ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-19 04:58:00 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #262 from nsacyber/issue-257

Browse Source 
[#257] Changes for 2.0 beta
This commit is contained in:
iadgovuser26 2020-06-16 09:08:54 -04:00 committed by GitHub
commit 908c49e54f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 177 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tools/tcg_rim_tool/build.gradle
View File

@ -6,10 +6,8 @@ repositories {
}
dependencies {
compile libs.minimal_json
compile libs.jcommander
compile libs.bouncy_castle
testCompile libs.testng
compile 'com.eclipsesource.minimal-json:minimal-json:0.9.5', 'com.beust:jcommander:1.72', 'org.bouncycastle:bcmail-jdk15on:1.59'
testCompile 'org.testng:testng:6.8.8'
}
jar {

34
tools/tcg_rim_tool/generated_swidTag.swidtag
View File

@ -1,34 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<ns2:SoftwareIdentity xmlns:ns2="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true">
<Signature>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>gLCM4kz8qvB6JkV+yDnv3KzqEloiSsBik2OeyBOSw/A=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>a+kmQfOSpSaMnazRJIOq2349Iuskpan4vh0N4dobjJ8Tb3lPjf97YiqgFsoSm5uydOPXs/lkN51g
Ox9CCBZ2bquDuuBPpAq5IQ3wZ28G+DYzva+pz7EHKge3gIRzMKjCyDx4bjn+3GUeg+A4KNHNcUfi
qkDVi3245/4IC/nIzm6a+3qVqsYH4mLqp1yO/Xbuqvkc5X0GobGIO6EOhXxuBii6O7GGv+cIVp3v
Xdd9zIwFVedeqeYextz5EDzDNHittmtNd+KEl0N3/45aXGDiRFiuiNy/sf7KR+wutbwJV7RlaDN7
QEaanCXCs6h5PehTh8EDEE9atceBS7IBje0dtw==</SignatureValue>
<KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</ns2:SoftwareIdentity>

2
tools/tcg_rim_tool/package.sh
View File

@ -6,7 +6,7 @@ pushd $SCRIPT_DIR
name="tcg_rim_tool"
tar -cf $name.tar build.gradle gradle* src/ docs/
tar -cf $name.tar build.gradle gradle* src/ docs/ rim_fields.json keystore.jks
gzip $name.tar
if [ -d rpmbuild ]; then
rm -rf rpmbuild

5
tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
View File

@ -52,8 +52,11 @@ public class CredentialParser {
publicKey = certificate.getPublicKey();
}
public void parsePEMCredentials(String certificateFile, String privateKeyFile) throws FileNotFoundException {
public void parsePEMCredentials(String certificateFile, String privateKeyFile) throws CertificateException, FileNotFoundException {
certificate = parsePEMCertificate(certificateFile);
if (certificate.getIssuerX500Principal().equals(certificate.getSubjectX500Principal())) {
throw new CertificateException("Signing certificate cannot be self-signed!");
}
privateKey = parsePEMPrivateKey(privateKeyFile, "RSA");
publicKey = certificate.getPublicKey();
}

17
tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
View File

@ -21,8 +21,8 @@ public class Main {
if (!commander.getVerifyFile().isEmpty()) {
System.out.println(commander.toString());
String verifyFile = commander.getVerifyFile();
String publicCertificate = commander.getPublicCertificate();
if (!verifyFile.isEmpty() && !publicCertificate.isEmpty()) {
//String publicCertificate = commander.getPublicCertificate();
if (!verifyFile.isEmpty()) {
try {
gateway.validateSwidTag(verifyFile);
} catch (IOException e) {
@ -30,7 +30,7 @@ public class Main {
System.exit(1);
}
} else {
System.out.println("Need both a RIM file to validate and a public certificate to validate with!");
System.out.println("Need a RIM file to validate!");
System.exit(1);
}
} else {
@ -39,6 +39,7 @@ public class Main {
String attributesFile = commander.getAttributesFile();
String certificateFile = commander.getPublicCertificate();
String privateKeyFile = commander.getPrivateKeyFile();
String rimEventLog = commander.getRimEventLog();
switch (createType) {
case "BASE":
if (!attributesFile.isEmpty()) {
@ -49,12 +50,14 @@ public class Main {
gateway.setPemCertificateFile(certificateFile);
gateway.setPemPrivateKeyFile(privateKeyFile);
}
if (rimEventLog.isEmpty()) {
System.out.println("Error: a support RIM is required!");
System.exit(1);
} else {
gateway.setRimEventLog(rimEventLog);
}
gateway.generateSwidTag(commander.getOutFile());
break;
case "EVENTLOG":
break;
case "PCR":
break;
}
}
}

