ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-12 07:52:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #527 from nsacyber/issue-497-remote

Browse Source 
[#497] Add support for composite RIMs
This commit is contained in:
chubtub 2023-06-22 19:50:20 -04:00 committed by GitHub
commit 0535c3c1ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 176 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
tools/tcg_rim_tool/Example.com.BIOS.01.rimel Normal file
View File

Binary file not shown.

41
tools/tcg_rim_tool/generated_swidTag.swidtag Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en">
<Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:BindingSpec="PC Client RIM" rim:BindingSpecVersion="1.2" rim:PayloadType="direct" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURILocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/>
<Payload>
<Directory name="rim">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848" name="TpmLog.bin" size="7549"/>
</Directory>
</Payload>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>Ao7tTmXHCYeFmCJ0R6AY3cdfpyj1PdMq4yC9HJTDanY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>HNyKHDH8Q+Ii5pjzGJL3JV+4VdMObhE4EV7S7rfvZLeqFgkbmWe1jILv4Km0PXdHN8jJYxU+HT8R&#13;
akV0sab11+oope50lvivfPR3MspkdB0hxTyEq92z6m3MrBbjAtIgfsAnmq68LQ33je8vuL8jXAS9&#13;
xhLBQq8spYXTKpMvbiaipAqD4NOzsUxpk5htPDsEImChaHGKVMlDZlSL5dL4Vh/FvDj6UrUNxp2d&#13;
ltXl+Vov0tlh5dj2g8g2OlJXiMbxr47Qssn6EaUWmcNu+cdrhvWhpYJGc3mZdEWnsV8bvGNrC2tU&#13;
TVIBVsDLOmw5sVPoFrnvWc41sPVDSF0dKLwIYA==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx&#13;
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9&#13;
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q&#13;
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW&#13;
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</SoftwareIdentity>

7
tools/tcg_rim_tool/rim_fields.json
View File

@ -32,9 +32,10 @@
"Directory": { "Directory": {
"supportRIMFormat": "TCG_EventLog_Assertion", "supportRIMFormat": "TCG_EventLog_Assertion",
"name": "iotBase", "name": "iotBase",
"File": { "File": [
"name": "TpmLog.bin" { "name": "TpmLog.bin" },
} { "name": "generated_swidTag.swidtag" }
]
} }
} }
} }

11
tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
View File

@ -17,7 +17,7 @@ public class Main {
SwidTagGateway gateway; SwidTagGateway gateway;
SwidTagValidator validator; SwidTagValidator validator;
CredentialArgumentValidator caValidator; CredentialArgumentValidator caValidator;
String rimEventLogFile, trustStoreFile, certificateFile, privateKeyFile; String rimEventLogFile, trustStoreFile, certificateFile, privateKeyFile, directory;
if (commander.isHelp()) { if (commander.isHelp()) {
jc.usage(); jc.usage();
@ -30,6 +30,7 @@ public class Main {
certificateFile = commander.getPublicCertificate(); certificateFile = commander.getPublicCertificate();
privateKeyFile = commander.getPrivateKeyFile(); privateKeyFile = commander.getPrivateKeyFile();
trustStoreFile = commander.getTruststoreFile(); trustStoreFile = commander.getTruststoreFile();
directory = commander.getDirectoryOverride();
boolean defaultKey = commander.isDefaultKey(); boolean defaultKey = commander.isDefaultKey();
if (defaultKey) { if (defaultKey) {
validator.validateSwidTag(verifyFile, "DEFAULT"); validator.validateSwidTag(verifyFile, "DEFAULT");
@ -37,8 +38,10 @@ public class Main {
caValidator = new CredentialArgumentValidator(trustStoreFile, caValidator = new CredentialArgumentValidator(trustStoreFile,
certificateFile, privateKeyFile, "", "", true); certificateFile, privateKeyFile, "", "", true);
if (caValidator.isValid()) { if (caValidator.isValid()) {
if (!directory.isEmpty()) {
validator.setDirectoryOverride(directory);
}
validator.setTrustStoreFile(trustStoreFile); validator.setTrustStoreFile(trustStoreFile);
validator.validateSwidTag(verifyFile, caValidator.getFormat()); validator.validateSwidTag(verifyFile, caValidator.getFormat());
} else { } else {
System.out.println("Invalid combination of credentials given: " System.out.println("Invalid combination of credentials given: "
@ -53,6 +56,7 @@ public class Main {
trustStoreFile = commander.getTruststoreFile(); trustStoreFile = commander.getTruststoreFile();
certificateFile = commander.getPublicCertificate(); certificateFile = commander.getPublicCertificate();
privateKeyFile = commander.getPrivateKeyFile(); privateKeyFile = commander.getPrivateKeyFile();
directory = commander.getDirectoryOverride();
boolean embeddedCert = commander.isEmbedded(); boolean embeddedCert = commander.isEmbedded();
boolean defaultKey = commander.isDefaultKey(); boolean defaultKey = commander.isDefaultKey();
String outputFile = commander.getOutFile(); String outputFile = commander.getOutFile();
@ -85,6 +89,9 @@ public class Main {
if (embeddedCert) { if (embeddedCert) {
gateway.setEmbeddedCert(true); gateway.setEmbeddedCert(true);
} }
if (!directory.isEmpty()) {
gateway.setDirectoryOverride(directory);
}
} }
gateway.setRimEventLog(rimEventLogFile); gateway.setRimEventLog(rimEventLogFile);
List<String> timestampArguments = commander.getTimestampArguments(); List<String> timestampArguments = commander.getTimestampArguments();

53
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
View File

@ -15,6 +15,7 @@ import org.xml.sax.InputSource;
import org.xml.sax.SAXException; import org.xml.sax.SAXException;
import javax.json.Json; import javax.json.Json;
import javax.json.JsonArray;
import javax.json.JsonException; import javax.json.JsonException;
import javax.json.JsonObject; import javax.json.JsonObject;
import javax.json.JsonReader; import javax.json.JsonReader;
@ -76,6 +77,7 @@ import java.time.LocalDateTime;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Base64; import java.util.Base64;
import java.util.Collections; import java.util.Collections;
import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -93,10 +95,11 @@ public class SwidTagGateway {
private String truststoreFile; private String truststoreFile;
private String pemPrivateKeyFile; private String pemPrivateKeyFile;
private String pemCertificateFile; private String pemCertificateFile;
private boolean embeddedCert;
private String rimEventLog; private String rimEventLog;
private boolean embeddedCert;
private String timestampFormat; private String timestampFormat;
private String timestampArgument; private String timestampArgument;
private String directoryOverride;
private String errorRequiredFields; private String errorRequiredFields;
/** /**
@ -110,10 +113,11 @@ public class SwidTagGateway {
defaultCredentials = true; defaultCredentials = true;
truststoreFile = ""; truststoreFile = "";
pemCertificateFile = ""; pemCertificateFile = "";
embeddedCert = false;
rimEventLog = ""; rimEventLog = "";
embeddedCert = false;
timestampFormat = ""; timestampFormat = "";
timestampArgument = ""; timestampArgument = "";
directoryOverride = "";
errorRequiredFields = ""; errorRequiredFields = "";
} catch (JAXBException e) { } catch (JAXBException e) {
System.out.println("Error initializing jaxbcontext: " + e.getMessage()); System.out.println("Error initializing jaxbcontext: " + e.getMessage());
@ -176,11 +180,11 @@ public class SwidTagGateway {
} }
/** /**
* Setter for event log support RIM * Setter for rim event log file
* *
* @param rimEventLog * @param rimEventLog
*/ */
public void setRimEventLog(final String rimEventLog) { public void setRimEventLog(String rimEventLog) {
this.rimEventLog = rimEventLog; this.rimEventLog = rimEventLog;
} }
@ -202,6 +206,15 @@ public class SwidTagGateway {
this.timestampArgument = timestampArgument; this.timestampArgument = timestampArgument;
} }
/**
* Setter for directory path to search for required files
*
* @param directoryOverride
*/
public void setDirectoryOverride(String directoryOverride) {
this.directoryOverride = directoryOverride;
}
/** /**
* This method generates a base RIM from the values in a JSON file. * This method generates a base RIM from the values in a JSON file.
* *
@ -237,12 +250,16 @@ public class SwidTagGateway {
configProperties.getJsonObject(SwidTagConstants.PAYLOAD) configProperties.getJsonObject(SwidTagConstants.PAYLOAD)
.getJsonObject(SwidTagConstants.DIRECTORY)); .getJsonObject(SwidTagConstants.DIRECTORY));
//File //File
hirs.swid.xjc.File file = createFile( JsonArray fileArray = configProperties.getJsonObject(SwidTagConstants.PAYLOAD)
configProperties.getJsonObject(SwidTagConstants.PAYLOAD) .getJsonObject(SwidTagConstants.DIRECTORY)
.getJsonObject(SwidTagConstants.DIRECTORY) .getJsonArray(SwidTagConstants.FILE);
