Documentation
¶
Overview ¶
Package internal contains private helper functions needed in client and server
Index ¶
- Variables
- func CheckSubset(subset, superset *pb.PCRs) error
- func FormatPCRs(w io.Writer, p *pb.PCRs) error
- func GetSigningHashAlg(pubArea tpm2.Public) (tpm2.Algorithm, error)
- func PCRDigest(p *pb.PCRs, hashAlg crypto.Hash) []byte
- func PCRSelection(p *pb.PCRs) tpm2.PCRSelection
- func PCRSessionAuth(p *pb.PCRs, hashAlg crypto.Hash) []byte
- func PubKeysEqual(k1 crypto.PublicKey, k2 crypto.PublicKey) bool
- func SamePCRSelection(p *pb.PCRs, sel tpm2.PCRSelection) bool
- func VerifyQuote(q *pb.Quote, trustedPub crypto.PublicKey, extraData []byte) error
Constants ¶
This section is empty.
Variables ¶
var SignatureHashAlgs = []tpm2.Algorithm{tpm2.AlgSHA512, tpm2.AlgSHA384, tpm2.AlgSHA256}
SignatureHashAlgs are the hash algorithms we support for Quote signatures, in their preferred order of use.
Functions ¶
func CheckSubset ¶ added in v0.3.0
CheckSubset verifies if the pcrs PCRs are a valid "subset" of the provided "superset" of PCRs. The PCR values must match (if present), and all PCRs must be present in the superset. This function will return an error containing the first missing or mismatched PCR number.
func FormatPCRs ¶ added in v0.3.0
FormatPCRs writes a multiline representation of the PCR values to w.
func GetSigningHashAlg ¶ added in v0.3.0
GetSigningHashAlg returns the hash algorithm used for a signing key. Returns an error if an algorithm isn't supported, or the key is not a signing key.
func PCRDigest ¶ added in v0.3.0
PCRDigest computes the digest of the Pcrs. Note that the digest hash algorithm may differ from the PCRs' hash (which denotes the PCR bank).
func PCRSelection ¶ added in v0.3.0
func PCRSelection(p *pb.PCRs) tpm2.PCRSelection
PCRSelection returns the corresponding tpm2.PCRSelection for the PCR data.
func PCRSessionAuth ¶ added in v0.3.0
PCRSessionAuth calculates the authorization value for the given PCRs.
func PubKeysEqual ¶ added in v0.3.4
PubKeysEqual returns whether the two public keys are equal.
func SamePCRSelection ¶ added in v0.3.0
func SamePCRSelection(p *pb.PCRs, sel tpm2.PCRSelection) bool
SamePCRSelection checks if the Pcrs has the same PCRSelection as the provided given tpm2.PCRSelection (including the hash algorithm).
func VerifyQuote ¶ added in v0.3.0
VerifyQuote performs the following checks to validate a Quote:
- the provided signature is generated by the trusted AK public key
- the signature signs the provided quote data
- the quote data starts with TPM_GENERATED_VALUE
- the quote data is a valid TPMS_QUOTE_INFO
- the quote data was taken over the provided PCRs
- the provided PCR values match the quote data internal digest
- the provided extraData matches that in the quote data
- the signature hash algorithm must be in HashAlgs
Note that the caller must have already established trust in the provided public key before validating the Quote.
VerifyQuote supports ECDSA and RSASSA signature verification.
Types ¶
This section is empty.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package test provides helper methods for testing.
|
Package test provides helper methods for testing. |
|
Package util provides helper funtions to prepare materials for talking to attestation verifiers.
|
Package util provides helper funtions to prepare materials for talking to attestation verifiers. |