go-attestation

mirror of https://github.com/google/go-attestation.git synced 2024-12-19 04:57:59 +00:00

Author	SHA1	Message	Date
Tom D	6242485b62	Write overview of the credential activation procedure (#93 )	2019-09-05 13:03:58 -07:00
Eric Chiang	2d51b89cfa	Merge pull request #94 from ericchiang/sb internal/eventlog: add code for parsing secure boot variables	2019-09-04 16:47:47 -07:00
Eric Chiang	9021153e89	internal/eventlog: add code for parsing secure boot variables This is being prototyped in an internal package as we start to open source. This code will either live in attest, or in a separate eventlog package in the future.	2019-09-04 14:25:48 -07:00
Tom D	07feb34890	Add example for AIKPublic.Verify (#89 )	2019-08-29 11:26:42 -07:00
Tom D	0f580b1efd	Update README with installation notes (#88 )	2019-08-29 09:36:35 -07:00
Tom D	4ef1479ae1	Separate quote verification from EventLog API #85 (#87 )	2019-08-28 16:59:46 -07:00
Eric Chiang	2ad969b54a	Merge pull request #86 from ericchiang/mint attest: rename MintAIK and MintOptions to NewAIK and AIKConfig	2019-08-28 09:32:37 -07:00
Eric Chiang	e688ff6d7f	attest: rename MintAIK and MintOptions to NewAIK and AIKConfig This helps the godoc read better and is more inline with Go's naming scheme. No functional changes made, just naming.	2019-08-28 09:25:14 -07:00
Tom D	fefdb7d336	Add quote example, add note to Activation.Generate() about use of subtle to prevent timing attacks (#84 )	2019-08-27 16:15:48 -07:00
Tom D	d2afca77f5	Implement example for AIK creation and activation. (#83 )	2019-08-27 12:40:58 -07:00
Eric Chiang	78755e7a91	attest: remove Log statements from tests (#81 ) Tests generally shouldn't print anything unless they fail.	2019-08-21 10:28:55 -07:00
Eric Chiang	9b6caf1273	attest: use provided randomness source when generating challenges (#80 ) Currently the activation challenge lets a caller supply a source of randomness other than crypto/rand, but it's not used in some places. Plumb the source through the call chain.	2019-08-21 10:28:19 -07:00
Eric Chiang	bfcbe8f1e2	attest: re-work EK API (#79 ) This PR adds: * Renames 'PlatformEK' to 'EK' * More consistant support of EKs without certificates * Removes HTTP GET to Intel EK certificate service * Always populates EK.Public	2019-08-21 10:26:55 -07:00
Eric Chiang	cd07b32602	attest: add testdata for crypto agile event (#82 ) Test data copied from https://github.com/mwiseman32/Attestation-annotation	2019-08-21 10:00:18 -07:00
Tom D	6e2e8693ad	75: Make PCRs() take the digest algorithm (#77 )	2019-08-20 11:52:12 -07:00
Eric Chiang	6b09d5331a	Merge pull request #64 from ericchiang/eventlog attest: add event log parsing logic	2019-08-20 10:09:48 -07:00
Eric Chiang	262599a8df	attest: add event log parsing logic This PR adds event log parsing logic. It's main goal is to require validation at the same time as parsing, so structured events are always verified against a quote. This new API replaces the exisitng "verifier" package. It's not a goal of this PR to parse the event data. This will be a follow up, but since different users might want to parse different events based on the OS, this API lets users of this package implement custom event data parsing if they absolutely need to.	2019-08-19 23:50:31 -07:00
Pwpon500	e6f0fc6196	Turn appropriate RSAParameter calls into function calls (#71 )	2019-08-16 07:33:28 -07:00
Tom D	a1822903b4	Add dump mode to attest-tool. (#70 )	2019-08-13 14:53:38 -07:00
Tom D	3d58c70c6a	Add firmware version to TPMInfo for TPM 2.0 devices. (#67 )	2019-08-08 11:31:09 +10:00
Eric Chiang	3a523cf51f	Merge pull request #62 from ericchiang/aik_pub attest: move public key parsing server side	2019-08-07 08:05:08 -07:00
Tom D	55b3a2dc04	Update vendors list (#57 )	2019-08-06 16:47:13 -07:00
Eric Chiang	7d7676beda	attest: move public key parsing server side Event log parsing requires knowning both the public key and signing parameters. Symmantically, this information should be from an attested public key blob, not additional data passed by the client. Introduce a new method for parsing an AIK's public key blob, returning a new AIKPublic struct.	2019-08-06 11:09:20 -07:00