2
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java
View File

@ -15,7 +15,7 @@ public class SwidTagConstants {
public static final String DEFAULT_KEYSTORE_PATH = "keystore.jks";
public static final String DEFAULT_KEYSTORE_PASSWORD = "password";
public static final String DEFAULT_PRIVATE_KEY_ALIAS = "selfsigned";
public static final String DEFAULT_ATTRIBUTES_FILE = "/etc/hirs/rim_fields.json";
public static final String DEFAULT_ATTRIBUTES_FILE = "rim_fields.json";
public static final String DEFAULT_ENGLISH = "en";
public static final String SIGNATURE_ALGORITHM_RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";

67
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
View File

@ -42,6 +42,7 @@ import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import hirs.swid.utils.HashSwid;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
@ -59,6 +60,8 @@ import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@ -72,6 +75,7 @@ import java.math.BigInteger;
import hirs.swid.xjc.Directory;
import hirs.swid.xjc.Entity;
import hirs.swid.xjc.Link;
import hirs.swid.xjc.Meta;
import hirs.swid.xjc.ObjectFactory;
import hirs.swid.xjc.ResourceCollection;
import hirs.swid.xjc.SoftwareIdentity;
@ -100,6 +104,7 @@ public class SwidTagGateway {
private boolean defaultCredentials;
private String pemPrivateKeyFile;
private String pemCertificateFile;
private String rimEventLog;
/**
* Default constructor initializes jaxbcontext, marshaller, and unmarshaller
@ -142,13 +147,22 @@ public class SwidTagGateway {
this.pemPrivateKeyFile = pemPrivateKeyFile;
}
/** Setter for certificate file in PEM format
/**
* Setter for certificate file in PEM format
* @param pemCertificateFile
*/
public void setPemCertificateFile(String pemCertificateFile) {
this.pemCertificateFile = pemCertificateFile;
}
/**
* Setter for event log support RIM
* @param rimEventLog
*/
public void setRimEventLog(String rimEventLog) {
this.rimEventLog = rimEventLog;
}
/**
* This method generates a base RIM from the values in a JSON file.
*
@ -174,10 +188,7 @@ public class SwidTagGateway {
createSoftwareMeta(configProperties.get(SwidTagConstants.META).asObject()));
swidTag.getEntityOrEvidenceOrLink().add(meta);
//File
hirs.swid.xjc.File file = createFile(
configProperties.get(SwidTagConstants.PAYLOAD).asObject()
.get(SwidTagConstants.DIRECTORY).asObject()
.get(SwidTagConstants.FILE).asObject());
hirs.swid.xjc.File file = createFile();
//Directory
Directory directory = createDirectory(
configProperties.get(SwidTagConstants.PAYLOAD).asObject()
@ -219,6 +230,8 @@ public class SwidTagGateway {
si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n");
si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n");
System.out.println(si.toString());
Element file = (Element) document.getElementsByTagName("File").item(0);
validateFile(file);
System.out.println("Signature core validity: " + validateSignedXMLDocument(document));
return true;
}
@ -405,13 +418,42 @@ public class SwidTagGateway {
return directory;
}
/**
* This method creates a hirs.swid.xjc.File from three arguments, then calculates
* and stores its hash as an attribute in itself.
/**
* This method creates a hirs.swid.xjc.File from an indirect payload type by
* calculating the hash of a given event log support RIM.
*/
private hirs.swid.xjc.File createFile() {
hirs.swid.xjc.File file = objectFactory.createFile();
file.setName(rimEventLog);
File rimEventLogFile = new File(rimEventLog);
file.setSize(new BigInteger(Long.toString(rimEventLogFile.length())));
Map<QName, String> attributes = file.getOtherAttributes();
addNonNullAttribute(attributes, _SHA256_HASH, HashSwid.get256Hash(rimEventLog));
return file;
}
/**
* This method validates a hirs.swid.xjc.File from an indirect payload
*/
private boolean validateFile(Element file) {
String filepath = file.getAttribute(SwidTagConstants.NAME);
System.out.println("Support rim found at " + filepath);
if (HashSwid.get256Hash(filepath).equals(file.getAttribute(_SHA256_HASH.getPrefix() + ":" + _SHA256_HASH.getLocalPart()))) {
System.out.println("Support RIM hash verified!");
return true;
} else {
System.out.println("Support RIM hash does not match Base RIM!");
return false;
}
}
/**
* This method creates a hirs.swid.xjc.File from a direct payload type.
*
* @param jsonObject
* @return hirs.swid.xjc.File object from File object
*/
*
private hirs.swid.xjc.File createFile(JsonObject jsonObject) {
hirs.swid.xjc.File file = objectFactory.createFile();
file.setName(jsonObject.getString(SwidTagConstants.NAME, ""));
@ -423,7 +465,7 @@ public class SwidTagGateway {
addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_URI_GLOBAL, jsonObject.getString(SwidTagConstants.SUPPORT_RIM_URI_GLOBAL, ""));
return file;
}
}*/
private void addNonNullAttribute(Map<QName, String> attributes, QName key, String value) {
if (!value.isEmpty()) {
@ -492,6 +534,8 @@ public class SwidTagGateway {
System.out.println(e.getMessage());
} catch (KeyException e) {
System.out.println("Error setting public key in KeyValue: " + e.getMessage());
} catch (CertificateException e) {
System.out.println(e.getMessage());
} catch (JAXBException e) {
System.out.println("Error marshaling signed swidtag: " + e.getMessage());
} catch (MarshalException | XMLSignatureException e) {
@ -622,7 +666,8 @@ public class SwidTagGateway {
*/
private Document removeXMLWhitespace(String path) throws IOException {
TransformerFactory tf = TransformerFactory.newInstance();
Source source = new StreamSource(new File("identity_transform.xslt"));
Source source = new StreamSource(
SwidTagGateway.class.getClassLoader().getResourceAsStream("identity_transform.xslt"));
Document document = null;
File input = new File(path);
if (input.length() > 0) {

