From b827cbb53c1effacd52f9e91b0aa4e8716d0cba5 Mon Sep 17 00:00:00 2001 From: Chris Fenner Date: Sat, 3 Sep 2022 22:05:50 -0700 Subject: [PATCH] flatten the new API to just tpm2 (#308) Merge all of the old TPMDirect libraries together into tpm2. That includes helpers, KDFs, etc., as well as the commands and structures. This was necessary to avoid dependency cycles, and it probably makes for an easier developer experience anyway. This change adds a couple exceptions to the linting tool: * tpm2.TPM2BXyz unfortunately stutters a bit, that's the tradeoff * Startup_ and Shutdown_ end with an underscore until we can get a release of go-tpm-tools with a simulator that links to the legacy API at its new path Fixes #302 --- .cirrus.yml | 2 + Dockerfile | 2 +- .../credactivation/credential_activation.go | 5 +- legacy/tpm2/kdf.go | 72 ++- tpm2/{commands => }/audit.go | 13 +- tpm2/{structures/internal => }/bitfield.go | 2 +- tpm2/commands/create_loaded_test.go | 171 ----- tpm2/{structures/internal => }/constants.go | 2 +- tpm2/{helpers => }/crypto.go | 10 +- tpm2/{structures/internal => }/errors.go | 216 +++---- tpm2/helpers/kdf.go | 71 -- tpm2/helpers/names.go | 14 - tpm2/helpers/wrappers.go | 12 - tpm2/kdf.go | 29 + tpm2/{commands => }/names.go | 26 +- tpm2/{commands => }/policy.go | 11 +- tpm2/{commands => }/reflect.go | 66 +- tpm2/{commands => }/reflect_test.go | 10 +- tpm2/{commands => }/sessions.go | 246 ++++--- tpm2/{structures/internal => }/structures.go | 4 +- tpm2/structures/tpm/constants.go | 551 ---------------- tpm2/structures/tpm/tpm.go | 102 --- tpm2/structures/tpm2b/tpm2b.go | 127 ---- tpm2/structures/tpma/tpma.go | 43 -- tpm2/structures/tpmi/tpmi.go | 147 ----- tpm2/structures/tpml/tpml.go | 58 -- tpm2/structures/tpms/tpms.go | 204 ------ tpm2/structures/tpmt/tpmt.go | 69 -- tpm2/structures/tpmu/tpmu.go | 65 -- tpm2/templates.go | 184 ++++++ tpm2/templates/templates.go | 195 ------ .../activate_credential_test.go | 22 +- tpm2/{commands => test}/audit_test.go | 61 +- tpm2/{commands => test}/certify_test.go | 171 +++-- tpm2/{commands => test}/clear_test.go | 14 +- .../combined_context_test.go | 44 +- tpm2/{commands => test}/commit_test.go | 63 +- tpm2/test/create_loaded_test.go | 165 +++++ tpm2/{commands => test}/ecdh_test.go | 51 +- tpm2/{commands => test}/ek_test.go | 54 +- tpm2/{commands => test}/get_random_test.go | 3 +- .../hash_sequence_hash_test.go | 47 +- tpm2/{commands => test}/load_external_test.go | 57 +- tpm2/{commands => test}/names_test.go | 30 +- tpm2/{commands => test}/nv_test.go | 55 +- tpm2/{commands => test}/pcr_test.go | 33 +- tpm2/{commands => test}/policy_test.go | 144 ++--- tpm2/{commands => test}/read_public_test.go | 41 +- tpm2/{commands => test}/sealing_test.go | 99 ++- tpm2/{commands => test}/sign_test.go | 61 +- tpm2/{commands => }/tpm2.go | 610 +++++++++--------- tpm2/wrappers.go | 10 + tpmutil/encoding_test.go | 5 +- 53 files changed, 1546 insertions(+), 3023 deletions(-) rename tpm2/{commands => }/audit.go (84%) rename tpm2/{structures/internal => }/bitfield.go (99%) delete mode 100644 tpm2/commands/create_loaded_test.go rename tpm2/{structures/internal => }/constants.go (99%) rename tpm2/{helpers => }/crypto.go (72%) rename tpm2/{structures/internal => }/errors.go (84%) delete mode 100644 tpm2/helpers/kdf.go delete mode 100644 tpm2/helpers/names.go delete mode 100644 tpm2/helpers/wrappers.go create mode 100644 tpm2/kdf.go rename tpm2/{commands => }/names.go (65%) rename tpm2/{commands => }/policy.go (82%) rename tpm2/{commands => }/reflect.go (94%) rename tpm2/{commands => }/reflect_test.go (97%) rename tpm2/{commands => }/sessions.go (80%) rename tpm2/{structures/internal => }/structures.go (99%) delete mode 100644 tpm2/structures/tpm/constants.go delete mode 100644 tpm2/structures/tpm/tpm.go delete mode 100644 tpm2/structures/tpm2b/tpm2b.go delete mode 100644 tpm2/structures/tpma/tpma.go delete mode 100644 tpm2/structures/tpmi/tpmi.go delete mode 100644 tpm2/structures/tpml/tpml.go delete mode 100644 tpm2/structures/tpms/tpms.go delete mode 100644 tpm2/structures/tpmt/tpmt.go delete mode 100644 tpm2/structures/tpmu/tpmu.go create mode 100644 tpm2/templates.go delete mode 100644 tpm2/templates/templates.go rename tpm2/{commands => test}/activate_credential_test.go (79%) rename tpm2/{commands => test}/audit_test.go (66%) rename tpm2/{commands => test}/certify_test.go (71%) rename tpm2/{commands => test}/clear_test.go (79%) rename tpm2/{commands => test}/combined_context_test.go (66%) rename tpm2/{commands => test}/commit_test.go (55%) create mode 100644 tpm2/test/create_loaded_test.go rename tpm2/{commands => test}/ecdh_test.go (63%) rename tpm2/{commands => test}/ek_test.go (81%) rename tpm2/{commands => test}/get_random_test.go (88%) rename tpm2/{commands => test}/hash_sequence_hash_test.go (83%) rename tpm2/{commands => test}/load_external_test.go (52%) rename tpm2/{commands => test}/names_test.go (75%) rename tpm2/{commands => test}/nv_test.go (80%) rename tpm2/{commands => test}/pcr_test.go (80%) rename tpm2/{commands => test}/policy_test.go (82%) rename tpm2/{commands => test}/read_public_test.go (77%) rename tpm2/{commands => test}/sealing_test.go (80%) rename tpm2/{commands => test}/sign_test.go (67%) rename tpm2/{commands => }/tpm2.go (77%) create mode 100644 tpm2/wrappers.go diff --git a/.cirrus.yml b/.cirrus.yml index 0bd90b62..a944cccf 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -25,6 +25,8 @@ lint_task: -E misspell -E revive --exclude-use-default=false + --exclude stutters + --exclude underscores --max-same-issues=0 --max-issues-per-linter=0 ./tpmutil/... diff --git a/Dockerfile b/Dockerfile index 7622d725..98cfdb67 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ RUN apt-get update && apt-get install -y \ libssl-dev \ && rm -rf /var/lib/apt/lists/* # We need golangci-lint for linting -ARG VERSION=1.41.1 +ARG VERSION=1.49.0 RUN curl -SL \ https://github.com/golangci/golangci-lint/releases/download/v${VERSION}/golangci-lint-${VERSION}-linux-amd64.tar.gz \ --output golangci.tar.gz \ diff --git a/legacy/tpm2/credactivation/credential_activation.go b/legacy/tpm2/credactivation/credential_activation.go index 019d6561..9a90e85c 100644 --- a/legacy/tpm2/credactivation/credential_activation.go +++ b/legacy/tpm2/credactivation/credential_activation.go @@ -28,7 +28,6 @@ import ( "io" "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpm2/helpers" "github.com/google/go-tpm/tpmutil" ) @@ -92,7 +91,7 @@ func generateRSA(aik *tpm2.HashValue, pub *rsa.PublicKey, symBlockSize int, secr if err != nil { return nil, nil, fmt.Errorf("generating symmetric key: %v", err) } - symmetricKey := helpers.KDFaHash(h, seed, labelStorage, aikNameEncoded, nil, len(seed)*8) + symmetricKey := tpm2.KDFaHash(h, seed, labelStorage, aikNameEncoded, nil, len(seed)*8) c, err := aes.NewCipher(symmetricKey) if err != nil { return nil, nil, fmt.Errorf("symmetric cipher setup: %v", err) @@ -109,7 +108,7 @@ func generateRSA(aik *tpm2.HashValue, pub *rsa.PublicKey, symBlockSize int, secr // Generate the integrity HMAC, which is used to protect the integrity of the // encrypted structure. // See section 24.5 of the TPM specification revision 2 part 1. - macKey := helpers.KDFaHash(h, seed, labelIntegrity, nil, nil, crypothash.Size()*8) + macKey := tpm2.KDFaHash(h, seed, labelIntegrity, nil, nil, crypothash.Size()*8) mac := hmac.New(crypothash.New, macKey) mac.Write(encIdentity) diff --git a/legacy/tpm2/kdf.go b/legacy/tpm2/kdf.go index 46564e22..3a22e8be 100644 --- a/legacy/tpm2/kdf.go +++ b/legacy/tpm2/kdf.go @@ -15,7 +15,10 @@ package tpm2 import ( - "github.com/google/go-tpm/tpm2/helpers" + "crypto" + "crypto/hmac" + "encoding/binary" + "hash" ) // KDFa implements TPM 2.0's default key derivation function, as defined in @@ -30,7 +33,7 @@ func KDFa(hashAlg Algorithm, key []byte, label string, contextU, contextV []byte if err != nil { return nil, err } - return helpers.KDFaHash(h, key, label, contextU, contextV, bits), nil + return KDFaHash(h, key, label, contextU, contextV, bits), nil } // KDFe implements TPM 2.0's ECDH key derivation function, as defined in @@ -46,5 +49,68 @@ func KDFe(hashAlg Algorithm, z []byte, use string, partyUInfo, partyVInfo []byte if err != nil { return nil, err } - return helpers.KDFeHash(h, z, use, partyUInfo, partyVInfo, bits), nil + return KDFeHash(h, z, use, partyUInfo, partyVInfo, bits), nil +} + +// KDFaHash implements TPM 2.0's default key derivation function, as defined in +// section 11.4.9.2 of the TPM revision 2 specification part 1. +// See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ +// The key & label parameters must not be zero length. +// The label parameter is a non-null-terminated string. +// The contextU & contextV parameters are optional. +func KDFaHash(h crypto.Hash, key []byte, label string, contextU, contextV []byte, bits int) []byte { + mac := hmac.New(h.New, key) + + out := kdf(mac, bits, func() { + mac.Write([]byte(label)) + mac.Write([]byte{0}) // Terminating null character for C-string. + mac.Write(contextU) + mac.Write(contextV) + binary.Write(mac, binary.BigEndian, uint32(bits)) + }) + return out +} + +// KDFeHash implements TPM 2.0's ECDH key derivation function, as defined in +// section 11.4.9.3 of the TPM revision 2 specification part 1. +// See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ +// The z parameter is the x coordinate of one party's private ECC key multiplied +// by the other party's public ECC point. +// The use parameter is a non-null-terminated string. +// The partyUInfo and partyVInfo are the x coordinates of the initiator's and +// the responder's ECC points, respectively. +func KDFeHash(h crypto.Hash, z []byte, use string, partyUInfo, partyVInfo []byte, bits int) []byte { + hash := h.New() + + out := kdf(hash, bits, func() { + hash.Write(z) + hash.Write([]byte(use)) + hash.Write([]byte{0}) // Terminating null character for C-string. + hash.Write(partyUInfo) + hash.Write(partyVInfo) + }) + return out +} + +func kdf(h hash.Hash, bits int, update func()) []byte { + bytes := (bits + 7) / 8 + out := []byte{} + + for counter := 1; len(out) < bytes; counter++ { + h.Reset() + binary.Write(h, binary.BigEndian, uint32(counter)) + update() + + out = h.Sum(out) + } + // out's length is a multiple of hash size, so there will be excess + // bytes if bytes isn't a multiple of hash size. + out = out[:bytes] + + // As mentioned in the KDFa and KDFe specs mentioned above, + // the unused bits of the most significant octet are masked off. + if maskBits := uint8(bits % 8); maskBits > 0 { + out[0] &= (1 << maskBits) - 1 + } + return out } diff --git a/tpm2/commands/audit.go b/tpm2/audit.go similarity index 84% rename from tpm2/commands/audit.go rename to tpm2/audit.go index 93d51415..658ab1ac 100644 --- a/tpm2/commands/audit.go +++ b/tpm2/audit.go @@ -4,21 +4,18 @@ import ( "bytes" "fmt" "reflect" - - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpmi" ) // CommandAudit represents an audit session for attesting the execution of a // series of commands in the TPM. It is useful for both command and session // auditing. type CommandAudit struct { - hash tpmi.AlgHash + hash TPMIAlgHash digest []byte } // NewAudit initializes a new CommandAudit with the specified hash algorithm. -func NewAudit(hash tpmi.AlgHash) (*CommandAudit, error) { +func NewAudit(hash TPMIAlgHash) (*CommandAudit, error) { h, err := hash.Hash() if err != nil { return nil, err @@ -59,7 +56,7 @@ func (a *CommandAudit) Digest() []byte { // auditCPHash calculates the command parameter hash for a given command with // the given hash algorithm. The command is assumed to not have any decrypt // sessions. -func auditCPHash(h tpmi.AlgHash, c Command) ([]byte, error) { +func auditCPHash(h TPMIAlgHash, c Command) ([]byte, error) { cc := c.Command() names, err := cmdNames(c) if err != nil { @@ -75,7 +72,7 @@ func auditCPHash(h tpmi.AlgHash, c Command) ([]byte, error) { // auditRPHash calculates the response parameter hash for a given response with // the given hash algorithm. The command is assumed to be successful and to not // have any encrypt sessions. -func auditRPHash(h tpmi.AlgHash, r Response) ([]byte, error) { +func auditRPHash(h TPMIAlgHash, r Response) ([]byte, error) { cc := r.Response() var parms bytes.Buffer parameters := taggedMembers(reflect.ValueOf(r).Elem(), "handle", true) @@ -84,5 +81,5 @@ func auditRPHash(h tpmi.AlgHash, r Response) ([]byte, error) { return nil, fmt.Errorf("marshalling parameter %v: %w", i, err) } } - return rpHash(h, tpm.RCSuccess, cc, parms.Bytes()) + return rpHash(h, TPMRCSuccess, cc, parms.Bytes()) } diff --git a/tpm2/structures/internal/bitfield.go b/tpm2/bitfield.go similarity index 99% rename from tpm2/structures/internal/bitfield.go rename to tpm2/bitfield.go index fe4c7c1a..c8f52b6f 100644 --- a/tpm2/structures/internal/bitfield.go +++ b/tpm2/bitfield.go @@ -1,4 +1,4 @@ -package internal +package tpm2 import ( "fmt" diff --git a/tpm2/commands/create_loaded_test.go b/tpm2/commands/create_loaded_test.go deleted file mode 100644 index 2862b561..00000000 --- a/tpm2/commands/create_loaded_test.go +++ /dev/null @@ -1,171 +0,0 @@ -package tpm2 - -import ( - "testing" - - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" - "github.com/google/go-tpm/tpm2/templates" - "github.com/google/go-tpm/tpm2/transport" - "github.com/google/go-tpm/tpm2/transport/simulator" -) - -func getDeriver(t *testing.T, thetpm transport.TPM) NamedHandle { - t.Helper() - - cl := CreateLoaded{ - ParentHandle: tpm.RHOwner, - InPublic: tpm2b.Template{ - Template: tpmt.Public{ - Type: tpm.AlgKeyedHash, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ - SensitiveDataOrigin: true, - UserWithAuth: true, - Decrypt: true, - Restricted: true, - }, - Parameters: tpmu.PublicParms{ - KeyedHashDetail: &tpms.KeyedHashParms{ - Scheme: tpmt.KeyedHashScheme{ - Scheme: tpm.AlgXOR, - Details: tpmu.SchemeKeyedHash{ - XOR: &tpms.SchemeXOR{ - HashAlg: tpm.AlgSHA256, - KDF: tpm.AlgKDF1SP800108, - }, - }, - }, - }, - }, - }, - }, - } - rsp, err := cl.Execute(thetpm) - if err != nil { - t.Fatalf("could not create derivation parent: %v:", err) - } - return NamedHandle{ - Handle: rsp.ObjectHandle, - Name: rsp.Name, - } -} - -func TestCreateLoaded(t *testing.T) { - thetpm, err := simulator.OpenSimulator() - if err != nil { - t.Fatalf("could not connect to TPM simulator: %v", err) - } - defer thetpm.Close() - - deriver := getDeriver(t, thetpm) - - createLoadeds := map[string]*CreateLoaded{ - "PrimaryKey": { - ParentHandle: tpm.RHEndorsement, - InPublic: tpm2b.Template{ - Template: templates.ECCEKTemplate, - }, - }, - "OrdinaryKey": { - ParentHandle: tpm.RHOwner, - InSensitive: tpm2b.SensitiveCreate{ - Sensitive: tpms.SensitiveCreate{ - UserAuth: tpm2b.Auth{ - Buffer: []byte("p@ssw0rd"), - }, - }, - }, - InPublic: tpm2b.Template{ - Template: tpmt.Public{ - Type: tpm.AlgECC, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ - SensitiveDataOrigin: true, - UserWithAuth: true, - SignEncrypt: true, - }, - Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - CurveID: tpm.ECCNistP256, - }, - }, - }, - }, - }, - "DataBlob": { - ParentHandle: tpm.RHOwner, - InSensitive: tpm2b.SensitiveCreate{ - Sensitive: tpms.SensitiveCreate{ - UserAuth: tpm2b.Auth{ - Buffer: []byte("p@ssw0rd"), - }, - Data: tpm2b.SensitiveData{ - Buffer: []byte("secrets"), - }, - }, - }, - InPublic: tpm2b.Template{ - Template: tpmt.Public{ - Type: tpm.AlgKeyedHash, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ - UserWithAuth: true, - }, - }, - }, - }, - "Derived": { - ParentHandle: deriver, - InSensitive: tpm2b.SensitiveCreate{ - Sensitive: tpms.SensitiveCreate{ - UserAuth: tpm2b.Auth{ - Buffer: []byte("p@ssw0rd"), - }, - Data: tpm2b.Derive{ - Buffer: tpms.Derive{ - Label: tpm2b.Label{ - Buffer: []byte("label"), - }, - Context: tpm2b.Label{ - Buffer: []byte("context"), - }, - }, - }, - }, - }, - InPublic: tpm2b.Template{ - Template: tpmt.Public{ - Type: tpm.AlgECC, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ - FixedParent: true, - UserWithAuth: true, - SignEncrypt: true, - }, - Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - CurveID: tpm.ECCNistP256, - }, - }, - }, - }, - }, - } - - for name, createLoaded := range createLoadeds { - t.Run(name, func(t *testing.T) { - rsp, err := createLoaded.Execute(thetpm) - if err != nil { - t.Fatalf("error from CreateLoaded: %v", err) - } - if err = (&FlushContext{FlushHandle: rsp.ObjectHandle}).Execute(thetpm); err != nil { - t.Errorf("error from FlushContext: %v", err) - } - }) - } -} diff --git a/tpm2/structures/internal/constants.go b/tpm2/constants.go similarity index 99% rename from tpm2/structures/internal/constants.go rename to tpm2/constants.go index adcca148..499fd0d3 100644 --- a/tpm2/structures/internal/constants.go +++ b/tpm2/constants.go @@ -1,4 +1,4 @@ -package internal +package tpm2 import ( diff --git a/tpm2/helpers/crypto.go b/tpm2/crypto.go similarity index 72% rename from tpm2/helpers/crypto.go rename to tpm2/crypto.go index 85bc13fd..c8eb2bc7 100644 --- a/tpm2/helpers/crypto.go +++ b/tpm2/crypto.go @@ -1,17 +1,13 @@ -// Package helpers provides helper functionality for interacting with the TPM 2.0 API. -package helpers +package tpm2 import ( "crypto/elliptic" "crypto/rsa" "math/big" - - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpms" ) // RSAPub converts a TPM RSA public key into one recognized by the rsa package. -func RSAPub(parms *tpms.RSAParms, pub *tpm2b.PublicKeyRSA) (*rsa.PublicKey, error) { +func RSAPub(parms *TPMSRSAParms, pub *TPM2BPublicKeyRSA) (*rsa.PublicKey, error) { result := rsa.PublicKey{ N: big.NewInt(0).SetBytes(pub.Buffer), E: int(parms.Exponent), @@ -34,7 +30,7 @@ type ECDHPub struct { // ECCPub converts a TPM ECC public key into one recognized by the elliptic // package's point-multiplication functions, for use in ECDH. -func ECCPub(parms *tpms.ECCParms, pub *tpms.ECCPoint) (*ECDHPub, error) { +func ECCPub(parms *TPMSECCParms, pub *TPMSECCPoint) (*ECDHPub, error) { curve, err := parms.CurveID.Curve() if err != nil { return nil, err diff --git a/tpm2/structures/internal/errors.go b/tpm2/errors.go similarity index 84% rename from tpm2/structures/internal/errors.go rename to tpm2/errors.go index 9f827211..0de8e409 100644 --- a/tpm2/structures/internal/errors.go +++ b/tpm2/errors.go @@ -1,4 +1,4 @@ -package internal +package tpm2 import ( "fmt" @@ -10,389 +10,389 @@ type errorDesc struct { } var fmt0Descs = map[TPMRC]errorDesc{ - TPMRCInitialize: errorDesc{ + TPMRCInitialize: { name: "TPM_RC_INITIALIZE", description: "TPM not initialized by TPM2_Startup or already initialized", }, - TPMRCFailure: errorDesc{ + TPMRCFailure: { name: "TPM_RC_FAILURE", description: "commands not being accepted because of a TPM failure", }, - TPMRCSequence: errorDesc{ + TPMRCSequence: { name: "TPM_RC_SEQUENCE", description: "improper use of a sequence handle", }, - TPMRCPrivate: errorDesc{ + TPMRCPrivate: { name: "TPM_RC_PRIVATE", description: "not currently used", }, - TPMRCHMAC: errorDesc{ + TPMRCHMAC: { name: "TPM_RC_HMAC", description: "not currently used", }, - TPMRCDisabled: errorDesc{ + TPMRCDisabled: { name: "TPM_RC_DISABLED", description: "the command is disabled", }, - TPMRCExclusive: errorDesc{ + TPMRCExclusive: { name: "TPM_RC_EXCLUSIVE", description: "command failed because audit sequence required exclusivity", }, - TPMRCAuthType: errorDesc{ + TPMRCAuthType: { name: "TPM_RC_AUTH_TYPE", description: "authorization handle is not correct for command", }, - TPMRCAuthMissing: errorDesc{ + TPMRCAuthMissing: { name: "TPM_RC_AUTH_MISSING", description: "command requires an authorization session for handle and it is not present.", }, - TPMRCPolicy: errorDesc{ + TPMRCPolicy: { name: "TPM_RC_POLICY", description: "policy failure in math operation or an invalid authPolicy value", }, - TPMRCPCR: errorDesc{ + TPMRCPCR: { name: "TPM_RC_PCR", description: "PCR check fail", }, - TPMRCPCRChanged: errorDesc{ + TPMRCPCRChanged: { name: "TPM_RC_PCR_CHANGED", description: "PCR have changed since checked.", }, - TPMRCUpgrade: errorDesc{ + TPMRCUpgrade: { name: "TPM_RC_UPGRADE", description: "for all commands other than TPM2_FieldUpgradeData(), this code indicates that the TPM is in field upgrade mode; for TPM2_FieldUpgradeData(), this code indicates that the TPM is not in field upgrade mode", }, - TPMRCTooManyContexts: errorDesc{ + TPMRCTooManyContexts: { name: "TPM_RC_TOO_MANY_CONTEXTS", description: "context ID counter is at maximum.", }, - TPMRCAuthUnavailable: errorDesc{ + TPMRCAuthUnavailable: { name: "TPM_RC_AUTH_UNAVAILABLE", description: "authValue or authPolicy is not available for selected entity.", }, - TPMRCReboot: errorDesc{ + TPMRCReboot: { name: "TPM_RC_REBOOT", description: "a _TPM_Init and Startup(CLEAR) is required before the TPM can resume operation.", }, - TPMRCUnbalanced: errorDesc{ + TPMRCUnbalanced: { name: "TPM_RC_UNBALANCED", description: "the protection algorithms (hash and symmetric) are not reasonably balanced. The digest size of the hash must be larger than the key size of the symmetric algorithm.", }, - TPMRCCommandSize: errorDesc{ + TPMRCCommandSize: { name: "TPM_RC_COMMAND_SIZE", description: "command commandSize value is inconsistent with contents of the command buffer; either the size is not the same as the octets loaded by the hardware interface layer or the value is not large enough to hold a command header", }, - TPMRCCommandCode: errorDesc{ + TPMRCCommandCode: { name: "TPM_RC_COMMAND_CODE", description: "command code not supported", }, - TPMRCAuthSize: errorDesc{ + TPMRCAuthSize: { name: "TPM_RC_AUTHSIZE", description: "the value of authorizationSize is out of range or the number of octets in the Authorization Area is greater than required", }, - TPMRCAuthContext: errorDesc{ + TPMRCAuthContext: { name: "TPM_RC_AUTH_CONTEXT", description: "use of an authorization session with a context command or another command that cannot have an authorization session.", }, - TPMRCNVRange: errorDesc{ + TPMRCNVRange: { name: "TPM_RC_NV_RANGE", description: "NV offset+size is out of range.", }, - TPMRCNVSize: errorDesc{ + TPMRCNVSize: { name: "TPM_RC_NV_SIZE", description: "Requested allocation size is larger than allowed.", }, - TPMRCNVLocked: errorDesc{ + TPMRCNVLocked: { name: "TPM_RC_NV_LOCKED", description: "NV access locked.", }, - TPMRCNVAuthorization: errorDesc{ + TPMRCNVAuthorization: { name: "TPM_RC_NV_AUTHORIZATION", description: "NV access authorization fails in command actions (this failure does not affect lockout.action)", }, - TPMRCNVUninitialized: errorDesc{ + TPMRCNVUninitialized: { name: "TPM_RC_NV_UNINITIALIZED", description: "an NV Index is used before being initialized or the state saved by TPM2_Shutdown(STATE) could not be restored", }, - TPMRCNVSpace: errorDesc{ + TPMRCNVSpace: { name: "TPM_RC_NV_SPACE", description: "insufficient space for NV allocation", }, - TPMRCNVDefined: errorDesc{ + TPMRCNVDefined: { name: "TPM_RC_NV_DEFINED", description: "NV Index or persistent object already defined", }, - TPMRCBadContext: errorDesc{ + TPMRCBadContext: { name: "TPM_RC_BAD_CONTEXT", description: "context in TPM2_ContextLoad() is not valid", }, - TPMRCCPHash: errorDesc{ + TPMRCCPHash: { name: "TPM_RC_CPHASH", description: "cpHash value already set or not correct for use", }, - TPMRCParent: errorDesc{ + TPMRCParent: { name: "TPM_RC_PARENT", description: "handle for parent is not a valid parent", }, - TPMRCNeedsTest: errorDesc{ + TPMRCNeedsTest: { name: "TPM_RC_NEEDS_TEST", description: "some function needs testing.", }, - TPMRCNoResult: errorDesc{ + TPMRCNoResult: { name: "TPM_RC_NO_RESULT", description: "an internal function cannot process a request due to an unspecified problem. This code is usually related to invalid parameters that are not properly filtered by the input unmarshaling code.", }, - TPMRCSensitive: errorDesc{ + TPMRCSensitive: { name: "TPM_RC_SENSITIVE", description: "the sensitive area did not unmarshal correctly after decryption – this code is used in lieu of the other unmarshaling errors so that an attacker cannot determine where the unmarshaling error occurred", }, } var fmt1Descs = map[TPMRC]errorDesc{ - TPMRCAsymmetric: errorDesc{ + TPMRCAsymmetric: { name: "TPM_RC_ASYMMETRIC RC_FMT1", description: "asymmetric algorithm not supported or not correct", }, - TPMRCAttributes: errorDesc{ + TPMRCAttributes: { name: "TPM_RC_ATTRIBUTES", description: "inconsistent attributes", }, - TPMRCHash: errorDesc{ + TPMRCHash: { name: "TPM_RC_HASH", description: "hash algorithm not supported or not appropriate", }, - TPMRCValue: errorDesc{ + TPMRCValue: { name: "TPM_RC_VALUE", description: "value is out of range or is not correct for the context", }, - TPMRCHierarchy: errorDesc{ + TPMRCHierarchy: { name: "TPM_RC_HIERATPMRCHY", description: "hierarchy is not enabled or is not correct for the use", }, - TPMRCKeySize: errorDesc{ + TPMRCKeySize: { name: "TPM_RC_KEY_SIZE", description: "key size is not supported", }, - TPMRCMGF: errorDesc{ + TPMRCMGF: { name: "TPM_RC_MGF", description: "mask generation function not supported", }, - TPMRCMode: errorDesc{ + TPMRCMode: { name: "TPM_RC_MODE", description: "mode of operation not supported", }, - TPMRCType: errorDesc{ + TPMRCType: { name: "TPM_RC_TYPE", description: "the type of the value is not appropriate for the use", }, - TPMRCHandle: errorDesc{ + TPMRCHandle: { name: "TPM_RC_HANDLE", description: "the handle is not correct for the use", }, - TPMRCKDF: errorDesc{ + TPMRCKDF: { name: "TPM_RC_KDF", description: "unsupported key derivation function or function not appropriate for use", }, - TPMRCRange: errorDesc{ + TPMRCRange: { name: "TPM_RC_RANGE", description: "value was out of allowed range.", }, - TPMRCAuthFail: errorDesc{ + TPMRCAuthFail: { name: "TPM_RC_AUTH_FAIL", description: "the authorization HMAC check failed and DA counter incremented", }, - TPMRCNonce: errorDesc{ + TPMRCNonce: { name: "TPM_RC_NONCE", description: "invalid nonce size or nonce value mismatch", }, - TPMRCPP: errorDesc{ + TPMRCPP: { name: "TPM_RC_PP", description: "authorization requires assertion of PP", }, - TPMRCScheme: errorDesc{ + TPMRCScheme: { name: "TPM_RC_SCHEME", description: "unsupported or incompatible scheme", }, - TPMRCSize: errorDesc{ + TPMRCSize: { name: "TPM_RC_SIZE", description: "structure is the wrong size", }, - TPMRCSymmetric: errorDesc{ + TPMRCSymmetric: { name: "TPM_RC_SYMMETRIC", description: "unsupported symmetric algorithm or key size, or not appropriate for instance", }, - TPMRCTag: errorDesc{ + TPMRCTag: { name: "TPM_RC_TAG", description: "incorrect structure tag", }, - TPMRCSelector: errorDesc{ + TPMRCSelector: { name: "TPM_RC_SELECTOR", description: "union selector is incorrect", }, - TPMRCInsufficient: errorDesc{ + TPMRCInsufficient: { name: "TPM_RC_INSUFFICIENT", description: "the TPM was unable to unmarshal a value because there were not enough octets in the input buffer", }, - TPMRCSignature: errorDesc{ + TPMRCSignature: { name: "TPM_RC_SIGNATURE", description: "the signature is not valid", }, - TPMRCKey: errorDesc{ + TPMRCKey: { name: "TPM_RC_KEY", description: "key fields are not compatible with the selected use", }, - TPMRCPolicyFail: errorDesc{ + TPMRCPolicyFail: { name: "TPM_RC_POLICY_FAIL", description: "a policy check failed", }, - TPMRCIntegrity: errorDesc{ + TPMRCIntegrity: { name: "TPM_RC_INTEGRITY", description: "integrity check failed", }, - TPMRCTicket: errorDesc{ + TPMRCTicket: { name: "TPM_RC_TICKET", description: "invalid ticket", }, - TPMRCReservedBits: errorDesc{ + TPMRCReservedBits: { name: "TPM_RC_RESERVED_BITS", description: "reserved bits not set to zero as required", }, - TPMRCBadAuth: errorDesc{ + TPMRCBadAuth: { name: "TPM_RC_BAD_AUTH", description: "authorization failure without DA implications", }, - TPMRCExpired: errorDesc{ + TPMRCExpired: { name: "TPM_RC_EXPIRED", description: "the policy has expired", }, - TPMRCPolicyCC: errorDesc{ + TPMRCPolicyCC: { name: "TPM_RC_POLICY_CC", description: "the commandCode in the policy is not the commandCode of the command or the command code in a policy command references a command that is not implemented", }, - TPMRCBinding: errorDesc{ + TPMRCBinding: { name: "TPM_RC_BINDING", description: "public and sensitive portions of an object are not cryptographically bound", }, - TPMRCCurve: errorDesc{ + TPMRCCurve: { name: "TPM_RC_CURVE", description: "curve not supported", }, - TPMRCECCPoint: errorDesc{ + TPMRCECCPoint: { name: "TPM_RC_ECC_POINT", description: "point is not on the required curve.", }, } var warnDescs = map[TPMRC]errorDesc{ - TPMRCContextGap: errorDesc{ + TPMRCContextGap: { name: "TPM_RC_CONTEXT_GAP", description: "gap for context ID is too large", }, - TPMRCObjectMemory: errorDesc{ + TPMRCObjectMemory: { name: "TPM_RC_OBJECT_MEMORY", description: "out of memory for object contexts", }, - TPMRCSessionMemory: errorDesc{ + TPMRCSessionMemory: { name: "TPM_RC_SESSION_MEMORY", description: "out of memory for session contexts", }, - TPMRCMemory: errorDesc{ + TPMRCMemory: { name: "TPM_RC_MEMORY", description: "out of shared object/session memory or need space for internal operations", }, - TPMRCSessionHandles: errorDesc{ + TPMRCSessionHandles: { name: "TPM_RC_SESSION_HANDLES", description: "out of session handles – a session must be flushed before a new session may be created", }, - TPMRCObjectHandles: errorDesc{ + TPMRCObjectHandles: { name: "TPM_RC_OBJECT_HANDLES", description: "out of object handles – the handle space for objects is depleted and a reboot is required", }, - TPMRCLocality: errorDesc{ + TPMRCLocality: { name: "TPM_RC_LOCALITY", description: "bad locality", }, - TPMRCYielded: errorDesc{ + TPMRCYielded: { name: "TPM_RC_YIELDED", description: "the TPM has suspended operation on the command; forward progress was made and the command may be retried", }, - TPMRCCanceled: errorDesc{ + TPMRCCanceled: { name: "TPM_RC_CANCELED", description: "the command was canceled", }, - TPMRCTesting: errorDesc{ + TPMRCTesting: { name: "TPM_RC_TESTING", description: "TPM is performing self-tests", }, - TPMRCReferenceH0: errorDesc{ + TPMRCReferenceH0: { name: "TPM_RC_REFERENCE_H0", description: "the 1st handle in the handle area references a transient object or session that is not loaded", }, - TPMRCReferenceH1: errorDesc{ + TPMRCReferenceH1: { name: "TPM_RC_REFERENCE_H1", description: "the 2nd handle in the handle area references a transient object or session that is not loaded", }, - TPMRCReferenceH2: errorDesc{ + TPMRCReferenceH2: { name: "TPM_RC_REFERENCE_H2", description: "the 3rd handle in the handle area references a transient object or session that is not loaded", }, - TPMRCReferenceH3: errorDesc{ + TPMRCReferenceH3: { name: "TPM_RC_REFERENCE_H3", description: "the 4th handle in the handle area references a transient object or session that is not loaded", }, - TPMRCReferenceH4: errorDesc{ + TPMRCReferenceH4: { name: "TPM_RC_REFERENCE_H4", description: "the 5th handle in the handle area references a transient object or session that is not loaded", }, - TPMRCReferenceH5: errorDesc{ + TPMRCReferenceH5: { name: "TPM_RC_REFERENCE_H5", description: "the 6th handle in the handle area references a transient object or session that is not loaded", }, - TPMRCReferenceH6: errorDesc{ + TPMRCReferenceH6: { name: "TPM_RC_REFERENCE_H6", description: "the 7th handle in the handle area references a transient object or session that is not loaded", }, - TPMRCReferenceS0: errorDesc{ + TPMRCReferenceS0: { name: "TPM_RC_REFERENCE_S0", description: "the 1st authorization session handle references a session that is not loaded", }, - TPMRCReferenceS1: errorDesc{ + TPMRCReferenceS1: { name: "TPM_RC_REFERENCE_S1", description: "the 2nd authorization session handle references a session that is not loaded", }, - TPMRCReferenceS2: errorDesc{ + TPMRCReferenceS2: { name: "TPM_RC_REFERENCE_S2", description: "the 3rd authorization session handle references a session that is not loaded", }, - TPMRCReferenceS3: errorDesc{ + TPMRCReferenceS3: { name: "TPM_RC_REFERENCE_S3", description: "the 4th authorization session handle references a session that is not loaded", }, - TPMRCReferenceS4: errorDesc{ + TPMRCReferenceS4: { name: "TPM_RC_REFERENCE_S4", description: "the 5th session handle references a session that is not loaded", }, - TPMRCReferenceS5: errorDesc{ + TPMRCReferenceS5: { name: "TPM_RC_REFERENCE_S5", description: "the 6th session handle references a session that is not loaded", }, - TPMRCReferenceS6: errorDesc{ + TPMRCReferenceS6: { name: "TPM_RC_REFERENCE_S6", description: "the 7th authorization session handle references a session that is not loaded", }, - TPMRCNVRate: errorDesc{ + TPMRCNVRate: { name: "TPM_RC_NV_RATE", description: "the TPM is rate-limiting accesses to prevent wearout of NV", }, - TPMRCLockout: errorDesc{ + TPMRCLockout: { name: "TPM_RC_LOCKOUT", description: "authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode", }, - TPMRCRetry: errorDesc{ + TPMRCRetry: { name: "TPM_RC_RETRY", description: "the TPM was not able to start the command", }, - TPMRCNVUnavailable: errorDesc{ + TPMRCNVUnavailable: { name: "TPM_RC_NV_UNAVAILABLE", description: "the command may require writing of NV and NV is not current accessible", }, @@ -403,19 +403,19 @@ var warnDescs = map[TPMRC]errorDesc{ type subject int const ( - handle subject = iota + 1 - parameter - session + handleRelated subject = iota + 1 + parameterRelated + sessionRelated ) // String returns the string representation of the ErrorSubject. func (s subject) String() string { switch s { - case handle: + case handleRelated: return "handle" - case parameter: + case parameterRelated: return "parameter" - case session: + case sessionRelated: return "session" default: return "unknown subject" @@ -445,7 +445,7 @@ func (e TPMFmt1Error) Error() string { // Handle returns whether the error is handle-related and if so, which handle is // in error. func (e TPMFmt1Error) Handle() (bool, int) { - if e.subject != handle { + if e.subject != handleRelated { return false, 0 } return true, e.index @@ -454,7 +454,7 @@ func (e TPMFmt1Error) Handle() (bool, int) { // Parameter returns whether the error is handle-related and if so, which handle // is in error. func (e TPMFmt1Error) Parameter() (bool, int) { - if e.subject != parameter { + if e.subject != parameterRelated { return false, 0 } return true, e.index @@ -463,7 +463,7 @@ func (e TPMFmt1Error) Parameter() (bool, int) { // Session returns whether the error is handle-related and if so, which handle // is in error. func (e TPMFmt1Error) Session() (bool, int) { - if e.subject != session { + if e.subject != sessionRelated { return false, 0 } return true, e.index @@ -480,12 +480,12 @@ func (r TPMRC) isFmt1Error() (bool, TPMFmt1Error) { if (r & rcFmt1) != rcFmt1 { return false, TPMFmt1Error{} } - subj := handle + subj := handleRelated if (r & rcP) == rcP { - subj = parameter + subj = parameterRelated r ^= rcP } else if (r & rcS) == rcS { - subj = session + subj = sessionRelated r ^= rcS } idx := int((r & 0xF00) >> 8) diff --git a/tpm2/helpers/kdf.go b/tpm2/helpers/kdf.go deleted file mode 100644 index 0258aa48..00000000 --- a/tpm2/helpers/kdf.go +++ /dev/null @@ -1,71 +0,0 @@ -package helpers - -import ( - "crypto" - "crypto/hmac" - "encoding/binary" - "hash" -) - -// KDFaHash implements TPM 2.0's default key derivation function, as defined in -// section 11.4.9.2 of the TPM revision 2 specification part 1. -// See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ -// The key & label parameters must not be zero length. -// The label parameter is a non-null-terminated string. -// The contextU & contextV parameters are optional. -func KDFaHash(h crypto.Hash, key []byte, label string, contextU, contextV []byte, bits int) []byte { - mac := hmac.New(h.New, key) - - out := kdf(mac, bits, func() { - mac.Write([]byte(label)) - mac.Write([]byte{0}) // Terminating null character for C-string. - mac.Write(contextU) - mac.Write(contextV) - binary.Write(mac, binary.BigEndian, uint32(bits)) - }) - return out -} - -// KDFeHash implements TPM 2.0's ECDH key derivation function, as defined in -// section 11.4.9.3 of the TPM revision 2 specification part 1. -// See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ -// The z parameter is the x coordinate of one party's private ECC key multiplied -// by the other party's public ECC point. -// The use parameter is a non-null-terminated string. -// The partyUInfo and partyVInfo are the x coordinates of the initiator's and -// the responder's ECC points, respectively. -func KDFeHash(h crypto.Hash, z []byte, use string, partyUInfo, partyVInfo []byte, bits int) []byte { - hash := h.New() - - out := kdf(hash, bits, func() { - hash.Write(z) - hash.Write([]byte(use)) - hash.Write([]byte{0}) // Terminating null character for C-string. - hash.Write(partyUInfo) - hash.Write(partyVInfo) - }) - return out -} - -func kdf(h hash.Hash, bits int, update func()) []byte { - bytes := (bits + 7) / 8 - out := []byte{} - - for counter := 1; len(out) < bytes; counter++ { - h.Reset() - binary.Write(h, binary.BigEndian, uint32(counter)) - update() - - out = h.Sum(out) - } - // out's length is a multiple of hash size, so there will be excess - // bytes if bytes isn't a multiple of hash size. - out = out[:bytes] - - // As mentioned in the KDFa and KDFe specs mentioned above, - // the unused bits of the most significant octet are masked off. - if maskBits := uint8(bits % 8); maskBits > 0 { - out[0] &= (1 << maskBits) - 1 - } - return out -} diff --git a/tpm2/helpers/names.go b/tpm2/helpers/names.go deleted file mode 100644 index f020a306..00000000 --- a/tpm2/helpers/names.go +++ /dev/null @@ -1,14 +0,0 @@ -package helpers - -import ( - "encoding/binary" - - "github.com/google/go-tpm/tpm2/structures/tpm" -) - -// PrimaryHandleName returns the TPM Name of a primary handle. -func PrimaryHandleName(h tpm.Handle) []byte { - result := make([]byte, 4) - binary.BigEndian.PutUint32(result, uint32(h)) - return result -} diff --git a/tpm2/helpers/wrappers.go b/tpm2/helpers/wrappers.go deleted file mode 100644 index a8976617..00000000 --- a/tpm2/helpers/wrappers.go +++ /dev/null @@ -1,12 +0,0 @@ -package helpers - -import "github.com/google/go-tpm/tpm2/structures/tpm" - -// This file provides wrapper functions for concrete types used by tpm2, for -// setting union member pointers. - -// NewKeyBits allocates and returns the address of a new tpm.KeyBits. -func NewKeyBits(v tpm.KeyBits) *tpm.KeyBits { return &v } - -// NewAlgID allocates and returns the address of a new tpm.AlgID. -func NewAlgID(v tpm.AlgID) *tpm.AlgID { return &v } diff --git a/tpm2/kdf.go b/tpm2/kdf.go new file mode 100644 index 00000000..569a4daf --- /dev/null +++ b/tpm2/kdf.go @@ -0,0 +1,29 @@ +package tpm2 + +import ( + "crypto" + + legacy "github.com/google/go-tpm/legacy/tpm2" +) + +// KDFa implements TPM 2.0's default key derivation function, as defined in +// section 11.4.9.2 of the TPM revision 2 specification part 1. +// See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ +// The key & label parameters must not be zero length. +// The label parameter is a non-null-terminated string. +// The contextU & contextV parameters are optional. +func KDFa(h crypto.Hash, key []byte, label string, contextU, contextV []byte, bits int) []byte { + return legacy.KDFaHash(h, key, label, contextU, contextV, bits) +} + +// KDFe implements TPM 2.0's ECDH key derivation function, as defined in +// section 11.4.9.3 of the TPM revision 2 specification part 1. +// See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ +// The z parameter is the x coordinate of one party's private ECC key multiplied +// by the other party's public ECC point. +// The use parameter is a non-null-terminated string. +// The partyUInfo and partyVInfo are the x coordinates of the initiator's and +// the responder's ECC points, respectively. +func KDFe(h crypto.Hash, z []byte, use string, partyUInfo, partyVInfo []byte, bits int) []byte { + return legacy.KDFeHash(h, z, use, partyUInfo, partyVInfo, bits) +} diff --git a/tpm2/commands/names.go b/tpm2/names.go similarity index 65% rename from tpm2/commands/names.go rename to tpm2/names.go index 1cf85823..9738efc2 100644 --- a/tpm2/commands/names.go +++ b/tpm2/names.go @@ -2,26 +2,21 @@ package tpm2 import ( "encoding/binary" - - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" ) // HandleName returns the TPM Name of a PCR, session, or permanent value // (e.g., hierarchy) handle. -func HandleName(h tpm.Handle) tpm2b.Name { +func HandleName(h TPMHandle) TPM2BName { result := make([]byte, 4) binary.BigEndian.PutUint32(result, uint32(h)) - return tpm2b.Name{ + return TPM2BName{ Buffer: result, } } // objectOrNVName calculates the Name of an NV index or object. -// pub is a pointer to either a tpmt.Public or tpms.NVPublic. -func objectOrNVName(alg tpm.AlgID, pub interface{}) (*tpm2b.Name, error) { +// pub is a pointer to either a TPMTPublic or TPMSNVPublic. +func objectOrNVName(alg TPMAlgID, pub interface{}) (*TPM2BName, error) { h, err := alg.Hash() if err != nil { return nil, err @@ -42,17 +37,24 @@ func objectOrNVName(alg tpm.AlgID, pub interface{}) (*tpm2b.Name, error) { ha.Write(marshalledPub) result = ha.Sum(result) - return &tpm2b.Name{ + return &TPM2BName{ Buffer: result, }, nil } // ObjectName returns the TPM Name of an object. -func ObjectName(p *tpmt.Public) (*tpm2b.Name, error) { +func ObjectName(p *TPMTPublic) (*TPM2BName, error) { return objectOrNVName(p.NameAlg, p) } // NVName returns the TPM Name of an NV index. -func NVName(p *tpms.NVPublic) (*tpm2b.Name, error) { +func NVName(p *TPMSNVPublic) (*TPM2BName, error) { return objectOrNVName(p.NameAlg, p) } + +// PrimaryHandleName returns the TPM Name of a primary handle. +func PrimaryHandleName(h TPMHandle) []byte { + result := make([]byte, 4) + binary.BigEndian.PutUint32(result, uint32(h)) + return result +} diff --git a/tpm2/commands/policy.go b/tpm2/policy.go similarity index 82% rename from tpm2/commands/policy.go rename to tpm2/policy.go index 28c74542..41ffd26f 100644 --- a/tpm2/commands/policy.go +++ b/tpm2/policy.go @@ -2,21 +2,18 @@ package tpm2 import ( "crypto" - - "github.com/google/go-tpm/tpm2/structures/tpmi" - "github.com/google/go-tpm/tpm2/structures/tpmt" ) // PolicyCalculator represents a TPM 2.0 policy that needs to be calculated // synthetically (i.e., without a TPM). type PolicyCalculator struct { - alg tpmi.AlgHash + alg TPMIAlgHash hash crypto.Hash state []byte } // NewPolicyCalculator creates a fresh policy using the given hash algorithm. -func NewPolicyCalculator(alg tpmi.AlgHash) (*PolicyCalculator, error) { +func NewPolicyCalculator(alg TPMIAlgHash) (*PolicyCalculator, error) { hash, err := alg.Hash() if err != nil { return nil, err @@ -49,8 +46,8 @@ func (p *PolicyCalculator) Update(data ...interface{}) error { } // Hash returns the current state of the policy hash. -func (p *PolicyCalculator) Hash() *tpmt.HA { - result := tpmt.HA{ +func (p *PolicyCalculator) Hash() *TPMTHA { + result := TPMTHA{ HashAlg: p.alg, Digest: make([]byte, len(p.state)), } diff --git a/tpm2/commands/reflect.go b/tpm2/reflect.go similarity index 94% rename from tpm2/commands/reflect.go rename to tpm2/reflect.go index c005fdcc..c9447be1 100644 --- a/tpm2/commands/reflect.go +++ b/tpm2/reflect.go @@ -10,10 +10,6 @@ import ( "strconv" "strings" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" "github.com/google/go-tpm/tpm2/transport" ) @@ -57,7 +53,7 @@ func execute(t transport.TPM, cmd Command, rsp Response, extraSess ...Session) e if err != nil { return err } - var names []tpm2b.Name + var names []TPM2BName var sessions []byte if hasSessions { var err error @@ -109,7 +105,7 @@ func execute(t transport.TPM, cmd Command, rsp Response, extraSess ...Session) e // We don't need the TPM RC here because we would have errored // out from rspHeader // TODO: Authenticate the error code with sessions, if desired. - err = rspSessions(rspBuf, tpm.RCSuccess, cc, names, rspParms, sess) + err = rspSessions(rspBuf, TPMRCSuccess, cc, names, rspParms, sess) if err != nil { return err } @@ -161,7 +157,7 @@ func marshal(buf *bytes.Buffer, v reflect.Value) error { if v.IsNil() { switch v.Type().Name() { case "TPMUSensitiveCreate": - return marshal(buf, reflect.ValueOf(tpm2b.SensitiveData{})) + return marshal(buf, reflect.ValueOf(TPM2BSensitiveData{})) default: return fmt.Errorf("missing required value for %v interface", v.Type().Name()) } @@ -209,7 +205,7 @@ func marshalStruct(buf *bytes.Buffer, v reflect.Value) error { for i := 0; i < v.NumField(); i++ { // Ignore embedded Bitfield hints. if !v.Type().Field(i).IsExported() { - //if _, isBitfield := v.Field(i).Interface().(tpma.Bitfield); isBitfield { + //if _, isBitfield := v.Field(i).Interface().(TPMABitfield); isBitfield { continue } thisBitwise := hasTag(v.Type().Field(i), "bit") @@ -241,7 +237,7 @@ func marshalStruct(buf *bytes.Buffer, v reflect.Value) error { // TPMAlgNull for union selection. // This allows callers to omit uninteresting scheme structures. if v.Field(i).IsZero() && hasTag(v.Type().Field(i), "nullable") { - possibleSelectors[v.Type().Field(i).Name] = int64(tpm.AlgNull) + possibleSelectors[v.Type().Field(i).Name] = int64(TPMAlgNull) continue } switch v.Field(i).Kind() { @@ -287,7 +283,7 @@ func marshalStruct(buf *bytes.Buffer, v reflect.Value) error { // as TPMHandle's zero value is TPM_RH_NULL. // This allows callers to omit uninteresting handles // instead of specifying them as TPM_RH_NULL. - if err := binary.Write(&res, binary.BigEndian, uint32(tpm.RHNull)); err != nil { + if err := binary.Write(&res, binary.BigEndian, uint32(TPMRHNull)); err != nil { return err } } else if v.Field(i).IsZero() && v.Field(i).Kind() == reflect.Uint16 && hasTag(v.Type().Field(i), "nullable") { @@ -296,7 +292,7 @@ func marshalStruct(buf *bytes.Buffer, v reflect.Value) error { // This allows callers to omit uninteresting // algorithms/schemes instead of specifying them as // TPM_ALG_NULL. - if err := binary.Write(&res, binary.BigEndian, uint16(tpm.AlgNull)); err != nil { + if err := binary.Write(&res, binary.BigEndian, uint16(TPMAlgNull)); err != nil { return err } } else if hasTag(v.Type().Field(i), "optional") { @@ -325,7 +321,7 @@ func marshalStruct(buf *bytes.Buffer, v reflect.Value) error { // Marshals a bitwise-defined struct. func marshalBitwise(buf *bytes.Buffer, v reflect.Value) error { - bg, ok := v.Interface().(tpma.BitGetter) + bg, ok := v.Interface().(BitGetter) if !ok { return fmt.Errorf("'%v' was not a BitGetter", v.Type().Name()) } @@ -365,7 +361,7 @@ func marshalBitwise(buf *bytes.Buffer, v reflect.Value) error { // selector. Marshals nothing if the selector is equal to TPM_ALG_NULL (0x0010). func marshalUnion(buf *bytes.Buffer, v reflect.Value, selector int64) error { // Special case: TPM_ALG_NULL as a selector means marshal nothing - if selector == int64(tpm.AlgNull) { + if selector == int64(TPMAlgNull) { return nil } for i := 0; i < v.NumField(); i++ { @@ -481,7 +477,7 @@ func unmarshalStruct(buf *bytes.Buffer, v reflect.Value) error { // Ignore embedded Bitfield hints. // Ignore embedded Bitfield hints. if !v.Type().Field(i).IsExported() { - //if _, isBitfield := v.Field(i).Interface().(tpma.Bitfield); isBitfield { + //if _, isBitfield := v.Field(i).Interface().(TPMABitfield); isBitfield { continue } thisBitwise := hasTag(v.Type().Field(i), "bit") @@ -615,7 +611,7 @@ func unmarshalStruct(buf *bytes.Buffer, v reflect.Value) error { // Unmarshals a bitwise-defined struct. func unmarshalBitwise(buf *bytes.Buffer, v reflect.Value) error { - bs, ok := v.Addr().Interface().(tpma.BitSetter) + bs, ok := v.Addr().Interface().(BitSetter) if !ok { return fmt.Errorf("'%v' was not a BitSetter", v.Addr().Type()) } @@ -663,7 +659,7 @@ func unmarshalBitwise(buf *bytes.Buffer, v reflect.Value) error { // selector. Unmarshals nothing if the selector is TPM_ALG_NULL (0x0010). func unmarshalUnion(buf *bytes.Buffer, v reflect.Value, selector int64) error { // Special case: TPM_ALG_NULL as a selector means unmarshal nothing - if selector == int64(tpm.AlgNull) { + if selector == int64(TPMAlgNull) { return nil } for i := 0; i < v.NumField(); i++ { @@ -784,12 +780,8 @@ func cmdAuths(cmd Command) ([]Session, error) { authHandles := taggedMembers(reflect.ValueOf(cmd).Elem(), "auth", false) var result []Session for i, authHandle := range authHandles { - // Dynamically check if the caller provided auth in an AuthHandle. - // If not, use an empty password auth. - // A cleaner way to do this would be to have an interface method that - // returns a Session, but that would require Session to live inside - // the internal package, so that tpm.Handle can return it. - // So instead, we live with a little more magic reflection behavior. + // TODO: A cleaner way to do this would be to have an interface method that + // returns a Session. if h, ok := authHandle.Interface().(AuthHandle); ok { if h.Auth == nil { return nil, fmt.Errorf("missing auth for '%v' parameter", @@ -821,7 +813,7 @@ func cmdHandles(cmd Command) ([]byte, error) { // Special behavior: nullable handles have an effective zero-value of // TPM_RH_NULL. if h.HandleValue() == 0 && hasTag(reflect.TypeOf(cmd).Elem().Field(i), "nullable") { - h = tpm.RHNull + h = TPMRHNull } binary.Write(result, binary.BigEndian, h.HandleValue()) @@ -831,9 +823,9 @@ func cmdHandles(cmd Command) ([]byte, error) { } // cmdNames returns the names of the entities referenced by the handles of the command. -func cmdNames(cmd Command) ([]tpm2b.Name, error) { +func cmdNames(cmd Command) ([]TPM2BName, error) { handles := taggedMembers(reflect.ValueOf(cmd).Elem(), "handle", false) - var result []tpm2b.Name + var result []TPM2BName for i, maybeHandle := range handles { h, ok := maybeHandle.Interface().(handle) if !ok { @@ -844,7 +836,7 @@ func cmdNames(cmd Command) ([]tpm2b.Name, error) { // Special behavior: nullable handles have an effective zero-value of // TPM_RH_NULL. if h.HandleValue() == 0 && hasTag(reflect.TypeOf(cmd).Elem().Field(i), "nullable") { - h = tpm.RHNull + h = TPMRHNull } name := h.KnownName() @@ -870,9 +862,9 @@ func marshalParameter(buf *bytes.Buffer, cmd Command, i int) error { if hasTag(field, "optional") { return marshalOptional(buf, parm) } else if parm.IsZero() && parm.Kind() == reflect.Uint32 && hasTag(field, "nullable") { - return marshal(buf, reflect.ValueOf(tpm.RHNull)) + return marshal(buf, reflect.ValueOf(TPMRHNull)) } else if parm.IsZero() && parm.Kind() == reflect.Uint16 && hasTag(field, "nullable") { - return marshal(buf, reflect.ValueOf(tpm.AlgNull)) + return marshal(buf, reflect.ValueOf(TPMAlgNull)) } else { return marshal(buf, parm) } @@ -923,7 +915,7 @@ func cmdParameters(cmd Command, sess []Session) ([]byte, error) { } // cmdSessions returns the authorization area of the command. -func cmdSessions(sess []Session, cc tpm.CC, names []tpm2b.Name, parms []byte) ([]byte, error) { +func cmdSessions(sess []Session, cc TPMCC, names []TPM2BName, parms []byte) ([]byte, error) { // There is no authorization area if there are no sessions. if len(sess) == 0 { return nil, nil @@ -982,12 +974,12 @@ func cmdSessions(sess []Session, cc tpm.CC, names []tpm2b.Name, parms []byte) ([ } // cmdHeader returns the structured TPM command header. -func cmdHeader(hasSessions bool, length int, cc tpm.CC) []byte { - tag := tpm.STNoSessions +func cmdHeader(hasSessions bool, length int, cc TPMCC) []byte { + tag := TPMSTNoSessions if hasSessions { - tag = tpm.STSessions + tag = TPMSTSessions } - hdr := tpm.CmdHeader{ + hdr := TPMCmdHeader{ Tag: tag, Length: uint32(length), CommandCode: cc, @@ -1001,11 +993,11 @@ func cmdHeader(hasSessions bool, length int, cc tpm.CC) []byte { // returns an error here. // rsp is updated to point to the rest of the response after the header. func rspHeader(rsp *bytes.Buffer) error { - var hdr tpm.RspHeader + var hdr TPMRspHeader if err := unmarshal(rsp, reflect.ValueOf(&hdr).Elem()); err != nil { return fmt.Errorf("unmarshalling TPM response: %w", err) } - if hdr.ResponseCode != tpm.RCSuccess { + if hdr.ResponseCode != TPMRCSuccess { return hdr.ResponseCode } return nil @@ -1061,9 +1053,9 @@ func rspParametersArea(hasSessions bool, rsp *bytes.Buffer) ([]byte, error) { // the sessions with it. If there is a response validation error, returns // an error here. // rsp is updated to point to the rest of the response after the sessions. -func rspSessions(rsp *bytes.Buffer, rc tpm.RC, cc tpm.CC, names []tpm2b.Name, parms []byte, sess []Session) error { +func rspSessions(rsp *bytes.Buffer, rc TPMRC, cc TPMCC, names []TPM2BName, parms []byte, sess []Session) error { for i, s := range sess { - var auth tpms.AuthResponse + var auth TPMSAuthResponse if err := unmarshal(rsp, reflect.ValueOf(&auth).Elem()); err != nil { return fmt.Errorf("reading auth session %d: %w", i, err) } diff --git a/tpm2/commands/reflect_test.go b/tpm2/reflect_test.go similarity index 97% rename from tpm2/commands/reflect_test.go rename to tpm2/reflect_test.go index 314ea853..f194c11d 100644 --- a/tpm2/commands/reflect_test.go +++ b/tpm2/reflect_test.go @@ -8,8 +8,6 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" - - "github.com/google/go-tpm/tpm2/structures/tpma" ) func marshalUnmarshal(t *testing.T, v interface{}, want []byte) { @@ -125,7 +123,7 @@ func unmarshalReserved(t *testing.T, data []byte, want interface{}) { func TestMarshalBitfield(t *testing.T) { t.Run("8bit", func(t *testing.T) { - v := tpma.Session{ + v := TPMASession{ ContinueSession: true, AuditExclusive: true, AuditReset: false, @@ -138,7 +136,7 @@ func TestMarshalBitfield(t *testing.T) { unmarshalReserved(t, []byte{0x7b}, v) }) t.Run("full8bit", func(t *testing.T) { - v := tpma.Locality{ + v := TPMALocality{ TPMLocZero: true, TPMLocOne: true, TPMLocTwo: false, @@ -150,7 +148,7 @@ func TestMarshalBitfield(t *testing.T) { marshalUnmarshal(t, v, want) }) t.Run("32bit", func(t *testing.T) { - v := tpma.CC{ + v := TPMACC{ CommandIndex: 6, NV: true, } @@ -159,7 +157,7 @@ func TestMarshalBitfield(t *testing.T) { unmarshalReserved(t, []byte{0x80, 0x41, 0x00, 0x06}, v) }) t.Run("TPMAObject", func(t *testing.T) { - v := tpma.Object{ + v := TPMAObject{ FixedTPM: true, STClear: true, FixedParent: true, diff --git a/tpm2/commands/sessions.go b/tpm2/sessions.go similarity index 80% rename from tpm2/commands/sessions.go rename to tpm2/sessions.go index c4a4f001..227aa315 100644 --- a/tpm2/commands/sessions.go +++ b/tpm2/sessions.go @@ -11,14 +11,6 @@ import ( "encoding/binary" "fmt" - "github.com/google/go-tpm/tpm2/helpers" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpmi" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" "github.com/google/go-tpm/tpm2/transport" ) @@ -35,7 +27,7 @@ type Session interface { // authorize their actions without writing a lot of code. CleanupFailure(tpm transport.TPM) error // The last nonceTPM for this session. - NonceTPM() tpm2b.Nonce + NonceTPM() TPM2BNonce // Updates nonceCaller to a new random value. NewNonceCaller() error // Computes the authorization HMAC for the session. @@ -43,10 +35,10 @@ type Session interface { // there is another session (or sessions) for parameter // decryption and/or encryption, then addNonces contains the // nonceTPMs from each of them, respectively (see Part 1, 19.6.5) - Authorize(cc tpm.CC, parms, addNonces []byte, names []tpm2b.Name, authIndex int) (*tpms.AuthCommand, error) + Authorize(cc TPMCC, parms, addNonces []byte, names []TPM2BName, authIndex int) (*TPMSAuthCommand, error) // Validates the response for the session. // Updates NonceTPM for the session. - Validate(rc tpm.RC, cc tpm.CC, parms []byte, names []tpm2b.Name, authIndex int, auth *tpms.AuthResponse) error + Validate(rc TPMRC, cc TPMCC, parms []byte, names []TPM2BName, authIndex int, auth *TPMSAuthResponse) error // Returns true if this is an encryption session. IsEncryption() bool // Returns true if this is a decryption session. @@ -58,12 +50,12 @@ type Session interface { // parameter. Otherwise, does not modify the parameter. Decrypt(parameter []byte) error // Returns the handle value of this session. - Handle() tpm.Handle + Handle() TPMHandle } // CPHash calculates the TPM command parameter hash for a given Command. // N.B. Authorization sessions on handles are ignored, but names aren't. -func CPHash(alg tpmi.AlgHash, cmd Command) (*tpm2b.Digest, error) { +func CPHash(alg TPMIAlgHash, cmd Command) (*TPM2BDigest, error) { cc := cmd.Command() names, err := cmdNames(cmd) if err != nil { @@ -77,7 +69,7 @@ func CPHash(alg tpmi.AlgHash, cmd Command) (*tpm2b.Digest, error) { if err != nil { return nil, err } - return &tpm2b.Digest{ + return &TPM2BDigest{ Buffer: digest, }, nil } @@ -103,30 +95,30 @@ func (s *pwSession) CleanupFailure(tpm transport.TPM) error { return nil } // NonceTPM normally returns the last nonceTPM value from the session. // Since a password session is a pseudo-session with the auth value stuffed // in where the HMAC should go, this is not used. -func (s *pwSession) NonceTPM() tpm2b.Nonce { return tpm2b.Nonce{} } +func (s *pwSession) NonceTPM() TPM2BNonce { return TPM2BNonce{} } // NewNonceCaller updates the nonceCaller for this session. // Password sessions don't have nonces. func (s *pwSession) NewNonceCaller() error { return nil } // Computes the authorization structure for the session. -func (s *pwSession) Authorize(cc tpm.CC, parms, addNonces []byte, _ []tpm2b.Name, _ int) (*tpms.AuthCommand, error) { - return &tpms.AuthCommand{ - Handle: tpm.RSPW, - Nonce: tpm2b.Nonce{}, - Attributes: tpma.Session{}, - Authorization: tpm2b.Data{ +func (s *pwSession) Authorize(cc TPMCC, parms, addNonces []byte, _ []TPM2BName, _ int) (*TPMSAuthCommand, error) { + return &TPMSAuthCommand{ + Handle: TPMRSPW, + Nonce: TPM2BNonce{}, + Attributes: TPMASession{}, + Authorization: TPM2BData{ Buffer: s.auth, }, }, nil } // Validates the response session structure for the session. -func (s *pwSession) Validate(rc tpm.RC, cc tpm.CC, parms []byte, _ []tpm2b.Name, _ int, auth *tpms.AuthResponse) error { +func (s *pwSession) Validate(rc TPMRC, cc TPMCC, parms []byte, _ []TPM2BName, _ int, auth *TPMSAuthResponse) error { if len(auth.Nonce.Buffer) != 0 { return fmt.Errorf("expected empty nonce in response auth to PW session, got %x", auth.Nonce) } - expectedAttrs := tpma.Session{ + expectedAttrs := TPMASession{ ContinueSession: true, } if auth.Attributes != expectedAttrs { @@ -158,11 +150,11 @@ func (s *pwSession) Decrypt(parameter []byte) error { return nil } // Handle returns the handle value associated with this session. // In the case of a password session, this is always TPM_RS_PW. -func (s *pwSession) Handle() tpm.Handle { return tpm.RSPW } +func (s *pwSession) Handle() TPMHandle { return TPMRSPW } // cpHash calculates the TPM command parameter hash. // cpHash = hash(CC || names || parms) -func cpHash(alg tpmi.AlgHash, cc tpm.CC, names []tpm2b.Name, parms []byte) ([]byte, error) { +func cpHash(alg TPMIAlgHash, cc TPMCC, names []TPM2BName, parms []byte) ([]byte, error) { ha, err := alg.Hash() if err != nil { return nil, err @@ -178,7 +170,7 @@ func cpHash(alg tpmi.AlgHash, cc tpm.CC, names []tpm2b.Name, parms []byte) ([]by // rpHash calculates the TPM response parameter hash. // rpHash = hash(RC || CC || parms) -func rpHash(alg tpmi.AlgHash, rc tpm.RC, cc tpm.CC, parms []byte) ([]byte, error) { +func rpHash(alg TPMIAlgHash, rc TPMRC, cc TPMCC, parms []byte) ([]byte, error) { ha, err := alg.Hash() if err != nil { return nil, err @@ -194,24 +186,24 @@ func rpHash(alg tpmi.AlgHash, rc tpm.RC, cc tpm.CC, parms []byte) ([]byte, error type sessionOptions struct { auth []byte password bool - bindHandle tpmi.DHEntity - bindName tpm2b.Name + bindHandle TPMIDHEntity + bindName TPM2BName bindAuth []byte - saltHandle tpmi.DHObject - saltPub tpmt.Public - attrs tpma.Session - symmetric tpmt.SymDef + saltHandle TPMIDHObject + saltPub TPMTPublic + attrs TPMASession + symmetric TPMTSymDef trialPolicy bool } // defaultOptions represents the default options used when none are provided. func defaultOptions() sessionOptions { return sessionOptions{ - symmetric: tpmt.SymDef{ - Algorithm: tpm.AlgNull, + symmetric: TPMTSymDef{ + Algorithm: TPMAlgNull, }, - bindHandle: tpm.RHNull, - saltHandle: tpm.RHNull, + bindHandle: TPMRHNull, + saltHandle: TPMRHNull, } } @@ -239,7 +231,7 @@ func Password(auth []byte) AuthOption { // Bound specifies that this session's session key should depend on the auth // value of the given object. -func Bound(handle tpmi.DHEntity, name tpm2b.Name, auth []byte) AuthOption { +func Bound(handle TPMIDHEntity, name TPM2BName, auth []byte) AuthOption { return func(o *sessionOptions) { o.bindHandle = handle o.bindName = name @@ -250,7 +242,7 @@ func Bound(handle tpmi.DHEntity, name tpm2b.Name, auth []byte) AuthOption { // Salted specifies that this session's session key should depend on an // encrypted seed value using the given public key. // 'handle' must refer to a loaded RSA or ECC key. -func Salted(handle tpmi.DHObject, pub tpmt.Public) AuthOption { +func Salted(handle TPMIDHObject, pub TPMTPublic) AuthOption { return func(o *sessionOptions) { o.saltHandle = handle o.saltPub = pub @@ -274,17 +266,17 @@ const ( // the TPM. // Note that only commands whose first command/response parameter is a 2B can // support session encryption. -func AESEncryption(keySize tpm.KeyBits, dir parameterEncryptiontpm2ion) AuthOption { +func AESEncryption(keySize TPMKeyBits, dir parameterEncryptiontpm2ion) AuthOption { return func(o *sessionOptions) { o.attrs.Decrypt = (dir == EncryptIn || dir == EncryptInOut) o.attrs.Encrypt = (dir == EncryptOut || dir == EncryptInOut) - o.symmetric = tpmt.SymDef{ - Algorithm: tpm.AlgAES, - KeyBits: tpmu.SymKeyBits{ - AES: helpers.NewKeyBits(keySize), + o.symmetric = TPMTSymDef{ + Algorithm: TPMAlgAES, + KeyBits: TPMUSymKeyBits{ + AES: NewKeyBits(keySize), }, - Mode: tpmu.SymMode{ - AES: helpers.NewAlgID(tpm.AlgCFB), + Mode: TPMUSymMode{ + AES: NewAlgID(TPMAlgCFB), }, } } @@ -321,25 +313,25 @@ func Trial() AuthOption { // hmacSession generally implements the HMAC session. type hmacSession struct { sessionOptions - hash tpmi.AlgHash + hash TPMIAlgHash nonceSize int - handle tpm.Handle + handle TPMHandle sessionKey []byte // last nonceCaller - nonceCaller tpm2b.Nonce + nonceCaller TPM2BNonce // last nonceTPM - nonceTPM tpm2b.Nonce + nonceTPM TPM2BNonce } // HMAC sets up a just-in-time HMAC session that is used only once. // A real session is created, but just in time and it is flushed when used. -func HMAC(hash tpmi.AlgHash, nonceSize int, opts ...AuthOption) Session { +func HMAC(hash TPMIAlgHash, nonceSize int, opts ...AuthOption) Session { // Set up a one-off session that knows the auth value. sess := hmacSession{ sessionOptions: defaultOptions(), hash: hash, nonceSize: nonceSize, - handle: tpm.RHNull, + handle: TPMRHNull, } for _, opt := range opts { opt(&sess.sessionOptions) @@ -348,13 +340,13 @@ func HMAC(hash tpmi.AlgHash, nonceSize int, opts ...AuthOption) Session { } // HMACSession sets up a reusable HMAC session that needs to be closed. -func HMACSession(t transport.TPM, hash tpmi.AlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error) { +func HMACSession(t transport.TPM, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error) { // Set up a not-one-off session that knows the auth value. sess := hmacSession{ sessionOptions: defaultOptions(), hash: hash, nonceSize: nonceSize, - handle: tpm.RHNull, + handle: TPMRHNull, } for _, opt := range opts { opt(&sess.sessionOptions) @@ -376,24 +368,24 @@ func HMACSession(t transport.TPM, hash tpmi.AlgHash, nonceSize int, opts ...Auth } // Part 1, B.10.2 -func getEncryptedSaltRSA(nameAlg tpmi.AlgHash, parms *tpms.RSAParms, pub *tpm2b.PublicKeyRSA) (*tpm2b.EncryptedSecret, []byte, error) { - rsaPub, err := helpers.RSAPub(parms, pub) +func getEncryptedSaltRSA(nameAlg TPMIAlgHash, parms *TPMSRSAParms, pub *TPM2BPublicKeyRSA) (*TPM2BEncryptedSecret, []byte, error) { + rsaPub, err := RSAPub(parms, pub) if err != nil { return nil, nil, fmt.Errorf("could not encrypt salt to RSA key: %w", err) } // Odd special case: the size of the salt depends on the RSA scheme's // hash alg. - var hAlg tpmi.AlgHash + var hAlg TPMIAlgHash switch parms.Scheme.Scheme { - case tpm.AlgRSASSA: + case TPMAlgRSASSA: hAlg = parms.Scheme.Details.RSASSA.HashAlg - case tpm.AlgRSAES: + case TPMAlgRSAES: hAlg = nameAlg - case tpm.AlgRSAPSS: + case TPMAlgRSAPSS: hAlg = parms.Scheme.Details.RSAPSS.HashAlg - case tpm.AlgOAEP: + case TPMAlgOAEP: hAlg = parms.Scheme.Details.OAEP.HashAlg - case tpm.AlgNull: + case TPMAlgNull: hAlg = nameAlg default: return nil, nil, fmt.Errorf("unsupported RSA salt key scheme: %v", parms.Scheme.Scheme) @@ -411,18 +403,18 @@ func getEncryptedSaltRSA(nameAlg tpmi.AlgHash, parms *tpms.RSAParms, pub *tpm2b. if err != nil { return nil, nil, fmt.Errorf("encrypting salt: %w", err) } - return &tpm2b.EncryptedSecret{ + return &TPM2BEncryptedSecret{ Buffer: encSalt, }, salt, nil } // Part 1, 19.6.13 -func getEncryptedSaltECC(nameAlg tpmi.AlgHash, parms *tpms.ECCParms, pub *tpms.ECCPoint) (*tpm2b.EncryptedSecret, []byte, error) { +func getEncryptedSaltECC(nameAlg TPMIAlgHash, parms *TPMSECCParms, pub *TPMSECCPoint) (*TPM2BEncryptedSecret, []byte, error) { curve, err := parms.CurveID.Curve() if err != nil { return nil, nil, fmt.Errorf("could not encrypt salt to ECC key: %w", err) } - eccPub, err := helpers.ECCPub(parms, pub) + eccPub, err := ECCPub(parms, pub) if err != nil { return nil, nil, fmt.Errorf("could not encrypt salt to ECC key: %w", err) } @@ -440,25 +432,25 @@ func getEncryptedSaltECC(nameAlg tpmi.AlgHash, parms *tpms.ECCParms, pub *tpms.E if err != nil { return nil, nil, err } - salt := helpers.KDFeHash(ha, z, "SECRET", ephPubX.Bytes(), pub.X.Buffer, ha.Size()*8) + salt := KDFe(ha, z, "SECRET", ephPubX.Bytes(), pub.X.Buffer, ha.Size()*8) var encSalt bytes.Buffer binary.Write(&encSalt, binary.BigEndian, uint16(len(ephPubX.Bytes()))) encSalt.Write(ephPubX.Bytes()) binary.Write(&encSalt, binary.BigEndian, uint16(len(ephPubY.Bytes()))) encSalt.Write(ephPubY.Bytes()) - return &tpm2b.EncryptedSecret{ + return &TPM2BEncryptedSecret{ Buffer: encSalt.Bytes(), }, salt, nil } // getEncryptedSalt creates a salt value for salted sessions. // Returns the encrypted salt and plaintext salt, or an error value. -func getEncryptedSalt(pub tpmt.Public) (*tpm2b.EncryptedSecret, []byte, error) { +func getEncryptedSalt(pub TPMTPublic) (*TPM2BEncryptedSecret, []byte, error) { switch pub.Type { - case tpm.AlgRSA: + case TPMAlgRSA: return getEncryptedSaltRSA(pub.NameAlg, pub.Parameters.RSADetail, pub.Unique.RSA) - case tpm.AlgECC: + case TPMAlgECC: return getEncryptedSaltECC(pub.NameAlg, pub.Parameters.ECCDetail, pub.Unique.ECC) default: return nil, nil, fmt.Errorf("salt encryption alg '%v' not supported", pub.Type) @@ -467,14 +459,14 @@ func getEncryptedSalt(pub tpmt.Public) (*tpm2b.EncryptedSecret, []byte, error) { // Init initializes the session, just in time, if needed. func (s *hmacSession) Init(t transport.TPM) error { - if s.handle != tpm.RHNull { + if s.handle != TPMRHNull { // Session is already initialized. return nil } // Get a high-quality nonceCaller for our use. // Store it with the session object for later reference. - s.nonceCaller = tpm2b.Nonce{ + s.nonceCaller = TPM2BNonce{ Buffer: make([]byte, s.nonceSize), } if _, err := rand.Read(s.nonceCaller.Buffer); err != nil { @@ -486,14 +478,14 @@ func (s *hmacSession) Init(t transport.TPM) error { TPMKey: s.saltHandle, Bind: s.bindHandle, NonceCaller: s.nonceCaller, - SessionType: tpm.SEHMAC, + SessionType: TPMSEHMAC, Symmetric: s.symmetric, AuthHash: s.hash, } var salt []byte - if s.saltHandle != tpm.RHNull { + if s.saltHandle != TPMRHNull { var err error - var encSalt *tpm2b.EncryptedSecret + var encSalt *TPM2BEncryptedSecret encSalt, salt, err = getEncryptedSalt(s.saltPub) if err != nil { return err @@ -504,18 +496,18 @@ func (s *hmacSession) Init(t transport.TPM) error { if err != nil { return err } - s.handle = tpm.Handle(sasRsp.SessionHandle.HandleValue()) + s.handle = TPMHandle(sasRsp.SessionHandle.HandleValue()) s.nonceTPM = sasRsp.NonceTPM // Part 1, 19.6 ha, err := s.hash.Hash() if err != nil { return err } - if s.bindHandle != tpm.RHNull || len(salt) != 0 { + if s.bindHandle != TPMRHNull || len(salt) != 0 { var authSalt []byte authSalt = append(authSalt, s.bindAuth...) authSalt = append(authSalt, salt...) - s.sessionKey = helpers.KDFaHash(ha, authSalt, "ATH", s.nonceTPM.Buffer, s.nonceCaller.Buffer, ha.Size()*8) + s.sessionKey = KDFa(ha, authSalt, "ATH", s.nonceTPM.Buffer, s.nonceCaller.Buffer, ha.Size()*8) } return nil } @@ -530,17 +522,17 @@ func (s *hmacSession) CleanupFailure(t transport.TPM) error { if err := fc.Execute(t); err != nil { return err } - s.handle = tpm.RHNull + s.handle = TPMRHNull return nil } // NonceTPM returns the last nonceTPM value from the session. // May be nil, if the session hasn't been initialized yet. -func (s *hmacSession) NonceTPM() tpm2b.Nonce { return s.nonceTPM } +func (s *hmacSession) NonceTPM() TPM2BNonce { return s.nonceTPM } // To avoid a circular dependency on gotpm by tpm2, implement a -// tiny serialization by hand for tpma.Session here -func attrsToBytes(attrs tpma.Session) []byte { +// tiny serialization by hand for TPMASession here +func attrsToBytes(attrs TPMASession) []byte { var res byte if attrs.ContinueSession { res |= (1 << 0) @@ -568,16 +560,12 @@ func attrsToBytes(attrs tpma.Session) []byte { // This applies to both commands and responses. // The value of key depends on whether the session is bound and/or salted. // pHash cpHash for a command, or an rpHash for a response. -// nonceNewer in a command is the new nonceCaller sent in the command session -// packet. -// nonceNewer in a response is the new nonceTPM sent in the response session -// packet. -// nonceOlder in a command is the last nonceTPM sent by the TPM for this -// session. This may be when the session was created, or the last time it was -// used. -// nonceOlder in a response is the corresponding nonceCaller sent in the -// command. -func computeHMAC(alg tpmi.AlgHash, key, pHash, nonceNewer, nonceOlder, addNonces []byte, attrs tpma.Session) ([]byte, error) { +// nonceNewer in a command is the new nonceCaller sent in the command session packet. +// nonceNewer in a response is the new nonceTPM sent in the response session packet. +// nonceOlder in a command is the last nonceTPM sent by the TPM for this session. +// This may be when the session was created, or the last time it was used. +// nonceOlder in a response is the corresponding nonceCaller sent in the command. +func computeHMAC(alg TPMIAlgHash, key, pHash, nonceNewer, nonceOlder, addNonces []byte, attrs TPMASession) ([]byte, error) { ha, err := alg.Hash() if err != nil { return nil, err @@ -611,8 +599,8 @@ func (s *hmacSession) NewNonceCaller() error { // Authorize computes the authorization structure for the session. // Unlike the TPM spec, authIndex is zero-based. -func (s *hmacSession) Authorize(cc tpm.CC, parms, addNonces []byte, names []tpm2b.Name, authIndex int) (*tpms.AuthCommand, error) { - if s.handle == tpm.RHNull { +func (s *hmacSession) Authorize(cc TPMCC, parms, addNonces []byte, names []TPM2BName, authIndex int) (*TPMSAuthCommand, error) { + if s.handle == TPMRHNull { // Session is not initialized. return nil, fmt.Errorf("session not initialized") } @@ -635,11 +623,11 @@ func (s *hmacSession) Authorize(cc tpm.CC, parms, addNonces []byte, names []tpm2 if err != nil { return nil, err } - result := tpms.AuthCommand{ + result := TPMSAuthCommand{ Handle: s.handle, Nonce: s.nonceCaller, Attributes: s.attrs, - Authorization: tpm2b.Data{ + Authorization: TPM2BData{ Buffer: hmac, }, } @@ -648,12 +636,12 @@ func (s *hmacSession) Authorize(cc tpm.CC, parms, addNonces []byte, names []tpm2 // Validate validates the response session structure for the session. // It updates nonceTPM from the TPM's response. -func (s *hmacSession) Validate(rc tpm.RC, cc