ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-21 13:57:56 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #352 from nsacyber/event-digest-update

Browse Source 
[#343] Event digest update (UI)
This commit is contained in:
Cyrus 2021-04-23 08:45:13 -04:00 committed by GitHub
commit c7fb94d7b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 630 additions and 394 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

276
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -94,10 +94,10 @@ import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec; import java.security.spec.MGF1ParameterSpec;
import java.security.spec.RSAPublicKeySpec; import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Calendar; import java.util.Calendar;
import java.util.Date; import java.util.Date;
import java.util.HashSet; import java.util.HashSet;
import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
@ -707,13 +707,16 @@ public abstract class AbstractAttestationCertificateAuthority
return (RSAPublicKey) assemblePublicKey(modulus); return (RSAPublicKey) assemblePublicKey(modulus);
} }
private static final int NUM_OF_VARIABLES = 5;
/** /**
* Converts a protobuf DeviceInfo object to a HIRS Utils DeviceInfoReport object. * Converts a protobuf DeviceInfo object to a HIRS Utils DeviceInfoReport object.
* @param claim the protobuf serialized identity claim containing the device info * @param claim the protobuf serialized identity claim containing the device info
* @return a HIRS Utils DeviceInfoReport representation of device info * @return a HIRS Utils DeviceInfoReport representation of device info
*/ */
@SuppressWarnings("methodlength") @SuppressWarnings("methodlength")
private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) { private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim)
throws NoSuchAlgorithmException {
ProvisionerTpm2.DeviceInfo dv = claim.getDv(); ProvisionerTpm2.DeviceInfo dv = claim.getDv();
// Get network info // Get network info
@ -769,53 +772,123 @@ public abstract class AbstractAttestationCertificateAuthority
} }
// check for RIM Base and Support files, if they don't exists in the database, load them // check for RIM Base and Support files, if they don't exists in the database, load them
String clientName = String.format("%s_%s", String defaultClientName = String.format("%s_%s",
dv.getHw().getManufacturer(), dv.getHw().getManufacturer(),
dv.getHw().getProductName()); dv.getHw().getProductName());
ReferenceManifest dbBaseRim = null; BaseReferenceManifest dbBaseRim = null;
ReferenceManifest support; ReferenceManifest support;
EventLogMeasurements measurements;
String tagId = ""; String tagId = "";
String fileName = ""; String fileName = "";
Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)"); Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)");
Matcher matcher; Matcher matcher;
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
if (dv.getLogfileCount() > 0) {
for (ByteString logFile : dv.getLogfileList()) {
try {
support = SupportReferenceManifest.select(referenceManifestManager)
.includeArchived()
.byHashCode(Hex.encodeHexString(messageDigest.digest(
logFile.toByteArray())))
.getRIM();
if (support == null) {
support = new SupportReferenceManifest(
String.format("%s.rimel",
defaultClientName),
logFile.toByteArray());
// this is a validity check
new TCGEventLog(support.getRimBytes());
// no issues, continue
support.setPlatformManufacturer(dv.getHw().getManufacturer());
support.setPlatformModel(dv.getHw().getProductName());
support.setFileName(String.format("%s_[%s].rimel", defaultClientName,
support.getRimHash().substring(
support.getRimHash().length() - NUM_OF_VARIABLES)));
this.referenceManifestManager.save(support);
} else {
LOG.info("Client provided Support RIM already loaded in database.");
if (support.isArchived()) {
support.restore();
support.resetCreateTime();
this.referenceManifestManager.update(support);
}
}
} catch (IOException ioEx) {
LOG.error(ioEx);
} catch (Exception ex) {
LOG.error(String.format("Failed to load support rim: %s", messageDigest.digest(
logFile.toByteArray()).toString()));
}
}
} else {
LOG.warn("Device did not send support RIM file...");
}
if (dv.getSwidfileCount() > 0) { if (dv.getSwidfileCount() > 0) {
for (ByteString swidFile : dv.getSwidfileList()) { for (ByteString swidFile : dv.getSwidfileList()) {
fileName = "";
try { try {
dbBaseRim = BaseReferenceManifest.select(referenceManifestManager) dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
.includeArchived() .includeArchived()
.byHashCode(Arrays.hashCode(swidFile.toByteArray())) .byHashCode(Hex.encodeHexString(messageDigest.digest(
swidFile.toByteArray())))
.getRIM(); .getRIM();
if (dbBaseRim == null) { if (dbBaseRim == null) {
dbBaseRim = new BaseReferenceManifest( dbBaseRim = new BaseReferenceManifest(
String.format("%s.swidtag", String.format("%s.swidtag",
clientName), defaultClientName),
swidFile.toByteArray()); swidFile.toByteArray());
BaseReferenceManifest base = (BaseReferenceManifest) dbBaseRim; // get file name to use
for (SwidResource swid : base.parseResource()) { for (SwidResource swid : dbBaseRim.parseResource()) {
matcher = pattern.matcher(swid.getName()); matcher = pattern.matcher(swid.getName());
if (matcher.matches()) { if (matcher.matches()) {
//found the file name //found the file name
int dotIndex = swid.getName().lastIndexOf("."); int dotIndex = swid.getName().lastIndexOf(".");
clientName = swid.getName().substring(0, dotIndex); fileName = swid.getName().substring(0, dotIndex);
dbBaseRim = new BaseReferenceManifest( dbBaseRim = new BaseReferenceManifest(
String.format("%s.swidtag", String.format("%s.swidtag",
clientName), fileName),
swidFile.toByteArray()); swidFile.toByteArray());
}
// now update support rim
SupportReferenceManifest dbSupport = SupportReferenceManifest
.select(referenceManifestManager)
.byRimHash(swid.getHashValue()).getRIM();
if (dbSupport != null && !dbSupport.isUpdated()) {
dbSupport.setFileName(swid.getName());
dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
// I might create a get for the bytes of the swidtag file
// so that I can set that instead of the rim ID
dbSupport.setTagId(dbBaseRim.getTagId());
dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
dbSupport.setSwidVersion(dbBaseRim.getSwidVersion());
dbSupport.setSwidPatch(dbBaseRim.isSwidPatch());
dbSupport.setSwidSupplemental(dbBaseRim.isSwidSupplemental());
dbBaseRim.setAssociatedRim(dbSupport.getId());
dbSupport.setUpdated(true);
this.referenceManifestManager.update(dbSupport);
break; break;
} }
} }
this.referenceManifestManager.save(dbBaseRim); this.referenceManifestManager.save(dbBaseRim);
} else { } else {
LOG.info("Client provided Base RIM already loaded in database."); LOG.info("Client provided Base RIM already loaded in database.");
dbBaseRim.restore(); /**
dbBaseRim.resetCreateTime(); * Leaving this as is for now, however can there be a condition
this.referenceManifestManager.update(dbBaseRim); * in which the provisioner sends swidtags without support rims?
*/
if (dbBaseRim.isArchived()) {
dbBaseRim.restore();
dbBaseRim.resetCreateTime();
this.referenceManifestManager.update(dbBaseRim);
}
} }
tagId = dbBaseRim.getTagId();
} catch (IOException ioEx) { } catch (IOException ioEx) {
LOG.error(ioEx); LOG.error(ioEx);
} }
@ -824,92 +897,27 @@ public abstract class AbstractAttestationCertificateAuthority
LOG.warn("Device did not send swid tag file..."); LOG.warn("Device did not send swid tag file...");
} }
if (dv.getLogfileCount() > 0) { generateDigestRecords(hw.getManufacturer(), hw.getProductName());
for (ByteString logFile : dv.getLogfileList()) {
try {
support = SupportReferenceManifest.select(referenceManifestManager)
.includeArchived()
.byHashCode(Arrays.hashCode(logFile.toByteArray()))
.getRIM();
if (support == null) {
support = new SupportReferenceManifest(
String.format("%s.rimel",
clientName),
logFile.toByteArray());
support.setPlatformManufacturer(dv.getHw().getManufacturer());
support.setPlatformModel(dv.getHw().getProductName());
support.setTagId(tagId);
this.referenceManifestManager.save(support);
} else {
LOG.info("Client provided Support RIM already loaded in database.");
if (dbBaseRim != null) {
support.setPlatformManufacturer(dbBaseRim.getPlatformManufacturer());
support.setPlatformModel(dbBaseRim.getPlatformModel());
support.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
support.setAssociatedRim(dbBaseRim.getId());
support.setTagId(dbBaseRim.getTagId());
}
support.restore();
support.resetCreateTime();
this.referenceManifestManager.update(support);
}
ReferenceDigestRecord dbObj = new ReferenceDigestRecord(support,
hw.getManufacturer(), hw.getProductName());
// this is where we update or create the log
ReferenceDigestRecord rdr = this.referenceDigestManager.getRecord(dbObj);
// Handle baseline digest records
// is there already a baseline?
if (rdr == null) {
// doesn't exist, store
rdr = referenceDigestManager.saveRecord(dbObj);
} // right now this will not deal with updating
if (this.referenceEventManager.getValuesByRecordId(rdr).isEmpty()) {
try {
TCGEventLog logProcessor = new TCGEventLog(support.getRimBytes());
ReferenceDigestValue rdv;
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
rdv = new ReferenceDigestValue(rdr.getId(), tpe.getEventNumber(),
tpe.getEventDigestStr(), tpe.getEventTypeStr(), false);
this.referenceEventManager.saveValue(rdv);
}
} catch (CertificateException cEx) {
LOG.error(cEx);
} catch (NoSuchAlgorithmException noSaEx) {
LOG.error(noSaEx);
}
}
} catch (IOException ioEx) {
LOG.error(ioEx);
}
}
} else {
LOG.warn("Device did not send support RIM file...");
}
if (dv.hasLivelog()) { if (dv.hasLivelog()) {
LOG.info("Device sent bios measurement log..."); LOG.info("Device sent bios measurement log...");
fileName = String.format("%s.measurement", fileName = String.format("%s.measurement",
clientName); defaultClientName);
try { try {
// find previous version. If it exists, delete it // find previous version. If it exists, delete it
support = EventLogMeasurements.select(referenceManifestManager) measurements = EventLogMeasurements.select(referenceManifestManager)
.byManufacturer(dv.getHw().getManufacturer()) .byManufacturer(dv.getHw().getManufacturer())
.includeArchived().getRIM(); .includeArchived().getRIM();
if (support != null) { if (measurements != null) {
LOG.info("Previous bios measurement log found and being replaced..."); LOG.info("Previous bios measurement log found and being replaced...");
this.referenceManifestManager.delete(support); this.referenceManifestManager.delete(measurements);
} }
support = new EventLogMeasurements(fileName, measurements = new EventLogMeasurements(fileName,
dv.getLivelog().toByteArray()); dv.getLivelog().toByteArray());
support.setPlatformManufacturer(dv.getHw().getManufacturer()); measurements.setPlatformManufacturer(dv.getHw().getManufacturer());
support.setPlatformModel(dv.getHw().getProductName()); measurements.setPlatformModel(dv.getHw().getProductName());
support.setTagId(tagId); measurements.setTagId(tagId);
this.referenceManifestManager.save(support); this.referenceManifestManager.save(measurements);
} catch (IOException ioEx) { } catch (IOException ioEx) {
LOG.error(ioEx); LOG.error(ioEx);
} }
@ -936,8 +944,96 @@ public abstract class AbstractAttestationCertificateAuthority
return dvReport; return dvReport;
} }
private boolean generateDigestRecords(final String manufacturer, final String model) {
List<ReferenceDigestValue> rdValues;
Set<SupportReferenceManifest> dbSupportRims = SupportReferenceManifest
.select(referenceManifestManager).byManufacturer(manufacturer).getRIMs();
for (SupportReferenceManifest dbSupport : dbSupportRims) {
if (dbSupport.getPlatformModel().equals(model)) {
ReferenceDigestRecord dbObj = new ReferenceDigestRecord(dbSupport,
manufacturer, model);
// this is where we update or create the log
ReferenceDigestRecord rdr = this.referenceDigestManager.getRecord(dbObj);
if (dbSupport.isBaseSupport()) {
// Handle baseline digest records
if (rdr == null) {
// doesn't exist, store
rdr = referenceDigestManager.saveRecord(dbObj);
} // right now this will not deal with updating
if (this.referenceEventManager.getValuesByRecordId(rdr).isEmpty()) {
try {
TCGEventLog logProcessor = new TCGEventLog(dbSupport.getRimBytes());
ReferenceDigestValue rdv;
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
rdv = new ReferenceDigestValue(rdr.getId(), tpe.getPcrIndex(),
tpe.getEventDigestStr(), tpe.getEventTypeStr(),
false, false);
this.referenceEventManager.saveValue(rdv);
}
} catch (CertificateException cEx) {
LOG.error(cEx);
} catch (NoSuchAlgorithmException noSaEx) {
LOG.error(noSaEx);
} catch (IOException ioEx) {
LOG.error(ioEx);
}
}
} else if (dbSupport.isSwidPatch()) {
if (rdr != null) {
// have to have something to patch
try {
rdValues = this.referenceEventManager.getValuesByRecordId(rdr);
TCGEventLog logProcessor = new TCGEventLog(dbSupport.getRimBytes());
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
LOG.error(tpe);
}
for (ReferenceDigestValue rdv : rdValues) {
LOG.error(rdv);
}
} catch (CertificateException cEx) {
LOG.error(cEx);
} catch (NoSuchAlgorithmException noSaEx) {
LOG.error(noSaEx);
} catch (IOException ioEx) {
LOG.error(ioEx);
}
}
} else if (dbSupport.isSwidSupplemental() && !dbSupport.isProcessed()) {
try {
TCGEventLog logProcessor = new TCGEventLog(dbSupport.getRimBytes());
ReferenceDigestValue rdv;
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
rdv = new ReferenceDigestValue(rdr.getId(), tpe.getPcrIndex(),
tpe.getEventDigestStr(), tpe.getEventTypeStr(),
false, false);
this.referenceEventManager.saveValue(rdv);
}
dbSupport.setProcessed(true);
this.referenceManifestManager.update(dbSupport);
} catch (CertificateException cEx) {
LOG.error(cEx);
} catch (NoSuchAlgorithmException noSaEx) {
LOG.error(noSaEx);
} catch (IOException ioEx) {
LOG.error(ioEx);
}
}
}
}
return true;
}
private Device processDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) { private Device processDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) {
DeviceInfoReport deviceInfoReport = parseDeviceInfo(claim); DeviceInfoReport deviceInfoReport = null;
try {
deviceInfoReport = parseDeviceInfo(claim);
} catch (NoSuchAlgorithmException noSaEx) {
LOG.error(noSaEx);
}
if (deviceInfoReport == null) { if (deviceInfoReport == null) {
LOG.error("Failed to deserialize Device Info Report"); LOG.error("Failed to deserialize Device Info Report");

53
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -9,6 +9,8 @@ import hirs.data.persist.Device;
import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.EventLogMeasurements; import hirs.data.persist.EventLogMeasurements;
import hirs.data.persist.PCRPolicy; import hirs.data.persist.PCRPolicy;
import hirs.data.persist.ReferenceDigestRecord;
import hirs.data.persist.ReferenceDigestValue;
import hirs.data.persist.ReferenceManifest; import hirs.data.persist.ReferenceManifest;
import hirs.data.persist.SupplyChainPolicy; import hirs.data.persist.SupplyChainPolicy;
import hirs.data.persist.SupplyChainValidation; import hirs.data.persist.SupplyChainValidation;
@ -26,6 +28,8 @@ import hirs.persist.CrudManager;
import hirs.persist.DBManagerException; import hirs.persist.DBManagerException;
import hirs.persist.PersistenceConfiguration; import hirs.persist.PersistenceConfiguration;
import hirs.persist.PolicyManager; import hirs.persist.PolicyManager;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestManager;
import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TCGEventLog;
import hirs.tpm.eventlog.TpmPcrEvent; import hirs.tpm.eventlog.TpmPcrEvent;
@ -76,6 +80,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
private PolicyManager policyManager; private PolicyManager policyManager;
private AppraiserManager appraiserManager; private AppraiserManager appraiserManager;
private ReferenceManifestManager referenceManifestManager; private ReferenceManifestManager referenceManifestManager;
private ReferenceDigestManager referenceDigestManager;
private ReferenceEventManager referenceEventManager;
private CertificateManager certificateManager; private CertificateManager certificateManager;
private CredentialValidator supplyChainCredentialValidator; private CredentialValidator supplyChainCredentialValidator;
private CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager; private CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager;
@ -92,20 +98,27 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
* @param referenceManifestManager the RIM manager * @param referenceManifestManager the RIM manager
* @param supplyChainValidatorSummaryManager the summary manager * @param supplyChainValidatorSummaryManager the summary manager
* @param supplyChainCredentialValidator the credential validator * @param supplyChainCredentialValidator the credential validator
* @param referenceDigestManager the digest manager
* @param referenceEventManager the even manager
*/ */
@Autowired @Autowired
@SuppressWarnings("ParameterNumberCheck")
public SupplyChainValidationServiceImpl( public SupplyChainValidationServiceImpl(
final PolicyManager policyManager, final AppraiserManager appraiserManager, final PolicyManager policyManager, final AppraiserManager appraiserManager,
final CertificateManager certificateManager, final CertificateManager certificateManager,
final ReferenceManifestManager referenceManifestManager, final ReferenceManifestManager referenceManifestManager,
final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager, final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
final CredentialValidator supplyChainCredentialValidator) { final CredentialValidator supplyChainCredentialValidator,
final ReferenceDigestManager referenceDigestManager,
final ReferenceEventManager referenceEventManager) {
this.policyManager = policyManager; this.policyManager = policyManager;
this.appraiserManager = appraiserManager; this.appraiserManager = appraiserManager;
this.certificateManager = certificateManager; this.certificateManager = certificateManager;
this.referenceManifestManager = referenceManifestManager; this.referenceManifestManager = referenceManifestManager;
this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager; this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager;
this.supplyChainCredentialValidator = supplyChainCredentialValidator; this.supplyChainCredentialValidator = supplyChainCredentialValidator;
this.referenceDigestManager = referenceDigestManager;
this.referenceEventManager = referenceEventManager;
} }
/** /**
@ -354,10 +367,13 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
AppraisalStatus fwStatus = null; AppraisalStatus fwStatus = null;
String manufacturer = device.getDeviceInfo() String manufacturer = device.getDeviceInfo()
.getHardwareInfo().getManufacturer(); .getHardwareInfo().getManufacturer();
String model = device.getDeviceInfo()
.getHardwareInfo().getProductName();
ReferenceManifest validationObject = null; ReferenceManifest validationObject = null;
ReferenceManifest baseReferenceManifest = null; ReferenceManifest baseReferenceManifest = null;
ReferenceManifest supportReferenceManifest = null; ReferenceManifest supportReferenceManifest = null;
ReferenceManifest measurement = null; ReferenceManifest measurement = null;
ReferenceDigestRecord digestRecord = null;
baseReferenceManifest = BaseReferenceManifest.select(referenceManifestManager) baseReferenceManifest = BaseReferenceManifest.select(referenceManifestManager)
.byManufacturer(manufacturer).getRIM(); .byManufacturer(manufacturer).getRIM();
@ -465,18 +481,22 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
// part 2 of firmware validation check: bios measurements // part 2 of firmware validation check: bios measurements
// vs baseline tcg event log // vs baseline tcg event log
// find the measurement // find the measurement
TCGEventLog tcgEventLog;
TCGEventLog tcgMeasurementLog; TCGEventLog tcgMeasurementLog;
digestRecord = this.referenceDigestManager.getRecord(manufacturer, model);
LinkedList<TpmPcrEvent> tpmPcrEvents = new LinkedList<>(); LinkedList<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
List<ReferenceDigestValue> eventValue;
HashMap<String, ReferenceDigestValue> eventValueMap = new HashMap<>();
try { try {
if (measurement.getPlatformManufacturer().equals(manufacturer)) { if (measurement.getPlatformManufacturer().equals(manufacturer)) {
tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes()); tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes());
tcgEventLog = new TCGEventLog( eventValue = this.referenceEventManager
supportReferenceManifest.getRimBytes()); .getValuesByRecordId(digestRecord);
for (TpmPcrEvent tpe : tcgEventLog.getEventList()) { for (ReferenceDigestValue rdv : eventValue) {
if (!tpe.eventCompare( eventValueMap.put(rdv.getDigestValue(), rdv);
tcgMeasurementLog.getEventByNumber( }
tpe.getEventNumber()))) {
for (TpmPcrEvent tpe : tcgMeasurementLog.getEventList()) {
if (!eventValueMap.containsKey(tpe.getEventDigestStr())) {
tpmPcrEvents.add(tpe); tpmPcrEvents.add(tpe);
} }
} }
@ -536,6 +556,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
AppraisalStatus fwStatus = new AppraisalStatus(FAIL, AppraisalStatus fwStatus = new AppraisalStatus(FAIL,
SupplyChainCredentialValidator.FIRMWARE_VALID); SupplyChainCredentialValidator.FIRMWARE_VALID);
SupportReferenceManifest sRim = null; SupportReferenceManifest sRim = null;
EventLogMeasurements eventLog = null;
// check if the policy is enabled // check if the policy is enabled
if (policy.isFirmwareValidationEnabled()) { if (policy.isFirmwareValidationEnabled()) {
@ -547,17 +568,25 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
sRim = SupportReferenceManifest.select( sRim = SupportReferenceManifest.select(
this.referenceManifestManager) this.referenceManifestManager)
.byManufacturer(manufacturer).getRIM(); .byManufacturer(manufacturer).getRIM();
eventLog = EventLogMeasurements
.select(this.referenceManifestManager)
.byManufacturer(manufacturer).getRIM();
if (sRim == null) { if (sRim == null) {
fwStatus = new AppraisalStatus(FAIL, fwStatus = new AppraisalStatus(FAIL,
String.format("Firmware Quote validation failed: " String.format("Firmware Quote validation failed: "
+ "No associated RIM file could be found for %s", + "No associated Support RIM file "
+ "could be found for %s",
manufacturer));
} else if (eventLog == null) {
fwStatus = new AppraisalStatus(FAIL,
String.format("Firmware Quote validation failed: "
+ "No associated Client Log file "
+ "could be found for %s",
manufacturer)); manufacturer));
} else { } else {
baseline = sRim.getExpectedPCRList(); baseline = sRim.getExpectedPCRList();
String pcrContent = new String(device.getDeviceInfo() String[] storedPcrs = eventLog.getExpectedPCRList();
.getTPMInfo().getPcrValues());
String[] storedPcrs = buildStoredPcrs(pcrContent, baseline[0].length());
PCRPolicy pcrPolicy = policy.getPcrPolicy(); PCRPolicy pcrPolicy = policy.getPcrPolicy();
pcrPolicy.setBaselinePcrs(baseline); pcrPolicy.setBaselinePcrs(baseline);
// grab the quote // grab the quote

36
HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java
View File

@ -23,6 +23,8 @@ import hirs.persist.DBDeviceManager;
import hirs.persist.DeviceGroupManager; import hirs.persist.DeviceGroupManager;
import hirs.persist.DeviceManager; import hirs.persist.DeviceManager;
import hirs.persist.PolicyManager; import hirs.persist.PolicyManager;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.validation.CredentialValidator; import hirs.validation.CredentialValidator;
import hirs.validation.SupplyChainCredentialValidator; import hirs.validation.SupplyChainCredentialValidator;
import org.mockito.ArgumentCaptor; import org.mockito.ArgumentCaptor;
@ -87,6 +89,12 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
@Mock @Mock
private CrudManager<SupplyChainValidationSummary> supplyChainValidationSummaryDBManager; private CrudManager<SupplyChainValidationSummary> supplyChainValidationSummaryDBManager;
@Mock
private ReferenceDigestManager referenceDigestManager;
@Mock
private ReferenceEventManager referenceEventManager;
@InjectMocks @InjectMocks
private SupplyChainValidationServiceImpl service; private SupplyChainValidationServiceImpl service;
@ -400,7 +408,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
realCertMan, realCertMan,
null, null,
supplyChainValidationSummaryDBManager, supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
); );
CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential( CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential(
@ -460,7 +470,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
realCertMan, realCertMan,
null, null,
supplyChainValidationSummaryDBManager, supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
); );
CertificateAuthorityCredential rootCa = new CertificateAuthorityCredential( CertificateAuthorityCredential rootCa = new CertificateAuthorityCredential(
@ -506,7 +518,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
realCertMan, realCertMan,
null, null,
supplyChainValidationSummaryDBManager, supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
); );
EndorsementCredential endorsementCredential = new EndorsementCredential( EndorsementCredential endorsementCredential = new EndorsementCredential(
@ -542,7 +556,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
realCertMan, realCertMan,
null, null,
supplyChainValidationSummaryDBManager, supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
); );
CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential( CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential(
@ -602,7 +618,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
realCertMan, realCertMan,
null, null,
supplyChainValidationSummaryDBManager, supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
); );
CertificateAuthorityCredential intelCa = new CertificateAuthorityCredential( CertificateAuthorityCredential intelCa = new CertificateAuthorityCredential(
@ -648,7 +666,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
realCertMan, realCertMan,
null, null,
supplyChainValidationSummaryDBManager, supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
); );
CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential( CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential(
@ -699,7 +719,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
realCertMan, realCertMan,
null, null,
supplyChainValidationSummaryDBManager, supplyChainValidationSummaryDBManager,
new SupplyChainCredentialValidator() new SupplyChainCredentialValidator(),
referenceDigestManager,
referenceEventManager
); );
CertificateAuthorityCredential stmEkRootCa = new CertificateAuthorityCredential( CertificateAuthorityCredential stmEkRootCa = new CertificateAuthorityCredential(

118
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -1,5 +1,9 @@
package hirs.attestationca.portal.page.controllers; package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams;
import hirs.data.persist.BaseReferenceManifest; import hirs.data.persist.BaseReferenceManifest;
import hirs.data.persist.EventLogMeasurements; import hirs.data.persist.EventLogMeasurements;
import hirs.data.persist.ReferenceManifest; import hirs.data.persist.ReferenceManifest;
@ -10,23 +14,6 @@ import hirs.persist.CertificateManager;
import hirs.persist.DBManagerException; import hirs.persist.DBManagerException;
import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestManager;
import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TCGEventLog;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.ArrayList;
import java.util.Set;
import java.util.UUID;
import hirs.tpm.eventlog.TpmPcrEvent; import hirs.tpm.eventlog.TpmPcrEvent;
import hirs.utils.ReferenceManifestValidator; import hirs.utils.ReferenceManifestValidator;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
@ -37,6 +24,17 @@ import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.ModelAndView;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.UUID;
/** /**
* Controller for the Reference Manifest Details page. * Controller for the Reference Manifest Details page.
*/ */
@ -101,7 +99,9 @@ public class ReferenceManifestDetailsPageController
LOGGER.error(uuidError, iaEx); LOGGER.error(uuidError, iaEx);
} catch (Exception ioEx) { } catch (Exception ioEx) {
LOGGER.error(ioEx); LOGGER.error(ioEx);
LOGGER.trace(ioEx); for (StackTraceElement ste : ioEx.getStackTrace()) {
LOGGER.debug(ste.toString());
}
} }
if (data.isEmpty()) { if (data.isEmpty()) {
String notFoundMessage = "Unable to find RIM with ID: " + params.getId(); String notFoundMessage = "Unable to find RIM with ID: " + params.getId();
@ -187,12 +187,12 @@ public class ReferenceManifestDetailsPageController
} else { } else {
data.put("swidCorpus", "False"); data.put("swidCorpus", "False");
} }
if (baseRim.isSwidPatch() == 1) { if (baseRim.isSwidPatch()) {
data.put("swidPatch", "True"); data.put("swidPatch", "True");
} else { } else {
data.put("swidPatch", "False"); data.put("swidPatch", "False");
} }
if (baseRim.isSwidSupplemental() == 1) { if (baseRim.isSwidSupplemental()) {
data.put("swidSupplemental", "True"); data.put("swidSupplemental", "True");
} else { } else {
data.put("swidSupplemental", "False"); data.put("swidSupplemental", "False");
@ -205,9 +205,16 @@ public class ReferenceManifestDetailsPageController
data.put("entityThumbprint", baseRim.getEntityThumbprint()); data.put("entityThumbprint", baseRim.getEntityThumbprint());
// Link // Link
data.put("linkHref", baseRim.getLinkHref()); data.put("linkHref", baseRim.getLinkHref());
for (BaseReferenceManifest bRim : BaseReferenceManifest
.select(referenceManifestManager).getRIMs()) {
if (baseRim.getLinkHref().contains(bRim.getTagId())) {
data.put("linkHrefLink", bRim.getId().toString());
break;
} else {
data.put("linkHrefLink", "");
}
}
data.put("linkRel", baseRim.getLinkRel()); data.put("linkRel", baseRim.getLinkRel());
data.put("supportRimId", "");
data.put("supportRimTagId", "");
data.put("platformManufacturer", baseRim.getPlatformManufacturer()); data.put("platformManufacturer", baseRim.getPlatformManufacturer());
data.put("platformManufacturerId", baseRim.getPlatformManufacturerId()); data.put("platformManufacturerId", baseRim.getPlatformManufacturerId());
data.put("platformModel", baseRim.getPlatformModel()); data.put("platformModel", baseRim.getPlatformModel());
@ -222,11 +229,18 @@ public class ReferenceManifestDetailsPageController
data.put("pcUriGlobal", baseRim.getPcURIGlobal()); data.put("pcUriGlobal", baseRim.getPcURIGlobal());
data.put("pcUriLocal", baseRim.getPcURILocal()); data.put("pcUriLocal", baseRim.getPcURILocal());
data.put("rimLinkHash", baseRim.getRimLinkHash()); data.put("rimLinkHash", baseRim.getRimLinkHash());
boolean hashLinked = false;
if (baseRim.getRimLinkHash() != null) {
ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager)
.byHashCode(baseRim.getRimLinkHash()).getRIM();
hashLinked = (rim != null);
}
data.put("linkHashValid", hashLinked);
data.put("rimType", baseRim.getRimType()); data.put("rimType", baseRim.getRimType());
List<SwidResource> resources = baseRim.parseResource(); List<SwidResource> resources = baseRim.parseResource();
TCGEventLog logProcessor = null; TCGEventLog logProcessor = null;
ReferenceManifest support = null; SupportReferenceManifest support = null;
if (baseRim.getAssociatedRim() == null) { if (baseRim.getAssociatedRim() == null) {
support = SupportReferenceManifest.select(referenceManifestManager) support = SupportReferenceManifest.select(referenceManifestManager)
@ -234,12 +248,10 @@ public class ReferenceManifestDetailsPageController
.getRIM(); .getRIM();
if (support != null) { if (support != null) {
baseRim.setAssociatedRim(support.getId()); baseRim.setAssociatedRim(support.getId());
logProcessor = new TCGEventLog(support.getRimBytes());
} }
} else { } else {
support = SupportReferenceManifest.select(referenceManifestManager) support = SupportReferenceManifest.select(referenceManifestManager)
.byEntityId(baseRim.getAssociatedRim()).getRIM(); .byEntityId(baseRim.getAssociatedRim()).getRIM();
logProcessor = new TCGEventLog(support.getRimBytes());
} }
// going to have to pull the filename and grab that from the DB // going to have to pull the filename and grab that from the DB
// to get the id to make the link // to get the id to make the link
@ -253,16 +265,16 @@ public class ReferenceManifestDetailsPageController
} else { } else {
data.put("supportRimHashValid", false); data.put("supportRimHashValid", false);
} }
swidRes.setPcrValues(Arrays.asList(
logProcessor.getExpectedPCRValues()));
break; break;
} else {
swidRes.setPcrValues(new ArrayList<>());
} }
} }
data.put("associatedRim", baseRim.getAssociatedRim()); data.put("associatedRim", baseRim.getAssociatedRim());
data.put("swidFiles", resources); data.put("swidFiles", resources);
if (support != null && (!baseRim.isSwidSupplemental()
&& !baseRim.isSwidPatch())) {
data.put("pcrList", support.getExpectedPCRList());
}
RIM_VALIDATOR.validateXmlSignature(new ByteArrayInputStream(baseRim.getRimBytes())); RIM_VALIDATOR.validateXmlSignature(new ByteArrayInputStream(baseRim.getRimBytes()));
data.put("signatureValid", RIM_VALIDATOR.isSignatureValid()); data.put("signatureValid", RIM_VALIDATOR.isSignatureValid());
@ -301,17 +313,19 @@ public class ReferenceManifestDetailsPageController
HashMap<String, Object> data = new HashMap<>(); HashMap<String, Object> data = new HashMap<>();
EventLogMeasurements measurements = null; EventLogMeasurements measurements = null;
if (support.getAssociatedRim() == null if (support.getAssociatedRim() == null) {
&& (support.getPlatformManufacturer() != null Set<BaseReferenceManifest> baseRims = BaseReferenceManifest
&& !support.getPlatformManufacturer().isEmpty())) { .select(referenceManifestManager)
ReferenceManifest baseRim = BaseReferenceManifest.select(referenceManifestManager) .byRimType(ReferenceManifest.BASE_RIM).getRIMs();
.byManufacturer(support.getPlatformManufacturer()).getRIM(); for (BaseReferenceManifest baseRim : baseRims) {
if (baseRim != null) { if (baseRim != null && baseRim.getAssociatedRim().equals(support.getId())) {
support.setAssociatedRim(baseRim.getId()); support.setAssociatedRim(baseRim.getId());
try { try {
referenceManifestManager.update(support); referenceManifestManager.update(support);
} catch (DBManagerException ex) { } catch (DBManagerException ex) {
LOGGER.error("Failed to update Support RIM", ex); LOGGER.error("Failed to update Support RIM", ex);
}
break;
} }
} }
} }
@ -324,6 +338,18 @@ public class ReferenceManifestDetailsPageController
.byManufacturer(support.getPlatformManufacturer()).getRIM(); .byManufacturer(support.getPlatformManufacturer()).getRIM();
} }
if (support.isSwidPatch()) {
data.put("swidPatch", "True");
} else {
data.put("swidPatch", "False");
}
if (support.isSwidSupplemental()) {
data.put("swidSupplemental", "True");
} else {
data.put("swidSupplemental", "False");
}
data.put("swidBase", (!support.isSwidPatch()
&& !support.isSwidSupplemental()));
data.put("baseRim", support.getTagId()); data.put("baseRim", support.getTagId());
data.put("associatedRim", support.getAssociatedRim()); data.put("associatedRim", support.getAssociatedRim());
data.put("rimType", support.getRimType()); data.put("rimType", support.getRimType());
@ -348,14 +374,20 @@ public class ReferenceManifestDetailsPageController
TCGEventLog measurementsProcess; TCGEventLog measurementsProcess;
if (measurements != null) { if (measurements != null) {
measurementsProcess = new TCGEventLog((measurements.getRimBytes())); measurementsProcess = new TCGEventLog((measurements.getRimBytes()));
HashMap<String, TpmPcrEvent> digestMap = new HashMap<>();
for (TpmPcrEvent tpe : logProcessor.getEventList()) { for (TpmPcrEvent tpe : logProcessor.getEventList()) {
if (!tpe.eventCompare( digestMap.put(tpe.getEventDigestStr(), tpe);
measurementsProcess.getEventByNumber( if (!support.isSwidSupplemental()
tpe.getEventNumber()))) { && !tpe.eventCompare(
measurementsProcess.getEventByNumber(
tpe.getEventNumber()))) {
tpe.setError(true); tpe.setError(true);
} }
tpmPcrEvents.add(tpe); tpmPcrEvents.add(tpe);
} }
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
tpe.setError(!digestMap.containsKey(tpe.getEventDigestStr()));
}
data.put("events", tpmPcrEvents); data.put("events", tpmPcrEvents);
} else { } else {
data.put("events", logProcessor.getEventList()); data.put("events", logProcessor.getEventList());

