tpm2

package
v0.0.0-...-b5aa0b6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 30, 2017 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Overview

Package tpm2 is a generated protocol buffer package.

It is generated from these files: 

tpm2.proto

It has these top-level messages: 

PrivateKeyBlobMessage
RsaPublicKeyMessage
RsaPrivateKeyMessage
AsymmetricKeyMessage
PublicKeyMessage
EndorsementKeyMessage
SigningInstructionsMessage
X509CertRequestParametersMessage
X509CertIssuerParametersMessage
CertParametersMessage
QuoteKeyInfoMessage
ProgramKeyParameters
ProgramCertRequestMessage
ProgramCertResponseMessage
CertificateChainEntryMessage
CertificateChainMessage
QuoteCertificationInformation
AttestCertRequest
AttestCertResponse

Index

Constants

View Source 
const (
	AlgTPM_ALG_RSA       uint16 = 0x0001
	AlgTPM_ALG_SHA1      uint16 = 0x0004
	AlgTPM_ALG_AES       uint16 = 0x0006
	AlgTPM_ALG_SHA256    uint16 = 0x000B
	AlgTPM_ALG_SHA384    uint16 = 0x000C
	AlgTPM_ALG_SHA512    uint16 = 0x000D
	AlgTPM_ALG_NULL      uint16 = 0x0010
	AlgTPM_ALG_RSASSA    uint16 = 0x0014
	AlgTPM_ALG_RSAES     uint16 = 0x0015
	AlgTPM_ALG_RSAPSS    uint16 = 0x0016
	AlgTPM_ALG_OAEP      uint16 = 0x0017
	AlgTPM_ALG_ECDSA     uint16 = 0x0018
	AlgTPM_ALG_ECDH      uint16 = 0x0019
	AlgTPM_ALG_ECDAA     uint16 = 0x001A
	AlgTPM_ALG_ECC       uint16 = 0x0023
	AlgTPM_ALG_CTR       uint16 = 0x0040
	AlgTPM_ALG_OFB       uint16 = 0x0041
	AlgTPM_ALG_CBC       uint16 = 0x0042
	AlgTPM_ALG_CFB       uint16 = 0x0043
	AlgTPM_ALG_ECB       uint16 = 0x0044
	AlgTPM_ALG_LAST      uint16 = 0x0044
	AlgTPM_ALG_KEYEDHASH uint16 = 0x0008
)

Supported Algorithms.

View Source 
const (
	FlagFixedTPM            uint32 = 0x00000002
	FlagFixedParent         uint32 = 0x00000010
	FlagSensitiveDataOrigin uint32 = 0x00000020
	FlagUserWithAuth        uint32 = 0x00000040
	FlagAdminWithPolicy     uint32 = 0x00000080

	FlagRestricted uint32 = 0x00010000
	FlagDecrypt    uint32 = 0x00020000
	FlagSign       uint32 = 0x00040000

	FlagSealDefault   uint32 = FlagFixedTPM | FlagFixedParent
	FlagSignerDefault uint32 = FlagSign | FlagRestricted | FlagFixedTPM |
		FlagFixedParent | FlagSensitiveDataOrigin | FlagUserWithAuth
	FlagStorageDefault uint32 = FlagDecrypt | FlagRestricted | FlagFixedTPM |
		FlagFixedParent | FlagSensitiveDataOrigin | FlagUserWithAuth
)

Properties

View Source 
const (
	OrdTPM_RH_OWNER           uint32 = 0x40000001
	OrdTPM_RH_REVOKE          uint32 = 0x40000002
	OrdTPM_RH_TRANSPORT       uint32 = 0x40000003
	OrdTPM_RH_OPERATOR        uint32 = 0x40000004
	OrdTPM_RH_ADMIN           uint32 = 0x40000005
	OrdTPM_RH_EK              uint32 = 0x40000006
	OrdTPM_RH_NULL            uint32 = 0x40000007
	OrdTPM_RH_UNASSIGNED      uint32 = 0x40000008
	OrdTPM_RS_PW              uint32 = 0x40000009
	OrdTPM_RH_LOCKOUT         uint32 = 0x4000000A
	OrdTPM_RH_ENDORSEMENT     uint32 = 0x4000000B
	OrdTPM_RH_PLATFORM        uint32 = 0x4000000C
	OrdTPM_CAP_TPM_PROPERTIES uint32 = 0x00000006
	OrdTPM_CAP_HANDLES        uint32 = 0x00000001
	OrdNV_PLATFORMCREATE      uint32 = 0x40000000
	OrdNV_AUTHWRITE           uint32 = 0x00000004
	OrdNV_AUTHREAD            uint32 = 0x00040000
	OrdNV_COUNTER             uint32 = 0x00000010
	OrdHR_SHIFT               uint32 = 24
	OrdTPM_HT_NV_INDEX        uint32 = 1
	OrdNV_EXTEND              uint32 = 0x00000040
	OrdNV_POLICY_DELETE       uint32 = 0x00000400
	OrdNV_WRITTEN             uint32 = 0x20000000
)

Reserved Handles and Properties

View Source 
const (
	RootKeyHandle     uint32 = 0x810003e8
	QuoteKeyHandle    uint32 = 0x810003e9
	RollbackKeyHandle uint32 = 0
)
View Source 
const (
	OrdTPM_GENERATED_VALUE uint32 = 0xff544347
)

TPM generated

View Source 
const (
	OrdTPM_SE_POLICY uint8 = 0x01
)

Policy

Variables

This section is empty.

Functions

func ActivateCredential 

func ActivateCredential(rw io.ReadWriter, active_handle Handle, key_handle Handle,
	activePassword string, protectorPassword string,
	credBlob []byte, secret []byte) ([]byte, error)

ActivateCredential 

Output: certinfo

func AssistSeal 

func AssistSeal(rw io.ReadWriter, parentHandle Handle, toSeal []byte,
	parentPassword string, ownerPassword string, pcrs []int,
	policy_digest []byte) ([]byte, []byte, error)

out: private, public

func AssistUnseal 

func AssistUnseal(rw io.ReadWriter, sessionHandle Handle, parentHandle Handle,
	pub []byte, priv []byte, parentPassword string, ownerPassword string,
	policy_digest []byte) ([]byte, []byte, error)

out: unsealed blob, nonce

func ClientDecodeServerResponse 

func ClientDecodeServerResponse(rw io.ReadWriter, protectorHandle Handle,
	quoteHandle Handle, password string,
	response ProgramCertResponseMessage) ([]byte, error)

Output is der encoded Program Cert

func ComputeHashValue 

func ComputeHashValue(alg uint16, to_hash []byte) ([]byte, error)

func ComputePcrDigest 

func ComputePcrDigest(alg uint16, in []byte) ([]byte, error)

func ConstructActivateCredential 

func ConstructActivateCredential(active_handle Handle, key_handle Handle,
	activePassword string, protectorPassword string,
	credBlob []byte, secret []byte) ([]byte, error)

ConstructActivateCredential constructs a ActivateCredential command.

func ConstructClientRequest 

func ConstructClientRequest(rw io.ReadWriter, der_endorsement_cert []byte,
	quote_handle Handle, parent_pw string, owner_pw string,
	program_name string) (*RsaPrivateKeyMessage,
	*ProgramCertRequestMessage, error)

Input: Der encoded endorsement cert and handles Returns program private key protobuf, CertRequestMessage

func ConstructCreateKey 

func ConstructCreateKey(owner uint32, pcr_nums []int, parent_password string, owner_password string,
	parms RsaParams) ([]byte, error)

ConstructCreateKey constructs a CreateKey command.

func ConstructCreatePrimary 

func ConstructCreatePrimary(owner uint32, pcr_nums []int,
	parent_password string, owner_password string,
	parms RsaParams) ([]byte, error)

ConstructCreatePrimary constructs a CreatePrimary command.

func ConstructCreateSealed 

func ConstructCreateSealed(parent Handle, policy_digest []byte,
	parent_password string, owner_password string,
	to_seal []byte, pcr_nums []int,
	parms KeyedHashParams) ([]byte, error)

ConstructCreateSealed constructs a CreateSealed command.

func ConstructDefineSpace 

func ConstructDefineSpace(owner Handle, handle Handle, authString string,
	attributes uint32, policy []byte, dataSize uint16) ([]byte, error)

func ConstructEvictControl 

func ConstructEvictControl(owner Handle, tmp_handle Handle,
	persistant_handle Handle) ([]byte, error)

ConstructEvictControl constructs a EvictControl command.

func ConstructFlushContext 

func ConstructFlushContext(handle Handle) ([]byte, error)

ConstructFlushContext constructs a FlushContext command.

