search

google / go-tpm-tools

Go packages built on go-tpm providing a high-level API for using TPMs
Apache License 2.0
222 stars 68 forks source link

Support importing AES or HMAC keys #317

Open salrashid123 opened 1 year ago

salrashid123 commented 1 year ago

go-tpm-tools currenlty supports importing an external rsa key into the tpm using CreateSigningKeyImportBlob

it also supports encrypting an arbitrary secret which can get decrypted by the target TPM (using CreateImportBlob

It'd be nice to allow a way to import an AES or HMAC key into the target tpm instead of it just allowing decryption (i.e have a similar mechanism like CreateSigningKeyImportBlob but one that actually embeds the secret.

this should be similar to tpm2_duplicate

one application would be to transfer an hmac AWS key to a target tpm for authentication

salrashid123 commented 1 year ago

requires upstream go-tpm fixes for hmac https://github.com/google/go-tpm/issues/249