plugin

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2025 License: MIT Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PluginName = "tpm"
)

Variables

View Source 
var (
	ErrPinentryCancelled = errors.New("cancelled pinentry")
)
View Source 
var (
	Log *log.Logger
)

Functions

func CreateIdentity added in v0.1.0 

func CreateIdentity(tpm transport.TPMCloser, pin []byte) (*Identity, *Recipient, error)

Creates a new identity. It initializes a new SRK parent in the TPM and returns the identity and the corresponding recipient. Note: It does not load the identity key into the TPM.

func CreateSRK added in v0.1.0 

func CreateSRK(tpm transport.TPMCloser) (*tpm2.AuthHandle, *tpm2.TPMTPublic, error)

Creates a Storage Key, or return the loaded storage key

func DecryptFileKeyTPM added in v0.2.0 

func DecryptFileKeyTPM(tpm transport.TPMCloser, identity *Identity, remoteKey, fileKey, pin []byte) ([]byte, error)

Decrypts and unwraps a filekey

func EncodeIdentity added in v0.1.0 

func EncodeIdentity(i *Identity) string

func EncodeRecipient 

func EncodeRecipient(recipient *Recipient) string

func EncryptFileKey added in v0.2.0 

func EncryptFileKey(fileKey []byte, pubkey *ecdh.PublicKey) ([]byte, []byte, error)

Wraps the file key in a session key Returns the sealed filekey, the session pubkey bytes, error

func FlushHandle added in v0.2.0 

func FlushHandle(tpm transport.TPM, h handle)

Helper to flush handles

func GetFixedSim added in v0.3.0 

func GetFixedSim() (transport.TPMCloser, error)

func GetPinentry added in v0.2.0 

func GetPinentry() ([]byte, error)

func LoadIdentity added in v0.1.0 

func LoadIdentity(tpm transport.TPMCloser, identity *Identity) (*tpm2.AuthHandle, error)

func LoadIdentityWithParent added in v0.1.0 

func LoadIdentityWithParent(tpm transport.TPMCloser, parent tpm2.AuthHandle, identity *Identity) (*tpm2.AuthHandle, error)

func Marshal 

func Marshal(i *Identity, w io.Writer)

func MarshalCompressedEC added in v0.2.0 

func MarshalCompressedEC(pk *ecdh.PublicKey) []byte

Marshal a compressed EC key

func MarshalIdentity 

func MarshalIdentity(i *Identity, recipient *Recipient, w io.Writer) error

func MarshalRecipient 

func MarshalRecipient(pubkey *Recipient, w io.Writer) error

func SetLogger 

func SetLogger(w io.Writer)

func UnmarshalCompressedEC added in v0.2.0 

func UnmarshalCompressedEC(b []byte) (*big.Int, *big.Int, *ecdh.PublicKey, error)

Unmarshal a compressed ec key

func UnwrapKey added in v0.2.0 

func UnwrapKey(sessionKey, publicKey *ecdh.PublicKey, shared, fileKey []byte) ([]byte, error)

Unwraps a key using the standard kdf function.

func WrapKey added in v0.2.0 

func WrapKey(sessionKey, publicKey *ecdh.PublicKey, shared, fileKey []byte) ([]byte, error)

Wraps a key using the standard kdf function.

Types

type Identity added in v0.1.0 

type Identity struct {
	Version uint8
	PIN     PINStatus
	Private tpm2.TPM2BPrivate
	Public  tpm2.TPM2BPublic
}

func DecodeIdentity added in v0.1.0 

func DecodeIdentity(s string) (*Identity, error)

func ParseIdentity added in v0.1.0 

func ParseIdentity(f io.Reader) (*Identity, error)

func (*Identity) Recipient added in v0.2.0 

func (i *Identity) Recipient() (*Recipient, error)

func (*Identity) Serialize added in v0.1.0 

func (i *Identity) Serialize() []any

type PINStatus 

type PINStatus uint8

We need to know if the TPM handle has a pin set 

const (
	NoPIN PINStatus = iota
	HasPIN
)

func (PINStatus) String 

func (p PINStatus) String() string

type Recipient added in v0.2.0 

type Recipient struct {
	Pubkey *ecdh.PublicKey
	// contains filtered or unexported fields
}

func DecodeRecipient 

func DecodeRecipient(s string) (*Recipient, error)

func NewRecipient added in v0.2.0 

func NewRecipient(ecc *ecdh.PublicKey) *Recipient

func NewRecipientFromBytes added in v0.2.0 

func NewRecipientFromBytes(s []byte) (*Recipient, error)

func (*Recipient) String added in v0.2.0 

func (r *Recipient) String() string

func (*Recipient) Tag added in v0.2.0 

func (r *Recipient) Tag() []byte

Returns the 4 first bytes of a sha256 sum of the key this is used to to find the correct identity in a stanza

type TPMCloser added in v0.3.0 

type TPMCloser struct {
	// contains filtered or unexported fields
}

TPM represents a connection to a TPM simulator.

func (*TPMCloser) Close added in v0.3.0 

func (t *TPMCloser) Close() error

Close implements the TPM interface.

func (*TPMCloser) Send added in v0.3.0 

func (t *TPMCloser) Send(input []byte) ([]byte, error)

Send implements the TPM interface.

type TPMDevice added in v0.1.0 

type TPMDevice struct {
	// contains filtered or unexported fields
}

Wrap swtpm and tpm into one device thing

func NewSwTPM added in v0.1.0 

func NewSwTPM(dir string) (*TPMDevice, error)

Setup a new Software TPM

func NewTPM added in v0.1.0 

func NewTPM(dir string) (*TPMDevice, error)

Setup a new TPM device

func NewTPMDevice added in v0.1.0 

func NewTPMDevice(tpmPath string, isSwtpm bool) (*TPMDevice, error)

Setup a NewTPMDevice

func (*TPMDevice) Close added in v0.1.0 

func (t *TPMDevice) Close()

func (*TPMDevice) TPM added in v0.1.0 

func (t *TPMDevice) TPM() transport.TPMCloser

Return the TPM rwc

func (*TPMDevice) Watch added in v0.1.0 

func (t *TPMDevice) Watch()

Watch for a interrution signal

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.