97
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp
View File

@ -41,6 +41,24 @@
</c:choose> </c:choose>
</div> </div>
</div> </div>
<c:if test="${not initialData.swidBase}">
<div class="row">
<div class="col-md-1 col-md-offset-1">
<span class="colHeader">RIM Type</span>
</div>
<div id="baseRim" class="col col-md-8">
<c:if test="${initialData.swidCorpus}">
<div>SWID Corpus</div>
</c:if>
<c:if test="${initialData.swidPatch}">
<div>SWID Patch</div>
</c:if>
<c:if test="${initialData.swidSupplemental}">
<div>SWID Supplemental</div>
</c:if>
</div>
</div>
</c:if>
<div class="row"> <div class="row">
<div class="col-md-1 col-md-offset-1"> <div class="col-md-1 col-md-offset-1">
<span class="colRimHeader"> <span class="colRimHeader">
@ -57,7 +75,7 @@
<ul> <ul>
<c:if test="${initialData.crtm || initialData.bootManager || initialData.osLoader || initialData.osKernel}"> <c:if test="${initialData.crtm || initialData.bootManager || initialData.osLoader || initialData.osKernel}">
<li>PC Client Boot path</li> <li>PC Client Boot path</li>
</c:if> </c:if>
<ul> <ul>
<c:if test="${initialData.crtm}"> <c:if test="${initialData.crtm}">
<li>Software Core Root of Trust for Measurement (SRTM)</li> <li>Software Core Root of Trust for Measurement (SRTM)</li>
@ -70,7 +88,7 @@
</c:if> </c:if>
<c:if test="${initialData.osKernel}"> <c:if test="${initialData.osKernel}">
<li>OS Kernel</li> <li>OS Kernel</li>
</c:if> </c:if>
</ul> </ul>
<c:if test="${initialData.acpiTables || initialData.smbiosTables || initialData.gptTable || initialData.defaultBootDevice}"> <c:if test="${initialData.acpiTables || initialData.smbiosTables || initialData.gptTable || initialData.defaultBootDevice}">
<li>Device Configuration</li> <li>Device Configuration</li>
@ -90,7 +108,7 @@
</c:if> </c:if>
<c:if test="${initialData.defaultBootDevice}"> <c:if test="${initialData.defaultBootDevice}">
<li>Default boot device</li> <li>Default boot device</li>
</c:if> </c:if>
</ul> </ul>
<c:if test="${initialData.secureBoot || initialData.pk || initialData.kek || initialData.sigDb || initialData.forbiddenDbx}"> <c:if test="${initialData.secureBoot || initialData.pk || initialData.kek || initialData.sigDb || initialData.forbiddenDbx}">
<li>Secure Boot Variables</li> <li>Secure Boot Variables</li>
@ -110,7 +128,7 @@
</c:if> </c:if>
<c:if test="${initialData.forbiddenDbx}"> <c:if test="${initialData.forbiddenDbx}">
<li>Forbidden Signatures Database (dbx)</li> <li>Forbidden Signatures Database (dbx)</li>
</c:if> </c:if>
</ul> </ul>
</ul> </ul>
</ul> </ul>
@ -134,7 +152,6 @@
<li>OS Kernel</li> <li>OS Kernel</li>
</c:if> </c:if>
</ul> </ul>
<c:if test="${not initialData.acpiTables || not initialData.smbiosTables || not initialData.gptTable || not initialData.bootOrder || not initialData.defaultBootDevice}"> <c:if test="${not initialData.acpiTables || not initialData.smbiosTables || not initialData.gptTable || not initialData.bootOrder || not initialData.defaultBootDevice}">
<li>Device Configuration</li> <li>Device Configuration</li>
</c:if> </c:if>
@ -173,7 +190,7 @@
</c:if> </c:if>
<c:if test="${not initialData.forbiddenDbx}"> <c:if test="${not initialData.forbiddenDbx}">
<li>Forbidden Signatures Database (dbx)</li> <li>Forbidden Signatures Database (dbx)</li>
</c:if> </c:if>
</ul> </ul>
</ul> </ul>
</ul> </ul>
@ -326,7 +343,7 @@
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Link</span></div> <div class="col-md-1 col-md-offset-1"><span class="colHeader">Link</span></div>
<div id="link" class="col col-md-8"> <div id="link" class="col col-md-8">
<c:if test="${not empty initialData.linkHref}"> <c:if test="${not empty initialData.linkHref}">
<div><span><a href="${initialData.linkHref}" rel="${initialData.linkRel}">${initialData.linkHref}</a></span> <div><span><a href="${portal}/rim-details?id=${initialData.linkHrefLink}" rel="${initialData.linkRel}">${initialData.linkHref}</a></span>
</div> </div>
<div>Rel:&nbsp;<span>${initialData.linkRel}</span> <div>Rel:&nbsp;<span>${initialData.linkRel}</span>
</div> </div>
@ -352,13 +369,24 @@
</c:if> </c:if>
<div>Binding Spec:&nbsp;<span>${initialData.bindingSpec}</span></div> <div>Binding Spec:&nbsp;<span>${initialData.bindingSpec}</span></div>
<div>Binding Spec Version:&nbsp;<span>${initialData.bindingSpecVersion}</span></div> <div>Binding Spec Version:&nbsp;<span>${initialData.bindingSpecVersion}</span></div>
<c:if test="${not empty initiaData.pcUriGlobal}"> <c:if test="${not empty initialData.pcUriGlobal}">
<div>PC URI Global:&nbsp;<span>${initialData.pcUriGlobal}</span></div> <div>PC URI Global:&nbsp;<span>${initialData.pcUriGlobal}</span></div>
</c:if> </c:if>
<c:if test="${not empty initiaData.pcUriLocal}"> <c:if test="${not empty initialData.pcUriLocal}">
<div>PC URI Local:&nbsp;<span>${initialData.pcUriLocal}</span></div> <div>PC URI Local:&nbsp;<span>${initialData.pcUriLocal}</span></div>
</c:if> </c:if>
<div>Rim Link Hash:&nbsp;<span>${initialData.rimLinkHash}</span></div> <div>Rim Link Hash:&nbsp;<span>${initialData.rimLinkHash}</span>
<span>
<c:choose>
<c:when test="${initialData.linkHashValid}">
<img src="${passIcon}" title="SWID Tag exist.">
</c:when>
<c:otherwise>
<img src="${failIcon}" title="SWID Tag doesn't exist.">
</c:otherwise>
</c:choose>
</span>
</div>
</div> </div>
</div> </div>
<div class="row"> <div class="row">
@ -409,26 +437,27 @@
</c:choose> </c:choose>
</span> </span>
</div> </div>
<div class="component col col-md-10">
<span class="fieldHeader">File Size:</span>
<span class="fieldValue">${resource.getSize()}</span><br/>
<span class="fieldHeader">Hash:</span>
<span class="fieldValue" style="overflow-wrap: break-word">${resource.getHashValue()}</span><br/>
<c:if test="${not empty resource.getRimFormat()}">
<span class="fieldHeader">RIM Format:</span>
<span class="fieldValue">${resource.getRimFormat()}</span><br/>
</c:if>
<c:if test="${not empty resource.getRimType()}">
<span class="fieldHeader">RIM Type:</span>
<span class="fieldValue">${resource.getRimType()}</span><br/>
</c:if>
<c:if test="${not empty resource.getRimUriGlobal()}">
<span class="fieldHeader">URI Global:</span>
<span class="fieldValue">${resource.getRimUriGlobal()}</span><br/>
</c:if>
</div>
<c:choose> <c:choose>
<c:when test="${not empty resource.getPcrValues()}"> <c:when test="${not empty initialData.pcrList}">
<div class="component col col-md-10"> <div class="component col col-md-10">
<span class="fieldHeader">File Size:</span>
<span class="fieldValue">${resource.getSize()}</span><br/>
<span class="fieldHeader">Hash:</span>
<span class="fieldValue" style="overflow-wrap: break-word">${resource.getHashValue()}</span><br/>
<c:if test="${not empty resource.getRimFormat()}">
<span class="fieldHeader">RIM Format:</span>
<span class="fieldValue">${resource.getRimFormat()}</span><br/>
</c:if>
<c:if test="${not empty resource.getRimType()}">
<span class="fieldHeader">RIM Type:</span>
<span class="fieldValue">${resource.getRimType()}</span><br/>
</c:if>
<c:if test="${not empty resource.getRimUriGlobal()}">
<span class="fieldHeader">URI Global:</span>
<span class="fieldValue">${resource.getRimUriGlobal()}</span><br/>
</c:if>
<c:if test="${not empty resource.getPcrValues()}">
<div class="panel-body"> <div class="panel-body">
<div class="component" role="tab" id="pcrValues"> <div class="component" role="tab" id="pcrValues">
<a role="button" data-toggle="collapse" data-parent="#directorycollapse" class="collapsed" <a role="button" data-toggle="collapse" data-parent="#directorycollapse" class="collapsed"
@ -438,24 +467,28 @@
</div> </div>
<div id="pcrscollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingThree" aria-expanded="true"> <div id="pcrscollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingThree" aria-expanded="true">
<div> <div>
<c:forEach items="${resource.getPcrMap()}" var="pcrValue"> <c:set var="count" value="0" scope="page"/>
<c:forEach items="${initialData.pcrList}" var="pcrValue">
<div id="componentIdentifier" class="row"> <div id="componentIdentifier" class="row">
<div> <div>
<span>${pcrValue.key}</span> <span>PCR ${count} - </span>
<span style="overflow-wrap: break-word">${pcrValue.value}</span> <span style="overflow-wrap: break-word">${pcrValue}</span>
</div> </div>
</div> </div>
<c:set var="count" value="${count + 1}" scope="page"/>
</c:forEach> </c:forEach>
</div> </div>
</div> </div>
</div> </div>
</c:if>
</div> </div>
</c:when> </c:when>
<c:otherwise> <c:otherwise>
<c:if test="${not initialData.swidPatch and not initialData.swidSupplemental}">
<div class="component col col-md-10" style="color: red; padding-left: 20px">Support RIM file named ${resource.getName()} was not imported via the Reference Integrity Manifest page.</div> <div class="component col col-md-10" style="color: red; padding-left: 20px">Support RIM file named ${resource.getName()} was not imported via the Reference Integrity Manifest page.</div>
</c:if>
</c:otherwise> </c:otherwise>
</c:choose> </c:choose>
</div>
</div> </div>
</div> </div>
</c:forEach> </c:forEach>

2
HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
View File

@ -160,7 +160,7 @@ int provision() {
= provisioner.sendAttestationCertificateRequest(certificateRequest); = provisioner.sendAttestationCertificateRequest(certificateRequest);
if (akCertificateByteString == "") { if (akCertificateByteString == "") {
cout << "----> Provisioning failed."; cout << "----> Provisioning the quote failed.";
cout << "Please refer to the Attestation CA for details." << endl; cout << "Please refer to the Attestation CA for details." << endl;
return 0; return 0;
} }

68
HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java
View File

@ -41,14 +41,8 @@ public class BaseReferenceManifest extends ReferenceManifest {
@Column @Column
private String swidName = null; private String swidName = null;
@Column @Column
private String swidVersion = null;
@Column
private int swidCorpus = 0; private int swidCorpus = 0;
@Column @Column
private int swidPatch = 0;
@Column
private int swidSupplemental = 0;
@Column
private String colloquialVersion = null; private String colloquialVersion = null;
@Column @Column
private String product = null; private String product = null;
@ -159,9 +153,9 @@ public class BaseReferenceManifest extends ReferenceManifest {
setTagId(si.getTagId()); setTagId(si.getTagId());
this.swidName = si.getName(); this.swidName = si.getName();
this.swidCorpus = si.isCorpus() ? 1 : 0; this.swidCorpus = si.isCorpus() ? 1 : 0;
this.swidPatch = si.isPatch() ? 1 : 0; this.setSwidPatch(si.isPatch());
this.swidSupplemental = si.isSupplemental() ? 1 : 0; this.setSwidSupplemental(si.isSupplemental());
this.swidVersion = si.getVersion(); this.setSwidVersion(si.getVersion());
if (si.getTagVersion() != null) { if (si.getTagVersion() != null) {
this.setSwidTagVersion(si.getTagVersion().toString()); this.setSwidTagVersion(si.getTagVersion().toString());
} }
@ -439,24 +433,6 @@ public class BaseReferenceManifest extends ReferenceManifest {
this.swidName = swidName; this.swidName = swidName;
} }
/**
* Getter for the SWID version.
*
* @return string of the version number
*/
public String getSwidVersion() {
return swidVersion;
}
/**
* Setter for the SWID version.
*
* @param swidVersion string of the version
*/
public void setSwidVersion(final String swidVersion) {
this.swidVersion = swidVersion;
}
/** /**
* Getter for the corpus flag. * Getter for the corpus flag.
* *
@ -475,42 +451,6 @@ public class BaseReferenceManifest extends ReferenceManifest {
this.swidCorpus = swidCorpus; this.swidCorpus = swidCorpus;
} }
/**
* Getter for the patch flag.
*
* @return int flag for the patch flag
*/
public int isSwidPatch() {
return swidPatch;
}
/**
* Setter for the patch flag.
*
* @param swidPatch int value
*/
public void setSwidPatch(final int swidPatch) {
this.swidPatch = swidPatch;
}
/**
* Getter for the supplemental flag.
*
* @return int flag for the supplemental flag
*/
public int isSwidSupplemental() {
return swidSupplemental;
}
/**
* Setter for the supplemental flag.
*
* @param swidSupplemental int value
*/
public void setSwidSupplemental(final int swidSupplemental) {
this.swidSupplemental = swidSupplemental;
}
/** /**
* Getter for the Entity Name. * Getter for the Entity Name.
* *
@ -822,7 +762,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
return String.format("ReferenceManifest{swidName=%s," return String.format("ReferenceManifest{swidName=%s,"
+ "platformManufacturer=%s," + "platformManufacturer=%s,"
+ " platformModel=%s," + " platformModel=%s,"
+ "tagId=%s, rimHash=%d}", + "tagId=%s, rimHash=%s}",
swidName, this.getPlatformManufacturer(), swidName, this.getPlatformManufacturer(),
this.getPlatformModel(), getTagId(), this.getRimHash()); this.getPlatformModel(), getTagId(), this.getRimHash());
} }

51
HIRS_Utils/src/main/java/hirs/data/persist/ReferenceDigestValue.java
View File

@ -21,13 +21,15 @@ public class ReferenceDigestValue extends AbstractEntity {
@Column @Column
private UUID digestRecordId; private UUID digestRecordId;
@Column(nullable = false) @Column(nullable = false)
private int eventNumber; private int pcrIndex;
@Column(nullable = false) @Column(nullable = false)
private String digestValue; private String digestValue;
@Column(nullable = false) @Column(nullable = false)
private String eventType; private String eventType;
@Column(nullable = false) @Column(nullable = false)
private boolean matchFail; private boolean matchFail;
@Column(nullable = false)
private boolean patched = false;
/** /**
* Default Constructor. * Default Constructor.
@ -35,28 +37,31 @@ public class ReferenceDigestValue extends AbstractEntity {
public ReferenceDigestValue() { public ReferenceDigestValue() {
super(); super();
this.digestRecordId = UUID.randomUUID(); this.digestRecordId = UUID.randomUUID();
this.eventNumber = -1; this.pcrIndex = -1;
this.digestValue = ""; this.digestValue = "";
this.eventType = ""; this.eventType = "";
this.matchFail = false; this.matchFail = false;
this.patched = false;
} }
/** /**
* Default Constructor with parameters for all associated data. * Default Constructor with parameters for all associated data.
* @param digestRecordId the UUID of the associated record * @param digestRecordId the UUID of the associated record
* @param eventNumber the event number * @param pcrIndex the event number
* @param digestValue the key digest value * @param digestValue the key digest value
* @param eventType the event type to store * @param eventType the event type to store
* @param matchFail the status of the baseline check * @param matchFail the status of the baseline check
* @param patched the status of the value being updated to to patch
*/ */
public ReferenceDigestValue(final UUID digestRecordId, final int eventNumber, public ReferenceDigestValue(final UUID digestRecordId, final int pcrIndex,
final String digestValue, final String eventType, final String digestValue, final String eventType,
final boolean matchFail) { final boolean matchFail, final boolean patched) {
this.digestRecordId = digestRecordId; this.digestRecordId = digestRecordId;
this.eventNumber = eventNumber; this.pcrIndex = pcrIndex;
this.digestValue = digestValue; this.digestValue = digestValue;
this.eventType = eventType; this.eventType = eventType;
this.matchFail = matchFail; this.matchFail = matchFail;
this.patched = patched;
} }
/** /**
@ -79,16 +84,16 @@ public class ReferenceDigestValue extends AbstractEntity {
* Getter for the event number. * Getter for the event number.
* @return the stored value * @return the stored value
*/ */
public int getEventNumber() { public int getPcrIndex() {
return eventNumber; return pcrIndex;
} }
/** /**
* Setter for the event number. * Setter for the event number.
* @param eventNumber the value to store * @param pcrIndex the value to store
*/ */
public void setEventNumber(final int eventNumber) { public void setPcrIndex(final int pcrIndex) {
this.eventNumber = eventNumber; this.pcrIndex = pcrIndex;
} }
/** /**
@ -139,6 +144,22 @@ public class ReferenceDigestValue extends AbstractEntity {
this.matchFail = matchFail; this.matchFail = matchFail;
} }
/**
* Getter for the status of the patched state.
* @return patched flag
*/
public boolean isPatched() {
return patched;
}
/**
* Setter for the status of the patched state.
* @param patched the flag to set
*/
public void setPatched(final boolean patched) {
this.patched = patched;
}
@Override @Override
public boolean equals(final Object obj) { public boolean equals(final Object obj) {
if (this == obj) { if (this == obj) {
@ -148,7 +169,7 @@ public class ReferenceDigestValue extends AbstractEntity {
return false; return false;
} }
ReferenceDigestValue that = (ReferenceDigestValue) obj; ReferenceDigestValue that = (ReferenceDigestValue) obj;
return eventNumber == that.eventNumber && matchFail == that.matchFail return pcrIndex == that.pcrIndex && matchFail == that.matchFail
&& Objects.equals(digestValue, that.digestValue) && Objects.equals(digestValue, that.digestValue)
&& Objects.equals(digestRecordId, that.digestRecordId) && Objects.equals(digestRecordId, that.digestRecordId)
&& Objects.equals(eventType, that.eventType); && Objects.equals(eventType, that.eventType);
@ -156,7 +177,8 @@ public class ReferenceDigestValue extends AbstractEntity {
@Override @Override
public int hashCode() { public int hashCode() {
int result = Objects.hash(eventNumber, digestValue, digestRecordId, eventType, matchFail); int result = Objects.hash(pcrIndex, digestValue, digestRecordId,
eventType, matchFail, patched);
return result; return result;
} }
@ -165,6 +187,7 @@ public class ReferenceDigestValue extends AbstractEntity {
* @return a string * @return a string
*/ */
public String toString() { public String toString() {
return String.format("ReferenceDigestValue: {%d, %b}", eventNumber, matchFail); return String.format("ReferenceDigestValue: {%d, %s, %s, %b}",
pcrIndex, digestValue, eventType, matchFail);
} }
} }

