mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
fixing spotbug
This commit is contained in:
iadgovuser58
parent
92042f8698
commit
042a830a6e
@ -261,11 +261,17 @@ public class TpmPcrEvent {
|
||||
case EvConstants.EV_UNUSED:
|
||||
break;
|
||||
case EvConstants.EV_NO_ACTION:
|
||||
EvNoAction noAction = new EvNoAction(eventContent);
|
||||
sb.append(noAction.toString());
|
||||
if (noAction.isSpecIDEvent()) {
|
||||
specVersion = noAction.getSpecVersion();
|
||||
specErrataVersion = noAction.getSpecErrataVersion();
|
||||
EvNoAction noAction = null;
|
||||
try {
|
||||
noAction = new EvNoAction(eventContent);
|
||||
sb.append(noAction.toString());
|
||||
if (noAction.isSpecIDEvent()) {
|
||||
specVersion = noAction.getSpecVersion();
|
||||
specErrataVersion = noAction.getSpecErrataVersion();
|
||||
}
|
||||
} catch (UnsupportedEncodingException ueEx) {
|
||||
log.error(ueEx);
|
||||
sb.append(ueEx.toString());
|
||||
}
|
||||
break;
|
||||
case EvConstants.EV_SEPARATOR:
|
||||
|
||||
@ -76,27 +76,23 @@ public abstract class DeviceSecurityEvent {
|
||||
*/
|
||||
public void instantiateDeviceContext(final byte[] dsedDeviceContextBytes) {
|
||||
|
||||
if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_NONE) {
|
||||
deviceContextInfo = "\n No Device Context (indicated by device type value of 0";
|
||||
}
|
||||
else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_PCI) {
|
||||
try {
|
||||
dsedDevContext
|
||||
= new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes);
|
||||
deviceContextInfo = dsedDevContext.toString();
|
||||
}
|
||||
catch(NullPointerException e) {
|
||||
deviceContextInfo = " Could not interpret Device Context info";
|
||||
}
|
||||
}
|
||||
else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_USB) {
|
||||
// dsedDevContext
|
||||
// = new DeviceSecurityEventDataUsbContext(dsedDeviceContextBytes);
|
||||
// deviceContextInfo = dsedDevContext.toString();
|
||||
deviceContextInfo = " Device Type: USB - To be implemented";
|
||||
if(dsedDeviceContextBytes.length == 0) {
|
||||
deviceContextInfo = "\n DeviceSecurityEventDataDeviceContext object is empty";
|
||||
}
|
||||
else {
|
||||
deviceContextInfo = " Unknown device type; cannot process device context";
|
||||
if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_NONE) {
|
||||
deviceContextInfo = "\n No Device Context (indicated by device type value of 0)";
|
||||
}
|
||||
else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_PCI) {
|
||||
dsedDevContext = new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes);
|
||||
deviceContextInfo = dsedDevContext.toString();
|
||||
}
|
||||
else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_USB) {
|
||||
deviceContextInfo = " Device Type: USB - To be implemented";
|
||||
}
|
||||
else {
|
||||
deviceContextInfo = " Unknown device type; cannot process device context";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -37,7 +37,10 @@ public class DeviceSecurityEventData extends DeviceSecurityEvent {
|
||||
*/
|
||||
public DeviceSecurityEventData(final byte[] dsedBytes) {
|
||||
|
||||
try {
|
||||
if(dsedBytes.length == 0) {
|
||||
headerInfo = " DeviceSecurityEventData object is empty";
|
||||
}
|
||||
else {
|
||||
dsedHeader = new DeviceSecurityEventDataHeader(dsedBytes);
|
||||
headerInfo = dsedHeader.toString();
|
||||
|
||||
@ -51,9 +54,6 @@ public class DeviceSecurityEventData extends DeviceSecurityEvent {
|
||||
|
||||
instantiateDeviceContext(dsedDevContextBytes);
|
||||
}
|
||||
catch(NullPointerException e) {
|
||||
headerInfo = " Could not interpret Header info";
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -62,8 +62,7 @@ public class DeviceSecurityEventData extends DeviceSecurityEvent {
|
||||
* @return a description of this structure.
|
||||
*/
|
||||
public String toString() {
|
||||
String dsedInfo = "";
|
||||
dsedInfo += headerInfo;
|
||||
String dsedInfo = headerInfo;
|
||||
dsedInfo += getDeviceContextInfo();
|
||||
return dsedInfo;
|
||||
}
|
||||
|
||||
@ -2,6 +2,8 @@ package hirs.utils.tpm.eventlog.events;
|
||||
|
||||
import lombok.Getter;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
|
||||
/**
|
||||
* Class to process DEVICE_SECURITY_EVENT_DATA2.
|
||||
* Parses event data per PFP v1.06 Rev52 Table 26.
|
||||
@ -50,7 +52,10 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent {
|
||||
*/
|
||||
public DeviceSecurityEventData2(final byte[] dsedBytes) {
|
||||
|
||||
try {
|
||||
if(dsedBytes.length == 0) {
|
||||
headerInfo = " DeviceSecurityEventData2 object is empty";
|
||||
}
|
||||
else {
|
||||
dsedHeader2 = new DeviceSecurityEventDataHeader2(dsedBytes);
|
||||
headerInfo = dsedHeader2.toString();
|
||||
|
||||
@ -66,24 +71,12 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent {
|
||||
System.arraycopy(dsedBytes, dsedHeaderLength, dsedSubHeaderBytes, 0, subHeaderLength);
|
||||
|
||||
if (subHeaderType == DeviceSecurityEventDataSubHeader.SUBHEADERTYPE_MEAS_BLOCK) {
|
||||
try {
|
||||
dsedSubHeader =
|
||||
new DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(dsedSubHeaderBytes);
|
||||
subHeaderInfo += dsedSubHeader.toString();
|
||||
}
|
||||
catch(NullPointerException e) {
|
||||
subHeaderInfo = " Could not interpret Sub header info for SPDM measurment block\n";
|
||||
}
|
||||
dsedSubHeader = new DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(dsedSubHeaderBytes);
|
||||
subHeaderInfo += dsedSubHeader.toString();
|
||||
}
|
||||
else if (subHeaderType == DeviceSecurityEventDataSubHeader.SUBHEADERTYPE_CERT_CHAIN) {
|
||||
try {
|
||||
dsedSubHeader =
|
||||
new DeviceSecurityEventDataSubHeaderCertChain(dsedSubHeaderBytes);
|
||||
subHeaderInfo += dsedSubHeader.toString();
|
||||
}
|
||||
catch(NullPointerException e) {
|
||||
subHeaderInfo = " Could not interpret Sub header info for SPDM cert chain\n";
|
||||
}
|
||||
dsedSubHeader = new DeviceSecurityEventDataSubHeaderCertChain(dsedSubHeaderBytes);
|
||||
subHeaderInfo += dsedSubHeader.toString();
|
||||
}
|
||||
else {
|
||||
subHeaderInfo += " Sub header type unknown\n";
|
||||
@ -97,9 +90,6 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent {
|
||||
|
||||
instantiateDeviceContext(dsedDevContextBytes);
|
||||
}
|
||||
catch(NullPointerException e) {
|
||||
headerInfo = " Could not interpret Header info\n";
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -108,8 +98,7 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent {
|
||||
* @return a description of this structure.
|
||||
*/
|
||||
public String toString() {
|
||||
String dsedInfo = "";
|
||||
dsedInfo += headerInfo;
|
||||
String dsedInfo = headerInfo;
|
||||
dsedInfo += subHeaderInfo;
|
||||
dsedInfo += getDeviceContextInfo();
|
||||
return dsedInfo;
|
||||
|
||||
@ -58,9 +58,9 @@ public abstract class DeviceSecurityEventDataDeviceContext {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a human readable description of the data common to device context structures.
|
||||
* Returns a human-readable description of the data common to device context structures.
|
||||
*
|
||||
* @return a description of this structure..
|
||||
* @return a description of this structure.
|
||||
*/
|
||||
public String toString() {
|
||||
String dSEDdeviceContextCommonInfo = "";
|
||||
|
||||
@ -7,6 +7,7 @@ import hirs.utils.tpm.eventlog.uefi.UefiConstants;
|
||||
import lombok.Getter;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
|
||||
/**
|
||||
* Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER.
