ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-18 02:39:56 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fixed merge conflicts

Browse Source
This commit is contained in:
iadgovuser26 2020-06-10 16:51:47 -04:00
parent f2fd7f31bd
commit 586c29c0f3
6 changed files with 121 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java
View File

@ -3,7 +3,7 @@ package hirs.data.persist;
import com.google.common.base.Preconditions;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
import hirs.data.persist.enums.DigestAlgorithm;
import hirs.tpm.eventlog.TCGEventLogProcessor;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.utils.xjc.File;
import java.io.IOException;
import java.util.Map;
@ -217,14 +217,14 @@ public class SwidResource {
*
*/
private void parsePcrValues() {
TCGEventLogProcessor logProcessor = new TCGEventLogProcessor();
TCGEventLog logProcessor = new TCGEventLog();
try {
Path logPath = Paths.get(String.format("%s/%s",
SwidResource.RESOURCE_UPLOAD_FOLDER,
this.getName()));
if (Files.exists(logPath)) {
logProcessor = new TCGEventLogProcessor(
logProcessor = new TCGEventLog(
Files.readAllBytes(logPath));
}
this.setPcrValues(Arrays.asList(

2
HIRS_Utils/src/main/java/hirs/tpm/TPMBaselineGenerator.java
View File

@ -614,7 +614,7 @@ public class TPMBaselineGenerator {
// Device info records will start with the field name of the device info to set
try {
TPMBaselineFields field =
TPMBaselineFields.valueOf(dataArray[0].toLowerCase());
TPMBaselineFields.valueOf(dataArray[0].toUpperCase());
fieldMap.put(field, StringEscapeUtils.unescapeCsv(dataArray[1]));
} catch (IllegalArgumentException e) {
// Wasn't in the list of fields, treat it as a measurement record

39
HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java
View File

@ -9,20 +9,26 @@ import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import hirs.data.persist.AbstractDigest;
import hirs.data.persist.Digest;
import hirs.data.persist.DigestAlgorithm;
import hirs.data.persist.TPMMeasurementRecord;
import hirs.data.persist.TpmWhiteListBaseline;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
import hirs.data.persist.enums.DigestAlgorithm;
import hirs.tpm.eventlog.events.EvConstants;
import hirs.tpm.eventlog.uefi.UefiConstants;
import hirs.utils.HexUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
/**
* Class for handling different formats of TCG Event logs.
*/
public final class TCGEventLog {
// private static final Logger LOGGER = (Logger) LogManager.getLogger(TCGEventLog.class);
/** Logger. */
private static final Logger LOGGER = LogManager.getLogger(TCGEventLog.class);
/** Name of the hash algorithm used to process the Event Log, default is SHA256. */
private String algorithm = "TPM_ALG_SHA256";
/** Parsed event log array. */
@ -132,10 +138,14 @@ public final class TCGEventLog {
* This method puts blank values in the pcrList.
*/
private void initPcrList() {
for (int i = 0; i < PCR_COUNT; i++) { // Initialize the PCRlist1 array
System.arraycopy(HexUtils.hexStringToByteArray(
initValue),
0, pcrList[i], 0, pcrLength);
for (int i = 0; i < PCR_COUNT; i++) {
try {
// Initialize the PCRlist1 array
System.arraycopy(Hex.decodeHex(initValue.toCharArray()),
0, pcrList[i], 0, pcrLength);
} catch (DecoderException deEx) {
LOGGER.error(deEx);
}
}
}
@ -185,7 +195,7 @@ public final class TCGEventLog {
0, currentEvent.getDigestLength());
}
} catch (NoSuchAlgorithmException e) {
// ((org.apache.logging.log4j.Logger) LOGGER).error(e);
LOGGER.error(e);
}
}
}
@ -202,8 +212,15 @@ public final class TCGEventLog {
private byte[] extendPCR(final byte[] currentValue, final byte[] newEvent)
throws NoSuchAlgorithmException {
MessageDigest md = MessageDigest.getInstance(hashType);
md.update(HexUtils.hexStringToByteArray(HexUtils.byteArrayToHexString(currentValue)
+ HexUtils.byteArrayToHexString(newEvent)));
StringBuilder sb = new StringBuilder(AbstractDigest.SHA512_DIGEST_LENGTH);
sb.append(Hex.encodeHexString(currentValue).toCharArray());
sb.append(Hex.encodeHexString(newEvent).toCharArray());
try {
md.update(Hex.decodeHex(sb.toString().toCharArray()));
} catch (DecoderException deEx) {
LOGGER.error(deEx);
}
return md.digest();
}

85
HIRS_Utils/src/test/resources/tpm/TPMTestBaselineWithDeviceInfo.csv
View File

@ -1,43 +1,42 @@
manufacturer,U.S.A
BIOSVENDOR,HirsBIOS
productName,The best product
version,0.6.9
systemSerialNumber,8_8
chassisserialnumber,9_9
baseboardserialnumber,ABC123
tpmMake,Infineon
tpmVersionMajor,1
tpmVersionMinor,2
tpmVersionRevMajor,3
tpmVersionRevMinor,4
0,76abf677781fcb983da780a08fe46920ebb1a058
1,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
2,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
3,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
4,5289e89800f19805192a20fbbc712d18361d3d45
5,7e39b3da2fbbe3a36798ead5e877a7ea60d00db2
6,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
BiOsRelEAseDAtE,04/25/2014
7,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
8,0000000000000000000000000000000000000000
9,0000000000000000000000000000000000000000
10,d917a32ee75f2d7cad093ca1dd8a8a981a3f3832
11,0000000000000000000000000000000000000000
12,0000000000000000000000000000000000000000
13,0000000000000000000000000000000000000000
14,0000000000000000000000000000000000000000
15,0000000000000000000000000000000000000000
16,0000000000000000000000000000000000000000
17,ffffffffffffffffffffffffffffffffffffffff
18,ffffffffffffffffffffffffffffffffffffffff
19,ffffffffffffffffffffffffffffffffffffffff
20,ffffffffffffffffffffffffffffffffffffffff
21,ffffffffffffffffffffffffffffffffffffffff
22,ffffffffffffffffffffffffffffffffffffffff
23,0000000000000000000000000000000000000000
biosversion,abc
osName,Linux
osVersion,3.10.0-123.el7.x86_64
distribution,CentOS
distributionRelease,7.0.1406
manufacturer,U.S.A
BIOS_VENDOR,HirsBIOS
PRODUCT_NAME,The best product
VERSION,0.6.9
SYSTEM_SERIAL_NUMBER,8_8
CHASSIS_SERIAL_NUMBER,9_9
BASEBOARD_SERIAL_NUMBER,ABC123
TPM_MAKE,Infineon
TPM_VERSION_MAJOR,1
TPM_VERSION_MINOR,2
TPM_VERSION_REV_MAJOR,3
TPM_VERSION_REV_MINOR,4
0,76abf677781fcb983da780a08fe46920ebb1a058
1,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
2,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
3,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
4,5289e89800f19805192a20fbbc712d18361d3d45
5,7e39b3da2fbbe3a36798ead5e877a7ea60d00db2
6,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
BIOS_RELEASE_DATE,04/25/2014
7,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
8,0000000000000000000000000000000000000000
9,0000000000000000000000000000000000000000
10,d917a32ee75f2d7cad093ca1dd8a8a981a3f3832
11,0000000000000000000000000000000000000000
12,0000000000000000000000000000000000000000
13,0000000000000000000000000000000000000000
14,0000000000000000000000000000000000000000
15,0000000000000000000000000000000000000000
16,0000000000000000000000000000000000000000
17,ffffffffffffffffffffffffffffffffffffffff
18,ffffffffffffffffffffffffffffffffffffffff
19,ffffffffffffffffffffffffffffffffffffffff
20,ffffffffffffffffffffffffffffffffffffffff
21,ffffffffffffffffffffffffffffffffffffffff
22,ffffffffffffffffffffffffffffffffffffffff
23,0000000000000000000000000000000000000000
BIOS_VERSION,abc
OS_NAME,Linux
OS_VERSION,3.10.0-123.el7.x86_64
DISTRIBUTION,CentOS
DISTRIBUTION_RELEASE,7.0.1406

1 manufacturer U.S.A
2 BIOSVENDOR BIOS_VENDOR HirsBIOS
3 productName PRODUCT_NAME The best product
4 version VERSION 0.6.9
5 systemSerialNumber SYSTEM_SERIAL_NUMBER 8_8
6 chassisserialnumber CHASSIS_SERIAL_NUMBER 9_9
7 baseboardserialnumber BASEBOARD_SERIAL_NUMBER ABC123
8 tpmMake TPM_MAKE Infineon
9 tpmVersionMajor TPM_VERSION_MAJOR 1
10 tpmVersionMinor TPM_VERSION_MINOR 2
11 tpmVersionRevMajor TPM_VERSION_REV_MAJOR 3
12 tpmVersionRevMinor TPM_VERSION_REV_MINOR 4
13 0 76abf677781fcb983da780a08fe46920ebb1a058
14 1 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
15 2 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
16 3 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
17 4 5289e89800f19805192a20fbbc712d18361d3d45
18 5 7e39b3da2fbbe3a36798ead5e877a7ea60d00db2
19 6 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
20 BiOsRelEAseDAtE BIOS_RELEASE_DATE 04/25/2014
21 7 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
22 8 0000000000000000000000000000000000000000
23 9 0000000000000000000000000000000000000000
24 10 d917a32ee75f2d7cad093ca1dd8a8a981a3f3832
25 11 0000000000000000000000000000000000000000
26 12 0000000000000000000000000000000000000000
27 13 0000000000000000000000000000000000000000
28 14 0000000000000000000000000000000000000000
29 15 0000000000000000000000000000000000000000
30 16 0000000000000000000000000000000000000000
31 17 ffffffffffffffffffffffffffffffffffffffff
32 18 ffffffffffffffffffffffffffffffffffffffff
33 19 ffffffffffffffffffffffffffffffffffffffff
34 20 ffffffffffffffffffffffffffffffffffffffff
35 21 ffffffffffffffffffffffffffffffffffffffff
36 22 ffffffffffffffffffffffffffffffffffffffff
37 23 0000000000000000000000000000000000000000
38 biosversion BIOS_VERSION abc
39 osName OS_NAME Linux
40 osVersion OS_VERSION 3.10.0-123.el7.x86_64
41 distribution DISTRIBUTION CentOS
42 distributionRelease DISTRIBUTION_RELEASE 7.0.1406

