From ddfd0c601720ff1dd8b413aaf1eb6f852922ebe4 Mon Sep 17 00:00:00 2001
From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com>
Date: Thu, 27 Jun 2024 18:11:01 -0400
Subject: [PATCH 1/5] spdm processing
---
.../hirs/utils/tpm/eventlog/TpmPcrEvent.java | 2 +
.../eventlog/events/DeviceSecurityEvent.java | 15 +-
.../events/DeviceSecurityEventData.java | 4 +-
.../events/DeviceSecurityEventData2.java | 48 +++++-
.../events/DeviceSecurityEventDataHeader.java | 27 ++--
.../DeviceSecurityEventDataHeader2.java | 146 +++++++++++++++++-
.../DeviceSecurityEventDataSubHeader.java | 20 +++
...ventDataSubHeaderSpdmMeasurementBlock.java | 106 +++++++++++++
.../events/DeviceSecurityEventHeader.java | 16 +-
.../events/EvEfiSpdmDeviceSecurityEvent.java | 50 ++++--
.../eventlog/spdm/SpdmMeasurementBlock.java | 49 ++++--
11 files changed, 434 insertions(+), 49 deletions(-)
create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeader.java
create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
index ca4a851ea..f1be1b57b 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
@@ -396,6 +396,8 @@ public String getEventContentStr() {
} catch (UnsupportedEncodingException ueEx) {
log.error(ueEx);
sb.append(ueEx.toString());
+ } catch (IOException e) {
+ throw new RuntimeException(e);
}
break;
default:
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
index 0e97f8a16..fe8d9ec1c 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
@@ -50,6 +50,12 @@
*/
public abstract class DeviceSecurityEvent {
+ /**
+ * DeviceSecurityEventDataContext Object.
+ */
+ @Getter
+ private DeviceSecurityEventDataDeviceContext dsedDevContext = null;
+
/**
* Human readable description of the data within the
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT. DEVICE can be either PCI or USB.
@@ -83,12 +89,15 @@ public void parseDeviceContext(final byte[] dSEDbytes, int startByte, int device
deviceContextLength);
if (deviceType == 0) {
- deviceContextInfo = "No Device Context (indicated by device type value of 0";
+ deviceContextInfo = "\n No Device Context (indicated by device type value of 0";
}
else if (deviceType == 1) {
- DeviceSecurityEventDataPciContext dSEDpciContext
+// DeviceSecurityEventDataPciContext dSEDpciContext
+// = new DeviceSecurityEventDataPciContext(deviceContextBytes);
+// deviceContextInfo = dSEDpciContext.toString();
+ dsedDevContext
= new DeviceSecurityEventDataPciContext(deviceContextBytes);
- deviceContextInfo = dSEDpciContext.toString();
+ deviceContextInfo = dsedDevContext.toString();
}
//else if (deviceType == 2) {
//DeviceSecurityEventDataUsbContext dSEDusbContext
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
index 4f996548c..1043f74df 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
@@ -1,6 +1,8 @@
package hirs.utils.tpm.eventlog.events;
import lombok.Getter;
+
+import java.io.IOException;
import java.io.UnsupportedEncodingException;
/**
@@ -26,7 +28,7 @@ public class DeviceSecurityEventData extends DeviceSecurityEvent {
*
* @param dSEDbytes byte array holding the DeviceSecurityEventData.
*/
- public DeviceSecurityEventData(final byte[] dSEDbytes) throws UnsupportedEncodingException {
+ public DeviceSecurityEventData(final byte[] dSEDbytes) throws IOException {
dsedHeader = new DeviceSecurityEventDataHeader(dSEDbytes);
parseDeviceContext(dSEDbytes, dsedHeader.getDSEDheaderByteSize(), dsedHeader.getDeviceType());
}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java
index 014b6fe0b..81ae1ccfd 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java
@@ -1,7 +1,14 @@
package hirs.utils.tpm.eventlog.events;
+import hirs.utils.HexUtils;
import lombok.Getter;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+
+import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventDataHeader2.SUBHEADERTYPE_CERT_CHAIN;
+import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventDataHeader2.SUBHEADERTYPE_MEAS_BLOCK;
+
// TODO Placeholder class to be implemented upon getting test pattern
/**
* Class to process DEVICE_SECURITY_EVENT_DATA2.
@@ -22,14 +29,50 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent {
@Getter
private DeviceSecurityEventDataHeader2 dsedHeader2 = null;
+ /**
+ * DeviceSecurityEventDataSubHeader Object.
+ */
+ @Getter
+ private DeviceSecurityEventDataSubHeader dsedSubHeader = null;
+
+ /**
+ * Human readable description of the data within the
+ * DEVICE_SECURITY_EVENT_DATA_SUB_HEADER. SUB_HEADER can be either
+ * DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK or
+ * DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN
+ */
+ @Getter
+ String subHeaderInfo = "";
+
/**
* DeviceSecurityEventData2 Constructor.
*
* @param dSEDbytes byte array holding the DeviceSecurityEventData2.
*/
- public DeviceSecurityEventData2(final byte[] dSEDbytes) {
+ public DeviceSecurityEventData2(final byte[] dSEDbytes) throws IOException {
dsedHeader2 = new DeviceSecurityEventDataHeader2(dSEDbytes);
+ int dSEDheaderByteSize = dsedHeader2.getDSEDheaderByteSize();
+ int subHeaderType = dsedHeader2.getSubHeaderType();
+ int subHeaderLength = dsedHeader2.getSubHeaderLength();
+
+ subHeaderInfo = "\nSub header type: " + subHeaderType;
+
+ byte[] dSEDsubHeaderBytes = new byte[subHeaderLength];
+ System.arraycopy(dSEDbytes, dSEDheaderByteSize, dSEDsubHeaderBytes, 0, subHeaderLength);
+
+ if (subHeaderType == SUBHEADERTYPE_MEAS_BLOCK) {
+ dsedSubHeader = new DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(dSEDsubHeaderBytes);
+ subHeaderInfo += dsedSubHeader.toString();
+ }
+ else if (subHeaderType == SUBHEADERTYPE_CERT_CHAIN) {
+ // TBD:
+ // dsedSubHeader = new DeviceSecurityEventDataSubHeaderCertChain();
+ }
+ else {
+ subHeaderInfo += "Subheader type unknown";
+ }
+
// get subheader
parseDeviceContext(dSEDbytes, dsedHeader2.getDSEDheaderByteSize(), dsedHeader2.getDeviceType());
}
@@ -41,6 +84,9 @@ public DeviceSecurityEventData2(final byte[] dSEDbytes) {
*/
public String toString() {
String dsedInfo = "";
+ dsedInfo += dsedHeader2.toString();
+ dsedInfo += dsedSubHeader.toString();
+ dsedInfo += getDeviceContextInfo();
return dsedInfo;
}
}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
index 3c9ac4442..bca6cd33f 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
@@ -6,6 +6,8 @@
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import lombok.Getter;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
import java.io.UnsupportedEncodingException;
/**
@@ -49,39 +51,44 @@ public class DeviceSecurityEventDataHeader extends DeviceSecurityEventHeader {
/**
* DeviceSecurityEventDataHeader Constructor.
*
- * @param dSEDbytes byte array holding the DeviceSecurityEventData.
+ * @param dsedBytes byte array holding the DeviceSecurityEventData.
*/
- public DeviceSecurityEventDataHeader(final byte[] dSEDbytes) throws UnsupportedEncodingException {
+ public DeviceSecurityEventDataHeader(final byte[] dsedBytes) throws IOException {
- super(dSEDbytes);
+ super(dsedBytes);
byte[] lengthBytes = new byte[UefiConstants.SIZE_2];
- System.arraycopy(dSEDbytes, 18, lengthBytes, 0,
+ System.arraycopy(dsedBytes, 18, lengthBytes, 0,
UefiConstants.SIZE_2);
length = HexUtils.leReverseInt(lengthBytes);
byte[] spdmHashAlgoBytes = new byte[UefiConstants.SIZE_4];
- System.arraycopy(dSEDbytes, UefiConstants.OFFSET_20, spdmHashAlgoBytes, 0,
+ System.arraycopy(dsedBytes, UefiConstants.OFFSET_20, spdmHashAlgoBytes, 0,
UefiConstants.SIZE_4);
spdmHashAlgo = HexUtils.leReverseInt(spdmHashAlgoBytes);
- extractDeviceType(dSEDbytes, 24);
+ extractDeviceType(dsedBytes, 24);
// get the size of the SPDM Measurement Block
byte[] sizeOfSpdmMeasBlockBytes = new byte[UefiConstants.SIZE_2];
- System.arraycopy(dSEDbytes, 30, sizeOfSpdmMeasBlockBytes, 0,
+ System.arraycopy(dsedBytes, 30, sizeOfSpdmMeasBlockBytes, 0,
UefiConstants.SIZE_2);
int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes);
int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + 4; // header is 4 bytes
// extract the bytes from the SPDM Measurement Block
byte[] spdmMeasBlockBytes = new byte[sizeOfSpdmMeasBlock];
- System.arraycopy(dSEDbytes, 28, spdmMeasBlockBytes, 0,
+ System.arraycopy(dsedBytes, 28, spdmMeasBlockBytes, 0,
sizeOfSpdmMeasBlock);
- spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasBlockBytes);
+
+// spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasBlockBytes);
+
+ ByteArrayInputStream spdmMeasurementBlockData =
+ new ByteArrayInputStream(spdmMeasBlockBytes);
+ spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasurementBlockData);
int devPathLenStartByte = 28 + sizeOfSpdmMeasBlock;
- extractDevicePathAndFinalSize(dSEDbytes, devPathLenStartByte);
+ extractDevicePathAndFinalSize(dsedBytes, devPathLenStartByte);
}
/**
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
index 8e7589a95..5ebef0173 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
@@ -1,12 +1,130 @@
package hirs.utils.tpm.eventlog.events;
+import hirs.utils.HexUtils;
import hirs.utils.tpm.eventlog.spdm.SpdmHa;
+import hirs.utils.tpm.eventlog.spdm.SpdmMeasurementBlock;
+import hirs.utils.tpm.eventlog.uefi.UefiConstants;
+import lombok.Getter;
-// Placeholder for Header2 data structure.
+import java.io.UnsupportedEncodingException;
+
+/**
+ * Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER2.
+ * DEVICE_SECURITY_EVENT_DATA_HEADER2 contains the measurement(s) and hash algorithm identifier
+ * returned by the SPDM "GET_MEASUREMENTS" function.
+ *
+ * HEADERS defined by PFP v1.06 Rev 52:
+ *
+ * typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER2 {
+ * UINT8 Signature[16];
+ * UINT16 Version;
+ * UINT8 AuthState;
+ * UINT8 Reserved
+ * UINT32 Length;
+ * UINT32 DeviceType;
+ * UINT32 SubHeaderType;
+ * UINT32 SubHeaderLength;
+ * UINT64 SubHeaderUID;
+ * UINT64 DevicePathLength;
+ * UNIT8 DevicePath[DevicePathLength]
+ * } DEVICE_SECURITY_EVENT_DATA_HEADER2;
+ *
+ * Assumption: there is only 1 SpdmMeasurementBlock per event. Need more test patterns to verify.
+ */
public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader {
- public DeviceSecurityEventDataHeader2(final byte[] dSEDbytes) {
+ /**
+ * Event auth state
+ */
+ @Getter
+ private int authState = 0;
+ /**
+ * Event data length.
+ */
+ @Getter
+ private int length = 0;
+ /**
+ * Event sub headerType
+ */
+ @Getter
+ private int subHeaderType = 0;
+ /**
+ * Event sub header length.
+ */
+ @Getter
+ private int subHeaderLength = 0;
+ /**
+ * Event sub header UID.
+ */
+ @Getter
+ private String subHeaderUid = "";
+
+ /**
+ * Auth state - success
+ */
+ public static final int AUTH_SUCCESS = 0;
+ /**
+ * Auth state - digital signature of the data is valid, but the public key certificate chain is not
+ * validated with the entry in in the UEFI device signature variable
+ */
+ public static final int AUTH_NO_AUTHORITY = 1;
+ /**
+ * Auth state - digital signature of the measurement data is valid, but the reported device capabilities,
+ * negotiated parameters or certificate chains were not validated by a transcript.
+ */
+ public static final int AUTH_NO_BINDING = 2;
+ /**
+ * Auth state - data has no digital signature
+ */
+ public static final int AUTH_FAIL_NO_SIG = 3;
+ /**
+ * Auth state - data is invalid
+ */
+ public static final int AUTH_FAIL_INVALID = 4;
+ /**
+ * Auth state - device is not an SPDM-capable device
+ */
+ public static final int AUTH_NO_SPDM = 0xFF;
+ /**
+ * Sub header type - SPDM measurement block
+ */
+ public static final int SUBHEADERTYPE_MEAS_BLOCK = 0;
+ /**
+ * Sub header type - SPDM cert chain
+ */
+ public static final int SUBHEADERTYPE_CERT_CHAIN = 1;
+
+
+ public DeviceSecurityEventDataHeader2(final byte[] dsedBytes) throws UnsupportedEncodingException {
+
+ super(dsedBytes);
+
+ byte[] authStateBytes = new byte[1];
+ System.arraycopy(dsedBytes, 18, authStateBytes, 0, 1);
+ authState = HexUtils.leReverseInt(authStateBytes);
+ // byte[] reserved[Bytes]: 1 byte
+
+ byte[] lengthBytes = new byte[4];
+ System.arraycopy(dsedBytes, 20, lengthBytes, 0, 4);
+ length = HexUtils.leReverseInt(lengthBytes);
+
+ extractDeviceType(dsedBytes, 24);
+
+ byte[] subHeaderTypeBytes = new byte[4];
+ System.arraycopy(dsedBytes, 44, subHeaderTypeBytes, 0, 4);
+ subHeaderType = HexUtils.leReverseInt(subHeaderTypeBytes);
+
+ byte[] subHeaderLengthBytes = new byte[4];
+ System.arraycopy(dsedBytes, 48, subHeaderLengthBytes, 0, 4);
+ subHeaderLength = HexUtils.leReverseInt(subHeaderLengthBytes);
+
+ byte[] subHeaderUidBytes = new byte[8];
+ System.arraycopy(dsedBytes, 52, subHeaderUidBytes, 0, 8);
+ subHeaderUid = HexUtils.byteArrayToHexString(subHeaderUidBytes);
+
+ int devPathLenStartByte = 60;
+ extractDevicePathAndFinalSize(dsedBytes, devPathLenStartByte);
}
/**
@@ -17,6 +135,30 @@ public DeviceSecurityEventDataHeader2(final byte[] dSEDbytes) {
public String toString() {
String dsedHeader2Info = "";
+ dsedHeader2Info += super.toString();
+ dsedHeader2Info += "\n AuthState: " + getAuthStateString();
+ dsedHeader2Info += "\n Sub header UID: " + subHeaderUid;
+
return dsedHeader2Info;
}
+
+ public String getAuthStateString() {
+
+ switch (authState) {
+ case AUTH_SUCCESS:
+ return ("AUTH_SUCCESS");
+ case AUTH_NO_AUTHORITY:
+ return ("AUTH_NO_AUTHORITY");
+ case AUTH_NO_BINDING:
+ return ("AUTH_NO_BINDING");
+ case AUTH_FAIL_NO_SIG:
+ return ("AUTH_FAIL_NO_SIG");
+ case AUTH_FAIL_INVALID:
+ return ("AUTH_FAIL_INVALID");
+ case AUTH_NO_SPDM:
+ return ("AUTH_NO_SPDM");
+ default:
+ return ("Auth State unknown");
+ }
+ }
}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeader.java
new file mode 100644
index 000000000..8c7b07649
--- /dev/null
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeader.java
@@ -0,0 +1,20 @@
+package hirs.utils.tpm.eventlog.events;
+
+
+/**
+ * Class to process the DEVICE_SECURITY_EVENT_DATA_SUB_HEADER event per PFP.
+ *
+ *
+ * typedef union tdDEVICE_SECURITY_EVENT_DATA_SUB_HEADER {
+ * DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
+ * DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmCertChain;
+ * DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT OemMeasurement;
+ * } DEVICE_SECURITY_EVENT_DATA_SUB_HEADER;
+ *
+ */
+public abstract class DeviceSecurityEventDataSubHeader {
+
+ public DeviceSecurityEventDataSubHeader() {
+ }
+
+}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
new file mode 100644
index 000000000..5a3196ec1
--- /dev/null
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
@@ -0,0 +1,106 @@
+package hirs.utils.tpm.eventlog.events;
+
+import hirs.utils.HexUtils;
+import hirs.utils.tpm.eventlog.spdm.SpdmMeasurementBlock;
+import hirs.utils.tpm.eventlog.uefi.UefiConstants;
+import hirs.utils.tpm.eventlog.uefi.UefiSignatureList;
+import lombok.Getter;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Class to process the DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK event per PFP.
+ *
+ *
+ * typedef union tdDEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK {
+ * UINT16 SpdmVersion;
+ * UINT8 SpdmMeasurementBlockCount;
+ * UINT8 Reserved;
+ * UINT32 SpdmMeasurementHashAlgo;
+ * SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock[SpdmMeasurementBlockCount];
+ * } DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK;
+ *
+ */
+public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends DeviceSecurityEventDataSubHeader {
+
+ /**
+ * SPDM version.
+ */
+ @Getter
+ private int spdmVersion = 0;
+ /**
+ * SPDM measurement block count.
+ */
+ @Getter
+ private int spdmMeasurementBlockCount = 0;
+ /**
+ * SPDM measurement hash algorithm.
+ */
+ @Getter
+ private int spdmMeasurementHashAlgo = -1;
+
+ /**
+ * List of SPDM Measurement Blocks.
+ */
+ private List spdmMeasurementBlockList;
+// /**
+// * SPDM Measurement Block.
+// */
+// private SpdmMeasurementBlock spdmMeasurementBlock = null;
+
+ /**
+ * DeviceSecurityEventDataHeader Constructor.
+ *
+ * @param dsedSubHBytes byte array holding the DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.
+ */
+ public DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(final byte[] dsedSubHBytes) throws IOException {
+
+// super();
+
+ spdmMeasurementBlockList = new ArrayList<>();
+
+ byte[] spdmVersionBytes = new byte[2];
+ System.arraycopy(dsedSubHBytes, 0, spdmVersionBytes, 0, 2);
+ spdmVersion = HexUtils.leReverseInt(spdmVersionBytes);
+
+ byte[] spdmMeasurementBlockCountBytes = new byte[1];
+ System.arraycopy(dsedSubHBytes, 2, spdmMeasurementBlockCountBytes, 0, 1);
+ spdmMeasurementBlockCount = HexUtils.leReverseInt(spdmMeasurementBlockCountBytes);
+
+ // byte[] reserved[Bytes]: 1 byte
+
+ byte[] spdmMeasurementHashAlgoBytes = new byte[4];
+ System.arraycopy(dsedSubHBytes, 4, spdmMeasurementHashAlgoBytes, 0, 4);
+ spdmMeasurementHashAlgo = HexUtils.leReverseInt(spdmMeasurementHashAlgoBytes);
+
+ int spdmMeasurementBlockListSize = dsedSubHBytes.length - 8;
+ byte[] spdmMeasurementBlockListBytes = new byte[spdmMeasurementBlockListSize];
+ System.arraycopy(dsedSubHBytes, 8, spdmMeasurementBlockListBytes, 0,
+ spdmMeasurementBlockListSize);
+
+ ByteArrayInputStream spdmMeasurementBlockListData =
+ new ByteArrayInputStream(spdmMeasurementBlockListBytes);
+ while (spdmMeasurementBlockListData.available() > 0) {
+
+ SpdmMeasurementBlock spdmMeasurementBlock;
+ spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasurementBlockListData);
+
+ spdmMeasurementBlockList.add(spdmMeasurementBlock);
+ }
+ }
+
+ /**
+ * Returns a human readable description of the data within this structure.
+ *
+ * @return a description of this structure.
+ */
+ public String toString() {
+ String dsedSubHeaderInfo = "";
+// dsedSubHeaderInfo += dsedHeader2.toString();
+ return dsedSubHeaderInfo;
+ }
+}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java
index b7192054a..5fb7b7f75 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java
@@ -4,6 +4,7 @@
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import hirs.utils.tpm.eventlog.uefi.UefiDevicePath;
import lombok.Getter;
+import lombok.Setter;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
@@ -57,6 +58,7 @@ public abstract class DeviceSecurityEventHeader {
*/
@Getter
private Integer dSEDheaderByteSize = 0;
+
/**
* Signature (text) data.
*/
@@ -131,14 +133,14 @@ public DeviceSecurityEventHeader(final byte[] dSEDbytes) {
/**
* Parse the device type from the Device Security Event Data Header/Header2.
*
- * @param dSEDbytes byte array holding the DeviceSecurityEventData/Data2.
+ * @param dsedBytes byte array holding the DeviceSecurityEventData/Data2.
* @param startByte starting byte of device type (depends on header fields before it).
*/
- public void extractDeviceType(final byte[] dSEDbytes, int startByte) {
+ public void extractDeviceType(final byte[] dsedBytes, int startByte) {
// get the device type ID
byte[] deviceTypeBytes = new byte[UefiConstants.SIZE_4];
- System.arraycopy(dSEDbytes, startByte, deviceTypeBytes, 0,
+ System.arraycopy(dsedBytes, startByte, deviceTypeBytes, 0,
UefiConstants.SIZE_4);
deviceType = HexUtils.leReverseInt(deviceTypeBytes);
}
@@ -147,15 +149,15 @@ public void extractDeviceType(final byte[] dSEDbytes, int startByte) {
* Parse the device path from the Device Security Event Data Header/Header2.
* Also, determine final length of header (will be used to extract the next data structure).
*
- * @param dSEDbytes byte array holding the DeviceSecurityEventData/Data2.
+ * @param dsedBytes byte array holding the DeviceSecurityEventData/Data2.
* @param startByte starting byte of device path (depends on header fields before it).
*/
- public void extractDevicePathAndFinalSize(final byte[] dSEDbytes, int startByte)
+ public void extractDevicePathAndFinalSize(final byte[] dsedBytes, int startByte)
throws UnsupportedEncodingException {
// get the device path length
byte[] devicePathLengthBytes = new byte[UefiConstants.SIZE_8];
- System.arraycopy(dSEDbytes, startByte, devicePathLengthBytes, 0,
+ System.arraycopy(dsedBytes, startByte, devicePathLengthBytes, 0,
UefiConstants.SIZE_8);
int devicePathLength = HexUtils.leReverseInt(devicePathLengthBytes);
@@ -163,7 +165,7 @@ public void extractDevicePathAndFinalSize(final byte[] dSEDbytes, int startByte)
if (devicePathLength != 0) {
startByte = startByte + UefiConstants.SIZE_8;
byte[] devPathBytes = new byte[devicePathLength];
- System.arraycopy(dSEDbytes, startByte, devPathBytes,
+ System.arraycopy(dsedBytes, startByte, devPathBytes,
0, devicePathLength);
devicePath = new UefiDevicePath(devPathBytes);
devicePathValid = true;
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
index bb3953376..66d1b7ee9 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
@@ -2,7 +2,9 @@
import hirs.utils.HexUtils;
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
+import lombok.Getter;
+import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
@@ -31,10 +33,17 @@
*/
public class EvEfiSpdmDeviceSecurityEvent {
+ /**
+ * DeviceSecurityEvent Object.
+ */
+ @Getter
+ private DeviceSecurityEvent dSED = null;
+
/**
* Signature (text) data.
*/
private String signature = "";
+
/**
* Human readable description of the data within this DEVICE_SECURITY_EVENT_DATA/..DATA2 event.
*/
@@ -46,32 +55,43 @@ public class EvEfiSpdmDeviceSecurityEvent {
* @param eventData byte array holding the event to process.
* @throws java.io.UnsupportedEncodingException if input fails to parse.
*/
- public EvEfiSpdmDeviceSecurityEvent(final byte[] eventData) throws UnsupportedEncodingException {
+ public EvEfiSpdmDeviceSecurityEvent(final byte[] eventData) throws IOException {
- byte[] signatureBytes = new byte[UefiConstants.SIZE_15];
- System.arraycopy(eventData, 0, signatureBytes, 0, UefiConstants.SIZE_15);
+ byte[] signatureBytes = new byte[UefiConstants.SIZE_16];
+ System.arraycopy(eventData, 0, signatureBytes, 0, UefiConstants.SIZE_16);
signature = new String(signatureBytes, StandardCharsets.UTF_8);
signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
- if (signature.contains("SPDM Device Sec")) { // implies Device Security event
+ byte[] versionBytes = new byte[UefiConstants.SIZE_2];
+ System.arraycopy(eventData, UefiConstants.OFFSET_16, versionBytes, 0,
+ UefiConstants.SIZE_2);
+ String version = HexUtils.byteArrayToHexString(versionBytes);
+ if (version == "") {
+ version = "version not readable";
+ }
- spdmInfo = " Signature = SPDM Device Sec";
+ if (signature.contains("SPDM Device Sec2")) {
- byte[] versionBytes = new byte[UefiConstants.SIZE_2];
- System.arraycopy(eventData, UefiConstants.OFFSET_16, versionBytes, 0,
- UefiConstants.SIZE_2);
- String version = HexUtils.byteArrayToHexString(versionBytes);
+ spdmInfo = " Signature = SPDM Device Sec2";
- if (version.equals("0100")) {
- DeviceSecurityEventData dSED = new DeviceSecurityEventData(eventData);
+ if (version.equals("0200")) {
+ dSED = new DeviceSecurityEventData2(eventData);
spdmInfo += dSED.toString();
}
- else if (version.equals("0200")) {
- DeviceSecurityEventData2 dSED2 = new DeviceSecurityEventData2(eventData);
- spdmInfo += dSED2.toString();
+ else {
+ spdmInfo += " Incompatible version for DeviceSecurityEventData2: " + version;
+ }
+ }
+ else if (signature.contains("SPDM Device Sec")) { // implies Device Security event
+
+ spdmInfo = " Signature = SPDM Device Sec";
+
+ if (version.equals("0100")) {
+ dSED = new DeviceSecurityEventData(eventData);
+ spdmInfo += dSED.toString();
}
else {
- spdmInfo += " Unknown version of DeviceSecurityEventData structure";
+ spdmInfo += " Incompatible version for DeviceSecurityEventData: " + version;
}
}
else {
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurementBlock.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurementBlock.java
index 4b1345eb7..a193dcf39 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurementBlock.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurementBlock.java
@@ -4,6 +4,9 @@
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import lombok.Getter;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
/**
* Class to process the SpdmMeasurementBlock.
*
@@ -42,32 +45,58 @@ public class SpdmMeasurementBlock {
/**
* SpdmMeasurementBlock Constructor.
*
- * @param spdmMeasBlockBytes byte array holding the SPDM Measurement Block bytes.
+ * @param spdmMeasBlocks byte array holding the SPDM Measurement Block bytes.
*/
- public SpdmMeasurementBlock(final byte[] spdmMeasBlockBytes) {
+// public SpdmMeasurementBlock(final ByteArrayInputStream spdmMeasBlocks) {
+ public SpdmMeasurementBlock(final ByteArrayInputStream spdmMeasBlocks) throws IOException {
byte[] indexBytes = new byte[1];
- System.arraycopy(spdmMeasBlockBytes, 0, indexBytes, 0,
- 1);
+ spdmMeasBlocks.read(indexBytes);
index = HexUtils.leReverseInt(indexBytes);
byte[] measurementSpecBytes = new byte[1];
- System.arraycopy(spdmMeasBlockBytes, 1, measurementSpecBytes, 0,
- 1);
+ spdmMeasBlocks.read(measurementSpecBytes);
measurementSpec = HexUtils.leReverseInt(measurementSpecBytes);
// in future, can crosscheck this measurement size with the MeasurementSpec hash alg size
byte[] measurementSizeBytes = new byte[2];
- System.arraycopy(spdmMeasBlockBytes, 2, measurementSizeBytes, 0,
- 2);
+ spdmMeasBlocks.read(measurementSizeBytes);
int measurementSize = HexUtils.leReverseInt(measurementSizeBytes);
byte[] measurementBytes = new byte[measurementSize];
- System.arraycopy(spdmMeasBlockBytes, 4, measurementBytes, 0,
- measurementSize);
+ spdmMeasBlocks.read(measurementBytes);
spdmMeasurement = new SpdmMeasurement(measurementBytes);
}
+// /**
+// * SpdmMeasurementBlock Constructor.
+// *
+// * @param spdmMeasBlockBytes byte array holding the SPDM Measurement Block bytes.
+// */
+// public SpdmMeasurementBlock(final byte[] spdmMeasBlockBytes) {
+//
+// byte[] indexBytes = new byte[1];
+// System.arraycopy(spdmMeasBlockBytes, 0, indexBytes, 0,
+// 1);
+// index = HexUtils.leReverseInt(indexBytes);
+//
+// byte[] measurementSpecBytes = new byte[1];
+// System.arraycopy(spdmMeasBlockBytes, 1, measurementSpecBytes, 0,
+// 1);
+// measurementSpec = HexUtils.leReverseInt(measurementSpecBytes);
+//
+// // in future, can crosscheck this measurement size with the MeasurementSpec hash alg size
+// byte[] measurementSizeBytes = new byte[2];
+// System.arraycopy(spdmMeasBlockBytes, 2, measurementSizeBytes, 0,
+// 2);
+// int measurementSize = HexUtils.leReverseInt(measurementSizeBytes);
+//
+// byte[] measurementBytes = new byte[measurementSize];
+// System.arraycopy(spdmMeasBlockBytes, 4, measurementBytes, 0,
+// measurementSize);
+// spdmMeasurement = new SpdmMeasurement(measurementBytes);
+// }
+
/**
* Returns a human readable description of the data within this structure.
*
From 70e2870373783fea78dde6dcbbc9ab27d87266f9 Mon Sep 17 00:00:00 2001
From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com>
Date: Fri, 28 Jun 2024 15:02:35 -0400
Subject: [PATCH 2/5] spdm processing
---
.../hirs/utils/tpm/eventlog/TpmPcrEvent.java | 4 +-
.../eventlog/events/DeviceSecurityEvent.java | 46 +++++++++----------
.../events/DeviceSecurityEventData.java | 17 +++++--
.../events/DeviceSecurityEventData2.java | 31 +++++++------
.../DeviceSecurityEventDataDeviceContext.java | 19 ++++----
.../events/DeviceSecurityEventDataHeader.java | 7 +--
.../DeviceSecurityEventDataHeader2.java | 14 +++---
...ventDataSubHeaderSpdmMeasurementBlock.java | 30 +++++++-----
.../events/DeviceSecurityEventHeader.java | 24 ++++------
.../utils/tpm/eventlog/uefi/UefiVariable.java | 1 +
10 files changed, 100 insertions(+), 93 deletions(-)
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
index f1be1b57b..bd0b1f68c 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
@@ -562,7 +562,9 @@ public String processEvent(final byte[] eventData, final byte[] content,
case EvConstants.EV_EFI_HCRTM_EVENT:
break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
- description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
+ EvEfiSpdmDeviceSecurityEvent tempp = new EvEfiSpdmDeviceSecurityEvent(content);
+ description += "Event Content:\n" + tempp.toString();
+// description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
index fe8d9ec1c..18894e880 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
@@ -1,6 +1,11 @@
package hirs.utils.tpm.eventlog.events;
import lombok.Getter;
+import lombok.Setter;
+
+import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TYPE_NONE;
+import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TYPE_PCI;
+import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TYPE_USB;
/**
@@ -56,6 +61,13 @@ public abstract class DeviceSecurityEvent {
@Getter
private DeviceSecurityEventDataDeviceContext dsedDevContext = null;
+ /**
+ * Device type.
+ */
+ @Getter
+ @Setter
+ private int deviceType = -1;
+
/**
* Human readable description of the data within the
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT. DEVICE can be either PCI or USB.
@@ -74,37 +86,25 @@ public DeviceSecurityEvent() {
/**
* Parse the Device Context structure, can be PCI or USB based on device type field.
*
- * @param dSEDbytes byte array holding the DeviceSecurityEventData.
- * @param startByte starting byte of the device structure (depends on length of header).
- * @param deviceType device type either PCI or USB.
+ * @param dsedDeviceContextBytes byte array holding the DeviceSecurityEventData.
*
*/
- public void parseDeviceContext(final byte[] dSEDbytes, int startByte, int deviceType) {
-
- int deviceContextLength = dSEDbytes.length - startByte;
+ public void instantiateDeviceContext(final byte[] dsedDeviceContextBytes) {
- // get the device context bytes
- byte[] deviceContextBytes = new byte[deviceContextLength];
- System.arraycopy(dSEDbytes, startByte, deviceContextBytes, 0,
- deviceContextLength);
-
- if (deviceType == 0) {
+ if (deviceType == DEVICE_TYPE_NONE) {
deviceContextInfo = "\n No Device Context (indicated by device type value of 0";
}
- else if (deviceType == 1) {
-// DeviceSecurityEventDataPciContext dSEDpciContext
-// = new DeviceSecurityEventDataPciContext(deviceContextBytes);
-// deviceContextInfo = dSEDpciContext.toString();
+ else if (deviceType == DEVICE_TYPE_PCI) {
dsedDevContext
- = new DeviceSecurityEventDataPciContext(deviceContextBytes);
+ = new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes);
deviceContextInfo = dsedDevContext.toString();
}
- //else if (deviceType == 2) {
- //DeviceSecurityEventDataUsbContext dSEDusbContext
- // = new DeviceSecurityEventDataUsbContext(deviceContextBytes);
- //deviceContextInfo = dSEDusbContext.toString();
- //deviceContextInfo = "Device type is USB - to be implemented in future";
- //}
+ else if (deviceType == DEVICE_TYPE_USB) {
+ // dsedDevContext
+ // = new DeviceSecurityEventDataUsbContext(dsedDeviceContextBytes);
+ // deviceContextInfo = dsedDevContext.toString();
+ deviceContextInfo = " Device Type: USB - To be implemented";
+ }
else {
deviceContextInfo = " Unknown device type; cannot process device context";
}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
index 1043f74df..91a4a2ecc 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
@@ -3,7 +3,6 @@
import lombok.Getter;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
/**
* Class to process DEVICE_SECURITY_EVENT_DATA.
@@ -26,11 +25,19 @@ public class DeviceSecurityEventData extends DeviceSecurityEvent {
/**
* DeviceSecurityEventData Constructor.
*
- * @param dSEDbytes byte array holding the DeviceSecurityEventData.
+ * @param dsedBytes byte array holding the DeviceSecurityEventData.
*/
- public DeviceSecurityEventData(final byte[] dSEDbytes) throws IOException {
- dsedHeader = new DeviceSecurityEventDataHeader(dSEDbytes);
- parseDeviceContext(dSEDbytes, dsedHeader.getDSEDheaderByteSize(), dsedHeader.getDeviceType());
+ public DeviceSecurityEventData(final byte[] dsedBytes) throws IOException {
+ dsedHeader = new DeviceSecurityEventDataHeader(dsedBytes);
+ setDeviceType(dsedHeader.getDeviceType());
+ int dsedHeaderLength = dsedHeader.getDsedHeaderLength();
+
+ int dsedDevContextLength = dsedBytes.length - dsedHeaderLength;
+ byte[] dsedDevContextBytes = new byte[dsedDevContextLength];
+ System.arraycopy(dsedBytes, dsedHeaderLength, dsedDevContextBytes, 0,
+ dsedDevContextLength);
+
+ instantiateDeviceContext(dsedDevContextBytes);
}
/**
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java
index 81ae1ccfd..c470a5fb3 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java
@@ -1,15 +1,12 @@
package hirs.utils.tpm.eventlog.events;
-import hirs.utils.HexUtils;
import lombok.Getter;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventDataHeader2.SUBHEADERTYPE_CERT_CHAIN;
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventDataHeader2.SUBHEADERTYPE_MEAS_BLOCK;
-// TODO Placeholder class to be implemented upon getting test pattern
/**
* Class to process DEVICE_SECURITY_EVENT_DATA2.
* Parses event data per PFP v1.06 Rev52 Table 26.
@@ -47,34 +44,40 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent {
/**
* DeviceSecurityEventData2 Constructor.
*
- * @param dSEDbytes byte array holding the DeviceSecurityEventData2.
+ * @param dsedBytes byte array holding the DeviceSecurityEventData2.
*/
- public DeviceSecurityEventData2(final byte[] dSEDbytes) throws IOException {
+ public DeviceSecurityEventData2(final byte[] dsedBytes) throws IOException {
- dsedHeader2 = new DeviceSecurityEventDataHeader2(dSEDbytes);
- int dSEDheaderByteSize = dsedHeader2.getDSEDheaderByteSize();
+ dsedHeader2 = new DeviceSecurityEventDataHeader2(dsedBytes);
+ setDeviceType(dsedHeader2.getDeviceType());
+ int dsedHeaderLength = dsedHeader2.getDsedHeaderLength();
int subHeaderType = dsedHeader2.getSubHeaderType();
int subHeaderLength = dsedHeader2.getSubHeaderLength();
subHeaderInfo = "\nSub header type: " + subHeaderType;
- byte[] dSEDsubHeaderBytes = new byte[subHeaderLength];
- System.arraycopy(dSEDbytes, dSEDheaderByteSize, dSEDsubHeaderBytes, 0, subHeaderLength);
+ byte[] dsedSubHeaderBytes = new byte[subHeaderLength];
+ System.arraycopy(dsedBytes, dsedHeaderLength, dsedSubHeaderBytes, 0, subHeaderLength);
if (subHeaderType == SUBHEADERTYPE_MEAS_BLOCK) {
- dsedSubHeader = new DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(dSEDsubHeaderBytes);
+ dsedSubHeader = new DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(dsedSubHeaderBytes);
subHeaderInfo += dsedSubHeader.toString();
}
else if (subHeaderType == SUBHEADERTYPE_CERT_CHAIN) {
- // TBD:
// dsedSubHeader = new DeviceSecurityEventDataSubHeaderCertChain();
+ subHeaderInfo += " Cert chain to be implemented ";
}
else {
- subHeaderInfo += "Subheader type unknown";
+ subHeaderInfo += "Sub header type unknown";
}
- // get subheader
- parseDeviceContext(dSEDbytes, dsedHeader2.getDSEDheaderByteSize(), dsedHeader2.getDeviceType());
+ int dsedDevContextStartByte = dsedHeaderLength + subHeaderLength;
+ int dsedDevContextLength = dsedBytes.length - dsedDevContextStartByte;
+ byte[] dsedDevContextBytes = new byte[dsedDevContextLength];
+ System.arraycopy(dsedBytes, dsedDevContextStartByte, dsedDevContextBytes, 0,
+ dsedDevContextLength);
+
+ instantiateDeviceContext(dsedDevContextBytes);
}
/**
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java
index a9863eb7b..0404884e4 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java
@@ -31,17 +31,17 @@ public abstract class DeviceSecurityEventDataDeviceContext {
/**
* DeviceSecurityEventDataDeviceContext Constructor.
*
- * @param dSEDdeviceContextBytes byte array holding the DeviceSecurityEventData.
+ * @param dsedDeviceContextBytes byte array holding the DeviceSecurityEventData.
*/
- public DeviceSecurityEventDataDeviceContext(final byte[] dSEDdeviceContextBytes) {
+ public DeviceSecurityEventDataDeviceContext(final byte[] dsedDeviceContextBytes) {
- byte[] pciVersionBytes = new byte[2];
- System.arraycopy(dSEDdeviceContextBytes, 0, pciVersionBytes, 0, 2);
- version = HexUtils.leReverseInt(pciVersionBytes);
+ byte[] versionBytes = new byte[2];
+ System.arraycopy(dsedDeviceContextBytes, 0, versionBytes, 0, 2);
+ version = HexUtils.leReverseInt(versionBytes);
- byte[] pciLengthBytes = new byte[2];
- System.arraycopy(dSEDdeviceContextBytes, 2, pciLengthBytes, 0, 2);
- length = HexUtils.leReverseInt(pciLengthBytes);
+ byte[] lengthBytes = new byte[2];
+ System.arraycopy(dsedDeviceContextBytes, 2, lengthBytes, 0, 2);
+ length = HexUtils.leReverseInt(lengthBytes);
}
/**
@@ -52,8 +52,7 @@ public DeviceSecurityEventDataDeviceContext(final byte[] dSEDdeviceContextBytes)
public String toString() {
String dSEDdeviceContextCommonInfo = "";
- dSEDdeviceContextCommonInfo += "\n DeviceSecurityEventData Device Info:";
- dSEDdeviceContextCommonInfo += "\n Device Structure Version = " + version;
+ dSEDdeviceContextCommonInfo += "\n DeviceSecurityEventData Device Context:";
return dSEDdeviceContextCommonInfo;
}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
index bca6cd33f..0fe0226e4 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
@@ -8,7 +8,6 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
/**
* Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER.
@@ -76,13 +75,11 @@ public DeviceSecurityEventDataHeader(final byte[] dsedBytes) throws IOException
int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes);
int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + 4; // header is 4 bytes
- // extract the bytes from the SPDM Measurement Block
+ // extract the bytes that comprise the SPDM Measurement Block
byte[] spdmMeasBlockBytes = new byte[sizeOfSpdmMeasBlock];
System.arraycopy(dsedBytes, 28, spdmMeasBlockBytes, 0,
sizeOfSpdmMeasBlock);
-// spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasBlockBytes);
-
ByteArrayInputStream spdmMeasurementBlockData =
new ByteArrayInputStream(spdmMeasBlockBytes);
spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasurementBlockData);
@@ -92,7 +89,7 @@ public DeviceSecurityEventDataHeader(final byte[] dsedBytes) throws IOException
}
/**
- * Returns a human readable description of the data within this structure.
