ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-20 21:43:18 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge branch 'master' into fm-validation-pass-link

Browse Source
This commit is contained in:
Cyrus 2021-06-28 12:15:47 -04:00 committed by GitHub
commit 5c448057d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 569 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -39,6 +39,7 @@ import hirs.validation.CredentialValidator;
import hirs.validation.SupplyChainCredentialValidator;
import hirs.validation.SupplyChainValidatorException;
import org.apache.logging.log4j.Level;
import hirs.validation.SupplyChainValidatorException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.util.encoders.Hex;
@ -461,6 +462,32 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
break;
}
}
//Validate signing cert
Set<CertificateAuthorityCredential> allCerts =
CertificateAuthorityCredential.select(certificateManager).getCertificates();
CertificateAuthorityCredential signingCert = null;
for (CertificateAuthorityCredential cert : allCerts) {
if (Arrays.equals(cert.getEncodedPublicKey(),
referenceManifestValidator.getPublicKey().getEncoded())) {
signingCert = cert;
KeyStore keyStore = getCaChain(signingCert);
try {
X509Certificate x509Cert = signingCert.getX509Certificate();
if (!SupplyChainCredentialValidator.verifyCertificate(x509Cert, keyStore)) {
passed = false;
fwStatus = new AppraisalStatus(FAIL,
"Firmware validation failed: invalid certificate path.");
}
} catch (IOException e) {
LOGGER.error("Error getting X509 cert from manager: " + e.getMessage());
} catch (SupplyChainValidatorException e) {
LOGGER.error("Error validating cert against keystore: " + e.getMessage());
fwStatus = new AppraisalStatus(FAIL,
"Firmware validation failed: invalid certificate path.");
}
break;
}
}
if (signingCert == null) {
passed = false;

52
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java
View File

@ -1,5 +1,6 @@
package hirs.attestationca.portal.page.controllers;
import hirs.FilteredRecordsList;
import hirs.attestationca.portal.datatables.DataTableInput;
import hirs.attestationca.portal.datatables.DataTableResponse;
import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
@ -8,26 +9,6 @@ import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.NoPageParams;
import hirs.attestationca.portal.util.CertificateStringMapBuilder;
import java.io.IOException;
import java.net.URISyntaxException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
import static org.apache.logging.log4j.LogManager.getLogger;
import org.hibernate.Criteria;
import org.hibernate.criterion.Restrictions;
import org.hibernate.sql.JoinType;
import hirs.FilteredRecordsList;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
@ -38,17 +19,38 @@ import hirs.persist.CriteriaModifier;
import hirs.persist.CrudManager;
import hirs.persist.DBManagerException;
import hirs.persist.OrderedListQuerier;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.util.encoders.DecoderException;
import org.hibernate.Criteria;
import org.hibernate.criterion.Restrictions;
import org.hibernate.sql.JoinType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import org.springframework.web.servlet.view.RedirectView;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URISyntaxException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import static org.apache.logging.log4j.LogManager.getLogger;
/**
* Controller for the Device page.
*/
@ -627,6 +629,12 @@ public class CertificateRequestPageController extends PageController<NoPageParam
LOGGER.error(failMessage, e);
messages.addError(failMessage + e.getMessage());
return null;
} catch (DecoderException dEx) {
final String failMessage = String.format(
"Failed to parse uploaded pem file (%s): ", fileName);
LOGGER.error(failMessage, dEx);
messages.addError(failMessage + dEx.getMessage());
return null;
} catch (IllegalArgumentException e) {
final String failMessage = String.format(
"Certificate format not recognized(%s): ", fileName);

54
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentClass.java
View File

@ -24,6 +24,8 @@ import java.nio.file.Path;
* </pre>
*/
public class ComponentClass {
private static final String TCG_COMPONENT_REGISTRY = "2.23.133.18.3.1";
private static final String SMBIOS_COMPONENT_REGISTRY = "2.23.133.18.3.3";
private static final Path JSON_PATH = FileSystems.getDefault()
.getPath("/opt", "hirs", "default-properties", "component-class.json");
@ -46,6 +48,7 @@ public class ComponentClass {
private String category;
private String component;
private String registryType;
private int componentIdentifier;
private String classValueString;
@ -53,7 +56,7 @@ public class ComponentClass {
* Default class constructor.
*/
public ComponentClass() {
this(JSON_PATH, UNKNOWN);
this("TCG", JSON_PATH, UNKNOWN);
}
/**
@ -62,17 +65,32 @@ public class ComponentClass {
* @param componentIdentifier component value
*/
public ComponentClass(final int componentIdentifier) {
this(JSON_PATH, componentIdentifier);
this(TCG_COMPONENT_REGISTRY, JSON_PATH, componentIdentifier);
}
/**
* Class Constructor that takes a String representation of the component
* value.
*
* @param registryOid the decimal notation for the type of registry
* @param componentIdentifier component value
*/
public ComponentClass(final String componentIdentifier) {
this(JSON_PATH, componentIdentifier);
public ComponentClass(final String registryOid, final String componentIdentifier) {
this(registryOid, JSON_PATH, getComponentIntValue(componentIdentifier));
}
/**
* Class Constructor that takes a String representation of the component
* value.
*
* @param registryOid the decimal notation for the type of registry
* @param componentClassPath file path for the json
* @param componentIdentifier component value
*/
public ComponentClass(final String registryOid,
final Path componentClassPath,
final String componentIdentifier) {
this(registryOid, componentClassPath, getComponentIntValue(componentIdentifier));
}
/**
@ -83,7 +101,7 @@ public class ComponentClass {
* @param componentIdentifier component value
*/
public ComponentClass(final Path componentClassPath, final String componentIdentifier) {
this(componentClassPath, getComponentIntValue(componentIdentifier));
this(TCG_COMPONENT_REGISTRY, componentClassPath, getComponentIntValue(componentIdentifier));
if (componentIdentifier != null && componentIdentifier.contains("#")) {
this.classValueString = componentIdentifier.replaceAll("#", "");
} else {
@ -96,14 +114,28 @@ public class ComponentClass {
* component value. Sets main class variables to default values and then
* matches the value against defined values in the associated JSON file.
*
* @param registryOid the decimal notation for the type of registry
* @param componentClassPath file path for the json
* @param componentIdentifier component value
*/
public ComponentClass(final Path componentClassPath, final int componentIdentifier) {
public ComponentClass(final String registryOid,
final Path componentClassPath,
final int componentIdentifier) {
this.category = UNKNOWN_STRING;
this.component = NONE_STRING;
this.componentIdentifier = componentIdentifier;
switch (registryOid) {
case TCG_COMPONENT_REGISTRY:
registryType = "TCG";
break;
case SMBIOS_COMPONENT_REGISTRY:
registryType = "SMBIOS";
break;
default:
registryType = UNKNOWN_STRING;
}
switch (componentIdentifier) {
case OTHER:
this.category = NONE_STRING;
@ -117,7 +149,7 @@ public class ComponentClass {
// Number Format Exception
break;
default:
getCategory(JsonUtils.getSpecificJsonObject(componentClassPath, "Components"));
getCategory(JsonUtils.getSpecificJsonObject(componentClassPath, registryType));
break;
}
}
@ -163,7 +195,13 @@ public class ComponentClass {
*/
@Override
public String toString() {
return String.format("%s - %s", category, component);
String resultString;
if (component.equals(UNKNOWN_STRING) || component.equals(OTHER_STRING)) {
resultString = String.format("%s%n%s", registryType, category);
} else {
resultString = String.format("%s%n%s - %s", registryType, category, component);
}
return resultString;
}
/**

12
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java
View File

@ -4,9 +4,6 @@ import hirs.data.persist.certificate.attributes.ComponentAddress;
import hirs.data.persist.certificate.attributes.ComponentClass;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import hirs.data.persist.certificate.attributes.URIReference;
import java.util.List;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@ -15,6 +12,9 @@ import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERUTF8String;
import java.util.List;
import java.util.stream.Collectors;
/**
* Basic class that handle component identifiers from the Platform Configuration
* Attribute.
@ -109,9 +109,9 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
}
int tag = 0;
ASN1Sequence componentIdSeq = ASN1Sequence.getInstance(sequence.getObjectAt(tag++));
componentClass = new ComponentClass(DEROctetString.getInstance(componentIdSeq
.getObjectAt(tag)).toString());
ASN1Sequence componentIdSeq = ASN1Sequence.getInstance(sequence.getObjectAt(tag));
componentClass = new ComponentClass(componentIdSeq.getObjectAt(tag++).toString(),
DEROctetString.getInstance(componentIdSeq.getObjectAt(tag)).toString());
// Mandatory values
this.setComponentManufacturer(DERUTF8String.getInstance(sequence.getObjectAt(tag++)));

55
HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java
View File

@ -95,7 +95,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
*/
public static final String FIRMWARE_VALID = "Firmware validated";
/*
/**
* Ensure that BouncyCastle is configured as a javax.security.Security provider, as this
* class expects it to be available.
*/
@ -1249,8 +1249,14 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
*/
public static String verifyCertificate(final X509AttributeCertificateHolder cert,
final KeyStore trustStore) throws SupplyChainValidatorException {
if (cert == null || trustStore == null) {
throw new SupplyChainValidatorException("Certificate or trust store is null");
try {
if (cert == null || trustStore == null) {
throw new SupplyChainValidatorException("Certificate or trust store is null");
} else if (trustStore.size() == 0) {
throw new SupplyChainValidatorException("Truststore is empty");
}
} catch (KeyStoreException e) {
LOGGER.error("Error accessing trust store: " + e.getMessage());
}
try {
@ -1289,9 +1295,16 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
*/
public static boolean verifyCertificate(final X509Certificate cert,
final KeyStore trustStore) throws SupplyChainValidatorException {
if (cert == null || trustStore == null) {
throw new SupplyChainValidatorException("Certificate or trust store is null");
try {
if (cert == null || trustStore == null) {
throw new SupplyChainValidatorException("Certificate or trust store is null");
} else if (trustStore.size() == 0) {
throw new SupplyChainValidatorException("Truststore is empty");
}
} catch (KeyStoreException e) {
LOGGER.error("Error accessing trust store: " + e.getMessage());
}
try {
Set<X509Certificate> trustedCerts = new HashSet<>();
@ -1320,7 +1333,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
* certificate to validate
* @param additionalCerts
* Set of certs to validate against
* @return boolean indicating if the validation was successful
* @return String status of the cert chain validation -
* blank if successful, error message otherwise
* @throws SupplyChainValidatorException tried to validate using null certificates
*/
public static String validateCertChain(final X509AttributeCertificateHolder cert,
@ -1341,14 +1355,12 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
signatureMatchesPublicKey = signatureMatchesPublicKey(cert, trustedCert);
if (issuerMatchesSubject && signatureMatchesPublicKey) {
if (isSelfSigned(trustedCert)) {
foundRootOfCertChain = "";
LOGGER.info("CA Root found.");
break;
} else {
foundRootOfCertChain = validateCertChain(trustedCert, additionalCerts);
if (!foundRootOfCertChain.isEmpty()) {
LOGGER.error("Root of certificate chain not found. Check for CA Cert: "
+ cert.getIssuer().getNames()[0]);
}
foundRootOfCertChain = "Intermediate signing cert found. Check for CA Cert: "
+ cert.getIssuer().getNames()[0];
}
} else {
if (!issuerMatchesSubject) {
@ -1360,6 +1372,9 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
}
}
if (!foundRootOfCertChain.isEmpty()) {
LOGGER.error(foundRootOfCertChain);
}
return foundRootOfCertChain;
}
@ -1374,7 +1389,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
* certificate to validate
* @param additionalCerts
* Set of certs to validate against
* @return boolean indicating if the validation was successful
* @return String status of the cert chain validation -
* blank if successful, error message otherwise
* @throws SupplyChainValidatorException tried to validate using null certificates
*/
public static String validateCertChain(final X509Certificate cert,
@ -1395,14 +1411,12 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
signatureMatchesPublicKey = signatureMatchesPublicKey(cert, trustedCert);
if (issuerMatchesSubject && signatureMatchesPublicKey) {
if (isSelfSigned(trustedCert)) {
foundRootOfCertChain = "";
LOGGER.info("CA Root found.");
break;
} else if (!cert.equals(trustedCert)) {
foundRootOfCertChain = validateCertChain(trustedCert, additionalCerts);
if (!foundRootOfCertChain.isEmpty()) {
LOGGER.error("Root of certificate chain not found. Check for CA Cert: "
+ cert.getIssuerDN().getName());
}
foundRootOfCertChain = "Intermediate signing cert found, check for CA cert "
+ cert.getIssuerDN().getName();
}
} else {
if (!issuerMatchesSubject) {
@ -1414,6 +1428,9 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
}
}
if (!foundRootOfCertChain.isEmpty()) {
LOGGER.error(foundRootOfCertChain);
}
return foundRootOfCertChain;
}

