Commit Graph

28 Commits

Author SHA1 Message Date
Tom D
82f2c9c2c7
Merge pull request from GHSA-99cg-575x-774p
* AKPublic.Verify: Return an error if a provided PCR of the correct
   digest was not included in the quote.
 * AKPublic.VerifyAll: Implement VerifyAll method, which can cross-check
   that provided PCRs were covered by quotes across PCR banks.
 * PCR.QuoteVerified(): Introduce getter method to expose whether a
   PCR value was covered during quote verification.
2022-01-31 09:10:07 -08:00
Brandon Weeks
2f8dbfc94e
Restore changes accidentally reverted during reconciliation (#256) 2021-12-08 16:43:38 -08:00
Tom D'Netto
0393b91867 Implement CombineEventlogs().
PiperOrigin-RevId: 410914994
2021-11-18 15:36:36 -08:00
Brandon Weeks
be496f1149 Internal change
PiperOrigin-RevId: 394330027
2021-09-01 15:39:03 -07:00
Timo Lindfors
e8c5dc4fd5 Fix minor spelling issues in comments 2021-08-10 12:18:55 -07:00
Go-Attestation Team
20a9e4b381 Internal change
PiperOrigin-RevId: 380881515
2021-06-22 20:41:11 +00:00
Brandon Weeks
b6c6a0c365
Parse TCG_PCClientPCREvent structures with an eventSize of 0 (#212) 2021-04-14 13:59:06 -07:00
Brandon Weeks
31ad4f57fd
Fix integer overflow in digest parsing (#211) 2021-04-13 15:57:16 -07:00
Dmitrii Okunev
b89180c3eb
bugfix(eventlog): Assume TPM1.2 events if NO_ACTION is too short (#208) 2021-04-13 10:46:15 -07:00
Eric Chiang
0efaf4b19f
attest: improve event log debugging (#190)
Event log verification is terrible and easy to mess up. Even if you
replay against the PCRs there are still values that can be tampered with
or reordered. PCRs also shouldn't be trusted unless they're attested to
have come from the correct TPM.

Given this, it seems advantageous to add some ability to consume raw
event logs, even if it's just for debugging.
2020-11-30 12:22:43 -08:00
Aditya Prakash
63c5188962
Export InvalidPCRs field in ReplayError (#189)
* Export InvalidPCRs field in ReplayError

In order to retrieve the Invalid PCRs which couldn't be replayed against the Event log, we need this field to be exported as this gives the exact and true information. Replay error events will give all the events, but doesn't give the exact PCR index which doesn't get replayed. 

Following is the test to extend PCR 7 and verify the PCRs 7,8,9 against the Event log. Output:
```
event log failed to verify: the following registers failed to replay: [7]
ReplayError Events:=[107]
Replay Error Events PCR indexes=[0 7 2 3 6 9 8 1 4 5]
```

* Add Comment to the exported field
2020-11-30 11:56:55 -08:00
Matthew Garrett
fe22f29ec8 Handle StartupLocality events
Systems with TXT enabled may issue the TPM2_Startup() command from a
locality other than 0. In this case, the initial value of PCR0 will
represent the locality that the call was made from. This is exposed to
higher layers by an EV_NO_ACTION event that has data containing the
NULL-terminated string "StartupLocality" followed by a single byte
representing the state of the locality. As this event is EV_NO_ACTION,
it does not represent an extension in itself.

So:

1) Ignore events that are EV_NO_ACTION when replaying the log, except:
2) For PCR0, if an event is EV_NO_ACTION and contains the string
"StartupLocality", use the final byte of the event data as the initial
value of PCR0 for the replay.
2020-06-11 13:18:05 -07:00
Tom D
67c0b4ad07
Add workaround in validation for missing exit boot services event log messages (#153) 2020-04-16 10:20:55 -07:00
Matthew Garrett
0815f5e221
Remove length-based hash lookups
Using the length of a digest to infer the hash algorithm is somewhat
fragile - if we end up with multiple hash algorithms that share the same
digest length, things will break. Instead, pass more complete digest
information through to relevant functions and figure things out by
mapping the TPM hash algorithm to the appropriate Golang type.
2020-04-14 14:38:24 -07:00
Brandon Weeks
e9e2656545 Return an error if event data size is 0 2020-01-08 13:43:10 -08:00
Tom D
e134551bb0
Implement extractor for determining secure boot state (#148) 2019-12-19 12:28:32 -08:00
Matthew Garrett
9176b4bcb6 Pay attention to digest size information in the headers
Crypto agile logs may contain digest types that we don't currently
handle. However, we still need to know how long each digest is in order
to read over the appropriate amount of the buffer. This information is
provided to us as part of the spec header - make use of it rather than
hardcoding the set of digests and lengths we know about.
2019-12-10 12:28:28 -08:00
Eric Chiang
f0e8d0fe7c attest: fix another unbounded memory allocation
@brandonweeks detected another case of the "make([]T, untrustedValue)"
pattern, which would allow an attacker to cause the parser to allocate
an unbounded amount of memory.

Fix this by reading one algorithm at a time instead of pre-allocating a
slice of algorithms.
2019-10-09 08:39:15 -07:00
Brandon Weeks
73020b971b Rename AIK to AK everywhere
AIK is the terminology used as part of the TPM 1.2 specifications.
2019-10-09 08:56:19 +11:00
Eric Chiang
f365b3275e attest: ensure parsing event can't allocated unbounded memory
Add a sanity check to ensure the measurement log actually contains as
much data as the event size reports.
2019-10-08 09:57:09 -07:00
Tom D
56dc743f14
Support AIKPublic.validate20Quote() consuming PCRs not part of the quote (#115) 2019-09-26 15:11:31 -07:00
Tom D
82c790063a
Support verifying the event log with multiple PCR values for a given PCR (#112) 2019-09-25 14:50:17 -07:00
Tom D
3381804469
Expose information about a failing replay via ReplayErr structure (#110) 2019-09-24 11:03:21 -07:00
Eric Chiang
51b8d116ec attest: address lint feedback
* Make comment directly above _ import
* Fix godoc for AttestationParameters
* Don't declare variable and assign the zero value (var x int = 0)
2019-09-20 10:34:07 -07:00
Tom D
0f650714d9
Fix verification errors for quotes generated using AK's with SigScheme.Hash = SHA1 (#105)
* Remove artificial requirement for composite digest to match PCR bank digest
2019-09-20 09:07:49 -07:00
Eric Chiang
33a0bbe4ea attest: expose algorithms used in measurement log
Expose the algorithms that are used in the measurement log. This lets
clients generate PCR measurements that match their log digests.
2019-09-19 15:28:22 -07:00
Tom D
4ef1479ae1
Separate quote verification from EventLog API #85 (#87) 2019-08-28 16:59:46 -07:00
Eric Chiang
262599a8df attest: add event log parsing logic
This PR adds event log parsing logic. It's main goal is to require
validation at the same time as parsing, so structured events are always
verified against a quote. This new API replaces the exisitng "verifier"
package.

It's not a goal of this PR to parse the event data. This will be a
follow up, but since different users might want to parse different
events based on the OS, this API lets users of this package implement
custom event data parsing if they absolutely need to.
2019-08-19 23:50:31 -07:00