tpm2

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 14, 2024 License: Apache-2.0 Imports: 23 Imported by: 236

Documentation

Overview

Package tpm2 provides 1:1 mapping to TPM 2.0 APIs.

Package tpm2 defines all the TPM 2.0 structures together to avoid import cycles

Package tpm2 contains TPM 2.0 commands and structures.

Index

Constants

View Source
const (
	TPMAlgSHA          = TPMAlgSHA1
	TPMCCHMAC          = TPMCCMAC
	TPMCCHMACStart     = TPMCCMACStart
	TPMHTLoadedSession = TPMHTHMACSession
	TPMHTSavedSession  = TPMHTPolicySession
)

Hash algorithm IDs and command codes that got re-used.

View Source
const (
	// EncryptIn specifies a decrypt session.
	EncryptIn parameterEncryptiontpm2ion = 1 + iota
	// EncryptOut specifies an encrypt session.
	EncryptOut
	// EncryptInOut specifies a decrypt+encrypt session.
	EncryptInOut
)

Variables

View Source
var (
	// RSASRKTemplate contains the TCG reference RSA-2048 SRK template.
	// https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf
	RSASRKTemplate = TPMTPublic{
		Type:    TPMAlgRSA,
		NameAlg: TPMAlgSHA256,
		ObjectAttributes: TPMAObject{
			FixedTPM:             true,
			STClear:              false,
			FixedParent:          true,
			SensitiveDataOrigin:  true,
			UserWithAuth:         true,
			AdminWithPolicy:      false,
			NoDA:                 true,
			EncryptedDuplication: false,
			Restricted:           true,
			Decrypt:              true,
			SignEncrypt:          false,
		},
		Parameters: NewTPMUPublicParms(
			TPMAlgRSA,
			&TPMSRSAParms{
				Symmetric: TPMTSymDefObject{
					Algorithm: TPMAlgAES,
					KeyBits: NewTPMUSymKeyBits(
						TPMAlgAES,
						TPMKeyBits(128),
					),
					Mode: NewTPMUSymMode(
						TPMAlgAES,
						TPMAlgCFB,
					),
				},
				KeyBits: 2048,
			},
		),
		Unique: NewTPMUPublicID(
			TPMAlgRSA,
			&TPM2BPublicKeyRSA{
				Buffer: make([]byte, 256),
			},
		),
	}
	// RSAEKTemplate contains the TCG reference RSA-2048 EK template.
	RSAEKTemplate = TPMTPublic{
		Type:    TPMAlgRSA,
		NameAlg: TPMAlgSHA256,
		ObjectAttributes: TPMAObject{
			FixedTPM:             true,
			STClear:              false,
			FixedParent:          true,
			SensitiveDataOrigin:  true,
			UserWithAuth:         false,
			AdminWithPolicy:      true,
			NoDA:                 false,
			EncryptedDuplication: false,
			Restricted:           true,
			Decrypt:              true,
			SignEncrypt:          false,
		},
		AuthPolicy: TPM2BDigest{
			Buffer: []byte{

				0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8,
				0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24,
				0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64,
				0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA,
			},
		},
		Parameters: NewTPMUPublicParms(
			TPMAlgRSA,
			&TPMSRSAParms{
				Symmetric: TPMTSymDefObject{
					Algorithm: TPMAlgAES,
					KeyBits: NewTPMUSymKeyBits(
						TPMAlgAES,
						TPMKeyBits(128),
					),
					Mode: NewTPMUSymMode(
						TPMAlgAES,
						TPMAlgCFB,
					),
				},
				KeyBits: 2048,
			},
		),
		Unique: NewTPMUPublicID(
			TPMAlgRSA,
			&TPM2BPublicKeyRSA{
				Buffer: make([]byte, 256),
			},
		),
	}

	// ECCSRKTemplate contains the TCG reference ECC-P256 SRK template.
	// https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf
	ECCSRKTemplate = TPMTPublic{
		Type:    TPMAlgECC,
		NameAlg: TPMAlgSHA256,
		ObjectAttributes: TPMAObject{
			FixedTPM:             true,
			STClear:              false,
			FixedParent:          true,
			SensitiveDataOrigin:  true,
			UserWithAuth:         true,
			AdminWithPolicy:      false,
			NoDA:                 true,
			EncryptedDuplication: false,
			Restricted:           true,
			Decrypt:              true,
			SignEncrypt:          false,
		},
		Parameters: NewTPMUPublicParms(
			TPMAlgECC,
			&TPMSECCParms{
				Symmetric: TPMTSymDefObject{
					Algorithm: TPMAlgAES,
					KeyBits: NewTPMUSymKeyBits(
						TPMAlgAES,
						TPMKeyBits(128),
					),
					Mode: NewTPMUSymMode(
						TPMAlgAES,
						TPMAlgCFB,
					),
				},
				CurveID: TPMECCNistP256,
			},
		),
		Unique: NewTPMUPublicID(
			TPMAlgECC,
			&TPMSECCPoint{
				X: TPM2BECCParameter{
					Buffer: make([]byte, 32),
				},
				Y: TPM2BECCParameter{
					Buffer: make([]byte, 32),
				},
			},
		),
	}

	// ECCEKTemplate contains the TCG reference ECC-P256 EK template.
	ECCEKTemplate = TPMTPublic{
		Type:    TPMAlgECC,
		NameAlg: TPMAlgSHA256,
		ObjectAttributes: TPMAObject{
			FixedTPM:             true,
			STClear:              false,
			FixedParent:          true,
			SensitiveDataOrigin:  true,
			UserWithAuth:         false,
			AdminWithPolicy:      true,
			NoDA:                 false,
			EncryptedDuplication: false,
			Restricted:           true,
			Decrypt:              true,
			SignEncrypt:          false,
		},
		AuthPolicy: TPM2BDigest{
			Buffer: []byte{

				0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8,
				0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24,
				0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64,
				0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA,
			},
		},
		Parameters: NewTPMUPublicParms(
			TPMAlgECC,
			&TPMSECCParms{
				Symmetric: TPMTSymDefObject{
					Algorithm: TPMAlgAES,
					KeyBits: NewTPMUSymKeyBits(
						TPMAlgAES,
						TPMKeyBits(128),
					),
					Mode: NewTPMUSymMode(
						TPMAlgAES,
						TPMAlgCFB,
					),
				},
				CurveID: TPMECCNistP256,
			},
		),
		Unique: NewTPMUPublicID(
			TPMAlgECC,
			&TPMSECCPoint{
				X: TPM2BECCParameter{
					Buffer: make([]byte, 32),
				},
				Y: TPM2BECCParameter{
					Buffer: make([]byte, 32),
				},
			},
		),
	}
)
View Source
var PCClientCompatible pcrSelectionFormatter = pcClient{}

PCClientCompatible is a pcrSelectionFormatter that formats PCR selections suitable for use in PC Client PTP-compatible TPMs (the vast majority): https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/ PC Client mandates at least 24 PCRs but does not provide an upper limit.

Functions

func AuditCommand added in v0.9.0

func AuditCommand[C Command[R, *R], R any](a *CommandAudit, cmd C, rsp *R) error

AuditCommand extends the audit digest with the given command and response. Go Generics do not allow type parameters on methods, otherwise this would be a method on CommandAudit. See https://github.com/golang/go/issues/49085 for more information.

func ECCPoint added in v0.9.1

func ECCPoint(pubKey *ecdh.PublicKey) (*big.Int, *big.Int, error)

ECCPoint returns an uncompressed ECC Point

func ECDHPubKey added in v0.9.1

func ECDHPubKey(curve ecdh.Curve, pub *TPMSECCPoint) (*ecdh.PublicKey, error)

ECDHPubKey converts a TPM ECC public key into one recognized by the ecdh package

func KDFa

func KDFa(h crypto.Hash, key []byte, label string, contextU, contextV []byte, bits int) []byte

KDFa implements TPM 2.0's default key derivation function, as defined in section 11.4.9.2 of the TPM revision 2 specification part 1. See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ The key & label parameters must not be zero length. The label parameter is a non-null-terminated string. The contextU & contextV parameters are optional.

func KDFe added in v0.3.0

func KDFe(h crypto.Hash, z []byte, use string, partyUInfo, partyVInfo []byte, bits int) []byte

KDFe implements TPM 2.0's ECDH key derivation function, as defined in section 11.4.9.3 of the TPM revision 2 specification part 1. See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ The z parameter is the x coordinate of one party's private ECC key multiplied by the other party's public ECC point. The use parameter is a non-null-terminated string. The partyUInfo and partyVInfo are the x coordinates of the initiator's and the responder's ECC points, respectively.

func Marshal added in v0.9.0

func Marshal(v Marshallable) []byte

Marshal will serialize the given values, returning them as a byte slice.

func PrimaryHandleName added in v0.9.0

func PrimaryHandleName(h TPMHandle) []byte

PrimaryHandleName returns the TPM Name of a primary handle.

func RSAPub added in v0.9.0

func RSAPub(parms *TPMSRSAParms, pub *TPM2BPublicKeyRSA) (*rsa.PublicKey, error)

RSAPub converts a TPM RSA public key into one recognized by the rsa package.

func Unmarshal added in v0.9.0

func Unmarshal[T Marshallable, P interface {
	*T
	Unmarshallable
}](data []byte) (*T, error)

Unmarshal unmarshals the given type from the byte array. Returns an error if the buffer does not contain enough data to satisfy the types, or if the types are not unmarshallable.

Types

type ActivateCredential

type ActivateCredential struct {
	// handle of the object associated with certificate in credentialBlob
	ActivateHandle handle `gotpm:"handle,auth"`
	// loaded key used to decrypt the TPMS_SENSITIVE in credentialBlob
	KeyHandle handle `gotpm:"handle,auth"`
	// the credential
	CredentialBlob TPM2BIDObject
	// keyHandle algorithm-dependent encrypted seed that protects credentialBlob
	Secret TPM2BEncryptedSecret
}

ActivateCredential is the input to TPM2_ActivateCredential. See definition in Part 3, Commands, section 12.5.

func (ActivateCredential) Command added in v0.9.0

func (ActivateCredential) Command() TPMCC

Command implements the Command interface.

func (ActivateCredential) Execute added in v0.9.0

Execute executes the command and returns the response.

type ActivateCredentialResponse added in v0.9.0

type ActivateCredentialResponse struct {
	// the decrypted certificate information
	CertInfo TPM2BDigest
}

ActivateCredentialResponse is the response from TPM2_ActivateCredential.

type AsymSchemeContents added in v0.9.0

AsymSchemeContents is a type constraint representing the possible contents of TPMUAsymScheme.

type AttestContents added in v0.9.0

AttestContents is a type constraint representing the possible contents of TPMUAttest.

type AuthHandle added in v0.9.0

type AuthHandle struct {
	Handle TPMHandle
	Name   TPM2BName
	Auth   Session
}

AuthHandle allows the caller to add an authorization session onto a handle.

func (AuthHandle) HandleValue added in v0.9.0

func (h AuthHandle) HandleValue() uint32

HandleValue implements the handle interface.

func (AuthHandle) KnownName added in v0.9.0

func (h AuthHandle) KnownName() *TPM2BName

KnownName implements the handle interface. If Name is not provided (i.e., only Auth), then rely on the underlying TPMHandle.

type AuthOption added in v0.9.0

type AuthOption func(*sessionOptions)

AuthOption is an option for setting up an auth session variadically.

func AESEncryption added in v0.9.0

func AESEncryption(keySize TPMKeyBits, dir parameterEncryptiontpm2ion) AuthOption

AESEncryption uses the session to encrypt the first parameter sent to/from the TPM. Note that only commands whose first command/response parameter is a 2B can support session encryption.

func Audit added in v0.9.0

func Audit() AuthOption

Audit uses the session to compute extra HMACs. An Audit session can be used with GetSessionAuditDigest to obtain attestation over a sequence of commands.

func AuditExclusive added in v0.9.0

func AuditExclusive() AuthOption

AuditExclusive is like an audit session, but even more powerful. This allows an audit session to additionally indicate that no other auditable commands were executed other than the ones described by the audit hash.

func Auth added in v0.9.0

func Auth(auth []byte) AuthOption

Auth uses the session to prove knowledge of the object's auth value.

func Bound added in v0.9.0

func Bound(handle TPMIDHEntity, name TPM2BName, auth []byte) AuthOption

Bound specifies that this session's session key should depend on the auth value of the given object.

func Password added in v0.9.0

func Password(auth []byte) AuthOption

Password is a policy-session-only option that specifies to provide the object's auth value in place of the authorization HMAC when authorizing. For HMAC sessions, has the same effect as using Auth. Deprecated: This is not recommended and is only provided for completeness; use Auth instead.

func Salted added in v0.9.0

func Salted(handle TPMIDHObject, pub TPMTPublic) AuthOption

Salted specifies that this session's session key should depend on an encrypted seed value using the given public key. 'handle' must refer to a loaded RSA or ECC key.

func Trial added in v0.9.0

func Trial() AuthOption

Trial indicates that the policy session should be in trial-mode. This allows using the TPM to calculate policy hashes. This option has no effect on non-Policy sessions.

type BitGetter added in v0.9.0

type BitGetter interface {
	Bitfield
	// GetReservedBit returns the value of the given reserved bit.
	// If the bit is not reserved, returns false.
	GetReservedBit(pos int) bool
}

BitGetter represents a TPM bitfield (i.e., TPMA_*) type that can be read.

type BitSetter added in v0.9.0

type BitSetter interface {
	Bitfield
	// GetReservedBit sets the value of the given reserved bit.
	SetReservedBit(pos int, val bool)
}

BitSetter represents a TPM bitfield (i.e., TPMA_*) type that can be written.

type Bitfield added in v0.9.0

type Bitfield interface {
	// Length returns the length of the bitfield.
	Length() int
}

Bitfield represents a TPM bitfield (i.e., TPMA_*) type.

type CapabilitiesContents added in v0.9.0

CapabilitiesContents is a type constraint representing the possible contents of TPMUCapabilities.

type Certify

type Certify struct {
	// handle of the object to be certified
	ObjectHandle handle `gotpm:"handle,auth"`
	// handle of the key used to sign the attestation structure
	SignHandle handle `gotpm:"handle,auth"`
	// user provided qualifying data
	QualifyingData TPM2BData
	// signing scheme to use if the scheme for signHandle is TPM_ALG_NULL
	InScheme TPMTSigScheme
}

Certify is the input to TPM2_Certify. See definition in Part 3, Commands, section 18.2.

func (Certify) Command added in v0.9.0

func (Certify) Command() TPMCC

Command implements the Command interface.

func (Certify) Execute added in v0.9.0

func (cmd Certify) Execute(t transport.TPM, s ...Session) (*CertifyResponse, error)

Execute executes the command and returns the response.

type CertifyCreation

type CertifyCreation struct {
	// handle of the key that will sign the attestation block
	SignHandle handle `gotpm:"handle,auth"`
	// the object associated with the creation data
	ObjectHandle handle `gotpm:"handle"`
	// user-provided qualifying data
	QualifyingData TPM2BData
	// hash of the creation data produced by TPM2_Create() or TPM2_CreatePrimary()
	CreationHash TPM2BDigest
	// signing scheme to use if the scheme for signHandle is TPM_ALG_NULL
	InScheme TPMTSigScheme
	// ticket produced by TPM2_Create() or TPM2_CreatePrimary()
	CreationTicket TPMTTKCreation
}

CertifyCreation is the input to TPM2_CertifyCreation. See definition in Part 3, Commands, section 18.3.

func (CertifyCreation) Command added in v0.9.0

func (CertifyCreation) Command() TPMCC

Command implements the Command interface.

func (CertifyCreation) Execute added in v0.9.0

Execute executes the command and returns the response.

type CertifyCreationResponse added in v0.9.0

type CertifyCreationResponse struct {
	// the structure that was signed
	CertifyInfo TPM2BAttest
	// the signature over certifyInfo
	Signature TPMTSignature
}

CertifyCreationResponse is the response from TPM2_CertifyCreation.

type CertifyResponse added in v0.9.0

type CertifyResponse struct {
	// the structure that was signed
	CertifyInfo TPM2BAttest
	// the asymmetric signature over certifyInfo using the key referenced by signHandle
	Signature TPMTSignature
}

CertifyResponse is the response from TPM2_Certify.

type Clear added in v0.3.0

type Clear struct {
	// TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
	AuthHandle handle `gotpm:"handle,auth"`
}

Clear is the input to TPM2_Clear. See definition in Part 3, Commands, section 24.6

func (Clear) Command added in v0.9.0

func (Clear) Command() TPMCC

Command implements the Command interface.

func (Clear) Execute added in v0.9.0

func (cmd Clear) Execute(t transport.TPM, s ...Session) (*ClearResponse, error)

Execute executes the command and returns the response.

type ClearResponse added in v0.9.0

type ClearResponse struct{}

ClearResponse is the response from TPM2_Clear.

type Command added in v0.9.0

type Command[R any, PR *R] interface {
	// The TPM command code associated with this command.
	Command() TPMCC
	// Executes the command and returns the response.
	Execute(t transport.TPM, s ...Session) (PR, error)
}

Command is an interface for any TPM command, parameterized by its response type.

type CommandAudit added in v0.9.0

type CommandAudit struct {
	// contains filtered or unexported fields
}

CommandAudit represents an audit session for attesting the execution of a series of commands in the TPM. It is useful for both command and session auditing.

func NewAudit added in v0.9.0

func NewAudit(hash TPMIAlgHash) (*CommandAudit, error)

NewAudit initializes a new CommandAudit with the specified hash algorithm.

func (*CommandAudit) Digest added in v0.9.0

func (a *CommandAudit) Digest() []byte

Digest returns the current digest of the audit.

type Commit added in v0.9.0

type Commit struct {
	// handle of the key that will be used in the signing operation
	SignHandle handle `gotpm:"handle,auth"`
	// a point (M) on the curve used by signHandle
	P1 TPM2BECCPoint
	// octet array used to derive x-coordinate of a base point
	S2 TPM2BSensitiveData
	// y coordinate of the point associated with s2
	Y2 TPM2BECCParameter
}

Commit is the input to TPM2_Commit. See definition in Part 3, Commands, section 19.2.

func (Commit) Command added in v0.9.0

func (Commit) Command() TPMCC

Command implements the Command interface.

func (Commit) Execute added in v0.9.0

func (cmd Commit) Execute(t transport.TPM, s ...Session) (*CommitResponse, error)

Execute executes the command and returns the response.

type CommitResponse added in v0.9.0

type CommitResponse struct {
	// ECC point K ≔ [ds](x2, y2)
	K TPM2BECCPoint
	// ECC point L ≔ [r](x2, y2)
	L TPM2BECCPoint
	// ECC point E ≔ [r]P1
	E TPM2BECCPoint
	// least-significant 16 bits of commitCount
	Counter uint16
}

CommitResponse is the response from TPM2_Commit.

type ContextLoad

type ContextLoad struct {
	// the context blob
	Context TPMSContext
}

ContextLoad is the input to TPM2_ContextLoad. See definition in Part 3, Commands, section 28.3

func (ContextLoad) Command added in v0.9.0

func (ContextLoad) Command() TPMCC

Command implements the Command interface.

func (ContextLoad) Execute added in v0.9.0

func (cmd ContextLoad) Execute(t transport.TPM, s ...Session) (*ContextLoadResponse, error)

Execute executes the command and returns the response.

type ContextLoadResponse added in v0.9.0

type ContextLoadResponse struct {
	// the handle assigned to the resource after it has been successfully loaded
	LoadedHandle TPMIDHContext
}

ContextLoadResponse is the response from TPM2_ContextLoad.

type ContextSave

type ContextSave struct {
	// handle of the resource to save
	SaveHandle TPMIDHContext
}

ContextSave is the input to TPM2_ContextSave. See definition in Part 3, Commands, section 28.2

func (ContextSave) Command added in v0.9.0

func (ContextSave) Command() TPMCC

Command implements the Command interface.

func (ContextSave) Execute added in v0.9.0

func (cmd ContextSave) Execute(t transport.TPM, s ...Session) (*ContextSaveResponse, error)

Execute executes the command and returns the response.

type ContextSaveResponse added in v0.9.0

type ContextSaveResponse struct {
	Context TPMSContext
}

ContextSaveResponse is the response from TPM2_ContextSave.

type Create added in v0.9.0

type Create struct {
	// handle of parent for new object
	ParentHandle handle `gotpm:"handle,auth"`
	// the sensitive data
	InSensitive TPM2BSensitiveCreate
	// the public template
	InPublic TPM2BPublic
	// data that will be included in the creation data for this
	// object to provide permanent, verifiable linkage between this
	// object and some object owner data
	OutsideInfo TPM2BData
	// PCR that will be used in creation data
	CreationPCR TPMLPCRSelection
}

Create is the input to TPM2_Create. See definition in Part 3, Commands, section 12.1

func (Create) Command added in v0.9.0

func (Create) Command() TPMCC

Command implements the Command interface.

func (Create) Execute added in v0.9.0

func (cmd Create) Execute(t transport.TPM, s ...Session) (*CreateResponse, error)

Execute executes the command and returns the response.

type CreateLoaded added in v0.9.0

type CreateLoaded struct {
	// Handle of a transient storage key, a persistent storage key,
	// TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM+{PP}, or TPM_RH_NULL
	ParentHandle handle `gotpm:"handle,auth"`
	// the sensitive data, see TPM 2.0 Part 1 Sensitive Values
	InSensitive TPM2BSensitiveCreate
	// the public template
	InPublic TPM2BTemplate
}

CreateLoaded is the input to TPM2_CreateLoaded. See definition in Part 3, Commands, section 12.9

func (CreateLoaded) Command added in v0.9.0

func (CreateLoaded) Command() TPMCC

Command implements the Command interface.

func (CreateLoaded) Execute added in v0.9.0

func (cmd CreateLoaded) Execute(t transport.TPM, s ...Session) (*CreateLoadedResponse, error)

Execute executes the command and returns the response.

type CreateLoadedResponse added in v0.9.0

type CreateLoadedResponse struct {
	// handle of type TPM_HT_TRANSIENT for loaded object
	ObjectHandle TPMHandle `gotpm:"handle"`
	// the sensitive area of the object (optional)
	OutPrivate TPM2BPrivate `gotpm:"optional"`
	// the public portion of the created object
	OutPublic TPM2BPublic
	// the name of the created object
	Name TPM2BName
}

CreateLoadedResponse is the response from TPM2_CreateLoaded.

type CreatePrimary

type CreatePrimary struct {
	// TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM+{PP},
	// or TPM_RH_NULL
	PrimaryHandle handle `gotpm:"handle,auth"`
	// the sensitive data
	InSensitive TPM2BSensitiveCreate
	// the public template
	InPublic TPM2BPublic
	// data that will be included in the creation data for this
	// object to provide permanent, verifiable linkage between this
	// object and some object owner data
	OutsideInfo TPM2BData
	// PCR that will be used in creation data
	CreationPCR TPMLPCRSelection
}

CreatePrimary is the input to TPM2_CreatePrimary. See definition in Part 3, Commands, section 24.1

func (CreatePrimary) Command added in v0.9.0

func (CreatePrimary) Command() TPMCC

Command implements the Command interface.

func (CreatePrimary) Execute added in v0.9.0

func (cmd CreatePrimary) Execute(t transport.TPM, s ...Session) (*CreatePrimaryResponse, error)

Execute executes the command and returns the response.

type CreatePrimaryResponse added in v0.9.0

type CreatePrimaryResponse struct {
	// handle of type TPM_HT_TRANSIENT for created Primary Object
	ObjectHandle TPMHandle `gotpm:"handle"`
	// the public portion of the created object
	OutPublic TPM2BPublic
	// contains a TPMS_CREATION_DATA
	CreationData tpm2bCreationData
	// digest of creationData using nameAlg of outPublic
	CreationHash TPM2BDigest
	// ticket used by TPM2_CertifyCreation() to validate that the
	// creation data was produced by the TPM.
	CreationTicket TPMTTKCreation
	// the name of the created object
	Name TPM2BName
}

CreatePrimaryResponse is the response from TPM2_CreatePrimary.

type CreateResponse added in v0.9.0

type CreateResponse struct {
	// the private portion of the object
	OutPrivate TPM2BPrivate
	// the public portion of the created object
	OutPublic TPM2BPublic
	// contains a TPMS_CREATION_DATA
	CreationData tpm2bCreationData
	// digest of creationData using nameAlg of outPublic
	CreationHash TPM2BDigest
	// ticket used by TPM2_CertifyCreation() to validate that the
	// creation data was produced by the TPM.
	CreationTicket TPMTTKCreation
}

CreateResponse is the response from TPM2_Create.

type Duplicate added in v0.9.1

type Duplicate struct {
	// ObjectHandle is the handle of the object to dupliate.
	ObjectHandle handle `gotpm:"handle,auth"`

	// NewParentHandle is the handle of the new parent.
	NewParentHandle handle `gotpm:"handle"`

	// EncryptionKeyIn is the optional symmetric encryption key used as the
	// inner wrapper. If SymmetricAlg is TPM_ALG_NULL, then this parameter
	// shall be the Empty Buffer.
	EncryptionKeyIn TPM2BData

	// Definition of the symmetric algorithm to use for the inner wrapper.
	// It may be TPM_ALG_NULL if no inner wrapper is applied.
	Symmetric TPMTSymDef
}

Duplicate is the input to TPM2_Duplicate. See definition in Part 3, Commands, section 13.1

func (Duplicate) Command added in v0.9.1

func (Duplicate) Command() TPMCC

Command implements the Command interface.

func (Duplicate) Execute added in v0.9.1

func (cmd Duplicate) Execute(t transport.TPM, s ...Session) (*DuplicateResponse, error)

Execute executes the command and returns the response.

type DuplicateResponse added in v0.9.1

type DuplicateResponse struct {
	// EncryptionKeyOut is the symmetric encryption key used as the
	// inner wrapper. If SymmetricAlg is TPM_ALG_NULL, this value
	// shall be the Empty Buffer.
	EncryptionKeyOut TPM2BData

	// Duplicate is the private area of the object. It may be encrypted by
	// EncryptionKeyIn and may be doubly encrypted.
	Duplicate TPM2BPrivate

	// OutSymSeed is the seed protected by the asymmetric algorithms of new
	// parent.
	OutSymSeed TPM2BEncryptedSecret
}

DuplicateResponse is the response from TPM2_Duplicate.

type ECDHZGen added in v0.3.0

type ECDHZGen struct {
	// handle of a loaded ECC key
	KeyHandle handle `gotpm:"handle,auth"`
	// a public key
	InPoint TPM2BECCPoint
}

