ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #706 from nsacyber/v3_issue-705-provision-error

Browse Source 
[#705] PC Attributes Provision Error
This commit is contained in:
Cyrus 2024-02-08 11:36:10 -05:00 committed by GitHub
commit 672500b6e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 94 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java
View File

@ -730,19 +730,19 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
final List<ComponentIdentifier> pcComponents = new ArrayList<>();
for (ComponentIdentifier component : untrimmedPcComponents) {
if (component.getComponentManufacturer() != null) {
component.setComponentManufacturer((DERUTF8String) ASN1UTF8String.getInstance(
component.setComponentManufacturer(new DERUTF8String(
component.getComponentManufacturer().getString().trim()));
}
if (component.getComponentModel() != null) {
component.setComponentModel((DERUTF8String) ASN1UTF8String.getInstance(
component.setComponentModel(new DERUTF8String(
component.getComponentModel().getString().trim()));
}
if (component.getComponentSerial() != null) {
component.setComponentSerial((DERUTF8String) ASN1UTF8String.getInstance(
component.setComponentSerial(new DERUTF8String(
component.getComponentSerial().getString().trim()));
}
if (component.getComponentRevision() != null) {
component.setComponentRevision((DERUTF8String) ASN1UTF8String.getInstance(
component.setComponentRevision(new DERUTF8String(
component.getComponentRevision().getString().trim()));
}
pcComponents.add(component);

7
HIRS_Utils/src/main/java/hirs/utils/BouncyCastleUtils.java
View File

@ -1,7 +1,5 @@
package hirs.utils;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import lombok.extern.log4j.Log4j2;
import org.bouncycastle.asn1.x500.X500Name;
@ -9,12 +7,15 @@ import org.bouncycastle.asn1.x500.X500Name;
* Utilities class specific for additional Bouncy Castle functionality.
*/
@Log4j2
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public final class BouncyCastleUtils {
private static final String SEPARATOR_COMMA = ",";
private static final String SEPARATOR_PLUS = "+";
private BouncyCastleUtils() {
// intentionally blank, should never be instantiated
}
/**
* This method can be used to compare the distinguished names given from
* certificates. This compare uses X500Name class in bouncy castle, which

3
HIRS_Utils/src/main/java/hirs/utils/VersionHelper.java
View File

@ -23,6 +23,7 @@ public final class VersionHelper {
private static final String OPT_PREFIX = "/opt";
private static final String ETC_PREFIX = "/etc";
private static final String VERSION = "VERSION";
private static final int FILE_BUFFER_SIZE = 8192;
private VersionHelper() {
// intentionally blank, should never be instantiated
@ -91,7 +92,7 @@ public final class VersionHelper {
* @throws IOException
*/
private static String getFileContents(final String filename) throws IOException {
final char[] buffer = new char[8192];
final char[] buffer = new char[FILE_BUFFER_SIZE];
final StringBuilder result = new StringBuilder();
InputStream inputStream = new FileInputStream(filename);

12
HIRS_Utils/src/main/java/hirs/utils/digest/OptionalDigest.java
View File

@ -36,15 +36,15 @@ public final class OptionalDigest extends AbstractDigest {
/**
* Creates a new <code>OptionalDigest</code>.
*
* @param algorithm algorithm used to generate the digest
* @param digest digest value
* @param digestAlgorithm algorithm used to generate the digest
* @param optionalDigest digest value
* @throws IllegalArgumentException if digest length does not match that of the algorithm
*/
public OptionalDigest(final DigestAlgorithm algorithm, final byte[] digest)
public OptionalDigest(final DigestAlgorithm digestAlgorithm, final byte[] optionalDigest)
throws IllegalArgumentException {
validateInput(algorithm, digest);
this.algorithm = algorithm;
this.digest = Arrays.copyOf(digest, digest.length);
validateInput(digestAlgorithm, optionalDigest);
this.algorithm = digestAlgorithm;
this.digest = Arrays.copyOf(optionalDigest, optionalDigest.length);
}
/**

