From 47bb53f1ff2cd0618acdb8e3b8a13754eb90fccd Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Fri, 19 Apr 2024 18:07:00 -0400 Subject: [PATCH] spdm processing --- .../events/DeviceSecurityEventData.java | 9 +- .../events/DeviceSecurityEventData2.java | 21 ++++ .../events/DeviceSecurityEventDataBase.java | 71 +++++++------- .../events/DeviceSecurityEventDataHeader.java | 85 ++++++++++++++++ .../DeviceSecurityEventDataHeaderBase.java | 98 +++---------------- 5 files changed, 161 insertions(+), 123 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java index 570d0eb7..9e3098ab 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java @@ -17,7 +17,14 @@ public class DeviceSecurityEventData extends DeviceSecurityEventDataBase { * @param dSEDbytes byte array holding the DeviceSecurityEventData. */ public DeviceSecurityEventData(final byte[] dSEDbytes) { - + super(dSEDbytes); dsedHeader = new DeviceSecurityEventDataHeader(dSEDbytes); } + + public String toString() { + String dsedInfo = ""; + dsedInfo += dsedHeader.toString(); +// dsedInfo += dsedDeviceContext.toString(); + return dsedInfo; + } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java index 61370781..89154120 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java @@ -1,7 +1,20 @@ package hirs.utils.tpm.eventlog.events; +import lombok.Getter; + public class DeviceSecurityEventData2 extends DeviceSecurityEventDataBase { + /** + * DeviceSecurityEventDataHeader2 Object. + */ + @Getter + private DeviceSecurityEventDataHeader2 dsedHeader2 = null; +// /** +// * DeviceSecurityEventDataSubHeader Object. +// */ +// @Getter +// private DeviceSecurityEventDataSubHeader dsedSubHeader = null; + /** * DeviceSecurityEventData2 Constructor. * @@ -10,4 +23,12 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEventDataBase { public DeviceSecurityEventData2(final byte[] dSEDbytes) { } + + public String toString() { + String dsedInfo = ""; +// dsedInfo += dsedHeader2.toString(); +// dsedInfo += dsedSubHeader.toString(); +// dsedInfo += dsedDeviceContext.toString(); + return dsedInfo; + } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataBase.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataBase.java index ad66297e..3e7b8a1f 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataBase.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataBase.java @@ -47,16 +47,16 @@ import java.nio.charset.StandardCharsets; */ public abstract class DeviceSecurityEventDataBase { - /** - * Signature (text) data. - */ - @Getter - private String signature = ""; - /** - * Version determines data structure used (..DATA or ..DATA2). - */ - @Getter - private String version = ""; +// /** +// * Signature (text) data. +// */ +// @Getter +// private String signature = ""; +// /** +// * Version determines data structure used (..DATA or ..DATA2). +// */ +// @Getter +// private String version = ""; // /** // * Contains the human-readable info inside the Device Security Event. // */ @@ -67,11 +67,6 @@ public abstract class DeviceSecurityEventDataBase { // */ // @Getter // private DeviceSecurityEventDataHeader dsedHeader = null; - /** - * DeviceSecurityEventDataSubHeader Object. - */ -// @Getter -// private DeviceSecurityEventDataSubHeader dsedSubHeader = null; /** * DeviceSecurityEventDataDeviceContext Object. */ @@ -89,16 +84,16 @@ public abstract class DeviceSecurityEventDataBase { */ public DeviceSecurityEventDataBase(final byte[] dSEDbytes) { - byte[] signatureBytes = new byte[UefiConstants.SIZE_16]; - System.arraycopy(dSEDbytes, 0, signatureBytes, 0, UefiConstants.SIZE_16); - //signature = HexUtils.byteArrayToHexString(signatureBytes); - signature = new String(signatureBytes, StandardCharsets.UTF_8) - .substring(0, UefiConstants.SIZE_15); // size 15 bc last letter is a 00 (null) - - byte[] versionBytes = new byte[UefiConstants.SIZE_2]; - System.arraycopy(dSEDbytes, UefiConstants.OFFSET_16, versionBytes, 0, - UefiConstants.SIZE_2); - version = HexUtils.byteArrayToHexString(versionBytes); +// byte[] signatureBytes = new byte[UefiConstants.SIZE_16]; +// System.arraycopy(dSEDbytes, 0, signatureBytes, 0, UefiConstants.SIZE_16); +// //signature = HexUtils.byteArrayToHexString(signatureBytes); +// signature = new String(signatureBytes, StandardCharsets.UTF_8) +// .substring(0, UefiConstants.SIZE_15); // size 15 bc last letter is a 00 (null) +// +// byte[] versionBytes = new byte[UefiConstants.SIZE_2]; +// System.arraycopy(dSEDbytes, UefiConstants.OFFSET_16, versionBytes, 0, +// UefiConstants.SIZE_2); +// version = HexUtils.byteArrayToHexString(versionBytes); // int byteOffset = 0; // byteOffset = dsedHeader.getDsedHeaderByteSize(); @@ -134,24 +129,24 @@ public abstract class DeviceSecurityEventDataBase { // dSEDinfo =+ // dsedDeviceContext.getDSEDdeviceContextInfo(); // } - } +// } } public String toString() { String dsedInfo = ""; - switch (version) { - case "0100": - dsedInfo += dsedHeader.toString(); -// dsedInfo += dsedDeviceContext.toString(); - break; - case "0200": +// switch (version) { +// case "0100": // dsedInfo += dsedHeader.toString(); -// dsedInfo += dsedSubHeader.toString(); -// dsedInfo += dsedDeviceContext.toString(); - break; - default: - dsedInfo += " Unknown SPDM Device Security Event Data version " + version + " found" + "\n"; - } +//// dsedInfo += dsedDeviceContext.toString(); +// break; +// case "0200": +//// dsedInfo += dsedHeader.toString(); +//// dsedInfo += dsedSubHeader.toString(); +//// dsedInfo += dsedDeviceContext.toString(); +// break; +// default: +// dsedInfo += " Unknown SPDM Device Security Event Data version " + version + " found" + "\n"; +// } return dsedInfo; } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java index 1cbaf229..f655a807 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java @@ -1,9 +1,94 @@ package hirs.utils.tpm.eventlog.events; +import hirs.utils.HexUtils; +import hirs.utils.tpm.eventlog.spdm.SpdmHa; +import hirs.utils.tpm.eventlog.spdm.SpdmMeasurementBlock; +import hirs.utils.tpm.eventlog.uefi.UefiConstants; +import lombok.Getter; + public class DeviceSecurityEventDataHeader extends DeviceSecurityEventDataHeaderBase { + /** ----------- Variables specific to Header Type 1 ----------- + // /** + // * Type Header 1 event data length. + // */ +// @Getter +// private String h1Length = ""; + /** + * Type Header 1 SPDM hash algorithm. + */ + @Getter + private String h1SpdmHashAlgo = ""; +// /** +// * Type Header 1 SPDM Measurement Block list. +// */ +// private List h1SpdmMeasurementBlockList; + /** + * Type Header 1 SPDM Measurement Block. + */ + private SpdmMeasurementBlock h1SpdmMeasurementBlock; public DeviceSecurityEventDataHeader(final byte[] dSEDbytes) { + byte[] lengthBytes = new byte[UefiConstants.SIZE_2]; + System.arraycopy(dSEDbytes, 18, lengthBytes, 0, + UefiConstants.SIZE_2); + int h1Length = HexUtils.leReverseInt(lengthBytes); + + byte[] spdmHashAlgoBytes = new byte[UefiConstants.SIZE_4]; + System.arraycopy(dSEDbytes, UefiConstants.OFFSET_20, spdmHashAlgoBytes, 0, + UefiConstants.SIZE_4); + int h1SpdmHashAlgoInt = HexUtils.leReverseInt(spdmHashAlgoBytes); + h1SpdmHashAlgo = SpdmHa.tcgAlgIdToString(h1SpdmHashAlgoInt); + + byte[] deviceTypeBytes = new byte[UefiConstants.SIZE_4]; + System.arraycopy(dSEDbytes, UefiConstants.OFFSET_24, deviceTypeBytes, 0, + UefiConstants.SIZE_4); + int deviceTypeInt = HexUtils.leReverseInt(deviceTypeBytes); + deviceType = deviceTypeToString(deviceTypeInt); + + // For each measurement block, create a SpdmMeasurementBlock object (can there be many blocks ?) + + // get the size of the SPDM Measurement Block + byte[] sizeOfSpdmMeasBlockBytes = new byte[UefiConstants.SIZE_2]; + System.arraycopy(dSEDbytes, 30, sizeOfSpdmMeasBlockBytes, 0, + UefiConstants.SIZE_2); + int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes); + int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + 4; + + // extract the bytes from the SPDM Measurement Block + byte[] spdmMeasBlockBytes = new byte[sizeOfSpdmMeasBlock]; + System.arraycopy(dSEDbytes, 28, spdmMeasBlockBytes, 0, + sizeOfSpdmMeasBlock); + h1SpdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasBlockBytes); + +// byte[] algorithmIDBytes = new byte[UefiConstants.SIZE_2]; +// int algLocation = UefiConstants.SIZE_28; +// for (int i = 0; i < numberOfAlg; i++) { +// System.arraycopy(efiSpecId, algLocation + UefiConstants.OFFSET_4 * i, algorithmIDBytes, +// 0, UefiConstants.SIZE_2); +// String alg = TcgTpmtHa.tcgAlgIdToString(HexUtils.leReverseInt(algorithmIDBytes)); +// algList.add(alg); +// } +// if ((algList.size() == 1) && (algList.get(0).compareTo("SHA1") == 0)) { +// cryptoAgile = false; +// } else { +// cryptoAgile = true; +// } + + } + + + /** + * Returns a human readable description of the data within this event. + * + * @return a description of this event.. + */ + public String toString() { + String dsedHeaderInfo = ""; + dsedHeaderInfo += "\n SPDM hash algorithm = " + h1SpdmHashAlgo; + dsedHeaderInfo += "\n SPDM Measurement Block " + h1SpdmMeasurementBlock.toString(); + + return dsedHeaderInfo; } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeaderBase.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeaderBase.java index 4eed7d27..0782a308 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeaderBase.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeaderBase.java @@ -78,8 +78,6 @@ public abstract class DeviceSecurityEventDataHeaderBase { // @Getter // private String dSEDheaderInfo = ""; - /** ----------- Variables common to all Header Types ----------- - */ /** * Contains the size (in bytes) of the Header. */ @@ -125,29 +123,6 @@ public abstract class DeviceSecurityEventDataHeaderBase { */ public static final int DEVICE_TYPE_USB = 2; - /** ----------- Variables specific to Header Type 1 ----------- -// /** -// * Type Header 1 event data length. -// */ -// @Getter -// private String h1Length = ""; - /** - * Type Header 1 SPDM hash algorithm. - */ - @Getter - private String h1SpdmHashAlgo = ""; -// /** -// * Type Header 1 SPDM Measurement Block list. -// */ -// private List h1SpdmMeasurementBlockList; - /** - * Type Header 1 SPDM Measurement Block. - */ - private SpdmMeasurementBlock h1SpdmMeasurementBlock; - - /** ----------- Variables specific to Header Type 2 ----------- - */ - // TBD public DeviceSecurityEventDataHeaderBase() { @@ -173,56 +148,6 @@ public abstract class DeviceSecurityEventDataHeaderBase { UefiConstants.SIZE_2); version = HexUtils.byteArrayToHexString(versionBytes); -// if(version == "0100") { - if (version.equals("0100")) { - - byte[] lengthBytes = new byte[UefiConstants.SIZE_2]; - System.arraycopy(dSEDbytes, 18, lengthBytes, 0, - UefiConstants.SIZE_2); - int h1Length = HexUtils.leReverseInt(lengthBytes); - - byte[] spdmHashAlgoBytes = new byte[UefiConstants.SIZE_4]; - System.arraycopy(dSEDbytes, UefiConstants.OFFSET_20, spdmHashAlgoBytes, 0, - UefiConstants.SIZE_4); - int h1SpdmHashAlgoInt = HexUtils.leReverseInt(spdmHashAlgoBytes); - h1SpdmHashAlgo = SpdmHa.tcgAlgIdToString(h1SpdmHashAlgoInt); - - byte[] deviceTypeBytes = new byte[UefiConstants.SIZE_4]; - System.arraycopy(dSEDbytes, UefiConstants.OFFSET_24, deviceTypeBytes, 0, - UefiConstants.SIZE_4); - int deviceTypeInt = HexUtils.leReverseInt(deviceTypeBytes); - deviceType = deviceTypeToString(deviceTypeInt); - - // For each measurement block, create a SpdmMeasurementBlock object (can there be many blocks ?) - - // get the size of the SPDM Measurement Block - byte[] sizeOfSpdmMeasBlockBytes = new byte[UefiConstants.SIZE_2]; - System.arraycopy(dSEDbytes, 30, sizeOfSpdmMeasBlockBytes, 0, - UefiConstants.SIZE_2); - int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes); - int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + 4; - - // extract the bytes from the SPDM Measurement Block - byte[] spdmMeasBlockBytes = new byte[sizeOfSpdmMeasBlock]; - System.arraycopy(dSEDbytes, 28, spdmMeasBlockBytes, 0, - sizeOfSpdmMeasBlock); - h1SpdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasBlockBytes); - -// byte[] algorithmIDBytes = new byte[UefiConstants.SIZE_2]; -// int algLocation = UefiConstants.SIZE_28; -// for (int i = 0; i < numberOfAlg; i++) { -// System.arraycopy(efiSpecId, algLocation + UefiConstants.OFFSET_4 * i, algorithmIDBytes, -// 0, UefiConstants.SIZE_2); -// String alg = TcgTpmtHa.tcgAlgIdToString(HexUtils.leReverseInt(algorithmIDBytes)); -// algList.add(alg); -// } -// if ((algList.size() == 1) && (algList.get(0).compareTo("SHA1") == 0)) { -// cryptoAgile = false; -// } else { -// cryptoAgile = true; -// } - - } } /** @@ -257,15 +182,20 @@ public abstract class DeviceSecurityEventDataHeaderBase { */ public String toString() { String dsedHeaderInfo = ""; - if (version.equals("0100")) { - dsedHeaderInfo += "\n SPDM hash algorithm = " + h1SpdmHashAlgo; - dsedHeaderInfo += "\n SPDM Device"; - dsedHeaderInfo += "\n Device Type: " + deviceType; - dsedHeaderInfo += "\n Device Path: " + devicePath; - dsedHeaderInfo += "\n SPDM Measurement Block " + h1SpdmMeasurementBlock.toString(); - } else if(version.equals("0200")) { - dsedHeaderInfo = "tbd"; - } + + dsedHeaderInfo += "\n SPDM Device"; + dsedHeaderInfo += "\n Device Type: " + deviceType; + dsedHeaderInfo += "\n Device Path: " + devicePath; + +// if (version.equals("0100")) { +// dsedHeaderInfo += "\n SPDM hash algorithm = " + h1SpdmHashAlgo; +// dsedHeaderInfo += "\n SPDM Device"; +// dsedHeaderInfo += "\n Device Type: " + deviceType; +// dsedHeaderInfo += "\n Device Path: " + devicePath; +// dsedHeaderInfo += "\n SPDM Measurement Block " + h1SpdmMeasurementBlock.toString(); +// } else if(version.equals("0200")) { +// dsedHeaderInfo = "tbd"; +// } return dsedHeaderInfo; }