tpm

package

v0.1.0 Latest Latest Go to latest Published: Jun 20, 2023 License: Apache-2.0 Imports: 16 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/veraison/parsec

Links

Open Source Insights

README ¶

Parsec TPM Key Attestation Format

The parsec/tpm package provides the following features:

Encode a Parsec TPM Evidence, containing a Key Attestation and Platform Attestation evidence and metadata to CBOR and JSON formats
Decode a CBOR and JSON formatted Parsec TPM Evidence
Verify the signature on the Key and Platform Attestation data using the supplied public key
Sign the input Key and/or Platform Attestation data using the supplied private key

Documentation ¶

Overview ¶

Index ¶

Constants
func NewTpmAttestDefault() tpm2.AttestationData
type Algorithm
type AttestationInfo
type CertInfo
type DigestInfo
type Evidence
type KAT
- func NewKAT() *KAT
type PAT
- func NewPAT() *PAT
type PCRDetails
type PCRInfo

Constants ¶

View Source

const (
	DefaultTPMHandle = tpmutil.Handle(100)
	TpmMagic         = 0xff544347
)

View Source

const (
	InValidAlgorithm = 0
	AlgorithmES256   = 1
	AlgorithmES384   = 2
	AlgorithmES512   = 3
)

View Source

const (
	UnSupportedAlg = 0
)

HashAlgID represents a IANA Supported Hash Algorithms

Variables ¶

This section is empty.

Functions ¶

func NewTpmAttestDefault ¶

func NewTpmAttestDefault() tpm2.AttestationData

Types ¶

type Algorithm ¶

type Algorithm uint16

type AttestationInfo ¶

type AttestationInfo struct {
	Nonce []byte
	PCR   PCRDetails
}

type CertInfo ¶

type CertInfo struct {
	Nonce []byte
	Name  DigestInfo
}

type DigestInfo ¶

type DigestInfo struct {
	HashAlgID uint64
	Digest    []byte
}

type Evidence ¶

type Evidence struct {
	Kat *KAT `cbor:"kat" json:"kat"`
	Pat *PAT `cbor:"pat" json:"pat"`
}

Evidence is a collection of Parsec TPM Key and Platform Attestation objects

func (*Evidence) FromCBOR ¶

func (e *Evidence) FromCBOR(buf []byte) error

FromCBOR extracts & validates key and platform attestation token from the serialized CBOR collection

func (*Evidence) FromJSON ¶

func (e *Evidence) FromJSON(data []byte) error

FromJSON extracts & validates key and platform attestation tokens from the serialized JSON bytes

func (*Evidence) SetTokens ¶

func (e *Evidence) SetTokens(k *KAT, p *PAT) error

func (Evidence) Sign ¶

func (e Evidence) Sign(data []byte, alg Algorithm, key crypto.PrivateKey) ([]byte, error)

Sign signs the given data using the supplied algorithm and private key and returns signature bytes which is an encoded TPMT_SIGNATURE Structure

func (Evidence) ToCBOR ¶

func (e Evidence) ToCBOR() ([]byte, error)

ToCBOR takes key and platform attestation tokens from Evidence and serializes them into valid a CBOR

func (Evidence) ToJSON ¶

func (e Evidence) ToJSON() ([]byte, error)

ToJSON takes key and platform attestation tokens from Evidence and serializes them into valid a JSON

func (Evidence) Verify ¶

func (e Evidence) Verify(key crypto.PublicKey) error

Verify verifies the signature on the individual KAT and PAT tokens

type KAT ¶

type KAT struct {
	TpmVer   *string `cbor:"tpmVer" json:"tpmVer"`
	KID      *[]byte `cbor:"kid" json:"kid"`
	Sig      *[]byte `cbor:"sig" json:"sig"`
	PubArea  *[]byte `cbor:"pubArea" json:"pubArea"`
	CertInfo *[]byte `cbor:"certInfo" json:"certInfo"`
}

func NewKAT ¶

func NewKAT() *KAT

func (KAT) DecodeCertInfo ¶

func (k KAT) DecodeCertInfo() (*CertInfo, error)

func (KAT) DecodePubArea ¶

func (k KAT) DecodePubArea() (crypto.PublicKey, error)

DecodePubArea decodes a given public key, from TPMT_PUBLIC structure

func (*KAT) EncodeCertInfo ¶

func (k *KAT) EncodeCertInfo(nonce []byte) error

func (*KAT) EncodePubArea ¶

func (k *KAT) EncodePubArea(alg Algorithm, key crypto.PublicKey) error

func (*KAT) SetKeyID ¶

func (k *KAT) SetKeyID(v []byte) error

func (*KAT) SetSig ¶

func (k *KAT) SetSig(s []byte) error

func (*KAT) SetTpmVer ¶

func (k *KAT) SetTpmVer(v string) error

func (KAT) Validate ¶

func (k KAT) Validate() error

func (KAT) Verify ¶

func (k KAT) Verify(key crypto.PublicKey) error

Verify verifies the signature on the given key attestation token using supplied Public Key

type PAT ¶

type PAT struct {
	TpmVer     *string `cbor:"tpmVer" json:"tpmVer"`
	KID        *[]byte `cbor:"kid" json:"kid"`
	Sig        *[]byte `cbor:"sig" json:"sig"` // This is TPMT_SIGNATURE
	AttestInfo *[]byte `cbor:"attestInfo" json:"attestInfo"`
}

PAT is a structure to wrap Platform Attestation Token

func NewPAT ¶

func NewPAT() *PAT

func (*PAT) EncodeAttestationInfo ¶

func (p *PAT) EncodeAttestationInfo(attInfo *AttestationInfo) error

func (PAT) GetAttestationInfo ¶

func (p PAT) GetAttestationInfo() (*AttestationInfo, error)

GetAttestationInfo only decodes relevant information from TPM2 library and sets in the returned structure correctly

func (*PAT) SetKeyID ¶

func (p *PAT) SetKeyID(v []byte) error

func (*PAT) SetSig ¶

func (p *PAT) SetSig(s []byte) error

func (*PAT) SetTpmVer ¶

func (p *PAT) SetTpmVer(v string) error

func (PAT) Validate ¶

func (p PAT) Validate() error

Validate checks the individual elements of Platform Token

func (PAT) Verify ¶

func (p PAT) Verify(key crypto.PublicKey) error

Verify Verifies the Signature on the given platform attestation token using supplied Public Key

type PCRDetails ¶

type PCRDetails struct {
	PCRinfo   PCRInfo
	PCRDigest []byte
}

type PCRInfo ¶

type PCRInfo struct {
	HashAlgID uint64
	PCRs      []int
}

PCRInfo contains a slice of PCR indexes and a hash algorithm used in them.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL