From 8d93e9eacb1a07d4780ea18e560209cc780b2d06 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Thu, 9 May 2024 15:38:10 -0400 Subject: [PATCH] fixed hash size for EFI_CERT_SHA256_GUID, other minor changes --- .../utils/tpm/eventlog/uefi/UefiSignatureData.java | 10 +++++++--- .../utils/tpm/eventlog/uefi/UefiSignatureList.java | 9 +++++---- .../hirs/utils/tpm/eventlog/uefi/UefiVariable.java | 4 ++-- .../hirs/utils/tpm/eventlog/uefi/UefiX509Cert.java | 14 +++++++------- 4 files changed, 21 insertions(+), 16 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureData.java index 0a2fa74b..cb4b5723 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureData.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureData.java @@ -10,7 +10,7 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; /** - * Class for processing the contents of a Secure Boot DB or DBX contents. + * Class for processing the contents of a Secure Boot PK, KEK, DB or DBX contents. * used for EFIVariables associated with Secure Boot * as defined by Section 32.4.1 Signature Database from the UEFI 2.8 specification *

@@ -52,10 +52,14 @@ public class UefiSignatureData { */ @Getter private boolean valid = false; +// /** +// * UEFI Certificate SHA1 hash. +// */ +// private byte[] binaryHash = new byte[UefiConstants.SIZE_40]; /** - * UEFI Certificate SHA1 hash. + * UEFI Certificate SHA256 hash. */ - private byte[] binaryHash = new byte[UefiConstants.SIZE_40]; + private byte[] binaryHash = new byte[UefiConstants.SIZE_32]; /** * UEFI Signature data status. */ diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java index 75bf70c9..4927b4a5 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java @@ -214,18 +214,19 @@ public class UefiSignatureList { StringBuilder sigInfo = new StringBuilder(); if (!signatureTypeValid) { - sigInfo.append(" *** Unknown UEFI Signature Type encountered: " + signatureType.toString() + "\n"); + sigInfo.append(" *** Unknown UEFI Signature Type encountered:\n" + + " " + signatureType.toString() + "\n"); } else { - sigInfo.append(" UEFI Signature List Type = " + signatureType.toString() + "\n"); - sigInfo.append(" Number if items (certs, hashes, etc) = " + numberOfCerts + "\n"); + sigInfo.append(" UEFI Signature List Type = " + signatureType.toString() + "\n"); + sigInfo.append(" Number of items (certs, hashes, etc) = " + numberOfCerts + "\n"); for (int i = 0; i < sigList.size(); i++) { UefiSignatureData certData = sigList.get(i); sigInfo.append(certData.toString()); } if (!dataValid) { - sigInfo.append(" *** Invalid UEFI Signature data encountered: " + dataStatus + "\n"); + sigInfo.append(" *** Invalid UEFI Signature data encountered: " + dataStatus + "\n"); } } return sigInfo.toString(); diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java index d042875f..3760930f 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java @@ -163,8 +163,8 @@ public class UefiVariable { */ public String toString() { StringBuilder efiVariable = new StringBuilder(); - efiVariable.append("UEFI Variable Name:" + efiVarName + "\n"); - efiVariable.append("UEFI Variable GUID = " + uefiVarGuid.toString() + "\n"); + efiVariable.append("UEFI Variable Name: " + efiVarName + "\n"); + efiVariable.append("UEFI Variable GUID: " + uefiVarGuid.toString() + "\n"); if (efiVarName != "") { efiVariable.append("UEFI Variable Contents => " + "\n"); } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiX509Cert.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiX509Cert.java index f8b3b13e..ad42ae0f 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiX509Cert.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiX509Cert.java @@ -80,14 +80,14 @@ public class UefiX509Cert { public String toString() { X509Certificate x509Cert = (X509Certificate) cert; String certData = ""; - certData += " Certificate Serial Number = " + certData += " Certificate Serial Number = " + x509Cert.getSerialNumber().toString(UefiConstants.SIZE_16) + "\n"; - certData += " Subject DN = " + x509Cert.getSubjectX500Principal().getName() + "\n"; - certData += " Issuer DN = " + x509Cert.getIssuerX500Principal().getName() + "\n"; - certData += " Not Before Date = " + x509Cert.getNotBefore() + "\n"; - certData += " Not After Date = " + x509Cert.getNotAfter() + "\n"; - certData += " Signature Algorithm = " + x509Cert.getSigAlgName() + "\n"; - certData += " SHA1 Fingerprint = " + getSHA1FingerPrint() + "\n"; + certData += " Subject DN = " + x509Cert.getSubjectX500Principal().getName() + "\n"; + certData += " Issuer DN = " + x509Cert.getIssuerX500Principal().getName() + "\n"; + certData += " Not Before Date = " + x509Cert.getNotBefore() + "\n"; + certData += " Not After Date = " + x509Cert.getNotAfter() + "\n"; + certData += " Signature Algorithm = " + x509Cert.getSigAlgName() + "\n"; + certData += " SHA1 Fingerprint = " + getSHA1FingerPrint() + "\n"; return certData; } }