Add ActivateCredential support for TKC #284
Conversation
ionut-arm
changed the title
|
This is still WIP, I'll merge it once I have an implementation in Parsec using it and working properly. I also need to add support for registering the authentication value for the endorsement hierarchy to the |
ionut-arm
force-pushed
the
tkc-activate-cred
branch
from
b4331d7
to
3849337
Compare
ionut-arm
changed the title
| let public = TPM2B_PUBLIC::from(object_public); | ||
| let mut pub_buf = [0u8; std::mem::size_of::<TPM2B_PUBLIC>()]; | ||
| let mut offset = 0; | ||
| let result = unsafe { | ||
| Tss2_MU_TPM2B_PUBLIC_Marshal( | ||
| &public, | ||
| &mut pub_buf as *mut u8, | ||
| pub_buf.len() as u64, | ||
| &mut offset, | ||
| ) | ||
| }; | ||
| let result = Error::from_tss_rc(result); | ||
| if !result.is_success() { | ||
| error!("Error in marshalling TPM2B"); | ||
| return Err(result); | ||
| } |
There was a problem hiding this comment.
I wonder if we should implement methods on the types that can be marshalled, to convert them to Vec<u8> using these functions from the library
There was a problem hiding this comment.
Just recently I've been reading the TPM book and in the chapter on auditing there is a passage about the need for marshalled command bytes:
For a command, the hash calculation, which requires marshaled parameters, should be straightforward. A TSS would naturally expose command-parameter marshaling to assist in the command-parameter authorization operation. Responses are trickier, because a TSS naturally unmarshals responses but doesn’t marshal them. One approach is for the audit log to hold the marshaled response as well as the response parameters. The auditor can use the TSS to unmarshal and then validate those response parameters. If the TSS doesn’t expose the unmarshal function, or if the audit log doesn’t hold the marshaled response, the auditor has no choice but to write or obtain a marshaling function. Because a TPM naturally has this function, it’s possible that it can be copied from a future open source TPM implementation.
(A Practical Guide to TPM 2.0 chapter 16 "Auditing TPM Commands" section "Audit Log")
By the way usually the error! calls also print the inner result as in:
error!("Error in loading external object: {}", ret);(in object_commands.rs)
This commit adds support for two operations, enabling key attestation via the ActivateCredential call. A test has also been added to verify attestation using the Endorsement Key. Signed-off-by: Ionut Mihalcea <[email protected]>
Split up the setup for the attesting key into different methods so it's clearer what is being done. Signed-off-by: Ionut Mihalcea <[email protected]>
This commit expands the scope of the TransientKeyContextBuilder to adding more than one hierarchy auth value. This is needed for attesting keys with the default Endorsement Key which uses the Endorsement Hierarchy for authorization by default. Signed-off-by: Ionut Mihalcea <[email protected]>
* Changed the serialisation of the TPM2B_Public to use the marshaling command * Changed the MakeCredParams struct to be fully public to avoid needless clones * Factored out the code for obtaining the EK public key Signed-off-by: Ionut Mihalcea <[email protected]>
ionut-arm
force-pushed
the
tkc-activate-cred
branch
from
d134da8
to
1f170fc
Compare
Instead of serializing TPM2B_PUBLIC, use the embedded TPMT_PUBLIC instead, as this is what the key name is computed over. Signed-off-by: Ionut Mihalcea <[email protected]>
Adding more tests for the key attestation operations. Signed-off-by: Ionut Mihalcea <[email protected]>
|
@Superhepper @anta5010 - want to review again the last two commits? The one about changing what type we serialize is more consequential, the other just adds tests. |
This commit fixes the conversion from `TPMT_PUBLIC` size to the input of Tss2_MU_TPMT_PUBLIC_Marshal. A new WrapperErrorKind variant is added for internal errors which were not expected (essentially as a replacement for `unwrap`). The cross-compilation script was also moved to run per-commit in the CI instead of nightly - the fix above would've been obvious if we tried cross-compilation. Signed-off-by: Ionut Mihalcea <[email protected]>
There was a problem hiding this comment.
Okay. In general this looks OK and I posted some minor issues.
I'll check out parallaxsecond/parsec#558 on how to handle this API :)
tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs
Show resolved
Hide resolved
Improved the tests to check for the exact response code expected. Improved the documentation on `MakeCredentialParams` to detail what the contents are meant for. Signed-off-by: Ionut Mihalcea <[email protected]>
Signed-off-by: Ionut Mihalcea <[email protected]>
This commit adds support for two operations, enabling key attestation
via the ActivateCredential call. A test has also been added to verify
attestation using the Endorsement Key.
Intended for parallaxsecond/parsec#539
cc @wiktor-k