|
||||
@ -87,13 +88,9 @@ public class DeviceSecurityEventDataHeader extends DeviceSecurityEventHeader {
|
||||
|
||||
ByteArrayInputStream spdmMeasurementBlockData =
|
||||
new ByteArrayInputStream(spdmMeasBlockBytes);
|
||||
try {
|
||||
spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasurementBlockData);
|
||||
spdmMeasurementBlockInfo = spdmMeasurementBlock.toString();
|
||||
}
|
||||
catch(NullPointerException e) {
|
||||
spdmMeasurementBlockInfo = "Could not interpret SPDM Measurement Block info";
|
||||
}
|
||||
|
||||
spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasurementBlockData);
|
||||
spdmMeasurementBlockInfo = spdmMeasurementBlock.toString();
|
||||
|
||||
int devPathLenStartByte = 28 + sizeOfSpdmMeasBlock;
|
||||
extractDevicePathAndFinalSize(dsedBytes, devPathLenStartByte);
|
||||
@ -105,9 +102,7 @@ public class DeviceSecurityEventDataHeader extends DeviceSecurityEventHeader {
|
||||
* @return a description of this structure.
|
||||
*/
|
||||
public String toString() {
|
||||
String dsedHeaderInfo = "";
|
||||
|
||||
dsedHeaderInfo += super.toString();
|
||||
String dsedHeaderInfo = super.toString();
|
||||
String spdmHashAlgoStr = SpdmHa.tcgAlgIdToString(spdmHashAlgo);
|
||||
dsedHeaderInfo += " SPDM Hash Algorithm = " + spdmHashAlgoStr + "\n";
|
||||
dsedHeaderInfo += " SPDM Measurement Block:\n";
|
||||
|
||||
@ -3,6 +3,8 @@ package hirs.utils.tpm.eventlog.events;
|
||||
import hirs.utils.HexUtils;
|
||||
import lombok.Getter;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
|
||||
/**
|
||||
* Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER2.
|
||||
* DEVICE_SECURITY_EVENT_DATA_HEADER2 contains the measurement(s) and hash algorithm identifier
|
||||
@ -43,7 +45,7 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader {
|
||||
* SUBHEADERTYPE_CERT_CHAIN = 1
|
||||
*/
|
||||
@Getter
|
||||
private int subHeaderType = 0;
|
||||
private int subHeaderType = -1;
|
||||
/**
|
||||
* Event sub header length.
|
||||
*/
|
||||
@ -121,9 +123,7 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader {
|
||||
* @return a description of this structure.
|
||||
*/
|
||||
public String toString() {
|
||||
String dsedHeader2Info = "";
|
||||
|
||||
dsedHeader2Info += super.toString();
|
||||
String dsedHeader2Info = super.toString();
|
||||
dsedHeader2Info += " AuthState: " + getAuthStateString() + "\n";
|
||||
dsedHeader2Info += " Sub header UID: " + subHeaderUid + "\n";
|
||||
|
||||
|
||||
@ -23,11 +23,9 @@ public abstract class DeviceSecurityEventDataSubHeader {
|
||||
*/
|
||||
public static final int SUBHEADERTYPE_CERT_CHAIN = 1;
|
||||
|
||||
|
||||
public DeviceSecurityEventDataSubHeader() {
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns the device type via a lookup.
|
||||
* Lookup based upon section 10.2.7.2, Table 19, in the PFP 1.06 v52 spec.
|
||||
@ -42,7 +40,7 @@ public abstract class DeviceSecurityEventDataSubHeader {
|
||||
case SUBHEADERTYPE_CERT_CHAIN:
|
||||
return "SPDM Cert Chain";
|
||||
default:
|
||||
return "Unknown or invalid Subheader Type";
|
||||
return "Unknown or invalid Subheader Type of value " + subheaderTypeInt;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -88,7 +88,6 @@ public class DeviceSecurityEventDataSubHeaderCertChain extends DeviceSecurityEve
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns a human-readable description of the data within this structure.
|
||||
*
|
||||
|
||||
@ -84,20 +84,9 @@ public abstract class DeviceSecurityEventHeader {
|
||||
*/
|
||||
@Getter
|
||||
private UefiDevicePath devicePath = null;
|
||||
/**
|
||||
* Is the Device Path Valid.
|
||||
*/
|
||||
private boolean devicePathValid = false;
|
||||
|
||||
/**
|
||||
* DeviceSecurityEventDataHeaderBase Default Constructor.
|
||||
*/
|
||||
public DeviceSecurityEventHeader() {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* DeviceSecurityEventDataHeaderBase Constructor.
|
||||
* DeviceSecurityEventDataHeader Constructor.
|
||||
*
|
||||
* @param dSEDbytes byte array holding the DeviceSecurityEventData.