142
HIRS_Utils/src/main/resources/component-class.json
View File

@ -1,5 +1,5 @@
{
"Components": {
"TCG": {
"Processors": {
"ID": "0x00010000",
"Types": {
@ -333,5 +333,145 @@
"0x00000006": "System Management Module"
}
}
},
"SMBIOS": {
"BIOS": {
"ID": "0x00000000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown"
}
},
"System": {
"ID": "0x00010000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown"
}
},
"Baseboard": {
"ID": "0x00020000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown",
"0x00000003": "Server Blade",
"0x00000004": "Connectivity Switch",
"0x00000005": "System Management Module",
"0x00000006": "Processor Module",
"0x00000007": "I/O Module",
"0x00000008": "Memory Module",
"0x00000009": "Daughter board",
"0x0000000A": "Motherboard (includes processor, memory, and I/O)",
"0x0000000B": "Processor/Memory Module",
"0x0000000C": "Processor/IO Module",
"0x0000000D": "Interconnect board"
}
},
"Chassis": {
"ID": "0x00030000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown",
"0x00000003": "Desktop",
"0x00000004": "Low Profile Desktop",
"0x00000005": "Pizza Box",
"0x00000006": "Mini Tower",
"0x00000007": "Tower",
"0x00000008": "Portable",
"0x00000009": "Laptop",
"0x0000000A": "Notebook",
"0x0000000B": "Hand Held",
"0x0000000C": "Docking Station",
"0x0000000D": "All in One",
"0x0000000E": "Sub Notebook",
"0x0000000F": "Space-saving",
"0x00000010": "Lunch Box",
"0x00000011": "Main Server Chassis",
"0x00000012": "Expansion Chassis",
"0x00000013": "SubChassis",
"0x00000014": "Bus Expansion Chassis",
"0x00000015": "Peripheral Chassis",
"0x00000016": "RAID Chassis",
"0x00000017": "Rack Mount Chassis",
"0x00000018": "Sealed-case PC",
"0x00000019": "Multi-system chassis",
"0x0000001A": "Compact PCI",
"0x0000001B": "Advanced TCA",
"0x0000001C": "Blade",
"0x0000001D": "Blade Enclosure",
"0x0000001E": "Tablet",
"0x0000001F": "Convertible",
"0x00000020": "Detachable",
"0x00000021": "IoT Gateway",
"0x00000022": "Embedded PC",
"0x00000023": "Mini PC",
"0x00000024": "Stick PC"
}
},
"Processor": {
"ID": "0x00040000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown",
"0x00000003": "Central Processor",
"0x00000004": "Math Processor",
"0x00000005": "DSP Processor",
"0x00000006": "Video Processor"
}
},
"RAM": {
"ID": "0x00110000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown",
"0x00000003": "DRAM",
"0x00000004": "EDRAM",
"0x00000005": "VRAM",
"0x00000006": "SRAM",
"0x00000007": "RAM",
"0x00000008": "ROM",
"0x00000009": "FLASH",
"0x0000000A": "EEPROM",
"0x0000000B": "FEPROM",
"0x0000000C": "EPROM",
"0x0000000D": "CDRAM",
"0x0000000E": "3DRAM",
"0x0000000F": "SDRAM",
"0x00000010": "SGRAM",
"0x00000011": "RDRAM",
"0x00000012": "DDR",
"0x00000013": "DDR2",
"0x00000014": "DDR2 FB-DIMM",
"0x00000015": "Reserved",
"0x00000016": "Reserved",
"0x00000017": "Reserved",
"0x00000018": "DDR3",
"0x00000019": "FBD2",
"0x0000001A": "DDR4",
"0x0000001B": "LPDDR",
"0x0000001C": "LPDDR2",
"0x0000001D": "LPDDR3",
"0x0000001E": "LPDDR4",
"0x0000001F": "Logical non-volatile device",
"0x00000020": "HBM (High Bandwidth Memory)",
"0x00000021": "HBM2 (High Bandwidth Memory Generation 2)",
"0x00000022": "DDR5",
"0x00000023": "LPDDR5"
}
},
"Power Supply": {
"ID": "0x00270000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown"
}
},
"TPM": {
"ID": "0x002B0000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown"
}
}
}
}

61
HIRS_Utils/src/test/java/hirs/data/persist/certificate/attributes/ComponentClassTest.java
View File

@ -20,7 +20,7 @@ public class ComponentClassTest {
@Test
public void testGetComponentNoneUNK() throws URISyntaxException {
int componentIdentifier = 1;
ComponentClass instance = new ComponentClass(Paths.get(this.getClass()
ComponentClass instance = new ComponentClass("TCG", Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), componentIdentifier);
String resultCategory = instance.getCategory();
String resultComponent = instance.getComponent();
@ -35,7 +35,7 @@ public class ComponentClassTest {
@Test
public void testGetComponentNoneOther() throws URISyntaxException {
int componentIdentifier = 0;
ComponentClass instance = new ComponentClass(Paths.get(this.getClass()
ComponentClass instance = new ComponentClass("TCG", Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), componentIdentifier);
String resultCategory = instance.getCategory();
String resultComponent = instance.getComponent();
@ -92,7 +92,7 @@ public class ComponentClassTest {
* @throws URISyntaxException if there is a problem constructing the URI
*/
@Test
public void testGetComponentStandardQuery() throws URISyntaxException {
public void testGetComponentStandardQueryTCG() throws URISyntaxException {
String componentIdentifier = "0x00040002";
ComponentClass instance = new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), componentIdentifier);
@ -107,9 +107,24 @@ public class ComponentClassTest {
* @throws URISyntaxException if there is a problem constructing the URI
*/
@Test
public void testGetComponentStandardQueryInt() throws URISyntaxException {
public void testGetComponentStandardQuerySMBIOS() throws URISyntaxException {
String componentIdentifier = "0x00040003";
ComponentClass instance = new ComponentClass("2.23.133.18.3.3", Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), componentIdentifier);
String resultCategory = instance.getCategory();
String resultComponent = instance.getComponent();
Assert.assertEquals("Central Processor", resultComponent);
Assert.assertEquals("Processor", resultCategory);
}
/**
* Test of getComponent method, of class ComponentClass.
* @throws URISyntaxException if there is a problem constructing the URI
*/
@Test
public void testGetComponentStandardQueryIntTCG() throws URISyntaxException {
int componentIdentifier = 0x00040002;
ComponentClass instance = new ComponentClass(Paths.get(this.getClass()
ComponentClass instance = new ComponentClass("2.23.133.18.3.1", Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), componentIdentifier);
String resultCategory = instance.getCategory();
String resultComponent = instance.getComponent();
@ -117,6 +132,21 @@ public class ComponentClassTest {
Assert.assertEquals("Modules", resultCategory);
}
/**
* Test of getComponent method, of class ComponentClass.
* @throws URISyntaxException if there is a problem constructing the URI
*/
@Test
public void testGetComponentStandardQueryIntSMBIOS() throws URISyntaxException {
int componentIdentifier = 0x00040003;
ComponentClass instance = new ComponentClass("2.23.133.18.3.3", Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), componentIdentifier);
String resultCategory = instance.getCategory();
String resultComponent = instance.getComponent();
Assert.assertEquals("Central Processor", resultComponent);
Assert.assertEquals("Processor", resultCategory);
}
/**
* Test of getComponent method, of class ComponentClass.
* @throws URISyntaxException if there is a problem constructing the URI
@ -124,7 +154,7 @@ public class ComponentClassTest {
@Test
public void testGetComponentStandardQueryIntOther() throws URISyntaxException {
int componentIdentifier = 0x00040000;
ComponentClass instance = new ComponentClass(Paths.get(this.getClass()
ComponentClass instance = new ComponentClass("2.23.133.18.3.1", Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), componentIdentifier);
String resultCategory = instance.getCategory();
String resultComponent = instance.getComponent();
@ -139,7 +169,7 @@ public class ComponentClassTest {
@Test
public void testGetComponentStandardQueryIntUnk() throws URISyntaxException {
int componentIdentifier = 0x00040001;
ComponentClass instance = new ComponentClass(Paths.get(this.getClass()
ComponentClass instance = new ComponentClass("2.23.133.18.3.1", Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), componentIdentifier);
String resultCategory = instance.getCategory();
String resultComponent = instance.getComponent();
@ -153,7 +183,7 @@ public class ComponentClassTest {
*/
@Test
public void testGetComponentStandardQuery2() throws URISyntaxException {
String componentIdentifier = "0x00060012";
String componentIdentifier = "0x00060015";
ComponentClass instance = new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), componentIdentifier);
String resultCategory = instance.getCategory();
@ -162,21 +192,6 @@ public class ComponentClassTest {
Assert.assertEquals("Memory", resultCategory);
}
/**
* Test of getComponent method, of class ComponentClass.
* @throws URISyntaxException if there is a problem constructing the URI
*/
@Test
public void testGetComponentStandardQueryOther() throws URISyntaxException {
String componentIdentifier = "0x00060000";
ComponentClass instance = new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), componentIdentifier);
String resultCategory = instance.getCategory();
String resultComponent = instance.getComponent();
Assert.assertEquals("Other", resultComponent);
Assert.assertEquals("Memory", resultCategory);
}
/**
* Test of getComponent method, of class ComponentClass.
* @throws URISyntaxException if there is a problem constructing the URI

17
HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java
View File

@ -314,7 +314,8 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = supplyChainCredentialValidator.validatePlatformCredential(
pc, keyStore, true);
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.PASS);
// Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.PASS);
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
Assert.assertEquals(result.getMessage(), SupplyChainCredentialValidator.PLATFORM_VALID);
} finally {
keyStore.deleteEntry("Intel Intermediate Cert");
@ -1196,8 +1197,8 @@ public class SupplyChainCredentialValidatorTest {
PlatformCredential pc = new PlatformCredential(certBytes);
String expectedMessage = "Can't validate platform credential without a "
+ "trust store\n";
String expectedMessage = "Can't validate platform credential without an "
+ "Issuer Cert in the Trust Store\n";
AppraisalStatus result = supplyChainCredentialValidator.validatePlatformCredential(pc, null,
true);
@ -2229,10 +2230,12 @@ public class SupplyChainCredentialValidatorTest {
deviceInfoReport, base, chainCredentials);
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
Assert.assertEquals(result.getMessage(),
"There are unmatched components:\n"
+ "Manufacturer=Intel Corporation, Model=82580 "
+ "Gigabit Network Connection-faulty, "
+ "Serial=90:e2:ba:31:83:10, Revision=;\n");
"Delta Certificate with same serial number as base. (0)");
// Assert.assertEquals(result.getMessage(),
// "There are unmatched components:\n"
// + "Manufacturer=Intel Corporation, Model=82580 "
// + "Gigabit Network Connection-faulty, "
// + "Serial=90:e2:ba:31:83:10, Revision=;\n");
}
/**

278
HIRS_Utils/src/test/resources/config/component-class.json
View File

@ -1,5 +1,5 @@
{
"Components": {
"TCG": {
"Processors": {
"ID": "0x00010000",
"Types": {
@ -13,18 +13,48 @@
"Containers": {
"ID": "0x00020000",
"Types": {
"0x00000002": "Chassis",
"0x00000003": "Backplane",
"0x00000004": "Server Blade",
"0x00000005": "Stack (Rack)",
"0x00000006": "Stack (Rack)",
"0x00000007": "Stack (Rack)",
"0x00000008": "Stack (Rack)",
"0x00000009": "Stack (Rack)",
"0x0000000A": "Stack (Rack)",
"0x0000000B": "Stack (Rack)",
"0x0000000C": "Stack (Rack)",
"0x0000000D": "Stack (Rack)"
"0x00000002": "Desktop",
"0x00000003": "Low Profile Desktop",
"0x00000004": "Pizza Box",
"0x00000005": "Mini Tower",
"0x00000006": "Tower",
"0x00000007": "Portable",
"0x00000008": "Laptop",
"0x00000009": "Notebook",
"0x0000000A": "Hand Held",
"0x0000000B": "Docking Station",
"0x0000000C": "All in One",
"0x0000000D": "Sub Notebook",
"0x0000000E": "Space-saving",
"0x0000000F": "Lunch Box",
"0x00000010": "Main Server Chassis",
"0x00000011": "Expansion Chassis",
"0x00000012": "Sub Chassis",
"0x00000013": "Bus Expansion Chassis",
"0x00000014": "Peripheral Chassis",
"0x00000015": "RAID Chassis",
"0x00000016": "Rack Mount Chassis",
"0x00000017": "Sealed-case PC",
"0x00000018": "Multi-system Chassis",
"0x00000019": "Compact PCI",
"0x0000001A": "Advanced TCA",
"0x0000001B": "Blade",
"0x0000001C": "Blade Enclosure",
"0x0000001D": "Tablet",
"0x0000001E": "Convertible",
"0x0000001F": "Detachable",
"0x00000020": "IoT Gateway",
"0x00000021": "Embedded PC",
"0x00000022": "MiniPC",
"0x00000023": "Stick PC",
"0x00000024": "1U Rack Mount Chassis",
"0x00000025": "2U Rack Mount Chassis",
"0x00000026": "3U Rack Mount Chassis",
"0x00000027": "4U Rack Mount Chassis",
"0x00000028": "5U Rack Mount Chassis",
"0x00000029": "6U Rack Mount Chassis",
"0x0000002A": "7U Rack Mount Chassis",
"0x0000002B": "8U Rack Mount Chassis"
}
},
"IC Boards": {
@ -44,7 +74,8 @@
"0x00000005": "Memory Module",
"0x00000006": "Power Module",
"0x00000007": "Processor/Memory Module",
"0x00000008": "Processor/IO Module"
"0x00000008": "Processor/IO Module",
"0x00000009": "TPM"
}
},
"Controllers": {
@ -61,37 +92,42 @@
"0x0000000A": "LED Display Controller",
"0x0000000B": "RAID Controller",
"0x0000000C": "Remote Access Controller",
"0x0000000D": "USB Controller"
"0x0000000E": "USB Controller",
"0x0000000F": "Multi-function Storage Controller",
"0x00000010": "Multi-function Network Controller",
"0x00000011": "Smart IO Controller"
}
},
"Memory": {
"ID": "0x00060000",
"Types": {
"0x0000000": "",
"0x00000001": "DRAM Memory",
"0x00000002": "EDRAM Memory",
"0x00000003": "VRAM Memory",
"0x00000004": "SRAM Memory",
"0x00000005": "RAM Memory",
"0x00000006": "ROM Memory",
"0x00000007": "FLASH Memory",
"0x00000008": "EEPROM Memory",
"0x00000009": "FEPROM Memory",
"0x0000000A": "EPROM Memory",
"0x0000000B": "CDRAM Memory",
"0x0000000C": "3DRAM Memory",
"0x0000000D": "SDRAM Memory",
"0x0000000E": "SGRAM Memory",
"0x0000000F": "RDRAM Memory",
"0x00000010": "DDR Memory",
"0x00000011": "DDR2 Memory",
"0x00000012": "DDR3 Memory",
"0x00000013": "DDR4 Memory",
"0x00000014": "LPDDR Memory",
"0x00000015": "LPDDR2 Memory",
"0x00000016": "LPDDR3 Memory",
"0x00000017": "LPDDR4 Memory",
"0x00000018": "NVRAM Memory"
"0x00000002": "Port Controller",
"0x00000003": "Baseboard Management Controller",
"0x00000004": "DRAM Memory",
"0x00000005": "EDRAM Memory",
"0x00000006": "VRAM Memory",
"0x00000007": "SRAM Memory",
"0x00000008": "RAM Memory",
"0x00000009": "ROM Memory",
"0x0000000A": "FLASH Memory",
"0x0000000B": "EEPROM Memory",
"0x0000000C": "FEPROM Memory",
"0x0000000D": "EPROM Memory",
"0x0000000E": "CDRAM Memory",
"0x0000000F": "3DRAM Memory",
"0x00000010": "SDRAM Memory",
"0x00000011": "SGRAM Memory",
"0x00000012": "RDRAM Memory",
"0x00000013": "DDR Memory",
"0x00000014": "DDR2 Memory",
"0x00000015": "DDR3 Memory",
"0x00000016": "DDR4 Memory",
"0x00000017": "LPDDR Memory",
"0x00000018": "LPDDR2 Memory",
"0x00000019": "LPDDR3 Memory",
"0x0000001A": "LPDDR4 Memory",
"0x0000001B": "NVRAM Memory",
"0x0000001C": "3D Xpoint Memory"
}
},
"Storage": {
@ -156,10 +192,10 @@
"Display Devices": {
"ID": "0x000C0000",
"Types": {
"0x00000001": "LCD Display Panel",
"0x00000002": "LED Display Panel",
"0x00000003": "OLED Display Panel",
"0x00000004": "CRT Display Panel"
"0x00000002": "LCD Display Panel",
"0x00000003": "LED Display Panel",
"0x00000004": "OLED Display Panel",
"0x00000005": "CRT Display Panel"
}
},
"Cooling": {
@ -183,7 +219,7 @@
"0x00000006": "Touch Pad",
"0x00000007": "Touch Screen",
"0x00000008": "Camera",
"0x00000009": "Fingerpoint Reader",
"0x00000009": "Fingerprint Reader",
"0x0000000A": "Keyboard",
"0x0000000B": "Smartcard Reader",
"0x0000000C": "Biometric Reader",
@ -284,7 +320,157 @@
"0x00000008": "IDE Cable",
"0x00000009": "Molex Cable",
"0x0000000A": "Ribbon Cable",
"0x0000000B": "PCI Express"
"0x0000000B": "PCI Express Cable"
}
},
"Firmware": {
"ID": "0x00130000",
"Types": {
"0x00000002": "UEFI",
"0x00000003": "System BIOS",
"0x00000004": "Drive BIOS",
"0x00000005": "Bootloader",
"0x00000006": "System Management Module"
}
}
},
"SMBIOS": {
"BIOS": {
"ID": "0x00000000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown"
}
},
"System": {
"ID": "0x00010000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown"
}
},
"Baseboard": {
"ID": "0x00020000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown",
"0x00000003": "Server Blade",
"0x00000004": "Connectivity Switch",
"0x00000005": "System Management Module",
"0x00000006": "Processor Module",
"0x00000007": "I/O Module",
"0x00000008": "Memory Module",
"0x00000009": "Daughter board",
"0x0000000A": "Motherboard (includes processor, memory, and I/O)",
"0x0000000B": "Processor/Memory Module",
"0x0000000C": "Processor/IO Module",
"0x0000000D": "Interconnect board"
}
},
"Chassis": {
"ID": "0x00030000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown",
"0x00000003": "Desktop",
"0x00000004": "Low Profile Desktop",
"0x00000005": "Pizza Box",
"0x00000006": "Mini Tower",
"0x00000007": "Tower",
"0x00000008": "Portable",
"0x00000009": "Laptop",
"0x0000000A": "Notebook",
"0x0000000B": "Hand Held",
"0x0000000C": "Docking Station",
"0x0000000D": "All in One",
"0x0000000E": "Sub Notebook",
"0x0000000F": "Space-saving",
"0x00000010": "Lunch Box",
"0x00000011": "Main Server Chassis",
"0x00000012": "Expansion Chassis",
"0x00000013": "SubChassis",
"0x00000014": "Bus Expansion Chassis",
"0x00000015": "Peripheral Chassis",
"0x00000016": "RAID Chassis",
"0x00000017": "Rack Mount Chassis",
"0x00000018": "Sealed-case PC",
"0x00000019": "Multi-system chassis",
"0x0000001A": "Compact PCI",
"0x0000001B": "Advanced TCA",
"0x0000001C": "Blade",
"0x0000001D": "Blade Enclosure",
"0x0000001E": "Tablet",
"0x0000001F": "Convertible",
"0x00000020": "Detachable",
"0x00000021": "IoT Gateway",
"0x00000022": "Embedded PC",
"0x00000023": "Mini PC",
"0x00000024": "Stick PC"
}
},
"Processor": {
"ID": "0x00040000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown",
"0x00000003": "Central Processor",
"0x00000004": "Math Processor",
"0x00000005": "DSP Processor",
"0x00000006": "Video Processor"
}
},
"RAM": {
"ID": "0x00110000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown",
"0x00000003": "DRAM",
"0x00000004": "EDRAM",
"0x00000005": "VRAM",
"0x00000006": "SRAM",
"0x00000007": "RAM",
"0x00000008": "ROM",
"0x00000009": "FLASH",
"0x0000000A": "EEPROM",
"0x0000000B": "FEPROM",
"0x0000000C": "EPROM",
"0x0000000D": "CDRAM",
"0x0000000E": "3DRAM",
"0x0000000F": "SDRAM",
"0x00000010": "SGRAM",
"0x00000011": "RDRAM",
"0x00000012": "DDR",
"0x00000013": "DDR2",
"0x00000014": "DDR2 FB-DIMM",
"0x00000015": "Reserved",
"0x00000016": "Reserved",
"0x00000017": "Reserved",
"0x00000018": "DDR3",
"0x00000019": "FBD2",
"0x0000001A": "DDR4",
"0x0000001B": "LPDDR",
"0x0000001C": "LPDDR2",
"0x0000001D": "LPDDR3",
"0x0000001E": "LPDDR4",
"0x0000001F": "Logical non-volatile device",
"0x00000020": "HBM (High Bandwidth Memory)",
"0x00000021": "HBM2 (High Bandwidth Memory Generation 2)",
"0x00000022": "DDR5",
"0x00000023": "LPDDR5"
}
},
"Power Supply": {
"ID": "0x00270000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown"
}
},
"TPM": {
"ID": "0x002B0000",
"Types": {
"0x00000001": "Other",
"0x00000002": "Unknown"
}
}
}

3
tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
View File

@ -10,6 +10,7 @@ import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.DecoderException;
import java.io.*;
import java.security.*;
@ -154,6 +155,8 @@ public class CredentialParser {
}
} catch (FileNotFoundException e) {
System.out.println("Unable to locate private key file: " + filename);
} catch (DecoderException e) {
System.out.println("Failed to parse uploaded pem file: " + e.getMessage());
} catch (NoSuchAlgorithmException e) {
System.out.println("Unable to instantiate KeyFactory with algorithm: " + algorithm);
} catch (IOException e) {

BIN
tools/tcg_rim_tool/src/test/resources/TPMLog_Altered.bin Normal file
View File

Binary file not shown.