mirror of
https://github.com/google/go-attestation.git
synced 2024-12-20 21:43:16 +00:00
Implement key deletion on Windows (#27)
* Implement key deletion on Windows * Dont forget 2nd parameter in call to NCryptDeleteKey
This commit is contained in:
parent
2ff4e84fcb
commit
ac78180218
@ -52,6 +52,7 @@ var (
|
||||
nCryptOpenKey = nCrypt.MustFindProc("NCryptOpenKey")
|
||||
nCryptCreatePersistedKey = nCrypt.MustFindProc("NCryptCreatePersistedKey")
|
||||
nCryptFinalizeKey = nCrypt.MustFindProc("NCryptFinalizeKey")
|
||||
nCryptDeleteKey = nCrypt.MustFindProc("NCryptDeleteKey")
|
||||
|
||||
crypt32 = windows.MustLoadDLL("crypt32.dll")
|
||||
crypt32CertEnumCertificatesInStore = crypt32.MustFindProc("CertEnumCertificatesInStore")
|
||||
@ -241,6 +242,16 @@ func (h *winPCP) Close() error {
|
||||
return closeNCryptObject(h.hProv)
|
||||
}
|
||||
|
||||
// DeleteKey permenantly removes the key with the given handle
|
||||
// from the system, and frees its handle.
|
||||
func (h *winPCP) DeleteKey(kh uintptr) error {
|
||||
r, _, msg := nCryptDeleteKey.Call(kh, 0)
|
||||
if r != 0 {
|
||||
return fmt.Errorf("nCryptDeleteKey returned %X: %v", r, msg)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// EKCerts returns the Endorsement Certificates.
|
||||
// Failure to fetch an ECC certificate is not considered
|
||||
// an error as they do not exist on all platforms.
|
||||
|
@ -294,6 +294,11 @@ func (k *Key) Close(tpm *TPM) error {
|
||||
}
|
||||
}
|
||||
|
||||
// Delete is not yet supported on linux systems.
|
||||
func (k *Key) Delete(tpm *TPM) error {
|
||||
return errors.New("key deletion is not yet supported on linux systems")
|
||||
}
|
||||
|
||||
// ActivateCredential decrypts the specified credential using key.
|
||||
// This operation is synonymous with TPM2_ActivateCredential.
|
||||
func (k *Key) ActivateCredential(t *TPM, in EncryptedCredential) ([]byte, error) {
|
||||
|
@ -248,6 +248,12 @@ func (k *Key) Close(tpm *TPM) error {
|
||||
return closeNCryptObject(k.hnd)
|
||||
}
|
||||
|
||||
// Delete permenantly removes the key from the system. This method
|
||||
// invalidates Key and any further method invocations are invalid.
|
||||
func (k *Key) Delete(tpm *TPM) error {
|
||||
return tpm.pcp.DeleteKey(k.hnd)
|
||||
}
|
||||
|
||||
// MintAIK creates a persistent attestation key. The returned key must be
|
||||
// closed with a call to key.Close() when the caller has finished using it.
|
||||
func (t *TPM) MintAIK(opts *MintOptions) (*Key, error) {
|
||||
|
Loading…
Reference in New Issue
Block a user