Merge pull request #177 from smallstep/herman/tpm

TPM utilities package
smallstep · Apr 6, 2023 · 32515ec · 32515ec
2 parents 1316c07 + d989f76
commit 32515ec
Show file tree

Hide file tree

Showing 54 changed files with 7,725 additions and 5 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,4 +20,5 @@ jobs:
       os-dependencies: "libpcsclite-dev"
       run-build: false
       run-codeql: true
+      make-test: true # run `make test` instead of the default test workflow
     secrets: inherit
diff --git a/.gitignore b/.gitignore
@@ -20,4 +20,4 @@ coverage.cov
 *.out
 
 # Dependency directories (remove the comment below to include it)
-# vendor/
+/vendor
diff --git a/Makefile b/Makefile
@@ -23,13 +23,21 @@ bootstra%:
 # Test
 #########################################
 
-test:
-	$Q $(GOFLAGS) gotestsum -- -coverprofile=coverage.out -short -covermode=atomic ./...
+test: defaulttest simulatortest combinecoverage
+
+defaulttest:
+	$Q $(GOFLAGS) gotestsum -- -coverpkg=./... -coverprofile=defaultcoverage.out -covermode=atomic ./...
+
+simulatortest:
+	$Q $(GOFLAGS) CGO_ENALBED=1 gotestsum -- -coverpkg=./tpm -coverprofile=simulatorcoverage.out -covermode=atomic -tags tpmsimulator ./tpm
+
+combinecoverage:
+	cat defaultcoverage.out simulatorcoverage.out > coverage.out
 
 race:
 	$Q $(GOFLAGS) gotestsum -- -race ./...
 
-.PHONY: test race
+.PHONY: test defaulttest simulatortest combinecoverage race
 
 #########################################
 # Linting

diff --git a/README.md b/README.md
@@ -80,3 +80,12 @@ or just a YubiKey or an ssh-agent. On the cloud it supports:
 
 Package `fingerprint` provides methods for creating and encoding X.509
 certificate, SSH certificate and SSH key fingerprints.
+
+### tpm
+
+Package `tpm` provides an abstraction over and utilities for interacting
+with TPMs. It can be used to retrieve TPM information, retrieve its Endorsement
+Keys (EK) and associated certifiates, create and operate on Attestation Keys (AK), 
+and create and operate on (attested) application keys. The `storage` subpackage 
+provides an interface and concrete implementations offering a transparent 
+persistence mechanism for Attestation and application keys.
diff --git a/go.mod b/go.mod
@@ -13,8 +13,13 @@ require (
 	github.com/aws/aws-sdk-go v1.44.235
 	github.com/go-piv/piv-go v1.11.0
 	github.com/golang/mock v1.6.0
+	github.com/google/go-attestation v0.4.4-0.20220404204839-8820d49b18d9
+	github.com/google/go-tpm v0.3.3
+	github.com/google/go-tpm-tools v0.3.10
 	github.com/googleapis/gax-go/v2 v2.8.0
+	github.com/peterbourgon/diskv/v3 v3.0.1
 	github.com/pkg/errors v0.9.1
+	github.com/schollz/jsonstore v1.1.0
 	github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262
 	github.com/stretchr/testify v1.8.2
 	golang.org/x/crypto v0.7.0
@@ -38,12 +43,16 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/btree v1.0.1 // indirect
+	github.com/google/certificate-transparency-go v1.1.2 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-tspi v0.2.1-0.20190423175329-115dea689aad // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/miekg/pkcs11 v1.0.3 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
@@ -61,3 +70,6 @@ require (
 	google.golang.org/protobuf v1.29.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
+
+// relying on fork till changes get upstreamed.
+replace github.com/google/go-attestation => github.com/smallstep/go-attestation v0.4.4-0.20230224121042-1bcb20a75add
diff --git a/go.sum b/go.sum