ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-06 11:10:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

issue_847: fixed merge conflicts

Browse Source
This commit is contained in:
TheSilentCoder 2024-11-08 10:33:34 -05:00
commit 07cc787599
82 changed files with 1828 additions and 3684 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/IDevIDCertificate.java
View File

@ -28,7 +28,7 @@ import java.util.Map;
@Entity
@Getter
@EqualsAndHashCode
@EqualsAndHashCode(callSuper = true)
@Log4j2
public class IDevIDCertificate extends Certificate {

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/record/TPMMeasurementRecord.java
View File

@ -26,7 +26,7 @@ import org.apache.commons.codec.binary.Hex;
@Log4j2
@Getter
@ToString
@EqualsAndHashCode
@EqualsAndHashCode(callSuper = false)
@Embeddable
@XmlAccessorType(XmlAccessType.FIELD)
public final class TPMMeasurementRecord extends ExaminableRecord {

34
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java
View File

@ -166,22 +166,22 @@ public class BaseReferenceManifest extends ReferenceManifest {
*/
private void parseSoftwareMeta(final Element softwareMeta) {
if (softwareMeta != null) {
this.colloquialVersion = softwareMeta.getAttribute(SwidTagConstants._COLLOQUIAL_VERSION_STR);
this.product = softwareMeta.getAttribute(SwidTagConstants._PRODUCT_STR);
this.revision = softwareMeta.getAttribute(SwidTagConstants._REVISION_STR);
this.edition = softwareMeta.getAttribute(SwidTagConstants._EDITION_STR);
this.rimLinkHash = softwareMeta.getAttribute(SwidTagConstants._RIM_LINK_HASH_STR);
this.bindingSpec = softwareMeta.getAttribute(SwidTagConstants._BINDING_SPEC_STR);
this.bindingSpecVersion = softwareMeta.getAttribute(SwidTagConstants._BINDING_SPEC_VERSION_STR);
this.colloquialVersion = softwareMeta.getAttribute(SwidTagConstants.COLLOQUIAL_VERSION_STR);
this.product = softwareMeta.getAttribute(SwidTagConstants.PRODUCT_STR);
this.revision = softwareMeta.getAttribute(SwidTagConstants.REVISION_STR);
this.edition = softwareMeta.getAttribute(SwidTagConstants.EDITION_STR);
this.rimLinkHash = softwareMeta.getAttribute(SwidTagConstants.RIM_LINK_HASH_STR);
this.bindingSpec = softwareMeta.getAttribute(SwidTagConstants.BINDING_SPEC_STR);
this.bindingSpecVersion = softwareMeta.getAttribute(SwidTagConstants.BINDING_SPEC_VERSION_STR);
this.setPlatformManufacturerId(
softwareMeta.getAttribute(SwidTagConstants._PLATFORM_MANUFACTURER_ID_STR));
softwareMeta.getAttribute(SwidTagConstants.PLATFORM_MANUFACTURER_ID_STR));
this.setPlatformManufacturer(
softwareMeta.getAttribute(SwidTagConstants._PLATFORM_MANUFACTURER_STR));
this.setPlatformModel(softwareMeta.getAttribute(SwidTagConstants._PLATFORM_MODEL_STR));
this.platformVersion = softwareMeta.getAttribute(SwidTagConstants._PLATFORM_VERSION_STR);
this.payloadType = softwareMeta.getAttribute(SwidTagConstants._PAYLOAD_TYPE_STR);
this.pcURIGlobal = softwareMeta.getAttribute(SwidTagConstants._PC_URI_GLOBAL_STR);
this.pcURILocal = softwareMeta.getAttribute(SwidTagConstants._PC_URI_LOCAL_STR);
softwareMeta.getAttribute(SwidTagConstants.PLATFORM_MANUFACTURER_FULL_STR));
this.setPlatformModel(softwareMeta.getAttribute(SwidTagConstants.PLATFORM_MODEL_STR));
this.platformVersion = softwareMeta.getAttribute(SwidTagConstants.PLATFORM_VERSION_STR);
this.payloadType = softwareMeta.getAttribute(SwidTagConstants.PAYLOAD_TYPE_STR);
this.pcURIGlobal = softwareMeta.getAttribute(SwidTagConstants.PC_URI_GLOBAL_STR);
this.pcURILocal = softwareMeta.getAttribute(SwidTagConstants.PC_URI_LOCAL_STR);
} else {
log.warn("SoftwareMeta Tag not found.");
}
@ -248,7 +248,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
try {
document = unmarshallSwidTag(byteArrayInputStream);
} catch (UnmarshalException e) {
log.error("Error while parsing Directory tag: " + e.getMessage());
log.error("Error while parsing Directory tag: {}", e.getMessage());
}
if (document != null) {
Element softwareIdentity =
@ -293,8 +293,8 @@ public class BaseReferenceManifest extends ReferenceManifest {
swidResource = new SwidResource();
swidResource.setName(file.getAttribute(SwidTagConstants.NAME));
swidResource.setSize(file.getAttribute(SwidTagConstants.SIZE));
swidResource.setHashValue(file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":"
+ SwidTagConstants._SHA256_HASH.getLocalPart()));
swidResource.setHashValue(file.getAttribute(SwidTagConstants.SHA_256_HASH.getPrefix() + ":"
+ SwidTagConstants.SHA_256_HASH.getLocalPart()));
validHashes.add(swidResource);
}

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java
View File

@ -27,7 +27,7 @@ import java.util.Collection;
*/
@Getter
@Setter
@EqualsAndHashCode
@EqualsAndHashCode(callSuper = false)
@Log4j2
@Entity
public class EventLogMeasurements extends SupportReferenceManifest {

8
HIRS_Utils/build.gradle
View File

@ -3,8 +3,8 @@ plugins {
id 'checkstyle'
}
// Get version from main project gradle
def packVersion = properties.get("packageVersion");
def jarVersion = properties.get("jarVersion");
def packVersion = properties.get("packageVersion")
def jarVersion = properties.get("jarVersion")
//println "packageVersion is ${projVersion}"
@ -66,10 +66,10 @@ configurations.checkstyle {
}
}
checkstyleMain {
source ='src/main/java'
source = 'src/main/java'
}
checkstyleTest {
source ='src/test/java'
source = 'src/test/java'
}
tasks.withType(Checkstyle) {
reports {

6
HIRS_Utils/config/spotbugs/spotbugs-exclude.xml
View File

@ -2,14 +2,14 @@
<!-- Docs at http://findbugs.sourceforge.net/manual/filter.html -->
<FindBugsFilter>
<Match>
<Package name="~hirs\.utils.xjc.*" />
<Package name="~hirs\.utils.xjc.*"/>
</Match>
<Match>
<Package name="~hirs\.utils.rim.*" />
<Package name="~hirs\.utils.rim.*"/>
</Match>
<Match>
<!-- https://github.com/spotbugs/spotbugs/pull/2748 -->
<Bug pattern="CT_CONSTRUCTOR_THROW" />
<Bug pattern="CT_CONSTRUCTOR_THROW"/>
</Match>
<!-- <Match>-->

41
HIRS_Utils/src/main/java/hirs/utils/PciIds.java
View File

@ -27,40 +27,38 @@ import java.util.List;
@Log4j2
public final class PciIds {
/**
* Track status of pciids file.
*/
@Getter
private static String pciidsFileStatus = UefiConstants.FILESTATUS_NOT_ACCESSIBLE;
/**
* Name of pciids file in code.
*/
private static final String PCIIDS_FILENAME = "/pci.ids";
/**
* This pci ids file can be in different places on different distributions.
* Fedora/RHEL/Rocky/CentOS: /usr/share/hwdata/pci.ids
* Debian/Ubuntu: /usr/share/misc/pci.ids
* Fedora/RHEL/Rocky/CentOS: /usr/share/hwdata/pci.ids
* Debian/Ubuntu: /usr/share/misc/pci.ids
* If the file is not found on the system (such as with Windows systems),
* the file will have to be accessed from code.
*/
public static final List<String> PCI_IDS_PATH =
Collections.unmodifiableList(new ArrayList<>() {
private static final long serialVersionUID = 1L;
{
add("/usr/share/hwdata/pci.ids");
add("/usr/share/misc/pci.ids");
add("/tmp/pci.ids");
}
});
/**
* The PCI IDs Database object.
* This only needs to be loaded one time.
* The pci ids library protects the data inside the object by making it immutable.
*/
public static final PciIdsDatabase DB = new PciIdsDatabase();
/**
* Name of pciids file in code.
*/
private static final String PCIIDS_FILENAME = "/pci.ids";
/**
* Track status of pciids file.
*/
@Getter
private static String pciidsFileStatus = UefiConstants.FILESTATUS_NOT_ACCESSIBLE;
//Configure the PCI IDs Database object.
static {
@ -124,7 +122,8 @@ public final class PciIds {
/**
* Default private constructor so checkstyles doesn't complain.
*/
private PciIds() { }
private PciIds() {
}
/**
* Look up the vendor name from the PCI IDs list, if the input string contains an ID.
@ -172,7 +171,7 @@ public final class PciIds {
* If any part of this fails, return the original model value.
*
* @param refManufacturer ASN1UTF8String, likely from a ComponentIdentifier
* @param refModel ASN1UTF8String, likely from a ComponentIdentifier
* @param refModel ASN1UTF8String, likely from a ComponentIdentifier
* @return ASN1UTF8String with the discovered device name, or the original model value.
*/
public static ASN1UTF8String translateDevice(final ASN1UTF8String refManufacturer,
@ -199,7 +198,7 @@ public final class PciIds {
* If any part of this fails, return the original model value.
*
* @param refManufacturer String, likely from a ComponentResult
* @param refModel String, likely from a ComponentResult
* @param refModel String, likely from a ComponentResult
* @return String with the discovered device name, or the original model value.
*/
public static String translateDevice(final String refManufacturer,
@ -224,10 +223,10 @@ public final class PciIds {
* If any part of this fails, return the original manufacturer value.
*
* @param refClassCode String, formatted as 2 characters (1 byte) for each of the 3 categories
* . Example "010802":
* . Class: "01"
* . Subclass: "08"
* . Programming Interface: "02"
* . Example "010802":
* . Class: "01"
* . Subclass: "08"
* . Programming Interface: "02"
* @return List<String> 3-element list with the class code
* . 1st element: human-readable description of Class
* . 2nd element: human-readable description of Subclass

26
HIRS_Utils/src/main/java/hirs/utils/StringValidator.java
View File

@ -17,10 +17,20 @@ public final class StringValidator {
private final String fieldName;
private final Logger logger;
private StringValidator(final String value, final String fieldName, final Logger logger) {
this.value = value;
this.fieldName = fieldName;
if (logger == null) {
this.logger = log;
} else {
this.logger = logger;
}
}
/**
* Begins a validation operation.
*
* @param value the value to check
* @param value the value to check
* @param fieldName the name of the field (to be used in error reporting)
* @return a Validation object, upon which validation methods can be called
*/
@ -31,9 +41,9 @@ public final class StringValidator {
/**
* Begins a validation operation.
*
* @param value the value to check
* @param value the value to check
* @param fieldName the name of the field (to be used in error reporting)
* @param logger a logger to use in lieu of Validation's logger
* @param logger a logger to use in lieu of Validation's logger
* @return a Validation object, upon which validation methods can be called
*/
public static StringValidator check(final String value, final String fieldName,
@ -41,16 +51,6 @@ public final class StringValidator {
return new StringValidator(value, fieldName, logger);
}
private StringValidator(final String value, final String fieldName, final Logger logger) {
this.value = value;
this.fieldName = fieldName;
if (logger == null) {
this.logger = log;
} else {
this.logger = logger;
}
}
/**
* Assert that the given field is not null. Throws an IllegalArgumentException if the value
* is indeed null.

36
HIRS_Utils/src/main/java/hirs/utils/digest/Digest.java
View File

@ -34,15 +34,14 @@ public final class Digest extends AbstractDigest {
DigestAlgorithm.SHA1,
new byte[SHA1_DIGEST_LENGTH]
);
private static final String SHA1_EMPTY_HEX =
"da39a3ee5e6b4b0d3255bfef95601890afd80709";
/**
* A SHA1 digest whose content is the hash of an empty buffer.
*/
public static final Digest SHA1_OF_NO_DATA;
private static final String SHA1_EMPTY_HEX =
"da39a3ee5e6b4b0d3255bfef95601890afd80709";
static {
try {
SHA1_OF_NO_DATA = new Digest(
@ -59,17 +58,17 @@ public final class Digest extends AbstractDigest {
columnDefinition = "varbinary(64)")
private final byte[] digest;
@Getter
@XmlElement
@Column(nullable = false)
@Enumerated(EnumType.ORDINAL)
@Getter
private final DigestAlgorithm algorithm;
/**
* Creates a new <code>Digest</code>.
*
* @param algorithm algorithm used to generate the digest
* @param digest digest value
* @param digest digest value
* @throws IllegalArgumentException if digest length does not match that of the algorithm
*/
public Digest(final DigestAlgorithm algorithm, final byte[] digest)
@ -81,6 +80,7 @@ public final class Digest extends AbstractDigest {
/**
* Creates a new <code>Digest</code> when an algorithm isn't specified.
*
* @param digest byte array value
*/
public Digest(final byte[] digest) {
@ -90,11 +90,22 @@ public final class Digest extends AbstractDigest {
/**
* Default constructor necessary for Hibernate.
*/
protected Digest() {
private Digest() {
this.algorithm = null;
this.digest = null;
}
/**
* Helper method to reverse the toString method. Returns a Digest given a String
* that was created using an AbstractDigest's toString method.
*
* @param digest String representation of an AbstractDigest
* @return Digest object recreated from the String passed in
*/
public static Digest fromString(final String digest) {
return new Digest(algorithmFromString(digest), digestFromString(digest));
}
/**
* Retrieves the digest.
*
@ -113,15 +124,4 @@ public final class Digest extends AbstractDigest {
public OptionalDigest asOptionalDigest() {
return new OptionalDigest(algorithm, digest);
}
/**
* Helper method to reverse the toString method. Returns a Digest given a String
* that was created using an AbstractDigest's toString method.
*
* @param digest String representation of an AbstractDigest
* @return Digest object recreated from the String passed in
*/
public static Digest fromString(final String digest) {
return new Digest(algorithmFromString(digest), digestFromString(digest));
}
}

1
HIRS_Utils/src/main/java/hirs/utils/digest/DigestComparisonResultType.java
View File

@ -3,7 +3,6 @@ package hirs.utils.digest;
/**
* Enumeration identifying the different outcomes of a comparison between
* two {@link Digest} objects.
*
*/
public enum DigestComparisonResultType {
/**

30
HIRS_Utils/src/main/java/hirs/utils/digest/OptionalDigest.java
View File

@ -23,12 +23,12 @@ import java.util.Arrays;
@Access(AccessType.FIELD)
public final class OptionalDigest extends AbstractDigest {
@XmlElement
@Column(nullable = true, name = "digest", length = SHA512_DIGEST_LENGTH,
@Column(name = "digest", length = SHA512_DIGEST_LENGTH,
columnDefinition = "varbinary(64)")
private final byte[] digest;
@XmlElement
@Column(nullable = true)
@Column
@Enumerated(EnumType.ORDINAL)
@Getter
private final DigestAlgorithm algorithm;
@ -37,7 +37,7 @@ public final class OptionalDigest extends AbstractDigest {
* Creates a new <code>OptionalDigest</code>.
*
* @param digestAlgorithm algorithm used to generate the digest
* @param optionalDigest digest value
* @param optionalDigest digest value
* @throws IllegalArgumentException if digest length does not match that of the algorithm
*/
public OptionalDigest(final DigestAlgorithm digestAlgorithm, final byte[] optionalDigest)
@ -50,11 +50,22 @@ public final class OptionalDigest extends AbstractDigest {
/**
* Default constructor necessary for Hibernate.
*/
protected OptionalDigest() {
private OptionalDigest() {
this.algorithm = null;
this.digest = null;
}
/**
* Helper method to reverse the toString method. Returns an OptionalDigest given a String
* that was created using an AbstractDigest's toString method.
*
* @param digest String representation of an AbstractDigest
* @return OptionalDigest object recreated from the String passed in
*/
public static OptionalDigest fromString(final String digest) {
return new OptionalDigest(algorithmFromString(digest), digestFromString(digest));
}
/**
* Returns the digest.
*
@ -73,15 +84,4 @@ public final class OptionalDigest extends AbstractDigest {
public Digest asDigest() {
return new Digest(algorithm, digest);
}
/**
* Helper method to reverse the toString method. Returns an OptionalDigest given a String
* that was created using an AbstractDigest's toString method.
*
* @param digest String representation of an AbstractDigest
* @return OptionalDigest object recreated from the String passed in
*/
public static OptionalDigest fromString(final String digest) {
return new OptionalDigest(algorithmFromString(digest), digestFromString(digest));
}
}

1
HIRS_Utils/src/main/java/hirs/utils/enums/DeviceInfoEnums.java
View File

@ -18,6 +18,7 @@ public final class DeviceInfoEnums {
* Constant variable representing the various Long sized strings.
*/
public static final int LONG_STRING_LENGTH = 255;
/**
* Default private constructor so checkstyles doesn't complain.
*/

12
HIRS_Utils/src/main/java/hirs/utils/exception/PolicyManagerException.java
View File

@ -12,8 +12,7 @@ public class PolicyManagerException extends RuntimeException {
* Creates a new <code>PolicyManagerException</code> that has the message
* <code>msg</code>.
*
* @param msg
* exception message
* @param msg exception message
*/
public PolicyManagerException(final String msg) {
super(msg);
@ -23,8 +22,7 @@ public class PolicyManagerException extends RuntimeException {
* Creates a new <code>PolicyManagerException</code> that wraps the given
* <code>Throwable</code>.
*
* @param t
* root cause
* @param t root cause
*/
public PolicyManagerException(final Throwable t) {
super(t);
@ -34,10 +32,8 @@ public class PolicyManagerException extends RuntimeException {
* Creates a new <code>PolicyManagerException</code> that has the message
* <code>msg</code> and wraps the root cause.
*
* @param msg
* exception message
* @param t
* root cause
* @param msg exception message
* @param t root cause
*/
public PolicyManagerException(final String msg, final Throwable t) {
super(msg, t);

15
HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
View File

@ -277,8 +277,8 @@ public class ReferenceManifestValidator {
filepath = file.getAttribute(SwidTagConstants.NAME);
}
if (getHashValue(filepath, "SHA256").equals(
file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":"
+ SwidTagConstants._SHA256_HASH.getLocalPart()))) {
file.getAttribute(SwidTagConstants.SHA_256_HASH.getPrefix() + ":"
+ SwidTagConstants.SHA_256_HASH.getLocalPart()))) {
log.info("Support RIM hash verified for {}", filepath);
return true;
} else {
@ -377,7 +377,7 @@ public class ReferenceManifestValidator {
*
* @param signature the signature that failed to validate
* @param context the context used for validation
* @throws XMLSignatureException
* @throws XMLSignatureException if there is an issue validating the provided signature
*/
private void whySignatureInvalid(final XMLSignature signature, final DOMValidateContext context)
throws XMLSignatureException {
@ -415,7 +415,7 @@ public class ReferenceManifestValidator {
throws Exception {
if (cert == null || trustStore == null) {
throw new Exception("Null certificate or truststore received");
} else if (trustStore.size() == 0) {
} else if (trustStore.isEmpty()) {
throw new Exception("Truststore is empty");
}
@ -542,9 +542,8 @@ public class ReferenceManifestValidator {
*
* @param pemString the input string
* @return an X509Certificate created from the string, or null
* @throws Exception if certificate cannot be successfully parsed
*/
private X509Certificate parseCertFromPEMString(final String pemString) throws Exception {
private X509Certificate parseCertFromPEMString(final String pemString) {
String certificateHeader = "-----BEGIN CERTIFICATE-----";
String certificateFooter = "-----END CERTIFICATE-----";
try {
@ -614,7 +613,7 @@ public class ReferenceManifestValidator {
*
* @param certificate the cert to pull the subjectKeyIdentifier from
* @return the String representation of the subjectKeyIdentifier
* @throws IOException
* @throws IOException if there are issues retrieving the certificate subject key identifier
*/
private String getCertificateSubjectKeyIdentifier(final X509Certificate certificate)
throws IOException {
@ -631,7 +630,7 @@ public class ReferenceManifestValidator {
/**
* This method parses the subject key identifier from the KeyName element of a signature.
*
* @param doc
* @param doc document
* @return SKID if found, or an empty string.
*/
private String getKeyName(final Document doc) {

