Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/foxboron/go-tpm-keyfiles
TPM 2.0 TSS keyfile library
https://github.com/foxboron/go-tpm-keyfiles
confidential-computing go-tpm tpm tpm2 tss
Last synced: 3 months ago
JSON representation
TPM 2.0 TSS keyfile library
- Host: GitHub
- URL: https://github.com/foxboron/go-tpm-keyfiles
- Owner: Foxboron
- License: mit
- Created: 2024-02-12T19:39:37.000Z (12 months ago)
- Default Branch: master
- Last Pushed: 2024-08-05T21:42:53.000Z (6 months ago)
- Last Synced: 2024-08-06T00:39:12.737Z (6 months ago)
- Topics: confidential-computing, go-tpm, tpm, tpm2, tss
- Language: Go
- Homepage: https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
- Size: 135 KB
- Stars: 5
- Watchers: 3
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
go-tpm-keyfile
==============
Implements the ASN.1 Specification for TPM 2.0 Key Files.
https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
### Implementation Status
- [x] Loadable Keys
- [x] Importable Keys
- [ ] Sealed data
# Loadable Keys
## With NewLoadableKey
```go
package main
import (
"os"
keyfile "github.com/foxboron/go-tpm-keyfiles"
"github.com/google/go-tpm/tpm2"
"github.com/google/go-tpm/tpm2/transport/simulator"
)
func main() {
tpm, _ := simulator.OpenSimulator()
defer tpm.Close()
k, _ := keyfile.NewLoadableKey(tpm, tpm2.TPMAlgECC, 256, []byte{},
keyfile.WithDescription("TPM Key"),
)
os.Writefile("key.pem", k.Bytes(), 0640)
}
```
## With NewTPMKey
```go
package main
import (
"os"
keyfile "github.com/foxboron/go-tpm-keyfiles"
"github.com/google/go-tpm/tpm2"
"github.com/google/go-tpm/tpm2/transport/simulator"
)
func main(){
tpm, _ := simulator.OpenSimulator()
defer tpm.Close()
primary, _ := tpm2.CreatePrimary{
PrimaryHandle: tpm2.TPMRHOwner,
InPublic: tpm2.New2B(tpm2.ECCSRKTemplate),
}.Execute(tpm)
eccTemplate := tpm2.TPMTPublic{
Type: tpm2.TPMAlgECC,
NameAlg: sha,
ObjectAttributes: tpm2.TPMAObject{
SignEncrypt: true,
FixedTPM: true,
FixedParent: true,
SensitiveDataOrigin: true,
UserWithAuth: true,
},
Parameters: tpm2.NewTPMUPublicParms(
tpm2.TPMAlgECC,
&tpm2.TPMSECCParms{
CurveID: ecc,
Scheme: tpm2.TPMTECCScheme{
Scheme: tpm2.TPMAlgNull,
},
},
),
}
eccKeyResponse, := tpm2.CreateLoaded{
ParentHandle: tpm2.AuthHandle{
Handle: primary.ObjectHandle,
Name: primary.Name,
Auth: tpm2.PasswordAuth([]byte(nil)),
},
InPublic: tpm2.New2BTemplate(&eccTemplate),
}.Execute(tpm)
k := keyfile.NewTPMKey(
keyfile.OIDOldLoadableKey
eccKeyResponse.OutPublic,
eccKeyResponse.OutPrivate,
keyfile.WithDescription("This is a TPM Key"),
)
os.Writefile("key.pem", k.Bytes(), 0640)
}
```
# TPMSigner
`go-tpm-keyfile` implements a `crypto.Signer` interface to be used with the keys
for easy signature creation and verification.
The `TPMKeySigner` struct implements a callback-style approach for user auth,
owner auth and for TPM fetching for easier implementation towards things that
require user-input.
```go
package main
import (
"crypto"
"os"
keyfile "github.com/foxboron/go-tpm-keyfiles"
"github.com/google/go-tpm/tpm2"
"github.com/google/go-tpm/tpm2/transport/simulator"
)
func main() {
tpm, _ := simulator.OpenSimulator()
defer tpm.Close()
k, _ := NewLoadableKey(tpm, tpm2.TPMAlgECC, 256, []byte(""))
signer, _ := k.Signer(tpm, []byte(""), []byte(""))
h := crypto.SHA256.New()
h.Write([]byte("message"))
b := h.Sum(nil)
sig, _ := signer.Sign((io.Reader)(nil), b[:], crypto.SHA256)
ok, err := k.Verify(crypto.SHA256, b[:], sig)
if !ok || err != nil {
log.Fatalf("invalid signature")
}
}
```