mirror of
https://github.com/google/go-attestation.git
synced 2024-12-30 09:48:59 +00:00
Implement key deletion on Windows (#27)
* Implement key deletion on Windows * Dont forget 2nd parameter in call to NCryptDeleteKey
This commit is contained in:
parent
2ff4e84fcb
commit
ac78180218
@ -52,6 +52,7 @@ var (
|
|||||||
nCryptOpenKey = nCrypt.MustFindProc("NCryptOpenKey")
|
nCryptOpenKey = nCrypt.MustFindProc("NCryptOpenKey")
|
||||||
nCryptCreatePersistedKey = nCrypt.MustFindProc("NCryptCreatePersistedKey")
|
nCryptCreatePersistedKey = nCrypt.MustFindProc("NCryptCreatePersistedKey")
|
||||||
nCryptFinalizeKey = nCrypt.MustFindProc("NCryptFinalizeKey")
|
nCryptFinalizeKey = nCrypt.MustFindProc("NCryptFinalizeKey")
|
||||||
|
nCryptDeleteKey = nCrypt.MustFindProc("NCryptDeleteKey")
|
||||||
|
|
||||||
crypt32 = windows.MustLoadDLL("crypt32.dll")
|
crypt32 = windows.MustLoadDLL("crypt32.dll")
|
||||||
crypt32CertEnumCertificatesInStore = crypt32.MustFindProc("CertEnumCertificatesInStore")
|
crypt32CertEnumCertificatesInStore = crypt32.MustFindProc("CertEnumCertificatesInStore")
|
||||||
@ -241,6 +242,16 @@ func (h *winPCP) Close() error {
|
|||||||
return closeNCryptObject(h.hProv)
|
return closeNCryptObject(h.hProv)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeleteKey permenantly removes the key with the given handle
|
||||||
|
// from the system, and frees its handle.
|
||||||
|
func (h *winPCP) DeleteKey(kh uintptr) error {
|
||||||
|
r, _, msg := nCryptDeleteKey.Call(kh, 0)
|
||||||
|
if r != 0 {
|
||||||
|
return fmt.Errorf("nCryptDeleteKey returned %X: %v", r, msg)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// EKCerts returns the Endorsement Certificates.
|
// EKCerts returns the Endorsement Certificates.
|
||||||
// Failure to fetch an ECC certificate is not considered
|
// Failure to fetch an ECC certificate is not considered
|
||||||
// an error as they do not exist on all platforms.
|
// an error as they do not exist on all platforms.
|
||||||
|
@ -294,6 +294,11 @@ func (k *Key) Close(tpm *TPM) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Delete is not yet supported on linux systems.
|
||||||
|
func (k *Key) Delete(tpm *TPM) error {
|
||||||
|
return errors.New("key deletion is not yet supported on linux systems")
|
||||||
|
}
|
||||||
|
|
||||||
// ActivateCredential decrypts the specified credential using key.
|
// ActivateCredential decrypts the specified credential using key.
|
||||||
// This operation is synonymous with TPM2_ActivateCredential.
|
// This operation is synonymous with TPM2_ActivateCredential.
|
||||||
func (k *Key) ActivateCredential(t *TPM, in EncryptedCredential) ([]byte, error) {
|
func (k *Key) ActivateCredential(t *TPM, in EncryptedCredential) ([]byte, error) {
|
||||||
|
@ -248,6 +248,12 @@ func (k *Key) Close(tpm *TPM) error {
|
|||||||
return closeNCryptObject(k.hnd)
|
return closeNCryptObject(k.hnd)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Delete permenantly removes the key from the system. This method
|
||||||
|
// invalidates Key and any further method invocations are invalid.
|
||||||
|
func (k *Key) Delete(tpm *TPM) error {
|
||||||
|
return tpm.pcp.DeleteKey(k.hnd)
|
||||||
|
}
|
||||||
|
|
||||||
// MintAIK creates a persistent attestation key. The returned key must be
|
// MintAIK creates a persistent attestation key. The returned key must be
|
||||||
// closed with a call to key.Close() when the caller has finished using it.
|
// closed with a call to key.Close() when the caller has finished using it.
|
||||||
func (t *TPM) MintAIK(opts *MintOptions) (*Key, error) {
|
func (t *TPM) MintAIK(opts *MintOptions) (*Key, error) {
|
||||||
|
Loading…
Reference in New Issue
Block a user