|
||||
*/
|
||||
@ -112,7 +101,6 @@ public abstract class DeviceSecurityEventHeader {
|
||||
System.arraycopy(dSEDbytes, UefiConstants.OFFSET_16, versionBytes, 0,
|
||||
UefiConstants.SIZE_2);
|
||||
version = HexUtils.byteArrayToHexString(versionBytes);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -140,24 +128,17 @@ public abstract class DeviceSecurityEventHeader {
|
||||
public void extractDevicePathAndFinalSize(final byte[] dsedBytes, int startByte) {
|
||||
|
||||
// get the device path length
|
||||
byte[] devicePathLengthBytes = new byte[UefiConstants.SIZE_8];
|
||||
System.arraycopy(dsedBytes, startByte, devicePathLengthBytes, 0,
|
||||
UefiConstants.SIZE_8);
|
||||
byte[] devicePathLengthBytes = new byte[8];
|
||||
System.arraycopy(dsedBytes, startByte, devicePathLengthBytes, 0, 8);
|
||||
int devicePathLength = HexUtils.leReverseInt(devicePathLengthBytes);
|
||||
|
||||
// get the device path
|
||||
if (devicePathLength != 0) {
|
||||
if (devicePathLength > 0) {
|
||||
startByte = startByte + 8;
|
||||
byte[] devPathBytes = new byte[devicePathLength];
|
||||
System.arraycopy(dsedBytes, startByte, devPathBytes,
|
||||
0, devicePathLength);
|
||||
try {
|
||||
devicePath = new UefiDevicePath(devPathBytes);
|
||||
devicePathValid = true;
|
||||
}
|
||||
catch (UnsupportedEncodingException e) {
|
||||
devicePathValid = false;
|
||||
}
|
||||
devicePath = new UefiDevicePath(devPathBytes);
|
||||
}
|
||||
|
||||
// header total size
|
||||
@ -193,7 +174,7 @@ public abstract class DeviceSecurityEventHeader {
|
||||
String dsedHeaderCommonInfo = "";
|
||||
|
||||
dsedHeaderCommonInfo += " SPDM Device Type = " + deviceTypeToString(deviceType) + "\n";
|
||||
if (devicePathValid) {
|
||||
if (devicePath != null) {
|
||||
dsedHeaderCommonInfo += " SPDM Device Path:\n";
|
||||
dsedHeaderCommonInfo += devicePath;
|
||||
}
|
||||
|
||||
@ -3,6 +3,7 @@ package hirs.utils.tpm.eventlog.events;
|
||||
import hirs.utils.HexUtils;
|
||||
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
|
||||
/**
|
||||
|
||||
@ -4,6 +4,7 @@ import hirs.utils.HexUtils;
|
||||
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
|
||||
import lombok.Getter;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
|
||||
/**
|
||||
@ -54,7 +55,7 @@ public class EvNoAction {
|
||||
* @param eventData byte array holding the event to process.
|
||||
* @throws java.io.UnsupportedEncodingException if input fails to parse.
|
||||
*/
|
||||
public EvNoAction(final byte[] eventData) {
|
||||
public EvNoAction(final byte[] eventData) throws UnsupportedEncodingException {
|
||||
byte[] signatureBytes = new byte[UefiConstants.SIZE_15];
|
||||
System.arraycopy(eventData, 0, signatureBytes, 0, UefiConstants.SIZE_15);
|
||||
signature = new String(signatureBytes, StandardCharsets.UTF_8);
|
||||
|
||||
@ -2,6 +2,7 @@ package hirs.utils.tpm.eventlog.events;
|
||||
|
||||
import hirs.utils.HexUtils;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
|
||||
/**
|
||||
|
||||
@ -37,7 +37,7 @@ public class SpdmCertificateChain {
|
||||
/**
|
||||
* Length of the certificate chain to include all fields in this structure.
|
||||
*/
|
||||
private int length = 0;
|
||||
//private int length = 0;
|
||||
/**
|
||||
* Root hash.
|
||||
*/
|
||||
@ -49,7 +49,6 @@ public class SpdmCertificateChain {
|
||||
/**
|
||||
* Array List of certs found in the chain.
|
||||
*/
|
||||
// private ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
|
||||
private ArrayList<UefiX509Cert> certList = new ArrayList<UefiX509Cert>();
|
||||
/**
|
||||
* Human-readable description of any error associated with SPDM base hash alg.
