spdm processing

This commit is contained in:
iadgovuser58 2024-04-19 18:07:00 -04:00 committed by chubtub
parent 6f28b1a42f
commit 47bb53f1ff
5 changed files with 161 additions and 123 deletions

View File

@ -17,7 +17,14 @@ public class DeviceSecurityEventData extends DeviceSecurityEventDataBase {
* @param dSEDbytes byte array holding the DeviceSecurityEventData. * @param dSEDbytes byte array holding the DeviceSecurityEventData.
*/ */
public DeviceSecurityEventData(final byte[] dSEDbytes) { public DeviceSecurityEventData(final byte[] dSEDbytes) {
super(dSEDbytes);
dsedHeader = new DeviceSecurityEventDataHeader(dSEDbytes); dsedHeader = new DeviceSecurityEventDataHeader(dSEDbytes);
} }
public String toString() {
String dsedInfo = "";
dsedInfo += dsedHeader.toString();
// dsedInfo += dsedDeviceContext.toString();
return dsedInfo;
}
} }

View File

@ -1,7 +1,20 @@
package hirs.utils.tpm.eventlog.events; package hirs.utils.tpm.eventlog.events;
import lombok.Getter;
public class DeviceSecurityEventData2 extends DeviceSecurityEventDataBase { public class DeviceSecurityEventData2 extends DeviceSecurityEventDataBase {
/**
* DeviceSecurityEventDataHeader2 Object.
*/
@Getter
private DeviceSecurityEventDataHeader2 dsedHeader2 = null;
// /**
// * DeviceSecurityEventDataSubHeader Object.
// */
// @Getter
// private DeviceSecurityEventDataSubHeader dsedSubHeader = null;
/** /**
* DeviceSecurityEventData2 Constructor. * DeviceSecurityEventData2 Constructor.
* *
@ -10,4 +23,12 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEventDataBase {
public DeviceSecurityEventData2(final byte[] dSEDbytes) { public DeviceSecurityEventData2(final byte[] dSEDbytes) {
} }
public String toString() {
String dsedInfo = "";
// dsedInfo += dsedHeader2.toString();
// dsedInfo += dsedSubHeader.toString();
// dsedInfo += dsedDeviceContext.toString();
return dsedInfo;
}
} }

