2019-08-28 23:59:46 +00:00
|
|
|
|
// Copyright 2019 Google Inc.
|
|
|
|
|
|
//
|
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
|
|
|
|
|
// use this file except in compliance with the License. You may obtain a copy of
|
|
|
|
|
|
// the License at
|
|
|
|
|
|
//
|
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
//
|
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
|
|
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
|
|
|
|
// License for the specific language governing permissions and limitations under
|
|
|
|
|
|
// the License.
|
|
|
|
|
|
|
2019-07-30 14:40:19 +00:00
|
|
|
|
package attest
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"bytes"
|
|
|
|
|
|
"crypto"
|
2019-09-20 17:34:07 +00:00
|
|
|
|
"crypto/rsa"
|
|
|
|
|
|
"crypto/sha1"
|
2019-12-19 20:28:32 +00:00
|
|
|
|
"crypto/sha256"
|
2019-07-30 14:40:19 +00:00
|
|
|
|
"encoding/binary"
|
2019-12-19 20:28:32 +00:00
|
|
|
|
"errors"
|
2019-07-30 14:40:19 +00:00
|
|
|
|
"fmt"
|
|
|
|
|
|
"io"
|
|
|
|
|
|
"sort"
|
2020-06-11 19:55:03 +00:00
|
|
|
|
"strings"
|
2019-07-30 14:40:19 +00:00
|
|
|
|
|
|
|
|
|
|
// Ensure hashes are available.
|
|
|
|
|
|
_ "crypto/sha256"
|
|
|
|
|
|
|
2023-06-13 14:43:38 +00:00
|
|
|
|
"github.com/google/go-tpm/legacy/tpm2"
|
2019-07-30 14:40:19 +00:00
|
|
|
|
"github.com/google/go-tpm/tpmutil"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
2019-09-24 18:03:21 +00:00
|
|
|
|
// ReplayError describes the parsed events that failed to verify against
|
|
|
|
|
|
// a particular PCR.
|
|
|
|
|
|
type ReplayError struct {
|
2021-04-13 17:46:15 +00:00
|
|
|
|
Events []Event
|
2020-11-30 19:56:55 +00:00
|
|
|
|
// InvalidPCRs reports the set of PCRs where the event log replay failed.
|
|
|
|
|
|
InvalidPCRs []int
|
2019-09-24 18:03:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-04-16 17:20:55 +00:00
|
|
|
|
func (e ReplayError) affected(pcr int) bool {
|
2020-11-30 19:56:55 +00:00
|
|
|
|
for _, p := range e.InvalidPCRs {
|
2020-04-16 17:20:55 +00:00
|
|
|
|
if p == pcr {
|
|
|
|
|
|
return true
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-09-24 18:03:21 +00:00
|
|
|
|
// Error returns a human-friendly description of replay failures.
|
|
|
|
|
|
func (e ReplayError) Error() string {
|
2020-11-30 19:56:55 +00:00
|
|
|
|
return fmt.Sprintf("event log failed to verify: the following registers failed to replay: %v", e.InvalidPCRs)
|
2019-09-24 18:03:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-07-30 14:40:19 +00:00
|
|
|
|
// EventType indicates what kind of data an event is reporting.
|
2020-11-30 20:22:43 +00:00
|
|
|
|
//
|
|
|
|
|
|
// https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf#page=103
|
2019-07-30 14:40:19 +00:00
|
|
|
|
type EventType uint32
|
|
|
|
|
|
|
2020-11-30 20:22:43 +00:00
|
|
|
|
var eventTypeStrings = map[uint32]string{
|
|
|
|
|
|
0x00000000: "EV_PREBOOT_CERT",
|
|
|
|
|
|
0x00000001: "EV_POST_CODE",
|
|
|
|
|
|
0x00000002: "EV_UNUSED",
|
|
|
|
|
|
0x00000003: "EV_NO_ACTION",
|
|
|
|
|
|
0x00000004: "EV_SEPARATOR",
|
|
|
|
|
|
0x00000005: "EV_ACTION",
|
|
|
|
|
|
0x00000006: "EV_EVENT_TAG",
|
|
|
|
|
|
0x00000007: "EV_S_CRTM_CONTENTS",
|
|
|
|
|
|
0x00000008: "EV_S_CRTM_VERSION",
|
|
|
|
|
|
0x00000009: "EV_CPU_MICROCODE",
|
|
|
|
|
|
0x0000000A: "EV_PLATFORM_CONFIG_FLAGS",
|
|
|
|
|
|
0x0000000B: "EV_TABLE_OF_DEVICES",
|
|
|
|
|
|
0x0000000C: "EV_COMPACT_HASH",
|
|
|
|
|
|
0x0000000D: "EV_IPL",
|
|
|
|
|
|
0x0000000E: "EV_IPL_PARTITION_DATA",
|
|
|
|
|
|
0x0000000F: "EV_NONHOST_CODE",
|
|
|
|
|
|
0x00000010: "EV_NONHOST_CONFIG",
|
|
|
|
|
|
0x00000011: "EV_NONHOST_INFO",
|
|
|
|
|
|
0x00000012: "EV_OMIT_BOOT_DEVICE_EVENTS",
|
|
|
|
|
|
0x80000000: "EV_EFI_EVENT_BASE",
|
|
|
|
|
|
0x80000001: "EV_EFI_VARIABLE_DRIVER_CONFIG",
|
|
|
|
|
|
0x80000002: "EV_EFI_VARIABLE_BOOT",
|
|
|
|
|
|
0x80000003: "EV_EFI_BOOT_SERVICES_APPLICATION",
|
|
|
|
|
|
0x80000004: "EV_EFI_BOOT_SERVICES_DRIVER",
|
|
|
|
|
|
0x80000005: "EV_EFI_RUNTIME_SERVICES_DRIVER",
|
|
|
|
|
|
0x80000006: "EV_EFI_GPT_EVENT",
|
|
|
|
|
|
0x80000007: "EV_EFI_ACTION",
|
|
|
|
|
|
0x80000008: "EV_EFI_PLATFORM_FIRMWARE_BLOB",
|
|
|
|
|
|
0x80000009: "EV_EFI_HANDOFF_TABLES",
|
|
|
|
|
|
0x80000010: "EV_EFI_HCRTM_EVENT",
|
|
|
|
|
|
0x800000E0: "EV_EFI_VARIABLE_AUTHORITY",
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// String returns the Spec name of the EventType, for example "EV_ACTION". If
|
|
|
|
|
|
// unknown, it returns a formatted string of the EventType value.
|
|
|
|
|
|
func (e EventType) String() string {
|
|
|
|
|
|
if s, ok := eventTypeStrings[uint32(e)]; ok {
|
|
|
|
|
|
return s
|
|
|
|
|
|
}
|
|
|
|
|
|
// NOTE: 0x00000013-0x0000FFFF are reserverd. Should we include that
|
|
|
|
|
|
// information in the formatting?
|
|
|
|
|
|
return fmt.Sprintf("EventType(0x%08x)", uint32(e))
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-07-30 14:40:19 +00:00
|
|
|
|
// Event is a single event from a TCG event log. This reports descrete items such
|
2021-12-09 00:43:38 +00:00
|
|
|
|
// as BIOS measurements or EFI states.
|
2020-11-30 20:22:43 +00:00
|
|
|
|
//
|
|
|
|
|
|
// There are many pitfalls for using event log events correctly to determine the
|
2021-12-09 00:43:38 +00:00
|
|
|
|
// state of a machine[1]. In general it's much safer to only rely on the raw PCR
|
2020-11-30 20:22:43 +00:00
|
|
|
|
// values and use the event log for debugging.
|
|
|
|
|
|
//
|
|
|
|
|
|
// [1] https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md
|
2019-07-30 14:40:19 +00:00
|
|
|
|
type Event struct {
|
2019-09-25 21:50:17 +00:00
|
|
|
|
// order of the event in the event log.
|
|
|
|
|
|
sequence int
|
2020-11-30 20:22:43 +00:00
|
|
|
|
// Index of the PCR that this event was replayed against.
|
2019-07-30 14:40:19 +00:00
|
|
|
|
Index int
|
2020-11-30 20:22:43 +00:00
|
|
|
|
// Untrusted type of the event. This value is not verified by event log replays
|
|
|
|
|
|
// and can be tampered with. It should NOT be used without additional context,
|
|
|
|
|
|
// and unrecognized event types should result in errors.
|
2019-07-30 14:40:19 +00:00
|
|
|
|
Type EventType
|
|
|
|
|
|
|
|
|
|
|
|
// Data of the event. For certain kinds of events, this must match the event
|
|
|
|
|
|
// digest to be valid.
|
|
|
|
|
|
Data []byte
|
|
|
|
|
|
// Digest is the verified digest of the event data. While an event can have
|
|
|
|
|
|
// multiple for different hash values, this is the one that was matched to the
|
|
|
|
|
|
// PCR value.
|
|
|
|
|
|
Digest []byte
|
|
|
|
|
|
|
|
|
|
|
|
// TODO(ericchiang): Provide examples or links for which event types must
|
|
|
|
|
|
// match their data to their digest.
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-12-19 20:28:32 +00:00
|
|
|
|
func (e *Event) digestEquals(b []byte) error {
|
|
|
|
|
|
if len(e.Digest) == 0 {
|
|
|
|
|
|
return errors.New("no digests present")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
switch len(e.Digest) {
|
|
|
|
|
|
case crypto.SHA256.Size():
|
|
|
|
|
|
s := sha256.Sum256(b)
|
|
|
|
|
|
if bytes.Equal(s[:], e.Digest) {
|
|
|
|
|
|
return nil
|
|
|
|
|
|
}
|
|
|
|
|
|
case crypto.SHA1.Size():
|
|
|
|
|
|
s := sha1.Sum(b)
|
|
|
|
|
|
if bytes.Equal(s[:], e.Digest) {
|
|
|
|
|
|
return nil
|
|
|
|
|
|
}
|
|
|
|
|
|
default:
|
|
|
|
|
|
return fmt.Errorf("cannot compare hash of length %d", len(e.Digest))
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return fmt.Errorf("digest (len %d) does not match", len(e.Digest))
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-08-28 23:59:46 +00:00
|
|
|
|
// EventLog is a parsed measurement log. This contains unverified data representing
|
|
|
|
|
|
// boot events that must be replayed against PCR values to determine authenticity.
|
|
|
|
|
|
type EventLog struct {
|
2019-09-19 22:23:53 +00:00
|
|
|
|
// Algs holds the set of algorithms that the event log uses.
|
|
|
|
|
|
Algs []HashAlg
|
|
|
|
|
|
|
2021-11-18 23:36:14 +00:00
|
|
|
|
rawEvents []rawEvent
|
|
|
|
|
|
specIDEvent *specIDEvent
|
2019-08-28 23:59:46 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-04-16 17:20:55 +00:00
|
|
|
|
func (e *EventLog) clone() *EventLog {
|
|
|
|
|
|
out := EventLog{
|
|
|
|
|
|
Algs: make([]HashAlg, len(e.Algs)),
|
|
|
|
|
|
rawEvents: make([]rawEvent, len(e.rawEvents)),
|
|
|
|
|
|
}
|
|
|
|
|
|
copy(out.Algs, e.Algs)
|
|
|
|
|
|
copy(out.rawEvents, e.rawEvents)
|
2021-11-18 23:36:14 +00:00
|
|
|
|
if e.specIDEvent != nil {
|
|
|
|
|
|
dupe := *e.specIDEvent
|
|
|
|
|
|
out.specIDEvent = &dupe
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-04-16 17:20:55 +00:00
|
|
|
|
return &out
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-30 20:22:43 +00:00
|
|
|
|
// Events returns events that have not been replayed against the PCR values and
|
|
|
|
|
|
// are therefore unverified. The returned events contain the digest that matches
|
|
|
|
|
|
// the provided hash algorithm, or are empty if that event didn't contain a
|
|
|
|
|
|
// digest for that hash.
|
|
|
|
|
|
//
|
|
|
|
|
|
// This method is insecure and should only be used for debugging.
