diff --git a/tpm/ak.go b/tpm/ak.go index 54d29c0b..a3d2c176 100644 --- a/tpm/ak.go +++ b/tpm/ak.go @@ -15,7 +15,6 @@ import ( x509ext "github.com/smallstep/go-attestation/x509" "go.step.sm/crypto/tpm/storage" - "go.step.sm/crypto/tpm/tss2" ) // AK models a TPM 2.0 Attestation Key. An AK can be used @@ -458,15 +457,6 @@ func (ak *AK) HasValidPermanentIdentifier(permanentIdentifier string) bool { return false } -// ToTSS2 gets the public and private blobs and returns a [*tss2.TPMKey]. -func (ak *AK) ToTSS2(ctx context.Context) (*tss2.TPMKey, error) { - blobs, err := ak.Blobs(ctx) - if err != nil { - return nil, err - } - return tss2.New(blobs.public, blobs.private), nil -} - // toStorage transforms the AK to the struct used for // persisting AKs. func (ak *AK) toStorage() *storage.AK { diff --git a/tpm/key.go b/tpm/key.go index d568dada..cb1b08c3 100644 --- a/tpm/key.go +++ b/tpm/key.go @@ -12,7 +12,6 @@ import ( "github.com/smallstep/go-attestation/attest" internalkey "go.step.sm/crypto/tpm/internal/key" "go.step.sm/crypto/tpm/storage" - "go.step.sm/crypto/tpm/tss2" ) // Key models a TPM 2.0 Key. A Key can be used @@ -105,15 +104,6 @@ func (k *Key) MarshalJSON() ([]byte, error) { return json.Marshal(o) } -// ToTSS2 gets the public and private blobs and returns a [*tss2.TPMKey]. -func (k *Key) ToTSS2(ctx context.Context) (*tss2.TPMKey, error) { - blobs, err := k.Blobs(ctx) - if err != nil { - return nil, err - } - return tss2.New(blobs.public, blobs.private), nil -} - // comparablePublicKey is an interface that allows a crypto.PublicKey to be // compared to another crypto.PublicKey. type comparablePublicKey interface { diff --git a/tpm/tss2.go b/tpm/tss2.go new file mode 100644 index 00000000..d6de7196 --- /dev/null +++ b/tpm/tss2.go @@ -0,0 +1,30 @@ +package tpm + +import ( + "context" + + "go.step.sm/crypto/tpm/tss2" +) + +const ( + // Defined in "Registry of reserved TPM 2.0 handles and localities", and checked on a glinux machine. + commonSrkEquivalentHandle = 0x81000001 +) + +// ToTSS2 gets the public and private blobs and returns a [*tss2.TPMKey]. +func (ak *AK) ToTSS2(ctx context.Context) (*tss2.TPMKey, error) { + blobs, err := ak.Blobs(ctx) + if err != nil { + return nil, err + } + return tss2.New(blobs.public, blobs.private, tss2.WithParent(commonSrkEquivalentHandle)), nil +} + +// ToTSS2 gets the public and private blobs and returns a [*tss2.TPMKey]. +func (k *Key) ToTSS2(ctx context.Context) (*tss2.TPMKey, error) { + blobs, err := k.Blobs(ctx) + if err != nil { + return nil, err + } + return tss2.New(blobs.public, blobs.private, tss2.WithParent(commonSrkEquivalentHandle)), nil +} diff --git a/tpm/tss2/encode.go b/tpm/tss2/encode.go index 9fd58b7d..f279a149 100644 --- a/tpm/tss2/encode.go +++ b/tpm/tss2/encode.go @@ -10,6 +10,13 @@ const handleOwner = 0x40000001 // TPMOption is the type used to modify a [TPMKey]. type TPMOption func(*TPMKey) +// WithParent sets the [TPMKey] parent's handle +func WithParent(parent int) TPMOption { + return func(t *TPMKey) { + t.Parent = parent + } +} + // New creates a new [TPMKey] with the given public and private keys. func New(pub, priv []byte, opts ...TPMOption) *TPMKey { key := &TPMKey{