ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-19 21:17:59 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

adding variable in each subsequent file to track pciids file status

Browse Source
This commit is contained in:
iadgovuser58 2024-09-09 18:00:37 -04:00
parent 6e9cb4b5bf
commit bc85403319
6 changed files with 82 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
HIRS_Utils/src/main/java/hirs/utils/PciIds.java
View File

@ -21,8 +21,6 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE;
/**
* Provide Java access to PCI IDs.
*/
@ -33,7 +31,7 @@ public final class PciIds {
* Track status of pciids file.
*/
@Getter
private static String pciidsFileStatus = FILESTATUS_NOT_ACCESSIBLE;
private static String pciidsFileStatus = UefiConstants.FILESTATUS_NOT_ACCESSIBLE;
/**
* Name of pciids file in code.
@ -59,16 +57,12 @@ public final class PciIds {
/**
* The PCI IDs Database object.
*
* This only needs to be loaded one time.
*
* The pci ids library protects the data inside the object by making it immutable.
*/
public static final PciIdsDatabase DB = new PciIdsDatabase();
/**
* Configure the PCI IDs Database object.
*/
//Configure the PCI IDs Database object.
static {
if (!DB.isReady()) {
String dbFile = null;
@ -87,7 +81,7 @@ public final class PciIds {
dbFile = PciIds.class.getResource(PCIIDS_FILENAME).getPath();
}
if (dbFile != null) {
if (pciidsFileStatus != UefiConstants.FILESTATUS_FROM_FILESYSTEM) {
if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_FROM_FILESYSTEM)) {
pciidsFileStatus = UefiConstants.FILESTATUS_FROM_CODE;
}
InputStream is = null;
@ -126,7 +120,7 @@ public final class PciIds {
*/
public static ASN1UTF8String translateVendor(final ASN1UTF8String refManufacturer) {
ASN1UTF8String manufacturer = refManufacturer;
if (pciidsFileStatus != FILESTATUS_NOT_ACCESSIBLE
if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
&& manufacturer != null
&& manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")) {
Vendor ven = DB.findVendor(manufacturer.getString().toLowerCase());
@ -145,7 +139,7 @@ public final class PciIds {
*/
public static String translateVendor(final String refManufacturer) {
String manufacturer = refManufacturer;
if (pciidsFileStatus != FILESTATUS_NOT_ACCESSIBLE
if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
&& manufacturer != null
&& manufacturer.trim().matches("^[0-9A-Fa-f]{4}$")) {
Vendor ven = DB.findVendor(manufacturer.toLowerCase());
@ -168,7 +162,7 @@ public final class PciIds {
final ASN1UTF8String refModel) {
ASN1UTF8String manufacturer = refManufacturer;
ASN1UTF8String model = refModel;
if (pciidsFileStatus != FILESTATUS_NOT_ACCESSIBLE
if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
&& manufacturer != null
&& model != null
&& manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")
@ -193,7 +187,7 @@ public final class PciIds {
public static String translateDevice(final String refManufacturer,
final String refModel) {
String model = refModel;
if (pciidsFileStatus != FILESTATUS_NOT_ACCESSIBLE
if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
&& refManufacturer != null
&& model != null
&& refManufacturer.trim().matches("^[0-9A-Fa-f]{4}$")
@ -224,7 +218,7 @@ public final class PciIds {
List<String> translatedClassCode = new ArrayList<>();
String classCode = refClassCode;
if (pciidsFileStatus != FILESTATUS_NOT_ACCESSIBLE
if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
&& classCode != null
&& classCode.trim().matches("^[0-9A-Fa-f]{6}$")) {
String deviceClass = classCode.substring(0, 2).toLowerCase();

25
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java
View File

@ -20,9 +20,6 @@ import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.LinkedHashMap;
import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM;
import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE;
/**
* Class for handling different formats of TCG Event logs.
*/
@ -88,7 +85,16 @@ public final class TCGEventLog {
* and if that event causes a different status.
*/
@Getter
private String vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM;
private String vendorTableFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
/**
* Track status of pci.ids
* This is only used if there is an event that uses functions from the pciids class.
* Default is normal status (normal status is from-filesystem).
* Status will only change IF there is an event that uses pciids file, and the file
* causes a different status.
*/
@Getter
private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
/**
* Default blank object constructor.
@ -169,11 +175,18 @@ public final class TCGEventLog {
// the if statement is executed
// [new event file status = eventList.get(eventNumber-1).getVendorTableFileStatus()]
// (ie. if the new file status is not-accessible or from-code, then want to update)
if ((vendorTableFileStatus != FILESTATUS_NOT_ACCESSIBLE)
if ((vendorTableFileStatus != UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
&& (eventList.get(eventNumber - 1).getVendorTableFileStatus()
!= FILESTATUS_FROM_FILESYSTEM)) {
!= UefiConstants.FILESTATUS_FROM_FILESYSTEM)) {
vendorTableFileStatus = eventList.get(eventNumber - 1).getVendorTableFileStatus();
}
if ((vendorTableFileStatus != UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
&& (eventList.get(eventNumber - 1).getVendorTableFileStatus()
!= UefiConstants.FILESTATUS_FROM_FILESYSTEM)) {
vendorTableFileStatus = eventList.get(eventNumber - 1).getVendorTableFileStatus();
}
//add pci here
}
calculatePcrValues();
}

14
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
View File

@ -127,6 +127,16 @@ public class TpmPcrEvent {
@Getter
private String vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM;
/**
* Track status of pci.ids
* This is only used for events that access the pci.ids file.
* Default is normal status (normal status is from-filesystem).
* Status will only change IF this is an event that uses this file,
* and if that event causes a different status.
*/
@Getter
private String pciidsFileStatus = FILESTATUS_FROM_FILESYSTEM;
/**
* Constructor.
*
@ -523,7 +533,9 @@ public class TpmPcrEvent {
break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
EvEfiSpdmDeviceSecurityEvent efiSpdmDse = new EvEfiSpdmDeviceSecurityEvent(content);
description += "Event Content:\n" + efiSpdmDse.toString();
pciidsFileStatus = efiSpdmDse.getPciidsFileStatus();
break;
default:
description += " Unknown Event found" + "\n";

15
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
View File

@ -1,5 +1,6 @@
package hirs.utils.tpm.eventlog.events;
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import lombok.Getter;
import lombok.Setter;
@ -44,7 +45,7 @@ public abstract class DeviceSecurityEvent {
* DeviceSecurityEventDataContext Object.
*/
@Getter
private DeviceSecurityEventDataDeviceContext dsedDevContext = null;
private DeviceSecurityEventDataPciContext dsedPciContext = null;
/**
* Device type.
@ -60,6 +61,13 @@ public abstract class DeviceSecurityEvent {
@Getter
private String deviceContextInfo = "";
/**
* Track status of pci.ids file.
* This is only needed if DeviceSecurityEvent includes a DeviceSecurityEventDataPciContext
*/
@Getter
private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
/**
* DeviceSecurityEventData Default Constructor.
*
@ -82,8 +90,9 @@ public abstract class DeviceSecurityEvent {
if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_NONE) {
deviceContextInfo = "\n No Device Context (indicated by device type value of 0)";
} else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_PCI) {
dsedDevContext = new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes);
deviceContextInfo = dsedDevContext.toString();
dsedPciContext = new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes);
deviceContextInfo = dsedPciContext.toString();
pciidsFileStatus = dsedPciContext.getPciidsFileStatus();
} else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_USB) {
deviceContextInfo = " Device Type: USB - To be implemented";
} else {

15
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java
View File

@ -1,6 +1,8 @@
package hirs.utils.tpm.eventlog.events;
import hirs.utils.HexUtils;
import hirs.utils.PciIds;
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import lombok.Getter;
import java.util.List;
@ -69,6 +71,12 @@ public class DeviceSecurityEventDataPciContext extends DeviceSecurityEventDataDe
@Getter
private String subsystemId = "";
/**
* Track status of pci.ids file.
*/
@Getter
private String pciidsFileStatus = UefiConstants.FILESTATUS_NOT_ACCESSIBLE;
/**
* DeviceSecurityEventDataPciContext Constructor.
*
@ -114,6 +122,13 @@ public class DeviceSecurityEventDataPciContext extends DeviceSecurityEventDataDe
dSEDpciContextInfo += super.toString();
dSEDpciContextInfo += " Device Type = PCI\n";
dSEDpciContextInfo += " Vendor = " + translateVendor(vendorId) + "\n";
// the above call to translateVendor() is the first location in this class where
// a function in pciids class is called
// thus, if pciids db has not previously been set up, this call will trigger that setup
// the setup will look for the pciids file; need to check and store the status of that file
pciidsFileStatus = PciIds.getPciidsFileStatus();
dSEDpciContextInfo += " Device = " + translateDevice(vendorId, deviceId) + "\n";
dSEDpciContextInfo += " RevisionID = " + revisionId + "\n";

15
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
View File

@ -2,9 +2,12 @@ package hirs.utils.tpm.eventlog.events;
import hirs.utils.HexUtils;
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import lombok.Getter;
import java.nio.charset.StandardCharsets;
import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM;
/**
* Abstract class to process any SPDM event that is solely a DEVICE_SECURITY_EVENT_DATA or
* DEVICE_SECURITY_EVENT_DATA2. The event field MUST be a
@ -45,6 +48,16 @@ public class EvEfiSpdmDeviceSecurityEvent {
*/
private String spdmInfo = "";
/**
* Track status of pci.ids
* This is only used for events that access the pci.ids file.
* Default is normal status (normal status is from-filesystem).
* Status will only change IF this is an event that uses this file,
* and if that event causes a different status.
*/
@Getter
private String pciidsFileStatus = FILESTATUS_FROM_FILESYSTEM;
/**
* EvEfiSpdmFirmwareBlob constructor.
*
@ -72,6 +85,7 @@ public class EvEfiSpdmDeviceSecurityEvent {
if (dsedVersion.equals("0200")) {
dsed = new DeviceSecurityEventData2(eventData);
spdmInfo += dsed.toString();
pciidsFileStatus = dsed.getPciidsFileStatus();
} else {
spdmInfo += " Incompatible version for DeviceSecurityEventData2: " + dsedVersion + "\n";
}
@ -82,6 +96,7 @@ public class EvEfiSpdmDeviceSecurityEvent {
if (dsedVersion.equals("0100")) {
dsed = new DeviceSecurityEventData(eventData);
spdmInfo += dsed.toString();
pciidsFileStatus = dsed.getPciidsFileStatus();
} else {
spdmInfo += " Incompatible version for DeviceSecurityEventData: " + dsedVersion + "\n";
}