ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-04-07 19:34:27 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Made some changes for using just the RIM Hash to pull support rims from the database to associated with the swid tag. Changed the rim hash from and int to a string.

Browse Source
This commit is contained in:
Cyrus 2021-03-25 13:28:31 -04:00
parent c290ba25be
commit a6c6fbfb31
6 changed files with 141 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -94,7 +94,6 @@ import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashSet;
@ -713,7 +712,8 @@ public abstract class AbstractAttestationCertificateAuthority
* @return a HIRS Utils DeviceInfoReport representation of device info
*/
@SuppressWarnings("methodlength")
private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) {
private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim)
throws NoSuchAlgorithmException {
ProvisionerTpm2.DeviceInfo dv = claim.getDv();
// Get network info
@ -778,16 +778,21 @@ public abstract class AbstractAttestationCertificateAuthority
String fileName = "";
Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)");
Matcher matcher;
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
if (dv.getSwidfileCount() > 0) {
for (ByteString swidFile : dv.getSwidfileList()) {
try {
dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
.includeArchived()
.byHashCode(Arrays.hashCode(swidFile.toByteArray()))
.byHashCode(Hex.encodeHexString(messageDigest.digest(
swidFile.toByteArray())))
.getRIM();
if (dbBaseRim == null) {
/**
* This has to change, each log file can't have the same name
*/
dbBaseRim = new BaseReferenceManifest(
String.format("%s.swidtag",
clientName),
@ -829,10 +834,14 @@ public abstract class AbstractAttestationCertificateAuthority
try {
support = SupportReferenceManifest.select(referenceManifestManager)
.includeArchived()
.byHashCode(Arrays.hashCode(logFile.toByteArray()))
.byHashCode(Hex.encodeHexString(messageDigest.digest(
logFile.toByteArray())))
.getRIM();
if (support == null) {
/**
* This has to change, each log file can't have the same name
*/
support = new SupportReferenceManifest(
String.format("%s.rimel",
clientName),
@ -856,6 +865,15 @@ public abstract class AbstractAttestationCertificateAuthority
this.referenceManifestManager.update(support);
}
// all of this has to be moved somewhere else
/**
* Because the log file we get isn't promised to be the baseline support rim.
* If it is a patch of supplemental we have to check that the baseline
* has been done
* and those entires can't become the baseline
*
* However, we don't know which log file is what until we link them to a swidtag
*/
ReferenceDigestRecord dbObj = new ReferenceDigestRecord(support,
hw.getManufacturer(), hw.getProductName());
// this is where we update or create the log
@ -937,7 +955,13 @@ public abstract class AbstractAttestationCertificateAuthority
}
private Device processDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) {
DeviceInfoReport deviceInfoReport = parseDeviceInfo(claim);
DeviceInfoReport deviceInfoReport = null;
try {
deviceInfoReport = parseDeviceInfo(claim);
} catch (NoSuchAlgorithmException noSaEx) {
LOG.error(noSaEx);
}
if (deviceInfoReport == null) {
LOG.error("Failed to deserialize Device Info Report");

45
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -1,5 +1,9 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams;
import hirs.data.persist.BaseReferenceManifest;
import hirs.data.persist.EventLogMeasurements;
import hirs.data.persist.ReferenceManifest;
@ -10,23 +14,6 @@ import hirs.persist.CertificateManager;
import hirs.persist.DBManagerException;
import hirs.persist.ReferenceManifestManager;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.ArrayList;
import java.util.Set;
import java.util.UUID;
import hirs.tpm.eventlog.TpmPcrEvent;
import hirs.utils.ReferenceManifestValidator;
import org.apache.logging.log4j.LogManager;
@ -37,6 +24,18 @@ import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.UUID;
/**
* Controller for the Reference Manifest Details page.
*/
@ -187,16 +186,8 @@ public class ReferenceManifestDetailsPageController
} else {
data.put("swidCorpus", "False");
}
if (baseRim.isSwidPatch() == 1) {
data.put("swidPatch", "True");
} else {
data.put("swidPatch", "False");
}
if (baseRim.isSwidSupplemental() == 1) {
data.put("swidSupplemental", "True");
} else {
data.put("swidSupplemental", "False");
}
data.put("swidPatch", baseRim.isSwidPatch());
data.put("swidSupplemental", baseRim.isSwidSupplemental());
data.put("swidTagId", baseRim.getTagId());
// Entity
data.put("entityName", baseRim.getEntityName());

