Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Derive BastionID #302

Merged
merged 5 commits into from
Jun 12, 2024
Merged

Derive BastionID #302

merged 5 commits into from
Jun 12, 2024

Conversation

AlCutter
Copy link
Collaborator

@AlCutter AlCutter commented May 24, 2024
edited
Loading

This PR derives a new key to be used to authenticate the witness to a Bastion host.

I've done some refactoring to simplify/reuse code where possible to avoid mistakes in the future.

Key derivation results remain the same with the refactoring:

Before

----------------------------------------------------------- Trusted OS ----
Serial number ..............: 720A9DEAD4391E1E
Secure Boot ................: false
SRK hash ...................:
Revision ...................: a2c259b
Version ....................: 0.1.2-11-ga2c259b
Runtime ....................: go1.22.0 tamago/arm
Link .......................: false
MAC ........................: c6:08:a0:62:04:44
IdentityCounter ............: 0
Witness/Identity ...........: DEV:ArmoredWitness-misty-snow+4235d37b+ATQcX3zXpdLJdudAP97VhTkO4m0DEyld9ndttS/XdIKq
Witness/IP .................:
Witness/AttestationKey .....: DEV:AW-ID-Attestation-720A9DEAD4391E1E+ca59d820+AZhTXIbOHFbhQrHf22YK+4lLMsCfBrzA3zdA3IP5PaZh

After

----------------------------------------------------------- Trusted OS ----
Serial number ..............: 720A9DEAD4391E1E
Secure Boot ................: false
SRK hash ...................:
Revision ...................: ee18b13
Version ....................: 0.1.2-17-gee18b13
Runtime ....................: go1.22.0 tamago/arm
Link .......................: false
MAC ........................: c6:08:a0:62:04:44
IdentityCounter ............: 0
Witness/Identity ...........: DEV:ArmoredWitness-misty-snow+4235d37b+ATQcX3zXpdLJdudAP97VhTkO4m0DEyld9ndttS/XdIKq
Witness/IP .................:
Witness/AttestationKey .....: DEV:AW-ID-Attestation-720A9DEAD4391E1E+ca59d820+AZhTXIbOHFbhQrHf22YK+4lLMsCfBrzA3zdA3IP5PaZh
Witness/AttestedIdentity ...: [below]

ArmoredWitness ID attestation v1
720A9DEAD4391E1E
0
DEV:ArmoredWitness-misty-snow+4235d37b+ATQcX3zXpdLJdudAP97VhTkO4m0DEyld9ndttS/XdIKq

— DEV:AW-ID-Attestation-720A9DEAD4391E1E ylnYIEjwPNzNhE6A6Mx/4zhes5Wxg+45gcCO9atyhu6bucDCrf/99BPSO4SQwdDxHAdPRod53cicvfgCXskTMMv/CgI=

Witness/AttestedBastionID ..: [below]

ArmoredWitness BastionID attestation v1
720A9DEAD4391E1E
0
3a8a5615f38f0e3388d389d031353a6041acd12b30b38d5b6ddcaf16fd01dcc1

— DEV:AW-ID-Attestation-720A9DEAD4391E1E ylnYIC9IFCP5AKb34hlD9PWAUogTA6cIV+7z5OMr7LNfLMZpKUnlclQ25wPl4ka7giIxOQ4WxcsfKw+eeImN5b3f9AQ=

----------------------------------------------------------- Trusted OS ----

Towards transparency-dev/armored-witness/issues/253

@AlCutter AlCutter force-pushed the bastion_identity branch 2 times, most recently from c5a0ae0 to 3db381b Compare May 24, 2024 12:57
@AlCutter AlCutter requested a review from jiggoha May 24, 2024 12:59
@AlCutter AlCutter marked this pull request as ready for review May 24, 2024 12:59
@AlCutter
Copy link
Collaborator Author

Worth reviewing commit-by-commit.

@AlCutter AlCutter requested a review from mhutchinson June 3, 2024 16:32
@AlCutter AlCutter mentioned this pull request Jun 11, 2024
Merged
@AlCutter
Copy link
Collaborator Author

I've just rebased onto main with #310 merged.

@AlCutter AlCutter merged commit 08806a1 into transparency-dev:main Jun 12, 2024
3 checks passed
@AlCutter AlCutter deleted the bastion_identity branch June 12, 2024 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mhutchinson mhutchinson mhutchinson approved these changes

@jiggoha jiggoha Awaiting requested review from jiggoha

Assignees

@mhutchinson mhutchinson

@jiggoha jiggoha

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AlCutter @mhutchinson @jiggoha