tss2

package
v0.44.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 15 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ECCSRKTemplate contains the TCG reference ECC-P256 SRK template.
	// https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf
	ECCSRKTemplate = tpm2.Public{
		Type:       tpm2.AlgECC,
		NameAlg:    tpm2.AlgSHA256,
		Attributes: tpm2.FlagStorageDefault | tpm2.FlagNoDA,
		ECCParameters: &tpm2.ECCParams{
			Symmetric: &tpm2.SymScheme{
				Alg:     tpm2.AlgAES,
				KeyBits: 128,
				Mode:    tpm2.AlgCFB,
			},
			Sign: &tpm2.SigScheme{
				Alg: tpm2.AlgNull,
			},
			CurveID: tpm2.CurveNISTP256,
		},
	}

	// RSASRKTemplate contains the TCG reference RSA-2048 SRK template.
	// https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf
	RSASRKTemplate = tpm2.Public{
		Type:       tpm2.AlgRSA,
		NameAlg:    tpm2.AlgSHA256,
		Attributes: tpm2.FlagStorageDefault | tpm2.FlagNoDA,
		RSAParameters: &tpm2.RSAParams{
			Symmetric: &tpm2.SymScheme{
				Alg:     tpm2.AlgAES,
				KeyBits: 128,
				Mode:    tpm2.AlgCFB,
			},
			ModulusRaw: make([]byte, 256),
			KeyBits:    2048,
		},
	}
)

Functions

func Encode 

func Encode(pub, priv []byte, opts ...TPMOption) (*pem.Block, error)

Encode encodes the given public and private key and returns a *pem.Block.

func EncodeToMemory 

func EncodeToMemory(pub, priv []byte, opts ...TPMOption) ([]byte, error)

EncodeToMemory encodes the given public and private key and returns an encoded PEM block.

func MarshalPrivateKey 

func MarshalPrivateKey(key *TPMKey) ([]byte, error)

MarshalPrivateKey converts the given key to a TSS2 ASN.1 DER form.

Experimental

Notice: This API is EXPERIMENTAL and may be changed or removed in a later release.

Types

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements crypto.Signer using a TPMKey.

func CreateSigner 

func CreateSigner(rw io.ReadWriter, key *TPMKey) (*Signer, error)

CreateSigner creates a new crypto.Signer with the given TPM (rw) and TPMKey. The caller is responsible for opening and closing the TPM.

func (*Signer) Public 

func (s *Signer) Public() crypto.PublicKey

Public implements the crypto.Signer interface.

func (*Signer) SetCommandChannel 

func (s *Signer) SetCommandChannel(rw io.ReadWriter)

SetCommandChannel allows to change the TPM channel. This operation is useful if the channel set in CreateSigner is closed and opened again before calling Signer.Sign.

Experimental

Notice: This API is EXPERIMENTAL and may be changed or removed in a later release.

func (*Signer) SetSRKTemplate 

func (s *Signer) SetSRKTemplate(p tpm2.Public)

SetSRKTemplate allows to change the Storage Root Key (SRK) template used to load the the public/private blobs into an object in the TPM.

It currently defaults to RSASRKTemplate, the same used as the default in the go.step.sm/crypto/tpm package.

Experimental

Notice: This API is EXPERIMENTAL and may be changed or removed in a later release.

func (*Signer) Sign 

func (s *Signer) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign implements the crypto.Signer interface.

type TPMAuthPolicy 

type TPMAuthPolicy struct {
	Name   string      `asn1:"utf8,optional,explicit,tag:0"`
	Policy []TPMPolicy `asn1:"explicit,tag:1"`
}

TPMAuthPolicy is defined in https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html#section-5.1 

TPMAuthPolicy ::= SEQUENCE {
	name    [0] EXPLICIT UTF8String OPTIONAL,
	policy  [1] EXPLICIT SEQUENCE OF TPMPolicy
}

type TPMKey 

type TPMKey struct {
	Type       asn1.ObjectIdentifier
	EmptyAuth  bool            `asn1:"optional,explicit,tag:0"`
	Policy     []TPMPolicy     `asn1:"optional,explicit,tag:1"`
	Secret     []byte          `asn1:"optional,explicit,tag:2"`
	AuthPolicy []TPMAuthPolicy `asn1:"optional,explicit,tag:3"`
	Parent     int
	PublicKey  []byte
	PrivateKey []byte
}

TPMKey is defined in https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html#section-3.1: 

TPMKey ::= SEQUENCE {
	type        OBJECT IDENTIFIER,
	emptyAuth   [0] EXPLICIT BOOLEAN OPTIONAL,
	policy      [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL,
	secret      [2] EXPLICIT OCTET STRING OPTIONAL,
	authPolicy  [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL,
	parent      INTEGER,
	pubkey      OCTET STRING,
	privkey     OCTET STRING
}

func New 

func New(pub, priv []byte, opts ...TPMOption) *TPMKey

New creates a new TPMKey with the given public and private keys.

func ParsePrivateKey 

func ParsePrivateKey(derBytes []byte) (*TPMKey, error)

ParsePrivateKey parses a single TPM key from the given ASN.1 DER data.

Experimental

Notice: This API is EXPERIMENTAL and may be changed or removed in a later release.

func (*TPMKey) Encode 

func (k *TPMKey) Encode() (*pem.Block, error)

Encode encodes the TPMKey returns a *pem.Block.

func (*TPMKey) EncodeToMemory 

func (k *TPMKey) EncodeToMemory() ([]byte, error)

EncodeToMemory encodes the TPMKey and returns an encoded PEM block.

func (*TPMKey) Public 

func (k *TPMKey) Public() (crypto.PublicKey, error)

Public returns the Go version of the public key.

type TPMOption 

type TPMOption func(*TPMKey)

TPMOption is the type used to modify a TPMKey.

func WithParent added in v0.42.1 

func WithParent(parent tpmutil.Handle) TPMOption

WithParent sets the TPMKey parent handle.

type TPMPolicy 

type TPMPolicy struct {
	CommandCode   int    `asn1:"explicit,tag:0"`
	CommandPolicy []byte `asn1:"explicit,tag:1"`
}

TPMPolicy is defined in https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html#section-4.1: 

TPMPolicy ::= SEQUENCE {
	commandCode   [0] EXPLICIT INTEGER,
	commandPolicy [1] EXPLICIT OCTET STRING
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.