diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index dbb17cba..f8bd4151 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -66,6 +66,10 @@ import java.math.BigInteger; import java.net.InetAddress; import java.net.UnknownHostException; import java.nio.ByteBuffer; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.nio.file.Paths; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.KeyFactory; @@ -103,6 +107,11 @@ public abstract class AbstractAttestationCertificateAuthority */ private static final BigInteger EXPONENT = new BigInteger("010001", AttestationCertificateAuthority.DEFAULT_IV_SIZE); + private static final String CATALINA_HOME = System.getProperty("catalina.base"); + private static final String TOMCAT_UPLOAD_DIRECTORY + = "/webapps/HIRS_AttestationCA/upload/"; + private static final String PCR_UPLOAD_FOLDER + = CATALINA_HOME + TOMCAT_UPLOAD_DIRECTORY; /** * Number of bytes to include in the TPM2.0 nonce. @@ -508,7 +517,6 @@ public abstract class AbstractAttestationCertificateAuthority } if (request.getPcrslist() != null && !request.getPcrslist().isEmpty()) { this.pcrValues = request.getPcrslist().toStringUtf8(); - LOG.error(this.pcrValues); } // Get device name and device @@ -1469,7 +1477,7 @@ public abstract class AbstractAttestationCertificateAuthority IssuedAttestationCertificate attCert = new IssuedAttestationCertificate( derEncodedAttestationCertificate, endorsementCredential, platformCredentials); attCert.setDevice(device); - attCert.setPcrValues(pcrValues); + attCert.setPcrValues(savePcrValues(pcrValues, device.getName())); certificateManager.save(attCert); } catch (Exception e) { LOG.error("Error saving generated Attestation Certificate to database.", e); @@ -1478,4 +1486,27 @@ public abstract class AbstractAttestationCertificateAuthority + e.getMessage(), e); } } + + private String savePcrValues(final String pcrValues, final String deviceName) { + try { + if (Files.notExists(Paths.get(PCR_UPLOAD_FOLDER))) { + Files.createDirectory(Paths.get(PCR_UPLOAD_FOLDER)); + } + Path pcrPath = Paths.get(String.format("%s/%s", + PCR_UPLOAD_FOLDER, deviceName)); + if (Files.notExists(pcrPath)) { + Files.createFile(pcrPath); + } + Files.write(pcrPath, pcrValues.getBytes("UTF8")); + return pcrPath.toString(); + } catch (NoSuchFileException nsfEx) { + LOG.error(String.format("File Not found!: %s", + deviceName)); + LOG.error(nsfEx); + } catch (IOException ioEx) { + LOG.error(ioEx); + } + + return "empty"; + } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index 29a42844..b6ffbcc1 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -316,18 +316,6 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe return subPlatformScv; } - - /** - * For some reason the code isn't creating the directory it needs or saving - * the info to that file. - * I'm probably going to have to move the setting of the pcr values - * from the abstract ACA class, and then - * save the filename to the data base. Then have just this pull that - * file name and open it. the ACA class saves. - * - */ - - private SupplyChainValidation validateFirmware(final Device device, final PCRPolicy pcrPolicy) { @@ -370,7 +358,6 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe LOGGER.error(ioEx); } } - LOGGER.error(pcrContent); String[] pcrSet = null; String[] quote = null; int algorithmLength = baseline[0].length(); @@ -391,7 +378,6 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe // a matching hash length int offset = 1; - // TDM : I wonder if I can split on the sha line itself for (int i = 0; i < pcrSet.length; i++) { if (pcrSet[i].contains("sha")) { // entered a new set, check size @@ -399,13 +385,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe == algorithmLength) { // found the matching set for (int j = 0; j <= TPMMeasurementRecord.MAX_PCR_ID; j++) { - quote[j] = pcrSet[++i]; + quote[j] = pcrSet[++i].split(":")[1].trim(); } break; } } } - LOGGER.error(quote[offset]); if (quote[0].isEmpty()) { // validation fail diff --git a/HIRS_ProvisionerTPM2/include/CommandTpm2.h b/HIRS_ProvisionerTPM2/include/CommandTpm2.h index 9b66a33a..986f2fa3 100644 --- a/HIRS_ProvisionerTPM2/include/CommandTpm2.h +++ b/HIRS_ProvisionerTPM2/include/CommandTpm2.h @@ -61,6 +61,7 @@ class CommandTpm2 { static const char* const kTpm2ToolsGetQuoteCommand; static const char* const kTpm2DefaultQuoteFilename; static const char* const kTpm2DefaultSigFilename; + static const char* const kTpm2Sha256SigAlgorithm; static const char* const kTpm2ToolsPcrListCommand; const hirs::tpm2_tools_utils::Tpm2ToolsVersion version; diff --git a/HIRS_ProvisionerTPM2/src/CommandTpm2.cpp b/HIRS_ProvisionerTPM2/src/CommandTpm2.cpp index 8d5313ef..226e42a4 100644 --- a/HIRS_ProvisionerTPM2/src/CommandTpm2.cpp +++ b/HIRS_ProvisionerTPM2/src/CommandTpm2.cpp @@ -123,6 +123,7 @@ const char* const CommandTpm2::kDefaultActivatedIdentityFilename = "activatedIdentity.secret"; const char* const CommandTpm2::kTpm2DefaultQuoteFilename = "/tmp/quote.bin"; const char* const CommandTpm2::kTpm2DefaultSigFilename = "/tmp/sig.bin"; +const char* const CommandTpm2::kTpm2Sha256SigAlgorithm = "sha256"; /** * Constructor to create an interface to TPM 2.0 devices. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java b/HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java index e6a1a463..52e67c9c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java @@ -69,7 +69,7 @@ public final class PCRPolicy extends Policy { LOGGER.info("PCR Policy TBoot Ignore enabled."); i += NUM_OF_TBOOT_PCR; } - + LOGGER.error(String.format("%s = %s", baselinePcrs[i], quotePcrs[i])); if (!baselinePcrs[i].equals(quotePcrs[i])) { sb.append(String.format(failureMsg, i)); } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/IssuedAttestationCertificate.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/IssuedAttestationCertificate.java index 58534d3b..b24eafa0 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/IssuedAttestationCertificate.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/IssuedAttestationCertificate.java @@ -2,14 +2,9 @@ package hirs.data.persist.certificate; import hirs.persist.CertificateManager; import hirs.persist.CertificateSelector; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; import java.io.IOException; -import java.nio.file.Files; import java.nio.file.Path; -import java.nio.file.Paths; -import java.nio.file.NoSuchFileException; import java.util.Collections; import java.util.Set; import java.util.UUID; @@ -26,14 +21,7 @@ import javax.persistence.ManyToOne; @Entity public class IssuedAttestationCertificate extends DeviceAssociatedCertificate { - private static final Logger LOGGER = LogManager.getLogger(IssuedAttestationCertificate.class); - private static final int MAX_CERT_LENGTH_BYTES = 1024; - private static final String CATALINA_HOME = System.getProperty("catalina.base"); - private static final String TOMCAT_UPLOAD_DIRECTORY - = "/webapps/HIRS_AttestationCAPortal/upload/device_pcrs/"; - private static final String PCR_UPLOAD_FOLDER - = CATALINA_HOME + TOMCAT_UPLOAD_DIRECTORY; /** * AIC label that must be used. @@ -155,29 +143,6 @@ public class IssuedAttestationCertificate extends DeviceAssociatedCertificate { * @param pcrValues to be stored. */ public void setPcrValues(final String pcrValues) { - this.pcrValues = savePcrValues(pcrValues); - } - - private String savePcrValues(final String pcrValues) { - try { - if (Files.notExists(Paths.get(PCR_UPLOAD_FOLDER))) { - Files.createDirectory(Paths.get(PCR_UPLOAD_FOLDER)); - } - Path pcrPath = Paths.get(String.format("%s/%s", - PCR_UPLOAD_FOLDER, this.getDevice().getName())); - if (Files.notExists(pcrPath)) { - Files.createFile(pcrPath); - } - Files.write(pcrPath, pcrValues.getBytes("UTF8")); - return pcrPath.toString(); - } catch (NoSuchFileException nsfEx) { - LOGGER.error(String.format("File Not found!: %s", - this.getDevice().getName())); - LOGGER.error(nsfEx); - } catch (IOException ioEx) { - LOGGER.error(ioEx); - } - - return ""; + this.pcrValues = pcrValues; } }