Documentation ¶
Index ¶
- Variables
- func CloseTpm() error
- func GetAkQualifiedName() ([32]byte, error)
- func GetTpmInfo() (*attest.TPMInfo, error)
- func GetTpmMeasurement(t *Tpm, nonce []byte, pcrs []int) ([]attest.PCR, *attest.Quote, error)
- func IsTpmProvisioningRequired(paths *Paths) (bool, error)
- func OpenTpm() error
- type AcRequest
- type AcResponse
- type AkCertRequest
- type AkCertResponse
- type Config
- type Paths
- type Tpm
Constants ¶
This section is empty.
Variables ¶
var (
TPM *attest.TPM = nil
)
Functions ¶
func GetAkQualifiedName ¶
GetAkQualifiedName gets the Attestation Key Qualified Name which is the hash of the public area of the key concatenated with the qualified names of all parent keys. This name acts as the unique identifier for the AK TODO check calculation again
func GetTpmInfo ¶ added in v0.4.0
GetTpmInfo retrieves general TPM infos
func GetTpmMeasurement ¶
GetTpmMeasurement retrieves the specified PCRs as well as a Quote over the PCRs and returns the TPM quote as well as the single PCR values
func IsTpmProvisioningRequired ¶
IsTpmProvisioningRequired checks if the Storage Root Key (SRK) is persisted at 0x810000001 and the encrypted AK blob is present, which is used as an indicator that the TPM is provisioned and the AK can directly be loaded. This function uses the low-level go-tpm library directly as go-attestation does not provide such a functionality.
Types ¶
type AcRequest ¶
type AcRequest struct { Version int AkQualifiedName [32]byte TpmInfo attest.TPMInfo Ek attest.EK AkParams attest.AttestationParameters TLSKeyParams attest.CertificationParameters }
AcRequest holds the data for an activate credential request for verifying that the AK and TLS Key were created on a genuine TPM with a valid EK
type AcResponse ¶
type AcResponse struct { Version int AkQualifiedName [32]byte Ec attest.EncryptedCredential }
AcResponse holds the activate credential challenge
type AkCertRequest ¶
type AkCertRequest struct { Version int AkQualifiedName [32]byte Secret []byte CertParams [][]byte }
AkCertRequest holds the secret from the activate credential challenge as well as certificate parameters of the to be generated certificates (as the AK can only sign objects form within the TPM, a CSR is not possible)
type AkCertResponse ¶
type AkCertResponse struct { Version int AkQualifiedName [32]byte AkCertChain ar.CertChain TlsCertChain ar.CertChain }
AkCertResponse holds the issued certificates including the certificate chain up to a Root CA
type Config ¶ added in v0.4.0
type Config struct { StoragePath string ServerAddr string KeyConfig string Metadata [][]byte UseIma bool ImaPcr int32 Serializer ar.Serializer }
Config is the structure for handing over the configuration for a Tpm object
type Paths ¶
type Paths struct { Ak string TLSKey string AkCert string TLSCert string Intermediates []string Ca string }
Paths specifies the paths to store the encrypted TPM key blobs and the certificates
type Tpm ¶
type Tpm struct { Mu sync.Mutex Pcrs []int SigningCerts ar.CertChain MeasuringCerts ar.CertChain UseIma bool ImaPcr int32 }
Tpm is a structure that implements the Measure method of the attestation report Measurer interface
func NewTpm ¶ added in v0.4.0
NewTpm creates a new TPM object, opens and initializes the TPM object, checks if provosioning is required and if so, provisions the TPM
func (*Tpm) GetCertChain ¶ added in v0.4.0
func (*Tpm) GetSigningKeys ¶ added in v0.4.0
GetSigningKeys returns the TLS private and public key as a generic crypto interface