diff --git a/tpm/ak.go b/tpm/ak.go index 82903b51..cb6cbd8c 100644 --- a/tpm/ak.go +++ b/tpm/ak.go @@ -132,7 +132,7 @@ func (ak *AK) MarshalJSON() ([]byte, error) { // CreateAK creates and stores a new AK identified by `name`. // If no name is provided, a random 10 character name is generated. -// If an AK with the same name exists, `ErrExists` is returned. +// If an AK with the same name exists, [ErrExists] is returned. func (t *TPM) CreateAK(ctx context.Context, name string) (ak *AK, err error) { if err = t.open(ctx); err != nil { return nil, fmt.Errorf("failed opening TPM: %w", err) @@ -149,7 +149,7 @@ func (t *TPM) CreateAK(ctx context.Context, name string) (ak *AK, err error) { case err == nil: return nil, fmt.Errorf("failed creating AK %q: %w", name, ErrExists) case errors.Is(err, storage.ErrNoStorageConfigured): - return nil, fmt.Errorf("failed creating key %q: %w", name, err) + return nil, fmt.Errorf("failed creating AK %q: %w", name, err) } akConfig := attest.AKConfig{ @@ -184,7 +184,7 @@ func (t *TPM) CreateAK(ctx context.Context, name string) (ak *AK, err error) { return ak, nil } -// GetAK returns the AK identified by `name`. It returns `ErrNotfound` +// GetAK returns the AK identified by `name`. It returns [ErrNotfound] // if it doesn't exist. func (t *TPM) GetAK(ctx context.Context, name string) (ak *AK, err error) { if err = t.open(ctx); err != nil { @@ -194,9 +194,6 @@ func (t *TPM) GetAK(ctx context.Context, name string) (ak *AK, err error) { sak, err := t.store.GetAK(name) if err != nil { - if errors.Is(err, storage.ErrNotFound) { - return nil, fmt.Errorf("failed getting AK %q: %w", name, ErrNotFound) - } return nil, fmt.Errorf("failed getting AK %q: %w", name, err) } @@ -209,7 +206,7 @@ var ( // GetAKByPermanentIdentifier returns an AK for which a certificate // exists with `permanentIdentifier` as one of the Subject Alternative -// Names. It returns `ErrNotFound` if it doesn't exist. +// Names. It returns [ErrNotFound] if it doesn't exist. func (t *TPM) GetAKByPermanentIdentifier(ctx context.Context, permanentIdentifier string) (ak *AK, err error) { if err = t.open(ctx); err != nil { return nil, fmt.Errorf("failed opening TPM: %w", err) @@ -256,7 +253,7 @@ func (t *TPM) ListAKs(ctx context.Context) (aks []*AK, err error) { return } -// DeleteAK removes the AK identified by `name`. It returns `ErrNotfound` +// DeleteAK removes the AK identified by `name`. It returns [ErrNotfound] // if it doesn't exist. Keys that were attested by the AK have to be removed // before removing the AK, otherwise an error will be returned. func (t *TPM) DeleteAK(ctx context.Context, name string) (err error) { @@ -267,9 +264,6 @@ func (t *TPM) DeleteAK(ctx context.Context, name string) (err error) { ak, err := t.store.GetAK(name) if err != nil { - if errors.Is(err, storage.ErrNotFound) { - return fmt.Errorf("failed getting AK %q: %w", name, ErrNotFound) - } return fmt.Errorf("failed getting AK %q: %w", name, err) } diff --git a/tpm/errors.go b/tpm/errors.go index 08c6b66f..3e466542 100644 --- a/tpm/errors.go +++ b/tpm/errors.go @@ -1,16 +1,14 @@ package tpm import ( - "errors" - "go.step.sm/crypto/tpm/storage" ) // ErrNotFound is returned when a Key or AK cannot be found -var ErrNotFound = errors.New("not found") +var ErrNotFound = storage.ErrNotFound // ErrExists is returned when a Key or AK already exists -var ErrExists = errors.New("already exists") +var ErrExists = storage.ErrExists // ErrNoStorageConfigured is returned when a TPM operation is // performed that requires a storage to have been configured diff --git a/tpm/key.go b/tpm/key.go index 8cf61aa6..e361b4c3 100644 --- a/tpm/key.go +++ b/tpm/key.go @@ -143,7 +143,7 @@ type AttestKeyConfig struct { // CreateKey creates a new Key identified by `name`. If no name is provided, // a random 10 character name is generated. If a Key with the same name exists, -// `ErrExists` is returned. The Key won't be attested by an AK. +// [ErrExists] is returned. The Key won't be attested by an AK. func (t *TPM) CreateKey(ctx context.Context, name string, config CreateKeyConfig) (key *Key, err error) { if err = t.open(goTPMCall(ctx)); err != nil { return nil, fmt.Errorf("failed opening TPM: %w", err) @@ -211,7 +211,7 @@ func (w attestValidationWrapper) Validate() error { // AttestKey creates a new Key identified by `name` and attested by the AK // identified by `akName`. If no name is provided, a random 10 character -// name is generated. If a Key with the same name exists, `ErrExists` is +// name is generated. If a Key with the same name exists, [ErrExists] is // returned. func (t *TPM) AttestKey(ctx context.Context, akName, name string, config AttestKeyConfig) (key *Key, err error) { if err = t.open(ctx); err != nil { @@ -234,9 +234,6 @@ func (t *TPM) AttestKey(ctx context.Context, akName, name string, config AttestK ak, err := t.store.GetAK(akName) if err != nil { - if errors.Is(err, storage.ErrNotFound) { - return nil, fmt.Errorf("failed getting AK %q: %w", akName, ErrNotFound) - } return nil, fmt.Errorf("failed getting AK %q: %w", akName, err) } @@ -285,7 +282,7 @@ func (t *TPM) AttestKey(ctx context.Context, akName, name string, config AttestK return } -// GetKey returns the Key identified by `name`. It returns `ErrNotfound` +// GetKey returns the Key identified by `name`. It returns [ErrNotfound] // if it doesn't exist. func (t *TPM) GetKey(ctx context.Context, name string) (key *Key, err error) { if err = t.open(ctx); err != nil { @@ -295,9 +292,6 @@ func (t *TPM) GetKey(ctx context.Context, name string) (key *Key, err error) { skey, err := t.store.GetKey(name) if err != nil { - if errors.Is(err, storage.ErrNotFound) { - return nil, fmt.Errorf("failed getting key %q: %w", name, ErrNotFound) - } return nil, fmt.Errorf("failed getting key %q: %w", name, err) } @@ -348,7 +342,7 @@ func (t *TPM) GetKeysAttestedBy(ctx context.Context, akName string) (keys []*Key return } -// DeleteKey removes the Key identified by `name`. It returns `ErrNotfound` +// DeleteKey removes the Key identified by `name`. It returns [ErrNotfound] // if it doesn't exist. func (t *TPM) DeleteKey(ctx context.Context, name string) (err error) { if err := t.open(ctx); err != nil { @@ -358,9 +352,6 @@ func (t *TPM) DeleteKey(ctx context.Context, name string) (err error) { key, err := t.store.GetKey(name) if err != nil { - if errors.Is(err, storage.ErrNotFound) { - return fmt.Errorf("failed getting key %q: %w", name, ErrNotFound) - } return fmt.Errorf("failed getting key %q: %w", name, err) } diff --git a/tpm/signer.go b/tpm/signer.go index 5b992e2a..e62d90f5 100644 --- a/tpm/signer.go +++ b/tpm/signer.go @@ -3,11 +3,9 @@ package tpm import ( "context" "crypto" - "errors" "fmt" "io" - "go.step.sm/crypto/tpm/storage" "go.step.sm/crypto/tpm/tss2" ) @@ -62,9 +60,6 @@ func (t *TPM) GetSigner(ctx context.Context, name string) (csigner crypto.Signer key, err := t.store.GetKey(name) if err != nil { - if errors.Is(err, storage.ErrNotFound) { - return nil, fmt.Errorf("failed getting signer for key %q: %w", name, ErrNotFound) - } return nil, fmt.Errorf("failed getting signer for key %q: %w", name, err) } diff --git a/tpm/tpm_simulator_test.go b/tpm/tpm_simulator_test.go index d65c7877..49db99ad 100644 --- a/tpm/tpm_simulator_test.go +++ b/tpm/tpm_simulator_test.go @@ -20,10 +20,11 @@ import ( "strings" "testing" - "github.com/smallstep/go-attestation/attest" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/smallstep/go-attestation/attest" + "go.step.sm/crypto/keyutil" "go.step.sm/crypto/minica" "go.step.sm/crypto/tpm/simulator"