Comments (4)
alexmwu
commented on May 3, 2024
Hi Sal, am I understanding this correct that you would like us to export this func without having it be behind server.VerifyAttestation? Seems reasonable to me
from go-tpm-tools.
salrashid123
commented on May 3, 2024
yup; basically, i want some mechanism to parse the EK/AK cert and get the details of *pb.GCEInstanceInfo,.
exporting the function as-is i think means i gotta parse the cert, find the []pkix.Extension and send that in. It'd be easier if i can just give the x609 cert and i get back pb.GCEInstanceInfo
from go-tpm-tools.
alexmwu
commented on May 3, 2024
PTAL at #267 and see whether that's what you want @salrashid123
from go-tpm-tools.
salrashid123
commented on May 3, 2024
thanks. yep. i basically wanted something like this and the PR seems to do that an more:
package certparser
// >>>>>> COPIED from https://github.com/google/go-tpm-tools/blob/f599e6c6bb64d3c03e9507c9fc12c6dbf4a2f640/server/verify.go#L176
import (
"crypto/x509"
"encoding/asn1"
"fmt"
pb "github.com/google/go-tpm-tools/proto/attest"
)
var OidExtensionSubjectAltName = []int{2, 5, 29, 17}
var cloudComputeInstanceIdentifierOID asn1.ObjectIdentifier = []int{1, 3, 6, 1, 4, 1, 11129, 2, 1, 21}
type gceSecurityProperties struct {
SecurityVersion int64 `asn1:"explicit,tag:0,optional"`
IsProduction bool `asn1:"explicit,tag:1,optional"`
}
type gceInstanceInfo struct {
Zone string `asn1:"utf8"`
ProjectNumber int64
ProjectID string `asn1:"utf8"`
InstanceID int64
InstanceName string `asn1:"utf8"`
SecurityProperties gceSecurityProperties `asn1:"explicit,optional"`
}
func GetInstanceInfo(cert *x509.Certificate) (*pb.GCEInstanceInfo, error) {
extensions := cert.Extensions
var rawInfo []byte
for _, ext := range extensions {
if ext.Id.Equal(cloudComputeInstanceIdentifierOID) {
rawInfo = ext.Value
break
}
}
// If GCE Instance Info extension is not found.
if len(rawInfo) == 0 {
return nil, nil
}
info := gceInstanceInfo{}
if _, err := asn1.Unmarshal(rawInfo, &info); err != nil {
return nil, fmt.Errorf("failed to parse GCE Instance Information Extension: %w", err)
}
// TODO: Remove when fields are changed to uint64.
if info.ProjectNumber < 0 || info.InstanceID < 0 || info.SecurityProperties.SecurityVersion < 0 {
return nil, fmt.Errorf("negative integer fields found in GCE Instance Information Extension")
}
// Check production.
if !info.SecurityProperties.IsProduction {
return nil, nil
}
return &pb.GCEInstanceInfo{
Zone: info.Zone,
ProjectId: info.ProjectID,
ProjectNumber: uint64(info.ProjectNumber),
InstanceName: info.InstanceName,
InstanceId: uint64(info.InstanceID),
}, nil
}from go-tpm-tools.
Related Issues (20)
- Support loading cached key HOT 2
- Issue building on Ubuntu 2204 jammy HOT 3
- Can't do BootMeasurements with the activated key HOT 8
- Comapre Public Keys HOT 1
- Invalid PCR selection during `key.Attest()`
- Fix server.VerifyAttestation with server.VerifyOpts HOT 1
- launcher: Don't defer os.Exit
- using simulator in other project does not fetch ms-tpm-20-ref HOT 1
- Not able to Extract SHA256 PCR Bank Values HOT 5
- Simulator checks wrong path for `openssl` with Homebrew on Apple Silicon macOS
- Support "TSS2 PRIVATE KEY" PEM files
- Support importing AES or HMAC keys HOT 1
- GetGCEInstanceInfo should return error if not found
- README.md and go.mod: the go version number error
- Allow persistence `client.Key()` HOT 1
- SigningKeyImportBlob to support duplication policy
- Support linux userspace eventlog HOT 1
- Preferred way to get raw hardware attestation?
- Follow up on the TODOs in PR #375 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-tpm-tools.