az_snp_vtpm get_evidence report_data maximum length

[raphael-ecora]

Describe the bug

When calculating a TPM quote, there seems to be a discrepancy between the expected size of the buffer and the actual size of the buffer. This discrepancy is causing the TPM to return an error when the input size is larger than 50 bytes.

The maximum allowed size of the buffer for TPM quote qualification data for the Tss2_Sys_Quote_Prepare function seems determined by the TPM's maximum digest size. This is typically 32 bytes for SHA-256 and 64 bytes for SHA-512. However, this is not what we observe.

Expected Behavior
Running the evidence_getter program with the following command should return the az-snp-vtpm evidence (a JSON object containing the TPM quote and the SNP report):

cat '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde' > input.txt
./evidence_getter file input.txt

Expected output (JSON object with the following format):

{"quote":{"signature":[...],"message":[...],"pcrs":[[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...],[...]]},"report":[...],"vcek":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n"}

How to reproduce

Current Behavior

Running the same command as above returns the following error:

cat '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde' > input.txt
./evidence_getter file input.txt

thread 'main' panicked at attestation-agent/attester/src/bin/evidence_getter.rs:56:10:
get evidence failed: tpm error

Caused by:
    0: structure is the wrong size (associated with parameter number 1)
    1: structure is the wrong size (associated with parameter number 1)
    2: Response code value: 0x1d5

Steps to Reproduce

• To reproduce the issue, follow the steps below:

1. Clone the repository
2. Build the evidence_getter program:

cd guest-components/attestation-agent/attester
cargo build --no-default-features --features bin,az-snp-vtpm-attester  --bin evidence_getter

3. Run the evidence_getter program with the following command:

cat '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde' > input.txt
./evidence_getter file input.txt

• Alternatively, you can use the following script to find that the issue seems to come from a buffer size limitation down the tpm2 stack:

# Install the TPM2.0 tools
sudo apt-get install -y tpm2-tools

# Reproduce the issue
echo '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde' > input.txt

# Run the tpm2_quote command
```sh
echo '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde' > input.txt
tpm2_create -C primary.ctx -u key.pub -r key.priv
tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx
TSS2_LOG=all+TRACE tpm2_quote -Q -c key.ctx -l 0x0004:16,17,18+0x000b:16,17,18 -q input.txt 

Note the use of TSS2_LOG to log the internals of the tss2 lib execution. This shows that the error is not caught at the tss API level and is therefore deeper in the stack.

Context (Environment)
This is running on a Confidential Computing VM on Azure (DC-series/DC2as v5).

 $ uname -a
Linux test-attest-vm 6.8.0-1021-azure #25-Ubuntu SMP Wed Jan 15 20:45:09 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 24.04.2 LTS
Release:        24.04
Codename:       noble

NOTE: I have reproduced this issue using the tpm2_quote command on an Ubuntu laptop running Ubuntu 24.10 and also a QEMU VM running Ubuntu 24.04 LTS.

Workaround
A small workaround (that does not actually address the root cause of the issue) prevents the error from occurring. This fix is to reduce the size of the input buffer quote to 50 bytes. This is done by changing the following line in the evidence_getter program:

guest-components/attestation-agent/attester/src/az_snp_vtpm/mod.rs

Line 36 in 3df6c41

let quote = vtpm::get_quote(&report_data)?;

-        let quote = vtpm::get_quote(&report_data)?;
+        let quote = vtpm::get_quote(&report_data[..50])?;

CoCo version information

guest-component [v1.11]

What TEE are you seeing the problem on

AzSnpVtpm

Failing command and relevant log output

Error message:

WARNING:esys:src/tss2-esys/api/Esys_Quote.c:317:Esys_Quote_Finish() Received TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_Quote.c:105:Esys_Quote() Esys Finish ErrorCode (0x000001d5) 
thread 'main' panicked at attestation-agent/attester/src/bin/evidence_getter.rs:56:10:
get evidence failed: tpm error

Caused by:
    0: structure is the wrong size (associated with parameter number 1)
    1: structure is the wrong size (associated with parameter number 1)
    2: Response code value: 0x1d5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

[fitzthum]

cc: @mkulke

This might be out of scope of guest-components. I guess the AA avoids this because it doesn't allow arbitrary use of the report_data.

[raphael-ecora]

cc: @mkulke

This might be out of scope of guest-components. I guess the AA avoids this because it doesn't allow arbitrary use of the report_data.

Thanks for that. Is the command ./evidence_getter file input.txt not intended to be used ?

[mkulke]

yeah, so there's an issue in the tss library (which isn't fixable w/o a breaking change, afaik). internally the nonce buffer is of the size of the maximum PCR buffer size (and then +2). So since atm the max PCR bank on the vTPM is sha384, you'll end with 48+2 bytes as the maximum.

[mkulke]

Thanks for that. Is the command ./evidence_getter file input.txt not intended to be used ?

interesting, I wasn't aware of the tool, I suppose it's for debugging.

[fitzthum]

Mainly for debugging but could be useful for people building their own attestation protocols.