templates

package
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2022 License: LGPL-3.0 Imports: 1 Imported by: 0

Documentation

Overview

Package template contains helpers for constructing templates to create objects with go-tpm2.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewDerivationParentKey 

func NewDerivationParentKey(nameAlg, schemeAlg tpm2.HashAlgorithmId) *tpm2.Public

NewDerivationParentKey returns a template for derivation parent key with the specified name algorithm and KDF digest algorithm. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If schemeAlg is HashAlgorithmNull, then nameAlg is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a key with a TPM generated seed. In order to supply the seed, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewDerivationParentKeyWithDefaults 

func NewDerivationParentKeyWithDefaults() *tpm2.Public

NewDerivationParentKeyWithDefaults returns a template for derivation parent key with SHA256 as the name algorithm and KDF digest algorithm.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a key with a TPM generated seed. In order to supply the seed, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewECCKey 

func NewECCKey(nameAlg tpm2.HashAlgorithmId, usage KeyUsage, scheme *tpm2.ECCScheme, curve tpm2.ECCCurve) *tpm2.Public

NewECCKey returns a template for a general purpose ECC key for the specified usage, with the specified name algorithm, ECC scheme and elliptic curve. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewECCKeyWithDefaults 

func NewECCKeyWithDefaults(usage KeyUsage) *tpm2.Public

NewECCKeyWithDefaults returns a template for a general purpose ECC key for the specified usage, with SHA256 as the name algorithm, the scheme unset and NIST-P256 as the curve. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewECCStorageKey 

func NewECCStorageKey(nameAlg tpm2.HashAlgorithmId, algorithm tpm2.SymObjectAlgorithmId, keyBits uint16, curve tpm2.ECCCurve) *tpm2.Public

NewECCStorageKey returns a template for a ECC storage parent with the specified name algorithm, symmetric cipher, symmetric key size and elliptic curve. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If algorithm is SymObjectAlgorithmNull, then SymObjectAlgorithmAES is used. If keyBits is zero, then 128 is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewECCStorageKeyWithDefaults 

func NewECCStorageKeyWithDefaults() *tpm2.Public

NewECCStorageKeyWithDefaults returns a template for a ECC storage parent with SHA256 as the name algorithm, AES-128 as the symmetric cipher and the NIST-P256 curve.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewHMACKey 

func NewHMACKey(nameAlg, schemeAlg tpm2.HashAlgorithmId) *tpm2.Public

NewHMACKey returns a template for a HMAC key with the specified name algorithm and HMAC digest algorithm. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If schemeAlg is HashAlgorithmNull, then nameAlg is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewHMACKeyWithDefaults 

func NewHMACKeyWithDefaults() *tpm2.Public

NewHMACKeyWithDefaults returns a template for a HMAC key with SHA256 as the name algorithm and the HMAC digest algorithm.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewRSAKey 

func NewRSAKey(nameAlg tpm2.HashAlgorithmId, usage KeyUsage, scheme *tpm2.RSAScheme, keyBits uint16) *tpm2.Public

NewRSAKey returns a template for a general purpose RSA key for the specified usage, with the specified name algorithm, RSA scheme and RSA key size. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If keyBits is zero, then 2048 is used. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewRSAKeyWithDefaults 

func NewRSAKeyWithDefaults(usage KeyUsage) *tpm2.Public

NewRSAKeyWithDefaults returns a template for a general purpose RSA key for the specified usage, with SHA256 as the name algorithm, the scheme unset and 2048 bits as the key size. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewRSAStorageKey 

func NewRSAStorageKey(nameAlg tpm2.HashAlgorithmId, algorithm tpm2.SymObjectAlgorithmId, symKeyBits, asymKeyBits uint16) *tpm2.Public

