Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows hacking #2

Draft
wants to merge 27 commits into
base: master
Choose a base branch
from
Draft

Windows hacking #2

wants to merge 27 commits into from

Conversation

hslatman
Copy link
Member

@hslatman hslatman commented Nov 8, 2022

No description provided.

mjg59 and others added 14 commits April 28, 2022 17:07
@mjg59
Add TPM 2 application key support for Windows
3e6fc9e 
There's currently no support for creating application keys on Windows systems. This patch transitions the Windows key type to specifically refer to attestation keys, and reuses the existing wrapped key support for application keys. This allows the creation of keys in the platform store, while still allowing said keys to be manipulated with existing TPM functionality rather than duplicating it.
@brandonweeks
x509ext: initial version of package
ade05c9
@brandonweeks
Add QualifyingData paramater to KeyConfig
164122a
@hslatman
Merge remote-tracking branch 'bweeks/x509ext' into patches
ab74553
@hslatman
Merge remote-tracking branch 'mjg59/windows_application_keys' into pa…
31a9234 
…tches
@hslatman
Merge remote-tracking branch 'bweeks/acme-device-attest' into patches
f548032
@hslatman
Fix QualifyingData on Windows
81aa7c3
@hslatman
Add signing support for keys generated on Windows
1a8e4e7 
When generating a new key using a Windows TPM, a `wrappedKey20` was
returned, which couldn't be used for signing on Windows, as it's
backed by a `windowsTPM`. The `wrappedKey20` seems to be a type
specifically aimed at usage with a `wrappedTPM20`, which in turn
seems to be used on Linux and for testing, but not when instantiating
a TPM on Windows.

This commit adds the `newWindowsKey20` function, which returns
a key backed by a `windowsTPM`. The key is a `windowsAK20`,
now also conforming to the `key` interface, so that it can be used
for signing purposes.
@hslatman
Implement blobs for Windows keys
5bc739d
@hslatman
Add loadKey on Windows
eb68d97
@hslatman
Remove superfluous return
3543ffd
@hslatman
Add Name and Prefix options to KeyConfig
3737d78
@hslatman
Disable Windows TPM check for KeyConfig properties
4dd9dc6
@hslatman
Add Name and Prefix to AK creation
b832351
@gitstream-cm
Copy link

gitstream-cm bot commented Jan 4, 2023

/: gitStream was installed on this repo, but no automation rules were added. It can add estimated review time to your PRs. get started

This message will appear only once for you in this repo

@CLAassistant
Copy link

CLAassistant commented Jan 4, 2023
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 3 committers have signed the CLA.

✅ hslatman
❌ mjg59
❌ brandonweeks
You have signed the CLA already but the status is still pending? Let us recheck it.

@hslatman
Add support for deleting keys
d197d79 
On Windows, when the key is managed by the OS, keys are stored on
the filesystem. When trying to create a key with the same name, this will
fail with the following error:

`NCryptCreatePersistedKey returned 8009000F: The operation completed successfully.`

This commit adds support for deleting these keys, so that a new
key can be created with the same name.

Have only tested this on Windows so far. My assumption is that for
keys created with `go-attestation` on Linux, the keys aren't persisted
"inside the TPM", so there's nothing to do when deleting them, except
for any keys managed externally.
@hslatman
Fix tests for TPM 1.2
37fd3fa
@hslatman
Merge branch 'master' into herman/windows-hacking
a3f530a
@hslatman hslatman changed the base branch from patches to master January 13, 2023 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@S-code652 S-code652 S-code652 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hslatman @CLAassistant @S-code652 @mjg59 @brandonweeks