Commit Graph

164 Commits

Author SHA1 Message Date
Brandon Weeks
d90962df3c
Add InjectSimulatedTPMForTest function for testing (#187) 2020-11-19 07:43:19 +01:00
Brandon Weeks
25f5b13c2c
Fix Go Vet string conversion warnings (#185)
https://golang.org/doc/go1.15#vet
2020-11-18 22:25:44 -08:00
Tom D'Netto
5eca4dfe2a Disable linux TPM12 support if build without cgo 2020-09-24 11:35:08 -07:00
Tom D
142c9d263a
Implement parsing of PCR 13 WBCL information (#178) 2020-09-14 16:44:10 -07:00
Tom D
6d760d44a1
windows events: Extract the ELAM driver names and their configuration (#173) 2020-06-18 13:59:51 -07:00
Matthew Garrett
fe22f29ec8 Handle StartupLocality events
Systems with TXT enabled may issue the TPM2_Startup() command from a
locality other than 0. In this case, the initial value of PCR0 will
represent the locality that the call was made from. This is exposed to
higher layers by an EV_NO_ACTION event that has data containing the
NULL-terminated string "StartupLocality" followed by a single byte
representing the state of the locality. As this event is EV_NO_ACTION,
it does not represent an extension in itself.

So:

1) Ignore events that are EV_NO_ACTION when replaying the log, except:
2) For PCR0, if an event is EV_NO_ACTION and contains the string
"StartupLocality", use the final byte of the event data as the initial
value of PCR0 for the replay.
2020-06-11 13:18:05 -07:00
Tom D
5e360d3104
Remove constraint that all reported bitlocker unlocks use the same method. (#170) 2020-06-10 17:10:15 -07:00
Tom D
3b5f0a5e00
Begin implementing extraction of windows info from the event log (#167) 2020-06-01 17:35:23 -07:00
Tom D
596928d20b
Fix oss-fuzz, update to latest go-tpm (#165) 2020-05-07 15:25:53 -07:00
Tom D
ebb0b62d80
Split linuxTPM -> {trousersTPM,wrappedTPM20}, implement CommandChannel
* Split linuxTPM -> {trousersTPM,wrappedTPM20} + prefix windows key type with windows

* Address feedback, implement CommandChannel
2020-05-05 16:56:57 -07:00
Tom D
1045ef6327
Refactor *platformTPM -> tpmBase interface (#160) 2020-05-05 14:56:40 -07:00
Tom D
ab116a02a1
Implement workaround for secureboot authority events from shim (#158) 2020-05-01 14:20:54 -07:00
Tom D
022cf8e2ae
Fix broken build from intersection of two PRs (#155) 2020-04-16 11:42:48 -07:00
Tom D
67c0b4ad07
Add workaround in validation for missing exit boot services event log messages (#153) 2020-04-16 10:20:55 -07:00
Matthew Garrett
0815f5e221
Remove length-based hash lookups
Using the length of a digest to infer the hash algorithm is somewhat
fragile - if we end up with multiple hash algorithms that share the same
digest length, things will break. Instead, pass more complete digest
information through to relevant functions and figure things out by
mapping the TPM hash algorithm to the appropriate Golang type.
2020-04-14 14:38:24 -07:00
Tom D
fe41cef1db
Return error from AttestPlatform() if the event log returned from the system is too short to be valid (#151) 2020-01-30 14:39:59 -08:00
Brandon Weeks
e9e2656545 Return an error if event data size is 0 2020-01-08 13:43:10 -08:00
Tom D
e134551bb0
Implement extractor for determining secure boot state (#148) 2019-12-19 12:28:32 -08:00
Matthew Garrett
9176b4bcb6 Pay attention to digest size information in the headers
Crypto agile logs may contain digest types that we don't currently
handle. However, we still need to know how long each digest is in order
to read over the appropriate amount of the buffer. This information is
provided to us as part of the spec header - make use of it rather than
hardcoding the set of digests and lengths we know about.
2019-12-10 12:28:28 -08:00
Tom D
9746da2bfe
Fix uint16 overflow in ParseEKCertificate bounds check (#143) 2019-12-09 10:58:36 -08:00
Tom D
82eea759eb
Enable ParseAKPublic & ParseEKCertificate for fuzzing. (#141) 2019-12-04 15:04:06 -08:00
Tom D
814084b657
Validate signature scheme is present when decoding TPMT_PUBLIC blobs (#140) 2019-12-04 14:35:21 -08:00
Tom D
fb4487ace5
Implement self-test mode into attest-tool. (#137) 2019-11-08 09:52:59 -08:00
Eric Chiang
7b7e21da78 attest: update go-tpm and switch hash method
go-tpm recently removed Algorithm.HashConstructor() in favor of
Algorithm.Hash(). Update go-tpm dependency and use the new method.
2019-10-18 10:39:55 -04:00
Tom D
25ce56400c
Fix linter errors, go fmt (#130) 2019-10-10 14:29:46 -07:00
Eric Chiang
f0e8d0fe7c attest: fix another unbounded memory allocation
@brandonweeks detected another case of the "make([]T, untrustedValue)"
pattern, which would allow an attacker to cause the parser to allocate
an unbounded amount of memory.

