policyutil

package
v1.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 30, 2024 License: LGPL-3.0 Imports: 15 Imported by: 1

Documentation

Overview

Package policyutil contains utilties for constructing and executing authorization policies.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrMissingDigest is returned from [Policy.Execute] when a TPM2_PolicyCpHash or
	// TPM2_PolicyNameHash assertion is missing a digest for the selected session algorithm.
	ErrMissingDigest = errors.New("missing digest for session algorithm")
)

Functions

func ComputeCpHash

func ComputeCpHash(alg tpm2.HashAlgorithmId, command tpm2.CommandCode, handles []Named, params ...interface{}) (tpm2.Digest, error)

ComputeCpHash computes a command parameter digest from the specified command code, the supplied handles, and parameters using the specified digest algorithm.

The required parameters is defined in part 3 of the TPM 2.0 Library Specification for the specific command.

The result of this is useful for extended authorization commands that bind an authorization to a command and set of command parameters, such as tpm2.TPMContext.PolicySigned, tpm2.TPMContext.PolicySecret, tpm2.TPMContext.PolicyTicket and tpm2.TPMContext.PolicyCpHash.

func ComputeNameHash

func ComputeNameHash(alg tpm2.HashAlgorithmId, handles ...Named) (tpm2.Digest, error)

ComputeNameHash computes a digest from the supplied handles using the specified digest algorithm.

The result of this is useful with tpm2.TPMContext.PolicyNameHash.

func ComputePCRDigest

func ComputePCRDigest(alg tpm2.HashAlgorithmId, pcrs tpm2.PCRSelectionList, values tpm2.PCRValues) (tpm2.Digest, error)

ComputePCRDigest computes a digest using the specified algorithm from the provided set of PCR values and the provided PCR selections. The digest is computed the same way as PCRComputeCurrentDigest as defined in the TPM reference implementation. It is most useful for computing an input to tpm2.TPMContext.PolicyPCR or [TrialAuthPolicy.PolicyPCR], and for validating quotes and creation data.

func ComputePCRDigestFromAllValues

func ComputePCRDigestFromAllValues(alg tpm2.HashAlgorithmId, values tpm2.PCRValues) (tpm2.PCRSelectionList, tpm2.Digest, error)

ComputePCRDigestFromAllValues computes a digest using the specified algorithm from all of the provided set of PCR values. The digest is computed the same way as PCRComputeCurrentDigest as defined in the TPM reference implementation. It returns the PCR selection associated with the computed digest.

func ComputePolicyAuthorizationTBSDigest

func ComputePolicyAuthorizationTBSDigest(alg crypto.Hash, message []byte, policyRef tpm2.Nonce) []byte

ComputePolicyAuthorizationTBSDigest computes the TBS digest for a policy authorization from the supplied message and policy reference. For a TPM2_PolicyAuthorize assertion, message is the approved policy digest.

This will panic if the specified digest algorithm is not available.

Types

type Authorizer

type Authorizer interface {
	// Authorize sets the authorization value of the specified resource context.
	Authorize(resource tpm2.ResourceContext) error
}

Authorizer provides a way for an implementation to provide authorizations using NewTPMPolicyResources.

type ExternalSensitiveResources added in v1.4.0

type ExternalSensitiveResources interface {
	ExternalSensitive(name tpm2.Name) (*tpm2.Sensitive, error)
}

type LoadPolicyParams

type LoadPolicyParams struct {
	Tickets              []*PolicyTicket         // See [PolicyExecuteParams.Tickets]
	IgnoreAuthorizations []PolicyAuthorizationID // See [PolicyExecuteParams.IgnoreAuthorizations]
	IgnoreNV             []Named                 // See [PolicyExecuteParams.IgnoreNV]
}

LoadPolicyParams contains parameters for policy sessions that are required to execute TPM2_Load commands via [PolicyResources.LoadedResource].

type NVAuthorizedPolicy added in v1.5.0

type NVAuthorizedPolicy struct {
	Name   tpm2.Name
	Policy *Policy
}

type Named

type Named interface {
	Name() tpm2.Name
}

Named is some resource that has a name.

type NamedHandle added in v1.5.0

type NamedHandle interface {
	Handle() tpm2.Handle
	Named
}

NamedHandle is some resource that has a name and a handle.

type NewPolicySessionFn added in v1.4.0

type NewPolicySessionFn func(*tpm2.TPMContext, tpm2.SessionContext, ...tpm2.SessionContext) PolicySession

type NewTPMHelperFn added in v1.4.0

type NewTPMHelperFn func(*tpm2.TPMContext, ...tpm2.SessionContext) TPMHelper

type PersistentResource

type PersistentResource struct {
	Name   tpm2.Name
	Handle tpm2.Handle

	Policy *Policy
}

PersistentResource contains details associated with a persistent object or NV index.

type Policy

type Policy struct {
	// contains filtered or unexported fields
}

Policy corresponds to an authorization policy. It can be serialized with github.com/canonical/go-tpm2/mu.

func (*Policy) AddDigest added in v1.4.0

func (p *Policy) AddDigest(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)

AddDigest computes and adds an additional digest to this policy for the specified algorithm. The policy should be persisted after calling this if it is going to be used for a resource wth the specified algorithm. On success, it returns the computed digest.

This will fail for policies that contain TPM2_PolicyCpHash or TPM2_PolicyNameHash assertions, These can only be computed for a single digest algorithm, because they are bound to a name.

func (*Policy) Authorize

func (p *Policy) Authorize(rand io.Reader, authKey *tpm2.Public, policyRef tpm2.Nonce, signer crypto.Signer, opts crypto.SignerOpts) (err error)

Authorize signs this policy with the supplied signer so that it can be used as an authorized policy for a TPM2_PolicyAuthorize assertion with the supplied authKey and policyRef. Calling this updates the policy, so it should be persisted afterwards. This signs every digest that the policy has been computed for.

TPM2_PolicyAuthorize expects the digest algorithm of the signature to match the name algorithm of the public key, so the name algorithm of authKey must match the algorithm supplied through the opts argument.

This expects the policy to contain a digest for the selected algorithm already.

func (*Policy) Branches

func (p *Policy) Branches(alg tpm2.HashAlgorithmId, authorizedPolicies PolicyAuthorizedPolicies) ([]string, error)

Branches returns the path of every branch in this policy.

If the authorizedPolicies argument is supplied, associated authorized policies will be merged into the result, otherwise missing authorized policies will be represented by a path component of the form "<authorize:key:%#x,ref:%#x>". The supplied algorithm is only really required for policies that make use of authorized policies, and is used to select the algorithm for encoding the path component for an authorized policy, which is the policy digest. Setting this to tpm2.HashAlgorithmNull selects the first digest algorithm that this policy is computed for.

func (*Policy) Details

func (p *Policy) Details(alg tpm2.HashAlgorithmId, path string, authorizedPolicies PolicyAuthorizedPolicies) (map[string]PolicyBranchDetails, error)

Details returns details of all branches with the supplied path prefix, for the specified algorithm. If the specified algorithm is tpm2.HashAlgorithmNull, then the first algorithm the policy is computed for is used.

If the authorizedPolicies argument is supplied, details of branches from associated authorized policies will be inserted into the result.

func (*Policy) Digest

func (p *Policy) Digest(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)

Digest returns the digest for this policy for the specified algorithm, if it has been computed. If it hasn't been computed, ErrMissingDigest is returned.

func (*Policy) Execute

func (p *Policy) Execute(session PolicySession, resources PolicyResources, tpm TPMHelper, params *PolicyExecuteParams) (result *PolicyExecuteResult, err error)

Execute runs this policy using the supplied policy session.

The caller may supply additional parameters via the PolicyExecuteParams struct, which is an optional argument.

Resources required by a policy are obtained from the supplied PolicyResources, which is optional but must be supplied for any policy that executes TPM2_PolicyNV, TPM2_PolicySecret, TPM2_PolicySigned or TPM2_PolicyAuthorize assertions.

Some assertions need to make use of other TPM functions. Access to these is provided via the TPMHelper argument. This is optional, but must be supplied for any policy that executes TPM2_PolicyNV, TPM2_PolicySecret, TPM2_PolicySigned, or TPM2_PolicyAuthorize assertions, or any policy that contains branches with TPM2_PolicyPCR or TPM2_PolicyCounterTimer assertions where branches aren't selected explicitly.

TPM2_PolicyNV assertions will create a session for authorizing the associated NV index. The auth type is determined automatically from the NV index attributes, but where both HMAC and policy auth is supported, policy auth is used.

TPM2_PolicySecret assertions will create a session for authorizing the associated resource. The auth type is determined automatically based on the public attributes for NV indices and ordinary objects, but where both HMAC and policy auth is supported, HMAC auth is used. If the resource is a permanent resource, then only HMAC auth is used.

The caller may explicitly select branches and authorized policies to execute via the Path argument of PolicyExecuteParams. Alternatively, if a path is not specified explicitly, or a component contains a wildcard match, an appropriate execution path is selected automatically where possible. This works by selecting the first suitable path, with a preference for paths that don't include TPM2_PolicySecret, TPM2_PolicySigned, TPM2_PolicyAuthValue, and TPM2_PolicyPassword assertions. It also has a preference for paths that don't include TPM2_PolicyNV assertions that require authorization to use or read, and for paths without TPM2_PolicyCommandCode, TPM2_PolicyCpHash, TPM2_PolicyNameHash and TPM2_PolicyDuplicatiionSelect assertions where no PolicySessionUsage is supplied. A path is omitted from the set of suitable paths if any of the following conditions are true:

  • It contains a command code, command parameter hash, or name hash that doesn't match the supplied PolicySessionUsage.
  • It contains a TPM2_PolicyAuthValue or TPM2_PolicyPassword assertion and this isn't permitted by the supplied PolicySessionUsage.
  • It uses TPM2_PolicyNvWritten with a value that doesn't match the public area of the NV index that the session will be used to authorize, provided via the supplied PolicySessionUsage.
  • It uses TPM2_PolicySigned, TPM2_PolicySecret or TPM2_PolicyAuthorize and the specific authorization is included in the IgnoreAuthorizations field of PolicyExecuteParams.
  • It uses TPM2_PolicyNV and the NV index is included in the IgnoreNV field of PolicyExecuteParams
  • It uses TPM2_PolicyNV with conditions that will fail against the current NV index contents, if the index has an authorization policy that permits the use of TPM2_NV_Read without any other conditions, else the condition isn't checked.
  • It uses TPM2_PolicyPCR with values that don't match the current PCR values.
  • It uses TPM2_PolicyCounterTimer with conditions that will fail.

Note that this automatic selection makes the following assumptions:

  • TPM2_PolicySecret assertions always succeed. Where they are known to not succeed because the authorization value isn't known or the resource can't be loaded, add the assertion details to the IgnoreAuthorizations field of PolicyExecuteParams.
  • TPM2_PolicySigned assertions always succeed. Where they are known to not succeed because an assertion can't be provided or it is invalid, add the assertion details to the IgnoreAuthorizations field of PolicyExecuteParams.
  • TPM2_PolicyAuthorize assertions always succeed if policies are returned from the implementation of [PolicyResourceLoader.LoadAuthorizedPolicies]. Where these are known to not succeed, add the assertion details to the IgnoreAuthorizations field of PolicyExecuteParams.
  • TPM2_PolicyNV assertions on NV indexes that require authorization to read will always succeed. Where these are known to not suceed, add the assertion details to the IgnoreNV field of PolicyExecuteParams.

On success, the supplied policy session may be used for authorization in a context that requires that this policy is satisfied. Information about the result of executing the session is also returned.

func (Policy) Marshal

func (p Policy) Marshal(w io.Writer) error

Marshal implements mu.CustomMarshaller.Marshal.

func (*Policy) String added in v1.5.0

func (p *Policy) String() string

func (*Policy) Stringer added in v1.5.0

func (p *Policy) Stringer(alg tpm2.HashAlgorithmId, authorizedPolicies PolicyAuthorizedPolicies) fmt.Stringer

Stringer returns a fmt.Stringer that will print a string representation of the policy for the specified digest algorithm. The policy must already include this algorithm. If the algorithm is tpm2.HashAlgorithmNull, then the first computed algorithm will be used. If authorizedPolicies is supplied, the string representation will include the relevant authorized policies as well.

func (*Policy) Unmarshal

func (p *Policy) Unmarshal(r io.Reader) error

Unmarshal implements mu.CustomMarshaller.Unarshal.

func (*Policy) Validate

func (p *Policy) Validate(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)

Validate performs some checking of every element in the policy, and verifies that every branch is consistent with their stored digests. On success, it returns the digest correpsonding to this policy for the specified digest algorithm.

type PolicyAuthorization

type PolicyAuthorization struct {
	AuthKey   *tpm2.Public    // The public key of the signer, associated with the corresponding assertion.
	PolicyRef tpm2.Nonce      // The policy ref of the corresponding assertion
	Signature *tpm2.Signature // The actual signature
}

PolicyAuthorization corresponds to a signed authorization.

func SignPolicyAuthorization

func SignPolicyAuthorization(rand io.Reader, message []byte, authKey *tpm2.Public, policyRef tpm2.Nonce, signer crypto.Signer, opts crypto.SignerOpts) (*PolicyAuthorization, error)

SignPolicyAuthorization signs a new policy authorization using the supplied signer and options. Note that only RSA-SSA, RSA-PSS, ECDSA and HMAC signatures can be created.

