Documentation
¶
Index ¶
- func KDFa(hashAlg crypto.Hash, key, label, contextU, contextV []byte, sizeInBits int) []byte
- func KDFe(hashAlg crypto.Hash, z, label, partyUInfo, partyVInfo []byte, sizeInBits int) []byte
- func SecretDecrypt(priv crypto.PrivateKey, hashAlg crypto.Hash, label, secret []byte) (seed []byte, err error)
- func SecretEncrypt(rand io.Reader, public crypto.PublicKey, hashAlg crypto.Hash, label []byte) (secret []byte, seed []byte, err error)
- func SymmetricDecrypt(alg SymmetricAlgorithm, key, iv, data []byte) error
- func SymmetricEncrypt(alg SymmetricAlgorithm, key, iv, data []byte) error
- func XORObfuscation(hashAlg crypto.Hash, key []byte, contextU, contextV, data []byte)
- type SymmetricAlgorithm
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func KDFa ¶
KDFa performs key derivation using the counter mode described in SP800-108 and HMAC as the PRF.
This will panic if hashAlg is not available.
func KDFe ¶
KDFe performs key derivation using the "Concatenation Key Derivation Function (Approved Alternative 1) in the original version of SP800-56A.
This will panic if hashAlg is not available.
func SecretDecrypt ¶
func SecretDecrypt(priv crypto.PrivateKey, hashAlg crypto.Hash, label, secret []byte) (seed []byte, err error)
SecretDecrypt recovers a seed from the supplied secret structure using the supplied private key. It can be used to recover secrets created by the TPM, such as those created by the TPM2_Duplicate command.
If priv is a *rsa.PrivateKey, this will recover the seed by decrypting the supplied secret with RSA-OAEP.
If priv is a *ecdsa.PrivateKey, this uses ECDH to derive the seed using the supplied secret, which will contain a serialized ephemeral peer key.
The specified digest algorithm must match the name algorithm of the public area associated with the supplied private key.
This will panic if hashAlg is not available.
func SecretEncrypt ¶
func SecretEncrypt(rand io.Reader, public crypto.PublicKey, hashAlg crypto.Hash, label []byte) (secret []byte, seed []byte, err error)
SecretEncrypt establishes a seed and associated secret value using the supplied public key and digest algorithm. The corresponding private key can recover the seed from the returned secret value. This is useful for sharing secrets with the TPM via the TPM2_Import, TPM2_ActivateCredential and TPM2_StartAuthSession commands.
If public is a *rsa.PublicKey, this will generate a random seed and then RSA-OAEP encrypt it to create the secret.
If public is a *ecdsa.PublicKey, this uses ECDH to derive a seed value using an an ephemeral key. The secret contains the serialized form of the public part of the ephemeral key.
The supplied digest algorithm must match the name algorithm of the public area associated with the supplied public key.
This will panic if hashAlg is not available.
func SymmetricDecrypt ¶
func SymmetricDecrypt(alg SymmetricAlgorithm, key, iv, data []byte) error
SymmetricDecrypt performs in place symmetric decryption of the supplied data with the supplied cipher using CFB mode.
func SymmetricEncrypt ¶
func SymmetricEncrypt(alg SymmetricAlgorithm, key, iv, data []byte) error
SymmetricEncrypt performs in place symmetric encryption of the supplied data with the supplied cipher using CFB mode.
Source Files