fixed hash size for EFI_CERT_SHA256_GUID, other minor changes

2024-12-18 20:47:58 +00:00 · 2024-05-09 15:38:10 -04:00 · 2024-05-09 15:38:10 -04:00 · 10c1382c6c
commit 10c1382c6c
parent 90f7a3e94b
4 changed files with 21 additions and 16 deletions
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureData.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureData.java
@ -10,7 +10,7 @@ import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;

 /**
- * Class for processing the contents of a Secure Boot DB or DBX contents.
+ * Class for processing the contents of a Secure Boot PK, KEK, DB or DBX contents.
 * used for EFIVariables associated with Secure Boot
 * as defined by Section 32.4.1 Signature Database from the UEFI 2.8 specification
 * <p>
@ -52,10 +52,14 @@ public class UefiSignatureData {
     */
    @Getter
    private boolean valid = false;
+//    /**
+//     * UEFI Certificate SHA1 hash.
+//     */
+//    private byte[] binaryHash = new byte[UefiConstants.SIZE_40];
    /**
-     * UEFI Certificate SHA1 hash.
+     * UEFI Certificate SHA256 hash.
     */
-    private byte[] binaryHash = new byte[UefiConstants.SIZE_40];
+    private byte[] binaryHash = new byte[UefiConstants.SIZE_32];
    /**
     * UEFI Signature data status.
     */
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java
@ -214,18 +214,19 @@ public class UefiSignatureList {
        StringBuilder sigInfo = new StringBuilder();

        if (!signatureTypeValid) {
-            sigInfo.append("  *** Unknown UEFI Signature Type encountered: " + signatureType.toString() + "\n");
+            sigInfo.append("   *** Unknown UEFI Signature Type encountered:\n" +
+                    "       " + signatureType.toString() + "\n");
        }
        else {
-            sigInfo.append("  UEFI Signature List Type = " + signatureType.toString() + "\n");
-            sigInfo.append("  Number if items (certs, hashes, etc) = " + numberOfCerts + "\n");
+            sigInfo.append("   UEFI Signature List Type = " + signatureType.toString() + "\n");
+            sigInfo.append("   Number of items (certs, hashes, etc) = " + numberOfCerts + "\n");

            for (int i = 0; i < sigList.size(); i++) {
                UefiSignatureData certData = sigList.get(i);
                sigInfo.append(certData.toString());
            }
            if (!dataValid) {
-                sigInfo.append("  *** Invalid UEFI Signature data encountered: " + dataStatus + "\n");
+                sigInfo.append("   *** Invalid UEFI Signature data encountered: " + dataStatus + "\n");
            }
        }
        return sigInfo.toString();
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
@ -163,8 +163,8 @@ public class UefiVariable {
     */
    public String toString() {
        StringBuilder efiVariable = new StringBuilder();
-        efiVariable.append("UEFI Variable Name:" + efiVarName + "\n");
-        efiVariable.append("UEFI Variable GUID = " + uefiVarGuid.toString() + "\n");
+        efiVariable.append("UEFI Variable Name: " + efiVarName + "\n");
+        efiVariable.append("UEFI Variable GUID: " + uefiVarGuid.toString() + "\n");
        if (efiVarName != "") {
            efiVariable.append("UEFI Variable Contents => " + "\n");
        }
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiX509Cert.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiX509Cert.java
@ -80,14 +80,14 @@ public class UefiX509Cert {
    public String toString() {
        X509Certificate x509Cert = (X509Certificate) cert;
        String certData = "";
-        certData += "    Certificate Serial Number = "
+        certData += "      Certificate Serial Number = "
                + x509Cert.getSerialNumber().toString(UefiConstants.SIZE_16) + "\n";
-        certData += "    Subject DN = " + x509Cert.getSubjectX500Principal().getName() + "\n";
-        certData += "    Issuer DN = " + x509Cert.getIssuerX500Principal().getName() + "\n";
-        certData += "    Not Before Date = " + x509Cert.getNotBefore() + "\n";
-        certData += "    Not After Date = " + x509Cert.getNotAfter() + "\n";
-        certData += "    Signature Algorithm = " + x509Cert.getSigAlgName() + "\n";
-        certData += "    SHA1 Fingerprint =  " + getSHA1FingerPrint() + "\n";
+        certData += "      Subject DN = " + x509Cert.getSubjectX500Principal().getName() + "\n";
+        certData += "      Issuer DN = " + x509Cert.getIssuerX500Principal().getName() + "\n";
+        certData += "      Not Before Date = " + x509Cert.getNotBefore() + "\n";
+        certData += "      Not After Date = " + x509Cert.getNotAfter() + "\n";
+        certData += "      Signature Algorithm = " + x509Cert.getSigAlgName() + "\n";
+        certData += "      SHA1 Fingerprint =  " + getSHA1FingerPrint() + "\n";
        return certData;
    }
 }