spdm event structures

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java

@@ -0,0 +1,41 @@
+package hirs.utils.tpm.eventlog.events;
+
+import hirs.utils.HexUtils;
+import hirs.utils.tpm.eventlog.TcgTpmtHa;
+import hirs.utils.tpm.eventlog.uefi.UefiConstants;
+import lombok.Getter;
+
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+
+
+/**
+ * Class to process the DeviceSecurityEventData event
+ * DEVICE_SECURITY_EVENT_DATA has 2 structures:
+ *    1) DEVICE_SECURITY_EVENT_DATA_HEADER
+ *    2) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
+ * DEVICE_SECURITY_EVENT_DATA_HEADER
+ *    The first 16 bytes of the event data header MUST be a String based identifier (Signature),
+ *    NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies
+ *    the event data is a DEVICE_SECURITY_EVENT_DATA. DEVICE_SECURITY_EVENT_DATA_HEADER contains
+ *    the measurement(s) and hash algorithm (SpdmHashAlg) identifier returned by the SPDM
+ *    "GET_MEASUREMENTS" function.
+ * DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT
+ *    DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT is a common SPDM structure which includes the
+ *       identification of the device, device vendor, subsystem, etc.
+ * <p>
+ * typedef struct tdDEVICE_SECURITY_EVENT_DATA {
+ * DEVICE_SECURITY_EVENT_DATA_HEADER            EventDataHeader;
+ * DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT    DeviceContext;
+ * } DEVICE_SECURITY_EVENT_DATA;
+ * <p>
+ * Notes: Parses event data for an DEVICE_SECURITY_EVENT_DATA per PFP Spec.
+ * 1. Has an EventType of EV_EFI_SPDM_FIRMWARE_BLOB (0x800000E1)
+ * 2. Digest of 48 bytes
+ * 3. Event content defined as DEVICE_SECURITY_EVENT_DATA Struct.
+ * 4. First 16 bytes of the structure is an ASCII "SPDM Device Sec"
+ */
+public class DeviceSecurityEventData {
+
+}

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java

@@ -0,0 +1,17 @@
+package hirs.utils.tpm.eventlog.events;
+
+/**
+ * Class to process the DeviceSecurityEventDataDeviceContext event
+ * DEVICE_SECURITY_EVENT_DATA has 2 structures:
+ *    1) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
+ *    2) DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT
+ * <p>
+ * typedef struct tdDEVICE_SECURITY_EVENT_DATA {
+ * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT       PciContext;
+ * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT       UsbContext;
+ * } DEVICE_SECURITY_EVENT_DATA;
+ * <p>
+ */
+public class DeviceSecurityEventDataDeviceContext {
+}
+

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java

@@ -0,0 +1,162 @@
+package hirs.utils.tpm.eventlog.events;
+
+import hirs.utils.HexUtils;
+import hirs.utils.tpm.eventlog.TcgTpmtHa;
+import hirs.utils.tpm.eventlog.uefi.UefiConstants;
+import lombok.Getter;
+
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Class to process the DeviceSecurityEventDataHeader.
+ * The first 16 bytes of the event data header MUST be a String based identifier (Signature),
+ * NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies
+ * the event data is a DEVICE_SECURITY_EVENT_DATA. DEVICE_SECURITY_EVENT_DATA_HEADER contains
+ * the measurement(s) and hash algorithm (SpdmHashAlg) identifier returned by the SPDM
+ * "GET_MEASUREMENTS" function.
+ * <p>
+ * typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER {
+ * UINT8                             Signature[16];
+ * UINT16                            Version;
+ * UINT16                           Length;
+ * UINT32                           SpdmHashAlg;
+ * UINT32                           DeviceType;
+ * SPDM_MEASUREMENT_BLOCK           SpdmMeasurementBlock;
+ * UINT64                           DevicePathLength;
+ * UNIT8                            DevicePath[DevicePathLength]
+ * } DEVICE_SECURITY_EVENT_DATA_HEADER;
+ * <p>
+ * typedef struct tdSPDM_MEASUREMENT_BLOCK {
+ * tbd      tbdalgorithmId;
+ * tbd      tbddigestSize;
+ * } SPDM_MEASUREMENT_BLOCK;
+ * <p>
+ * typedef struct tdDEVICEPATHLENGTH {
+ * tbd      tbdalgorithmId;
+ * tbd      tbddigestSize;
+ * } DEVICEPATHLENGTH;
+ * <p>
+ * define TPM_ALG_SHA1           (TPM_ALG_ID)(0x0004)
+ * define TPM_ALG_SHA256         (TPM_ALG_ID)(0x000B)
+ * define TPM_ALG_SHA384         (TPM_ALG_ID)(0x000C)
+ * define TPM_ALG_SHA512         (TPM_ALG_ID)(0x000D)
+ * <p>
+// * Notes: Parses event data for an EfiSpecID per Table 5 TCG_EfiSpecIdEvent Example.
+// * 1. Should be the first Structure in the log
+// * 2. Has an EventType of EV_NO_ACTION (0x00000003)
+// * 3. Digest of 20 bytes of all 0's
+// * 4. Event content defined as TCG_EfiSpecIDEvent Struct.
+// * 5. First 16 bytes of the structure is an ASCII "Spec ID Event03"
+// * 6. The version of the log is used to determine which format the Log
+// * is to use (sha1 or Crypto Agile)
+ */
+public class DeviceSecurityEventDataHeader {
+//    /**
+//     * Minor Version.
+//     */
+//    @Getter
+//    private String versionMinor = "";
+//    /**
+//     * Major Version.
+//     */
+//    @Getter
+//    private String versionMajor = "";
+//    /**
+//     * Specification errata version.
+//     */
+//    @Getter
+//    private String errata = "";
+//    /**
+//     * Signature (text) data.
+//     */
+//    @Getter
+//    private String signature = "";
+//    /**
+//     * Platform class.
+//     */
+//    @Getter
+//    private String platformClass = "";
+//    /**
+//     * Algorithm count.
+//     */
+//    @Getter
+//    private int numberOfAlg = 0;
+//    /**
+//     * True if event log uses Crypto Agile format.
+//     */
+//    @Getter
+//    private boolean cryptoAgile = false;
+//    /**
+//     * Algorithm list.
+//     */
+//    private List<String> algList;
+//
+//    /**
+//     * EvEfiSpecIdEvent Constructor.
+//     *
+//     * @param efiSpecId byte array holding the spec ID Event.
+//     */
+//    public EvEfiSpecIdEvent(final byte[] efiSpecId) {
+//        algList = new ArrayList<>();
+//        byte[] signatureBytes = new byte[UefiConstants.SIZE_16];
+//        System.arraycopy(efiSpecId, 0, signatureBytes, 0, UefiConstants.SIZE_16);
+//        signature = HexUtils.byteArrayToHexString(signatureBytes);
+//        signature = new String(signatureBytes, StandardCharsets.UTF_8)
+//                .substring(0, UefiConstants.SIZE_15);
+//
+//        byte[] platformClassBytes = new byte[UefiConstants.SIZE_4];
+//        System.arraycopy(efiSpecId, UefiConstants.OFFSET_16, platformClassBytes, 0,
+//                UefiConstants.SIZE_4);
+//        platformClass = HexUtils.byteArrayToHexString(platformClassBytes);
+//
+//        byte[] specVersionMinorBytes = new byte[1];
+//        System.arraycopy(efiSpecId, UefiConstants.OFFSET_20, specVersionMinorBytes, 0, 1);
+//        versionMinor = HexUtils.byteArrayToHexString(specVersionMinorBytes);
+//
+//        byte[] specVersionMajorBytes = new byte[1];
+//        System.arraycopy(efiSpecId, UefiConstants.OFFSET_21, specVersionMajorBytes, 0, 1);
+//        versionMajor = HexUtils.byteArrayToHexString(specVersionMajorBytes);
+//
+//        byte[] specErrataBytes = new byte[1];
+//        System.arraycopy(efiSpecId, UefiConstants.OFFSET_22, specErrataBytes, 0, 1);
+//        errata = HexUtils.byteArrayToHexString(specErrataBytes);
+//
+//        byte[] numberOfAlgBytes = new byte[UefiConstants.SIZE_4];
+//        System.arraycopy(efiSpecId, UefiConstants.OFFSET_24, numberOfAlgBytes, 0,
+//                UefiConstants.SIZE_4);
+//        numberOfAlg = HexUtils.leReverseInt(numberOfAlgBytes);
+//
+//        byte[] algorithmIDBytes = new byte[UefiConstants.SIZE_2];
+//        int algLocation = UefiConstants.SIZE_28;
+//        for (int i = 0; i < numberOfAlg; i++) {
+//            System.arraycopy(efiSpecId, algLocation + UefiConstants.OFFSET_4 * i, algorithmIDBytes,
+//                    0, UefiConstants.SIZE_2);
+//            String alg = TcgTpmtHa.tcgAlgIdToString(HexUtils.leReverseInt(algorithmIDBytes));
+//            algList.add(alg);
+//        }
+//        if ((algList.size() == 1) && (algList.get(0).compareTo("SHA1") == 0)) {
+//            cryptoAgile = false;
+//        } else {
+//            cryptoAgile = true;
+//        }
+//    }
+//
+//    /**
+//     * Returns a human readable description of the data within this event.
+//     *
+//     * @return a description of this event..
+//     */
+//    public String toString() {
+//        String specInfo = "";
+//        if (signature.equals("Spec ID Event#")) {
+//            specInfo += "Platform Profile Specification version = " + versionMajor + "." + versionMinor
+//                    + " using errata version" + errata;
+//        } else {
+//            specInfo = "EV_NO_ACTION event named " + signature
+//                    + " encountered but support for processing it has not been added to this application";
+//        }
+//        return specInfo;
+//    }
+}

