* HEADERS defined by PFP v1.06 Rev 52: *
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER { - * UINT8 Signature[16]; - * UINT16 Version; - * UINT16 Length; - * UINT32 SpdmHashAlg; - * UINT32 DeviceType; - * SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock; - * UINT64 DevicePathLength; - * UNIT8 DevicePath[DevicePathLength] + * UINT8 Signature[16]; + * UINT16 Version; + * UINT16 Length; + * UINT32 SpdmHashAlg; + * UINT32 DeviceType; + * SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock; + * UINT64 DevicePathLength; + * UNIT8 DevicePath[DevicePathLength] * } DEVICE_SECURITY_EVENT_DATA_HEADER; *
* Assumption: there is only 1 SpdmMeasurementBlock per event. Need more test patterns to verify. @@ -62,8 +62,9 @@ public class DeviceSecurityEventDataHeader extends DeviceSecurityEventHeader { super(dsedBytes); + final int dsedBytesSrcIndex1 = 18; byte[] lengthBytes = new byte[UefiConstants.SIZE_2]; - System.arraycopy(dsedBytes, 18, lengthBytes, 0, + System.arraycopy(dsedBytes, dsedBytesSrcIndex1, lengthBytes, 0, UefiConstants.SIZE_2); length = HexUtils.leReverseInt(lengthBytes); @@ -72,18 +73,22 @@ public class DeviceSecurityEventDataHeader extends DeviceSecurityEventHeader { UefiConstants.SIZE_4); spdmHashAlgo = HexUtils.leReverseInt(spdmHashAlgoBytes); - extractDeviceType(dsedBytes, 24); + final int dsedBytesStartByte = 24; + extractDeviceType(dsedBytes, dsedBytesStartByte); // get the size of the SPDM Measurement Block + final int dsedBytesSrcIndex2 = 30; byte[] sizeOfSpdmMeasBlockBytes = new byte[UefiConstants.SIZE_2]; - System.arraycopy(dsedBytes, 30, sizeOfSpdmMeasBlockBytes, 0, + System.arraycopy(dsedBytes, dsedBytesSrcIndex2, sizeOfSpdmMeasBlockBytes, 0, UefiConstants.SIZE_2); - int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes); - int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + 4; // header is 4 bytes + final int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes); + final int offSetBytesForSpdm = 4; + final int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + offSetBytesForSpdm; // header is 4 bytes // extract the bytes that comprise the SPDM Measurement Block + final int dsedBytesSrcIndex3 = 28; byte[] spdmMeasBlockBytes = new byte[sizeOfSpdmMeasBlock]; - System.arraycopy(dsedBytes, 28, spdmMeasBlockBytes, 0, + System.arraycopy(dsedBytes, dsedBytesSrcIndex3, spdmMeasBlockBytes, 0, sizeOfSpdmMeasBlock); ByteArrayInputStream spdmMeasurementBlockData = @@ -96,7 +101,8 @@ public class DeviceSecurityEventDataHeader extends DeviceSecurityEventHeader { spdmMeasurementBlockInfo = " Error reading SPDM Measurement Block"; } - int devPathLenStartByte = 28 + sizeOfSpdmMeasBlock; + final int offSetBytesForDevPath = 28; + final int devPathLenStartByte = offSetBytesForDevPath + sizeOfSpdmMeasBlock; extractDevicePathAndFinalSize(dsedBytes, devPathLenStartByte); } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java index 6c402afd..55ec9c06 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java @@ -7,26 +7,52 @@ import lombok.Getter; * Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER2. * DEVICE_SECURITY_EVENT_DATA_HEADER2 contains the measurement(s) and hash algorithm identifier * returned by the SPDM "GET_MEASUREMENTS" function. - * + *
* HEADERS defined by PFP v1.06 Rev 52: *
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER2 { - * UINT8 Signature[16]; - * UINT16 Version; - * UINT8 AuthState; - * UINT8 Reserved - * UINT32 Length; - * UINT32 DeviceType; - * UINT32 SubHeaderType; - * UINT32 SubHeaderLength; - * UINT64 SubHeaderUID; - * UINT64 DevicePathLength; - * UNIT8 DevicePath[DevicePathLength] + * UINT8 Signature[16]; + * UINT16 Version; + * UINT8 AuthState; + * UINT8 Reserved + * UINT32 Length; + * UINT32 DeviceType; + * UINT32 SubHeaderType; + * UINT32 SubHeaderLength; + * UINT64 SubHeaderUID; + * UINT64 DevicePathLength; + * UNIT8 DevicePath[DevicePathLength] * } DEVICE_SECURITY_EVENT_DATA_HEADER2; *
*/ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader { + /** + * Auth state - success. + */ + public static final int AUTH_SUCCESS = 0; + /** + * Auth state - digital signature of the data is valid, but the public key certificate chain is not + * validated with the entry in the UEFI device signature variable. + */ + public static final int AUTH_NO_AUTHORITY = 1; + /** + * Auth state - digital signature of the measurement data is valid, but the reported device capabilities, + * negotiated parameters or certificate chains were not validated by a transcript. + */ + public static final int AUTH_NO_BINDING = 2; + /** + * Auth state - data has no digital signature. + */ + public static final int AUTH_FAIL_NO_SIG = 3; + /** + * Auth state - data is invalid. + */ + public static final int AUTH_FAIL_INVALID = 4; + /** + * Auth state - device is not an SPDM-capable device. + */ + public static final int AUTH_NO_SPDM = 0xFF; /** * Event auth state. */ @@ -55,33 +81,6 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader { @Getter private String subHeaderUid = ""; - /** - * Auth state - success. - */ - public static final int AUTH_SUCCESS = 0; - /** - * Auth state - digital signature of the data is valid, but the public key certificate chain is not - * validated with the entry in the UEFI device signature variable. - */ - public static final int AUTH_NO_AUTHORITY = 1; - /** - * Auth state - digital signature of the measurement data is valid, but the reported device capabilities, - * negotiated parameters or certificate chains were not validated by a transcript. - */ - public static final int AUTH_NO_BINDING = 2; - /** - * Auth state - data has no digital signature. - */ - public static final int AUTH_FAIL_NO_SIG = 3; - /** - * Auth state - data is invalid. - */ - public static final int AUTH_FAIL_INVALID = 4; - /** - * Auth state - device is not an SPDM-capable device. - */ - public static final int AUTH_NO_SPDM = 0xFF; - /** * DeviceSecurityEventDataHeader2 Constructor. * @@ -91,33 +90,43 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader { super(dsedBytes); + final int dsedBytesSrcIndex = 18; byte[] authStateBytes = new byte[1]; - System.arraycopy(dsedBytes, 18, authStateBytes, 0, 1); + System.arraycopy(dsedBytes, dsedBytesSrcIndex, authStateBytes, 0, 1); authState = HexUtils.leReverseInt(authStateBytes); // byte[] reserved[Bytes]: 1 byte - byte[] lengthBytes = new byte[4]; - System.arraycopy(dsedBytes, 20, lengthBytes, 0, 4); + final int dsedBytesSrcIndex2 = 20; + final int lengthBytesSize = 4; + byte[] lengthBytes = new byte[lengthBytesSize]; + System.arraycopy(dsedBytes, dsedBytesSrcIndex2, lengthBytes, 0, lengthBytesSize); length = HexUtils.leReverseInt(lengthBytes); - extractDeviceType(dsedBytes, 24); + final int dsedBytesStartByte1 = 24; + extractDeviceType(dsedBytes, dsedBytesStartByte1); - byte[] subHeaderTypeBytes = new byte[4]; - System.arraycopy(dsedBytes, 28, subHeaderTypeBytes, 0, 4); + final int dsedBytesSrcIndex3 = 28; + final int subHeaderTypeBytesSize = 4; + byte[] subHeaderTypeBytes = new byte[subHeaderTypeBytesSize]; + System.arraycopy(dsedBytes, dsedBytesSrcIndex3, subHeaderTypeBytes, 0, subHeaderTypeBytesSize); subHeaderType = HexUtils.leReverseInt(subHeaderTypeBytes); - byte[] subHeaderLengthBytes = new byte[4]; - System.arraycopy(dsedBytes, 32, subHeaderLengthBytes, 0, 4); + final int dsedBytesSrcIndex4 = 32; + final int subHeaderLengthBytesSize = 4; + byte[] subHeaderLengthBytes = new byte[subHeaderLengthBytesSize]; + System.arraycopy(dsedBytes, dsedBytesSrcIndex4, subHeaderLengthBytes, 0, subHeaderLengthBytesSize); subHeaderLength = HexUtils.leReverseInt(subHeaderLengthBytes); - byte[] subHeaderUidBytes = new byte[8]; - System.arraycopy(dsedBytes, 36, subHeaderUidBytes, 0, 8); + final int dsedBytesSrcIndex5 = 36; + final int subHeaderUidBytesSize = 8; + byte[] subHeaderUidBytes = new byte[subHeaderUidBytesSize]; + System.arraycopy(dsedBytes, dsedBytesSrcIndex5, subHeaderUidBytes, 0, subHeaderUidBytesSize); subHeaderUidBytes = HexUtils.leReverseByte(subHeaderUidBytes); subHeaderUid = HexUtils.byteArrayToHexString(subHeaderUidBytes); - int devPathLenStartByte = 44; - extractDevicePathAndFinalSize(dsedBytes, devPathLenStartByte); + final int dsedBytesStartByte2 = 44; + extractDevicePathAndFinalSize(dsedBytes, dsedBytesStartByte2); } /** @@ -139,22 +148,14 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader { * @return a description of the auth state. */ public String getAuthStateString() { - - switch (authState) { - case AUTH_SUCCESS: - return ("AUTH_SUCCESS"); - case AUTH_NO_AUTHORITY: - return ("AUTH_NO_AUTHORITY"); - case AUTH_NO_BINDING: - return ("AUTH_NO_BINDING"); - case AUTH_FAIL_NO_SIG: - return ("AUTH_FAIL_NO_SIG"); - case AUTH_FAIL_INVALID: - return ("AUTH_FAIL_INVALID"); - case AUTH_NO_SPDM: - return ("AUTH_NO_SPDM"); - default: - return ("Auth State unknown"); - } + return switch (authState) { + case AUTH_SUCCESS -> ("AUTH_SUCCESS"); + case AUTH_NO_AUTHORITY -> ("AUTH_NO_AUTHORITY"); + case AUTH_NO_BINDING -> ("AUTH_NO_BINDING"); + case AUTH_FAIL_NO_SIG -> ("AUTH_FAIL_NO_SIG"); + case AUTH_FAIL_INVALID -> ("AUTH_FAIL_INVALID"); + case AUTH_NO_SPDM -> ("AUTH_NO_SPDM"); + default -> ("Auth State unknown"); + }; } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java index fda1397c..05073d41 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java @@ -13,27 +13,27 @@ import static hirs.utils.PciIds.translateVendor; * Class to process the DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT event per PFP. *
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT { - * UINT16 Version; - * UINT16 Length; - * UINT16 VendorId; - * UINT16 DeviceId; - * UINT16 RevisionId; - * UINT16 ClassCode[3]; - * UINT16 SubsystemVendorId; - * UINT16 SubsystemId; + * UINT16 Version; + * UINT16 Length; + * UINT16 VendorId; + * UINT16 DeviceId; + * UINT16 RevisionId; + * UINT16 ClassCode[3]; + * UINT16 SubsystemVendorId; + * UINT16 SubsystemId; *
* The following fields are defined by the PCI Express Base Specification rev4.0 v1.0.
- * VendorId
- * DeviceId
- * RevisionId
- * ClassCode
- * SubsystemVendorId
- * SubsystemId
+ * VendorId
+ * DeviceId
+ * RevisionId
+ * ClassCode
+ * SubsystemVendorId
+ * SubsystemId
* Vendor id and device id are registered to specific manufacturers.
