feat: tpm2.EvictControl

[jclab-joseph]

Fix #335

Sample Code:

package main

import (
    "flag"
    "fmt"
    "github.com/google/go-tpm/tpm2"
    "github.com/google/go-tpm/tpm2/transport"
    "github.com/google/go-tpm/tpmutil/mssim"
    "log"
    "os"
)

var (
    defaultKeyTemplate = tpm2.TPMTPublic{
        Type:    tpm2.TPMAlgECC,
        NameAlg: tpm2.TPMAlgSHA256,
        ObjectAttributes: tpm2.TPMAObject{
            FixedTPM:            true,
            STClear:             false,
            FixedParent:         true,
            SensitiveDataOrigin: true,
            UserWithAuth:        true,
            NoDA:                true,
            Decrypt:             false,
            SignEncrypt:         true,
            X509Sign:            false,
        },
        Parameters: tpm2.NewTPMUPublicParms(
            tpm2.TPMAlgECC,
            &tpm2.TPMSECCParms{
                Scheme: tpm2.TPMTECCScheme{
                    Scheme: tpm2.TPMAlgECDSA,
                    Details: tpm2.NewTPMUAsymScheme(
                        tpm2.TPMAlgECDSA,
                        &tpm2.TPMSSigSchemeECDSA{
                            HashAlg: tpm2.TPMAlgSHA256,
                        },
                    ),
                },
                CurveID: tpm2.TPMECCNistP256,
            },
        ),
    }
)

func main() {
    flag.Parse()

    conn, err := mssim.Open(mssim.Config{})
    if err != nil {
        fmt.Fprintf(os.Stderr, "Couldn't open mssim %s\n", err)
        return
    }
    defer conn.Close()

    tpmTransport := transport.FromReadWriter(conn)
    if err != nil {
        fmt.Fprintf(os.Stderr, "Could't open the TPM: %s\n", err)
        return
    }

    if true {
        tpm2.Startup{}.Execute(tpmTransport)
    }

    session, closer, err := tpm2.HMACSession(tpmTransport, tpm2.TPMAlgSHA256, 32)
    if err != nil {
        log.Fatalln("hmac session failed: ", err)
    }
    defer closer()

    var nextPersistentHandle tpm2.TPMIDHObject
    if true {
        resp, err := tpm2.GetCapability{
            Capability:    tpm2.TPMCapHandles,
            Property:      0x81000000,
            PropertyCount: 64,
        }.Execute(tpmTransport)
        if err != nil {
            log.Fatalln("read public failed: ", err)
        }

        handles, err := resp.CapabilityData.Data.Handles()
        if err != nil {
            log.Fatalln("read public failed: ", err)
        }
        for _, handle := range handles.Handle {
            if nextPersistentHandle < handle {
                nextPersistentHandle = handle
            }
        }
        if nextPersistentHandle == 0 {
            nextPersistentHandle = 0x81000000
        } else {
            nextPersistentHandle += 1
        }
    }

    createResp, err := tpm2.CreatePrimary{
        PrimaryHandle: tpm2.AuthHandle{
            Handle: tpm2.TPMRHOwner,
            Auth:   session,
        },
        InPublic: tpm2.New2B(defaultKeyTemplate),
    }.Execute(tpmTransport)
    if err != nil {
        log.Fatalln("CreatePrimary failed: ", err)
    }

    resp, err := tpm2.EvictControl{
        Auth: tpm2.AuthHandle{
            Handle: tpm2.TPMRHOwner,
            Auth:   session,
        },
        ObjectHandle: &tpm2.NamedHandle{
            Handle: createResp.ObjectHandle,
            Name:   createResp.Name,
        },
        PersistentHandle: nextPersistentHandle,
    }.Execute(tpmTransport)
    if err != nil {
        log.Printf("EVICT FAILED: %v", err)
    }
    _ = resp

    log.Printf("persistent handle: 0x%08x", nextPersistentHandle)
}

[frezbo]

cool, i wanted to take a stab at this at some point. Nice work :clap:

[jclab-joseph]

@chrisfenner Fixes and added test code!

[chrisfenner]

@jclab-joseph I see the lint CI check is failing because goimports -w would change some files. Would you mind running that and updating the PR?

[chrisfenner]

thank you @jclab-joseph for this change!!