Documentation ¶
Overview ¶
Package util contains helper functions that are useful when using go-tpm2.
Index ¶
- func ComputeCpHash(alg tpm2.HashAlgorithmId, command tpm2.CommandCode, handles []Entity, ...) (tpm2.Digest, error)deprecated
- func ComputePCRDigest(alg tpm2.HashAlgorithmId, pcrs tpm2.PCRSelectionList, values tpm2.PCRValues) (tpm2.Digest, error)deprecated
- func ComputePCRDigestFromAllValues(alg tpm2.HashAlgorithmId, values tpm2.PCRValues) (tpm2.PCRSelectionList, tpm2.Digest, error)deprecated
- func ComputePolicyAuthorizeDigest(alg tpm2.HashAlgorithmId, approvedPolicy tpm2.Digest, policyRef tpm2.Nonce) (tpm2.Digest, error)deprecated
- func ComputeQualifiedName(entity Entity, rootQn tpm2.Name, ancestors ...Entity) (tpm2.Name, error)deprecated
- func ComputeQualifiedNameInHierarchy(entity Entity, hierarchy tpm2.Handle, ancestors ...Entity) (tpm2.Name, error)deprecated
- func CreateDuplicationObject(sensitive *tpm2.Sensitive, public, parentPublic *tpm2.Public, ...) (innerSymmetricKeyOut tpm2.Data, duplicate tpm2.Private, ...)deprecated
- func MakeCredential(key *tpm2.Public, credential tpm2.Digest, objectName tpm2.Name) (credentialBlob tpm2.IDObjectRaw, secret tpm2.EncryptedSecret, err error)deprecated
- func NewExternalECCPublicKey(nameAlg tpm2.HashAlgorithmId, usage templates.KeyUsage, scheme *tpm2.ECCScheme, ...) *tpm2.Publicdeprecated
- func NewExternalECCPublicKeyWithDefaults(usage templates.KeyUsage, key *ecdsa.PublicKey) *tpm2.Publicdeprecated
- func NewExternalHMACKey(nameAlg, schemeAlg tpm2.HashAlgorithmId, authValue tpm2.Auth, key []byte) (*tpm2.Public, *tpm2.Sensitive)deprecated
- func NewExternalHMACKeyWithDefaults(authValue tpm2.Auth, key []byte) (*tpm2.Public, *tpm2.Sensitive)deprecated
- func NewExternalRSAPublicKey(nameAlg tpm2.HashAlgorithmId, usage templates.KeyUsage, scheme *tpm2.RSAScheme, ...) *tpm2.Publicdeprecated
- func NewExternalRSAPublicKeyWithDefaults(usage templates.KeyUsage, key *rsa.PublicKey) *tpm2.Publicdeprecated
- func NewExternalSealedObject(nameAlg tpm2.HashAlgorithmId, authValue tpm2.Auth, data []byte) (*tpm2.Public, *tpm2.Sensitive)deprecated
- func PolicyAuthorize(key crypto.PrivateKey, scheme *tpm2.SigScheme, approvedPolicy tpm2.Digest, ...) (tpm2.Digest, *tpm2.Signature, error)deprecated
- func Sign(key crypto.PrivateKey, scheme *tpm2.SigScheme, digest []byte) (*tpm2.Signature, error)deprecated
- func SignPolicyAuthorization(key crypto.PrivateKey, scheme *tpm2.SigScheme, nonceTPM tpm2.Nonce, ...) (*tpm2.Signature, error)deprecated
- func UnwrapDuplicationObject(duplicate tpm2.Private, public *tpm2.Public, privKey crypto.PrivateKey, ...) (*tpm2.Sensitive, error)deprecated
- func VerifyAttestationSignature(key crypto.PublicKey, attest *tpm2.Attest, signature *tpm2.Signature) (ok bool, err error)
- func VerifySignature(key crypto.PublicKey, digest []byte, signature *tpm2.Signature) (ok bool, err error)deprecated
- type Entity
- type TrialAuthPolicydeprecated
- func (p *TrialAuthPolicy) GetDigest() tpm2.Digest
- func (p *TrialAuthPolicy) PolicyAuthValue()
- func (p *TrialAuthPolicy) PolicyAuthorize(policyRef tpm2.Nonce, key Entity)
- func (p *TrialAuthPolicy) PolicyCommandCode(code tpm2.CommandCode)
- func (p *TrialAuthPolicy) PolicyCounterTimer(operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp)
- func (p *TrialAuthPolicy) PolicyCpHash(cpHashA tpm2.Digest)
- func (p *TrialAuthPolicy) PolicyDuplicationSelect(object, newParent Entity, includeObject bool)
- func (p *TrialAuthPolicy) PolicyNV(nvIndex Entity, operandB tpm2.Operand, offset uint16, ...)
- func (p *TrialAuthPolicy) PolicyNameHash(nameHash tpm2.Digest)
- func (p *TrialAuthPolicy) PolicyNvWritten(writtenSet bool)
- func (p *TrialAuthPolicy) PolicyOR(pHashList tpm2.DigestList)
- func (p *TrialAuthPolicy) PolicyPCR(pcrDigest tpm2.Digest, pcrs tpm2.PCRSelectionList)
- func (p *TrialAuthPolicy) PolicyPassword()
- func (p *TrialAuthPolicy) PolicySecret(auth Entity, policyRef tpm2.Nonce)
- func (p *TrialAuthPolicy) PolicySigned(auth Entity, policyRef tpm2.Nonce)
- func (p *TrialAuthPolicy) Reset()
- func (p *TrialAuthPolicy) SetDigest(d tpm2.Digest)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ComputeCpHash
deprecated
func ComputeCpHash(alg tpm2.HashAlgorithmId, command tpm2.CommandCode, handles []Entity, params ...interface{}) (tpm2.Digest, error)
ComputeCpHash computes a command parameter digest from the specified command code, the supplied handles, and parameters using the specified digest algorithm.
The required parameters is defined in part 3 of the TPM 2.0 Library Specification for the specific command.
The result of this is useful for extended authorization commands that bind an authorization to a command and set of command parameters, such as tpm2.TPMContext.PolicySigned, tpm2.TPMContext.PolicySecret, tpm2.TPMContext.PolicyTicket and tpm2.TPMContext.PolicyCpHash.
Deprecated: Use policyutil.ComputeCpHash.
func ComputePCRDigest
deprecated
func ComputePCRDigest(alg tpm2.HashAlgorithmId, pcrs tpm2.PCRSelectionList, values tpm2.PCRValues) (tpm2.Digest, error)
ComputePCRDigest computes a digest using the specified algorithm from the provided set of PCR values and the provided PCR selections. The digest is computed the same way as PCRComputeCurrentDigest as defined in the TPM reference implementation. It is most useful for computing an input to tpm2.TPMContext.PolicyPCR or TrialAuthPolicy.PolicyPCR, and for validating quotes and creation data.
Deprecated: use policyutil.ComputePCRDigest.
func ComputePCRDigestFromAllValues
deprecated
func ComputePCRDigestFromAllValues(alg tpm2.HashAlgorithmId, values tpm2.PCRValues) (tpm2.PCRSelectionList, tpm2.Digest, error)
ComputePCRDigestFromAllValues computes a digest using the specified algorithm from all of the provided set of PCR values. The digest is computed the same way as PCRComputeCurrentDigest as defined in the TPM reference implementation. It returns the PCR selection associated with the computed digest.
Deprecated: use policyutil.ComputePCRDigestFromAllValues.
func ComputePolicyAuthorizeDigest
deprecated
func ComputePolicyAuthorizeDigest(alg tpm2.HashAlgorithmId, approvedPolicy tpm2.Digest, policyRef tpm2.Nonce) (tpm2.Digest, error)
ComputePolicyAuthorizeDigest computes a digest to sign from the supplied authorization policy digest and policy reference. The resulting digest can be signed to authorize the supplied policy with the TPM2_PolicyAuthorize assertion, using the tpm2.TPMContext.PolicyAuthorize function.
Deprecated: Use policyutil.ComputePolicyAuthorizationTBSDigest.
func ComputeQualifiedName
deprecated
ComputeQualifiedName computes the qualified name of an object from the specified qualified name of a root object and a list of ancestor object. The ancestor objects are ordered starting with the immediate child of the object associated with the root qualified name.
Deprecated: Use objectutil.ComputeQualifiedName.
func ComputeQualifiedNameInHierarchy
deprecated
added in
v0.9.9
func ComputeQualifiedNameInHierarchy(entity Entity, hierarchy tpm2.Handle, ancestors ...Entity) (tpm2.Name, error)
ComputeQualifiedNameInHierarchy computes the qualified name of an object protected in the specified hierarchy from a list of ancestor object. The ancestor objects are ordered starting from the primary object.
