googletpm

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 25, 2022 License: BSD-3-Clause Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const (
	CurveNISTP192 = EllipticCurve(iota + 1)
	CurveNISTP224
	CurveNISTP256
	CurveNISTP384
	CurveNISTP521

	CurveBNP256 = EllipticCurve(iota + 10)
	CurveBNP638

	CurveSM2P256 = EllipticCurve(0x0020)
)

ECC curves supported by TPM 2.0 spec.

Variables

This section is empty.

Functions

func UnpackBuf

func UnpackBuf(buf io.Reader, elts ...interface{}) error

UnpackBuf recursively unpacks types from a reader just as encoding/binary does under binary.BigEndian, but with one difference: it unpacks a byte slice by first reading an integer with lengthPrefixSize bytes, then reading that many bytes. It assumes that incoming values are pointers to values so that, e.g., underlying slices can be resized as needed.

func UseTPM20LengthPrefixSize

func UseTPM20LengthPrefixSize()

UseTPM20LengthPrefixSize makes Pack/Unpack use TPM 2.0 encoding for byte arrays.

Types

type Algorithm

type Algorithm uint16

Algorithm represents a TPM_ALG_ID value.

const (
	AlgUnknown   Algorithm = 0x0000
	AlgRSA       Algorithm = 0x0001
	AlgSHA1      Algorithm = 0x0004
	AlgAES       Algorithm = 0x0006
	AlgKeyedHash Algorithm = 0x0008
	AlgSHA256    Algorithm = 0x000B
	AlgSHA384    Algorithm = 0x000C
	AlgSHA512    Algorithm = 0x000D
	AlgNull      Algorithm = 0x0010
	AlgRSASSA    Algorithm = 0x0014
	AlgRSAES     Algorithm = 0x0015
	AlgRSAPSS    Algorithm = 0x0016
	AlgOAEP      Algorithm = 0x0017
	AlgECDSA     Algorithm = 0x0018
	AlgECDH      Algorithm = 0x0019
	AlgECDAA     Algorithm = 0x001A
	AlgKDF2      Algorithm = 0x0021
	AlgECC       Algorithm = 0x0023
	AlgCTR       Algorithm = 0x0040
	AlgOFB       Algorithm = 0x0041
	AlgCBC       Algorithm = 0x0042
	AlgCFB       Algorithm = 0x0043
	AlgECB       Algorithm = 0x0044
)

Supported Algorithms.

func (Algorithm) HashConstructor

func (a Algorithm) HashConstructor() (func() hash.Hash, error)

HashConstructor returns a function that can be used to make a hash.Hash using the specified algorithm. An error is returned if the algorithm is not a hash algorithm.

func (Algorithm) UsesCount

func (a Algorithm) UsesCount() bool

UsesCount returns true if a signature algorithm uses count value.

type AttestationData

type AttestationData struct {
	Magic                uint32
	Type                 Tag
	QualifiedSigner      Name
	ExtraData            []byte
	ClockInfo            ClockInfo
	FirmwareVersion      uint64
	AttestedCertifyInfo  *CertifyInfo
	AttestedQuoteInfo    *QuoteInfo
	AttestedCreationInfo *CreationInfo
}

AttestationData contains data attested by TPM commands (like Certify).

func DecodeAttestationData

func DecodeAttestationData(in []byte) (*AttestationData, error)

DecodeAttestationData decode a TPMS_ATTEST message. No error is returned if the input has extra trailing data.

type CertifyInfo

type CertifyInfo struct {
	Name          Name
	QualifiedName Name
}

CertifyInfo contains Certify-specific data for TPMS_ATTEST.

type ClockInfo

type ClockInfo struct {
	Clock        uint64
	ResetCount   uint32
	RestartCount uint32
	Safe         byte
}

ClockInfo contains TPM state info included in AttestationData.

type CreationInfo

type CreationInfo struct {
	Name Name
	// Most TPM2B_Digest structures contain a TPMU_HA structure
	// and get parsed to HashValue. This is never the case for the
	// digest in TPMS_CREATION_INFO.
	OpaqueDigest []byte
}

CreationInfo contains Creation-specific data for TPMS_ATTEST.

type ECCParams

type ECCParams struct {
	Symmetric *SymScheme
	Sign      *SigScheme
	CurveID   EllipticCurve
	KDF       *KDFScheme
	Point     ECPoint
}

ECCParams represents parameters of an ECC key pair.

Symmetric, Sign and KDF may be nil, depending on key Attributes in Public.

type ECPoint

type ECPoint struct {
	X, Y *big.Int
}

ECPoint represents a ECC coordinates for a point.

type EllipticCurve

type EllipticCurve uint16

EllipticCurve identifies specific EC curves.

type Handle

type Handle uint32

A Handle is a reference to a TPM object.

type HashValue

type HashValue struct {
	Alg   Algorithm
	Value []byte
}

type KDFScheme

type KDFScheme struct {
	Alg  Algorithm
	Hash Algorithm
}

KDFScheme represents a KDF (Key Derivation Function) scheme.

type KeyProp

type KeyProp uint32

KeyProp is a bitmask used in Attributes field of key templates. Individual flags should be OR-ed to form a full mask.

const (
	FlagFixedTPM            KeyProp = 0x00000002
	FlagFixedParent         KeyProp = 0x00000010
	FlagSensitiveDataOrigin KeyProp = 0x00000020
	FlagUserWithAuth        KeyProp = 0x00000040
	FlagAdminWithPolicy     KeyProp = 0x00000080
	FlagNoDA                KeyProp = 0x00000400
	FlagRestricted          KeyProp = 0x00010000
	FlagDecrypt             KeyProp = 0x00020000
	FlagSign                KeyProp = 0x00040000

	FlagSealDefault   = FlagFixedTPM | FlagFixedParent
	FlagSignerDefault = FlagSign | FlagRestricted | FlagFixedTPM |
		FlagFixedParent | FlagSensitiveDataOrigin | FlagUserWithAuth
	FlagStorageDefault = FlagDecrypt | FlagRestricted | FlagFixedTPM |
		FlagFixedParent | FlagSensitiveDataOrigin | FlagUserWithAuth
)

Key properties.

type Name

type Name struct {
	Handle *Handle
	Digest *HashValue
}

type PCRSelection

type PCRSelection struct {
	Hash Algorithm
	PCRs []int
}

PCRSelection contains a slice of PCR indexes and a hash algorithm used in them.

type Public

type Public struct {
	Type       Algorithm
	NameAlg    Algorithm
	Attributes KeyProp
	AuthPolicy []byte

	// If Type is AlgKeyedHash, then do not set these.
	// Otherwise, only one of the Parameters fields should be set. When encoding/decoding,
	// one will be picked based on Type.
	RSAParameters *RSAParams
	ECCParameters *ECCParams
}

Public contains the public area of an object.

func DecodePublic

func DecodePublic(buf []byte) (Public, error)

DecodePublic decodes a TPMT_PUBLIC message. No error is returned if the input has extra trailing data.

type QuoteInfo

type QuoteInfo struct {
	PCRSelection PCRSelection
	PCRDigest    []byte
}

QuoteInfo represents a TPMS_QUOTE_INFO structure.

type RSAParams

type RSAParams struct {
	Symmetric *SymScheme
	Sign      *SigScheme
	KeyBits   uint16

	Exponent   uint32
	ModulusRaw []byte
	Modulus    *big.Int
	// contains filtered or unexported fields
}

RSAParams represents parameters of an RSA key pair.

Symmetric and Sign may be nil, depending on key Attributes in Public.

One of Modulus and ModulusRaw must always be non-nil. Modulus takes precedence. ModulusRaw is used for key templates where the field named "unique" must be a byte array of all zeroes.

type RawBytes

type RawBytes []byte

RawBytes is for Pack and RunCommand arguments that are already encoded. Compared to []byte, RawBytes will not be prepended with slice length during encoding.

type SigScheme

type SigScheme struct {
	Alg   Algorithm
	Hash  Algorithm
	Count uint32
}

type SymScheme

type SymScheme struct {
	Alg     Algorithm
	KeyBits uint16
	Mode    Algorithm

} // SigScheme represents a signing scheme.

SymScheme represents a symmetric encryption scheme.

type Tag

type Tag uint16

Tag is a command tag.

const (
	TagNull           Tag = 0x8000
	TagNoSessions     Tag = 0x8001
	TagSessions       Tag = 0x8002
	TagAttestCertify  Tag = 0x8017
	TagAttestQuote    Tag = 0x8018
	TagAttestCreation Tag = 0x801a
	TagHashCheck      Tag = 0x8024
)

TPM Structure Tags. Tags are used to disambiguate structures, similar to Alg values: tag value defines what kind of data lives in a nested field.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL