Merge pull request #262 from nsacyber/issue-257

[#257] Changes for 2.0 beta
2024-12-23 14:52:31 +00:00 · 2020-06-16 09:08:54 -04:00 · 2020-06-16 09:08:54 -04:00 · 908c49e54f
commit 908c49e54f
parent fb9cca295a 3747c1911e
17 changed files with 177 additions and 94 deletions
--- a/tools/tcg_rim_tool/build.gradle
+++ b/tools/tcg_rim_tool/build.gradle
@ -6,10 +6,8 @@ repositories {
 }
 dependencies {
-	compile libs.minimal_json
+	compile 'com.eclipsesource.minimal-json:minimal-json:0.9.5', 'com.beust:jcommander:1.72', 'org.bouncycastle:bcmail-jdk15on:1.59'
-	compile libs.jcommander
+	testCompile 'org.testng:testng:6.8.8'
 	compile libs.bouncy_castle
 	testCompile libs.testng
 }
 jar {
--- a/tools/tcg_rim_tool/generated_swidTag.swidtag
+++ b/tools/tcg_rim_tool/generated_swidTag.swidtag
@ -1,34 +0,0 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <ns2:SoftwareIdentity xmlns:ns2="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true">
  <Signature>
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
      <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <DigestValue>gLCM4kz8qvB6JkV+yDnv3KzqEloiSsBik2OeyBOSw/A=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>a+kmQfOSpSaMnazRJIOq2349Iuskpan4vh0N4dobjJ8Tb3lPjf97YiqgFsoSm5uydOPXs/lkN51g
 Ox9CCBZ2bquDuuBPpAq5IQ3wZ28G+DYzva+pz7EHKge3gIRzMKjCyDx4bjn+3GUeg+A4KNHNcUfi
 qkDVi3245/4IC/nIzm6a+3qVqsYH4mLqp1yO/Xbuqvkc5X0GobGIO6EOhXxuBii6O7GGv+cIVp3v
 Xdd9zIwFVedeqeYextz5EDzDNHittmtNd+KEl0N3/45aXGDiRFiuiNy/sf7KR+wutbwJV7RlaDN7
 QEaanCXCs6h5PehTh8EDEE9atceBS7IBje0dtw==</SignatureValue>
    <KeyInfo>
      <KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
      <KeyValue>
        <RSAKeyValue>
          <Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
 xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
 dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
 otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
 jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
          <Exponent>AQAB</Exponent>
        </RSAKeyValue>
      </KeyValue>
    </KeyInfo>
  </Signature>
 </ns2:SoftwareIdentity>
--- a/tools/tcg_rim_tool/package.sh
+++ b/tools/tcg_rim_tool/package.sh
@ -6,7 +6,7 @@ pushd $SCRIPT_DIR
 name="tcg_rim_tool"
-tar -cf $name.tar build.gradle gradle* src/ docs/
+tar -cf $name.tar build.gradle gradle* src/ docs/ rim_fields.json keystore.jks
 gzip $name.tar
 if [ -d rpmbuild ]; then
 	rm -rf rpmbuild
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
@ -52,8 +52,11 @@ public class CredentialParser {
        publicKey = certificate.getPublicKey();
    }
-    public void parsePEMCredentials(String certificateFile, String privateKeyFile) throws FileNotFoundException {
+    public void parsePEMCredentials(String certificateFile, String privateKeyFile) throws CertificateException, FileNotFoundException {
        certificate = parsePEMCertificate(certificateFile);
        if (certificate.getIssuerX500Principal().equals(certificate.getSubjectX500Principal())) {
            throw new CertificateException("Signing certificate cannot be self-signed!");
        }
        privateKey = parsePEMPrivateKey(privateKeyFile, "RSA");
        publicKey = certificate.getPublicKey();
    }
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
@ -21,8 +21,8 @@ public class Main {
            if (!commander.getVerifyFile().isEmpty()) {
                System.out.println(commander.toString());
                String verifyFile = commander.getVerifyFile();
-                String publicCertificate = commander.getPublicCertificate();
+                //String publicCertificate = commander.getPublicCertificate();
-                if (!verifyFile.isEmpty() && !publicCertificate.isEmpty()) {
+                if (!verifyFile.isEmpty()) {
                    try {
                        gateway.validateSwidTag(verifyFile);
                    } catch (IOException e) {
@ -30,7 +30,7 @@ public class Main {
                        System.exit(1);
                    }
                } else {
-                    System.out.println("Need both a RIM file to validate and a public certificate to validate with!");
+                    System.out.println("Need a RIM file to validate!");
                    System.exit(1);
                }
            } else {
@ -39,6 +39,7 @@ public class Main {
                String attributesFile = commander.getAttributesFile();
                String certificateFile = commander.getPublicCertificate();
                String privateKeyFile = commander.getPrivateKeyFile();
                String rimEventLog = commander.getRimEventLog();
                switch (createType) {
                    case "BASE":
                        if (!attributesFile.isEmpty()) {
@ -49,12 +50,14 @@ public class Main {
                            gateway.setPemCertificateFile(certificateFile);
                            gateway.setPemPrivateKeyFile(privateKeyFile);
                        }
                        if (rimEventLog.isEmpty()) {
                            System.out.println("Error: a support RIM is required!");
                            System.exit(1);
                        } else {
                            gateway.setRimEventLog(rimEventLog);
                        }
                        gateway.generateSwidTag(commander.getOutFile());
                        break;
                    case "EVENTLOG":
                        break;
                    case "PCR":
                        break;
                }
            }
        }
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java
@ -15,7 +15,7 @@ public class SwidTagConstants {
    public static final String DEFAULT_KEYSTORE_PATH = "keystore.jks";
    public static final String DEFAULT_KEYSTORE_PASSWORD = "password";
    public static final String DEFAULT_PRIVATE_KEY_ALIAS = "selfsigned";
-    public static final String DEFAULT_ATTRIBUTES_FILE = "/etc/hirs/rim_fields.json";
+    public static final String DEFAULT_ATTRIBUTES_FILE = "rim_fields.json";
    public static final String DEFAULT_ENGLISH = "en";
    public static final String SIGNATURE_ALGORITHM_RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
@ -42,6 +42,7 @@ import javax.xml.crypto.dsig.spec.TransformParameterSpec;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import hirs.swid.utils.HashSwid;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@ -59,6 +60,8 @@ import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.security.*;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@ -72,6 +75,7 @@ import java.math.BigInteger;
 import hirs.swid.xjc.Directory;
 import hirs.swid.xjc.Entity;
 import hirs.swid.xjc.Link;
 import hirs.swid.xjc.Meta;
 import hirs.swid.xjc.ObjectFactory;
 import hirs.swid.xjc.ResourceCollection;
 import hirs.swid.xjc.SoftwareIdentity;
@ -100,6 +104,7 @@ public class SwidTagGateway {
    private boolean defaultCredentials;
    private String pemPrivateKeyFile;
    private String pemCertificateFile;
    private String rimEventLog;
    /**
     * Default constructor initializes jaxbcontext, marshaller, and unmarshaller
@ -142,13 +147,22 @@ public class SwidTagGateway {
        this.pemPrivateKeyFile = pemPrivateKeyFile;
    }
-    /** Setter for certificate file in PEM format
+    /**
     * Setter for certificate file in PEM format
     * @param pemCertificateFile
     */
    public void setPemCertificateFile(String pemCertificateFile) {
        this.pemCertificateFile = pemCertificateFile;
    }
    /**
     * Setter for event log support RIM
     * @param rimEventLog
     */
    public void setRimEventLog(String rimEventLog) {
        this.rimEventLog = rimEventLog;
    }
    /**
     * This method generates a base RIM from the values in a JSON file.
