Documentation ¶
Overview ¶
Package policyutil contains utilties for constructing and executing authorization policies.
Index ¶
- Variables
- func ComputeCpHash(alg tpm2.HashAlgorithmId, command tpm2.CommandCode, handles []Named, ...) (tpm2.Digest, error)
- func ComputeNameHash(alg tpm2.HashAlgorithmId, handles ...Named) (tpm2.Digest, error)
- func ComputePCRDigest(alg tpm2.HashAlgorithmId, pcrs tpm2.PCRSelectionList, values tpm2.PCRValues) (tpm2.Digest, error)
- func ComputePCRDigestFromAllValues(alg tpm2.HashAlgorithmId, values tpm2.PCRValues) (tpm2.PCRSelectionList, tpm2.Digest, error)
- func ComputePolicyAuthorizationTBSDigest(alg crypto.Hash, message []byte, policyRef tpm2.Nonce) []byte
- type Authorizer
- type ExternalSensitiveResources
- type LoadPolicyParams
- type NVAuthorizedPolicy
- type Named
- type NamedHandle
- type NewPolicySessionFn
- type NewTPMHelperFn
- type PersistentResource
- type Policy
- func (p *Policy) AddDigest(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)
- func (p *Policy) Authorize(rand io.Reader, hashAlg tpm2.HashAlgorithmId, authKey *tpm2.Public, ...) error
- func (p *Policy) Branches(alg tpm2.HashAlgorithmId, authorizedPolicies PolicyAuthorizedPolicies) ([]string, error)
- func (p *Policy) Details(alg tpm2.HashAlgorithmId, path string, ...) (map[string]PolicyBranchDetails, error)
- func (p *Policy) Digest(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)
- func (p *Policy) Execute(session PolicySession, resources PolicyResources, tpm TPMHelper, ...) (result *PolicyExecuteResult, err error)
- func (p Policy) Marshal(w io.Writer) error
- func (p *Policy) String() string
- func (p *Policy) Stringer(alg tpm2.HashAlgorithmId, authorizedPolicies PolicyAuthorizedPolicies) fmt.Stringer
- func (p *Policy) Unmarshal(r io.Reader) error
- func (p *Policy) Validate(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)
- type PolicyAuthorization
- type PolicyAuthorizationDetails
- type PolicyAuthorizationError
- type PolicyAuthorizationID
- type PolicyAuthorizedPolicies
- type PolicyAuthorizedPoliciesData
- type PolicyBranchDetails
- func (r *PolicyBranchDetails) CommandCode() (code tpm2.CommandCode, set bool)
- func (r *PolicyBranchDetails) CpHash() (cpHashA tpm2.Digest, set bool)
- func (r *PolicyBranchDetails) IsValid() bool
- func (r *PolicyBranchDetails) NameHash() (nameHash tpm2.Digest, set bool)
- func (r *PolicyBranchDetails) NvWritten() (nvWrittenSet bool, set bool)
- type PolicyBuilder
- type PolicyBuilderBranch
- func (b *PolicyBuilderBranch) AddBranchNode() *PolicyBuilderBranchNode
- func (b *PolicyBuilderBranch) PolicyAuthValue() (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicyAuthorize(policyRef tpm2.Nonce, keySign *tpm2.Public) (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicyCommandCode(code tpm2.CommandCode) (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicyCounterTimer(operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp) (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicyCpHash(code tpm2.CommandCode, handles []Named, params ...interface{}) (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicyDuplicationSelect(object, newParent Named, includeObject bool) (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicyNV(nvIndex *tpm2.NVPublic, operandB tpm2.Operand, offset uint16, ...) (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicyNameHash(handles ...Named) (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicyNvWritten(writtenSet bool) (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicyPCR(values tpm2.PCRValues) (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicyPassword() (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicySecret(authObject Named, policyRef tpm2.Nonce) (tpm2.Digest, error)
- func (b *PolicyBuilderBranch) PolicySigned(authKey *tpm2.Public, policyRef tpm2.Nonce) (tpm2.Digest, error)
- type PolicyBuilderBranchNode
- type PolicyCounterTimerDetails
- type PolicyError
- type PolicyExecuteParams
- type PolicyExecuteResult
- type PolicyNVDetails
- type PolicyNVError
- type PolicyPCRDetails
- type PolicyResources
- type PolicyResourcesData
- type PolicySession
- type PolicySessionUsage
- func (u PolicySessionUsage) AllowAuthValue() bool
- func (u PolicySessionUsage) AuthHandle() NamedHandle
- func (u PolicySessionUsage) CommandCode() tpm2.CommandCode
- func (u PolicySessionUsage) CpHash(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)
- func (u PolicySessionUsage) NameHash(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)
- func (u *PolicySessionUsage) WithAuthIndex(index uint8) *PolicySessionUsage
- func (u *PolicySessionUsage) WithoutAuthValue() *PolicySessionUsage
- type PolicySignedAuthorization
- type PolicySignedParams
- type PolicyTicket
- type ResourceAuthorizeError
- type ResourceContext
- type ResourceLoadError
- type SessionContext
- type SignedAuthorizer
- type TPMHelper
- type TPMHelperParams
- type TPMPolicyResourcesParams
- type TransientResource
Constants ¶
This section is empty.
Variables ¶
var ( // ErrMissingDigest is returned from [Policy.Execute] when a TPM2_PolicyCpHash or // TPM2_PolicyNameHash assertion is missing a digest for the selected session algorithm. ErrMissingDigest = errors.New("missing digest for session algorithm") )
Functions ¶
func ComputeCpHash ¶
func ComputeCpHash(alg tpm2.HashAlgorithmId, command tpm2.CommandCode, handles []Named, params ...interface{}) (tpm2.Digest, error)
ComputeCpHash computes a command parameter digest from the specified command code, the supplied handles, and parameters using the specified digest algorithm.
The required parameters is defined in part 3 of the TPM 2.0 Library Specification for the specific command.
The result of this is useful for extended authorization commands that bind an authorization to a command and set of command parameters, such as tpm2.TPMContext.PolicySigned, tpm2.TPMContext.PolicySecret, tpm2.TPMContext.PolicyTicket and tpm2.TPMContext.PolicyCpHash.
func ComputeNameHash ¶
ComputeNameHash computes a digest from the supplied handles using the specified digest algorithm.
The result of this is useful with tpm2.TPMContext.PolicyNameHash.
func ComputePCRDigest ¶
func ComputePCRDigest(alg tpm2.HashAlgorithmId, pcrs tpm2.PCRSelectionList, values tpm2.PCRValues) (tpm2.Digest, error)
ComputePCRDigest computes a digest using the specified algorithm from the provided set of PCR values and the provided PCR selections. The digest is computed the same way as PCRComputeCurrentDigest as defined in the TPM reference implementation. It is most useful for computing an input to tpm2.TPMContext.PolicyPCR or [TrialAuthPolicy.PolicyPCR], and for validating quotes and creation data.
func ComputePCRDigestFromAllValues ¶
func ComputePCRDigestFromAllValues(alg tpm2.HashAlgorithmId, values tpm2.PCRValues) (tpm2.PCRSelectionList, tpm2.Digest, error)
ComputePCRDigestFromAllValues computes a digest using the specified algorithm from all of the provided set of PCR values. The digest is computed the same way as PCRComputeCurrentDigest as defined in the TPM reference implementation. It returns the PCR selection associated with the computed digest.
func ComputePolicyAuthorizationTBSDigest ¶
func ComputePolicyAuthorizationTBSDigest(alg crypto.Hash, message []byte, policyRef tpm2.Nonce) []byte
ComputePolicyAuthorizationTBSDigest computes the TBS digest for a policy authorization from the supplied message and policy reference. For a TPM2_PolicyAuthorize assertion, message is the approved policy digest.
