ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2024-12-18 20:47:57 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
290 Commits 3 Branches 15 Tags 4.6 MiB
93c5899459
Commit Graph

290 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
93c5899459
Bump golang.org/x/sys from 0.13.0 to 0.14.0 (#356) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/sys/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 07:47:43 -08:00
dependabot[bot]
74a49366bd
Bump github.com/google/go-tpm-tools from 0.4.1 to 0.4.2 (#355) 
Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools) from 0.4.1 to 0.4.2.
- [Release notes](https://github.com/google/go-tpm-tools/releases)
- [Changelog](https://github.com/google/go-tpm-tools/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/google/go-tpm-tools/compare/v0.4.1...v0.4.2)

---
updated-dependencies:
- dependency-name: github.com/google/go-tpm-tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-30 09:14:26 -07:00
dependabot[bot]
776dc3ac22
Bump golang.org/x/sys from 0.12.0 to 0.13.0 (#353) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/sys/compare/v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-16 16:58:28 +00:00
dependabot[bot]
136789e2e1
Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#354) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-16 09:55:31 -07:00
dependabot[bot]
82eb5d47a2
Bump github.com/google/go-tpm-tools from 0.4.0 to 0.4.1 (#352) 
Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/google/go-tpm-tools/releases)
- [Changelog](https://github.com/google/go-tpm-tools/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/google/go-tpm-tools/compare/v0.4.0...v0.4.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-tpm-tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-18 08:32:24 -07:00
dependabot[bot]
f4ab877258
Bump github.com/google/go-tpm-tools (#351) 
Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools) from 0.3.13-0.20230620182252-4639ecce2aba to 0.4.0.
- [Release notes](https://github.com/google/go-tpm-tools/releases)
- [Changelog](https://github.com/google/go-tpm-tools/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/google/go-tpm-tools/commits/v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-tpm-tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-11 08:03:38 -07:00
Herman Slatman
3d71f101b1
Fix Intel EK certificate URLs on Linux (#347) 2023-09-08 18:23:49 +00:00
Damien Miller
42c11fc152
Fix typo (#349) 2023-09-08 17:46:44 +00:00
dependabot[bot]
3c84bff65e
Bump golang.org/x/sys from 0.9.0 to 0.12.0 (#348) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.9.0 to 0.12.0.
- [Commits](https://github.com/golang/sys/compare/v0.9.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-08 17:42:41 +00:00
Brandon Weeks
ab5dee2ae5
ci: don't install OpenSSL 1.1 on macOS (#350) 
GitHub actions runner macos-13 version 20230801.2 appears to include
this by default, causing a link failure.

da18545f2f
 2023-09-08 10:33:41 -07:00
zhsh
046550658b
attest: Create keys under non-default SRKs (#342) 2023-07-11 10:14:13 -04:00
zhsh
310e2caafe
attest: Remove the EK field from AK struct (#341) 2023-06-29 07:53:53 -07:00
zhsh
60adf13bc0
attest: ActivateCredentialWithEK() method that can be used with non-default EKs. (#340) 2023-06-28 20:38:36 -07:00
zhsh
a56e8c4896
Activate AK with ECC EKs. (#339) 2023-06-27 20:02:47 -07:00
smo4201
8af5f4e7de
attest: Make PCRs included in quote configurable (#311) 
Change the low-level Quote() functions so that the PCRs to be
included in the quote is selectable. Does not change the
high-level attestPlatform functions, which still retrieve
all PCRs.
 2023-06-26 23:04:59 +00:00
zhsh
b92d1c69bf
Add TPM.EKCertificates() method, it returns all certificates from TPM's NVRAM (#333) 2023-06-23 15:10:34 -07:00
zhsh
d29df30553
Add EK as a field to AK struct. (#332) 
The change is a no-op for existing clients, and it will simplify
adding the support for ECC EKs. The activation code no longer makes
assumptions about EK's type and handle (i.e. RSA and 0x81010001),
and instead relies on TPM.EKs() to provide the EK's details.
 2023-06-22 13:17:47 -07:00
Brandon Weeks
63dd90f699
Bump github.com/google/go-tpm from 0.3.4 to 0.9.0 (#337) 2023-06-21 16:18:54 +02:00
dependabot[bot]
ac9aa2497f
Bump golang.org/x/sys from 0.8.0 to 0.9.0 (#335) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/sys/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-20 16:40:32 +00:00
Ludovic Fernandez
2788b541c7
Fix golangci-lint workflow (#336) 2023-06-20 09:35:01 -07:00
Chris Fenner
a9b6eb1eb8
use legacy tpm2 at its new path (#331) 2023-06-13 07:43:38 -07:00
zhsh
50c1e1e03b
Renamed some variables and methods to highlight that only RSA EKs are (#330) 
currently supported.