tpm.CC, parms []byte, names []tpm2b.Name, authIndex int, auth *tpms.AuthResponse) error { +func (s *hmacSession) Validate(rc TPMRC, cc TPMCC, parms []byte, names []TPM2BName, authIndex int, auth *TPMSAuthResponse) error { // Track the new nonceTPM for the session. s.nonceTPM = auth.Nonce // Track the session being automatically flushed. if !auth.Attributes.ContinueSession { - s.handle = tpm.RHNull + s.handle = TPMRHNull } // Part 1, 19.6 @@ -707,7 +695,7 @@ func (s *hmacSession) Encrypt(parameter []byte) error { if err != nil { return err } - keyIV := helpers.KDFaHash(ha, sessionValue, "CFB", s.nonceCaller.Buffer, s.nonceTPM.Buffer, keyIVBytes*8) + keyIV := KDFa(ha, sessionValue, "CFB", s.nonceCaller.Buffer, s.nonceTPM.Buffer, keyIVBytes*8) key, err := aes.NewCipher(keyIV[:keyBytes]) if err != nil { return err @@ -734,7 +722,7 @@ func (s *hmacSession) Decrypt(parameter []byte) error { if err != nil { return err } - keyIV := helpers.KDFaHash(ha, sessionValue, "CFB", s.nonceTPM.Buffer, s.nonceCaller.Buffer, keyIVBytes*8) + keyIV := KDFa(ha, sessionValue, "CFB", s.nonceTPM.Buffer, s.nonceCaller.Buffer, keyIVBytes*8) key, err := aes.NewCipher(keyIV[:keyBytes]) if err != nil { return err @@ -747,25 +735,25 @@ func (s *hmacSession) Decrypt(parameter []byte) error { // Handle returns the handle value of the session. // If the session is created with HMAC (instead of HMACSession) this will be // TPM_RH_NULL. -func (s *hmacSession) Handle() tpm.Handle { +func (s *hmacSession) Handle() TPMHandle { return s.handle } // PolicyCallback represents an object's policy in the form of a function. // This function makes zero or more TPM policy commands and returns error. -type PolicyCallback = func(tpm transport.TPM, handle tpmi.SHPolicy, nonceTPM tpm2b.Nonce) error +type PolicyCallback = func(tpm transport.TPM, handle TPMISHPolicy, nonceTPM TPM2BNonce) error // policySession generally implements the policy session. type policySession struct { sessionOptions - hash tpmi.AlgHash + hash TPMIAlgHash nonceSize int - handle tpm.Handle + handle TPMHandle sessionKey []byte // last nonceCaller - nonceCaller tpm2b.Nonce + nonceCaller TPM2BNonce // last nonceTPM - nonceTPM tpm2b.Nonce + nonceTPM TPM2BNonce callback *PolicyCallback } @@ -774,13 +762,13 @@ type policySession struct { // Each time the policy is created, the callback is invoked to authorize the // session. // A real session is created, but just in time, and it is flushed when used. -func Policy(hash tpmi.AlgHash, nonceSize int, callback PolicyCallback, opts ...AuthOption) Session { +func Policy(hash TPMIAlgHash, nonceSize int, callback PolicyCallback, opts ...AuthOption) Session { // Set up a one-off session that knows the auth value. sess := policySession{ sessionOptions: defaultOptions(), hash: hash, nonceSize: nonceSize, - handle: tpm.RHNull, + handle: TPMRHNull, callback: &callback, } for _, opt := range opts { @@ -793,13 +781,13 @@ func Policy(hash tpmi.AlgHash, nonceSize int, callback PolicyCallback, opts ...A // The caller is responsible to call whichever policy commands they want in the // session. // Note that the TPM resets a policy session after it is successfully used. -func PolicySession(t transport.TPM, hash tpmi.AlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error) { +func PolicySession(t transport.TPM, hash TPMIAlgHash, nonceSize int, opts ...AuthOption) (s Session, close func() error, err error) { // Set up a not-one-off session that knows the auth value. sess := policySession{ sessionOptions: defaultOptions(), hash: hash, nonceSize: nonceSize, - handle: tpm.RHNull, + handle: TPMRHNull, } for _, opt := range opts { opt(&sess.sessionOptions) @@ -823,23 +811,23 @@ func PolicySession(t transport.TPM, hash tpmi.AlgHash, nonceSize int, opts ...Au // Init initializes the session, just in time, if needed. func (s *policySession) Init(t transport.TPM) error { - if s.handle != tpm.RHNull { + if s.handle != TPMRHNull { // Session is already initialized. return nil } // Get a high-quality nonceCaller for our use. // Store it with the session object for later reference. - s.nonceCaller = tpm2b.Nonce{ + s.nonceCaller = TPM2BNonce{ Buffer: make([]byte, s.nonceSize), } if _, err := rand.Read(s.nonceCaller.Buffer); err != nil { return err } - sessType := tpm.SEPolicy + sessType := TPMSEPolicy if s.sessionOptions.trialPolicy { - sessType = tpm.SETrial + sessType = TPMSETrial } // Start up the actual auth session. @@ -852,9 +840,9 @@ func (s *policySession) Init(t transport.TPM) error { AuthHash: s.hash, } var salt []byte - if s.saltHandle != tpm.RHNull { + if s.saltHandle != TPMRHNull { var err error - var encSalt *tpm2b.EncryptedSecret + var encSalt *TPM2BEncryptedSecret encSalt, salt, err = getEncryptedSalt(s.saltPub) if err != nil { return err @@ -865,10 +853,10 @@ func (s *policySession) Init(t transport.TPM) error { if err != nil { return err } - s.handle = tpm.Handle(sasRsp.SessionHandle.HandleValue()) + s.handle = TPMHandle(sasRsp.SessionHandle.HandleValue()) s.nonceTPM = sasRsp.NonceTPM // Part 1, 19.6 - if s.bindHandle != tpm.RHNull || len(salt) != 0 { + if s.bindHandle != TPMRHNull || len(salt) != 0 { var authSalt []byte authSalt = append(authSalt, s.bindAuth...) authSalt = append(authSalt, salt...) @@ -876,7 +864,7 @@ func (s *policySession) Init(t transport.TPM) error { if err != nil { return err } - s.sessionKey = helpers.KDFaHash(ha, authSalt, "ATH", s.nonceTPM.Buffer, s.nonceCaller.Buffer, ha.Size()*8) + s.sessionKey = KDFa(ha, authSalt, "ATH", s.nonceTPM.Buffer, s.nonceCaller.Buffer, ha.Size()*8) } // Call the callback to execute the policy, if needed @@ -899,13 +887,13 @@ func (s *policySession) CleanupFailure(t transport.TPM) error { if err := fc.Execute(t); err != nil { return err } - s.handle = tpm.RHNull + s.handle = TPMRHNull return nil } // NonceTPM returns the last nonceTPM value from the session. // May be nil, if the session hasn't been initialized yet. -func (s *policySession) NonceTPM() tpm2b.Nonce { return s.nonceTPM } +func (s *policySession) NonceTPM() TPM2BNonce { return s.nonceTPM } // NewNonceCaller updates the nonceCaller for this session. func (s *policySession) NewNonceCaller() error { @@ -914,8 +902,8 @@ func (s *policySession) NewNonceCaller() error { } // Authorize computes the authorization structure for the session. -func (s *policySession) Authorize(cc tpm.CC, parms, addNonces []byte, names []tpm2b.Name, _ int) (*tpms.AuthCommand, error) { - if s.handle == tpm.RHNull { +func (s *policySession) Authorize(cc TPMCC, parms, addNonces []byte, names []TPM2BName, _ int) (*TPMSAuthCommand, error) { + if s.handle == TPMRHNull { // Session is not initialized. return nil, fmt.Errorf("session not initialized") } @@ -941,11 +929,11 @@ func (s *policySession) Authorize(cc tpm.CC, parms, addNonces []byte, names []tp } } - result := tpms.AuthCommand{ + result := TPMSAuthCommand{ Handle: s.handle, Nonce: s.nonceCaller, Attributes: s.attrs, - Authorization: tpm2b.Data{ + Authorization: TPM2BData{ Buffer: hmac, }, } @@ -954,12 +942,12 @@ func (s *policySession) Authorize(cc tpm.CC, parms, addNonces []byte, names []tp // Validate valitades the response session structure for the session. // Updates nonceTPM from the TPM's response. -func (s *policySession) Validate(rc tpm.RC, cc tpm.CC, parms []byte, _ []tpm2b.Name, _ int, auth *tpms.AuthResponse) error { +func (s *policySession) Validate(rc TPMRC, cc TPMCC, parms []byte, _ []TPM2BName, _ int, auth *TPMSAuthResponse) error { // Track the new nonceTPM for the session. s.nonceTPM = auth.Nonce // Track the session being automatically flushed. if !auth.Attributes.ContinueSession { - s.handle = tpm.RHNull + s.handle = TPMRHNull } if s.password { @@ -1019,7 +1007,7 @@ func (s *policySession) Encrypt(parameter []byte) error { if err != nil { return err } - keyIV := helpers.KDFaHash(ha, sessionValue, "CFB", s.nonceCaller.Buffer, s.nonceTPM.Buffer, keyIVBytes*8) + keyIV := KDFa(ha, sessionValue, "CFB", s.nonceCaller.Buffer, s.nonceTPM.Buffer, keyIVBytes*8) key, err := aes.NewCipher(keyIV[:keyBytes]) if err != nil { return err @@ -1046,7 +1034,7 @@ func (s *policySession) Decrypt(parameter []byte) error { if err != nil { return err } - keyIV := helpers.KDFaHash(ha, sessionValue, "CFB", s.nonceTPM.Buffer, s.nonceCaller.Buffer, keyIVBytes*8) + keyIV := KDFa(ha, sessionValue, "CFB", s.nonceTPM.Buffer, s.nonceCaller.Buffer, keyIVBytes*8) key, err := aes.NewCipher(keyIV[:keyBytes]) if err != nil { return err @@ -1059,6 +1047,6 @@ func (s *policySession) Decrypt(parameter []byte) error { // Handle returns the handle value of the session. // If the session is created with Policy (instead of PolicySession) this will be // TPM_RH_NULL. -func (s *policySession) Handle() tpm.Handle { +func (s *policySession) Handle() TPMHandle { return s.handle } diff --git a/tpm2/structures/internal/structures.go b/tpm2/structures.go similarity index 99% rename from tpm2/structures/internal/structures.go rename to tpm2/structures.go index ae79a361..474825fe 100644 --- a/tpm2/structures/internal/structures.go +++ b/tpm2/structures.go @@ -1,5 +1,5 @@ -// Package internal defines all the TPM 2.0 structures together to avoid import cycles -package internal +// Package tpm2 defines all the TPM 2.0 structures together to avoid import cycles +package tpm2 import ( "crypto" diff --git a/tpm2/structures/tpm/constants.go b/tpm2/structures/tpm/constants.go deleted file mode 100644 index e08e1a72..00000000 --- a/tpm2/structures/tpm/constants.go +++ /dev/null @@ -1,551 +0,0 @@ -package tpm - -import ( - "github.com/google/go-tpm/tpm2/structures/internal" -) - -// AlgID values come from Part 2: Structures, section 6.3. -const ( - AlgRSA = internal.TPMAlgRSA - AlgTDES = internal.TPMAlgTDES - AlgSHA = internal.TPMAlgSHA - AlgSHA1 = internal.TPMAlgSHA1 - AlgHMAC = internal.TPMAlgHMAC - AlgAES = internal.TPMAlgAES - AlgMGF1 = internal.TPMAlgMGF1 - AlgKeyedHash = internal.TPMAlgKeyedHash - AlgXOR = internal.TPMAlgXOR - AlgSHA256 = internal.TPMAlgSHA256 - AlgSHA384 = internal.TPMAlgSHA384 - AlgSHA512 = internal.TPMAlgSHA512 - AlgNull = internal.TPMAlgNull - AlgSM3256 = internal.TPMAlgSM3256 - AlgSM4 = internal.TPMAlgSM4 - AlgRSASSA = internal.TPMAlgRSASSA - AlgRSAES = internal.TPMAlgRSAES - AlgRSAPSS = internal.TPMAlgRSAPSS - AlgOAEP = internal.TPMAlgOAEP - AlgECDSA = internal.TPMAlgECDSA - AlgECDH = internal.TPMAlgECDH - AlgECDAA = internal.TPMAlgECDAA - AlgSM2 = internal.TPMAlgSM2 - AlgECSchnorr = internal.TPMAlgECSchnorr - AlgECMQV = internal.TPMAlgECMQV - AlgKDF1SP80056A = internal.TPMAlgKDF1SP80056A - AlgKDF2 = internal.TPMAlgKDF2 - AlgKDF1SP800108 = internal.TPMAlgKDF1SP800108 - AlgECC = internal.TPMAlgECC - AlgSymCipher = internal.TPMAlgSymCipher - AlgCamellia = internal.TPMAlgCamellia - AlgSHA3256 = internal.TPMAlgSHA3256 - AlgSHA3384 = internal.TPMAlgSHA3384 - AlgSHA3512 = internal.TPMAlgSHA3512 - AlgCTR = internal.TPMAlgCTR - AlgOFB = internal.TPMAlgOFB - AlgCBC = internal.TPMAlgCBC - AlgCFB = internal.TPMAlgCFB - AlgECB = internal.TPMAlgECB -) - -// ECCCurve values come from Part 2: Structures, section 6.4. -const ( - ECCNone = internal.TPMECCNone - ECCNistP192 = internal.TPMECCNistP192 - ECCNistP224 = internal.TPMECCNistP224 - ECCNistP256 = internal.TPMECCNistP256 - ECCNistP384 = internal.TPMECCNistP384 - ECCNistP521 = internal.TPMECCNistP521 - ECCBNP256 = internal.TPMECCBNP256 - ECCBNP638 = internal.TPMECCBNP638 - ECCSM2P256 = internal.TPMECCSM2P256 -) - -// CC values come from Part 2: Structures, section 6.5.2. -const ( - CCNVUndefineSpaceSpecial = internal.TPMCCNVUndefineSpaceSpecial - CCEvictControl = internal.TPMCCEvictControl - CCHierarchyControl = internal.TPMCCHierarchyControl - CCNVUndefineSpace = internal.TPMCCNVUndefineSpace - CCChangeEPS = internal.TPMCCChangeEPS - CCChangePPS = internal.TPMCCChangePPS - CCClear = internal.TPMCCClear - CCClearControl = internal.TPMCCClearControl - CCClockSet = internal.TPMCCClockSet - CCHierarchyChanegAuth = internal.TPMCCHierarchyChanegAuth - CCNVDefineSpace = internal.TPMCCNVDefineSpace - CCPCRAllocate = internal.TPMCCPCRAllocate - CCPCRSetAuthPolicy = internal.TPMCCPCRSetAuthPolicy - CCPPCommands = internal.TPMCCPPCommands - CCSetPrimaryPolicy = internal.TPMCCSetPrimaryPolicy - CCFieldUpgradeStart = internal.TPMCCFieldUpgradeStart - CCClockRateAdjust = internal.TPMCCClockRateAdjust - CCCreatePrimary = internal.TPMCCCreatePrimary - CCNVGlobalWriteLock = internal.TPMCCNVGlobalWriteLock - CCGetCommandAuditDigest = internal.TPMCCGetCommandAuditDigest - CCNVIncrement = internal.TPMCCNVIncrement - CCNVSetBits = internal.TPMCCNVSetBits - CCNVExtend = internal.TPMCCNVExtend - CCNVWrite = internal.TPMCCNVWrite - CCNVWriteLock = internal.TPMCCNVWriteLock - CCDictionaryAttackLockReset = internal.TPMCCDictionaryAttackLockReset - CCDictionaryAttackParameters = internal.TPMCCDictionaryAttackParameters - CCNVChangeAuth = internal.TPMCCNVChangeAuth - CCPCREvent = internal.TPMCCPCREvent - CCPCRReset = internal.TPMCCPCRReset - CCSequenceComplete = internal.TPMCCSequenceComplete - CCSetAlgorithmSet = internal.TPMCCSetAlgorithmSet - CCSetCommandCodeAuditStatus = internal.TPMCCSetCommandCodeAuditStatus - CCFieldUpgradeData = internal.TPMCCFieldUpgradeData - CCIncrementalSelfTest = internal.TPMCCIncrementalSelfTest - CCSelfTest = internal.TPMCCSelfTest - CCStartup = internal.TPMCCStartup - CCShutdown = internal.TPMCCShutdown - CCStirRandom = internal.TPMCCStirRandom - CCActivateCredential = internal.TPMCCActivateCredential - CCCertify = internal.TPMCCCertify - CCPolicyNV = internal.TPMCCPolicyNV - CCCertifyCreation = internal.TPMCCCertifyCreation - CCDuplicate = internal.TPMCCDuplicate - CCGetTime = internal.TPMCCGetTime - CCGetSessionAuditDigest = internal.TPMCCGetSessionAuditDigest - CCNVRead = internal.TPMCCNVRead - CCNVReadLock = internal.TPMCCNVReadLock - CCObjectChangeAuth = internal.TPMCCObjectChangeAuth - CCPolicySecret = internal.TPMCCPolicySecret - CCRewrap = internal.TPMCCRewrap - CCCreate = internal.TPMCCCreate - CCECDHZGen = internal.TPMCCECDHZGen - CCHMAC = internal.TPMCCHMAC - CCMAC = internal.TPMCCMAC - CCImport = internal.TPMCCImport - CCLoad = internal.TPMCCLoad - CCQuote = internal.TPMCCQuote - CCRSADecrypt = internal.TPMCCRSADecrypt - CCHMACStart = internal.TPMCCHMACStart - CCMACStart = internal.TPMCCMACStart - CCSequenceUpdate = internal.TPMCCSequenceUpdate - CCSign = internal.TPMCCSign - CCUnseal = internal.TPMCCUnseal - CCPolicySigned = internal.TPMCCPolicySigned - CCContextLoad = internal.TPMCCContextLoad - CCContextSave = internal.TPMCCContextSave - CCECDHKeyGen = internal.TPMCCECDHKeyGen - CCEncryptDecrypt = internal.TPMCCEncryptDecrypt - CCFlushContext = internal.TPMCCFlushContext - CCLoadExternal = internal.TPMCCLoadExternal - CCMakeCredential = internal.TPMCCMakeCredential - CCNVReadPublic = internal.TPMCCNVReadPublic - CCPolicyAuthorize = internal.TPMCCPolicyAuthorize - CCPolicyAuthValue = internal.TPMCCPolicyAuthValue - CCPolicyCommandCode = internal.TPMCCPolicyCommandCode - CCPolicyCounterTimer = internal.TPMCCPolicyCounterTimer - CCPolicyCpHash = internal.TPMCCPolicyCpHash - CCPolicyLocality = internal.TPMCCPolicyLocality - CCPolicyNameHash = internal.TPMCCPolicyNameHash - CCPolicyOR = internal.TPMCCPolicyOR - CCPolicyTicket = internal.TPMCCPolicyTicket - CCReadPublic = internal.TPMCCReadPublic - CCRSAEncrypt = internal.TPMCCRSAEncrypt - CCStartAuthSession = internal.TPMCCStartAuthSession - CCVerifySignature = internal.TPMCCVerifySignature - CCECCParameters = internal.TPMCCECCParameters - CCFirmwareRead = internal.TPMCCFirmwareRead - CCGetCapability = internal.TPMCCGetCapability - CCGetRandom = internal.TPMCCGetRandom - CCGetTestResult = internal.TPMCCGetTestResult - CCHash = internal.TPMCCHash - CCPCRRead = internal.TPMCCPCRRead - CCPolicyPCR = internal.TPMCCPolicyPCR - CCPolicyRestart = internal.TPMCCPolicyRestart - CCReadClock = internal.TPMCCReadClock - CCPCRExtend = internal.TPMCCPCRExtend - CCPCRSetAuthValue = internal.TPMCCPCRSetAuthValue - CCNVCertify = internal.TPMCCNVCertify - CCEventSequenceComplete = internal.TPMCCEventSequenceComplete - CCHashSequenceStart = internal.TPMCCHashSequenceStart - CCPolicyPhysicalPresence = internal.TPMCCPolicyPhysicalPresence - CCPolicyDuplicationSelect = internal.TPMCCPolicyDuplicationSelect - CCPolicyGetDigest = internal.TPMCCPolicyGetDigest - CCTestParams = internal.TPMCCTestParams - CCCommit = internal.TPMCCCommit - CCPolicyPassword = internal.TPMCCPolicyPassword - CCZGen2Phase = internal.TPMCCZGen2Phase - CCECEphemeral = internal.TPMCCECEphemeral - CCPolicyNvWritten = internal.TPMCCPolicyNvWritten - CCPolicyTemplate = internal.TPMCCPolicyTemplate - CCCreateLoaded = internal.TPMCCCreateLoaded - CCPolicyAuthorizeNV = internal.TPMCCPolicyAuthorizeNV - CCEncryptDecrypt2 = internal.TPMCCEncryptDecrypt2 - CCACGetCapability = internal.TPMCCACGetCapability - CCACSend = internal.TPMCCACSend - CCPolicyACSendSelect = internal.TPMCCPolicyACSendSelect - CCCertifyX509 = internal.TPMCCCertifyX509 - CCACTSetTimeout = internal.TPMCCACTSetTimeout -) - -// RC values come from Part 2: Structures, section 6.6.3. -const ( - RCSuccess = internal.TPMRCSuccess - // FMT0 error codes - RCInitialize = internal.TPMRCInitialize - RCFailure = internal.TPMRCFailure - RCSequence = internal.TPMRCSequence - RCPrivate = internal.TPMRCPrivate - RCHMAC = internal.TPMRCHMAC - RCDisabled = internal.TPMRCDisabled - RCExclusive = internal.TPMRCExclusive - RCAuthType = internal.TPMRCAuthType - RCAuthMissing = internal.TPMRCAuthMissing - RCPolicy = internal.TPMRCPolicy - RCPCR = internal.TPMRCPCR - RCPCRChanged = internal.TPMRCPCRChanged - RCUpgrade = internal.TPMRCUpgrade - RCTooManyContexts = internal.TPMRCTooManyContexts - RCAuthUnavailable = internal.TPMRCAuthUnavailable - RCReboot = internal.TPMRCReboot - RCUnbalanced = internal.TPMRCUnbalanced - RCCommandSize = internal.TPMRCCommandSize - RCCommandCode = internal.TPMRCCommandCode - RCAuthSize = internal.TPMRCAuthSize - RCAuthContext = internal.TPMRCAuthContext - RCNVRange = internal.TPMRCNVRange - RCNVSize = internal.TPMRCNVSize - RCNVLocked = internal.TPMRCNVLocked - RCNVAuthorization = internal.TPMRCNVAuthorization - RCNVUninitialized = internal.TPMRCNVUninitialized - RCNVSpace = internal.TPMRCNVSpace - RCNVDefined = internal.TPMRCNVDefined - RCBadContext = internal.TPMRCBadContext - RCCPHash = internal.TPMRCCPHash - RCParent = internal.TPMRCParent - RCNeedsTest = internal.TPMRCNeedsTest - RCNoResult = internal.TPMRCNoResult - RCSensitive = internal.TPMRCSensitive - // FMT1 error codes - RCAsymmetric = internal.TPMRCAsymmetric - RCAttributes = internal.TPMRCAttributes - RCHash = internal.TPMRCHash - RCValue = internal.TPMRCValue - RCHierarchy = internal.TPMRCHierarchy - RCKeySize = internal.TPMRCKeySize - RCMGF = internal.TPMRCMGF - RCMode = internal.TPMRCMode - RCType = internal.TPMRCType - RCHandle = internal.TPMRCHandle - RCKDF = internal.TPMRCKDF - RCRange = internal.TPMRCRange - RCAuthFail = internal.TPMRCAuthFail - RCNonce = internal.TPMRCNonce - RCPP = internal.TPMRCPP - RCScheme = internal.TPMRCScheme - RCSize = internal.TPMRCSize - RCSymmetric = internal.TPMRCSymmetric - RCTag = internal.TPMRCTag - RCSelector = internal.TPMRCSelector - RCInsufficient = internal.TPMRCInsufficient - RCSignature = internal.TPMRCSignature - RCKey = internal.TPMRCKey - RCPolicyFail = internal.TPMRCPolicyFail - RCIntegrity = internal.TPMRCIntegrity - RCTicket = internal.TPMRCTicket - RCReservedBits = internal.TPMRCReservedBits - RCBadAuth = internal.TPMRCBadAuth - RCExpired = internal.TPMRCExpired - RCPolicyCC = internal.TPMRCPolicyCC - RCBinding = internal.TPMRCBinding - RCCurve = internal.TPMRCCurve - RCECCPoint = internal.TPMRCECCPoint - // Warnings - RCContextGap = internal.TPMRCContextGap - RCObjectMemory = internal.TPMRCObjectMemory - RCSessionMemory = internal.TPMRCSessionMemory - RCMemory = internal.TPMRCMemory - RCSessionHandles = internal.TPMRCSessionHandles - RCObjectHandles = internal.TPMRCObjectHandles - RCLocality = internal.TPMRCLocality - RCYielded = internal.TPMRCYielded - RCCanceled = internal.TPMRCCanceled - RCTesting = internal.TPMRCTesting - RCReferenceH0 = internal.TPMRCReferenceH0 - RCReferenceH1 = internal.TPMRCReferenceH1 - RCReferenceH2 = internal.TPMRCReferenceH2 - RCReferenceH3 = internal.TPMRCReferenceH3 - RCReferenceH4 = internal.TPMRCReferenceH4 - RCReferenceH5 = internal.TPMRCReferenceH5 - RCReferenceH6 = internal.TPMRCReferenceH6 - RCReferenceS0 = internal.TPMRCReferenceS0 - RCReferenceS1 = internal.TPMRCReferenceS1 - RCReferenceS2 = internal.TPMRCReferenceS2 - RCReferenceS3 = internal.TPMRCReferenceS3 - RCReferenceS4 = internal.TPMRCReferenceS4 - RCReferenceS5 = internal.TPMRCReferenceS5 - RCReferenceS6 = internal.TPMRCReferenceS6 - RCNVRate = internal.TPMRCNVRate - RCLockout = internal.TPMRCLockout - RCRetry = internal.TPMRCRetry - RCNVUnavailable = internal.TPMRCNVUnavailable -) - -// EO values come from Part 2: Structures, section 6.8. -const ( - EOEq = internal.TPMEOEq - EONeq = internal.TPMEONeq - EOSignedGT = internal.TPMEOSignedGT - EOUnsignedGT = internal.TPMEOUnsignedGT - EOSignedLT = internal.TPMEOSignedLT - EOUnsignedLT = internal.TPMEOUnsignedLT - EOSignedGE = internal.TPMEOSignedGE - EOUnsignedGE = internal.TPMEOUnsignedGE - EOSignedLE = internal.TPMEOSignedLE - EOUnsignedLE = internal.TPMEOUnsignedLE - EOBitSet = internal.TPMEOBitSet - EOBitClear = internal.TPMEOBitClear -) - -// ST values come from Part 2: Structures, section 6.9. -const ( - STRspCommand = internal.TPMSTRspCommand - STNull = internal.TPMSTNull - STNoSessions = internal.TPMSTNoSessions - STSessions = internal.TPMSTSessions - STAttestNV = internal.TPMSTAttestNV - STAttestCommandAudit = internal.TPMSTAttestCommandAudit - STAttestSessionAudit = internal.TPMSTAttestSessionAudit - STAttestCertify = internal.TPMSTAttestCertify - STAttestQuote = internal.TPMSTAttestQuote - STAttestTime = internal.TPMSTAttestTime - STAttestCreation = internal.TPMSTAttestCreation - STAttestNVDigest = internal.TPMSTAttestNVDigest - STCreation = internal.TPMSTCreation - STVerified = internal.TPMSTVerified - STAuthSecret = internal.TPMSTAuthSecret - STHashCheck = internal.TPMSTHashCheck - STAuthSigned = internal.TPMSTAuthSigned - STFuManifest = internal.TPMSTFuManifest -) - -// SU values come from Part 2: Structures, section 6.10. -const ( - SUClear = internal.TPMSUClear - SUState = internal.TPMSUState -) - -// SE values come from Part 2: Structures, section 6.11. -const ( - SEHMAC = internal.TPMSEHMAC - SEPolicy = internal.TPMSEPolicy - SETrial = internal.TPMSETrial -) - -// Cap values come from Part 2: Structures, section 6.12. -const ( - CapAlgs = internal.TPMCapAlgs - CapHandles = internal.TPMCapHandles - CapCommands = internal.TPMCapCommands - CapPPCommands = internal.TPMCapPPCommands - CapAuditCommands = internal.TPMCapAuditCommands - CapPCRs = internal.TPMCapPCRs - CapTPMProperties = internal.TPMCapTPMProperties - CapPCRProperties = internal.TPMCapPCRProperties - CapECCCurves = internal.TPMCapECCCurves - CapAuthPolicies = internal.TPMCapAuthPolicies - CapACT = internal.TPMCapACT -) - -// PTFamilyIndicator values come from Part 2: Structures, section 6.13. -const ( - // a 4-octet character string containing the = internal.TPM - // (_SPEC_FAMILY= internal.TPM_SPEC_FAMILY - PTFamilyIndicator = internal.TPMPTFamilyIndicator - // the level of the specification - PTLevel = internal.TPMPTLevel - // the specification Revision times 100 - PTRevision = internal.TPMPTRevision - // the specification day of year using TCG calendar - PTDayofYear = internal.TPMPTDayofYear - // the specification year using the CE - PTYear = internal.TPMPTYear - // the vendor ID unique to each = internal.TPM - PTManufacturer = internal.TPMPTManufacturer - // the first four characters of the vendor ID string - PTVendorString1 = internal.TPMPTVendorString1 - // the second four characters of the vendor ID string - PTVendorString2 = internal.TPMPTVendorString2 - // the third four characters of the vendor ID string - PTVendorString3 = internal.TPMPTVendorString3 - // the fourth four characters of the vendor ID sting - PTVendorString4 = internal.TPMPTVendorString4 - // vendor-defined value indicating the = internal.TPM - PTVendorTPMType = internal.TPMPTVendorTPMType - // the most-significant 32 bits of a = internal.TPM - // indicating the version number of the firmware. - PTFirmwareVersion1 = internal.TPMPTFirmwareVersion1 - // the least-significant 32 bits of a = internal.TPM - // indicating the version number of the firmware. - // the maximum value for commandSize in a command - PTMaxCommandSize = internal.TPMPTMaxCommandSize - // the maximum value for responseSize in a response - PTMaxResponseSize = internal.TPMPTMaxResponseSize - // the maximum size of a digest that can be produced by the TPM - PTMaxDigest = internal.TPMPTMaxDigest - // the maximum size of an object context that will be returned by - // TPM2_ContextSave - PTMaxObjectContext = internal.TPMPTMaxObjectContext - // the maximum size of a session context that will be returned by - // TPM2_ContextSave - PTMaxSessionContext = internal.TPMPTMaxSessionContext - // platform-specific family (a TPM_PS value)(see Table 25) - PTPSFamilyIndicator = internal.TPMPTPSFamilyIndicator - // the number of split signing operations supported by the TPM - PTSplitMax = internal.TPMPTSplitMax - // total number of commands implemented in the TPM - PTTotalCommands = internal.TPMPTTotalCommands - // number of commands from the TPM library that are implemented - PTLibraryCommands = internal.TPMPTLibraryCommands - // number of vendor commands that are implemented - PTVendorCommands = internal.TPMPTVendorCommands - // the maximum data size in one NV write, NV read, NV extend, or NV - // certify command - PTNVBufferMax = internal.TPMPTNVBufferMax - // a TPMA_MODES value, indicating that the TPM is designed for these - // modes. - PTModes = internal.TPMPTModes - // the maximum size of a TPMS_CAPABILITY_DATA structure returned in - // TPM2_GetCapability(). - PTMaxCapBuffer = internal.TPMPTMaxCapBuffer - // TPMA_PERMANENT - PTPermanent = internal.TPMPTPermanent - // TPMA_STARTUP_CLEAR - PTStartupClear = internal.TPMPTStartupClear - // the number of NV Indexes currently defined - PTHRNVIndex = internal.TPMPTHRNVIndex - // the number of authorization sessions currently loaded into TPM RAM - PTHRLoaded = internal.TPMPTHRLoaded - // the number of additional authorization sessions, of any type, that - // could be loaded into TPM RAM - PTHRLoadedAvail = internal.TPMPTHRLoadedAvail - // the number of active authorization sessions currently being tracked - // by the TPM - PTHRActive = internal.TPMPTHRActive - // the number of additional authorization sessions, of any type, that - // could be created - PTHRActiveAvail = internal.TPMPTHRActiveAvail - // estimate of the number of additional transient objects that could be - // loaded into TPM RAM - PTHRTransientAvail = internal.TPMPTHRTransientAvail - // the number of persistent objects currently loaded into TPM NV memory - PTHRPersistent = internal.TPMPTHRPersistent - // the number of additional persistent objects that could be loaded into - // NV memory - PTHRPersistentAvail = internal.TPMPTHRPersistentAvail - // the number of defined NV Indexes that have NV the TPM_NT_COUNTER - // attribute - PTNVCounters = internal.TPMPTNVCounters - // the number of additional NV Indexes that can be defined with their - // TPM_NT of TPM_NV_COUNTER and the TPMA_NV_ORDERLY attribute SET - PTNVCountersAvail = internal.TPMPTNVCountersAvail - // code that limits the algorithms that may be used with the TPM - PTAlgorithmSet = internal.TPMPTAlgorithmSet - // the number of loaded ECC curves - PTLoadedCurves = internal.TPMPTLoadedCurves - // the current value of the lockout counter (failedTries) - PTLockoutCounter = internal.TPMPTLockoutCounter - // the number of authorization failures before DA lockout is invoked - PTMaxAuthFail = internal.TPMPTMaxAuthFail - // the number of seconds before the value reported by - // TPM_PT_LOCKOUT_COUNTER is decremented - PTLockoutInterval = internal.TPMPTLockoutInterval - // the number of seconds after a lockoutAuth failure before use of - // lockoutAuth may be attempted again - PTLockoutRecovery = internal.TPMPTLockoutRecovery - // number of milliseconds before the TPM will accept another command - // that will modify NV - PTNVWriteRecovery = internal.TPMPTNVWriteRecovery - // the high-order 32 bits of the command audit counter - PTAuditCounter0 = internal.TPMPTAuditCounter0 - // the low-order 32 bits of the command audit counter - PTAuditCounter1 = internal.TPMPTAuditCounter1 -) - -// TPMPTPCR values come from Part 2: Structures, section 6.14. -const ( - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is saved and - // restored by TPM_SU_STATE - PTPCRSave = internal.TPMPTPCRSave - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be - // extended from locality 0 - PTPCRExtendL0 = internal.TPMPTPCRExtendL0 - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset - // by TPM2_PCR_Reset() from locality 0 - PTPCRResetL0 = internal.TPMPTPCRResetL0 - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be - // extended from locality 1 - PTPCRExtendL1 = internal.TPMPTPCRExtendL1 - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset - // by TPM2_PCR_Reset() from locality 1 - PTPCRResetL1 = internal.TPMPTPCRResetL1 - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be - // extended from locality 2 - PTPCRExtendL2 = internal.TPMPTPCRExtendL2 - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset - // by TPM2_PCR_Reset() from locality 2 - PTPCRResetL2 = internal.TPMPTPCRResetL2 - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be - // extended from locality 3 - PTPCRExtendL3 = internal.TPMPTPCRExtendL3 - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset - // by TPM2_PCR_Reset() from locality 3 - PTPCRResetL3 = internal.TPMPTPCRResetL3 - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be - // extended from locality 4 - PTPCRExtendL4 = internal.TPMPTPCRExtendL4 - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset - // by TPM2_PCR_Reset() from locality 4 - PTPCRResetL4 = internal.TPMPTPCRResetL4 - // a SET bit in the TPMS_PCR_SELECT indicates that modifications to this - // PCR (reset or Extend) will not increment the pcrUpdateCounter - PTPCRNoIncrement = internal.TPMPTPCRNoIncrement - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is reset by a - // D-RTM event - PTPCRDRTMRest = internal.TPMPTPCRDRTMRest - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled - // by policy - PTPCRPolicy = internal.TPMPTPCRPolicy - // a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled - // by an authorization value - PTPCRAuth = internal.TPMPTPCRAuth -) - -// TPMHandle values come from Part 2: Structures, section 7.4. -const ( - RHOwner = internal.TPMRHOwner - RHNull = internal.TPMRHNull - RSPW = internal.TPMRSPW - RHLockout = internal.TPMRHLockout - RHEndorsement = internal.TPMRHEndorsement - RHPlatform = internal.TPMRHPlatform - RHPlatformNV = internal.TPMRHPlatformNV -) - -// NT values come from Part 2: Structures, section 13.2. -const ( - // contains data that is opaque to the TPM that can only be modified - // using TPM2_NV_Write(). - NTOrdinary = internal.TPMNTOrdinary - // contains an 8-octet value that is to be used as a counter and can - // only be modified with TPM2_NV_Increment() - NTCounter = internal.TPMNTCounter - // contains an 8-octet value to be used as a bit field and can only be - // modified with TPM2_NV_SetBits(). - NTBits = internal.TPMNTBits - // contains a digest-sized value used like a PCR. The Index can only be - // modified using TPM2_NV_Extend(). The extend will use the nameAlg of - // the Index. - NTExtend = internal.TPMNTExtend - // contains pinCount that increments on a PIN authorization failure and - // a pinLimit - NTPinFail = internal.TPMNTPinFail - // contains pinCount that increments on a PIN authorization success and - // a pinLimit - NTPinPass = internal.TPMNTPinPass -) diff --git a/tpm2/structures/tpm/tpm.go b/tpm2/structures/tpm/tpm.go deleted file mode 100644 index f8d3d5b1..00000000 --- a/tpm2/structures/tpm/tpm.go +++ /dev/null @@ -1,102 +0,0 @@ -// Package tpm contains the TPM 2.0 structures prefixed with "TPM_" -package tpm - -import ( - "github.com/google/go-tpm/tpm2/structures/internal" -) - -// CmdHeader is the header structure in front of any TPM command. -// It is described in Part 1, Architecture. -type CmdHeader = internal.TPMCmdHeader - -// RspHeader is the header structure in front of any TPM response. -// It is described in Part 1, Architecture. -type RspHeader = internal.TPMRspHeader - -// AlgorithmID represents a TPM_ALGORITHM_ID -// this is the 1.2 compatible form of the TPM_ALG_ID -// See definition in Part 2, Structures, section 5.3. -type AlgorithmID = internal.TPMAlgorithmID - -// ModifierIndicator represents a TPM_MODIFIER_INDICATOR. -// See definition in Part 2, Structures, section 5.3. -type ModifierIndicator = internal.TPMModifierIndicator - -// AuthorizationSize represents a TPM_AUTHORIZATION_SIZE. -// the authorizationSize parameter in a command -// See definition in Part 2, Structures, section 5.3. -type AuthorizationSize = internal.TPMAuthorizationSize - -// ParameterSize represents a TPM_PARAMETER_SIZE. -// the parameterSize parameter in a command -// See definition in Part 2, Structures, section 5.3. -type ParameterSize = internal.TPMParameterSize - -// KeySize represents a TPM_KEY_SIZE. -// a key size in octets -// See definition in Part 2, Structures, section 5.3. -type KeySize = internal.TPMKeySize - -// KeyBits represents a TPM_KEY_BITS. -// a key size in bits -// See definition in Part 2, Structures, section 5.3. -type KeyBits = internal.TPMKeyBits - -// Generated represents a TPM_GENERATED. -// See definition in Part 2: Structures, section 6.2. -type Generated = internal.TPMGenerated - -// AlgID represents a TPM_ALG_ID. -// See definition in Part 2: Structures, section 6.3. -type AlgID = internal.TPMAlgID - -// ECCCurve represents a TPM_ECC_Curve. -// See definition in Part 2: Structures, section 6.4. -type ECCCurve = internal.TPMECCCurve - -// CC represents a TPM_CC. -// See definition in Part 2: Structures, section 6.5.2. -type CC = internal.TPMCC - -// RC represents a TPM_RC. -// See definition in Part 2: Structures, section 6.6. -type RC = internal.TPMRC - -// Fmt1Error represents a TPM 2.0 format-1 error, with additional information. -type Fmt1Error = internal.TPMFmt1Error - -// EO represents a TPM_EO. -// See definition in Part 2: Structures, section 6.8. -type EO = internal.TPMEO - -// ST represents a TPM_ST. -// See definition in Part 2: Structures, section 6.9. -type ST = internal.TPMST - -// SU represents a TPM_SU. -// See definition in Part 2: Structures, section 6.10. -type SU = internal.TPMSU - -// SE represents a TPM_SE. -// See definition in Part 2: Structures, section 6.11. -type SE = internal.TPMSE - -// Cap represents a TPM_CAP. -// See definition in Part 2: Structures, section 6.12. -type Cap = internal.TPMCap - -// PT represents a TPM_PT. -// See definition in Part 2: Structures, section 6.13. -type PT = internal.TPMPT - -// PTPCR represents a TPM_PT_PCR. -// See definition in Part 2: Structures, section 6.14. -type PTPCR = internal.TPMPTPCR - -// Handle represents a TPM_HANDLE. -// See definition in Part 2: Structures, section 7.1. -type Handle = internal.TPMHandle - -// NT represents a TPM_NT. -// See definition in Part 2: Structures, section 13.4. -type NT = internal.TPMNT diff --git a/tpm2/structures/tpm2b/tpm2b.go b/tpm2/structures/tpm2b/tpm2b.go deleted file mode 100644 index 94086f6c..00000000 --- a/tpm2/structures/tpm2b/tpm2b.go +++ /dev/null @@ -1,127 +0,0 @@ -// Package tpm2b contains the TPM 2.0 structures prefixed with "TPM2B_" -package tpm2b - -import ( - "github.com/google/go-tpm/tpm2/structures/internal" -) - -// Digest represents a TPM2B_DIGEST. -// See definition in Part 2: Structures, section 10.4.2. -type Digest = internal.TPM2BDigest - -// Data represents a TPM2B_DATA. -// See definition in Part 2: Structures, section 10.4.3. -type Data = internal.TPM2BData - -// Nonce represents a TPM2B_NONCE. -// See definition in Part 2: Structures, section 10.4.4. -type Nonce = internal.TPM2BNonce - -// Event represents a TPM2B_EVENT. -// See definition in Part 2: Structures, section 10.4.7. -type Event = internal.TPM2BEvent - -// Timeout represents a TPM2B_TIMEOUT. -// See definition in Part 2: Structures, section 10.4.10. -type Timeout = internal.TPM2BTimeout - -// Auth represents a TPM2B_AUTH. -// See definition in Part 2: Structures, section 10.4.5. -type Auth = internal.TPM2BAuth - -// Operand represents a TPM2B_Operand. -// See definition in Part 2: Structures, section 10.4.6. -type Operand = internal.TPM2BOperand - -// MaxBuffer represents a TPM2B_MAX_BUFFER. -// See definition in Part 2: Structures, section 10.4.8. -type MaxBuffer = internal.TPM2BMaxBuffer - -// MaxNVBuffer represents a TPM2B_MAX_NV_BUFFER. -// See definition in Part 2: Structures, section 10.4.9. -type MaxNVBuffer = internal.TPM2BMaxNVBuffer - -// Name represents a TPM2B_NAME. -// See definition in Part 2: Structures, section 10.5.3. -// NOTE: This structure does not contain a TPMUName, because that union -// is not tagged with a selector. Instead, TPM2B_Name is flattened and -// all TPMDirect helpers that deal with names will deal with them as so. -type Name = internal.TPM2BName - -// Attest represents a TPM2B_ATTEST. -// See definition in Part 2: Structures, section 10.12.13. -// Note that in the spec, this is just a 2B_DATA with enough room for an S_ATTEST. -// For ergonomics, pretend that TPM2B_Attest wraps a TPMS_Attest just like other 2Bs. -type Attest = internal.TPM2BAttest - -// SymKey represents a TPM2B_SYM_KEY. -// See definition in Part 2: Structures, section 11.1.8. -type SymKey = internal.TPM2BSymKey - -// Label represents a TPM2B_LABEL. -// See definition in Part 2: Structures, section 11.1.10. -type Label = internal.TPM2BLabel - -// Derive represents a TPM2B_DERIVE. -// See definition in Part 2: Structures, section 11.1.12. -type Derive = internal.TPM2BDerive - -// SensitiveData represents a TPM2B_SENSITIVE_DATA. -// See definition in Part 2: Structures, section 11.1.14. -type SensitiveData = internal.TPM2BSensitiveData - -// SensitiveCreate represents a TPM2B_SENSITIVE_CREATE. -// See definition in Part 2: Structures, section 11.1.16. -type SensitiveCreate = internal.TPM2BSensitiveCreate - -// PublicKeyRSA represents a TPM2B_PUBLIC_KEY_RSA. -// See definition in Part 2: Structures, section 11.2.4.5. -type PublicKeyRSA = internal.TPM2BPublicKeyRSA - -// PrivateKeyRSA representsa a TPM2B_PRIVATE_KEY_RSA. -// See definition in Part 2: Structures, section 11.2.4.7. -type PrivateKeyRSA = internal.TPM2BPrivateKeyRSA - -// ECCParameter represents a TPM2B_ECC_PARAMETER. -// See definition in Part 2: Structures, section 11.2.5.1. -type ECCParameter = internal.TPM2BECCParameter - -// ECCPoint represents a TPM2B_ECC_POINT. -// See definition in Part 2: Structures, section 11.2.5.3 -type ECCPoint = internal.TPM2BECCPoint - -// EncryptedSecret represents a TPM2B_ENCRYPTED_SECRET. -// See definition in Part 2: Structures, section 11.4.33. -type EncryptedSecret = internal.TPM2BEncryptedSecret - -// Public represents a TPM2B_PUBLIC. -// See definition in Part 2: Structures, section 12.2.5. -type Public = internal.TPM2BPublic - -// Template represents a TPM2B_TEMPLATE. -// See definition in Part 2: Structures, section 12.2.6. -type Template = internal.TPM2BTemplate - -// Sensitive represents a TPM2B_SENSITIVE. -// See definition in Part 2: Structures, section 12.3.3. -type Sensitive = internal.TPM2BSensitive - -// Private represents a TPM2B_PRIVATE. -// See definition in Part 2: Structures, section 12.3.7. -type Private = internal.TPM2BPrivate - -// IDObject represents a TPM2B_ID_OBJECT. -// See definition in Part 2: Structures, section 12.4.3. -type IDObject = internal.TPM2BIDObject - -// NVPublic represents a TPM2B_NV_PUBLIC. -// See definition in Part 2: Structures, section 13.6. -type NVPublic = internal.TPM2BNVPublic - -// ContextSensitive represents a TPM2B_CONTEXT_SENSITIVE. -// See definition in Part 2: Structures, section 14.2. -type ContextSensitive = internal.TPM2BContextSensitive - -// CreationData represents a TPM2B_CREATION_DATA. -// See definition in Part 2: Structures, section 15.2. -type CreationData = internal.TPM2BCreationData diff --git a/tpm2/structures/tpma/tpma.go b/tpm2/structures/tpma/tpma.go deleted file mode 100644 index 707da1d4..00000000 --- a/tpm2/structures/tpma/tpma.go +++ /dev/null @@ -1,43 +0,0 @@ -// Package tpma contains the TPM 2.0 structures prefixed by "TPMA_" -package tpma - -import ( - "github.com/google/go-tpm/tpm2/structures/internal" -) - -// Bitfield represents a TPM bitfield (i.e., TPMA_*) type. -type Bitfield = internal.Bitfield - -// BitSetter represents a TPM bitfield (i.e., TPMA_*) type that can be written. -type BitSetter = internal.BitSetter - -// BitGetter represents a TPM bitfield (i.e., TPMA_*) type that can be read. -type BitGetter = internal.BitGetter - -// Algorithm represents a TPMA_ALGORITHM. -// See definition in Part 2: Structures, section 8.2. -type Algorithm = internal.TPMAAlgorithm - -// Object represents a TPMA_OBJECT. -// See definition in Part 2: Structures, section 8.3.2. -type Object = internal.TPMAObject - -// Session represents a TPMA_SESSION. -// See definition in Part 2: Structures, section 8.4. -type Session = internal.TPMASession - -// Locality represents a TPMA_LOCALITY. -// See definition in Part 2: Structures, section 8.5. -type Locality = internal.TPMALocality - -// CC represents a TPMA_CC. -// See definition in Part 2: Structures, section 8.9. -type CC = internal.TPMACC - -// ACT represents a TPMA_ACT. -// See definition in Part 2: Structures, section 8.12. -type ACT = internal.TPMAACT - -// NV represents a TPMA_NV. -// See definition in Part 2: Structures, section 13.4. -type NV = internal.TPMANV diff --git a/tpm2/structures/tpmi/tpmi.go b/tpm2/structures/tpmi/tpmi.go deleted file mode 100644 index ac7683ff..00000000 --- a/tpm2/structures/tpmi/tpmi.go +++ /dev/null @@ -1,147 +0,0 @@ -// Package tpmi contains the TPM 2.0 structures prefixed by "TPMI_" -package tpmi - -import ( - "github.com/google/go-tpm/tpm2/structures/internal" -) - -// YesNo represents a TPMI_YES_NO. -// See definition in Part 2: Structures, section 9.2. -// Use native bool for TPMI_YES_NO; encoding/binary already treats this as 8 bits wide. -type YesNo = internal.TPMIYesNo - -// DHObject represents a TPMI_DH_OBJECT. -// See definition in Part 2: Structures, section 9.3. -type DHObject = internal.TPMIDHObject - -// DHEntity represents a TPMI_DH_ENTITY. -// See definition in Part 2: Structures, section 9.6. -type DHEntity = internal.TPMIDHEntity - -// SHAuthSession represents a TPMI_SH_AUTH_SESSION. -// See definition in Part 2: Structures, section 9.8. -type SHAuthSession = internal.TPMISHAuthSession - -// SHHMAC represents a TPMI_SH_HMAC. -// See definition in Part 2: Structures, section 9.9. -type SHHMAC = internal.TPMISHHMAC - -// SHPolicy represents a TPMI_SH_POLICY. -// See definition in Part 2: Structures, section 9.10. -type SHPolicy = internal.TPMISHPolicy - -// DHContext represents a TPMI_DH_CONTEXT. -// See definition in Part 2: Structures, section 9.11. -type DHContext = internal.TPMIDHContext - -// RHHierarchy represents a TPMI_RH_HIERARCHY. -// See definition in Part 2: Structures, section 9.13. -type RHHierarchy = internal.TPMIRHHierarchy - -// RHEnables represents a TPMI_RH_ENABLES. -// See definition in Part 2: Structures, section 9.14. -type RHEnables = internal.TPMIRHEnables - -// RHHierarchyAuth represents a TPMI_RH_HIERARCHY_AUTH. -// See definition in Part 2: Structures, section 9.15. -type RHHierarchyAuth = internal.TPMIRHHierarchyAuth - -// RHHierarchyPolicy represents a TPMI_RH_HIERARCHY_POLICY. -// See definition in Part 2: Structures, section 9.16. -type RHHierarchyPolicy = internal.TPMIRHHierarchyPolicy - -// RHPlatform represents a TPMI_RH_PLATFORM. -// See definition in Part 2: Structures, section 9.17. -type RHPlatform = internal.TPMIRHPlatform - -// RHOwner represents a TPMI_RH_OWNER. -// See definition in Part 2: Structures, section 9.18. -type RHOwner = internal.TPMIRHOwner - -// RHEndorsement represents a TPMI_RH_ENDORSEMENT. -// See definition in Part 2: Structures, section 9.19. -type RHEndorsement = internal.TPMIRHEndorsement - -// RHProvision represents a TPMI_RH_PROVISION. -// See definition in Part 2: Structures, section 9.20. -type RHProvision = internal.TPMIRHProvision - -// RHClear represents a TPMI_RH_CLEAR. -// See definition in Part 2: Structures, section 9.21. -type RHClear = internal.TPMIRHClear - -// RHNVAuth represents a TPMI_RH_NV_AUTH. -// See definition in Part 2: Structures, section 9.22. -type RHNVAuth = internal.TPMIRHNVAuth - -// RHLockout represents a TPMI_RH_LOCKOUT. -// See definition in Part 2: Structures, section 9.23. -type RHLockout = internal.TPMIRHLockout - -// RHNVIndex represents a TPMI_RH_NV_INDEX. -// See definition in Part 2: Structures, section 9.24. -type RHNVIndex = internal.TPMIRHNVIndex - -// RHAC represents a TPMI_RH_AC. -// See definition in Part 2: Structures, section 9.25. -type RHAC = internal.TPMIRHAC - -// RHACT represents a TPMI_RH_ACT. -// See definition in Part 2: Structures, section 9.26. -type RHACT = internal.TPMIRHACT - -// AlgHash represents a TPMI_ALG_HASH. -// See definition in Part 2: Structures, section 9.27. -type AlgHash = internal.TPMIAlgHash - -// AlgSym represents a TPMI_ALG_SYM. -// See definition in Part 2: Structures, section 9.29. -type AlgSym = internal.TPMIAlgSym - -// AlgSymObject represents a TPMI_ALG_SYM_OBJECT. -// See definition in Part 2: Structures, section 9.30. -type AlgSymObject = internal.TPMIAlgSymObject - -// AlgSymMode represents a TPMI_ALG_SYM_MODE. -// See definition in Part 2: Structures, section 9.31. -type AlgSymMode = internal.TPMIAlgSymMode - -// AlgKDF represents a TPMI_ALG_KDF. -// See definition in Part 2: Structures, section 9.32. -type AlgKDF = internal.TPMIAlgKDF - -// AlgSigScheme represents a TPMI_ALG_SIG_SCHEME. -// See definition in Part 2: Structures, section 9.33. -type AlgSigScheme = internal.TPMIAlgSigScheme - -// STCommandTag represents a TPMI_ST_COMMAND_TAG. -// See definition in Part 2: Structures, section 9.35. -type STCommandTag = internal.TPMISTCommandTag - -// STAttest represents a TPMI_ST_ATTEST. -// See definition in Part 2: Structures, section 10.12.10. -type STAttest = internal.TPMISTAttest - -// AlgKeyedHashScheme represents a TPMI_ALG_KEYEDHASH_SCHEME. -// See definition in Part 2: Structures, section 11.1.10. -type AlgKeyedHashScheme = internal.TPMIAlgKeyedHashScheme - -// AlgRSAScheme represents a TPMI_ALG_RSA_SCHEME. -// See definition in Part 2: Structures, section 11.2.4.1. -type AlgRSAScheme = internal.TPMIAlgRSAScheme - -// RSAKeyBits represents a TPMI_RSA_KEY_BITS. -// See definition in Part 2: Structures, section 11.2.4.6. -type RSAKeyBits = internal.TPMIRSAKeyBits - -// AlgECCScheme represents a TPMI_ALG_ECC_SCHEME. -// See definition in Part 2: Structures, section 11.2.5.4. -type AlgECCScheme = internal.TPMIAlgECCScheme - -// ECCCurve represents a TPMI_ECC_CURVE. -// See definition in Part 2: Structures, section 11.2.5.5. -type ECCCurve = internal.TPMIECCCurve - -// AlgPublic represents a TPMI_ALG_PUBLIC. -// See definition in Part 2: Structures, section 12.2.2. -type AlgPublic = internal.TPMIAlgPublic diff --git a/tpm2/structures/tpml/tpml.go b/tpm2/structures/tpml/tpml.go deleted file mode 100644 index fcb6066d..00000000 --- a/tpm2/structures/tpml/tpml.go +++ /dev/null @@ -1,58 +0,0 @@ -// Package tpml contains TPM 2.0 structures prefixed with "TPML_" -package tpml - -import ( - "github.com/google/go-tpm/tpm2/structures/internal" -) - -// CC represents a TPML_CC. -// See definition in Part 2: Structures, section 10.9.1. -type CC = internal.TPMLCC - -// CCA represents a TPML_CCA. -// See definition in Part 2: Structures, section 10.9.2. -type CCA = internal.TPMLCCA - -// Alg represents a TPMLALG. -// See definition in Part 2: Structures, section 10.9.3. -type Alg = internal.TPMLAlg - -// Handle represents a TPML_HANDLE. -// See definition in Part 2: Structures, section 10.9.4. -type Handle = internal.TPMLHandle - -// Digest represents a TPML_DIGEST. -// See definition in Part 2: Structures, section 10.9.5. -type Digest = internal.TPMLDigest - -// DigestValues represents a TPML_DIGEST_VALUES. -// See definition in Part 2: Structures, section 10.9.6. -type DigestValues = internal.TPMLDigestValues - -// PCRSelection represents a TPML_PCR_SELECTION. -// See definition in Part 2: Structures, section 10.9.7. -type PCRSelection = internal.TPMLPCRSelection - -// AlgProperty represents a TPML_ALG_PROPERTY. -// See definition in Part 2: Structures, section 10.9.8. -type AlgProperty = internal.TPMLAlgProperty - -// TaggedTPMProperty represents a TPML_TAGGED_TPM_PROPERTY. -// See definition in Part 2: Structures, section 10.9.9. -type TaggedTPMProperty = internal.TPMLTaggedTPMProperty - -// TaggedPCRProperty represents a TPML_TAGGED_PCR_PROPERTY. -// See definition in Part 2: Structures, section 10.9.10. -type TaggedPCRProperty = internal.TPMLTaggedPCRProperty - -// ECCCurve represents a TPML_ECC_CURVE. -// See definition in Part 2: Structures, section 10.9.11. -type ECCCurve = internal.TPMLECCCurve - -// TaggedPolicy represents a TPML_TAGGED_POLICY. -// See definition in Part 2: Structures, section 10.9.12. -type TaggedPolicy = internal.TPMLTaggedPolicy - -// ACTData represents a TPML_ACT_DATA. -// See definition in Part 2: Structures, section 10.9.13. -type ACTData = internal.TPMLACTData diff --git a/tpm2/structures/tpms/tpms.go b/tpm2/structures/tpms/tpms.go deleted file mode 100644 index 94c24aa9..00000000 --- a/tpm2/structures/tpms/tpms.go +++ /dev/null @@ -1,204 +0,0 @@ -// Package tpms contains the TPM 2.0 structures prefixed by "TPMS_" -package tpms - -import "github.com/google/go-tpm/tpm2/structures/internal" - -// Empty represents a TPMS_EMPTY. -// See definition in Part 2: Structures, section 10.1. -type Empty = internal.TPMSEmpty - -// PCRSelection represents a TPMS_PCR_SELECTION. -// See definition in Part 2: Structures, section 10.6.2. -type PCRSelection = internal.TPMSPCRSelection - -// AlgProperty represents a TPMS_ALG_PROPERTY. -// See definition in Part 2: Structures, section 10.8.1. -type AlgProperty = internal.TPMSAlgProperty - -// TaggedProperty represents a TPMS_TAGGED_PROPERTY. -// See definition in Part 2: Structures, section 10.8.2. -type TaggedProperty = internal.TPMSTaggedProperty - -// TaggedPCRSelect represents a TPMS_TAGGED_PCR_SELECT. -// See definition in Part 2: Structures, section 10.8.3. -type TaggedPCRSelect = internal.TPMSTaggedPCRSelect - -// TaggedPolicy represents a TPMS_TAGGED_POLICY. -// See definition in Part 2: Structures, section 10.8.4. -type TaggedPolicy = internal.TPMSTaggedPolicy - -// ACTData represents a TPMS_ACT_DATA. -// See definition in Part 2: Structures, section 10.8.5. -type ACTData = internal.TPMSACTData - -// CapabilityData represents a TPMS_CAPABILITY_DATA. -// See definition in Part 2: Structures, section 10.10.2. -type CapabilityData = internal.TPMSCapabilityData - -// ClockInfo represents a TPMS_CLOCK_INFO. -// See definition in Part 2: Structures, section 10.11.1. -type ClockInfo = internal.TPMSClockInfo - -// TimeInfo represents a TPMS_TIMEzINFO. -// See definition in Part 2: Structures, section 10.11.6. -type TimeInfo = internal.TPMSTimeInfo - -// TimeAttestInfo represents a TPMS_TIME_ATTEST_INFO. -// See definition in Part 2: Structures, section 10.12.2. -type TimeAttestInfo = internal.TPMSTimeAttestInfo - -// CertifyInfo represents a TPMS_CERTIFY_INFO. -// See definition in Part 2: Structures, section 10.12.3. -type CertifyInfo = internal.TPMSCertifyInfo - -// QuoteInfo represents a TPMS_QUOTE_INFO. -// See definition in Part 2: Structures, section 10.12.4. -type QuoteInfo = internal.TPMSQuoteInfo - -// CommandAuditInfo represents a TPMS_COMMAND_AUDIT_INFO. -// See definition in Part 2: Structures, section 10.12.5. -type CommandAuditInfo = internal.TPMSCommandAuditInfo - -// SessionAuditInfo represents a TPMS_SESSION_AUDIT_INFO. -// See definition in Part 2: Structures, section 10.12.6. -type SessionAuditInfo = internal.TPMSSessionAuditInfo - -// CreationInfo represents a TPMS_CREATION_INFO. -// See definition in Part 2: Structures, section 10.12.7. -type CreationInfo = internal.TPMSCreationInfo - -// NVCertifyInfo represents a TPMS_NV_CERTIFY_INFO. -// See definition in Part 2: Structures, section 10.12.8. -type NVCertifyInfo = internal.TPMSNVCertifyInfo - -// NVDigestCertifyInfo represents a TPMS_NV_DIGEST_CERTIFY_INFO. -// See definition in Part 2: Structures, section 10.12.9. -type NVDigestCertifyInfo = internal.TPMSNVDigestCertifyInfo - -// Attest represents a TPMS_ATTEST. -// See definition in Part 2: Structures, section 10.12.12. -type Attest = internal.TPMSAttest - -// AuthCommand represents a TPMS_AUTH_COMMAND. -// See definition in Part 2: Structures, section 10.13.2. -type AuthCommand = internal.TPMSAuthCommand - -// AuthResponse represents a TPMS_AUTH_RESPONSE. -// See definition in Part 2: Structures, section 10.13.3. -type AuthResponse = internal.TPMSAuthResponse - -// SymCipherParms represents a TPMS_SYMCIPHER_PARMS. -// See definition in Part 2: Structures, section 11.1.9. -type SymCipherParms = internal.TPMSSymCipherParms - -// Derive represents a TPMS_DERIVE. -// See definition in Part 2: Structures, section 11.1.11. -type Derive = internal.TPMSDerive - -// SensitiveCreate represents a TPMS_SENSITIVE_CREATE. -// See definition in Part 2: Structures, section 11.1.15. -type SensitiveCreate = internal.TPMSSensitiveCreate - -// SchemeHash represents a TPMS_SCHEME_HASH. -// See definition in Part 2: Structures, section 11.1.17. -type SchemeHash = internal.TPMSSchemeHash - -// SchemeECDAA represents a TPMS_SCHEME_ECDAA. -// See definition in Part 2: Structures, section 11.1.18. -type SchemeECDAA = internal.TPMSSchemeECDAA - -// SchemeHMAC represents a TPMS_SCHEME_HMAC. -// See definition in Part 2: Structures, section 11.1.20. -type SchemeHMAC = internal.TPMSSchemeHMAC - -// SchemeXOR represents a TPMS_SCHEME_XOR. -// See definition in Part 2: Structures, section 11.1.21. -type SchemeXOR = internal.TPMSSchemeXOR - -// SigSchemeRSASSA represents a TPMS_SIG_SCHEME_RSASSA. -// See definition in Part 2: Structures, section 11.2.1.2. -type SigSchemeRSASSA = internal.TPMSSigSchemeRSASSA - -// SigSchemeRSAPSS represents a TPMS_SIG_SCHEME_RSAPSS. -// See definition in Part 2: Structures, section 11.2.1.2. -type SigSchemeRSAPSS = internal.TPMSSigSchemeRSAPSS - -// SigSchemeECDSA represents a TPMS_SIG_SCHEME_ECDSA. -// See definition in Part 2: Structures, section 11.2.1.3. -type SigSchemeECDSA = internal.TPMSSigSchemeECDSA - -// SigSchemeECDAA represents a TPMS_SIG_SCHEME_ECDAA. -// See definition in Part 2: Structures, section 11.2.1.3. -type SigSchemeECDAA = internal.TPMSSigSchemeECDAA - -// EncSchemeRSAES represents a TPMS_ENC_SCHEME_RSAES. -// See definition in Part 2: Structures, section 11.2.2.2. -type EncSchemeRSAES = internal.TPMSEncSchemeRSAES - -// EncSchemeOAEP represents a TPMS_ENC_SCHEME_OAEP. -// See definition in Part 2: Structures, section 11.2.2.2. -type EncSchemeOAEP = internal.TPMSEncSchemeOAEP - -// KeySchemeECDH represents a TPMS_KEY_SCHEME_ECDH. -// See definition in Part 2: Structures, section 11.2.2.3. -type KeySchemeECDH = internal.TPMSKeySchemeECDH - -// KDFSchemeMGF1 represents a TPMS_KDF_SCHEME_MGF1. -// See definition in Part 2: Structures, section 11.2.3.1. -type KDFSchemeMGF1 = internal.TPMSKDFSchemeMGF1 - -// KDFSchemeECDH represents a TPMS_KDF_SCHEME_ECDH. -// See definition in Part 2: Structures, section 11.2.3.1. -type KDFSchemeECDH = internal.TPMSKDFSchemeECDH - -// KDFSchemeKDF1SP80056A represents a TPMS_KDF_SCHEME_KDF1SP80056A. -// See definition in Part 2: Structures, section 11.2.3.1. -type KDFSchemeKDF1SP80056A = internal.TPMSKDFSchemeKDF1SP80056A - -// KDFSchemeKDF2 represents a TPMS_KDF_SCHEME_KDF2. -// See definition in Part 2: Structures, section 11.2.3.1. -type KDFSchemeKDF2 = internal.TPMSKDFSchemeKDF2 - -// KDFSchemeKDF1SP800108 represents a TPMS_KDF_SCHEME_KDF1SP800108. -// See definition in Part 2: Structures, section 11.2.3.1. -type KDFSchemeKDF1SP800108 = internal.TPMSKDFSchemeKDF1SP800108 - -// ECCPoint represents a TPMS_ECC_POINT. -// See definition in Part 2: Structures, section 11.2.5.2. -type ECCPoint = internal.TPMSECCPoint - -// SignatureRSA represents a TPMS_SIGNATURE_RSA. -// See definition in Part 2: Structures, section 11.3.1. -type SignatureRSA = internal.TPMSSignatureRSA - -// SignatureECC represents a TPMS_SIGNATURE_ECC. -// See definition in Part 2: Structures, section 11.3.2. -type SignatureECC = internal.TPMSSignatureECC - -// KeyedHashParms represents a TPMS_KEYEDHASH_PARMS. -// See definition in Part 2: Structures, section 12.2.3.3. -type KeyedHashParms = internal.TPMSKeyedHashParms - -// RSAParms represents a TPMS_RSA_PARMS. -// See definition in Part 2: Structures, section 12.2.3.5. -type RSAParms = internal.TPMSRSAParms - -// ECCParms represents a TPMS_ECC_PARMS. -// See definition in Part 2: Structures, section 12.2.3.6. -type ECCParms = internal.TPMSECCParms - -// NVPublic represents a TPMS_NV_PUBLIC. -// See definition in Part 2: Structures, section 13.5. -type NVPublic = internal.TPMSNVPublic - -// ContextData represents a TPMS_CONTEXT_DATA -// See definition in Part 2: Structures, section 14.3. -type ContextData = internal.TPMSContextData - -// Context represents a TPMS_CONTEXT -// See definition in Part 2: Structures, section 14.5. -type Context = internal.TPMSContext - -// CreationData represents a TPMS_CREATION_DATA. -// See definition in Part 2: Structures, section 15.1. -type CreationData = internal.TPMSCreationData diff --git a/tpm2/structures/tpmt/tpmt.go b/tpm2/structures/tpmt/tpmt.go deleted file mode 100644 index 6d5e4428..00000000 --- a/tpm2/structures/tpmt/tpmt.go +++ /dev/null @@ -1,69 +0,0 @@ -// Package tpmt contains TPM 2.0 structures prefixed with "TPMT_" -package tpmt - -import "github.com/google/go-tpm/tpm2/structures/internal" - -// HA represents a TPMT_HA. -// See definition in Part 2: Structures, section 10.3.2. -type HA = internal.TPMTHA - -// TKCreation represents a TPMT_TK_CREATION. -// See definition in Part 2: Structures, section 10.7.3. -type TKCreation = internal.TPMTTKCreation - -// TKVerified represents a TPMT_TK_Verified. -// See definition in Part 2: Structures, section 10.7.4. -type TKVerified = internal.TPMTTKVerified - -// TKAuth represents a TPMT_TK_AUTH. -// See definition in Part 2: Structures, section 10.7.5. -type TKAuth = internal.TPMTTKAuth - -// TKHashCheck represents a TPMT_TK_HASHCHECK. -// See definition in Part 2: Structures, section 10.7.6. -type TKHashCheck = internal.TPMTTKHashCheck - -// SymDef represents a TPMT_SYM_DEF. -// See definition in Part 2: Structures, section 11.1.6. -type SymDef = internal.TPMTSymDef - -// SymDefObject represents a TPMT_SYM_DEF_OBJECT. -// See definition in Part 2: Structures, section 11.1.7. -type SymDefObject = internal.TPMTSymDefObject - -// KeyedHashScheme represents a TPMT_KEYEDHASH_SCHEME. -// See definition in Part 2: Structures, section 11.1.23. -type KeyedHashScheme = internal.TPMTKeyedHashScheme - -// SigScheme represents a TPMT_SIG_SCHEME. -// See definition in Part 2: Structures, section 11.2.1.5. -type SigScheme = internal.TPMTSigScheme - -// KDFScheme represents a TPMT_KDF_SCHEME. -// See definition in Part 2: Structures, section 11.2.3.3. -type KDFScheme = internal.TPMTKDFScheme - -// RSAScheme represents a TPMT_RSA_SCHEME. -// See definition in Part 2: Structures, section 11.2.4.2. -type RSAScheme = internal.TPMTRSAScheme - -// ECCScheme represents a TPMT_ECC_SCHEME. -// See definition in Part 2: Structures, section 11.2.5.6. -type ECCScheme = internal.TPMTECCScheme - -// Signature represents a TPMT_SIGNATURE. -// See definition in Part 2: Structures, section 11.3.4. -type Signature = internal.TPMTSignature - -// Public represents a TPMT_PUBLIC. -// See definition in Part 2: Structures, section 12.2.4. -type Public = internal.TPMTPublic - -// Template represents a TPMT_TEMPLATE. It is not defined in the spec. -// It represents the alternate form of TPMT_PUBLIC for TPM2B_TEMPLATE as -// described in Part 2: Structures, 12.2.6. -type Template = internal.TPMTTemplate - -// Sensitive represents a TPMT_SENSITIVE. -// See definition in Part 2: Structures, section 12.3.2.4. -type Sensitive = internal.TPMTSensitive diff --git a/tpm2/structures/tpmu/tpmu.go b/tpm2/structures/tpmu/tpmu.go deleted file mode 100644 index b5276ee9..00000000 --- a/tpm2/structures/tpmu/tpmu.go +++ /dev/null @@ -1,65 +0,0 @@ -// Package tpmu contains TPM 2.0 structures prefixed with "TPMU_" -package tpmu - -import "github.com/google/go-tpm/tpm2/structures/internal" - -// Capabilities represents a TPMU_CAPABILITIES. -// See definition in Part 2: Structures, section 10.10.1. -type Capabilities = internal.TPMUCapabilities - -// Attest represents a TPMU_ATTEST. -// See definition in Part 2: Structures, section 10.12.11. -type Attest = internal.TPMUAttest - -// SymKeyBits represents a TPMU_SYM_KEY_BITS. -// See definition in Part 2: Structures, section 11.1.3. -type SymKeyBits = internal.TPMUSymKeyBits - -// SymMode represents a TPMU_SYM_MODE. -// See definition in Part 2: Structures, section 11.1.4. -type SymMode = internal.TPMUSymMode - -// SymDetails represents a TPMU_SYM_DETAILS. -// See definition in Part 2: Structures, section 11.1.5. -type SymDetails = internal.TPMUSymDetails - -// SensitiveCreate represents a TPMU_SENSITIVE_CREATE. -// See definition in Part 2: Structures, section 11.1.13. -type SensitiveCreate = internal.TPMUSensitiveCreate - -// SchemeKeyedHash represents a TPMU_SCHEME_KEYEDHASH. -// See definition in Part 2: Structures, section 11.1.22. -type SchemeKeyedHash = internal.TPMUSchemeKeyedHash - -// SigScheme represents a TPMU_SIG_SCHEME. -// See definition in Part 2: Structures, section 11.2.1.4. -type SigScheme = internal.TPMUSigScheme - -// KDFScheme represents a TPMU_KDF_SCHEME. -// See definition in Part 2: Structures, section 11.2.3.2. -type KDFScheme = internal.TPMUKDFScheme - -// AsymScheme represents a TPMU_ASYM_SCHEME. -// See definition in Part 2: Structures, section 11.2.3.5. -type AsymScheme = internal.TPMUAsymScheme - -// Signature represents a TPMU_SIGNATURE. -// See definition in Part 2: Structures, section 11.3.3. -type Signature = internal.TPMUSignature - -// PublicID represents a TPMU_PUBLIC_ID. -// See definition in Part 2: Structures, section 12.2.3.2. -type PublicID = internal.TPMUPublicID - -// PublicParms represents a TPMU_PUBLIC_PARMS. -// See definition in Part 2: Structures, section 12.2.3.7. -type PublicParms = internal.TPMUPublicParms - -// Template represents the possible contents of a TPM2B_Template. It is not -// defined or named in the spec, which instead describes how its contents may -// differ in the case of CreateLoaded with a derivation parent. -type Template = internal.TPMUTemplate - -// SensitiveComposite represents a TPMU_SENSITIVE_COMPOSITE. -// See definition in Part 2: Structures, section 12.3.2.3. -type SensitiveComposite = internal.TPMUSensitiveComposite diff --git a/tpm2/templates.go b/tpm2/templates.go new file mode 100644 index 00000000..5d6e3c66 --- /dev/null +++ b/tpm2/templates.go @@ -0,0 +1,184 @@ +package tpm2 + +var ( + // RSASRKTemplate contains the TCG reference RSA-2048 SRK template. + // https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf + RSASRKTemplate = TPMTPublic{ + Type: TPMAlgRSA, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ + FixedTPM: true, + STClear: false, + FixedParent: true, + SensitiveDataOrigin: true, + UserWithAuth: true, + AdminWithPolicy: false, + NoDA: true, + EncryptedDuplication: false, + Restricted: true, + Decrypt: true, + SignEncrypt: false, + }, + Parameters: TPMUPublicParms{ + RSADetail: &TPMSRSAParms{ + Symmetric: TPMTSymDefObject{ + Algorithm: TPMAlgAES, + KeyBits: TPMUSymKeyBits{ + AES: NewKeyBits(128), + }, + Mode: TPMUSymMode{ + AES: NewAlgID(TPMAlgCFB), + }, + }, + KeyBits: 2048, + }, + }, + Unique: TPMUPublicID{ + RSA: &TPM2BPublicKeyRSA{ + Buffer: make([]byte, 256), + }, + }, + } + // RSAEKTemplate contains the TCG reference RSA-2048 EK template. + RSAEKTemplate = TPMTPublic{ + Type: TPMAlgRSA, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ + FixedTPM: true, + STClear: false, + FixedParent: true, + SensitiveDataOrigin: true, + UserWithAuth: false, + AdminWithPolicy: true, + NoDA: false, + EncryptedDuplication: false, + Restricted: true, + Decrypt: true, + SignEncrypt: false, + }, + AuthPolicy: TPM2BDigest{ + Buffer: []byte{ + // TPM2_PolicySecret(RH_ENDORSEMENT) + 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, + 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24, + 0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, + 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA, + }, + }, + Parameters: TPMUPublicParms{ + RSADetail: &TPMSRSAParms{ + Symmetric: TPMTSymDefObject{ + Algorithm: TPMAlgAES, + KeyBits: TPMUSymKeyBits{ + AES: NewKeyBits(128), + }, + Mode: TPMUSymMode{ + AES: NewAlgID(TPMAlgCFB), + }, + }, + KeyBits: 2048, + }, + }, + Unique: TPMUPublicID{ + RSA: &TPM2BPublicKeyRSA{ + Buffer: make([]byte, 256), + }, + }, + } + + // ECCSRKTemplate contains the TCG reference ECC-P256 SRK template. + // https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf + ECCSRKTemplate = TPMTPublic{ + Type: TPMAlgECC, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ + FixedTPM: true, + STClear: false, + FixedParent: true, + SensitiveDataOrigin: true, + UserWithAuth: true, + AdminWithPolicy: false, + NoDA: true, + EncryptedDuplication: false, + Restricted: true, + Decrypt: true, + SignEncrypt: false, + }, + Parameters: TPMUPublicParms{ + ECCDetail: &TPMSECCParms{ + Symmetric: TPMTSymDefObject{ + Algorithm: TPMAlgAES, + KeyBits: TPMUSymKeyBits{ + AES: NewKeyBits(128), + }, + Mode: TPMUSymMode{ + AES: NewAlgID(TPMAlgCFB), + }, + }, + CurveID: TPMECCNistP256, + }, + }, + Unique: TPMUPublicID{ + ECC: &TPMSECCPoint{ + X: TPM2BECCParameter{ + Buffer: make([]byte, 32), + }, + Y: TPM2BECCParameter{ + Buffer: make([]byte, 32), + }, + }, + }, + } + + // ECCEKTemplate contains the TCG reference ECC-P256 EK template. + ECCEKTemplate = TPMTPublic{ + Type: TPMAlgECC, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ + FixedTPM: true, + STClear: false, + FixedParent: true, + SensitiveDataOrigin: true, + UserWithAuth: false, + AdminWithPolicy: true, + NoDA: false, + EncryptedDuplication: false, + Restricted: true, + Decrypt: true, + SignEncrypt: false, + }, + AuthPolicy: TPM2BDigest{ + Buffer: []byte{ + // TPM2_PolicySecret(RH_ENDORSEMENT) + 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, + 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24, + 0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, + 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA, + }, + }, + Parameters: TPMUPublicParms{ + ECCDetail: &TPMSECCParms{ + Symmetric: TPMTSymDefObject{ + Algorithm: TPMAlgAES, + KeyBits: TPMUSymKeyBits{ + AES: NewKeyBits(128), + }, + Mode: TPMUSymMode{ + AES: NewAlgID(TPMAlgCFB), + }, + }, + CurveID: TPMECCNistP256, + }, + }, + Unique: TPMUPublicID{ + ECC: &TPMSECCPoint{ + X: TPM2BECCParameter{ + Buffer: make([]byte, 32), + }, + Y: TPM2BECCParameter{ + Buffer: make([]byte, 32), + }, + }, + }, + } +) diff --git a/tpm2/templates/templates.go b/tpm2/templates/templates.go deleted file mode 100644 index 193b3449..00000000 --- a/tpm2/templates/templates.go +++ /dev/null @@ -1,195 +0,0 @@ -// Package templates provides standard templates for TPM 2.0 primary keys. -package templates - -import ( - "github.com/google/go-tpm/tpm2/helpers" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" -) - -var ( - // RSASRKTemplate contains the TCG reference RSA-2048 SRK template. - // https://trustedcomputinggroup.org/wp-content/uploads/TCG-tpm.-v2.0-Provisioning-Guidance-Published-v1r1.pdf - RSASRKTemplate = tpmt.Public{ - Type: tpm.AlgRSA, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ - FixedTPM: true, - STClear: false, - FixedParent: true, - SensitiveDataOrigin: true, - UserWithAuth: true, - AdminWithPolicy: false, - NoDA: true, - EncryptedDuplication: false, - Restricted: true, - Decrypt: true, - SignEncrypt: false, - }, - Parameters: tpmu.PublicParms{ - RSADetail: &tpms.RSAParms{ - Symmetric: tpmt.SymDefObject{ - Algorithm: tpm.AlgAES, - KeyBits: tpmu.SymKeyBits{ - AES: helpers.NewKeyBits(128), - }, - Mode: tpmu.SymMode{ - AES: helpers.NewAlgID(tpm.AlgCFB), - }, - }, - KeyBits: 2048, - }, - }, - Unique: tpmu.PublicID{ - RSA: &tpm2b.PublicKeyRSA{ - Buffer: make([]byte, 256), - }, - }, - } - // RSAEKTemplate contains the TCG reference RSA-2048 EK template. - RSAEKTemplate = tpmt.Public{ - Type: tpm.AlgRSA, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ - FixedTPM: true, - STClear: false, - FixedParent: true, - SensitiveDataOrigin: true, - UserWithAuth: false, - AdminWithPolicy: true, - NoDA: false, - EncryptedDuplication: false, - Restricted: true, - Decrypt: true, - SignEncrypt: false, - }, - AuthPolicy: tpm2b.Digest{ - Buffer: []byte{ - // tpm.2_PolicySecret(RH_ENDORSEMENT) - 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, - 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24, - 0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, - 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA, - }, - }, - Parameters: tpmu.PublicParms{ - RSADetail: &tpms.RSAParms{ - Symmetric: tpmt.SymDefObject{ - Algorithm: tpm.AlgAES, - KeyBits: tpmu.SymKeyBits{ - AES: helpers.NewKeyBits(128), - }, - Mode: tpmu.SymMode{ - AES: helpers.NewAlgID(tpm.AlgCFB), - }, - }, - KeyBits: 2048, - }, - }, - Unique: tpmu.PublicID{ - RSA: &tpm2b.PublicKeyRSA{ - Buffer: make([]byte, 256), - }, - }, - } - - // ECCSRKTemplate contains the TCG reference ECC-P256 SRK template. - // https://trustedcomputinggroup.org/wp-content/uploads/TCG-tpm.-v2.0-Provisioning-Guidance-Published-v1r1.pdf - ECCSRKTemplate = tpmt.Public{ - Type: tpm.AlgECC, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ - FixedTPM: true, - STClear: false, - FixedParent: true, - SensitiveDataOrigin: true, - UserWithAuth: true, - AdminWithPolicy: false, - NoDA: true, - EncryptedDuplication: false, - Restricted: true, - Decrypt: true, - SignEncrypt: false, - }, - Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - Symmetric: tpmt.SymDefObject{ - Algorithm: tpm.AlgAES, - KeyBits: tpmu.SymKeyBits{ - AES: helpers.NewKeyBits(128), - }, - Mode: tpmu.SymMode{ - AES: helpers.NewAlgID(tpm.AlgCFB), - }, - }, - CurveID: tpm.ECCNistP256, - }, - }, - Unique: tpmu.PublicID{ - ECC: &tpms.ECCPoint{ - X: tpm2b.ECCParameter{ - Buffer: make([]byte, 32), - }, - Y: tpm2b.ECCParameter{ - Buffer: make([]byte, 32), - }, - }, - }, - } - - // ECCEKTemplate contains the TCG reference ECC-P256 EK template. - ECCEKTemplate = tpmt.Public{ - Type: tpm.AlgECC, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ - FixedTPM: true, - STClear: false, - FixedParent: true, - SensitiveDataOrigin: true, - UserWithAuth: false, - AdminWithPolicy: true, - NoDA: false, - EncryptedDuplication: false, - Restricted: true, - Decrypt: true, - SignEncrypt: false, - }, - AuthPolicy: tpm2b.Digest{ - Buffer: []byte{ - // tpm.2_PolicySecret(RH_ENDORSEMENT) - 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, - 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24, - 0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, - 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA, - }, - }, - Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - Symmetric: tpmt.SymDefObject{ - Algorithm: tpm.AlgAES, - KeyBits: tpmu.SymKeyBits{ - AES: helpers.NewKeyBits(128), - }, - Mode: tpmu.SymMode{ - AES: helpers.NewAlgID(tpm.AlgCFB), - }, - }, - CurveID: tpm.ECCNistP256, - }, - }, - Unique: tpmu.PublicID{ - ECC: &tpms.ECCPoint{ - X: tpm2b.ECCParameter{ - Buffer: make([]byte, 32), - }, - Y: tpm2b.ECCParameter{ - Buffer: make([]byte, 32), - }, - }, - }, - } -) diff --git a/tpm2/commands/activate_credential_test.go b/tpm2/test/activate_credential_test.go similarity index 79% rename from tpm2/commands/activate_credential_test.go rename to tpm2/test/activate_credential_test.go index 6acf0279..01af1f80 100644 --- a/tpm2/commands/activate_credential_test.go +++ b/tpm2/test/activate_credential_test.go @@ -1,12 +1,10 @@ -package tpm2 +package tpm2test import ( "bytes" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/templates" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -18,9 +16,9 @@ func TestActivateCredential(t *testing.T) { defer thetpm.Close() ekCreate := CreatePrimary{ - PrimaryHandle: tpm.RHEndorsement, - InPublic: tpm2b.Public{ - PublicArea: templates.ECCEKTemplate, + PrimaryHandle: TPMRHEndorsement, + InPublic: TPM2BPublic{ + PublicArea: ECCEKTemplate, }, } @@ -39,9 +37,9 @@ func TestActivateCredential(t *testing.T) { }() srkCreate := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, - InPublic: tpm2b.Public{ - PublicArea: templates.ECCSRKTemplate, + PrimaryHandle: TPMRHOwner, + InPublic: TPM2BPublic{ + PublicArea: ECCSRKTemplate, }, } @@ -59,7 +57,7 @@ func TestActivateCredential(t *testing.T) { } }() - secret := tpm2b.Digest{Buffer: []byte("Secrets!!!")