tspi

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 2, 2021 License: Apache-2.0 Imports: 13 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var TSS_UUID_CRK = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source 
var TSS_UUID_RK = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source 
var TSS_UUID_SK = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source 
var TSS_UUID_SRK = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source 
var TSS_UUID_USK1 = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source 
var TSS_UUID_USK2 = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source 
var TSS_UUID_USK3 = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source 
var TSS_UUID_USK4 = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source 
var TSS_UUID_USK5 = C.TSS_UUID{
	// contains filtered or unexported fields
}
View Source 
var TSS_UUID_USK6 = C.TSS_UUID{
	// contains filtered or unexported fields
}

Functions

func ModulusFromBlob 

func ModulusFromBlob(blob []byte) []byte

ModulusFromBlob provides the modulus of a provided TSS key blob

Types

type Context 

type Context struct {
	// contains filtered or unexported fields
}

Context is a TSS context

func NewContext 

func NewContext() (*Context, error)

NewContext returns a TSS daemon context

func (*Context) Close 

func (context *Context) Close() error

Close closes the connection between the context and the TSS daemon. It returns an error on failure.

func (*Context) Connect 

func (context *Context) Connect() error

Connect opens a connection between the context and the TSS daemon. It returns an error on failure.

func (*Context) CreateHash added in v0.2.0 

func (context *Context) CreateHash(hash crypto.Hash) (*Hash, error)

CreateHash creates a Hash object for the given hash algorithm. If using an algorithm other than crypto.SHA1 and if you are signing with this hash then make sure the key is created with signing algorithm TSS_SS_RSASSAPKCS1V15_DER.

func (*Context) CreateKey 

func (context *Context) CreateKey(flags int) (*Key, error)

CreateKey creates a TSS object referring to a TPM key. It returns a reference to the object and any error.

func (*Context) CreateNV 

func (context *Context) CreateNV() (*NV, error)

CreateNV creates a TSS object referring to a TPM NVRAM area. It returns a reference to the object and any error.

func (*Context) CreatePCRs 

func (context *Context) CreatePCRs(flags int) (*PCRs, error)

CreatePCRs creates an object referring to a TSS PCR composite. It returns a reference to the object plus any error.

func (*Context) CreatePolicy 

func (context *Context) CreatePolicy(flags int) (*Policy, error)

CreatePolicy creates an object referring to a TSS policy. It returns a reference to the object plus any error.

func (*Context) GetCapability added in v0.2.0 

func (context *Context) GetCapability(capa int, subcaplen uint, subcap uint8) ([]byte, error)

GetCapability reads the requested capability and subcapability from the TPM. A list of capabilities and subcapabilities can be found under tspiconst/tpsiconst. For usage information see Section 21.1 of the TPM1.2 main specification-part2.

func (*Context) GetTPM 

func (context *Context) GetTPM() *TPM

GetTPM returns a reference to the TPM associated with this context

func (*Context) LoadKeyByBlob 

func (context *Context) LoadKeyByBlob(parent *Key, blob []byte) (*Key, error)

LoadKeyByBlob takes an encrypted key blob and reads it into the TPM. It takes a reference to the parent key and the key blob, and returns a reference to the key and any error.

func (*Context) LoadKeyByUUID 

func (context *Context) LoadKeyByUUID(storetype int, uuid C.TSS_UUID) (*Key, error)

LoadKeyByUUID loads the key referenced by UUID. The storetype argument indicates whether the key should be obtained from the system or user stores. It returns a reference to the key and any error.

type Hash 

type Hash struct {
	// contains filtered or unexported fields
}

Hash is a TSS hash

func (*Hash) Close added in v0.2.0 

func (hash *Hash) Close() error

Close closes the Hash object.

func (*Hash) SetValue added in v0.2.0 

func (hash *Hash) SetValue(hashed []byte) error

SetValue sets the value of the hash to the given bytes

func (*Hash) Sign added in v0.2.0 

func (hash *Hash) Sign(key *Key) ([]byte, error)

Sign uses the provided key to create a signature.

func (*Hash) Update 

func (hash *Hash) Update(data []byte) error

Update updates a TSS hash with the data provided. It returns an error on failure.

func (*Hash) Verify 

func (hash *Hash) Verify(key *Key, signature []byte) error

Verify checks whether a hash matches the signature signed with the provided key. It returns an error on failure.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Key is a TSS key

func (*Key) AssignPolicy added in v0.2.0 

func (key *Key) AssignPolicy(policy *Policy) error

AssignPolicy assigns a TSS policy to the key.

func (*Key) Bind 

func (key *Key) Bind(data []byte) ([]byte, error)

Bind encrypts some data using the TPM and returns it.

func (*Key) Certify 

func (key *Key) Certify(certifykey *Key, challenge []byte) ([]byte, []byte, error)

Certify signs the public key with another key held by the TPM

func (*Key) Close added in v0.2.0 

func (key *Key) Close() error

Close closes the Key object.

func (*Key) GenerateKey 

func (key *Key) GenerateKey(wrapkey *Key) (err error)

GenerateKey generates a key pair on the TPM, wrapping it with the provided key

func (*Key) GetExponent added in v0.2.0 

func (key *Key) GetExponent() (uint32, error)

GetExponent returns the exponent of the public key

func (*Key) GetKeyBlob 

func (key *Key) GetKeyBlob() ([]byte, error)

GetKeyBlob returns an encrypted blob containing the public and private halves of the key

func (*Key) GetModulus 

func (key *Key) GetModulus() (modulus []byte, err error)

GetModulus returns the modulus of the public key

func (*Key) GetPolicy 

func (key *Key) GetPolicy(poltype int) (*Policy, error)

GetPolicy returns the policy associated with the key

func (*Key) GetPubKeyBlob 

func (key *Key) GetPubKeyBlob() (pubkey []byte, err error)

GetPubKeyBlob returns the public half of the key in TPM blob format

func (*Key) GetPublicKey added in v0.2.0 

func (key *Key) GetPublicKey() (*rsa.PublicKey, error)

GetPublicKey returns a go-native *rsa.PublicKey instance of this key's public key

func (*Key) Seal 

func (key *Key) Seal(data []byte, pcrs *PCRs) ([]byte, error)

Seal encrypts the data using the TPM such that it can only be decrypted when the TPM's PCR values match the values set on the provided PCRs object. If pcrs is nil, the data will be sealed to the TPM but may be decrypted regardless of platform state.

func (*Key) SetModulus 

func (key *Key) SetModulus(n []byte) error

SetModulus sets the modulus of a public key to the provided value

func (*Key) SetSignatureScheme added in v0.2.0 

func (key *Key) SetSignatureScheme(scheme int) error

SetSignatureScheme sets the signature scheme on a newly created key. The scheme parameter should be one of tspiconst.TSS_SS_RSASSAPKCS1V15_SHA1 or tspiconst.TSS_SS_RSASSAPKCS1V15_DER

func (*Key) Unbind 

func (key *Key) Unbind(data []byte) ([]byte, error)

Unbind decrypts data previously encrypted with this key

func (*Key) Unseal 

func (key *Key) Unseal(data []byte) ([]byte, error)

Unseal decrypts data previously encrypted with this key as long as the PCR values match those the data was sealed against

type NV 

type NV struct {
	// contains filtered or unexported fields
}

NV is a TSS NV object

func (*NV) AssignPolicy 

func (nv *NV) AssignPolicy(policy *Policy) error

AssignPolicy assigns a policy to the TPM NVRAM region

func (*NV) Close added in v0.2.0 

func (nv *NV) Close() error

Close closes the NV object.

func (*NV) ReadValue 

func (nv *NV) ReadValue(offset uint, length uint) ([]byte, error)

ReadValue reads length bytes from offset in the TPM NVRAM space

func (*NV) SetIndex 

func (nv *NV) SetIndex(index uint) error

SetIndex sets the TPM NVRAM index that will be referenced by ReadValue()

type PCRs 

type PCRs struct {
	// contains filtered or unexported fields
}

PCRs is a structure representing a PCR object and the PCR values

func (*PCRs) Close added in v0.2.0 

func (pcrs *PCRs) Close() error

Close closes the PCRs object.

func (*PCRs) GetPCRValues 

func (pcrs *PCRs) GetPCRValues() ([][]byte, error)

GetPCRValues obtains the PCR values for any PCRs that have been set.

func (*PCRs) SetPCRs 

func (pcrs *PCRs) SetPCRs(pcrset []int) error

SetPCRs takes an array of integers referring to PCRs. Any queries performed with this PCR object will then query these PCRs.

type Policy 

type Policy struct {
	// contains filtered or unexported fields
}

Policy is a TSS policy object

func (*Policy) Close added in v0.2.0 

func (policy *Policy) Close() error

Close closes the Policy object.

func (*Policy) SetSecret 

func (policy *Policy) SetSecret(sectype int, secret []byte) error

SetSecret sets the secret for a policy. This policy may then be applied to another object.

type TPM 

type TPM struct {
	// contains filtered or unexported fields
}

TPM is a TSS TPM object

func (*TPM) ActivateIdentity 

func (tpm *TPM) ActivateIdentity(aik *Key, asymblob []byte, symblob []byte) (secret []byte, err error)

ActivateIdentity accepts an encrypted key blob representing the AIK and two blobs representing the asymmetric and symmetric challenges associated with the AIK. If the TPM is able to decrypt the challenges and the challenges correspond to the AIK, the TPM will return the original challenge secret.

func (*TPM) AssignPolicy 

func (tpm *TPM) AssignPolicy(policy *Policy) error

AssignPolicy assigns a TSS policy to the TPM.

func (*TPM) Close added in v0.2.0 

func (tpm *TPM) Close() error

Close closes the TPM object.

func (*TPM) CollateIdentityRequest 

func (tpm *TPM) CollateIdentityRequest(srk *Key, pubkey *Key, aik *Key) ([]byte, error)

CollateIdentityRequest creates a signing request for the provided AIKq

func (*TPM) ExtendPCR 

func (tpm *TPM) ExtendPCR(pcr int, data []byte, eventtype int, event []byte) error

ExtendPCR extends a pcr. If event is nil, data must be pre-hashed with SHA1. If event is not nil, event is used to populate the TSS event log. If both data and event are provided, both will be used to create the extend hash.

func (*TPM) GetEventLog 

func (tpm *TPM) GetEventLog() ([]tspiconst.Log, error)

GetEventLog returns an array of structures representing the contents of the TSS event log

func (*TPM) GetPCRValues added in v0.2.0 

func (tpm *TPM) GetPCRValues() ([][]byte, error)

GetPCRValues obtains the PCR values from the TPM.

func (*TPM) GetPolicy 

func (tpm *TPM) GetPolicy(poltype int) (*Policy, error)

GetPolicy returns the TSS policy associated with the TPM.

func (*TPM) GetQuote 

func (tpm *TPM) GetQuote(aik *Key, pcrs *PCRs, challenge []byte) ([]byte, []byte, error)

GetQuote takes an encrypted key blob representing the AIK, a set of PCRs and a challenge and returns a blob containing a hash of the PCR hashes and the challenge, and a validation blob signed by the AIK.

func (*TPM) TakeOwnership 

func (tpm *TPM) TakeOwnership(srk *Key) error

TakeOwnership transitions a TPM from unowned state to owned, installing the encrypted key blob as the SRK.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.