From bdbc85ef4d392ae34891168d0991891d7a00a0da Mon Sep 17 00:00:00 2001 From: apldev3 Date: Thu, 13 Sep 2018 12:07:08 -0400 Subject: [PATCH] [#3] Ensure ACA and TPM2 Provisioner handle versioning correctly --- .gitignore | 1 + HIRS_AttestationCA/build.gradle | 6 ++++ ...stractAttestationCertificateAuthority.java | 18 ++++++------ HIRS_ProvisionerTPM2/CMakeLists.txt | 4 +++ HIRS_ProvisionerTPM2/include/Version.h.in | 13 +++++++++ .../src/ProvisionerTpm2.proto | 1 + HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp | 5 +++- .../hirs/data/persist/DeviceInfoReport.java | 28 ++++++++++++++++++- 8 files changed, 66 insertions(+), 10 deletions(-) create mode 100644 HIRS_ProvisionerTPM2/include/Version.h.in diff --git a/.gitignore b/.gitignore index d32efdc1..8ba47532 100644 --- a/.gitignore +++ b/.gitignore @@ -88,6 +88,7 @@ HIRS_ProvisionerTPM2/CMakeCache.txt Makefile CMakeFiles/ HIRS_ProvisionerTPM2/DartConfiguration.tcl +HIRS_ProvisionerTPM2/include/Version.h HIRS_ProvisionerTPM2/lib/cpplint-download/ HIRS_ProvisionerTPM2/lib/cpplint/ HIRS_ProvisionerTPM2/lib/cpr-build/ diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index fff6e9eb..1c9dcc89 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -37,6 +37,8 @@ task generateProtoBuf(type:Exec) { } compileJava.dependsOn generateProtoBuf +copyVersion.dependsOn compileJava +war.dependsOn copyVersion ext.configDir = new File(projectDir, 'config') ext.checkstyleConfigDir = "$configDir/checkstyle" @@ -49,6 +51,10 @@ checkstyle { } war { + from(buildDir) { + include 'VERSION' + into 'WEB-INF/classes' + } archiveName = 'HIRS_AttestationCA.war' } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 00b63d81..8b0c330a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -432,8 +432,7 @@ public abstract class AbstractAttestationCertificateAuthority endorsementCredential); // Parse and save device info - ProvisionerTpm2.DeviceInfo dv = claim.getDv(); - Device device = processDeviceInfo(dv); + Device device = processDeviceInfo(claim); // perform supply chain validation SupplyChainValidationSummary summary = supplyChainValidationService.validateSupplyChain( @@ -538,10 +537,12 @@ public abstract class AbstractAttestationCertificateAuthority /** * Converts a protobuf DeviceInfo object to a HIRS Utils DeviceInfoReport object. - * @param dv the protobuf serialized device info to convert - * @return a HIRS Utils DeviceInfoReport representation of dv + * @param claim the protobuf serialized identity claim containing the device info + * @return a HIRS Utils DeviceInfoReport representation of device info */ - private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.DeviceInfo dv) { + private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) { + ProvisionerTpm2.DeviceInfo dv = claim.getDv(); + // Get network info ProvisionerTpm2.NetworkInfo nwProto = dv.getNw(); @@ -594,7 +595,8 @@ public abstract class AbstractAttestationCertificateAuthority TPMInfo tpm = new TPMInfo(); // Create final report - DeviceInfoReport dvReport = new DeviceInfoReport(nw, os, fw, hw, tpm); + DeviceInfoReport dvReport = new DeviceInfoReport(nw, os, fw, hw, tpm, + claim.getClientVersion()); for (ProvisionerTpm2.ComponentInfo pbCompInfo : hwProto.getChassisInfoList()) { dvReport.getChassisInfo().add(new ChassisComponentInfo( @@ -654,8 +656,8 @@ public abstract class AbstractAttestationCertificateAuthority return dvReport; } - private Device processDeviceInfo(final ProvisionerTpm2.DeviceInfo dv) { - DeviceInfoReport deviceInfoReport = parseDeviceInfo(dv); + private Device processDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) { + DeviceInfoReport deviceInfoReport = parseDeviceInfo(claim); if (deviceInfoReport == null) { LOG.error("Failed to deserialize Device Info Report"); diff --git a/HIRS_ProvisionerTPM2/CMakeLists.txt b/HIRS_ProvisionerTPM2/CMakeLists.txt index 66736ed1..b459c1e7 100644 --- a/HIRS_ProvisionerTPM2/CMakeLists.txt +++ b/HIRS_ProvisionerTPM2/CMakeLists.txt @@ -34,6 +34,10 @@ elseif(${PACKAGE_RELEASE_RETURN_ERROR}) message(FATAL "Failed to pull package release information from git, aborting.") endif() +# Embed version