From 422834a8bbe0e0630a2fed46982eef033f6067dd Mon Sep 17 00:00:00 2001
From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com>
Date: Mon, 8 Apr 2024 12:28:03 -0400
Subject: [PATCH] spdm event structures
---
.../events/DeviceSecurityEventData.java | 41 +++++
.../DeviceSecurityEventDataDeviceContext.java | 17 ++
.../events/DeviceSecurityEventDataHeader.java | 162 ++++++++++++++++++
.../DeviceSecurityEventDataPciContext.java | 4 +
.../events/EvEfiSpdmFirmwareBlob.java | 23 +--
.../evDeviceSecurityEventDataHeader.java | 4 -
.../evDeviceSecurityEventDataPciContext.java | 4 -
7 files changed, 233 insertions(+), 22 deletions(-)
create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java
create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java
delete mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataHeader.java
delete mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataPciContext.java
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
new file mode 100644
index 00000000..478faa4a
--- /dev/null
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
@@ -0,0 +1,41 @@
+package hirs.utils.tpm.eventlog.events;
+
+import hirs.utils.HexUtils;
+import hirs.utils.tpm.eventlog.TcgTpmtHa;
+import hirs.utils.tpm.eventlog.uefi.UefiConstants;
+import lombok.Getter;
+
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+
+
+/**
+ * Class to process the DeviceSecurityEventData event
+ * DEVICE_SECURITY_EVENT_DATA has 2 structures:
+ * 1) DEVICE_SECURITY_EVENT_DATA_HEADER
+ * 2) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
+ * DEVICE_SECURITY_EVENT_DATA_HEADER
+ * The first 16 bytes of the event data header MUST be a String based identifier (Signature),
+ * NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies
+ * the event data is a DEVICE_SECURITY_EVENT_DATA. DEVICE_SECURITY_EVENT_DATA_HEADER contains
+ * the measurement(s) and hash algorithm (SpdmHashAlg) identifier returned by the SPDM
+ * "GET_MEASUREMENTS" function.
+ * DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT
+ * DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT is a common SPDM structure which includes the
+ * identification of the device, device vendor, subsystem, etc.
+ *
+ * typedef struct tdDEVICE_SECURITY_EVENT_DATA {
+ * DEVICE_SECURITY_EVENT_DATA_HEADER EventDataHeader;
+ * DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
+ * } DEVICE_SECURITY_EVENT_DATA;
+ *
+ * Notes: Parses event data for an DEVICE_SECURITY_EVENT_DATA per PFP Spec.
+ * 1. Has an EventType of EV_EFI_SPDM_FIRMWARE_BLOB (0x800000E1)
+ * 2. Digest of 48 bytes
+ * 3. Event content defined as DEVICE_SECURITY_EVENT_DATA Struct.
+ * 4. First 16 bytes of the structure is an ASCII "SPDM Device Sec"
+ */
+public class DeviceSecurityEventData {
+
+}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java
new file mode 100644
index 00000000..bd12cb92
--- /dev/null
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java
@@ -0,0 +1,17 @@
+package hirs.utils.tpm.eventlog.events;
+
+/**
+ * Class to process the DeviceSecurityEventDataDeviceContext event
+ * DEVICE_SECURITY_EVENT_DATA has 2 structures:
+ * 1) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
+ * 2) DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT
+ *
+ * typedef struct tdDEVICE_SECURITY_EVENT_DATA {
+ * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT PciContext;
+ * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT UsbContext;
+ * } DEVICE_SECURITY_EVENT_DATA;
+ *
+ */
+public class DeviceSecurityEventDataDeviceContext {
+}
+
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
new file mode 100644
index 00000000..a6d83580
--- /dev/null
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
@@ -0,0 +1,162 @@
+package hirs.utils.tpm.eventlog.events;
+
+import hirs.utils.HexUtils;
+import hirs.utils.tpm.eventlog.TcgTpmtHa;
+import hirs.utils.tpm.eventlog.uefi.UefiConstants;
+import lombok.Getter;
+
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Class to process the DeviceSecurityEventDataHeader.
+ * The first 16 bytes of the event data header MUST be a String based identifier (Signature),
+ * NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies
+ * the event data is a DEVICE_SECURITY_EVENT_DATA. DEVICE_SECURITY_EVENT_DATA_HEADER contains
+ * the measurement(s) and hash algorithm (SpdmHashAlg) identifier returned by the SPDM
+ * "GET_MEASUREMENTS" function.