This will panic if the specified digest algorithm is not available.
Types ¶
type Authorizer ¶
type Authorizer interface { // Authorize sets the authorization value of the specified resource context. Authorize(resource tpm2.ResourceContext) error }
Authorizer provides a way for an implementation to provide authorizations using NewTPMPolicyResources.
type ExternalSensitiveResources ¶ added in v1.4.0
type ExternalSensitiveResources interface {
ExternalSensitive(name tpm2.Name) (*tpm2.Sensitive, error)
}
type LoadPolicyParams ¶
type LoadPolicyParams struct { Tickets []*PolicyTicket // See [PolicyExecuteParams.Tickets] IgnoreAuthorizations []PolicyAuthorizationID // See [PolicyExecuteParams.IgnoreAuthorizations] IgnoreNV []Named // See [PolicyExecuteParams.IgnoreNV] }
LoadPolicyParams contains parameters for policy sessions that are required to execute TPM2_Load commands via [PolicyResources.LoadedResource].
type NVAuthorizedPolicy ¶ added in v1.5.0
type NVAuthorizedPolicy struct { Name tpm2.Name Policy *Policy }
type NamedHandle ¶ added in v1.5.0
type NamedHandle interface { Handle() tpm2.Handle Named }
NamedHandle is some resource that has a name and a handle.
type NewPolicySessionFn ¶ added in v1.4.0
type NewPolicySessionFn func(*tpm2.TPMContext, tpm2.SessionContext, ...tpm2.SessionContext) PolicySession
type NewTPMHelperFn ¶ added in v1.4.0
type NewTPMHelperFn func(*tpm2.TPMContext, ...tpm2.SessionContext) TPMHelper
type PersistentResource ¶
type PersistentResource struct { Name tpm2.Name Handle tpm2.Handle Policy *Policy }
PersistentResource contains details associated with a persistent object or NV index.
type Policy ¶
type Policy struct {
// contains filtered or unexported fields
}
Policy corresponds to an authorization policy. It can be serialized with github.com/canonical/go-tpm2/mu.
func (*Policy) AddDigest ¶ added in v1.4.0
AddDigest computes and adds an additional digest to this policy for the specified algorithm. The policy should be persisted after calling this if it is going to be used for a resource wth the specified algorithm. On success, it returns the computed digest.
This will fail for policies that contain TPM2_PolicyCpHash or TPM2_PolicyNameHash assertions, These can only be computed for a single digest algorithm, because they are bound to a name.
func (*Policy) Authorize ¶
func (p *Policy) Authorize(rand io.Reader, hashAlg tpm2.HashAlgorithmId, authKey *tpm2.Public, policyRef tpm2.Nonce, signer crypto.Signer, opts crypto.SignerOpts) error
Authorize signs this policy with the supplied signer so that it can be used as an authorized policy for a TPM2_PolicyAuthorize assertion with the supplied authKey and policyRef. Calling this updates the policy, so it should be persisted afterwards.
TPM2_PolicyAuthorize expects the digest algorithm of the signature to match the name algorithm of the public key, so the name algorithm of authKey must match the algorithm supplied through the opts argument. The specified hashAlg argument is used to select the policy digest to sign.
This expects the policy to contain a digest for the selected algorithm already.
func (*Policy) Branches ¶
func (p *Policy) Branches(alg tpm2.HashAlgorithmId, authorizedPolicies PolicyAuthorizedPolicies) ([]string, error)
Branches returns the path of every branch in this policy.
If the authorizedPolicies argument is supplied, associated authorized policies will be merged into the result, otherwise missing authorized policies will be represented by a path component of the form "<authorize:key:%#x,ref:%#x>". The supplied algorithm is only really required for policies that make use of authorized policies, and is used to select the algorithm for encoding the path component for an authorized policy, which is the policy digest. Setting this to tpm2.HashAlgorithmNull selects the first digest algorithm that this policy is computed for.
func (*Policy) Details ¶
func (p *Policy) Details(alg tpm2.HashAlgorithmId, path string, authorizedPolicies PolicyAuthorizedPolicies) (map[string]PolicyBranchDetails, error)
Details returns details of all branches with the supplied path prefix, for the specified algorithm. If the specified algorithm is tpm2.HashAlgorithmNull, then the first algorithm the policy is computed for is used.
If the authorizedPolicies argument is supplied, details of branches from associated authorized policies will be inserted into the result.
func (*Policy) Digest ¶
Digest returns the digest for this policy for the specified algorithm, if it has been computed. If it hasn't been computed, ErrMissingDigest is returned.
func (*Policy) Execute ¶
func (p *Policy) Execute(session PolicySession, resources PolicyResources, tpm TPMHelper, params *PolicyExecuteParams) (result *PolicyExecuteResult, err error)
Execute runs this policy using the supplied policy session.
The caller may supply additional parameters via the PolicyExecuteParams struct, which is an optional argument.
Resources required by a policy are obtained from the supplied PolicyResources, which is optional but must be supplied for any policy that executes TPM2_PolicyNV, TPM2_PolicySecret, TPM2_PolicySigned or TPM2_PolicyAuthorize assertions.
Some assertions need to make use of other TPM functions. Access to these is provided via the TPMHelper argument. This is optional, but must be supplied for any policy that executes TPM2_PolicyNV, TPM2_PolicySecret, TPM2_PolicySigned, or TPM2_PolicyAuthorize assertions, or any policy that contains branches with TPM2_PolicyPCR or TPM2_PolicyCounterTimer assertions where branches aren't selected explicitly.
TPM2_PolicyNV assertions will create a session for authorizing the associated NV index. The auth type is determined automatically from the NV index attributes, but where both HMAC and policy auth is supported, policy auth is used.
TPM2_PolicySecret assertions will create a session for authorizing the associated resource. The auth type is determined automatically based on the public attributes for NV indices and ordinary objects, but where both HMAC and policy auth is supported, HMAC auth is used. If the resource is a permanent resource, then only HMAC auth is used.
The caller may explicitly select branches and authorized policies to execute via the Path argument of PolicyExecuteParams. Alternatively, if a path is not specified explicitly, or a component contains a wildcard match, an appropriate execution path is selected automatically where possible. This works by selecting the first suitable path, with a preference for paths that don't include TPM2_PolicySecret, TPM2_PolicySigned, TPM2_PolicyAuthValue, and TPM2_PolicyPassword assertions. It also has a preference for paths that don't include TPM2_PolicyNV assertions that require authorization to use or read. A path is omitted from the set of suitable paths if any of the following conditions are true:
- It contains a command code, command parameter hash, or name hash that doesn't match the supplied PolicySessionUsage.
