mirror of
https://github.com/google/go-attestation.git
synced 2024-12-21 13:57:55 +00:00
Add error for passing non-SHA1 algorithm to Quote() on TPM1.2, compute the go-tpm/tpm2 alg in more standard way (#100)
This commit is contained in:
parent
e7e8befcc7
commit
a406c399ba
@ -65,6 +65,10 @@ func (k *key12) ActivateCredential(t *TPM, in EncryptedCredential) ([]byte, erro
|
||||
|
||||
// Quote returns a quote over the platform state, signed by the key.
|
||||
func (k *key12) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) {
|
||||
if alg != HashSHA1 {
|
||||
return nil, fmt.Errorf("only SHA1 algorithms supported on TPM 1.2, not HashAlg(%v)", alg)
|
||||
}
|
||||
|
||||
quote, rawSig, err := attestation.GetQuote(t.ctx, k.blob, nonce)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Quote() failed: %v", err)
|
||||
|
@ -20,7 +20,6 @@ import (
|
||||
"fmt"
|
||||
|
||||
tpm1 "github.com/google/go-tpm/tpm"
|
||||
"github.com/google/go-tpm/tpm2"
|
||||
)
|
||||
|
||||
// key12 represents a Windows-managed key on a TPM1.2 TPM.
|
||||
@ -62,6 +61,10 @@ func (k *key12) ActivateCredential(tpm *TPM, in EncryptedCredential) ([]byte, er
|
||||
|
||||
// Quote returns a quote over the platform state, signed by the key.
|
||||
func (k *key12) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) {
|
||||
if alg != HashSHA1 {
|
||||
return nil, fmt.Errorf("only SHA1 algorithms supported on TPM 1.2, not HashAlg(%v)", alg)
|
||||
}
|
||||
|
||||
tpmKeyHnd, err := t.pcp.TPMKeyHandle(k.hnd)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("TPMKeyHandle() failed: %v", err)
|
||||
@ -162,7 +165,7 @@ func (k *key20) Quote(t *TPM, nonce []byte, alg HashAlg) (*Quote, error) {
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("TPMCommandInterface() failed: %v", err)
|
||||
}
|
||||
return quote20(tpm, tpmKeyHnd, tpm2.Algorithm(alg), nonce)
|
||||
return quote20(tpm, tpmKeyHnd, alg.goTPMAlg(), nonce)
|
||||
}
|
||||
|
||||
// Close frees any resources associated with the key.
|
||||
|
Loading…
Reference in New Issue
Block a user