akscep

package
v0.0.0-...-4bd1568 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdditionalEKCerts 

func AdditionalEKCerts(ek *x509.Certificate) ([]*x509.Certificate, error)

func EncryptEKInfo 

func EncryptEKInfo(ek, ra *x509.Certificate) ([]byte, error)

func GenerateAttestationKeyCSR 

func GenerateAttestationKeyCSR(in *AttestationKeyCSR) ([]byte, error)

func GenerateAttestationStatement 

func GenerateAttestationStatement(stmt *AttestationStatement) ([]byte, error)

func GenerateEKInfo 

func GenerateEKInfo(ek *x509.Certificate) ([]byte, error)

func MakeCACert 

func MakeCACert(subject crypto.PublicKey, issuer crypto.PrivateKey, issuerCert *x509.Certificate) (*x509.Certificate, []byte, error)

func MakeClientCert 

func MakeClientCert(subject crypto.PublicKey, issuer crypto.PrivateKey) (*x509.Certificate, []byte, error)

func MakeRAEncryptionCert 

func MakeRAEncryptionCert(subject crypto.PublicKey, issuer crypto.PrivateKey, issuerCert *x509.Certificate) (*x509.Certificate, []byte, error)

func MakeRASigningCert 

func MakeRASigningCert(subject crypto.PublicKey, issuer crypto.PrivateKey, issuerCert *x509.Certificate) (*x509.Certificate, []byte, error)

func MakeRootCert 

func MakeRootCert(subject crypto.PublicKey, issuer crypto.PrivateKey) (*x509.Certificate, []byte, error)

func MakeSSLCert 

func MakeSSLCert(subject crypto.PublicKey, issuer crypto.PrivateKey) (*x509.Certificate, []byte, error)

func ParseEKInfo 

func ParseEKInfo(data []byte) (*x509.Certificate, error)

func ValidateCACert 

func ValidateCACert(cert *x509.Certificate) error

func ValidateClientCert 

func ValidateClientCert(cert *x509.Certificate) error

func ValidateRAEncryptionCert 

func ValidateRAEncryptionCert(cert *x509.Certificate) error

func ValidateRASigningCert 

func ValidateRASigningCert(cert *x509.Certificate) error

func ValidateRootCert 

func ValidateRootCert(cert *x509.Certificate) error

Types

type AK 

type AK struct {
	// contains filtered or unexported fields
}

func (*AK) Generate 

func (ak *AK) Generate(tpm io.ReadWriter) (*akBundle, error)

type AttestationKeyCSR 

type AttestationKeyCSR struct {
	SubjectPublicKey crypto.PublicKey
	SubjectKeyID     []byte
	OSVersion        string
	SCEPSignerHash   []byte
	MachineName      string
	UserName         string
	AttestationStatement
	EncryptedEKCerts []byte
	TPMInfo
}

func ParseAttestationKeyCSR 

func ParseAttestationKeyCSR(data []byte, scepCert *x509.Certificate) (*AttestationKeyCSR, error)

type AttestationKeyChallenge 

type AttestationKeyChallenge struct {
	CredentialBlob    []byte
	Secret            []byte
	ServerContextBlob asn1.RawValue
}

func ParseAttestationKeyChallenge 

func ParseAttestationKeyChallenge(data []byte) (*AttestationKeyChallenge, error)

type AttestationKeyChallengeHdr 

type AttestationKeyChallengeHdr struct {
	Magic         uint32
	Version       uint32
	Platform      uint32
	HeaderSize    uint32
	ChallengeSize uint32
	Reserved      uint32
}

type AttestationStatement 

type AttestationStatement struct {
	Header AttestationStatementHdr
	IDBinding
	KeyAttestation []byte
	AIKOpaque      []byte
}

type AttestationStatementHdr 

type AttestationStatementHdr struct {
	Magic              uint32
	Version            uint32
	Platform           uint32
	HeaderSize         uint32
	IDBindingSize      uint32
	KeyAttestationSize uint32
	AIKOpaqueSize      uint32
}

type ClientContext 

type ClientContext struct {
	// contains filtered or unexported fields
}

func NewClientContext 

func NewClientContext() (*ClientContext, error)

func (*ClientContext) AttestationStatement 

func (cli *ClientContext) AttestationStatement() (*AttestationStatement, crypto.PublicKey, error)

func (*ClientContext) Close 

func (cli *ClientContext) Close()

func (*ClientContext) DecryptChallenge 

func (cli *ClientContext) DecryptChallenge(challenge *AttestationKeyChallenge) ([]byte, error)

func (*ClientContext) GetAKCert 

func (cli *ClientContext) GetAKCert() (template, cert []byte, err error)

type CreationAttestation 

type CreationAttestation struct {
	CreationData tpm2.CreationData
	Attest       tpm2.AttestationData
	// This could be a tpm2.Signature, if an Encode() function were available for that type.
	// TODO: add that, and upstream it.
	SignatureAlg tpm2.Algorithm
	Signature    tpm2.SignatureRSA
}

type GetCertInner 

type GetCertInner struct {
	EKChallenge struct {
		OID        asn1.ObjectIdentifier
		InnerPKCS7 struct {
			EncryptedChallenge asn1.RawValue
		} `asn1:"set"`
	}
	ServerContext asn1.RawValue
}

type GetCertReq 

type GetCertReq struct {
	Envelope *pkcs7.PKCS7
	Contents *pkcs7.PKCS7
}

func ParseGetCertReq 

func ParseGetCertReq(data []byte) (*GetCertReq, error)

type GetCertReqBuilder 

type GetCertReqBuilder struct {
	Challenge          *AttestationKeyChallenge
	DecryptedChallenge []byte
	SignerCert         *x509.Certificate
	SignerKey          crypto.PrivateKey
	RecipientCert      *x509.Certificate
}

func (GetCertReqBuilder) Build 

func (b GetCertReqBuilder) Build() ([]byte, error)

type GetCertRsp 

type GetCertRsp struct {
	Envelope *pkcs7.PKCS7
	Contents *pkcs7.PKCS7
}

func ParseGetCertRsp 

func ParseGetCertRsp(data []byte) (*GetCertRsp, error)

func (GetCertRsp) DecryptCert 

func (rsp GetCertRsp) DecryptCert(cert *x509.Certificate, key crypto.PrivateKey) ([]byte, error)

type GetCertRspBuilder 

type GetCertRspBuilder struct {
	Cert          []byte
	SignerCert    *x509.Certificate
	SignerKey     crypto.PrivateKey
	RecipientCert *x509.Certificate
}

func (GetCertRspBuilder) Build 

func (b GetCertRspBuilder) Build() ([]byte, error)

type GetChallengeReply 

type GetChallengeReply struct {
	EKChallenge struct {
		OID      asn1.ObjectIdentifier
		Contents struct {
			Challenge []byte
		} `asn1:"set"`
	}
	ServerContext asn1.RawValue
}

type GetChallengeReq 

type GetChallengeReq struct {
	Envelope *pkcs7.PKCS7
	Contents *pkcs7.PKCS7
}

func ParseGetChallengeReq 

func ParseGetChallengeReq(data []byte) (*GetChallengeReq, error)

func (GetChallengeReq) DecryptCSR 

func (req GetChallengeReq) DecryptCSR(cert, scepCert *x509.Certificate, key crypto.PrivateKey) (*AttestationKeyCSR, error)

func (*GetChallengeReq) SCEPCert 

func (req *GetChallengeReq) SCEPCert() *x509.Certificate

type GetChallengeReqBuilder 

type GetChallengeReqBuilder struct {
	Claims        []byte
	ExtraEKCerts  []*x509.Certificate
	SignerCert    *x509.Certificate
	SignerKey     crypto.PrivateKey
	RecipientCert *x509.Certificate
}

func (GetChallengeReqBuilder) Build 

func (b GetChallengeReqBuilder) Build() ([]byte, error)

type GetChallengeRsp 

type GetChallengeRsp struct {
	Envelope *pkcs7.PKCS7
	Contents *pkcs7.PKCS7
}

func ParseGetChallengeRsp 

func ParseGetChallengeRsp(data []byte) (*GetChallengeRsp, error)

func (GetChallengeRsp) DecryptChallenge 

func (rsp GetChallengeRsp) DecryptChallenge(cert *x509.Certificate, key crypto.PrivateKey) (*AttestationKeyChallenge, error)

type GetChallengeRspBuilder 

type GetChallengeRspBuilder struct {
	Challenge     []byte
	SenderNonce   []byte
	TransactionID string
	SignerCert    *x509.Certificate
	SignerKey     crypto.PrivateKey
	RecipientCert *x509.Certificate
}

func (GetChallengeRspBuilder) Build 

func (b GetChallengeRspBuilder) Build() ([]byte, error)

type IDBinding 

type IDBinding struct {
	Public tpm2.Public
	CreationAttestation
}

type TPMInfo 

type TPMInfo struct {
	Manufacturer []byte
	Model        string
	Version      []byte
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.