ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2024-12-19 04:57:59 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

attestPCRs(): make sure that the return values are consistent (#199)

Browse Source
This commit is contained in:
Paweł Szałachowski 2021-01-12 16:21:21 -08:00 committed by GitHub
parent 339bdb245a
commit d436f3c9c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
attest/tpm.go
View File

@ -353,6 +353,17 @@ func (t *TPM) attestPCRs(ak *AK, nonce []byte, alg HashAlg) (*Quote, []PCR, erro
if err != nil {
return nil, nil, fmt.Errorf("failed to quote using %v: %v", alg, err)
}
// Make sure that the pcrs and quote values are consistent. See details in Section 17.6.2 of
// https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part1_Architecture_pub.pdf
pub, err := ParseAKPublic(t.Version(), ak.AttestationParameters().Public)
if err != nil {
return nil, nil, fmt.Errorf("failed to parse AK public: %v", err)
}
if err := pub.Verify(*quote, pcrs, nonce); err != nil {
return nil, nil, fmt.Errorf("local quote verification failed: %v", err)
}
return quote, pcrs, nil
}