- * https://admin.pci-ids.ucw.cz/read/PC/
- * Ex. vendor id 8086 and device id 0b60: https://admin.pci-ids.ucw.cz/read/PC/8086/0b60
+ * https://admin.pci-ids.ucw.cz/read/PC/
+ * Ex. vendor id 8086 and device id 0b60: https://admin.pci-ids.ucw.cz/read/PC/8086/0b60
* Class code can be looked up on the web.
- * https://admin.pci-ids.ucw.cz/read/PD/
+ * https://admin.pci-ids.ucw.cz/read/PD/
* The revision ID is controlled by the vendor and cannot be looked up.
*/
public class DeviceSecurityEventDataPciContext extends DeviceSecurityEventDataDeviceContext {
@@ -78,28 +78,36 @@ public class DeviceSecurityEventDataPciContext extends DeviceSecurityEventDataDe
super(dSEDpciContextBytes);
+ final int dSEDpciContextBytesSrcIndex1 = 4;
byte[] pciVendorIdBytes = new byte[2];
- System.arraycopy(dSEDpciContextBytes, 4, pciVendorIdBytes, 0, 2);
+ System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex1, pciVendorIdBytes, 0, 2);
vendorId = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciVendorIdBytes));
+ final int dSEDpciContextBytesSrcIndex2 = 6;
byte[] pciDeviceIdBytes = new byte[2];
- System.arraycopy(dSEDpciContextBytes, 6, pciDeviceIdBytes, 0, 2);
+ System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex2, pciDeviceIdBytes, 0, 2);
deviceId = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciDeviceIdBytes));
+ final int dSEDpciContextBytesSrcIndex3 = 8;
byte[] pciRevisionIdBytes = new byte[1];
- System.arraycopy(dSEDpciContextBytes, 8, pciRevisionIdBytes, 0, 1);
+ System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex3, pciRevisionIdBytes, 0, 1);
revisionId = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciRevisionIdBytes));
- byte[] pciClassCodeBytes = new byte[3];
- System.arraycopy(dSEDpciContextBytes, 9, pciClassCodeBytes, 0, 3);
+ final int dSEDpciContextBytesSrcIndex4 = 9;
+ final int pciClassCodeBytesSize = 3;
+ byte[] pciClassCodeBytes = new byte[pciClassCodeBytesSize];
+ System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex4, pciClassCodeBytes, 0,
+ pciClassCodeBytesSize);
classCode = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciClassCodeBytes));
+ final int dSEDpciContextBytesSrcIndex5 = 12;
byte[] pciSubsystemVendorIdBytes = new byte[2];
- System.arraycopy(dSEDpciContextBytes, 12, pciSubsystemVendorIdBytes, 0, 2);
+ System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex5, pciSubsystemVendorIdBytes, 0, 2);
subsystemVendorId = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciSubsystemVendorIdBytes));
+ final int dSEDpciContextBytesSrcIndex6 = 14;
byte[] pciSubsystemIdBytes = new byte[2];
- System.arraycopy(dSEDpciContextBytes, 14, pciSubsystemIdBytes, 0, 2);
+ System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex6, pciSubsystemIdBytes, 0, 2);
subsystemId = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciSubsystemIdBytes));
}
@@ -118,8 +126,9 @@ public class DeviceSecurityEventDataPciContext extends DeviceSecurityEventDataDe
dSEDpciContextInfo += " RevisionID = " + revisionId + "\n";
List
* typedef union tdDEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN {
- * UINT16 SpdmVersion;
- * UINT8 SpdmSlotId;
- * UINT8 Reserved;
- * UINT32 SpdmBaseHashAlgo;
- * SPDM_CERT_CHAIN SpdmCertChain;
+ * UINT16 SpdmVersion;
+ * UINT8 SpdmSlotId;
+ * UINT8 Reserved;
+ * UINT32 SpdmBaseHashAlgo;
+ * SPDM_CERT_CHAIN SpdmCertChain;
* } DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN;
*
* SpdmVersion: SpdmBaseHashAlgo
@@ -61,16 +61,21 @@ public class DeviceSecurityEventDataSubHeaderCertChain extends DeviceSecurityEve
// byte[] reserved[Bytes]: 1 byte
- byte[] spdmBaseHashAlgoBytes = new byte[4];
- System.arraycopy(dsedSubHBytes, 4, spdmBaseHashAlgoBytes, 0, 4);
+ final int dsedSybHBytesSrcIndex1 = 4;
+ final int spdmBaseHashAlgoBytesSize = 4;
+ byte[] spdmBaseHashAlgoBytes = new byte[spdmBaseHashAlgoBytesSize];
+ System.arraycopy(dsedSubHBytes, dsedSybHBytesSrcIndex1, spdmBaseHashAlgoBytes, 0,
+ spdmBaseHashAlgoBytesSize);
spdmBaseHashAlgo = HexUtils.leReverseInt(spdmBaseHashAlgoBytes);
// get the size of the SPDM Cert Chain
- int spdmCertChainSize = dsedSubHBytes.length - 8;
+ final int offsetForSpdmCertChain = 8;
+ int spdmCertChainSize = dsedSubHBytes.length - offsetForSpdmCertChain;
// extract the bytes that comprise the SPDM Cert Chain
+ final int dsedSybHBytesSrcIndex2 = 8;
byte[] spdmCertChainBytes = new byte[spdmCertChainSize];
- System.arraycopy(dsedSubHBytes, 8, spdmCertChainBytes, 0,
+ System.arraycopy(dsedSubHBytes, dsedSybHBytesSrcIndex2, spdmCertChainBytes, 0,
spdmCertChainSize);
int spdmBaseHashAlgoSize = SpdmHa.tcgAlgIdToByteSize(spdmBaseHashAlgo);
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
index c13c2251..c4cf4659 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
@@ -15,24 +15,28 @@ import java.util.List;
*
*
* typedef union tdDEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK {
- * UINT16 SpdmVersion;
- * UINT8 SpdmMeasurementBlockCount;
- * UINT8 Reserved;
- * UINT32 SpdmMeasurementHashAlgo;
- * SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock[SpdmMeasurementBlockCount];
+ * UINT16 SpdmVersion;
+ * UINT8 SpdmMeasurementBlockCount;
+ * UINT8 Reserved;
+ * UINT32 SpdmMeasurementHashAlgo;
+ * SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock[SpdmMeasurementBlockCount];
* } DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK;
*
- *
+ *
* SpdmMeasurementBlock is an array of SPDM_MEASUREMENT_BLOCKs
- * The size of each block is the same and can be found by either:
- * 1) 4 + SpdmMeasurementBlock MeasurementSize
- * OR
- * 2) 4 + hash length of the hash algorithm found in
- * DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementHashAlgo
- * where 4 is the size of the SpdmMeasurementBlock header
+ * The size of each block is the same and can be found by either:
+ * 1) 4 + SpdmMeasurementBlock MeasurementSize
+ * OR
+ * 2) 4 + hash length of the hash algorithm found in
+ * DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementHashAlgo
+ * where 4 is the size of the SpdmMeasurementBlock header
*/
public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends DeviceSecurityEventDataSubHeader {
+ /**
+ * List of SPDM Measurement Blocks.
+ */
+ private final List
* Notes:
* 1. First 16 bytes of the structure is an ASCII with a fixed Length of 16
@@ -66,7 +66,7 @@ public class EvNoAction {
signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
if (signature.contains("Spec ID Event03")) { // implies CryptAgileFormat
EvEfiSpecIdEvent specIDEvent = new EvEfiSpecIdEvent(eventData);
- noActionInfo += specIDEventToString(specIDEvent).toString();
+ noActionInfo += specIDEventToString(specIDEvent);
bSpecIDEvent = true;
specVersion = String.format("%s.%s",
specIDEvent.getVersionMajor(),
@@ -126,25 +126,21 @@ public class EvNoAction {
* @return a description of the locality.
