plugin

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 27, 2025 License: MIT Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PluginName = "tpm"
)

Variables

View Source 
var (
	Log *log.Logger
)

Functions

func AcquireIdentitySRK added in v1.0.0 

func AcquireIdentitySRK(tpm transport.TPMCloser, identity *Identity) (*tpm2.AuthHandle, *tpm2.TPMTPublic, error)

func EncryptFileKey added in v0.2.0 

func EncryptFileKey(fileKey []byte, pubkey *ecdh.PublicKey) ([]byte, []byte, error)

Wraps the file key in a session key Returns the sealed filekey, the session pubkey bytes, error

func FlushHandle added in v0.2.0 

func FlushHandle(tpm transport.TPM, h handle)

Helper to flush handles

func GetFixedSim added in v0.3.0 

func GetFixedSim() (transport.TPMCloser, error)

func LoadIdentity added in v0.1.0 

func LoadIdentity(tpm transport.TPMCloser, identity *Identity) (*tpm2.AuthHandle, error)

func LoadIdentityWithParent added in v0.1.0 

func LoadIdentityWithParent(tpm transport.TPMCloser, parent tpm2.AuthHandle, identity *Identity) (*tpm2.AuthHandle, error)

func MarshalCompressedEC added in v0.2.0 

func MarshalCompressedEC(pk *ecdh.PublicKey) []byte

Marshal a compressed EC key

func MarshalIdentity 

func MarshalIdentity(i *Identity, recipient fmt.Stringer, w io.Writer) error

func MarshalRecipient 

func MarshalRecipient(recipient fmt.Stringer, w io.Writer) error

func NewTPM added in v0.1.0 

func NewTPM(tpmPath string) (transport.TPMCloser, error)

Setup a NewTPMDevice

func NewTagRecipient added in v1.0.0 

func NewTagRecipient(ecc *ecdh.PublicKey) (*tag.Recipient, error)

func NewTagRecipientFromBytes added in v1.0.0 

func NewTagRecipientFromBytes(s []byte) (*tag.Recipient, error)

func PublicToECDH added in v1.0.0 

func PublicToECDH(b tpm2.TPM2BPublic) (*ecdh.PublicKey, error)

func SetLogger 

func SetLogger(w io.Writer)

func UnmarshalCompressedEC added in v0.2.0 

func UnmarshalCompressedEC(b []byte) (*big.Int, *big.Int, *ecdh.PublicKey, error)

Unmarshal a compressed ec key

func UnwrapKey added in v0.2.0 

func UnwrapKey(sessionKey, publicKey *ecdh.PublicKey, shared, fileKey []byte) ([]byte, error)

Unwraps a key using the standard kdf function.

func WrapKey added in v0.2.0 

func WrapKey(sessionKey, publicKey *ecdh.PublicKey, shared, fileKey []byte) ([]byte, error)

Wraps a key using the standard kdf function.

Types

type Identity added in v0.1.0 

type Identity struct {
	Version uint8
	PIN     PINStatus
	Private tpm2.TPM2BPrivate
	Public  tpm2.TPM2BPublic
	SRKName *tpm2.TPM2BName
	// contains filtered or unexported fields
}

Identity is the base Identity file for serialziation/deserialization

func CreateIdentity added in v0.1.0 

func CreateIdentity(tpm transport.TPMCloser, pin []byte) (*Identity, *tag.Recipient, error)

Creates a new identity. It initializes a new SRK parent in the TPM and returns the identity and the corresponding recipient. Note: It does not load the identity key into the TPM.

