[#3] Ensure ACA and TPM2 Provisioner handle versioning correctly

2024-12-19 21:17:59 +00:00 · 2018-09-13 12:07:08 -04:00 · 2018-09-13 12:07:08 -04:00 · bdbc85ef4d
commit bdbc85ef4d
parent 12f770080a
8 changed files with 66 additions and 10 deletions
--- a/.gitignore
+++ b/.gitignore
@ -88,6 +88,7 @@ HIRS_ProvisionerTPM2/CMakeCache.txt
 Makefile
 CMakeFiles/
 HIRS_ProvisionerTPM2/DartConfiguration.tcl
+HIRS_ProvisionerTPM2/include/Version.h
 HIRS_ProvisionerTPM2/lib/cpplint-download/
 HIRS_ProvisionerTPM2/lib/cpplint/
 HIRS_ProvisionerTPM2/lib/cpr-build/
--- a/HIRS_AttestationCA/build.gradle
+++ b/HIRS_AttestationCA/build.gradle
@ -37,6 +37,8 @@ task generateProtoBuf(type:Exec) {
 }

 compileJava.dependsOn generateProtoBuf
+copyVersion.dependsOn compileJava
+war.dependsOn copyVersion

 ext.configDir = new File(projectDir, 'config')
 ext.checkstyleConfigDir = "$configDir/checkstyle"
@ -49,6 +51,10 @@ checkstyle {
 }

 war {
+    from(buildDir) {
+        include 'VERSION'
+        into 'WEB-INF/classes'
+    }
    archiveName = 'HIRS_AttestationCA.war'
 }

--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
@ -432,8 +432,7 @@ public abstract class AbstractAttestationCertificateAuthority
                endorsementCredential);

        // Parse and save device info
-        ProvisionerTpm2.DeviceInfo dv = claim.getDv();
-        Device device = processDeviceInfo(dv);
+        Device device = processDeviceInfo(claim);

        // perform supply chain validation
        SupplyChainValidationSummary summary = supplyChainValidationService.validateSupplyChain(
@ -538,10 +537,12 @@ public abstract class AbstractAttestationCertificateAuthority

    /**
     * Converts a protobuf DeviceInfo object to a HIRS Utils DeviceInfoReport object.
-     * @param dv the protobuf serialized device info to convert
-     * @return a HIRS Utils DeviceInfoReport representation of dv
+     * @param claim the protobuf serialized identity claim containing the device info
+     * @return a HIRS Utils DeviceInfoReport representation of device info
     */
-    private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.DeviceInfo dv) {
+    private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) {
+        ProvisionerTpm2.DeviceInfo dv = claim.getDv();
+
        // Get network info
        ProvisionerTpm2.NetworkInfo nwProto = dv.getNw();

@ -594,7 +595,8 @@ public abstract class AbstractAttestationCertificateAuthority
        TPMInfo tpm = new TPMInfo();

        // Create final report
-        DeviceInfoReport dvReport = new DeviceInfoReport(nw, os, fw, hw, tpm);
+        DeviceInfoReport dvReport = new DeviceInfoReport(nw, os, fw, hw, tpm,
+                claim.getClientVersion());

        for (ProvisionerTpm2.ComponentInfo pbCompInfo : hwProto.getChassisInfoList()) {
            dvReport.getChassisInfo().add(new ChassisComponentInfo(
@ -654,8 +656,8 @@ public abstract class AbstractAttestationCertificateAuthority
        return dvReport;
    }

-    private Device processDeviceInfo(final ProvisionerTpm2.DeviceInfo dv) {
-        DeviceInfoReport deviceInfoReport = parseDeviceInfo(dv);
+    private Device processDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) {
+        DeviceInfoReport deviceInfoReport = parseDeviceInfo(claim);

        if (deviceInfoReport == null) {
            LOG.error("Failed to deserialize Device Info Report");
--- a/HIRS_ProvisionerTPM2/CMakeLists.txt
+++ b/HIRS_ProvisionerTPM2/CMakeLists.txt
@ -34,6 +34,10 @@ elseif(${PACKAGE_RELEASE_RETURN_ERROR})
    message(FATAL "Failed to pull package release information from git, aborting.")
 endif()

+# Embed version and package release into header file
+configure_file ("${CMAKE_SOURCE_DIR}/include/Version.h.in"
+        "${CMAKE_SOURCE_DIR}/include/Version.h")
+
 # Set C++ Standard 11 based on version information
 if (${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION} GREATER 3.0)
    set(CMAKE_CXX_STANDARD 11)
--- a/HIRS_ProvisionerTPM2/include/Version.h.in
+++ b/HIRS_ProvisionerTPM2/include/Version.h.in
@ -0,0 +1,13 @@
+#ifndef HIRS_PROVISIONERTPM2_INCLUDE_VERSION_H_
+#define HIRS_PROVISIONERTPM2_INCLUDE_VERSION_H_
+
+#define MAJOR_VERSION "@MAJOR_VERSION@"
+#define MINOR_VERSION "@MINOR_VERSION@"
+#define PATCH_VERSION "@PATCH_VERSION@"
+#define PACKAGE_RELEASE_NUMBER "@PACKAGE_RELEASE_NUMBER@"
+#define CLIENT_VERSION MAJOR_VERSION "."\
+                       MINOR_VERSION "."\
+                       PATCH_VERSION "."\
+                       PACKAGE_RELEASE_NUMBER
+
+#endif  // HIRS_PROVISIONERTPM2_INCLUDE_VERSION_H_
--- a/HIRS_ProvisionerTPM2/src/ProvisionerTpm2.proto
+++ b/HIRS_ProvisionerTPM2/src/ProvisionerTpm2.proto
@ -57,6 +57,7 @@ message IdentityClaim {
  required bytes ek_public_area = 3;
  optional bytes endorsement_credential = 4;
  repeated bytes platform_credential = 5;
+  optional string client_version = 6;
 }

 message IdentityClaimResponse {
--- a/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
+++ b/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
@ -20,6 +20,7 @@
 #include "HirsRuntimeException.h"
 #include "RestfulClientProvisioner.h"
 #include "Utils.h"
+#include "Version.h"


 using hirs::exception::HirsRuntimeException;
@ -68,6 +69,7 @@ int provision() {
            = tpm2.createIdentityClaim(dv, akPublicArea, ekPublicArea,
                                       endorsementCredential,
                                       platformCredentials);
+    identityClaim.set_client_version(CLIENT_VERSION);
    RestfulClientProvisioner provisioner;
    string nonceBlob = provisioner.sendIdentityClaim(identityClaim);
    if (nonceBlob == "") {
@ -102,7 +104,8 @@ int provision() {

 void printHelp() {
    stringstream helpMessage;
-    helpMessage << "TPM 2.0 Provisioner\n\n"
+    helpMessage << "TPM 2.0 Provisioner\n"
+                << "Version " << CLIENT_VERSION << "\n\n"
                << "To run the provisioning process, "
                << "enter hirs-provisioner-tpm2 provision\n";
    cout << helpMessage.str() << endl;
--- a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java
+++ b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java
@ -137,12 +137,38 @@ public class DeviceInfoReport extends Report implements Serializable {
    public DeviceInfoReport(final NetworkInfo networkInfo, final OSInfo osInfo,
                            final FirmwareInfo firmwareInfo, final HardwareInfo hardwareInfo,
                            final TPMInfo tpmInfo) {
+        this(networkInfo, osInfo, firmwareInfo, hardwareInfo, tpmInfo, VersionHelper.getVersion());
+    }
+
+    /**
+     * Constructor used to create a <code>DeviceInfoReport</code>. The
+     * information cannot be changed after the <code>DeviceInfoReport</code> is
+     * created.
+     *
+     * @param networkInfo
+     *            NetworkInfo object, cannot be null
+     * @param osInfo
+     *            OSInfo object, cannot be null
+     * @param firmwareInfo
+     *            FirmwareInfo object, cannot be null
+     * @param hardwareInfo
+     *            HardwareInfo object, cannot be null
+     * @param tpmInfo
+     *            TPMInfo object, may be null if a TPM is not available on the
+     *            device
+     * @param clientApplicationVersion
+     *            string representing the version of the client that submitted this report,
+     *            cannot be null
+     */
+    public DeviceInfoReport(final NetworkInfo networkInfo, final OSInfo osInfo,
+                            final FirmwareInfo firmwareInfo, final HardwareInfo hardwareInfo,
+                            final TPMInfo tpmInfo, final String clientApplicationVersion) {
        setNetworkInfo(networkInfo);
        setOSInfo(osInfo);
        setFirmwareInfo(firmwareInfo);
        setHardwareInfo(hardwareInfo);
        setTPMInfo(tpmInfo);
-        clientApplicationVersion = VersionHelper.getVersion();
+        this.clientApplicationVersion = clientApplicationVersion;
    }

    /**