Documentation ¶
Overview ¶
Package tpm2 provides 1:1 mapping to TPM 2.0 APIs.
Package tpm2 defines all the TPM 2.0 structures together to avoid import cycles ¶
Package tpm2 contains TPM 2.0 commands and structures.
Index ¶
- Constants
- Variables
- func AuditCommand[C Command[R, *R], R any](a *CommandAudit, cmd C, rsp *R) error
- func ECCPoint(pubKey *ecdh.PublicKey) (*big.Int, *big.Int, error)
- func ECDHPubKey(curve ecdh.Curve, pub *TPMSECCPoint) (*ecdh.PublicKey, error)
- func KDFa(h crypto.Hash, key []byte, label string, contextU, contextV []byte, bits int) []byte
- func KDFe(h crypto.Hash, z []byte, use string, partyUInfo, partyVInfo []byte, bits int) []byte
- func Marshal(v Marshallable) []byte
- func PrimaryHandleName(h TPMHandle) []byte
- func RSAPub(parms *TPMSRSAParms, pub *TPM2BPublicKeyRSA) (*rsa.PublicKey, error)
- func Unmarshal[T Marshallable, P interface{ ... }](data []byte) (*T, error)
- type ActivateCredential
- type ActivateCredentialResponse
- type AsymSchemeContents
- type AttestContents
- type AuthHandle
- type AuthOption
- func AESEncryption(keySize TPMKeyBits, dir parameterEncryptiontpm2ion) AuthOption
- func Audit() AuthOption
- func AuditExclusive() AuthOption
- func Auth(auth []byte) AuthOption
- func Bound(handle TPMIDHEntity, name TPM2BName, auth []byte) AuthOption
- func Password(auth []byte) AuthOption
- func Salted(handle TPMIDHObject, pub TPMTPublic) AuthOption
- func Trial() AuthOption
- type BitGetter
- type BitSetter
- type Bitfield
- type CapabilitiesContents
- type Certify
- type CertifyCreation
- type CertifyCreationResponse
- type CertifyResponse
- type Clear
- type ClearResponse
- type Command
- type CommandAudit
- type Commit
- type CommitResponse
- type ContextLoad
- type ContextLoadResponse
- type ContextSave
- type ContextSaveResponse
- type Create
- type CreateLoaded
- type CreateLoadedResponse
- type CreatePrimary
- type CreatePrimaryResponse
- type CreateResponse
- type Duplicate
- type DuplicateResponse
- type ECDHZGen
- type ECDHZGenResponse
- type EvictControl
- type EvictControlResponse
- type FlushContext
- type FlushContextResponse
- type GetCapability
- type GetCapabilityResponse
- type GetRandom
- type GetRandomResponse
- type GetSessionAuditDigest
- type GetSessionAuditDigestResponse
- type Hash
- type HashResponse
- type HashSequenceStart
- type HashSequenceStartResponse
- type HierarchyChangeAuth
- type HierarchyChangeAuthResponse
- type HmacStart
- type HmacStartResponse
- type Import
- type ImportResponse
- type KDFSchemeContents
- type Load
- type LoadExternal
- type LoadExternalResponse
- type LoadResponse
- type MakeCredential
- type MakeCredentialResponse
- type Marshallable
- type NVCertify
- type NVCertifyResponse
- type NVDefineSpace
- type NVDefineSpaceResponse
- type NVIncrement
- type NVIncrementResponse
- type NVRead
- type NVReadPublic
- type NVReadPublicResponse
- type NVReadResponse
- type NVUndefineSpace
- type NVUndefineSpaceResponse
- type NVUndefineSpaceSpecial
- type NVUndefineSpaceSpecialResponse
- type NVWrite
- type NVWriteLock
- type NVWriteLockResponse
- type NVWriteResponse
- type NamedHandle
- type ObjectChangeAuth
- type ObjectChangeAuthResponse
- type PCREvent
- type PCREventResponse
- type PCRExtend
- type PCRExtendResponse
- type PCRRead
- type PCRReadResponse
- type PCRReset
- type PCRResetResponse
- type PolicyAuthorize
- type PolicyAuthorizeNV
- type PolicyAuthorizeNVResponse
- type PolicyAuthorizeResponse
- type PolicyCPHash
- type PolicyCPHashResponse
- type PolicyCalculator
- type PolicyCallback
- type PolicyCommand
- type PolicyCommandCode
- type PolicyCommandCodeResponse
- type PolicyGetDigest
- type PolicyGetDigestResponse
- type PolicyNV
- type PolicyNVResponse
- type PolicyNVWritten
- type PolicyNVWrittenResponse
- type PolicyOr
- type PolicyOrResponse
- type PolicyPCR
- type PolicyPCRResponse
- type PolicySecret
- type PolicySecretResponse
- type PolicySigned
- type PolicySignedResponse
- type PublicIDContents
- type PublicParmsContents
- type Quote
- type QuoteResponse
- type RSADecrypt
- type RSADecryptResponse
- type RSAEncrypt
- type RSAEncryptResponse
- type ReadPublic
- type ReadPublicResponse
- type SchemeKeyedHashContents
- type SensitiveCompositeContents
- type SensitiveCreateContents
- type SequenceComplete
- type SequenceCompleteResponse
- type SequenceUpdate
- type SequenceUpdateResponse
- type Session
- func HMAC(hash TPMIAlgHash, nonceSize int, opts ...AuthOption) Session
- func HMACSession(t transport.TPM, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error)
- func PasswordAuth(auth []byte) Session
- func Policy(hash TPMIAlgHash, nonceSize int, callback PolicyCallback, opts ...AuthOption) Session
- func PolicySession(t transport.TPM, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error)
- type Shutdown
- type ShutdownResponse
- type SigSchemeContents
- type Sign
- type SignResponse
- type SignatureContents
- type StartAuthSession
- type StartAuthSessionResponse
- type Startup
- type StartupResponse
- type SymDetailsContents
- type SymKeyBitsContents
- type SymModeContents
- type TPM2B
- type TPM2BAttest
- type TPM2BAuth
- type TPM2BContextData
- type TPM2BContextSensitive
- type TPM2BData
- type TPM2BDerive
- type TPM2BDigest
- type TPM2BECCParameter
- type TPM2BECCPoint
- type TPM2BEncryptedSecret
- type TPM2BEvent
- type TPM2BIDObject
- type TPM2BLabel
- type TPM2BMaxBuffer
- type TPM2BMaxNVBuffer
- type TPM2BNVPublic
- type TPM2BName
- type TPM2BNonce
- type TPM2BOperand
- type TPM2BPrivate
- type TPM2BPrivateKeyRSA
- type TPM2BPublic
- type TPM2BPublicKeyRSA
- type TPM2BSensitive
- type TPM2BSensitiveCreate
- type TPM2BSensitiveData
- type TPM2BSymKey
- type TPM2BTemplate
- type TPM2BTimeout
- type TPMAACT
- type TPMAAlgorithm
- type TPMACC
- type TPMALocality
- type TPMANV
- type TPMAObject
- type TPMASession
- type TPMAlgID
- type TPMAlgorithmID
- type TPMAuthorizationSize
- type TPMCC
- type TPMCap
- type TPMCmdHeader
- type TPMECCCurve
- type TPMEO
- type TPMFmt1Error
- type TPMGenerated
- type TPMHT
- type TPMHandle
- type TPMIAlgECCScheme
- type TPMIAlgHash
- type TPMIAlgKDF
- type TPMIAlgKeyedHashScheme
- type TPMIAlgPublic
- type TPMIAlgRSADecrypt
- type TPMIAlgRSAScheme
- type TPMIAlgSigScheme
- type TPMIAlgSym
- type TPMIAlgSymMode
- type TPMIAlgSymObject
- type TPMIDHContext
- type TPMIDHEntity
- type TPMIDHObject
- type TPMIDHPersistent
- type TPMIDHSaved
- type TPMIECCCurve
- type TPMIRHAC
- type TPMIRHACT
- type TPMIRHClear
- type TPMIRHEnables
- type TPMIRHEndorsement
- type TPMIRHHierarchy
- type TPMIRHHierarchyAuth
- type TPMIRHHierarchyPolicy
- type TPMIRHLockout
- type TPMIRHNVAuth
- type TPMIRHNVIndex
- type TPMIRHOwner
- type TPMIRHPlatform
- type TPMIRHProvision
- type TPMIRSAKeyBits
- type TPMISHAuthSession
- type TPMISHHMAC
- type TPMISHPolicy
- type TPMISTAttest
- type TPMISTCommandTag
- type TPMIYesNo
- type TPMKeyBits
- type TPMKeySize
- type TPMLACTData
- type TPMLAlg
- type TPMLAlgProperty
- type TPMLCC
- type TPMLCCA
- type TPMLDigest
- type TPMLDigestValues
- type TPMLECCCurve
- type TPMLHandle
- type TPMLPCRSelection
- type TPMLTaggedPCRProperty
- type TPMLTaggedPolicy
- type TPMLTaggedTPMProperty
- type TPMModifierIndicator
- type TPMNT
- type TPMPT
- type TPMPTPCR
- type TPMParameterSize
- type TPMRC
- type TPMRspHeader
- type TPMSACTData
- type TPMSAlgProperty
- type TPMSAttest
- type TPMSAuthCommand
- type TPMSAuthResponse
- type TPMSCapabilityData
- type TPMSCertifyInfo
- type TPMSClockInfo
- type TPMSCommandAuditInfo
- type TPMSContext
- type TPMSContextData
- type TPMSCreationData
- type TPMSCreationInfo
- type TPMSDerive
- type TPMSE
- type TPMSECCParms
- type TPMSECCPoint
- type TPMSEmpty
- type TPMSEncSchemeOAEP
- type TPMSEncSchemeRSAES
- type TPMSKDFSchemeECDH
- type TPMSKDFSchemeKDF1SP800108
- type TPMSKDFSchemeKDF1SP80056A
- type TPMSKDFSchemeKDF2
- type TPMSKDFSchemeMGF1
- type TPMSKeySchemeECDH
- type TPMSKeyedHashParms
- type TPMSNVCertifyInfo
- type TPMSNVDigestCertifyInfo
- type TPMSNVPublic
- type TPMSPCRSelection
- type TPMSQuoteInfo
- type TPMSRSAParms
- type TPMSSchemeECDAA
- type TPMSSchemeHMAC
- type TPMSSchemeHash
- type TPMSSchemeXOR
- type TPMSSensitiveCreate
- type TPMSSessionAuditInfo
- type TPMSSigSchemeECDSA
- type TPMSSigSchemeRSAPSS
- type TPMSSigSchemeRSASSA
- type TPMSSignatureECC
- type TPMSSignatureRSA
- type TPMSSymCipherParms
- type TPMST
- type TPMSTaggedPCRSelect
- type TPMSTaggedPolicy
- type TPMSTaggedProperty
- type TPMSTimeAttestInfo
- type TPMSTimeInfo
- type TPMSU
- type TPMTECCScheme
- type TPMTHA
- type TPMTKDFScheme
- type TPMTKeyedHashScheme
- type TPMTPublic
- type TPMTPublicParms
- type TPMTRSADecrypt
- type TPMTRSAScheme
- type TPMTSensitive
- type TPMTSigScheme
- type TPMTSignature
- type TPMTSymDef
- type TPMTSymDefObject
- type TPMTTKAuth
- type TPMTTKCreation
- type TPMTTKHashCheck
- type TPMTTKVerified
- type TPMTTemplate
- type TPMUAsymScheme
- func (u *TPMUAsymScheme) ECDAA() (*TPMSSchemeECDAA, error)
- func (u *TPMUAsymScheme) ECDH() (*TPMSKeySchemeECDH, error)
- func (u *TPMUAsymScheme) ECDSA() (*TPMSSigSchemeECDSA, error)
- func (u *TPMUAsymScheme) OAEP() (*TPMSEncSchemeOAEP, error)
- func (u *TPMUAsymScheme) RSAES() (*TPMSEncSchemeRSAES, error)
- func (u *TPMUAsymScheme) RSAPSS() (*TPMSSigSchemeRSAPSS, error)
- func (u *TPMUAsymScheme) RSASSA() (*TPMSSigSchemeRSASSA, error)
- type TPMUAttest
- func (u *TPMUAttest) Certify() (*TPMSCertifyInfo, error)
- func (u *TPMUAttest) CommandAudit() (*TPMSCommandAuditInfo, error)
- func (u *TPMUAttest) Creation() (*TPMSCreationInfo, error)
- func (u *TPMUAttest) NV() (*TPMSNVCertifyInfo, error)
- func (u *TPMUAttest) NVDigest() (*TPMSNVDigestCertifyInfo, error)
- func (u *TPMUAttest) Quote() (*TPMSQuoteInfo, error)
- func (u *TPMUAttest) SessionAudit() (*TPMSSessionAuditInfo, error)
- func (u *TPMUAttest) Time() (*TPMSTimeAttestInfo, error)
- type TPMUCapabilities
- func (u *TPMUCapabilities) ACTData() (*TPMLACTData, error)
- func (u *TPMUCapabilities) Algorithms() (*TPMLAlgProperty, error)
- func (u *TPMUCapabilities) AssignedPCR() (*TPMLPCRSelection, error)
- func (u *TPMUCapabilities) AuditCommands() (*TPMLCC, error)
- func (u *TPMUCapabilities) AuthPolicies() (*TPMLTaggedPolicy, error)
- func (u *TPMUCapabilities) Command() (*TPMLCCA, error)
- func (u *TPMUCapabilities) ECCCurves() (*TPMLECCCurve, error)
- func (u *TPMUCapabilities) Handles() (*TPMLHandle, error)
- func (u *TPMUCapabilities) PCRProperties() (*TPMLTaggedPCRProperty, error)
- func (u *TPMUCapabilities) PPCommands() (*TPMLCC, error)
- func (u *TPMUCapabilities) TPMProperties() (*TPMLTaggedTPMProperty, error)
- type TPMUKDFScheme
- func (u *TPMUKDFScheme) Bits() (*TPM2BSensitiveData, error)
- func (u *TPMUKDFScheme) ECC() (*TPM2BECCParameter, error)
- func (u *TPMUKDFScheme) ECDH() (*TPMSKDFSchemeECDH, error)
- func (u *TPMUKDFScheme) KDF1SP800108() (*TPMSKDFSchemeKDF1SP800108, error)
- func (u *TPMUKDFScheme) KDF1SP80056A() (*TPMSKDFSchemeKDF1SP80056A, error)
- func (u *TPMUKDFScheme) KDF2() (*TPMSKDFSchemeKDF2, error)
- func (u *TPMUKDFScheme) MGF1() (*TPMSKDFSchemeMGF1, error)
- func (u *TPMUKDFScheme) RSA() (*TPM2BPrivateKeyRSA, error)
- func (u *TPMUKDFScheme) Sym() (*TPM2BSymKey, error)
- type TPMUPublicID
- type TPMUPublicParms
- type TPMUSchemeKeyedHash
- type TPMUSensitiveComposite
- type TPMUSensitiveCreate
- type TPMUSigScheme
- type TPMUSignature
- type TPMUSymDetails
- type TPMUSymKeyBits
- type TPMUSymMode
- type TemplateContents
- type TestParms
- type TestParmsResponse
- type Unmarshallable
- type Unseal
- type UnsealResponse
- type VerifySignature
- type VerifySignatureResponse
Constants ¶
const ( TPMAlgSHA = TPMAlgSHA1 TPMCCHMAC = TPMCCMAC TPMCCHMACStart = TPMCCMACStart TPMHTLoadedSession = TPMHTHMACSession TPMHTSavedSession = TPMHTPolicySession )
Hash algorithm IDs and command codes that got re-used.
const ( // EncryptIn specifies a decrypt session. EncryptIn parameterEncryptiontpm2ion = 1 + iota // EncryptOut specifies an encrypt session. EncryptOut // EncryptInOut specifies a decrypt+encrypt session. EncryptInOut )
Variables ¶
var ( // RSASRKTemplate contains the TCG reference RSA-2048 SRK template. // https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf RSASRKTemplate = TPMTPublic{ Type: TPMAlgRSA, NameAlg: TPMAlgSHA256, ObjectAttributes: TPMAObject{ FixedTPM: true, STClear: false, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, AdminWithPolicy: false, NoDA: true, EncryptedDuplication: false, Restricted: true, Decrypt: true, SignEncrypt: false, }, Parameters: NewTPMUPublicParms( TPMAlgRSA, &TPMSRSAParms{ Symmetric: TPMTSymDefObject{ Algorithm: TPMAlgAES, KeyBits: NewTPMUSymKeyBits( TPMAlgAES, TPMKeyBits(128), ), Mode: NewTPMUSymMode( TPMAlgAES, TPMAlgCFB, ), }, KeyBits: 2048, }, ), Unique: NewTPMUPublicID( TPMAlgRSA, &TPM2BPublicKeyRSA{ Buffer: make([]byte, 256), }, ), } // RSAEKTemplate contains the TCG reference RSA-2048 EK template. RSAEKTemplate = TPMTPublic{ Type: TPMAlgRSA, NameAlg: TPMAlgSHA256, ObjectAttributes: TPMAObject{ FixedTPM: true, STClear: false, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: false, AdminWithPolicy: true, NoDA: false, EncryptedDuplication: false, Restricted: true, Decrypt: true, SignEncrypt: false, }, AuthPolicy: TPM2BDigest{ Buffer: []byte{ 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24, 0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA, }, }, Parameters: NewTPMUPublicParms( TPMAlgRSA, &TPMSRSAParms{ Symmetric: TPMTSymDefObject{ Algorithm: TPMAlgAES, KeyBits: NewTPMUSymKeyBits( TPMAlgAES, TPMKeyBits(128), ), Mode: NewTPMUSymMode( TPMAlgAES, TPMAlgCFB, ), }, KeyBits: 2048, }, ), Unique: NewTPMUPublicID( TPMAlgRSA, &TPM2BPublicKeyRSA{ Buffer: make([]byte, 256), }, ), } // ECCSRKTemplate contains the TCG reference ECC-P256 SRK template. // https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf ECCSRKTemplate = TPMTPublic{ Type: TPMAlgECC, NameAlg: TPMAlgSHA256, ObjectAttributes: TPMAObject{ FixedTPM: true, STClear: false, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, AdminWithPolicy: false, NoDA: true, EncryptedDuplication: false, Restricted: true, Decrypt: true, SignEncrypt: false, }, Parameters: NewTPMUPublicParms( TPMAlgECC, &TPMSECCParms{ Symmetric: TPMTSymDefObject{ Algorithm: TPMAlgAES, KeyBits: NewTPMUSymKeyBits( TPMAlgAES, TPMKeyBits(128), ), Mode: NewTPMUSymMode( TPMAlgAES, TPMAlgCFB, ), }, CurveID: TPMECCNistP256, }, ), Unique: NewTPMUPublicID( TPMAlgECC, &TPMSECCPoint{ X: TPM2BECCParameter{ Buffer: make([]byte, 32), }, Y: TPM2BECCParameter{ Buffer: make([]byte, 32), }, }, ), } // ECCEKTemplate contains the TCG reference ECC-P256 EK template. ECCEKTemplate = TPMTPublic{ Type: TPMAlgECC, NameAlg: TPMAlgSHA256, ObjectAttributes: TPMAObject{ FixedTPM: true, STClear: false, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: false, AdminWithPolicy: true, NoDA: false, EncryptedDuplication: false, Restricted: true, Decrypt: true, SignEncrypt: false, }, AuthPolicy: TPM2BDigest{ Buffer: []byte{ 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24, 0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA, }, }, Parameters: NewTPMUPublicParms( TPMAlgECC, &TPMSECCParms{ Symmetric: TPMTSymDefObject{ Algorithm: TPMAlgAES, KeyBits: NewTPMUSymKeyBits( TPMAlgAES, TPMKeyBits(128), ), Mode: NewTPMUSymMode( TPMAlgAES, TPMAlgCFB, ), }, CurveID: TPMECCNistP256, }, ), Unique: NewTPMUPublicID( TPMAlgECC, &TPMSECCPoint{ X: TPM2BECCParameter{ Buffer: make([]byte, 32), }, Y: TPM2BECCParameter{ Buffer: make([]byte, 32), }, }, ), } )
var PCClientCompatible pcrSelectionFormatter = pcClient{}
PCClientCompatible is a pcrSelectionFormatter that formats PCR selections suitable for use in PC Client PTP-compatible TPMs (the vast majority): https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/ PC Client mandates at least 24 PCRs but does not provide an upper limit.
Functions ¶
func AuditCommand ¶ added in v0.9.0
func AuditCommand[C Command[R, *R], R any](a *CommandAudit, cmd C, rsp *R) error
AuditCommand extends the audit digest with the given command and response. Go Generics do not allow type parameters on methods, otherwise this would be a method on CommandAudit. See https://github.com/golang/go/issues/49085 for more information.
func ECDHPubKey ¶ added in v0.9.1
ECDHPubKey converts a TPM ECC public key into one recognized by the ecdh package
func KDFa ¶
KDFa implements TPM 2.0's default key derivation function, as defined in section 11.4.9.2 of the TPM revision 2 specification part 1. See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ The key & label parameters must not be zero length. The label parameter is a non-null-terminated string. The contextU & contextV parameters are optional.
func KDFe ¶ added in v0.3.0
KDFe implements TPM 2.0's ECDH key derivation function, as defined in section 11.4.9.3 of the TPM revision 2 specification part 1. See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ The z parameter is the x coordinate of one party's private ECC key multiplied by the other party's public ECC point. The use parameter is a non-null-terminated string. The partyUInfo and partyVInfo are the x coordinates of the initiator's and the responder's ECC points, respectively.
func Marshal ¶ added in v0.9.0
func Marshal(v Marshallable) []byte
Marshal will serialize the given values, returning them as a byte slice.
func PrimaryHandleName ¶ added in v0.9.0
PrimaryHandleName returns the TPM Name of a primary handle.
func RSAPub ¶ added in v0.9.0
func RSAPub(parms *TPMSRSAParms, pub *TPM2BPublicKeyRSA) (*rsa.PublicKey, error)
RSAPub converts a TPM RSA public key into one recognized by the rsa package.
func Unmarshal ¶ added in v0.9.0
func Unmarshal[T Marshallable, P interface { *T Unmarshallable }](data []byte) (*T, error)
Unmarshal unmarshals the given type from the byte array. Returns an error if the buffer does not contain enough data to satisfy the types, or if the types are not unmarshallable.
Types ¶
type ActivateCredential ¶
type ActivateCredential struct { // handle of the object associated with certificate in credentialBlob ActivateHandle handle `gotpm:"handle,auth"` // loaded key used to decrypt the TPMS_SENSITIVE in credentialBlob KeyHandle handle `gotpm:"handle,auth"` // the credential CredentialBlob TPM2BIDObject // keyHandle algorithm-dependent encrypted seed that protects credentialBlob Secret TPM2BEncryptedSecret }
ActivateCredential is the input to TPM2_ActivateCredential. See definition in Part 3, Commands, section 12.5.
func (ActivateCredential) Command ¶ added in v0.9.0
func (ActivateCredential) Command() TPMCC
Command implements the Command interface.
func (ActivateCredential) Execute ¶ added in v0.9.0
func (cmd ActivateCredential) Execute(t transport.TPM, s ...Session) (*ActivateCredentialResponse, error)
Execute executes the command and returns the response.
type ActivateCredentialResponse ¶ added in v0.9.0
type ActivateCredentialResponse struct { // the decrypted certificate information CertInfo TPM2BDigest }
ActivateCredentialResponse is the response from TPM2_ActivateCredential.
type AsymSchemeContents ¶ added in v0.9.0
type AsymSchemeContents interface { Marshallable *TPMSSigSchemeRSASSA | *TPMSEncSchemeRSAES | *TPMSSigSchemeRSAPSS | *TPMSEncSchemeOAEP | *TPMSSigSchemeECDSA | *TPMSKeySchemeECDH | *TPMSSchemeECDAA }
AsymSchemeContents is a type constraint representing the possible contents of TPMUAsymScheme.
type AttestContents ¶ added in v0.9.0
type AttestContents interface { Marshallable *TPMSNVCertifyInfo | *TPMSCommandAuditInfo | *TPMSSessionAuditInfo | *TPMSCertifyInfo | *TPMSQuoteInfo | *TPMSTimeAttestInfo | *TPMSCreationInfo | *TPMSNVDigestCertifyInfo }
AttestContents is a type constraint representing the possible contents of TPMUAttest.
type AuthHandle ¶ added in v0.9.0
AuthHandle allows the caller to add an authorization session onto a handle.
func (AuthHandle) HandleValue ¶ added in v0.9.0
func (h AuthHandle) HandleValue() uint32
HandleValue implements the handle interface.
func (AuthHandle) KnownName ¶ added in v0.9.0
func (h AuthHandle) KnownName() *TPM2BName
KnownName implements the handle interface. If Name is not provided (i.e., only Auth), then rely on the underlying TPMHandle.
type AuthOption ¶ added in v0.9.0
type AuthOption func(*sessionOptions)
AuthOption is an option for setting up an auth session variadically.
func AESEncryption ¶ added in v0.9.0
func AESEncryption(keySize TPMKeyBits, dir parameterEncryptiontpm2ion) AuthOption
AESEncryption uses the session to encrypt the first parameter sent to/from the TPM. Note that only commands whose first command/response parameter is a 2B can support session encryption.
func Audit ¶ added in v0.9.0
func Audit() AuthOption
Audit uses the session to compute extra HMACs. An Audit session can be used with GetSessionAuditDigest to obtain attestation over a sequence of commands.
func AuditExclusive ¶ added in v0.9.0
func AuditExclusive() AuthOption
AuditExclusive is like an audit session, but even more powerful. This allows an audit session to additionally indicate that no other auditable commands were executed other than the ones described by the audit hash.
func Auth ¶ added in v0.9.0
func Auth(auth []byte) AuthOption
Auth uses the session to prove knowledge of the object's auth value.
func Bound ¶ added in v0.9.0
func Bound(handle TPMIDHEntity, name TPM2BName, auth []byte) AuthOption
Bound specifies that this session's session key should depend on the auth value of the given object.
func Password ¶ added in v0.9.0
func Password(auth []byte) AuthOption
Password is a policy-session-only option that specifies to provide the object's auth value in place of the authorization HMAC when authorizing. For HMAC sessions, has the same effect as using Auth. Deprecated: This is not recommended and is only provided for completeness; use Auth instead.
func Salted ¶ added in v0.9.0
func Salted(handle TPMIDHObject, pub TPMTPublic) AuthOption
Salted specifies that this session's session key should depend on an encrypted seed value using the given public key. 'handle' must refer to a loaded RSA or ECC key.
func Trial ¶ added in v0.9.0
func Trial() AuthOption
Trial indicates that the policy session should be in trial-mode. This allows using the TPM to calculate policy hashes. This option has no effect on non-Policy sessions.
