plugin

package
v0.0.0-...-9d0ebfa Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 26, 2024 License: MIT Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PluginName = "tpm"
)

Variables

View Source 
var (
	ErrPinentryCancelled = errors.New("cancelled pinentry")
)
View Source 
var (
	Log *log.Logger
)

Functions

func CreateIdentity 

func CreateIdentity(tpm transport.TPMCloser, pin []byte) (*Identity, *Recipient, error)

Creates a new identity. It initializes a new SRK parent in the TPM and returns the identity and the corresponding recipient. Note: It does not load the identity key into the TPM.

func CreateSRK 

func CreateSRK(tpm transport.TPMCloser) (*tpm2.AuthHandle, *tpm2.TPMTPublic, error)

Creates a Storage Key, or return the loaded storage key

func DecryptFileKeyTPM 

func DecryptFileKeyTPM(tpm transport.TPMCloser, identity *Identity, remoteKey, fileKey, pin []byte) ([]byte, error)

Decrypts and unwraps a filekey

func EncodeIdentity 

func EncodeIdentity(i *Identity) string

func EncodeRecipient 

func EncodeRecipient(recipient *Recipient) string

func EncryptFileKey 

func EncryptFileKey(fileKey []byte, pubkey *ecdh.PublicKey) ([]byte, []byte, error)

Wraps the file key in a session key Returns the sealed filekey, the session pubkey bytes, error

func FlushHandle 

func FlushHandle(tpm transport.TPM, h handle)

Helper to flush handles

func GetPinentry 

func GetPinentry() ([]byte, error)

func LoadIdentity 

func LoadIdentity(tpm transport.TPMCloser, identity *Identity) (*tpm2.AuthHandle, error)

func LoadIdentityWithParent 

func LoadIdentityWithParent(tpm transport.TPMCloser, parent tpm2.AuthHandle, identity *Identity) (*tpm2.AuthHandle, error)

func Marshal 

func Marshal(i *Identity, w io.Writer)

func MarshalCompressedEC 

func MarshalCompressedEC(pk *ecdh.PublicKey) []byte

Marshal a compressed EC key

func MarshalIdentity 

func MarshalIdentity(i *Identity, recipient *Recipient, w io.Writer) error

func MarshalRecipient 

func MarshalRecipient(pubkey *Recipient, w io.Writer) error

func SetLogger 

func SetLogger(w io.Writer)

func UnmarshalCompressedEC 

func UnmarshalCompressedEC(b []byte) (*big.Int, *big.Int, *ecdh.PublicKey, error)

Unmarshal a compressed ec key

func UnwrapKey 

func UnwrapKey(sessionKey, publicKey *ecdh.PublicKey, shared, fileKey []byte) ([]byte, error)

Unwraps a key using the standard kdf function.

func WrapKey 

func WrapKey(sessionKey, publicKey *ecdh.PublicKey, shared, fileKey []byte) ([]byte, error)

Wraps a key using the standard kdf function.

Types

type Identity 

type Identity struct {
	Version uint8
	PIN     PINStatus
	Private tpm2.TPM2BPrivate
	Public  tpm2.TPM2BPublic
}

func DecodeIdentity 

func DecodeIdentity(s string) (*Identity, error)

func ParseIdentity 

func ParseIdentity(f io.Reader) (*Identity, error)

func (*Identity) Recipient 

func (i *Identity) Recipient() (*Recipient, error)

func (*Identity) Serialize 

func (i *Identity) Serialize() []any

type PINStatus 

type PINStatus uint8

We need to know if the TPM handle has a pin set 

const (
	NoPIN PINStatus = iota
	HasPIN
)

func (PINStatus) String 

func (p PINStatus) String() string

type Recipient 

type Recipient struct {
	Pubkey *ecdh.PublicKey
	// contains filtered or unexported fields
}

func DecodeRecipient 

func DecodeRecipient(s string) (*Recipient, error)

func NewRecipient 

func NewRecipient(ecc *ecdh.PublicKey) *Recipient

func NewRecipientFromBytes 

func NewRecipientFromBytes(s []byte) (*Recipient, error)

func (*Recipient) String 

func (r *Recipient) String() string

func (*Recipient) Tag 

func (r *Recipient) Tag() []byte

Returns the 4 first bytes of a sha256 sum of the key this is used to to find the correct identity in a stanza

type TPMDevice 

type TPMDevice struct {
	// contains filtered or unexported fields
}

Wrap swtpm and tpm into one device thing

func NewSwTPM 

func NewSwTPM(dir string) (*TPMDevice, error)

Setup a new Software TPM

func NewTPM 

func NewTPM(dir string) (*TPMDevice, error)

Setup a new TPM device

func NewTPMDevice 

func NewTPMDevice(tpmPath string, isSwtpm bool) (*TPMDevice, error)

Setup a NewTPMDevice

func (*TPMDevice) Close 

func (t *TPMDevice) Close()

func (*TPMDevice) TPM 

func (t *TPMDevice) TPM() transport.TPMCloser

Return the TPM rwc

func (*TPMDevice) Watch 

func (t *TPMDevice) Watch()

Watch for a interrution signal

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.