From 0dc056af7d9946a757021e964ce3ecffb73890b8 Mon Sep 17 00:00:00 2001 From: Brandon Weeks Date: Tue, 1 Nov 2022 12:57:06 -0700 Subject: [PATCH] Fix golangci-lint findings --- README.md | 4 ++-- attest/application_key_test.go | 12 +++++------- attest/attest-tool/attest-tool.go | 5 ++--- .../internal/eventlog/secureboot_test.go | 4 ++-- attest/eventlog.go | 8 -------- attest/eventlog_test.go | 14 +++++++------- attest/internal/events.go | 2 +- attest/secureboot_test.go | 12 ++++++------ attest/tpm12_linux.go | 4 ++-- attest/tpm_linux.go | 7 +++---- attest/win_events.go | 2 +- attest/win_events_test.go | 4 ++-- attest/wrapped_tpm20.go | 4 +--- attributecert/attributecert_test.go | 12 ++++++------ ci/gen_ekcert.go | 2 -- 15 files changed, 40 insertions(+), 56 deletions(-) diff --git a/README.md b/README.md index ce4675f..d5e3bc9 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ if err != nil { // handle error } -if err := ioutil.WriteFile("encrypted_aik.json", akBytes, 0600); err != nil { +if err := os.WriteFile("encrypted_aik.json", akBytes, 0600); err != nil { // handle error } @@ -115,7 +115,7 @@ returning the same secret to the server. ```go // Client decrypts the credential -akBytes, err := ioutil.ReadFile("encrypted_aik.json") +akBytes, err := os.ReadFile("encrypted_aik.json") if err != nil { // handle error } diff --git a/attest/application_key_test.go b/attest/application_key_test.go index 775223a..466bd3a 100644 --- a/attest/application_key_test.go +++ b/attest/application_key_test.go @@ -496,8 +496,7 @@ func testKeyOpts(t *testing.T, tpm *TPM) { expected = defaultConfig } - pub := sk.Public() - switch pub.(type) { + switch pub := sk.Public().(type) { case *ecdsa.PublicKey: if expected.Algorithm != ECDSA { t.Errorf("incorrect key type generated, expected %q, got EC", expected.Algorithm) @@ -511,16 +510,15 @@ func testKeyOpts(t *testing.T, tpm *TPM) { if !ok { t.Fatalf("cannot match curve to key size %d", expected.Size) } - curve := pub.(*ecdsa.PublicKey).Curve - if expectedCurve != curve { - t.Errorf("incorrect curve, expected %v, got %v", expectedCurve, curve) + if expectedCurve != pub.Curve { + t.Errorf("incorrect curve, expected %v, got %v", expectedCurve, pub.Curve) } case *rsa.PublicKey: if expected.Algorithm != RSA { t.Errorf("incorrect key type, expected %q, got RSA", expected.Algorithm) } - if pub.(*rsa.PublicKey).Size()*8 != expected.Size { - t.Errorf("incorrect key size, expected %d, got %d", expected.Size, pub.(*rsa.PublicKey).Size()*8) + if pub.Size()*8 != expected.Size { + t.Errorf("incorrect key size, expected %d, got %d", expected.Size, pub.Size()*8) } default: t.Errorf("unsupported key type: %T", pub) diff --git a/attest/attest-tool/attest-tool.go b/attest/attest-tool/attest-tool.go index b40d70a..fa00e88 100644 --- a/attest/attest-tool/attest-tool.go +++ b/attest/attest-tool/attest-tool.go @@ -13,7 +13,6 @@ import ( "errors" "flag" "fmt" - "io/ioutil" "os" "github.com/google/go-attestation/attest" @@ -153,10 +152,10 @@ func runCommand(tpm *attest.TPM) error { if err != nil { return err } - return ioutil.WriteFile(*keyPath, b, 0644) + return os.WriteFile(*keyPath, b, 0644) case "quote": - b, err := ioutil.ReadFile(*keyPath) + b, err := os.ReadFile(*keyPath) if err != nil { return err } diff --git a/attest/attest-tool/internal/eventlog/secureboot_test.go b/attest/attest-tool/internal/eventlog/secureboot_test.go index 258acb3..5180479 100644 --- a/attest/attest-tool/internal/eventlog/secureboot_test.go +++ b/attest/attest-tool/internal/eventlog/secureboot_test.go @@ -16,7 +16,7 @@ package eventlog import ( "encoding/json" - "io/ioutil" + "os" "testing" "github.com/google/go-attestation/attest" @@ -24,7 +24,7 @@ import ( ) func parseEvents(t *testing.T, testdata