ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-20 09:46:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[#7] Ensure Ubuntu support pending end-user installation of supported TPM2 Libraries

Browse Source
This commit is contained in:
apldev3 2018-10-23 19:04:15 -04:00
parent ce380db48c
commit 37ba6de3cd
5 changed files with 95 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
HIRS_ProvisionerTPM2/CMakeLists.txt
View File

@ -257,12 +257,12 @@ if (${DISTRIBUTION} STREQUAL "Ubuntu")
set(CPACK_GENERATOR "DEB")
set(CPACK_DEBIAN_PACKAGE_NAME "HIRSProvisionerTPM2.0")
set(CPACK_DEBIAN_PACKAGE_SECTION "admin")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "liblog4cplus-1.1-9(>=1.1.2), tpm2-tools(>=1.0), libcurlpp0(>=0.7), lshw")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "liblog4cplus-1.1-9(>=1.1.2), libcurlpp0(>=0.7), lshw")
# Set variables specific to Ubuntu release version
if (${DISTRIBUTION_VERSION} STREQUAL "16.04")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-1v5(>=20160201), libtss2-utils(>=0.98), libprotobuf9v5(>=2.4.1)")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-1v5(>=20160201), libprotobuf9v5(>=2.4.1)")
else()
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libsapi-utils(>=1.0), libprotobuf10(>=2.4.1)")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libprotobuf10(>=2.4.1)")
if (${DISTRIBUTION_VERSION} STREQUAL "17.10")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-3(>=20160201)")
elseif(${DISTRIBUTION_VERSION} STREQUAL "18.04" OR ${DISTRIBUTION_VERSION} STREQUAL "18.10")

11
HIRS_ProvisionerTPM2/include/Utils.h
View File

@ -160,7 +160,7 @@ namespace tpm2_tools_utils {
enum class Tpm2ToolsVersion {
VERSION_1_1_0,
VERSION_2_1_0,
VERSION_3_0_1
VERSION_3
};
/**
@ -237,6 +237,15 @@ class Tpm2ToolsOutputParser {
* @return a tpm2_tools version if found, or an empty string, otherwise
*/
static std::string parseTpm2ToolsVersion(const std::string& toolOutput);
/**
* Parses the provided tpm2-tool version for the major version.
*
* @param toolVersion the output from a call to parseTpm2ToolsVersion
* @return tpm2_tools major version if found, or an empty string, otherwise
*/
static std::string parseTpm2ToolsMajorVersion(
const std::string& toolVersion);
};
} // namespace tpm2_tools_utils

10
HIRS_ProvisionerTPM2/src/CommandTpm2.cpp
View File

@ -141,7 +141,7 @@ void CommandTpm2::setAuthData() {
<< " -l " << kWellKnownSecret
<< endl;
break;
case Tpm2ToolsVersion::VERSION_3_0_1:
case Tpm2ToolsVersion::VERSION_3:
argsStream << " -o hex:" << kWellKnownSecret
<< " -e hex:" << kWellKnownSecret
<< " -l hex:" << kWellKnownSecret
@ -387,11 +387,11 @@ string CommandTpm2::activateIdentity() {
"CommandTpm2::activateIdentity");
}
// TPM2 Tools version 3.0.1 prepends 4 bytes of a MAGIC NUMBER and
// TPM2 Tools major version 3.X.X prepends 4 bytes of a MAGIC NUMBER and
// 4 bytes of a version number to the file containing the cert and secret,
// but the ACA does not, nor does the ACA know which version of TPM2 Tools
// is running on the client machine. So we add the bytes here.
if (version == Tpm2ToolsVersion::VERSION_3_0_1) {
if (version == Tpm2ToolsVersion::VERSION_3) {
string s = fileToString(kDefaultIdentityClaimResponseFilename);
union {
UINT16 value;
@ -578,7 +578,7 @@ string CommandTpm2::readNvIndex(const string& nvIndex,
nvReadOutput << Tpm2ToolsOutputParser::parseNvReadOutput(
rawNvReadOutput);
break;
case Tpm2ToolsVersion::VERSION_3_0_1:
case Tpm2ToolsVersion::VERSION_3:
nvReadOutput << rawNvReadOutput;
break;
}
@ -619,7 +619,7 @@ void CommandTpm2::releaseNvIndex(const string& nvIndex) {
case Tpm2ToolsVersion::VERSION_2_1_0:
argsStream << " -X -P " << kWellKnownSecret;
break;
case Tpm2ToolsVersion::VERSION_3_0_1:
case Tpm2ToolsVersion::VERSION_3:
argsStream << " -P hex:" << kWellKnownSecret;
break;
}

45
HIRS_ProvisionerTPM2/src/Utils.cpp
View File

@ -265,7 +265,7 @@ const unordered_map<string, Tpm2ToolsVersion>
Tpm2ToolsVersionChecker::kVersionMap = {
{"1.1.0", Tpm2ToolsVersion::VERSION_1_1_0 },
{"2.1.0", Tpm2ToolsVersion::VERSION_2_1_0 },
{"3.0.1", Tpm2ToolsVersion::VERSION_3_0_1 }
{"3", Tpm2ToolsVersion::VERSION_3 }
};
const unordered_map<string, Tpm2ToolsVersion>
@ -273,27 +273,42 @@ const unordered_map<string, Tpm2ToolsVersion>
{"Ubuntu 17.10", Tpm2ToolsVersion::VERSION_1_1_0 },
{"Ubuntu 18.04", Tpm2ToolsVersion::VERSION_2_1_0 },
{"Ubuntu 18.10", Tpm2ToolsVersion::VERSION_2_1_0 },
{"CentOS Linux 7", Tpm2ToolsVersion::VERSION_3_0_1 }
{"CentOS Linux 7", Tpm2ToolsVersion::VERSION_3 }
};
Tpm2ToolsVersion Tpm2ToolsVersionChecker::findTpm2ToolsVersion() {
string versionOutput = RUN_PROCESS_OR_THROW("tpm2_rc_decode", "-v");
string versionOutput = RUN_PROCESS_OR_THROW("tpm2_nvlist", "-v");
string version = Tpm2ToolsOutputParser::parseTpm2ToolsVersion(
versionOutput);
string majorVersion = Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
version);
if (!version.empty()) {
try {
return kVersionMap.at(version);
// Look to see if tpm2-tools major version is supported
return kVersionMap.at(majorVersion);
}
catch (const out_of_range& oor) {
stringstream ss;
ss << "Unsupported Tpm2 Tools Version Detected: " << version;
throw HirsRuntimeException(ss.str(),
"Tpm2ToolsVersionChecker::findTpm2ToolsVersion");
// If major version not supported, then look for specific version
try {
return kVersionMap.at(version);
}
catch (const out_of_range& oor) {
// If no version found, version is unsupported, throw exception
stringstream ss;
ss << "Unsupported Tpm2 Tools Version Detected: " << version;
throw HirsRuntimeException(ss.str(),
"Tpm2ToolsVersionChecker::findTpm2ToolsVersion");
}
}
} else {
// If version check returns empty, instead of throwing exception,
// then tpm2-tools is installed but version lookup is faulty.
// Get current runtime environment distribution.
string currentDistribution = getDistribution();
try {
// Look to see if current distribution has a supported version
// and use that as best guess at version number
return kMaxSupportedVersionMap.at(currentDistribution);
} catch (const out_of_range& oor) {
stringstream ss;
@ -396,6 +411,20 @@ string Tpm2ToolsOutputParser::parseTpm2ToolsVersion(const string& toolOutput) {
}
}
string Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
const string& toolVersion) {
stringstream regexPatternStream;
regexPatternStream << "^([0-9]+)\\.[0-9]+\\.[0-9]+$";
string majorVersion;
if (RE2::PartialMatch(toolVersion, regexPatternStream.str(),
&majorVersion)) {
return majorVersion;
} else {
return "";
}
}
} // namespace tpm2_tools_utils
} // namespace hirs

40
HIRS_ProvisionerTPM2/test/Utils_Test.cpp
View File

@ -588,6 +588,46 @@ TEST_F(UtilsTest, ParseTpm2ToolsVersionFailNonSemanticVersion) {
ASSERT_EQ(expectedOutput, version);
}
TEST_F(UtilsTest, ParseTpm2ToolsMajorVersionSuccess) {
stringstream versionOutput;
versionOutput << "3.0.1";
string expectedOutput = "3";
string majorVersion = Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
versionOutput.str());
ASSERT_EQ(expectedOutput, majorVersion);
}
TEST_F(UtilsTest, ParseTpm2ToolsMajorVersionSuccessMultiNumeralVersion) {
stringstream versionOutput;
versionOutput << "10.29.970";
string expectedOutput = "10";
string majorVersion = Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
versionOutput.str());
ASSERT_EQ(expectedOutput, majorVersion);
}
TEST_F(UtilsTest, ParseTpm2ToolsMajorVersionFailNonSemanticVersion) {
stringstream versionOutput;
versionOutput << "3.0";
string expectedOutput = "";
string majorVersion = Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
versionOutput.str());
ASSERT_EQ(expectedOutput, majorVersion);
}
TEST_F(UtilsTest, ParseTpm2ToolsMajorVersionFailLongNonSemanticVersion) {
stringstream versionOutput;
versionOutput << "3.0.1.27";
string expectedOutput = "";
string majorVersion = Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
versionOutput.str());
ASSERT_EQ(expectedOutput, majorVersion);
}
} // namespace
int main(int argc, char **argv) {