- It contains a TPM2_PolicyAuthValue or TPM2_PolicyPassword assertion and this isn't permitted by the supplied PolicySessionUsage.
- It uses TPM2_PolicyNvWritten with a value that doesn't match the public area of the NV index provided via the supplied PolicySessionUsage.
- It uses TPM2_PolicySigned, TPM2_PolicySecret or TPM2_PolicyAuthorize and the specific authorization is included in the IgnoreAuthorizations field of PolicyExecuteParams.
- It uses TPM2_PolicyNV and the NV index is included in the IgnoreNV field of PolicyExecuteParams
- It uses TPM2_PolicyNV with conditions that will fail against the current NV index contents, if the index has an authorization policy that permits the use of TPM2_NV_Read without any other conditions, else the condition isn't checked.
- It uses TPM2_PolicyPCR with values that don't match the current PCR values.
- It uses TPM2_PolicyCounterTimer with conditions that will fail.
Note that this automatic selection makes the following assumptions:
- TPM2_PolicySecret assertions always succeed. Where they are known to not succeed because the authorization value isn't known or the resource can't be loaded, add the assertion details to the IgnoreAuthorizations field of PolicyExecuteParams.
- TPM2_PolicySigned assertions always succeed. Where they are known to not succeed because an assertion can't be provided or it is invalid, add the assertion details to the IgnoreAuthorizations field of PolicyExecuteParams.
- TPM2_PolicyAuthorize assertions always succeed if policies are returned from the implementation of [PolicyResourceLoader.LoadAuthorizedPolicies]. Where these are known to not succeed, add the assertion details to the IgnoreAuthorizations field of PolicyExecuteParams.
- TPM2_PolicyNV assertions on NV indexes that require authorization to read will always succeed. Where these are known to not suceed, add the assertion details to the IgnoreNV field of PolicyExecuteParams.
On success, the supplied policy session may be used for authorization in a context that requires that this policy is satisfied. Information about the result of executing the session is also returned.
func (Policy) Marshal ¶
Marshal implements mu.CustomMarshaller.Marshal.
func (*Policy) Stringer ¶ added in v1.5.0
func (p *Policy) Stringer(alg tpm2.HashAlgorithmId, authorizedPolicies PolicyAuthorizedPolicies) fmt.Stringer
Stringer returns a fmt.Stringer that will print a string representation of the policy for the specified digest algorithm. The policy must already include this algorithm. If the algorithm is tpm2.HashAlgorithmNull, then the first computed algorithm will be used. If authorizedPolicies is supplied, the string representation will include the relevant authorized policies as well.
func (*Policy) Unmarshal ¶
Unmarshal implements mu.CustomMarshaller.Unarshal.
type PolicyAuthorization ¶
type PolicyAuthorization struct { AuthKey *tpm2.Public // The public key of the signer, associated with the corresponding assertion. PolicyRef tpm2.Nonce // The policy ref of the corresponding assertion Signature *tpm2.Signature // The actual signature }
PolicyAuthorization corresponds to a signed authorization.
func SignPolicyAuthorization ¶
func SignPolicyAuthorization(rand io.Reader, message []byte, authKey *tpm2.Public, policyRef tpm2.Nonce, signer crypto.Signer, opts crypto.SignerOpts) (*PolicyAuthorization, error)
SignPolicyAuthorization signs a new policy authorization using the supplied signer and options. Note that only RSA-SSA, RSA-PSS, ECDSA and HMAC signatures can be created.
The authKey argument is the corresponding public key. Both the authKey and policyRef arguments bind the authorization to a specific assertion in a policy.
If the authorization is for use with TPM2_PolicyAuthorize then the supplied message is the approved policy digest. This can sign authorizations for TPM2_PolicySigned as well, but SignPolicySignedAuthorization is preferred for that because it constructs the message appropriately.
This will panic if the specified digest algorithm is not available.
func (*PolicyAuthorization) Verify ¶
func (a *PolicyAuthorization) Verify(message []byte) (ok bool, err error)
Verify verifies the signature of this authorization. If the authorization is for use with TPM2_PolicyAuthorize then the supplied message is the approved policy digest. This can verify authorizations for TPM2_PolicySigned as well, but PolicySignedAuthorization.Verify is preferred for that because it constructs the message appropriately.
type PolicyAuthorizationDetails ¶
type PolicyAuthorizationDetails struct { AuthName tpm2.Name PolicyRef tpm2.Nonce }
PolicyAuthorizationDetails contains the properties of a TPM2_PolicySecret, TPM2_PolicySigned or TPM2_PolicyAuthorize assertion.
type PolicyAuthorizationError ¶
type PolicyAuthorizationError struct { AuthName tpm2.Name PolicyRef tpm2.Nonce // contains filtered or unexported fields }
PolicyAuthorizationError is returned from Policy.Execute if:
- the policy uses TPM2_PolicySecret and the associated resource could not be authorized. When this occurs because there was an error loading the associated resource, this will wrap a *ResourceLoadError. If there was an error authorizing use of the resource with a policy session, this will wrap a *ResourceAuthorizeError.
- the policy uses TPM2_PolicySigned and no or an invalid signed authorization was supplied.
- the policy uses TPM2_PolicyAuthorize and no or an invalid authorized policy was supplied.
func (*PolicyAuthorizationError) Error ¶
func (e *PolicyAuthorizationError) Error() string
func (*PolicyAuthorizationError) Unwrap ¶
func (e *PolicyAuthorizationError) Unwrap() error
type PolicyAuthorizationID ¶
type PolicyAuthorizationID = PolicyAuthorizationDetails
PolicyAuthorizationID contains an identifier for a TPM2_PolicySecret, TPM2_PolicySigned or TPM2_PolicyAuthorize assertion.
type PolicyAuthorizedPolicies ¶ added in v1.5.0
type PolicyAuthorizedPolicies interface { // AuthorizedPolicies returns a set of policies that are signed by the key with // the specified name, appropriate for a TPM2_PolicyAuthorize assertion with the // specified reference. AuthorizedPolicies(keySign tpm2.Name, policyRef tpm2.Nonce) ([]*Policy, error) }
PolicyAuthorizedPolicies provides a way for Policy.Branches, Policy.Details and Policy.Stringer to access authorized policies that are required by a policy.
func NewPolicyAuthorizedPolicies ¶ added in v1.5.0
func NewPolicyAuthorizedPolicies(policies []*Policy, nvPolicies []NVAuthorizedPolicy) PolicyAuthorizedPolicies
type PolicyAuthorizedPoliciesData ¶ added in v1.5.0
type PolicyAuthorizedPoliciesData struct {
AuthorizedPolicies []*Policy
}
type PolicyBranchDetails ¶
type PolicyBranchDetails struct { NV []PolicyNVDetails // TPM2_PolicyNV assertions Secret []PolicyAuthorizationDetails // TPM2_PolicySecret assertions Signed []PolicyAuthorizationDetails // TPM2_PolicySigned assertions Authorize []PolicyAuthorizationDetails // TPM2_PolicyAuthorize assertions AuthValueNeeded bool // The branch contains a TPM2_PolicyAuthValue or TPM2_PolicyPassword assertion CounterTimer []PolicyCounterTimerDetails // TPM2_PolicyCounterTimer assertions PCR []PolicyPCRDetails // TPM2_PolicyPCR assertions // contains filtered or unexported fields }
PolicyBranchDetails contains the properties of a single policy branch.
