mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
Merge pull request #861 from nsacyber/v3_issue_860-spdm
fix checkstyle changes that were lost during merge conflict of pciids PR
This commit is contained in:
commit
775ab4acc6
@ -76,7 +76,7 @@ public final class PciIds {
|
||||
}
|
||||
}
|
||||
|
||||
if(dbFile != null) {
|
||||
if (dbFile != null) {
|
||||
InputStream is = null;
|
||||
try {
|
||||
is = new FileInputStream(dbFile);
|
||||
@ -97,9 +97,9 @@ public final class PciIds {
|
||||
}
|
||||
|
||||
// if pciids file is not found on the system or not accessible, then attempt to grab it from code
|
||||
if(pciidsFileStatus == UefiConstants.FILESTATUS_NOT_ACCESSIBLE) {
|
||||
if (pciidsFileStatus == UefiConstants.FILESTATUS_NOT_ACCESSIBLE) {
|
||||
InputStream isFromCode = PciIds.class.getResourceAsStream(PCIIDS_FILENAME);
|
||||
if(isFromCode != null) {
|
||||
if (isFromCode != null) {
|
||||
try {
|
||||
DB.loadStream(isFromCode);
|
||||
pciidsFileStatus = UefiConstants.FILESTATUS_FROM_CODE;
|
||||
@ -115,20 +115,21 @@ public final class PciIds {
|
||||
}
|
||||
|
||||
// if pciids file is not accessible on system or from within code, then log error
|
||||
if(pciidsFileStatus == UefiConstants.FILESTATUS_NOT_ACCESSIBLE) {
|
||||
if (pciidsFileStatus == UefiConstants.FILESTATUS_NOT_ACCESSIBLE) {
|
||||
log.info("PCI IDs file was NOT accessible from within the system or within the code");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Default private constructor so checkstyles doesn't complain
|
||||
* Default private constructor so checkstyles doesn't complain.
|
||||
*/
|
||||
private PciIds() { }
|
||||
|
||||
/**
|
||||
* Look up the vendor name from the PCI IDs list, if the input string contains an ID.
|
||||
* If any part of this fails, return the original manufacturer value.
|
||||
*
|
||||
* @param refManufacturer DERUTF8String, likely from a ComponentIdentifier
|
||||
* @return DERUTF8String with the discovered vendor name, or the original manufacturer value.
|
||||
*/
|
||||
@ -148,6 +149,7 @@ public final class PciIds {
|
||||
/**
|
||||
* Look up the vendor name from the PCI IDs list, if the input string contains an ID.
|
||||
* If any part of this fails, return the original manufacturer value.
|
||||
*
|
||||
* @param refManufacturer String, likely from a ComponentResult
|
||||
* @return String with the discovered vendor name, or the original manufacturer value.
|
||||
*/
|
||||
@ -168,6 +170,7 @@ public final class PciIds {
|
||||
* Look up the device name from the PCI IDs list, if the input strings contain IDs.
|
||||
* The Device lookup requires the Vendor ID AND the Device ID to be valid values.
|
||||
* If any part of this fails, return the original model value.
|
||||
*
|
||||
* @param refManufacturer ASN1UTF8String, likely from a ComponentIdentifier
|
||||
* @param refModel ASN1UTF8String, likely from a ComponentIdentifier
|
||||
* @return ASN1UTF8String with the discovered device name, or the original model value.
|
||||
@ -194,6 +197,7 @@ public final class PciIds {
|
||||
* Look up the device name from the PCI IDs list, if the input strings contain IDs.
|
||||
* The Device lookup requires the Vendor ID AND the Device ID to be valid values.
|
||||
* If any part of this fails, return the original model value.
|
||||
*
|
||||
* @param refManufacturer String, likely from a ComponentResult
|
||||
* @param refModel String, likely from a ComponentResult
|
||||
* @return String with the discovered device name, or the original model value.
|
||||
@ -218,15 +222,16 @@ public final class PciIds {
|
||||
/**
|
||||
* Look up the device class name from the PCI IDs list, if the input string contains an ID.
|
||||
* If any part of this fails, return the original manufacturer value.