14
tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
View File

@ -35,10 +35,10 @@ public class Commander {
description = "The public key certificate used to verify a RIM file or to embed in a signed RIM. " +
"A signed RIM generated by this tool by default will not show the signing certificate without this parameter present.")
private String publicCertificate = "";
/*
@Parameter(names = {"-l", "--rimel <path>"}, order = 6,
description = "The TCG eventlog file to use as a support RIM. By default the last system eventlog will be used.")
private String rimEventLog = "";
/*
@Parameter(names = {"-t", "--rimpcr <path>"}, order = 7,
description = "The file containing TPM PCR values to use as a support RIM. By default the current platform TPM will be used.")
private String rimPcrs = "";
@ -76,11 +76,9 @@ public class Commander {
public String getPublicCertificate() {
return publicCertificate;
}
/*
public String getRimEventLog() {
return rimEventLog;
}
public String getRimEventLog() { return rimEventLog; }
/*
public String getRimPcrs() {
return rimPcrs;
}
@ -98,10 +96,10 @@ public class Commander {
sb.append("Create a base RIM using the values in attributes.json; " +
"sign it with the default keystore, alias, and password;\n");
sb.append("and write the data to base_rim.swidtag:\n\n");
sb.append("\t\t-c base -a attributes.json -o base_rim.swidtag\n\n\n");
sb.append("\t\t-c base -a attributes.json -l support_rim.swidtag -o base_rim.swidtag\n\n\n");
sb.append("Create a base RIM using the default attribute values; sign it using privateKey.pem;\n");
sb.append("and write the data to console output, to include cert.pem in the signature block:\n\n");
sb.append("\t\t-c base -k privateKey.pem -p cert.pem\n\n\n");
sb.append("\t\t-c base -l support_rim.swidtag -k privateKey.pem -p cert.pem\n\n\n");
return sb.toString();
}
@ -113,8 +111,8 @@ public class Commander {
sb.append("Verify file: " + getVerifyFile() + System.lineSeparator());
sb.append("Private key file: " + getPrivateKeyFile() + System.lineSeparator());
sb.append("Public certificate: " + getPublicCertificate() + System.lineSeparator());
/*
sb.append("Event log support RIM: " + getRimEventLog() + System.lineSeparator());
/*
sb.append("TPM PCRs support RIM: " + getRimPcrs() + System.lineSeparator());
sb.append("Base RIM to be signed: " + getToBeSigned() + System.lineSeparator());
sb.append("External signature file: " + getSignatureData() + System.lineSeparator());

26
tools/tcg_rim_tool/src/main/java/hirs/swid/utils/HashSwid.java
View File

@ -4,6 +4,8 @@ import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
@ -24,8 +26,8 @@ public class HashSwid {
* @param value
* @return
*/
public static String get256Hash(String value) {
return getHashValue(value, SHA256);
public static String get256Hash(String filepath) {
return getHashValue(filepath, SHA256);
}
/**
@ -33,8 +35,8 @@ public class HashSwid {
* @param value
* @return
*/
public String get384Hash(String value) {
return getHashValue(value, SHA384);
public String get384Hash(String filepath) {
return getHashValue(filepath, SHA384);
}
/**
@ -42,24 +44,28 @@ public class HashSwid {
* @param value
* @return
*/
public String get512Hash(String value) {
return getHashValue(value, SHA512);
public String get512Hash(String filepath) {
return getHashValue(filepath, SHA512);
}
/**
* This method creates the hash based on the provided algorithm and salt
* only accessible through helper methods.
*
* This method assumes an input file that is small enough to read in its
* entirety. Large files should be handled similarly to the public static
* getHashValue() below.
*
* @param value string object to hash
* @param filepath file contents to hash
* @param salt random value to make the hash stronger
* @param sha the algorithm to use for the hash
* @return
*/
private static String getHashValue(String value, String sha) {
private static String getHashValue(String filepath, String sha) {
String resultString = null;
try {
MessageDigest md = MessageDigest.getInstance(sha);
byte[] bytes = md.digest(value.getBytes(ENCODING));
byte[] bytes = md.digest(Files.readAllBytes(Paths.get(filepath)));
StringBuilder sb = new StringBuilder();
for (int i = 0; i < bytes.length; i++) {
@ -68,6 +74,8 @@ public class HashSwid {
resultString = sb.toString();
} catch (UnsupportedEncodingException | NoSuchAlgorithmException grex) {
System.out.println(grex.getMessage());
} catch (IOException e) {
System.out.println("Error reading in file to hash: " + e.getMessage());
}
return resultString;

0
tools/tcg_rim_tool/identity_transform.xslt → tools/tcg_rim_tool/src/main/resources/identity_transform.xslt
View File

6
tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
View File

@ -5,7 +5,9 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Paths;
import java.util.Scanner;
import java.net.URISyntaxException;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
@ -19,11 +21,13 @@ public class TestSwidTagGateway {
private final String DEFAULT_NO_CERT = "generated_no_cert.swidtag";
private final String certificateFile = "RimSignCert.pem";
private final String privateKeyFile = "privateRimKey.pem";
private final String supportRimFile = "TpmLog.bin";
private InputStream expectedFile;
@BeforeClass
public void setUp() throws Exception {
gateway = new SwidTagGateway();
gateway.setRimEventLog(supportRimFile);
}
@AfterClass
@ -38,7 +42,7 @@ public class TestSwidTagGateway {
* -c base -k privateRimKey.pem -p RimSignCert.pem
*/
@Test
public void testCreateBaseWithCert() {
public void testCreateBaseWithCert() throws URISyntaxException {
gateway.setDefaultCredentials(false);
gateway.setPemCertificateFile(certificateFile);
gateway.setPemPrivateKeyFile(privateKeyFile);