78
HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java
View File

@ -78,83 +78,83 @@ public final class SwidTagConstants {
public static final String FX_SEPARATOR = ":";
public static final String RFC3852_PFX = "rcf3852";
public static final String RFC3339_PFX = "rcf3339";
public static final String _COLLOQUIAL_VERSION_STR = N8060_PFX + FX_SEPARATOR
public static final String COLLOQUIAL_VERSION_STR = N8060_PFX + FX_SEPARATOR
+ COLLOQUIAL_VERSION;
public static final String _PRODUCT_STR = N8060_PFX + FX_SEPARATOR
public static final String PRODUCT_STR = N8060_PFX + FX_SEPARATOR
+ PRODUCT;
public static final String _REVISION_STR = N8060_PFX + FX_SEPARATOR
public static final String REVISION_STR = N8060_PFX + FX_SEPARATOR
+ REVISION;
public static final String _EDITION_STR = N8060_PFX + FX_SEPARATOR
public static final String EDITION_STR = N8060_PFX + FX_SEPARATOR
+ EDITION;
public static final String _RIM_LINK_HASH_STR = RIM_PFX + FX_SEPARATOR
public static final String RIM_LINK_HASH_STR = RIM_PFX + FX_SEPARATOR
+ RIM_LINK_HASH;
public static final String _BINDING_SPEC_STR = RIM_PFX + FX_SEPARATOR
public static final String BINDING_SPEC_STR = RIM_PFX + FX_SEPARATOR
+ BINDING_SPEC;
public static final String _BINDING_SPEC_VERSION_STR = RIM_PFX + FX_SEPARATOR
public static final String BINDING_SPEC_VERSION_STR = RIM_PFX + FX_SEPARATOR
+ BINDING_SPEC_VERSION;
public static final String _PLATFORM_MANUFACTURER_STR = RIM_PFX + FX_SEPARATOR
public static final String PLATFORM_MANUFACTURER_FULL_STR = RIM_PFX + FX_SEPARATOR
+ PLATFORM_MANUFACTURER_STR;
public static final String _PLATFORM_MANUFACTURER_ID_STR = RIM_PFX + FX_SEPARATOR
public static final String PLATFORM_MANUFACTURER_ID_STR = RIM_PFX + FX_SEPARATOR
+ PLATFORM_MANUFACTURER_ID;
public static final String _PLATFORM_MODEL_STR = RIM_PFX + FX_SEPARATOR
public static final String PLATFORM_MODEL_STR = RIM_PFX + FX_SEPARATOR
+ PLATFORM_MODEL;
public static final String _PLATFORM_VERSION_STR = RIM_PFX + FX_SEPARATOR
public static final String PLATFORM_VERSION_STR = RIM_PFX + FX_SEPARATOR
+ PLATFORM_VERSION;
public static final String _PAYLOAD_TYPE_STR = RIM_PFX + FX_SEPARATOR
public static final String PAYLOAD_TYPE_STR = RIM_PFX + FX_SEPARATOR
+ PAYLOAD_TYPE;
public static final String _PC_URI_LOCAL_STR = RIM_PFX + FX_SEPARATOR
public static final String PC_URI_LOCAL_STR = RIM_PFX + FX_SEPARATOR
+ PC_URI_LOCAL;
public static final String _PC_URI_GLOBAL_STR = RIM_PFX + FX_SEPARATOR
public static final String PC_URI_GLOBAL_STR = RIM_PFX + FX_SEPARATOR
+ PC_URI_GLOBAL;
public static final QName _SHA256_HASH = new QName(
public static final QName SHA_256_HASH = new QName(
"http://www.w3.org/2001/04/xmlenc#sha256", HASH, "SHA256");
public static final QName _COLLOQUIAL_VERSION = new QName(
public static final QName QNAME_COLLOQUIAL_VERSION = new QName(
NIST_NS, COLLOQUIAL_VERSION, N8060_PFX);
public static final QName _EDITION = new QName(
public static final QName QNAME_EDITION = new QName(
NIST_NS, EDITION, N8060_PFX);
public static final QName _PRODUCT = new QName(
public static final QName QNAME_PRODUCT = new QName(
NIST_NS, PRODUCT, N8060_PFX);
public static final QName _REVISION = new QName(
public static final QName QNAME_REVISION = new QName(
NIST_NS, REVISION, N8060_PFX);
public static final QName _PAYLOAD_TYPE = new QName(
public static final QName QNAME_PAYLOAD_TYPE = new QName(
TCG_NS, PAYLOAD_TYPE, RIM_PFX);
public static final QName _PLATFORM_MANUFACTURER = new QName(
public static final QName QNAME_PLATFORM_MANUFACTURER = new QName(
TCG_NS, PLATFORM_MANUFACTURER_STR, RIM_PFX);
public static final QName _PLATFORM_MANUFACTURER_ID = new QName(
public static final QName QNAME_PLATFORM_MANUFACTURER_ID = new QName(
TCG_NS, PLATFORM_MANUFACTURER_ID, RIM_PFX);
public static final QName _PLATFORM_MODEL = new QName(
public static final QName QNAME_PLATFORM_MODEL = new QName(
TCG_NS, PLATFORM_MODEL, RIM_PFX);
public static final QName _PLATFORM_VERSION = new QName(
public static final QName QNAME_PLATFORM_VERSION = new QName(
TCG_NS, PLATFORM_VERSION, RIM_PFX);
public static final QName _FIRMWARE_MANUFACTURER_STR = new QName(
public static final QName QNAME_FIRMWARE_MANUFACTURER_STR = new QName(
TCG_NS, FIRMWARE_MANUFACTURER_STR, RIM_PFX);
public static final QName _FIRMWARE_MANUFACTURER_ID = new QName(
public static final QName QNAME_FIRMWARE_MANUFACTURER_ID = new QName(
TCG_NS, FIRMWARE_MANUFACTURER_ID, RIM_PFX);
public static final QName _FIRMWARE_MODEL = new QName(
public static final QName QNAME_FIRMWARE_MODEL = new QName(
TCG_NS, FIRMWARE_MODEL, RIM_PFX);
public static final QName _FIRMWARE_VERSION = new QName(
public static final QName QNAME_FIRMWARE_VERSION = new QName(
TCG_NS, FIRMWARE_VERSION, RIM_PFX);
public static final QName _BINDING_SPEC = new QName(
public static final QName QNAME_BINDING_SPEC = new QName(
TCG_NS, BINDING_SPEC, RIM_PFX);
public static final QName _BINDING_SPEC_VERSION = new QName(
public static final QName QNAME_BINDING_SPEC_VERSION = new QName(
TCG_NS, BINDING_SPEC_VERSION, RIM_PFX);
public static final QName _PC_URI_LOCAL = new QName(
public static final QName QNAME_PC_URI_LOCAL = new QName(
TCG_NS, PC_URI_LOCAL, RIM_PFX);
public static final QName _PC_URI_GLOBAL = new QName(
public static final QName QNAME_PC_URI_GLOBAL = new QName(
TCG_NS, PC_URI_GLOBAL, RIM_PFX);
public static final QName _RIM_LINK_HASH = new QName(
public static final QName QNAME_RIM_LINK_HASH = new QName(
TCG_NS, RIM_LINK_HASH, RIM_PFX);
public static final QName _SUPPORT_RIM_TYPE = new QName(
public static final QName QNAME_SUPPORT_RIM_TYPE = new QName(
TCG_NS, SUPPORT_RIM_TYPE, RIM_PFX);
public static final QName _SUPPORT_RIM_FORMAT = new QName(
public static final QName QNAME_SUPPORT_RIM_FORMAT = new QName(
TCG_NS, SUPPORT_RIM_FORMAT, RIM_PFX);
public static final QName _SUPPORT_RIM_URI_GLOBAL = new QName(
public static final QName QNAME_SUPPORT_RIM_URI_GLOBAL = new QName(
TCG_NS, SUPPORT_RIM_URI_GLOBAL, RIM_PFX);
public static final QName _N8060_ENVVARPREFIX = new QName(
public static final QName N8060_ENVVARPREFIX = new QName(
NIST_NS, "envVarPrefix", N8060_PFX);
public static final QName _N8060_ENVVARSUFFIX = new QName(
public static final QName N8060_ENVVARSUFFIX = new QName(
NIST_NS, "envVarSuffix", N8060_PFX);
public static final QName _N8060_PATHSEPARATOR = new QName(
public static final QName N8060_PATHSEPARATOR = new QName(
NIST_NS, "pathSeparator", N8060_PFX);
public static final String CA_ISSUERS = "1.3.6.1.5.5.7.48.2";