NewRSAStorageKey returns a template for a RSA storage parent with the specified name algorithm, symmetric cipher, symmetric key size and RSA key size. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If algorithm is SymObjectAlgorithmNull, then SymObjectAlgorithmAES is used. If symKeyBits is zero, then 128 is used. If asymKeyBits is zero, then 2048 is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewRSAStorageKeyWithDefaults 

func NewRSAStorageKeyWithDefaults() *tpm2.Public

NewRSAStorageKeyWithDefaults returns a template for a RSA storage parent with SHA256 as the name algorithm, AES-128 as the symmetric cipher and 2048 bits as the RSA key size.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewRestrictedECCSigningKey 

func NewRestrictedECCSigningKey(nameAlg tpm2.HashAlgorithmId, scheme *tpm2.ECCScheme, curve tpm2.ECCCurve) *tpm2.Public

NewRestrictedECCSigningKey returns a template for a restricted ECC signing key with the specified name algorithm, ECC scheme and elliptic curve. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If scheme is nil, then ECDSA is used with the digest algorithm set to the same as the name algorithm.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewRestrictedECCSigningKeyWithDefaults 

func NewRestrictedECCSigningKeyWithDefaults() *tpm2.Public

NewRestrictedECCSigningKeyWithDefaults returns a template for a restricted ECC signing key with SHA256 as the name algorithm, ECDSA with SHA256 as the scheme and NIST-P256 as the curve.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewRestrictedRSASigningKey 

func NewRestrictedRSASigningKey(nameAlg tpm2.HashAlgorithmId, scheme *tpm2.RSAScheme, keyBits uint16) *tpm2.Public

NewRestrictedRSASigningKey returns a template for a restricted RSA signing key with the specified name algorithm, RSA scheme and RSA key size. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If scheme is nil, then RSASSA is used with the digest algorithm set to the same as the name algorithm. If keyBits is zero, then 2048 is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewRestrictedRSASigningKeyWithDefaults 

func NewRestrictedRSASigningKeyWithDefaults() *tpm2.Public

NewRestrictedRSASigningKeyWithDefaults returns a template for a restricted RSA signing key with SHA256 as the name algorithm, RSA-SSA with SHA256 as the scheme and 2048 bits as the key size.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewSealedObject 

func NewSealedObject(nameAlg tpm2.HashAlgorithmId) *tpm2.Public

NewSealedObject returns a template for a sealed object with the specified name algorithm. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used.

The template cannot be used to create an object in a duplication group. In order to create an object in a duplication group, remove the AttrFixedTPM attribute. In order to create an object that can be moved to a new parent, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewSymmetricKey 

func NewSymmetricKey(nameAlg tpm2.HashAlgorithmId, usage KeyUsage, algorithm tpm2.SymObjectAlgorithmId, keyBits uint16, mode tpm2.SymModeId) *tpm2.Public

NewSymmetricKey returns a template for a general purpose symmetric key with the specified name algorithm, key usage, symmetic algorithm, symmetric key size and symmetric mode. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If algorithm is SymObjectAlgorithmNull, then SymObjectAlgorithmAES is used. If keyBits is zero, then 128 is used. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewSymmetricKeyWithDefaults 

func NewSymmetricKeyWithDefaults(usage KeyUsage) *tpm2.Public

NewSymmetricKeyWithDefaults returns a template for a general purpose symmetric key for the specified usage with SHA256 as the name algorithm, AES-128 as the cipher and CFB as the cipher mode. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewSymmetricStorageKey 

func NewSymmetricStorageKey(nameAlg tpm2.HashAlgorithmId, algorithm tpm2.SymObjectAlgorithmId, keyBits uint16) *tpm2.Public

NewSymmetricStorageKey returns a template for a symmetric storage parent with the specified name algorithm, symmetric cipher and symmetric key size. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If algorithm is SymObjectAlgorithmNull, then SymObjectAlgorithmAES is used. If keyBits is zero, then 128 is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

func NewSymmetricStorageKeyWithDefaults 

func NewSymmetricStorageKeyWithDefaults() *tpm2.Public

NewSymmetricStorageKeyWithDefaults returns a template for a symmetric storage parent with SHA256 as the name algorithm and AES-128 as the symmetric cipher.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Types

type KeyUsage 

type KeyUsage int
const (
	KeyUsageSign KeyUsage = 1 << iota
	KeyUsageDecrypt

	KeyUsageEncrypt = KeyUsageSign
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.