func ConstructGetCapabilities 

func ConstructGetCapabilities(cap uint32, count uint32, property uint32) ([]byte, error)

ConstructGetCapabilities constructs a GetCapabilities command.

func ConstructGetRandom 

func ConstructGetRandom(size uint32) ([]byte, error)

ConstructGetRandom constructs a GetRandom command.

func ConstructIncrementNv 

func ConstructIncrementNv(handle Handle, authString string) ([]byte, error)

func ConstructInternalMakeCredential 

func ConstructInternalMakeCredential(protectorHandle Handle, credential []byte,
	activeName []byte) ([]byte, error)

ConstructInternalMakeCredential constructs a InternalMakeCredential command.

func ConstructLoad 

func ConstructLoad(parentHandle Handle, parentAuth string, ownerAuth string,
	public_blob []byte, private_blob []byte) ([]byte, error)

ConstructLoad constructs a Load command.

func ConstructLoadContext 

func ConstructLoadContext(save_area []byte) ([]byte, error)

ConstructLoadContext constructs a LoadContext command.

func ConstructPcrEvent 

func ConstructPcrEvent(pcrnum int, eventData []byte) ([]byte, error)

ConstructPcrEvent

func ConstructPolicyGetDigest 

func ConstructPolicyGetDigest(handle Handle) ([]byte, error)

ConstructPolicyGetDigest constructs a PolicyGetDigest command.

func ConstructPolicyPassword 

func ConstructPolicyPassword(handle Handle) ([]byte, error)

ConstructPolicyPassword constructs a PolicyPassword command.

func ConstructPolicyPcr 

func ConstructPolicyPcr(handle Handle, expected_digest []byte,
	pcr_nums []int) ([]byte, error)

Construct PolicyPcr command.

func ConstructQuote 

func ConstructQuote(signing_handle Handle, parent_password, owner_password string,
	to_quote []byte, pcr_nums []int, sig_alg uint16) ([]byte, error)

ConstructQuote constructs a Quote command.

func ConstructReadClock 

func ConstructReadClock() ([]byte, error)

ConstructReadClock constructs a ReadClock command.

func ConstructReadNv 

func ConstructReadNv(handle Handle, authString string, offset uint16, dataSize uint16) ([]byte, error)

func ConstructReadPcrs 

func ConstructReadPcrs(num_spec int, num_pcr byte, pcrs []byte) ([]byte, error)

ConstructReadPcrs constructs a ReadPcr command.

func ConstructReadPublic 

func ConstructReadPublic(handle Handle) ([]byte, error)

ConstructReadPublic constructs a ReadPublic command.

func ConstructSaveContext 

func ConstructSaveContext(handle Handle) ([]byte, error)

ConstructSaveContext constructs a SaveContext command.

func ConstructStartAuthSession 

func ConstructStartAuthSession(tpm_key Handle, bind_key Handle,
	nonceCaller []byte, secret []byte,
	se byte, sym uint16, hash_alg uint16) ([]byte, error)

ConstructStartAuthSession constructs a StartAuthSession command.

func ConstructUndefineSpace 

func ConstructUndefineSpace(owner Handle, handle Handle) ([]byte, error)

func ConstructUnseal 

func ConstructUnseal(item_handle Handle, password string, session_handle Handle) ([]byte, error)

ConstructUnseal constructs a Unseal command.

func CreateKey 

func CreateKey(rw io.ReadWriter, owner uint32, pcr_nums []int, parent_password string, owner_password string,
	parms RsaParams) ([]byte, []byte, error)

Output: public blob, private blob, digest

func CreateKeyedHashParams 

func CreateKeyedHashParams(parms KeyedHashParams) []byte

nil is error

func CreateLongPcr 

func CreateLongPcr(count uint32, pcr_nums []int) []byte

nil return is error

func CreatePasswordAuthArea 

func CreatePasswordAuthArea(password string, owner Handle) []byte

nil return is an error 

returns: len0 TPM_RS_PW 0000 01 password data as []byte

func CreateRsaParams 

func CreateRsaParams(parms RsaParams) []byte

nil return is error

func CreateSealed 

func CreateSealed(rw io.ReadWriter, parent Handle, policy_digest []byte,
	parent_password string, owner_password string,
	to_seal []byte, pcr_nums []int, parms KeyedHashParams) ([]byte, []byte, error)

CreateSealed 

Output: public blob, private blob

func CreateSensitiveArea 

func CreateSensitiveArea(in1 []byte, in2 []byte) []byte

nil is error

func CreateTemporaryChannelKey 

func CreateTemporaryChannelKey() (*rsa.PrivateKey, []byte, error)

func CreateTpm2HierarchySubKeys 

func CreateTpm2HierarchySubKeys(rw io.ReadWriter, pcrs []int, keySize uint16, hash_alg_id uint16,
	rootHandle Handle, quotePassword string) ([]byte, []byte, []byte, []byte, error)

Create quote and seal keys under rootHandle and return in order: 

quote public blob, quote private blob, seal public blob, seal private blob

func CreateTpm2KeyHierarchy 

func CreateTpm2KeyHierarchy(rw io.ReadWriter, pcrs []int, keySize uint16, hash_alg_id uint16,
	quotePassword string) (Handle, Handle, Handle, error)

This program creates a key hierarchy consisting of a primary key and quoting key for cloudproxy.

func DecodeActivateCredential 

func DecodeActivateCredential(in []byte) ([]byte, error)

DecodeActivateCredential decodes a ActivateCredential response. returns certInfo

func DecodeCreateKey 

func DecodeCreateKey(in []byte) ([]byte, []byte, error)

DecodeCreateKey decodes a CreateKey response. 

Output: private_blob, public_blob

func DecodeCreateSealed 

func DecodeCreateSealed(in []byte) ([]byte, []byte, error)

DecodeCreateSealed decodes a CreateSealed response. 

Output: private, public, creation_out, digest_out, creation_ticket

func DecodeEvictControl 

func DecodeEvictControl(in []byte) error

DecodeEvictControl decodes a EvictControl response.

func DecodeGetCapabilities 

func DecodeGetCapabilities(in []byte) (uint32, []uint32, error)

DecodeGetCapabilities decodes a GetCapabilities response.

func DecodeGetRandom 

func DecodeGetRandom(in []byte) ([]byte, error)

DecodeGetRandom decodes a GetRandom response.

func DecodeInternalMakeCredential 

func DecodeInternalMakeCredential(in []byte) ([]byte, []byte, error)

DecodeInternalMakeCredential decodes a InternalMakeCredential response. returns blob, encrypted_secret

func DecodePolicyGetDigest 

func DecodePolicyGetDigest(in []byte) ([]byte, error)

DecodePolicyGetDigest decodes a PolicyGetDigest response.

func DecodeQuote 

func DecodeQuote(in []byte) ([]byte, uint16, uint16, []byte, error)

DecodeQuote decodes a Quote response. 

Output: attest, signature

func DecodeReadClock 

func DecodeReadClock(in []byte) (uint64, uint64, error)

DecodeReadClock decodes a ReadClock response.

func DecodeReadNv 

func DecodeReadNv(in []byte) (uint64, error)

func DecodeReadPcrs 

func DecodeReadPcrs(in []byte) (uint32, []byte, uint16, []byte, error)

DecodeReadPcrs decodes a ReadPcr response.

func DecodeReadPublic 

func DecodeReadPublic(in []byte) ([]byte, []byte, []byte, error)

DecodeReadPublic decodes a ReadPublic response. 

public, name, qualified name

func DecodeSaveContext 

func DecodeSaveContext(save_area []byte) ([]byte, error)

DecodeSaveContext constructs a SaveContext command.

func DecodeUnseal 

func DecodeUnseal(in []byte) ([]byte, []byte, error)

DecodeUnseal decodes a Unseal response. 

Output: sensitive data

func DefineSpace 

func DefineSpace(rw io.ReadWriter, owner Handle, handle Handle,
	authString string, policy []byte,
	attributes uint32, dataSize uint16) error

DefineSpace

func DeserializeRsaKey 

func DeserializeRsaKey(in []byte) (*rsa.PrivateKey, error)

func EncryptDataWithCredential 

func EncryptDataWithCredential(encrypt_flag bool, hash_alg_id uint16,
	unmarshaled_credential []byte, inData []byte,
	inHmac []byte) ([]byte, []byte, error)

Return: out_hmac, output_data

func EvictControl 

func EvictControl(rw io.ReadWriter, owner Handle, tmp_handle Handle, persistant_handle Handle) error

EvictControl

func FlushContext 

func FlushContext(rw io.ReadWriter, handle Handle) error

FlushContext

func Flushall 

func Flushall(rw io.ReadWriter) error

Flushall

func FormatTpm2Quote 

func FormatTpm2Quote(stmt []byte, pcrs []int, pcrVals [][]byte) ([]byte, error)

func GenerateCertFromKeys 

func GenerateCertFromKeys(signingKey *rsa.PrivateKey, signerDerPolicyCert []byte,
	subjectKey *rsa.PublicKey, subjectOrgName string, subjectCommonName string,
	serialNumber *big.Int, notBefore time.Time, notAfter time.Time) ([]byte, error)

func GenerateHWCert 

func GenerateHWCert(rw io.ReadWriter, handle Handle, hardwareName string,
	notBefore time.Time, notAfter time.Time, serialNumber *big.Int,
	derPolicyCert []byte, policyKey *rsa.PrivateKey) ([]byte, error)

func GenerateSelfSignedCertFromKey 

func GenerateSelfSignedCertFromKey(signingKey *rsa.PrivateKey, subjectOrgName string,
	subjectCommonName string, serialNumber *big.Int,
	notBefore time.Time, notAfter time.Time) ([]byte, error)

func GetCapabilities 

func GetCapabilities(rw io.ReadWriter, cap uint32, count uint32, property uint32) ([]uint32, error)

GetCapabilities 

Output: output buf

func GetCertFromAttestResponse 

func GetCertFromAttestResponse(tpmDevice io.ReadWriter, quoteHandle Handle, endorsementHandle Handle,
	password string, response AttestCertResponse) ([]byte, error)

func GetCounter 

func GetCounter(rw io.ReadWriter, nvHandle Handle, authString string) (int64, error)

Tpm2 GetCounter

func GetPublicKeyFromDerCert 

func GetPublicKeyFromDerCert(derCert []byte) (*rsa.PublicKey, error)

func GetRandom 

func GetRandom(rw io.ReadWriteCloser, size uint32) ([]byte, error)

GetRandom gets random bytes from the TPM.

func GetRsaKeyFromHandle 

func GetRsaKeyFromHandle(rw io.ReadWriter, handle Handle) (*rsa.PublicKey, error)

Call with tpm 2.0 and the quote handle, get the key back for serialization in AttestCertRequest.

func GetSerialNumber 

func GetSerialNumber() *big.Int

func HandleQuoteDomainRequest 

func HandleQuoteDomainRequest(conn net.Conn, policyKey *ecdsa.PrivateKey, derPolicyCert []byte) (bool, error)

func IncrementNv 

func IncrementNv(rw io.ReadWriter, handle Handle, authString string) error

IncrementNv

func InitCounter 

func InitCounter(rw io.ReadWriter, nvHandle Handle, authString string) error

Tpm2 InitCounter

func InitTpm2KeysandContexts 

func InitTpm2KeysandContexts(rw io.ReadWriter, pcrs []int, keySize uint16, hash_alg_id uint16,
	quotePassword string, rootFileName string, quoteFileName string,
	storeFileName string) error

This isnt used any more.

func InternalMakeCredential 

func InternalMakeCredential(rw io.ReadWriter, protectorHandle Handle, credential []byte,
	activeName []byte) ([]byte, []byte, error)

InternalMakeCredential 

Output: blob, secret

func KDFA 

func KDFA(alg uint16, key []byte, label string, contextU []byte,
	contextV []byte, bits int) ([]byte, error)

func MakeCommandHeader 

func MakeCommandHeader(tag uint16, size uint32, command uint32) (commandHeader, error)

Make commandHeader

func MakeCredential 

func MakeCredential(protectorPublic *rsa.PublicKey, hash_alg_id uint16,
	unmarshaled_credential []byte,
	unmarshaled_name []byte) ([]byte, []byte, []byte, error)

1. Generate Seed 2. encrypted_secret= E(protector_key, seed || "IDENTITY") 3. symKey ≔ KDFa (ekNameAlg, seed, “STORAGE”, name, NULL , bits) 4. encIdentity ≔ AesCFB(symKey, 0, credential) 5. HMACkey ≔ KDFa (ekNameAlg, seed, “INTEGRITY”, NULL, NULL, bits) 6. outerHMAC ≔ HMAC(HMACkey, encIdentity || Name)

Return (all []byte) 

encrypted_secret
encIdentity
integrityHmac

func OpenTPM 

func OpenTPM(path string) (io.ReadWriteCloser, error)

OpenTPM opens a channel to the TPM at the given path. If the file is a device, then it treats it like a normal TPM device, and if the file is a Unix domain socket, then it opens a connection to the socket.

func PcrEvent 

func PcrEvent(rw io.ReadWriter, pcrnum int, eventData []byte) error

PcrEvent

func PersistTpm2KeyHierarchy 

func PersistTpm2KeyHierarchy(rw io.ReadWriter, pcrs []int, keySize int,
	hash_alg_id uint16, rootHandle uint32, quoteHandle uint32, quotePassword string) error

Makes their handles permanent.

func PolicyGetDigest 

func PolicyGetDigest(rw io.ReadWriter, handle Handle) ([]byte, error)

PolicyGetDigest 

Output: digest

func PolicyPassword 

func PolicyPassword(rw io.ReadWriter, handle Handle) error

PolicyPassword

func PolicyPcr 

func PolicyPcr(rw io.ReadWriter, handle Handle, expected_digest []byte,
	pcr_nums []int) error

PolicyPcr

func PrintAttestData 

func PrintAttestData(parms *AttestParams)

func PrintKeyedHashParams 

func PrintKeyedHashParams(parms *KeyedHashParams)

func PrintRsaParams 

func PrintRsaParams(parms *RsaParams)

func PublicKeyFromPrivate 

func PublicKeyFromPrivate(priv interface{}) *rsa.PublicKey

func Quote 

func Quote(rw io.ReadWriter, signing_handle Handle, parent_password string, owner_password string,
	to_quote []byte, pcr_nums []int, sig_alg uint16) ([]byte, []byte, error)

Quote 

Output: attest, sig

func ReadClock 

func ReadClock(rw io.ReadWriter) (uint64, uint64, error)

ReadClock 

Output: current time, current clock

func ReadNv 

func ReadNv(rw io.ReadWriter, handle Handle, authString string,
	offset uint16, dataSize uint16) (uint64, error)

ReadNv

func ReadPcrs 

func ReadPcrs(rw io.ReadWriter, num_byte byte, pcrSelect []byte) (uint32, []byte, uint16, []byte, error)

ReadPcr reads a PCR value from the TPM. 

Output: updatecounter, selectout, digest

func ReadPublic 

func ReadPublic(rw io.ReadWriter, handle Handle) ([]byte, []byte, []byte, error)

ReadPublic 

Output: key blob, name, qualified name

func RequestDomainQuoteCert 

func RequestDomainQuoteCert(network, addr string, endorsementCert []byte, tpmDevice io.ReadWriter,
	quoteHandle Handle, endorsementHandle Handle, taoName string,
	ownerPw string) ([]byte, error)

RequestDomainQuoteCert requests the Quote Cert

func RestoreTpm2KeysFromContext 

func RestoreTpm2KeysFromContext(rw io.ReadWriter, quotePassword string,
	rootFileName string, quoteFileName string,
	storeFileName string) (Handle, Handle, Handle, error)

func SaveContext 

func SaveContext(rw io.ReadWriter, handle Handle) ([]byte, error)

func SerializeRsaPrivateKey 

func SerializeRsaPrivateKey(key *rsa.PrivateKey) ([]byte, error)

func SetHandle 

func SetHandle(handle Handle) []byte

nil is error

func SetPasswordData 

func SetPasswordData(password string) []byte

nil return is an error

func SetShortPcrs 

func SetShortPcrs(pcr_nums []int) ([]byte, error)

func SizeHash 

func SizeHash(alg_id uint16) int

func StringToIntList 

func StringToIntList(in string) ([]int, error)

func UndefineSpace 

func UndefineSpace(rw io.ReadWriter, owner Handle, handle Handle) error

UndefineSpace

func UnmarshalRsaPrivateFromProto 

func UnmarshalRsaPrivateFromProto(msg *RsaPrivateKeyMessage) (*rsa.PrivateKey, error)

func Unseal 

func Unseal(rw io.ReadWriter, item_handle Handle, password string, session_handle Handle,
	digest []byte) ([]byte, []byte, error)

