ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

added command line log parser

Browse Source
This commit is contained in:
iadgovuser26 2020-05-01 18:11:34 -04:00
parent 7a9dc26df5
commit a7d57f92d9
14 changed files with 869 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java
View File

@ -157,6 +157,13 @@ public final class TCGEventLog {
return pcrs;
}
/**
* Returns a list of event found in the Event Log.
* @return an arraylist of event.
*/
public ArrayList<TpmPcrEvent> getEventList() {
return eventList;
}
/**
* Returns a single PCR value given an index (PCR Number).
*
@ -167,4 +174,15 @@ public final class TCGEventLog {
return HexUtils.byteArrayToHexString(pcrList[index]);
}
/**
* Human readable string representing the contents of the Event Log.
* @return Description of the log.
*/
public String toString() {
StringBuilder sb = new StringBuilder();
for (TpmPcrEvent event:eventList) {
sb.append(event.toString() + "\n");
}
return sb.toString();
}
}

17
HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLogProcessor.java
View File

@ -5,6 +5,7 @@ import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import hirs.data.persist.TPMMeasurementRecord;
import hirs.data.persist.TpmWhiteListBaseline;
@ -85,6 +86,14 @@ public class TCGEventLogProcessor {
return algorithm;
}
/**
* Returns a list of event found in the Event Log.
* @return an arraylist of event.
*/
public ArrayList<TpmPcrEvent> getEventList() {
return tcgLog.getEventList();
}
/**
* Returns the TCG Algorithm Registry defined ID for the Digest Algorithm
* used in the event log.
@ -144,4 +153,12 @@ public class TCGEventLogProcessor {
return sig.equals("Spec ID Event03");
}
/**
* Human readable string representing the contents of the Event Log.
* @return Description of the log.
*/
public String toString() {
return tcgLog.toString();
}
}

148
HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java
View File

@ -57,12 +57,12 @@ public class TpmPcrEvent {
private String version = "Unknown";
/** TCG Event Log errata version. */
private String errata = "Unknown";
/** Description for toString support. */
private String description = "";
/** Length (in bytes) of a pcr. */
private int digestLength = 0;
/** Event Number. */
private int eventNumber = 1;
/** Index. */
private int index = -1;
/** Event Contents flag. */
private boolean bEvContent = false;
/** Event hash for SHA1 event logs. */
@ -148,7 +148,7 @@ public class TpmPcrEvent {
* @param type byte array holding the PFP defined log event type
*/
protected void setEventType(final byte[] type) {
eventType = new BigInteger(HexUtils.leReverseByte(type)).longValue();
eventType = new BigInteger(1, HexUtils.leReverseByte(type)).longValue();
}
/**
@ -187,7 +187,7 @@ public class TpmPcrEvent {
*/
protected void setEventContent(final byte[] eventData) {
eventContent = new byte[eventData.length];
System.arraycopy(eventContent, 0, eventData, 0, eventData.length);
System.arraycopy(eventData, 0, eventContent, 0, eventData.length);
}
/**
@ -230,11 +230,10 @@ public class TpmPcrEvent {
*/
public String processEvent(final byte[] event, final byte[] eventContent)
throws CertificateException, NoSuchAlgorithmException, IOException {
String description = "";
int eventID = (int) eventType;
description += "Event# " + eventNumber++ + ": ";
description += "Index PCR[" + this.index + "]\n";
description += "Event Type: 0x" + this.eventType + " " + eventString(eventID);
description += "Index PCR[" + getPcrIndex() + "]\n";
description += "Event Type: 0x" + Long.toHexString(eventType) + " " + eventString(eventID);
description += "\n";
if (logFormat == 1) { // Digest
description += "digest (SHA-1): " + HexUtils.byteArrayToHexString(this.digest) + "\n";
@ -276,17 +275,14 @@ public class TpmPcrEvent {
description += "Seperator event content = " + seperatorEventData + "\n";
}
}
description += eventHashCheck();
break;
case EvConstants.EV_ACTION:
description += "Event Content:\n"
+ new String(eventContent, StandardCharsets.UTF_8) + "\n";
description += eventHashCheck();
break;
case EvConstants.EV_EVENT_TAG:
EvEventTag eventTag = new EvEventTag(eventContent);
description += eventTag.toString() + "\n";
description += eventHashCheck();
break;
case EvConstants.EV_S_CRTM_CONTENTS:
EvSCrtmContents sCrtmContents = new EvSCrtmContents(eventContent);
@ -295,19 +291,16 @@ public class TpmPcrEvent {
case EvConstants.EV_S_CRTM_VERSION:
EvSCrtmVersion sCrtmVersion = new EvSCrtmVersion(eventContent);
description += "Event Content:\n" + sCrtmVersion.toString() + "\n";
description += eventHashCheck();
break;
case EvConstants.EV_CPU_MICROCODE:
break;
case EvConstants.EV_PLATFORM_CONFIG_FLAGS:
description += eventHashCheck();
break;
case EvConstants.EV_TABLE_OF_DEVICES:
break;
case EvConstants.EV_COMPACT_HASH:
EvCompactHash compactHash = new EvCompactHash(eventContent);
description += "Event Content:\n" + compactHash.toString() + "\n";
description += eventHashCheck();
break;
case EvConstants.EV_IPL:
EvIPL ipl = new EvIPL(eventContent);
@ -328,11 +321,9 @@ public class TpmPcrEvent {
case EvConstants.EV_EFI_VARIABLE_DRIVER_CONFIG:
UefiVariable efiVar = new UefiVariable(eventContent);
description += "Event Content:\n" + efiVar.toString();
description += eventHashCheck();
break;
case EvConstants.EV_EFI_VARIABLE_BOOT:
description += "Event Content:\n" + new UefiVariable(eventContent).toString();
description += eventHashCheck();
break;
case EvConstants.EV_EFI_BOOT_SERVICES_APPLICATION:
EvEfiBootServicesApp bootServices = new EvEfiBootServicesApp(eventContent);
@ -346,11 +337,9 @@ public class TpmPcrEvent {
break;
case EvConstants.EV_EFI_GPT_EVENT:
description += "Event Content:\n" + new EvEfiGptPartition(eventContent).toString();
description += eventHashCheck();
break;
case EvConstants.EV_EFI_ACTION:
description += new String(eventContent, StandardCharsets.UTF_8) + "\n";
description += eventHashCheck();
break;
case EvConstants.EV_EFI_PLATFORM_FIRMWARE_BLOB:
description += "Event Content:\n"
@ -382,62 +371,73 @@ public class TpmPcrEvent {
* @return TCG defined String that represents the event id
*/
private static String eventString(final long event) {
String evString = "";
long tmpEvent = event;
Long longEvent = Long.valueOf(tmpEvent & SIGN_MASK); // Remove signed extension
Long intEvent = Long.valueOf(tmpEvent & INT_MASK); // truncate to an int value
// Check to see if value is larger than an int, if it is then truncate the value
if (longEvent.longValue() > (long) Integer.MAX_VALUE) {
switch (intEvent.intValue()) {
case EvConstants.EV_EFI_EVENT_BASE: evString = "EV_EFI_EVENT_BASE"; break;
case EvConstants.EV_EFI_VARIABLE_DRIVER_CONFIG:
evString = "EV_EFI_VARIABLE_DRIVER_CONFIG"; break;
case EvConstants.EV_EFI_VARIABLE_BOOT:
evString = "EV_EFI_VARIABLE_BOOT"; break;
case EvConstants.EV_EFI_BOOT_SERVICES_APPLICATION:
evString = "EV_EFI_BOOT_SERVICES_APPLICATION"; break;
case EvConstants.EV_EFI_BOOT_SERVICES_DRIVER:
evString = "EV_EFI_BOOT_SERVICES_DRIVER"; break;
case EvConstants.EV_EFI_RUNTIME_SERVICES_DRIVER:
evString = "EV_EFI_RUNTIME_SERVICES_DRIVER"; break;
case EvConstants.EV_EFI_GPT_EVENT: evString = "EV_EFI_GPT_EVENT"; break;
case EvConstants.EV_EFI_ACTION: evString = "EV_EFI_ACTION"; break;
case EvConstants.EV_EFI_PLATFORM_FIRMWARE_BLOB:
evString = "EV_EFI_PLATFORM_FIRMWARE_BLOB"; break;
case EvConstants.EV_EFI_HANDOFF_TABLES: evString = "EV_EFI_HANDOFF_TABLES"; break;
case EvConstants.EV_EFI_HCRTM_EVENT: evString = "EV_EFI_HCRTM_EVENT"; break;
case EvConstants.EV_EFI_VARIABLE_AUTHORITY:
evString = "EV_EFI_VARIABLE_AUTHORITY"; break;
default: evString = "Unknown Event ID " + event + " encountered";
}
if (event == EvConstants.EV_PREBOOT_CERT) {
return "EV_PREBOOT_CERT";
} else if (event == EvConstants.EV_POST_CODE) {
return "EV_POST_CODE";
} else if (event == EvConstants.EV_UNUSED) {
return "EV_Unused";
} else if (event == EvConstants.EV_NO_ACTION) {
return "EV_NO_ACTION";
} else if (event == EvConstants.EV_SEPARATOR) {
return "EV_SEPARATOR";
} else if (event == EvConstants.EV_ACTION) {
return "EV_ACTION";
} else if (event == EvConstants.EV_EVENT_TAG) {
return "EV_EVENT_TAG";
} else if (event == EvConstants.EV_S_CRTM_CONTENTS) {
return "EV_S_CRTM_CONTENTS";
} else if (event == EvConstants.EV_S_CRTM_VERSION) {
return "EV_S_CRTM_VERSION";
} else if (event == EvConstants.EV_CPU_MICROCODE) {
return "EV_CPU_MICROCODE";
} else if (event == EvConstants.EV_PLATFORM_CONFIG_FLAGS) {
return "EV_PLATFORM_CONFIG_FLAGS ";
} else if (event == EvConstants.EV_TABLE_OF_DEVICES) {
return "EV_TABLE_OF_DEVICES";
} else if (event == EvConstants.EV_COMPACT_HASH) {
return "EV_COMPACT_HASH";
} else if (event == EvConstants.EV_IPL) {
return "EV_IPL";
} else if (event == EvConstants.EV_IPL_PARTITION_DATA) {
return "EV_IPL_PARTITION_DATA";
} else if (event == EvConstants.EV_NONHOST_CODE) {
return "EV_NONHOST_CODE";
} else if (event == EvConstants.EV_NONHOST_CONFIG) {
return "EV_NONHOST_CONFIG";
} else if (event == EvConstants.EV_NONHOST_INFO) {
return "EV_NONHOST_INFO";
} else if (event == EvConstants.EV_EV_OMIT_BOOT_DEVICES_EVENTS) {
return "EV_EV_OMIT_BOOT_DEVICES_EVENTS";
} else if (event == EvConstants.EV_EFI_EVENT_BASE) {
return "EV_EFI_EVENT_BASE";
} else if (event == EvConstants.EV_EFI_VARIABLE_DRIVER_CONFIG) {
return "EV_EFI_VARIABLE_DRIVER_CONFIG";
} else if (event == EvConstants.EV_EFI_VARIABLE_BOOT) {
return "EV_EFI_VARIABLE_BOOT";
} else if (event == EvConstants.EV_EFI_BOOT_SERVICES_APPLICATION) {
return "EV_EFI_BOOT_SERVICES_APPLICATION";
} else if (event == EvConstants.EV_EFI_BOOT_SERVICES_DRIVER) {
return "EV_EFI_BOOT_SERVICES_DRIVER";
} else if (event == EvConstants.EV_EFI_RUNTIME_SERVICES_DRIVER) {
return "EV_EFI_RUNTIME_SERVICES_DRIVER";
} else if (event == EvConstants.EV_EFI_GPT_EVENT) {
return "EV_EFI_GPT_EVENT";
} else if (event == EvConstants.EV_EFI_ACTION) {
return "EV_EFI_ACTION";
} else if (event == EvConstants.EV_EFI_PLATFORM_FIRMWARE_BLOB) {
return "EV_EFI_PLATFORM_FIRMWARE_BLOB";
} else if (event == EvConstants.EV_EFI_HANDOFF_TABLES) {
return "EV_EFI_HANDOFF_TABLES";
} else if (event == EvConstants.EV_EFI_HCRTM_EVENT) {
return "EV_EFI_HCRTM_EVENT";
} else if (event == EvConstants.EV_EFI_VARIABLE_AUTHORITY) {
return "EV_EFI_VARIABLE_AUTHORITY";
} else {
switch (intEvent.intValue()) {
case EvConstants.EV_PREBOOT_CERT: evString = "EV_PREBOOT_CERT"; break;
case EvConstants.EV_POST_CODE: evString = "EV_POST_CODE"; break;
case EvConstants.EV_UNUSED: evString = "EV_Unused"; break;
case EvConstants.EV_NO_ACTION: evString = "EV_NO_ACTION"; break;
case EvConstants.EV_SEPARATOR: evString = "EV_SEPARATOR"; break;
case EvConstants.EV_ACTION: evString = "EV_ACTION"; break;
case EvConstants.EV_EVENT_TAG: evString = "EV_EVENT_TAG"; break;
case EvConstants.EV_S_CRTM_CONTENTS: evString = "EV_S_CRTM_CONTENTS"; break;
case EvConstants.EV_S_CRTM_VERSION: evString = "EV_S_CRTM_VERSION"; break;
case EvConstants.EV_CPU_MICROCODE: evString = "EV_CPU_MICROCODE"; break;
case EvConstants.EV_PLATFORM_CONFIG_FLAGS: evString = "EV_PLATFORM_CONFIG_FLAGS ";
break;
case EvConstants.EV_TABLE_OF_DEVICES: evString = "EV_TABLE_OF_DEVICES"; break;
case EvConstants.EV_COMPACT_HASH: evString = "EV_COMPACT_HASH"; break;
case EvConstants.EV_IPL: evString = "EV_IPL"; break;
case EvConstants.EV_IPL_PARTITION_DATA: evString = "EV_IPL_PARTITION_DATA"; break;
case EvConstants.EV_NONHOST_CODE: evString = "EV_NONHOST_CODE"; break;
case EvConstants.EV_NONHOST_CONFIG: evString = "EV_NONHOST_CONFIG"; break;
case EvConstants.EV_NONHOST_INFO: evString = "EV_NONHOST_INFO"; break;
case EvConstants.EV_EV_OMIT_BOOT_DEVICES_EVENTS:
evString = "EV_EV_OMIT_BOOT_DEVICES_EVENTS"; break;
default: evString = "Unknown Event ID " + event + " encountered";
return "Unknown Event ID " + event + " encountered";
}
}
return evString;
}
/**
* Human readable output of a check of input against the current event hash.
@ -476,4 +476,12 @@ public class TpmPcrEvent {
}
return true;
}
/**
* Human readable string representing the contents of the Event Log.
* @return Description of the log.
*/
public String toString() {
return description;
}
}

2
HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UefiDevicePath.java
View File

@ -246,7 +246,7 @@ private String hardDriveSubType(final byte[] path, final int offset) {
subType += " Partition Size = " + HexUtils.byteArrayToHexString(data);
byte[] signature = new byte[UefiConstants.SIZE_16];
System.arraycopy(path, UefiConstants.OFFSET_24 + offset, signature, 0, UefiConstants.SIZE_16);
subType += "Partition Signature = ";
subType += "\n Partition Signature = ";
if (path[UefiConstants.OFFSET_41 + offset] == UefiConstants.DRIVE_SIG_NONE) {
subType += "None";
} else if (path[UefiConstants.OFFSET_41 + offset] == UefiConstants.DRIVE_SIG_32BIT) {

2
HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UefiFirmware.java
View File

@ -63,7 +63,7 @@ public int getBlobLength() {
public String toString() {
String blobInfo = "";
if (!berror) {
blobInfo += " Platform Firwmare Blob Address = " + blobAddress;
blobInfo += " Platform Firwmare Blob Address = " + Integer.toHexString(blobAddress);
blobInfo += " length = " + blobLength;
} else {
blobInfo += " Invalid Firmware Blob event encountered";

4
HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UefiVariable.java
View File

@ -137,7 +137,9 @@ public String toString() {
StringBuilder efiVariable = new StringBuilder();
efiVariable.append("UEFI Variable Name:" + varName + "\n");
efiVariable.append("UEFI_GUID = " + getEfiVarGuid().toString() + "\n ");
if (varName != "") {
efiVariable.append("UEFI Variable Contents => " + "\n ");
}
String tmpName = varName;
if (varName.contains("Boot00")) {
tmpName = "Boot00";
@ -148,7 +150,7 @@ public String toString() {
case "Boot00": efiVariable.append(bootv.toString()); break;
case "BootOrder": efiVariable.append(booto.toString()); break;
case "SecureBoot": efiVariable.append(sb.toString()); break;
default:
default: efiVariable.append("Data not provided for UEFI var named " + tmpName + "\n");
}
for (int i = 0; i < certSuperList.size(); i++) {
efiVariable.append(certSuperList.get(i).toString());