55
HIRS_Utils/src/test/resources/tpm/TPMTestBaselineWithInvalidDeviceInfo.csv
View File

@ -1,28 +1,27 @@
manufacturer,U.S.A
0,76abf677781fcb983da780a08fe46920ebb1a058
1,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
2,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
3,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
4,5289e89800f19805192a20fbbc712d18361d3d45
5,7e39b3da2fbbe3a36798ead5e877a7ea60d00db2
6,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
osEversion,3.10.0-123.el7.x86_64
7,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
8,0000000000000000000000000000000000000000
9,0000000000000000000000000000000000000000
10,d917a32ee75f2d7cad093ca1dd8a8a981a3f3832
11,0000000000000000000000000000000000000000
12,0000000000000000000000000000000000000000
13,0000000000000000000000000000000000000000
14,0000000000000000000000000000000000000000
15,0000000000000000000000000000000000000000
16,0000000000000000000000000000000000000000
17,ffffffffffffffffffffffffffffffffffffffff
18,ffffffffffffffffffffffffffffffffffffffff
19,ffffffffffffffffffffffffffffffffffffffff
20,ffffffffffffffffffffffffffffffffffffffff
21,ffffffffffffffffffffffffffffffffffffffff
22,ffffffffffffffffffffffffffffffffffffffff
23,0000000000000000000000000000000000000000
distributionRelease,7.0.1406
manufacturer,U.S.A
0,76abf677781fcb983da780a08fe46920ebb1a058
1,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
2,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
3,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
4,5289e89800f19805192a20fbbc712d18361d3d45
5,7e39b3da2fbbe3a36798ead5e877a7ea60d00db2
6,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
OS_VERSION,3.10.0-123.el7.x86_64
7,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
8,0000000000000000000000000000000000000000
9,0000000000000000000000000000000000000000
10,d917a32ee75f2d7cad093ca1dd8a8a981a3f3832
11,0000000000000000000000000000000000000000
12,0000000000000000000000000000000000000000
13,0000000000000000000000000000000000000000
14,0000000000000000000000000000000000000000
15,0000000000000000000000000000000000000000
16,0000000000000000000000000000000000000000
17,ffffffffffffffffffffffffffffffffffffffff
18,ffffffffffffffffffffffffffffffffffffffff
19,ffffffffffffffffffffffffffffffffffffffff
20,ffffffffffffffffffffffffffffffffffffffff
21,ffffffffffffffffffffffffffffffffffffffff
22,ffffffffffffffffffffffffffffffffffffffff
23,0000000000000000000000000000000000000000
DISTRIBUTION_RELEASE,7.0.1406

1 manufacturer U.S.A
2 0 76abf677781fcb983da780a08fe46920ebb1a058
3 1 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
4 2 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
5 3 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
6 4 5289e89800f19805192a20fbbc712d18361d3d45
7 5 7e39b3da2fbbe3a36798ead5e877a7ea60d00db2
8 6 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
9 osEversion OS_VERSION 3.10.0-123.el7.x86_64
10 7 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
11 8 0000000000000000000000000000000000000000
12 9 0000000000000000000000000000000000000000
13 10 d917a32ee75f2d7cad093ca1dd8a8a981a3f3832
14 11 0000000000000000000000000000000000000000
15 12 0000000000000000000000000000000000000000
16 13 0000000000000000000000000000000000000000
17 14 0000000000000000000000000000000000000000
18 15 0000000000000000000000000000000000000000
19 16 0000000000000000000000000000000000000000
20 17 ffffffffffffffffffffffffffffffffffffffff
21 18 ffffffffffffffffffffffffffffffffffffffff
22 19 ffffffffffffffffffffffffffffffffffffffff
23 20 ffffffffffffffffffffffffffffffffffffffff
24 21 ffffffffffffffffffffffffffffffffffffffff
25 22 ffffffffffffffffffffffffffffffffffffffff
26 23 0000000000000000000000000000000000000000
27 distributionRelease DISTRIBUTION_RELEASE 7.0.1406

48
tools/tcg_rim_tool/generated_swidTag.swidtag
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<ns2:SoftwareIdentity xmlns:ns2="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true">
<Signature>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
@ -9,34 +9,26 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>jfwo1CF30jTNX7m/j85Avnt0EedV/QJIsRUZnaOY+Dg=</DigestValue>
<DigestValue>gLCM4kz8qvB6JkV+yDnv3KzqEloiSsBik2OeyBOSw/A=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>VqUHbt1UqkxlLHVkTOlQs54KWjv5IPKzSCxrsPb8kGjaj5XjHkc1Z/h88znIIMTdCLcyrKgNEXS4
9EHI9nn9LmwXEd/ozKWd8adu6wLdxKj6uIfd0HaCLFrVlnf/b16xO9AW6wp5pLmXwoFi7zBXXJrn
F9MDKy55mXkxb/Z5RUC3IKqsoz+EuKjs6d+yhtb1EQtpJD2dZj23+VjMH4gXxEerDNR1PiPhma/i
QMFa1hwSO7AuasYPy0WCRIgrJ5ZL5x2ZoaSIdE2TsCqnStVL+KLZeMWNCqw4k89hsuELW7Azrl57
Vm2qzPok0svrB1K4QyZdyK2bnG1QY3Fip5Jdmg==</SignatureValue>
<SignatureValue>a+kmQfOSpSaMnazRJIOq2349Iuskpan4vh0N4dobjJ8Tb3lPjf97YiqgFsoSm5uydOPXs/lkN51g
Ox9CCBZ2bquDuuBPpAq5IQ3wZ28G+DYzva+pz7EHKge3gIRzMKjCyDx4bjn+3GUeg+A4KNHNcUfi
qkDVi3245/4IC/nIzm6a+3qVqsYH4mLqp1yO/Xbuqvkc5X0GobGIO6EOhXxuBii6O7GGv+cIVp3v
Xdd9zIwFVedeqeYextz5EDzDNHittmtNd+KEl0N3/45aXGDiRFiuiNy/sf7KR+wutbwJV7RlaDN7
QEaanCXCs6h5PehTh8EDEE9atceBS7IBje0dtw==</SignatureValue>
<KeyInfo>
<X509Data>
<X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName>
<X509Certificate>MIIDYTCCAkmgAwIBAgIJAPB+r6VBhBn4MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxEjAQBgNVBAMM
CUV4YW1wbGVDQTAeFw0yMDAyMTAxODE1MzRaFw0yOTEyMTkxODE1MzRaMFwxCzAJBgNVBAYTAlVT
MQswCQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxGzAZBgNV
BAMMEmV4YW1wbGUuUklNLnNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKd1
lWGkSRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44/nBaccZD
OjdfIxIUCMfwhGXjxCaqZbgTucNsExDnu4arTGraoAwzHg0cVLiKT/Cxj9NL4dcMgxRXsPdHfXb0
923C7xYd2t2qfW05umgaj7qeQl6c68CFNsGX4JA8rWFQZvvGx5DGlK4KTcjPuQQINs5fxasNKqLY
2hq+z82x/rqwr2hmyizD6FpFSyIABPEMPfB036GEhRwu1WEMkq8yIp2jgRUoFYke9pB3ph9pVow0
Hh4mNFSKD4pP41VSKY1nus83mdkuukPy5o0CAwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMC
BsAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAGuJ+dasb3/Mb7TBJ1Oe
al5ISq8d2LQD5ke5qnjgSQWKXfQ9fcUy3dWnt3Oked/i8B/Tyk3jCdTZJU3J3iRNgTqFfMLP8rU1
w2tPYBjjuPKiiK4YRBHPxtFxPdOL1BPmL4ZzNs33Lv6H0m4aff9p6QpMclX5b/CRjl+80JWRLiLj
U3B0CejZB9dJrPr9SBaC31cDoeTpja9Cl86ip7KkqrZZIYeMuNF6ucWyWtjrW2kr3UhmEy8x/6y4
KigsK8sBwmNv4N2Pu3RppeIcpjYj5NVA1hwRA4eeMgJp2u+urm3l1oo1UNX1HsSSBHp1Owc9zZLm
07Pl8T46kpIA4sroCAU=</X509Certificate>
</X509Data>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</SoftwareIdentity>
</ns2:SoftwareIdentity>