Documentation ¶
Index ¶
- Variables
- func CreateSRK(rwc transport.TPMCloser, hier tpm2.TPMHandle, ownerAuth []byte) (*tpm2.AuthHandle, *tpm2.TPMTPublic, *tpm2.CreatePrimaryResponse, error)
- func EkPolicy(t transport.TPM, handle tpm2.TPMISHPolicy, nonceTPM tpm2.TPM2BNonce) error
- func GetECDSAFromTPMTPublic(pub *tpm2.TPMTPublic) (*ecdsa.PublicKey, error)
- func ReadEKCert(rwc transport.TPMCloser) (*tpm2.NamedHandle, *tpm2.TPMTPublic, error)
- func VerifySignature(pub *tpm2.TPMTPublic, b []byte, sig *tpm2.TPMTSignature) (bool, error)
- type Attestation
- type AttestationParameters
- func (a *AttestationParameters) CreateChallenge(secret []byte) (*EncryptedCredential, error)
- func (a *AttestationParameters) Flush(rwc transport.TPMCloser)
- func (a *AttestationParameters) GetSecret(rwc transport.TPMCloser, ch *EncryptedCredential) ([]byte, error)
- func (a *AttestationParameters) MarshalJSON() ([]byte, error)
- func (a *AttestationParameters) UnmarshalJSON(b []byte) error
- func (a *AttestationParameters) Verify() (bool, error)
- type EncryptedCredential
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ECCSRK_H2_Template = tpm2.TPMTPublic{ Type: tpm2.TPMAlgECC, NameAlg: tpm2.TPMAlgSHA256, ObjectAttributes: tpm2.TPMAObject{ FixedTPM: true, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, NoDA: true, Restricted: true, Decrypt: true, }, Parameters: tpm2.NewTPMUPublicParms( tpm2.TPMAlgECC, &tpm2.TPMSECCParms{ Symmetric: tpm2.TPMTSymDefObject{ Algorithm: tpm2.TPMAlgAES, KeyBits: tpm2.NewTPMUSymKeyBits( tpm2.TPMAlgAES, tpm2.TPMKeyBits(128), ), Mode: tpm2.NewTPMUSymMode( tpm2.TPMAlgAES, tpm2.TPMAlgCFB, ), }, CurveID: tpm2.TPMECCNistP256, }, ), Unique: tpm2.NewTPMUPublicID( tpm2.TPMAlgECC, &tpm2.TPMSECCPoint{ X: tpm2.TPM2BECCParameter{ Buffer: make([]byte, 0), }, Y: tpm2.TPM2BECCParameter{ Buffer: make([]byte, 0), }, }, ), } ECCSAK_H2_Template = tpm2.TPMTPublic{ Type: tpm2.TPMAlgECC, NameAlg: tpm2.TPMAlgSHA256, ObjectAttributes: tpm2.TPMAObject{ FixedTPM: true, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, NoDA: true, Restricted: true, SignEncrypt: true, }, Parameters: tpm2.NewTPMUPublicParms( tpm2.TPMAlgECC, &tpm2.TPMSECCParms{ Scheme: tpm2.TPMTECCScheme{ Scheme: tpm2.TPMAlgECDSA, Details: tpm2.NewTPMUAsymScheme( tpm2.TPMAlgECDSA, &tpm2.TPMSSigSchemeECDSA{ HashAlg: tpm2.TPMAlgSHA256, }, ), }, CurveID: tpm2.TPMECCNistP256, }, ), Unique: tpm2.NewTPMUPublicID( tpm2.TPMAlgECC, &tpm2.TPMSECCPoint{ X: tpm2.TPM2BECCParameter{ Buffer: make([]byte, 0), }, Y: tpm2.TPM2BECCParameter{ Buffer: make([]byte, 0), }, }, ), } )
Functions ¶
func CreateSRK ¶
func CreateSRK(rwc transport.TPMCloser, hier tpm2.TPMHandle, ownerAuth []byte) (*tpm2.AuthHandle, *tpm2.TPMTPublic, *tpm2.CreatePrimaryResponse, error)
func EkPolicy ¶
func EkPolicy(t transport.TPM, handle tpm2.TPMISHPolicy, nonceTPM tpm2.TPM2BNonce) error
func GetECDSAFromTPMTPublic ¶
func GetECDSAFromTPMTPublic(pub *tpm2.TPMTPublic) (*ecdsa.PublicKey, error)
func ReadEKCert ¶
func ReadEKCert(rwc transport.TPMCloser) (*tpm2.NamedHandle, *tpm2.TPMTPublic, error)
func VerifySignature ¶
func VerifySignature(pub *tpm2.TPMTPublic, b []byte, sig *tpm2.TPMTSignature) (bool, error)
Types ¶
type Attestation ¶
type Attestation struct { Public *tpm2.TPMTPublic Signer *tpm2.TPMTPublic CreateData []byte CreateAttestation []byte CreateSignature []byte }
func (*Attestation) VerifyCreation ¶
func (aa *Attestation) VerifyCreation(restricted bool) (bool, error)
type AttestationParameters ¶
type AttestationParameters struct { // Not serialized Handle *tpm2.NamedHandle Host string User string EK *tpm2.TPMTPublic AK *Attestation TPMBoundKey *Attestation }
All parameters here
func NewAttestationParameters ¶
func NewAttestationParameters(rwc transport.TPMCloser, tpmkey *keyfile.TPMKey, rsp *tpm2.CreateResponse) (*AttestationParameters, error)
func (*AttestationParameters) CreateChallenge ¶
func (a *AttestationParameters) CreateChallenge(secret []byte) (*EncryptedCredential, error)
func (*AttestationParameters) Flush ¶
func (a *AttestationParameters) Flush(rwc transport.TPMCloser)
func (*AttestationParameters) GetSecret ¶
func (a *AttestationParameters) GetSecret(rwc transport.TPMCloser, ch *EncryptedCredential) ([]byte, error)
func (*AttestationParameters) MarshalJSON ¶
func (a *AttestationParameters) MarshalJSON() ([]byte, error)
func (*AttestationParameters) UnmarshalJSON ¶
func (a *AttestationParameters) UnmarshalJSON(b []byte) error
func (*AttestationParameters) Verify ¶
func (a *AttestationParameters) Verify() (bool, error)
type EncryptedCredential ¶
func CreateChallenge ¶
func CreateChallenge(ap *AttestationParameters) (*EncryptedCredential, error)
Click to show internal directories.
Click to hide internal directories.