attest: Remove the EK field from AK struct (#341)

This commit is contained in:
zhsh 2023-06-30 00:53:53 +10:00 committed by GitHub
parent 60adf13bc0
commit 310e2caafe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 15 deletions

View File

@ -111,10 +111,6 @@ type ak interface {
// AK represents a key which can be used for attestation. // AK represents a key which can be used for attestation.
type AK struct { type AK struct {
ak ak ak ak
// The EK that will be used for attestation.
// If nil, an RSA EK with handle 0x81010001 will be used.
ek *EK
} }
// Close unloads the AK from the system. // Close unloads the AK from the system.
@ -136,7 +132,7 @@ func (k *AK) Marshal() ([]byte, error) {
// //
// This operation is synonymous with TPM2_ActivateCredential. // This operation is synonymous with TPM2_ActivateCredential.
func (k *AK) ActivateCredential(tpm *TPM, in EncryptedCredential) (secret []byte, err error) { func (k *AK) ActivateCredential(tpm *TPM, in EncryptedCredential) (secret []byte, err error) {
return k.ak.activateCredential(tpm.tpm, in, k.ek) return k.ak.activateCredential(tpm.tpm, in, nil)
} }
// ActivateCredential decrypts the secret using the key to prove that the AK // ActivateCredential decrypts the secret using the key to prove that the AK
@ -180,12 +176,9 @@ func (k *AK) Certify(tpm *TPM, handle interface{}) (*CertificationParameters, er
return k.ak.certify(tpm.tpm, handle) return k.ak.certify(tpm.tpm, handle)
} }
// AKConfig encapsulates parameters for minting keys. // AKConfig encapsulates parameters for minting keys. This type is defined
// now (despite being empty) for future interface compatibility.
type AKConfig struct { type AKConfig struct {
// The EK that will be used for attestation.
// If nil, an RSA EK with handle 0x81010001 will be used.
// If not nil, it must be one of EKs returned from TPM.EKs().
EK *EK
} }
// EncryptedCredential represents encrypted parameters which must be activated // EncryptedCredential represents encrypted parameters which must be activated

View File

@ -240,11 +240,7 @@ func (t *wrappedTPM20) newAK(opts *AKConfig) (*AK, error) {
if err != nil { if err != nil {
return nil, fmt.Errorf("CertifyCreation failed: %v", err) return nil, fmt.Errorf("CertifyCreation failed: %v", err)
} }
var ek *EK return &AK{ak: newWrappedAK20(keyHandle, blob, pub, creationData, attestation, sig)}, nil
if opts != nil {
ek = opts.EK
}
return &AK{ak: newWrappedAK20(keyHandle, blob, pub, creationData, attestation, sig), ek: ek}, nil
} }
func (t *wrappedTPM20) newKey(ak *AK, opts *KeyConfig) (*Key, error) { func (t *wrappedTPM20) newKey(ak *AK, opts *KeyConfig) (*Key, error) {