|
||||
*
|
||||
* @param refClassCode String, formatted as 2 characters (1 byte) for each of the 3 categories
|
||||
* Example "010802":
|
||||
* Class: "01"
|
||||
* Subclass: "08"
|
||||
* Programming Interface: "02"
|
||||
* . Example "010802":
|
||||
* . Class: "01"
|
||||
* . Subclass: "08"
|
||||
* . Programming Interface: "02"
|
||||
* @return List<String> 3-element list with the class code
|
||||
* 1st element: human-readable description of Class
|
||||
* 2nd element: human-readable description of Subclass
|
||||
* 3rd element: human-readable description of Programming Interface
|
||||
* . 1st element: human-readable description of Class
|
||||
* . 2nd element: human-readable description of Subclass
|
||||
* . 3rd element: human-readable description of Programming Interface
|
||||
*/
|
||||
public static List<String> translateDeviceClass(final String refClassCode) {
|
||||
List<String> translatedClassCode = new ArrayList<>();
|
||||
@ -235,9 +240,24 @@ public final class PciIds {
|
||||
if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
|
||||
&& classCode != null
|
||||
&& classCode.trim().matches("^[0-9A-Fa-f]{6}$")) {
|
||||
String deviceClass = classCode.substring(0, 2).toLowerCase();
|
||||
String deviceSubclass = classCode.substring(2, 4).toLowerCase();
|
||||
String programInterface = classCode.substring(4, 6).toLowerCase();
|
||||
|
||||
final int startIndexOfDeviceClass = 0;
|
||||
final int endIndexOfDeviceClass = 2;
|
||||
String deviceClass =
|
||||
classCode.substring(startIndexOfDeviceClass, endIndexOfDeviceClass).toLowerCase();
|
||||
|
||||
final int startIndexOfDeviceSubclass = 2;
|
||||
final int endIndexOfDeviceSubclass = 4;
|
||||
String deviceSubclass =
|
||||
classCode.substring(startIndexOfDeviceSubclass, endIndexOfDeviceSubclass)
|
||||
.toLowerCase();
|
||||
|
||||
final int startIndexOfProgramInterface = 4;
|
||||
final int endIndexOfProgramInterface = 6;
|
||||
final String programInterface =
|
||||
classCode.substring(startIndexOfProgramInterface, endIndexOfProgramInterface)
|
||||
.toLowerCase();
|
||||
|
||||
translatedClassCode.add(deviceClass);
|
||||
translatedClassCode.add(deviceSubclass);
|
||||
translatedClassCode.add(programInterface);
|
||||
|
@ -12,8 +12,8 @@ import java.math.BigInteger;
|
||||
* Class to for the TCG defined TPMT_HA structure used to support the Crypto Agile Log format.
|
||||
* <p>
|
||||
* typedef struct {
|
||||
* TPMI_ALG_HASH hashAlg;
|
||||
* TPMU_HA digest;
|
||||
* . TPMI_ALG_HASH hashAlg;
|
||||
* . TPMU_HA digest;
|
||||
* } TPMT_HA;
|
||||
*/
|
||||
public class TcgTpmtHa {
|
||||
|
@ -39,16 +39,16 @@ import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYS
|
||||
* TCG_PCR_EVENT is used when the Event log uses the SHA1 Format as described in the
|
||||
* TCG Platform Firmware Profile (PFP) specification.
|
||||
* typedef struct {
|
||||
* TCG_PCRINDEX PCRIndex; //PCR Index value that either
|
||||
* //matches the PCRIndex of a
|
||||
* //previous extend operation or
|
||||
* //indicates that this Event Log
|
||||
* //entry is not associated with
|
||||
* //an extend operation
|
||||
* TCG_EVENTTYPE EventType; //See Log event types defined in toStrng()
|
||||
* TCG_DIGEST digest; //The hash of the event data
|
||||
* UINT32 EventSize; //Size of the event data
|
||||
* UINT8 Event[EventSize]; //The event data
|
||||
* . TCG_PCRINDEX PCRIndex; //PCR Index value that either
|
||||
* . //matches the PCRIndex of a
|
||||
* . //previous extend operation or
|
||||
* . //indicates that this Event Log
|
||||
* . //entry is not associated with
|
||||
* . //an extend operation
|
||||
* . TCG_EVENTTYPE EventType; //See Log event types defined in toStrng()
|
||||
* . TCG_DIGEST digest; //The hash of the event data
|
||||
* . UINT32 EventSize; //Size of the event data
|
||||
* . UINT8 Event[EventSize]; //The event data
|
||||
* } TCG_PCR_EVENT;
|
||||
*/
|
||||
@Log4j2
|
||||
|
@ -15,11 +15,11 @@ import java.security.cert.CertificateException;
|
||||
* TCG Platform Firmware Profile specification.
|
||||
* typedef struct {
|
||||
* UINT32 PCRIndex; //PCR Index value that either
|
||||
* //matches the PCRIndex of a
|
||||
* //previous extend operation or
|
||||
* //indicates that this Event Log
|
||||
* //entry is not associated with
|
||||
* //an extend operation
|
||||
* . //matches the PCRIndex of a
|
||||
* . //previous extend operation or
|
||||
* . //indicates that this Event Log
|
||||
* . //entry is not associated with
|
||||
* . //an extend operation
|
||||
* UINT32 EventType; //See Log event types
|
||||
* BYTE digest[20]; //The SHA1 hash of the event data
|
||||
* UINT32 EventSize; //Size of the event data
|
||||
|
@ -16,30 +16,30 @@ import java.util.ArrayList;
|
||||
* TCG Platform Firmware Profile specification.
|
||||
* This class will only process SHA-256 digests.
|
||||
* typedef struct {
|
||||
* UINT32 PCRIndex; //PCR Index value that either
|
||||
* //matches the PCRIndex of a
|
||||
* //previous extend operation or
|
||||
* //indicates that this Event Log
|
||||
* //entry is not associated with
|
||||
* //an extend operation
|
||||
* UINT32 EventType; //See Log event types
|
||||
* TPML_DIGEST_VALUES digest; //The hash of the event data
|
||||
* UINT32 EventSize; //Size of the event data
|
||||
* BYTE Event[1]; //The event data
|
||||
* } TCG_PCR_EVENT2; //The event data structure to be added
|
||||
* . UINT32 PCRIndex; //PCR Index value that either
|
||||
* . //matches the PCRIndex of a
|
||||
* . //previous extend operation or
|
||||
* . //indicates that this Event Log
|
||||
* . //entry is not associated with
|
||||
* . //an extend operation
|
||||
* . UINT32 EventType; //See Log event types
|
||||
* . TPML_DIGEST_VALUES digest; //The hash of the event data
|
||||
* . UINT32 EventSize; //Size of the event data
|
||||
* . BYTE Event[1]; //The event data
|
||||
* } TCG_PCR_EVENT2; //The event data structure to be added
|
||||
* typedef struct {
|
||||
* UINT32 count;
|
||||
* TPMT_HA digests[HASH_COUNT];
|
||||
* . UINT32 count;
|
||||
* . TPMT_HA digests[HASH_COUNT];
|
||||
* } TPML_DIGEST_VALUES;
|
||||
* typedef struct {
|
||||
* TPMI_ALG_HASH hashAlg;
|
||||
* TPMU_HA digest;
|
||||
* . TPMI_ALG_HASH hashAlg;
|
||||
* . TPMU_HA digest;
|
||||
* } TPMT_HA;
|
||||
* typedef union {
|
||||
* BYTE sha1[SHA1_DIGEST_SIZE];
|
||||
* BYTE sha256[SHA256_DIGEST_SIZE];
|
||||
* BYTE sha384[SHA384_DIGEST_SIZE];
|
||||
* BYTE sha512[SHA512_DIGEST_SIZE];
|
||||
* . BYTE sha1[SHA1_DIGEST_SIZE];
|
||||
* . BYTE sha256[SHA256_DIGEST_SIZE];
|
||||
* . BYTE sha384[SHA384_DIGEST_SIZE];
|
||||
* . BYTE sha512[SHA512_DIGEST_SIZE];
|
||||
* } TPMU_HA;
|
||||
* define SHA1_DIGEST_SIZE 20
|
||||
* define SHA256_DIGEST_SIZE 32
|
||||
|
@ -8,34 +8,34 @@ import lombok.Setter;
|
||||
* Abstract base class to process the DEVICE_SECURITY_EVENT_DATA or ..DATA2 event.
|
||||
* Parses event data per PFP v1.06 Rev52 Tables 20 and 26.
|
||||
* The event data comes in 2 forms:
|
||||
* 1) DEVICE_SECURITY_EVENT_DATA or
|
||||
* 2) DEVICE_SECURITY_EVENT_DATA2
|
||||
* . 1) DEVICE_SECURITY_EVENT_DATA or
|
||||
* . 2) DEVICE_SECURITY_EVENT_DATA2
|
||||
* The first 2 fields of the respective headers are the same in both ..DATA and ..DATA2.
|
||||
* Field 1:
|
||||
* The first 16 bytes of the event data header MUST be a String based identifier (Signature),
|
||||
* per PFP. The only currently defined Signatures are "SPDM Device Sec" and "SPDM Device Sec2",
|
||||
* which implies the data is a DEVICE_SECURITY_EVENT_DATA or ..DATA2, respectively.
|
||||
* . The first 16 bytes of the event data header MUST be a String based identifier (Signature),
|
||||
* . per PFP. The only currently defined Signatures are "SPDM Device Sec" and "SPDM Device Sec2",
|
||||
* . which implies the data is a DEVICE_SECURITY_EVENT_DATA or ..DATA2, respectively.
|
||||
* Field 2:
|
||||
* The Version field also indicates whether the Device Security Event is ..DATA or ..DATA2.
|
||||
* . The Version field also indicates whether the Device Security Event is ..DATA or ..DATA2.
|
||||
*
|
||||
* DEVICE SECURITY EVENT structures defined by PFP v1.06 Rev 52:
|
||||
* <p>
|
||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA {
|
||||
* DEVICE_SECURITY_EVENT_DATA_HEADER EventDataHeader;
|
||||
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_HEADER EventDataHeader;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
|
||||
* } DEVICE_SECURITY_EVENT_DATA;
|
||||
* <p>
|
||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA2 {
|
||||
* DEVICE_SECURITY_EVENT_DATA_HEADER2 EventDataHeader;
|
||||
* DEVICE_SECURITY_EVENT_DATA_SUB_HEADER EventDataSubHeader;
|
||||
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_HEADER2 EventDataHeader;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_SUB_HEADER EventDataSubHeader;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
|
||||
* } DEVICE_SECURITY_EVENT_DATA2;
|
||||
* <p>
|
||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER or HEADER2 {
|
||||
* UINT8 Signature[16];
|
||||
* UINT16 Version;
|
||||
* ... ...
|
||||
* (The rest of the components are different for HEADER vs HEADER2)
|
||||
* . UINT8 Signature[16];
|
||||
* . UINT16 Version;
|
||||
* . ... ...
|
||||
* . (The rest of the components are different for HEADER vs HEADER2)
|
||||
* }
|
||||
* <p>
|
||||
*/
|
||||
@ -64,7 +64,8 @@ public abstract class DeviceSecurityEvent {
|
||||
/**
|
||||
* Track status of pci.ids
|
||||
* This is only used for events that access the pci.ids file.
|
||||
* (In this class, this is only needed if DeviceSecurityEvent includes a DeviceSecurityEventDataPciContext)
|
||||
* (In this class, this is only needed if DeviceSecurityEvent includes
|
||||
* a DeviceSecurityEventDataPciContext)
|
||||
* Default is normal status (normal status is from-filesystem).
|
||||
* Status will only change IF this is an event that uses this file,
|
||||
* and if that event causes a different status.
|
||||
|
@ -7,8 +7,8 @@ import lombok.Getter;
|
||||
* Parses event data per PFP v1.06 Rev52 Table 20.
|
||||
* <p>
|
||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA {
|
||||
* DEVICE_SECURITY_EVENT_DATA_HEADER EventDataHeader;
|
||||
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_HEADER EventDataHeader;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
|
||||
* } DEVICE_SECURITY_EVENT_DATA;
|
||||
* <p>
|
||||
*/
|
||||
|
@ -7,9 +7,9 @@ import lombok.Getter;
|
||||
* Parses event data per PFP v1.06 Rev52 Table 26.
|
||||
* <p>
|
||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA2 {
|
||||
* DEVICE_SECURITY_EVENT_DATA_HEADER2 EventDataHeader;
|
||||
* DEVICE_SECURITY_EVENT_DATA_SUB_HEADER EventDataSubHeader;
|
||||
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_HEADER2 EventDataHeader;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_SUB_HEADER EventDataSubHeader;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
|
||||
* } DEVICE_SECURITY_EVENT_DATA2;
|
||||
* <p>
|
||||
*/
|
||||
|
@ -10,8 +10,8 @@ import lombok.Getter;
|
||||
* or USB connection.
|
||||
* <p>
|
||||
* typedef union tdDEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT {
|
||||
* DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT PciContext;
|
||||
* DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT UsbContext;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT PciContext;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT UsbContext;
|
||||
* } DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT;
|
||||
* <p>
|
||||
*/
|
||||
|
@ -17,14 +17,14 @@ import java.io.IOException;
|
||||
* HEADERS defined by PFP v1.06 Rev 52:
|
||||
* <p>
|
||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER {
|
||||
* UINT8 Signature[16];
|
||||
* UINT16 Version;
|
||||
* UINT16 Length;
|
||||
* UINT32 SpdmHashAlg;
|
||||
* UINT32 DeviceType;
|
||||
* SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
|
||||
* UINT64 DevicePathLength;
|
||||
* UNIT8 DevicePath[DevicePathLength]
|
||||
* . UINT8 Signature[16];
|
||||
* . UINT16 Version;
|
||||
* . UINT16 Length;
|
||||
* . UINT32 SpdmHashAlg;
|
||||
* . UINT32 DeviceType;
|
||||
* . SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
|
||||
* . UINT64 DevicePathLength;
|
||||
* . UNIT8 DevicePath[DevicePathLength]
|
||||
* } DEVICE_SECURITY_EVENT_DATA_HEADER;
|
||||
* <p>
|
||||
* Assumption: there is only 1 SpdmMeasurementBlock per event. Need more test patterns to verify.
|
||||
|
@ -11,17 +11,17 @@ import lombok.Getter;
|
||||
* HEADERS defined by PFP v1.06 Rev 52:
|
||||
* <p>
|
||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER2 {
|
||||
* UINT8 Signature[16];
|
||||
* UINT16 Version;
|
||||
* UINT8 AuthState;
|
||||
* UINT8 Reserved
|
||||
* UINT32 Length;
|
||||
* UINT32 DeviceType;
|
||||
* UINT32 SubHeaderType;
|
||||
* UINT32 SubHeaderLength;
|
||||
* UINT64 SubHeaderUID;
|
||||
* UINT64 DevicePathLength;
|
||||
* UNIT8 DevicePath[DevicePathLength]
|
||||
* . UINT8 Signature[16];
|
||||
* . UINT16 Version;
|
||||
* . UINT8 AuthState;
|
||||
* . UINT8 Reserved
|
||||
* . UINT32 Length;
|
||||
* . UINT32 DeviceType;
|
||||
* . UINT32 SubHeaderType;
|
||||
* . UINT32 SubHeaderLength;
|
||||
* . UINT64 SubHeaderUID;
|
||||
* . UINT64 DevicePathLength;
|
||||
* . UNIT8 DevicePath[DevicePathLength]
|
||||
* } DEVICE_SECURITY_EVENT_DATA_HEADER2;
|
||||
* <p>
|
||||
*/
|
||||
|
@ -15,28 +15,28 @@ import static hirs.utils.PciIds.translateVendor;
|
||||
* Class to process the DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT event per PFP.
|
||||
* <p>
|
||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT {
|
||||
* UINT16 Version;
|
||||
* UINT16 Length;
|
||||
* UINT16 VendorId;
|
||||
* UINT16 DeviceId;
|
||||
* UINT16 RevisionId;
|
||||
* UINT16 ClassCode[3];
|
||||
* UINT16 SubsystemVendorId;
|
||||
* UINT16 SubsystemId;
|
||||
* . UINT16 Version;
|
||||
* . UINT16 Length;
|
||||
* . UINT16 VendorId;
|
||||
* . UINT16 DeviceId;
|
||||
* . UINT16 RevisionId;
|
||||
* . UINT16 ClassCode[3];
|
||||
* . UINT16 SubsystemVendorId;
|
||||
* . UINT16 SubsystemId;
|
||||
* <p>
|
||||
* The following fields are defined by the PCI Express Base Specification rev4.0 v1.0.
|
||||
* VendorId
|
||||
* DeviceId
|
||||
* RevisionId
|
||||
* ClassCode
|
||||
* SubsystemVendorId
|
||||
* SubsystemId
|
||||
* . VendorId
|
||||
* . DeviceId
|
||||
* . RevisionId
|
||||
* . ClassCode
|
||||
* . SubsystemVendorId
|
||||
* . SubsystemId
|
||||
* Vendor id and device id are registered to specific manufacturers.
|
||||
* https://admin.pci-ids.ucw.cz/read/PC/
|
||||
* Ex. vendor id 8086 and device id 0b60: https://admin.pci-ids.ucw.cz/read/PC/8086/0b60
|
||||
* . https://admin.pci-ids.ucw.cz/read/PC/
|
||||
* . Ex. vendor id 8086 and device id 0b60: https://admin.pci-ids.ucw.cz/read/PC/8086/0b60
|
||||
* Class code can be looked up on the web.
|
||||
* https://admin.pci-ids.ucw.cz/read/PD/
|
||||
* The revision ID is controlled by the vendor and cannot be looked up.
|
||||
* . https://admin.pci-ids.ucw.cz/read/PD/
|
||||
* . The revision ID is controlled by the vendor and cannot be looked up.
|
||||
*/
|
||||
public class DeviceSecurityEventDataPciContext extends DeviceSecurityEventDataDeviceContext {
|
||||
|
||||
|
@ -5,9 +5,9 @@ package hirs.utils.tpm.eventlog.events;
|
||||
*
|
||||
* <p>
|
||||
* typedef union tdDEVICE_SECURITY_EVENT_DATA_SUB_HEADER {
|
||||
* DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
|
||||
* DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmCertChain;
|
||||
* DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT OemMeasurement;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmCertChain;
|
||||
* . DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT OemMeasurement;
|
||||
* } DEVICE_SECURITY_EVENT_DATA_SUB_HEADER;
|
||||
* <p>
|
||||
*/
|
||||
|
@ -9,11 +9,11 @@ import hirs.utils.tpm.eventlog.spdm.SpdmHa;
|
||||
*
|
||||
* <p>
|
||||
* typedef union tdDEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN {
|
||||
* UINT16 SpdmVersion;
|
||||
* UINT8 SpdmSlotId;
|
||||
* UINT8 Reserved;
|
||||
* UINT32 SpdmBaseHashAlgo;
|
||||
* SPDM_CERT_CHAIN SpdmCertChain;
|
||||
* . UINT16 SpdmVersion;
|
||||
* . UINT8 SpdmSlotId;
|
||||
* . UINT8 Reserved;
|
||||
* . UINT32 SpdmBaseHashAlgo;
|
||||
* . SPDM_CERT_CHAIN SpdmCertChain;
|
||||
* } DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN;
|
||||
* <p>
|
||||
* SpdmVersion: SpdmBaseHashAlgo
|
||||
|
@ -15,21 +15,21 @@ import java.util.List;
|
||||
*
|
||||
* <p>
|
||||
* typedef union tdDEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK {
|
||||
* UINT16 SpdmVersion;
|
||||
* UINT8 SpdmMeasurementBlockCount;
|
||||
* UINT8 Reserved;
|
||||
* UINT32 SpdmMeasurementHashAlgo;
|
||||
* SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock[SpdmMeasurementBlockCount];
|
||||
* . UINT16 SpdmVersion;
|
||||
* . UINT8 SpdmMeasurementBlockCount;
|
||||
* . UINT8 Reserved;
|
||||
* . UINT32 SpdmMeasurementHashAlgo;
|
||||
* . SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock[SpdmMeasurementBlockCount];
|
||||
* } DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK;
|
||||
* <p>
|
||||
* <p>
|
||||
* SpdmMeasurementBlock is an array of SPDM_MEASUREMENT_BLOCKs
|
||||
* The size of each block is the same and can be found by either:
|
||||
* 1) 4 + SpdmMeasurementBlock MeasurementSize
|
||||
* OR
|
||||
* 2) 4 + hash length of the hash algorithm found in
|
||||
* DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementHashAlgo
|
||||
* where 4 is the size of the SpdmMeasurementBlock header
|
||||
* . The size of each block is the same and can be found by either:
|
||||
* . 1) 4 + SpdmMeasurementBlock MeasurementSize
|
||||
* . OR
|
||||
* . 2) 4 + hash length of the hash algorithm found in
|
||||
* . DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementHashAlgo
|
||||
* . where 4 is the size of the SpdmMeasurementBlock header
|
||||
*/
|
||||
public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends DeviceSecurityEventDataSubHeader {
|
||||
|
||||
|
@ -17,36 +17,36 @@ import java.nio.charset.StandardCharsets;
|
||||
* Certain fields are common to both ..HEADER and ..HEADER2, and are noted below the structures.
