diff --git a/attestationreport/attestationreport.go b/attestationreport/attestationreport.go index c12afa0..1ed5b65 100644 --- a/attestationreport/attestationreport.go +++ b/attestationreport/attestationreport.go @@ -82,17 +82,14 @@ type Validity struct { NotAfter string `json:"notAfter" cbor:"1,keyasint"` } -// DetailedMeasurement represents the digests of a measurement, e.g., of a single PCR. -// -// If the type is 'PCR Summary', Summary is the final PCR value. -// -// If the type is 'PCR Eventlog', Events contains a list of the extends that lead to the final -// PCR value. The list is retrieved by the prover, e.g., from the TPM binary bios measurements -// list or the IMA runtime measurements list. -// -// If the type is 'SW Eventlog', Events contains a list of digests that have been recorded as -// SW measurements -type DetailedMeasurement struct { +// Artifact represents the digests of a measurement, e.g., of a single PCR. +// If the type is 'PCR Summary', Summary is the final PCR value. +// If the type is 'PCR Eventlog', Events contains a list of the extends that lead to the final +// PCR value. The list is retrieved by the prover, e.g., from the TPM binary bios measurements +// list or the IMA runtime measurements list. +// If the type is 'SW Eventlog', Events contains a list of digests that have been recorded as +// SW measurements +type Artifact struct { Type string `json:"type" cbor:"0,keyasint"` // PCR Summary, PCR Eventlog, SW Eventlog Pcr *int `json:"pcr,omitempty" cbor:"1,keyasint"` Summary HexByte `json:"summary,omitempty" cbor:"2,keyasint,omitempty"` // Either summary @@ -115,11 +112,11 @@ type CtrData struct { // elements of type 'TPM Measurement', 'SNP Measurement', 'TDX Measurement', // 'SGX Measurement', 'IAS Measurement' or 'SW Measurement' type Measurement struct { - Type string `json:"type" cbor:"0,keyasint"` - Evidence []byte `json:"evidence,omitempty" cbor:"1,keyasint"` - Certs [][]byte `json:"certs,omitempty" cbor:"3,keyasint"` - Signature []byte `json:"signature,omitempty" cbor:"2,keyasint,omitempty"` - Details []DetailedMeasurement `json:"details,omitempty" cbor:"4,keyasint,omitempty"` + Type string `json:"type" cbor:"0,keyasint"` + Evidence []byte `json:"evidence,omitempty" cbor:"1,keyasint"` + Certs [][]byte `json:"certs,omitempty" cbor:"3,keyasint"` + Signature []byte `json:"signature,omitempty" cbor:"2,keyasint,omitempty"` + Artifacts []Artifact `json:"details,omitempty" cbor:"4,keyasint,omitempty"` } type SnpPolicy struct { diff --git a/attestationreport/json.go b/attestationreport/json.go index 14615ec..18e5316 100644 --- a/attestationreport/json.go +++ b/attestationreport/json.go @@ -86,7 +86,7 @@ func (s JsonSerializer) Unmarshal(data []byte, v any) error { // Sign signs data with the specified driver 'signer' (to enale hardware-based signatures) func (s JsonSerializer) Sign(data []byte, signer Driver) ([]byte, error) { - log.Trace("Signing data length %v", len(data)) + log.Tracef("Signing data length %v", len(data)) // This allows the signer to ensure mutual access for signing, if required signer.Lock() diff --git a/swdriver/swdriver.go b/swdriver/swdriver.go index 18b74d8..d1729ac 100644 --- a/swdriver/swdriver.go +++ b/swdriver/swdriver.go @@ -146,7 +146,7 @@ func (s *Sw) Measure(nonce []byte) (ar.Measurement, error) { return ar.Measurement{}, fmt.Errorf("failed to unmarshal measurement list: %w", err) } - dm := ar.DetailedMeasurement{ + dm := ar.Artifact{ Type: "SW Eventlog", } @@ -164,10 +164,10 @@ func (s *Sw) Measure(nonce []byte) (ar.Measurement, error) { } m := ar.Measurement{ - Type: "SW Measurement", - Evidence: evidence, - Details: []ar.DetailedMeasurement{dm}, - Certs: internal.WriteCertsDer(s.certChain), + Type: "SW Measurement", + Evidence: evidence, + Artifacts: []ar.Artifact{dm}, + Certs: internal.WriteCertsDer(s.certChain), } log.Warnf("EVI: %v", base64.StdEncoding.EncodeToString(evidence)) diff --git a/tpmdriver/tpmdriver.go b/tpmdriver/tpmdriver.go index 6257785..9c88c1e 100644 --- a/tpmdriver/tpmdriver.go +++ b/tpmdriver/tpmdriver.go @@ -225,7 +225,7 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) { log.Tracef("Collected %v binary bios measurements", len(biosMeasurements)) } - hashChain := make([]ar.DetailedMeasurement, len(t.Pcrs)) + hashChain := make([]ar.Artifact, len(t.Pcrs)) for i, num := range t.Pcrs { events := make([]ar.MeasureEvent, 0) @@ -248,7 +248,7 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) { } } - pcrMeasurement := ar.DetailedMeasurement{} + pcrMeasurement := ar.Artifact{} pcrMeasurement.Pcr = new(int) *pcrMeasurement.Pcr = num @@ -337,10 +337,10 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) { Evidence: quote.Quote, Signature: quote.Signature, Certs: internal.WriteCertsDer(t.MeasuringCerts), - Details: hashChain, + Artifacts: hashChain, } - for _, elem := range tm.Details { + for _, elem := range tm.Artifacts { if elem.Type == "PCR Summary" { log.Tracef("PCR%v: %v", *elem.Pcr, hex.EncodeToString(elem.Summary)) } else if elem.Type == "PCR Eventlog" { diff --git a/verify/iat_test.go b/verify/iat_test.go index 0d9f536..f89008c 100644 --- a/verify/iat_test.go +++ b/verify/iat_test.go @@ -144,7 +144,7 @@ func Test_verifyIasMeasurements(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - _, got := verifyIasMeasurements(*tt.args.IasM, tt.args.nonce, tt.args.referenceValues, []*x509.Certificate{tt.args.ca}) + _, got := verifyIasMeasurements(*tt.args.IasM, tt.args.nonce, []*x509.Certificate{tt.args.ca}, tt.args.referenceValues) if got != tt.want { t.Errorf("verifyIasMeasurements() error = %v, wantErr %v", got, tt.want) return diff --git a/verify/sw.go b/verify/sw.go index 81904ce..19bb2ad 100644 --- a/verify/sw.go +++ b/verify/sw.go @@ -59,7 +59,7 @@ func verifySwMeasurements(swMeasurement ar.Measurement, nonce []byte, cas []*x50 // Check that reference values are reflected by mandatory measurements for _, v := range refVals { found := false - for _, swm := range swMeasurement.Details { + for _, swm := range swMeasurement.Artifacts { for _, event := range swm.Events { if bytes.Equal(event.Sha256, v.Sha256) { found = true @@ -84,7 +84,7 @@ func verifySwMeasurements(swMeasurement ar.Measurement, nonce []byte, cas []*x50 } // Check that every measurement is reflected by a reference value - for _, swm := range swMeasurement.Details { + for _, swm := range swMeasurement.Artifacts { for _, event := range swm.Events { found := false for _, ref := range refVals { diff --git a/verify/tpm.go b/verify/tpm.go index 5724e54..08dfcb3 100644 --- a/verify/tpm.go +++ b/verify/tpm.go @@ -73,13 +73,13 @@ func verifyTpmMeasurements(tpmM ar.Measurement, nonce []byte, cas []*x509.Certif // together then compare sum := make([]byte, 0) - for i := range tpmM.Details { - if tpmM.Details[i].Pcr == nil { + for i := range tpmM.Artifacts { + if tpmM.Artifacts[i].Pcr == nil { log.Tracef("PCR not specified") result.Summary.SetErr(ar.PcrNotSpecified) return result, false } - pcr := *tpmM.Details[i].Pcr + pcr := *tpmM.Artifacts[i].Pcr _, ok := calculatedPcrs[pcr] if !ok { continue @@ -145,7 +145,7 @@ func recalculatePcrs(measurement ar.Measurement, referenceValues []ar.ReferenceV calculatedPcrs := make(map[int][]byte) // Iterate over the provided measurement - for _, measuredPcr := range measurement.Details { + for _, measuredPcr := range measurement.Artifacts { pcrResult := ar.DigestResult{ Pcr: measuredPcr.Pcr, @@ -310,7 +310,7 @@ func recalculatePcrs(measurement ar.Measurement, referenceValues []ar.ReferenceV // Check if measurement contains the reference value PCR foundPcr := false - for _, measuredPcr := range measurement.Details { + for _, measuredPcr := range measurement.Artifacts { if measuredPcr.Pcr == nil { log.Trace("PCR not specified") diff --git a/verify/tpm_test.go b/verify/tpm_test.go index 812771f..d3591aa 100644 --- a/verify/tpm_test.go +++ b/verify/tpm_test.go @@ -49,7 +49,7 @@ func Test_verifyTpmMeasurements(t *testing.T) { Evidence: validQuote, Signature: validSignature, Certs: validTpmCertChain, - Details: validSummaryHashChain, + Artifacts: validSummaryHashChain, }, nonce: validTpmNonce, referenceValues: validReferenceValues, @@ -66,7 +66,7 @@ func Test_verifyTpmMeasurements(t *testing.T) { Evidence: validQuote, Signature: validSignature, Certs: validTpmCertChain, - Details: validHashChain, + Artifacts: validHashChain, }, nonce: validTpmNonce, referenceValues: validReferenceValues, @@ -83,7 +83,7 @@ func Test_verifyTpmMeasurements(t *testing.T) { Evidence: validQuote, Signature: validSignature, Certs: validTpmCertChain, - Details: validSummaryHashChain, + Artifacts: validSummaryHashChain, }, nonce: invalidTpmNonce, referenceValues: validReferenceValues, @@ -100,7 +100,7 @@ func Test_verifyTpmMeasurements(t *testing.T) { Evidence: validQuote, Signature: invalidSignature, Certs: validTpmCertChain, - Details: validSummaryHashChain, + Artifacts: validSummaryHashChain, }, nonce: validTpmNonce, referenceValues: validReferenceValues, @@ -117,7 +117,7 @@ func Test_verifyTpmMeasurements(t *testing.T) { Evidence: validQuote, Signature: validSignature, Certs: validTpmCertChain, - Details: invalidSummaryHashChain, + Artifacts: invalidSummaryHashChain, }, nonce: validTpmNonce, referenceValues: validReferenceValues, @@ -134,7 +134,7 @@ func Test_verifyTpmMeasurements(t *testing.T) { Evidence: validQuote, Signature: validSignature, Certs: validTpmCertChain, - Details: invalidHashChain, + Artifacts: invalidHashChain, }, nonce: validTpmNonce, referenceValues: validReferenceValues, @@ -151,7 +151,7 @@ func Test_verifyTpmMeasurements(t *testing.T) { Evidence: validQuote, Signature: invalidSignature, Certs: validTpmCertChain, - Details: validSummaryHashChain, + Artifacts: validSummaryHashChain, }, nonce: validTpmNonce, referenceValues: invalidReferenceValues, @@ -168,7 +168,7 @@ func Test_verifyTpmMeasurements(t *testing.T) { Evidence: validQuote, Signature: validSignature, Certs: validTpmCertChain, - Details: validSummaryHashChain, + Artifacts: validSummaryHashChain, }, nonce: validTpmNonce, referenceValues: validReferenceValues, @@ -185,7 +185,7 @@ func Test_verifyTpmMeasurements(t *testing.T) { Evidence: validQuote, Signature: validSignature, Certs: invalidTpmCertChain, - Details: validSummaryHashChain, + Artifacts: validSummaryHashChain, }, nonce: validTpmNonce, referenceValues: validReferenceValues, @@ -200,7 +200,7 @@ func Test_verifyTpmMeasurements(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, got1 := verifyTpmMeasurements(*tt.args.tpmM, tt.args.nonce, tt.args.referenceValues, tt.args.cas) + got, got1 := verifyTpmMeasurements(*tt.args.tpmM, tt.args.nonce, tt.args.cas, tt.args.referenceValues) if got1 != tt.want1 { t.Errorf("verifyTpmMeasurements() --GOT1-- = %v, --WANT1-- %v", got1, tt.want1) } @@ -249,7 +249,7 @@ var ( invalidSignature, _ = hex.DecodeString("0014000b0100740e077a77ff6ac21754d036f751f5f8ec5ec59448aab05bb5fd2b5d81df58bde3550d855ecf16cd25e36b5688122cfaac1a86ab94954b81d49a1b7fc7648ad26b8b808ce846fe7fd49355d2461d049904e97aa687749d55510f09b7c8610b95b6d557ebdaa25a19bfa1663f236419a1a8d974dd05b14de7f28fbce0a54c3ac428a9cf7f0752cc290580ff8d63e33050c0f53582ae24fe4d30792da71d5ef93581e3371147ed4732a0c0c0461489b1b64b1f28dd5153dbc674f04a21e279833433eabec1642cd386fdca6e52b583b2c914ebcd3c7a334214dc5e7c02880b033e321cb261ed6044785e70599d269511f83a20ee45034f0803d623763d461ce763") - validSummaryHashChain = []ar.DetailedMeasurement{ + validSummaryHashChain = []ar.Artifact{ { Type: "PCR Summary", Pcr: ptr(1), @@ -262,7 +262,7 @@ var ( }, } - invalidSummaryHashChain = []ar.DetailedMeasurement{ + invalidSummaryHashChain = []ar.Artifact{ { Type: "PCR Summary", Pcr: ptr(1), @@ -275,7 +275,7 @@ var ( }, } - validHashChain = []ar.DetailedMeasurement{ + validHashChain = []ar.Artifact{ { Type: "PCR Eventlog", Pcr: ptr(1), @@ -304,7 +304,7 @@ var ( }, } - invalidHashChain = []ar.DetailedMeasurement{ + invalidHashChain = []ar.Artifact{ { Type: "PCR Eventlog", Pcr: ptr(1), diff --git a/verify/verify_test.go b/verify/verify_test.go index ec27db7..3743a57 100644 --- a/verify/verify_test.go +++ b/verify/verify_test.go @@ -313,17 +313,6 @@ func TestVerify(t *testing.T) { }, want: ar.VerificationResult{Success: true}, }, - { - name: "Nonce mismatch", - args: args{ - serializer: ar.JsonSerializer{}, - rtmManifest: validRtmManifest, - osManifest: validOsManifest, - deviceDescription: validDeviceDescription, - nonce: []byte{}, - }, - want: ar.VerificationResult{Success: false}, - }, { // expected aggregated CertificationLevel in Manifests for // empty measurement is max. 1 (here CertificationLevel = 3) @@ -412,8 +401,7 @@ func TestVerify(t *testing.T) { log.Trace("Generating a Sample Report") ar := ar.AttestationReport{ - Type: "Attestation Report", - Nonce: tt.args.nonce, + Type: "Attestation Report", } // Preparation: create signed manifests and deviceDescription