Documentation
¶
Index ¶
- Constants
- type QuoteResult
- type TestVerifier
- func (t *TestVerifier) EKFingerprint(ekCertDER []byte) string
- func (t *TestVerifier) ExtractEKPublicKey(ekCertDER []byte) (crypto.PublicKey, error)
- func (t *TestVerifier) MakeCredential(ekPubKey crypto.PublicKey, akName []byte, secret []byte) ([]byte, error)
- func (t *TestVerifier) ParseAKPublic(akParams []byte) ([]byte, []byte, error)
- func (t *TestVerifier) ParseEKCert(ekCertDER []byte) (*x509.Certificate, error)
- func (t *TestVerifier) VerifyEKCert(ekCertDER []byte) (string, crypto.PublicKey, error)
- func (t *TestVerifier) VerifyQuote(akPubKeyDER []byte, nonce string, quoteB64 string, pcrValues map[int][]byte) (*QuoteResult, error)
- type Verifier
Constants ¶
View Source
const ( IdentityClassVerified = "verified" IdentityClassCrowdCorroborated = "crowd_corroborated" IdentityClassUnverifiedHW = "unverified_hw" IdentityClassSoftware = "software" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type QuoteResult ¶ added in v0.1.4
type QuoteResult struct{}
QuoteResult contains the verified results of a TPM quote. Placeholder for RFC 003 PCR validation fields.
type TestVerifier ¶
type TestVerifier struct {
VerifyEKCertFn func(ekCertDER []byte) (string, crypto.PublicKey, error)
VerifyQuoteFn func(akPubKeyDER []byte, nonce string, quoteB64 string, pcrValues map[int][]byte) (*QuoteResult, error)
MakeCredentialFn func(ekPubKey crypto.PublicKey, akName []byte, secret []byte) ([]byte, error)
ParseAKPublicFn func(akParams []byte) ([]byte, []byte, error)
ExtractEKPubKeyFn func(ekCertDER []byte) (crypto.PublicKey, error)
EKFingerprintFn func(ekCertDER []byte) string
ParseEKCertFn func(ekCertDER []byte) (*x509.Certificate, error)
}
TestVerifier is a mock TPM verifier for testing.
func (*TestVerifier) EKFingerprint ¶
func (t *TestVerifier) EKFingerprint(ekCertDER []byte) string
func (*TestVerifier) ExtractEKPublicKey ¶
func (t *TestVerifier) ExtractEKPublicKey(ekCertDER []byte) (crypto.PublicKey, error)
func (*TestVerifier) MakeCredential ¶
func (*TestVerifier) ParseAKPublic ¶
func (t *TestVerifier) ParseAKPublic(akParams []byte) ([]byte, []byte, error)
func (*TestVerifier) ParseEKCert ¶
func (t *TestVerifier) ParseEKCert(ekCertDER []byte) (*x509.Certificate, error)
func (*TestVerifier) VerifyEKCert ¶
func (*TestVerifier) VerifyQuote ¶
func (t *TestVerifier) VerifyQuote(akPubKeyDER []byte, nonce string, quoteB64 string, pcrValues map[int][]byte) (*QuoteResult, error)
type Verifier ¶
type Verifier interface {
// VerifyEKCert verifies an EK certificate and returns the identity class.
VerifyEKCert(ekCertDER []byte) (identityClass string, ekPubKey crypto.PublicKey, err error)
// VerifyQuote verifies a TPM quote signed by the given AK public key.
// When pcrValues is non-nil, the quote's PCR digest is verified against
// the provided values. When nil, PCR validation is skipped.
VerifyQuote(akPubKeyDER []byte, nonce string, quoteB64 string, pcrValues map[int][]byte) (*QuoteResult, error)
// MakeCredential creates an encrypted credential challenge for the TPM.
MakeCredential(ekPubKey crypto.PublicKey, akName []byte, secret []byte) ([]byte, error)
// ParseAKPublic parses AK parameters and returns the AK public key DER and AK name.
ParseAKPublic(akParams []byte) (akPubKeyDER []byte, akName []byte, err error)
// ExtractEKPublicKey extracts the public key from an EK certificate.
ExtractEKPublicKey(ekCertDER []byte) (crypto.PublicKey, error)
// EKFingerprint computes SHA-256 fingerprint of an EK certificate.
EKFingerprint(ekCertDER []byte) string
// ParseEKCert parses a DER-encoded EK certificate.
ParseEKCert(ekCertDER []byte) (*x509.Certificate, error)
}
Verifier defines the TPM verification interface.
Source Files
Click to show internal directories.
Click to hide internal directories.