cc-trusted-api icon indicating copy to clipboard operation
cc-trusted-api copied to clipboard
verified publisher icon cc-api

Potential enhancement on TPM get_cc_report

Open Ruoyu-y opened this issue 1 year ago • 0 comments

What would you like to be added?

More algorithm support for hashing the user defined 'nonce' and 'userData' into qualifying data.

Why is this needed?

In TPM, one uses qualifying data to add user information into quote or to qualify the quote. To merge the two params 'userData' and 'nonce' in our get_cc_report() API into one value to fit into qualifying data, we need some hash algorithm to help. In TPM case, the length of qualifying data is closely related to the hash algorithm it supports. So for different TPMs, the supported length of qualifying data differs. In our current implementation, we will choose the hash algorithm from user input (pcr_selection). And the current hash algorithm supported only covers SHA1, SHA256, SHA384 and SHA512. More algorithm maybe needed in different circumstances.

Ruoyu-y avatar Jun 25 '24 03:06 Ruoyu-y