ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2024-12-22 14:22:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add indication to EKCert error string for when NVRAM value was unwrapped (#45)

Browse Source
This commit is contained in:
Tom D 2019-06-20 10:58:41 -07:00 committed by GitHub
parent 7585e609b4
commit 113729bb8b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
attest/tpm.go
View File

@ -130,6 +130,8 @@ func readTPM2VendorAttributes(tpm io.ReadWriter) (TCGVendorID, string, error) {
} }
func parseCert(ekCert []byte) (*x509.Certificate, error) { func parseCert(ekCert []byte) (*x509.Certificate, error) {
var wasWrapped bool
// TCG PC Specific Implementation section 7.3.2 specifies // TCG PC Specific Implementation section 7.3.2 specifies
// a prefix when storing a certificate in NVRAM. We look // a prefix when storing a certificate in NVRAM. We look
// for and unwrap the certificate if its present. // for and unwrap the certificate if its present.
@ -139,6 +141,7 @@ func parseCert(ekCert []byte) (*x509.Certificate, error) {
return nil, fmt.Errorf("parsing nvram header: ekCert size %d smaller than specified cert length %d", len(ekCert), certLen) return nil, fmt.Errorf("parsing nvram header: ekCert size %d smaller than specified cert length %d", len(ekCert), certLen)
} }
ekCert = ekCert[5 : 5+certLen] ekCert = ekCert[5 : 5+certLen]
wasWrapped = true
} }
// If the cert parses fine without any changes, we are G2G. // If the cert parses fine without any changes, we are G2G.
@ -153,7 +156,7 @@ func parseCert(ekCert []byte) (*x509.Certificate, error) {
Raw asn1.RawContent Raw asn1.RawContent
} }
if _, err := asn1.UnmarshalWithParams(ekCert, &cert, "lax"); err != nil && x509.IsFatal(err) { if _, err := asn1.UnmarshalWithParams(ekCert, &cert, "lax"); err != nil && x509.IsFatal(err) {
return nil, fmt.Errorf("asn1.Unmarshal() failed: %v", err) return nil, fmt.Errorf("asn1.Unmarshal() failed: %v, wasWrapped=%v", err, wasWrapped)
} }
c, err := x509.ParseCertificate(cert.Raw) c, err := x509.ParseCertificate(cert.Raw)