+ * Returns a human-readable description of the data within this structure.
*
* @return a description of this structure.
*/
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
index 5ebef0173..f113c8554 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
@@ -1,9 +1,6 @@
package hirs.utils.tpm.eventlog.events;
import hirs.utils.HexUtils;
-import hirs.utils.tpm.eventlog.spdm.SpdmHa;
-import hirs.utils.tpm.eventlog.spdm.SpdmMeasurementBlock;
-import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import lombok.Getter;
import java.io.UnsupportedEncodingException;
@@ -112,23 +109,24 @@ public DeviceSecurityEventDataHeader2(final byte[] dsedBytes) throws Unsupported
extractDeviceType(dsedBytes, 24);
byte[] subHeaderTypeBytes = new byte[4];
- System.arraycopy(dsedBytes, 44, subHeaderTypeBytes, 0, 4);
+ System.arraycopy(dsedBytes, 28, subHeaderTypeBytes, 0, 4);
subHeaderType = HexUtils.leReverseInt(subHeaderTypeBytes);
byte[] subHeaderLengthBytes = new byte[4];
- System.arraycopy(dsedBytes, 48, subHeaderLengthBytes, 0, 4);
+ System.arraycopy(dsedBytes, 32, subHeaderLengthBytes, 0, 4);
subHeaderLength = HexUtils.leReverseInt(subHeaderLengthBytes);
byte[] subHeaderUidBytes = new byte[8];
- System.arraycopy(dsedBytes, 52, subHeaderUidBytes, 0, 8);
+ System.arraycopy(dsedBytes, 36, subHeaderUidBytes, 0, 8);
+ subHeaderUidBytes = HexUtils.leReverseByte(subHeaderUidBytes);
subHeaderUid = HexUtils.byteArrayToHexString(subHeaderUidBytes);
- int devPathLenStartByte = 60;
+ int devPathLenStartByte = 44;
extractDevicePathAndFinalSize(dsedBytes, devPathLenStartByte);
}
/**
- * Returns a human readable description of the data within this structure.
+ * Returns a human-readable description of the data within this structure.
*
* @return a description of this structure.
*/
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
index 5a3196ec1..e1e0d2421 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
@@ -1,14 +1,13 @@
package hirs.utils.tpm.eventlog.events;
import hirs.utils.HexUtils;
+import hirs.utils.tpm.eventlog.spdm.SpdmHa;
import hirs.utils.tpm.eventlog.spdm.SpdmMeasurementBlock;
-import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import hirs.utils.tpm.eventlog.uefi.UefiSignatureList;
import lombok.Getter;
import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.List;
@@ -47,10 +46,6 @@ public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends Device
* List of SPDM Measurement Blocks.
*/
private List spdmMeasurementBlockList;
-// /**
-// * SPDM Measurement Block.
-// */
-// private SpdmMeasurementBlock spdmMeasurementBlock = null;
/**
* DeviceSecurityEventDataHeader Constructor.
@@ -59,8 +54,6 @@ public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends Device
*/
public DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(final byte[] dsedSubHBytes) throws IOException {
-// super();
-
spdmMeasurementBlockList = new ArrayList<>();
byte[] spdmVersionBytes = new byte[2];
@@ -77,7 +70,10 @@ public DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(final byte[] dsedSub
System.arraycopy(dsedSubHBytes, 4, spdmMeasurementHashAlgoBytes, 0, 4);
spdmMeasurementHashAlgo = HexUtils.leReverseInt(spdmMeasurementHashAlgoBytes);
+ // get the size of the SPDM Measurement Block List
int spdmMeasurementBlockListSize = dsedSubHBytes.length - 8;
+
+ // extract the bytes that comprise the SPDM Measurement Block List
byte[] spdmMeasurementBlockListBytes = new byte[spdmMeasurementBlockListSize];
System.arraycopy(dsedSubHBytes, 8, spdmMeasurementBlockListBytes, 0,
spdmMeasurementBlockListSize);
@@ -85,22 +81,32 @@ public DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(final byte[] dsedSub
ByteArrayInputStream spdmMeasurementBlockListData =
new ByteArrayInputStream(spdmMeasurementBlockListBytes);
while (spdmMeasurementBlockListData.available() > 0) {
-
SpdmMeasurementBlock spdmMeasurementBlock;
spdmMeasurementBlock = new SpdmMeasurementBlock(spdmMeasurementBlockListData);
-
spdmMeasurementBlockList.add(spdmMeasurementBlock);
}
}
/**
- * Returns a human readable description of the data within this structure.
+ * Returns a human-readable description of the data within this structure.
*
* @return a description of this structure.
*/
public String toString() {
String dsedSubHeaderInfo = "";
-// dsedSubHeaderInfo += dsedHeader2.toString();
+ dsedSubHeaderInfo += "\n SPDM Version: " + spdmVersion;
+ String spdmHashAlgoStr = SpdmHa.tcgAlgIdToString(spdmMeasurementHashAlgo);
+ dsedSubHeaderInfo += "\n SPDM Hash Algorithm = " + spdmHashAlgoStr;
+
+ // SPDM Measurement Block List output
+ dsedSubHeaderInfo += "\n Number of SPDM Measurement Blocks = " + spdmMeasurementBlockList.size();
+ int spdmMeasBlockCnt = 1;
+ for (SpdmMeasurementBlock spdmMeasBlock : spdmMeasurementBlockList) {
+ dsedSubHeaderInfo += "\n SPDM Measurement Block # " + spdmMeasBlockCnt++ + " of " +
+ spdmMeasurementBlockList.size();
+ dsedSubHeaderInfo += spdmMeasBlock.toString();
+ }
+
return dsedSubHeaderInfo;
}
}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java
index 5fb7b7f75..b9bcebb66 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java
@@ -4,7 +4,6 @@
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import hirs.utils.tpm.eventlog.uefi.UefiDevicePath;
import lombok.Getter;
-import lombok.Setter;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
@@ -57,7 +56,7 @@ public abstract class DeviceSecurityEventHeader {
* Contains the size (in bytes) of the header.
*/
@Getter
- private Integer dSEDheaderByteSize = 0;
+ private Integer dsedHeaderLength = 0;
/**
* Signature (text) data.
@@ -120,8 +119,8 @@ public DeviceSecurityEventHeader(final byte[] dSEDbytes) {
byte[] signatureBytes = new byte[UefiConstants.SIZE_16];
System.arraycopy(dSEDbytes, 0, signatureBytes, 0, UefiConstants.SIZE_16);
- signature = new String(signatureBytes, StandardCharsets.UTF_8)
- .substring(0, UefiConstants.SIZE_15);
+ signature = new String(signatureBytes, StandardCharsets.UTF_8);
+ signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
byte[] versionBytes = new byte[UefiConstants.SIZE_2];
System.arraycopy(dSEDbytes, UefiConstants.OFFSET_16, versionBytes, 0,
@@ -172,7 +171,7 @@ public void extractDevicePathAndFinalSize(final byte[] dsedBytes, int startByte)
}
// header total size
- dSEDheaderByteSize = startByte + devicePathLength;
+ dsedHeaderLength = startByte + devicePathLength;
}
/**
@@ -183,25 +182,20 @@ public void extractDevicePathAndFinalSize(final byte[] dsedBytes, int startByte)
* @return name of the device type
*/
public String deviceTypeToString(final int deviceTypeInt) {
- String deviceTypeStr;
switch (deviceTypeInt) {
case DEVICE_TYPE_NONE:
- deviceTypeStr = "No device type";
- break;
+ return "No device type";
case DEVICE_TYPE_PCI:
- deviceTypeStr = "PCI";
- break;
+ return "PCI";
case DEVICE_TYPE_USB:
- deviceTypeStr = "USB";
- break;
+ return "USB";
default:
- deviceTypeStr = "Unknown or invalid Device Type";
+ return "Unknown or invalid Device Type";
}
- return deviceTypeStr;
}
/**
- * Returns a human readable description of the data common to header structures.
+ * Returns a human-readable description of the data common to header structures.
*
* @return a description of this structure.
*/
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
index a41954991..1a5e71755 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
@@ -216,6 +216,7 @@ public String toString() {
case "KEK":
case "db":
case "dbx":
+ break;
case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY
// (update when test patterns exist)
efiVariable.append(" EV_EFI_SPDM_DEVICE_POLICY and EV_EFI_SPDM_DEVICE_AUTHORITY: " +
From b60bf003f288a8c31550f1afa2796c57b15679bf Mon Sep 17 00:00:00 2001
From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com>
Date: Fri, 28 Jun 2024 15:52:13 -0400
Subject: [PATCH 3/5] fix spotbug issues
---
.../DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java | 1 -
.../utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java | 1 -
2 files changed, 2 deletions(-)
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
index e1e0d2421..ef5924830 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
@@ -3,7 +3,6 @@
import hirs.utils.HexUtils;
import hirs.utils.tpm.eventlog.spdm.SpdmHa;
import hirs.utils.tpm.eventlog.spdm.SpdmMeasurementBlock;
-import hirs.utils.tpm.eventlog.uefi.UefiSignatureList;
import lombok.Getter;
import java.io.ByteArrayInputStream;
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
index 66d1b7ee9..a90e55f27 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
@@ -36,7 +36,6 @@ public class EvEfiSpdmDeviceSecurityEvent {
/**
* DeviceSecurityEvent Object.
*/
- @Getter
private DeviceSecurityEvent dSED = null;
/**
From 9996fef67b251a5013eb35cb7f1bb8a585f2db35 Mon Sep 17 00:00:00 2001
From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com>
Date: Fri, 28 Jun 2024 17:42:38 -0400
Subject: [PATCH 4/5] catching exceptions
---
.../hirs/utils/tpm/eventlog/TpmPcrEvent.java | 9 +-
.../eventlog/events/DeviceSecurityEvent.java | 2 +-
.../events/DeviceSecurityEventData.java | 5 +-
.../events/DeviceSecurityEventData2.java | 5 +-
.../events/DeviceSecurityEventDataHeader.java | 3 +-
.../DeviceSecurityEventDataHeader2.java | 2 +-
...ventDataSubHeaderSpdmMeasurementBlock.java | 2 +-
.../events/DeviceSecurityEventHeader.java | 12 ++-
.../events/EvEfiSpdmDeviceSecurityEvent.java | 14 +--
.../tpm/eventlog/spdm/SpdmMeasurement.java | 13 ++-
.../eventlog/spdm/SpdmMeasurementBlock.java | 86 ++++++++-----------
.../utils/tpm/eventlog/uefi/UefiVariable.java | 2 +-
12 files changed, 75 insertions(+), 80 deletions(-)
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
index bd0b1f68c..5a5758e90 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
@@ -391,14 +391,7 @@ public String getEventContentStr() {
break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
- try {
- sb.append(new EvEfiSpdmDeviceSecurityEvent(eventContent).toString());
- } catch (UnsupportedEncodingException ueEx) {
- log.error(ueEx);
- sb.append(ueEx.toString());
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
+ sb.append(new EvEfiSpdmDeviceSecurityEvent(eventContent).toString());
break;
default:
sb.append("Unknown Event found\n");
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
index 18894e880..49cf95550 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
@@ -69,7 +69,7 @@ public abstract class DeviceSecurityEvent {
private int deviceType = -1;
/**
- * Human readable description of the data within the
+ * Human-readable description of the data within the
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT. DEVICE can be either PCI or USB.
*/
@Getter
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
index 91a4a2ecc..9a8527042 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java
@@ -3,6 +3,7 @@
import lombok.Getter;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
/**
* Class to process DEVICE_SECURITY_EVENT_DATA.
@@ -27,7 +28,7 @@ public class DeviceSecurityEventData extends DeviceSecurityEvent {
*
* @param dsedBytes byte array holding the DeviceSecurityEventData.
*/
- public DeviceSecurityEventData(final byte[] dsedBytes) throws IOException {
+ public DeviceSecurityEventData(final byte[] dsedBytes) {
dsedHeader = new DeviceSecurityEventDataHeader(dsedBytes);
setDeviceType(dsedHeader.getDeviceType());
int dsedHeaderLength = dsedHeader.getDsedHeaderLength();
@@ -41,7 +42,7 @@ public DeviceSecurityEventData(final byte[] dsedBytes) throws IOException {
}
/**
- * Returns a human readable description of the data within this structure.
+ * Returns a human-readable description of the data within this structure.
*
* @return a description of this structure.
*/
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java
index c470a5fb3..68327e306 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java
@@ -3,6 +3,7 @@
import lombok.Getter;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventDataHeader2.SUBHEADERTYPE_CERT_CHAIN;
import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventDataHeader2.SUBHEADERTYPE_MEAS_BLOCK;
@@ -46,7 +47,7 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent {
*
* @param dsedBytes byte array holding the DeviceSecurityEventData2.
*/
- public DeviceSecurityEventData2(final byte[] dsedBytes) throws IOException {
+ public DeviceSecurityEventData2(final byte[] dsedBytes) {
dsedHeader2 = new DeviceSecurityEventDataHeader2(dsedBytes);
setDeviceType(dsedHeader2.getDeviceType());
@@ -81,7 +82,7 @@ else if (subHeaderType == SUBHEADERTYPE_CERT_CHAIN) {
}
/**
- * Returns a human readable description of the data within this structure.
+ * Returns a human-readable description of the data within this structure.
*
* @return a description of this structure.
*/
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
index 0fe0226e4..bc4218e9f 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java
@@ -8,6 +8,7 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
/**
* Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER.
@@ -52,7 +53,7 @@ public class DeviceSecurityEventDataHeader extends DeviceSecurityEventHeader {
*
* @param dsedBytes byte array holding the DeviceSecurityEventData.
*/
- public DeviceSecurityEventDataHeader(final byte[] dsedBytes) throws IOException {
+ public DeviceSecurityEventDataHeader(final byte[] dsedBytes) {
super(dsedBytes);
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
index f113c8554..6a825412f 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
@@ -92,7 +92,7 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader {
public static final int SUBHEADERTYPE_CERT_CHAIN = 1;
- public DeviceSecurityEventDataHeader2(final byte[] dsedBytes) throws UnsupportedEncodingException {
+ public DeviceSecurityEventDataHeader2(final byte[] dsedBytes) {
super(dsedBytes);
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
index ef5924830..215599676 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java
@@ -51,7 +51,7 @@ public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends Device
*
* @param dsedSubHBytes byte array holding the DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.
*/
- public DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(final byte[] dsedSubHBytes) throws IOException {
+ public DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(final byte[] dsedSubHBytes) {
spdmMeasurementBlockList = new ArrayList<>();
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java
index b9bcebb66..210f4f86f 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java
@@ -151,8 +151,7 @@ public void extractDeviceType(final byte[] dsedBytes, int startByte) {
* @param dsedBytes byte array holding the DeviceSecurityEventData/Data2.
* @param startByte starting byte of device path (depends on header fields before it).
*/
- public void extractDevicePathAndFinalSize(final byte[] dsedBytes, int startByte)
- throws UnsupportedEncodingException {
+ public void extractDevicePathAndFinalSize(final byte[] dsedBytes, int startByte) {
// get the device path length
byte[] devicePathLengthBytes = new byte[UefiConstants.SIZE_8];
@@ -166,8 +165,13 @@ public void extractDevicePathAndFinalSize(final byte[] dsedBytes, int startByte)
byte[] devPathBytes = new byte[devicePathLength];
System.arraycopy(dsedBytes, startByte, devPathBytes,
0, devicePathLength);
- devicePath = new UefiDevicePath(devPathBytes);
- devicePathValid = true;
+ try {
+ devicePath = new UefiDevicePath(devPathBytes);
+ devicePathValid = true;
+ }
+ catch (UnsupportedEncodingException e) {
+ devicePathValid = false;
+ }
}
// header total size
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
index a90e55f27..8da93b231 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
@@ -36,7 +36,7 @@ public class EvEfiSpdmDeviceSecurityEvent {
/**
* DeviceSecurityEvent Object.
*/
- private DeviceSecurityEvent dSED = null;
+ private DeviceSecurityEvent dsed = null;
/**
* Signature (text) data.
@@ -54,7 +54,7 @@ public class EvEfiSpdmDeviceSecurityEvent {
* @param eventData byte array holding the event to process.
* @throws java.io.UnsupportedEncodingException if input fails to parse.
*/
- public EvEfiSpdmDeviceSecurityEvent(final byte[] eventData) throws IOException {
+ public EvEfiSpdmDeviceSecurityEvent(final byte[] eventData) {
byte[] signatureBytes = new byte[UefiConstants.SIZE_16];
System.arraycopy(eventData, 0, signatureBytes, 0, UefiConstants.SIZE_16);
@@ -74,8 +74,8 @@ public EvEfiSpdmDeviceSecurityEvent(final byte[] eventData) throws IOException {
spdmInfo = " Signature = SPDM Device Sec2";
if (version.equals("0200")) {
- dSED = new DeviceSecurityEventData2(eventData);
- spdmInfo += dSED.toString();
+ dsed = new DeviceSecurityEventData2(eventData);
+ spdmInfo += dsed.toString();
}
else {
spdmInfo += " Incompatible version for DeviceSecurityEventData2: " + version;
@@ -86,8 +86,8 @@ else if (signature.contains("SPDM Device Sec")) { // implies Device Securit
spdmInfo = " Signature = SPDM Device Sec";
if (version.equals("0100")) {
- dSED = new DeviceSecurityEventData(eventData);
- spdmInfo += dSED.toString();
+ dsed = new DeviceSecurityEventData(eventData);
+ spdmInfo += dsed.toString();
}
else {
spdmInfo += " Incompatible version for DeviceSecurityEventData: " + version;
@@ -101,7 +101,7 @@ else if (signature.contains("SPDM Device Sec")) { // implies Device Securit
/**
* Returns a description of this event.
*
- * @return Human readable description of this event.
+ * @return Human-readable description of this event.
*/
public String toString() {
return spdmInfo;
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurement.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurement.java
index 0773be82d..504983cd7 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurement.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurement.java
@@ -62,9 +62,11 @@ public SpdmMeasurement(final byte[] spdmMeasBytes) {
}
/**
- * Returns a human readable description of the data within this structure.
+ * Lookup for SPDM measurement value type
*
- * @return a description of this structure..
+ * @param measValType the numerical representation of the measurement value type.
+ *
+ * @return a description of the measurement value type.
*/
public String dmtfSpecMeasurementValueTypeToString(final int measValType) {
@@ -92,7 +94,7 @@ public String dmtfSpecMeasurementValueTypeToString(final int measValType) {
measValTypeStr = "Mutable firmware's version number";
break;
case 7:
- measValTypeStr = "Mutable firmware's security verison number";
+ measValTypeStr = "Mutable firmware's security version number";
break;
case 8:
measValTypeStr = "Hash-extended measurement";
@@ -109,6 +111,11 @@ public String dmtfSpecMeasurementValueTypeToString(final int measValType) {
return measValTypeStr;
}
+ /**
+ * Returns a human-readable description of the data within this structure.
+ *
+ * @return a description of this structure.
+ */
public String toString() {
String spdmMeasInfo = "";
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurementBlock.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurementBlock.java
index a193dcf39..a9159bd58 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurementBlock.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurementBlock.java
@@ -4,8 +4,13 @@
import hirs.utils.tpm.eventlog.uefi.UefiConstants;
import lombok.Getter;
+import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
/**
* Class to process the SpdmMeasurementBlock.
@@ -41,75 +46,58 @@ public class SpdmMeasurementBlock {
* SPDM Measurement.
*/
private SpdmMeasurement spdmMeasurement;
+ /**
+ * Error reading SPDM Measurement Block.
+ */
+ private boolean spdmMeasurementBlockReadError = false;
/**
* SpdmMeasurementBlock Constructor.
*
* @param spdmMeasBlocks byte array holding the SPDM Measurement Block bytes.
*/
-// public SpdmMeasurementBlock(final ByteArrayInputStream spdmMeasBlocks) {
- public SpdmMeasurementBlock(final ByteArrayInputStream spdmMeasBlocks) throws IOException {
+ public SpdmMeasurementBlock(final ByteArrayInputStream spdmMeasBlocks) {
- byte[] indexBytes = new byte[1];
- spdmMeasBlocks.read(indexBytes);
- index = HexUtils.leReverseInt(indexBytes);
+ try {
+ byte[] indexBytes = new byte[1];
+ spdmMeasBlocks.read(indexBytes);
+ index = HexUtils.leReverseInt(indexBytes);
- byte[] measurementSpecBytes = new byte[1];
- spdmMeasBlocks.read(measurementSpecBytes);
- measurementSpec = HexUtils.leReverseInt(measurementSpecBytes);
+ byte[] measurementSpecBytes = new byte[1];
+ spdmMeasBlocks.read(measurementSpecBytes);
+ measurementSpec = HexUtils.leReverseInt(measurementSpecBytes);
- // in future, can crosscheck this measurement size with the MeasurementSpec hash alg size
- byte[] measurementSizeBytes = new byte[2];
- spdmMeasBlocks.read(measurementSizeBytes);
- int measurementSize = HexUtils.leReverseInt(measurementSizeBytes);
+ // in future, can crosscheck this measurement size with the MeasurementSpec hash alg size
+ byte[] measurementSizeBytes = new byte[2];
+ spdmMeasBlocks.read(measurementSizeBytes);
+ int measurementSize = HexUtils.leReverseInt(measurementSizeBytes);
- byte[] measurementBytes = new byte[measurementSize];
- spdmMeasBlocks.read(measurementBytes);
- spdmMeasurement = new SpdmMeasurement(measurementBytes);
+ byte[] measurementBytes = new byte[measurementSize];
+ spdmMeasBlocks.read(measurementBytes);
+ spdmMeasurement = new SpdmMeasurement(measurementBytes);
+ } catch (IOException ioEx) {
+ spdmMeasurementBlockReadError = true;
+ }
}
-// /**
-// * SpdmMeasurementBlock Constructor.
-// *
-// * @param spdmMeasBlockBytes byte array holding the SPDM Measurement Block bytes.
-// */
-// public SpdmMeasurementBlock(final byte[] spdmMeasBlockBytes) {
-//
-// byte[] indexBytes = new byte[1];
-// System.arraycopy(spdmMeasBlockBytes, 0, indexBytes, 0,
-// 1);
-// index = HexUtils.leReverseInt(indexBytes);
-//
-// byte[] measurementSpecBytes = new byte[1];
-// System.arraycopy(spdmMeasBlockBytes, 1, measurementSpecBytes, 0,
-// 1);
-// measurementSpec = HexUtils.leReverseInt(measurementSpecBytes);
-//
-// // in future, can crosscheck this measurement size with the MeasurementSpec hash alg size
-// byte[] measurementSizeBytes = new byte[2];
-// System.arraycopy(spdmMeasBlockBytes, 2, measurementSizeBytes, 0,
-// 2);
-// int measurementSize = HexUtils.leReverseInt(measurementSizeBytes);
-//
-// byte[] measurementBytes = new byte[measurementSize];
-// System.arraycopy(spdmMeasBlockBytes, 4, measurementBytes, 0,
-// measurementSize);
-// spdmMeasurement = new SpdmMeasurement(measurementBytes);
-// }
-
/**
- * Returns a human readable description of the data within this structure.
+ * Returns a human-readable description of the data within this structure.
*
* @return a description of this structure..
*/
public String toString() {
+
String spdmMeasBlockInfo = "";
- spdmMeasBlockInfo += "\n Index = " + index;
- spdmMeasBlockInfo += "\n MeasurementSpec = " + measurementSpec;
- spdmMeasBlockInfo += spdmMeasurement.toString();
+ if(spdmMeasurementBlockReadError) {
+ spdmMeasBlockInfo += "\n Error reading SPDM Measurement Block";
+ }
+ else {
+ spdmMeasBlockInfo += "\n Index = " + index;
+ spdmMeasBlockInfo += "\n MeasurementSpec = " + measurementSpec;
+ spdmMeasBlockInfo += spdmMeasurement.toString();
+ }
return spdmMeasBlockInfo;
}
-
}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
index 1a5e71755..2e56828a4 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
@@ -220,7 +220,7 @@ public String toString() {
case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY
// (update when test patterns exist)
efiVariable.append(" EV_EFI_SPDM_DEVICE_POLICY and EV_EFI_SPDM_DEVICE_AUTHORITY: " +
- "To be processed once more test patterns exist\n");
+ "To be processed once more test patterns exist");
break;
case "Boot00":
efiVariable.append(bootv.toString());
From 271dd815c1101080508d049cf618c456d2b49086 Mon Sep 17 00:00:00 2001
From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com>
Date: Fri, 28 Jun 2024 18:01:09 -0400
Subject: [PATCH 5/5] comment change
---
.../tpm/eventlog/events/DeviceSecurityEventDataHeader2.java | 1 -
1 file changed, 1 deletion(-)
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
index 6a825412f..d09d7daaf 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java
@@ -26,7 +26,6 @@
* UNIT8 DevicePath[DevicePathLength]
* } DEVICE_SECURITY_EVENT_DATA_HEADER2;
*
- * Assumption: there is only 1 SpdmMeasurementBlock per event. Need more test patterns to verify.
*/
public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader {