-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for enumerating key handles #1
Conversation
GetKeys will return a list of handles for currently-loaded TPM keys. This is useful for debugging and is needed for graceful cleanup or recovery of TPM resources.
Conflicts: tpm/tpm.go
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed, please reply here (e.g.
|
I signed it! |
CLAs look good, thanks! |
if n == 0 { | ||
return nil, nil | ||
} | ||
h := make([]Handle, int(n)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe that make accepts any integer type in its size argument, so I don't think you need to cast to int here.
@@ -140,6 +140,25 @@ func packType(buf io.Writer, elts []interface{}) error { | |||
return nil | |||
} | |||
|
|||
func unpackKeyHandleList(b []byte) ([]Handle, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a test in encoding_test.go for the new encoding function.
I think the latest commits address all of your concerns Tom. |
* Fix issue with TPM 1.2 migration auth (#1) Fix some TPM 1.2-specific issues related to key migration and testing: - A bug in CreateWrapKey that uses an incorrect key to encrypt a key's `migrationAuth` value - Addition of `AuthorizeMigrationKey` and `CreateMigrationBlob` command functions to enable testing of migration auth bug fix - A bug fix in TakeOwnership that prevented successful authorization of the command - A session leak in a couple of TPM 1.2 tests (`TestOIAP` and `TestOSAP`) - Improvements to the TPM 1.2 tests to allow execution on a TPM that needs to be started up - Initial effort at documentation for running the TPM 1.2 tests against the IBM simulator * Delete extraneous file
* Introduce Direct TPM2 API This commit introduces a new method of interacting with a TPM 2.0. Instead of plumbing each TPM API into one or more Go functions, this code defines structures for every TPM 2.0 command request and response. These map 1:1 with the actual command parameters comprehended by the TPM, so any invocation of any command is possible (once all the command structures are written). This commit introduces enough of the TPM 2.0 API surface to put together some interesting end-to-end tests, mostly around sealing. Another objective of the Direct API is to facilitate use of the TPM's session-based command transport features (e.g., audit and encryption sessions). See the test code for examples of how to easily use these APIs to, e.g., set up an EK-salted session for session-encrypted unseal. Change-Id: I1549dd596869d79ddd41ff3c5f9ffdadc9628ed4 * fix problems identified by go vet * fix some more issues identified by go vet * fix some more issues surfaced by vet * fix more go vet issues * one last round of go vet fixes * Use subpackages and put the Execute function on the command types (#1) * WIP: put stuff into subpackages to make the names nice * use internal monolithic package to avoid cycles * complete the tpm2 package * fix test references to renamed types * switch to command.Execute pattern * fix some unkeyed field values detected by go vet * stop panicking from Hash * Draft implementation of Joe's embedded-reserved-field bitwise solution * Turn command handles into an interface to avoid caller stuttering
This is useful for debugging and is needed for graceful cleanup or recovery of TPM resources. Specifically, some TPMs seem to run out of key handles, causing LoadKey to fail, and the key handles persist even across reboots. Apparently, the only way to clear them short of resetting the TPM is to enumerate and explicitly unload old keys.