Skip to content

Using the attester and verifier on two different devices#16

Merged
eckelmeckel merged 4 commits intoFraunhofer-SIT:masterfrom
3mdeb:docker_split
Jan 28, 2021
Merged

Using the attester and verifier on two different devices#16
eckelmeckel merged 4 commits intoFraunhofer-SIT:masterfrom
3mdeb:docker_split

Conversation

@Asiderr
Copy link

@Asiderr Asiderr commented Dec 15, 2020

The PR is connected to the following issue #15.
These changes allow the attester to obtain the public part of the attestation key. The public key is marshaled and sent to the verifier. The verifier loads the external public key and uses it to verify the TPM quote signature.

@eckelmeckel
Copy link
Collaborator

eckelmeckel commented Jan 13, 2021

Hi @Asiderr,

that's a great improvement to CHARRA. Thanks a lot for that. I have been working on major changes to CHARRA (#17, no more malloc's; PCR verification, etc.) for the last couple of month but haven't been able to push them before today. Unfortunately, your improvements cannot be merged automatically anymore. Would you be so kind to adapt your code to the latest CHARRA changes so that it can be merged automatically? That would be great.

Again, that's a great new feature :-)

Thanks,
Michael

@Asiderr
Copy link
Author

Asiderr commented Jan 14, 2021

Hi @eckelmeckel,

I've rebased the changes to the current master, but wasn't able to check if it works due to #18

@eckelmeckel
Copy link
Collaborator

eckelmeckel commented Jan 27, 2021

Hi @Asiderr,

I fixed some minor errors in your PR. Unfortunately, I was not able to push it to your repo, so I put it here: https://github.com/Fraunhofer-SIT/charra/tree/docker_split

Can you please merge this branch here? Then I can rebase and merge it to master.

Thanks,
Michael

Norbert Kamiński and others added 3 commits January 28, 2021 01:37
attester: Send public key to the verifier
4c4661a 
Obtain public key that is used to sign the TPM quote.
Add the key to the response and change the max size of
the PDU data.

Signed-off-by: Norbert Kamiński <norbert.kaminski@3mdeb.com>
verifier.c: Load external public key and verify signature
b252a4e 
Verifier unmarshalls attester public key and creates
new key handler. Then it checks the if TPM signature
is valid.

Signed-off-by: Norbert Kamiński <norbert.kaminski@3mdeb.com>
@eckelmeckel
Fixing some errors.
5712d9d 
Signed-off-by: Michael Eckel <michael.eckel@sit.fraunhofer.de>
@Asiderr Asiderr force-pushed the docker_split branch 3 times, most recently from a4bc610 to 4d483b6 Compare January 28, 2021 02:21
@Asiderr
Copy link
Author

Asiderr commented Jan 28, 2021

Hi Michael,

I rebased 3mdeb/docker_split to the current master, and I cherry-picked your fixes. Thanks for correcting my mistakes. I've tested the remote attestation, and I can confirm that everything works fine. Also, I added the instructions on how to reproduce my results to the README.md.

Best regards,
Norbert

README.md: Add documetation for remote attestation
a5681d9 
Signed-off-by: Norbert Kamiński <norbert.kaminski@3mdeb.com>
eckelmeckel
eckelmeckel approved these changes Jan 28, 2021
View reviewed changes
Copy link
Collaborator

@eckelmeckel eckelmeckel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Norbert (@Asiderr),

I have also successfully tested it locally. Thanks for the contribution :-)

Michael

@eckelmeckel eckelmeckel merged commit 70829a1 into Fraunhofer-SIT:master Jan 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eckelmeckel eckelmeckel eckelmeckel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Asiderr @eckelmeckel