verification

package

v0.1.1 Latest Latest Go to latest Published: Apr 1, 2016 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/coreos/go-tspi

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateChallenge(ekcert []byte, aikpub []byte, secret []byte) (asymenc []byte, symenc []byte, err error)
func KeyVerify(data []byte, validation []byte, aikpub []byte, keypub []byte, secret []byte) error
func QuoteVerify(data []byte, validation []byte, aikpub []byte, pcrvalues [][]byte, ...) error
func VerifyEKCert(ekcert []byte) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateChallenge ¶

func GenerateChallenge(ekcert []byte, aikpub []byte, secret []byte) (asymenc []byte, symenc []byte, err error)

GenerateChallenge takes a copy of the EK certificate, the public half of the AIK to be challenged and a secret. It then symmetrically encrypts the secret with a randomly generated AES key and Asymmetrically encrypts the AES key with the public half of the EK. These can then be provided to the TPM in order to ensure that the AIK is under the control of the TPM. It returns the asymmetrically and symmetrically encrypted data, along with any error.

func KeyVerify ¶

func KeyVerify(data []byte, validation []byte, aikpub []byte, keypub []byte, secret []byte) error

KeyVerify verifies that a key certification request was genuinely provided by the TPM. It takes the certification data, certification validation blob, the public half of the AIK, the public half of the key to be certified and the nonce used in the original quote request. It then verifies that the validation block is a valid signature for the certification data, that the certification data matches the certified key and that the secrets are the same (in order to avoid replay attacks). It returns an error if any stage of the validation fails.

func QuoteVerify ¶

func QuoteVerify(data []byte, validation []byte, aikpub []byte, pcrvalues [][]byte, secret []byte) error

QuoteVerify verifies that a quote was genuinely provided by the TPM. It takes the quote data, quote validation blob, public half of the AIK, current PCR values and the nonce used in the original quote request. It then verifies that the validation block is a valid signature for the quote data, that the secrets are the same (in order to avoid replay attacks), and that the PCR values are the same. It returns an error if any stage of the validation fails.

func VerifyEKCert ¶

func VerifyEKCert(ekcert []byte) error

VerifyEKCert verifies that the provided EK certificate is signed by a trusted manufacturer.

Types ¶

This section is empty.

Source Files ¶

View all Source files

verification.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL