Open nicowilliams opened 1 year ago
I think the normalization approach will probably be the best.
Normalizing the EKpub on the server might make more sense? The server is the one choosing to use the hash, not the client, and a different server might choose an equality test or something else like checking the modulus, which means that the client doesn't know what fields are important.
This normalization is also easier to do in the Python server than the shell scripts of the client, right?
This normalization is also easier to do in the Python server than the shell scripts of the client, right?
I'm thinking it's just tpm2_loadexternal
then tpm2_readpublic
to normalize.
The swtpm does remember whether the exponent was given as 0x00010001
or 0x00000000
, so we'll have to resort to ugly games.
A dd
command works. However, I fear this is too ugly, and that we might need to do something else.
Options:
TPM2B_PUBLIC
In HCP we use Safeboot w/ an EKcert, then we derive an EKpub from the EKcert, then we compute a hash of the EKpub and name the enrollment after that hash. At attestation time the client sends its EKpub and the server looks up the enrollment by EKhash = H(EKpub).
The way the EKcert->EKpub conversion is done is simple:
TPM2B_PUBLIC
for that loaded object from the swTPMBut there are at least two ways in which the
TPM2B_PUBLIC
of an EK as produced by the TPM where it resides, and as produced by another TPM as used above can differ:if the key is an RSA key, the exponent should be
2^16 + 1
, which is the default exponent, and which should be written as the all-zeros value that indicates the default The swTPM writes all-zeros. A TPM could write2^16 + 1
, and at least one brand does.if the key is a restricted, decrypt-only RSA key, then the scheme is required to be OEAP and that is allowed to be expressed as the default scheme (NULL) We've not observed any TPM writing in the OEAP scheme instead of the NULL scheme, but it could happen.
The upshot is that either we must
(Readers should note that enrollment also supports enrolling with an EKpub directly, and this is for the case where virtual TPMs are used where there is a mechanism other than EKcerts for validating the legitimacy of a TPM.)