Documentation ¶
Index ¶
- Constants
- Variables
- func KDFA(alg TPMIAlgHash, key, label, contextU, contextV []byte, lenBytes int) []byte
- func KDFe(alg TPMIAlgHash, zx, label, contextU, contextV []byte, lenBytes int) []byte
- func Marshal(w io.Writer, vs ...interface{}) error
- func PrimaryHandleName(h TPMHandle) []byte
- func Unmarshal(r io.Reader, vs ...interface{}) error
- type AuthHandle
- type AuthOption
- func AESEncryption(keySize TPMKeyBits, dir parameterEncryptionDirection) AuthOption
- func Audit() AuthOption
- func AuditExclusive() AuthOption
- func Auth(auth []byte) AuthOption
- func Bound(handle TPMIDHEntity, name TPM2BName, auth []byte) AuthOption
- func Password(auth []byte) AuthOption
- func Salted(handle TPMIDHObject, pub TPMTPublic) AuthOption
- type Command
- type CommandAudit
- type CreateCommand
- type CreatePrimaryCommand
- type CreatePrimaryResponse
- type CreateResponse
- type FlushContextCommand
- type FlushContextResponse
- type Fmt1Error
- type GetCapabilityCommand
- type GetCapabilityResponse
- type GetSessionAuditDigestCommand
- type GetSessionAuditDigestResponse
- type Interface
- type LoadCommand
- type LoadResponse
- type PCREventCommand
- type PCREventResponse
- type PCRExtendCommand
- type PCRExtendResponse
- type PCRReadCommand
- type PCRReadResponse
- type PolicyCallback
- type PolicySecretCommand
- type PolicySecretResponse
- type QuoteCommand
- type QuoteResponse
- type Response
- type Session
- func HMAC(hash TPMIAlgHash, nonceSize int, opts ...AuthOption) Session
- func HMACSession(tpm Interface, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error)
- func PasswordAuth(auth []byte) Session
- func Policy(hash TPMIAlgHash, nonceSize int, callback PolicyCallback, opts ...AuthOption) Session
- func PolicySession(tpm Interface, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error)
- type Simulator
- type StartAuthSessionCommand
- type StartAuthSessionResponse
- type TPM
- type TPM2BAttest
- type TPM2BAuth
- type TPM2BCreationData
- type TPM2BData
- type TPM2BDigest
- type TPM2BECCParameter
- type TPM2BEncryptedSecret
- type TPM2BEvent
- type TPM2BName
- type TPM2BNonce
- type TPM2BPrivate
- type TPM2BPublic
- type TPM2BPublicKeyRSA
- type TPM2BSensitiveCreate
- type TPM2BSensitiveData
- type TPM2BTimeout
- type TPMAACT
- type TPMAAlgorithm
- type TPMACC
- type TPMALocality
- type TPMAObject
- type TPMASession
- type TPMAlgID
- type TPMAlgorithmID
- type TPMAuthorizationSize
- type TPMCC
- type TPMCap
- type TPMCmdHeader
- type TPMECCCurve
- type TPMGenerated
- type TPMHandle
- type TPMIAlgECCScheme
- type TPMIAlgHash
- type TPMIAlgKDF
- type TPMIAlgKeyedHashScheme
- type TPMIAlgPublic
- type TPMIAlgRSAScheme
- type TPMIAlgSigScheme
- type TPMIAlgSym
- type TPMIAlgSymMode
- type TPMIAlgSymObject
- type TPMIDHContext
- type TPMIDHEntity
- type TPMIDHObject
- type TPMIECCCurve
- type TPMIRHHierarchy
- type TPMIRSAKeyBits
- type TPMISHAuthSession
- type TPMISHHMAC
- type TPMISHPolicy
- type TPMISTAttest
- type TPMISTCommandTag
- type TPMIYesNo
- type TPMKeyBits
- type TPMKeySize
- type TPMLACTData
- type TPMLAlg
- type TPMLAlgProperty
- type TPMLCC
- type TPMLCCA
- type TPMLDigest
- type TPMLDigestValues
- type TPMLECCCurve
- type TPMLHandle
- type TPMLPCRSelection
- type TPMLTaggedPCRProperty
- type TPMLTaggedPolicy
- type TPMLTaggedTPMProperty
- type TPMModifierIndicator
- type TPMPT
- type TPMPTPCR
- type TPMParameterSize
- type TPMRC
- type TPMRspHeader
- type TPMSACTData
- type TPMSAlgProperty
- type TPMSAttest
- type TPMSAuthCommand
- type TPMSAuthResponse
- type TPMSCapabilityData
- type TPMSCertifyInfo
- type TPMSClockInfo
- type TPMSCommandAuditInfo
- type TPMSCreationData
- type TPMSCreationInfo
- type TPMSE
- type TPMSECCParms
- type TPMSECCPoint
- type TPMSEmpty
- type TPMSEncSchemeOAEP
- type TPMSEncSchemeRSAES
- type TPMSKDFSchemeECDH
- type TPMSKDFSchemeKDF1SP800108
- type TPMSKDFSchemeKDF1SP80056A
- type TPMSKDFSchemeKDF2
- type TPMSKDFSchemeMGF1
- type TPMSKeySchemeECDH
- type TPMSKeyedHashParms
- type TPMSNVCertifyInfo
- type TPMSNVDigestCertifyInfo
- type TPMSPCRSelection
- type TPMSQuoteInfo
- type TPMSRSAParms
- type TPMSSchemeHMAC
- type TPMSSchemeHash
- type TPMSSchemeXOR
- type TPMSSensitiveCreate
- type TPMSSessionAuditInfo
- type TPMSSigSchemeECDSA
- type TPMSSigSchemeRSAPSS
- type TPMSSigSchemeRSASSA
- type TPMSSignatureECC
- type TPMSSignatureRSA
- type TPMSSymCipherParms
- type TPMST
- type TPMSTaggedPCRSelect
- type TPMSTaggedPolicy
- type TPMSTaggedProperty
- type TPMSTimeAttestInfo
- type TPMSTimeInfo
- type TPMTECCScheme
- type TPMTHA
- type TPMTKDFScheme
- type TPMTKeyedHashScheme
- type TPMTPublic
- type TPMTRSAScheme
- type TPMTSigScheme
- type TPMTSignature
- type TPMTSymDef
- type TPMTSymDefObject
- type TPMTTKAuth
- type TPMTTKCreation
- type TPMUAsymScheme
- type TPMUAttest
- type TPMUCapabilities
- type TPMUHA
- type TPMUKDFScheme
- type TPMUPublicID
- type TPMUPublicParms
- type TPMUSchemeKeyedHash
- type TPMUSigScheme
- type TPMUSignature
- type TPMUSymDetails
- type TPMUSymKeyBits
- type TPMUSymMode
- type Transport
- type UnsealCommand
- type UnsealResponse
Constants ¶
const ( EncryptIn parameterEncryptionDirection = 1 + iota EncryptOut EncryptInOut )
const (
CommandCodeCreate uint32 = 0x00000153
)
Variables ¶
var ( // RSASRKTemplate contains the TCG reference RSA-2048 SRK template. // https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf RSASRKTemplate = TPM2BPublic{ PublicArea: TPMTPublic{ Type: TPMAlgRSA, NameAlg: TPMAlgSHA256, ObjectAttributes: TPMAObject{ FixedTPM: true, STClear: false, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, AdminWithPolicy: false, NoDA: true, EncryptedDuplication: false, Restricted: true, Decrypt: true, SignEncrypt: false, }, Parameters: TPMUPublicParms{ RSADetail: &TPMSRSAParms{ Symmetric: TPMTSymDefObject{ Algorithm: TPMAlgAES, KeyBits: TPMUSymKeyBits{ AES: NewTPMKeyBits(128), }, Mode: TPMUSymMode{ AES: NewTPMAlgID(TPMAlgCFB), }, }, KeyBits: 2048, }, }, Unique: TPMUPublicID{ RSA: &TPM2BPublicKeyRSA{ Buffer: make([]byte, 256), }, }, }, } // RSAEKTemplate contains the TCG reference RSA-2048 EK template. RSAEKTemplate = TPM2BPublic{ PublicArea: TPMTPublic{ Type: TPMAlgRSA, NameAlg: TPMAlgSHA256, ObjectAttributes: TPMAObject{ FixedTPM: true, STClear: false, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: false, AdminWithPolicy: true, NoDA: false, EncryptedDuplication: false, Restricted: true, Decrypt: true, SignEncrypt: false, }, AuthPolicy: TPM2BDigest{ Buffer: []byte{ 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24, 0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA, }, }, Parameters: TPMUPublicParms{ RSADetail: &TPMSRSAParms{ Symmetric: TPMTSymDefObject{ Algorithm: TPMAlgAES, KeyBits: TPMUSymKeyBits{ AES: NewTPMKeyBits(128), }, Mode: TPMUSymMode{ AES: NewTPMAlgID(TPMAlgCFB), }, }, KeyBits: 2048, }, }, Unique: TPMUPublicID{ RSA: &TPM2BPublicKeyRSA{ Buffer: make([]byte, 256), }, }, }, } // ECCSRKTemplate contains the TCG reference ECC-P256 SRK template. // https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf ECCSRKTemplate = TPM2BPublic{ PublicArea: TPMTPublic{ Type: TPMAlgECC, NameAlg: TPMAlgSHA256, ObjectAttributes: TPMAObject{ FixedTPM: true, STClear: false, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, AdminWithPolicy: false, NoDA: true, EncryptedDuplication: false, Restricted: true, Decrypt: true, SignEncrypt: false, }, Parameters: TPMUPublicParms{ ECCDetail: &TPMSECCParms{ Symmetric: TPMTSymDefObject{ Algorithm: TPMAlgAES, KeyBits: TPMUSymKeyBits{ AES: NewTPMKeyBits(128), }, Mode: TPMUSymMode{ AES: NewTPMAlgID(TPMAlgCFB), }, }, CurveID: TPMECCNistP256, }, }, Unique: TPMUPublicID{ ECC: &TPMSECCPoint{ X: TPM2BECCParameter{ Buffer: make([]byte, 32), }, Y: TPM2BECCParameter{ Buffer: make([]byte, 32), }, }, }, }, } // ECCEKTemplate contains the TCG reference ECC-P256 EK template. ECCEKTemplate = TPM2BPublic{ PublicArea: TPMTPublic{ Type: TPMAlgECC, NameAlg: TPMAlgSHA256, ObjectAttributes: TPMAObject{ FixedTPM: true, STClear: false, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: false, AdminWithPolicy: true, NoDA: false, EncryptedDuplication: false, Restricted: true, Decrypt: true, SignEncrypt: false, }, AuthPolicy: TPM2BDigest{ Buffer: []byte{ 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24, 0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA, }, }, Parameters: TPMUPublicParms{ ECCDetail: &TPMSECCParms{ Symmetric: TPMTSymDefObject{ Algorithm: TPMAlgAES, KeyBits: TPMUSymKeyBits{ AES: NewTPMKeyBits(128), }, Mode: TPMUSymMode{ AES: NewTPMAlgID(TPMAlgCFB), }, }, CurveID: TPMECCNistP256, }, }, Unique: TPMUPublicID{ ECC: &TPMSECCPoint{ X: TPM2BECCParameter{ Buffer: make([]byte, 32), }, Y: TPM2BECCParameter{ Buffer: make([]byte, 32), }, }, }, }, } )
Functions ¶
func KDFA ¶
func KDFA(alg TPMIAlgHash, key, label, contextU, contextV []byte, lenBytes int) []byte
KDFA implements the SP800-108A-CTR KDF as decribed in Part 1, 11.4.10
func KDFe ¶
func KDFe(alg TPMIAlgHash, zx, label, contextU, contextV []byte, lenBytes int) []byte
KDFe implements the SP800-56A KDF as decribed in Part 1, 11.4.10.3
func Marshal ¶
Marshal will serialize the given values, appending them onto the given writer. Returns an error if any of the values are not marshallable.