The authKey argument is the corresponding public key. Both the authKey and policyRef arguments bind the authorization to a specific assertion in a policy.

If the authorization is for use with TPM2_PolicyAuthorize then the supplied message is the approved policy digest. This can sign authorizations for TPM2_PolicySigned as well, but SignPolicySignedAuthorization is preferred for that because it constructs the message appropriately.

func (*PolicyAuthorization) Verify

func (a *PolicyAuthorization) Verify(message []byte) (ok bool, err error)

Verify verifies the signature of this authorization. If the authorization is for use with TPM2_PolicyAuthorize then the supplied message is the approved policy digest. This can verify authorizations for TPM2_PolicySigned as well, but PolicySignedAuthorization.Verify is preferred for that because it constructs the message appropriately.

type PolicyAuthorizationDetails

type PolicyAuthorizationDetails struct {
	AuthName  tpm2.Name
	PolicyRef tpm2.Nonce
}

PolicyAuthorizationDetails contains the properties of a TPM2_PolicySecret, TPM2_PolicySigned or TPM2_PolicyAuthorize assertion.

type PolicyAuthorizationError

type PolicyAuthorizationError struct {
	AuthName  tpm2.Name
	PolicyRef tpm2.Nonce
	// contains filtered or unexported fields
}

PolicyAuthorizationError is returned from Policy.Execute if:

  • the policy uses TPM2_PolicySecret and the associated resource could not be authorized. When this occurs because there was an error loading the associated resource, this will wrap a *ResourceLoadError. If there was an error authorizing use of the resource with a policy session, this will wrap a *ResourceAuthorizeError.
  • the policy uses TPM2_PolicySigned and no or an invalid signed authorization was supplied.
  • the policy uses TPM2_PolicyAuthorize and no or an invalid authorized policy was supplied.

func (*PolicyAuthorizationError) Error

func (e *PolicyAuthorizationError) Error() string

func (*PolicyAuthorizationError) Unwrap

func (e *PolicyAuthorizationError) Unwrap() error

type PolicyAuthorizationID

type PolicyAuthorizationID = PolicyAuthorizationDetails

PolicyAuthorizationID contains an identifier for a TPM2_PolicySecret, TPM2_PolicySigned or TPM2_PolicyAuthorize assertion.

type PolicyAuthorizedPolicies added in v1.5.0

type PolicyAuthorizedPolicies interface {
	// AuthorizedPolicies returns a set of policies that are signed by the key with
	// the specified name, appropriate for a TPM2_PolicyAuthorize assertion with the
	// specified reference.
	AuthorizedPolicies(keySign tpm2.Name, policyRef tpm2.Nonce) ([]*Policy, error)
}

PolicyAuthorizedPolicies provides a way for Policy.Branches, Policy.Details and Policy.Stringer to access authorized policies that are required by a policy.

func NewPolicyAuthorizedPolicies added in v1.5.0

func NewPolicyAuthorizedPolicies(policies []*Policy, nvPolicies []NVAuthorizedPolicy) PolicyAuthorizedPolicies

type PolicyAuthorizedPoliciesData added in v1.5.0

type PolicyAuthorizedPoliciesData struct {
	AuthorizedPolicies []*Policy
}

type PolicyBranchDetails

type PolicyBranchDetails struct {
	NV              []PolicyNVDetails            // TPM2_PolicyNV assertions
	Secret          []PolicyAuthorizationDetails // TPM2_PolicySecret assertions
	Signed          []PolicyAuthorizationDetails // TPM2_PolicySigned assertions
	Authorize       []PolicyAuthorizationDetails // TPM2_PolicyAuthorize assertions
	AuthValueNeeded bool                         // The branch contains a TPM2_PolicyAuthValue or TPM2_PolicyPassword assertion

	CounterTimer []PolicyCounterTimerDetails // TPM2_PolicyCounterTimer assertions

	PCR []PolicyPCRDetails // TPM2_PolicyPCR assertions
	// contains filtered or unexported fields
}

PolicyBranchDetails contains the properties of a single policy branch.

func (*PolicyBranchDetails) CommandCode

func (r *PolicyBranchDetails) CommandCode() (code tpm2.CommandCode, set bool)

The command code associated with a branch if set, either set by the TPM2_PolicyCommandCode or TPM2_PolicyDuplicationSelect assertion.

func (*PolicyBranchDetails) CpHash

func (r *PolicyBranchDetails) CpHash() (cpHashA tpm2.Digest, set bool)

The cpHash associated with a branch if set, either set by the TPM2_PolicyCpHash, TPM2_PolicySecret, or TPM2_PolicySigned assertions.

func (*PolicyBranchDetails) IsValid

func (r *PolicyBranchDetails) IsValid() bool

IsValid indicates whether the corresponding policy branch is valid.

func (*PolicyBranchDetails) NameHash

func (r *PolicyBranchDetails) NameHash() (nameHash tpm2.Digest, set bool)

The nameHash associated with a branch if set, either set by the TPM2_PolicyNameHash or TPM2_PolicyDuplicationSelect assertion.

func (*PolicyBranchDetails) NvWritten

func (r *PolicyBranchDetails) NvWritten() (nvWrittenSet bool, set bool)

The nvWrittenSet value associated with a branch if set.

type PolicyBuilder

type PolicyBuilder struct {
	// contains filtered or unexported fields
}

PolicyBuilder provides a way to compute an authorization policy. A policy consists of a sequence of assertions, and may contain sub-branches in order to create a policy that can satisfy multiple conditions. A policy can be arbitrarily complex.

All policies have a root branch and execution with Policy.Execute starts with this branch. Whenever a branch node is encountered, a sub-branch is chosen. Execution then continues with the chosen sub-branch until all assertions in it have been executed. Execution then resumes in the parent branch, with the assertion immediately following the branch node.

The PolicyBuilder API only allows a policy to be appended to.

The PolicyBuilder instance will be marked as failed whenever an error occurs. This means that it isn't necessary to check errors for every call. In the event of an earlier error, calls to PolicyBuilder.Policy and PolicyBuilder.Digest will return an error.

XXX: Note that the PolicyBuilder API may change.

func NewPolicyBuilder

func NewPolicyBuilder(alg tpm2.HashAlgorithmId) *PolicyBuilder

NewPolicyBuilder returns a new PolicyBuilder. It will panic if the supplied algorithm is not available.

func NewPolicyBuilderOR added in v1.4.0

func NewPolicyBuilderOR(alg tpm2.HashAlgorithmId, policies ...*Policy) *PolicyBuilder

NewPolicyBuilderOR returns a new PolicyBuilder initialized with a TPM2_PolicyOR assertion of the supplied policies. This is to make it possible to use this API to compute digests of policies with branches without having to use the Policy API to execute them, or to build policies with branches with low-level control of branch execution by manually executing a sequence of Policy structures corresponding to each branch. Applications that use Policy for execution should normally just make use of PolicyBuilderBranch.AddBranchNode and PolicyBuilderBranchNode.AddBranch for constructing policies with branches though.

func (*PolicyBuilder) Digest added in v1.5.0

func (b *PolicyBuilder) Digest() (tpm2.Digest, error)

Digest returns the current digest. This will commit the current PolicyBuilderBranchNode to the root PolicyBuilderBranch if it hasn't been done already.

