Documentation ¶
Overview ¶
Package pgtpm provides TPM2.0 utilities.
Index ¶
- Constants
- func ExtractCredential(key interface{}, blob, encSeed, ekPublic, akPublic []byte) ([]byte, error)
- func KDFa(h func() hash.Hash, key []byte, label string, context []byte, numbytes int) ([]byte, error)
- func KDFe(h func() hash.Hash, z []byte, label string, partyU, partyV []byte, ...) ([]byte, error)
- func MakeCredential(cred, ekPublic, akPublic []byte) ([]byte, []byte, error)
- func MakeCredentialUsingName(cred, ekPublic, akName []byte) ([]byte, []byte, error)
- func PrivateKeyFromActiveHandle(rw io.ReadWriter, handle tpmutil.Handle) (crypto.Signer, error)
- type Algorithm
- type AlgorithmAttribute
- type Capability
- type Command
- type ECCParams
- type ECPoint
- type EllipticCurve
- type Handle
- type HandleType
- type KDFScheme
- type KeyedHashParams
- type MSSimulator
- type ObjectAttribute
- type PrivateKey
- type PublicTemplate
- type RSAParams
- type SigScheme
- type SymCipherParams
- type SymScheme
Constants ¶
const ( TPM2_HR_HANDLE_MASK uint32 = 0x00FFFFFF TPM2_HR_RANGE_MASK uint32 = 0xFF000000 TPM2_HR_SHIFT uint32 = 24 )
Handle mask, range and shift values.
Variables ¶
This section is empty.
Functions ¶
func ExtractCredential ¶
ExtractCredential extracts a credential from a credential bloc and encrypted seed created by MakeCredential. This function is primarily for testing and demonstration purposes, since in practice the private key corresponding to the TPM endorsement key public area will not be available.
func KDFa ¶
func KDFa(h func() hash.Hash, key []byte, label string, context []byte, numbytes int) ([]byte, error)
KDFa implements the KDFa function per the TPM2.0 spec.
func KDFe ¶
func KDFe(h func() hash.Hash, z []byte, label string, partyU, partyV []byte, numbytes int) ([]byte, error)
KDFe implements the KDFe function per the TPM2.0 spec.
func MakeCredential ¶
MakeCredential makes a credential for the object with the public area akPublic, to be activated by the object with the public area ekPublic. The credential blob and the encrypted seed are returned.
func MakeCredentialUsingName ¶
MakeCredentialUsingName uses the AK name directly and does not try to compute it. The credential blob and the encrypted seed are returned.
func PrivateKeyFromActiveHandle ¶
PrivateKeyFromActiveHandle returns a private key object representing the key referred to by the specified handle. The caller is responsible for ensuring that the handle for the key is not changed, and the io.ReadWriter is not closed, until the returned key will no longer be used.
Types ¶
type Algorithm ¶
type Algorithm uint16
Algorithm is a TPM2_ALG_ID Constant.
const ( TPM2_ALG_ERROR Algorithm = 0x0000 TPM2_ALG_RSA Algorithm = 0x0001 TPM2_ALG_TDES Algorithm = 0x0003 TPM2_ALG_SHA1 Algorithm = 0x0004 TPM2_ALG_HMAC Algorithm = 0x0005 TPM2_ALG_AES Algorithm = 0x0006 TPM2_ALG_MGF1 Algorithm = 0x0007 TPM2_ALG_KEYEDHASH Algorithm = 0x0008 TPM2_ALG_XOR Algorithm = 0x000a TPM2_ALG_SHA256 Algorithm = 0x000b TPM2_ALG_SHA384 Algorithm = 0x000c TPM2_ALG_SHA512 Algorithm = 0x000d TPM2_ALG_NULL Algorithm = 0x0010 TPM2_ALG_SM3_256 Algorithm = 0x0012 TPM2_ALG_SM4 Algorithm = 0x0013 TPM2_ALG_RSASSA Algorithm = 0x0014 TPM2_ALG_RSAES Algorithm = 0x0015 TPM2_ALG_RSAPSS Algorithm = 0x0016 TPM2_ALG_OAEP Algorithm = 0x0017 TPM2_ALG_ECDSA Algorithm = 0x0018 TPM2_ALG_ECDH Algorithm = 0x0019 TPM2_ALG_ECDAA Algorithm = 0x001a TPM2_ALG_SM2 Algorithm = 0x001b TPM2_ALG_ECSCHNORR Algorithm = 0x001c TPM2_ALG_ECMQV Algorithm = 0x001d TPM2_ALG_KDF1_SP800_56A Algorithm = 0x0020 TPM2_ALG_KDF2 Algorithm = 0x0021 TPM2_ALG_KDF1_SP800_108 Algorithm = 0x0022 TPM2_ALG_ECC Algorithm = 0x0023 TPM2_ALG_SYMCIPHER Algorithm = 0x0025 TPM2_ALG_CAMELLIA Algorithm = 0x0026 TPM2_ALG_SHA3_256 Algorithm = 0x0027 TPM2_ALG_SHA3_384 Algorithm = 0x0028 TPM2_ALG_SHA3_512 Algorithm = 0x0029 TPM2_ALG_CMAC Algorithm = 0x003f TPM2_ALG_CTR Algorithm = 0x0040 TPM2_ALG_OFB Algorithm = 0x0041 TPM2_ALG_CBC Algorithm = 0x0042 TPM2_ALG_CFB Algorithm = 0x0043 TPM2_ALG_ECB Algorithm = 0x0044 )
Algorithm constants.
func (Algorithm) MarshalJSON ¶
MarshalJSON returns the JSON-encoding of a value.
func (*Algorithm) UnmarshalJSON ¶
UnmarshalJSON parses a JSON-encoded value and stores the result in the object.
type AlgorithmAttribute ¶
type AlgorithmAttribute uint32
AlgorithmAttribute is a UINT32 TPMA_ALGORITHM Bit Constant.
const ( TPMA_ALGORITHM_ASYMMETRIC AlgorithmAttribute = 0x0001 TPMA_ALGORITHM_SYMMETRIC AlgorithmAttribute = 0x0002 TPMA_ALGORITHM_HASH AlgorithmAttribute = 0x0004 TPMA_ALGORITHM_OBJECT AlgorithmAttribute = 0x0008 TPMA_ALGORITHM_SIGNING AlgorithmAttribute = 0x0100 TPMA_ALGORITHM_ENCRYPTING AlgorithmAttribute = 0x0200 TPMA_ALGORITHM_METHOD AlgorithmAttribute = 0x0400 )
Algorithm attribute constants.
func (AlgorithmAttribute) MarshalJSON ¶
func (a AlgorithmAttribute) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON-encoding of a value.
func (AlgorithmAttribute) String ¶
func (a AlgorithmAttribute) String() string
String returns a string representation of a value.
func (*AlgorithmAttribute) UnmarshalJSON ¶
func (a *AlgorithmAttribute) UnmarshalJSON(b []byte) error
UnmarshalJSON parses a JSON-encoded value and stores the result in the object.
type Capability ¶
type Capability uint32
Capability is a UINT32 TPM2_CAP Constant.
const ( TPM2_CAP_FIRST Capability = 0x00000000 TPM2_CAP_ALGS Capability = 0x00000000 TPM2_CAP_HANDLES Capability = 0x00000001 TPM2_CAP_COMMANDS Capability = 0x00000002 TPM2_CAP_PP_COMMANDS Capability = 0x00000003 TPM2_CAP_AUDIT_COMMANDS Capability = 0x00000004 TPM2_CAP_PCRS Capability = 0x00000005 TPM2_CAP_TPM_PROPERTIES Capability = 0x00000006 TPM2_CAP_PCR_PROPERTIES Capability = 0x00000007 TPM2_CAP_ECC_CURVES Capability = 0x00000008 TPM2_CAP_LAST Capability = 0x00000008 TPM2_CAP_VENDOR_PROPERTY Capability = 0x00000100 )
Capability constants.
func (Capability) MarshalJSON ¶
func (c Capability) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON-encoding of a value.
func (Capability) String ¶
func (c Capability) String() string
String returns a string representation of a value.
func (*Capability) UnmarshalJSON ¶
func (c *Capability) UnmarshalJSON(b []byte) error
UnmarshalJSON parses a JSON-encoded value and stores the result in the object.
