From 35dcc226a66a4f6e8f1d184efb95364ee2443c1e Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Wed, 30 Sep 2020 11:33:28 -0400 Subject: [PATCH] Updated and fixed the difference in the code from the master branch merge --- .../AbstractAttestationCertificateAuthority.java | 7 ++++--- .../service/SupplyChainValidationServiceImpl.java | 6 ++++-- HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java | 6 ++++++ 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index f98b0569..8db7100e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -302,7 +302,6 @@ public abstract class AbstractAttestationCertificateAuthority // update the validation result in the device device.setSupplyChainStatus(summary.getOverallValidationResult()); deviceManager.updateDevice(device); - LOG.error("This is the device id? {} ", device.getId()); // check if supply chain validation succeeded. // If it did not, do not provide the IdentityResponseEnvelope if (summary.getOverallValidationResult() == AppraisalStatus.Status.PASS) { @@ -590,7 +589,9 @@ public abstract class AbstractAttestationCertificateAuthority LOG.error("Supply chain validation did not succeed. " + "Firmware Quote Validation failed. Result is: " + validationResult); - return new byte[]{}; + ProvisionerTpm2.CertificateResponse response = ProvisionerTpm2.CertificateResponse + .newBuilder().setCertificate(ByteString.EMPTY).build(); + return response.toByteArray(); } } else { LOG.error("Could not process credential request. Invalid nonce provided: " @@ -723,7 +724,7 @@ public abstract class AbstractAttestationCertificateAuthority } // Get TPM info, currently unimplemented - TPMInfo tpm = new TPMInfo(); + TPMInfo tpm; try { tpm = new TPMInfo(DeviceInfoReport.NOT_SPECIFIED, (short) 0, diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index d0809e75..f813c372 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -429,7 +429,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe + "No associated RIM file could be found for %s", manufacturer)); } else { - List swids = rim.parseResource(); + BaseReferenceManifest bRim = (BaseReferenceManifest) rim; + List swids = bRim.parseResource(); for (SwidResource swid : swids) { baseline = swid.getPcrValues() .toArray(new String[swid.getPcrValues().size()]); @@ -448,7 +449,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe fwStatus.setMessage("Firmware validation of TPM Quote successful."); } else { - fwStatus.setMessage("Firmware validation of TPM Quote failed."); + fwStatus.setMessage("Firmware validation of TPM Quote failed." + + "\nPCR hash and Quote hash do not match."); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java b/HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java index 0c8eeafe..4f9722f6 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java @@ -120,6 +120,12 @@ public final class PCRPolicy extends Policy { tpmQuote, pcrComposite); try { + /** + * The calculated string is being used in the contains method + * because the TPM Quote's hash isn't just for PCR values, + * it contains the calculated digest of the PCRs, along with + * other information. + */ String calculatedString = Hex.encodeHexString( pcrInfoShort.getCalculatedDigest()); validated = quoteString.contains(calculatedString);