     *
@ -174,10 +188,7 @@ public class SwidTagGateway {
                    createSoftwareMeta(configProperties.get(SwidTagConstants.META).asObject()));
            swidTag.getEntityOrEvidenceOrLink().add(meta);
            //File
-            hirs.swid.xjc.File file = createFile(
+            hirs.swid.xjc.File file = createFile();
                    configProperties.get(SwidTagConstants.PAYLOAD).asObject()
                                    .get(SwidTagConstants.DIRECTORY).asObject()
                                    .get(SwidTagConstants.FILE).asObject());
            //Directory
            Directory directory = createDirectory(
                    configProperties.get(SwidTagConstants.PAYLOAD).asObject()
@ -219,6 +230,8 @@ public class SwidTagGateway {
        si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n");
        si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n");
        System.out.println(si.toString());
        Element file = (Element) document.getElementsByTagName("File").item(0);
        validateFile(file);
        System.out.println("Signature core validity: " + validateSignedXMLDocument(document));
        return true;
    }
@ -405,13 +418,42 @@ public class SwidTagGateway {
        return directory;
    }
-   /**
+    /**
-     * This method creates a hirs.swid.xjc.File from three arguments, then calculates
+     * This method creates a hirs.swid.xjc.File from an indirect payload type by
-     * and stores its hash as an attribute in itself.
+     * calculating the hash of a given event log support RIM.
     */
    private hirs.swid.xjc.File createFile() {
        hirs.swid.xjc.File file = objectFactory.createFile();
        file.setName(rimEventLog);
        File rimEventLogFile = new File(rimEventLog);
        file.setSize(new BigInteger(Long.toString(rimEventLogFile.length())));
        Map<QName, String> attributes = file.getOtherAttributes();
        addNonNullAttribute(attributes, _SHA256_HASH, HashSwid.get256Hash(rimEventLog));
        return file;
    }
    /**
     * This method validates a hirs.swid.xjc.File from an indirect payload
     */
    private boolean validateFile(Element file) {
        String filepath = file.getAttribute(SwidTagConstants.NAME);
        System.out.println("Support rim found at " + filepath);
        if (HashSwid.get256Hash(filepath).equals(file.getAttribute(_SHA256_HASH.getPrefix() + ":" + _SHA256_HASH.getLocalPart()))) {
            System.out.println("Support RIM hash verified!");
            return true;
        } else {
            System.out.println("Support RIM hash does not match Base RIM!");
            return false;
        }
    }
    /**
     * This method creates a hirs.swid.xjc.File from a direct payload type.
     *
     * @param jsonObject
     * @return hirs.swid.xjc.File object from File object
-     */
+     *
    private hirs.swid.xjc.File createFile(JsonObject jsonObject) {
        hirs.swid.xjc.File file = objectFactory.createFile();
        file.setName(jsonObject.getString(SwidTagConstants.NAME, ""));
@ -423,7 +465,7 @@ public class SwidTagGateway {
        addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_URI_GLOBAL, jsonObject.getString(SwidTagConstants.SUPPORT_RIM_URI_GLOBAL, ""));
        return file;
-    }
+    }*/
    private void addNonNullAttribute(Map<QName, String> attributes, QName key, String value) {
        if (!value.isEmpty()) {
@ -492,6 +534,8 @@ public class SwidTagGateway {
            System.out.println(e.getMessage());
        } catch (KeyException e) {
            System.out.println("Error setting public key in KeyValue: " + e.getMessage());
        } catch (CertificateException e) {
            System.out.println(e.getMessage());
        } catch (JAXBException e) {
            System.out.println("Error marshaling signed swidtag: " + e.getMessage());
        } catch (MarshalException | XMLSignatureException e) {
@ -622,7 +666,8 @@ public class SwidTagGateway {
     */
    private Document removeXMLWhitespace(String path) throws IOException {
        TransformerFactory tf = TransformerFactory.newInstance();
-        Source source = new StreamSource(new File("identity_transform.xslt"));
+        Source source = new StreamSource(
                SwidTagGateway.class.getClassLoader().getResourceAsStream("identity_transform.xslt"));
        Document document = null;
        File input = new File(path);
        if (input.length() > 0) {
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
@ -35,10 +35,10 @@ public class Commander {
            description = "The public key certificate used to verify a RIM file or to embed in a signed RIM. " +
                    "A signed RIM generated by this tool by default will not show the signing certificate without this parameter present.")
    private String publicCertificate = "";
 /*
    @Parameter(names = {"-l", "--rimel <path>"}, order = 6,
            description = "The TCG eventlog file to use as a support RIM. By default the last system eventlog will be used.")
    private String rimEventLog = "";
 /*
    @Parameter(names = {"-t", "--rimpcr <path>"}, order = 7,
            description = "The file containing TPM PCR values to use as a support RIM. By default the current platform TPM will be used.")
    private String rimPcrs = "";
@ -76,11 +76,9 @@ public class Commander {
    public String getPublicCertificate() {
        return publicCertificate;
    }
 /*
    public String getRimEventLog() {
        return rimEventLog;
    }
    public String getRimEventLog() { return rimEventLog; }
 /*
    public String getRimPcrs() {
        return rimPcrs;
    }
@ -98,10 +96,10 @@ public class Commander {
        sb.append("Create a base RIM using the values in attributes.json; " +
                "sign it with the default keystore, alias, and password;\n");
        sb.append("and write the data to base_rim.swidtag:\n\n");
-        sb.append("\t\t-c base -a attributes.json -o base_rim.swidtag\n\n\n");
+        sb.append("\t\t-c base -a attributes.json -l support_rim.swidtag -o base_rim.swidtag\n\n\n");
        sb.append("Create a base RIM using the default attribute values; sign it using privateKey.pem;\n");
        sb.append("and write the data to console output, to include cert.pem in the signature block:\n\n");
-        sb.append("\t\t-c base -k privateKey.pem -p cert.pem\n\n\n");
+        sb.append("\t\t-c base -l support_rim.swidtag -k privateKey.pem -p cert.pem\n\n\n");
        return sb.toString();
    }
@ -113,8 +111,8 @@ public class Commander {
        sb.append("Verify file: " + getVerifyFile() + System.lineSeparator());
        sb.append("Private key file: " + getPrivateKeyFile() + System.lineSeparator());
        sb.append("Public certificate: " + getPublicCertificate() + System.lineSeparator());
 /*
        sb.append("Event log support RIM: " + getRimEventLog() + System.lineSeparator());
 /*
        sb.append("TPM PCRs support RIM: " + getRimPcrs() + System.lineSeparator());
        sb.append("Base RIM to be signed: " + getToBeSigned() + System.lineSeparator());
        sb.append("External signature file: " + getSignatureData() + System.lineSeparator());
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/HashSwid.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/HashSwid.java
@ -4,6 +4,8 @@ import java.io.BufferedInputStream;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.Base64;
@ -24,8 +26,8 @@ public class HashSwid {
     * @param value
     * @return 
     */
-    public static String get256Hash(String value) {
+    public static String get256Hash(String filepath) {
-        return getHashValue(value, SHA256);
+        return getHashValue(filepath, SHA256);
    }
    /**
@ -33,8 +35,8 @@ public class HashSwid {
     * @param value
     * @return 
     */
-    public String get384Hash(String value) {
+    public String get384Hash(String filepath) {
-        return getHashValue(value, SHA384);
+        return getHashValue(filepath, SHA384);
    }
    /**
@ -42,24 +44,28 @@ public class HashSwid {
     * @param value
     * @return 
     */
-    public String get512Hash(String value) {
+    public String get512Hash(String filepath) {
-        return getHashValue(value, SHA512);
+        return getHashValue(filepath, SHA512);
    }
    /**
     * This method creates the hash based on the provided algorithm and salt
     * only accessible through helper methods.
     *
     * This method assumes an input file that is small enough to read in its
     * entirety.  Large files should be handled similarly to the public static
     * getHashValue() below.
     * 
-     * @param value string object to hash
+     * @param filepath file contents to hash
     * @param salt random value to make the hash stronger
     * @param sha the algorithm to use for the hash
     * @return 
     */
-    private static String getHashValue(String value, String sha) {
+    private static String getHashValue(String filepath, String sha) {
        String resultString = null;
        try {
            MessageDigest md = MessageDigest.getInstance(sha);            
-            byte[] bytes = md.digest(value.getBytes(ENCODING));
+            byte[] bytes = md.digest(Files.readAllBytes(Paths.get(filepath)));
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < bytes.length; i++) {
@ -68,6 +74,8 @@ public class HashSwid {
            resultString = sb.toString();
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException grex) {
            System.out.println(grex.getMessage());
        } catch (IOException e) {
            System.out.println("Error reading in file to hash: " + e.getMessage());
        }
        return resultString;
--- a/tools/tcg_rim_tool/src/main/resources/identity_transform.xslt
+++ b/tools/tcg_rim_tool/src/main/resources/identity_transform.xslt
--- a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
+++ b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
@ -5,7 +5,9 @@ import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Paths;
 import java.util.Scanner;
 import java.net.URISyntaxException;
 import org.testng.Assert;
 import org.testng.annotations.BeforeClass;
@ -19,11 +21,13 @@ public class TestSwidTagGateway {
 	private final String DEFAULT_NO_CERT = "generated_no_cert.swidtag";
 	private final String certificateFile = "RimSignCert.pem";
 	private final String privateKeyFile = "privateRimKey.pem";
 	private final String supportRimFile = "TpmLog.bin";
 	private InputStream expectedFile;
 	@BeforeClass
 	public void setUp() throws Exception {
 		gateway = new SwidTagGateway();
 		gateway.setRimEventLog(supportRimFile);
 	}
 	@AfterClass
@ -38,7 +42,7 @@ public class TestSwidTagGateway {
 	 * -c base -k privateRimKey.pem -p RimSignCert.pem
 	 */
 	@Test
-	public void testCreateBaseWithCert() {
+	public void testCreateBaseWithCert() throws URISyntaxException {
 		gateway.setDefaultCredentials(false);
 		gateway.setPemCertificateFile(certificateFile);
 		gateway.setPemPrivateKeyFile(privateKeyFile);
--- a/tools/tcg_rim_tool/src/test/resources/RimSignCert.pem
+++ b/tools/tcg_rim_tool/src/test/resources/RimSignCert.pem
@ -0,0 +1,22 @@
 -----BEGIN CERTIFICATE-----
 MIIDoTCCAomgAwIBAgIJAPB+r6VBhBn5MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
 BAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwI
 UENDbGllbnQxEjAQBgNVBAMMCUV4YW1wbGVDQTAeFw0yMDAzMTExODExMjJaFw0z
 MDAxMTgxODExMjJaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UE
 CgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxGzAZBgNVBAMMEmV4YW1wbGUu
 UklNLnNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKd1lWGk
 SRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44
 /nBaccZDOjdfIxIUCMfwhGXjxCaqZbgTucNsExDnu4arTGraoAwzHg0cVLiKT/Cx
 j9NL4dcMgxRXsPdHfXb0923C7xYd2t2qfW05umgaj7qeQl6c68CFNsGX4JA8rWFQ
 ZvvGx5DGlK4KTcjPuQQINs5fxasNKqLY2hq+z82x/rqwr2hmyizD6FpFSyIABPEM
 PfB036GEhRwu1WEMkq8yIp2jgRUoFYke9pB3ph9pVow0Hh4mNFSKD4pP41VSKY1n
 us83mdkuukPy5o0CAwEAAaNvMG0wHQYDVR0OBBYEFC/euOfQMKIgnaoBhhqWT+3s
 8rzBMB8GA1UdIwQYMBaAFEahuO3bpnFf0NLneoo8XW6aw5Y4MAkGA1UdEwQCMAAw
 CwYDVR0PBAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUA
 A4IBAQBl2Bu9xpnHCCeeebjx+ILQXJXBd6q5+NQlV3zzBrf0bleZRtsOmsuFvWQo
 KQxsfZuk7QcSvVd/1v8mqwJ0PwbFKQmrhIPWP+iowiBNqpG5PH9YxhpHQ1osOfib
 NLOXMhudIQRY0yAgqQf+MOlXYa0stX8gkgftVBDRutuMKyOTf4a6d8TUcbG2Rnyz
 O/6S9bq4cPDYLqWRBM+aGN8e00UWTKpBl6/1EU8wkJA6WdllK2e8mVkXUPWYyHTZ
 0qQnrYiuLr36ycAznABDzEAoj4tMZbjIAfuscty6Ggzxl1WbyZLI6YzyXALwaYvr
 crTLeyFynlKxuCfDnr1SAHDM65BY
 -----END CERTIFICATE-----
--- a/tools/tcg_rim_tool/src/test/resources/TpmLog.bin
+++ b/tools/tcg_rim_tool/src/test/resources/TpmLog.bin
--- a/tools/tcg_rim_tool/src/test/resources/generated_no_cert.swidtag
+++ b/tools/tcg_rim_tool/src/test/resources/generated_no_cert.swidtag
@ -5,7 +5,7 @@
  <Meta xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:bindingSpec="IOT RIM" rim:bindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:rimLinkHash="88f21d8e44d4271149297404df91caf207130bfa116582408abd04ede6db7f51"/>
  <Payload>
    <Directory name="iotBase">
-      <File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="688e293e3ccb522f6cf8a027c9ade7960f84bd0bf3a0b99812bc1fa498a2db8d" name="Example.com.iotBase.bin" size="15400"/>
+      <File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="8c6eb10211067d48734c393de37b52303658492457e6222e23dafa6b52486022" name="TpmLog.bin" size="7549"/>
    </Directory>
  </Payload>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
@ -17,14 +17,14 @@
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-        <DigestValue>e3V54WPCVKryiRHONI37GttXgePQDEYz1GGPcpity5E=</DigestValue>
+        <DigestValue>h/jXVVy84NklF+ym8qeNfDEohLKKNLhr35iZ6vage7M=</DigestValue>
      </Reference>
    </SignedInfo>
-    <SignatureValue>OMPKPXsLr0wbtQuUTlGAD9W0fkqmw8XJ3nQHc/LsRpzCZWdN/xtfxe3JleLbXcUt4PItqj1uB5Eg
+    <SignatureValue>huu759PPTMaugu+6/c3JAv/Cb6eCiRxK5i5Mx2IpptDDjbDh9P1931KPEivmG8eZHgbGRFDgUviB
-8iBWyBSy+WJYvsoROjLjZ1sUQ92jMdCO69uBjaIihn1HS2H/YnB4trjc92AUIdhoJZt9KF90IlJQ
+qHcvd4A8KpIdx1GfebPBGBVqnAHvIgAQp1ZOMFIjtYsJTFKrwG12Yc7uA8qdGLCXZ8OlEvim3P/9
-zu3HTmQfeRYs/c6Ck1k3bL1jnyWoNzhBqCuPYrZtPbv9opVP0YOxM5IjRkRgkZIDgYbh1k4WXw8O
+VECXziVXAaEdC4IlaAt86XfbK+z5r2hFKSErYJZws45x1oZcBVXo9wZd7x0EyU0rMTGQbV5QbDsP
-/iIMZuVJDfKQJSNCTAZsIbUatGDQc/nOihLHdI90wG8zu9amgrl1AEKzH8z864Fan5uuXolfAaak
+LOuWmG2t9jlR7Yu7gxJbhFrPJdI/Q6+JsmsnqKB47dVtXCp84lrlZg48S/nZ0OC62EmEHvzilx4C
-sLJl6RPCNcp+JNCXMMZiS8bmYPQnVJc1ze0I1A==</SignatureValue>
+y2fM/M0LbkZc5Ms8HD92YBsNF3UL3bHxnJT+YQ==</SignatureValue>
    <KeyInfo>
      <KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
      <KeyValue>
--- a/tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag
+++ b/tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag
@ -5,7 +5,7 @@
  <Meta xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:bindingSpec="IOT RIM" rim:bindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:rimLinkHash="88f21d8e44d4271149297404df91caf207130bfa116582408abd04ede6db7f51"/>
  <Payload>
    <Directory name="iotBase">
-      <File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="688e293e3ccb522f6cf8a027c9ade7960f84bd0bf3a0b99812bc1fa498a2db8d" name="Example.com.iotBase.bin" size="15400"/>
+      <File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="8c6eb10211067d48734c393de37b52303658492457e6222e23dafa6b52486022" name="TpmLog.bin" size="7549"/>
    </Directory>
  </Payload>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
@ -17,14 +17,14 @@
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-        <DigestValue>e3V54WPCVKryiRHONI37GttXgePQDEYz1GGPcpity5E=</DigestValue>
+        <DigestValue>h/jXVVy84NklF+ym8qeNfDEohLKKNLhr35iZ6vage7M=</DigestValue>
      </Reference>
    </SignedInfo>
-    <SignatureValue>OMPKPXsLr0wbtQuUTlGAD9W0fkqmw8XJ3nQHc/LsRpzCZWdN/xtfxe3JleLbXcUt4PItqj1uB5Eg
+    <SignatureValue>huu759PPTMaugu+6/c3JAv/Cb6eCiRxK5i5Mx2IpptDDjbDh9P1931KPEivmG8eZHgbGRFDgUviB
-8iBWyBSy+WJYvsoROjLjZ1sUQ92jMdCO69uBjaIihn1HS2H/YnB4trjc92AUIdhoJZt9KF90IlJQ
+qHcvd4A8KpIdx1GfebPBGBVqnAHvIgAQp1ZOMFIjtYsJTFKrwG12Yc7uA8qdGLCXZ8OlEvim3P/9
-zu3HTmQfeRYs/c6Ck1k3bL1jnyWoNzhBqCuPYrZtPbv9opVP0YOxM5IjRkRgkZIDgYbh1k4WXw8O
+VECXziVXAaEdC4IlaAt86XfbK+z5r2hFKSErYJZws45x1oZcBVXo9wZd7x0EyU0rMTGQbV5QbDsP
-/iIMZuVJDfKQJSNCTAZsIbUatGDQc/nOihLHdI90wG8zu9amgrl1AEKzH8z864Fan5uuXolfAaak
+LOuWmG2t9jlR7Yu7gxJbhFrPJdI/Q6+JsmsnqKB47dVtXCp84lrlZg48S/nZ0OC62EmEHvzilx4C
-sLJl6RPCNcp+JNCXMMZiS8bmYPQnVJc1ze0I1A==</SignatureValue>
+y2fM/M0LbkZc5Ms8HD92YBsNF3UL3bHxnJT+YQ==</SignatureValue>
    <KeyInfo>
      <X509Data>
        <X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName>