type BitGetter ¶ added in v0.9.0
type BitGetter interface { Bitfield // GetReservedBit returns the value of the given reserved bit. // If the bit is not reserved, returns false. GetReservedBit(pos int) bool }
BitGetter represents a TPM bitfield (i.e., TPMA_*) type that can be read.
type BitSetter ¶ added in v0.9.0
type BitSetter interface { Bitfield // GetReservedBit sets the value of the given reserved bit. SetReservedBit(pos int, val bool) }
BitSetter represents a TPM bitfield (i.e., TPMA_*) type that can be written.
type Bitfield ¶ added in v0.9.0
type Bitfield interface { // Length returns the length of the bitfield. Length() int }
Bitfield represents a TPM bitfield (i.e., TPMA_*) type.
type CapabilitiesContents ¶ added in v0.9.0
type CapabilitiesContents interface { Marshallable *TPMLAlgProperty | *TPMLHandle | *TPMLCCA | *TPMLCC | *TPMLPCRSelection | *TPMLTaggedTPMProperty | *TPMLTaggedPCRProperty | *TPMLECCCurve | *TPMLTaggedPolicy | *TPMLACTData }
CapabilitiesContents is a type constraint representing the possible contents of TPMUCapabilities.
type Certify ¶
type Certify struct { // handle of the object to be certified ObjectHandle handle `gotpm:"handle,auth"` // handle of the key used to sign the attestation structure SignHandle handle `gotpm:"handle,auth"` // user provided qualifying data QualifyingData TPM2BData // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL InScheme TPMTSigScheme }
Certify is the input to TPM2_Certify. See definition in Part 3, Commands, section 18.2.
type CertifyCreation ¶
type CertifyCreation struct { // handle of the key that will sign the attestation block SignHandle handle `gotpm:"handle,auth"` // the object associated with the creation data ObjectHandle handle `gotpm:"handle"` // user-provided qualifying data QualifyingData TPM2BData // hash of the creation data produced by TPM2_Create() or TPM2_CreatePrimary() CreationHash TPM2BDigest // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL InScheme TPMTSigScheme // ticket produced by TPM2_Create() or TPM2_CreatePrimary() CreationTicket TPMTTKCreation }
CertifyCreation is the input to TPM2_CertifyCreation. See definition in Part 3, Commands, section 18.3.
func (CertifyCreation) Command ¶ added in v0.9.0
func (CertifyCreation) Command() TPMCC
Command implements the Command interface.
func (CertifyCreation) Execute ¶ added in v0.9.0
func (cmd CertifyCreation) Execute(t transport.TPM, s ...Session) (*CertifyCreationResponse, error)
Execute executes the command and returns the response.
type CertifyCreationResponse ¶ added in v0.9.0
type CertifyCreationResponse struct { // the structure that was signed CertifyInfo TPM2BAttest // the signature over certifyInfo Signature TPMTSignature }
CertifyCreationResponse is the response from TPM2_CertifyCreation.
type CertifyResponse ¶ added in v0.9.0
type CertifyResponse struct { // the structure that was signed CertifyInfo TPM2BAttest // the asymmetric signature over certifyInfo using the key referenced by signHandle Signature TPMTSignature }
CertifyResponse is the response from TPM2_Certify.
type Clear ¶ added in v0.3.0
type Clear struct {
// TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
AuthHandle handle `gotpm:"handle,auth"`
}
Clear is the input to TPM2_Clear. See definition in Part 3, Commands, section 24.6
type ClearResponse ¶ added in v0.9.0
type ClearResponse struct{}
ClearResponse is the response from TPM2_Clear.
type Command ¶ added in v0.9.0
type Command[R any, PR *R] interface { // The TPM command code associated with this command. Command() TPMCC // Executes the command and returns the response. Execute(t transport.TPM, s ...Session) (PR, error) }
Command is an interface for any TPM command, parameterized by its response type.
type CommandAudit ¶ added in v0.9.0
type CommandAudit struct {
// contains filtered or unexported fields
}
CommandAudit represents an audit session for attesting the execution of a series of commands in the TPM. It is useful for both command and session auditing.
func NewAudit ¶ added in v0.9.0
func NewAudit(hash TPMIAlgHash) (*CommandAudit, error)
NewAudit initializes a new CommandAudit with the specified hash algorithm.
func (*CommandAudit) Digest ¶ added in v0.9.0
func (a *CommandAudit) Digest() []byte
Digest returns the current digest of the audit.
type Commit ¶ added in v0.9.0
type Commit struct { // handle of the key that will be used in the signing operation SignHandle handle `gotpm:"handle,auth"` // a point (M) on the curve used by signHandle P1 TPM2BECCPoint // octet array used to derive x-coordinate of a base point S2 TPM2BSensitiveData // y coordinate of the point associated with s2 Y2 TPM2BECCParameter }
Commit is the input to TPM2_Commit. See definition in Part 3, Commands, section 19.2.
type CommitResponse ¶ added in v0.9.0
type CommitResponse struct { // ECC point K ≔ [ds](x2, y2) K TPM2BECCPoint // ECC point L ≔ [r](x2, y2) L TPM2BECCPoint // ECC point E ≔ [r]P1 E TPM2BECCPoint // least-significant 16 bits of commitCount Counter uint16 }
CommitResponse is the response from TPM2_Commit.
type ContextLoad ¶
type ContextLoad struct { // the context blob Context TPMSContext }
ContextLoad is the input to TPM2_ContextLoad. See definition in Part 3, Commands, section 28.3
func (ContextLoad) Command ¶ added in v0.9.0
func (ContextLoad) Command() TPMCC
Command implements the Command interface.
func (ContextLoad) Execute ¶ added in v0.9.0
func (cmd ContextLoad) Execute(t transport.TPM, s ...Session) (*ContextLoadResponse, error)
Execute executes the command and returns the response.
type ContextLoadResponse ¶ added in v0.9.0
type ContextLoadResponse struct { // the handle assigned to the resource after it has been successfully loaded LoadedHandle TPMIDHContext }
ContextLoadResponse is the response from TPM2_ContextLoad.
type ContextSave ¶
type ContextSave struct { // handle of the resource to save SaveHandle TPMIDHContext }
ContextSave is the input to TPM2_ContextSave. See definition in Part 3, Commands, section 28.2
func (ContextSave) Command ¶ added in v0.9.0
func (ContextSave) Command() TPMCC
Command implements the Command interface.
func (ContextSave) Execute ¶ added in v0.9.0
func (cmd ContextSave) Execute(t transport.TPM, s ...Session) (*ContextSaveResponse, error)
Execute executes the command and returns the response.
type ContextSaveResponse ¶ added in v0.9.0
type ContextSaveResponse struct {
Context TPMSContext
}
ContextSaveResponse is the response from TPM2_ContextSave.
type Create ¶ added in v0.9.0
type Create struct { // handle of parent for new object ParentHandle handle `gotpm:"handle,auth"` // the sensitive data InSensitive TPM2BSensitiveCreate // the public template InPublic TPM2BPublic // data that will be included in the creation data for this // object to provide permanent, verifiable linkage between this // object and some object owner data OutsideInfo TPM2BData // PCR that will be used in creation data CreationPCR TPMLPCRSelection }
Create is the input to TPM2_Create. See definition in Part 3, Commands, section 12.1
type CreateLoaded ¶ added in v0.9.0
type CreateLoaded struct { // Handle of a transient storage key, a persistent storage key, // TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM+{PP}, or TPM_RH_NULL ParentHandle handle `gotpm:"handle,auth"` // the sensitive data, see TPM 2.0 Part 1 Sensitive Values InSensitive TPM2BSensitiveCreate // the public template InPublic TPM2BTemplate }
CreateLoaded is the input to TPM2_CreateLoaded. See definition in Part 3, Commands, section 12.9
func (CreateLoaded) Command ¶ added in v0.9.0
func (CreateLoaded) Command() TPMCC
Command implements the Command interface.
func (CreateLoaded) Execute ¶ added in v0.9.0
func (cmd CreateLoaded) Execute(t transport.TPM, s ...Session) (*CreateLoadedResponse, error)
Execute executes the command and returns the response.
type CreateLoadedResponse ¶ added in v0.9.0
type CreateLoadedResponse struct { // handle of type TPM_HT_TRANSIENT for loaded object ObjectHandle TPMHandle `gotpm:"handle"` // the sensitive area of the object (optional) OutPrivate TPM2BPrivate `gotpm:"optional"` // the public portion of the created object OutPublic TPM2BPublic // the name of the created object Name TPM2BName }
CreateLoadedResponse is the response from TPM2_CreateLoaded.
type CreatePrimary ¶
type CreatePrimary struct { // TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM+{PP}, // or TPM_RH_NULL PrimaryHandle handle `gotpm:"handle,auth"` // the sensitive data InSensitive TPM2BSensitiveCreate // the public template InPublic TPM2BPublic // data that will be included in the creation data for this // object to provide permanent, verifiable linkage between this // object and some object owner data OutsideInfo TPM2BData // PCR that will be used in creation data CreationPCR TPMLPCRSelection }
CreatePrimary is the input to TPM2_CreatePrimary. See definition in Part 3, Commands, section 24.1
func (CreatePrimary) Command ¶ added in v0.9.0
func (CreatePrimary) Command() TPMCC
Command implements the Command interface.
func (CreatePrimary) Execute ¶ added in v0.9.0
func (cmd CreatePrimary) Execute(t transport.TPM, s ...Session) (*CreatePrimaryResponse, error)
Execute executes the command and returns the response.
type CreatePrimaryResponse ¶ added in v0.9.0
type CreatePrimaryResponse struct { // handle of type TPM_HT_TRANSIENT for created Primary Object ObjectHandle TPMHandle `gotpm:"handle"` // the public portion of the created object OutPublic TPM2BPublic // contains a TPMS_CREATION_DATA CreationData tpm2bCreationData // digest of creationData using nameAlg of outPublic CreationHash TPM2BDigest // ticket used by TPM2_CertifyCreation() to validate that the // creation data was produced by the TPM. CreationTicket TPMTTKCreation // the name of the created object Name TPM2BName }
CreatePrimaryResponse is the response from TPM2_CreatePrimary.
type CreateResponse ¶ added in v0.9.0
type CreateResponse struct { // the private portion of the object OutPrivate TPM2BPrivate // the public portion of the created object OutPublic TPM2BPublic // contains a TPMS_CREATION_DATA CreationData tpm2bCreationData // digest of creationData using nameAlg of outPublic CreationHash TPM2BDigest // ticket used by TPM2_CertifyCreation() to validate that the // creation data was produced by the TPM. CreationTicket TPMTTKCreation }
CreateResponse is the response from TPM2_Create.
type Duplicate ¶ added in v0.9.1
type Duplicate struct { // ObjectHandle is the handle of the object to dupliate. ObjectHandle handle `gotpm:"handle,auth"` // NewParentHandle is the handle of the new parent. NewParentHandle handle `gotpm:"handle"` // EncryptionKeyIn is the optional symmetric encryption key used as the // inner wrapper. If SymmetricAlg is TPM_ALG_NULL, then this parameter // shall be the Empty Buffer. EncryptionKeyIn TPM2BData // Definition of the symmetric algorithm to use for the inner wrapper. // It may be TPM_ALG_NULL if no inner wrapper is applied. Symmetric TPMTSymDef }
Duplicate is the input to TPM2_Duplicate. See definition in Part 3, Commands, section 13.1
type DuplicateResponse ¶ added in v0.9.1
type DuplicateResponse struct { // EncryptionKeyOut is the symmetric encryption key used as the // inner wrapper. If SymmetricAlg is TPM_ALG_NULL, this value // shall be the Empty Buffer. EncryptionKeyOut TPM2BData // Duplicate is the private area of the object. It may be encrypted by // EncryptionKeyIn and may be doubly encrypted. Duplicate TPM2BPrivate // OutSymSeed is the seed protected by the asymmetric algorithms of new // parent. OutSymSeed TPM2BEncryptedSecret }
DuplicateResponse is the response from TPM2_Duplicate.
type ECDHZGen ¶ added in v0.3.0
type ECDHZGen struct { // handle of a loaded ECC key KeyHandle handle `gotpm:"handle,auth"` // a public key InPoint TPM2BECCPoint }
ECDHZGen is the input to TPM2_ECDHZGen. See definition in Part 3, Commands, section 14.5
type ECDHZGenResponse ¶ added in v0.9.0
type ECDHZGenResponse struct { // X and Y coordinates of the product of the multiplication OutPoint TPM2BECCPoint }
ECDHZGenResponse is the response from TPM2_ECDHZGen.
type EvictControl ¶
type EvictControl struct { // TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth handle `gotpm:"handle,auth"` ObjectHandle handle `gotpm:"handle"` PersistentHandle TPMIDHPersistent }
EvictControl is the input to TPM2_EvictControl. See definition in Part 3, Commands, section 28.5
func (EvictControl) Command ¶ added in v0.9.1
func (EvictControl) Command() TPMCC
Command implements the Command interface.
func (EvictControl) Execute ¶ added in v0.9.1
func (cmd EvictControl) Execute(t transport.TPM, s ...Session) (*EvictControlResponse, error)
Execute executes the command and returns the response.
type EvictControlResponse ¶ added in v0.9.1
type EvictControlResponse struct{}
EvictControlResponse is the response from TPM2_EvictControl.
type FlushContext ¶
type FlushContext struct {
// the handle of the item to flush
FlushHandle handle `gotpm:"handle"`
}
FlushContext is the input to TPM2_FlushContext. See definition in Part 3, Commands, section 28.4
func (FlushContext) Command ¶ added in v0.9.0
func (FlushContext) Command() TPMCC
Command implements the Command interface.
func (FlushContext) Execute ¶ added in v0.9.0
func (cmd FlushContext) Execute(t transport.TPM, s ...Session) (*FlushContextResponse, error)
Execute executes the command and returns the response.
type FlushContextResponse ¶ added in v0.9.0
type FlushContextResponse struct{}
FlushContextResponse is the response from TPM2_FlushContext.
type GetCapability ¶
type GetCapability struct { // group selection; determines the format of the response Capability TPMCap // further definition of information Property uint32 // number of properties of the indicated type to return PropertyCount uint32 }
GetCapability is the input to TPM2_GetCapability. See definition in Part 3, Commands, section 30.2
func (GetCapability) Command ¶ added in v0.9.0
func (GetCapability) Command() TPMCC
Command implements the Command interface.
func (GetCapability) Execute ¶ added in v0.9.0
func (cmd GetCapability) Execute(t transport.TPM, s ...Session) (*GetCapabilityResponse, error)
Execute executes the command and returns the response.
type GetCapabilityResponse ¶ added in v0.9.0
type GetCapabilityResponse struct { // flag to indicate if there are more values of this type MoreData TPMIYesNo // the capability data CapabilityData TPMSCapabilityData }
GetCapabilityResponse is the response from TPM2_GetCapability.
type GetRandom ¶
type GetRandom struct { // number of octets to return BytesRequested uint16 }
GetRandom is the input to TPM2_GetRandom. See definition in Part 3, Commands, section 16.1
type GetRandomResponse ¶ added in v0.9.0
type GetRandomResponse struct { // the random octets RandomBytes TPM2BDigest }
GetRandomResponse is the response from TPM2_GetRandom.
type GetSessionAuditDigest ¶ added in v0.9.0
type GetSessionAuditDigest struct { // handle of the privacy administrator (TPM_RH_ENDORSEMENT) PrivacyAdminHandle handle `gotpm:"handle,auth"` // handle of the signing key SignHandle handle `gotpm:"handle,auth"` // handle of the audit session SessionHandle handle `gotpm:"handle"` // user-provided qualifying data – may be zero-length QualifyingData TPM2BData // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL InScheme TPMTSigScheme }
GetSessionAuditDigest is the input to TPM2_GetSessionAuditDigest. See definition in Part 3, Commands, section 18.5
func (GetSessionAuditDigest) Command ¶ added in v0.9.0
func (GetSessionAuditDigest) Command() TPMCC
Command implements the Command interface.
func (GetSessionAuditDigest) Execute ¶ added in v0.9.0
func (cmd GetSessionAuditDigest) Execute(t transport.TPM, s ...Session) (*GetSessionAuditDigestResponse, error)
Execute executes the command and returns the response.
type GetSessionAuditDigestResponse ¶ added in v0.9.0
type GetSessionAuditDigestResponse struct { // the audit information that was signed AuditInfo TPM2BAttest // the signature over auditInfo Signature TPMTSignature }
GetSessionAuditDigestResponse is the response from TPM2_GetSessionAuditDigest.
type Hash ¶
type Hash struct { //data to be hashed Data TPM2BMaxBuffer // algorithm for the hash being computed - shall not be TPM_ALH_NULL HashAlg TPMIAlgHash // hierarchy to use for the ticket (TPM_RH_NULL_allowed) Hierarchy TPMIRHHierarchy `gotpm:"nullable"` }
Hash is the input to TPM2_Hash. See definition in Part 3, Commands, section 15.4
type HashResponse ¶ added in v0.9.0
type HashResponse struct { // results OutHash TPM2BDigest // ticket indicating that the sequence of octets used to // compute outDigest did not start with TPM_GENERATED_VALUE Validation TPMTTKHashCheck }
HashResponse is the response from TPM2_Hash.
type HashSequenceStart ¶ added in v0.3.2
type HashSequenceStart struct { // authorization value for subsequent use of the sequence Auth TPM2BAuth // the hash algorithm to use for the hash sequence // An Event Sequence starts if this is TPM_ALG_NULL. HashAlg TPMIAlgHash }
HashSequenceStart is the input to TPM2_HashSequenceStart. See definition in Part 3, Commands, section 17.3
func (HashSequenceStart) Command ¶ added in v0.9.0
func (HashSequenceStart) Command() TPMCC
Command implements the Command interface.
func (HashSequenceStart) Execute ¶ added in v0.9.0
func (cmd HashSequenceStart) Execute(t transport.TPM, s ...Session) (*HashSequenceStartResponse, error)
Execute executes the command and returns the response.
type HashSequenceStartResponse ¶ added in v0.9.0
type HashSequenceStartResponse struct { // a handle to reference the sequence SequenceHandle TPMIDHObject }
HashSequenceStartResponse is the response from TPM2_StartHashSequence.
type HierarchyChangeAuth ¶ added in v0.3.0
type HierarchyChangeAuth struct { // TPM_RH_ENDORSEMENT, TPM_RH_LOCKOUT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} AuthHandle handle `gotpm:"handle,auth"` // new authorization value NewAuth TPM2BAuth }
HierarchyChangeAuth is the input to TPM2_HierarchyChangeAuth. See definition in Part 3, Commands, section 24.8
func (HierarchyChangeAuth) Command ¶ added in v0.9.1
func (HierarchyChangeAuth) Command() TPMCC
Command implements the Command interface.
func (HierarchyChangeAuth) Execute ¶ added in v0.9.1
func (cmd HierarchyChangeAuth) Execute(t transport.TPM, s ...Session) (*HierarchyChangeAuthResponse, error)
Execute executes the command and returns the response.
type HierarchyChangeAuthResponse ¶ added in v0.9.1
type HierarchyChangeAuthResponse struct{}
HierarchyChangeAuthResponse is the response from TPM2_HierarchyChangeAuth.
type HmacStart ¶ added in v0.9.1
type HmacStart struct { // HMAC key handle requiring an authorization session for the USER role Handle AuthHandle `gotpm:"handle,auth"` // authorization value for subsequent use of the sequence Auth TPM2BAuth // the hash algorithm to use for the hmac sequence HashAlg TPMIAlgHash }
HmacStart is the input to TPM2_HMAC_Start. See definition in Part 3, Commands, section 17.2.2
type HmacStartResponse ¶ added in v0.9.1
type HmacStartResponse struct { // a handle to reference the sequence SequenceHandle TPMIDHObject `gotpm:"handle"` }
HmacStartResponse is the response from TPM2_HMAC_Start. See definition in Part 3, Commands, section 17.2.2
type Import ¶ added in v0.3.0
type Import struct { // handle of parent for new object ParentHandle handle `gotpm:"handle,auth"` // The optional symmetric encryption key used as the inner wrapper for duplicate // If SymmetricAlg is TPM_ALG_NULL, then this parametert shall be the Empty Buffer EncryptionKey TPM2BData // The public area of the object to be imported ObjectPublic TPM2BPublic // The symmetrically encrypted duplicate object that may contain an inner // symmetric wrapper Duplicate TPM2BPrivate // The seed for the symmetric key and HMAC key InSymSeed TPM2BEncryptedSecret // Definition of the symmetric algorithm to use for the inner wrapper Symmetric TPMTSymDef }
Import is the input to TPM2_Import. See definition in Part 3, Commands, section 13.3
type ImportResponse ¶ added in v0.9.1
type ImportResponse struct { // the private portion of the object OutPrivate TPM2BPrivate }
ImportResponse is the response from TPM2_Import.
type KDFSchemeContents ¶ added in v0.9.0
type KDFSchemeContents interface { Marshallable *TPMSKDFSchemeMGF1 | *TPMSKDFSchemeECDH | *TPMSKDFSchemeKDF1SP80056A | *TPMSKDFSchemeKDF2 | *TPMSKDFSchemeKDF1SP800108 }
KDFSchemeContents is a type constraint representing the possible contents of TPMUKDFScheme.
type Load ¶
type Load struct { // handle of parent for new object ParentHandle handle `gotpm:"handle,auth"` // the private portion of the object InPrivate TPM2BPrivate // the public portion of the object InPublic TPM2BPublic }
Load is the input to TPM2_Load. See definition in Part 3, Commands, section 12.2
type LoadExternal ¶
type LoadExternal struct { // the sensitive portion of the object (optional) InPrivate TPM2BSensitive `gotpm:"optional"` // the public portion of the object InPublic TPM2BPublic // hierarchy with which the object area is associated Hierarchy TPMIRHHierarchy `gotpm:"nullable"` }
LoadExternal is the input to TPM2_LoadExternal. See definition in Part 3, Commands, section 12.3
func (LoadExternal) Command ¶ added in v0.9.0
func (LoadExternal) Command() TPMCC
Command implements the Command interface.
func (LoadExternal) Execute ¶ added in v0.9.0
func (cmd LoadExternal) Execute(t transport.TPM, s ...Session) (*LoadExternalResponse, error)
Execute executes the command and returns the response.
type LoadExternalResponse ¶ added in v0.9.0
type LoadExternalResponse struct { // handle of type TPM_HT_TRANSIENT for loaded object ObjectHandle TPMHandle `gotpm:"handle"` // Name of the loaded object Name TPM2BName }
LoadExternalResponse is the response from TPM2_LoadExternal.
type LoadResponse ¶ added in v0.9.0
type LoadResponse struct { // handle of type TPM_HT_TRANSIENT for loaded object ObjectHandle TPMHandle `gotpm:"handle"` // Name of the loaded object Name TPM2BName }
LoadResponse is the response from TPM2_Load.
type MakeCredential ¶
type MakeCredential struct { // loaded public area, used to encrypt the sensitive area containing the credential key Handle TPMIDHObject `gotpm:"handle"` // the credential information Credential TPM2BDigest // Name of the object to which the credential applies ObjectNamae TPM2BName }
MakeCredential is the input to TPM2_MakeCredential. See definition in Part 3, Commands, section 12.6.
func (MakeCredential) Command ¶ added in v0.9.0
func (MakeCredential) Command() TPMCC
Command implements the Command interface.
func (MakeCredential) Execute ¶ added in v0.9.0
func (cmd MakeCredential) Execute(t transport.TPM, s ...Session) (*MakeCredentialResponse, error)
Execute executes the command and returns the response.
type MakeCredentialResponse ¶ added in v0.9.0
type MakeCredentialResponse struct { // the credential CredentialBlob TPM2BIDObject // handle algorithm-dependent data that wraps the key that encrypts credentialBlob Secret TPM2BEncryptedSecret }
MakeCredentialResponse is the response from TPM2_MakeCredential.
type Marshallable ¶ added in v0.9.0
type Marshallable interface {
// contains filtered or unexported methods
}
Marshallable represents any TPM type that can be marshalled.
type NVCertify ¶ added in v0.9.0
type NVCertify struct { // handle of the key used to sign the attestation structure SignHandle handle `gotpm:"handle,auth"` // handle indicating the source of the authorization value AuthHandle handle `gotpm:"handle,auth"` // Index for the area to be certified NVIndex handle `gotpm:"handle"` // user-provided qualifying data QualifyingData TPM2BData // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL InScheme TPMTSigScheme `gotpm:"nullable"` // number of octets to certify Size uint16 // octet offset into the NV area Offset uint16 }
NVCertify is the input to TPM2_NV_Certify. See definition in Part 3, Commands, section 31.16.
type NVCertifyResponse ¶ added in v0.9.0
type NVCertifyResponse struct { // the structure that was signed CertifyInfo TPM2BAttest // the asymmetric signature over certifyInfo using the key referenced by signHandle Signature TPMTSignature }
NVCertifyResponse is the response from TPM2_NV_Read.
type NVDefineSpace ¶
type NVDefineSpace struct { // TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} AuthHandle handle `gotpm:"handle,auth"` // the authorization value Auth TPM2BAuth // the public parameters of the NV area PublicInfo TPM2BNVPublic }
NVDefineSpace is the input to TPM2_NV_DefineSpace. See definition in Part 3, Commands, section 31.3.
func (NVDefineSpace) Command ¶ added in v0.9.0
func (NVDefineSpace) Command() TPMCC
Command implements the Command interface.
func (NVDefineSpace) Execute ¶ added in v0.9.0
func (cmd NVDefineSpace) Execute(t transport.TPM, s ...Session) (*NVDefineSpaceResponse, error)
Execute executes the command and returns the response.
type NVDefineSpaceResponse ¶ added in v0.9.0
type NVDefineSpaceResponse struct{}
NVDefineSpaceResponse is the response from TPM2_NV_DefineSpace.
type NVIncrement ¶
type NVIncrement struct { // handle indicating the source of the authorization value AuthHandle handle `gotpm:"handle,auth"` // the NV index of the area to write NVIndex handle `gotpm:"handle"` }
NVIncrement is the input to TPM2_NV_Increment. See definition in Part 3, Commands, section 31.8.
func (NVIncrement) Command ¶ added in v0.9.0
func (NVIncrement) Command() TPMCC
Command implements the Command interface.
func (NVIncrement) Execute ¶ added in v0.9.0
func (cmd NVIncrement) Execute(t transport.TPM, s ...Session) (*NVIncrementResponse, error)
Execute executes the command and returns the response.
type NVIncrementResponse ¶ added in v0.9.0
type NVIncrementResponse struct{}
NVIncrementResponse is the response from TPM2_NV_Increment.
type NVRead ¶
type NVRead struct { // handle indicating the source of the authorization value AuthHandle handle `gotpm:"handle,auth"` // the NV index to read NVIndex handle `gotpm:"handle"` // number of octets to read Size uint16 // octet offset into the NV area Offset uint16 }
NVRead is the input to TPM2_NV_Read. See definition in Part 3, Commands, section 31.13.
type NVReadPublic ¶ added in v0.1.0
type NVReadPublic struct {
// the NV index
NVIndex handle `gotpm:"handle"`
}
NVReadPublic is the input to TPM2_NV_ReadPublic. See definition in Part 3, Commands, section 31.6.
func (NVReadPublic) Command ¶ added in v0.9.0
func (NVReadPublic) Command() TPMCC
Command implements the Command interface.
func (NVReadPublic) Execute ¶ added in v0.9.0
func (cmd NVReadPublic) Execute(t transport.TPM, s ...Session) (*NVReadPublicResponse, error)
Execute executes the command and returns the response.
type NVReadPublicResponse ¶ added in v0.9.0
type NVReadPublicResponse struct { NVPublic TPM2BNVPublic NVName TPM2BName }
NVReadPublicResponse is the response from TPM2_NV_ReadPublic.
type NVReadResponse ¶ added in v0.9.0
type NVReadResponse struct { // the data read Data TPM2BMaxNVBuffer }
NVReadResponse is the response from TPM2_NV_Read.
type NVUndefineSpace ¶
type NVUndefineSpace struct { // TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} AuthHandle handle `gotpm:"handle,auth"` // the NV Index to remove from NV space NVIndex handle `gotpm:"handle"` }
NVUndefineSpace is the input to TPM2_NV_UndefineSpace. See definition in Part 3, Commands, section 31.4.
func (NVUndefineSpace) Command ¶ added in v0.9.0
func (NVUndefineSpace) Command() TPMCC
Command implements the Command interface.
func (NVUndefineSpace) Execute ¶ added in v0.9.0
func (cmd NVUndefineSpace) Execute(t transport.TPM, s ...Session) (*NVUndefineSpaceResponse, error)
Execute executes the command and returns the response.
type NVUndefineSpaceResponse ¶ added in v0.9.0
type NVUndefineSpaceResponse struct{}
NVUndefineSpaceResponse is the response from TPM2_NV_UndefineSpace.
type NVUndefineSpaceSpecial ¶ added in v0.3.1
type NVUndefineSpaceSpecial struct { // Index to be deleted NVIndex handle `gotpm:"handle,auth"` // TPM_RH_PLATFORM+{PP} Platform handle `gotpm:"handle,auth"` }
NVUndefineSpaceSpecial is the input to TPM2_NV_UndefineSpaceSpecial. See definition in Part 3, Commands, section 31.5.
func (NVUndefineSpaceSpecial) Command ¶ added in v0.9.0
func (NVUndefineSpaceSpecial) Command() TPMCC
Command implements the Command interface.
func (NVUndefineSpaceSpecial) Execute ¶ added in v0.9.0
func (cmd NVUndefineSpaceSpecial) Execute(t transport.TPM, s ...Session) (*NVUndefineSpaceSpecialResponse, error)
Execute executes the command and returns the response.
type NVUndefineSpaceSpecialResponse ¶ added in v0.9.0
type NVUndefineSpaceSpecialResponse struct{}
NVUndefineSpaceSpecialResponse is the response from TPM2_NV_UndefineSpaceSpecial.
type NVWrite ¶
type NVWrite struct { // handle indicating the source of the authorization value AuthHandle handle `gotpm:"handle,auth"` // the NV index of the area to write NVIndex handle `gotpm:"handle"` // the data to write Data TPM2BMaxNVBuffer // the octet offset into the NV Area Offset uint16 }
NVWrite is the input to TPM2_NV_Write. See definition in Part 3, Commands, section 31.7.
type NVWriteLock ¶ added in v0.3.0
type NVWriteLock struct { // handle indicating the source of the authorization value AuthHandle handle `gotpm:"handle,auth"` // the NV index of the area to lock NVIndex handle `gotpm:"handle"` }
NVWriteLock is the input to TPM2_NV_WriteLock. See definition in Part 3, Commands, section 31.11.
func (NVWriteLock) Command ¶ added in v0.9.0
func (NVWriteLock) Command() TPMCC
Command implements the Command interface.
func (NVWriteLock) Execute ¶ added in v0.9.0
func (cmd NVWriteLock) Execute(t transport.TPM, s ...Session) (*NVWriteLockResponse, error)
Execute executes the command and returns the response.
type NVWriteLockResponse ¶ added in v0.9.0
type NVWriteLockResponse struct{}
NVWriteLockResponse is the response from TPM2_NV_WriteLock.
type NVWriteResponse ¶ added in v0.9.0
type NVWriteResponse struct{}
NVWriteResponse is the response from TPM2_NV_Write.
type NamedHandle ¶ added in v0.9.0
NamedHandle represents an associated pairing of TPM handle and known Name.
func (NamedHandle) HandleValue ¶ added in v0.9.0
func (h NamedHandle) HandleValue() uint32
HandleValue implements the handle interface.
func (NamedHandle) KnownName ¶ added in v0.9.0
func (h NamedHandle) KnownName() *TPM2BName
KnownName implements the handle interface.
type ObjectChangeAuth ¶ added in v0.9.1
type ObjectChangeAuth struct { // TPM handle of an object ObjectHandle handle `gotpm:"handle,auth"` // handle of the parent ParentHandle handle `gotpm:"handle"` // new authorization value NewAuth TPM2BAuth }
ObjectChangeAuth is the input to TPM2_ObjectChangeAuth. See definition in Part 3, Commands, section 12.8
func (ObjectChangeAuth) Command ¶ added in v0.9.1
func (ObjectChangeAuth) Command() TPMCC
Command implements the Command interface.
func (ObjectChangeAuth) Execute ¶ added in v0.9.1
func (cmd ObjectChangeAuth) Execute(t transport.TPM, s ...Session) (*ObjectChangeAuthResponse, error)
Execute executes the command and returns the response.
type ObjectChangeAuthResponse ¶ added in v0.9.1
type ObjectChangeAuthResponse struct { // private area containing the new authorization value OutPrivate TPM2BPrivate }
ObjectChangeAuthResponse the response from TPM2_ObjectChangeAuth.
type PCREvent ¶
type PCREvent struct { // Handle of the PCR PCRHandle handle `gotpm:"handle,auth"` // Event data in sized buffer EventData TPM2BEvent }
PCREvent is the input to TPM2_PCR_Event. See definition in Part 3, Commands, section 22.3
type PCREventResponse ¶ added in v0.9.0
type PCREventResponse struct{}
PCREventResponse is the response from TPM2_PCR_Event.
type PCRExtend ¶
type PCRExtend struct { // handle of the PCR PCRHandle handle `gotpm:"handle,auth"` // list of tagged digest values to be extended Digests TPMLDigestValues }
PCRExtend is the input to TPM2_PCR_Extend. See definition in Part 3, Commands, section 22.2
type PCRExtendResponse ¶ added in v0.9.0
type PCRExtendResponse struct{}
PCRExtendResponse is the response from TPM2_PCR_Extend.
type PCRRead ¶ added in v0.9.0
type PCRRead struct { // The selection of PCR to read PCRSelectionIn TPMLPCRSelection }
PCRRead is the input to TPM2_PCR_Read. See definition in Part 3, Commands, section 22.4
type PCRReadResponse ¶ added in v0.9.0
type PCRReadResponse struct { // the current value of the PCR update counter PCRUpdateCounter uint32 // the PCR in the returned list PCRSelectionOut TPMLPCRSelection // the contents of the PCR indicated in pcrSelectOut-> pcrSelection[] as tagged digests PCRValues TPMLDigest }
PCRReadResponse is the response from TPM2_PCR_Read.
type PCRReset ¶ added in v0.3.3
type PCRReset struct {
// the PCR to reset
PCRHandle handle `gotpm:"handle,auth"`
}
PCRReset is the input to TPM2_PCRReset. See definition in Part 3, Commands, section 22.8.
type PCRResetResponse ¶ added in v0.9.0
type PCRResetResponse struct{}
PCRResetResponse is the response from TPM2_PCRReset.
type PolicyAuthorize ¶ added in v0.9.0
type PolicyAuthorize struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // digest of the policy being approved ApprovedPolicy TPM2BDigest // a policy qualifier PolicyRef TPM2BDigest // Name of a key that can sign a policy addition KeySign TPM2BName // ticket validating that approvedPolicy and policyRef were signed by keySign CheckTicket TPMTTKVerified }
PolicyAuthorize is the input to TPM2_PolicySigned. See definition in Part 3, Commands, section 23.16.
func (PolicyAuthorize) Command ¶ added in v0.9.0
func (PolicyAuthorize) Command() TPMCC
Command implements the Command interface.
func (PolicyAuthorize) Execute ¶ added in v0.9.0
func (cmd PolicyAuthorize) Execute(t transport.TPM, s ...Session) (*PolicyAuthorizeResponse, error)
Execute executes the command and returns the response.
func (PolicyAuthorize) Update ¶ added in v0.9.0
func (cmd PolicyAuthorize) Update(policy *PolicyCalculator) error
Update implements the PolicyCommand interface.
type PolicyAuthorizeNV ¶ added in v0.9.0
type PolicyAuthorizeNV struct { // handle indicating the source of the authorization value AuthHandle handle `gotpm:"handle,auth"` // the NV Index of the area to read NVIndex handle `gotpm:"handle"` // handle for the policy session being extended PolicySession handle `gotpm:"handle"` }
PolicyAuthorizeNV is the input to TPM2_PolicyAuthorizeNV. See definition in Part 3, Commands, section 23.22.
func (PolicyAuthorizeNV) Command ¶ added in v0.9.0
func (PolicyAuthorizeNV) Command() TPMCC
Command implements the Command interface.
func (PolicyAuthorizeNV) Execute ¶ added in v0.9.0
func (cmd PolicyAuthorizeNV) Execute(t transport.TPM, s ...Session) (*PolicyAuthorizeNVResponse, error)
Execute executes the command and returns the response.
func (PolicyAuthorizeNV) Update ¶ added in v0.9.0
func (cmd PolicyAuthorizeNV) Update(policy *PolicyCalculator) error
Update implements the PolicyCommand interface.
type PolicyAuthorizeNVResponse ¶ added in v0.9.0
type PolicyAuthorizeNVResponse struct{}
PolicyAuthorizeNVResponse is the response from TPM2_PolicyAuthorizeNV.
type PolicyAuthorizeResponse ¶ added in v0.9.0
type PolicyAuthorizeResponse struct{}
PolicyAuthorizeResponse is the response from TPM2_PolicyAuthorize.
type PolicyCPHash ¶ added in v0.9.0
type PolicyCPHash struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the cpHash added to the policy CPHashA TPM2BDigest }
PolicyCPHash is the input to TPM2_PolicyCpHash. See definition in Part 3, Commands, section 23.13.
func (PolicyCPHash) Command ¶ added in v0.9.0
func (PolicyCPHash) Command() TPMCC
Command implements the Command interface.
func (PolicyCPHash) Execute ¶ added in v0.9.0
func (cmd PolicyCPHash) Execute(t transport.TPM, s ...Session) (*PolicyCPHashResponse, error)
Execute executes the command and returns the response.
func (PolicyCPHash) Update ¶ added in v0.9.0
func (cmd PolicyCPHash) Update(policy *PolicyCalculator) error
Update implements the PolicyCommand interface.
type PolicyCPHashResponse ¶ added in v0.9.0
type PolicyCPHashResponse struct{}
PolicyCPHashResponse is the response from TPM2_PolicyCpHash.
type PolicyCalculator ¶ added in v0.9.0
type PolicyCalculator struct {
// contains filtered or unexported fields
}
PolicyCalculator represents a TPM 2.0 policy that needs to be calculated synthetically (i.e., without a TPM).
func NewPolicyCalculator ¶ added in v0.9.0
func NewPolicyCalculator(alg TPMIAlgHash) (*PolicyCalculator, error)
NewPolicyCalculator creates a fresh policy using the given hash algorithm.
func (*PolicyCalculator) Hash ¶ added in v0.9.0
func (p *PolicyCalculator) Hash() *TPMTHA
Hash returns the current state of the policy hash.
func (*PolicyCalculator) Reset ¶ added in v0.9.0
func (p *PolicyCalculator) Reset()
Reset resets the internal state of the policy hash to all 0x00.
func (*PolicyCalculator) Update ¶ added in v0.9.0
func (p *PolicyCalculator) Update(data ...interface{}) error
Update updates the internal state of the policy hash by appending the current state with the given contents, and updating the new state to the hash of that.
type PolicyCallback ¶ added in v0.9.0
type PolicyCallback = func(tpm transport.TPM, handle TPMISHPolicy, nonceTPM TPM2BNonce) error
PolicyCallback represents an object's policy in the form of a function. This function makes zero or more TPM policy commands and returns error.
type PolicyCommand ¶ added in v0.9.0
type PolicyCommand interface { // Update updates the given policy hash according to the command // parameters. Update(policy *PolicyCalculator) error }
PolicyCommand is a TPM command that can be part of a TPM policy.
type PolicyCommandCode ¶ added in v0.3.0
type PolicyCommandCode struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the allowed commandCode Code TPMCC }
PolicyCommandCode is the input to TPM2_PolicyCommandCode. See definition in Part 3, Commands, section 23.11.
func (PolicyCommandCode) Command ¶ added in v0.9.0
func (PolicyCommandCode) Command() TPMCC
Command implements the Command interface.
func (PolicyCommandCode) Execute ¶ added in v0.9.0
func (cmd PolicyCommandCode) Execute(t transport.TPM, s ...Session) (*PolicyCommandCodeResponse, error)
Execute executes the command and returns the response.
func (PolicyCommandCode) Update ¶ added in v0.9.0
func (cmd PolicyCommandCode) Update(policy *PolicyCalculator) error
Update implements the PolicyCommand interface.
type PolicyCommandCodeResponse ¶ added in v0.9.0
type PolicyCommandCodeResponse struct{}
PolicyCommandCodeResponse is the response from TPM2_PolicyCommandCode.
type PolicyGetDigest ¶
type PolicyGetDigest struct {
// handle for the policy session
PolicySession handle `gotpm:"handle"`
}
PolicyGetDigest is the input to TPM2_PolicyGetDigest. See definition in Part 3, Commands, section 23.19.
func (PolicyGetDigest) Command ¶ added in v0.9.0
func (PolicyGetDigest) Command() TPMCC
Command implements the Command interface.
func (PolicyGetDigest) Execute ¶ added in v0.9.0
func (cmd PolicyGetDigest) Execute(t transport.TPM, s ...Session) (*PolicyGetDigestResponse, error)
Execute executes the command and returns the response.
type PolicyGetDigestResponse ¶ added in v0.9.0
type PolicyGetDigestResponse struct { // the current value of the policySession→policyDigest PolicyDigest TPM2BDigest }
PolicyGetDigestResponse is the response from TPM2_PolicyGetDigest.
type PolicyNV ¶ added in v0.9.0
type PolicyNV struct { // handle indicating the source of the authorization value AuthHandle handle `gotpm:"handle,auth"` // the NV Index of the area to read NVIndex handle `gotpm:"handle"` // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the second operand OperandB TPM2BOperand // the octet offset in the NV Index for the start of operand A Offset uint16 // the comparison to make Operation TPMEO }
PolicyNV is the input to TPM2_PolicyNV. See definition in Part 3, Commands, section 23.9.
func (PolicyNV) Update ¶ added in v0.9.0
func (cmd PolicyNV) Update(policy *PolicyCalculator) error
Update implements the PolicyCommand interface.
type PolicyNVResponse ¶ added in v0.9.0
type PolicyNVResponse struct{}
PolicyNVResponse is the response from TPM2_PolicyPCR.
type PolicyNVWritten ¶ added in v0.9.0
type PolicyNVWritten struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // YES if NV Index is required to have been written // NO if NV Index is required not to have been written WrittenSet TPMIYesNo }
PolicyNVWritten is the input to TPM2_PolicyNvWritten. See definition in Part 3, Commands, section 23.20.
func (PolicyNVWritten) Command ¶ added in v0.9.0
func (PolicyNVWritten) Command() TPMCC
Command implements the Command interface.
func (PolicyNVWritten) Execute ¶ added in v0.9.0
func (cmd PolicyNVWritten) Execute(t transport.TPM, s ...Session) (*PolicyNVWrittenResponse, error)
Execute executes the command and returns the response.
func (PolicyNVWritten) Update ¶ added in v0.9.0
func (cmd PolicyNVWritten) Update(policy *PolicyCalculator) error
Update implements the PolicyCommand interface.
type PolicyNVWrittenResponse ¶ added in v0.9.0
type PolicyNVWrittenResponse struct { }
PolicyNVWrittenResponse is the response from TPM2_PolicyNvWritten.
type PolicyOr ¶ added in v0.3.0
type PolicyOr struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the list of hashes to check for a match PHashList TPMLDigest }
PolicyOr is the input to TPM2_PolicyOR. See definition in Part 3, Commands, section 23.6.
func (PolicyOr) Update ¶ added in v0.9.0
func (cmd PolicyOr) Update(policy *PolicyCalculator) error
Update implements the PolicyCommand interface.
type PolicyOrResponse ¶ added in v0.9.0
type PolicyOrResponse struct{}
PolicyOrResponse is the response from TPM2_PolicyOr.
type PolicyPCR ¶
type PolicyPCR struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // expected digest value of the selected PCR using the // hash algorithm of the session; may be zero length PcrDigest TPM2BDigest // the PCR to include in the check digest Pcrs TPMLPCRSelection }
PolicyPCR is the input to TPM2_PolicyPCR. See definition in Part 3, Commands, section 23.7.
func (PolicyPCR) Update ¶ added in v0.9.0
func (cmd PolicyPCR) Update(policy *PolicyCalculator) error
Update implements the PolicyCommand interface.
type PolicyPCRResponse ¶ added in v0.9.0
type PolicyPCRResponse struct{}
PolicyPCRResponse is the response from TPM2_PolicyPCR.
type PolicySecret ¶
type PolicySecret struct { // handle for an entity providing the authorization AuthHandle handle `gotpm:"handle,auth"` // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the policy nonce for the session NonceTPM TPM2BNonce // digest of the command parameters to which this authorization is limited CPHashA TPM2BDigest // a reference to a policy relating to the authorization – may be the Empty Buffer PolicyRef TPM2BNonce // time when authorization will expire, measured in seconds from the time // that nonceTPM was generated Expiration int32 }
PolicySecret is the input to TPM2_PolicySecret. See definition in Part 3, Commands, section 23.4.
func (PolicySecret) Command ¶ added in v0.9.0
func (PolicySecret) Command() TPMCC
Command implements the Command interface.
func (PolicySecret) Execute ¶ added in v0.9.0
func (cmd PolicySecret) Execute(t transport.TPM, s ...Session) (*PolicySecretResponse, error)
Execute executes the command and returns the response.
func (PolicySecret) Update ¶ added in v0.9.0
func (cmd PolicySecret) Update(policy *PolicyCalculator)
Update implements the PolicyCommand interface.
type PolicySecretResponse ¶ added in v0.9.0
type PolicySecretResponse struct { // implementation-specific time value used to indicate to the TPM when the ticket expires Timeout TPM2BTimeout // produced if the command succeeds and expiration in the command was non-zero PolicyTicket TPMTTKAuth }
PolicySecretResponse is the response from TPM2_PolicySecret.
type PolicySigned ¶ added in v0.3.3
type PolicySigned struct { // handle for an entity providing the authorization AuthObject handle `gotpm:"handle"` // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the policy nonce for the session NonceTPM TPM2BNonce // digest of the command parameters to which this authorization is limited CPHashA TPM2BDigest // a reference to a policy relating to the authorization – may be the Empty Buffer PolicyRef TPM2BNonce // time when authorization will expire, measured in seconds from the time // that nonceTPM was generated Expiration int32 // signed authorization (not optional) Auth TPMTSignature }
PolicySigned is the input to TPM2_PolicySigned. See definition in Part 3, Commands, section 23.3.
func (PolicySigned) Command ¶ added in v0.9.0
func (PolicySigned) Command() TPMCC
Command implements the Command interface.
func (PolicySigned) Execute ¶ added in v0.9.0
func (cmd PolicySigned) Execute(t transport.TPM, s ...Session) (*PolicySignedResponse, error)
Execute executes the command and returns the response.
func (PolicySigned) Update ¶ added in v0.9.0
func (cmd PolicySigned) Update(policy *PolicyCalculator) error
Update implements the PolicyCommand interface.
type PolicySignedResponse ¶ added in v0.9.0
type PolicySignedResponse struct { // implementation-specific time value used to indicate to the TPM when the ticket expires Timeout TPM2BTimeout // produced if the command succeeds and expiration in the command was non-zero PolicyTicket TPMTTKAuth }
PolicySignedResponse is the response from TPM2_PolicySigned.
type PublicIDContents ¶ added in v0.9.0
type PublicIDContents interface { Marshallable *TPM2BDigest | *TPM2BPublicKeyRSA | *TPMSECCPoint }
PublicIDContents is a type constraint representing the possible contents of TPMUPublicID.
type PublicParmsContents ¶ added in v0.9.0
type PublicParmsContents interface { Marshallable *TPMSKeyedHashParms | *TPMSSymCipherParms | *TPMSRSAParms | *TPMSECCParms }
PublicParmsContents is a type constraint representing the possible contents of TPMUPublicParms.
type Quote ¶
type Quote struct { // handle of key that will perform signature SignHandle handle `gotpm:"handle,auth"` // data supplied by the caller QualifyingData TPM2BData // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL InScheme TPMTSigScheme // PCR set to quote PCRSelect TPMLPCRSelection }
Quote is the input to TPM2_Quote. See definition in Part 3, Commands, section 18.4
type QuoteResponse ¶ added in v0.9.0
type QuoteResponse struct { // the quoted information Quoted TPM2BAttest // the signature over quoted Signature TPMTSignature }
QuoteResponse is the response from TPM2_Quote.
type RSADecrypt ¶ added in v0.2.0
type RSADecrypt struct { // RSA key to use for decryption KeyHandle handle `gotpm:"handle,auth"` // cipher text to be decrypted CipherText TPM2BPublicKeyRSA // the padding scheme to use if scheme associated with keyHandle is TPM_ALG_NULL InScheme TPMTRSADecrypt `gotpm:"nullable"` // label whose association with the message is to be verified Label TPM2BData `gotpm:"optional"` }
RSADecrypt is the input to TPM2_RSA_Decrypt See definition in Part 3, Commands, section 14.3.
func (RSADecrypt) Command ¶ added in v0.9.1
func (RSADecrypt) Command() TPMCC
Command implements the Command interface.
func (RSADecrypt) Execute ¶ added in v0.9.1
func (cmd RSADecrypt) Execute(t transport.TPM, s ...Session) (*RSADecryptResponse, error)
Execute executes the command and returns the response.
type RSADecryptResponse ¶ added in v0.9.1
type RSADecryptResponse struct { // decrypted output Message TPM2BPublicKeyRSA }
RSADecryptResponse is the response from TPM2_RSA_Decrypt
type RSAEncrypt ¶ added in v0.2.0
type RSAEncrypt struct { // reference to public portion of RSA key to use for encryption KeyHandle handle `gotpm:"handle"` // message to be encrypted Message TPM2BPublicKeyRSA // the padding scheme to use if scheme associated with keyHandle is TPM_ALG_NULL InScheme TPMTRSADecrypt `gotpm:"nullable"` // optional label L to be associated with the message Label TPM2BData `gotpm:"optional"` }
RSAEncrypt is the input to TPM2_RSA_Encrypt See definition in Part 3, Commands, section 14.2.
func (RSAEncrypt) Command ¶ added in v0.9.1
func (RSAEncrypt) Command() TPMCC
Command implements the Command interface.
func (RSAEncrypt) Execute ¶ added in v0.9.1
func (cmd RSAEncrypt) Execute(t transport.TPM, s ...Session) (*RSAEncryptResponse, error)
Execute executes the command and returns the response.
type RSAEncryptResponse ¶ added in v0.9.1
type RSAEncryptResponse struct { // encrypted output OutData TPM2BPublicKeyRSA }
RSAEncryptResponse is the response from TPM2_RSA_Encrypt
type ReadPublic ¶
type ReadPublic struct { // TPM handle of an object ObjectHandle TPMIDHObject `gotpm:"handle"` }
ReadPublic is the input to TPM2_ReadPublic. See definition in Part 3, Commands, section 12.4
func (ReadPublic) Command ¶ added in v0.9.0
func (ReadPublic) Command() TPMCC
Command implements the Command interface.
func (ReadPublic) Execute ¶ added in v0.9.0
func (cmd ReadPublic) Execute(t transport.TPM, s ...Session) (*ReadPublicResponse, error)
Execute executes the command and returns the response.
type ReadPublicResponse ¶ added in v0.9.0
type ReadPublicResponse struct { // structure containing the public area of an object OutPublic TPM2BPublic // name of object Name TPM2BName // the Qualified Name of the object QualifiedName TPM2BName }
ReadPublicResponse is the response from TPM2_ReadPublic.
type SchemeKeyedHashContents ¶ added in v0.9.0
type SchemeKeyedHashContents interface { Marshallable *TPMSSchemeHMAC | *TPMSSchemeXOR }
SchemeKeyedHashContents is a type constraint representing the possible contents of TPMUSchemeKeyedHash.
type SensitiveCompositeContents ¶ added in v0.9.0
type SensitiveCompositeContents interface { Marshallable *TPM2BPrivateKeyRSA | *TPM2BECCParameter | *TPM2BSensitiveData | *TPM2BSymKey }
SensitiveCompositeContents is a type constraint representing the possible contents of TPMUSensitiveComposite.
type SensitiveCreateContents ¶ added in v0.9.0
type SensitiveCreateContents interface { Marshallable *TPM2BDerive | *TPM2BSensitiveData }
SensitiveCreateContents is a type constraint representing the possible contents of TPMUSensitiveCreate.
type SequenceComplete ¶ added in v0.3.2
type SequenceComplete struct { // authorization for the sequence SequenceHandle handle `gotpm:"handle,auth"` // data to be added to the hash/HMAC Buffer TPM2BMaxBuffer // hierarchy of the ticket for a hash Hierarchy TPMIRHHierarchy `gotpm:"nullable"` }
SequenceComplete is the input to TPM2_SequenceComplete. See definition in Part 3, Commands, section 17.5
func (SequenceComplete) Command ¶ added in v0.9.0
func (SequenceComplete) Command() TPMCC
Command implements the Command interface.
func (SequenceComplete) Execute ¶ added in v0.9.0
func (cmd SequenceComplete) Execute(t transport.TPM, s ...Session) (*SequenceCompleteResponse, error)
Execute executes the command and returns the response.
type SequenceCompleteResponse ¶ added in v0.9.0
type SequenceCompleteResponse struct { // the returned HMAC or digest in a sized buffer Result TPM2BDigest // ticket indicating that the sequence of octets used to // compute outDigest did not start with TPM_GENERATED_VALUE Validation TPMTTKHashCheck }
SequenceCompleteResponse is the response from TPM2_SequenceComplete.
type SequenceUpdate ¶ added in v0.3.2
type SequenceUpdate struct { // handle for the sequence object SequenceHandle handle `gotpm:"handle,auth"` // data to be added to hash Buffer TPM2BMaxBuffer }
SequenceUpdate is the input to TPM2_SequenceUpdate. See definition in Part 3, Commands, section 17.4
func (SequenceUpdate) Command ¶ added in v0.9.0
func (SequenceUpdate) Command() TPMCC
Command implements the Command interface.
func (SequenceUpdate) Execute ¶ added in v0.9.0
func (cmd SequenceUpdate) Execute(t transport.TPM, s ...Session) (*SequenceUpdateResponse, error)
Execute executes the command and returns the response.
type SequenceUpdateResponse ¶ added in v0.9.0
type SequenceUpdateResponse struct{}
SequenceUpdateResponse is the response from TPM2_SequenceUpdate.
type Session ¶ added in v0.9.0
type Session interface { // Initializes the session, if needed. Has no effect if not needed or // already done. Some types of sessions may need to be initialized // just-in-time, e.g., to support calling patterns that help the user // securely authorize their actions without writing a lot of code. Init(tpm transport.TPM) error // Cleans up the session, if needed. // Some types of session need to be cleaned up if the command failed, // again to support calling patterns that help the user securely // authorize their actions without writing a lot of code. CleanupFailure(tpm transport.TPM) error // The last nonceTPM for this session. NonceTPM() TPM2BNonce // Updates nonceCaller to a new random value. NewNonceCaller() error // Computes the authorization HMAC for the session. // If this is the first authorization session for a command, and // there is another session (or sessions) for parameter // decryption and/or encryption, then addNonces contains the // nonceTPMs from each of them, respectively (see Part 1, 19.6.5) Authorize(cc TPMCC, parms, addNonces []byte, names []TPM2BName, authIndex int) (*TPMSAuthCommand, error) // Validates the response for the session. // Updates NonceTPM for the session. Validate(rc TPMRC, cc TPMCC, parms []byte, names []TPM2BName, authIndex int, auth *TPMSAuthResponse) error // Returns true if this is an encryption session. IsEncryption() bool // Returns true if this is a decryption session. IsDecryption() bool // If this session is used for parameter decryption, encrypts the // parameter. Otherwise, does not modify the parameter. Encrypt(parameter []byte) error // If this session is used for parameter encryption, encrypts the // parameter. Otherwise, does not modify the parameter. Decrypt(parameter []byte) error // Returns the handle value of this session. Handle() TPMHandle }
Session represents a session in the TPM.
func HMAC ¶ added in v0.9.0
func HMAC(hash TPMIAlgHash, nonceSize int, opts ...AuthOption) Session
HMAC sets up a just-in-time HMAC session that is used only once. A real session is created, but just in time and it is flushed when used.
func HMACSession ¶ added in v0.9.0
func HMACSession(t transport.TPM, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error)
HMACSession sets up a reusable HMAC session that needs to be closed.
func PasswordAuth ¶ added in v0.9.0
PasswordAuth assembles a password pseudo-session with the given auth value.
func Policy ¶ added in v0.9.0
func Policy(hash TPMIAlgHash, nonceSize int, callback PolicyCallback, opts ...AuthOption) Session
Policy sets up a just-in-time policy session that created each time it's needed. Each time the policy is created, the callback is invoked to authorize the session. A real session is created, but just in time, and it is flushed when used.
func PolicySession ¶ added in v0.9.0
func PolicySession(t transport.TPM, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error)
PolicySession opens a policy session that needs to be closed. The caller is responsible to call whichever policy commands they want in the session. Note that the TPM resets a policy session after it is successfully used.
type Shutdown ¶
type Shutdown struct { // TPM_SU_CLEAR or TPM_SU_STATE ShutdownType TPMSU }
Shutdown is the input to TPM2_Shutdown. See definition in Part 3, Commands, section 9.4.
type ShutdownResponse ¶ added in v0.9.0
type ShutdownResponse struct{}
ShutdownResponse is the response from TPM2_Shutdown.
type SigSchemeContents ¶ added in v0.9.0
type SigSchemeContents interface { Marshallable *TPMSSchemeHMAC | *TPMSSchemeHash | *TPMSSchemeECDAA }
SigSchemeContents is a type constraint representing the possible contents of TPMUSigScheme.
type Sign ¶
type Sign struct { // Handle of key that will perform signing KeyHandle handle `gotpm:"handle,auth"` // digest to be signed Digest TPM2BDigest // signing scheme to use if the scheme for keyHandle is TPM_ALG_NULL InScheme TPMTSigScheme `gotpm:"nullable"` // proof that digest was created by the TPM. // If keyHandle is not a restricted signing key, then this // may be a NULL Ticket with tag = TPM_ST_CHECKHASH. Validation TPMTTKHashCheck }
Sign is the input to TPM2_Sign. See definition in Part 3, Commands, section 20.2.
type SignResponse ¶ added in v0.9.0
type SignResponse struct { // the signature Signature TPMTSignature }
SignResponse is the response from TPM2_Sign.
type SignatureContents ¶ added in v0.9.0
type SignatureContents interface { Marshallable *TPMTHA | *TPMSSignatureRSA | *TPMSSignatureECC }
SignatureContents is a type constraint representing the possible contents of TPMUSignature.
type StartAuthSession ¶
type StartAuthSession struct { // handle of a loaded decrypt key used to encrypt salt // may be TPM_RH_NULL TPMKey handle `gotpm:"handle"` // entity providing the authValue // may be TPM_RH_NULL Bind handle `gotpm:"handle"` // initial nonceCaller, sets nonceTPM size for the session // shall be at least 16 octets NonceCaller TPM2BNonce // value encrypted according to the type of tpmKey // If tpmKey is TPM_RH_NULL, this shall be the Empty Buffer. EncryptedSalt TPM2BEncryptedSecret // indicates the type of the session; simple HMAC or policy (including // a trial policy) SessionType TPMSE // the algorithm and key size for parameter encryption // may select transport.TPM_ALG_NULL Symmetric TPMTSymDef // hash algorithm to use for the session // Shall be a hash algorithm supported by the TPM and not transport.TPM_ALG_NULL AuthHash TPMIAlgHash }
StartAuthSession is the input to TPM2_StartAuthSession. See definition in Part 3, Commands, section 11.1
func (StartAuthSession) Command ¶ added in v0.9.0
func (StartAuthSession) Command() TPMCC
Command implements the Command interface.
func (StartAuthSession) Execute ¶ added in v0.9.0
func (cmd StartAuthSession) Execute(t transport.TPM, s ...Session) (*StartAuthSessionResponse, error)
Execute executes the command and returns the response.
type StartAuthSessionResponse ¶ added in v0.9.0
type StartAuthSessionResponse struct { // handle for the newly created session SessionHandle TPMISHAuthSession `gotpm:"handle"` // the initial nonce from the TPM, used in the computation of the sessionKey NonceTPM TPM2BNonce }
StartAuthSessionResponse is the response from TPM2_StartAuthSession.
type Startup ¶
type Startup struct { // TPM_SU_CLEAR or TPM_SU_STATE StartupType TPMSU }
Startup is the input to TPM2_Startup. See definition in Part 3, Commands, section 9.3.
type StartupResponse ¶ added in v0.9.0
type StartupResponse struct{}
StartupResponse is the response from TPM2_Startup.
type SymDetailsContents ¶ added in v0.9.0
type SymDetailsContents interface { TPMSEmpty }
SymDetailsContents is a type constraint representing the possible contents of TPMUSymDetails.
type SymKeyBitsContents ¶ added in v0.9.0
type SymKeyBitsContents interface { TPMKeyBits | TPMAlgID }
SymKeyBitsContents is a type constraint representing the possible contents of TPMUSymKeyBits.
type SymModeContents ¶ added in v0.9.0
type SymModeContents interface { TPMIAlgSymMode | TPMSEmpty }
SymModeContents is a type constraint representing the possible contents of TPMUSymMode.
type TPM2B ¶ added in v0.9.0
type TPM2B[T Marshallable, P interface { *T Unmarshallable }] struct { // contains filtered or unexported fields }
TPM2B is a helper type for all sized TPM structures. It can be instantiated with either a raw byte buffer or the actual struct.
func BytesAs2B ¶ added in v0.9.0
func BytesAs2B[T Marshallable, P interface { *T Unmarshallable }](b []byte) TPM2B[T, P]
BytesAs2B creates a new TPM2B containing the given byte array.
func New2B ¶ added in v0.9.0
func New2B[T Marshallable, P interface { *T Unmarshallable }](t T) TPM2B[T, P]
New2B creates a new TPM2B containing the given contents.
type TPM2BAttest ¶ added in v0.9.0
type TPM2BAttest = TPM2B[TPMSAttest, *TPMSAttest]
TPM2BAttest represents a TPM2B_ATTEST. See definition in Part 2: Structures, section 10.12.13.
type TPM2BAuth ¶ added in v0.9.0
type TPM2BAuth TPM2BDigest
TPM2BAuth represents a TPM2B_AUTH. See definition in Part 2: Structures, section 10.4.5.
type TPM2BContextData ¶ added in v0.9.0
type TPM2BContextData TPM2BData
TPM2BContextData represents a TPM2B_CONTEXT_DATA See definition in Part 2: Structures, section 14.4. Represented here as a flat buffer because how a TPM chooses to represent its context data is implementation-dependent.
type TPM2BContextSensitive ¶ added in v0.9.0
type TPM2BContextSensitive TPM2BData
TPM2BContextSensitive represents a TPM2B_CONTEXT_SENSITIVE See definition in Part 2: Structures, section 14.2.
type TPM2BData ¶ added in v0.9.0
type TPM2BData struct { // size in octets of the buffer field; may be 0 Buffer []byte `gotpm:"sized"` // contains filtered or unexported fields }
TPM2BData represents a TPM2B_DATA. See definition in Part 2: Structures, section 10.4.3.
type TPM2BDerive ¶ added in v0.9.0
type TPM2BDerive = TPM2B[TPMSDerive, *TPMSDerive]
TPM2BDerive represents a TPM2B_DERIVE. See definition in Part 2: Structures, section 11.1.12.
type TPM2BDigest ¶ added in v0.9.0
type TPM2BDigest TPM2BData
TPM2BDigest represents a TPM2B_DIGEST. See definition in Part 2: Structures, section 10.4.2.
func CPHash ¶ added in v0.9.0
func CPHash[R any](alg TPMIAlgHash, cmd Command[R, *R]) (*TPM2BDigest, error)
CPHash calculates the TPM command parameter hash for a given Command. N.B. Authorization sessions on handles are ignored, but names aren't.
type TPM2BECCParameter ¶ added in v0.9.0
type TPM2BECCParameter TPM2BData
TPM2BECCParameter represents a TPM2B_ECC_PARAMETER. See definition in Part 2: Structures, section 11.2.5.1.
type TPM2BECCPoint ¶ added in v0.9.0
type TPM2BECCPoint = TPM2B[TPMSECCPoint, *TPMSECCPoint]
TPM2BECCPoint represents a TPM2B_ECC_POINT. See definition in Part 2: Structures, section 11.2.5.3.
type TPM2BEncryptedSecret ¶ added in v0.9.0
type TPM2BEncryptedSecret TPM2BData
TPM2BEncryptedSecret represents a TPM2B_ENCRYPTED_SECRET. See definition in Part 2: Structures, section 11.4.33.
type TPM2BEvent ¶ added in v0.9.0
type TPM2BEvent TPM2BData
TPM2BEvent represents a TPM2B_EVENT. See definition in Part 2: Structures, section 10.4.7.
type TPM2BIDObject ¶ added in v0.9.0
type TPM2BIDObject TPM2BData
TPM2BIDObject represents a TPM2B_ID_OBJECT. See definition in Part 2: Structures, section 12.4.3.
type TPM2BLabel ¶ added in v0.9.0
type TPM2BLabel TPM2BData
TPM2BLabel represents a TPM2B_LABEL. See definition in Part 2: Structures, section 11.1.10.
type TPM2BMaxBuffer ¶ added in v0.9.0
type TPM2BMaxBuffer TPM2BData
TPM2BMaxBuffer represents a TPM2B_MAX_BUFFER. See definition in Part 2: Structures, section 10.4.8.
type TPM2BMaxNVBuffer ¶ added in v0.9.0
type TPM2BMaxNVBuffer TPM2BData
TPM2BMaxNVBuffer represents a TPM2B_MAX_NV_BUFFER. See definition in Part 2: Structures, section 10.4.9.
type TPM2BNVPublic ¶ added in v0.9.0
type TPM2BNVPublic = TPM2B[TPMSNVPublic, *TPMSNVPublic]
TPM2BNVPublic represents a TPM2B_NV_PUBLIC. See definition in Part 2: Structures, section 13.6.
type TPM2BName ¶ added in v0.9.0
type TPM2BName TPM2BData
TPM2BName represents a TPM2B_NAME. See definition in Part 2: Structures, section 10.5.3. NOTE: This structure does not contain a TPMUName, because that union is not tagged with a selector. Instead, TPM2B_Name is flattened and all TPMDirect helpers that deal with names will deal with them as so.
func HandleName ¶ added in v0.9.0
HandleName returns the TPM Name of a PCR, session, or permanent value (e.g., hierarchy) handle.
func NVName ¶ added in v0.9.0
func NVName(p *TPMSNVPublic) (*TPM2BName, error)
NVName returns the TPM Name of an NV index.
func ObjectName ¶ added in v0.9.0
func ObjectName(p *TPMTPublic) (*TPM2BName, error)
ObjectName returns the TPM Name of an object.
type TPM2BNonce ¶ added in v0.9.0
type TPM2BNonce TPM2BDigest
TPM2BNonce represents a TPM2B_NONCE. See definition in Part 2: Structures, section 10.4.4.
type TPM2BOperand ¶ added in v0.9.0
type TPM2BOperand TPM2BDigest
TPM2BOperand represents a TPM2B_Operand. See definition in Part 2: Structures, section 10.4.6.
type TPM2BPrivate ¶ added in v0.9.0
type TPM2BPrivate TPM2BData
TPM2BPrivate represents a TPM2B_PRIVATE. See definition in Part 2: Structures, section 12.3.7.
type TPM2BPrivateKeyRSA ¶ added in v0.9.0
type TPM2BPrivateKeyRSA TPM2BData
TPM2BPrivateKeyRSA representsa a TPM2B_PRIVATE_KEY_RSA. See definition in Part 2: Structures, section 11.2.4.7.
type TPM2BPublic ¶ added in v0.9.0
type TPM2BPublic = TPM2B[TPMTPublic, *TPMTPublic]
TPM2BPublic represents a TPM2B_PUBLIC. See definition in Part 2: Structures, section 12.2.5.
type TPM2BPublicKeyRSA ¶ added in v0.9.0
type TPM2BPublicKeyRSA TPM2BData
TPM2BPublicKeyRSA represents a TPM2B_PUBLIC_KEY_RSA. See definition in Part 2: Structures, section 11.2.4.5.
type TPM2BSensitive ¶ added in v0.9.0
type TPM2BSensitive = TPM2B[TPMTSensitive, *TPMTSensitive]
TPM2BSensitive represents a TPM2B_SENSITIVE. See definition in Part 2: Structures, section 12.3.3.
type TPM2BSensitiveCreate ¶ added in v0.9.0
type TPM2BSensitiveCreate struct {
Sensitive *TPMSSensitiveCreate
}
TPM2BSensitiveCreate represents a TPM2B_SENSITIVE_CREATE. See definition in Part 2: Structures, section 11.1.16. This is a structure instead of an alias to TPM2B[TPMSSensitiveCreate], because it has custom marshalling logic for zero-valued parameters.
type TPM2BSensitiveData ¶ added in v0.9.0
type TPM2BSensitiveData TPM2BData
TPM2BSensitiveData represents a TPM2B_SENSITIVE_DATA. See definition in Part 2: Structures, section 11.1.14.
type TPM2BSymKey ¶ added in v0.9.0
type TPM2BSymKey TPM2BData
TPM2BSymKey represents a TPM2B_SYM_KEY. See definition in Part 2: Structures, section 11.1.8.
type TPM2BTemplate ¶ added in v0.9.0
type TPM2BTemplate TPM2BData
TPM2BTemplate represents a TPM2B_TEMPLATE. See definition in Part 2: Structures, section 12.2.6.
func New2BTemplate ¶ added in v0.9.0
func New2BTemplate[C TemplateContents](data C) TPM2BTemplate
New2BTemplate creates a TPM2BTemplate with the given data.
type TPM2BTimeout ¶ added in v0.9.0
type TPM2BTimeout TPM2BData
TPM2BTimeout represents a TPM2B_TIMEOUT. See definition in Part 2: Structures, section 10.4.10.
type TPMAACT ¶ added in v0.9.0
type TPMAACT struct { // SET (1): The ACT has signaled // CLEAR (0): The ACT has not signaled Signaled bool `gotpm:"bit=0"` // SET (1): The ACT signaled bit is preserved over a power cycle // CLEAR (0): The ACT signaled bit is not preserved over a power cycle PreserveSignaled bool `gotpm:"bit=1"` // contains filtered or unexported fields }
TPMAACT represents a TPMA_ACT. See definition in Part 2: Structures, section 8.12.
func (TPMAACT) GetReservedBit ¶ added in v0.9.0
GetReservedBit implements the BitGetter interface.
func (TPMAACT) Length ¶ added in v0.9.0
func (TPMAACT) Length() int
Length implements the Bitfield interface.
func (*TPMAACT) SetReservedBit ¶ added in v0.9.0
SetReservedBit implements the BitSetter interface.
type TPMAAlgorithm ¶ added in v0.9.0
type TPMAAlgorithm struct { // SET (1): an asymmetric algorithm with public and private portions // CLEAR (0): not an asymmetric algorithm Asymmetric bool `gotpm:"bit=0"` // SET (1): a symmetric block cipher // CLEAR (0): not a symmetric block cipher Symmetric bool `gotpm:"bit=1"` // SET (1): a hash algorithm // CLEAR (0): not a hash algorithm Hash bool `gotpm:"bit=2"` // SET (1): an algorithm that may be used as an object type // CLEAR (0): an algorithm that is not used as an object type Object bool `gotpm:"bit=3"` // SET (1): a signing algorithm. The setting of asymmetric, // symmetric, and hash will indicate the type of signing algorithm. // CLEAR (0): not a signing algorithm Signing bool `gotpm:"bit=8"` // SET (1): an encryption/decryption algorithm. The setting of // asymmetric, symmetric, and hash will indicate the type of // encryption/decryption algorithm. // CLEAR (0): not an encryption/decryption algorithm Encrypting bool `gotpm:"bit=9"` // SET (1): a method such as a key derivative function (KDF) // CLEAR (0): not a method Method bool `gotpm:"bit=10"` // contains filtered or unexported fields }
TPMAAlgorithm represents a TPMA_ALGORITHM. See definition in Part 2: Structures, section 8.2.
func (TPMAAlgorithm) GetReservedBit ¶ added in v0.9.0
GetReservedBit implements the BitGetter interface.
func (TPMAAlgorithm) Length ¶ added in v0.9.0
func (TPMAAlgorithm) Length() int
Length implements the Bitfield interface.
func (*TPMAAlgorithm) SetReservedBit ¶ added in v0.9.0
SetReservedBit implements the BitSetter interface.
type TPMACC ¶ added in v0.9.0
type TPMACC struct { // indicates the command being selected CommandIndex uint16 `gotpm:"bit=15:0"` // SET (1): indicates that the command may write to NV // CLEAR (0): indicates that the command does not write to NV NV bool `gotpm:"bit=22"` // SET (1): This command could flush any number of loaded contexts. // CLEAR (0): no additional changes other than indicated by the flushed attribute Extensive bool `gotpm:"bit=23"` // SET (1): The context associated with any transient handle in the command will be flushed when this command completes. // CLEAR (0): No context is flushed as a side effect of this command. Flushed bool `gotpm:"bit=24"` // indicates the number of the handles in the handle area for this command CHandles uint8 `gotpm:"bit=27:25"` // SET (1): indicates the presence of the handle area in the response RHandle bool `gotpm:"bit=28"` // SET (1): indicates that the command is vendor-specific // CLEAR (0): indicates that the command is defined in a version of this specification V bool `gotpm:"bit=29"` // contains filtered or unexported fields }
TPMACC represents a TPMA_CC. See definition in Part 2: Structures, section 8.9.
func (TPMACC) GetReservedBit ¶ added in v0.9.0
GetReservedBit implements the BitGetter interface.
func (TPMACC) Length ¶ added in v0.9.0
func (TPMACC) Length() int
Length implements the Bitfield interface.
func (*TPMACC) SetReservedBit ¶ added in v0.9.0
SetReservedBit implements the BitSetter interface.
type TPMALocality ¶ added in v0.9.0
type TPMALocality struct { TPMLocZero bool `gotpm:"bit=0"` TPMLocOne bool `gotpm:"bit=1"` TPMLocTwo bool `gotpm:"bit=2"` TPMLocThree bool `gotpm:"bit=3"` TPMLocFour bool `gotpm:"bit=4"` // If any of these bits is set, an extended locality is indicated Extended uint8 `gotpm:"bit=7:5"` // contains filtered or unexported fields }
TPMALocality represents a TPMA_LOCALITY. See definition in Part 2: Structures, section 8.5.
func (TPMALocality) GetReservedBit ¶ added in v0.9.0
GetReservedBit implements the BitGetter interface.
func (TPMALocality) Length ¶ added in v0.9.0
func (TPMALocality) Length() int
Length implements the Bitfield interface.
func (*TPMALocality) SetReservedBit ¶ added in v0.9.0
SetReservedBit implements the BitSetter interface.
type TPMANV ¶ added in v0.9.0
type TPMANV struct { // SET (1): The Index data can be written if Platform Authorization is // provided. // CLEAR (0): Writing of the Index data cannot be authorized with // Platform Authorization. PPWrite bool `gotpm:"bit=0"` // SET (1): The Index data can be written if Owner Authorization is // provided. // CLEAR (0): Writing of the Index data cannot be authorized with Owner // Authorization. OwnerWrite bool `gotpm:"bit=1"` // SET (1): Authorizations to change the Index contents that require // USER role may be provided with an HMAC session or password. // CLEAR (0): Authorizations to change the Index contents that require // USER role may not be provided with an HMAC session or password. AuthWrite bool `gotpm:"bit=2"` // SET (1): Authorizations to change the Index contents that require // USER role may be provided with a policy session. // CLEAR (0): Authorizations to change the Index contents that require // USER role may not be provided with a policy session. PolicyWrite bool `gotpm:"bit=3"` // The type of the index. NT TPMNT `gotpm:"bit=7:4"` // SET (1): Index may not be deleted unless the authPolicy is satisfied // using TPM2_NV_UndefineSpaceSpecial(). // CLEAR (0): Index may be deleted with proper platform or owner // authorization using TPM2_NV_UndefineSpace(). PolicyDelete bool `gotpm:"bit=10"` // SET (1): Index cannot be written. // CLEAR (0): Index can be written. WriteLocked bool `gotpm:"bit=11"` // SET (1): A partial write of the Index data is not allowed. The write // size shall match the defined space size. // CLEAR (0): Partial writes are allowed. This setting is required if // the .dataSize of the Index is larger than NV_MAX_BUFFER_SIZE for the // implementation. WriteAll bool `gotpm:"bit=12"` // SET (1): TPM2_NV_WriteLock() may be used to prevent further writes // to this location. // CLEAR (0): TPM2_NV_WriteLock() does not block subsequent writes if // TPMA_NV_WRITE_STCLEAR is also CLEAR. WriteDefine bool `gotpm:"bit=13"` // SET (1): TPM2_NV_WriteLock() may be used to prevent further writes // to this location until the next TPM Reset or TPM Restart. // CLEAR (0): TPM2_NV_WriteLock() does not block subsequent writes if // TPMA_NV_WRITEDEFINE is also CLEAR. WriteSTClear bool `gotpm:"bit=14"` // SET (1): If TPM2_NV_GlobalWriteLock() is successful, // TPMA_NV_WRITELOCKED is set. // CLEAR (0): TPM2_NV_GlobalWriteLock() has no effect on the writing of // the data at this Index. GlobalLock bool `gotpm:"bit=15"` // SET (1): The Index data can be read if Platform Authorization is // provided. // CLEAR (0): Reading of the Index data cannot be authorized with // Platform Authorization. PPRead bool `gotpm:"bit=16"` // SET (1): The Index data can be read if Owner Authorization is // provided. // CLEAR (0): Reading of the Index data cannot be authorized with Owner // Authorization. OwnerRead bool `gotpm:"bit=17"` // SET (1): The Index data may be read if the authValue is provided. // CLEAR (0): Reading of the Index data cannot be authorized with the // Index authValue. AuthRead bool `gotpm:"bit=18"` // SET (1): The Index data may be read if the authPolicy is satisfied. // CLEAR (0): Reading of the Index data cannot be authorized with the // Index authPolicy. PolicyRead bool `gotpm:"bit=19"` // SET (1): Authorization failures of the Index do not affect the DA // logic and authorization of the Index is not blocked when the TPM is // in Lockout mode. // CLEAR (0): Authorization failures of the Index will increment the // authorization failure counter and authorizations of this Index are // not allowed when the TPM is in Lockout mode. NoDA bool `gotpm:"bit=25"` // SET (1): NV Index state is only required to be saved when the TPM // performs an orderly shutdown (TPM2_Shutdown()). // CLEAR (0): NV Index state is required to be persistent after the // command to update the Index completes successfully (that is, the NV // update is synchronous with the update command). Orderly bool `gotpm:"bit=26"` // SET (1): TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM // Restart. // CLEAR (0): TPMA_NV_WRITTEN is not changed by TPM Restart. ClearSTClear bool `gotpm:"bit=27"` // SET (1): Reads of the Index are blocked until the next TPM Reset or // TPM Restart. // CLEAR (0): Reads of the Index are allowed if proper authorization is // provided. ReadLocked bool `gotpm:"bit=28"` // SET (1): Index has been written. // CLEAR (0): Index has not been written. Written bool `gotpm:"bit=29"` // SET (1): This Index may be undefined with Platform Authorization // but not with Owner Authorization. // CLEAR (0): This Index may be undefined using Owner Authorization but // not with Platform Authorization. PlatformCreate bool `gotpm:"bit=30"` // SET (1): TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED // for this Index. // CLEAR (0): TPM2_NV_ReadLock() has no effect on this Index. ReadSTClear bool `gotpm:"bit=31"` // contains filtered or unexported fields }
TPMANV represents a TPMA_NV. See definition in Part 2: Structures, section 13.4.
func (TPMANV) GetReservedBit ¶ added in v0.9.0
GetReservedBit implements the BitGetter interface.
func (TPMANV) Length ¶ added in v0.9.0
func (TPMANV) Length() int
Length implements the Bitfield interface.
func (*TPMANV) SetReservedBit ¶ added in v0.9.0
SetReservedBit implements the BitSetter interface.
type TPMAObject ¶ added in v0.9.0
type TPMAObject struct { // SET (1): The hierarchy of the object, as indicated by its // Qualified Name, may not change. // CLEAR (0): The hierarchy of the object may change as a result // of this object or an ancestor key being duplicated for use in // another hierarchy. FixedTPM bool `gotpm:"bit=1"` // SET (1): Previously saved contexts of this object may not be // loaded after Startup(CLEAR). // CLEAR (0): Saved contexts of this object may be used after a // Shutdown(STATE) and subsequent Startup(). STClear bool `gotpm:"bit=2"` // SET (1): The parent of the object may not change. // CLEAR (0): The parent of the object may change as the result of // a TPM2_Duplicate() of the object. FixedParent bool `gotpm:"bit=4"` // SET (1): Indicates that, when the object was created with // TPM2_Create() or TPM2_CreatePrimary(), the TPM generated all of // the sensitive data other than the authValue. // CLEAR (0): A portion of the sensitive data, other than the // authValue, was provided by the caller. SensitiveDataOrigin bool `gotpm:"bit=5"` // SET (1): Approval of USER role actions with this object may be // with an HMAC session or with a password using the authValue of // the object or a policy session. // CLEAR (0): Approval of USER role actions with this object may // only be done with a policy session. UserWithAuth bool `gotpm:"bit=6"` // SET (1): Approval of ADMIN role actions with this object may // only be done with a policy session. // CLEAR (0): Approval of ADMIN role actions with this object may // be with an HMAC session or with a password using the authValue // of the object or a policy session. AdminWithPolicy bool `gotpm:"bit=7"` // SET (1): The object is not subject to dictionary attack // protections. // CLEAR (0): The object is subject to dictionary attack // protections. NoDA bool `gotpm:"bit=10"` // SET (1): If the object is duplicated, then symmetricAlg shall // not be TPM_ALG_NULL and newParentHandle shall not be // TPM_RH_NULL. // CLEAR (0): The object may be duplicated without an inner // wrapper on the private portion of the object and the new parent // may be TPM_RH_NULL. EncryptedDuplication bool `gotpm:"bit=11"` // SET (1): Key usage is restricted to manipulate structures of // known format; the parent of this key shall have restricted SET. // CLEAR (0): Key usage is not restricted to use on special // formats. Restricted bool `gotpm:"bit=16"` // SET (1): The private portion of the key may be used to decrypt. // CLEAR (0): The private portion of the key may not be used to // decrypt. Decrypt bool `gotpm:"bit=17"` // SET (1): For a symmetric cipher object, the private portion of // the key may be used to encrypt. For other objects, the private // portion of the key may be used to sign. // CLEAR (0): The private portion of the key may not be used to // sign or encrypt. SignEncrypt bool `gotpm:"bit=18"` // SET (1): An asymmetric key that may not be used to sign with // TPM2_Sign() CLEAR (0): A key that may be used with TPM2_Sign() // if sign is SET // NOTE: This attribute only has significance if sign is SET. X509Sign bool `gotpm:"bit=19"` // contains filtered or unexported fields }
TPMAObject represents a TPMA_OBJECT. See definition in Part 2: Structures, section 8.3.2.
func (TPMAObject) GetReservedBit ¶ added in v0.9.0
GetReservedBit implements the BitGetter interface.
func (TPMAObject) Length ¶ added in v0.9.0
func (TPMAObject) Length() int
Length implements the Bitfield interface.
func (*TPMAObject) SetReservedBit ¶ added in v0.9.0
SetReservedBit implements the BitSetter interface.
type TPMASession ¶ added in v0.9.0
type TPMASession struct { // SET (1): In a command, this setting indicates that the session // is to remain active after successful completion of the command. // In a response, it indicates that the session is still active. // If SET in the command, this attribute shall be SET in the response. // CLEAR (0): In a command, this setting indicates that the TPM should // close the session and flush any related context when the command // completes successfully. In a response, it indicates that the // session is closed and the context is no longer active. // This attribute has no meaning for a password authorization and the // TPM will allow any setting of the attribute in the command and SET // the attribute in the response. ContinueSession bool `gotpm:"bit=0"` // SET (1): In a command, this setting indicates that the command // should only be executed if the session is exclusive at the start of // the command. In a response, it indicates that the session is // exclusive. This setting is only allowed if the audit attribute is // SET (TPM_RC_ATTRIBUTES). // CLEAR (0): In a command, indicates that the session need not be // exclusive at the start of the command. In a response, indicates that // the session is not exclusive. AuditExclusive bool `gotpm:"bit=1"` // SET (1): In a command, this setting indicates that the audit digest // of the session should be initialized and the exclusive status of the // session SET. This setting is only allowed if the audit attribute is // SET (TPM_RC_ATTRIBUTES). // CLEAR (0): In a command, indicates that the audit digest should not // be initialized. This bit is always CLEAR in a response. AuditReset bool `gotpm:"bit=2"` // SET (1): In a command, this setting indicates that the first // parameter in the command is symmetrically encrypted using the // parameter encryption scheme described in TPM 2.0 Part 1. The TPM will // decrypt the parameter after performing any HMAC computations and // before unmarshaling the parameter. In a response, the attribute is // copied from the request but has no effect on the response. // CLEAR (0): Session not used for encryption. // For a password authorization, this attribute will be CLEAR in both the // command and response. Decrypt bool `gotpm:"bit=5"` // SET (1): In a command, this setting indicates that the TPM should use // this session to encrypt the first parameter in the response. In a // response, it indicates that the attribute was set in the command and // that the TPM used the session to encrypt the first parameter in the // response using the parameter encryption scheme described in TPM 2.0 // Part 1. // CLEAR (0): Session not used for encryption. // For a password authorization, this attribute will be CLEAR in both the // command and response. Encrypt bool `gotpm:"bit=6"` // SET (1): In a command or response, this setting indicates that the // session is for audit and that auditExclusive and auditReset have // meaning. This session may also be used for authorization, encryption, // or decryption. The encrypted and encrypt fields may be SET or CLEAR. // CLEAR (0): Session is not used for audit. // If SET in the command, then this attribute will be SET in the response. Audit bool `gotpm:"bit=7"` // contains filtered or unexported fields }
TPMASession represents a TPMA_SESSION. See definition in Part 2: Structures, section 8.4.
func (TPMASession) GetReservedBit ¶ added in v0.9.0
GetReservedBit implements the BitGetter interface.
func (TPMASession) Length ¶ added in v0.9.0
func (TPMASession) Length() int
Length implements the Bitfield interface.
func (*TPMASession) SetReservedBit ¶ added in v0.9.0
SetReservedBit implements the BitSetter interface.
type TPMAlgID ¶ added in v0.9.0
type TPMAlgID uint16
TPMAlgID represents a TPM_ALG_ID. See definition in Part 2: Structures, section 6.3.
const ( TPMAlgRSA TPMAlgID = 0x0001 TPMAlgTDES TPMAlgID = 0x0003 TPMAlgSHA1 TPMAlgID = 0x0004 TPMAlgHMAC TPMAlgID = 0x0005 TPMAlgAES TPMAlgID = 0x0006 TPMAlgMGF1 TPMAlgID = 0x0007 TPMAlgKeyedHash TPMAlgID = 0x0008 TPMAlgXOR TPMAlgID = 0x000A TPMAlgSHA256 TPMAlgID = 0x000B TPMAlgSHA384 TPMAlgID = 0x000C TPMAlgSHA512 TPMAlgID = 0x000D TPMAlgNull TPMAlgID = 0x0010 TPMAlgSM3256 TPMAlgID = 0x0012 TPMAlgSM4 TPMAlgID = 0x0013 TPMAlgRSASSA TPMAlgID = 0x0014 TPMAlgRSAES TPMAlgID = 0x0015 TPMAlgRSAPSS TPMAlgID = 0x0016 TPMAlgOAEP TPMAlgID = 0x0017 TPMAlgECDSA TPMAlgID = 0x0018 TPMAlgECDH TPMAlgID = 0x0019 TPMAlgECDAA TPMAlgID = 0x001A TPMAlgSM2 TPMAlgID = 0x001B TPMAlgECSchnorr TPMAlgID = 0x001C TPMAlgECMQV TPMAlgID = 0x001D TPMAlgKDF1SP80056A TPMAlgID = 0x0020 TPMAlgKDF2 TPMAlgID = 0x0021 TPMAlgKDF1SP800108 TPMAlgID = 0x0022 TPMAlgECC TPMAlgID = 0x0023 TPMAlgSymCipher TPMAlgID = 0x0025 TPMAlgCamellia TPMAlgID = 0x0026 TPMAlgSHA3256 TPMAlgID = 0x0027 TPMAlgSHA3384 TPMAlgID = 0x0028 TPMAlgSHA3512 TPMAlgID = 0x0029 TPMAlgCMAC TPMAlgID = 0x003F TPMAlgCTR TPMAlgID = 0x0040 TPMAlgOFB TPMAlgID = 0x0041 TPMAlgCBC TPMAlgID = 0x0042 TPMAlgCFB TPMAlgID = 0x0043 TPMAlgECB TPMAlgID = 0x0044 )
TPMAlgID values come from Part 2: Structures, section 6.3.
type TPMAlgorithmID ¶ added in v0.9.0
type TPMAlgorithmID uint32
TPMAlgorithmID represents a TPM_ALGORITHM_ID this is the 1.2 compatible form of the TPM_ALG_ID See definition in Part 2, Structures, section 5.3.
type TPMAuthorizationSize ¶ added in v0.9.0
type TPMAuthorizationSize uint32
TPMAuthorizationSize represents a TPM_AUTHORIZATION_SIZE. the authorizationSize parameter in a command See definition in Part 2, Structures, section 5.3.
type TPMCC ¶ added in v0.9.0
type TPMCC uint32
TPMCC represents a TPM_CC. See definition in Part 2: Structures, section 6.5.2.
const ( TPMCCNVUndefineSpaceSpecial TPMCC = 0x0000011F TPMCCEvictControl TPMCC = 0x00000120 TPMCCHierarchyControl TPMCC = 0x00000121 TPMCCNVUndefineSpace TPMCC = 0x00000122 TPMCCChangeEPS TPMCC = 0x00000124 TPMCCChangePPS TPMCC = 0x00000125 TPMCCClear TPMCC = 0x00000126 TPMCCClearControl TPMCC = 0x00000127 TPMCCClockSet TPMCC = 0x00000128 TPMCCHierarchyChanegAuth TPMCC = 0x00000129 TPMCCNVDefineSpace TPMCC = 0x0000012A TPMCCPCRAllocate TPMCC = 0x0000012B TPMCCPCRSetAuthPolicy TPMCC = 0x0000012C TPMCCPPCommands TPMCC = 0x0000012D TPMCCSetPrimaryPolicy TPMCC = 0x0000012E TPMCCFieldUpgradeStart TPMCC = 0x0000012F TPMCCClockRateAdjust TPMCC = 0x00000130 TPMCCCreatePrimary TPMCC = 0x00000131 TPMCCNVGlobalWriteLock TPMCC = 0x00000132 TPMCCGetCommandAuditDigest TPMCC = 0x00000133 TPMCCNVIncrement TPMCC = 0x00000134 TPMCCNVSetBits TPMCC = 0x00000135 TPMCCNVExtend TPMCC = 0x00000136 TPMCCNVWrite TPMCC = 0x00000137 TPMCCNVWriteLock TPMCC = 0x00000138 TPMCCDictionaryAttackLockReset TPMCC = 0x00000139 TPMCCDictionaryAttackParameters TPMCC = 0x0000013A TPMCCNVChangeAuth TPMCC = 0x0000013B TPMCCPCREvent TPMCC = 0x0000013C TPMCCPCRReset TPMCC = 0x0000013D TPMCCSequenceComplete TPMCC = 0x0000013E TPMCCSetAlgorithmSet TPMCC = 0x0000013F TPMCCSetCommandCodeAuditStatus TPMCC = 0x00000140 TPMCCFieldUpgradeData TPMCC = 0x00000141 TPMCCIncrementalSelfTest TPMCC = 0x00000142 TPMCCSelfTest TPMCC = 0x00000143 TPMCCStartup TPMCC = 0x00000144 TPMCCShutdown TPMCC = 0x00000145 TPMCCStirRandom TPMCC = 0x00000146 TPMCCActivateCredential TPMCC = 0x00000147 TPMCCCertify TPMCC = 0x00000148 TPMCCPolicyNV TPMCC = 0x00000149 TPMCCCertifyCreation TPMCC = 0x0000014A TPMCCDuplicate TPMCC = 0x0000014B TPMCCGetTime TPMCC = 0x0000014C TPMCCGetSessionAuditDigest TPMCC = 0x0000014D TPMCCNVRead TPMCC = 0x0000014E TPMCCNVReadLock TPMCC = 0x0000014F TPMCCObjectChangeAuth TPMCC = 0x00000150 TPMCCPolicySecret TPMCC = 0x00000151 TPMCCRewrap TPMCC = 0x00000152 TPMCCCreate TPMCC = 0x00000153 TPMCCECDHZGen TPMCC = 0x00000154 TPMCCMAC TPMCC = 0x00000155 TPMCCImport TPMCC = 0x00000156 TPMCCLoad TPMCC = 0x00000157 TPMCCQuote TPMCC = 0x00000158 TPMCCRSADecrypt TPMCC = 0x00000159 TPMCCMACStart TPMCC = 0x0000015B TPMCCSequenceUpdate TPMCC = 0x0000015C TPMCCSign TPMCC = 0x0000015D TPMCCUnseal TPMCC = 0x0000015E TPMCCPolicySigned TPMCC = 0x00000160 TPMCCContextLoad TPMCC = 0x00000161 TPMCCContextSave TPMCC = 0x00000162 TPMCCECDHKeyGen TPMCC = 0x00000163 TPMCCEncryptDecrypt TPMCC = 0x00000164 TPMCCFlushContext TPMCC = 0x00000165 TPMCCLoadExternal TPMCC = 0x00000167 TPMCCMakeCredential TPMCC = 0x00000168 TPMCCNVReadPublic TPMCC = 0x00000169 TPMCCPolicyAuthorize TPMCC = 0x0000016A TPMCCPolicyAuthValue TPMCC = 0x0000016B TPMCCPolicyCommandCode TPMCC = 0x0000016C TPMCCPolicyCounterTimer TPMCC = 0x0000016D TPMCCPolicyCpHash TPMCC = 0x0000016E TPMCCPolicyLocality TPMCC = 0x0000016F TPMCCPolicyNameHash TPMCC = 0x00000170 TPMCCPolicyOR TPMCC = 0x00000171 TPMCCPolicyTicket TPMCC = 0x00000172 TPMCCReadPublic TPMCC = 0x00000173 TPMCCRSAEncrypt TPMCC = 0x00000174 TPMCCStartAuthSession TPMCC = 0x00000176 TPMCCVerifySignature TPMCC = 0x00000177 TPMCCECCParameters TPMCC = 0x00000178 TPMCCFirmwareRead TPMCC = 0x00000179 TPMCCGetCapability TPMCC = 0x0000017A TPMCCGetRandom TPMCC = 0x0000017B TPMCCGetTestResult TPMCC = 0x0000017C TPMCCHash TPMCC = 0x0000017D TPMCCPCRRead TPMCC = 0x0000017E TPMCCPolicyPCR TPMCC = 0x0000017F TPMCCPolicyRestart TPMCC = 0x00000180 TPMCCReadClock TPMCC = 0x00000181 TPMCCPCRExtend TPMCC = 0x00000182 TPMCCPCRSetAuthValue TPMCC = 0x00000183 TPMCCNVCertify TPMCC = 0x00000184 TPMCCEventSequenceComplete TPMCC = 0x00000185 TPMCCHashSequenceStart TPMCC = 0x00000186 TPMCCPolicyPhysicalPresence TPMCC = 0x00000187 TPMCCPolicyDuplicationSelect TPMCC = 0x00000188 TPMCCPolicyGetDigest TPMCC = 0x00000189 TPMCCTestParms TPMCC = 0x0000018A TPMCCCommit TPMCC = 0x0000018B TPMCCPolicyPassword TPMCC = 0x0000018C TPMCCZGen2Phase TPMCC = 0x0000018D TPMCCECEphemeral TPMCC = 0x0000018E TPMCCPolicyNvWritten TPMCC = 0x0000018F TPMCCPolicyTemplate TPMCC = 0x00000190 TPMCCCreateLoaded TPMCC = 0x00000191 TPMCCPolicyAuthorizeNV TPMCC = 0x00000192 TPMCCEncryptDecrypt2 TPMCC = 0x00000193 TPMCCACGetCapability TPMCC = 0x00000194 TPMCCACSend TPMCC = 0x00000195 TPMCCPolicyACSendSelect TPMCC = 0x00000196 TPMCCCertifyX509 TPMCC = 0x00000197 TPMCCACTSetTimeout TPMCC = 0x00000198 )
TPMCC values come from Part 2: Structures, section 6.5.2.
type TPMCap ¶ added in v0.9.0
type TPMCap uint32
TPMCap represents a TPM_CAP. See definition in Part 2: Structures, section 6.12.
const ( TPMCapAlgs TPMCap = 0x00000000 TPMCapHandles TPMCap = 0x00000001 TPMCapCommands TPMCap = 0x00000002 TPMCapPPCommands TPMCap = 0x00000003 TPMCapAuditCommands TPMCap = 0x00000004 TPMCapPCRs TPMCap = 0x00000005 TPMCapTPMProperties TPMCap = 0x00000006 TPMCapPCRProperties TPMCap = 0x00000007 TPMCapECCCurves TPMCap = 0x00000008 TPMCapAuthPolicies TPMCap = 0x00000009 TPMCapACT TPMCap = 0x0000000A )
TPMCap values come from Part 2: Structures, section 6.12.
type TPMCmdHeader ¶ added in v0.9.0
type TPMCmdHeader struct { Tag TPMISTCommandTag Length uint32 CommandCode TPMCC // contains filtered or unexported fields }
TPMCmdHeader is the header structure in front of any TPM command. It is described in Part 1, Architecture.
type TPMECCCurve ¶ added in v0.9.0
type TPMECCCurve uint16
TPMECCCurve represents a TPM_ECC_Curve. See definition in Part 2: Structures, section 6.4.
const ( TPMECCNone TPMECCCurve = 0x0000 TPMECCNistP192 TPMECCCurve = 0x0001 TPMECCNistP224 TPMECCCurve = 0x0002 TPMECCNistP256 TPMECCCurve = 0x0003 TPMECCNistP384 TPMECCCurve = 0x0004 TPMECCNistP521 TPMECCCurve = 0x0005 TPMECCBNP256 TPMECCCurve = 0x0010 TPMECCBNP638 TPMECCCurve = 0x0011 TPMECCSM2P256 TPMECCCurve = 0x0020 )
TPMECCCurve values come from Part 2: Structures, section 6.4.
type TPMEO ¶ added in v0.9.0
type TPMEO uint16
TPMEO represents a TPM_EO. See definition in Part 2: Structures, section 6.8.
const ( TPMEOEq TPMEO = 0x0000 TPMEONeq TPMEO = 0x0001 TPMEOSignedGT TPMEO = 0x0002 TPMEOUnsignedGT TPMEO = 0x0003 TPMEOSignedLT TPMEO = 0x0004 TPMEOUnsignedLT TPMEO = 0x0005 TPMEOSignedGE TPMEO = 0x0006 TPMEOUnsignedGE TPMEO = 0x0007 TPMEOSignedLE TPMEO = 0x0008 TPMEOUnsignedLE TPMEO = 0x0009 TPMEOBitSet TPMEO = 0x000A TPMEOBitClear TPMEO = 0x000B )
TPMEO values come from Part 2: Structures, section 6.8.
type TPMFmt1Error ¶ added in v0.9.0
type TPMFmt1Error struct {
// contains filtered or unexported fields
}
TPMFmt1Error represents a TPM 2.0 format-1 error, with additional information.
func (TPMFmt1Error) Error ¶ added in v0.9.0
func (e TPMFmt1Error) Error() string
Error returns the string representation of the error.
func (TPMFmt1Error) Handle ¶ added in v0.9.0
func (e TPMFmt1Error) Handle() (bool, int)
Handle returns whether the error is handle-related and if so, which handle is in error.
func (TPMFmt1Error) Parameter ¶ added in v0.9.0
func (e TPMFmt1Error) Parameter() (bool, int)
Parameter returns whether the error is handle-related and if so, which handle is in error.
func (TPMFmt1Error) Session ¶ added in v0.9.0
func (e TPMFmt1Error) Session() (bool, int)
Session returns whether the error is handle-related and if so, which handle is in error.
type TPMGenerated ¶ added in v0.9.0
type TPMGenerated uint32
TPMGenerated represents a TPM_GENERATED. See definition in Part 2: Structures, section 6.2.
const (
TPMGeneratedValue TPMGenerated = 0xff544347
)
Generated values come from Part 2: Structures, section 6.2.
func (TPMGenerated) Check ¶ added in v0.9.0
func (g TPMGenerated) Check() error
Check verifies that a TPMGenerated value is correct, and returns an error otherwise.
type TPMHT ¶ added in v0.9.0
type TPMHT uint8
TPMHT represents a TPM_HT. See definition in Part 2: Structures, section 7.2.
type TPMHandle ¶ added in v0.9.0
type TPMHandle uint32
TPMHandle represents a TPM_HANDLE. See definition in Part 2: Structures, section 7.1.
const ( TPMRHOwner TPMHandle = 0x40000001 TPMRHNull TPMHandle = 0x40000007 TPMRSPW TPMHandle = 0x40000009 TPMRHLockout TPMHandle = 0x4000000A TPMRHEndorsement TPMHandle = 0x4000000B TPMRHPlatform TPMHandle = 0x4000000C TPMRHPlatformNV TPMHandle = 0x4000000D )
TPMHandle values come from Part 2: Structures, section 7.4.
func (TPMHandle) HandleValue ¶ added in v0.9.0
HandleValue returns the handle value. This behavior is intended to satisfy an interface that can be implemented by other, more complex types as well.
func (TPMHandle) KnownName ¶ added in v0.9.0
KnownName returns the TPM Name associated with the handle, if it can be known based only on the handle. This depends upon the value of the handle: only PCR, session, and permanent values have known constant Names. See definition in part 1: Architecture, section 16.
type TPMIAlgECCScheme ¶ added in v0.9.0
type TPMIAlgECCScheme = TPMAlgID
TPMIAlgECCScheme represents a TPMI_ALG_ECC_SCHEME. See definition in Part 2: Structures, section 11.2.5.4.
type TPMIAlgHash ¶ added in v0.9.0
type TPMIAlgHash = TPMAlgID
TPMIAlgHash represents a TPMI_ALG_HASH. See definition in Part 2: Structures, section 9.27.
type TPMIAlgKDF ¶ added in v0.9.0
type TPMIAlgKDF = TPMAlgID
TPMIAlgKDF represents a TPMI_ALG_KDF. See definition in Part 2: Structures, section 9.32.
type TPMIAlgKeyedHashScheme ¶ added in v0.9.0
type TPMIAlgKeyedHashScheme = TPMAlgID
TPMIAlgKeyedHashScheme represents a TPMI_ALG_KEYEDHASH_SCHEME. See definition in Part 2: Structures, section 11.1.19.
type TPMIAlgPublic ¶ added in v0.9.0
type TPMIAlgPublic = TPMAlgID
TPMIAlgPublic represents a TPMI_ALG_PUBLIC. See definition in Part 2: Structures, section 12.2.2.
type TPMIAlgRSADecrypt ¶ added in v0.9.1
type TPMIAlgRSADecrypt = TPMAlgID
TPMIAlgRSADecrypt represents a TPMI_ALG_RSA_DECRYPT. See definition in Part 2: Structures, section 11.2.4.3.
type TPMIAlgRSAScheme ¶ added in v0.9.0
type TPMIAlgRSAScheme = TPMAlgID
TPMIAlgRSAScheme represents a TPMI_ALG_RSA_SCHEME. See definition in Part 2: Structures, section 11.2.4.1.
type TPMIAlgSigScheme ¶ added in v0.9.0
type TPMIAlgSigScheme = TPMAlgID
TPMIAlgSigScheme represents a TPMI_ALG_SIG_SCHEME. See definition in Part 2: Structures, section 9.33.
type TPMIAlgSym ¶ added in v0.9.0
type TPMIAlgSym = TPMAlgID
TPMIAlgSym represents a TPMI_ALG_SYM. See definition in Part 2: Structures, section 9.29.
type TPMIAlgSymMode ¶ added in v0.9.0
type TPMIAlgSymMode = TPMAlgID
TPMIAlgSymMode represents a TPMI_ALG_SYM_MODE. See definition in Part 2: Structures, section 9.31.
type TPMIAlgSymObject ¶ added in v0.9.0
type TPMIAlgSymObject = TPMAlgID
TPMIAlgSymObject represents a TPMI_ALG_SYM_OBJECT. See definition in Part 2: Structures, section 9.30.
type TPMIDHContext ¶ added in v0.9.0
type TPMIDHContext = TPMHandle
TPMIDHContext represents a TPMI_DH_CONTEXT. See definition in Part 2: Structures, section 9.11.
type TPMIDHEntity ¶ added in v0.9.0
type TPMIDHEntity = TPMHandle
TPMIDHEntity represents a TPMI_DH_ENTITY. See definition in Part 2: Structures, section 9.6.
type TPMIDHObject ¶ added in v0.9.0
type TPMIDHObject = TPMHandle
TPMIDHObject represents a TPMI_DH_OBJECT. See definition in Part 2: Structures, section 9.3.
type TPMIDHPersistent ¶ added in v0.9.1
type TPMIDHPersistent = TPMHandle
TPMIDHPersistent represents a TPMI_DH_PERSISTENT. See definition in Part 2: Structures, section 9.5.
type TPMIDHSaved ¶ added in v0.9.0
type TPMIDHSaved = TPMHandle
TPMIDHSaved represents a TPMI_DH_SAVED. See definition in Part 2: Structures, section 9.12.
const ( // an ordinary transient object TPMIDHSavedTransient TPMIDHSaved = 0x80000000 // a sequence object TPMIDHSavedSequence TPMIDHSaved = 0x80000001 // a transient object with the stClear attribute SET TPMIDHSavedTransientClear TPMIDHSaved = 0x80000002 )
Saved Context transient object handles. See definition in Part 2: Structures, section 14.6.2 Context Handle Values come from table 211
type TPMIECCCurve ¶ added in v0.9.0
type TPMIECCCurve = TPMECCCurve
TPMIECCCurve represents a TPMI_ECC_CURVE. See definition in Part 2: Structures, section 11.2.5.5.
type TPMIRHAC ¶ added in v0.9.0
type TPMIRHAC = TPMHandle
TPMIRHAC represents a TPMI_RH_AC. See definition in Part 2: Structures, section 9.25.
type TPMIRHACT ¶ added in v0.9.0
type TPMIRHACT = TPMHandle
TPMIRHACT represents a TPMI_RH_ACT. See definition in Part 2: Structures, section 9.26.
type TPMIRHClear ¶ added in v0.9.0
type TPMIRHClear = TPMHandle
TPMIRHClear represents a TPMI_RH_CLEAR. See definition in Part 2: Structures, section 9.21.
type TPMIRHEnables ¶ added in v0.9.0
type TPMIRHEnables = TPMHandle
TPMIRHEnables represents a TPMI_RH_ENABLES. See definition in Part 2: Structures, section 9.14.
type TPMIRHEndorsement ¶ added in v0.9.0
type TPMIRHEndorsement = TPMHandle
TPMIRHEndorsement represents a TPMI_RH_ENDORSEMENT. See definition in Part 2: Structures, section 9.19.
type TPMIRHHierarchy ¶ added in v0.9.0
type TPMIRHHierarchy = TPMHandle
TPMIRHHierarchy represents a TPMI_RH_HIERARCHY. See definition in Part 2: Structures, section 9.13.
type TPMIRHHierarchyAuth ¶ added in v0.9.0
type TPMIRHHierarchyAuth = TPMHandle
TPMIRHHierarchyAuth represents a TPMI_RH_HIERARCHY_AUTH. See definition in Part 2: Structures, section 9.15.
type TPMIRHHierarchyPolicy ¶ added in v0.9.0
type TPMIRHHierarchyPolicy = TPMHandle
TPMIRHHierarchyPolicy represents a TPMI_RH_HIERARCHY_POLICY. See definition in Part 2: Structures, section 9.16.
type TPMIRHLockout ¶ added in v0.9.0
type TPMIRHLockout = TPMHandle
TPMIRHLockout represents a TPMI_RH_LOCKOUT. See definition in Part 2: Structures, section 9.23.
type TPMIRHNVAuth ¶ added in v0.9.0
type TPMIRHNVAuth = TPMHandle
TPMIRHNVAuth represents a TPMI_RH_NV_AUTH. See definition in Part 2: Structures, section 9.22.
type TPMIRHNVIndex ¶ added in v0.9.0
type TPMIRHNVIndex = TPMHandle
TPMIRHNVIndex represents a TPMI_RH_NV_INDEX. See definition in Part 2: Structures, section 9.24.
type TPMIRHOwner ¶ added in v0.9.0
type TPMIRHOwner = TPMHandle
TPMIRHOwner represents a TPMI_RH_OWNER. See definition in Part 2: Structures, section 9.18.
type TPMIRHPlatform ¶ added in v0.9.0
type TPMIRHPlatform = TPMHandle
TPMIRHPlatform represents a TPMI_RH_PLATFORM. See definition in Part 2: Structures, section 9.17.
type TPMIRHProvision ¶ added in v0.9.0
type TPMIRHProvision = TPMHandle
TPMIRHProvision represents a TPMI_RH_PROVISION. See definition in Part 2: Structures, section 9.20.
type TPMIRSAKeyBits ¶ added in v0.9.0
type TPMIRSAKeyBits = TPMKeyBits
TPMIRSAKeyBits represents a TPMI_RSA_KEY_BITS. See definition in Part 2: Structures, section 11.2.4.6.
type TPMISHAuthSession ¶ added in v0.9.0
type TPMISHAuthSession = TPMHandle
TPMISHAuthSession represents a TPMI_SH_AUTH_SESSION. See definition in Part 2: Structures, section 9.8.
type TPMISHHMAC ¶ added in v0.9.0
type TPMISHHMAC = TPMHandle
TPMISHHMAC represents a TPMI_SH_HMAC. See definition in Part 2: Structures, section 9.9.
type TPMISHPolicy ¶ added in v0.9.0
type TPMISHPolicy = TPMHandle
TPMISHPolicy represents a TPMI_SH_POLICY. See definition in Part 2: Structures, section 9.10.
type TPMISTAttest ¶ added in v0.9.0
type TPMISTAttest = TPMST
TPMISTAttest represents a TPMI_ST_ATTEST. See definition in Part 2: Structures, section 10.12.10.
type TPMISTCommandTag ¶ added in v0.9.0
type TPMISTCommandTag = TPMST
TPMISTCommandTag represents a TPMI_ST_COMMAND_TAG. See definition in Part 2: Structures, section 9.35.
type TPMIYesNo ¶ added in v0.9.0
type TPMIYesNo = bool
TPMIYesNo represents a TPMI_YES_NO. See definition in Part 2: Structures, section 9.2. Use native bool for TPMI_YES_NO; encoding/binary already treats this as 8 bits wide.
type TPMKeyBits ¶ added in v0.9.0
type TPMKeyBits uint16
TPMKeyBits represents a TPM_KEY_BITS. a key size in bits See definition in Part 2, Structures, section 5.3.
type TPMKeySize ¶ added in v0.9.0
type TPMKeySize uint16
TPMKeySize represents a TPM_KEY_SIZE. a key size in octets See definition in Part 2, Structures, section 5.3.
type TPMLACTData ¶ added in v0.9.0
type TPMLACTData struct { ACTData []TPMSACTData `gotpm:"list"` // contains filtered or unexported fields }
TPMLACTData represents a TPML_ACT_DATA. See definition in Part 2: Structures, section 10.9.13.
type TPMLAlg ¶ added in v0.9.0
type TPMLAlg struct { Algorithms []TPMAlgID `gotpm:"list"` // contains filtered or unexported fields }
TPMLAlg represents a TPML_ALG. See definition in Part 2: Structures, section 10.9.3.
type TPMLAlgProperty ¶ added in v0.9.0
type TPMLAlgProperty struct { AlgProperties []TPMSAlgProperty `gotpm:"list"` // contains filtered or unexported fields }
TPMLAlgProperty represents a TPML_ALG_PROPERTY. See definition in Part 2: Structures, section 10.9.8.
type TPMLCC ¶ added in v0.9.0
type TPMLCC struct { CommandCodes []TPMCC `gotpm:"list"` // contains filtered or unexported fields }
TPMLCC represents a TPML_CC. See definition in Part 2: Structures, section 10.9.1.
type TPMLCCA ¶ added in v0.9.0
type TPMLCCA struct { CommandAttributes []TPMACC `gotpm:"list"` // contains filtered or unexported fields }
TPMLCCA represents a TPML_CCA. See definition in Part 2: Structures, section 10.9.2.
type TPMLDigest ¶ added in v0.3.0
type TPMLDigest struct { // a list of digests Digests []TPM2BDigest `gotpm:"list"` // contains filtered or unexported fields }
TPMLDigest represents a TPML_DIGEST. See definition in Part 2: Structures, section 10.9.5.
type TPMLDigestValues ¶ added in v0.9.0
type TPMLDigestValues struct { // a list of tagged digests Digests []TPMTHA `gotpm:"list"` // contains filtered or unexported fields }
TPMLDigestValues represents a TPML_DIGEST_VALUES. See definition in Part 2: Structures, section 10.9.6.
type TPMLECCCurve ¶ added in v0.9.0
type TPMLECCCurve struct { ECCCurves []TPMECCCurve `gotpm:"list"` // contains filtered or unexported fields }
TPMLECCCurve represents a TPML_ECC_CURVE. See definition in Part 2: Structures, section 10.9.11.
type TPMLHandle ¶ added in v0.9.0
type TPMLHandle struct { Handle []TPMHandle `gotpm:"list"` // contains filtered or unexported fields }
TPMLHandle represents a TPML_HANDLE. See definition in Part 2: Structures, section 10.9.4.
type TPMLPCRSelection ¶ added in v0.9.0
type TPMLPCRSelection struct { PCRSelections []TPMSPCRSelection `gotpm:"list"` // contains filtered or unexported fields }
TPMLPCRSelection represents a TPML_PCR_SELECTION. See definition in Part 2: Structures, section 10.9.7.
type TPMLTaggedPCRProperty ¶ added in v0.9.0
type TPMLTaggedPCRProperty struct { PCRProperty []TPMSTaggedPCRSelect `gotpm:"list"` // contains filtered or unexported fields }
TPMLTaggedPCRProperty represents a TPML_TAGGED_PCR_PROPERTY. See definition in Part 2: Structures, section 10.9.10.
type TPMLTaggedPolicy ¶ added in v0.9.0
type TPMLTaggedPolicy struct { Policies []TPMSTaggedPolicy `gotpm:"list"` // contains filtered or unexported fields }
TPMLTaggedPolicy represents a TPML_TAGGED_POLICY. See definition in Part 2: Structures, section 10.9.12.
type TPMLTaggedTPMProperty ¶ added in v0.9.0
type TPMLTaggedTPMProperty struct { TPMProperty []TPMSTaggedProperty `gotpm:"list"` // contains filtered or unexported fields }
TPMLTaggedTPMProperty represents a TPML_TAGGED_TPM_PROPERTY. See definition in Part 2: Structures, section 10.9.9.
type TPMModifierIndicator ¶ added in v0.9.0
type TPMModifierIndicator uint32
TPMModifierIndicator represents a TPM_MODIFIER_INDICATOR. See definition in Part 2, Structures, section 5.3.
type TPMNT ¶ added in v0.9.0
type TPMNT uint8
TPMNT represents a TPM_NT. See definition in Part 2: Structures, section 13.4.
const ( // contains data that is opaque to the TPM that can only be modified // using TPM2_NV_Write(). TPMNTOrdinary TPMNT = 0x0 // contains an 8-octet value that is to be used as a counter and can // only be modified with TPM2_NV_Increment() TPMNTCounter TPMNT = 0x1 // contains an 8-octet value to be used as a bit field and can only be // modified with TPM2_NV_SetBits(). TPMNTBits TPMNT = 0x2 // contains a digest-sized value used like a PCR. The Index can only be // modified using TPM2_NV_Extend(). The extend will use the nameAlg of // the Index. TPMNTExtend TPMNT = 0x4 // contains pinCount that increments on a PIN authorization failure and // a pinLimit TPMNTPinFail TPMNT = 0x8 // contains pinCount that increments on a PIN authorization success and // a pinLimit TPMNTPinPass TPMNT = 0x9 )
TPMNT values come from Part 2: Structures, section 13.2.
type TPMPT ¶ added in v0.9.0
type TPMPT uint32
TPMPT represents a TPM_PT. See definition in Part 2: Structures, section 6.13.
const ( // a 4-octet character string containing the TPM Family value // (TPM_SPEC_FAMILY) TPMPTFamilyIndicator TPMPT = 0x00000100 // the level of the specification TPMPTLevel TPMPT = 0x00000101 // the specification Revision times 100 TPMPTRevision TPMPT = 0x00000102 // the specification day of year using TCG calendar TPMPTDayofYear TPMPT = 0x00000103 // the specification year using the CE TPMPTYear TPMPT = 0x00000104 // the vendor ID unique to each TPM manufacturer TPMPTManufacturer TPMPT = 0x00000105 // the first four characters of the vendor ID string TPMPTVendorString1 TPMPT = 0x00000106 // the second four characters of the vendor ID string TPMPTVendorString2 TPMPT = 0x00000107 // the third four characters of the vendor ID string TPMPTVendorString3 TPMPT = 0x00000108 // the fourth four characters of the vendor ID sting TPMPTVendorString4 TPMPT = 0x00000109 // vendor-defined value indicating the TPM model TPMPTVendorTPMType TPMPT = 0x0000010A // the most-significant 32 bits of a TPM vendor-specific value // indicating the version number of the firmware. TPMPTFirmwareVersion1 TPMPT = 0x0000010B // the least-significant 32 bits of a TPM vendor-specific value // indicating the version number of the firmware. TPMPTFirmwareVersion2 TPMPT = 0x0000010C // the maximum size of a parameter TPM2B_MAX_BUFFER) TPMPTInputBuffer TPMPT = 0x0000010D // the minimum number of transient objects that can be held in TPM RAM TPMPTHRTransientMin TPMPT = 0x0000010E // the minimum number of persistent objects that can be held in TPM NV // memory TPMPTHRPersistentMin TPMPT = 0x0000010F // the minimum number of authorization sessions that can be held in TPM // RAM TPMPTHRLoadedMin TPMPT = 0x00000110 // the number of authorization sessions that may be active at a time TPMPTActiveSessionsMax TPMPT = 0x00000111 // the number of PCR implemented TPMPTPCRCount TPMPT = 0x00000112 // the minimum number of octets in a TPMS_PCR_SELECT.sizeOfSelect TPMPTPCRSelectMin TPMPT = 0x00000113 // the maximum allowed difference (unsigned) between the contextID // values of two saved session contexts TPMPTContextGapMax TPMPT = 0x00000114 // the maximum number of NV Indexes that are allowed to have the // TPM_NT_COUNTER attribute TPMPTNVCountersMax TPMPT = 0x00000116 // the maximum size of an NV Index data area TPMPTNVIndexMax TPMPT = 0x00000117 // a TPMA_MEMORY indicating the memory management method for the TPM TPMPTMemory TPMPT = 0x00000118 // interval, in milliseconds, between updates to the copy of // TPMS_CLOCK_INFO.clock in NV TPMPTClockUpdate TPMPT = 0x00000119 // the algorithm used for the integrity HMAC on saved contexts and for // hashing the fuData of TPM2_FirmwareRead() TPMPTContextHash TPMPT = 0x0000011A // TPM_ALG_ID, the algorithm used for encryption of saved contexts TPMPTContextSym TPMPT = 0x0000011B // TPM_KEY_BITS, the size of the key used for encryption of saved // contexts TPMPTContextSymSize TPMPT = 0x0000011C // the modulus - 1 of the count for NV update of an orderly counter TPMPTOrderlyCount TPMPT = 0x0000011D // the maximum value for commandSize in a command TPMPTMaxCommandSize TPMPT = 0x0000011E // the maximum value for responseSize in a response TPMPTMaxResponseSize TPMPT = 0x0000011F // the maximum size of a digest that can be produced by the TPM TPMPTMaxDigest TPMPT = 0x00000120 // the maximum size of an object context that will be returned by // TPM2_ContextSave TPMPTMaxObjectContext TPMPT = 0x00000121 // the maximum size of a session context that will be returned by // TPM2_ContextSave TPMPTMaxSessionContext TPMPT = 0x00000122 // platform-specific family (a TPM_PS value)(see Table 25) TPMPTPSFamilyIndicator TPMPT = 0x00000123 // the level of the platform-specific specification TPMPTPSLevel TPMPT = 0x00000124 // a platform specific value TPMPTPSRevision TPMPT = 0x00000125 // the platform-specific TPM specification day of year using TCG // calendar TPMPTPSDayOfYear TPMPT = 0x00000126 // the platform-specific TPM specification year using the CE TPMPTPSYear TPMPT = 0x00000127 // the number of split signing operations supported by the TPM TPMPTSplitMax TPMPT = 0x00000128 // total number of commands implemented in the TPM TPMPTTotalCommands TPMPT = 0x00000129 // number of commands from the TPM library that are implemented TPMPTLibraryCommands TPMPT = 0x0000012A // number of vendor commands that are implemented TPMPTVendorCommands TPMPT = 0x0000012B // the maximum data size in one NV write, NV read, NV extend, or NV // certify command TPMPTNVBufferMax TPMPT = 0x0000012C // a TPMA_MODES value, indicating that the TPM is designed for these // modes. TPMPTModes TPMPT = 0x0000012D // the maximum size of a TPMS_CAPABILITY_DATA structure returned in // TPM2_GetCapability(). TPMPTMaxCapBuffer TPMPT = 0x0000012E // TPMA_PERMANENT TPMPTPermanent TPMPT = 0x00000200 // TPMA_STARTUP_CLEAR TPMPTStartupClear TPMPT = 0x00000201 // the number of NV Indexes currently defined TPMPTHRNVIndex TPMPT = 0x00000202 // the number of authorization sessions currently loaded into TPM RAM TPMPTHRLoaded TPMPT = 0x00000203 // the number of additional authorization sessions, of any type, that // could be loaded into TPM RAM TPMPTHRLoadedAvail TPMPT = 0x00000204 // the number of active authorization sessions currently being tracked // by the TPM TPMPTHRActive TPMPT = 0x00000205 // the number of additional authorization sessions, of any type, that // could be created TPMPTHRActiveAvail TPMPT = 0x00000206 // estimate of the number of additional transient objects that could be // loaded into TPM RAM TPMPTHRTransientAvail TPMPT = 0x00000207 // the number of persistent objects currently loaded into TPM NV memory TPMPTHRPersistent TPMPT = 0x00000208 // the number of additional persistent objects that could be loaded into // NV memory TPMPTHRPersistentAvail TPMPT = 0x00000209 // the number of defined NV Indexes that have NV the TPM_NT_COUNTER // attribute TPMPTNVCounters TPMPT = 0x0000020A // the number of additional NV Indexes that can be defined with their // TPM_NT of TPM_NV_COUNTER and the TPMA_NV_ORDERLY attribute SET TPMPTNVCountersAvail TPMPT = 0x0000020B // code that limits the algorithms that may be used with the TPM TPMPTAlgorithmSet TPMPT = 0x0000020C // the number of loaded ECC curves TPMPTLoadedCurves TPMPT = 0x0000020D // the current value of the lockout counter (failedTries) TPMPTLockoutCounter TPMPT = 0x0000020E // the number of authorization failures before DA lockout is invoked TPMPTMaxAuthFail TPMPT = 0x0000020F // the number of seconds before the value reported by // TPM_PT_LOCKOUT_COUNTER is decremented TPMPTLockoutInterval TPMPT = 0x00000210 // the number of seconds after a lockoutAuth failure before use of // lockoutAuth may be attempted again TPMPTLockoutRecovery TPMPT = 0x00000211 // number of milliseconds before the TPM will accept another command // that will modify NV TPMPTNVWriteRecovery TPMPT = 0x00000212 // the high-order 32 bits of the command audit counter TPMPTAuditCounter0 TPMPT = 0x00000213 // the low-order 32 bits of the command audit counter TPMPTAuditCounter1 TPMPT = 0x00000214 )
TPMPT values come from Part 2: Structures, section 6.13.
type TPMPTPCR ¶ added in v0.9.0
type TPMPTPCR uint32
TPMPTPCR represents a TPM_PT_PCR. See definition in Part 2: Structures, section 6.14.
const ( // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is saved and // restored by TPM_SU_STATE TPMPTPCRSave TPMPTPCR = 0x00000000 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be // extended from locality 0 TPMPTPCRExtendL0 TPMPTPCR = 0x00000001 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset // by TPM2_PCR_Reset() from locality 0 TPMPTPCRResetL0 TPMPTPCR = 0x00000002 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be // extended from locality 1 TPMPTPCRExtendL1 TPMPTPCR = 0x00000003 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset // by TPM2_PCR_Reset() from locality 1 TPMPTPCRResetL1 TPMPTPCR = 0x00000004 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be // extended from locality 2 TPMPTPCRExtendL2 TPMPTPCR = 0x00000005 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset // by TPM2_PCR_Reset() from locality 2 TPMPTPCRResetL2 TPMPTPCR = 0x00000006 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be // extended from locality 3 TPMPTPCRExtendL3 TPMPTPCR = 0x00000007 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset // by TPM2_PCR_Reset() from locality 3 TPMPTPCRResetL3 TPMPTPCR = 0x00000008 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be // extended from locality 4 TPMPTPCRExtendL4 TPMPTPCR = 0x00000009 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset // by TPM2_PCR_Reset() from locality 4 TPMPTPCRResetL4 TPMPTPCR = 0x0000000A // a SET bit in the TPMS_PCR_SELECT indicates that modifications to this // PCR (reset or Extend) will not increment the pcrUpdateCounter TPMPTPCRNoIncrement TPMPTPCR = 0x00000011 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is reset by a // D-RTM event TPMPTPCRDRTMRest TPMPTPCR = 0x00000012 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled // by policy TPMPTPCRPolicy TPMPTPCR = 0x00000013 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled // by an authorization value TPMPTPCRAuth TPMPTPCR = 0x00000014 )
TPMPTPCR values come from Part 2: Structures, section 6.14.
type TPMParameterSize ¶ added in v0.9.0
type TPMParameterSize uint32
TPMParameterSize represents a TPM_PARAMETER_SIZE. the parameterSize parameter in a command See definition in Part 2, Structures, section 5.3.
type TPMRC ¶ added in v0.9.0
type TPMRC uint32
TPMRC represents a TPM_RC. See definition in Part 2: Structures, section 6.6.
const ( TPMRCSuccess TPMRC = 0x00000000 // FMT0 error codes TPMRCInitialize TPMRC = rcVer1 + 0x000 TPMRCFailure TPMRC = rcVer1 + 0x001 TPMRCSequence TPMRC = rcVer1 + 0x003 TPMRCPrivate TPMRC = rcVer1 + 0x00B TPMRCHMAC TPMRC = rcVer1 + 0x019 TPMRCDisabled TPMRC = rcVer1 + 0x020 TPMRCExclusive TPMRC = rcVer1 + 0x021 TPMRCAuthType TPMRC = rcVer1 + 0x024 TPMRCAuthMissing TPMRC = rcVer1 + 0x025 TPMRCPolicy TPMRC = rcVer1 + 0x026 TPMRCPCR TPMRC = rcVer1 + 0x027 TPMRCPCRChanged TPMRC = rcVer1 + 0x028 TPMRCUpgrade TPMRC = rcVer1 + 0x02D TPMRCTooManyContexts TPMRC = rcVer1 + 0x02E TPMRCReboot TPMRC = rcVer1 + 0x030 TPMRCUnbalanced TPMRC = rcVer1 + 0x031 TPMRCCommandSize TPMRC = rcVer1 + 0x042 TPMRCCommandCode TPMRC = rcVer1 + 0x043 TPMRCAuthSize TPMRC = rcVer1 + 0x044 TPMRCAuthContext TPMRC = rcVer1 + 0x045 TPMRCNVRange TPMRC = rcVer1 + 0x046 TPMRCNVSize TPMRC = rcVer1 + 0x047 TPMRCNVLocked TPMRC = rcVer1 + 0x048 TPMRCNVAuthorization TPMRC = rcVer1 + 0x049 TPMRCNVUninitialized TPMRC = rcVer1 + 0x04A TPMRCNVSpace TPMRC = rcVer1 + 0x04B TPMRCNVDefined TPMRC = rcVer1 + 0x04C TPMRCBadContext TPMRC = rcVer1 + 0x050 TPMRCCPHash TPMRC = rcVer1 + 0x051 TPMRCParent TPMRC = rcVer1 + 0x052 TPMRCNeedsTest TPMRC = rcVer1 + 0x053 TPMRCNoResult TPMRC = rcVer1 + 0x054 TPMRCSensitive TPMRC = rcVer1 + 0x055 // FMT1 error codes TPMRCAsymmetric TPMRC = rcFmt1 + 0x001 TPMRCAttributes TPMRC = rcFmt1 + 0x002 TPMRCHash TPMRC = rcFmt1 + 0x003 TPMRCValue TPMRC = rcFmt1 + 0x004 TPMRCHierarchy TPMRC = rcFmt1 + 0x005 TPMRCKeySize TPMRC = rcFmt1 + 0x007 TPMRCMGF TPMRC = rcFmt1 + 0x008 TPMRCMode TPMRC = rcFmt1 + 0x009 TPMRCType TPMRC = rcFmt1 + 0x00A TPMRCHandle TPMRC = rcFmt1 + 0x00B TPMRCKDF TPMRC = rcFmt1 + 0x00C TPMRCRange TPMRC = rcFmt1 + 0x00D TPMRCAuthFail TPMRC = rcFmt1 + 0x00E TPMRCNonce TPMRC = rcFmt1 + 0x00F TPMRCPP TPMRC = rcFmt1 + 0x010 TPMRCScheme TPMRC = rcFmt1 + 0x012 TPMRCSize TPMRC = rcFmt1 + 0x015 TPMRCSymmetric TPMRC = rcFmt1 + 0x016 TPMRCTag TPMRC = rcFmt1 + 0x017 TPMRCSelector TPMRC = rcFmt1 + 0x018 TPMRCInsufficient TPMRC = rcFmt1 + 0x01A TPMRCSignature TPMRC = rcFmt1 + 0x01B TPMRCKey TPMRC = rcFmt1 + 0x01C TPMRCPolicyFail TPMRC = rcFmt1 + 0x01D TPMRCIntegrity TPMRC = rcFmt1 + 0x01F TPMRCTicket TPMRC = rcFmt1 + 0x020 TPMRCReservedBits TPMRC = rcFmt1 + 0x021 TPMRCBadAuth TPMRC = rcFmt1 + 0x022 TPMRCExpired TPMRC = rcFmt1 + 0x023 TPMRCPolicyCC TPMRC = rcFmt1 + 0x024 TPMRCBinding TPMRC = rcFmt1 + 0x025 TPMRCCurve TPMRC = rcFmt1 + 0x026 TPMRCECCPoint TPMRC = rcFmt1 + 0x027 // Warnings TPMRCContextGap TPMRC = rcWarn + 0x001 TPMRCObjectMemory TPMRC = rcWarn + 0x002 TPMRCSessionMemory TPMRC = rcWarn + 0x003 TPMRCMemory TPMRC = rcWarn + 0x004 TPMRCSessionHandles TPMRC = rcWarn + 0x005 TPMRCObjectHandles TPMRC = rcWarn + 0x006 TPMRCLocality TPMRC = rcWarn + 0x007 TPMRCYielded TPMRC = rcWarn + 0x008 TPMRCCanceled TPMRC = rcWarn + 0x009 TPMRCTesting TPMRC = rcWarn + 0x00A TPMRCReferenceH0 TPMRC = rcWarn + 0x010 TPMRCReferenceH1 TPMRC = rcWarn + 0x011 TPMRCReferenceH2 TPMRC = rcWarn + 0x012 TPMRCReferenceH3 TPMRC = rcWarn + 0x013 TPMRCReferenceH4 TPMRC = rcWarn + 0x014 TPMRCReferenceH5 TPMRC = rcWarn + 0x015 TPMRCReferenceH6 TPMRC = rcWarn + 0x016 TPMRCReferenceS0 TPMRC = rcWarn + 0x018 TPMRCReferenceS1 TPMRC = rcWarn + 0x019 TPMRCReferenceS2 TPMRC = rcWarn + 0x01A TPMRCReferenceS3 TPMRC = rcWarn + 0x01B TPMRCReferenceS4 TPMRC = rcWarn + 0x01C TPMRCReferenceS5 TPMRC = rcWarn + 0x01D TPMRCReferenceS6 TPMRC = rcWarn + 0x01E TPMRCNVRate TPMRC = rcWarn + 0x020 TPMRCLockout TPMRC = rcWarn + 0x021 TPMRCRetry TPMRC = rcWarn + 0x022 )
TPMRC values come from Part 2: Structures, section 6.6.3.
func (TPMRC) As ¶ added in v0.9.0
As returns whether the error can be assigned to the given interface type. If supported, it updates the value pointed at by target. Supports the Fmt1Error type.
func (TPMRC) Error ¶ added in v0.9.0
Error produces a nice human-readable representation of the error, parsing TPM FMT1 errors as needed.
type TPMRspHeader ¶ added in v0.9.0
type TPMRspHeader struct { Tag TPMISTCommandTag Length uint32 ResponseCode TPMRC // contains filtered or unexported fields }
TPMRspHeader is the header structure in front of any TPM response. It is described in Part 1, Architecture.
type TPMSACTData ¶ added in v0.9.0
type TPMSACTData struct { // a permanent handle Handle TPMHandle // the current timeout of the ACT Timeout uint32 // the state of the ACT Attributes TPMAACT // contains filtered or unexported fields }
TPMSACTData represents a TPMS_ACT_DATA. See definition in Part 2: Structures, section 10.8.5.
type TPMSAlgProperty ¶ added in v0.9.0
type TPMSAlgProperty struct { // an algorithm identifier Alg TPMAlgID // the attributes of the algorithm AlgProperties TPMAAlgorithm // contains filtered or unexported fields }
TPMSAlgProperty represents a TPMS_ALG_PROPERTY. See definition in Part 2: Structures, section 10.8.1.
type TPMSAttest ¶ added in v0.9.0
type TPMSAttest struct { // the indication that this structure was created by a TPM (always TPM_GENERATED_VALUE) Magic TPMGenerated `gotpm:"check"` // type of the attestation structure Type TPMISTAttest // Qualified Name of the signing key QualifiedSigner TPM2BName // external information supplied by caller ExtraData TPM2BData // Clock, resetCount, restartCount, and Safe ClockInfo TPMSClockInfo // TPM-vendor-specific value identifying the version number of the firmware FirmwareVersion uint64 // the type-specific attestation information Attested TPMUAttest `gotpm:"tag=Type"` // contains filtered or unexported fields }
TPMSAttest represents a TPMS_ATTEST. See definition in Part 2: Structures, section 10.12.12.
type TPMSAuthCommand ¶ added in v0.9.0
type TPMSAuthCommand struct { Handle TPMISHAuthSession Nonce TPM2BNonce Attributes TPMASession Authorization TPM2BData // contains filtered or unexported fields }
TPMSAuthCommand represents a TPMS_AUTH_COMMAND. See definition in Part 2: Structures, section 10.13.2.
type TPMSAuthResponse ¶ added in v0.9.0
type TPMSAuthResponse struct { Nonce TPM2BNonce Attributes TPMASession Authorization TPM2BData // contains filtered or unexported fields }
TPMSAuthResponse represents a TPMS_AUTH_RESPONSE. See definition in Part 2: Structures, section 10.13.3.
type TPMSCapabilityData ¶ added in v0.9.0
type TPMSCapabilityData struct { // the capability Capability TPMCap // the capability data Data TPMUCapabilities `gotpm:"tag=Capability"` // contains filtered or unexported fields }
TPMSCapabilityData represents a TPMS_CAPABILITY_DATA. See definition in Part 2: Structures, section 10.10.2.
type TPMSCertifyInfo ¶ added in v0.9.0
type TPMSCertifyInfo struct { // Name of the certified object Name TPM2BName // Qualified Name of the certified object QualifiedName TPM2BName // contains filtered or unexported fields }
TPMSCertifyInfo represents a TPMS_CERTIFY_INFO. See definition in Part 2: Structures, section 10.12.3.
type TPMSClockInfo ¶ added in v0.9.0
type TPMSClockInfo struct { // time value in milliseconds that advances while the TPM is powered Clock uint64 // number of occurrences of TPM Reset since the last TPM2_Clear() ResetCount uint32 // number of times that TPM2_Shutdown() or _TPM_Hash_Start have // occurred since the last TPM Reset or TPM2_Clear(). RestartCount uint32 // no value of Clock greater than the current value of Clock has been // previously reported by the TPM. Set to YES on TPM2_Clear(). Safe TPMIYesNo // contains filtered or unexported fields }
TPMSClockInfo represents a TPMS_CLOCK_INFO. See definition in Part 2: Structures, section 10.11.1.
type TPMSCommandAuditInfo ¶ added in v0.9.0
type TPMSCommandAuditInfo struct { // the monotonic audit counter AuditCounter uint64 // hash algorithm used for the command audit DigestAlg TPMAlgID // the current value of the audit digest AuditDigest TPM2BDigest // digest of the command codes being audited using digestAlg CommandDigest TPM2BDigest // contains filtered or unexported fields }
TPMSCommandAuditInfo represents a TPMS_COMMAND_AUDIT_INFO. See definition in Part 2: Structures, section 10.12.5.
type TPMSContext ¶ added in v0.9.0
type TPMSContext struct { // the sequence number of the context Sequence uint64 // a handle indicating if the context is a session, object, or sequence object SavedHandle TPMIDHSaved // the hierarchy of the context Hierarchy TPMIRHHierarchy // the context data and integrity HMAC ContextBlob TPM2BContextData // contains filtered or unexported fields }
TPMSContext represents a TPMS_CONTEXT See definition in Part 2: Structures, section 14.5.
type TPMSContextData ¶ added in v0.9.0
type TPMSContextData struct { // the integrity value Integrity TPM2BDigest // the sensitive area Encrypted TPM2BContextSensitive // contains filtered or unexported fields }
TPMSContextData represents a TPMS_CONTEXT_DATA See definition in Part 2: Structures, section 14.3.
type TPMSCreationData ¶ added in v0.9.0
type TPMSCreationData struct { // list indicating the PCR included in pcrDigest PCRSelect TPMLPCRSelection // digest of the selected PCR using nameAlg of the object for which // this structure is being created PCRDigest TPM2BDigest // the locality at which the object was created Locality TPMALocality // nameAlg of the parent ParentNameAlg TPMAlgID // Name of the parent at time of creation ParentName TPM2BName // Qualified Name of the parent at the time of creation ParentQualifiedName TPM2BName // association with additional information added by the key OutsideInfo TPM2BData // contains filtered or unexported fields }
TPMSCreationData represents a TPMS_CREATION_DATA. See definition in Part 2: Structures, section 15.1.
type TPMSCreationInfo ¶ added in v0.9.0
type TPMSCreationInfo struct { // Name of the object ObjectName TPM2BName // creationHash CreationHash TPM2BDigest // contains filtered or unexported fields }
TPMSCreationInfo represents a TPMS_CREATION_INFO. See definition in Part 2: Structures, section 10.12.7.
type TPMSDerive ¶ added in v0.9.0
type TPMSDerive struct { Label TPM2BLabel Context TPM2BLabel // contains filtered or unexported fields }
TPMSDerive represents a TPMS_DERIVE. See definition in Part 2: Structures, section 11.1.11.
type TPMSE ¶ added in v0.9.0
type TPMSE uint8
TPMSE represents a TPM_SE. See definition in Part 2: Structures, section 6.11.
type TPMSECCParms ¶ added in v0.9.0
type TPMSECCParms struct { // for a restricted decryption key, shall be set to a supported // symmetric algorithm, key size. and mode. // if the key is not a restricted decryption key, this field shall // be set to TPM_ALG_NULL. Symmetric TPMTSymDefObject // If the sign attribute of the key is SET, then this shall be a // valid signing scheme. Scheme TPMTECCScheme // ECC curve ID CurveID TPMIECCCurve // an optional key derivation scheme for generating a symmetric key // from a Z value // If the kdf parameter associated with curveID is not TPM_ALG_NULL // then this is required to be NULL. KDF TPMTKDFScheme // contains filtered or unexported fields }
TPMSECCParms represents a TPMS_ECC_PARMS. See definition in Part 2: Structures, section 12.2.3.6.
type TPMSECCPoint ¶ added in v0.9.0
type TPMSECCPoint struct { // X coordinate X TPM2BECCParameter // Y coordinate Y TPM2BECCParameter // contains filtered or unexported fields }
TPMSECCPoint represents a TPMS_ECC_POINT. See definition in Part 2: Structures, section 11.2.5.2.
type TPMSEmpty ¶ added in v0.9.0
type TPMSEmpty struct {
// contains filtered or unexported fields
}
TPMSEmpty represents a TPMS_EMPTY. See definition in Part 2: Structures, section 10.1.
type TPMSEncSchemeOAEP ¶ added in v0.9.0
type TPMSEncSchemeOAEP TPMSSchemeHash
TPMSEncSchemeOAEP represents a TPMS_ENC_SCHEME_OAEP. See definition in Part 2: Structures, section 11.2.2.2.
type TPMSEncSchemeRSAES ¶ added in v0.9.0
type TPMSEncSchemeRSAES TPMSEmpty
TPMSEncSchemeRSAES represents a TPMS_ENC_SCHEME_RSAES. See definition in Part 2: Structures, section 11.2.2.2.
type TPMSKDFSchemeECDH ¶ added in v0.9.0
type TPMSKDFSchemeECDH TPMSSchemeHash
TPMSKDFSchemeECDH represents a TPMS_KDF_SCHEME_ECDH. See definition in Part 2: Structures, section 11.2.3.1.
type TPMSKDFSchemeKDF1SP800108 ¶ added in v0.9.0
type TPMSKDFSchemeKDF1SP800108 TPMSSchemeHash
TPMSKDFSchemeKDF1SP800108 represents a TPMS_KDF_SCHEME_KDF1SP800108. See definition in Part 2: Structures, section 11.2.3.1.
type TPMSKDFSchemeKDF1SP80056A ¶ added in v0.9.0
type TPMSKDFSchemeKDF1SP80056A TPMSSchemeHash
TPMSKDFSchemeKDF1SP80056A represents a TPMS_KDF_SCHEME_KDF1SP80056A. See definition in Part 2: Structures, section 11.2.3.1.
type TPMSKDFSchemeKDF2 ¶ added in v0.9.0
type TPMSKDFSchemeKDF2 TPMSSchemeHash
TPMSKDFSchemeKDF2 represents a TPMS_KDF_SCHEME_KDF2. See definition in Part 2: Structures, section 11.2.3.1.
type TPMSKDFSchemeMGF1 ¶ added in v0.9.0
type TPMSKDFSchemeMGF1 TPMSSchemeHash
TPMSKDFSchemeMGF1 represents a TPMS_KDF_SCHEME_MGF1. See definition in Part 2: Structures, section 11.2.3.1.
type TPMSKeySchemeECDH ¶ added in v0.9.0
type TPMSKeySchemeECDH TPMSSchemeHash
TPMSKeySchemeECDH represents a TPMS_KEY_SCHEME_ECDH. See definition in Part 2: Structures, section 11.2.2.3.
type TPMSKeyedHashParms ¶ added in v0.9.0
type TPMSKeyedHashParms struct { // Indicates the signing method used for a keyedHash signing // object. This field also determines the size of the data field // for a data object created with TPM2_Create() or // TPM2_CreatePrimary(). Scheme TPMTKeyedHashScheme // contains filtered or unexported fields }
TPMSKeyedHashParms represents a TPMS_KEYEDHASH_PARMS. See definition in Part 2: Structures, section 12.2.3.3.
type TPMSNVCertifyInfo ¶ added in v0.9.0
type TPMSNVCertifyInfo struct { // Name of the NV Index IndexName TPM2BName // the offset parameter of TPM2_NV_Certify() Offset uint16 // contents of the NV Index NVContents TPM2BData // contains filtered or unexported fields }
TPMSNVCertifyInfo represents a TPMS_NV_CERTIFY_INFO. See definition in Part 2: Structures, section 10.12.8.
type TPMSNVDigestCertifyInfo ¶ added in v0.9.0
type TPMSNVDigestCertifyInfo struct { // Name of the NV Index IndexName TPM2BName // hash of the contents of the index NVDigest TPM2BDigest // contains filtered or unexported fields }
TPMSNVDigestCertifyInfo represents a TPMS_NV_DIGEST_CERTIFY_INFO. See definition in Part 2: Structures, section 10.12.9.
type TPMSNVPublic ¶ added in v0.9.0
type TPMSNVPublic struct { // the handle of the data area NVIndex TPMIRHNVIndex // hash algorithm used to compute the name of the Index and used for // the authPolicy. For an extend index, the hash algorithm used for the // extend. NameAlg TPMIAlgHash // the Index attributes Attributes TPMANV // optional access policy for the Index AuthPolicy TPM2BDigest // the size of the data area DataSize uint16 // contains filtered or unexported fields }
TPMSNVPublic represents a TPMS_NV_PUBLIC. See definition in Part 2: Structures, section 13.5.
type TPMSPCRSelection ¶ added in v0.9.0
type TPMSPCRSelection struct { Hash TPMIAlgHash PCRSelect []byte `gotpm:"sized8"` // contains filtered or unexported fields }
TPMSPCRSelection represents a TPMS_PCR_SELECTION. See definition in Part 2: Structures, section 10.6.2.
type TPMSQuoteInfo ¶ added in v0.9.0
type TPMSQuoteInfo struct { // information on algID, PCR selected and digest PCRSelect TPMLPCRSelection // digest of the selected PCR using the hash of the signing key PCRDigest TPM2BDigest // contains filtered or unexported fields }
TPMSQuoteInfo represents a TPMS_QUOTE_INFO. See definition in Part 2: Structures, section 10.12.4.
type TPMSRSAParms ¶ added in v0.9.0
type TPMSRSAParms struct { // for a restricted decryption key, shall be set to a supported // symmetric algorithm, key size, and mode. // if the key is not a restricted decryption key, this field shall // be set to TPM_ALG_NULL. Symmetric TPMTSymDefObject // scheme.scheme shall be: // for an unrestricted signing key, either TPM_ALG_RSAPSS // TPM_ALG_RSASSA or TPM_ALG_NULL // for a restricted signing key, either TPM_ALG_RSAPSS or // TPM_ALG_RSASSA // for an unrestricted decryption key, TPM_ALG_RSAES, TPM_ALG_OAEP, // or TPM_ALG_NULL unless the object also has the sign attribute // for a restricted decryption key, TPM_ALG_NULL Scheme TPMTRSAScheme // number of bits in the public modulus KeyBits TPMIRSAKeyBits // the public exponent // A prime number greater than 2. Exponent uint32 // contains filtered or unexported fields }
TPMSRSAParms represents a TPMS_RSA_PARMS. See definition in Part 2: Structures, section 12.2.3.5.
type TPMSSchemeECDAA ¶ added in v0.9.0
type TPMSSchemeECDAA struct { // the hash algorithm used to digest the message HashAlg TPMIAlgHash // the counter value that is used between TPM2_Commit() // and the sign operation Count uint16 // contains filtered or unexported fields }
TPMSSchemeECDAA represents a TPMS_SCHEME_ECDAA. See definition in Part 2: Structures, section 11.1.18.
type TPMSSchemeHMAC ¶ added in v0.9.0
type TPMSSchemeHMAC TPMSSchemeHash
TPMSSchemeHMAC represents a TPMS_SCHEME_HMAC. See definition in Part 2: Structures, section 11.1.20.
type TPMSSchemeHash ¶ added in v0.9.0
type TPMSSchemeHash struct { // the hash algorithm used to digest the message HashAlg TPMIAlgHash // contains filtered or unexported fields }
TPMSSchemeHash represents a TPMS_SCHEME_HASH. See definition in Part 2: Structures, section 11.1.17.
type TPMSSchemeXOR ¶ added in v0.9.0
type TPMSSchemeXOR struct { // the hash algorithm used to digest the message HashAlg TPMIAlgHash // the key derivation function KDF TPMIAlgKDF // contains filtered or unexported fields }
TPMSSchemeXOR represents a TPMS_SCHEME_XOR. See definition in Part 2: Structures, section 11.1.21.
type TPMSSensitiveCreate ¶ added in v0.9.0
type TPMSSensitiveCreate struct { // the USER auth secret value. UserAuth TPM2BAuth // data to be sealed, a key, or derivation values. Data TPMUSensitiveCreate // contains filtered or unexported fields }
TPMSSensitiveCreate represents a TPMS_SENSITIVE_CREATE. See definition in Part 2: Structures, section 11.1.15.
type TPMSSessionAuditInfo ¶ added in v0.9.0
type TPMSSessionAuditInfo struct { // current exclusive status of the session ExclusiveSession TPMIYesNo // the current value of the session audit digest SessionDigest TPM2BDigest // contains filtered or unexported fields }
TPMSSessionAuditInfo represents a TPMS_SESSION_AUDIT_INFO. See definition in Part 2: Structures, section 10.12.6.
type TPMSSigSchemeECDSA ¶ added in v0.9.0
type TPMSSigSchemeECDSA TPMSSchemeHash
TPMSSigSchemeECDSA represents a TPMS_SIG_SCHEME_ECDSA. See definition in Part 2: Structures, section 11.2.1.3.
type TPMSSigSchemeRSAPSS ¶ added in v0.9.0
type TPMSSigSchemeRSAPSS TPMSSchemeHash
TPMSSigSchemeRSAPSS represents a TPMS_SIG_SCHEME_RSAPSS. See definition in Part 2: Structures, section 11.2.1.2.
type TPMSSigSchemeRSASSA ¶ added in v0.9.0
type TPMSSigSchemeRSASSA TPMSSchemeHash
TPMSSigSchemeRSASSA represents a TPMS_SIG_SCHEME_RSASSA. See definition in Part 2: Structures, section 11.2.1.2.
type TPMSSignatureECC ¶ added in v0.9.0
type TPMSSignatureECC struct { // the hash algorithm used in the signature process Hash TPMIAlgHash SignatureR TPM2BECCParameter SignatureS TPM2BECCParameter // contains filtered or unexported fields }
TPMSSignatureECC represents a TPMS_SIGNATURE_ECC. See definition in Part 2: Structures, section 11.3.2.
type TPMSSignatureRSA ¶ added in v0.9.0
type TPMSSignatureRSA struct { // the hash algorithm used to digest the message Hash TPMIAlgHash // The signature is the size of a public key. Sig TPM2BPublicKeyRSA // contains filtered or unexported fields }
TPMSSignatureRSA represents a TPMS_SIGNATURE_RSA. See definition in Part 2: Structures, section 11.3.1.
type TPMSSymCipherParms ¶ added in v0.9.0
type TPMSSymCipherParms struct { // a symmetric block cipher Sym TPMTSymDefObject // contains filtered or unexported fields }
TPMSSymCipherParms represents a TPMS_SYMCIPHER_PARMS. See definition in Part 2: Structures, section 11.1.9.
type TPMST ¶ added in v0.9.0
type TPMST uint16
TPMST represents a TPM_ST. See definition in Part 2: Structures, section 6.9.
const ( TPMSTRspCommand TPMST = 0x00C4 TPMSTNull TPMST = 0x8000 TPMSTNoSessions TPMST = 0x8001 TPMSTSessions TPMST = 0x8002 TPMSTAttestNV TPMST = 0x8014 TPMSTAttestCommandAudit TPMST = 0x8015 TPMSTAttestSessionAudit TPMST = 0x8016 TPMSTAttestCertify TPMST = 0x8017 TPMSTAttestQuote TPMST = 0x8018 TPMSTAttestTime TPMST = 0x8019 TPMSTAttestCreation TPMST = 0x801A TPMSTAttestNVDigest TPMST = 0x801C TPMSTCreation TPMST = 0x8021 TPMSTVerified TPMST = 0x8022 TPMSTAuthSecret TPMST = 0x8023 TPMSTHashCheck TPMST = 0x8024 TPMSTAuthSigned TPMST = 0x8025 TPMSTFuManifest TPMST = 0x8029 )
TPMST values come from Part 2: Structures, section 6.9.
type TPMSTaggedPCRSelect ¶ added in v0.9.0
type TPMSTaggedPCRSelect struct { // the property identifier Tag TPMPTPCR // the bit map of PCR with the identified property PCRSelect []byte `gotpm:"sized8"` // contains filtered or unexported fields }
TPMSTaggedPCRSelect represents a TPMS_TAGGED_PCR_SELECT. See definition in Part 2: Structures, section 10.8.3.
type TPMSTaggedPolicy ¶ added in v0.9.0
type TPMSTaggedPolicy struct { // a permanent handle Handle TPMHandle // the policy algorithm and hash PolicyHash TPMTHA // contains filtered or unexported fields }
TPMSTaggedPolicy represents a TPMS_TAGGED_POLICY. See definition in Part 2: Structures, section 10.8.4.
type TPMSTaggedProperty ¶ added in v0.9.0
type TPMSTaggedProperty struct { // a property identifier Property TPMPT // the value of the property Value uint32 // contains filtered or unexported fields }
TPMSTaggedProperty represents a TPMS_TAGGED_PROPERTY. See definition in Part 2: Structures, section 10.8.2.
type TPMSTimeAttestInfo ¶ added in v0.9.0
type TPMSTimeAttestInfo struct { // the Time, Clock, resetCount, restartCount, and Safe indicator Time TPMSTimeInfo // a TPM vendor-specific value indicating the version number of the firmware FirmwareVersion uint64 // contains filtered or unexported fields }
TPMSTimeAttestInfo represents a TPMS_TIME_ATTEST_INFO. See definition in Part 2: Structures, section 10.12.2.
type TPMSTimeInfo ¶ added in v0.9.0
type TPMSTimeInfo struct { // time in milliseconds since the TIme circuit was last reset Time uint64 // a structure containing the clock information ClockInfo TPMSClockInfo // contains filtered or unexported fields }
TPMSTimeInfo represents a TPMS_TIMEzINFO. See definition in Part 2: Structures, section 10.11.6.
type TPMSU ¶ added in v0.9.0
type TPMSU uint16
TPMSU represents a TPM_SU. See definition in Part 2: Structures, section 6.10.
type TPMTECCScheme ¶ added in v0.9.0
type TPMTECCScheme struct { // scheme selector Scheme TPMIAlgECCScheme `gotpm:"nullable"` // scheme parameters Details TPMUAsymScheme `gotpm:"tag=Scheme"` // contains filtered or unexported fields }
TPMTECCScheme represents a TPMT_ECC_SCHEME. See definition in Part 2: Structures, section 11.2.5.6.
type TPMTHA ¶ added in v0.9.0
type TPMTHA struct { // selector of the hash contained in the digest that implies the size of the digest HashAlg TPMIAlgHash `gotpm:"nullable"` // the digest data // NOTE: For convenience, this is not implemented as a union. Digest []byte // contains filtered or unexported fields }
TPMTHA represents a TPMT_HA. See definition in Part 2: Structures, section 10.3.2.
type TPMTKDFScheme ¶ added in v0.9.0
type TPMTKDFScheme struct { // scheme selector Scheme TPMIAlgKDF `gotpm:"nullable"` // scheme parameters Details TPMUKDFScheme `gotpm:"tag=Scheme"` // contains filtered or unexported fields }
TPMTKDFScheme represents a TPMT_KDF_SCHEME. See definition in Part 2: Structures, section 11.2.3.3.
type TPMTKeyedHashScheme ¶ added in v0.9.0
type TPMTKeyedHashScheme struct { Scheme TPMIAlgKeyedHashScheme `gotpm:"nullable"` Details TPMUSchemeKeyedHash `gotpm:"tag=Scheme"` // contains filtered or unexported fields }
TPMTKeyedHashScheme represents a TPMT_KEYEDHASH_SCHEME. See definition in Part 2: Structures, section 11.1.23.
type TPMTPublic ¶ added in v0.9.0
type TPMTPublic struct { // “algorithm” associated with this object Type TPMIAlgPublic // algorithm used for computing the Name of the object NameAlg TPMIAlgHash // attributes that, along with type, determine the manipulations // of this object ObjectAttributes TPMAObject // optional policy for using this key // The policy is computed using the nameAlg of the object. AuthPolicy TPM2BDigest // the algorithm or structure details Parameters TPMUPublicParms `gotpm:"tag=Type"` // the unique identifier of the structure // For an asymmetric key, this would be the public key. Unique TPMUPublicID `gotpm:"tag=Type"` // contains filtered or unexported fields }
TPMTPublic represents a TPMT_PUBLIC. See definition in Part 2: Structures, section 12.2.4.
type TPMTPublicParms ¶ added in v0.9.1
type TPMTPublicParms struct { // algorithm to be tested Type TPMIAlgPublic // algorithm details Parameters TPMUPublicParms `gotpm:"tag=Type"` // contains filtered or unexported fields }
TPMTPublicParms represents a TPMT_PUBLIC_PARMS. See definition in Part 2: Structures, section 12.2.3.8.
type TPMTRSADecrypt ¶ added in v0.9.1
type TPMTRSADecrypt struct { // scheme selector Scheme TPMIAlgRSADecrypt `gotpm:"nullable"` // scheme parameters Details TPMUAsymScheme `gotpm:"tag=Scheme"` // contains filtered or unexported fields }
TPMTRSADecrypt represents a TPMT_RSA_DECRYPT. See definition in Part 2: Structures, section 11.2.4.4.
type TPMTRSAScheme ¶ added in v0.9.0
type TPMTRSAScheme struct { // scheme selector Scheme TPMIAlgRSAScheme `gotpm:"nullable"` // scheme parameters Details TPMUAsymScheme `gotpm:"tag=Scheme"` // contains filtered or unexported fields }
TPMTRSAScheme represents a TPMT_RSA_SCHEME. See definition in Part 2: Structures, section 11.2.4.2.
type TPMTSensitive ¶ added in v0.9.0
type TPMTSensitive struct { // identifier for the sensitive area SensitiveType TPMIAlgPublic // user authorization data AuthValue TPM2BAuth // for a parent object, the optional protection seed; for other objects, // the obfuscation value SeedValue TPM2BDigest // the type-specific private data Sensitive TPMUSensitiveComposite `gotpm:"tag=SensitiveType"` // contains filtered or unexported fields }
TPMTSensitive represents a TPMT_SENSITIVE. See definition in Part 2: Structures, section 12.3.2.4.
type TPMTSigScheme ¶ added in v0.9.0
type TPMTSigScheme struct { Scheme TPMIAlgSigScheme `gotpm:"nullable"` Details TPMUSigScheme `gotpm:"tag=Scheme"` // contains filtered or unexported fields }
TPMTSigScheme represents a TPMT_SIG_SCHEME. See definition in Part 2: Structures, section 11.2.1.5.
type TPMTSignature ¶ added in v0.9.0
type TPMTSignature struct { // selector of the algorithm used to construct the signature SigAlg TPMIAlgSigScheme `gotpm:"nullable"` // This shall be the actual signature information. Signature TPMUSignature `gotpm:"tag=SigAlg"` // contains filtered or unexported fields }
TPMTSignature represents a TPMT_SIGNATURE. See definition in Part 2: Structures, section 11.3.4.
type TPMTSymDef ¶ added in v0.9.0
type TPMTSymDef struct { // indicates a symmetric algorithm Algorithm TPMIAlgSym `gotpm:"nullable"` // the key size KeyBits TPMUSymKeyBits `gotpm:"tag=Algorithm"` // the mode for the key Mode TPMUSymMode `gotpm:"tag=Algorithm"` // contains the additional algorithm details Details TPMUSymDetails `gotpm:"tag=Algorithm"` // contains filtered or unexported fields }
TPMTSymDef represents a TPMT_SYM_DEF. See definition in Part 2: Structures, section 11.1.6.
type TPMTSymDefObject ¶ added in v0.9.0
type TPMTSymDefObject struct { // selects a symmetric block cipher // When used in the parameter area of a parent object, this shall // be a supported block cipher and not TPM_ALG_NULL Algorithm TPMIAlgSymObject `gotpm:"nullable"` // the key size KeyBits TPMUSymKeyBits `gotpm:"tag=Algorithm"` // default mode // When used in the parameter area of a parent object, this shall // be TPM_ALG_CFB. Mode TPMUSymMode `gotpm:"tag=Algorithm"` // contains the additional algorithm details, if any Details TPMUSymDetails `gotpm:"tag=Algorithm"` // contains filtered or unexported fields }
TPMTSymDefObject represents a TPMT_SYM_DEF_OBJECT. See definition in Part 2: Structures, section 11.1.7.
type TPMTTKAuth ¶ added in v0.9.0
type TPMTTKAuth struct { // ticket structure tag Tag TPMST // the hierarchy of the object used to produce the ticket Hierarchy TPMIRHHierarchy `gotpm:"nullable"` // This shall be the HMAC produced using a proof value of hierarchy. Digest TPM2BDigest // contains filtered or unexported fields }
TPMTTKAuth represents a TPMT_TK_AUTH. See definition in Part 2: Structures, section 10.7.5.
type TPMTTKCreation ¶ added in v0.9.0
type TPMTTKCreation struct { // ticket structure tag Tag TPMST // the hierarchy containing name Hierarchy TPMIRHHierarchy // This shall be the HMAC produced using a proof value of hierarchy. Digest TPM2BDigest // contains filtered or unexported fields }
TPMTTKCreation represents a TPMT_TK_CREATION. See definition in Part 2: Structures, section 10.7.3.
type TPMTTKHashCheck ¶ added in v0.9.0
type TPMTTKHashCheck struct { // ticket structure tag Tag TPMST // the hierarchy Hierarchy TPMIRHHierarchy `gotpm:"nullable"` // This shall be the HMAC produced using a proof value of hierarchy. Digest TPM2BDigest // contains filtered or unexported fields }
TPMTTKHashCheck represents a TPMT_TK_HASHCHECK. See definition in Part 2: Structures, section 10.7.6.
type TPMTTKVerified ¶ added in v0.9.0
type TPMTTKVerified struct { // ticket structure tag Tag TPMST // the hierarchy containing keyName Hierarchy TPMIRHHierarchy // This shall be the HMAC produced using a proof value of hierarchy. Digest TPM2BDigest // contains filtered or unexported fields }
TPMTTKVerified represents a TPMT_TK_Verified. See definition in Part 2: Structures, section 10.7.4.
type TPMTTemplate ¶ added in v0.9.0
type TPMTTemplate struct { // “algorithm” associated with this object Type TPMIAlgPublic // algorithm used for computing the Name of the object NameAlg TPMIAlgHash // attributes that, along with type, determine the manipulations // of this object ObjectAttributes TPMAObject // optional policy for using this key // The policy is computed using the nameAlg of the object. AuthPolicy TPM2BDigest // the algorithm or structure details Parameters TPMUPublicParms `gotpm:"tag=Type"` // the derivation parameters Unique TPMSDerive // contains filtered or unexported fields }
TPMTTemplate represents a TPMT_TEMPLATE. It is not defined in the spec. It represents the alternate form of TPMT_PUBLIC for TPM2B_TEMPLATE as described in Part 2: Structures, 12.2.6.
type TPMUAsymScheme ¶ added in v0.9.0
type TPMUAsymScheme struct {
// contains filtered or unexported fields
}
TPMUAsymScheme represents a TPMU_ASYM_SCHEME. See definition in Part 2: Structures, section 11.2.3.5.
func NewTPMUAsymScheme ¶ added in v0.9.0
func NewTPMUAsymScheme[C AsymSchemeContents](selector TPMAlgID, contents C) TPMUAsymScheme
NewTPMUAsymScheme instantiates a TPMUAsymScheme with the given contents.
func (*TPMUAsymScheme) ECDAA ¶ added in v0.9.0
func (u *TPMUAsymScheme) ECDAA() (*TPMSSchemeECDAA, error)
ECDAA returns the 'ecdaa' member of the union.
func (*TPMUAsymScheme) ECDH ¶ added in v0.9.0
func (u *TPMUAsymScheme) ECDH() (*TPMSKeySchemeECDH, error)
ECDH returns the 'ecdh' member of the union.
func (*TPMUAsymScheme) ECDSA ¶ added in v0.9.0
func (u *TPMUAsymScheme) ECDSA() (*TPMSSigSchemeECDSA, error)
ECDSA returns the 'ecdsa' member of the union.
func (*TPMUAsymScheme) OAEP ¶ added in v0.9.0
func (u *TPMUAsymScheme) OAEP() (*TPMSEncSchemeOAEP, error)
OAEP returns the 'oaep' member of the union.
func (*TPMUAsymScheme) RSAES ¶ added in v0.9.0
func (u *TPMUAsymScheme) RSAES() (*TPMSEncSchemeRSAES, error)
RSAES returns the 'rsaes' member of the union.
func (*TPMUAsymScheme) RSAPSS ¶ added in v0.9.0
func (u *TPMUAsymScheme) RSAPSS() (*TPMSSigSchemeRSAPSS, error)
RSAPSS returns the 'rsapss' member of the union.
func (*TPMUAsymScheme) RSASSA ¶ added in v0.9.0
func (u *TPMUAsymScheme) RSASSA() (*TPMSSigSchemeRSASSA, error)
RSASSA returns the 'rsassa' member of the union.
type TPMUAttest ¶ added in v0.9.0
type TPMUAttest struct {
// contains filtered or unexported fields
}
TPMUAttest represents a TPMU_ATTEST. See definition in Part 2: Structures, section 10.12.11.
func NewTPMUAttest ¶ added in v0.9.0
func NewTPMUAttest[C AttestContents](selector TPMST, contents C) TPMUAttest
NewTPMUAttest instantiates a TPMUAttest with the given contents.
func (*TPMUAttest) Certify ¶ added in v0.9.0
func (u *TPMUAttest) Certify() (*TPMSCertifyInfo, error)
Certify returns the 'certify' member of the union.
func (*TPMUAttest) CommandAudit ¶ added in v0.9.0
func (u *TPMUAttest) CommandAudit() (*TPMSCommandAuditInfo, error)
CommandAudit returns the 'commandAudit' member of the union.
func (*TPMUAttest) Creation ¶ added in v0.9.0
func (u *TPMUAttest) Creation() (*TPMSCreationInfo, error)
Creation returns the 'creation' member of the union.
func (*TPMUAttest) NV ¶ added in v0.9.0
func (u *TPMUAttest) NV() (*TPMSNVCertifyInfo, error)
NV returns the 'nv' member of the union.
func (*TPMUAttest) NVDigest ¶ added in v0.9.0
func (u *TPMUAttest) NVDigest() (*TPMSNVDigestCertifyInfo, error)
NVDigest returns the 'nvDigest' member of the union.
func (*TPMUAttest) Quote ¶ added in v0.9.0
func (u *TPMUAttest) Quote() (*TPMSQuoteInfo, error)
Quote returns the 'quote' member of the union.
func (*TPMUAttest) SessionAudit ¶ added in v0.9.0
func (u *TPMUAttest) SessionAudit() (*TPMSSessionAuditInfo, error)
SessionAudit returns the 'sessionAudit' member of the union.
func (*TPMUAttest) Time ¶ added in v0.9.0
func (u *TPMUAttest) Time() (*TPMSTimeAttestInfo, error)
Time returns the 'time' member of the union.
type TPMUCapabilities ¶ added in v0.9.0
type TPMUCapabilities struct {
// contains filtered or unexported fields
}
TPMUCapabilities represents a TPMU_CAPABILITIES. See definition in Part 2: Structures, section 10.10.1.
func NewTPMUCapabilities ¶ added in v0.9.0
func NewTPMUCapabilities[C CapabilitiesContents](selector TPMCap, contents C) TPMUCapabilities
NewTPMUCapabilities instantiates a TPMUCapabilities with the given contents.
func (*TPMUCapabilities) ACTData ¶ added in v0.9.0
func (u *TPMUCapabilities) ACTData() (*TPMLACTData, error)
ACTData returns the 'actData' member of the union.
func (*TPMUCapabilities) Algorithms ¶ added in v0.9.0
func (u *TPMUCapabilities) Algorithms() (*TPMLAlgProperty, error)
Algorithms returns the 'algorithms' member of the union.
func (*TPMUCapabilities) AssignedPCR ¶ added in v0.9.0
func (u *TPMUCapabilities) AssignedPCR() (*TPMLPCRSelection, error)
AssignedPCR returns the 'assignedPCR' member of the union.
func (*TPMUCapabilities) AuditCommands ¶ added in v0.9.0
func (u *TPMUCapabilities) AuditCommands() (*TPMLCC, error)
AuditCommands returns the 'auditCommands' member of the union.
func (*TPMUCapabilities) AuthPolicies ¶ added in v0.9.0
func (u *TPMUCapabilities) AuthPolicies() (*TPMLTaggedPolicy, error)
AuthPolicies returns the 'authPolicies' member of the union.
func (*TPMUCapabilities) Command ¶ added in v0.9.0
func (u *TPMUCapabilities) Command() (*TPMLCCA, error)
Command returns the 'command' member of the union.
func (*TPMUCapabilities) ECCCurves ¶ added in v0.9.0
func (u *TPMUCapabilities) ECCCurves() (*TPMLECCCurve, error)
ECCCurves returns the 'eccCurves' member of the union.
func (*TPMUCapabilities) Handles ¶ added in v0.9.0
func (u *TPMUCapabilities) Handles() (*TPMLHandle, error)
Handles returns the 'handles' member of the union.
func (*TPMUCapabilities) PCRProperties ¶ added in v0.9.0
func (u *TPMUCapabilities) PCRProperties() (*TPMLTaggedPCRProperty, error)
PCRProperties returns the 'pcrProperties' member of the union.
func (*TPMUCapabilities) PPCommands ¶ added in v0.9.0
func (u *TPMUCapabilities) PPCommands() (*TPMLCC, error)
PPCommands returns the 'ppCommands' member of the union.
func (*TPMUCapabilities) TPMProperties ¶ added in v0.9.0
func (u *TPMUCapabilities) TPMProperties() (*TPMLTaggedTPMProperty, error)
TPMProperties returns the 'tpmProperties' member of the union.
type TPMUKDFScheme ¶ added in v0.9.0
type TPMUKDFScheme struct {
// contains filtered or unexported fields
}
TPMUKDFScheme represents a TPMU_KDF_SCHEME. See definition in Part 2: Structures, section 11.2.3.2.
func NewTPMUKDFScheme ¶ added in v0.9.0
func NewTPMUKDFScheme[C KDFSchemeContents](selector TPMAlgID, contents C) TPMUKDFScheme
NewTPMUKDFScheme instantiates a TPMUKDFScheme with the given contents.
func (*TPMUKDFScheme) Bits ¶ added in v0.9.0
func (u *TPMUKDFScheme) Bits() (*TPM2BSensitiveData, error)
Bits returns the 'bits' member of the union.
func (*TPMUKDFScheme) ECC ¶ added in v0.9.0
func (u *TPMUKDFScheme) ECC() (*TPM2BECCParameter, error)
ECC returns the 'ecc' member of the union.
func (*TPMUKDFScheme) ECDH ¶ added in v0.9.0
func (u *TPMUKDFScheme) ECDH() (*TPMSKDFSchemeECDH, error)
ECDH returns the 'ecdh' member of the union.
func (*TPMUKDFScheme) KDF1SP800108 ¶ added in v0.9.0
func (u *TPMUKDFScheme) KDF1SP800108() (*TPMSKDFSchemeKDF1SP800108, error)
KDF1SP800108 returns the 'kdf1sp800108' member of the union.
func (*TPMUKDFScheme) KDF1SP80056A ¶ added in v0.9.0
func (u *TPMUKDFScheme) KDF1SP80056A() (*TPMSKDFSchemeKDF1SP80056A, error)
KDF1SP80056A returns the 'kdf1sp80056a' member of the union.
func (*TPMUKDFScheme) KDF2 ¶ added in v0.9.0
func (u *TPMUKDFScheme) KDF2() (*TPMSKDFSchemeKDF2, error)
KDF2 returns the 'kdf2' member of the union.
func (*TPMUKDFScheme) MGF1 ¶ added in v0.9.0
func (u *TPMUKDFScheme) MGF1() (*TPMSKDFSchemeMGF1, error)
MGF1 returns the 'mgf1' member of the union.
func (*TPMUKDFScheme) RSA ¶ added in v0.9.0
func (u *TPMUKDFScheme) RSA() (*TPM2BPrivateKeyRSA, error)
RSA returns the 'rsa' member of the union.
func (*TPMUKDFScheme) Sym ¶ added in v0.9.0
func (u *TPMUKDFScheme) Sym() (*TPM2BSymKey, error)
Sym returns the 'sym' member of the union.
type TPMUPublicID ¶ added in v0.9.0
type TPMUPublicID struct {
// contains filtered or unexported fields
}
TPMUPublicID represents a TPMU_PUBLIC_ID. See definition in Part 2: Structures, section 12.2.3.2.
func NewTPMUPublicID ¶ added in v0.9.0
func NewTPMUPublicID[C PublicIDContents](selector TPMAlgID, contents C) TPMUPublicID
NewTPMUPublicID instantiates a TPMUPublicID with the given contents.
func (*TPMUPublicID) ECC ¶ added in v0.9.0
func (u *TPMUPublicID) ECC() (*TPMSECCPoint, error)
ECC returns the 'ecc' member of the union.
func (*TPMUPublicID) KeyedHash ¶ added in v0.9.0
func (u *TPMUPublicID) KeyedHash() (*TPM2BDigest, error)
KeyedHash returns the 'keyedHash' member of the union.
func (*TPMUPublicID) RSA ¶ added in v0.9.0
func (u *TPMUPublicID) RSA() (*TPM2BPublicKeyRSA, error)
RSA returns the 'rsa' member of the union.
func (*TPMUPublicID) SymCipher ¶ added in v0.9.0
func (u *TPMUPublicID) SymCipher() (*TPM2BDigest, error)
SymCipher returns the 'symCipher' member of the union.
type TPMUPublicParms ¶ added in v0.9.0
type TPMUPublicParms struct {
// contains filtered or unexported fields
}
TPMUPublicParms represents a TPMU_PUBLIC_PARMS. See definition in Part 2: Structures, section 12.2.3.7.
func NewTPMUPublicParms ¶ added in v0.9.0
func NewTPMUPublicParms[C PublicParmsContents](selector TPMAlgID, contents C) TPMUPublicParms
NewTPMUPublicParms instantiates a TPMUPublicParms with the given contents.
func (*TPMUPublicParms) ECCDetail ¶ added in v0.9.0
func (u *TPMUPublicParms) ECCDetail() (*TPMSECCParms, error)
ECCDetail returns the 'eccDetail' member of the union.
func (*TPMUPublicParms) KeyedHashDetail ¶ added in v0.9.0
func (u *TPMUPublicParms) KeyedHashDetail() (*TPMSKeyedHashParms, error)
KeyedHashDetail returns the 'keyedHashDetail' member of the union.
func (*TPMUPublicParms) RSADetail ¶ added in v0.9.0
func (u *TPMUPublicParms) RSADetail() (*TPMSRSAParms, error)
RSADetail returns the 'rsaDetail' member of the union.
func (*TPMUPublicParms) SymDetail ¶ added in v0.9.0
func (u *TPMUPublicParms) SymDetail() (*TPMSSymCipherParms, error)
SymDetail returns the 'symDetail' member of the union.
type TPMUSchemeKeyedHash ¶ added in v0.9.0
type TPMUSchemeKeyedHash struct {
// contains filtered or unexported fields
}
TPMUSchemeKeyedHash represents a TPMU_SCHEME_KEYEDHASH. See definition in Part 2: Structures, section 11.1.22.
func NewTPMUSchemeKeyedHash ¶ added in v0.9.0
func NewTPMUSchemeKeyedHash[C SchemeKeyedHashContents](selector TPMAlgID, contents C) TPMUSchemeKeyedHash
NewTPMUSchemeKeyedHash instantiates a TPMUSchemeKeyedHash with the given contents.
func (*TPMUSchemeKeyedHash) HMAC ¶ added in v0.9.0
func (u *TPMUSchemeKeyedHash) HMAC() (*TPMSSchemeHMAC, error)
HMAC returns the 'hmac' member of the union.
func (*TPMUSchemeKeyedHash) XOR ¶ added in v0.9.0
func (u *TPMUSchemeKeyedHash) XOR() (*TPMSSchemeXOR, error)
XOR returns the 'xor' member of the union.
type TPMUSensitiveComposite ¶ added in v0.9.0
type TPMUSensitiveComposite struct {
// contains filtered or unexported fields
}
TPMUSensitiveComposite represents a TPMU_SENSITIVE_COMPOSITE. See definition in Part 2: Structures, section 12.3.2.3.
func NewTPMUSensitiveComposite ¶ added in v0.9.0
func NewTPMUSensitiveComposite[C SensitiveCompositeContents](selector TPMAlgID, contents C) TPMUSensitiveComposite
NewTPMUSensitiveComposite instantiates a TPMUSensitiveComposite with the given contents.
type TPMUSensitiveCreate ¶ added in v0.9.0
type TPMUSensitiveCreate struct {
// contains filtered or unexported fields
}
TPMUSensitiveCreate represents a TPMU_SENSITIVE_CREATE. See definition in Part 2: Structures, section 11.1.13.
func NewTPMUSensitiveCreate ¶ added in v0.9.0
func NewTPMUSensitiveCreate[C SensitiveCreateContents](contents C) TPMUSensitiveCreate
NewTPMUSensitiveCreate instantiates a TPMUSensitiveCreate with the given contents.
type TPMUSigScheme ¶ added in v0.9.0
type TPMUSigScheme struct {
// contains filtered or unexported fields
}
TPMUSigScheme represents a TPMU_SIG_SCHEME. See definition in Part 2: Structures, section 11.2.1.4.
func NewTPMUSigScheme ¶ added in v0.9.0
func NewTPMUSigScheme[C SigSchemeContents](selector TPMAlgID, contents C) TPMUSigScheme
NewTPMUSigScheme instantiates a TPMUSigScheme with the given contents.
func (*TPMUSigScheme) ECDAA ¶ added in v0.9.0
func (u *TPMUSigScheme) ECDAA() (*TPMSSchemeECDAA, error)
ECDAA returns the 'ecdaa' member of the union.
func (*TPMUSigScheme) ECDSA ¶ added in v0.9.0
func (u *TPMUSigScheme) ECDSA() (*TPMSSchemeHash, error)
ECDSA returns the 'ecdsa' member of the union.
func (*TPMUSigScheme) HMAC ¶ added in v0.9.0
func (u *TPMUSigScheme) HMAC() (*TPMSSchemeHMAC, error)
HMAC returns the 'hmac' member of the union.
func (*TPMUSigScheme) RSAPSS ¶ added in v0.9.0
func (u *TPMUSigScheme) RSAPSS() (*TPMSSchemeHash, error)
RSAPSS returns the 'rsapss' member of the union.
func (*TPMUSigScheme) RSASSA ¶ added in v0.9.0
func (u *TPMUSigScheme) RSASSA() (*TPMSSchemeHash, error)
RSASSA returns the 'rsassa' member of the union.
type TPMUSignature ¶ added in v0.9.0
type TPMUSignature struct {
// contains filtered or unexported fields
}
TPMUSignature represents a TPMU_SIGNATURE. See definition in Part 2: Structures, section 11.3.3.
func NewTPMUSignature ¶ added in v0.9.0
func NewTPMUSignature[C SignatureContents](selector TPMAlgID, contents C) TPMUSignature
NewTPMUSignature instantiates a TPMUSignature with the given contents.
func (*TPMUSignature) ECDAA ¶ added in v0.9.0
func (u *TPMUSignature) ECDAA() (*TPMSSignatureECC, error)
ECDAA returns the 'ecdaa' member of the union.
func (*TPMUSignature) ECDSA ¶ added in v0.9.0
func (u *TPMUSignature) ECDSA() (*TPMSSignatureECC, error)
ECDSA returns the 'ecdsa' member of the union.
func (*TPMUSignature) HMAC ¶ added in v0.9.0
func (u *TPMUSignature) HMAC() (*TPMTHA, error)
HMAC returns the 'hmac' member of the union.
func (*TPMUSignature) RSAPSS ¶ added in v0.9.0
func (u *TPMUSignature) RSAPSS() (*TPMSSignatureRSA, error)
RSAPSS returns the 'rsapss' member of the union.
func (*TPMUSignature) RSASSA ¶ added in v0.9.0
func (u *TPMUSignature) RSASSA() (*TPMSSignatureRSA, error)
RSASSA returns the 'rsassa' member of the union.
type TPMUSymDetails ¶ added in v0.9.0
type TPMUSymDetails struct {
// contains filtered or unexported fields
}
TPMUSymDetails represents a TPMU_SYM_DETAILS. See definition in Part 2: Structures, section 11.1.5.
type TPMUSymKeyBits ¶ added in v0.9.0
type TPMUSymKeyBits struct {
// contains filtered or unexported fields
}
TPMUSymKeyBits represents a TPMU_SYM_KEY_BITS. See definition in Part 2: Structures, section 11.1.3.
func NewTPMUSymKeyBits ¶ added in v0.9.0
func NewTPMUSymKeyBits[C SymKeyBitsContents](selector TPMAlgID, contents C) TPMUSymKeyBits
NewTPMUSymKeyBits instantiates a TPMUSymKeyBits with the given contents.
func (*TPMUSymKeyBits) AES ¶ added in v0.9.0
func (u *TPMUSymKeyBits) AES() (*TPMKeyBits, error)
AES returns the 'aes' member of the union.
func (*TPMUSymKeyBits) XOR ¶ added in v0.9.0
func (u *TPMUSymKeyBits) XOR() (*TPMAlgID, error)
XOR returns the 'xor' member of the union.
type TPMUSymMode ¶ added in v0.9.0
type TPMUSymMode struct {
// contains filtered or unexported fields
}
TPMUSymMode represents a TPMU_SYM_MODE. See definition in Part 2: Structures, section 11.1.4.
func NewTPMUSymDetails ¶ added in v0.9.0
func NewTPMUSymDetails[C SymDetailsContents](selector TPMAlgID, contents C) TPMUSymMode
NewTPMUSymDetails instantiates a TPMUSymDetails with the given contents.
func NewTPMUSymMode ¶ added in v0.9.0
func NewTPMUSymMode[C SymModeContents](selector TPMAlgID, contents C) TPMUSymMode
NewTPMUSymMode instantiates a TPMUSymMode with the given contents.
func (*TPMUSymMode) AES ¶ added in v0.9.0
func (u *TPMUSymMode) AES() (*TPMIAlgSymMode, error)
AES returns the 'aes' member of the union.
type TemplateContents ¶ added in v0.9.0
type TemplateContents interface { Marshallable *TPMTPublic | *TPMTTemplate }
TemplateContents is a type constraint representing the possible contents of TPMUTemplate.
type TestParms ¶ added in v0.9.1
type TestParms struct { // Algorithms parameters to be validates Parameters TPMTPublicParms }
TestParms is the input to TPM2_TestParms. See definition in Part 3, Commands, section 30.3
type TestParmsResponse ¶ added in v0.9.1
type TestParmsResponse struct{}
TestParmsResponse is the response from TPM2_TestParms.
type Unmarshallable ¶ added in v0.9.0
type Unmarshallable interface { Marshallable // contains filtered or unexported methods }
Unmarshallable represents any TPM type that can be marshalled or unmarshalled.
type Unseal ¶
type Unseal struct {
ItemHandle handle `gotpm:"handle,auth"`
}
Unseal is the input to TPM2_Unseal. See definition in Part 3, Commands, section 12.7
type UnsealResponse ¶ added in v0.9.0
type UnsealResponse struct {
OutData TPM2BSensitiveData
}
UnsealResponse is the response from TPM2_Unseal.
type VerifySignature ¶ added in v0.9.0
type VerifySignature struct { // handle of public key that will be used in the validation KeyHandle handle `gotpm:"handle"` // digest of the signed message Digest TPM2BDigest // signature to be tested Signature TPMTSignature }
VerifySignature is the input to TPM2_VerifySignature. See definition in Part 3, Commands, section 20.1
func (VerifySignature) Command ¶ added in v0.9.0
func (VerifySignature) Command() TPMCC
Command implements the Command interface.
func (VerifySignature) Execute ¶ added in v0.9.0
func (cmd VerifySignature) Execute(t transport.TPM, s ...Session) (*VerifySignatureResponse, error)
Execute executes the command and returns the response.
type VerifySignatureResponse ¶ added in v0.9.0
type VerifySignatureResponse struct {
Validation TPMTTKVerified
}
VerifySignatureResponse is the response from TPM2_VerifySignature.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package transport implements types for physically talking to TPMs.
|
Package transport implements types for physically talking to TPMs. |
simulator
Package simulator provides access to a local simulator for TPM testing.
|
Package simulator provides access to a local simulator for TPM testing. |