Commit Graph

30 Commits

Author SHA1 Message Date
zhsh
d29df30553
Add EK as a field to AK struct. (#332)
The change is a no-op for existing clients, and it will simplify
adding the support for ECC EKs. The activation code no longer makes
assumptions about EK's type and handle (i.e. RSA and 0x81010001),
and instead relies on TPM.EKs() to provide the EK's details.
2023-06-22 13:17:47 -07:00
zhsh
50c1e1e03b
Renamed some variables and methods to highlight that only RSA EKs are (#330)
currently supported.

This is the first step towards supporting ECC EKs.
2023-06-12 18:36:51 -07:00
Brandon Weeks
50e72a4743
attest: fix OSS-Fuzz build (#278) 2022-05-31 21:50:58 -07:00
Brandon Weeks
f1ff544e51
attest: restore change from a35bd36 mistakingly removed in be496f1 (#277) 2022-05-31 13:12:21 -07:00
Tom D
82f2c9c2c7
Merge pull request from GHSA-99cg-575x-774p
* AKPublic.Verify: Return an error if a provided PCR of the correct
   digest was not included in the quote.
 * AKPublic.VerifyAll: Implement VerifyAll method, which can cross-check
   that provided PCRs were covered by quotes across PCR banks.
 * PCR.QuoteVerified(): Introduce getter method to expose whether a
   PCR value was covered during quote verification.
2022-01-31 09:10:07 -08:00
Brandon Weeks
2f8dbfc94e
Restore changes accidentally reverted during reconciliation (#256) 2021-12-08 16:43:38 -08:00
copybara-service[bot]
f1f1b84491
Revert "Internal change"
PiperOrigin-RevId: 415106054

Co-authored-by: Brandon Weeks <bweeks@google.com>
2021-12-08 15:06:48 -08:00
Brandon Weeks
57a6cb587a Internal change
PiperOrigin-RevId: 415099842
2021-12-08 14:37:13 -08:00
Brandon Weeks
be496f1149 Internal change
PiperOrigin-RevId: 394330027
2021-09-01 15:39:03 -07:00
Eric Chiang
a35bd36e42
attest: fix test build for MacOS (#241)
Windows still requires openssl due to tpm-tools simulator. Will try to
figure out that next.
2021-09-01 13:24:57 -07:00
Eric Chiang
7cf0af2beb
.github: add initial github action for CI (#239)
Goal is to switch current builder run internally by Google over to
GitHub Actions.
2021-09-01 11:15:26 -07:00
Tom D
ebb0b62d80
Split linuxTPM -> {trousersTPM,wrappedTPM20}, implement CommandChannel
* Split linuxTPM -> {trousersTPM,wrappedTPM20} + prefix windows key type with windows

* Address feedback, implement CommandChannel
2020-05-05 16:56:57 -07:00
Tom D
1045ef6327
Refactor *platformTPM -> tpmBase interface (#160) 2020-05-05 14:56:40 -07:00
Tom D
25ce56400c
Fix linter errors, go fmt (#130) 2019-10-10 14:29:46 -07:00
Brandon Weeks
73020b971b Rename AIK to AK everywhere
AIK is the terminology used as part of the TPM 1.2 specifications.
2019-10-09 08:56:19 +11:00
Tom D
56dc743f14
Support AIKPublic.validate20Quote() consuming PCRs not part of the quote (#115) 2019-09-26 15:11:31 -07:00
Eric Chiang
39d2f6efff attest: don't define exported API in files with build tags
It's best practice to define as much code, especially exported API, in
files that can build on any platform. With as little code as possible in
OS specific files.

Ensure files with build tags don't contain any exported APIs. This helps
us not accidentally define API that only works on one platform, or have
incompatible method defintions between OSes.

TODO: follow up with an "unsupported" implementation so this builds on
Mac or without CGO (e.g. for servers)?
2019-09-19 13:50:38 -07:00
Eric Chiang
e688ff6d7f attest: rename MintAIK and MintOptions to NewAIK and AIKConfig
This helps the godoc read better and is more inline with Go's naming
scheme. No functional changes made, just naming.
2019-08-28 09:25:14 -07:00
Eric Chiang
78755e7a91 attest: remove Log statements from tests (#81)
Tests generally shouldn't print anything unless they fail.
2019-08-21 10:28:55 -07:00
Eric Chiang
bfcbe8f1e2 attest: re-work EK API (#79)
This PR adds:
* Renames 'PlatformEK' to 'EK'
* More consistant support of EKs without certificates
* Removes HTTP GET to Intel EK certificate service
* Always populates EK.Public
2019-08-21 10:26:55 -07:00
Tom D
6e2e8693ad
75: Make PCRs() take the digest algorithm (#77) 2019-08-20 11:52:12 -07:00
Eric Chiang
7d7676beda attest: move public key parsing server side
Event log parsing requires knowning both the public key and signing
parameters. Symmantically, this information should be from an attested
public key blob, not additional data passed by the client.

Introduce a new method for parsing an AIK's public key blob, returning
a new AIKPublic struct.
2019-08-06 11:09:20 -07:00
Tom D
8f4f17e679
Implement credential activation API (#56) 2019-07-23 15:22:53 -07:00
Tom D
90e37eacce
Refactor part 1: Refactor logic for keys into structs for each TPM/platform invariant. (#53)
* Refactor serialized keys into own structure, in preparation for making Key an interface.

* Refactor key logic into separate structures for each platform/TPMversion invariant.

* Implement review feedback
2019-07-19 13:05:18 -07:00
Tom D
0a5a5f0656
Refactor tests: remove build tags, de-dupe, use flags to control test runs from now on (#8) 2019-04-05 14:49:36 -07:00
Tom D
790d3ba149
Script setup of fake filesystem objects for tpm12 tests, fix build of tpm12 tests. (#5) 2019-04-03 12:19:25 -07:00
Tom
f3ea38462e Make package a Go module, add build tags for tests that need special system setup 2019-04-01 11:06:07 -07:00
Tom
7e37dd3701 go fmt 2019-03-28 14:00:07 -07:00
Tom
ca33c04742 Validate secret in attest_tpm12_test, fix godoc 2019-03-28 13:29:24 -07:00
Tom
21c2bfd1dc Initial commit. 2019-03-28 13:21:16 -07:00