and package release into header file +configure_file ("${CMAKE_SOURCE_DIR}/include/Version.h.in" + "${CMAKE_SOURCE_DIR}/include/Version.h") + # Set C++ Standard 11 based on version information if (${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION} GREATER 3.0) set(CMAKE_CXX_STANDARD 11) diff --git a/HIRS_ProvisionerTPM2/include/Version.h.in b/HIRS_ProvisionerTPM2/include/Version.h.in new file mode 100644 index 00000000..259e9f2c --- /dev/null +++ b/HIRS_ProvisionerTPM2/include/Version.h.in @@ -0,0 +1,13 @@ +#ifndef HIRS_PROVISIONERTPM2_INCLUDE_VERSION_H_ +#define HIRS_PROVISIONERTPM2_INCLUDE_VERSION_H_ + +#define MAJOR_VERSION "@MAJOR_VERSION@" +#define MINOR_VERSION "@MINOR_VERSION@" +#define PATCH_VERSION "@PATCH_VERSION@" +#define PACKAGE_RELEASE_NUMBER "@PACKAGE_RELEASE_NUMBER@" +#define CLIENT_VERSION MAJOR_VERSION "."\ + MINOR_VERSION "."\ + PATCH_VERSION "."\ + PACKAGE_RELEASE_NUMBER + +#endif // HIRS_PROVISIONERTPM2_INCLUDE_VERSION_H_ diff --git a/HIRS_ProvisionerTPM2/src/ProvisionerTpm2.proto b/HIRS_ProvisionerTPM2/src/ProvisionerTpm2.proto index 1c48fe35..d2f69104 100644 --- a/HIRS_ProvisionerTPM2/src/ProvisionerTpm2.proto +++ b/HIRS_ProvisionerTPM2/src/ProvisionerTpm2.proto @@ -57,6 +57,7 @@ message IdentityClaim { required bytes ek_public_area = 3; optional bytes endorsement_credential = 4; repeated bytes platform_credential = 5; + optional string client_version = 6; } message IdentityClaimResponse { diff --git a/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp b/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp index a5f7390c..12877e14 100644 --- a/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp +++ b/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp @@ -20,6 +20,7 @@ #include "HirsRuntimeException.h" #include "RestfulClientProvisioner.h" #include "Utils.h" +#include "Version.h" using hirs::exception::HirsRuntimeException; @@ -68,6 +69,7 @@ int provision() { = tpm2.createIdentityClaim(dv, akPublicArea, ekPublicArea, endorsementCredential, platformCredentials); + identityClaim.set_client_version(CLIENT_VERSION); RestfulClientProvisioner provisioner; string nonceBlob = provisioner.sendIdentityClaim(identityClaim); if (nonceBlob == "") { @@ -102,7 +104,8 @@ int provision() { void printHelp() { stringstream helpMessage; - helpMessage << "TPM 2.0 Provisioner\n\n" + helpMessage << "TPM 2.0 Provisioner\n" + << "Version " << CLIENT_VERSION << "\n\n" << "To run the provisioning process, " << "enter hirs-provisioner-tpm2 provision\n"; cout << helpMessage.str() << endl; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java index 285b41ac..00bd5eec 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java @@ -137,12 +137,38 @@ public class DeviceInfoReport extends Report implements Serializable { public DeviceInfoReport(final NetworkInfo networkInfo, final OSInfo osInfo, final FirmwareInfo firmwareInfo, final HardwareInfo hardwareInfo, final TPMInfo tpmInfo) { + this(networkInfo, osInfo, firmwareInfo, hardwareInfo, tpmInfo, VersionHelper.getVersion()); + } + + /** + * Constructor used to create a DeviceInfoReport. The + * information cannot be changed after the DeviceInfoReport is + * created. + * + * @param networkInfo + * NetworkInfo object, cannot be null + * @param osInfo + * OSInfo object, cannot be null + * @param firmwareInfo + * FirmwareInfo object, cannot be null + * @param hardwareInfo + * HardwareInfo object, cannot be null + * @param tpmInfo + * TPMInfo object, may be null if a TPM is not available on the + * device + * @param clientApplicationVersion + * string representing the version of the client that submitted this report, + * cannot be null + */ + public DeviceInfoReport(final NetworkInfo networkInfo, final OSInfo osInfo, + final FirmwareInfo firmwareInfo, final HardwareInfo hardwareInfo, + final TPMInfo tpmInfo, final String clientApplicationVersion) { setNetworkInfo(networkInfo); setOSInfo(osInfo); setFirmwareInfo(firmwareInfo); setHardwareInfo(hardwareInfo); setTPMInfo(tpmInfo); - clientApplicationVersion = VersionHelper.getVersion(); + this.clientApplicationVersion = clientApplicationVersion; } /**