IETF Logo Mail Archive

[Rats] draft-ietf-rats-yang-tpm-charra tpm2_quote response and TPMS_QUOTE_INFO

"Philippe Bergeon (Nokia)" <philippe.bergeon@nokia.com> Wed, 07 February 2024 16:10 UTC

Return-Path: <philippe.bergeon@nokia.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C03BC14F6A7 for <rats@ietfa.amsl.com>; Wed, 7 Feb 2024 08:10:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QHqrfp-yt58r for <rats@ietfa.amsl.com>; Wed, 7 Feb 2024 08:10:44 -0800 (PST)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2049.outbound.protection.outlook.com [40.107.243.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C007C14F68D for <rats@ietf.org>; Wed, 7 Feb 2024 08:10:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k0Oe3xvVwrH/Wj0JAfd4T3rBPH1SyWN17wSZMpdQiFFbRf4EX+SFLvTY5kkDcstfYdDc/rZNuXhirX6V1epNucQ5f+H/lXQ4kAl4N4Tc2FSEduGvQQmxbmhYpzQeNYFDqAnLmQarGQI37YWZriBDgIaFl/36jT0qV3X0DYIlpORHpG7AUqNboX5xhAXdwtRnmkuDGF6OM5Q00GJywh+jrPqAyfiUEwWItFBFp0fNRjWaqJDCbSHfkiW6E27As8wO4QwPKbD5o6/tLYQwrSCfLqT2+jLz9rXqCJ5TjlAu6cRpO/4bMdKTcNCcdmvsTkJBTjGMHbN8pOPBQGP13nXRYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/LQgYhFSA9MvFDi7YvKMAKksaF/Jd0cyPZSPBfJg214=; b=BfHgFwNpi5asiI6Wcg9miIF4jCAzX54VBTQnpbn/Yp36N5O+XRGo4SZRJmrDJw48xl6U1it+8FntH7KXDAJ3oifwTgk5dKul81ajuTwnZp0Ta30WAJte0LrIhcNzhx16UK2HbLPbOKojOGQuiumbKcqVTbWBIX8+OdpOXkifDZ+aqZGGg+rJxz9B7p8/NYazs4xmvww2JxH31OBRrDfM3wIcK0uAv2onujs9qktm1b0eVAEyr0mrvAfHycxio7rNg/L60H+RlTUx7NNw3EkYWum6xzr+MqvBZGo7Pu+JZprfYw0ZJRmdxLCDAKg6/p/z7LBR+zNEZJWWM35vBOtaHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/LQgYhFSA9MvFDi7YvKMAKksaF/Jd0cyPZSPBfJg214=; b=i8aDnjJTBiR1ML3iQrM8Ic+CjjlLt+47vbMKbXwPS7Gj/ZGOM5/NJp5IM13vOA7lDyc94mfjYRmJ5XPflMZ5bxUs5I5tMdjUwqjwbSimbVAojxTFluHvovM7qGZyDVKA3wNhs3vZsskHtaHwbngfdqyM6xoMSkSPwNVIBJ2Dvbem5N1wgChjL6YW4EdYr1FO1+o/vj1AtGYJ33Z+c9NvPAHB1LEEGdIuPCp0psGHL6qhOFt8wIFfcCmDh+AH43z+jY91VLKG+9iVJSOEDLJy6IJk4qVuNGcsxkY6ZrLbtxS7t91pidQy6pg+3oAH3Yg48BdSf702M75DG1U9/p/feA==
Received: from DM8PR08MB7368.namprd08.prod.outlook.com (2603:10b6:8:15::9) by DS0PR08MB8725.namprd08.prod.outlook.com (2603:10b6:8:159::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.38; Wed, 7 Feb 2024 16:10:41 +0000
Received: from DM8PR08MB7368.namprd08.prod.outlook.com ([fe80::86ab:cfa0:a24b:ef74]) by DM8PR08MB7368.namprd08.prod.outlook.com ([fe80::86ab:cfa0:a24b:ef74%4]) with mapi id 15.20.7249.035; Wed, 7 Feb 2024 16:10:40 +0000
From: "Philippe Bergeon (Nokia)" <philippe.bergeon@nokia.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: draft-ietf-rats-yang-tpm-charra tpm2_quote response and TPMS_QUOTE_INFO
Thread-Index: AdpZ3izPTbPAMtqmRPWMJ1bIOPAOJQ==
Date: Wed, 07 Feb 2024 16:10:40 +0000
Message-ID: <DM8PR08MB736837516659BDE9E7DDC0199E452@DM8PR08MB7368.namprd08.prod.outlook.com>
Accept-Language: en-CA, fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM8PR08MB7368:EE_|DS0PR08MB8725:EE_
x-ms-office365-filtering-correlation-id: 6f2c1094-1f1f-40ac-95ed-08dc27f75493
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7U5XbFq5Xw5l02Ei5hT0z/tiQ35A8uNvtHm3PY7XJz7Zq4UbZS+fY+dO2pVOc/fYuFvgiDyu+N9QNqMsPbwQh2n5pniCBS/HQDHSm5x5s2Qo7vJwceXFMNkux9fyf0BgfWeAkFLDcE7OvZVDWxVn0EOuUITLJXpXzO5crE4g5ljMx+3XL+VXGA4RkUwas4g3WZKGneebZ+siquzejWuHJ7o9KbHZVbv1EskqWiDQuYn9a6AW9F4zwKUMOBy9LxzImCi/kCRtBg5agMaN4FskyiidsZwSPwxIl5KwB+8ubUYUptU+OgFGreH2TulqEZ4RrzaNMWmrzLUNzoLHjdvmKE/va6nHtcqJjkhhAj4i7tB5k4HBkiWgTUyq29dyVgGE8qz10UqsMA385KXml3p2QXl6OKIAvQvBz9NLZdYfeMjOitswjFWfq8iLACvvxDqQBUCXqvTLppR1/IpM4cHcC8V1I8OIsTvMWOHEv3tN0otl/rbZdxEZmiCyRO+/1WxgP7o5l8E+aFg3jUridipDrpO3O1Dh/BM67i5rpqI9TJF/HwVHWCMty1AxURF5dK8UcpjpJIMYZlJO9M5IFSd9koWhK9SqeuXUWGcvbMtemDeQbX1wXRkFUO1YySg+f8LPOp6sS4BA2qf5UNq5V/PGyw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM8PR08MB7368.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(39860400002)(366004)(346002)(136003)(376002)(230922051799003)(1800799012)(64100799003)(451199024)(186009)(55016003)(2906002)(5660300002)(52536014)(41300700001)(83380400001)(26005)(38100700002)(122000001)(86362001)(6506007)(7696005)(33656002)(9686003)(316002)(9326002)(8676002)(8936002)(478600001)(66446008)(71200400001)(64756008)(66476007)(66556008)(66946007)(6916009)(76116006)(82960400001)(99936003)(166002)(38070700009)(15398625002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8t4DnZbN0sbi26wzBEHWdDdkY/K02/Ki1ibPvy0Fp9BMr3S9gPKMl4G79pzj9eEvEu1pqSQgqakiVkdgvmR0VPEv0E1xFg2MN4YpBgXWZFpT+8ypookVJlndCghMYo55BgQK4zJ0l/JT01vCOUJclJwX1GrYYgxAeRTmnpyYqKPLOc32qf9JubUukcvh4B/wz/Bi0xI+qV5/hqEPgi+jKZEbVpg5ahZQjcSA/a6IAqX7GTnEaYMKVIB8w4YfWnOnx3QkLFLa7pJ84HBrIgPnuYRF/8PSbOUXIM2AIlJWvDE3aFYi9uOk+7JHy4CKMw1dXRLm7jeQYAwNk+TbEcbBfmFltaAupr5mEBzFLuwWV3H8csteFeLQhFtlF8/2kLbv+0Q/PFgBtVlx5nswBYe1eBEjQer6zKOY1KKOfYxVlbiNOWZy79v14C30e0rSBIDf+1ozjcs241dIpNBoEkVC0mI5d9szSFBXzlAeIGIhLJtG5sDwu2g1aeXNi34LdQQQPs4DacgPb60R5XLQc+yxkDqWoBmf1YXBSkzq1TcX6bUJSfxpOXVh8VYHmvo5pbHEXDYDTz41yzqj75ap3mYw1YvVwuLPTBZMElw6guiUOGy956P8S8vpqSUazihNDkZvUQPO6G+cPgz/nbMTJS2Xck3Ysmde8oNJhSX+X7tz+k1mkFgOmfOsd6n3JtoI1a9txQBJIARUy3uktn5W/Sgx4xIXWoFi7zuaBxP4co815PS7hOyf/MYG9LCr/avR92sitngNSPGH6sYIPThhLAEjpEgReCZTFt1blGW/6zn6MTk0LMTUieeRanDVpqGL6pYTU3B4hKlm76sc6rhDL/5MBQQHB/Kxkz8assPWhlkMgW6/TpUhXJVYdiyO7hYv8B1pYhZfianpsUI0qDH1467T5EdN8F6MqhZJey6ieWbpBaRRmmAScoodISbChX8HKbY3RrShrTPPbjxv6qoG7x1TRIbSNoWIg62crzX/j0bVzFRjM20CZeARoBRdML7bN9N4CFa/71MlEBV93M9qsBTcWRu7NpnY6wTvIH03IGrHknBN8y8Q1r2CeejvixTX4zni8V57zH3n5NZeVloM3uOqmoi+Gei2/ZbJjcOw3Icsv03a06jploEz3Xq3eMhqmq2eJWz90HC6PPRBshbDqKeE93abH0D0cRWI1zV1uotSf+AbkBnka1Fmp24l90NmrTUapduVWDIyJBCXiG2LNYXFnzx1XGpjWes/I4IPZHzQ/XQ0zZLqBQtnldlrB+xybnkjgojmgj0HowhgDdQWNPZwu+krKLS6vpciRp6oA4vIJFrkKG8MgRo8ZqFi9rjdLrYDagG5nakU88164nqXWypLVsmaBLsB240G1orRl5OLTTsAjHTkzk/MHZ/EFnLBuQo/0HwUj6uznC33zqBix5028iz6r2KQ4WkFioKpBFrmeNK7mxnzbtYp1FHzgAvkSo6LrCXT5tqPehAQhB4pWXM1TdhgIL9CthyVLquE813c7BjCSWOOTuYzBGBbql5R3ltS9bN4rvQczScRWNarDdjZ0VdIVr+aCCES7LPK3O0rGbsDYQakAp4S4pY1V3dMlcKd
Content-Type: multipart/related; boundary="_006_DM8PR08MB736837516659BDE9E7DDC0199E452DM8PR08MB7368namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8PR08MB7368.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f2c1094-1f1f-40ac-95ed-08dc27f75493
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2024 16:10:40.8615 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KJBeZys0OiAvSQdvn/eF3OHdd1VmTu9iztRQhrNwKyHchy/eZuszeCLLVee35IylOpbfiztEFqBOALlzmpx86RcmAcsPY3tUxk8AyskPAiE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR08MB8725
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/25hOXIYNmUeXRIPdJknfM3kqmsk>
Subject: [Rats] draft-ietf-rats-yang-tpm-charra tpm2_quote response and TPMS_QUOTE_INFO
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 16:10:49 -0000

Hello,

Draft-ietf-rats-yang-tpm-charra-21 section 2.1.1.3.2 defines tpm20-attestation-response to include among other things a) TPMS_QUOTE_INFO and b) quote-signature.

However, the output of the tpm2_quote command is TPM2B_ATTEST + signature instead of TPMS_QUOTE_INFO + signature.

The output of the tpm2_quote command is described in Trusted Platform Module Library Part 3: Commands<https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_pub.pdf> section 18.4, with section 18.4.2 describing the request and response content for tpm2_quote with the response including:
- quoted TPM2B_ATTEST: the quoted information
- signature TPMT_SIGNATURE: the signature over quoted

[cid:image001.png@01DA599B.7F0CF710]

The details of TPM2B_ATTEST can be found in Trusted Platform Module Library Part 2: Structures<https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part2_Structures_pub.pdf>: TPM2B_ATTEST is a sized buffer that contains attestationData which is TPMS_ATTEST:
[cid:image002.png@01DA599B.7F0CF710]

TPMS_QUOTE_INFO is eventually contained within this data but it is not what is signed, see TPMS_ATTEST and TPMU_ATTEST.
[cid:image003.png@01DA599B.7F0CF710]
If you agree with this remark, it would be best to rename the leaf in tpm20-attestation-response Yang so it is not mislead for a different information, it could be called quote or quoted just like in the TCG specs for instance pointing back to the TCG specifications as to what information this actually is.

Thx
Philippe

v2.23.0 | Report a Bug | By Email