22
tools/tcg_rim_tool/src/test/resources/RimSignCert.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIJAPB+r6VBhBn5MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwI
UENDbGllbnQxEjAQBgNVBAMMCUV4YW1wbGVDQTAeFw0yMDAzMTExODExMjJaFw0z
MDAxMTgxODExMjJaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UE
CgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxGzAZBgNVBAMMEmV4YW1wbGUu
UklNLnNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKd1lWGk
SRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44
/nBaccZDOjdfIxIUCMfwhGXjxCaqZbgTucNsExDnu4arTGraoAwzHg0cVLiKT/Cx
j9NL4dcMgxRXsPdHfXb0923C7xYd2t2qfW05umgaj7qeQl6c68CFNsGX4JA8rWFQ
ZvvGx5DGlK4KTcjPuQQINs5fxasNKqLY2hq+z82x/rqwr2hmyizD6FpFSyIABPEM
PfB036GEhRwu1WEMkq8yIp2jgRUoFYke9pB3ph9pVow0Hh4mNFSKD4pP41VSKY1n
us83mdkuukPy5o0CAwEAAaNvMG0wHQYDVR0OBBYEFC/euOfQMKIgnaoBhhqWT+3s
8rzBMB8GA1UdIwQYMBaAFEahuO3bpnFf0NLneoo8XW6aw5Y4MAkGA1UdEwQCMAAw
CwYDVR0PBAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUA
A4IBAQBl2Bu9xpnHCCeeebjx+ILQXJXBd6q5+NQlV3zzBrf0bleZRtsOmsuFvWQo
KQxsfZuk7QcSvVd/1v8mqwJ0PwbFKQmrhIPWP+iowiBNqpG5PH9YxhpHQ1osOfib
NLOXMhudIQRY0yAgqQf+MOlXYa0stX8gkgftVBDRutuMKyOTf4a6d8TUcbG2Rnyz
O/6S9bq4cPDYLqWRBM+aGN8e00UWTKpBl6/1EU8wkJA6WdllK2e8mVkXUPWYyHTZ
0qQnrYiuLr36ycAznABDzEAoj4tMZbjIAfuscty6Ggzxl1WbyZLI6YzyXALwaYvr
crTLeyFynlKxuCfDnr1SAHDM65BY
-----END CERTIFICATE-----

BIN
tools/tcg_rim_tool/src/test/resources/TpmLog.bin Normal file
View File

Binary file not shown.

14
tools/tcg_rim_tool/src/test/resources/generated_no_cert.swidtag
View File

@ -5,7 +5,7 @@
<Meta xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:bindingSpec="IOT RIM" rim:bindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:rimLinkHash="88f21d8e44d4271149297404df91caf207130bfa116582408abd04ede6db7f51"/>
<Payload>
<Directory name="iotBase">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="688e293e3ccb522f6cf8a027c9ade7960f84bd0bf3a0b99812bc1fa498a2db8d" name="Example.com.iotBase.bin" size="15400"/>
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="8c6eb10211067d48734c393de37b52303658492457e6222e23dafa6b52486022" name="TpmLog.bin" size="7549"/>
</Directory>
</Payload>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
@ -17,14 +17,14 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>e3V54WPCVKryiRHONI37GttXgePQDEYz1GGPcpity5E=</DigestValue>
<DigestValue>h/jXVVy84NklF+ym8qeNfDEohLKKNLhr35iZ6vage7M=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>OMPKPXsLr0wbtQuUTlGAD9W0fkqmw8XJ3nQHc/LsRpzCZWdN/xtfxe3JleLbXcUt4PItqj1uB5Eg
8iBWyBSy+WJYvsoROjLjZ1sUQ92jMdCO69uBjaIihn1HS2H/YnB4trjc92AUIdhoJZt9KF90IlJQ
zu3HTmQfeRYs/c6Ck1k3bL1jnyWoNzhBqCuPYrZtPbv9opVP0YOxM5IjRkRgkZIDgYbh1k4WXw8O
/iIMZuVJDfKQJSNCTAZsIbUatGDQc/nOihLHdI90wG8zu9amgrl1AEKzH8z864Fan5uuXolfAaak
sLJl6RPCNcp+JNCXMMZiS8bmYPQnVJc1ze0I1A==</SignatureValue>
<SignatureValue>huu759PPTMaugu+6/c3JAv/Cb6eCiRxK5i5Mx2IpptDDjbDh9P1931KPEivmG8eZHgbGRFDgUviB
qHcvd4A8KpIdx1GfebPBGBVqnAHvIgAQp1ZOMFIjtYsJTFKrwG12Yc7uA8qdGLCXZ8OlEvim3P/9
VECXziVXAaEdC4IlaAt86XfbK+z5r2hFKSErYJZws45x1oZcBVXo9wZd7x0EyU0rMTGQbV5QbDsP
LOuWmG2t9jlR7Yu7gxJbhFrPJdI/Q6+JsmsnqKB47dVtXCp84lrlZg48S/nZ0OC62EmEHvzilx4C
y2fM/M0LbkZc5Ms8HD92YBsNF3UL3bHxnJT+YQ==</SignatureValue>
<KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue>

