ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-04-07 19:34:27 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Some additional updates that included deviceNames as a means to pull RIM information. In addition updated the display of the failures, adding filters for like events from the baseline.

Browse Source
This commit is contained in:
Cyrus 2021-05-20 06:26:07 -04:00
parent ddc36d81f4
commit 65d596a756
6 changed files with 107 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -900,12 +900,13 @@ public abstract class AbstractAttestationCertificateAuthority
this.referenceManifestManager.update(dbBaseRim);
}
generateDigestRecords(hw.getManufacturer(), hw.getProductName());
generateDigestRecords(hw.getManufacturer(), hw.getProductName(),
dv.getNw().getHostname());
if (dv.hasLivelog()) {
LOG.info("Device sent bios measurement log...");
fileName = String.format("%s.measurement",
defaultClientName);
dv.getNw().getHostname());
try {
// find previous version. If it exists, delete it
measurements = EventLogMeasurements.select(referenceManifestManager)
@ -948,7 +949,8 @@ public abstract class AbstractAttestationCertificateAuthority
return dvReport;
}
private boolean generateDigestRecords(final String manufacturer, final String model) {
private boolean generateDigestRecords(final String manufacturer, final String model,
final String deviceName) {
List<ReferenceDigestValue> rdValues;
Set<SupportReferenceManifest> dbSupportRims = SupportReferenceManifest
.select(referenceManifestManager).byManufacturer(manufacturer).getRIMs();
@ -957,6 +959,7 @@ public abstract class AbstractAttestationCertificateAuthority
if (dbSupport.getPlatformModel().equals(model)) {
ReferenceDigestRecord dbObj = new ReferenceDigestRecord(dbSupport,
manufacturer, model);
dbObj.setDeviceName(deviceName);
// this is where we update or create the log
ReferenceDigestRecord rdr = this.referenceDigestManager.getRecord(dbObj);
if (dbSupport.isBaseSupport()) {

78
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -101,7 +101,7 @@ public class ReferenceManifestDetailsPageController
if (params.getId() == null) {
String typeError = "ID was not provided";
messages.addError(typeError);
LOGGER.error(typeError);
LOGGER.debug(typeError);
mav.addObject(MESSAGES_ATTRIBUTE, messages);
} else {
try {
@ -494,9 +494,9 @@ public class ReferenceManifestDetailsPageController
HashMap<String, Object> data = new HashMap<>();
LinkedList<TpmPcrEvent> livelogEvents = new LinkedList<>();
BaseReferenceManifest base = null;
SupportReferenceManifest support = null;
TCGEventLog supportLog = null;
ReferenceDigestRecord digestRecord = null;
List<SupportReferenceManifest> supports = new ArrayList<>();
SupportReferenceManifest baseSupport = null;
List<ReferenceDigestRecord> digestRecords = new LinkedList<>();
data.put("supportFilename", "Blank");
data.put("supportId", "");
@ -504,25 +504,28 @@ public class ReferenceManifestDetailsPageController
data.put("rimType", measurements.getRimType());
data.put("hostName", measurements.getDeviceName());
if (measurements.getPlatformManufacturer() != null) {
digestRecord = referenceDigestManager.getRecord(measurements
.getPlatformManufacturer(),
measurements.getPlatformModel());
support = SupportReferenceManifest
if (measurements.getDeviceName() != null) {
digestRecords = referenceDigestManager
.getRecordsByDeviceName(measurements.getDeviceName());
supports.addAll(SupportReferenceManifest
.select(referenceManifestManager)
.byManufacturer(measurements
.getPlatformManufacturer()).getRIM();
if (support != null) {
data.put("supportFilename", support.getFileName());
data.put("supportId", support.getId());
.byDeviceName(measurements
.getDeviceName()).getRIMs());
for (SupportReferenceManifest support : supports) {
if (support.isBaseSupport()) {
baseSupport = support;
}
}
if (baseSupport != null) {
data.put("supportFilename", baseSupport.getFileName());
data.put("supportId", baseSupport.getId());
base = BaseReferenceManifest
.select(referenceManifestManager)
.byEntityId(support.getAssociatedRim())
.byEntityId(baseSupport.getAssociatedRim())
.getRIM();
data.put("tagId", support.getTagId());
data.put("tagId", baseSupport.getTagId());
if (base != null) {
data.put("baseId", base.getId());
@ -531,11 +534,13 @@ public class ReferenceManifestDetailsPageController
}
TCGEventLog measurementLog = new TCGEventLog(measurements.getRimBytes());
List<ReferenceDigestValue> eventValue;
List<ReferenceDigestValue> eventValue = new ArrayList<>();
Map<String, ReferenceDigestValue> eventValueMap = new HashMap<>();
if (digestRecord != null) {
eventValue = referenceEventManager
.getValuesByRecordId(digestRecord);
if (!digestRecords.isEmpty()) {
for (ReferenceDigestRecord rdr : digestRecords) {
eventValue.addAll(referenceEventManager
.getValuesByRecordId(rdr));
}
for (ReferenceDigestValue rdv : eventValue) {
eventValueMap.put(rdv.getDigestValue(), rdv);
}
@ -546,17 +551,34 @@ public class ReferenceManifestDetailsPageController
}
}
if (support != null) {
if (!supports.isEmpty()) {
Map<String, List<TpmPcrEvent>> baselineLogEvents = new HashMap<>();
List<TpmPcrEvent> baselines = null;
List<TpmPcrEvent> matchedEvents = null;
List<TpmPcrEvent> combinedBaselines = new LinkedList<>();
for (SupportReferenceManifest support : supports) {
combinedBaselines.addAll(support.getEventLog());
}
String bootVariable;
String variablePrefix = "Variable Name:";
String variableSuffix = "UEFI_GUID";
for (TpmPcrEvent tpe : livelogEvents) {
baselines = new ArrayList<>();
for (TpmPcrEvent supports : support.getEventLog()) {
if (supports.getEventType() == tpe.getEventType()) {
baselines.add(supports);
matchedEvents = new ArrayList<>();
for (TpmPcrEvent tpmPcrEvent : combinedBaselines) {
if (tpmPcrEvent.getEventType() == tpe.getEventType()) {
if (tpe.getEventContentStr().contains(variablePrefix)) {
bootVariable = tpe.getEventContentStr().substring((
tpe.getEventContentStr().indexOf(variablePrefix)
+ variablePrefix.length()),
tpe.getEventContentStr().indexOf(variableSuffix));
if (tpmPcrEvent.getEventContentStr().contains(bootVariable)) {
matchedEvents.add(tpmPcrEvent);
}
} else {
matchedEvents.add(tpmPcrEvent);
}
}
}
baselineLogEvents.put(tpe.getEventDigestStr(), baselines);
baselineLogEvents.put(tpe.getEventDigestStr(), matchedEvents);
}
data.put("eventTypeMap", baselineLogEvents);
}

22
HIRS_Utils/src/main/java/hirs/data/persist/ReferenceDigestRecord.java
View File

@ -28,6 +28,8 @@ public class ReferenceDigestRecord extends ArchivableEntity {
private String manufacturer;
@Column(nullable = false)
private String model;
@Column(nullable = false)
private String deviceName;
@Column(columnDefinition = "blob", nullable = true)
private byte[] valueBlob;
@ -134,6 +136,22 @@ public class ReferenceDigestRecord extends ArchivableEntity {
this.model = model;
}
/**
* Getter for the deviceName associated.
* @return the string of the deviceName
*/
public String getDeviceName() {
return deviceName;
}
/**
* Setter for the deviceName associated.
* @param deviceName the string of the model
*/
public void setDeviceName(final String deviceName) {
this.deviceName = deviceName;
}
/**
* Getter for the byte array of event values.
* @return a clone of the byte array
@ -158,7 +176,7 @@ public class ReferenceDigestRecord extends ArchivableEntity {
*/
@Override
public String toString() {
return String.format("ReferenceDigestRecord: %s%n%s -> %s",
super.toString(), this.manufacturer, this.model);
return String.format("ReferenceDigestRecord: %s%n%s::%s::%s",
super.toString(), this.manufacturer, this.model, this.deviceName);
}
}

22
HIRS_Utils/src/main/java/hirs/persist/DBReferenceDigestManager.java
View File

@ -108,6 +108,28 @@ public class DBReferenceDigestManager extends DBManager<ReferenceDigestRecord>
return dbRecord;
}
@Override
public List<ReferenceDigestRecord> getRecordsByDeviceName(final String deviceName) {
LOGGER.debug("Getting record for {}", deviceName);
if (deviceName == null) {
LOGGER.error("No deviceName to get record from db");
return null;
}
List<ReferenceDigestRecord> dbRecords = new ArrayList<>();
try {
List<ReferenceDigestRecord> dbTempList = super.getList(ReferenceDigestRecord.class);
for (ReferenceDigestRecord rdr : dbTempList) {
if (rdr.getDeviceName().equals(deviceName)) {
dbRecords.add(rdr);
}
}
} catch (DBManagerException dbMEx) {
throw new RuntimeException(dbMEx);
}
return dbRecords;
}
@Override
public ReferenceDigestRecord getRecordById(final ReferenceDigestRecord referenceDigestRecord) {
LOGGER.debug("Getting record for {}", referenceDigestRecord);

8
HIRS_Utils/src/main/java/hirs/persist/ReferenceDigestManager.java
View File

@ -37,6 +37,14 @@ public interface ReferenceDigestManager {
*/
ReferenceDigestRecord getRecord(String manufacturer, String model);
/**
* Persists a new Reference Digest.
*
* @param deviceName the string of the network hostname
* @return the persisted ReferenceDigestRecord list
*/
List<ReferenceDigestRecord> getRecordsByDeviceName(String deviceName);
/**
* Persists a new Reference Digest.
*

2
HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java
View File

@ -212,7 +212,7 @@ public class TpmPcrEvent {
}
/**
* Returns a formatted string of the type for the event minus the byte code
* Returns a formatted string of the type for the event minus the byte code.
* @return a string formatted to be human readable
*/
public String getEventTypeString() {