key: move to noalg keys to support different hashing algos

Signed-off-by: Morten Linderud <morten@linderud.pw>
Foxboron · Feb 21, 2024 · a724802 · a724802
1 parent 9e8c823
commit a724802
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 28 deletions.
diff --git a/cmd/ssh-tpm-agent/main_test.go b/cmd/ssh-tpm-agent/main_test.go
@@ -190,4 +190,10 @@ func TestSSHAuth(t *testing.T) {
 	t.Run("rsa - agent", func(t *testing.T) {
 		runSSHAuth(t, tpm2.TPMAlgRSA, 2048)
 	})
+	t.Run("ecdsa p384 - agent", func(t *testing.T) {
+		runSSHAuth(t, tpm2.TPMAlgECDSA, 384)
+	})
+	t.Run("ecdsa p521 - agent", func(t *testing.T) {
+		runSSHAuth(t, tpm2.TPMAlgECDSA, 521)
+	})
 }
diff --git a/key/key.go b/key/key.go
@@ -291,13 +291,7 @@ func createECCKey(ecc tpm2.TPMECCCurve, sha tpm2.TPMAlgID) tpm2.TPM2B[tpm2.TPMTP
 			&tpm2.TPMSECCParms{
 				CurveID: ecc,
 				Scheme: tpm2.TPMTECCScheme{
-					Scheme: tpm2.TPMAlgECDSA,
-					Details: tpm2.NewTPMUAsymScheme(
-						tpm2.TPMAlgECDSA,
-						&tpm2.TPMSSigSchemeECDSA{
-							HashAlg: tpm2.TPMAlgSHA256,
-						},
-					),
+					Scheme: tpm2.TPMAlgNull,
 				},
 			},
 		),
@@ -319,13 +313,7 @@ func createRSAKey(bits tpm2.TPMKeyBits, sha tpm2.TPMAlgID) tpm2.TPM2B[tpm2.TPMTP
 			tpm2.TPMAlgRSA,
 			&tpm2.TPMSRSAParms{
 				Scheme: tpm2.TPMTRSAScheme{
-					Scheme: tpm2.TPMAlgRSASSA,
-					Details: tpm2.NewTPMUAsymScheme(
-						tpm2.TPMAlgRSASSA,
-						&tpm2.TPMSSigSchemeRSASSA{
-							HashAlg: tpm2.TPMAlgSHA256,
-						},
-					),
+					Scheme: tpm2.TPMAlgNull,
 				},
 				KeyBits: bits,
 			},
@@ -480,13 +468,7 @@ func ImportKey(tpm transport.TPMCloser, pk any, pin, comment []byte) (*Key, erro
 				&tpm2.TPMSECCParms{
 					CurveID: curveid,
 					Scheme: tpm2.TPMTECCScheme{
-						Scheme: tpm2.TPMAlgECDSA,
-						Details: tpm2.NewTPMUAsymScheme(
-							tpm2.TPMAlgECDSA,
-							&tpm2.TPMSSigSchemeECDSA{
-								HashAlg: tpm2.TPMAlgSHA256,
-							},
-						),
+						Scheme: tpm2.TPMAlgNull,
 					},
 				},
 			),
@@ -523,13 +505,7 @@ func ImportKey(tpm transport.TPMCloser, pk any, pin, comment []byte) (*Key, erro
 				tpm2.TPMAlgRSA,
 				&tpm2.TPMSRSAParms{
 					Scheme: tpm2.TPMTRSAScheme{
-						Scheme: tpm2.TPMAlgRSASSA,
-						Details: tpm2.NewTPMUAsymScheme(
-							tpm2.TPMAlgRSASSA,
-							&tpm2.TPMSSigSchemeRSASSA{
-								HashAlg: tpm2.TPMAlgSHA256,
-							},
-						),
+						Scheme: tpm2.TPMAlgNull,
 					},
 					KeyBits: 2048,
 				},