talm
79 строк · 1.9 Кб
1// This Source Code Form is subject to the terms of the Mozilla Public2// License, v. 2.0. If a copy of the MPL was not distributed with this3// file, You can obtain one at http://mozilla.org/MPL/2.0/.4// Package tpm2 provides TPM2.0 related functionality helpers.6package tpm27import (9"crypto/sha256"10"fmt"11"github.com/google/go-tpm/tpm2"13)14// CalculatePolicy calculates the policy hash for a given PCR value and PCR selection.16func CalculatePolicy(pcrValue []byte, pcrSelection tpm2.TPMLPCRSelection) ([]byte, error) {17calculator, err := tpm2.NewPolicyCalculator(tpm2.TPMAlgSHA256)18if err != nil {19return nil, err20}21pcrHash := sha256.Sum256(pcrValue)23policy := tpm2.PolicyPCR{25PcrDigest: tpm2.TPM2BDigest{26Buffer: pcrHash[:],27},28Pcrs: pcrSelection,29}30if err := policy.Update(calculator); err != nil {32return nil, err33}34return calculator.Hash().Digest, nil36}37// CalculateSealingPolicyDigest calculates the sealing policy digest for a given PCR value, PCR selection and public key.39func CalculateSealingPolicyDigest(pcrValue []byte, pcrSelection tpm2.TPMLPCRSelection, pubKey string) ([]byte, error) {40calculator, err := tpm2.NewPolicyCalculator(tpm2.TPMAlgSHA256)41if err != nil {42return nil, err43}44pubKeyData, err := ParsePCRSigningPubKey(pubKey)46if err != nil {47return nil, err48}49publicKeyTemplate := RSAPubKeyTemplate(pubKeyData.N.BitLen(), pubKeyData.E, pubKeyData.N.Bytes())51name, err := tpm2.ObjectName(&publicKeyTemplate)53if err != nil {54return nil, fmt.Errorf("failed to calculate name: %v", err)55}56policyAuthorize := tpm2.PolicyAuthorize{58KeySign: *name,59}60if err := policyAuthorize.Update(calculator); err != nil {62return nil, err63}64pcrHash := sha256.Sum256(pcrValue)66policy := tpm2.PolicyPCR{68PcrDigest: tpm2.TPM2BDigest{69Buffer: pcrHash[:],70},71Pcrs: pcrSelection,72}73if err := policy.Update(calculator); err != nil {75return nil, err76}77return calculator.Hash().Digest, nil79}80