*/
private String getLocality(final byte[] eventData) {
- String localityInfo = "";
+ final int eventDataSrcIndex = 16;
byte[] localityBytes = new byte[1];
- System.arraycopy(eventData, 16, localityBytes, 0, 1);
- int locality = HexUtils.leReverseInt(localityBytes);
+ System.arraycopy(eventData, eventDataSrcIndex, localityBytes, 0, 1);
+ final int locality = HexUtils.leReverseInt(localityBytes);
- switch (locality) {
- case 0:
- localityInfo += "Locality 0 without an H-CRTM sequence";
- break;
- case 3:
- localityInfo += "Locality 3 without an H-CRTM sequence";
- break;
- case 4:
- localityInfo += "Locality 4 with an H-CRTM sequence initialized";
- break;
- default:
- localityInfo += "Unknown";
- }
- return localityInfo;
+ final int locality0 = 0;
+ final int locality3 = 3;
+ final int locality4 = 4;
+
+ return switch (locality) {
+ case locality0 -> "Locality 0 without an H-CRTM sequence";
+ case locality3 -> "Locality 3 without an H-CRTM sequence";
+ case locality4 -> "Locality 4 with an H-CRTM sequence initialized";
+ default -> "Unknown";
+ };
}
/**
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexDynamicEventLogData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexDynamicEventLogData.java
index f4318959..44e55233 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexDynamicEventLogData.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexDynamicEventLogData.java
@@ -8,19 +8,19 @@ import java.nio.charset.StandardCharsets;
* Class to process the NV_INDEX_DYNAMIC_EVENT_LOG_DATA per PFP.
* Per PFP, the first 16 bytes of the structure are a String based identifier (Signature),
* which are a NULL-terminated ASCII string "NvIndexDynamic".
- *
+ *
* HEADERS defined by PFP v1.06 Rev 52.
* Certain fields are common to both ..HEADER and ..HEADER2, and are noted below the structures.
*
* typedef struct tdNV_INDEX_DYNAMIC_EVENT_LOG_DATA {
- * BYTE Signature[16];
- * UINT16 Version;
- * UINT8[6] Reserved;
- * UINT64 UID;
- * UINT16 DescriptionSize;
- * UINT8 Description[DescriptionSize];
- * UINT16 DataSize;
- * DEVICE_SECURITY_EVENT_DATA2 Data[DataSize];
+ * BYTE Signature[16];
+ * UINT16 Version;
+ * UINT8[6] Reserved;
+ * UINT64 UID;
+ * UINT16 DescriptionSize;
+ * UINT8 Description[DescriptionSize];
+ * UINT16 DataSize;
+ * DEVICE_SECURITY_EVENT_DATA2 Data[DataSize];
* } NV_INDEX_DYNAMIC_EVENT_LOG_DATA;
*
*/
@@ -43,13 +43,16 @@ public class NvIndexDynamicEventLogData {
*/
public NvIndexDynamicEventLogData(final byte[] eventData) {
- byte[] signatureBytes = new byte[16];
- System.arraycopy(eventData, 0, signatureBytes, 0, 16);
+ final int signatureBytesSize = 16;
+ byte[] signatureBytes = new byte[signatureBytesSize];
+ System.arraycopy(eventData, 0, signatureBytes, 0, signatureBytesSize);
signature = new String(signatureBytes, StandardCharsets.UTF_8);
signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
- byte[] versionBytes = new byte[2];
- System.arraycopy(eventData, 16, versionBytes, 0, 2);
+ final int versionBytesSize = 2;
+ final int eventDataSrcIndex1 = 16;
+ byte[] versionBytes = new byte[versionBytesSize];
+ System.arraycopy(eventData, eventDataSrcIndex1, versionBytes, 0, versionBytesSize);
String nvIndexVersion = HexUtils.byteArrayToHexString(versionBytes);
if (nvIndexVersion.isEmpty()) {
nvIndexVersion = "version not readable";
@@ -58,23 +61,28 @@ public class NvIndexDynamicEventLogData {
nvIndexDynamicInfo += " Nv Index Dynamic Version = " + nvIndexVersion + "\n";
// 6 bytes of Reserved data
-
- byte[] uidBytes = new byte[8];