type Command ¶
type Command uint32
Command is a TPM2_CC Constant.
const ( TPM2_CC_NV_UndefineSpaceSpecial Command = 0x0000011f TPM2_CC_EvictControl Command = 0x00000120 TPM2_CC_HierarchyControl Command = 0x00000121 TPM2_CC_NV_UndefineSpace Command = 0x00000122 TPM2_CC_ChangeEPS Command = 0x00000124 TPM2_CC_ChangePPS Command = 0x00000125 TPM2_CC_Clear Command = 0x00000126 TPM2_CC_ClearControl Command = 0x00000127 TPM2_CC_ClockSet Command = 0x00000128 TPM2_CC_HierarchyChangeAuth Command = 0x00000129 TPM2_CC_NV_DefineSpace Command = 0x0000012a TPM2_CC_PCR_Allocate Command = 0x0000012b TPM2_CC_PCR_SetAuthPolicy Command = 0x0000012c TPM2_CC_PP_Commands Command = 0x0000012d TPM2_CC_SetPrimaryPolicy Command = 0x0000012e TPM2_CC_FieldUpgradeStart Command = 0x0000012f TPM2_CC_ClockRateAdjust Command = 0x00000130 TPM2_CC_CreatePrimary Command = 0x00000131 TPM2_CC_NV_GlobalWriteLock Command = 0x00000132 TPM2_CC_GetCommandAuditDigest Command = 0x00000133 TPM2_CC_NV_Increment Command = 0x00000134 TPM2_CC_NV_SetBits Command = 0x00000135 TPM2_CC_NV_Extend Command = 0x00000136 TPM2_CC_NV_Write Command = 0x00000137 TPM2_CC_NV_WriteLock Command = 0x00000138 TPM2_CC_DictionaryAttackLockReset Command = 0x00000139 TPM2_CC_DictionaryAttackParameters Command = 0x0000013a TPM2_CC_NV_ChangeAuth Command = 0x0000013b TPM2_CC_PCR_Event Command = 0x0000013c TPM2_CC_PCR_Reset Command = 0x0000013d TPM2_CC_SequenceComplete Command = 0x0000013e TPM2_CC_SetAlgorithmSet Command = 0x0000013f TPM2_CC_SetCommandCodeAuditStatus Command = 0x00000140 TPM2_CC_FieldUpgradeData Command = 0x00000141 TPM2_CC_IncrementalSelfTest Command = 0x00000142 TPM2_CC_SelfTest Command = 0x00000143 TPM2_CC_Startup Command = 0x00000144 TPM2_CC_Shutdown Command = 0x00000145 TPM2_CC_StirRandom Command = 0x00000146 TPM2_CC_ActivateCredential Command = 0x00000147 TPM2_CC_Certify Command = 0x00000148 TPM2_CC_PolicyNV Command = 0x00000149 TPM2_CC_CertifyCreation Command = 0x0000014a TPM2_CC_Duplicate Command = 0x0000014b TPM2_CC_GetTime Command = 0x0000014c TPM2_CC_GetSessionAuditDigest Command = 0x0000014d TPM2_CC_NV_Read Command = 0x0000014e TPM2_CC_NV_ReadLock Command = 0x0000014f TPM2_CC_ObjectChangeAuth Command = 0x00000150 TPM2_CC_PolicySecret Command = 0x00000151 TPM2_CC_Rewrap Command = 0x00000152 TPM2_CC_Create Command = 0x00000153 TPM2_CC_ECDH_ZGen Command = 0x00000154 TPM2_CC_HMAC Command = 0x00000155 TPM2_CC_Import Command = 0x00000156 TPM2_CC_Load Command = 0x00000157 TPM2_CC_Quote Command = 0x00000158 TPM2_CC_RSA_Decrypt Command = 0x00000159 TPM2_CC_HMAC_Start Command = 0x0000015b TPM2_CC_SequenceUpdate Command = 0x0000015c TPM2_CC_Sign Command = 0x0000015d TPM2_CC_Unseal Command = 0x0000015e TPM2_CC_PolicySigned Command = 0x00000160 TPM2_CC_ContextLoad Command = 0x00000161 TPM2_CC_ContextSave Command = 0x00000162 TPM2_CC_ECDH_KeyGen Command = 0x00000163 TPM2_CC_EncryptDecrypt Command = 0x00000164 TPM2_CC_FlushContext Command = 0x00000165 TPM2_CC_LoadExternal Command = 0x00000167 TPM2_CC_MakeCredential Command = 0x00000168 TPM2_CC_NV_ReadPublic Command = 0x00000169 TPM2_CC_PolicyAuthorize Command = 0x0000016a TPM2_CC_PolicyAuthValue Command = 0x0000016b TPM2_CC_PolicyCommandCode Command = 0x0000016c TPM2_CC_PolicyCounterTimer Command = 0x0000016d TPM2_CC_PolicyCpHash Command = 0x0000016e TPM2_CC_PolicyLocality Command = 0x0000016f TPM2_CC_PolicyNameHash Command = 0x00000170 TPM2_CC_PolicyOR Command = 0x00000171 TPM2_CC_PolicyTicket Command = 0x00000172 TPM2_CC_ReadPublic Command = 0x00000173 TPM2_CC_RSA_Encrypt Command = 0x00000174 TPM2_CC_StartAuthSession Command = 0x00000176 TPM2_CC_VerifySignature Command = 0x00000177 TPM2_CC_ECC_Parameters Command = 0x00000178 TPM2_CC_FirmwareRead Command = 0x00000179 TPM2_CC_GetCapability Command = 0x0000017a TPM2_CC_GetRandom Command = 0x0000017b TPM2_CC_GetTestResult Command = 0x0000017c TPM2_CC_Hash Command = 0x0000017d TPM2_CC_PCR_Read Command = 0x0000017e TPM2_CC_PolicyPCR Command = 0x0000017f TPM2_CC_PolicyRestart Command = 0x00000180 TPM2_CC_ReadClock Command = 0x00000181 TPM2_CC_PCR_Extend Command = 0x00000182 TPM2_CC_PCR_SetAuthValue Command = 0x00000183 TPM2_CC_NV_Certify Command = 0x00000184 TPM2_CC_EventSequenceComplete Command = 0x00000185 TPM2_CC_HashSequenceStart Command = 0x00000186 TPM2_CC_PolicyPhysicalPresence Command = 0x00000187 TPM2_CC_PolicyDuplicationSelect Command = 0x00000188 TPM2_CC_PolicyGetDigest Command = 0x00000189 TPM2_CC_TestParms Command = 0x0000018a TPM2_CC_Commit Command = 0x0000018b TPM2_CC_PolicyPassword Command = 0x0000018c TPM2_CC_ZGen_2Phase Command = 0x0000018d TPM2_CC_EC_Ephemeral Command = 0x0000018e TPM2_CC_PolicyNvWritten Command = 0x0000018f TPM2_CC_PolicyTemplate Command = 0x00000190 TPM2_CC_CreateLoaded Command = 0x00000191 TPM2_CC_PolicyAuthorizeNV Command = 0x00000192 TPM2_CC_EncryptDecrypt2 Command = 0x00000193 TPM2_CC_AC_GetCapability Command = 0x00000194 TPM2_CC_AC_Send Command = 0x00000195 TPM2_CC_Policy_AC_SendSelect Command = 0x00000196 TPM2_CC_LAST Command = 0x00000196 TPM2_CC_Vendor_TCG_Test Command = 0x20000000 )
Command constants.
func (Command) MarshalJSON ¶
MarshalJSON returns the JSON-encoding of a value.
func (*Command) UnmarshalJSON ¶
UnmarshalJSON parses a JSON-encoded value and stores the result in the object.
type ECCParams ¶
type ECCParams struct { Symmetric *SymScheme `json:"symmetric,omitempty"` Sign *SigScheme `json:"scheme,omitempty"` CurveID EllipticCurve `json:"elliptic_curve"` KDF *KDFScheme `json:"kdf,omitempty"` Point *ECPoint `json:"point,omitempty"` }
ECCParams represents parameters of an ECC key pair.
type EllipticCurve ¶
type EllipticCurve uint16
EllipticCurve is a TPM2_ECC_CURVE Constant.
const ( TPM2_ECC_NONE EllipticCurve = 0x0000 TPM2_ECC_NIST_P192 EllipticCurve = 0x0001 TPM2_ECC_NIST_P224 EllipticCurve = 0x0002 TPM2_ECC_NIST_P256 EllipticCurve = 0x0003 TPM2_ECC_NIST_P384 EllipticCurve = 0x0004 TPM2_ECC_NIST_P521 EllipticCurve = 0x0005 TPM2_ECC_BN_P256 EllipticCurve = 0x0010 TPM2_ECC_BN_P638 EllipticCurve = 0x0011 TPM2_ECC_SM2_P256 EllipticCurve = 0x0020 )
Elliptic curve constants.
func (EllipticCurve) MarshalJSON ¶
func (c EllipticCurve) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON-encoding of a value.
func (EllipticCurve) String ¶
func (c EllipticCurve) String() string
String returns a string representation of a value.
func (*EllipticCurve) UnmarshalJSON ¶
func (c *EllipticCurve) UnmarshalJSON(b []byte) error
UnmarshalJSON parses a JSON-encoded value and stores the result in the object.
type Handle ¶
type Handle uint32
Handle is a handle value.
const ( TPM2_RH_FIRST Handle = 0x40000000 TPM2_RH_SRK Handle = 0x40000000 TPM2_RH_OWNER Handle = 0x40000001 TPM2_RH_REVOKE Handle = 0x40000002 TPM2_RH_TRANSPORT Handle = 0x40000003 TPM2_RH_OPERATOR Handle = 0x40000004 TPM2_RH_ADMIN Handle = 0x40000005 TPM2_RH_EK Handle = 0x40000006 TPM2_RH_NULL Handle = 0x40000007 TPM2_RH_UNASSIGNED Handle = 0x40000008 TPM2_RS_PW Handle = 0x40000009 TPM2_RH_LOCKOUT Handle = 0x4000000A TPM2_RH_ENDORSEMENT Handle = 0x4000000B TPM2_RH_PLATFORM Handle = 0x4000000C TPM2_RH_PLATFORM_NV Handle = 0x4000000D TPM2_RH_AUTH_00 Handle = 0x40000010 TPM2_RH_AUTH_FF Handle = 0x4000010F TPM2_RH_LAST Handle = 0x4000010F )
Permanent handle constants.
func (Handle) HandleType ¶
func (h Handle) HandleType() HandleType
HandleType returns the type of a handle.
type HandleType ¶
type HandleType uint32
HandleType is a UINT8 TPM2_HT Constant.
const ( TPM2_HT_PCR HandleType = 0x00 TPM2_HT_NV_INDEX HandleType = 0x01 TPM2_HT_HMAC_SESSION HandleType = 0x02 TPM2_HT_LOADED_SESSION HandleType = 0x02 TPM2_HT_POLICY_SESSION HandleType = 0x03 TPM2_HT_SAVED_SESSION HandleType = 0x03 TPM2_HT_PERMANENT HandleType = 0x40 TPM2_HT_TRANSIENT HandleType = 0x80 TPM2_HT_PERSISTENT HandleType = 0x81 )
Handle type constants.
func (HandleType) First ¶
func (t HandleType) First() Handle
First returns the first possible handle value of the type.
func (HandleType) MarshalJSON ¶
func (t HandleType) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON-encoding of a value.
func (HandleType) String ¶
func (t HandleType) String() string
String returns a string representation of a value.
func (*HandleType) UnmarshalJSON ¶
func (t *HandleType) UnmarshalJSON(b []byte) error
UnmarshalJSON parses a JSON-encoded value and stores the result in the object.
type KeyedHashParams ¶
type KeyedHashParams struct { Alg Algorithm `json:"algorithm"` Hash Algorithm `json:"hash"` KDF Algorithm `json:"kdf"` }
KeyedHashParams represents parameters of a keyed hash TPM object.
func (KeyedHashParams) ToPublic ¶
func (p KeyedHashParams) ToPublic() *tpm2.KeyedHashParams
ToPublic converts to a corresponding tpm2 object.
type MSSimulator ¶
type MSSimulator struct {
// contains filtered or unexported fields
}
MSSimulator implements io.ReadWriteCloser and can be passed to the go-tpm package to interface with the Microsoft TPM 2.0 Simulator.
func NewMSSimulator ¶
func NewMSSimulator(conf string) (*MSSimulator, error)
NewMSSimulator initializes a connection to the Microsoft TPM 2.0 Simulator.
func (*MSSimulator) Close ¶
func (c *MSSimulator) Close() error
Close closes the connection with the Microsoft simulator.
type ObjectAttribute ¶
type ObjectAttribute uint32
ObjectAttribute is a UINT32 TPMA_OBJECT Bit Constant.
const ( TPMA_OBJECT_FIXEDTPM ObjectAttribute = 0x00000002 TPMA_OBJECT_STCLEAR ObjectAttribute = 0x00000004 TPMA_OBJECT_FIXEDPARENT ObjectAttribute = 0x00000010 TPMA_OBJECT_SENSITIVEDATAORIGIN ObjectAttribute = 0x00000020 TPMA_OBJECT_USERWITHAUTH ObjectAttribute = 0x00000040 TPMA_OBJECT_ADMINWITHPOLICY ObjectAttribute = 0x00000080 TPMA_OBJECT_NODA ObjectAttribute = 0x00000400 TPMA_OBJECT_ENCRYPTEDDUPLICATION ObjectAttribute = 0x00000800 TPMA_OBJECT_RESTRICTED ObjectAttribute = 0x00010000 TPMA_OBJECT_DECRYPT ObjectAttribute = 0x00020000 TPMA_OBJECT_SIGN_ENCRYPT ObjectAttribute = 0x00040000 )
Object attribute constants.
func (ObjectAttribute) MarshalJSON ¶
func (a ObjectAttribute) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON-encoding of a value.
func (ObjectAttribute) String ¶
func (a ObjectAttribute) String() string
String returns a string representation of a value.
func (*ObjectAttribute) UnmarshalJSON ¶
func (a *ObjectAttribute) UnmarshalJSON(b []byte) error
UnmarshalJSON parses a JSON-encoded value and stores the result in the object.
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey represents a signing private key in a TPM.
func (*PrivateKey) Public ¶
func (k *PrivateKey) Public() crypto.PublicKey
Public returns the public key corresponding to the opaque, private key.
func (*PrivateKey) Sign ¶
func (k *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Sign signs digest with the private key.
type PublicTemplate ¶
type PublicTemplate struct { Type Algorithm `json:"type"` NameAlg Algorithm `json:"name_alg"` Attributes []ObjectAttribute `json:"attributes,omitempty"` AuthPolicy []byte `json:"auth_policy,omitempty"` RSAParameters *RSAParams `json:"rsa,omitempty"` ECCParameters *ECCParams `json:"ecc,omitempty"` SymCipherParameters *SymCipherParams `json:"sym_cipher,omitempty"` KeyedHashParameters *KeyedHashParams `json:"keyed_hash,omitempty"` }
PublicTemplate marshals/unmarshals to/from the JSON-encoding of a tpm2.Public object.
func (PublicTemplate) ToPublic ¶
func (t PublicTemplate) ToPublic() tpm2.Public
ToPublic converts to a corresponding tpm2 object.
type RSAParams ¶
type RSAParams struct { Symmetric *SymScheme `json:"symmetric,omitempty"` Sign *SigScheme `json:"scheme,omitempty"` KeyBits uint16 `json:"key_bits"` Exponent uint32 `json:"exponent"` Modulus *big.Int `json:"modulus,omitempty"` }
RSAParams represents parameters of an RSA key pair.
type SigScheme ¶
type SigScheme struct { Alg Algorithm `json:"algorithm"` Hash Algorithm `json:"hash"` Count uint32 `json:"count"` }
SigScheme represents a signing scheme.
type SymCipherParams ¶
type SymCipherParams struct {
Symmetric *SymScheme `json:"symmetric,omitempty"`
}
SymCipherParams represents parameters of a symmetric cipher TPM object.
func (SymCipherParams) ToPublic ¶
func (p SymCipherParams) ToPublic() *tpm2.SymCipherParams
ToPublic converts to a corresponding tpm2 object.