evetpm

package
v0.0.0-...-4621069 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 15, 2025 License: Apache-2.0 Imports: 28 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	//TpmPasswdHdl is the well known TPM NVIndex for TPM Credentials
	TpmPasswdHdl tpmutil.Handle = 0x1600000

	//TpmEKHdl is the well known TPM permanent handle for Endorsement key
	TpmEKHdl tpmutil.Handle = 0x81000001

	//TpmSRKHdl is the well known TPM permanent handle for Storage key
	TpmSRKHdl tpmutil.Handle = 0x81000002

	//TpmAIKHdl is the well known TPM permanent handle for AIK key
	TpmAIKHdl tpmutil.Handle = 0x81000003

	//TpmQuoteKeyHdl is the well known TPM permanent handle for PCR Quote signing key
	TpmQuoteKeyHdl tpmutil.Handle = 0x81000004

	//TpmEcdhKeyHdl is the well known TPM permanent handle for ECDH key
	TpmEcdhKeyHdl tpmutil.Handle = 0x81000005

	//TpmDeviceKeyHdl is the well known TPM permanent handle for device key
	TpmDeviceKeyHdl tpmutil.Handle = 0x817FFFFF

	//TpmCredentialsFileName is the file that holds the dynamically created TPM credentials
	TpmCredentialsFileName = types.IdentityDirname + "/tpm_credential"

	//MaxPasswdLength is the max length allowed for a TPM password
	MaxPasswdLength = 7 //limit TPM password to this length

	//TpmDiskKeyHdl is the handle for constructing disk encryption key
	TpmDiskKeyHdl tpmutil.Handle = 0x1700000

	//TpmDeviceCertHdl is the well known TPM NVIndex for device cert
	TpmDeviceCertHdl tpmutil.Handle = 0x1500000

	//TpmSealedDiskPrivHdl is the handle for constructing disk encryption key
	TpmSealedDiskPrivHdl tpmutil.Handle = 0x1800000

	//TpmSealedDiskPubHdl is the handle for constructing disk encryption key
	TpmSealedDiskPubHdl tpmutil.Handle = 0x1900000

	//EmptyPassword is an empty string
	EmptyPassword = ""
)
View Source 
const SimTpmPath = "/tmp/eve-tpm/srv.sock"

SimTpmPath is the path to the SWTPM socket, this path is hardcoded in tests/tpm/prep-and-test.sh, so if you change this, make sure to update the script as well.

Variables

View Source 
var (
	//EcdhKeyFile is the location of the ecdh private key
	//on devices without a TPM. It is not a constant due to test usage
	EcdhKeyFile = types.CertificateDirname + "/ecdh.key.pem"

	//DiskKeySealingPCRs represents PCRs that we use for sealing
	DiskKeySealingPCRs = tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 1, 2, 3, 4, 6, 7, 8, 9, 13, 14}}

	// TpmDevicePath is the TPM device file path, it is not a constant due to
	// test usage.
	TpmDevicePath = "/dev/tpmrm0"

	// PcrSelection is used as an entropy to generate keys and the selection
	// of PCRs do not matter as well as the contents but PCR[7] is not changed often
	// on our devices
	PcrSelection = tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}}
	// PcrListForQuote is PCR selection for Quote operation in attestation process.
	PcrListForQuote = tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}}

