ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2025-06-16 05:58:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Have Quote return TPM_QUOTE_INFO (#17)

Browse Source
This commit is contained in:
DenisKarch
2019-04-24 13:18:36 -07:00
committed by Tom D
parent 3829815b47
commit 0d33e753a1
2 changed files with 38 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
attest/tpm_linux.go
View File

@ -341,21 +341,14 @@ func (k *Key) ActivateCredential(t *TPM, in EncryptedCredential) ([]byte, error)
} }
func (k *Key) quote12(ctx *tspi.Context, nonce []byte) (*Quote, error) { func (k *Key) quote12(ctx *tspi.Context, nonce []byte) (*Quote, error) {
quoteInfo, rawSig, err := attestation.GetQuote(ctx, k.KeyBlob, nonce) quote, rawSig, err := attestation.GetQuote(ctx, k.KeyBlob, nonce)
if err != nil { if err != nil {
return nil, fmt.Errorf("GetQuote() failed: %v", err) return nil, fmt.Errorf("GetQuote() failed: %v", err)
} }
// go-tspi returns TPM_QUOTE_INFO. We only want the digest of the PCRs
var version [4]byte
var quot [4]byte
var digest [20]byte
if _, err := tpmutil.Unpack(quoteInfo, &version, &quot, &digest); err != nil {
return nil, fmt.Errorf("unable to parse PCR digest from TPM_QUOTE_INFO: %v", err)
}
return &Quote{ return &Quote{
Version: TPMVersion12, Version: TPMVersion12,
Quote: digest[:], Quote: quote,
Signature: rawSig, Signature: rawSig,
}, nil }, nil
} }

37
attest/tpm_windows.go
View File

@ -266,6 +266,35 @@ func (k *Key) ActivateCredential(tpm *TPM, in EncryptedCredential) ([]byte, erro
} }
} }
func constructQuote(data, nonce []byte) ([]byte, error) {
composite := struct {
Mask tpmutil.U16Bytes
Data tpmutil.U32Bytes
}{
Mask: []byte{0xff, 0xff, 0xff},
Data: data,
}
compositeBytes, err := tpmutil.Pack(composite)
if err != nil {
return nil, fmt.Errorf("failed to pack TPM_PCR_COMPOSITE: %v", err)
}
version := [4]byte{0x01, 0x01, 0x00, 0x00}
QUOT := [4]byte{'Q', 'U', 'O', 'T'}
info := struct {
Version [4]byte
QUOT [4]byte
Digest [20]byte
Nonce [20]byte
}{
version,
QUOT,
sha1.Sum(compositeBytes),
sha1.Sum(nonce),
}
return tpmutil.Pack(info)
}
func (k *Key) quote12(tpm io.ReadWriter, nonce []byte) (*Quote, error) { func (k *Key) quote12(tpm io.ReadWriter, nonce []byte) (*Quote, error) {
selectedPCRs := make([]int, 24) selectedPCRs := make([]int, 24)
for pcr, _ := range selectedPCRs { for pcr, _ := range selectedPCRs {
@ -276,7 +305,13 @@ func (k *Key) quote12(tpm io.ReadWriter, nonce []byte) (*Quote, error) {
if err != nil { if err != nil {
return nil, fmt.Errorf("Quote() failed: %v", err) return nil, fmt.Errorf("Quote() failed: %v", err)
} }
quote := sha1.Sum(pcrc) // Construct and return TPM_QUOTE_INFO
// Returning TPM_QUOTE_INFO allows us to verify the Quote at a higher resolution
// and matches what go-tspi returns.
quote, err := constructQuote(pcrc, nonce)
if err != nil {
return nil, fmt.Errorf("failed to construct Quote Info: %v", err)
}
return &Quote{ return &Quote{
Quote: quote, Quote: quote,
Signature: sig, Signature: sig,