Add Import command #114
Add Import command #114
Conversation
tpm2/tpm2.go
Outdated
| // or in a different TPM. The publicBlob and privateBlob must always be | ||
| // provided. symSeed should be non-nil iff an "outer wrapper" is used. Both of | ||
| // encryptionKey and sym should be non-nil iff an "inner wrapper" is used. | ||
| func ImportUsingAuth(rw io.ReadWriter, parentHandle tpmutil.Handle, auth AuthCommand, publicBlob, privateBlob, symSeed, encryptionKey []byte, sym *SymScheme) ([]byte, error) { |
There was a problem hiding this comment.
I'm not a huge fan of this "UsingAuth" naming pattern.
Can this command be used without auth?
If the other alternative is using PasswordSession, maybe we refactor everything to take AuthCommand and add a helper func PasswordAuth(pass string) AuthCommand?
There was a problem hiding this comment.
I'm not a huge fan of this "UsingAuth" naming pattern.
Can this command be used without auth?
Nope, it will always need some sort of authorization (usually session authorization). I changed the name to Import to reflect this.
If the other alternative is using PasswordSession, maybe we refactor everything to take
AuthCommandand add a helperfunc PasswordAuth(pass string) AuthCommand?
I think a better idea might be to have a common Auth interface which is implemented by PasswordAuth and SessionAuth, allowing a user to just passPasswordAuth or SessionAuth whereever an auth value is needed, but that's something we should probably address later.
Done, the test is a just a "plain" Import that doesn't use an inner or outer wrapper. See google/go-tpm-tools#36 for more complex tests. |
|
Could you give an example for import a AES 128 bit key? I try to replace tmp2_import external aes key but no luck. Thanks. |
Depends on #122 (for proper testing).
This allows TPM2_Import to be called from go-tpm.
The code is ready for review, but this PR still needs tests.