ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-29 23:53:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed merge conflicts

Browse Source
This commit is contained in:
iadgovuser26 2020-06-10 16:51:47 -04:00
parent f2fd7f31bd
commit 586c29c0f3
6 changed files with 121 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java
View File

@ -3,7 +3,7 @@ package hirs.data.persist;
import com.google.common.base.Preconditions;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
import hirs.data.persist.enums.DigestAlgorithm;
import hirs.tpm.eventlog.TCGEventLogProcessor;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.utils.xjc.File;
import java.io.IOException;
import java.util.Map;
@ -217,14 +217,14 @@ public class SwidResource {
*
*/
private void parsePcrValues() {
TCGEventLogProcessor logProcessor = new TCGEventLogProcessor();
TCGEventLog logProcessor = new TCGEventLog();
try {
Path logPath = Paths.get(String.format("%s/%s",
SwidResource.RESOURCE_UPLOAD_FOLDER,
this.getName()));
if (Files.exists(logPath)) {
logProcessor = new TCGEventLogProcessor(
logProcessor = new TCGEventLog(
Files.readAllBytes(logPath));
}
this.setPcrValues(Arrays.asList(

2
HIRS_Utils/src/main/java/hirs/tpm/TPMBaselineGenerator.java
View File

@ -614,7 +614,7 @@ public class TPMBaselineGenerator {
// Device info records will start with the field name of the device info to set
try {
TPMBaselineFields field =
TPMBaselineFields.valueOf(dataArray[0].toLowerCase());
TPMBaselineFields.valueOf(dataArray[0].toUpperCase());
fieldMap.put(field, StringEscapeUtils.unescapeCsv(dataArray[1]));
} catch (IllegalArgumentException e) {
// Wasn't in the list of fields, treat it as a measurement record

37
HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java
View File

@ -9,20 +9,26 @@ import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import hirs.data.persist.AbstractDigest;
import hirs.data.persist.Digest;
import hirs.data.persist.DigestAlgorithm;
import hirs.data.persist.TPMMeasurementRecord;
import hirs.data.persist.TpmWhiteListBaseline;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
import hirs.data.persist.enums.DigestAlgorithm;
import hirs.tpm.eventlog.events.EvConstants;
import hirs.tpm.eventlog.uefi.UefiConstants;
import hirs.utils.HexUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
/**
* Class for handling different formats of TCG Event logs.
*/
public final class TCGEventLog {
// private static final Logger LOGGER = (Logger) LogManager.getLogger(TCGEventLog.class);
/** Logger. */
private static final Logger LOGGER = LogManager.getLogger(TCGEventLog.class);
/** Name of the hash algorithm used to process the Event Log, default is SHA256. */
private String algorithm = "TPM_ALG_SHA256";
/** Parsed event log array. */
@ -132,10 +138,14 @@ public final class TCGEventLog {
* This method puts blank values in the pcrList.
*/
private void initPcrList() {
for (int i = 0; i < PCR_COUNT; i++) { // Initialize the PCRlist1 array
System.arraycopy(HexUtils.hexStringToByteArray(
initValue),
for (int i = 0; i < PCR_COUNT; i++) {
try {
// Initialize the PCRlist1 array
System.arraycopy(Hex.decodeHex(initValue.toCharArray()),
0, pcrList[i], 0, pcrLength);
} catch (DecoderException deEx) {
LOGGER.error(deEx);
}
}
}
@ -185,7 +195,7 @@ public final class TCGEventLog {
0, currentEvent.getDigestLength());
}
} catch (NoSuchAlgorithmException e) {
// ((org.apache.logging.log4j.Logger) LOGGER).error(e);
LOGGER.error(e);
}
}
}
@ -202,8 +212,15 @@ public final class TCGEventLog {
private byte[] extendPCR(final byte[] currentValue, final byte[] newEvent)
throws NoSuchAlgorithmException {
MessageDigest md = MessageDigest.getInstance(hashType);
md.update(HexUtils.hexStringToByteArray(HexUtils.byteArrayToHexString(currentValue)
+ HexUtils.byteArrayToHexString(newEvent)));
StringBuilder sb = new StringBuilder(AbstractDigest.SHA512_DIGEST_LENGTH);
sb.append(Hex.encodeHexString(currentValue).toCharArray());
sb.append(Hex.encodeHexString(newEvent).toCharArray());
try {
md.update(Hex.decodeHex(sb.toString().toCharArray()));
} catch (DecoderException deEx) {
LOGGER.error(deEx);
}
return md.digest();
}

35
HIRS_Utils/src/test/resources/tpm/TPMTestBaselineWithDeviceInfo.csv
View File

@ -1,15 +1,15 @@
manufacturer,U.S.A
BIOSVENDOR,HirsBIOS
productName,The best product
version,0.6.9
systemSerialNumber,8_8
chassisserialnumber,9_9
baseboardserialnumber,ABC123
tpmMake,Infineon
tpmVersionMajor,1
tpmVersionMinor,2
tpmVersionRevMajor,3
tpmVersionRevMinor,4
BIOS_VENDOR,HirsBIOS
PRODUCT_NAME,The best product
VERSION,0.6.9
SYSTEM_SERIAL_NUMBER,8_8
CHASSIS_SERIAL_NUMBER,9_9
BASEBOARD_SERIAL_NUMBER,ABC123
TPM_MAKE,Infineon
TPM_VERSION_MAJOR,1
TPM_VERSION_MINOR,2
TPM_VERSION_REV_MAJOR,3
TPM_VERSION_REV_MINOR,4
0,76abf677781fcb983da780a08fe46920ebb1a058
1,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
2,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
@ -17,7 +17,7 @@ tpmVersionRevMinor,4
4,5289e89800f19805192a20fbbc712d18361d3d45
5,7e39b3da2fbbe3a36798ead5e877a7ea60d00db2
6,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
BiOsRelEAseDAtE,04/25/2014
BIOS_RELEASE_DATE,04/25/2014
7,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
8,0000000000000000000000000000000000000000
9,0000000000000000000000000000000000000000
@ -35,9 +35,8 @@ BiOsRelEAseDAtE,04/25/2014
21,ffffffffffffffffffffffffffffffffffffffff
22,ffffffffffffffffffffffffffffffffffffffff
23,0000000000000000000000000000000000000000
biosversion,abc
osName,Linux
osVersion,3.10.0-123.el7.x86_64
distribution,CentOS
distributionRelease,7.0.1406
BIOS_VERSION,abc
OS_NAME,Linux
OS_VERSION,3.10.0-123.el7.x86_64
DISTRIBUTION,CentOS
DISTRIBUTION_RELEASE,7.0.1406

1 manufacturer U.S.A
2 BIOSVENDOR BIOS_VENDOR HirsBIOS
3 productName PRODUCT_NAME The best product
4 version VERSION 0.6.9
5 systemSerialNumber SYSTEM_SERIAL_NUMBER 8_8
6 chassisserialnumber CHASSIS_SERIAL_NUMBER 9_9
7 baseboardserialnumber BASEBOARD_SERIAL_NUMBER ABC123
8 tpmMake TPM_MAKE Infineon
9 tpmVersionMajor TPM_VERSION_MAJOR 1
10 tpmVersionMinor TPM_VERSION_MINOR 2
11 tpmVersionRevMajor TPM_VERSION_REV_MAJOR 3
12 tpmVersionRevMinor TPM_VERSION_REV_MINOR 4
13 0 76abf677781fcb983da780a08fe46920ebb1a058
14 1 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
15 2 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
17 4 5289e89800f19805192a20fbbc712d18361d3d45
18 5 7e39b3da2fbbe3a36798ead5e877a7ea60d00db2
19 6 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
20 BiOsRelEAseDAtE BIOS_RELEASE_DATE 04/25/2014
21 7 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
22 8 0000000000000000000000000000000000000000
23 9 0000000000000000000000000000000000000000
35 21 ffffffffffffffffffffffffffffffffffffffff
36 22 ffffffffffffffffffffffffffffffffffffffff
37 23 0000000000000000000000000000000000000000
38 biosversion BIOS_VERSION abc
39 osName OS_NAME Linux
40 osVersion OS_VERSION 3.10.0-123.el7.x86_64
41 distribution DISTRIBUTION CentOS
42 distributionRelease DISTRIBUTION_RELEASE 7.0.1406

5
HIRS_Utils/src/test/resources/tpm/TPMTestBaselineWithInvalidDeviceInfo.csv
View File

@ -6,7 +6,7 @@ manufacturer,U.S.A
4,5289e89800f19805192a20fbbc712d18361d3d45
5,7e39b3da2fbbe3a36798ead5e877a7ea60d00db2
6,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
osEversion,3.10.0-123.el7.x86_64
OS_VERSION,3.10.0-123.el7.x86_64
7,3a3f780f11a4b49969fcaa80cd6e3957c33b2275
8,0000000000000000000000000000000000000000
9,0000000000000000000000000000000000000000
@ -24,5 +24,4 @@ osEversion,3.10.0-123.el7.x86_64
21,ffffffffffffffffffffffffffffffffffffffff
22,ffffffffffffffffffffffffffffffffffffffff
23,0000000000000000000000000000000000000000
distributionRelease,7.0.1406
DISTRIBUTION_RELEASE,7.0.1406

1 manufacturer U.S.A
6 4 5289e89800f19805192a20fbbc712d18361d3d45
7 5 7e39b3da2fbbe3a36798ead5e877a7ea60d00db2
8 6 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
9 osEversion OS_VERSION 3.10.0-123.el7.x86_64
10 7 3a3f780f11a4b49969fcaa80cd6e3957c33b2275
11 8 0000000000000000000000000000000000000000
12 9 0000000000000000000000000000000000000000
24 21 ffffffffffffffffffffffffffffffffffffffff
25 22 ffffffffffffffffffffffffffffffffffffffff
26 23 0000000000000000000000000000000000000000
27 distributionRelease DISTRIBUTION_RELEASE 7.0.1406

48
tools/tcg_rim_tool/generated_swidTag.swidtag
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<ns2:SoftwareIdentity xmlns:ns2="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true">
<Signature>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
@ -9,34 +9,26 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>jfwo1CF30jTNX7m/j85Avnt0EedV/QJIsRUZnaOY+Dg=</DigestValue>
<DigestValue>gLCM4kz8qvB6JkV+yDnv3KzqEloiSsBik2OeyBOSw/A=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>VqUHbt1UqkxlLHVkTOlQs54KWjv5IPKzSCxrsPb8kGjaj5XjHkc1Z/h88znIIMTdCLcyrKgNEXS4
9EHI9nn9LmwXEd/ozKWd8adu6wLdxKj6uIfd0HaCLFrVlnf/b16xO9AW6wp5pLmXwoFi7zBXXJrn
F9MDKy55mXkxb/Z5RUC3IKqsoz+EuKjs6d+yhtb1EQtpJD2dZj23+VjMH4gXxEerDNR1PiPhma/i
QMFa1hwSO7AuasYPy0WCRIgrJ5ZL5x2ZoaSIdE2TsCqnStVL+KLZeMWNCqw4k89hsuELW7Azrl57
Vm2qzPok0svrB1K4QyZdyK2bnG1QY3Fip5Jdmg==</SignatureValue>
<SignatureValue>a+kmQfOSpSaMnazRJIOq2349Iuskpan4vh0N4dobjJ8Tb3lPjf97YiqgFsoSm5uydOPXs/lkN51g
Ox9CCBZ2bquDuuBPpAq5IQ3wZ28G+DYzva+pz7EHKge3gIRzMKjCyDx4bjn+3GUeg+A4KNHNcUfi
qkDVi3245/4IC/nIzm6a+3qVqsYH4mLqp1yO/Xbuqvkc5X0GobGIO6EOhXxuBii6O7GGv+cIVp3v
Xdd9zIwFVedeqeYextz5EDzDNHittmtNd+KEl0N3/45aXGDiRFiuiNy/sf7KR+wutbwJV7RlaDN7
QEaanCXCs6h5PehTh8EDEE9atceBS7IBje0dtw==</SignatureValue>
<KeyInfo>
<X509Data>
<X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName>
<X509Certificate>MIIDYTCCAkmgAwIBAgIJAPB+r6VBhBn4MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxEjAQBgNVBAMM
CUV4YW1wbGVDQTAeFw0yMDAyMTAxODE1MzRaFw0yOTEyMTkxODE1MzRaMFwxCzAJBgNVBAYTAlVT
MQswCQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxGzAZBgNV
BAMMEmV4YW1wbGUuUklNLnNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKd1
lWGkSRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44/nBaccZD
OjdfIxIUCMfwhGXjxCaqZbgTucNsExDnu4arTGraoAwzHg0cVLiKT/Cxj9NL4dcMgxRXsPdHfXb0
923C7xYd2t2qfW05umgaj7qeQl6c68CFNsGX4JA8rWFQZvvGx5DGlK4KTcjPuQQINs5fxasNKqLY
2hq+z82x/rqwr2hmyizD6FpFSyIABPEMPfB036GEhRwu1WEMkq8yIp2jgRUoFYke9pB3ph9pVow0
Hh4mNFSKD4pP41VSKY1nus83mdkuukPy5o0CAwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMC
BsAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAGuJ+dasb3/Mb7TBJ1Oe
al5ISq8d2LQD5ke5qnjgSQWKXfQ9fcUy3dWnt3Oked/i8B/Tyk3jCdTZJU3J3iRNgTqFfMLP8rU1
w2tPYBjjuPKiiK4YRBHPxtFxPdOL1BPmL4ZzNs33Lv6H0m4aff9p6QpMclX5b/CRjl+80JWRLiLj
U3B0CejZB9dJrPr9SBaC31cDoeTpja9Cl86ip7KkqrZZIYeMuNF6ucWyWtjrW2kr3UhmEy8x/6y4
KigsK8sBwmNv4N2Pu3RppeIcpjYj5NVA1hwRA4eeMgJp2u+urm3l1oo1UNX1HsSSBHp1Owc9zZLm
07Pl8T46kpIA4sroCAU=</X509Certificate>
</X509Data>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</SoftwareIdentity>
</ns2:SoftwareIdentity>