Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / d13c1c64387ca9a83bb832a3faa5c4b07268d265^! / . / metropolis / pkg / tpm / credactivation_compat.go
commitd13c1c64387ca9a83bb832a3faa5c4b07268d265[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Wed Mar 30 19:58:58 2022 +0200
committerLorenz Brun <lorenz@monogon.tech>Tue Apr 05 10:35:29 2022 +0000
tree0c0f534db4726e4400486aad25235e8c573d455e
parent79a1a8f9dd49afe8e0a2364c4586b8f39525b204 [diff] [blame]
treewide: switch to gomod and bump everything

This switches version resolution from fietsje to gomod and updates
all Go dependencies. It also bumps rules_go (required by gVisor) and
switches the Gazelle naming convention from go_default_xxx to the
standard Bazel convention of the default target having the package
name.

Since Kubernetes dropped upstream Bazel support and doesn't check in
all generated files I manually pregenerated the OpenAPI spec. This
should be fixed, but because of the already-huge scope of this CL
and the rebase complexity this is not in here.

Change-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833
Reviewed-on: https://review.monogon.dev/c/monogon/+/639
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>
Reviewed-by: Leopold Schabel <leo@nexantic.com>

diff --git a/metropolis/pkg/tpm/credactivation_compat.go b/metropolis/pkg/tpm/credactivation_compat.go
index a6710ae..24766a7 100644
--- a/metropolis/pkg/tpm/credactivation_compat.go
+++ b/metropolis/pkg/tpm/credactivation_compat.go

@@ -46,7 +46,7 @@
 )
 
 func generateRSA(aik *tpm2.HashValue, pub *rsa.PublicKey, symBlockSize int, secret []byte, rnd io.Reader) ([]byte, []byte, error) {
-	newAIKHash, err := aik.Alg.HashConstructor()
+	aikHash, err := aik.Alg.Hash()
 	if err != nil {
 		return nil, nil, err
 	}
@@ -63,7 +63,7 @@
 	// Encrypt the seed value using the provided public key.
 	// See annex B, section 10.4 of the TPM specification revision 2 part 1.
 	label := append([]byte(labelIdentity), 0)
-	encSecret, err := rsa.EncryptOAEP(newAIKHash(), rnd, pub, seed, label)
+	encSecret, err := rsa.EncryptOAEP(aikHash.New(), rnd, pub, seed, label)
 	if err != nil {
 		return nil, nil, fmt.Errorf("generating encrypted seed: %v", err)
 	}
@@ -95,12 +95,12 @@
 	// Generate the integrity HMAC, which is used to protect the integrity of the
 	// encrypted structure.
 	// See section 24.5 of the TPM specification revision 2 part 1.
-	macKey, err := tpm2.KDFa(aik.Alg, seed, labelIntegrity, nil, nil, newAIKHash().Size()*8)
+	macKey, err := tpm2.KDFa(aik.Alg, seed, labelIntegrity, nil, nil, aikHash.Size()*8)
 	if err != nil {
 		return nil, nil, fmt.Errorf("generating HMAC key: %v", err)
 	}
 
-	mac := hmac.New(newAIKHash, macKey)
+	mac := hmac.New(aikHash.New, macKey)
 	mac.Write(encIdentity)
 	mac.Write(aikNameEncoded)
 	integrityHMAC := mac.Sum(nil)