Documentation
¶
Overview ¶
Package verifier implements high-level logic to check information provided by TPMs in client devices.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ROCAVulnerableKey ¶
ROCAVulnerableKey returns true if the key is vulnerable to ROCA.
func VerifyAIK ¶
func VerifyAIK(tpmVersion tpb.TpmVersion, aik *tpb.AikInfo) (*pb.AikVerificationResults, error)
VerifyAIK examines properties of an AIK and a creation attestation, to determine if it is suitable for use as an attestation key.
func VerifyQuote ¶
func VerifyQuote(tpmVersion tpb.TpmVersion, public, attestationData, signature []byte, pcrs map[uint32][]byte, nonce []byte) (*pb.QuoteVerificationResults, error)
VerifyQuote returns information about the validity of a quote & signature.
Types ¶
type EKVerifier ¶
type EKVerifier struct {
// contains filtered or unexported fields
}
EKVerifier verifies x509 EK certificates based on a pool of allowed parent certificates.
func NewEKVerifier ¶
func NewEKVerifier(certsPath []string) (*EKVerifier, error)
NewEKVerifier returns an EKVerifier initialized using the certificates in the specified directories. Directories are resolved recursively. The specified directory should be structured in the forms: <XXXX>/RootCA/<cert>.{der,cer,crt) <XXXX>/IntermediateCA/<cert>.{der,cer,crt)
func (*EKVerifier) VerifyEKCert ¶
func (v *EKVerifier) VerifyEKCert(certBytes []byte) (*pb.EkcertVerificationResults, error)
VerifyEKCert verifies the properties and provenance of a given EK certificate.
Source Files
Directories