103
HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
View File

@ -1,23 +1,25 @@
package hirs.data.persist; package hirs.data.persist;
import java.util.Arrays;
import java.util.UUID;
import javax.persistence.Access;
import javax.persistence.AccessType;
import javax.persistence.Column;
import javax.persistence.Entity;
import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonIgnore;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
import org.apache.commons.codec.binary.Hex;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.hibernate.annotations.Type; import org.hibernate.annotations.Type;
import javax.persistence.Access;
import javax.persistence.AccessType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table; import javax.persistence.Table;
import javax.xml.XMLConstants; import javax.xml.XMLConstants;
import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlRootElement;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.UUID;
/** /**
* This class represents the Reference Integrity Manifest object that will be * This class represents the Reference Integrity Manifest object that will be
@ -68,7 +70,7 @@ public abstract class ReferenceManifest extends ArchivableEntity {
public static final String RIM_HASH_FIELD = "rimHash"; public static final String RIM_HASH_FIELD = "rimHash";
@Column(nullable = false) @Column(nullable = false)
@JsonIgnore @JsonIgnore
private final int rimHash; private final String rimHash;
@Column(columnDefinition = "blob", nullable = false) @Column(columnDefinition = "blob", nullable = false)
@JsonIgnore @JsonIgnore
private byte[] rimBytes; private byte[] rimBytes;
@ -77,12 +79,18 @@ public abstract class ReferenceManifest extends ArchivableEntity {
@Column @Column
private String tagId = null; private String tagId = null;
@Column @Column
private boolean swidPatch = false;
@Column
private boolean swidSupplemental = false;
@Column
private String platformManufacturer = null; private String platformManufacturer = null;
@Column @Column
private String platformManufacturerId = null; private String platformManufacturerId = null;
@Column @Column
private String swidTagVersion = null; private String swidTagVersion = null;
@Column @Column
private String swidVersion = null;
@Column
private String platformModel = null; private String platformModel = null;
@Column(nullable = false) @Column(nullable = false)
private String fileName = null; private String fileName = null;
@ -96,7 +104,7 @@ public abstract class ReferenceManifest extends ArchivableEntity {
protected ReferenceManifest() { protected ReferenceManifest() {
super(); super();
this.rimBytes = null; this.rimBytes = null;
this.rimHash = 0; this.rimHash = "";
this.rimType = null; this.rimType = null;
this.platformManufacturer = null; this.platformManufacturer = null;
this.platformManufacturerId = null; this.platformManufacturerId = null;
@ -118,7 +126,19 @@ public abstract class ReferenceManifest extends ArchivableEntity {
"Cannot construct a RIM from an empty byte array"); "Cannot construct a RIM from an empty byte array");
this.rimBytes = rimBytes.clone(); this.rimBytes = rimBytes.clone();
this.rimHash = Arrays.hashCode(this.rimBytes);
MessageDigest digest = null;
try {
digest = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException noSaEx) {
LOGGER.error(noSaEx);
}
if (digest == null) {
this.rimHash = "";
} else {
this.rimHash = Hex.encodeHexString(
digest.digest(rimBytes));
}
} }
/** /**
@ -227,6 +247,24 @@ public abstract class ReferenceManifest extends ArchivableEntity {
this.swidTagVersion = swidTagVersion; this.swidTagVersion = swidTagVersion;
} }
/**
* Getter for the SWID version.
*
* @return string of the version number
*/
public String getSwidVersion() {
return swidVersion;
}
/**
* Setter for the SWID version.
*
* @param swidVersion string of the version
*/
public void setSwidVersion(final String swidVersion) {
this.swidVersion = swidVersion;
}
/** /**
* Getter for the RIM Tag ID. * Getter for the RIM Tag ID.
* *
@ -245,6 +283,42 @@ public abstract class ReferenceManifest extends ArchivableEntity {
this.tagId = tagId; this.tagId = tagId;
} }
/**
* Getter for the patch flag.
*
* @return int flag for the patch flag
*/
public boolean isSwidPatch() {
return swidPatch;
}
/**
* Setter for the patch flag.
*
* @param swidPatch int value
*/
public void setSwidPatch(final boolean swidPatch) {
this.swidPatch = swidPatch;
}
/**
* Getter for the supplemental flag.
*
* @return int flag for the supplemental flag
*/
public boolean isSwidSupplemental() {
return swidSupplemental;
}
/**
* Setter for the supplemental flag.
*
* @param swidSupplemental int value
*/
public void setSwidSupplemental(final boolean swidSupplemental) {
this.swidSupplemental = swidSupplemental;
}
/** /**
* Getter for the associated RIM DB ID. * Getter for the associated RIM DB ID.
* @return UUID for the rim * @return UUID for the rim
@ -279,13 +353,13 @@ public abstract class ReferenceManifest extends ArchivableEntity {
* *
* @return int representation of the hash value * @return int representation of the hash value
*/ */
public int getRimHash() { public String getRimHash() {
return rimHash; return rimHash;
} }
@Override @Override
public int hashCode() { public int hashCode() {
return getRimHash(); return Arrays.hashCode(this.rimBytes);
} }
@Override @Override
@ -313,7 +387,8 @@ public abstract class ReferenceManifest extends ArchivableEntity {
@Override @Override
public String toString() { public String toString() {
return String.format("Filename->%s%nPlatform Manufacturer->%s%n" return String.format("Filename->%s%nPlatform Manufacturer->%s%n"
+ "Platform Model->%s%nRIM Type->%s", this.getFileName(), + "Platform Model->%s%nRIM Type->%s%nRIM Hash->%s", this.getFileName(),
this.platformManufacturer, this.platformModel, this.getRimType()); this.platformManufacturer, this.platformModel, this.getRimType(),
this.getRimHash());
} }
} }

47
HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java
View File

@ -29,6 +29,8 @@ public class SupportReferenceManifest extends ReferenceManifest {
private int pcrHash = 0; private int pcrHash = 0;
@Column @Column
private boolean updated = false; private boolean updated = false;
@Column
private boolean processed = false;
/** /**
* This class enables the retrieval of SupportReferenceManifest by their attributes. * This class enables the retrieval of SupportReferenceManifest by their attributes.
@ -78,6 +80,26 @@ public class SupportReferenceManifest extends ReferenceManifest {
setFieldValue(PLATFORM_MODEL, model); setFieldValue(PLATFORM_MODEL, model);
return this; return this;
} }
/**
* Specify the file name that rims should have.
* @param fileName the name of the file associated with the rim
* @return this instance
*/
public Selector byFileName(final String fileName) {
setFieldValue(RIM_FILENAME_FIELD, fileName);
return this;
}
/**
* Specify the RIM hash associated with the support RIM.
* @param rimHash the hash of the file associated with the rim
* @return this instance
*/
public Selector byRimHash(final String rimHash) {
setFieldValue(RIM_HASH_FIELD, rimHash);
return this;
}
} }
/** /**
@ -199,4 +221,29 @@ public class SupportReferenceManifest extends ReferenceManifest {
public void setUpdated(final boolean updated) { public void setUpdated(final boolean updated) {
this.updated = updated; this.updated = updated;
} }
/**
* Flag method on the status of supplemental processed.
* @return status of the flag
*/
public boolean isProcessed() {
return processed;
}
/**
* Setter for the processed flag.
* @param processed status flag
*/
public void setProcessed(final boolean processed) {
this.processed = processed;
}
/**
* This is a method to indicate whether or not this support
* rim is a base log file.
* @return flag for base.
*/
public boolean isBaseSupport() {
return !this.isSwidSupplemental() && !this.isSwidPatch();
}
} }

115
HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java
View File

@ -3,27 +3,14 @@ package hirs.data.persist;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
import hirs.data.persist.baseline.TpmWhiteListBaseline; import hirs.data.persist.baseline.TpmWhiteListBaseline;
import hirs.data.persist.enums.DigestAlgorithm; import hirs.data.persist.enums.DigestAlgorithm;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.utils.xjc.File; import hirs.utils.xjc.File;
import java.io.IOException;
import java.util.Map;
import java.util.List;
import java.util.LinkedHashMap;
import java.util.Collections;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.text.DecimalFormat;
import java.util.Arrays;
import javax.xml.namespace.QName;
import org.apache.commons.codec.DecoderException;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import javax.xml.namespace.QName;
import java.math.BigInteger;
import java.util.Map;
/** /**
* This object is used to represent the content of a Swid Tags Directory * This object is used to represent the content of a Swid Tags Directory
* section. * section.
@ -32,20 +19,8 @@ public class SwidResource {
private static final Logger LOGGER = LogManager.getLogger(SwidResource.class); private static final Logger LOGGER = LogManager.getLogger(SwidResource.class);
private static final String CATALINA_HOME = System.getProperty("catalina.base");
private static final String TOMCAT_UPLOAD_DIRECTORY
= "/webapps/HIRS_AttestationCAPortal/upload/";
/**
* String holder for location for storing binaries.
*/
public static final String RESOURCE_UPLOAD_FOLDER
= CATALINA_HOME + TOMCAT_UPLOAD_DIRECTORY;
private String name, size; private String name, size;
private String rimFormat, rimType, rimUriGlobal, hashValue; private String rimFormat, rimType, rimUriGlobal, hashValue;
private List<String> pcrValues;
private TpmWhiteListBaseline tpmWhiteList; private TpmWhiteListBaseline tpmWhiteList;
private DigestAlgorithm digest = DigestAlgorithm.SHA1; private DigestAlgorithm digest = DigestAlgorithm.SHA1;
private boolean validFileSize = false; private boolean validFileSize = false;
@ -60,7 +35,6 @@ public class SwidResource {
rimType = null; rimType = null;
rimUriGlobal = null; rimUriGlobal = null;
hashValue = null; hashValue = null;
pcrValues = null;
} }
/** /**
@ -102,23 +76,7 @@ public class SwidResource {
} }
this.digest = digest; this.digest = digest;
parsePcrValues();
tpmWhiteList = new TpmWhiteListBaseline(this.name); tpmWhiteList = new TpmWhiteListBaseline(this.name);
if (!pcrValues.isEmpty()) {
int i = 0;
for (String pcr : pcrValues) {
if (this.digest == null) {
// determine by length of pcr value
this.digest = AbstractDigest.getDigestAlgorithm(pcr);
}
try {
tpmWhiteList.addToBaseline(
new TPMMeasurementRecord(i++, pcr));
} catch (DecoderException deEx) {
LOGGER.error(deEx);
}
}
}
} }
/** /**
@ -175,24 +133,6 @@ public class SwidResource {
return hashValue; return hashValue;
} }
/**
* Getter for the list of PCR Values.
*
* @return an unmodifiable list
*/
public List<String> getPcrValues() {
return Collections.unmodifiableList(pcrValues);
}
/**
* Setter for the list of associated PCR Values.
*
* @param pcrValues a collection of PCRs
*/
public void setPcrValues(final List<String> pcrValues) {
this.pcrValues = pcrValues;
}
/** /**
* flag for if the file sizes match with the swidtag. * flag for if the file sizes match with the swidtag.
* @return true if they match * @return true if they match
@ -200,51 +140,4 @@ public class SwidResource {
public boolean isValidFileSize() { public boolean isValidFileSize() {
return validFileSize; return validFileSize;
} }
/**
* Getter for a generated map of the PCR values.
*
* @return mapping of PCR# to the actual value.
*/
public LinkedHashMap<String, String> getPcrMap() {
LinkedHashMap<String, String> innerMap = new LinkedHashMap<>();
DecimalFormat df = new DecimalFormat("00");
if (!this.pcrValues.isEmpty()) {
long iterate = 0;
String pcrNum;
for (String string : this.pcrValues) {
pcrNum = df.format(iterate++);
innerMap.put(String.format("PCR%s:", pcrNum), string);
}
}
return innerMap;
}
private void parsePcrValues() {
TCGEventLog logProcessor = new TCGEventLog();
try {
Path logPath = Paths.get(String.format("%s/%s",
SwidResource.RESOURCE_UPLOAD_FOLDER,
this.getName()));
if (Files.exists(logPath)) {
logProcessor = new TCGEventLog(
Files.readAllBytes(logPath));
}
this.setPcrValues(Arrays.asList(
logProcessor.getExpectedPCRValues()));
} catch (NoSuchFileException nsfEx) {
LOGGER.error(String.format("File Not found!: %s",
this.getName()));
LOGGER.error(nsfEx);
} catch (IOException ioEx) {
LOGGER.error(ioEx);
} catch (CertificateException cEx) {
LOGGER.error(cEx);
} catch (NoSuchAlgorithmException naEx) {
LOGGER.error(naEx);
}
}
} }

31
HIRS_Utils/src/main/java/hirs/persist/DBReferenceDigestManager.java
View File

@ -77,6 +77,37 @@ public class DBReferenceDigestManager extends DBManager<ReferenceDigestRecord>
return dbRecord; return dbRecord;
} }
@Override
public ReferenceDigestRecord getRecord(final String manufacturer, final String model) {
LOGGER.debug("Getting record for {} ~ {}", manufacturer, model);
if (manufacturer == null || model == null) {
LOGGER.error("No reference to get record from db {} ~ {}", manufacturer, model);
return null;
}
ReferenceDigestRecord dbRecord = null;
Transaction tx = null;
Session session = getFactory().getCurrentSession();
try {
LOGGER.debug("retrieving referenceDigestRecord from db");
tx = session.beginTransaction();
dbRecord = (ReferenceDigestRecord) session.createCriteria(ReferenceDigestRecord.class)
.add(Restrictions.eq("manufacturer",
manufacturer)).add(Restrictions.eq("model",
model)).uniqueResult();
tx.commit();
} catch (Exception ex) {
final String msg = "unable to retrieve object";
LOGGER.error(msg, ex);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, ex);
}
return dbRecord;
}
@Override @Override
public ReferenceDigestRecord getRecordById(final ReferenceDigestRecord referenceDigestRecord) { public ReferenceDigestRecord getRecordById(final ReferenceDigestRecord referenceDigestRecord) {
LOGGER.debug("Getting record for {}", referenceDigestRecord); LOGGER.debug("Getting record for {}", referenceDigestRecord);

4
HIRS_Utils/src/main/java/hirs/persist/DBReferenceEventManager.java
View File

@ -50,7 +50,7 @@ public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
if (referenceDigestValue.getDigestRecordId() == null if (referenceDigestValue.getDigestRecordId() == null
|| referenceDigestValue.getDigestValue() == null || referenceDigestValue.getDigestValue() == null
|| referenceDigestValue.getEventNumber() == -1) { || referenceDigestValue.getPcrIndex() == -1) {
LOGGER.error("No reference to get record from db {}", referenceDigestValue); LOGGER.error("No reference to get record from db {}", referenceDigestValue);
return null; return null;
} }
@ -67,7 +67,7 @@ public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
.add(Restrictions.eq("digestValue", .add(Restrictions.eq("digestValue",
referenceDigestValue.getDigestValue())) referenceDigestValue.getDigestValue()))
.add(Restrictions.eq("eventNumber", .add(Restrictions.eq("eventNumber",
referenceDigestValue.getEventNumber())) referenceDigestValue.getPcrIndex()))
.uniqueResult(); .uniqueResult();
tx.commit(); tx.commit();
} catch (Exception ex) { } catch (Exception ex) {

9
HIRS_Utils/src/main/java/hirs/persist/ReferenceDigestManager.java
View File

@ -28,6 +28,15 @@ public interface ReferenceDigestManager {
*/ */
ReferenceDigestRecord getRecord(ReferenceDigestRecord referenceDigestRecord); ReferenceDigestRecord getRecord(ReferenceDigestRecord referenceDigestRecord);
/**
* Persists a new Reference Digest.
*
* @param manufacturer the string of the manufacturer
* @param model the string of the model
* @return the persisted ReferenceDigestRecord
*/
ReferenceDigestRecord getRecord(String manufacturer, String model);
/** /**
* Persists a new Reference Digest. * Persists a new Reference Digest.
* *

7
HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java
View File

@ -37,8 +37,11 @@ public abstract class ReferenceManifestSelector<T extends ReferenceManifest> {
* String representing the database field for the model. * String representing the database field for the model.
*/ */
public static final String PLATFORM_MODEL = "platformModel"; public static final String PLATFORM_MODEL = "platformModel";
/**
* String representing the database field for the filename.
*/
public static final String RIM_FILENAME_FIELD = "fileName";
private static final String RIM_TYPE_FIELD = "rimType"; private static final String RIM_TYPE_FIELD = "rimType";
private static final String RIM_FILENAME_FIELD = "fileName";
private final ReferenceManifestManager referenceManifestManager; private final ReferenceManifestManager referenceManifestManager;
private final Class<T> referenceTypeClass; private final Class<T> referenceTypeClass;
@ -100,7 +103,7 @@ public abstract class ReferenceManifestSelector<T extends ReferenceManifest> {
* @param rimHash the hash code of the bytes to query for * @param rimHash the hash code of the bytes to query for
* @return this instance (for chaining further calls) * @return this instance (for chaining further calls)
*/ */
public ReferenceManifestSelector<T> byHashCode(final int rimHash) { public ReferenceManifestSelector<T> byHashCode(final String rimHash) {
setFieldValue(hirs.data.persist.ReferenceManifest.RIM_HASH_FIELD, rimHash); setFieldValue(hirs.data.persist.ReferenceManifest.RIM_HASH_FIELD, rimHash);
return this; return this;
} }

5
config/checkstyle/sun_checks.xml
View File

@ -123,7 +123,10 @@
<property name="max" value="100"/> <property name="max" value="100"/>
</module> </module>
<module name="MethodLength"/> <module name="MethodLength"/>
<module name="ParameterNumber"/> <module name="ParameterNumber">
<property name="max" value="10"/>
<property name="tokens" value="METHOD_DEF"/>
</module>
<!-- Checks for whitespace --> <!-- Checks for whitespace -->