ECDHZGen is the input to TPM2_ECDHZGen. See definition in Part 3, Commands, section 14.5

func (ECDHZGen) Command added in v0.9.0

func (ECDHZGen) Command() TPMCC

Command implements the Command interface.

func (ECDHZGen) Execute added in v0.9.0

func (cmd ECDHZGen) Execute(t transport.TPM, s ...Session) (*ECDHZGenResponse, error)

Execute executes the command and returns the response.

type ECDHZGenResponse added in v0.9.0

type ECDHZGenResponse struct {
	// X and Y coordinates of the product of the multiplication
	OutPoint TPM2BECCPoint
}

ECDHZGenResponse is the response from TPM2_ECDHZGen.

type EvictControl

type EvictControl struct {
	// TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
	Auth             handle `gotpm:"handle,auth"`
	ObjectHandle     handle `gotpm:"handle"`
	PersistentHandle TPMIDHPersistent
}

EvictControl is the input to TPM2_EvictControl. See definition in Part 3, Commands, section 28.5

func (EvictControl) Command added in v0.9.1

func (EvictControl) Command() TPMCC

Command implements the Command interface.

func (EvictControl) Execute added in v0.9.1

func (cmd EvictControl) Execute(t transport.TPM, s ...Session) (*EvictControlResponse, error)

Execute executes the command and returns the response.

type EvictControlResponse added in v0.9.1

type EvictControlResponse struct{}

EvictControlResponse is the response from TPM2_EvictControl.

type FlushContext

type FlushContext struct {
	// the handle of the item to flush
	FlushHandle handle `gotpm:"handle"`
}

FlushContext is the input to TPM2_FlushContext. See definition in Part 3, Commands, section 28.4

func (FlushContext) Command added in v0.9.0

func (FlushContext) Command() TPMCC

Command implements the Command interface.

func (FlushContext) Execute added in v0.9.0

func (cmd FlushContext) Execute(t transport.TPM, s ...Session) (*FlushContextResponse, error)

Execute executes the command and returns the response.

type FlushContextResponse added in v0.9.0

type FlushContextResponse struct{}

FlushContextResponse is the response from TPM2_FlushContext.

type GetCapability

type GetCapability struct {
	// group selection; determines the format of the response
	Capability TPMCap
	// further definition of information
	Property uint32
	// number of properties of the indicated type to return
	PropertyCount uint32
}

GetCapability is the input to TPM2_GetCapability. See definition in Part 3, Commands, section 30.2

func (GetCapability) Command added in v0.9.0

func (GetCapability) Command() TPMCC

Command implements the Command interface.

func (GetCapability) Execute added in v0.9.0

func (cmd GetCapability) Execute(t transport.TPM, s ...Session) (*GetCapabilityResponse, error)

Execute executes the command and returns the response.

type GetCapabilityResponse added in v0.9.0

type GetCapabilityResponse struct {
	// flag to indicate if there are more values of this type
	MoreData TPMIYesNo
	// the capability data
	CapabilityData TPMSCapabilityData
}

GetCapabilityResponse is the response from TPM2_GetCapability.

type GetRandom

type GetRandom struct {
	// number of octets to return
	BytesRequested uint16
}

GetRandom is the input to TPM2_GetRandom. See definition in Part 3, Commands, section 16.1

func (GetRandom) Command added in v0.9.0

func (GetRandom) Command() TPMCC

Command implements the Command interface.

func (GetRandom) Execute added in v0.9.0

func (cmd GetRandom) Execute(t transport.TPM, s ...Session) (*GetRandomResponse, error)

Execute executes the command and returns the response.

type GetRandomResponse added in v0.9.0

type GetRandomResponse struct {
	// the random octets
	RandomBytes TPM2BDigest
}

GetRandomResponse is the response from TPM2_GetRandom.

type GetSessionAuditDigest added in v0.9.0

type GetSessionAuditDigest struct {
	// handle of the privacy administrator (TPM_RH_ENDORSEMENT)
	PrivacyAdminHandle handle `gotpm:"handle,auth"`
	// handle of the signing key
	SignHandle handle `gotpm:"handle,auth"`
	// handle of the audit session
	SessionHandle handle `gotpm:"handle"`
	// user-provided qualifying data – may be zero-length
	QualifyingData TPM2BData
	// signing scheme to use if the scheme for signHandle is TPM_ALG_NULL
	InScheme TPMTSigScheme
}

GetSessionAuditDigest is the input to TPM2_GetSessionAuditDigest. See definition in Part 3, Commands, section 18.5

func (GetSessionAuditDigest) Command added in v0.9.0

func (GetSessionAuditDigest) Command() TPMCC

Command implements the Command interface.

func (GetSessionAuditDigest) Execute added in v0.9.0

Execute executes the command and returns the response.

type GetSessionAuditDigestResponse added in v0.9.0

type GetSessionAuditDigestResponse struct {
	// the audit information that was signed
	AuditInfo TPM2BAttest
	// the signature over auditInfo
	Signature TPMTSignature
}

GetSessionAuditDigestResponse is the response from TPM2_GetSessionAuditDigest.

type Hash

type Hash struct {
	//data to be hashed
	Data TPM2BMaxBuffer
	// algorithm for the hash being computed - shall not be TPM_ALH_NULL
	HashAlg TPMIAlgHash
	// hierarchy to use for the ticket (TPM_RH_NULL_allowed)
	Hierarchy TPMIRHHierarchy `gotpm:"nullable"`
}

Hash is the input to TPM2_Hash. See definition in Part 3, Commands, section 15.4

func (Hash) Command added in v0.9.0

func (Hash) Command() TPMCC

Command implements the Command interface.

func (Hash) Execute added in v0.9.0

func (cmd Hash) Execute(t transport.TPM, s ...Session) (*HashResponse, error)

Execute executes the command and returns the response.

type HashResponse added in v0.9.0

type HashResponse struct {
	// results
	OutHash TPM2BDigest
	// ticket indicating that the sequence of octets used to
	// compute outDigest did not start with TPM_GENERATED_VALUE
	Validation TPMTTKHashCheck
}

HashResponse is the response from TPM2_Hash.

type HashSequenceStart added in v0.3.2

type HashSequenceStart struct {
	// authorization value for subsequent use of the sequence
	Auth TPM2BAuth
	// the hash algorithm to use for the hash sequence
	// An Event Sequence starts if this is TPM_ALG_NULL.
	HashAlg TPMIAlgHash
}

HashSequenceStart is the input to TPM2_HashSequenceStart. See definition in Part 3, Commands, section 17.3

func (HashSequenceStart) Command added in v0.9.0

func (HashSequenceStart) Command() TPMCC

Command implements the Command interface.

func (HashSequenceStart) Execute added in v0.9.0

Execute executes the command and returns the response.

type HashSequenceStartResponse added in v0.9.0

type HashSequenceStartResponse struct {
	// a handle to reference the sequence
	SequenceHandle TPMIDHObject
}

HashSequenceStartResponse is the response from TPM2_StartHashSequence.

type HierarchyChangeAuth added in v0.3.0

type HierarchyChangeAuth struct {
	// TPM_RH_ENDORSEMENT, TPM_RH_LOCKOUT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
	AuthHandle handle `gotpm:"handle,auth"`
	// new authorization value
	NewAuth TPM2BAuth
}

HierarchyChangeAuth is the input to TPM2_HierarchyChangeAuth. See definition in Part 3, Commands, section 24.8

func (HierarchyChangeAuth) Command added in v0.9.1

func (HierarchyChangeAuth) Command() TPMCC

Command implements the Command interface.

func (HierarchyChangeAuth) Execute added in v0.9.1

Execute executes the command and returns the response.

type HierarchyChangeAuthResponse added in v0.9.1

type HierarchyChangeAuthResponse struct{}

HierarchyChangeAuthResponse is the response from TPM2_HierarchyChangeAuth.

type HmacStart added in v0.9.1

type HmacStart struct {
	// HMAC key handle requiring an authorization session for the USER role
	Handle AuthHandle `gotpm:"handle,auth"`
	// authorization value for subsequent use of the sequence
	Auth TPM2BAuth
	// the hash algorithm to use for the hmac sequence
	HashAlg TPMIAlgHash
}

HmacStart is the input to TPM2_HMAC_Start. See definition in Part 3, Commands, section 17.2.2

func (HmacStart) Command added in v0.9.1

func (HmacStart) Command() TPMCC

Command implements the Command interface.

func (HmacStart) Execute added in v0.9.1

func (cmd HmacStart) Execute(t transport.TPM, s ...Session) (*HmacStartResponse, error)

Execute executes the command and returns the response.

type HmacStartResponse added in v0.9.1

type HmacStartResponse struct {
	// a handle to reference the sequence
	SequenceHandle TPMIDHObject `gotpm:"handle"`
}

HmacStartResponse is the response from TPM2_HMAC_Start. See definition in Part 3, Commands, section 17.2.2

type Import added in v0.3.0

type Import struct {
	// handle of parent for new object
	ParentHandle handle `gotpm:"handle,auth"`

	// The optional symmetric encryption key used as the inner wrapper for duplicate
	// If SymmetricAlg is TPM_ALG_NULL, then this parametert shall be the Empty Buffer
	EncryptionKey TPM2BData

	// The public area of the object to be imported
	ObjectPublic TPM2BPublic

	// The symmetrically encrypted duplicate object that may contain an inner
	// symmetric wrapper
	Duplicate TPM2BPrivate

	// The seed for the symmetric key and HMAC key
	InSymSeed TPM2BEncryptedSecret

	// Definition of the symmetric algorithm to use for the inner wrapper
	Symmetric TPMTSymDef
}

Import is the input to TPM2_Import. See definition in Part 3, Commands, section 13.3

func (Import) Command added in v0.9.1

func (Import) Command() TPMCC

Command implements the Command interface.

func (Import) Execute added in v0.9.1

func (cmd Import) Execute(t transport.TPM, s ...Session) (*ImportResponse, error)

Execute executes the command and returns the response.

type ImportResponse added in v0.9.1

type ImportResponse struct {
	// the private portion of the object
	OutPrivate TPM2BPrivate
}

ImportResponse is the response from TPM2_Import.

type KDFSchemeContents added in v0.9.0

KDFSchemeContents is a type constraint representing the possible contents of TPMUKDFScheme.

type Load

type Load struct {
	// handle of parent for new object
	ParentHandle handle `gotpm:"handle,auth"`
	// the private portion of the object
	InPrivate TPM2BPrivate
	// the public portion of the object
	InPublic TPM2BPublic
}

Load is the input to TPM2_Load. See definition in Part 3, Commands, section 12.2

func (Load) Command added in v0.9.0

func (Load) Command() TPMCC

Command implements the Command interface.

func (Load) Execute added in v0.9.0

func (cmd Load) Execute(t transport.TPM, s ...Session) (*LoadResponse, error)

Execute executes the command and returns the response.

type LoadExternal

type LoadExternal struct {
	// the sensitive portion of the object (optional)
	InPrivate TPM2BSensitive `gotpm:"optional"`
	// the public portion of the object
	InPublic TPM2BPublic
	// hierarchy with which the object area is associated
	Hierarchy TPMIRHHierarchy `gotpm:"nullable"`
}

LoadExternal is the input to TPM2_LoadExternal. See definition in Part 3, Commands, section 12.3

func (LoadExternal) Command added in v0.9.0

func (LoadExternal) Command() TPMCC

Command implements the Command interface.

func (LoadExternal) Execute added in v0.9.0

func (cmd LoadExternal) Execute(t transport.TPM, s ...Session) (*LoadExternalResponse, error)

Execute executes the command and returns the response.

type LoadExternalResponse added in v0.9.0

type LoadExternalResponse struct {
	// handle of type TPM_HT_TRANSIENT for loaded object
	ObjectHandle TPMHandle `gotpm:"handle"`
	// Name of the loaded object
	Name TPM2BName
}

LoadExternalResponse is the response from TPM2_LoadExternal.

type LoadResponse added in v0.9.0

type LoadResponse struct {
	// handle of type TPM_HT_TRANSIENT for loaded object
	ObjectHandle TPMHandle `gotpm:"handle"`
	// Name of the loaded object
	Name TPM2BName
}

LoadResponse is the response from TPM2_Load.

type MakeCredential

type MakeCredential struct {
	// loaded public area, used to encrypt the sensitive area containing the credential key
	Handle TPMIDHObject `gotpm:"handle"`
	// the credential information
	Credential TPM2BDigest
	// Name of the object to which the credential applies
	ObjectNamae TPM2BName
}

MakeCredential is the input to TPM2_MakeCredential. See definition in Part 3, Commands, section 12.6.

func (MakeCredential) Command added in v0.9.0

func (MakeCredential) Command() TPMCC

Command implements the Command interface.

func (MakeCredential) Execute added in v0.9.0

Execute executes the command and returns the response.

type MakeCredentialResponse added in v0.9.0

type MakeCredentialResponse struct {
	// the credential
	CredentialBlob TPM2BIDObject
	// handle algorithm-dependent data that wraps the key that encrypts credentialBlob
	Secret TPM2BEncryptedSecret
}

MakeCredentialResponse is the response from TPM2_MakeCredential.

type Marshallable added in v0.9.0

type Marshallable interface {
	// contains filtered or unexported methods
}

Marshallable represents any TPM type that can be marshalled.

type NVCertify added in v0.9.0

type NVCertify struct {
	// handle of the key used to sign the attestation structure
	SignHandle handle `gotpm:"handle,auth"`
	// handle indicating the source of the authorization value
	AuthHandle handle `gotpm:"handle,auth"`
	// Index for the area to be certified
	NVIndex handle `gotpm:"handle"`
	// user-provided qualifying data
	QualifyingData TPM2BData
	// signing scheme to use if the scheme for signHandle is TPM_ALG_NULL
	InScheme TPMTSigScheme `gotpm:"nullable"`
	// number of octets to certify
	Size uint16
	// octet offset into the NV area
	Offset uint16
}

NVCertify is the input to TPM2_NV_Certify. See definition in Part 3, Commands, section 31.16.

func (NVCertify) Command added in v0.9.0

func (NVCertify) Command() TPMCC

Command implements the Command interface.

func (NVCertify) Execute added in v0.9.0

func (cmd NVCertify) Execute(t transport.TPM, s ...Session) (*NVCertifyResponse, error)

Execute executes the command and returns the response.

type NVCertifyResponse added in v0.9.0

type NVCertifyResponse struct {
	// the structure that was signed
	CertifyInfo TPM2BAttest
	// the asymmetric signature over certifyInfo using the key referenced by signHandle
	Signature TPMTSignature
}

NVCertifyResponse is the response from TPM2_NV_Read.

type NVDefineSpace

type NVDefineSpace struct {
	// TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
	AuthHandle handle `gotpm:"handle,auth"`
	// the authorization value
	Auth TPM2BAuth
	// the public parameters of the NV area
	PublicInfo TPM2BNVPublic
}

NVDefineSpace is the input to TPM2_NV_DefineSpace. See definition in Part 3, Commands, section 31.3.

func (NVDefineSpace) Command added in v0.9.0

func (NVDefineSpace) Command() TPMCC

Command implements the Command interface.

func (NVDefineSpace) Execute added in v0.9.0

func (cmd NVDefineSpace) Execute(t transport.TPM, s ...Session) (*NVDefineSpaceResponse, error)

Execute executes the command and returns the response.

type NVDefineSpaceResponse added in v0.9.0

type NVDefineSpaceResponse struct{}

NVDefineSpaceResponse is the response from TPM2_NV_DefineSpace.

type NVIncrement

type NVIncrement struct {
	// handle indicating the source of the authorization value
	AuthHandle handle `gotpm:"handle,auth"`
	// the NV index of the area to write
	NVIndex handle `gotpm:"handle"`
}

NVIncrement is the input to TPM2_NV_Increment. See definition in Part 3, Commands, section 31.8.

func (NVIncrement) Command added in v0.9.0

func (NVIncrement) Command() TPMCC

Command implements the Command interface.

func (NVIncrement) Execute added in v0.9.0

func (cmd NVIncrement) Execute(t transport.TPM, s ...Session) (*NVIncrementResponse, error)

Execute executes the command and returns the response.

type NVIncrementResponse added in v0.9.0

type NVIncrementResponse struct{}

NVIncrementResponse is the response from TPM2_NV_Increment.

type NVRead

type NVRead struct {
	// handle indicating the source of the authorization value
	AuthHandle handle `gotpm:"handle,auth"`
	// the NV index to read
	NVIndex handle `gotpm:"handle"`
	// number of octets to read
	Size uint16
	// octet offset into the NV area
	Offset uint16
}

NVRead is the input to TPM2_NV_Read. See definition in Part 3, Commands, section 31.13.

func (NVRead) Command added in v0.9.0

func (NVRead) Command() TPMCC

Command implements the Command interface.

func (NVRead) Execute added in v0.9.0

func (cmd NVRead) Execute(t transport.TPM, s ...Session) (*NVReadResponse, error)

Execute executes the command and returns the response.

type NVReadPublic added in v0.1.0

type NVReadPublic struct {
	// the NV index
	NVIndex handle `gotpm:"handle"`
}

NVReadPublic is the input to TPM2_NV_ReadPublic. See definition in Part 3, Commands, section 31.6.

func (NVReadPublic) Command added in v0.9.0

func (NVReadPublic) Command() TPMCC

Command implements the Command interface.

func (NVReadPublic) Execute added in v0.9.0

func (cmd NVReadPublic) Execute(t transport.TPM, s ...Session) (*NVReadPublicResponse, error)

Execute executes the command and returns the response.

type NVReadPublicResponse added in v0.9.0

type NVReadPublicResponse struct {
	NVPublic TPM2BNVPublic
	NVName   TPM2BName
}

NVReadPublicResponse is the response from TPM2_NV_ReadPublic.

type NVReadResponse added in v0.9.0

type NVReadResponse struct {
	// the data read
	Data TPM2BMaxNVBuffer
}

NVReadResponse is the response from TPM2_NV_Read.

type NVUndefineSpace

type NVUndefineSpace struct {
	// TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
	AuthHandle handle `gotpm:"handle,auth"`
	// the NV Index to remove from NV space
	NVIndex handle `gotpm:"handle"`
}

NVUndefineSpace is the input to TPM2_NV_UndefineSpace. See definition in Part 3, Commands, section 31.4.

func (NVUndefineSpace) Command added in v0.9.0

func (NVUndefineSpace) Command() TPMCC

Command implements the Command interface.

func (NVUndefineSpace) Execute added in v0.9.0

Execute executes the command and returns the response.

type NVUndefineSpaceResponse added in v0.9.0

type NVUndefineSpaceResponse struct{}

NVUndefineSpaceResponse is the response from TPM2_NV_UndefineSpace.

type NVUndefineSpaceSpecial added in v0.3.1

type NVUndefineSpaceSpecial struct {
	// Index to be deleted
	NVIndex handle `gotpm:"handle,auth"`
	// TPM_RH_PLATFORM+{PP}
	Platform handle `gotpm:"handle,auth"`
}

NVUndefineSpaceSpecial is the input to TPM2_NV_UndefineSpaceSpecial. See definition in Part 3, Commands, section 31.5.

func (NVUndefineSpaceSpecial) Command added in v0.9.0

func (NVUndefineSpaceSpecial) Command() TPMCC

Command implements the Command interface.

func (NVUndefineSpaceSpecial) Execute added in v0.9.0

Execute executes the command and returns the response.

type NVUndefineSpaceSpecialResponse added in v0.9.0

type NVUndefineSpaceSpecialResponse struct{}

NVUndefineSpaceSpecialResponse is the response from TPM2_NV_UndefineSpaceSpecial.

type NVWrite

type NVWrite struct {
	// handle indicating the source of the authorization value
	AuthHandle handle `gotpm:"handle,auth"`
	// the NV index of the area to write
	NVIndex handle `gotpm:"handle"`
	// the data to write
	Data TPM2BMaxNVBuffer
	// the octet offset into the NV Area
	Offset uint16
}

NVWrite is the input to TPM2_NV_Write. See definition in Part 3, Commands, section 31.7.

func (NVWrite) Command added in v0.9.0

func (NVWrite) Command() TPMCC

Command implements the Command interface.

func (NVWrite) Execute added in v0.9.0

func (cmd NVWrite) Execute(t transport.TPM, s ...Session) (*NVWriteResponse, error)

Execute executes the command and returns the response.

type NVWriteLock added in v0.3.0

type NVWriteLock struct {
	// handle indicating the source of the authorization value
	AuthHandle handle `gotpm:"handle,auth"`
	// the NV index of the area to lock
	NVIndex handle `gotpm:"handle"`
}

NVWriteLock is the input to TPM2_NV_WriteLock. See definition in Part 3, Commands, section 31.11.

func (NVWriteLock) Command added in v0.9.0

func (NVWriteLock) Command() TPMCC

Command implements the Command interface.

func (NVWriteLock) Execute added in v0.9.0

func (cmd NVWriteLock) Execute(t transport.TPM, s ...Session) (*NVWriteLockResponse, error)

Execute executes the command and returns the response.

type NVWriteLockResponse added in v0.9.0

type NVWriteLockResponse struct{}

NVWriteLockResponse is the response from TPM2_NV_WriteLock.

type NVWriteResponse added in v0.9.0

type NVWriteResponse struct{}

NVWriteResponse is the response from TPM2_NV_Write.

type NamedHandle added in v0.9.0

type NamedHandle struct {
	Handle TPMHandle
	Name   TPM2BName
}

NamedHandle represents an associated pairing of TPM handle and known Name.

func (NamedHandle) HandleValue added in v0.9.0

func (h NamedHandle) HandleValue() uint32

HandleValue implements the handle interface.

func (NamedHandle) KnownName added in v0.9.0

func (h NamedHandle) KnownName() *TPM2BName

KnownName implements the handle interface.

type ObjectChangeAuth added in v0.9.1

type ObjectChangeAuth struct {
	// TPM handle of an object
	ObjectHandle handle `gotpm:"handle,auth"`
	// handle of the parent
	ParentHandle handle `gotpm:"handle"`
	// new authorization value
	NewAuth TPM2BAuth
}

ObjectChangeAuth is the input to TPM2_ObjectChangeAuth. See definition in Part 3, Commands, section 12.8

func (ObjectChangeAuth) Command added in v0.9.1

func (ObjectChangeAuth) Command() TPMCC

Command implements the Command interface.

func (ObjectChangeAuth) Execute added in v0.9.1

Execute executes the command and returns the response.

type ObjectChangeAuthResponse added in v0.9.1

type ObjectChangeAuthResponse struct {
	// private area containing the new authorization value
	OutPrivate TPM2BPrivate
}

ObjectChangeAuthResponse the response from TPM2_ObjectChangeAuth.

type PCREvent

type PCREvent struct {
	// Handle of the PCR
	PCRHandle handle `gotpm:"handle,auth"`
	// Event data in sized buffer
	EventData TPM2BEvent
}

PCREvent is the input to TPM2_PCR_Event. See definition in Part 3, Commands, section 22.3

func (PCREvent) Command added in v0.9.0

func (PCREvent) Command() TPMCC

Command implements the Command interface.

func (PCREvent) Execute added in v0.9.0

func (cmd PCREvent) Execute(t transport.TPM, s ...Session) (*PCREventResponse, error)

Execute executes the command and returns the response.

type PCREventResponse added in v0.9.0

type PCREventResponse struct{}

PCREventResponse is the response from TPM2_PCR_Event.

type PCRExtend

type PCRExtend struct {
	// handle of the PCR
	PCRHandle handle `gotpm:"handle,auth"`
	// list of tagged digest values to be extended
	Digests TPMLDigestValues
}

PCRExtend is the input to TPM2_PCR_Extend. See definition in Part 3, Commands, section 22.2

func (PCRExtend) Command added in v0.9.0

func (PCRExtend) Command() TPMCC

Command implements the Command interface.

func (PCRExtend) Execute added in v0.9.0

func (cmd PCRExtend) Execute(t transport.TPM, s ...Session) (*PCRExtendResponse, error)

Execute executes the command and returns the response.

type PCRExtendResponse added in v0.9.0

type PCRExtendResponse struct{}

PCRExtendResponse is the response from TPM2_PCR_Extend.

type PCRRead added in v0.9.0

type PCRRead struct {
	// The selection of PCR to read
	PCRSelectionIn TPMLPCRSelection
}

PCRRead is the input to TPM2_PCR_Read. See definition in Part 3, Commands, section 22.4

func (PCRRead) Command added in v0.9.0

func (PCRRead) Command() TPMCC

Command implements the Command interface.

func (PCRRead) Execute added in v0.9.0

func (cmd PCRRead) Execute(t transport.TPM, s ...Session) (*PCRReadResponse, error)

Execute executes the command and returns the response.

type PCRReadResponse added in v0.9.0

type PCRReadResponse struct {
	// the current value of the PCR update counter
	PCRUpdateCounter uint32
	// the PCR in the returned list
	PCRSelectionOut TPMLPCRSelection
	// the contents of the PCR indicated in pcrSelectOut-> pcrSelection[] as tagged digests
	PCRValues TPMLDigest
}

PCRReadResponse is the response from TPM2_PCR_Read.

type PCRReset added in v0.3.3

type PCRReset struct {
	// the PCR to reset
	PCRHandle handle `gotpm:"handle,auth"`
}

PCRReset is the input to TPM2_PCRReset. See definition in Part 3, Commands, section 22.8.

func (PCRReset) Command added in v0.9.0

func (PCRReset) Command() TPMCC

Command implements the Command interface.

func (PCRReset) Execute added in v0.9.0

func (cmd PCRReset) Execute(t transport.TPM, s ...Session) (*PCRResetResponse, error)

Execute executes the command and returns the response.

type PCRResetResponse added in v0.9.0

type PCRResetResponse struct{}

PCRResetResponse is the response from TPM2_PCRReset.

type PolicyAuthorize added in v0.9.0

type PolicyAuthorize struct {
	// handle for the policy session being extended
	PolicySession handle `gotpm:"handle"`
	// digest of the policy being approved
	ApprovedPolicy TPM2BDigest
	// a policy qualifier
	PolicyRef TPM2BDigest
	// Name of a key that can sign a policy addition
	KeySign TPM2BName
	// ticket validating that approvedPolicy and policyRef were signed by keySign
	CheckTicket TPMTTKVerified
}

PolicyAuthorize is the input to TPM2_PolicySigned. See definition in Part 3, Commands, section 23.16.

func (PolicyAuthorize) Command added in v0.9.0

func (PolicyAuthorize) Command() TPMCC

Command implements the Command interface.

func (PolicyAuthorize) Execute added in v0.9.0

Execute executes the command and returns the response.

func (PolicyAuthorize) Update added in v0.9.0

func (cmd PolicyAuthorize) Update(policy *PolicyCalculator) error

Update implements the PolicyCommand interface.

