Skip to content

Upgrade github.com/smallstep/go-attestation to 2306d5b4 #775

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hslatman merged 1 commit into from
May 28, 2025
Merged

Upgrade github.com/smallstep/go-attestation to 2306d5b4 #775

hslatman merged 1 commit into from
May 28, 2025

Conversation

@hslatman
Copy link
Member

@hslatman hslatman commented May 26, 2025
edited
Loading

@hslatman hslatman marked this pull request as ready for review May 26, 2025 18:39
@hslatman hslatman requested a review from a team May 26, 2025 19:06
@hslatman hslatman force-pushed the herman/upgrade-go-attestation branch from 67546fd to 790308e Compare May 26, 2025 19:06
@hslatman hslatman requested a review from joshdrake May 27, 2025 15:03
@hslatman
Copy link
Member Author

hslatman commented May 28, 2025

@joshdrake tested it with my test program:

Before:

C:\Users\herman\Downloads\mtlstest>mtlstest.exe --kty EC
2025/05/28 13:17:25 using TPM key from TPMKMS
2025/05/28 13:17:25 generated new key name "a32b22"
2025/05/28 13:17:25 key "a32b22" does not exist in TPMKMS storage ".tpmkeys"; creating new one
2025/05/28 13:17:25 generating new client certificate for TPM key
2025/05/28 13:17:25 client certificate:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 215597136017254689214939283215559721015 (0xa2327f7e1b2728c2fc408ddae7248037)
    Signature Algorithm: ECDSA-SHA256
        Issuer: CN=TPM Test Intermediate CA
        Validity
            Not Before: May 28 11:16:25 2025 UTC
            Not After : May 28 12:17:25 2025 UTC
        Subject: CN=Test Client
        Subject Public Key Info:
            Public Key Algorithm: ECDSA
                Public-Key: (256 bit)
                X:
                    55:11:cc:a2:ed:3f:c3:47:33:25:0a:f1:e7:97:a1:
                    93:4d:2e:cb:e7:6f:53:fd:c3:77:f4:11:65:fb:4b:
                    15:d2
                Y:
                    62:50:52:8f:45:c6:da:a7:ba:29:28:56:61:69:cf:
                    e7:66:a6:fe:06:e5:07:81:e2:57:c5:5d:65:a6:35:
                    2e:8c
                Curve: P-256
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:FD:35:AF:A6:75:80:CB:B4:03:A1:15:76:3C:32:C0:0F:1F:6E:F3
            X509v3 Authority Key Identifier:
                keyid:34:4A:51:D2:8F:8F:49:8A:07:80:6E:B0:31:DD:50:2C:3A:65:F5:E7
    Signature Algorithm: ECDSA-SHA256
         30:45:02:20:6d:97:d1:a4:f1:08:d1:3f:ac:a9:2a:23:5d:ee:
         b1:48:e1:b9:36:9f:15:76:5a:21:70:fc:0b:9d:9d:74:99:93:
         02:21:00:a6:28:ff:4a:9f:ca:20:72:95:18:8f:8b:5e:55:3b:
         d7:29:a5:52:9a:5d:47:cb:39:d1:d1:88:f3:a3:3c:52:86

2025/05/28 13:17:25 sending HTTP request to "https://certauth.cryptomix.com:443"
2025/05/28 13:17:26 Get "https://certauth.cryptomix.com:443": tls: failed to sign handshake: cannot sign: handle 0, error code 0x12 : unsupported or incompatible scheme

After:

C:\Users\herman\Downloads\mtlstest>mtlstest.exe --kty EC
2025/05/28 13:19:52 using TPM key from TPMKMS
2025/05/28 13:19:52 generated new key name "df78de"
2025/05/28 13:19:52 key "df78de" does not exist in TPMKMS storage ".tpmkeys"; creating new one
2025/05/28 13:19:52 generating new client certificate for TPM key
2025/05/28 13:19:52 client certificate:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 57778729812165938463070854194277892663 (0x2b77c751a2634d790f6c4cce01e3c237)
    Signature Algorithm: ECDSA-SHA256
        Issuer: CN=TPM Test Intermediate CA
        Validity
            Not Before: May 28 11:18:52 2025 UTC
            Not After : May 28 12:19:52 2025 UTC
        Subject: CN=Test Client
        Subject Public Key Info:
            Public Key Algorithm: ECDSA
                Public-Key: (256 bit)
                X:
                    a6:c0:c3:09:a8:b0:fb:f5:09:70:83:dd:97:1e:8a:
                    44:16:fe:30:c5:98:5c:82:49:4b:cc:e4:07:29:f6:
                    4e:59
                Y:
                    e1:50:23:db:34:11:2f:27:cf:78:80:3a:41:be:68:
                    71:2e:5f:5e:46:46:7e:f4:67:2f:83:56:08:97:a1:
                    b0:0d
                Curve: P-256
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:01:10:F9:3D:C1:FB:86:7C:E4:CE:46:3D:28:68:7E:68:1E:92:CB
            X509v3 Authority Key Identifier:
                keyid:5D:07:0B:6B:29:F9:E2:57:CF:C2:D7:C9:88:9E:7A:B6:89:37:0F:EC
    Signature Algorithm: ECDSA-SHA256
         30:45:02:20:3d:b2:26:94:47:44:8f:bb:57:2d:e7:c1:1d:e2:
         c6:f8:e2:77:fb:4d:78:21:8e:4c:e4:97:5d:b0:9d:1f:0b:b5:
         02:21:00:bc:71:43:2f:ca:b0:45:07:ff:2b:96:2a:b4:ea:5e:
         ef:c2:a7:ea:f4:83:9f:30:35:05:62:ef:44:b5:08:b9:c2

2025/05/28 13:19:52 sending HTTP request to "https://certauth.cryptomix.com:443"
2025/05/28 13:19:52 got HTTP response from "https://certauth.cryptomix.com:443":
<html>
<head>
<title>IDRIX TLS Client Authentication Test</title>
...
</html>

@hslatman hslatman merged commit a4855a3 into master May 28, 2025
12 checks passed
@hslatman hslatman deleted the herman/upgrade-go-attestation branch May 28, 2025 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azazeal azazeal azazeal approved these changes

@joshdrake joshdrake Awaiting requested review from joshdrake

Assignees

No one assigned

Labels

needs triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hslatman @azazeal