func PrimaryHandleName ¶
Types ¶
type AuthHandle ¶
type AuthHandle struct { // The handle that is authorized. // If zero, treated as TPM_RH_NULL. Handle TPMIDHObject `tpmdirect:"nullable"` // The Name of the object expected at the given handle value. // If Name contains a nil buffer, the effective Name will be // the big-endian UINT32 representation of Handle, as in // Part 1, section 16 "Names" for PCRs, sessions, and // permanent values. Name TPM2BName `tpmdirect:"skip"` // The session used to authorize the object. // If the 'UserWithAuth' attribute is not set on the object, // must be a Policy session. // For ADMIN-role commands, if 'AdminWithPolicy' is set on // the object, must be a Policy session. // For DUP-role commands, must be a Policy session that // sets the policy command code to TPM_CC_DUPLICATE. // If nil, the effective Session will be a password session // with NULL authorization. Auth Session `tpmdirect:"skip"` }
Convenience type to wrap an authorized handle.
type AuthOption ¶
type AuthOption func(*sessionOptions)
AuthOption is an option for setting up an auth session variadically.
func AESEncryption ¶
func AESEncryption(keySize TPMKeyBits, dir parameterEncryptionDirection) AuthOption
AESEncryption uses the session to encrypt the first parameter sent to/from the TPM. Note that only commands whose first command/response parameter is a 2B can support session encryption.
func Audit ¶
func Audit() AuthOption
Audit uses the session to compute extra HMACs. An Audit session can be used with GetSessionAuditDigest to obtain attestation over a sequence of commands.
func AuditExclusive ¶
func AuditExclusive() AuthOption
AuditExclusive is like an audit session, but even more powerful. This allows an audit session to additionally indicate that no other auditable commands were executed other than the ones described by the audit hash.
func Auth ¶
func Auth(auth []byte) AuthOption
Auth uses the session to prove knowledge of the object's auth value.
func Bound ¶
func Bound(handle TPMIDHEntity, name TPM2BName, auth []byte) AuthOption
Auth specifies that this session's session key should depend on the auth value of the given object.
func Password ¶
func Password(auth []byte) AuthOption
Password is a policy-session-only option that specifies to provide the object's auth value in place of the authorization HMAC when authorizing. Deprecated: This is not recommended and is only provided for completeness; use Auth instead. For HMAC sessions, has the same effect as using Auth.
func Salted ¶
func Salted(handle TPMIDHObject, pub TPMTPublic) AuthOption
Salted specifies that this session's session key should depend on an encrypted seed value using the given public key. 'handle' must refer to a loaded RSA or ECC key.
type Command ¶
type Command interface { // The TPM command code associated with this command. Command() TPMCC }
Dummy interface for TPM command structures so that they can be easily distinguished from other types of structures.
type CommandAudit ¶
type CommandAudit struct {
// contains filtered or unexported fields
}
CommandAudit represents an audit session for attesting the execution of a series of commands in the TPM. It is useful for both command and session auditing.
func NewAudit ¶
func NewAudit(hash TPMIAlgHash) CommandAudit
NewAudit initializes a new CommandAudit with the specified hash algorithm.
func (*CommandAudit) Digest ¶
func (a *CommandAudit) Digest() []byte
Digest returns the current digest of the audit.
type CreateCommand ¶
type CreateCommand struct { // handle of parent for new object ParentHandle AuthHandle `tpmdirect:"handle,auth"` // the sensitive data InSensitive TPM2BSensitiveCreate // the public template InPublic TPM2BPublic // data that will be included in the creation data for this // object to provide permanent, verifiable linkage between this // object and some object owner data OutsideInfo TPM2BData // PCR that will be used in creation data CreationPCR TPMLPCRSelection }
12.1
func (*CreateCommand) Command ¶
func (_ *CreateCommand) Command() TPMCC
type CreatePrimaryCommand ¶
type CreatePrimaryCommand struct { // TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM+{PP}, // or TPM_RH_NULL PrimaryHandle AuthHandle `tpmdirect:"handle,auth"` // the sensitive data InSensitive TPM2BSensitiveCreate // the public template InPublic TPM2BPublic // data that will be included in the creation data for this // object to provide permanent, verifiable linkage between this // object and some object owner data OutsideInfo TPM2BData // PCR that will be used in creation data CreationPCR TPMLPCRSelection }
24.1
func (*CreatePrimaryCommand) Command ¶
func (_ *CreatePrimaryCommand) Command() TPMCC
type CreatePrimaryResponse ¶
type CreatePrimaryResponse struct { // handle of type TPM_HT_TRANSIENT for created Primary Object ObjectHandle TPMHandle `tpmdirect:"handle"` // the public portion of the created object OutPublic TPM2BPublic // contains a TPMS_CREATION_DATA CreationData TPM2BCreationData // digest of creationData using nameAlg of outPublic CreationHash TPM2BDigest // ticket used by TPM2_CertifyCreation() to validate that the // creation data was produced by the TPM CreationTicket TPMTTKCreation // the name of the created object Name TPM2BName }
func (*CreatePrimaryResponse) Response ¶
func (_ *CreatePrimaryResponse) Response() TPMCC
type CreateResponse ¶
type CreateResponse struct { // the private portion of the object OutPrivate TPM2BPrivate // the public portion of the created object OutPublic TPM2BPublic // contains a TPMS_CREATION_DATA CreationData TPM2BCreationData // digest of creationData using nameAlg of outPublic CreationHash TPM2BDigest // ticket used by TPM2_CertifyCreation() to validate that the // creation data was produced by the TPM CreationTicket TPMTTKCreation }
func (*CreateResponse) Response ¶
func (_ *CreateResponse) Response() TPMCC
type FlushContextCommand ¶
type FlushContextCommand struct { // the handle of the item to flush FlushHandle TPMIDHContext }
28.4
func (*FlushContextCommand) Command ¶
func (_ *FlushContextCommand) Command() TPMCC
type FlushContextResponse ¶
type FlushContextResponse struct { }
func (*FlushContextResponse) Response ¶
func (_ *FlushContextResponse) Response() TPMCC
type Fmt1Error ¶
type Fmt1Error struct {
// contains filtered or unexported fields
}
Fmt1Error represents a TPM 2.0 format-1 error, with additional information.
func (Fmt1Error) Handle ¶
Handle returns whether the error is handle-related and if so, which handle is in error.
type GetCapabilityCommand ¶
type GetCapabilityCommand struct { // group selection; determines the format of the response Capability TPMCap // further definition of information Property uint32 // number of properties of the indicated type to return PropertyCount uint32 }
30.2
func (*GetCapabilityCommand) Command ¶
func (_ *GetCapabilityCommand) Command() TPMCC
type GetCapabilityResponse ¶
type GetCapabilityResponse struct { // flag to indicate if there are more values of this type MoreData TPMIYesNo // the capability data CapabilityData TPMSCapabilityData }
func (*GetCapabilityResponse) Response ¶
func (_ *GetCapabilityResponse) Response() TPMCC
type GetSessionAuditDigestCommand ¶
type GetSessionAuditDigestCommand struct { // handle of the privacy administrator (TPM_RH_ENDORSEMENT) PrivacyAdminHandle AuthHandle `tpmdirect:"handle,auth"` // handle of the signing key SignHandle AuthHandle `tpmdirect:"handle,auth"` // handle of the audit session SessionHandle TPMISHHMAC `tpmdirect:"handle"` // user-provided qualifying data – may be zero-length QualifyingData TPM2BData // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL InScheme TPMTSigScheme }
18.5
func (*GetSessionAuditDigestCommand) Command ¶
func (_ *GetSessionAuditDigestCommand) Command() TPMCC
type GetSessionAuditDigestResponse ¶
type GetSessionAuditDigestResponse struct { // the audit information that was signed AuditInfo TPM2BAttest // the signature over auditInfo Signature TPMTSignature }
func (*GetSessionAuditDigestResponse) Response ¶
func (_ *GetSessionAuditDigestResponse) Response() TPMCC
type Interface ¶
type Interface interface { io.Closer // Dispatch serializes a request struct, sends it to the TPM, and then // deserializes the response struct. // sessions may be 0 to three Session objects. See the TPM // specification for what types of sessions are supported. // An error inside the TPM response stream is parsed at this layer. Execute(cmd Command, rsp Response, sess ...Session) error }
Interface represents a logical connection to a TPM.
type LoadCommand ¶
type LoadCommand struct { // handle of parent for new object ParentHandle AuthHandle `tpmdirect:"handle,auth"` // the private portion of the object InPrivate TPM2BPrivate // the public portion of the object InPublic TPM2BPublic }
12.2
func (*LoadCommand) Command ¶
func (_ *LoadCommand) Command() TPMCC
type LoadResponse ¶
type LoadResponse struct { // handle of type TPM_HT_TRANSIENT for loaded object ObjectHandle TPMHandle `tpmdirect:"handle"` // Name of the loaded object Name TPM2BName }
func (*LoadResponse) Response ¶
func (_ *LoadResponse) Response() TPMCC
type PCREventCommand ¶
type PCREventCommand struct { // Handle of the PCR PCRHandle AuthHandle `tpmdirect:"handle,auth"` // Event data in sized buffer EventData TPM2BEvent }
22.3
func (*PCREventCommand) Command ¶
func (_ *PCREventCommand) Command() TPMCC
type PCREventResponse ¶
type PCREventResponse struct { }
func (*PCREventResponse) Response ¶
func (_ *PCREventResponse) Response() TPMCC
type PCRExtendCommand ¶
type PCRExtendCommand struct { // handle of the PCR PCRHandle AuthHandle `tpmdirect:"handle,auth"` // list of tagged digest values to be extended Digests TPMLDigestValues }
22.2
func (*PCRExtendCommand) Command ¶
func (_ *PCRExtendCommand) Command() TPMCC
type PCRExtendResponse ¶
type PCRExtendResponse struct { }
func (*PCRExtendResponse) Response ¶
func (_ *PCRExtendResponse) Response() TPMCC
type PCRReadCommand ¶
type PCRReadCommand struct { // The selection of PCR to read PCRSelectionIn TPMLPCRSelection }
22.4
func (*PCRReadCommand) Command ¶
func (_ *PCRReadCommand) Command() TPMCC
type PCRReadResponse ¶
type PCRReadResponse struct { // the current value of the PCR update counter PCRUpdateCounter uint32 // the PCR in the returned list PCRSelectionOut TPMLPCRSelection // the contents of the PCR indicated in pcrSelectOut-> pcrSelection[] as tagged digests PCRValues TPMLDigest }
func (*PCRReadResponse) Response ¶
func (_ *PCRReadResponse) Response() TPMCC
type PolicyCallback ¶
type PolicyCallback = func(tpm Interface, handle TPMISHPolicy, nonceTPM TPM2BNonce) error
PolicyCallback represents an object's policy in the form of a function. This function makes zero or more TPM policy commands and returns error.
type PolicySecretCommand ¶
type PolicySecretCommand struct { // handle for an entity providing the authorization AuthHandle AuthHandle `tpmdirect:"handle,auth"` // handle for the policy session being extended PolicySession TPMISHPolicy `tpmdirect:"handle"` // the policy nonce for the session NonceTPM TPM2BNonce // digest of the command parameters to which this authorization is limited CPHashA TPM2BDigest // a reference to a policy relating to the authorization – may be the Empty Buffer PolicyRef TPM2BNonce // time when authorization will expire, measured in seconds from the time // that nonceTPM was generated Expiration int32 }
23.4
func (*PolicySecretCommand) Command ¶
func (_ *PolicySecretCommand) Command() TPMCC
type PolicySecretResponse ¶
type PolicySecretResponse struct { // implementation-specific time value used to indicate to the TPM when the ticket expires Timeout TPM2BTimeout // produced if the command succeeds and expiration in the command was non-zero PolicyTicket TPMTTKAuth }
func (*PolicySecretResponse) Response ¶
func (_ *PolicySecretResponse) Response() TPMCC
type QuoteCommand ¶
type QuoteCommand struct { // handle of key that will perform signature SignHandle AuthHandle `tpmdirect:"handle,auth"` // data supplied by the caller QualifyingData TPM2BData // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL InScheme TPMTSigScheme // PCR set to quote PCRSelect TPMLPCRSelection }
18.4
func (*QuoteCommand) Command ¶
func (_ *QuoteCommand) Command() TPMCC
type QuoteResponse ¶
type QuoteResponse struct { // the quoted information Quoted TPM2BAttest // the signature over quoted Signature TPMTSignature }
func (*QuoteResponse) Response ¶
func (_ *QuoteResponse) Response() TPMCC
type Response ¶
type Response interface { // The TPM command code associated with this response. Response() TPMCC }
Dummy interface for TPM response structures so that they can be easily distinguished from other types of structures. All implementations of this interface are pointers to structures, for settability. See https://go.dev/blog/laws-of-reflection
type Session ¶
type Session interface { // Initializes the session, if needed. Has no effect if not needed or // already done. Some types of sessions may need to be initialized // just-in-time, e.g., to support calling patterns that help the user // securely authorize their actions without writing a lot of code. Init(tpm Interface) error // Cleans up the session, if needed. // Some types of session need to be cleaned up if the command failed, // again to support calling patterns that help the user securely // authorize their actions without writing a lot of code. CleanupFailure(tpm Interface) error // The last nonceTPM for this session. NonceTPM() TPM2BNonce // Updates nonceCaller to a new random value. NewNonceCaller() error // Computes the authorization HMAC for the session. // If this is the first authorization session for a command, and // there is another session (or sessions) for parameter // decryption and/or encryption, then addNonces contains the // nonceTPMs from each of them, respectively (see Part 1, 19.6.5) Authorize(cc TPMCC, parms, addNonces []byte, names []TPM2BName, authIndex int) (*TPMSAuthCommand, error) // Validates the response for the session. // Updates NonceTPM for the session. Validate(rc TPMRC, cc TPMCC, parms []byte, names []TPM2BName, authIndex int, auth *TPMSAuthResponse) error // Returns true if this is an encryption session. IsEncryption() bool // Returns true if this is a decryption session. IsDecryption() bool // If this session is used for parameter decryption, encrypts the // parameter. Otherwise, does not modify the parameter. Encrypt(parameter []byte) error // If this session is used for parameter encryption, encrypts the // parameter. Otherwise, does not modify the parameter. Decrypt(parameter []byte) error // Returns the handle value of this session. Handle() TPMHandle }
Session represents a session in the TPM.
func HMAC ¶
func HMAC(hash TPMIAlgHash, nonceSize int, opts ...AuthOption) Session
HMAC sets up a just-in-time HMAC session that is used only once. A real session is created, but just in time and it is flushed when used.
func HMACSession ¶
func HMACSession(tpm Interface, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error)
HMACSession sets up a reusable HMAC session that needs to be closed.
func PasswordAuth ¶
PasswordAuth assembles a password pseudo-session with the given auth value.
func Policy ¶
func Policy(hash TPMIAlgHash, nonceSize int, callback PolicyCallback, opts ...AuthOption) Session
Policy sets up a just-in-time policy session that created each time it's needed. Each time the policy is created, the callback is invoked to authorize the session. A real session is created, but just in time, and it is flushed when used.
func PolicySession ¶
func PolicySession(tpm Interface, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error)
PolicySession opens a policy session that needs to be closed. The caller is responsible to call whichever policy commands they want in the session. Note that the TPM resets a policy session after it is successfully used.
type StartAuthSessionCommand ¶
type StartAuthSessionCommand struct { // handle of a loaded decrypt key used to encrypt salt // may be TPM_RH_NULL TPMKey TPMIDHObject `tpmdirect:"handle,nullable"` // entity providing the authValue // may be TPM_RH_NULL Bind TPMIDHEntity `tpmdirect:"handle,nullable"` // initial nonceCaller, sets nonceTPM size for the session // shall be at least 16 octets NonceCaller TPM2BNonce // value encrypted according to the type of tpmKey // If tpmKey is TPM_RH_NULL, this shall be the Empty Buffer. EncryptedSalt TPM2BEncryptedSecret // indicates the type of the session; simple HMAC or policy (including a trial policy) SessionType TPMSE // the algorithm and key size for parameter encryption // may select TPM_ALG_NULL Symmetric TPMTSymDef // hash algorithm to use for the session // Shall be a hash algorithm supported by the TPM and not TPM_ALG_NULL AuthHash TPMIAlgHash }
11.1
func (*StartAuthSessionCommand) Command ¶
func (_ *StartAuthSessionCommand) Command() TPMCC
type StartAuthSessionResponse ¶
type StartAuthSessionResponse struct { // handle for the newly created session SessionHandle TPMISHAuthSession `tpmdirect:"handle"` // the initial nonce from the TPM, used in the computation of the sessionKey NonceTPM TPM2BNonce }
func (*StartAuthSessionResponse) Response ¶
func (_ *StartAuthSessionResponse) Response() TPMCC
type TPM ¶
type TPM struct {
// contains filtered or unexported fields
}
TPM represents a logical connection to a TPM. Support for various commands is provided at runtime using reflection.
type TPM2BAttest ¶
type TPM2BAttest struct { // the signed structure AttestationData TPMSAttest `tpmdirect:"sized"` }
10.12.13 Note that in the spec, this is just a 2B_DATA with enough room for an S_ATTEST. For ergonomics, pretend that TPM2B_Attest wraps a TPMS_Attest just like other 2Bs.
type TPM2BCreationData ¶
type TPM2BCreationData struct {
CreationData TPMSCreationData `tpmdirect:"sized"`
}
15.2
type TPM2BData ¶
type TPM2BData struct { // size in octets of the buffer field; may be 0 Buffer []byte `tpmdirect:"sized"` }
10.4.3
type TPM2BName ¶
type TPM2BName TPM2BData
10.5.3 NOTE: This structure does not contain a TPMUName, because that union is not tagged with a selector. Instead, TPM2B_Name is flattened and all TPMDirect helpers that deal with names will deal with them as so.
type TPM2BPublic ¶
type TPM2BPublic struct { // the public area PublicArea TPMTPublic `tpmdirect:"sized"` }
12.2.5
type TPM2BSensitiveCreate ¶
type TPM2BSensitiveCreate struct { // data to be sealed or a symmetric key value. Sensitive TPMSSensitiveCreate `tpmdirect:"sized"` }
11.1.16
type TPMAACT ¶
type TPMAACT struct { // SET (1): The ACT has signaled // CLEAR (0): The ACT has not signaled Signaled bool `tpmdirect:"bit=0"` // SET (1): The ACT signaled bit is preserved over a power cycle // CLEAR (0): The ACT signaled bit is not preserved over a power cycle PreserveSignaled bool `tpmdirect:"bit=1"` // shall be zero Reserved uint32 `tpmdirect:"bit=31:2"` }
8.12
type TPMAAlgorithm ¶
type TPMAAlgorithm struct { // SET (1): an asymmetric algorithm with public and private portions // CLEAR (0): not an asymmetric algorithm Asymmetric bool `tpmdirect:"bit=0"` // SET (1): a symmetric block cipher // CLEAR (0): not a symmetric block cipher Symmetric bool `tpmdirect:"bit=1"` // SET (1): a hash algorithm // CLEAR (0): not a hash algorithm Hash bool `tpmdirect:"bit=2"` // SET (1): an algorithm that may be used as an object type // CLEAR (0): an algorithm that is not used as an object type Object bool `tpmdirect:"bit=3"` Reserved1 uint8 `tpmdirect:"bit=7:4"` // SET (1): a signing algorithm. The setting of asymmetric, // symmetric, and hash will indicate the type of signing algorithm. // CLEAR (0): not a signing algorithm Signing bool `tpmdirect:"bit=8"` // SET (1): an encryption/decryption algorithm. The setting of // asymmetric, symmetric, and hash will indicate the type of // encryption/decryption algorithm. // CLEAR (0): not an encryption/decryption algorithm Encrypting bool `tpmdirect:"bit=9"` // SET (1): a method such as a key derivative function (KDF) // CLEAR (0): not a method Method bool `tpmdirect:"bit=10"` Reserved2 uint32 `tpmdirect:"bit=31:11"` }
8.2
type TPMACC ¶
type TPMACC struct { // indicates the command being selected CommandIndex uint16 `tpmdirect:"bit=15:0"` // shall be zero Reserved1 uint16 `tpmdirect:"bit=21:16"` // SET (1): indicates that the command may write to NV // CLEAR (0): indicates that the command does not write to NV NV bool `tpmdirect:"bit=22"` // SET (1): This command could flush any number of loaded contexts. // CLEAR (0): no additional changes other than indicated by the flushed attribute Extensive bool `tpmdirect:"bit=23"` // SET (1): The context associated with any transient handle in the command will be flushed when this command completes. // CLEAR (0): No context is flushed as a side effect of this command. Flushed bool `tpmdirect="bit=24"` // indicates the number of the handles in the handle area for this command CHandles uint8 `tpmdirect="bit=27:25"` // SET (1): indicates the presence of the handle area in the response RHandle bool `tpmdirect="bit=28"` // SET (1): indicates that the command is vendor-specific // CLEAR (0): indicates that the command is defined in a version of this specification V bool `tpmdirect="bit=29"` // allocated for software; shall be zero Reserved2 uint8 `tpmdirect:"bit=31:30"` }
8.9
type TPMALocality ¶
type TPMALocality struct { TPMLocZero bool `tpmdirect:"bit=0"` TPMLocOne bool `tpmdirect:"bit=1"` TPMLocTwo bool `tpmdirect:"bit=2"` TPMLocThree bool `tpmdirect:"bit=3"` TPMLocFour bool `tpmdirect:"bit=4"` // If any of these bits is set, an extended locality is indicated Extended uint8 `tpmdirect:"bit=7:5"` }
8.5
type TPMAObject ¶
type TPMAObject struct { // shall be zero Reserved1 uint8 `tpmdirect:"bit=0"` // SET (1): The hierarchy of the object, as indicated by its // Qualified Name, may not change. // CLEAR (0): The hierarchy of the object may change as a result // of this object or an ancestor key being duplicated for use in // another hierarchy. FixedTPM bool `tpmdirect:"bit=1"` // SET (1): Previously saved contexts of this object may not be // loaded after Startup(CLEAR). // CLEAR (0): Saved contexts of this object may be used after a // Shutdown(STATE) and subsequent Startup(). STClear bool `tpmdirect:"bit=2"` // shall be zero Reserved2 uint8 `tpmdirect:"bit=3"` // SET (1): The parent of the object may not change. // CLEAR (0): The parent of the object may change as the result of // a TPM2_Duplicate() of the object. FixedParent bool `tpmdirect:"bit=4"` // SET (1): Indicates that, when the object was created with // TPM2_Create() or TPM2_CreatePrimary(), the TPM generated all of // the sensitive data other than the authValue. // CLEAR (0): A portion of the sensitive data, other than the // authValue, was provided by the caller. SensitiveDataOrigin bool `tpmdirect:"bit=5"` // SET (1): Approval of USER role actions with this object may be // with an HMAC session or with a password using the authValue of // the object or a policy session. // CLEAR (0): Approval of USER role actions with this object may // only be done with a policy session. UserWithAuth bool `tpmdirect:"bit=6"` // SET (1): Approval of ADMIN role actions with this object may // only be done with a policy session. // CLEAR (0): Approval of ADMIN role actions with this object may // be with an HMAC session or with a password using the authValue // of the object or a policy session. AdminWithPolicy bool `tpmdirect:"bit=7"` // shall be zero Reserved3 uint8 `tpmdirect:"bit=9:8"` // SET (1): The object is not subject to dictionary attack // protections. // CLEAR (0): The object is subject to dictionary attack // protections. NoDA bool `tpmdirect:"bit=10"` // SET (1): If the object is duplicated, then symmetricAlg shall // not be TPM_ALG_NULL and newParentHandle shall not be // TPM_RH_NULL. // CLEAR (0): The object may be duplicated without an inner // wrapper on the private portion of the object and the new parent // may be TPM_RH_NULL. EncryptedDuplication bool `tpmdirect:"bit=11"` // shall be zero Reserved4 uint8 `tpmdirect:"bit=15:12"` // SET (1): Key usage is restricted to manipulate structures of // known format; the parent of this key shall have restricted SET. // CLEAR (0): Key usage is not restricted to use on special // formats. Restricted bool `tpmdirect:"bit=16"` // SET (1): The private portion of the key may be used to decrypt. // CLEAR (0): The private portion of the key may not be used to // decrypt. Decrypt bool `tpmdirect:"bit=17"` // SET (1): For a symmetric cipher object, the private portion of // the key may be used to encrypt. For other objects, the private // portion of the key may be used to sign. // CLEAR (0): The private portion of the key may not be used to // sign or encrypt. SignEncrypt bool `tpmdirect:"bit=18"` // SET (1): An asymmetric key that may not be used to sign with // TPM2_Sign() CLEAR (0): A key that may be used with TPM2_Sign() // if sign is SET // NOTE: This attribute only has significance if sign is SET. X509Sign bool `tpmdirect:"bit=19"` // shall be zero Reserved5 uint16 `tpmdirect:"bit=31:20"` }
8.3.2
type TPMASession ¶
type TPMASession struct { // SET (1): In a command, this setting indicates that the session // is to remain active after successful completion of the command. // In a response, it indicates that the session is still active. // If SET in the command, this attribute shall be SET in the response. // CLEAR (0): In a command, this setting indicates that the TPM should // close the session and flush any related context when the command // completes successfully. In a response, it indicates that the // session is closed and the context is no longer active. // This attribute has no meaning for a password authorization and the // TPM will allow any setting of the attribute in the command and SET // the attribute in the response. ContinueSession bool `tpmdirect:"bit=0"` // SET (1): In a command, this setting indicates that the command // should only be executed if the session is exclusive at the start of // the command. In a response, it indicates that the session is // exclusive. This setting is only allowed if the audit attribute is // SET (TPM_RC_ATTRIBUTES). // CLEAR (0): In a command, indicates that the session need not be // exclusive at the start of the command. In a response, indicates that // the session is not exclusive. AuditExclusive bool `tpmdirect:"bit=1"` // SET (1): In a command, this setting indicates that the audit digest // of the session should be initialized and the exclusive status of the // session SET. This setting is only allowed if the audit attribute is // SET (TPM_RC_ATTRIBUTES). // CLEAR (0): In a command, indicates that the audit digest should not // be initialized. This bit is always CLEAR in a response. AuditReset bool `tpmdirect:"bit=2"` // shall be CLEAR Reserved1 bool `tpmdirect:"bit=3"` // shall be CLEAR Reserved2 bool `tpmdirect:"bit=4"` // SET (1): In a command, this setting indicates that the first // parameter in the command is symmetrically encrypted using the // parameter encryption scheme described in TPM 2.0 Part 1. The TPM will // decrypt the parameter after performing any HMAC computations and // before unmarshaling the parameter. In a response, the attribute is // copied from the request but has no effect on the response. // CLEAR (0): Session not used for encryption. // For a password authorization, this attribute will be CLEAR in both the // command and response. Decrypt bool `tpmdirect:"bit=5"` // SET (1): In a command, this setting indicates that the TPM should use // this session to encrypt the first parameter in the response. In a // response, it indicates that the attribute was set in the command and // that the TPM used the session to encrypt the first parameter in the // response using the parameter encryption scheme described in TPM 2.0 // Part 1. // CLEAR (0): Session not used for encryption. // For a password authorization, this attribute will be CLEAR in both the // command and response. Encrypt bool `tpmdirect:"bit=6"` // SET (1): In a command or response, this setting indicates that the // session is for audit and that auditExclusive and auditReset have // meaning. This session may also be used for authorization, encryption, // or decryption. The encrypted and encrypt fields may be SET or CLEAR. // CLEAR (0): Session is not used for audit. // If SET in the command, then this attribute will be SET in the response. Audit bool `tpmdirect:"bit=7"` }
8.4
type TPMAlgID ¶
type TPMAlgID uint16
6.3
const ( TPMAlgRSA TPMAlgID = 0x0001 TPMAlgTDES TPMAlgID = 0x0003 TPMAlgSHA TPMAlgID = 0x0004 TPMAlgSHA1 = TPMAlgSHA TPMAlgHMAC TPMAlgID = 0x0005 TPMAlgAES TPMAlgID = 0x0006 TPMAlgMGF1 TPMAlgID = 0x0007 TPMAlgKeyedHash TPMAlgID = 0x0008 TPMAlgXOR TPMAlgID = 0x000A TPMAlgSHA256 TPMAlgID = 0x000B TPMAlgSHA384 TPMAlgID = 0x000C TPMAlgSHA512 TPMAlgID = 0x000D TPMAlgNull TPMAlgID = 0x0010 TPMAlgSM3256 TPMAlgID = 0x0012 TPMAlgSM4 TPMAlgID = 0x0013 TPMAlgRSASSA TPMAlgID = 0x0014 TPMAlgRSAES TPMAlgID = 0x0015 TPMAlgRSAPSS TPMAlgID = 0x0016 TPMAlgOAEP TPMAlgID = 0x0017 TPMAlgECDSA TPMAlgID = 0x0018 TPMAlgECDH TPMAlgID = 0x0019 TPMAlgECDAA TPMAlgID = 0x001A TPMAlgSM2 TPMAlgID = 0x001B TPMAlgECSchnorr TPMAlgID = 0x001C TPMAlgECMQV TPMAlgID = 0x001D TPMAlgKDF1SP80056A TPMAlgID = 0x0020 TPMAlgKDF2 TPMAlgID = 0x0021 TPMAlgKDF1SP800108 TPMAlgID = 0x0022 TPMAlgECC TPMAlgID = 0x0023 TPMAlgSymCipher TPMAlgID = 0x0025 TPMAlgCamellia TPMAlgID = 0x0026 TPMAlgSHA3256 TPMAlgID = 0x0027 TPMAlgSHA3384 TPMAlgID = 0x0028 TPMAlgSHA3512 TPMAlgID = 0x0029 TPMAlgCTR TPMAlgID = 0x0040 TPMAlgOFB TPMAlgID = 0x0041 TPMAlgCBC TPMAlgID = 0x0042 TPMAlgCFB TPMAlgID = 0x0043 TPMAlgECB TPMAlgID = 0x0044 )
6.3
func NewTPMAlgID ¶
type TPMAuthorizationSize ¶
type TPMAuthorizationSize uint32
the authorizationSize parameter in a command
type TPMCC ¶
type TPMCC uint32
6.5.2
const ( TPMCCNVUndefineSpaceSpecial TPMCC = 0x0000011F TPMCCEvictControl TPMCC = 0x00000120 TPMCCHierarchyControl TPMCC = 0x00000121 TPMCCNVUndefineSpace TPMCC = 0x00000122 TPMCCChangeEPS TPMCC = 0x00000124 TPMCCChangePPS TPMCC = 0x00000125 TPMCCClear TPMCC = 0x00000126 TPMCCClearControl TPMCC = 0x00000127 TPMCCClockSet TPMCC = 0x00000128 TPMCCHierarchyChanegAuth TPMCC = 0x00000129 TPMCCNVDefineSpace TPMCC = 0x0000012A TPMCCPCRAllocate TPMCC = 0x0000012B TPMCCPCRSetAuthPolicy TPMCC = 0x0000012C TPMCCPPCommands TPMCC = 0x0000012D TPMCCSetPrimaryPolicy TPMCC = 0x0000012E TPMCCFieldUpgradeStart TPMCC = 0x0000012F TPMCCClockRateAdjust TPMCC = 0x00000130 TPMCCCreatePrimary TPMCC = 0x00000131 TPMCCNVGlobalWriteLock TPMCC = 0x00000132 TPMCCGetCommandAuditDigest TPMCC = 0x00000133 TPMCCNVIncrement TPMCC = 0x00000134 TPMCCNVSetBits TPMCC = 0x00000135 TPMCCNVExtend TPMCC = 0x00000136 TPMCCNVWrite TPMCC = 0x00000137 TPMCCNVWriteLock TPMCC = 0x00000138 TPMCCDictionaryAttackLockReset TPMCC = 0x00000139 TPMCCDictionaryAttackParameters TPMCC = 0x0000013A TPMCCNVChangeAuth TPMCC = 0x0000013B TPMCCPCREvent TPMCC = 0x0000013C TPMCCPCRReset TPMCC = 0x0000013D TPMCCSequenceComplete TPMCC = 0x0000013E TPMCCSetAlgorithmSet TPMCC = 0x0000013F TPMCCSetCommandCodeAuditStatus TPMCC = 0x00000140 TPMCCFieldUpgradeData TPMCC = 0x00000141 TPMCCIncrementalSelfTest TPMCC = 0x00000142 TPMCCSelfTest TPMCC = 0x00000143 TPMCCStartup TPMCC = 0x00000144 TPMCCShutdown TPMCC = 0x00000145 TPMCCStirRandom TPMCC = 0x00000146 TPMCCActivateCredential TPMCC = 0x00000147 TPMCCCertify TPMCC = 0x00000148 TPMCCPolicyNV TPMCC = 0x00000149 TPMCCCertifyCreation TPMCC = 0x0000014A TPMCCDuplicate TPMCC = 0x0000014B TPMCCGetTime TPMCC = 0x0000014C TPMCCGetSessionAuditDigest TPMCC = 0x0000014D TPMCCNVRead TPMCC = 0x0000014E TPMCCNVReadLock TPMCC = 0x0000014F TPMCCObjectChangeAuth TPMCC = 0x00000150 TPMCCPolicySecret TPMCC = 0x00000151 TPMCCRewrap TPMCC = 0x00000152 TPMCCCreate TPMCC = 0x00000153 TPMCCECDHZGen TPMCC = 0x00000154 TPMCCHMAC TPMCC = 0x00000155 TPMCCMAC TPMCC = TPMCCHMAC TPMCCImport TPMCC = 0x00000156 TPMCCLoad TPMCC = 0x00000157 TPMCCQuote TPMCC = 0x00000158 TPMCCRSADecrypt TPMCC = 0x00000159 TPMCCHMACStart TPMCC = 0x0000015B TPMCCMACStart TPMCC = TPMCCHMACStart TPMCCSequenceUpdate TPMCC = 0x0000015C TPMCCSign TPMCC = 0x0000015D TPMCCUnseal TPMCC = 0x0000015E TPMCCPolicySigned TPMCC = 0x00000160 TPMCCContextLoad TPMCC = 0x00000161 TPMCCContextSave TPMCC = 0x00000162 TPMCCECDHKeyGen TPMCC = 0x00000163 TPMCCEncryptDecrypt TPMCC = 0x00000164 TPMCCFlushContext TPMCC = 0x00000165 TPMCCLoadExternal TPMCC = 0x00000167 TPMCCMakeCredential TPMCC = 0x00000168 TPMCCNVReadPublic TPMCC = 0x00000169 TPMCCPolicyAuthorize TPMCC = 0x0000016A TPMCCPolicyAuthValue TPMCC = 0x0000016B TPMCCPolicyCommandCode TPMCC = 0x0000016C TPMCCPolicyCounterTimer TPMCC = 0x0000016D TPMCCPolicyCpHash TPMCC = 0x0000016E TPMCCPolicyLocality TPMCC = 0x0000016F TPMCCPolicyNameHash TPMCC = 0x00000170 TPMCCPolicyOR TPMCC = 0x00000171 TPMCCPolicyTicket TPMCC = 0x00000172 TPMCCReadPublic TPMCC = 0x00000173 TPMCCRSAEncrypt TPMCC = 0x00000174 TPMCCStartAuthSession TPMCC = 0x00000176 TPMCCVerifySignature TPMCC = 0x00000177 TPMCCECCParameters TPMCC = 0x00000178 TPMCCFirmwareRead TPMCC = 0x00000179 TPMCCGetCapability TPMCC = 0x0000017A TPMCCGetRandom TPMCC = 0x0000017B TPMCCGetTestResult TPMCC = 0x0000017C TPMCCHash TPMCC = 0x0000017D TPMCCPCRRead TPMCC = 0x0000017E TPMCCPolicyPCR TPMCC = 0x0000017F TPMCCPolicyRestart TPMCC = 0x00000180 TPMCCReadClock TPMCC = 0x00000181 TPMCCPCRExtend TPMCC = 0x00000182 TPMCCPCRSetAuthValue TPMCC = 0x00000183 TPMCCNVCertify TPMCC = 0x00000184 TPMCCEventSequenceComplete TPMCC = 0x00000185 TPMCCHashSequenceStart TPMCC = 0x00000186 TPMCCPolicyPhysicalPresence TPMCC = 0x00000187 TPMCCPolicyDuplicationSelect TPMCC = 0x00000188 TPMCCPolicyGetDigest TPMCC = 0x00000189 TPMCCTestParams TPMCC = 0x0000018A TPMCCCommit TPMCC = 0x0000018B TPMCCPolicyPassword TPMCC = 0x0000018C TPMCCZGen2Phase TPMCC = 0x0000018D TPMCCECEphemeral TPMCC = 0x0000018E TPMCCPolicyNvWritten TPMCC = 0x0000018F TPMCCPolicyTemplate TPMCC = 0x00000190 TPMCCCreateLoaded TPMCC = 0x00000191 TPMCCPolicyAuthorizeNV TPMCC = 0x00000192 TPMCCEncryptDecrypt2 TPMCC = 0x00000193 TPMCCACGetCapability TPMCC = 0x00000194 TPMCCACSend TPMCC = 0x00000195 TPMCCPolicyACSendSelect TPMCC = 0x00000196 TPMCCCertifyX509 TPMCC = 0x00000197 TPMCCACTSetTimeout TPMCC = 0x00000198 )
6.5.2
type TPMCap ¶
type TPMCap uint32
6.12
const ( TPMCapAlgs TPMCap = 0x00000000 TPMCapHandles TPMCap = 0x00000001 TPMCapCommands TPMCap = 0x00000002 TPMCapPPCommands TPMCap = 0x00000003 TPMCapAuditCommands TPMCap = 0x00000004 TPMCapPCRs TPMCap = 0x00000005 TPMCapTPMProperties TPMCap = 0x00000006 TPMCapPCRProperties TPMCap = 0x00000007 TPMCapECCCurves TPMCap = 0x00000008 TPMCapAuthPolicies TPMCap = 0x00000009 TPMCapACT TPMCap = 0x0000000A )
6.12
type TPMCmdHeader ¶
type TPMCmdHeader struct { Tag TPMISTCommandTag Length uint32 CommandCode TPMCC }
Part 1 structures that aren't defined in Part 2
type TPMECCCurve ¶
type TPMECCCurve uint16
6.4
const ( TPMECCNone TPMECCCurve = 0x0000 TPMECCNistP192 TPMECCCurve = 0x0001 TPMECCNistP224 TPMECCCurve = 0x0002 TPMECCNistP256 TPMECCCurve = 0x0003 TPMECCNistP384 TPMECCCurve = 0x0004 TPMECCNistP521 TPMECCCurve = 0x0005 TPMECCBNP256 TPMECCCurve = 0x0010 TPMECCBNP638 TPMECCCurve = 0x0011 TPMECCSM2P256 TPMECCCurve = 0x0020 )
6.4
type TPMGenerated ¶
type TPMGenerated uint32
6.2
const (
TPMGeneratedValue TPMGenerated = 0xff544347
)
6.2
func (TPMGenerated) Check ¶
func (g TPMGenerated) Check() error
type TPMIAlgHash ¶
type TPMIAlgHash = TPMAlgID
9.27
func (TPMIAlgHash) Hash ¶
func (a TPMIAlgHash) Hash() hash.Hash
Enumerate the algorithms in TPMIAlgHash so that we can define functions on them.
type TPMIYesNo ¶
type TPMIYesNo = bool
9.2 Use native bool for TPMI_YES_NO; encoding/binary already treats this as 8 bits wide.
type TPMKeyBits ¶
type TPMKeyBits uint16
a key size in bits
func NewTPMKeyBits ¶
func NewTPMKeyBits(v TPMKeyBits) *TPMKeyBits
type TPMLAlgProperty ¶
type TPMLAlgProperty struct {
AlgProperties []TPMSAlgProperty `tpmdirect:"list"`
}
10.9.8
type TPMLDigest ¶
type TPMLDigest struct { // a list of digests Digests []TPM2BDigest `tpmdirect:"list"` }
10.9.5
type TPMLDigestValues ¶
type TPMLDigestValues struct { // a list of tagged digests Digests []TPMTHA `tpmdirect:"list"` }
10.9.6
type TPMLPCRSelection ¶
type TPMLPCRSelection struct {
PCRSelections []TPMSPCRSelection `tpmdirect:"list"`
}
10.9.7
type TPMLTaggedPCRProperty ¶
type TPMLTaggedPCRProperty struct {
PCRProperty []TPMSTaggedPCRSelect `tpmdirect:"list"`
}
10.9.10
type TPMLTaggedPolicy ¶
type TPMLTaggedPolicy struct {
Policies []TPMSTaggedPolicy `tpmdirect:"list"`
}
10.9.12
type TPMLTaggedTPMProperty ¶
type TPMLTaggedTPMProperty struct {
TPMProperty []TPMSTaggedProperty `tpmdirect:"list"`
}
10.9.9
type TPMModifierIndicator ¶
type TPMModifierIndicator uint32
type TPMPT ¶
type TPMPT uint32
6.13
const ( // a 4-octet character string containing the TPM Family value (TPM_SPEC_FAMILY) TPMPTFamilyIndicator TPMPT = 0x00000100 // the level of the specification TPMPTLevel TPMPT = 0x00000101 // the specification Revision times 100 TPMPTRevision TPMPT = 0x00000102 // the specification day of year using TCG calendar TPMPTDayofYear TPMPT = 0x00000103 // the specification year using the CE TPMPTYear TPMPT = 0x00000104 // the vendor ID unique to each TPM manufacturer TPMPTManufacturer TPMPT = 0x00000105 // the first four characters of the vendor ID string TPMPTVendorString1 TPMPT = 0x00000106 // the second four characters of the vendor ID string TPMPTVendorString2 TPMPT = 0x00000107 // the third four characters of the vendor ID string TPMPTVendorString3 TPMPT = 0x00000108 // the fourth four characters of the vendor ID sting TPMPTVendorString4 TPMPT = 0x00000109 // vendor-defined value indicating the TPM model TPMPTVendorTPMType TPMPT = 0x0000010A // the most-significant 32 bits of a TPM vendor-specific value // indicating the version number of the firmware. TPMPTFirmwareVersion1 TPMPT = 0x0000010B // the least-significant 32 bits of a TPM vendor-specific value // indicating the version number of the firmware. TPMPTFirmwareVersion2 TPMPT = 0x0000010C // the maximum size of a parameter TPM2B_MAX_BUFFER) TPMPTInputBuffer TPMPT = 0x0000010D // the minimum number of transient objects that can be held in TPM RAM TPMPTHRTransientMin TPMPT = 0x0000010E // the minimum number of persistent objects that can be held in TPM NV memory TPMPTHRPersistentMin TPMPT = 0x0000010F // the minimum number of authorization sessions that can be held in TPM RAM TPMPTHRLoadedMin TPMPT = 0x00000110 // the number of authorization sessions that may be active at a time TPMPTActiveSessionsMax TPMPT = 0x00000111 // the number of PCR implemented TPMPTPCRCount TPMPT = 0x00000112 // the minimum number of octets in a TPMS_PCR_SELECT.sizeOfSelect TPMPTPCRSelectMin TPMPT = 0x00000113 // the maximum allowed difference (unsigned) between the contextID values of two saved session contexts TPMPTContextGapMax TPMPT = 0x00000114 // the maximum number of NV Indexes that are allowed to have the TPM_NT_COUNTER attribute TPMPTNVCountersMax TPMPT = 0x00000116 // the maximum size of an NV Index data area TPMPTNVIndexMax TPMPT = 0x00000117 // a TPMA_MEMORY indicating the memory management method for the TPM TPMPTMemory TPMPT = 0x00000118 // interval, in milliseconds, between updates to the copy of TPMS_CLOCK_INFO.clock in NV TPMPTClockUpdate TPMPT = 0x00000119 // the algorithm used for the integrity HMAC on saved contexts and for hashing the fuData of TPM2_FirmwareRead() TPMPTContextHash TPMPT = 0x0000011A // TPM_ALG_ID, the algorithm used for encryption of saved contexts TPMPTContextSym TPMPT = 0x0000011B // TPM_KEY_BITS, the size of the key used for encryption of saved contexts TPMPTContextSymSize TPMPT = 0x0000011C // the modulus - 1 of the count for NV update of an orderly counter TPMPTOrderlyCount TPMPT = 0x0000011D // the maximum value for commandSize in a command TPMPTMaxCommandSize TPMPT = 0x0000011E // the maximum value for responseSize in a response TPMPTMaxResponseSize TPMPT = 0x0000011F // the maximum size of a digest that can be produced by the TPM TPMPTMaxDigest TPMPT = 0x00000120 // the maximum size of an object context that will be returned by TPM2_ContextSave TPMPTMaxObjectContext TPMPT = 0x00000121 // the maximum size of a session context that will be returned by TPM2_ContextSave TPMPTMaxSessionContext TPMPT = 0x00000122 // platform-specific family (a TPM_PS value)(see Table 25) TPMPTPSFamilyIndicator TPMPT = 0x00000123 // the level of the platform-specific specification TPMPTPSLevel TPMPT = 0x00000124 // a platform specific value TPMPTPSRevision TPMPT = 0x00000125 // the platform-specific TPM specification day of year using TCG calendar TPMPTPSDayOfYear TPMPT = 0x00000126 // the platform-specific TPM specification year using the CE TPMPTPSYear TPMPT = 0x00000127 // the number of split signing operations supported by the TPM TPMPTSplitMax TPMPT = 0x00000128 // total number of commands implemented in the TPM TPMPTTotalCommands TPMPT = 0x00000129 // number of commands from the TPM library that are implemented TPMPTLibraryCommands TPMPT = 0x0000012A // number of vendor commands that are implemented TPMPTVendorCommands TPMPT = 0x0000012B // the maximum data size in one NV write, NV read, NV extend, or NV certify command TPMPTNVBufferMax TPMPT = 0x0000012C // a TPMA_MODES value, indicating that the TPM is designed for these modes. TPMPTModes TPMPT = 0x0000012D // the maximum size of a TPMS_CAPABILITY_DATA structure returned in TPM2_GetCapability(). TPMPTMaxCapBuffer TPMPT = 0x0000012E // TPMA_PERMANENT TPMPTPermanent TPMPT = 0x00000200 // TPMA_STARTUP_CLEAR TPMPTStartupClear TPMPT = 0x00000201 // the number of NV Indexes currently defined TPMPTHRNVIndex TPMPT = 0x00000202 // the number of authorization sessions currently loaded into TPM RAM TPMPTHRLoaded TPMPT = 0x00000203 // the number of additional authorization sessions, of any type, that could be loaded into TPM RAM TPMPTHRLoadedAvail TPMPT = 0x00000204 // the number of active authorization sessions currently being tracked by the TPM TPMPTHRActive TPMPT = 0x00000205 // the number of additional authorization sessions, of any type, that could be created TPMPTHRActiveAvail TPMPT = 0x00000206 // estimate of the number of additional transient objects that could be loaded into TPM RAM TPMPTHRTransientAvail TPMPT = 0x00000207 // the number of persistent objects currently loaded into TPM NV memory TPMPTHRPersistent TPMPT = 0x00000208 // the number of additional persistent objects that could be loaded into NV memory TPMPTHRPersistentAvail TPMPT = 0x00000209 // the number of defined NV Indexes that have NV the TPM_NT_COUNTER attribute TPMPTNVCounters TPMPT = 0x0000020A // the number of additional NV Indexes that can be defined with their TPM_NT of TPM_NV_COUNTER and the TPMA_NV_ORDERLY attribute SET TPMPTNVCountersAvail TPMPT = 0x0000020B // code that limits the algorithms that may be used with the TPM TPMPTAlgorithmSet TPMPT = 0x0000020C // the number of loaded ECC curves TPMPTLoadedCurves TPMPT = 0x0000020D // the current value of the lockout counter (failedTries) TPMPTLockoutCounter TPMPT = 0x0000020E // the number of authorization failures before DA lockout is invoked TPMPTMaxAuthFail TPMPT = 0x0000020F // the number of seconds before the value reported by TPM_PT_LOCKOUT_COUNTER is decremented TPMPTLockoutInterval TPMPT = 0x00000210 // the number of seconds after a lockoutAuth failure before use of lockoutAuth may be attempted again TPMPTLockoutRecovery TPMPT = 0x00000211 // number of milliseconds before the TPM will accept another command that will modify NV TPMPTNVWriteRecovery TPMPT = 0x00000212 // the high-order 32 bits of the command audit counter TPMPTAuditCounter0 TPMPT = 0x00000213 // the low-order 32 bits of the command audit counter TPMPTAuditCounter1 TPMPT = 0x00000214 )
6.13
type TPMPTPCR ¶
type TPMPTPCR uint32
6.14
const ( // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is saved and restored by TPM_SU_STATE TPMPTPCRSave TPMPTPCR = 0x00000000 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 0 TPMPTPCRExtendL0 TPMPTPCR = 0x00000001 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 0 TPMPTPCRResetL0 TPMPTPCR = 0x00000002 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 1 TPMPTPCRExtendL1 TPMPTPCR = 0x00000003 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 1 TPMPTPCRResetL1 TPMPTPCR = 0x00000004 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 2 TPMPTPCRExtendL2 TPMPTPCR = 0x00000005 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 2 TPMPTPCRResetL2 TPMPTPCR = 0x00000006 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 3 TPMPTPCRExtendL3 TPMPTPCR = 0x00000007 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 3 TPMPTPCRResetL3 TPMPTPCR = 0x00000008 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 4 TPMPTPCRExtendL4 TPMPTPCR = 0x00000009 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 4 TPMPTPCRResetL4 TPMPTPCR = 0x0000000A // a SET bit in the TPMS_PCR_SELECT indicates that modifications to this PCR (reset or Extend) will not increment the pcrUpdateCounter TPMPTPCRNoIncrement TPMPTPCR = 0x00000011 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is reset by a D-RTM event TPMPTPCRDRTMRest TPMPTPCR = 0x00000012 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled by policy TPMPTPCRPolicy TPMPTPCR = 0x00000013 // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled by an authorization value TPMPTPCRAuth TPMPTPCR = 0x00000014 )
6.14
type TPMRC ¶
type TPMRC uint32
6.6
const ( TPMRCSuccess TPMRC = 0x00000000 // FMT0 error codes TPMRCInitialize TPMRC = rcVer1 + 0x000 TPMRCFailure TPMRC = rcVer1 + 0x001 TPMRCSequence TPMRC = rcVer1 + 0x003 TPMRCPrivate TPMRC = rcVer1 + 0x00B TPMRCHMAC TPMRC = rcVer1 + 0x019 TPMRCDisabled TPMRC = rcVer1 + 0x020 TPMRCExclusive TPMRC = rcVer1 + 0x021 TPMRCAuthType TPMRC = rcVer1 + 0x024 TPMRCAuthMissing TPMRC = rcVer1 + 0x025 TPMRCPolicy TPMRC = rcVer1 + 0x026 TPMRCPCR TPMRC = rcVer1 + 0x027 TPMRCPCRChanged TPMRC = rcVer1 + 0x028 TPMRCUpgrade TPMRC = rcVer1 + 0x02D TPMRCTooManyContexts TPMRC = rcVer1 + 0x02E TPMRCReboot TPMRC = rcVer1 + 0x030 TPMRCUnbalanced TPMRC = rcVer1 + 0x031 TPMRCCommandSize TPMRC = rcVer1 + 0x042 TPMRCCommandCode TPMRC = rcVer1 + 0x043 TPMRCAuthSize TPMRC = rcVer1 + 0x044 TPMRCAuthContext TPMRC = rcVer1 + 0x045 TPMRCNVRange TPMRC = rcVer1 + 0x046 TPMRCNVSize TPMRC = rcVer1 + 0x047 TPMRCNVLocked TPMRC = rcVer1 + 0x048 TPMRCNVAuthorization TPMRC = rcVer1 + 0x049 TPMRCNVUninitialized TPMRC = rcVer1 + 0x04A TPMRCNVSpace TPMRC = rcVer1 + 0x04B TPMRCNVDefined TPMRC = rcVer1 + 0x04C TPMRCBadContext TPMRC = rcVer1 + 0x050 TPMRCCPHash TPMRC = rcVer1 + 0x051 TPMRCParent TPMRC = rcVer1 + 0x052 TPMRCNeedsTest TPMRC = rcVer1 + 0x053 TPMRCNoResult TPMRC = rcVer1 + 0x054 TPMRCSensitive TPMRC = rcVer1 + 0x055 // FMT1 error codes TPMRCAsymmetric TPMRC = rcFmt1 + 0x001 TPMRCAttributes TPMRC = rcFmt1 + 0x002 TPMRCHash TPMRC = rcFmt1 + 0x003 TPMRCValue TPMRC = rcFmt1 + 0x004 TPMRCHierarchy TPMRC = rcFmt1 + 0x005 TPMRCKeySize TPMRC = rcFmt1 + 0x007 TPMRCMGF TPMRC = rcFmt1 + 0x008 TPMRCMode TPMRC = rcFmt1 + 0x009 TPMRCType TPMRC = rcFmt1 + 0x00A TPMRCHandle TPMRC = rcFmt1 + 0x00B TPMRCKDF TPMRC = rcFmt1 + 0x00C TPMRCRange TPMRC = rcFmt1 + 0x00D TPMRCAuthFail TPMRC = rcFmt1 + 0x00E TPMRCNonce TPMRC = rcFmt1 + 0x00F TPMRCPP TPMRC = rcFmt1 + 0x010 TPMRCScheme TPMRC = rcFmt1 + 0x012 TPMRCSize TPMRC = rcFmt1 + 0x015 TPMRCSymmetric TPMRC = rcFmt1 + 0x016 TPMRCTag TPMRC = rcFmt1 + 0x017 TPMRCSelector TPMRC = rcFmt1 + 0x018 TPMRCInsufficient TPMRC = rcFmt1 + 0x01A TPMRCSignature TPMRC = rcFmt1 + 0x01B TPMRCKey TPMRC = rcFmt1 + 0x01C TPMRCPolicyFail TPMRC = rcFmt1 + 0x01D TPMRCIntegrity TPMRC = rcFmt1 + 0x01F TPMRCTicket TPMRC = rcFmt1 + 0x020 TPMRCReservedBits TPMRC = rcFmt1 + 0x021 TPMRCBadAuth TPMRC = rcFmt1 + 0x022 TPMRCExpired TPMRC = rcFmt1 + 0x023 TPMRCPolicyCC TPMRC = rcFmt1 + 0x024 TPMRCBinding TPMRC = rcFmt1 + 0x025 TPMRCCurve TPMRC = rcFmt1 + 0x026 TPMRCECCPoint TPMRC = rcFmt1 + 0x027 TPMRCContextGap TPMRC = rcWarn + 0x001 TPMRCObjectMemory TPMRC = rcWarn + 0x002 TPMRCSessionMemory TPMRC = rcWarn + 0x003 TPMRCMemory TPMRC = rcWarn + 0x004 TPMRCSessionHandles TPMRC = rcWarn + 0x005 TPMRCObjectHandles TPMRC = rcWarn + 0x006 TPMRCLocality TPMRC = rcWarn + 0x007 TPMRCYielded TPMRC = rcWarn + 0x008 TPMRCCanceled TPMRC = rcWarn + 0x009 TPMRCTesting TPMRC = rcWarn + 0x00A TPMRCReferenceH0 TPMRC = rcWarn + 0x010 TPMRCReferenceH1 TPMRC = rcWarn + 0x011 TPMRCReferenceH2 TPMRC = rcWarn + 0x012 TPMRCReferenceH3 TPMRC = rcWarn + 0x013 TPMRCReferenceH4 TPMRC = rcWarn + 0x014 TPMRCReferenceH5 TPMRC = rcWarn + 0x015 TPMRCReferenceH6 TPMRC = rcWarn + 0x016 TPMRCReferenceS0 TPMRC = rcWarn + 0x018 TPMRCReferenceS1 TPMRC = rcWarn + 0x019 TPMRCReferenceS2 TPMRC = rcWarn + 0x01A TPMRCReferenceS3 TPMRC = rcWarn + 0x01B TPMRCReferenceS4 TPMRC = rcWarn + 0x01C TPMRCReferenceS5 TPMRC = rcWarn + 0x01D TPMRCReferenceS6 TPMRC = rcWarn + 0x01E TPMRCNVRate TPMRC = rcWarn + 0x020 TPMRCLockout TPMRC = rcWarn + 0x021 TPMRCRetry TPMRC = rcWarn + 0x022 )
6.6.3
func (TPMRC) As ¶
As returns whether the error can be assigned to the given interface type. If supported, it updates the value pointed at by target. Supports the Fmt1Error type.
func (TPMRC) Error ¶
Error produces a nice human-readable representation of the error, parsing TPM FMT1 errors as needed.
