ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-06-01 23:21:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[#7] Setup Build/Package Support for Ubuntu (#9)

Browse Source
This commit is contained in:
apldev3 2018-10-02 16:21:35 -04:00 committed by apldev4
parent 66551196f5
commit e27e5ea1e6
11 changed files with 300 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
HIRS_ProvisionerTPM2/CMakeLists.txt
View File

@ -38,6 +38,17 @@ endif()
configure_file ("${CMAKE_SOURCE_DIR}/include/Version.h.in" configure_file ("${CMAKE_SOURCE_DIR}/include/Version.h.in"
"${CMAKE_SOURCE_DIR}/include/Version.h") "${CMAKE_SOURCE_DIR}/include/Version.h")
# Attempt to Determine Build Environment
if (UNIX AND NOT APPLE)
file(READ /etc/os-release OS_INFO)
string(REGEX MATCH "NAME=\"[A-Za-z ]+\"" DISTRIBUTION_NAME ${OS_INFO})
string(REGEX MATCH "VERSION_ID=\"[0-9. ]+\"" DISTRIBUTION_VERSION ${OS_INFO})
string(REPLACE "NAME=" "" DISTRIBUTION ${DISTRIBUTION_NAME})
string(REPLACE "VERSION_ID=" "" DISTRIBUTION_VERSION ${DISTRIBUTION_VERSION})
string(REPLACE "\"" "" DISTRIBUTION ${DISTRIBUTION})
string(REPLACE "\"" "" DISTRIBUTION_VERSION ${DISTRIBUTION_VERSION})
endif()
# Set C++ Standard 11 based on version information # Set C++ Standard 11 based on version information
if (${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION} GREATER 3.0) if (${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION} GREATER 3.0)
set(CMAKE_CXX_STANDARD 11) set(CMAKE_CXX_STANDARD 11)
@ -219,9 +230,9 @@ if(STATIC_ANALYSIS)
endif(STATIC_ANALYSIS) endif(STATIC_ANALYSIS)
# Set variables for CPack Package generation tool # Set variables for CPack Package generation tool
set(CPACK_GENERATOR "RPM")
set(CPACK_PACKAGE_NAME HIRS_Provisioner_TPM_2_0) set(CPACK_PACKAGE_NAME HIRS_Provisioner_TPM_2_0)
set(CPACK_PACKAGE_VENDOR "U.S. Government") set(CPACK_PACKAGE_VENDOR "U.S. Government")
set(CPACK_PACKAGE_CONTACT "U.S. Government")
set(CPACK_PACKAGE_VERSION_MAJOR ${MAJOR_VERSION}) set(CPACK_PACKAGE_VERSION_MAJOR ${MAJOR_VERSION})
set(CPACK_PACKAGE_VERSION_MINOR ${MINOR_VERSION}) set(CPACK_PACKAGE_VERSION_MINOR ${MINOR_VERSION})
set(CPACK_PACKAGE_VERSION_PATCH ${PATCH_VERSION}) set(CPACK_PACKAGE_VERSION_PATCH ${PATCH_VERSION})
@ -229,18 +240,33 @@ set(CPACK_PACKAGE_RELEASE ${PACKAGE_RELEASE_NUMBER})
set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX})
# Set variables specific to CPack RPM package generator # Setup Development Distribution CPack
set(CPACK_RPM_PACKAGE_NAME "HIRS_Provisioner_TPM_2_0") if (${DISTRIBUTION} STREQUAL "Ubuntu")
set(CPACK_RPM_PACKAGE_RELEASE_DIST "el7") # Set variables specific to CPack DEB package generator
