From a54471344871378fb24b7d1d0f58618dfa6e4cf6 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Tue, 9 Apr 2024 18:02:53 -0400 Subject: [PATCH] parsing event --- .../events/DeviceSecurityEventData.java | 99 +++++++++++++++++++ .../events/EvEfiSpdmFirmwareBlob.java | 42 ++++---- 2 files changed, 120 insertions(+), 21 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java index d4de40af..c2d74566 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java @@ -37,5 +37,104 @@ import java.util.List; * 4. First 16 bytes of the structure header is an ASCII "SPDM Device Sec" */ public class DeviceSecurityEventData { +// /** +// * Minor Version. +// */ +// @Getter +// private String versionMinor = ""; +// /** +// * Major Version. +// */ +// @Getter +// private String versionMajor = ""; +// /** +// * Specification errata version. +// */ +// @Getter +// private String errata = ""; + /** + * Signature (text) data. + */ + @Getter + private String signature = ""; + /** + * Platform class. + */ + @Getter + private String version = ""; +// /** +// * Algorithm count. +// */ +// @Getter +// private int numberOfAlg = 0; +// /** +// * True if event log uses Crypto Agile format. +// */ +// @Getter +// private boolean cryptoAgile = false; +// /** +// * Algorithm list. +// */ +// private List algList; + /** + * DeviceSecurityEventData Constructor. + * + * @param deviceSecurityEventDataBytes byte array holding the spec ID Event. + */ + public DeviceSecurityEventData(final byte[] deviceSecurityEventDataBytes) { +// algList = new ArrayList<>(); + byte[] signatureBytes = new byte[UefiConstants.SIZE_16]; + System.arraycopy(deviceSecurityEventDataBytes, 0, signatureBytes, 0, UefiConstants.SIZE_16); + //signature = HexUtils.byteArrayToHexString(signatureBytes); + signature = new String(signatureBytes, StandardCharsets.UTF_8) + .substring(0, UefiConstants.SIZE_15); + + byte[] versionBytes = new byte[UefiConstants.SIZE_4]; + System.arraycopy(deviceSecurityEventDataBytes, UefiConstants.OFFSET_16, versionBytes, 0, + UefiConstants.SIZE_4); + version = HexUtils.byteArrayToHexString(versionBytes); + + if (version == "1") { + + } else if (version == "2") { + + } + +// byte[] platformClassBytes = new byte[UefiConstants.SIZE_4]; +// System.arraycopy(efiSpecId, UefiConstants.OFFSET_16, platformClassBytes, 0, +// UefiConstants.SIZE_4); +// platformClass = HexUtils.byteArrayToHexString(platformClassBytes); +// +// byte[] specVersionMinorBytes = new byte[1]; +// System.arraycopy(efiSpecId, UefiConstants.OFFSET_20, specVersionMinorBytes, 0, 1); +// versionMinor = HexUtils.byteArrayToHexString(specVersionMinorBytes); +// +// byte[] specVersionMajorBytes = new byte[1]; +// System.arraycopy(efiSpecId, UefiConstants.OFFSET_21, specVersionMajorBytes, 0, 1); +// versionMajor = HexUtils.byteArrayToHexString(specVersionMajorBytes); +// +// byte[] specErrataBytes = new byte[1]; +// System.arraycopy(efiSpecId, UefiConstants.OFFSET_22, specErrataBytes, 0, 1); +// errata = HexUtils.byteArrayToHexString(specErrataBytes); +// +// byte[] numberOfAlgBytes = new byte[UefiConstants.SIZE_4]; +// System.arraycopy(efiSpecId, UefiConstants.OFFSET_24, numberOfAlgBytes, 0, +// UefiConstants.SIZE_4); +// numberOfAlg = HexUtils.leReverseInt(numberOfAlgBytes); +// +// byte[] algorithmIDBytes = new byte[UefiConstants.SIZE_2]; +// int algLocation = UefiConstants.SIZE_28; +// for (int i = 0; i < numberOfAlg; i++) { +// System.arraycopy(efiSpecId, algLocation + UefiConstants.OFFSET_4 * i, algorithmIDBytes, +// 0, UefiConstants.SIZE_2); +// String alg = TcgTpmtHa.tcgAlgIdToString(HexUtils.leReverseInt(algorithmIDBytes)); +// algList.add(alg); +// } +// if ((algList.size() == 1) && (algList.get(0).compareTo("SHA1") == 0)) { +// cryptoAgile = false; +// } else { +// cryptoAgile = true; +// } + } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java index e4fb7150..42920012 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java @@ -55,22 +55,22 @@ public class EvEfiSpdmFirmwareBlob { */ public EvEfiSpdmFirmwareBlob(final byte[] eventData) throws UnsupportedEncodingException { byte[] signatureBytes = new byte[UefiConstants.SIZE_15]; -// System.arraycopy(eventData, 0, signatureBytes, 0, UefiConstants.SIZE_15); -// signature = new String(signatureBytes, StandardCharsets.UTF_8); -// signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters -// if (signature.contains("Spec ID Event03")) { // implies CryptAgileFormat -// specIDEvent = new EvEfiSpecIdEvent(eventData); -// bSpecIDEvent = true; -// } + System.arraycopy(eventData, 0, signatureBytes, 0, UefiConstants.SIZE_15); + signature = new String(signatureBytes, StandardCharsets.UTF_8); + signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters + if (signature.contains("SPDM Device Sec")) { // implies Device Security event + deviceSecurityEventData = new DeviceSecurityEventData(eventData); + bDeviceSecurityEventData = true; + } } /** - * Determines if this event is a SpecIDEvent. + * Determines if this event is a DeviceSecurityEventData. * - * @return true of the event is a SpecIDEvent. + * @return true of the event is a DeviceSecurityEventData. */ - public boolean isDeviceSecurityEventDataHeader() { - return bDeviceSecurityEventDataHeader; + public boolean isDeviceSecurityEventData() { + return bDeviceSecurityEventData; } /** @@ -78,10 +78,10 @@ public class EvEfiSpdmFirmwareBlob { * * @return Human readable description of this event. */ -// public String toString() { -// String specInfo = ""; -// if (bSpecIDEvent) { -// specInfo += " Signature = Spec ID Event03 : "; + public String toString() { + String specInfo = ""; + if (bDeviceSecurityEventData) { + specInfo += " Signature = SPDM Device Sec : "; // if (specIDEvent.isCryptoAgile()) { // specInfo += "Log format is Crypto Agile\n"; // } else { @@ -90,10 +90,10 @@ public class EvEfiSpdmFirmwareBlob { // specInfo += " Platform Profile Specification version = " // + specIDEvent.getVersionMajor() + "." + specIDEvent.getVersionMinor() // + " using errata version " + specIDEvent.getErrata(); -// } else { -// specInfo = "EV_NO_ACTION event named " + signature -// + " encountered but support for processing it has not been added to this application.\n"; -// } -// return specInfo; -// } + } else { + specInfo = "EV_EFI_SPDM_FIRMWARE_BLOB event named " + signature + + " encountered but support for processing it has not been added to this application.\n"; + } + return specInfo; + } }