type TPMRspHeader ¶
type TPMRspHeader struct { Tag TPMISTCommandTag Length uint32 ResponseCode TPMRC }
type TPMSACTData ¶
type TPMSACTData struct { // a permanent handle Handle TPMHandle // the current timeout of the ACT Timeout uint32 // the state of the ACT Attributes TPMAACT }
10.8.5
type TPMSAlgProperty ¶
type TPMSAlgProperty struct { // an algorithm identifier Alg TPMAlgID // the attributes of the algorithm AlgProperties TPMAAlgorithm }
10.8.1
type TPMSAttest ¶
type TPMSAttest struct { // the indication that this structure was created by a TPM (always TPM_GENERATED_VALUE) Magic TPMGenerated `tpmdirect:"check"` // type of the attestation structure Type TPMISTAttest // Qualified Name of the signing key QualifiedSigner TPM2BName // external information supplied by caller ExtraData TPM2BData // Clock, resetCount, restartCount, and Safe ClockInfo TPMSClockInfo // TPM-vendor-specific value identifying the version number of the firmware FirmwareVersion uint64 // the type-specific attestation information Attested TPMUAttest `tpmdirect:"tag=Type"` }
10.12.12
type TPMSAuthCommand ¶
type TPMSAuthCommand struct { Handle TPMISHAuthSession Nonce TPM2BNonce Attributes TPMASession Authorization TPM2BData }
10.13.2
type TPMSAuthResponse ¶
type TPMSAuthResponse struct { Nonce TPM2BNonce Attributes TPMASession Authorization TPM2BData }
10.13.3
type TPMSCapabilityData ¶
type TPMSCapabilityData struct { // the capability Capability TPMCap // the capability data Data TPMUCapabilities `tpmdirect:"tag=Capability"` }
10.10.2
type TPMSCertifyInfo ¶
type TPMSCertifyInfo struct { // Name of the certified object Name TPM2BName // Qualified Name of the certified object QualifiedName TPM2BName }
10.12.3
type TPMSClockInfo ¶
type TPMSClockInfo struct { // time value in milliseconds that advances while the TPM is powered Clock uint64 // number of occurrences of TPM Reset since the last TPM2_Clear() ResetCount uint32 // number of times that TPM2_Shutdown() or _TPM_Hash_Start have // occurred since the last TPM Reset or TPM2_Clear(). RestartCount uint32 // no value of Clock greater than the current value of Clock has been // previously reported by the TPM. Set to YES on TPM2_Clear(). Safe TPMIYesNo }
10.11.1
type TPMSCommandAuditInfo ¶
type TPMSCommandAuditInfo struct { // the monotonic audit counter AuditCounter uint64 // hash algorithm used for the command audit DigestAlg TPMAlgID // the current value of the audit digest AuditDigest TPM2BDigest // digest of the command codes being audited using digestAlg CommandDigest TPM2BDigest }
10.12.5
type TPMSCreationData ¶
type TPMSCreationData struct { // list indicating the PCR included in pcrDigest PCRSelect TPMLPCRSelection // digest of the selected PCR using nameAlg of the object for which // this structure is being created PCRDigest TPM2BDigest // the locality at which the object was created Locality TPMALocality // nameAlg of the parent ParentNameAlg TPMAlgID // Name of the parent at time of creation ParentName TPM2BName // Qualified Name of the parent at the time of creation ParentQualifiedName TPM2BName // association with additional information added by the key OutsideInfo TPM2BData }
15.1
type TPMSCreationInfo ¶
type TPMSCreationInfo struct { // Name of the object ObjectName TPM2BName // creationHash CreationHash TPM2BDigest }
10.12.7
type TPMSECCParms ¶
type TPMSECCParms struct { // for a restricted decryption key, shall be set to a supported // symmetric algorithm, key size. and mode. // if the key is not a restricted decryption key, this field shall // be set to TPM_ALG_NULL. Symmetric TPMTSymDefObject // If the sign attribute of the key is SET, then this shall be a // valid signing scheme. Scheme TPMTECCScheme // ECC curve ID CurveID TPMIECCCurve // an optional key derivation scheme for generating a symmetric key // from a Z value // If the kdf parameter associated with curveID is not TPM_ALG_NULL // then this is required to be NULL. KDF TPMTKDFScheme }
12.2.3.6
type TPMSECCPoint ¶
type TPMSECCPoint struct { // X coordinate X TPM2BECCParameter // Y coordinate Y TPM2BECCParameter }
11.2.5.2
type TPMSEncSchemeOAEP ¶
type TPMSEncSchemeOAEP TPMSSchemeHash
type TPMSKDFSchemeECDH ¶
type TPMSKDFSchemeECDH TPMSSchemeHash
type TPMSKDFSchemeKDF1SP800108 ¶
type TPMSKDFSchemeKDF1SP800108 TPMSSchemeHash
type TPMSKDFSchemeKDF1SP80056A ¶
type TPMSKDFSchemeKDF1SP80056A TPMSSchemeHash
type TPMSKDFSchemeKDF2 ¶
type TPMSKDFSchemeKDF2 TPMSSchemeHash
type TPMSKeyedHashParms ¶
type TPMSKeyedHashParms struct { // Indicates the signing method used for a keyedHash signing // object. This field also determines the size of the data field // for a data object created with TPM2_Create() or // TPM2_CreatePrimary(). Scheme TPMTKeyedHashScheme }
12.2.3.3
type TPMSNVCertifyInfo ¶
type TPMSNVCertifyInfo struct { // Name of the NV Index IndexName TPM2BName // the offset parameter of TPM2_NV_Certify() Offset uint16 // contents of the NV Index NVContents TPM2BData }
10.12.8
type TPMSNVDigestCertifyInfo ¶
type TPMSNVDigestCertifyInfo struct { // Name of the NV Index IndexName TPM2BName // hash of the contents of the index NVDigest TPM2BDigest }
10.12.9
type TPMSPCRSelection ¶
type TPMSPCRSelection struct { Hash TPMIAlgHash PCRSelect []byte `tpmdirect:"sized8"` }
10.6.2
type TPMSQuoteInfo ¶
type TPMSQuoteInfo struct { // information on algID, PCR selected and digest PCRSelect TPMLPCRSelection // digest of the selected PCR using the hash of the signing key PCRDigest TPM2BDigest }
10.12.4
type TPMSRSAParms ¶
type TPMSRSAParms struct { // for a restricted decryption key, shall be set to a supported // symmetric algorithm, key size, and mode. // if the key is not a restricted decryption key, this field shall // be set to TPM_ALG_NULL. Symmetric TPMTSymDefObject // scheme.scheme shall be: // for an unrestricted signing key, either TPM_ALG_RSAPSS // TPM_ALG_RSASSA or TPM_ALG_NULL // for a restricted signing key, either TPM_ALG_RSAPSS or // TPM_ALG_RSASSA // for an unrestricted decryption key, TPM_ALG_RSAES, TPM_ALG_OAEP, // or TPM_ALG_NULL unless the object also has the sign attribute // for a restricted decryption key, TPM_ALG_NULL Scheme TPMTRSAScheme // number of bits in the public modulus KeyBits TPMIRSAKeyBits // the public exponent // A prime number greater than 2. Exponent uint32 }
12.2.3.5
type TPMSSchemeHash ¶
type TPMSSchemeHash struct { // the hash algorithm used to digest the message HashAlg TPMIAlgHash }
11.1.17
type TPMSSchemeXOR ¶
type TPMSSchemeXOR struct { // the hash algorithm used to digest the message HashAlg TPMIAlgHash // the key derivation function KDF TPMIAlgKDF }
11.1.21
type TPMSSensitiveCreate ¶
type TPMSSensitiveCreate struct { // the USER auth secret value. UserAuth TPM2BAuth // data to be sealed, a key, or derivation values. Data TPM2BData }
11.1.15
type TPMSSessionAuditInfo ¶
type TPMSSessionAuditInfo struct { // current exclusive status of the session ExclusiveSession TPMIYesNo // the current value of the session audit digest SessionDigest TPM2BDigest }
10.12.6
type TPMSSigSchemeRSAPSS ¶
type TPMSSigSchemeRSAPSS TPMSSchemeHash
type TPMSSignatureECC ¶
type TPMSSignatureECC struct { // the hash algorithm used in the signature process Hash TPMIAlgHash SignatureR TPM2BECCParameter SignatureS TPM2BECCParameter }
11.3.2
type TPMSSignatureRSA ¶
type TPMSSignatureRSA struct { // the hash algorithm used to digest the message Hash TPMIAlgHash // The signature is the size of a public key. Sig TPM2BPublicKeyRSA }
11.3.1
type TPMSSymCipherParms ¶
type TPMSSymCipherParms struct { // a symmetric block cipher Sym TPMTSymDefObject }
11.1.9
type TPMST ¶
type TPMST uint16
6.9
const ( TPMSTRspCommand TPMST = 0x00C4 TPMSTNull TPMST = 0x8000 TPMSTNoSessions TPMST = 0x8001 TPMSTSessions TPMST = 0x8002 TPMSTAttestNV TPMST = 0x8014 TPMSTAttestCommandAudit TPMST = 0x8015 TPMSTAttestSessionAudit TPMST = 0x8016 TPMSTAttestCertify TPMST = 0x8017 TPMSTAttestQuote TPMST = 0x8018 TPMSTAttestTime TPMST = 0x8019 TPMSTAttestCreation TPMST = 0x801A TPMSTAttestNVDigest TPMST = 0x801C TPMSTCreation TPMST = 0x8021 TPMSTVerified TPMST = 0x8022 TPMSTAuthSecret TPMST = 0x8023 TPMSTHashCheck TPMST = 0x8024 TPMSTAuthSigned TPMST = 0x8025 TPMSTFuManifest TPMST = 0x8029 )
6.9
type TPMSTaggedPCRSelect ¶
type TPMSTaggedPCRSelect struct { // the property identifier Tag TPMPTPCR // the bit map of PCR with the identified property PCRSelect []byte `tpmdirect:"sized8"` }
10.8.3
type TPMSTaggedPolicy ¶
type TPMSTaggedPolicy struct { // a permanent handle Handle TPMHandle // the policy algorithm and hash PolicyHash TPMTHA }
10.8.4
type TPMSTaggedProperty ¶
type TPMSTaggedProperty struct { // a property identifier Property TPMPT // the value of the property Value uint32 }
10.8.2
type TPMSTimeAttestInfo ¶
type TPMSTimeAttestInfo struct { // the Time, Clock, resetCount, restartCount, and Safe indicator Time TPMSTimeInfo // a TPM vendor-specific value indicating the version number of the firmware FirmwareVersion uint64 }
10.12.2
type TPMSTimeInfo ¶
type TPMSTimeInfo struct { // time in milliseconds since the TIme circuit was last reset Time uint64 // a structure containing the clock information ClockInfo TPMSClockInfo }
10.11.6
type TPMTECCScheme ¶
type TPMTECCScheme struct { // scheme selector Scheme TPMIAlgECCScheme `tpmdirect:"nullable"` // scheme parameters Details TPMUAsymScheme `tpmdirect:"tag=Scheme"` }
11.2.5.6
type TPMTHA ¶
type TPMTHA struct { // selector of the hash contained in the digest that implies the size of the digest HashAlg TPMIAlgHash `tpmdirect:"nullable"` // the digest data Digest TPMUHA `tpmdirect:"tag=HashAlg"` }
10.3.2
type TPMTKDFScheme ¶
type TPMTKDFScheme struct { // scheme selector Scheme TPMIAlgKDF `tpmdirect:"nullable"` // scheme parameters Details TPMUKDFScheme `tpmdirect:"tag=Scheme"` }
11.2.3.3
type TPMTKeyedHashScheme ¶
type TPMTKeyedHashScheme struct { Scheme TPMIAlgKeyedHashScheme `tpmdirect:"nullable"` Details TPMUSchemeKeyedHash `tpmdirect:"tag=Scheme"` }
11.1.23
type TPMTPublic ¶
type TPMTPublic struct { // “algorithm” associated with this object Type TPMIAlgPublic // algorithm used for computing the Name of the object NameAlg TPMIAlgHash // attributes that, along with type, determine the manipulations // of this object ObjectAttributes TPMAObject // optional policy for using this key // The policy is computed using the nameAlg of the object. AuthPolicy TPM2BDigest // the algorithm or structure details Parameters TPMUPublicParms `tpmdirect:"tag=Type"` // the unique identifier of the structure // For an asymmetric key, this would be the public key. Unique TPMUPublicID `tpmdirect:"tag=Type"` }
12.2.4
type TPMTRSAScheme ¶
type TPMTRSAScheme struct { // scheme selector Scheme TPMIAlgRSAScheme `tpmdirect:"nullable"` // scheme parameters Details TPMUAsymScheme `tpmdirect:"tag=Scheme"` }
11.2.4.2
type TPMTSigScheme ¶
type TPMTSigScheme struct { Scheme TPMIAlgSigScheme `tpmdirect:"nullable"` Details TPMUSigScheme `tpmdirect:"tag=Scheme"` }
11.2.1.5
type TPMTSignature ¶
type TPMTSignature struct { // selector of the algorithm used to construct the signature SigAlg TPMIAlgSigScheme `tpmdirect:"nullable"` // This shall be the actual signature information. Signature TPMUSignature `tpmdirect:"tag=SigAlg"` }
11.3.4
type TPMTSymDef ¶
type TPMTSymDef struct { // indicates a symmetric algorithm Algorithm TPMIAlgSym `tpmdirect:"nullable"` // the key size KeyBits TPMUSymKeyBits `tpmdirect:"tag=Algorithm"` // the mode for the key Mode TPMUSymMode `tpmdirect:"tag=Algorithm"` // contains the additional algorithm details Details TPMUSymDetails `tpmdirect:"tag=Algorithm"` }
11.1.6
type TPMTSymDefObject ¶
type TPMTSymDefObject struct { // selects a symmetric block cipher // When used in the parameter area of a parent object, this shall // be a supported block cipher and not TPM_ALG_NULL Algorithm TPMIAlgSymObject `tpmdirect:"nullable"` // the key size KeyBits TPMUSymKeyBits `tpmdirect:"tag=Algorithm"` // default mode // When used in the parameter area of a parent object, this shall // be TPM_ALG_CFB. Mode TPMUSymMode `tpmdirect:"tag=Algorithm"` // contains the additional algorithm details, if any Details TPMUSymDetails `tpmdirect:"tag=Algorithm"` }
11.1.7
type TPMTTKAuth ¶
type TPMTTKAuth struct { // ticket structure tag Tag TPMST // the hierarchy of the object used to produce the ticket Hierarchy TPMIRHHierarchy // This shall be the HMAC produced using a proof value of hierarchy. Digest TPM2BDigest }
10.7.5
type TPMTTKCreation ¶
type TPMTTKCreation struct { // ticket structure tag Tag TPMST // the hierarchy containing name Hierarchy TPMIRHHierarchy // This shall be the HMAC produced using a proof value of hierarchy. Digest TPM2BDigest }
10.7.3
type TPMUAsymScheme ¶
type TPMUAsymScheme struct { // TODO every asym scheme gets an entry in this union. RSASSA *TPMSSigSchemeRSASSA `tpmdirect:"selector=0x0014"` // TPM_ALG_RSASSA RSAES *TPMSEncSchemeRSAES `tpmdirect:"selector=0x0015"` // TPM_ALG_RSAES RSAPSS *TPMSSigSchemeRSAPSS `tpmdirect:"selector=0x0016"` // TPM_ALG_RSAPSS OAEP *TPMSEncSchemeOAEP `tpmdirect:"selector=0x0017"` // TPM_ALG_OAEP ECDSA *TPMSSigSchemeECDSA `tpmdirect:"selector=0x0018"` // TPM_ALG_ECDSA ECDH *TPMSKeySchemeECDH `tpmdirect:"selector=0x0019"` // TPM_ALG_ECDH }
11.2.3.5
type TPMUAttest ¶
type TPMUAttest struct { NV *TPMSNVCertifyInfo `tpmdirect:"selector=0x8014"` // TPM_ST_ATTEST_NV CommandAudit *TPMSCommandAuditInfo `tpmdirect:"selector=0x8015"` // TPM_ST_ATTEST_COMMAND_AUDIT SessionAudit *TPMSSessionAuditInfo `tpmdirect:"selector=0x8016"` // TPM_ST_ATTEST_SESSION_AUDIT Certify *TPMSCertifyInfo `tpmdirect:"selector=0x8017"` // TPM_ST_ATTEST_CERTIFY Quote *TPMSQuoteInfo `tpmdirect:"selector=0x8018"` // TPM_ST_ATTEST_QUOTE Time *TPMSTimeAttestInfo `tpmdirect:"selector=0x8019"` // TPM_ST_ATTEST_TIME Creation *TPMSCreationInfo `tpmdirect:"selector=0x801A"` // TPM_ST_ATTEST_CREATION NVDigest *TPMSNVDigestCertifyInfo `tpmdirect:"selector=0x801C"` // TPM_ST_ATTEST_NV_DIGEST }
10.12.11
type TPMUCapabilities ¶
type TPMUCapabilities struct { Algorithms *TPMLAlgProperty `tpmdirect:"selector=0x00000000"` // TPM_CAP_ALGS Handles *TPMLHandle `tpmdirect:"selector=0x00000001"` // TPM_CAP_HANDLES Command *TPMLCCA `tpmdirect:"selector=0x00000002"` // TPM_CAP_COMMANDS PPCommands *TPMLCC `tpmdirect:"selector=0x00000003"` // TPM_CAP_PP_COMMANDS AuditCommands *TPMLCC `tpmdirect:"selector=0x00000004"` // TPM_CAP_AUDIT_COMMANDS AssignedPCR *TPMLPCRSelection `tpmdirect:"selector=0x00000005"` // TPM_CAP_PCRS TPMProperties *TPMLTaggedTPMProperty `tpmdirect:"selector=0x00000006"` // TPM_CAP_TPM_PROPERTIES PCRProperties *TPMLTaggedPCRProperty `tpmdirect:"selector=0x00000007"` // TPM_CAP_PCR_PROPERTIES ECCCurves *TPMLECCCurve `tpmdirect:"selector=0x00000008"` // TPM_CAP_ECC_CURVES AuthPolicies *TPMLTaggedPolicy `tpmdirect:"selector=0x00000009"` // TPM_CAP_AUTH_POLICIES ACTData *TPMLACTData `tpmdirect:"selector=0x0000000A"` // TPM_CAP_ACT }
10.10.1
type TPMUHA ¶
type TPMUHA struct { SHA1 *[20]byte `tpmdirect:"selector=0x0004"` // TPM_ALG_SHA1 SHA256 *[32]byte `tpmdirect:"selector=0x000B"` // TPM_ALG_SHA256 SHA384 *[48]byte `tpmdirect:"selector=0x000C"` // TPM_ALG_SHA384 SHA512 *[64]byte `tpmdirect:"selector=0x000D"` // TPM_ALG_SHA512 SHA3_256 *[32]byte `tpmdirect:"selector=0x0027"` // TPM_ALG_SHA3_256 SHA3_384 *[48]byte `tpmdirect:"selector=0x0028"` // TPM_ALG_SHA3_384 SHA3_512 *[64]byte `tpmdirect:"selector=0x0029"` // TPM_ALG_SHA3_512 }
10.3.1
type TPMUKDFScheme ¶
type TPMUKDFScheme struct { MGF1 *TPMSKDFSchemeMGF1 `tpmdirect:"selector=0x0007"` // TPM_ALG_MGF1 ECDH *TPMSKDFSchemeECDH `tpmdirect:"selector=0x0019"` // TPM_ALG_ECDH KDF1SP80056A *TPMSKDFSchemeKDF1SP80056A `tpmdirect:"selector=0x0020"` // TPM_ALG_KDF1_SP800_56A KDF2 *TPMSKDFSchemeKDF2 `tpmdirect:"selector=0x0021"` // TPM_ALG_KDF2 KDF1SP800108 *TPMSKDFSchemeKDF1SP800108 `tpmdirect:"selector=0x0022"` // TPM_ALG_KDF1_SP800_108 }
11.2.3.2
type TPMUPublicID ¶
type TPMUPublicID struct { KeyedHash *TPM2BDigest `tpmdirect:"selector=0x0008"` // TPM_ALG_KEYEDHASH Sym *TPM2BDigest `tpmdirect:"selector=0x0025"` // TPM_ALG_SYMCIPHER RSA *TPM2BPublicKeyRSA `tpmdirect:"selector=0x0001"` // TPM_ALG_RSA ECC *TPMSECCPoint `tpmdirect:"selector=0x0023"` // TPM_ALG_ECC }
12.2.3.2
type TPMUPublicParms ¶
type TPMUPublicParms struct { // sign | decrypt | neither KeyedHashDetail *TPMSKeyedHashParms `tpmdirect:"selector=0x0008"` // TPM_ALG_KEYEDHASH // sign | decrypt | neither SymCipherDetail *TPMSSymCipherParms `tpmdirect:"selector=0x0025"` // TPM_ALG_SYMCIPHER // decrypt + sign RSADetail *TPMSRSAParms `tpmdirect:"selector=0x0001"` // TPM_ALG_RSA // decrypt + sign ECCDetail *TPMSECCParms `tpmdirect:"selector=0x0023"` // TPM_ALG_ECC }
12.2.3.7
type TPMUSchemeKeyedHash ¶
type TPMUSchemeKeyedHash struct { HMAC *TPMSSchemeHMAC `tpmdirect:"selector=0x0005"` // TPM_ALG_HMAC XOR *TPMSSchemeXOR `tpmdirect:"selector=0x000A"` // TPM_ALG_XOR }
11.1.22
type TPMUSigScheme ¶
type TPMUSigScheme struct { HMAC *TPMSSchemeHMAC `tpmdirect:"selector=0x0005"` // TPM_ALG_HMAC RSASSA *TPMSSchemeHash `tpmdirect:"selector=0x0014"` // TPM_ALG_RSASSA RSAPSS *TPMSSchemeHash `tpmdirect:"selector=0x0016"` // TPM_ALG_RSAPSS ECDSA *TPMSSchemeHash `tpmdirect:"selector=0x0018"` // TPM_ALG_ECDSA }
11.2.1.4
type TPMUSignature ¶
type TPMUSignature struct { HMAC *TPMTHA `tpmdirect:"selector=0x0005"` // TPM_ALG_HMAC RSASSA *TPMSSignatureRSA `tpmdirect:"selector=0x0014"` // TPM_ALG_RSASSA RSAPSS *TPMSSignatureRSA `tpmdirect:"selector=0x0016"` // TPM_ALG_RSAPSS ECDSA *TPMSSignatureECC `tpmdirect:"selector=0x0018"` // TPM_ALG_ECDSA }
11.3.3
type TPMUSymDetails ¶
type TPMUSymDetails struct { // TODO: The rest of the symmetric algorithms get their own entry // in this union. AES *struct{} `tpmdirect:"selector=0x0006"` // TPM_ALG_AES XOR *struct{} `tpmdirect:"selector=0x000A"` // TPM_ALG_XOR }
11.1.5
type TPMUSymKeyBits ¶
type TPMUSymKeyBits struct { // TODO: The rest of the symmetric algorithms get their own entry // in this union. AES *TPMKeyBits `tpmdirect:"selector=0x0006"` // TPM_ALG_AES XOR *TPMIAlgHash `tpmdirect:"selector=0x000A"` // TPM_ALG_XOR }
11.1.3
type TPMUSymMode ¶
type TPMUSymMode struct { // TODO: The rest of the symmetric algorithms get their own entry // in this union. AES *TPMIAlgSymMode `tpmdirect:"selector=0x0006"` // TPM_ALG_AES XOR *struct{} `tpmdirect:"selector=0x000A"` // TPM_ALG_XOR }
11.1.4
type Transport ¶
type Transport interface { io.Closer // Send sends a command stream to the TPM and receives back a response. // Errors from the TPM itself (i.e., in the response stream) are not // parsed. Only errors from actually sending the command. Send(command []byte) ([]byte, error) }
Transport represents a physical connection to a TPM.
func LocalSimulator ¶
type UnsealCommand ¶
type UnsealCommand struct {
ItemHandle AuthHandle `tpmdirect:"handle,auth"`
}
12.7
func (*UnsealCommand) Command ¶
func (_ *UnsealCommand) Command() TPMCC
type UnsealResponse ¶
type UnsealResponse struct {
OutData TPM2BSensitiveData
}
func (*UnsealResponse) Response ¶
func (_ *UnsealResponse) Response() TPMCC