Unseal

func ValidPcr 

func ValidPcr(pcrSelect []byte, digest []byte) bool

func VerifyDerCert 

func VerifyDerCert(der_cert []byte, der_signing_cert []byte) (bool, error)

func VerifyQuote 

func VerifyQuote(to_quote []byte, quote_key_info QuoteKeyInfoMessage,
	hash_alg_id uint16, quote_struct_blob []byte,
	signature []byte, checkPcrFunc ValidPcrCheck) bool

func VerifyRsaQuote 

func VerifyRsaQuote(to_quote []byte, rsaQuoteKey *rsa.PublicKey,
	hash_alg_id uint16, quote_struct_blob []byte,
	signature []byte, checkPcrFunc ValidPcrCheck) bool

func VerifyTpm2Quote 

func VerifyTpm2Quote(serialized []byte, pcrs []int, expectedPcrVal []byte,
	tpm2Quote []byte, sig []byte, key *rsa.PublicKey) (bool, error)

Types

type AsymmetricKeyMessage 

type AsymmetricKeyMessage struct {
	Key              *RsaPrivateKeyMessage `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"`
	XXX_unrecognized []byte                `json:"-"`
}

func (*AsymmetricKeyMessage) Descriptor 

func (*AsymmetricKeyMessage) Descriptor() ([]byte, []int)

func (*AsymmetricKeyMessage) GetKey 

func (m *AsymmetricKeyMessage) GetKey() *RsaPrivateKeyMessage

func (*AsymmetricKeyMessage) ProtoMessage 

func (*AsymmetricKeyMessage) ProtoMessage()

func (*AsymmetricKeyMessage) Reset 

func (m *AsymmetricKeyMessage) Reset()

func (*AsymmetricKeyMessage) String 

func (m *AsymmetricKeyMessage) String() string

type AttestCertRequest 

type AttestCertRequest struct {
	AttestBlob         []byte  `protobuf:"bytes,1,opt,name=attest_blob" json:"attest_blob,omitempty"`
	SigBlob            []byte  `protobuf:"bytes,2,opt,name=sig_blob" json:"sig_blob,omitempty"`
	KeyType            *string `protobuf:"bytes,3,opt,name=key_type" json:"key_type,omitempty"`
	KeyName            *string `protobuf:"bytes,4,opt,name=key_name" json:"key_name,omitempty"`
	HashType           *string `protobuf:"bytes,5,opt,name=hash_type" json:"hash_type,omitempty"`
	Tpm2KeyName        []byte  `protobuf:"bytes,6,opt,name=tpm2_key_name" json:"tpm2_key_name,omitempty"`
	SubjectPublicKey   []byte  `protobuf:"bytes,7,opt,name=subject_public_key" json:"subject_public_key,omitempty"`
	DerEndorsementCert []byte  `protobuf:"bytes,8,opt,name=der_endorsement_cert" json:"der_endorsement_cert,omitempty"`
	CertChain          []byte  `protobuf:"bytes,9,opt,name=cert_chain" json:"cert_chain,omitempty"`
	XXX_unrecognized   []byte  `json:"-"`
}

This is used to request a signed cert from the domain service for a tpm2 quote key.

func BuildAttestCertRequest 

func BuildAttestCertRequest(tpmDevice io.ReadWriter, quoteHandle Handle, endorsementHandle Handle, endorsementCert []byte,
	taoName string, ownerPw string) (*AttestCertRequest, error)

func (*AttestCertRequest) Descriptor 

func (*AttestCertRequest) Descriptor() ([]byte, []int)

func (*AttestCertRequest) GetAttestBlob 

func (m *AttestCertRequest) GetAttestBlob() []byte

func (*AttestCertRequest) GetCertChain 

func (m *AttestCertRequest) GetCertChain() []byte

func (*AttestCertRequest) GetDerEndorsementCert 

func (m *AttestCertRequest) GetDerEndorsementCert() []byte

func (*AttestCertRequest) GetHashType 

func (m *AttestCertRequest) GetHashType() string

func (*AttestCertRequest) GetKeyName 

func (m *AttestCertRequest) GetKeyName() string

func (*AttestCertRequest) GetKeyType 

func (m *AttestCertRequest) GetKeyType() string

func (*AttestCertRequest) GetSigBlob 

func (m *AttestCertRequest) GetSigBlob() []byte

func (*AttestCertRequest) GetSubjectPublicKey 

func (m *AttestCertRequest) GetSubjectPublicKey() []byte

func (*AttestCertRequest) GetTpm2KeyName 

func (m *AttestCertRequest) GetTpm2KeyName() []byte

func (*AttestCertRequest) ProtoMessage 

func (*AttestCertRequest) ProtoMessage()

func (*AttestCertRequest) Reset 

func (m *AttestCertRequest) Reset()

func (*AttestCertRequest) String 

func (m *AttestCertRequest) String() string

type AttestCertResponse 

type AttestCertResponse struct {
	Error             *int32   `protobuf:"varint,1,req,name=error" json:"error,omitempty"`
	IntegrityAlg      *string  `protobuf:"bytes,2,opt,name=integrity_alg" json:"integrity_alg,omitempty"`
	IntegrityHmac     []byte   `protobuf:"bytes,3,opt,name=integrity_hmac" json:"integrity_hmac,omitempty"`
	EncIdentity       []byte   `protobuf:"bytes,4,opt,name=enc_identity" json:"enc_identity,omitempty"`
	EncryptedSecret   []byte   `protobuf:"bytes,5,opt,name=encrypted_secret" json:"encrypted_secret,omitempty"`
	EncryptedCert     []byte   `protobuf:"bytes,6,opt,name=encrypted_cert" json:"encrypted_cert,omitempty"`
	EncryptedCertHmac []byte   `protobuf:"bytes,7,opt,name=encrypted_cert_hmac" json:"encrypted_cert_hmac,omitempty"`
	CertChain         [][]byte `protobuf:"bytes,8,rep,name=cert_chain" json:"cert_chain,omitempty"`
	XXX_unrecognized  []byte   `json:"-"`
}

This is the response from the domain service with the encrypted attest cert.

func ProcessQuoteDomainRequest 

func ProcessQuoteDomainRequest(request AttestCertRequest, policyKey *ecdsa.PrivateKey, derPolicyCert []byte) (*AttestCertResponse, error)

This is the operation of the server. It computes the AttestResponse.

func (*AttestCertResponse) Descriptor 

func (*AttestCertResponse) Descriptor() ([]byte, []int)

func (*AttestCertResponse) GetCertChain 

func (m *AttestCertResponse) GetCertChain() [][]byte

func (*AttestCertResponse) GetEncIdentity 

func (m *AttestCertResponse) GetEncIdentity() []byte

func (*AttestCertResponse) GetEncryptedCert 

func (m *AttestCertResponse) GetEncryptedCert() []byte

func (*AttestCertResponse) GetEncryptedCertHmac 

func (m *AttestCertResponse) GetEncryptedCertHmac() []byte

func (*AttestCertResponse) GetEncryptedSecret 

func (m *AttestCertResponse) GetEncryptedSecret() []byte

func (*AttestCertResponse) GetError 

func (m *AttestCertResponse) GetError() int32

func (*AttestCertResponse) GetIntegrityAlg 

func (m *AttestCertResponse) GetIntegrityAlg() string

func (*AttestCertResponse) GetIntegrityHmac 

func (m *AttestCertResponse) GetIntegrityHmac() []byte

func (*AttestCertResponse) ProtoMessage 

func (*AttestCertResponse) ProtoMessage()

func (*AttestCertResponse) Reset 

func (m *AttestCertResponse) Reset()

func (*AttestCertResponse) String 

func (m *AttestCertResponse) String() string

type AttestParams 

type AttestParams struct {
	Magic_number    uint32
	Attest_type     uint16
	Name            []byte
	Data            []byte
	Clock           uint64
	ResetCount      uint32
	RestartCount    uint32
	Safe            byte
	FirmwareVersion uint64
	PcrSelect       []byte
	PcrDigest       []byte
}

func UnmarshalCertifyInfo 

func UnmarshalCertifyInfo(in []byte) (*AttestParams, error)

type CertParametersMessage 

type CertParametersMessage struct {
	Request          *X509CertRequestParametersMessage `protobuf:"bytes,1,opt,name=request" json:"request,omitempty"`
	Signer           *X509CertIssuerParametersMessage  `protobuf:"bytes,2,opt,name=signer" json:"signer,omitempty"`
	NotBefore        *string                           `protobuf:"bytes,3,opt,name=not_before" json:"not_before,omitempty"`
	NotAfter         *string                           `protobuf:"bytes,4,opt,name=not_after" json:"not_after,omitempty"`
	XXX_unrecognized []byte                            `json:"-"`
}

func (*CertParametersMessage) Descriptor 

func (*CertParametersMessage) Descriptor() ([]byte, []int)

func (*CertParametersMessage) GetNotAfter 

func (m *CertParametersMessage) GetNotAfter() string

func (*CertParametersMessage) GetNotBefore 

func (m *CertParametersMessage) GetNotBefore() string

func (*CertParametersMessage) GetRequest 

func (m *CertParametersMessage) GetRequest() *X509CertRequestParametersMessage

func (*CertParametersMessage) GetSigner 

func (m *CertParametersMessage) GetSigner() *X509CertIssuerParametersMessage

func (*CertParametersMessage) ProtoMessage 

func (*CertParametersMessage) ProtoMessage()

func (*CertParametersMessage) Reset 

func (m *CertParametersMessage) Reset()

func (*CertParametersMessage) String 

func (m *CertParametersMessage) String() string

type CertificateChainEntryMessage 

type CertificateChainEntryMessage struct {
	SubjectKeyName   *string `protobuf:"bytes,1,opt,name=subject_key_name" json:"subject_key_name,omitempty"`
	IssuerKeyName    *string `protobuf:"bytes,2,opt,name=issuer_key_name" json:"issuer_key_name,omitempty"`
	CertType         *string `protobuf:"bytes,3,opt,name=cert_type" json:"cert_type,omitempty"`
	CertBlob         []byte  `protobuf:"bytes,4,opt,name=cert_blob" json:"cert_blob,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*CertificateChainEntryMessage) Descriptor 

func (*CertificateChainEntryMessage) Descriptor() ([]byte, []int)

func (*CertificateChainEntryMessage) GetCertBlob 

func (m *CertificateChainEntryMessage) GetCertBlob() []byte

func (*CertificateChainEntryMessage) GetCertType 

func (m *CertificateChainEntryMessage) GetCertType() string

func (*CertificateChainEntryMessage) GetIssuerKeyName 

func (m *CertificateChainEntryMessage) GetIssuerKeyName() string

func (*CertificateChainEntryMessage) GetSubjectKeyName 

func (m *CertificateChainEntryMessage) GetSubjectKeyName() string

func (*CertificateChainEntryMessage) ProtoMessage 

func (*CertificateChainEntryMessage) ProtoMessage()

func (*CertificateChainEntryMessage) Reset 

func (m *CertificateChainEntryMessage) Reset()

func (*CertificateChainEntryMessage) String 

func (m *CertificateChainEntryMessage) String() string

type CertificateChainMessage 

type CertificateChainMessage struct {
	Entry            []*CertificateChainEntryMessage `protobuf:"bytes,1,rep,name=entry" json:"entry,omitempty"`
	XXX_unrecognized []byte                          `json:"-"`
}

func (*CertificateChainMessage) Descriptor 

func (*CertificateChainMessage) Descriptor() ([]byte, []int)

func (*CertificateChainMessage) GetEntry 

func (m *CertificateChainMessage) GetEntry() []*CertificateChainEntryMessage

func (*CertificateChainMessage) ProtoMessage 

func (*CertificateChainMessage) ProtoMessage()

func (*CertificateChainMessage) Reset 

func (m *CertificateChainMessage) Reset()

func (*CertificateChainMessage) String 

func (m *CertificateChainMessage) String() string

type EndorsementKeyMessage 

type EndorsementKeyMessage struct {
	MachineIdentifier *string `protobuf:"bytes,1,opt,name=machine_identifier" json:"machine_identifier,omitempty"`
	Tpm2BBlob         []byte  `protobuf:"bytes,2,opt,name=tpm2b_blob" json:"tpm2b_blob,omitempty"`
	Tpm2Name          []byte  `protobuf:"bytes,3,opt,name=tpm2_name" json:"tpm2_name,omitempty"`
	XXX_unrecognized  []byte  `json:"-"`
}

func (*EndorsementKeyMessage) Descriptor 

func (*EndorsementKeyMessage) Descriptor() ([]byte, []int)

func (*EndorsementKeyMessage) GetMachineIdentifier 

func (m *EndorsementKeyMessage) GetMachineIdentifier() string

func (*EndorsementKeyMessage) GetTpm2BBlob 

func (m *EndorsementKeyMessage) GetTpm2BBlob() []byte

func (*EndorsementKeyMessage) GetTpm2Name 

func (m *EndorsementKeyMessage) GetTpm2Name() []byte

func (*EndorsementKeyMessage) ProtoMessage 

func (*EndorsementKeyMessage) ProtoMessage()

func (*EndorsementKeyMessage) Reset 

func (m *EndorsementKeyMessage) Reset()

func (*EndorsementKeyMessage) String 

func (m *EndorsementKeyMessage) String() string

type Handle 

type Handle uint32

A Handle is a 32-bit unsigned integer.

func AssistCreateSession 

func AssistCreateSession(rw io.ReadWriter, hash_alg uint16,
	pcrs []int) (Handle, []byte, error)

return handle, policy digest

func CreateEndorsement 

func CreateEndorsement(rw io.ReadWriter, modSize uint16, pcrs []int) (Handle, []byte, error)

func CreatePrimary 

func CreatePrimary(rw io.ReadWriter, owner uint32, pcr_nums []int,
	parent_password, owner_password string, parms RsaParams) (Handle, []byte, error)

CreatePrimary 

Output: handle, public key blob

func CreateTpm2HierarchyRoot 

func CreateTpm2HierarchyRoot(rw io.ReadWriter, pcrs []int, keySize uint16, hash_alg_id uint16) (Handle, error)

func DecodeCreatePrimary 

func DecodeCreatePrimary(in []byte) (Handle, []byte, error)

DecodeCreatePrimary decodes a CreatePrimary response.

func DecodeLoad 

func DecodeLoad(in []byte) (Handle, []byte, error)

DecodeLoad decodes a Load response. 

handle, name

func DecodeLoadContext 

func DecodeLoadContext(in []byte) (Handle, error)

DecodeLoadContext decodes a LoadContext response.

func DecodeStartAuthSession 

func DecodeStartAuthSession(in []byte) (Handle, []byte, error)

DecodeStartAuthSession decodes a StartAuthSession response. 

Output: session_handle, nonce

func GetNvHandle 

func GetNvHandle(slot uint32) (Handle, error)

Make an NvHandle

func Load 

func Load(rw io.ReadWriter, parentHandle Handle, parentAuth string, ownerAuth string,
	public_blob []byte, private_blob []byte) (Handle, []byte, error)

Load 

Output: handle

func LoadContext 

func LoadContext(rw io.ReadWriter, save_area []byte) (Handle, error)

LoadContext

func LoadKeyFromBlobs 

func LoadKeyFromBlobs(rw io.ReadWriter, ownerHandle Handle, ownerPw string, objectPw string,
	publicBlob []byte, privateBlob []byte) (Handle, error)

Loads keys from blobs.

func StartAuthSession 

func StartAuthSession(rw io.ReadWriter, tpm_key Handle, bind_key Handle,
	nonceCaller []byte, secret []byte,
	se byte, sym uint16, hash_alg uint16) (Handle, []byte, error)

StartAuthSession

type KeyedHashParams 

type KeyedHashParams struct {
	Type_alg    uint16
	Hash_alg    uint16
	Attributes  uint32
	Auth_policy []byte
	Symalg      uint16
	Sym_sz      uint16
	Mode        uint16
	Scheme      uint16
	Unique      []byte
}

type PrivateKeyBlobMessage 

type PrivateKeyBlobMessage struct {
	KeyType          *string `protobuf:"bytes,1,req,name=key_type" json:"key_type,omitempty"`
	KeyName          *string `protobuf:"bytes,2,opt,name=key_name" json:"key_name,omitempty"`
	Blob             []byte  `protobuf:"bytes,3,opt,name=blob" json:"blob,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*PrivateKeyBlobMessage) Descriptor 

func (*PrivateKeyBlobMessage) Descriptor() ([]byte, []int)

func (*PrivateKeyBlobMessage) GetBlob 

func (m *PrivateKeyBlobMessage) GetBlob() []byte

func (*PrivateKeyBlobMessage) GetKeyName 

func (m *PrivateKeyBlobMessage) GetKeyName() string

func (*PrivateKeyBlobMessage) GetKeyType 

func (m *PrivateKeyBlobMessage) GetKeyType() string

func (*PrivateKeyBlobMessage) ProtoMessage 

func (*PrivateKeyBlobMessage) ProtoMessage()

func (*PrivateKeyBlobMessage) Reset 

func (m *PrivateKeyBlobMessage) Reset()

func (*PrivateKeyBlobMessage) String 

func (m *PrivateKeyBlobMessage) String() string

type ProgramCertRequestMessage 

type ProgramCertRequestMessage struct {
	RequestId           *string               `protobuf:"bytes,1,opt,name=request_id" json:"request_id,omitempty"`
	EndorsementCertBlob []byte                `protobuf:"bytes,2,opt,name=endorsement_cert_blob" json:"endorsement_cert_blob,omitempty"`
	ProgramKey          *ProgramKeyParameters `protobuf:"bytes,3,opt,name=program_key" json:"program_key,omitempty"`
	QuoteSignAlg        *string               `protobuf:"bytes,4,opt,name=quote_sign_alg" json:"quote_sign_alg,omitempty"`
	QuoteSignHashAlg    *string               `protobuf:"bytes,5,opt,name=quote_sign_hash_alg" json:"quote_sign_hash_alg,omitempty"`
	QuoteSignature      []byte                `protobuf:"bytes,6,opt,name=quote_signature" json:"quote_signature,omitempty"`
	QuoteKeyInfo        *QuoteKeyInfoMessage  `protobuf:"bytes,7,opt,name=quote_key_info" json:"quote_key_info,omitempty"`
	QuotedBlob          []byte                `protobuf:"bytes,8,opt,name=quoted_blob" json:"quoted_blob,omitempty"`
	XXX_unrecognized    []byte                `json:"-"`
}

func (*ProgramCertRequestMessage) Descriptor 

func (*ProgramCertRequestMessage) Descriptor() ([]byte, []int)

func (*ProgramCertRequestMessage) GetEndorsementCertBlob 

func (m *ProgramCertRequestMessage) GetEndorsementCertBlob() []byte

func (*ProgramCertRequestMessage) GetProgramKey 

func (m *ProgramCertRequestMessage) GetProgramKey() *ProgramKeyParameters

func (*ProgramCertRequestMessage) GetQuoteKeyInfo 

func (m *ProgramCertRequestMessage) GetQuoteKeyInfo() *QuoteKeyInfoMessage

func (*ProgramCertRequestMessage) GetQuoteSignAlg 

func (m *ProgramCertRequestMessage) GetQuoteSignAlg() string

func (*ProgramCertRequestMessage) GetQuoteSignHashAlg 

func (m *ProgramCertRequestMessage) GetQuoteSignHashAlg() string

func (*ProgramCertRequestMessage) GetQuoteSignature 

func (m *ProgramCertRequestMessage) GetQuoteSignature() []byte

func (*ProgramCertRequestMessage) GetQuotedBlob 

func (m *ProgramCertRequestMessage) GetQuotedBlob() []byte

func (*ProgramCertRequestMessage) GetRequestId 

func (m *ProgramCertRequestMessage) GetRequestId() string

func (*ProgramCertRequestMessage) ProtoMessage 

func (*ProgramCertRequestMessage) ProtoMessage()

func (*ProgramCertRequestMessage) Reset 

func (m *ProgramCertRequestMessage) Reset()

func (*ProgramCertRequestMessage) String 

func (m *ProgramCertRequestMessage) String() string

type ProgramCertResponseMessage 

type ProgramCertResponseMessage struct {
	RequestId    *string `protobuf:"bytes,1,opt,name=request_id" json:"request_id,omitempty"`
	ProgramName  *string `protobuf:"bytes,2,opt,name=program_name" json:"program_name,omitempty"`
	IntegrityAlg *string `protobuf:"bytes,3,opt,name=integrity_alg" json:"integrity_alg,omitempty"`
	// outer HMAC, does not include size in buffer
	// HMAC key is KDFa derived from seed and "INTEGRITY"
	// This is a TPM2B_DIGEST and has a size.
	IntegrityHMAC []byte `protobuf:"bytes,4,opt,name=integrityHMAC" json:"integrityHMAC,omitempty"`
	// encIdentity, does not include size of encIdentity in buffer.
	// encIdentity should be an encrypted correctly marshalled
	// This is an encrypted TPM2B_DIGEST and has a size.
	// encIdentity is always CFB Aes-128 encrypted
	// with KDFa derived key derived from the "seed," "STORAGE" and
	// the name of the quote key.
	EncIdentity []byte `protobuf:"bytes,5,opt,name=encIdentity" json:"encIdentity,omitempty"`
	// protector-key private-key encrypted seed || "IDENTITY" buffer
	Secret []byte `protobuf:"bytes,6,opt,name=secret" json:"secret,omitempty"`
	// Signed, der-encoded program cert CTR encrypted with
	// secret in credential buffer.  TODO(jlm): should also
	// contain an HMAC.
	EncryptedCert     []byte `protobuf:"bytes,7,opt,name=encrypted_cert" json:"encrypted_cert,omitempty"`
	EncryptedCertHmac []byte `protobuf:"bytes,8,opt,name=encrypted_cert_hmac" json:"encrypted_cert_hmac,omitempty"`
	XXX_unrecognized  []byte `json:"-"`
}

func ConstructServerResponse 

func ConstructServerResponse(policy_private_key *rsa.PrivateKey, der_policy_cert []byte,
	signing_instructions_message SigningInstructionsMessage,
	request ProgramCertRequestMessage) (*ProgramCertResponseMessage, error)

Input: policy private key

func (*ProgramCertResponseMessage) Descriptor 

func (*ProgramCertResponseMessage) Descriptor() ([]byte, []int)

func (*ProgramCertResponseMessage) GetEncIdentity 

func (m *ProgramCertResponseMessage) GetEncIdentity() []byte

func (*ProgramCertResponseMessage) GetEncryptedCert 

func (m *ProgramCertResponseMessage) GetEncryptedCert() []byte

func (*ProgramCertResponseMessage) GetEncryptedCertHmac 

func (m *ProgramCertResponseMessage) GetEncryptedCertHmac() []byte

func (*ProgramCertResponseMessage) GetIntegrityAlg 

func (m *ProgramCertResponseMessage) GetIntegrityAlg() string

func (*ProgramCertResponseMessage) GetIntegrityHMAC 

func (m *ProgramCertResponseMessage) GetIntegrityHMAC() []byte

func (*ProgramCertResponseMessage) GetProgramName 

func (m *ProgramCertResponseMessage) GetProgramName() string

func (*ProgramCertResponseMessage) GetRequestId 

func (m *ProgramCertResponseMessage) GetRequestId() string

func (*ProgramCertResponseMessage) GetSecret 

func (m *ProgramCertResponseMessage) GetSecret() []byte

func (*ProgramCertResponseMessage) ProtoMessage 

func (*ProgramCertResponseMessage) ProtoMessage()

func (*ProgramCertResponseMessage) Reset 

func (m *ProgramCertResponseMessage) Reset()

func (*ProgramCertResponseMessage) String 

func (m *ProgramCertResponseMessage) String() string

type ProgramKeyParameters 

type ProgramKeyParameters struct {
	ProgramName           *string `protobuf:"bytes,1,opt,name=program_name" json:"program_name,omitempty"`
	ProgramKeyType        *string `protobuf:"bytes,2,opt,name=program_key_type" json:"program_key_type,omitempty"`
	ProgramBitModulusSize *int32  `protobuf:"varint,3,opt,name=program_bit_modulus_size" json:"program_bit_modulus_size,omitempty"`
	ProgramKeyExponent    []byte  `protobuf:"bytes,4,opt,name=program_key_exponent" json:"program_key_exponent,omitempty"`
	ProgramKeyModulus     []byte  `protobuf:"bytes,5,opt,name=program_key_modulus" json:"program_key_modulus,omitempty"`
	XXX_unrecognized      []byte  `json:"-"`
}

func (*ProgramKeyParameters) Descriptor 

func (*ProgramKeyParameters) Descriptor() ([]byte, []int)

func (*ProgramKeyParameters) GetProgramBitModulusSize 

func (m *ProgramKeyParameters) GetProgramBitModulusSize() int32

func (*ProgramKeyParameters) GetProgramKeyExponent 

func (m *ProgramKeyParameters) GetProgramKeyExponent() []byte

func (*ProgramKeyParameters) GetProgramKeyModulus 

func (m *ProgramKeyParameters) GetProgramKeyModulus() []byte

func (*ProgramKeyParameters) GetProgramKeyType 

func (m *ProgramKeyParameters) GetProgramKeyType() string

func (*ProgramKeyParameters) GetProgramName 

func (m *ProgramKeyParameters) GetProgramName() string

func (*ProgramKeyParameters) ProtoMessage 

func (*ProgramKeyParameters) ProtoMessage()

func (*ProgramKeyParameters) Reset 

func (m *ProgramKeyParameters) Reset()

func (*ProgramKeyParameters) String 

func (m *ProgramKeyParameters) String() string

type PublicKeyMessage 

type PublicKeyMessage struct {
	KeyType          *string              `protobuf:"bytes,1,opt,name=key_type" json:"key_type,omitempty"`
	RsaKey           *RsaPublicKeyMessage `protobuf:"bytes,2,opt,name=rsa_key" json:"rsa_key,omitempty"`
	XXX_unrecognized []byte               `json:"-"`
}

func (*PublicKeyMessage) Descriptor 

func (*PublicKeyMessage) Descriptor() ([]byte, []int)

func (*PublicKeyMessage) GetKeyType 

func (m *PublicKeyMessage) GetKeyType() string

func (*PublicKeyMessage) GetRsaKey 

func (m *PublicKeyMessage) GetRsaKey() *RsaPublicKeyMessage

func (*PublicKeyMessage) ProtoMessage 

func (*PublicKeyMessage) ProtoMessage()

func (*PublicKeyMessage) Reset 

func (m *PublicKeyMessage) Reset()

func (*PublicKeyMessage) String 

func (m *PublicKeyMessage) String() string

type QuoteCertificationInformation 

type QuoteCertificationInformation struct {
	Magic            []byte `protobuf:"bytes,1,opt,name=magic" json:"magic,omitempty"`
	Type             []byte `protobuf:"bytes,2,opt,name=type" json:"type,omitempty"`
	Qualifiedsigner  []byte `protobuf:"bytes,3,opt,name=qualifiedsigner" json:"qualifiedsigner,omitempty"`
	ExtraData        []byte `protobuf:"bytes,4,opt,name=extraData" json:"extraData,omitempty"`
	Clockinfo        []byte `protobuf:"bytes,5,opt,name=clockinfo" json:"clockinfo,omitempty"`
	Firmwareversion  *int64 `protobuf:"varint,6,opt,name=firmwareversion" json:"firmwareversion,omitempty"`
	PcrSelection     []byte `protobuf:"bytes,7,opt,name=pcr_selection" json:"pcr_selection,omitempty"`
	Digest           []byte `protobuf:"bytes,8,opt,name=digest" json:"digest,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

func (*QuoteCertificationInformation) Descriptor 

func (*QuoteCertificationInformation) Descriptor() ([]byte, []int)

func (*QuoteCertificationInformation) GetClockinfo 

func (m *QuoteCertificationInformation) GetClockinfo() []byte

func (*QuoteCertificationInformation) GetDigest 

func (m *QuoteCertificationInformation) GetDigest() []byte

func (*QuoteCertificationInformation) GetExtraData 

func (m *QuoteCertificationInformation) GetExtraData() []byte

func (*QuoteCertificationInformation) GetFirmwareversion 

func (m *QuoteCertificationInformation) GetFirmwareversion() int64

func (*QuoteCertificationInformation) GetMagic 

func (m *QuoteCertificationInformation) GetMagic() []byte

func (*QuoteCertificationInformation) GetPcrSelection 

func (m *QuoteCertificationInformation) GetPcrSelection() []byte

func (*QuoteCertificationInformation) GetQualifiedsigner 

func (m *QuoteCertificationInformation) GetQualifiedsigner() []byte

func (*QuoteCertificationInformation) GetType 

func (m *QuoteCertificationInformation) GetType() []byte

func (*QuoteCertificationInformation) ProtoMessage 

func (*QuoteCertificationInformation) ProtoMessage()

func (*QuoteCertificationInformation) Reset 

func (m *QuoteCertificationInformation) Reset()

func (*QuoteCertificationInformation) String 

func (m *QuoteCertificationInformation) String() string

type QuoteKeyInfoMessage 

type QuoteKeyInfoMessage struct {
	// public key parameters of "quote-key"
	PublicKey *PublicKeyMessage `protobuf:"bytes,1,opt,name=public_key" json:"public_key,omitempty"`
	// Tpm2 name (hash) of the "quote-key" info
	Name []byte `protobuf:"bytes,2,opt,name=name" json:"name,omitempty"`
	// objectAttributes of the "quote key"
	Properties       *int32 `protobuf:"varint,3,opt,name=properties" json:"properties,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

func (*QuoteKeyInfoMessage) Descriptor 

func (*QuoteKeyInfoMessage) Descriptor() ([]byte, []int)

func (*QuoteKeyInfoMessage) GetName 

func (m *QuoteKeyInfoMessage) GetName() []byte

func (*QuoteKeyInfoMessage) GetProperties 

func (m *QuoteKeyInfoMessage) GetProperties() int32

func (*QuoteKeyInfoMessage) GetPublicKey 

func (m *QuoteKeyInfoMessage) GetPublicKey() *PublicKeyMessage

func (*QuoteKeyInfoMessage) ProtoMessage 

func (*QuoteKeyInfoMessage) ProtoMessage()

func (*QuoteKeyInfoMessage) Reset 

func (m *QuoteKeyInfoMessage) Reset()

func (*QuoteKeyInfoMessage) String 

func (m *QuoteKeyInfoMessage) String() string

type RsaParams 

type RsaParams struct {
	Enc_alg     uint16
	Hash_alg    uint16
	Attributes  uint32
	Auth_policy []byte
	Symalg      uint16
	Sym_sz      uint16
	Mode        uint16
	Scheme      uint16
	Scheme_hash uint16
	Mod_sz      uint16
	Exp         uint32
	Modulus     []byte
}

func DecodeRsaArea 

func DecodeRsaArea(in []byte) (*RsaParams, error)

nil is error

func DecodeRsaBuf 

func DecodeRsaBuf(rsa_buf []byte) (*RsaParams, error)

type RsaPrivateKeyMessage 

type RsaPrivateKeyMessage struct {
	PublicKey        *RsaPublicKeyMessage `protobuf:"bytes,1,req,name=public_key" json:"public_key,omitempty"`
	D                []byte               `protobuf:"bytes,2,opt,name=d" json:"d,omitempty"`
	P                []byte               `protobuf:"bytes,3,opt,name=p" json:"p,omitempty"`
	Q                []byte               `protobuf:"bytes,4,opt,name=q" json:"q,omitempty"`
	Dp               []byte               `protobuf:"bytes,5,opt,name=dp" json:"dp,omitempty"`
	Dq               []byte               `protobuf:"bytes,6,opt,name=dq" json:"dq,omitempty"`
	XXX_unrecognized []byte               `json:"-"`
}

func MarshalRsaPrivateToProto 

func MarshalRsaPrivateToProto(key *rsa.PrivateKey) (*RsaPrivateKeyMessage, error)

func (*RsaPrivateKeyMessage) Descriptor 

func (*RsaPrivateKeyMessage) Descriptor() ([]byte, []int)

func (*RsaPrivateKeyMessage) GetD 

func (m *RsaPrivateKeyMessage) GetD() []byte

func (*RsaPrivateKeyMessage) GetDp 

func (m *RsaPrivateKeyMessage) GetDp() []byte

func (*RsaPrivateKeyMessage) GetDq 

func (m *RsaPrivateKeyMessage) GetDq() []byte

func (*RsaPrivateKeyMessage) GetP 

func (m *RsaPrivateKeyMessage) GetP() []byte

func (*RsaPrivateKeyMessage) GetPublicKey 

func (m *RsaPrivateKeyMessage) GetPublicKey() *RsaPublicKeyMessage

func (*RsaPrivateKeyMessage) GetQ 

func (m *RsaPrivateKeyMessage) GetQ() []byte

func (*RsaPrivateKeyMessage) ProtoMessage 

func (*RsaPrivateKeyMessage) ProtoMessage()

func (*RsaPrivateKeyMessage) Reset 

func (m *RsaPrivateKeyMessage) Reset()

func (*RsaPrivateKeyMessage) String 

func (m *RsaPrivateKeyMessage) String() string

type RsaPublicKeyMessage 

type RsaPublicKeyMessage struct {
	KeyName          *string `protobuf:"bytes,1,opt,name=key_name" json:"key_name,omitempty"`
	BitModulusSize   *int32  `protobuf:"varint,2,req,name=bit_modulus_size" json:"bit_modulus_size,omitempty"`
	Exponent         []byte  `protobuf:"bytes,3,req,name=exponent" json:"exponent,omitempty"`
	Modulus          []byte  `protobuf:"bytes,4,req,name=modulus" json:"modulus,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*RsaPublicKeyMessage) Descriptor 

func (*RsaPublicKeyMessage) Descriptor() ([]byte, []int)

func (*RsaPublicKeyMessage) GetBitModulusSize 

func (m *RsaPublicKeyMessage) GetBitModulusSize() int32

func (*RsaPublicKeyMessage) GetExponent 

func (m *RsaPublicKeyMessage) GetExponent() []byte

func (*RsaPublicKeyMessage) GetKeyName 

func (m *RsaPublicKeyMessage) GetKeyName() string

func (*RsaPublicKeyMessage) GetModulus 

func (m *RsaPublicKeyMessage) GetModulus() []byte

func (*RsaPublicKeyMessage) ProtoMessage 

func (*RsaPublicKeyMessage) ProtoMessage()

