2019-06-18 16:09:39 +00:00
|
|
|
// Binary attest-tool performs attestation operations on the local system.
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2019-08-13 21:53:38 +00:00
|
|
|
"bytes"
|
2019-08-21 17:26:55 +00:00
|
|
|
"crypto/ecdsa"
|
2019-06-18 16:09:39 +00:00
|
|
|
"crypto/rand"
|
2019-08-13 21:53:38 +00:00
|
|
|
"crypto/rsa"
|
2019-06-18 16:09:39 +00:00
|
|
|
"encoding/hex"
|
2019-08-13 21:53:38 +00:00
|
|
|
"encoding/json"
|
|
|
|
"encoding/pem"
|
|
|
|
"errors"
|
2019-06-18 16:09:39 +00:00
|
|
|
"flag"
|
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
|
|
|
"os"
|
|
|
|
|
2019-08-13 21:53:38 +00:00
|
|
|
"github.com/google/certificate-transparency-go/x509"
|
2019-06-18 16:09:39 +00:00
|
|
|
"github.com/google/go-attestation/attest"
|
2019-08-13 21:53:38 +00:00
|
|
|
"github.com/google/go-attestation/attest/attest-tool/internal"
|
2019-06-18 16:09:39 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
2019-10-03 19:32:50 +00:00
|
|
|
keyPath = flag.String("key", "ak.json", "Path to the key file")
|
2019-06-18 16:09:39 +00:00
|
|
|
nonceHex = flag.String("nonce", "", "Hex string to use as nonce when quoting")
|
|
|
|
randomNonce = flag.Bool("random-nonce", false, "Generate a random nonce instead of using one provided")
|
|
|
|
useSHA256 = flag.Bool("sha256", false, "Use SHA256 for quote operatons")
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
flag.Parse()
|
|
|
|
|
|
|
|
if *randomNonce {
|
|
|
|
n := make([]byte, 8)
|
|
|
|
rand.Read(n)
|
|
|
|
*nonceHex = hex.EncodeToString(n)
|
|
|
|
}
|
|
|
|
|
|
|
|
tpm, err := attest.OpenTPM(nil)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "Error opening the TPM: %v\n", err)
|
|
|
|
os.Exit(1)
|
|
|
|
}
|
|
|
|
|
|
|
|
err = runCommand(tpm)
|
|
|
|
tpm.Close()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "Error: %v\n", err)
|
|
|
|
os.Exit(1)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-11-08 17:52:59 +00:00
|
|
|
func selftestCredentialActivation(tpm *attest.TPM, ak *attest.AK) error {
|
|
|
|
eks, err := tpm.EKs()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("EKs() failed: %v", err)
|
|
|
|
}
|
|
|
|
if len(eks) == 0 {
|
|
|
|
return errors.New("no EK present")
|
|
|
|
}
|
|
|
|
ek := eks[0].Public
|
|
|
|
|
|
|
|
// Test credential activation.
|
|
|
|
ap := attest.ActivationParameters{
|
|
|
|
TPMVersion: tpm.Version(),
|
|
|
|
EK: ek,
|
|
|
|
AK: ak.AttestationParameters(),
|
|
|
|
}
|
|
|
|
secret, ec, err := ap.Generate()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to generate activation challenge: %v", err)
|
|
|
|
}
|
|
|
|
decryptedSecret, err := ak.ActivateCredential(tpm, *ec)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to generate activate credential: %v", err)
|
|
|
|
}
|
|
|
|
if !bytes.Equal(secret, decryptedSecret) {
|
|
|
|
return errors.New("credential activation produced incorrect secret")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func selftestAttest(tpm *attest.TPM, ak *attest.AK) error {
|
|
|
|
// This nonce is used in generating the quote. As this is a selftest,
|
|
|
|
// its set to an arbitrary value.
|
|
|
|
nonce := []byte{1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8}
|
|
|
|
|
|
|
|
pub, err := attest.ParseAKPublic(tpm.Version(), ak.AttestationParameters().Public)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to parse ak public: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := tpm.MeasurementLog(); err != nil {
|
|
|
|
return fmt.Errorf("no event log available: %v", err)
|
|
|
|
}
|
|
|
|
attestation, err := tpm.AttestPlatform(ak, nonce, nil)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to attest: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
for i, quote := range attestation.Quotes {
|
|
|
|
if err := pub.Verify(quote, attestation.PCRs, nonce); err != nil {
|
|
|
|
return fmt.Errorf("failed to verify quote[%d]: %v", i, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
el, err := attest.ParseEventLog(attestation.EventLog)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to parse event log: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := el.Verify(attestation.PCRs); err != nil {
|
|
|
|
return fmt.Errorf("event log failed to verify: %v", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func selftest(tpm *attest.TPM) error {
|
|
|
|
ak, err := tpm.NewAK(nil)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("NewAK() failed: %v", err)
|
|
|
|
}
|
|
|
|
defer ak.Close(tpm)
|
|
|
|
if err := selftestCredentialActivation(tpm, ak); err != nil {
|
|
|
|
return fmt.Errorf("credential activation failed: %v", err)
|
|
|
|
}
|
|
|
|
if err := selftestAttest(tpm, ak); err != nil {
|
|
|
|
return fmt.Errorf("state attestation failed: %v", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-06-18 16:09:39 +00:00
|
|
|
func runCommand(tpm *attest.TPM) error {
|
|
|
|
switch flag.Arg(0) {
|
|
|
|
case "info":
|
|
|
|
info, err := tpm.Info()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
fmt.Printf("Version: %d\n", info.Version)
|
|
|
|
fmt.Printf("Interface: %d\n", info.Interface)
|
|
|
|
fmt.Printf("VendorInfo: %x\n", info.VendorInfo)
|
|
|
|
fmt.Printf("Manufactorer: %v\n", info.Manufacturer)
|
|
|
|
|
2019-10-03 19:32:50 +00:00
|
|
|
case "make-ak", "make-aik":
|
|
|
|
k, err := tpm.NewAK(nil)
|
2019-06-18 16:09:39 +00:00
|
|
|
if err != nil {
|
2019-10-03 19:32:50 +00:00
|
|
|
return fmt.Errorf("failed to mint an AK: %v", err)
|
2019-06-18 16:09:39 +00:00
|
|
|
}
|
|
|
|
defer k.Close(tpm)
|
|
|
|
b, err := k.Marshal()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-08-06 00:39:25 +00:00
|
|
|
return ioutil.WriteFile(*keyPath, b, 0644)
|
2019-06-18 16:09:39 +00:00
|
|
|
|
|
|
|
case "quote":
|
|
|
|
b, err := ioutil.ReadFile(*keyPath)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-10-03 19:32:50 +00:00
|
|
|
k, err := tpm.LoadAK(b)
|
2019-06-18 16:09:39 +00:00
|
|
|
if err != nil {
|
2019-10-03 19:32:50 +00:00
|
|
|
return fmt.Errorf("failed to load AK: %v", err)
|
2019-06-18 16:09:39 +00:00
|
|
|
}
|
|
|
|
defer k.Close(tpm)
|
|
|
|
|
|
|
|
nonce, err := hex.DecodeString(*nonceHex)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-07-19 21:07:02 +00:00
|
|
|
alg := attest.HashSHA1
|
2019-06-18 16:09:39 +00:00
|
|
|
if *useSHA256 {
|
2019-07-19 21:07:02 +00:00
|
|
|
alg = attest.HashSHA256
|
2019-06-18 16:09:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
q, err := k.Quote(tpm, nonce, alg)
|
|
|
|
if err != nil {
|
2019-08-13 21:53:38 +00:00
|
|
|
return fmt.Errorf("failed to generate quote: %v", err)
|
2019-06-18 16:09:39 +00:00
|
|
|
}
|
|
|
|
fmt.Printf("Quote: %x\n", q.Quote)
|
|
|
|
fmt.Printf("Signature: %x\n", q.Signature)
|
|
|
|
|
|
|
|
case "list-eks":
|
|
|
|
eks, err := tpm.EKs()
|
|
|
|
if err != nil {
|
2019-08-13 21:53:38 +00:00
|
|
|
return fmt.Errorf("failed to read EKs: %v", err)
|
2019-06-18 16:09:39 +00:00
|
|
|
}
|
|
|
|
for _, ek := range eks {
|
2019-08-21 17:26:55 +00:00
|
|
|
data, err := encodeEK(ek)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("encoding ek: %v", err)
|
2019-06-18 16:09:39 +00:00
|
|
|
}
|
2019-08-21 17:26:55 +00:00
|
|
|
fmt.Printf("%s\n", data)
|
2019-06-18 16:09:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
case "list-pcrs":
|
2019-08-20 18:52:12 +00:00
|
|
|
alg := attest.HashSHA1
|
|
|
|
if *useSHA256 {
|
|
|
|
alg = attest.HashSHA256
|
|
|
|
}
|
|
|
|
pcrs, err := tpm.PCRs(alg)
|
2019-06-18 16:09:39 +00:00
|
|
|
if err != nil {
|
2019-08-13 21:53:38 +00:00
|
|
|
return fmt.Errorf("failed to read PCRs: %v", err)
|
2019-06-18 16:09:39 +00:00
|
|
|
}
|
|
|
|
for _, pcr := range pcrs {
|
|
|
|
fmt.Printf("PCR[%d]: %x\n", pcr.Index, pcr.Digest)
|
|
|
|
}
|
|
|
|
|
|
|
|
case "measurement-log":
|
|
|
|
b, err := tpm.MeasurementLog()
|
|
|
|
if err != nil {
|
2019-08-13 21:53:38 +00:00
|
|
|
return fmt.Errorf("failed to read the measurement log: %v", err)
|
2019-06-18 16:09:39 +00:00
|
|
|
}
|
|
|
|
fmt.Printf("%x\n", b)
|
|
|
|
|
2019-08-13 21:53:38 +00:00
|
|
|
case "dump":
|
|
|
|
dumpData, err := runDump(tpm)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return json.NewEncoder(os.Stdout).Encode(dumpData)
|
|
|
|
|
2019-11-08 17:52:59 +00:00
|
|
|
case "self-test":
|
|
|
|
err := selftest(tpm)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println("FAIL")
|
|
|
|
return err
|
|
|
|
} else {
|
|
|
|
fmt.Println("PASS")
|
|
|
|
}
|
|
|
|
|
2019-06-18 16:09:39 +00:00
|
|
|
default:
|
|
|
|
return fmt.Errorf("no such command %q", flag.Arg(0))
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
2019-08-13 21:53:38 +00:00
|
|
|
|
2019-08-21 17:26:55 +00:00
|
|
|
func encodeEK(ek attest.EK) ([]byte, error) {
|
|
|
|
if ek.Certificate != nil {
|
|
|
|
return pem.EncodeToMemory(&pem.Block{
|
|
|
|
Type: "CERTIFICATE",
|
|
|
|
Bytes: ek.Certificate.Raw,
|
|
|
|
}), nil
|
|
|
|
}
|
|
|
|
switch pub := ek.Public.(type) {
|
|
|
|
case *ecdsa.PublicKey:
|
|
|
|
data, err := x509.MarshalPKIXPublicKey(pub)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("marshaling ec public key: %v", err)
|
|
|
|
}
|
|
|
|
return pem.EncodeToMemory(&pem.Block{
|
|
|
|
Type: "EC PUBLIC KEY",
|
|
|
|
Bytes: data,
|
|
|
|
}), nil
|
|
|
|
case *rsa.PublicKey:
|
|
|
|
return pem.EncodeToMemory(&pem.Block{
|
|
|
|
Type: "RSA PUBLIC KEY",
|
|
|
|
Bytes: x509.MarshalPKCS1PublicKey(pub),
|
|
|
|
}), nil
|
|
|
|
default:
|
|
|
|
return nil, fmt.Errorf("unsupported public key type %T", pub)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-08-13 21:53:38 +00:00
|
|
|
func runDump(tpm *attest.TPM) (*internal.Dump, error) {
|
|
|
|
var (
|
|
|
|
out internal.Dump
|
|
|
|
err error
|
|
|
|
)
|
|
|
|
|
|
|
|
out.Static.TPMVersion = tpm.Version()
|
|
|
|
if out.Static.EKPem, err = rsaEKPEM(tpm); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2019-10-03 19:32:50 +00:00
|
|
|
k, err := tpm.NewAK(nil)
|
2019-08-13 21:53:38 +00:00
|
|
|
if err != nil {
|
2019-10-03 19:32:50 +00:00
|
|
|
return nil, fmt.Errorf("failed to mint an AK: %v", err)
|
2019-08-13 21:53:38 +00:00
|
|
|
}
|
|
|
|
defer k.Close(tpm)
|
2019-10-03 19:32:50 +00:00
|
|
|
out.AK = k.AttestationParameters()
|
2019-08-13 21:53:38 +00:00
|
|
|
|
|
|
|
// Get a quote.
|
|
|
|
if out.Quote.Nonce, err = hex.DecodeString(*nonceHex); err != nil {
|
|
|
|
return nil, fmt.Errorf("failed decoding nonce hex: %v", err)
|
|
|
|
}
|
|
|
|
out.Quote.Alg = attest.HashSHA1
|
|
|
|
if *useSHA256 {
|
|
|
|
out.Quote.Alg = attest.HashSHA256
|
|
|
|
}
|
|
|
|
q, err := k.Quote(tpm, out.Quote.Nonce, out.Quote.Alg)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to generate quote: %v", err)
|
|
|
|
}
|
|
|
|
out.Quote.Quote = q.Quote
|
|
|
|
out.Quote.Signature = q.Signature
|
|
|
|
|
|
|
|
// Get log information.
|
|
|
|
if out.Log.Raw, err = tpm.MeasurementLog(); err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to read measurement log: %v", err)
|
|
|
|
}
|
|
|
|
// Get PCR values.
|
2019-08-20 18:52:12 +00:00
|
|
|
if out.Log.PCRs, err = tpm.PCRs(out.Quote.Alg); err != nil {
|
2019-08-13 21:53:38 +00:00
|
|
|
return nil, fmt.Errorf("failed to read PCRs: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return &out, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func rsaEKPEM(tpm *attest.TPM) ([]byte, error) {
|
|
|
|
eks, err := tpm.EKs()
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to read EKs: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
pk *rsa.PublicKey
|
|
|
|
buf bytes.Buffer
|
|
|
|
)
|
|
|
|
for _, ek := range eks {
|
2019-08-21 17:26:55 +00:00
|
|
|
if pub, ok := ek.Public.(*rsa.PublicKey); ok {
|
|
|
|
pk = pub
|
2019-08-13 21:53:38 +00:00
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if pk == nil {
|
|
|
|
return nil, errors.New("no EK available")
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := pem.Encode(&buf, &pem.Block{Type: "RSA PUBLIC KEY", Bytes: x509.MarshalPKCS1PublicKey(pk)}); err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to PEM encode: %v", err)
|
|
|
|
}
|
|
|
|
return buf.Bytes(), nil
|
|
|
|
}
|