func (*PolicyBranchDetails) CommandCode ¶
func (r *PolicyBranchDetails) CommandCode() (code tpm2.CommandCode, set bool)
The command code associated with a branch if set, either set by the TPM2_PolicyCommandCode or TPM2_PolicyDuplicationSelect assertion.
func (*PolicyBranchDetails) CpHash ¶
func (r *PolicyBranchDetails) CpHash() (cpHashA tpm2.Digest, set bool)
The cpHash associated with a branch if set, either set by the TPM2_PolicyCpHash, TPM2_PolicySecret, or TPM2_PolicySigned assertions.
func (*PolicyBranchDetails) IsValid ¶
func (r *PolicyBranchDetails) IsValid() bool
IsValid indicates whether the corresponding policy branch is valid.
func (*PolicyBranchDetails) NameHash ¶
func (r *PolicyBranchDetails) NameHash() (nameHash tpm2.Digest, set bool)
The nameHash associated with a branch if set, either set by the TPM2_PolicyNameHash or TPM2_PolicyDuplicationSelect assertion.
func (*PolicyBranchDetails) NvWritten ¶
func (r *PolicyBranchDetails) NvWritten() (nvWrittenSet bool, set bool)
The nvWrittenSet value associated with a branch if set.
type PolicyBuilder ¶
type PolicyBuilder struct {
// contains filtered or unexported fields
}
PolicyBuilder provides a way to compute an authorization policy. A policy consists of a sequence of assertions, and may contain sub-branches in order to create a policy that can satisfy multiple conditions. A policy can be arbitrarily complex.
All policies have a root branch and execution with Policy.Execute starts with this branch. Whenever a branch node is encountered, a sub-branch is chosen. Execution then continues with the chosen sub-branch until all assertions in it have been executed. Execution then resumes in the parent branch, with the assertion immediately following the branch node.
The PolicyBuilder API only allows a policy to be appended to.
The PolicyBuilder instance will be marked as failed whenever an error occurs. This means that it isn't necessary to check errors for every call. In the event of an earlier error, calls to PolicyBuilder.Policy and PolicyBuilder.Digest will return an error.
XXX: Note that the PolicyBuilder API may change.
func NewPolicyBuilder ¶
func NewPolicyBuilder(alg tpm2.HashAlgorithmId) *PolicyBuilder
NewPolicyBuilder returns a new PolicyBuilder.
func NewPolicyBuilderOR ¶ added in v1.4.0
func NewPolicyBuilderOR(alg tpm2.HashAlgorithmId, policies ...*Policy) *PolicyBuilder
NewPolicyBuilderOR returns a new PolicyBuilder initialized with a TPM2_PolicyOR assertion of the supplied policies. This is to make it possible to use this API to compute digests of policies with branches without having to use the Policy API to execute them, or to build policies with branches with low-level control of branch execution by manually executing a sequence of Policy instances. Applications that use Policy for execution should normally just make use of PolicyBuilderBranch.AddBranchNode and PolicyBuilderBranchNode.AddBranch for constructing policies with branches though.
func (*PolicyBuilder) Digest ¶ added in v1.5.0
func (b *PolicyBuilder) Digest() (tpm2.Digest, error)
Digest returns the current digest. This will commit the current PolicyBuilderBranchNode to the root PolicyBuilderBranch if it hasn't been done already.
This will return an error if any call when building the policy failed.
func (*PolicyBuilder) Policy ¶
func (b *PolicyBuilder) Policy() (tpm2.Digest, *Policy, error)
Policy returns the current policy and digest. This will commit the current PolicyBuilderBranchNode to the root PolicyBuilderBranch if it hasn't been done already.
This will return an error if any call when building the policy failed.
func (*PolicyBuilder) RootBranch ¶
func (b *PolicyBuilder) RootBranch() *PolicyBuilderBranch
RootBranch returns the root branch associated with the policy that is being built.
type PolicyBuilderBranch ¶
type PolicyBuilderBranch struct {
// contains filtered or unexported fields
}
PolicyBuilderBranch corresponds to a branch in a policy that is being computed.
func (*PolicyBuilderBranch) AddBranchNode ¶
func (b *PolicyBuilderBranch) AddBranchNode() *PolicyBuilderBranchNode
AddBranchNode adds a branch node to this branch from which sub-branches can be added. This makes it possible to create policies that can be satisified with different sets of conditions. One of the sub-branches will be selected during execution, and will be executed before the remaining assertions in this branch.
The branches added to the returned branch node will be committed to this branch and the branch node will be locked from further modifications by subsequent additions to this branch, or any ancestor branches, or by calling PolicyBuilder.Policy or PolicyBuilder.Digest. This ensures that branches can only append to a policy with the PolicyBuilder API.
func (*PolicyBuilderBranch) PolicyAuthValue ¶
func (b *PolicyBuilderBranch) PolicyAuthValue() (tpm2.Digest, error)
PolicyAuthValue adds a TPM2_PolicyAuthValue assertion to this branch so that the policy requires knowledge of the authorization value of the resource on which the policy session is used.
func (*PolicyBuilderBranch) PolicyAuthorize ¶
func (b *PolicyBuilderBranch) PolicyAuthorize(policyRef tpm2.Nonce, keySign *tpm2.Public) (tpm2.Digest, error)
PolicyAuthorize adds a TPM2_PolicyAuthorize assertion to this branch so that the policy can be changed by allowing the authorizing entity to sign new policies.
When Policy.Execute runs this assertion, it will select an execute an appropriate authorized policy.
This assertion must come before any other assertions in a policy. Whilst this is not a limitation of how this works on the TPM, the Policy.Authorize and Policy.Execute APIs currently do not support authorized policies with a non-empty starting digest.
func (*PolicyBuilderBranch) PolicyCommandCode ¶
func (b *PolicyBuilderBranch) PolicyCommandCode(code tpm2.CommandCode) (tpm2.Digest, error)
PolicyCommandCode adds a TPM2_PolicyCommandCode assertion to this branch to bind the policy to the specified command.
func (*PolicyBuilderBranch) PolicyCounterTimer ¶
func (b *PolicyBuilderBranch) PolicyCounterTimer(operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp) (tpm2.Digest, error)
PolicyCounterTimer adds a TPM2_PolicyCounterTimer assertion to this branch to bind the policy to the contents of the tpm2.TimeInfo structure.
func (*PolicyBuilderBranch) PolicyCpHash ¶
func (b *PolicyBuilderBranch) PolicyCpHash(code tpm2.CommandCode, handles []Named, params ...interface{}) (tpm2.Digest, error)
PolicyCpHash adds a TPM2_PolicyCpHash assertion to this branch in order to bind the policy to the supplied command parameters.
As this binds the authorization to an object and and a policy has to have the same algorithm as this, policies with this assertion can only be computed for a single digest algorithm.
func (*PolicyBuilderBranch) PolicyDuplicationSelect ¶
func (b *PolicyBuilderBranch) PolicyDuplicationSelect(object, newParent Named, includeObject bool) (tpm2.Digest, error)
PolicyDuplicationSelect adds a TPM2_PolicyDuplicationSelect assertion to this branch in order to permit duplication of object to newParent with the tpm2.TPMContext.Duplicate function. If includeObject is true, then the assertion is bound to both object and newParent. If includeObject is false then the assertion is only bound to newParent. In this case, supplying object is optional. Note that when the TPM2_PolicyDuplicationSelect assertions is executed, the object name must be supplied because the assertion sets the name hash of the session. If object is supplied here, then it will be included in the policy and used when the assertion is executed. If it isn't supplied here, then it will be obtained from the PolicySessionUsage supplied to Policy.Execute.
func (*PolicyBuilderBranch) PolicyNV ¶
func (b *PolicyBuilderBranch) PolicyNV(nvIndex *tpm2.NVPublic, operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp) (tpm2.Digest, error)
PolicyNV adds a TPM2_PolicyNV assertion to this branch in order to bind the policy to the contents of the specified index. The caller specifies a value to be used for the comparison via the operandB argument, an offset from the start of the NV index data from which to start the comparison via the offset argument, and a comparison operator via the operation argument.
When using this assertion, it is generally good practise for the NV index to have an authorization policy that permits the use of TPM2_PolicyNV and TPM2_NV_Read without any conditions (ie, a policy with branches for those commands without any additional assertions). Where this assertion appears in a policy with multiple branches or a policy that is authorized, the contents of the NV index will be tested in the process of automatic branch selection if the index has a policy that permits the use of TPM2_NV_Read without any other conditions.
func (*PolicyBuilderBranch) PolicyNameHash ¶
func (b *PolicyBuilderBranch) PolicyNameHash(handles ...Named) (tpm2.Digest, error)
PolicyNameHash adds a TPM2_PolicyNameHash assertion to this branch in order to bind the policy to the supplied command handles.
As this binds the authorization to an object and and a policy has to have the same algorithm as this, policies with this assertion can only be computed for a single digest algorithm.
func (*PolicyBuilderBranch) PolicyNvWritten ¶
func (b *PolicyBuilderBranch) PolicyNvWritten(writtenSet bool) (tpm2.Digest, error)
PolicyNvWritten adds a TPM2_PolicyNvWritten assertion to this branch in order to bind the policy to the status of the tpm2.AttrNVWritten attribute for the NV index on which the session is used.
func (*PolicyBuilderBranch) PolicyPCR ¶
func (b *PolicyBuilderBranch) PolicyPCR(values tpm2.PCRValues) (tpm2.Digest, error)
PolicyPCR adds a TPM2_PolicyPCR assertion to this branch in order to bind the policy to the supplied PCR values.
func (*PolicyBuilderBranch) PolicyPassword ¶
func (b *PolicyBuilderBranch) PolicyPassword() (tpm2.Digest, error)
PolicyPassword adds a TPM2_PolicyPassword assertion to this branch so that the policy requires knowledge of the authorization value of the resource on which the policy session is used.
func (*PolicyBuilderBranch) PolicySecret ¶
func (b *PolicyBuilderBranch) PolicySecret(authObject Named, policyRef tpm2.Nonce) (tpm2.Digest, error)
PolicySecret adds a TPM2_PolicySecret assertion to this branch so that the policy requires knowledge of the authorization value of the object associated with authObject.
func (*PolicyBuilderBranch) PolicySigned ¶
func (b *PolicyBuilderBranch) PolicySigned(authKey *tpm2.Public, policyRef tpm2.Nonce) (tpm2.Digest, error)
PolicySigned adds a TPM2_PolicySigned assertion to this branch so that the policy requires an assertion signed by the owner of the supplied key.
type PolicyBuilderBranchNode ¶
type PolicyBuilderBranchNode struct {
// contains filtered or unexported fields
}
PolicyBuilderBranchNode is a point in a PolicyBuilderBranch to which sub-branches can be added.
func (*PolicyBuilderBranchNode) AddBranch ¶
func (n *PolicyBuilderBranchNode) AddBranch(name string) *PolicyBuilderBranch
AddBranch adds a new branch to this branch node. The branch can be created with an optional name which can be used to select it during execution.
The returned branch will be locked from further modifications when the branches associated with this node are committed to the parent branch (see PolicyBuilderBranch.AddBranchNode).
type PolicyCounterTimerDetails ¶
type PolicyCounterTimerDetails struct { OperandB tpm2.Operand Offset uint16 Operation tpm2.ArithmeticOp }
PolicyCounterTimerDetails contains the properties of a TPM2_PolicyCounterTimer assertion.
type PolicyError ¶
type PolicyError struct { Path string // the path of the branch at which the error occurred // contains filtered or unexported fields }
PolicyError is returned from Policy.Execute and other methods when an error is encountered during some processing of a policy. It provides an indication of where an error occurred.
func (*PolicyError) Error ¶
func (e *PolicyError) Error() string
func (*PolicyError) Unwrap ¶
func (e *PolicyError) Unwrap() error
type PolicyExecuteParams ¶
type PolicyExecuteParams struct { // Tickets supplies tickets for TPM2_PolicySecret and TPM2_PolicySigned assertions. // These are also passed to sub-policies. Tickets []*PolicyTicket // Usage describes how the executed policy will be used, and assists with // automatically selecting branches where a policy has command context-specific // branches. Usage *PolicySessionUsage // Path provides a way to explicitly select branches or authorized policies to // execute. A path consists of zero or more components separated by a '/' // character, with each component identifying a branch to select when a branch // node is encountered (or a policy to select when an authorized policy is // required) during execution. When a branch node or authorized policy is // encountered, the selected sub-branch or policy is executed before resuming // execution in the original branch. // // When selecting a branch, a component can either identify a branch by its // name (if it has one), or it can be a numeric identifier of the form "{n}" // which selects the branch at index n. // // When selecting an authorized policy, a component identifies the policy by // specifying the digest of the policy for the current session algorithm. // // If a component is "**", then Policy.Execute will attempt to automatically // select an execution path for the entire sub-tree associated with the current // branch node or authorized policy. This includes choosing additional // branches and authorized policies encountered during the execution of the // selected sub-tree. Remaining path components will be consumed when resuming // execution in the original branch // // If a component is "*", then Policy.Execute will attempt to automatically // select an immediate sub-branch or authorized policy, but additional branches // and authorized policies encountered during the execution of the selected // sub-tree will consume additional path components. // // If the path has insufficent components for the branch nodes or authorized policies // encountered in a policy, Policy.Execute will attempt to select an appropriate // execution path for the remainder of the policy automatically. Path string // IgnoreAuthorizations can be used to indicate that branches containing TPM2_PolicySigned, // TPM2_PolicySecret or TPM2_PolicyAuthorize assertions matching the specified ID should // be ignored. This can be used where these assertions have failed on previous runs. // This propagates to sub-policies. IgnoreAuthorizations []PolicyAuthorizationID // IgnoreNV can be used to indicate that branches containing TPM2_PolicyNV assertions // with an NV index matching the specified name should be ignored. This can be used where // these assertions have failed due to an authorization issue on previous runs. This // propagates to sub-policies. IgnoreNV []Named }
PolicyExecuteParams contains parameters that are useful for executing a policy.
type PolicyExecuteResult ¶
type PolicyExecuteResult struct { // NewTickets contains tickets that were created as a result of executing this policy. NewTickets []*PolicyTicket // InvalidTickets contains those tickets originally supplied to [Policy.Execute] that // were used but found to be invalid. These tickets shouldn't be supplied to // [Policy.Execute] again. InvalidTickets []*PolicyTicket // AuthValueNeeded indicates that the policy executed the TPM2_PolicyAuthValue or // TPM2_PolicyPassword assertion. AuthValueNeeded bool // Path indicates the executed path. Path string // contains filtered or unexported fields }
PolicyExecuteResult is returned from Policy.Execute.
func (*PolicyExecuteResult) CommandCode ¶ added in v1.4.0
func (r *PolicyExecuteResult) CommandCode() (code tpm2.CommandCode, set bool)
CommandCode returns the command code if a TPM2_PolicyCommandCode or TPM2_PolicyDuplicationSelect assertion was executed.
func (*PolicyExecuteResult) CpHash ¶ added in v1.4.0
func (r *PolicyExecuteResult) CpHash() (cpHashA tpm2.Digest, set bool)
CpHash returns the command parameter hash if a TPM2_PolicyCpHash assertion was executed or a TPM2_PolicySecret or TPM2_PolicySigned assertion was executed with a cpHash.
func (*PolicyExecuteResult) NameHash ¶ added in v1.4.0
func (r *PolicyExecuteResult) NameHash() (nameHash tpm2.Digest, set bool)
NameHash returns the name hash if a TPM2_PolicyNameHash or TPM2_PolicyDuplicationSelect assertion was executed.
func (*PolicyExecuteResult) NvWritten ¶ added in v1.4.0
func (r *PolicyExecuteResult) NvWritten() (nvWrittenSet bool, set bool)
NvWritten returns the nvWrittenSet value if a TPM2_PolicyNvWritten assertion was executed.
type PolicyNVDetails ¶
type PolicyNVDetails struct { Auth tpm2.Handle Index tpm2.Handle Name tpm2.Name OperandB tpm2.Operand Offset uint16 Operation tpm2.ArithmeticOp }
PolicyNVDetails contains the properties of a TPM2_PolicyNV assertion.
type PolicyNVError ¶
type PolicyNVError struct { Index tpm2.Handle // The NV index handle Name tpm2.Name // The NV index name // contains filtered or unexported fields }
PolicyNVError is returned from Policy.Execute and other methods when an error is encountered when executing a TPM2_PolicyNV assertion. If there was an error authorizing use of the NV index with a policy session, this will wrap a *ResourceAuthorizeError.
func (*PolicyNVError) Error ¶
func (e *PolicyNVError) Error() string
func (*PolicyNVError) Unwrap ¶
func (e *PolicyNVError) Unwrap() error
type PolicyPCRDetails ¶
type PolicyPCRDetails struct { PCRDigest tpm2.Digest PCRs tpm2.PCRSelectionList }
PolicyPCRDetails contains the properties of a TPM2_PolicyPCR assertion.
type PolicyResources ¶
type PolicyResources interface { // LoadedResource loads the resource with the specified name if required, and returns // a context. The Flush method of the returned context will be called once the resource // is no longer needed. // // This should return an error if no resource can be returned. LoadedResource(name tpm2.Name, policyParams *LoadPolicyParams) (resource ResourceContext, newTickets []*PolicyTicket, invalidTickets []*PolicyTicket, err error) // Policy returns a policy for the resource with the specified name if there // is one. As a policy is optional, returning a nil policy isn't an error. Policy(name tpm2.Name) (*Policy, error) // AuthorizedPolicies returns a set of policies that are signed by the key with // the specified name, appropriate for a TPM2_PolicyAuthorize assertion with the // specified reference. AuthorizedPolicies(keySign tpm2.Name, policyRef tpm2.Nonce) ([]*Policy, error) // Authorize sets the authorization value of the specified resource context. Authorize(resource tpm2.ResourceContext) error // SignedAuthorization signs a TPM2_PolicySigned authorization for the specified key, policy ref // and session nonce. The supplied algorithm is the session algorithm, which should be // used to construct a cpHash if desired. SignedAuthorization(sessionAlg tpm2.HashAlgorithmId, sessionNonce tpm2.Nonce, authKey tpm2.Name, policyRef tpm2.Nonce) (*PolicySignedAuthorization, error) // ContextSave saves the context of the transient resource associated with the supplied // handle. This will return nil if it fails. ContextSave(resource tpm2.ResourceContext) *tpm2.Context // ContextLoad loads the supplied context and returns a transient handle. This will return // nil if the context can't be loaded or isn't a transient resource. ContextLoad(context *tpm2.Context, policy *Policy) ResourceContext // ExternalSensitive returns the sensitive area associated with the supplied name, to be // loaded with TPM2_LoadExternal. ExternalSensitive(name tpm2.Name) (*tpm2.Sensitive, error) }
PolicyResources provides a way for Policy.Execute to access resources that are required by a policy.
func NewTPMPolicyResources ¶
func NewTPMPolicyResources(tpm *tpm2.TPMContext, data *PolicyResourcesData, params *TPMPolicyResourcesParams, sessions ...tpm2.SessionContext) PolicyResources
NewTPMPolicyResources returns a PolicyResources implementation that uses the supplied data and communicates with the supplied TPM.
The supplied data provides information about persistent resources, NV indexes, loadable objects and authorized policies that might be used when executing a policy. The supplied information can associate resources with policies so that these can be executed automatically when executing a policy that makes use of these resources.
Information about persistent resources and NV indexes doesn't need to be supplied explicitly if there is no need to associate a policy with them. The returned TPMHelper implementation will query TPM handles whenever a policy requires a persistent resource or NV index for which there is no information.
The returned TPMHelper implementation doesn't support associating policies with permanent resources - policies that use permanent resources will only use HMAC authorization.
When loading transient objects to use for a policy, the returned TPMHelper implementation will automatically load any prerequisite parent objects first, as long as the details of these are supplied.
