tpmclient

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2016 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	GetEKCertURL    = "/v1/getEkcert"
	ExtendURL       = "/v1/extend"
	QuoteURL        = "/v1/quote"
	GenerateAikURL  = "/v1/generateAik"
	GenerateKeyURL  = "/v1/generateKey"
	AikChallengeURL = "/v1/aikChallenge"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AikResponse 

type AikResponse struct {
	AIKBlob []byte
	AIKPub  []byte
}

type ChallengeData 

type ChallengeData struct {
	AIK     []byte
	Asymenc []byte
	Symenc  []byte
}

type ChallengeResponse 

type ChallengeResponse struct {
	Response []byte
}

type EkcertResponse 

type EkcertResponse struct {
	EKCert []byte
}

type ExtendInput 

type ExtendInput struct {
	Pcr       int
	Eventtype int
	Data      []byte
	Event     string
}

type KeyData 

type KeyData struct {
	KeyFlags int
}

type KeyResponse 

type KeyResponse struct {
	KeyBlob []byte
	KeyPub  []byte
}

type QuoteData 

type QuoteData struct {
	AIK   []byte
	PCRs  []int
	Nonce []byte
}

type QuoteResponse 

type QuoteResponse struct {
	Data       []byte
	Validation []byte
	PCRValues  [][]byte
	Events     []tspiconst.Log
}

type TPMClient 

type TPMClient struct {
	// contains filtered or unexported fields
}

TPMClient represents a connection to a system running a daemon providing access to TPM functionality

func New 

func New(host string, timeout time.Duration) *TPMClient

New returns a TPMClient structure configured to connect to the provided host with the provided timeout.

func (*TPMClient) Extend 

func (client *TPMClient) Extend(pcr int, eventtype int, data []byte, event string) error

Extend extends a TPM PCR with the provided data. If event is nil, data must be pre-hashed with SHA1 and will be used to extend the PCR directly. If event is not nil, data and event will be hashed to generate the extension value. Event will then be stored in the TPM event log.

func (*TPMClient) GenerateAIK 

func (client *TPMClient) GenerateAIK() (aikpub []byte, aikblob []byte, err error)

GenerateAIK requests that the TPM generate a new Attestation Identity Key. It returns an unencrypted copy of the public half of the AIK, along with a TSPI key blob encrypted by the TPM.

func (*TPMClient) GenerateKey 

func (client *TPMClient) GenerateKey(flags int) (keypub []byte, keyblob []byte, err error)

GenerateKey requests that the TPM generate a new keypair

func (*TPMClient) GetEKCert 

func (client *TPMClient) GetEKCert() (ekcert []byte, err error)

GetEKCert obtains the Endorsement Key certificate from the client TPM. This is an X509 certificate containing the public half of the Endorsement Key and a signature chain chaining back to a vendor-issued signing certificate.

func (*TPMClient) GetQuote 

func (client *TPMClient) GetQuote(aikpub []byte, aikblob []byte, pcrs []int) (pcrvals [][]byte, log []tspiconst.Log, err error)

GetQuote obtains a PCR quote from the TPM. It takes the aikpub Tspi Key, the encrypted AIK blob and a list of PCRs as arguments. The response will contain an array of PCR values, an array of log entries and any error.

func (*TPMClient) ValidateAIK 

func (client *TPMClient) ValidateAIK(aikblob []byte, asymenc []byte, symenc []byte) (secret []byte, err error)

ValidateAIK challenges the TPM to validate an AIK by using the provided key blob to decrypt a secret encrypted with the public half of the AIK. This will only be possible if the TPM is able to decrypt the encrypted key blob. The AIK is used to decrypt asymenc, which then provides the AES key used to encrypt symenc. Decrypting symenc provides the original secret, which is then returned.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.