pcr

package

v0.1.1 Latest Latest Go to latest Published: Jun 20, 2024 License: MPL-2.0 Imports: 12 Imported by: 0

Details

Package pcr contains code that handles PCR operations.

This section is empty.

This section is empty.

func CalculateBankData(pcrNumber int, alg tpm2.TPMAlgID, sectionData map[constants.Section]string, rsaKey RSAKey) ([]types.BankData, error)

CalculateBankData calculates the PCR bank data for a given set of UKI file sections.

This mimics the process happening in the TPM when the UKI is being loaded.

func CalculateBankDataForFile(pcrNumber int, alg tpm2.TPMAlgID, file string, rsaKey RSAKey) ([]types.BankData, error)

func CalculatePolicy(pcrValue []byte, pcrSelection tpm2.TPMLPCRSelection) ([]byte, error)

CalculatePolicy calculates the policy hash for a given PCR value and PCR selection.

func CreateSelector(pcrs []int) ([]byte, error)

CreateSelector converts PCR numbers into a bitmask.

type Digest struct {
	// contains filtered or unexported fields
}

Digest implements the PCR extension algorithm.

Each time `Extend` is called, the hash of the previous data is prepended to the hash of new data and hashed together.

The initial hash value is all zeroes.

func NewDigest(alg crypto.Hash) *Digest

NewDigest creates a new Digest with the speified hash algorithm.

func (d *Digest) Extend(data []byte)

Extend extends the current hash with the specified data.

func (d *Digest) Hash() []byte

Hash returns the current hash value.

type RSAKey interface {
	crypto.Signer
	PublicRSAKey() *rsa.PublicKey
}

RSAKey is the input for the CalculateBankData function.

type Signature struct {
	Digest          string
	SignatureBase64 string
}

Signature returns the hashed signature digest and base64 encoded signature.

func Sign(digest []byte, hash crypto.Hash, key crypto.Signer) (*Signature, error)

Sign the digest using specified hash and key.