View File

@ -47,16 +47,16 @@ import java.nio.charset.StandardCharsets;
*/ */
public abstract class DeviceSecurityEventDataBase { public abstract class DeviceSecurityEventDataBase {
/** // /**
* Signature (text) data. // * Signature (text) data.
*/ // */
@Getter // @Getter
private String signature = ""; // private String signature = "";
/** // /**
* Version determines data structure used (..DATA or ..DATA2). // * Version determines data structure used (..DATA or ..DATA2).
*/ // */
@Getter // @Getter
private String version = ""; // private String version = "";
// /** // /**
// * Contains the human-readable info inside the Device Security Event. // * Contains the human-readable info inside the Device Security Event.
// */ // */
@ -67,11 +67,6 @@ public abstract class DeviceSecurityEventDataBase {
// */ // */
// @Getter // @Getter
// private DeviceSecurityEventDataHeader dsedHeader = null; // private DeviceSecurityEventDataHeader dsedHeader = null;
/**
* DeviceSecurityEventDataSubHeader Object.
*/
// @Getter
// private DeviceSecurityEventDataSubHeader dsedSubHeader = null;
/** /**
* DeviceSecurityEventDataDeviceContext Object. * DeviceSecurityEventDataDeviceContext Object.
*/ */
@ -89,16 +84,16 @@ public abstract class DeviceSecurityEventDataBase {
*/ */
public DeviceSecurityEventDataBase(final byte[] dSEDbytes) { public DeviceSecurityEventDataBase(final byte[] dSEDbytes) {
byte[] signatureBytes = new byte[UefiConstants.SIZE_16]; // byte[] signatureBytes = new byte[UefiConstants.SIZE_16];
System.arraycopy(dSEDbytes, 0, signatureBytes, 0, UefiConstants.SIZE_16); // System.arraycopy(dSEDbytes, 0, signatureBytes, 0, UefiConstants.SIZE_16);
//signature = HexUtils.byteArrayToHexString(signatureBytes); // //signature = HexUtils.byteArrayToHexString(signatureBytes);
signature = new String(signatureBytes, StandardCharsets.UTF_8) // signature = new String(signatureBytes, StandardCharsets.UTF_8)
.substring(0, UefiConstants.SIZE_15); // size 15 bc last letter is a 00 (null) // .substring(0, UefiConstants.SIZE_15); // size 15 bc last letter is a 00 (null)
//
byte[] versionBytes = new byte[UefiConstants.SIZE_2]; // byte[] versionBytes = new byte[UefiConstants.SIZE_2];
System.arraycopy(dSEDbytes, UefiConstants.OFFSET_16, versionBytes, 0, // System.arraycopy(dSEDbytes, UefiConstants.OFFSET_16, versionBytes, 0,
UefiConstants.SIZE_2); // UefiConstants.SIZE_2);
version = HexUtils.byteArrayToHexString(versionBytes); // version = HexUtils.byteArrayToHexString(versionBytes);
// int byteOffset = 0; // int byteOffset = 0;
// byteOffset = dsedHeader.getDsedHeaderByteSize(); // byteOffset = dsedHeader.getDsedHeaderByteSize();
@ -134,24 +129,24 @@ public abstract class DeviceSecurityEventDataBase {
// dSEDinfo =+ // dSEDinfo =+
// dsedDeviceContext.getDSEDdeviceContextInfo(); // dsedDeviceContext.getDSEDdeviceContextInfo();
// } // }
} // }
} }
public String toString() { public String toString() {
String dsedInfo = ""; String dsedInfo = "";
switch (version) { // switch (version) {
case "0100": // case "0100":
dsedInfo += dsedHeader.toString();
// dsedInfo += dsedDeviceContext.toString();
break;
case "0200":
// dsedInfo += dsedHeader.toString(); // dsedInfo += dsedHeader.toString();
// dsedInfo += dsedSubHeader.toString(); //// dsedInfo += dsedDeviceContext.toString();
// dsedInfo += dsedDeviceContext.toString(); // break;
break; // case "0200":
default: //// dsedInfo += dsedHeader.toString();
dsedInfo += " Unknown SPDM Device Security Event Data version " + version + " found" + "\n"; //// dsedInfo += dsedSubHeader.toString();
} //// dsedInfo += dsedDeviceContext.toString();
// break;
// default:
// dsedInfo += " Unknown SPDM Device Security Event Data version " + version + " found" + "\n";
// }
return dsedInfo; return dsedInfo;
} }
} }

View File

@ -1,9 +1,94 @@
package hirs.utils.tpm.eventlog.events; package hirs.utils.tpm.eventlog.events;
import hirs.utils.HexUtils;
import hirs.utils.tpm.eventlog.spdm.SpdmHa;
import hirs.utils.tpm.eventlog.spdm.SpdmMeasurementBlock;
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import lombok.Getter;
public class DeviceSecurityEventDataHeader extends DeviceSecurityEventDataHeaderBase { public class DeviceSecurityEventDataHeader extends DeviceSecurityEventDataHeaderBase {
/** ----------- Variables specific to Header Type 1 -----------
// /**
// * Type Header 1 event data length.
// */
// @Getter
// private String h1Length = "";
/**
* Type Header 1 SPDM hash algorithm.
*/
@Getter
private String h1SpdmHashAlgo = "";
// /**
// * Type Header 1 SPDM Measurement Block list.
// */
// private List<SpdmMeasurementBlock> h1SpdmMeasurementBlockList;
/**
* Type Header 1 SPDM Measurement Block.
*/
private SpdmMeasurementBlock h1SpdmMeasurementBlock;
public DeviceSecurityEventDataHeader(final byte[] dSEDbytes) { public DeviceSecurityEventDataHeader(final byte[] dSEDbytes) {
byte[] lengthBytes = new byte[UefiConstants.SIZE_2];
System.arraycopy(dSEDbytes, 18, lengthBytes, 0,
UefiConstants.SIZE_2);
int h1Length = HexUtils.leReverseInt(lengthBytes);
byte[] spdmHashAlgoBytes = new byte[UefiConstants.SIZE_4];
System.arraycopy(dSEDbytes, UefiConstants.OFFSET_20, spdmHashAlgoBytes, 0,
UefiConstants.SIZE_4);
int h1SpdmHashAlgoInt = HexUtils.leReverseInt(spdmHashAlgoBytes);
h1SpdmHashAlgo = SpdmHa.tcgAlgIdToString(h1SpdmHashAlgoInt);
byte[] deviceTypeBytes = new byte[UefiConstants.SIZE_4];
System.arraycopy(dSEDbytes, UefiConstants.OFFSET_24, deviceTypeBytes, 0,
UefiConstants.SIZE_4);
int deviceTypeInt = HexUtils.leReverseInt(deviceTypeBytes);
deviceType = deviceTypeToString(deviceTypeInt);
// For each measurement block, create a SpdmMeasurementBlock object (can there be many blocks ?)
// get the size of the SPDM Measurement Block
byte[] sizeOfSpdmMeasBlockBytes = new byte[UefiConstants.SIZE_2];
System.arraycopy(dSEDbytes, 30, sizeOfSpdmMeasBlockBytes, 0,
UefiConstants.SIZE_2);
int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes);
int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + 4;
// extract the bytes from the SPDM Measurement Block
byte[] spdmMeasBlockBytes = new byte[sizeOfSpdmMeasBlock];
System.arraycopy(dSEDbytes, 28, spdmMeasBlockBytes, 0,
sizeOfSpdmMeasBlock);
h1SpdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasBlockBytes);
// byte[] algorithmIDBytes = new byte[UefiConstants.SIZE_2];
// int algLocation = UefiConstants.SIZE_28;
// for (int i = 0; i < numberOfAlg; i++) {
// System.arraycopy(efiSpecId, algLocation + UefiConstants.OFFSET_4 * i, algorithmIDBytes,
// 0, UefiConstants.SIZE_2);
// String alg = TcgTpmtHa.tcgAlgIdToString(HexUtils.leReverseInt(algorithmIDBytes));
// algList.add(alg);
// }
// if ((algList.size() == 1) && (algList.get(0).compareTo("SHA1") == 0)) {
// cryptoAgile = false;
// } else {
// cryptoAgile = true;
// }
}
/**
* Returns a human readable description of the data within this event.
*
* @return a description of this event..
*/
public String toString() {
String dsedHeaderInfo = "";
dsedHeaderInfo += "\n SPDM hash algorithm = " + h1SpdmHashAlgo;
dsedHeaderInfo += "\n SPDM Measurement Block " + h1SpdmMeasurementBlock.toString();
return dsedHeaderInfo;
} }
} }

View File

@ -78,8 +78,6 @@ public abstract class DeviceSecurityEventDataHeaderBase {
// @Getter // @Getter
// private String dSEDheaderInfo = ""; // private String dSEDheaderInfo = "";
/** ----------- Variables common to all Header Types -----------
*/
/** /**
* Contains the size (in bytes) of the Header. * Contains the size (in bytes) of the Header.
*/ */
@ -125,29 +123,6 @@ public abstract class DeviceSecurityEventDataHeaderBase {
*/ */
public static final int DEVICE_TYPE_USB = 2; public static final int DEVICE_TYPE_USB = 2;
/** ----------- Variables specific to Header Type 1 -----------
// /**
// * Type Header 1 event data length.
// */
// @Getter
// private String h1Length = "";
/**
* Type Header 1 SPDM hash algorithm.
*/
@Getter
private String h1SpdmHashAlgo = "";
// /**
// * Type Header 1 SPDM Measurement Block list.
// */
// private List<SpdmMeasurementBlock> h1SpdmMeasurementBlockList;
/**
* Type Header 1 SPDM Measurement Block.
*/
private SpdmMeasurementBlock h1SpdmMeasurementBlock;
/** ----------- Variables specific to Header Type 2 -----------
*/
// TBD
public DeviceSecurityEventDataHeaderBase() { public DeviceSecurityEventDataHeaderBase() {
@ -173,56 +148,6 @@ public abstract class DeviceSecurityEventDataHeaderBase {
UefiConstants.SIZE_2); UefiConstants.SIZE_2);
version = HexUtils.byteArrayToHexString(versionBytes); version = HexUtils.byteArrayToHexString(versionBytes);
// if(version == "0100") {
if (version.equals("0100")) {
byte[] lengthBytes = new byte[UefiConstants.SIZE_2];
System.arraycopy(dSEDbytes, 18, lengthBytes, 0,
UefiConstants.SIZE_2);
int h1Length = HexUtils.leReverseInt(lengthBytes);
byte[] spdmHashAlgoBytes = new byte[UefiConstants.SIZE_4];
System.arraycopy(dSEDbytes, UefiConstants.OFFSET_20, spdmHashAlgoBytes, 0,
UefiConstants.SIZE_4);
int h1SpdmHashAlgoInt = HexUtils.leReverseInt(spdmHashAlgoBytes);
h1SpdmHashAlgo = SpdmHa.tcgAlgIdToString(h1SpdmHashAlgoInt);
byte[] deviceTypeBytes = new byte[UefiConstants.SIZE_4];
System.arraycopy(dSEDbytes, UefiConstants.OFFSET_24, deviceTypeBytes, 0,
UefiConstants.SIZE_4);
int deviceTypeInt = HexUtils.leReverseInt(deviceTypeBytes);
deviceType = deviceTypeToString(deviceTypeInt);
// For each measurement block, create a SpdmMeasurementBlock object (can there be many blocks ?)
// get the size of the SPDM Measurement Block
byte[] sizeOfSpdmMeasBlockBytes = new byte[UefiConstants.SIZE_2];
System.arraycopy(dSEDbytes, 30, sizeOfSpdmMeasBlockBytes, 0,
UefiConstants.SIZE_2);
int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes);
int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + 4;
// extract the bytes from the SPDM Measurement Block
byte[] spdmMeasBlockBytes = new byte[sizeOfSpdmMeasBlock];
System.arraycopy(dSEDbytes, 28, spdmMeasBlockBytes, 0,
sizeOfSpdmMeasBlock);
h1SpdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasBlockBytes);
// byte[] algorithmIDBytes = new byte[UefiConstants.SIZE_2];
// int algLocation = UefiConstants.SIZE_28;
// for (int i = 0; i < numberOfAlg; i++) {
// System.arraycopy(efiSpecId, algLocation + UefiConstants.OFFSET_4 * i, algorithmIDBytes,
// 0, UefiConstants.SIZE_2);
// String alg = TcgTpmtHa.tcgAlgIdToString(HexUtils.leReverseInt(algorithmIDBytes));
// algList.add(alg);
// }
// if ((algList.size() == 1) && (algList.get(0).compareTo("SHA1") == 0)) {
// cryptoAgile = false;
// } else {
// cryptoAgile = true;
// }
}
} }
/** /**
@ -257,15 +182,20 @@ public abstract class DeviceSecurityEventDataHeaderBase {
*/ */
public String toString() { public String toString() {
String dsedHeaderInfo = ""; String dsedHeaderInfo = "";
if (version.equals("0100")) {
dsedHeaderInfo += "\n SPDM hash algorithm = " + h1SpdmHashAlgo;
dsedHeaderInfo += "\n SPDM Device"; dsedHeaderInfo += "\n SPDM Device";
dsedHeaderInfo += "\n Device Type: " + deviceType; dsedHeaderInfo += "\n Device Type: " + deviceType;
dsedHeaderInfo += "\n Device Path: " + devicePath; dsedHeaderInfo += "\n Device Path: " + devicePath;
dsedHeaderInfo += "\n SPDM Measurement Block " + h1SpdmMeasurementBlock.toString();
} else if(version.equals("0200")) { // if (version.equals("0100")) {
dsedHeaderInfo = "tbd"; // dsedHeaderInfo += "\n SPDM hash algorithm = " + h1SpdmHashAlgo;
} // dsedHeaderInfo += "\n SPDM Device";
// dsedHeaderInfo += "\n Device Type: " + deviceType;
// dsedHeaderInfo += "\n Device Path: " + devicePath;
// dsedHeaderInfo += "\n SPDM Measurement Block " + h1SpdmMeasurementBlock.toString();
// } else if(version.equals("0200")) {
// dsedHeaderInfo = "tbd";
// }
return dsedHeaderInfo; return dsedHeaderInfo;
} }