.getJsonObject(SwidTagConstants.FILE)); Iterator itr = fileArray.iterator();
//Nest File in Directory in Payload while(itr.hasNext()) {
directory.getDirectoryOrFile().add(file); JsonObject arrayItem = (JsonObject) itr.next();
hirs.swid.xjc.File file = createFile(arrayItem);
//Nest File in Directory in Payload
directory.getDirectoryOrFile().add(file);
}
payload.getDirectoryOrFileOrProcess().add(directory); payload.getDirectoryOrFileOrProcess().add(directory);
JAXBElement<ResourceCollection> jaxbPayload = JAXBElement<ResourceCollection> jaxbPayload =
objectFactory.createSoftwareIdentityPayload(payload); objectFactory.createSoftwareIdentityPayload(payload);
@ -263,8 +280,12 @@ public class SwidTagGateway {
} catch (FileNotFoundException e) { } catch (FileNotFoundException e) {
System.out.println("File does not exist or cannot be read: " + e.getMessage()); System.out.println("File does not exist or cannot be read: " + e.getMessage());
System.exit(1); System.exit(1);
} catch (ClassCastException e) {
System.out.println("File object in JSON attributes file must be an array.");
System.exit(1);
} catch (Exception e) { } catch (Exception e) {
System.out.println(e.getMessage()); System.out.println(e.getMessage());
e.printStackTrace();
System.exit(1); System.exit(1);
} }
} }
@ -506,9 +527,9 @@ public class SwidTagGateway {
* @param jsonObject the Properties object containing parameters from file * @param jsonObject the Properties object containing parameters from file
* @return File object created from the properties * @return File object created from the properties
*/ */
private hirs.swid.xjc.File createFile(JsonObject jsonObject) throws Exception { private hirs.swid.xjc.File createFile(JsonObject jsonObject)
throws Exception {
hirs.swid.xjc.File file = objectFactory.createFile(); hirs.swid.xjc.File file = objectFactory.createFile();
file.setName(jsonObject.getString(SwidTagConstants.NAME, ""));
Map<QName, String> attributes = file.getOtherAttributes(); Map<QName, String> attributes = file.getOtherAttributes();
String supportRimFormat = jsonObject.getString(SwidTagConstants.SUPPORT_RIM_FORMAT, String supportRimFormat = jsonObject.getString(SwidTagConstants.SUPPORT_RIM_FORMAT,
SwidTagConstants.SUPPORT_RIM_FORMAT_MISSING); SwidTagConstants.SUPPORT_RIM_FORMAT_MISSING);
@ -524,11 +545,13 @@ public class SwidTagGateway {
jsonObject.getString(SwidTagConstants.SUPPORT_RIM_TYPE, "")); jsonObject.getString(SwidTagConstants.SUPPORT_RIM_TYPE, ""));
addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_URI_GLOBAL, addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_URI_GLOBAL,
jsonObject.getString(SwidTagConstants.SUPPORT_RIM_URI_GLOBAL, "")); jsonObject.getString(SwidTagConstants.SUPPORT_RIM_URI_GLOBAL, ""));
File rimEventLogFile = new File(rimEventLog); String filepath = directoryOverride + jsonObject.getString(SwidTagConstants.NAME);
file.setSize(new BigInteger(Long.toString(rimEventLogFile.length()))); File fileToAdd = new File(filepath);
file.setName(filepath);
file.setSize(new BigInteger(Long.toString(fileToAdd.length())));
addNonNullAttribute(attributes, SwidTagConstants._SHA256_HASH, addNonNullAttribute(attributes, SwidTagConstants._SHA256_HASH,
jsonObject.getString(SwidTagConstants.HASH, jsonObject.getString(SwidTagConstants.HASH,
HashSwid.get256Hash(rimEventLog)), true); HashSwid.get256Hash(filepath)), true);
return file; return file;
} }

85
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java
View File

@ -5,7 +5,6 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.w3c.dom.NodeList; import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException; import org.xml.sax.SAXException;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
@ -27,9 +26,6 @@ import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo; import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyValue; import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509Data; import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Source; import javax.xml.transform.Source;
import javax.xml.transform.Transformer; import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException; import javax.xml.transform.TransformerConfigurationException;
@ -42,9 +38,6 @@ import javax.xml.validation.SchemaFactory;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.StringReader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
import java.security.Key; import java.security.Key;
import java.security.KeyException; import java.security.KeyException;
@ -65,10 +58,10 @@ import java.util.List;
*/ */
public class SwidTagValidator { public class SwidTagValidator {
private Unmarshaller unmarshaller; private Unmarshaller unmarshaller;
private String rimEventLog;
private String certificateFile; private String certificateFile;
private String trustStoreFile; private String trustStoreFile;
private List<X509Certificate> trustStore; private List<X509Certificate> trustStore;
private String directoryOverride;
/** /**
* Ensure that BouncyCastle is configured as a javax.security.Security provider, as this * Ensure that BouncyCastle is configured as a javax.security.Security provider, as this
@ -78,15 +71,6 @@ public class SwidTagValidator {
Security.addProvider(new BouncyCastleProvider()); Security.addProvider(new BouncyCastleProvider());
} }
/**
* Setter for rimel file path.
*
* @param rimEventLog the rimel file
*/
public void setRimEventLog(String rimEventLog) {
this.rimEventLog = rimEventLog;
}
/** /**
* Setter for the truststore file path. * Setter for the truststore file path.
* *
@ -96,13 +80,21 @@ public class SwidTagValidator {
this.trustStoreFile = trustStoreFile; this.trustStoreFile = trustStoreFile;
} }
/**
* Setter for directory override path.
* @param directoryOverride directory path
*/
public void setDirectoryOverride(String directoryOverride) {
this.directoryOverride = directoryOverride;
}
public SwidTagValidator() { public SwidTagValidator() {
try { try {
JAXBContext jaxbContext = JAXBContext.newInstance(SwidTagConstants.SCHEMA_PACKAGE); JAXBContext jaxbContext = JAXBContext.newInstance(SwidTagConstants.SCHEMA_PACKAGE);
unmarshaller = jaxbContext.createUnmarshaller(); unmarshaller = jaxbContext.createUnmarshaller();
rimEventLog = "";
certificateFile = ""; certificateFile = "";
trustStoreFile = SwidTagConstants.DEFAULT_KEYSTORE_FILE; trustStoreFile = SwidTagConstants.DEFAULT_KEYSTORE_FILE;
directoryOverride = "";
} catch (JAXBException e) { } catch (JAXBException e) {
System.out.println("Error initializing JAXBContext: " + e.getMessage()); System.out.println("Error initializing JAXBContext: " + e.getMessage());
} }
@ -127,7 +119,10 @@ public class SwidTagValidator {
