From 0e8e88b5361c6d874238ef07d2eeb0328e5cd83c Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Thu, 27 May 2021 13:46:43 -0400 Subject: [PATCH] This commit has updated changes that save both a base64 and a hex dec value of the RIM file hash to the database. Depending on what is needed, they are used to pull either the base or support RIM. Also fixed the link for the rimlinkhash on the details page. --- ...stractAttestationCertificateAuthority.java | 24 ++++--- .../SupplyChainValidationServiceImpl.java | 4 +- ...eferenceManifestDetailsPageController.java | 5 +- .../ReferenceManifestPageController.java | 66 ++++++++++++------- .../main/webapp/WEB-INF/jsp/rim-details.jsp | 9 ++- .../data/persist/BaseReferenceManifest.java | 42 +++++++++++- .../hirs/data/persist/ReferenceManifest.java | 41 +----------- .../persist/SupportReferenceManifest.java | 33 +++++++++- .../persist/ReferenceManifestSelector.java | 11 ---- 9 files changed, 140 insertions(+), 95 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index fbb73305..6eb1c254 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -14,7 +14,6 @@ import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.EventLogMeasurements; import hirs.data.persist.ReferenceDigestRecord; import hirs.data.persist.ReferenceDigestValue; -import hirs.data.persist.ReferenceManifest; import hirs.data.persist.SupplyChainPolicy; import hirs.data.persist.SupplyChainValidationSummary; import hirs.data.persist.SupportReferenceManifest; @@ -776,7 +775,7 @@ public abstract class AbstractAttestationCertificateAuthority dv.getHw().getManufacturer(), dv.getHw().getProductName()); BaseReferenceManifest dbBaseRim = null; - ReferenceManifest support; + SupportReferenceManifest support; EventLogMeasurements measurements; String tagId = ""; String fileName = ""; @@ -788,9 +787,8 @@ public abstract class AbstractAttestationCertificateAuthority for (ByteString logFile : dv.getLogfileList()) { try { support = SupportReferenceManifest.select(referenceManifestManager) - .includeArchived() - .byHashCode(Base64.getEncoder().encodeToString(messageDigest.digest( - logFile.toByteArray()))) + .byHexDecHash(Hex.encodeHexString(messageDigest.digest( + logFile.toByteArray()))).includeArchived() .getRIM(); if (support == null) { support = new SupportReferenceManifest( @@ -803,8 +801,8 @@ public abstract class AbstractAttestationCertificateAuthority support.setPlatformManufacturer(dv.getHw().getManufacturer()); support.setPlatformModel(dv.getHw().getProductName()); support.setFileName(String.format("%s_[%s].rimel", defaultClientName, - support.getRimHash().substring( - support.getRimHash().length() - NUM_OF_VARIABLES))); + support.getHexDecHash().substring( + support.getHexDecHash().length() - NUM_OF_VARIABLES))); support.setDeviceName(dv.getNw().getHostname()); this.referenceManifestManager.save(support); } else { @@ -830,9 +828,10 @@ public abstract class AbstractAttestationCertificateAuthority for (ByteString swidFile : dv.getSwidfileList()) { try { dbBaseRim = BaseReferenceManifest.select(referenceManifestManager) + .byBase64Hash(Base64.getEncoder() + .encodeToString(messageDigest + .digest(swidFile.toByteArray()))) .includeArchived() - .byHashCode(Base64.getEncoder().encodeToString(messageDigest.digest( - swidFile.toByteArray()))) .getRIM(); if (dbBaseRim == null) { dbBaseRim = new BaseReferenceManifest( @@ -864,9 +863,8 @@ public abstract class AbstractAttestationCertificateAuthority //update Support RIMs and Base RIMs. for (ByteString swidFile : dv.getSwidfileList()) { dbBaseRim = BaseReferenceManifest.select(referenceManifestManager) - .includeArchived() - .byHashCode(Base64.getEncoder().encodeToString(messageDigest.digest( - swidFile.toByteArray()))) + .byBase64Hash(Base64.getEncoder().encodeToString(messageDigest.digest( + swidFile.toByteArray()))).includeArchived() .getRIM(); // get file name to use @@ -883,7 +881,7 @@ public abstract class AbstractAttestationCertificateAuthority // now update support rim SupportReferenceManifest dbSupport = SupportReferenceManifest .select(referenceManifestManager) - .byRimHash(swid.getHashValue()).getRIM(); + .byHexDecHash(swid.getHashValue()).getRIM(); if (dbSupport != null) { dbSupport.setFileName(swid.getName()); dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index a30ded72..64001df0 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -412,8 +412,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe for (SwidResource swidRes : resources) { supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager) - .byRimHash(swidRes.getHashValue()).getRIM(); - if (supportReferenceManifest !=null + .byHexDecHash(swidRes.getHashValue()).getRIM(); + if (supportReferenceManifest != null && swidRes.getName().equals(supportReferenceManifest.getFileName())) { referenceManifestValidator.validateSupportRimHash( supportReferenceManifest.getRimBytes(), swidRes.getHashValue()); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index 76bcc5d8..41a842fe 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -252,8 +252,11 @@ public class ReferenceManifestDetailsPageController boolean hashLinked = false; if (baseRim.getRimLinkHash() != null) { ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager) - .byHashCode(baseRim.getRimLinkHash()).getRIM(); + .byBase64Hash(baseRim.getRimLinkHash()).getRIM(); hashLinked = (rim != null); + if (hashLinked) { + data.put("rimLinkId", rim.getId()); + } } data.put("linkHashValid", hashLinked); data.put("rimType", baseRim.getRimType()); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 243d1d8b..f73d4c16 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -1,40 +1,26 @@ package hirs.attestationca.portal.page.controllers; +import hirs.FilteredRecordsList; import hirs.attestationca.portal.datatables.DataTableInput; import hirs.attestationca.portal.datatables.DataTableResponse; +import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter; import hirs.attestationca.portal.page.Page; import hirs.attestationca.portal.page.PageController; - -import hirs.FilteredRecordsList; -import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter; import hirs.attestationca.portal.page.PageMessages; import hirs.attestationca.portal.page.params.NoPageParams; import hirs.data.persist.BaseReferenceManifest; -import hirs.data.persist.SupportReferenceManifest; -import hirs.persist.DBManagerException; -import hirs.persist.ReferenceManifestManager; -import hirs.persist.CriteriaModifier; import hirs.data.persist.ReferenceManifest; +import hirs.data.persist.SupportReferenceManifest; import hirs.data.persist.SwidResource; import hirs.data.persist.certificate.Certificate; -import java.io.IOException; -import java.net.URISyntaxException; - -import java.text.DateFormat; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; -import java.util.UUID; -import java.util.regex.Matcher; -import java.util.regex.Pattern; -import javax.servlet.http.HttpServletResponse; - +import hirs.persist.CriteriaModifier; +import hirs.persist.DBManagerException; +import hirs.persist.ReferenceManifestManager; +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.codec.binary.Hex; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; - import org.hibernate.Criteria; import org.hibernate.criterion.Restrictions; import org.springframework.beans.factory.annotation.Autowired; @@ -50,6 +36,21 @@ import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.support.RedirectAttributes; import org.springframework.web.servlet.view.RedirectView; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.net.URISyntaxException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; +import java.util.UUID; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + /** * Controller for the Reference Manifest page. */ @@ -437,19 +438,34 @@ public class ReferenceManifestPageController ReferenceManifest existingManifest; + MessageDigest digest = null; + String rimHash = ""; + try { + digest = MessageDigest.getInstance("SHA-256"); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } + // look for existing manifest in the database try { if (supportRim) { + if (digest != null) { + rimHash = Hex.encodeHexString( + digest.digest(referenceManifest.getRimBytes())); + } existingManifest = SupportReferenceManifest .select(referenceManifestManager) + .byHexDecHash(rimHash) .includeArchived() - .byHashCode(referenceManifest.getRimHash()) .getRIM(); } else { + if (digest != null) { + rimHash = Base64.encodeBase64String( + digest.digest(referenceManifest.getRimBytes())); + } existingManifest = BaseReferenceManifest - .select(referenceManifestManager) + .select(referenceManifestManager).byBase64Hash(rimHash) .includeArchived() - .byHashCode(referenceManifest.getRimHash()) .getRIM(); } } catch (DBManagerException e) { diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp index a1db77c5..67baed5a 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp @@ -376,7 +376,14 @@
PC URI Local: ${initialData.pcUriLocal}
 -
Rim Link Hash: ${initialData.rimLinkHash} + + +
Rim Link Hash: ${initialData.rimLinkHash} + + +
Rim Link Hash: ${initialData.rimLinkHash} + + diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java index 34fc95db..0a260bdd 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.persist.DBReferenceManifestManager; import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestSelector; @@ -25,7 +26,10 @@ import javax.xml.validation.Schema; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; +import java.util.Base64; import java.util.List; import java.util.Map; @@ -35,9 +39,16 @@ import java.util.Map; @Entity public class BaseReferenceManifest extends ReferenceManifest { private static final Logger LOGGER = LogManager.getLogger(BaseReferenceManifest.class); + /** + * Holds the name of the 'base64Hash' field. + */ + public static final String BASE_64_HASH_FIELD = "base64Hash"; private static JAXBContext jaxbContext; + @Column + @JsonIgnore + private String base64Hash = ""; @Column private String swidName = null; @Column @@ -109,6 +120,16 @@ public class BaseReferenceManifest extends ReferenceManifest { setFieldValue("deviceName", deviceName); return this; } + + /** + * Specify the RIM hash associated with the base RIM. + * @param base64Hash the hash of the file associated with the rim + * @return this instance + */ + public Selector byBase64Hash(final String base64Hash) { + setFieldValue(BASE_64_HASH_FIELD, base64Hash); + return this; + } } /** @@ -137,6 +158,16 @@ public class BaseReferenceManifest extends ReferenceManifest { this.setFileName(""); SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(rimBytes)); + MessageDigest digest = null; + this.base64Hash = ""; + try { + digest = MessageDigest.getInstance("SHA-256"); + this.base64Hash = Base64.getEncoder().encodeToString( + digest.digest(rimBytes)); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } + // begin parsing valid swid tag if (si != null) { setTagId(si.getTagId()); @@ -746,6 +777,15 @@ public class BaseReferenceManifest extends ReferenceManifest { this.pcURILocal = pcURILocal; } + /** + * Getter for the Reference Integrity Manifest hash value. + * + * @return int representation of the hash value + */ + public String getBase64Hash() { + return base64Hash; + } + @Override public String toString() { return String.format("ReferenceManifest{swidName=%s," @@ -753,6 +793,6 @@ public class BaseReferenceManifest extends ReferenceManifest { + " platformModel=%s," + "tagId=%s, rimHash=%s}", swidName, this.getPlatformManufacturer(), - this.getPlatformModel(), getTagId(), this.getRimHash()); + this.getPlatformModel(), getTagId(), this.getBase64Hash()); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java index 4e78e0cf..2cbe8f3e 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java @@ -15,10 +15,7 @@ import javax.xml.XMLConstants; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlRootElement; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; import java.util.Arrays; -import java.util.Base64; import java.util.UUID; /** @@ -64,13 +61,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { private static final Logger LOGGER = LogManager.getLogger(ReferenceManifest.class); - /** - * Holds the name of the 'rimHash' field. - */ - public static final String RIM_HASH_FIELD = "rimHash"; - @Column(nullable = false) - @JsonIgnore - private final String rimHash; @Column(columnDefinition = "blob", nullable = false) @JsonIgnore private byte[] rimBytes; @@ -107,7 +97,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { protected ReferenceManifest() { super(); this.rimBytes = null; - this.rimHash = ""; this.rimType = null; this.platformManufacturer = null; this.platformManufacturerId = null; @@ -129,19 +118,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { "Cannot construct a RIM from an empty byte array"); this.rimBytes = rimBytes.clone(); - - MessageDigest digest = null; - try { - digest = MessageDigest.getInstance("SHA-256"); - } catch (NoSuchAlgorithmException noSaEx) { - LOGGER.error(noSaEx); - } - if (digest == null) { - this.rimHash = ""; - } else { - this.rimHash = Base64.getEncoder().encodeToString( - digest.digest(rimBytes)); - } } /** @@ -367,15 +343,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { return null; } - /** - * Getter for the Reference Integrity Manifest hash value. - * - * @return int representation of the hash value - */ - public String getRimHash() { - return rimHash; - } - @Override public int hashCode() { return Arrays.hashCode(this.rimBytes); @@ -393,8 +360,7 @@ public abstract class ReferenceManifest extends ArchivableEntity { return false; } ReferenceManifest that = (ReferenceManifest) object; - return rimHash == that.rimHash - && Arrays.equals(rimBytes, that.rimBytes) + return Arrays.equals(rimBytes, that.rimBytes) && rimType.equals(that.rimType) && tagId.equals(that.tagId) && platformManufacturer.equals(that.platformManufacturer) @@ -406,8 +372,7 @@ public abstract class ReferenceManifest extends ArchivableEntity { @Override public String toString() { return String.format("Filename->%s%nPlatform Manufacturer->%s%n" - + "Platform Model->%s%nRIM Type->%s%nRIM Hash->%s", this.getFileName(), - this.platformManufacturer, this.platformModel, this.getRimType(), - this.getRimHash()); + + "Platform Model->%s%nRIM Type->%s%nRIM", this.getFileName(), + this.platformManufacturer, this.platformModel, this.getRimType()); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java index 27616e49..f7b10238 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java @@ -5,12 +5,14 @@ import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestSelector; import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TpmPcrEvent; +import org.apache.commons.codec.binary.Hex; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import javax.persistence.Column; import javax.persistence.Entity; import java.io.IOException; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.ArrayList; @@ -23,7 +25,14 @@ import java.util.Collection; @Entity public class SupportReferenceManifest extends ReferenceManifest { private static final Logger LOGGER = LogManager.getLogger(SupportReferenceManifest.class); + /** + * Holds the name of the 'hexDecHash' field. + */ + public static final String HEX_DEC_HASH_FIELD = "hexDecHash"; + @Column + @JsonIgnore + private String hexDecHash = ""; @Column @JsonIgnore private int pcrHash = 0; @@ -82,11 +91,11 @@ public class SupportReferenceManifest extends ReferenceManifest { /** * Specify the RIM hash associated with the support RIM. - * @param rimHash the hash of the file associated with the rim + * @param hexDecHash the hash of the file associated with the rim * @return this instance */ - public Selector byRimHash(final String rimHash) { - setFieldValue(RIM_HASH_FIELD, rimHash); + public Selector byHexDecHash(final String hexDecHash) { + setFieldValue(HEX_DEC_HASH_FIELD, hexDecHash); return this; } } @@ -105,6 +114,15 @@ public class SupportReferenceManifest extends ReferenceManifest { this.setFileName(fileName); this.setRimType(SUPPORT_RIM); this.pcrHash = 0; + MessageDigest digest = null; + this.hexDecHash = ""; + try { + digest = MessageDigest.getInstance("SHA-256"); + this.hexDecHash = Hex.encodeHexString( + digest.digest(rimBytes)); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } } /** @@ -235,4 +253,13 @@ public class SupportReferenceManifest extends ReferenceManifest { public boolean isBaseSupport() { return !this.isSwidSupplemental() && !this.isSwidPatch(); } + + /** + * Getter for the Reference Integrity Manifest hash value. + * + * @return int representation of the hash value + */ + public String getHexDecHash() { + return hexDecHash; + } } diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java index 0ff4bcf9..67b1e274 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java @@ -97,17 +97,6 @@ public abstract class ReferenceManifestSelector { return this; } - /** - * Specify the hash code of the bytes that rim must match. - * - * @param rimHash the hash code of the bytes to query for - * @return this instance (for chaining further calls) - */ - public ReferenceManifestSelector byHashCode(final String rimHash) { - setFieldValue(hirs.data.persist.ReferenceManifest.RIM_HASH_FIELD, rimHash); - return this; - } - /** * Specify the file name of the object to grab. * @param fileName the name of the file associated with the rim