ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-18 10:46:39 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

This set of code changes deals with the displaying of failed digests values from the validation process. The way there were displayed before was going to be unsustainable because event numbers will never match up. There for a direct compare to a failed event would never be accurate.

Browse Source
This commit is contained in:
Cyrus 2021-05-17 12:44:03 -04:00
parent 3b33bd60b8
commit ddc36d81f4
5 changed files with 87 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -94,7 +94,6 @@ import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashSet;
@ -681,7 +680,6 @@ public abstract class AbstractAttestationCertificateAuthority
for (String line : lines) {
if (!line.isEmpty()
&& !line.contains(TPM_SIGNATURE_ALG)) {
LOG.error(line);
pcrs[counter++] = line.split(":")[1].trim();
}
}
@ -784,7 +782,6 @@ public abstract class AbstractAttestationCertificateAuthority
Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)");
Matcher matcher;
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
List<ByteString> baseLogFiles = new ArrayList<>();
if (dv.getLogfileCount() > 0) {
for (ByteString logFile : dv.getLogfileList()) {
@ -859,7 +856,6 @@ public abstract class AbstractAttestationCertificateAuthority
LOG.error(ioEx);
}
}
baseLogFiles.addAll(dv.getSwidfileList());
} else {
LOG.warn("Device did not send swid tag file...");
}

18
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -32,6 +32,7 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
@ -288,8 +289,6 @@ public class ReferenceManifestDetailsPageController
}
}
// Let's pull the supply chain validation
data.put("associatedRim", baseRim.getAssociatedRim());
data.put("swidFiles", resources);
if (support != null && (!baseRim.isSwidSupplemental()
@ -547,6 +546,21 @@ public class ReferenceManifestDetailsPageController
}
}
if (support != null) {
Map<String, List<TpmPcrEvent>> baselineLogEvents = new HashMap<>();
List<TpmPcrEvent> baselines = null;
for (TpmPcrEvent tpe : livelogEvents) {
baselines = new ArrayList<>();
for (TpmPcrEvent supports : support.getEventLog()) {
if (supports.getEventType() == tpe.getEventType()) {
baselines.add(supports);
}
}
baselineLogEvents.put(tpe.getEventDigestStr(), baselines);
}
data.put("eventTypeMap", baselineLogEvents);
}
data.put("livelogEvents", livelogEvents);
return data;

44
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp
View File

@ -260,25 +260,37 @@
<div class="panel panel-default" style="flex: 1">
<div class="panel-heading">Client Log</div>
<c:if test="${not empty initialData.livelogEvents}">
<c:set var="iterator" value="0" scope="page"/>
<c:forEach items="${initialData.livelogEvents}" var="lEvent">
<div class="event-element">
<div class="event-data">
<div class="data-label">Event#:</div>
<div class="data-value">${lEvent.getEventNumber()+1}</div>
</div>
<div class="event-data">
<div class="data-label">PCR Index:</div>
<div class="data-value">${lEvent.getPcrIndex()}</div>
</div>
<div class="event-data">
<div class="data-label">Digest:</div>
<div class="data-value">${lEvent.getEventDigestStr()}</div>
</div>
<div class="event-data">
<div class="data-label">Content:</div>
<div class="data-value">${lEvent.getEventContentStr()}</div>
<div>
<div style="display: flex; background: lightgray;">
<div style="display: flex 1; margin: auto 1rem auto 1rem">Failed<br />Digest:</div>
<div style="display: flex 2; margin: 2px auto 2px 25px">
${lEvent.getEventDigestStr()}<br />${lEvent.getEventContentStr()}
</div>
</div>
</div>
<div style="display: flex;">
<div class="mappedButton">
Baseline Events of Type:<br />
<a role="button" data-toggle="collapse" href="#eventContent${iterator}">${lEvent.getEventTypeString()}</a>
</div>
<div id="eventContent${iterator}" class="panel-collapse collapse in" style="flex: 2">
<c:forEach items="${initialData.eventTypeMap}" var="mappedDigest">
<c:if test="${mappedDigest.key == lEvent.getEventDigestStr()}">
<c:set var="event" value="${mappedDigest.value}" scope="page"/>
<c:forEach items="${mappedDigest.value}" var="event">
<div class="mappedOverhead">
<div><span class="mappedData">PCR Index:</span> ${event.getPcrIndex()}</div>
<div><span class="mappedData">Digest:</span> ${event.getEventDigestStr()}</div>
<div><span class="mappedData">Event Content:</span> ${event.getEventContentStr()}</div>
</div>
</c:forEach>
</c:if>
</c:forEach>
</div>
</div>
<c:set var="iterator" value="${iterator+1}" scope="page"/>
</c:forEach>
</c:if>
</div>

24
HIRS_AttestationCAPortal/src/main/webapp/common/rim_details.css
View File

@ -81,4 +81,28 @@
.data-value {
flex: 5
}
.mappedType {
display: flex 1;
padding: 1rem;
width: 20rem;
font-weight: bold
}
.mappedOverhead {
display: flex;
flex-direction: column;
padding: 1rem;
}
.mappedData {
font-weight: bold;
}
.mappedButton {
display: flex 1;
padding: 1rem;
width: 20rem;
font-weight: bold;
}

30
HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java
View File

@ -1,17 +1,7 @@
package hirs.tpm.eventlog;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import hirs.tpm.eventlog.events.EvConstants;
import hirs.tpm.eventlog.events.EvCompactHash;
import hirs.tpm.eventlog.events.EvConstants;
import hirs.tpm.eventlog.events.EvEfiBootServicesApp;
import hirs.tpm.eventlog.events.EvEfiGptPartition;
import hirs.tpm.eventlog.events.EvEfiHandoffTable;
@ -30,6 +20,16 @@ import org.apache.commons.codec.binary.Hex;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Arrays;
/**
* Class to process a TCG_PCR_EVENT.
* TCG_PCR_EVENT is used when the Event log uses the SHA1 Format as described in the
@ -211,6 +211,14 @@ public class TpmPcrEvent {
return String.format("0x%s %s", Long.toHexString(eventType), eventString((int) eventType));
}
/**
* Returns a formatted string of the type for the event minus the byte code
* @return a string formatted to be human readable
*/
public String getEventTypeString() {
return eventString((int) eventType);
}
/**
* Returns the version of the TCG Log Event specification pertaining to the log.
* only updated if the event is a TCG_EfiSpecIdEvent.