type PolicyAuthorizeNV added in v0.9.0

type PolicyAuthorizeNV struct {
	// handle indicating the source of the authorization value
	AuthHandle handle `gotpm:"handle,auth"`
	// the NV Index of the area to read
	NVIndex handle `gotpm:"handle"`
	// handle for the policy session being extended
	PolicySession handle `gotpm:"handle"`
}

PolicyAuthorizeNV is the input to TPM2_PolicyAuthorizeNV. See definition in Part 3, Commands, section 23.22.

func (PolicyAuthorizeNV) Command added in v0.9.0

func (PolicyAuthorizeNV) Command() TPMCC

Command implements the Command interface.

func (PolicyAuthorizeNV) Execute added in v0.9.0

Execute executes the command and returns the response.

func (PolicyAuthorizeNV) Update added in v0.9.0

func (cmd PolicyAuthorizeNV) Update(policy *PolicyCalculator) error

Update implements the PolicyCommand interface.

type PolicyAuthorizeNVResponse added in v0.9.0

type PolicyAuthorizeNVResponse struct{}

PolicyAuthorizeNVResponse is the response from TPM2_PolicyAuthorizeNV.

type PolicyAuthorizeResponse added in v0.9.0

type PolicyAuthorizeResponse struct{}

PolicyAuthorizeResponse is the response from TPM2_PolicyAuthorize.

type PolicyCPHash added in v0.9.0

type PolicyCPHash struct {
	// handle for the policy session being extended
	PolicySession handle `gotpm:"handle"`
	// the cpHash added to the policy
	CPHashA TPM2BDigest
}

PolicyCPHash is the input to TPM2_PolicyCpHash. See definition in Part 3, Commands, section 23.13.

func (PolicyCPHash) Command added in v0.9.0

func (PolicyCPHash) Command() TPMCC

Command implements the Command interface.

func (PolicyCPHash) Execute added in v0.9.0

func (cmd PolicyCPHash) Execute(t transport.TPM, s ...Session) (*PolicyCPHashResponse, error)

Execute executes the command and returns the response.

func (PolicyCPHash) Update added in v0.9.0

func (cmd PolicyCPHash) Update(policy *PolicyCalculator) error

Update implements the PolicyCommand interface.

type PolicyCPHashResponse added in v0.9.0

type PolicyCPHashResponse struct{}

PolicyCPHashResponse is the response from TPM2_PolicyCpHash.

type PolicyCalculator added in v0.9.0

type PolicyCalculator struct {
	// contains filtered or unexported fields
}

PolicyCalculator represents a TPM 2.0 policy that needs to be calculated synthetically (i.e., without a TPM).

func NewPolicyCalculator added in v0.9.0

func NewPolicyCalculator(alg TPMIAlgHash) (*PolicyCalculator, error)

NewPolicyCalculator creates a fresh policy using the given hash algorithm.

func (*PolicyCalculator) Hash added in v0.9.0

func (p *PolicyCalculator) Hash() *TPMTHA

Hash returns the current state of the policy hash.

func (*PolicyCalculator) Reset added in v0.9.0

func (p *PolicyCalculator) Reset()

Reset resets the internal state of the policy hash to all 0x00.

func (*PolicyCalculator) Update added in v0.9.0

func (p *PolicyCalculator) Update(data ...interface{}) error

Update updates the internal state of the policy hash by appending the current state with the given contents, and updating the new state to the hash of that.

type PolicyCallback added in v0.9.0

type PolicyCallback = func(tpm transport.TPM, handle TPMISHPolicy, nonceTPM TPM2BNonce) error

PolicyCallback represents an object's policy in the form of a function. This function makes zero or more TPM policy commands and returns error.

type PolicyCommand added in v0.9.0

type PolicyCommand interface {
	// Update updates the given policy hash according to the command
	// parameters.
	Update(policy *PolicyCalculator) error
}

PolicyCommand is a TPM command that can be part of a TPM policy.

type PolicyCommandCode added in v0.3.0

type PolicyCommandCode struct {
	// handle for the policy session being extended
	PolicySession handle `gotpm:"handle"`
	// the allowed commandCode
	Code TPMCC
}

PolicyCommandCode is the input to TPM2_PolicyCommandCode. See definition in Part 3, Commands, section 23.11.

func (PolicyCommandCode) Command added in v0.9.0

func (PolicyCommandCode) Command() TPMCC

Command implements the Command interface.

func (PolicyCommandCode) Execute added in v0.9.0

Execute executes the command and returns the response.

func (PolicyCommandCode) Update added in v0.9.0

func (cmd PolicyCommandCode) Update(policy *PolicyCalculator) error

Update implements the PolicyCommand interface.

type PolicyCommandCodeResponse added in v0.9.0

type PolicyCommandCodeResponse struct{}

PolicyCommandCodeResponse is the response from TPM2_PolicyCommandCode.

type PolicyGetDigest

type PolicyGetDigest struct {
	// handle for the policy session
	PolicySession handle `gotpm:"handle"`
}

PolicyGetDigest is the input to TPM2_PolicyGetDigest. See definition in Part 3, Commands, section 23.19.

func (PolicyGetDigest) Command added in v0.9.0

func (PolicyGetDigest) Command() TPMCC

Command implements the Command interface.

func (PolicyGetDigest) Execute added in v0.9.0

Execute executes the command and returns the response.

type PolicyGetDigestResponse added in v0.9.0

type PolicyGetDigestResponse struct {
	// the current value of the policySession→policyDigest
	PolicyDigest TPM2BDigest
}

PolicyGetDigestResponse is the response from TPM2_PolicyGetDigest.

type PolicyNV added in v0.9.0

type PolicyNV struct {
	// handle indicating the source of the authorization value
	AuthHandle handle `gotpm:"handle,auth"`
	// the NV Index of the area to read
	NVIndex handle `gotpm:"handle"`
	// handle for the policy session being extended
	PolicySession handle `gotpm:"handle"`
	// the second operand
	OperandB TPM2BOperand
	// the octet offset in the NV Index for the start of operand A
	Offset uint16
	// the comparison to make
	Operation TPMEO
}

PolicyNV is the input to TPM2_PolicyNV. See definition in Part 3, Commands, section 23.9.

func (PolicyNV) Command added in v0.9.0

func (PolicyNV) Command() TPMCC

Command implements the Command interface.

func (PolicyNV) Execute added in v0.9.0

func (cmd PolicyNV) Execute(t transport.TPM, s ...Session) (*PolicyNVResponse, error)

Execute executes the command and returns the response.

func (PolicyNV) Update added in v0.9.0

func (cmd PolicyNV) Update(policy *PolicyCalculator) error

Update implements the PolicyCommand interface.

type PolicyNVResponse added in v0.9.0

type PolicyNVResponse struct{}

PolicyNVResponse is the response from TPM2_PolicyPCR.

type PolicyNVWritten added in v0.9.0

type PolicyNVWritten struct {
	// handle for the policy session being extended
	PolicySession handle `gotpm:"handle"`
	// YES if NV Index is required to have been written
	// NO if NV Index is required not to have been written
	WrittenSet TPMIYesNo
}

PolicyNVWritten is the input to TPM2_PolicyNvWritten. See definition in Part 3, Commands, section 23.20.

func (PolicyNVWritten) Command added in v0.9.0

func (PolicyNVWritten) Command() TPMCC

Command implements the Command interface.

func (PolicyNVWritten) Execute added in v0.9.0

Execute executes the command and returns the response.

func (PolicyNVWritten) Update added in v0.9.0

func (cmd PolicyNVWritten) Update(policy *PolicyCalculator) error

Update implements the PolicyCommand interface.

type PolicyNVWrittenResponse added in v0.9.0

type PolicyNVWrittenResponse struct {
}

PolicyNVWrittenResponse is the response from TPM2_PolicyNvWritten.

type PolicyOr added in v0.3.0

type PolicyOr struct {
	// handle for the policy session being extended
	PolicySession handle `gotpm:"handle"`
	// the list of hashes to check for a match
	PHashList TPMLDigest
}

PolicyOr is the input to TPM2_PolicyOR. See definition in Part 3, Commands, section 23.6.

func (PolicyOr) Command added in v0.9.0

func (PolicyOr) Command() TPMCC

Command implements the Command interface.

func (PolicyOr) Execute added in v0.9.0

func (cmd PolicyOr) Execute(t transport.TPM, s ...Session) (*PolicyOrResponse, error)

Execute executes the command and returns the response.

func (PolicyOr) Update added in v0.9.0

func (cmd PolicyOr) Update(policy *PolicyCalculator) error

Update implements the PolicyCommand interface.

type PolicyOrResponse added in v0.9.0

type PolicyOrResponse struct{}

PolicyOrResponse is the response from TPM2_PolicyOr.

type PolicyPCR

type PolicyPCR struct {
	// handle for the policy session being extended
	PolicySession handle `gotpm:"handle"`
	// expected digest value of the selected PCR using the
	// hash algorithm of the session; may be zero length
	PcrDigest TPM2BDigest
	// the PCR to include in the check digest
	Pcrs TPMLPCRSelection
}

PolicyPCR is the input to TPM2_PolicyPCR. See definition in Part 3, Commands, section 23.7.

func (PolicyPCR) Command added in v0.9.0

func (PolicyPCR) Command() TPMCC

Command implements the Command interface.

func (PolicyPCR) Execute added in v0.9.0

func (cmd PolicyPCR) Execute(t transport.TPM, s ...Session) (*PolicyPCRResponse, error)

Execute executes the command and returns the response.

func (PolicyPCR) Update added in v0.9.0

func (cmd PolicyPCR) Update(policy *PolicyCalculator) error

Update implements the PolicyCommand interface.

type PolicyPCRResponse added in v0.9.0

type PolicyPCRResponse struct{}

PolicyPCRResponse is the response from TPM2_PolicyPCR.

type PolicySecret

type PolicySecret struct {
	// handle for an entity providing the authorization
	AuthHandle handle `gotpm:"handle,auth"`
	// handle for the policy session being extended
	PolicySession handle `gotpm:"handle"`
	// the policy nonce for the session
	NonceTPM TPM2BNonce
	// digest of the command parameters to which this authorization is limited
	CPHashA TPM2BDigest
	// a reference to a policy relating to the authorization – may be the Empty Buffer
	PolicyRef TPM2BNonce
	// time when authorization will expire, measured in seconds from the time
	// that nonceTPM was generated
	Expiration int32
}

PolicySecret is the input to TPM2_PolicySecret. See definition in Part 3, Commands, section 23.4.

func (PolicySecret) Command added in v0.9.0

func (PolicySecret) Command() TPMCC

Command implements the Command interface.

func (PolicySecret) Execute added in v0.9.0

func (cmd PolicySecret) Execute(t transport.TPM, s ...Session) (*PolicySecretResponse, error)

Execute executes the command and returns the response.

func (PolicySecret) Update added in v0.9.0

func (cmd PolicySecret) Update(policy *PolicyCalculator)

Update implements the PolicyCommand interface.

type PolicySecretResponse added in v0.9.0

type PolicySecretResponse struct {
	// implementation-specific time value used to indicate to the TPM when the ticket expires
	Timeout TPM2BTimeout
	// produced if the command succeeds and expiration in the command was non-zero
	PolicyTicket TPMTTKAuth
}

PolicySecretResponse is the response from TPM2_PolicySecret.

type PolicySigned added in v0.3.3

type PolicySigned struct {
	// handle for an entity providing the authorization
	AuthObject handle `gotpm:"handle"`
	// handle for the policy session being extended
	PolicySession handle `gotpm:"handle"`
	// the policy nonce for the session
	NonceTPM TPM2BNonce
	// digest of the command parameters to which this authorization is limited
	CPHashA TPM2BDigest
	// a reference to a policy relating to the authorization – may be the Empty Buffer
	PolicyRef TPM2BNonce
	// time when authorization will expire, measured in seconds from the time
	// that nonceTPM was generated
	Expiration int32
	// signed authorization (not optional)
	Auth TPMTSignature
}

PolicySigned is the input to TPM2_PolicySigned. See definition in Part 3, Commands, section 23.3.

func (PolicySigned) Command added in v0.9.0

func (PolicySigned) Command() TPMCC

Command implements the Command interface.

func (PolicySigned) Execute added in v0.9.0

func (cmd PolicySigned) Execute(t transport.TPM, s ...Session) (*PolicySignedResponse, error)

Execute executes the command and returns the response.

func (PolicySigned) Update added in v0.9.0

func (cmd PolicySigned) Update(policy *PolicyCalculator) error

Update implements the PolicyCommand interface.

type PolicySignedResponse added in v0.9.0

type PolicySignedResponse struct {
	// implementation-specific time value used to indicate to the TPM when the ticket expires
	Timeout TPM2BTimeout
	// produced if the command succeeds and expiration in the command was non-zero
	PolicyTicket TPMTTKAuth
}

PolicySignedResponse is the response from TPM2_PolicySigned.

type PublicIDContents added in v0.9.0

type PublicIDContents interface {
	Marshallable
	*TPM2BDigest | *TPM2BPublicKeyRSA | *TPMSECCPoint
}

PublicIDContents is a type constraint representing the possible contents of TPMUPublicID.

type PublicParmsContents added in v0.9.0

type PublicParmsContents interface {
	Marshallable
	*TPMSKeyedHashParms | *TPMSSymCipherParms | *TPMSRSAParms |
		*TPMSECCParms
}

PublicParmsContents is a type constraint representing the possible contents of TPMUPublicParms.

type Quote

type Quote struct {
	// handle of key that will perform signature
	SignHandle handle `gotpm:"handle,auth"`
	// data supplied by the caller
	QualifyingData TPM2BData
	// signing scheme to use if the scheme for signHandle is TPM_ALG_NULL
	InScheme TPMTSigScheme
	// PCR set to quote
	PCRSelect TPMLPCRSelection
}

Quote is the input to TPM2_Quote. See definition in Part 3, Commands, section 18.4

func (Quote) Command added in v0.9.0

func (Quote) Command() TPMCC

Command implements the Command interface.

func (Quote) Execute added in v0.9.0

func (cmd Quote) Execute(t transport.TPM, s ...Session) (*QuoteResponse, error)

Execute executes the command and returns the response.

type QuoteResponse added in v0.9.0

type QuoteResponse struct {
	// the quoted information
	Quoted TPM2BAttest
	// the signature over quoted
	Signature TPMTSignature
}

QuoteResponse is the response from TPM2_Quote.

type RSADecrypt added in v0.2.0

type RSADecrypt struct {
	// RSA key to use for decryption
	KeyHandle handle `gotpm:"handle,auth"`
	// cipher text to be decrypted
	CipherText TPM2BPublicKeyRSA
	// the padding scheme to use if scheme associated with keyHandle is TPM_ALG_NULL
	InScheme TPMTRSADecrypt `gotpm:"nullable"`
	// label whose association with the message is to be verified
	Label TPM2BData `gotpm:"optional"`
}

RSADecrypt is the input to TPM2_RSA_Decrypt See definition in Part 3, Commands, section 14.3.

func (RSADecrypt) Command added in v0.9.1

func (RSADecrypt) Command() TPMCC

Command implements the Command interface.

func (RSADecrypt) Execute added in v0.9.1

func (cmd RSADecrypt) Execute(t transport.TPM, s ...Session) (*RSADecryptResponse, error)

Execute executes the command and returns the response.

type RSADecryptResponse added in v0.9.1

type RSADecryptResponse struct {
	// decrypted output
	Message TPM2BPublicKeyRSA
}

RSADecryptResponse is the response from TPM2_RSA_Decrypt

type RSAEncrypt added in v0.2.0

type RSAEncrypt struct {
	// reference to public portion of RSA key to use for encryption
	KeyHandle handle `gotpm:"handle"`
	// message to be encrypted
	Message TPM2BPublicKeyRSA
	// the padding scheme to use if scheme associated with keyHandle is TPM_ALG_NULL
	InScheme TPMTRSADecrypt `gotpm:"nullable"`
	// optional label L to be associated with the message
	Label TPM2BData `gotpm:"optional"`
}

RSAEncrypt is the input to TPM2_RSA_Encrypt See definition in Part 3, Commands, section 14.2.

func (RSAEncrypt) Command added in v0.9.1

func (RSAEncrypt) Command() TPMCC

Command implements the Command interface.

func (RSAEncrypt) Execute added in v0.9.1

func (cmd RSAEncrypt) Execute(t transport.TPM, s ...Session) (*RSAEncryptResponse, error)

Execute executes the command and returns the response.

type RSAEncryptResponse added in v0.9.1

type RSAEncryptResponse struct {
	// encrypted output
	OutData TPM2BPublicKeyRSA
}

RSAEncryptResponse is the response from TPM2_RSA_Encrypt

type ReadPublic

type ReadPublic struct {
	// TPM handle of an object
	ObjectHandle TPMIDHObject `gotpm:"handle"`
}

ReadPublic is the input to TPM2_ReadPublic. See definition in Part 3, Commands, section 12.4

func (ReadPublic) Command added in v0.9.0

func (ReadPublic) Command() TPMCC

Command implements the Command interface.

func (ReadPublic) Execute added in v0.9.0

func (cmd ReadPublic) Execute(t transport.TPM, s ...Session) (*ReadPublicResponse, error)

Execute executes the command and returns the response.

type ReadPublicResponse added in v0.9.0

type ReadPublicResponse struct {
	// structure containing the public area of an object
	OutPublic TPM2BPublic
	// name of object
	Name TPM2BName
	// the Qualified Name of the object
	QualifiedName TPM2BName
}

ReadPublicResponse is the response from TPM2_ReadPublic.

type SchemeKeyedHashContents added in v0.9.0

type SchemeKeyedHashContents interface {
	Marshallable
	*TPMSSchemeHMAC | *TPMSSchemeXOR
}

SchemeKeyedHashContents is a type constraint representing the possible contents of TPMUSchemeKeyedHash.

type SensitiveCompositeContents added in v0.9.0

type SensitiveCompositeContents interface {
	Marshallable
	*TPM2BPrivateKeyRSA | *TPM2BECCParameter | *TPM2BSensitiveData | *TPM2BSymKey
}

SensitiveCompositeContents is a type constraint representing the possible contents of TPMUSensitiveComposite.

type SensitiveCreateContents added in v0.9.0

type SensitiveCreateContents interface {
	Marshallable
	*TPM2BDerive | *TPM2BSensitiveData
}

SensitiveCreateContents is a type constraint representing the possible contents of TPMUSensitiveCreate.

type SequenceComplete added in v0.3.2

type SequenceComplete struct {
	// authorization for the sequence
	SequenceHandle handle `gotpm:"handle,auth"`
	// data to be added to the hash/HMAC
	Buffer TPM2BMaxBuffer
	// hierarchy of the ticket for a hash
	Hierarchy TPMIRHHierarchy `gotpm:"nullable"`
}

SequenceComplete is the input to TPM2_SequenceComplete. See definition in Part 3, Commands, section 17.5

func (SequenceComplete) Command added in v0.9.0

func (SequenceComplete) Command() TPMCC

Command implements the Command interface.

func (SequenceComplete) Execute added in v0.9.0

Execute executes the command and returns the response.

type SequenceCompleteResponse added in v0.9.0

type SequenceCompleteResponse struct {
	// the returned HMAC or digest in a sized buffer
	Result TPM2BDigest
	// 	ticket indicating that the sequence of octets used to
	// compute outDigest did not start with TPM_GENERATED_VALUE
	Validation TPMTTKHashCheck
}

SequenceCompleteResponse is the response from TPM2_SequenceComplete.

type SequenceUpdate added in v0.3.2

type SequenceUpdate struct {
	// handle for the sequence object
	SequenceHandle handle `gotpm:"handle,auth"`
	// data to be added to hash
	Buffer TPM2BMaxBuffer
}

SequenceUpdate is the input to TPM2_SequenceUpdate. See definition in Part 3, Commands, section 17.4

func (SequenceUpdate) Command added in v0.9.0

func (SequenceUpdate) Command() TPMCC

Command implements the Command interface.

func (SequenceUpdate) Execute added in v0.9.0

Execute executes the command and returns the response.

type SequenceUpdateResponse added in v0.9.0

type SequenceUpdateResponse struct{}

SequenceUpdateResponse is the response from TPM2_SequenceUpdate.

type Session added in v0.9.0

type Session interface {
	// Initializes the session, if needed. Has no effect if not needed or
	// already done. Some types of sessions may need to be initialized
	// just-in-time, e.g., to support calling patterns that help the user
	// securely authorize their actions without writing a lot of code.
	Init(tpm transport.TPM) error
	// Cleans up the session, if needed.
	// Some types of session need to be cleaned up if the command failed,
	// again to support calling patterns that help the user securely
	// authorize their actions without writing a lot of code.
	CleanupFailure(tpm transport.TPM) error
	// The last nonceTPM for this session.
	NonceTPM() TPM2BNonce
	// Updates nonceCaller to a new random value.
	NewNonceCaller() error
	// Computes the authorization HMAC for the session.
	// If this is the first authorization session for a command, and
	// there is another session (or sessions) for parameter
	// decryption and/or encryption, then addNonces contains the
	// nonceTPMs from each of them, respectively (see Part 1, 19.6.5)
	Authorize(cc TPMCC, parms, addNonces []byte, names []TPM2BName, authIndex int) (*TPMSAuthCommand, error)
	// Validates the response for the session.
	// Updates NonceTPM for the session.
	Validate(rc TPMRC, cc TPMCC, parms []byte, names []TPM2BName, authIndex int, auth *TPMSAuthResponse) error
	// Returns true if this is an encryption session.
	IsEncryption() bool
	// Returns true if this is a decryption session.
	IsDecryption() bool
	// If this session is used for parameter decryption, encrypts the
	// parameter. Otherwise, does not modify the parameter.
	Encrypt(parameter []byte) error
	// If this session is used for parameter encryption, encrypts the
	// parameter. Otherwise, does not modify the parameter.
	Decrypt(parameter []byte) error
	// Returns the handle value of this session.
	Handle() TPMHandle
}

Session represents a session in the TPM.

func HMAC added in v0.9.0

func HMAC(hash TPMIAlgHash, nonceSize int, opts ...AuthOption) Session

HMAC sets up a just-in-time HMAC session that is used only once. A real session is created, but just in time and it is flushed when used.

func HMACSession added in v0.9.0

func HMACSession(t transport.TPM, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error)

HMACSession sets up a reusable HMAC session that needs to be closed.

func PasswordAuth added in v0.9.0

func PasswordAuth(auth []byte) Session

PasswordAuth assembles a password pseudo-session with the given auth value.

func Policy added in v0.9.0

func Policy(hash TPMIAlgHash, nonceSize int, callback PolicyCallback, opts ...AuthOption) Session

Policy sets up a just-in-time policy session that created each time it's needed. Each time the policy is created, the callback is invoked to authorize the session. A real session is created, but just in time, and it is flushed when used.

func PolicySession added in v0.9.0

func PolicySession(t transport.TPM, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error)

PolicySession opens a policy session that needs to be closed. The caller is responsible to call whichever policy commands they want in the session. Note that the TPM resets a policy session after it is successfully used.

type Shutdown

type Shutdown struct {
	// TPM_SU_CLEAR or TPM_SU_STATE
	ShutdownType TPMSU
}

Shutdown is the input to TPM2_Shutdown. See definition in Part 3, Commands, section 9.4.

func (Shutdown) Command added in v0.9.0

func (Shutdown) Command() TPMCC

Command implements the Command interface.

func (Shutdown) Execute added in v0.9.0

func (cmd Shutdown) Execute(t transport.TPM, s ...Session) (*ShutdownResponse, error)

Execute executes the command and returns the response.

type ShutdownResponse added in v0.9.0

type ShutdownResponse struct{}

ShutdownResponse is the response from TPM2_Shutdown.

type SigSchemeContents added in v0.9.0

type SigSchemeContents interface {
	Marshallable
	*TPMSSchemeHMAC | *TPMSSchemeHash | *TPMSSchemeECDAA
}

SigSchemeContents is a type constraint representing the possible contents of TPMUSigScheme.

type Sign

type Sign struct {
	// Handle of key that will perform signing
	KeyHandle handle `gotpm:"handle,auth"`
	// digest to be signed
	Digest TPM2BDigest
	// signing scheme to use if the scheme for keyHandle is TPM_ALG_NULL
	InScheme TPMTSigScheme `gotpm:"nullable"`
	// proof that digest was created by the TPM.
	// If keyHandle is not a restricted signing key, then this
	// may be a NULL Ticket with tag = TPM_ST_CHECKHASH.
	Validation TPMTTKHashCheck
}

Sign is the input to TPM2_Sign. See definition in Part 3, Commands, section 20.2.

func (Sign) Command added in v0.9.0

func (Sign) Command() TPMCC

Command implements the Command interface.

func (Sign) Execute added in v0.9.0

func (cmd Sign) Execute(t transport.TPM, s ...Session) (*SignResponse, error)

Execute executes the command and returns the response.

type SignResponse added in v0.9.0

type SignResponse struct {
	// the signature
	Signature TPMTSignature
}

SignResponse is the response from TPM2_Sign.

type SignatureContents added in v0.9.0

type SignatureContents interface {
	Marshallable
	*TPMTHA | *TPMSSignatureRSA | *TPMSSignatureECC
}

SignatureContents is a type constraint representing the possible contents of TPMUSignature.

type StartAuthSession

type StartAuthSession struct {
	// handle of a loaded decrypt key used to encrypt salt
	// may be TPM_RH_NULL
	TPMKey handle `gotpm:"handle"`
	// entity providing the authValue
	// may be TPM_RH_NULL
	Bind handle `gotpm:"handle"`
	// initial nonceCaller, sets nonceTPM size for the session
	// shall be at least 16 octets
	NonceCaller TPM2BNonce
	// value encrypted according to the type of tpmKey
	// If tpmKey is TPM_RH_NULL, this shall be the Empty Buffer.
	EncryptedSalt TPM2BEncryptedSecret
	// indicates the type of the session; simple HMAC or policy (including
	// a trial policy)
	SessionType TPMSE
	// the algorithm and key size for parameter encryption
	// may select transport.TPM_ALG_NULL
	Symmetric TPMTSymDef
	// hash algorithm to use for the session
	// Shall be a hash algorithm supported by the TPM and not transport.TPM_ALG_NULL
	AuthHash TPMIAlgHash
}

StartAuthSession is the input to TPM2_StartAuthSession. See definition in Part 3, Commands, section 11.1

func (StartAuthSession) Command added in v0.9.0

func (StartAuthSession) Command() TPMCC

Command implements the Command interface.

func (StartAuthSession) Execute added in v0.9.0

Execute executes the command and returns the response.

