Make sure the tpm channel is not nil

smallstep · Nov 2, 2023 · 4ae4220 · 4ae4220
1 parent 1bca397
commit 4ae4220
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/tpm/tss2/signer.go b/tpm/tss2/signer.go
@@ -59,6 +59,8 @@ type Signer struct {
 // [TPMKey]. The caller is responsible of opening and closing the TPM.
 func CreateSigner(rw io.ReadWriter, key *TPMKey) (crypto.Signer, error) {
 	switch {
+	case rw == nil:
+		return nil, fmt.Errorf("invalid TPM channel: rw cannot be nil")
 	case !key.Type.Equal(oidLoadableKey):
 		return nil, fmt.Errorf("invalid TSS2 key: type %q is not valid", key.Type.String())
 	case len(key.Policy) != 0:

diff --git a/tpm/tss2/signer_test.go b/tpm/tss2/signer_test.go
@@ -145,6 +145,7 @@ func TestCreateSigner(t *testing.T) {
 		{"ok", args{&rw, key}, &Signer{
 			rw: &rw, publicKey: publicKey, tpmKey: key,
 		}, assert.NoError},
+		{"fail rw", args{nil, key}, nil, assert.Error},
 		{"fail type", args{&rw, modKey(func(k *TPMKey) {
 			k.Type = oidSealedKey
 		})}, nil, assert.Error},