mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-16 01:39:45 +00:00
fixed hash size for EFI_CERT_SHA256_GUID, other minor changes
This commit is contained in:
parent
cbafa97d5d
commit
8d93e9eacb
@ -10,7 +10,7 @@ import java.security.NoSuchAlgorithmException;
|
|||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class for processing the contents of a Secure Boot DB or DBX contents.
|
* Class for processing the contents of a Secure Boot PK, KEK, DB or DBX contents.
|
||||||
* used for EFIVariables associated with Secure Boot
|
* used for EFIVariables associated with Secure Boot
|
||||||
* as defined by Section 32.4.1 Signature Database from the UEFI 2.8 specification
|
* as defined by Section 32.4.1 Signature Database from the UEFI 2.8 specification
|
||||||
* <p>
|
* <p>
|
||||||
@ -52,10 +52,14 @@ public class UefiSignatureData {
|
|||||||
*/
|
*/
|
||||||
@Getter
|
@Getter
|
||||||
private boolean valid = false;
|
private boolean valid = false;
|
||||||
|
// /**
|
||||||
|
// * UEFI Certificate SHA1 hash.
|
||||||
|
// */
|
||||||
|
// private byte[] binaryHash = new byte[UefiConstants.SIZE_40];
|
||||||
/**
|
/**
|
||||||
* UEFI Certificate SHA1 hash.
|
* UEFI Certificate SHA256 hash.
|
||||||
*/
|
*/
|
||||||
private byte[] binaryHash = new byte[UefiConstants.SIZE_40];
|
private byte[] binaryHash = new byte[UefiConstants.SIZE_32];
|
||||||
/**
|
/**
|
||||||
* UEFI Signature data status.
|
* UEFI Signature data status.
|
||||||
*/
|
*/
|
||||||
|
@ -214,18 +214,19 @@ public class UefiSignatureList {
|
|||||||
StringBuilder sigInfo = new StringBuilder();
|
StringBuilder sigInfo = new StringBuilder();
|
||||||
|
|
||||||
if (!signatureTypeValid) {
|
if (!signatureTypeValid) {
|
||||||
sigInfo.append(" *** Unknown UEFI Signature Type encountered: " + signatureType.toString() + "\n");
|
sigInfo.append(" *** Unknown UEFI Signature Type encountered:\n" +
|
||||||
|
" " + signatureType.toString() + "\n");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
sigInfo.append(" UEFI Signature List Type = " + signatureType.toString() + "\n");
|
sigInfo.append(" UEFI Signature List Type = " + signatureType.toString() + "\n");
|
||||||
sigInfo.append(" Number if items (certs, hashes, etc) = " + numberOfCerts + "\n");
|
sigInfo.append(" Number of items (certs, hashes, etc) = " + numberOfCerts + "\n");
|
||||||
|
|
||||||
for (int i = 0; i < sigList.size(); i++) {
|
for (int i = 0; i < sigList.size(); i++) {
|
||||||
UefiSignatureData certData = sigList.get(i);
|
UefiSignatureData certData = sigList.get(i);
|
||||||
sigInfo.append(certData.toString());
|
sigInfo.append(certData.toString());
|
||||||
}
|
}
|
||||||
if (!dataValid) {
|
if (!dataValid) {
|
||||||
sigInfo.append(" *** Invalid UEFI Signature data encountered: " + dataStatus + "\n");
|
sigInfo.append(" *** Invalid UEFI Signature data encountered: " + dataStatus + "\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return sigInfo.toString();
|
return sigInfo.toString();
|
||||||
|
@ -163,8 +163,8 @@ public class UefiVariable {
|
|||||||
*/
|
*/
|
||||||
public String toString() {
|
public String toString() {
|
||||||
StringBuilder efiVariable = new StringBuilder();
|
StringBuilder efiVariable = new StringBuilder();
|
||||||
efiVariable.append("UEFI Variable Name:" + efiVarName + "\n");
|
efiVariable.append("UEFI Variable Name: " + efiVarName + "\n");
|
||||||
efiVariable.append("UEFI Variable GUID = " + uefiVarGuid.toString() + "\n");
|
efiVariable.append("UEFI Variable GUID: " + uefiVarGuid.toString() + "\n");
|
||||||
if (efiVarName != "") {
|
if (efiVarName != "") {
|
||||||
efiVariable.append("UEFI Variable Contents => " + "\n");
|
efiVariable.append("UEFI Variable Contents => " + "\n");
|
||||||
}
|
}
|
||||||
|
@ -80,14 +80,14 @@ public class UefiX509Cert {
|
|||||||
public String toString() {
|
public String toString() {
|
||||||
X509Certificate x509Cert = (X509Certificate) cert;
|
X509Certificate x509Cert = (X509Certificate) cert;
|
||||||
String certData = "";
|
String certData = "";
|
||||||
certData += " Certificate Serial Number = "
|
certData += " Certificate Serial Number = "
|
||||||
+ x509Cert.getSerialNumber().toString(UefiConstants.SIZE_16) + "\n";
|
+ x509Cert.getSerialNumber().toString(UefiConstants.SIZE_16) + "\n";
|
||||||
certData += " Subject DN = " + x509Cert.getSubjectX500Principal().getName() + "\n";
|
certData += " Subject DN = " + x509Cert.getSubjectX500Principal().getName() + "\n";
|
||||||
certData += " Issuer DN = " + x509Cert.getIssuerX500Principal().getName() + "\n";
|
certData += " Issuer DN = " + x509Cert.getIssuerX500Principal().getName() + "\n";
|
||||||
certData += " Not Before Date = " + x509Cert.getNotBefore() + "\n";
|
certData += " Not Before Date = " + x509Cert.getNotBefore() + "\n";
|
||||||
certData += " Not After Date = " + x509Cert.getNotAfter() + "\n";
|
certData += " Not After Date = " + x509Cert.getNotAfter() + "\n";
|
||||||
certData += " Signature Algorithm = " + x509Cert.getSigAlgName() + "\n";
|
certData += " Signature Algorithm = " + x509Cert.getSigAlgName() + "\n";
|
||||||
certData += " SHA1 Fingerprint = " + getSHA1FingerPrint() + "\n";
|
certData += " SHA1 Fingerprint = " + getSHA1FingerPrint() + "\n";
|
||||||
return certData;
|
return certData;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user