- System.arraycopy(eventData, 24, uidBytes, 0, 8);
+ final int uidBytesSize = 8;
+ final int eventDataSrcIndex2 = 24;
+ byte[] uidBytes = new byte[uidBytesSize];
+ System.arraycopy(eventData, eventDataSrcIndex2, uidBytes, 0, uidBytesSize);
String uid = HexUtils.byteArrayToHexString(uidBytes);
nvIndexDynamicInfo += " UID = " + uid + "\n";
- byte[] descriptionSizeBytes = new byte[2];
- System.arraycopy(eventData, 32, descriptionSizeBytes, 0, 2);
+ final int descriptionSizeBytesLength = 2;
+ final int eventDataSrcIndex3 = 32;
+ byte[] descriptionSizeBytes = new byte[descriptionSizeBytesLength];
+ System.arraycopy(eventData, eventDataSrcIndex3, descriptionSizeBytes, 0, descriptionSizeBytesLength);
int descriptionSize = HexUtils.leReverseInt(descriptionSizeBytes);
+ final int eventDataSrcIndex4 = 34;
byte[] descriptionBytes = new byte[descriptionSize];
- System.arraycopy(eventData, 34, descriptionBytes, 0, descriptionSize);
+ System.arraycopy(eventData, eventDataSrcIndex4, descriptionBytes, 0, descriptionSize);
String description = new String(descriptionBytes, StandardCharsets.UTF_8);
description = description.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
nvIndexDynamicInfo += " Description = " + description + "\n";
- int dataSizeStartByte = 34 + descriptionSize;
+ final int dataSizeOffset = 34;
+ int dataSizeStartByte = dataSizeOffset + descriptionSize;
byte[] dataSizeBytes = new byte[2];
System.arraycopy(eventData, dataSizeStartByte, dataSizeBytes, 0, 2);
int dataSize = HexUtils.leReverseInt(dataSizeBytes);
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java
index 1e6e9134..af573ead 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java
@@ -8,15 +8,15 @@ import java.nio.charset.StandardCharsets;
* Class to process the NV_INDEX_INSTANCE_EVENT_LOG_DATA per PFP.
* Per PFP, the first 16 bytes of the structure are a String based identifier (Signature),
* which are a NULL-terminated ASCII string "NvIndexInstance".
- *
+ *
* HEADERS defined by PFP v1.06 Rev 52.
* Certain fields are common to both ..HEADER and ..HEADER2, and are noted below the structures.
*
* typedef struct tdNV_INDEX_INSTANCE_EVENT_LOG_DATA {
- * BYTE Signature[16];
- * UINT16 Version;
- * UINT8[6] Reserved;
- * DEVICE_SECURITY_EVENT_DATA2 Data;
+ * BYTE Signature[16];
+ * UINT16 Version;
+ * UINT8[6] Reserved;
+ * DEVICE_SECURITY_EVENT_DATA2 Data;
* } NV_INDEX_INSTANCE_EVENT_LOG_DATA;
*
*/
@@ -45,13 +45,15 @@ public class NvIndexInstanceEventLogData {
*/
public NvIndexInstanceEventLogData(final byte[] eventData) {
- byte[] signatureBytes = new byte[16];
- System.arraycopy(eventData, 0, signatureBytes, 0, 16);
+ final int signatureBytesSize = 16;
+ byte[] signatureBytes = new byte[signatureBytesSize];
+ System.arraycopy(eventData, 0, signatureBytes, 0, signatureBytesSize);
signature = new String(signatureBytes, StandardCharsets.UTF_8);
signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
+ final int eventDataSrcIndex1 = 16;
byte[] versionBytes = new byte[2];
- System.arraycopy(eventData, 16, versionBytes, 0, 2);
+ System.arraycopy(eventData, eventDataSrcIndex1, versionBytes, 0, 2);
String nvIndexVersion = HexUtils.byteArrayToHexString(versionBytes);
if (nvIndexVersion == "") {
nvIndexVersion = "version not readable";
@@ -60,14 +62,16 @@ public class NvIndexInstanceEventLogData {
nvIndexInstanceInfo += " Nv Index Instance Version = " + nvIndexVersion + "\n";
// 6 bytes of Reserved data
-
- byte[] dsedSignatureBytes = new byte[16];
- System.arraycopy(eventData, 24, dsedSignatureBytes, 0, 16);
