From 972fec6a06ac7c1b9768bdef2da5efbb25acad87 Mon Sep 17 00:00:00 2001 From: Joe Richey Date: Thu, 10 Jun 2021 00:33:10 -0700 Subject: [PATCH 1/3] quote: Remove internal usage of ownerPassword with Quote Quote only takes one authorization area, so our functions shouldn't take two passwords. To avoid a breaking change, the function signature of `Quote` and `QuoteRaw` are note changed, but `encodeQuote` drops the parameter. We should remove the superflous param from the public functions when we next make a breaking change. Signed-off-by: Joe Richey --- tpm2/tpm2.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tpm2/tpm2.go b/tpm2/tpm2.go index 7a1c0680..89a6861a 100644 --- a/tpm2/tpm2.go +++ b/tpm2/tpm2.go @@ -917,7 +917,7 @@ func UnsealWithSession(rw io.ReadWriter, sessionHandle, itemHandle tpmutil.Handl return decodeUnseal(resp) } -func encodeQuote(signingHandle tpmutil.Handle, parentPassword, ownerPassword string, toQuote tpmutil.U16Bytes, sel PCRSelection, sigAlg Algorithm) ([]byte, error) { +func encodeQuote(signingHandle tpmutil.Handle, parentPassword string, toQuote tpmutil.U16Bytes, sel PCRSelection, sigAlg Algorithm) ([]byte, error) { ha, err := tpmutil.Pack(signingHandle) if err != nil { return nil, err @@ -970,7 +970,8 @@ func Quote(rw io.ReadWriter, signingHandle tpmutil.Handle, parentPassword, owner // QuoteRaw is very similar to Quote, except that it will return // the raw signature in a byte array without decoding. func QuoteRaw(rw io.ReadWriter, signingHandle tpmutil.Handle, parentPassword, ownerPassword string, toQuote []byte, sel PCRSelection, sigAlg Algorithm) ([]byte, []byte, error) { - Cmd, err := encodeQuote(signingHandle, parentPassword, ownerPassword, toQuote, sel, sigAlg) + // TODO: Remove "ownerPassword" parameter on next breaking change. + Cmd, err := encodeQuote(signingHandle, parentPassword, toQuote, sel, sigAlg) if err != nil { return nil, nil, err } From b15c80f87663ebadf4e9e6427756f6db937dae2a Mon Sep 17 00:00:00 2001 From: Joe Richey Date: Thu, 10 Jun 2021 01:09:25 -0700 Subject: [PATCH 2/3] Update encodeQuote test Signed-off-by: Joe Richey --- tpm2/encoding_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tpm2/encoding_test.go b/tpm2/encoding_test.go index 1f79fb16..859fc041 100644 --- a/tpm2/encoding_test.go +++ b/tpm2/encoding_test.go @@ -297,7 +297,7 @@ func TestEncodeQuote(t *testing.T) { t.Fatal(err) } toQuote := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x10} - cmdBytes, err := encodeQuote(tpmutil.Handle(0x80000001), defaultPassword, "", toQuote, pcrSelection7, 0x0010) + cmdBytes, err := encodeQuote(tpmutil.Handle(0x80000001), defaultPassword, toQuote, pcrSelection7, 0x0010) if err != nil { t.Fatal(err) } From a1affc603a2e44ddf67354296af4cbb8b89a840d Mon Sep 17 00:00:00 2001 From: Joe Richey Date: Fri, 11 Jun 2021 11:02:52 -0700 Subject: [PATCH 3/3] quote: update parameter names to reflect usage "signerAuth" is more consistent with Certify(). Also add TODO to Quote (as well as QuoteRaw). Signed-off-by: Joe Richey --- tpm2/tpm2.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tpm2/tpm2.go b/tpm2/tpm2.go index 89a6861a..30579116 100644 --- a/tpm2/tpm2.go +++ b/tpm2/tpm2.go @@ -917,12 +917,12 @@ func UnsealWithSession(rw io.ReadWriter, sessionHandle, itemHandle tpmutil.Handl return decodeUnseal(resp) } -func encodeQuote(signingHandle tpmutil.Handle, parentPassword string, toQuote tpmutil.U16Bytes, sel PCRSelection, sigAlg Algorithm) ([]byte, error) { +func encodeQuote(signingHandle tpmutil.Handle, signerAuth string, toQuote tpmutil.U16Bytes, sel PCRSelection, sigAlg Algorithm) ([]byte, error) { ha, err := tpmutil.Pack(signingHandle) if err != nil { return nil, err } - auth, err := encodeAuthArea(AuthCommand{Session: HandlePasswordSession, Attributes: AttrContinueSession, Auth: []byte(parentPassword)}) + auth, err := encodeAuthArea(AuthCommand{Session: HandlePasswordSession, Attributes: AttrContinueSession, Auth: []byte(signerAuth)}) if err != nil { return nil, err } @@ -955,8 +955,9 @@ func decodeQuote(in []byte) ([]byte, []byte, error) { // values, created using a signing TPM key. // // Returns attestation data and the decoded signature. -func Quote(rw io.ReadWriter, signingHandle tpmutil.Handle, parentPassword, ownerPassword string, toQuote []byte, sel PCRSelection, sigAlg Algorithm) ([]byte, *Signature, error) { - attest, sigRaw, err := QuoteRaw(rw, signingHandle, parentPassword, ownerPassword, toQuote, sel, sigAlg) +func Quote(rw io.ReadWriter, signingHandle tpmutil.Handle, signerAuth, unused string, toQuote []byte, sel PCRSelection, sigAlg Algorithm) ([]byte, *Signature, error) { + // TODO: Remove "unused" parameter on next breaking change. + attest, sigRaw, err := QuoteRaw(rw, signingHandle, signerAuth, unused, toQuote, sel, sigAlg) if err != nil { return nil, nil, err } @@ -969,9 +970,9 @@ func Quote(rw io.ReadWriter, signingHandle tpmutil.Handle, parentPassword, owner // QuoteRaw is very similar to Quote, except that it will return // the raw signature in a byte array without decoding. -func QuoteRaw(rw io.ReadWriter, signingHandle tpmutil.Handle, parentPassword, ownerPassword string, toQuote []byte, sel PCRSelection, sigAlg Algorithm) ([]byte, []byte, error) { - // TODO: Remove "ownerPassword" parameter on next breaking change. - Cmd, err := encodeQuote(signingHandle, parentPassword, toQuote, sel, sigAlg) +func QuoteRaw(rw io.ReadWriter, signingHandle tpmutil.Handle, signerAuth, unused string, toQuote []byte, sel PCRSelection, sigAlg Algorithm) ([]byte, []byte, error) { + // TODO: Remove "unused" parameter on next breaking change. + Cmd, err := encodeQuote(signingHandle, signerAuth, toQuote, sel, sigAlg) if err != nil { return nil, nil, err }