Deprecated: Use objectutil.ComputeQualifiedNameInHierarchy.
func CreateDuplicationObject
deprecated
added in
v0.9.9
func CreateDuplicationObject(sensitive *tpm2.Sensitive, public, parentPublic *tpm2.Public, innerSymmetricKey tpm2.Data, innerSymmetricAlg *tpm2.SymDefObject) (innerSymmetricKeyOut tpm2.Data, duplicate tpm2.Private, outerSecret tpm2.EncryptedSecret, err error)
CreateDuplicationObject creates a duplication object that can be imported in to a TPM with the tpm2.TPMContext.Import command from the supplied sensitive area.
If parentPublic is supplied, an outer duplication wrapper will be applied to the duplication object. The parentPublic argument should correspond to the public area of the storage key to which the duplication object will be imported. A secret structure will be returned as tpm2.EncryptedSecret which can be used by the private part of parentPublic in order to recover the seed used to generate the outer wrapper.
If innerSymmetricAlg is supplied and the Algorithm field is not tpm2.SymObjectAlgorithmNull, this function will apply an inner duplication wrapper to the duplication object. If innerSymmetricKey is supplied, it will be used as the symmetric key for the inner wrapper. It must have a size appropriate for the selected symmetric algorithm. If innerSymmetricKey is not supplied, a symmetric key will be created and returned as tpm2.Data.
Deprecated: Use objectutil.CreateImportable.
func MakeCredential
deprecated
func MakeCredential(key *tpm2.Public, credential tpm2.Digest, objectName tpm2.Name) (credentialBlob tpm2.IDObjectRaw, secret tpm2.EncryptedSecret, err error)
MakeCredential performs the duties of a certificate authority in order to create an activation credential. It establishes a seed which is used to protect the activation credential (see section 24 - "Credential Protection" of Part 1 of the Trusted Platform Module Library specification).
The encrypted and integrity protected credential blob and a secret are returned, and these can be supplied to the TPM2_ActivateCredential command on the TPM on which both the private part of key and the object associated with objectName are loaded in order to recover the activation credential.
Deprecated: Use objectutil.MakeCredential.
func NewExternalECCPublicKey
deprecated
func NewExternalECCPublicKey(nameAlg tpm2.HashAlgorithmId, usage templates.KeyUsage, scheme *tpm2.ECCScheme, key *ecdsa.PublicKey) *tpm2.Public
NewExternalECCPublicKey creates a public area from the supplied elliptic public key with the specified name algorithm, key usage and scheme, for use with the tpm2.TPMContext.LoadExternal command. If nameAlg is tpm2.HashAlgorithmNull, then tpm2.HashAlgorithmSHA256 is used. If no usage is specified, the public area will include both sign and decrypt attributes.
Deprecated: Use github.com/canonical/go-tpm2/object.NewECCPublicKey.
func NewExternalECCPublicKeyWithDefaults
deprecated
func NewExternalECCPublicKeyWithDefaults(usage templates.KeyUsage, key *ecdsa.PublicKey) *tpm2.Public
NewExternalECCPublicKeyWithDefaults creates a public area from the supplied elliptic public key with the specified key usage, SHA256 as the name algorithm and the scheme unset, for use with the tpm2.TPMContext.LoadExternal command. If no usage is specified, the public area will include both sign and decrypt attributes.
Deprecated: Use github.com/canonical/go-tpm2/object.NewECCPublicKey.
func NewExternalHMACKey
deprecated
func NewExternalHMACKey(nameAlg, schemeAlg tpm2.HashAlgorithmId, authValue tpm2.Auth, key []byte) (*tpm2.Public, *tpm2.Sensitive)
NewExternalHMACKey creates both the public and sensitive areas for the supplied HMAC key with the specified name algorithm, scheme algorithm and auth value. If nameAlg is tpm2.HashAlgorithmNull, then tpm2.HashAlgorithmSHA256 is used. If schemeAlg is tpm2.HashAlgorithmNull, then nameAlg is used.
It will panic if authValue is larger than the size of the name algorithm.
The returned public and sensitive areas can be made into a duplication object with CreateDuplicationObject for importing into a TPM.
The public area has the tpm2.AttrUserWithAuth set in order to permit authentication for the user auth role using the sensitive area's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the tpm2.AttrUserWithAuth attribute.
Deprecated: Use github.com/canonical/go-tpm2/object.NewHMACKey.
func NewExternalHMACKeyWithDefaults
deprecated
func NewExternalHMACKeyWithDefaults(authValue tpm2.Auth, key []byte) (*tpm2.Public, *tpm2.Sensitive)
NewExternalHMACKeyWithDefaults creates both the public and sensitive areas for the supplied HMAC key with the specified auth value and with SHA256 as both the name and scheme algorithm.
It will panic if authValue is larger than the size of the name algorithm.
The returned public and sensitive areas can be made into a duplication object with CreateDuplicationObject for importing into a TPM.
The public area has the tpm2.AttrUserWithAuth set in order to permit authentication for the user auth role using the sensitive area's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the tpm2.AttrUserWithAuth attribute.
Deprecated: Use github.com/canonical/go-tpm2/object.NewHMACKey.
func NewExternalRSAPublicKey
deprecated
func NewExternalRSAPublicKey(nameAlg tpm2.HashAlgorithmId, usage templates.KeyUsage, scheme *tpm2.RSAScheme, key *rsa.PublicKey) *tpm2.Public
NewExternalRSAPublicKey creates a public area from the supplied RSA public key with the specified name algorithm, key usage and scheme, for use with the tpm2.TPMContext.LoadExternal command. If nameAlg is tpm2.HashAlgorithmNull, then tpm2.HashAlgorithmSHA256 is used. If no usage is specified, the public area will include both sign and decrypt attributes.
Deprecated: Use github.com/canonical/go-tpm2/object.NewRSAPublicKey.
func NewExternalRSAPublicKeyWithDefaults
deprecated
NewExternalRSAPublicKeyWithDefaults creates a public area from the supplied RSA with the specified key usage, SHA256 as the name algorithm and the scheme unset, for use with the tpm2.TPMContext.LoadExternal command. If no usage is specified, the public area will include both sign and decrypt attributes.
Deprecated: Use github.com/canonical/go-tpm2/object.NewRSAPublicKey.
func NewExternalSealedObject
deprecated
func NewExternalSealedObject(nameAlg tpm2.HashAlgorithmId, authValue tpm2.Auth, data []byte) (*tpm2.Public, *tpm2.Sensitive)
NewExternalSealedObject creates both the public and sensitive areas for a sealed object containing the supplied data, with the specified name algorithm and authorization value. If nameAlgorithm is tpm2.HashAlgorithmNull, then tpm2.HashAlgorithmSHA256 is used.
It will panic if authValue is larger than the size of the name algorithm.
The returned public and sensitive areas can be made into a duplication object with CreateDuplicationObject for importing into a TPM.
The public area has the tpm2.AttrUserWithAuth set in order to permit authentication for the user auth role using the sensitive area's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the tpm2.AttrUserWithAuth attribute.
Deprecated: Use github.com/canonical/go-tpm2/object.NewSealedObject.
func PolicyAuthorize
deprecated
func PolicyAuthorize(key crypto.PrivateKey, scheme *tpm2.SigScheme, approvedPolicy tpm2.Digest, policyRef tpm2.Nonce) (tpm2.Digest, *tpm2.Signature, error)
PolicyAuthorize authorizes an authorization policy digest with the supplied key and signature scheme. The resulting digest and signature can be verified by the TPM in order to produce a ticket that can then be supplied to a TPM2_PolicyAuthorize assertion, using the tpm2.TPMContext.VerifySignature and tpm2.TPMContext.PolicyAuthorize functions.
The digest algorithm used for the signature must match the name algorithm in the public area associated with the supplied private key.
Deprecated: Use policyutil.SignPolicyAuthorize.
func Sign
deprecated
func Sign(key crypto.PrivateKey, scheme *tpm2.SigScheme, digest []byte) (*tpm2.Signature, error)
Sign creates a signature of the supplied digest using the supplied private key and signature scheme. Note that only RSA-SSA, RSA-PSS, ECDSA and HMAC signatures can be created. The returned signature can be verified on a TPM using the associated public key.
In order to create a HMAC, the supplied private key should be a byte slice containing the HMAC key.
Deprecated: Use cryptutil.Sign instead.
func SignPolicyAuthorization
deprecated
func SignPolicyAuthorization(key crypto.PrivateKey, scheme *tpm2.SigScheme, nonceTPM tpm2.Nonce, cpHashA tpm2.Digest, policyRef tpm2.Nonce, expiration int32) (*tpm2.Signature, error)
SignPolicyAuthorization creates a signed authorization using the supplied key and signature scheme. The signed authorization can be used in a TPM2_PolicySigned assertion using the tpm2.TPMContext.PolicySigned function. The authorizing party can apply contraints on how the session that includes this authorization can be used.
If nonceTPM is supplied, then the signed authorization can only be used for the session associated with the supplied nonce.
If expiration is non-zero, then the signed authorization is only valid for the specified number of seconds from when nonceTPM was generated.
If cpHash is supplied, then the signed authorization is only valid for use in a command with the associated command code and set of command parameters. The command parameter digest can be computed using ComputeCpHash.
Deprecated: Use policyutil.SignPolicySignedAuthorization.
func UnwrapDuplicationObject
deprecated
added in
v0.9.9
func UnwrapDuplicationObject(duplicate tpm2.Private, public *tpm2.Public, privKey crypto.PrivateKey, outerHashAlg tpm2.HashAlgorithmId, outerSymmetricAlg *tpm2.SymDefObject, outerSecret tpm2.EncryptedSecret, innerSymmetricKey tpm2.Data, innerSymmetricAlg *tpm2.SymDefObject) (*tpm2.Sensitive, error)
UnwrapDuplicationObject unwraps the supplied duplication object and returns the corresponding sensitive area. The duplication object will normally be created by executing the tpm2.TPMContext.Duplicate command.
If outerSecret is supplied then it is assumed that the object has an outer duplication wrapper. For an object duplicated with tpm2.TPMContext.Duplicate, outerSecret is the secret structure returned by this command. In this case, privKey, outerHashAlg and outerSymmetricAlg must be supplied - privKey is the key that recovers the seed used to generate the outer wrapper (the new parent when using tpm2.TPMContext.Duplicate), outerHashAlg is the algorithm used for integrity checking and key derivation (the new parent's name algorithm when using tpm2.TPMContext.Duplicate) and must not be tpm2.HashAlgorithmNull, and outerSymmetricAlg defines the symmetric algorithm for the outer wrapper (the new parent's symmetric algorithm when using tpm2.TPMContext.Duplicate) and must not be tpm2.SymObjectAlgorithmNull).
If innerSymmetricAlg is supplied and the Algorithm field is not tpm2.SymObjectAlgorithmNull, then it is assumed that the object has an inner duplication wrapper. In this case, the symmetric key for the inner wrapper must be supplied using the innerSymmetricKey argument.
Deprecated: Use objectutil.UnwrapDuplicated.
func VerifyAttestationSignature ¶
func VerifyAttestationSignature(key crypto.PublicKey, attest *tpm2.Attest, signature *tpm2.Signature) (ok bool, err error)
VerifyAttestationSignature verifies the signature for the supplied attestation structure as generated by one of the TPM's attestation commands. Note that only RSA-SSA, RSA-PSS, ECDSA and HMAC signatures are supported.
In order to verify a HMAC signature, the supplied public key should be a byte slice containing the HMAC key.
func VerifySignature
deprecated
func VerifySignature(key crypto.PublicKey, digest []byte, signature *tpm2.Signature) (ok bool, err error)
VerifySignature verifies a signature created by a TPM using the supplied public key. Note that only RSA-SSA, RSA-PSS, ECDSA and HMAC signatures are supported.
In order to verify a HMAC signature, the supplied public key should be a byte slice containing the HMAC key.
Deprecated: Use cryptutil.Verify instead.
Types ¶
type TrialAuthPolicy
deprecated
type TrialAuthPolicy struct {
// contains filtered or unexported fields
}
TrialAuthPolicy provides a mechanism for computing authorization policy digests without having to execute a trial authorization policy session on the TPM. An advantage of this is that it is possible to compute digests for PolicySecret and PolicyNV assertions without knowledge of the authorization value of the authorizing entities used for those commands.
Deprecated: Use policyutil.PolicyBuilder.
func ComputeAuthPolicy
deprecated
func ComputeAuthPolicy(alg tpm2.HashAlgorithmId) *TrialAuthPolicy
ComputeAuthPolicy creates a new context for computing an authorization policy digest. It will panic if the specified algorithm is not available. The caller should check this beforehand.
Deprecated: Use policyutil.NewPolicyBuilder.
func (*TrialAuthPolicy) GetDigest ¶
func (p *TrialAuthPolicy) GetDigest() tpm2.Digest
GetDigest returns the current digest computed for the policy assertions executed so far.
func (*TrialAuthPolicy) PolicyAuthValue ¶
func (p *TrialAuthPolicy) PolicyAuthValue()
PolicyAuthValue computes a TPM2_PolicyAuthValue assertion.
func (*TrialAuthPolicy) PolicyAuthorize ¶
func (p *TrialAuthPolicy) PolicyAuthorize(policyRef tpm2.Nonce, key Entity)
PolicyAuthorize computes a TPM2_PolicyAuthorize assertion for the key with the specified name and the specified policyRef.
func (*TrialAuthPolicy) PolicyCommandCode ¶
func (p *TrialAuthPolicy) PolicyCommandCode(code tpm2.CommandCode)
PolicyCommandCode computes a TPM2_PolicyCommandCode assertion for the specified command code.
func (*TrialAuthPolicy) PolicyCounterTimer ¶
func (p *TrialAuthPolicy) PolicyCounterTimer(operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp)
PolicyCounterTimer computes a TPM2_PolicyCounterTimer assertion for the specified comparison operation.
func (*TrialAuthPolicy) PolicyCpHash ¶
func (p *TrialAuthPolicy) PolicyCpHash(cpHashA tpm2.Digest)
PolicyCpHash computes a TPM2_PolicyCpHash assertion for the command parameters associated with the specified hash.
func (*TrialAuthPolicy) PolicyDuplicationSelect ¶
func (p *TrialAuthPolicy) PolicyDuplicationSelect(object, newParent Entity, includeObject bool)
PolicyDuplicationSelect computes a TPM2_PolicyDuplicationSelect assertion for the object and parent object with the specified names.
func (*TrialAuthPolicy) PolicyNV ¶
func (p *TrialAuthPolicy) PolicyNV(nvIndex Entity, operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp)
PolicyNV computes a TPM2_PolicyNV assertion executed for an index for the specified name, with the specified comparison operation.
func (*TrialAuthPolicy) PolicyNameHash ¶
func (p *TrialAuthPolicy) PolicyNameHash(nameHash tpm2.Digest)
PolicyNameHash computes a TPM2_PolicyNameHash assertion with for the entities associated with the specified name digest.
func (*TrialAuthPolicy) PolicyNvWritten ¶
func (p *TrialAuthPolicy) PolicyNvWritten(writtenSet bool)
PolicyNvWritten computes a TPM2_PolicyNvWritten assertion
func (*TrialAuthPolicy) PolicyOR ¶
func (p *TrialAuthPolicy) PolicyOR(pHashList tpm2.DigestList)
PolicyOR computes a TPM2_PolicyOR assertion executed for the specified digests. It will panic if there are fewer than 2 or more than 8 digests, or if any digest has the wrong size.
func (*TrialAuthPolicy) PolicyPCR ¶
func (p *TrialAuthPolicy) PolicyPCR(pcrDigest tpm2.Digest, pcrs tpm2.PCRSelectionList)
PolicyPCR computes a TPM2_PolicyPCR assertion executed for the specified PCR selection and with PCR values associated with the specified PCR digest.
If generating policy for non PC client TPM devices, make sure to call tpm2.PCRSelectionList.WithMinSelectSize with an appropriate value defined in the TPM's platform profile specification.
func (*TrialAuthPolicy) PolicyPassword ¶
func (p *TrialAuthPolicy) PolicyPassword()
PolicyPassword computes a TPM2_PolicyPassword assertion.
func (*TrialAuthPolicy) PolicySecret ¶
func (p *TrialAuthPolicy) PolicySecret(auth Entity, policyRef tpm2.Nonce)
PolicySecret computes a TPM2_PolicySecret assertion executed for an object with the specified name and the specified policyRef.
func (*TrialAuthPolicy) PolicySigned ¶
func (p *TrialAuthPolicy) PolicySigned(auth Entity, policyRef tpm2.Nonce)
PolicySigned computes a TPM2_PolicySigned assertion executed for a key with the specified name and the specified policyRef.
func (*TrialAuthPolicy) SetDigest ¶
func (p *TrialAuthPolicy) SetDigest(d tpm2.Digest)
SetDigests overwrites the current digest. It will panic if the supplied digest is not the correct size.