Documentation ¶
Index ¶
- func GenerateChallenge(ekcert []byte, aikpub []byte, secret []byte) (asymenc []byte, symenc []byte, err error)
- func GenerateChallengeEx(pubkey *rsa.PublicKey, aikpub []byte, secret []byte) (asymenc []byte, symenc []byte, err error)
- func KeyVerify(data []byte, validation []byte, aikpub []byte, keypub []byte, secret []byte) error
- func QuoteVerify(data []byte, validation []byte, aikpub []byte, pcrvalues [][]byte, ...) error
- func VerifyEKCert(ekcert []byte) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateChallenge ¶
func GenerateChallenge(ekcert []byte, aikpub []byte, secret []byte) (asymenc []byte, symenc []byte, err error)
GenerateChallenge takes a copy of the EK certificate, the public half of the AIK to be challenged and a secret. It then symmetrically encrypts the secret with a randomly generated AES key and Asymmetrically encrypts the AES key with the public half of the EK. These can then be provided to the TPM in order to ensure that the AIK is under the control of the TPM. It returns the asymmetrically and symmetrically encrypted data, along with any error.
func GenerateChallengeEx ¶ added in v0.3.0
func GenerateChallengeEx(pubkey *rsa.PublicKey, aikpub []byte, secret []byte) (asymenc []byte, symenc []byte, err error)
GenerateChallengeEx takes the EK (rsa.PublicKey), the public half of the AIK to be challenged and a secret. It then symmetrically encrypts the secret with a randomly generated AES key and Asymmetrically encrypts the AES key with the public half of the EK. These can then be provided to the TPM in order to ensure that the AIK is under the control of the TPM. It returns the asymmetrically and symmetrically encrypted data, along with any error.
func KeyVerify ¶
KeyVerify verifies that a key certification request was genuinely provided by the TPM. It takes the certification data, certification validation blob, the public half of the AIK, the public half of the key to be certified and the nonce used in the original quote request. It then verifies that the validation block is a valid signature for the certification data, that the certification data matches the certified key and that the secrets are the same (in order to avoid replay attacks). It returns an error if any stage of the validation fails.
func QuoteVerify ¶
func QuoteVerify(data []byte, validation []byte, aikpub []byte, pcrvalues [][]byte, secret []byte) error
QuoteVerify verifies that a quote was genuinely provided by the TPM. It takes the quote data, quote validation blob, public half of the AIK, current PCR values and the nonce used in the original quote request. It then verifies that the validation block is a valid signature for the quote data, that the secrets are the same (in order to avoid replay attacks), and that the PCR values are the same. It returns an error if any stage of the validation fails.
func VerifyEKCert ¶
VerifyEKCert verifies that the provided EK certificate is signed by a trusted manufacturer.
Types ¶
This section is empty.