46
HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java
View File

@ -45,10 +45,6 @@ public class BaseReferenceManifest extends ReferenceManifest {
@Column
private int swidCorpus = 0;
@Column
private int swidPatch = 0;
@Column
private int swidSupplemental = 0;
@Column
private String colloquialVersion = null;
@Column
private String product = null;
@ -159,8 +155,8 @@ public class BaseReferenceManifest extends ReferenceManifest {
setTagId(si.getTagId());
this.swidName = si.getName();
this.swidCorpus = si.isCorpus() ? 1 : 0;
this.swidPatch = si.isPatch() ? 1 : 0;
this.swidSupplemental = si.isSupplemental() ? 1 : 0;
this.setSwidPatch(si.isPatch());
this.setSwidSupplemental(si.isSupplemental());
this.swidVersion = si.getVersion();
if (si.getTagVersion() != null) {
this.setSwidTagVersion(si.getTagVersion().toString());
@ -475,42 +471,6 @@ public class BaseReferenceManifest extends ReferenceManifest {
this.swidCorpus = swidCorpus;
}
/**
* Getter for the patch flag.
*
* @return int flag for the patch flag
*/
public int isSwidPatch() {
return swidPatch;
}
/**
* Setter for the patch flag.
*
* @param swidPatch int value
*/
public void setSwidPatch(final int swidPatch) {
this.swidPatch = swidPatch;
}
/**
* Getter for the supplemental flag.
*
* @return int flag for the supplemental flag
*/
public int isSwidSupplemental() {
return swidSupplemental;
}
/**
* Setter for the supplemental flag.
*
* @param swidSupplemental int value
*/
public void setSwidSupplemental(final int swidSupplemental) {
this.swidSupplemental = swidSupplemental;
}
/**
* Getter for the Entity Name.
*
@ -822,7 +782,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
return String.format("ReferenceManifest{swidName=%s,"
+ "platformManufacturer=%s,"
+ " platformModel=%s,"
+ "tagId=%s, rimHash=%d}",
+ "tagId=%s, rimHash=%s}",
swidName, this.getPlatformManufacturer(),
this.getPlatformModel(), getTagId(), this.getRimHash());
}