} + secret := TPM2BDigest{Buffer: []byte("Secrets!!!")} mc := MakeCredential{ Handle: ekCreateRsp.ObjectHandle, @@ -79,7 +77,7 @@ func TestActivateCredential(t *testing.T) { KeyHandle: AuthHandle{ Handle: ekCreateRsp.ObjectHandle, Name: ekCreateRsp.Name, - Auth: Policy(tpm.AlgSHA256, 16, ekPolicy), + Auth: Policy(TPMAlgSHA256, 16, ekPolicy), }, CredentialBlob: mcRsp.CredentialBlob, Secret: mcRsp.Secret, diff --git a/tpm2/commands/audit_test.go b/tpm2/test/audit_test.go similarity index 66% rename from tpm2/commands/audit_test.go rename to tpm2/test/audit_test.go index b75ac58e..8b1923de 100644 --- a/tpm2/commands/audit_test.go +++ b/tpm2/test/audit_test.go @@ -1,15 +1,10 @@ -package tpm2 +package tpm2test import ( "bytes" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -21,7 +16,7 @@ func TestAuditSession(t *testing.T) { defer thetpm.Close() // Create the audit session - sess, cleanup, err := HMACSession(thetpm, tpm.AlgSHA256, 16, Audit()) + sess, cleanup, err := HMACSession(thetpm, TPMAlgSHA256, 16, Audit()) if err != nil { t.Fatalf("%v", err) } @@ -29,12 +24,12 @@ func TestAuditSession(t *testing.T) { // Create the AK for audit createAKCmd := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, - InPublic: tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgECC, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + PrimaryHandle: TPMRHOwner, + InPublic: TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgECC, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ FixedTPM: true, STClear: false, FixedParent: true, @@ -47,17 +42,17 @@ func TestAuditSession(t *testing.T) { Decrypt: false, SignEncrypt: true, }, - Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - Scheme: tpmt.ECCScheme{ - Scheme: tpm.AlgECDSA, - Details: tpmu.AsymScheme{ - ECDSA: &tpms.SigSchemeECDSA{ - HashAlg: tpm.AlgSHA256, + Parameters: TPMUPublicParms{ + ECCDetail: &TPMSECCParms{ + Scheme: TPMTECCScheme{ + Scheme: TPMAlgECDSA, + Details: TPMUAsymScheme{ + ECDSA: &TPMSSigSchemeECDSA{ + HashAlg: TPMAlgSHA256, }, }, }, - CurveID: tpm.ECCNistP256, + CurveID: TPMECCNistP256, }, }, }, @@ -75,23 +70,23 @@ func TestAuditSession(t *testing.T) { } }() - audit, err := NewAudit(tpm.AlgSHA256) + audit, err := NewAudit(TPMAlgSHA256) if err != nil { t.Fatalf("%v", err) } // Call GetCapability a bunch of times with the audit session and make sure it extends like // we expect it to. - props := []tpm.PT{ - tpm.PTFamilyIndicator, - tpm.PTLevel, - tpm.PTRevision, - tpm.PTDayofYear, - tpm.PTYear, - tpm.PTManufacturer, + props := []TPMPT{ + TPMPTFamilyIndicator, + TPMPTLevel, + TPMPTRevision, + TPMPTDayofYear, + TPMPTYear, + TPMPTManufacturer, } for _, prop := range props { getCmd := GetCapability{ - Capability: tpm.CapTPMProperties, + Capability: TPMCapTPMProperties, Property: uint32(prop), PropertyCount: 1, } @@ -104,13 +99,13 @@ func TestAuditSession(t *testing.T) { } // Get the audit digest signed by the AK getAuditCmd := GetSessionAuditDigest{ - PrivacyAdminHandle: tpm.RHEndorsement, + PrivacyAdminHandle: TPMRHEndorsement, SignHandle: NamedHandle{ Handle: createAKRsp.ObjectHandle, Name: createAKRsp.Name, }, SessionHandle: sess.Handle(), - QualifyingData: tpm2b.Data{Buffer: []byte("foobar")}, + QualifyingData: TPM2BData{Buffer: []byte("foobar")}, } getAuditRsp, err := getAuditCmd.Execute(thetpm) if err != nil { diff --git a/tpm2/commands/certify_test.go b/tpm2/test/certify_test.go similarity index 71% rename from tpm2/commands/certify_test.go rename to tpm2/test/certify_test.go index 4d392730..5260547b 100644 --- a/tpm2/commands/certify_test.go +++ b/tpm2/test/certify_test.go @@ -1,4 +1,4 @@ -package tpm2 +package tpm2test import ( "bytes" @@ -8,14 +8,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm/tpm2/helpers" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpml" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -32,11 +25,11 @@ func TestCertify(t *testing.T) { if err != nil { t.Fatalf("Failed to create PCRSelection") } - public := tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgRSA, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + public := TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgRSA, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ SignEncrypt: true, Restricted: true, FixedTPM: true, @@ -44,13 +37,13 @@ func TestCertify(t *testing.T) { SensitiveDataOrigin: true, UserWithAuth: true, }, - Parameters: tpmu.PublicParms{ - RSADetail: &tpms.RSAParms{ - Scheme: tpmt.RSAScheme{ - Scheme: tpm.AlgRSASSA, - Details: tpmu.AsymScheme{ - RSASSA: &tpms.SigSchemeRSASSA{ - HashAlg: tpm.AlgSHA256, + Parameters: TPMUPublicParms{ + RSADetail: &TPMSRSAParms{ + Scheme: TPMTRSAScheme{ + Scheme: TPMAlgRSASSA, + Details: TPMUAsymScheme{ + RSASSA: &TPMSSigSchemeRSASSA{ + HashAlg: TPMAlgSHA256, }, }, }, @@ -60,20 +53,20 @@ func TestCertify(t *testing.T) { }, } - pcrSelection := tpml.PCRSelection{ - PCRSelections: []tpms.PCRSelection{ + pcrSelection := TPMLPCRSelection{ + PCRSelections: []TPMSPCRSelection{ { - Hash: tpm.AlgSHA256, + Hash: TPMAlgSHA256, PCRSelect: PCR7, }, }, } createPrimarySigner := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, - InSensitive: tpm2b.SensitiveCreate{ - Sensitive: tpms.SensitiveCreate{ - UserAuth: tpm2b.Auth{ + PrimaryHandle: TPMRHOwner, + InSensitive: TPM2BSensitiveCreate{ + Sensitive: TPMSSensitiveCreate{ + UserAuth: TPM2BAuth{ Buffer: Auth, }, }, @@ -89,10 +82,10 @@ func TestCertify(t *testing.T) { defer flushContextSigner.Execute(thetpm) createPrimarySubject := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, - InSensitive: tpm2b.SensitiveCreate{ - Sensitive: tpms.SensitiveCreate{ - UserAuth: tpm2b.Auth{ + PrimaryHandle: TPMRHOwner, + InSensitive: TPM2BSensitiveCreate{ + Sensitive: TPMSSensitiveCreate{ + UserAuth: TPM2BAuth{ Buffer: Auth, }, }, @@ -100,8 +93,8 @@ func TestCertify(t *testing.T) { InPublic: public, CreationPCR: pcrSelection, } - unique := tpmu.PublicID{ - RSA: &tpm2b.PublicKeyRSA{ + unique := TPMUPublicID{ + RSA: &TPM2BPublicKeyRSA{ Buffer: []byte("subject key"), }, } @@ -127,11 +120,11 @@ func TestCertify(t *testing.T) { Name: rspSigner.Name, Auth: PasswordAuth(Auth), }, - QualifyingData: tpm2b.Data{ + QualifyingData: TPM2BData{ Buffer: originalBuffer, }, - InScheme: tpmt.SigScheme{ - Scheme: tpm.AlgNull, + InScheme: TPMTSigScheme{ + Scheme: TPMAlgNull, }, } @@ -147,7 +140,7 @@ func TestCertify(t *testing.T) { attestHash := sha256.Sum256(info) pub := rspSigner.OutPublic.PublicArea - rsaPub, err := helpers.RSAPub(pub.Parameters.RSADetail, pub.Unique.RSA) + rsaPub, err := RSAPub(pub.Parameters.RSADetail, pub.Unique.RSA) if err != nil { t.Fatalf("Failed to retrieve Public Key: %v", err) } @@ -168,11 +161,11 @@ func TestCreateAndCertifyCreation(t *testing.T) { } defer thetpm.Close() - public := tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgRSA, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + public := TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgRSA, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ SignEncrypt: true, Restricted: true, FixedTPM: true, @@ -181,13 +174,13 @@ func TestCreateAndCertifyCreation(t *testing.T) { UserWithAuth: true, NoDA: true, }, - Parameters: tpmu.PublicParms{ - RSADetail: &tpms.RSAParms{ - Scheme: tpmt.RSAScheme{ - Scheme: tpm.AlgRSASSA, - Details: tpmu.AsymScheme{ - RSASSA: &tpms.SigSchemeRSASSA{ - HashAlg: tpm.AlgSHA256, + Parameters: TPMUPublicParms{ + RSADetail: &TPMSRSAParms{ + Scheme: TPMTRSAScheme{ + Scheme: TPMAlgRSASSA, + Details: TPMUAsymScheme{ + RSASSA: &TPMSSigSchemeRSASSA{ + HashAlg: TPMAlgSHA256, }, }, }, @@ -201,17 +194,17 @@ func TestCreateAndCertifyCreation(t *testing.T) { if err != nil { t.Fatalf("Failed to create PCRSelection") } - pcrSelection := tpml.PCRSelection{ - PCRSelections: []tpms.PCRSelection{ + pcrSelection := TPMLPCRSelection{ + PCRSelections: []TPMSPCRSelection{ { - Hash: tpm.AlgSHA1, + Hash: TPMAlgSHA1, PCRSelect: PCR7, }, }, } createPrimary := CreatePrimary{ - PrimaryHandle: tpm.RHEndorsement, + PrimaryHandle: TPMRHEndorsement, InPublic: public, CreationPCR: pcrSelection, } @@ -222,11 +215,11 @@ func TestCreateAndCertifyCreation(t *testing.T) { flushContext := FlushContext{FlushHandle: rspCP.ObjectHandle} defer flushContext.Execute(thetpm) - inScheme := tpmt.SigScheme{ - Scheme: tpm.AlgRSASSA, - Details: tpmu.SigScheme{ - RSASSA: &tpms.SchemeHash{ - HashAlg: tpm.AlgSHA256, + inScheme := TPMTSigScheme{ + Scheme: TPMAlgRSASSA, + Details: TPMUSigScheme{ + RSASSA: &TPMSSchemeHash{ + HashAlg: TPMAlgSHA256, }, }, } @@ -265,7 +258,7 @@ func TestCreateAndCertifyCreation(t *testing.T) { attestHash := sha256.Sum256(info) pub := rspCP.OutPublic.PublicArea - rsaPub, err := helpers.RSAPub(pub.Parameters.RSADetail, pub.Unique.RSA) + rsaPub, err := RSAPub(pub.Parameters.RSADetail, pub.Unique.RSA) if err != nil { t.Fatalf("Failed to retrieve Public Key: %v", err) } @@ -284,11 +277,11 @@ func TestNVCertify(t *testing.T) { Auth := []byte("password") - public := tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgRSA, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + public := TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgRSA, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ SignEncrypt: true, Restricted: true, FixedTPM: true, @@ -296,13 +289,13 @@ func TestNVCertify(t *testing.T) { SensitiveDataOrigin: true, UserWithAuth: true, }, - Parameters: tpmu.PublicParms{ - RSADetail: &tpms.RSAParms{ - Scheme: tpmt.RSAScheme{ - Scheme: tpm.AlgRSASSA, - Details: tpmu.AsymScheme{ - RSASSA: &tpms.SigSchemeRSASSA{ - HashAlg: tpm.AlgSHA256, + Parameters: TPMUPublicParms{ + RSADetail: &TPMSRSAParms{ + Scheme: TPMTRSAScheme{ + Scheme: TPMAlgRSASSA, + Details: TPMUAsymScheme{ + RSASSA: &TPMSSigSchemeRSASSA{ + HashAlg: TPMAlgSHA256, }, }, }, @@ -313,10 +306,10 @@ func TestNVCertify(t *testing.T) { } createPrimarySigner := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, - InSensitive: tpm2b.SensitiveCreate{ - Sensitive: tpms.SensitiveCreate{ - UserAuth: tpm2b.Auth{ + PrimaryHandle: TPMRHOwner, + InSensitive: TPM2BSensitiveCreate{ + Sensitive: TPMSSensitiveCreate{ + UserAuth: TPM2BAuth{ Buffer: Auth, }, }, @@ -331,17 +324,17 @@ func TestNVCertify(t *testing.T) { defer flushContextSigner.Execute(thetpm) def := NVDefineSpace{ - AuthHandle: tpm.RHOwner, - PublicInfo: tpm2b.NVPublic{ - NVPublic: tpms.NVPublic{ - NVIndex: tpm.Handle(0x0180000F), - NameAlg: tpm.AlgSHA256, - Attributes: tpma.NV{ + AuthHandle: TPMRHOwner, + PublicInfo: TPM2BNVPublic{ + NVPublic: TPMSNVPublic{ + NVIndex: TPMHandle(0x0180000F), + NameAlg: TPMAlgSHA256, + Attributes: TPMANV{ OwnerWrite: true, OwnerRead: true, AuthWrite: true, AuthRead: true, - NT: tpm.NTOrdinary, + NT: TPMNTOrdinary, NoDA: true, }, DataSize: 4, @@ -353,7 +346,7 @@ func TestNVCertify(t *testing.T) { } readPub := NVReadPublic{ - NVIndex: tpm.Handle(0x0180000F), + NVIndex: TPMHandle(0x0180000F), } nvPub, err := readPub.Execute(thetpm) if err != nil { @@ -370,7 +363,7 @@ func TestNVCertify(t *testing.T) { Handle: def.PublicInfo.NVPublic.NVIndex, Name: nvPub.NVName, }, - Data: tpm2b.MaxNVBuffer{ + Data: TPM2BMaxNVBuffer{ Buffer: []byte{0x01, 0x02, 0x03, 0x04}, }, Offset: 0, @@ -386,7 +379,7 @@ func TestNVCertify(t *testing.T) { nvCertify := NVCertify{ AuthHandle: AuthHandle{ - Handle: tpm.Handle(0x0180000F), + Handle: TPMHandle(0x0180000F), Name: nvPub.NVName, Auth: PasswordAuth(nil), }, @@ -396,10 +389,10 @@ func TestNVCertify(t *testing.T) { Auth: PasswordAuth(Auth), }, NVIndex: NamedHandle{ - Handle: tpm.Handle(0x0180000F), + Handle: TPMHandle(0x0180000F), Name: nvPub.NVName, }, - QualifyingData: tpm2b.Data{ + QualifyingData: TPM2BData{ Buffer: []byte("nonce"), }, } @@ -415,7 +408,7 @@ func TestNVCertify(t *testing.T) { attestHash := sha256.Sum256(info) pub := rspSigner.OutPublic.PublicArea - rsaPub, err := helpers.RSAPub(pub.Parameters.RSADetail, pub.Unique.RSA) + rsaPub, err := RSAPub(pub.Parameters.RSADetail, pub.Unique.RSA) if err != nil { t.Fatalf("Failed to retrieve Public Key: %v", err) } diff --git a/tpm2/commands/clear_test.go b/tpm2/test/clear_test.go similarity index 79% rename from tpm2/commands/clear_test.go rename to tpm2/test/clear_test.go index 08e3d7d5..87625560 100644 --- a/tpm2/commands/clear_test.go +++ b/tpm2/test/clear_test.go @@ -1,12 +1,10 @@ -package tpm2 +package tpm2test import ( "bytes" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/templates" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -18,9 +16,9 @@ func TestClear(t *testing.T) { defer thetpm.Close() srkCreate := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, - InPublic: tpm2b.Public{ - PublicArea: templates.ECCSRKTemplate, + PrimaryHandle: TPMRHOwner, + InPublic: TPM2BPublic{ + PublicArea: ECCSRKTemplate, }, } @@ -33,7 +31,7 @@ func TestClear(t *testing.T) { clear := Clear{ AuthHandle: AuthHandle{ - Handle: tpm.RHLockout, + Handle: TPMRHLockout, Auth: PasswordAuth(nil), }, } diff --git a/tpm2/commands/combined_context_test.go b/tpm2/test/combined_context_test.go similarity index 66% rename from tpm2/commands/combined_context_test.go rename to tpm2/test/combined_context_test.go index ad408c28..3cb724fc 100644 --- a/tpm2/commands/combined_context_test.go +++ b/tpm2/test/combined_context_test.go @@ -1,21 +1,15 @@ -package tpm2 +package tpm2test import ( "testing" "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpml" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport" "github.com/google/go-tpm/tpm2/transport/simulator" ) -func ReadPublicName(t *testing.T, handle tpm.Handle, thetpm transport.TPM) tpm2b.Name { +func ReadPublicName(t *testing.T, handle TPMHandle, thetpm transport.TPM) TPM2BName { readPublic := ReadPublic{ ObjectHandle: handle, } @@ -41,26 +35,26 @@ func TestCombinedContext(t *testing.T) { } createPrimary := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, + PrimaryHandle: TPMRHOwner, - InPublic: tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgRSA, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + InPublic: TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgRSA, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ SignEncrypt: true, FixedTPM: true, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, }, - Parameters: tpmu.PublicParms{ - RSADetail: &tpms.RSAParms{ - Scheme: tpmt.RSAScheme{ - Scheme: tpm.AlgRSASSA, - Details: tpmu.AsymScheme{ - RSASSA: &tpms.SigSchemeRSASSA{ - HashAlg: tpm.AlgSHA256, + Parameters: TPMUPublicParms{ + RSADetail: &TPMSRSAParms{ + Scheme: TPMTRSAScheme{ + Scheme: TPMAlgRSASSA, + Details: TPMUAsymScheme{ + RSASSA: &TPMSSigSchemeRSASSA{ + HashAlg: TPMAlgSHA256, }, }, }, @@ -69,10 +63,10 @@ func TestCombinedContext(t *testing.T) { }, }, }, - CreationPCR: tpml.PCRSelection{ - PCRSelections: []tpms.PCRSelection{ + CreationPCR: TPMLPCRSelection{ + PCRSelections: []TPMSPCRSelection{ { - Hash: tpm.AlgSHA1, + Hash: TPMAlgSHA1, PCRSelect: PCR7, }, }, diff --git a/tpm2/commands/commit_test.go b/tpm2/test/commit_test.go similarity index 55% rename from tpm2/commands/commit_test.go rename to tpm2/test/commit_test.go index a5056377..96b512fa 100644 --- a/tpm2/commands/commit_test.go +++ b/tpm2/test/commit_test.go @@ -1,14 +1,9 @@ -package tpm2 +package tpm2test import ( "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -23,41 +18,41 @@ func TestCommit(t *testing.T) { password := []byte("hello") create := CreateLoaded{ - ParentHandle: tpm.RHOwner, - InSensitive: tpm2b.SensitiveCreate{ - Sensitive: tpms.SensitiveCreate{ - UserAuth: tpm2b.Auth{ + ParentHandle: TPMRHOwner, + InSensitive: TPM2BSensitiveCreate{ + Sensitive: TPMSSensitiveCreate{ + UserAuth: TPM2BAuth{ Buffer: password, }, }, }, - InPublic: tpm2b.Template{ - Template: tpmt.Public{ - Type: tpm.AlgECC, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + InPublic: TPM2BTemplate{ + Template: TPMTPublic{ + Type: TPMAlgECC, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ FixedTPM: true, FixedParent: true, UserWithAuth: true, SensitiveDataOrigin: true, SignEncrypt: true, }, - Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - Symmetric: tpmt.SymDefObject{ - Algorithm: tpm.AlgNull, + Parameters: TPMUPublicParms{ + ECCDetail: &TPMSECCParms{ + Symmetric: TPMTSymDefObject{ + Algorithm: TPMAlgNull, }, - Scheme: tpmt.ECCScheme{ - Scheme: tpm.AlgECDAA, - Details: tpmu.AsymScheme{ - ECDAA: &tpms.SigSchemeECDAA{ - HashAlg: tpm.AlgSHA256, + Scheme: TPMTECCScheme{ + Scheme: TPMAlgECDAA, + Details: TPMUAsymScheme{ + ECDAA: &TPMSSigSchemeECDAA{ + HashAlg: TPMAlgSHA256, }, }, }, - CurveID: tpm.ECCBNP256, - KDF: tpmt.KDFScheme{ - Scheme: tpm.AlgNull, + CurveID: TPMECCBNP256, + KDF: TPMTKDFScheme{ + Scheme: TPMAlgNull, }, }, }, @@ -79,20 +74,20 @@ func TestCommit(t *testing.T) { Name: rspCP.Name, Auth: PasswordAuth(password), }, - P1: tpm2b.ECCPoint{ - Point: tpms.ECCPoint{ - X: tpm2b.ECCParameter{ + P1: TPM2BECCPoint{ + Point: TPMSECCPoint{ + X: TPM2BECCParameter{ Buffer: []byte{1}, }, - Y: tpm2b.ECCParameter{ + Y: TPM2BECCParameter{ Buffer: []byte{2}, }, }, }, - S2: tpm2b.SensitiveData{ + S2: TPM2BSensitiveData{ Buffer: []byte{}, }, - Y2: tpm2b.ECCParameter{ + Y2: TPM2BECCParameter{ Buffer: []byte{}, }, } diff --git a/tpm2/test/create_loaded_test.go b/tpm2/test/create_loaded_test.go new file mode 100644 index 00000000..06f8582d --- /dev/null +++ b/tpm2/test/create_loaded_test.go @@ -0,0 +1,165 @@ +package tpm2test + +import ( + "testing" + + . "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpm2/transport" + "github.com/google/go-tpm/tpm2/transport/simulator" +) + +func getDeriver(t *testing.T, thetpm transport.TPM) NamedHandle { + t.Helper() + + cl := CreateLoaded{ + ParentHandle: TPMRHOwner, + InPublic: TPM2BTemplate{ + Template: TPMTPublic{ + Type: TPMAlgKeyedHash, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ + SensitiveDataOrigin: true, + UserWithAuth: true, + Decrypt: true, + Restricted: true, + }, + Parameters: TPMUPublicParms{ + KeyedHashDetail: &TPMSKeyedHashParms{ + Scheme: TPMTKeyedHashScheme{ + Scheme: TPMAlgXOR, + Details: TPMUSchemeKeyedHash{ + XOR: &TPMSSchemeXOR{ + HashAlg: TPMAlgSHA256, + KDF: TPMAlgKDF1SP800108, + }, + }, + }, + }, + }, + }, + }, + } + rsp, err := cl.Execute(thetpm) + if err != nil { + t.Fatalf("could not create derivation parent: %v:", err) + } + return NamedHandle{ + Handle: rsp.ObjectHandle, + Name: rsp.Name, + } +} + +func TestCreateLoaded(t *testing.T) { + thetpm, err := simulator.OpenSimulator() + if err != nil { + t.Fatalf("could not connect to TPM simulator: %v", err) + } + defer thetpm.Close() + + deriver := getDeriver(t, thetpm) + + createLoadeds := map[string]*CreateLoaded{ + "PrimaryKey": { + ParentHandle: TPMRHEndorsement, + InPublic: TPM2BTemplate{ + Template: ECCEKTemplate, + }, + }, + "OrdinaryKey": { + ParentHandle: TPMRHOwner, + InSensitive: TPM2BSensitiveCreate{ + Sensitive: TPMSSensitiveCreate{ + UserAuth: TPM2BAuth{ + Buffer: []byte("p@ssw0rd"), + }, + }, + }, + InPublic: TPM2BTemplate{ + Template: TPMTPublic{ + Type: TPMAlgECC, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ + SensitiveDataOrigin: true, + UserWithAuth: true, + SignEncrypt: true, + }, + Parameters: TPMUPublicParms{ + ECCDetail: &TPMSECCParms{ + CurveID: TPMECCNistP256, + }, + }, + }, + }, + }, + "DataBlob": { + ParentHandle: TPMRHOwner, + InSensitive: TPM2BSensitiveCreate{ + Sensitive: TPMSSensitiveCreate{ + UserAuth: TPM2BAuth{ + Buffer: []byte("p@ssw0rd"), + }, + Data: TPM2BSensitiveData{ + Buffer: []byte("secrets"), + }, + }, + }, + InPublic: TPM2BTemplate{ + Template: TPMTPublic{ + Type: TPMAlgKeyedHash, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ + UserWithAuth: true, + }, + }, + }, + }, + "Derived": { + ParentHandle: deriver, + InSensitive: TPM2BSensitiveCreate{ + Sensitive: TPMSSensitiveCreate{ + UserAuth: TPM2BAuth{ + Buffer: []byte("p@ssw0rd"), + }, + Data: TPM2BDerive{ + Buffer: TPMSDerive{ + Label: TPM2BLabel{ + Buffer: []byte("label"), + }, + Context: TPM2BLabel{ + Buffer: []byte("context"), + }, + }, + }, + }, + }, + InPublic: TPM2BTemplate{ + Template: TPMTPublic{ + Type: TPMAlgECC, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ + FixedParent: true, + UserWithAuth: true, + SignEncrypt: true, + }, + Parameters: TPMUPublicParms{ + ECCDetail: &TPMSECCParms{ + CurveID: TPMECCNistP256, + }, + }, + }, + }, + }, + } + + for name, createLoaded := range createLoadeds { + t.Run(name, func(t *testing.T) { + rsp, err := createLoaded.Execute(thetpm) + if err != nil { + t.Fatalf("error from CreateLoaded: %v", err) + } + if err = (&FlushContext{FlushHandle: rsp.ObjectHandle}).Execute(thetpm); err != nil { + t.Errorf("error from FlushContext: %v", err) + } + }) + } +} diff --git a/tpm2/commands/ecdh_test.go b/tpm2/test/ecdh_test.go similarity index 63% rename from tpm2/commands/ecdh_test.go rename to tpm2/test/ecdh_test.go index 1f7b18a8..9c76d4c5 100644 --- a/tpm2/commands/ecdh_test.go +++ b/tpm2/test/ecdh_test.go @@ -1,4 +1,4 @@ -package tpm2 +package tpm2test import ( "crypto/elliptic" @@ -7,12 +7,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -25,12 +20,12 @@ func TestECDH(t *testing.T) { // Create a TPM ECDH key tpmCreate := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, - InPublic: tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgECC, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + PrimaryHandle: TPMRHOwner, + InPublic: TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgECC, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ FixedTPM: true, STClear: false, FixedParent: true, @@ -44,14 +39,14 @@ func TestECDH(t *testing.T) { SignEncrypt: false, X509Sign: false, }, - Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - CurveID: tpm.ECCNistP256, - Scheme: tpmt.ECCScheme{ - Scheme: tpm.AlgECDH, - Details: tpmu.AsymScheme{ - ECDH: &tpms.KeySchemeECDH{ - HashAlg: tpm.AlgSHA256, + Parameters: TPMUPublicParms{ + ECCDetail: &TPMSECCParms{ + CurveID: TPMECCNistP256, + Scheme: TPMTECCScheme{ + Scheme: TPMAlgECDH, + Details: TPMUAsymScheme{ + ECDH: &TPMSKeySchemeECDH{ + HashAlg: TPMAlgSHA256, }, }, }, @@ -74,16 +69,16 @@ func TestECDH(t *testing.T) { if err != nil { t.Fatalf("could not create the SW key: %v", err) } - swPub := tpms.ECCPoint{ - X: tpm2b.ECCParameter{Buffer: x.FillBytes(make([]byte, 32))}, - Y: tpm2b.ECCParameter{Buffer: y.FillBytes(make([]byte, 32))}, + swPub := TPMSECCPoint{ + X: TPM2BECCParameter{Buffer: x.FillBytes(make([]byte, 32))}, + Y: TPM2BECCParameter{Buffer: y.FillBytes(make([]byte, 32))}, } // Calculate Z based on the SW priv * TPM pub zx, zy := elliptic.P256().ScalarMult(tpmX, tpmY, priv) - z := tpms.ECCPoint{ - X: tpm2b.ECCParameter{Buffer: zx.FillBytes(make([]byte, 32))}, - Y: tpm2b.ECCParameter{Buffer: zy.FillBytes(make([]byte, 32))}, + z := TPMSECCPoint{ + X: TPM2BECCParameter{Buffer: zx.FillBytes(make([]byte, 32))}, + Y: TPM2BECCParameter{Buffer: zy.FillBytes(make([]byte, 32))}, } // Calculate Z based on TPM priv * SW pub @@ -93,7 +88,7 @@ func TestECDH(t *testing.T) { Name: tpmCreateRsp.Name, Auth: PasswordAuth(nil), }, - InPoint: tpm2b.ECCPoint{ + InPoint: TPM2BECCPoint{ Point: swPub, }, } diff --git a/tpm2/commands/ek_test.go b/tpm2/test/ek_test.go similarity index 81% rename from tpm2/commands/ek_test.go rename to tpm2/test/ek_test.go index 3eb93ec8..3dc84cb5 100644 --- a/tpm2/commands/ek_test.go +++ b/tpm2/test/ek_test.go @@ -1,25 +1,19 @@ -package tpm2 +package tpm2test import ( "errors" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpmi" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/templates" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport" "github.com/google/go-tpm/tpm2/transport/simulator" ) // Test creating a sealed data blob on the standard-template EK using its policy. func TestEKPolicy(t *testing.T) { - templates := map[string]tpmt.Public{ - "RSA": templates.RSAEKTemplate, - "ECC": templates.ECCEKTemplate, + templates := map[string]TPMTPublic{ + "RSA": RSAEKTemplate, + "ECC": ECCEKTemplate, } // Run the whole test for each of RSA and ECC EKs. @@ -30,9 +24,9 @@ func TestEKPolicy(t *testing.T) { } } -func ekPolicy(t transport.TPM, handle tpmi.SHPolicy, nonceTPM tpm2b.Nonce) error { +func ekPolicy(t transport.TPM, handle TPMISHPolicy, nonceTPM TPM2BNonce) error { cmd := PolicySecret{ - AuthHandle: tpm.RHEndorsement, + AuthHandle: TPMRHEndorsement, PolicySession: handle, NonceTPM: nonceTPM, } @@ -41,7 +35,7 @@ func ekPolicy(t transport.TPM, handle tpmi.SHPolicy, nonceTPM tpm2b.Nonce) error } // This function tests a lot of combinations of authorizing the EK policy. -func ekTest(t *testing.T, ekTemplate tpmt.Public) { +func ekTest(t *testing.T, ekTemplate TPMTPublic) { type ekTestCase struct { name string // Use Policy instead of PolicySession, passing the callback instead of @@ -107,8 +101,8 @@ func ekTest(t *testing.T, ekTemplate tpmt.Public) { t.Run(c.name, func(t *testing.T) { // Create the EK createEKCmd := CreatePrimary{ - PrimaryHandle: tpm.RHEndorsement, - InPublic: tpm2b.Public{ + PrimaryHandle: TPMRHEndorsement, + InPublic: TPM2BPublic{ PublicArea: ekTemplate, }, } @@ -122,7 +116,7 @@ func ekTest(t *testing.T, ekTemplate tpmt.Public) { } defer func() { // Flush the EK - flush := FlushContext{createEKRsp.ObjectHandle} + flush := FlushContext{FlushHandle: createEKRsp.ObjectHandle} if err := flush.Execute(thetpm); err != nil { t.Errorf("%v", err) } @@ -136,18 +130,18 @@ func ekTest(t *testing.T, ekTemplate tpmt.Public) { Handle: createEKRsp.ObjectHandle, Name: createEKRsp.Name, }, - InSensitive: tpm2b.SensitiveCreate{ - Sensitive: tpms.SensitiveCreate{ - Data: tpm2b.SensitiveData{ + InSensitive: TPM2BSensitiveCreate{ + Sensitive: TPMSSensitiveCreate{ + Data: TPM2BSensitiveData{ Buffer: data, }, }, }, - InPublic: tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgKeyedHash, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + InPublic: TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgKeyedHash, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ FixedTPM: true, FixedParent: true, UserWithAuth: true, @@ -159,7 +153,7 @@ func ekTest(t *testing.T, ekTemplate tpmt.Public) { var sessions []Session if c.decryptAnotherSession { - sessions = append(sessions, HMAC(tpm.AlgSHA1, 16, AESEncryption(128, EncryptIn))) + sessions = append(sessions, HMAC(TPMAlgSHA1, 16, AESEncryption(128, EncryptIn))) } var options []AuthOption @@ -176,12 +170,12 @@ func ekTest(t *testing.T, ekTemplate tpmt.Public) { var s Session if c.jitPolicySession { // Use the convenience function to pass a policy callback. - s = Policy(tpm.AlgSHA256, 16, ekPolicy, options...) + s = Policy(TPMAlgSHA256, 16, ekPolicy, options...) } else { // Set up a session we have to execute and clean up ourselves. var cleanup func() error var err error - s, cleanup, err = PolicySession(thetpm, tpm.AlgSHA256, 16, options...) + s, cleanup, err = PolicySession(thetpm, TPMAlgSHA256, 16, options...) if err != nil { t.Fatalf("creating session: %v", err) } @@ -225,10 +219,10 @@ func ekTest(t *testing.T, ekTemplate tpmt.Public) { // This is because after using a policy session, it's as if // PolicyRestart was called. _, err = createBlobCmd.Execute(thetpm, sessions...) - if !errors.Is(err, tpm.RCPolicyFail) { + if !errors.Is(err, TPMRCPolicyFail) { t.Errorf("want TPM_RC_POLICY_FAIL, got %v", err) } - var fmt1 tpm.Fmt1Error + var fmt1 TPMFmt1Error if !errors.As(err, &fmt1) { t.Errorf("want a Fmt1Error, got %v", err) } else if isSession, session := fmt1.Session(); !isSession || session != 1 { diff --git a/tpm2/commands/get_random_test.go b/tpm2/test/get_random_test.go similarity index 88% rename from tpm2/commands/get_random_test.go rename to tpm2/test/get_random_test.go index 8e8bb683..0a524cb6 100644 --- a/tpm2/commands/get_random_test.go +++ b/tpm2/test/get_random_test.go @@ -1,8 +1,9 @@ -package tpm2 +package tpm2test import ( "testing" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) diff --git a/tpm2/commands/hash_sequence_hash_test.go b/tpm2/test/hash_sequence_hash_test.go similarity index 83% rename from tpm2/commands/hash_sequence_hash_test.go rename to tpm2/test/hash_sequence_hash_test.go index 4519d661..a4b12d24 100644 --- a/tpm2/commands/hash_sequence_hash_test.go +++ b/tpm2/test/hash_sequence_hash_test.go @@ -1,4 +1,4 @@ -package tpm2 +package tpm2test import ( "bytes" @@ -7,8 +7,7 @@ import ( "math/rand" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -21,10 +20,10 @@ func TestHash(t *testing.T) { } defer thetpm.Close() - run := func(t *testing.T, data []byte, hierarchy tpm.Handle, thetpm transport.TPM) { + run := func(t *testing.T, data []byte, hierarchy TPMHandle, thetpm transport.TPM) { hash := Hash{ - Data: tpm2b.MaxBuffer{Buffer: data}, - HashAlg: tpm.AlgSHA256, + Data: TPM2BMaxBuffer{Buffer: data}, + HashAlg: TPMAlgSHA256, Hierarchy: hierarchy, } rspHash, err := hash.Execute(thetpm) @@ -40,11 +39,11 @@ func TestHash(t *testing.T) { } t.Run("Null hierarchy", func(t *testing.T) { - run(t, []byte("fiona"), tpm.RHNull, thetpm) + run(t, []byte("fiona"), TPMRHNull, thetpm) }) t.Run("Owner hierarchy", func(t *testing.T) { - run(t, []byte("charlie"), tpm.RHOwner, thetpm) + run(t, []byte("charlie"), TPMRHOwner, thetpm) }) } @@ -57,8 +56,8 @@ func TestHashNullHierarchy(t *testing.T) { data := []byte("carolyn") hash := Hash{ - Data: tpm2b.MaxBuffer{Buffer: data}, - HashAlg: tpm.AlgSHA256, + Data: TPM2BMaxBuffer{Buffer: data}, + HashAlg: TPMAlgSHA256, } rspHash, err := hash.Execute(thetpm) if err != nil { @@ -79,15 +78,15 @@ func TestHashSequence(t *testing.T) { } defer thetpm.Close() - run := func(t *testing.T, bufferSize int, password string, hierarchy tpm.Handle, thetpm transport.TPM) { + run := func(t *testing.T, bufferSize int, password string, hierarchy TPMHandle, thetpm transport.TPM) { maxDigestBuffer := 1024 Auth := []byte(password) hashSequenceStart := HashSequenceStart{ - Auth: tpm2b.Auth{ + Auth: TPM2BAuth{ Buffer: Auth, }, - HashAlg: tpm.AlgSHA256, + HashAlg: TPMAlgSHA256, } rspHSS, err := hashSequenceStart.Execute(thetpm) @@ -97,7 +96,7 @@ func TestHashSequence(t *testing.T) { authHandle := AuthHandle{ Handle: rspHSS.SequenceHandle, - Name: tpm2b.Name{ + Name: TPM2BName{ Buffer: Auth, }, Auth: PasswordAuth(Auth), @@ -110,7 +109,7 @@ func TestHashSequence(t *testing.T) { for len(data) > maxDigestBuffer { sequenceUpdate := SequenceUpdate{ SequenceHandle: authHandle, - Buffer: tpm2b.MaxBuffer{ + Buffer: TPM2BMaxBuffer{ Buffer: data[:maxDigestBuffer], }, } @@ -124,7 +123,7 @@ func TestHashSequence(t *testing.T) { sequenceComplete := SequenceComplete{ SequenceHandle: authHandle, - Buffer: tpm2b.MaxBuffer{ + Buffer: TPM2BMaxBuffer{ Buffer: data, }, Hierarchy: hierarchy, @@ -145,10 +144,10 @@ func TestHashSequence(t *testing.T) { password := "password" for _, bufferSize := range bufferSizes { t.Run(fmt.Sprintf("Null hierarchy [bufferSize=%d]", bufferSize), func(t *testing.T) { - run(t, bufferSize, password, tpm.RHNull, thetpm) + run(t, bufferSize, password, TPMRHNull, thetpm) }) t.Run(fmt.Sprintf("Owner hierarchy [bufferSize=%d]", bufferSize), func(t *testing.T) { - run(t, bufferSize, password, tpm.RHOwner, thetpm) + run(t, bufferSize, password, TPMRHOwner, thetpm) }) } } @@ -165,10 +164,10 @@ func TestHashSequenceNullHierarchy(t *testing.T) { Auth := []byte(password) hashSequenceStart := HashSequenceStart{ - Auth: tpm2b.Auth{ + Auth: TPM2BAuth{ Buffer: Auth, }, - HashAlg: tpm.AlgSHA256, + HashAlg: TPMAlgSHA256, } rspHSS, err := hashSequenceStart.Execute(thetpm) @@ -178,7 +177,7 @@ func TestHashSequenceNullHierarchy(t *testing.T) { authHandle := AuthHandle{ Handle: rspHSS.SequenceHandle, - Name: tpm2b.Name{ + Name: TPM2BName{ Buffer: Auth, }, Auth: PasswordAuth(Auth), @@ -191,7 +190,7 @@ func TestHashSequenceNullHierarchy(t *testing.T) { for len(data) > maxDigestBuffer { sequenceUpdate := SequenceUpdate{ SequenceHandle: authHandle, - Buffer: tpm2b.MaxBuffer{ + Buffer: TPM2BMaxBuffer{ Buffer: data[:maxDigestBuffer], }, } @@ -205,7 +204,7 @@ func TestHashSequenceNullHierarchy(t *testing.T) { sequenceComplete := SequenceComplete{ SequenceHandle: authHandle, - Buffer: tpm2b.MaxBuffer{ + Buffer: TPM2BMaxBuffer{ Buffer: data, }, } @@ -221,7 +220,7 @@ func TestHashSequenceNullHierarchy(t *testing.T) { t.Errorf("The resulting digest %x, is not expected %x", gotDigest, wantDigest) } } - // t *testing.T, bufferSize int, password string, hierarchy tpm.Handle, thetpm transport.TPM + // t *testing.T, bufferSize int, password string, hierarchy TPMHandle, thetpm transport.TPM bufferSizes := []int{512, 1024, 2048, 4096} password := "password" for _, bufferSize := range bufferSizes { diff --git a/tpm2/commands/load_external_test.go b/tpm2/test/load_external_test.go similarity index 52% rename from tpm2/commands/load_external_test.go rename to tpm2/test/load_external_test.go index 84f8a29b..09d557cf 100644 --- a/tpm2/commands/load_external_test.go +++ b/tpm2/test/load_external_test.go @@ -1,15 +1,10 @@ -package tpm2 +package tpm2test import ( "encoding/hex" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -25,48 +20,48 @@ func decodeHex(t *testing.T, h string) []byte { func TestLoadExternal(t *testing.T) { loads := map[string]*LoadExternal{ "ECCNoSensitive": { - InPublic: tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgECC, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + InPublic: TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgECC, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ SignEncrypt: true, }, - Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - CurveID: tpm.ECCNistP256, + Parameters: TPMUPublicParms{ + ECCDetail: &TPMSECCParms{ + CurveID: TPMECCNistP256, }, }, - Unique: tpmu.PublicID{ + Unique: TPMUPublicID{ // This happens to be a P256 EKpub from the simulator - ECC: &tpms.ECCPoint{ - X: tpm2b.ECCParameter{Buffer: decodeHex(t, "9855efa3514873b88067ab127b2d4692864a395db3d9e4ccad0592478a245c16")}, - Y: tpm2b.ECCParameter{Buffer: decodeHex(t, "e802a26649839a2d7b13c812a5dc0b61c110cbe62db784d96e60a823448c8993")}, + ECC: &TPMSECCPoint{ + X: TPM2BECCParameter{Buffer: decodeHex(t, "9855efa3514873b88067ab127b2d4692864a395db3d9e4ccad0592478a245c16")}, + Y: TPM2BECCParameter{Buffer: decodeHex(t, "e802a26649839a2d7b13c812a5dc0b61c110cbe62db784d96e60a823448c8993")}, }, }, }, }, }, "KeyedHashSensitive": { - InPrivate: &tpm2b.Sensitive{ - SensitiveArea: tpmt.Sensitive{ - SensitiveType: tpm.AlgKeyedHash, - SeedValue: tpm2b.Digest{ + InPrivate: &TPM2BSensitive{ + SensitiveArea: TPMTSensitive{ + SensitiveType: TPMAlgKeyedHash, + SeedValue: TPM2BDigest{ Buffer: []byte("obfuscation is my middle name!!!"), }, - Sensitive: tpmu.SensitiveComposite{ - Bits: &tpm2b.SensitiveData{ + Sensitive: TPMUSensitiveComposite{ + Bits: &TPM2BSensitiveData{ Buffer: []byte("secrets"), }, }, }, }, - InPublic: tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgKeyedHash, - NameAlg: tpm.AlgSHA256, - Unique: tpmu.PublicID{ - KeyedHash: &tpm2b.Digest{ + InPublic: TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgKeyedHash, + NameAlg: TPMAlgSHA256, + Unique: TPMUPublicID{ + KeyedHash: &TPM2BDigest{ // SHA256("obfuscation is my middle name!!!secrets") Buffer: decodeHex(t, "ed4fe8e2bff97665e7bfbe27c2365d07a9be91dd92d997cd91cc706b6074eb08"), }, diff --git a/tpm2/commands/names_test.go b/tpm2/test/names_test.go similarity index 75% rename from tpm2/commands/names_test.go rename to tpm2/test/names_test.go index a447f054..eca93f6c 100644 --- a/tpm2/commands/names_test.go +++ b/tpm2/test/names_test.go @@ -1,20 +1,16 @@ -package tpm2 +package tpm2test import ( "bytes" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/templates" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) func TestHandleName(t *testing.T) { want := []byte{0x40, 0x00, 0x00, 0x0B} - name := HandleName(tpm.RHEndorsement) + name := HandleName(TPMRHEndorsement) if !bytes.Equal(want, name.Buffer) { t.Errorf("Incorrect name for RH_ENDORSEMENT (want %x got %x)", want, name.Buffer) } @@ -28,9 +24,9 @@ func TestObjectName(t *testing.T) { defer thetpm.Close() createPrimary := CreatePrimary{ - PrimaryHandle: tpm.RHEndorsement, - InPublic: tpm2b.Public{ - PublicArea: templates.ECCEKTemplate, + PrimaryHandle: TPMRHEndorsement, + InPublic: TPM2BPublic{ + PublicArea: ECCEKTemplate, }, } rsp, err := createPrimary.Execute(thetpm) @@ -58,21 +54,21 @@ func TestNVName(t *testing.T) { } defer thetpm.Close() - public := tpm2b.NVPublic{ - NVPublic: tpms.NVPublic{ - NVIndex: tpm.Handle(0x0180000F), - NameAlg: tpm.AlgSHA256, - Attributes: tpma.NV{ + public := TPM2BNVPublic{ + NVPublic: TPMSNVPublic{ + NVIndex: TPMHandle(0x0180000F), + NameAlg: TPMAlgSHA256, + Attributes: TPMANV{ OwnerWrite: true, OwnerRead: true, - NT: tpm.NTOrdinary, + NT: TPMNTOrdinary, }, DataSize: 4, }, } defineSpace := NVDefineSpace{ - AuthHandle: tpm.RHOwner, + AuthHandle: TPMRHOwner, PublicInfo: public, } if err := defineSpace.Execute(thetpm); err != nil { diff --git a/tpm2/commands/nv_test.go b/tpm2/test/nv_test.go similarity index 80% rename from tpm2/commands/nv_test.go rename to tpm2/test/nv_test.go index 133fca84..44633147 100644 --- a/tpm2/commands/nv_test.go +++ b/tpm2/test/nv_test.go @@ -1,14 +1,11 @@ -package tpm2 +package tpm2test import ( "bytes" "encoding/binary" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -20,20 +17,20 @@ func TestNVAuthWrite(t *testing.T) { defer thetpm.Close() def := NVDefineSpace{ - AuthHandle: tpm.RHOwner, - Auth: tpm2b.Auth{ + AuthHandle: TPMRHOwner, + Auth: TPM2BAuth{ Buffer: []byte("p@ssw0rd"), }, - PublicInfo: tpm2b.NVPublic{ - NVPublic: tpms.NVPublic{ - NVIndex: tpm.Handle(0x0180000F), - NameAlg: tpm.AlgSHA256, - Attributes: tpma.NV{ + PublicInfo: TPM2BNVPublic{ + NVPublic: TPMSNVPublic{ + NVIndex: TPMHandle(0x0180000F), + NameAlg: TPMAlgSHA256, + Attributes: TPMANV{ OwnerWrite: true, OwnerRead: true, AuthWrite: true, AuthRead: true, - NT: tpm.NTOrdinary, + NT: TPMNTOrdinary, NoDA: true, }, DataSize: 4, @@ -59,7 +56,7 @@ func TestNVAuthWrite(t *testing.T) { Handle: def.PublicInfo.NVPublic.NVIndex, Name: *nvName, }, - Data: tpm2b.MaxNVBuffer{ + Data: TPM2BMaxNVBuffer{ Buffer: []byte{0x01, 0x02, 0x03, 0x04}, }, Offset: 0, @@ -79,14 +76,14 @@ func TestNVAuthWrite(t *testing.T) { write := NVWrite{ AuthHandle: AuthHandle{ - Handle: tpm.RHOwner, - Auth: HMAC(tpm.AlgSHA256, 16, Auth([]byte{})), + Handle: TPMRHOwner, + Auth: HMAC(TPMAlgSHA256, 16, Auth([]byte{})), }, NVIndex: NamedHandle{ Handle: def.PublicInfo.NVPublic.NVIndex, Name: readRsp.NVName, }, - Data: tpm2b.MaxNVBuffer{ + Data: TPM2BMaxNVBuffer{ Buffer: []byte{0x01, 0x02, 0x03, 0x04}, }, Offset: 0, @@ -105,20 +102,20 @@ func TestNVAuthIncrement(t *testing.T) { // Define the counter space def := NVDefineSpace{ - AuthHandle: tpm.RHOwner, - Auth: tpm2b.Auth{ + AuthHandle: TPMRHOwner, + Auth: TPM2BAuth{ Buffer: []byte("p@ssw0rd"), }, - PublicInfo: tpm2b.NVPublic{ - NVPublic: tpms.NVPublic{ - NVIndex: tpm.Handle(0x0180000F), - NameAlg: tpm.AlgSHA256, - Attributes: tpma.NV{ + PublicInfo: TPM2BNVPublic{ + NVPublic: TPMSNVPublic{ + NVIndex: TPMHandle(0x0180000F), + NameAlg: TPMAlgSHA256, + Attributes: TPMANV{ OwnerWrite: true, OwnerRead: true, AuthWrite: true, AuthRead: true, - NT: tpm.NTCounter, + NT: TPMNTCounter, NoDA: true, }, DataSize: 8, @@ -138,8 +135,8 @@ func TestNVAuthIncrement(t *testing.T) { incr := NVIncrement{ AuthHandle: AuthHandle{ - Handle: tpm.RHOwner, - Auth: HMAC(tpm.AlgSHA256, 16, Auth([]byte{})), + Handle: TPMRHOwner, + Auth: HMAC(TPMAlgSHA256, 16, Auth([]byte{})), }, NVIndex: NamedHandle{ Handle: def.PublicInfo.NVPublic.NVIndex, @@ -165,8 +162,8 @@ func TestNVAuthIncrement(t *testing.T) { read := NVRead{ AuthHandle: AuthHandle{ - Handle: tpm.RHOwner, - Auth: HMAC(tpm.AlgSHA256, 16, Auth([]byte{})), + Handle: TPMRHOwner, + Auth: HMAC(TPMAlgSHA256, 16, Auth([]byte{})), }, NVIndex: NamedHandle{ Handle: def.PublicInfo.NVPublic.NVIndex, diff --git a/tpm2/commands/pcr_test.go b/tpm2/test/pcr_test.go similarity index 80% rename from tpm2/commands/pcr_test.go rename to tpm2/test/pcr_test.go index 6053264f..48ad88ff 100644 --- a/tpm2/commands/pcr_test.go +++ b/tpm2/test/pcr_test.go @@ -1,4 +1,4 @@ -package tpm2 +package tpm2test import ( "bytes" @@ -7,25 +7,22 @@ import ( "crypto/sha512" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpml" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) -var extendstpm2 = map[tpm.AlgID][]struct { +var extendstpm2 = map[TPMAlgID][]struct { digest []byte }{ - tpm.AlgSHA1: { + TPMAlgSHA1: { {bytes.Repeat([]byte{0x00}, sha1.Size)}, {bytes.Repeat([]byte{0x01}, sha1.Size)}, {bytes.Repeat([]byte{0x02}, sha1.Size)}}, - tpm.AlgSHA256: { + TPMAlgSHA256: { {bytes.Repeat([]byte{0x00}, sha256.Size)}, {bytes.Repeat([]byte{0x01}, sha256.Size)}, {bytes.Repeat([]byte{0x02}, sha256.Size)}}, - tpm.AlgSHA384: { + TPMAlgSHA384: { {bytes.Repeat([]byte{0x00}, sha512.Size384)}, {bytes.Repeat([]byte{0x01}, sha512.Size384)}, {bytes.Repeat([]byte{0x02}, sha512.Size384)}}, @@ -51,11 +48,11 @@ func TestPCRReset(t *testing.T) { cases := []struct { name string - hashalg tpm.AlgID + hashalg TPMAlgID }{ - {"SHA1", tpm.AlgSHA1}, - {"SHA256", tpm.AlgSHA256}, - {"SHA384", tpm.AlgSHA384}, + {"SHA1", TPMAlgSHA1}, + {"SHA256", TPMAlgSHA256}, + {"SHA384", TPMAlgSHA384}, } for _, c := range cases { @@ -66,13 +63,13 @@ func TestPCRReset(t *testing.T) { } authHandle := AuthHandle{ - Handle: tpm.Handle(DebugPCR), + Handle: TPMHandle(DebugPCR), Auth: PasswordAuth(nil), } pcrRead := PCRRead{ - PCRSelectionIn: tpml.PCRSelection{ - PCRSelections: []tpms.PCRSelection{ + PCRSelectionIn: TPMLPCRSelection{ + PCRSelections: []TPMSPCRSelection{ { Hash: c.hashalg, PCRSelect: PCRs, @@ -85,8 +82,8 @@ func TestPCRReset(t *testing.T) { for _, d := range extendstpm2[c.hashalg] { pcrExtend := PCRExtend{ PCRHandle: authHandle, - Digests: tpml.DigestValues{ - Digests: []tpmt.HA{ + Digests: TPMLDigestValues{ + Digests: []TPMTHA{ { HashAlg: c.hashalg, Digest: d.digest, diff --git a/tpm2/commands/policy_test.go b/tpm2/test/policy_test.go similarity index 82% rename from tpm2/commands/policy_test.go rename to tpm2/test/policy_test.go index 84737eea..ad0f7eea 100644 --- a/tpm2/commands/policy_test.go +++ b/tpm2/test/policy_test.go @@ -1,17 +1,11 @@ -package tpm2 +package tpm2test import ( "bytes" "crypto/sha1" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpml" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -19,29 +13,29 @@ import ( func signingKey(t *testing.T, thetpm transport.TPM) (NamedHandle, func()) { t.Helper() createPrimary := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, - InPublic: tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgECC, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + PrimaryHandle: TPMRHOwner, + InPublic: TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgECC, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ FixedTPM: true, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, SignEncrypt: true, }, - Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - Scheme: tpmt.ECCScheme{ - Scheme: tpm.AlgECDSA, - Details: tpmu.AsymScheme{ - ECDSA: &tpms.SigSchemeECDSA{ - HashAlg: tpm.AlgSHA256, + Parameters: TPMUPublicParms{ + ECCDetail: &TPMSECCParms{ + Scheme: TPMTECCScheme{ + Scheme: TPMAlgECDSA, + Details: TPMUAsymScheme{ + ECDSA: &TPMSSigSchemeECDSA{ + HashAlg: TPMAlgSHA256, }, }, }, - CurveID: tpm.ECCNistP256, + CurveID: TPMECCNistP256, }, }, }, @@ -69,15 +63,15 @@ func signingKey(t *testing.T, thetpm transport.TPM) (NamedHandle, func()) { func nvIndex(t *testing.T, thetpm transport.TPM) (NamedHandle, func()) { t.Helper() defSpace := NVDefineSpace{ - AuthHandle: tpm.RHOwner, - PublicInfo: tpm2b.NVPublic{ - NVPublic: tpms.NVPublic{ + AuthHandle: TPMRHOwner, + PublicInfo: TPM2BNVPublic{ + NVPublic: TPMSNVPublic{ NVIndex: 0x01800001, - NameAlg: tpm.AlgSHA256, - Attributes: tpma.NV{ + NameAlg: TPMAlgSHA256, + Attributes: TPMANV{ OwnerWrite: true, AuthRead: true, - NT: tpm.NTOrdinary, + NT: TPMNTOrdinary, }, }, }, @@ -95,10 +89,10 @@ func nvIndex(t *testing.T, thetpm transport.TPM) (NamedHandle, func()) { cleanup := func() { t.Helper() undefine := NVUndefineSpace{ - AuthHandle: tpm.RHOwner, + AuthHandle: TPMRHOwner, NVIndex: NamedHandle{ - defSpace.PublicInfo.NVPublic.NVIndex, - readRsp.NVName, + Handle: defSpace.PublicInfo.NVPublic.NVIndex, + Name: readRsp.NVName, }, } if err := undefine.Execute(thetpm); err != nil { @@ -122,7 +116,7 @@ func TestPolicySignedUpdate(t *testing.T) { defer cleanup() // Use a trial session to calculate this policy - sess, cleanup2, err := PolicySession(thetpm, tpm.AlgSHA256, 16, Trial()) + sess, cleanup2, err := PolicySession(thetpm, TPMAlgSHA256, 16, Trial()) if err != nil { t.Fatalf("setting up policy session: %v", err) } @@ -136,12 +130,12 @@ func TestPolicySignedUpdate(t *testing.T) { policySigned := PolicySigned{ AuthObject: sk, PolicySession: sess.Handle(), - PolicyRef: tpm2b.Nonce{Buffer: []byte{5, 6, 7, 8}}, - Auth: tpmt.Signature{ - SigAlg: tpm.AlgECDSA, - Signature: tpmu.Signature{ - ECDSA: &tpms.SignatureECC{ - Hash: tpm.AlgSHA256, + PolicyRef: TPM2BNonce{Buffer: []byte{5, 6, 7, 8}}, + Auth: TPMTSignature{ + SigAlg: TPMAlgECDSA, + Signature: TPMUSignature{ + ECDSA: &TPMSSignatureECC{ + Hash: TPMAlgSHA256, }, }, }, @@ -160,7 +154,7 @@ func TestPolicySignedUpdate(t *testing.T) { } // Use the policy helper to calculate the same policy - pol, err := NewPolicyCalculator(tpm.AlgSHA256) + pol, err := NewPolicyCalculator(TPMAlgSHA256) if err != nil { t.Fatalf("creating policy calculator: %v", err) } @@ -183,7 +177,7 @@ func TestPolicySecretUpdate(t *testing.T) { defer cleanup() // Use a trial session to calculate this policy - sess, cleanup2, err := PolicySession(thetpm, tpm.AlgSHA256, 16, Trial()) + sess, cleanup2, err := PolicySession(thetpm, TPMAlgSHA256, 16, Trial()) if err != nil { t.Fatalf("setting up policy session: %v", err) } @@ -200,7 +194,7 @@ func TestPolicySecretUpdate(t *testing.T) { Name: sk.Name, }, PolicySession: sess.Handle(), - PolicyRef: tpm2b.Nonce{Buffer: []byte{5, 6, 7, 8}}, + PolicyRef: TPM2BNonce{Buffer: []byte{5, 6, 7, 8}}, } if _, err := policySecret.Execute(thetpm); err != nil { @@ -216,7 +210,7 @@ func TestPolicySecretUpdate(t *testing.T) { } // Use the policy helper to calculate the same policy - pol, err := NewPolicyCalculator(tpm.AlgSHA256) + pol, err := NewPolicyCalculator(TPMAlgSHA256) if err != nil { t.Fatalf("creating policy calculator: %v", err) } @@ -236,7 +230,7 @@ func TestPolicyOrUpdate(t *testing.T) { defer thetpm.Close() // Use a trial session to calculate this policy - sess, cleanup2, err := PolicySession(thetpm, tpm.AlgSHA256, 16, Trial()) + sess, cleanup2, err := PolicySession(thetpm, TPMAlgSHA256, 16, Trial()) if err != nil { t.Fatalf("setting up policy session: %v", err) } @@ -249,8 +243,8 @@ func TestPolicyOrUpdate(t *testing.T) { policyOr := PolicyOr{ PolicySession: sess.Handle(), - PHashList: tpml.Digest{ - Digests: []tpm2b.Digest{ + PHashList: TPMLDigest{ + Digests: []TPM2BDigest{ {Buffer: []byte{1, 2, 3}}, {Buffer: []byte{4, 5, 6}}, }, @@ -270,7 +264,7 @@ func TestPolicyOrUpdate(t *testing.T) { } // Use the policy helper to calculate the same policy - pol, err := NewPolicyCalculator(tpm.AlgSHA256) + pol, err := NewPolicyCalculator(TPMAlgSHA256) if err != nil { t.Fatalf("creating policy calculator: %v", err) } @@ -282,7 +276,7 @@ func TestPolicyOrUpdate(t *testing.T) { } } -func getExpectedPCRDigest(t *testing.T, thetpm transport.TPM, selection tpml.PCRSelection, hashAlg tpm.AlgID) []byte { +func getExpectedPCRDigest(t *testing.T, thetpm transport.TPM, selection TPMLPCRSelection, hashAlg TPMAlgID) []byte { t.Helper() pcrRead := PCRRead{ PCRSelectionIn: selection, @@ -320,16 +314,16 @@ func TestPolicyPCR(t *testing.T) { t.Fatalf("Failed to create PCRSelection") } - selection := tpml.PCRSelection{ - PCRSelections: []tpms.PCRSelection{ + selection := TPMLPCRSelection{ + PCRSelections: []TPMSPCRSelection{ { - Hash: tpm.AlgSHA1, + Hash: TPMAlgSHA1, PCRSelect: PCRs, }, }, } - expectedDigest := getExpectedPCRDigest(t, thetpm, selection, tpm.AlgSHA1) + expectedDigest := getExpectedPCRDigest(t, thetpm, selection, TPMAlgSHA1) wrongDigest := sha1.Sum(expectedDigest[:]) @@ -349,7 +343,7 @@ func TestPolicyPCR(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - sess, cleanup2, err := PolicySession(thetpm, tpm.AlgSHA1, 16, tt.authOption...) + sess, cleanup2, err := PolicySession(thetpm, TPMAlgSHA1, 16, tt.authOption...) if err != nil { t.Fatalf("setting up policy session: %v", err) @@ -357,7 +351,7 @@ func TestPolicyPCR(t *testing.T) { policyPCR := PolicyPCR{ PolicySession: sess.Handle(), - PcrDigest: tpm2b.Digest{ + PcrDigest: TPM2BDigest{ Buffer: tt.pcrDigest, }, Pcrs: selection, @@ -385,7 +379,7 @@ func TestPolicyPCR(t *testing.T) { // If the pcrDigest is empty: see TPM 2.0 Part 3, 23.7. if tt.pcrDigest == nil { - expectedDigest := getExpectedPCRDigest(t, thetpm, selection, tpm.AlgSHA1) + expectedDigest := getExpectedPCRDigest(t, thetpm, selection, TPMAlgSHA1) t.Logf("expectedDigest=%x", expectedDigest) // Create a populated policyPCR for the PolicyCalculator @@ -393,7 +387,7 @@ func TestPolicyPCR(t *testing.T) { } // Use the policy helper to calculate the same policy - pol, err := NewPolicyCalculator(tpm.AlgSHA1) + pol, err := NewPolicyCalculator(TPMAlgSHA1) if err != nil { t.Fatalf("creating policy calculator: %v", err) } @@ -420,7 +414,7 @@ func TestPolicyCpHashUpdate(t *testing.T) { defer thetpm.Close() // Use a trial session to calculate this policy - sess, cleanup2, err := PolicySession(thetpm, tpm.AlgSHA256, 16, Trial()) + sess, cleanup2, err := PolicySession(thetpm, TPMAlgSHA256, 16, Trial()) if err != nil { t.Fatalf("setting up policy session: %v", err) } @@ -433,7 +427,7 @@ func TestPolicyCpHashUpdate(t *testing.T) { policyCpHash := PolicyCPHash{ PolicySession: sess.Handle(), - CPHashA: tpm2b.Digest{Buffer: []byte{ + CPHashA: TPM2BDigest{Buffer: []byte{ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}}, } @@ -451,7 +445,7 @@ func TestPolicyCpHashUpdate(t *testing.T) { } // Use the policy helper to calculate the same policy - pol, err := NewPolicyCalculator(tpm.AlgSHA256) + pol, err := NewPolicyCalculator(TPMAlgSHA256) if err != nil { t.Fatalf("creating policy calculator: %v", err) } @@ -471,7 +465,7 @@ func TestPolicyAuthorizeUpdate(t *testing.T) { defer thetpm.Close() // Use a trial session to calculate this policy - sess, cleanup2, err := PolicySession(thetpm, tpm.AlgSHA256, 16, Trial()) + sess, cleanup2, err := PolicySession(thetpm, TPMAlgSHA256, 16, Trial()) if err != nil { t.Fatalf("setting up policy session: %v", err) } @@ -487,11 +481,11 @@ func TestPolicyAuthorizeUpdate(t *testing.T) { policyAuthorize := PolicyAuthorize{ PolicySession: sess.Handle(), - PolicyRef: tpm2b.Digest{Buffer: []byte{5, 6, 7, 8}}, + PolicyRef: TPM2BDigest{Buffer: []byte{5, 6, 7, 8}}, KeySign: sk.Name, - CheckTicket: tpmt.TKVerified{ - Tag: tpm.STVerified, - Hierarchy: tpm.RHEndorsement, + CheckTicket: TPMTTKVerified{ + Tag: TPMSTVerified, + Hierarchy: TPMRHEndorsement, }, } @@ -508,7 +502,7 @@ func TestPolicyAuthorizeUpdate(t *testing.T) { } // Use the policy helper to calculate the same policy - pol, err := NewPolicyCalculator(tpm.AlgSHA256) + pol, err := NewPolicyCalculator(TPMAlgSHA256) if err != nil { t.Fatalf("creating policy calculator: %v", err) } @@ -528,7 +522,7 @@ func TestPolicyNVWrittenUpdate(t *testing.T) { defer thetpm.Close() // Use a trial session to calculate this policy - sess, cleanup2, err := PolicySession(thetpm, tpm.AlgSHA256, 16, Trial()) + sess, cleanup2, err := PolicySession(thetpm, TPMAlgSHA256, 16, Trial()) if err != nil { t.Fatalf("setting up policy session: %v", err) } @@ -557,7 +551,7 @@ func TestPolicyNVWrittenUpdate(t *testing.T) { } // Use the policy helper to calculate the same policy - pol, err := NewPolicyCalculator(tpm.AlgSHA256) + pol, err := NewPolicyCalculator(TPMAlgSHA256) if err != nil { t.Fatalf("creating policy calculator: %v", err) } @@ -580,7 +574,7 @@ func TestPolicyNVUpdate(t *testing.T) { defer cleanup() // Use a trial session to calculate this policy - sess, cleanup2, err := PolicySession(thetpm, tpm.AlgSHA256, 16, Trial()) + sess, cleanup2, err := PolicySession(thetpm, TPMAlgSHA256, 16, Trial()) if err != nil { t.Fatalf("setting up policy session: %v", err) } @@ -595,9 +589,9 @@ func TestPolicyNVUpdate(t *testing.T) { AuthHandle: NamedHandle{Handle: nv.Handle, Name: nv.Name}, PolicySession: sess.Handle(), NVIndex: nv, - OperandB: tpm2b.Operand{Buffer: []byte("operandB")}, + OperandB: TPM2BOperand{Buffer: []byte("operandB")}, Offset: 2, - Operation: tpm.EOSignedLE, + Operation: TPMEOSignedLE, } if err := policyNV.Execute(thetpm); err != nil { @@ -613,7 +607,7 @@ func TestPolicyNVUpdate(t *testing.T) { } // Use the policy helper to calculate the same policy - pol, err := NewPolicyCalculator(tpm.AlgSHA256) + pol, err := NewPolicyCalculator(TPMAlgSHA256) if err != nil { t.Fatalf("creating policy calculator: %v", err) } @@ -636,7 +630,7 @@ func TestPolicyAuthorizeNVUpdate(t *testing.T) { defer cleanup() // Use a trial session to calculate this policy - sess, cleanup2, err := PolicySession(thetpm, tpm.AlgSHA256, 16, Trial()) + sess, cleanup2, err := PolicySession(thetpm, TPMAlgSHA256, 16, Trial()) if err != nil { t.Fatalf("setting up policy session: %v", err) } @@ -666,7 +660,7 @@ func TestPolicyAuthorizeNVUpdate(t *testing.T) { } // Use the policy helper to calculate the same policy - pol, err := NewPolicyCalculator(tpm.AlgSHA256) + pol, err := NewPolicyCalculator(TPMAlgSHA256) if err != nil { t.Fatalf("creating policy calculator: %v", err) } @@ -686,7 +680,7 @@ func TestPolicyCommandCodeUpdate(t *testing.T) { defer thetpm.Close() // Use a trial session to calculate this policy - sess, cleanup2, err := PolicySession(thetpm, tpm.AlgSHA256, 16, Trial()) + sess, cleanup2, err := PolicySession(thetpm, TPMAlgSHA256, 16, Trial()) if err != nil { t.Fatalf("setting up policy session: %v", err) } @@ -699,7 +693,7 @@ func TestPolicyCommandCodeUpdate(t *testing.T) { pcc := PolicyCommandCode{ PolicySession: sess.Handle(), - Code: tpm.CCCreate, + Code: TPMCCCreate, } if err := pcc.Execute(thetpm); err != nil { t.Fatalf("executing PolicyCommandCode: %v", err) @@ -714,7 +708,7 @@ func TestPolicyCommandCodeUpdate(t *testing.T) { } // Use the policy helper to calculate the same policy - pol, err := NewPolicyCalculator(tpm.AlgSHA256) + pol, err := NewPolicyCalculator(TPMAlgSHA256) if err != nil { t.Fatalf("creating policy calculator: %v", err) } diff --git a/tpm2/commands/read_public_test.go b/tpm2/test/read_public_test.go similarity index 77% rename from tpm2/commands/read_public_test.go rename to tpm2/test/read_public_test.go index 03529d99..7e9f77cf 100644 --- a/tpm2/commands/read_public_test.go +++ b/tpm2/test/read_public_test.go @@ -1,15 +1,10 @@ -package tpm2 +package tpm2test import ( "testing" "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) @@ -27,31 +22,31 @@ func TestReadPublicKey(t *testing.T) { // Fill in the CreatePrimary struct. // See definition in Part 3, Commands, section 24.1. - // See tpm2/templates/templates.go for more tpmt.Public examples. + // See tpm2/templates/go for more TPMTPublic examples. createPrimary := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, - InPublic: tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgECC, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + PrimaryHandle: TPMRHOwner, + InPublic: TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgECC, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ FixedTPM: true, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, SignEncrypt: true, }, - Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - Scheme: tpmt.ECCScheme{ - Scheme: tpm.AlgECDSA, - Details: tpmu.AsymScheme{ - ECDSA: &tpms.SigSchemeECDSA{ - HashAlg: tpm.AlgSHA256, + Parameters: TPMUPublicParms{ + ECCDetail: &TPMSECCParms{ + Scheme: TPMTECCScheme{ + Scheme: TPMAlgECDSA, + Details: TPMUAsymScheme{ + ECDSA: &TPMSSigSchemeECDSA{ + HashAlg: TPMAlgSHA256, }, }, }, - CurveID: tpm.ECCNistP256, + CurveID: TPMECCNistP256, }, }, }, @@ -91,7 +86,7 @@ func TestReadPublicKey(t *testing.T) { t.Fatalf("ReadPublic failed: %v", err) } - // PublicArea.Unique represents the unique identifier of the TPMT.Public. + // PublicArea.Unique represents the unique identifier of the TPMTPublic. // Notice how this test uses verification of another TPM command that is // able to produce similar results to validate the response. rspCPUnique := rspCP.OutPublic.PublicArea.Unique diff --git a/tpm2/commands/sealing_test.go b/tpm2/test/sealing_test.go similarity index 80% rename from tpm2/commands/sealing_test.go rename to tpm2/test/sealing_test.go index 10b0446b..a4904960 100644 --- a/tpm2/commands/sealing_test.go +++ b/tpm2/test/sealing_test.go @@ -1,24 +1,19 @@ -package tpm2 +package tpm2test import ( "bytes" "errors" "testing" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/templates" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" ) // Test creating and unsealing a sealed data blob with a password and HMAC. func TestUnseal(t *testing.T) { - templates := map[string]tpmt.Public{ - "RSA": templates.RSASRKTemplate, - "ECC": templates.ECCSRKTemplate, + templates := map[string]TPMTPublic{ + "RSA": RSASRKTemplate, + "ECC": ECCSRKTemplate, } // Run the whole test for each of RSA and ECC SRKs. @@ -29,7 +24,7 @@ func TestUnseal(t *testing.T) { } } -func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { +func unsealingTest(t *testing.T, srkTemplate TPMTPublic) { thetpm, err := simulator.OpenSimulator() if err != nil { t.Fatalf("could not connect to TPM simulator: %v", err) @@ -40,15 +35,15 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { // Put a password on the SRK to test more of the flows. srkAuth := []byte("mySRK") createSRKCmd := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, - InSensitive: tpm2b.SensitiveCreate{ - Sensitive: tpms.SensitiveCreate{ - UserAuth: tpm2b.Auth{ + PrimaryHandle: TPMRHOwner, + InSensitive: TPM2BSensitiveCreate{ + Sensitive: TPMSSensitiveCreate{ + UserAuth: TPM2BAuth{ Buffer: srkAuth, }, }, }, - InPublic: tpm2b.Public{ + InPublic: TPM2BPublic{ PublicArea: srkTemplate, }, } @@ -59,7 +54,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { t.Logf("SRK name: %x", createSRKRsp.Name) defer func() { // Flush the SRK - flushSRKCmd := FlushContext{createSRKRsp.ObjectHandle} + flushSRKCmd := FlushContext{FlushHandle: createSRKRsp.ObjectHandle} if err := flushSRKCmd.Execute(thetpm); err != nil { t.Errorf("%v", err) } @@ -76,21 +71,21 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { Name: createSRKRsp.Name, Auth: PasswordAuth(srkAuth), }, - InSensitive: tpm2b.SensitiveCreate{ - Sensitive: tpms.SensitiveCreate{ - UserAuth: tpm2b.Auth{ + InSensitive: TPM2BSensitiveCreate{ + Sensitive: TPMSSensitiveCreate{ + UserAuth: TPM2BAuth{ Buffer: auth, }, - Data: tpm2b.SensitiveData{ + Data: TPM2BSensitiveData{ Buffer: data, }, }, }, - InPublic: tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgKeyedHash, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + InPublic: TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgKeyedHash, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ FixedTPM: true, FixedParent: true, UserWithAuth: true, @@ -114,7 +109,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { createBlobCmd.ParentHandle = AuthHandle{ Handle: createSRKRsp.ObjectHandle, Name: createSRKRsp.Name, - Auth: HMAC(tpm.AlgSHA256, 16, Auth(srkAuth), AuditExclusive()), + Auth: HMAC(TPMAlgSHA256, 16, Auth(srkAuth), AuditExclusive()), } createBlobRsp, err = createBlobCmd.Execute(thetpm) @@ -128,7 +123,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { createBlobCmd.ParentHandle = AuthHandle{ Handle: createSRKRsp.ObjectHandle, Name: createSRKRsp.Name, - Auth: HMAC(tpm.AlgSHA256, 16, Auth(srkAuth), AESEncryption(128, EncryptIn)), + Auth: HMAC(TPMAlgSHA256, 16, Auth(srkAuth), AESEncryption(128, EncryptIn)), } createBlobRsp, err = createBlobCmd.Execute(thetpm) if err != nil { @@ -141,7 +136,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { createBlobCmd.ParentHandle = AuthHandle{ Handle: createSRKRsp.ObjectHandle, Name: createSRKRsp.Name, - Auth: HMAC(tpm.AlgSHA256, 16, Auth(srkAuth), AESEncryption(128, EncryptOut)), + Auth: HMAC(TPMAlgSHA256, 16, Auth(srkAuth), AESEncryption(128, EncryptOut)), } createBlobRsp, err = createBlobCmd.Execute(thetpm) if err != nil { @@ -154,7 +149,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { createBlobCmd.ParentHandle = AuthHandle{ Handle: createSRKRsp.ObjectHandle, Name: createSRKRsp.Name, - Auth: HMAC(tpm.AlgSHA256, 16, Auth(srkAuth), AESEncryption(128, EncryptInOut)), + Auth: HMAC(TPMAlgSHA256, 16, Auth(srkAuth), AESEncryption(128, EncryptInOut)), } createBlobRsp, err = createBlobCmd.Execute(thetpm) if err != nil { @@ -167,7 +162,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { createBlobCmd.ParentHandle = AuthHandle{ Handle: createSRKRsp.ObjectHandle, Name: createSRKRsp.Name, - Auth: HMAC(tpm.AlgSHA256, 16, Auth(srkAuth), + Auth: HMAC(TPMAlgSHA256, 16, Auth(srkAuth), AESEncryption(128, EncryptInOut), Audit()), } @@ -182,7 +177,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { createBlobCmd.ParentHandle = AuthHandle{ Handle: createSRKRsp.ObjectHandle, Name: createSRKRsp.Name, - Auth: HMAC(tpm.AlgSHA256, 16, Auth(srkAuth), + Auth: HMAC(TPMAlgSHA256, 16, Auth(srkAuth), AESEncryption(128, EncryptInOut), Salted(createSRKRsp.ObjectHandle, createSRKRsp.OutPublic.PublicArea)), } @@ -197,12 +192,12 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { createBlobCmd.ParentHandle = AuthHandle{ Handle: createSRKRsp.ObjectHandle, Name: createSRKRsp.Name, - Auth: HMAC(tpm.AlgSHA256, 16, Auth(srkAuth)), + Auth: HMAC(TPMAlgSHA256, 16, Auth(srkAuth)), } // Create the blob with a separate decrypt and encrypt session t.Run("CreateDecryptEncryptSeparate", func(t *testing.T) { createBlobRsp, err = createBlobCmd.Execute(thetpm, - HMAC(tpm.AlgSHA256, 16, AESEncryption(128, EncryptInOut))) + HMAC(TPMAlgSHA256, 16, AESEncryption(128, EncryptInOut))) if err != nil { t.Fatalf("%v", err) } @@ -211,8 +206,8 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { // Create the blob with a separate decrypt and encrypt session, and another for audit t.Run("CreateDecryptEncryptAuditSeparate", func(t *testing.T) { createBlobRsp, err = createBlobCmd.Execute(thetpm, - HMAC(tpm.AlgSHA256, 16, AESEncryption(128, EncryptInOut)), - HMAC(tpm.AlgSHA256, 16, Audit())) + HMAC(TPMAlgSHA256, 16, AESEncryption(128, EncryptInOut)), + HMAC(TPMAlgSHA256, 16, Audit())) if err != nil { t.Fatalf("%v", err) } @@ -221,8 +216,8 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { // Create the blob with a separate decrypt and encrypt session, and another for exclusive audit t.Run("CreateDecryptEncryptAuditExclusiveSeparate", func(t *testing.T) { createBlobRsp, err = createBlobCmd.Execute(thetpm, - HMAC(tpm.AlgSHA256, 16, AESEncryption(128, EncryptInOut)), - HMAC(tpm.AlgSHA256, 16, AuditExclusive())) + HMAC(TPMAlgSHA256, 16, AESEncryption(128, EncryptInOut)), + HMAC(TPMAlgSHA256, 16, AuditExclusive())) if err != nil { t.Fatalf("%v", err) } @@ -232,8 +227,8 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { t.Run("CreateDecryptEncrypt2Separate", func(t *testing.T) { createBlobRsp, err = createBlobCmd.Execute(thetpm, // Get weird with the algorithm and nonce choices. Mix lots of things together. - HMAC(tpm.AlgSHA1, 20, AESEncryption(128, EncryptIn)), - HMAC(tpm.AlgSHA384, 23, AESEncryption(128, EncryptOut))) + HMAC(TPMAlgSHA1, 20, AESEncryption(128, EncryptIn)), + HMAC(TPMAlgSHA384, 23, AESEncryption(128, EncryptOut))) if err != nil { t.Fatalf("%v", err) } @@ -244,8 +239,8 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { // nonceTPM_decrypt, nonceTPM_encrypt, so this exercises that) t.Run("CreateDecryptEncrypt2Separate", func(t *testing.T) { createBlobRsp, err = createBlobCmd.Execute(thetpm, - HMAC(tpm.AlgSHA1, 17, AESEncryption(128, EncryptOut)), - HMAC(tpm.AlgSHA256, 32, AESEncryption(128, EncryptIn))) + HMAC(TPMAlgSHA1, 17, AESEncryption(128, EncryptOut)), + HMAC(TPMAlgSHA256, 32, AESEncryption(128, EncryptIn))) if err != nil { t.Fatalf("%v", err) } @@ -256,7 +251,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { ParentHandle: AuthHandle{ Handle: createSRKRsp.ObjectHandle, Name: createSRKRsp.Name, - Auth: HMAC(tpm.AlgSHA256, 16, Auth(srkAuth)), + Auth: HMAC(TPMAlgSHA256, 16, Auth(srkAuth)), }, InPrivate: createBlobRsp.OutPrivate, InPublic: createBlobRsp.OutPublic, @@ -267,7 +262,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { } defer func() { // Flush the blob - flushBlobCmd := FlushContext{loadBlobRsp.ObjectHandle} + flushBlobCmd := FlushContext{FlushHandle: loadBlobRsp.ObjectHandle} if err := flushBlobCmd.Execute(thetpm); err != nil { t.Errorf("%v", err) } @@ -304,10 +299,10 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { Auth: PasswordAuth([]byte("NotThePassword")), } _, err := unsealCmd.Execute(thetpm) - if !errors.Is(err, tpm.RCBadAuth) { + if !errors.Is(err, TPMRCBadAuth) { t.Errorf("want TPM_RC_BAD_AUTH, got %v", err) } - var fmt1 tpm.Fmt1Error + var fmt1 TPMFmt1Error if !errors.As(err, &fmt1) { t.Errorf("want a Fmt1Error, got %v", err) } else if isSession, session := fmt1.Session(); !isSession || session != 1 { @@ -320,7 +315,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { unsealCmd.ItemHandle = AuthHandle{ Handle: loadBlobRsp.ObjectHandle, Name: loadBlobRsp.Name, - Auth: HMAC(tpm.AlgSHA256, 16, Auth(auth2)), + Auth: HMAC(TPMAlgSHA256, 16, Auth(auth2)), } unsealRsp, err := unsealCmd.Execute(thetpm) if err != nil { @@ -336,7 +331,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { unsealCmd.ItemHandle = AuthHandle{ Handle: loadBlobRsp.ObjectHandle, Name: loadBlobRsp.Name, - Auth: HMAC(tpm.AlgSHA256, 16, Auth(auth2), + Auth: HMAC(TPMAlgSHA256, 16, Auth(auth2), AESEncryption(128, EncryptOut)), } unsealRsp, err := unsealCmd.Execute(thetpm) @@ -350,7 +345,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { // Unseal the blob with a standalone HMAC session, re-using the session. t.Run("WithHMACSession", func(t *testing.T) { - sess, cleanup, err := HMACSession(thetpm, tpm.AlgSHA1, 20, Auth(auth2)) + sess, cleanup, err := HMACSession(thetpm, TPMAlgSHA1, 20, Auth(auth2)) if err != nil { t.Fatalf("%v", err) } @@ -376,7 +371,7 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { // Unseal the blob with a standalone bound HMAC session, re-using the session. // Also, use session encryption. t.Run("WithHMACSessionEncrypt", func(t *testing.T) { - sess, cleanup, err := HMACSession(thetpm, tpm.AlgSHA256, 16, Auth(auth2), + sess, cleanup, err := HMACSession(thetpm, TPMAlgSHA256, 16, Auth(auth2), AESEncryption(128, EncryptOut), Bound(createSRKRsp.ObjectHandle, createSRKRsp.Name, srkAuth)) if err != nil { @@ -404,12 +399,12 @@ func unsealingTest(t *testing.T, srkTemplate tpmt.Public) { // Unseal the blob with a standalone HMAC session, re-using the session. // Spin up another bound session for encryption. t.Run("WithHMACSessionEncryptSeparate", func(t *testing.T) { - sess1, cleanup1, err := HMACSession(thetpm, tpm.AlgSHA1, 16, Auth(auth2)) + sess1, cleanup1, err := HMACSession(thetpm, TPMAlgSHA1, 16, Auth(auth2)) if err != nil { t.Fatalf("%v", err) } defer cleanup1() - sess2, cleanup2, err := HMACSession(thetpm, tpm.AlgSHA384, 16, + sess2, cleanup2, err := HMACSession(thetpm, TPMAlgSHA384, 16, AESEncryption(128, EncryptOut), Bound(createSRKRsp.ObjectHandle, createSRKRsp.Name, srkAuth)) if err != nil { diff --git a/tpm2/commands/sign_test.go b/tpm2/test/sign_test.go similarity index 67% rename from tpm2/commands/sign_test.go rename to tpm2/test/sign_test.go index 54a25401..806a38fe 100644 --- a/tpm2/commands/sign_test.go +++ b/tpm2/test/sign_test.go @@ -1,4 +1,4 @@ -package tpm2 +package tpm2test import ( "crypto" @@ -9,14 +9,7 @@ import ( "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm/tpm2/helpers" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpma" - "github.com/google/go-tpm/tpm2/structures/tpml" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" - "github.com/google/go-tpm/tpm2/structures/tpmu" + . "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport/simulator" "github.com/google/go-tpm/tpmutil" ) @@ -74,26 +67,26 @@ func TestSign(t *testing.T) { } createPrimary := CreatePrimary{ - PrimaryHandle: tpm.RHOwner, + PrimaryHandle: TPMRHOwner, - InPublic: tpm2b.Public{ - PublicArea: tpmt.Public{ - Type: tpm.AlgRSA, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ + InPublic: TPM2BPublic{ + PublicArea: TPMTPublic{ + Type: TPMAlgRSA, + NameAlg: TPMAlgSHA256, + ObjectAttributes: TPMAObject{ SignEncrypt: true, FixedTPM: true, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, }, - Parameters: tpmu.PublicParms{ - RSADetail: &tpms.RSAParms{ - Scheme: tpmt.RSAScheme{ - Scheme: tpm.AlgRSASSA, - Details: tpmu.AsymScheme{ - RSASSA: &tpms.SigSchemeRSASSA{ - HashAlg: tpm.AlgSHA256, + Parameters: TPMUPublicParms{ + RSADetail: &TPMSRSAParms{ + Scheme: TPMTRSAScheme{ + Scheme: TPMAlgRSASSA, + Details: TPMUAsymScheme{ + RSASSA: &TPMSSigSchemeRSASSA{ + HashAlg: TPMAlgSHA256, }, }, }, @@ -102,10 +95,10 @@ func TestSign(t *testing.T) { }, }, }, - CreationPCR: tpml.PCRSelection{ - PCRSelections: []tpms.PCRSelection{ + CreationPCR: TPMLPCRSelection{ + PCRSelections: []TPMSPCRSelection{ { - Hash: tpm.AlgSHA1, + Hash: TPMAlgSHA1, PCRSelect: PCR7, }, }, @@ -127,19 +120,19 @@ func TestSign(t *testing.T) { Handle: rspCP.ObjectHandle, Name: rspCP.Name, }, - Digest: tpm2b.Digest{ + Digest: TPM2BDigest{ Buffer: digest[:], }, - InScheme: tpmt.SigScheme{ - Scheme: tpm.AlgRSASSA, - Details: tpmu.SigScheme{ - RSASSA: &tpms.SchemeHash{ - HashAlg: tpm.AlgSHA256, + InScheme: TPMTSigScheme{ + Scheme: TPMAlgRSASSA, + Details: TPMUSigScheme{ + RSASSA: &TPMSSchemeHash{ + HashAlg: TPMAlgSHA256, }, }, }, - Validation: tpmt.TKHashCheck{ - Tag: tpm.STHashCheck, + Validation: TPMTTKHashCheck{ + Tag: TPMSTHashCheck, }, } @@ -149,7 +142,7 @@ func TestSign(t *testing.T) { } pub := rspCP.OutPublic.PublicArea - rsaPub, err := helpers.RSAPub(pub.Parameters.RSADetail, pub.Unique.RSA) + rsaPub, err := RSAPub(pub.Parameters.RSADetail, pub.Unique.RSA) if err != nil { t.Fatalf("Failed to retrieve Public Key: %v", err) } diff --git a/tpm2/commands/tpm2.go b/tpm2/tpm2.go similarity index 77% rename from tpm2/commands/tpm2.go rename to tpm2/tpm2.go index 4a75c3fb..3407e19d 100644 --- a/tpm2/commands/tpm2.go +++ b/tpm2/tpm2.go @@ -1,16 +1,10 @@ -// Package tpm2 contains TPM 2.0 commands +// Package tpm2 contains TPM 2.0 commands and structures. package tpm2 import ( "bytes" "encoding/binary" - "github.com/google/go-tpm/tpm2/structures/tpm" - "github.com/google/go-tpm/tpm2/structures/tpm2b" - "github.com/google/go-tpm/tpm2/structures/tpmi" - "github.com/google/go-tpm/tpm2/structures/tpml" - "github.com/google/go-tpm/tpm2/structures/tpms" - "github.com/google/go-tpm/tpm2/structures/tpmt" "github.com/google/go-tpm/tpm2/transport" ) @@ -19,38 +13,46 @@ import ( // there is a known associated name. // This is not an exported interface, because the reflection logic has special // behavior for AuthHandle, due to the fact that referencing Session from this -// interface would break the ability to make tpm.Handle implement it. +// interface would break the ability to make TPMHandle implement it. type handle interface { // HandleValue is the numeric concrete handle value in the TPM. HandleValue() uint32 // KnownName is the TPM Name of the associated entity. See Part 1, section 16. - KnownName() *tpm2b.Name + KnownName() *TPM2BName } // NamedHandle represents an associated pairing of TPM handle and known Name. type NamedHandle struct { - tpm.Handle - Name tpm2b.Name + Handle TPMHandle + Name TPM2BName } -// KnownName implements the handle interface, shadowing the default -// behavior of the embedded tpm.Handle. -func (h NamedHandle) KnownName() *tpm2b.Name { +// HandleValue implements the handle interface. +func (h NamedHandle) HandleValue() uint32 { + return h.Handle.HandleValue() +} + +// KnownName implements the handle interface. +func (h NamedHandle) KnownName() *TPM2BName { return &h.Name } // AuthHandle allows the caller to add an authorization session onto a handle. type AuthHandle struct { - tpm.Handle - Name tpm2b.Name - Auth Session + Handle TPMHandle + Name TPM2BName + Auth Session +} + +// HandleValue implements the handle interface. +func (h AuthHandle) HandleValue() uint32 { + return h.Handle.HandleValue() } -// KnownName implements the handle interface, shadowing the default -// behavior of the embedded tpm.Handle if needed. +// KnownName implements the handle interface. // If Name is not provided (i.e., only Auth), then rely on the underlying -// tpm.Handle. -func (h AuthHandle) KnownName() *tpm2b.Name { +// TPMHandle. +func (h AuthHandle) KnownName() *TPM2BName { if len(h.Name.Buffer) != 0 { return &h.Name } @@ -63,7 +65,7 @@ func (h AuthHandle) KnownName() *tpm2b.Name { // command/response matching. type Command interface { // The TPM command code associated with this command. - Command() tpm.CC + Command() TPMCC } // Response is a placeholder interface for TPM response structures so that they @@ -73,7 +75,7 @@ type Command interface { // See https://go.dev/blog/laws-of-reflection type Response interface { // The TPM command code associated with this response. - Response() tpm.CC + Response() TPMCC } // PolicyCommand is a TPM command that can be part of a TPM policy. @@ -83,18 +85,19 @@ type PolicyCommand interface { Update(policy *PolicyCalculator) error } -// Shutdown is the input to TPM2_Shutdown. +// Shutdown_ is the input to TPM2_Shutdown. // See definition in Part 3, Commands, section 9.4. -type Shutdown struct { +// TODO: Rename this to Startup after adapter.go is deleted. +type Shutdown_ struct { // TPM_SU_CLEAR or TPM_SU_STATE - ShutdownType tpm.SU + ShutdownType TPMSU } // Command implements the Command interface. -func (*Shutdown) Command() tpm.CC { return tpm.CCShutdown } +func (*Shutdown_) Command() TPMCC { return TPMCCShutdown } // Execute executes the command and returns the response. -func (cmd *Shutdown) Execute(t transport.TPM, s ...Session) error { +func (cmd *Shutdown_) Execute(t transport.TPM, s ...Session) error { var rsp ShutdownResponse return execute(t, cmd, &rsp, s...) } @@ -103,20 +106,21 @@ func (cmd *Shutdown) Execute(t transport.TPM, s ...Session) error { type ShutdownResponse struct{} // Response implements the Response interface. -func (*ShutdownResponse) Response() tpm.CC { return tpm.CCShutdown } +func (*ShutdownResponse) Response() TPMCC { return TPMCCShutdown } -// Startup is the input to TPM2_Startup. +// Startup_ is the input to TPM2_Startup. // See definition in Part 3, Commands, section 9.3. -type Startup struct { +// TODO: Rename this to Startup after adapter.go is deleted. +type Startup_ struct { // TPM_SU_CLEAR or TPM_SU_STATE - StartupType tpm.SU + StartupType TPMSU } // Command implements the Command interface. -func (*Startup) Command() tpm.CC { return tpm.CCStartup } +func (*Startup_) Command() TPMCC { return TPMCCStartup } // Execute executes the command and returns the response. -func (cmd *Startup) Execute(t transport.TPM, s ...Session) error { +func (cmd *Startup_) Execute(t transport.TPM, s ...Session) error { var rsp StartupResponse return execute(t, cmd, &rsp, s...) } @@ -125,7 +129,7 @@ func (cmd *Startup) Execute(t transport.TPM, s ...Session) error { type StartupResponse struct{} // Response implements the Response interface. -func (*StartupResponse) Response() tpm.CC { return tpm.CCStartup } +func (*StartupResponse) Response() TPMCC { return TPMCCStartup } // StartAuthSession is the input to TPM2_StartAuthSession. // See definition in Part 3, Commands, section 11.1 @@ -138,23 +142,23 @@ type StartAuthSession struct { Bind handle `gotpm:"handle,nullable"` // initial nonceCaller, sets nonceTPM size for the session // shall be at least 16 octets - NonceCaller tpm2b.Nonce + NonceCaller TPM2BNonce // value encrypted according to the type of tpmKey // If tpmKey is TPM_RH_NULL, this shall be the Empty Buffer. - EncryptedSalt tpm2b.EncryptedSecret + EncryptedSalt TPM2BEncryptedSecret // indicates the type of the session; simple HMAC or policy (including // a trial policy) - SessionType tpm.SE + SessionType TPMSE // the algorithm and key size for parameter encryption // may select transport.TPM_ALG_NULL - Symmetric tpmt.SymDef + Symmetric TPMTSymDef // hash algorithm to use for the session // Shall be a hash algorithm supported by the TPM and not transport.TPM_ALG_NULL - AuthHash tpmi.AlgHash + AuthHash TPMIAlgHash } // Command implements the Command interface. -func (*StartAuthSession) Command() tpm.CC { return tpm.CCStartAuthSession } +func (*StartAuthSession) Command() TPMCC { return TPMCCStartAuthSession } // Execute executes the command and returns the response. func (cmd *StartAuthSession) Execute(t transport.TPM, s ...Session) (*StartAuthSessionResponse, error) { @@ -168,13 +172,13 @@ func (cmd *StartAuthSession) Execute(t transport.TPM, s ...Session) (*StartAuthS // StartAuthSessionResponse is the response from TPM2_StartAuthSession. type StartAuthSessionResponse struct { // handle for the newly created session - SessionHandle tpmi.SHAuthSession `gotpm:"handle"` + SessionHandle TPMISHAuthSession `gotpm:"handle"` // the initial nonce from the TPM, used in the computation of the sessionKey - NonceTPM tpm2b.Nonce + NonceTPM TPM2BNonce } // Response implements the Response interface. -func (*StartAuthSessionResponse) Response() tpm.CC { return tpm.CCStartAuthSession } +func (*StartAuthSessionResponse) Response() TPMCC { return TPMCCStartAuthSession } // Create is the input to TPM2_Create. // See definition in Part 3, Commands, section 12.1 @@ -182,19 +186,19 @@ type Create struct { // handle of parent for new object ParentHandle handle `gotpm:"handle,auth"` // the sensitive data - InSensitive tpm2b.SensitiveCreate + InSensitive TPM2BSensitiveCreate // the public template - InPublic tpm2b.Public + InPublic TPM2BPublic // data that will be included in the creation data for this // object to provide permanent, verifiable linkage between this // object and some object owner data - OutsideInfo tpm2b.Data + OutsideInfo TPM2BData // PCR that will be used in creation data - CreationPCR tpml.PCRSelection + CreationPCR TPMLPCRSelection } // Command implements the Command interface. -func (*Create) Command() tpm.CC { return tpm.CCCreate } +func (*Create) Command() TPMCC { return TPMCCCreate } // Execute executes the command and returns the response. func (cmd *Create) Execute(t transport.TPM, s ...Session) (*CreateResponse, error) { @@ -208,20 +212,20 @@ func (cmd *Create) Execute(t transport.TPM, s ...Session) (*CreateResponse, erro // CreateResponse is the response from TPM2_Create. type CreateResponse struct { // the private portion of the object - OutPrivate tpm2b.Private + OutPrivate TPM2BPrivate // the public portion of the created object - OutPublic tpm2b.Public - // contains a tpms._CREATION_DATA - CreationData tpm2b.CreationData + OutPublic TPM2BPublic + // contains a TPMS_CREATION_DATA + CreationData TPM2BCreationData // digest of creationData using nameAlg of outPublic - CreationHash tpm2b.Digest + CreationHash TPM2BDigest // ticket used by TPM2_CertifyCreation() to validate that the - // creation data was produced by the TPM - CreationTicket tpmt.TKCreation + // creation data was produced by the TPM. + CreationTicket TPMTTKCreation } // Response implements the Response interface. -func (*CreateResponse) Response() tpm.CC { return tpm.CCCreate } +func (*CreateResponse) Response() TPMCC { return TPMCCCreate } // Load is the input to TPM2_Load. // See definition in Part 3, Commands, section 12.2 @@ -229,13 +233,13 @@ type Load struct { // handle of parent for new object ParentHandle handle `gotpm:"handle,auth"` // the private portion of the object - InPrivate tpm2b.Private + InPrivate TPM2BPrivate // the public portion of the object - InPublic tpm2b.Public + InPublic TPM2BPublic } // Command implements the Command interface. -func (*Load) Command() tpm.CC { return tpm.CCLoad } +func (*Load) Command() TPMCC { return TPMCCLoad } // Execute executes the command and returns the response. func (cmd *Load) Execute(t transport.TPM, s ...Session) (*LoadResponse, error) { @@ -249,27 +253,27 @@ func (cmd *Load) Execute(t transport.TPM, s ...Session) (*LoadResponse, error) { // LoadResponse is the response from TPM2_Load. type LoadResponse struct { // handle of type TPM_HT_TRANSIENT for loaded object - ObjectHandle tpm.Handle `gotpm:"handle"` + ObjectHandle TPMHandle `gotpm:"handle"` // Name of the loaded object - Name tpm2b.Name + Name TPM2BName } // Response implements the Response interface. -func (*LoadResponse) Response() tpm.CC { return tpm.CCLoad } +func (*LoadResponse) Response() TPMCC { return TPMCCLoad } // LoadExternal is the input to TPM2_LoadExternal. // See definition in Part 3, Commands, section 12.3 type LoadExternal struct { // the sensitive portion of the object (optional) - InPrivate *tpm2b.Sensitive `gotpm:"optional"` + InPrivate *TPM2BSensitive `gotpm:"optional"` // the public portion of the object - InPublic tpm2b.Public + InPublic TPM2BPublic // hierarchy with which the object area is associated - Hierarchy tpmi.RHHierarchy `gotpm:"nullable"` + Hierarchy TPMIRHHierarchy `gotpm:"nullable"` } // Command implements the Command interface. -func (*LoadExternal) Command() tpm.CC { return tpm.CCLoadExternal } +func (*LoadExternal) Command() TPMCC { return TPMCCLoadExternal } // Execute executes the command and returns the response. func (cmd *LoadExternal) Execute(t transport.TPM, s ...Session) (*LoadExternalResponse, error) { @@ -283,23 +287,23 @@ func (cmd *LoadExternal) Execute(t transport.TPM, s ...Session) (*LoadExternalRe // LoadExternalResponse is the response from TPM2_LoadExternal. type LoadExternalResponse struct { // handle of type TPM_HT_TRANSIENT for loaded object - ObjectHandle tpm.Handle `gotpm:"handle"` + ObjectHandle TPMHandle `gotpm:"handle"` // Name of the loaded object - Name tpm2b.Name + Name TPM2BName } // Response implements the Response interface. -func (*LoadExternalResponse) Response() tpm.CC { return tpm.CCLoadExternal } +func (*LoadExternalResponse) Response() TPMCC { return TPMCCLoadExternal } // ReadPublic is the input to TPM2_ReadPublic. // See definition in Part 3, Commands, section 12.4 type ReadPublic struct { // TPM handle of an object - ObjectHandle tpmi.DHObject `gotpm:"handle"` + ObjectHandle TPMIDHObject `gotpm:"handle"` } // Command implements the Command interface. -func (*ReadPublic) Command() tpm.CC { return tpm.CCReadPublic } +func (*ReadPublic) Command() TPMCC { return TPMCCReadPublic } // Execute executes the command and returns the response. func (cmd *ReadPublic) Execute(t transport.TPM, s ...Session) (*ReadPublicResponse, error) { @@ -313,15 +317,15 @@ func (cmd *ReadPublic) Execute(t transport.TPM, s ...Session) (*ReadPublicRespon // ReadPublicResponse is the response from TPM2_ReadPublic. type ReadPublicResponse struct { // structure containing the public area of an object - OutPublic tpm2b.Public + OutPublic TPM2BPublic // name of object - Name tpm2b.Name + Name TPM2BName // the Qualified Name of the object - QualifiedName tpm2b.Name + QualifiedName TPM2BName } // Response implements the Response interface. -func (*ReadPublicResponse) Response() tpm.CC { return tpm.CCReadPublic } +func (*ReadPublicResponse) Response() TPMCC { return TPMCCReadPublic } // ActivateCredential is the input to TPM2_ActivateCredential. // See definition in Part 3, Commands, section 12.5. @@ -331,13 +335,13 @@ type ActivateCredential struct { // loaded key used to decrypt the TPMS_SENSITIVE in credentialBlob KeyHandle handle `gotpm:"handle,auth"` // the credential - CredentialBlob tpm2b.IDObject + CredentialBlob TPM2BIDObject // keyHandle algorithm-dependent encrypted seed that protects credentialBlob - Secret tpm2b.EncryptedSecret + Secret TPM2BEncryptedSecret } // Command implements the Command interface. -func (*ActivateCredential) Command() tpm.CC { return tpm.CCActivateCredential } +func (*ActivateCredential) Command() TPMCC { return TPMCCActivateCredential } // Execute executes the command and returns the response. func (cmd *ActivateCredential) Execute(t transport.TPM, s ...Session) (*ActivateCredentialResponse, error) { @@ -351,25 +355,25 @@ func (cmd *ActivateCredential) Execute(t transport.TPM, s ...Session) (*Activate // ActivateCredentialResponse is the response from TPM2_ActivateCredential. type ActivateCredentialResponse struct { // the decrypted certificate information - CertInfo tpm2b.Digest + CertInfo TPM2BDigest } // Response implements the Response interface. -func (*ActivateCredentialResponse) Response() tpm.CC { return tpm.CCActivateCredential } +func (*ActivateCredentialResponse) Response() TPMCC { return TPMCCActivateCredential } // MakeCredential is the input to TPM2_MakeCredential. // See definition in Part 3, Commands, section 12.6. type MakeCredential struct { // loaded public area, used to encrypt the sensitive area containing the credential key - Handle tpmi.DHObject `gotpm:"handle"` + Handle TPMIDHObject `gotpm:"handle"` // the credential information - Credential tpm2b.Digest + Credential TPM2BDigest // Name of the object to which the credential applies - ObjectNamae tpm2b.Name + ObjectNamae TPM2BName } // Command implements the Command interface. -func (*MakeCredential) Command() tpm.CC { return tpm.CCMakeCredential } +func (*MakeCredential) Command() TPMCC { return TPMCCMakeCredential } // Execute executes the command and returns the response. func (cmd *MakeCredential) Execute(t transport.TPM, s ...Session) (*MakeCredentialResponse, error) { @@ -383,13 +387,13 @@ func (cmd *MakeCredential) Execute(t transport.TPM, s ...Session) (*MakeCredenti // MakeCredentialResponse is the response from TPM2_MakeCredential. type MakeCredentialResponse struct { // the credential - CredentialBlob tpm2b.IDObject + CredentialBlob TPM2BIDObject // handle algorithm-dependent data that wraps the key that encrypts credentialBlob - Secret tpm2b.EncryptedSecret + Secret TPM2BEncryptedSecret } // Response implements the Response interface. -func (*MakeCredentialResponse) Response() tpm.CC { return tpm.CCMakeCredential } +func (*MakeCredentialResponse) Response() TPMCC { return TPMCCMakeCredential } // Unseal is the input to TPM2_Unseal. // See definition in Part 3, Commands, section 12.7 @@ -398,7 +402,7 @@ type Unseal struct { } // Command implements the Command interface. -func (*Unseal) Command() tpm.CC { return tpm.CCUnseal } +func (*Unseal) Command() TPMCC { return TPMCCUnseal } // Execute executes the command and returns the response. func (cmd *Unseal) Execute(t transport.TPM, s ...Session) (*UnsealResponse, error) { @@ -411,11 +415,11 @@ func (cmd *Unseal) Execute(t transport.TPM, s ...Session) (*UnsealResponse, erro // UnsealResponse is the response from TPM2_Unseal. type UnsealResponse struct { - OutData tpm2b.SensitiveData + OutData TPM2BSensitiveData } // Response implements the Response interface. -func (*UnsealResponse) Response() tpm.CC { return tpm.CCUnseal } +func (*UnsealResponse) Response() TPMCC { return TPMCCUnseal } // CreateLoaded is the input to TPM2_CreateLoaded. // See definition in Part 3, Commands, section 12.9 @@ -424,13 +428,13 @@ type CreateLoaded struct { // TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM+{PP}, or TPM_RH_NULL ParentHandle handle `gotpm:"handle,auth,nullable"` // the sensitive data, see TPM 2.0 Part 1 Sensitive Values - InSensitive tpm2b.SensitiveCreate + InSensitive TPM2BSensitiveCreate // the public template - InPublic tpm2b.Template + InPublic TPM2BTemplate } // Command implements the Command interface. -func (*CreateLoaded) Command() tpm.CC { return tpm.CCCreateLoaded } +func (*CreateLoaded) Command() TPMCC { return TPMCCCreateLoaded } // Execute executes the command and returns the response. func (cmd *CreateLoaded) Execute(t transport.TPM, s ...Session) (*CreateLoadedResponse, error) { @@ -444,17 +448,17 @@ func (cmd *CreateLoaded) Execute(t transport.TPM, s ...Session) (*CreateLoadedRe // CreateLoadedResponse is the response from TPM2_CreateLoaded. type CreateLoadedResponse struct { // handle of type TPM_HT_TRANSIENT for loaded object - ObjectHandle tpm.Handle `gotpm:"handle"` + ObjectHandle TPMHandle `gotpm:"handle"` // the sensitive area of the object (optional) - OutPrivate tpm2b.Private `gotpm:"optional"` + OutPrivate TPM2BPrivate `gotpm:"optional"` // the public portion of the created object - OutPublic tpm2b.Public + OutPublic TPM2BPublic // the name of the created object - Name tpm2b.Name + Name TPM2BName } // Response implements the Response interface. -func (*CreateLoadedResponse) Response() tpm.CC { return tpm.CCCreateLoaded } +func (*CreateLoadedResponse) Response() TPMCC { return TPMCCCreateLoaded } // ECDHZGen is the input to TPM2_ECDHZGen. // See definition in Part 3, Commands, section 14.5 @@ -462,11 +466,11 @@ type ECDHZGen struct { // handle of a loaded ECC key KeyHandle handle `gotpm:"handle,auth"` // a public key - InPoint tpm2b.ECCPoint + InPoint TPM2BECCPoint } // Command implements the Command interface. -func (*ECDHZGen) Command() tpm.CC { return tpm.CCECDHZGen } +func (*ECDHZGen) Command() TPMCC { return TPMCCECDHZGen } // Execute executes the command and returns the response. func (cmd *ECDHZGen) Execute(t transport.TPM, s ...Session) (*ECDHZGenResponse, error) { @@ -480,25 +484,25 @@ func (cmd *ECDHZGen) Execute(t transport.TPM, s ...Session) (*ECDHZGenResponse, // ECDHZGenResponse is the response from TPM2_ECDHZGen. type ECDHZGenResponse struct { // X and Y coordinates of the product of the multiplication - OutPoint tpm2b.ECCPoint + OutPoint TPM2BECCPoint } // Response implements the Response interface. -func (*ECDHZGenResponse) Response() tpm.CC { return tpm.CCECDHZGen } +func (*ECDHZGenResponse) Response() TPMCC { return TPMCCECDHZGen } // Hash is the input to TPM2_Hash. // See definition in Part 3, Commands, section 15.4 type Hash struct { //data to be hashed - Data tpm2b.MaxBuffer + Data TPM2BMaxBuffer // algorithm for the hash being computed - shall not be TPM_ALH_NULL - HashAlg tpmi.AlgHash + HashAlg TPMIAlgHash // hierarchy to use for the ticket (TPM_RH_NULL_allowed) - Hierarchy tpmi.RHHierarchy `gotpm:"nullable"` + Hierarchy TPMIRHHierarchy `gotpm:"nullable"` } // Command implements the Command interface. -func (*Hash) Command() tpm.CC { return tpm.CCHash } +func (*Hash) Command() TPMCC { return TPMCCHash } // Execute executes the command and returns the response. func (cmd *Hash) Execute(t transport.TPM, s ...Session) (*HashResponse, error) { @@ -512,14 +516,14 @@ func (cmd *Hash) Execute(t transport.TPM, s ...Session) (*HashResponse, error) { // HashResponse is the response from TPM2_Hash. type HashResponse struct { // results - OutHash tpm2b.Digest + OutHash TPM2BDigest // ticket indicating that the sequence of octets used to // compute outDigest did not start with TPM_GENERATED_VALUE - Validation tpmt.TKHashCheck + Validation TPMTTKHashCheck } // Response implements the Response interface. -func (*HashResponse) Response() tpm.CC { return tpm.CCHash } +func (*HashResponse) Response() TPMCC { return TPMCCHash } // GetRandom is the input to TPM2_GetRandom. // See definition in Part 3, Commands, section 16.1 @@ -529,7 +533,7 @@ type GetRandom struct { } // Command implements the Command interface. -func (*GetRandom) Command() tpm.CC { return tpm.CCGetRandom } +func (*GetRandom) Command() TPMCC { return TPMCCGetRandom } // Execute executes the command and returns the response. func (cmd *GetRandom) Execute(t transport.TPM, s ...Session) (*GetRandomResponse, error) { @@ -543,24 +547,24 @@ func (cmd *GetRandom) Execute(t transport.TPM, s ...Session) (*GetRandomResponse // GetRandomResponse is the response from TPM2_GetRandom. type GetRandomResponse struct { // the random octets - RandomBytes tpm2b.Digest + RandomBytes TPM2BDigest } // Response implements the Response interface. -func (*GetRandomResponse) Response() tpm.CC { return tpm.CCGetRandom } +func (*GetRandomResponse) Response() TPMCC { return TPMCCGetRandom } // HashSequenceStart is the input to TPM2_HashSequenceStart. // See definition in Part 3, Commands, section 17.3 type HashSequenceStart struct { // authorization value for subsequent use of the sequence - Auth tpm2b.Auth + Auth TPM2BAuth // the hash algorithm to use for the hash sequence // An Event Sequence starts if this is TPM_ALG_NULL. - HashAlg tpmi.AlgHash + HashAlg TPMIAlgHash } // Command implements the Command interface. -func (*HashSequenceStart) Command() tpm.CC { return tpm.CCHashSequenceStart } +func (*HashSequenceStart) Command() TPMCC { return TPMCCHashSequenceStart } // Execute executes the command and returns the response. func (cmd *HashSequenceStart) Execute(t transport.TPM, s ...Session) (*HashSequenceStartResponse, error) { @@ -574,11 +578,11 @@ func (cmd *HashSequenceStart) Execute(t transport.TPM, s ...Session) (*HashSeque // HashSequenceStartResponse is the response from TPM2_StartHashSequence. type HashSequenceStartResponse struct { // a handle to reference the sequence - SequenceHandle tpmi.DHObject + SequenceHandle TPMIDHObject } // Response implements the Response interface. -func (*HashSequenceStartResponse) Response() tpm.CC { return tpm.CCHashSequenceStart } +func (*HashSequenceStartResponse) Response() TPMCC { return TPMCCHashSequenceStart } // SequenceUpdate is the input to TPM2_SequenceUpdate. // See definition in Part 3, Commands, section 17.4 @@ -586,11 +590,11 @@ type SequenceUpdate struct { // handle for the sequence object SequenceHandle handle `gotpm:"handle,auth"` // data to be added to hash - Buffer tpm2b.MaxBuffer + Buffer TPM2BMaxBuffer } // Command implements the Command interface. -func (*SequenceUpdate) Command() tpm.CC { return tpm.CCSequenceUpdate } +func (*SequenceUpdate) Command() TPMCC { return TPMCCSequenceUpdate } // Execute executes the command and returns the response. func (cmd *SequenceUpdate) Execute(t transport.TPM, s ...Session) (*SequenceUpdateResponse, error) { @@ -605,7 +609,7 @@ func (cmd *SequenceUpdate) Execute(t transport.TPM, s ...Session) (*SequenceUpda type SequenceUpdateResponse struct{} // Response implements the Response interface. -func (*SequenceUpdateResponse) Response() tpm.CC { return tpm.CCSequenceUpdate } +func (*SequenceUpdateResponse) Response() TPMCC { return TPMCCSequenceUpdate } // SequenceComplete is the input to TPM2_SequenceComplete. // See definition in Part 3, Commands, section 17.5 @@ -613,13 +617,13 @@ type SequenceComplete struct { // authorization for the sequence SequenceHandle handle `gotpm:"handle,auth"` // data to be added to the hash/HMAC - Buffer tpm2b.MaxBuffer + Buffer TPM2BMaxBuffer // hierarchy of the ticket for a hash - Hierarchy tpmi.RHHierarchy `gotpm:"nullable"` + Hierarchy TPMIRHHierarchy `gotpm:"nullable"` } // Command implements the Command interface. -func (*SequenceComplete) Command() tpm.CC { return tpm.CCSequenceComplete } +func (*SequenceComplete) Command() TPMCC { return TPMCCSequenceComplete } // Execute executes the command and returns the response. func (cmd *SequenceComplete) Execute(t transport.TPM, s ...Session) (*SequenceCompleteResponse, error) { @@ -633,14 +637,14 @@ func (cmd *SequenceComplete) Execute(t transport.TPM, s ...Session) (*SequenceCo // SequenceCompleteResponse is the response from TPM2_SequenceComplete. type SequenceCompleteResponse struct { // the returned HMAC or digest in a sized buffer - Result tpm2b.Digest + Result TPM2BDigest // ticket indicating that the sequence of octets used to // compute outDigest did not start with TPM_GENERATED_VALUE - Validation tpmt.TKHashCheck + Validation TPMTTKHashCheck } // Response implements the Response interface. -func (*SequenceCompleteResponse) Response() tpm.CC { return tpm.CCSequenceComplete } +func (*SequenceCompleteResponse) Response() TPMCC { return TPMCCSequenceComplete } // Certify is the input to TPM2_Certify. // See definition in Part 3, Commands, section 18.2. @@ -650,13 +654,13 @@ type Certify struct { // handle of the key used to sign the attestation structure SignHandle handle `gotpm:"handle,auth"` // user provided qualifying data - QualifyingData tpm2b.Data + QualifyingData TPM2BData // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL - InScheme tpmt.SigScheme + InScheme TPMTSigScheme } // Command implements the Command interface. -func (*Certify) Command() tpm.CC { return tpm.CCCertify } +func (*Certify) Command() TPMCC { return TPMCCCertify } // Execute executes the command and returns the response. func (cmd *Certify) Execute(t transport.TPM, s ...Session) (*CertifyResponse, error) { @@ -670,13 +674,13 @@ func (cmd *Certify) Execute(t transport.TPM, s ...Session) (*CertifyResponse, er // CertifyResponse is the response from TPM2_Certify. type CertifyResponse struct { // the structure that was signed - CertifyInfo tpm2b.Attest + CertifyInfo TPM2BAttest // the asymmetric signature over certifyInfo using the key referenced by signHandle - Signature tpmt.Signature + Signature TPMTSignature } // Response implements the Response interface. -func (*CertifyResponse) Response() tpm.CC { return tpm.CCCertify } +func (*CertifyResponse) Response() TPMCC { return TPMCCCertify } // CertifyCreation is the input to TPM2_CertifyCreation. // See definition in Part 3, Commands, section 18.3. @@ -686,17 +690,17 @@ type CertifyCreation struct { // the object associated with the creation data ObjectHandle handle `gotpm:"handle"` // user-provided qualifying data - QualifyingData tpm2b.Data + QualifyingData TPM2BData // hash of the creation data produced by TPM2_Create() or TPM2_CreatePrimary() - CreationHash tpm2b.Digest + CreationHash TPM2BDigest // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL - InScheme tpmt.SigScheme + InScheme TPMTSigScheme // ticket produced by TPM2_Create() or TPM2_CreatePrimary() - CreationTicket tpmt.TKCreation + CreationTicket TPMTTKCreation } // Command implements the Command interface. -func (*CertifyCreation) Command() tpm.CC { return tpm.CCCertifyCreation } +func (*CertifyCreation) Command() TPMCC { return TPMCCCertifyCreation } // Execute executes the command and returns the response. func (cmd *CertifyCreation) Execute(t transport.TPM, s ...Session) (*CertifyCreationResponse, error) { @@ -710,13 +714,13 @@ func (cmd *CertifyCreation) Execute(t transport.TPM, s ...Session) (*CertifyCrea // CertifyCreationResponse is the response from TPM2_CertifyCreation. type CertifyCreationResponse struct { // the structure that was signed - CertifyInfo tpm2b.Attest + CertifyInfo TPM2BAttest // the signature over certifyInfo - Signature tpmt.Signature + Signature TPMTSignature } // Response implements the Response interface. -func (*CertifyCreationResponse) Response() tpm.CC { return tpm.CCCertifyCreation } +func (*CertifyCreationResponse) Response() TPMCC { return TPMCCCertifyCreation } // Quote is the input to TPM2_Quote. // See definition in Part 3, Commands, section 18.4 @@ -724,15 +728,15 @@ type Quote struct { // handle of key that will perform signature SignHandle handle `gotpm:"handle,auth"` // data supplied by the caller - QualifyingData tpm2b.Data + QualifyingData TPM2BData // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL - InScheme tpmt.SigScheme + InScheme TPMTSigScheme // PCR set to quote - PCRSelect tpml.PCRSelection + PCRSelect TPMLPCRSelection } // Command implements the Command interface. -func (*Quote) Command() tpm.CC { return tpm.CCQuote } +func (*Quote) Command() TPMCC { return TPMCCQuote } // Execute executes the command and returns the response. func (cmd *Quote) Execute(t transport.TPM, s ...Session) (*QuoteResponse, error) { @@ -746,13 +750,13 @@ func (cmd *Quote) Execute(t transport.TPM, s ...Session) (*QuoteResponse, error) // QuoteResponse is the response from TPM2_Quote. type QuoteResponse struct { // the quoted information - Quoted tpm2b.Attest + Quoted TPM2BAttest // the signature over quoted - Signature tpmt.Signature + Signature TPMTSignature } // Response implements the Response interface. -func (*QuoteResponse) Response() tpm.CC { return tpm.CCQuote } +func (*QuoteResponse) Response() TPMCC { return TPMCCQuote } // GetSessionAuditDigest is the input to TPM2_GetSessionAuditDigest. // See definition in Part 3, Commands, section 18.5 @@ -764,13 +768,13 @@ type GetSessionAuditDigest struct { // handle of the audit session SessionHandle handle `gotpm:"handle"` // user-provided qualifying data – may be zero-length - QualifyingData tpm2b.Data + QualifyingData TPM2BData // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL - InScheme tpmt.SigScheme + InScheme TPMTSigScheme } // Command implements the Command interface. -func (*GetSessionAuditDigest) Command() tpm.CC { return tpm.CCGetSessionAuditDigest } +func (*GetSessionAuditDigest) Command() TPMCC { return TPMCCGetSessionAuditDigest } // Execute executes the command and returns the response. func (cmd *GetSessionAuditDigest) Execute(t transport.TPM, s ...Session) (*GetSessionAuditDigestResponse, error) { @@ -785,13 +789,13 @@ func (cmd *GetSessionAuditDigest) Execute(t transport.TPM, s ...Session) (*GetSe // TPM2_GetSessionAuditDigest. type GetSessionAuditDigestResponse struct { // the audit information that was signed - AuditInfo tpm2b.Attest + AuditInfo TPM2BAttest // the signature over auditInfo - Signature tpmt.Signature + Signature TPMTSignature } // Response implements the Response interface. -func (*GetSessionAuditDigestResponse) Response() tpm.CC { return tpm.CCGetSessionAuditDigest } +func (*GetSessionAuditDigestResponse) Response() TPMCC { return TPMCCGetSessionAuditDigest } // Commit is the input to TPM2_Commit. // See definition in Part 3, Commands, section 19.2. @@ -799,15 +803,15 @@ type Commit struct { // handle of the key that will be used in the signing operation SignHandle handle `gotpm:"handle,auth"` // a point (M) on the curve used by signHandle - P1 tpm2b.ECCPoint + P1 TPM2BECCPoint // octet array used to derive x-coordinate of a base point - S2 tpm2b.SensitiveData + S2 TPM2BSensitiveData // y coordinate of the point associated with s2 - Y2 tpm2b.ECCParameter + Y2 TPM2BECCParameter } // Command implements the Command interface. -func (*Commit) Command() tpm.CC { return tpm.CCCommit } +func (*Commit) Command() TPMCC { return TPMCCCommit } // Execute executes the command and returns the response. func (cmd *Commit) Execute(t transport.TPM, s ...Session) (*CommitResponse, error) { @@ -822,17 +826,17 @@ func (cmd *Commit) Execute(t transport.TPM, s ...Session) (*CommitResponse, erro // CommitResponse is the response from TPM2_Commit. type CommitResponse struct { // ECC point K ≔ [ds](x2, y2) - K tpm2b.ECCPoint + K TPM2BECCPoint // ECC point L ≔ [r](x2, y2) - L tpm2b.ECCPoint + L TPM2BECCPoint // ECC point E ≔ [r]P1 - E tpm2b.ECCPoint + E TPM2BECCPoint // least-significant 16 bits of commitCount Counter uint16 } // Response implements the Response interface. -func (*CommitResponse) Response() tpm.CC { return tpm.CCCommit } +func (*CommitResponse) Response() TPMCC { return TPMCCCommit } // VerifySignature is the input to TPM2_VerifySignature. // See definition in Part 3, Commands, section 20.1 @@ -840,13 +844,13 @@ type VerifySignature struct { // handle of public key that will be used in the validation KeyHandle handle `gotpm:"handle"` // digest of the signed message - Digest tpm2b.Digest + Digest TPM2BDigest // signature to be tested - Signature tpmt.Signature + Signature TPMTSignature } // Command implements the Command interface. -func (*VerifySignature) Command() tpm.CC { return tpm.CCVerifySignature } +func (*VerifySignature) Command() TPMCC { return TPMCCVerifySignature } // Execute executes the command and returns the response. func (cmd *VerifySignature) Execute(t transport.TPM, s ...Session) (*VerifySignatureResponse, error) { @@ -859,11 +863,11 @@ func (cmd *VerifySignature) Execute(t transport.TPM, s ...Session) (*VerifySigna // VerifySignatureResponse is the response from TPM2_VerifySignature. type VerifySignatureResponse struct { - Validation tpmt.TKVerified + Validation TPMTTKVerified } // Response implements the Response interface. -func (*VerifySignatureResponse) Response() tpm.CC { return tpm.CCVerifySignature } +func (*VerifySignatureResponse) Response() TPMCC { return TPMCCVerifySignature } // Sign is the input to TPM2_Sign. // See definition in Part 3, Commands, section 20.2. @@ -871,17 +875,17 @@ type Sign struct { // Handle of key that will perform signing KeyHandle handle `gotpm:"handle,auth"` // digest to be signed - Digest tpm2b.Digest + Digest TPM2BDigest // signing scheme to use if the scheme for keyHandle is TPM_ALG_NULL - InScheme tpmt.SigScheme `gotpm:"nullable"` - // proof that digest was created by the TPM + InScheme TPMTSigScheme `gotpm:"nullable"` + // proof that digest was created by the TPM. // If keyHandle is not a restricted signing key, then this // may be a NULL Ticket with tag = TPM_ST_CHECKHASH. - Validation tpmt.TKHashCheck + Validation TPMTTKHashCheck } // Command implements the Command interface. -func (*Sign) Command() tpm.CC { return tpm.CCSign } +func (*Sign) Command() TPMCC { return TPMCCSign } // Execute executes the command and returns the response. func (cmd *Sign) Execute(t transport.TPM, s ...Session) (*SignResponse, error) { @@ -895,11 +899,11 @@ func (cmd *Sign) Execute(t transport.TPM, s ...Session) (*SignResponse, error) { // SignResponse is the response from TPM2_Sign. type SignResponse struct { // the signature - Signature tpmt.Signature + Signature TPMTSignature } // Response implements the Response interface. -func (*SignResponse) Response() tpm.CC { return tpm.CCSign } +func (*SignResponse) Response() TPMCC { return TPMCCSign } // PCRExtend is the input to TPM2_PCR_Extend. // See definition in Part 3, Commands, section 22.2 @@ -907,11 +911,11 @@ type PCRExtend struct { // handle of the PCR PCRHandle handle `gotpm:"handle,auth"` // list of tagged digest values to be extended - Digests tpml.DigestValues + Digests TPMLDigestValues } // Command implements the Command interface. -func (*PCRExtend) Command() tpm.CC { return tpm.CCPCRExtend } +func (*PCRExtend) Command() TPMCC { return TPMCCPCRExtend } // Execute executes the command and returns the response. func (cmd *PCRExtend) Execute(t transport.TPM, s ...Session) error { @@ -923,7 +927,7 @@ func (cmd *PCRExtend) Execute(t transport.TPM, s ...Session) error { type PCRExtendResponse struct{} // Response implements the Response interface. -func (*PCRExtendResponse) Response() tpm.CC { return tpm.CCPCRExtend } +func (*PCRExtendResponse) Response() TPMCC { return TPMCCPCRExtend } // PCREvent is the input to TPM2_PCR_Event. // See definition in Part 3, Commands, section 22.3 @@ -931,11 +935,11 @@ type PCREvent struct { // Handle of the PCR PCRHandle handle `gotpm:"handle,auth"` // Event data in sized buffer - EventData tpm2b.Event + EventData TPM2BEvent } // Command implements the Command interface. -func (*PCREvent) Command() tpm.CC { return tpm.CCPCREvent } +func (*PCREvent) Command() TPMCC { return TPMCCPCREvent } // Execute executes the command and returns the response. func (cmd *PCREvent) Execute(t transport.TPM, s ...Session) error { @@ -947,17 +951,17 @@ func (cmd *PCREvent) Execute(t transport.TPM, s ...Session) error { type PCREventResponse struct{} // Response implements the Response interface. -func (*PCREventResponse) Response() tpm.CC { return tpm.CCPCREvent } +func (*PCREventResponse) Response() TPMCC { return TPMCCPCREvent } // PCRRead is the input to TPM2_PCR_Read. // See definition in Part 3, Commands, section 22.4 type PCRRead struct { // The selection of PCR to read - PCRSelectionIn tpml.PCRSelection + PCRSelectionIn TPMLPCRSelection } // Command implements the Command interface. -func (*PCRRead) Command() tpm.CC { return tpm.CCPCRRead } +func (*PCRRead) Command() TPMCC { return TPMCCPCRRead } // Execute executes the command and returns the response. func (cmd *PCRRead) Execute(t transport.TPM, s ...Session) (*PCRReadResponse, error) { @@ -973,13 +977,13 @@ type PCRReadResponse struct { // the current value of the PCR update counter PCRUpdateCounter uint32 // the PCR in the returned list - PCRSelectionOut tpml.PCRSelection + PCRSelectionOut TPMLPCRSelection // the contents of the PCR indicated in pcrSelectOut-> pcrSelection[] as tagged digests - PCRValues tpml.Digest + PCRValues TPMLDigest } // Response implements the Response interface. -func (*PCRReadResponse) Response() tpm.CC { return tpm.CCPCRRead } +func (*PCRReadResponse) Response() TPMCC { return TPMCCPCRRead } // PCRReset is the input to TPM2_PCRReset. // See definition in Part 3, Commands, section 22.8. @@ -989,7 +993,7 @@ type PCRReset struct { } // Command implements the Command interface. -func (*PCRReset) Command() tpm.CC { return tpm.CCPCRReset } +func (*PCRReset) Command() TPMCC { return TPMCCPCRReset } // Execute executes the command and returns the response. func (cmd *PCRReset) Execute(t transport.TPM, s ...Session) (*PCRResetResponse, error) { @@ -1004,7 +1008,7 @@ func (cmd *PCRReset) Execute(t transport.TPM, s ...Session) (*PCRResetResponse, type PCRResetResponse struct{} // Response implements the Response interface. -func (*PCRResetResponse) Response() tpm.CC { return tpm.CCPCRReset } +func (*PCRResetResponse) Response() TPMCC { return TPMCCPCRReset } // PolicySigned is the input to TPM2_PolicySigned. // See definition in Part 3, Commands, section 23.3. @@ -1014,20 +1018,20 @@ type PolicySigned struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the policy nonce for the session - NonceTPM tpm2b.Nonce + NonceTPM TPM2BNonce // digest of the command parameters to which this authorization is limited - CPHashA tpm2b.Digest + CPHashA TPM2BDigest // a reference to a policy relating to the authorization – may be the Empty Buffer - PolicyRef tpm2b.Nonce + PolicyRef TPM2BNonce // time when authorization will expire, measured in seconds from the time // that nonceTPM was generated Expiration int32 // signed authorization (not optional) - Auth tpmt.Signature + Auth TPMTSignature } // Command implements the Command interface. -func (*PolicySigned) Command() tpm.CC { return tpm.CCPolicySigned } +func (*PolicySigned) Command() TPMCC { return TPMCCPolicySigned } // Execute executes the command and returns the response. func (cmd *PolicySigned) Execute(t transport.TPM, s ...Session) (*PolicySignedResponse, error) { @@ -1040,7 +1044,7 @@ func (cmd *PolicySigned) Execute(t transport.TPM, s ...Session) (*PolicySignedRe // policyUpdate implements the PolicyUpdate helper for the several TPM policy // commands as described in Part 3, 23.2.3. -func policyUpdate(policy *PolicyCalculator, cc tpm.CC, arg2, arg3 []byte) error { +func policyUpdate(policy *PolicyCalculator, cc TPMCC, arg2, arg3 []byte) error { if err := policy.Update(cc, arg2); err != nil { return err } @@ -1049,19 +1053,19 @@ func policyUpdate(policy *PolicyCalculator, cc tpm.CC, arg2, arg3 []byte) error // Update implements the PolicyCommand interface. func (cmd *PolicySigned) Update(policy *PolicyCalculator) error { - return policyUpdate(policy, tpm.CCPolicySigned, cmd.AuthObject.KnownName().Buffer, cmd.PolicyRef.Buffer) + return policyUpdate(policy, TPMCCPolicySigned, cmd.AuthObject.KnownName().Buffer, cmd.PolicyRef.Buffer) } // PolicySignedResponse is the response from TPM2_PolicySigned. type PolicySignedResponse struct { // implementation-specific time value used to indicate to the TPM when the ticket expires - Timeout tpm2b.Timeout + Timeout TPM2BTimeout // produced if the command succeeds and expiration in the command was non-zero - PolicyTicket tpmt.TKAuth + PolicyTicket TPMTTKAuth } // Response implements the Response interface. -func (*PolicySignedResponse) Response() tpm.CC { return tpm.CCPolicySigned } +func (*PolicySignedResponse) Response() TPMCC { return TPMCCPolicySigned } // PolicySecret is the input to TPM2_PolicySecret. // See definition in Part 3, Commands, section 23.4. @@ -1071,18 +1075,18 @@ type PolicySecret struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the policy nonce for the session - NonceTPM tpm2b.Nonce + NonceTPM TPM2BNonce // digest of the command parameters to which this authorization is limited - CPHashA tpm2b.Digest + CPHashA TPM2BDigest // a reference to a policy relating to the authorization – may be the Empty Buffer - PolicyRef tpm2b.Nonce + PolicyRef TPM2BNonce // time when authorization will expire, measured in seconds from the time // that nonceTPM was generated Expiration int32 } // Command implements the Command interface. -func (*PolicySecret) Command() tpm.CC { return tpm.CCPolicySecret } +func (*PolicySecret) Command() TPMCC { return TPMCCPolicySecret } // Execute executes the command and returns the response. func (cmd *PolicySecret) Execute(t transport.TPM, s ...Session) (*PolicySecretResponse, error) { @@ -1095,19 +1099,19 @@ func (cmd *PolicySecret) Execute(t transport.TPM, s ...Session) (*PolicySecretRe // Update implements the PolicyCommand interface. func (cmd *PolicySecret) Update(policy *PolicyCalculator) { - policyUpdate(policy, tpm.CCPolicySecret, cmd.AuthHandle.KnownName().Buffer, cmd.PolicyRef.Buffer) + policyUpdate(policy, TPMCCPolicySecret, cmd.AuthHandle.KnownName().Buffer, cmd.PolicyRef.Buffer) } // PolicySecretResponse is the response from TPM2_PolicySecret. type PolicySecretResponse struct { // implementation-specific time value used to indicate to the TPM when the ticket expires - Timeout tpm2b.Timeout + Timeout TPM2BTimeout // produced if the command succeeds and expiration in the command was non-zero - PolicyTicket tpmt.TKAuth + PolicyTicket TPMTTKAuth } // Response implements the Response interface. -func (*PolicySecretResponse) Response() tpm.CC { return tpm.CCPolicySecret } +func (*PolicySecretResponse) Response() TPMCC { return TPMCCPolicySecret } // PolicyOr is the input to TPM2_PolicyOR. // See definition in Part 3, Commands, section 23.6. @@ -1115,11 +1119,11 @@ type PolicyOr struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the list of hashes to check for a match - PHashList tpml.Digest + PHashList TPMLDigest } // Command implements the Command interface. -func (*PolicyOr) Command() tpm.CC { return tpm.CCPolicyOR } +func (*PolicyOr) Command() TPMCC { return TPMCCPolicyOR } // Execute executes the command and returns the response. func (cmd *PolicyOr) Execute(t transport.TPM, s ...Session) error { @@ -1134,14 +1138,14 @@ func (cmd *PolicyOr) Update(policy *PolicyCalculator) error { for _, digest := range cmd.PHashList.Digests { digests.Write(digest.Buffer) } - return policy.Update(tpm.CCPolicyOR, digests.Bytes()) + return policy.Update(TPMCCPolicyOR, digests.Bytes()) } // PolicyOrResponse is the response from TPM2_PolicyOr. type PolicyOrResponse struct{} // Response implements the Response interface. -func (*PolicyOrResponse) Response() tpm.CC { return tpm.CCPolicyOR } +func (*PolicyOrResponse) Response() TPMCC { return TPMCCPolicyOR } // PolicyPCR is the input to TPM2_PolicyPCR. // See definition in Part 3, Commands, section 23.7. @@ -1150,13 +1154,13 @@ type PolicyPCR struct { PolicySession handle `gotpm:"handle"` // expected digest value of the selected PCR using the // hash algorithm of the session; may be zero length - PcrDigest tpm2b.Digest + PcrDigest TPM2BDigest // the PCR to include in the check digest - Pcrs tpml.PCRSelection + Pcrs TPMLPCRSelection } // Command implements the Command interface. -func (*PolicyPCR) Command() tpm.CC { return tpm.CCPolicyPCR } +func (*PolicyPCR) Command() TPMCC { return TPMCCPolicyPCR } // Execute executes the command and returns the response. func (cmd *PolicyPCR) Execute(t transport.TPM, s ...Session) error { @@ -1166,14 +1170,14 @@ func (cmd *PolicyPCR) Execute(t transport.TPM, s ...Session) error { // Update implements the PolicyCommand interface. func (cmd *PolicyPCR) Update(policy *PolicyCalculator) error { - return policy.Update(tpm.CCPolicyPCR, cmd.Pcrs, cmd.PcrDigest.Buffer) + return policy.Update(TPMCCPolicyPCR, cmd.Pcrs, cmd.PcrDigest.Buffer) } // PolicyPCRResponse is the response from TPM2_PolicyPCR. type PolicyPCRResponse struct{} // Response implements the Response interface. -func (*PolicyPCRResponse) Response() tpm.CC { return tpm.CCPolicyPCR } +func (*PolicyPCRResponse) Response() TPMCC { return TPMCCPolicyPCR } // PolicyNV is the input to TPM2_PolicyNV. // See definition in Part 3, Commands, section 23.9. @@ -1185,15 +1189,15 @@ type PolicyNV struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the second operand - OperandB tpm2b.Operand + OperandB TPM2BOperand // the octet offset in the NV Index for the start of operand A Offset uint16 // the comparison to make - Operation tpm.EO + Operation TPMEO } // Command implements the Command interface. -func (*PolicyNV) Command() tpm.CC { return tpm.CCPolicyNV } +func (*PolicyNV) Command() TPMCC { return TPMCCPolicyNV } // Execute executes the command and returns the response. func (cmd *PolicyNV) Execute(t transport.TPM, s ...Session) error { @@ -1212,14 +1216,14 @@ func (cmd *PolicyNV) Update(policy *PolicyCalculator) error { binary.Write(h, binary.BigEndian, cmd.Offset) binary.Write(h, binary.BigEndian, cmd.Operation) args := h.Sum(nil) - return policy.Update(tpm.CCPolicyNV, args, cmd.NVIndex.KnownName().Buffer) + return policy.Update(TPMCCPolicyNV, args, cmd.NVIndex.KnownName().Buffer) } // PolicyNVResponse is the response from TPM2_PolicyPCR. type PolicyNVResponse struct{} // Response implements the Response interface. -func (*PolicyNVResponse) Response() tpm.CC { return tpm.CCPolicyNV } +func (*PolicyNVResponse) Response() TPMCC { return TPMCCPolicyNV } // PolicyCommandCode is the input to TPM2_PolicyCommandCode. // See definition in Part 3, Commands, section 23.11. @@ -1227,11 +1231,11 @@ type PolicyCommandCode struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the allowed commandCode - Code tpm.CC + Code TPMCC } // Command implements the Command interface. -func (*PolicyCommandCode) Command() tpm.CC { return tpm.CCPolicyCommandCode } +func (*PolicyCommandCode) Command() TPMCC { return TPMCCPolicyCommandCode } // Execute executes the command and returns the response. func (cmd *PolicyCommandCode) Execute(t transport.TPM, s ...Session) error { @@ -1241,14 +1245,14 @@ func (cmd *PolicyCommandCode) Execute(t transport.TPM, s ...Session) error { // Update implements the PolicyCommand interface. func (cmd *PolicyCommandCode) Update(policy *PolicyCalculator) error { - return policy.Update(tpm.CCPolicyCommandCode, cmd.Code) + return policy.Update(TPMCCPolicyCommandCode, cmd.Code) } // PolicyCommandCodeResponse is the response from TPM2_PolicyCommandCode. type PolicyCommandCodeResponse struct{} // Response implements the Response interface. -func (*PolicyCommandCodeResponse) Response() tpm.CC { return tpm.CCPolicyCommandCode } +func (*PolicyCommandCodeResponse) Response() TPMCC { return TPMCCPolicyCommandCode } // PolicyCPHash is the input to TPM2_PolicyCpHash. // See definition in Part 3, Commands, section 23.13. @@ -1256,11 +1260,11 @@ type PolicyCPHash struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // the cpHash added to the policy - CPHashA tpm2b.Digest + CPHashA TPM2BDigest } // Command implements the Command interface. -func (*PolicyCPHash) Command() tpm.CC { return tpm.CCPolicyCpHash } +func (*PolicyCPHash) Command() TPMCC { return TPMCCPolicyCpHash } // Execute executes the command and returns the response. func (cmd *PolicyCPHash) Execute(t transport.TPM, s ...Session) error { @@ -1270,14 +1274,14 @@ func (cmd *PolicyCPHash) Execute(t transport.TPM, s ...Session) error { // Update implements the PolicyCommand interface. func (cmd *PolicyCPHash) Update(policy *PolicyCalculator) error { - return policy.Update(tpm.CCPolicyCpHash, cmd.CPHashA.Buffer) + return policy.Update(TPMCCPolicyCpHash, cmd.CPHashA.Buffer) } // PolicyCPHashResponse is the response from TPM2_PolicyCpHash. type PolicyCPHashResponse struct{} // Response implements the Response interface. -func (*PolicyCPHashResponse) Response() tpm.CC { return tpm.CCPolicyCpHash } +func (*PolicyCPHashResponse) Response() TPMCC { return TPMCCPolicyCpHash } // PolicyAuthorize is the input to TPM2_PolicySigned. // See definition in Part 3, Commands, section 23.16. @@ -1285,17 +1289,17 @@ type PolicyAuthorize struct { // handle for the policy session being extended PolicySession handle `gotpm:"handle"` // digest of the policy being approved - ApprovedPolicy tpm2b.Digest + ApprovedPolicy TPM2BDigest // a policy qualifier - PolicyRef tpm2b.Digest + PolicyRef TPM2BDigest // Name of a key that can sign a policy addition - KeySign tpm2b.Name + KeySign TPM2BName // ticket validating that approvedPolicy and policyRef were signed by keySign - CheckTicket tpmt.TKVerified + CheckTicket TPMTTKVerified } // Command implements the Command interface. -func (*PolicyAuthorize) Command() tpm.CC { return tpm.CCPolicyAuthorize } +func (*PolicyAuthorize) Command() TPMCC { return TPMCCPolicyAuthorize } // Execute executes the command and returns the response. func (cmd *PolicyAuthorize) Execute(t transport.TPM, s ...Session) error { @@ -1305,14 +1309,14 @@ func (cmd *PolicyAuthorize) Execute(t transport.TPM, s ...Session) error { // Update implements the PolicyCommand interface. func (cmd *PolicyAuthorize) Update(policy *PolicyCalculator) error { - return policyUpdate(policy, tpm.CCPolicyAuthorize, cmd.KeySign.Buffer, cmd.PolicyRef.Buffer) + return policyUpdate(policy, TPMCCPolicyAuthorize, cmd.KeySign.Buffer, cmd.PolicyRef.Buffer) } // PolicyAuthorizeResponse is the response from TPM2_PolicyAuthorize. type PolicyAuthorizeResponse struct{} // Response implements the Response interface. -func (*PolicyAuthorizeResponse) Response() tpm.CC { return tpm.CCPolicyAuthorize } +func (*PolicyAuthorizeResponse) Response() TPMCC { return TPMCCPolicyAuthorize } // PolicyGetDigest is the input to TPM2_PolicyGetDigest. // See definition in Part 3, Commands, section 23.19. @@ -1322,7 +1326,7 @@ type PolicyGetDigest struct { } // Command implements the Command interface. -func (*PolicyGetDigest) Command() tpm.CC { return tpm.CCPolicyGetDigest } +func (*PolicyGetDigest) Command() TPMCC { return TPMCCPolicyGetDigest } // Execute executes the command and returns the response. func (cmd *PolicyGetDigest) Execute(t transport.TPM, s ...Session) (*PolicyGetDigestResponse, error) { @@ -1336,11 +1340,11 @@ func (cmd *PolicyGetDigest) Execute(t transport.TPM, s ...Session) (*PolicyGetDi // PolicyGetDigestResponse is the response from TPM2_PolicyGetDigest. type PolicyGetDigestResponse struct { // the current value of the policySession→policyDigest - PolicyDigest tpm2b.Digest + PolicyDigest TPM2BDigest } // Response implements the Response interface. -func (*PolicyGetDigestResponse) Response() tpm.CC { return tpm.CCPolicyGetDigest } +func (*PolicyGetDigestResponse) Response() TPMCC { return TPMCCPolicyGetDigest } // PolicyNVWritten is the input to TPM2_PolicyNvWritten. // See definition in Part 3, Commands, section 23.20. @@ -1349,11 +1353,11 @@ type PolicyNVWritten struct { PolicySession handle `gotpm:"handle"` // YES if NV Index is required to have been written // NO if NV Index is required not to have been written - WrittenSet tpmi.YesNo + WrittenSet TPMIYesNo } // Command implements the Command interface. -func (*PolicyNVWritten) Command() tpm.CC { return tpm.CCPolicyNvWritten } +func (*PolicyNVWritten) Command() TPMCC { return TPMCCPolicyNvWritten } // Execute executes the command and returns the response. func (cmd *PolicyNVWritten) Execute(t transport.TPM, s ...Session) (*PolicyNVWrittenResponse, error) { @@ -1366,7 +1370,7 @@ func (cmd *PolicyNVWritten) Execute(t transport.TPM, s ...Session) (*PolicyNVWri // Update implements the PolicyCommand interface. func (cmd *PolicyNVWritten) Update(policy *PolicyCalculator) error { - return policy.Update(tpm.CCPolicyNvWritten, cmd.WrittenSet) + return policy.Update(TPMCCPolicyNvWritten, cmd.WrittenSet) } // PolicyNVWrittenResponse is the response from TPM2_PolicyNvWritten. @@ -1374,7 +1378,7 @@ type PolicyNVWrittenResponse struct { } // Response implements the Response interface. -func (*PolicyNVWrittenResponse) Response() tpm.CC { return tpm.CCPolicyNvWritten } +func (*PolicyNVWrittenResponse) Response() TPMCC { return TPMCCPolicyNvWritten } // PolicyAuthorizeNV is the input to TPM2_PolicyAuthorizeNV. // See definition in Part 3, Commands, section 23.22. @@ -1388,7 +1392,7 @@ type PolicyAuthorizeNV struct { } // Command implements the Command interface. -func (*PolicyAuthorizeNV) Command() tpm.CC { return tpm.CCPolicyAuthorizeNV } +func (*PolicyAuthorizeNV) Command() TPMCC { return TPMCCPolicyAuthorizeNV } // Execute executes the command and returns the response. func (cmd *PolicyAuthorizeNV) Execute(t transport.TPM, s ...Session) error { @@ -1399,14 +1403,14 @@ func (cmd *PolicyAuthorizeNV) Execute(t transport.TPM, s ...Session) error { // Update implements the PolicyCommand interface. func (cmd *PolicyAuthorizeNV) Update(policy *PolicyCalculator) error { policy.Reset() - return policy.Update(tpm.CCPolicyAuthorizeNV, cmd.NVIndex.KnownName().Buffer) + return policy.Update(TPMCCPolicyAuthorizeNV, cmd.NVIndex.KnownName().Buffer) } // PolicyAuthorizeNVResponse is the response from TPM2_PolicyAuthorizeNV. type PolicyAuthorizeNVResponse struct{} // Response implements the Response interface. -func (*PolicyAuthorizeNVResponse) Response() tpm.CC { return tpm.CCPolicyAuthorizeNV } +func (*PolicyAuthorizeNVResponse) Response() TPMCC { return TPMCCPolicyAuthorizeNV } // CreatePrimary is the input to TPM2_CreatePrimary. // See definition in Part 3, Commands, section 24.1 @@ -1415,19 +1419,19 @@ type CreatePrimary struct { // or TPM_RH_NULL PrimaryHandle handle `gotpm:"handle,auth"` // the sensitive data - InSensitive tpm2b.SensitiveCreate + InSensitive TPM2BSensitiveCreate // the public template - InPublic tpm2b.Public + InPublic TPM2BPublic // data that will be included in the creation data for this // object to provide permanent, verifiable linkage between this // object and some object owner data - OutsideInfo tpm2b.Data + OutsideInfo TPM2BData // PCR that will be used in creation data - CreationPCR tpml.PCRSelection + CreationPCR TPMLPCRSelection } // Command implements the Command interface. -func (*CreatePrimary) Command() tpm.CC { return tpm.CCCreatePrimary } +func (*CreatePrimary) Command() TPMCC { return TPMCCCreatePrimary } // Execute executes the command and returns the response. func (cmd *CreatePrimary) Execute(t transport.TPM, s ...Session) (*CreatePrimaryResponse, error) { @@ -1441,22 +1445,22 @@ func (cmd *CreatePrimary) Execute(t transport.TPM, s ...Session) (*CreatePrimary // CreatePrimaryResponse is the response from TPM2_CreatePrimary. type CreatePrimaryResponse struct { // handle of type TPM_HT_TRANSIENT for created Primary Object - ObjectHandle tpm.Handle `gotpm:"handle"` + ObjectHandle TPMHandle `gotpm:"handle"` // the public portion of the created object - OutPublic tpm2b.Public - // contains a tpms._CREATION_DATA - CreationData tpm2b.CreationData + OutPublic TPM2BPublic + // contains a TPMS_CREATION_DATA + CreationData TPM2BCreationData // digest of creationData using nameAlg of outPublic - CreationHash tpm2b.Digest + CreationHash TPM2BDigest // ticket used by TPM2_CertifyCreation() to validate that the - // creation data was produced by the TPM - CreationTicket tpmt.TKCreation + // creation data was produced by the TPM. + CreationTicket TPMTTKCreation // the name of the created object - Name tpm2b.Name + Name TPM2BName } // Response implements the Response interface. -func (*CreatePrimaryResponse) Response() tpm.CC { return tpm.CCCreatePrimary } +func (*CreatePrimaryResponse) Response() TPMCC { return TPMCCCreatePrimary } // Clear is the input to TPM2_Clear. // See definition in Part 3, Commands, section 24.6 @@ -1466,7 +1470,7 @@ type Clear struct { } // Command implements the Command interface. -func (*Clear) Command() tpm.CC { return tpm.CCClear } +func (*Clear) Command() TPMCC { return TPMCCClear } // Execute executes the command and returns the response. func (cmd *Clear) Execute(t transport.TPM, s ...Session) error { @@ -1478,17 +1482,17 @@ func (cmd *Clear) Execute(t transport.TPM, s ...Session) error { type ClearResponse struct{} // Response implements the Response interface. -func (*ClearResponse) Response() tpm.CC { return tpm.CCClear } +func (*ClearResponse) Response() TPMCC { return TPMCCClear } // ContextSave is the input to TPM2_ContextSave. // See definition in Part 3, Commands, section 28.2 type ContextSave struct { // handle of the resource to save - SaveHandle tpmi.DHContext + SaveHandle TPMIDHContext } // Command implements the Command interface. -func (*ContextSave) Command() tpm.CC { return tpm.CCContextSave } +func (*ContextSave) Command() TPMCC { return TPMCCContextSave } // Execute executes the command and returns the response. func (cmd *ContextSave) Execute(t transport.TPM, s ...Session) (*ContextSaveResponse, error) { @@ -1501,21 +1505,21 @@ func (cmd *ContextSave) Execute(t transport.TPM, s ...Session) (*ContextSaveResp // ContextSaveResponse is the response from TPM2_ContextSave. type ContextSaveResponse struct { - Context tpms.Context + Context TPMSContext } // Response implements the Response interface. -func (*ContextSaveResponse) Response() tpm.CC { return tpm.CCContextSave } +func (*ContextSaveResponse) Response() TPMCC { return TPMCCContextSave } // ContextLoad is the input to TPM2_ContextLoad. // See definition in Part 3, Commands, section 28.3 type ContextLoad struct { // the context blob - Context tpms.Context + Context TPMSContext } // Command implements the Command interface. -func (*ContextLoad) Command() tpm.CC { return tpm.CCContextLoad } +func (*ContextLoad) Command() TPMCC { return TPMCCContextLoad } // Execute executes the command and returns the response. func (cmd *ContextLoad) Execute(t transport.TPM, s ...Session) (*ContextLoadResponse, error) { @@ -1529,11 +1533,11 @@ func (cmd *ContextLoad) Execute(t transport.TPM, s ...Session) (*ContextLoadResp // ContextLoadResponse is the response from TPM2_ContextLoad. type ContextLoadResponse struct { // the handle assigned to the resource after it has been successfully loaded - LoadedHandle tpmi.DHContext + LoadedHandle TPMIDHContext } // Response implements the Response interface. -func (*ContextLoadResponse) Response() tpm.CC { return tpm.CCContextLoad } +func (*ContextLoadResponse) Response() TPMCC { return TPMCCContextLoad } // FlushContext is the input to TPM2_FlushContext. // See definition in Part 3, Commands, section 28.4 @@ -1543,7 +1547,7 @@ type FlushContext struct { } // Command implements the Command interface. -func (*FlushContext) Command() tpm.CC { return tpm.CCFlushContext } +func (*FlushContext) Command() TPMCC { return TPMCCFlushContext } // Execute executes the command and returns the response. func (cmd *FlushContext) Execute(t transport.TPM, s ...Session) error { @@ -1555,13 +1559,13 @@ func (cmd *FlushContext) Execute(t transport.TPM, s ...Session) error { type FlushContextResponse struct{} // Response implements the Response interface. -func (*FlushContextResponse) Response() tpm.CC { return tpm.CCFlushContext } +func (*FlushContextResponse) Response() TPMCC { return TPMCCFlushContext } // GetCapability is the input to TPM2_GetCapability. // See definition in Part 3, Commands, section 30.2 type GetCapability struct { // group selection; determines the format of the response - Capability tpm.Cap + Capability TPMCap // further definition of information Property uint32 // number of properties of the indicated type to return @@ -1569,7 +1573,7 @@ type GetCapability struct { } // Command implements the Command interface. -func (*GetCapability) Command() tpm.CC { return tpm.CCGetCapability } +func (*GetCapability) Command() TPMCC { return TPMCCGetCapability } // Execute executes the command and returns the response. func (cmd *GetCapability) Execute(t transport.TPM, s ...Session) (*GetCapabilityResponse, error) { @@ -1583,13 +1587,13 @@ func (cmd *GetCapability) Execute(t transport.TPM, s ...Session) (*GetCapability // GetCapabilityResponse is the response from TPM2_GetCapability. type GetCapabilityResponse struct { // flag to indicate if there are more values of this type - MoreData tpmi.YesNo + MoreData TPMIYesNo // the capability data - CapabilityData tpms.CapabilityData + CapabilityData TPMSCapabilityData } // Response implements the Response interface. -func (*GetCapabilityResponse) Response() tpm.CC { return tpm.CCGetCapability } +func (*GetCapabilityResponse) Response() TPMCC { return TPMCCGetCapability } // NVDefineSpace is the input to TPM2_NV_DefineSpace. // See definition in Part 3, Commands, section 31.3. @@ -1597,13 +1601,13 @@ type NVDefineSpace struct { // TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} AuthHandle handle `gotpm:"handle,auth"` // the authorization value - Auth tpm2b.Auth + Auth TPM2BAuth // the public parameters of the NV area - PublicInfo tpm2b.NVPublic + PublicInfo TPM2BNVPublic } // Command implements the Command interface. -func (*NVDefineSpace) Command() tpm.CC { return tpm.CCNVDefineSpace } +func (*NVDefineSpace) Command() TPMCC { return TPMCCNVDefineSpace } // Execute executes the command and returns the response. func (cmd *NVDefineSpace) Execute(t transport.TPM, s ...Session) error { @@ -1615,7 +1619,7 @@ func (cmd *NVDefineSpace) Execute(t transport.TPM, s ...Session) error { type NVDefineSpaceResponse struct{} // Response implements the Response interface. -func (*NVDefineSpaceResponse) Response() tpm.CC { return tpm.CCNVDefineSpace } +func (*NVDefineSpaceResponse) Response() TPMCC { return TPMCCNVDefineSpace } // NVUndefineSpace is the input to TPM2_NV_UndefineSpace. // See definition in Part 3, Commands, section 31.4. @@ -1627,7 +1631,7 @@ type NVUndefineSpace struct { } // Command implements the Command interface. -func (*NVUndefineSpace) Command() tpm.CC { return tpm.CCNVUndefineSpace } +func (*NVUndefineSpace) Command() TPMCC { return TPMCCNVUndefineSpace } // Execute executes the command and returns the response. func (cmd *NVUndefineSpace) Execute(t transport.TPM, s ...Session) error { @@ -1639,7 +1643,7 @@ func (cmd *NVUndefineSpace) Execute(t transport.TPM, s ...Session) error { type NVUndefineSpaceResponse struct{} // Response implements the Response interface. -func (*NVUndefineSpaceResponse) Response() tpm.CC { return tpm.CCNVUndefineSpace } +func (*NVUndefineSpaceResponse) Response() TPMCC { return TPMCCNVUndefineSpace } // NVUndefineSpaceSpecial is the input to TPM2_NV_UndefineSpaceSpecial. // See definition in Part 3, Commands, section 31.5. @@ -1651,7 +1655,7 @@ type NVUndefineSpaceSpecial struct { } // Command implements the Command interface. -func (*NVUndefineSpaceSpecial) Command() tpm.CC { return tpm.CCNVUndefineSpaceSpecial } +func (*NVUndefineSpaceSpecial) Command() TPMCC { return TPMCCNVUndefineSpaceSpecial } // Execute executes the command and returns the response. func (cmd *NVUndefineSpaceSpecial) Execute(t transport.TPM, s ...Session) error { @@ -1663,7 +1667,7 @@ func (cmd *NVUndefineSpaceSpecial) Execute(t transport.TPM, s ...Session) error type NVUndefineSpaceSpecialResponse struct{} // Response implements the Response interface. -func (*NVUndefineSpaceSpecialResponse) Response() tpm.CC { return tpm.CCNVUndefineSpaceSpecial } +func (*NVUndefineSpaceSpecialResponse) Response() TPMCC { return TPMCCNVUndefineSpaceSpecial } // NVReadPublic is the input to TPM2_NV_ReadPublic. // See definition in Part 3, Commands, section 31.6. @@ -1673,7 +1677,7 @@ type NVReadPublic struct { } // Command implements the Command interface. -func (*NVReadPublic) Command() tpm.CC { return tpm.CCNVReadPublic } +func (*NVReadPublic) Command() TPMCC { return TPMCCNVReadPublic } // Execute executes the command and returns the response. func (cmd *NVReadPublic) Execute(t transport.TPM, s ...Session) (*NVReadPublicResponse, error) { @@ -1686,12 +1690,12 @@ func (cmd *NVReadPublic) Execute(t transport.TPM, s ...Session) (*NVReadPublicRe // NVReadPublicResponse is the response from TPM2_NV_ReadPublic. type NVReadPublicResponse struct { - NVPublic tpm2b.NVPublic - NVName tpm2b.Name + NVPublic TPM2BNVPublic + NVName TPM2BName } // Response implements the Response interface. -func (*NVReadPublicResponse) Response() tpm.CC { return tpm.CCNVReadPublic } +func (*NVReadPublicResponse) Response() TPMCC { return TPMCCNVReadPublic } // NVWrite is the input to TPM2_NV_Write. // See definition in Part 3, Commands, section 31.7. @@ -1701,13 +1705,13 @@ type NVWrite struct { // the NV index of the area to write NVIndex handle `gotpm:"handle"` // the data to write - Data tpm2b.MaxNVBuffer + Data TPM2BMaxNVBuffer // the octet offset into the NV Area Offset uint16 } // Command implements the Command interface. -func (*NVWrite) Command() tpm.CC { return tpm.CCNVWrite } +func (*NVWrite) Command() TPMCC { return TPMCCNVWrite } // Execute executes the command and returns the response. func (cmd *NVWrite) Execute(t transport.TPM, s ...Session) error { @@ -1719,7 +1723,7 @@ func (cmd *NVWrite) Execute(t transport.TPM, s ...Session) error { type NVWriteResponse struct{} // Response implements the Response interface. -func (*NVWriteResponse) Response() tpm.CC { return tpm.CCNVWrite } +func (*NVWriteResponse) Response() TPMCC { return TPMCCNVWrite } // NVIncrement is the input to TPM2_NV_Increment. // See definition in Part 3, Commands, section 31.8. @@ -1731,7 +1735,7 @@ type NVIncrement struct { } // Command implements the Command interface. -func (*NVIncrement) Command() tpm.CC { return tpm.CCNVIncrement } +func (*NVIncrement) Command() TPMCC { return TPMCCNVIncrement } // Execute executes the command and returns the response. func (cmd *NVIncrement) Execute(t transport.TPM, s ...Session) error { @@ -1743,7 +1747,7 @@ func (cmd *NVIncrement) Execute(t transport.TPM, s ...Session) error { type NVIncrementResponse struct{} // Response implements the Response interface. -func (*NVIncrementResponse) Response() tpm.CC { return tpm.CCNVIncrement } +func (*NVIncrementResponse) Response() TPMCC { return TPMCCNVIncrement } // NVWriteLock is the input to TPM2_NV_WriteLock. // See definition in Part 3, Commands, section 31.11. @@ -1755,7 +1759,7 @@ type NVWriteLock struct { } // Command implements the Command interface. -func (*NVWriteLock) Command() tpm.CC { return tpm.CCNVWriteLock } +func (*NVWriteLock) Command() TPMCC { return TPMCCNVWriteLock } // Execute executes the command and returns the response. func (cmd *NVWriteLock) Execute(t transport.TPM, s ...Session) error { @@ -1767,7 +1771,7 @@ func (cmd *NVWriteLock) Execute(t transport.TPM, s ...Session) error { type NVWriteLockResponse struct{} // Response implements the Response interface. -func (*NVWriteLockResponse) Response() tpm.CC { return tpm.CCNVWriteLock } +func (*NVWriteLockResponse) Response() TPMCC { return TPMCCNVWriteLock } // NVRead is the input to TPM2_NV_Read. // See definition in Part 3, Commands, section 31.13. @@ -1783,7 +1787,7 @@ type NVRead struct { } // Command implements the Command interface. -func (*NVRead) Command() tpm.CC { return tpm.CCNVRead } +func (*NVRead) Command() TPMCC { return TPMCCNVRead } // Execute executes the command and returns the response. func (cmd *NVRead) Execute(t transport.TPM, s ...Session) (*NVReadResponse, error) { @@ -1797,11 +1801,11 @@ func (cmd *NVRead) Execute(t transport.TPM, s ...Session) (*NVReadResponse, erro // NVReadResponse is the response from TPM2_NV_Read. type NVReadResponse struct { // the data read - Data tpm2b.MaxNVBuffer + Data TPM2BMaxNVBuffer } // Response implements the Response interface. -func (*NVReadResponse) Response() tpm.CC { return tpm.CCNVRead } +func (*NVReadResponse) Response() TPMCC { return TPMCCNVRead } // NVCertify is the input to TPM2_NV_Certify. // See definition in Part 3, Commands, section 31.16. @@ -1813,9 +1817,9 @@ type NVCertify struct { // Index for the area to be certified NVIndex handle `gotpm:"handle"` // user-provided qualifying data - QualifyingData tpm2b.Data + QualifyingData TPM2BData // signing scheme to use if the scheme for signHandle is TPM_ALG_NULL - InScheme tpmt.SigScheme `gotpm:"nullable"` + InScheme TPMTSigScheme `gotpm:"nullable"` // number of octets to certify Size uint16 // octet offset into the NV area @@ -1823,7 +1827,7 @@ type NVCertify struct { } // Command implements the Command interface. -func (*NVCertify) Command() tpm.CC { return tpm.CCNVCertify } +func (*NVCertify) Command() TPMCC { return TPMCCNVCertify } // Execute executes the command and returns the response. func (cmd *NVCertify) Execute(t transport.TPM, s ...Session) (*NVCertifyResponse, error) { @@ -1837,10 +1841,10 @@ func (cmd *NVCertify) Execute(t transport.TPM, s ...Session) (*NVCertifyResponse // NVCertifyResponse is the response from TPM2_NV_Read. type NVCertifyResponse struct { // the structure that was signed - CertifyInfo tpm2b.Attest + CertifyInfo TPM2BAttest // the asymmetric signature over certifyInfo using the key referenced by signHandle - Signature tpmt.Signature + Signature TPMTSignature } // Response implements the Response interface. -func (*NVCertifyResponse) Response() tpm.CC { return tpm.CCNVCertify } +func (*NVCertifyResponse) Response() TPMCC { return TPMCCNVCertify } diff --git a/tpm2/wrappers.go b/tpm2/wrappers.go new file mode 100644 index 00000000..20e4aae5 --- /dev/null +++ b/tpm2/wrappers.go @@ -0,0 +1,10 @@ +package tpm2 + +// This file provides wrapper functions for concrete types used by tpm2, for +// setting union member pointers. + +// NewKeyBits allocates and returns the address of a new TPMKeyBits. +func NewKeyBits(v TPMKeyBits) *TPMKeyBits { return &v } + +// NewAlgID allocates and returns the address of a new TPMAlgID. +func NewAlgID(v TPMAlgID) *TPMAlgID { return &v } diff --git a/tpmutil/encoding_test.go b/tpmutil/encoding_test.go index c4c52117..7cd01bfc 100644 --- a/tpmutil/encoding_test.go +++ b/tpmutil/encoding_test.go @@ -17,7 +17,6 @@ package tpmutil import ( "bytes" "io" - "io/ioutil" "reflect" "testing" ) @@ -28,7 +27,7 @@ type invalidPacked struct { } func TestEncodingPackTypeInvalid(t *testing.T) { - d := ioutil.Discard + d := io.Discard // The packedSize function doesn't handle slices to anything other than bytes. var invalid []int @@ -79,7 +78,7 @@ func TestEncodingPackType(t *testing.T) { RawBytes(buf), } for _, i := range inputs { - if err := packType(ioutil.Discard, i); err != nil { + if err := packType(io.Discard, i); err != nil { t.Errorf("packType(%#v): %v", i, err) } }