func DecodeIdentity added in v0.1.0 

func DecodeIdentity(s string) (*Identity, error)

func ParseIdentity added in v0.1.0 

func ParseIdentity(f io.Reader) (*Identity, error)

func (*Identity) Callbacks added in v1.0.0 

func (i *Identity) Callbacks(plugin *plugin.Plugin, tpm transport.TPMCloser, pin func() ([]byte, error))

func (*Identity) HasPIN added in v1.0.0 

func (i *Identity) HasPIN() bool

func (*Identity) Publickey added in v1.0.0 

func (i *Identity) Publickey() *ecdh.PublicKey

func (*Identity) Recipient added in v0.2.0 

func (i *Identity) Recipient() (*tag.Recipient, error)

func (*Identity) Serialize added in v0.1.0 

func (i *Identity) Serialize() []any

func (*Identity) String added in v1.0.0 

func (i *Identity) String() string

func (*Identity) TPMRecipient added in v1.0.0 

func (i *Identity) TPMRecipient() *TPMRecipient

func (*Identity) Unwrap added in v1.0.0 

func (i *Identity) Unwrap(stanzas []*age.Stanza) (fileKey []byte, err error)

type PINStatus 

type PINStatus uint8

We need to know if the TPM handle has a pin set 

const (
	NoPIN PINStatus = iota
	HasPIN
)

func (PINStatus) String 

func (p PINStatus) String() string

type TPMCloser added in v0.3.0 

type TPMCloser struct {
	// contains filtered or unexported fields
}

TPM represents a connection to a TPM simulator.

func (*TPMCloser) Close added in v0.3.0 

func (t *TPMCloser) Close() error

Close implements the TPM interface.

func (*TPMCloser) Send added in v0.3.0 

func (t *TPMCloser) Send(input []byte) ([]byte, error)

Send implements the TPM interface.

type TPMIdentity added in v1.0.0 

type TPMIdentity struct {
	// contains filtered or unexported fields
}

TPMIdentity implements the tpm identity handler

func NewTPMIdentity added in v1.0.0 

func NewTPMIdentity(tpm transport.TPMCloser, pin func() ([]byte, error), identity *Identity) *TPMIdentity

func (*TPMIdentity) Unwrap added in v1.0.0 

func (t *TPMIdentity) Unwrap(stanzas []*age.Stanza) (fileKey []byte, err error)

type TPMKeyExchange added in v1.0.0 

type TPMKeyExchange struct {
	// contains filtered or unexported fields
}

func NewTPMKeyExchange added in v1.0.0 

func NewTPMKeyExchange(tpm transport.TPMCloser, pin []byte, i *Identity) *TPMKeyExchange

func (*TPMKeyExchange) Curve added in v1.0.0 

func (t *TPMKeyExchange) Curve() ecdh.Curve

func (*TPMKeyExchange) ECDH added in v1.0.0 

func (t *TPMKeyExchange) ECDH(remoteKey *ecdh.PublicKey) ([]byte, error)

func (*TPMKeyExchange) PublicKey added in v1.0.0 

func (t *TPMKeyExchange) PublicKey() *ecdh.PublicKey

type TPMRecipient added in v1.0.0 

type TPMRecipient struct {
	Pubkey *ecdh.PublicKey
	// contains filtered or unexported fields
}

func NewTPMRecipient added in v1.0.0 

func NewTPMRecipient(ecc *ecdh.PublicKey) *TPMRecipient

func ParseTPMRecipient added in v1.0.0 

func ParseTPMRecipient(s string) (*TPMRecipient, error)

func (*TPMRecipient) Bytes added in v1.0.0 

func (r *TPMRecipient) Bytes() []byte

func (*TPMRecipient) String added in v1.0.0 

func (r *TPMRecipient) String() string

func (*TPMRecipient) Tag added in v1.0.0 

func (r *TPMRecipient) Tag() []byte

func (*TPMRecipient) Wrap added in v1.0.0 

func (r *TPMRecipient) Wrap(fileKey []byte) ([]*age.Stanza, error)

type TPMTagIdentity added in v1.0.0 

type TPMTagIdentity struct {
	// contains filtered or unexported fields
}

TPMTagIdentity implements the p256tag identity handler

func NewTPMTagIdentity added in v1.0.0 

func NewTPMTagIdentity(tpm transport.TPMCloser, pin func() ([]byte, error), identity *Identity) *TPMTagIdentity

func (*TPMTagIdentity) Recipient added in v1.0.0 

func (t *TPMTagIdentity) Recipient() *tag.Recipient

func (*TPMTagIdentity) Unwrap added in v1.0.0 

func (t *TPMTagIdentity) Unwrap(stanzas []*age.Stanza) ([]byte, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.