commit 5f1a7de2dfb5db1884fcb677a0bd38daf6dd3c97
author Tim Windelschmidt <tim@monogon.tech> Thu Sep 19 02:00:14 2024 +0200
committer Tim Windelschmidt <tim@monogon.tech> Thu Sep 19 12:06:50 2024 +0000
tree fd52bf35b4b2e6b5c51f56d62424c9d0820ef537
parent e337e938ae8e08dffa3a01045571188413ce70ff

treewide: fix %v in cases where we should use %w

We should always use %w when using fmt.Errorf as you can use error.Is to
compare the underlying error. When printing an error the use of %w is
wrong and should be replaced with %v.

Change-Id: I741111bd91dcee4099144d2ecaffa879fdbb34a2
Reviewed-on: https://review.monogon.dev/c/monogon/+/2993
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

osbase/tpm/credactivation_compat.go

diff --git a/osbase/tpm/credactivation_compat.go b/osbase/tpm/credactivation_compat.go
index 24766a7..2c5ee3b 100644
--- a/osbase/tpm/credactivation_compat.go
+++ b/osbase/tpm/credactivation_compat.go
@@ -57,7 +57,7 @@
 	// Spec: TCG 2.0 EK Credential Profile revision 14, section 2.1.5.1.
 	seed := make([]byte, symBlockSize)
 	if _, err := io.ReadFull(rnd, seed); err != nil {
-		return nil, nil, fmt.Errorf("generating seed: %v", err)
+		return nil, nil, fmt.Errorf("generating seed: %w", err)
 	}
 
 	// Encrypt the seed value using the provided public key.
@@ -65,7 +65,7 @@
 	label := append([]byte(labelIdentity), 0)
 	encSecret, err := rsa.EncryptOAEP(aikHash.New(), rnd, pub, seed, label)
 	if err != nil {
-		return nil, nil, fmt.Errorf("generating encrypted seed: %v", err)
+		return nil, nil, fmt.Errorf("generating encrypted seed: %w", err)
 	}
 
 	// Generate the encrypted credential by convolving the seed with the digest
@@ -73,19 +73,19 @@
 	// See section 24.4 of TPM 2.0 specification, part 1.
 	aikNameEncoded, err := aik.Encode()
 	if err != nil {
-		return nil, nil, fmt.Errorf("encoding aikName: %v", err)
+		return nil, nil, fmt.Errorf("encoding aikName: %w", err)
 	}
 	symmetricKey, err := tpm2.KDFa(aik.Alg, seed, labelStorage, aikNameEncoded, nil, len(seed)*8)
 	if err != nil {
-		return nil, nil, fmt.Errorf("generating symmetric key: %v", err)
+		return nil, nil, fmt.Errorf("generating symmetric key: %w", err)
 	}
 	c, err := aes.NewCipher(symmetricKey)
 	if err != nil {
-		return nil, nil, fmt.Errorf("symmetric cipher setup: %v", err)
+		return nil, nil, fmt.Errorf("symmetric cipher setup: %w", err)
 	}
 	cv, err := tpmutil.Pack(tpmutil.U16Bytes(secret))
 	if err != nil {
-		return nil, nil, fmt.Errorf("generating cv (TPM2B_Digest): %v", err)
+		return nil, nil, fmt.Errorf("generating cv (TPM2B_Digest): %w", err)
 	}
 
 	// IV is all null bytes. encIdentity represents the encrypted credential.
@@ -97,7 +97,7 @@
 	// See section 24.5 of the TPM specification revision 2 part 1.
 	macKey, err := tpm2.KDFa(aik.Alg, seed, labelIntegrity, nil, nil, aikHash.Size()*8)
 	if err != nil {
-		return nil, nil, fmt.Errorf("generating HMAC key: %v", err)
+		return nil, nil, fmt.Errorf("generating HMAC key: %w", err)
 	}
 
 	mac := hmac.New(aikHash.New, macKey)
@@ -111,16 +111,16 @@
 	}
 	id, err := tpmutil.Pack(idObject)
 	if err != nil {
-		return nil, nil, fmt.Errorf("encoding IDObject: %v", err)
+		return nil, nil, fmt.Errorf("encoding IDObject: %w", err)
 	}
 
 	packedID, err := tpmutil.Pack(id)
 	if err != nil {
-		return nil, nil, fmt.Errorf("packing id: %v", err)
+		return nil, nil, fmt.Errorf("packing id: %w", err)
 	}
 	packedEncSecret, err := tpmutil.Pack(encSecret)
 	if err != nil {
-		return nil, nil, fmt.Errorf("packing encSecret: %v", err)
+		return nil, nil, fmt.Errorf("packing encSecret: %w", err)
 	}
 
 	return packedID, packedEncSecret, nil