1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
package tss2
import (
"encoding/pem"
"github.com/google/go-tpm/tpmutil"
)
// handleOwner is the reserved handle TPM_RH_OWNER.
const handleOwner = tpmutil.Handle(0x40000001)
// TPMOption is the type used to modify a [TPMKey].
type TPMOption func(*TPMKey)
// WithParent sets the [TPMKey] parent handle.
func WithParent(parent tpmutil.Handle) TPMOption {
return func(t *TPMKey) {
t.Parent = int(parent)
}
}
// New creates a new [TPMKey] with the given public and private keys.
func New(pub, priv []byte, opts ...TPMOption) *TPMKey {
key := &TPMKey{
Type: oidLoadableKey,
EmptyAuth: true,
Parent: int(handleOwner),
PublicKey: addPrefixLength(pub),
PrivateKey: addPrefixLength(priv),
}
for _, fn := range opts {
fn(key)
}
return key
}
// Encode encodes the [TPMKey] returns a [*pem.Block].
func (k *TPMKey) Encode() (*pem.Block, error) {
b, err := MarshalPrivateKey(k)
if err != nil {
return nil, err
}
return &pem.Block{
Type: "TSS2 PRIVATE KEY",
Bytes: b,
}, nil
}
// EncodeToMemory encodes the [TPMKey] and returns an encoded PEM block.
func (k *TPMKey) EncodeToMemory() ([]byte, error) {
block, err := k.Encode()
if err != nil {
return nil, err
}
return pem.EncodeToMemory(block), nil
}
// Encode encodes the given public and private key and returns a [*pem.Block].
func Encode(pub, priv []byte, opts ...TPMOption) (*pem.Block, error) {
return New(pub, priv, opts...).Encode()
}
// EncodeToMemory encodes the given public and private key and returns an
// encoded PEM block.
func EncodeToMemory(pub, priv []byte, opts ...TPMOption) ([]byte, error) {
return New(pub, priv, opts...).EncodeToMemory()
}
func addPrefixLength(b []byte) []byte {
s := len(b)
return append([]byte{byte(s >> 8 & 0xFF), byte(s & 0xFF)}, b...)
}
|
