From af934a3b6a0129dd57c862b762aceb6a6678e004 Mon Sep 17 00:00:00 2001
From: "Sai,Anudeep" <sai.anudeep.anapareddy@intel.com>
Date: Wed, 8 May 2024 22:04:55 +0530
Subject: [PATCH] Support to parse and load TPM EK Data from Message 10

Signed-off-by: Sai,Anudeep <sai.anudeep.anapareddy@intel.com>
---
 component-samples/demo/aio/WEB-INF/web.xml    | 13 +++++
 .../demo/manufacturer/WEB-INF/web.xml         | 12 +++++
 .../protocol/StandardMessageDispatcher.java   |  5 ++
 .../fdo/protocol/api/EkVoucher.java           | 34 ++++++++++++++
 .../db/ManufacturingInfoStorageFunction.java  | 47 +++++++++++++++++++
 .../protocol/entity/ManufacturedVoucher.java  | 14 ++++++
 .../protocol/message/ManufacturingInfo.java   | 18 ++++++-
 .../ManufacturingInfoDeserializer.java        |  3 ++
 8 files changed, 144 insertions(+), 2 deletions(-)
 create mode 100644 protocol/src/main/java/org/fidoalliance/fdo/protocol/api/EkVoucher.java
 create mode 100644 protocol/src/main/java/org/fidoalliance/fdo/protocol/db/ManufacturingInfoStorageFunction.java

diff --git a/component-samples/demo/aio/WEB-INF/web.xml b/component-samples/demo/aio/WEB-INF/web.xml
index a775d9a8e..cc1dfebd0 100644
--- a/component-samples/demo/aio/WEB-INF/web.xml
+++ b/component-samples/demo/aio/WEB-INF/web.xml
@@ -216,6 +216,19 @@
         <url-pattern>/api/v1/mfg/vouchers/*</url-pattern>
     </servlet-mapping>
 
+    <servlet>
+        <servlet-name>EkVoucher</servlet-name>
+        <servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
+        <init-param>
+            <param-name>Api-Class</param-name>
+            <param-value>org.fidoalliance.fdo.protocol.api.EkVoucher</param-value>
+        </init-param>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>EkVoucher</servlet-name>
+        <url-pattern>/api/v1/mfg/ekcert/*</url-pattern>
+    </servlet-mapping>
+
     <servlet>
         <servlet-name>CertificateApi</servlet-name>
         <servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
diff --git a/component-samples/demo/manufacturer/WEB-INF/web.xml b/component-samples/demo/manufacturer/WEB-INF/web.xml
index b618e12ad..baaa48b85 100644
--- a/component-samples/demo/manufacturer/WEB-INF/web.xml
+++ b/component-samples/demo/manufacturer/WEB-INF/web.xml
@@ -46,6 +46,18 @@
         <url-pattern>/api/v1/mfg/vouchers/*</url-pattern>
     </servlet-mapping>
 
+    <servlet>
+        <servlet-name>EkVoucher</servlet-name>
+        <servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
+        <init-param>
+            <param-name>Api-Class</param-name>
+            <param-value>org.fidoalliance.fdo.protocol.api.EkVoucher</param-value>
+        </init-param>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>EkVoucher</servlet-name>
+        <url-pattern>/api/v1/mfg/ekcert/*</url-pattern>
+    </servlet-mapping>
   
 
    <servlet>
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java
index a777bfb31..8c583410f 100644
--- a/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java
@@ -22,6 +22,7 @@
 import java.util.Optional;
 import org.apache.commons.codec.binary.Hex;
 import org.fidoalliance.fdo.protocol.db.FdoSysModuleExtra;
+import org.fidoalliance.fdo.protocol.db.ManufacturingInfoStorageFunction;
 import org.fidoalliance.fdo.protocol.db.OnboardConfigSupplier;
 import org.fidoalliance.fdo.protocol.dispatch.CertSignatureFunction;
 import org.fidoalliance.fdo.protocol.dispatch.CredReuseFunction;
@@ -373,6 +374,7 @@ protected void doAppStart(DispatchMessage request, DispatchMessage response) thr
 
     ManufacturingInfo mfgInfo = Mapper.INSTANCE.readValue(appStart.getManufacturingInfo(),
         ManufacturingInfo.class);
+
     SimpleStorage storage = createVoucher(mfgInfo, request.getProtocolVersion());
 
     SessionManager manager = getWorker(SessionManager.class);
@@ -435,6 +437,9 @@ protected void doSetHmac(DispatchMessage request, DispatchMessage response) thro
     VoucherStorageFunction storageFunction = getWorker(VoucherStorageFunction.class);
     storageFunction.apply(info.getSerialNumber(), voucher);
 
+    ManufacturingInfoStorageFunction infoStore = new ManufacturingInfoStorageFunction();
+    infoStore.store(info.getSerialNumber(), info.getEndorsementKey());
+
     //save the voucher
     response.setMessage(Mapper.INSTANCE.writeValue(new DiDone()));
     manager.expireSession(request.getAuthToken().get());
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/api/EkVoucher.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/api/EkVoucher.java
new file mode 100644
index 000000000..ee6911269
--- /dev/null
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/api/EkVoucher.java
@@ -0,0 +1,34 @@
+// Copyright 2022 Intel Corporation
+// SPDX-License-Identifier: Apache 2.0
+
+package org.fidoalliance.fdo.protocol.api;
+
+import java.security.cert.Certificate;
+import java.util.Arrays;
+import java.util.List;
+import org.fidoalliance.fdo.protocol.LoggerService;
+import org.fidoalliance.fdo.protocol.dispatch.ManufacturerKeySupplier;
+import org.fidoalliance.fdo.protocol.entity.ManufacturedVoucher;
+import org.fidoalliance.fdo.protocol.message.OwnershipVoucher;
+
+/**
+ * Get API for Manufacturing voucher.
+ */
+public class EkVoucher extends RestApi {
+  protected static final LoggerService logger = new LoggerService(EkVoucher.class);
+
+
+  @Override
+  public void doGet() throws Exception {
+
+    String path = getLastSegment();
+    logger.info("Manufacturing Voucher SerialNo: " + path);
+
+    ManufacturedVoucher mfgVoucher = getSession().get(ManufacturedVoucher.class, path);
+    if (mfgVoucher == null) {
+      logger.warn("Mfg voucher is null");
+      throw new NotFoundException(path);
+    }
+    getResponse().getOutputStream().write(mfgVoucher.getEkData());
+  }
+}
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/db/ManufacturingInfoStorageFunction.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/db/ManufacturingInfoStorageFunction.java
new file mode 100644
index 000000000..9377c211a
--- /dev/null
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/db/ManufacturingInfoStorageFunction.java
@@ -0,0 +1,47 @@
+// Copyright 2022 Intel Corporation
+// SPDX-License-Identifier: Apache 2.0
+
+package org.fidoalliance.fdo.protocol.db;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.UUID;
+import org.fidoalliance.fdo.protocol.Mapper;
+import org.fidoalliance.fdo.protocol.api.NotFoundException;
+import org.fidoalliance.fdo.protocol.dispatch.VoucherStorageFunction;
+import org.fidoalliance.fdo.protocol.entity.ManufacturedVoucher;
+import org.fidoalliance.fdo.protocol.message.ManufacturingInfo;
+import org.fidoalliance.fdo.protocol.message.OwnershipVoucher;
+import org.fidoalliance.fdo.protocol.message.OwnershipVoucherHeader;
+import org.hibernate.Session;
+import org.hibernate.Transaction;
+
+/**
+ * Stores TPM EK Certificate into database.
+ */
+public class ManufacturingInfoStorageFunction {
+
+  /**
+   * Stores TPM EK Certificate into database.
+   * @param serialNo Device serial number that is used to retrieve TPM EK Data.
+   * @param endorsementKey The actual TPM EK Data received from the client.
+   * @throws IOException Throws exception if required mfgVoucher is null.
+   */
+  public void store(String serialNo, byte[] endorsementKey) throws IOException {
+    Session session = HibernateUtil.getSessionFactory().openSession();
+    try {
+      ManufacturedVoucher mfgVoucher = session.get(ManufacturedVoucher.class, serialNo);
+      if (mfgVoucher == null) {
+        throw new NotFoundException(serialNo);
+      }
+      Transaction trans = session.beginTransaction();
+      mfgVoucher.setEkData(endorsementKey);
+      session.saveOrUpdate(mfgVoucher);
+      trans.commit();
+    } catch (NotFoundException e) {
+      throw new RuntimeException(e);
+    } finally {
+      session.close();
+    }
+  }
+}
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java
index 180c75e65..8bf328c08 100644
--- a/protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java
@@ -29,6 +29,11 @@ public class ManufacturedVoucher {
   @Temporal(TemporalType.TIMESTAMP)
   private Date createdOn;
 
+  @Lob
+  @Column(name = "ekData", length = 65535)
+  private byte[] ekData;
+
+
   public String getSerialNo() {
     return serialNo;
   }
@@ -41,6 +46,15 @@ public Date getCreatedOn() {
     return createdOn;
   }
 
+  public byte[] getEkData() {
+    return ekData;
+  }
+
+  public void setEkData(byte[] ekData) {
+    this.ekData = ekData;
+  }
+
+
   public void setSerialNo(String id) {
     this.serialNo = id;
   }
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java
index 98fe20e8d..3b4399854 100644
--- a/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java
@@ -13,7 +13,7 @@
 
 @JsonPropertyOrder(
     {"keyType", "keyEnc", "serialNumber", "deviceInfo", "certInfo",
-        "onDieDeviceCertChain", "testSignature", "testSigMaroePrefix"}
+            "endorsementKey", "onDieDeviceCertChain", "testSignature", "testSigMaroePrefix"}
 )
 @JsonSerialize(using = ManufacturingInfoSerializer.class)
 @JsonDeserialize(using = ManufacturingInfoDeserializer.class)
@@ -37,6 +37,9 @@ public class ManufacturingInfo {
   @JsonProperty("certInfo")
   private AnyType certInfo;
 
+  @JsonProperty("endorsementKey")
+  private byte[] endorsementKey;
+
   @JsonProperty("onDieDeviceCertChain")
   private byte[] onDieDeviceCertChain;
 
@@ -46,6 +49,7 @@ public class ManufacturingInfo {
   @JsonProperty("testSigMaroePrefix")
   private byte[] testSigMaroePrefix;
 
+
   @JsonIgnore
   public PublicKeyType getKeyType() {
     return keyType;
@@ -86,6 +90,11 @@ public byte[] getTestSigMaroePrefix() {
     return testSigMaroePrefix;
   }
 
+  @JsonIgnore
+  public byte[] getEndorsementKey() {
+    return endorsementKey;
+  }
+
   @JsonIgnore
   public void setKeyType(PublicKeyType keyType) {
     this.keyType = keyType;
@@ -125,4 +134,9 @@ public void setTestSignature(byte[] testSignature) {
   public void setTestSigMaroePrefix(byte[] maroePrefix) {
     this.testSigMaroePrefix = maroePrefix;
   }
-}
+
+  @JsonIgnore
+  public void setEndorsementKey(byte[] endorsementKey) {
+    this.endorsementKey = endorsementKey;
+  }
+}
\ No newline at end of file
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/serialization/ManufacturingInfoDeserializer.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/serialization/ManufacturingInfoDeserializer.java
index 8293c5e8c..ffee15423 100644
--- a/protocol/src/main/java/org/fidoalliance/fdo/protocol/serialization/ManufacturingInfoDeserializer.java
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/serialization/ManufacturingInfoDeserializer.java
@@ -85,6 +85,9 @@ public ManufacturingInfo deserialize(JsonParser jp, DeserializationContext ctxt)
         info.setCertInfo(AnyType.fromObject(subNode));
       }
     }
+    if (index < node.size()) {
+      info.setEndorsementKey(node.get(index++).binaryValue());
+    }
     if (index < node.size()) {
       info.setOnDieDeviceCertChain(node.get(index++).binaryValue());
     }