mirror of
https://github.com/google/go-attestation.git
synced 2024-12-24 07:06:45 +00:00
attest: Remove the EK field from AK struct (#341)
This commit is contained in:
parent
60adf13bc0
commit
310e2caafe
@ -111,10 +111,6 @@ type ak interface {
|
|||||||
// AK represents a key which can be used for attestation.
|
// AK represents a key which can be used for attestation.
|
||||||
type AK struct {
|
type AK struct {
|
||||||
ak ak
|
ak ak
|
||||||
|
|
||||||
// The EK that will be used for attestation.
|
|
||||||
// If nil, an RSA EK with handle 0x81010001 will be used.
|
|
||||||
ek *EK
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Close unloads the AK from the system.
|
// Close unloads the AK from the system.
|
||||||
@ -136,7 +132,7 @@ func (k *AK) Marshal() ([]byte, error) {
|
|||||||
//
|
//
|
||||||
// This operation is synonymous with TPM2_ActivateCredential.
|
// This operation is synonymous with TPM2_ActivateCredential.
|
||||||
func (k *AK) ActivateCredential(tpm *TPM, in EncryptedCredential) (secret []byte, err error) {
|
func (k *AK) ActivateCredential(tpm *TPM, in EncryptedCredential) (secret []byte, err error) {
|
||||||
return k.ak.activateCredential(tpm.tpm, in, k.ek)
|
return k.ak.activateCredential(tpm.tpm, in, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ActivateCredential decrypts the secret using the key to prove that the AK
|
// ActivateCredential decrypts the secret using the key to prove that the AK
|
||||||
@ -180,12 +176,9 @@ func (k *AK) Certify(tpm *TPM, handle interface{}) (*CertificationParameters, er
|
|||||||
return k.ak.certify(tpm.tpm, handle)
|
return k.ak.certify(tpm.tpm, handle)
|
||||||
}
|
}
|
||||||
|
|
||||||
// AKConfig encapsulates parameters for minting keys.
|
// AKConfig encapsulates parameters for minting keys. This type is defined
|
||||||
|
// now (despite being empty) for future interface compatibility.
|
||||||
type AKConfig struct {
|
type AKConfig struct {
|
||||||
// The EK that will be used for attestation.
|
|
||||||
// If nil, an RSA EK with handle 0x81010001 will be used.
|
|
||||||
// If not nil, it must be one of EKs returned from TPM.EKs().
|
|
||||||
EK *EK
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncryptedCredential represents encrypted parameters which must be activated
|
// EncryptedCredential represents encrypted parameters which must be activated
|
||||||
|
@ -240,11 +240,7 @@ func (t *wrappedTPM20) newAK(opts *AKConfig) (*AK, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("CertifyCreation failed: %v", err)
|
return nil, fmt.Errorf("CertifyCreation failed: %v", err)
|
||||||
}
|
}
|
||||||
var ek *EK
|
return &AK{ak: newWrappedAK20(keyHandle, blob, pub, creationData, attestation, sig)}, nil
|
||||||
if opts != nil {
|
|
||||||
ek = opts.EK
|
|
||||||
}
|
|
||||||
return &AK{ak: newWrappedAK20(keyHandle, blob, pub, creationData, attestation, sig), ek: ek}, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *wrappedTPM20) newKey(ak *AK, opts *KeyConfig) (*Key, error) {
|
func (t *wrappedTPM20) newKey(ak *AK, opts *KeyConfig) (*Key, error) {
|
||||||
|
Loading…
Reference in New Issue
Block a user