Commit Graph

64 Commits

Author SHA1 Message Date
Eric Chiang
7d7676beda attest: move public key parsing server side
Event log parsing requires knowning both the public key and signing
parameters. Symmantically, this information should be from an attested
public key blob, not additional data passed by the client.

Introduce a new method for parsing an AIK's public key blob, returning
a new AIKPublic struct.
2019-08-06 11:09:20 -07:00
Tom D
f3f08037f8
Make SRK/AIK templates consistent with go-tpm-tools (#58) 2019-07-26 13:16:47 -07:00
Tom D
8f4f17e679
Implement credential activation API (#56) 2019-07-23 15:22:53 -07:00
Eric Chiang
2464131d7c Add a Public() method to the AIK that returns a public key (#55)
We plan to identify AIKs based on their public key. The raw blob should
be available via the AttestationParameters, but we hope that users will
only use that struct for generating challenges.

Because this parses the public key on AIK creation and loading, this PR
should have existing coverage.
2019-07-22 09:18:51 -07:00
Tom D
5f05ce5cec
Fix attest-tool (#54)
* Fix attest-tool
2019-07-19 14:07:02 -07:00
Tom D
90e37eacce
Refactor part 1: Refactor logic for keys into structs for each TPM/platform invariant. (#53)
* Refactor serialized keys into own structure, in preparation for making Key an interface.

* Refactor key logic into separate structures for each platform/TPMversion invariant.

* Implement review feedback
2019-07-19 13:05:18 -07:00
Matthew Garrett
ed3b03ef7f
Merge pull request #51 from twitchy-jsonp/intel
Implement fetch from ekcert server if no EKs are found + Intel TPM
2019-07-17 15:22:14 -07:00
Tom D'Netto
da446762c0 Implement fetch from ekcert server if no EKs are found, and the TPM is from intel. 2019-07-17 15:15:29 -07:00
Tom D
0f6a187a1c
Fix sig mismatch in AIK certification (#50) 2019-07-12 10:30:30 -07:00
Brandon Weeks
83cab51aec Remove protos only used internally, update package name 2019-07-09 16:02:52 -07:00
Tom D
709b568a93
Add two missing enums (#48)
* Add in two missing enum values.
2019-07-03 11:32:22 -07:00
Tom D
5c6b9242df
Add support for multiple certificate directories (#47) 2019-07-03 10:07:16 -07:00
Tom D
372fcf25d0
Try reading the EKCert from PCP_EKNVCERT (#46) 2019-06-25 15:19:12 -07:00
Tom D
113729bb8b
Add indication to EKCert error string for when NVRAM value was unwrapped (#45) 2019-06-20 10:58:41 -07:00
Tom D
7585e609b4
Remove main.go (#44) 2019-06-18 09:11:08 -07:00
Tom D
ba4708dfc8
Rename attest-tool to match rules for BUILD targets (#43)
* Implement example cmd-line binary.

* Add ability to generate random nonce

* Rename attest-tool to match rules for BUILD files
2019-06-18 09:09:39 -07:00
Tom D
04f428d103
Implement example cmd-line binary. (#42)
* Implement example cmd-line binary.

* Add ability to generate random nonce
2019-06-17 15:50:05 -07:00
Tom D
6fede8c9ab
Remove ekcert blacklist. (#37)
* Fix broken build on windows.

* Remove cert blacklist now that certtransparency parsing is laxer by default.
2019-06-17 09:49:16 -07:00
Tom D
1eb89bd0b8
Use certificate-transparency asn1 parser (#41) 2019-06-12 11:14:43 -07:00
Tom D
7c3baced09
Fix typos. (#40) 2019-06-12 10:15:42 -07:00
Tom D
8afa43fc13
Better error messages for parseCert() (#39) 2019-06-12 10:11:18 -07:00
Tom D
8ac2846c80
Attempt fix for EKCert parsing errors when falling back to NVRAM (#38)
* Fix parsing errors for EKCert when falling back to NVRAM
2019-06-11 10:52:49 -07:00
Tom D
7f17046a60
Fix broken build on windows. (#36)
* Attempt to read the EK from NVRAM if the system cert store cannot provide it.

* Fix broken build on windows.
2019-06-06 13:15:55 -07:00
Tom D
3dc8a7d841
Attempt to read the EK from NVRAM if the system cert store cannot provide it. (#35) 2019-06-06 13:11:40 -07:00
Tom D
a801f7333b
Import verifier library into go-attestation. (#13)
* Upstream the verifier sub-library.

* Rename proto package to go_attestation
2019-06-06 10:43:36 -07:00
Tom D
1611c5ab72
Fix quote generation on windows TPM 1.2 devices (#34) 2019-05-20 12:34:17 -07:00
Tom D
5b7e00554a
Implement new credential activation scheme for windows (#33)
* Implement new credential activation scheme for windows
2019-05-16 15:51:01 -07:00
Tom D
70c839779d
Moar error codes (#32) 2019-05-15 12:57:08 -07:00
Tom D
dbbcfcc4b8
Fix conversion to more specific windows error messages. (#31) 2019-05-15 12:27:19 -07:00
Tom D
20b39443ef
Fix ActivateCredential for TPM 1.2 on windows (#30) 2019-05-15 10:36:54 -07:00
Tom D
7b5f790215
Fix broken DLL MustFindProc. (#29) 2019-05-14 14:44:33 -07:00
Tom D
55ce06b8f2
Decode windows TPM/PCP errors to more specific descriptions. (#28) 2019-05-14 11:42:44 -07:00
Tom D
ac78180218
Implement key deletion on Windows (#27)
* Implement key deletion on Windows

* Dont forget 2nd parameter in call to NCryptDeleteKey
2019-05-13 14:41:55 -07:00
Tom D
2ff4e84fcb
Check the state of the TPM before opening it on windows (#26)
* Check the state of the TPM before opening it on windows
2019-05-13 14:13:16 -07:00
Tom D
2da0098d9d
Switch over to trying the PCP provider for TPM 1.2, to mitigate missing ownerauth. (#25)
* Implement decoding for TPM 1.2 PCP AIK properties

* Switch all TPM 1.2 methods that rely on ownerAuth to use the PCP API.
2019-05-03 13:27:48 -07:00
Tom D
8e4a5ce762
Ignore slightly malformed EKs so attestation can continue. (#24) 2019-05-02 13:43:50 -07:00
Tom D
b6bb3dba4c
Update go-tpm version (#23) 2019-04-30 12:41:38 -07:00
Tom D
4ee1aa81b1
Add more logging to MintAIK() (#22) 2019-04-30 08:47:44 -07:00
Denis Karch
125f464487 Fix typo (had nonce and pcr data backwards) 2019-04-25 10:15:54 -07:00
Denis Karch
1643d281b5 Fix call to NewQuoteInfo 2019-04-24 14:26:48 -07:00
DenisKarch
4e11f744d1 Fix mod files (#19) 2019-04-24 14:05:27 -07:00
DenisKarch
97d50a1edc Use go-tpm NewQuoteInfo (#18) 2019-04-24 13:55:44 -07:00
DenisKarch
0d33e753a1 Have Quote return TPM_QUOTE_INFO (#17) 2019-04-24 13:18:36 -07:00
DenisKarch
3829815b47 Extract and return PCR digest for Quote on TPM1.2 (#16)
go-tspi and go-tpm return different values for "quote".
In both cases we want the PCR digest so we extract it from the data
returned.
2019-04-24 11:19:18 -07:00
DenisKarch
4342561e0f Fix quote12 (previously only getting PCR0) (#15) 2019-04-23 18:28:51 -07:00
Tom D
0c3df93f04
Update dependencies (#14) 2019-04-23 14:37:53 -07:00
Tom D'Netto
24ccdf576a Improve error messages on windows 2019-04-11 10:57:45 -07:00
DenisKarch
b128fd7448 Move AIK to Storage hierarchy (#10)
Moving AIK to storage hierarchy so that the key blob can be saved and
loaded instead of recreating the aik each time.
2019-04-10 11:03:02 -07:00
DenisKarch
b15816bdc8 Fix to imports (update.go could not map properly) (#11) 2019-04-09 11:33:23 -07:00
Denis Karch
dc8d5cb824 Added TPM1.2 support for Windows 2019-04-09 10:48:16 -07:00