The Connector Measurement Component (CMC) repository provides tools and software to enable remote attestation of computing platforms in the International Data Spaces (IDS).
License: Apache License 2.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Remove the temporary fork and use the original go-attestation library
➜ testclient git:(main) make
go build
go: downloading google.golang.org/genproto v0.0.0-20211112145013-271947fe86fd
testclient.go:36:2: [email protected]: replacement directory ../connectorlibrary does not exist
See https://goreportcard.com/report/github.com/Fraunhofer-AISEC/cmc
Mostly minor stuff, such as spelling mistakes and missing or non-standardised comments. Here is the output of golint:
➜ cmc git:(main) golint ./...
attestationreport/attestationreport.go:39:1: comment on exported type Measurement should be of the form "Measurement ..." (with optional leading article)
attestationreport/attestationreport.go:42:1: comment on exported type Measurer should be of the form "Measurer ..." (with optional leading article)
attestationreport/attestationreport.go:51:1: comment on exported type MeasurementParams should be of the form "MeasurementParams ..." (with optional leading article)
attestationreport/attestationreport.go:54:1: comment on exported type JsonType should be of the form "JsonType ..." (with optional leading article)
attestationreport/attestationreport.go:55:6: type JsonType should be JSONType
attestationreport/attestationreport.go:59:1: comment on exported type Validity should be of the form "Validity ..." (with optional leading article)
attestationreport/attestationreport.go:65:1: comment on exported type HashChainElem should be of the form "HashChainElem ..." (with optional leading article)
attestationreport/attestationreport.go:73:1: comment on exported type TpmCerts should be of the form "TpmCerts ..." (with optional leading article)
attestationreport/attestationreport.go:134:1: comment on exported type ExternalInterface should be of the form "ExternalInterface ..." (with optional leading article)
attestationreport/attestationreport.go:217:1: comment on exported type Name should be of the form "Name ..." (with optional leading article)
attestationreport/attestationreport.go:230:1: comment on exported type AttestationReportPlain should be of the form "AttestationReportPlain ..." (with optional leading article)
attestationreport/attestationreport.go:232:6: type name will be used as attestationreport.AttestationReportPlain by other packages, and that stutters; consider calling this Plain
attestationreport/attestationreport.go:244:1: comment on exported type AttestationReportJws should be of the form "AttestationReportJws ..." (with optional leading article)
attestationreport/attestationreport.go:245:6: type name will be used as attestationreport.AttestationReportJws by other packages, and that stutters; consider calling this Jws
attestationreport/attestationreport.go:267:1: comment on exported type TpmParams should be of the form "TpmParams ..." (with optional leading article)
attestationreport/attestationreport.go:281:1: comment on exported type SwParams should be of the form "SwParams ..." (with optional leading article)
attestationreport/attestationreport.go:294:1: comment on exported function GenAttestationReport should be of the form "GenAttestationReport ..."
attestationreport/attestationreport.go:407:1: comment on exported function SignAttestationReport should be of the form "SignAttestationReport ..."
attestationreport/attestationreport.go:456:1: comment on exported function VerifyAttestationReport should be of the form "VerifyAttestationReport ..."
attestationreport/attestationreport.go:742:9: if block ends with a return statement, so drop this else and outdent its block
attestationreport/attestationreport.go:1154:9: should omit 2nd value from range; this loop is equivalent to `for i := range ...`
cmcd/main.go:48:6: exported type Config should have comment or be unexported
cmcd/main.go:64:6: exported type Certs should have comment or be unexported
cmcd/main.go:66:2: struct field TlsCert should be TLSCert
cmcd/main.go:449:66: error strings should not be capitalized or end with punctuation or a newline
cmcd/main.go:473:66: error strings should not be capitalized or end with punctuation or a newline
cmcd/main.go:501:35: error strings should not be capitalized or end with punctuation or a newline
cmcd/main.go:509:9: if block ends with a return statement, so drop this else and outdent its block
ima/ima.go:30:2: don't use ALL_CAPS in Go names; use CamelCase
ima/ima.go:30:2: exported const SHA1_DIGEST_LEN should have comment (or a comment on this block) or be unexported
ima/ima.go:31:2: don't use ALL_CAPS in Go names; use CamelCase
ima/ima.go:32:2: don't use ALL_CAPS in Go names; use CamelCase
ima/ima.go:35:6: exported type Header should have comment or be unexported
ima/ima.go:41:6: exported type ImaTemplate should have comment or be unexported
ima/ima.go:41:6: type name will be used as ima.ImaTemplate by other packages, and that stutters; consider calling this Template
ima/ima.go:49:1: exported function GetImaRuntimeDigests should have comment or be unexported
provclient/provclient.go:31:6: exported type Pre should have comment or be unexported
provclient/provclient.go:36:6: exported type Content should have comment or be unexported
provclient/provclient.go:42:1: exported function FetchConnectorData should have comment or be unexported
provclient/provclient.go:105:11: should replace errors.New(fmt.Sprintf(...)) with fmt.Errorf(...)
provserver/server.go:56:6: exported type Config should have comment or be unexported
provserver/server.go:61:2: struct field HttpFolder should be HTTPFolder
provserver/server.go:66:6: exported type DataStore should have comment or be unexported
provserver/server.go:69:2: struct field TlsKeyParams should be TLSKeyParams
provserver/server.go:206:21: func parameter certificateUrl should be certificateURL
provserver/server.go:210:1: comment on exported function HandleAcRequest should be of the form "HandleAcRequest ..."
provserver/server.go:287:1: comment on exported function HandleAkCertRequest should be of the form "HandleAkCertRequest ..."
