Make SRK/AIK templates consistent with go-tpm-tools (#58)

attest/activation.go

@@ -175,7 +175,7 @@ func (p *ActivationParameters) checkTPM20AIKParameters() error {
 	}
 
 	// Check the signature over the attestation data verifies correctly.
-	pk := rsa.PublicKey{E: int(pub.RSAParameters.Exponent), N: pub.RSAParameters.Modulus}
+	pk := rsa.PublicKey{E: int(pub.RSAParameters.Exponent()), N: pub.RSAParameters.Modulus()}
 	signHashConstructor, err := pub.RSAParameters.Sign.Hash.HashConstructor()
 	if err != nil {
 		return err

attest/tpm.go

@@ -20,7 +20,6 @@ import (
 	"encoding/binary"
 	"fmt"
 	"io"
-	"math/big"
 	"strings"
 
 	"github.com/google/certificate-transparency-go/asn1"
@@ -46,28 +45,27 @@ var (
 	aikTemplate = tpm2.Public{
 		Type:       tpm2.AlgRSA,
 		NameAlg:    tpm2.AlgSHA256,
-		Attributes: tpm2.FlagSignerDefault | tpm2.FlagNoDA,
+		Attributes: tpm2.FlagSignerDefault,
 		RSAParameters: &tpm2.RSAParams{
 			Sign: &tpm2.SigScheme{
 				Alg:  tpm2.AlgRSASSA,
 				Hash: tpm2.AlgSHA256,
 			},
 			KeyBits: 2048,
-			Modulus: big.NewInt(0),
 		},
 	}
 	defaultSRKTemplate = tpm2.Public{
 		Type:       tpm2.AlgRSA,
 		NameAlg:    tpm2.AlgSHA256,
-		Attributes: tpm2.FlagStorageDefault,
+		Attributes: tpm2.FlagStorageDefault | tpm2.FlagNoDA,
 		RSAParameters: &tpm2.RSAParams{
 			Symmetric: &tpm2.SymScheme{
 				Alg:     tpm2.AlgAES,
 				KeyBits: 128,
 				Mode:    tpm2.AlgCFB,
 			},
-			KeyBits: 2048,
-			Modulus: big.NewInt(0),
+			ModulusRaw: make([]byte, 256),
+			KeyBits:    2048,
 		},
 	}
 	// Default EK template defined in:
@@ -92,7 +90,6 @@ var (
 				Mode:    tpm2.AlgCFB,
 			},
 			KeyBits:    2048,
-			Exponent:   0,
 			ModulusRaw: make([]byte, 256),
 		},
 	}

attest/tpm_linux.go

@@ -253,7 +253,7 @@ func (t *TPM) EKs() ([]PlatformEK, error) {
 			}
 
 			return []PlatformEK{
-				{nil, &rsa.PublicKey{E: int(pub.RSAParameters.Exponent), N: pub.RSAParameters.Modulus}},
+				{nil, &rsa.PublicKey{E: int(pub.RSAParameters.Exponent()), N: pub.RSAParameters.Modulus()}},
 			}, nil
 		}
 

go.mod

@@ -5,7 +5,7 @@ go 1.12
 require (
 	github.com/golang/protobuf v1.3.1
 	github.com/google/certificate-transparency-go v1.0.22-0.20190605205155-41fc2ef3a2a8
-	github.com/google/go-tpm v0.1.2-0.20190720204220-b46f7071bbfd
+	github.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4
 	github.com/google/go-tpm-tools v0.0.0-20190328013357-5d2fd7f4b3e5
 	github.com/google/go-tspi v0.2.1-0.20190423175329-115dea689aad
 	golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 // indirect

go.sum

@@ -4,8 +4,8 @@ github.com/google/certificate-transparency-go v1.0.21 h1:Yf1aXowfZ2nuboBsg7iYGLm
 github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
 github.com/google/certificate-transparency-go v1.0.22-0.20190605205155-41fc2ef3a2a8 h1:G3Wse9lGL7PmAl2jqdr0HgwhPkGA5KHu7guIPREa7DU=
 github.com/google/certificate-transparency-go v1.0.22-0.20190605205155-41fc2ef3a2a8/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
-github.com/google/go-tpm v0.1.2-0.20190720204220-b46f7071bbfd h1:vdJl7SmJKhMKpc7XTDMjYCq/hvZT2u1YzABQD1VOqeA=
-github.com/google/go-tpm v0.1.2-0.20190720204220-b46f7071bbfd/go.mod h1:H9HbmUG2YgV/PHITkO7p6wxEEj/v5nlsVWIwumwH2NI=
+github.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4 h1:GNNkIb6NSjYfw+KvgUFW590mcgsSFihocSrbXct1sEw=
+github.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4/go.mod h1:H9HbmUG2YgV/PHITkO7p6wxEEj/v5nlsVWIwumwH2NI=
 github.com/google/go-tpm-tools v0.0.0-20190328013357-5d2fd7f4b3e5 h1:/moKuMi+BJ+OEva3jTms88ruyRkxaZn+f9EIZoGpQeY=
 github.com/google/go-tpm-tools v0.0.0-20190328013357-5d2fd7f4b3e5/go.mod h1:ApmLTU8fd5JJJ4J67y9sV16nOTR00GW2OabMwk7kSnE=
 github.com/google/go-tspi v0.2.1-0.20190423175329-115dea689aad h1:LnpS22S8V1HqbxjveESGAazHhi6BX9SwI2Rij7qZcXQ=