mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12628 Commits
17 Branches
Tree: 35c3553870
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '35c3553870'
${ noResults }
gitea/vendor/github.com/duo-labs/webauthn/protocol/googletpm/pubarea.go

pubarea.go 6.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240 
  1. package googletpm

  2. 

  3. import (

  4. 	"bytes"

  5. 	"fmt"

  6. 	"math/big"

  7. )

  8. 

  9. // DecodePublic decodes a TPMT_PUBLIC message. No error is returned if

  10. // the input has extra trailing data.

  11. func DecodePublic(buf []byte) (Public, error) {

  12. 	in := bytes.NewBuffer(buf)

  13. 	var pub Public

  14. 	var err error

  15. 	if err = UnpackBuf(in, &pub.Type, &pub.NameAlg, &pub.Attributes, &pub.AuthPolicy); err != nil {

  16. 		return pub, fmt.Errorf("decoding TPMT_PUBLIC: %v", err)

  17. 	}

  18. 

  19. 	switch pub.Type {

  20. 	case AlgRSA:

  21. 		pub.RSAParameters, err = decodeRSAParams(in)

  22. 	case AlgECC:

  23. 		pub.ECCParameters, err = decodeECCParams(in)

  24. 	default:

  25. 		err = fmt.Errorf("unsupported type in TPMT_PUBLIC: %v", pub.Type)

  26. 	}

  27. 	return pub, err

  28. }

  29. 

  30. // Public contains the public area of an object.

  31. type Public struct {

  32. 	Type       Algorithm

  33. 	NameAlg    Algorithm

  34. 	Attributes KeyProp

  35. 	AuthPolicy []byte

  36. 

  37. 	// If Type is AlgKeyedHash, then do not set these.

  38. 	// Otherwise, only one of the Parameters fields should be set. When encoding/decoding,

  39. 	// one will be picked based on Type.

  40. 	RSAParameters *RSAParams

  41. 	ECCParameters *ECCParams

  42. }

  43. 

  44. // Algorithm represents a TPM_ALG_ID value.

  45. type Algorithm uint16

  46. 

  47. // KeyProp is a bitmask used in Attributes field of key templates. Individual

  48. // flags should be OR-ed to form a full mask.

  49. type KeyProp uint32

  50. 

  51. // Key properties.

  52. const (

  53. 	FlagFixedTPM            KeyProp = 0x00000002

  54. 	FlagFixedParent         KeyProp = 0x00000010

  55. 	FlagSensitiveDataOrigin KeyProp = 0x00000020

  56. 	FlagUserWithAuth        KeyProp = 0x00000040

  57. 	FlagAdminWithPolicy     KeyProp = 0x00000080

  58. 	FlagNoDA                KeyProp = 0x00000400

  59. 	FlagRestricted          KeyProp = 0x00010000

  60. 	FlagDecrypt             KeyProp = 0x00020000

  61. 	FlagSign                KeyProp = 0x00040000

  62. 

  63. 	FlagSealDefault   = FlagFixedTPM | FlagFixedParent

  64. 	FlagSignerDefault = FlagSign | FlagRestricted | FlagFixedTPM |

  65. 		FlagFixedParent | FlagSensitiveDataOrigin | FlagUserWithAuth

  66. 	FlagStorageDefault = FlagDecrypt | FlagRestricted | FlagFixedTPM |

  67. 		FlagFixedParent | FlagSensitiveDataOrigin | FlagUserWithAuth

  68. )

  69. 

  70. func decodeRSAParams(in *bytes.Buffer) (*RSAParams, error) {

  71. 	var params RSAParams

  72. 	var err error

  73. 

  74. 	if params.Symmetric, err = decodeSymScheme(in); err != nil {

  75. 		return nil, fmt.Errorf("decoding Symmetric: %v", err)

  76. 	}

  77. 	if params.Sign, err = decodeSigScheme(in); err != nil {

  78. 		return nil, fmt.Errorf("decoding Sign: %v", err)

  79. 	}

  80. 	var modBytes []byte

  81. 	if err := UnpackBuf(in, &params.KeyBits, &params.Exponent, &modBytes); err != nil {

  82. 		return nil, fmt.Errorf("decoding KeyBits, Exponent, Modulus: %v", err)

  83. 	}

  84. 	if params.Exponent == 0 {

  85. 		params.encodeDefaultExponentAsZero = true

  86. 		params.Exponent = defaultRSAExponent

  87. 	}

  88. 	params.Modulus = new(big.Int).SetBytes(modBytes)

  89. 	return &params, nil

  90. }

  91. 

  92. const defaultRSAExponent = 1<<16 + 1

  93. 

  94. // RSAParams represents parameters of an RSA key pair.

  95. //

  96. // Symmetric and Sign may be nil, depending on key Attributes in Public.

  97. //

  98. // One of Modulus and ModulusRaw must always be non-nil. Modulus takes

  99. // precedence. ModulusRaw is used for key templates where the field named

  100. // "unique" must be a byte array of all zeroes.

  101. type RSAParams struct {

  102. 	Symmetric *SymScheme

  103. 	Sign      *SigScheme

  104. 	KeyBits   uint16

  105. 	// The default Exponent (65537) has two representations; the

  106. 	// 0 value, and the value 65537.

  107. 	// If encodeDefaultExponentAsZero is set, an exponent of 65537

  108. 	// will be encoded as zero. This is necessary to produce an identical

  109. 	// encoded bitstream, so Name digest calculations will be correct.

