mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-28 00:38:56 +00:00
spdm processing
This commit is contained in:
parent
a50ec7458c
commit
d1ac5fb530
@ -562,7 +562,9 @@ public class TpmPcrEvent {
|
|||||||
case EvConstants.EV_EFI_HCRTM_EVENT:
|
case EvConstants.EV_EFI_HCRTM_EVENT:
|
||||||
break;
|
break;
|
||||||
case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
|
case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
|
||||||
description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
|
EvEfiSpdmDeviceSecurityEvent tempp = new EvEfiSpdmDeviceSecurityEvent(content);
|
||||||
|
description += "Event Content:\n" + tempp.toString();
|
||||||
|
// description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
|
||||||
break;
|
break;
|
||||||
case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
|
case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
|
||||||
description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
|
description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
package hirs.utils.tpm.eventlog.events;
|
package hirs.utils.tpm.eventlog.events;
|
||||||
|
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
|
import lombok.Setter;
|
||||||
|
|
||||||
|
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TYPE_NONE;
|
||||||
|
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TYPE_PCI;
|
||||||
|
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TYPE_USB;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -56,6 +61,13 @@ public abstract class DeviceSecurityEvent {
|
|||||||
@Getter
|
@Getter
|
||||||
private DeviceSecurityEventDataDeviceContext dsedDevContext = null;
|
private DeviceSecurityEventDataDeviceContext dsedDevContext = null;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Device type.
|
||||||
|
*/
|
||||||
|
@Getter
|
||||||
|
@Setter
|
||||||
|
private int deviceType = -1;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Human readable description of the data within the
|
* Human readable description of the data within the
|
||||||
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT. DEVICE can be either PCI or USB.
|
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT. DEVICE can be either PCI or USB.
|
||||||
@ -74,37 +86,25 @@ public abstract class DeviceSecurityEvent {
|
|||||||
/**
|
/**
|
||||||
* Parse the Device Context structure, can be PCI or USB based on device type field.
|
* Parse the Device Context structure, can be PCI or USB based on device type field.
|
||||||
*
|
*
|
||||||
* @param dSEDbytes byte array holding the DeviceSecurityEventData.
|
* @param dsedDeviceContextBytes byte array holding the DeviceSecurityEventData.
|
||||||
* @param startByte starting byte of the device structure (depends on length of header).
|
|
||||||
* @param deviceType device type either PCI or USB.
|
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public void parseDeviceContext(final byte[] dSEDbytes, int startByte, int deviceType) {
|
public void instantiateDeviceContext(final byte[] dsedDeviceContextBytes) {
|
||||||
|
|
||||||
int deviceContextLength = dSEDbytes.length - startByte;
|
if (deviceType == DEVICE_TYPE_NONE) {
|
||||||
|
|
||||||
// get the device context bytes
|
|
||||||
byte[] deviceContextBytes = new byte[deviceContextLength];
|
|
||||||
System.arraycopy(dSEDbytes, startByte, deviceContextBytes, 0,
|
|
||||||
deviceContextLength);
|
|
||||||
|
|
||||||
if (deviceType == 0) {
|
|
||||||
deviceContextInfo = "\n No Device Context (indicated by device type value of 0";
|
deviceContextInfo = "\n No Device Context (indicated by device type value of 0";
|
||||||
}
|
}
|
||||||
else if (deviceType == 1) {
|
else if (deviceType == DEVICE_TYPE_PCI) {
|
||||||
// DeviceSecurityEventDataPciContext dSEDpciContext
|
|
||||||
// = new DeviceSecurityEventDataPciContext(deviceContextBytes);
|
|
||||||
// deviceContextInfo = dSEDpciContext.toString();
|
|
||||||
dsedDevContext
|
dsedDevContext
|
||||||
= new DeviceSecurityEventDataPciContext(deviceContextBytes);
|
= new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes);
|
||||||
deviceContextInfo = dsedDevContext.toString();
|
deviceContextInfo = dsedDevContext.toString();
|
||||||
}
|
}
|
||||||
//else if (deviceType == 2) {
|
else if (deviceType == DEVICE_TYPE_USB) {
|
||||||
//DeviceSecurityEventDataUsbContext dSEDusbContext
|
// dsedDevContext
|
||||||
// = new DeviceSecurityEventDataUsbContext(deviceContextBytes);
|
// = new DeviceSecurityEventDataUsbContext(dsedDeviceContextBytes);
|
||||||
//deviceContextInfo = dSEDusbContext.toString();
|
// deviceContextInfo = dsedDevContext.toString();
|
||||||
//deviceContextInfo = "Device type is USB - to be implemented in future";
|
deviceContextInfo = " Device Type: USB - To be implemented";
|
||||||
//}
|
}
|
||||||
else {
|
else {
|
||||||
deviceContextInfo = " Unknown device type; cannot process device context";
|
deviceContextInfo = " Unknown device type; cannot process device context";
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,6 @@ package hirs.utils.tpm.eventlog.events;
|
|||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.UnsupportedEncodingException;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class to process DEVICE_SECURITY_EVENT_DATA.
|
* Class to process DEVICE_SECURITY_EVENT_DATA.
|
||||||
@ -26,11 +25,19 @@ public class DeviceSecurityEventData extends DeviceSecurityEvent {
|
|||||||
/**
|
/**
|
||||||
* DeviceSecurityEventData Constructor.
|
* DeviceSecurityEventData Constructor.
|
||||||
*
|
*
|
||||||
* @param dSEDbytes byte array holding the DeviceSecurityEventData.
|
* @param dsedBytes byte array holding the DeviceSecurityEventData.
|
||||||
*/
|
*/
|
||||||
public DeviceSecurityEventData(final byte[] dSEDbytes) throws IOException {
|
public DeviceSecurityEventData(final byte[] dsedBytes) throws IOException {
|
||||||
dsedHeader = new DeviceSecurityEventDataHeader(dSEDbytes);
|
dsedHeader = new DeviceSecurityEventDataHeader(dsedBytes);
|
||||||
parseDeviceContext(dSEDbytes, dsedHeader.getDSEDheaderByteSize(), dsedHeader.getDeviceType());
|
setDeviceType(dsedHeader.getDeviceType());
|
||||||
|
int dsedHeaderLength = dsedHeader.getDsedHeaderLength();
|
||||||
|
|
||||||
|
int dsedDevContextLength = dsedBytes.length - dsedHeaderLength;
|
||||||
|
byte[] dsedDevContextBytes = new byte[dsedDevContextLength];
|
||||||
|
System.arraycopy(dsedBytes, dsedHeaderLength, dsedDevContextBytes, 0,
|
||||||
|
dsedDevContextLength);
|
||||||
|
|
||||||
|
instantiateDeviceContext(dsedDevContextBytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1,15 +1,12 @@
|
|||||||
package hirs.utils.tpm.eventlog.events;
|
package hirs.utils.tpm.eventlog.events;
|
||||||
|
|
||||||
import hirs.utils.HexUtils;
|
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.UnsupportedEncodingException;
|
|
||||||
|
|
||||||
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventDataHeader2.SUBHEADERTYPE_CERT_CHAIN;
|
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventDataHeader2.SUBHEADERTYPE_CERT_CHAIN;
|
||||||
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventDataHeader2.SUBHEADERTYPE_MEAS_BLOCK;
|
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventDataHeader2.SUBHEADERTYPE_MEAS_BLOCK;
|
||||||
|
|
||||||
// TODO Placeholder class to be implemented upon getting test pattern
|
|
||||||
/**
|
/**
|
||||||
* Class to process DEVICE_SECURITY_EVENT_DATA2.
|
* Class to process DEVICE_SECURITY_EVENT_DATA2.
|
||||||
* Parses event data per PFP v1.06 Rev52 Table 26.
|
* Parses event data per PFP v1.06 Rev52 Table 26.
|
||||||
@ -47,34 +44,40 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent {
|
|||||||
/**
|
/**
|
||||||
* DeviceSecurityEventData2 Constructor.
|
* DeviceSecurityEventData2 Constructor.
|
||||||
*
|
*
|
||||||
* @param dSEDbytes byte array holding the DeviceSecurityEventData2.
|
* @param dsedBytes byte array holding the DeviceSecurityEventData2.