|
||||
@ -73,7 +72,7 @@ public class SpdmCertificateChain {
|
||||
else {
|
||||
byte[] lengthBytes = new byte[2];
|
||||
System.arraycopy(spdmCertChainBytes, 0, lengthBytes, 0, 2);
|
||||
length = HexUtils.leReverseInt(lengthBytes);
|
||||
//length = HexUtils.leReverseInt(lengthBytes);
|
||||
|
||||
// Reserved: 2 bytes
|
||||
|
||||
|
||||
@ -67,7 +67,7 @@ public class UefiDevicePath {
|
||||
* @param path byte array holding device path data
|
||||
* @throws java.io.UnsupportedEncodingException if path byte array contains unexpected values
|
||||
*/
|
||||
public UefiDevicePath(final byte[] path) throws UnsupportedEncodingException {
|
||||
public UefiDevicePath(final byte[] path) {
|
||||
devPathInfo = processDevPath(path);
|
||||
byte[] lengthBytes = new byte[UefiConstants.SIZE_2];
|
||||
System.arraycopy(path, UefiConstants.OFFSET_2, lengthBytes, 0, UefiConstants.OFFSET_2);
|
||||
@ -93,7 +93,7 @@ public class UefiDevicePath {
|
||||
* @return Human readable string containing the device path description.
|
||||
* @throws java.io.UnsupportedEncodingException
|
||||
*/
|
||||
private String processDevPath(final byte[] path) throws UnsupportedEncodingException {
|
||||
private String processDevPath(final byte[] path) {
|
||||
StringBuilder pInfo = new StringBuilder();
|
||||
int devLength = 0, pathOffset = 0, devCount = 0;
|
||||
while (true) {
|
||||
@ -123,8 +123,7 @@ public class UefiDevicePath {
|
||||
* @return human-readable string representing the UEFI device path
|
||||
* @throws java.io.UnsupportedEncodingException
|
||||
*/
|
||||
private String processDev(final byte[] path, final int offset)
|
||||
throws UnsupportedEncodingException {
|
||||
private String processDev(final byte[] path, final int offset) {
|
||||
String devInfo = " ";
|
||||
int devPath = path[offset];
|
||||
byte unknownSubType = path[offset + UefiConstants.OFFSET_1];
|
||||
|
||||
@ -200,9 +200,9 @@ public class UefiVariable {
|
||||
}
|
||||
|
||||
/**
|
||||
* Method for processing the data in an EFI SignatureList (ex. can be one or more X509 certs)
|
||||
* Method for processing the data in an EFI Signature Data, where the data is known to be an X509 cert
|
||||
*
|
||||
* @param efiSigData Byte array holding the SignatureList data
|
||||
* @param efiSigData Byte array holding the SignatureData data
|
||||
* @throws java.security.cert.CertificateException If there's a problem parsing the X509 certificate.
|
||||
* @throws java.security.NoSuchAlgorithmException if there's a problem hashing the certificate.
|
||||
* @throws java.io.IOException If there's a problem parsing the signature data.
|
||||
@ -214,8 +214,8 @@ public class UefiVariable {
|
||||
ArrayList<UefiSignatureData> sigList = new ArrayList<UefiSignatureData>();
|
||||
spdmDevdcInfo += "";
|
||||
|
||||
// for now, use signature type for X509
|
||||
// in future with more test data, update this
|
||||
// for now, hard-code the signature type for X509
|
||||
// in future with more test data, update this (potentially need to look at previous SPDM event)
|
||||
byte[] guid = HexUtils.hexStringToByteArray("A159C0A5E494A74A87B5AB155C2BF072");
|
||||
UefiGuid signatureType = new UefiGuid(guid);
|
||||
|
||||
@ -274,10 +274,8 @@ public class UefiVariable {
|
||||
case "db":
|
||||
case "dbx":
|
||||
case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY
|
||||
case "devdc": // for now use devdb and devdc
|
||||
// (update when test patterns exist)
|
||||
//efiVariable.append(" EV_EFI_SPDM_DEVICE_POLICY and EV_EFI_SPDM_DEVICE_AUTHORITY: " +
|
||||
// "To be processed once more test patterns exist");
|
||||
case "devdc": // for now use devdb and devdc respectively
|
||||
// (update when more test patterns exist)
|
||||
break;
|
||||
case "Boot00":
|
||||
efiVariable.append(bootv.toString());
|
||||
|
||||
Loading…
Reference in New Issue
Block a user