si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n"); si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n");
si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n"); si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n");
System.out.println(si.toString()); System.out.println(si.toString());
return validateEnvelopedSignature(document, format); Element directory = (Element) document.getElementsByTagName("Directory").item(0);
if (validateDirectory(directory)) {
return validateEnvelopedSignature(document, format);
}
} else { } else {
System.out.println("Invalid xml for validation, please verify " + path); System.out.println("Invalid xml for validation, please verify " + path);
} }
@ -136,13 +131,6 @@ public class SwidTagValidator {
} }
private boolean validateEnvelopedSignature(Document doc, String format) { private boolean validateEnvelopedSignature(Document doc, String format) {
Element file = (Element) doc.getElementsByTagName("File").item(0);
try {
validateFile(file);
} catch (Exception e) {
System.out.println(e.getMessage());
return false;
}
boolean swidtagValidity = validateSignedXMLDocument(doc, format); boolean swidtagValidity = validateSignedXMLDocument(doc, format);
if (swidtagValidity) { if (swidtagValidity) {
System.out.println("Signature core validity: true"); System.out.println("Signature core validity: true");
@ -181,24 +169,39 @@ public class SwidTagValidator {
return validateSignedXMLDocument(doc, format); return validateSignedXMLDocument(doc, format);
} }
/**
* This method iterates over the list of File elements under the directory.
*
* @param directory the Directory element
*/
private boolean validateDirectory(Element directory) {
boolean isValid = true;
NodeList fileNodeList = directory.getChildNodes();
for (int i = 0;i < fileNodeList.getLength();i++) {
Element file = (Element) fileNodeList.item(i);
isValid &= validateFile(file);
}
return isValid;
}
/** /**
* This method validates a hirs.swid.xjc.File from an indirect payload * This method validates a hirs.swid.xjc.File from an indirect payload
*/ */
private boolean validateFile(Element file) throws Exception { private boolean validateFile(Element file) {
String filepath; String filepath = directoryOverride + file.getAttribute(SwidTagConstants.NAME);
if (!rimEventLog.isEmpty()) { try {
filepath = rimEventLog; if (HashSwid.get256Hash(filepath).equals(
} else { file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":" +
filepath = file.getAttribute(SwidTagConstants.NAME); SwidTagConstants._SHA256_HASH.getLocalPart()))) {
} System.out.println("Support RIM hash verified for " + filepath);
System.out.println("Support rim found at " + filepath); return true;
if (HashSwid.get256Hash(filepath).equals( } else {
file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":" + System.out.println("Hash of " + filepath + " does not match value in Base RIM");
SwidTagConstants._SHA256_HASH.getLocalPart()))) { return false;
System.out.println("Support RIM hash verified!" + System.lineSeparator()); }
return true; } catch (Exception e) {
} else { System.out.println(e.getMessage());
System.out.println("Support RIM hash does not match Base RIM!" + System.lineSeparator());
return false; return false;
} }
} }

14
tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
View File

@ -49,7 +49,7 @@ public class Commander {
@Parameter(names = {"-d", "--default-key"}, order = 9, @Parameter(names = {"-d", "--default-key"}, order = 9,
description = "Use keystore.jks from the rimtool installation to sign.") description = "Use keystore.jks from the rimtool installation to sign.")
private boolean defaultKey = false; private boolean defaultKey = false;
@Parameter(names = {"-l", "--rimel <path>"}, order = 10, required = true, @Parameter(names = {"-l", "--rimel <path>"}, order = 10,
description = "The TCG eventlog file to use as a support RIM.") description = "The TCG eventlog file to use as a support RIM.")
private String rimEventLog = ""; private String rimEventLog = "";
@Parameter(names = {"--timestamp"}, order = 11, variableArity = true, @Parameter(names = {"--timestamp"}, order = 11, variableArity = true,
@ -57,6 +57,9 @@ public class Commander {
"Currently only RFC3339 and RFC3852 are supported:\n" + "Currently only RFC3339 and RFC3852 are supported:\n" +
"\tRFC3339 [yyyy-MM-ddThh:mm:ssZ]\n\tRFC3852 <counterSignature.bin>") "\tRFC3339 [yyyy-MM-ddThh:mm:ssZ]\n\tRFC3852 <counterSignature.bin>")
private List<String> timestampArguments = new ArrayList<String>(2); private List<String> timestampArguments = new ArrayList<String>(2);
@Parameter(names = {"--directory"}, validateWith = DirectoryArgumentValidator.class,
description = "The directory in which to locate required files.")
private String directoryOverride = "";
public boolean isHelp() { public boolean isHelp() {
return help; return help;
@ -110,6 +113,10 @@ public class Commander {
return timestampArguments; return timestampArguments;
} }
public String getDirectoryOverride() {
return directoryOverride;
}
public String printHelpExamples() { public String printHelpExamples() {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
sb.append("Create a base RIM using the values in attributes.json; " + sb.append("Create a base RIM using the values in attributes.json; " +
@ -157,7 +164,8 @@ public class Commander {
+ System.lineSeparator()); + System.lineSeparator());
sb.append("Embedded certificate: " + this.isEmbedded() + System.lineSeparator()); sb.append("Embedded certificate: " + this.isEmbedded() + System.lineSeparator());
} }
sb.append("Event log support RIM: " + this.getRimEventLog() + System.lineSeparator()); sb.append("Override payload directory with: " + this.getDirectoryOverride()
+ System.lineSeparator());
List<String> timestampArguments = this.getTimestampArguments(); List<String> timestampArguments = this.getTimestampArguments();
if (timestampArguments.size() > 0) { if (timestampArguments.size() > 0) {
sb.append("Timestamp format: " + timestampArguments.get(0)); sb.append("Timestamp format: " + timestampArguments.get(0));
@ -165,7 +173,7 @@ public class Commander {
sb.append(", " + timestampArguments.get(1)); sb.append(", " + timestampArguments.get(1));
} }
} else { } else {
sb.append("No timestamp included"); sb.append("No timestamp included" + System.lineSeparator());
} }
return sb.toString(); return sb.toString();
} }

26
tools/tcg_rim_tool/src/main/java/hirs/swid/utils/DirectoryArgumentValidator.java Normal file
View File

@ -0,0 +1,26 @@
package hirs.swid.utils;
import com.beust.jcommander.IParameterValidator;
import com.beust.jcommander.ParameterException;
import java.io.File;
/**
* This class validates a directory argument. If the directory is neither valid nor
* read-accessible then an error is thrown.
*/
public class DirectoryArgumentValidator implements IParameterValidator {
public void validate(String name, String value) throws ParameterException {
try {
File directory = new File(value);
if (!directory.isDirectory()) {
throw new ParameterException("Invalid directory given: " + value +
". Please provide a valid directory path.");
}
} catch (SecurityException e) {
throw new ParameterException("Read access denied for " + value +
", please verify permissions.");
}
}
}

1
tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
View File

@ -45,7 +45,6 @@ public class TestSwidTagGateway {
gateway.setRimEventLog(SUPPORT_RIM_FILE); gateway.setRimEventLog(SUPPORT_RIM_FILE);
gateway.setAttributesFile(ATTRIBUTES_FILE); gateway.setAttributesFile(ATTRIBUTES_FILE);
validator = new SwidTagValidator(); validator = new SwidTagValidator();
validator.setRimEventLog(SUPPORT_RIM_FILE);
validator.setTrustStoreFile(CA_CHAIN_FILE); validator.setTrustStoreFile(CA_CHAIN_FILE);
} }

4
tools/tcg_rim_tool/src/test/resources/rim_fields.json
View File

@ -41,12 +41,14 @@
"Directory": { "Directory": {
"name": "rim", "name": "rim",
"root": "/boot/tcg/manifest/rim/", "root": "/boot/tcg/manifest/rim/",
"File": { "File": [
{
"version":"01", "version":"01",
"name": "Example.com.BIOS.01.rimel", "name": "Example.com.BIOS.01.rimel",
"size": "7549", "size": "7549",
"hash": "4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848" "hash": "4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848"
} }
]
} }
} }
} }