func (*RsaPublicKeyMessage) Reset 

func (m *RsaPublicKeyMessage) Reset()

func (*RsaPublicKeyMessage) String 

func (m *RsaPublicKeyMessage) String() string

type SigningInstructionsMessage 

type SigningInstructionsMessage struct {
	Issuer           *string `protobuf:"bytes,1,opt,name=issuer" json:"issuer,omitempty"`
	Duration         *int64  `protobuf:"varint,2,opt,name=duration" json:"duration,omitempty"`
	Purpose          *string `protobuf:"bytes,3,opt,name=purpose" json:"purpose,omitempty"`
	Date             *string `protobuf:"bytes,4,opt,name=date" json:"date,omitempty"`
	Time             *string `protobuf:"bytes,5,opt,name=time" json:"time,omitempty"`
	SignAlg          *string `protobuf:"bytes,6,opt,name=sign_alg" json:"sign_alg,omitempty"`
	HashAlg          *string `protobuf:"bytes,7,opt,name=hash_alg" json:"hash_alg,omitempty"`
	IsCA             *bool   `protobuf:"varint,8,opt,name=isCA" json:"isCA,omitempty"`
	CanSign          *bool   `protobuf:"varint,9,opt,name=can_sign" json:"can_sign,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*SigningInstructionsMessage) Descriptor 

func (*SigningInstructionsMessage) Descriptor() ([]byte, []int)

func (*SigningInstructionsMessage) GetCanSign 

func (m *SigningInstructionsMessage) GetCanSign() bool

func (*SigningInstructionsMessage) GetDate 

func (m *SigningInstructionsMessage) GetDate() string

func (*SigningInstructionsMessage) GetDuration 

func (m *SigningInstructionsMessage) GetDuration() int64

func (*SigningInstructionsMessage) GetHashAlg 

func (m *SigningInstructionsMessage) GetHashAlg() string

func (*SigningInstructionsMessage) GetIsCA 

func (m *SigningInstructionsMessage) GetIsCA() bool

func (*SigningInstructionsMessage) GetIssuer 

func (m *SigningInstructionsMessage) GetIssuer() string

func (*SigningInstructionsMessage) GetPurpose 

func (m *SigningInstructionsMessage) GetPurpose() string

func (*SigningInstructionsMessage) GetSignAlg 

func (m *SigningInstructionsMessage) GetSignAlg() string

func (*SigningInstructionsMessage) GetTime 

func (m *SigningInstructionsMessage) GetTime() string

func (*SigningInstructionsMessage) ProtoMessage 

func (*SigningInstructionsMessage) ProtoMessage()

func (*SigningInstructionsMessage) Reset 

func (m *SigningInstructionsMessage) Reset()

func (*SigningInstructionsMessage) String 

func (m *SigningInstructionsMessage) String() string

type TpmError 

type TpmError uint32

A TpmError is an error value from the TPM. 

const (
	ErrSuccess TpmError = 0
)

func DecodeCommandResponse 

func DecodeCommandResponse(in []byte) (uint16, uint32, TpmError, error)

Decode response

type ValidPcrCheck 

type ValidPcrCheck func([]byte, []byte) bool

type X509CertIssuerParametersMessage 

type X509CertIssuerParametersMessage struct {
	CommonName          *string           `protobuf:"bytes,1,req,name=common_name" json:"common_name,omitempty"`
	CountryName         *string           `protobuf:"bytes,2,opt,name=country_name" json:"country_name,omitempty"`
	StateName           *string           `protobuf:"bytes,3,opt,name=state_name" json:"state_name,omitempty"`
	LocalityName        *string           `protobuf:"bytes,4,opt,name=locality_name" json:"locality_name,omitempty"`
	OrganizationName    *string           `protobuf:"bytes,5,opt,name=organization_name" json:"organization_name,omitempty"`
	SuborganizationName *string           `protobuf:"bytes,6,opt,name=suborganization_name" json:"suborganization_name,omitempty"`
	Purpose             *string           `protobuf:"bytes,7,opt,name=purpose" json:"purpose,omitempty"`
	Key                 *PublicKeyMessage `protobuf:"bytes,8,opt,name=key" json:"key,omitempty"`
	XXX_unrecognized    []byte            `json:"-"`
}

func (*X509CertIssuerParametersMessage) Descriptor 

func (*X509CertIssuerParametersMessage) Descriptor() ([]byte, []int)

func (*X509CertIssuerParametersMessage) GetCommonName 

func (m *X509CertIssuerParametersMessage) GetCommonName() string

func (*X509CertIssuerParametersMessage) GetCountryName 

func (m *X509CertIssuerParametersMessage) GetCountryName() string

func (*X509CertIssuerParametersMessage) GetKey 

func (m *X509CertIssuerParametersMessage) GetKey() *PublicKeyMessage

func (*X509CertIssuerParametersMessage) GetLocalityName 

func (m *X509CertIssuerParametersMessage) GetLocalityName() string

func (*X509CertIssuerParametersMessage) GetOrganizationName 

func (m *X509CertIssuerParametersMessage) GetOrganizationName() string

func (*X509CertIssuerParametersMessage) GetPurpose 

func (m *X509CertIssuerParametersMessage) GetPurpose() string

func (*X509CertIssuerParametersMessage) GetStateName 

func (m *X509CertIssuerParametersMessage) GetStateName() string

func (*X509CertIssuerParametersMessage) GetSuborganizationName 

func (m *X509CertIssuerParametersMessage) GetSuborganizationName() string

func (*X509CertIssuerParametersMessage) ProtoMessage 

func (*X509CertIssuerParametersMessage) ProtoMessage()

func (*X509CertIssuerParametersMessage) Reset 

func (m *X509CertIssuerParametersMessage) Reset()

func (*X509CertIssuerParametersMessage) String 

func (m *X509CertIssuerParametersMessage) String() string

type X509CertRequestParametersMessage 

type X509CertRequestParametersMessage struct {
	CommonName          *string           `protobuf:"bytes,1,req,name=common_name" json:"common_name,omitempty"`
	CountryName         *string           `protobuf:"bytes,2,opt,name=country_name" json:"country_name,omitempty"`
	StateName           *string           `protobuf:"bytes,3,opt,name=state_name" json:"state_name,omitempty"`
	LocalityName        *string           `protobuf:"bytes,4,opt,name=locality_name" json:"locality_name,omitempty"`
	OrganizationName    *string           `protobuf:"bytes,5,opt,name=organization_name" json:"organization_name,omitempty"`
	SuborganizationName *string           `protobuf:"bytes,6,opt,name=suborganization_name" json:"suborganization_name,omitempty"`
	Key                 *PublicKeyMessage `protobuf:"bytes,7,opt,name=key" json:"key,omitempty"`
	XXX_unrecognized    []byte            `json:"-"`
}

func (*X509CertRequestParametersMessage) Descriptor 

func (*X509CertRequestParametersMessage) Descriptor() ([]byte, []int)

func (*X509CertRequestParametersMessage) GetCommonName 

func (m *X509CertRequestParametersMessage) GetCommonName() string

func (*X509CertRequestParametersMessage) GetCountryName 

func (m *X509CertRequestParametersMessage) GetCountryName() string

func (*X509CertRequestParametersMessage) GetKey 

func (m *X509CertRequestParametersMessage) GetKey() *PublicKeyMessage

func (*X509CertRequestParametersMessage) GetLocalityName 

func (m *X509CertRequestParametersMessage) GetLocalityName() string

func (*X509CertRequestParametersMessage) GetOrganizationName 

func (m *X509CertRequestParametersMessage) GetOrganizationName() string

func (*X509CertRequestParametersMessage) GetStateName 

func (m *X509CertRequestParametersMessage) GetStateName() string

func (*X509CertRequestParametersMessage) GetSuborganizationName 

func (m *X509CertRequestParametersMessage) GetSuborganizationName() string

func (*X509CertRequestParametersMessage) ProtoMessage 

func (*X509CertRequestParametersMessage) ProtoMessage()

func (*X509CertRequestParametersMessage) Reset 

func (m *X509CertRequestParametersMessage) Reset()

func (*X509CertRequestParametersMessage) String 

func (m *X509CertRequestParametersMessage) String() string

Source Files

View all Source files

Directories

Path Synopsis
apps
Endorsement
FakePolicySign
PolicyKey
QuoteServer
Tpm2Keys
tpm2_apps
Endorsement
PolicyKey
QuoteServer

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.