14
tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag
View File

@ -5,7 +5,7 @@
<Meta xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:bindingSpec="IOT RIM" rim:bindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:rimLinkHash="88f21d8e44d4271149297404df91caf207130bfa116582408abd04ede6db7f51"/>
<Payload>
<Directory name="iotBase">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="688e293e3ccb522f6cf8a027c9ade7960f84bd0bf3a0b99812bc1fa498a2db8d" name="Example.com.iotBase.bin" size="15400"/>
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="8c6eb10211067d48734c393de37b52303658492457e6222e23dafa6b52486022" name="TpmLog.bin" size="7549"/>
</Directory>
</Payload>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
@ -17,14 +17,14 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>e3V54WPCVKryiRHONI37GttXgePQDEYz1GGPcpity5E=</DigestValue>
<DigestValue>h/jXVVy84NklF+ym8qeNfDEohLKKNLhr35iZ6vage7M=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>OMPKPXsLr0wbtQuUTlGAD9W0fkqmw8XJ3nQHc/LsRpzCZWdN/xtfxe3JleLbXcUt4PItqj1uB5Eg
8iBWyBSy+WJYvsoROjLjZ1sUQ92jMdCO69uBjaIihn1HS2H/YnB4trjc92AUIdhoJZt9KF90IlJQ
zu3HTmQfeRYs/c6Ck1k3bL1jnyWoNzhBqCuPYrZtPbv9opVP0YOxM5IjRkRgkZIDgYbh1k4WXw8O
/iIMZuVJDfKQJSNCTAZsIbUatGDQc/nOihLHdI90wG8zu9amgrl1AEKzH8z864Fan5uuXolfAaak
sLJl6RPCNcp+JNCXMMZiS8bmYPQnVJc1ze0I1A==</SignatureValue>
<SignatureValue>huu759PPTMaugu+6/c3JAv/Cb6eCiRxK5i5Mx2IpptDDjbDh9P1931KPEivmG8eZHgbGRFDgUviB
qHcvd4A8KpIdx1GfebPBGBVqnAHvIgAQp1ZOMFIjtYsJTFKrwG12Yc7uA8qdGLCXZ8OlEvim3P/9
VECXziVXAaEdC4IlaAt86XfbK+z5r2hFKSErYJZws45x1oZcBVXo9wZd7x0EyU0rMTGQbV5QbDsP
LOuWmG2t9jlR7Yu7gxJbhFrPJdI/Q6+JsmsnqKB47dVtXCp84lrlZg48S/nZ0OC62EmEHvzilx4C
y2fM/M0LbkZc5Ms8HD92YBsNF3UL3bHxnJT+YQ==</SignatureValue>
<KeyInfo>
<X509Data>
<X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName>

28
tools/tcg_rim_tool/src/test/resources/privateRimKey.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCndZVhpEkbsQAG
NsB2oNhlcVJNXWcdj06X0Dn5by3nHAFcGvJkIZbEREavkCvIpY/F36rOOP5wWnHG
Qzo3XyMSFAjH8IRl48QmqmW4E7nDbBMQ57uGq0xq2qAMMx4NHFS4ik/wsY/TS+HX
DIMUV7D3R3129Pdtwu8WHdrdqn1tObpoGo+6nkJenOvAhTbBl+CQPK1hUGb7xseQ
xpSuCk3Iz7kECDbOX8WrDSqi2Noavs/Nsf66sK9oZsosw+haRUsiAATxDD3wdN+h
hIUcLtVhDJKvMiKdo4EVKBWJHvaQd6YfaVaMNB4eJjRUig+KT+NVUimNZ7rPN5nZ
LrpD8uaNAgMBAAECggEAcnG8npd9U0x7HMQMcsZoPaPdwHvF/gCzkLNA+8RM1bZh
A4ZzA5WlCQs0V8Wq9pyXjn7Wp8txsG1PdlT5k2AUgsVoXuR0R4IKyvYHQG9StEjH
GvWURmwJdLlnSg8hSYqEJ/52taNUDO6+MI8fgiaQDd8w0ryF4OCpLy9GJdnfkGYZ
Ayemb3USFUdj/S67NVqxnvAfFMM5FqkKGhkoy7wBRgO6eOeJvoTq8LMiPiponwwF
DW409ZStbrk1f1Oszst/UvFUWA9BdDfeoPmFR61y3eB5zlMQG8Mhr2v5hvkj9TPX
FU4Fm4EzZ1h/60cdWoP6XYCP7F2NqZ8N8u4UBQNAIQKBgQDcGIw5GJEvRF+FFTTR
hYatMRn80DGTVjdT32MgajdKx05OWxBmQsFob34fiSnr0wAXPJeDXG4ruMBE2bSk
EC8rCO08G8ihQoH8x0cvuERe1fpVWk3RWNucVGIiJSEXAIwWrlYZLTfYd5GqBkPE
OQxxo4MtOyqeHmVH1mOywk9ABQKBgQDCxt95luzqQZV9Xl78QQvOIbjOdHLjY23Z
yp8sGt9birL/WZ33TCRgmH1e61BdrSqO7Om/ail2Y59XM5UU6kLbDj0IgmOPTsrJ
JmIVf8r3bKltVUaLePgr4yex7dmtHRH8OkLXKnE0RCO0kCi9kJMB12yE3pWxk+Pu
zztQd3a66QKBgBNJd2g9deONe01fOVyu9clRhzR3ThDaOkj4R2h8xlGgO4V0R3Ce
ovIy6vt6epj2yYg/wAs720+rhfXCmijSXj/ILXnZ+W/gMyHimKNe42boG2LFYhJZ
Vg1R+7OAS3EHlD8ckeDs7Hrkp3gdymx0j1mZ+ZHKIIbwpPFxoRT2IBm9AoGBAI0Z
bIK0puP8psKvPrgWluq42xwUl7XKLaX8dtqIjQ3PqGP7E8g2TJP9Y7UDWrDB5Xas
gZi821R8Ts3o/DKukcgGxIgJjP4f4h9dwug4L1yWRxaBFB2tgHqqj/MBjxMtX/4M
Zqdgg6mNQyBm3lyVAynuWRrX9DE0JYa2cQ2VvVkhAoGBAMBv/oT813w00759PmkO
Uxv3LXTJuYBbq0Rmga25jN3ow8LrGQdSVg7F/af3I5KUF7mLiegDy1pkRfauyXH7
+WhEqnf86vDrzPpytDMxinWOQZusCqeWHb+nuVTuL3Fv+GxEdwVGYI/7lFJ7B//h
P5rU93ZoYY7sWcGVqaaEkMRU
-----END PRIVATE KEY-----

14
tools/tcg_rim_tool/tcg_rim_tool.spec
View File

@ -16,17 +16,25 @@ This tool will generate a root RIM file for PC clients in accordance with the sc
%prep
%setup -q -c -n %{name}
%pre
rm -f /opt/hirs/rimtool/%{name}*.jar
%build
./gradlew build
%install
mkdir -p %{buildroot}/opt/hirs/rim/
cp build/libs/%{name}-%{version}.jar %{buildroot}/opt/hirs/rim/
mkdir -p %{buildroot}/opt/hirs/rimtool/
cp build/libs/%{name}-%{version}.jar %{buildroot}/opt/hirs/rimtool/
cp ./rim_fields.json %{buildroot}/opt/hirs/rimtool/
cp ./keystore.jks %{buildroot}/opt/hirs/rimtool/
%files
/opt/hirs/rim/%{name}-%{version}.jar
/opt/hirs/rimtool/%{name}-%{version}.jar
/opt/hirs/rimtool/rim_fields.json
/opt/hirs/rimtool/keystore.jks
%changelog
* Mon Jun 15 2020 chubtub
- First release
* Mon Jan 6 2020 chubtub
- First change