+ final int eventDataSrcIndex2 = 24;
+ final int dsedSignatureBytesSize = 16;
+ byte[] dsedSignatureBytes = new byte[dsedSignatureBytesSize];
+ System.arraycopy(eventData, eventDataSrcIndex2, dsedSignatureBytes, 0, dsedSignatureBytesSize);
String dsedSignature = new String(dsedSignatureBytes, StandardCharsets.UTF_8);
dsedSignature = dsedSignature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
+ final int eventDataSrcIndex3 = 40;
byte[] dsedVersionBytes = new byte[2];
- System.arraycopy(eventData, 40, dsedVersionBytes, 0, 2);
+ System.arraycopy(eventData, eventDataSrcIndex3, dsedVersionBytes, 0, 2);
String dsedVersion = HexUtils.byteArrayToHexString(dsedVersionBytes);
if (dsedVersion == "") {
dsedVersion = "version not readable";
@@ -75,9 +79,10 @@ public class NvIndexInstanceEventLogData {
if (dsedSignature.contains("SPDM Device Sec2")) {
- int dsedEventDataSize = eventData.length - 24;
+ final int eventDataSrcIndex4 = 24;
+ final int dsedEventDataSize = eventData.length - eventDataSrcIndex4;
byte[] dsedEventData = new byte[dsedEventDataSize];
- System.arraycopy(eventData, 24, dsedEventData, 0, dsedEventDataSize);
+ System.arraycopy(eventData, eventDataSrcIndex4, dsedEventData, 0, dsedEventDataSize);
nvIndexInstanceInfo += " Signature = SPDM Device Sec2\n";
@@ -89,7 +94,7 @@ public class NvIndexInstanceEventLogData {
+ dsedVersion + "\n";
}
} else {
- nvIndexInstanceInfo = " Signature error: should be \'SPDM Device Sec2\' but is "
+ nvIndexInstanceInfo = " Signature error: should be 'SPDM Device Sec2' but is "
+ signature + "\n";
}
}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmCertificateChain.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmCertificateChain.java
index 8d0062c6..7ec8b8ea 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmCertificateChain.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmCertificateChain.java
@@ -15,22 +15,22 @@ import java.util.ArrayList;
*
* Certificate chain format, defined by SPDM v1.03, Sect 10.6.1, Table 33:
* Certificate chain format {
- * Length 2 bytes;
- * Reserved 2 bytes;
- * RootHash
* Length: total length of cert chain including all fields in this block
* H: the output size of the hash algorithm selected by the most recent ALGORITHMS response
- * this field shall be in hash byte order
- * hash algorithm is included in the DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN
- * structure as the member "SpdmBaseHashAlg"
+ * this field shall be in hash byte order
+ * hash algorithm is included in the DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN
+ * structure as the member "SpdmBaseHashAlg"
* RootHash: the digest of the Root Certificate.
- * size is determined by hash algorithm selected by the most recent SPDM ALGORITHMS response;
- * the hash algorithm is the DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmBaseHashAlgo
+ * size is determined by hash algorithm selected by the most recent SPDM ALGORITHMS response;
+ * the hash algorithm is the DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmBaseHashAlgo
* Certificates: Complete cert chain consisting of 1 or more ASN.1 DER-encoded X.509 v3 certs
- * this field shall be in Encoded ASN.1 byte order
+ * this field shall be in Encoded ASN.1 byte order
*/
public class SpdmCertificateChain {
@@ -38,6 +38,10 @@ public class SpdmCertificateChain {
// * Length of the certificate chain to include all fields in this structure.
// */
//private int length = 0;
+ /**
+ * Array List of certs found in the chain.
+ */
+ private final ArrayList