--- a/tools/tcg_rim_tool/src/test/resources/privateRimKey.pem
+++ b/tools/tcg_rim_tool/src/test/resources/privateRimKey.pem
@ -0,0 +1,28 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCndZVhpEkbsQAG
 NsB2oNhlcVJNXWcdj06X0Dn5by3nHAFcGvJkIZbEREavkCvIpY/F36rOOP5wWnHG
 Qzo3XyMSFAjH8IRl48QmqmW4E7nDbBMQ57uGq0xq2qAMMx4NHFS4ik/wsY/TS+HX
 DIMUV7D3R3129Pdtwu8WHdrdqn1tObpoGo+6nkJenOvAhTbBl+CQPK1hUGb7xseQ
 xpSuCk3Iz7kECDbOX8WrDSqi2Noavs/Nsf66sK9oZsosw+haRUsiAATxDD3wdN+h
 hIUcLtVhDJKvMiKdo4EVKBWJHvaQd6YfaVaMNB4eJjRUig+KT+NVUimNZ7rPN5nZ
 LrpD8uaNAgMBAAECggEAcnG8npd9U0x7HMQMcsZoPaPdwHvF/gCzkLNA+8RM1bZh
 A4ZzA5WlCQs0V8Wq9pyXjn7Wp8txsG1PdlT5k2AUgsVoXuR0R4IKyvYHQG9StEjH
 GvWURmwJdLlnSg8hSYqEJ/52taNUDO6+MI8fgiaQDd8w0ryF4OCpLy9GJdnfkGYZ
 Ayemb3USFUdj/S67NVqxnvAfFMM5FqkKGhkoy7wBRgO6eOeJvoTq8LMiPiponwwF
 DW409ZStbrk1f1Oszst/UvFUWA9BdDfeoPmFR61y3eB5zlMQG8Mhr2v5hvkj9TPX
 FU4Fm4EzZ1h/60cdWoP6XYCP7F2NqZ8N8u4UBQNAIQKBgQDcGIw5GJEvRF+FFTTR
 hYatMRn80DGTVjdT32MgajdKx05OWxBmQsFob34fiSnr0wAXPJeDXG4ruMBE2bSk
 EC8rCO08G8ihQoH8x0cvuERe1fpVWk3RWNucVGIiJSEXAIwWrlYZLTfYd5GqBkPE
 OQxxo4MtOyqeHmVH1mOywk9ABQKBgQDCxt95luzqQZV9Xl78QQvOIbjOdHLjY23Z
 yp8sGt9birL/WZ33TCRgmH1e61BdrSqO7Om/ail2Y59XM5UU6kLbDj0IgmOPTsrJ
 JmIVf8r3bKltVUaLePgr4yex7dmtHRH8OkLXKnE0RCO0kCi9kJMB12yE3pWxk+Pu
 zztQd3a66QKBgBNJd2g9deONe01fOVyu9clRhzR3ThDaOkj4R2h8xlGgO4V0R3Ce
 ovIy6vt6epj2yYg/wAs720+rhfXCmijSXj/ILXnZ+W/gMyHimKNe42boG2LFYhJZ
 Vg1R+7OAS3EHlD8ckeDs7Hrkp3gdymx0j1mZ+ZHKIIbwpPFxoRT2IBm9AoGBAI0Z
 bIK0puP8psKvPrgWluq42xwUl7XKLaX8dtqIjQ3PqGP7E8g2TJP9Y7UDWrDB5Xas
 gZi821R8Ts3o/DKukcgGxIgJjP4f4h9dwug4L1yWRxaBFB2tgHqqj/MBjxMtX/4M
 Zqdgg6mNQyBm3lyVAynuWRrX9DE0JYa2cQ2VvVkhAoGBAMBv/oT813w00759PmkO
 Uxv3LXTJuYBbq0Rmga25jN3ow8LrGQdSVg7F/af3I5KUF7mLiegDy1pkRfauyXH7
 +WhEqnf86vDrzPpytDMxinWOQZusCqeWHb+nuVTuL3Fv+GxEdwVGYI/7lFJ7B//h
 P5rU93ZoYY7sWcGVqaaEkMRU
 -----END PRIVATE KEY-----
--- a/tools/tcg_rim_tool/tcg_rim_tool.spec
+++ b/tools/tcg_rim_tool/tcg_rim_tool.spec
@ -16,17 +16,25 @@ This tool will generate a root RIM file for PC clients in accordance with the sc
 %prep
 %setup -q -c -n %{name}
 %pre
 rm -f /opt/hirs/rimtool/%{name}*.jar
 %build
 ./gradlew build
 %install
-mkdir -p %{buildroot}/opt/hirs/rim/
+mkdir -p %{buildroot}/opt/hirs/rimtool/
-cp build/libs/%{name}-%{version}.jar %{buildroot}/opt/hirs/rim/
+cp build/libs/%{name}-%{version}.jar %{buildroot}/opt/hirs/rimtool/
 cp ./rim_fields.json %{buildroot}/opt/hirs/rimtool/
 cp ./keystore.jks %{buildroot}/opt/hirs/rimtool/
 %files
-/opt/hirs/rim/%{name}-%{version}.jar
+/opt/hirs/rimtool/%{name}-%{version}.jar
 /opt/hirs/rimtool/rim_fields.json
 /opt/hirs/rimtool/keystore.jks
 %changelog
 * Mon Jun 15 2020 chubtub
 - First release
 * Mon Jan 6 2020 chubtub
 - First change