Replace global prefix size with U32Bytes and U16Bytes (#92)

* Replace global prefix size with U32Bytes and U16Bytes
* Modify tpm1.2 and tpm2.0 commands to use these types instead of []byte
* Make *[]Handle a SelfMarshaler

Author: DenisKarch

tpm/commands.go

@@ -67,7 +67,7 @@ func osap(rw io.ReadWriter, osap *osapCommand) (*osapResponse, error) {
 }
 
 // seal performs a seal operation on the TPM.
-func seal(rw io.ReadWriter, sc *sealCommand, pcrs *pcrInfoLong, data []byte, ca *commandAuth) (*tpmStoredData, *responseAuth, uint32, error) {
+func seal(rw io.ReadWriter, sc *sealCommand, pcrs *pcrInfoLong, data tpmutil.U32Bytes, ca *commandAuth) (*tpmStoredData, *responseAuth, uint32, error) {
 	pcrsize := binary.Size(pcrs)
 	if pcrsize < 0 {
 		return nil, nil, 0, errors.New("couldn't compute the size of a pcrInfoLong")
@@ -91,7 +91,7 @@ func seal(rw io.ReadWriter, sc *sealCommand, pcrs *pcrInfoLong, data []byte, ca
 // unseal data sealed by the TPM.
 func unseal(rw io.ReadWriter, keyHandle tpmutil.Handle, sealed *tpmStoredData, ca1 *commandAuth, ca2 *commandAuth) ([]byte, *responseAuth, *responseAuth, uint32, error) {
 	in := []interface{}{keyHandle, sealed, ca1, ca2}
-	var outb []byte
+	var outb tpmutil.U32Bytes
 	var ra1 responseAuth
 	var ra2 responseAuth
 	out := []interface{}{&outb, &ra1, &ra2}
@@ -149,8 +149,8 @@ func getCapability(rw io.ReadWriter, cap, subcap uint32) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	var b []byte
-	in := []interface{}{cap, subCapBytes}
+	var b tpmutil.U32Bytes
+	in := []interface{}{cap, tpmutil.U32Bytes(subCapBytes)}
 	out := []interface{}{&b}
 	if _, err := submitTPMRequest(rw, tagRQUCommand, ordGetCapability, in, out); err != nil {
 		return nil, err
@@ -159,7 +159,7 @@ func getCapability(rw io.ReadWriter, cap, subcap uint32) ([]byte, error) {
 }
 
 func nvReadValue(rw io.ReadWriter, index, offset, len uint32, ca *commandAuth) ([]byte, *responseAuth, uint32, error) {
-	var b []byte
+	var b tpmutil.U32Bytes
 	var ra responseAuth
 	in := []interface{}{index, offset, len, ca}
 	out := []interface{}{&b, &ra}
@@ -179,8 +179,8 @@ func quote2(rw io.ReadWriter, keyHandle tpmutil.Handle, hash [20]byte, pcrs *pcr
 	in := []interface{}{keyHandle, hash, pcrs, addVersion, ca}
 	var pcrShort pcrInfoShort
 	var capInfo capVersionInfo
-	var capBytes []byte
-	var sig []byte
+	var capBytes tpmutil.U32Bytes
+	var sig tpmutil.U32Bytes
 	var ra responseAuth
 	out := []interface{}{&pcrShort, &capBytes, &sig, &ra}
 	ret, err := submitTPMRequest(rw, tagRQUAuth1Command, ordQuote2, in, out)
@@ -189,17 +189,17 @@ func quote2(rw io.ReadWriter, keyHandle tpmutil.Handle, hash [20]byte, pcrs *pcr
 	}
 
 	// Deserialize the capInfo, if any.
-	if len(capBytes) == 0 {
+	if len([]byte(capBytes)) == 0 {
 		return &pcrShort, nil, capBytes, sig, &ra, ret, nil
 	}
 
 	size := binary.Size(capInfo.CapVersionFixed)
-	capInfo.VendorSpecific = make([]byte, len(capBytes)-size)
-	if _, err := tpmutil.Unpack(capBytes[:size], &capInfo.CapVersionFixed); err != nil {
+	capInfo.VendorSpecific = make([]byte, len([]byte(capBytes))-size)
+	if _, err := tpmutil.Unpack([]byte(capBytes)[:size], &capInfo.CapVersionFixed); err != nil {
 		return nil, nil, nil, nil, nil, 0, err
 	}
 
-	copy(capInfo.VendorSpecific, capBytes[size:])
+	copy(capInfo.VendorSpecific, []byte(capBytes)[size:])
 
 	return &pcrShort, &capInfo, capBytes, sig, &ra, ret, nil
 }
@@ -209,7 +209,7 @@ func quote2(rw io.ReadWriter, keyHandle tpmutil.Handle, hash [20]byte, pcrs *pcr
 func quote(rw io.ReadWriter, keyHandle tpmutil.Handle, hash [20]byte, pcrs *pcrSelection, ca *commandAuth) (*pcrComposite, []byte, *responseAuth, uint32, error) {
 	in := []interface{}{keyHandle, hash, pcrs, ca}
 	var pcrc pcrComposite
-	var sig []byte
+	var sig tpmutil.U32Bytes
 	var ra responseAuth
 	out := []interface{}{&pcrc, &sig, &ra}
 	ret, err := submitTPMRequest(rw, tagRQUAuth1Command, ordQuote, in, out)
@@ -225,7 +225,7 @@ func quote(rw io.ReadWriter, keyHandle tpmutil.Handle, hash [20]byte, pcrs *pcrS
 func makeIdentity(rw io.ReadWriter, encAuth digest, idDigest digest, k *key, ca1 *commandAuth, ca2 *commandAuth) (*key, []byte, *responseAuth, *responseAuth, uint32, error) {
 	in := []interface{}{encAuth, idDigest, k, ca1, ca2}
 	var aik key
-	var sig []byte
+	var sig tpmutil.U32Bytes
 	var ra1 responseAuth
 	var ra2 responseAuth
 	out := []interface{}{&aik, &sig, &ra1, &ra2}
@@ -239,7 +239,7 @@ func makeIdentity(rw io.ReadWriter, encAuth digest, idDigest digest, k *key, ca1
 
 // activateIdentity provides the TPM with an EK encrypted challenge and asks it to
 // decrypt the challenge and return the secret (symmetric key).
-func activateIdentity(rw io.ReadWriter, keyHandle tpmutil.Handle, blob []byte, ca1 *commandAuth, ca2 *commandAuth) (*symKey, *responseAuth, *responseAuth, uint32, error) {
+func activateIdentity(rw io.ReadWriter, keyHandle tpmutil.Handle, blob tpmutil.U32Bytes, ca1 *commandAuth, ca2 *commandAuth) (*symKey, *responseAuth, *responseAuth, uint32, error) {
 	in := []interface{}{keyHandle, blob, ca1, ca2}
 	var symkey symKey
 	var ra1 responseAuth
@@ -317,7 +317,7 @@ func ownerClear(rw io.ReadWriter, ca *commandAuth) (*responseAuth, uint32, error
 // owner auth. This operation can only be performed if there is no owner. The
 // TPM can be put into this state using TPM_OwnerClear. The encOwnerAuth and
 // encSRKAuth values must be encrypted using the endorsement key.
-func takeOwnership(rw io.ReadWriter, encOwnerAuth []byte, encSRKAuth []byte, srk *key, ca *commandAuth) (*key, *responseAuth, uint32, error) {
+func takeOwnership(rw io.ReadWriter, encOwnerAuth tpmutil.U32Bytes, encSRKAuth tpmutil.U32Bytes, srk *key, ca *commandAuth) (*key, *responseAuth, uint32, error) {
 	in := []interface{}{pidOwner, encOwnerAuth, encSRKAuth, srk, ca}
 	var k key
 	var ra responseAuth
@@ -344,9 +344,9 @@ func createWrapKey(rw io.ReadWriter, encUsageAuth digest, encMigrationAuth diges
 	return &k, &ra, ret, nil
 }
 
