ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-03-10 22:44:26 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Updated the code to compare the composite hash and the calculated value.

Browse Source
This commit is contained in:
Cyrus 2020-08-28 07:14:27 -04:00
parent 0ab91b9b41
commit 5fe19c5904
3 changed files with 10 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -448,20 +448,19 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
} }
// Generate validation summary, save it, and return it. // Generate validation summary, save it, and return it.
List<SupplyChainValidation> validations = new ArrayList<>(); List<SupplyChainValidation> validations = new ArrayList<>();
validations.addAll(summary.getValidations()); validations.addAll(summary.getValidations());
validations.add(quoteScv); validations.add(quoteScv);
newSummary = new SupplyChainValidationSummary(device, validations); newSummary = new SupplyChainValidationSummary(device, validations);
try { try {
supplyChainValidatorSummaryManager.update(newSummary); supplyChainValidatorSummaryManager.save(summary);
} catch (DBManagerException ex) { } catch (DBManagerException ex) {
LOGGER.error("Failed to save Supply Chain summary", ex); LOGGER.error("Failed to save Supply Chain summary", ex);
} }
} }
return newSummary; return summary;
} }
private SupplyChainValidation validateEndorsementCredential(final EndorsementCredential ec, private SupplyChainValidation validateEndorsementCredential(final EndorsementCredential ec,

22
HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java
View File

@ -9,12 +9,12 @@ import hirs.data.persist.tpm.PcrComposite;
import hirs.data.persist.tpm.PcrInfoShort; import hirs.data.persist.tpm.PcrInfoShort;
import hirs.data.persist.tpm.PcrSelection; import hirs.data.persist.tpm.PcrSelection;
import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import java.io.UnsupportedEncodingException; import java.nio.charset.Charset;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Arrays; import java.util.Arrays;
import java.util.Base64;
/** /**
* The class handles the flags that ignore certain PCRs for validation. * The class handles the flags that ignore certain PCRs for validation.
@ -100,6 +100,8 @@ public final class PCRPolicy extends Policy {
LOGGER.info("Validating quote from associated device."); LOGGER.info("Validating quote from associated device.");
boolean validated = false; boolean validated = false;
short localityAtRelease = 0; short localityAtRelease = 0;
Charset charset = Charset.forName("UTF-8");
String quoteString = new String(tpmQuote, charset);
TPMMeasurementRecord[] measurements = new TPMMeasurementRecord[baselinePcrs.length]; TPMMeasurementRecord[] measurements = new TPMMeasurementRecord[baselinePcrs.length];
try { try {
@ -118,25 +120,17 @@ public final class PCRPolicy extends Policy {
tpmQuote, pcrComposite); tpmQuote, pcrComposite);
try { try {
validated = Arrays.equals(pcrInfoShort.getCalculatedDigest(), String calculatedString = Hex.encodeHexString(
pcrInfoShort.getCompositeHash()); pcrInfoShort.getCalculatedDigest());
validated = quoteString.contains(calculatedString);
if (validated) { if (validated) {
LOGGER.error("This is matching: "); LOGGER.error("This is matching: ");
String value = Base64.getEncoder().encodeToString(pcrInfoShort
.getCalculatedDigest());
LOGGER.error(value);
LOGGER.error(new String(pcrInfoShort.getCompositeHash(), "UTF-8"));
} else { } else {
LOGGER.error("This is NOT matching: "); LOGGER.error("This is NOT matching: ");
String value = new String(pcrInfoShort
.getCalculatedDigest(), "UTF-8");
LOGGER.error(value);
LOGGER.error(new String(pcrInfoShort.getCompositeHash(), "UTF-8"));
} }
} catch (NoSuchAlgorithmException naEx) { } catch (NoSuchAlgorithmException naEx) {
LOGGER.error(naEx); LOGGER.error(naEx);
} catch (UnsupportedEncodingException ueEx) {
LOGGER.error(ueEx);
} }
return validated; return validated;

2
HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java
View File

@ -270,7 +270,6 @@ public class PcrInfoShort {
while (iter.hasNext()) { while (iter.hasNext()) {
TPMMeasurementRecord record = (TPMMeasurementRecord) iter.next(); TPMMeasurementRecord record = (TPMMeasurementRecord) iter.next();
LOGGER.error(record.getHash());
byteBuffer.put(record.getHash().getDigest()); byteBuffer.put(record.getHash().getDigest());
} }
@ -288,7 +287,6 @@ public class PcrInfoShort {
* @return byte array representing the PcrInfoShort object * @return byte array representing the PcrInfoShort object
*/ */
public final byte[] getValue() { public final byte[] getValue() {
ByteBuffer byteBuffer = ByteBuffer.allocate(getLength()); ByteBuffer byteBuffer = ByteBuffer.allocate(getLength());
byteBuffer.put(pcrSelection.getValue()); byteBuffer.put(pcrSelection.getValue());
byteBuffer.put((byte) localityAtRelease); byteBuffer.put((byte) localityAtRelease);