Implement Windows TPM support for Device Trust

go.mod

@@ -62,8 +62,9 @@ require (
 	github.com/gogo/protobuf v1.3.2 // replaced
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/btree v1.1.2
-	github.com/google/go-attestation v0.4.3
+	github.com/google/go-attestation v0.4.4-0.20220404204839-8820d49b18d9
 	github.com/google/go-cmp v0.5.9
+	github.com/google/go-tpm v0.3.3
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/google/uuid v1.3.0
 	github.com/googleapis/gax-go/v2 v2.7.0
@@ -243,10 +244,9 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/golang/snappy v0.0.3 // indirect
-	github.com/google/certificate-transparency-go v1.1.1 // indirect
+	github.com/google/certificate-transparency-go v1.1.2 // indirect
 	github.com/google/flatbuffers v22.11.23+incompatible // indirect
 	github.com/google/gnostic v0.6.9 // indirect
-	github.com/google/go-tpm v0.3.3 // indirect
 	github.com/google/go-tspi v0.2.1-0.20190423175329-115dea689aad // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/renameio/v2 v2.0.0 // indirect

lib/devicetrust/enroll/enroll.go

@@ -27,9 +27,10 @@ import (
 
 // vars below are used to fake OSes and switch implementations for tests.
 var (
-	getOSType     = getDeviceOSType
-	enrollInit    = native.EnrollDeviceInit
-	signChallenge = native.SignChallenge
+	getOSType          = getDeviceOSType
+	enrollInit         = native.EnrollDeviceInit
+	signChallenge      = native.SignChallenge
+	tpmEnrollChallenge = native.TPMEnrollChallenge
 )
 
 // RunCeremony performs the client-side device enrollment ceremony.
@@ -44,7 +45,8 @@ func RunCeremony(ctx context.Context, devicesClient devicepb.DeviceTrustServiceC
 func runCeremony(ctx context.Context, devicesClient devicepb.DeviceTrustServiceClient, enrollToken string) (*devicepb.Device, error) {
 	// Start by checking the OSType, this lets us exit early with a nicer message
 	// for non-supported OSes.
-	if getOSType() != devicepb.OSType_OS_TYPE_MACOS {
+	osType := getOSType()
+	if osType != devicepb.OSType_OS_TYPE_MACOS && osType != devicepb.OSType_OS_TYPE_WINDOWS {
 		return nil, trace.BadParameter("device enrollment not supported for current OS (%v)", runtime.GOOS)
 	}
 
@@ -72,8 +74,14 @@ func runCeremony(ctx context.Context, devicesClient devicepb.DeviceTrustServiceC
 	}
 
 	// 2. Challenge.
-	// Only macOS is supported, see the guard at the beginning of the method.
-	if err := enrollDeviceMacOS(stream, resp); err != nil {
+	// No default case is provided here; see the guard at the beginning of this function.
+	switch osType {
+	case devicepb.OSType_OS_TYPE_MACOS:
+		err = enrollDeviceMacOS(stream, resp)
+	case devicepb.OSType_OS_TYPE_WINDOWS:
+		err = enrollDeviceWindows(stream, resp)
+	}
+	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 	resp, err = stream.Recv()
@@ -89,6 +97,22 @@ func runCeremony(ctx context.Context, devicesClient devicepb.DeviceTrustServiceC
 	return successResp.Device, nil
 }
 
+func enrollDeviceWindows(stream devicepb.DeviceTrustService_EnrollDeviceClient, resp *devicepb.EnrollDeviceResponse) error {
+	chalResp := resp.GetTpmChallenge()
+	sig, err := tpmEnrollChallenge(chalResp.Secret, chalResp.Credential)
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	err = stream.Send(&devicepb.EnrollDeviceRequest{
+		Payload: &devicepb.EnrollDeviceRequest_TpmChallengeResponse{
+			TpmChallengeResponse: &devicepb.TPMEnrollChallengeResponse{
+				Secret: sig,
+			},
+		},
+	})
+	return trace.Wrap(err)
+}
+
 func enrollDeviceMacOS(stream devicepb.DeviceTrustService_EnrollDeviceClient, resp *devicepb.EnrollDeviceResponse) error {
 	chalResp := resp.GetMacosChallenge()
 	if chalResp == nil {

lib/devicetrust/native/api.go

@@ -14,7 +14,15 @@
 
 package native
 
-import devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1"
+import (
+	"errors"
+
+	devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1"
+)
+
+// trace.NotImplemented avoided on purpose: we use NotImplemented errors to
+// detect the lack of a server-side Device Trust implementation.
+var errPlatformNotSupported = errors.New("platform not supported")
 
 // EnrollDeviceInit creates the initial enrollment data for the device.
 // This includes fetching or creating a device credential, collecting device
@@ -35,6 +43,11 @@ func SignChallenge(chal []byte) (sig []byte, err error) {
 	return signChallenge(chal)
 }
 
+// TPMEnrollChallenge completes a TPM enrollment challenge.
+func TPMEnrollChallenge(encrypted []byte, credential []byte) ([]byte, error) {
+	return tpmEnrollChallenge(encrypted, credential)
+}
+
 // GetDeviceCredential returns the current device credential, if it exists.
 func GetDeviceCredential() (*devicepb.DeviceCredential, error) {
 	return getDeviceCredential()

lib/devicetrust/native/device_darwin.go

@@ -123,6 +123,10 @@ func signChallenge(chal []byte) (sig []byte, err error) {
 	return sig, err
 }
 
+func tpmEnrollChallenge(encrypted []byte, credential []byte) ([]byte, error) {
+	return nil, errPlatformNotSupported
+}
+
 func getDeviceCredential() (*devicepb.DeviceCredential, error) {
 	var pubKeyC C.PublicKey
 	defer func() {