ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-20 01:36:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated the Event Log Measurements class to use a hash for lookup

Browse Source
This commit is contained in:
Cyrus 2021-06-17 12:52:28 -04:00
parent cd206f870c
commit b06025a71f
5 changed files with 81 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -14,6 +14,7 @@ import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.EventLogMeasurements;
import hirs.data.persist.ReferenceDigestRecord;
import hirs.data.persist.ReferenceDigestValue;
import hirs.data.persist.ReferenceManifest;
import hirs.data.persist.SupplyChainPolicy;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.data.persist.SupportReferenceManifest;
@ -97,6 +98,7 @@ import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
@ -782,6 +784,7 @@ public abstract class AbstractAttestationCertificateAuthority
Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)");
Matcher matcher;
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
List<ReferenceManifest> listOfSavedRims = new LinkedList<>();
if (dv.getLogfileCount() > 0) {
for (ByteString logFile : dv.getLogfileList()) {
@ -894,9 +897,11 @@ public abstract class AbstractAttestationCertificateAuthority
dbSupport.setUpdated(true);
dbSupport.setAssociatedRim(dbBaseRim.getId());
this.referenceManifestManager.update(dbSupport);
listOfSavedRims.add(dbSupport);
}
}
this.referenceManifestManager.update(dbBaseRim);
listOfSavedRims.add(dbBaseRim);
}
generateDigestRecords(hw.getManufacturer(), hw.getProductName(),
@ -907,20 +912,26 @@ public abstract class AbstractAttestationCertificateAuthority
fileName = String.format("%s.measurement",
dv.getNw().getHostname());
try {
// find previous version. If it exists, delete it
measurements = EventLogMeasurements.select(referenceManifestManager)
.byDeviceName(dv.getNw().getHostname()).getRIM();
if (measurements != null) {
LOG.info("Previous bios measurement log found and being archived...");
this.referenceManifestManager.update(measurements);
}
measurements = new EventLogMeasurements(fileName,
EventLogMeasurements temp = new EventLogMeasurements(fileName,
dv.getLivelog().toByteArray());
measurements.setPlatformManufacturer(dv.getHw().getManufacturer());
measurements.setPlatformModel(dv.getHw().getProductName());
measurements.setTagId(tagId);
measurements.setDeviceName(dv.getNw().getHostname());
this.referenceManifestManager.save(measurements);
// find previous version.
measurements = EventLogMeasurements.select(referenceManifestManager)
.byHexDecHash(temp.getHexDecHash()).includeArchived().getRIM();
if (measurements == null) {
measurements = temp;
measurements.setPlatformManufacturer(dv.getHw().getManufacturer());
measurements.setPlatformModel(dv.getHw().getProductName());
measurements.setTagId(tagId);
measurements.setDeviceName(dv.getNw().getHostname());
this.referenceManifestManager.save(measurements);
}
// now save the hash to the base and support rims associated
for (ReferenceManifest rim : listOfSavedRims) {
if (rim != null) {
rim.setEventLogHash(temp.getHexDecHash());
this.referenceManifestManager.update(rim);
}
}
} catch (IOException ioEx) {
LOG.error(ioEx);
}

11
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -379,25 +379,26 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
baseReferenceManifests = BaseReferenceManifest.select(referenceManifestManager)
.byDeviceName(device.getDeviceInfo().getNetworkInfo().getHostname()).getRIMs();
measurement = EventLogMeasurements.select(referenceManifestManager)
.byManufacturer(manufacturer).getRIM();
for (BaseReferenceManifest bRim : baseReferenceManifests) {
if (!bRim.isSwidSupplemental() && !bRim.isSwidPatch()) {
baseReferenceManifest = bRim;
}
}
validationObject = measurement;
String failedString = "";
if (baseReferenceManifest == null) {
failedString = "Base Reference Integrity Manifest\n";
passed = false;
} else {
measurement = EventLogMeasurements.select(referenceManifestManager)
.byHexDecHash(baseReferenceManifest.getEventLogHash()).getRIM();
}
if (measurement == null) {
failedString += "Bios measurement";
passed = false;
}
validationObject = measurement;
if (passed) {
List<SwidResource> resources =
@ -592,7 +593,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
}
eventLog = EventLogMeasurements
.select(this.referenceManifestManager)
.byDeviceName(deviceName).getRIM();
.byHexDecHash(sRim.getEventLogHash()).getRIM();
if (sRim == null) {
fwStatus = new AppraisalStatus(FAIL,

6
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -358,10 +358,8 @@ public class ReferenceManifestDetailsPageController
// testing this independent of the above if statement because the above
// starts off checking if associated rim is null; that is irrelevant for
// this statement.
if (support.getPlatformManufacturer() != null) {
measurements = EventLogMeasurements.select(referenceManifestManager)
.byManufacturer(support.getPlatformManufacturer()).getRIM();
}
measurements = EventLogMeasurements.select(referenceManifestManager)
.byHexDecHash(support.getEventLogHash()).getRIM();
if (support.isSwidPatch()) {
data.put("swidPatch", "True");

29
HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java
View File

@ -71,6 +71,16 @@ public class EventLogMeasurements extends ReferenceManifest {
setFieldValue("deviceName", deviceName);
return this;
}
/**
* Specify the RIM hash associated with the Event Log.
* @param hexDecHash the hash of the file associated with the rim
* @return this instance
*/
public Selector byHexDecHash(final String hexDecHash) {
setFieldValue(HEX_DEC_HASH_FIELD, hexDecHash);
return this;
}
}
/**
@ -94,6 +104,7 @@ public class EventLogMeasurements extends ReferenceManifest {
) throws IOException {
super(rimBytes);
this.setFileName(fileName);
this.archive("Event Log Measurement");
this.setRimType(MEASUREMENT_RIM);
this.pcrHash = 0;
}
@ -190,4 +201,22 @@ public class EventLogMeasurements extends ReferenceManifest {
public void setOverallValidationResult(final AppraisalStatus.Status overallValidationResult) {
this.overallValidationResult = overallValidationResult;
}
@Override
public boolean equals(final Object object) {
if (this == object) {
return true;
}
if (object == null || getClass() != object.getClass()) {
return false;
}
EventLogMeasurements that = (EventLogMeasurements) object;
return this.getHexDecHash().equals(that.getHexDecHash());
}
@Override
public int hashCode() {
return super.hashCode();
}
}

20
HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
View File

@ -100,6 +100,9 @@ public abstract class ReferenceManifest extends ArchivableEntity {
@Column
@JsonIgnore
private String hexDecHash = "";
@Column
@JsonIgnore
private String eventLogHash = "";
/**
* Default constructor necessary for Hibernate.
@ -358,6 +361,23 @@ public abstract class ReferenceManifest extends ArchivableEntity {
return hexDecHash;
}
/**
* Getter for the event log hash.
* @param eventLogHash hash value to store
*/
public void setEventLogHash(final String eventLogHash) {
this.eventLogHash = eventLogHash;
}
/**
* Getter for the event log hash.
*
* @return int representation of the hash value
*/
public String getEventLogHash() {
return eventLogHash;
}
/**
* Getter for the Reference Integrity Manifest as a byte array.
*