Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add certification to Seal #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 23 commits into from
Nov 26, 2019
Merged

Add certification to Seal #60

merged 23 commits into from
Nov 26, 2019

Conversation

@jkl73
Copy link
Contributor

@jkl73 jkl73 commented Oct 30, 2019

Changed Seal() Unseal() Reseal() APIs to accept SealingOpt and CertifyOpt.

@jkl73 jkl73 mentioned this pull request Oct 30, 2019
Closed
@jkl73 jkl73 requested a review from josephlr October 30, 2019 22:13
@jkl73 jkl73 marked this pull request as ready for review October 30, 2019 22:14
@jkl73
Copy link
Contributor Author

jkl73 commented Nov 9, 2019

Hi @josephlr PTAL

josephlr
josephlr reviewed Nov 13, 2019
View reviewed changes
josephlr
josephlr reviewed Nov 19, 2019
View reviewed changes
Copy link
Member

@josephlr josephlr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job on this, I have a bunch of lints, sorry.

tpm2tools/pcr.go Outdated
return &pl, nil
}

// SealCurrent represent current PCRs states.
Copy link
Member

@josephlr josephlr Nov 19, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here and below, we need to rephrase these comments.

Idea:

// SealCurrent seals data to the specified PCR selection.
// SealTarget predicatively seals data to the specified PCR values.
// SealingOpt specifies the PCR values that should be used for Seal().

// CertifyCurrent certifies that a selection of PCRs have the same value they did when sealing the data.
// CertifyExpected certifies that the TPM had a specific set of PCR values when sealing the data.
// CertifyOpt determines which sets of PCR values pass certification in Unseal().

Copy link
Contributor Author

@jkl73 jkl73 Nov 19, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

// SealCurrent seals data to the current specified PCR selection.
// SealTarget predicatively seals data to the given specified PCR values.
// SealingOpt specifies the PCR values that should be used for Seal().

// CertifyCurrent certifies that a selection of current PCRs have the same value when sealing.
// CertifyExpected certifies that the TPM had a specific set of PCR values when sealing.
// CertificationOpt determines if the given PCR value can pass certification in Unseal().

stevenrutherford
stevenrutherford suggested changes Nov 21, 2019
View reviewed changes
Copy link
Contributor

@stevenrutherford stevenrutherford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this was already reviewed pretty thoroughly. Comments are mostly nits.

@jkl73
Copy link
Contributor Author

jkl73 commented Nov 22, 2019

This version will allow seal to empty PCRs selection.

SealOpt cannot be nil, but can have an empty PCRSelection which means seal to empty selection
CertifyOpt can be nil, but pcr.proto or PCRSelection in CertifyOpt cannot be empty (will panic)

@stevenrutherford
Copy link
Contributor

stevenrutherford commented Nov 23, 2019

Looks good.

One last question: why disallow empty PCRSelections for CertifyOpt? Seems like the same story as Seal applies there: if you want to only assert which machine you are on and not that a particular machine is in a particular state, empty selections seem useful.

@josephlr
Copy link
Member

josephlr commented Nov 23, 2019

One last question: why disallow empty PCRSelections for CertifyOpt? Seems like the same story as Seal applies there: if you want to only assert which machine you are on and not that a particular machine is in a particular state, empty selections seem useful.

We do support this (i.e. skipping certification and just unsealing) by providing a nil CertifyOpt. We then disallow empty selections as we don’t want to have/support two ways to do the same thing.

I think for consistency, when sealing to an empty selection, we should use a nil SealingOpt and explicitly disallow empty selections or proto.Pcrs. That way, we can catch bugs if the programmer accidentally passes a nil selection.

@jkl73
Copy link
Contributor Author

jkl73 commented Nov 25, 2019

SealOpt now can be nil. Will panic if pass in empty selection or empty proto.Pcrs in SealOpt.

I added a test for seal/reseal to nil SealOpt.

stevenrutherford
stevenrutherford approved these changes Nov 26, 2019
View reviewed changes
Copy link
Contributor

@stevenrutherford stevenrutherford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks

@jkl73 jkl73 merged commit b2d92bf into google:master Nov 26, 2019
@jkl73 jkl73 deleted the seal_cert branch December 13, 2019 21:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@josephlr josephlr josephlr left review comments

+1 more reviewer

@stevenrutherford stevenrutherford stevenrutherford approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jkl73 @stevenrutherford @josephlr