ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-29 15:44:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #472 from nsacyber/issue-462

Browse Source 
[#462] Rimtool required field checks and error handling
This commit is contained in:
chubtub 2022-08-26 10:27:44 -04:00 committed by GitHub
commit 42d785f6c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 162 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tools/tcg_rim_tool/build.gradle
View File

@ -9,6 +9,10 @@ dependencies {
testCompile 'org.testng:testng:6.8.8'
}
test {
testLogging.showStandardStreams true
}
jar {
manifest {
attributes("Main-Class": "hirs.swid.Main",

23
tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
View File

@ -65,7 +65,7 @@ public class CredentialParser {
}
public void parsePEMCredentials(String certificateFile, String privateKeyFile)
throws CertificateException, FileNotFoundException {
throws Exception {
certificate = parsePEMCertificates(certificateFile).get(0);
if (certificate.getIssuerX500Principal().equals(certificate.getSubjectX500Principal())) {
throw new CertificateException("Signing certificate cannot be self-signed!");
@ -125,7 +125,8 @@ public class CredentialParser {
CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
while (bis.available() > 0) {
certificates = (List<X509Certificate>) certificateFactory.generateCertificates(bis);
certificates =
(List<X509Certificate>) certificateFactory.generateCertificates(bis);
}
if (certificates.size() < 1) {
@ -160,10 +161,11 @@ public class CredentialParser {
* @param filename
* @return
*/
private PrivateKey parsePEMPrivateKey(String filename, String algorithm) {
private PrivateKey parsePEMPrivateKey(String filename, String algorithm) throws Exception {
PrivateKey privateKey = null;
FileInputStream fis = null;
DataInputStream dis = null;
String errorMessage = "";
try {
File file = new File(filename);
fis = new FileInputStream(file);
@ -186,15 +188,15 @@ public class CredentialParser {
privateKey = keyFactory.generatePrivate(spec);
}
} catch (FileNotFoundException e) {
System.out.println("Unable to locate private key file: " + filename);
errorMessage += "Unable to locate private key file: " + filename;
} catch (DecoderException e) {
System.out.println("Failed to parse uploaded pem file: " + e.getMessage());
errorMessage += "Failed to parse uploaded pem file: " + e.getMessage();
} catch (NoSuchAlgorithmException e) {
System.out.println("Unable to instantiate KeyFactory with algorithm: " + algorithm);
errorMessage += "Unable to instantiate KeyFactory with algorithm: " + algorithm;
} catch (IOException e) {
System.out.println("IOException: " + e.getMessage());
errorMessage += "IOException: " + e.getMessage();
} catch (InvalidKeySpecException e) {
System.out.println("Error instantiating PKCS8EncodedKeySpec object: " + e.getMessage());
errorMessage += "Error instantiating PKCS8EncodedKeySpec object: " + e.getMessage();
} finally {
try {
if (fis != null) {
@ -204,7 +206,10 @@ public class CredentialParser {
dis.close();
}
} catch (IOException e) {
System.out.println("Error closing input stream: " + e.getMessage());
errorMessage += "Error closing input stream: " + e.getMessage();
}
if (!errorMessage.isEmpty()) {
throw new Exception("Error parsing private key: " + errorMessage);
}
}

174
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
View File

@ -11,6 +11,7 @@ import hirs.swid.xjc.SoftwareMeta;
import org.w3c.dom.Document;
import javax.json.Json;
import javax.json.JsonException;
import javax.json.JsonObject;
import javax.json.JsonReader;
import javax.xml.bind.JAXBContext;
@ -79,6 +80,7 @@ public class SwidTagGateway {
private String pemCertificateFile;
private boolean embeddedCert;
private String rimEventLog;
private String errorRequiredFields;
/**
* Default constructor initializes jaxbcontext, marshaller, and unmarshaller
@ -92,6 +94,7 @@ public class SwidTagGateway {
pemCertificateFile = "";
embeddedCert = false;
rimEventLog = "";
errorRequiredFields = "";
} catch (JAXBException e) {
System.out.println("Error initializing jaxbcontext: " + e.getMessage());
}
@ -188,33 +191,44 @@ public class SwidTagGateway {
JAXBElement<SoftwareMeta> meta = objectFactory.createSoftwareIdentityMeta(
createSoftwareMeta(configProperties.getJsonObject(SwidTagConstants.META)));
swidTag.getEntityOrEvidenceOrLink().add(meta);
//Payload
ResourceCollection payload = createPayload(
configProperties.getJsonObject(SwidTagConstants.PAYLOAD));
//Directory
Directory directory = createDirectory(
configProperties.getJsonObject(SwidTagConstants.PAYLOAD)
.getJsonObject(SwidTagConstants.DIRECTORY));
//File
hirs.swid.xjc.File file = createFile(
configProperties.getJsonObject(SwidTagConstants.PAYLOAD)
.getJsonObject(SwidTagConstants.DIRECTORY)
.getJsonObject(SwidTagConstants.FILE));
//Directory
Directory directory = createDirectory(
configProperties.getJsonObject(SwidTagConstants.PAYLOAD)
.getJsonObject(SwidTagConstants.DIRECTORY));
//Nest File in Directory in Payload
directory.getDirectoryOrFile().add(file);
//Payload
ResourceCollection payload = createPayload(
configProperties.getJsonObject(SwidTagConstants.PAYLOAD));
payload.getDirectoryOrFileOrProcess().add(directory);
JAXBElement<ResourceCollection> jaxbPayload =
objectFactory.createSoftwareIdentityPayload(payload);
swidTag.getEntityOrEvidenceOrLink().add(jaxbPayload);
//Signature
if (errorRequiredFields.isEmpty()) {
Document signedSoftwareIdentity = signXMLDocument(
objectFactory.createSoftwareIdentity(swidTag));
writeSwidTagFile(signedSoftwareIdentity, filename);
} else {
System.out.println("The following fields cannot be empty or null: "
+ errorRequiredFields.substring(0, errorRequiredFields.length()-2));
System.exit(1);
}
} catch (JsonException e) {
System.out.println("Error reading JSON attributes: " + e.getMessage());
System.exit(1);
} catch (FileNotFoundException e) {
System.out.println("File does not exist or cannot be read: " + e.getMessage());
System.exit(1);
} catch (Exception e) {
System.out.println(e.getMessage());
System.exit(1);
}
Document signedSoftwareIdentity = signXMLDocument(
objectFactory.createSoftwareIdentity(swidTag));
writeSwidTagFile(signedSoftwareIdentity, filename);
}
/**
@ -252,25 +266,29 @@ public class SwidTagGateway {
*/
private SoftwareIdentity createSwidTag(final JsonObject jsonObject) {
SoftwareIdentity swidTag = objectFactory.createSoftwareIdentity();
swidTag.setLang(SwidTagConstants.DEFAULT_ENGLISH);
String name = jsonObject.getString(SwidTagConstants.NAME, "");
if (!name.isEmpty()) {
swidTag.setName(name);
}
String tagId = jsonObject.getString(SwidTagConstants.TAGID, "");
if (!tagId.isEmpty()) {
swidTag.setTagId(tagId);
}
swidTag.setTagVersion(new BigInteger(
jsonObject.getString(SwidTagConstants.TAGVERSION, "0")));
swidTag.setVersion(jsonObject.getString(SwidTagConstants.VERSION, "0.0"));
swidTag.setCorpus(jsonObject.getBoolean(SwidTagConstants.CORPUS, false));
swidTag.setPatch(jsonObject.getBoolean(SwidTagConstants.PATCH, false));
swidTag.setSupplemental(jsonObject.getBoolean(SwidTagConstants.SUPPLEMENTAL, false));
if (!swidTag.isCorpus() && !swidTag.isPatch()
&& !swidTag.isSupplemental() && swidTag.getVersion() != "0.0") {
swidTag.setVersionScheme(
jsonObject.getString(SwidTagConstants.VERSION_SCHEME, "multipartnumeric"));
if (jsonObject == null) {
errorRequiredFields += SwidTagConstants.SOFTWARE_IDENTITY + ", ";
} else {
swidTag.setLang(SwidTagConstants.DEFAULT_ENGLISH);
String name = jsonObject.getString(SwidTagConstants.NAME, "");
if (!name.isEmpty()) {
swidTag.setName(name);
}
String tagId = jsonObject.getString(SwidTagConstants.TAGID, "");
if (!tagId.isEmpty()) {
swidTag.setTagId(tagId);
}
swidTag.setTagVersion(new BigInteger(
jsonObject.getString(SwidTagConstants.TAGVERSION, "0")));
swidTag.setVersion(jsonObject.getString(SwidTagConstants.VERSION, "0.0"));
swidTag.setCorpus(jsonObject.getBoolean(SwidTagConstants.CORPUS, false));
swidTag.setPatch(jsonObject.getBoolean(SwidTagConstants.PATCH, false));
swidTag.setSupplemental(jsonObject.getBoolean(SwidTagConstants.SUPPLEMENTAL, false));
if (!swidTag.isCorpus() && !swidTag.isPatch()
&& !swidTag.isSupplemental() && swidTag.getVersion() != "0.0") {
swidTag.setVersionScheme(
jsonObject.getString(SwidTagConstants.VERSION_SCHEME, "multipartnumeric"));
}
}
return swidTag;
@ -286,30 +304,35 @@ public class SwidTagGateway {
private Entity createEntity(final JsonObject jsonObject) {
boolean isTagCreator = false;
Entity entity = objectFactory.createEntity();
String name = jsonObject.getString(SwidTagConstants.NAME, "");
if (!name.isEmpty()) {
entity.setName(name);
}
String[] roles = jsonObject.getString(SwidTagConstants.ROLE, "").split(",");
for (int i = 0; i < roles.length; i++) {
entity.getRole().add(roles[i]);
if (roles[i].equals("tagCreator")) {
isTagCreator = true;
}
}
if (isTagCreator) {
String regid = jsonObject.getString(SwidTagConstants.REGID, "");
if (regid.isEmpty()) {
//throw exception that regid is required
} else {
entity.setRegid(regid);
}
if (jsonObject == null) {
errorRequiredFields += SwidTagConstants.ENTITY + ", ";
} else {
entity.setRegid(jsonObject.getString(SwidTagConstants.REGID, "invalid.unavailable"));
}
String thumbprint = jsonObject.getString(SwidTagConstants.THUMBPRINT, "");
if (!thumbprint.isEmpty()) {
entity.setThumbprint(thumbprint);
String name = jsonObject.getString(SwidTagConstants.NAME, "");
if (!name.isEmpty()) {
entity.setName(name);
}
String[] roles = jsonObject.getString(SwidTagConstants.ROLE, "").split(",");
for (int i = 0; i < roles.length; i++) {
entity.getRole().add(roles[i]);
if (roles[i].equals("tagCreator")) {
isTagCreator = true;
}
}
if (isTagCreator) {
String regid = jsonObject.getString(SwidTagConstants.REGID, "");
if (regid.isEmpty()) {
//throw exception that regid is required
} else {
entity.setRegid(regid);
}
} else {
entity.setRegid(jsonObject.getString(SwidTagConstants.REGID,
"invalid.unavailable"));
}
String thumbprint = jsonObject.getString(SwidTagConstants.THUMBPRINT, "");
if (!thumbprint.isEmpty()) {
entity.setThumbprint(thumbprint);
}
}
return entity;
}
@ -356,11 +379,11 @@ public class SwidTagGateway {
addNonNullAttribute(attributes, SwidTagConstants._PAYLOAD_TYPE,
jsonObject.getString(SwidTagConstants.PAYLOAD_TYPE, ""));
addNonNullAttribute(attributes, SwidTagConstants._PLATFORM_MANUFACTURER_STR,
jsonObject.getString(SwidTagConstants.PLATFORM_MANUFACTURER_STR, ""));
jsonObject.getString(SwidTagConstants.PLATFORM_MANUFACTURER_STR, ""), true);
addNonNullAttribute(attributes, SwidTagConstants._PLATFORM_MANUFACTURER_ID,
jsonObject.getString(SwidTagConstants.PLATFORM_MANUFACTURER_ID, ""));
jsonObject.getString(SwidTagConstants.PLATFORM_MANUFACTURER_ID, ""), true);
addNonNullAttribute(attributes, SwidTagConstants._PLATFORM_MODEL,
jsonObject.getString(SwidTagConstants.PLATFORM_MODEL, ""));
jsonObject.getString(SwidTagConstants.PLATFORM_MODEL, ""), true);
addNonNullAttribute(attributes, SwidTagConstants._PLATFORM_VERSION,
jsonObject.getString(SwidTagConstants.PLATFORM_VERSION, ""));
addNonNullAttribute(attributes, SwidTagConstants._FIRMWARE_MANUFACTURER_STR,
@ -394,18 +417,16 @@ public class SwidTagGateway {
private ResourceCollection createPayload(final JsonObject jsonObject) {
ResourceCollection payload = objectFactory.createResourceCollection();
Map<QName, String> attributes = payload.getOtherAttributes();
addNonNullAttribute(attributes, SwidTagConstants._N8060_ENVVARPREFIX,
jsonObject.getString(SwidTagConstants._N8060_ENVVARPREFIX.getLocalPart(), ""));
addNonNullAttribute(attributes, SwidTagConstants._N8060_ENVVARSUFFIX,
jsonObject.getString(SwidTagConstants._N8060_ENVVARSUFFIX.getLocalPart(), ""));
addNonNullAttribute(attributes, SwidTagConstants._N8060_PATHSEPARATOR,
jsonObject.getString(SwidTagConstants._N8060_PATHSEPARATOR.getLocalPart(), ""));
addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_FORMAT,
jsonObject.getString(SwidTagConstants.SUPPORT_RIM_FORMAT, ""));
addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_TYPE,
jsonObject.getString(SwidTagConstants.SUPPORT_RIM_TYPE, ""));
addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_URI_GLOBAL,
jsonObject.getString(SwidTagConstants.SUPPORT_RIM_URI_GLOBAL, ""));
if (jsonObject == null) {
errorRequiredFields += SwidTagConstants.PAYLOAD + ", ";
} else {
addNonNullAttribute(attributes, SwidTagConstants._N8060_ENVVARPREFIX,
jsonObject.getString(SwidTagConstants._N8060_ENVVARPREFIX.getLocalPart(), ""));
addNonNullAttribute(attributes, SwidTagConstants._N8060_ENVVARSUFFIX,
jsonObject.getString(SwidTagConstants._N8060_ENVVARSUFFIX.getLocalPart(), ""));
addNonNullAttribute(attributes, SwidTagConstants._N8060_PATHSEPARATOR,
jsonObject.getString(SwidTagConstants._N8060_PATHSEPARATOR.getLocalPart(), ""));
}
return payload;
}
@ -446,7 +467,7 @@ public class SwidTagGateway {
* @param jsonObject the Properties object containing parameters from file
* @return File object created from the properties
*/
private hirs.swid.xjc.File createFile(final JsonObject jsonObject) {
private hirs.swid.xjc.File createFile(JsonObject jsonObject) throws Exception {
hirs.swid.xjc.File file = objectFactory.createFile();
file.setName(jsonObject.getString(SwidTagConstants.NAME, ""));
Map<QName, String> attributes = file.getOtherAttributes();
@ -467,11 +488,20 @@ public class SwidTagGateway {
File rimEventLogFile = new File(rimEventLog);
file.setSize(new BigInteger(Long.toString(rimEventLogFile.length())));
addNonNullAttribute(attributes, SwidTagConstants._SHA256_HASH,
HashSwid.get256Hash(rimEventLog));
jsonObject.getString(SwidTagConstants.HASH,
HashSwid.get256Hash(rimEventLog)), true);
return file;
}
private void addNonNullAttribute(Map<QName, String> attributes, QName key, String value,
boolean required) {
if (required && value.isEmpty()) {
errorRequiredFields += key.getLocalPart() + ", ";
} else {
addNonNullAttribute(attributes, key, value);
}
}
/**
* This utility method checks if an attribute value is empty before adding it to the map.
*
@ -490,7 +520,7 @@ public class SwidTagGateway {
* This method signs a SoftwareIdentity with an xmldsig in compatibility mode.
* Current assumptions: digest method SHA256, signature method SHA256, enveloped signature
*/
private Document signXMLDocument(final JAXBElement<SoftwareIdentity> swidTag) {
private Document signXMLDocument(JAXBElement<SoftwareIdentity> swidTag) throws Exception {
Document doc = null;
try {
XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");

11
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java
View File

@ -114,15 +114,20 @@ public class SwidTagValidator {
si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n");
System.out.println(si.toString());
Element file = (Element) document.getElementsByTagName("File").item(0);
validateFile(file);
validateSignedXMLDocument(document);
try {
validateFile(file);
} catch (Exception e) {
System.out.println(e.getMessage());
return false;
}
System.out.println("Signature core validity: " + validateSignedXMLDocument(document));
return true;
}
/**
* This method validates a hirs.swid.xjc.File from an indirect payload
*/
private boolean validateFile(Element file) {
private boolean validateFile(Element file) throws Exception {
String filepath;
if (!rimEventLog.isEmpty()) {
filepath = rimEventLog;

21
tools/tcg_rim_tool/src/main/java/hirs/swid/utils/HashSwid.java
View File

@ -26,7 +26,7 @@ public class HashSwid {
* @param filepath the file to hash.
* @return
*/
public static String get256Hash(String filepath) {
public static String get256Hash(String filepath) throws Exception {
return getHashValue(filepath, SHA256);
}
@ -35,7 +35,7 @@ public class HashSwid {
* @param filepath the file to hash.
* @return
*/
public String get384Hash(String filepath) {
public String get384Hash(String filepath) throws Exception {
return getHashValue(filepath, SHA384);
}
@ -44,7 +44,7 @@ public class HashSwid {
* @param filepath the file to hash.
* @return
*/
public String get512Hash(String filepath) {
public String get512Hash(String filepath) throws Exception {
return getHashValue(filepath, SHA512);
}
@ -60,7 +60,7 @@ public class HashSwid {
* @param sha the algorithm to use for the hash
* @return
*/
private static String getHashValue(String filepath, String sha) {
private static String getHashValue(String filepath, String sha) throws Exception {
String resultString = null;
try {
MessageDigest md = MessageDigest.getInstance(sha);
@ -71,10 +71,15 @@ public class HashSwid {
sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
}
resultString = sb.toString();
} catch (UnsupportedEncodingException | NoSuchAlgorithmException grex) {
System.out.println(grex.getMessage());
} catch (IOException e) {
System.out.println("Error reading in file to hash: " + e.getMessage());
} catch (NoSuchAlgorithmException | IOException e) {
String errorMessage = "Error hashing file " + filepath + ": ";
if (e instanceof UnsupportedEncodingException ||
e instanceof NoSuchAlgorithmException) {
errorMessage += ((Exception) e).getMessage();
} else if (e instanceof IOException) {
errorMessage += "error reading file.";
}
throw new Exception(errorMessage);
}
return resultString;

14
tools/tcg_rim_tool/src/test/resources/generated_default_cert.swidtag
View File

@ -3,7 +3,7 @@
<Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:BindingSpec="PC Client RIM" rim:BindingSpecVersion="1.2" rim:PayloadType="direct" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURILocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/>
<Payload xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:supportRIMFormat="TCG_EventLog_Assertion" rim:supportRIMURIGlobal="https://Example.com/support/ProductA/firmware/rims/">
<Payload>
<Directory name="rim">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848" name="Example.com.BIOS.01.rimel" size="7549"/>
</Directory>
@ -17,14 +17,14 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>97uWB7zSsO5WaGbrcQrlKd1Bju0aDTjK1/ktUYBje8A=</DigestValue>
<DigestValue>K3XoBeYvgJBAKl8z273sL7z38qLLVBKLfUPt/gPUzBI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>N1YtTeo2Ryuj+CtlXIpICEay+ni7vt8+4J7tAsYpa3efnLwtea69PIqEylPWm9LdA8Eo8XDdpgxV&#13;
7h3hi2LTOU+Wxq3bLiLamo99T1EtIwl+ZPcOv8bsfEkmShHdMC0dlfcj6r7x4tc0XkNAhhJgfRNz&#13;
FsmPWKJb6FYcsHFbHO/Uw1hSokbAGcWWTshEOqvKHMa8UVkrFMUPnrnMtdyJqZlhDBrZHNi4rWth&#13;
8TjlUnQVSCF9s9I04FxJ1cUAdeVMHtXKM8Pvjv68PaJMJK73dW5Yd3SbcgoKLesf/HPWeeZL0rr4&#13;
TNjlqJ/wq61Ons45MFG9bIscVbnd+XxFHx8Skw==</SignatureValue>
<SignatureValue>cIl1gPsUyEj2gDv3HTWNFDVxtcBjz4Revxxf2LJejtOXQW8mGepZH8CnvgO7zCAbZYlYUZXjYZ9M&#13;
jONVv8dcsAjVHRnP6YHywFfmSm8LUCwxsfuZQqn5jClqzu5VaqLzBhuJYvCpiEdIDJwDINQuORUB&#13;
nzul1CWc3Sm1Ms2wjlIq5ctWWJcddhdyIOjl8/oD4EC5E2rOSfNcRMZxldXtie9iinFGVbr0YNE+&#13;
+lQ7hAU+SyV8RMx9tGnnsO8otwV4ddF+OfemcbzWGYBenLs3A8ZqWZyTvWphCgGqDUbOLssYciCC&#13;
mnYm5QOeh4QcE9H2kqTgZvcyCgPL/hDC7xhyjQ==</SignatureValue>
<KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
</KeyInfo>

14
tools/tcg_rim_tool/src/test/resources/generated_user_cert.swidtag
View File

@ -3,7 +3,7 @@
<Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:BindingSpec="PC Client RIM" rim:BindingSpecVersion="1.2" rim:PayloadType="direct" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURILocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/>
<Payload xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:supportRIMFormat="TCG_EventLog_Assertion" rim:supportRIMURIGlobal="https://Example.com/support/ProductA/firmware/rims/">
<Payload>
<Directory name="rim">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848" name="Example.com.BIOS.01.rimel" size="7549"/>
</Directory>
@ -17,14 +17,14 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>97uWB7zSsO5WaGbrcQrlKd1Bju0aDTjK1/ktUYBje8A=</DigestValue>
<DigestValue>K3XoBeYvgJBAKl8z273sL7z38qLLVBKLfUPt/gPUzBI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>N1YtTeo2Ryuj+CtlXIpICEay+ni7vt8+4J7tAsYpa3efnLwtea69PIqEylPWm9LdA8Eo8XDdpgxV&#13;
7h3hi2LTOU+Wxq3bLiLamo99T1EtIwl+ZPcOv8bsfEkmShHdMC0dlfcj6r7x4tc0XkNAhhJgfRNz&#13;
FsmPWKJb6FYcsHFbHO/Uw1hSokbAGcWWTshEOqvKHMa8UVkrFMUPnrnMtdyJqZlhDBrZHNi4rWth&#13;
8TjlUnQVSCF9s9I04FxJ1cUAdeVMHtXKM8Pvjv68PaJMJK73dW5Yd3SbcgoKLesf/HPWeeZL0rr4&#13;
TNjlqJ/wq61Ons45MFG9bIscVbnd+XxFHx8Skw==</SignatureValue>
<SignatureValue>cIl1gPsUyEj2gDv3HTWNFDVxtcBjz4Revxxf2LJejtOXQW8mGepZH8CnvgO7zCAbZYlYUZXjYZ9M&#13;
jONVv8dcsAjVHRnP6YHywFfmSm8LUCwxsfuZQqn5jClqzu5VaqLzBhuJYvCpiEdIDJwDINQuORUB&#13;
nzul1CWc3Sm1Ms2wjlIq5ctWWJcddhdyIOjl8/oD4EC5E2rOSfNcRMZxldXtie9iinFGVbr0YNE+&#13;
+lQ7hAU+SyV8RMx9tGnnsO8otwV4ddF+OfemcbzWGYBenLs3A8ZqWZyTvWphCgGqDUbOLssYciCC&#13;
mnYm5QOeh4QcE9H2kqTgZvcyCgPL/hDC7xhyjQ==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>

14
tools/tcg_rim_tool/src/test/resources/generated_user_cert_embed.swidtag
View File

@ -3,7 +3,7 @@
<Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:BindingSpec="PC Client RIM" rim:BindingSpecVersion="1.2" rim:PayloadType="direct" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURILocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/>
<Payload xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:supportRIMFormat="TCG_EventLog_Assertion" rim:supportRIMURIGlobal="https://Example.com/support/ProductA/firmware/rims/">
<Payload>
<Directory name="rim">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848" name="Example.com.BIOS.01.rimel" size="7549"/>
</Directory>
@ -17,14 +17,14 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>97uWB7zSsO5WaGbrcQrlKd1Bju0aDTjK1/ktUYBje8A=</DigestValue>
<DigestValue>K3XoBeYvgJBAKl8z273sL7z38qLLVBKLfUPt/gPUzBI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>N1YtTeo2Ryuj+CtlXIpICEay+ni7vt8+4J7tAsYpa3efnLwtea69PIqEylPWm9LdA8Eo8XDdpgxV&#13;
7h3hi2LTOU+Wxq3bLiLamo99T1EtIwl+ZPcOv8bsfEkmShHdMC0dlfcj6r7x4tc0XkNAhhJgfRNz&#13;
FsmPWKJb6FYcsHFbHO/Uw1hSokbAGcWWTshEOqvKHMa8UVkrFMUPnrnMtdyJqZlhDBrZHNi4rWth&#13;
8TjlUnQVSCF9s9I04FxJ1cUAdeVMHtXKM8Pvjv68PaJMJK73dW5Yd3SbcgoKLesf/HPWeeZL0rr4&#13;
TNjlqJ/wq61Ons45MFG9bIscVbnd+XxFHx8Skw==</SignatureValue>
<SignatureValue>cIl1gPsUyEj2gDv3HTWNFDVxtcBjz4Revxxf2LJejtOXQW8mGepZH8CnvgO7zCAbZYlYUZXjYZ9M&#13;
jONVv8dcsAjVHRnP6YHywFfmSm8LUCwxsfuZQqn5jClqzu5VaqLzBhuJYvCpiEdIDJwDINQuORUB&#13;
nzul1CWc3Sm1Ms2wjlIq5ctWWJcddhdyIOjl8/oD4EC5E2rOSfNcRMZxldXtie9iinFGVbr0YNE+&#13;
+lQ7hAU+SyV8RMx9tGnnsO8otwV4ddF+OfemcbzWGYBenLs3A8ZqWZyTvWphCgGqDUbOLssYciCC&#13;
mnYm5QOeh4QcE9H2kqTgZvcyCgPL/hDC7xhyjQ==</SignatureValue>
<KeyInfo>
<X509Data>
<X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName>