templates

package
v1.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 30, 2024 License: LGPL-3.0 Imports: 2 Imported by: 2

Documentation

Overview

Package templates is deprecated and shouldn't be used - use objectutil instead.

Index

Constants

View Source 
const (
	KeyUsageSign    = objectutil.UsageSign
	KeyUsageDecrypt = objectutil.UsageDecrypt

	KeyUsageEncrypt = objectutil.UsageEncrypt
)

Variables

This section is empty.

Functions

func NewDerivationParentKey deprecated 

func NewDerivationParentKey(nameAlg, schemeAlg tpm2.HashAlgorithmId) *tpm2.Public

NewDerivationParentKey returns a template for derivation parent key with the specified name algorithm and KDF digest algorithm. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If schemeAlg is HashAlgorithmNull, then nameAlg is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a key with a TPM generated seed. In order to supply the seed, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewDerivationParentTemplate.

func NewDerivationParentKeyWithDefaults deprecated 

func NewDerivationParentKeyWithDefaults() *tpm2.Public

NewDerivationParentKeyWithDefaults returns a template for derivation parent key with SHA256 as the name algorithm and KDF digest algorithm.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a key with a TPM generated seed. In order to supply the seed, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewDerivationParentTemplate.

func NewECCKey deprecated 

func NewECCKey(nameAlg tpm2.HashAlgorithmId, usage KeyUsage, scheme *tpm2.ECCScheme, curve tpm2.ECCCurve) *tpm2.Public

NewECCKey returns a template for a general purpose ECC key for the specified usage, with the specified name algorithm, ECC scheme and elliptic curve. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewECCKeyTemplate.

func NewECCKeyWithDefaults deprecated 

func NewECCKeyWithDefaults(usage KeyUsage) *tpm2.Public

NewECCKeyWithDefaults returns a template for a general purpose ECC key for the specified usage, with SHA256 as the name algorithm, the scheme unset and NIST-P256 as the curve. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewECCKeyTemplate.

func NewECCStorageKey deprecated 

func NewECCStorageKey(nameAlg tpm2.HashAlgorithmId, algorithm tpm2.SymObjectAlgorithmId, keyBits uint16, curve tpm2.ECCCurve) *tpm2.Public

NewECCStorageKey returns a template for a ECC storage parent with the specified name algorithm, symmetric cipher, symmetric key size and elliptic curve. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If algorithm is SymObjectAlgorithmNull, then SymObjectAlgorithmAES is used. If keyBits is zero, then 128 is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewECCStorageKeyTemplate.

func NewECCStorageKeyWithDefaults deprecated 

func NewECCStorageKeyWithDefaults() *tpm2.Public

NewECCStorageKeyWithDefaults returns a template for a ECC storage parent with SHA256 as the name algorithm, AES-128 as the symmetric cipher and the NIST-P256 curve.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewECCStorageKeyTemplate.

func NewHMACKey deprecated 

func NewHMACKey(nameAlg, schemeAlg tpm2.HashAlgorithmId) *tpm2.Public

NewHMACKey returns a template for a HMAC key with the specified name algorithm and HMAC digest algorithm. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If schemeAlg is HashAlgorithmNull, then nameAlg is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewHMACKeyTemplate.

func NewHMACKeyWithDefaults deprecated 

func NewHMACKeyWithDefaults() *tpm2.Public

NewHMACKeyWithDefaults returns a template for a HMAC key with SHA256 as the name algorithm and the HMAC digest algorithm.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewHMACKeyTemplate.

func NewRSAKey deprecated 

func NewRSAKey(nameAlg tpm2.HashAlgorithmId, usage KeyUsage, scheme *tpm2.RSAScheme, keyBits uint16) *tpm2.Public

NewRSAKey returns a template for a general purpose RSA key for the specified usage, with the specified name algorithm, RSA scheme and RSA key size. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If keyBits is zero, then 2048 is used. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewRSAKeyTemplate.

func NewRSAKeyWithDefaults deprecated 

func NewRSAKeyWithDefaults(usage KeyUsage) *tpm2.Public

NewRSAKeyWithDefaults returns a template for a general purpose RSA key for the specified usage, with SHA256 as the name algorithm, the scheme unset and 2048 bits as the key size. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewRSAKeyTemplate.

func NewRSAStorageKey deprecated 

func NewRSAStorageKey(nameAlg tpm2.HashAlgorithmId, algorithm tpm2.SymObjectAlgorithmId, symKeyBits, asymKeyBits uint16) *tpm2.Public

NewRSAStorageKey returns a template for a RSA storage parent with the specified name algorithm, symmetric cipher, symmetric key size and RSA key size. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If algorithm is SymObjectAlgorithmNull, then SymObjectAlgorithmAES is used. If symKeyBits is zero, then 128 is used. If asymKeyBits is zero, then 2048 is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewRSAStorageKeyTemplate.

func NewRSAStorageKeyWithDefaults deprecated 

func NewRSAStorageKeyWithDefaults() *tpm2.Public

NewRSAStorageKeyWithDefaults returns a template for a RSA storage parent with SHA256 as the name algorithm, AES-128 as the symmetric cipher and 2048 bits as the RSA key size.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewRSAStorageKeyTemplate.

func NewRestrictedECCSigningKey deprecated 

func NewRestrictedECCSigningKey(nameAlg tpm2.HashAlgorithmId, scheme *tpm2.ECCScheme, curve tpm2.ECCCurve) *tpm2.Public

NewRestrictedECCSigningKey returns a template for a restricted ECC signing key with the specified name algorithm, ECC scheme and elliptic curve. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If scheme is nil, then ECDSA is used with the digest algorithm set to the same as the name algorithm.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewECCAttestationKeyTemplate.

func NewRestrictedECCSigningKeyWithDefaults deprecated 

func NewRestrictedECCSigningKeyWithDefaults() *tpm2.Public

NewRestrictedECCSigningKeyWithDefaults returns a template for a restricted ECC signing key with SHA256 as the name algorithm, ECDSA with SHA256 as the scheme and NIST-P256 as the curve.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewECCAttestationKeyTemplate.

func NewRestrictedRSASigningKey deprecated 

func NewRestrictedRSASigningKey(nameAlg tpm2.HashAlgorithmId, scheme *tpm2.RSAScheme, keyBits uint16) *tpm2.Public

NewRestrictedRSASigningKey returns a template for a restricted RSA signing key with the specified name algorithm, RSA scheme and RSA key size. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If scheme is nil, then RSASSA is used with the digest algorithm set to the same as the name algorithm. If keyBits is zero, then 2048 is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewRSAAttestationKeyTemplate.

func NewRestrictedRSASigningKeyWithDefaults deprecated 

func NewRestrictedRSASigningKeyWithDefaults() *tpm2.Public

NewRestrictedRSASigningKeyWithDefaults returns a template for a restricted RSA signing key with SHA256 as the name algorithm, RSA-SSA with SHA256 as the scheme and 2048 bits as the key size.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewRSAAttestationKeyTemplate.

func NewSealedObject deprecated 

func NewSealedObject(nameAlg tpm2.HashAlgorithmId) *tpm2.Public

NewSealedObject returns a template for a sealed object with the specified name algorithm. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used.

The template cannot be used to create an object in a duplication group. In order to create an object in a duplication group, remove the AttrFixedTPM attribute. In order to create an object that can be moved to a new parent, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewSealedObjectTemplate.

func NewSymmetricKey deprecated 

func NewSymmetricKey(nameAlg tpm2.HashAlgorithmId, usage KeyUsage, algorithm tpm2.SymObjectAlgorithmId, keyBits uint16, mode tpm2.SymModeId) *tpm2.Public

NewSymmetricKey returns a template for a general purpose symmetric key with the specified name algorithm, key usage, symmetic algorithm, symmetric key size and symmetric mode. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If algorithm is SymObjectAlgorithmNull, then SymObjectAlgorithmAES is used. If keyBits is zero, then 128 is used. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewSymmetricKeyTemplate.

func NewSymmetricKeyWithDefaults deprecated 

func NewSymmetricKeyWithDefaults(usage KeyUsage) *tpm2.Public

NewSymmetricKeyWithDefaults returns a template for a general purpose symmetric key for the specified usage with SHA256 as the name algorithm, AES-128 as the cipher and CFB as the cipher mode. If no usage is specified, the template will include both sign and decrypt attributes.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewSymmetricKeyTemplate.

func NewSymmetricStorageKey deprecated 

func NewSymmetricStorageKey(nameAlg tpm2.HashAlgorithmId, algorithm tpm2.SymObjectAlgorithmId, keyBits uint16) *tpm2.Public

NewSymmetricStorageKey returns a template for a symmetric storage parent with the specified name algorithm, symmetric cipher and symmetric key size. If nameAlg is HashAlgorithmNull, then HashAlgorithmSHA256 is used. If algorithm is SymObjectAlgorithmNull, then SymObjectAlgorithmAES is used. If keyBits is zero, then 128 is used.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewSymmetricStorageKeyTemplate.

func NewSymmetricStorageKeyWithDefaults deprecated 

func NewSymmetricStorageKeyWithDefaults() *tpm2.Public

NewSymmetricStorageKeyWithDefaults returns a template for a symmetric storage parent with SHA256 as the name algorithm and AES-128 as the symmetric cipher.

The template cannot be used to create a key in a duplication group. In order to create a key in a duplication group, remove the AttrFixedTPM attribute. In order to create a key that is a duplication root, remove both the AttrFixedTPM and AttrFixedParent attributes. In this case, an authorization policy that permits duplication must be added.

The template will create a TPM generated key. In order to supply the key, remove the AttrSensitiveDataOrigin attribute.

The template has the AttrUserWithAuth set in order to permit authentication for the user auth role using the created object's authorization value. In order to require authentication for the user auth role using an authorization policy, remove the AttrUserWithAuth attribute.

Deprecated: Use objectutil.NewSymmetricStorageKeyTemplate.

Types

type KeyUsage 

type KeyUsage = objectutil.Usage

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.