set(CPACK_RPM_PACKAGE_LICENSE "None") set(CPACK_GENERATOR "DEB")
set(CPACK_RPM_PACKAGE_GROUP "System Environment/Base") set(CPACK_DEBIAN_PACKAGE_NAME "HIRSProvisionerTPM2.0")
set(CPACK_RPM_PACKAGE_REQUIRES "log4cplus >= 1.1.2, tpm2-tss >= 1.0, tpm2-tools >= 1.1.0, protobuf >= 2.4.1, re2 >= 20160401, lshw") set(CPACK_DEBIAN_PACKAGE_SECTION "admin")
set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/package/rpm-post-install.sh) set(CPACK_DEBIAN_PACKAGE_DEPENDS "liblog4cplus-1.1-9(>=1.1.2), libsapi-utils(>=1.0), tpm2-tools(>=1.1), libprotobuf10(>=2.4.1), libcurlpp0(>=0.8), lshw")
set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION /usr/local /usr/local/bin /usr/local/include /usr/local/lib) if (${DISTRIBUTION_VERSION} STREQUAL "17.10")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-3(>=20160401)")
# set package filenames elseif(${DISTRIBUTION_VERSION} STREQUAL "18.04" OR ${DISTRIBUTION_VERSION} STREQUAL "18.10")
set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}.${CPACK_RPM_PACKAGE_RELEASE_DIST}.${CMAKE_SYSTEM_PROCESSOR}") set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-4(>=20160401)")
set(CPACK_RPM_FILE_NAME "${CPACK_RPM_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}.${CPACK_RPM_PACKAGE_RELEASE_DIST}.${CMAKE_SYSTEM_PROCESSOR}") endif()
set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE amd64)
set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA ${CMAKE_SOURCE_DIR}/package/postinst)
set(CPACK_PACKAGE_FILE_NAME "${CPACK_DEBIAN_PACKAGE_NAME}_${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}_${CPACK_DEBIAN_PACKAGE_ARCHITECTURE}")
elseif (${DISTRIBUTION} STREQUAL "CentOS Linux")
# Set variables specific to CPack RPM package generator
set(CPACK_GENERATOR "RPM")
set(CPACK_RPM_PACKAGE_NAME "HIRS_Provisioner_TPM_2_0")
set(CPACK_RPM_PACKAGE_RELEASE_DIST "el7")
set(CPACK_RPM_PACKAGE_LICENSE "Apache License, Version 2.0")
set(CPACK_RPM_PACKAGE_GROUP "System Environment/Base")
set(CPACK_RPM_PACKAGE_REQUIRES "log4cplus >= 1.1.2, tpm2-tss >= 1.0, tpm2-tools >= 1.1.0, protobuf >= 2.4.1, re2 >= 20160401, libcurl >= 7.0.0, lshw")
set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/package/rpm-post-install.sh)
set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION /usr/local /usr/local/bin /usr/local/include /usr/local/lib)
set(CPACK_PACKAGE_FILE_NAME "${CPACK_RPM_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}.${CPACK_RPM_PACKAGE_RELEASE_DIST}.${CMAKE_SYSTEM_PROCESSOR}")
endif()
# Set command to allow for running of CPack tool in build directory # Set command to allow for running of CPack tool in build directory
include(CPack) include(CPack)

31
HIRS_ProvisionerTPM2/include/Utils.h
View File

@ -56,6 +56,15 @@ namespace string_utils {
*/ */
std::string binaryToHex(const std::string& bin); std::string binaryToHex(const std::string& bin);
/**
* Checks if a string contains another string.
*
* @param str containing string
* @param substring string to search for
* @return true, if the string is found / false, otherwise
*/
bool contains(const std::string& str, const std::string& substring);
/** /**
* Converts an unsigned long (uint32) value to a hex string. * Converts an unsigned long (uint32) value to a hex string.
* *
@ -98,6 +107,23 @@ namespace string_utils {
*/ */
std::string trimNewLines(std::string str); std::string trimNewLines(std::string str);
/**
* Removes any double-quote characters in the input string and returns the
* pruned, input string.
* @param str string to remove double-quotes characters from.
* @return str with double-quote characters removed.
*/
std::string trimQuotes(std::string str);
/**
* Removes any occurrences of the target character in the input string and
* returns the pruned, input string.
* @param str string to characters from.
* @param targetChar char to prune from the string
* @return str with the characters removed.
*/
std::string trimChar(std::string str, char targetChar);
std::string trimWhitespaceFromLeft(std::string str); std::string trimWhitespaceFromLeft(std::string str);
std::string trimWhitespaceFromRight(std::string str); std::string trimWhitespaceFromRight(std::string str);
@ -112,6 +138,7 @@ namespace tpm2_tools_utils {
*/ */
enum class Tpm2ToolsVersion { enum class Tpm2ToolsVersion {
VERSION_1_1_0, VERSION_1_1_0,
VERSION_2_1_0,
VERSION_3_0_1 VERSION_3_0_1
}; };
@ -122,6 +149,10 @@ enum class Tpm2ToolsVersion {
class Tpm2ToolsVersionChecker { class Tpm2ToolsVersionChecker {
private: private:
static const std::unordered_map<std::string, Tpm2ToolsVersion> kVersionMap; static const std::unordered_map<std::string, Tpm2ToolsVersion> kVersionMap;
static const std::unordered_map<std::string,
Tpm2ToolsVersion> kMaxSupportedVersionMap;
static std::string getDistribution();
public: public:
/** /**

