Documentation ¶
Index ¶
- func CertToPEM(der []byte) []byte
- func DeleteKey(dev io.ReadWriteCloser, handle tpmutil.Handle, password string) error
- func GenRSAPrimaryKey(dev io.ReadWriteCloser, handle tpmutil.Handle, parentPW, ownerPW string, ...) (crypto.PublicKey, error)
- func GetHandles(dev io.ReadWriteCloser, start tpm2.TPMProp) ([]tpmutil.Handle, error)
- func KeyList(dev io.ReadWriteCloser) ([]tpmutil.Handle, error)
- func LoadExternal(dev io.ReadWriteCloser, handle tpmutil.Handle, pk crypto.PrivateKey, ...) (tpmutil.Handle, error)
- func LoadKeyPair(crtFilePEM, keyFilePEM string) (*x509.Certificate, crypto.PrivateKey, error)
- func LoadRSAKeyFile(keyFilePEM string) (crypto.PrivateKey, error)
- func LoadX509CertificateFile(crtFilePEM string) (*x509.Certificate, error)
- func MarshalSSHPublic(k ssh.PublicKey, id string) []byte
- func NVDelete(dev io.ReadWriteCloser, index tpmutil.Handle, password string) error
- func NVList(dev io.ReadWriteCloser) ([]tpmutil.Handle, error)
- func NVRead(dev io.ReadWriteCloser, index tpmutil.Handle, password string) ([]byte, error)
- func NVWrite(dev io.ReadWriteCloser, index tpmutil.Handle, b []byte, password string, ...) error
- func OpenDevice(device string) (io.ReadWriteCloser, error)
- func PEMToPrivKey(b []byte) (crypto.PrivateKey, error)
- func PEMToPubKey(b []byte) (crypto.PublicKey, error)
- func PubKeyToPEM(pub crypto.PublicKey) ([]byte, error)
- func ReadPublicKey(dev io.ReadWriteCloser, handle tpmutil.Handle) (tpm2.Public, crypto.PublicKey, error)
- type RSAPrivateKey
- type Simulator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenRSAPrimaryKey ¶
func GenRSAPrimaryKey(dev io.ReadWriteCloser, handle tpmutil.Handle, parentPW, ownerPW string, attr tpm2.KeyProp) (crypto.PublicKey, error)
GenRSAPrimaryKey generates a primary RSA key and makes it persistent under the given handle.
func GetHandles ¶
GetHandles returns a list of all handles of a type determined by by the starting position.
func KeyList ¶
func KeyList(dev io.ReadWriteCloser) ([]tpmutil.Handle, error)
KeyList returns a list of persistent key handles.
func LoadExternal ¶
func LoadExternal(dev io.ReadWriteCloser, handle tpmutil.Handle, pk crypto.PrivateKey, password string, attr tpm2.KeyProp) (tpmutil.Handle, error)
LoadExternal loads an existing key-pair into the TPM and returns the key handle. The key is loaded / into the Null hierarchy and not persistent.
func LoadKeyPair ¶
func LoadKeyPair(crtFilePEM, keyFilePEM string) (*x509.Certificate, crypto.PrivateKey, error)
LoadKeyPair reads and parses a key and certificate file in PEM format.
func LoadRSAKeyFile ¶
func LoadRSAKeyFile(keyFilePEM string) (crypto.PrivateKey, error)
LoadRSAKeyFile reads a private RSA key in PEM format from a file.
func LoadX509CertificateFile ¶
func LoadX509CertificateFile(crtFilePEM string) (*x509.Certificate, error)
LoadX509CertificateFile reads a certificate in PEM format from a file.
func MarshalSSHPublic ¶
MarshalSSHPublic encodes a certificate or public key into a format that can be used by OpenSSH.
func NVDelete ¶
NVDelete undefines the space used by an NV index, effectively deleting the data in it.
func NVList ¶
func NVList(dev io.ReadWriteCloser) ([]tpmutil.Handle, error)
NVList returns a list of handles for defined NV indexes.
func NVWrite ¶
func NVWrite(dev io.ReadWriteCloser, index tpmutil.Handle, b []byte, password string, attr tpm2.NVAttr) error
NVWrite reserves space in an NV index and writes to it starting at offset 0. It automatically determines the max buffer size prior to writing blocks to the index.
func OpenDevice ¶
func OpenDevice(device string) (io.ReadWriteCloser, error)
OpenDevice opens a TPM2. If device is 'sim', it'll connect to a simulator. The caller is responsible for calling Close().
func PEMToPrivKey ¶
func PEMToPrivKey(b []byte) (crypto.PrivateKey, error)
PEMToPrivKey decodes a Private key in PCKS1 PEM format.
func PEMToPubKey ¶
PEMToPubKey decodes a public key in PCKS1 PEM format.
func PubKeyToPEM ¶
PubKeyToPEM encodes a public key in PEM format.
Types ¶
type RSAPrivateKey ¶
type RSAPrivateKey struct {
// contains filtered or unexported fields
}
RSAPrivateKey represents an RSA key in a TPM and implements the crypto.PrivateKey interface which allows it to be used in TLS connections.
func NewRSAPrivateKey ¶
func NewRSAPrivateKey(dev io.ReadWriteCloser, handle tpmutil.Handle, password string) (RSAPrivateKey, error)
NewRSAPrivateKey initializes crypto.PrivateKey with a private key that is held in the TPM.
func (RSAPrivateKey) Decrypt ¶
func (k RSAPrivateKey) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) ([]byte, error)
Decrypt decrypts ciphertext with the key in the TPM. If opts is nil or of type *PKCS1v15DecryptOptions then PKCS#1 v1.5 decryption is performed. Otherwise opts must have type *OAEPOptions and OAEP decryption is performed. tpm2.FlagDecrypt needs to be set and tpm2.FlagRestricted clear in the key properties. Implements crypto.Decrypter. Note that using OAEP with a label requires a null-terminated string.
func (RSAPrivateKey) Public ¶
func (k RSAPrivateKey) Public() crypto.PublicKey
Public returns the public part of the key.
func (RSAPrivateKey) Sign ¶
func (k RSAPrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)
Sign digests via a key in the TPM. Implements crypto.Signer. If opts are *rsa.PSSOptions, the PSS signature algorithm is used, PKCS#1 1.5 otherwise. To use this function, tpm2.FlagSign needs to be set on the key, and tpm2.FlagRestricted needs to be clear.
type Simulator ¶
Simulator is a wrapper around a simulator connection that ensures startup and shutdown are called on open/close. This is only necessary with simulators. If shutdown isn't called before disconnecting, the lockout counter in the simulator is incremented.