+ *
+ * typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER {
+ * UINT8 Signature[16];
+ * UINT16 Version;
+ * UINT16 Length;
+ * UINT32 SpdmHashAlg;
+ * UINT32 DeviceType;
+ * SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
+ * UINT64 DevicePathLength;
+ * UNIT8 DevicePath[DevicePathLength]
+ * } DEVICE_SECURITY_EVENT_DATA_HEADER;
+ *
+ * typedef struct tdSPDM_MEASUREMENT_BLOCK {
+ * tbd tbdalgorithmId;
+ * tbd tbddigestSize;
+ * } SPDM_MEASUREMENT_BLOCK;
+ *
+ * typedef struct tdDEVICEPATHLENGTH {
+ * tbd tbdalgorithmId;
+ * tbd tbddigestSize;
+ * } DEVICEPATHLENGTH;
+ *
+ * define TPM_ALG_SHA1 (TPM_ALG_ID)(0x0004)
+ * define TPM_ALG_SHA256 (TPM_ALG_ID)(0x000B)
+ * define TPM_ALG_SHA384 (TPM_ALG_ID)(0x000C)
+ * define TPM_ALG_SHA512 (TPM_ALG_ID)(0x000D)
+ *
+// * Notes: Parses event data for an EfiSpecID per Table 5 TCG_EfiSpecIdEvent Example.
+// * 1. Should be the first Structure in the log
+// * 2. Has an EventType of EV_NO_ACTION (0x00000003)
+// * 3. Digest of 20 bytes of all 0's
+// * 4. Event content defined as TCG_EfiSpecIDEvent Struct.
+// * 5. First 16 bytes of the structure is an ASCII "Spec ID Event03"
+// * 6. The version of the log is used to determine which format the Log
+// * is to use (sha1 or Crypto Agile)
+ */
+public class DeviceSecurityEventDataHeader {
+// /**
+// * Minor Version.
+// */
+// @Getter
+// private String versionMinor = "";
+// /**
+// * Major Version.
+// */
+// @Getter
+// private String versionMajor = "";
+// /**
+// * Specification errata version.
+// */
+// @Getter
+// private String errata = "";
+// /**
+// * Signature (text) data.
+// */
+// @Getter
+// private String signature = "";
+// /**
+// * Platform class.
+// */
+// @Getter
+// private String platformClass = "";
+// /**
+// * Algorithm count.
+// */
+// @Getter
+// private int numberOfAlg = 0;
+// /**
+// * True if event log uses Crypto Agile format.
+// */
+// @Getter
+// private boolean cryptoAgile = false;
+// /**
+// * Algorithm list.
+// */
+// private List algList;
+//
+// /**
+// * EvEfiSpecIdEvent Constructor.
+// *
+// * @param efiSpecId byte array holding the spec ID Event.
+// */
+// public EvEfiSpecIdEvent(final byte[] efiSpecId) {
+// algList = new ArrayList<>();
+// byte[] signatureBytes = new byte[UefiConstants.SIZE_16];
+// System.arraycopy(efiSpecId, 0, signatureBytes, 0, UefiConstants.SIZE_16);
+// signature = HexUtils.byteArrayToHexString(signatureBytes);
+// signature = new String(signatureBytes, StandardCharsets.UTF_8)
+// .substring(0, UefiConstants.SIZE_15);
+//
+// byte[] platformClassBytes = new byte[UefiConstants.SIZE_4];
+// System.arraycopy(efiSpecId, UefiConstants.OFFSET_16, platformClassBytes, 0,
+// UefiConstants.SIZE_4);
+// platformClass = HexUtils.byteArrayToHexString(platformClassBytes);
+//
+// byte[] specVersionMinorBytes = new byte[1];
+// System.arraycopy(efiSpecId, UefiConstants.OFFSET_20, specVersionMinorBytes, 0, 1);
+// versionMinor = HexUtils.byteArrayToHexString(specVersionMinorBytes);
+//
+// byte[] specVersionMajorBytes = new byte[1];
+// System.arraycopy(efiSpecId, UefiConstants.OFFSET_21, specVersionMajorBytes, 0, 1);
+// versionMajor = HexUtils.byteArrayToHexString(specVersionMajorBytes);
+//
+// byte[] specErrataBytes = new byte[1];
+// System.arraycopy(efiSpecId, UefiConstants.OFFSET_22, specErrataBytes, 0, 1);
+// errata = HexUtils.byteArrayToHexString(specErrataBytes);
+//
+// byte[] numberOfAlgBytes = new byte[UefiConstants.SIZE_4];
+// System.arraycopy(efiSpecId, UefiConstants.OFFSET_24, numberOfAlgBytes, 0,
+// UefiConstants.SIZE_4);
+// numberOfAlg = HexUtils.leReverseInt(numberOfAlgBytes);
+//
+// byte[] algorithmIDBytes = new byte[UefiConstants.SIZE_2];
+// int algLocation = UefiConstants.SIZE_28;
+// for (int i = 0; i < numberOfAlg; i++) {
+// System.arraycopy(efiSpecId, algLocation + UefiConstants.OFFSET_4 * i, algorithmIDBytes,
+// 0, UefiConstants.SIZE_2);
+// String alg = TcgTpmtHa.tcgAlgIdToString(HexUtils.leReverseInt(algorithmIDBytes));
+// algList.add(alg);
+// }
+// if ((algList.size() == 1) && (algList.get(0).compareTo("SHA1") == 0)) {
+// cryptoAgile = false;
+// } else {
+// cryptoAgile = true;
+// }
+// }
+//
+// /**
+// * Returns a human readable description of the data within this event.
+// *
+// * @return a description of this event..
+// */
+// public String toString() {
+// String specInfo = "";
+// if (signature.equals("Spec ID Event#")) {
+// specInfo += "Platform Profile Specification version = " + versionMajor + "." + versionMinor
+// + " using errata version" + errata;
+// } else {
+// specInfo = "EV_NO_ACTION event named " + signature
+// + " encountered but support for processing it has not been added to this application";
+// }
+// return specInfo;
+// }
+}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java
new file mode 100644
index 00000000..cd6e01bd
--- /dev/null
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java
@@ -0,0 +1,4 @@
+package hirs.utils.tpm.eventlog.events;
+
+public class DeviceSecurityEventDataPciContext {
+}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java
index e9755ad1..64d717e8 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java
@@ -11,18 +11,13 @@ import java.util.ArrayList;
import java.util.List;
/**
- * Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event using structures:
- * 1) DEVICE_SECURITY_EVENT_DATA_HEADER [ delete: TCG_EfiSpecIDEvent]
+ * Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event using structure DEVICE_SECURITY_EVENT_DATA
+ * DEVICE_SECURITY_EVENT_DATA has 2 structures:
+ * 1) DEVICE_SECURITY_EVENT_DATA_HEADER
* 2) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
- * DEVICE_SECURITY_EVENT_DATA_HEADER
- * The first 16 bytes of the event data MUST be a String based identifier (Signature), NUL-terminated.
- * The only currently defined Signature is "SPDM Device Sec"
- * which implies the data is a DEVICE_SECURITY_EVENT_DATA_HEADER.
- * DEVICE_SECURITY_EVENT_DATA_HEADER contains the measurement(s) and hash algorithm
- * (SpdmHashAlg) identifier returned by the SPDM "GET_MEASUREMENTS" function
- * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
- * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT is a common SPDM structure which includes the
- * identification of the device, device vendor, subsystem, etc for PCI connection devices
+ * The first 16 bytes of the event data header MUST be a String based identifier (Signature),
+ * NUL-terminated. The only currently defined Signature is "SPDM Device Sec"
+ * which implies the event data is a DEVICE_SECURITY_EVENT_DATA.
*/
public class EvEfiSpdmFirmwareBlob {
@@ -31,14 +26,14 @@ public class EvEfiSpdmFirmwareBlob {
*/
private String signature = "";
/**
- * True if the event is a DEVICE_SECURITY_EVENT_DATA_HEADER.
+ * True if the event is a DEVICE_SECURITY_EVENT_DATA.
*/
private boolean bDeviceSecurityEventDataHeader = false;
/**
- * evDeviceSecurityEventDataHeader Object.
+ * DeviceSecurityEventDataHeader Object.
*/
@Getter
- private evDeviceSecurityEventDataHeader deviceSecurityEventDataHeader = null;
+ private DeviceSecurityEventDataHeader deviceSecurityEventDataHeader = null;
/**
* EvEfiSpdmFirmwareBlob constructor.
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataHeader.java
deleted file mode 100644
index a0c319fa..00000000
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataHeader.java
+++ /dev/null
@@ -1,4 +0,0 @@
-package hirs.utils.tpm.eventlog.events;
-
-public class evDeviceSecurityEventDataHeader {
-}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataPciContext.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataPciContext.java
deleted file mode 100644
index 77a1368f..00000000
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataPciContext.java
+++ /dev/null
@@ -1,4 +0,0 @@
-package hirs.utils.tpm.eventlog.events;
-
-public class evDeviceSecurityEventDataPciContext {
-}