tpmclient

package

v1.1.0 Latest Latest Go to latest Published: Feb 25, 2016 License: Apache-2.0, Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rkt/rkt

Documentation ¶

Index ¶

type TPMClient
- func New(host string, timeout time.Duration) *TPMClient

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type TPMClient ¶

type TPMClient struct {
	// contains filtered or unexported fields
}

TPMClient represents a connection to a system running a daemon providing access to TPM functionality

func New ¶

func New(host string, timeout time.Duration) *TPMClient

New returns a TPMClient structure configured to connect to the provided host with the provided timeout.

func (*TPMClient) Extend ¶

func (client *TPMClient) Extend(pcr int, eventtype int, data []byte, event string) error

Extend extends a TPM PCR with the provided data. If event is nil, data must be pre-hashed with SHA1 and will be used to extend the PCR directly. If event is not nil, data and event will be hashed to generate the extension value. Event will then be stored in the TPM event log.

func (*TPMClient) GenerateAIK ¶

func (client *TPMClient) GenerateAIK() (aikpub []byte, aikblob []byte, err error)

GenerateAIK requests that the TPM generate a new Attestation Identity Key. It returns an unencrypted copy of the public half of the AIK, along with a TSPI key blob encrypted by the TPM.

func (*TPMClient) GetEKCert ¶

func (client *TPMClient) GetEKCert() (ekcert []byte, err error)

GetEKCert obtains the Endorsement Key certificate from the client TPM. This is an X509 certificate containing the public half of the Endorsement Key and a signature chain chaining back to a vendor-issued signing certificate.

func (*TPMClient) GetQuote ¶

func (client *TPMClient) GetQuote(aikpub []byte, aikblob []byte, pcrs []int) (pcrvals [][]byte, log []tspi.Log, err error)

GetQuote obtains a PCR quote from the TPM. It takes the aikpub Tspi Key, the encrypted AIK blob and a list of PCRs as arguments. The response will contain an array of PCR values, an array of log entries and any error.

func (*TPMClient) ValidateAIK ¶

func (client *TPMClient) ValidateAIK(aikblob []byte, asymenc []byte, symenc []byte) (secret []byte, err error)

ValidateAIK challenges the TPM to validate an AIK by using the provided key blob to decrypt a secret encrypted with the public half of the AIK. This will only be possible if the TPM is able to decrypt the encrypted key blob. The AIK is used to decrypt asymenc, which then provides the AES key used to encrypt symenc. Decrypting symenc provides the original secret, which is then returned.

Source Files ¶

View all Source files

tpmclient.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL