Documentation ¶
Index ¶
- Constants
- type AikResponse
- type ChallengeData
- type ChallengeResponse
- type EkcertResponse
- type ExtendInput
- type KeyData
- type KeyResponse
- type QuoteData
- type QuoteResponse
- type TPMClient
- func (client *TPMClient) Extend(pcr int, eventtype int, data []byte, event string) error
- func (client *TPMClient) GenerateAIK() (aikpub []byte, aikblob []byte, err error)
- func (client *TPMClient) GenerateKey(flags int) (keypub []byte, keyblob []byte, err error)
- func (client *TPMClient) GetEKCert() (ekcert []byte, err error)
- func (client *TPMClient) GetQuote(aikpub []byte, aikblob []byte, pcrs []int) (pcrvals [][]byte, log []tspiconst.Log, err error)
- func (client *TPMClient) ValidateAIK(aikblob []byte, asymenc []byte, symenc []byte) (secret []byte, err error)
Constants ¶
const ( GetEKCertURL = "/v1/getEkcert" ExtendURL = "/v1/extend" QuoteURL = "/v1/quote" GenerateAikURL = "/v1/generateAik" GenerateKeyURL = "/v1/generateKey" AikChallengeURL = "/v1/aikChallenge" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AikResponse ¶
type ChallengeData ¶
type ChallengeResponse ¶
type ChallengeResponse struct {
Response []byte
}
type EkcertResponse ¶
type EkcertResponse struct {
EKCert []byte
}
type KeyResponse ¶
type QuoteResponse ¶
type TPMClient ¶
type TPMClient struct {
// contains filtered or unexported fields
}
TPMClient represents a connection to a system running a daemon providing access to TPM functionality
func New ¶
New returns a TPMClient structure configured to connect to the provided host with the provided timeout.
func (*TPMClient) Extend ¶
Extend extends a TPM PCR with the provided data. If event is nil, data must be pre-hashed with SHA1 and will be used to extend the PCR directly. If event is not nil, data and event will be hashed to generate the extension value. Event will then be stored in the TPM event log.
func (*TPMClient) GenerateAIK ¶
GenerateAIK requests that the TPM generate a new Attestation Identity Key. It returns an unencrypted copy of the public half of the AIK, along with a TSPI key blob encrypted by the TPM.
func (*TPMClient) GenerateKey ¶
GenerateKey requests that the TPM generate a new keypair
func (*TPMClient) GetEKCert ¶
GetEKCert obtains the Endorsement Key certificate from the client TPM. This is an X509 certificate containing the public half of the Endorsement Key and a signature chain chaining back to a vendor-issued signing certificate.
func (*TPMClient) GetQuote ¶
func (client *TPMClient) GetQuote(aikpub []byte, aikblob []byte, pcrs []int) (pcrvals [][]byte, log []tspiconst.Log, err error)
GetQuote obtains a PCR quote from the TPM. It takes the aikpub Tspi Key, the encrypted AIK blob and a list of PCRs as arguments. The response will contain an array of PCR values, an array of log entries and any error.
func (*TPMClient) ValidateAIK ¶
func (client *TPMClient) ValidateAIK(aikblob []byte, asymenc []byte, symenc []byte) (secret []byte, err error)
ValidateAIK challenges the TPM to validate an AIK by using the provided key blob to decrypt a secret encrypted with the public half of the AIK. This will only be possible if the TPM is able to decrypt the encrypted key blob. The AIK is used to decrypt asymenc, which then provides the AES key used to encrypt symenc. Decrypting symenc provides the original secret, which is then returned.