Eric Chiang	59036c6bcb	Merge pull request #60 from ericchiang/key_purpose attest: remove unused KeyPurpose exported type	2019-08-06 09:48:50 -07:00
Eric Chiang	8e83383df9	attest: improve documentation of ActivateCredential (#61 )	2019-08-05 17:39:57 -07:00
Eric Chiang	9020140437	attest-tool: aik.json shouldn't be executable (#65 )	2019-08-05 17:39:25 -07:00
Eric Chiang	26ea1966ce	README.md: add godoc badge (#59 )	2019-08-05 17:32:18 -07:00
Eric Chiang	833a7e119f	attest: remove unused KeyPurpose exported type Was going through the godoc and it's not clear that this is ever used. To clean up the API, remove KeyPurpose for now. This could probably be an internal validation anyway, right?	2019-07-30 07:42:42 -07:00
Tom D	f3f08037f8	Make SRK/AIK templates consistent with go-tpm-tools (#58 )	2019-07-26 13:16:47 -07:00
Tom D	8f4f17e679	Implement credential activation API (#56 )	2019-07-23 15:22:53 -07:00
Eric Chiang	2464131d7c	Add a Public() method to the AIK that returns a public key (#55 ) We plan to identify AIKs based on their public key. The raw blob should be available via the AttestationParameters, but we hope that users will only use that struct for generating challenges. Because this parses the public key on AIK creation and loading, this PR should have existing coverage.	2019-07-22 09:18:51 -07:00
Tom D	5f05ce5cec	Fix attest-tool (#54 ) * Fix attest-tool	2019-07-19 14:07:02 -07:00
Tom D	90e37eacce	Refactor part 1: Refactor logic for keys into structs for each TPM/platform invariant. (#53 ) * Refactor serialized keys into own structure, in preparation for making Key an interface. * Refactor key logic into separate structures for each platform/TPMversion invariant. * Implement review feedback	2019-07-19 13:05:18 -07:00
Matthew Garrett	ed3b03ef7f	Merge pull request #51 from twitchy-jsonp/intel Implement fetch from ekcert server if no EKs are found + Intel TPM	2019-07-17 15:22:14 -07:00
Tom D'Netto	da446762c0	Implement fetch from ekcert server if no EKs are found, and the TPM is from intel.	2019-07-17 15:15:29 -07:00
Tom D	0f6a187a1c	Fix sig mismatch in AIK certification (#50 )	2019-07-12 10:30:30 -07:00
Brandon Weeks	83cab51aec	Remove protos only used internally, update package name	2019-07-09 16:02:52 -07:00
Tom D	709b568a93	Add two missing enums (#48 ) * Add in two missing enum values.	2019-07-03 11:32:22 -07:00
Tom D	5c6b9242df	Add support for multiple certificate directories (#47 )	2019-07-03 10:07:16 -07:00
Tom D	372fcf25d0	Try reading the EKCert from PCP_EKNVCERT (#46 )	2019-06-25 15:19:12 -07:00
Tom D	113729bb8b	Add indication to EKCert error string for when NVRAM value was unwrapped (#45 )	2019-06-20 10:58:41 -07:00
Tom D	7585e609b4	Remove main.go (#44 )	2019-06-18 09:11:08 -07:00
Tom D	ba4708dfc8	Rename attest-tool to match rules for BUILD targets (#43 ) * Implement example cmd-line binary. * Add ability to generate random nonce * Rename attest-tool to match rules for BUILD files	2019-06-18 09:09:39 -07:00
Tom D	04f428d103	Implement example cmd-line binary. (#42 ) * Implement example cmd-line binary. * Add ability to generate random nonce	2019-06-17 15:50:05 -07:00
Tom D	6fede8c9ab	Remove ekcert blacklist. (#37 ) * Fix broken build on windows. * Remove cert blacklist now that certtransparency parsing is laxer by default.	2019-06-17 09:49:16 -07:00
Tom D	1eb89bd0b8	Use certificate-transparency asn1 parser (#41 )	2019-06-12 11:14:43 -07:00
Tom D	7c3baced09	Fix typos. (#40 )	2019-06-12 10:15:42 -07:00
Tom D	8afa43fc13	Better error messages for parseCert() (#39 )	2019-06-12 10:11:18 -07:00
Tom D	8ac2846c80	Attempt fix for EKCert parsing errors when falling back to NVRAM (#38 ) * Fix parsing errors for EKCert when falling back to NVRAM	2019-06-11 10:52:49 -07:00
Tom D	7f17046a60	Fix broken build on windows. (#36 ) * Attempt to read the EK from NVRAM if the system cert store cannot provide it. * Fix broken build on windows.	2019-06-06 13:15:55 -07:00

1 2 3 4 5

241 Commits