Documentation
¶
Index ¶
- Variables
- func CloseTpm() error
- func GetAkQualifiedName() ([32]byte, error)
- func GetTpmInfo() (*attest.TPMInfo, error)
- func GetTpmMeasurement(t *Tpm, nonce []byte, pcrs []int) ([]attest.PCR, *attest.Quote, error)
- func IsTpmProvisioningRequired(paths *Paths) (bool, error)
- func OpenTpm() error
- type AcRequest
- type AcResponse
- type AkCertRequest
- type AkCertResponse
- type Config
- type Paths
- type Tpm
Constants ¶
This section is empty.
Variables ¶
var (
TPM *attest.TPM = nil
)
Functions ¶
func GetAkQualifiedName ¶
GetAkQualifiedName gets the Attestation Key Qualified Name which is the hash of the public area of the key concatenated with the qualified names of all parent keys. This name acts as the unique identifier for the AK TODO check calculation again
func GetTpmInfo ¶ added in v0.4.0
GetTpmInfo retrieves general TPM infos
func GetTpmMeasurement ¶
GetTpmMeasurement retrieves the specified PCRs as well as a Quote over the PCRs and returns the TPM quote as well as the single PCR values
func IsTpmProvisioningRequired ¶
IsTpmProvisioningRequired checks if the Storage Root Key (SRK) is persisted at 0x810000001 and the encrypted AK blob is present, which is used as an indicator that the TPM is provisioned and the AK can directly be loaded. This function uses the low-level go-tpm library directly as go-attestation does not provide such a functionality.
Types ¶
type AcRequest ¶
type AcRequest struct {
Version int
AkQualifiedName [32]byte
TpmInfo attest.TPMInfo
Ek attest.EK
AkParams attest.AttestationParameters
TLSKeyParams attest.CertificationParameters
}
AcRequest holds the data for an activate credential request for verifying that the AK and TLS Key were created on a genuine TPM with a valid EK
type AcResponse ¶
type AcResponse struct {
Version int
AkQualifiedName [32]byte
Ec attest.EncryptedCredential
}
AcResponse holds the activate credential challenge
type AkCertRequest ¶
type AkCertRequest struct {
Version int
AkQualifiedName [32]byte
Secret []byte
CertParams [][]byte
}
AkCertRequest holds the secret from the activate credential challenge as well as certificate parameters of the to be generated certificates (as the AK can only sign objects form within the TPM, a CSR is not possible)
type AkCertResponse ¶
type AkCertResponse struct {
Version int
AkQualifiedName [32]byte
AkCertChain ar.CertChain
TlsCertChain ar.CertChain
}
AkCertResponse holds the issued certificates including the certificate chain up to a Root CA
type Config ¶ added in v0.4.0
type Config struct {
StoragePath string
ServerAddr string
KeyConfig string
Metadata [][]byte
UseIma bool
ImaPcr int32
Serializer ar.Serializer
}
Config is the structure for handing over the configuration for a Tpm object
type Paths ¶
type Paths struct {
Ak string
TLSKey string
AkCert string
TLSCert string
Intermediates []string
Ca string
}
Paths specifies the paths to store the encrypted TPM key blobs and the certificates
type Tpm ¶
type Tpm struct {
Mu sync.Mutex
Pcrs []int
SigningCerts ar.CertChain
MeasuringCerts ar.CertChain
UseIma bool
ImaPcr int32
}
Tpm is a structure that implements the Measure method of the attestation report Measurer interface
func NewTpm ¶ added in v0.4.0
NewTpm creates a new TPM object, opens and initializes the TPM object, checks if provosioning is required and if so, provisions the TPM
func (*Tpm) GetCertChain ¶ added in v0.4.0
func (*Tpm) GetSigningKeys ¶ added in v0.4.0
GetSigningKeys returns the TLS private and public key as a generic crypto interface
Source Files