remove Attested COS specific CEL parsing logic (google#597)

meetrajvala · Sibcgh · commit 6405c7ca9453 · 2026-02-13T18:53:19.000Z
diff --git a/server/verify.go b/server/verify.go
@@ -8,8 +8,6 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/google/go-eventlog/proto/state"
-	"github.com/google/go-eventlog/register"
 	"github.com/google/go-tpm-tools/internal"
 	pb "github.com/google/go-tpm-tools/proto/attest"
 	tpmpb "github.com/google/go-tpm-tools/proto/tpm"
@@ -138,26 +136,6 @@ func VerifyAttestation(attestation *pb.Attestation, opts VerifyOpts) (*pb.Machin
 			continue
 		}
 
-		pcrBank := register.PCRBank{TCGHashAlgo: state.HashAlgo(pcrs.Hash)}
-		digestAlg, err := pcrBank.TCGHashAlgo.CryptoHash()
-		if err != nil {
-			return nil, fmt.Errorf("invalid digest algorithm")
-		}
-
-		for pcrIndex, digest := range pcrs.GetPcrs() {
-			pcrBank.PCRs = append(pcrBank.PCRs, register.PCR{
-				Index:     int(pcrIndex),
-				Digest:    digest,
-				DigestAlg: digestAlg})
-		}
-
-		celState, err := ParseCosCELPCR(attestation.GetCanonicalEventLog(), pcrBank)
-		if err != nil {
-			lastErr = fmt.Errorf("failed to validate the Canonical event log: %w", err)
-			continue
-		}
-		machineState.Cos = celState
-
 		// Verify the PCR hash algorithm. We have this check here (instead of at
 		// the start of the loop) so that the user gets a "SHA-1 not supported"
 		// error only if allowing SHA-1 support would actually allow the log
diff --git a/server/verify_test.go b/server/verify_test.go
@@ -1,7 +1,6 @@
 package server
 
 import (
-	"bytes"
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
@@ -14,11 +13,8 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"strings"
 	"testing"
 
-	"github.com/google/go-cmp/cmp"
-	"github.com/google/go-tpm-tools/cel"
 	"github.com/google/go-tpm-tools/client"
 	"github.com/google/go-tpm-tools/internal"
 	"github.com/google/go-tpm-tools/internal/test"
@@ -27,7 +23,6 @@ import (
 	"github.com/google/go-tpm/tpmutil"
 	"github.com/google/logger"
 	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/testing/protocmp"
 )
 
 func getDigestHash(input string) []byte {
@@ -278,149 +273,6 @@ func TestVerifySHA1Attestation(t *testing.T) {
 	}
 }
 