	// DefaultKeyParams is the default Key Template for TPM
	DefaultKeyParams = tpm2.Public{
		Type:    tpm2.AlgECC,
		NameAlg: tpm2.AlgSHA256,
		Attributes: tpm2.FlagSign | tpm2.FlagNoDA | tpm2.FlagDecrypt |
			tpm2.FlagSensitiveDataOrigin |
			tpm2.FlagUserWithAuth,
		ECCParameters: &tpm2.ECCParams{
			CurveID: tpm2.CurveNISTP256,
		},
	}
	// DefaultEkTemplate is the default Ek Template as per
	// https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
	DefaultEkTemplate = tpm2.Public{
		Type:    tpm2.AlgRSA,
		NameAlg: tpm2.AlgSHA256,
		Attributes: tpm2.FlagFixedTPM | tpm2.FlagFixedParent | tpm2.FlagSensitiveDataOrigin |
			tpm2.FlagAdminWithPolicy | tpm2.FlagRestricted | tpm2.FlagDecrypt,
		AuthPolicy: []byte{
			0x83, 0x71, 0x97, 0x67, 0x44, 0x84,
			0xB3, 0xF8, 0x1A, 0x90, 0xCC, 0x8D,
			0x46, 0xA5, 0xD7, 0x24, 0xFD, 0x52,
			0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64,
			0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14,
			0x69, 0xAA,
		},
		RSAParameters: &tpm2.RSAParams{
			Symmetric: &tpm2.SymScheme{
				Alg:     tpm2.AlgAES,
				KeyBits: 128,
				Mode:    tpm2.AlgCFB,
			},
			KeyBits:    2048,
			ModulusRaw: make([]byte, 256),
		},
	}
	// DefaultSrkTemplate is for ActivateCredentials() usage (Decrypt key)
	DefaultSrkTemplate = tpm2.Public{
		Type:    tpm2.AlgRSA,
		NameAlg: tpm2.AlgSHA256,
		Attributes: tpm2.FlagFixedTPM | tpm2.FlagFixedParent |
			tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth |
			tpm2.FlagRestricted | tpm2.FlagDecrypt | tpm2.FlagNoDA,
		RSAParameters: &tpm2.RSAParams{
			Symmetric: &tpm2.SymScheme{
				Alg:     tpm2.AlgAES,
				KeyBits: 128,
				Mode:    tpm2.AlgCFB,
			},
			KeyBits:    2048,
			ModulusRaw: make([]byte, 256),
		},
	}
	// DefaultAikTemplate is a restricted signing key, for vTPM guest usage
	DefaultAikTemplate = tpm2.Public{
		Type:    tpm2.AlgRSA,
		NameAlg: tpm2.AlgSHA256,
		Attributes: tpm2.FlagFixedTPM | tpm2.FlagFixedParent |
			tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth |
			tpm2.FlagRestricted | tpm2.FlagSign | tpm2.FlagNoDA,
		RSAParameters: &tpm2.RSAParams{
			Sign: &tpm2.SigScheme{
				Alg:  tpm2.AlgRSASSA,
				Hash: tpm2.AlgSHA256,
			},
			KeyBits:    2048,
			ModulusRaw: make([]byte, 256),
		},
	}
	// DefaultQuoteKeyTemplate is a restricted signing key, for PCR Quote and other such uses
	DefaultQuoteKeyTemplate = tpm2.Public{
		Type:    tpm2.AlgECC,
		NameAlg: tpm2.AlgSHA256,
		Attributes: tpm2.FlagFixedTPM | tpm2.FlagFixedParent |
			tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth |
			tpm2.FlagRestricted | tpm2.FlagSign | tpm2.FlagNoDA,
		ECCParameters: &tpm2.ECCParams{
			Sign: &tpm2.SigScheme{
				Alg:  tpm2.AlgECDSA,
				Hash: tpm2.AlgSHA256,
			},
			CurveID: tpm2.CurveNISTP256,
		},
	}
	// DefaultEcdhKeyTemplate is used for deriving AES keys
	DefaultEcdhKeyTemplate = tpm2.Public{
		Type:    tpm2.AlgECC,
		NameAlg: tpm2.AlgSHA256,
		Attributes: tpm2.FlagSign | tpm2.FlagNoDA | tpm2.FlagDecrypt |
			tpm2.FlagSensitiveDataOrigin |
			tpm2.FlagUserWithAuth,
		ECCParameters: &tpm2.ECCParams{
			CurveID: tpm2.CurveNISTP256,
		},
	}
)

Functions

func AESDecrypt 

func AESDecrypt(plaintext, ciphertext, key, iv []byte) error

AESDecrypt decrypts ciphertext, and returns it in plaintext using the key and initial value given. Uses AES CFB cipher.

func AESEncrypt 

func AESEncrypt(ciphertext, plaintext, key, iv []byte) error

AESEncrypt encrypts plaintext, and returns it in ciphertext by using the key and initial value given. Uses a AES CFB cipher.

func CreateKey 

func CreateKey(log *base.LogObject, TpmPath string, keyHandle, ownerHandle tpmutil.Handle, template tpm2.Public, overwrite bool) error

CreateKey helps creating various keys, according to the supplied template, and hierarchy, we pass TPM path here because in some places we pass socket rather than char device.

func DecryptSecretWithEcdhKey 

func DecryptSecretWithEcdhKey(log *base.LogObject, X, Y *big.Int, edgeNodeCert *types.EdgeNodeCert,
	iv, ciphertext, plaintext []byte) error

DecryptSecretWithEcdhKey recovers plaintext from the given ciphertext X, Y are the Z point coordinates in Ellyptic Curve Diffie Hellman(ECDH) Exchange edgeNodeCert points to the certificate that Controller used to calculate the shared secret iv is the Initial Value used in the ECDH exchange. Sha256FromECPoint() is used as KDF on the shared secret, and the derived key is used in AESDecrypt(), to apply the cipher on ciphertext, and recover plaintext

func EccIntToBytes 

func EccIntToBytes(curve elliptic.Curve, i *big.Int) []byte

EccIntToBytes - ECC coordinates need to maintain a specific size based on the curve, so we pad the front with zeros. This is particularly an issue for NIST-P521 coordinates, as they are frequently missing their first byte. This is copied from go-tpm-tools library and is more future-proof than FillBytes(). https://github.com/google/go-tpm-tools/blob/3e063ade7f302972d7b893ca080a75efa3db5506/server/ecc_utils.go#L11

func EncryptDecryptUsingTpm 

func EncryptDecryptUsingTpm(in []byte, encrypt bool) ([]byte, error)

EncryptDecryptUsingTpm uses AES key to encrypt/decrypt a given secret The AES key is derived from a seed, which is further derived from device certificate and ECDH private key, which is protected inside the TPM. IOW, to decrypt secret successfully, one will need to be on the same device.

func FetchSealedVaultKey 

func FetchSealedVaultKey(log *base.LogObject) ([]byte, error)

FetchSealedVaultKey fetches Vault key sealed into TPM2.0, and unseals it. If the key is not present, it generates a new key and seals it into TPM2.0.

func FetchTpmHwInfo 

func FetchTpmHwInfo() (string, error)

FetchTpmHwInfo returns TPM Hardware properties in a string

func FetchTpmSwStatus 

func FetchTpmSwStatus() info.HwSecurityModuleStatus

FetchTpmSwStatus returns states reflecting SW usage of TPM

func FetchVaultKey 

func FetchVaultKey(log *base.LogObject) ([]byte, error)

FetchVaultKey retrieves TPM part of the vault key

func FindMismatchingPCRs 

func FindMismatchingPCRs() ([]int, error)

FindMismatchingPCRs compares saved PCR values with current PCR values and returns a list of PCR indices that have different values. Returns an error if PCR values cannot be retrieved.

func GetBootVariablesDirNames 

func GetBootVariablesDirNames() (string, string)

GetBootVariablesDirNames returns paths to saved boot variables directories

func GetDevicePrivateKey 

func GetDevicePrivateKey() (*ecdsa.PrivateKey, error)

GetDevicePrivateKey is for a device with no TPM and get the file-based device key

func GetFirmwareVersion 

func GetFirmwareVersion(v1 uint32, v2 uint32) string

GetFirmwareVersion converts v1, v2 values from TPM properties to string

func GetModelName 

func GetModelName(vendorValue1 uint32, vendorValue2 uint32) string

GetModelName combines vendor1 and vendor2 values into a string

func GetPrivateKeyFromFile 

func GetPrivateKeyFromFile(keyFile string) (*ecdsa.PrivateKey, error)

GetPrivateKeyFromFile reads a private key file on a device with no TPM

func GetPublicKeyFromCert 

func GetPublicKeyFromCert(certFile string) (crypto.PublicKey, error)

GetPublicKeyFromCert gets public key from a X.509 cert

func GetRandom 

func GetRandom(numBytes uint16) ([]byte, error)

GetRandom returns a random []byte of requested length

func GetTpmLogBackupFileNames 

func GetTpmLogBackupFileNames() (string, string)

GetTpmLogBackupFileNames returns paths to saved TPM logs for previous boot

func GetTpmLogFileNames 

func GetTpmLogFileNames() (string, string)

GetTpmLogFileNames returns paths to saved TPM logs

func GetTpmProperty 

func GetTpmProperty(propID tpm2.TPMProp) (uint32, error)

GetTpmProperty fetches a given property id, and returns it as uint32

func IsTpmEnabled 

func IsTpmEnabled() bool

IsTpmEnabled checks if TPM is being used by software for creating device cert Note that this must not be called before the device certificate has been generated

func PCRBankSHA256Enabled 

func PCRBankSHA256Enabled() bool

PCRBankSHA256Enabled checks if SHA256 PCR Bank is enabled

func PolicyPCRSession 

func PolicyPCRSession(rw io.ReadWriteCloser, pcrSel tpm2.PCRSelection) (tpmutil.Handle, []byte, error)

PolicyPCRSession prepares TPM2 Auth Policy session, with PCR as the policy

func ReadOwnerCrdl 

func ReadOwnerCrdl() (string, error)

ReadOwnerCrdl returns credential specific to this device

func SealDiskKey 

func SealDiskKey(log *base.LogObject, key []byte, pcrSel tpm2.PCRSelection) error

SealDiskKey seals key into TPM2.0, with provided PCRs

func SetDevicePublicKey 

func SetDevicePublicKey(pubkey crypto.PublicKey)

SetDevicePublicKey is needed for the self-signed bootstrap

func SetECDHPrivateKeyFile 

func SetECDHPrivateKeyFile(filename string)

SetECDHPrivateKeyFile is used by tpmmgr_test.go

func Sha256FromECPoint 

func Sha256FromECPoint(X, Y *big.Int, pubKey *ecdsa.PublicKey) ([32]byte, error)

Sha256FromECPoint is the KDF

func SimTpmAvailable 

func SimTpmAvailable() bool

SimTpmAvailable checks if the SWTPM socket is available

func SimTpmWaitForTpmReadyState 

func SimTpmWaitForTpmReadyState() error

SimTpmWaitForTpmReadyState waits for the SWTPM to be ready

func TpmSign 

func TpmSign(digest []byte) (*big.Int, *big.Int, error)

TpmSign is used by external packages to get a digest signed by device key in TPM

func UnsealDiskKey 

func UnsealDiskKey(pcrSel tpm2.PCRSelection) ([]byte, error)

UnsealDiskKey unseals key from TPM2.0

func WipeOutStaleSealedKeyIfAny 

func WipeOutStaleSealedKeyIfAny() error

WipeOutStaleSealedKeyIfAny checks and deletes sealed vault key

Types

type PCRBank256Status 

type PCRBank256Status uint32

PCRBank256Status stores info about support for SHA256 PCR bank on this device 

const (
	PCRBank256StatusUnknown PCRBank256Status = iota + 0
	PCRBank256StatusSupported
	PCRBank256StatusNotSupported
)

Different values for PCRBank256Status

type SealedKeyType 

type SealedKeyType uint32

SealedKeyType holds different types of sealed key defined below 

const (
	SealedKeyTypeUnknown     SealedKeyType = iota + 0 //Invalid
	SealedKeyTypeReused                               //Sealed key is cloned from legacy key
	SealedKeyTypeNew                                  //Sealed key is not cloned from legacy key
	SealedKeyTypeUnprotected                          //Sealed key is not available, using legacy key
)

Different sealed key types, for logging purposes

func CompareLegacyandSealedKey 

func CompareLegacyandSealedKey() SealedKeyType

CompareLegacyandSealedKey compares legacy and sealed keys to record if we are using a new key for sealed vault

func (SealedKeyType) String 

func (s SealedKeyType) String() string

String returns verbose string for SealedKeyType value

type TpmPrivateKey 

type TpmPrivateKey struct {
	PublicKey crypto.PublicKey
}

TpmPrivateKey is Custom implementation of crypto.PrivateKey interface

func (TpmPrivateKey) Public 

func (s TpmPrivateKey) Public() crypto.PublicKey

Public implements crypto.PrivateKey interface

func (TpmPrivateKey) Sign 

func (s TpmPrivateKey) Sign(r io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign implements crypto.PrivateKey interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.