string) []attest.Event { - data, err := ioutil.ReadFile(testdata) + data, err := os.ReadFile(testdata) if err != nil { t.Fatalf("reading test data: %v", err) } diff --git a/attest/eventlog.go b/attest/eventlog.go index 4629c1f..bb267b3 100644 --- a/attest/eventlog.go +++ b/attest/eventlog.go @@ -56,14 +56,6 @@ func (e ReplayError) Error() string { return fmt.Sprintf("event log failed to verify: the following registers failed to replay: %v", e.InvalidPCRs) } -// TPM algorithms. See the TPM 2.0 specification section 6.3. -// -// https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf#page=42 -const ( - algSHA1 uint16 = 0x0004 - algSHA256 uint16 = 0x000B -) - // EventType indicates what kind of data an event is reporting. // // https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf#page=103 diff --git a/attest/eventlog_test.go b/attest/eventlog_test.go index 6766b93..c6a04ac 100644 --- a/attest/eventlog_test.go +++ b/attest/eventlog_test.go @@ -18,7 +18,7 @@ import ( "bytes" "encoding/base64" "encoding/json" - "io/ioutil" + "os" "testing" "github.com/google/go-tpm/tpm2" @@ -56,7 +56,7 @@ func TestParseEventLogLinux(t *testing.T) { } func testParseEventLog(t *testing.T, testdata string) { - data, err := ioutil.ReadFile(testdata) + data, err := os.ReadFile(testdata) if err != nil { t.Fatalf("reading test data: %v", err) } @@ -70,7 +70,7 @@ func testParseEventLog(t *testing.T, testdata string) { } func TestParseCryptoAgileEventLog(t *testing.T) { - data, err := ioutil.ReadFile("testdata/crypto_agile_eventlog") + data, err := os.ReadFile("testdata/crypto_agile_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } @@ -88,7 +88,7 @@ func TestEventLog(t *testing.T) { } func testEventLog(t *testing.T, testdata string) { - data, err := ioutil.ReadFile(testdata) + data, err := os.ReadFile(testdata) if err != nil { t.Fatalf("reading test data: %v", err) } @@ -183,7 +183,7 @@ func TestParseShortNoAction(t *testing.T) { // Currently we just assume that such events will have Data shorter than // "EFI Specification ID" field. - data, err := ioutil.ReadFile("testdata/short_no_action_eventlog") + data, err := os.ReadFile("testdata/short_no_action_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } @@ -326,7 +326,7 @@ func TestEBSVerifyWorkaround(t *testing.T) { }, } - elr, err := ioutil.ReadFile("testdata/ebs_event_missing_eventlog") + elr, err := os.ReadFile("testdata/ebs_event_missing_eventlog") if err != nil { t.Fatal(err) } @@ -340,7 +340,7 @@ func TestEBSVerifyWorkaround(t *testing.T) { } func TestAppendEvents(t *testing.T) { - base, err := ioutil.ReadFile("testdata/ubuntu_2104_shielded_vm_no_secure_boot_eventlog") + base, err := os.ReadFile("testdata/ubuntu_2104_shielded_vm_no_secure_boot_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } diff --git a/attest/internal/events.go b/attest/internal/events.go index cf3564f..3090eec 100644 --- a/attest/internal/events.go +++ b/attest/internal/events.go @@ -188,7 +188,7 @@ func (e EventType) String() string { func UntrustedParseEventType(et uint32) (EventType, error) { // "The value associated with a UEFI specific platform event type MUST be in // the range between 0x80000000 and 0x800000FF, inclusive." - if (et < 0x80000000 && et > 0x800000FF) || (et < 0x0 && et > 0x12) { + if (et < 0x80000000 && et > 0x800000FF) || (et <= 0x0 && et > 0x12) { return EventType(0), fmt.Errorf("event type not between [0x0, 0x12] or [0x80000000, 0x800000FF]: got %#x", et) } if _, ok := eventTypeNames[EventType(et)]; !ok { diff --git a/attest/secureboot_test.go b/attest/secureboot_test.go index b757caf..7c6f2cc 100644 --- a/attest/secureboot_test.go +++ b/attest/secureboot_test.go @@ -17,12 +17,12 @@ package attest import ( "encoding/base64" "encoding/json" - "io/ioutil" + "os" "testing" ) func TestSecureBoot(t *testing.T) { - data, err := ioutil.ReadFile("testdata/windows_gcp_shielded_vm.json") + data, err := os.ReadFile("testdata/windows_gcp_shielded_vm.json") if err != nil { t.Fatalf("reading test data: %v", err) } @@ -52,7 +52,7 @@ func TestSecureBoot(t *testing.T) { // See: https://github.com/google/go-attestation/issues/157 func TestSecureBootBug157(t *testing.T) { - raw, err := ioutil.ReadFile("testdata/sb_cert_eventlog") + raw, err := os.ReadFile("testdata/sb_cert_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } @@ -135,7 +135,7 @@ func b64MustDecode(input string) []byte { } func TestSecureBootOptionRom(t *testing.T) { - raw, err := ioutil.ReadFile("testdata/option_rom_eventlog") + raw, err := os.ReadFile("testdata/option_rom_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } @@ -177,7 +177,7 @@ func TestSecureBootOptionRom(t *testing.T) { } func TestSecureBootEventLogUbuntu(t *testing.T) { - data, err := ioutil.ReadFile("testdata/ubuntu_2104_shielded_vm_no_secure_boot_eventlog") + data, err := os.ReadFile("testdata/ubuntu_2104_shielded_vm_no_secure_boot_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } @@ -196,7 +196,7 @@ func TestSecureBootEventLogUbuntu(t *testing.T) { } func TestSecureBootEventLogFedora36(t *testing.T) { - data, err := ioutil.ReadFile("testdata/coreos_36_shielded_vm_no_secure_boot_eventlog") + data, err := os.ReadFile("testdata/coreos_36_shielded_vm_no_secure_boot_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } diff --git a/attest/tpm12_linux.go b/attest/tpm12_linux.go index e929bd4..a2eba7d 100644 --- a/attest/tpm12_linux.go +++ b/attest/tpm12_linux.go @@ -22,7 +22,7 @@ import ( "crypto/x509" "encoding/binary" "fmt" - "io/ioutil" + "os" "github.com/google/go-tspi/attestation" "github.com/google/go-tspi/tspi" @@ -169,5 +169,5 @@ func (t *trousersTPM) pcrs(alg HashAlg) ([]PCR, error) { } func (t *trousersTPM) measurementLog() ([]byte, error) { - return ioutil.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements") + return os.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements") } diff --git a/attest/tpm_linux.go b/attest/tpm_linux.go index 6d89a30..00915b3 100644 --- a/attest/tpm_linux.go +++ b/attest/tpm_linux.go @@ -21,7 +21,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "os" "path" "strings" @@ -49,7 +48,7 @@ func InjectSimulatedTPMForTest(rwc io.ReadWriteCloser) *TPM { func probeSystemTPMs() ([]probedTPM, error) { var tpms []probedTPM - tpmDevs, err := ioutil.ReadDir(tpmRoot) + tpmDevs, err := os.ReadDir(tpmRoot) if err != nil && !os.IsNotExist(err) { return nil, err } @@ -82,7 +81,7 @@ type linuxCmdChannel struct { // MeasurementLog implements CommandChannelTPM20. func (cc *linuxCmdChannel) MeasurementLog() ([]byte, error) { - return ioutil.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements") + return os.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements") } func openTPM(tpm probedTPM) (*TPM, error) { @@ -98,7 +97,7 @@ func openTPM(tpm probedTPM) (*TPM, error) { // If the TPM has a kernel-provided resource manager, we should // use that instead of communicating directly. devPath := path.Join("/dev", path.Base(tpm.Path)) - f, err := ioutil.ReadDir(path.Join(tpm.Path, "device", "tpmrm")) + f, err := os.ReadDir(path.Join(tpm.Path, "device", "tpmrm")) if err != nil { if !os.IsNotExist(err) { return nil, err diff --git a/attest/win_events.go b/attest/win_events.go index ceb1915..5e56315 100644 --- a/attest/win_events.go +++ b/attest/win_events.go @@ -600,7 +600,7 @@ func (w *WinEvents) readLoadedModuleAggregation(rdr *bytes.Reader, header micros return err } case imageValidated: - if imgValidated == true { + if imgValidated { return errors.New("duplicate