diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index fbb73305..6eb1c254 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -14,7 +14,6 @@ import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.EventLogMeasurements; import hirs.data.persist.ReferenceDigestRecord; import hirs.data.persist.ReferenceDigestValue; -import hirs.data.persist.ReferenceManifest; import hirs.data.persist.SupplyChainPolicy; import hirs.data.persist.SupplyChainValidationSummary; import hirs.data.persist.SupportReferenceManifest; @@ -776,7 +775,7 @@ public abstract class AbstractAttestationCertificateAuthority dv.getHw().getManufacturer(), dv.getHw().getProductName()); BaseReferenceManifest dbBaseRim = null; - ReferenceManifest support; + SupportReferenceManifest support; EventLogMeasurements measurements; String tagId = ""; String fileName = ""; @@ -788,9 +787,8 @@ public abstract class AbstractAttestationCertificateAuthority for (ByteString logFile : dv.getLogfileList()) { try { support = SupportReferenceManifest.select(referenceManifestManager) - .includeArchived() - .byHashCode(Base64.getEncoder().encodeToString(messageDigest.digest( - logFile.toByteArray()))) + .byHexDecHash(Hex.encodeHexString(messageDigest.digest( + logFile.toByteArray()))).includeArchived() .getRIM(); if (support == null) { support = new SupportReferenceManifest( @@ -803,8 +801,8 @@ public abstract class AbstractAttestationCertificateAuthority support.setPlatformManufacturer(dv.getHw().getManufacturer()); support.setPlatformModel(dv.getHw().getProductName()); support.setFileName(String.format("%s_[%s].rimel", defaultClientName, - support.getRimHash().substring( - support.getRimHash().length() - NUM_OF_VARIABLES))); + support.getHexDecHash().substring( + support.getHexDecHash().length() - NUM_OF_VARIABLES))); support.setDeviceName(dv.getNw().getHostname()); this.referenceManifestManager.save(support); } else { @@ -830,9 +828,10 @@ public abstract class AbstractAttestationCertificateAuthority for (ByteString swidFile : dv.getSwidfileList()) { try { dbBaseRim = BaseReferenceManifest.select(referenceManifestManager) + .byBase64Hash(Base64.getEncoder() + .encodeToString(messageDigest + .digest(swidFile.toByteArray()))) .includeArchived() - .byHashCode(Base64.getEncoder().encodeToString(messageDigest.digest( - swidFile.toByteArray()))) .getRIM(); if (dbBaseRim == null) { dbBaseRim = new BaseReferenceManifest( @@ -864,9 +863,8 @@ public abstract class AbstractAttestationCertificateAuthority //update Support RIMs and Base RIMs. for (ByteString swidFile : dv.getSwidfileList()) { dbBaseRim = BaseReferenceManifest.select(referenceManifestManager) - .includeArchived() - .byHashCode(Base64.getEncoder().encodeToString(messageDigest.digest( - swidFile.toByteArray()))) + .byBase64Hash(Base64.getEncoder().encodeToString(messageDigest.digest( + swidFile.toByteArray()))).includeArchived() .getRIM(); // get file name to use @@ -883,7 +881,7 @@ public abstract class AbstractAttestationCertificateAuthority // now update support rim SupportReferenceManifest dbSupport = SupportReferenceManifest .select(referenceManifestManager) - .byRimHash(swid.getHashValue()).getRIM(); + .byHexDecHash(swid.getHashValue()).getRIM(); if (dbSupport != null) { dbSupport.setFileName(swid.getName()); dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index a30ded72..64001df0 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -412,8 +412,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe for (SwidResource swidRes : resources) { supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager) - .byRimHash(swidRes.getHashValue()).getRIM(); - if (supportReferenceManifest !=null + .byHexDecHash(swidRes.getHashValue()).getRIM(); + if (supportReferenceManifest != null && swidRes.getName().equals(supportReferenceManifest.getFileName())) { referenceManifestValidator.validateSupportRimHash( supportReferenceManifest.getRimBytes(), swidRes.getHashValue()); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index 76bcc5d8..41a842fe 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -252,8 +252,11 @@ public class ReferenceManifestDetailsPageController boolean hashLinked = false; if (baseRim.getRimLinkHash() != null) { ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager) - .byHashCode(baseRim.getRimLinkHash()).getRIM(); + .byBase64Hash(baseRim.getRimLinkHash()).getRIM(); hashLinked = (rim != null); + if (hashLinked) { + data.put("rimLinkId", rim.getId()); + } } data.put("linkHashValid", hashLinked); data.put("rimType", baseRim.getRimType()); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 243d1d8b..f73d4c16 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -1,40 +1,26 @@ package hirs.attestationca.portal.page.controllers; +import hirs.FilteredRecordsList; import hirs.attestationca.portal.datatables.DataTableInput; import hirs.attestationca.portal.datatables.DataTableResponse; +import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter; import hirs.attestationca.portal.page.Page; import hirs.attestationca.portal.page.PageController; - -import hirs.FilteredRecordsList; -import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter; import hirs.attestationca.portal.page.PageMessages; import hirs.attestationca.portal.page.params.NoPageParams; import hirs.data.persist.BaseReferenceManifest; -import hirs.data.persist.SupportReferenceManifest; -import hirs.persist.DBManagerException; -import hirs.persist.ReferenceManifestManager; -import hirs.persist.CriteriaModifier; import hirs.data.persist.ReferenceManifest; +import hirs.data.persist.SupportReferenceManifest; import hirs.data.persist.SwidResource; import hirs.data.persist.certificate.Certificate; -import java.io.IOException; -import java.net.URISyntaxException; - -import java.text.DateFormat; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; -import java.util.UUID; -import java.util.regex.Matcher; -import java.util.regex.Pattern; -import javax.servlet.http.HttpServletResponse; - +import hirs.persist.CriteriaModifier; +import hirs.persist.DBManagerException; +import hirs.persist.ReferenceManifestManager; +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.codec.binary.Hex; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; - import org.hibernate.Criteria; import org.hibernate.criterion.Restrictions; import org.springframework.beans.factory.annotation.Autowired; @@ -50,6 +36,21 @@ import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.support.RedirectAttributes; import org.springframework.web.servlet.view.RedirectView; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.net.URISyntaxException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; +import java.util.UUID; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + /** * Controller for the Reference Manifest page. */ @@ -437,19 +438,34 @@ public class ReferenceManifestPageController ReferenceManifest existingManifest; + MessageDigest digest = null; + String rimHash = ""; + try { + digest = MessageDigest.getInstance("SHA-256"); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } + // look for existing manifest in the database try { if (supportRim) { + if (digest != null) { + rimHash = Hex.encodeHexString( + digest.digest(referenceManifest.getRimBytes())); + } existingManifest = SupportReferenceManifest .select(referenceManifestManager) + .byHexDecHash(rimHash) .includeArchived() - .byHashCode(referenceManifest.getRimHash()) .getRIM(); } else { + if (digest != null) { + rimHash = Base64.encodeBase64String( + digest.digest(referenceManifest.getRimBytes())); + } existingManifest = BaseReferenceManifest - .select(referenceManifestManager) + .select(referenceManifestManager).byBase64Hash(rimHash) .includeArchived() - .byHashCode(referenceManifest.getRimHash()) .getRIM(); } } catch (DBManagerException e) { diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp index a1db77c5..67baed5a 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp @@ -376,7 +376,14 @@
PC URI Local: ${initialData.pcUriLocal}
 -
Rim Link Hash: ${initialData.rimLinkHash} + + +
Rim Link Hash: ${initialData.rimLinkHash} + + +
Rim Link Hash: ${initialData.rimLinkHash} + + diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java index 34fc95db..0a260bdd 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.persist.DBReferenceManifestManager; import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestSelector; @@ -25,7 +26,10 @@ import javax.xml.validation.Schema; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; +import java.util.Base64; import java.util.List; import java.util.Map; @@ -35,9 +39,16 @@ import java.util.Map; @Entity public class BaseReferenceManifest extends ReferenceManifest { private static final Logger LOGGER = LogManager.getLogger(BaseReferenceManifest.class); + /** + * Holds the name of the 'base64Hash' field. + */ + public static final String BASE_64_HASH_FIELD = "base64Hash"; private static JAXBContext jaxbContext; + @Column + @JsonIgnore + private String base64Hash = ""; @Column private String swidName = null; @Column @@ -109,6 +120,16 @@ public class BaseReferenceManifest extends ReferenceManifest { setFieldValue("deviceName", deviceName); return this; } + + /** + * Specify the RIM hash associated with the base RIM. + * @param base64Hash the hash of the file associated with the rim + * @return this instance + */ + public Selector byBase64Hash(final String base64Hash) { + setFieldValue(BASE_64_HASH_FIELD, base64Hash); + return this; + } } /** @@ -137,6 +158,16 @@ public class BaseReferenceManifest extends ReferenceManifest { this.setFileName(""); SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(rimBytes)); + MessageDigest digest = null; + this.base64Hash = ""; + try { + digest = MessageDigest.getInstance("SHA-256"); + this.base64Hash = Base64.getEncoder().encodeToString( + digest.digest(rimBytes)); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } + // begin parsing valid swid tag if (si != null) { setTagId(si.getTagId()); @@ -746,6 +777,15 @@ public class BaseReferenceManifest extends ReferenceManifest { this.pcURILocal = pcURILocal; } + /** + * Getter for the Reference Integrity Manifest hash value. + * + * @return int representation of the hash value + */ + public String getBase64Hash() { + return base64Hash; + } + @Override public String toString() { return String.format("ReferenceManifest{swidName=%s," @@ -753,6 +793,6 @@ public class BaseReferenceManifest extends ReferenceManifest { + " platformModel=%s," + "tagId=%s, rimHash=%s}", swidName, this.getPlatformManufacturer(), - this.getPlatformModel(), getTagId(), this.getRimHash()); + this.getPlatformModel(), getTagId(), this.getBase64Hash()); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java index 4e78e0cf..2cbe8f3e 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java @@ -15,10 +15,7 @@ import javax.xml.XMLConstants; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlRootElement; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; import java.util.Arrays; -import java.util.Base64; import java.util.UUID; /** @@ -64,13 +61,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { private static final Logger LOGGER = LogManager.getLogger(ReferenceManifest.class); - /** - * Holds the name of the 'rimHash' field. - */ - public static final String RIM_HASH_FIELD = "rimHash"; - @Column(nullable = false) - @JsonIgnore - private final String rimHash; @Column(columnDefinition = "blob", nullable = false) @JsonIgnore private byte[] rimBytes; @@ -107,7 +97,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { protected ReferenceManifest() { super(); this.rimBytes = null; - this.rimHash = ""; this.rimType = null; this.platformManufacturer = null; this.platformManufacturerId = null; @@ -129,19 +118,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { "Cannot construct a RIM from an empty byte array"); this.rimBytes = rimBytes.clone(); - - MessageDigest digest = null; - try { - digest = MessageDigest.getInstance("SHA-256"); - } catch (NoSuchAlgorithmException noSaEx) { - LOGGER.error(noSaEx); - } - if (digest == null) { - this.rimHash = ""; - } else { - this.rimHash = Base64.getEncoder().encodeToString( - digest.digest(rimBytes)); - } } /** @@ -367,15 +343,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { return null; } - /** - * Getter for the Reference Integrity Manifest hash value. - * - * @return int representation of the hash value - */ - public String getRimHash() { - return rimHash; - } - @Override public int hashCode() { return Arrays.hashCode(this.rimBytes); @@ -393,8 +360,7 @@ public abstract class ReferenceManifest extends ArchivableEntity { return false; } ReferenceManifest that = (ReferenceManifest) object; - return rimHash == that.rimHash - && Arrays.equals(rimBytes, that.rimBytes) + return Arrays.equals(rimBytes, that.rimBytes) && rimType.equals(that.rimType) && tagId.equals(that.tagId) && platformManufacturer.equals(that.platformManufacturer) @@ -406,8 +372,7 @@ public abstract class ReferenceManifest extends ArchivableEntity { @Override public String toString() { return String.format("Filename->%s%nPlatform Manufacturer->%s%n" - + "Platform Model->%s%nRIM Type->%s%nRIM Hash->%s", this.getFileName(), - this.platformManufacturer, this.platformModel, this.getRimType(), - this.getRimHash()); + + "Platform Model->%s%nRIM Type->%s%nRIM", this.getFileName(), + this.platformManufacturer, this.platformModel, this.getRimType()); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java index 27616e49..f7b10238 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java @@ -5,12 +5,14 @@ import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestSelector; import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TpmPcrEvent; +import org.apache.commons.codec.binary.Hex; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import javax.persistence.Column; import javax.persistence.Entity; import java.io.IOException; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.ArrayList; @@ -23,7 +25,14 @@ import java.util.Collection; @Entity public class SupportReferenceManifest extends ReferenceManifest { private static final Logger LOGGER = LogManager.getLogger(SupportReferenceManifest.class); + /** + * Holds the name of the 'hexDecHash' field. + */ + public static final String HEX_DEC_HASH_FIELD = "hexDecHash"; + @Column + @JsonIgnore + private String hexDecHash = ""; @Column @JsonIgnore private int pcrHash = 0; @@ -82,11 +91,11 @@ public class SupportReferenceManifest extends ReferenceManifest { /** * Specify the RIM hash associated with the support RIM. - * @param rimHash the hash of the file associated with the rim + * @param hexDecHash the hash of the file associated with the rim * @return this instance */ - public Selector byRimHash(final String rimHash) { - setFieldValue(RIM_HASH_FIELD, rimHash); + public Selector byHexDecHash(final String hexDecHash) { + setFieldValue(HEX_DEC_HASH_FIELD, hexDecHash); return this; } } @@ -105,6 +114,15 @@ public class SupportReferenceManifest extends ReferenceManifest { this.setFileName(fileName); this.setRimType(SUPPORT_RIM); this.pcrHash = 0; + MessageDigest digest = null; + this.hexDecHash = ""; + try { + digest = MessageDigest.getInstance("SHA-256"); + this.hexDecHash = Hex.encodeHexString( + digest.digest(rimBytes)); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } } /** @@ -235,4 +253,13 @@ public class SupportReferenceManifest extends ReferenceManifest { public boolean isBaseSupport() { return !this.isSwidSupplemental() && !this.isSwidPatch(); } + + /** + * Getter for the Reference Integrity Manifest hash value. + * + * @return int representation of the hash value + */ + public String getHexDecHash() { + return hexDecHash; + } } diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java index 0ff4bcf9..67b1e274 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java @@ -97,17 +97,6 @@ public abstract class ReferenceManifestSelector { return this; } - /** - * Specify the hash code of the bytes that rim must match. - * - * @param rimHash the hash code of the bytes to query for - * @return this instance (for chaining further calls) - */ - public ReferenceManifestSelector byHashCode(final String rimHash) { - setFieldValue(hirs.data.persist.ReferenceManifest.RIM_HASH_FIELD, rimHash); - return this; - } - /** * Specify the file name of the object to grab. * @param fileName the name of the file associated with the rim