  110. 	encodeDefaultExponentAsZero bool

  111. 	Exponent                    uint32

  112. 	ModulusRaw                  []byte

  113. 	Modulus                     *big.Int

  114. }

  115. 

  116. // SymScheme represents a symmetric encryption scheme.

  117. type SymScheme struct {

  118. 	Alg     Algorithm

  119. 	KeyBits uint16

  120. 	Mode    Algorithm

  121. } // SigScheme represents a signing scheme.

  122. type SigScheme struct {

  123. 	Alg   Algorithm

  124. 	Hash  Algorithm

  125. 	Count uint32

  126. }

  127. 

  128. func decodeSigScheme(in *bytes.Buffer) (*SigScheme, error) {

  129. 	var scheme SigScheme

  130. 	if err := UnpackBuf(in, &scheme.Alg); err != nil {

  131. 		return nil, fmt.Errorf("decoding Alg: %v", err)

  132. 	}

  133. 	if scheme.Alg == AlgNull {

  134. 		return nil, nil

  135. 	}

  136. 	if err := UnpackBuf(in, &scheme.Hash); err != nil {

  137. 		return nil, fmt.Errorf("decoding Hash: %v", err)

  138. 	}

  139. 	if scheme.Alg.UsesCount() {

  140. 		if err := UnpackBuf(in, &scheme.Count); err != nil {

  141. 			return nil, fmt.Errorf("decoding Count: %v", err)

  142. 		}

  143. 	}

  144. 	return &scheme, nil

  145. }

  146. 

  147. // UsesCount returns true if a signature algorithm uses count value.

  148. func (a Algorithm) UsesCount() bool {

  149. 	return a == AlgECDAA

  150. }

  151. 

  152. func decodeKDFScheme(in *bytes.Buffer) (*KDFScheme, error) {

  153. 	var scheme KDFScheme

  154. 	if err := UnpackBuf(in, &scheme.Alg); err != nil {

  155. 		return nil, fmt.Errorf("decoding Alg: %v", err)

  156. 	}

  157. 	if scheme.Alg == AlgNull {

  158. 		return nil, nil

  159. 	}

  160. 	if err := UnpackBuf(in, &scheme.Hash); err != nil {

  161. 		return nil, fmt.Errorf("decoding Hash: %v", err)

  162. 	}

  163. 	return &scheme, nil

  164. }

  165. func decodeSymScheme(in *bytes.Buffer) (*SymScheme, error) {

  166. 	var scheme SymScheme

  167. 	if err := UnpackBuf(in, &scheme.Alg); err != nil {

  168. 		return nil, fmt.Errorf("decoding Alg: %v", err)

  169. 	}

  170. 	if scheme.Alg == AlgNull {

  171. 		return nil, nil

  172. 	}

  173. 	if err := UnpackBuf(in, &scheme.KeyBits, &scheme.Mode); err != nil {

  174. 		return nil, fmt.Errorf("decoding KeyBits, Mode: %v", err)

  175. 	}

  176. 	return &scheme, nil

  177. }

  178. func decodeECCParams(in *bytes.Buffer) (*ECCParams, error) {

  179. 	var params ECCParams

  180. 	var err error

  181. 

  182. 	if params.Symmetric, err = decodeSymScheme(in); err != nil {

  183. 		return nil, fmt.Errorf("decoding Symmetric: %v", err)

  184. 	}

  185. 	if params.Sign, err = decodeSigScheme(in); err != nil {

  186. 		return nil, fmt.Errorf("decoding Sign: %v", err)

  187. 	}

  188. 	if err := UnpackBuf(in, &params.CurveID); err != nil {

  189. 		return nil, fmt.Errorf("decoding CurveID: %v", err)

  190. 	}

  191. 	if params.KDF, err = decodeKDFScheme(in); err != nil {

  192. 		return nil, fmt.Errorf("decoding KDF: %v", err)

  193. 	}

  194. 	var x, y []byte

  195. 	if err := UnpackBuf(in, &x, &y); err != nil {

  196. 		return nil, fmt.Errorf("decoding Point: %v", err)

  197. 	}

  198. 	params.Point.X = new(big.Int).SetBytes(x)

  199. 	params.Point.Y = new(big.Int).SetBytes(y)

  200. 	return &params, nil

  201. }

  202. 

  203. // ECCParams represents parameters of an ECC key pair.

  204. //

  205. // Symmetric, Sign and KDF may be nil, depending on key Attributes in Public.

  206. type ECCParams struct {

  207. 	Symmetric *SymScheme

  208. 	Sign      *SigScheme

  209. 	CurveID   EllipticCurve

  210. 	KDF       *KDFScheme

  211. 	Point     ECPoint

  212. }

  213. 

  214. // EllipticCurve identifies specific EC curves.

  215. type EllipticCurve uint16

  216. 

  217. // ECC curves supported by TPM 2.0 spec.

  218. const (

  219. 	CurveNISTP192 = EllipticCurve(iota + 1)

  220. 	CurveNISTP224

  221. 	CurveNISTP256

  222. 	CurveNISTP384

  223. 	CurveNISTP521

  224. 

  225. 	CurveBNP256 = EllipticCurve(iota + 10)

  226. 	CurveBNP638

  227. 

  228. 	CurveSM2P256 = EllipticCurve(0x0020)

  229. )

  230. 

  231. // ECPoint represents a ECC coordinates for a point.

  232. type ECPoint struct {

  233. 	X, Y *big.Int

  234. }

  235. 

  236. // KDFScheme represents a KDF (Key Derivation Function) scheme.

  237. type KDFScheme struct {

  238. 	Alg  Algorithm

  239. 	Hash Algorithm

  240. }