ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated the code to compare the composite hash and the calculated value.

Browse Source
This commit is contained in:
Cyrus 2020-08-28 07:14:27 -04:00
parent 0ab91b9b41
commit 5fe19c5904
3 changed files with 10 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -448,20 +448,19 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
}
// Generate validation summary, save it, and return it.
List<SupplyChainValidation> validations = new ArrayList<>();
validations.addAll(summary.getValidations());
validations.add(quoteScv);
newSummary = new SupplyChainValidationSummary(device, validations);
try {
supplyChainValidatorSummaryManager.update(newSummary);
supplyChainValidatorSummaryManager.save(summary);
} catch (DBManagerException ex) {
LOGGER.error("Failed to save Supply Chain summary", ex);
}
}
return newSummary;
return summary;
}
private SupplyChainValidation validateEndorsementCredential(final EndorsementCredential ec,

22
HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java
View File

@ -9,12 +9,12 @@ import hirs.data.persist.tpm.PcrComposite;
import hirs.data.persist.tpm.PcrInfoShort;
import hirs.data.persist.tpm.PcrSelection;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.logging.log4j.Logger;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
/**
* The class handles the flags that ignore certain PCRs for validation.
@ -100,6 +100,8 @@ public final class PCRPolicy extends Policy {
LOGGER.info("Validating quote from associated device.");
boolean validated = false;
short localityAtRelease = 0;
Charset charset = Charset.forName("UTF-8");
String quoteString = new String(tpmQuote, charset);
TPMMeasurementRecord[] measurements = new TPMMeasurementRecord[baselinePcrs.length];
try {
@ -118,25 +120,17 @@ public final class PCRPolicy extends Policy {
tpmQuote, pcrComposite);
try {
validated = Arrays.equals(pcrInfoShort.getCalculatedDigest(),
pcrInfoShort.getCompositeHash());
String calculatedString = Hex.encodeHexString(
pcrInfoShort.getCalculatedDigest());
validated = quoteString.contains(calculatedString);
if (validated) {
LOGGER.error("This is matching: ");
String value = Base64.getEncoder().encodeToString(pcrInfoShort
.getCalculatedDigest());
LOGGER.error(value);
LOGGER.error(new String(pcrInfoShort.getCompositeHash(), "UTF-8"));
} else {
LOGGER.error("This is NOT matching: ");
String value = new String(pcrInfoShort
.getCalculatedDigest(), "UTF-8");
LOGGER.error(value);
LOGGER.error(new String(pcrInfoShort.getCompositeHash(), "UTF-8"));
}
} catch (NoSuchAlgorithmException naEx) {
LOGGER.error(naEx);
} catch (UnsupportedEncodingException ueEx) {
LOGGER.error(ueEx);
}
return validated;

2
HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java
View File

@ -270,7 +270,6 @@ public class PcrInfoShort {
while (iter.hasNext()) {
TPMMeasurementRecord record = (TPMMeasurementRecord) iter.next();
LOGGER.error(record.getHash());
byteBuffer.put(record.getHash().getDigest());
}
@ -288,7 +287,6 @@ public class PcrInfoShort {
* @return byte array representing the PcrInfoShort object
*/
public final byte[] getValue() {
ByteBuffer byteBuffer = ByteBuffer.allocate(getLength());
byteBuffer.put(pcrSelection.getValue());
byteBuffer.put((byte) localityAtRelease);