Merge mjg59 windows changes with v0.5.1

.github/workflows/golangci-lint.yml

@@ -10,9 +10,9 @@ jobs:
     steps:
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.19.3
+          go-version: 1.20.x
       - uses: actions/checkout@v3
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.50.1
+          version: v1.53.3

.github/workflows/test.yml

@@ -13,7 +13,7 @@ jobs:
   test-linux:
     strategy:
       matrix:
-        go-version: [1.16.x, 1.17.x, 1.18.x]
+        go-version: [1.20.x]
     runs-on: ubuntu-latest
     steps:
     - name: Install Go
@@ -27,7 +27,7 @@ jobs:
   test-linux-tpm12:
     strategy:
       matrix:
-        go-version: [1.16.x, 1.17.x, 1.18.x]
+        go-version: [1.20.x]
     runs-on: ubuntu-latest
     steps:
     - name: Install Go
@@ -43,7 +43,7 @@ jobs:
   test-macos:
     strategy:
       matrix:
-        go-version: [1.16.x, 1.17.x, 1.18.x]
+        go-version: [1.20.x]
     runs-on: macos-latest
     steps:
     - name: Install Go
@@ -53,16 +53,12 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v2
       # See https://github.com/google/go-tpm-tools#macos-dev
-    - name: Install openssl
-      run: brew install [email protected]
-    - name: Link openssl
-      run: sudo ln -s $(brew --prefix [email protected])/include/openssl /usr/local/include
     - name: Test
       run: C_INCLUDE_PATH="$(brew --prefix [email protected])/include" LIBRARY_PATH="$(brew --prefix [email protected])/lib" go test ./...
   test-windows:
     strategy:
       matrix:
-        go-version: [1.16.x, 1.17.x, 1.18.x]
+        go-version: [1.20.x]
     runs-on: windows-latest
     steps:
     - name: Install Go

attest/activation.go

@@ -9,11 +9,11 @@ import (
 	"fmt"
 	"io"
 
+	"github.com/google/go-tpm/legacy/tpm2"
 	tpm1 "github.com/google/go-tpm/tpm"
-	"github.com/google/go-tpm/tpm2"
 
 	// TODO(jsonp): Move activation generation code to internal package.
-	"github.com/google/go-tpm/tpm2/credactivation"
+	"github.com/google/go-tpm/legacy/tpm2/credactivation"
 	"github.com/google/go-tspi/verification"
 )
 

attest/application_key.go

@@ -72,6 +72,10 @@ type KeyConfig struct {
 	// Size is used to specify the bit size of the key or elliptic curve. For
 	// example, '256' is used to specify curve P-256.
 	Size int
+	// Parent describes the Storage Root Key that will be used as a parent.
+	// If nil, the default SRK (i.e. RSA with handle 0x81000001) is assumed.
+	// Supported only by TPM 2.0 on Linux.
+	Parent *ParentKeyConfig
 }
 
 // defaultConfig is used when no other configuration is specified.

attest/attest-tool/attest-tool.go

@@ -140,7 +140,7 @@ func runCommand(tpm *attest.TPM) error {
 		fmt.Printf("Version: %d\n", info.Version)
 		fmt.Printf("Interface: %d\n", info.Interface)
 		fmt.Printf("VendorInfo: %x\n", info.VendorInfo)
-		fmt.Printf("Manufactorer: %v\n", info.Manufacturer)
+		fmt.Printf("Manufacturer: %v\n", info.Manufacturer)
 
 	case "make-ak", "make-aik":
 		k, err := tpm.NewAK(nil)

attest/attest-tool/internal/internal.go

@@ -3,7 +3,7 @@ package internal
 
 import (
 	"github.com/google/go-attestation/attest"
-	"github.com/google/go-tpm/tpm2"
+	"github.com/google/go-tpm/legacy/tpm2"
 )
 
 // Dump describes the layout of serialized information from the dump command.

attest/attest.go

@@ -23,8 +23,9 @@ import (
 	"io"
 	"strings"
 
+	"github.com/google/go-tpm/legacy/tpm2"
 	"github.com/google/go-tpm/tpm"
-	"github.com/google/go-tpm/tpm2"
+	"github.com/google/go-tpm/tpmutil"
 )
 
 // TPMVersion is used to configure a preference in
@@ -98,11 +99,23 @@ const (
 	keyEncodingParameterized
 )
 
+// ParentKeyConfig describes the Storage Root Key that is used
+// as a parent for new keys.
+type ParentKeyConfig struct {
+	Algorithm Algorithm
+	Handle    tpmutil.Handle
+}
+
+var defaultParentConfig = ParentKeyConfig{
+	Algorithm: RSA,
+	Handle:    0x81000001,
+}
+
 type ak interface {
 	close(tpmBase) error
 	marshal() ([]byte, error)
-	activateCredential(tpm tpmBase, in EncryptedCredential) ([]byte, error)
-	quote(t tpmBase, nonce []byte, alg HashAlg) (*Quote, error)
+	activateCredential(tpm tpmBase, in EncryptedCredential, ek *EK) ([]byte, error)
+	quote(t tpmBase, nonce []byte, alg HashAlg, selectedPCRs []int) (*Quote, error)
 	attestationParameters() AttestationParameters
 	certify(tb tpmBase, handle interface{}) (*CertificationParameters, error)
 }
@@ -126,19 +139,39 @@ func (k *AK) Marshal() ([]byte, error) {
 }
 
 // ActivateCredential decrypts the secret using the key to prove that the AK
-// was generated on the same TPM as the EK.
+// was generated on the same TPM as the EK. This method can be used with TPMs
+// that have the default EK, i.e. RSA EK with handle 0x81010001.
 //
 // This operation is synonymous with TPM2_ActivateCredential.
 func (k *AK) ActivateCredential(tpm *TPM, in EncryptedCredential) (secret []byte, err error) {
-	return k.ak.activateCredential(tpm.tpm, in)
+	return k.ak.activateCredential(tpm.tpm, in, nil)
+}
+
+// ActivateCredential decrypts the secret using the key to prove that the AK
+// was generated on the same TPM as the EK. This method can be used with TPMs
+// that have an ECC EK. The 'ek' argument must be one of EKs returned from
+// TPM.EKs() or TPM.EKCertificates().
+//
+// This operation is synonymous with TPM2_ActivateCredential.
+func (k *AK) ActivateCredentialWithEK(tpm *TPM, in EncryptedCredential, ek EK) (secret []byte, err error) {
+	return k.ak.activateCredential(tpm.tpm, in, &ek)
 }
 
 // Quote returns a quote over the platform state, signed by the AK.
 //
 // This is a low-level API. Consumers seeking to attest the state of the
 // platform should use tpm.AttestPlatform() instead.
 func (k *AK) Quote(tpm *TPM, nonce []byte, alg HashAlg) (*Quote, error) {
-	return k.ak.quote(tpm.tpm, nonce, alg)
+	pcrs := make([]int, 24)
+	for pcr := range pcrs {
+		pcrs[pcr] = pcr
+	}
+	return k.ak.quote(tpm.tpm, nonce, alg, pcrs)
+}
+
+// QuotePCRs is like Quote() but allows the caller to select a subset of the PCRs.
+func (k *AK) QuotePCRs(tpm *TPM, nonce []byte, alg HashAlg, pcrs []int) (*Quote, error) {
+	return k.ak.quote(tpm.tpm, nonce, alg, pcrs)
 }
 
 // AttestationParameters returns information about the AK, typically used to
@@ -155,9 +188,12 @@ func (k *AK) Certify(tpm *TPM, handle interface{}) (*CertificationParameters, er
 	return k.ak.certify(tpm.tpm, handle)
 }
 
-// AKConfig encapsulates parameters for minting keys. This type is defined
-// now (despite being empty) for future interface compatibility.
+// AKConfig encapsulates parameters for minting keys.
 type AKConfig struct {
+	// Parent describes the Storage Root Key that will be used as a parent.
+	// If nil, the default SRK (i.e. RSA with handle 0x81000001) is assumed.
+	// Supported only by TPM 2.0 on Linux.
+	Parent *ParentKeyConfig
 }
 
 // EncryptedCredential represents encrypted parameters which must be activated
@@ -205,6 +241,9 @@ type EK struct {
 	// Public key. Clients or servers can perform an HTTP GET to this URL, and
 	// use ParseEKCertificate on the response body.
 	CertificateURL string
+
+	// The EK persistent handle.
+	handle tpmutil.Handle
 }
 
 // AttestationParameters describes information about a key which is necessary

attest/attest_simulated_tpm20_test.go

@@ -98,32 +98,45 @@ func TestSimTPM20AKCreateAndLoad(t *testing.T) {
 }
 
 func TestSimTPM20ActivateCredential(t *testing.T) {
+	testActivateCredential(t, false)
+}
+
+func TestSimTPM20ActivateCredentialWithEK(t *testing.T) {
+	testActivateCredential(t, true)
+}
+
+func testActivateCredential(t *testing.T, useEK bool) {
 	sim, tpm := setupSimulatedTPM(t)
 	defer sim.Close()
 
-	ak, err := tpm.NewAK(nil)
-	if err != nil {
-		t.Fatalf("NewAK() failed: %v", err)
-	}
-	defer ak.Close(tpm)
-
 	EKs, err := tpm.EKs()
 	if err != nil {
 		t.Fatalf("EKs() failed: %v", err)
 	}
 	ek := chooseEK(t, EKs)
 
+	ak, err := tpm.NewAK(nil)
+	if err != nil {
+		t.Fatalf("NewAK() failed: %v", err)
+	}
+	defer ak.Close(tpm)
+
 	ap := ActivationParameters{
 		TPMVersion: TPMVersion20,
 		AK:         ak.AttestationParameters(),
-		EK:         ek,
+		EK:         ek.Public,
 	}
 	secret, challenge, err := ap.Generate()
 	if err != nil {
 		t.Fatalf("Generate() failed: %v", err)
 	}
 
-	decryptedSecret, err := ak.ActivateCredential(tpm, *challenge)
+	var decryptedSecret []byte
+	if useEK {
+		decryptedSecret, err = ak.ActivateCredentialWithEK(tpm, *challenge, ek)
+	} else {
+		decryptedSecret, err = ak.ActivateCredential(tpm, *challenge)
+	}
 	if err != nil {
 		t.Errorf("ak.ActivateCredential() failed: %v", err)
 	}
@@ -246,24 +259,69 @@ func TestSimTPM20PCRs(t *testing.T) {
 	}
 }
 
-func TestSimTPM20Persistence(t *testing.T) {
+func TestSimTPM20PersistenceSRK(t *testing.T) {
+	testPersistenceSRK(t, defaultParentConfig)
+}
+
+func TestSimTPM20PersistenceECCSRK(t *testing.T) {
+	parentConfig := ParentKeyConfig{
+		Algorithm: ECDSA,
+		Handle:    0x81000002,
+	}
+	testPersistenceSRK(t, parentConfig)
+}
+
+func testPersistenceSRK(t *testing.T, parentConfig ParentKeyConfig) {
 	sim, tpm := setupSimulatedTPM(t)
 	defer sim.Close()
 
-	ekHnd, _, err := tpm.tpm.(*wrappedTPM20).getPrimaryKeyHandle(commonEkEquivalentHandle)
+	srkHnd, _, err := tpm.tpm.(*wrappedTPM20).getStorageRootKeyHandle(parentConfig)
+	if err != nil {
+		t.Fatalf("getStorageRootKeyHandle() failed: %v", err)
+	}
+	if srkHnd != parentConfig.Handle {
+		t.Fatalf("bad SRK-equivalent handle: got 0x%x, wanted 0x%x", srkHnd, parentConfig.Handle)
+	}
+
+	srkHnd, p, err := tpm.tpm.(*wrappedTPM20).getStorageRootKeyHandle(parentConfig)
+	if err != nil {
+		t.Fatalf("second getStorageRootKeyHandle() failed: %v", err)
+	}
+	if srkHnd != parentConfig.Handle {
+		t.Fatalf("bad SRK-equivalent handle: got 0x%x, wanted 0x%x", srkHnd, parentConfig.Handle)
+	}
+	if p {
+		t.Fatalf("generated a new key the second time; that shouldn't happen")
+	}
+}
+
+func TestSimTPM20PersistenceEK(t *testing.T) {
+	sim, tpm := setupSimulatedTPM(t)
+	defer sim.Close()
+
+	eks, err := tpm.EKs()
+	if err != nil {
+		t.Errorf("EKs() failed: %v", err)
+	}
+	if len(eks) == 0 || (eks[0].Public == nil) {
+		t.Errorf("EKs() = %v, want at least 1 EK with populated fields", eks)
+	}
+
+	ek := eks[0]
+	ekHnd, _, err := tpm.tpm.(*wrappedTPM20).getEndorsementKeyHandle(&ek)
 	if err != nil {
-		t.Fatalf("getPrimaryKeyHandle() failed: %v", err)
+		t.Fatalf("getStorageRootKeyHandle() failed: %v", err)
 	}
-	if ekHnd != commonEkEquivalentHandle {
-		t.Fatalf("bad EK-equivalent handle: got 0x%x, wanted 0x%x", ekHnd, commonEkEquivalentHandle)
+	if ekHnd != ek.handle {
+		t.Fatalf("bad EK-equivalent handle: got 0x%x, wanted 0x%x", ekHnd, ek.handle)
 	}
 
-	ekHnd, p, err := tpm.tpm.(*wrappedTPM20).getPrimaryKeyHandle(commonEkEquivalentHandle)
+	ekHnd, p, err := tpm.tpm.(*wrappedTPM20).getEndorsementKeyHandle(&ek)
 	if err != nil {
-		t.Fatalf("second getPrimaryKeyHandle() failed: %v", err)
+		t.Fatalf("second getEndorsementKeyHandle() failed: %v", err)
 	}
-	if ekHnd != commonEkEquivalentHandle {
-		t.Fatalf("bad EK-equivalent handle: got 0x%x, wanted 0x%x", ekHnd, commonEkEquivalentHandle)
+	if ekHnd != ek.handle {
+		t.Fatalf("bad EK-equivalent handle: got 0x%x, wanted 0x%x", ekHnd, ek.handle)
 	}
 	if p {
 		t.Fatalf("generated a new key the second time; that shouldn't happen")

attest/attest_test.go

@@ -16,7 +16,6 @@ package attest
 
 import (
 	"bytes"
-	"crypto"
 	"flag"
 	"fmt"
 	"reflect"
@@ -119,16 +118,16 @@ func TestAKCreateAndLoad(t *testing.T) {
 	}
 }
 
-// chooseEK selects the EK public which will be activated against.
-func chooseEK(t *testing.T, eks []EK) crypto.PublicKey {
+// chooseEK selects the EK which will be activated against.
+func chooseEK(t *testing.T, eks []EK) EK {
 	t.Helper()
 
 	for _, ek := range eks {
-		return ek.Public
+		return ek
 	}
 
 	t.Fatalf("No suitable EK found")
-	return nil
+	return EK{}
 }
 
 func TestPCRs(t *testing.T) {

attest/attest_tpm12_test.go

@@ -151,7 +151,7 @@ func TestTPMActivateCredential(t *testing.T) {
 	ap := ActivationParameters{
 		TPMVersion: TPMVersion12,
 		AK:         ak.AttestationParameters(),
-		EK:         ek,
+		EK:         ek.Public,
 	}
 	secret, challenge, err := ap.Generate()
 	if err != nil {