attest: use provided randomness source when generating challenges (#80)

Currently the activation challenge lets a caller supply a source of randomness other than crypto/rand, but it's not used in some places. Plumb the source through the call chain.
2025-04-12 13:47:50 +00:00 · 2019-08-21 10:28:19 -07:00 · 2019-08-21 10:28:19 -07:00 · 9b6caf1273
commit 9b6caf1273
parent bfcbe8f1e2
3 changed files with 10 additions and 9 deletions
--- a/attest/activation.go
+++ b/attest/activation.go
@ -225,7 +225,7 @@ func (p *ActivationParameters) Generate() (secret []byte, ec *EncryptedCredentia

 	switch p.TPMVersion {
 	case TPMVersion12:
-		ec, err = p.generateChallengeTPM12(secret)
+		ec, err = p.generateChallengeTPM12(rnd, secret)
 	case TPMVersion20:
 		ec, err = p.generateChallengeTPM20(secret)
 	default:
@ -254,7 +254,7 @@ func (p *ActivationParameters) generateChallengeTPM20(secret []byte) (*Encrypted
 	}, nil
 }

-func (p *ActivationParameters) generateChallengeTPM12(secret []byte) (*EncryptedCredential, error) {
+func (p *ActivationParameters) generateChallengeTPM12(rand io.Reader, secret []byte) (*EncryptedCredential, error) {
 	pk, ok := p.EK.(*rsa.PublicKey)
 	if !ok {
 		return nil, fmt.Errorf("got EK of type %T, want an RSA key", p.EK)
@ -267,7 +267,7 @@ func (p *ActivationParameters) generateChallengeTPM12(secret []byte) (*Encrypted
 	if p.AIK.UseTCSDActivationFormat {
 		cred, encSecret, err = verification.GenerateChallengeEx(pk, p.AIK.Public, secret)
 	} else {
-		cred, encSecret, err = generateChallenge12(pk, p.AIK.Public, secret)
+		cred, encSecret, err = generateChallenge12(rand, pk, p.AIK.Public, secret)
 	}

 	if err != nil {
--- a/attest/challenge.go
+++ b/attest/challenge.go
@ -4,11 +4,11 @@ import (
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
-	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
 	"encoding/binary"
 	"fmt"
+	"io"
 )

 const (
@ -102,13 +102,13 @@ func pad(plaintext []byte, bsize int) []byte {
 // the secret encrypted with the session key credential contained in asymenc.
 // To use this, pass asymenc as the input to the TPM_ActivateIdentity command.
 // Use the returned credential as the aes key to decode the secret in symenc.
-func generateChallenge12(pubkey *rsa.PublicKey, aikpub, secret []byte) (asymenc []byte, symenc []byte, err error) {
+func generateChallenge12(rand io.Reader, pubkey *rsa.PublicKey, aikpub, secret []byte) (asymenc []byte, symenc []byte, err error) {
 	aeskey := make([]byte, 16)
 	iv := make([]byte, 16)
-	if _, err = rand.Read(aeskey); err != nil {
+	if _, err = io.ReadFull(rand, aeskey); err != nil {
 		return nil, nil, err
 	}
-	if _, err = rand.Read(iv); err != nil {
+	if _, err = io.ReadFull(rand, iv); err != nil {
 		return nil, nil, err
 	}

@ -117,7 +117,7 @@ func generateChallenge12(pubkey *rsa.PublicKey, aikpub, secret []byte) (asymenc
 		return nil, nil, err
 	}
 	label := []byte{'T', 'C', 'P', 'A'}
-	asymenc, err = rsa.EncryptOAEP(sha1.New(), rand.Reader, pubkey, makeEkBlob(activationBlob), label)
+	asymenc, err = rsa.EncryptOAEP(sha1.New(), rand, pubkey, makeEkBlob(activationBlob), label)
 	if err != nil {
 		return nil, nil, fmt.Errorf("EncryptOAEP() failed: %v", err)
 	}
--- a/attest/challenge_test.go
+++ b/attest/challenge_test.go
@ -2,6 +2,7 @@ package attest

 import (
 	"bytes"
+	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
 	"testing"
@ -51,7 +52,7 @@ func TestGenerateChallengeSymHeader(t *testing.T) {
 		t.Fatal(err)
 	}

-	_, sym, err := generateChallenge12(cert.PublicKey.(*rsa.PublicKey), []byte("pubkey yo"), []byte("secretz"))
+	_, sym, err := generateChallenge12(rand.Reader, cert.PublicKey.(*rsa.PublicKey), []byte("pubkey yo"), []byte("secretz"))
 	if err != nil {
 		t.Fatal(err)
 	}