4
HIRS_ProvisionerTPM2/package/package.tpm2.centos7.sh
View File

@ -12,8 +12,8 @@ fi
cd $( dirname "${BASH_SOURCE[0]}" ) cd $( dirname "${BASH_SOURCE[0]}" )
# Ensure clean build environment # Ensure clean build environment
rm -rf BUILD RPMS rm -rf BUILD
mkdir BUILD RPMS mkdir BUILD
# Navigate to build directory # Navigate to build directory
cd BUILD cd BUILD

40
HIRS_ProvisionerTPM2/package/package.tpm2.ubuntu.sh Executable file
View File

@ -0,0 +1,40 @@
#!/bin/bash
set -e
# Check packager OS is Ubuntu
OS_NAME=$(awk -F= '/^NAME/{print $2}' /etc/os-release)
if [ "$OS_NAME" != "\"Ubuntu\"" ]; then
echo "Error: DEBs must be built with Ubuntu"
exit 1
fi
# Find package directory
cd $( dirname "${BASH_SOURCE[0]}" )
# Ensure clean build environment
rm -rf BUILD
mkdir BUILD
# Navigate to build directory
cd BUILD
# Build HIRS_ProvisionerTPM2 DEB
cmake ../..
# If the current directory is empty, there may be an existing CmakeCache.txt
# file that prevents cmake from building in the current directory
if ! [ "$(ls -A)" ]; then
echo "CMake failed to generate files in the target directory. Is there "
echo "an existing CMakeCache.txt file in the CMake source directory? "
echo "If so, delete it."
exit 1
fi
make
cpack
# Move HIRS_ProvisionerTPM2 DEB
rm -f ../../../package/deb/DEBS/HIRSProvisionerTPM2.0*.deb
if [ ! -d "../../../package/deb/DEBS" ]; then
mkdir -p ../../../package/deb/DEBS
fi
mv *.deb ../../../package/deb/DEBS

31
HIRS_ProvisionerTPM2/package/postinst Normal file
View File

@ -0,0 +1,31 @@
HIRS_SITE_CONFIG="/etc/hirs/hirs-site.config"
mkdir -p /var/log/hirs/provisioner
ln -s -f /usr/local/bin/hirs-provisioner-tpm2 /usr/sbin/hirs-provisioner-tpm2
ln -s -f /usr/local/bin/tpm_aca_provision /usr/sbin/tpm_aca_provision
if [ ! -f $HIRS_SITE_CONFIG ]; then
# Create template site config if it does not exist
cat <<DEFAULT_SITE_CONFIG_FILE > $HIRS_SITE_CONFIG
#*******************************************
#* HIRS site configuration properties file
#*******************************************
# Client configuration
CLIENT_HOSTNAME=$(hostname -f)
TPM_ENABLED=
IMA_ENABLED=
# Site-specific configuration
ATTESTATION_CA_FQDN=
ATTESTATION_CA_PORT=8443
BROKER_FQDN=
BROKER_PORT=61616
PORTAL_FQDN=
PORTAL_PORT=8443
DEFAULT_SITE_CONFIG_FILE
echo "$HIRS_SITE_CONFIG not found - a template has been created"
echo "Set your site configuration manually in $HIRS_SITE_CONFIG, then run 'hirs-provisioner-tpm2 provision' to provision this system"
fi

58
HIRS_ProvisionerTPM2/src/CommandTpm2.cpp
View File

@ -23,6 +23,7 @@ using hirs::log::Logger;
using hirs::pb::IdentityClaim; using hirs::pb::IdentityClaim;
using hirs::tpm2::CommandTpm2; using hirs::tpm2::CommandTpm2;
using hirs::string_utils::binaryToHex; using hirs::string_utils::binaryToHex;
using hirs::string_utils::contains;
using hirs::string_utils::longToHex; using hirs::string_utils::longToHex;
using hirs::string_utils::hexToLong; using hirs::string_utils::hexToLong;
using hirs::tpm2_tools_utils::Tpm2ToolsVersion; using hirs::tpm2_tools_utils::Tpm2ToolsVersion;
@ -133,20 +134,19 @@ void CommandTpm2::setAuthData() {
stringstream argsStream; stringstream argsStream;
switch (version) { switch (version) {
case Tpm2ToolsVersion::VERSION_1_1_0: { case Tpm2ToolsVersion::VERSION_1_1_0:
case Tpm2ToolsVersion::VERSION_2_1_0:
argsStream << " -X -o " << kWellKnownSecret argsStream << " -X -o " << kWellKnownSecret
<< " -e " << kWellKnownSecret << " -e " << kWellKnownSecret
<< " -l " << kWellKnownSecret << " -l " << kWellKnownSecret
<< endl; << endl;
break; break;
} case Tpm2ToolsVersion::VERSION_3_0_1:
case Tpm2ToolsVersion::VERSION_3_0_1: {
argsStream << " -o hex:" << kWellKnownSecret argsStream << " -o hex:" << kWellKnownSecret
<< " -e hex:" << kWellKnownSecret << " -e hex:" << kWellKnownSecret
<< " -l hex:" << kWellKnownSecret << " -l hex:" << kWellKnownSecret
<< endl; << endl;
break; break;
}
} }
LOGGER.info("Attempting to set auth data."); LOGGER.info("Attempting to set auth data.");
@ -165,16 +165,14 @@ string CommandTpm2::getEndorsementCredentialDefault(
LOGGER.info("Attempting to retrieve endorsement credential"); LOGGER.info("Attempting to retrieve endorsement credential");
string endorsementCredential; string endorsementCredential;
switch (keyType) { switch (keyType) {
case AsymmetricKeyType::RSA: { case AsymmetricKeyType::RSA:
endorsementCredential = getStoredCredential( endorsementCredential = getStoredCredential(
kDefaultRsaEkCredentialHandle); kDefaultRsaEkCredentialHandle);
break; break;
} case AsymmetricKeyType::ECC:
case AsymmetricKeyType::ECC: {
endorsementCredential = getStoredCredential( endorsementCredential = getStoredCredential(
kDefaultEccEkCredentialHandle); kDefaultEccEkCredentialHandle);
break; break;
}
} }
if (endorsementCredential == "") { if (endorsementCredential == "") {
LOGGER.info("Unable to retrieve endorsement credential"); LOGGER.info("Unable to retrieve endorsement credential");
@ -265,14 +263,12 @@ void CommandTpm2::createEndorsementKey(const AsymmetricKeyType& keyType) {
LOGGER.info("Attempting to create EK at: " + string(kDefaultEkHandle)); LOGGER.info("Attempting to create EK at: " + string(kDefaultEkHandle));
stringstream argsStream; stringstream argsStream;
switch (keyType) { switch (keyType) {
case AsymmetricKeyType::RSA: { case AsymmetricKeyType::RSA:
argsStream << " -g " << kRsaAlgorithmId; argsStream << " -g " << kRsaAlgorithmId;
break; break;
} case AsymmetricKeyType::ECC:
case AsymmetricKeyType::ECC: {
argsStream << " -g " << kEccAlgorithmId; argsStream << " -g " << kEccAlgorithmId;
break; break;
}
} }
argsStream << " -H " << kDefaultEkHandle argsStream << " -H " << kDefaultEkHandle
<< " -f " << kDefaultEkPubFilename << " -f " << kDefaultEkPubFilename
@ -497,8 +493,11 @@ string CommandTpm2::createNvWriteCommandArgs(const string& nvIndex,
<< " -a " << kDefaultOwnerAuthHandle << " -a " << kDefaultOwnerAuthHandle
<< " "; << " ";
if (version == Tpm2ToolsVersion::VERSION_1_1_0) { switch (version) {
argumentsStringStream << "-f "; case Tpm2ToolsVersion::VERSION_1_1_0:
case Tpm2ToolsVersion::VERSION_2_1_0:
argumentsStringStream << "-f ";
break;
} }
argumentsStringStream << writeFile argumentsStringStream << writeFile
@ -525,7 +524,17 @@ void CommandTpm2::getQuote(const string& akLocation,
* @return the size of the data at nvIndex, or 0 if it's not found * @return the size of the data at nvIndex, or 0 if it's not found
*/ */
uint16_t CommandTpm2::getNvIndexDataSize(const string& nvIndex) { uint16_t CommandTpm2::getNvIndexDataSize(const string& nvIndex) {
string listOutput = runTpm2CommandWithRetry(kTpm2ToolsNvListCommand, ""); string listOutput;
try {
listOutput = runTpm2CommandWithRetry(kTpm2ToolsNvListCommand, "");
} catch (HirsRuntimeException& ex) {
// Due to bug in tpm2-tools 2.1.0, check to see if error was success
if (contains(ex.what(), "NV indexes defined.")) {
listOutput = ex.what();
} else {
throw;
}
}
return Tpm2ToolsOutputParser::parseNvDataSize(nvIndex, listOutput); return Tpm2ToolsOutputParser::parseNvDataSize(nvIndex, listOutput);
} }
@ -564,15 +573,14 @@ string CommandTpm2::readNvIndex(const string& nvIndex,
kTpm2ToolsNvReadCommand, nvReadArguments); kTpm2ToolsNvReadCommand, nvReadArguments);
switch (version) { switch (version) {
case Tpm2ToolsVersion::VERSION_1_1_0: { case Tpm2ToolsVersion::VERSION_1_1_0:
case Tpm2ToolsVersion::VERSION_2_1_0:
nvReadOutput << Tpm2ToolsOutputParser::parseNvReadOutput( nvReadOutput << Tpm2ToolsOutputParser::parseNvReadOutput(
rawNvReadOutput); rawNvReadOutput);
break; break;
} case Tpm2ToolsVersion::VERSION_3_0_1:
case Tpm2ToolsVersion::VERSION_3_0_1: {
nvReadOutput << rawNvReadOutput; nvReadOutput << rawNvReadOutput;
break; break;
}
} }
if (i != nvReadIterations) { if (i != nvReadIterations) {
@ -608,6 +616,7 @@ void CommandTpm2::releaseNvIndex(const string& nvIndex) {
stringstream argsStream; stringstream argsStream;
switch (version) { switch (version) {
case Tpm2ToolsVersion::VERSION_1_1_0: case Tpm2ToolsVersion::VERSION_1_1_0:
case Tpm2ToolsVersion::VERSION_2_1_0:
argsStream << " -X -P " << kWellKnownSecret; argsStream << " -X -P " << kWellKnownSecret;
break; break;
case Tpm2ToolsVersion::VERSION_3_0_1: case Tpm2ToolsVersion::VERSION_3_0_1:
@ -718,13 +727,16 @@ string CommandTpm2::getPublicArea(const std::string& filename) {
"CommandTpm2::getPublicArea"); "CommandTpm2::getPublicArea");
} }
// TPM2 Tools version 1.1.0 affixes 2 bytes of zeroes to files // TPM2 Tools versions 1.1.0 and 2.1.0 affix 2 bytes of zeroes to files
// containing a public area, but the ACA does not know which version of // containing a public area, but the ACA does not know which version of
// TPM2 Tools is running on the client machine. So we remove the extra // TPM2 Tools is running on the client machine. So we remove the extra
// bytes here. // bytes here.
if (version == Tpm2ToolsVersion::VERSION_1_1_0) { switch (version) {
binaryEncodedPublicArea.erase(binaryEncodedPublicArea.end() - 2, case Tpm2ToolsVersion::VERSION_1_1_0:
binaryEncodedPublicArea.end()); case Tpm2ToolsVersion::VERSION_2_1_0:
binaryEncodedPublicArea.erase(binaryEncodedPublicArea.end() - 2,
binaryEncodedPublicArea.end());
break;
} }
LOGGER.debug("Successfully read public data"); LOGGER.debug("Successfully read public data");

2
HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
View File

@ -143,7 +143,7 @@ int main(int argc, char** argv) {
if (provision()) { if (provision()) {
cout << "----> Provisioning successful" << endl; cout << "----> Provisioning successful" << endl;
} }
} catch (HirsRuntimeException & hirsRuntimeException) { } catch (HirsRuntimeException& hirsRuntimeException) {
mainLogger.error(hirsRuntimeException.what()); mainLogger.error(hirsRuntimeException.what());
cout << "----> Fatal error during provisioning. See " cout << "----> Fatal error during provisioning. See "
<< "/var/log/hirs/provisioner/HIRS_ProvisionerTPM2.log for " << "/var/log/hirs/provisioner/HIRS_ProvisionerTPM2.log for "

78
HIRS_ProvisionerTPM2/src/Utils.cpp
View File

@ -22,6 +22,7 @@ using std::ifstream;
using std::ios; using std::ios;
using std::ofstream; using std::ofstream;
using std::out_of_range; using std::out_of_range;
using std::remove;
using std::setfill; using std::setfill;
using std::setw; using std::setw;
using std::string; using std::string;
@ -157,6 +158,10 @@ namespace string_utils {
return output.str(); return output.str();
} }
bool contains(const string& str, const string& substring) {
return str.find(substring) != string::npos;
}
string longToHex(const uint32_t& value) { string longToHex(const uint32_t& value) {
stringstream output; stringstream output;
output << "0x" << hex << value; output << "0x" << hex << value;
@ -201,7 +206,15 @@ namespace string_utils {
} }
string trimNewLines(string str) { string trimNewLines(string str) {
str.erase(std::remove(str.begin(), str.end(), '\n'), str.end()); return trimChar(str, '\n');
}
string trimQuotes(string str) {
return trimChar(str, '\"');
}
string trimChar(string str, char targetChar) {
str.erase(remove(str.begin(), str.end(), targetChar), str.end());
return str; return str;
} }
@ -232,25 +245,72 @@ namespace tpm2_tools_utils {
const unordered_map<string, Tpm2ToolsVersion> const unordered_map<string, Tpm2ToolsVersion>
Tpm2ToolsVersionChecker::kVersionMap = { Tpm2ToolsVersionChecker::kVersionMap = {
{"1.1.0", Tpm2ToolsVersion::VERSION_1_1_0 }, {"1.1.0", Tpm2ToolsVersion::VERSION_1_1_0 },
{"2.1.0", Tpm2ToolsVersion::VERSION_2_1_0 },
{"3.0.1", Tpm2ToolsVersion::VERSION_3_0_1 } {"3.0.1", Tpm2ToolsVersion::VERSION_3_0_1 }
}; };
const unordered_map<string, Tpm2ToolsVersion>
Tpm2ToolsVersionChecker::kMaxSupportedVersionMap = {
{"Ubuntu 17.10", Tpm2ToolsVersion::VERSION_1_1_0 },
{"Ubuntu 18.04", Tpm2ToolsVersion::VERSION_2_1_0 },
{"Ubuntu 18.10", Tpm2ToolsVersion::VERSION_2_1_0 },
{"CentOS Linux 7", Tpm2ToolsVersion::VERSION_3_0_1 }
};
Tpm2ToolsVersion Tpm2ToolsVersionChecker::findTpm2ToolsVersion() { Tpm2ToolsVersion Tpm2ToolsVersionChecker::findTpm2ToolsVersion() {
string versionOutput = RUN_PROCESS_OR_THROW("tpm2_rc_decode", "-v"); string versionOutput = RUN_PROCESS_OR_THROW("tpm2_rc_decode", "-v");
string version = Tpm2ToolsOutputParser::parseTpm2ToolsVersion( string version = Tpm2ToolsOutputParser::parseTpm2ToolsVersion(
versionOutput); versionOutput);
try { if (!version.empty()) {
return kVersionMap.at(version); try {
} return kVersionMap.at(version);
catch (const out_of_range& oor) { }
stringstream ss; catch (const out_of_range& oor) {
ss << "Unsupported Tpm2 Tools Version Detected: " << version; stringstream ss;
throw HirsRuntimeException(ss.str(), ss << "Unsupported Tpm2 Tools Version Detected: " << version;
"Tpm2ToolsVersionChecker::findTpm2ToolsVersion"); throw HirsRuntimeException(ss.str(),
"Tpm2ToolsVersionChecker::findTpm2ToolsVersion");
}
} else {
string currentDistribution = getDistribution();
try {
return kMaxSupportedVersionMap.at(currentDistribution);
} catch (const out_of_range& oor) {
stringstream ss;
ss << "Unsupported Distribution Detected: " << currentDistribution;
throw HirsRuntimeException(ss.str(),
"Tpm2ToolsVersionChecker::findTpm2ToolsVersion");
}
} }
} }
string Tpm2ToolsVersionChecker::getDistribution() {
stringstream completeDistro;
string distribution;
string distributionRelease;
ifstream releaseFile;
string line;
releaseFile.open("/etc/os-release");
if (releaseFile.is_open()) {
while (getline(releaseFile, line)) {
stringstream ss(line);
string item;
vector<string> tokens;
while (getline(ss, item, '=')) {
tokens.push_back(item);
}
if (!tokens.empty() && tokens.at(0) == "NAME") {
distribution = string_utils::trimQuotes(tokens.at(1));
} else if (!tokens.empty() && tokens.at(0) == "VERSION_ID") {
distributionRelease = string_utils::trimQuotes(tokens.at(1));
}
}
completeDistro << distribution << " " << distributionRelease;
releaseFile.close();
}
return completeDistro.str();
}
uint16_t Tpm2ToolsOutputParser::parseNvDataSize(const string &nvHandle, uint16_t Tpm2ToolsOutputParser::parseNvDataSize(const string &nvHandle,
const string &nvListOutput) { const string &nvListOutput) {

41
HIRS_ProvisionerTPM2/test/Utils_Test.cpp
View File

@ -13,11 +13,14 @@
using hirs::file_utils::dirExists; using hirs::file_utils::dirExists;
using hirs::file_utils::fileExists; using hirs::file_utils::fileExists;
using hirs::string_utils::binaryToHex; using hirs::string_utils::binaryToHex;
using hirs::string_utils::contains;
using hirs::string_utils::longToHex; using hirs::string_utils::longToHex;
using hirs::string_utils::isHexString; using hirs::string_utils::isHexString;
using hirs::string_utils::hexToBytes; using hirs::string_utils::hexToBytes;
using hirs::string_utils::hexToLong; using hirs::string_utils::hexToLong;
using hirs::string_utils::trimNewLines; using hirs::string_utils::trimNewLines;
using hirs::string_utils::trimQuotes;
using hirs::string_utils::trimChar;
using hirs::string_utils::trimWhitespaceFromLeft; using hirs::string_utils::trimWhitespaceFromLeft;
using hirs::string_utils::trimWhitespaceFromRight; using hirs::string_utils::trimWhitespaceFromRight;
using hirs::string_utils::trimWhitespaceFromBothEnds; using hirs::string_utils::trimWhitespaceFromBothEnds;
@ -106,6 +109,30 @@ TEST_F(UtilsTest, BinToHex) {
"6a93ad788e3dd86307616ab240e369a63f845435"); "6a93ad788e3dd86307616ab240e369a63f845435");
} }
TEST_F(UtilsTest, Contains) {
string teststr = "The more you know";
string substr = "more you";
ASSERT_TRUE(contains(teststr, substr));
}
TEST_F(UtilsTest, ContainsSelf) {
string teststr = "The more you know";
string substr = "The more you know";
ASSERT_TRUE(contains(teststr, substr));
}
TEST_F(UtilsTest, DoesNotContain) {
string teststr = "The more you know";
string substr = "moor";
ASSERT_FALSE(contains(teststr, substr));
}
TEST_F(UtilsTest, DoesNotContainMoreThanSelf) {
string teststr = "The more you know";
string substr = "The more you know.";
ASSERT_FALSE(contains(teststr, substr));
}
TEST_F(UtilsTest, LongToHex) { TEST_F(UtilsTest, LongToHex) {
const uint32_t testValue = 464367618; const uint32_t testValue = 464367618;
ASSERT_EQ(longToHex(testValue), "0x1badb002"); ASSERT_EQ(longToHex(testValue), "0x1badb002");
@ -189,12 +216,24 @@ TEST_F(UtilsTest, HexToLongNotHex) {
ASSERT_EQ(hexToLong(testStr), 0); ASSERT_EQ(hexToLong(testStr), 0);
} }
TEST_F(UtilsTest, RemoveNewline) { TEST_F(UtilsTest, TrimNewLines) {
string test = "abc\ndef\nghi\n"; string test = "abc\ndef\nghi\n";
ASSERT_EQ(trimNewLines(test), ASSERT_EQ(trimNewLines(test),
"abcdefghi"); "abcdefghi");
} }
TEST_F(UtilsTest, TrimQuotes) {
string test = "abc\"def\"ghi\"";
ASSERT_EQ(trimQuotes(test),
"abcdefghi");
}
TEST_F(UtilsTest, TrimChar) {
string test = "abc@def@ghi@";
ASSERT_EQ(trimChar(test, '@'),
"abcdefghi");
}
TEST_F(UtilsTest, trimWhitespaceFromLeft) { TEST_F(UtilsTest, trimWhitespaceFromLeft) {
ASSERT_EQ(trimWhitespaceFromLeft(" asdf"), "asdf"); ASSERT_EQ(trimWhitespaceFromLeft(" asdf"), "asdf");
ASSERT_EQ(trimWhitespaceFromLeft(" as df"), "as df"); ASSERT_EQ(trimWhitespaceFromLeft(" as df"), "as df");

2
package/package.centos.sh
View File

@ -126,6 +126,6 @@ if [ -f RPMS/x86_64/HIRS_Provisioner_TPM_2_0*.rpm ]; then
echo 'HIRS_ProvisionerTPM2 RPM successfully built' echo 'HIRS_ProvisionerTPM2 RPM successfully built'
echo '************************************************************************************' echo '************************************************************************************'
else else
echo 'Error: HIRS_ProvisionerTPM2 failed to package successfully' echo 'Error: HIRS_ProvisionerTPM2 failed to package'
exit 1 exit 1
fi fi

12
package/package.ubuntu.sh
View File

@ -68,7 +68,7 @@ fi
mv $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner*.deb $SCRIPT_DIR/deb/DEBS/ mv $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner*.deb $SCRIPT_DIR/deb/DEBS/
echo "HIRS deb building complete" echo "HIRS Provisioner deb building complete"
# TPM Module # TPM Module
cd $SCRIPT_DIR/../tpm_module cd $SCRIPT_DIR/../tpm_module
@ -100,3 +100,13 @@ mkdir -p $SCRIPT_DIR/deb/DEBS/
mv $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module*.deb $SCRIPT_DIR/deb/DEBS/ mv $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module*.deb $SCRIPT_DIR/deb/DEBS/
echo "TPM deb building complete" echo "TPM deb building complete"
# HIRS Provisioner TPM 2.0
cd $SCRIPT_DIR/deb
$SCRIPT_DIR/../HIRS_ProvisionerTPM2/package/package.tpm2.ubuntu.sh
if [ -f DEBS/HIRSProvisionerTPM2.0*.deb ]; then
echo 'HIRS Provisioner TPM 2.0 deb building complete'
else
echo 'Failed to build HIRS Provisioner TPM 2.0 deb package'
exit 1
fi