ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-18 18:56:29 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #427 from nsacyber/provisioner-printerror-fix

Browse Source 
Protobuf Credential Blob check fix
This commit is contained in:
iadgovuser26 2022-01-11 16:53:44 -05:00 committed by GitHub
commit e6d4faed6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -439,10 +439,11 @@ public abstract class AbstractAttestationCertificateAuthority
}
}
ByteString blobStr = ByteString.copyFrom(new byte[]{});
if (validationResult == AppraisalStatus.Status.PASS) {
RSAPublicKey akPub = parsePublicKey(claim.getAkPublicArea().toByteArray());
byte[] nonce = generateRandomBytes(NONCE_LENGTH);
ByteString blobStr = tpm20MakeCredential(ekPub, akPub, nonce);
blobStr = tpm20MakeCredential(ekPub, akPub, nonce);
SupplyChainPolicy scp = this.supplyChainValidationService.getPolicy();
String pcrQuoteMask = PCR_QUOTE_MASK;
@ -465,7 +466,12 @@ public abstract class AbstractAttestationCertificateAuthority
} else {
LOG.error("Supply chain validation did not succeed. Result is: "
+ validationResult);
return new byte[]{};
// empty response
ProvisionerTpm2.IdentityClaimResponse response
= ProvisionerTpm2.IdentityClaimResponse.newBuilder()
.setCredentialBlob(blobStr)
.build();
return response.toByteArray();
}
}

7
HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
View File

@ -143,13 +143,20 @@ int provision() {
RestfulClientProvisioner provisioner;
string response = provisioner.sendIdentityClaim(identityClaim);
hirs::pb::IdentityClaimResponse icr;
if (!icr.ParseFromString(response) || !icr.has_credential_blob()) {
logger.error("The ACA did not send make credential blob.");
cout << "----> Provisioning failed." << endl;
cout << "The ACA did not send make credential information." << endl;
return 0;
}
string nonceBlob = icr.credential_blob();
if (nonceBlob == "") {
cout << "----> Provisioning failed." << endl;
cout << "The ACA sent empty credential information." << endl;
return 0;
}
// activateIdentity requires we read makeCredential output from a file
cout << "----> Received response. Attempting to decrypt nonce" << endl;