ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2024-12-21 05:53:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Implement key deletion on Windows (#27)

Browse Source 
* Implement key deletion on Windows

* Dont forget 2nd parameter in call to NCryptDeleteKey
This commit is contained in:
Tom D 2019-05-13 14:41:55 -07:00 committed by GitHub
parent 2ff4e84fcb
commit ac78180218
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
attest/pcp_windows.go
View File

@ -52,6 +52,7 @@ var (
nCryptOpenKey = nCrypt.MustFindProc("NCryptOpenKey") nCryptOpenKey = nCrypt.MustFindProc("NCryptOpenKey")
nCryptCreatePersistedKey = nCrypt.MustFindProc("NCryptCreatePersistedKey") nCryptCreatePersistedKey = nCrypt.MustFindProc("NCryptCreatePersistedKey")
nCryptFinalizeKey = nCrypt.MustFindProc("NCryptFinalizeKey") nCryptFinalizeKey = nCrypt.MustFindProc("NCryptFinalizeKey")
nCryptDeleteKey = nCrypt.MustFindProc("NCryptDeleteKey")
crypt32 = windows.MustLoadDLL("crypt32.dll") crypt32 = windows.MustLoadDLL("crypt32.dll")
crypt32CertEnumCertificatesInStore = crypt32.MustFindProc("CertEnumCertificatesInStore") crypt32CertEnumCertificatesInStore = crypt32.MustFindProc("CertEnumCertificatesInStore")
@ -241,6 +242,16 @@ func (h *winPCP) Close() error {
return closeNCryptObject(h.hProv) return closeNCryptObject(h.hProv)
} }
// DeleteKey permenantly removes the key with the given handle
// from the system, and frees its handle.
func (h *winPCP) DeleteKey(kh uintptr) error {
r, _, msg := nCryptDeleteKey.Call(kh, 0)
if r != 0 {
return fmt.Errorf("nCryptDeleteKey returned %X: %v", r, msg)
}
return nil
}
// EKCerts returns the Endorsement Certificates. // EKCerts returns the Endorsement Certificates.
// Failure to fetch an ECC certificate is not considered // Failure to fetch an ECC certificate is not considered
// an error as they do not exist on all platforms. // an error as they do not exist on all platforms.

5
attest/tpm_linux.go
View File

@ -294,6 +294,11 @@ func (k *Key) Close(tpm *TPM) error {
} }
} }
// Delete is not yet supported on linux systems.
func (k *Key) Delete(tpm *TPM) error {
return errors.New("key deletion is not yet supported on linux systems")
}
// ActivateCredential decrypts the specified credential using key. // ActivateCredential decrypts the specified credential using key.
// This operation is synonymous with TPM2_ActivateCredential. // This operation is synonymous with TPM2_ActivateCredential.
func (k *Key) ActivateCredential(t *TPM, in EncryptedCredential) ([]byte, error) { func (k *Key) ActivateCredential(t *TPM, in EncryptedCredential) ([]byte, error) {

6
attest/tpm_windows.go
View File

@ -248,6 +248,12 @@ func (k *Key) Close(tpm *TPM) error {
return closeNCryptObject(k.hnd) return closeNCryptObject(k.hnd)
} }
// Delete permenantly removes the key from the system. This method
// invalidates Key and any further method invocations are invalid.
func (k *Key) Delete(tpm *TPM) error {
return tpm.pcp.DeleteKey(k.hnd)
}
// MintAIK creates a persistent attestation key. The returned key must be // MintAIK creates a persistent attestation key. The returned key must be
// closed with a call to key.Close() when the caller has finished using it. // closed with a call to key.Close() when the caller has finished using it.
func (t *TPM) MintAIK(opts *MintOptions) (*Key, error) { func (t *TPM) MintAIK(opts *MintOptions) (*Key, error) {