Go Attestation Example

attest.go

package main

import (
	"fmt"
	"os"

	"github.com/google/go-attestation/attest"
)

func main() {

	config := &attest.OpenConfig{}
	tpm, err := attest.OpenTPM(config)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error opening the TPM: %v\n", err)
		os.Exit(1)
	}
	defer tpm.Close()

	eks, err := tpm.EKs()
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error getting EKs from TPM: %v\n", err)
		os.Exit(1)
	}
	fmt.Fprintf(os.Stdout, "There are %d EKs in TPM 2.0 chip\n", len(eks))
	ek := eks[0]

	tpmInfo, err := tpm.Info()
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error getting Vendor Name from TPM: %v\n", err)
		os.Exit(1)
	}
	fmt.Fprintf(os.Stdout, "Vendor Name of TPM 2.0 chip : %s\n", tpmInfo.Manufacturer.String())

	akConfig := &attest.AKConfig{}
	ak, err := tpm.NewAK(akConfig)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error generating AK in TPM: %v\n", err)
		os.Exit(1)
	}
	akAttestParams := ak.AttestationParameters()
	akBytes, err := ak.Marshal()
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error marshalling AK: %v\n", err)
		ak.Close(tpm)
		os.Exit(1)
	}
	ak.Close(tpm)

	akActivationParams := attest.ActivationParameters{
		TPMVersion: attest.TPMVersion20,
		EK:         ek.Public,
		AK:         akAttestParams,
	}

	secret, encryptedCredentials, err := akActivationParams.Generate()
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error generating Credential Activation Challenge: %v\n", err)
		os.Exit(1)
	}
	fmt.Fprintf(os.Stdout, "Secret = %v\n", secret)

	ak, err = tpm.LoadAK(akBytes)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error loading AK: %v\n", err)
		os.Exit(1)
	}
	defer ak.Close(tpm)

	secret, err = ak.ActivateCredential(tpm, *encryptedCredentials)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error activating Credential Activation Challenge: %v\n", err)
		os.Exit(1)
	}
	fmt.Fprintf(os.Stdout, "Secret = %v\n", secret)

	os.Exit(0)
}