|
|
|
|
|
|
func (e *EventLog) Events(hash HashAlg) []Event {
|
|
|
|
|
|
var events []Event
|
|
|
|
|
|
for _, re := range e.rawEvents {
|
|
|
|
|
|
ev := Event{
|
|
|
|
|
|
Index: re.index,
|
|
|
|
|
|
Type: re.typ,
|
|
|
|
|
|
Data: re.data,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
for _, digest := range re.digests {
|
|
|
|
|
|
if hash.cryptoHash() != digest.hash {
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
ev.Digest = digest.data
|
|
|
|
|
|
break
|
|
|
|
|
|
}
|
|
|
|
|
|
events = append(events, ev)
|
|
|
|
|
|
}
|
|
|
|
|
|
return events
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-09-25 21:50:17 +00:00
|
|
|
|
// Verify replays the event log against a TPM's PCR values, returning the
|
|
|
|
|
|
// events which could be matched to a provided PCR value.
|
2020-11-30 20:22:43 +00:00
|
|
|
|
//
|
2021-12-09 00:43:38 +00:00
|
|
|
|
// PCRs provide no security guarantees unless they're attested to have been
|
2020-11-30 20:22:43 +00:00
|
|
|
|
// generated by a TPM. Verify does not perform these checks.
|
|
|
|
|
|
//
|
2019-09-25 21:50:17 +00:00
|
|
|
|
// An error is returned if the replayed digest for events with a given PCR
|
|
|
|
|
|
// index do not match any provided value for that PCR index.
|
2019-08-28 23:59:46 +00:00
|
|
|
|
func (e *EventLog) Verify(pcrs []PCR) ([]Event, error) {
|
2020-04-16 17:20:55 +00:00
|
|
|
|
events, err := e.verify(pcrs)
|
|
|
|
|
|
// If there were any issues replaying the PCRs, try each of the workarounds
|
|
|
|
|
|
// in turn.
|
|
|
|
|
|
// TODO(jsonp): Allow workarounds to be combined.
|
|
|
|
|
|
if rErr, isReplayErr := err.(ReplayError); isReplayErr {
|
|
|
|
|
|
for _, wkrd := range eventlogWorkarounds {
|
|
|
|
|
|
if !rErr.affected(wkrd.affectedPCR) {
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
el := e.clone()
|
|
|
|
|
|
if err := wkrd.apply(el); err != nil {
|
|
|
|
|
|
return nil, fmt.Errorf("failed applying workaround %q: %v", wkrd.id, err)
|
|
|
|
|
|
}
|
|
|
|
|
|
if events, err := el.verify(pcrs); err == nil {
|
|
|
|
|
|
return events, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return events, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (e *EventLog) verify(pcrs []PCR) ([]Event, error) {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
events, err := replayEvents(e.rawEvents, pcrs)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
if err != nil {
|
2019-09-24 18:03:21 +00:00
|
|
|
|
if _, isReplayErr := err.(ReplayError); isReplayErr {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2019-07-30 14:40:19 +00:00
|
|
|
|
return nil, fmt.Errorf("pcrs failed to replay: %v", err)
|
|
|
|
|
|
}
|
|
|
|
|
|
return events, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
type rawAttestationData struct {
|
|
|
|
|
|
Version [4]byte // This MUST be 1.1.0.0
|
|
|
|
|
|
Fixed [4]byte // This SHALL always be the string ‘QUOT’
|
|
|
|
|
|
Digest [20]byte // PCR Composite Hash
|
|
|
|
|
|
Nonce [20]byte // Nonce Hash
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
|
fixedQuote = [4]byte{'Q', 'U', 'O', 'T'}
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
type rawPCRComposite struct {
|
|
|
|
|
|
Size uint16 // always 3
|
|
|
|
|
|
PCRMask [3]byte
|
|
|
|
|
|
Values tpmutil.U32Bytes
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-10-03 19:32:50 +00:00
|
|
|
|
func (a *AKPublic) validate12Quote(quote Quote, pcrs []PCR, nonce []byte) error {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
pub, ok := a.Public.(*rsa.PublicKey)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
if !ok {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("unsupported public key type: %T", a.Public)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2019-08-28 23:59:46 +00:00
|
|
|
|
qHash := sha1.Sum(quote.Quote)
|
|
|
|
|
|
if err := rsa.VerifyPKCS1v15(pub, crypto.SHA1, qHash[:], quote.Signature); err != nil {
|
|
|
|
|
|
return fmt.Errorf("invalid quote signature: %v", err)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var att rawAttestationData
|
2019-08-28 23:59:46 +00:00
|
|
|
|
if _, err := tpmutil.Unpack(quote.Quote, &att); err != nil {
|
|
|
|
|
|
return fmt.Errorf("parsing quote: %v", err)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
// TODO(ericchiang): validate Version field.
|
2019-08-28 23:59:46 +00:00
|
|
|
|
if att.Nonce != sha1.Sum(nonce) {
|
|
|
|
|
|
return fmt.Errorf("invalid nonce")
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
if att.Fixed != fixedQuote {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("quote wasn't a QUOT object: %x", att.Fixed)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// See 5.4.1 Creating a PCR composite hash
|
2019-08-28 23:59:46 +00:00
|
|
|
|
sort.Slice(pcrs, func(i, j int) bool { return pcrs[i].Index < pcrs[j].Index })
|
2019-07-30 14:40:19 +00:00
|
|
|
|
var (
|
|
|
|
|
|
pcrMask [3]byte // bitmap indicating which PCRs are active
|
|
|
|
|
|
values []byte // appended values of all PCRs
|
|
|
|
|
|
)
|
2019-08-28 23:59:46 +00:00
|
|
|
|
for _, pcr := range pcrs {
|
2019-07-30 14:40:19 +00:00
|
|
|
|
if pcr.Index < 0 || pcr.Index >= 24 {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("invalid PCR index: %d", pcr.Index)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
pcrMask[pcr.Index/8] |= 1 << uint(pcr.Index%8)
|
|
|
|
|
|
values = append(values, pcr.Digest...)
|
|
|
|
|
|
}
|
|
|
|
|
|
composite, err := tpmutil.Pack(rawPCRComposite{3, pcrMask, values})
|
|
|
|
|
|
if err != nil {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("marshaling PCRs: %v", err)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
if att.Digest != sha1.Sum(composite) {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("PCRs passed didn't match quote: %v", err)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2022-01-31 17:10:07 +00:00
|
|
|
|
|
|
|
|
|
|
// All provided PCRs are used to construct the composite hash which
|
|
|
|
|
|
// is verified against the quote (for TPM 1.2), so if we got this far,
|
|
|
|
|
|
// all PCR values are verified.
|
|
|
|
|
|
for i := range pcrs {
|
|
|
|
|
|
pcrs[i].quoteVerified = true
|
|
|
|
|
|
}
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return nil
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-10-03 19:32:50 +00:00
|
|
|
|
func (a *AKPublic) validate20Quote(quote Quote, pcrs []PCR, nonce []byte) error {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
sig, err := tpm2.DecodeSignature(bytes.NewBuffer(quote.Signature))
|
2019-07-30 14:40:19 +00:00
|
|
|
|
if err != nil {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("parse quote signature: %v", err)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-08-28 23:59:46 +00:00
|
|
|
|
sigHash := a.Hash.New()
|
|
|
|
|
|
sigHash.Write(quote.Quote)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
|
2019-08-28 23:59:46 +00:00
|
|
|
|
switch pub := a.Public.(type) {
|
2019-07-30 14:40:19 +00:00
|
|
|
|
case *rsa.PublicKey:
|
|
|
|
|
|
if sig.RSA == nil {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("rsa public key provided for ec signature")
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
sigBytes := []byte(sig.RSA.Signature)
|
2019-08-28 23:59:46 +00:00
|
|
|
|
if err := rsa.VerifyPKCS1v15(pub, a.Hash, sigHash.Sum(nil), sigBytes); err != nil {
|
|
|
|
|
|
return fmt.Errorf("invalid quote signature: %v", err)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
default:
|
|
|
|
|
|
// TODO(ericchiang): support ecdsa
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("unsupported public key type %T", pub)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-08-28 23:59:46 +00:00
|
|
|
|
att, err := tpm2.DecodeAttestationData(quote.Quote)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
if err != nil {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("parsing quote signature: %v", err)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
if att.Type != tpm2.TagAttestQuote {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("attestation isn't a quote, tag of type 0x%x", att.Type)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2019-08-28 23:59:46 +00:00
|
|
|
|
if !bytes.Equal([]byte(att.ExtraData), nonce) {
|
2021-06-22 20:33:15 +00:00
|
|
|
|
return fmt.Errorf("nonce = %#v, want %#v", []byte(att.ExtraData), nonce)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
pcrByIndex := map[int][]byte{}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
pcrDigestAlg := HashAlg(att.AttestedQuoteInfo.PCRSelection.Hash).cryptoHash()
|
2019-08-28 23:59:46 +00:00
|
|
|
|
for _, pcr := range pcrs {
|
2020-04-14 21:38:24 +00:00
|
|
|
|
if pcr.DigestAlg == pcrDigestAlg {
|
2019-09-26 22:11:31 +00:00
|
|
|
|
pcrByIndex[pcr.Index] = pcr.Digest
|
|
|
|
|
|
}
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-04-14 21:38:24 +00:00
|
|
|
|
sigHash.Reset()
|
2022-01-31 17:10:07 +00:00
|
|
|
|
quotePCRs := make(map[int]struct{}, len(att.AttestedQuoteInfo.PCRSelection.PCRs))
|
2019-07-30 14:40:19 +00:00
|
|
|
|
for _, index := range att.AttestedQuoteInfo.PCRSelection.PCRs {
|
|
|
|
|
|
digest, ok := pcrByIndex[index]
|
|
|
|
|
|
if !ok {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("quote was over PCR %d which wasn't provided", index)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2022-01-31 17:10:07 +00:00
|
|
|
|
quotePCRs[index] = struct{}{}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
sigHash.Write(digest)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-11-01 19:19:57 +00:00
|
|
|
|
for index := range pcrByIndex {
|
2022-01-31 17:10:07 +00:00
|
|
|
|
if _, exists := quotePCRs[index]; !exists {
|
|
|
|
|
|
return fmt.Errorf("provided PCR %d was not included in quote", index)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-04-14 21:38:24 +00:00
|
|
|
|
if !bytes.Equal(sigHash.Sum(nil), att.AttestedQuoteInfo.PCRDigest) {
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return fmt.Errorf("quote digest didn't match pcrs provided")
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2022-01-31 17:10:07 +00:00
|
|
|
|
|
|
|
|
|
|
// If we got this far, all included PCRs with a digest algorithm matching that
|
|
|
|
|
|
// of the quote are verified. As such, we set their quoteVerified bit.
|
|
|
|
|
|
for i, pcr := range pcrs {
|
|
|
|
|
|
if _, exists := quotePCRs[pcr.Index]; exists && pcr.DigestAlg == pcrDigestAlg {
|
|
|
|
|
|
pcrs[i].quoteVerified = true
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2019-08-28 23:59:46 +00:00
|
|
|
|
return nil
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-06-11 19:55:03 +00:00
|
|
|
|
func extend(pcr PCR, replay []byte, e rawEvent, locality byte) (pcrDigest []byte, eventDigest []byte, err error) {
|
2020-04-14 21:38:24 +00:00
|
|
|
|
h := pcr.DigestAlg
|
2019-07-30 14:40:19 +00:00
|
|
|
|
|
|
|
|
|
|
for _, digest := range e.digests {
|
2020-04-14 21:38:24 +00:00
|
|
|
|
if digest.hash != pcr.DigestAlg {
|
2019-07-30 14:40:19 +00:00
|
|
|
|
continue
|
|
|
|
|
|
}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
if len(digest.data) != len(pcr.Digest) {
|
2020-06-11 19:55:03 +00:00
|
|
|
|
return nil, nil, fmt.Errorf("digest data length (%d) doesn't match PCR digest length (%d)", len(digest.data), len(pcr.Digest))
|
2020-04-14 21:38:24 +00:00
|
|
|
|
}
|
2019-07-30 14:40:19 +00:00
|
|
|
|
hash := h.New()
|
|
|
|
|
|
if len(replay) != 0 {
|
|
|
|
|
|
hash.Write(replay)
|
|
|
|
|
|
} else {
|
|
|
|
|
|
b := make([]byte, h.Size())
|
2020-06-11 19:55:03 +00:00
|
|
|
|
b[h.Size()-1] = locality
|
2019-07-30 14:40:19 +00:00
|
|
|
|
hash.Write(b)
|
|
|
|
|
|
}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
hash.Write(digest.data)
|
|
|
|
|
|
return hash.Sum(nil), digest.data, nil
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
return nil, nil, fmt.Errorf("no event digest matches pcr algorithm: %v", pcr.DigestAlg)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-09-25 21:50:17 +00:00
|
|
|
|
// replayPCR replays the event log for a specific PCR, using pcr and
|
|
|
|
|
|
// event digests with the algorithm in pcr. An error is returned if the
|
|
|
|
|
|
// replayed values do not match the final PCR digest, or any event tagged
|
2021-12-09 00:43:38 +00:00
|
|
|
|
// with that PCR does not possess an event digest with the specified algorithm.
|
2019-09-25 21:50:17 +00:00
|
|
|
|
func replayPCR(rawEvents []rawEvent, pcr PCR) ([]Event, bool) {
|
|
|
|
|
|
var (
|
|
|
|
|
|
replay []byte
|
|
|
|
|
|
outEvents []Event
|
2020-06-11 19:55:03 +00:00
|
|
|
|
locality byte
|
2019-09-25 21:50:17 +00:00
|
|
|
|
)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
|
2019-09-25 21:50:17 +00:00
|
|
|
|
for _, e := range rawEvents {
|
|
|
|
|
|
if e.index != pcr.Index {
|
2019-07-30 14:40:19 +00:00
|
|
|
|
continue
|
|
|
|
|
|
}
|
2020-06-11 19:55:03 +00:00
|
|
|
|
// If TXT is enabled then the first event for PCR0
|
|
|
|
|
|
// should be a StartupLocality event. The final byte
|
|
|
|
|
|
// of this event indicates the locality from which
|
|
|
|
|
|
// TPM2_Startup() was issued. The initial value of
|
|
|
|
|
|
// PCR0 is equal to the locality.
|
|
|
|
|
|
if e.typ == eventTypeNoAction {
|
|
|
|
|
|
if pcr.Index == 0 && len(e.data) == 17 && strings.HasPrefix(string(e.data), "StartupLocality") {
|
|
|
|
|
|
locality = e.data[len(e.data)-1]
|
|
|
|
|
|
}
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
replayValue, digest, err := extend(pcr, replay, e, locality)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
if err != nil {
|
2019-09-25 21:50:17 +00:00
|
|
|
|
return nil, false
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2019-09-25 21:50:17 +00:00
|
|
|
|
replay = replayValue
|
|
|
|
|
|
outEvents = append(outEvents, Event{sequence: e.sequence, Data: e.data, Digest: digest, Index: pcr.Index, Type: e.typ})
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-09-25 21:50:17 +00:00
|
|
|
|
if len(outEvents) > 0 && !bytes.Equal(replay, pcr.Digest) {
|
|
|
|
|
|
return nil, false
|
|
|
|
|
|
}
|
|
|
|
|
|
return outEvents, true
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
type pcrReplayResult struct {
|
|
|
|
|
|
events []Event
|
|
|
|
|
|
successful bool
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func replayEvents(rawEvents []rawEvent, pcrs []PCR) ([]Event, error) {
|
|
|
|
|
|
var (
|
|
|
|
|
|
invalidReplays []int
|
|
|
|
|
|
verifiedEvents []Event
|
|
|
|
|
|
allPCRReplays = map[int][]pcrReplayResult{}
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
// Replay the event log for every PCR and digest algorithm combination.
|
|
|
|
|
|
for _, pcr := range pcrs {
|
|
|
|
|
|
events, ok := replayPCR(rawEvents, pcr)
|
|
|
|
|
|
allPCRReplays[pcr.Index] = append(allPCRReplays[pcr.Index], pcrReplayResult{events, ok})
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Record PCR indices which do not have any successful replay. Record the
|
|
|
|
|
|
// events for a successful replay.
|
|
|
|
|
|
pcrLoop:
|
|
|
|
|
|
for i, replaysForPCR := range allPCRReplays {
|
|
|
|
|
|
for _, replay := range replaysForPCR {
|
|
|
|
|
|
if replay.successful {
|
|
|
|
|
|
// We consider the PCR verified at this stage: The replay of values with
|
|
|
|
|
|
// one digest algorithm matched a provided value.
|
|
|
|
|
|
// As such, we save the PCR's events, and proceed to the next PCR.
|
|
|
|
|
|
verifiedEvents = append(verifiedEvents, replay.events...)
|
|
|
|
|
|
continue pcrLoop
|
|
|
|
|
|
}
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2019-09-25 21:50:17 +00:00
|
|
|
|
invalidReplays = append(invalidReplays, i)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2019-09-25 21:50:17 +00:00
|
|
|
|
|
2019-07-30 14:40:19 +00:00
|
|
|
|
if len(invalidReplays) > 0 {
|
2019-09-25 21:50:17 +00:00
|
|
|
|
events := make([]Event, 0, len(rawEvents))
|
|
|
|
|
|
for _, e := range rawEvents {
|
|
|
|
|
|
events = append(events, Event{e.sequence, e.index, e.typ, e.data, nil})
|
|
|
|
|
|
}
|
2019-09-24 18:03:21 +00:00
|
|
|
|
return nil, ReplayError{
|
|
|
|
|
|
Events: events,
|
2020-11-30 19:56:55 +00:00
|
|
|
|
InvalidPCRs: invalidReplays,
|
2019-09-24 18:03:21 +00:00
|
|
|
|
}
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2019-09-25 21:50:17 +00:00
|
|
|
|
|
|
|
|
|
|
sort.Slice(verifiedEvents, func(i int, j int) bool {
|
|
|
|
|
|
return verifiedEvents[i].sequence < verifiedEvents[j].sequence
|
|
|
|
|
|
})
|
|
|
|
|
|
return verifiedEvents, nil
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// EV_NO_ACTION is a special event type that indicates information to the parser
|
|
|
|
|
|
// instead of holding a measurement. For TPM 2.0, this event type is used to signal
|
|
|
|
|
|
// switching from SHA1 format to a variable length digest.
|
|
|
|
|
|
//
|
|
|
|
|
|
// https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf#page=110
|
|
|
|
|
|
const eventTypeNoAction = 0x03
|
|
|
|
|
|
|
2019-09-19 22:23:53 +00:00
|
|
|
|
// ParseEventLog parses an unverified measurement log.
|
|
|
|
|
|
func ParseEventLog(measurementLog []byte) (*EventLog, error) {
|
2019-12-10 00:56:49 +00:00
|
|
|
|
var specID *specIDEvent
|
2019-09-19 22:23:53 +00:00
|
|
|
|
r := bytes.NewBuffer(measurementLog)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
parseFn := parseRawEvent
|
2019-09-19 22:23:53 +00:00
|
|
|
|
var el EventLog
|
2019-12-10 00:56:49 +00:00
|
|
|
|
e, err := parseFn(r, specID)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, fmt.Errorf("parse first event: %v", err)
|
|
|
|
|
|
}
|
2021-04-13 17:46:15 +00:00
|
|
|
|
if e.typ == eventTypeNoAction && len(e.data) >= binary.Size(specIDEventHeader{}) {
|
2019-12-10 00:56:49 +00:00
|
|
|
|
specID, err = parseSpecIDEvent(e.data)
|
2019-09-19 22:23:53 +00:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, fmt.Errorf("failed to parse spec ID event: %v", err)
|
|
|
|
|
|
}
|
|
|
|
|
|
for _, alg := range specID.algs {
|
2019-12-10 00:56:49 +00:00
|
|
|
|
switch tpm2.Algorithm(alg.ID) {
|
2019-09-19 22:23:53 +00:00
|
|
|
|
case tpm2.AlgSHA1:
|
|
|
|
|
|
el.Algs = append(el.Algs, HashSHA1)
|
|
|
|
|
|
case tpm2.AlgSHA256:
|
|
|
|
|
|
el.Algs = append(el.Algs, HashSHA256)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
if len(el.Algs) == 0 {
|
|
|
|
|
|
return nil, fmt.Errorf("measurement log didn't use sha1 or sha256 digests")
|
|
|
|
|
|
}
|
2019-07-30 14:40:19 +00:00
|
|
|
|
// Switch to parsing crypto agile events. Don't include this in the
|
2019-09-19 22:23:53 +00:00
|
|
|
|
// replayed events since it intentionally doesn't extend the PCRs.
|
2019-07-30 14:40:19 +00:00
|
|
|
|
//
|
2021-12-09 00:43:38 +00:00
|
|
|
|
// Note that this doesn't actually guarantee that events have SHA256
|
2019-09-19 22:23:53 +00:00
|
|
|
|
// digests.
|
2019-07-30 14:40:19 +00:00
|
|
|
|
parseFn = parseRawEvent2
|
2021-11-18 23:36:14 +00:00
|
|
|
|
el.specIDEvent = specID
|
2019-07-30 14:40:19 +00:00
|
|
|
|
} else {
|
2019-09-19 22:23:53 +00:00
|
|
|
|
el.Algs = []HashAlg{HashSHA1}
|
|
|
|
|
|
el.rawEvents = append(el.rawEvents, e)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2019-09-25 21:50:17 +00:00
|
|
|
|
sequence := 1
|
2019-07-30 14:40:19 +00:00
|
|
|
|
for r.Len() != 0 {
|
2019-12-10 00:56:49 +00:00
|
|
|
|
e, err := parseFn(r, specID)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2019-09-25 21:50:17 +00:00
|
|
|
|
e.sequence = sequence
|
|
|
|
|
|
sequence++
|
2019-09-19 22:23:53 +00:00
|
|
|
|
el.rawEvents = append(el.rawEvents, e)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2019-09-19 22:23:53 +00:00
|
|
|
|
return &el, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
type specIDEvent struct {
|
2019-12-10 00:56:49 +00:00
|
|
|
|
algs []specAlgSize
|
2019-09-19 22:23:53 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
type specAlgSize struct {
|
|
|
|
|
|
ID uint16
|
|
|
|
|
|
Size uint16
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-09-20 17:34:07 +00:00
|
|
|
|
// Expected values for various Spec ID Event fields.
|
|
|
|
|
|
// https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf#page=19
|
|
|
|
|
|
var wantSignature = [16]byte{0x53, 0x70,
|
|
|
|
|
|
0x65, 0x63, 0x20, 0x49,
|
|
|
|
|
|
0x44, 0x20, 0x45, 0x76,
|
|
|
|
|
|
0x65, 0x6e, 0x74, 0x30,
|
|
|
|
|
|
0x33, 0x00} // "Spec ID Event03\0"
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
|
wantMajor = 2
|
|
|
|
|
|
wantMinor = 0
|
|
|
|
|
|
wantErrata = 0
|
2019-09-19 22:23:53 +00:00
|
|
|
|
)
|
|
|
|
|
|
|
2021-04-13 17:46:15 +00:00
|
|
|
|
type specIDEventHeader struct {
|
|
|
|
|
|
Signature [16]byte
|
|
|
|
|
|
PlatformClass uint32
|
|
|
|
|
|
VersionMinor uint8
|
|
|
|
|
|
VersionMajor uint8
|
|
|
|
|
|
Errata uint8
|
|
|
|
|
|
UintnSize uint8
|
|
|
|
|
|
NumAlgs uint32
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-09-19 22:23:53 +00:00
|
|
|
|
// parseSpecIDEvent parses a TCG_EfiSpecIDEventStruct structure from the reader.
