ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2024-12-19 21:17:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix lints; run gofmt (#293)

Browse Source 
$ gofmt -s -w .
This commit is contained in:
Brandon Weeks 2022-11-01 12:19:57 -07:00 committed by GitHub
parent 17f9c05652
commit 438907edb0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 44 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
attest/attest.go
View File

@ -398,10 +398,10 @@ func (a HashAlg) String() string {
// the booted state of the machine the TPM is attached to.
//
// The digests contained in the event log can be considered authentic if:
// - The AK public corresponds to the known AK for that platform.
// - All quotes are verified with AKPublic.Verify(), and return no errors.
// - The event log parsed successfully using ParseEventLog(), and a call
// to EventLog.Verify() with the full set of PCRs returned no error.
// - The AK public corresponds to the known AK for that platform.
// - All quotes are verified with AKPublic.Verify(), and return no errors.
// - The event log parsed successfully using ParseEventLog(), and a call
// to EventLog.Verify() with the full set of PCRs returned no error.
type PlatformParameters struct {
// The version of the TPM which generated this attestation.
TPMVersion TPMVersion

2
attest/eventlog.go
View File

@ -383,7 +383,7 @@ func (a *AKPublic) validate20Quote(quote Quote, pcrs []PCR, nonce []byte) error
sigHash.Write(digest)
}
for index, _ := range pcrByIndex {
for index := range pcrByIndex {
if _, exists := quotePCRs[index]; !exists {
return fmt.Errorf("provided PCR %d was not included in quote", index)
}

8
attest/internal/events.go
View File

@ -48,7 +48,7 @@ var (
// EventType describes the type of event signalled in the event log.
type EventType uint32
// BIOS Events (TCG PC Client Specific Implementation Specification for Conventional BIOS 1.21)
// BIOS Events (TCG PC Client Specific Implementation Specification for Conventional BIOS 1.21)
const (
PrebootCert EventType = 0x00000000
PostCode EventType = 0x00000001
@ -280,9 +280,9 @@ func ParseUEFIVariableAuthority(v UEFIVariableData) (UEFIVariableAuthority, erro
// Skip parsing new SBAT section logged by shim.
// See https://github.com/rhboot/shim/blob/main/SBAT.md for more.
unicodeNameEquals(v, shimSbatVarName) || //https://github.com/rhboot/shim/blob/20e4d9486fcae54ee44d2323ae342ffe68c920e6/include/sbat.h#L9-L12
// Skip parsing new MokListTrusted section logged by shim.
// See https://github.com/rhboot/shim/blob/main/MokVars.txt for more.
unicodeNameEquals(v, shimMokListTrustedVarName)) { //https://github.com/rhboot/shim/blob/4e513405b4f1641710115780d19dcec130c5208f/mok.c#L169-L182
// Skip parsing new MokListTrusted section logged by shim.
// See https://github.com/rhboot/shim/blob/main/MokVars.txt for more.
unicodeNameEquals(v, shimMokListTrustedVarName)) { //https://github.com/rhboot/shim/blob/4e513405b4f1641710115780d19dcec130c5208f/mok.c#L169-L182
return UEFIVariableAuthority{}, nil
}
certs, err := parseEfiSignature(v.VariableData)

2
attest/key_windows.go
View File

@ -81,7 +81,7 @@ func (k *windowsKey12) quote(tb tpmBase, nonce []byte, alg HashAlg) (*Quote, err
}
selectedPCRs := make([]int, 24)
for pcr, _ := range selectedPCRs {
for pcr := range selectedPCRs {
selectedPCRs[pcr] = pcr
}

4
attest/pcp_windows.go
View File

@ -369,8 +369,8 @@ func (h *winPCP) Close() error {
return closeNCryptObject(h.hProv)
}
// DeleteKey permanently removes the key with the given handle
// from the system, and frees its handle.
// DeleteKey permanently removes the key with the given handle from the system,
// and frees its handle.
func (h *winPCP) DeleteKey(kh uintptr) error {
r, _, msg := nCryptDeleteKey.Call(kh, 0)
if r != 0 {

2
attest/tpm.go
View File

@ -303,7 +303,7 @@ type tpmBase interface {
measurementLog() ([]byte, error)
}
//TPM interfaces with a TPM device on the system.
// TPM interfaces with a TPM device on the system.
type TPM struct {
// tpm refers to a concrete implementation of TPM logic, based on the current
// platform and TPM version.

3
attest/tpm_test.go
View File

@ -10,8 +10,7 @@ import (
// Generated using the following command:
//
// openssl genrsa 2048|openssl rsa -outform PEM -pubout
//
// openssl genrsa 2048|openssl rsa -outform PEM -pubout
var testRSAKey = mustParseRSAKey(`-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8zyTXCjVALZzjS8wgNH
nAVdt4ZGM3N450xOnLplx/RbCVwXyu83SWh0B3Ka+92aocqcHzo+j6e6Urppre/I

10
attest/win_events_test.go
View File

@ -31,7 +31,7 @@ func TestParseWinEvents(t *testing.T) {
CodeIntegrityEnabled: TernaryTrue,
BitlockerUnlocks: []BitlockerStatus{0, 0},
LoadedModules: map[string]WinModuleLoad{
"0fdce7d71936f79445e7d2c84cbeb97c948d3730e0b839166b0a4e625c2d4547": WinModuleLoad{
"0fdce7d71936f79445e7d2c84cbeb97c948d3730e0b839166b0a4e625c2d4547": {
FilePath: `\Windows\System32\drivers\vioscsi.sys`,
ImageBase: []uint64{81416192},
ImageSize: uint64(86016),
@ -49,7 +49,7 @@ func TestParseWinEvents(t *testing.T) {
},
AuthenticodeHash: []byte{15, 220, 231, 215, 25, 54, 247, 148, 69, 231, 210, 200, 76, 190, 185, 124, 148, 141, 55, 48, 224, 184, 57, 22, 107, 10, 78, 98, 92, 45, 69, 71},
},
"055a36a9921b98cc04042ca95249c7eca655536868dafcec7508947ebe5e71f4": WinModuleLoad{
"055a36a9921b98cc04042ca95249c7eca655536868dafcec7508947ebe5e71f4": {
FilePath: `\Windows\System32\Drivers\ksecpkg.sys`,
ImageBase: []uint64{82952192},
ImageSize: uint64(204800),
@ -67,7 +67,7 @@ func TestParseWinEvents(t *testing.T) {
},
AuthenticodeHash: []byte{5, 90, 54, 169, 146, 27, 152, 204, 4, 4, 44, 169, 82, 73, 199, 236, 166, 85, 83, 104, 104, 218, 252, 236, 117, 8, 148, 126, 190, 94, 113, 244},
},
"2bedd1589410b6fa13c82f35db735025b6a160595922750248771f5abd0fee58": WinModuleLoad{
"2bedd1589410b6fa13c82f35db735025b6a160595922750248771f5abd0fee58": {
FilePath: `\Windows\System32\drivers\volmgrx.sys`,
ImageBase: []uint64{80875520},
ImageSize: uint64(405504),
@ -87,7 +87,7 @@ func TestParseWinEvents(t *testing.T) {
},
},
ELAM: map[string]WinELAM{
"Windows Defender": WinELAM{Measured: []byte{0x06, 0x7d, 0x5b, 0x9d, 0xc5, 0x62, 0x7f, 0x97, 0xdc, 0xf3, 0xfe, 0xff, 0x60, 0x2a, 0x34, 0x2e, 0xd6, 0x98, 0xd2, 0xcc}},
"Windows Defender": {Measured: []byte{0x06, 0x7d, 0x5b, 0x9d, 0xc5, 0x62, 0x7f, 0x97, 0xdc, 0xf3, 0xfe, 0xff, 0x60, 0x2a, 0x34, 0x2e, 0xd6, 0x98, 0xd2, 0xcc}},
},
}
@ -121,7 +121,7 @@ func TestParseWinEvents(t *testing.T) {
"055a36a9921b98cc04042ca95249c7eca655536868dafcec7508947ebe5e71f4": true,
"2bedd1589410b6fa13c82f35db735025b6a160595922750248771f5abd0fee58": true,
}
for k, _ := range winState.LoadedModules {
for k := range winState.LoadedModules {
if _, keep := keep[k]; !keep {
delete(winState.LoadedModules, k)
}

30
attributecert/attributecert.go
View File

@ -129,50 +129,50 @@ func getSignatureAlgorithmFromAI(ai pkix.AlgorithmIdentifier) x509.SignatureAlgo
return x509.UnknownSignatureAlgorithm
}
//RFC 5280 4.2.2.1
// RFC 5280 4.2.2.1
type authorityInfoAccess struct {
Method asn1.ObjectIdentifier
Location asn1.RawValue
}
//RFC 5280 4.2.1.1
// RFC 5280 4.2.1.1
type authKeyID struct {
ID []byte `asn1:"optional,tag:0"`
IssuerName asn1.RawValue `asn1:"set,optional,tag:1"`
SerialNumber *big.Int `asn1:"optional,tag:2"`
}
//RFC 5280 4.2.1.4
// RFC 5280 4.2.1.4
type cpsPolicy struct {
ID asn1.ObjectIdentifier
Value string
}
//RFC 5280 4.2.1.4
// RFC 5280 4.2.1.4
type policyInformation struct {
Raw asn1.RawContent
ID asn1.ObjectIdentifier
Policy asn1.RawValue
}
//RFC 5280 4.1.2.5
// RFC 5280 4.1.2.5
type validity struct {
NotBefore, NotAfter time.Time
}
//RFC 5280 4.2.1.4
type NoticeReference struct {
// RFC 5280 4.2.1.4
type noticeReference struct {
Organization string
NoticeNumbers []int
}
//RFC 5280 4.2.1.4
// RFC 5280 4.2.1.4
type userNotice struct {
NoticeRef NoticeReference `asn1:"optional"`
NoticeRef noticeReference `asn1:"optional"`
ExplicitText string `asn1:"optional"`
}
//RFC 5755 4.1
// RFC 5755 4.1
type objectDigestInfo struct {
DigestedObjectType asn1.Enumerated
OtherObjectTypeID asn1.ObjectIdentifier
@ -180,14 +180,14 @@ type objectDigestInfo struct {
ObjectDigest asn1.BitString
}
//RFC 5755 4.1
// RFC 5755 4.1
type attCertIssuer struct {
IssuerName asn1.RawValue `asn1:"set,optional"`
BaseCertificateID issuerSerial `asn1:"optional,tag:0"`
ObjectDigestInfo objectDigestInfo `asn1:"optional,tag:1"`
}
//RFC 5755 4.1
// RFC 5755 4.1
type issuerSerial struct {
Raw asn1.RawContent
Issuer asn1.RawValue
@ -195,7 +195,7 @@ type issuerSerial struct {
IssuerUID asn1.BitString `asn1:"optional"`
}
//RFC 5755 4.1
// RFC 5755 4.1
type holder struct {
Raw asn1.RawContent
BaseCertificateID issuerSerial `asn1:"optional,tag:0"`
@ -203,13 +203,13 @@ type holder struct {
ObjectDigestInfo objectDigestInfo `asn1:"optional,tag:2"`
}
//RFC 5755 4.1
// RFC 5755 4.1
type attribute struct {
ID asn1.ObjectIdentifier
RawValues []asn1.RawValue `asn1:"set"`
}
//RFC 5755 4.1
// RFC 5755 4.1
type tbsAttributeCertificate struct {
Raw asn1.RawContent
Version int

17
x509/x509ext.go
View File

@ -18,9 +18,9 @@ var (
oidPermanentIdentifier = []int{1, 3, 6, 1, 5, 5, 7, 8, 3}
)
// OtherName ::= SEQUENCE {
// type-id OBJECT IDENTIFIER,
// value [0] EXPLICIT ANY DEFINED BY type-id }
// OtherName ::= SEQUENCE {
// type-id OBJECT IDENTIFIER,
// value [0] EXPLICIT ANY DEFINED BY type-id }
type otherName struct {
TypeID asn1.ObjectIdentifier
Value asn1.RawValue
@ -42,10 +42,13 @@ func marshalOtherName(typeID asn1.ObjectIdentifier, value interface{}) (asn1.Raw
return asn1.RawValue{FullBytes: bytes}, nil
}
// PermanentIdentifier ::= SEQUENCE {
// identifierValue UTF8String OPTIONAL,
// assigner OBJECT IDENTIFIER OPTIONAL
// }
// PermanentIdentifier represents an ASN.1 encoded "permanent identifier" as
// defined by RFC4043.
//
// PermanentIdentifier ::= SEQUENCE {
// identifierValue UTF8String OPTIONAL,
// assigner OBJECT IDENTIFIER OPTIONAL
// }
//
// https://datatracker.ietf.org/doc/html/rfc4043
type PermanentIdentifier struct {