Authorization values for resources, or signed authorizations or external sensitive areas for TPM2_PolicySigned assertions are requested using interfaces supplied via the optional parameters.
type PolicyResourcesData ¶
type PolicyResourcesData struct { // Persistent contains the details associated with persistent objects and // NV indexes. Persistent []PersistentResource // Transient contains the details associated with loadable transient objects. Transient []TransientResource // AuthorizedPolicies contain authorized sub-policies AuthorizedPolicies []*Policy NVAuthorizedPolicies []NVAuthorizedPolicy // currently unused }
PolicyResourcesData contains the resources that are required by NewTPMPolicyResources.
type PolicySession ¶ added in v1.4.0
type PolicySession interface { Context() SessionContext Name() tpm2.Name HashAlg() tpm2.HashAlgorithmId PolicySigned(authKey tpm2.ResourceContext, includeNonceTPM bool, cpHashA tpm2.Digest, policyRef tpm2.Nonce, expiration int32, auth *tpm2.Signature) (tpm2.Timeout, *tpm2.TkAuth, error) PolicySecret(authObject tpm2.ResourceContext, cpHashA tpm2.Digest, policyRef tpm2.Nonce, expiration int32, authObjectAuthSession tpm2.SessionContext) (tpm2.Timeout, *tpm2.TkAuth, error) PolicyTicket(timeout tpm2.Timeout, cpHashA tpm2.Digest, policyRef tpm2.Nonce, authName tpm2.Name, ticket *tpm2.TkAuth) error PolicyOR(pHashList tpm2.DigestList) error PolicyPCR(pcrDigest tpm2.Digest, pcrs tpm2.PCRSelectionList) error PolicyNV(auth, index tpm2.ResourceContext, operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp, authAuthSession tpm2.SessionContext) error PolicyCounterTimer(operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp) error PolicyCommandCode(code tpm2.CommandCode) error PolicyCpHash(cpHashA tpm2.Digest) error PolicyNameHash(nameHash tpm2.Digest) error PolicyDuplicationSelect(objectName, newParentName tpm2.Name, includeObject bool) error PolicyAuthorize(approvedPolicy tpm2.Digest, policyRef tpm2.Nonce, keySign tpm2.Name, verified *tpm2.TkVerified) error PolicyAuthValue() error PolicyPassword() error PolicyGetDigest() (tpm2.Digest, error) PolicyNvWritten(writtenSet bool) error }
PolicySession corresponds to a policy session
func NewTPMPolicySession ¶ added in v1.4.0
func NewTPMPolicySession(tpm *tpm2.TPMContext, policySession tpm2.SessionContext, sessions ...tpm2.SessionContext) PolicySession
type PolicySessionUsage ¶
type PolicySessionUsage struct {
// contains filtered or unexported fields
}
PolicySessionUsage describes how a policy session will be used, and assists with automatically selecting branches where a policy has command context-specific branches.
func NewPolicySessionUsage ¶
func NewPolicySessionUsage(command tpm2.CommandCode, handles []NamedHandle, params ...interface{}) *PolicySessionUsage
NewPolicySessionUsage creates a new PolicySessionUsage. The returned usage will assume that the session is being used for authorization of the first handle, which is true in the vast majority of cases. If the session is being used for authorization of another handle, use [WithAuthIndex].
func (PolicySessionUsage) AllowAuthValue ¶ added in v1.5.0
func (u PolicySessionUsage) AllowAuthValue() bool
AllowAuthValue indicates whether this usage permits use of the auth value for the resource being authorized.
func (PolicySessionUsage) AuthHandle ¶ added in v1.5.0
func (u PolicySessionUsage) AuthHandle() NamedHandle
AuthHandle returns the handle for the resource being authorized.
func (PolicySessionUsage) CommandCode ¶ added in v1.5.0
func (u PolicySessionUsage) CommandCode() tpm2.CommandCode
CommandCode returns the command code for this usage.
func (PolicySessionUsage) CpHash ¶ added in v1.5.0
func (u PolicySessionUsage) CpHash(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)
CpHash returns the command parameter hash for this usage for the specified session algorithm.
func (PolicySessionUsage) NameHash ¶ added in v1.5.0
func (u PolicySessionUsage) NameHash(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)
NameHash returns the name hash for this usage for the specified session algorithm.
func (*PolicySessionUsage) WithAuthIndex ¶ added in v1.5.0
func (u *PolicySessionUsage) WithAuthIndex(index uint8) *PolicySessionUsage
WithAuthIndex indicates that the policy session is being used for authorization of the handle at the specified index (zero indexed). This is zero for most commands, where most commands only have a single handle that requires authorization. There are a few commands that require authorization for 2 handles: TPM2_ActivateCredential, TPM2_EventSequenceComplete, TPM2_Certify, TPM2_GetSessionAuditDigest, TPM2_GetCommandAuditDigest, TPM2_GetTime, TPM2_CertifyX509, TPM2_NV_UndefineSpaceSpecial, TPM2_NV_Certify, and TPM2_AC_Send.
func (*PolicySessionUsage) WithoutAuthValue ¶ added in v1.5.0
func (u *PolicySessionUsage) WithoutAuthValue() *PolicySessionUsage
WithoutAuthValue indicates that the policy session is being used to authorize a resource that the authorization value cannot be determined for.
type PolicySignedAuthorization ¶
type PolicySignedAuthorization struct { NonceTPM tpm2.Nonce // The TPM nonce of the session that this authorization is bound to CpHash tpm2.Digest // The command parameters that this authorization is bound to Expiration int32 // The expiration time of this authorization PolicyAuthorization }
PolicySignedAuthorization represents a signed authorization for a TPM2_PolicySigned assertion.
func SignPolicySignedAuthorization ¶
func SignPolicySignedAuthorization(rand io.Reader, params *PolicySignedParams, authKey *tpm2.Public, policyRef tpm2.Nonce, signer crypto.Signer, opts crypto.SignerOpts) (*PolicySignedAuthorization, error)
SignPolicySignedAuthorization creates a signed authorization that can be used by Policy.Execute for a TPM2_PolicySigned assertion or by using tpm2.TPMContext.PolicySigned directly. Note that only RSA-SSA, RSA-PSS, ECDSA and HMAC signatures can be created. The signer must be the owner of the corresponding authKey. The policyRef argument binds the authorization to a specific assertion in a policy.
The authorizing party chooses the values of the supplied parameters in order to limit the scope of the authorization.
If nonceTPM is supplied, the authorization will be bound to the session with the specified TPM nonce. If it is not supplied, the authorization is not bound to a specific session.
If cpHashA is supplied, the authorization will be bound to the corresponding command parameters. If it is not supplied, the authorization is not bound to any specific command parameters.
If expiration is not zero, then the absolute value of this specifies an expiration time in seconds, after which the authorization will expire. If nonceTPM is also provided, the expiration time is measured from the time that nonceTPM was generated. If nonceTPM is not provided, the expiration time is measured from the time that this authorization is used in the TPM2_PolicySigned assertion.
The expiration field can be used to request a ticket from the TPM by specifying a negative value. The ticket can be used to satisfy the corresponding TPM2_PolicySigned assertion in future sessions, and its validity period and scope are restricted by the expiration and cpHashA arguments. If the authorization is not bound to a specific session, the ticket will expire on the next TPM reset if this occurs before the calculated expiration time
This will panic if the requested digest algorithm is not available.
func (*PolicySignedAuthorization) Verify ¶
func (a *PolicySignedAuthorization) Verify() (ok bool, err error)
Verify verifies the signature of this signed authorization.
type PolicySignedParams ¶ added in v1.4.0
type PolicySignedParams struct { NonceTPM tpm2.Nonce // The TPM nonce of the session that an authorization should be bound to CpHash tpm2.Digest // The command parameters that an authorization should be bound to Expiration int32 // The expiration time of an authorization }
type PolicyTicket ¶
type PolicyTicket struct { AuthName tpm2.Name // The name of the auth object associated with the corresponding assertion PolicyRef tpm2.Nonce // The policy ref of the corresponding assertion CpHash tpm2.Digest // The cpHash supplied to the assertion that generated this ticket Timeout tpm2.Timeout // The timeout returned by the assertion that generated this ticket // Ticket is the actual ticket returned by the TPM for the assertion that generated this ticket. // The Tag field indicates whether this was generated by TPM2_PolicySigned or TPM2_PolicySecret. Ticket *tpm2.TkAuth }
PolicyTicket corresponds to a ticket generated from a TPM2_PolicySigned or TPM2_PolicySecret assertion and is returned by Policy.Execute. Generated tickets can be supplied to Policy.Execute in the future in order to satisfy these assertions as long as they haven't expired.
type ResourceAuthorizeError ¶
type ResourceAuthorizeError struct { Name tpm2.Name // contains filtered or unexported fields }
ResourceAuthorizeError is returned from Policy.Execute if an error is encountered when trying to authorize a resource required by a policy. This should be wrappped in either a *PolicyNVError or *PolicyAuthorizationError which indicates the assertion that the error occurred for. This may wrap another *PolicyError.
func (*ResourceAuthorizeError) Error ¶
func (e *ResourceAuthorizeError) Error() string
func (*ResourceAuthorizeError) Unwrap ¶
func (e *ResourceAuthorizeError) Unwrap() error
type ResourceContext ¶
type ResourceContext interface { Resource() tpm2.ResourceContext // The actual resource Policy() *Policy // The policy associated with this resource, if there is one Flush() // Flush the resource once it's no longer needed }
ResourceContext corresponds to a resource on the TPM.
type ResourceLoadError ¶
type ResourceLoadError struct { Name tpm2.Name // contains filtered or unexported fields }
ResourceLoadError is returned from Policy.Execute if the policy uses TPM2_PolicySecret and the associated resource could not be loaded. If loading the resource required authorization with a policy session and that failed, this will wrap another *PolicyError.
func (*ResourceLoadError) Error ¶
func (e *ResourceLoadError) Error() string
func (*ResourceLoadError) Unwrap ¶
func (e *ResourceLoadError) Unwrap() error
type SessionContext ¶ added in v1.4.0
type SessionContext interface { Session() tpm2.SessionContext Save() (restore func() error, err error) Flush() }
SessionContext corresponds to a session on the TPM
type SignedAuthorizer ¶
type SignedAuthorizer interface { // SignedAuthorization signs a TPM2_PolicySigned authorization for the specified key, policy ref // and session nonce. SignedAuthorization(sessionAlg tpm2.HashAlgorithmId, sessionNonce tpm2.Nonce, authKey tpm2.Name, policyRef tpm2.Nonce) (*PolicySignedAuthorization, error) }
SignedAuthorizer provides a way for an implementation to provide signed authorizations using NewTPMPolicyResources.
type TPMHelper ¶ added in v1.4.0
type TPMHelper interface { // StartAuthSession returns an authorization session with the specified type and // algorithm. It is required for any policy that includes TPM2_PolicySecret or // TPM2_PolicyNV assertions. StartAuthSession(sessionType tpm2.SessionType, alg tpm2.HashAlgorithmId) (SessionContext, PolicySession, error) // LoadExternal loads the supplied external object into the TPM. It is required by // any policy that includes TPM2_PolicySigned or TPM2_PolicyAuthorize assertions. LoadExternal(inPrivate *tpm2.Sensitive, inPublic *tpm2.Public, hierarchy tpm2.Handle) (ResourceContext, error) // ReadPublic returns the public area of the resource at the specified handle. It // is required by any policy that includes TPM2_PolicySecret assertions on persistent or // transient objects. ReadPublic(handle tpm2.HandleContext) (*tpm2.Public, error) // VerifySignature verifies the supplied signature with the supplied key object. It // is required by any policy that includes TPM2_PolicyAuthorize assertions. VerifySignature(key tpm2.ResourceContext, digest tpm2.Digest, signature *tpm2.Signature) (*tpm2.TkVerified, error) // PCRRead returns the PCR values for the specified selection. It is required to // automatically resolve branches where branches include TPM2_PolicyPCR assertions. PCRRead(pcrs tpm2.PCRSelectionList) (tpm2.PCRValues, error) // ReadClock returns the current time info. It is required to automatically resolve // branches where branches include TPM2_PolicyCounterTimer assertions. ReadClock() (*tpm2.TimeInfo, error) // NVRead returns the contents of the specified NV index. It is required to automatically // resolve branches where branches include TPM2_PolicyNV assertions. This will only // be called if the index has an authorization policy with a branch that includes // TPM2_PolicyCommandCode for TPM2_NV_Read and no other assertions. NVRead(auth, index tpm2.ResourceContext, size, offset uint16, authAuthSession tpm2.SessionContext) (tpm2.MaxNVBuffer, error) // NVReadPublic returns the public area of the NV index at the specified handle. It // is required by any policy that includes TPM2_PolicyNV assertions or TPM2_PolicySecret // assertions on NV indices. NVReadPublic(handle tpm2.HandleContext) (*tpm2.NVPublic, error) // GetPermanentHandleAuthPolicy returns the auth policy digest for the specified // permanent handle, if there is one. If there isn't one, it returns a null hash. GetPermanentHandleAuthPolicy(handle tpm2.Handle) (tpm2.TaggedHash, error) }
TPMHelper provides a way for Policy.Execute to communicate with a TPM.
func NewTPMHelper ¶ added in v1.4.0
func NewTPMHelper(tpm *tpm2.TPMContext, params *TPMHelperParams, sessions ...tpm2.SessionContext) TPMHelper
NewTPMHelper returns an implementation of TPMHelper that uses the supplied TPM context.
type TPMHelperParams ¶ added in v1.4.0
type TPMHelperParams struct { // NewPolicySessionFn allows the function used to create a new PolicySession // in StartAuthSession to be overridden. The default is NewTPMPolicySession. NewPolicySessionFn NewPolicySessionFn }
TPMHelperParams provides parameters to NewTPMHelper.
type TPMPolicyResourcesParams ¶ added in v1.4.0
type TPMPolicyResourcesParams struct { Authorizer Authorizer // Provide a way to authorize resources SignedAuthorizer SignedAuthorizer // Provide a way to obtain signed authorizations ExternalSensitiveResources ExternalSensitiveResources // Provide a way to obtain sensitive areas to load with TPM2_LoadExternal // NewTPMHelperFn allows the function used to create a TPMHelper in order to // execute policies to be overridden. The default is NewTPMHelper. NewTPMHelperFn NewTPMHelperFn // NewPolicySessionFn allows the function used to create a new PolicySession // in order to execute policies to be overridden. The default is NewTPMPolicySession. NewPolicySessionFn NewPolicySessionFn }
TPMPolicyResourcesParams provides parameters to NewTPMPolicyResources.
type TransientResource ¶
type TransientResource struct { ParentName tpm2.Name Public *tpm2.Public Private tpm2.Private Policy *Policy }
TransientResource contains details associated with a transient object.