type StartAuthSessionResponse added in v0.9.0

type StartAuthSessionResponse struct {
	// handle for the newly created session
	SessionHandle TPMISHAuthSession `gotpm:"handle"`
	// the initial nonce from the TPM, used in the computation of the sessionKey
	NonceTPM TPM2BNonce
}

StartAuthSessionResponse is the response from TPM2_StartAuthSession.

type Startup

type Startup struct {
	// TPM_SU_CLEAR or TPM_SU_STATE
	StartupType TPMSU
}

Startup is the input to TPM2_Startup. See definition in Part 3, Commands, section 9.3.

func (Startup) Command added in v0.9.0

func (Startup) Command() TPMCC

Command implements the Command interface.

func (Startup) Execute added in v0.9.0

func (cmd Startup) Execute(t transport.TPM, s ...Session) (*StartupResponse, error)

Execute executes the command and returns the response.

type StartupResponse added in v0.9.0

type StartupResponse struct{}

StartupResponse is the response from TPM2_Startup.

type SymDetailsContents added in v0.9.0

type SymDetailsContents interface {
	TPMSEmpty
}

SymDetailsContents is a type constraint representing the possible contents of TPMUSymDetails.

type SymKeyBitsContents added in v0.9.0

type SymKeyBitsContents interface {
	TPMKeyBits | TPMAlgID
}

SymKeyBitsContents is a type constraint representing the possible contents of TPMUSymKeyBits.

type SymModeContents added in v0.9.0

type SymModeContents interface {
	TPMIAlgSymMode | TPMSEmpty
}

SymModeContents is a type constraint representing the possible contents of TPMUSymMode.

type TPM2B added in v0.9.0

type TPM2B[T Marshallable, P interface {
	*T
	Unmarshallable
}] struct {
	// contains filtered or unexported fields
}

TPM2B is a helper type for all sized TPM structures. It can be instantiated with either a raw byte buffer or the actual struct.

func BytesAs2B added in v0.9.0

func BytesAs2B[T Marshallable, P interface {
	*T
	Unmarshallable
}](b []byte) TPM2B[T, P]

BytesAs2B creates a new TPM2B containing the given byte array.

func New2B added in v0.9.0

func New2B[T Marshallable, P interface {
	*T
	Unmarshallable
}](t T) TPM2B[T, P]

New2B creates a new TPM2B containing the given contents.

func (*TPM2B[T, P]) Bytes added in v0.9.0

func (value *TPM2B[T, P]) Bytes() []byte

Bytes returns the inner contents of the TPM2B as a byte array, not including the length field.

func (*TPM2B[T, P]) Contents added in v0.9.0

func (value *TPM2B[T, P]) Contents() (*T, error)

Contents returns the structured contents of the TPM2B. It can fail if the TPM2B was instantiated with an invalid byte buffer.

type TPM2BAttest added in v0.9.0

type TPM2BAttest = TPM2B[TPMSAttest, *TPMSAttest]

TPM2BAttest represents a TPM2B_ATTEST. See definition in Part 2: Structures, section 10.12.13.

type TPM2BAuth added in v0.9.0

type TPM2BAuth TPM2BDigest

TPM2BAuth represents a TPM2B_AUTH. See definition in Part 2: Structures, section 10.4.5.

type TPM2BContextData added in v0.9.0

type TPM2BContextData TPM2BData

TPM2BContextData represents a TPM2B_CONTEXT_DATA See definition in Part 2: Structures, section 14.4. Represented here as a flat buffer because how a TPM chooses to represent its context data is implementation-dependent.

type TPM2BContextSensitive added in v0.9.0

type TPM2BContextSensitive TPM2BData

TPM2BContextSensitive represents a TPM2B_CONTEXT_SENSITIVE See definition in Part 2: Structures, section 14.2.

type TPM2BData added in v0.9.0

type TPM2BData struct {

	// size in octets of the buffer field; may be 0
	Buffer []byte `gotpm:"sized"`
	// contains filtered or unexported fields
}

TPM2BData represents a TPM2B_DATA. See definition in Part 2: Structures, section 10.4.3.

type TPM2BDerive added in v0.9.0

type TPM2BDerive = TPM2B[TPMSDerive, *TPMSDerive]

TPM2BDerive represents a TPM2B_DERIVE. See definition in Part 2: Structures, section 11.1.12.

type TPM2BDigest added in v0.9.0

type TPM2BDigest TPM2BData

TPM2BDigest represents a TPM2B_DIGEST. See definition in Part 2: Structures, section 10.4.2.

func CPHash added in v0.9.0

func CPHash[R any](alg TPMIAlgHash, cmd Command[R, *R]) (*TPM2BDigest, error)

CPHash calculates the TPM command parameter hash for a given Command. N.B. Authorization sessions on handles are ignored, but names aren't.

type TPM2BECCParameter added in v0.9.0

type TPM2BECCParameter TPM2BData

TPM2BECCParameter represents a TPM2B_ECC_PARAMETER. See definition in Part 2: Structures, section 11.2.5.1.

type TPM2BECCPoint added in v0.9.0

type TPM2BECCPoint = TPM2B[TPMSECCPoint, *TPMSECCPoint]

TPM2BECCPoint represents a TPM2B_ECC_POINT. See definition in Part 2: Structures, section 11.2.5.3.

type TPM2BEncryptedSecret added in v0.9.0

type TPM2BEncryptedSecret TPM2BData

TPM2BEncryptedSecret represents a TPM2B_ENCRYPTED_SECRET. See definition in Part 2: Structures, section 11.4.33.

type TPM2BEvent added in v0.9.0

type TPM2BEvent TPM2BData

TPM2BEvent represents a TPM2B_EVENT. See definition in Part 2: Structures, section 10.4.7.

type TPM2BIDObject added in v0.9.0

type TPM2BIDObject TPM2BData

TPM2BIDObject represents a TPM2B_ID_OBJECT. See definition in Part 2: Structures, section 12.4.3.

type TPM2BLabel added in v0.9.0

type TPM2BLabel TPM2BData

TPM2BLabel represents a TPM2B_LABEL. See definition in Part 2: Structures, section 11.1.10.

type TPM2BMaxBuffer added in v0.9.0

type TPM2BMaxBuffer TPM2BData

TPM2BMaxBuffer represents a TPM2B_MAX_BUFFER. See definition in Part 2: Structures, section 10.4.8.

type TPM2BMaxNVBuffer added in v0.9.0

type TPM2BMaxNVBuffer TPM2BData

TPM2BMaxNVBuffer represents a TPM2B_MAX_NV_BUFFER. See definition in Part 2: Structures, section 10.4.9.

type TPM2BNVPublic added in v0.9.0

type TPM2BNVPublic = TPM2B[TPMSNVPublic, *TPMSNVPublic]

TPM2BNVPublic represents a TPM2B_NV_PUBLIC. See definition in Part 2: Structures, section 13.6.

type TPM2BName added in v0.9.0

type TPM2BName TPM2BData

TPM2BName represents a TPM2B_NAME. See definition in Part 2: Structures, section 10.5.3. NOTE: This structure does not contain a TPMUName, because that union is not tagged with a selector. Instead, TPM2B_Name is flattened and all TPMDirect helpers that deal with names will deal with them as so.

func HandleName added in v0.9.0

func HandleName(h TPMHandle) TPM2BName

HandleName returns the TPM Name of a PCR, session, or permanent value (e.g., hierarchy) handle.

func NVName added in v0.9.0

func NVName(p *TPMSNVPublic) (*TPM2BName, error)

NVName returns the TPM Name of an NV index.

func ObjectName added in v0.9.0

func ObjectName(p *TPMTPublic) (*TPM2BName, error)

ObjectName returns the TPM Name of an object.

type TPM2BNonce added in v0.9.0

type TPM2BNonce TPM2BDigest

TPM2BNonce represents a TPM2B_NONCE. See definition in Part 2: Structures, section 10.4.4.

type TPM2BOperand added in v0.9.0

type TPM2BOperand TPM2BDigest

TPM2BOperand represents a TPM2B_Operand. See definition in Part 2: Structures, section 10.4.6.

type TPM2BPrivate added in v0.9.0

type TPM2BPrivate TPM2BData

TPM2BPrivate represents a TPM2B_PRIVATE. See definition in Part 2: Structures, section 12.3.7.

type TPM2BPrivateKeyRSA added in v0.9.0

type TPM2BPrivateKeyRSA TPM2BData

TPM2BPrivateKeyRSA representsa a TPM2B_PRIVATE_KEY_RSA. See definition in Part 2: Structures, section 11.2.4.7.

type TPM2BPublic added in v0.9.0

type TPM2BPublic = TPM2B[TPMTPublic, *TPMTPublic]

TPM2BPublic represents a TPM2B_PUBLIC. See definition in Part 2: Structures, section 12.2.5.

type TPM2BPublicKeyRSA added in v0.9.0

type TPM2BPublicKeyRSA TPM2BData

TPM2BPublicKeyRSA represents a TPM2B_PUBLIC_KEY_RSA. See definition in Part 2: Structures, section 11.2.4.5.

type TPM2BSensitive added in v0.9.0

type TPM2BSensitive = TPM2B[TPMTSensitive, *TPMTSensitive]

TPM2BSensitive represents a TPM2B_SENSITIVE. See definition in Part 2: Structures, section 12.3.3.

type TPM2BSensitiveCreate added in v0.9.0

type TPM2BSensitiveCreate struct {
	Sensitive *TPMSSensitiveCreate
}

TPM2BSensitiveCreate represents a TPM2B_SENSITIVE_CREATE. See definition in Part 2: Structures, section 11.1.16. This is a structure instead of an alias to TPM2B[TPMSSensitiveCreate], because it has custom marshalling logic for zero-valued parameters.

type TPM2BSensitiveData added in v0.9.0

type TPM2BSensitiveData TPM2BData

TPM2BSensitiveData represents a TPM2B_SENSITIVE_DATA. See definition in Part 2: Structures, section 11.1.14.

type TPM2BSymKey added in v0.9.0

type TPM2BSymKey TPM2BData

TPM2BSymKey represents a TPM2B_SYM_KEY. See definition in Part 2: Structures, section 11.1.8.

type TPM2BTemplate added in v0.9.0

type TPM2BTemplate TPM2BData

TPM2BTemplate represents a TPM2B_TEMPLATE. See definition in Part 2: Structures, section 12.2.6.

func New2BTemplate added in v0.9.0

func New2BTemplate[C TemplateContents](data C) TPM2BTemplate

New2BTemplate creates a TPM2BTemplate with the given data.

type TPM2BTimeout added in v0.9.0

type TPM2BTimeout TPM2BData

TPM2BTimeout represents a TPM2B_TIMEOUT. See definition in Part 2: Structures, section 10.4.10.

type TPMAACT added in v0.9.0

type TPMAACT struct {

	// SET (1): The ACT has signaled
	// CLEAR (0): The ACT has not signaled
	Signaled bool `gotpm:"bit=0"`
	// SET (1): The ACT signaled bit is preserved over a power cycle
	// CLEAR (0): The ACT signaled bit is not preserved over a power cycle
	PreserveSignaled bool `gotpm:"bit=1"`
	// contains filtered or unexported fields
}

TPMAACT represents a TPMA_ACT. See definition in Part 2: Structures, section 8.12.

func (TPMAACT) GetReservedBit added in v0.9.0

func (r TPMAACT) GetReservedBit(pos int) bool

GetReservedBit implements the BitGetter interface.

func (TPMAACT) Length added in v0.9.0

func (TPMAACT) Length() int

Length implements the Bitfield interface.

func (*TPMAACT) SetReservedBit added in v0.9.0

func (r *TPMAACT) SetReservedBit(pos int, val bool)

SetReservedBit implements the BitSetter interface.

type TPMAAlgorithm added in v0.9.0

type TPMAAlgorithm struct {

	// SET (1): an asymmetric algorithm with public and private portions
	// CLEAR (0): not an asymmetric algorithm
	Asymmetric bool `gotpm:"bit=0"`
	// SET (1): a symmetric block cipher
	// CLEAR (0): not a symmetric block cipher
	Symmetric bool `gotpm:"bit=1"`
	// SET (1): a hash algorithm
	// CLEAR (0): not a hash algorithm
	Hash bool `gotpm:"bit=2"`
	// SET (1): an algorithm that may be used as an object type
	// CLEAR (0): an algorithm that is not used as an object type
	Object bool `gotpm:"bit=3"`
	// SET (1): a signing algorithm. The setting of asymmetric,
	// symmetric, and hash will indicate the type of signing algorithm.
	// CLEAR (0): not a signing algorithm
	Signing bool `gotpm:"bit=8"`
	// SET (1): an encryption/decryption algorithm. The setting of
	// asymmetric, symmetric, and hash will indicate the type of
	// encryption/decryption algorithm.
	// CLEAR (0): not an encryption/decryption algorithm
	Encrypting bool `gotpm:"bit=9"`
	// SET (1): a method such as a key derivative function (KDF)
	// CLEAR (0): not a method
	Method bool `gotpm:"bit=10"`
	// contains filtered or unexported fields
}

TPMAAlgorithm represents a TPMA_ALGORITHM. See definition in Part 2: Structures, section 8.2.

func (TPMAAlgorithm) GetReservedBit added in v0.9.0

func (r TPMAAlgorithm) GetReservedBit(pos int) bool

GetReservedBit implements the BitGetter interface.

func (TPMAAlgorithm) Length added in v0.9.0

func (TPMAAlgorithm) Length() int

Length implements the Bitfield interface.

func (*TPMAAlgorithm) SetReservedBit added in v0.9.0

func (r *TPMAAlgorithm) SetReservedBit(pos int, val bool)

SetReservedBit implements the BitSetter interface.

type TPMACC added in v0.9.0

type TPMACC struct {

	// indicates the command being selected
	CommandIndex uint16 `gotpm:"bit=15:0"`
	// SET (1): indicates that the command may write to NV
	// CLEAR (0): indicates that the command does not write to NV
	NV bool `gotpm:"bit=22"`
	// SET (1): This command could flush any number of loaded contexts.
	// CLEAR (0): no additional changes other than indicated by the flushed attribute
	Extensive bool `gotpm:"bit=23"`
	// SET (1): The context associated with any transient handle in the command will be flushed when this command completes.
	// CLEAR (0): No context is flushed as a side effect of this command.
	Flushed bool `gotpm:"bit=24"`
	// indicates the number of the handles in the handle area for this command
	CHandles uint8 `gotpm:"bit=27:25"`
	// SET (1): indicates the presence of the handle area in the response
	RHandle bool `gotpm:"bit=28"`
	// SET (1): indicates that the command is vendor-specific
	// CLEAR (0): indicates that the command is defined in a version of this specification
	V bool `gotpm:"bit=29"`
	// contains filtered or unexported fields
}

TPMACC represents a TPMA_CC. See definition in Part 2: Structures, section 8.9.

func (TPMACC) GetReservedBit added in v0.9.0

func (r TPMACC) GetReservedBit(pos int) bool

GetReservedBit implements the BitGetter interface.

func (TPMACC) Length added in v0.9.0

func (TPMACC) Length() int

Length implements the Bitfield interface.

func (*TPMACC) SetReservedBit added in v0.9.0

func (r *TPMACC) SetReservedBit(pos int, val bool)

SetReservedBit implements the BitSetter interface.

type TPMALocality added in v0.9.0

type TPMALocality struct {
	TPMLocZero  bool `gotpm:"bit=0"`
	TPMLocOne   bool `gotpm:"bit=1"`
	TPMLocTwo   bool `gotpm:"bit=2"`
	TPMLocThree bool `gotpm:"bit=3"`
	TPMLocFour  bool `gotpm:"bit=4"`
	// If any of these bits is set, an extended locality is indicated
	Extended uint8 `gotpm:"bit=7:5"`
	// contains filtered or unexported fields
}

TPMALocality represents a TPMA_LOCALITY. See definition in Part 2: Structures, section 8.5.

func (TPMALocality) GetReservedBit added in v0.9.0

func (r TPMALocality) GetReservedBit(pos int) bool

GetReservedBit implements the BitGetter interface.

func (TPMALocality) Length added in v0.9.0

func (TPMALocality) Length() int

Length implements the Bitfield interface.

func (*TPMALocality) SetReservedBit added in v0.9.0

func (r *TPMALocality) SetReservedBit(pos int, val bool)

SetReservedBit implements the BitSetter interface.

type TPMANV added in v0.9.0

type TPMANV struct {

	// SET (1): The Index data can be written if Platform Authorization is
	// provided.
	// CLEAR (0): Writing of the Index data cannot be authorized with
	// Platform Authorization.
	PPWrite bool `gotpm:"bit=0"`
	// SET (1): The Index data can be written if Owner Authorization is
	// provided.
	// CLEAR (0): Writing of the Index data cannot be authorized with Owner
	// Authorization.
	OwnerWrite bool `gotpm:"bit=1"`
	// SET (1): Authorizations to change the Index contents that require
	// USER role may be provided with an HMAC session or password.
	// CLEAR (0): Authorizations to change the Index contents that require
	// USER role may not be provided with an HMAC session or password.
	AuthWrite bool `gotpm:"bit=2"`
	// SET (1): Authorizations to change the Index contents that require
	// USER role may be provided with a policy session.
	// CLEAR (0): Authorizations to change the Index contents that require
	// USER role may not be provided with a policy session.
	PolicyWrite bool `gotpm:"bit=3"`
	// The type of the index.
	NT TPMNT `gotpm:"bit=7:4"`
	// SET (1): Index may not be deleted unless the authPolicy is satisfied
	// using TPM2_NV_UndefineSpaceSpecial().
	// CLEAR (0): Index may be deleted with proper platform or owner
	// authorization using TPM2_NV_UndefineSpace().
	PolicyDelete bool `gotpm:"bit=10"`
	// SET (1): Index cannot be written.
	// CLEAR (0): Index can be written.
	WriteLocked bool `gotpm:"bit=11"`
	// SET (1): A partial write of the Index data is not allowed. The write
	// size shall match the defined space size.
	// CLEAR (0): Partial writes are allowed. This setting is required if
	// the .dataSize of the Index is larger than NV_MAX_BUFFER_SIZE for the
	// implementation.
	WriteAll bool `gotpm:"bit=12"`
	// SET (1): TPM2_NV_WriteLock() may be used to prevent further writes
	// to this location.
	// CLEAR (0): TPM2_NV_WriteLock() does not block subsequent writes if
	// TPMA_NV_WRITE_STCLEAR is also CLEAR.
	WriteDefine bool `gotpm:"bit=13"`
	// SET (1): TPM2_NV_WriteLock() may be used to prevent further writes
	// to this location until the next TPM Reset or TPM Restart.
	// CLEAR (0): TPM2_NV_WriteLock() does not block subsequent writes if
	// TPMA_NV_WRITEDEFINE is also CLEAR.
	WriteSTClear bool `gotpm:"bit=14"`
	// SET (1): If TPM2_NV_GlobalWriteLock() is successful,
	// TPMA_NV_WRITELOCKED is set.
	// CLEAR (0): TPM2_NV_GlobalWriteLock() has no effect on the writing of
	// the data at this Index.
	GlobalLock bool `gotpm:"bit=15"`
	// SET (1): The Index data can be read if Platform Authorization is
	// provided.
	// CLEAR (0): Reading of the Index data cannot be authorized with
	// Platform Authorization.
	PPRead bool `gotpm:"bit=16"`
	// SET (1): The Index data can be read if Owner Authorization is
	// provided.
	// CLEAR (0): Reading of the Index data cannot be authorized with Owner
	// Authorization.
	OwnerRead bool `gotpm:"bit=17"`
	// SET (1): The Index data may be read if the authValue is provided.
	// CLEAR (0): Reading of the Index data cannot be authorized with the
	// Index authValue.
	AuthRead bool `gotpm:"bit=18"`
	// SET (1): The Index data may be read if the authPolicy is satisfied.
	// CLEAR (0): Reading of the Index data cannot be authorized with the
	// Index authPolicy.
	PolicyRead bool `gotpm:"bit=19"`
	// SET (1): Authorization failures of the Index do not affect the DA
	// logic and authorization of the Index is not blocked when the TPM is
	// in Lockout mode.
	// CLEAR (0): Authorization failures of the Index will increment the
	// authorization failure counter and authorizations of this Index are
	// not allowed when the TPM is in Lockout mode.
	NoDA bool `gotpm:"bit=25"`
	// SET (1): NV Index state is only required to be saved when the TPM
	// performs an orderly shutdown (TPM2_Shutdown()).
	// CLEAR (0): NV Index state is required to be persistent after the
	// command to update the Index completes successfully (that is, the NV
	// update is synchronous with the update command).
	Orderly bool `gotpm:"bit=26"`
	// SET (1): TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM
	// Restart.
	// CLEAR (0): TPMA_NV_WRITTEN is not changed by TPM Restart.
	ClearSTClear bool `gotpm:"bit=27"`
	// SET (1): Reads of the Index are blocked until the next TPM Reset or
	// TPM Restart.
	// CLEAR (0): Reads of the Index are allowed if proper authorization is
	// provided.
	ReadLocked bool `gotpm:"bit=28"`
	// SET (1): Index has been written.
	// CLEAR (0): Index has not been written.
	Written bool `gotpm:"bit=29"`
	// SET (1): This Index may be undefined with Platform Authorization
	// but not with Owner Authorization.
	// CLEAR (0): This Index may be undefined using Owner Authorization but
	// not with Platform Authorization.
	PlatformCreate bool `gotpm:"bit=30"`
	// SET (1): TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED
	// for this Index.
	// CLEAR (0): TPM2_NV_ReadLock() has no effect on this Index.
	ReadSTClear bool `gotpm:"bit=31"`
	// contains filtered or unexported fields
}

TPMANV represents a TPMA_NV. See definition in Part 2: Structures, section 13.4.

func (TPMANV) GetReservedBit added in v0.9.0

func (r TPMANV) GetReservedBit(pos int) bool

GetReservedBit implements the BitGetter interface.

func (TPMANV) Length added in v0.9.0

func (TPMANV) Length() int

Length implements the Bitfield interface.

func (*TPMANV) SetReservedBit added in v0.9.0

func (r *TPMANV) SetReservedBit(pos int, val bool)

SetReservedBit implements the BitSetter interface.

type TPMAObject added in v0.9.0

type TPMAObject struct {

	// SET (1): The hierarchy of the object, as indicated by its
	// Qualified Name, may not change.
	// CLEAR (0): The hierarchy of the object may change as a result
	// of this object or an ancestor key being duplicated for use in
	// another hierarchy.
	FixedTPM bool `gotpm:"bit=1"`
	// SET (1): Previously saved contexts of this object may not be
	// loaded after Startup(CLEAR).
	// CLEAR (0): Saved contexts of this object may be used after a
	// Shutdown(STATE) and subsequent Startup().
	STClear bool `gotpm:"bit=2"`
	// SET (1): The parent of the object may not change.
	// CLEAR (0): The parent of the object may change as the result of
	// a TPM2_Duplicate() of the object.
	FixedParent bool `gotpm:"bit=4"`
	// SET (1): Indicates that, when the object was created with
	// TPM2_Create() or TPM2_CreatePrimary(), the TPM generated all of
	// the sensitive data other than the authValue.
	// CLEAR (0): A portion of the sensitive data, other than the
	// authValue, was provided by the caller.
	SensitiveDataOrigin bool `gotpm:"bit=5"`
	// SET (1): Approval of USER role actions with this object may be
	// with an HMAC session or with a password using the authValue of
	// the object or a policy session.
	// CLEAR (0): Approval of USER role actions with this object may
	// only be done with a policy session.
	UserWithAuth bool `gotpm:"bit=6"`
	// SET (1): Approval of ADMIN role actions with this object may
	// only be done with a policy session.
	// CLEAR (0): Approval of ADMIN role actions with this object may
	// be with an HMAC session or with a password using the authValue
	// of the object or a policy session.
	AdminWithPolicy bool `gotpm:"bit=7"`
	// SET (1): The object is not subject to dictionary attack
	// protections.
	// CLEAR (0): The object is subject to dictionary attack
	// protections.
	NoDA bool `gotpm:"bit=10"`
	// SET (1): If the object is duplicated, then symmetricAlg shall
	// not be TPM_ALG_NULL and newParentHandle shall not be
	// TPM_RH_NULL.
	// CLEAR (0): The object may be duplicated without an inner
	// wrapper on the private portion of the object and the new parent
	// may be TPM_RH_NULL.
	EncryptedDuplication bool `gotpm:"bit=11"`
	// SET (1): Key usage is restricted to manipulate structures of
	// known format; the parent of this key shall have restricted SET.
	// CLEAR (0): Key usage is not restricted to use on special
	// formats.
	Restricted bool `gotpm:"bit=16"`
	// SET (1): The private portion of the key may be used to decrypt.
	// CLEAR (0): The private portion of the key may not be used to
	// decrypt.
	Decrypt bool `gotpm:"bit=17"`
	// SET (1): For a symmetric cipher object, the private portion of
	// the key may be used to encrypt. For other objects, the private
	// portion of the key may be used to sign.
	// CLEAR (0): The private portion of the key may not be used to
	// sign or encrypt.
	SignEncrypt bool `gotpm:"bit=18"`
	// SET (1): An asymmetric key that may not be used to sign with
	// TPM2_Sign() CLEAR (0): A key that may be used with TPM2_Sign()
	// if sign is SET
	// NOTE: This attribute only has significance if sign is SET.
	X509Sign bool `gotpm:"bit=19"`
	// contains filtered or unexported fields
}

TPMAObject represents a TPMA_OBJECT. See definition in Part 2: Structures, section 8.3.2.

func (TPMAObject) GetReservedBit added in v0.9.0

func (r TPMAObject) GetReservedBit(pos int) bool

GetReservedBit implements the BitGetter interface.

func (TPMAObject) Length added in v0.9.0

func (TPMAObject) Length() int

Length implements the Bitfield interface.

func (*TPMAObject) SetReservedBit added in v0.9.0

func (r *TPMAObject) SetReservedBit(pos int, val bool)

SetReservedBit implements the BitSetter interface.

type TPMASession added in v0.9.0

type TPMASession struct {

	// SET (1): In a command, this setting indicates that the session
	// is to remain active after successful completion of the command.
	// In a response, it indicates that the session is still active.
	// If SET in the command, this attribute shall be SET in the response.
	// CLEAR (0): In a command, this setting indicates that the TPM should
	// close the session and flush any related context when the command
	// completes successfully. In a response, it indicates that the
	// session is closed and the context is no longer active.
	// This attribute has no meaning for a password authorization and the
	// TPM will allow any setting of the attribute in the command and SET
	// the attribute in the response.
	ContinueSession bool `gotpm:"bit=0"`
	// SET (1): In a command, this setting indicates that the command
	// should only be executed if the session is exclusive at the start of
	// the command. In a response, it indicates that the session is
	// exclusive. This setting is only allowed if the audit attribute is
	// SET (TPM_RC_ATTRIBUTES).
	// CLEAR (0): In a command, indicates that the session need not be
	// exclusive at the start of the command. In a response, indicates that
	// the session is not exclusive.
	AuditExclusive bool `gotpm:"bit=1"`
	// SET (1): In a command, this setting indicates that the audit digest
	// of the session should be initialized and the exclusive status of the
	// session SET. This setting is only allowed if the audit attribute is
	// SET (TPM_RC_ATTRIBUTES).
	// CLEAR (0): In a command, indicates that the audit digest should not
	// be initialized. This bit is always CLEAR in a response.
	AuditReset bool `gotpm:"bit=2"`
	// SET (1): In a command, this setting indicates that the first
	// parameter in the command is symmetrically encrypted using the
	// parameter encryption scheme described in TPM 2.0 Part 1. The TPM will
	// decrypt the parameter after performing any HMAC computations and
	// before unmarshaling the parameter. In a response, the attribute is
	// copied from the request but has no effect on the response.
	// CLEAR (0): Session not used for encryption.
	// For a password authorization, this attribute will be CLEAR in both the
	// command and response.
	Decrypt bool `gotpm:"bit=5"`
	// SET (1): In a command, this setting indicates that the TPM should use
	// this session to encrypt the first parameter in the response. In a
	// response, it indicates that the attribute was set in the command and
	// that the TPM used the session to encrypt the first parameter in the
	// response using the parameter encryption scheme described in TPM 2.0
	// Part 1.
	// CLEAR (0): Session not used for encryption.
	// For a password authorization, this attribute will be CLEAR in both the
	// command and response.
	Encrypt bool `gotpm:"bit=6"`
	// SET (1): In a command or response, this setting indicates that the
	// session is for audit and that auditExclusive and auditReset have
	// meaning. This session may also be used for authorization, encryption,
	// or decryption. The encrypted and encrypt fields may be SET or CLEAR.
	// CLEAR (0): Session is not used for audit.
	// If SET in the command, then this attribute will be SET in the response.
	Audit bool `gotpm:"bit=7"`
	// contains filtered or unexported fields
}

TPMASession represents a TPMA_SESSION. See definition in Part 2: Structures, section 8.4.

func (TPMASession) GetReservedBit added in v0.9.0

func (r TPMASession) GetReservedBit(pos int) bool

GetReservedBit implements the BitGetter interface.

func (TPMASession) Length added in v0.9.0

func (TPMASession) Length() int

Length implements the Bitfield interface.

func (*TPMASession) SetReservedBit added in v0.9.0

func (r *TPMASession) SetReservedBit(pos int, val bool)

SetReservedBit implements the BitSetter interface.

type TPMAlgID added in v0.9.0

type TPMAlgID uint16

TPMAlgID represents a TPM_ALG_ID. See definition in Part 2: Structures, section 6.3.

const (
	TPMAlgRSA          TPMAlgID = 0x0001
	TPMAlgTDES         TPMAlgID = 0x0003
	TPMAlgSHA1         TPMAlgID = 0x0004
	TPMAlgHMAC         TPMAlgID = 0x0005
	TPMAlgAES          TPMAlgID = 0x0006
	TPMAlgMGF1         TPMAlgID = 0x0007
	TPMAlgKeyedHash    TPMAlgID = 0x0008
	TPMAlgXOR          TPMAlgID = 0x000A
	TPMAlgSHA256       TPMAlgID = 0x000B
	TPMAlgSHA384       TPMAlgID = 0x000C
	TPMAlgSHA512       TPMAlgID = 0x000D
	TPMAlgNull         TPMAlgID = 0x0010
	TPMAlgSM3256       TPMAlgID = 0x0012
	TPMAlgSM4          TPMAlgID = 0x0013
	TPMAlgRSASSA       TPMAlgID = 0x0014
	TPMAlgRSAES        TPMAlgID = 0x0015
	TPMAlgRSAPSS       TPMAlgID = 0x0016
	TPMAlgOAEP         TPMAlgID = 0x0017
	TPMAlgECDSA        TPMAlgID = 0x0018
	TPMAlgECDH         TPMAlgID = 0x0019
	TPMAlgECDAA        TPMAlgID = 0x001A
	TPMAlgSM2          TPMAlgID = 0x001B
	TPMAlgECSchnorr    TPMAlgID = 0x001C
	TPMAlgECMQV        TPMAlgID = 0x001D
	TPMAlgKDF1SP80056A TPMAlgID = 0x0020
	TPMAlgKDF2         TPMAlgID = 0x0021
	TPMAlgKDF1SP800108 TPMAlgID = 0x0022
	TPMAlgECC          TPMAlgID = 0x0023
	TPMAlgSymCipher    TPMAlgID = 0x0025
	TPMAlgCamellia     TPMAlgID = 0x0026
	TPMAlgSHA3256      TPMAlgID = 0x0027
	TPMAlgSHA3384      TPMAlgID = 0x0028
	TPMAlgSHA3512      TPMAlgID = 0x0029
	TPMAlgCMAC         TPMAlgID = 0x003F
	TPMAlgCTR          TPMAlgID = 0x0040
	TPMAlgOFB          TPMAlgID = 0x0041
	TPMAlgCBC          TPMAlgID = 0x0042
	TPMAlgCFB          TPMAlgID = 0x0043
	TPMAlgECB          TPMAlgID = 0x0044
)

TPMAlgID values come from Part 2: Structures, section 6.3.

type TPMAlgorithmID added in v0.9.0

type TPMAlgorithmID uint32

TPMAlgorithmID represents a TPM_ALGORITHM_ID this is the 1.2 compatible form of the TPM_ALG_ID See definition in Part 2, Structures, section 5.3.

type TPMAuthorizationSize added in v0.9.0

type TPMAuthorizationSize uint32

TPMAuthorizationSize represents a TPM_AUTHORIZATION_SIZE. the authorizationSize parameter in a command See definition in Part 2, Structures, section 5.3.

type TPMCC added in v0.9.0

type TPMCC uint32

TPMCC represents a TPM_CC. See definition in Part 2: Structures, section 6.5.2.

const (
	TPMCCNVUndefineSpaceSpecial     TPMCC = 0x0000011F
	TPMCCEvictControl               TPMCC = 0x00000120
	TPMCCHierarchyControl           TPMCC = 0x00000121
	TPMCCNVUndefineSpace            TPMCC = 0x00000122
	TPMCCChangeEPS                  TPMCC = 0x00000124
	TPMCCChangePPS                  TPMCC = 0x00000125
	TPMCCClear                      TPMCC = 0x00000126
	TPMCCClearControl               TPMCC = 0x00000127
	TPMCCClockSet                   TPMCC = 0x00000128
	TPMCCHierarchyChanegAuth        TPMCC = 0x00000129
	TPMCCNVDefineSpace              TPMCC = 0x0000012A
	TPMCCPCRAllocate                TPMCC = 0x0000012B
	TPMCCPCRSetAuthPolicy           TPMCC = 0x0000012C
	TPMCCPPCommands                 TPMCC = 0x0000012D
	TPMCCSetPrimaryPolicy           TPMCC = 0x0000012E
	TPMCCFieldUpgradeStart          TPMCC = 0x0000012F
	TPMCCClockRateAdjust            TPMCC = 0x00000130
	TPMCCCreatePrimary              TPMCC = 0x00000131
	TPMCCNVGlobalWriteLock          TPMCC = 0x00000132
	TPMCCGetCommandAuditDigest      TPMCC = 0x00000133
	TPMCCNVIncrement                TPMCC = 0x00000134
	TPMCCNVSetBits                  TPMCC = 0x00000135
	TPMCCNVExtend                   TPMCC = 0x00000136
	TPMCCNVWrite                    TPMCC = 0x00000137
	TPMCCNVWriteLock                TPMCC = 0x00000138
	TPMCCDictionaryAttackLockReset  TPMCC = 0x00000139
	TPMCCDictionaryAttackParameters TPMCC = 0x0000013A
	TPMCCNVChangeAuth               TPMCC = 0x0000013B
	TPMCCPCREvent                   TPMCC = 0x0000013C
	TPMCCPCRReset                   TPMCC = 0x0000013D
	TPMCCSequenceComplete           TPMCC = 0x0000013E
	TPMCCSetAlgorithmSet            TPMCC = 0x0000013F
	TPMCCSetCommandCodeAuditStatus  TPMCC = 0x00000140
	TPMCCFieldUpgradeData           TPMCC = 0x00000141
	TPMCCIncrementalSelfTest        TPMCC = 0x00000142
	TPMCCSelfTest                   TPMCC = 0x00000143
	TPMCCStartup                    TPMCC = 0x00000144
	TPMCCShutdown                   TPMCC = 0x00000145
	TPMCCStirRandom                 TPMCC = 0x00000146
	TPMCCActivateCredential         TPMCC = 0x00000147
	TPMCCCertify                    TPMCC = 0x00000148
	TPMCCPolicyNV                   TPMCC = 0x00000149
	TPMCCCertifyCreation            TPMCC = 0x0000014A
	TPMCCDuplicate                  TPMCC = 0x0000014B
	TPMCCGetTime                    TPMCC = 0x0000014C
	TPMCCGetSessionAuditDigest      TPMCC = 0x0000014D
	TPMCCNVRead                     TPMCC = 0x0000014E
	TPMCCNVReadLock                 TPMCC = 0x0000014F
	TPMCCObjectChangeAuth           TPMCC = 0x00000150
	TPMCCPolicySecret               TPMCC = 0x00000151
	TPMCCRewrap                     TPMCC = 0x00000152
	TPMCCCreate                     TPMCC = 0x00000153
	TPMCCECDHZGen                   TPMCC = 0x00000154
	TPMCCMAC                        TPMCC = 0x00000155
	TPMCCImport                     TPMCC = 0x00000156
	TPMCCLoad                       TPMCC = 0x00000157
	TPMCCQuote                      TPMCC = 0x00000158
	TPMCCRSADecrypt                 TPMCC = 0x00000159
	TPMCCMACStart                   TPMCC = 0x0000015B
	TPMCCSequenceUpdate             TPMCC = 0x0000015C
	TPMCCSign                       TPMCC = 0x0000015D
	TPMCCUnseal                     TPMCC = 0x0000015E
	TPMCCPolicySigned               TPMCC = 0x00000160
	TPMCCContextLoad                TPMCC = 0x00000161
	TPMCCContextSave                TPMCC = 0x00000162
	TPMCCECDHKeyGen                 TPMCC = 0x00000163
	TPMCCEncryptDecrypt             TPMCC = 0x00000164
	TPMCCFlushContext               TPMCC = 0x00000165
	TPMCCLoadExternal               TPMCC = 0x00000167
	TPMCCMakeCredential             TPMCC = 0x00000168
	TPMCCNVReadPublic               TPMCC = 0x00000169
	TPMCCPolicyAuthorize            TPMCC = 0x0000016A
	TPMCCPolicyAuthValue            TPMCC = 0x0000016B
	TPMCCPolicyCommandCode          TPMCC = 0x0000016C
	TPMCCPolicyCounterTimer         TPMCC = 0x0000016D
	TPMCCPolicyCpHash               TPMCC = 0x0000016E
	TPMCCPolicyLocality             TPMCC = 0x0000016F
	TPMCCPolicyNameHash             TPMCC = 0x00000170
	TPMCCPolicyOR                   TPMCC = 0x00000171
	TPMCCPolicyTicket               TPMCC = 0x00000172
	TPMCCReadPublic                 TPMCC = 0x00000173
	TPMCCRSAEncrypt                 TPMCC = 0x00000174
	TPMCCStartAuthSession           TPMCC = 0x00000176
	TPMCCVerifySignature            TPMCC = 0x00000177
	TPMCCECCParameters              TPMCC = 0x00000178
	TPMCCFirmwareRead               TPMCC = 0x00000179
	TPMCCGetCapability              TPMCC = 0x0000017A
	TPMCCGetRandom                  TPMCC = 0x0000017B
	TPMCCGetTestResult              TPMCC = 0x0000017C
	TPMCCHash                       TPMCC = 0x0000017D
	TPMCCPCRRead                    TPMCC = 0x0000017E
	TPMCCPolicyPCR                  TPMCC = 0x0000017F
	TPMCCPolicyRestart              TPMCC = 0x00000180
	TPMCCReadClock                  TPMCC = 0x00000181
	TPMCCPCRExtend                  TPMCC = 0x00000182
	TPMCCPCRSetAuthValue            TPMCC = 0x00000183
	TPMCCNVCertify                  TPMCC = 0x00000184
	TPMCCEventSequenceComplete      TPMCC = 0x00000185
	TPMCCHashSequenceStart          TPMCC = 0x00000186
	TPMCCPolicyPhysicalPresence     TPMCC = 0x00000187
	TPMCCPolicyDuplicationSelect    TPMCC = 0x00000188
	TPMCCPolicyGetDigest            TPMCC = 0x00000189
	TPMCCTestParms                  TPMCC = 0x0000018A
	TPMCCCommit                     TPMCC = 0x0000018B
	TPMCCPolicyPassword             TPMCC = 0x0000018C
	TPMCCZGen2Phase                 TPMCC = 0x0000018D
	TPMCCECEphemeral                TPMCC = 0x0000018E
	TPMCCPolicyNvWritten            TPMCC = 0x0000018F
	TPMCCPolicyTemplate             TPMCC = 0x00000190
	TPMCCCreateLoaded               TPMCC = 0x00000191
	TPMCCPolicyAuthorizeNV          TPMCC = 0x00000192
	TPMCCEncryptDecrypt2            TPMCC = 0x00000193
	TPMCCACGetCapability            TPMCC = 0x00000194
	TPMCCACSend                     TPMCC = 0x00000195
	TPMCCPolicyACSendSelect         TPMCC = 0x00000196
	TPMCCCertifyX509                TPMCC = 0x00000197
	TPMCCACTSetTimeout              TPMCC = 0x00000198
)

TPMCC values come from Part 2: Structures, section 6.5.2.

type TPMCap added in v0.9.0

type TPMCap uint32

TPMCap represents a TPM_CAP. See definition in Part 2: Structures, section 6.12.

const (
	TPMCapAlgs          TPMCap = 0x00000000
	TPMCapHandles       TPMCap = 0x00000001
	TPMCapCommands      TPMCap = 0x00000002
	TPMCapPPCommands    TPMCap = 0x00000003
	TPMCapAuditCommands TPMCap = 0x00000004
	TPMCapPCRs          TPMCap = 0x00000005
	TPMCapTPMProperties TPMCap = 0x00000006
	TPMCapPCRProperties TPMCap = 0x00000007
	TPMCapECCCurves     TPMCap = 0x00000008
	TPMCapAuthPolicies  TPMCap = 0x00000009
	TPMCapACT           TPMCap = 0x0000000A
)

TPMCap values come from Part 2: Structures, section 6.12.

type TPMCmdHeader added in v0.9.0

type TPMCmdHeader struct {
	Tag         TPMISTCommandTag
	Length      uint32
	CommandCode TPMCC
	// contains filtered or unexported fields
}

TPMCmdHeader is the header structure in front of any TPM command. It is described in Part 1, Architecture.

type TPMECCCurve added in v0.9.0

type TPMECCCurve uint16

TPMECCCurve represents a TPM_ECC_Curve. See definition in Part 2: Structures, section 6.4.

const (
	TPMECCNone     TPMECCCurve = 0x0000
	TPMECCNistP192 TPMECCCurve = 0x0001
	TPMECCNistP224 TPMECCCurve = 0x0002
	TPMECCNistP256 TPMECCCurve = 0x0003
	TPMECCNistP384 TPMECCCurve = 0x0004
	TPMECCNistP521 TPMECCCurve = 0x0005
	TPMECCBNP256   TPMECCCurve = 0x0010
	TPMECCBNP638   TPMECCCurve = 0x0011
	TPMECCSM2P256  TPMECCCurve = 0x0020
)

TPMECCCurve values come from Part 2: Structures, section 6.4.

func (TPMECCCurve) Curve added in v0.9.0

func (c TPMECCCurve) Curve() (elliptic.Curve, error)

Curve returns the elliptic.Curve associated with a TPMECCCurve.

func (TPMECCCurve) ECDHCurve added in v0.9.1

func (c TPMECCCurve) ECDHCurve() (ecdh.Curve, error)

ECDHCurve returns the ecdh.Curve associated with a TPMECCCurve.

type TPMEO added in v0.9.0

type TPMEO uint16

TPMEO represents a TPM_EO. See definition in Part 2: Structures, section 6.8.

const (
	TPMEOEq         TPMEO = 0x0000
	TPMEONeq        TPMEO = 0x0001
	TPMEOSignedGT   TPMEO = 0x0002
	TPMEOUnsignedGT TPMEO = 0x0003
	TPMEOSignedLT   TPMEO = 0x0004
	TPMEOUnsignedLT TPMEO = 0x0005
	TPMEOSignedGE   TPMEO = 0x0006
	TPMEOUnsignedGE TPMEO = 0x0007
	TPMEOSignedLE   TPMEO = 0x0008
	TPMEOUnsignedLE TPMEO = 0x0009
	TPMEOBitSet     TPMEO = 0x000A
	TPMEOBitClear   TPMEO = 0x000B
)

TPMEO values come from Part 2: Structures, section 6.8.

type TPMFmt1Error added in v0.9.0

type TPMFmt1Error struct {
	// contains filtered or unexported fields
}

TPMFmt1Error represents a TPM 2.0 format-1 error, with additional information.

func (TPMFmt1Error) Error added in v0.9.0

func (e TPMFmt1Error) Error() string

Error returns the string representation of the error.

func (TPMFmt1Error) Handle added in v0.9.0

func (e TPMFmt1Error) Handle() (bool, int)

Handle returns whether the error is handle-related and if so, which handle is in error.

func (TPMFmt1Error) Parameter added in v0.9.0

func (e TPMFmt1Error) Parameter() (bool, int)

Parameter returns whether the error is handle-related and if so, which handle is in error.

func (TPMFmt1Error) Session added in v0.9.0

func (e TPMFmt1Error) Session() (bool, int)

Session returns whether the error is handle-related and if so, which handle is in error.

type TPMGenerated added in v0.9.0

type TPMGenerated uint32

TPMGenerated represents a TPM_GENERATED. See definition in Part 2: Structures, section 6.2.

const (
	TPMGeneratedValue TPMGenerated = 0xff544347
)

Generated values come from Part 2: Structures, section 6.2.

func (TPMGenerated) Check added in v0.9.0

func (g TPMGenerated) Check() error

Check verifies that a TPMGenerated value is correct, and returns an error otherwise.

type TPMHT added in v0.9.0

type TPMHT uint8

TPMHT represents a TPM_HT. See definition in Part 2: Structures, section 7.2.

const (
	TPMHTPCR           TPMHT = 0x00
	TPMHTNVIndex       TPMHT = 0x01
	TPMHTHMACSession   TPMHT = 0x02
	TPMHTPolicySession TPMHT = 0x03
	TPMHTPermanent     TPMHT = 0x40
	TPMHTTransient     TPMHT = 0x80
	TPMHTPersistent    TPMHT = 0x81
	TPMHTAC            TPMHT = 0x90
)

TPMHT values come from Part 2: Structures, section 7.2.

type TPMHandle added in v0.9.0

type TPMHandle uint32

TPMHandle represents a TPM_HANDLE. See definition in Part 2: Structures, section 7.1.

const (
	TPMRHOwner       TPMHandle = 0x40000001
	TPMRHNull        TPMHandle = 0x40000007
	TPMRSPW          TPMHandle = 0x40000009
	TPMRHLockout     TPMHandle = 0x4000000A
	TPMRHEndorsement TPMHandle = 0x4000000B
	TPMRHPlatform    TPMHandle = 0x4000000C
	TPMRHPlatformNV  TPMHandle = 0x4000000D
)

TPMHandle values come from Part 2: Structures, section 7.4.

func (TPMHandle) HandleValue added in v0.9.0

func (h TPMHandle) HandleValue() uint32

HandleValue returns the handle value. This behavior is intended to satisfy an interface that can be implemented by other, more complex types as well.

func (TPMHandle) KnownName added in v0.9.0

func (h TPMHandle) KnownName() *TPM2BName

KnownName returns the TPM Name associated with the handle, if it can be known based only on the handle. This depends upon the value of the handle: only PCR, session, and permanent values have known constant Names. See definition in part 1: Architecture, section 16.

type TPMIAlgECCScheme added in v0.9.0

type TPMIAlgECCScheme = TPMAlgID

TPMIAlgECCScheme represents a TPMI_ALG_ECC_SCHEME. See definition in Part 2: Structures, section 11.2.5.4.

type TPMIAlgHash added in v0.9.0

type TPMIAlgHash = TPMAlgID

TPMIAlgHash represents a TPMI_ALG_HASH. See definition in Part 2: Structures, section 9.27.

func (TPMIAlgHash) Hash added in v0.9.0

func (a TPMIAlgHash) Hash() (crypto.Hash, error)

Hash returns the crypto.Hash associated with a TPMIAlgHash.

type TPMIAlgKDF added in v0.9.0

type TPMIAlgKDF = TPMAlgID

TPMIAlgKDF represents a TPMI_ALG_KDF. See definition in Part 2: Structures, section 9.32.

type TPMIAlgKeyedHashScheme added in v0.9.0

type TPMIAlgKeyedHashScheme = TPMAlgID

TPMIAlgKeyedHashScheme represents a TPMI_ALG_KEYEDHASH_SCHEME. See definition in Part 2: Structures, section 11.1.19.

type TPMIAlgPublic added in v0.9.0

type TPMIAlgPublic = TPMAlgID

TPMIAlgPublic represents a TPMI_ALG_PUBLIC. See definition in Part 2: Structures, section 12.2.2.

type TPMIAlgRSADecrypt added in v0.9.1

type TPMIAlgRSADecrypt = TPMAlgID

TPMIAlgRSADecrypt represents a TPMI_ALG_RSA_DECRYPT. See definition in Part 2: Structures, section 11.2.4.3.

type TPMIAlgRSAScheme added in v0.9.0

type TPMIAlgRSAScheme = TPMAlgID

TPMIAlgRSAScheme represents a TPMI_ALG_RSA_SCHEME. See definition in Part 2: Structures, section 11.2.4.1.

type TPMIAlgSigScheme added in v0.9.0

type TPMIAlgSigScheme = TPMAlgID

TPMIAlgSigScheme represents a TPMI_ALG_SIG_SCHEME. See definition in Part 2: Structures, section 9.33.

type TPMIAlgSym added in v0.9.0

type TPMIAlgSym = TPMAlgID

TPMIAlgSym represents a TPMI_ALG_SYM. See definition in Part 2: Structures, section 9.29.

type TPMIAlgSymMode added in v0.9.0

type TPMIAlgSymMode = TPMAlgID

TPMIAlgSymMode represents a TPMI_ALG_SYM_MODE. See definition in Part 2: Structures, section 9.31.

type TPMIAlgSymObject added in v0.9.0

type TPMIAlgSymObject = TPMAlgID

TPMIAlgSymObject represents a TPMI_ALG_SYM_OBJECT. See definition in Part 2: Structures, section 9.30.

type TPMIDHContext added in v0.9.0

type TPMIDHContext = TPMHandle

TPMIDHContext represents a TPMI_DH_CONTEXT. See definition in Part 2: Structures, section 9.11.

type TPMIDHEntity added in v0.9.0

type TPMIDHEntity = TPMHandle

TPMIDHEntity represents a TPMI_DH_ENTITY. See definition in Part 2: Structures, section 9.6.

type TPMIDHObject added in v0.9.0

type TPMIDHObject = TPMHandle

TPMIDHObject represents a TPMI_DH_OBJECT. See definition in Part 2: Structures, section 9.3.

type TPMIDHPersistent added in v0.9.1

type TPMIDHPersistent = TPMHandle

TPMIDHPersistent represents a TPMI_DH_PERSISTENT. See definition in Part 2: Structures, section 9.5.

type TPMIDHSaved added in v0.9.0

type TPMIDHSaved = TPMHandle

TPMIDHSaved represents a TPMI_DH_SAVED. See definition in Part 2: Structures, section 9.12.

const (
	// an ordinary transient object
	TPMIDHSavedTransient TPMIDHSaved = 0x80000000
	// a sequence object
	TPMIDHSavedSequence TPMIDHSaved = 0x80000001
	// a transient object with the stClear attribute SET
	TPMIDHSavedTransientClear TPMIDHSaved = 0x80000002
)

Saved Context transient object handles. See definition in Part 2: Structures, section 14.6.2 Context Handle Values come from table 211

type TPMIECCCurve added in v0.9.0

type TPMIECCCurve = TPMECCCurve

TPMIECCCurve represents a TPMI_ECC_CURVE. See definition in Part 2: Structures, section 11.2.5.5.

type TPMIRHAC added in v0.9.0

type TPMIRHAC = TPMHandle

TPMIRHAC represents a TPMI_RH_AC. See definition in Part 2: Structures, section 9.25.

type TPMIRHACT added in v0.9.0

type TPMIRHACT = TPMHandle

TPMIRHACT represents a TPMI_RH_ACT. See definition in Part 2: Structures, section 9.26.

type TPMIRHClear added in v0.9.0

type TPMIRHClear = TPMHandle

TPMIRHClear represents a TPMI_RH_CLEAR. See definition in Part 2: Structures, section 9.21.

type TPMIRHEnables added in v0.9.0

type TPMIRHEnables = TPMHandle

TPMIRHEnables represents a TPMI_RH_ENABLES. See definition in Part 2: Structures, section 9.14.

type TPMIRHEndorsement added in v0.9.0

type TPMIRHEndorsement = TPMHandle

TPMIRHEndorsement represents a TPMI_RH_ENDORSEMENT. See definition in Part 2: Structures, section 9.19.

type TPMIRHHierarchy added in v0.9.0

type TPMIRHHierarchy = TPMHandle

TPMIRHHierarchy represents a TPMI_RH_HIERARCHY. See definition in Part 2: Structures, section 9.13.

type TPMIRHHierarchyAuth added in v0.9.0

type TPMIRHHierarchyAuth = TPMHandle

TPMIRHHierarchyAuth represents a TPMI_RH_HIERARCHY_AUTH. See definition in Part 2: Structures, section 9.15.

type TPMIRHHierarchyPolicy added in v0.9.0

type TPMIRHHierarchyPolicy = TPMHandle

TPMIRHHierarchyPolicy represents a TPMI_RH_HIERARCHY_POLICY. See definition in Part 2: Structures, section 9.16.

type TPMIRHLockout added in v0.9.0

type TPMIRHLockout = TPMHandle

TPMIRHLockout represents a TPMI_RH_LOCKOUT. See definition in Part 2: Structures, section 9.23.

type TPMIRHNVAuth added in v0.9.0

type TPMIRHNVAuth = TPMHandle

TPMIRHNVAuth represents a TPMI_RH_NV_AUTH. See definition in Part 2: Structures, section 9.22.

type TPMIRHNVIndex added in v0.9.0

type TPMIRHNVIndex = TPMHandle

TPMIRHNVIndex represents a TPMI_RH_NV_INDEX. See definition in Part 2: Structures, section 9.24.

type TPMIRHOwner added in v0.9.0

type TPMIRHOwner = TPMHandle

TPMIRHOwner represents a TPMI_RH_OWNER. See definition in Part 2: Structures, section 9.18.

type TPMIRHPlatform added in v0.9.0

type TPMIRHPlatform = TPMHandle

TPMIRHPlatform represents a TPMI_RH_PLATFORM. See definition in Part 2: Structures, section 9.17.

type TPMIRHProvision added in v0.9.0

type TPMIRHProvision = TPMHandle

TPMIRHProvision represents a TPMI_RH_PROVISION. See definition in Part 2: Structures, section 9.20.

type TPMIRSAKeyBits added in v0.9.0

type TPMIRSAKeyBits = TPMKeyBits

TPMIRSAKeyBits represents a TPMI_RSA_KEY_BITS. See definition in Part 2: Structures, section 11.2.4.6.

type TPMISHAuthSession added in v0.9.0

type TPMISHAuthSession = TPMHandle

TPMISHAuthSession represents a TPMI_SH_AUTH_SESSION. See definition in Part 2: Structures, section 9.8.

type TPMISHHMAC added in v0.9.0

type TPMISHHMAC = TPMHandle

TPMISHHMAC represents a TPMI_SH_HMAC. See definition in Part 2: Structures, section 9.9.

type TPMISHPolicy added in v0.9.0

type TPMISHPolicy = TPMHandle

TPMISHPolicy represents a TPMI_SH_POLICY. See definition in Part 2: Structures, section 9.10.

type TPMISTAttest added in v0.9.0

type TPMISTAttest = TPMST

TPMISTAttest represents a TPMI_ST_ATTEST. See definition in Part 2: Structures, section 10.12.10.

type TPMISTCommandTag added in v0.9.0

type TPMISTCommandTag = TPMST

TPMISTCommandTag represents a TPMI_ST_COMMAND_TAG. See definition in Part 2: Structures, section 9.35.

type TPMIYesNo added in v0.9.0

type TPMIYesNo = bool

TPMIYesNo represents a TPMI_YES_NO. See definition in Part 2: Structures, section 9.2. Use native bool for TPMI_YES_NO; encoding/binary already treats this as 8 bits wide.

type TPMKeyBits added in v0.9.0

type TPMKeyBits uint16

TPMKeyBits represents a TPM_KEY_BITS. a key size in bits See definition in Part 2, Structures, section 5.3.

type TPMKeySize added in v0.9.0

type TPMKeySize uint16

TPMKeySize represents a TPM_KEY_SIZE. a key size in octets See definition in Part 2, Structures, section 5.3.

type TPMLACTData added in v0.9.0

type TPMLACTData struct {
	ACTData []TPMSACTData `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLACTData represents a TPML_ACT_DATA. See definition in Part 2: Structures, section 10.9.13.

type TPMLAlg added in v0.9.0

type TPMLAlg struct {
	Algorithms []TPMAlgID `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLAlg represents a TPML_ALG. See definition in Part 2: Structures, section 10.9.3.

type TPMLAlgProperty added in v0.9.0

type TPMLAlgProperty struct {
	AlgProperties []TPMSAlgProperty `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLAlgProperty represents a TPML_ALG_PROPERTY. See definition in Part 2: Structures, section 10.9.8.

type TPMLCC added in v0.9.0

type TPMLCC struct {
	CommandCodes []TPMCC `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLCC represents a TPML_CC. See definition in Part 2: Structures, section 10.9.1.

type TPMLCCA added in v0.9.0

type TPMLCCA struct {
	CommandAttributes []TPMACC `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLCCA represents a TPML_CCA. See definition in Part 2: Structures, section 10.9.2.

type TPMLDigest added in v0.3.0

type TPMLDigest struct {

	// a list of digests
	Digests []TPM2BDigest `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLDigest represents a TPML_DIGEST. See definition in Part 2: Structures, section 10.9.5.

type TPMLDigestValues added in v0.9.0

type TPMLDigestValues struct {

	// a list of tagged digests
	Digests []TPMTHA `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLDigestValues represents a TPML_DIGEST_VALUES. See definition in Part 2: Structures, section 10.9.6.

type TPMLECCCurve added in v0.9.0

type TPMLECCCurve struct {
	ECCCurves []TPMECCCurve `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLECCCurve represents a TPML_ECC_CURVE. See definition in Part 2: Structures, section 10.9.11.

type TPMLHandle added in v0.9.0

type TPMLHandle struct {
	Handle []TPMHandle `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLHandle represents a TPML_HANDLE. See definition in Part 2: Structures, section 10.9.4.

type TPMLPCRSelection added in v0.9.0

type TPMLPCRSelection struct {
	PCRSelections []TPMSPCRSelection `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLPCRSelection represents a TPML_PCR_SELECTION. See definition in Part 2: Structures, section 10.9.7.

type TPMLTaggedPCRProperty added in v0.9.0

type TPMLTaggedPCRProperty struct {
	PCRProperty []TPMSTaggedPCRSelect `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLTaggedPCRProperty represents a TPML_TAGGED_PCR_PROPERTY. See definition in Part 2: Structures, section 10.9.10.

type TPMLTaggedPolicy added in v0.9.0

type TPMLTaggedPolicy struct {
	Policies []TPMSTaggedPolicy `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLTaggedPolicy represents a TPML_TAGGED_POLICY. See definition in Part 2: Structures, section 10.9.12.

type TPMLTaggedTPMProperty added in v0.9.0

type TPMLTaggedTPMProperty struct {
	TPMProperty []TPMSTaggedProperty `gotpm:"list"`
	// contains filtered or unexported fields
}

TPMLTaggedTPMProperty represents a TPML_TAGGED_TPM_PROPERTY. See definition in Part 2: Structures, section 10.9.9.

type TPMModifierIndicator added in v0.9.0

type TPMModifierIndicator uint32

TPMModifierIndicator represents a TPM_MODIFIER_INDICATOR. See definition in Part 2, Structures, section 5.3.

type TPMNT added in v0.9.0

type TPMNT uint8

TPMNT represents a TPM_NT. See definition in Part 2: Structures, section 13.4.

const (
	// contains data that is opaque to the TPM that can only be modified
	// using TPM2_NV_Write().
	TPMNTOrdinary TPMNT = 0x0
	// contains an 8-octet value that is to be used as a counter and can
	// only be modified with TPM2_NV_Increment()
	TPMNTCounter TPMNT = 0x1
	// contains an 8-octet value to be used as a bit field and can only be
	// modified with TPM2_NV_SetBits().
	TPMNTBits TPMNT = 0x2
	// contains a digest-sized value used like a PCR. The Index can only be
	// modified using TPM2_NV_Extend(). The extend will use the nameAlg of
	// the Index.
	TPMNTExtend TPMNT = 0x4
	// contains pinCount that increments on a PIN authorization failure and
	// a pinLimit
	TPMNTPinFail TPMNT = 0x8
	// contains pinCount that increments on a PIN authorization success and
	// a pinLimit
	TPMNTPinPass TPMNT = 0x9
)

TPMNT values come from Part 2: Structures, section 13.2.

type TPMPT added in v0.9.0

type TPMPT uint32

TPMPT represents a TPM_PT. See definition in Part 2: Structures, section 6.13.

const (
	// a 4-octet character string containing the TPM Family value
	// (TPM_SPEC_FAMILY)
	TPMPTFamilyIndicator TPMPT = 0x00000100
	// the level of the specification
	TPMPTLevel TPMPT = 0x00000101
	// the specification Revision times 100
	TPMPTRevision TPMPT = 0x00000102
	// the specification day of year using TCG calendar
	TPMPTDayofYear TPMPT = 0x00000103
	// the specification year using the CE
	TPMPTYear TPMPT = 0x00000104
	// the vendor ID unique to each TPM manufacturer
	TPMPTManufacturer TPMPT = 0x00000105
	// the first four characters of the vendor ID string
	TPMPTVendorString1 TPMPT = 0x00000106
	// the second four characters of the vendor ID string
	TPMPTVendorString2 TPMPT = 0x00000107
	// the third four characters of the vendor ID string
	TPMPTVendorString3 TPMPT = 0x00000108
	// the fourth four characters of the vendor ID sting
	TPMPTVendorString4 TPMPT = 0x00000109
	// vendor-defined value indicating the TPM model
	TPMPTVendorTPMType TPMPT = 0x0000010A
	// the most-significant 32 bits of a TPM vendor-specific value
	// indicating the version number of the firmware.
	TPMPTFirmwareVersion1 TPMPT = 0x0000010B
	// the least-significant 32 bits of a TPM vendor-specific value
	// indicating the version number of the firmware.
	TPMPTFirmwareVersion2 TPMPT = 0x0000010C
	// the maximum size of a parameter TPM2B_MAX_BUFFER)
	TPMPTInputBuffer TPMPT = 0x0000010D
	// the minimum number of transient objects that can be held in TPM RAM
	TPMPTHRTransientMin TPMPT = 0x0000010E
	// the minimum number of persistent objects that can be held in TPM NV
	// memory
	TPMPTHRPersistentMin TPMPT = 0x0000010F
	// the minimum number of authorization sessions that can be held in TPM
	// RAM
	TPMPTHRLoadedMin TPMPT = 0x00000110
	// the number of authorization sessions that may be active at a time
	TPMPTActiveSessionsMax TPMPT = 0x00000111
	// the number of PCR implemented
	TPMPTPCRCount TPMPT = 0x00000112
	// the minimum number of octets in a TPMS_PCR_SELECT.sizeOfSelect
	TPMPTPCRSelectMin TPMPT = 0x00000113
	// the maximum allowed difference (unsigned) between the contextID
	// values of two saved session contexts
	TPMPTContextGapMax TPMPT = 0x00000114
	// the maximum number of NV Indexes that are allowed to have the
	// TPM_NT_COUNTER attribute
	TPMPTNVCountersMax TPMPT = 0x00000116
	// the maximum size of an NV Index data area
	TPMPTNVIndexMax TPMPT = 0x00000117
	// a TPMA_MEMORY indicating the memory management method for the TPM
	TPMPTMemory TPMPT = 0x00000118
	// interval, in milliseconds, between updates to the copy of
	// TPMS_CLOCK_INFO.clock in NV
	TPMPTClockUpdate TPMPT = 0x00000119
	// the algorithm used for the integrity HMAC on saved contexts and for
	// hashing the fuData of TPM2_FirmwareRead()
	TPMPTContextHash TPMPT = 0x0000011A
	// TPM_ALG_ID, the algorithm used for encryption of saved contexts
	TPMPTContextSym TPMPT = 0x0000011B
	// TPM_KEY_BITS, the size of the key used for encryption of saved
	// contexts
	TPMPTContextSymSize TPMPT = 0x0000011C
	// the modulus - 1 of the count for NV update of an orderly counter
	TPMPTOrderlyCount TPMPT = 0x0000011D
	// the maximum value for commandSize in a command
	TPMPTMaxCommandSize TPMPT = 0x0000011E
	// the maximum value for responseSize in a response
	TPMPTMaxResponseSize TPMPT = 0x0000011F
	// the maximum size of a digest that can be produced by the TPM
	TPMPTMaxDigest TPMPT = 0x00000120
	// the maximum size of an object context that will be returned by
	// TPM2_ContextSave
	TPMPTMaxObjectContext TPMPT = 0x00000121
	// the maximum size of a session context that will be returned by
	// TPM2_ContextSave
	TPMPTMaxSessionContext TPMPT = 0x00000122
	// platform-specific family (a TPM_PS value)(see Table 25)
	TPMPTPSFamilyIndicator TPMPT = 0x00000123
	// the level of the platform-specific specification
	TPMPTPSLevel TPMPT = 0x00000124
	// a platform specific value
	TPMPTPSRevision TPMPT = 0x00000125
	// the platform-specific TPM specification day of year using TCG
	// calendar
	TPMPTPSDayOfYear TPMPT = 0x00000126
	// the platform-specific TPM specification year using the CE
	TPMPTPSYear TPMPT = 0x00000127
	// the number of split signing operations supported by the TPM
	TPMPTSplitMax TPMPT = 0x00000128
	// total number of commands implemented in the TPM
	TPMPTTotalCommands TPMPT = 0x00000129
	// number of commands from the TPM library that are implemented
	TPMPTLibraryCommands TPMPT = 0x0000012A
	// number of vendor commands that are implemented
	TPMPTVendorCommands TPMPT = 0x0000012B
	// the maximum data size in one NV write, NV read, NV extend, or NV
	// certify command
	TPMPTNVBufferMax TPMPT = 0x0000012C
	// a TPMA_MODES value, indicating that the TPM is designed for these
	// modes.
	TPMPTModes TPMPT = 0x0000012D
	// the maximum size of a TPMS_CAPABILITY_DATA structure returned in
	// TPM2_GetCapability().
	TPMPTMaxCapBuffer TPMPT = 0x0000012E
	// TPMA_PERMANENT
	TPMPTPermanent TPMPT = 0x00000200
	// TPMA_STARTUP_CLEAR
	TPMPTStartupClear TPMPT = 0x00000201
	// the number of NV Indexes currently defined
	TPMPTHRNVIndex TPMPT = 0x00000202
	// the number of authorization sessions currently loaded into TPM RAM
	TPMPTHRLoaded TPMPT = 0x00000203
	// the number of additional authorization sessions, of any type, that
	// could be loaded into TPM RAM
	TPMPTHRLoadedAvail TPMPT = 0x00000204
	// the number of active authorization sessions currently being tracked
	// by the TPM
	TPMPTHRActive TPMPT = 0x00000205
	// the number of additional authorization sessions, of any type, that
	// could be created
	TPMPTHRActiveAvail TPMPT = 0x00000206
	// estimate of the number of additional transient objects that could be
	// loaded into TPM RAM
	TPMPTHRTransientAvail TPMPT = 0x00000207
	// the number of persistent objects currently loaded into TPM NV memory
	TPMPTHRPersistent TPMPT = 0x00000208
	// the number of additional persistent objects that could be loaded into
	// NV memory
	TPMPTHRPersistentAvail TPMPT = 0x00000209
	// the number of defined NV Indexes that have NV the TPM_NT_COUNTER
	// attribute
	TPMPTNVCounters TPMPT = 0x0000020A
	// the number of additional NV Indexes that can be defined with their
	// TPM_NT of TPM_NV_COUNTER and the TPMA_NV_ORDERLY attribute SET
	TPMPTNVCountersAvail TPMPT = 0x0000020B
	// code that limits the algorithms that may be used with the TPM
	TPMPTAlgorithmSet TPMPT = 0x0000020C
	// the number of loaded ECC curves
	TPMPTLoadedCurves TPMPT = 0x0000020D
	// the current value of the lockout counter (failedTries)
	TPMPTLockoutCounter TPMPT = 0x0000020E
	// the number of authorization failures before DA lockout is invoked
	TPMPTMaxAuthFail TPMPT = 0x0000020F
	// the number of seconds before the value reported by
	// TPM_PT_LOCKOUT_COUNTER is decremented
	TPMPTLockoutInterval TPMPT = 0x00000210
	// the number of seconds after a lockoutAuth failure before use of
	// lockoutAuth may be attempted again
	TPMPTLockoutRecovery TPMPT = 0x00000211
	// number of milliseconds before the TPM will accept another command
	// that will modify NV
	TPMPTNVWriteRecovery TPMPT = 0x00000212
	// the high-order 32 bits of the command audit counter
	TPMPTAuditCounter0 TPMPT = 0x00000213
	// the low-order 32 bits of the command audit counter
	TPMPTAuditCounter1 TPMPT = 0x00000214
)

TPMPT values come from Part 2: Structures, section 6.13.

type TPMPTPCR added in v0.9.0

type TPMPTPCR uint32

TPMPTPCR represents a TPM_PT_PCR. See definition in Part 2: Structures, section 6.14.

const (
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR is saved and
	// restored by TPM_SU_STATE
	TPMPTPCRSave TPMPTPCR = 0x00000000
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be
	// extended from locality 0
	TPMPTPCRExtendL0 TPMPTPCR = 0x00000001
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset
	// by TPM2_PCR_Reset() from locality 0
	TPMPTPCRResetL0 TPMPTPCR = 0x00000002
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be
	// extended from locality 1
	TPMPTPCRExtendL1 TPMPTPCR = 0x00000003
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset
	// by TPM2_PCR_Reset() from locality 1
	TPMPTPCRResetL1 TPMPTPCR = 0x00000004
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be
	// extended from locality 2
	TPMPTPCRExtendL2 TPMPTPCR = 0x00000005
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset
	// by TPM2_PCR_Reset() from locality 2
	TPMPTPCRResetL2 TPMPTPCR = 0x00000006
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be
	// extended from locality 3
	TPMPTPCRExtendL3 TPMPTPCR = 0x00000007
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset
	// by TPM2_PCR_Reset() from locality 3
	TPMPTPCRResetL3 TPMPTPCR = 0x00000008
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be
	// extended from locality 4
	TPMPTPCRExtendL4 TPMPTPCR = 0x00000009
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset
	// by TPM2_PCR_Reset() from locality 4
	TPMPTPCRResetL4 TPMPTPCR = 0x0000000A
	// a SET bit in the TPMS_PCR_SELECT indicates that modifications to this
	// PCR (reset or Extend) will not increment the pcrUpdateCounter
	TPMPTPCRNoIncrement TPMPTPCR = 0x00000011
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR is reset by a
	// D-RTM event
	TPMPTPCRDRTMRest TPMPTPCR = 0x00000012
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled
	// by policy
	TPMPTPCRPolicy TPMPTPCR = 0x00000013
	// a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled
	// by an authorization value
	TPMPTPCRAuth TPMPTPCR = 0x00000014
)

TPMPTPCR values come from Part 2: Structures, section 6.14.

type TPMParameterSize added in v0.9.0

type TPMParameterSize uint32

TPMParameterSize represents a TPM_PARAMETER_SIZE. the parameterSize parameter in a command See definition in Part 2, Structures, section 5.3.

type TPMRC added in v0.9.0

type TPMRC uint32

TPMRC represents a TPM_RC. See definition in Part 2: Structures, section 6.6.

const (
	TPMRCSuccess TPMRC = 0x00000000
	// FMT0 error codes
	TPMRCInitialize      TPMRC = rcVer1 + 0x000
	TPMRCFailure         TPMRC = rcVer1 + 0x001
	TPMRCSequence        TPMRC = rcVer1 + 0x003
	TPMRCPrivate         TPMRC = rcVer1 + 0x00B
	TPMRCHMAC            TPMRC = rcVer1 + 0x019
	TPMRCDisabled        TPMRC = rcVer1 + 0x020
	TPMRCExclusive       TPMRC = rcVer1 + 0x021
	TPMRCAuthType        TPMRC = rcVer1 + 0x024
	TPMRCAuthMissing     TPMRC = rcVer1 + 0x025
	TPMRCPolicy          TPMRC = rcVer1 + 0x026
	TPMRCPCR             TPMRC = rcVer1 + 0x027
	TPMRCPCRChanged      TPMRC = rcVer1 + 0x028
	TPMRCUpgrade         TPMRC = rcVer1 + 0x02D
	TPMRCTooManyContexts TPMRC = rcVer1 + 0x02E
	TPMRCAuthUnavailable TPMRC = rcVer1 + 0x02F
	TPMRCReboot          TPMRC = rcVer1 + 0x030
	TPMRCUnbalanced      TPMRC = rcVer1 + 0x031
	TPMRCCommandSize     TPMRC = rcVer1 + 0x042
	TPMRCCommandCode     TPMRC = rcVer1 + 0x043
	TPMRCAuthSize        TPMRC = rcVer1 + 0x044
	TPMRCAuthContext     TPMRC = rcVer1 + 0x045
	TPMRCNVRange         TPMRC = rcVer1 + 0x046
	TPMRCNVSize          TPMRC = rcVer1 + 0x047
	TPMRCNVLocked        TPMRC = rcVer1 + 0x048
	TPMRCNVAuthorization TPMRC = rcVer1 + 0x049
	TPMRCNVUninitialized TPMRC = rcVer1 + 0x04A
	TPMRCNVSpace         TPMRC = rcVer1 + 0x04B
	TPMRCNVDefined       TPMRC = rcVer1 + 0x04C
	TPMRCBadContext      TPMRC = rcVer1 + 0x050
	TPMRCCPHash          TPMRC = rcVer1 + 0x051
	TPMRCParent          TPMRC = rcVer1 + 0x052
	TPMRCNeedsTest       TPMRC = rcVer1 + 0x053
	TPMRCNoResult        TPMRC = rcVer1 + 0x054
	TPMRCSensitive       TPMRC = rcVer1 + 0x055
	// FMT1 error codes
	TPMRCAsymmetric   TPMRC = rcFmt1 + 0x001
	TPMRCAttributes   TPMRC = rcFmt1 + 0x002
	TPMRCHash         TPMRC = rcFmt1 + 0x003
	TPMRCValue        TPMRC = rcFmt1 + 0x004
	TPMRCHierarchy    TPMRC = rcFmt1 + 0x005
	TPMRCKeySize      TPMRC = rcFmt1 + 0x007
	TPMRCMGF          TPMRC = rcFmt1 + 0x008
	TPMRCMode         TPMRC = rcFmt1 + 0x009
	TPMRCType         TPMRC = rcFmt1 + 0x00A
	TPMRCHandle       TPMRC = rcFmt1 + 0x00B
	TPMRCKDF          TPMRC = rcFmt1 + 0x00C
	TPMRCRange        TPMRC = rcFmt1 + 0x00D
	TPMRCAuthFail     TPMRC = rcFmt1 + 0x00E
	TPMRCNonce        TPMRC = rcFmt1 + 0x00F
	TPMRCPP           TPMRC = rcFmt1 + 0x010
	TPMRCScheme       TPMRC = rcFmt1 + 0x012
	TPMRCSize         TPMRC = rcFmt1 + 0x015
	TPMRCSymmetric    TPMRC = rcFmt1 + 0x016
	TPMRCTag          TPMRC = rcFmt1 + 0x017
	TPMRCSelector     TPMRC = rcFmt1 + 0x018
	TPMRCInsufficient TPMRC = rcFmt1 + 0x01A
	TPMRCSignature    TPMRC = rcFmt1 + 0x01B
	TPMRCKey          TPMRC = rcFmt1 + 0x01C
	TPMRCPolicyFail   TPMRC = rcFmt1 + 0x01D
	TPMRCIntegrity    TPMRC = rcFmt1 + 0x01F
	TPMRCTicket       TPMRC = rcFmt1 + 0x020
	TPMRCReservedBits TPMRC = rcFmt1 + 0x021
	TPMRCBadAuth      TPMRC = rcFmt1 + 0x022
	TPMRCExpired      TPMRC = rcFmt1 + 0x023
	TPMRCPolicyCC     TPMRC = rcFmt1 + 0x024
	TPMRCBinding      TPMRC = rcFmt1 + 0x025
	TPMRCCurve        TPMRC = rcFmt1 + 0x026
	TPMRCECCPoint     TPMRC = rcFmt1 + 0x027
	// Warnings
	TPMRCContextGap     TPMRC = rcWarn + 0x001
	TPMRCObjectMemory   TPMRC = rcWarn + 0x002
	TPMRCSessionMemory  TPMRC = rcWarn + 0x003
	TPMRCMemory         TPMRC = rcWarn + 0x004
	TPMRCSessionHandles TPMRC = rcWarn + 0x005
	TPMRCObjectHandles  TPMRC = rcWarn + 0x006
	TPMRCLocality       TPMRC = rcWarn + 0x007
	TPMRCYielded        TPMRC = rcWarn + 0x008
	TPMRCCanceled       TPMRC = rcWarn + 0x009
	TPMRCTesting        TPMRC = rcWarn + 0x00A
	TPMRCReferenceH0    TPMRC = rcWarn + 0x010
	TPMRCReferenceH1    TPMRC = rcWarn + 0x011
	TPMRCReferenceH2    TPMRC = rcWarn + 0x012
	TPMRCReferenceH3    TPMRC = rcWarn + 0x013
	TPMRCReferenceH4    TPMRC = rcWarn + 0x014
	TPMRCReferenceH5    TPMRC = rcWarn + 0x015
	TPMRCReferenceH6    TPMRC = rcWarn + 0x016
	TPMRCReferenceS0    TPMRC = rcWarn + 0x018
	TPMRCReferenceS1    TPMRC = rcWarn + 0x019
	TPMRCReferenceS2    TPMRC = rcWarn + 0x01A
	TPMRCReferenceS3    TPMRC = rcWarn + 0x01B
	TPMRCReferenceS4    TPMRC = rcWarn + 0x01C
	TPMRCReferenceS5    TPMRC = rcWarn + 0x01D
	TPMRCReferenceS6    TPMRC = rcWarn + 0x01E
	TPMRCNVRate         TPMRC = rcWarn + 0x020
	TPMRCLockout        TPMRC = rcWarn + 0x021
	TPMRCRetry          TPMRC = rcWarn + 0x022
	TPMRCNVUnavailable  TPMRC = rcWarn + 0x023
)

TPMRC values come from Part 2: Structures, section 6.6.3.

func (TPMRC) As added in v0.9.0

func (r TPMRC) As(target interface{}) bool

As returns whether the error can be assigned to the given interface type. If supported, it updates the value pointed at by target. Supports the Fmt1Error type.

func (TPMRC) Error added in v0.9.0

func (r TPMRC) Error() string

Error produces a nice human-readable representation of the error, parsing TPM FMT1 errors as needed.

func (TPMRC) Is added in v0.9.0

func (r TPMRC) Is(target error) bool

Is returns whether the TPMRC (which may be a FMT1 error) is equal to the given canonical error.

func (TPMRC) IsWarning added in v0.9.0

func (r TPMRC) IsWarning() bool

IsWarning returns true if the error is a warning code. This usually indicates a problem with the TPM state, and not the command. Retrying the command later may succeed.

type TPMRspHeader added in v0.9.0

type TPMRspHeader struct {
	Tag          TPMISTCommandTag
	Length       uint32
	ResponseCode TPMRC
	// contains filtered or unexported fields
}

TPMRspHeader is the header structure in front of any TPM response. It is described in Part 1, Architecture.

type TPMSACTData added in v0.9.0

type TPMSACTData struct {

	// a permanent handle
	Handle TPMHandle
	// the current timeout of the ACT
	Timeout uint32
	// the state of the ACT
	Attributes TPMAACT
	// contains filtered or unexported fields
}

TPMSACTData represents a TPMS_ACT_DATA. See definition in Part 2: Structures, section 10.8.5.

type TPMSAlgProperty added in v0.9.0

type TPMSAlgProperty struct {

	// an algorithm identifier
	Alg TPMAlgID
	// the attributes of the algorithm
	AlgProperties TPMAAlgorithm
	// contains filtered or unexported fields
}

TPMSAlgProperty represents a TPMS_ALG_PROPERTY. See definition in Part 2: Structures, section 10.8.1.

type TPMSAttest added in v0.9.0

type TPMSAttest struct {

	// the indication that this structure was created by a TPM (always TPM_GENERATED_VALUE)
	Magic TPMGenerated `gotpm:"check"`
	// type of the attestation structure
	Type TPMISTAttest
	// Qualified Name of the signing key
	QualifiedSigner TPM2BName
	// external information supplied by caller
	ExtraData TPM2BData
	// Clock, resetCount, restartCount, and Safe
	ClockInfo TPMSClockInfo
	// TPM-vendor-specific value identifying the version number of the firmware
	FirmwareVersion uint64
	// the type-specific attestation information
	Attested TPMUAttest `gotpm:"tag=Type"`
	// contains filtered or unexported fields
}

TPMSAttest represents a TPMS_ATTEST. See definition in Part 2: Structures, section 10.12.12.

type TPMSAuthCommand added in v0.9.0

type TPMSAuthCommand struct {
	Handle        TPMISHAuthSession
	Nonce         TPM2BNonce
	Attributes    TPMASession
	Authorization TPM2BData
	// contains filtered or unexported fields
}

TPMSAuthCommand represents a TPMS_AUTH_COMMAND. See definition in Part 2: Structures, section 10.13.2.

type TPMSAuthResponse added in v0.9.0

type TPMSAuthResponse struct {
	Nonce         TPM2BNonce
	Attributes    TPMASession
	Authorization TPM2BData
	// contains filtered or unexported fields
}

TPMSAuthResponse represents a TPMS_AUTH_RESPONSE. See definition in Part 2: Structures, section 10.13.3.

type TPMSCapabilityData added in v0.9.0

type TPMSCapabilityData struct {

	// the capability
	Capability TPMCap
	// the capability data
	Data TPMUCapabilities `gotpm:"tag=Capability"`
	// contains filtered or unexported fields
}

TPMSCapabilityData represents a TPMS_CAPABILITY_DATA. See definition in Part 2: Structures, section 10.10.2.

type TPMSCertifyInfo added in v0.9.0

type TPMSCertifyInfo struct {

	// Name of the certified object
	Name TPM2BName
	// Qualified Name of the certified object
	QualifiedName TPM2BName
	// contains filtered or unexported fields
}

TPMSCertifyInfo represents a TPMS_CERTIFY_INFO. See definition in Part 2: Structures, section 10.12.3.

type TPMSClockInfo added in v0.9.0

type TPMSClockInfo struct {

	// time value in milliseconds that advances while the TPM is powered
	Clock uint64
	// number of occurrences of TPM Reset since the last TPM2_Clear()
	ResetCount uint32
	// number of times that TPM2_Shutdown() or _TPM_Hash_Start have
	// occurred since the last TPM Reset or TPM2_Clear().
	RestartCount uint32
	// no value of Clock greater than the current value of Clock has been
	// previously reported by the TPM. Set to YES on TPM2_Clear().
	Safe TPMIYesNo
	// contains filtered or unexported fields
}

TPMSClockInfo represents a TPMS_CLOCK_INFO. See definition in Part 2: Structures, section 10.11.1.

type TPMSCommandAuditInfo added in v0.9.0

type TPMSCommandAuditInfo struct {

	// the monotonic audit counter
	AuditCounter uint64
	// hash algorithm used for the command audit
	DigestAlg TPMAlgID
	// the current value of the audit digest
	AuditDigest TPM2BDigest
	// digest of the command codes being audited using digestAlg
	CommandDigest TPM2BDigest
	// contains filtered or unexported fields
}

TPMSCommandAuditInfo represents a TPMS_COMMAND_AUDIT_INFO. See definition in Part 2: Structures, section 10.12.5.

type TPMSContext added in v0.9.0

type TPMSContext struct {

	// the sequence number of the context
	Sequence uint64
	// a handle indicating if the context is a session, object, or sequence object
	SavedHandle TPMIDHSaved
	// the hierarchy of the context
	Hierarchy TPMIRHHierarchy
	// the context data and integrity HMAC
	ContextBlob TPM2BContextData
	// contains filtered or unexported fields
}

TPMSContext represents a TPMS_CONTEXT See definition in Part 2: Structures, section 14.5.

type TPMSContextData added in v0.9.0

type TPMSContextData struct {

	// the integrity value
	Integrity TPM2BDigest
	// the sensitive area
	Encrypted TPM2BContextSensitive
	// contains filtered or unexported fields
}

TPMSContextData represents a TPMS_CONTEXT_DATA See definition in Part 2: Structures, section 14.3.

type TPMSCreationData added in v0.9.0

type TPMSCreationData struct {

	// list indicating the PCR included in pcrDigest
	PCRSelect TPMLPCRSelection
	// digest of the selected PCR using nameAlg of the object for which
	// this structure is being created
	PCRDigest TPM2BDigest
	// the locality at which the object was created
	Locality TPMALocality
	// nameAlg of the parent
	ParentNameAlg TPMAlgID
	// Name of the parent at time of creation
	ParentName TPM2BName
	// Qualified Name of the parent at the time of creation
	ParentQualifiedName TPM2BName
	// association with additional information added by the key
	OutsideInfo TPM2BData
	// contains filtered or unexported fields
}

TPMSCreationData represents a TPMS_CREATION_DATA. See definition in Part 2: Structures, section 15.1.

type TPMSCreationInfo added in v0.9.0

type TPMSCreationInfo struct {

	// Name of the object
	ObjectName TPM2BName
	// creationHash
	CreationHash TPM2BDigest
	// contains filtered or unexported fields
}

TPMSCreationInfo represents a TPMS_CREATION_INFO. See definition in Part 2: Structures, section 10.12.7.

type TPMSDerive added in v0.9.0

type TPMSDerive struct {
	Label   TPM2BLabel
	Context TPM2BLabel
	// contains filtered or unexported fields
}

TPMSDerive represents a TPMS_DERIVE. See definition in Part 2: Structures, section 11.1.11.

type TPMSE added in v0.9.0

type TPMSE uint8

TPMSE represents a TPM_SE. See definition in Part 2: Structures, section 6.11.

const (
	TPMSEHMAC   TPMSE = 0x00
	TPMSEPolicy TPMSE = 0x01
	TPMSETrial  TPMSE = 0x03
)

TPMSE values come from Part 2: Structures, section 6.11.

type TPMSECCParms added in v0.9.0

type TPMSECCParms struct {

	// for a restricted decryption key, shall be set to a supported
	// symmetric algorithm, key size. and mode.
	// if the key is not a restricted decryption key, this field shall
	// be set to TPM_ALG_NULL.
	Symmetric TPMTSymDefObject
	// If the sign attribute of the key is SET, then this shall be a
	// valid signing scheme.
	Scheme TPMTECCScheme
	// ECC curve ID
	CurveID TPMIECCCurve
	// an optional key derivation scheme for generating a symmetric key
	// from a Z value
	// If the kdf parameter associated with curveID is not TPM_ALG_NULL
	// then this is required to be NULL.
	KDF TPMTKDFScheme
	// contains filtered or unexported fields
}

TPMSECCParms represents a TPMS_ECC_PARMS. See definition in Part 2: Structures, section 12.2.3.6.

type TPMSECCPoint added in v0.9.0

type TPMSECCPoint struct {

	// X coordinate
	X TPM2BECCParameter
	// Y coordinate
	Y TPM2BECCParameter
	// contains filtered or unexported fields
}

TPMSECCPoint represents a TPMS_ECC_POINT. See definition in Part 2: Structures, section 11.2.5.2.

type TPMSEmpty added in v0.9.0

type TPMSEmpty struct {
	// contains filtered or unexported fields
}

TPMSEmpty represents a TPMS_EMPTY. See definition in Part 2: Structures, section 10.1.

type TPMSEncSchemeOAEP added in v0.9.0

type TPMSEncSchemeOAEP TPMSSchemeHash

TPMSEncSchemeOAEP represents a TPMS_ENC_SCHEME_OAEP. See definition in Part 2: Structures, section 11.2.2.2.

type TPMSEncSchemeRSAES added in v0.9.0

type TPMSEncSchemeRSAES TPMSEmpty

TPMSEncSchemeRSAES represents a TPMS_ENC_SCHEME_RSAES. See definition in Part 2: Structures, section 11.2.2.2.

type TPMSKDFSchemeECDH added in v0.9.0

type TPMSKDFSchemeECDH TPMSSchemeHash

TPMSKDFSchemeECDH represents a TPMS_KDF_SCHEME_ECDH. See definition in Part 2: Structures, section 11.2.3.1.

type TPMSKDFSchemeKDF1SP800108 added in v0.9.0

type TPMSKDFSchemeKDF1SP800108 TPMSSchemeHash

TPMSKDFSchemeKDF1SP800108 represents a TPMS_KDF_SCHEME_KDF1SP800108. See definition in Part 2: Structures, section 11.2.3.1.

type TPMSKDFSchemeKDF1SP80056A added in v0.9.0

type TPMSKDFSchemeKDF1SP80056A TPMSSchemeHash

TPMSKDFSchemeKDF1SP80056A represents a TPMS_KDF_SCHEME_KDF1SP80056A. See definition in Part 2: Structures, section 11.2.3.1.

type TPMSKDFSchemeKDF2 added in v0.9.0

type TPMSKDFSchemeKDF2 TPMSSchemeHash

TPMSKDFSchemeKDF2 represents a TPMS_KDF_SCHEME_KDF2. See definition in Part 2: Structures, section 11.2.3.1.

type TPMSKDFSchemeMGF1 added in v0.9.0

type TPMSKDFSchemeMGF1 TPMSSchemeHash

TPMSKDFSchemeMGF1 represents a TPMS_KDF_SCHEME_MGF1. See definition in Part 2: Structures, section 11.2.3.1.

type TPMSKeySchemeECDH added in v0.9.0

type TPMSKeySchemeECDH TPMSSchemeHash

TPMSKeySchemeECDH represents a TPMS_KEY_SCHEME_ECDH. See definition in Part 2: Structures, section 11.2.2.3.

type TPMSKeyedHashParms added in v0.9.0

type TPMSKeyedHashParms struct {

	// Indicates the signing method used for a keyedHash signing
	// object. This field also determines the size of the data field
	// for a data object created with TPM2_Create() or
	// TPM2_CreatePrimary().
	Scheme TPMTKeyedHashScheme
	// contains filtered or unexported fields
}

TPMSKeyedHashParms represents a TPMS_KEYEDHASH_PARMS. See definition in Part 2: Structures, section 12.2.3.3.

type TPMSNVCertifyInfo added in v0.9.0

type TPMSNVCertifyInfo struct {

	// Name of the NV Index
	IndexName TPM2BName
	// the offset parameter of TPM2_NV_Certify()
	Offset uint16
	// contents of the NV Index
	NVContents TPM2BData
	// contains filtered or unexported fields
}

TPMSNVCertifyInfo represents a TPMS_NV_CERTIFY_INFO. See definition in Part 2: Structures, section 10.12.8.

type TPMSNVDigestCertifyInfo added in v0.9.0

type TPMSNVDigestCertifyInfo struct {

	// Name of the NV Index
	IndexName TPM2BName
	// hash of the contents of the index
	NVDigest TPM2BDigest
	// contains filtered or unexported fields
}

TPMSNVDigestCertifyInfo represents a TPMS_NV_DIGEST_CERTIFY_INFO. See definition in Part 2: Structures, section 10.12.9.

type TPMSNVPublic added in v0.9.0

type TPMSNVPublic struct {

	// the handle of the data area
	NVIndex TPMIRHNVIndex
	// hash algorithm used to compute the name of the Index and used for
	// the authPolicy. For an extend index, the hash algorithm used for the
	// extend.
	NameAlg TPMIAlgHash
	// the Index attributes
	Attributes TPMANV
	// optional access policy for the Index
	AuthPolicy TPM2BDigest
	// the size of the data area
	DataSize uint16
	// contains filtered or unexported fields
}

TPMSNVPublic represents a TPMS_NV_PUBLIC. See definition in Part 2: Structures, section 13.5.

type TPMSPCRSelection added in v0.9.0

type TPMSPCRSelection struct {
	Hash      TPMIAlgHash
	PCRSelect []byte `gotpm:"sized8"`
	// contains filtered or unexported fields
}

TPMSPCRSelection represents a TPMS_PCR_SELECTION. See definition in Part 2: Structures, section 10.6.2.

type TPMSQuoteInfo added in v0.9.0

type TPMSQuoteInfo struct {

	// information on algID, PCR selected and digest
	PCRSelect TPMLPCRSelection
	// digest of the selected PCR using the hash of the signing key
	PCRDigest TPM2BDigest
	// contains filtered or unexported fields
}

TPMSQuoteInfo represents a TPMS_QUOTE_INFO. See definition in Part 2: Structures, section 10.12.4.

type TPMSRSAParms added in v0.9.0

type TPMSRSAParms struct {

	// for a restricted decryption key, shall be set to a supported
	// symmetric algorithm, key size, and mode.
	// if the key is not a restricted decryption key, this field shall
	// be set to TPM_ALG_NULL.
	Symmetric TPMTSymDefObject
	// scheme.scheme shall be:
	// for an unrestricted signing key, either TPM_ALG_RSAPSS
	// TPM_ALG_RSASSA or TPM_ALG_NULL
	// for a restricted signing key, either TPM_ALG_RSAPSS or
	// TPM_ALG_RSASSA
	// for an unrestricted decryption key, TPM_ALG_RSAES, TPM_ALG_OAEP,
	// or TPM_ALG_NULL unless the object also has the sign attribute
	// for a restricted decryption key, TPM_ALG_NULL
	Scheme TPMTRSAScheme
	// number of bits in the public modulus
	KeyBits TPMIRSAKeyBits
	// the public exponent
	// A prime number greater than 2.
	Exponent uint32
	// contains filtered or unexported fields
}

TPMSRSAParms represents a TPMS_RSA_PARMS. See definition in Part 2: Structures, section 12.2.3.5.

type TPMSSchemeECDAA added in v0.9.0

type TPMSSchemeECDAA struct {

	// the hash algorithm used to digest the message
	HashAlg TPMIAlgHash
	// the counter value that is used between TPM2_Commit()
	// and the sign operation
	Count uint16
	// contains filtered or unexported fields
}

TPMSSchemeECDAA represents a TPMS_SCHEME_ECDAA. See definition in Part 2: Structures, section 11.1.18.

type TPMSSchemeHMAC added in v0.9.0

type TPMSSchemeHMAC TPMSSchemeHash

TPMSSchemeHMAC represents a TPMS_SCHEME_HMAC. See definition in Part 2: Structures, section 11.1.20.

type TPMSSchemeHash added in v0.9.0

type TPMSSchemeHash struct {

	// the hash algorithm used to digest the message
	HashAlg TPMIAlgHash
	// contains filtered or unexported fields
}

TPMSSchemeHash represents a TPMS_SCHEME_HASH. See definition in Part 2: Structures, section 11.1.17.

type TPMSSchemeXOR added in v0.9.0

type TPMSSchemeXOR struct {

	// the hash algorithm used to digest the message
	HashAlg TPMIAlgHash
	// the key derivation function
	KDF TPMIAlgKDF
	// contains filtered or unexported fields
}

TPMSSchemeXOR represents a TPMS_SCHEME_XOR. See definition in Part 2: Structures, section 11.1.21.

type TPMSSensitiveCreate added in v0.9.0

type TPMSSensitiveCreate struct {

	// the USER auth secret value.
	UserAuth TPM2BAuth
	// data to be sealed, a key, or derivation values.
	Data TPMUSensitiveCreate
	// contains filtered or unexported fields
}

TPMSSensitiveCreate represents a TPMS_SENSITIVE_CREATE. See definition in Part 2: Structures, section 11.1.15.

type TPMSSessionAuditInfo added in v0.9.0

type TPMSSessionAuditInfo struct {

	// current exclusive status of the session
	ExclusiveSession TPMIYesNo
	// the current value of the session audit digest
	SessionDigest TPM2BDigest
	// contains filtered or unexported fields
}

TPMSSessionAuditInfo represents a TPMS_SESSION_AUDIT_INFO. See definition in Part 2: Structures, section 10.12.6.

type TPMSSigSchemeECDSA added in v0.9.0

type TPMSSigSchemeECDSA TPMSSchemeHash

TPMSSigSchemeECDSA represents a TPMS_SIG_SCHEME_ECDSA. See definition in Part 2: Structures, section 11.2.1.3.

type TPMSSigSchemeRSAPSS added in v0.9.0

type TPMSSigSchemeRSAPSS TPMSSchemeHash

TPMSSigSchemeRSAPSS represents a TPMS_SIG_SCHEME_RSAPSS. See definition in Part 2: Structures, section 11.2.1.2.

type TPMSSigSchemeRSASSA added in v0.9.0

type TPMSSigSchemeRSASSA TPMSSchemeHash

TPMSSigSchemeRSASSA represents a TPMS_SIG_SCHEME_RSASSA. See definition in Part 2: Structures, section 11.2.1.2.

type TPMSSignatureECC added in v0.9.0

type TPMSSignatureECC struct {

	// the hash algorithm used in the signature process
	Hash       TPMIAlgHash
	SignatureR TPM2BECCParameter
	SignatureS TPM2BECCParameter
	// contains filtered or unexported fields
}

TPMSSignatureECC represents a TPMS_SIGNATURE_ECC. See definition in Part 2: Structures, section 11.3.2.

type TPMSSignatureRSA added in v0.9.0

type TPMSSignatureRSA struct {

	// the hash algorithm used to digest the message
	Hash TPMIAlgHash
	// The signature is the size of a public key.
	Sig TPM2BPublicKeyRSA
	// contains filtered or unexported fields
}

TPMSSignatureRSA represents a TPMS_SIGNATURE_RSA. See definition in Part 2: Structures, section 11.3.1.

type TPMSSymCipherParms added in v0.9.0

type TPMSSymCipherParms struct {

	// a symmetric block cipher
	Sym TPMTSymDefObject
	// contains filtered or unexported fields
}

TPMSSymCipherParms represents a TPMS_SYMCIPHER_PARMS. See definition in Part 2: Structures, section 11.1.9.

type TPMST added in v0.9.0

type TPMST uint16

TPMST represents a TPM_ST. See definition in Part 2: Structures, section 6.9.

const (
	TPMSTRspCommand         TPMST = 0x00C4
	TPMSTNull               TPMST = 0x8000
	TPMSTNoSessions         TPMST = 0x8001
	TPMSTSessions           TPMST = 0x8002
	TPMSTAttestNV           TPMST = 0x8014
	TPMSTAttestCommandAudit TPMST = 0x8015
	TPMSTAttestSessionAudit TPMST = 0x8016
	TPMSTAttestCertify      TPMST = 0x8017
	TPMSTAttestQuote        TPMST = 0x8018
	TPMSTAttestTime         TPMST = 0x8019
	TPMSTAttestCreation     TPMST = 0x801A
	TPMSTAttestNVDigest     TPMST = 0x801C
	TPMSTCreation           TPMST = 0x8021
	TPMSTVerified           TPMST = 0x8022
	TPMSTAuthSecret         TPMST = 0x8023
	TPMSTHashCheck          TPMST = 0x8024
	TPMSTAuthSigned         TPMST = 0x8025
	TPMSTFuManifest         TPMST = 0x8029
)

TPMST values come from Part 2: Structures, section 6.9.

type TPMSTaggedPCRSelect added in v0.9.0

type TPMSTaggedPCRSelect struct {

	// the property identifier
	Tag TPMPTPCR
	// the bit map of PCR with the identified property
	PCRSelect []byte `gotpm:"sized8"`
	// contains filtered or unexported fields
}

TPMSTaggedPCRSelect represents a TPMS_TAGGED_PCR_SELECT. See definition in Part 2: Structures, section 10.8.3.

type TPMSTaggedPolicy added in v0.9.0

type TPMSTaggedPolicy struct {

	// a permanent handle
	Handle TPMHandle
	// the policy algorithm and hash
	PolicyHash TPMTHA
	// contains filtered or unexported fields
}

TPMSTaggedPolicy represents a TPMS_TAGGED_POLICY. See definition in Part 2: Structures, section 10.8.4.

type TPMSTaggedProperty added in v0.9.0

type TPMSTaggedProperty struct {

	// a property identifier
	Property TPMPT
	// the value of the property
	Value uint32
	// contains filtered or unexported fields
}

TPMSTaggedProperty represents a TPMS_TAGGED_PROPERTY. See definition in Part 2: Structures, section 10.8.2.

type TPMSTimeAttestInfo added in v0.9.0

type TPMSTimeAttestInfo struct {

	// the Time, Clock, resetCount, restartCount, and Safe indicator
	Time TPMSTimeInfo
	// a TPM vendor-specific value indicating the version number of the firmware
	FirmwareVersion uint64
	// contains filtered or unexported fields
}

TPMSTimeAttestInfo represents a TPMS_TIME_ATTEST_INFO. See definition in Part 2: Structures, section 10.12.2.

type TPMSTimeInfo added in v0.9.0

type TPMSTimeInfo struct {

	// time in milliseconds since the TIme circuit was last reset
	Time uint64
	// a structure containing the clock information
	ClockInfo TPMSClockInfo
	// contains filtered or unexported fields
}

TPMSTimeInfo represents a TPMS_TIMEzINFO. See definition in Part 2: Structures, section 10.11.6.

type TPMSU added in v0.9.0

type TPMSU uint16

TPMSU represents a TPM_SU. See definition in Part 2: Structures, section 6.10.

const (
	TPMSUClear TPMSU = 0x0000
	TPMSUState TPMSU = 0x0001
)

TPMSU values come from Part 2: Structures, section 6.10.

type TPMTECCScheme added in v0.9.0

type TPMTECCScheme struct {

	// scheme selector
	Scheme TPMIAlgECCScheme `gotpm:"nullable"`
	// scheme parameters
	Details TPMUAsymScheme `gotpm:"tag=Scheme"`
	// contains filtered or unexported fields
}

TPMTECCScheme represents a TPMT_ECC_SCHEME. See definition in Part 2: Structures, section 11.2.5.6.

type TPMTHA added in v0.9.0

type TPMTHA struct {

	// selector of the hash contained in the digest that implies the size of the digest
	HashAlg TPMIAlgHash `gotpm:"nullable"`
	// the digest data
	// NOTE: For convenience, this is not implemented as a union.
	Digest []byte
	// contains filtered or unexported fields
}

TPMTHA represents a TPMT_HA. See definition in Part 2: Structures, section 10.3.2.

type TPMTKDFScheme added in v0.9.0

type TPMTKDFScheme struct {

	// scheme selector
	Scheme TPMIAlgKDF `gotpm:"nullable"`
	// scheme parameters
	Details TPMUKDFScheme `gotpm:"tag=Scheme"`
	// contains filtered or unexported fields
}

TPMTKDFScheme represents a TPMT_KDF_SCHEME. See definition in Part 2: Structures, section 11.2.3.3.

type TPMTKeyedHashScheme added in v0.9.0

type TPMTKeyedHashScheme struct {
	Scheme  TPMIAlgKeyedHashScheme `gotpm:"nullable"`
	Details TPMUSchemeKeyedHash    `gotpm:"tag=Scheme"`
	// contains filtered or unexported fields
}

TPMTKeyedHashScheme represents a TPMT_KEYEDHASH_SCHEME. See definition in Part 2: Structures, section 11.1.23.

type TPMTPublic added in v0.9.0

type TPMTPublic struct {

	// “algorithm” associated with this object
	Type TPMIAlgPublic
	// algorithm used for computing the Name of the object
	NameAlg TPMIAlgHash
	// attributes that, along with type, determine the manipulations
	// of this object
	ObjectAttributes TPMAObject
	// optional policy for using this key
	// The policy is computed using the nameAlg of the object.
	AuthPolicy TPM2BDigest
	// the algorithm or structure details
	Parameters TPMUPublicParms `gotpm:"tag=Type"`
	// the unique identifier of the structure
	// For an asymmetric key, this would be the public key.
	Unique TPMUPublicID `gotpm:"tag=Type"`
	// contains filtered or unexported fields
}

TPMTPublic represents a TPMT_PUBLIC. See definition in Part 2: Structures, section 12.2.4.

type TPMTPublicParms added in v0.9.1

type TPMTPublicParms struct {

	// algorithm to be tested
	Type TPMIAlgPublic
	// algorithm details
	Parameters TPMUPublicParms `gotpm:"tag=Type"`
	// contains filtered or unexported fields
}

TPMTPublicParms represents a TPMT_PUBLIC_PARMS. See definition in Part 2: Structures, section 12.2.3.8.

type TPMTRSADecrypt added in v0.9.1

type TPMTRSADecrypt struct {

	// scheme selector
	Scheme TPMIAlgRSADecrypt `gotpm:"nullable"`
	// scheme parameters
	Details TPMUAsymScheme `gotpm:"tag=Scheme"`
	// contains filtered or unexported fields
}

TPMTRSADecrypt represents a TPMT_RSA_DECRYPT. See definition in Part 2: Structures, section 11.2.4.4.

type TPMTRSAScheme added in v0.9.0

type TPMTRSAScheme struct {

	// scheme selector
	Scheme TPMIAlgRSAScheme `gotpm:"nullable"`
	// scheme parameters
	Details TPMUAsymScheme `gotpm:"tag=Scheme"`
	// contains filtered or unexported fields
}

TPMTRSAScheme represents a TPMT_RSA_SCHEME. See definition in Part 2: Structures, section 11.2.4.2.

type TPMTSensitive added in v0.9.0

type TPMTSensitive struct {

	// identifier for the sensitive area
	SensitiveType TPMIAlgPublic
	// user authorization data
	AuthValue TPM2BAuth
	// for a parent object, the optional protection seed; for other objects,
	// the obfuscation value
	SeedValue TPM2BDigest
	// the type-specific private data
	Sensitive TPMUSensitiveComposite `gotpm:"tag=SensitiveType"`
	// contains filtered or unexported fields
}