12
HIRS_Utils/src/main/java/hirs/utils/tpm/TPMBaselineGeneratorException.java
View File

@ -12,8 +12,7 @@ public class TPMBaselineGeneratorException extends Exception {
* Creates a new <code>CreateTPMBaselineException</code> that has the
* message <code>msg</code>.
*
* @param msg
* exception message
* @param msg exception message
*/
TPMBaselineGeneratorException(final String msg) {
super(msg);
@ -23,8 +22,7 @@ public class TPMBaselineGeneratorException extends Exception {
* Creates a new <code>CreateTPMBaselineException</code> that wraps the
* given <code>Throwable</code>.
*
* @param t
* root cause
* @param t root cause
*/
TPMBaselineGeneratorException(final Throwable t) {
super(t);
@ -34,10 +32,8 @@ public class TPMBaselineGeneratorException extends Exception {
* Creates a new <code>CreateTPMBaselineException</code> that has the
* message <code>msg</code> and wraps the root cause.
*
* @param msg
* exception message
* @param t
* root cause
* @param msg exception message
* @param t root cause
*/
TPMBaselineGeneratorException(final String msg, final Throwable t) {
super(msg, t);

171
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java
View File

@ -25,56 +25,104 @@ import java.util.LinkedHashMap;
*/
public final class TCGEventLog {
/** Logger. */
private static final Logger LOGGER = LogManager.getLogger(TCGEventLog.class);
/** Name of the hash algorithm used to process the Event Log, default is SHA256. */
@Getter
private String eventLogHashAlgorithm = "TPM_ALG_SHA256";
/** Parsed event log array. */
private static final int SIG_OFFSET = 32;
/** TEV_NO_ACTION signature size. */
private static final int SIG_SIZE = 16;
/** Initial value for SHA 256 values.*/
/**
* Initial value for SHA 256 values.
*/
public static final String INIT_SHA256_LIST = "00000000000000000000000000"
+ "00000000000000000000000000000000000000";
/** Initial value for SHA 256 values.*/
/**
* Initial value for SHA 256 values.
*/
public static final String LOCALITY4_SHA256_LIST = "ffffffffffffffffffffffffff"
+ "ffffffffffffffffffffffffffffffffffffff";
/** Initial value for SHA 1 values. */
/**
* Initial value for SHA 1 values.
*/
public static final String INIT_SHA1_LIST = "0000000000000000000000000000000000000000";
/** Initial value for SHA 1 values. */
/**
* Initial value for SHA 1 values.
*/
public static final String LOCALITY4_SHA1_LIST = "ffffffffffffffffffffffffffffffffffffffff";
/** PFP defined EV_NO_ACTION identifier. */
/**
* PFP defined EV_NO_ACTION identifier.
*/
public static final int NO_ACTION_EVENT = 0x00000003;
/** String value of SHA1 hash.*/
/**
* String value of SHA1 hash.
*/
public static final String HASH_STRING = "SHA1";
/** String value of SHA256 hash. */
/**
* String value of SHA256 hash.
*/
public static final String HASH256_STRING = "SHA-256";
/** Each PCR bank holds 24 registers. */
/**
* Each PCR bank holds 24 registers.
*/
public static final int PCR_COUNT = 24;
/** Locality 4 starts at PCR 17. */
/**
* Locality 4 starts at PCR 17.
*/
public static final int PCR_LOCALITY4_MIN = 17;
/** Locality 4 Ends at PCR 23. */
/**
* Locality 4 Ends at PCR 23.
*/
public static final int PCR_LOCALITY4_MAX = 23;
/** 2 dimensional array holding the PCR values. */
private byte[][] pcrList;
/** List of parsed events within the log. */
private LinkedHashMap<Integer, TpmPcrEvent> eventList = new LinkedHashMap<>();
/** Length of PCR. Indicates which hash algorithm is used. */
private int pcrLength;
/** Name of hash algorithm. */
private String hashType;
/** Initial PCR Value to use. */
private String initValue;
/** Initial PcR Value to use for locality 4. */
private String initLocalityFourValue;
/** Content Output Flag use. */
/**
* Logger.
*/
private static final Logger LOGGER = LogManager.getLogger(TCGEventLog.class);
/**
* Parsed event log array.
*/
private static final int SIG_OFFSET = 32;
/**
* TEV_NO_ACTION signature size.
*/
private static final int SIG_SIZE = 16;
/**
* Name of the hash algorithm used to process the Event Log, default is SHA256.
*/
@Getter
private String eventLogHashAlgorithm = "TPM_ALG_SHA256";
/**
* 2 dimensional array holding the PCR values.
*/
private final byte[][] pcrList;
/**
* List of parsed events within the log.
*/
private final LinkedHashMap<Integer, TpmPcrEvent> eventList = new LinkedHashMap<>();
/**
* Length of PCR. Indicates which hash algorithm is used.
*/
private final int pcrLength;
/**
* Name of hash algorithm.
*/
private final String hashType;
/**
* Initial PCR Value to use.
*/
private final String initValue;
/**
* Initial PcR Value to use for locality 4.
*/
private final String initLocalityFourValue;
/**
* Content Output Flag use.
*/
private boolean bContent = false;
/** Event Output Flag use. */
/**
* Event Output Flag use.
*/
private boolean bHexEvent = false;
/** Event Output Flag use. */
/**
* Event Output Flag use.
*/
private boolean bEvent = false;
/** Event Output Flag use. */
/**
* Event Output Flag use.
*/
@Getter
private boolean bCryptoAgile = false;
/**
@ -111,29 +159,31 @@ public final class TCGEventLog {
/**
* Simple constructor for Event Log.
*
* @param rawlog data for the event log file.
* @throws java.security.NoSuchAlgorithmException if an unknown algorithm is encountered.
* @throws java.security.NoSuchAlgorithmException if an unknown algorithm is encountered.
* @throws java.security.cert.CertificateException if a certificate in the log cannot be parsed.
* @throws java.io.IOException IO Stream if event cannot be parsed.
* @throws java.io.IOException IO Stream if event cannot be parsed.
*/
public TCGEventLog(final byte[] rawlog)
throws CertificateException, NoSuchAlgorithmException, IOException {
throws CertificateException, NoSuchAlgorithmException, IOException {
this(rawlog, false, false, false);
}
/**
* Default constructor for just the rawlog that'll set up SHA1 Log.
* @param rawlog data for the event log file.
* @param bEventFlag if true provides human readable event descriptions.
* @param bContentFlag if true provides hex output for Content in the description.
*
* @param rawlog data for the event log file.
* @param bEventFlag if true provides human readable event descriptions.
* @param bContentFlag if true provides hex output for Content in the description.
* @param bHexEventFlag if true provides hex event structure in the description.
* @throws java.security.NoSuchAlgorithmException if an unknown algorithm is encountered.
* @throws java.security.NoSuchAlgorithmException if an unknown algorithm is encountered.
* @throws java.security.cert.CertificateException if a certificate in the log cannot be parsed.
* @throws java.io.IOException IO Stream if event cannot be parsed.
* @throws java.io.IOException IO Stream if event cannot be parsed.
*/
public TCGEventLog(final byte[] rawlog, final boolean bEventFlag,
final boolean bContentFlag, final boolean bHexEventFlag)
throws CertificateException, NoSuchAlgorithmException, IOException {
throws CertificateException, NoSuchAlgorithmException, IOException {
bCryptoAgile = isLogCrytoAgile(rawlog);
if (bCryptoAgile) {
@ -194,18 +244,18 @@ public final class TCGEventLog {
* This method puts blank values in the pcrList.
*/
private void initPcrList() {
try {
for (int i = 0; i < PCR_COUNT; i++) {
System.arraycopy(Hex.decodeHex(initValue.toCharArray()),
try {
for (int i = 0; i < PCR_COUNT; i++) {
System.arraycopy(Hex.decodeHex(initValue.toCharArray()),
0, pcrList[i], 0, pcrLength);
}
for (int i = PCR_LOCALITY4_MIN; i < PCR_LOCALITY4_MAX; i++) {
System.arraycopy(Hex.decodeHex(initLocalityFourValue.toCharArray()),
0, pcrList[i], 0, pcrLength);
}
} catch (DecoderException deEx) {
LOGGER.error(deEx);
}
for (int i = PCR_LOCALITY4_MIN; i < PCR_LOCALITY4_MAX; i++) {
System.arraycopy(Hex.decodeHex(initLocalityFourValue.toCharArray()),
0, pcrList[i], 0, pcrLength);
}
} catch (DecoderException deEx) {
LOGGER.error(deEx);
}
}
// /**
@ -298,6 +348,7 @@ public final class TCGEventLog {
/**
* Returns a list of event found in the Event Log.
*
* @return an arraylist of event.
*/
public Collection<TpmPcrEvent> getEventList() {
@ -307,6 +358,7 @@ public final class TCGEventLog {
/**
* Returns a specific element of the Event Log that corresponds to the requested
* event number.
*
* @param eventNumber specific event to find in the list.
* @return TPM Event in the position of the list
*/
@ -326,6 +378,7 @@ public final class TCGEventLog {
/**
* Human readable string representing the contents of the Event Log.
*
* @return Description of the log.
*/
public String toString() {
@ -334,14 +387,15 @@ public final class TCGEventLog {
sb.append(event.toString(bEvent, bHexEvent, bContent));
}
sb.append("Event Log processing completed.\n");
return sb.toString();
return sb.toString();
}
/**
* Human readable string representing the contents of the Event Log.
* @param event flag to set
*
* @param event flag to set
* @param hexEvent flag to set
* @param content flag to set
* @param content flag to set
* @return Description of the log.
*/
public String toString(final boolean event,
@ -357,10 +411,11 @@ public final class TCGEventLog {
/**
* Returns the TCG Algorithm Registry defined ID for the Digest Algorithm
* used in the event log.
*
* @return TCG Defined Algorithm name
*/
public int getEventLogHashAlgorithmID() {
return TcgTpmtHa.tcgAlgStringToId(eventLogHashAlgorithm);
return TcgTpmtHa.tcgAlgStringToId(eventLogHashAlgorithm);
}
/**

243
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TcgTpmtHa.java
View File

@ -17,66 +17,80 @@ import java.math.BigInteger;
* } TPMT_HA;
*/
public class TcgTpmtHa {
/**
* TCG ID for SHA1.
*/
public static final int TPM_ALG_SHA1 = 0x04;
/**
* TCG ID for SHA1.
*/
public static final int TPM_ALG_SHA256 = 0x0B;
/**
* TCG ID for SHA 384.
*/
public static final int TPM_ALG_SHA384 = 0x0C;
/**
* TCG ID for SHA512.
*/
public static final int TPM_ALG_SHA_512 = 0x0D;
/**
* TCG ID for Null algorithm.
*/
public static final int TPM_ALG_NULL = 0x10;
/**
* TCG ID for SHA1.
*/
public static final int TPM_ALG_SHA1_LENGTH = 20;
/**
* TCG ID for SHA1.
*/
public static final int TPM_ALG_SHA256_LENGTH = 32;
/**
* TCG ID for SHA 384.
*/
public static final int TPM_ALG_SHA384_LENGTH = 48;
/**
* TCG ID for SHA512.
*/
public static final int TPM_ALG_SHA512_LENGTH = 64;
/**
* TCG ID for Null algorithm.
*/
public static final int TPM_ALG_NULL_LENGTH = 0;
/**
* TCG Defined Algorithm Identifiers.
*/
@Getter
private int hashAlgId = 0;
/**
* Length of the hash.
*/
@Getter
private int hashLength = 0;
/**
* Human readable name of the hash algorithm.
* Human-readable name of the hash algorithm.
*/
@Getter
private String hashName = "";
/**
* Hash data.
*/
@Getter(value = AccessLevel.PROTECTED)
private byte[] digest = null;
/**
* TCG ID for SHA1.
*/
public static final int TPM_ALG_SHA1 = 0x04;
/**
* TCG ID for SHA1.
*/
public static final int TPM_ALG_SHA256 = 0x0B;
/**
* TCG ID for SHA 384.
*/
public static final int TPM_ALG_SHA384 = 0x0C;
/**
* TCG ID for SHA512.
*/
public static final int TPM_ALG_SHA_512 = 0x0D;
/**
* TCG ID for Null algorithm.
*/
public static final int TPM_ALG_NULL = 0x10;
/**
* TCG ID for SHA1.
*/
public static final int TPM_ALG_SHA1_LENGTH = 20;
/**
* TCG ID for SHA1.
*/
public static final int TPM_ALG_SHA256_LENGTH = 32;
/**
* TCG ID for SHA 384.
*/
public static final int TPM_ALG_SHA384_LENGTH = 48;
/**
* TCG ID for SHA512.
*/
public static final int TPM_ALG_SHA512_LENGTH = 64;