CloudAgent_Operational_State: REGISTERED = 0 START = 1 SAVED = 2 GET_QUOTE = 3 GET_QUOTE_RETRY = 4 PROVIDE_V = 5 PROVIDE_V_RETRY = 6 FAILED = 7
above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import sys import common import keylime_logging import ConfigParser import registrar_client import vtpm_manager import base64 import os import errno import json logger = keylime_logging.init_logging('provider_platform_init') config = ConfigParser.RawConfigParser() config.read(common.CONFIG_FILE) def symlink_force(target, link_name): try: os.symlink(target, link_name) except OSError, e: if e.errno == errno.EEXIST: os.remove(link_name) os.symlink(target, link_name) else: raise e def main(argv=sys.argv):
import threading import ca_util import ssl import os import functools import tornado.web import tornado.ioloop import traceback import getpass import argparse import keylime_logging import common import sys sys.path.insert(0, '../../keylime/') logger = keylime_logging.init_logging('agent_monitor') import simplejson as json initscript = None class BaseHandler(tornado.web.RequestHandler): def write_error(self, status_code, **kwargs): self.set_header('Content-Type', 'text/json') if self.settings.get("serve_traceback") and "exc_info" in kwargs: # in debug mode, try to send a traceback lines = [] for line in traceback.format_exception(*kwargs["exc_info"]): lines.append(line)
''' import common import keylime_logging import json import ConfigParser import os import subprocess import tornado_requests from M2Crypto import EVP, X509 import secure_mount import base64 import time import socket logger = keylime_logging.init_logging('ca_impl_cfssl') config = ConfigParser.SafeConfigParser() config.read(common.CONFIG_FILE) cfsslproc = None def post_cfssl(url, data): numtries = 0 maxr = 10 retry = 0.05 while True: try: response = tornado_requests.request("POST", url,
import os import ssl import tornado_requests import hashlib import ima import zipfile import cStringIO import StringIO import logging import subprocess import tpm_obj from tpm_abstract import TPM_Utilities, Hash_Algorithms, Encrypt_Algorithms, Sign_Algorithms # setup logging logger = keylime_logging.init_logging('tenant') # setup config config = ConfigParser.RawConfigParser() config.read(common.CONFIG_FILE) # special exception that suppresses stack traces when it happens class UserError(Exception): pass class Tenant(): """Simple command processor example.""" config = None cloudverifier_ip = None
Assistant Secretary of Defense for Research and Engineering. Copyright 2015 Massachusetts Institute of Technology. The software/firmware is provided to you on an As-Is basis Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import common import keylime_logging logger = keylime_logging.init_logging('ca-util') import sys import os import crypto import base64 import argparse import ConfigParser import getpass import json import zipfile import cStringIO import socket import revocation_notifier import threading import BaseHTTPServer
rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import json import tornado_requests import crypto import base64 import common import keylime_logging import ssl import os import logging logger = keylime_logging.init_logging('registrar_client') context = None def init_client_tls(config, section): global context #make this reentrant if context is not None: return if not config.getboolean('general', "enable_tls"): logger.warning("TLS is currently disabled, AIKs may not be authentic.") return None logger.info("Setting up client TLS...")
The software/firmware is provided to you on an As-Is basis Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import ConfigParser import distutils.spawn import os import common import keylime_logging logger = keylime_logging.init_logging('tpmobj') import tpm1 import tpm2 # read the config file config = ConfigParser.RawConfigParser() config.read(common.CONFIG_FILE) # singleton objects for working with the TPM __tpm1 = None __tpm2 = None __version = None def __guess_tpm_version(): if __version is not None:
Assistant Secretary of Defense for Research and Engineering. Copyright 2015 Massachusetts Institute of Technology. The software/firmware is provided to you on an As-Is basis Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import common import keylime_logging logger = keylime_logging.init_logging('registrar') import registrar_common import ConfigParser import sys config = ConfigParser.SafeConfigParser() config.read(common.CONFIG_FILE) def main(argv=sys.argv): registrar_common.start(config.getint('general', 'registrar_tls_port'), config.getint('general', 'registrar_port'), config.get('registrar', 'db_filename'))
The software/firmware is provided to you on an As-Is basis Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import common import keylime_logging import uuid import tornado_requests logger = keylime_logging.init_logging('openstack') def get_openstack_uuid(uuid_service_ip='169.254.169.254', uuid_service_resource='/openstack/2012-08-10/meta_data.json'): logger.debug("Getting instance UUID from openstack http://%s%s"%(uuid_service_ip,uuid_service_resource)) try: response = tornado_requests.request("GET", "http://" + uuid_service_ip + uuid_service_resource) if response.status_code == 200: response_body = response.json() return response_body["uuid"] logger.debug("Forcing using locally generated uuid.") return str(uuid.uuid4()) except Exception: logger.debug("Using locally generated uuid. Error getting UUID from openstack: %s\n"%(e)) return str(uuid.uuid4())
Assistant Secretary of Defense for Research and Engineering. Copyright 2015 Massachusetts Institute of Technology. The software/firmware is provided to you on an As-Is basis Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. ''' import common import keylime_logging logger = keylime_logging.init_logging('provider-registrar') import registrar_common import ConfigParser import sys config = ConfigParser.SafeConfigParser() config.read(common.CONFIG_FILE) def main(argv=sys.argv): registrar_common.start( config.getint('general', 'provider_registrar_tls_port'), config.getint('general', 'provider_registrar_port'), config.get('registrar', 'prov_db_filename'))
''' import sys import common import keylime_logging import ConfigParser import registrar_client import vtpm_manager import base64 import json # read the config file config = ConfigParser.RawConfigParser() config.read(common.CONFIG_FILE) logger = keylime_logging.init_logging('platform-init') def add_vtpm(inputfile): # read in the file with open(inputfile, 'r') as f: group = json.load(f) # fetch configuration parameters provider_reg_port = config.get('general', 'provider_registrar_port') provider_reg_ip = config.get('general', 'provider_registrar_ip') # request a vtpm uuid from the manager vtpm_uuid = vtpm_manager.add_vtpm_to_group(group['uuid']) # registrar it and get back a blob