mirror of
https://github.com/google/go-attestation.git
synced 2025-01-14 00:29:44 +00:00
33a0bbe4ea
Expose the algorithms that are used in the measurement log. This lets clients generate PCR measurements that match their log digests.
118 lines
2.9 KiB
Go
118 lines
2.9 KiB
Go
// Copyright 2019 Google Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
|
// use this file except in compliance with the License. You may obtain a copy of
|
|
// the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
// License for the specific language governing permissions and limitations under
|
|
// the License.
|
|
|
|
package attest
|
|
|
|
import (
|
|
"encoding/json"
|
|
"io/ioutil"
|
|
"testing"
|
|
|
|
"github.com/google/go-tpm/tpm2"
|
|
)
|
|
|
|
// Dump describes the layout of serialized information from the dump command.
|
|
type Dump struct {
|
|
Static struct {
|
|
TPMVersion TPMVersion
|
|
EKPem []byte
|
|
}
|
|
|
|
AIK AttestationParameters
|
|
|
|
Quote struct {
|
|
Nonce []byte
|
|
Alg HashAlg
|
|
Quote []byte
|
|
Signature []byte
|
|
}
|
|
|
|
Log struct {
|
|
PCRs []PCR
|
|
PCRAlg tpm2.Algorithm
|
|
Raw []byte // The measured boot log in binary form.
|
|
}
|
|
}
|
|
|
|
func TestParseEventLogWindows(t *testing.T) {
|
|
testParseEventLog(t, "testdata/windows_gcp_shielded_vm.json")
|
|
}
|
|
|
|
func TestParseEventLogLinux(t *testing.T) {
|
|
testParseEventLog(t, "testdata/linux_tpm12.json")
|
|
}
|
|
|
|
func testParseEventLog(t *testing.T, testdata string) {
|
|
data, err := ioutil.ReadFile(testdata)
|
|
if err != nil {
|
|
t.Fatalf("reading test data: %v", err)
|
|
}
|
|
var dump Dump
|
|
if err := json.Unmarshal(data, &dump); err != nil {
|
|
t.Fatalf("parsing test data: %v", err)
|
|
}
|
|
if _, err := ParseEventLog(dump.Log.Raw); err != nil {
|
|
t.Fatalf("parsing event log: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestParseCryptoAgileEventLog(t *testing.T) {
|
|
data, err := ioutil.ReadFile("testdata/crypto_agile_eventlog")
|
|
if err != nil {
|
|
t.Fatalf("reading test data: %v", err)
|
|
}
|
|
if _, err := ParseEventLog(data); err != nil {
|
|
t.Fatalf("parsing event log: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestEventLogLinux(t *testing.T) {
|
|
testEventLog(t, "testdata/linux_tpm12.json")
|
|
}
|
|
|
|
func TestEventLog(t *testing.T) {
|
|
testEventLog(t, "testdata/windows_gcp_shielded_vm.json")
|
|
}
|
|
|
|
func testEventLog(t *testing.T, testdata string) {
|
|
data, err := ioutil.ReadFile(testdata)
|
|
if err != nil {
|
|
t.Fatalf("reading test data: %v", err)
|
|
}
|
|
var dump Dump
|
|
if err := json.Unmarshal(data, &dump); err != nil {
|
|
t.Fatalf("parsing test data: %v", err)
|
|
}
|
|
|
|
aik, err := ParseAIKPublic(dump.Static.TPMVersion, dump.AIK.Public)
|
|
if err != nil {
|
|
t.Fatalf("parsing AIK: %v", err)
|
|
}
|
|
if err := aik.Verify(Quote{
|
|
Version: dump.Static.TPMVersion,
|
|
Quote: dump.Quote.Quote,
|
|
Signature: dump.Quote.Signature,
|
|
}, dump.Log.PCRs, dump.Quote.Nonce); err != nil {
|
|
t.Fatalf("verifying quote: %v", err)
|
|
}
|
|
|
|
el, err := ParseEventLog(dump.Log.Raw)
|
|
if err != nil {
|
|
t.Fatalf("parsing event log: %v", err)
|
|
}
|
|
if _, err := el.Verify(dump.Log.PCRs); err != nil {
|
|
t.Fatalf("validating event log: %v", err)
|
|
}
|
|
}
|