Added support to parse and load device MAC addresses from Device Mfg …

…Info Signed-off-by: Shrikant Temburwar <[email protected]>
fido-device-onboard · Jun 4, 2024 · 748ba6e · 748ba6e
1 parent d757e21
commit 748ba6e
Show file tree

Hide file tree

Showing 8 changed files with 166 additions and 24 deletions.
diff --git a/component-samples/demo/aio/WEB-INF/web.xml b/component-samples/demo/aio/WEB-INF/web.xml
@@ -3,7 +3,7 @@
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      version="2.5">
- 
+
 
    <servlet>
       <servlet-name>FdoProtocol</servlet-name>
@@ -12,7 +12,7 @@
 
 
 
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>FdoProtocol</servlet-name>
       <url-pattern>/fdo/101/msg/10</url-pattern>
       <url-pattern>/fdo/101/msg/12</url-pattern>
@@ -29,7 +29,7 @@
       <url-pattern>/fdo/101/msg/255</url-pattern>
    </servlet-mapping>
 
-   
+
    <servlet>
       <servlet-name>RvInfo</servlet-name>
       <servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
@@ -38,7 +38,7 @@
         <param-value>org.fidoalliance.fdo.protocol.api.RvInfo</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>RvInfo</servlet-name>
       <url-pattern>/api/v1/rvinfo</url-pattern>
    </servlet-mapping>
@@ -51,7 +51,7 @@
         <param-value>org.fidoalliance.fdo.protocol.api.To2Blob</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>Redirect</servlet-name>
       <url-pattern>/api/v1/owner/redirect</url-pattern>
    </servlet-mapping>
@@ -77,7 +77,7 @@
         <param-value>org.fidoalliance.fdo.protocol.api.To0Starter</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>To0Starter</servlet-name>
       <url-pattern>/api/v1/to0/*</url-pattern>
    </servlet-mapping>
@@ -91,7 +91,7 @@
         <param-value>org.fidoalliance.fdo.protocol.api.SviPackage</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>SviPackage</servlet-name>
       <url-pattern>/api/v1/owner/svi</url-pattern>
    </servlet-mapping>
@@ -105,7 +105,7 @@
         <param-value>org.fidoalliance.fdo.protocol.api.OwnerVoucher</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>OwnerVoucher</servlet-name>
       <url-pattern>/api/v1/owner/vouchers/*</url-pattern>
    </servlet-mapping>
@@ -118,11 +118,11 @@
         <param-value>org.fidoalliance.fdo.protocol.api.Logs</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>Logs</servlet-name>
       <url-pattern>/api/v1/logs</url-pattern>
    </servlet-mapping>
-   
+
 
   <servlet>
       <servlet-name>Interop</servlet-name>
@@ -132,11 +132,11 @@
         <param-value>org.fidoalliance.fdo.protocol.api.InteropVoucher</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>Interop</servlet-name>
       <url-pattern>/api/v1/interop/vouchers/*</url-pattern>
    </servlet-mapping>
-   
+
    <servlet>
       <servlet-name>OnDie</servlet-name>
       <servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
@@ -216,6 +216,19 @@
         <url-pattern>/api/v1/mfg/vouchers/*</url-pattern>
     </servlet-mapping>
 
+    <servlet>
+        <servlet-name>MacAddress</servlet-name>
+        <servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
+        <init-param>
+            <param-name>Api-Class</param-name>
+            <param-value>org.fidoalliance.fdo.protocol.api.MacAddress</param-value>
+        </init-param>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>MacAddress</servlet-name>
+        <url-pattern>/api/v1/mfg/macaddress/*</url-pattern>
+    </servlet-mapping>
+
     <servlet>
         <servlet-name>CertificateApi</servlet-name>
         <servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
@@ -289,7 +302,7 @@
         <param-value>org.fidoalliance.fdo.protocol.api.AllowList</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>AllowList</servlet-name>
       <url-pattern>/api/v1/rv/allow</url-pattern>
    </servlet-mapping>
@@ -302,7 +315,7 @@
         <param-value>org.fidoalliance.fdo.protocol.api.DenyList</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>DenyList</servlet-name>
       <url-pattern>/api/v1/rv/deny</url-pattern>
    </servlet-mapping>

diff --git a/component-samples/demo/manufacturer/WEB-INF/web.xml b/component-samples/demo/manufacturer/WEB-INF/web.xml
@@ -3,7 +3,7 @@
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      version="2.5">
- 
+
 
    <servlet>
       <servlet-name>FdoProtocol</servlet-name>
@@ -12,14 +12,14 @@
 
 
 
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>FdoProtocol</servlet-name>
       <url-pattern>/fdo/101/msg/10</url-pattern>
       <url-pattern>/fdo/101/msg/12</url-pattern>
       <url-pattern>/fdo/101/msg/255</url-pattern>
    </servlet-mapping>
 
-   
+
    <servlet>
       <servlet-name>RvInfo</servlet-name>
       <servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
@@ -28,7 +28,7 @@
         <param-value>org.fidoalliance.fdo.protocol.api.RvInfo</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>RvInfo</servlet-name>
       <url-pattern>/api/v1/rvinfo</url-pattern>
    </servlet-mapping>
@@ -46,7 +46,19 @@
         <url-pattern>/api/v1/mfg/vouchers/*</url-pattern>
     </servlet-mapping>
 
-
+    <servlet>
+        <servlet-name>MacAddress</servlet-name>
+        <servlet-class>org.fidoalliance.fdo.protocol.api.RestApiServlet</servlet-class>
+        <init-param>
+            <param-name>Api-Class</param-name>
+            <param-value>org.fidoalliance.fdo.protocol.api.MacAddress</param-value>
+        </init-param>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>MacAddress</servlet-name>
+        <url-pattern>/api/v1/mfg/macaddress/*</url-pattern>
+    </servlet-mapping>
+
 
    <servlet>
       <servlet-name>Logs</servlet-name>
@@ -56,7 +68,7 @@
         <param-value>org.fidoalliance.fdo.protocol.api.Logs</param-value>
       </init-param>
    </servlet>
-   <servlet-mapping> 
+   <servlet-mapping>
       <servlet-name>Logs</servlet-name>
       <url-pattern>/api/v1/logs</url-pattern>
    </servlet-mapping>

diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java
@@ -22,6 +22,7 @@
 import java.util.Optional;
 import org.apache.commons.codec.binary.Hex;
 import org.fidoalliance.fdo.protocol.db.FdoSysModuleExtra;
+import org.fidoalliance.fdo.protocol.db.ManufacturingInfoStorageFunction;
 import org.fidoalliance.fdo.protocol.db.OnboardConfigSupplier;
 import org.fidoalliance.fdo.protocol.dispatch.CertSignatureFunction;
 import org.fidoalliance.fdo.protocol.dispatch.CredReuseFunction;
@@ -373,6 +374,7 @@ protected void doAppStart(DispatchMessage request, DispatchMessage response) thr
 
     ManufacturingInfo mfgInfo = Mapper.INSTANCE.readValue(appStart.getManufacturingInfo(),
         ManufacturingInfo.class);
+
     SimpleStorage storage = createVoucher(mfgInfo, request.getProtocolVersion());
 
     SessionManager manager = getWorker(SessionManager.class);
@@ -435,6 +437,9 @@ protected void doSetHmac(DispatchMessage request, DispatchMessage response) thro
     VoucherStorageFunction storageFunction = getWorker(VoucherStorageFunction.class);
     storageFunction.apply(info.getSerialNumber(), voucher);
 
+    ManufacturingInfoStorageFunction infoStore = new ManufacturingInfoStorageFunction();
+    infoStore.store(info.getSerialNumber(), info.getMacAddresses());
+
     //save the voucher
     response.setMessage(Mapper.INSTANCE.writeValue(new DiDone()));
     manager.expireSession(request.getAuthToken().get());
@@ -611,7 +616,7 @@ protected void doTo0OwnerSign(DispatchMessage request, DispatchMessage response)
     if (mfgPubKeyEnc.toInteger() < 0 || mfgPubKeyEnc.toInteger() > 3) {
       throw new InvalidMessageException("Invalid Encoding of Mfg Pubkey in OV Header");
     }
-    
+
     //verify to1d
     CryptoService cs = getCryptoService();
     OwnerPublicKey ownerPublicKey = VoucherUtils.getLastOwner(to0d.getVoucher());

diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/api/MacAddress.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/api/MacAddress.java
@@ -0,0 +1,34 @@
+// Copyright 2022 Intel Corporation
+// SPDX-License-Identifier: Apache 2.0
+
+package org.fidoalliance.fdo.protocol.api;
+
+import java.security.cert.Certificate;
+import java.util.Arrays;
+import java.util.List;
+import org.fidoalliance.fdo.protocol.LoggerService;
+import org.fidoalliance.fdo.protocol.dispatch.ManufacturerKeySupplier;
+import org.fidoalliance.fdo.protocol.entity.ManufacturedVoucher;
+import org.fidoalliance.fdo.protocol.message.OwnershipVoucher;
+
+/**
+ * Get API for Manufacturing voucher.
+ */
+public class MacAddress extends RestApi {
+  protected static final LoggerService logger = new LoggerService(MacAddress.class);
+
+
+  @Override
+  public void doGet() throws Exception {
+
+    String path = getLastSegment();
+    logger.info("Manufacturing Voucher SerialNo: " + path);
+
+    ManufacturedVoucher mfgVoucher = getSession().get(ManufacturedVoucher.class, path);
+    if (mfgVoucher == null) {
+      logger.warn("Mfg voucher is null");
+      throw new NotFoundException(path);
+    }
+    getResponse().getOutputStream().write(mfgVoucher.getMacAddresses());
+  }
+}
diff --git a/...ocol/src/main/java/org/fidoalliance/fdo/protocol/db/ManufacturingInfoStorageFunction.java b/...ocol/src/main/java/org/fidoalliance/fdo/protocol/db/ManufacturingInfoStorageFunction.java
@@ -0,0 +1,47 @@
+// Copyright 2022 Intel Corporation
+// SPDX-License-Identifier: Apache 2.0
+
+package org.fidoalliance.fdo.protocol.db;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.UUID;
+import org.fidoalliance.fdo.protocol.Mapper;
+import org.fidoalliance.fdo.protocol.api.NotFoundException;
+import org.fidoalliance.fdo.protocol.dispatch.VoucherStorageFunction;
+import org.fidoalliance.fdo.protocol.entity.ManufacturedVoucher;
+import org.fidoalliance.fdo.protocol.message.ManufacturingInfo;
+import org.fidoalliance.fdo.protocol.message.OwnershipVoucher;
+import org.fidoalliance.fdo.protocol.message.OwnershipVoucherHeader;
+import org.hibernate.Session;
+import org.hibernate.Transaction;
+
+/**
+ * Stores TPM EK Certificate into database.
+ */
+public class ManufacturingInfoStorageFunction {
+
+  /**
+   * Stores TPM EK Certificate into database.
+   * @param serialNo Device serial number that is used to retrieve TPM EK Data.
+   * @param macAddresses MAC addresses received from the client.
+   * @throws IOException Throws exception if required mfgVoucher is null.
+   */
+  public void store(String serialNo, byte[] macAddresses) throws IOException {
+    Session session = HibernateUtil.getSessionFactory().openSession();
+    try {
+      ManufacturedVoucher mfgVoucher = session.get(ManufacturedVoucher.class, serialNo);
+      if (mfgVoucher == null) {
+        throw new NotFoundException(serialNo);
+      }
+      Transaction trans = session.beginTransaction();
+      mfgVoucher.setMacAddresses(macAddresses);
+      session.saveOrUpdate(mfgVoucher);
+      trans.commit();
+    } catch (NotFoundException e) {
+      throw new RuntimeException(e);
+    } finally {
+      session.close();
+    }
+  }
+}
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java
@@ -29,6 +29,11 @@ public class ManufacturedVoucher {
   @Temporal(TemporalType.TIMESTAMP)
   private Date createdOn;
 
+  @Lob
+  @Column(name = "macAddresses", length = 65535)
+  private byte[] macAddresses;
+
+
   public String getSerialNo() {
     return serialNo;
   }
@@ -41,6 +46,15 @@ public Date getCreatedOn() {
     return createdOn;
   }
 
+  public byte[] getMacAddresses() {
+    return macAddresses;
+  }
+
+  public void setMacAddresses(byte[] macAddresses) {
+    this.macAddresses = macAddresses;
+  }
+
+
   public void setSerialNo(String id) {
     this.serialNo = id;
   }

diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java
@@ -13,7 +13,7 @@
 
 @JsonPropertyOrder(
     {"keyType", "keyEnc", "serialNumber", "deviceInfo", "certInfo",
-        "onDieDeviceCertChain", "testSignature", "testSigMaroePrefix"}
+            "macAddresses", "onDieDeviceCertChain", "testSignature", "testSigMaroePrefix"}
 )
 @JsonSerialize(using = ManufacturingInfoSerializer.class)
 @JsonDeserialize(using = ManufacturingInfoDeserializer.class)
@@ -37,6 +37,9 @@ public class ManufacturingInfo {
   @JsonProperty("certInfo")
   private AnyType certInfo;
 
+  @JsonProperty("macAddresses")
+  private byte[] macAddresses;
+
   @JsonProperty("onDieDeviceCertChain")
   private byte[] onDieDeviceCertChain;
 
@@ -46,6 +49,7 @@ public class ManufacturingInfo {
   @JsonProperty("testSigMaroePrefix")
   private byte[] testSigMaroePrefix;
 
+
   @JsonIgnore
   public PublicKeyType getKeyType() {
     return keyType;
@@ -86,6 +90,11 @@ public byte[] getTestSigMaroePrefix() {
     return testSigMaroePrefix;
   }
 
+  @JsonIgnore
+  public byte[] getMacAddresses() {
+    return macAddresses;
+  }
+
   @JsonIgnore
   public void setKeyType(PublicKeyType keyType) {
     this.keyType = keyType;
@@ -125,4 +134,9 @@ public void setTestSignature(byte[] testSignature) {
   public void setTestSigMaroePrefix(byte[] maroePrefix) {
     this.testSigMaroePrefix = maroePrefix;
   }
-}
+
+  @JsonIgnore
+  public void setMacAddresses(byte[] macAddresses) {
+    this.macAddresses = macAddresses;
+  }
+}