image validated field in LMA event") } if imgValidated, err = w.parseImageValidated(h, r); err != nil { diff --git a/attest/win_events_test.go b/attest/win_events_test.go index 1522f0f..3fe33a4 100644 --- a/attest/win_events_test.go +++ b/attest/win_events_test.go @@ -16,7 +16,7 @@ package attest import ( "encoding/json" - "io/ioutil" + "os" "testing" "github.com/google/go-cmp/cmp" @@ -91,7 +91,7 @@ func TestParseWinEvents(t *testing.T) { }, } - data, err := ioutil.ReadFile("testdata/windows_gcp_shielded_vm.json") + data, err := os.ReadFile("testdata/windows_gcp_shielded_vm.json") if err != nil { t.Fatalf("reading test data: %v", err) } diff --git a/attest/wrapped_tpm20.go b/attest/wrapped_tpm20.go index 02db687..5010f2f 100644 --- a/attest/wrapped_tpm20.go +++ b/attest/wrapped_tpm20.go @@ -53,8 +53,6 @@ func (t *wrappedTPM20) ekTemplate() (tpm2.Public, error) { return *t.tpmEkTemplate, nil } -func (*wrappedTPM20) isTPMBase() {} - func (t *wrappedTPM20) tpmVersion() TPMVersion { return TPMVersion20 } @@ -175,7 +173,7 @@ func (t *wrappedTPM20) newAK(opts *AKConfig) (*AK, error) { }() // We can only certify the creation immediately afterwards, so we cache the result. - attestation, sig, err := tpm2.CertifyCreation(t.rwc, "", keyHandle, keyHandle, nil, creationHash, tpm2.SigScheme{tpm2.AlgRSASSA, tpm2.AlgSHA256, 0}, tix) + attestation, sig, err := tpm2.CertifyCreation(t.rwc, "", keyHandle, keyHandle, nil, creationHash, tpm2.SigScheme{Alg: tpm2.AlgRSASSA, Hash: tpm2.AlgSHA256, Count: 0}, tix) if err != nil { return nil, fmt.Errorf("CertifyCreation failed: %v", err) } diff --git a/attributecert/attributecert_test.go b/attributecert/attributecert_test.go index 02dbc58..c38ad1c 100644 --- a/attributecert/attributecert_test.go +++ b/attributecert/attributecert_test.go @@ -17,7 +17,7 @@ package attributecert import ( "crypto/x509" "encoding/json" - "io/ioutil" + "os" "reflect" "strings" "testing" @@ -29,7 +29,7 @@ func TestVerifyAttributeCert(t *testing.T) { "testdata/Intel_pc2.cer", "testdata/Intel_pc3.cer", } - data, err := ioutil.ReadFile("testdata/IntelSigningKey_20April2017.cer") + data, err := os.ReadFile("testdata/IntelSigningKey_20April2017.cer") if err != nil { t.Fatalf("failed to read Intel intermediate certificate: %v", err) } @@ -39,7 +39,7 @@ func TestVerifyAttributeCert(t *testing.T) { } for _, filename := range testfiles { - data, err = ioutil.ReadFile(filename) + data, err = os.ReadFile(filename) if err != nil { t.Fatalf("failed to read %s: %v", filename, err) } @@ -57,7 +57,7 @@ func TestVerifyAttributeCert(t *testing.T) { } func TestParseAttributeCerts(t *testing.T) { - files, err := ioutil.ReadDir("testdata") + files, err := os.ReadDir("testdata") if err != nil { t.Fatalf("failed to read test dir: %v", err) } @@ -70,7 +70,7 @@ func TestParseAttributeCerts(t *testing.T) { } filename := "testdata/" + file.Name() jsonfile := filename + ".json" - data, err := ioutil.ReadFile(filename) + data, err := os.ReadFile(filename) if err != nil { t.Fatalf("failed to read test data %s: %v", filename, err) } @@ -78,7 +78,7 @@ func TestParseAttributeCerts(t *testing.T) { if err != nil { t.Fatalf("failed to parse test data %s: %v", filename, err) } - jsondata, err := ioutil.ReadFile(jsonfile) + jsondata, err := os.ReadFile(jsonfile) if err != nil { t.Fatalf("failed to read json test data %s: %v", jsonfile, err) } diff --git a/ci/gen_ekcert.go b/ci/gen_ekcert.go index 0676a0f..280917c 100644 --- a/ci/gen_ekcert.go +++ b/ci/gen_ekcert.go @@ -16,8 +16,6 @@ import ( "time" ) -var simulatorStatePath = flag.String("state_path", "/tmp/sim/NVRAM/00.permall", "Path to ibmswtpm state file") - func ekPub() *rsa.PublicKey { out, err := exec.Command("tpm_getpubek", "-z").Output() if err != nil {