provserver/server.go:532:1: exported function VerifyEkCert should have comment or be unexported
provserver/server.go:600:9: should omit 2nd value from range; this loop is equivalent to `for i := range ...`
provserver/server.go:612:9: if block ends with a return statement, so drop this else and outdent its block
provserver/server_test.go:123:3: struct field certificateUrl should be certificateURL
testclient/testclient.go:38:6: exported type Mode should have comment or be unexported
testclient/testclient.go:41:2: exported const Generate should have comment (or a comment on this block) or be unexported
tpmdriver/tpmdriver.go:43:6: exported type Tpm should have comment or be unexported
tpmdriver/tpmdriver.go:45:6: exported type AcRequest should have comment or be unexported
tpmdriver/tpmdriver.go:50:2: struct field TlsKeyParams should be TLSKeyParams
tpmdriver/tpmdriver.go:53:6: exported type AcResponse should have comment or be unexported
tpmdriver/tpmdriver.go:58:6: exported type AkCertRequest should have comment or be unexported
tpmdriver/tpmdriver.go:64:6: exported type AkCertResponse should have comment or be unexported
tpmdriver/tpmdriver.go:67:2: struct field TlsCert should be TLSCert
tpmdriver/tpmdriver.go:72:1: comment on exported type Paths should be of the form "Paths ..." (with optional leading article)
tpmdriver/tpmdriver.go:77:2: struct field TlsKey should be TLSKey
tpmdriver/tpmdriver.go:79:2: struct field TlsCert should be TLSCert
tpmdriver/tpmdriver.go:91:1: comment on exported function IsTpmProvisioningRequired should be of the form "IsTpmProvisioningRequired ..."
tpmdriver/tpmdriver.go:120:1: comment on exported function OpenTpm should be of the form "OpenTpm ..."
tpmdriver/tpmdriver.go:139:1: comment on exported function CloseTpm should be of the form "CloseTpm ..."
tpmdriver/tpmdriver.go:149:1: comment on exported function GetTpmInfo should be of the form "GetTpmInfo ..."
tpmdriver/tpmdriver.go:170:1: comment on exported function GetAkQualifiedName should be of the form "GetAkQualifiedName ..."
tpmdriver/tpmdriver.go:227:1: comment on exported function ProvisionTpm should be of the form "ProvisionTpm ..."
tpmdriver/tpmdriver.go:230:19: func parameter provServerUrl should be provServerURL
tpmdriver/tpmdriver.go:298:1: comment on exported function LoadTpmKeys should be of the form "LoadTpmKeys ..."
tpmdriver/tpmdriver.go:332:1: comment on exported method Tpm.Measure should be of the form "Measure ..."
tpmdriver/tpmdriver.go:394:1: comment on exported function GetTpmMeasurement should be of the form "GetTpmMeasurement ..."
tpmdriver/tpmdriver.go:575:1: exported function GetTlsKey should have comment or be unexported
tpmdriver/tpmdriver.go:575:6: func GetTlsKey should be GetTLSKey
# github.com/Fraunhofer-AISEC/cmc/attestationreport
attestationreport/validationreport.go:97:2: struct field tag `json:appName` not compatible with reflect.StructTag.Get: bad syntax for struct tag value
attestationreport/validationreport.go:98:2: struct field tag `json:verificationName` not compatible with reflect.StructTag.Get: bad syntax for struct tag value
# github.com/Fraunhofer-AISEC/cmc/provclient
provclient/provclient.go:66:6: github.com/sirupsen/logrus.Warn call has possible formatting directive %v
# github.com/Fraunhofer-AISEC/cmc/tpmdriver
vet: tpmdriver/tpmdriver_test.go:69:14: undeclared name: GetTpmInfo
# github.com/Fraunhofer-AISEC/cmc/attestedtls
attestedtls/tpmkey.go:146:3: github.com/sirupsen/logrus.Error arg err.Error is a func value, not called
It probably makes sense to include go vet ./... in the CI build as well.
While reviewing implementation for attesting the X.509v3 Certificate Extension provided in the AMD VCEK against the Attestation Report retrieved from the AMD Secure Processor, I stumbled across a bug in the parsing of the X.509v3 Certificate Extensions. Currently the implementation is using the function checkExtensionUint8(...) (which is defined in attestationreport.go) to parse the values from the certificate.
According to the SNP ABI Specification, the value should be an 8-bits in length, which is correct:
| Bits | Field | Description |
|---|---|---|
| 63:56 | MICROCODE | • Lowest current patch level of all cores |
| ... | ... | ... |
However, according to RFC-5280 - Appendix B. ASN.1 Notes:
CAs MUST force the serialNumber to be a non-negative integer, that
is, the sign bit in the DER encoding of the INTEGER value MUST be
zero. This can be done by adding a leading (leftmost) `00'H octet if
necessary. This removes a potential ambiguity in mapping between a
string of octets and an integer value.
Which we will see when examining the contents of a VCEK certificate where that value is greater than 127:
Extension
Identifier: 1.3.6.1.4.1.3704.1.3.8
Value: 02 02 00 A9
Critical: No
Because this implementation is attempting to validate a specific value of 0x1 for the second octet, it will always return an error. Further, as it is attempting to parse an unsigned 8-bit integer from the wrong octet, if it didn't return an error, it would always fail to match the value present in the attestation report; as it will always be zero.
There are obviously a few ways this could be mitigated. One would be to check the second octet to derive the size from the certificate, and then parse that many bytes, down-casting the value to an unsigned 8-bit integer. Another way would be to check if the value doesn't equal one, and then parse the expected octet, instead.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.