tpm

package module
v0.0.0-...-ee25b94 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 11, 2023 License: Apache-2.0 Imports: 22 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

View Source
var EmulatedHostSeed = func() Option {
	return func(c *config) error {
		c.seed = tokenize()
		return nil
	}
}

EmulatedHostSeed generates a seed based on the hostname

Functions

func Authenticate

func Authenticate(akBytes []byte, channel io.ReadWriter, opts ...Option) error

Authenticate will read from the passed channel, expecting a challenge from the attestation server, will compute a challenge response via the TPM using the passed Attestation Key (AK) and will send it back to the attestation server.

func DecodeEK

func DecodeEK(pemBytes []byte) (*attest.EK, error)

DecodeEK decodes EK pem bytes to attest.EK

func DecodePubHash

func DecodePubHash(ek *attest.EK) (string, error)

DecodePubHash returns the public key from an attestation EK

func GenerateChallenge

func GenerateChallenge(ek *attest.EK, attestationData *AttestationData) ([]byte, []byte, error)

GenerateChallenge generates a challenge from attestation data and a public endorsed key

func Get

func Get(url string, opts ...Option) ([]byte, error)

Get retrieves a message from a remote ws server after a successfully process of the TPM challenge

func GetAuthToken

func GetAuthToken(opts ...Option) (string, []byte, error)

GetAuthToken generates an authentication token from the host TPM. It will return the token as a string and the generated AK that should be saved by the caller for later Authentication.

func GetPubHash

func GetPubHash(opts ...Option) (string, error)

GetPubHash returns the EK's pub hash

func ResolveToken

func ResolveToken(token string, opts ...Option) (bool, string, error)

ResolveToken is just syntax sugar around GetPubHash. If the token provided is in EK's form it just returns it, otherwise retrieves the pubhash

func ValidateChallenge

func ValidateChallenge(secret, resp []byte) error

ValidateChallenge validates a challange against a secret

Types

type AttestationData

type AttestationData struct {
	EK []byte
	AK *attest.AttestationParameters
}

AttestationData is used to generate challanges from EKs

func GetAttestationData

func GetAttestationData(header string) (*attest.EK, *AttestationData, error)

GetAttestationData returns attestation data from a TPM bearer token

type Challenge

type Challenge struct {
	EC *attest.EncryptedCredential
}

Challenge represent the struct returned from the ws server, used to resolve the TPM challenge.

type ChallengeResponse

type ChallengeResponse struct {
	Secret []byte
}

ChallengeResponse represent the struct returned to the ws server as a challenge response.

type Option

type Option func(c *config) error

Option is a generic option for TPM configuration

var AppendCustomCAToSystemCA Option = func(c *config) error {
	c.systemfallback = true
	return nil
}

AppendCustomCAToSystemCA uses the system CA pool as a fallback, appending the custom CA to it.

var Emulated Option = func(c *config) error {
	c.emulated = true
	return nil
}

Emulated sets an emulated device in place of a real native TPM device. Note, the emulated device is embedded and it is unsafe. Should just be used for testing.

func WithCAs

func WithCAs(ca []byte) Option

WithCAs sets the root CAs for the request

func WithCommandChannel

func WithCommandChannel(cc attest.CommandChannelTPM20) Option

WithCommandChannel overrides the TPM command channel

func WithHeader

func WithHeader(header http.Header) Option

WithHeader sets a specific header for the request

func WithSeed

func WithSeed(s int64) Option

WithSeed sets a permanent seed. Used with TPM emulated device.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL