-
Notifications
You must be signed in to change notification settings - Fork 257
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add basic ACME device-attest-01 support
#712
Merged
Merged
Changes from 42 commits
Commits
Show all changes
43 commits
Select commit
Hold shift + click to select a range
ba8aef6
Add basic ACME `device-attest-01` support
hslatman 32c66b5
Add TPM info to output and add account public key to attested data
hslatman 0026346
Improve Device Attestation flow
hslatman c11f1d9
Merge branch 'master' into acme-attestation
hslatman 71d7f32
Change to `ac.ValidateWithPayload`
hslatman f17a194
Remove dependency on TPM simulator
hslatman 8c06e36
Merge branch 'master' into acme-attestation
hslatman d6d0a95
Merge branch 'master' into acme-attestation
hslatman 0d71003
Tidy modules
hslatman 8d356c5
Add support for TPMs without EK certificate
hslatman aa561c3
Merge branch 'master' into acme-attestation
hslatman 5331051
Update replaced modules
hslatman f0a7ae0
Update attestation JSON properties
hslatman c46f86c
Refactor into using the `tpm` package
hslatman ad4bb2f
Merge branch 'master' into acme-attestation
hslatman 6df0797
Refactor all TPM operations to be performed by `tpm` package
hslatman 4a34947
Return errors instead of logging TPM failures
hslatman a285b42
Make the `akCert` optional
hslatman dc6ffe6
Depend on `go.step.sm/crypto/tpm`
hslatman 877d740
Merge branch 'master' into acme-attestation
hslatman ff55055
Cleanup
hslatman cd8d1d3
Merge branch 'master' into acme-attestation
hslatman b149898
Update to latest `go.step.sm/crypto/tpm`
hslatman b19c55c
Check if `AK` for identifier exists before creating a new one
hslatman 6d8982f
Merge branch 'master' into acme-attestation
hslatman 6b5505d
Refactor attestation enrollment process
hslatman 1d54c92
Clean up TPM attestation flow
hslatman 30b2d92
Merge branch 'master' into acme-attestation
hslatman 030a267
Fix some linting issues for TPM
hslatman b1cef14
Change the way the key authorization is hashed
hslatman ea33be7
Only perform attestation flow if `AK` isn't certified
hslatman b4d6427
Refactor attestation HTTP client
hslatman e642396
Refactor attestation client
hslatman 18c681c
Merge branch 'master' into acme-attestation
hslatman f114885
Update replaced `github.com/google/go-attestation`
hslatman 55d89fc
Fix linting issues
hslatman ae12907
Add parsing of `attestation-uri` for key name
hslatman e73db5c
Include TPM info in attestation request
hslatman bab5c65
Merge branch 'master' into acme-attestation
hslatman eb9bc22
Add some more docs to the TPM flow
hslatman c3beee7
Support `kty`, `crv` and `size` with ACME `device-attest-01`
hslatman 0cbf9fe
Add `--attestation-ca-insecure` flag for disabling TLS validation
hslatman 57914ea
Fix PR comments
hslatman File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the future, we might want to add some defaults for this, ok for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or we can bootstrap them.