verification

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 2, 2021 License: Apache-2.0 Imports: 14 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateChallenge

func GenerateChallenge(ekcert []byte, aikpub []byte, secret []byte) (asymenc []byte, symenc []byte, err error)

GenerateChallenge takes a copy of the EK certificate, the public half of the AIK to be challenged and a secret. It then symmetrically encrypts the secret with a randomly generated AES key and Asymmetrically encrypts the AES key with the public half of the EK. These can then be provided to the TPM in order to ensure that the AIK is under the control of the TPM. It returns the asymmetrically and symmetrically encrypted data, along with any error.

func GenerateChallengeEx added in v0.3.0

func GenerateChallengeEx(pubkey *rsa.PublicKey, aikpub []byte, secret []byte) (asymenc []byte, symenc []byte, err error)

GenerateChallengeEx takes the EK (rsa.PublicKey), the public half of the AIK to be challenged and a secret. It then symmetrically encrypts the secret with a randomly generated AES key and Asymmetrically encrypts the AES key with the public half of the EK. These can then be provided to the TPM in order to ensure that the AIK is under the control of the TPM. It returns the asymmetrically and symmetrically encrypted data, along with any error.

func KeyVerify

func KeyVerify(data []byte, validation []byte, aikpub []byte, keypub []byte, secret []byte) error

KeyVerify verifies that a key certification request was genuinely provided by the TPM. It takes the certification data, certification validation blob, the public half of the AIK, the public half of the key to be certified and the nonce used in the original quote request. It then verifies that the validation block is a valid signature for the certification data, that the certification data matches the certified key and that the secrets are the same (in order to avoid replay attacks). It returns an error if any stage of the validation fails.

func QuoteVerify

func QuoteVerify(data []byte, validation []byte, aikpub []byte, pcrvalues [][]byte, secret []byte) error

QuoteVerify verifies that a quote was genuinely provided by the TPM. It takes the quote data, quote validation blob, public half of the AIK, current PCR values and the nonce used in the original quote request. It then verifies that the validation block is a valid signature for the quote data, that the secrets are the same (in order to avoid replay attacks), and that the PCR values are the same. It returns an error if any stage of the validation fails.

func VerifyEKCert

func VerifyEKCert(ekcert []byte) error

VerifyEKCert verifies that the provided EK certificate is signed by a trusted manufacturer.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL