登录 注册
开源 企业版 高校版 私有云 模力方舟 模力方舟
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

mysnapcore/mygo-tpm2

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
克隆/下载
duplication.go 4.37 KB
一键复制 编辑 原始数据 按行查看 历史
Tupelo-Shen 提交于 2022-11-12 13:28 +08:00 . fix: roll back to v0.1.0 on github.com/canonical/go-tpm2
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
// Copyright 2021 Canonical Ltd.

// Licensed under the LGPLv3 with static-linking exception.

// See LICENCE file for details.



package util



import (

	"crypto"

	"errors"



	tpm2 "gitee.com/mysnapcore/mygo-tpm2"

	"golang.org/x/xerrors"

)



// UnwrapDuplicationObjectToSensitive unwraps the supplied duplication object and returns the

// corresponding sensitive area. If inSymSeed is supplied, then it is assumed that the object

// has an outer wrapper. In this case, privKey, parentNameAlg and parentSymmetricAlg must be

// supplied - privKey is the key with which inSymSeed is protected, parentNameAlg is the name

// algorithm for the parent key (and must not be HashAlgorithmNull), and parentSymmetricAlg

// defines the symmetric algorithm for the parent key (and the Algorithm field must not be

// SymObjectAlgorithmNull).

//

// If symmetricAlg is supplied and the Algorithm field is not SymObjectAlgorithmNull, then it is

// assumed that the object has an inner wrapper. In this case, the symmetric key for the inner

// wrapper must be supplied using the encryptionKey argument.

func UnwrapDuplicationObjectToSensitive(duplicate tpm2.Private, public *tpm2.Public, privKey crypto.PrivateKey, parentNameAlg tpm2.HashAlgorithmId, parentSymmetricAlg *tpm2.SymDefObject, encryptionKey tpm2.Data, inSymSeed tpm2.EncryptedSecret, symmetricAlg *tpm2.SymDefObject) (*tpm2.Sensitive, error) {

	var seed []byte

	if len(inSymSeed) > 0 {

		if privKey == nil {

			return nil, errors.New("parent private key is required for outer wrapper")

		}



		var err error

		seed, err = CryptSecretDecrypt(privKey, parentNameAlg, []byte(tpm2.DuplicateString), inSymSeed)

		if err != nil {

			return nil, xerrors.Errorf("cannot decrypt symmetric seed: %w", err)

		}

	}



	name, err := public.Name()

	if err != nil {

		return nil, xerrors.Errorf("cannot compute name: %w", err)

	}



	return DuplicateToSensitive(duplicate, name, parentNameAlg, parentSymmetricAlg, seed, symmetricAlg, encryptionKey)

}



// CreateDuplicationObjectFromSensitive creates a duplication object that can be imported in to a

// TPM from the supplied sensitive area.

//

// If symmetricAlg is supplied and the Algorithm field is not SymObjectAlgorithmNull, this function

// will apply an inner wrapper to the duplication object. If encryptionKeyIn is supplied, it will be

// used as the symmetric key for the inner wrapper. It must have a size appropriate for the selected

// symmetric algorithm. If encryptionKeyIn is not supplied, a symmetric key will be created and

// returned

//

// If parentPublic is supplied, an outer wrapper will be applied to the duplication object. The

// parentPublic argument should correspond to the public area of the storage key to which the

// duplication object will be imported. When applying the outer wrapper, the seed used to derice the

// symmetric key and HMAC key will be encrypted using parentPublic and returned.

func CreateDuplicationObjectFromSensitive(sensitive *tpm2.Sensitive, public, parentPublic *tpm2.Public, encryptionKeyIn tpm2.Data, symmetricAlg *tpm2.SymDefObject) (encryptionKeyOut tpm2.Data, duplicate tpm2.Private, outSymSeed tpm2.EncryptedSecret, err error) {

	if public.Attrs&(tpm2.AttrFixedTPM|tpm2.AttrFixedParent) != 0 {

		return nil, nil, nil, errors.New("object must be a duplication root")

	}



	if public.Attrs&tpm2.AttrEncryptedDuplication != 0 {

		if symmetricAlg == nil || symmetricAlg.Algorithm == tpm2.SymObjectAlgorithmNull {

			return nil, nil, nil, errors.New("symmetric algorithm must be supplied for an object with AttrEncryptedDuplication")

		}

		if parentPublic == nil {

			return nil, nil, nil, errors.New("parent object must be supplied for an object with AttrEncryptedDuplication")

		}

	}



	name, err := public.Name()

	if err != nil {

		return nil, nil, nil, xerrors.Errorf("cannot compute name: %w", err)

	}



	var seed []byte

	if parentPublic != nil {

		if !parentPublic.IsStorageParent() || !parentPublic.IsAsymmetric() {

			return nil, nil, nil, errors.New("parent object must be an asymmetric storage key")

		}

		outSymSeed, seed, err = tpm2.CryptSecretEncrypt(parentPublic, []byte(tpm2.DuplicateString))

		if err != nil {

			return nil, nil, nil, xerrors.Errorf("cannot create encrypted symmetric seed: %w", err)

		}

	}



	encryptionKeyOut, duplicate, err = SensitiveToDuplicate(sensitive, name, parentPublic, seed, symmetricAlg, encryptionKeyIn)

	if err != nil {

		return nil, nil, nil, err

	}



	return encryptionKeyOut, duplicate, outSymSeed, nil

}
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/mysnapcore/mygo-tpm2.git
git@gitee.com:mysnapcore/mygo-tpm2.git
mysnapcore
mygo-tpm2
mygo-tpm2
v0.0.6
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部