tspi

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 2, 2021 License: Apache-2.0 Imports: 13 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var TSS_UUID_CRK = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source
var TSS_UUID_RK = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source
var TSS_UUID_SK = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source
var TSS_UUID_SRK = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source
var TSS_UUID_USK1 = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source
var TSS_UUID_USK2 = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source
var TSS_UUID_USK3 = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source
var TSS_UUID_USK4 = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source
var TSS_UUID_USK5 = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source
var TSS_UUID_USK6 = C.TSS_UUID{
	// contains filtered or unexported fields
}

Functions

func ModulusFromBlob

func ModulusFromBlob(blob []byte) []byte

ModulusFromBlob provides the modulus of a provided TSS key blob

Types

type Context

type Context struct {
	// contains filtered or unexported fields
}

Context is a TSS context

func NewContext

func NewContext() (*Context, error)

NewContext returns a TSS daemon context

func (*Context) Close

func (context *Context) Close() error

Close closes the connection between the context and the TSS daemon. It returns an error on failure.

func (*Context) Connect

func (context *Context) Connect() error

Connect opens a connection between the context and the TSS daemon. It returns an error on failure.

func (*Context) CreateHash added in v0.2.0

func (context *Context) CreateHash(hash crypto.Hash) (*Hash, error)

CreateHash creates a Hash object for the given hash algorithm. If using an algorithm other than crypto.SHA1 and if you are signing with this hash then make sure the key is created with signing algorithm TSS_SS_RSASSAPKCS1V15_DER.

func (*Context) CreateKey

func (context *Context) CreateKey(flags int) (*Key, error)

CreateKey creates a TSS object referring to a TPM key. It returns a reference to the object and any error.

func (*Context) CreateNV

func (context *Context) CreateNV() (*NV, error)

CreateNV creates a TSS object referring to a TPM NVRAM area. It returns a reference to the object and any error.

func (*Context) CreatePCRs

func (context *Context) CreatePCRs(flags int) (*PCRs, error)

CreatePCRs creates an object referring to a TSS PCR composite. It returns a reference to the object plus any error.

func (*Context) CreatePolicy

func (context *Context) CreatePolicy(flags int) (*Policy, error)

CreatePolicy creates an object referring to a TSS policy. It returns a reference to the object plus any error.

func (*Context) GetCapability added in v0.2.0

func (context *Context) GetCapability(capa int, subcaplen uint, subcap uint8) ([]byte, error)

GetCapability reads the requested capability and subcapability from the TPM. A list of capabilities and subcapabilities can be found under tspiconst/tpsiconst. For usage information see Section 21.1 of the TPM1.2 main specification-part2.

func (*Context) GetTPM

func (context *Context) GetTPM() *TPM

GetTPM returns a reference to the TPM associated with this context

func (*Context) LoadKeyByBlob

func (context *Context) LoadKeyByBlob(parent *Key, blob []byte) (*Key, error)

LoadKeyByBlob takes an encrypted key blob and reads it into the TPM. It takes a reference to the parent key and the key blob, and returns a reference to the key and any error.

func (*Context) LoadKeyByUUID

func (context *Context) LoadKeyByUUID(storetype int, uuid C.TSS_UUID) (*Key, error)

LoadKeyByUUID loads the key referenced by UUID. The storetype argument indicates whether the key should be obtained from the system or user stores. It returns a reference to the key and any error.

type Hash

type Hash struct {
	// contains filtered or unexported fields
}

Hash is a TSS hash

func (*Hash) Close added in v0.2.0

func (hash *Hash) Close() error

Close closes the Hash object.

func (*Hash) SetValue added in v0.2.0

func (hash *Hash) SetValue(hashed []byte) error

SetValue sets the value of the hash to the given bytes

func (*Hash) Sign added in v0.2.0

func (hash *Hash) Sign(key *Key) ([]byte, error)

Sign uses the provided key to create a signature.

func (*Hash) Update

func (hash *Hash) Update(data []byte) error

Update updates a TSS hash with the data provided. It returns an error on failure.

func (*Hash) Verify

func (hash *Hash) Verify(key *Key, signature []byte) error

Verify checks whether a hash matches the signature signed with the provided key. It returns an error on failure.

type Key

type Key struct {
	// contains filtered or unexported fields
}

Key is a TSS key

func (*Key) AssignPolicy added in v0.2.0

func (key *Key) AssignPolicy(policy *Policy) error

AssignPolicy assigns a TSS policy to the key.

func (*Key) Bind

func (key *Key) Bind(data []byte) ([]byte, error)

Bind encrypts some data using the TPM and returns it.

func (*Key) Certify

func (key *Key) Certify(certifykey *Key, challenge []byte) ([]byte, []byte, error)

Certify signs the public key with another key held by the TPM

func (*Key) Close added in v0.2.0

func (key *Key) Close() error

Close closes the Key object.

func (*Key) GenerateKey

func (key *Key) GenerateKey(wrapkey *Key) (err error)

GenerateKey generates a key pair on the TPM, wrapping it with the provided key

func (*Key) GetExponent added in v0.2.0

func (key *Key) GetExponent() (uint32, error)

GetExponent returns the exponent of the public key

func (*Key) GetKeyBlob

func (key *Key) GetKeyBlob() ([]byte, error)

GetKeyBlob returns an encrypted blob containing the public and private halves of the key

func (*Key) GetModulus

func (key *Key) GetModulus() (modulus []byte, err error)

GetModulus returns the modulus of the public key

func (*Key) GetPolicy

func (key *Key) GetPolicy(poltype int) (*Policy, error)

GetPolicy returns the policy associated with the key

func (*Key) GetPubKeyBlob

func (key *Key) GetPubKeyBlob() (pubkey []byte, err error)

GetPubKeyBlob returns the public half of the key in TPM blob format

func (*Key) GetPublicKey added in v0.2.0

func (key *Key) GetPublicKey() (*rsa.PublicKey, error)

GetPublicKey returns a go-native *rsa.PublicKey instance of this key's public key

func (*Key) Seal

func (key *Key) Seal(data []byte, pcrs *PCRs) ([]byte, error)

Seal encrypts the data using the TPM such that it can only be decrypted when the TPM's PCR values match the values set on the provided PCRs object. If pcrs is nil, the data will be sealed to the TPM but may be decrypted regardless of platform state.

func (*Key) SetModulus

func (key *Key) SetModulus(n []byte) error

SetModulus sets the modulus of a public key to the provided value

func (*Key) SetSignatureScheme added in v0.2.0

func (key *Key) SetSignatureScheme(scheme int) error

SetSignatureScheme sets the signature scheme on a newly created key. The scheme parameter should be one of tspiconst.TSS_SS_RSASSAPKCS1V15_SHA1 or tspiconst.TSS_SS_RSASSAPKCS1V15_DER

func (*Key) Unbind

func (key *Key) Unbind(data []byte) ([]byte, error)

Unbind decrypts data previously encrypted with this key

func (*Key) Unseal

func (key *Key) Unseal(data []byte) ([]byte, error)

Unseal decrypts data previously encrypted with this key as long as the PCR values match those the data was sealed against

type NV

type NV struct {
	// contains filtered or unexported fields
}

NV is a TSS NV object

func (*NV) AssignPolicy

func (nv *NV) AssignPolicy(policy *Policy) error

AssignPolicy assigns a policy to the TPM NVRAM region

func (*NV) Close added in v0.2.0

func (nv *NV) Close() error

Close closes the NV object.

func (*NV) ReadValue

func (nv *NV) ReadValue(offset uint, length uint) ([]byte, error)

ReadValue reads length bytes from offset in the TPM NVRAM space

func (*NV) SetIndex

func (nv *NV) SetIndex(index uint) error

SetIndex sets the TPM NVRAM index that will be referenced by ReadValue()

type PCRs

type PCRs struct {
	// contains filtered or unexported fields
}

PCRs is a structure representing a PCR object and the PCR values

func (*PCRs) Close added in v0.2.0

func (pcrs *PCRs) Close() error

Close closes the PCRs object.

func (*PCRs) GetPCRValues

func (pcrs *PCRs) GetPCRValues() ([][]byte, error)

GetPCRValues obtains the PCR values for any PCRs that have been set.

func (*PCRs) SetPCRs

func (pcrs *PCRs) SetPCRs(pcrset []int) error

SetPCRs takes an array of integers referring to PCRs. Any queries performed with this PCR object will then query these PCRs.

type Policy

type Policy struct {
	// contains filtered or unexported fields
}

Policy is a TSS policy object

func (*Policy) Close added in v0.2.0

func (policy *Policy) Close() error

Close closes the Policy object.

func (*Policy) SetSecret

func (policy *Policy) SetSecret(sectype int, secret []byte) error

SetSecret sets the secret for a policy. This policy may then be applied to another object.

type TPM

type TPM struct {
	// contains filtered or unexported fields
}

TPM is a TSS TPM object

func (*TPM) ActivateIdentity

func (tpm *TPM) ActivateIdentity(aik *Key, asymblob []byte, symblob []byte) (secret []byte, err error)

ActivateIdentity accepts an encrypted key blob representing the AIK and two blobs representing the asymmetric and symmetric challenges associated with the AIK. If the TPM is able to decrypt the challenges and the challenges correspond to the AIK, the TPM will return the original challenge secret.

func (*TPM) AssignPolicy

func (tpm *TPM) AssignPolicy(policy *Policy) error

AssignPolicy assigns a TSS policy to the TPM.

func (*TPM) Close added in v0.2.0

func (tpm *TPM) Close() error

Close closes the TPM object.

func (*TPM) CollateIdentityRequest

func (tpm *TPM) CollateIdentityRequest(srk *Key, pubkey *Key, aik *Key) ([]byte, error)

CollateIdentityRequest creates a signing request for the provided AIKq

func (*TPM) ExtendPCR

func (tpm *TPM) ExtendPCR(pcr int, data []byte, eventtype int, event []byte) error

ExtendPCR extends a pcr. If event is nil, data must be pre-hashed with SHA1. If event is not nil, event is used to populate the TSS event log. If both data and event are provided, both will be used to create the extend hash.

func (*TPM) GetEventLog

func (tpm *TPM) GetEventLog() ([]tspiconst.Log, error)

GetEventLog returns an array of structures representing the contents of the TSS event log

func (*TPM) GetPCRValues added in v0.2.0

func (tpm *TPM) GetPCRValues() ([][]byte, error)

GetPCRValues obtains the PCR values from the TPM.

func (*TPM) GetPolicy

func (tpm *TPM) GetPolicy(poltype int) (*Policy, error)

GetPolicy returns the TSS policy associated with the TPM.

func (*TPM) GetQuote

func (tpm *TPM) GetQuote(aik *Key, pcrs *PCRs, challenge []byte) ([]byte, []byte, error)

GetQuote takes an encrypted key blob representing the AIK, a set of PCRs and a challenge and returns a blob containing a hash of the PCR hashes and the challenge, and a validation blob signed by the AIK.

func (*TPM) TakeOwnership

func (tpm *TPM) TakeOwnership(srk *Key) error

TakeOwnership transitions a TPM from unowned state to owned, installing the encrypted key blob as the SRK.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL