ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-26 11:30:12 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/provisioner-printerror-fix' into issue-428

Browse Source
This commit is contained in:
iadgovuser26 2022-01-10 15:12:57 -05:00
commit fab8afd239
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -439,10 +439,11 @@ public abstract class AbstractAttestationCertificateAuthority
} }
} }
ByteString blobStr = ByteString.copyFrom(new byte[]{});
if (validationResult == AppraisalStatus.Status.PASS) { if (validationResult == AppraisalStatus.Status.PASS) {
RSAPublicKey akPub = parsePublicKey(claim.getAkPublicArea().toByteArray()); RSAPublicKey akPub = parsePublicKey(claim.getAkPublicArea().toByteArray());
byte[] nonce = generateRandomBytes(NONCE_LENGTH); byte[] nonce = generateRandomBytes(NONCE_LENGTH);
ByteString blobStr = tpm20MakeCredential(ekPub, akPub, nonce); blobStr = tpm20MakeCredential(ekPub, akPub, nonce);
SupplyChainPolicy scp = this.supplyChainValidationService.getPolicy(); SupplyChainPolicy scp = this.supplyChainValidationService.getPolicy();
String pcrQuoteMask = PCR_QUOTE_MASK; String pcrQuoteMask = PCR_QUOTE_MASK;
@ -465,7 +466,12 @@ public abstract class AbstractAttestationCertificateAuthority
} else { } else {
LOG.error("Supply chain validation did not succeed. Result is: " LOG.error("Supply chain validation did not succeed. Result is: "
+ validationResult); + validationResult);
return new byte[]{}; // empty response
ProvisionerTpm2.IdentityClaimResponse response
= ProvisionerTpm2.IdentityClaimResponse.newBuilder()
.setCredentialBlob(blobStr)
.build();
return response.toByteArray();
} }
} }

7
HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
View File

@ -143,13 +143,20 @@ int provision() {
RestfulClientProvisioner provisioner; RestfulClientProvisioner provisioner;
string response = provisioner.sendIdentityClaim(identityClaim); string response = provisioner.sendIdentityClaim(identityClaim);
hirs::pb::IdentityClaimResponse icr; hirs::pb::IdentityClaimResponse icr;
if (!icr.ParseFromString(response) || !icr.has_credential_blob()) { if (!icr.ParseFromString(response) || !icr.has_credential_blob()) {
logger.error("The ACA did not send make credential blob.");
cout << "----> Provisioning failed." << endl; cout << "----> Provisioning failed." << endl;
cout << "The ACA did not send make credential information." << endl; cout << "The ACA did not send make credential information." << endl;
return 0; return 0;
} }
string nonceBlob = icr.credential_blob(); string nonceBlob = icr.credential_blob();
if (nonceBlob == "") {
cout << "----> Provisioning failed." << endl;
cout << "The ACA sent empty credential information." << endl;
return 0;
}
// activateIdentity requires we read makeCredential output from a file // activateIdentity requires we read makeCredential output from a file
cout << "----> Received response. Attempting to decrypt nonce" << endl; cout << "----> Received response. Attempting to decrypt nonce" << endl;