-func sign(rw io.ReadWriter, keyHandle tpmutil.Handle, data []byte, ca *commandAuth) ([]byte, *responseAuth, uint32, error) {
+func sign(rw io.ReadWriter, keyHandle tpmutil.Handle, data tpmutil.U32Bytes, ca *commandAuth) ([]byte, *responseAuth, uint32, error) {
 	in := []interface{}{keyHandle, data, ca}
-	var signature []byte
+	var signature tpmutil.U32Bytes
 	var ra responseAuth
 	out := []interface{}{&signature, &ra}
 	ret, err := submitTPMRequest(rw, tagRQUAuth1Command, ordSign, in, out)

tpm/constants.go

@@ -16,11 +16,6 @@ package tpm
 
 import "github.com/google/go-tpm/tpmutil"
 
-func init() {
-	// TPM 1.2 spec uses uint32 for length prefix of byte arrays.
-	tpmutil.UseTPM12LengthPrefixSize()
-}
-
 // Supported TPM commands.
 const (
 	tagPCRInfoLong     uint16 = 0x06

tpm/structures.go

@@ -17,7 +17,6 @@ package tpm
 import (
 	"crypto"
 	"crypto/rsa"
-	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
@@ -193,7 +192,7 @@ type keyParams struct {
 	AlgID     uint32
 	EncScheme uint16
 	SigScheme uint16
-	Params    []byte // Serialized rsaKeyParams or symmetricKeyParams.
+	Params    tpmutil.U32Bytes // Serialized rsaKeyParams or symmetricKeyParams.
 }
 
 // An rsaKeyParams encodes the length of the RSA prime in bits, the number of
@@ -202,13 +201,13 @@ type keyParams struct {
 type rsaKeyParams struct {
 	KeyLength uint32
 	NumPrimes uint32
-	Exponent  []byte
+	Exponent  tpmutil.U32Bytes
 }
 
 type symmetricKeyParams struct {
 	KeyLength uint32
 	BlockSize uint32
-	IV        []byte
+	IV        tpmutil.U32Bytes
 }
 
 // A key is a TPM representation of a key.
@@ -218,9 +217,9 @@ type key struct {
 	KeyFlags        uint32
 	AuthDataUsage   byte
 	AlgorithmParams keyParams
-	PCRInfo         []byte
-	PubKey          []byte
-	EncData         []byte
+	PCRInfo         tpmutil.U32Bytes
+	PubKey          tpmutil.U32Bytes
+	EncData         tpmutil.U32Bytes
 }
 
 // A key12 is a newer TPM representation of a key.
@@ -231,73 +230,29 @@ type key12 struct {
 	KeyFlags        uint32
 	AuthDataUsage   byte
 	AlgorithmParams keyParams
-	PCRInfo         []byte // This must be a serialization of a pcrInfoLong.
-	PubKey          []byte
-	EncData         []byte
+	PCRInfo         tpmutil.U32Bytes // This must be a serialization of a pcrInfoLong.
+	PubKey          tpmutil.U32Bytes
+	EncData         tpmutil.U32Bytes
 }
 
 // A pubKey represents a public key known to the TPM.
 type pubKey struct {
 	AlgorithmParams keyParams
-	Key             []byte
+	Key             tpmutil.U32Bytes
 }
 
 // A symKey is a TPM representation of a symmetric key.
 type symKey struct {
 	AlgID     uint32
 	EncScheme uint16
-	Key       []byte
-}
-
-// TPMMarshal will marshal the symKey into a byte Buffer as specified the TPM spec.
-func (k *symKey) TPMMarshal(out io.Writer) error {
-	if err := binary.Write(out, binary.BigEndian, &k.AlgID); err != nil {
-		return err
-	}
-	if err := binary.Write(out, binary.BigEndian, &k.EncScheme); err != nil {
-		return err
-	}
-	if err := binary.Write(out, binary.BigEndian, uint16(len(k.Key))); err != nil {
-		return err
-	}
-	if err := binary.Write(out, binary.BigEndian, k.Key); err != nil {
-		return err
-	}
-	return nil
-}
-
-// TPMUnmarshal will parse the byte Buffer and populate the symKey.
-func (k *symKey) TPMUnmarshal(in io.Reader) error {
-	if err := binary.Read(in, binary.BigEndian, &k.AlgID); err != nil {
-		return err
-	}
-	if err := binary.Read(in, binary.BigEndian, &k.EncScheme); err != nil {
-		return err
-	}
-	var size uint16
-	if err := binary.Read(in, binary.BigEndian, &size); err != nil {
-		return err
-	}
-	key := make([]byte, size)
-	if err := binary.Read(in, binary.BigEndian, &key); err != nil {
-		return err
-	}
-	k.Key = key
-	return nil
-}
-
-// TPMPackedSize will return the expected size in bytes of the marshaled symKey.
-func (k *symKey) TPMPackedSize() int {
-	// AlgID  + EncScheme + len(Key) + Key
-	// uint32 + uint16    + uint16   + BYTE[]
-	return binary.Size(k.AlgID) + binary.Size(k.EncScheme) + binary.Size(uint16(len(k.Key))) + binary.Size(k.Key)
+	Key       tpmutil.U16Bytes // TPM_SYMMETRIC_KEY uses a 16-bit header for Key data
 }
 
 // A tpmStoredData holds sealed data from the TPM.
 type tpmStoredData struct {
 	Version uint32
-	Info    []byte
-	Enc     []byte
+	Info    tpmutil.U32Bytes
+	Enc     tpmutil.U32Bytes
 }
 
 // String returns a string representation of a tpmStoredData.
@@ -323,7 +278,7 @@ type quoteInfo struct {
 // A pcrComposite stores a selection of PCRs with the selected PCR values.
 type pcrComposite struct {
 	Selection pcrSelection
-	Values    []byte
+	Values    tpmutil.U32Bytes
 }
 
 // convertPubKey converts a public key into TPM form. Currently, this function

tpm/tpm.go

@@ -93,7 +93,7 @@ func FetchPCRValues(rw io.ReadWriter, pcrVals []int) ([]byte, error) {
 
 // GetRandom gets random bytes from the TPM.
 func GetRandom(rw io.ReadWriter, size uint32) ([]byte, error) {
-	var b []byte
+	var b tpmutil.U32Bytes
 	in := []interface{}{size}
 	out := []interface{}{&b}
 	// There's no need to check the ret value here, since the err value
@@ -177,7 +177,7 @@ func Quote2(rw io.ReadWriter, handle tpmutil.Handle, data []byte, pcrVals []int,
 	}
 
 	// Check response authentication.
-	raIn := []interface{}{ret, ordQuote2, pcrShort, capBytes, sig}
+	raIn := []interface{}{ret, ordQuote2, pcrShort, tpmutil.U32Bytes(capBytes), tpmutil.U32Bytes(sig)}
 	if err := ra.verify(ca.NonceOdd, sharedSecret[:], raIn); err != nil {
 		return nil, err
 	}
@@ -353,7 +353,7 @@ func sealHelper(rw io.ReadWriter, pcrInfo *pcrInfoLong, data []byte, srkAuth []b
 	// digest = SHA1(ordSeal || encAuth || binary.Size(pcrInfo) || pcrInfo ||
 	//               len(data) || data)
 	//
-	authIn := []interface{}{ordSeal, sc.EncAuth, uint32(binary.Size(pcrInfo)), pcrInfo, data}
+	authIn := []interface{}{ordSeal, sc.EncAuth, uint32(binary.Size(pcrInfo)), pcrInfo, tpmutil.U32Bytes(data)}
 	ca, err := newCommandAuth(osapr.AuthHandle, osapr.NonceEven, sharedSecret[:], authIn)
 	if err != nil {
 		return nil, err
@@ -446,7 +446,7 @@ func Unseal(rw io.ReadWriter, sealed []byte, srkAuth []byte) ([]byte, error) {
 	}
 
 	// Check the response authentication.
-	raIn := []interface{}{ret, ordUnseal, unsealed}
+	raIn := []interface{}{ret, ordUnseal, tpmutil.U32Bytes(unsealed)}
 	if err := ra1.verify(ca1.NonceOdd, sharedSecret[:], raIn); err != nil {
 		return nil, err
 	}
@@ -488,7 +488,7 @@ func Quote(rw io.ReadWriter, handle tpmutil.Handle, data []byte, pcrNums []int,
 	}
 
 	// Check response authentication.
-	raIn := []interface{}{ret, ordQuote, pcrc, sig}
+	raIn := []interface{}{ret, ordQuote, pcrc, tpmutil.U32Bytes(sig)}
 	if err := ra.verify(ca.NonceOdd, sharedSecret[:], raIn); err != nil {
 		return nil, nil, err
 	}
@@ -607,7 +607,7 @@ func MakeIdentity(rw io.ReadWriter, srkAuth []byte, ownerAuth []byte, aikAuth []
 	}
 
 	// Check response authentication.
-	raIn := []interface{}{ret, ordMakeIdentity, k, sig}
+	raIn := []interface{}{ret, ordMakeIdentity, k, tpmutil.U32Bytes(sig)}
 	if err := ra1.verify(ca1.NonceOdd, sharedSecretSRK[:], raIn); err != nil {
 		return nil, err
 	}
@@ -679,7 +679,7 @@ func ActivateIdentity(rw io.ReadWriter, aikAuth []byte, ownerAuth []byte, aik tp
 	defer osaprOwn.Close(rw)
 	defer zeroBytes(sharedSecretOwn[:])
 
-	authIn := []interface{}{ordActivateIdentity, asym}
+	authIn := []interface{}{ordActivateIdentity, tpmutil.U32Bytes(asym)}
 	ca1, err := newCommandAuth(oiaprAIK.AuthHandle, oiaprAIK.NonceEven, aikAuth, authIn)
 	if err != nil {
 		return nil, fmt.Errorf("newCommandAuth failed: %v", err)
@@ -927,7 +927,7 @@ func NVReadValue(rw io.ReadWriter, index, offset, len uint32, ownAuth digest) ([
 	if err != nil {
 		return nil, fmt.Errorf("failed to read from NVRAM: %v", err)
 	}
-	raIn := []interface{}{ret, ordNVReadValue, data}
+	raIn := []interface{}{ret, ordNVReadValue, tpmutil.U32Bytes(data)}
 	if err := ra.verify(ca.NonceOdd, sharedSecretOwn[:], raIn); err != nil {
 		return nil, fmt.Errorf("failed to verify authenticity of response: %v", err)
 	}
@@ -1214,7 +1214,7 @@ func Sign(rw io.ReadWriter, keyAuth []byte, keyHandle tpmutil.Handle, hash crypt
 	defer osapr.Close(rw)
 	defer zeroBytes(sharedSecret[:])
 
-	authIn := []interface{}{ordSign, data}
+	authIn := []interface{}{ordSign, tpmutil.U32Bytes(data)}
 	ca, err := newCommandAuth(osapr.AuthHandle, osapr.NonceEven, sharedSecret[:], authIn)
 	if err != nil {
 		return nil, err
@@ -1225,7 +1225,7 @@ func Sign(rw io.ReadWriter, keyAuth []byte, keyHandle tpmutil.Handle, hash crypt
 		return nil, err
 	}
 
-	raIn := []interface{}{ret, ordSign, signature}
+	raIn := []interface{}{ret, ordSign, tpmutil.U32Bytes(signature)}
 	err = ra.verify(ca.NonceOdd, sharedSecret[:], raIn)
 	if err != nil {
 		return nil, err

tpm/tpm_test.go

@@ -216,13 +216,13 @@ func TestResizeableSlice(t *testing.T) {
 		t.Fatal("Couldn't read random bytes into the byte array")
 	}
 
-	bb, err := tpmutil.Pack(ra, b)
+	bb, err := tpmutil.Pack(ra, tpmutil.U32Bytes(b))
 	if err != nil {
 		t.Fatal("Couldn't pack the bytes:", err)
 	}
 
 	var ra2 responseAuth
-	var b2 []byte
+	var b2 tpmutil.U32Bytes
 	if _, err := tpmutil.Unpack(bb, &ra2, &b2); err != nil {
 		t.Fatal("Couldn't unpack the resizeable values:", err)
 	}

tpm2/constants.go

@@ -25,10 +25,6 @@ import (
 	"github.com/google/go-tpm/tpmutil"
 )
 
-func init() {
-	tpmutil.UseTPM20LengthPrefixSize()
-}
-
 // MAX_DIGEST_BUFFER is the maximum size of []byte request or response fields.
 // Typically used for chunking of big blobs of data (such as for hashing or
 // encryption).