mirror of
https://github.com/google/go-attestation.git
synced 2025-06-13 04:28:17 +00:00
Rename AIK to AK everywhere
AIK is the terminology used as part of the TPM 1.2 specifications.
This commit is contained in:
Brandon Weeks
@ -13,51 +13,51 @@ var (
|
||||
testExamples = flag.Bool("test-examples", false, "Enable tests for examples.")
|
||||
)
|
||||
|
||||
func ExampleAIK() {
|
||||
func ExampleAK() {
|
||||
tpm, err := attest.OpenTPM(nil)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to open the TPM: %v", err)
|
||||
}
|
||||
defer tpm.Close()
|
||||
|
||||
// Create a new AIK.
|
||||
aik, err := tpm.NewAIK(nil)
|
||||
// Create a new AK.
|
||||
ak, err := tpm.NewAK(nil)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to create AIK: %v", err)
|
||||
log.Fatalf("Failed to create AK: %v", err)
|
||||
}
|
||||
// Save a re-loadable representation to blob.
|
||||
blob, err := aik.Marshal()
|
||||
blob, err := ak.Marshal()
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to marshal AIK: %v", err)
|
||||
log.Fatalf("Failed to marshal AK: %v", err)
|
||||
}
|
||||
// Close our handle to the AIK.
|
||||
if err := aik.Close(tpm); err != nil {
|
||||
log.Fatalf("Failed to close AIK: %v", err)
|
||||
// Close our handle to the AK.
|
||||
if err := ak.Close(tpm); err != nil {
|
||||
log.Fatalf("Failed to close AK: %v", err)
|
||||
}
|
||||
|
||||
// Re-load the created AIK from the blob.
|
||||
aik, err = tpm.LoadAIK(blob)
|
||||
// Re-load the created AK from the blob.
|
||||
ak, err = tpm.LoadAK(blob)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to load AIK: %v", err)
|
||||
log.Fatalf("Failed to load AK: %v", err)
|
||||
}
|
||||
if err := aik.Close(tpm); err != nil {
|
||||
log.Fatalf("Failed to close AIK: %v", err)
|
||||
if err := ak.Close(tpm); err != nil {
|
||||
log.Fatalf("Failed to close AK: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func ExampleAIK_credentialActivation() {
|
||||
func ExampleAK_credentialActivation() {
|
||||
tpm, err := attest.OpenTPM(nil)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to open TPM: %v", err)
|
||||
}
|
||||
defer tpm.Close()
|
||||
|
||||
// Create a new AIK.
|
||||
aik, err := tpm.NewAIK(nil)
|
||||
// Create a new AK.
|
||||
ak, err := tpm.NewAK(nil)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to create AIK: %v", err)
|
||||
log.Fatalf("Failed to create AK: %v", err)
|
||||
}
|
||||
defer aik.Close(tpm)
|
||||
defer ak.Close(tpm)
|
||||
|
||||
// Read the EK.
|
||||
ek, err := tpm.EKs()
|
||||
@ -66,37 +66,37 @@ func ExampleAIK_credentialActivation() {
|
||||
}
|
||||
|
||||
// Read parameters necessary to generate a challenge.
|
||||
ap := aik.AttestationParameters()
|
||||
ap := ak.AttestationParameters()
|
||||
|
||||
// Generate a credential activation challenge (usually done on the server).
|
||||
activation := attest.ActivationParameters{
|
||||
TPMVersion: tpm.Version(),
|
||||
EK: ek[0].Public,
|
||||
AIK: ap,
|
||||
AK: ap,
|
||||
}
|
||||
secret, challenge, err := activation.Generate()
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to generate activation challenge: %v", err)
|
||||
}
|
||||
|
||||
// Challenge the AIK & EK properties to recieve the decrypted secret.
|
||||
decrypted, err := aik.ActivateCredential(tpm, *challenge)
|
||||
// Challenge the AK & EK properties to recieve the decrypted secret.
|
||||
decrypted, err := ak.ActivateCredential(tpm, *challenge)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to activate credential: %v", err)
|
||||
}
|
||||
|
||||
// Check that the AIK completed the challenge (usually done on the server).
|
||||
// Check that the AK completed the challenge (usually done on the server).
|
||||
if subtle.ConstantTimeCompare(secret, decrypted) == 0 {
|
||||
log.Fatal("Activation response did not match secret")
|
||||
}
|
||||
}
|
||||
|
||||
func TestExampleAIK(t *testing.T) {
|
||||
func TestExampleAK(t *testing.T) {
|
||||
if !*testExamples {
|
||||
t.SkipNow()
|
||||
}
|
||||
ExampleAIK()
|
||||
ExampleAIK_credentialActivation()
|
||||
ExampleAK()
|
||||
ExampleAK_credentialActivation()
|
||||
}
|
||||
|
||||
func TestExampleTPM(t *testing.T) {
|
||||
@ -113,12 +113,12 @@ func ExampleTPM_AttestPlatform() {
|
||||
}
|
||||
defer tpm.Close()
|
||||
|
||||
// Create a new AIK.
|
||||
aik, err := tpm.NewAIK(nil)
|
||||
// Create a new AK.
|
||||
ak, err := tpm.NewAK(nil)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to create AIK: %v", err)
|
||||
log.Fatalf("Failed to create AK: %v", err)
|
||||
}
|
||||
defer aik.Close(tpm)
|
||||
defer ak.Close(tpm)
|
||||
|
||||
// The nonce would typically be provided by the server.
|
||||
nonce := []byte{1, 2, 3, 4, 5, 6, 7, 8}
|
||||
@ -127,18 +127,18 @@ func ExampleTPM_AttestPlatform() {
|
||||
// would pass a nil config, and the event log would be read from the
|
||||
// platform. To ensure this example runs on platforms without event logs,
|
||||
// we pass a fake EventLog value.
|
||||
att, err := tpm.AttestPlatform(aik, nonce, &attest.PlatformAttestConfig{
|
||||
att, err := tpm.AttestPlatform(ak, nonce, &attest.PlatformAttestConfig{
|
||||
EventLog: []byte{0},
|
||||
})
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to attest the platform state: %v", err)
|
||||
}
|
||||
|
||||
// Construct an AIKPublic struct from the parameters of the key. This
|
||||
// Construct an AKPublic struct from the parameters of the key. This
|
||||
// will be used to verify the quote signatures.
|
||||
pub, err := attest.ParseAIKPublic(tpm.Version(), aik.AttestationParameters().Public)
|
||||
pub, err := attest.ParseAKPublic(tpm.Version(), ak.AttestationParameters().Public)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to parse AIK public: %v", err)
|
||||
log.Fatalf("Failed to parse AK public: %v", err)
|
||||
}
|
||||
|
||||
for i, q := range att.Quotes {
|
||||
|
||||
Reference in New Issue
Block a user