Commit Graph

31 Commits

Author SHA1 Message Date
Brandon Weeks
73020b971b Rename AIK to AK everywhere
AIK is the terminology used as part of the TPM 1.2 specifications.
2019-10-09 08:56:19 +11:00
Tom D
56dc743f14
Support AIKPublic.validate20Quote() consuming PCRs not part of the quote (#115) 2019-09-26 15:11:31 -07:00
Eric Chiang
39d2f6efff attest: don't define exported API in files with build tags
It's best practice to define as much code, especially exported API, in
files that can build on any platform. With as little code as possible in
OS specific files.

Ensure files with build tags don't contain any exported APIs. This helps
us not accidentally define API that only works on one platform, or have
incompatible method defintions between OSes.

TODO: follow up with an "unsupported" implementation so this builds on
Mac or without CGO (e.g. for servers)?
2019-09-19 13:50:38 -07:00
Eric Chiang
e688ff6d7f attest: rename MintAIK and MintOptions to NewAIK and AIKConfig
This helps the godoc read better and is more inline with Go's naming
scheme. No functional changes made, just naming.
2019-08-28 09:25:14 -07:00
Eric Chiang
bfcbe8f1e2 attest: re-work EK API (#79)
This PR adds:
* Renames 'PlatformEK' to 'EK'
* More consistant support of EKs without certificates
* Removes HTTP GET to Intel EK certificate service
* Always populates EK.Public
2019-08-21 10:26:55 -07:00
Tom D
6e2e8693ad
75: Make PCRs() take the digest algorithm (#77) 2019-08-20 11:52:12 -07:00
Tom D
3d58c70c6a
Add firmware version to TPMInfo for TPM 2.0 devices. (#67) 2019-08-08 11:31:09 +10:00
Eric Chiang
7d7676beda attest: move public key parsing server side
Event log parsing requires knowning both the public key and signing
parameters. Symmantically, this information should be from an attested
public key blob, not additional data passed by the client.

Introduce a new method for parsing an AIK's public key blob, returning
a new AIKPublic struct.
2019-08-06 11:09:20 -07:00
Eric Chiang
2464131d7c Add a Public() method to the AIK that returns a public key (#55)
We plan to identify AIKs based on their public key. The raw blob should
be available via the AttestationParameters, but we hope that users will
only use that struct for generating challenges.

Because this parses the public key on AIK creation and loading, this PR
should have existing coverage.
2019-07-22 09:18:51 -07:00
Tom D
90e37eacce
Refactor part 1: Refactor logic for keys into structs for each TPM/platform invariant. (#53)
* Refactor serialized keys into own structure, in preparation for making Key an interface.

* Refactor key logic into separate structures for each platform/TPMversion invariant.

* Implement review feedback
2019-07-19 13:05:18 -07:00
Tom D'Netto
da446762c0 Implement fetch from ekcert server if no EKs are found, and the TPM is from intel. 2019-07-17 15:15:29 -07:00
Tom D
1611c5ab72
Fix quote generation on windows TPM 1.2 devices (#34) 2019-05-20 12:34:17 -07:00
Tom D
5b7e00554a
Implement new credential activation scheme for windows (#33)
* Implement new credential activation scheme for windows
2019-05-16 15:51:01 -07:00
Tom D
20b39443ef
Fix ActivateCredential for TPM 1.2 on windows (#30) 2019-05-15 10:36:54 -07:00
Tom D
7b5f790215
Fix broken DLL MustFindProc. (#29) 2019-05-14 14:44:33 -07:00
Tom D
ac78180218
Implement key deletion on Windows (#27)
* Implement key deletion on Windows

* Dont forget 2nd parameter in call to NCryptDeleteKey
2019-05-13 14:41:55 -07:00
Tom D
2ff4e84fcb
Check the state of the TPM before opening it on windows (#26)
* Check the state of the TPM before opening it on windows
2019-05-13 14:13:16 -07:00
Tom D
2da0098d9d
Switch over to trying the PCP provider for TPM 1.2, to mitigate missing ownerauth. (#25)
* Implement decoding for TPM 1.2 PCP AIK properties

* Switch all TPM 1.2 methods that rely on ownerAuth to use the PCP API.
2019-05-03 13:27:48 -07:00
Tom D
8e4a5ce762
Ignore slightly malformed EKs so attestation can continue. (#24) 2019-05-02 13:43:50 -07:00
Tom D
4ee1aa81b1
Add more logging to MintAIK() (#22) 2019-04-30 08:47:44 -07:00
Denis Karch
125f464487 Fix typo (had nonce and pcr data backwards) 2019-04-25 10:15:54 -07:00
Denis Karch
1643d281b5 Fix call to NewQuoteInfo 2019-04-24 14:26:48 -07:00
DenisKarch
97d50a1edc Use go-tpm NewQuoteInfo (#18) 2019-04-24 13:55:44 -07:00
DenisKarch
0d33e753a1 Have Quote return TPM_QUOTE_INFO (#17) 2019-04-24 13:18:36 -07:00
DenisKarch
3829815b47 Extract and return PCR digest for Quote on TPM1.2 (#16)
go-tspi and go-tpm return different values for "quote".
In both cases we want the PCR digest so we extract it from the data
returned.
2019-04-24 11:19:18 -07:00
DenisKarch
4342561e0f Fix quote12 (previously only getting PCR0) (#15) 2019-04-23 18:28:51 -07:00
Tom D'Netto
24ccdf576a Improve error messages on windows 2019-04-11 10:57:45 -07:00
DenisKarch
b15816bdc8 Fix to imports (update.go could not map properly) (#11) 2019-04-09 11:33:23 -07:00
Denis Karch
dc8d5cb824 Added TPM1.2 support for Windows 2019-04-09 10:48:16 -07:00
Tom
ca33c04742 Validate secret in attest_tpm12_test, fix godoc 2019-03-28 13:29:24 -07:00
Tom
21c2bfd1dc Initial commit. 2019-03-28 13:21:16 -07:00