This will return an error if any call when building the policy failed.

func (*PolicyBuilder) Policy

func (b *PolicyBuilder) Policy() (tpm2.Digest, *Policy, error)

Policy returns the current policy and digest. This will commit the current PolicyBuilderBranchNode to the root PolicyBuilderBranch if it hasn't been done already.

This will return an error if any call when building the policy failed.

func (*PolicyBuilder) RootBranch

func (b *PolicyBuilder) RootBranch() *PolicyBuilderBranch

RootBranch returns the root branch associated with the policy that is being built.

type PolicyBuilderBranch

type PolicyBuilderBranch struct {
	// contains filtered or unexported fields
}

PolicyBuilderBranch corresponds to a branch in a policy that is being computed.

func (*PolicyBuilderBranch) AddBranchNode

func (b *PolicyBuilderBranch) AddBranchNode() *PolicyBuilderBranchNode

AddBranchNode adds a branch node to this branch from which sub-branches can be added. This makes it possible to create policies that can be satisified with different sets of conditions. One of the sub-branches will be selected during execution, and will be executed before the remaining assertions in this branch.

The branches added to the returned branch node will be committed to this branch and the branch node will be locked from further modifications by subsequent additions to this branch, or any ancestor branches, or by calling PolicyBuilder.Policy or PolicyBuilder.Digest. This ensures that branches can only append to a policy with the PolicyBuilder API.

func (*PolicyBuilderBranch) PolicyAuthValue

func (b *PolicyBuilderBranch) PolicyAuthValue() (tpm2.Digest, error)

PolicyAuthValue adds a TPM2_PolicyAuthValue assertion to this branch so that the policy requires knowledge of the authorization value of the resource on which the policy session is used.

func (*PolicyBuilderBranch) PolicyAuthorize

func (b *PolicyBuilderBranch) PolicyAuthorize(policyRef tpm2.Nonce, keySign *tpm2.Public) (tpm2.Digest, error)

PolicyAuthorize adds a TPM2_PolicyAuthorize assertion to this branch so that the policy can be changed by allowing the authorizing entity to sign new policies.

When Policy.Execute runs this assertion, it will select an execute an appropriate authorized policy.

Note that authorizations signed by the owner of the key must use a digest algorithm that matches the name algorithm of the key. This is a TPM limitation. Policies can only be authorized by asymmetric signatures.

This assertion must come before any other assertions in a policy. Whilst this is not a limitation of how this works on the TPM, the Policy.Authorize and Policy.Execute APIs currently do not support authorized policies with a non-empty starting digest.

func (*PolicyBuilderBranch) PolicyCommandCode

func (b *PolicyBuilderBranch) PolicyCommandCode(code tpm2.CommandCode) (tpm2.Digest, error)

PolicyCommandCode adds a TPM2_PolicyCommandCode assertion to this branch to bind the policy to the specified command.

func (*PolicyBuilderBranch) PolicyCounterTimer

func (b *PolicyBuilderBranch) PolicyCounterTimer(operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp) (tpm2.Digest, error)

PolicyCounterTimer adds a TPM2_PolicyCounterTimer assertion to this branch to bind the policy to the contents of the tpm2.TimeInfo structure.

func (*PolicyBuilderBranch) PolicyCpHash

func (b *PolicyBuilderBranch) PolicyCpHash(code tpm2.CommandCode, handles []Named, params ...interface{}) (tpm2.Digest, error)

PolicyCpHash adds a TPM2_PolicyCpHash assertion to this branch in order to bind the policy to the supplied command parameters.

As this binds the authorization to an object and and a policy has to have the same algorithm as this, policies with this assertion can only be computed for a single digest algorithm.

func (*PolicyBuilderBranch) PolicyDuplicationSelect

func (b *PolicyBuilderBranch) PolicyDuplicationSelect(object, newParent Named, includeObject bool) (tpm2.Digest, error)

PolicyDuplicationSelect adds a TPM2_PolicyDuplicationSelect assertion to this branch in order to permit duplication of object to newParent with the tpm2.TPMContext.Duplicate function. If includeObject is true, then the assertion is bound to both object and newParent. If includeObject is false then the assertion is only bound to newParent. In this case, supplying object is optional. Note that when the TPM2_PolicyDuplicationSelect assertions is executed, the object name must be supplied because the assertion sets the name hash of the session. If object is supplied here, then it will be included in the policy and used when the assertion is executed. If it isn't supplied here, then it will be obtained from the PolicySessionUsage supplied to Policy.Execute.

func (*PolicyBuilderBranch) PolicyNV

func (b *PolicyBuilderBranch) PolicyNV(nvIndex *tpm2.NVPublic, operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp) (tpm2.Digest, error)

PolicyNV adds a TPM2_PolicyNV assertion to this branch in order to bind the policy to the contents of the specified index. The caller specifies a value to be used for the comparison via the operandB argument, an offset from the start of the NV index data from which to start the comparison via the offset argument, and a comparison operator via the operation argument.

When using this assertion, it is generally good practise for the NV index to have an authorization policy that permits the use of TPM2_PolicyNV and TPM2_NV_Read without any conditions (ie, a policy with branches for those commands without any additional assertions). Where this assertion appears in a policy with multiple branches or a policy that is authorized, the contents of the NV index will be tested in the process of automatic branch selection if the index has a policy that permits the use of TPM2_NV_Read without any other conditions.

func (*PolicyBuilderBranch) PolicyNameHash

func (b *PolicyBuilderBranch) PolicyNameHash(handles ...Named) (tpm2.Digest, error)

PolicyNameHash adds a TPM2_PolicyNameHash assertion to this branch in order to bind the policy to the supplied command handles.

As this binds the authorization to an object and and a policy has to have the same algorithm as this, policies with this assertion can only be computed for a single digest algorithm.

func (*PolicyBuilderBranch) PolicyNvWritten

func (b *PolicyBuilderBranch) PolicyNvWritten(writtenSet bool) (tpm2.Digest, error)

PolicyNvWritten adds a TPM2_PolicyNvWritten assertion to this branch in order to bind the policy to the status of the tpm2.AttrNVWritten attribute for the NV index on which the session is used.

func (*PolicyBuilderBranch) PolicyOR added in v1.6.0

func (b *PolicyBuilderBranch) PolicyOR(pHashList ...tpm2.Digest) (tpm2.Digest, error)

PolicyOR adds a TPM2_PolicyOR assertion to this branch for low-level control of policies that can be satisfied with different sets of conditions. This is to make it possible to use this API to compute digests of policies with branches without having to use the Policy API to execute them, or to build policies with branches with low-level control of branch execution by manually executing a sequence of Policy structures corresponding to each branch. Applications that use Policy for execution should normally just make use of PolicyBuilderBranch.AddBranchNode and PolicyBuilderBranchNode.AddBranch for constructing policies with branches though.

func (*PolicyBuilderBranch) PolicyPCR

func (b *PolicyBuilderBranch) PolicyPCR(values tpm2.PCRValues) (tpm2.Digest, error)

PolicyPCR adds a TPM2_PolicyPCR assertion to this branch in order to bind the policy to the supplied PCR values.

func (*PolicyBuilderBranch) PolicyPassword

func (b *PolicyBuilderBranch) PolicyPassword() (tpm2.Digest, error)

PolicyPassword adds a TPM2_PolicyPassword assertion to this branch so that the policy requires knowledge of the authorization value of the resource on which the policy session is used.

func (*PolicyBuilderBranch) PolicySecret

func (b *PolicyBuilderBranch) PolicySecret(authObject Named, policyRef tpm2.Nonce) (tpm2.Digest, error)

PolicySecret adds a TPM2_PolicySecret assertion to this branch so that the policy requires knowledge of the authorization value of the object associated with authObject.

func (*PolicyBuilderBranch) PolicySigned

func (b *PolicyBuilderBranch) PolicySigned(authKey *tpm2.Public, policyRef tpm2.Nonce) (tpm2.Digest, error)

PolicySigned adds a TPM2_PolicySigned assertion to this branch so that the policy requires an assertion signed by the owner of the supplied key. This supports HMAC assertions, but the PolicyResources implementation supplied to Policy.Execute must implement the ExternalSensitive method in order to obtain the sensitive part of the key, which is not stored inside the policy.

type PolicyBuilderBranchNode

type PolicyBuilderBranchNode struct {
	// contains filtered or unexported fields
}

PolicyBuilderBranchNode is a point in a PolicyBuilderBranch to which sub-branches can be added.

func (*PolicyBuilderBranchNode) AddBranch

AddBranch adds a new branch to this branch node. The branch can be created with an optional name which can be used to select it during execution.

The returned branch will be locked from further modifications when the branches associated with this node are committed to the parent branch (see PolicyBuilderBranch.AddBranchNode).

type PolicyCounterTimerDetails

type PolicyCounterTimerDetails struct {
	OperandB  tpm2.Operand
	Offset    uint16
	Operation tpm2.ArithmeticOp
}

PolicyCounterTimerDetails contains the properties of a TPM2_PolicyCounterTimer assertion.

type PolicyError

type PolicyError struct {
	Path string // the path of the branch at which the error occurred
	// contains filtered or unexported fields
}

PolicyError is returned from Policy.Execute and other methods when an error is encountered during some processing of a policy. It provides an indication of where an error occurred.

func (*PolicyError) Error

func (e *PolicyError) Error() string

func (*PolicyError) Unwrap

func (e *PolicyError) Unwrap() error

type PolicyExecuteParams

type PolicyExecuteParams struct {
	// Tickets supplies tickets for TPM2_PolicySecret and TPM2_PolicySigned assertions.
	// These are also passed to sub-policies.
	Tickets []*PolicyTicket

	// Usage describes how the executed policy will be used, and assists with
	// automatically selecting branches where a policy has command context-specific
	// branches.
	Usage *PolicySessionUsage

	// Path provides a way to explicitly select branches or authorized policies to
	// execute. A path consists of zero or more components separated by a '/'
	// character, with each component identifying a branch to select when a branch
	// node is encountered (or a policy to select when an authorized policy is
	// required) during execution. When a branch node or authorized policy is
	// encountered, the selected sub-branch or policy is executed before resuming
	// execution in the original branch.
	//
	// When selecting a branch, a component can either identify a branch by its
	// name (if it has one), or it can be a numeric identifier of the form "{n}"
	// which selects the branch at index n.
	//
	// When selecting an authorized policy, a component identifies the policy by
	// specifying the digest of the policy for the current session algorithm.
	//
	// If a component is "**", then Policy.Execute will attempt to automatically
	// select an execution path for the entire sub-tree associated with the current
	// branch node or authorized policy. This includes choosing additional
	// branches and authorized policies encountered during the execution of the
	// selected sub-tree. Remaining path components will be consumed when resuming
	// execution in the original branch
	//
	// If a component is "*", then Policy.Execute will attempt to automatically
	// select an immediate sub-branch or authorized policy, but additional branches
	// and authorized policies encountered during the execution of the selected
	// sub-tree will consume additional path components.
	//
	// If the path has insufficent components for the branch nodes or authorized policies
	// encountered in a policy, Policy.Execute will attempt to select an appropriate
	// execution path for the remainder of the policy automatically.
	Path string

	// IgnoreAuthorizations can be used to indicate that branches containing TPM2_PolicySigned,
	// TPM2_PolicySecret or TPM2_PolicyAuthorize assertions matching the specified ID should
	// be ignored. This can be used where these assertions have failed on previous runs.
	// This propagates to sub-policies.
	IgnoreAuthorizations []PolicyAuthorizationID

	// IgnoreNV can be used to indicate that branches containing TPM2_PolicyNV assertions
	// with an NV index matching the specified name should be ignored. This can be used where
	// these assertions have failed due to an authorization issue on previous runs. This
	// propagates to sub-policies.
	IgnoreNV []Named
}

PolicyExecuteParams contains parameters that are useful for executing a policy.

type PolicyExecuteResult

type PolicyExecuteResult struct {
	// NewTickets contains tickets that were created as a result of executing this policy.
	NewTickets []*PolicyTicket

	// InvalidTickets contains those tickets originally supplied to [Policy.Execute] that
	// were used but found to be invalid. These tickets shouldn't be supplied to
	// [Policy.Execute] again.
	InvalidTickets []*PolicyTicket

	// AuthValueNeeded indicates that the policy executed the TPM2_PolicyAuthValue or
	// TPM2_PolicyPassword assertion.
	AuthValueNeeded bool

	// Path indicates the executed path.
	Path string
	// contains filtered or unexported fields
}

PolicyExecuteResult is returned from Policy.Execute.

func (*PolicyExecuteResult) CommandCode added in v1.4.0

func (r *PolicyExecuteResult) CommandCode() (code tpm2.CommandCode, set bool)

CommandCode returns the command code if a TPM2_PolicyCommandCode or TPM2_PolicyDuplicationSelect assertion was executed.

func (*PolicyExecuteResult) CpHash added in v1.4.0

func (r *PolicyExecuteResult) CpHash() (cpHashA tpm2.Digest, set bool)

CpHash returns the command parameter hash if a TPM2_PolicyCpHash assertion was executed or a TPM2_PolicySecret or TPM2_PolicySigned assertion was executed with a cpHash.

func (*PolicyExecuteResult) NameHash added in v1.4.0

func (r *PolicyExecuteResult) NameHash() (nameHash tpm2.Digest, set bool)

NameHash returns the name hash if a TPM2_PolicyNameHash or TPM2_PolicyDuplicationSelect assertion was executed.

func (*PolicyExecuteResult) NvWritten added in v1.4.0

func (r *PolicyExecuteResult) NvWritten() (nvWrittenSet bool, set bool)

NvWritten returns the nvWrittenSet value if a TPM2_PolicyNvWritten assertion was executed.

type PolicyNVDetails

type PolicyNVDetails struct {
	Auth      tpm2.Handle
	Index     tpm2.Handle
	Name      tpm2.Name
	OperandB  tpm2.Operand
	Offset    uint16
	Operation tpm2.ArithmeticOp
}

PolicyNVDetails contains the properties of a TPM2_PolicyNV assertion.

type PolicyNVError

type PolicyNVError struct {
	Index tpm2.Handle // The NV index handle
	Name  tpm2.Name   // The NV index name
	// contains filtered or unexported fields
}

PolicyNVError is returned from Policy.Execute and other methods when an error is encountered when executing a TPM2_PolicyNV assertion. If there was an error authorizing use of the NV index with a policy session, this will wrap a *ResourceAuthorizeError.

func (*PolicyNVError) Error

func (e *PolicyNVError) Error() string

func (*PolicyNVError) Unwrap

func (e *PolicyNVError) Unwrap() error

type PolicyPCRDetails

type PolicyPCRDetails struct {
	PCRDigest tpm2.Digest
	PCRs      tpm2.PCRSelectionList
}

PolicyPCRDetails contains the properties of a TPM2_PolicyPCR assertion.

type PolicyResources

type PolicyResources interface {
	// LoadedResource loads the resource with the specified name if required, and returns
	// a context. The Flush method of the returned context will be called once the resource
	// is no longer needed.
	//
	// This should return an error if no resource can be returned.
	LoadedResource(name tpm2.Name, policyParams *LoadPolicyParams) (resource ResourceContext, newTickets []*PolicyTicket, invalidTickets []*PolicyTicket, err error)

	// Policy returns a policy for the resource with the specified name if there
	// is one. As a policy is optional, returning a nil policy isn't an error.
	Policy(name tpm2.Name) (*Policy, error)

	// AuthorizedPolicies returns a set of policies that are signed by the key with
	// the specified name, appropriate for a TPM2_PolicyAuthorize assertion with the
	// specified reference.
	AuthorizedPolicies(keySign tpm2.Name, policyRef tpm2.Nonce) ([]*Policy, error)

	// Authorize sets the authorization value of the specified resource context.
	Authorize(resource tpm2.ResourceContext) error

	// SignedAuthorization signs a TPM2_PolicySigned authorization for the specified key, policy ref
	// and session nonce. The supplied algorithm is the session algorithm, which should be
	// used to construct a cpHash if desired.
	SignedAuthorization(sessionAlg tpm2.HashAlgorithmId, sessionNonce tpm2.Nonce, authKey tpm2.Name, policyRef tpm2.Nonce) (*PolicySignedAuthorization, error)

	// ContextSave saves the context of the transient resource associated with the supplied
	// handle. This will return nil if it fails.
	ContextSave(resource tpm2.ResourceContext) *tpm2.Context

	// ContextLoad loads the supplied context and returns a transient handle. This will return
	// nil if the context can't be loaded or isn't a transient resource.
	ContextLoad(context *tpm2.Context, policy *Policy) ResourceContext

	// ExternalSensitive returns the sensitive area associated with the supplied name, to be
	// loaded with TPM2_LoadExternal.
	ExternalSensitive(name tpm2.Name) (*tpm2.Sensitive, error)
}

PolicyResources provides a way for Policy.Execute to access resources that are required by a policy.

func NewTPMPolicyResources

func NewTPMPolicyResources(tpm *tpm2.TPMContext, data *PolicyResourcesData, params *TPMPolicyResourcesParams, sessions ...tpm2.SessionContext) PolicyResources

NewTPMPolicyResources returns a PolicyResources implementation that uses the supplied data and communicates with the supplied TPM.

The supplied data provides information about persistent resources, NV indexes, loadable objects and authorized policies that might be used when executing a policy. The supplied information can associate resources with policies so that these can be executed automatically when executing a policy that makes use of these resources.

Information about persistent resources and NV indexes doesn't need to be supplied explicitly if there is no need to associate a policy with them. The returned TPMHelper implementation will query TPM handles whenever a policy requires a persistent resource or NV index for which there is no information.

The returned TPMHelper implementation doesn't support associating policies with permanent resources - policies that use permanent resources will only use HMAC authorization.

When loading transient objects to use for a policy, the returned TPMHelper implementation will automatically load any prerequisite parent objects first, as long as the details of these are supplied.

Authorization values for resources, or signed authorizations or external sensitive areas for TPM2_PolicySigned assertions are requested using interfaces supplied via the optional parameters.

type PolicyResourcesData

type PolicyResourcesData struct {
	// Persistent contains the details associated with persistent objects and
	// NV indexes.
	Persistent []PersistentResource

	// Transient contains the details associated with loadable transient objects.
	Transient []TransientResource

	// AuthorizedPolicies contain authorized sub-policies
	AuthorizedPolicies []*Policy

	NVAuthorizedPolicies []NVAuthorizedPolicy // currently unused
}

PolicyResourcesData contains the resources that are required by NewTPMPolicyResources.

type PolicySession added in v1.4.0

type PolicySession interface {
	Context() SessionContext

	Name() tpm2.Name
	HashAlg() tpm2.HashAlgorithmId

	PolicySigned(authKey tpm2.ResourceContext, includeNonceTPM bool, cpHashA tpm2.Digest, policyRef tpm2.Nonce, expiration int32, auth *tpm2.Signature) (tpm2.Timeout, *tpm2.TkAuth, error)
	PolicySecret(authObject tpm2.ResourceContext, cpHashA tpm2.Digest, policyRef tpm2.Nonce, expiration int32, authObjectAuthSession tpm2.SessionContext) (tpm2.Timeout, *tpm2.TkAuth, error)
	PolicyTicket(timeout tpm2.Timeout, cpHashA tpm2.Digest, policyRef tpm2.Nonce, authName tpm2.Name, ticket *tpm2.TkAuth) error
	PolicyOR(pHashList tpm2.DigestList) error
	PolicyPCR(pcrDigest tpm2.Digest, pcrs tpm2.PCRSelectionList) error
	PolicyNV(auth, index tpm2.ResourceContext, operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp, authAuthSession tpm2.SessionContext) error
	PolicyCounterTimer(operandB tpm2.Operand, offset uint16, operation tpm2.ArithmeticOp) error
	PolicyCommandCode(code tpm2.CommandCode) error
	PolicyCpHash(cpHashA tpm2.Digest) error
	PolicyNameHash(nameHash tpm2.Digest) error
	PolicyDuplicationSelect(objectName, newParentName tpm2.Name, includeObject bool) error
	PolicyAuthorize(approvedPolicy tpm2.Digest, policyRef tpm2.Nonce, keySign tpm2.Name, verified *tpm2.TkVerified) error
	PolicyAuthValue() error
	PolicyPassword() error
	PolicyGetDigest() (tpm2.Digest, error)
	PolicyNvWritten(writtenSet bool) error
}

PolicySession corresponds to a policy session

func NewTPMPolicySession added in v1.4.0

func NewTPMPolicySession(tpm *tpm2.TPMContext, policySession tpm2.SessionContext, sessions ...tpm2.SessionContext) PolicySession

type PolicySessionUsage

type PolicySessionUsage struct {
	// contains filtered or unexported fields
}

PolicySessionUsage describes how a policy session will be used, and assists with automatically selecting branches where a policy has command context-specific branches.

func NewPolicySessionUsage

func NewPolicySessionUsage(command tpm2.CommandCode, handles []NamedHandle, params ...interface{}) *PolicySessionUsage

NewPolicySessionUsage creates a new PolicySessionUsage. The returned usage will assume that the session is being used for authorization of the first handle, which is true in the vast majority of cases. If the session is being used for authorization of another handle, use [WithAuthIndex].

func (PolicySessionUsage) AllowAuthValue added in v1.5.0

func (u PolicySessionUsage) AllowAuthValue() bool

AllowAuthValue indicates whether this usage permits use of the auth value for the resource being authorized.

func (PolicySessionUsage) AuthHandle added in v1.5.0

func (u PolicySessionUsage) AuthHandle() NamedHandle

AuthHandle returns the handle for the resource being authorized.

func (PolicySessionUsage) CommandCode added in v1.5.0

func (u PolicySessionUsage) CommandCode() tpm2.CommandCode

CommandCode returns the command code for this usage.

func (PolicySessionUsage) CpHash added in v1.5.0

func (u PolicySessionUsage) CpHash(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)

CpHash returns the command parameter hash for this usage for the specified session algorithm.

func (PolicySessionUsage) NameHash added in v1.5.0

func (u PolicySessionUsage) NameHash(alg tpm2.HashAlgorithmId) (tpm2.Digest, error)

NameHash returns the name hash for this usage for the specified session algorithm.

func (*PolicySessionUsage) WithAuthIndex added in v1.5.0

func (u *PolicySessionUsage) WithAuthIndex(index uint8) *PolicySessionUsage

WithAuthIndex indicates that the policy session is being used for authorization of the handle at the specified index (zero indexed). This is zero for most commands, where most commands only have a single handle that requires authorization. There are a few commands that require authorization for 2 handles: TPM2_ActivateCredential, TPM2_EventSequenceComplete, TPM2_Certify, TPM2_GetSessionAuditDigest, TPM2_GetCommandAuditDigest, TPM2_GetTime, TPM2_CertifyX509, TPM2_NV_UndefineSpaceSpecial, TPM2_NV_Certify, and TPM2_AC_Send.

func (*PolicySessionUsage) WithoutAuthValue added in v1.5.0

func (u *PolicySessionUsage) WithoutAuthValue() *PolicySessionUsage

WithoutAuthValue indicates that the policy session is being used to authorize a resource that the authorization value cannot be determined for.

type PolicySignedAuthorization

type PolicySignedAuthorization struct {
	NonceTPM   tpm2.Nonce  // The TPM nonce of the session that this authorization is bound to
	CpHash     tpm2.Digest // The command parameters that this authorization is bound to
	Expiration int32       // The expiration time of this authorization
	PolicyAuthorization
}

PolicySignedAuthorization represents a signed authorization for a TPM2_PolicySigned assertion.

func SignPolicySignedAuthorization

func SignPolicySignedAuthorization(rand io.Reader, params *PolicySignedParams, authKey *tpm2.Public, policyRef tpm2.Nonce, signer crypto.Signer, opts crypto.SignerOpts) (*PolicySignedAuthorization, error)

SignPolicySignedAuthorization creates a signed authorization that can be used by Policy.Execute for a TPM2_PolicySigned assertion or by using tpm2.TPMContext.PolicySigned directly. Note that only RSA-SSA, RSA-PSS, ECDSA and HMAC signatures can be created. The signer must be the owner of the corresponding authKey. The policyRef argument binds the authorization to a specific assertion in a policy.

The authorizing party chooses the values of the supplied parameters in order to limit the scope of the authorization.

If nonceTPM is supplied, the authorization will be bound to the session with the specified TPM nonce. If it is not supplied, the authorization is not bound to a specific session.

If cpHashA is supplied, the authorization will be bound to the corresponding command parameters. If it is not supplied, the authorization is not bound to any specific command parameters.

If expiration is not zero, then the absolute value of this specifies an expiration time in seconds, after which the authorization will expire. If nonceTPM is also provided, the expiration time is measured from the time that nonceTPM was generated. If nonceTPM is not provided, the expiration time is measured from the time that this authorization is used in the TPM2_PolicySigned assertion.

The expiration field can be used to request a ticket from the TPM by specifying a negative value. The ticket can be used to satisfy the corresponding TPM2_PolicySigned assertion in future sessions, and its validity period and scope are restricted by the expiration and cpHashA arguments. If the authorization is not bound to a specific session, the ticket will expire on the next TPM reset if this occurs before the calculated expiration time

func (*PolicySignedAuthorization) Verify

func (a *PolicySignedAuthorization) Verify() (ok bool, err error)

Verify verifies the signature of this signed authorization.

type PolicySignedParams added in v1.4.0

type PolicySignedParams struct {
	NonceTPM   tpm2.Nonce  // The TPM nonce of the session that an authorization should be bound to
	CpHash     tpm2.Digest // The command parameters that an authorization should be bound to
	Expiration int32       // The expiration time of an authorization
}

type PolicyTicket

type PolicyTicket struct {
	AuthName  tpm2.Name    // The name of the auth object associated with the corresponding assertion
	PolicyRef tpm2.Nonce   // The policy ref of the corresponding assertion
	CpHash    tpm2.Digest  // The cpHash supplied to the assertion that generated this ticket
	Timeout   tpm2.Timeout // The timeout returned by the assertion that generated this ticket

	// Ticket is the actual ticket returned by the TPM for the assertion that generated this ticket.
	// The Tag field indicates whether this was generated by TPM2_PolicySigned or TPM2_PolicySecret.
	Ticket *tpm2.TkAuth
}

PolicyTicket corresponds to a ticket generated from a TPM2_PolicySigned or TPM2_PolicySecret assertion and is returned by Policy.Execute. Generated tickets can be supplied to Policy.Execute in the future in order to satisfy these assertions as long as they haven't expired.

type ResourceAuthorizeError

type ResourceAuthorizeError struct {
	Name tpm2.Name
	// contains filtered or unexported fields
}

ResourceAuthorizeError is returned from Policy.Execute if an error is encountered when trying to authorize a resource required by a policy. This should be wrappped in either a *PolicyNVError or *PolicyAuthorizationError which indicates the assertion that the error occurred for. This may wrap another *PolicyError.

func (*ResourceAuthorizeError) Error

func (e *ResourceAuthorizeError) Error() string

func (*ResourceAuthorizeError) Unwrap

func (e *ResourceAuthorizeError) Unwrap() error

type ResourceContext

type ResourceContext interface {
	Resource() tpm2.ResourceContext // The actual resource
	Policy() *Policy                // The policy associated with this resource, if there is one
	Flush()                         // Flush the resource once it's no longer needed
}

ResourceContext corresponds to a resource on the TPM.

type ResourceLoadError

type ResourceLoadError struct {
	Name tpm2.Name
	// contains filtered or unexported fields
}

ResourceLoadError is returned from Policy.Execute if the policy uses TPM2_PolicySecret and the associated resource could not be loaded. If loading the resource required authorization with a policy session and that failed, this will wrap another *PolicyError.

func (*ResourceLoadError) Error

func (e *ResourceLoadError) Error() string

func (*ResourceLoadError) Unwrap

func (e *ResourceLoadError) Unwrap() error

type SessionContext added in v1.4.0

type SessionContext interface {
	Session() tpm2.SessionContext
	Save() (restore func() error, err error)
	Flush()
}

SessionContext corresponds to a session on the TPM

type SignedAuthorizer

type SignedAuthorizer interface {
	// SignedAuthorization signs a TPM2_PolicySigned authorization for the specified key, policy ref
	// and session nonce.
	SignedAuthorization(sessionAlg tpm2.HashAlgorithmId, sessionNonce tpm2.Nonce, authKey tpm2.Name, policyRef tpm2.Nonce) (*PolicySignedAuthorization, error)
}

SignedAuthorizer provides a way for an implementation to provide signed authorizations using NewTPMPolicyResources.

type TPMHelper added in v1.4.0

type TPMHelper interface {
	// StartAuthSession returns an authorization session with the specified type and
	// algorithm. It is required for any policy that includes TPM2_PolicySecret or
	// TPM2_PolicyNV assertions.
	StartAuthSession(sessionType tpm2.SessionType, alg tpm2.HashAlgorithmId) (SessionContext, PolicySession, error)

	// LoadExternal loads the supplied external object into the TPM. It is required by
	// any policy that includes TPM2_PolicySigned or TPM2_PolicyAuthorize assertions.
	LoadExternal(inPrivate *tpm2.Sensitive, inPublic *tpm2.Public, hierarchy tpm2.Handle) (ResourceContext, error)

	// ReadPublic returns the public area of the resource at the specified handle. It
	// is required by any policy that includes TPM2_PolicySecret assertions on persistent or
	// transient objects.
	ReadPublic(handle tpm2.HandleContext) (*tpm2.Public, error)

	// VerifySignature verifies the supplied signature with the supplied key object. It
	// is required by any policy that includes TPM2_PolicyAuthorize assertions.
	VerifySignature(key tpm2.ResourceContext, digest tpm2.Digest, signature *tpm2.Signature) (*tpm2.TkVerified, error)

	// PCRRead returns the PCR values for the specified selection. It is required to
	// automatically resolve branches where branches include TPM2_PolicyPCR assertions.
	PCRRead(pcrs tpm2.PCRSelectionList) (tpm2.PCRValues, error)

	// ReadClock returns the current time info. It is required to automatically resolve
	// branches where branches include TPM2_PolicyCounterTimer assertions.
	ReadClock() (*tpm2.TimeInfo, error)

	// NVRead returns the contents of the specified NV index. It is required to automatically
	// resolve branches where branches include TPM2_PolicyNV assertions. This will only
	// be called if the index has an authorization policy with a branch that includes
	// TPM2_PolicyCommandCode for TPM2_NV_Read and no other assertions.
	NVRead(auth, index tpm2.ResourceContext, size, offset uint16, authAuthSession tpm2.SessionContext) (tpm2.MaxNVBuffer, error)

	// NVReadPublic returns the public area of the NV index at the specified handle. It
	// is required by any policy that includes TPM2_PolicyNV assertions or TPM2_PolicySecret
	// assertions on NV indices.
	NVReadPublic(handle tpm2.HandleContext) (*tpm2.NVPublic, error)

	// GetPermanentHandleAuthPolicy returns the auth policy digest for the specified
	// permanent handle, if there is one. If there isn't one, it returns a null hash.
	GetPermanentHandleAuthPolicy(handle tpm2.Handle) (tpm2.TaggedHash, error)
}

TPMHelper provides a way for Policy.Execute to communicate with a TPM.

func NewTPMHelper added in v1.4.0

func NewTPMHelper(tpm *tpm2.TPMContext, params *TPMHelperParams, sessions ...tpm2.SessionContext) TPMHelper

NewTPMHelper returns an implementation of TPMHelper that uses the supplied TPM context.

type TPMHelperParams added in v1.4.0

type TPMHelperParams struct {
	// NewPolicySessionFn allows the function used to create a new PolicySession
	// in StartAuthSession to be overridden. The default is NewTPMPolicySession.
	NewPolicySessionFn NewPolicySessionFn
}

TPMHelperParams provides parameters to NewTPMHelper.

type TPMPolicyResourcesParams added in v1.4.0

type TPMPolicyResourcesParams struct {
	Authorizer                 Authorizer                 // Provide a way to authorize resources
	SignedAuthorizer           SignedAuthorizer           // Provide a way to obtain signed authorizations
	ExternalSensitiveResources ExternalSensitiveResources // Provide a way to obtain sensitive areas to load with TPM2_LoadExternal

	// NewTPMHelperFn allows the function used to create a TPMHelper in order to
	// execute policies to be overridden. The default is NewTPMHelper.
	NewTPMHelperFn NewTPMHelperFn

	// NewPolicySessionFn allows the function used to create a new PolicySession
	// in order to execute policies to be overridden. The default is NewTPMPolicySession.
	NewPolicySessionFn NewPolicySessionFn
}

TPMPolicyResourcesParams provides parameters to NewTPMPolicyResources.

type TransientResource

type TransientResource struct {
	ParentName tpm2.Name
	Public     *tpm2.Public
	Private    tpm2.Private

	Policy *Policy
}

TransientResource contains details associated with a transient object.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL