plugin

package

v0.2.0 Latest Latest Go to latest Published: Jul 19, 2023 License: MIT Imports: 27 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/foxboron/age-plugin-tpm

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func CreateIdentity(tpm transport.TPMCloser, pin []byte) (*Identity, *Recipient, error)
func CreateSRK(tpm transport.TPMCloser) (*tpm2.AuthHandle, *tpm2.TPMTPublic, error)
func DecryptFileKeyTPM(tpm transport.TPMCloser, identity *Identity, remoteKey, fileKey, pin []byte) ([]byte, error)
func EncodeIdentity(i *Identity) (string, error)
func EncodeRecipient(recipient *Recipient) string
func EncryptFileKey(fileKey []byte, pubkey *ecdh.PublicKey) ([]byte, []byte, error)
func FlushHandle(tpm transport.TPM, h handle)
func GetPinentry() ([]byte, error)
func LoadIdentity(tpm transport.TPMCloser, identity *Identity) (*tpm2.AuthHandle, error)
func LoadIdentityWithParent(tpm transport.TPMCloser, parent tpm2.AuthHandle, identity *Identity) (*tpm2.AuthHandle, error)
func Marshal(i *Identity, w io.Writer)
func MarshalCompressedEC(pk *ecdh.PublicKey) []byte
func MarshalIdentity(i *Identity, recipient *Recipient, w io.Writer) error
func MarshalRecipient(pubkey *Recipient, w io.Writer) error
func SetLogger(w io.Writer)
func UnmarshalCompressedEC(b []byte) (*big.Int, *big.Int, *ecdh.PublicKey, error)
func UnwrapKey(sessionKey, publicKey *ecdh.PublicKey, shared, fileKey []byte) ([]byte, error)
func WrapKey(sessionKey, publicKey *ecdh.PublicKey, shared, fileKey []byte) ([]byte, error)
type Identity
- func DecodeIdentity(s string) (*Identity, error)
- func ParseIdentity(f io.Reader) (*Identity, error)
- func (i *Identity) Recipient() (*Recipient, error)
- func (i *Identity) Serialize() []any
type PINStatus
- func (p PINStatus) String() string
type Recipient
- func DecodeRecipient(s string) (*Recipient, error)
- func NewRecipient(ecc *ecdh.PublicKey) *Recipient
- func NewRecipientFromBytes(s []byte) (*Recipient, error)
- func (r *Recipient) String() string
- func (r *Recipient) Tag() []byte
type TPMDevice
- func NewSwTPM(dir string) (*TPMDevice, error)
- func NewTPM(dir string) (*TPMDevice, error)
- func NewTPMDevice(tpmPath string, isSwtpm bool) (*TPMDevice, error)
- func (t *TPMDevice) Close()
- func (t *TPMDevice) TPM() transport.TPMCloser
- func (t *TPMDevice) Watch()

Constants ¶

View Source

const (
	PluginName      = "tpm"
	BinaryName      = "age-plugin-yubikey"
	RecipientPrefix = "age1tpm"
	IdentityPrefix  = "age-plugin-tpm-"
)

Variables ¶

View Source

var (
	ErrPinentryCancelled = errors.New("cancelled pinentry")
)

View Source

var (
	Log *log.Logger
)

Functions ¶

func CreateIdentity ¶ added in v0.1.0

func CreateIdentity(tpm transport.TPMCloser, pin []byte) (*Identity, *Recipient, error)

Creates a new identity. It initializes a new SRK parent in the TPM and returns the identity and the corresponding recipient. Note: It does not load the identity key into the TPM.

func CreateSRK ¶ added in v0.1.0

func CreateSRK(tpm transport.TPMCloser) (*tpm2.AuthHandle, *tpm2.TPMTPublic, error)

Creates a Storage Key, or return the loaded storage key

func DecryptFileKeyTPM ¶ added in v0.2.0

func DecryptFileKeyTPM(tpm transport.TPMCloser, identity *Identity, remoteKey, fileKey, pin []byte) ([]byte, error)

Decrypts and unwraps a filekey

func EncodeIdentity ¶ added in v0.1.0

func EncodeIdentity(i *Identity) (string, error)

func EncodeRecipient ¶

func EncodeRecipient(recipient *Recipient) string

func EncryptFileKey ¶ added in v0.2.0

func EncryptFileKey(fileKey []byte, pubkey *ecdh.PublicKey) ([]byte, []byte, error)

Wraps the file key in a session key Returns the sealed filekey, the session pubkey bytes, error

func FlushHandle ¶ added in v0.2.0

func FlushHandle(tpm transport.TPM, h handle)

Helper to flush handles

func GetPinentry ¶ added in v0.2.0

func GetPinentry() ([]byte, error)

func LoadIdentity ¶ added in v0.1.0

func LoadIdentity(tpm transport.TPMCloser, identity *Identity) (*tpm2.AuthHandle, error)

func LoadIdentityWithParent ¶ added in v0.1.0

func LoadIdentityWithParent(tpm transport.TPMCloser, parent tpm2.AuthHandle, identity *Identity) (*tpm2.AuthHandle, error)

func Marshal ¶

func Marshal(i *Identity, w io.Writer)

func MarshalCompressedEC ¶ added in v0.2.0

func MarshalCompressedEC(pk *ecdh.PublicKey) []byte

Marshal a compressed EC key

func MarshalIdentity ¶

func MarshalIdentity(i *Identity, recipient *Recipient, w io.Writer) error

func MarshalRecipient ¶

func MarshalRecipient(pubkey *Recipient, w io.Writer) error

func SetLogger ¶

func SetLogger(w io.Writer)

func UnmarshalCompressedEC ¶ added in v0.2.0

func UnmarshalCompressedEC(b []byte) (*big.Int, *big.Int, *ecdh.PublicKey, error)

Unmarshal a compressed ec key

func UnwrapKey ¶ added in v0.2.0

func UnwrapKey(sessionKey, publicKey *ecdh.PublicKey, shared, fileKey []byte) ([]byte, error)

Unwraps a key using the standard kdf function.

func WrapKey ¶ added in v0.2.0

func WrapKey(sessionKey, publicKey *ecdh.PublicKey, shared, fileKey []byte) ([]byte, error)

Wraps a key using the standard kdf function.

Types ¶

type Identity ¶ added in v0.1.0

type Identity struct {
	Version uint8
	PIN     PINStatus
	Private tpm2.TPM2BPrivate
	Public  tpm2.TPM2BPublic
}

func DecodeIdentity ¶ added in v0.1.0

func DecodeIdentity(s string) (*Identity, error)

func ParseIdentity ¶ added in v0.1.0

func ParseIdentity(f io.Reader) (*Identity, error)

func (*Identity) Recipient ¶ added in v0.2.0

func (i *Identity) Recipient() (*Recipient, error)

func (*Identity) Serialize ¶ added in v0.1.0

func (i *Identity) Serialize() []any

type PINStatus ¶

type PINStatus uint8

We need to know if the TPM handle has a pin set

const (
	NoPIN PINStatus = iota
	HasPIN
)

func (PINStatus) String ¶

func (p PINStatus) String() string

type Recipient ¶ added in v0.2.0

type Recipient struct {
	Pubkey *ecdh.PublicKey
	// contains filtered or unexported fields
}

func DecodeRecipient ¶

func DecodeRecipient(s string) (*Recipient, error)

func NewRecipient ¶ added in v0.2.0

func NewRecipient(ecc *ecdh.PublicKey) *Recipient

func NewRecipientFromBytes ¶ added in v0.2.0

func NewRecipientFromBytes(s []byte) (*Recipient, error)

func (*Recipient) String ¶ added in v0.2.0

func (r *Recipient) String() string

func (*Recipient) Tag ¶ added in v0.2.0

func (r *Recipient) Tag() []byte

Returns the 4 first bytes of a sha256 sum of the key this is used to to find the correct identity in a stanza

type TPMDevice ¶ added in v0.1.0

type TPMDevice struct {
	// contains filtered or unexported fields
}

Wrap swtpm and tpm into one device thing

func NewSwTPM ¶ added in v0.1.0

func NewSwTPM(dir string) (*TPMDevice, error)

Setup a new Software TPM

func NewTPM ¶ added in v0.1.0

func NewTPM(dir string) (*TPMDevice, error)

Setup a new TPM device

func NewTPMDevice ¶ added in v0.1.0

func NewTPMDevice(tpmPath string, isSwtpm bool) (*TPMDevice, error)

Setup a NewTPMDevice

func (*TPMDevice) Close ¶ added in v0.1.0

func (t *TPMDevice) Close()

func (*TPMDevice) TPM ¶ added in v0.1.0

func (t *TPMDevice) TPM() transport.TPMCloser

Return the TPM rwc

func (*TPMDevice) Watch ¶ added in v0.1.0

func (t *TPMDevice) Watch()

Watch for a interrution signal

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL