ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-20 21:43:18 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

fixed hash size for EFI_CERT_SHA256_GUID, other minor changes

Browse Source
This commit is contained in:
iadgovuser58 2024-05-09 15:38:10 -04:00
parent 90f7a3e94b
commit 10c1382c6c
4 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureData.java
View File

@ -10,7 +10,7 @@ import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
/** /**
* Class for processing the contents of a Secure Boot DB or DBX contents. * Class for processing the contents of a Secure Boot PK, KEK, DB or DBX contents.
* used for EFIVariables associated with Secure Boot * used for EFIVariables associated with Secure Boot
* as defined by Section 32.4.1 Signature Database from the UEFI 2.8 specification * as defined by Section 32.4.1 Signature Database from the UEFI 2.8 specification
* <p> * <p>
@ -52,10 +52,14 @@ public class UefiSignatureData {
*/ */
@Getter @Getter
private boolean valid = false; private boolean valid = false;
// /**
// * UEFI Certificate SHA1 hash.
// */
// private byte[] binaryHash = new byte[UefiConstants.SIZE_40];
/** /**
* UEFI Certificate SHA1 hash. * UEFI Certificate SHA256 hash.
*/ */
private byte[] binaryHash = new byte[UefiConstants.SIZE_40]; private byte[] binaryHash = new byte[UefiConstants.SIZE_32];
/** /**
* UEFI Signature data status. * UEFI Signature data status.
*/ */

9
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java
View File

@ -214,18 +214,19 @@ public class UefiSignatureList {
StringBuilder sigInfo = new StringBuilder(); StringBuilder sigInfo = new StringBuilder();
if (!signatureTypeValid) { if (!signatureTypeValid) {
sigInfo.append(" *** Unknown UEFI Signature Type encountered: " + signatureType.toString() + "\n"); sigInfo.append(" *** Unknown UEFI Signature Type encountered:\n" +
" " + signatureType.toString() + "\n");
} }
else { else {
sigInfo.append(" UEFI Signature List Type = " + signatureType.toString() + "\n"); sigInfo.append(" UEFI Signature List Type = " + signatureType.toString() + "\n");
sigInfo.append(" Number if items (certs, hashes, etc) = " + numberOfCerts + "\n"); sigInfo.append(" Number of items (certs, hashes, etc) = " + numberOfCerts + "\n");
for (int i = 0; i < sigList.size(); i++) { for (int i = 0; i < sigList.size(); i++) {
UefiSignatureData certData = sigList.get(i); UefiSignatureData certData = sigList.get(i);
sigInfo.append(certData.toString()); sigInfo.append(certData.toString());
} }
if (!dataValid) { if (!dataValid) {
sigInfo.append(" *** Invalid UEFI Signature data encountered: " + dataStatus + "\n"); sigInfo.append(" *** Invalid UEFI Signature data encountered: " + dataStatus + "\n");
} }
} }
return sigInfo.toString(); return sigInfo.toString();

4
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
View File

@ -163,8 +163,8 @@ public class UefiVariable {
*/ */
public String toString() { public String toString() {
StringBuilder efiVariable = new StringBuilder(); StringBuilder efiVariable = new StringBuilder();
efiVariable.append("UEFI Variable Name:" + efiVarName + "\n"); efiVariable.append("UEFI Variable Name: " + efiVarName + "\n");
efiVariable.append("UEFI Variable GUID = " + uefiVarGuid.toString() + "\n"); efiVariable.append("UEFI Variable GUID: " + uefiVarGuid.toString() + "\n");
if (efiVarName != "") { if (efiVarName != "") {
efiVariable.append("UEFI Variable Contents => " + "\n"); efiVariable.append("UEFI Variable Contents => " + "\n");
} }

14
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiX509Cert.java
View File

@ -80,14 +80,14 @@ public class UefiX509Cert {
public String toString() { public String toString() {
X509Certificate x509Cert = (X509Certificate) cert; X509Certificate x509Cert = (X509Certificate) cert;
String certData = ""; String certData = "";
certData += " Certificate Serial Number = " certData += " Certificate Serial Number = "
+ x509Cert.getSerialNumber().toString(UefiConstants.SIZE_16) + "\n"; + x509Cert.getSerialNumber().toString(UefiConstants.SIZE_16) + "\n";
certData += " Subject DN = " + x509Cert.getSubjectX500Principal().getName() + "\n"; certData += " Subject DN = " + x509Cert.getSubjectX500Principal().getName() + "\n";
certData += " Issuer DN = " + x509Cert.getIssuerX500Principal().getName() + "\n"; certData += " Issuer DN = " + x509Cert.getIssuerX500Principal().getName() + "\n";
certData += " Not Before Date = " + x509Cert.getNotBefore() + "\n"; certData += " Not Before Date = " + x509Cert.getNotBefore() + "\n";
certData += " Not After Date = " + x509Cert.getNotAfter() + "\n"; certData += " Not After Date = " + x509Cert.getNotAfter() + "\n";
certData += " Signature Algorithm = " + x509Cert.getSigAlgName() + "\n"; certData += " Signature Algorithm = " + x509Cert.getSigAlgName() + "\n";
certData += " SHA1 Fingerprint = " + getSHA1FingerPrint() + "\n"; certData += " SHA1 Fingerprint = " + getSHA1FingerPrint() + "\n";
return certData; return certData;
} }
} }