|
||||
* <p>
|
||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER {
|
||||
* UINT8 Signature[16];
|
||||
* UINT16 Version;
|
||||
* UINT16 Length;
|
||||
* UINT32 SpdmHashAlg;
|
||||
* UINT32 DeviceType;
|
||||
* SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
|
||||
* UINT64 DevicePathLength;
|
||||
* UNIT8 DevicePath[DevicePathLength]
|
||||
* . UINT8 Signature[16];
|
||||
* . UINT16 Version;
|
||||
* . UINT16 Length;
|
||||
* . UINT32 SpdmHashAlg;
|
||||
* . UINT32 DeviceType;
|
||||
* . SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
|
||||
* . UINT64 DevicePathLength;
|
||||
* . UNIT8 DevicePath[DevicePathLength]
|
||||
* } DEVICE_SECURITY_EVENT_DATA_HEADER;
|
||||
* <p>
|
||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER2 { - NOT IMPLEMENTED YET
|
||||
* UINT8 Signature[16];
|
||||
* UINT16 Version;
|
||||
* UINT8 AuthState;
|
||||
* UINT8 Reserved;
|
||||
* UINT32 Length;
|
||||
* UINT32 DeviceType;
|
||||
* UINT32 SubHeaderType;
|
||||
* UINT32 SubHeaderLength;
|
||||
* UINT32 SubHeaderUID;
|
||||
* UINT64 DevicePathLength;
|
||||
* UNIT8 DevicePath[DevicePathLength]
|
||||
* . UINT8 Signature[16];
|
||||
* . UINT16 Version;
|
||||
* . UINT8 AuthState;
|
||||
* . UINT8 Reserved;
|
||||
* . UINT32 Length;
|
||||
* . UINT32 DeviceType;
|
||||
* . UINT32 SubHeaderType;
|
||||
* . UINT32 SubHeaderLength;
|
||||
* . UINT32 SubHeaderUID;
|
||||
* . UINT64 DevicePathLength;
|
||||
* . UNIT8 DevicePath[DevicePathLength]
|
||||
* } DEVICE_SECURITY_EVENT_DATA_HEADER2;
|
||||
* <p>
|
||||
* Fields common to both ..HEADER and ..HEADER2:
|
||||
* Signature
|
||||
* Version
|
||||
* DeviceType
|
||||
* DevicePathLength
|
||||
* DevicePath
|
||||
* . Signature
|
||||
* . Version
|
||||
* . DeviceType
|
||||
* . DevicePathLength
|
||||
* . DevicePath
|
||||
* <p>
|
||||
*/
|
||||
public abstract class DeviceSecurityEventHeader {
|
||||
|
@ -9,17 +9,17 @@ import java.nio.charset.StandardCharsets;
|
||||
/**
|
||||
* Abstract class to process any SPDM event that is solely a DEVICE_SECURITY_EVENT_DATA or
|
||||
* DEVICE_SECURITY_EVENT_DATA2. The event field MUST be a
|
||||
* 1) DEVICE_SECURITY_EVENT_DATA or
|
||||
* 2) DEVICE_SECURITY_EVENT_DATA2
|
||||
* . 1) DEVICE_SECURITY_EVENT_DATA or
|
||||
* . 2) DEVICE_SECURITY_EVENT_DATA2
|
||||
* DEVICE_SECURITY_EVENT_DATA has 2 structures:
|
||||
* 1) DEVICE_SECURITY_EVENT_DATA_HEADER
|
||||
* 2) DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT, which has 2 structures
|
||||
* a) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
|
||||
* b) DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT
|
||||
* . 1) DEVICE_SECURITY_EVENT_DATA_HEADER
|
||||
* . 2) DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT, which has 2 structures
|
||||
* . a) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
|
||||
* . b) DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT
|
||||
* DEVICE_SECURITY_EVENT_DATA2 has 3 structures:
|
||||
* 1) DEVICE_SECURITY_EVENT_DATA_HEADER2
|
||||
* 2) DEVICE_SECURITY_EVENT_DATA_SUB_HEADER
|
||||
* 3) DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT, which has 2 structures (see above)
|
||||
* . 1) DEVICE_SECURITY_EVENT_DATA_HEADER2
|
||||
* . 2) DEVICE_SECURITY_EVENT_DATA_SUB_HEADER
|
||||
* . 3) DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT, which has 2 structures (see above)
|
||||
* The first 16 bytes of the event data header MUST be a String based identifier (Signature),
|
||||
* NUL-terminated, per PFP. The only currently defined Signature is "SPDM Device Sec",
|
||||
* which implies the data is a DEVICE_SECURITY_EVENT_DATA or ..DATA2.
|
||||
|
@ -11,16 +11,16 @@ import java.nio.charset.StandardCharsets;
|
||||
* Class to process the EV_NO_ACTION event.
|
||||
* The first 16 bytes of the event data MUST be a String based identifier (Signature).
|
||||
* Currently defined Signatures are
|
||||
* "Spec ID Event03"
|
||||
* - implies the data is a TCG_EfiSpecIDEvent
|
||||
* - TCG_EfiSpecIDEvent is the first event in a TPM Event Log and is used to determine
|
||||
* if the format of the Log (SHA1 vs Crypto Agile).
|
||||
* "StartupLocality"
|
||||
* - implies the data represents locality info (use lookup to interpret)
|
||||
* "NvIndexInstance"
|
||||
* - implies the data is a NV_INDEX_INSTANCE_EVENT_LOG_DATA
|
||||
* "NvIndexDynamic"
|
||||
* - implies the data is a NV_INDEX_DYNAMIC_EVENT_LOG_DATA
|
||||
* . "Spec ID Event03"
|
||||
* . - implies the data is a TCG_EfiSpecIDEvent
|
||||
* . - TCG_EfiSpecIDEvent is the first event in a TPM Event Log and is used to determine
|
||||
* . if the format of the Log (SHA1 vs Crypto Agile).
|
||||
* . "StartupLocality"
|
||||
* . - implies the data represents locality info (use lookup to interpret)
|
||||
* . "NvIndexInstance"
|
||||
* . - implies the data is a NV_INDEX_INSTANCE_EVENT_LOG_DATA
|
||||
* . "NvIndexDynamic"
|
||||
* . - implies the data is a NV_INDEX_DYNAMIC_EVENT_LOG_DATA
|
||||
* <p>
|
||||
* Notes:
|
||||
* 1. First 16 bytes of the structure is an ASCII with a fixed Length of 16
|
||||
|
@ -1,8 +1,6 @@
|
||||
package hirs.utils.tpm.eventlog.events;
|
||||
|
||||
import hirs.utils.HexUtils;
|
||||
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
|
||||
import lombok.Getter;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
|
||||
@ -15,14 +13,14 @@ import java.nio.charset.StandardCharsets;
|
||||
* Certain fields are common to both ..HEADER and ..HEADER2, and are noted below the structures.
|
||||
* <p>
|
||||
* typedef struct tdNV_INDEX_DYNAMIC_EVENT_LOG_DATA {
|
||||
* BYTE Signature[16];
|
||||
* UINT16 Version;
|
||||
* UINT8[6] Reserved;
|
||||
* UINT64 UID;
|
||||
* UINT16 DescriptionSize;
|
||||
* UINT8 Description[DescriptionSize];
|
||||
* UINT16 DataSize;
|
||||
* UINT8 Data[DataSize];
|
||||
* . BYTE Signature[16];
|
||||
* . UINT16 Version;
|
||||
* . UINT8[6] Reserved;
|
||||
* . UINT64 UID;
|
||||
* . UINT16 DescriptionSize;
|
||||
* . UINT8 Description[DescriptionSize];
|
||||
* . UINT16 DataSize;
|
||||
* . UINT8 Data[DataSize];
|
||||
* } NV_INDEX_DYNAMIC_EVENT_LOG_DATA;
|
||||
* <p>
|
||||
*/
|
||||
@ -45,13 +43,16 @@ public class NvIndexDynamicEventLogData {
|
||||
*/
|
||||
public NvIndexDynamicEventLogData(final byte[] eventData) {
|
||||
|
||||
byte[] signatureBytes = new byte[16];
|
||||
System.arraycopy(eventData, 0, signatureBytes, 0, 16);
|
||||
final int signatureBytesSize = 16;
|
||||
byte[] signatureBytes = new byte[signatureBytesSize];
|
||||
System.arraycopy(eventData, 0, signatureBytes, 0, signatureBytesSize);
|
||||
signature = new String(signatureBytes, StandardCharsets.UTF_8);
|
||||
signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
|
||||
|
||||
byte[] versionBytes = new byte[2];
|
||||
System.arraycopy(eventData, 16, versionBytes, 0, 2);
|
||||
final int versionBytesSize = 2;
|
||||
final int eventDataSrcIndex1 = 16;
|
||||
byte[] versionBytes = new byte[versionBytesSize];
|
||||
System.arraycopy(eventData, eventDataSrcIndex1, versionBytes, 0, versionBytesSize);
|
||||
String nvIndexVersion = HexUtils.byteArrayToHexString(versionBytes);
|
||||
if (nvIndexVersion.isEmpty()) {
|
||||
nvIndexVersion = "version not readable";
|
||||
@ -61,22 +62,28 @@ public class NvIndexDynamicEventLogData {
|
||||
|
||||
// 6 bytes of Reserved data
|
||||
|
||||
byte[] uidBytes = new byte[8];
|
||||
System.arraycopy(eventData, 24, uidBytes, 0, 8);
|
||||
final int uidBytesSize = 8;
|
||||
final int eventDataSrcIndex2 = 24;
|
||||
byte[] uidBytes = new byte[uidBytesSize];
|
||||
System.arraycopy(eventData, eventDataSrcIndex2, uidBytes, 0, uidBytesSize);
|
||||
String uid = HexUtils.byteArrayToHexString(uidBytes);
|
||||
nvIndexDynamicInfo += " UID = " + uid + "\n";
|
||||
|
||||
byte[] descriptionSizeBytes = new byte[2];
|
||||
System.arraycopy(eventData, 32, descriptionSizeBytes, 0, 2);
|
||||
final int descriptionSizeBytesLength = 2;
|
||||
final int eventDataSrcIndex3 = 32;
|
||||
byte[] descriptionSizeBytes = new byte[descriptionSizeBytesLength];
|
||||
System.arraycopy(eventData, eventDataSrcIndex3, descriptionSizeBytes, 0, descriptionSizeBytesLength);
|
||||
int descriptionSize = HexUtils.leReverseInt(descriptionSizeBytes);
|
||||
|
||||
final int eventDataSrcIndex4 = 34;
|
||||
byte[] descriptionBytes = new byte[descriptionSize];
|
||||
System.arraycopy(eventData, 34, descriptionBytes, 0, descriptionSize);
|
||||
System.arraycopy(eventData, eventDataSrcIndex4, descriptionBytes, 0, descriptionSize);
|
||||
String description = new String(descriptionBytes, StandardCharsets.UTF_8);
|
||||
description = description.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
|
||||
nvIndexDynamicInfo += " Description = " + description + "\n";
|
||||
|
||||
int dataSizeStartByte = 34 + descriptionSize;
|
||||
final int dataSizeOffset = 34;
|
||||
int dataSizeStartByte = dataSizeOffset + descriptionSize;
|
||||
byte[] dataSizeBytes = new byte[2];
|
||||
System.arraycopy(eventData, dataSizeStartByte, dataSizeBytes, 0, 2);
|
||||
int dataSize = HexUtils.leReverseInt(dataSizeBytes);
|
||||
|
@ -15,10 +15,10 @@ import java.nio.charset.StandardCharsets;
|
||||
* Certain fields are common to both ..HEADER and ..HEADER2, and are noted below the structures.
|
||||
* <p>
|
||||
* typedef struct tdNV_INDEX_INSTANCE_EVENT_LOG_DATA {
|
||||
* BYTE Signature[16];
|
||||
* UINT16 Version;
|
||||
* UINT8[6] Reserved;
|
||||
* DEVICE_SECURITY_EVENT_DATA2 Data;
|
||||
* . BYTE Signature[16];
|
||||
* . UINT16 Version;
|
||||
* . UINT8[6] Reserved;
|
||||
* . DEVICE_SECURITY_EVENT_DATA2 Data;
|
||||
* } NV_INDEX_INSTANCE_EVENT_LOG_DATA;
|
||||
* <p>
|
||||
*/
|
||||
|
@ -15,22 +15,22 @@ import java.util.ArrayList;
|
||||
* <p>
|
||||
* Certificate chain format, defined by SPDM v1.03, Sect 10.6.1, Table 33:
|
||||
* Certificate chain format {
|
||||
* Length 2 bytes;
|
||||
* Reserved 2 bytes;
|
||||
* RootHash <H> bytes;
|
||||
* Certificates <Length> - (4 + <H>) bytes;
|
||||
* . Length 2 bytes;
|
||||
* . Reserved 2 bytes;
|
||||
* . RootHash <H> bytes;
|
||||
* . Certificates <Length> - (4 + <H>) bytes;
|
||||
* }
|
||||
* <p>
|
||||
* Length: total length of cert chain including all fields in this block
|
||||
* H: the output size of the hash algorithm selected by the most recent ALGORITHMS response
|
||||
* this field shall be in hash byte order
|
||||
* hash algorithm is included in the DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN
|
||||
* structure as the member "SpdmBaseHashAlg"
|
||||
* . this field shall be in hash byte order
|
||||
* . hash algorithm is included in the DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN
|
||||
* . structure as the member "SpdmBaseHashAlg"
|
||||
* RootHash: the digest of the Root Certificate.
|
||||
* size is determined by hash algorithm selected by the most recent SPDM ALGORITHMS response;
|
||||
* the hash algorithm is the DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmBaseHashAlgo
|
||||
* . size is determined by hash algorithm selected by the most recent SPDM ALGORITHMS response;
|
||||
* . the hash algorithm is the DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmBaseHashAlgo
|
||||
* Certificates: Complete cert chain consisting of 1 or more ASN.1 DER-encoded X.509 v3 certs
|
||||
* this field shall be in Encoded ASN.1 byte order
|
||||
* . this field shall be in Encoded ASN.1 byte order
|
||||
*/
|
||||
public class SpdmCertificateChain {
|
||||
|
||||
|
@ -8,21 +8,21 @@ import lombok.Getter;
|
||||
* <p>
|
||||
* Measurement, defined by SPDM v1.03, Sect 10.11.1, Table 54:
|
||||
* DMTF measurement spec format {
|
||||
* DMTFSpecMeasurementValueType 1 byte;
|
||||
* DMTFSpecMeasurementValueSize 2 bytes;
|
||||
* DMTFSpecMeasurementValue <DMTFSpecMeasurementValueSize> bytes;
|
||||
* . DMTFSpecMeasurementValueType 1 byte;
|
||||
* . DMTFSpecMeasurementValueSize 2 bytes;
|
||||
* . DMTFSpecMeasurementValue <DMTFSpecMeasurementValueSize> bytes;
|
||||
* }
|
||||
* <p>
|
||||
* DMTFSpecMeasurementValueType[7]
|
||||
* Indicates how bits [0:6] are represented
|
||||
* Bit = 0: Digest
|
||||
* Bit = 1: Raw bit stream
|
||||
* . Indicates how bits [0:6] are represented
|
||||
* . Bit = 0: Digest
|
||||
* . Bit = 1: Raw bit stream
|
||||
* DMTFSpecMeasurementValueType[6:0] (see SPDM Spec, Table 55 "DMTFSpecMeasurementValueType[6:0]")
|
||||
* Immutable ROM 0x0
|
||||
* Mutable firmware 0x1
|
||||
* Hardware configuration 0x2
|
||||
* Firmware configuration 0x3
|
||||
* etc.
|
||||
* . Immutable ROM 0x0
|
||||
* . Mutable firmware 0x1
|
||||
* . Hardware configuration 0x2
|
||||
* . Firmware configuration 0x3
|
||||
* . etc.
|
||||
* <p>
|
||||
*/
|
||||
public class SpdmMeasurement {
|
||||
|
@ -273,9 +273,9 @@ public final class UefiConstants {
|
||||
public static final String FILESTATUS_FROM_FILESYSTEM = "fileFromFilesystem";
|
||||
/**
|
||||
* file status, where file was not found on local machine, so file from code was used.
|
||||
* For instance, if vendor-table.json is not found in filesystem at location
|
||||
* /etc/hirs/aca/default-properties/, it will be grabbed from code at
|
||||
* HIRS_AttestationCA/src/main/resources/.
|
||||
* . For instance, if vendor-table.json is not found in filesystem at location
|
||||
* . /etc/hirs/aca/default-properties/, it will be grabbed from code at
|
||||
* . HIRS_AttestationCA/src/main/resources/.
|
||||
*/
|
||||
public static final String FILESTATUS_FROM_CODE = "fileFromCode";
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user