mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-24 07:06:46 +00:00
[#3] Ensure ACA and TPM2 Provisioner handle versioning correctly
This commit is contained in:
parent
12f770080a
commit
bdbc85ef4d
1
.gitignore
vendored
1
.gitignore
vendored
@ -88,6 +88,7 @@ HIRS_ProvisionerTPM2/CMakeCache.txt
|
||||
Makefile
|
||||
CMakeFiles/
|
||||
HIRS_ProvisionerTPM2/DartConfiguration.tcl
|
||||
HIRS_ProvisionerTPM2/include/Version.h
|
||||
HIRS_ProvisionerTPM2/lib/cpplint-download/
|
||||
HIRS_ProvisionerTPM2/lib/cpplint/
|
||||
HIRS_ProvisionerTPM2/lib/cpr-build/
|
||||
|
@ -37,6 +37,8 @@ task generateProtoBuf(type:Exec) {
|
||||
}
|
||||
|
||||
compileJava.dependsOn generateProtoBuf
|
||||
copyVersion.dependsOn compileJava
|
||||
war.dependsOn copyVersion
|
||||
|
||||
ext.configDir = new File(projectDir, 'config')
|
||||
ext.checkstyleConfigDir = "$configDir/checkstyle"
|
||||
@ -49,6 +51,10 @@ checkstyle {
|
||||
}
|
||||
|
||||
war {
|
||||
from(buildDir) {
|
||||
include 'VERSION'
|
||||
into 'WEB-INF/classes'
|
||||
}
|
||||
archiveName = 'HIRS_AttestationCA.war'
|
||||
}
|
||||
|
||||
|
@ -432,8 +432,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
endorsementCredential);
|
||||
|
||||
// Parse and save device info
|
||||
ProvisionerTpm2.DeviceInfo dv = claim.getDv();
|
||||
Device device = processDeviceInfo(dv);
|
||||
Device device = processDeviceInfo(claim);
|
||||
|
||||
// perform supply chain validation
|
||||
SupplyChainValidationSummary summary = supplyChainValidationService.validateSupplyChain(
|
||||
@ -538,10 +537,12 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
|
||||
/**
|
||||
* Converts a protobuf DeviceInfo object to a HIRS Utils DeviceInfoReport object.
|
||||
* @param dv the protobuf serialized device info to convert
|
||||
* @return a HIRS Utils DeviceInfoReport representation of dv
|
||||
* @param claim the protobuf serialized identity claim containing the device info
|
||||
* @return a HIRS Utils DeviceInfoReport representation of device info
|
||||
*/
|
||||
private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.DeviceInfo dv) {
|
||||
private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) {
|
||||
ProvisionerTpm2.DeviceInfo dv = claim.getDv();
|
||||
|
||||
// Get network info
|
||||
ProvisionerTpm2.NetworkInfo nwProto = dv.getNw();
|
||||
|
||||
@ -594,7 +595,8 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
TPMInfo tpm = new TPMInfo();
|
||||
|
||||
// Create final report
|
||||
DeviceInfoReport dvReport = new DeviceInfoReport(nw, os, fw, hw, tpm);
|
||||
DeviceInfoReport dvReport = new DeviceInfoReport(nw, os, fw, hw, tpm,
|
||||
claim.getClientVersion());
|
||||
|
||||
for (ProvisionerTpm2.ComponentInfo pbCompInfo : hwProto.getChassisInfoList()) {
|
||||
dvReport.getChassisInfo().add(new ChassisComponentInfo(
|
||||
@ -654,8 +656,8 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
return dvReport;
|
||||
}
|
||||
|
||||
private Device processDeviceInfo(final ProvisionerTpm2.DeviceInfo dv) {
|
||||
DeviceInfoReport deviceInfoReport = parseDeviceInfo(dv);
|
||||
private Device processDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) {
|
||||
DeviceInfoReport deviceInfoReport = parseDeviceInfo(claim);
|
||||
|
||||
if (deviceInfoReport == null) {
|
||||
LOG.error("Failed to deserialize Device Info Report");
|
||||
|
@ -34,6 +34,10 @@ elseif(${PACKAGE_RELEASE_RETURN_ERROR})
|
||||
message(FATAL "Failed to pull package release information from git, aborting.")
|
||||
endif()
|
||||
|
||||
# Embed version and package release into header file
|
||||
configure_file ("${CMAKE_SOURCE_DIR}/include/Version.h.in"
|
||||
"${CMAKE_SOURCE_DIR}/include/Version.h")
|
||||
|
||||
# Set C++ Standard 11 based on version information
|
||||
if (${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION} GREATER 3.0)
|
||||
set(CMAKE_CXX_STANDARD 11)
|
||||
|
13
HIRS_ProvisionerTPM2/include/Version.h.in
Normal file
13
HIRS_ProvisionerTPM2/include/Version.h.in
Normal file
@ -0,0 +1,13 @@
|
||||
#ifndef HIRS_PROVISIONERTPM2_INCLUDE_VERSION_H_
|
||||
#define HIRS_PROVISIONERTPM2_INCLUDE_VERSION_H_
|
||||
|
||||
#define MAJOR_VERSION "@MAJOR_VERSION@"
|
||||
#define MINOR_VERSION "@MINOR_VERSION@"
|
||||
#define PATCH_VERSION "@PATCH_VERSION@"
|
||||
#define PACKAGE_RELEASE_NUMBER "@PACKAGE_RELEASE_NUMBER@"
|
||||
#define CLIENT_VERSION MAJOR_VERSION "."\
|
||||
MINOR_VERSION "."\
|
||||
PATCH_VERSION "."\
|
||||
PACKAGE_RELEASE_NUMBER
|
||||
|
||||
#endif // HIRS_PROVISIONERTPM2_INCLUDE_VERSION_H_
|
@ -57,6 +57,7 @@ message IdentityClaim {
|
||||
required bytes ek_public_area = 3;
|
||||
optional bytes endorsement_credential = 4;
|
||||
repeated bytes platform_credential = 5;
|
||||
optional string client_version = 6;
|
||||
}
|
||||
|
||||
message IdentityClaimResponse {
|
||||
|
@ -20,6 +20,7 @@
|
||||
#include "HirsRuntimeException.h"
|
||||
#include "RestfulClientProvisioner.h"
|
||||
#include "Utils.h"
|
||||
#include "Version.h"
|
||||
|
||||
|
||||
using hirs::exception::HirsRuntimeException;
|
||||
@ -68,6 +69,7 @@ int provision() {
|
||||
= tpm2.createIdentityClaim(dv, akPublicArea, ekPublicArea,
|
||||
endorsementCredential,
|
||||
platformCredentials);
|
||||
identityClaim.set_client_version(CLIENT_VERSION);
|
||||
RestfulClientProvisioner provisioner;
|
||||
string nonceBlob = provisioner.sendIdentityClaim(identityClaim);
|
||||
if (nonceBlob == "") {
|
||||
@ -102,7 +104,8 @@ int provision() {
|
||||
|
||||
void printHelp() {
|
||||
stringstream helpMessage;
|
||||
helpMessage << "TPM 2.0 Provisioner\n\n"
|
||||
helpMessage << "TPM 2.0 Provisioner\n"
|
||||
<< "Version " << CLIENT_VERSION << "\n\n"
|
||||
<< "To run the provisioning process, "
|
||||
<< "enter hirs-provisioner-tpm2 provision\n";
|
||||
cout << helpMessage.str() << endl;
|
||||
|
@ -137,12 +137,38 @@ public class DeviceInfoReport extends Report implements Serializable {
|
||||
public DeviceInfoReport(final NetworkInfo networkInfo, final OSInfo osInfo,
|
||||
final FirmwareInfo firmwareInfo, final HardwareInfo hardwareInfo,
|
||||
final TPMInfo tpmInfo) {
|
||||
this(networkInfo, osInfo, firmwareInfo, hardwareInfo, tpmInfo, VersionHelper.getVersion());
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor used to create a <code>DeviceInfoReport</code>. The
|
||||
* information cannot be changed after the <code>DeviceInfoReport</code> is
|
||||
* created.
|
||||
*
|
||||
* @param networkInfo
|
||||
* NetworkInfo object, cannot be null
|
||||
* @param osInfo
|
||||
* OSInfo object, cannot be null
|
||||
* @param firmwareInfo
|
||||
* FirmwareInfo object, cannot be null
|
||||
* @param hardwareInfo
|
||||
* HardwareInfo object, cannot be null
|
||||
* @param tpmInfo
|
||||
* TPMInfo object, may be null if a TPM is not available on the
|
||||
* device
|
||||
* @param clientApplicationVersion
|
||||
* string representing the version of the client that submitted this report,
|
||||
* cannot be null
|
||||
*/
|
||||
public DeviceInfoReport(final NetworkInfo networkInfo, final OSInfo osInfo,
|
||||
final FirmwareInfo firmwareInfo, final HardwareInfo hardwareInfo,
|
||||
final TPMInfo tpmInfo, final String clientApplicationVersion) {
|
||||
setNetworkInfo(networkInfo);
|
||||
setOSInfo(osInfo);
|
||||
setFirmwareInfo(firmwareInfo);
|
||||
setHardwareInfo(hardwareInfo);
|
||||
setTPMInfo(tpmInfo);
|
||||
clientApplicationVersion = VersionHelper.getVersion();
|
||||
this.clientApplicationVersion = clientApplicationVersion;
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user