Fix this by reading one algorithm at a time instead of pre-allocating a
slice of algorithms.
2019-10-09 08:39:15 -07:00
Brandon Weeks
2bc8d58530 ParseEventLog fuzz target
A go-fuzz target for the ParseEventLog function. It has been tested
with go-fuzz and go-fuzz + libFuzzer.

oss-fuzz requires a statically built fuzzer binary, so `gofuzz` build
tags are added to avoid building files that depend on go-tspi. A mock
tpm_other.go file is also included to satisfy the `platformTPM`
interface.
2019-10-09 10:05:21 +11:00
Brandon Weeks
73020b971b Rename AIK to AK everywhere
AIK is the terminology used as part of the TPM 1.2 specifications.
2019-10-09 08:56:19 +11:00
Eric Chiang
f365b3275e attest: ensure parsing event can't allocated unbounded memory
Add a sanity check to ensure the measurement log actually contains as
much data as the event size reports.
2019-10-08 09:57:09 -07:00
Brandon Weeks
74a97ba02f Revert WIP fuzzing work 2019-10-08 18:08:43 +11:00
Brandon Weeks
58786a4742 Target gofuzz build tag instead of cgo
go-fuzz + libFuzzer can't be built with `CGO_ENABLED=0`.
2019-10-08 17:52:40 +11:00
Brandon Weeks
355782cbf9 Fix building without cgo 2019-10-08 17:19:02 +11:00
Brandon Weeks
59a5f6851d Simple fuzzer for ParseEventLog 2019-10-08 16:09:51 +11:00
Tom D
de6a3af7e4
Add config struct for AttestPlatform(), to configure event log source (#118) 2019-10-03 11:09:32 -07:00
Tom D
56dc743f14
Support AIKPublic.validate20Quote() consuming PCRs not part of the quote (#115) 2019-09-26 15:11:31 -07:00
Tom D
20ad7d44ab
Implement helper method + struct for getting a platform attestation (#113) 2019-09-26 13:00:20 -07:00
Tom D
82c790063a
Support verifying the event log with multiple PCR values for a given PCR (#112) 2019-09-25 14:50:17 -07:00
Tom D
3381804469
Expose information about a failing replay via ReplayErr structure (#110) 2019-09-24 11:03:21 -07:00
Tom D
cf79e026c5
Implement fmt.Stringer on HashAlg (#109) 2019-09-23 12:37:40 -07:00
Eric Chiang
51b8d116ec attest: address lint feedback
* Make comment directly above _ import
* Fix godoc for AttestationParameters
* Don't declare variable and assign the zero value (var x int = 0)
2019-09-20 10:34:07 -07:00
Tom D
0f650714d9
Fix verification errors for quotes generated using AK's with SigScheme.Hash = SHA1 (#105)
* Remove artificial requirement for composite digest to match PCR bank digest
2019-09-20 09:07:49 -07:00
Eric Chiang
33a0bbe4ea attest: expose algorithms used in measurement log
Expose the algorithms that are used in the measurement log. This lets
clients generate PCR measurements that match their log digests.
2019-09-19 15:28:22 -07:00
Eric Chiang
39d2f6efff attest: don't define exported API in files with build tags
It's best practice to define as much code, especially exported API, in
files that can build on any platform. With as little code as possible in
OS specific files.

Ensure files with build tags don't contain any exported APIs. This helps
us not accidentally define API that only works on one platform, or have
incompatible method defintions between OSes.

TODO: follow up with an "unsupported" implementation so this builds on
Mac or without CGO (e.g. for servers)?
2019-09-19 13:50:38 -07:00
Tom D
a406c399ba
Add error for passing non-SHA1 algorithm to Quote() on TPM1.2, compute the go-tpm/tpm2 alg in more standard way (#100) 2019-09-18 10:16:00 -07:00
Tom D
e7e8befcc7
Fix 'failed to verify quote: quote used unknown tpm version 0x0' (#99) 2019-09-13 13:03:26 -07:00
Eric Chiang
cbf14e4244 internal/eventlog: only trust the first time an event is written to the log (#95)
Ensure an attacker can't alter the value we interpret by appending an entry of
the same type to the eventlog. Don't worry about events that come before the
EV_SEPARATOR for now.
2019-09-06 10:20:43 -07:00
Eric Chiang
9021153e89 internal/eventlog: add code for parsing secure boot variables
This is being prototyped in an internal package as we start to open
source. This code will either live in attest, or in a separate eventlog
package in the future.
2019-09-04 14:25:48 -07:00
Tom D
07feb34890
Add example for AIKPublic.Verify (#89) 2019-08-29 11:26:42 -07:00
Tom D
4ef1479ae1
Separate quote verification from EventLog API #85 (#87) 2019-08-28 16:59:46 -07:00
Eric Chiang
e688ff6d7f attest: rename MintAIK and MintOptions to NewAIK and AIKConfig
This helps the godoc read better and is more inline with Go's naming
scheme. No functional changes made, just naming.
2019-08-28 09:25:14 -07:00
Tom D
fefdb7d336
Add quote example, add note to Activation.Generate() about use of subtle to prevent timing attacks (#84) 2019-08-27 16:15:48 -07:00
Tom D
d2afca77f5
Implement example for AIK creation and activation. (#83) 2019-08-27 12:40:58 -07:00
Eric Chiang
78755e7a91 attest: remove Log statements from tests (#81)
Tests generally shouldn't print anything unless they fail.
2019-08-21 10:28:55 -07:00
Eric Chiang
9b6caf1273 attest: use provided randomness source when generating challenges (#80)
Currently the activation challenge lets a caller supply a source of
randomness other than crypto/rand, but it's not used in some places.
Plumb the source through the call chain.
2019-08-21 10:28:19 -07:00
Eric Chiang
bfcbe8f1e2 attest: re-work EK API (#79)
This PR adds:
* Renames 'PlatformEK' to 'EK'
* More consistant support of EKs without certificates
* Removes HTTP GET to Intel EK certificate service
* Always populates EK.Public
2019-08-21 10:26:55 -07:00
Eric Chiang
cd07b32602 attest: add testdata for crypto agile event (#82)
Test data copied from
https://github.com/mwiseman32/Attestation-annotation
2019-08-21 10:00:18 -07:00
Tom D
6e2e8693ad
75: Make PCRs() take the digest algorithm (#77) 2019-08-20 11:52:12 -07:00
Eric Chiang
262599a8df attest: add event log parsing logic
This PR adds event log parsing logic. It's main goal is to require
validation at the same time as parsing, so structured events are always
verified against a quote. This new API replaces the exisitng "verifier"
package.

It's not a goal of this PR to parse the event data. This will be a
follow up, but since different users might want to parse different
events based on the OS, this API lets users of this package implement
custom event data parsing if they absolutely need to.
2019-08-19 23:50:31 -07:00
Tom D
a1822903b4
Add dump mode to attest-tool. (#70) 2019-08-13 14:53:38 -07:00
Tom D
3d58c70c6a
Add firmware version to TPMInfo for TPM 2.0 devices. (#67) 2019-08-08 11:31:09 +10:00
Eric Chiang
3a523cf51f
Merge pull request #62 from ericchiang/aik_pub
attest: move public key parsing server side
2019-08-07 08:05:08 -07:00
Tom D
55b3a2dc04
Update vendors list (#57) 2019-08-06 16:47:13 -07:00
Eric Chiang
7d7676beda attest: move public key parsing server side
Event log parsing requires knowning both the public key and signing
parameters. Symmantically, this information should be from an attested
public key blob, not additional data passed by the client.

Introduce a new method for parsing an AIK's public key blob, returning
a new AIKPublic struct.
2019-08-06 11:09:20 -07:00
Eric Chiang
59036c6bcb
Merge pull request #60 from ericchiang/key_purpose
attest: remove unused KeyPurpose exported type
2019-08-06 09:48:50 -07:00
Eric Chiang
8e83383df9 attest: improve documentation of ActivateCredential (#61) 2019-08-05 17:39:57 -07:00
Eric Chiang
9020140437 attest-tool: aik.json shouldn't be executable (#65) 2019-08-05 17:39:25 -07:00
Eric Chiang
833a7e119f attest: remove unused KeyPurpose exported type
Was going through the godoc and it's not clear that this is ever used.
To clean up the API, remove KeyPurpose for now. This could probably be
an internal validation anyway, right?
2019-07-30 07:42:42 -07:00
Tom D
f3f08037f8
Make SRK/AIK templates consistent with go-tpm-tools (#58) 2019-07-26 13:16:47 -07:00
Tom D
8f4f17e679
Implement credential activation API (#56) 2019-07-23 15:22:53 -07:00
Eric Chiang
2464131d7c Add a Public() method to the AIK that returns a public key (#55)
We plan to identify AIKs based on their public key. The raw blob should
be available via the AttestationParameters, but we hope that users will
only use that struct for generating challenges.

Because this parses the public key on AIK creation and loading, this PR
should have existing coverage.
2019-07-22 09:18:51 -07:00
Tom D
5f05ce5cec
Fix attest-tool (#54)
* Fix attest-tool
2019-07-19 14:07:02 -07:00
Tom D
90e37eacce
Refactor part 1: Refactor logic for keys into structs for each TPM/platform invariant. (#53)
* Refactor serialized keys into own structure, in preparation for making Key an interface.

* Refactor key logic into separate structures for each platform/TPMversion invariant.

* Implement review feedback
2019-07-19 13:05:18 -07:00
Tom D'Netto
da446762c0 Implement fetch from ekcert server if no EKs are found, and the TPM is from intel. 2019-07-17 15:15:29 -07:00
Tom D
0f6a187a1c
Fix sig mismatch in AIK certification (#50) 2019-07-12 10:30:30 -07:00
Tom D
372fcf25d0
Try reading the EKCert from PCP_EKNVCERT (#46) 2019-06-25 15:19:12 -07:00
Tom D
113729bb8b
Add indication to EKCert error string for when NVRAM value was unwrapped (#45) 2019-06-20 10:58:41 -07:00
Tom D
7585e609b4
Remove main.go (#44) 2019-06-18 09:11:08 -07:00
Tom D
ba4708dfc8
Rename attest-tool to match rules for BUILD targets (#43)
* Implement example cmd-line binary.

* Add ability to generate random nonce

* Rename attest-tool to match rules for BUILD files
2019-06-18 09:09:39 -07:00
Tom D
04f428d103
Implement example cmd-line binary. (#42)
* Implement example cmd-line binary.

* Add ability to generate random nonce
2019-06-17 15:50:05 -07:00
Tom D
1eb89bd0b8
Use certificate-transparency asn1 parser (#41) 2019-06-12 11:14:43 -07:00
Tom D
7c3baced09
Fix typos. (#40) 2019-06-12 10:15:42 -07:00
Tom D
8afa43fc13
Better error messages for parseCert() (#39) 2019-06-12 10:11:18 -07:00
Tom D
8ac2846c80
Attempt fix for EKCert parsing errors when falling back to NVRAM (#38)
* Fix parsing errors for EKCert when falling back to NVRAM
2019-06-11 10:52:49 -07:00
Tom D
7f17046a60
Fix broken build on windows. (#36)
* Attempt to read the EK from NVRAM if the system cert store cannot provide it.

* Fix broken build on windows.
2019-06-06 13:15:55 -07:00
Tom D
3dc8a7d841
Attempt to read the EK from NVRAM if the system cert store cannot provide it. (#35) 2019-06-06 13:11:40 -07:00
Tom D
1611c5ab72
Fix quote generation on windows TPM 1.2 devices (#34) 2019-05-20 12:34:17 -07:00
Tom D
5b7e00554a
Implement new credential activation scheme for windows (#33)
* Implement new credential activation scheme for windows
2019-05-16 15:51:01 -07:00
Tom D
70c839779d
Moar error codes (#32) 2019-05-15 12:57:08 -07:00
Tom D
dbbcfcc4b8
Fix conversion to more specific windows error messages. (#31) 2019-05-15 12:27:19 -07:00
Tom D
20b39443ef
Fix ActivateCredential for TPM 1.2 on windows (#30) 2019-05-15 10:36:54 -07:00
Tom D
7b5f790215
Fix broken DLL MustFindProc. (#29) 2019-05-14 14:44:33 -07:00
Tom D
55ce06b8f2
Decode windows TPM/PCP errors to more specific descriptions. (#28) 2019-05-14 11:42:44 -07:00
Tom D
ac78180218
Implement key deletion on Windows (#27)
* Implement key deletion on Windows

* Dont forget 2nd parameter in call to NCryptDeleteKey
2019-05-13 14:41:55 -07:00
Tom D
2ff4e84fcb
Check the state of the TPM before opening it on windows (#26)
* Check the state of the TPM before opening it on windows
2019-05-13 14:13:16 -07:00
Tom D
2da0098d9d
Switch over to trying the PCP provider for TPM 1.2, to mitigate missing ownerauth. (#25)
* Implement decoding for TPM 1.2 PCP AIK properties

* Switch all TPM 1.2 methods that rely on ownerAuth to use the PCP API.
2019-05-03 13:27:48 -07:00
Tom D
8e4a5ce762
Ignore slightly malformed EKs so attestation can continue. (#24) 2019-05-02 13:43:50 -07:00
Tom D
4ee1aa81b1
Add more logging to MintAIK() (#22) 2019-04-30 08:47:44 -07:00
Denis Karch
125f464487 Fix typo (had nonce and pcr data backwards) 2019-04-25 10:15:54 -07:00
Denis Karch
1643d281b5 Fix call to NewQuoteInfo 2019-04-24 14:26:48 -07:00
DenisKarch
97d50a1edc Use go-tpm NewQuoteInfo (#18) 2019-04-24 13:55:44 -07:00