ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #323 from nsacyber/multiple-rim-upload

Browse Source 
Multiple RIM upload
This commit is contained in:
Cyrus 2020-12-03 07:57:15 -05:00 committed by GitHub
commit 0ce8d41f23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 96 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -747,80 +747,85 @@ public abstract class AbstractAttestationCertificateAuthority
Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)");
Matcher matcher;
if (dv.hasSwidfile()) {
try {
dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
.includeArchived()
.byHashCode(Arrays.hashCode(dv.getSwidfile().toByteArray()))
.getRIM();
if (dv.getSwidfileCount() > 0) {
for (ByteString swidFile : dv.getSwidfileList()) {
try {
dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
.includeArchived()
.byHashCode(Arrays.hashCode(swidFile.toByteArray()))
.getRIM();
if (dbBaseRim == null) {
dbBaseRim = new BaseReferenceManifest(
String.format("%s.swidtag",
clientName),
dv.getSwidfile().toByteArray());
if (dbBaseRim == null) {
dbBaseRim = new BaseReferenceManifest(
String.format("%s.swidtag",
clientName),
swidFile.toByteArray());
BaseReferenceManifest base = (BaseReferenceManifest) dbBaseRim;
for (SwidResource swid : base.parseResource()) {
matcher = pattern.matcher(swid.getName());
if (matcher.matches()) {
//found the file name
int dotIndex = swid.getName().lastIndexOf(".");
clientName = swid.getName().substring(0, dotIndex);
dbBaseRim = new BaseReferenceManifest(
String.format("%s.swidtag",
clientName),
dv.getSwidfile().toByteArray());
break;
BaseReferenceManifest base = (BaseReferenceManifest) dbBaseRim;
for (SwidResource swid : base.parseResource()) {
matcher = pattern.matcher(swid.getName());
if (matcher.matches()) {
//found the file name
int dotIndex = swid.getName().lastIndexOf(".");
clientName = swid.getName().substring(0, dotIndex);
dbBaseRim = new BaseReferenceManifest(
String.format("%s.swidtag",
clientName),
swidFile.toByteArray());
break;
}
}
this.referenceManifestManager.save(dbBaseRim);
} else {
LOG.info("Client provided Base RIM already loaded in database.");
dbBaseRim.restore();
dbBaseRim.resetCreateTime();
this.referenceManifestManager.update(dbBaseRim);
}
this.referenceManifestManager.save(dbBaseRim);
} else {
LOG.info("Client provided Base RIM already loaded in database.");
dbBaseRim.restore();
dbBaseRim.resetCreateTime();
}
tagId = dbBaseRim.getTagId();
} catch (IOException ioEx) {
LOG.error(ioEx);
tagId = dbBaseRim.getTagId();
} catch (IOException ioEx) {
LOG.error(ioEx);
}
}
} else {
LOG.warn("Device did not send swid tag file...");
}
if (dv.hasLogfile()) {
try {
support = SupportReferenceManifest.select(referenceManifestManager)
.includeArchived()
.byHashCode(Arrays.hashCode(dv.getLogfile().toByteArray()))
.getRIM();
if (dv.getLogfileCount() > 0) {
for (ByteString logFile : dv.getLogfileList()) {
try {
support = SupportReferenceManifest.select(referenceManifestManager)
.includeArchived()
.byHashCode(Arrays.hashCode(logFile.toByteArray()))
.getRIM();
if (support == null) {
support = new SupportReferenceManifest(
String.format("%s.rimel",
clientName),
dv.getLogfile().toByteArray());
support.setPlatformManufacturer(dv.getHw().getManufacturer());
support.setPlatformModel(dv.getHw().getProductName());
support.setTagId(tagId);
this.referenceManifestManager.save(support);
} else {
LOG.info("Client provided Support RIM already loaded in database.");
if (dbBaseRim != null) {
support.setPlatformManufacturer(dbBaseRim.getPlatformManufacturer());
support.setPlatformModel(dbBaseRim.getPlatformModel());
support.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
support.setAssociatedRim(dbBaseRim.getId());
support.setTagId(dbBaseRim.getTagId());
if (support == null) {
support = new SupportReferenceManifest(
String.format("%s.rimel",
clientName),
logFile.toByteArray());
support.setPlatformManufacturer(dv.getHw().getManufacturer());
support.setPlatformModel(dv.getHw().getProductName());
support.setTagId(tagId);
this.referenceManifestManager.save(support);
} else {
LOG.info("Client provided Support RIM already loaded in database.");
if (dbBaseRim != null) {
support.setPlatformManufacturer(dbBaseRim.getPlatformManufacturer());
support.setPlatformModel(dbBaseRim.getPlatformModel());
support.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
support.setAssociatedRim(dbBaseRim.getId());
support.setTagId(dbBaseRim.getTagId());
}
support.restore();
support.resetCreateTime();
this.referenceManifestManager.update(support);
}
support.restore();
support.resetCreateTime();
this.referenceManifestManager.update(support);
} catch (IOException ioEx) {
LOG.error(ioEx);
}
} catch (IOException ioEx) {
LOG.error(ioEx);
}
} else {
LOG.warn("Device did not send support RIM file...");

2
HIRS_ProvisionerTPM2/include/Utils.h
View File

@ -33,7 +33,7 @@ namespace file_utils {
std::string getFileAsOneLineOrEmptyString(const std::string& filename);
std::vector<std::string> searchDirectory(const std::string& directory);
std::vector<std::string> search_directory(const std::string& directory);
void writeBinaryFile(const std::string& bytes,
const std::string& filename);

14
HIRS_ProvisionerTPM2/package/rpm-post-install.sh
View File

@ -42,8 +42,8 @@ ln -s -f /etc/hirs/provisioner/hirs-provisioner.sh /usr/sbin/hirs-provisioner
TCG_BOOT_FILE="/etc/hirs/tcg_boot.properties"
TCG_DIRECTORY="/boot/tcg"
LOG_FILE_LOCATION="$TCG_DIRECTORY/manifest/rim/"
TAG_FILE_LOCATION="$TCG_DIRECTORY/manifest/swidtag/"
RIM_FILE_LOCATION="$TCG_DIRECTORY/manifest/rim/"
SWIDTAG_FILE_LOCATION="$TCG_DIRECTORY/manifest/swidtag/"
CREDENTIALS_LOCATION="$TCG_DIRECTORY/cert/platform/"
BINARY_BIOS_MEASUREMENTS="/sys/kernel/security/tpm0/binary_bios_measurements"
@ -51,14 +51,12 @@ if [ ! -f "$TCG_BOOT_FILE" ]; then
touch "$TCG_BOOT_FILE"
fi
if [ -d "$LOG_FILE_LOCATION" ]; then
RIM_FILE=$(find "$LOG_FILE_LOCATION" -name '*.rimel' -or -name '*.bin' -or -name '*.rimpcr' -or -name '*.log')
echo "tcg.rim.file=$RIM_FILE" > "$TCG_BOOT_FILE"
if [ -d "$RIM_FILE_LOCATION" ]; then
echo "tcg.rim.dir=$RIM_FILE_LOCATION" > "$TCG_BOOT_FILE"
fi
if [ -d "$TAG_FILE_LOCATION" ]; then
SWID_FILE=$(find "$TAG_FILE_LOCATION" -name '*.swidtag')
echo "tcg.swidtag.file=$SWID_FILE" >> "$TCG_BOOT_FILE"
if [ -d "$SWIDTAG_FILE_LOCATION" ]; then
echo "tcg.swidtag.dir=$SWIDTAG_FILE_LOCATION" >> "$TCG_BOOT_FILE"
fi
if [ -d "$CREDENTIALS_LOCATION" ]; then

4
HIRS_ProvisionerTPM2/src/ProvisionerTpm2.proto
View File

@ -58,8 +58,8 @@ message DeviceInfo {
required NetworkInfo nw = 3;
required OsInfo os = 4;
optional bytes pcrslist = 5;
optional bytes logfile = 6;
optional bytes swidfile = 7;
repeated bytes logfile = 6;
repeated bytes swidfile = 7;
optional bytes livelog = 8;
}

22
HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
View File

@ -70,7 +70,7 @@ int provision() {
const std::string& cert_dir = props.get("tcg.cert.dir", "");
try {
platformCredentials =
hirs::file_utils::searchDirectory(cert_dir);
hirs::file_utils::search_directory(cert_dir);
} catch (HirsRuntimeException& hirsRuntimeException) {
logger.error(hirsRuntimeException.what());
}
@ -83,17 +83,29 @@ int provision() {
hirs::pb::DeviceInfo dv = DeviceInfoCollector::collectDeviceInfo();
dv.set_pcrslist(tpm2.getPcrList());
// collect TCG Boot files
const std::string& rim_file = props.get("tcg.rim.file", "");
const std::string& swid_file = props.get("tcg.swidtag.file", "");
std::vector<string> rim_files;
std::vector<string> swidtag_files;
const std::string& rim_dir = props.get("tcg.rim.dir", "");
const std::string& swid_dir = props.get("tcg.swidtag.dir", "");
const std::string& live_log_file = props.get("tcg.event.file", "");
try {
dv.set_logfile(hirs::file_utils::fileToString(rim_file));
rim_files = hirs::file_utils::search_directory(rim_dir);
for (const auto& rims : rim_files) {
if (rims != "") {
dv.add_logfile(rims);
}
}
} catch (HirsRuntimeException& hirsRuntimeException) {
logger.error(hirsRuntimeException.what());
}
try {
dv.set_swidfile(hirs::file_utils::fileToString(swid_file));
swidtag_files = hirs::file_utils::search_directory(swid_dir);
for (const auto& swidtag : swidtag_files) {
if (swidtag != "") {
dv.add_swidfile(swidtag);
}
}
} catch (HirsRuntimeException& hirsRuntimeException) {
logger.error(hirsRuntimeException.what());
}

8
HIRS_ProvisionerTPM2/src/Utils.cpp
View File

@ -119,9 +119,9 @@ namespace file_utils {
return string_utils::trimNewLines(fileToString(filename, ""));
}
vector<string> searchDirectory(const string& directory) {
vector<string> search_directory(const string& directory) {
DIR *dr;
std::vector<string> platform_credentials;
std::vector<string> files;
dr = opendir(directory.c_str());
if (dr) {
@ -131,7 +131,7 @@ namespace file_utils {
ss << directory.c_str();
ss << en->d_name;
try {
platform_credentials.push_back(fileToString(ss.str()));
files.push_back(fileToString(ss.str()));
} catch (HirsRuntimeException& hirsRuntimeException) {
std::cout << hirsRuntimeException.what();
}
@ -140,7 +140,7 @@ namespace file_utils {
closedir(dr);
}
return platform_credentials;
return files;
}
/**