Commit Graph

289 Commits

Author SHA1 Message Date
Matthew Garrett
9176b4bcb6 Pay attention to digest size information in the headers
Crypto agile logs may contain digest types that we don't currently
handle. However, we still need to know how long each digest is in order
to read over the appropriate amount of the buffer. This information is
provided to us as part of the spec header - make use of it rather than
hardcoding the set of digests and lengths we know about.
2019-12-10 12:28:28 -08:00
Eric Chiang
bb3d835294
Merge pull request #145 from ericchiang/event-log-disclosure
docs: add TCG disclosure report
2019-12-10 10:09:15 -08:00
Eric Chiang
fabec56c0e docs: add TCG disclosure report 2019-12-10 10:03:50 -08:00
Tom D
9746da2bfe
Fix uint16 overflow in ParseEKCertificate bounds check (#143) 2019-12-09 10:58:36 -08:00
Tom D
82eea759eb
Enable ParseAKPublic & ParseEKCertificate for fuzzing. (#141) 2019-12-04 15:04:06 -08:00
Tom D
814084b657
Validate signature scheme is present when decoding TPMT_PUBLIC blobs (#140) 2019-12-04 14:35:21 -08:00
Tom D
fb4487ace5
Implement self-test mode into attest-tool. (#137) 2019-11-08 09:52:59 -08:00
Eric Chiang
ecf3f3087d
Merge pull request #136 from ericchiang/readme
README.md: add more information and an example to the readme
2019-11-08 07:49:38 +01:00
Eric Chiang
6ba2320709
Merge pull request #134 from ericchiang/mod-tidy
go.sum: run go mod tidy
2019-11-07 09:33:07 +01:00
Eric Chiang
3b090f6cc8 README.md: add more information and an example to the readme 2019-11-07 09:31:40 +01:00
Eric Chiang
bd37cfce50
Merge pull request #135 from ericchiang/lint-names
attributecert: update names that golint complains about
2019-11-07 09:16:41 +01:00
Eric Chiang
6cfb57c8eb attributecert: update names that golint complains about
golint current generates complaints:

        var oidTpmIdLabel should be oidTpmIDLabel
        var oidTcgPlatformManufacturerIdV2 should be oidTcgPlatformManufacturerIDV2
        var oidTcgPlatformConfigUri should be oidTcgPlatformConfigURI

Update names to satisfy golint.

The following commands were run to generate this change:

        gopls rename -w attributecert.go:44:2 oidTpmIDLabel
        gopls rename -w attributecert.go:54:2 oidTcgPlatformManufacturerIDV2
        gopls rename -w attributecert.go:55:2 oidTcgPlatformConfigURI
        gopls rename -w attributecert.go:163:6 authKeyID
        gopls rename -w attributecert.go:164:2 ID
        gopls rename -w attributecert.go:171:2 ID
        gopls rename -w attributecert.go:178:2 ID
        gopls rename -w attributecert.go:210:2 BaseCertificateID
        gopls rename -w attributecert.go:232:2 ID
        gopls rename -w attributecert.go:304:2 ID
        gopls rename -w attributecert.go:309:2 ID
        gopls rename -w attributecert.go:390:2 ComponentManufacturerID
        sed -i 's/Uri/URI/g' attributecert.go
        git clean -f

Updates #131
2019-11-06 11:09:02 +01:00
Eric Chiang
2737628247 go.sum: run go mod tidy 2019-11-06 09:15:19 +01:00
Matthew Garrett
f5fa92f739
First attempt at adding support for attribute certificates (#117)
Platform certificates are defined as RFC5755 attribute certificates with
various additional attributes and extensions defined in the TCG Platform
Certificate Profile. Add support for parsing them, derived from
crypto/x509. Include some test certificates and verify we parse them.
2019-10-27 23:12:15 -07:00
Eric Chiang
43f6c42dc3
Merge pull request #133 from ericchiang/hash-constructor
attest: work around tpm2 removal of Algorithm.HashConstructor()
2019-10-26 18:06:57 +09:00
Eric Chiang
7b7e21da78 attest: update go-tpm and switch hash method
go-tpm recently removed Algorithm.HashConstructor() in favor of
Algorithm.Hash(). Update go-tpm dependency and use the new method.
2019-10-18 10:39:55 -04:00
Tom D
25ce56400c
Fix linter errors, go fmt (#130) 2019-10-10 14:29:46 -07:00
Eric Chiang
9631d92677
Merge pull request #129 from ericchiang/fix-make
attest: fix another unbounded memory allocation
2019-10-09 09:33:51 -07:00
Eric Chiang
f0e8d0fe7c attest: fix another unbounded memory allocation
@brandonweeks detected another case of the "make([]T, untrustedValue)"
pattern, which would allow an attacker to cause the parser to allocate
an unbounded amount of memory.

Fix this by reading one algorithm at a time instead of pre-allocating a
slice of algorithms.
2019-10-09 08:39:15 -07:00
Brandon Weeks
2bc8d58530 ParseEventLog fuzz target
A go-fuzz target for the ParseEventLog function. It has been tested
with go-fuzz and go-fuzz + libFuzzer.

oss-fuzz requires a statically built fuzzer binary, so `gofuzz` build
tags are added to avoid building files that depend on go-tspi. A mock
tpm_other.go file is also included to satisfy the `platformTPM`
interface.
2019-10-09 10:05:21 +11:00
Brandon Weeks
73020b971b Rename AIK to AK everywhere
AIK is the terminology used as part of the TPM 1.2 specifications.
2019-10-09 08:56:19 +11:00
Eric Chiang
a0b6fcfd38
Merge pull request #127 from ericchiang/fix-dos
attest: ensure parsing event can't allocated unbounded memory
2019-10-08 13:18:10 -07:00
Eric Chiang
f365b3275e attest: ensure parsing event can't allocated unbounded memory
Add a sanity check to ensure the measurement log actually contains as
much data as the event size reports.
2019-10-08 09:57:09 -07:00
Brandon Weeks
74a97ba02f Revert WIP fuzzing work 2019-10-08 18:08:43 +11:00
Brandon Weeks
58786a4742 Target gofuzz build tag instead of cgo
go-fuzz + libFuzzer can't be built with `CGO_ENABLED=0`.
2019-10-08 17:52:40 +11:00
Brandon Weeks
355782cbf9 Fix building without cgo 2019-10-08 17:19:02 +11:00
Brandon Weeks
59a5f6851d Simple fuzzer for ParseEventLog 2019-10-08 16:09:51 +11:00
Tom D
de6a3af7e4
Add config struct for AttestPlatform(), to configure event log source (#118) 2019-10-03 11:09:32 -07:00
Tom D
56dc743f14
Support AIKPublic.validate20Quote() consuming PCRs not part of the quote (#115) 2019-09-26 15:11:31 -07:00
Eric Chiang
5d5d6d83ca
Merge pull request #114 from ericchiang/mod
go.mod: update using "go mod tidy"
2019-09-26 13:09:43 -07:00
Eric Chiang
ebcdccf2d5 go.mod: update using "go mod tidy"
After removing proto and verifier packages we no longer need the
protobuf package.
2019-09-26 13:06:07 -07:00
Tom D
20ad7d44ab
Implement helper method + struct for getting a platform attestation (#113) 2019-09-26 13:00:20 -07:00
Tom D
82c790063a
Support verifying the event log with multiple PCR values for a given PCR (#112) 2019-09-25 14:50:17 -07:00
Tom D
d029846083
Remove proto/ & verifier/ (#111) 2019-09-25 13:10:20 -07:00
Tom D
3381804469
Expose information about a failing replay via ReplayErr structure (#110) 2019-09-24 11:03:21 -07:00
Tom D
cf79e026c5
Implement fmt.Stringer on HashAlg (#109) 2019-09-23 12:37:40 -07:00
Tom D
b60a7ccac1
Update to latest go-tpm (#106) 2019-09-20 12:45:57 -07:00
Eric Chiang
7c4daab11e
Merge pull request #107 from ericchiang/lint
attest: address lint feedback
2019-09-20 12:37:20 -07:00
Eric Chiang
51b8d116ec attest: address lint feedback
* Make comment directly above _ import
* Fix godoc for AttestationParameters
* Don't declare variable and assign the zero value (var x int = 0)
2019-09-20 10:34:07 -07:00
Tom D
0f650714d9
Fix verification errors for quotes generated using AK's with SigScheme.Hash = SHA1 (#105)
* Remove artificial requirement for composite digest to match PCR bank digest
2019-09-20 09:07:49 -07:00
Eric Chiang
6fb354c252
Merge pull request #104 from ericchiang/measurement-hash
attest: expose algorithms used in measurement log
2019-09-19 16:02:57 -07:00
Eric Chiang
33a0bbe4ea attest: expose algorithms used in measurement log
Expose the algorithms that are used in the measurement log. This lets
clients generate PCR measurements that match their log digests.
2019-09-19 15:28:22 -07:00
Eric Chiang
c251eb0fbd
Merge pull request #101 from ericchiang/api
attest: don't define exported API in files with build tags
2019-09-19 13:58:37 -07:00
Eric Chiang
39d2f6efff attest: don't define exported API in files with build tags
It's best practice to define as much code, especially exported API, in
files that can build on any platform. With as little code as possible in
OS specific files.

Ensure files with build tags don't contain any exported APIs. This helps
us not accidentally define API that only works on one platform, or have
incompatible method defintions between OSes.

TODO: follow up with an "unsupported" implementation so this builds on
Mac or without CGO (e.g. for servers)?
2019-09-19 13:50:38 -07:00
Tom D
a406c399ba
Add error for passing non-SHA1 algorithm to Quote() on TPM1.2, compute the go-tpm/tpm2 alg in more standard way (#100) 2019-09-18 10:16:00 -07:00
Tom D
e7e8befcc7
Fix 'failed to verify quote: quote used unknown tpm version 0x0' (#99) 2019-09-13 13:03:26 -07:00
Tom D'Netto
cb4db13ccf Upgrade go-tpm to v0.2.0 2019-09-09 12:06:23 -07:00
Eric Chiang
cbf14e4244 internal/eventlog: only trust the first time an event is written to the log (#95)
Ensure an attacker can't alter the value we interpret by appending an entry of
the same type to the eventlog. Don't worry about events that come before the
EV_SEPARATOR for now.
2019-09-06 10:20:43 -07:00
Tom D
6242485b62
Write overview of the credential activation procedure (#93) 2019-09-05 13:03:58 -07:00
Eric Chiang
2d51b89cfa
Merge pull request #94 from ericchiang/sb
internal/eventlog: add code for parsing secure boot variables
2019-09-04 16:47:47 -07:00