bump dependency

salrashid123 · salrashid123 · commit bd234ca43723 · 2024-06-14T08:14:34.000-04:00
diff --git a/example/README.md b/example/README.md
@@ -126,5 +126,47 @@ go run sign_verify_tpm/policy_pcr/main.go --handle=0x81008006 --tpm-path="127.0.
 go run sign_verify_tpm/policy_password/main.go --handle=0x81008007 --tpm-path="127.0.0.1:2321"
 ```
 
+Note, you can define your own policy for import too...just implement the "session" interface from the signer:
+
+```golang
+type Session interface {
+	GetSession() (auth tpm2.Session, closer func() error, err error) // this supplies the session handle to the library
+}
+```
+
+eg: 
+
+```golang
+// for pcr sessions
+type MyCustomSession struct {
+	rwr transport.TPM
+	sel []tpm2.TPMSPCRSelection
+}
+
+func NewMyCustomSession(rwr transport.TPM, sel []tpm2.TPMSPCRSelection) (MyCustomSession, error) {
+	return MyCustomSession{rwr, sel}, nil
+}
+
+func (p MyCustomSession) GetSession() (auth tpm2.Session, closer func() error, err error) {
+
+	sess, closer, err := tpm2.PolicySession(p.rwr, tpm2.TPMAlgSHA256, 16)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// implement whatever you want here, i'm just using policypcr
+
+	_, err = tpm2.PolicyPCR{
+		PolicySession: sess.Handle(),
+		Pcrs: tpm2.TPMLPCRSelection{
+			PCRSelections: p.sel,
+		},
+	}.Execute(p.rwr)
+	if err != nil {
+		return nil, nil, err
+	}
+	return sess, closer, nil
+}
+```
 ---
 
diff --git a/tpm/go.mod b/tpm/go.mod
@@ -5,7 +5,7 @@ go 1.22
 toolchain go1.22.2
 
 require (
-	github.com/google/go-tpm v0.9.1-0.20240510201744-5c2f0887e003
+	github.com/google/go-tpm v0.9.1
 	github.com/google/go-tpm-tools v0.4.4
 	github.com/stretchr/testify v1.8.3
 )
@@ -23,7 +23,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/tpm/go.sum b/tpm/go.sum
@@ -18,6 +18,8 @@ github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m
 github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThLk/RygXm04nE=
 github.com/google/go-tpm v0.9.1-0.20240510201744-5c2f0887e003 h1:gfGQAIxsEEAuYuFvjCGpDnTwisMJOz+rUfJMkk4yTmc=
 github.com/google/go-tpm v0.9.1-0.20240510201744-5c2f0887e003/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
+github.com/google/go-tpm v0.9.1 h1:0pGc4X//bAlmZzMKf8iz6IsDo1nYTbYJ6FZN/rg4zdM=
+github.com/google/go-tpm v0.9.1/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
 github.com/google/go-tpm-tools v0.4.4 h1:oiQfAIkc6xTy9Fl5NKTeTJkBTlXdHsxAofmQyxBKY98=
 github.com/google/go-tpm-tools v0.4.4/go.mod h1:T8jXkp2s+eltnCDIsXR84/MTcVU9Ja7bh3Mit0pa4AY=
 github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus=
@@ -42,6 +44,8 @@ golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq
 golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
diff --git a/tpm/tpm.go b/tpm/tpm.go
@@ -168,13 +168,12 @@ func (t TPM) Sign(rr io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte,
 	var se tpm2.Session
 	if t.AuthSession != nil {
 		var err error
-		se, err = t.AuthSession.GetSession()
+		var closer func() error
+		se, closer, err = t.AuthSession.GetSession()
 		if err != nil {
 			return nil, fmt.Errorf("signer: error getting session %s", err)
 		}
-		defer func() {
-			_, err = (&tpm2.FlushContext{FlushHandle: se.Handle()}).Execute(rwr)
-		}()
+		defer closer()
 	} else {
 		se = tpm2.PasswordAuth(nil)
 	}
@@ -302,8 +301,7 @@ func (t TPM) TLSCertificate() (tls.Certificate, error) {
 }
 
 type Session interface {
-	io.Closer                                   // read closer to the TPM
-	GetSession() (auth tpm2.Session, err error) // this supplies the session handle to the library
+	GetSession() (auth tpm2.Session, closer func() error, err error) // this supplies the session handle to the library
 }
 
 // for pcr sessions
@@ -316,10 +314,10 @@ func NewPCRSession(rwr transport.TPM, sel []tpm2.TPMSPCRSelection) (PCRSession,
 	return PCRSession{rwr, sel}, nil
 }
 
-func (p PCRSession) GetSession() (auth tpm2.Session, err error) {
-	sess, _, err := tpm2.PolicySession(p.rwr, tpm2.TPMAlgSHA256, 16)
+func (p PCRSession) GetSession() (auth tpm2.Session, closer func() error, err error) {
+	sess, closer, err := tpm2.PolicySession(p.rwr, tpm2.TPMAlgSHA256, 16)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	_, err = tpm2.PolicyPCR{
 		PolicySession: sess.Handle(),
@@ -328,13 +326,9 @@ func (p PCRSession) GetSession() (auth tpm2.Session, err error) {
 		},
 	}.Execute(p.rwr)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
-	return sess, nil
-}
-
-func (p PCRSession) Close() error {
-	return nil
+	return sess, closer, nil
 }
 
 // for password sessions
@@ -347,10 +341,7 @@ func NewPasswordSession(rwr transport.TPM, password []byte) (PasswordSession, er
 	return PasswordSession{rwr, password}, nil
 }
 
-func (p PasswordSession) GetSession() (auth tpm2.Session, err error) {
-	return tpm2.PasswordAuth(p.password), nil
-}
-
-func (p PasswordSession) Close() error {
-	return nil
+func (p PasswordSession) GetSession() (auth tpm2.Session, closer func() error, err error) {
+	c := func() error { return nil }
+	return tpm2.PasswordAuth(p.password), c, nil
 }