78
HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
View File

@ -1,23 +1,25 @@
package hirs.data.persist;
import java.util.Arrays;
import java.util.UUID;
import javax.persistence.Access;
import javax.persistence.AccessType;
import javax.persistence.Column;
import javax.persistence.Entity;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.google.common.base.Preconditions;
import org.apache.commons.codec.binary.Hex;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.annotations.Type;
import javax.persistence.Access;
import javax.persistence.AccessType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table;
import javax.xml.XMLConstants;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.UUID;
/**
* This class represents the Reference Integrity Manifest object that will be
@ -68,7 +70,7 @@ public abstract class ReferenceManifest extends ArchivableEntity {
public static final String RIM_HASH_FIELD = "rimHash";
@Column(nullable = false)
@JsonIgnore
private final int rimHash;
private final String rimHash;
@Column(columnDefinition = "blob", nullable = false)
@JsonIgnore
private byte[] rimBytes;
@ -77,6 +79,10 @@ public abstract class ReferenceManifest extends ArchivableEntity {
@Column
private String tagId = null;
@Column
private boolean swidPatch = false;
@Column
private boolean swidSupplemental = false;
@Column
private String platformManufacturer = null;
@Column
private String platformManufacturerId = null;
@ -96,7 +102,7 @@ public abstract class ReferenceManifest extends ArchivableEntity {
protected ReferenceManifest() {
super();
this.rimBytes = null;
this.rimHash = 0;
this.rimHash = "";
this.rimType = null;
this.platformManufacturer = null;
this.platformManufacturerId = null;
@ -118,7 +124,19 @@ public abstract class ReferenceManifest extends ArchivableEntity {
"Cannot construct a RIM from an empty byte array");
this.rimBytes = rimBytes.clone();
this.rimHash = Arrays.hashCode(this.rimBytes);
MessageDigest digest = null;
try {
digest = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException noSaEx) {
LOGGER.error(noSaEx);
}
if (digest == null) {
this.rimHash = "";
} else {
this.rimHash = Hex.encodeHexString(
digest.digest(rimBytes));
}
}
/**
@ -245,6 +263,42 @@ public abstract class ReferenceManifest extends ArchivableEntity {
this.tagId = tagId;
}
/**
* Getter for the patch flag.
*
* @return int flag for the patch flag
*/
public boolean isSwidPatch() {
return swidPatch;
}
/**
* Setter for the patch flag.
*
* @param swidPatch int value
*/
public void setSwidPatch(final boolean swidPatch) {
this.swidPatch = swidPatch;
}
/**
* Getter for the supplemental flag.
*
* @return int flag for the supplemental flag
*/
public boolean isSwidSupplemental() {
return swidSupplemental;
}
/**
* Setter for the supplemental flag.
*
* @param swidSupplemental int value
*/
public void setSwidSupplemental(final boolean swidSupplemental) {
this.swidSupplemental = swidSupplemental;
}
/**
* Getter for the associated RIM DB ID.
* @return UUID for the rim
@ -279,13 +333,13 @@ public abstract class ReferenceManifest extends ArchivableEntity {
*
* @return int representation of the hash value
*/
public int getRimHash() {
public String getRimHash() {
return rimHash;
}
@Override
public int hashCode() {
return getRimHash();
return Arrays.hashCode(this.rimBytes);
}
@Override

20
HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java
View File

@ -78,6 +78,26 @@ public class SupportReferenceManifest extends ReferenceManifest {
setFieldValue(PLATFORM_MODEL, model);
return this;
}
/**
* Specify the file name that rims should have.
* @param fileName the name of the file associated with the rim
* @return this instance
*/
public Selector byFileName(final String fileName) {
setFieldValue(RIM_FILENAME_FIELD, fileName);
return this;
}
/**
* Specify the RIM hash associated with the support RIM.
* @param rimHash the hash of the file associated with the rim
* @return this instance
*/
public Selector byRimHash(final String rimHash) {
setFieldValue(RIM_HASH_FIELD, rimHash);
return this;
}
}
/**

7
HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java
View File

@ -37,8 +37,11 @@ public abstract class ReferenceManifestSelector<T extends ReferenceManifest> {
* String representing the database field for the model.
*/
public static final String PLATFORM_MODEL = "platformModel";
/**
* String representing the database field for the filename.
*/
public static final String RIM_FILENAME_FIELD = "fileName";
private static final String RIM_TYPE_FIELD = "rimType";
private static final String RIM_FILENAME_FIELD = "fileName";
private final ReferenceManifestManager referenceManifestManager;
private final Class<T> referenceTypeClass;
@ -100,7 +103,7 @@ public abstract class ReferenceManifestSelector<T extends ReferenceManifest> {
* @param rimHash the hash code of the bytes to query for
* @return this instance (for chaining further calls)
*/
public ReferenceManifestSelector<T> byHashCode(final int rimHash) {
public ReferenceManifestSelector<T> byHashCode(final String rimHash) {
setFieldValue(hirs.data.persist.ReferenceManifest.RIM_HASH_FIELD, rimHash);
return this;
}