|
|
|
|
|
|
//
|
|
|
|
|
|
// https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf#page=18
|
|
|
|
|
|
func parseSpecIDEvent(b []byte) (*specIDEvent, error) {
|
|
|
|
|
|
r := bytes.NewReader(b)
|
2021-04-13 17:46:15 +00:00
|
|
|
|
var header specIDEventHeader
|
2019-09-19 22:23:53 +00:00
|
|
|
|
if err := binary.Read(r, binary.LittleEndian, &header); err != nil {
|
2021-04-13 17:46:15 +00:00
|
|
|
|
return nil, fmt.Errorf("reading event header: %w: %X", err, b)
|
2019-09-19 22:23:53 +00:00
|
|
|
|
}
|
|
|
|
|
|
if header.Signature != wantSignature {
|
|
|
|
|
|
return nil, fmt.Errorf("invalid spec id signature: %x", header.Signature)
|
|
|
|
|
|
}
|
|
|
|
|
|
if header.VersionMajor != wantMajor {
|
|
|
|
|
|
return nil, fmt.Errorf("invalid spec major version, got %02x, wanted %02x",
|
|
|
|
|
|
header.VersionMajor, wantMajor)
|
|
|
|
|
|
}
|
|
|
|
|
|
if header.VersionMinor != wantMinor {
|
|
|
|
|
|
return nil, fmt.Errorf("invalid spec minor version, got %02x, wanted %02x",
|
|
|
|
|
|
header.VersionMajor, wantMinor)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// TODO(ericchiang): Check errata? Or do we expect that to change in ways
|
|
|
|
|
|
// we're okay with?
|
|
|
|
|
|
|
2019-10-09 15:39:15 +00:00
|
|
|
|
specAlg := specAlgSize{}
|
|
|
|
|
|
e := specIDEvent{}
|
|
|
|
|
|
for i := 0; i < int(header.NumAlgs); i++ {
|
|
|
|
|
|
if err := binary.Read(r, binary.LittleEndian, &specAlg); err != nil {
|
|
|
|
|
|
return nil, fmt.Errorf("reading algorithm: %v", err)
|
|
|
|
|
|
}
|
2019-12-10 00:56:49 +00:00
|
|
|
|
e.algs = append(e.algs, specAlg)
|
2019-09-19 22:23:53 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var vendorInfoSize uint8
|
|
|
|
|
|
if err := binary.Read(r, binary.LittleEndian, &vendorInfoSize); err != nil {
|
|
|
|
|
|
return nil, fmt.Errorf("reading vender info size: %v", err)
|
|
|
|
|
|
}
|
|
|
|
|
|
if r.Len() != int(vendorInfoSize) {
|
|
|
|
|
|
return nil, fmt.Errorf("reading vendor info, expected %d remaining bytes, got %d", vendorInfoSize, r.Len())
|
|
|
|
|
|
}
|
|
|
|
|
|
return &e, nil
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-04-14 21:38:24 +00:00
|
|
|
|
type digest struct {
|
|
|
|
|
|
hash crypto.Hash
|
|
|
|
|
|
data []byte
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-07-30 14:40:19 +00:00
|
|
|
|
type rawEvent struct {
|
2019-09-25 21:50:17 +00:00
|
|
|
|
sequence int
|
|
|
|
|
|
index int
|
|
|
|
|
|
typ EventType
|
|
|
|
|
|
data []byte
|
2020-04-14 21:38:24 +00:00
|
|
|
|
digests []digest
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// TPM 1.2 event log format. See "5.1 SHA1 Event Log Entry Format"
|
|
|
|
|
|
// https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf#page=15
|
|
|
|
|
|
type rawEventHeader struct {
|
|
|
|
|
|
PCRIndex uint32
|
|
|
|
|
|
Type uint32
|
|
|
|
|
|
Digest [20]byte
|
|
|
|
|
|
EventSize uint32
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-10-08 15:56:32 +00:00
|
|
|
|
type eventSizeErr struct {
|
|
|
|
|
|
eventSize uint32
|
|
|
|
|
|
logSize int
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (e *eventSizeErr) Error() string {
|
|
|
|
|
|
return fmt.Sprintf("event data size (%d bytes) is greater than remaining measurement log (%d bytes)", e.eventSize, e.logSize)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-12-10 00:56:49 +00:00
|
|
|
|
func parseRawEvent(r *bytes.Buffer, specID *specIDEvent) (event rawEvent, err error) {
|
2019-07-30 14:40:19 +00:00
|
|
|
|
var h rawEventHeader
|
|
|
|
|
|
if err = binary.Read(r, binary.LittleEndian, &h); err != nil {
|
2021-04-13 17:46:15 +00:00
|
|
|
|
return event, fmt.Errorf("header deserialization error: %w", err)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2019-10-08 15:56:32 +00:00
|
|
|
|
if h.EventSize > uint32(r.Len()) {
|
|
|
|
|
|
return event, &eventSizeErr{h.EventSize, r.Len()}
|
|
|
|
|
|
}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
|
2019-07-30 14:40:19 +00:00
|
|
|
|
data := make([]byte, int(h.EventSize))
|
|
|
|
|
|
if _, err := io.ReadFull(r, data); err != nil {
|
2021-04-13 17:46:15 +00:00
|
|
|
|
return event, fmt.Errorf("reading data error: %w", err)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
|
|
|
|
|
|
digests := []digest{{hash: crypto.SHA1, data: h.Digest[:]}}
|
|
|
|
|
|
|
2019-07-30 14:40:19 +00:00
|
|
|
|
return rawEvent{
|
|
|
|
|
|
typ: EventType(h.Type),
|
|
|
|
|
|
data: data,
|
|
|
|
|
|
index: int(h.PCRIndex),
|
2020-04-14 21:38:24 +00:00
|
|
|
|
digests: digests,
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// TPM 2.0 event log format. See "5.2 Crypto Agile Log Entry Format"
|
|
|
|
|
|
// https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf#page=15
|
|
|
|
|
|
type rawEvent2Header struct {
|
|
|
|
|
|
PCRIndex uint32
|
|
|
|
|
|
Type uint32
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-12-10 00:56:49 +00:00
|
|
|
|
func parseRawEvent2(r *bytes.Buffer, specID *specIDEvent) (event rawEvent, err error) {
|
2019-07-30 14:40:19 +00:00
|
|
|
|
var h rawEvent2Header
|
2020-04-14 21:38:24 +00:00
|
|
|
|
|
2019-07-30 14:40:19 +00:00
|
|
|
|
if err = binary.Read(r, binary.LittleEndian, &h); err != nil {
|
|
|
|
|
|
return event, err
|
|
|
|
|
|
}
|
|
|
|
|
|
event.typ = EventType(h.Type)
|
|
|
|
|
|
event.index = int(h.PCRIndex)
|
|
|
|
|
|
|
|
|
|
|
|
// parse the event digests
|
|
|
|
|
|
var numDigests uint32
|
|
|
|
|
|
if err := binary.Read(r, binary.LittleEndian, &numDigests); err != nil {
|
|
|
|
|
|
return event, err
|
|
|
|
|
|
}
|
2019-12-10 00:56:49 +00:00
|
|
|
|
|
2019-07-30 14:40:19 +00:00
|
|
|
|
for i := 0; i < int(numDigests); i++ {
|
|
|
|
|
|
var algID uint16
|
|
|
|
|
|
if err := binary.Read(r, binary.LittleEndian, &algID); err != nil {
|
|
|
|
|
|
return event, err
|
|
|
|
|
|
}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
var digest digest
|
|
|
|
|
|
|
2019-12-10 00:56:49 +00:00
|
|
|
|
for _, alg := range specID.algs {
|
|
|
|
|
|
if alg.ID != algID {
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
2021-04-13 22:57:16 +00:00
|
|
|
|
if r.Len() < int(alg.Size) {
|
2019-12-10 00:56:49 +00:00
|
|
|
|
return event, fmt.Errorf("reading digest: %v", io.ErrUnexpectedEOF)
|
|
|
|
|
|
}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
digest.data = make([]byte, alg.Size)
|
|
|
|
|
|
digest.hash = HashAlg(alg.ID).cryptoHash()
|
2019-12-10 00:56:49 +00:00
|
|
|
|
}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
if len(digest.data) == 0 {
|
2019-12-10 00:56:49 +00:00
|
|
|
|
return event, fmt.Errorf("unknown algorithm ID %x", algID)
|
2019-07-30 14:40:19 +00:00
|
|
|
|
}
|
2020-04-14 21:38:24 +00:00
|
|
|
|
if _, err := io.ReadFull(r, digest.data); err != nil {
|
2019-07-30 14:40:19 +00:00
|
|
|
|
return event, err
|
|
|
|
|
|
}
|
|
|
|
|
|
event.digests = append(event.digests, digest)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// parse event data
|
|
|
|
|
|
var eventSize uint32
|
|
|
|
|
|
if err = binary.Read(r, binary.LittleEndian, &eventSize); err != nil {
|
|
|
|
|
|
return event, err
|
|
|
|
|
|
}
|
2019-10-08 15:56:32 +00:00
|
|
|
|
if eventSize > uint32(r.Len()) {
|
|
|
|
|
|
return event, &eventSizeErr{eventSize, r.Len()}
|
|
|
|
|
|
}
|
2019-07-30 14:40:19 +00:00
|
|
|
|
event.data = make([]byte, int(eventSize))
|
|
|
|
|
|
if _, err := io.ReadFull(r, event.data); err != nil {
|
|
|
|
|
|
return event, err
|
|
|
|
|
|
}
|
|
|
|
|
|
return event, err
|
|
|
|
|
|
}
|
2021-11-18 23:36:14 +00:00
|
|
|
|
|
|
|
|
|
|
// AppendEvents takes a series of TPM 2.0 event logs and combines
|
|
|
|
|
|
// them into a single sequence of events with a single header.
|
|
|
|
|
|
//
|
|
|
|
|
|
// Additional logs must not use a digest algorithm which was not
|
|
|
|
|
|
// present in the original log.
|
|
|
|
|
|
func AppendEvents(base []byte, additional ...[]byte) ([]byte, error) {
|
|
|
|
|
|
baseLog, err := ParseEventLog(base)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, fmt.Errorf("base: %v", err)
|
|
|
|
|
|
}
|
|
|
|
|
|
if baseLog.specIDEvent == nil {
|
|
|
|
|
|
return nil, errors.New("tpm 1.2 event logs cannot be combined")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
outBuff := make([]byte, len(base))
|
|
|
|
|
|
copy(outBuff, base)
|
|
|
|
|
|
out := bytes.NewBuffer(outBuff)
|
|
|
|
|
|
|
|
|
|
|
|
for i, l := range additional {
|
|
|
|
|
|
log, err := ParseEventLog(l)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, fmt.Errorf("log %d: %v", i, err)
|
|
|
|
|
|
}
|
|
|
|
|
|
if log.specIDEvent == nil {
|
|
|
|
|
|
return nil, fmt.Errorf("log %d: cannot use tpm 1.2 event log as a source", i)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
algCheck:
|
|
|
|
|
|
for _, alg := range log.specIDEvent.algs {
|
|
|
|
|
|
for _, baseAlg := range baseLog.specIDEvent.algs {
|
|
|
|
|
|
if baseAlg == alg {
|
|
|
|
|
|
continue algCheck
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return nil, fmt.Errorf("log %d: cannot use digest (%+v) not present in base log", i, alg)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
for x, e := range log.rawEvents {
|
|
|
|
|
|
// Serialize header (PCR index, event type, number of digests)
|
|
|
|
|
|
binary.Write(out, binary.LittleEndian, rawEvent2Header{
|
|
|
|
|
|
PCRIndex: uint32(e.index),
|
|
|
|
|
|
Type: uint32(e.typ),
|
|
|
|
|
|
})
|
|
|
|
|
|
binary.Write(out, binary.LittleEndian, uint32(len(e.digests)))
|
|
|
|
|
|
|
|
|
|
|
|
// Serialize digests
|
|
|
|
|
|
for _, d := range e.digests {
|
|
|
|
|
|
var algID uint16
|
|
|
|
|
|
switch d.hash {
|
|
|
|
|
|
case crypto.SHA256:
|
|
|
|
|
|
algID = uint16(HashSHA256)
|
|
|
|
|
|
case crypto.SHA1:
|
|
|
|
|
|
algID = uint16(HashSHA1)
|
|
|
|
|
|
default:
|
|
|
|
|
|
return nil, fmt.Errorf("log %d: event %d: unhandled hash function %v", i, x, d.hash)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
binary.Write(out, binary.LittleEndian, algID)
|
|
|
|
|
|
out.Write(d.data)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Serialize event data
|
|
|
|
|
|
binary.Write(out, binary.LittleEndian, uint32(len(e.data)))
|
|
|
|
|
|
out.Write(e.data)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return out.Bytes(), nil
|
|
|
|
|
|
}
|
