diff --git a/.github/workflows/dotnet-build-hardwaremanifest.yml b/.github/workflows/dotnet-build-hardwaremanifest.yml
new file mode 100644
index 0000000..4724fb9
--- /dev/null
+++ b/.github/workflows/dotnet-build-hardwaremanifest.yml
@@ -0,0 +1,25 @@
+name: .NET
+
+on:
+ push:
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - name: Setup .NET
+ uses: actions/setup-dotnet@v4
+ with:
+ dotnet-version: 6.0.x
+ - name: Go to HardwareManifest directory
+ run: cd dotnet/HardwareManifest
+ - name: Restore dependencies
+ run: dotnet restore
+ - name: Build
+ run: dotnet build
+ - name: Test
+ run: dotnet test
+ - name: Pack
+ run: dotnet pack
\ No newline at end of file
diff --git a/.github/workflows/dotnet-build-paccor_scripts.yml b/.github/workflows/dotnet-build-paccor_scripts.yml
new file mode 100644
index 0000000..0cb857c
--- /dev/null
+++ b/.github/workflows/dotnet-build-paccor_scripts.yml
@@ -0,0 +1,29 @@
+name: .NET
+
+on:
+ push:
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - name: Setup .NET
+ uses: actions/setup-dotnet@v4
+ with:
+ dotnet-version: 6.0.x
+ - name: Go to paccor_scripts directory
+ run: cd dotnet/paccor_scripts
+ - name: Restore dependencies
+ run: dotnet restore
+ - name: Build
+ run: dotnet build
+ - name: Test
+ run: dotnet test
+ - name: Pack
+ run: dotnet pack
+ - name: Publish
+ run: |
+ dotnet -r linux-x64 -c Release
+ dotnet -r win-x64 -c Release
\ No newline at end of file
diff --git a/dotnet/HardwareManifestPlugin/.editorconfig b/dotnet/HardwareManifestPlugin/.editorconfig
index 13fe492..8bf5e6c 100644
--- a/dotnet/HardwareManifestPlugin/.editorconfig
+++ b/dotnet/HardwareManifestPlugin/.editorconfig
@@ -12,7 +12,7 @@ indent_style = space
tab_width = 4
# New line preferences
-end_of_line = crlf
+end_of_line = lf
insert_final_newline = false
#### .NET Coding Conventions ####
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin.sln b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin.sln
index 0319cbf..677cae0 100644
--- a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin.sln
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin.sln
@@ -5,7 +5,12 @@ VisualStudioVersion = 17.1.32421.90
MinimumVisualStudioVersion = 10.0.40219.1
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "HardwareManifestPlugin", "HardwareManifestPlugin\HardwareManifestPlugin.csproj", "{53C81C44-E5AC-4A0E-B345-C1B7B29F4B6D}"
EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HardwareManifestPluginManager", "HardwareManifestPluginManager\HardwareManifestPluginManager.csproj", "{502E153C-EE54-4472-8241-41F43687FA96}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "HardwareManifestPluginManager", "HardwareManifestPluginManager\HardwareManifestPluginManager.csproj", "{502E153C-EE54-4472-8241-41F43687FA96}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HardwareManifestPluginTests", "HardwareManifestPluginTests\HardwareManifestPluginTests.csproj", "{B7427D0D-A770-4EB0-BDD8-47E412C95740}"
+ ProjectSection(ProjectDependencies) = postProject
+ {53C81C44-E5AC-4A0E-B345-C1B7B29F4B6D} = {53C81C44-E5AC-4A0E-B345-C1B7B29F4B6D}
+ EndProjectSection
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -21,6 +26,10 @@ Global
{502E153C-EE54-4472-8241-41F43687FA96}.Debug|Any CPU.Build.0 = Debug|Any CPU
{502E153C-EE54-4472-8241-41F43687FA96}.Release|Any CPU.ActiveCfg = Release|Any CPU
{502E153C-EE54-4472-8241-41F43687FA96}.Release|Any CPU.Build.0 = Release|Any CPU
+ {B7427D0D-A770-4EB0-BDD8-47E412C95740}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {B7427D0D-A770-4EB0-BDD8-47E412C95740}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {B7427D0D-A770-4EB0-BDD8-47E412C95740}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {B7427D0D-A770-4EB0-BDD8-47E412C95740}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/HardwareManifestPlugin.csproj b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/HardwareManifestPlugin.csproj
index ad14bdc..29847e0 100644
--- a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/HardwareManifestPlugin.csproj
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/HardwareManifestPlugin.csproj
@@ -6,7 +6,7 @@
enable
NSA Cybersecurity Directorate
paccor.HardwareManifestPlugin
- 1.0.0
+ 2.0.1
paccor;platform;certificate;hardware;manifest;interface
README.md
Apache-2.0
@@ -17,14 +17,16 @@
true
snupkg
-
-
-
-
+
+
+ all
+
-
+
+
+
@@ -33,4 +35,28 @@
+
+
+
+ $(ProjectDir)Resources
+ $(ProjectDir)generated
+
+
+ $(protoc_linux64)
+ $(protoc_linux86)
+ $(protoc_macosx64)
+ $(protoc_macosx86)
+ $(protoc_windows64)
+ $(protoc_windows86)
+
+
+
+
+
+
+
+
+
+
+
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/Resources/HardwareManifest.proto b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/Resources/HardwareManifest.proto
new file mode 100644
index 0000000..e22e7fa
--- /dev/null
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/Resources/HardwareManifest.proto
@@ -0,0 +1,83 @@
+syntax = "proto3";
+
+import "PlatformCertificateIM.proto";
+
+package HardwareManifestProto;
+
+message ManifestV3 {
+ PlatformCertificateProto.PlatformIdentifierOtherName platformIdentifier = 1;
+ PlatformCertificateProto.PlatformConfiguration platformConfiguration = 2;
+}
+
+message ManifestV2 {
+ SanPlatformFields PLATFORM = 1; // Subject Alt Name Platform Fields
+ repeated ComponentIdentifier COMPONENTS = 2;
+ repeated Property PROPERTIES = 3;
+ UriReference COMPONENTSURI = 4;
+ UriReference PROPERTIESURI = 5;
+}
+
+message SanPlatformFields {
+ string PLATFORMMANUFACTURERSTR = 1;
+ string PLATFORMMODEL = 2;
+ string PLATFORMVERSION = 3;
+ string PLATFORMSERIAL = 4;
+ string PLATFORMMANUFACTURERID = 5;
+}
+
+message ComponentIdentifier {
+ ComponentClass COMPONENTCLASS = 1;
+ string MANUFACTURER = 2;
+ string MODEL = 3;
+ string SERIAL = 4;
+ string REVISION = 5;
+ string MANUFACTURERID = 6;
+ string FIELDREPLACEABLE = 7; // true or false
+ repeated Address ADDRESSES = 8;
+ string STATUS = 9; // ADDED, MODIFIED, or REMOVED
+ CertificateIdentifier PLATFORMCERT = 10;
+ UriReference COMPONENTPLATFORMCERTURI = 11;
+ CertificateIdentifier CERTIFICATEIDENTIFIER = 12;
+}
+
+message Property {
+ string PROPERTYNAME = 1;
+ string PROPERTYVALUE = 2;
+ string STATUS = 3;
+}
+
+message ComponentClass {
+ string COMPONENTCLASSREGISTRY = 1; // OID
+ string COMPONENTCLASSVALUE = 2; // Hex String
+}
+
+message Address {
+ oneof ADDRESSES_oneof {
+ string BLUETOOTHMAC = 1;
+ string ETHERNETMAC = 2;
+ string WLANMAC = 3;
+ }
+}
+
+message HashedCertificateIdentifier {
+ string HASHALG = 1; // OID
+ string HASHVALUE = 2; // base64 encode the binary value
+}
+
+message GenericCertificateIdentifier {
+ string ISSUER = 1;
+ string SERIAL = 2;
+}
+
+message CertificateIdentifier {
+ HashedCertificateIdentifier ATTRIBUTECERTIDENTIFIER = 1;
+ GenericCertificateIdentifier GENERICCERTIDENTIFIER = 2;
+ HashedCertificateIdentifier HASHEDCERTIDENTIFIER = 3;
+}
+
+message UriReference {
+ string UNIFORMRESOURCEIDENTIFIER = 1;
+ string HASHALG = 2; // OID
+ string HASHVALUE = 3; // base64 encode the binary value
+}
+
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/Convert.cs b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/Convert.cs
new file mode 100644
index 0000000..ec004e7
--- /dev/null
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/Convert.cs
@@ -0,0 +1,390 @@
+using Google.Protobuf;
+using HardwareManifestProto;
+using OidsProto;
+using PlatformCertificateProto;
+
+namespace HardwareManifestPlugin {
+ public class Convert {
+ public static ManifestV3 FromManifestV2(ManifestV2 v2, string traitDescription, string traitDescriptionUri) {
+ // Wrap V2 Manifest with Trait details and return a V3 Manifest
+ ManifestV3 v3 = new();
+
+ // Convert Platform Fields
+ if (v2.PLATFORM != null) {
+ v3.PlatformIdentifier = new PlatformIdentifierOtherName {
+ TypeId = OidsUtils.Find(TCG_COMMON_NODE.TcgAtPlatformidentifier),
+ Value = new PlatformIdentifier()
+ };
+ if (!string.IsNullOrEmpty(v2.PLATFORM.PLATFORMMANUFACTURERSTR)) {
+ v3.PlatformIdentifier.Value.PlatformManufacturer = new Manufacturer {
+ Utf8 = new UTF8StringTrait {
+ TraitId = OidsUtils.Find(TCG_TR_ID_NODE.TcgTrIdUtf8String),
+ TraitCategory = OidsUtils.Find(TCG_TR_CAT_NODE.TcgTrCatPlatformmanufacturer),
+ TraitRegistry = OidsUtils.Find(TCG_TR_REG_NODE.TcgTrRegNone),
+ Description = new UTF8String {
+ String = traitDescription
+ },
+ DescriptionURI = new IA5String {
+ String = traitDescriptionUri
+ },
+ TraitValue = new UTF8String {
+ String = v2.PLATFORM.PLATFORMMANUFACTURERSTR
+ }
+ }
+ };
+ }
+
+ if (!string.IsNullOrEmpty(v2.PLATFORM.PLATFORMMANUFACTURERID)) {
+ v3.PlatformIdentifier.Value.PlatformManufacturerIdentifier = new PENTrait {
+ TraitId = OidsUtils.Find(TCG_TR_ID_NODE.TcgTrIdPen),
+ TraitCategory = OidsUtils.Find(TCG_TR_CAT_NODE.TcgTrCatPlatformmanufactureridentifier),
+ TraitRegistry = OidsUtils.Find(TCG_TR_REG_NODE.TcgTrRegNone),
+ Description = new UTF8String {
+ String = traitDescription
+ },
+ DescriptionURI = new IA5String {
+ String = traitDescriptionUri
+ },
+ TraitValue = new ObjectIdentifier {
+ Oid = v2.PLATFORM.PLATFORMMANUFACTURERID
+ }
+ };
+ }
+
+ if (!string.IsNullOrEmpty(v2.PLATFORM.PLATFORMMODEL)) {
+ v3.PlatformIdentifier.Value.PlatformModel = new Model {
+ Utf8 = new UTF8StringTrait {
+ TraitId = OidsUtils.Find(TCG_TR_ID_NODE.TcgTrIdUtf8String),
+ TraitCategory = OidsUtils.Find(TCG_TR_CAT_NODE.TcgTrCatPlatformmodel),
+ TraitRegistry = OidsUtils.Find(TCG_TR_REG_NODE.TcgTrRegNone),
+ Description = new UTF8String {
+ String = traitDescription
+ },
+ DescriptionURI = new IA5String {
+ String = traitDescriptionUri
+ },
+ TraitValue = new UTF8String {
+ String = v2.PLATFORM.PLATFORMMODEL
+ }
+ }
+ };
+ }
+
+ if (!string.IsNullOrEmpty(v2.PLATFORM.PLATFORMSERIAL)) {
+ v3.PlatformIdentifier.Value.PlatformSerial = new Serial {
+ Utf8 = new UTF8StringTrait {
+ TraitId = OidsUtils.Find(TCG_TR_ID_NODE.TcgTrIdUtf8String),
+ TraitCategory = OidsUtils.Find(TCG_TR_CAT_NODE.TcgTrCatPlatformserial),
+ TraitRegistry = OidsUtils.Find(TCG_TR_REG_NODE.TcgTrRegNone),
+ Description = new UTF8String {
+ String = traitDescription
+ },
+ DescriptionURI = new IA5String {
+ String = traitDescriptionUri
+ },
+ TraitValue = new UTF8String {
+ String = v2.PLATFORM.PLATFORMSERIAL
+ }
+ }
+ };
+ }
+
+ if (!string.IsNullOrEmpty(v2.PLATFORM.PLATFORMVERSION)) {
+ v3.PlatformIdentifier.Value.PlatformVersion = new Revision {
+ Utf8 = new UTF8StringTrait {
+ TraitId = OidsUtils.Find(TCG_TR_ID_NODE.TcgTrIdUtf8String),
+ TraitCategory = OidsUtils.Find(TCG_TR_CAT_NODE.TcgTrCatPlatformversion),
+ TraitRegistry = OidsUtils.Find(TCG_TR_REG_NODE.TcgTrRegNone),
+ Description = new UTF8String {
+ String = traitDescription
+ },
+ DescriptionURI = new IA5String {
+ String = traitDescriptionUri
+ },
+ TraitValue = new UTF8String {
+ String = v2.PLATFORM.PLATFORMVERSION
+ }
+ }
+ };
+ }
+ }
+
+ // Convert Components
+ v3.PlatformConfiguration = new PlatformConfiguration();
+ foreach (HardwareManifestProto.ComponentIdentifier component in v2.COMPONENTS) {
+ ComponentIdentifierTrait trait = new() {
+ ComponentIdentifierV11 = new ComponentIdentifierV11Trait {
+ TraitId = OidsUtils.Find(TCG_TR_ID_NODE.TcgTrIdComponentidentifierv11),
+ TraitCategory = OidsUtils.Find(TCG_TR_CAT_NODE.TcgTrCatComponentidentifierv11),
+ TraitRegistry = OidsUtils.Find(TCG_TR_REG_NODE.TcgTrRegNone),
+ Description = new UTF8String {
+ String = traitDescription
+ },
+ DescriptionURI = new IA5String {
+ String = traitDescriptionUri
+ },
+ TraitValue = new ComponentIdentifierV11()
+ }
+ };
+
+ // Copy component class
+ if (!string.IsNullOrEmpty(component.COMPONENTCLASS.COMPONENTCLASSVALUE)) {
+ byte[] componentClassValue = System.Convert.FromHexString(component.COMPONENTCLASS.COMPONENTCLASSVALUE);
+ trait.ComponentIdentifierV11.TraitValue.ComponentClass = new PlatformCertificateProto.ComponentClass {
+ ComponentClassRegistry = new ObjectIdentifier {
+ Oid = component.COMPONENTCLASS.COMPONENTCLASSREGISTRY
+ },
+ ComponentClassValue = new OctetString {
+ Base64 = ByteString.CopyFrom(componentClassValue)
+ }
+ };
+ }
+
+ // Copy main strings
+ if (!string.IsNullOrEmpty(component.MANUFACTURER)) {
+ trait.ComponentIdentifierV11.TraitValue.ComponentManufacturer = new UTF8String {
+ String = component.MANUFACTURER
+ };
+ }
+
+ if (!string.IsNullOrEmpty(component.MODEL)) {
+ trait.ComponentIdentifierV11.TraitValue.ComponentModel = new UTF8String {
+ String = component.MODEL
+ };
+ }
+
+ if (!string.IsNullOrEmpty(component.SERIAL)) {
+ trait.ComponentIdentifierV11.TraitValue.ComponentSerial = new UTF8String {
+ String = component.SERIAL
+ };
+ }
+
+ if (!string.IsNullOrEmpty(component.REVISION)) {
+ trait.ComponentIdentifierV11.TraitValue.ComponentRevision = new UTF8String {
+ String = component.REVISION
+ };
+ }
+
+ if (!string.IsNullOrEmpty(component.MANUFACTURERID)) {
+ trait.ComponentIdentifierV11.TraitValue.ComponentManufacturerId = new ObjectIdentifier {
+ Oid = component.MANUFACTURERID
+ };
+ }
+
+ if (!string.IsNullOrEmpty(component.FIELDREPLACEABLE)) {
+ trait.ComponentIdentifierV11.TraitValue.FieldReplaceable = new Boolean {
+ Bool = bool.Parse(component.FIELDREPLACEABLE)
+ };
+ }
+
+ // Copy component addresses
+ foreach (Address address in component.ADDRESSES) {
+ ComponentAddress newAddress = new();
+ switch (address.ADDRESSESOneofCase) {
+ case Address.ADDRESSESOneofOneofCase.BLUETOOTHMAC:
+ newAddress.AddressType = OidsUtils.Find(TCG_ADDRESS_NODE.TcgAddressBluetoothmac);
+ newAddress.AddressValue = new UTF8String {
+ String = address.BLUETOOTHMAC
+ };
+ break;
+ case Address.ADDRESSESOneofOneofCase.ETHERNETMAC:
+ newAddress.AddressType = OidsUtils.Find(TCG_ADDRESS_NODE.TcgAddressEthernetmac);
+ newAddress.AddressValue = new UTF8String {
+ String = address.ETHERNETMAC
+ };
+ break;
+ case Address.ADDRESSESOneofOneofCase.WLANMAC:
+ newAddress.AddressType = OidsUtils.Find(TCG_ADDRESS_NODE.TcgAddressWlanmac);
+ newAddress.AddressValue = new UTF8String {
+ String = address.WLANMAC
+ };
+ break;
+ case Address.ADDRESSESOneofOneofCase.None:
+ default:
+ // Don't propagate unknown network address types
+ continue;
+ }
+ trait.ComponentIdentifierV11.TraitValue.ComponentAddresses.Add(newAddress);
+ }
+
+ // Copy component hashed or attribute cert identifier, saving only the last entry
+ // Handle case where the ATTRIBUTECERTIDENTIFIER key is used within the PLATFORMCERT key
+ if (component.PLATFORMCERT != null) {
+ if (component.PLATFORMCERT.ATTRIBUTECERTIDENTIFIER != null) {
+ byte[] hvBytes = System.Text.Encoding.UTF8.GetBytes(component.PLATFORMCERT.ATTRIBUTECERTIDENTIFIER.HASHVALUE);
+ if (hvBytes.Length > 0) {
+ string hvBase64 = System.Convert.ToBase64String(hvBytes);
+
+ trait.ComponentIdentifierV11.TraitValue.ComponentPlatformCert = new PlatformCertificateProto.CertificateIdentifier {
+ HashedCertIdentifier = new PlatformCertificateProto.HashedCertificateIdentifier {
+ HashAlgorithm = new AlgorithmIdentifier {
+ Algorithm = new ObjectIdentifier {
+ Oid = component.PLATFORMCERT.ATTRIBUTECERTIDENTIFIER.HASHALG
+ }
+ },
+ HashOverSignatureValue = new OctetString {
+ Base64 = ByteString.FromBase64(hvBase64)
+ }
+ }
+ };
+ }
+ }
+
+ // Handle case where the HASHEDCERTIDENTIFIER key is used within the PLATFORMCERT key
+ if (component.PLATFORMCERT.HASHEDCERTIDENTIFIER != null) {
+ byte[] hvBytes = System.Text.Encoding.UTF8.GetBytes(component.PLATFORMCERT.HASHEDCERTIDENTIFIER.HASHVALUE);
+ if (hvBytes.Length > 0) {
+ string hvBase64 = System.Convert.ToBase64String(hvBytes);
+
+ trait.ComponentIdentifierV11.TraitValue.ComponentPlatformCert = new PlatformCertificateProto.CertificateIdentifier {
+ HashedCertIdentifier = new PlatformCertificateProto.HashedCertificateIdentifier {
+ HashAlgorithm = new AlgorithmIdentifier {
+ Algorithm = new ObjectIdentifier {
+ Oid = component.PLATFORMCERT.HASHEDCERTIDENTIFIER.HASHALG
+ }
+ },
+ HashOverSignatureValue = new OctetString {
+ Base64 = ByteString.FromBase64(hvBase64)
+ }
+ }
+ };
+ }
+ }
+ }
+
+ // Handle case where the ATTRIBUTECERTIDENTIFIER key is used within the CERTIFICATEIDENTIFIER key
+ if (component.CERTIFICATEIDENTIFIER != null) {
+ if (component.CERTIFICATEIDENTIFIER.ATTRIBUTECERTIDENTIFIER != null) {
+ byte[] hvBytes = System.Text.Encoding.UTF8.GetBytes(component.CERTIFICATEIDENTIFIER.ATTRIBUTECERTIDENTIFIER.HASHVALUE);
+ if (hvBytes.Length > 0) {
+ string hvBase64 = System.Convert.ToBase64String(hvBytes);
+
+ trait.ComponentIdentifierV11.TraitValue.ComponentPlatformCert = new PlatformCertificateProto.CertificateIdentifier {
+ HashedCertIdentifier = new PlatformCertificateProto.HashedCertificateIdentifier {
+ HashAlgorithm = new AlgorithmIdentifier {
+ Algorithm = new ObjectIdentifier {
+ Oid = component.CERTIFICATEIDENTIFIER.ATTRIBUTECERTIDENTIFIER.HASHALG
+ }
+ },
+ HashOverSignatureValue = new OctetString {
+ Base64 = ByteString.FromBase64(hvBase64)
+ }
+ }
+ };
+ }
+ }
+
+ // Handle case where the HASHEDCERTIDENTIFIER key is used within the CERTIFICATEIDENTIFIER key
+ if (component.CERTIFICATEIDENTIFIER.HASHEDCERTIDENTIFIER != null) {
+ byte[] hvBytes = System.Text.Encoding.UTF8.GetBytes(component.CERTIFICATEIDENTIFIER.HASHEDCERTIDENTIFIER.HASHVALUE);
+ if (hvBytes.Length > 0) {
+ string hvBase64 = System.Convert.ToBase64String(hvBytes);
+
+ trait.ComponentIdentifierV11.TraitValue.ComponentPlatformCert = new PlatformCertificateProto.CertificateIdentifier {
+ HashedCertIdentifier = new PlatformCertificateProto.HashedCertificateIdentifier {
+ HashAlgorithm = new AlgorithmIdentifier {
+ Algorithm = new ObjectIdentifier {
+ Oid = component.CERTIFICATEIDENTIFIER.HASHEDCERTIDENTIFIER.HASHALG
+ }
+ },
+ HashOverSignatureValue = new OctetString {
+ Base64 = ByteString.FromBase64(hvBase64)
+ }
+ }
+ };
+ }
+ }
+ }
+
+ // Copy component attribute status
+ if (component.STATUS != null) {
+ switch (component.STATUS) {
+ case "ADDED":
+ case "added":
+ trait.ComponentIdentifierV11.TraitValue.Status = AttributeStatus.Added;
+ break;
+ case "MODIFIED":
+ case "modified":
+ trait.ComponentIdentifierV11.TraitValue.Status = AttributeStatus.Modified;
+ break;
+ case "REMOVED":
+ case "removed":
+ trait.ComponentIdentifierV11.TraitValue.Status = AttributeStatus.Removed;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // Copy component generic cert identifier
+ if (component.CERTIFICATEIDENTIFIER != null) {
+ if (component.CERTIFICATEIDENTIFIER.GENERICCERTIDENTIFIER != null) {
+ trait.ComponentIdentifierV11.TraitValue.ComponentPlatformCert.GenericCertIdentifier = new IssuerSerial {
+ Issuer = new IssuerSerialDN {
+ RdnShorthand = component.CERTIFICATEIDENTIFIER.GENERICCERTIDENTIFIER.ISSUER
+ },
+ Serial = new CertificateSerialNumber {
+ SerialNumber = new Integer {
+ Int = long.Parse(component.CERTIFICATEIDENTIFIER.GENERICCERTIDENTIFIER.SERIAL)
+ }
+ }
+ };
+ }
+ }
+
+ // Copy component platform cert uri
+ if (component.COMPONENTPLATFORMCERTURI != null) {
+ byte[] hvBytes = System.Text.Encoding.UTF8.GetBytes(component.COMPONENTPLATFORMCERTURI.HASHVALUE);
+ if (hvBytes.Length > 0) {
+ string hvBase64 = System.Convert.ToBase64String(hvBytes);
+
+ trait.ComponentIdentifierV11.TraitValue.ComponentPlatformCertUri = new URIReference {
+ HashAlgorithm = new AlgorithmIdentifier {
+ Algorithm = new ObjectIdentifier {
+ Oid = component.COMPONENTPLATFORMCERTURI.HASHALG
+ }
+ },
+ HashValue = new BitString {
+ Base64 = ByteString.FromBase64(hvBase64)
+ }
+ };
+ }
+
+ trait.ComponentIdentifierV11.TraitValue.ComponentPlatformCertUri.UniformResourceIdentifier.String = component.COMPONENTPLATFORMCERTURI.UNIFORMRESOURCEIDENTIFIER;
+ }
+
+ // Save wrapped component identifier v11
+ v3.PlatformConfiguration.PlatformComponents.Add(trait);
+ }
+
+ // Convert Properties
+ foreach (HardwareManifestProto.Property property in v2.PROPERTIES) {
+ PlatformCertificateProto.Property newProperty = new() {
+ PropertyName = new UTF8String {
+ String = property.PROPERTYNAME
+ },
+ PropertyValue = new UTF8String {
+ String = property.PROPERTYVALUE
+ }
+ };
+ switch (property.STATUS) {
+ case "ADDED":
+ case "added":
+ newProperty.Status = AttributeStatus.Added;
+ break;
+ case "MODIFIED":
+ case "modified":
+ newProperty.Status = AttributeStatus.Modified;
+ break;
+ case "REMOVED":
+ case "removed":
+ newProperty.Status = AttributeStatus.Removed;
+ break;
+ }
+ v3.PlatformConfiguration.PlatformProperties.Add(newProperty);
+ }
+
+ return v3;
+ }
+ }
+}
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/HardwareManifest.cs b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/HardwareManifest.cs
new file mode 100644
index 0000000..7cef540
--- /dev/null
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/HardwareManifest.cs
@@ -0,0 +1,41 @@
+using HardwareManifestProto;
+
+namespace HardwareManifestPlugin {
+ public abstract class HardwareManifest : IHardwareManifest {
+ public string Name {
+ get;
+ protected set;
+ } = "";
+
+ public string Description {
+ get;
+ protected set;
+ } = "";
+
+ public bool CollectsV2HardwareInformation {
+ get;
+ protected set;
+ } = false;
+
+ public bool CollectsV3HardwareInformation {
+ get;
+ protected set;
+ } = false;
+
+ public ManifestV2 ManifestV2 {
+ get;
+ protected set;
+ } = new();
+
+ public ManifestV3 ManifestV3 {
+ get;
+ protected set;
+ } = new();
+
+ public abstract bool GatherHardwareIdentifiers();
+
+ public bool GatherHardwareIdentifiers(string[] args) {
+ return GatherHardwareIdentifiers();
+ }
+ }
+}
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/IHardwareManifest.cs b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/IHardwareManifest.cs
index 232dba4..3ec99c8 100644
--- a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/IHardwareManifest.cs
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/IHardwareManifest.cs
@@ -1,61 +1,52 @@
-using PlatformCertificateFromProto;
-using org.iso.standards.swid;
-
-namespace HardwareManifestPlugin {
- public interface IHardwareManifest {
- string Name {
- get;
- }
- string Description {
- get;
- }
- PlatformConfiguration PlatformConfiguration {
- get;
- }
- PlatformConfigurationV2 PlatformConfigurationV2 {
- get;
- }
-
- NameAttributes NameAttributes {
- get;
- }
-
- SoftwareIdentity? SWID {
- get;
- }
-
- ///
- /// Pass arguments to the Hardware Manifest Plugin, if needed.
- ///
- /// Command-line style arguments to be given to the plugin prior to hardware identifier collection.
- void Configure(string[] args);
- ///
- /// Will this plugin collect hardware information into structures defined under tcg-at-platformConfiguration-v1?
- ///
- /// If true, the PlatformConfiguration property is expected to contain hardware information after GatherHardwareInformation is run. If false, the PlatformConfiguration property is expected to be null.
- bool WillContainPlatformConfigurationV1();
- ///
- /// Will this plugin collect hardware information into structures defined under tcg-at-platformConfiguration-v2?
- ///
- /// If true, the PlatformConfigurationV2 property is expected to contain hardware information after GatherHardwareInformation is run. If false, the PlatformConfigurationV2 property is expected to be null.
- bool WillContainPlatformConfigurationV2();
- ///
- /// Will this plugin collect hardware information into structures intended for the subject alternative name?
- ///
- /// If true, the NameAttributes property is expected to contain at least one hardware identifier intended for the subject alternative name after GatherHardwareInformation is run. Individually check each of the sub-properties of NameAttributes. If false, the NameAttributes property is expected to be null.
- bool WillContainNameAttributes();
- ///
- /// Was this plugin distributed with a SWID file?
- ///
- /// If true, the SWID property is expected to contain a complete SoftwareIdentity structure. The swidtag must provide integrity over That structure may contain a Signature. If false, the SWID property is expected to be empty.
- bool ContainsSWID() {
- return SWID != null;
- }
-
- ///
- /// Kick off the hardware collection procedure within the Hardware Manifest Plugin.
- ///
- /// The full manifest as a JSON string.
- string GatherHardwareManifestAsJsonString();
- }
-}
+using HardwareManifestProto;
+
+namespace HardwareManifestPlugin {
+ public interface IHardwareManifest {
+ string Name {
+ get;
+ }
+ string Description {
+ get;
+ }
+
+ public const int PluginMajorVersion = 2;
+ public const int PluginMinorVersion = 0;
+ public const int PluginRevision = 1;
+
+ ///
+ /// Will this plugin collect hardware information into structures defined under tcg-at-platformConfiguration-v2?
+ ///
+ /// If true, the ManifestV2 property is expected to contain hardware information after GatherHardwareInformation is run. If false, the ManifestV2 property is not expected to be initialized.
+ bool CollectsV2HardwareInformation {
+ get;
+ }
+ ///
+ /// Will this plugin collect hardware information into structures defined under tcg-at-platformConfiguration-v3?
+ ///
+ /// If true, the ManifestV3 property is expected to contain hardware information after GatherHardwareInformation is run. If false, the ManifestV3 property is not expected to be initialized.
+ bool CollectsV3HardwareInformation {
+ get;
+ }
+
+ ManifestV2 ManifestV2 {
+ get;
+ }
+
+ ManifestV3 ManifestV3 {
+ get;
+ }
+
+ ///
+ /// Kick off the hardware collection procedure within the Hardware Manifest Plugin.
+ ///
+ /// True if collection completed successfully. False otherwise.
+ bool GatherHardwareIdentifiers();
+
+ ///
+ /// Kick off the hardware collection procedure within the Hardware Manifest Plugin.
+ ///
+ /// Arguments can be passed to the function.
+ /// True if collection completed successfully. False otherwise.
+ bool GatherHardwareIdentifiers(string[] args);
+ }
+}
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/NameAttributes.cs b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/NameAttributes.cs
deleted file mode 100644
index ee074cd..0000000
--- a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/src/NameAttributes.cs
+++ /dev/null
@@ -1,28 +0,0 @@
-using PlatformCertificateFromProto;
-
-namespace HardwareManifestPlugin {
- public class NameAttributes {
- public PlatformManufacturerStr? PlatformManufacturerStr {
- get; private set;
- }
- public PlatformModel? PlatformModel {
- get; private set;
- }
- public PlatformSerial? PlatformSerial {
- get; private set;
- }
- public PlatformVersion? PlatformVersion {
- get; private set;
- }
- public PlatformManufacturerId? PlatformManufacturerId {
- get; private set;
- }
- public NameAttributes(PlatformManufacturerStr ven, PlatformModel mn, PlatformSerial sn, PlatformVersion ver, PlatformManufacturerId venId) {
- PlatformManufacturerStr = ven;
- PlatformModel = mn;
- PlatformSerial = sn;
- PlatformVersion = ver;
- PlatformManufacturerId = venId;
- }
- }
-}
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/HardwareManifestPluginManager.csproj b/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/HardwareManifestPluginManager.csproj
index e84d3ca..1123074 100644
--- a/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/HardwareManifestPluginManager.csproj
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/HardwareManifestPluginManager.csproj
@@ -1,4 +1,4 @@
-
+
net6.0
@@ -6,7 +6,7 @@
enable
NSA Cybersecurity Directorate
paccor.HardwareManifestPluginManager
- 1.0.0
+ 2.0.0
paccor;platform;certificate;hardware;manifest;plugin;manager
README.md
Apache-2.0
@@ -19,8 +19,7 @@
-
-
+
@@ -29,7 +28,7 @@
-
+
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/src/HardwareManifestPluginManagerUtils.cs b/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/src/HardwareManifestPluginManagerUtils.cs
index 7863112..5991bd9 100644
--- a/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/src/HardwareManifestPluginManagerUtils.cs
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/src/HardwareManifestPluginManagerUtils.cs
@@ -1,65 +1,65 @@
-using HardwareManifestPlugin;
-using org.iso.standards.swid;
-using Serilog;
-using System.Reflection;
-
-namespace HardwareManifestPluginManager {
- public class HardwareManifestPluginManagerUtils {
- private static readonly ILogger log = Log.ForContext();
-
-#pragma warning disable CS8604 // Possible null reference argument.
- public static readonly string pluginsPath = Path.Combine(Path.GetDirectoryName(Environment.ProcessPath), "plugins");
- public static readonly string trustPath = Path.Combine(Path.GetDirectoryName(Environment.ProcessPath), "trust");
-#pragma warning restore CS8604 // Possible null reference argument.
-
- public static List LoadPlugins(List names, bool swidEnforced) {
- string[] pluginDlls = System.IO.Directory.GetFiles(pluginsPath, "*.dll");
- List manifests = new();
- List> namesWithArgs = new();
- foreach(string dllPath in pluginDlls) {
- Assembly pluginAssembly = LoadAssemblyfromDll(dllPath);
- IHardwareManifest? manifest = GatherManifestIfNameSelected(pluginAssembly, names);
- if (manifest != null) {
- bool trustManifest = !swidEnforced;
- if (swidEnforced && manifest.ContainsSWID()) {
- trustManifest = VerifySWIDWithEnvelopedSignature(manifest.SWID!);
- }
- if (trustManifest) {
- manifests.Add(manifest);
- log.Debug("Loading hardware manifest: " + manifest.Name);
- }
- }
- }
- if (names.Count > 0) {
- log.Debug("There was no Hardware Manifest plugin with the name " + (names.Count > 1 ? "s" : "") + string.Join(",", names) + ".");
- }
- return manifests;
- }
-
- private static Assembly LoadAssemblyfromDll(string relativePath) {
- string fullPath = Path.GetFullPath(relativePath).Replace('\\', Path.DirectorySeparatorChar);
-
- log.Debug($"Seeing if this assembly implements IHardwareManifest: {fullPath}");
- PluginLoadContext loadContext = new(fullPath);
- return loadContext.LoadFromAssemblyName(new AssemblyName(Path.GetFileNameWithoutExtension(fullPath)));
- }
-
- private static IHardwareManifest? GatherManifestIfNameSelected(Assembly assembly, List names) {
- foreach (Type type in assembly.GetTypes()) {
- if (typeof(IHardwareManifest).IsAssignableFrom(type)) {
- if (Activator.CreateInstance(type) is IHardwareManifest result && names.Remove(result.Name)) {
- log.Debug("Found " + result.Name + ".");
- return result;
- }
- }
- }
- log.Debug($"Can't find any type which implements IHardwareManifest in {assembly}.\n");
- return null;
- }
-
- private static bool VerifySWIDWithEnvelopedSignature(SoftwareIdentity SWID) {
- log.Debug("SWID Signature Method not yet tested");
- return true;
- }
- }
-}
+using HardwareManifestPlugin;
+using Serilog;
+using System.Reflection;
+using System.Xml;
+
+namespace HardwareManifestPluginManager {
+ public class HardwareManifestPluginManagerUtils {
+ private static readonly ILogger Log = Serilog.Log.ForContext();
+
+#pragma warning disable CS8604 // Possible null reference argument.
+ public static readonly string PluginsPath = Path.Combine(Path.GetDirectoryName(Environment.ProcessPath), "plugins");
+ public static readonly string TrustPath = Path.Combine(Path.GetDirectoryName(Environment.ProcessPath), "trust");
+#pragma warning restore CS8604 // Possible null reference argument.
+
+ public static List LoadPlugins(List names, bool sbomExpected) {
+ string[] pluginDlls = System.IO.Directory.GetFiles(PluginsPath, "*.dll");
+ List manifests = new();
+ List> namesWithArgs = new();
+ foreach(string dllPath in pluginDlls) {
+ Assembly pluginAssembly = LoadAssemblyFromDll(dllPath);
+ IHardwareManifest? manifest = GatherManifestIfNameSelected(pluginAssembly, names);
+ if (manifest != null) {
+ bool trustManifest = !sbomExpected;
+ if (sbomExpected) {
+ trustManifest = VerifySbom(manifest.Name);
+ }
+ if (trustManifest) {
+ manifests.Add(manifest);
+ Log.Debug("Loading hardware manifest: " + manifest.Name);
+ }
+ }
+ }
+ if (names.Count > 0) {
+ Log.Debug("There was no Hardware Manifest plugin with the name " + (names.Count > 1 ? "s" : "") + string.Join(",", names) + ".");
+ }
+ return manifests;
+ }
+
+ private static Assembly LoadAssemblyFromDll(string relativePath) {
+ string fullPath = Path.GetFullPath(relativePath).Replace('\\', Path.DirectorySeparatorChar);
+
+ Log.Debug($"Seeing if this assembly implements IHardwareManifest: {fullPath}");
+ PluginLoadContext loadContext = new(fullPath);
+ return loadContext.LoadFromAssemblyName(new AssemblyName(Path.GetFileNameWithoutExtension(fullPath)));
+ }
+
+ private static IHardwareManifest? GatherManifestIfNameSelected(Assembly assembly, List names) {
+ foreach (Type type in assembly.GetTypes()) {
+ if (typeof(IHardwareManifest).IsAssignableFrom(type)) {
+ if (Activator.CreateInstance(type) is IHardwareManifest result && names.Remove(result.Name)) {
+ Log.Debug("Found " + result.Name + ".");
+ return result;
+ }
+ }
+ }
+ Log.Debug($"Can't find any type which implements IHardwareManifest in {assembly}.\n");
+ return null;
+ }
+
+ private static bool VerifySbom(string manifestName) {
+ Log.Debug("Sbom verification method not yet tested");
+ return true;
+ }
+ }
+}
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/src/PluginLoadContext.cs b/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/src/PluginLoadContext.cs
index e561c3a..3551618 100644
--- a/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/src/PluginLoadContext.cs
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPluginManager/src/PluginLoadContext.cs
@@ -10,23 +10,13 @@ public PluginLoadContext(string pluginPath) {
}
protected override Assembly? Load(AssemblyName assemblyName) {
- if (assemblyName != null) {
string? assemblyPath = _resolver.ResolveAssemblyToPath(assemblyName);
- if (assemblyPath != null) {
- return LoadFromAssemblyPath(assemblyPath);
- }
- }
- return null;
+ return assemblyPath != null ? LoadFromAssemblyPath(assemblyPath) : null;
}
protected override IntPtr LoadUnmanagedDll(string unmanagedDllName) {
- if (unmanagedDllName != null) {
- string? libraryPath = _resolver.ResolveUnmanagedDllToPath(unmanagedDllName);
- if (libraryPath != null) {
- return LoadUnmanagedDllFromPath(libraryPath);
- }
- }
- return IntPtr.Zero;
+ string? libraryPath = _resolver.ResolveUnmanagedDllToPath(unmanagedDllName);
+ return libraryPath != null ? LoadUnmanagedDllFromPath(libraryPath) : IntPtr.Zero;
}
}
}
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPluginTests/HardwareManifestPluginTests.cs b/dotnet/HardwareManifestPlugin/HardwareManifestPluginTests/HardwareManifestPluginTests.cs
new file mode 100644
index 0000000..d070642
--- /dev/null
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPluginTests/HardwareManifestPluginTests.cs
@@ -0,0 +1,23 @@
+using HardwareManifestProto;
+using NUnit.Framework;
+
+namespace HardwareManifestPluginTests {
+ public class HardwareManifestPluginTests {
+ public static readonly string TEST_STUFF_V2 =
+ "{\n \n \"PLATFORM\": {\n \"PLATFORMMANUFACTURERSTR\": \"Computer Manufacturer M0\",\"PLATFORMMODEL\": \"Computer Model ABC123Z\",\"PLATFORMVERSION\": \"1.0\",\"PLATFORMSERIAL\": \"Serial N839\"\n },\n \"COMPONENTS\": [\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00020001\"\n },\"MANUFACTURER\": \"Computer Manufacturer M0\",\"MODEL\": \"31\",\"SERIAL\": \"Serial N839\",\"REVISION\": \"1.0\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00030003\"\n },\"MANUFACTURER\": \"Computer Manufacturer M0\",\"MODEL\": \"UP6502ZA\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"Serial N7M0\",\"REVISION\": \"1.0\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00130003\"\n },\"MANUFACTURER\": \"Computer Manufacturer AM32\",\"MODEL\": \"Not Specified\",\"REVISION\": \"Rev 2Z.8\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00010002\"\n },\"MANUFACTURER\": \"Intel(R) Corporation\",\"MODEL\": \"198\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"To Be Filled By O.E.M.\",\"REVISION\": \"12th Gen Intel(R) Core(TM) i7-12700H\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00060001\"\n },\"MANUFACTURER\": \"Computer Manufacturer WE2\",\"MODEL\": \"Computer Model K027\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"00000000\",\"REVISION\": \"9876543210\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00060001\"\n },\"MANUFACTURER\": \"Computer Manufacturer WE2\",\"MODEL\": \"Computer Model K027\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"00000000\",\"REVISION\": \"9876543210\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00060001\"\n },\"MANUFACTURER\": \"Computer Manufacturer WE2\",\"MODEL\": \"Computer Model K027\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"00000000\",\"REVISION\": \"9876543210\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00060001\"\n },\"MANUFACTURER\": \"Computer Manufacturer WE2\",\"MODEL\": \"Computer Model K027\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"00000000\",\"REVISION\": \"9876543210\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00060001\"\n },\"MANUFACTURER\": \"Computer Manufacturer WE2\",\"MODEL\": \"Computer Model K027\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"00000000\",\"REVISION\": \"9876543210\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00060001\"\n },\"MANUFACTURER\": \"Computer Manufacturer WE2\",\"MODEL\": \"Computer Model K027\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"00000000\",\"REVISION\": \"9876543210\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00060001\"\n },\"MANUFACTURER\": \"Computer Manufacturer WE2\",\"MODEL\": \"Computer Model K027\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"00000000\",\"REVISION\": \"9876543210\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00060001\"\n },\"MANUFACTURER\": \"Computer Manufacturer WE2\",\"MODEL\": \"Computer Model K027\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"00000000\",\"REVISION\": \"9876543210\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00090002\"\n },\"MANUFACTURER\": \"8086\",\"MODEL\": \"51F0\",\"FIELDREPLACEABLE\": \"true\",\"SERIAL\": \"Serial 27347E\",\"REVISION\": \"01\", \"ADDRESSES\": [{\n \"WLANMAC\": \"Serial 27347E\" }]\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00070002\"\n },\"MANUFACTURER\": \"Not Specified\",\"MODEL\": \"retrieving Valu\",\"FIELDREPLACEABLE\": \"true\"\n },\n {\n \"COMPONENTCLASS\": {\n \"COMPONENTCLASSREGISTRY\": \"2.23.133.18.3.1\",\n \"COMPONENTCLASSVALUE\": \"00050002\"\n },\"MANUFACTURER\": \"8086\",\"MODEL\": \"46A6\",\"FIELDREPLACEABLE\": \"true\",\"REVISION\": \"0C\"\n }\n ],\n \"PROPERTIES\": [\n {\n \"PROPERTYNAME\": \"caption\",\n \"PROPERTYVALUE\": \"Microsoft Windows 11 Pro\"\n }\n,\n {\n \"PROPERTYNAME\": \"caption\",\n \"PROPERTYVALUE\": \"Microsoft Windows 11 Pro\"\n }\n\n ]\n}";
+
+ public static readonly string TEST_STUFF_V3 =
+ "{ \"platformIdentifier\": { \"typeId\": { \"oid\": \"2.23.133.5.1.8\" }, \"value\": { \"platformManufacturer\": { \"utf8\": { \"traitId\": { \"oid\": \"2.23.133.19.1.18\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.1\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"string\": \"Computer Manufacturer M0\" } } }, \"platformModel\": { \"utf8\": { \"traitId\": { \"oid\": \"2.23.133.19.1.18\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.2\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"string\": \"Computer Model ABC123Z\" } } }, \"platformVersion\": { \"utf8\": { \"traitId\": { \"oid\": \"2.23.133.19.1.18\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.3\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"string\": \"1.0\" } } }, \"platformSerial\": { \"utf8\": { \"traitId\": { \"oid\": \"2.23.133.19.1.18\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.4\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"string\": \"Serial N839\" } } } } }, \"platformConfiguration\": { \"platformComponents\": [ { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAIAAQ==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer M0\" }, \"componentModel\": { \"string\": \"31\" }, \"componentSerial\": { \"string\": \"Serial N839\" }, \"componentRevision\": { \"string\": \"1.0\" } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAMAAw==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer M0\" }, \"componentModel\": { \"string\": \"UP6502ZA\" }, \"componentSerial\": { \"string\": \"Serial N7M0\" }, \"componentRevision\": { \"string\": \"1.0\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"ABMAAw==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer AM32\" }, \"componentModel\": { \"string\": \"Not Specified\" }, \"componentRevision\": { \"string\": \"Rev 2Z.8\" } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAEAAg==\" } }, \"componentManufacturer\": { \"string\": \"Intel(R) Corporation\" }, \"componentModel\": { \"string\": \"198\" }, \"componentSerial\": { \"string\": \"To Be Filled By O.E.M.\" }, \"componentRevision\": { \"string\": \"12th Gen Intel(R) Core(TM) i7-12700H\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAYAAQ==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer WE2\" }, \"componentModel\": { \"string\": \"Computer Model K027\" }, \"componentSerial\": { \"string\": \"00000000\" }, \"componentRevision\": { \"string\": \"9876543210\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAYAAQ==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer WE2\" }, \"componentModel\": { \"string\": \"Computer Model K027\" }, \"componentSerial\": { \"string\": \"00000000\" }, \"componentRevision\": { \"string\": \"9876543210\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAYAAQ==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer WE2\" }, \"componentModel\": { \"string\": \"Computer Model K027\" }, \"componentSerial\": { \"string\": \"00000000\" }, \"componentRevision\": { \"string\": \"9876543210\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAYAAQ==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer WE2\" }, \"componentModel\": { \"string\": \"Computer Model K027\" }, \"componentSerial\": { \"string\": \"00000000\" }, \"componentRevision\": { \"string\": \"9876543210\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAYAAQ==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer WE2\" }, \"componentModel\": { \"string\": \"Computer Model K027\" }, \"componentSerial\": { \"string\": \"00000000\" }, \"componentRevision\": { \"string\": \"9876543210\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAYAAQ==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer WE2\" }, \"componentModel\": { \"string\": \"Computer Model K027\" }, \"componentSerial\": { \"string\": \"00000000\" }, \"componentRevision\": { \"string\": \"9876543210\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAYAAQ==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer WE2\" }, \"componentModel\": { \"string\": \"Computer Model K027\" }, \"componentSerial\": { \"string\": \"00000000\" }, \"componentRevision\": { \"string\": \"9876543210\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAYAAQ==\" } }, \"componentManufacturer\": { \"string\": \"Computer Manufacturer WE2\" }, \"componentModel\": { \"string\": \"Computer Model K027\" }, \"componentSerial\": { \"string\": \"00000000\" }, \"componentRevision\": { \"string\": \"9876543210\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAkAAg==\" } }, \"componentManufacturer\": { \"string\": \"8086\" }, \"componentModel\": { \"string\": \"51F0\" }, \"componentSerial\": { \"string\": \"Serial 27347E\" }, \"componentRevision\": { \"string\": \"01\" }, \"fieldReplaceable\": { \"bool\": true }, \"componentAddresses\": [ { \"addressType\": { \"oid\": \"2.23.133.17.2\" }, \"addressValue\": { \"string\": \"Serial 27347E\" } } ] } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAcAAg==\" } }, \"componentManufacturer\": { \"string\": \"Not Specified\" }, \"componentModel\": { \"string\": \"retrieving Valu\" }, \"fieldReplaceable\": { \"bool\": true } } } }, { \"componentIdentifierV11\": { \"traitId\": { \"oid\": \"2.23.133.19.1.5\" }, \"traitCategory\": { \"oid\": \"2.23.133.19.2.26\" }, \"traitRegistry\": { \"oid\": \"2.23.133.19.3.1\" }, \"description\": { \"string\": \"paccor component gathering scripts\" }, \"descriptionURI\": { \"string\": \"https://github.com/nsacyber/paccor/scripts\" }, \"traitValue\": { \"componentClass\": { \"componentClassRegistry\": { \"oid\": \"2.23.133.18.3.1\" }, \"componentClassValue\": { \"base64\": \"AAUAAg==\" } }, \"componentManufacturer\": { \"string\": \"8086\" }, \"componentModel\": { \"string\": \"46A6\" }, \"componentRevision\": { \"string\": \"0C\" }, \"fieldReplaceable\": { \"bool\": true } } } } ], \"platformProperties\": [ { \"propertyName\": { \"string\": \"caption\" }, \"propertyValue\": { \"string\": \"Microsoft Windows 11 Pro\" } }, { \"propertyName\": { \"string\": \"caption\" }, \"propertyValue\": { \"string\": \"Microsoft Windows 11 Pro\" } } ] } }";
+
+ [Test]
+ public void TestConvertFromManifestV2() {
+ const string traitDescription = "paccor component gathering scripts";
+ const string traitDescriptionUri = "https://github.com/nsacyber/paccor/scripts";
+ var settings = Google.Protobuf.JsonParser.Settings.Default.WithIgnoreUnknownFields(true);
+ ManifestV2 v2 = new Google.Protobuf.JsonParser(settings).Parse(TEST_STUFF_V2);
+ ManifestV3 v3 = HardwareManifestPlugin.Convert.FromManifestV2(v2, traitDescription, traitDescriptionUri);
+ Assert.That(TEST_STUFF_V3, Is.EqualTo(v3.ToString()));
+ Console.WriteLine(v3);
+ }
+ }
+}
\ No newline at end of file
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPluginTests/HardwareManifestPluginTests.csproj b/dotnet/HardwareManifestPlugin/HardwareManifestPluginTests/HardwareManifestPluginTests.csproj
new file mode 100644
index 0000000..6435d17
--- /dev/null
+++ b/dotnet/HardwareManifestPlugin/HardwareManifestPluginTests/HardwareManifestPluginTests.csproj
@@ -0,0 +1,28 @@
+
+
+
+ net6.0
+ enable
+ enable
+
+ false
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/dotnet/paccor_scripts/paccor_scripts.sln b/dotnet/paccor_scripts/paccor_scripts.sln
index ce3e801..db7aab8 100644
--- a/dotnet/paccor_scripts/paccor_scripts.sln
+++ b/dotnet/paccor_scripts/paccor_scripts.sln
@@ -3,7 +3,7 @@ Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.1.32421.90
MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "paccor_scripts", "paccor_scripts\paccor_scripts.csproj", "{295D1CD3-9DA7-429F-B986-81656BCA6969}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "paccor_scripts", "paccor_scripts\paccor_scripts.csproj", "{295D1CD3-9DA7-429F-B986-81656BCA6969}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "HardwareManifestPlugin", "..\HardwareManifestPlugin\HardwareManifestPlugin\HardwareManifestPlugin.csproj", "{E984C721-499B-44AA-A635-080DB8774591}"
EndProject
diff --git a/dotnet/paccor_scripts/paccor_scripts/paccor_scripts.csproj b/dotnet/paccor_scripts/paccor_scripts/paccor_scripts.csproj
index 788c0f8..b9017ec 100644
--- a/dotnet/paccor_scripts/paccor_scripts/paccor_scripts.csproj
+++ b/dotnet/paccor_scripts/paccor_scripts/paccor_scripts.csproj
@@ -7,7 +7,7 @@
linux-x64;win-x64
NSA Cybersecurity Directorate
paccor.paccor_scripts
- 1.0.1
+ 2.0.0
paccor;platform;certificate;hardware;manifest;scripts;component;class;registry;evidence;collection
README.md
Apache-2.0
@@ -21,8 +21,8 @@
-
-
+
+
@@ -46,7 +46,9 @@
-
+
+
+
diff --git a/dotnet/paccor_scripts/paccor_scripts/sbom_buildlist_file.txt b/dotnet/paccor_scripts/paccor_scripts/sbom_buildlist_file.txt
new file mode 100644
index 0000000..ee2b0c3
--- /dev/null
+++ b/dotnet/paccor_scripts/paccor_scripts/sbom_buildlist_file.txt
@@ -0,0 +1,10 @@
+paccor_scripts.dll
+scripts/allcomponents.sh
+scripts/enterprise-numbers
+scripts/hw.sh
+scripts/nvme.sh
+scripts/smbios.sh
+scripts/windows/allcomponents.ps1
+scripts/windows/hw.ps1
+scripts/windows/nvme.ps1
+scripts/windows/SMBios.ps1
diff --git a/dotnet/paccor_scripts/paccor_scripts/sbom_cmds.txt b/dotnet/paccor_scripts/paccor_scripts/sbom_cmds.txt
new file mode 100644
index 0000000..8fc56a6
--- /dev/null
+++ b/dotnet/paccor_scripts/paccor_scripts/sbom_cmds.txt
@@ -0,0 +1,3 @@
+dotnet tool install --global Microsoft.Sbom.DotNetTool
+sbom-tool generate -b . -bl sbom_buildlist_file.txt -pn paccor_scripts -pv 1.0.0 -ps NSA -nsb https://github.com/nsacyber/paccor
+sbom-tool validate -b . -o ./output.json -mi SPDX:2.2
\ No newline at end of file
diff --git a/dotnet/paccor_scripts/paccor_scripts/scripts/allcomponents.sh b/dotnet/paccor_scripts/paccor_scripts/scripts/allcomponents.sh
index c81b933..647f294 100644
--- a/dotnet/paccor_scripts/paccor_scripts/scripts/allcomponents.sh
+++ b/dotnet/paccor_scripts/paccor_scripts/scripts/allcomponents.sh
@@ -74,8 +74,13 @@ JSON_URI="UNIFORMRESOURCEIDENTIFIER"
JSON_HASHALG="HASHALGORITHM"
JSON_HASHVALUE="HASHVALUE"
#### JSON Properties Keywords
-JSON_NAME="NAME"
-JSON_VALUE="VALUE"
+JSON_NAME="PROPERTYNAME"
+JSON_VALUE="PROPERTYVALUE"
+JSON_PROP_STATUS="PROPERTYSTATUS"
+#### JSON Status Keywords
+JSON_STATUS_ADDED="ADDED"
+JSON_STATUS_MODIFIED="MODIFIED"
+JSON_STATUS_REMOVED="REMOVED"
NOT_SPECIFIED="Not Specified"
@@ -111,6 +116,13 @@ JSON_PROPERTY_TEMPLATE='
\"'"$JSON_VALUE"'\": \"%s\"
}
'
+JSON_PROPERTY_TEMPLATE_OPT='
+ {
+ \"'"$JSON_NAME"'\": \"%s\",
+ \"'"$JSON_VALUE"'\": \"%s\",
+ \"'"$JSON_PROP_STATUS"'\": \"%s\"
+ }
+'
JSON_ADDRESSES_TEMPLATE=' \"'"$JSON_ADDRESSES"'\": [%s]'
JSON_ETHERNETMAC_TEMPLATE=' {
\"'"$JSON_ETHERNETMAC"'\": \"%s\" } '
@@ -208,7 +220,7 @@ queryForPen () {
jsonProperty () {
if [ -n "${1}" ] && [ -n "${2}" ]; then
if [ -n "${3}" ]; then
- printf "$JSON_PROPERTY_TEMPLATE" "${1}" "${2}" "${3}"
+ printf "$JSON_PROPERTY_TEMPLATE_OPT" "${1}" "${2}" "${3}"
else
printf "$JSON_PROPERTY_TEMPLATE" "${1}" "${2}"
fi
@@ -796,7 +808,7 @@ parseGfxData () {
### Gather property details
property1=$(jsonProperty "uname -r" "$(uname -r)") ## Example1
-property2=$(jsonProperty "OS Release" "$(grep 'PRETTY_NAME=' /etc/os-release | sed 's/[^=]*=//' | sed -e 's/^[[:space:]\"]*//' | sed -e 's/[[:space:]\"]*$//')") ## Example2
+property2=$(jsonProperty "OS Release" "$(grep 'PRETTY_NAME=' /etc/os-release | sed 's/[^=]*=//' | sed -e 's/^[[:space:]\"]*//' | sed -e 's/[[:space:]\"]*$//')") # "$JSON_STATUS_ADDED") ## Example2 with optional third status argument
### Collate the component details
componentsCPU=$(parseCpuData)
diff --git a/dotnet/paccor_scripts/paccor_scripts/scripts/get_ek.sh b/dotnet/paccor_scripts/paccor_scripts/scripts/get_ek.sh
deleted file mode 100644
index 5eb0617..0000000
--- a/dotnet/paccor_scripts/paccor_scripts/scripts/get_ek.sh
+++ /dev/null
@@ -1,147 +0,0 @@
-#!/bin/bash
-
-
-## SET THESE ACCORDING TO YOUR TPM VERSION, AUTH SETTINGS, and EK NV INDEX
-## Base constant values are chosen by default
-TPM1_AUTH_SETTINGS="-z"
-TPM1_EK_NV_INDEX="0x1000f000"
-
-TPM2_AUTH_SETTINGS="-a 0x40000001" # Add auth parameters as set for your TPM. i.e. -P 2a2b2c
-TPM2_EK_NV_INDEX="0x1c00002"
-
-
-## Shouldn't need to alter the code below this line, unless your TPM 2.0 resource manager was launched with custom settings.
-if [ "$EUID" -ne 0 ]; then
- echo "Please run as root"
- exit 1
-fi
-
-# Determine TPM version
-TPM_VER_1_2=$(dmesg | grep -i tpm | grep "1\.2")
-TPM_VER_2_0=$(dmesg | grep -i tpm | grep "2\.0")
-
-distCmd=
-if [ "$(. /etc/os-release; echo $NAME)" = "Ubuntu" ]; then
- distCmd="apt"
-else
- distCmd="yum"
-fi
-
-if [ -z "$TPM_VER_1_2" ] && [ -z "$TPM_VER_2_0" ]; then
- tpmServerActive=$(ps -aux | grep "tpm_server" | grep -v "grep")
- if [ -n "$tpmServerActive" ]; then
- TPM_VER_2_0=1
- else
- echo "Could not detect version of TPM. Please manually set in get_ek.sh"
- exit 1
- fi
-fi
-
-indexCmd=
-readCmd=
-sizeCmd=
-offsetCmd=
-ekCertSize=
-nvBufferedRead=
-maxReadSize=256
-
-if [ -n "$TPM_VER_1_2" ]; then
- indexCmd="-i ""$TPM1_EK_NV_INDEX"
- ekCertSize=$(tpm_nvinfo | sed -n -e "/""$TPM1_EK_NV_INDEX""/,\$p" | sed -e '/^[ \t\r\n]*$/,$d' | grep "Size" | sed -E 's/^Size[ ]+:[ ]*([0-9]+) .*$/\1/')
- readCmd="tpm_nvread ""$TPM1_AUTH_SETTINGS"" ""$indexCmd"" -s %s -n %s | sed -r \"s/[0-9a-f]+ ([ 0-9a-f]{48}).*/\\\\1/\" | tr -d [[:space:]]"
- nvBufferedRead="1"
-elif [ -n "$TPM_VER_2_0" ]; then
- TPM2_TOOLS_VER_1=$("$distCmd" list installed tpm2-tools 2> /dev/null | grep --quiet -E "[ \t]+1\." && echo "1" || echo "")
- TPM2_TOOLS_VER_2=$("$distCmd" list installed tpm2-tools 2> /dev/null | grep --quiet -E "[ \t]+2\." && echo "1" || echo "")
- TPM2_TOOLS_VER_3=$("$distCmd" list installed tpm2-tools 2> /dev/null | grep --quiet -E "[ \t]+3\." && echo "1" || echo "")
- TPM2_TOOLS_VER_4=$("$distCmd" list installed tpm2-tools 2> /dev/null | grep --quiet -E "[ \t]+[4-9]+\." && echo "1" || echo "")
- indexCmd="-x ""$TPM2_EK_NV_INDEX"
-
- # Use tpm2_nvlist to see the size of the entry at the TPM2_EK_NV_INDEX
- if [ -n "$TPM2_TOOLS_VER_1" ] || [ -n "$TPM2_TOOLS_VER_2" ]; then
- resourceMgrActive=$(ps -aux | grep "resourcemgr" | grep -v "grep")
- resourceMgrPort=
- if [ -z "$resourceMgrActive" ]; then
- echo "This version of tpm2-tools requires the resourcemgr service."
- exit 1
- elif [ -n "$TPM2_TOOLS_VER_2" ]; then
- resourceMgrPort="-p 2323" # default
- fi
- ekCertSize=$(tpm2_nvlist "$resourceMgrPort" | sed -n -e "/""$TPM2_EK_NV_INDEX""/,\$p" | sed -e '/}/,$d' | grep "size of" | sed 's/.*size.*://' | sed -e 's/^[[:space:]]*//' | sed -e 's/[[:space:]]$//')
- readCmd="tpm2_nvread ""$resourceMgrPort"" ""$TPM2_AUTH_SETTINGS"" ""$indexCmd"" -s %s -o %s | sed -r -e 's/The size of data:[0-9]+//g' | perl -ne 's/([0-9a-f]{2})/print chr hex \$1/gie' | xxd -p -c ""$maxReadSize"
- nvBufferedRead="1"
- elif [ -n "$TPM2_TOOLS_VER_3" ] || [ -n "$TPM2_TOOLS_VER_4" ]; then
- abrmdActive=$(ps -aux | grep "tpm2-abrmd" | grep -v "grep")
- modeCmd="-T device"
- if [ -n "$abrmdActive" ]; then
- if [ -n "$TPM2_TOOLS_VER_3" ]; then
- modeCmd="-T abrmd"
- else
- modeCmd=""
- fi
- fi
- ekCertSize=
- if [ -n "$TPM2_TOOLS_VER_3" ]; then
- ekCertSize=$(tpm2_nvlist ""$modeCmd"" | sed -n -e "/""$TPM2_EK_NV_INDEX""/,\$p" | sed -e '/^[ \r\n\t]*$/,$d' | grep "size" | sed 's/.*size.*://' | sed -e 's/^[[:space:]]*//' | sed -e 's/[[:space:]]$//')
- readCmd="tpm2_nvread ""$modeCmd"" ""$TPM2_AUTH_SETTINGS"" ""$indexCmd"" | xxd -p"
- else
- ekCertSize=$(tpm2_nvreadpublic $modeCmd 2> /dev/null | sed -n -e "/""$TPM2_EK_NV_INDEX""/,\$p" | sed -e '/^[ \r\n\t]*$/,$d' | grep "size" | sed 's/.*size.*://' | sed -e 's/^[[:space:]]*//' | sed -e 's/[[:space:]]$//')
- readCmd="tpm2_nvread ""$TPM2_EK_NV_INDEX"" ""$modeCmd"" -C o 2> /dev/null | xxd -p"
- fi
- else
- echo "Please install tpm2-tools"
- exit 1
- fi
-fi
-
-if [ -z "$ekCertSize" ]; then
- echo "The size found at the given NV index was 0 bytes."
- echo "1) Check the index given was accurate ("$TPM2_EK_NV_INDEX") and"
- echo "2) that the auth parameters are right."
- exit 1
-fi
-
-EK_CERT_HEX=
-if [ -z "$nvBufferedRead" ]; then
- EK_CERT_HEX=$(eval "$readCmd")
-else
- # Read maxByteSize at a time until the whole block is read
- sizeToRead=$maxReadSize
- offset=0
- while [ $offset -lt $ekCertSize ];
- do
- if (($offset + $maxReadSize > $ekCertSize)); then
- sizeToRead=$(($ekCertSize - $offset))
- else
- sizeToRead=$maxReadSize
- fi
-
- localReadCmd=$(printf "$readCmd" ""$sizeToRead"" ""$offset"")
- blockRead=$(eval "$localReadCmd")
- # Concatenate each block together
- EK_CERT_HEX="$EK_CERT_HEX""$blockRead"
-
- offset=$(($offset + $sizeToRead))
- done
-fi
-
-if [ -z "$EK_CERT_HEX" ]; then
- echo "No data was read."
- exit 1
-fi
-
-# Erase padding outside the certificate
-EC_BLOB=$(echo -n "$EK_CERT_HEX" | sed 's/.\{2\}/& /g' | tr '[\r\n]+' ' ') # Separate each byte
-EC_BYTE_START=$(echo -n "$EC_BLOB" | grep -b -o "30 82") # Look for the outer ASN1 Sequence
-if [ -z "$EC_BYTE_START" ]; then
- echo "Data did not contain an EK certificate."
- exit 1
-fi
-EC_BYTE_START=$(echo -n "$EC_BLOB" | grep -b -o "30 82" | sed -n '1p' | sed -r 's/^([0-9]+):.*$/\1/') # Get outer ASN1 Sequence position
-EC_LENGTH=$(echo -n "$EC_BLOB" | awk -F"30 82" '{print $2}' | tr -d '[[:space:]]') # Get the certificate length
-EC_LENGTH="16#""$EC_LENGTH" # Convert to decimal
-EC_LENGTH=$(((( $EC_LENGTH ) + 4) * 2)) # Calculate the number of nibbles to retain as the EC_BLOB
-EC_BLOB=$(echo -n "$EC_BLOB" | tail -c +"$EC_BYTE_START" | tr -d '[[:space:]]' | head -c "$EC_LENGTH") # truncate the extra bytes
-
-echo -n "$EC_BLOB" | xxd -r -p # User can convert to PEM/whatever else
-
diff --git a/dotnet/paccor_scripts/paccor_scripts/scripts/otherextensions.sh b/dotnet/paccor_scripts/paccor_scripts/scripts/otherextensions.sh
deleted file mode 100644
index 8699eb9..0000000
--- a/dotnet/paccor_scripts/paccor_scripts/scripts/otherextensions.sh
+++ /dev/null
@@ -1,160 +0,0 @@
-#!/bin/bash
-
-### User customizable values
-#### Certificate Policies is a mandatory extension. To add additional policies, more variables must be created and referenced below.
-certPolicyOid1="1.2.3" # Replace with a real Certificate Policy OID
-certPolicyQualifierCPS1=""
-certPolicyQualifierUserNotice1="TCG Trusted Platform Endorsement" # Don't change this value.
-#### Authority Information Access is an optional extension. To add additional access methods, more variables must be created and referenced below.
-authorityInfoAccessMethod1="" # valid options are OCSP or CAISSUERS
-authorityInfoAccessLocation1="" # DN
-#### CRL Distribution is an optional extension. Leave any blank to omit the extension.
-crlType="" # valid options are 0 or 1
-crlName="" # DN
-crlReasonFlags="" # valid options are integers 0 thru 16
-crlIssuer="" # CRL issuer DN
-#### Targeting Information is an optional extension. Leave the targetFile variable blank to omit the extension.
-targetFile="" # provide comma separated file paths to EK certificates
-
-### The logic below can be changed by advanced users.
-#### SHA-256 was assumed to be acceptable for each of the hashAlg choices for URI References
-#### 2.16.840.1.101.3.4.2.1 is the oid for SHA-256. see https://tools.ietf.org/html/rfc5754 for other common hash algorithm IDs
-
-### JSON Structure Keywords
-JSON_CERTIFICATEPOLICIES="CERTIFICATEPOLICIES"
-JSON_POLICYIDENTIFIER="POLICYIDENTIFIER"
-JSON_POLICYQUALIFIERS="POLICYQUALIFIERS"
-JSON_POLICYQUALIFIERID="POLICYQUALIFIERID"
-JSON_QUALIFIER="QUALIFIER"
-JSON_CPS="CPS"
-JSON_USERNOTICE="USERNOTICE"
-JSON_AUTHORITYINFOACCESS="AUTHORITYINFOACCESS"
-JSON_ACCESSMETHOD="ACCESSMETHOD"
-JSON_ACCESSLOCATION="ACCESSLOCATION"
-JSON_OCSP="OCSP"
-JSON_CAISSUERS="CAISSUERS"
-JSON_CRLDISTRIBUTION="CRLDISTRIBUTION"
-JSON_DISTRIBUTIONNAME="DISTRIBUTIONNAME"
-JSON_TYPE="TYPE"
-JSON_NAME="NAME"
-JSON_REASON="REASON"
-JSON_ISSUER="ISSUER"
-JSON_TARGETINGINFORMATION="TARGETINGINFORMATION"
-JSON_FILE="FILE"
-
-### JSON Structure Format
-JSON_OTHER_EXTENSIONS_TEMPLATE='{%s
-}'
-JSON_CERTIFICATE_POLICIES_TEMPLATE='
- \"'"$JSON_CERTIFICATEPOLICIES"'\": [
- %s
- ]'
-JSON_POLICY_IDENTIFIER_TEMPLATE='{
- \"'"$JSON_POLICYIDENTIFIER"'\": \"%s\",
- \"'"$JSON_POLICYQUALIFIERS"'\": [
- %s
- ]
- }'
-JSON_POLICY_QUALIFIER_TEMPLATE='{
- \"'"$JSON_POLICYQUALIFIERID"'\": \"%s\",
- \"'"$JSON_QUALIFIER"'\": \"%s\"
- }'
-JSON_AUTHORITY_INFO_ACCESS_TEMPLATE='
- \"'"$JSON_AUTHORITYINFOACCESS"'\": [
- %s
- ]'
-JSON_AUTH_ACCESS_TEMPLATE='{
- \"'"$JSON_ACCESSMETHOD"'\": \"%s\",
- \"'"$JSON_ACCESSLOCATION"'\": \"%s\"
- }'
-JSON_CRL_DISTRIBUTION_TEMPLATE='
- \"'"$JSON_CRLDISTRIBUTION"'\": {
- \"'"$JSON_DISTRIBUTIONNAME"'\": {
- \"'"$JSON_TYPE"'\": \"%s\",
- \"'"$JSON_NAME"'\": \"%s\"
- },
- \"'"$JSON_REASON"'\": \"%s\",
- \"'"$JSON_ISSUER"'\": \"%s\"
- }
-'
-JSON_TARGETING_INFORMATION_TEMPLATE='
- \"'"$JSON_TARGETINGINFORMATION"'\": [%s
- ]'
-JSON_TARGETING_INFORMATION_FILE_TEMPLATE='
- {\"'"$JSON_FILE"'\": \"%s\"}
-'
-
-### JSON Constructor Aides
-toCSV () {
- old="$IFS"
- IFS=','
- value="$*"
- printf "$value"
-}
-jsonCertificatePolicies() {
- printf "$JSON_CERTIFICATE_POLICIES_TEMPLATE" "$(toCSV "$@")"
-}
-jsonPolicyIdentifier() {
- printf "$JSON_POLICY_IDENTIFIER_TEMPLATE" "${1}" "${2}"
-}
-jsonPolicyQualifierCPS() {
- printf "$JSON_POLICY_QUALIFIER_TEMPLATE" "$JSON_CPS" "${1}"
-}
-jsonPolicyQualifierUserNotice() {
- printf "$JSON_POLICY_QUALIFIER_TEMPLATE" "$JSON_USERNOTICE" "${1}"
-}
-jsonAuthInfoAccess() {
- printf "$JSON_AUTHORITY_INFO_ACCESS_TEMPLATE" "$(toCSV "$@")"
-}
-jsonAuthInfoAccessElement() {
- printf "$JSON_AUTH_ACCESS_TEMPLATE" "${1}" "${2}"
-}
-jsonCRLDist() {
- printf "$JSON_CRL_DISTRIBUTION_TEMPLATE" "$crlType" "$crlName" "$crlReasonFlags" "$crlIssuer"
-}
-jsonTargetingInformation() {
- targetInfo=()
- targetFileSplit=$(echo "$targetFile" | sed -n 1'p' | tr ',' '\n')
- while read file; do
- formatted=$(printf "$JSON_TARGETING_INFORMATION_FILE_TEMPLATE" "$file")
- targetInfo+=("$formatted")
- done <<< "$targetFileSplit"
- printf "$JSON_TARGETING_INFORMATION_TEMPLATE" "$(toCSV "${targetInfo[@]}")"
-}
-
-jsonOtherExtensionsFile() {
- # work on making this script more intuitive
- usernotice1=$(jsonPolicyQualifierUserNotice "$certPolicyQualifierUserNotice1")
- qualifier1="$usernotice1"
- if [ -n "$certPolicyQualifierCPS1" ]; then
- cps1=$(jsonPolicyQualifierCPS "$certPolicyQualifierCPS1")
- qualifier1="$qualifier"",""$cps1"
- fi
- policyId1=$(jsonPolicyIdentifier "$certPolicyOid1" "$qualifier1")
- certPolicies=$(jsonCertificatePolicies "$policyId1")
- tmpData="$certPolicies"
-
- if [ -n "$authorityInfoAccessMethod1" ] && [ -n "$authorityInfoAccessLocation1" ]; then
- access1=$(jsonAuthInfoAccessElement "$authorityInfoAccessMethod1" "$authorityInfoAccessLocation1")
- access=$(jsonAuthInfoAccess "$access1")
- tmpData="$tmpData"",""$access"
- fi
-
- if [ -n "$crlType" ] && [ -n "$crlName" ] && [ -n "$crlReasonFlags" ] && [ -n "$crlIssuer" ]; then
- crlName=$(jsonCRLDist)
- tmpData="$tmpData"",""$crlName"
- fi
-
- if [ -n "$targetFile" ]; then
- targets=$(jsonTargetingInformation)
- tmpData="$tmpData"",""$targets"
- fi
-
- printf "$JSON_OTHER_EXTENSIONS_TEMPLATE" "$tmpData"
-}
-
-
-### Put it all together
-finalData=$(jsonOtherExtensionsFile)
-printf "$finalData""\n"
-
diff --git a/dotnet/paccor_scripts/paccor_scripts/scripts/pc_certgen.sh b/dotnet/paccor_scripts/paccor_scripts/scripts/pc_certgen.sh
deleted file mode 100644
index 78ce795..0000000
--- a/dotnet/paccor_scripts/paccor_scripts/scripts/pc_certgen.sh
+++ /dev/null
@@ -1,152 +0,0 @@
-#!/bin/bash
-#############################################################################
-# Platform Certificate Test generator
-#
-#
-#
-###########################################################################
-
-toolpath="`dirname "$0"`"
-timestamp=$(date +%Y%m%d%H%M%S)
-#### Scripts and executable
-componentlister_script="$toolpath""/allcomponents.sh"
-policymaker_script="$toolpath""/referenceoptions.sh"
-get_ek_script="$toolpath""/get_ek.sh"
-extensions_script="$toolpath""/otherextensions.sh"
-signer_bin="$toolpath""/../bin/signer"
-validator_bin="$toolpath""/../bin/validator"
-#### Files
-workspace=$toolpath"/pc_testgen"
-tmpspace="/tmp"
-componentlist="$workspace""/localhost-componentlist.json"
-policyreference="$workspace""/localhost-policyreference.json"
-ekcert="$workspace""/ek.crt"
-pccert="$workspace""/platform_cert.""$timestamp"".crt"
-sigkey="$workspace""/private.pem"
-pcsigncert="$workspace""/PCTestCA.example.com.pem"
-extsettings="$workspace""/extentions.json"
-### Certificate params
-serialnumber="0001"
-dateNotBefore="20180101"
-dateNotAfter="20280101"
-### Key Pair params
-subjectDN="/C=US/O=example.com/OU=PCTest"
-daysValid="3652"
-sigalg="rsa:2048"
-
-if [ ! -d "$workspace" ]; then
- if [ "$EUID" -ne 0 ]
- then echo "The first time this script is run, this script requires root. Please run as root"
- exit 1
- fi
- mkdir "$workspace"
- chmod -R 777 "$workspace"
- if [ $? -ne 0 ]; then
- echo "Failed to make a working directory in ""$workspace"
- exit 1
- fi
-fi
-
-# Step 1 get the ek (requires root)
-if ! [ -e "$ekcert" ];
- then
- echo "Retrieving Endorsement Certificate from the TPM"
- bash "$get_ek_script" > "$ekcert"
- if [ $? -ne 0 ]; then
- echo "Failed to retrieve the ek cert from the TPM, exiting"
- rm -f "$ekcert"
- exit 1
- fi
-else
- echo "Endorsement Credential file exists, skipping retrieval"
-fi
-
-# Step 2 create the components file (requires root)
-if ! [ -e "$componentlist" ]; then
- echo "Retrieving component info from this device"
- bash "$componentlister_script" > "$componentlist"
- if [ $? -ne 0 ]; then
- echo "Failed to create a device component list, exiting"
- rm -f "$componentlist"
- exit 1
- fi
-else
- echo "Component file exists, skipping"
-fi
-
-# Step 3 create the reference options file
-if ! [ -e "$policyreference" ]; then
- echo "Creating a Platform policy JSON file"
- bash "$policymaker_script" > "$policyreference"
- if [ $? -ne 0 ]; then
- echo "Failed to create the policy reference, exiting"
- rm -f "$policyreference"
- exit 1
- fi
-else
- echo "Policy settings file exists, skipping"
-fi
-
-# Step 4 create the extensions settings file
-if ! [ -e "$extsettings" ]; then
- echo "Creating an extensions JSON file"
- bash "$extensions_script" > "$extsettings"
- if [ $? -ne 0 ]; then
- echo "Failed to create the extensions file, exiting"
- rm -f "$extsettings"
- exit 1
- fi
-else
- echo "Extensions file exists, skipping"
-fi
-
-# Step 5 check for JSON errors
-printf "Checking JSON files"
-if ! cat "$componentlist" | jq -e . >/dev/null; then
- echo "Component file has JSON errors, exiting"
- exit 1
-fi
-
-if ! cat "$policyreference" | jq -e . >/dev/null; then
- echo "Policy settings file has JSON errors, exiting"
- exit 1
-fi
-
-if ! cat "$extsettings" | jq -e . >/dev/null; then
- echo "Extensions file has JSON errors, exiting"
- exit 1
-fi
-printf "...OK\n"
-
-# Step 6 create a sample signing key pair
-if ! [ -e "$pcsigncert" ]; then
- echo "Creating a signing key for signing platform credentials"
- $(openssl req -x509 -nodes -days "$daysValid" -newkey "$sigalg" -keyout "$sigkey" -out "$pcsigncert" -subj "$subjectDN" >> /dev/null)
- if [ $? -ne 0 ]; then
- echo "Failed to create the key pair, exiting"
- exit 1
- fi
-else
- echo "Platform Signing file exists, skipping"
-fi
-
-# Step 7 create and sign the new platform credential
-echo "Generating a signed Platform Credential"
-bash $signer_bin -x "$extsettings" -c "$componentlist" -e "$ekcert" -p "$policyreference" -k "$sigkey" -P "$pcsigncert" -N "$serialnumber" -b "$dateNotBefore" -a "$dateNotAfter" -f "$pccert"
-if [ $? -ne 0 ]; then
- echo "The signer could not produce a Platform Credential, exiting"
- exit 1
-fi
-
-# Step 8 validate the signature
-echo "Validating the signature"
-bash $validator_bin -P "$pcsigncert" -X "$pccert"
-
-if [ $? -eq 0 ]; then
- echo "PC Credential Creation Complete."
- echo "Platform Credential has been placed in ""$pccert"
-else
- rm -f "$pccert"
- echo "Error with signature validation of the credential."
-fi
-
diff --git a/dotnet/paccor_scripts/paccor_scripts/scripts/referenceoptions.sh b/dotnet/paccor_scripts/paccor_scripts/scripts/referenceoptions.sh
deleted file mode 100644
index ea1aef4..0000000
--- a/dotnet/paccor_scripts/paccor_scripts/scripts/referenceoptions.sh
+++ /dev/null
@@ -1,265 +0,0 @@
-#!/bin/bash
-
-### User customizable values
-tcgPlatformSpecificationMajorVersion="1" # Released May 22, 2017
-tcgPlatformSpecificationMinorVersion="3"
-tcgPlatformSpecificationRevision="22"
-tcgPlatformSpecificationClass="00000001" # In HEX. For the Client (TPM_PS_PC) in the structures document.
-tcgCredentialSpecificationMajorVersion="1" # Released Jan 16, 2018
-tcgCredentialSpecificationMinorVersion="1"
-tcgCredentialSpecificationRevision="17"
-platformConfigUri="" # URL to a platform configuration document
-platformConfigLocalCopyForHashing=""
-tbbSecurityAssertionVersion="1" # default is 1 for this version of credential specification
-#### Common Criteria specific values
-commonCriteriaMeasuresVersion="" # see reference publications at https://CommonCriteriaPortal.org/cc
-assuranceLevel="" # valid options are 1 thru 7
-evaluationStatus="" # valid options: designedToMeet, evaluationInProgress, evaluationCompleted
-ccPlus="" # default false, valid options: true, false
-strengthOfFunction="" # valid options: basic, medium, high
-profileOid="" # OID of the protection profile
-profileUri=""
-profileLocalCopyForHashing=""
-targetOid=""
-targetUri=""
-targetLocalCopyForHashing=""
-#### FIPS specific values
-fipsVersion="" # see reference publications at https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Standards
-fipsLevel=""
-fipsPlus="" # default false, valid options: true, false
-#### Other TBB assertions
-measurementRootType="" # valid options: static, dynamic, nonHost, hybrid, physical, virtual
-iso9000Certified="false" # default false, valid options: true, false
-iso9000Uri="" # This is referenced as a IA5String in v1 of the spec.
-
-### The logic below can be changed by advanced users.
-#### SHA-256 was assumed to be acceptable for each of the hashAlg choices for URI References
-#### 2.16.840.1.101.3.4.2.1 is the oid for SHA-256. see https://tools.ietf.org/html/rfc5754 for other common hash algorithm IDs
-
-
-### JSON Structure Keywords
-JSON_TCGPLATFORMSPECIFICATION="TCGPLATFORMSPECIFICATION"
-JSON_TCGCREDENTIALSPECIFICATION="TCGCREDENTIALSPECIFICATION"
-JSON_MAJORVERSION="MAJORVERSION"
-JSON_MINORVERSION="MINORVERSION"
-JSON_REVISION="REVISION"
-JSON_PLATFORMCLASS="PLATFORMCLASS"
-JSON_TBBSECURITYASSERTIONS="TBBSECURITYASSERTIONS"
-JSON_VERSION="VERSION"
-JSON_CCINFO="CCINFO"
-JSON_ASSURANCELEVEL="ASSURANCELEVEL"
-JSON_EVALUATIONSTATUS="EVALUATIONSTATUS"
-JSON_PLUS="PLUS"
-JSON_STRENGTHOFFUNCTION="STRENGTHOFFUNCTION"
-JSON_PROFILEOID="PROFILEOID"
-JSON_PROFILEURI="PROFILEURI"
-JSON_TARGETOID="TARGETOID"
-JSON_TARGETURI="TARGETURI"
-JSON_FIPSLEVEL="FIPSLEVEL"
-JSON_LEVEL="LEVEL"
-JSON_MEASUREMENTROOTTYPE="RTMTYPE"
-JSON_ISO9000CERTIFIED="ISO9000CERTIFIED"
-JSON_ISO9000URI="ISO9000URI"
-JSON_PLATFORMCONFIGURI="PLATFORMCONFIGURI"
-#### JSON Platform URI Keywords
-JSON_URI="UNIFORMRESOURCEIDENTIFIER"
-JSON_HASHALG="HASHALGORITHM"
-JSON_HASHVALUE="HASHVALUE"
-
-### JSON Structure Format
-JSON_REFERENCE_OPTIONS_TEMPLATE='{
- %s
-}'
-JSON_PLATFORM_SPEC_TEMPLATE='
- \"'"$JSON_TCGPLATFORMSPECIFICATION"'\": {
- \"'"$JSON_VERSION"'\": {
- \"'"$JSON_MAJORVERSION"'\": \"%s\",
- \"'"$JSON_MINORVERSION"'\": \"%s\",
- \"'"$JSON_REVISION"'\": \"%s\"
- },
- \"'"$JSON_PLATFORMCLASS"'\": \"%s\"
- }'
-JSON_CREDENTIAL_SPEC_TEMPLATE='
- \"'"$JSON_TCGCREDENTIALSPECIFICATION"'\": {
- \"'"$JSON_MAJORVERSION"'\": \"%s\",
- \"'"$JSON_MINORVERSION"'\": \"%s\",
- \"'"$JSON_REVISION"'\": \"%s\"
- }'
-JSON_TBB_ASSERTIONS_TEMPLATE='
- \"'"$JSON_TBBSECURITYASSERTIONS"'\": {
- \"'"$JSON_VERSION"'\": \"%s\",
- \"'"$JSON_ISO9000CERTIFIED"'\": \"%s\"%s
- }'
-JSON_CC_INFO_TEMPLATE='
- \"'"$JSON_CCINFO"'\": {
- \"'"$JSON_VERSION"'\": \"%s\",
- \"'"$JSON_ASSURANCELEVEL"'\": \"%s\",
- \"'"$JSON_EVALUATIONSTATUS"'\": \"%s\",
- \"'"$JSON_PLUS"'\": \"%s\"%s
- }'
-JSON_STRENGTHOFFUNCTION_TEMPLATE='
- \"'"$JSON_STRENGTHOFFUNCTION"'\": \"%s\"'
-JSON_PROFILEOID_TEMPLATE='
- \"'"$JSON_PROFILEOID"'\": \"%s\"'
-JSON_TARGETOID_TEMPLATE='
- \"'"$JSON_TARGETOID"'\": \"%s\"'
-JSON_FIPS_LEVEL_TEMPLATE='
- \"'"$JSON_FIPSLEVEL"'\": {
- \"'"$JSON_VERSION"'\": \"%s\",
- \"'"$JSON_LEVEL"'\": \"%s\",
- \"'"$JSON_PLUS"'\": \"%s\"
- }'
-JSON_MEASUREMENTROOTTYPE_TEMPLATE='
- \"'"$JSON_MEASUREMENTROOTTYPE"'\": \"%s\"'
-JSON_ISO9000CERTIFIED_TEMPLATE='
- \"'"$JSON_ISO9000CERTIFIED"'\": \"%s\"'
-JSON_URIREFERENCE_TEMPLATE='
- \"%s\": {
- %s
- }'
-
-### JSON Constructor Aides
-toCSV () {
- old="$IFS"
- IFS=','
- value="$*"
- printf "$value"
-}
-jsonPlatformSpec() {
- platformClass=$(printf "$tcgPlatformSpecificationClass" | xxd -r -p | base64 -w 0)
- printf "$JSON_PLATFORM_SPEC_TEMPLATE" "$tcgPlatformSpecificationMajorVersion" "$tcgPlatformSpecificationMinorVersion" "$tcgPlatformSpecificationRevision" "$platformClass"
-}
-jsonCredentialSpec() {
- printf "$JSON_CREDENTIAL_SPEC_TEMPLATE" "$tcgCredentialSpecificationMajorVersion" "$tcgCredentialSpecificationMinorVersion" "$tcgCredentialSpecificationRevision"
-}
-jsonStrengthOfFunction() {
- if [ -n "$strengthOfFunction" ]; then
- printf "$JSON_STRENGTHOFFUNCTION_TEMPLATE" "$strengthOfFunction"
- fi
-}
-jsonProfileOid() {
- if [ -n "$profileOid" ]; then
- printf "$JSON_PROFILEOID_TEMPLATE" "$profileOid"
- fi
-}
-jsonTargetOid() {
- if [ -n "$targetOid" ]; then
- printf "$JSON_TARGETOID_TEMPLATE" "$targetOid"
- fi
-}
-jsonMeasurementRootType() {
- if [ -n "$measurementRootType" ]; then
- printf "$JSON_MEASUREMENTROOTTYPE_TEMPLATE" "$measurementRootType"
- fi
-}
-jsonIso9000Certified() {
- printf "$JSON_ISO9000CERTIFIED_TEMPLATE" "${1}"
-}
-jsonIso9000UriStr() {
- printf '\"'"$JSON_ISO9000URI"'\": \"%s\"' "${1}"
-}
-jsonUri () {
- printf '\"'"$JSON_URI"'\": \"%s\"' "${1}"
-}
-jsonHashAlg () {
- printf '\"'"$JSON_HASHALG"'\": \"%s\"' "${1}"
-}
-jsonHashValue () {
- printf '\"'"$JSON_HASHVALUE"'\": \"%s\"' "${1}"
-}
-jsonUriBuilder () {
- ## Usage: Requires 3 parameters. See below for the assumed hashAlg.
- ## ${1} - The json object name. i.e. JSON_PROFILEURI
- ## ${2} - The URI
- ## ${3} - Full path to the file to provide a hash over.
- if [ $# -eq 3 ]; then
- tmpUri=$(jsonUri "${2}")
- tmpUriDetails=""
- if [ -n "${2}" ]; then
- tmpHashAlg="2.16.840.1.101.3.4.2.1" # OID for SHA256
- tmpHashValue=$(sha256sum "${3}" | sed -r 's/^([0-9a-f]+).*/\1/' | tr -d [:space:] | xxd -r -p | base64 -w 0)
- tmpHashAlgStr=$(jsonHashAlg "$tmpHashAlg")
- tmpHashValueStr=$(jsonHashValue "$tmpHashValue")
- tmpUriDetails="$tmpHashAlgStr"",""$tmpHashValueStr"
- fi
- printf "$JSON_URIREFERENCE_TEMPLATE" "${1}" "$(toCSV "$tmpUri" "$tmpUriDetails")"
- fi
-}
-jsonCcInfo() {
- if [ -n "$commonCriteriaMeasuresVersion" ] && [ -n "$assuranceLevel" ] && [ -n "$evaluationStatus" ]; then
- if [ -z "$ccPlus" ]; then
- ccPlus="FALSE"
- fi
- tmpRest=
- if [ -n "$strengthOfFunction" ]; then
- tmpRest="$tmpRest"",""$(jsonStrengthOfFunction)"
- fi
- if [ -n "$profileOid" ]; then
- tmpRest="$tmpRest"",""$(jsonProfileOid)"
- fi
- if [ -n "$profileUri" ] && [ -n "$profileLocalCopyForHashing" ]; then
- tmpProfileUri=$(jsonUriBuilder "$JSON_PROFILEURI" "$profileUri" "$profileLocalCopyForHashing")
- tmpRest="$tmpRest"",""$tmpProfileUri"
- fi
- if [ -n "$targetOid" ]; then
- tmpRest="$tmpRest"",""$(jsonTargetOid)"
- fi
- if [ -n "$targetUri" ] && [ -n "$targetLocalCopyForHashing" ]; then
- tmpTargetUri=$(jsonUriBuilder "$JSON_TARGETURI" "$targetUri" "$targetLocalCopyForHashing")
- tmpRest="$tmpRest"",""$tmpTargetUri"
- fi
-
- printf "$JSON_CC_INFO_TEMPLATE" "$commonCriteriaMeasuresVersion" "$assuranceLevel" "$evaluationStatus" "$ccPlus" "${tmpRest}"
- fi
-}
-jsonFipsLevel() {
- if [ -n "$fipsVersion" ] && [ -n "$fipsLevel" ]; then
- if [ -z "$fipsPlus" ]; then
- fipsPlus="FALSE"
- fi
- printf "$JSON_FIPS_LEVEL_TEMPLATE" "$fipsVersion" "$fipsLevel" "$fipsPlus"
- fi
-}
-jsonTbbSecurityAssertions() {
- if [ -z "$tbbSecurityAssertionVersion" ]; then
- tbbSecurityAssertionVersion="1"
- fi
- if [ -z "$iso9000Certified" ]; then
- iso9000Certified="FALSE"
- fi
- tmpRest=
- finalCcInfo=$(jsonCcInfo)
- if [ -n "$finalCcInfo" ]; then
- tmpRest="$tmpRest"",""$finalCcInfo"
- fi
- finalFipsLevel=$(jsonFipsLevel)
- if [ -n "$finalFipsLevel" ]; then
- tmpRest="$tmpRest"",""$finalFipsLevel"
- fi
- if [ -n "$measurementRootType" ]; then
- tmpRtmType=$(jsonMeasurementRootType)
- tmpRest="$tmpRest"",""$tmpRtmType"
- fi
- if [ -n "$iso9000Uri" ]; then
- tmpIso9000Uri=$(jsonIso9000UriStr "$iso9000Uri")
- tmpRest="$tmpRest"",""$tmpIso9000Uri"
- fi
-
- printf "$JSON_TBB_ASSERTIONS_TEMPLATE" "$tbbSecurityAssertionVersion" "$iso9000Certified" "$tmpRest"
-}
-jsonReferenceOptionsFile() {
- tmpData=$(jsonPlatformSpec)
- tmpData="$tmpData"",""$(jsonCredentialSpec)"
- tmpData="$tmpData"",""$(jsonTbbSecurityAssertions)"
- if [ -n "$platformConfigUri" ] && [ -n "$platformConfigLocalCopyForHashing" ]; then
- tmpPlatformConfigUri=$(jsonUriBuilder "$JSON_PLATFORMCONFIGURI" "$platformConfigUri" "$platformConfigLocalCopyForHashing")
- tmpData="$tmpData"",""$tmpPlatformConfigUri"
- fi
- printf "$JSON_REFERENCE_OPTIONS_TEMPLATE" "$tmpData"
-}
-
-
-### Put it all together
-finalData=$(jsonReferenceOptionsFile)
-printf "$finalData""\n"
-
diff --git a/dotnet/paccor_scripts/paccor_scripts/scripts/windows/allcomponents.ps1 b/dotnet/paccor_scripts/paccor_scripts/scripts/windows/allcomponents.ps1
index de9b5b6..44b4aa8 100644
--- a/dotnet/paccor_scripts/paccor_scripts/scripts/windows/allcomponents.ps1
+++ b/dotnet/paccor_scripts/paccor_scripts/scripts/windows/allcomponents.ps1
@@ -83,8 +83,13 @@ $JSON_URI="UNIFORMRESOURCEIDENTIFIER"
$JSON_HASHALG="HASHALGORITHM"
$JSON_HASHVALUE="HASHVALUE"
#### JSON Properties Keywords
-$JSON_NAME="NAME"
-$JSON_VALUE="VALUE"
+$JSON_NAME="PROPERTYNAME"
+$JSON_VALUE="PROPERTYVALUE"
+$JSON_PROP_STATUS="PROPERTYSTATUS"
+#### JSON Status Keywords
+$JSON_STATUS_ADDED="ADDED"
+$JSON_STATUS_MODIFIED="MODIFIED"
+$JSON_STATUS_REMOVED="REMOVED"
$NOT_SPECIFIED="Not Specified"
@@ -120,6 +125,13 @@ $JSON_PROPERTY_TEMPLATE="
`"$JSON_VALUE`": `"{1}`"
}}
"
+$JSON_PROPERTY_TEMPLATE_OPT="
+ {{
+ `"$JSON_NAME`": `"{0}`",
+ `"$JSON_VALUE`": `"{1}`",
+ `"$JSON_PROP_STATUS`": `"{2}`"
+ }}
+"
$JSON_ADDRESSES_TEMPLATE=" `"$JSON_ADDRESSES`": [{0}]"
$JSON_ETHERNETMAC_TEMPLATE=" {{
`"$JSON_ETHERNETMAC`": `"{0}`" }} "
@@ -149,7 +161,6 @@ $JSON_COMPONENTPLATFORMCERTURI_TEMPLATE='
}}'
$JSON_STATUS_TEMPLATE="
`"$JSON_STATUS`": {{
-
}}"
### JSON Constructor Aides
@@ -242,6 +253,8 @@ function queryForPen () {
function jsonProperty () {
if ($args.Length -eq 2) {
echo ("$JSON_PROPERTY_TEMPLATE" -f "$($args[0])","$($args[1])")
+ } elseif ($args.Length -eq 3) {
+ echo ("$JSON_PROPERTY_TEMPLATE_OPT" -f "$($args[0])","$($args[1])","$($args[2])")
}
}
function jsonUri () {
@@ -853,10 +866,10 @@ $componentArray=(jsonComponentArray "$componentChassis" "$componentBaseboard" "$
Write-Progress -Id 1 -Activity "Gathering properties" -PercentComplete 80
$osCaption=((wmic os get caption /value | Select-String -Pattern "^.*=(.*)$").Matches.Groups[1].ToString().Trim())
$property1=(jsonProperty "caption" "$osCaption") ## Example1
-$property2= ## Example2
+$property2=(jsonProperty "caption" "$osCaption") # "$JSON_STATUS_ADDED") ## Example2 with optional third status argument
### Collate the property details
-$propertyArray=(jsonPropertyArray "$property1")
+$propertyArray=(jsonPropertyArray "$property1" "$property2")
### Collate the URI details, if parameters above are blank, the fields will be excluded from the final JSON structure
$componentsUri=""
@@ -874,4 +887,3 @@ $FINAL_JSON_OBJECT=(jsonIntermediateFile "$platform" "$componentArray" "$compone
Write-Progress -Id 1 -Activity "Done" -PercentComplete 100
[IO.File]::WriteAllText($filename, "$FINAL_JSON_OBJECT")
-
diff --git a/dotnet/paccor_scripts/paccor_scripts/scripts/windows/get_ek.ps1 b/dotnet/paccor_scripts/paccor_scripts/scripts/windows/get_ek.ps1
deleted file mode 100644
index 41d0cfe..0000000
--- a/dotnet/paccor_scripts/paccor_scripts/scripts/windows/get_ek.ps1
+++ /dev/null
@@ -1,27 +0,0 @@
-param(
- [parameter(Mandatory=$true)]
- [ValidateNotNull()]
- [string]$filename
-)
-
-(&{
- Write-Progress -Activity "Gathering an EK Certificate" -CurrentOperation "Verifying access to the TPM through Windows" -PercentComplete 0
- If( (New-Object Security.Principal.WindowsPrincipal(
- [Security.Principal.WindowsIdentity]::GetCurrent())
- ).IsInRole(
- [Security.Principal.WindowsBuiltInRole]::Administrator)
- ) {
- Write-Progress -Activity "Gathering an EK Certificate" -CurrentOperation "Accessing the TPM" -PercentComplete 10
- $data=(Get-TpmEndorsementKeyInfo).ManufacturerCertificates[0].GetRawCertData()
- Write-Progress -Activity "EK Certificate Gathered" -CurrentOperation "Converting to Base64" -PercentComplete 75
- $base64 = [Convert]::ToBase64String($data,'InsertLineBreaks')
- Write-Progress -Activity "EK Certificate Gathered" -CurrentOperation "Writing PEM" -PercentComplete 90
- $pem = ("-----BEGIN CERTIFICATE-----`n$base64`n-----END CERTIFICATE-----").Replace("`r`n", "`n")
- [IO.File]::WriteAllText($filename, $pem)
- Write-Progress "Done" -PercentComplete 100
- }
- Else {
- echo "Not admin"
- }
- }
-)
\ No newline at end of file
diff --git a/dotnet/paccor_scripts/paccor_scripts/scripts/windows/otherextensions.ps1 b/dotnet/paccor_scripts/paccor_scripts/scripts/windows/otherextensions.ps1
deleted file mode 100644
index 0d75546..0000000
--- a/dotnet/paccor_scripts/paccor_scripts/scripts/windows/otherextensions.ps1
+++ /dev/null
@@ -1,170 +0,0 @@
-param(
- [parameter(Mandatory=$true)]
- [ValidateNotNull()]
- [string]$filename
-)
-
-### User customizable values
-#### Certificate Policies is a mandatory extension. To add additional policies, more variables must be created and referenced below.
-$certPolicyOid1="1.2.3" # Replace with a real Certificate Policy OID
-$certPolicyQualifierCPS1=""
-$certPolicyQualifierUserNotice1="TCG Trusted Platform Endorsement" # Don't change this value.
-#### Authority Information Access is an optional extension. To add additional access methods, more variables must be created and referenced below.
-$authorityInfoAccessMethod1="" # valid options are OCSP or CAISSUERS
-$authorityInfoAccessLocation1="" # DN
-#### CRL Distribution is an optional extension. Leave any blank to omit the extension.
-$crlType="" # valid options are 0 or 1
-$crlName="" # DN
-$crlReasonFlags="" # valid options are integers 0 thru 16
-$crlIssuer="" # CRL issuer DN
-#### Targeting Information is an optional extension. Leave the targetFile variable blank to omit the extension.
-$targetFile="" # provide comma separated file paths to EK certificates
-
-### The logic below can be changed by advanced users.
-#### SHA-256 was assumed to be acceptable for each of the hashAlg choices for URI References
-#### 2.16.840.1.101.3.4.2.1 is the oid for SHA-256. see https://tools.ietf.org/html/rfc5754 for other common hash algorithm IDs
-
-### JSON Structure Keywords
-$JSON_CERTIFICATEPOLICIES="CERTIFICATEPOLICIES"
-$JSON_POLICYIDENTIFIER="POLICYIDENTIFIER"
-$JSON_POLICYQUALIFIERS="POLICYQUALIFIERS"
-$JSON_POLICYQUALIFIERID="POLICYQUALIFIERID"
-$JSON_QUALIFIER="QUALIFIER"
-$JSON_CPS="CPS"
-$JSON_USERNOTICE="USERNOTICE"
-$JSON_AUTHORITYINFOACCESS="AUTHORITYINFOACCESS"
-$JSON_ACCESSMETHOD="ACCESSMETHOD"
-$JSON_ACCESSLOCATION="ACCESSLOCATION"
-$JSON_OCSP="OCSP"
-$JSON_CAISSUERS="CAISSUERS"
-$JSON_CRLDISTRIBUTION="CRLDISTRIBUTION"
-$JSON_DISTRIBUTIONNAME="DISTRIBUTIONNAME"
-$JSON_TYPE="TYPE"
-$JSON_NAME="NAME"
-$JSON_REASON="REASON"
-$JSON_ISSUER="ISSUER"
-$JSON_TARGETINGINFORMATION="TARGETINGINFORMATION"
-$JSON_FILE="FILE"
-
-### JSON Structure Format
-$JSON_OTHER_EXTENSIONS_TEMPLATE="{{
- {0}
-}}"
-$JSON_CERTIFICATE_POLICIES_TEMPLATE="
- `"$JSON_CERTIFICATEPOLICIES`": [
- {0}
- ]"
-$JSON_POLICY_IDENTIFIER_TEMPLATE="{{
- `"$JSON_POLICYIDENTIFIER`": `"{0}`",
- `"$JSON_POLICYQUALIFIERS`": [
- {1}
- ]
- }}"
-$JSON_POLICY_QUALIFIER_TEMPLATE="{{
- `"$JSON_POLICYQUALIFIERID`": `"{0}`",
- `"$JSON_QUALIFIER`": `"{1}`"
- }}"
-$JSON_AUTHORITY_INFO_ACCESS_TEMPLATE="
- `"$JSON_AUTHORITYINFOACCESS`": [
- {0}
- ]"
-$JSON_AUTH_ACCESS_TEMPLATE="{{
- `"$JSON_ACCESSMETHOD`": `"{0}`",
- `"$JSON_ACCESSLOCATION`": `"{1}`"
- }}"
-$JSON_CRL_DISTRIBUTION_TEMPLATE="
- `"$JSON_CRLDISTRIBUTION`": {{
- `"$JSON_DISTRIBUTIONNAME`": {{
- `"$JSON_TYPE`": `"{0}`",
- `"$JSON_NAME`": `"{1}`"
- }},
- `"$JSON_REASON`": `"{2}`",
- `"$JSON_ISSUER`": `"{3}`"
- }}"
-$JSON_TARGETING_INFORMATION_TEMPLATE="
- `"$JSON_TARGETINGINFORMATION`": [{0}
- ]"
-$JSON_TARGETING_INFORMATION_FILE_TEMPLATE="
- {{ `"$JSON_FILE`": {0}}}" # {0} is not in quotes because the files will be escaped for JSON by powershell
-
-### JSON Constructor Aides
-function toCSV() {
- if ($args.Length -ne 0) {
- for ($i=0; $i -lt $args[0].Length; $i++) {
- $item=($args[0].Get($i))
-
- if ($item) {
- $value="$value,$($args[0].Get($i))"
- }
- }
- echo "$value".Trim(" ", ",")
- }
-}
-function jsonCertificatePolicies() {
- echo ("$JSON_CERTIFICATE_POLICIES_TEMPLATE" -f "$(toCSV($args))")
-}
-function jsonPolicyIdentifier() {
- echo ("$JSON_POLICY_IDENTIFIER_TEMPLATE" -f "$($args[0])","$($args[1])")
-}
-function jsonPolicyQualifierCPS() {
- echo ("$JSON_POLICY_QUALIFIER_TEMPLATE" -f "$JSON_CPS","$($args[0])")
-}
-function jsonPolicyQualifierUserNotice() {
- echo ("$JSON_POLICY_QUALIFIER_TEMPLATE" -f "$JSON_USERNOTICE","$($args[0])")
-}
-function jsonAuthInfoAccess() {
- echo ("$JSON_AUTHORITY_INFO_ACCESS_TEMPLATE" -f "$(toCSV($args))")
-}
-function jsonAuthInfoAccessElement() {
- echo ("$JSON_AUTH_ACCESS_TEMPLATE" -f "$($args[0])","$($args[1])")
-}
-function jsonCRLDist() {
- echo ("$JSON_CRL_DISTRIBUTION_TEMPLATE" -f "$crlType","$crlName","$crlReasonFlags","$crlIssuer")
-}
-function jsonTargetingInformation() {
- $targetInfo= @()
- $targetFileSplit="$targetFile".Split(",")
- for ($i = 0; $i -lt $targetFileSplit.Count ; $i++) {
- $escaped=($targetFileSplit[$i] | ConvertTo-Json)
- $formatted=("$JSON_TARGETING_INFORMATION_FILE_TEMPLATE" -f $escaped)
- $targetInfo+=$formatted
- }
- echo ("$JSON_TARGETING_INFORMATION_TEMPLATE" -f "$(toCSV($targetInfo))")
-}
-
-function jsonOtherExtensionsFile() {
- # work on making this script more intuitive
- $usernotice1=(jsonPolicyQualifierUserNotice "$certPolicyQualifierUserNotice1")
- $qualifier1="$usernotice1"
- if ($certPolicyQualifierCPS1) {
- $cps1=(jsonPolicyQualifierCPS "$certPolicyQualifierCPS1")
- $qualifier1+="," + "$cps1"
- }
- $policyId1=(jsonPolicyIdentifier "$certPolicyOid1" "$qualifier1")
- $certPolicies=(jsonCertificatePolicies "$policyId1")
- $tmpData="$certPolicies"
-
- if ($authorityInfoAccessMethod1 -and $authorityInfoAccessLocation1) {
- $access1=(jsonAuthInfoAccessElement "$authorityInfoAccessMethod1" "$authorityInfoAccessLocation1")
- $access=(jsonAuthInfoAccess "$access1")
- $tmpData+="," + "$access"
- }
-
- if ($crlType -and $crlName -and $crlReasonFlags -and $crlIssuer) {
- $crlDist=(jsonCRLDist)
- $tmpData+="," + "$crlDist"
- }
-
- if ($targetFile) {
- $targets=(jsonTargetingInformation)
- $tmpData+="," + "$targets"
- }
-
- echo ("$JSON_OTHER_EXTENSIONS_TEMPLATE" -f "$tmpData")
-}
-
-
-### Put it all together
-$finalData=(jsonOtherExtensionsFile)
-
-[IO.File]::WriteAllText($filename, "$finalData")
\ No newline at end of file
diff --git a/dotnet/paccor_scripts/paccor_scripts/scripts/windows/pc_certgen.ps1 b/dotnet/paccor_scripts/paccor_scripts/scripts/windows/pc_certgen.ps1
deleted file mode 100644
index d4ed895..0000000
--- a/dotnet/paccor_scripts/paccor_scripts/scripts/windows/pc_certgen.ps1
+++ /dev/null
@@ -1,170 +0,0 @@
-$toolpath=(Split-Path -parent $PSCommandPath)
-$timestamp=(Get-Date -UFormat "%Y%m%d%H%M%S")
-#### Scripts and executable
-$componentlister_script="$toolpath" + "/allcomponents.ps1"
-$policymaker_script="$toolpath" + "/referenceoptions.ps1"
-$get_ek_script="$toolpath" + "/get_ek.ps1"
-$extensions_script="$toolpath" + "/otherextensions.ps1"
-$signer_bin="$toolpath" + "/../../bin/signer.bat"
-$validator_bin="$toolpath" + "/../../bin/validator.bat"
-#### Files
-$workspace="$toolpath" + "/../pc_testgen"
-$componentlist="$workspace" + "/localhost-componentlist.json"
-$policyreference="$workspace" + "/localhost-policyreference.json"
-$ekcert="$workspace" + "/ek.pem"
-$pccert="$workspace" + "/platform_cert." + "$timestamp" + ".crt"
-$sigkey="$workspace" + "/CAcert.p12"
-$pcsigncert="$workspace" + "/PCTestCA.example.com.cer"
-$extsettings="$workspace" + "/extentions.json"
-### Certificate params
-$serialnumber="0001"
-$dateNotBefore="20180101"
-$dateNotAfter="20280101"
-### Key Pair params
-$subjectDN="C=US,O=example.com,OU=PCTest"
-$daysValid=(Get-Date).AddYears(10)
-$sigalg="RSA"
-$sigalgbits="2048"
-$certStoreLocation="Cert:\CurrentUser\My\"
-$pfxpassword="password"
-
-if (!(Test-Path -Path $workspace )) {
- if( (New-Object Security.Principal.WindowsPrincipal(
- [Security.Principal.WindowsIdentity]::GetCurrent())
- ).IsInRole(
- [Security.Principal.WindowsBuiltInRole]::Administrator)
- ) {
- md "$workspace" -ea 0
- if(!$?) {
- echo "Failed to make a working directory in " + "$workspace"
- exit 1
- }
- } else {
- echo "The first time this script is run, this script requires administrator privileges. Please run as admin"
- exit 1
- }
-}
-
-# Step 1 get the ek (requires admin)
-if (!(Test-Path "$ekcert" -PathType Leaf)) {
- echo "Retrieving Endorsement Certificate from the TPM"
- powershell -ExecutionPolicy Bypass "$get_ek_script" "$ekcert"
- if (!$?) {
- echo "Failed to retrieve the ek cert from the TPM, exiting"
- Remove-Item "$ekcert" -Confirm:$false -Force
- exit 1
- }
-} else {
- echo "Endorsement Credential file exists, skipping retrieval"
-}
-
-# Step 2 create the components file (does not require admin on Windows)
-if (!(Test-Path "$componentlist" -PathType Leaf)) {
- echo "Retrieving component info from this device"
- powershell -ExecutionPolicy Bypass "$componentlister_script" "$componentlist"
- if (!$?) {
- echo "Failed to create a device component list, exiting"
- Remove-Item "$componentlist" -Confirm:$false -Force
- exit 1
- }
-} else {
- echo "Component file exists, skipping"
-}
-
-# Step 3 create the reference options file
-if (!(Test-Path "$policyreference" -PathType Leaf)) {
- echo "Creating a Platform policy JSON file"
- powershell -ExecutionPolicy Bypass "$policymaker_script" "$policyreference"
- if (!$?) {
- echo "Failed to create the policy reference, exiting"
- Remove-Item "$policyreference" -Confirm:$false -Force
- exit 1
- }
-} else {
- echo "Policy settings file exists, skipping"
-}
-
-# Step 4 create the extensions settings file
-if (!(Test-Path "$extsettings" -PathType Leaf)) {
- echo "Creating an extensions JSON file"
- powershell -ExecutionPolicy Bypass "$extensions_script" "$extsettings"
- if (!$?) {
- echo "Failed to create the extensions file, exiting"
- Remove-Item "$extsettings" -Confirm:$false -Force
- exit 1
- }
-} else {
- echo "Extensions file exists, skipping"
-}
-
-# Step 5 check for JSON errors
-Write-Progress -Activity "Checking JSON files" -CurrentOperation "components" -PercentComplete 25
-try {
- [IO.File]::ReadAllText("$componentlist") | ConvertFrom-Json -ErrorAction Stop > $null
-} catch {
- echo "Component file has JSON errors, exiting"
- exit 1
-}
-Write-Progress -Activity "Checking JSON files" -CurrentOperation "policy" -PercentComplete 50
-try {
- [IO.File]::ReadAllText("$policyreference") | ConvertFrom-Json -ErrorAction Stop > $null
-} catch {
- echo "Policy settings file has JSON errors, exiting"
- exit 1
-}
-Write-Progress -Activity "Checking JSON files" -CurrentOperation "extensions" -PercentComplete 75
-try {
- [IO.File]::ReadAllText("$extsettings") | ConvertFrom-Json -ErrorAction Stop > $null
-} catch {
- echo "Extensions file has JSON errors, exiting"
- exit 1
-}
-Write-Progress -Activity "Checking JSON files" -CurrentOperation "Done" -PercentComplete 100
-echo "All JSON structures look valid."
-
-# Step 6 create a sample signing key pair
-if (!(Test-Path "$pcsigncert" -PathType Leaf)) {
- echo "Creating a signing key for signing platform credentials"
- $newcert=(New-SelfSignedCertificate -Type Custom -KeyExportPolicy Exportable -Subject "$subjectDN" -KeyUsage DigitalSignature -KeyAlgorithm "$sigalg" -KeyLength "$sigalgbits" -NotAfter "$daysValid" -CertStoreLocation "$certStoreLocation")
- if (!$?) {
- echo "Failed to create the key pair, exiting"
- exit 1
- }
- $passw=ConvertTo-SecureString -String "$pfxpassword" -Force -AsPlainText;
- $certStoreAddress="$certStoreLocation"
- $certStoreAddress+=($newcert.Thumbprint)
- Export-PfxCertificate -Cert "$certStoreAddress" -FilePath "$sigkey" -Password $passw
- if (!$?) {
- echo "Failed to export the PFX file, exiting"
- exit 1
- }
- Export-Certificate -Cert "$certStoreAddress" -FilePath "$pcsigncert"
- if (!$?) {
- echo "Failed to export the certificate, exiting"
- exit 1
- }
- Get-ChildItem "$certStoreLocation" | Where-Object { $_.Thumbprint -match ($newcert.Thumbprint) } | Remove-Item
-} else {
- echo "Platform Signing file exists, skipping"
-}
-
-# Step 7 create and sign the new platform credential
-echo "Generating a signed Platform Credential"
-& $signer_bin -x "$extsettings" -c "$componentlist" -e "$ekcert" -p "$policyreference" -k "$sigkey" -N "$serialnumber" -b "$dateNotBefore" -a "$dateNotAfter" -f "$pccert"
-if (!$?) {
- echo "The signer could not produce a Platform Credential, exiting"
- exit 1
-}
-
-# Step 8 validate the signature
-echo "Validating the signature"
-& $validator_bin -P "$pcsigncert" -X "$pccert"
-
-if ($?) {
- echo "PC Credential Creation Complete."
- echo "Platform Credential has been placed in ""$pccert"
-} else {
- Remove-Item "$pccert" -Confirm:$false -Force
- echo "Error with signature validation of the credential."
-}
-
diff --git a/dotnet/paccor_scripts/paccor_scripts/scripts/windows/referenceoptions.ps1 b/dotnet/paccor_scripts/paccor_scripts/scripts/windows/referenceoptions.ps1
deleted file mode 100644
index 1c50b34..0000000
--- a/dotnet/paccor_scripts/paccor_scripts/scripts/windows/referenceoptions.ps1
+++ /dev/null
@@ -1,291 +0,0 @@
-param(
- [parameter(Mandatory=$true)]
- [ValidateNotNull()]
- [string]$filename
-)
-
-### User customizable values
-$tcgPlatformSpecificationMajorVersion="1" # Released May 22, 2017
-$tcgPlatformSpecificationMinorVersion="3"
-$tcgPlatformSpecificationRevision="22"
-$tcgPlatformSpecificationClass="00000001" # In HEX. For the Client (TPM_PS_PC) in the structures document.
-$tcgCredentialSpecificationMajorVersion="1" #
-$tcgCredentialSpecificationMinorVersion="1"
-$tcgCredentialSpecificationRevision="17"
-$platformConfigUri="" # URL to a platform configuration document
-$platformConfigLocalCopyForHashing=""
-$tbbSecurityAssertionVersion="1" # default is 1 for this version of credential specification
-#### Common Criteria specific values
-$commonCriteriaMeasuresVersion="" # see reference publications at https://CommonCriteriaPortal.org/cc
-$assuranceLevel="" # valid options are 1 thru 7
-$evaluationStatus="" # valid options: designedToMeet, evaluationInProgress, evaluationCompleted
-$ccPlus="" # default false, valid options: true, false
-$strengthOfFunction="" # valid options: basic, medium, high
-$profileOid="" # OID of the protection profile
-$profileUri=""
-$profileLocalCopyForHashing=""
-$targetOid=""
-$targetUri=""
-$targetLocalCopyForHashing=""
-#### FIPS specific values
-$fipsVersion="" # see reference publications at https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Standards
-$fipsLevel=""
-$fipsPlus="" # default false, valid options: true, false
-#### Other TBB assertions
-$measurementRootType="" # valid options: static, dynamic, nonHost, hybrid, physical, virtual
-$iso9000Certified="false" # default false, valid options: true, false
-$iso9000Uri="" # This is referenced as a IA5String in v1 of the spec.
-
-### The logic below can be changed by advanced users.
-#### SHA-256 was assumed to be acceptable for each of the hashAlg choices for URI References
-#### 2.16.840.1.101.3.4.2.1 is the oid for SHA-256. see https://tools.ietf.org/html/rfc5754 for other common hash algorithm IDs
-
-
-### JSON Structure Keywords
-$JSON_TCGPLATFORMSPECIFICATION="TCGPLATFORMSPECIFICATION"
-$JSON_TCGCREDENTIALSPECIFICATION="TCGCREDENTIALSPECIFICATION"
-$JSON_MAJORVERSION="MAJORVERSION"
-$JSON_MINORVERSION="MINORVERSION"
-$JSON_REVISION="REVISION"
-$JSON_PLATFORMCLASS="PLATFORMCLASS"
-$JSON_TBBSECURITYASSERTIONS="TBBSECURITYASSERTIONS"
-$JSON_VERSION="VERSION"
-$JSON_CCINFO="CCINFO"
-$JSON_ASSURANCELEVEL="ASSURANCELEVEL"
-$JSON_EVALUATIONSTATUS="EVALUATIONSTATUS"
-$JSON_PLUS="PLUS"
-$JSON_STRENGTHOFFUNCTION="STRENGTHOFFUNCTION"
-$JSON_PROFILEOID="PROFILEOID"
-$JSON_PROFILEURI="PROFILEURI"
-$JSON_TARGETOID="TARGETOID"
-$JSON_TARGETURI="TARGETURI"
-$JSON_FIPSLEVEL="FIPSLEVEL"
-$JSON_LEVEL="LEVEL"
-$JSON_MEASUREMENTROOTTYPE="RTMTYPE"
-$JSON_ISO9000CERTIFIED="ISO9000CERTIFIED"
-$JSON_ISO9000URI="ISO9000URI"
-$JSON_PLATFORMCONFIGURI="PLATFORMCONFIGURI"
-#### JSON Platform URI Keywords
-$JSON_URI="UNIFORMRESOURCEIDENTIFIER"
-$JSON_HASHALG="HASHALGORITHM"
-$JSON_HASHVALUE="HASHVALUE"
-
-### JSON Structure Format
-$JSON_REFERENCE_OPTIONS_TEMPLATE="{{
- {0}
-}}"
-$JSON_PLATFORM_SPEC_TEMPLATE="
- `"$JSON_TCGPLATFORMSPECIFICATION`": {{
- `"$JSON_VERSION`": {{
- `"$JSON_MAJORVERSION`": `"{0}`",
- `"$JSON_MINORVERSION`": `"{1}`",
- `"$JSON_REVISION`": `"{2}`"
- }},
- `"$JSON_PLATFORMCLASS`": `"{3}`"
- }}"
-$JSON_CREDENTIAL_SPEC_TEMPLATE="
- `"$JSON_TCGCREDENTIALSPECIFICATION`": {{
- `"$JSON_MAJORVERSION`": `"{0}`",
- `"$JSON_MINORVERSION`": `"{1}`",
- `"$JSON_REVISION`": `"{2}`"
- }}"
-$JSON_TBB_ASSERTIONS_TEMPLATE="
- `"$JSON_TBBSECURITYASSERTIONS`": {{
- `"$JSON_VERSION`": `"{0}`",
- `"$JSON_ISO9000CERTIFIED`": `"{1}`"{2}
- }}"
-$JSON_CC_INFO_TEMPLATE="
- `"$JSON_CCINFO`": {{
- `"$JSON_VERSION`": `"{0}`",
- `"$JSON_ASSURANCELEVEL`": `"{1}`",
- `"$JSON_EVALUATIONSTATUS`": `"{2}`",
- `"$JSON_PLUS`": `"{3}`"{4}
- }}"
-$JSON_STRENGTHOFFUNCTION_TEMPLATE="
- `"$JSON_STRENGTHOFFUNCTION`": `"{0}`""
-$JSON_PROFILEOID_TEMPLATE="
- `"$JSON_PROFILEOID`": `"{0}`""
-$JSON_TARGETOID_TEMPLATE="
- `"$JSON_TARGETOID`": `"{0}`""
-$JSON_FIPS_LEVEL_TEMPLATE="
- `"$JSON_FIPSLEVEL`": {{
- `"$JSON_VERSION`": `"{0}`",
- `"$JSON_LEVEL`": `"{1}`",
- `"$JSON_PLUS`": `"{2}`"
- }}"
-$JSON_MEASUREMENTROOTTYPE_TEMPLATE="
- `"$JSON_MEASUREMENTROOTTYPE`": `"{0}`""
-$JSON_ISO9000CERTIFIED_TEMPLATE="
- `"$JSON_ISO9000CERTIFIED`": `"{0}`""
-$JSON_URIREFERENCE_TEMPLATE="
- `"{0}`": {{
- {1}
- }}"
-
-### JSON Constructor Aides
-function toCSV() {
- if ($args.Length -ne 0) {
- for ($i=0; $i -lt $args[0].Length; $i++) {
- $item=($args[0].Get($i))
-
- if ($item) {
- $value="$value,$($args[0].Get($i))"
- }
- }
- echo "$value".Trim(" ", ",")
- }
-}
-function HexToByteArray { # Powershell doesn't have a built in BinToHex function
- Param ([String] $str )
-
- if ($str.Length % 2 -ne 0) {
- $str="0$str"
- }
-
- if ($str.Length -ne 0) {
- ,@($str -split '([a-f0-9]{2})' | foreach-object {
- if ($_) {
- [System.Convert]::ToByte($_,16)
- }
- })
- }
-}
-
-function jsonPlatformSpec() {
- $platformClass=([System.Convert]::ToBase64String($(HexToByteArray $(echo "$tcgPlatformSpecificationClass"))))
- echo ("$JSON_PLATFORM_SPEC_TEMPLATE" -f "$tcgPlatformSpecificationMajorVersion","$tcgPlatformSpecificationMinorVersion","$tcgPlatformSpecificationRevision","$platformClass")
-}
-function jsonCredentialSpec() {
- echo ("$JSON_CREDENTIAL_SPEC_TEMPLATE" -f "$tcgCredentialSpecificationMajorVersion","$tcgCredentialSpecificationMinorVersion","$tcgCredentialSpecificationRevision")
-}
-function jsonStrengthOfFunction() {
- if ($strengthOfFunction) {
- echo ("$JSON_STRENGTHOFFUNCTION_TEMPLATE" -f "$strengthOfFunction")
- }
-}
-function jsonProfileOid() {
- if ($profileOid) {
- echo ("$JSON_PROFILEOID_TEMPLATE" -f "$profileOid")
- }
-}
-function jsonTargetOid() {
- if ($targetOid) {
- echo ("$JSON_TARGETOID_TEMPLATE" -f "$targetOid")
- }
-}
-function jsonMeasurementRootType() {
- if ($measurementRootType) {
- echo ("$JSON_MEASUREMENTROOTTYPE_TEMPLATE" -f "$measurementRootType")
- }
-}
-function jsonIso9000Certified() {
- echo ("$JSON_ISO9000CERTIFIED_TEMPLATE" -f "$($args[0])")
-}
-function jsonIso9000UriStr() {
- echo ("`"$JSON_ISO9000URI`": `"{0}`"" -f "$($args[0])")
-}
-function jsonUri () {
- echo ("`"$JSON_URI`": `"{0}`"" -f "$($args[0])")
-}
-function jsonHashAlg () {
- echo ("`"$JSON_HASHALG`": `"{0}`"" -f "$($args[0])")
-}
-function jsonHashValue () {
- echo ("`"$JSON_HASHVALUE`": `"{0}`"" -f "$($args[0])")
-}
-function jsonUriBuilder () {
- ## Usage: Requires 3 parameters. See below for the assumed hashAlg.
- ## ${1} - The json object name. i.e. JSON_PROFILEURI
- ## ${2} - The URI
- ## ${3} - Full path to the file to provide a hash over.
- if ($args.Length -eq 3) {
- $tmpUri=(jsonUri "$($args[1])")
- $tmpUriDetails=""
- if ($($args[1])) {
- $tmpHashAlg="2.16.840.1.101.3.4.2.1" # OID for SHA256
- $tmpHashValue=([System.Convert]::ToBase64String($(HexToByteArray $(Get-FileHash "$($args[2])" -Algorithm SHA256).Hash.Trim())))
- $tmpHashAlgStr=(jsonHashAlg "$tmpHashAlg")
- $tmpHashValueStr=(jsonHashValue "$tmpHashValue")
- $tmpUriDetails="$tmpHashAlgStr" + "," + "$tmpHashValueStr"
- }
- echo ("$JSON_URIREFERENCE_TEMPLATE" -f "$($args[0])","$(toCSV "$tmpUri","$tmpUriDetails")")
- }
-}
-function jsonCcInfo() {
- if ($commonCriteriaMeasuresVersion -and $assuranceLevel -and $evaluationStatus) {
- if ($ccPlus) {
- $ccPlus="FALSE"
- }
- $tmpRest=""
- if ($strengthOfFunction) {
- $tmpRest="$tmpRest" + "," + (jsonStrengthOfFunction)
- }
- if ($profileOid) {
- $tmpRest="$tmpRest" + "," + (jsonProfileOid)
- }
- if ($profileUri -and $profileLocalCopyForHashing) {
- $tmpProfileUri=(jsonUriBuilder "$JSON_PROFILEURI" "$profileUri" "$profileLocalCopyForHashing")
- $tmpRest+="," + "$tmpProfileUri"
- }
- if ($targetOid) {
- $tmpRest+="," + (jsonTargetOid)
- }
- if ($targetUri -and $targetLocalCopyForHashing) {
- $tmpTargetUri=(jsonUriBuilder "$JSON_TARGETURI" "$targetUri" "$targetLocalCopyForHashing")
- $tmpRest+="," + "$tmpTargetUri"
- }
-
- echo ("$JSON_CC_INFO_TEMPLATE" -f "$commonCriteriaMeasuresVersion","$assuranceLevel","$evaluationStatus","$ccPlus","$tmpRest")
- }
-}
-function jsonFipsLevel() {
- if ($fipsVersion -and $fipsLevel) {
- if (-not $fipsPlus) {
- $fipsPlus="FALSE"
- }
- echo ("$JSON_FIPS_LEVEL_TEMPLATE" -f "$fipsVersion","$fipsLevel","$fipsPlus")
- }
-}
-function jsonTbbSecurityAssertions() {
- if (-not $tbbSecurityAssertionVersion) {
- $tbbSecurityAssertionVersion="1"
- }
- if (-not $iso9000Certified) {
- $iso9000Certified="FALSE"
- }
- $tmpRest=""
- $finalCcInfo=(jsonCcInfo)
- if ($finalCcInfo) {
- $tmpRest+="," + "$finalCcInfo"
- }
- $finalFipsLevel=(jsonFipsLevel)
- if ($finalFipsLevel) {
- $tmpRest=","+ "$finalFipsLevel"
- }
- if ($measurementRootType) {
- $tmpRtmType=(jsonMeasurementRootType)
- $tmpRest+="," + "$tmpRtmType"
- }
- if ($iso9000Uri) {
- $tmpIso9000Uri=(jsonIso9000UriStr "$iso9000Uri")
- $tmpRest+="," + "$tmpIso9000Uri"
- }
-
- echo ("$JSON_TBB_ASSERTIONS_TEMPLATE" -f "$tbbSecurityAssertionVersion","$iso9000Certified","$tmpRest")
-}
-function jsonReferenceOptionsFile() {
- $tmpData=(jsonPlatformSpec)
- $tmpData+=","+(jsonCredentialSpec)
- $tmpData+=","+(jsonTbbSecurityAssertions)
- if ($platformConfigUri -and $platformConfigLocalCopyForHashing) {
- $tmpPlatformConfigUri=(jsonUriBuilder "$JSON_PLATFORMCONFIGURI" "$platformConfigUri" "$platformConfigLocalCopyForHashing")
- $tmpData+="," + "$tmpPlatformConfigUri"
- }
- echo ("$JSON_REFERENCE_OPTIONS_TEMPLATE" -f "$tmpData")
-}
-
-
-### Put it all together
-$finalData=(jsonReferenceOptionsFile)
-
-[IO.File]::WriteAllText($filename, "$finalData")
\ No newline at end of file
diff --git a/dotnet/paccor_scripts/paccor_scripts/src/PaccorComponentScriptsPlugin.cs b/dotnet/paccor_scripts/paccor_scripts/src/PaccorComponentScriptsPlugin.cs
index 0e6356c..0a411fb 100644
--- a/dotnet/paccor_scripts/paccor_scripts/src/PaccorComponentScriptsPlugin.cs
+++ b/dotnet/paccor_scripts/paccor_scripts/src/PaccorComponentScriptsPlugin.cs
@@ -1,42 +1,27 @@
-using HardwareManifestPlugin;
-using org.iso.standards.swid;
-using PlatformCertificateFromProto;
-using System.Reflection;
+using HardwareManifestProto;
+using HardwareManifestPlugin;
using System.Runtime.InteropServices;
namespace paccor_scripts {
- public class PaccorComponentScriptsPlugin : IHardwareManifest {
- public static readonly string scripts = Path.GetFullPath(Path.Combine(Path.GetDirectoryName(typeof(PaccorComponentScriptsPlugin).Assembly.Location)!, "scripts"));
- public static readonly string linux_components = Path.GetFullPath(Path.Combine(scripts, "allcomponents.sh"));
- public static readonly string win_path = Path.GetFullPath(Path.Combine(scripts, "windows"));
- public static readonly string win_temp_output = Path.GetFullPath(Path.Combine(win_path, "out.json"));
- public static readonly string win_components = Path.GetFullPath(Path.Combine(win_path, "allcomponents.ps1"));
- public string Name {
- get; private set;
- }
-
- public string Description {
- get; private set;
- }
- public SoftwareIdentity? SWID {
- get; private set;
- }
-
- PlatformConfiguration IHardwareManifest.PlatformConfiguration => throw new NotImplementedException();
-
- PlatformConfigurationV2 IHardwareManifest.PlatformConfigurationV2 => throw new NotImplementedException();
-
- NameAttributes IHardwareManifest.NameAttributes => throw new NotImplementedException();
+ public sealed class PaccorComponentScriptsPlugin : HardwareManifest {
+ public static readonly string Scripts = Path.GetFullPath(Path.Combine(Path.GetDirectoryName(typeof(PaccorComponentScriptsPlugin).Assembly.Location)!, "scripts"));
+ public static readonly string LinuxComponents = Path.GetFullPath(Path.Combine(Scripts, "allcomponents.sh"));
+ public static readonly string WinPath = Path.GetFullPath(Path.Combine(Scripts, "windows"));
+ public static readonly string WinTempOutput = Path.GetFullPath(Path.Combine(WinPath, "out.json"));
+ public static readonly string WinComponents = Path.GetFullPath(Path.Combine(WinPath, "allcomponents.ps1"));
+ public static readonly string TraitDescription = "paccor component gathering scripts";
+ public static readonly string TraitDescriptionUri = "https://github.com/nsacyber/paccor/scripts";
public PaccorComponentScriptsPlugin() {
Name = "paccor_scripts";
- Description = "paccor 1.1.4r6 component gathering scripts";
- SWID = null;
+ Description = "paccor component gathering scripts";
+ CollectsV2HardwareInformation = true;
+ CollectsV2HardwareInformation = false;
}
- string IHardwareManifest.GatherHardwareManifestAsJsonString() {
- string json = "";
+ public override bool GatherHardwareIdentifiers() {
+ bool result = false;
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) {
Task> task = Task.Run(RunWindows);
Tuple results = task.Result;
@@ -45,44 +30,30 @@ string IHardwareManifest.GatherHardwareManifestAsJsonString() {
}
// The allcomponents powershell script writes output to a file to preserve binary data
// that can get corrupted during redirection
- if (System.IO.File.Exists(win_temp_output)) {
- json = System.IO.File.ReadAllText(win_temp_output);
- //System.IO.File.Delete(win_temp_output);
+ if (System.IO.File.Exists(WinTempOutput)) {
+ string json = System.IO.File.ReadAllText(WinTempOutput);
+ ManifestV2 = ManifestV2.Parser.WithDiscardUnknownFields(true).ParseJson(json);
+ result = true;
}
} else if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) {
- //await $"scripts/00magic.sh --param {arg}".Bash(this.logger);
Task> task = Task.Run(RunLinux);
Tuple results = task.Result;
if (task.Exception != null) {
throw task.Exception;
}
- json = results.Item3;
+ string json = results.Item3;
+ ManifestV2 = ManifestV2.Parser.WithDiscardUnknownFields(true).ParseJson(json);
+ result = true;
}
- return json;
+ return result;
}
private async Task> RunWindows() {
- return await Path.GetFullPath(win_components).ToString().Powershell(win_temp_output);
+ return await Path.GetFullPath(WinComponents).ToString().Powershell(WinComponents);
}
private async Task> RunLinux() {
- return await Path.GetFullPath(linux_components).ToString().Bash();
- }
-
- void IHardwareManifest.Configure(string[] args) {
- // does nothing
- }
-
- bool IHardwareManifest.WillContainPlatformConfigurationV1() {
- return false;
- }
-
- bool IHardwareManifest.WillContainPlatformConfigurationV2() {
- return false;
- }
-
- bool IHardwareManifest.WillContainNameAttributes() {
- return false;
+ return await Path.GetFullPath(LinuxComponents).ToString().Bash();
}
}
}