ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2025-06-18 06:58:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

75: Make PCRs() take the digest algorithm (#77)

Browse Source
This commit is contained in:
Tom D
2019-08-20 11:52:12 -07:00
committed by GitHub
parent 6b09d5331a
commit 6e2e8693ad
8 changed files with 62 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
attest/tpm_linux.go
View File

@ -17,7 +17,6 @@
package attest
import (
"crypto"
"crypto/rsa"
"encoding/binary"
"errors"
@ -358,49 +357,45 @@ func allPCRs12(ctx *tspi.Context) (map[uint32][]byte, error) {
return PCRs, nil
}
// PCRs returns the present value of all Platform Configuration Registers.
func (t *TPM) PCRs() (map[int]PCR, tpm2.Algorithm, error) {
// TODO: Refactor PCRs() into a file not subject to build tags, and implement
// platform-specific logic in private methods.
// PCRs returns the present value of Platform Configuration Registers with the
// given digest algorithm.
func (t *TPM) PCRs(alg HashAlg) ([]PCR, error) {
var PCRs map[uint32][]byte
var alg crypto.Hash
var err error
switch t.version {
case TPMVersion12:
if alg != HashSHA1 {
return nil, fmt.Errorf("non-SHA1 algorithm %v is not supported on TPM 1.2", alg)
}
PCRs, err = allPCRs12(t.ctx)
if err != nil {
return nil, 0, fmt.Errorf("failed to read PCRs: %v", err)
return nil, fmt.Errorf("failed to read PCRs: %v", err)
}
alg = crypto.SHA1
case TPMVersion20:
PCRs, alg, err = allPCRs20(t.rwc)
PCRs, err = readAllPCRs20(t.rwc, alg.goTPMAlg())
if err != nil {
return nil, 0, fmt.Errorf("failed to read PCRs: %v", err)
return nil, fmt.Errorf("failed to read PCRs: %v", err)
}
default:
return nil, 0, fmt.Errorf("unsupported TPM version: %x", t.version)
return nil, fmt.Errorf("unsupported TPM version: %x", t.version)
}
out := map[int]PCR{}
var lastAlg crypto.Hash
out := make([]PCR, len(PCRs))
for index, digest := range PCRs {
out[int(index)] = PCR{
Index: int(index),
Digest: digest,
DigestAlg: alg,
DigestAlg: alg.cryptoHash(),
}
lastAlg = alg
}
switch lastAlg {
case crypto.SHA1:
return out, tpm2.AlgSHA1, nil
case crypto.SHA256:
return out, tpm2.AlgSHA256, nil
default:
return nil, 0, fmt.Errorf("unexpected algorithm: %v", lastAlg)
}
return out, nil
}
// MeasurementLog returns the present value of the System Measurement Log.