This is the first step towards supporting ECC EKs.
 2023-06-12 18:36:51 -07:00
juanvallejo
258084d04e Add support for generating TPM2.0 challenges using AttestedCertifyInfo 
Fixes: issues/320.

Adds support for generating an activation challenge using
CertificationParameters.
Achieves symmetry with challenge-generation in
AttestationParameters, in order to provide a challenge to a
TPM to activate a TPM-certified key.

`attest.Activation` currently supports verifying and
generating a challenge given attestationData, an EK, an AK,
and a signature. In the attestationData, the CreationInfo
field is used to further validate and create the resulting
challenge.
In this change, `attest.Certification` will now support
generating a challenge given attestationData, an EK, a
TPM-certified public key, and a signature, in addition to
an AK used to verify the certification of the provided
public key we are generating an activation challenge for.
 2023-06-06 10:46:12 -07:00
Herman Slatman
89884d0a74
Fix Intel EK certificate URL (#310) 
* Fix Intel EK certificate URL

To download the certificate for an Intel TPM, the base64 padding
in the URL needs to be replaced with `%3D`. If it's not replaced,
requesting the URL will result in HTTP 403 Forbidden.

* Use `url.QueryEscape` to escape base64 padding
 2023-06-02 09:17:59 -07:00
zhsh
b474b712d4
wrappedTPM20.ekTemplate() never returns an error. (#327) 2023-05-29 10:16:09 -07:00
dependabot[bot]
a4b579bcf0
Bump github.com/google/go-tpm-tools from 0.3.9 to 0.3.12 (#324) 
Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools) from 0.3.9 to 0.3.12.
- [Release notes](https://github.com/google/go-tpm-tools/releases)
- [Commits](https://github.com/google/go-tpm-tools/compare/v0.3.9...v0.3.12)

---
updated-dependencies:
- dependency-name: github.com/google/go-tpm-tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-22 11:14:50 -07:00
dependabot[bot]
62a036b369
Bump golang.org/x/sys from 0.0.0-20220209214540-3681064d5158 to 0.8.0 (#316) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.0.0-20220209214540-3681064d5158 to 0.8.0.
- [Commits](https://github.com/golang/sys/commits/v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-22 11:03:00 -07:00
Brandon Weeks
10dd5f7a05
Bump Go version to 1.19 (#325) 2023-05-22 10:52:09 -07:00
Noah Stride
3ef3949b46 Fix comments referring to .Serialize() instead of .Marshal() 2023-05-15 10:56:35 -07:00
José Martínez
1f9c436d57 Parse TCG_PCR_EVENT2 structures with an eventSize of 0 2023-05-15 09:19:59 -07:00
dependabot[bot]
270ecbab1f
Bump github.com/google/go-tspi (#307) 
Bumps [github.com/google/go-tspi](https://github.com/google/go-tspi) from 0.2.1-0.20190423175329-115dea689aad to 0.3.0.
- [Release notes](https://github.com/google/go-tspi/releases)
- [Commits](https://github.com/google/go-tspi/commits/v0.3.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-tspi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-10 10:28:28 -08:00
Brandon Weeks
0ccbb50494
Handle multiple ELAM events (#309) 2023-03-08 13:32:50 -08:00
Mike Gerow
68deb4ce55 Use NV cert index as auth hierarchy for EK cert 
This is the same approach tpm2_getekcertificate uses, with its
`TPM2_HANDLE_FLAGS_NV` flag.

The main impetus here is is ChromeOS's vtpm implementation[1], which
doesn't have a concept of an "owner" or "platform" password and expects
the NV index itself as the auth hierarchy. In either case, as this is
the same approach tpm2_getekcertificate uses this should provide a more
standard/common approach as opposed to relying on the owner password to
be empty.

Tested with both CrOS's vTPM and a real TPM on Debian.

b/258300352

[1]: https://source.chromium.org/chromiumos/chromiumos/codesearch/+/main:src/platform2/vtpm/commands/nv_read_command.cc;l=64-68;drc=1efd0c8f36050d56b8550354a4c7af925e44118a
 2023-01-05 12:25:14 -08:00
Marcin Wielgoszewski
5238453493 Truncate digests to the left most bits to match the bit-length of the order of the curve 2022-11-15 15:26:00 -08:00
Mike Gerow
b93151db1f
Preserve error logic in getPrimaryKeyHandle (#296) 
In `wrappedTPM20.getPrimaryKeyHandle()`, preserve any error from the
short-circuit `tpm2.ReadPublic()` logic, so that we can return it
alongside any failure in `tpm2.CreatePrimary()`

Co-authored-by: Justin King-Lacroix <justinkl@google.com>
 2022-11-04 14:57:37 -07:00
Brandon Weeks
0dc056af7d Fix golangci-lint findings 2022-11-01 13:38:49 -07:00
Brandon Weeks
19d3c4de97 Run golangci-lint as part of CI 
https://golangci-lint.run/usage/install/#ci-installation
 2022-11-01 13:38:49 -07:00
Brandon Weeks
438907edb0
Fix lints; run gofmt (#293) 
$ gofmt -s -w .
 2022-11-01 12:19:57 -07:00
hansinator
17f9c05652
fix returning wrong error in ParseWinEvents (#291) 
Co-authored-by: Hans-Gert Dahmen <hans-gert.dahmen@immu.ne>
 2022-10-11 09:22:10 -07:00
hansinator
d98599d257
Fix decoding of uints in windows events (#290) 
Co-authored-by: Hans-Gert Dahmen <hans-gert.dahmen@immu.ne>
 2022-10-07 13:01:04 -07:00
dependabot[bot]
053c50e8ad
Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#286) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.8 to 0.5.9.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.8...v0.5.9)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-12 11:14:05 -04:00
Malte Poll
e99c3e104e
Ignore MokListTrusted events in ParseUEFIVariableAuthority (#284) 2022-09-09 15:58:48 -07:00
dependabot[bot]
dff2daeaf0
Bump github.com/google/go-tpm-tools from 0.3.8 to 0.3.9 (#285) 2022-08-22 19:31:56 +00:00
Brandon Weeks
f5d560164e
Set NoDa flag on the AK template (#280) 
Resolves an issue where a TPM in DA lockout mode cannot generate an AK.
 2022-06-03 12:51:56 -07:00
Brandon Weeks
cb976082a3
x509ext: initial version of package (#279) 2022-06-02 15:05:51 -07:00
Brandon Weeks
50e72a4743
attest: fix OSS-Fuzz build (#278) 2022-05-31 21:50:58 -07:00
Brandon Weeks
f1ff544e51
attest: restore change from a35bd36 mistakingly removed in be496f1 (#277) 2022-05-31 13:12:21 -07:00
dependabot[bot]
e0bd974e4e
Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#275) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.7...v0.5.8)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-16 12:44:25 -07:00
dependabot[bot]
ad58dc770e
Bump github.com/google/go-tpm-tools from 0.3.7 to 0.3.8 (#276) 
Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools) from 0.3.7 to 0.3.8.
- [Release notes](https://github.com/google/go-tpm-tools/releases)
- [Commits](https://github.com/google/go-tpm-tools/compare/v0.3.7...v0.3.8)

---
updated-dependencies:
- dependency-name: github.com/google/go-tpm-tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-16 12:44:06 -07:00
dependabot[bot]
8235370483
Bump github.com/google/go-tpm-tools from 0.3.1 to 0.3.7 (#273) 
Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools) from 0.3.1 to 0.3.7.
- [Release notes](https://github.com/google/go-tpm-tools/releases)
- [Commits](https://github.com/google/go-tpm-tools/compare/v0.3.1...v0.3.7)

---
updated-dependencies:
- dependency-name: github.com/google/go-tpm-tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-18 08:39:55 -07:00