-func TestVerifyAttestationWithCEL(t *testing.T) {
-	test.SkipForRealTPM(t)
-	rwc := test.GetTPM(t)
-	defer client.CheckedClose(t, rwc)
-
-	ak, err := client.AttestationKeyRSA(rwc)
-	if err != nil {
-		t.Fatalf("failed to generate AK: %v", err)
-	}
-	defer ak.Close()
-
-	coscel := &cel.CEL{}
-	testEvents := []struct {
-		cosNestedEventType cel.CosType
-		pcr                int
-		eventPayload       []byte
-	}{
-		{cel.ImageRefType, cel.CosEventPCR, []byte("docker.io/bazel/experimental/test:latest")},
-		{cel.ImageDigestType, cel.CosEventPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")},
-		{cel.RestartPolicyType, cel.CosEventPCR, []byte(attestpb.RestartPolicy_Never.String())},
-		{cel.ImageIDType, cel.CosEventPCR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")},
-		{cel.EnvVarType, cel.CosEventPCR, []byte("foo=bar")},
-		{cel.EnvVarType, cel.CosEventPCR, []byte("bar=baz")},
-		{cel.EnvVarType, cel.CosEventPCR, []byte("baz=foo=bar")},
-		{cel.EnvVarType, cel.CosEventPCR, []byte("empty=")},
-		{cel.ArgType, cel.CosEventPCR, []byte("--x")},
-		{cel.ArgType, cel.CosEventPCR, []byte("--y")},
-		{cel.OverrideArgType, cel.CosEventPCR, []byte("--x")},
-		{cel.OverrideEnvType, cel.CosEventPCR, []byte("empty=")},
-		{cel.MemoryMonitorType, cel.CosEventPCR, []byte{1}},
-	}
-	for _, testEvent := range testEvents {
-		cosEvent := cel.CosTlv{EventType: testEvent.cosNestedEventType, EventContent: testEvent.eventPayload}
-		if err := coscel.AppendEventPCR(rwc, testEvent.pcr, cosEvent); err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	var buf bytes.Buffer
-	if err := coscel.EncodeCEL(&buf); err != nil {
-		t.Fatal(err)
-	}
-
-	nonce := []byte("super secret nonce")
-	attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce, CanonicalEventLog: buf.Bytes()})
-	if err != nil {
-		t.Fatalf("failed to attest: %v", err)
-	}
-
-	opts := VerifyOpts{
-		Nonce:      nonce,
-		TrustedAKs: []crypto.PublicKey{ak.PublicKey()},
-	}
-	state, err := VerifyAttestation(attestation, opts)
-	if err != nil {
-		t.Fatalf("failed to verify: %v", err)
-	}
-
-	expectedEnvVars := make(map[string]string)
-	expectedEnvVars["foo"] = "bar"
-	expectedEnvVars["bar"] = "baz"
-	expectedEnvVars["baz"] = "foo=bar"
-	expectedEnvVars["empty"] = ""
-
-	expectedOverriddenEnvVars := make(map[string]string)
-	expectedOverriddenEnvVars["empty"] = ""
-
-	wantContainerState := attestpb.ContainerState{
-		ImageReference:    string(testEvents[0].eventPayload),
-		ImageDigest:       string(testEvents[1].eventPayload),
-		RestartPolicy:     attestpb.RestartPolicy_Never,
-		ImageId:           string(testEvents[3].eventPayload),
-		EnvVars:           expectedEnvVars,
-		Args:              []string{string(testEvents[8].eventPayload), string(testEvents[9].eventPayload)},
-		OverriddenEnvVars: expectedOverriddenEnvVars,
-		OverriddenArgs:    []string{string(testEvents[10].eventPayload)},
-	}
-	enabled := true
-	wantHealthMonitoringState := attestpb.HealthMonitoringState{
-		MemoryEnabled: &enabled,
-	}
-	if diff := cmp.Diff(state.Cos.Container, &wantContainerState, protocmp.Transform()); diff != "" {
-		t.Errorf("unexpected container state difference:\n%v", diff)
-	}
-	if diff := cmp.Diff(state.Cos.HealthMonitoring, &wantHealthMonitoringState, protocmp.Transform()); diff != "" {
-		t.Errorf("unexpected health monitoring state difference:\n%v", diff)
-	}
-}
-
-func TestVerifyFailWithTamperedCELContent(t *testing.T) {
-	test.SkipForRealTPM(t)
-	rwc := test.GetTPM(t)
-	defer client.CheckedClose(t, rwc)
-
-	ak, err := client.AttestationKeyRSA(rwc)
-	if err != nil {
-		t.Fatalf("failed to generate AK: %v", err)
-	}
-	defer ak.Close()
-
-	c := &cel.CEL{}
-
-	cosEvent := cel.CosTlv{EventType: cel.ImageRefType, EventContent: []byte("docker.io/bazel/experimental/test:latest")}
-	cosEvent2 := cel.CosTlv{EventType: cel.ImageDigestType, EventContent: []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}
-
-	if err := c.AppendEventPCR(rwc, cel.CosEventPCR, cosEvent); err != nil {
-		t.Fatalf("failed to append event: %v", err)
-	}
-
-	if err := c.AppendEventPCR(rwc, cel.CosEventPCR, cosEvent2); err != nil {
-		t.Fatalf("failed to append event: %v", err)
-	}
-
-	// modify the first record content, but not the record digest
-	modifiedRecord := cel.CosTlv{EventType: cel.ImageDigestType, EventContent: []byte("sha256:000000000000000000000000000000000000000000000000000000000000000")}
-	modifiedTLV, err := modifiedRecord.GetTLV()
-	if err != nil {
-		t.Fatal(err)
-	}
-	c.Records[0].Content = modifiedTLV
-
-	var buf bytes.Buffer
-	if err := c.EncodeCEL(&buf); err != nil {
-		t.Fatal(err)
-	}
-
-	nonce := []byte("super secret nonce")
-	attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce, CanonicalEventLog: buf.Bytes()})
-	if err != nil {
-		t.Fatalf("failed to attest: %v", err)
-	}
-
-	opts := VerifyOpts{
-		Nonce:      nonce,
-		TrustedAKs: []crypto.PublicKey{ak.PublicKey()},
-	}
-	if _, err := VerifyAttestation(attestation, opts); err == nil {
-		t.Fatalf("VerifyAttestation should fail due to modified content")
-	} else if !strings.Contains(err.Error(), "CEL record content digest verification failed") {
-		t.Fatalf("expect to get digest verification failed error, but got %v", err)
-	}
-}
-
 func TestVerifyAttestationWithCerts(t *testing.T) {
 	tests := []struct {
 		name        string
diff --git a/verifier/fake/fakeverifier.go b/verifier/fake/fakeverifier.go
@@ -11,6 +11,10 @@ import (
 	"time"
 
 	"github.com/golang-jwt/jwt/v4"
+	"github.com/google/go-eventlog/proto/state"
+	"github.com/google/go-eventlog/register"
+	"github.com/google/go-tpm-tools/proto/attest"
+	"github.com/google/go-tpm-tools/proto/tpm"
 	"github.com/google/go-tpm-tools/server"
 	"github.com/google/go-tpm-tools/verifier"
 	"github.com/google/go-tpm-tools/verifier/oci"
@@ -63,6 +67,17 @@ func (fc *fakeClient) VerifyAttestation(_ context.Context, req verifier.VerifyAt
 		return nil, fmt.Errorf("failed to verify attestation: %v", err)
 	}
 
+	pcrBank, err := extractPCRBank(req.Attestation, ms.GetHash())
+	if err != nil {
+		return nil, fmt.Errorf("failed to extract PCR bank: %w", err)
+	}
+
+	cosState, err := server.ParseCosCELPCR(req.Attestation.GetCanonicalEventLog(), *pcrBank)
+	if err != nil {
+		return nil, fmt.Errorf("failed to validate the Canonical event log: %w", err)
+	}
+	ms.Cos = cosState
+
 	msJSON, err := protojson.Marshal(ms)
 	if err != nil {
 		return nil, fmt.Errorf("failed to convert proto object to JSON: %v", err)
@@ -144,3 +159,26 @@ func extractClaims(signature *verifier.ContainerSignature) (ContainerImageSignat
 		SigAlg:    sigAlg,
 	}, nil
 }
+
+// extractPCRBank finds the quote matching the given hash algorithm and returns the PCR bank.
+func extractPCRBank(attestation *attest.Attestation, hashAlgo tpm.HashAlgo) (*register.PCRBank, error) {
+	for _, quote := range attestation.GetQuotes() {
+		pcrs := quote.GetPcrs()
+		if pcrs.GetHash() == hashAlgo {
+			pcrBank := &register.PCRBank{TCGHashAlgo: state.HashAlgo(pcrs.Hash)}
+			digestAlg, err := pcrBank.TCGHashAlgo.CryptoHash()
+			if err != nil {
+				return nil, fmt.Errorf("invalid digest algorithm: %w", err)
+			}
+
+			for pcrIndex, digest := range pcrs.GetPcrs() {
+				pcrBank.PCRs = append(pcrBank.PCRs, register.PCR{
+					Index:     int(pcrIndex),
+					Digest:    digest,
+					DigestAlg: digestAlg})
+			}
+			return pcrBank, nil
+		}
+	}
+	return nil, fmt.Errorf("no PCRs found matching hash %s", hashAlgo.String())
+}
