Add error for passing non-SHA1 algorithm to Quote() on TPM1.2, compute the go-tpm/tpm2 alg in more standard way (#100)

This commit is contained in:
Tom D 2019-09-18 10:16:00 -07:00 committed by GitHub
parent e7e8befcc7
commit a406c399ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 2 deletions

View File

@ -65,6 +65,10 @@ func (k *key12) ActivateCredential(t *TPM, in EncryptedCredential) ([]byte, erro
// Quote returns a quote over the platform state, signed by the key. // Quote returns a quote over the platform state, signed by the key.
func (k *key12) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) { func (k *key12) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) {
if alg != HashSHA1 {
return nil, fmt.Errorf("only SHA1 algorithms supported on TPM 1.2, not HashAlg(%v)", alg)
}
quote, rawSig, err := attestation.GetQuote(t.ctx, k.blob, nonce) quote, rawSig, err := attestation.GetQuote(t.ctx, k.blob, nonce)
if err != nil { if err != nil {
return nil, fmt.Errorf("Quote() failed: %v", err) return nil, fmt.Errorf("Quote() failed: %v", err)

View File

@ -20,7 +20,6 @@ import (
"fmt" "fmt"
tpm1 "github.com/google/go-tpm/tpm" tpm1 "github.com/google/go-tpm/tpm"
"github.com/google/go-tpm/tpm2"
) )
// key12 represents a Windows-managed key on a TPM1.2 TPM. // key12 represents a Windows-managed key on a TPM1.2 TPM.
@ -62,6 +61,10 @@ func (k *key12) ActivateCredential(tpm *TPM, in EncryptedCredential) ([]byte, er
// Quote returns a quote over the platform state, signed by the key. // Quote returns a quote over the platform state, signed by the key.
func (k *key12) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) { func (k *key12) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) {
if alg != HashSHA1 {
return nil, fmt.Errorf("only SHA1 algorithms supported on TPM 1.2, not HashAlg(%v)", alg)
}
tpmKeyHnd, err := t.pcp.TPMKeyHandle(k.hnd) tpmKeyHnd, err := t.pcp.TPMKeyHandle(k.hnd)
if err != nil { if err != nil {
return nil, fmt.Errorf("TPMKeyHandle() failed: %v", err) return nil, fmt.Errorf("TPMKeyHandle() failed: %v", err)
@ -162,7 +165,7 @@ func (k *key20) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) {
if err != nil { if err != nil {
return nil, fmt.Errorf("TPMCommandInterface() failed: %v", err) return nil, fmt.Errorf("TPMCommandInterface() failed: %v", err)
} }
return quote20(tpm, tpmKeyHnd, tpm2.Algorithm(alg), nonce) return quote20(tpm, tpmKeyHnd, alg.goTPMAlg(), nonce)
} }
// Close frees any resources associated with the key. // Close frees any resources associated with the key.