Make tpm2 quote functions accept PCR selections for multiple banks

google · Mar 10, 2022 · 9a7fe02 · 9a7fe02
1 parent 77d0de8
commit 9a7fe02
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 8 deletions.
diff --git a/tpm2/structures.go b/tpm2/structures.go
@@ -823,13 +823,13 @@ func (ci CertifyInfo) encode() ([]byte, error) {
 
 // QuoteInfo represents a TPMS_QUOTE_INFO structure.
 type QuoteInfo struct {
-	PCRSelection PCRSelection
+	PCRSelection []PCRSelection
 	PCRDigest    tpmutil.U16Bytes
 }
 
 func decodeQuoteInfo(in *bytes.Buffer) (*QuoteInfo, error) {
 	var out QuoteInfo
-	sel, err := decodeOneTPMLPCRSelection(in)
+	sel, err := decodeTPMLPCRSelection(in)
 	if err != nil {
 		return nil, fmt.Errorf("decoding PCRSelection: %v", err)
 	}
@@ -842,7 +842,7 @@ func decodeQuoteInfo(in *bytes.Buffer) (*QuoteInfo, error) {
 }
 
 func (qi QuoteInfo) encode() ([]byte, error) {
-	sel, err := encodeTPMLPCRSelection(qi.PCRSelection)
+	sel, err := encodeTPMLPCRSelection(qi.PCRSelection...)
 	if err != nil {
 		return nil, fmt.Errorf("encoding PCRSelection: %v", err)
 	}

diff --git a/tpm2/test/tpm2_test.go b/tpm2/test/tpm2_test.go
@@ -35,6 +35,7 @@ import (
 	"testing"
 
 	"github.com/google/go-tpm-tools/simulator"
+	"github.com/google/go-tpm/tpm2"
 	. "github.com/google/go-tpm/tpm2"
 	"github.com/google/go-tpm/tpmutil"
 )
@@ -1670,7 +1671,7 @@ func TestQuote(t *testing.T) {
 	}
 	defer FlushContext(rw, keyHandle)
 
-	attestation, signature, err := Quote(rw, keyHandle, emptyPassword, emptyPassword, nil, pcrSelection7, AlgNull)
+	attestation, signature, err := Quote(rw, keyHandle, emptyPassword, emptyPassword, nil, []tpm2.PCRSelection{pcrSelection7}, AlgNull)
 	if err != nil {
 		t.Fatalf("Quote failed: %v", err)
 	}

diff --git a/tpm2/tpm2.go b/tpm2/tpm2.go
@@ -950,7 +950,7 @@ func UnsealWithSession(rw io.ReadWriter, sessionHandle, itemHandle tpmutil.Handl
 	return decodeUnseal(resp)
 }
 
-func encodeQuote(signingHandle tpmutil.Handle, signerAuth string, toQuote tpmutil.U16Bytes, sel PCRSelection, sigAlg Algorithm) ([]byte, error) {
+func encodeQuote(signingHandle tpmutil.Handle, signerAuth string, toQuote tpmutil.U16Bytes, sel []PCRSelection, sigAlg Algorithm) ([]byte, error) {
 	ha, err := tpmutil.Pack(signingHandle)
 	if err != nil {
 		return nil, err
@@ -963,7 +963,7 @@ func encodeQuote(signingHandle tpmutil.Handle, signerAuth string, toQuote tpmuti
 	if err != nil {
 		return nil, err
 	}
-	pcrs, err := encodeTPMLPCRSelection(sel)
+	pcrs, err := encodeTPMLPCRSelection(sel...)
 	if err != nil {
 		return nil, err
 	}
@@ -988,7 +988,7 @@ func decodeQuote(in []byte) ([]byte, []byte, error) {
 // values, created using a signing TPM key.
 //
 // Returns attestation data and the decoded signature.
-func Quote(rw io.ReadWriter, signingHandle tpmutil.Handle, signerAuth, unused string, toQuote []byte, sel PCRSelection, sigAlg Algorithm) ([]byte, *Signature, error) {
+func Quote(rw io.ReadWriter, signingHandle tpmutil.Handle, signerAuth, unused string, toQuote []byte, sel []PCRSelection, sigAlg Algorithm) ([]byte, *Signature, error) {
 	// TODO: Remove "unused" parameter on next breaking change.
 	attest, sigRaw, err := QuoteRaw(rw, signingHandle, signerAuth, unused, toQuote, sel, sigAlg)
 	if err != nil {
@@ -1003,7 +1003,7 @@ func Quote(rw io.ReadWriter, signingHandle tpmutil.Handle, signerAuth, unused st
 
 // QuoteRaw is very similar to Quote, except that it will return
 // the raw signature in a byte array without decoding.
-func QuoteRaw(rw io.ReadWriter, signingHandle tpmutil.Handle, signerAuth, unused string, toQuote []byte, sel PCRSelection, sigAlg Algorithm) ([]byte, []byte, error) {
+func QuoteRaw(rw io.ReadWriter, signingHandle tpmutil.Handle, signerAuth, unused string, toQuote []byte, sel []PCRSelection, sigAlg Algorithm) ([]byte, []byte, error) {
 	// TODO: Remove "unused" parameter on next breaking change.
 	Cmd, err := encodeQuote(signingHandle, signerAuth, toQuote, sel, sigAlg)
 	if err != nil {