34
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java
View File

@ -169,13 +169,13 @@ public final class TCGEventLog {
}
}
/**
* Creates a TPM baseline using the expected PCR Values.
* Expected PCR Values were Calculated from the EventLog (RIM Support file).
*
* @param name name to call the TPM Baseline
* @return whitelist baseline
*/
// /**
// * Creates a TPM baseline using the expected PCR Values.
// * Expected PCR Values were Calculated from the EventLog (RIM Support file).
// *
// * @param name name to call the TPM Baseline
// * @return whitelist baseline
// */
// public TpmWhiteListBaseline createTPMBaseline(final String name) {
// TpmWhiteListBaseline baseline = new TpmWhiteListBaseline(name);
// TPMMeasurementRecord record;
@ -300,21 +300,21 @@ public final class TCGEventLog {
/**
* Human readable string representing the contents of the Event Log.
* @param bEvent flag to set
* @param bHexEvent flag to set
* @param bContent flag to set
* @param event flag to set
* @param hexEvent flag to set
* @param content flag to set
* @return Description of the log.
*/
public String toString(final boolean bEvent,
final boolean bHexEvent,
final boolean bContent) {
this.bEvent = bEvent;
this.bHexEvent = bHexEvent;
this.bContent = bContent;
public String toString(final boolean event,
final boolean hexEvent,
final boolean content) {
this.bEvent = event;
this.bHexEvent = hexEvent;
this.bContent = content;
return this.toString();
}
/**
* Returns the TCG Algorithm Registry defined ID for the Digest Algorithm
* used in the event log.

107
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
View File

@ -19,9 +19,8 @@ import hirs.utils.tpm.eventlog.uefi.UefiVariable;
import lombok.AccessLevel;
import lombok.Getter;
import lombok.Setter;
import lombok.extern.log4j.Log4j2;
import org.apache.commons.codec.binary.Hex;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.io.ByteArrayInputStream;
import java.io.IOException;
@ -50,8 +49,8 @@ import java.util.Arrays;
* UINT8 Event[EventSize]; //The event data
* } TCG_PCR_EVENT;
*/
@Log4j2
public class TpmPcrEvent {
private static final Logger LOGGER = LogManager.getLogger(TpmPcrEvent.class);
/**
* Indent Offset.
*/
@ -120,10 +119,10 @@ public class TpmPcrEvent {
/**
* Constructor.
*
* @param is ByteArrayInputStream holding the event
* @param baIs ByteArrayInputStream holding the event
* @throws java.io.IOException when event can't be parsed
*/
public TpmPcrEvent(final ByteArrayInputStream is) throws IOException {
public TpmPcrEvent(final ByteArrayInputStream baIs) throws IOException {
}
@ -131,12 +130,12 @@ public class TpmPcrEvent {
* Sets the digest from a TCG_PCR_EVENT digest field.
* This can be SHA1 for older event structures or any algorithm for newer structure.
*
* @param digestData cryptographic hash
* @param digestLength length of the cryptographic hash
* @param data cryptographic hash
* @param length length of the cryptographic hash
*/
protected void setEventDigest(final byte[] digestData, final int digestLength) {
digest = new byte[digestLength];
System.arraycopy(digestData, 0, digest, 0, digestLength);
protected void setEventDigest(final byte[] data, final int length) {
digest = new byte[length];
System.arraycopy(data, 0, digest, 0, length);
}
/**
@ -264,7 +263,7 @@ public class TpmPcrEvent {
specErrataVersion = specID.getErrata();
}
} catch (UnsupportedEncodingException ueEx) {
LOGGER.error(ueEx);
log.error(ueEx);
sb.append(ueEx.toString());
}
break;
@ -285,7 +284,7 @@ public class TpmPcrEvent {
try {
sb.append(new EvSCrtmVersion(eventContent).toString());
} catch (UnsupportedEncodingException ueEx) {
LOGGER.error(ueEx);
log.error(ueEx);
sb.append(ueEx.toString());
}
break;
@ -297,7 +296,7 @@ public class TpmPcrEvent {
try {
sb.append(new EvCompactHash(eventContent).toString());
} catch (UnsupportedEncodingException ueEx) {
LOGGER.error(ueEx);
log.error(ueEx);
sb.append(ueEx.toString());
}
break;
@ -319,13 +318,13 @@ public class TpmPcrEvent {
sb.append(efiVarDescription.substring(0,
efiVarDescription.length() - INDENT_3));
} catch (CertificateException cEx) {
LOGGER.error(cEx);
log.error(cEx);
sb.append(cEx.toString());
} catch (NoSuchAlgorithmException noSaEx) {
LOGGER.error(noSaEx);
log.error(noSaEx);
sb.append(noSaEx.toString());
} catch (IOException ioEx) {
LOGGER.error(ioEx);
log.error(ioEx);
sb.append(ioEx.toString());
}
break;
@ -334,13 +333,13 @@ public class TpmPcrEvent {
try {
sb.append(new UefiVariable(eventContent).toString());
} catch (CertificateException cEx) {
LOGGER.error(cEx);
log.error(cEx);
sb.append(cEx.toString());
} catch (NoSuchAlgorithmException noSaEx) {
LOGGER.error(noSaEx);
log.error(noSaEx);
sb.append(noSaEx.toString());
} catch (IOException ioEx) {
LOGGER.error(ioEx);
log.error(ioEx);
sb.append(ioEx.toString());
}
break;
@ -349,7 +348,7 @@ public class TpmPcrEvent {
try {
sb.append(new EvEfiBootServicesApp(eventContent).toString());
} catch (UnsupportedEncodingException ueEx) {
LOGGER.error(ueEx);
log.error(ueEx);
sb.append(ueEx.toString());
}
break;
@ -359,7 +358,7 @@ public class TpmPcrEvent {
try {
sb.append(new EvEfiGptPartition(eventContent).toString());
} catch (UnsupportedEncodingException ueEx) {
LOGGER.error(ueEx);
log.error(ueEx);
sb.append(ueEx.toString());
}
break;
@ -385,21 +384,21 @@ public class TpmPcrEvent {
/**
* Parses the event content and creates a human readable description of each event.
*
* @param event the byte array holding the event data.
* @param eventContent the byte array holding the event content.
* @param eventNumber event position within the event log.
* @param eventData the byte array holding the event data.
* @param content the byte array holding the event content.
* @param eventPosition event position within the event log.
* @param hashName name of the hash algorithm used by the event log
* @return String description of the event.
* @throws java.security.cert.CertificateException if the event contains an event that cannot be processed.
* @throws java.security.NoSuchAlgorithmException if an event contains an unsupported algorithm.
* @throws java.io.IOException if the event cannot be parsed.
* @throws CertificateException if the event contains an event that cannot be processed.
* @throws NoSuchAlgorithmException if an event contains an unsupported algorithm.
* @throws java.io.IOException if the event cannot be parsed.
*/
public String processEvent(final byte[] event, final byte[] eventContent, final int eventNumber,
final String hashName)
public String processEvent(final byte[] eventData, final byte[] content,
final int eventPosition, final String hashName)
throws CertificateException, NoSuchAlgorithmException, IOException {
int eventID = (int) eventType;
this.eventNumber = eventNumber;
description += "Event# " + eventNumber + ": ";
this.eventNumber = eventPosition;
description += "Event# " + eventPosition + ": ";
description += "Index PCR[" + getPcrIndex() + "]\n";
description += "Event Type: 0x" + Long.toHexString(eventType) + " " + eventString(eventID);
description += "\n";
@ -412,7 +411,7 @@ public class TpmPcrEvent {
} else if (hashName.compareToIgnoreCase("TPM_ALG_SHA512") == 0) { // Digest
description += "digest (SHA512): " + Hex.encodeHexString(this.digest);
} else {
description += "Unsupported Hash Algorithm encoutered";
description += "Unsupported Hash Algorithm encountered";
}
if (eventID != UefiConstants.SIZE_4) {
description += "\n";
@ -420,10 +419,10 @@ public class TpmPcrEvent {
// Calculate both the SHA1 and SHA256 on the event since this will equal the digest
// field of about half the log messages.
MessageDigest md1 = MessageDigest.getInstance("SHA-1");
md1.update(event);
md1.update(eventData);
eventDataSha1hash = md1.digest();
MessageDigest md2 = MessageDigest.getInstance("SHA-256");
md2.update(event);
md2.update(eventData);
eventDataSha256hash = md2.digest();
switch (eventID) {
@ -431,13 +430,13 @@ public class TpmPcrEvent {
description += " EV_PREBOOT_CERT" + "\n";
break;
case EvConstants.EV_POST_CODE:
EvPostCode postCode = new EvPostCode(eventContent);
EvPostCode postCode = new EvPostCode(content);
description += "Event Content:\n" + postCode.toString();
break;
case EvConstants.EV_UNUSED:
break;
case EvConstants.EV_NO_ACTION:
EvNoAction noAction = new EvNoAction(eventContent);
EvNoAction noAction = new EvNoAction(content);
description += "Event Content:\n" + noAction.toString();
if (noAction.isSpecIDEvent()) {
EvEfiSpecIdEvent specID = noAction.getSpecIDEvent();
@ -446,27 +445,27 @@ public class TpmPcrEvent {
}
break;
case EvConstants.EV_SEPARATOR:
if (EvPostCode.isAscii(eventContent)) {
String separatorEventData = new String(eventContent, StandardCharsets.UTF_8);
if (!this.isBlank(eventContent)) {
if (EvPostCode.isAscii(content)) {
String separatorEventData = new String(content, StandardCharsets.UTF_8);
if (!this.isBlank(content)) {
description += "Separator event content = " + separatorEventData;
}
}
break;
case EvConstants.EV_ACTION:
description += "Event Content:\n"
+ new String(eventContent, StandardCharsets.UTF_8);
+ new String(content, StandardCharsets.UTF_8);
break;
case EvConstants.EV_EVENT_TAG:
EvEventTag eventTag = new EvEventTag(eventContent);
EvEventTag eventTag = new EvEventTag(content);
description += eventTag.toString();
break;
case EvConstants.EV_S_CRTM_CONTENTS:
EvSCrtmContents sCrtmContents = new EvSCrtmContents(eventContent);
EvSCrtmContents sCrtmContents = new EvSCrtmContents(content);
description += "Event Content:\n " + sCrtmContents.toString();
break;
case EvConstants.EV_S_CRTM_VERSION:
EvSCrtmVersion sCrtmVersion = new EvSCrtmVersion(eventContent);
EvSCrtmVersion sCrtmVersion = new EvSCrtmVersion(content);
description += "Event Content:\n" + sCrtmVersion.toString();
break;
case EvConstants.EV_CPU_MICROCODE:
@ -476,11 +475,11 @@ public class TpmPcrEvent {
case EvConstants.EV_TABLE_OF_DEVICES:
break;
case EvConstants.EV_COMPACT_HASH:
EvCompactHash compactHash = new EvCompactHash(eventContent);
EvCompactHash compactHash = new EvCompactHash(content);
description += "Event Content:\n" + compactHash.toString();
break;
case EvConstants.EV_IPL:
EvIPL ipl = new EvIPL(eventContent);
EvIPL ipl = new EvIPL(content);
description += "Event Content:\n" + ipl.toString();
break;
case EvConstants.EV_IPL_PARTITION_DATA:
@ -496,42 +495,42 @@ public class TpmPcrEvent {
case EvConstants.EV_EFI_EVENT_BASE:
break;
case EvConstants.EV_EFI_VARIABLE_DRIVER_CONFIG:
UefiVariable efiVar = new UefiVariable(eventContent);
UefiVariable efiVar = new UefiVariable(content);
String efiVarDescription = efiVar.toString().replace("\n", "\n ");
description += "Event Content:\n " + efiVarDescription.substring(0,
efiVarDescription.length() - INDENT_3);
break;
case EvConstants.EV_EFI_VARIABLE_BOOT:
description += "Event Content:\n" + new UefiVariable(eventContent).toString();
description += "Event Content:\n" + new UefiVariable(content).toString();
break;
case EvConstants.EV_EFI_BOOT_SERVICES_APPLICATION:
EvEfiBootServicesApp bootServices = new EvEfiBootServicesApp(eventContent);
EvEfiBootServicesApp bootServices = new EvEfiBootServicesApp(content);
description += "Event Content:\n" + bootServices.toString();
break;
case EvConstants.EV_EFI_BOOT_SERVICES_DRIVER: // same as EV_EFI_BOOT_SERVICES_APP
EvEfiBootServicesApp bootDriver = new EvEfiBootServicesApp(eventContent);
EvEfiBootServicesApp bootDriver = new EvEfiBootServicesApp(content);
description += "Event Content:\n" + bootDriver.toString();
break;
case EvConstants.EV_EFI_RUNTIME_SERVICES_DRIVER:
break;
case EvConstants.EV_EFI_GPT_EVENT:
description += "Event Content:\n" + new EvEfiGptPartition(eventContent).toString();
description += "Event Content:\n" + new EvEfiGptPartition(content).toString();
break;
case EvConstants.EV_EFI_ACTION:
description += new String(eventContent, StandardCharsets.UTF_8);
description += new String(content, StandardCharsets.UTF_8);
break;
case EvConstants.EV_EFI_PLATFORM_FIRMWARE_BLOB:
description += "Event Content:\n"
+ new UefiFirmware(eventContent).toString();
+ new UefiFirmware(content).toString();
break;
case EvConstants.EV_EFI_HANDOFF_TABLES:
EvEfiHandoffTable efiTable = new EvEfiHandoffTable(eventContent);
EvEfiHandoffTable efiTable = new EvEfiHandoffTable(content);
description += "Event Content:\n" + efiTable.toString();
break;
case EvConstants.EV_EFI_HCRTM_EVENT:
break;
case EvConstants.EV_EFI_VARIABLE_AUTHORITY:
description += "Event Content:\n" + new UefiVariable(eventContent).toString();
description += "Event Content:\n" + new UefiVariable(content).toString();
break;
default:
description += " Unknown Event found" + "\n";

4
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent1.java
View File

@ -35,14 +35,14 @@ public class TpmPcrEvent1 extends TpmPcrEvent {
* @param eventNumber event position within the event log.
* @throws java.io.IOException if an error occurs in parsing the event.
* @throws java.security.NoSuchAlgorithmException if an undefined algorithm is encountered.
* @throws java.security.cert.CertificateException If a certificate within an event can't be processed.
* @throws java.security.cert.CertificateException If a certificate within an event can't be processed.
*/
public TpmPcrEvent1(final ByteArrayInputStream is, final int eventNumber)
throws IOException, CertificateException, NoSuchAlgorithmException {
super(is);
setDigestLength(EvConstants.SHA1_LENGTH);
setLogFormat(1);
/** Event data. */
// Event data.
byte[] event = null;
byte[] rawIndex = new byte[UefiConstants.SIZE_4];
byte[] rawType = new byte[UefiConstants.SIZE_4];

6
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent2.java
View File

@ -70,15 +70,15 @@ public class TpmPcrEvent2 extends TpmPcrEvent {
* @param eventNumber event position within the event log.
* @throws java.io.IOException if an error occurs in parsing the event
* @throws java.security.NoSuchAlgorithmException if an undefined algorithm is encountered.
* @throws java.security.cert.CertificateException If a certificate within an event can't be processed.
* @throws java.security.cert.CertificateException If a certificate within an event can't be processed.
*/
public TpmPcrEvent2(final ByteArrayInputStream is, final int eventNumber)
throws IOException, CertificateException, NoSuchAlgorithmException {
super(is);
setDigestLength(EvConstants.SHA256_LENGTH);
setLogFormat(2);
/** Event data. */
int eventDigestLength = 0;
// Event data.
// int eventDigestLength = 0;
String hashName = "";
byte[] event;
byte[] rawIndex = new byte[UefiConstants.SIZE_4];

7
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiGptPartition.java
View File

@ -3,7 +3,6 @@ package hirs.utils.tpm.eventlog.events;
import hirs.utils.HexUtils;
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import hirs.utils.tpm.eventlog.uefi.UefiPartition;
import lombok.Getter;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
@ -102,13 +101,13 @@ public class EvEfiGptPartition {
* Processes an individual GPT partition entry.
*
* @param partitions byte array holding partition data.
* @param numberOfPartitions number of partitions included in the data.
* @param numOfPartitions number of partitions included in the data.
* @throws java.io.UnsupportedEncodingException if partition data fails to parse.
*/
private void processesPartitions(final byte[] partitions, final int numberOfPartitions)
private void processesPartitions(final byte[] partitions, final int numOfPartitions)
throws UnsupportedEncodingException {
byte[] partitionData = new byte[UefiConstants.SIZE_128];
for (int i = 0; i < numberOfPartitions; i++) {
for (int i = 0; i < numOfPartitions; i++) {
System.arraycopy(partitions, i * partitonEntryLength, partitionData, 0,
partitonEntryLength);
partitionList.add(new UefiPartition(partitionData));