tpm

package module
v0.0.0-...-ee25b94 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 11, 2023 License: Apache-2.0 Imports: 22 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var EmulatedHostSeed = func() Option {
	return func(c *config) error {
		c.seed = tokenize()
		return nil
	}
}

EmulatedHostSeed generates a seed based on the hostname

Functions

func Authenticate 

func Authenticate(akBytes []byte, channel io.ReadWriter, opts ...Option) error

Authenticate will read from the passed channel, expecting a challenge from the attestation server, will compute a challenge response via the TPM using the passed Attestation Key (AK) and will send it back to the attestation server.

func DecodeEK 

func DecodeEK(pemBytes []byte) (*attest.EK, error)

DecodeEK decodes EK pem bytes to attest.EK

func DecodePubHash 

func DecodePubHash(ek *attest.EK) (string, error)

DecodePubHash returns the public key from an attestation EK

func GenerateChallenge 

func GenerateChallenge(ek *attest.EK, attestationData *AttestationData) ([]byte, []byte, error)

GenerateChallenge generates a challenge from attestation data and a public endorsed key

func Get 

func Get(url string, opts ...Option) ([]byte, error)

Get retrieves a message from a remote ws server after a successfully process of the TPM challenge

func GetAuthToken 

func GetAuthToken(opts ...Option) (string, []byte, error)

GetAuthToken generates an authentication token from the host TPM. It will return the token as a string and the generated AK that should be saved by the caller for later Authentication.

func GetPubHash 

func GetPubHash(opts ...Option) (string, error)

GetPubHash returns the EK's pub hash

func ResolveToken 

func ResolveToken(token string, opts ...Option) (bool, string, error)

ResolveToken is just syntax sugar around GetPubHash. If the token provided is in EK's form it just returns it, otherwise retrieves the pubhash

func ValidateChallenge 

func ValidateChallenge(secret, resp []byte) error

ValidateChallenge validates a challange against a secret

Types

type AttestationData 

type AttestationData struct {
	EK []byte
	AK *attest.AttestationParameters
}

AttestationData is used to generate challanges from EKs

func GetAttestationData 

func GetAttestationData(header string) (*attest.EK, *AttestationData, error)

GetAttestationData returns attestation data from a TPM bearer token

type Challenge 

type Challenge struct {
	EC *attest.EncryptedCredential
}

Challenge represent the struct returned from the ws server, used to resolve the TPM challenge.

type ChallengeResponse 

type ChallengeResponse struct {
	Secret []byte
}

ChallengeResponse represent the struct returned to the ws server as a challenge response.

type Option 

type Option func(c *config) error

Option is a generic option for TPM configuration 

var AppendCustomCAToSystemCA Option = func(c *config) error {
	c.systemfallback = true
	return nil
}

AppendCustomCAToSystemCA uses the system CA pool as a fallback, appending the custom CA to it. 

var Emulated Option = func(c *config) error {
	c.emulated = true
	return nil
}

Emulated sets an emulated device in place of a real native TPM device. Note, the emulated device is embedded and it is unsafe. Should just be used for testing.

func WithCAs 

func WithCAs(ca []byte) Option

WithCAs sets the root CAs for the request

func WithCommandChannel 

func WithCommandChannel(cc attest.CommandChannelTPM20) Option

WithCommandChannel overrides the TPM command channel

func WithHeader 

func WithHeader(header http.Header) Option

WithHeader sets a specific header for the request

func WithSeed 

func WithSeed(s int64) Option

WithSeed sets a permanent seed. Used with TPM emulated device.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.