ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-20 17:52:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated the provisioner to look into the tcg properties file for the location of the certificates that are to be uploaded instead of using the tpm (if the file is not in the tpm).

Browse Source
This commit is contained in:
Cyrus 2020-11-27 13:09:04 -05:00
parent e3b8ce25d7
commit 61359e1920
4 changed files with 51 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
HIRS_ProvisionerTPM2/include/Utils.h
View File

@ -5,6 +5,7 @@
#define HIRS_PROVISIONERTPM2_INCLUDE_UTILS_H_
#include <string>
#include <vector>
namespace hirs {
@ -32,6 +33,8 @@ namespace file_utils {
std::string getFileAsOneLineOrEmptyString(const std::string& filename);
std::vector<std::string> searchDirectory(const std::string& directory);
void writeBinaryFile(const std::string& bytes,
const std::string& filename);

11
HIRS_ProvisionerTPM2/package/rpm-post-install.sh
View File

@ -41,9 +41,10 @@ fi
ln -s -f /etc/hirs/provisioner/hirs-provisioner.sh /usr/sbin/hirs-provisioner
TCG_BOOT_FILE="/etc/hirs/tcg_boot.properties"
MAINFEST_DIRECTORY="/boot/tcg/manifest"
LOG_FILE_LOCATION="$MAINFEST_DIRECTORY/rim/"
TAG_FILE_LOCATION="$MAINFEST_DIRECTORY/swidtag/"
TCG_DIRECTORY="/boot/tcg"
LOG_FILE_LOCATION="$TCG_DIRECTORY/manifest/rim/"
TAG_FILE_LOCATION="$TCG_DIRECTORY/manifest/swidtag/"
CREDENTIALS_LOCATION="$TCG_DIRECTORY/cert/platform/"
if [ ! -f "$TCG_BOOT_FILE" ]; then
touch "$TCG_BOOT_FILE"
@ -59,4 +60,8 @@ if [ -d "$TAG_FILE_LOCATION" ]; then
echo "tcg.swidtag.file=$SWID_FILE" >> "$TCG_BOOT_FILE"
fi
if [ -d "$CREDENTIALS_LOCATION" ]; then
echo "tcg.cert.dir=$CREDENTIALS_LOCATION" >> "$TCG_BOOT_FILE"
fi
chmod -w "$TCG_BOOT_FILE"

17
HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
View File

@ -44,6 +44,7 @@ int provision() {
Logger logger = Logger::getDefaultLogger();
CommandTpm2 tpm2;
Properties props("/etc/hirs/tcg_boot.properties");
tpm2.setAuthData();
// get endorsement credential and endorsement key
@ -62,14 +63,26 @@ int provision() {
cout << "----> Collecting platform credential from TPM" << endl;
string platformCredential = tpm2.getPlatformCredentialDefault();
std::vector<string> platformCredentials;
platformCredentials.push_back(platformCredential);
// if platformCredential is empty, not in TPM
// pull from properties file
if (platformCredential.empty()) {
const std::string& cert_dir = props.get("tcg.cert.dir", "");
try {
platformCredentials =
hirs::file_utils::searchDirectory(cert_dir);
} catch (HirsRuntimeException& hirsRuntimeException) {
logger.error(hirsRuntimeException.what());
}
} else {
platformCredentials.push_back(platformCredential);
}
// collect device info
cout << "----> Collecting device information" << endl;
hirs::pb::DeviceInfo dv = DeviceInfoCollector::collectDeviceInfo();
dv.set_pcrslist(tpm2.getPcrList());
// collect TCG Boot files
Properties props("/etc/hirs/tcg_boot.properties");
const std::string& rim_file = props.get("tcg.rim.file", "");
const std::string& swid_file = props.get("tcg.swidtag.file", "");
try {

25
HIRS_ProvisionerTPM2/src/Utils.cpp
View File

@ -6,6 +6,7 @@
#include <re2/re2.h>
#include <dirent.h>
#include <sys/stat.h>
#include <sstream>
#include <iomanip>
@ -118,6 +119,30 @@ namespace file_utils {
return string_utils::trimNewLines(fileToString(filename, ""));
}
vector<string> searchDirectory(const string& directory) {
DIR *dr;
std::vector<string> platform_credentials;
dr = opendir(directory.c_str());
if (dr) {
struct dirent *en;
while ((en = readdir(dr)) != NULL) {
stringstream ss;
ss << directory.c_str();
ss << en->d_name;
try {
platform_credentials.push_back(fileToString(ss.str()));
} catch (HirsRuntimeException& hirsRuntimeException) {
std::cout << hirsRuntimeException.what();
}
}
// close directory
closedir(dr);
}
return platform_credentials;
}
/**
* Takes a byte string and writes the contents to a file of the given name.
* @param bytes string bytes to write