Documentation ¶
Overview ¶
Package crypto contains cryptographic functions that are useful when using go-tpm2.
Index ¶
- func KDFa(hashAlg crypto.Hash, key, label, contextU, contextV []byte, sizeInBits int) []byte
- func KDFe(hashAlg crypto.Hash, z, label, partyUInfo, partyVInfo []byte, sizeInBits int) []byte
- func SecretDecrypt(priv crypto.PrivateKey, hashAlg crypto.Hash, label, secret []byte) (seed []byte, err error)
- func SecretEncrypt(public crypto.PublicKey, hashAlg crypto.Hash, label []byte) (secret []byte, seed []byte, err error)
- func SymmetricDecrypt(alg SymmetricAlgorithm, key, iv, data []byte) error
- func SymmetricEncrypt(alg SymmetricAlgorithm, key, iv, data []byte) error
- func XORObfuscation(hashAlg crypto.Hash, key []byte, contextU, contextV, data []byte)
- type SymmetricAlgorithm
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func KDFa ¶
KDFa performs key derivation using the counter mode described in SP800-108 and HMAC as the PRF.
This will panic if hashAlg is not available.
func KDFe ¶
KDFe performs key derivation using the "Concatenation Key Derivation Function (Approved Alternative 1) in the original version of SP800-56A.
This will panic if hashAlg is not available.
func SecretDecrypt ¶
func SecretDecrypt(priv crypto.PrivateKey, hashAlg crypto.Hash, label, secret []byte) (seed []byte, err error)
SecretDecrypt recovers a seed from the supplied secret structure using the private key. It can be used to recover secrets created by the TPM, such as those created by the TPM2_Duplicate command.
The specified digest algorithm must match the name algorithm of the public area associated with the supplied private key.
This will panic if hashAlg is not available.
func SecretEncrypt ¶
func SecretEncrypt(public crypto.PublicKey, hashAlg crypto.Hash, label []byte) (secret []byte, seed []byte, err error)
SecretEncrypt creates a seed and associated secret value using the supplied public key and digest algorithm. The corresponding private key can recover the seed from the returned secret value.
This is useful for sharing secrets with the TPM via the TPM2_Import, TPM2_ActivateCredential and TPM2_StartAuthSession commands.
The supplied digest algorithm must match the name algorithm of the public area associated with the supplied public key.
This will panic if hashAlg is not available.
func SymmetricDecrypt ¶
func SymmetricDecrypt(alg SymmetricAlgorithm, key, iv, data []byte) error
SymmetricDecrypt performs in place symmetric decryption of the supplied data with the supplied cipher using CFB mode.
func SymmetricEncrypt ¶
func SymmetricEncrypt(alg SymmetricAlgorithm, key, iv, data []byte) error
SymmetricEncrypt performs in place symmetric encryption of the supplied data with the supplied cipher using CFB mode.