Paweł Szałachowski
0b7298fb18
Support RSA application keys ( #218 )
2021-05-20 11:15:09 -07:00
Paweł Szałachowski
7f6fec6b36
add ecdsa configuration options ( #217 )
...
Add configuration options for ECDSA key generation.
2021-05-19 11:32:54 -07:00
Paweł Szałachowski
440d34a877
Support for application signing keys ( #201 )
2021-03-08 12:27:00 -08:00
Paweł Szałachowski
d436f3c9c5
attestPCRs(): make sure that the return values are consistent ( #199 )
2021-01-12 16:21:21 -08:00
Brandon Weeks
25f5b13c2c
Fix Go Vet string conversion warnings ( #185 )
...
https://golang.org/doc/go1.15#vet
2020-11-18 22:25:44 -08:00
Tom D
1045ef6327
Refactor *platformTPM -> tpmBase interface ( #160 )
2020-05-05 14:56:40 -07:00
Tom D
fe41cef1db
Return error from AttestPlatform() if the event log returned from the system is too short to be valid ( #151 )
2020-01-30 14:39:59 -08:00
Tom D
9746da2bfe
Fix uint16 overflow in ParseEKCertificate bounds check ( #143 )
2019-12-09 10:58:36 -08:00
Eric Chiang
7b7e21da78
attest: update go-tpm and switch hash method
...
go-tpm recently removed Algorithm.HashConstructor() in favor of
Algorithm.Hash(). Update go-tpm dependency and use the new method.
2019-10-18 10:39:55 -04:00
Tom D
25ce56400c
Fix linter errors, go fmt ( #130 )
2019-10-10 14:29:46 -07:00
Brandon Weeks
2bc8d58530
ParseEventLog fuzz target
...
A go-fuzz target for the ParseEventLog function. It has been tested
with go-fuzz and go-fuzz + libFuzzer.
oss-fuzz requires a statically built fuzzer binary, so `gofuzz` build
tags are added to avoid building files that depend on go-tspi. A mock
tpm_other.go file is also included to satisfy the `platformTPM`
interface.
2019-10-09 10:05:21 +11:00
Brandon Weeks
73020b971b
Rename AIK to AK everywhere
...
AIK is the terminology used as part of the TPM 1.2 specifications.
2019-10-09 08:56:19 +11:00
Tom D
de6a3af7e4
Add config struct for AttestPlatform(), to configure event log source ( #118 )
2019-10-03 11:09:32 -07:00
Tom D
56dc743f14
Support AIKPublic.validate20Quote() consuming PCRs not part of the quote ( #115 )
2019-09-26 15:11:31 -07:00
Tom D
20ad7d44ab
Implement helper method + struct for getting a platform attestation ( #113 )
2019-09-26 13:00:20 -07:00
Eric Chiang
33a0bbe4ea
attest: expose algorithms used in measurement log
...
Expose the algorithms that are used in the measurement log. This lets
clients generate PCR measurements that match their log digests.
2019-09-19 15:28:22 -07:00
Eric Chiang
39d2f6efff
attest: don't define exported API in files with build tags
...
It's best practice to define as much code, especially exported API, in
files that can build on any platform. With as little code as possible in
OS specific files.
Ensure files with build tags don't contain any exported APIs. This helps
us not accidentally define API that only works on one platform, or have
incompatible method defintions between OSes.
TODO: follow up with an "unsupported" implementation so this builds on
Mac or without CGO (e.g. for servers)?
2019-09-19 13:50:38 -07:00
Eric Chiang
bfcbe8f1e2
attest: re-work EK API ( #79 )
...
This PR adds:
* Renames 'PlatformEK' to 'EK'
* More consistant support of EKs without certificates
* Removes HTTP GET to Intel EK certificate service
* Always populates EK.Public
2019-08-21 10:26:55 -07:00
Tom D
6e2e8693ad
75: Make PCRs() take the digest algorithm ( #77 )
2019-08-20 11:52:12 -07:00
Tom D
3d58c70c6a
Add firmware version to TPMInfo for TPM 2.0 devices. ( #67 )
2019-08-08 11:31:09 +10:00
Tom D
f3f08037f8
Make SRK/AIK templates consistent with go-tpm-tools ( #58 )
2019-07-26 13:16:47 -07:00
Tom D
90e37eacce
Refactor part 1: Refactor logic for keys into structs for each TPM/platform invariant. ( #53 )
...
* Refactor serialized keys into own structure, in preparation for making Key an interface.
* Refactor key logic into separate structures for each platform/TPMversion invariant.
* Implement review feedback
2019-07-19 13:05:18 -07:00
Tom D
113729bb8b
Add indication to EKCert error string for when NVRAM value was unwrapped ( #45 )
2019-06-20 10:58:41 -07:00
Tom D
1eb89bd0b8
Use certificate-transparency asn1 parser ( #41 )
2019-06-12 11:14:43 -07:00
Tom D
8afa43fc13
Better error messages for parseCert() ( #39 )
2019-06-12 10:11:18 -07:00
Tom D
8ac2846c80
Attempt fix for EKCert parsing errors when falling back to NVRAM ( #38 )
...
* Fix parsing errors for EKCert when falling back to NVRAM
2019-06-11 10:52:49 -07:00
DenisKarch
b128fd7448
Move AIK to Storage hierarchy ( #10 )
...
Moving AIK to storage hierarchy so that the key blob can be saved and
loaded instead of recreating the aik each time.
2019-04-10 11:03:02 -07:00
Tom
ca33c04742
Validate secret in attest_tpm12_test, fix godoc
2019-03-28 13:29:24 -07:00
Tom
21c2bfd1dc
Initial commit.
2019-03-28 13:21:16 -07:00