mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-24 07:06:46 +00:00
parent
66551196f5
commit
e27e5ea1e6
@ -38,6 +38,17 @@ endif()
|
||||
configure_file ("${CMAKE_SOURCE_DIR}/include/Version.h.in"
|
||||
"${CMAKE_SOURCE_DIR}/include/Version.h")
|
||||
|
||||
# Attempt to Determine Build Environment
|
||||
if (UNIX AND NOT APPLE)
|
||||
file(READ /etc/os-release OS_INFO)
|
||||
string(REGEX MATCH "NAME=\"[A-Za-z ]+\"" DISTRIBUTION_NAME ${OS_INFO})
|
||||
string(REGEX MATCH "VERSION_ID=\"[0-9. ]+\"" DISTRIBUTION_VERSION ${OS_INFO})
|
||||
string(REPLACE "NAME=" "" DISTRIBUTION ${DISTRIBUTION_NAME})
|
||||
string(REPLACE "VERSION_ID=" "" DISTRIBUTION_VERSION ${DISTRIBUTION_VERSION})
|
||||
string(REPLACE "\"" "" DISTRIBUTION ${DISTRIBUTION})
|
||||
string(REPLACE "\"" "" DISTRIBUTION_VERSION ${DISTRIBUTION_VERSION})
|
||||
endif()
|
||||
|
||||
# Set C++ Standard 11 based on version information
|
||||
if (${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION} GREATER 3.0)
|
||||
set(CMAKE_CXX_STANDARD 11)
|
||||
@ -219,9 +230,9 @@ if(STATIC_ANALYSIS)
|
||||
endif(STATIC_ANALYSIS)
|
||||
|
||||
# Set variables for CPack Package generation tool
|
||||
set(CPACK_GENERATOR "RPM")
|
||||
set(CPACK_PACKAGE_NAME HIRS_Provisioner_TPM_2_0)
|
||||
set(CPACK_PACKAGE_VENDOR "U.S. Government")
|
||||
set(CPACK_PACKAGE_CONTACT "U.S. Government")
|
||||
set(CPACK_PACKAGE_VERSION_MAJOR ${MAJOR_VERSION})
|
||||
set(CPACK_PACKAGE_VERSION_MINOR ${MINOR_VERSION})
|
||||
set(CPACK_PACKAGE_VERSION_PATCH ${PATCH_VERSION})
|
||||
@ -229,18 +240,33 @@ set(CPACK_PACKAGE_RELEASE ${PACKAGE_RELEASE_NUMBER})
|
||||
set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
|
||||
set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX})
|
||||
|
||||
# Set variables specific to CPack RPM package generator
|
||||
set(CPACK_RPM_PACKAGE_NAME "HIRS_Provisioner_TPM_2_0")
|
||||
set(CPACK_RPM_PACKAGE_RELEASE_DIST "el7")
|
||||
set(CPACK_RPM_PACKAGE_LICENSE "None")
|
||||
set(CPACK_RPM_PACKAGE_GROUP "System Environment/Base")
|
||||
set(CPACK_RPM_PACKAGE_REQUIRES "log4cplus >= 1.1.2, tpm2-tss >= 1.0, tpm2-tools >= 1.1.0, protobuf >= 2.4.1, re2 >= 20160401, lshw")
|
||||
set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/package/rpm-post-install.sh)
|
||||
set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION /usr/local /usr/local/bin /usr/local/include /usr/local/lib)
|
||||
|
||||
# set package filenames
|
||||
set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}.${CPACK_RPM_PACKAGE_RELEASE_DIST}.${CMAKE_SYSTEM_PROCESSOR}")
|
||||
set(CPACK_RPM_FILE_NAME "${CPACK_RPM_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}.${CPACK_RPM_PACKAGE_RELEASE_DIST}.${CMAKE_SYSTEM_PROCESSOR}")
|
||||
# Setup Development Distribution CPack
|
||||
if (${DISTRIBUTION} STREQUAL "Ubuntu")
|
||||
# Set variables specific to CPack DEB package generator
|
||||
set(CPACK_GENERATOR "DEB")
|
||||
set(CPACK_DEBIAN_PACKAGE_NAME "HIRSProvisionerTPM2.0")
|
||||
set(CPACK_DEBIAN_PACKAGE_SECTION "admin")
|
||||