1
tools/tcglp/VERSION Normal file
View File

@ -0,0 +1 @@
1.0

157
tools/tcglp/build.gradle Normal file
View File

@ -0,0 +1,157 @@
task wrapper(type: Wrapper) {
gradleVersion = '2.10'
}
allprojects {
task addPlugins << {
delete './build/plugins'
mkdir './build/plugins'
if (project.hasProperty('pluginDir')) {
if (pluginDir?.trim()) {
copy {
from "$pluginDir"
into 'build/plugins'
include '*.jar'
include '**/*.jar'
}
}
}
}
task copyVersion() {
doLast {
if (project.hasProperty('displayVersion')) {
String resourceDir="${buildDir}/resources/main"
println "setting app version file contents of: ${displayVersion} to ${resourceDir}"
new File(resourceDir, "VERSION").write("$displayVersion")
}
}
}
group = 'hirs'
version = file("$rootDir/VERSION").text.trim() + "-SNAPSHOT"
}
subprojects {
apply plugin: 'java'
apply plugin: 'maven-publish'
tasks.withType(JavaCompile) {
options.compilerArgs << "-Xlint:unchecked" << "-Xlint:deprecation" << "-Werror"
}
repositories {
mavenCentral()
}
test {
testLogging {
exceptionFormat = 'full'
}
}
tasks.withType(Test) {
useTestNG() {
includeGroups = project.ext.includeGroups.split()
excludeGroups = project.ext.excludeGroups.split()
}
afterSuite { desc, result ->
if (desc.parent == null) {
logger.lifecycle("${result.successfulTestCount}/${result.testCount} tests passed")
}
}
}
tasks.withType(FindBugs) {
reports {
xml.enabled = false
html.enabled = true
}
}
tasks.withType(Pmd) {
reports {
xml.enabled = false
html.enabled = true
}
}
publishing {
repositories {
if(findProperty("env") != null && findProperty("env") == "CI") {
maven {
url "$rootDir/librepo"
}
} else {
mavenLocal()
}
}
}
// Global checkstyle file
ext.checkstyleConfigFile = new File(rootDir, "/config/checkstyle/sun_checks.xml")
// Version definitions of all of the libraries we're using. They're defined
// here to ensure that all projects are using the same versions of common
// dependencies:
ext.libs = [
bouncy_castle: 'org.bouncycastle:bcmail-jdk15on:1.59',
checkstyle: 'com.puppycrawl.tools:checkstyle:8.10.1',
commons_cli: 'commons-cli:commons-cli:1.2',
commons_codec: 'commons-codec:commons-codec:1.9',
commons_csv: 'org.apache.commons:commons-csv:1.4',
commons_exec: 'org.apache.commons:commons-exec:1.3',
commons_http: 'commons-httpclient:commons-httpclient:3.1',
commons_io: 'commons-io:commons-io:2.4',
commons_lang: 'org.apache.commons:commons-lang3:3.3.2',
commons_upload:'commons-fileupload:commons-fileupload:1.3.1',
commons_valid: 'commons-validator:commons-validator:1.4.0',
findbugs: 'com.google.code.findbugs:findbugs:3.0.0',
gson: 'com.google.code.gson:gson:2.2.4',
guava: 'com.google.guava:guava:18.0',
hibernate: [ 'org.hibernate.common:hibernate-commons-annotations:4.0.4.Final',
'org.hibernate:hibernate-core:4.3.11.Final',
'org.hibernate:hibernate-hikaricp:4.3.11.Final'],
hikari: 'com.zaxxer:HikariCP:2.4.1',
hsqldb: 'org.hsqldb:hsqldb:2.3.2',
http: 'org.apache.httpcomponents:httpclient:4.5',
jackson: [ 'com.fasterxml.jackson.core:jackson-core:2.6.3',
'com.fasterxml.jackson.core:jackson-databind:2.6.3',
'com.fasterxml.jackson.core:jackson-annotations:2.6.3'],
jadira_usertype: 'org.jadira.usertype:usertype.core:4.0.0.GA',
jcommander: 'com.beust:jcommander:1.35',
joda_time: 'joda-time:joda-time:2.9.4',
jstl: [ 'org.apache.taglibs:taglibs-standard-impl:1.2.5',
'org.apache.taglibs:taglibs-standard-spec:1.2.5'],
log4j2: [ 'org.apache.logging.log4j:log4j-api:2.8.1',
'org.apache.logging.log4j:log4j-core:2.8.1',
'org.apache.logging.log4j:log4j-slf4j-impl:2.8.1'],
log4j2_web: 'org.apache.logging.log4j:log4j-web:2.8.1',
log_bridge: 'org.apache.logging.log4j:log4j-jcl:2.8.1',
mockito: 'org.mockito:mockito-all:1.10.19',
mariadb: 'org.mariadb.jdbc:mariadb-java-client:2.2.1',
minimal_json: 'com.eclipsesource.minimal-json:minimal-json:0.9.5',
pci_ids: 'com.github.marandus:pci-ids:0.3',
pmd: 'net.sourceforge.pmd:pmd:5.1.1',
powermock: [ 'org.powermock:powermock-core:1.6.3',
'org.powermock:powermock-api-mockito:1.6.3',
'org.powermock:powermock-module-testng:1.6.3' ],
protobuf_java: 'com.google.protobuf:protobuf-java:3.4.0',
reflections: 'org.reflections:reflections:0.9.9-RC1',
servlet_api: 'javax.servlet:servlet-api:2.5',
slf4j: 'org.slf4j:slf4j-api:1.7.13',
spring_core: ['org.springframework:spring-aop:4.2.3.RELEASE',
'org.springframework:spring-beans:4.2.3.RELEASE',
'org.springframework:spring-context:4.2.3.RELEASE',
'org.springframework:spring-expression:4.2.3.RELEASE',
'org.springframework:spring-orm:4.2.3.RELEASE'],
spring_msg: 'org.springframework:spring-messaging:4.2.3.RELEASE',
spring_plugin: 'org.springframework.plugin:spring-plugin-core:1.2.0.RELEASE',
spring_retry: 'org.springframework.retry:spring-retry:1.2.0.RELEASE',
spring_test: 'org.springframework:spring-test:4.2.3.RELEASE',
spring_web: 'org.springframework:spring-web:4.2.3.RELEASE',
spring_webmvc: 'org.springframework:spring-webmvc:4.2.3.RELEASE',
testng: 'org.testng:testng:6.8.8',
xml_rpc_client: 'org.apache.xmlrpc:xmlrpc-client:3.1.3',
]
}

BIN
tools/tcglp/gradle/wrapper/gradle-4.5.1-all.zip vendored Normal file
View File

Binary file not shown.

BIN
tools/tcglp/gradle/wrapper/gradle-wrapper.jar vendored Normal file
View File

Binary file not shown.

6
tools/tcglp/gradle/wrapper/gradle-wrapper.properties vendored Normal file
View File

@ -0,0 +1,6 @@
#Thu Sep 13 15:33:27 EDT 2018
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=gradle-4.5.1-all.zip

160
tools/tcglp/gradlew vendored Executable file
View File

@ -0,0 +1,160 @@
#!/usr/bin/env bash
##############################################################################
##
## Gradle start up script for UN*X
##
##############################################################################
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS=""
APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
warn ( ) {
echo "$*"
}
die ( ) {
echo
echo "$*"
echo
exit 1
}
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
case "`uname`" in
CYGWIN* )
cygwin=true
;;
Darwin* )
darwin=true
;;
MINGW* )
msys=true
;;
esac
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
PRG="$0"
# Need this for relative symlinks.
while [ -h "$PRG" ] ; do
ls=`ls -ld "$PRG"`
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
PRG="$link"
else
PRG=`dirname "$PRG"`"/$link"
fi
done
SAVED="`pwd`"
cd "`dirname \"$PRG\"`/" >/dev/null
APP_HOME="`pwd -P`"
cd "$SAVED" >/dev/null
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
else
JAVACMD="$JAVA_HOME/bin/java"
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD="java"
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
MAX_FD_LIMIT=`ulimit -H -n`
if [ $? -eq 0 ] ; then
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
MAX_FD="$MAX_FD_LIMIT"
fi
ulimit -n $MAX_FD
if [ $? -ne 0 ] ; then
warn "Could not set maximum file descriptor limit: $MAX_FD"
fi
else
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
fi
fi
# For Darwin, add options to specify how the application appears in the dock
if $darwin; then
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
fi
# For Cygwin, switch paths to Windows format before running java
if $cygwin ; then
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
JAVACMD=`cygpath --unix "$JAVACMD"`
# We build the pattern for arguments to be converted via cygpath
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
SEP=""
for dir in $ROOTDIRSRAW ; do
ROOTDIRS="$ROOTDIRS$SEP$dir"
SEP="|"
done
OURCYGPATTERN="(^($ROOTDIRS))"
# Add a user-defined pattern to the cygpath arguments
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
fi
# Now convert the arguments - kludge to limit ourselves to /bin/sh
i=0
for arg in "$@" ; do
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
else
eval `echo args$i`="\"$arg\""
fi
i=$((i+1))
done
case $i in
(0) set -- ;;
(1) set -- "$args0" ;;
(2) set -- "$args0" "$args1" ;;
(3) set -- "$args0" "$args1" "$args2" ;;
(4) set -- "$args0" "$args1" "$args2" "$args3" ;;
(5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
(6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
(7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
(8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
(9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
esac
fi
# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
function splitJvmOpts() {
JVM_OPTS=("$@")
}
eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"

276
tools/tcglp/src/main/java/hirs/tcglp/utils/Commander.java Normal file
View File

@ -0,0 +1,276 @@
package hirs.tcglp.utils;
import java.io.File;
import java.io.IOException;
import java.nio.file.InvalidPathException;
/**
* Commander is a class that handles the command line arguments for the
* TCG Log Parser (tcglp).
*/
public class Commander {
private static final String COMMAND_PREFIX = "-";
private static final String FULL_COMMAND_PREFIX = "--";
private static final String ALL_STRING = "all";
private static final String CONTENT_STRING = "eventcontent";
private static final String DIFF_STRING = "diff";
private static final String EVENTIDS_STRING = "eventids";
private static final String FILE_STRING = "file";
private static final String HELP_STRING = "help";
private static final String HEX_STRING = "hex";
private static final String OUTPUT_STRING = "output";
private static final String PCR_STRING = "tpmpcrs";
private static final String VERIFY_STRING = "Verify";
private boolean hasArguments = false;
private boolean bAll = false;
private boolean bContent = false;
private boolean bDiff = false;
private boolean bEventIds = false;
private boolean bFile = false;
private boolean bHex = false;
private boolean bOutput = false;
private boolean bPCRs = false;
private boolean bVerify = false;
private String inFile = "";
private String outFile = "";
/**
* The main constructor for the Commander class
*
* @param args
*/
public Commander(final String[] args) {
hasArguments = args.length > 0;
if (hasArguments) {
parseArguments(args);
} else {
printHelp("");
}
}
/**
* This method is called if an empty Commander was created, and later gets
* args. Will be used by the main constructor.
*
* @param args
*/
public final void parseArguments(final String[] args) {
String tempValue;
for (int i = 0; i < args.length; i++) {
tempValue = args[i];
switch (tempValue) {
case FULL_COMMAND_PREFIX + ALL_STRING:
case COMMAND_PREFIX + "a":
bAll = true;
break;
case FULL_COMMAND_PREFIX + CONTENT_STRING:
case COMMAND_PREFIX + "c":
bContent = true;
break;
case FULL_COMMAND_PREFIX + DIFF_STRING:
case COMMAND_PREFIX + "d":
bDiff = true;
break;
case FULL_COMMAND_PREFIX + EVENTIDS_STRING:
case COMMAND_PREFIX + "e":
bEventIds = true;
break;
case FULL_COMMAND_PREFIX + FILE_STRING:
case COMMAND_PREFIX + "f":
bFile = true;
inFile = args[++i];
break;
case FULL_COMMAND_PREFIX + HEX_STRING:
case COMMAND_PREFIX + "x":
bHex = true;
break;
case FULL_COMMAND_PREFIX + OUTPUT_STRING:
case COMMAND_PREFIX + "o":
bOutput = true;
outFile = args[++i];
break;
case FULL_COMMAND_PREFIX + PCR_STRING:
case COMMAND_PREFIX + "p":
bPCRs = true;
break;
case FULL_COMMAND_PREFIX + VERIFY_STRING:
case COMMAND_PREFIX + "V":
bVerify = true;
break;
case FULL_COMMAND_PREFIX + HELP_STRING:
case COMMAND_PREFIX + "h":
default:
printHelp("");
}
}
}
/**
* Getter for the property that indicates if something was given at the
* commandline.
* @return true if any arguments were passed in.
*/
public final boolean hasArguments() {
return hasArguments;
}
/**
* Getter for the input All flag.
* @return true if the All flag was set.
*/
public final boolean getAllFlag() {
return bAll;
}
/**
* Getter for the input associated with the PCR flag.
* @return true if the PCR Flag was set.
*/
public final boolean getPCRFlag() {
return bPCRs;
}
/**
* Getter for the input associated with the Event flag.
* @return true if the Event Flag was set.
*/
public final boolean getContentFlag() {
return bContent;
}
/**
* Getter for the input associated with the Hex flag.
* @return true if the Hex Flag was set.
*/
public final boolean getHexFlag() {
return bHex;
}
/**
* Getter for the input associated with the EventIds flag.
* @return true of EventIds Falg was set.
*/
public final boolean getEventIdsFlag() {
return bEventIds;
}
/**
* Getter for the input associated with the File flag.
* @return true if File Flage was set.
*/
public final boolean getFileFlag() {
return bFile;
}
/**
* Getter for the input associated with the Output flag.
* @return true if the Output flag was set.
*/
public final boolean getOutputFile() {
return bOutput;
}
/**
* Getter for the input associated with the diff flag.
* @return
*/
public final boolean getDiffFlag() {
return bDiff;
}
/**
* Getter for the input associated with the Verify flag.
* @return
*/
public final boolean getVerifyFile() {
return bVerify;
}
/**
* Returns the name of the output file, if provided.
* @return name of the output file.
*/
public final String getOutputFileName() {
return outFile;
}
/**
* Returns the name of the input file, if provided.
* @return name of the input file.
*/
public final String getInFileName() {
return inFile;
}
/**
* This method is used to inform the user of the allowed functionality of
* the program.
*/
private void printHelp(String message) {
StringBuilder sb = new StringBuilder();
String os = System.getProperty("os.name").toLowerCase();
if (message != null && !message.isEmpty()) {
sb.append(String.format("ERROR: %s\n\n", message));
}
sb.append("\nTCG Log Parser ");
if (os.compareToIgnoreCase("linux")==0) {
sb.append("Usage: sh tcglp.sh [OPTION]...-f [FILE]...\n");
} else {
sb.append("Usage: .tcglp.ps1 [OPTION]...-f [FILE]...\n");
}
sb.append("Options:\n -a\t--all\t\t Displays everything; overrides other options.\n"
+ " -c\t--eventcontent\t Displays event content (hex). \n\t\t\t Following paramter MAY be a event id or event id label. \n\t\t\t No following parameters will read All Events.\n"
+ " -d\t--diff\t\t Compares two TCG Event Logs and outputs a list of events that differred.\n"
+ " -e\t--eventids\t Filters the output to only display events using ID's provided.\n\t\t\t ID is single work mask of the event ID's. \n\t\t\t No EventID will output all events.\n"
+ " -f\t--file\t\t Use specific input file. \n\t\t\t Following parameter MUST be a relative path and file name.\n"
+ " -o\t--output\t Output to a file. \n\t\t\t Following parameter MUST be a relative path and file name.\n"
+ " -t\t--tpmpcrs\t Output PCR contents calculated from the TCG Log. \n\t\t\t Following parameter MAY be a PCR number or Text PCR[] string.\n\t\t\t No following parameters will display ALl PCRs.\n"
+ " -v\t--Version\t Parser Version.\n"
+ " -V\t--Verify\t Attempts to verify the log file against values on the local device.\n"
+ " -x\t--hex\t\t Displays entire event log in hexdecimal.\n");
if (os.compareToIgnoreCase("linux")==0) {
sb.append("\nIf no FILE parameter is provided then the standard Linux TCGEventLog path (/sys/kernel/security/tpm0/binary_bios_measurements) is used."
+"\n Note admin privileges may be required (e.g. use sudo when running the script).\n"
+"All OPTIONS must be seperated by a space delimiter, no concatenation of OPTIONS is currently supported.\n"
+"\nExamples: (run from the script directory)\n"
+"1. Display all events from the binary_bios_measurements.bin test pattern:\n"
+" sh tcglp.sh -f ../test/testdata/binary_bios_measurements_Dell_Fedora30.bin -e\n"
+"2. Display only the event with an index of 0 (e.g event that extend PCR 0):\n"
+" sh scripts/tcglp.sh -f ../test/testdata/binary_bios_measurements_Dell_Fedora30.bin -p 0\n"
);
} else { //windows
sb.append("\nIf no FILE parameter is provided then the standard Windows TCGEventLog path (C:\\Windows\\Logs\\MeasuredBoot) is used"
+"\n Note admin privileges may be required (e.g. run as Administrator).\n"
+"All OPTIONS must be seperated by a space delimiter, no concatenation of OPTIONS is currently supported.\n"
+"\nExamples:(run from the script directory)\n"
+"1. Display all events from the binary_bios_measurements.bin test pattern:\n"
+" ./tcglp.ps1 -f ..\\test\\testdata\\binary_bios_measurements_Dell_Fedora30.bin -e\n"
+"2. Display only the event with an index of 0 (e.g event that extend PCR 0):\n"
+" ./tcglp.ps1 -f ..\\test\\testdata\\binary_bios_measurements_Dell_Fedora30.bin -p 0\n"
);
}
System.out.println(sb.toString());
System.exit(1);
}
/**
* Checks that the file given to create a new swidtag is a valid path.
* @param filepath
* @return
*/
public static boolean isValidPath(String filepath) {
try {
System.out.println("Checking for a valid creation path...");
File file = new File(filepath);
file.createNewFile();
} catch (IOException | InvalidPathException | NullPointerException ex) {
return false;
}
return true;
}
}

141
tools/tcglp/src/main/java/hirs/tcglp/utils/Main.java Normal file
View File

@ -0,0 +1,141 @@
package hirs.tcglp.utils;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import hirs.tpm.eventlog.TCGEventLogProcessor;
/**
* Command-line application for processing TCG Event Logs.
* Input arg: path to *.tcglp file
*
* If an argument is given it will be validated against the schema at http://standards.iso.org/iso/19770/-2/2015/schema.xsd
* If an argument is not given a SWID tag file will be generated.
*/
public class Main {
private static Commander commander = null;
static FileOutputStream outputStream = null;
static byte[] eventLlog = null;
public static void main(String[] args) {
commander = new Commander(args);
String os = System.getProperty("os.name").toLowerCase();
if (commander.hasArguments()) {
// we have arguments to work with
if (commander.getFileFlag()) {
eventLlog = openLog(commander.getInFileName());
} else {
eventLlog = openLog("");
}
if (commander.getAllFlag()) {
System.out.print("All option is not yet implemented");
System.exit(1);
}
if (commander.getPCRFlag()) {
try {
TCGEventLogProcessor tlp = new TCGEventLogProcessor(eventLlog);
String[] pcrs = tlp.getExpectedPCRValues();
int i=0;
System.out.print("Platform Configuration Register (PCR) values: \n");
for (String pcr: pcrs) {
System.out.print("pcr "+ i++ + " = " + pcr.toString() + "\n");
}
} catch (Exception e) {
System.out.print("Error processing Event Log " + commander.getInFileName()
+ "\nError was "+ e.toString());
System.exit(1);
}
}
if (commander.getContentFlag()) {
}
if (commander.getHexFlag()) {
}
if (commander.getEventIdsFlag()) {
try {
TCGEventLogProcessor tlp = new TCGEventLogProcessor(eventLlog);
writeOut(tlp.toString());
} catch (Exception e) {
System.out.print("Error processing Event Log " + commander.getInFileName()
+ "\nError was "+ e.toString());
System.exit(1);
}
}
if (commander.getOutputFile()) {
try {
outputStream = new FileOutputStream(commander.getOutputFileName());
} catch (FileNotFoundException e) {
System.out.print("Error opening output file" + commander.getOutputFileName()
+ "\nError was "+ e.getMessage());
System.exit(1);
}
}
if (commander.getVerifyFile()) {
System.out.print("Verify option is not yet implemented");
System.exit(1);
}
} else {
System.out.print("Nothing to do: No Parameters provided.");
System.exit(1);
}
}
/**
* Opens a TCG Event log file
* @param fileName Name of the log file. Will use a OS specific default file if none is supplied.
* @param os the name os of the current system
* @return a byte array holding the entire log
*/
public static byte[] openLog(String fileName) {
String os = System.getProperty("os.name").toLowerCase();
byte[] rawLog=null;
boolean bDefault = false;
try {
if (fileName == "") {
if (os.compareToIgnoreCase("linux")==0) { // need to find Windows path
fileName = "/sys/kernel/security/tpm0/binary_bios_measurements";
bDefault = true;
writeOut("Local Event Log being used: "+fileName +"\n");
}
}
Path path = Paths.get(fileName);
rawLog = Files.readAllBytes(path);
writeOut("TPM Event Log parser using file:"+ path +"\n\n");
} catch (Exception e) {
String error = "Error reading event Log File: " + e.toString();
if (bDefault) {
error += "\nTry using the -f option to specify an Event Log File";
}
writeOut(error);
System.exit(1);
}
return rawLog;
}
/**
* Write data out to the system and/or a file.
* @param data
*/
private static void writeOut(String data) {
try {
data = data.replaceAll("[^\\P{C}\t\r\n]", ""); // remove any null characters that seem to upset text editors
if(commander.getOutputFile()) outputStream.write(data.getBytes()); // Write to an output file
System.out.print(data); // output to the console
} catch (IOException e) {
e.printStackTrace();
}
}
}