|
||||||
*/
|
*/
|
||||||
public DeviceSecurityEventData2(final byte[] dSEDbytes) throws IOException {
|
public DeviceSecurityEventData2(final byte[] dsedBytes) throws IOException {
|
||||||
|
|
||||||
dsedHeader2 = new DeviceSecurityEventDataHeader2(dSEDbytes);
|
dsedHeader2 = new DeviceSecurityEventDataHeader2(dsedBytes);
|
||||||
int dSEDheaderByteSize = dsedHeader2.getDSEDheaderByteSize();
|
setDeviceType(dsedHeader2.getDeviceType());
|
||||||
|
int dsedHeaderLength = dsedHeader2.getDsedHeaderLength();
|
||||||
int subHeaderType = dsedHeader2.getSubHeaderType();
|
int subHeaderType = dsedHeader2.getSubHeaderType();
|
||||||
int subHeaderLength = dsedHeader2.getSubHeaderLength();
|
int subHeaderLength = dsedHeader2.getSubHeaderLength();
|
||||||
|
|
||||||
subHeaderInfo = "\nSub header type: " + subHeaderType;
|
subHeaderInfo = "\nSub header type: " + subHeaderType;
|
||||||
|
|
||||||
byte[] dSEDsubHeaderBytes = new byte[subHeaderLength];
|
byte[] dsedSubHeaderBytes = new byte[subHeaderLength];
|
||||||
System.arraycopy(dSEDbytes, dSEDheaderByteSize, dSEDsubHeaderBytes, 0, subHeaderLength);
|
System.arraycopy(dsedBytes, dsedHeaderLength, dsedSubHeaderBytes, 0, subHeaderLength);
|
||||||
|
|
||||||
if (subHeaderType == SUBHEADERTYPE_MEAS_BLOCK) {
|
if (subHeaderType == SUBHEADERTYPE_MEAS_BLOCK) {
|
||||||
dsedSubHeader = new DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(dSEDsubHeaderBytes);
|
dsedSubHeader = new DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(dsedSubHeaderBytes);
|
||||||
subHeaderInfo += dsedSubHeader.toString();
|
subHeaderInfo += dsedSubHeader.toString();
|
||||||
}
|
}
|
||||||
else if (subHeaderType == SUBHEADERTYPE_CERT_CHAIN) {
|
else if (subHeaderType == SUBHEADERTYPE_CERT_CHAIN) {
|
||||||
// TBD:
|
|
||||||
// dsedSubHeader = new DeviceSecurityEventDataSubHeaderCertChain();
|
// dsedSubHeader = new DeviceSecurityEventDataSubHeaderCertChain();
|
||||||
|
subHeaderInfo += " Cert chain to be implemented ";
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
subHeaderInfo += "Subheader type unknown";
|
subHeaderInfo += "Sub header type unknown";
|
||||||
}
|
}
|
||||||
|
|
||||||
// get subheader
|
int dsedDevContextStartByte = dsedHeaderLength + subHeaderLength;
|
||||||
parseDeviceContext(dSEDbytes, dsedHeader2.getDSEDheaderByteSize(), dsedHeader2.getDeviceType());
|
int dsedDevContextLength = dsedBytes.length - dsedDevContextStartByte;
|
||||||
|
byte[] dsedDevContextBytes = new byte[dsedDevContextLength];
|
||||||
|
System.arraycopy(dsedBytes, dsedDevContextStartByte, dsedDevContextBytes, 0,
|
||||||
|
dsedDevContextLength);
|
||||||
|
|
||||||
|
instantiateDeviceContext(dsedDevContextBytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -31,17 +31,17 @@ public abstract class DeviceSecurityEventDataDeviceContext {
|
|||||||
/**
|
/**
|
||||||
* DeviceSecurityEventDataDeviceContext Constructor.
|
* DeviceSecurityEventDataDeviceContext Constructor.
|
||||||
*
|
*
|
||||||
* @param dSEDdeviceContextBytes byte array holding the DeviceSecurityEventData.
|
* @param dsedDeviceContextBytes byte array holding the DeviceSecurityEventData.
|
||||||
*/
|
*/
|
||||||
public DeviceSecurityEventDataDeviceContext(final byte[] dSEDdeviceContextBytes) {
|
public DeviceSecurityEventDataDeviceContext(final byte[] dsedDeviceContextBytes) {
|
||||||
|
|
||||||
byte[] pciVersionBytes = new byte[2];
|
byte[] versionBytes = new byte[2];
|
||||||
System.arraycopy(dSEDdeviceContextBytes, 0, pciVersionBytes, 0, 2);
|
System.arraycopy(dsedDeviceContextBytes, 0, versionBytes, 0, 2);
|
||||||
version = HexUtils.leReverseInt(pciVersionBytes);
|
version = HexUtils.leReverseInt(versionBytes);
|
||||||
|
|
||||||
byte[] pciLengthBytes = new byte[2];
|
byte[] lengthBytes = new byte[2];
|
||||||
System.arraycopy(dSEDdeviceContextBytes, 2, pciLengthBytes, 0, 2);
|
System.arraycopy(dsedDeviceContextBytes, 2, lengthBytes, 0, 2);
|
||||||
length = HexUtils.leReverseInt(pciLengthBytes);
|
length = HexUtils.leReverseInt(lengthBytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -52,8 +52,7 @@ public abstract class DeviceSecurityEventDataDeviceContext {
|
|||||||
public String toString() {
|
public String toString() {
|
||||||
String dSEDdeviceContextCommonInfo = "";
|
String dSEDdeviceContextCommonInfo = "";
|
||||||
|
|
||||||
dSEDdeviceContextCommonInfo += "\n DeviceSecurityEventData Device Info:";
|
dSEDdeviceContextCommonInfo += "\n DeviceSecurityEventData Device Context:";
|
||||||
dSEDdeviceContextCommonInfo += "\n Device Structure Version = " + version;
|
|
||||||
|
|
||||||
return dSEDdeviceContextCommonInfo;
|
return dSEDdeviceContextCommonInfo;
|
||||||
}
|
}
|
||||||
|
@ -8,7 +8,6 @@ import lombok.Getter;
|
|||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.UnsupportedEncodingException;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER.
|
* Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER.
|
||||||
@ -76,13 +75,11 @@ public class DeviceSecurityEventDataHeader extends DeviceSecurityEventHeader {
|
|||||||
int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes);
|
int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes);
|
||||||
int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + 4; // header is 4 bytes
|
int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + 4; // header is 4 bytes
|
||||||
|
|
||||||
// extract the bytes from the SPDM Measurement Block
|
// extract the bytes that comprise the SPDM Measurement Block
|
||||||
byte[] spdmMeasBlockBytes = new byte[sizeOfSpdmMeasBlock];
|
byte[] spdmMeasBlockBytes = new byte[sizeOfSpdmMeasBlock];
|
||||||
System.arraycopy(dsedBytes, 28, spdmMeasBlockBytes, 0,
|
System.arraycopy(dsedBytes, 28, spdmMeasBlockBytes, 0,
|
||||||
sizeOfSpdmMeasBlock);
|
sizeOfSpdmMeasBlock);
|
||||||
|
|
||||||
// spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasBlockBytes);
|
|
||||||
|
|
||||||
ByteArrayInputStream spdmMeasurementBlockData =
|
ByteArrayInputStream spdmMeasurementBlockData =
|
||||||
new ByteArrayInputStream(spdmMeasBlockBytes);
|
new ByteArrayInputStream(spdmMeasBlockBytes);
|
||||||
spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasurementBlockData);
|
spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasurementBlockData);
|
||||||
@ -92,7 +89,7 @@ public class DeviceSecurityEventDataHeader extends DeviceSecurityEventHeader {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a human readable description of the data within this structure.
|
* Returns a human-readable description of the data within this structure.
|
||||||
*
|
*
|
||||||
* @return a description of this structure.
|
* @return a description of this structure.
|
||||||
*/
|
*/
|
||||||
|
@ -1,9 +1,6 @@
|
|||||||
package hirs.utils.tpm.eventlog.events;
|
package hirs.utils.tpm.eventlog.events;
|
||||||
|
|
||||||
import hirs.utils.HexUtils;
|
import hirs.utils.HexUtils;
|
||||||
import hirs.utils.tpm.eventlog.spdm.SpdmHa;
|
|
||||||
import hirs.utils.tpm.eventlog.spdm.SpdmMeasurementBlock;
|
|
||||||
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
|
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
|
|
||||||
import java.io.UnsupportedEncodingException;
|
import java.io.UnsupportedEncodingException;
|
||||||
@ -112,23 +109,24 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader {
|
|||||||
extractDeviceType(dsedBytes, 24);
|
extractDeviceType(dsedBytes, 24);
|
||||||
|
|
||||||
byte[] subHeaderTypeBytes = new byte[4];
|
byte[] subHeaderTypeBytes = new byte[4];
|
||||||
System.arraycopy(dsedBytes, 44, subHeaderTypeBytes, 0, 4);
|
System.arraycopy(dsedBytes, 28, subHeaderTypeBytes, 0, 4);
|
||||||
subHeaderType = HexUtils.leReverseInt(subHeaderTypeBytes);
|
subHeaderType = HexUtils.leReverseInt(subHeaderTypeBytes);
|
||||||
|
|
||||||
byte[] subHeaderLengthBytes = new byte[4];
|
byte[] subHeaderLengthBytes = new byte[4];
|
||||||
System.arraycopy(dsedBytes, 48, subHeaderLengthBytes, 0, 4);
|
System.arraycopy(dsedBytes, 32, subHeaderLengthBytes, 0, 4);
|
||||||
subHeaderLength = HexUtils.leReverseInt(subHeaderLengthBytes);
|
subHeaderLength = HexUtils.leReverseInt(subHeaderLengthBytes);
|
||||||
|
|
||||||
byte[] subHeaderUidBytes = new byte[8];
|
byte[] subHeaderUidBytes = new byte[8];
|
||||||
System.arraycopy(dsedBytes, 52, subHeaderUidBytes, 0, 8);
|
System.arraycopy(dsedBytes, 36, subHeaderUidBytes, 0, 8);
|
||||||
|
subHeaderUidBytes = HexUtils.leReverseByte(subHeaderUidBytes);
|
||||||
subHeaderUid = HexUtils.byteArrayToHexString(subHeaderUidBytes);
|
subHeaderUid = HexUtils.byteArrayToHexString(subHeaderUidBytes);
|
||||||
|
|
||||||
int devPathLenStartByte = 60;
|
int devPathLenStartByte = 44;
|
||||||
extractDevicePathAndFinalSize(dsedBytes, devPathLenStartByte);
|
extractDevicePathAndFinalSize(dsedBytes, devPathLenStartByte);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a human readable description of the data within this structure.
|
* Returns a human-readable description of the data within this structure.
|
||||||
*
|
*
|
||||||
* @return a description of this structure.
|
* @return a description of this structure.
|
||||||
*/
|
*/
|
||||||
|
@ -1,14 +1,13 @@
|
|||||||
package hirs.utils.tpm.eventlog.events;
|
package hirs.utils.tpm.eventlog.events;
|
||||||
|
|
||||||
import hirs.utils.HexUtils;
|
import hirs.utils.HexUtils;
|
||||||
|
import hirs.utils.tpm.eventlog.spdm.SpdmHa;
|
||||||
import hirs.utils.tpm.eventlog.spdm.SpdmMeasurementBlock;
|
import hirs.utils.tpm.eventlog.spdm.SpdmMeasurementBlock;
|
||||||
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
|
|
||||||
import hirs.utils.tpm.eventlog.uefi.UefiSignatureList;
|
import hirs.utils.tpm.eventlog.uefi.UefiSignatureList;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.UnsupportedEncodingException;
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
@ -47,10 +46,6 @@ public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends Device
|
|||||||
* List of SPDM Measurement Blocks.
|
* List of SPDM Measurement Blocks.
|
||||||
*/
|
*/
|
||||||
private List<SpdmMeasurementBlock> spdmMeasurementBlockList;
|
private List<SpdmMeasurementBlock> spdmMeasurementBlockList;
|
||||||
// /**
|
|
||||||
// * SPDM Measurement Block.
|
|
||||||
// */
|
|
||||||
// private SpdmMeasurementBlock spdmMeasurementBlock = null;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* DeviceSecurityEventDataHeader Constructor.
|
* DeviceSecurityEventDataHeader Constructor.
|
||||||
@ -59,8 +54,6 @@ public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends Device
|
|||||||
*/
|
*/
|
||||||
public DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(final byte[] dsedSubHBytes) throws IOException {
|
public DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(final byte[] dsedSubHBytes) throws IOException {
|
||||||
|
|
||||||
// super();
|
|
||||||
|
|
||||||
spdmMeasurementBlockList = new ArrayList<>();
|
spdmMeasurementBlockList = new ArrayList<>();
|
||||||
|
|
||||||
byte[] spdmVersionBytes = new byte[2];
|
byte[] spdmVersionBytes = new byte[2];
|
||||||
@ -77,7 +70,10 @@ public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends Device
|
|||||||
System.arraycopy(dsedSubHBytes, 4, spdmMeasurementHashAlgoBytes, 0, 4);
|
System.arraycopy(dsedSubHBytes, 4, spdmMeasurementHashAlgoBytes, 0, 4);
|
||||||
spdmMeasurementHashAlgo = HexUtils.leReverseInt(spdmMeasurementHashAlgoBytes);
|
spdmMeasurementHashAlgo = HexUtils.leReverseInt(spdmMeasurementHashAlgoBytes);
|
||||||
|
|
||||||
|
// get the size of the SPDM Measurement Block List
|
||||||
int spdmMeasurementBlockListSize = dsedSubHBytes.length - 8;
|
int spdmMeasurementBlockListSize = dsedSubHBytes.length - 8;
|
||||||
|
|
||||||
|
// extract the bytes that comprise the SPDM Measurement Block List
|
||||||
byte[] spdmMeasurementBlockListBytes = new byte[spdmMeasurementBlockListSize];
|
byte[] spdmMeasurementBlockListBytes = new byte[spdmMeasurementBlockListSize];
|
||||||
System.arraycopy(dsedSubHBytes, 8, spdmMeasurementBlockListBytes, 0,
|
System.arraycopy(dsedSubHBytes, 8, spdmMeasurementBlockListBytes, 0,
|
||||||
spdmMeasurementBlockListSize);
|
spdmMeasurementBlockListSize);
|
||||||
@ -85,22 +81,32 @@ public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends Device
|
|||||||
ByteArrayInputStream spdmMeasurementBlockListData =
|
ByteArrayInputStream spdmMeasurementBlockListData =
|
||||||
new ByteArrayInputStream(spdmMeasurementBlockListBytes);
|
new ByteArrayInputStream(spdmMeasurementBlockListBytes);
|
||||||
while (spdmMeasurementBlockListData.available() > 0) {
|
while (spdmMeasurementBlockListData.available() > 0) {
|
||||||
|
|
||||||
SpdmMeasurementBlock spdmMeasurementBlock;
|
SpdmMeasurementBlock spdmMeasurementBlock;
|
||||||
spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasurementBlockListData);
|
spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasurementBlockListData);
|
||||||
|
|
||||||
spdmMeasurementBlockList.add(spdmMeasurementBlock);
|
spdmMeasurementBlockList.add(spdmMeasurementBlock);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a human readable description of the data within this structure.
|
* Returns a human-readable description of the data within this structure.
|
||||||
*
|
*
|
||||||
* @return a description of this structure.
|
* @return a description of this structure.
|
||||||
*/
|
*/
|
||||||
public String toString() {
|
public String toString() {
|
||||||
String dsedSubHeaderInfo = "";
|
String dsedSubHeaderInfo = "";
|
||||||
// dsedSubHeaderInfo += dsedHeader2.toString();
|
dsedSubHeaderInfo += "\n SPDM Version: " + spdmVersion;
|
||||||
|
String spdmHashAlgoStr = SpdmHa.tcgAlgIdToString(spdmMeasurementHashAlgo);
|
||||||
|
dsedSubHeaderInfo += "\n SPDM Hash Algorithm = " + spdmHashAlgoStr;
|
||||||
|
|
||||||
|
// SPDM Measurement Block List output
|
||||||
|
dsedSubHeaderInfo += "\n Number of SPDM Measurement Blocks = " + spdmMeasurementBlockList.size();
|
||||||
|
int spdmMeasBlockCnt = 1;
|
||||||
|
for (SpdmMeasurementBlock spdmMeasBlock : spdmMeasurementBlockList) {
|
||||||
|
dsedSubHeaderInfo += "\n SPDM Measurement Block # " + spdmMeasBlockCnt++ + " of " +
|
||||||
|
spdmMeasurementBlockList.size();
|
||||||
|
dsedSubHeaderInfo += spdmMeasBlock.toString();
|
||||||
|
}
|
||||||
|
|
||||||
return dsedSubHeaderInfo;
|
return dsedSubHeaderInfo;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,6 @@ import hirs.utils.HexUtils;
|
|||||||
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
|
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
|
||||||
import hirs.utils.tpm.eventlog.uefi.UefiDevicePath;
|
import hirs.utils.tpm.eventlog.uefi.UefiDevicePath;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.Setter;
|
|
||||||
|
|
||||||
import java.io.UnsupportedEncodingException;
|
import java.io.UnsupportedEncodingException;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
@ -57,7 +56,7 @@ public abstract class DeviceSecurityEventHeader {
|
|||||||
* Contains the size (in bytes) of the header.
|
* Contains the size (in bytes) of the header.
|
||||||
*/
|
*/
|
||||||
@Getter
|
@Getter
|
||||||
private Integer dSEDheaderByteSize = 0;
|
private Integer dsedHeaderLength = 0;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Signature (text) data.
|
* Signature (text) data.
|
||||||
@ -120,8 +119,8 @@ public abstract class DeviceSecurityEventHeader {
|
|||||||
|
|
||||||
byte[] signatureBytes = new byte[UefiConstants.SIZE_16];
|
byte[] signatureBytes = new byte[UefiConstants.SIZE_16];
|
||||||
System.arraycopy(dSEDbytes, 0, signatureBytes, 0, UefiConstants.SIZE_16);
|
System.arraycopy(dSEDbytes, 0, signatureBytes, 0, UefiConstants.SIZE_16);
|
||||||
signature = new String(signatureBytes, StandardCharsets.UTF_8)
|
signature = new String(signatureBytes, StandardCharsets.UTF_8);
|
||||||
.substring(0, UefiConstants.SIZE_15);
|
signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
|
||||||
|
|
||||||
byte[] versionBytes = new byte[UefiConstants.SIZE_2];
|
byte[] versionBytes = new byte[UefiConstants.SIZE_2];
|
||||||
System.arraycopy(dSEDbytes, UefiConstants.OFFSET_16, versionBytes, 0,
|
System.arraycopy(dSEDbytes, UefiConstants.OFFSET_16, versionBytes, 0,
|
||||||
@ -172,7 +171,7 @@ public abstract class DeviceSecurityEventHeader {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// header total size
|
// header total size
|
||||||
dSEDheaderByteSize = startByte + devicePathLength;
|
dsedHeaderLength = startByte + devicePathLength;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -183,25 +182,20 @@ public abstract class DeviceSecurityEventHeader {
|
|||||||
* @return name of the device type
|
* @return name of the device type
|
||||||
*/
|
*/
|
||||||
public String deviceTypeToString(final int deviceTypeInt) {
|
public String deviceTypeToString(final int deviceTypeInt) {
|
||||||
String deviceTypeStr;
|
|
||||||
switch (deviceTypeInt) {
|
switch (deviceTypeInt) {
|
||||||
case DEVICE_TYPE_NONE:
|
case DEVICE_TYPE_NONE:
|
||||||
deviceTypeStr = "No device type";
|
return "No device type";
|
||||||
break;
|
|
||||||
case DEVICE_TYPE_PCI:
|
case DEVICE_TYPE_PCI:
|
||||||
deviceTypeStr = "PCI";
|
return "PCI";
|
||||||
break;
|
|
||||||
case DEVICE_TYPE_USB:
|
case DEVICE_TYPE_USB:
|
||||||
deviceTypeStr = "USB";
|
return "USB";
|
||||||
break;
|
|
||||||
default:
|
default:
|
||||||
deviceTypeStr = "Unknown or invalid Device Type";
|
return "Unknown or invalid Device Type";
|
||||||
}
|
}
|
||||||
return deviceTypeStr;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a human readable description of the data common to header structures.
|
* Returns a human-readable description of the data common to header structures.
|
||||||
*
|
*
|
||||||
* @return a description of this structure.
|
* @return a description of this structure.
|
||||||
*/
|
*/
|
||||||
|
@ -216,6 +216,7 @@ public class UefiVariable {
|
|||||||
case "KEK":
|
case "KEK":
|
||||||
case "db":
|
case "db":
|
||||||
case "dbx":
|
case "dbx":
|
||||||
|
break;
|
||||||
case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY
|
case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY
|
||||||
// (update when test patterns exist)
|
// (update when test patterns exist)
|
||||||
efiVariable.append(" EV_EFI_SPDM_DEVICE_POLICY and EV_EFI_SPDM_DEVICE_AUTHORITY: " +
|
efiVariable.append(" EV_EFI_SPDM_DEVICE_POLICY and EV_EFI_SPDM_DEVICE_AUTHORITY: " +
|
||||||
|
Loading…
Reference in New Issue
Block a user