TPMTSensitive represents a TPMT_SENSITIVE. See definition in Part 2: Structures, section 12.3.2.4.

type TPMTSigScheme added in v0.9.0

type TPMTSigScheme struct {
	Scheme  TPMIAlgSigScheme `gotpm:"nullable"`
	Details TPMUSigScheme    `gotpm:"tag=Scheme"`
	// contains filtered or unexported fields
}

TPMTSigScheme represents a TPMT_SIG_SCHEME. See definition in Part 2: Structures, section 11.2.1.5.

type TPMTSignature added in v0.9.0

type TPMTSignature struct {

	// selector of the algorithm used to construct the signature
	SigAlg TPMIAlgSigScheme `gotpm:"nullable"`
	// This shall be the actual signature information.
	Signature TPMUSignature `gotpm:"tag=SigAlg"`
	// contains filtered or unexported fields
}

TPMTSignature represents a TPMT_SIGNATURE. See definition in Part 2: Structures, section 11.3.4.

type TPMTSymDef added in v0.9.0

type TPMTSymDef struct {

	// indicates a symmetric algorithm
	Algorithm TPMIAlgSym `gotpm:"nullable"`
	// the key size
	KeyBits TPMUSymKeyBits `gotpm:"tag=Algorithm"`
	// the mode for the key
	Mode TPMUSymMode `gotpm:"tag=Algorithm"`
	// contains the additional algorithm details
	Details TPMUSymDetails `gotpm:"tag=Algorithm"`
	// contains filtered or unexported fields
}

TPMTSymDef represents a TPMT_SYM_DEF. See definition in Part 2: Structures, section 11.1.6.

type TPMTSymDefObject added in v0.9.0

type TPMTSymDefObject struct {

	// selects a symmetric block cipher
	// When used in the parameter area of a parent object, this shall
	// be a supported block cipher and not TPM_ALG_NULL
	Algorithm TPMIAlgSymObject `gotpm:"nullable"`
	// the key size
	KeyBits TPMUSymKeyBits `gotpm:"tag=Algorithm"`
	// default mode
	// When used in the parameter area of a parent object, this shall
	// be TPM_ALG_CFB.
	Mode TPMUSymMode `gotpm:"tag=Algorithm"`
	// contains the additional algorithm details, if any
	Details TPMUSymDetails `gotpm:"tag=Algorithm"`
	// contains filtered or unexported fields
}

TPMTSymDefObject represents a TPMT_SYM_DEF_OBJECT. See definition in Part 2: Structures, section 11.1.7.

type TPMTTKAuth added in v0.9.0

type TPMTTKAuth struct {

	// ticket structure tag
	Tag TPMST
	// the hierarchy of the object used to produce the ticket
	Hierarchy TPMIRHHierarchy `gotpm:"nullable"`
	// This shall be the HMAC produced using a proof value of hierarchy.
	Digest TPM2BDigest
	// contains filtered or unexported fields
}

TPMTTKAuth represents a TPMT_TK_AUTH. See definition in Part 2: Structures, section 10.7.5.

type TPMTTKCreation added in v0.9.0

type TPMTTKCreation struct {

	// ticket structure tag
	Tag TPMST
	// the hierarchy containing name
	Hierarchy TPMIRHHierarchy
	// This shall be the HMAC produced using a proof value of hierarchy.
	Digest TPM2BDigest
	// contains filtered or unexported fields
}

TPMTTKCreation represents a TPMT_TK_CREATION. See definition in Part 2: Structures, section 10.7.3.

type TPMTTKHashCheck added in v0.9.0

type TPMTTKHashCheck struct {

	// ticket structure tag
	Tag TPMST
	// the hierarchy
	Hierarchy TPMIRHHierarchy `gotpm:"nullable"`
	// This shall be the HMAC produced using a proof value of hierarchy.
	Digest TPM2BDigest
	// contains filtered or unexported fields
}

TPMTTKHashCheck represents a TPMT_TK_HASHCHECK. See definition in Part 2: Structures, section 10.7.6.

type TPMTTKVerified added in v0.9.0

type TPMTTKVerified struct {

	// ticket structure tag
	Tag TPMST
	// the hierarchy containing keyName
	Hierarchy TPMIRHHierarchy
	// This shall be the HMAC produced using a proof value of hierarchy.
	Digest TPM2BDigest
	// contains filtered or unexported fields
}

TPMTTKVerified represents a TPMT_TK_Verified. See definition in Part 2: Structures, section 10.7.4.

type TPMTTemplate added in v0.9.0

type TPMTTemplate struct {

	// “algorithm” associated with this object
	Type TPMIAlgPublic
	// algorithm used for computing the Name of the object
	NameAlg TPMIAlgHash
	// attributes that, along with type, determine the manipulations
	// of this object
	ObjectAttributes TPMAObject
	// optional policy for using this key
	// The policy is computed using the nameAlg of the object.
	AuthPolicy TPM2BDigest
	// the algorithm or structure details
	Parameters TPMUPublicParms `gotpm:"tag=Type"`
	// the derivation parameters
	Unique TPMSDerive
	// contains filtered or unexported fields
}

TPMTTemplate represents a TPMT_TEMPLATE. It is not defined in the spec. It represents the alternate form of TPMT_PUBLIC for TPM2B_TEMPLATE as described in Part 2: Structures, 12.2.6.

type TPMUAsymScheme added in v0.9.0

type TPMUAsymScheme struct {
	// contains filtered or unexported fields
}

TPMUAsymScheme represents a TPMU_ASYM_SCHEME. See definition in Part 2: Structures, section 11.2.3.5.

func NewTPMUAsymScheme added in v0.9.0

func NewTPMUAsymScheme[C AsymSchemeContents](selector TPMAlgID, contents C) TPMUAsymScheme

NewTPMUAsymScheme instantiates a TPMUAsymScheme with the given contents.

func (*TPMUAsymScheme) ECDAA added in v0.9.0

func (u *TPMUAsymScheme) ECDAA() (*TPMSSchemeECDAA, error)

ECDAA returns the 'ecdaa' member of the union.

func (*TPMUAsymScheme) ECDH added in v0.9.0

func (u *TPMUAsymScheme) ECDH() (*TPMSKeySchemeECDH, error)

ECDH returns the 'ecdh' member of the union.

func (*TPMUAsymScheme) ECDSA added in v0.9.0

func (u *TPMUAsymScheme) ECDSA() (*TPMSSigSchemeECDSA, error)

ECDSA returns the 'ecdsa' member of the union.

func (*TPMUAsymScheme) OAEP added in v0.9.0

func (u *TPMUAsymScheme) OAEP() (*TPMSEncSchemeOAEP, error)

OAEP returns the 'oaep' member of the union.

func (*TPMUAsymScheme) RSAES added in v0.9.0

func (u *TPMUAsymScheme) RSAES() (*TPMSEncSchemeRSAES, error)

RSAES returns the 'rsaes' member of the union.

func (*TPMUAsymScheme) RSAPSS added in v0.9.0

func (u *TPMUAsymScheme) RSAPSS() (*TPMSSigSchemeRSAPSS, error)

RSAPSS returns the 'rsapss' member of the union.

func (*TPMUAsymScheme) RSASSA added in v0.9.0

func (u *TPMUAsymScheme) RSASSA() (*TPMSSigSchemeRSASSA, error)

RSASSA returns the 'rsassa' member of the union.

type TPMUAttest added in v0.9.0

type TPMUAttest struct {
	// contains filtered or unexported fields
}

TPMUAttest represents a TPMU_ATTEST. See definition in Part 2: Structures, section 10.12.11.

func NewTPMUAttest added in v0.9.0

func NewTPMUAttest[C AttestContents](selector TPMST, contents C) TPMUAttest

NewTPMUAttest instantiates a TPMUAttest with the given contents.

func (*TPMUAttest) Certify added in v0.9.0

func (u *TPMUAttest) Certify() (*TPMSCertifyInfo, error)

Certify returns the 'certify' member of the union.

func (*TPMUAttest) CommandAudit added in v0.9.0

func (u *TPMUAttest) CommandAudit() (*TPMSCommandAuditInfo, error)

CommandAudit returns the 'commandAudit' member of the union.

func (*TPMUAttest) Creation added in v0.9.0

func (u *TPMUAttest) Creation() (*TPMSCreationInfo, error)

Creation returns the 'creation' member of the union.

func (*TPMUAttest) NV added in v0.9.0

func (u *TPMUAttest) NV() (*TPMSNVCertifyInfo, error)

NV returns the 'nv' member of the union.

func (*TPMUAttest) NVDigest added in v0.9.0

func (u *TPMUAttest) NVDigest() (*TPMSNVDigestCertifyInfo, error)

NVDigest returns the 'nvDigest' member of the union.

func (*TPMUAttest) Quote added in v0.9.0

func (u *TPMUAttest) Quote() (*TPMSQuoteInfo, error)

Quote returns the 'quote' member of the union.

func (*TPMUAttest) SessionAudit added in v0.9.0

func (u *TPMUAttest) SessionAudit() (*TPMSSessionAuditInfo, error)

SessionAudit returns the 'sessionAudit' member of the union.

func (*TPMUAttest) Time added in v0.9.0

func (u *TPMUAttest) Time() (*TPMSTimeAttestInfo, error)

Time returns the 'time' member of the union.

type TPMUCapabilities added in v0.9.0

type TPMUCapabilities struct {
	// contains filtered or unexported fields
}

TPMUCapabilities represents a TPMU_CAPABILITIES. See definition in Part 2: Structures, section 10.10.1.

func NewTPMUCapabilities added in v0.9.0

func NewTPMUCapabilities[C CapabilitiesContents](selector TPMCap, contents C) TPMUCapabilities

NewTPMUCapabilities instantiates a TPMUCapabilities with the given contents.

func (*TPMUCapabilities) ACTData added in v0.9.0

func (u *TPMUCapabilities) ACTData() (*TPMLACTData, error)

ACTData returns the 'actData' member of the union.

func (*TPMUCapabilities) Algorithms added in v0.9.0

func (u *TPMUCapabilities) Algorithms() (*TPMLAlgProperty, error)

Algorithms returns the 'algorithms' member of the union.

func (*TPMUCapabilities) AssignedPCR added in v0.9.0

func (u *TPMUCapabilities) AssignedPCR() (*TPMLPCRSelection, error)

AssignedPCR returns the 'assignedPCR' member of the union.

func (*TPMUCapabilities) AuditCommands added in v0.9.0

func (u *TPMUCapabilities) AuditCommands() (*TPMLCC, error)

AuditCommands returns the 'auditCommands' member of the union.

func (*TPMUCapabilities) AuthPolicies added in v0.9.0

func (u *TPMUCapabilities) AuthPolicies() (*TPMLTaggedPolicy, error)

AuthPolicies returns the 'authPolicies' member of the union.

func (*TPMUCapabilities) Command added in v0.9.0

func (u *TPMUCapabilities) Command() (*TPMLCCA, error)

Command returns the 'command' member of the union.

func (*TPMUCapabilities) ECCCurves added in v0.9.0

func (u *TPMUCapabilities) ECCCurves() (*TPMLECCCurve, error)

ECCCurves returns the 'eccCurves' member of the union.

func (*TPMUCapabilities) Handles added in v0.9.0

func (u *TPMUCapabilities) Handles() (*TPMLHandle, error)

Handles returns the 'handles' member of the union.

func (*TPMUCapabilities) PCRProperties added in v0.9.0

func (u *TPMUCapabilities) PCRProperties() (*TPMLTaggedPCRProperty, error)

PCRProperties returns the 'pcrProperties' member of the union.

func (*TPMUCapabilities) PPCommands added in v0.9.0

func (u *TPMUCapabilities) PPCommands() (*TPMLCC, error)

PPCommands returns the 'ppCommands' member of the union.

func (*TPMUCapabilities) TPMProperties added in v0.9.0

func (u *TPMUCapabilities) TPMProperties() (*TPMLTaggedTPMProperty, error)

TPMProperties returns the 'tpmProperties' member of the union.

type TPMUKDFScheme added in v0.9.0

type TPMUKDFScheme struct {
	// contains filtered or unexported fields
}

TPMUKDFScheme represents a TPMU_KDF_SCHEME. See definition in Part 2: Structures, section 11.2.3.2.

func NewTPMUKDFScheme added in v0.9.0

func NewTPMUKDFScheme[C KDFSchemeContents](selector TPMAlgID, contents C) TPMUKDFScheme

NewTPMUKDFScheme instantiates a TPMUKDFScheme with the given contents.

func (*TPMUKDFScheme) Bits added in v0.9.0

func (u *TPMUKDFScheme) Bits() (*TPM2BSensitiveData, error)

Bits returns the 'bits' member of the union.

func (*TPMUKDFScheme) ECC added in v0.9.0

func (u *TPMUKDFScheme) ECC() (*TPM2BECCParameter, error)

ECC returns the 'ecc' member of the union.

func (*TPMUKDFScheme) ECDH added in v0.9.0

func (u *TPMUKDFScheme) ECDH() (*TPMSKDFSchemeECDH, error)

ECDH returns the 'ecdh' member of the union.

func (*TPMUKDFScheme) KDF1SP800108 added in v0.9.0

func (u *TPMUKDFScheme) KDF1SP800108() (*TPMSKDFSchemeKDF1SP800108, error)

KDF1SP800108 returns the 'kdf1sp800108' member of the union.

func (*TPMUKDFScheme) KDF1SP80056A added in v0.9.0

func (u *TPMUKDFScheme) KDF1SP80056A() (*TPMSKDFSchemeKDF1SP80056A, error)

KDF1SP80056A returns the 'kdf1sp80056a' member of the union.

func (*TPMUKDFScheme) KDF2 added in v0.9.0

func (u *TPMUKDFScheme) KDF2() (*TPMSKDFSchemeKDF2, error)

KDF2 returns the 'kdf2' member of the union.

func (*TPMUKDFScheme) MGF1 added in v0.9.0

func (u *TPMUKDFScheme) MGF1() (*TPMSKDFSchemeMGF1, error)

MGF1 returns the 'mgf1' member of the union.

func (*TPMUKDFScheme) RSA added in v0.9.0

func (u *TPMUKDFScheme) RSA() (*TPM2BPrivateKeyRSA, error)

RSA returns the 'rsa' member of the union.

func (*TPMUKDFScheme) Sym added in v0.9.0

func (u *TPMUKDFScheme) Sym() (*TPM2BSymKey, error)

Sym returns the 'sym' member of the union.

type TPMUPublicID added in v0.9.0

type TPMUPublicID struct {
	// contains filtered or unexported fields
}

TPMUPublicID represents a TPMU_PUBLIC_ID. See definition in Part 2: Structures, section 12.2.3.2.

func NewTPMUPublicID added in v0.9.0

func NewTPMUPublicID[C PublicIDContents](selector TPMAlgID, contents C) TPMUPublicID

NewTPMUPublicID instantiates a TPMUPublicID with the given contents.

func (*TPMUPublicID) ECC added in v0.9.0

func (u *TPMUPublicID) ECC() (*TPMSECCPoint, error)

ECC returns the 'ecc' member of the union.

func (*TPMUPublicID) KeyedHash added in v0.9.0

func (u *TPMUPublicID) KeyedHash() (*TPM2BDigest, error)

KeyedHash returns the 'keyedHash' member of the union.

func (*TPMUPublicID) RSA added in v0.9.0

func (u *TPMUPublicID) RSA() (*TPM2BPublicKeyRSA, error)

RSA returns the 'rsa' member of the union.

func (*TPMUPublicID) SymCipher added in v0.9.0

func (u *TPMUPublicID) SymCipher() (*TPM2BDigest, error)

SymCipher returns the 'symCipher' member of the union.

type TPMUPublicParms added in v0.9.0

type TPMUPublicParms struct {
	// contains filtered or unexported fields
}

TPMUPublicParms represents a TPMU_PUBLIC_PARMS. See definition in Part 2: Structures, section 12.2.3.7.

func NewTPMUPublicParms added in v0.9.0

func NewTPMUPublicParms[C PublicParmsContents](selector TPMAlgID, contents C) TPMUPublicParms

NewTPMUPublicParms instantiates a TPMUPublicParms with the given contents.

func (*TPMUPublicParms) ECCDetail added in v0.9.0

func (u *TPMUPublicParms) ECCDetail() (*TPMSECCParms, error)

ECCDetail returns the 'eccDetail' member of the union.

func (*TPMUPublicParms) KeyedHashDetail added in v0.9.0

func (u *TPMUPublicParms) KeyedHashDetail() (*TPMSKeyedHashParms, error)

KeyedHashDetail returns the 'keyedHashDetail' member of the union.

func (*TPMUPublicParms) RSADetail added in v0.9.0

func (u *TPMUPublicParms) RSADetail() (*TPMSRSAParms, error)

RSADetail returns the 'rsaDetail' member of the union.

func (*TPMUPublicParms) SymDetail added in v0.9.0

func (u *TPMUPublicParms) SymDetail() (*TPMSSymCipherParms, error)

SymDetail returns the 'symDetail' member of the union.

type TPMUSchemeKeyedHash added in v0.9.0

type TPMUSchemeKeyedHash struct {
	// contains filtered or unexported fields
}

TPMUSchemeKeyedHash represents a TPMU_SCHEME_KEYEDHASH. See definition in Part 2: Structures, section 11.1.22.

func NewTPMUSchemeKeyedHash added in v0.9.0

func NewTPMUSchemeKeyedHash[C SchemeKeyedHashContents](selector TPMAlgID, contents C) TPMUSchemeKeyedHash

NewTPMUSchemeKeyedHash instantiates a TPMUSchemeKeyedHash with the given contents.

func (*TPMUSchemeKeyedHash) HMAC added in v0.9.0

HMAC returns the 'hmac' member of the union.

func (*TPMUSchemeKeyedHash) XOR added in v0.9.0

XOR returns the 'xor' member of the union.

type TPMUSensitiveComposite added in v0.9.0

type TPMUSensitiveComposite struct {
	// contains filtered or unexported fields
}

TPMUSensitiveComposite represents a TPMU_SENSITIVE_COMPOSITE. See definition in Part 2: Structures, section 12.3.2.3.

func NewTPMUSensitiveComposite added in v0.9.0

func NewTPMUSensitiveComposite[C SensitiveCompositeContents](selector TPMAlgID, contents C) TPMUSensitiveComposite

NewTPMUSensitiveComposite instantiates a TPMUSensitiveComposite with the given contents.

type TPMUSensitiveCreate added in v0.9.0

type TPMUSensitiveCreate struct {
	// contains filtered or unexported fields
}

TPMUSensitiveCreate represents a TPMU_SENSITIVE_CREATE. See definition in Part 2: Structures, section 11.1.13.

func NewTPMUSensitiveCreate added in v0.9.0

func NewTPMUSensitiveCreate[C SensitiveCreateContents](contents C) TPMUSensitiveCreate

NewTPMUSensitiveCreate instantiates a TPMUSensitiveCreate with the given contents.

type TPMUSigScheme added in v0.9.0

type TPMUSigScheme struct {
	// contains filtered or unexported fields
}

TPMUSigScheme represents a TPMU_SIG_SCHEME. See definition in Part 2: Structures, section 11.2.1.4.

func NewTPMUSigScheme added in v0.9.0

func NewTPMUSigScheme[C SigSchemeContents](selector TPMAlgID, contents C) TPMUSigScheme

NewTPMUSigScheme instantiates a TPMUSigScheme with the given contents.

func (*TPMUSigScheme) ECDAA added in v0.9.0

func (u *TPMUSigScheme) ECDAA() (*TPMSSchemeECDAA, error)

ECDAA returns the 'ecdaa' member of the union.

func (*TPMUSigScheme) ECDSA added in v0.9.0

func (u *TPMUSigScheme) ECDSA() (*TPMSSchemeHash, error)

ECDSA returns the 'ecdsa' member of the union.

func (*TPMUSigScheme) HMAC added in v0.9.0

func (u *TPMUSigScheme) HMAC() (*TPMSSchemeHMAC, error)

HMAC returns the 'hmac' member of the union.

func (*TPMUSigScheme) RSAPSS added in v0.9.0

func (u *TPMUSigScheme) RSAPSS() (*TPMSSchemeHash, error)

RSAPSS returns the 'rsapss' member of the union.

func (*TPMUSigScheme) RSASSA added in v0.9.0

func (u *TPMUSigScheme) RSASSA() (*TPMSSchemeHash, error)

RSASSA returns the 'rsassa' member of the union.

type TPMUSignature added in v0.9.0

type TPMUSignature struct {
	// contains filtered or unexported fields
}

TPMUSignature represents a TPMU_SIGNATURE. See definition in Part 2: Structures, section 11.3.3.

func NewTPMUSignature added in v0.9.0

func NewTPMUSignature[C SignatureContents](selector TPMAlgID, contents C) TPMUSignature

NewTPMUSignature instantiates a TPMUSignature with the given contents.

func (*TPMUSignature) ECDAA added in v0.9.0

func (u *TPMUSignature) ECDAA() (*TPMSSignatureECC, error)

ECDAA returns the 'ecdaa' member of the union.

func (*TPMUSignature) ECDSA added in v0.9.0

func (u *TPMUSignature) ECDSA() (*TPMSSignatureECC, error)

ECDSA returns the 'ecdsa' member of the union.

func (*TPMUSignature) HMAC added in v0.9.0

func (u *TPMUSignature) HMAC() (*TPMTHA, error)

HMAC returns the 'hmac' member of the union.

func (*TPMUSignature) RSAPSS added in v0.9.0

func (u *TPMUSignature) RSAPSS() (*TPMSSignatureRSA, error)

RSAPSS returns the 'rsapss' member of the union.

func (*TPMUSignature) RSASSA added in v0.9.0

func (u *TPMUSignature) RSASSA() (*TPMSSignatureRSA, error)

RSASSA returns the 'rsassa' member of the union.

type TPMUSymDetails added in v0.9.0

type TPMUSymDetails struct {
	// contains filtered or unexported fields
}

TPMUSymDetails represents a TPMU_SYM_DETAILS. See definition in Part 2: Structures, section 11.1.5.

type TPMUSymKeyBits added in v0.9.0

type TPMUSymKeyBits struct {
	// contains filtered or unexported fields
}

TPMUSymKeyBits represents a TPMU_SYM_KEY_BITS. See definition in Part 2: Structures, section 11.1.3.

func NewTPMUSymKeyBits added in v0.9.0

func NewTPMUSymKeyBits[C SymKeyBitsContents](selector TPMAlgID, contents C) TPMUSymKeyBits

NewTPMUSymKeyBits instantiates a TPMUSymKeyBits with the given contents.

func (*TPMUSymKeyBits) AES added in v0.9.0

func (u *TPMUSymKeyBits) AES() (*TPMKeyBits, error)

AES returns the 'aes' member of the union.

func (*TPMUSymKeyBits) XOR added in v0.9.0

func (u *TPMUSymKeyBits) XOR() (*TPMAlgID, error)

XOR returns the 'xor' member of the union.

type TPMUSymMode added in v0.9.0

type TPMUSymMode struct {
	// contains filtered or unexported fields
}

TPMUSymMode represents a TPMU_SYM_MODE. See definition in Part 2: Structures, section 11.1.4.

func NewTPMUSymDetails added in v0.9.0

func NewTPMUSymDetails[C SymDetailsContents](selector TPMAlgID, contents C) TPMUSymMode

NewTPMUSymDetails instantiates a TPMUSymDetails with the given contents.

func NewTPMUSymMode added in v0.9.0

func NewTPMUSymMode[C SymModeContents](selector TPMAlgID, contents C) TPMUSymMode

NewTPMUSymMode instantiates a TPMUSymMode with the given contents.

func (*TPMUSymMode) AES added in v0.9.0

func (u *TPMUSymMode) AES() (*TPMIAlgSymMode, error)

AES returns the 'aes' member of the union.

type TemplateContents added in v0.9.0

type TemplateContents interface {
	Marshallable
	*TPMTPublic | *TPMTTemplate
}

TemplateContents is a type constraint representing the possible contents of TPMUTemplate.

type TestParms added in v0.9.1

type TestParms struct {
	// Algorithms parameters to be validates
	Parameters TPMTPublicParms
}

TestParms is the input to TPM2_TestParms. See definition in Part 3, Commands, section 30.3

func (TestParms) Command added in v0.9.1

func (TestParms) Command() TPMCC

Command implements the Command interface.

func (TestParms) Execute added in v0.9.1

func (cmd TestParms) Execute(t transport.TPM, s ...Session) (*TestParmsResponse, error)

Execute executes the command and returns the response.

type TestParmsResponse added in v0.9.1

type TestParmsResponse struct{}

TestParmsResponse is the response from TPM2_TestParms.

type Unmarshallable added in v0.9.0

type Unmarshallable interface {
	Marshallable
	// contains filtered or unexported methods
}

Unmarshallable represents any TPM type that can be marshalled or unmarshalled.

type Unseal

type Unseal struct {
	ItemHandle handle `gotpm:"handle,auth"`
}

Unseal is the input to TPM2_Unseal. See definition in Part 3, Commands, section 12.7

func (Unseal) Command added in v0.9.0

func (Unseal) Command() TPMCC

Command implements the Command interface.

func (Unseal) Execute added in v0.9.0

func (cmd Unseal) Execute(t transport.TPM, s ...Session) (*UnsealResponse, error)

Execute executes the command and returns the response.

type UnsealResponse added in v0.9.0

type UnsealResponse struct {
	OutData TPM2BSensitiveData
}

UnsealResponse is the response from TPM2_Unseal.

type VerifySignature added in v0.9.0

type VerifySignature struct {
	// handle of public key that will be used in the validation
	KeyHandle handle `gotpm:"handle"`
	// digest of the signed message
	Digest TPM2BDigest
	// signature to be tested
	Signature TPMTSignature
}

VerifySignature is the input to TPM2_VerifySignature. See definition in Part 3, Commands, section 20.1

func (VerifySignature) Command added in v0.9.0

func (VerifySignature) Command() TPMCC

Command implements the Command interface.

func (VerifySignature) Execute added in v0.9.0

Execute executes the command and returns the response.

type VerifySignatureResponse added in v0.9.0

type VerifySignatureResponse struct {
	Validation TPMTTKVerified
}

VerifySignatureResponse is the response from TPM2_VerifySignature.

Directories

Path Synopsis
Package transport implements types for physically talking to TPMs.
Package transport implements types for physically talking to TPMs.
simulator
Package simulator provides access to a local simulator for TPM testing.
Package simulator provides access to a local simulator for TPM testing.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL