From a406c399ba81ed43d37ecf3b06ad64faeb206fbc Mon Sep 17 00:00:00 2001
From: Tom D <40675700+twitchy-jsonp@users.noreply.github.com>
Date: Wed, 18 Sep 2019 10:16:00 -0700
Subject: [PATCH] Add error for passing non-SHA1 algorithm to Quote() on
 TPM1.2, compute the go-tpm/tpm2 alg in more standard way (#100)

---
 attest/key_linux.go   | 4 ++++
 attest/key_windows.go | 7 +++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/attest/key_linux.go b/attest/key_linux.go
index ded9deb..14bfbf6 100644
--- a/attest/key_linux.go
+++ b/attest/key_linux.go
@@ -65,6 +65,10 @@ func (k *key12) ActivateCredential(t *TPM, in EncryptedCredential) ([]byte, erro
 
 // Quote returns a quote over the platform state, signed by the key.
 func (k *key12) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) {
+	if alg != HashSHA1 {
+		return nil, fmt.Errorf("only SHA1 algorithms supported on TPM 1.2, not HashAlg(%v)", alg)
+	}
+
 	quote, rawSig, err := attestation.GetQuote(t.ctx, k.blob, nonce)
 	if err != nil {
 		return nil, fmt.Errorf("Quote() failed: %v", err)
diff --git a/attest/key_windows.go b/attest/key_windows.go
index 9954ba1..1cf5c3b 100644
--- a/attest/key_windows.go
+++ b/attest/key_windows.go
@@ -20,7 +20,6 @@ import (
 	"fmt"
 
 	tpm1 "github.com/google/go-tpm/tpm"
-	"github.com/google/go-tpm/tpm2"
 )
 
 // key12 represents a Windows-managed key on a TPM1.2 TPM.
@@ -62,6 +61,10 @@ func (k *key12) ActivateCredential(tpm *TPM, in EncryptedCredential) ([]byte, er
 
 // Quote returns a quote over the platform state, signed by the key.
 func (k *key12) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) {
+	if alg != HashSHA1 {
+		return nil, fmt.Errorf("only SHA1 algorithms supported on TPM 1.2, not HashAlg(%v)", alg)
+	}
+
 	tpmKeyHnd, err := t.pcp.TPMKeyHandle(k.hnd)
 	if err != nil {
 		return nil, fmt.Errorf("TPMKeyHandle() failed: %v", err)
@@ -162,7 +165,7 @@ func (k *key20) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) {
 	if err != nil {
 		return nil, fmt.Errorf("TPMCommandInterface() failed: %v", err)
 	}
-	return quote20(tpm, tpmKeyHnd, tpm2.Algorithm(alg), nonce)
+	return quote20(tpm, tpmKeyHnd, alg.goTPMAlg(), nonce)
 }
 
 // Close frees any resources associated with the key.