ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-06-01 15:11:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[#7] Ensure Ubuntu support pending end-user installation of supported TPM2 Libraries

Browse Source
This commit is contained in:
apldev3 2018-10-23 19:04:15 -04:00
parent ce380db48c
commit 37ba6de3cd
5 changed files with 95 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
HIRS_ProvisionerTPM2/CMakeLists.txt
View File

@ -257,12 +257,12 @@ if (${DISTRIBUTION} STREQUAL "Ubuntu")
set(CPACK_GENERATOR "DEB") set(CPACK_GENERATOR "DEB")
set(CPACK_DEBIAN_PACKAGE_NAME "HIRSProvisionerTPM2.0") set(CPACK_DEBIAN_PACKAGE_NAME "HIRSProvisionerTPM2.0")
set(CPACK_DEBIAN_PACKAGE_SECTION "admin") set(CPACK_DEBIAN_PACKAGE_SECTION "admin")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "liblog4cplus-1.1-9(>=1.1.2), tpm2-tools(>=1.0), libcurlpp0(>=0.7), lshw") set(CPACK_DEBIAN_PACKAGE_DEPENDS "liblog4cplus-1.1-9(>=1.1.2), libcurlpp0(>=0.7), lshw")
# Set variables specific to Ubuntu release version # Set variables specific to Ubuntu release version
if (${DISTRIBUTION_VERSION} STREQUAL "16.04") if (${DISTRIBUTION_VERSION} STREQUAL "16.04")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-1v5(>=20160201), libtss2-utils(>=0.98), libprotobuf9v5(>=2.4.1)") set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-1v5(>=20160201), libprotobuf9v5(>=2.4.1)")
else() else()
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libsapi-utils(>=1.0), libprotobuf10(>=2.4.1)") set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libprotobuf10(>=2.4.1)")
if (${DISTRIBUTION_VERSION} STREQUAL "17.10") if (${DISTRIBUTION_VERSION} STREQUAL "17.10")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-3(>=20160201)") set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-3(>=20160201)")
elseif(${DISTRIBUTION_VERSION} STREQUAL "18.04" OR ${DISTRIBUTION_VERSION} STREQUAL "18.10") elseif(${DISTRIBUTION_VERSION} STREQUAL "18.04" OR ${DISTRIBUTION_VERSION} STREQUAL "18.10")

11
HIRS_ProvisionerTPM2/include/Utils.h
View File

@ -160,7 +160,7 @@ namespace tpm2_tools_utils {
enum class Tpm2ToolsVersion { enum class Tpm2ToolsVersion {
VERSION_1_1_0, VERSION_1_1_0,
VERSION_2_1_0, VERSION_2_1_0,
VERSION_3_0_1 VERSION_3
}; };
/** /**
@ -237,6 +237,15 @@ class Tpm2ToolsOutputParser {
* @return a tpm2_tools version if found, or an empty string, otherwise * @return a tpm2_tools version if found, or an empty string, otherwise
*/ */
static std::string parseTpm2ToolsVersion(const std::string& toolOutput); static std::string parseTpm2ToolsVersion(const std::string& toolOutput);
/**
* Parses the provided tpm2-tool version for the major version.
*
* @param toolVersion the output from a call to parseTpm2ToolsVersion
* @return tpm2_tools major version if found, or an empty string, otherwise
*/
static std::string parseTpm2ToolsMajorVersion(
const std::string& toolVersion);
}; };
} // namespace tpm2_tools_utils } // namespace tpm2_tools_utils

10
HIRS_ProvisionerTPM2/src/CommandTpm2.cpp
View File

@ -141,7 +141,7 @@ void CommandTpm2::setAuthData() {
<< " -l " << kWellKnownSecret << " -l " << kWellKnownSecret
<< endl; << endl;
break; break;
case Tpm2ToolsVersion::VERSION_3_0_1: case Tpm2ToolsVersion::VERSION_3:
argsStream << " -o hex:" << kWellKnownSecret argsStream << " -o hex:" << kWellKnownSecret
<< " -e hex:" << kWellKnownSecret << " -e hex:" << kWellKnownSecret
<< " -l hex:" << kWellKnownSecret << " -l hex:" << kWellKnownSecret
@ -387,11 +387,11 @@ string CommandTpm2::activateIdentity() {
"CommandTpm2::activateIdentity"); "CommandTpm2::activateIdentity");
} }
// TPM2 Tools version 3.0.1 prepends 4 bytes of a MAGIC NUMBER and // TPM2 Tools major version 3.X.X prepends 4 bytes of a MAGIC NUMBER and
// 4 bytes of a version number to the file containing the cert and secret, // 4 bytes of a version number to the file containing the cert and secret,
// but the ACA does not, nor does the ACA know which version of TPM2 Tools // but the ACA does not, nor does the ACA know which version of TPM2 Tools
// is running on the client machine. So we add the bytes here. // is running on the client machine. So we add the bytes here.
if (version == Tpm2ToolsVersion::VERSION_3_0_1) { if (version == Tpm2ToolsVersion::VERSION_3) {
string s = fileToString(kDefaultIdentityClaimResponseFilename); string s = fileToString(kDefaultIdentityClaimResponseFilename);
union { union {
UINT16 value; UINT16 value;
@ -578,7 +578,7 @@ string CommandTpm2::readNvIndex(const string& nvIndex,
nvReadOutput << Tpm2ToolsOutputParser::parseNvReadOutput( nvReadOutput << Tpm2ToolsOutputParser::parseNvReadOutput(
rawNvReadOutput); rawNvReadOutput);
break; break;
case Tpm2ToolsVersion::VERSION_3_0_1: case Tpm2ToolsVersion::VERSION_3:
nvReadOutput << rawNvReadOutput; nvReadOutput << rawNvReadOutput;
break; break;
} }
@ -619,7 +619,7 @@ void CommandTpm2::releaseNvIndex(const string& nvIndex) {
case Tpm2ToolsVersion::VERSION_2_1_0: case Tpm2ToolsVersion::VERSION_2_1_0:
argsStream << " -X -P " << kWellKnownSecret; argsStream << " -X -P " << kWellKnownSecret;
break; break;
case Tpm2ToolsVersion::VERSION_3_0_1: case Tpm2ToolsVersion::VERSION_3:
argsStream << " -P hex:" << kWellKnownSecret; argsStream << " -P hex:" << kWellKnownSecret;
break; break;
} }

45
HIRS_ProvisionerTPM2/src/Utils.cpp
View File

@ -265,7 +265,7 @@ const unordered_map<string, Tpm2ToolsVersion>
Tpm2ToolsVersionChecker::kVersionMap = { Tpm2ToolsVersionChecker::kVersionMap = {
{"1.1.0", Tpm2ToolsVersion::VERSION_1_1_0 }, {"1.1.0", Tpm2ToolsVersion::VERSION_1_1_0 },
{"2.1.0", Tpm2ToolsVersion::VERSION_2_1_0 }, {"2.1.0", Tpm2ToolsVersion::VERSION_2_1_0 },
{"3.0.1", Tpm2ToolsVersion::VERSION_3_0_1 } {"3", Tpm2ToolsVersion::VERSION_3 }
}; };
const unordered_map<string, Tpm2ToolsVersion> const unordered_map<string, Tpm2ToolsVersion>
@ -273,27 +273,42 @@ const unordered_map<string, Tpm2ToolsVersion>
{"Ubuntu 17.10", Tpm2ToolsVersion::VERSION_1_1_0 }, {"Ubuntu 17.10", Tpm2ToolsVersion::VERSION_1_1_0 },
{"Ubuntu 18.04", Tpm2ToolsVersion::VERSION_2_1_0 }, {"Ubuntu 18.04", Tpm2ToolsVersion::VERSION_2_1_0 },
{"Ubuntu 18.10", Tpm2ToolsVersion::VERSION_2_1_0 }, {"Ubuntu 18.10", Tpm2ToolsVersion::VERSION_2_1_0 },
{"CentOS Linux 7", Tpm2ToolsVersion::VERSION_3_0_1 } {"CentOS Linux 7", Tpm2ToolsVersion::VERSION_3 }
}; };
Tpm2ToolsVersion Tpm2ToolsVersionChecker::findTpm2ToolsVersion() { Tpm2ToolsVersion Tpm2ToolsVersionChecker::findTpm2ToolsVersion() {
string versionOutput = RUN_PROCESS_OR_THROW("tpm2_rc_decode", "-v"); string versionOutput = RUN_PROCESS_OR_THROW("tpm2_nvlist", "-v");
string version = Tpm2ToolsOutputParser::parseTpm2ToolsVersion( string version = Tpm2ToolsOutputParser::parseTpm2ToolsVersion(
versionOutput); versionOutput);
string majorVersion = Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
version);
if (!version.empty()) { if (!version.empty()) {
try { try {
return kVersionMap.at(version); // Look to see if tpm2-tools major version is supported
return kVersionMap.at(majorVersion);
} }
catch (const out_of_range& oor) { catch (const out_of_range& oor) {
stringstream ss; // If major version not supported, then look for specific version
ss << "Unsupported Tpm2 Tools Version Detected: " << version; try {
throw HirsRuntimeException(ss.str(), return kVersionMap.at(version);
"Tpm2ToolsVersionChecker::findTpm2ToolsVersion"); }
catch (const out_of_range& oor) {
// If no version found, version is unsupported, throw exception
stringstream ss;
ss << "Unsupported Tpm2 Tools Version Detected: " << version;
throw HirsRuntimeException(ss.str(),
"Tpm2ToolsVersionChecker::findTpm2ToolsVersion");
}
} }
} else { } else {
// If version check returns empty, instead of throwing exception,
// then tpm2-tools is installed but version lookup is faulty.
// Get current runtime environment distribution.
string currentDistribution = getDistribution(); string currentDistribution = getDistribution();
try { try {
// Look to see if current distribution has a supported version
// and use that as best guess at version number
return kMaxSupportedVersionMap.at(currentDistribution); return kMaxSupportedVersionMap.at(currentDistribution);
} catch (const out_of_range& oor) { } catch (const out_of_range& oor) {
stringstream ss; stringstream ss;
@ -396,6 +411,20 @@ string Tpm2ToolsOutputParser::parseTpm2ToolsVersion(const string& toolOutput) {
} }
} }
string Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
const string& toolVersion) {
stringstream regexPatternStream;
regexPatternStream << "^([0-9]+)\\.[0-9]+\\.[0-9]+$";
string majorVersion;
if (RE2::PartialMatch(toolVersion, regexPatternStream.str(),
&majorVersion)) {
return majorVersion;
} else {
return "";
}
}
} // namespace tpm2_tools_utils } // namespace tpm2_tools_utils
} // namespace hirs } // namespace hirs

40
HIRS_ProvisionerTPM2/test/Utils_Test.cpp
View File

@ -588,6 +588,46 @@ TEST_F(UtilsTest, ParseTpm2ToolsVersionFailNonSemanticVersion) {
ASSERT_EQ(expectedOutput, version); ASSERT_EQ(expectedOutput, version);
} }
TEST_F(UtilsTest, ParseTpm2ToolsMajorVersionSuccess) {
stringstream versionOutput;
versionOutput << "3.0.1";
string expectedOutput = "3";
string majorVersion = Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
versionOutput.str());
ASSERT_EQ(expectedOutput, majorVersion);
}
TEST_F(UtilsTest, ParseTpm2ToolsMajorVersionSuccessMultiNumeralVersion) {
stringstream versionOutput;
versionOutput << "10.29.970";
string expectedOutput = "10";
string majorVersion = Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
versionOutput.str());
ASSERT_EQ(expectedOutput, majorVersion);
}
TEST_F(UtilsTest, ParseTpm2ToolsMajorVersionFailNonSemanticVersion) {
stringstream versionOutput;
versionOutput << "3.0";
string expectedOutput = "";
string majorVersion = Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
versionOutput.str());
ASSERT_EQ(expectedOutput, majorVersion);
}
TEST_F(UtilsTest, ParseTpm2ToolsMajorVersionFailLongNonSemanticVersion) {
stringstream versionOutput;
versionOutput << "3.0.1.27";
string expectedOutput = "";
string majorVersion = Tpm2ToolsOutputParser::parseTpm2ToolsMajorVersion(
versionOutput.str());
ASSERT_EQ(expectedOutput, majorVersion);
}
} // namespace } // namespace
int main(int argc, char **argv) { int main(int argc, char **argv) {