Merge pull request #828 from nsacyber/v3_issue_820-spdm

Add processing for EV_EFI_NOACTION NvIndexDynamic structure
This commit is contained in:
iadgovuser26 2024-08-21 15:10:23 -04:00 committed by GitHub
commit b30468eb50
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
15 changed files with 159 additions and 30 deletions

View File

@ -1,16 +1,16 @@
package hirs.utils; package hirs.utils;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import java.math.BigInteger; import java.math.BigInteger;
/** /**
* Utilities for working with hex strings and byte arrays. * Utilities for working with hex strings and byte arrays.
*/ */
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public final class HexUtils { public final class HexUtils {
/**
* Default private constructor so checkstyles doesn't complain
*/
private HexUtils() { }
/** /**
* The mathematical base for the hexadecimal representation. * The mathematical base for the hexadecimal representation.
*/ */

View File

@ -2,8 +2,6 @@ package hirs.utils;
import com.eclipsesource.json.Json; import com.eclipsesource.json.Json;
import com.eclipsesource.json.JsonObject; import com.eclipsesource.json.JsonObject;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
import java.io.FileInputStream; import java.io.FileInputStream;
@ -20,9 +18,13 @@ import java.nio.file.Path;
* library. * library.
*/ */
@Log4j2 @Log4j2
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public final class JsonUtils { public final class JsonUtils {
/**
* Default private constructor so checkstyles doesn't complain
*/
private JsonUtils() { }
/** /**
* Getter for the JSON Object that is associated with the elementName value * Getter for the JSON Object that is associated with the elementName value
* mapped in the associated JSON file. * mapped in the associated JSON file.

View File

@ -25,6 +25,11 @@ import java.util.List;
@Log4j2 @Log4j2
public final class PciIds { public final class PciIds {
/**
* Default private constructor so checkstyles doesn't complain
*/
private PciIds() { }
/** /**
* This pci ids file can be in different places on different distributions. * This pci ids file can be in different places on different distributions.
*/ */

View File

@ -1,6 +1,12 @@
package hirs.utils.enums; package hirs.utils.enums;
public final class DeviceInfoEnums { public final class DeviceInfoEnums {
/**
* Default private constructor so checkstyles doesn't complain
*/
private DeviceInfoEnums() { }
/** /**
* A variable used to describe unavailable hardware, firmware, or OS info. * A variable used to describe unavailable hardware, firmware, or OS info.
*/ */

View File

@ -3,7 +3,6 @@ package hirs.utils.swid;
import javax.xml.XMLConstants; import javax.xml.XMLConstants;
import javax.xml.namespace.QName; import javax.xml.namespace.QName;
/** /**
* This class contains the String constants that are referenced by the gateway * This class contains the String constants that are referenced by the gateway
* class. It is expected that member properties of this class will expand as * class. It is expected that member properties of this class will expand as
@ -11,6 +10,11 @@ import javax.xml.namespace.QName;
*/ */
public class SwidTagConstants { public class SwidTagConstants {
/**
* Default private constructor so checkstyles doesn't complain
*/
private SwidTagConstants() { }
public static final String DEFAULT_KEYSTORE_FILE = "keystore.jks";//"/opt/hirs/rimtool/keystore.jks"; public static final String DEFAULT_KEYSTORE_FILE = "keystore.jks";//"/opt/hirs/rimtool/keystore.jks";
public static final String DEFAULT_KEYSTORE_PASSWORD = "password"; public static final String DEFAULT_KEYSTORE_PASSWORD = "password";
public static final String DEFAULT_PRIVATE_KEY_ALIAS = "1"; public static final String DEFAULT_PRIVATE_KEY_ALIAS = "1";

View File

@ -1,15 +1,16 @@
package hirs.utils.tpm.eventlog.events; package hirs.utils.tpm.eventlog.events;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
/** /**
* Class for defining constants referenced in the PC Client * Class for defining constants referenced in the PC Client
* Platform Firmware Profile specification. * Platform Firmware Profile specification.
*/ */
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public final class EvConstants { public final class EvConstants {
/**
* Default private constructor so checkstyles doesn't complain
*/
private EvConstants() { }
/** /**
* Type length = 4 bytes. * Type length = 4 bytes.
*/ */

View File

@ -10,13 +10,17 @@ import java.nio.charset.StandardCharsets;
/** /**
* Class to process the EV_NO_ACTION event. * Class to process the EV_NO_ACTION event.
* The first 16 bytes of the event data MUST be a String based identifier (Signature). * The first 16 bytes of the event data MUST be a String based identifier (Signature).
* The only currently defined Signatures are * Currently defined Signatures are
* 1) "Spec ID Event03" * "Spec ID Event03"
* - implies the data is a TCG_EfiSpecIDEvent * - implies the data is a TCG_EfiSpecIDEvent
* - TCG_EfiSpecIDEvent is the first event in a TPM Event Log and is used to determine * - TCG_EfiSpecIDEvent is the first event in a TPM Event Log and is used to determine
* if the format of the Log (SHA1 vs Crypto Agile). * if the format of the Log (SHA1 vs Crypto Agile).
* 2) "NvIndexInstance" * "StartupLocality"
* - implies the data represents locality info (use lookup to interpret)
* "NvIndexInstance"
* - implies the data is a NV_INDEX_INSTANCE_EVENT_LOG_DATA * - implies the data is a NV_INDEX_INSTANCE_EVENT_LOG_DATA
* "NvIndexDynamic"
* - implies the data is a NV_INDEX_DYNAMIC_EVENT_LOG_DATA
* <p> * <p>
* Notes: * Notes:
* 1. First 16 bytes of the structure is an ASCII with a fixed Length of 16 * 1. First 16 bytes of the structure is an ASCII with a fixed Length of 16
@ -74,10 +78,13 @@ public class EvNoAction {
} else if (signature.contains("NvIndexInstance")) { } else if (signature.contains("NvIndexInstance")) {
NvIndexInstanceEventLogData nvIndexInstanceEvent = new NvIndexInstanceEventLogData(eventData); NvIndexInstanceEventLogData nvIndexInstanceEvent = new NvIndexInstanceEventLogData(eventData);
noActionInfo += nvIndexInstanceEvent.toString(); noActionInfo += nvIndexInstanceEvent.toString();
} else if (signature.contains("NvIndexDynamic")) {
NvIndexDynamicEventLogData nvIndexDynamicEvent = new NvIndexDynamicEventLogData(eventData);
noActionInfo += nvIndexDynamicEvent.toString();
} else { } else {
noActionInfo = "EV_NO_ACTION event named " + signature noActionInfo = " EV_NO_ACTION event named \"" + signature
+ " encountered but support for processing it has not been" + "\" encountered but support for processing it has not been"
+ " added to this application.\n"; + " added to this application.\n";
} }
} }

View File

@ -0,0 +1,97 @@
package hirs.utils.tpm.eventlog.events;
import hirs.utils.HexUtils;
import java.nio.charset.StandardCharsets;
/**
* Class to process the NV_INDEX_DYNAMIC_EVENT_LOG_DATA per PFP.
* Per PFP, the first 16 bytes of the structure are a String based identifier (Signature),
* which are a NULL-terminated ASCII string "NvIndexDynamic".
*
* HEADERS defined by PFP v1.06 Rev 52.
* Certain fields are common to both ..HEADER and ..HEADER2, and are noted below the structures.
* <p>
* typedef struct tdNV_INDEX_DYNAMIC_EVENT_LOG_DATA {
* BYTE Signature[16];
* UINT16 Version;
* UINT8[6] Reserved;
* UINT64 UID;
* UINT16 DescriptionSize;
* UINT8 Description[DescriptionSize];
* UINT16 DataSize;
* DEVICE_SECURITY_EVENT_DATA2 Data[DataSize];
* } NV_INDEX_DYNAMIC_EVENT_LOG_DATA;
* <p>
*/
public class NvIndexDynamicEventLogData {
/**
* Signature (text) data.
*/
private String signature = "";
/**
* Human-readable description of the data within this DEVICE_SECURITY_EVENT_DATA/..DATA2 event.
*/
private String nvIndexDynamicInfo = "";
/**
* NvIndexInstanceEventLogData constructor.
*
* @param eventData byte array holding the event to process.
*/
public NvIndexDynamicEventLogData(final byte[] eventData) {
byte[] signatureBytes = new byte[16];
System.arraycopy(eventData, 0, signatureBytes, 0, 16);
signature = new String(signatureBytes, StandardCharsets.UTF_8);
signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
byte[] versionBytes = new byte[2];
System.arraycopy(eventData, 16, versionBytes, 0, 2);
String nvIndexVersion = HexUtils.byteArrayToHexString(versionBytes);
if (nvIndexVersion.isEmpty()) {
nvIndexVersion = "version not readable";
}
nvIndexDynamicInfo = " Nv Index Dynamic Signature = " + signature + "\n";
nvIndexDynamicInfo += " Nv Index Dynamic Version = " + nvIndexVersion + "\n";
// 6 bytes of Reserved data
byte[] uidBytes = new byte[8];
System.arraycopy(eventData, 24, uidBytes, 0, 8);
String uid = HexUtils.byteArrayToHexString(uidBytes);
nvIndexDynamicInfo += " UID = " + uid + "\n";
byte[] descriptionSizeBytes = new byte[2];
System.arraycopy(eventData, 32, descriptionSizeBytes, 0, 2);
int descriptionSize = HexUtils.leReverseInt(descriptionSizeBytes);
byte[] descriptionBytes = new byte[descriptionSize];
System.arraycopy(eventData, 34, descriptionBytes, 0, descriptionSize);
String description = new String(descriptionBytes, StandardCharsets.UTF_8);
description = description.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
nvIndexDynamicInfo += " Description = " + description + "\n";
int dataSizeStartByte = 34 + descriptionSize;
byte[] dataSizeBytes = new byte[2];
System.arraycopy(eventData, dataSizeStartByte, dataSizeBytes, 0, 2);
int dataSize = HexUtils.leReverseInt(dataSizeBytes);
int dataStartByte = dataSizeStartByte + 2;
byte[] dataBytes = new byte[dataSize];
System.arraycopy(eventData, dataStartByte, dataBytes, 0, dataSize);
String data = HexUtils.byteArrayToHexString(dataBytes);
nvIndexDynamicInfo += " Data = " + data + "\n";
}
/**
* Returns a description of this event.
*
* @return Human-readable description of this event.
*/
public String toString() {
return nvIndexDynamicInfo;
}
}

View File

@ -1,5 +1,5 @@
/** /**
* Non-persistant classes related to TGC Event Logs. * Non-persistent classes related to TGC Event Logs.
*/ */
package hirs.utils.tpm.eventlog.events; package hirs.utils.tpm.eventlog.events;

View File

@ -1,5 +1,5 @@
/** /**
* Non-persistant classes related to TGC Event Logs. * Non-persistent classes related to TGC Event Logs.
*/ */
package hirs.utils.tpm.eventlog; package hirs.utils.tpm.eventlog;

View File

@ -1,15 +1,16 @@
package hirs.utils.tpm.eventlog.spdm; package hirs.utils.tpm.eventlog.spdm;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
/** /**
* Class for defining hash algorithms referenced in the DMTF SPDM specification. * Class for defining hash algorithms referenced in the DMTF SPDM specification.
* SPDM 1.3.0, Table 21, MeasurementHashAlgo. * SPDM 1.3.0, Table 21, MeasurementHashAlgo.
*/ */
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class SpdmHa { public class SpdmHa {
/**
* Default private constructor so checkstyles doesn't complain
*/
private SpdmHa() { }
/** /**
* Spdm Hash Alg = Raw bit stream. * Spdm Hash Alg = Raw bit stream.
*/ */

View File

@ -0,0 +1,5 @@
/**
* Non-persistent classes related to TGC Event Logs.
*/
package hirs.utils.tpm.eventlog.spdm;

View File

@ -1,16 +1,17 @@
package hirs.utils.tpm.eventlog.uefi; package hirs.utils.tpm.eventlog.uefi;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
/** /**
* This class contains the String constants that are referenced by UEFI. * This class contains the String constants that are referenced by UEFI.
* It is expected that member properties of this class will expand as * It is expected that member properties of this class will expand as
* more functionality is added. * more functionality is added.
*/ */
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public final class UefiConstants { public final class UefiConstants {
/**
* Default private constructor so checkstyles doesn't complain
*/
private UefiConstants() { }
/** /**
* 2 byte size. * 2 byte size.
*/ */

View File

@ -1,5 +1,5 @@
/** /**
* Non-persistant classes related to TGC Event Logs. * Non-persistent classes related to TGC Event Logs.
*/ */
package hirs.utils.tpm.eventlog.uefi; package hirs.utils.tpm.eventlog.uefi;

View File

@ -1,5 +1,5 @@
/** /**
* Non-persistant classes related to TPM. * Non-persistent classes related to TPM.
*/ */
package hirs.utils.tpm; package hirs.utils.tpm;