attest

Documentation

Index

• type Attestor
• type EKData
• type Req
• type Resp
• type SecureHardwareVendorData

Types

type Attestor

type Attestor interface {
	Attest(*Req) (*Resp, error)
}

Attestor is the interface which performs attestation

type EKData

type EKData struct {
	Certificate                 []byte // Complete ASN.1 DER content.
	IssuerCN                    string
	SubjectCN                   string
	SerialNumber                string
	SignatureAlgorithm          string
	PublicKeyAlgorithm          string
	HasCertInNVRAM              bool
	HasPublicKeyInNVRam         bool
	CertDownloadedFromVendorURL bool // this is expected to be false as we aren't downloading certificates yet
	VendorCertificateURL        string
}

EKData contains metadata for a TPM 2.0 Endorsement Key

type Req

type Req struct {
	TPM       io.ReadWriteCloser
	KeyHandle any
}

Req represents the request to attest & certify a TPM key

type Resp

type Resp struct {
	AttestationStatement string
	CertificationParams  string
	PublicKey            []byte
}

Resp represents the response from the attestation process

type SecureHardwareVendorData

type SecureHardwareVendorData struct {
	EKs                    []EKData
	IsTPM20CompliantDevice bool
	VendorName             string
	VendorInfo             string
	Version                uint8
}

SecureHardwareVendorData represents metadata for the specific hardware backed key store available on the device