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java

@@ -0,0 +1,4 @@
+package hirs.utils.tpm.eventlog.events;
+
+public class DeviceSecurityEventDataPciContext {
+}

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java

@@ -11,18 +11,13 @@ import java.util.ArrayList;
 import java.util.List;
 
 /**
- * Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event using structures:
+ * Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event using structure DEVICE_SECURITY_EVENT_DATA
- *    1) DEVICE_SECURITY_EVENT_DATA_HEADER    [ delete: TCG_EfiSpecIDEvent]
+ * DEVICE_SECURITY_EVENT_DATA has 2 structures:
+ *    1) DEVICE_SECURITY_EVENT_DATA_HEADER
  *    2) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
- * DEVICE_SECURITY_EVENT_DATA_HEADER
+ * The first 16 bytes of the event data header MUST be a String based identifier (Signature),
- *    The first 16 bytes of the event data MUST be a String based identifier (Signature), NUL-terminated.
+ *    NUL-terminated. The only currently defined Signature is "SPDM Device Sec"
- *    The only currently defined Signature is "SPDM Device Sec"
+ *    which implies the event data is a DEVICE_SECURITY_EVENT_DATA.
- *       which implies the data is a DEVICE_SECURITY_EVENT_DATA_HEADER.
- *    DEVICE_SECURITY_EVENT_DATA_HEADER  contains the measurement(s) and hash algorithm
- *       (SpdmHashAlg) identifier returned by the SPDM "GET_MEASUREMENTS" function
- * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
- *    DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT is a common SPDM structure which includes the
- *       identification of the device, device vendor, subsystem, etc for PCI connection devices
  */
 public class EvEfiSpdmFirmwareBlob {
 
@@ -31,14 +26,14 @@ public class EvEfiSpdmFirmwareBlob {
      */
     private String signature = "";
     /**
-     * True if the event is a DEVICE_SECURITY_EVENT_DATA_HEADER.
+     * True if the event is a DEVICE_SECURITY_EVENT_DATA.
      */
     private boolean bDeviceSecurityEventDataHeader = false;
     /**
-     * evDeviceSecurityEventDataHeader Object.
+     * DeviceSecurityEventDataHeader Object.
      */
     @Getter
-    private evDeviceSecurityEventDataHeader deviceSecurityEventDataHeader = null;
+    private DeviceSecurityEventDataHeader deviceSecurityEventDataHeader = null;
 
     /**
      * EvEfiSpdmFirmwareBlob constructor.

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataHeader.java

@@ -1,4 +0,0 @@
-package hirs.utils.tpm.eventlog.events;
-
-public class evDeviceSecurityEventDataHeader {
-}

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataPciContext.java

@@ -1,4 +0,0 @@
-package hirs.utils.tpm.eventlog.events;
-
-public class evDeviceSecurityEventDataPciContext {
-}