Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support to parse and load TPM EK Certificate data from Message 10 #689

Closed
wants to merge 1 commit into from
Closed

Support to parse and load TPM EK Certificate data from Message 10 #689

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions component-samples/demo/aio/WEB-INF/web.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,19 @@
<url-pattern>/api/v1/mfg/vouchers/*</url-pattern>
</servlet-mapping>

<servlet>
<servlet-name>EkVoucher</servlet-name>
<servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
<init-param>
<param-name>Api-Class</param-name>
<param-value>org.fidoalliance.fdo.protocol.api.EkVoucher</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>EkVoucher</servlet-name>
<url-pattern>/api/v1/mfg/ekcert/*</url-pattern>
</servlet-mapping>

<servlet>
<servlet-name>CertificateApi</servlet-name>
<servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
Expand Down
12 changes: 12 additions & 0 deletions component-samples/demo/manufacturer/WEB-INF/web.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,18 @@
<url-pattern>/api/v1/mfg/vouchers/*</url-pattern>
</servlet-mapping>

<servlet>
<servlet-name>EkVoucher</servlet-name>
<servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
<init-param>
<param-name>Api-Class</param-name>
<param-value>org.fidoalliance.fdo.protocol.api.EkVoucher</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>EkVoucher</servlet-name>
<url-pattern>/api/v1/mfg/ekcert/*</url-pattern>
</servlet-mapping>


<servlet>
Expand Down
5 changes: 5 additions & 0 deletions protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import java.util.Optional;
import org.apache.commons.codec.binary.Hex;
import org.fidoalliance.fdo.protocol.db.FdoSysModuleExtra;
import org.fidoalliance.fdo.protocol.db.ManufacturingInfoStorageFunction;
import org.fidoalliance.fdo.protocol.db.OnboardConfigSupplier;
import org.fidoalliance.fdo.protocol.dispatch.CertSignatureFunction;
import org.fidoalliance.fdo.protocol.dispatch.CredReuseFunction;
Expand Down Expand Up @@ -373,6 +374,7 @@ protected void doAppStart(DispatchMessage request, DispatchMessage response) thr

ManufacturingInfo mfgInfo = Mapper.INSTANCE.readValue(appStart.getManufacturingInfo(),
ManufacturingInfo.class);

SimpleStorage storage = createVoucher(mfgInfo, request.getProtocolVersion());

SessionManager manager = getWorker(SessionManager.class);
Expand Down Expand Up @@ -435,6 +437,9 @@ protected void doSetHmac(DispatchMessage request, DispatchMessage response) thro
VoucherStorageFunction storageFunction = getWorker(VoucherStorageFunction.class);
storageFunction.apply(info.getSerialNumber(), voucher);

ManufacturingInfoStorageFunction infoStore = new ManufacturingInfoStorageFunction();
infoStore.store(info.getSerialNumber(), info.getEndorsementKey());

//save the voucher
response.setMessage(Mapper.INSTANCE.writeValue(new DiDone()));
manager.expireSession(request.getAuthToken().get());
Expand Down
34 changes: 34 additions & 0 deletions protocol/src/main/java/org/fidoalliance/fdo/protocol/api/EkVoucher.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
// Copyright 2022 Intel Corporation
// SPDX-License-Identifier: Apache 2.0

package org.fidoalliance.fdo.protocol.api;

import java.security.cert.Certificate;
import java.util.Arrays;
import java.util.List;
import org.fidoalliance.fdo.protocol.LoggerService;
import org.fidoalliance.fdo.protocol.dispatch.ManufacturerKeySupplier;
import org.fidoalliance.fdo.protocol.entity.ManufacturedVoucher;
import org.fidoalliance.fdo.protocol.message.OwnershipVoucher;

/**
* Get API for Manufacturing voucher.
*/
public class EkVoucher extends RestApi {
protected static final LoggerService logger = new LoggerService(EkVoucher.class);


@Override
public void doGet() throws Exception {

String path = getLastSegment();
logger.info("Manufacturing Voucher SerialNo: " + path);

ManufacturedVoucher mfgVoucher = getSession().get(ManufacturedVoucher.class, path);
if (mfgVoucher == null) {
logger.warn("Mfg voucher is null");
throw new NotFoundException(path);
}
getResponse().getOutputStream().write(mfgVoucher.getEkData());
}
}
47 changes: 47 additions & 0 deletions ...ocol/src/main/java/org/fidoalliance/fdo/protocol/db/ManufacturingInfoStorageFunction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
// Copyright 2022 Intel Corporation
// SPDX-License-Identifier: Apache 2.0

package org.fidoalliance.fdo.protocol.db;

import java.io.IOException;
import java.util.Date;
import java.util.UUID;
import org.fidoalliance.fdo.protocol.Mapper;
import org.fidoalliance.fdo.protocol.api.NotFoundException;
import org.fidoalliance.fdo.protocol.dispatch.VoucherStorageFunction;
import org.fidoalliance.fdo.protocol.entity.ManufacturedVoucher;
import org.fidoalliance.fdo.protocol.message.ManufacturingInfo;
import org.fidoalliance.fdo.protocol.message.OwnershipVoucher;
import org.fidoalliance.fdo.protocol.message.OwnershipVoucherHeader;
import org.hibernate.Session;
import org.hibernate.Transaction;

/**
* Stores TPM EK Certificate into database.
*/
public class ManufacturingInfoStorageFunction {

/**
* Stores TPM EK Certificate into database.
* @param serialNo Device serial number that is used to retrieve TPM EK Data.
* @param endorsementKey The actual TPM EK Data received from the client.
* @throws IOException Throws exception if required mfgVoucher is null.
*/
public void store(String serialNo, byte[] endorsementKey) throws IOException {
Session session = HibernateUtil.getSessionFactory().openSession();
try {
ManufacturedVoucher mfgVoucher = session.get(ManufacturedVoucher.class, serialNo);
if (mfgVoucher == null) {
throw new NotFoundException(serialNo);
}
Transaction trans = session.beginTransaction();
mfgVoucher.setEkData(endorsementKey);
session.saveOrUpdate(mfgVoucher);
trans.commit();
} catch (NotFoundException e) {
throw new RuntimeException(e);
} finally {
session.close();
}
}
}
14 changes: 14 additions & 0 deletions protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,11 @@ public class ManufacturedVoucher {
@Temporal(TemporalType.TIMESTAMP)
private Date createdOn;

@Lob
@Column(name = "ekData", length = 65535)
private byte[] ekData;


public String getSerialNo() {
return serialNo;
}
Expand All @@ -41,6 +46,15 @@ public Date getCreatedOn() {
return createdOn;
}

public byte[] getEkData() {
return ekData;
}

public void setEkData(byte[] ekData) {
this.ekData = ekData;
}


public void setSerialNo(String id) {
this.serialNo = id;
}
Expand Down
18 changes: 16 additions & 2 deletions protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

@JsonPropertyOrder(
{"keyType", "keyEnc", "serialNumber", "deviceInfo", "certInfo",
"onDieDeviceCertChain", "testSignature", "testSigMaroePrefix"}
"endorsementKey", "onDieDeviceCertChain", "testSignature", "testSigMaroePrefix"}
)
@JsonSerialize(using = ManufacturingInfoSerializer.class)
@JsonDeserialize(using = ManufacturingInfoDeserializer.class)
Expand All @@ -37,6 +37,9 @@ public class ManufacturingInfo {
@JsonProperty("certInfo")
private AnyType certInfo;

@JsonProperty("endorsementKey")
private byte[] endorsementKey;

@JsonProperty("onDieDeviceCertChain")
private byte[] onDieDeviceCertChain;

Expand All @@ -46,6 +49,7 @@ public class ManufacturingInfo {
@JsonProperty("testSigMaroePrefix")
private byte[] testSigMaroePrefix;


@JsonIgnore
public PublicKeyType getKeyType() {
return keyType;
Expand Down Expand Up @@ -86,6 +90,11 @@ public byte[] getTestSigMaroePrefix() {
return testSigMaroePrefix;
}

@JsonIgnore
public byte[] getEndorsementKey() {
return endorsementKey;
}

@JsonIgnore
public void setKeyType(PublicKeyType keyType) {
this.keyType = keyType;
Expand Down Expand Up @@ -125,4 +134,9 @@ public void setTestSignature(byte[] testSignature) {
public void setTestSigMaroePrefix(byte[] maroePrefix) {
this.testSigMaroePrefix = maroePrefix;
}
}

@JsonIgnore
public void setEndorsementKey(byte[] endorsementKey) {
this.endorsementKey = endorsementKey;
}
}
3 changes: 3 additions & 0 deletions .../main/java/org/fidoalliance/fdo/protocol/serialization/ManufacturingInfoDeserializer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,9 @@ public ManufacturingInfo deserialize(JsonParser jp, DeserializationContext ctxt)
info.setCertInfo(AnyType.fromObject(subNode));
}
}
if (index < node.size()) {
info.setEndorsementKey(node.get(index++).binaryValue());
}
if (index < node.size()) {
info.setOnDieDeviceCertChain(node.get(index++).binaryValue());
}
Expand Down
Loading