set(CPACK_DEBIAN_PACKAGE_DEPENDS "liblog4cplus-1.1-9(>=1.1.2), libsapi-utils(>=1.0), tpm2-tools(>=1.1), libprotobuf10(>=2.4.1), libcurlpp0(>=0.8), lshw")
|
||||
if (${DISTRIBUTION_VERSION} STREQUAL "17.10")
|
||||
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-3(>=20160401)")
|
||||
elseif(${DISTRIBUTION_VERSION} STREQUAL "18.04" OR ${DISTRIBUTION_VERSION} STREQUAL "18.10")
|
||||
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-4(>=20160401)")
|
||||
endif()
|
||||
set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE amd64)
|
||||
set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA ${CMAKE_SOURCE_DIR}/package/postinst)
|
||||
set(CPACK_PACKAGE_FILE_NAME "${CPACK_DEBIAN_PACKAGE_NAME}_${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}_${CPACK_DEBIAN_PACKAGE_ARCHITECTURE}")
|
||||
elseif (${DISTRIBUTION} STREQUAL "CentOS Linux")
|
||||
# Set variables specific to CPack RPM package generator
|
||||
set(CPACK_GENERATOR "RPM")
|
||||
set(CPACK_RPM_PACKAGE_NAME "HIRS_Provisioner_TPM_2_0")
|
||||
set(CPACK_RPM_PACKAGE_RELEASE_DIST "el7")
|
||||
set(CPACK_RPM_PACKAGE_LICENSE "Apache License, Version 2.0")
|
||||
set(CPACK_RPM_PACKAGE_GROUP "System Environment/Base")
|
||||
set(CPACK_RPM_PACKAGE_REQUIRES "log4cplus >= 1.1.2, tpm2-tss >= 1.0, tpm2-tools >= 1.1.0, protobuf >= 2.4.1, re2 >= 20160401, libcurl >= 7.0.0, lshw")
|
||||
set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/package/rpm-post-install.sh)
|
||||
set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION /usr/local /usr/local/bin /usr/local/include /usr/local/lib)
|
||||
set(CPACK_PACKAGE_FILE_NAME "${CPACK_RPM_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}.${CPACK_RPM_PACKAGE_RELEASE_DIST}.${CMAKE_SYSTEM_PROCESSOR}")
|
||||
endif()
|
||||
|
||||
# Set command to allow for running of CPack tool in build directory
|
||||
include(CPack)
|
||||
|
@ -56,6 +56,15 @@ namespace string_utils {
|
||||
*/
|
||||
std::string binaryToHex(const std::string& bin);
|
||||
|
||||
/**
|
||||
* Checks if a string contains another string.
|
||||
*
|
||||
* @param str containing string
|
||||
* @param substring string to search for
|
||||
* @return true, if the string is found / false, otherwise
|
||||
*/
|
||||
bool contains(const std::string& str, const std::string& substring);
|
||||
|
||||
/**
|
||||
* Converts an unsigned long (uint32) value to a hex string.
|
||||
*
|
||||
@ -98,6 +107,23 @@ namespace string_utils {
|
||||
*/
|
||||
std::string trimNewLines(std::string str);
|
||||
|
||||
/**
|
||||
* Removes any double-quote characters in the input string and returns the
|
||||
* pruned, input string.
|
||||
* @param str string to remove double-quotes characters from.
|
||||
* @return str with double-quote characters removed.
|
||||
*/
|
||||
std::string trimQuotes(std::string str);
|
||||
|
||||
/**
|
||||
* Removes any occurrences of the target character in the input string and
|
||||
* returns the pruned, input string.
|
||||
* @param str string to characters from.
|
||||
* @param targetChar char to prune from the string
|
||||
* @return str with the characters removed.
|
||||
*/
|
||||
std::string trimChar(std::string str, char targetChar);
|
||||
|
||||
std::string trimWhitespaceFromLeft(std::string str);
|
||||
|
||||
std::string trimWhitespaceFromRight(std::string str);
|
||||
@ -112,6 +138,7 @@ namespace tpm2_tools_utils {
|
||||
*/
|
||||
enum class Tpm2ToolsVersion {
|
||||
VERSION_1_1_0,
|
||||
VERSION_2_1_0,
|
||||
VERSION_3_0_1
|
||||
};
|
||||
|
||||
@ -122,6 +149,10 @@ enum class Tpm2ToolsVersion {
|
||||
class Tpm2ToolsVersionChecker {
|
||||
private:
|
||||
static const std::unordered_map<std::string, Tpm2ToolsVersion> kVersionMap;
|
||||
static const std::unordered_map<std::string,
|
||||
Tpm2ToolsVersion> kMaxSupportedVersionMap;
|
||||
|
||||
static std::string getDistribution();
|
||||
|
||||
public:
|
||||
/**
|
||||
|
@ -12,8 +12,8 @@ fi
|
||||
cd $( dirname "${BASH_SOURCE[0]}" )
|
||||
|
||||
# Ensure clean build environment
|
||||
rm -rf BUILD RPMS
|
||||
mkdir BUILD RPMS
|
||||
rm -rf BUILD
|
||||
mkdir BUILD
|
||||
|
||||
# Navigate to build directory
|
||||
cd BUILD
|
||||
|
40
HIRS_ProvisionerTPM2/package/package.tpm2.ubuntu.sh
Executable file
40
HIRS_ProvisionerTPM2/package/package.tpm2.ubuntu.sh
Executable file
@ -0,0 +1,40 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Check packager OS is Ubuntu
|
||||
OS_NAME=$(awk -F= '/^NAME/{print $2}' /etc/os-release)
|
||||
if [ "$OS_NAME" != "\"Ubuntu\"" ]; then
|
||||
echo "Error: DEBs must be built with Ubuntu"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Find package directory
|
||||
cd $( dirname "${BASH_SOURCE[0]}" )
|
||||
|
||||
# Ensure clean build environment
|
||||
rm -rf BUILD
|
||||
mkdir BUILD
|
||||
|
||||
# Navigate to build directory
|
||||
cd BUILD
|
||||
|
||||
# Build HIRS_ProvisionerTPM2 DEB
|
||||
cmake ../..
|
||||
|
||||
# If the current directory is empty, there may be an existing CmakeCache.txt
|
||||
# file that prevents cmake from building in the current directory
|
||||
if ! [ "$(ls -A)" ]; then
|
||||
echo "CMake failed to generate files in the target directory. Is there "
|
||||
echo "an existing CMakeCache.txt file in the CMake source directory? "
|
||||
echo "If so, delete it."
|
||||
exit 1
|
||||
fi
|
||||
make
|
||||
cpack
|
||||
|
||||
# Move HIRS_ProvisionerTPM2 DEB
|
||||
rm -f ../../../package/deb/DEBS/HIRSProvisionerTPM2.0*.deb
|
||||
if [ ! -d "../../../package/deb/DEBS" ]; then
|
||||
mkdir -p ../../../package/deb/DEBS
|
||||
fi
|
||||
mv *.deb ../../../package/deb/DEBS
|
31
HIRS_ProvisionerTPM2/package/postinst
Normal file
31
HIRS_ProvisionerTPM2/package/postinst
Normal file
@ -0,0 +1,31 @@
|
||||
HIRS_SITE_CONFIG="/etc/hirs/hirs-site.config"
|
||||
|
||||
mkdir -p /var/log/hirs/provisioner
|
||||
ln -s -f /usr/local/bin/hirs-provisioner-tpm2 /usr/sbin/hirs-provisioner-tpm2
|
||||
ln -s -f /usr/local/bin/tpm_aca_provision /usr/sbin/tpm_aca_provision
|
||||
|
||||
if [ ! -f $HIRS_SITE_CONFIG ]; then
|
||||
# Create template site config if it does not exist
|
||||
cat <<DEFAULT_SITE_CONFIG_FILE > $HIRS_SITE_CONFIG
|
||||
#*******************************************
|
||||
#* HIRS site configuration properties file
|
||||
#*******************************************
|
||||
|
||||
# Client configuration
|
||||
CLIENT_HOSTNAME=$(hostname -f)
|
||||
TPM_ENABLED=
|
||||
IMA_ENABLED=
|
||||
|
||||
# Site-specific configuration
|
||||
ATTESTATION_CA_FQDN=
|
||||
ATTESTATION_CA_PORT=8443
|
||||
BROKER_FQDN=
|
||||
BROKER_PORT=61616
|
||||
PORTAL_FQDN=
|
||||
PORTAL_PORT=8443
|
||||
|
||||
DEFAULT_SITE_CONFIG_FILE
|
||||
|
||||
echo "$HIRS_SITE_CONFIG not found - a template has been created"
|
||||
echo "Set your site configuration manually in $HIRS_SITE_CONFIG, then run 'hirs-provisioner-tpm2 provision' to provision this system"
|
||||
fi
|
@ -23,6 +23,7 @@ using hirs::log::Logger;
|
||||
using hirs::pb::IdentityClaim;
|
||||
using hirs::tpm2::CommandTpm2;
|
||||
using hirs::string_utils::binaryToHex;
|
||||
using hirs::string_utils::contains;
|
||||
using hirs::string_utils::longToHex;
|
||||
using hirs::string_utils::hexToLong;
|
||||
using hirs::tpm2_tools_utils::Tpm2ToolsVersion;
|
||||
@ -133,20 +134,19 @@ void CommandTpm2::setAuthData() {
|
||||
stringstream argsStream;
|
||||
|
||||
switch (version) {
|
||||
case Tpm2ToolsVersion::VERSION_1_1_0: {
|
||||
case Tpm2ToolsVersion::VERSION_1_1_0:
|
||||
case Tpm2ToolsVersion::VERSION_2_1_0:
|
||||
argsStream << " -X -o " << kWellKnownSecret
|
||||
<< " -e " << kWellKnownSecret
|
||||
<< " -l " << kWellKnownSecret
|
||||
<< endl;
|
||||
break;
|
||||
}
|
||||
case Tpm2ToolsVersion::VERSION_3_0_1: {
|
||||
case Tpm2ToolsVersion::VERSION_3_0_1:
|
||||
argsStream << " -o hex:" << kWellKnownSecret
|
||||
<< " -e hex:" << kWellKnownSecret
|
||||
<< " -l hex:" << kWellKnownSecret
|
||||
<< endl;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
LOGGER.info("Attempting to set auth data.");
|
||||
@ -165,16 +165,14 @@ string CommandTpm2::getEndorsementCredentialDefault(
|
||||
LOGGER.info("Attempting to retrieve endorsement credential");
|
||||
string endorsementCredential;
|
||||
switch (keyType) {
|
||||
case AsymmetricKeyType::RSA: {
|
||||
case AsymmetricKeyType::RSA:
|
||||
endorsementCredential = getStoredCredential(
|
||||
kDefaultRsaEkCredentialHandle);
|
||||
break;
|
||||
}
|
||||
case AsymmetricKeyType::ECC: {
|
||||
case AsymmetricKeyType::ECC:
|
||||
endorsementCredential = getStoredCredential(
|
||||
kDefaultEccEkCredentialHandle);
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (endorsementCredential == "") {
|
||||
LOGGER.info("Unable to retrieve endorsement credential");
|
||||
@ -265,14 +263,12 @@ void CommandTpm2::createEndorsementKey(const AsymmetricKeyType& keyType) {
|
||||
LOGGER.info("Attempting to create EK at: " + string(kDefaultEkHandle));
|
||||
stringstream argsStream;
|
||||
switch (keyType) {
|
||||
case AsymmetricKeyType::RSA: {
|
||||
case AsymmetricKeyType::RSA:
|
||||
argsStream << " -g " << kRsaAlgorithmId;
|
||||
break;
|
||||
}
|
||||
case AsymmetricKeyType::ECC: {
|
||||
case AsymmetricKeyType::ECC:
|
||||
argsStream << " -g " << kEccAlgorithmId;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argsStream << " -H " << kDefaultEkHandle
|
||||
<< " -f " << kDefaultEkPubFilename
|
||||
@ -497,8 +493,11 @@ string CommandTpm2::createNvWriteCommandArgs(const string& nvIndex,
|
||||
<< " -a " << kDefaultOwnerAuthHandle
|
||||
<< " ";
|
||||
|
||||
if (version == Tpm2ToolsVersion::VERSION_1_1_0) {
|
||||
argumentsStringStream << "-f ";
|
||||
switch (version) {
|
||||
case Tpm2ToolsVersion::VERSION_1_1_0:
|
||||
case Tpm2ToolsVersion::VERSION_2_1_0:
|
||||
argumentsStringStream << "-f ";
|
||||
break;
|
||||
}
|
||||
|
||||
argumentsStringStream << writeFile
|
||||
@ -525,7 +524,17 @@ void CommandTpm2::getQuote(const string& akLocation,
|
||||
* @return the size of the data at nvIndex, or 0 if it's not found
|
||||
*/
|
||||
uint16_t CommandTpm2::getNvIndexDataSize(const string& nvIndex) {
|
||||
string listOutput = runTpm2CommandWithRetry(kTpm2ToolsNvListCommand, "");
|
||||
string listOutput;
|
||||
try {
|
||||
listOutput = runTpm2CommandWithRetry(kTpm2ToolsNvListCommand, "");
|
||||
} catch (HirsRuntimeException& ex) {
|
||||
// Due to bug in tpm2-tools 2.1.0, check to see if error was success
|
||||
if (contains(ex.what(), "NV indexes defined.")) {
|
||||
listOutput = ex.what();
|
||||
} else {
|
||||
throw;
|
||||
}
|
||||
}
|
||||
return Tpm2ToolsOutputParser::parseNvDataSize(nvIndex, listOutput);
|
||||
}
|
||||
|
||||
@ -564,15 +573,14 @@ string CommandTpm2::readNvIndex(const string& nvIndex,
|
||||
kTpm2ToolsNvReadCommand, nvReadArguments);
|
||||
|
||||
switch (version) {
|
||||
case Tpm2ToolsVersion::VERSION_1_1_0: {
|
||||
case Tpm2ToolsVersion::VERSION_1_1_0:
|
||||
case Tpm2ToolsVersion::VERSION_2_1_0:
|
||||
nvReadOutput << Tpm2ToolsOutputParser::parseNvReadOutput(
|
||||
rawNvReadOutput);
|
||||
break;
|
||||
}
|
||||
case Tpm2ToolsVersion::VERSION_3_0_1: {
|
||||
case Tpm2ToolsVersion::VERSION_3_0_1:
|
||||
nvReadOutput << rawNvReadOutput;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (i != nvReadIterations) {
|
||||
@ -608,6 +616,7 @@ void CommandTpm2::releaseNvIndex(const string& nvIndex) {
|
||||
stringstream argsStream;
|
||||
switch (version) {
|
||||
case Tpm2ToolsVersion::VERSION_1_1_0:
|
||||
case Tpm2ToolsVersion::VERSION_2_1_0:
|
||||
argsStream << " -X -P " << kWellKnownSecret;
|
||||
break;
|
||||
case Tpm2ToolsVersion::VERSION_3_0_1:
|
||||
@ -718,13 +727,16 @@ string CommandTpm2::getPublicArea(const std::string& filename) {
|
||||
"CommandTpm2::getPublicArea");
|
||||
}
|
||||
|
||||
// TPM2 Tools version 1.1.0 affixes 2 bytes of zeroes to files
|
||||
// TPM2 Tools versions 1.1.0 and 2.1.0 affix 2 bytes of zeroes to files
|
||||
// containing a public area, but the ACA does not know which version of
|
||||
// TPM2 Tools is running on the client machine. So we remove the extra
|
||||
// bytes here.
|
||||
if (version == Tpm2ToolsVersion::VERSION_1_1_0) {
|
||||
binaryEncodedPublicArea.erase(binaryEncodedPublicArea.end() - 2,
|
||||
binaryEncodedPublicArea.end());
|
||||
switch (version) {
|
||||
case Tpm2ToolsVersion::VERSION_1_1_0:
|
||||
case Tpm2ToolsVersion::VERSION_2_1_0:
|
||||
binaryEncodedPublicArea.erase(binaryEncodedPublicArea.end() - 2,
|
||||
binaryEncodedPublicArea.end());
|
||||
break;
|
||||
}
|
||||
|
||||
LOGGER.debug("Successfully read public data");
|
||||
|
@ -143,7 +143,7 @@ int main(int argc, char** argv) {
|
||||
if (provision()) {
|
||||
cout << "----> Provisioning successful" << endl;
|
||||
}
|
||||
} catch (HirsRuntimeException & hirsRuntimeException) {
|
||||
} catch (HirsRuntimeException& hirsRuntimeException) {
|
||||
mainLogger.error(hirsRuntimeException.what());
|
||||
cout << "----> Fatal error during provisioning. See "
|
||||
<< "/var/log/hirs/provisioner/HIRS_ProvisionerTPM2.log for "
|
||||
|
@ -22,6 +22,7 @@ using std::ifstream;
|
||||
using std::ios;
|
||||
using std::ofstream;
|
||||
using std::out_of_range;
|
||||
using std::remove;
|
||||
using std::setfill;
|
||||
using std::setw;
|
||||
using std::string;
|
||||
@ -157,6 +158,10 @@ namespace string_utils {
|
||||
return output.str();
|
||||
}
|
||||
|
||||
bool contains(const string& str, const string& substring) {
|
||||
return str.find(substring) != string::npos;
|
||||
}
|
||||
|
||||
string longToHex(const uint32_t& value) {
|
||||
stringstream output;
|
||||
output << "0x" << hex << value;
|
||||
@ -201,7 +206,15 @@ namespace string_utils {
|
||||
}
|
||||
|
||||
string trimNewLines(string str) {
|
||||
str.erase(std::remove(str.begin(), str.end(), '\n'), str.end());
|
||||
return trimChar(str, '\n');
|
||||
}
|
||||
|
||||
string trimQuotes(string str) {
|
||||
return trimChar(str, '\"');
|
||||
}
|
||||
|
||||
string trimChar(string str, char targetChar) {
|
||||
str.erase(remove(str.begin(), str.end(), targetChar), str.end());
|
||||
return str;
|
||||
}
|
||||
|
||||
@ -232,25 +245,72 @@ namespace tpm2_tools_utils {
|
||||
const unordered_map<string, Tpm2ToolsVersion>
|
||||
Tpm2ToolsVersionChecker::kVersionMap = {
|
||||
{"1.1.0", Tpm2ToolsVersion::VERSION_1_1_0 },
|
||||
{"2.1.0", Tpm2ToolsVersion::VERSION_2_1_0 },
|
||||
{"3.0.1", Tpm2ToolsVersion::VERSION_3_0_1 }
|
||||
};
|
||||
|
||||
const unordered_map<string, Tpm2ToolsVersion>
|
||||
Tpm2ToolsVersionChecker::kMaxSupportedVersionMap = {
|
||||
{"Ubuntu 17.10", Tpm2ToolsVersion::VERSION_1_1_0 },
|
||||
{"Ubuntu 18.04", Tpm2ToolsVersion::VERSION_2_1_0 },
|
||||
{"Ubuntu 18.10", Tpm2ToolsVersion::VERSION_2_1_0 },
|
||||
{"CentOS Linux 7", Tpm2ToolsVersion::VERSION_3_0_1 }
|
||||
};
|
||||
|
||||
Tpm2ToolsVersion Tpm2ToolsVersionChecker::findTpm2ToolsVersion() {
|
||||
string versionOutput = RUN_PROCESS_OR_THROW("tpm2_rc_decode", "-v");
|
||||
string version = Tpm2ToolsOutputParser::parseTpm2ToolsVersion(
|
||||
versionOutput);
|
||||
|
||||
try {
|
||||
return kVersionMap.at(version);
|
||||
}
|
||||
catch (const out_of_range& oor) {
|
||||
stringstream ss;
|
||||
ss << "Unsupported Tpm2 Tools Version Detected: " << version;
|
||||
throw HirsRuntimeException(ss.str(),
|
||||
"Tpm2ToolsVersionChecker::findTpm2ToolsVersion");
|
||||
if (!version.empty()) {
|
||||
try {
|
||||
return kVersionMap.at(version);
|
||||
}
|
||||
catch (const out_of_range& oor) {
|
||||
stringstream ss;
|
||||
ss << "Unsupported Tpm2 Tools Version Detected: " << version;
|
||||
throw HirsRuntimeException(ss.str(),
|
||||
"Tpm2ToolsVersionChecker::findTpm2ToolsVersion");
|
||||
}
|
||||
} else {
|
||||
string currentDistribution = getDistribution();
|
||||
try {
|
||||
return kMaxSupportedVersionMap.at(currentDistribution);
|
||||
} catch (const out_of_range& oor) {
|
||||
stringstream ss;
|
||||
ss << "Unsupported Distribution Detected: " << currentDistribution;
|
||||
throw HirsRuntimeException(ss.str(),
|
||||
"Tpm2ToolsVersionChecker::findTpm2ToolsVersion");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
string Tpm2ToolsVersionChecker::getDistribution() {
|
||||
stringstream completeDistro;
|
||||
string distribution;
|
||||
string distributionRelease;
|
||||
ifstream releaseFile;
|
||||
string line;
|
||||
releaseFile.open("/etc/os-release");
|
||||
if (releaseFile.is_open()) {
|
||||
while (getline(releaseFile, line)) {
|
||||
stringstream ss(line);
|
||||
string item;
|
||||
vector<string> tokens;
|
||||
while (getline(ss, item, '=')) {
|
||||
tokens.push_back(item);
|
||||
}
|
||||
if (!tokens.empty() && tokens.at(0) == "NAME") {
|
||||
distribution = string_utils::trimQuotes(tokens.at(1));
|
||||
} else if (!tokens.empty() && tokens.at(0) == "VERSION_ID") {
|
||||
distributionRelease = string_utils::trimQuotes(tokens.at(1));
|
||||
}
|
||||
}
|
||||
completeDistro << distribution << " " << distributionRelease;
|
||||
releaseFile.close();
|
||||
}
|
||||
return completeDistro.str();
|
||||
}
|
||||
|
||||
uint16_t Tpm2ToolsOutputParser::parseNvDataSize(const string &nvHandle,
|
||||
const string &nvListOutput) {
|
||||
|
@ -13,11 +13,14 @@
|
||||
using hirs::file_utils::dirExists;
|
||||
using hirs::file_utils::fileExists;
|
||||
using hirs::string_utils::binaryToHex;
|
||||
using hirs::string_utils::contains;
|
||||
using hirs::string_utils::longToHex;
|
||||
using hirs::string_utils::isHexString;
|
||||
using hirs::string_utils::hexToBytes;
|
||||
using hirs::string_utils::hexToLong;
|
||||
using hirs::string_utils::trimNewLines;
|
||||
using hirs::string_utils::trimQuotes;
|
||||
using hirs::string_utils::trimChar;
|
||||
using hirs::string_utils::trimWhitespaceFromLeft;
|
||||
using hirs::string_utils::trimWhitespaceFromRight;
|
||||
using hirs::string_utils::trimWhitespaceFromBothEnds;
|
||||
@ -106,6 +109,30 @@ TEST_F(UtilsTest, BinToHex) {
|
||||
"6a93ad788e3dd86307616ab240e369a63f845435");
|
||||
}
|
||||
|
||||
TEST_F(UtilsTest, Contains) {
|
||||
string teststr = "The more you know";
|
||||
string substr = "more you";
|
||||
ASSERT_TRUE(contains(teststr, substr));
|
||||
}
|
||||
|
||||
TEST_F(UtilsTest, ContainsSelf) {
|
||||
string teststr = "The more you know";
|
||||
string substr = "The more you know";
|
||||
ASSERT_TRUE(contains(teststr, substr));
|
||||
}
|
||||
|
||||
TEST_F(UtilsTest, DoesNotContain) {
|
||||
string teststr = "The more you know";
|
||||
string substr = "moor";
|
||||
ASSERT_FALSE(contains(teststr, substr));
|
||||
}
|
||||
|
||||
TEST_F(UtilsTest, DoesNotContainMoreThanSelf) {
|
||||
string teststr = "The more you know";
|
||||
string substr = "The more you know.";
|
||||
ASSERT_FALSE(contains(teststr, substr));
|
||||
}
|
||||
|
||||
TEST_F(UtilsTest, LongToHex) {
|
||||
const uint32_t testValue = 464367618;
|
||||
ASSERT_EQ(longToHex(testValue), "0x1badb002");
|
||||
@ -189,12 +216,24 @@ TEST_F(UtilsTest, HexToLongNotHex) {
|
||||
ASSERT_EQ(hexToLong(testStr), 0);
|
||||
}
|
||||
|
||||
TEST_F(UtilsTest, RemoveNewline) {
|
||||
TEST_F(UtilsTest, TrimNewLines) {
|
||||
string test = "abc\ndef\nghi\n";
|
||||
ASSERT_EQ(trimNewLines(test),
|
||||
"abcdefghi");
|
||||
}
|
||||
|
||||
TEST_F(UtilsTest, TrimQuotes) {
|
||||
string test = "abc\"def\"ghi\"";
|
||||
ASSERT_EQ(trimQuotes(test),
|
||||
"abcdefghi");
|
||||
}
|
||||
|
||||
TEST_F(UtilsTest, TrimChar) {
|
||||
string test = "abc@def@ghi@";
|
||||
ASSERT_EQ(trimChar(test, '@'),
|
||||
"abcdefghi");
|
||||
}
|
||||
|
||||
TEST_F(UtilsTest, trimWhitespaceFromLeft) {
|
||||
ASSERT_EQ(trimWhitespaceFromLeft(" asdf"), "asdf");
|
||||
ASSERT_EQ(trimWhitespaceFromLeft(" as df"), "as df");
|
||||
|
@ -126,6 +126,6 @@ if [ -f RPMS/x86_64/HIRS_Provisioner_TPM_2_0*.rpm ]; then
|
||||
echo 'HIRS_ProvisionerTPM2 RPM successfully built'
|
||||
echo '************************************************************************************'
|
||||
else
|
||||
echo 'Error: HIRS_ProvisionerTPM2 failed to package successfully'
|
||||
echo 'Error: HIRS_ProvisionerTPM2 failed to package'
|
||||
exit 1
|
||||
fi
|
||||
|
@ -68,7 +68,7 @@ fi
|
||||
|
||||
mv $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner*.deb $SCRIPT_DIR/deb/DEBS/
|
||||
|
||||
echo "HIRS deb building complete"
|
||||
echo "HIRS Provisioner deb building complete"
|
||||
|
||||
# TPM Module
|
||||
cd $SCRIPT_DIR/../tpm_module
|
||||
@ -100,3 +100,13 @@ mkdir -p $SCRIPT_DIR/deb/DEBS/
|
||||
mv $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module*.deb $SCRIPT_DIR/deb/DEBS/
|
||||
|
||||
echo "TPM deb building complete"
|
||||
|
||||
# HIRS Provisioner TPM 2.0
|
||||
cd $SCRIPT_DIR/deb
|
||||
$SCRIPT_DIR/../HIRS_ProvisionerTPM2/package/package.tpm2.ubuntu.sh
|
||||
if [ -f DEBS/HIRSProvisionerTPM2.0*.deb ]; then
|
||||
echo 'HIRS Provisioner TPM 2.0 deb building complete'
|
||||
else
|
||||
echo 'Failed to build HIRS Provisioner TPM 2.0 deb package'
|
||||
exit 1
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user