HardwareManifest proto file and plugin updates for Platform Certifica…

…te 2.0 (#115) * Creating HardwareManifest proto file
nsacyber · Apr 14, 2024 · 9704571 · 9704571
1 parent 4971aed
commit 9704571
Show file tree

Hide file tree

Showing 34 changed files with 879 additions and 1,634 deletions.
diff --git a/.github/workflows/dotnet-build-hardwaremanifest.yml b/.github/workflows/dotnet-build-hardwaremanifest.yml
@@ -0,0 +1,29 @@
+name: .NET build HardwareManifest
+
+on:
+  push:
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v4
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: 6.0.x
+    - name: Restore dependencies
+      working-directory: dotnet/HardwareManifestPlugin
+      run: dotnet restore
+    - name: Build
+      working-directory: dotnet/HardwareManifestPlugin
+      run: dotnet build
+    - name: Test
+      working-directory: dotnet/HardwareManifestPlugin
+      run: dotnet test
+    - name: Pack
+      working-directory: dotnet/HardwareManifestPlugin
+      run: dotnet pack
diff --git a/.github/workflows/dotnet-build-paccor_scripts.yml b/.github/workflows/dotnet-build-paccor_scripts.yml
@@ -0,0 +1,34 @@
+name: .NET build paccor_scripts
+
+on:
+  push:
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v4
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: 6.0.x
+    - name: Restore dependencies
+      working-directory: dotnet/paccor_scripts
+      run: dotnet restore
+    - name: Build
+      working-directory: dotnet/paccor_scripts
+      run: dotnet build
+    - name: Test
+      working-directory: dotnet/paccor_scripts
+      run: dotnet test
+    - name: Pack
+      working-directory: dotnet/paccor_scripts
+      run: dotnet pack
+    - name: Publish
+      working-directory: dotnet/paccor_scripts/paccor_scripts
+      run: |
+        dotnet publish -r linux-x64 -c Release
+        dotnet publish -r win-x64 -c Release
diff --git a/dotnet/HardwareManifestPlugin/.editorconfig b/dotnet/HardwareManifestPlugin/.editorconfig
@@ -12,7 +12,7 @@ indent_style = space
 tab_width = 4
 
 # New line preferences
-end_of_line = crlf
+end_of_line = lf
 insert_final_newline = false
 
 #### .NET Coding Conventions ####

diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin.sln b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin.sln
@@ -5,7 +5,12 @@ VisualStudioVersion = 17.1.32421.90
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "HardwareManifestPlugin", "HardwareManifestPlugin\HardwareManifestPlugin.csproj", "{53C81C44-E5AC-4A0E-B345-C1B7B29F4B6D}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HardwareManifestPluginManager", "HardwareManifestPluginManager\HardwareManifestPluginManager.csproj", "{502E153C-EE54-4472-8241-41F43687FA96}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "HardwareManifestPluginManager", "HardwareManifestPluginManager\HardwareManifestPluginManager.csproj", "{502E153C-EE54-4472-8241-41F43687FA96}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HardwareManifestPluginTests", "HardwareManifestPluginTests\HardwareManifestPluginTests.csproj", "{B7427D0D-A770-4EB0-BDD8-47E412C95740}"
+	ProjectSection(ProjectDependencies) = postProject
+		{53C81C44-E5AC-4A0E-B345-C1B7B29F4B6D} = {53C81C44-E5AC-4A0E-B345-C1B7B29F4B6D}
+	EndProjectSection
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -21,6 +26,10 @@ Global
 		{502E153C-EE54-4472-8241-41F43687FA96}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{502E153C-EE54-4472-8241-41F43687FA96}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{502E153C-EE54-4472-8241-41F43687FA96}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B7427D0D-A770-4EB0-BDD8-47E412C95740}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B7427D0D-A770-4EB0-BDD8-47E412C95740}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B7427D0D-A770-4EB0-BDD8-47E412C95740}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B7427D0D-A770-4EB0-BDD8-47E412C95740}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/HardwareManifestPlugin.csproj b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/HardwareManifestPlugin.csproj
@@ -6,7 +6,7 @@
     <Nullable>enable</Nullable>
     <Authors>NSA Cybersecurity Directorate</Authors>
     <PackageId>paccor.HardwareManifestPlugin</PackageId>
-    <PackageVersion>1.0.0</PackageVersion>
+    <PackageVersion>2.0.1</PackageVersion>
     <PackageTags>paccor;platform;certificate;hardware;manifest;interface</PackageTags>
     <PackageReadmeFile>README.md</PackageReadmeFile>
     <PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
@@ -17,14 +17,16 @@
     <IncludeSymbols>true</IncludeSymbols>
     <SymbolPackageFormat>snupkg</SymbolPackageFormat>
   </PropertyGroup>
-  <ItemGroup>
-    <PackageReference Include="PlatformCertificate.Proto" Version="1.0.0" />
-    <PackageReference Include="SWIDFromXSD" Version="1.0.0" />
-  </ItemGroup>
 
   <ItemGroup>
+    <PackageReference Include="Google.Protobuf" Version="3.20.1" />
+    <PackageReference Include="Google.Protobuf.Tools" Version="3.20.1">
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
     <!--Source Link -->
-    <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1" PrivateAssets="All"/>
+    <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1" PrivateAssets="All" />
+    <PackageReference Include="PlatformCertificate.Proto" Version="2.0.3" />
+    <PackageReference Include="PlatformCertificate.Proto.ProtoFiles" Version="2.0.7" />
   </ItemGroup>
 
   <ItemGroup>
@@ -33,4 +35,32 @@
     <None Include="..\..\..\images\paccorpluginslogoicon.png" Pack="true" PackagePath="icon.png" />
     <None Include="README.md" Pack="true" PackagePath="\" />
   </ItemGroup>
+
+  <Target Name="BuildProto" BeforeTargets="PreBuildEvent">
+    <PropertyGroup>
+      <FOLDER_PROTO>$(ProjectDir)Resources</FOLDER_PROTO>
+      <FOLDER_OUT>$(ProjectDir)generated</FOLDER_OUT>
+    </PropertyGroup>
+    <PropertyGroup>
+      <protoc Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::Linux)))' And '$([System.Runtime.InteropServices.RuntimeInformation]::OSArchitecture)'=='X64'">$(protoc_linux64)</protoc>
+      <protoc Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::Linux)))' And '$([System.Runtime.InteropServices.RuntimeInformation]::OSArchitecture)'=='X86'">$(protoc_linux86)</protoc>
+      <protoc Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::OSX)))' And '$([System.Runtime.InteropServices.RuntimeInformation]::OSArchitecture)'=='X64'">$(protoc_macosx64)</protoc>
+      <protoc Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::OSX)))' And '$([System.Runtime.InteropServices.RuntimeInformation]::OSArchitecture)'=='X86'">$(protoc_macosx86)</protoc>
+      <protoc Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::Windows)))' And '$([System.Runtime.InteropServices.RuntimeInformation]::OSArchitecture)'=='X64'">$(protoc_windows64)</protoc>
+      <protoc Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::Windows)))' And '$([System.Runtime.InteropServices.RuntimeInformation]::OSArchitecture)'=='X86'">$(protoc_windows86)</protoc>
+    </PropertyGroup>
+    <ItemGroup>
+      <Compile Condition="!Exists('$(FOLDER_OUT)')" Include="generated/HardwareManifest.cs" />
+    </ItemGroup>
+    <Exec Condition="!Exists('$(FOLDER_OUT)')" Command="mkdir $(FOLDER_OUT)" />
+    <Exec Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::Windows)))'" Command="for /f %%i in ('dir /s /b $(FOLDER_PROTO)\*.proto') do (  $(protoc) --proto_path=$(protoc_tools) --proto_path=$(PlatformCertificateProtoFilesDir) -I=$(FOLDER_PROTO) --csharp_out=$(FOLDER_OUT) %%i )" />
+    <Exec Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::Linux)))'" Command="for file in `ls -1R $(FOLDER_PROTO)/*.proto` ; do $(protoc) --proto_path=$(protoc_tools) --proto_path=$(PlatformCertificateProtoFilesDir) -I=$(FOLDER_PROTO) --csharp_out=$(FOLDER_OUT) $file; done " />
+
+
+    <ItemGroup>
+      <GeneratedFiles Include="$(FOLDER_OUT)/*.cs;" />
+    </ItemGroup>
+    <Message Text="The protobuf compiler successfully generated:" Importance="high" />
+    <Message Text="    %(GeneratedFiles.Filename)%(GeneratedFiles.Extension)" Importance="high" />
+  </Target>
 </Project>
diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/README.md b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/README.md
@@ -1,7 +1,7 @@
 paccor is a popular solution for creating the TCG Platform Certificate. The platform certificate enables traceability in the hardware supply chain of a computing device.
 
 
-This HardwareManifestPlugin is an experimental feature that can be used to extend the [HIRS .NET Provisioner](https://github.com/nsacyber/hirs/). The IHardwareManifest interface, within this package, defines the parameters necessary to customize hardware evidence collection by the Provisioner client.
+This HardwareManifestPlugin is an experimental feature that can be used to extend the [HIRS .NET Provisioner](https://github.com/nsacyber/hirs/). The IHardwareManifestPlugin interface within this package defines the interface used by the Provisioner to collect hardware evidence.
 
 
 See the paccor.paccor_scripts nuget package for an example implementation.

diff --git a/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/Resources/HardwareManifest.proto b/dotnet/HardwareManifestPlugin/HardwareManifestPlugin/Resources/HardwareManifest.proto
@@ -0,0 +1,83 @@
+syntax = "proto3";
+
+import "PlatformCertificateIM.proto";
+
+package HardwareManifestProto;
+
+message ManifestV3 {
+  PlatformCertificateProto.PlatformIdentifierOtherName platformIdentifier = 1;
+  PlatformCertificateProto.PlatformConfiguration platformConfiguration = 2;
+}
+
+message ManifestV2 {
+  SanPlatformFields PLATFORM = 1;                          // Subject Alt Name Platform Fields
+  repeated ComponentIdentifier COMPONENTS = 2;
+  repeated Property PROPERTIES = 3;
+  UriReference COMPONENTSURI = 4;
+  UriReference PROPERTIESURI = 5;
+}
+
+message SanPlatformFields {
+  string PLATFORMMANUFACTURERSTR = 1;
+  string PLATFORMMODEL = 2;
+  string PLATFORMVERSION = 3;
+  string PLATFORMSERIAL = 4;
+  string PLATFORMMANUFACTURERID = 5;
+}
+
+message ComponentIdentifier {
+  ComponentClass COMPONENTCLASS = 1;
+  string MANUFACTURER = 2;
+  string MODEL = 3;
+  string SERIAL = 4;
+  string REVISION = 5;
+  string MANUFACTURERID = 6;
+  string FIELDREPLACEABLE = 7;                             // true or false
+  repeated Address ADDRESSES = 8;
+  string STATUS = 9;                                       // ADDED, MODIFIED, or REMOVED
+  CertificateIdentifier PLATFORMCERT = 10;
+  UriReference COMPONENTPLATFORMCERTURI = 11;
+  CertificateIdentifier CERTIFICATEIDENTIFIER = 12;
+}
+
+message Property {
+  string PROPERTYNAME = 1;
+  string PROPERTYVALUE = 2;
+  string STATUS = 3;
+}
+
+message ComponentClass {
+  string COMPONENTCLASSREGISTRY = 1;                       // OID
+  string COMPONENTCLASSVALUE = 2;                          // Hex String
+}
+
+message Address {
+  oneof ADDRESSES_oneof {
+    string BLUETOOTHMAC = 1;
+    string ETHERNETMAC = 2;
+    string WLANMAC = 3;
+  }
+}
+
+message HashedCertificateIdentifier {
+  string HASHALG = 1;                                      // OID
+  string HASHVALUE = 2;                                    // base64 encode the binary value
+}
+
+message GenericCertificateIdentifier {
+  string ISSUER = 1;
+  string SERIAL = 2;
+}
+
+message CertificateIdentifier {
+  HashedCertificateIdentifier ATTRIBUTECERTIDENTIFIER = 1;
+  GenericCertificateIdentifier GENERICCERTIDENTIFIER = 2;
+  HashedCertificateIdentifier HASHEDCERTIDENTIFIER = 3;
+}
+
+message UriReference {
+  string UNIFORMRESOURCEIDENTIFIER = 1;
+  string HASHALG = 2;                                      // OID
+  string HASHVALUE = 3;                                    // base64 encode the binary value
+}
+