node-tpm2 0.0.4-beta.4 → 0.0.5-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +54 -17
- package/api.js +135 -9
- package/docs/api-reference.md +151 -35
- package/docs/roadmap.md +28 -32
- package/docs/windows-pcp.md +3 -0
- package/examples/nv-smoke.mjs +89 -0
- package/index.d.ts +50 -8
- package/native.cjs +60 -52
- package/native.d.ts +50 -0
- package/package.json +10 -10
package/docs/roadmap.md
CHANGED
|
@@ -9,25 +9,23 @@ or depends on downstream products.
|
|
|
9
9
|
|
|
10
10
|
---
|
|
11
11
|
|
|
12
|
-
## Current state (0.0.
|
|
12
|
+
## Current state (0.0.5-beta)
|
|
13
13
|
|
|
14
|
-
**Shipped
|
|
14
|
+
**Shipped and validated on real Windows 11 hardware (Intel TPM, non-virtual):** attestation (user + machine provision, cross-user quote, SYSTEM provision), `random`, `keys` (sign + RSA decrypt), `pcr.read` / `pcr.extend` (admin on Windows), `nv` (read/write/define/undefine/readPublic), `seal` / `unseal`.
|
|
15
15
|
|
|
16
16
|
| Namespace | Methods |
|
|
17
17
|
|-----------|---------|
|
|
18
|
-
| Root | `Tpm.isAvailable()`, `Tpm.open()`, `Tpm.info()` |
|
|
18
|
+
| Root | `Tpm.isAvailable()`, `Tpm.open()`, `Tpm.info()`, `tpm.readPublic()` |
|
|
19
|
+
| `tpm.random` | `bytes(n)` |
|
|
19
20
|
| `tpm.pcr` | `read`, `extend` |
|
|
21
|
+
| `tpm.nv` | `read`, `write`, `readPublic`, `define`, `undefine` |
|
|
22
|
+
| `tpm.keys` | `create`, `load`; `KeyHandle.sign`, `export`, `decrypt` |
|
|
23
|
+
| `tpm.seal` | `seal`, `unseal` |
|
|
20
24
|
| `tpm.attest` | `provisionAk`, `quote`, `ekCertificate` |
|
|
21
25
|
| `AkHandle` | `export`, `quote`, `activateCredential`, `publicKeyDer` |
|
|
22
|
-
| Flat | `Tpm.pcrRead`, `Tpm.
|
|
26
|
+
| Flat | Parity wrappers for all of the above (`Tpm.pcrRead`, `Tpm.nvDefine`, `Tpm.seal`, …) |
|
|
23
27
|
|
|
24
|
-
**
|
|
25
|
-
|
|
26
|
-
- Command codec: `CreatePrimary`, `Create`, `Load`, `FlushContext`, `Quote`, `GetRandom`, sessions, policy digest
|
|
27
|
-
- Linux key path: `keys.rs` (storage primary, AK create/load)
|
|
28
|
-
- Windows PCP path: `pcp.rs` (identity AK, machine DACL, quote, activation)
|
|
29
|
-
- NV: EK certificate read via fixed index
|
|
30
|
-
- Credential: full activate-credential flow (Linux TBS; Windows PCP)
|
|
28
|
+
**Platform split:** General ops (keys, seal, NV, PCR, random) use TBS on both OSes. Attestation persistence on Windows uses NCrypt PCP (`PCP1` / `PCP2` blobs); Linux uses TBS-wrapped ECDSA AK blobs.
|
|
31
29
|
|
|
32
30
|
---
|
|
33
31
|
|
|
@@ -121,13 +119,13 @@ Flat equivalents remain on `Tpm.*` for every operation (thin wrappers over the s
|
|
|
121
119
|
- [x] JS: `tpm.random.bytes(n)`, `Tpm.randomBytes(n)`
|
|
122
120
|
- [ ] Tests: integration on Linux + Windows VM
|
|
123
121
|
|
|
124
|
-
### Phase 2 — `tpm.keys` ✅
|
|
122
|
+
### Phase 2 — `tpm.keys` ✅
|
|
125
123
|
|
|
126
124
|
**Goal:** General exportable signing keys via TBS wrapped blobs (both OSes).
|
|
127
125
|
|
|
128
126
|
- [x] `keys.create` / `keys.load` / `key.sign` — ECC + RSA sign keys
|
|
129
127
|
- [x] Unit tests: templates, Sign command golden, option validation, HW roundtrip
|
|
130
|
-
- [
|
|
128
|
+
- [x] `key.decrypt` — RSA OAEP
|
|
131
129
|
- [ ] Windows VM sign smoke
|
|
132
130
|
|
|
133
131
|
### Phase 3 — `tpm.pcr.extend` ✅ (this branch)
|
|
@@ -138,32 +136,30 @@ Flat equivalents remain on `Tpm.*` for every operation (thin wrappers over the s
|
|
|
138
136
|
- [x] JS: `tpm.pcr.extend(index, digest)`.
|
|
139
137
|
- [x] Tests: extend → read → digest changed.
|
|
140
138
|
- [x] Caveats: some firmware policies lock PCRs; surface `TPM_RC` / `COMMAND_BLOCKED` cleanly.
|
|
141
|
-
- [
|
|
139
|
+
- [x] Acceptance: Linux unprivileged on swtpm/dev VM; **Windows Administrator** on real client hardware (PCR 23 validated).
|
|
142
140
|
|
|
143
|
-
### Phase 4 — `tpm.nv` (
|
|
141
|
+
### Phase 4 — `tpm.nv` ✅ (this branch)
|
|
144
142
|
|
|
145
143
|
**Goal:** General NV index access beyond EK cert helper.
|
|
146
144
|
|
|
147
|
-
- Rust:
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
-
|
|
153
|
-
-
|
|
154
|
-
- Acceptance: EK cert read unchanged; optional integration test against swtpm-defined NV index.
|
|
145
|
+
- [x] Rust: `nv.read_public(handle)` — size + attributes via `nv_read_public`.
|
|
146
|
+
- [x] `nv.read(handle, offset, size)`.
|
|
147
|
+
- [x] `nv.write(handle, offset, data, auth?)` — optional auth for password-protected indices.
|
|
148
|
+
- [x] `nv.define` / `nv.undefine` — owner-auth; owner NV range only; refuses EK indices.
|
|
149
|
+
- [x] Migrate `readEkCertificate` to call `nv.read` on well-known EK cert index internally.
|
|
150
|
+
- [x] JS: `tpm.nv.read`, `tpm.nv.write`, `tpm.nv.readPublic`, `tpm.nv.define`, `tpm.nv.undefine`; document which indices are safe on consumer hardware.
|
|
151
|
+
- [ ] Acceptance: EK cert read unchanged; optional integration test against swtpm-defined NV index (hardware: use `examples/nv-smoke.mjs` on test machine).
|
|
155
152
|
|
|
156
|
-
### Phase 5 — `tpm.seal` / `tpm.unseal` (
|
|
153
|
+
### Phase 5 — `tpm.seal` / `tpm.unseal` ✅ (this branch)
|
|
157
154
|
|
|
158
155
|
**Goal:** TPM-bound secrets with optional PCR policy.
|
|
159
156
|
|
|
160
|
-
- Rust:
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
-
|
|
165
|
-
-
|
|
166
|
-
- Acceptance: Linux + Windows TBS; document that PCR-bound seal requires extend permission on chosen indices.
|
|
157
|
+
- [x] Rust: `seal({ data, pcrSelection? })` — storage primary, `Create` sealed object, export blob.
|
|
158
|
+
- [x] `unseal(blob)` — load + `Unseal`.
|
|
159
|
+
- [x] PCR policy: `PolicyPCR` session when `pcrSelection` provided.
|
|
160
|
+
- [x] JS: `tpm.seal`, `tpm.unseal`; flat aliases.
|
|
161
|
+
- [x] Tests: roundtrip without PCR; unit tests for marshalling.
|
|
162
|
+
- [ ] Acceptance: Linux + Windows TBS; roundtrip with PCR extend before unseal on hardware.
|
|
167
163
|
|
|
168
164
|
### Phase 6 — Hardening & 1.0 (ongoing)
|
|
169
165
|
|
|
@@ -216,5 +212,5 @@ Phases 1 and 3 can run in parallel after Phase 0. Phase 2 blocks Phase 5. Phase
|
|
|
216
212
|
|
|
217
213
|
## Versioning
|
|
218
214
|
|
|
219
|
-
- Implement phases on `dev`; beta publish after each phase or logical group (e.g. beta.
|
|
215
|
+
- Implement phases on `dev`; beta publish after each phase or logical group (e.g. **0.0.5-beta.0** = full NV + seal + keys decrypt).
|
|
220
216
|
- `1.0.0` when Phases 0–5 acceptance criteria pass on real hardware and API surface in README matches implementation.
|
package/docs/windows-pcp.md
CHANGED
|
@@ -7,6 +7,7 @@ On Windows, node-tpm2 uses the **Microsoft Platform Crypto Provider** for attest
|
|
|
7
7
|
| Operation | Standard user | Elevated admin | SYSTEM |
|
|
8
8
|
|-----------|---------------|----------------|--------|
|
|
9
9
|
| `Tpm.isAvailable()`, PCR read, `readPublic` | Yes | Yes | Yes |
|
|
10
|
+
| `tpm.pcr.extend` | No (`REQUIRES_ELEVATION`) | Yes † | Yes † |
|
|
10
11
|
| `provisionAk()` user scope (`PCP1`) | Yes | Yes | Yes |
|
|
11
12
|
| `quote()` | Yes | Yes | Yes |
|
|
12
13
|
| `provisionAk({ scope: 'machine' })` (`PCP2`) | No | Yes | Yes (production enroll) |
|
|
@@ -14,6 +15,8 @@ On Windows, node-tpm2 uses the **Microsoft Platform Crypto Provider** for attest
|
|
|
14
15
|
|
|
15
16
|
**Runtime apps** typically only need `quote()` with a blob/locator from enrollment. Activation is an enrollment-time proof-of-possession step.
|
|
16
17
|
|
|
18
|
+
**† `pcr.extend`:** Prefer PCR indices **16–23** (not **0–7**, which are boot/Secure Boot measurements). Standard users receive **`REQUIRES_ELEVATION`** (`hresult` `0x80280400`); **Administrator** can extend (validated on real Intel laptop). Linux standard user can extend unless firmware locks the index.
|
|
19
|
+
|
|
17
20
|
## AK blob formats
|
|
18
21
|
|
|
19
22
|
| Magic | Scope | Meaning |
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* NV define / read / write / undefine cycle (owner NV index).
|
|
4
|
+
*
|
|
5
|
+
* WARNING: Mutates TPM NV storage. Use only on a test machine.
|
|
6
|
+
* Requires owner authorization (often empty password on consumer TPMs).
|
|
7
|
+
* Windows: run elevated (Admin); standard user gets REQUIRES_ELEVATION.
|
|
8
|
+
*
|
|
9
|
+
* Usage:
|
|
10
|
+
* node nv-smoke.mjs
|
|
11
|
+
* node nv-smoke.mjs --handle 0x01800042 --size 64
|
|
12
|
+
*
|
|
13
|
+
* Install:
|
|
14
|
+
* npm install node-tpm2@beta
|
|
15
|
+
* node node_modules/node-tpm2/examples/nv-smoke.mjs
|
|
16
|
+
*/
|
|
17
|
+
|
|
18
|
+
import { Tpm } from '../index.js';
|
|
19
|
+
|
|
20
|
+
function flagValue(args, name) {
|
|
21
|
+
for (let i = 0; i < args.length; i++) {
|
|
22
|
+
if (args[i] === name && args[i + 1]) return args[++i];
|
|
23
|
+
const prefix = `${name}=`;
|
|
24
|
+
if (args[i]?.startsWith(prefix)) return args[i].slice(prefix.length);
|
|
25
|
+
}
|
|
26
|
+
return undefined;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
async function main() {
|
|
30
|
+
const args = process.argv.slice(2);
|
|
31
|
+
const handle = flagValue(args, '--handle') ?? '0x01800042';
|
|
32
|
+
const size = Number(flagValue(args, '--size') ?? '64');
|
|
33
|
+
|
|
34
|
+
if (!(await Tpm.isAvailable())) {
|
|
35
|
+
console.error('FAIL: no TPM');
|
|
36
|
+
process.exit(1);
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
await using tpm = await Tpm.open();
|
|
40
|
+
const payload = Buffer.from(`node-tpm2-nv-smoke-${Date.now()}`);
|
|
41
|
+
|
|
42
|
+
console.log(`== nv-smoke handle=${handle} size=${size} ==`);
|
|
43
|
+
|
|
44
|
+
try {
|
|
45
|
+
await tpm.nv.undefine(handle);
|
|
46
|
+
console.log(' (pre-clean undefine OK)');
|
|
47
|
+
} catch {
|
|
48
|
+
console.log(' (pre-clean undefine skipped — index may not exist)');
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
await tpm.nv.define({ handle, size });
|
|
52
|
+
console.log('PASS nv.define');
|
|
53
|
+
|
|
54
|
+
try {
|
|
55
|
+
const meta = await tpm.nv.readPublic(handle);
|
|
56
|
+
console.log('PASS nv.readPublic', meta);
|
|
57
|
+
} catch (err) {
|
|
58
|
+
// Windows raw TBS often blocks NV_ReadPublic for owner-range indices (~0xA6);
|
|
59
|
+
// read/write still work via owner auth fallback in the native layer.
|
|
60
|
+
console.log(
|
|
61
|
+
' (nv.readPublic skipped:',
|
|
62
|
+
err.code ?? err.message,
|
|
63
|
+
'— continuing with define size)',
|
|
64
|
+
);
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
await tpm.nv.write(handle, payload, 0);
|
|
68
|
+
console.log('PASS nv.write', payload.length, 'bytes');
|
|
69
|
+
|
|
70
|
+
const readBack = await tpm.nv.read(handle, 0, payload.length);
|
|
71
|
+
if (!readBack.equals(payload)) {
|
|
72
|
+
console.error('FAIL: read mismatch');
|
|
73
|
+
process.exit(1);
|
|
74
|
+
}
|
|
75
|
+
console.log('PASS nv.read roundtrip');
|
|
76
|
+
|
|
77
|
+
await tpm.nv.undefine(handle);
|
|
78
|
+
console.log('PASS nv.undefine');
|
|
79
|
+
|
|
80
|
+
console.log('\nnv-smoke: OK');
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
main().catch((err) => {
|
|
84
|
+
console.error('FAIL:', err.message ?? err);
|
|
85
|
+
if (err.code) console.error(' code:', err.code);
|
|
86
|
+
if (err.tpmRc != null) console.error(' tpmRc:', err.tpmRc);
|
|
87
|
+
if (err.hresult != null) console.error(' hresult:', err.hresult);
|
|
88
|
+
process.exit(1);
|
|
89
|
+
});
|
package/index.d.ts
CHANGED
|
@@ -84,12 +84,27 @@ export declare type KeyCreateOptions = {
|
|
|
84
84
|
decrypt?: boolean;
|
|
85
85
|
};
|
|
86
86
|
|
|
87
|
-
/**
|
|
87
|
+
/** Sealed blob options. */
|
|
88
88
|
export declare type SealOptions = {
|
|
89
89
|
data: Buffer;
|
|
90
90
|
pcrSelection?: number[];
|
|
91
91
|
};
|
|
92
92
|
|
|
93
|
+
/** Owner NV index definition (requires owner authorization). */
|
|
94
|
+
export declare type NvDefineOptions = {
|
|
95
|
+
handle: string | number;
|
|
96
|
+
size: number;
|
|
97
|
+
/** Index password when attributes use AUTHREAD/AUTHWRITE. */
|
|
98
|
+
auth?: Buffer;
|
|
99
|
+
/** Owner hierarchy password (often empty on consumer TPMs). */
|
|
100
|
+
ownerAuth?: Buffer;
|
|
101
|
+
};
|
|
102
|
+
|
|
103
|
+
export declare type NvReadPublicResult = {
|
|
104
|
+
dataSize: number;
|
|
105
|
+
attributes: number;
|
|
106
|
+
};
|
|
107
|
+
|
|
93
108
|
export declare interface AkHandle {
|
|
94
109
|
export(): AkBlob;
|
|
95
110
|
readonly publicKeyDer: Buffer;
|
|
@@ -97,7 +112,7 @@ export declare interface AkHandle {
|
|
|
97
112
|
activateCredential(opts: ActivateCredentialOptions): Promise<Buffer>;
|
|
98
113
|
}
|
|
99
114
|
|
|
100
|
-
/** @throws {TpmError}
|
|
115
|
+
/** @throws {TpmError} when key lacks decrypt attribute */
|
|
101
116
|
export declare interface KeyHandle {
|
|
102
117
|
export(): KeyBlob;
|
|
103
118
|
sign(digest: Buffer): Promise<Buffer>;
|
|
@@ -121,19 +136,28 @@ export declare interface TpmHandle {
|
|
|
121
136
|
bytes(count: number): Promise<Buffer>;
|
|
122
137
|
};
|
|
123
138
|
nv: {
|
|
124
|
-
|
|
125
|
-
read(
|
|
126
|
-
|
|
127
|
-
|
|
139
|
+
readPublic(handle: string | number): Promise<NvReadPublicResult>;
|
|
140
|
+
read(
|
|
141
|
+
handle: string | number,
|
|
142
|
+
offset?: number,
|
|
143
|
+
size?: number,
|
|
144
|
+
auth?: Buffer,
|
|
145
|
+
): Promise<Buffer>;
|
|
146
|
+
write(
|
|
147
|
+
handle: string | number,
|
|
148
|
+
data: Buffer,
|
|
149
|
+
offset?: number,
|
|
150
|
+
auth?: Buffer,
|
|
151
|
+
): Promise<void>;
|
|
152
|
+
define(opts: NvDefineOptions): Promise<void>;
|
|
153
|
+
undefine(handle: string | number, ownerAuth?: Buffer): Promise<void>;
|
|
128
154
|
};
|
|
129
155
|
keys: {
|
|
130
156
|
create(opts: KeyCreateOptions): Promise<KeyHandle>;
|
|
131
157
|
load(blob: KeyBlob): Promise<KeyHandle>;
|
|
132
158
|
};
|
|
133
159
|
seal: {
|
|
134
|
-
/** @throws {TpmError} NOT_SUPPORTED until Phase 5 */
|
|
135
160
|
seal(opts: SealOptions): Promise<Buffer>;
|
|
136
|
-
/** @throws {TpmError} NOT_SUPPORTED until Phase 5 */
|
|
137
161
|
unseal(blob: Buffer): Promise<Buffer>;
|
|
138
162
|
};
|
|
139
163
|
attest: {
|
|
@@ -160,4 +184,22 @@ export declare const Tpm: {
|
|
|
160
184
|
activateCredential(opts: ActivateCredentialFlatOptions): Promise<Buffer>;
|
|
161
185
|
createKey(opts?: KeyCreateOptions): Promise<{ publicKeyDer: Buffer; keyBlob: KeyBlob }>;
|
|
162
186
|
signKeyBlob(opts: { keyBlob: KeyBlob; digest: Buffer }): Promise<Buffer>;
|
|
187
|
+
decryptKeyBlob(opts: { keyBlob: KeyBlob; cipher: Buffer }): Promise<Buffer>;
|
|
188
|
+
nvRead(
|
|
189
|
+
handle: string | number,
|
|
190
|
+
offset?: number,
|
|
191
|
+
size?: number,
|
|
192
|
+
auth?: Buffer,
|
|
193
|
+
): Promise<Buffer>;
|
|
194
|
+
nvWrite(
|
|
195
|
+
handle: string | number,
|
|
196
|
+
data: Buffer,
|
|
197
|
+
offset?: number,
|
|
198
|
+
auth?: Buffer,
|
|
199
|
+
): Promise<void>;
|
|
200
|
+
nvReadPublic(handle: string | number): Promise<NvReadPublicResult>;
|
|
201
|
+
nvDefine(opts: NvDefineOptions): Promise<void>;
|
|
202
|
+
nvUndefine(handle: string | number, ownerAuth?: Buffer): Promise<void>;
|
|
203
|
+
seal(opts: SealOptions): Promise<Buffer>;
|
|
204
|
+
unseal(blob: Buffer): Promise<Buffer>;
|
|
163
205
|
};
|
package/native.cjs
CHANGED
|
@@ -77,8 +77,8 @@ function requireNative() {
|
|
|
77
77
|
try {
|
|
78
78
|
const binding = require('node-tpm2-android-arm64')
|
|
79
79
|
const bindingPackageVersion = require('node-tpm2-android-arm64/package.json').version
|
|
80
|
-
if (bindingPackageVersion !== '0.0.
|
|
81
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
80
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
81
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
82
82
|
}
|
|
83
83
|
return binding
|
|
84
84
|
} catch (e) {
|
|
@@ -93,8 +93,8 @@ function requireNative() {
|
|
|
93
93
|
try {
|
|
94
94
|
const binding = require('node-tpm2-android-arm-eabi')
|
|
95
95
|
const bindingPackageVersion = require('node-tpm2-android-arm-eabi/package.json').version
|
|
96
|
-
if (bindingPackageVersion !== '0.0.
|
|
97
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
96
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
97
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
98
98
|
}
|
|
99
99
|
return binding
|
|
100
100
|
} catch (e) {
|
|
@@ -114,8 +114,8 @@ function requireNative() {
|
|
|
114
114
|
try {
|
|
115
115
|
const binding = require('node-tpm2-win32-x64-gnu')
|
|
116
116
|
const bindingPackageVersion = require('node-tpm2-win32-x64-gnu/package.json').version
|
|
117
|
-
if (bindingPackageVersion !== '0.0.
|
|
118
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
117
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
118
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
119
119
|
}
|
|
120
120
|
return binding
|
|
121
121
|
} catch (e) {
|
|
@@ -130,8 +130,8 @@ function requireNative() {
|
|
|
130
130
|
try {
|
|
131
131
|
const binding = require('node-tpm2-windows-x64-msvc')
|
|
132
132
|
const bindingPackageVersion = require('node-tpm2-windows-x64-msvc/package.json').version
|
|
133
|
-
if (bindingPackageVersion !== '0.0.
|
|
134
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
133
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
134
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
135
135
|
}
|
|
136
136
|
return binding
|
|
137
137
|
} catch (e) {
|
|
@@ -147,8 +147,8 @@ function requireNative() {
|
|
|
147
147
|
try {
|
|
148
148
|
const binding = require('node-tpm2-win32-ia32-msvc')
|
|
149
149
|
const bindingPackageVersion = require('node-tpm2-win32-ia32-msvc/package.json').version
|
|
150
|
-
if (bindingPackageVersion !== '0.0.
|
|
151
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
150
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
151
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
152
152
|
}
|
|
153
153
|
return binding
|
|
154
154
|
} catch (e) {
|
|
@@ -163,8 +163,8 @@ function requireNative() {
|
|
|
163
163
|
try {
|
|
164
164
|
const binding = require('node-tpm2-windows-arm64-msvc')
|
|
165
165
|
const bindingPackageVersion = require('node-tpm2-windows-arm64-msvc/package.json').version
|
|
166
|
-
if (bindingPackageVersion !== '0.0.
|
|
167
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
166
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
167
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
168
168
|
}
|
|
169
169
|
return binding
|
|
170
170
|
} catch (e) {
|
|
@@ -182,8 +182,8 @@ function requireNative() {
|
|
|
182
182
|
try {
|
|
183
183
|
const binding = require('node-tpm2-darwin-universal')
|
|
184
184
|
const bindingPackageVersion = require('node-tpm2-darwin-universal/package.json').version
|
|
185
|
-
if (bindingPackageVersion !== '0.0.
|
|
186
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
185
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
186
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
187
187
|
}
|
|
188
188
|
return binding
|
|
189
189
|
} catch (e) {
|
|
@@ -198,8 +198,8 @@ function requireNative() {
|
|
|
198
198
|
try {
|
|
199
199
|
const binding = require('node-tpm2-darwin-x64')
|
|
200
200
|
const bindingPackageVersion = require('node-tpm2-darwin-x64/package.json').version
|
|
201
|
-
if (bindingPackageVersion !== '0.0.
|
|
202
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
201
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
202
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
203
203
|
}
|
|
204
204
|
return binding
|
|
205
205
|
} catch (e) {
|
|
@@ -214,8 +214,8 @@ function requireNative() {
|
|
|
214
214
|
try {
|
|
215
215
|
const binding = require('node-tpm2-darwin-arm64')
|
|
216
216
|
const bindingPackageVersion = require('node-tpm2-darwin-arm64/package.json').version
|
|
217
|
-
if (bindingPackageVersion !== '0.0.
|
|
218
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
217
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
218
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
219
219
|
}
|
|
220
220
|
return binding
|
|
221
221
|
} catch (e) {
|
|
@@ -234,8 +234,8 @@ function requireNative() {
|
|
|
234
234
|
try {
|
|
235
235
|
const binding = require('node-tpm2-freebsd-x64')
|
|
236
236
|
const bindingPackageVersion = require('node-tpm2-freebsd-x64/package.json').version
|
|
237
|
-
if (bindingPackageVersion !== '0.0.
|
|
238
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
237
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
238
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
239
239
|
}
|
|
240
240
|
return binding
|
|
241
241
|
} catch (e) {
|
|
@@ -250,8 +250,8 @@ function requireNative() {
|
|
|
250
250
|
try {
|
|
251
251
|
const binding = require('node-tpm2-freebsd-arm64')
|
|
252
252
|
const bindingPackageVersion = require('node-tpm2-freebsd-arm64/package.json').version
|
|
253
|
-
if (bindingPackageVersion !== '0.0.
|
|
254
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
253
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
254
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
255
255
|
}
|
|
256
256
|
return binding
|
|
257
257
|
} catch (e) {
|
|
@@ -271,8 +271,8 @@ function requireNative() {
|
|
|
271
271
|
try {
|
|
272
272
|
const binding = require('node-tpm2-linux-x64-musl')
|
|
273
273
|
const bindingPackageVersion = require('node-tpm2-linux-x64-musl/package.json').version
|
|
274
|
-
if (bindingPackageVersion !== '0.0.
|
|
275
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
274
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
275
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
276
276
|
}
|
|
277
277
|
return binding
|
|
278
278
|
} catch (e) {
|
|
@@ -287,8 +287,8 @@ function requireNative() {
|
|
|
287
287
|
try {
|
|
288
288
|
const binding = require('node-tpm2-linux-x64-gnu')
|
|
289
289
|
const bindingPackageVersion = require('node-tpm2-linux-x64-gnu/package.json').version
|
|
290
|
-
if (bindingPackageVersion !== '0.0.
|
|
291
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
290
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
291
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
292
292
|
}
|
|
293
293
|
return binding
|
|
294
294
|
} catch (e) {
|
|
@@ -305,8 +305,8 @@ function requireNative() {
|
|
|
305
305
|
try {
|
|
306
306
|
const binding = require('node-tpm2-linux-arm64-musl')
|
|
307
307
|
const bindingPackageVersion = require('node-tpm2-linux-arm64-musl/package.json').version
|
|
308
|
-
if (bindingPackageVersion !== '0.0.
|
|
309
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
308
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
309
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
310
310
|
}
|
|
311
311
|
return binding
|
|
312
312
|
} catch (e) {
|
|
@@ -321,8 +321,8 @@ function requireNative() {
|
|
|
321
321
|
try {
|
|
322
322
|
const binding = require('node-tpm2-linux-arm64-gnu')
|
|
323
323
|
const bindingPackageVersion = require('node-tpm2-linux-arm64-gnu/package.json').version
|
|
324
|
-
if (bindingPackageVersion !== '0.0.
|
|
325
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
324
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
325
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
326
326
|
}
|
|
327
327
|
return binding
|
|
328
328
|
} catch (e) {
|
|
@@ -339,8 +339,8 @@ function requireNative() {
|
|
|
339
339
|
try {
|
|
340
340
|
const binding = require('node-tpm2-linux-arm-musleabihf')
|
|
341
341
|
const bindingPackageVersion = require('node-tpm2-linux-arm-musleabihf/package.json').version
|
|
342
|
-
if (bindingPackageVersion !== '0.0.
|
|
343
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
342
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
343
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
344
344
|
}
|
|
345
345
|
return binding
|
|
346
346
|
} catch (e) {
|
|
@@ -355,8 +355,8 @@ function requireNative() {
|
|
|
355
355
|
try {
|
|
356
356
|
const binding = require('node-tpm2-linux-arm-gnueabihf')
|
|
357
357
|
const bindingPackageVersion = require('node-tpm2-linux-arm-gnueabihf/package.json').version
|
|
358
|
-
if (bindingPackageVersion !== '0.0.
|
|
359
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
358
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
359
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
360
360
|
}
|
|
361
361
|
return binding
|
|
362
362
|
} catch (e) {
|
|
@@ -373,8 +373,8 @@ function requireNative() {
|
|
|
373
373
|
try {
|
|
374
374
|
const binding = require('node-tpm2-linux-loong64-musl')
|
|
375
375
|
const bindingPackageVersion = require('node-tpm2-linux-loong64-musl/package.json').version
|
|
376
|
-
if (bindingPackageVersion !== '0.0.
|
|
377
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
376
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
377
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
378
378
|
}
|
|
379
379
|
return binding
|
|
380
380
|
} catch (e) {
|
|
@@ -389,8 +389,8 @@ function requireNative() {
|
|
|
389
389
|
try {
|
|
390
390
|
const binding = require('node-tpm2-linux-loong64-gnu')
|
|
391
391
|
const bindingPackageVersion = require('node-tpm2-linux-loong64-gnu/package.json').version
|
|
392
|
-
if (bindingPackageVersion !== '0.0.
|
|
393
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
392
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
393
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
394
394
|
}
|
|
395
395
|
return binding
|
|
396
396
|
} catch (e) {
|
|
@@ -407,8 +407,8 @@ function requireNative() {
|
|
|
407
407
|
try {
|
|
408
408
|
const binding = require('node-tpm2-linux-riscv64-musl')
|
|
409
409
|
const bindingPackageVersion = require('node-tpm2-linux-riscv64-musl/package.json').version
|
|
410
|
-
if (bindingPackageVersion !== '0.0.
|
|
411
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
410
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
411
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
412
412
|
}
|
|
413
413
|
return binding
|
|
414
414
|
} catch (e) {
|
|
@@ -423,8 +423,8 @@ function requireNative() {
|
|
|
423
423
|
try {
|
|
424
424
|
const binding = require('node-tpm2-linux-riscv64-gnu')
|
|
425
425
|
const bindingPackageVersion = require('node-tpm2-linux-riscv64-gnu/package.json').version
|
|
426
|
-
if (bindingPackageVersion !== '0.0.
|
|
427
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
426
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
427
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
428
428
|
}
|
|
429
429
|
return binding
|
|
430
430
|
} catch (e) {
|
|
@@ -440,8 +440,8 @@ function requireNative() {
|
|
|
440
440
|
try {
|
|
441
441
|
const binding = require('node-tpm2-linux-ppc64-gnu')
|
|
442
442
|
const bindingPackageVersion = require('node-tpm2-linux-ppc64-gnu/package.json').version
|
|
443
|
-
if (bindingPackageVersion !== '0.0.
|
|
444
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
443
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
444
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
445
445
|
}
|
|
446
446
|
return binding
|
|
447
447
|
} catch (e) {
|
|
@@ -456,8 +456,8 @@ function requireNative() {
|
|
|
456
456
|
try {
|
|
457
457
|
const binding = require('node-tpm2-linux-s390x-gnu')
|
|
458
458
|
const bindingPackageVersion = require('node-tpm2-linux-s390x-gnu/package.json').version
|
|
459
|
-
if (bindingPackageVersion !== '0.0.
|
|
460
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
459
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
460
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
461
461
|
}
|
|
462
462
|
return binding
|
|
463
463
|
} catch (e) {
|
|
@@ -476,8 +476,8 @@ function requireNative() {
|
|
|
476
476
|
try {
|
|
477
477
|
const binding = require('node-tpm2-openharmony-arm64')
|
|
478
478
|
const bindingPackageVersion = require('node-tpm2-openharmony-arm64/package.json').version
|
|
479
|
-
if (bindingPackageVersion !== '0.0.
|
|
480
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
479
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
480
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
481
481
|
}
|
|
482
482
|
return binding
|
|
483
483
|
} catch (e) {
|
|
@@ -492,8 +492,8 @@ function requireNative() {
|
|
|
492
492
|
try {
|
|
493
493
|
const binding = require('node-tpm2-openharmony-x64')
|
|
494
494
|
const bindingPackageVersion = require('node-tpm2-openharmony-x64/package.json').version
|
|
495
|
-
if (bindingPackageVersion !== '0.0.
|
|
496
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
495
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
496
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
497
497
|
}
|
|
498
498
|
return binding
|
|
499
499
|
} catch (e) {
|
|
@@ -508,8 +508,8 @@ function requireNative() {
|
|
|
508
508
|
try {
|
|
509
509
|
const binding = require('node-tpm2-openharmony-arm')
|
|
510
510
|
const bindingPackageVersion = require('node-tpm2-openharmony-arm/package.json').version
|
|
511
|
-
if (bindingPackageVersion !== '0.0.
|
|
512
|
-
throw new Error(`Native binding package version mismatch, expected 0.0.
|
|
511
|
+
if (bindingPackageVersion !== '0.0.5-beta.1' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
|
|
512
|
+
throw new Error(`Native binding package version mismatch, expected 0.0.5-beta.1 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
|
|
513
513
|
}
|
|
514
514
|
return binding
|
|
515
515
|
} catch (e) {
|
|
@@ -589,9 +589,15 @@ if (!nativeBinding) {
|
|
|
589
589
|
module.exports = nativeBinding
|
|
590
590
|
module.exports.activateCredential = nativeBinding.activateCredential
|
|
591
591
|
module.exports.createKey = nativeBinding.createKey
|
|
592
|
+
module.exports.decryptKeyBlob = nativeBinding.decryptKeyBlob
|
|
592
593
|
module.exports.getFixedProperties = nativeBinding.getFixedProperties
|
|
593
594
|
module.exports.isAvailable = nativeBinding.isAvailable
|
|
594
595
|
module.exports.keyBlobPublicDer = nativeBinding.keyBlobPublicDer
|
|
596
|
+
module.exports.nvDefine = nativeBinding.nvDefine
|
|
597
|
+
module.exports.nvRead = nativeBinding.nvRead
|
|
598
|
+
module.exports.nvReadPublic = nativeBinding.nvReadPublic
|
|
599
|
+
module.exports.nvUndefine = nativeBinding.nvUndefine
|
|
600
|
+
module.exports.nvWrite = nativeBinding.nvWrite
|
|
595
601
|
module.exports.pcrExtend = nativeBinding.pcrExtend
|
|
596
602
|
module.exports.pcrRead = nativeBinding.pcrRead
|
|
597
603
|
module.exports.provisionAk = nativeBinding.provisionAk
|
|
@@ -599,4 +605,6 @@ module.exports.quote = nativeBinding.quote
|
|
|
599
605
|
module.exports.randomBytes = nativeBinding.randomBytes
|
|
600
606
|
module.exports.readEkCertificate = nativeBinding.readEkCertificate
|
|
601
607
|
module.exports.readPublic = nativeBinding.readPublic
|
|
608
|
+
module.exports.seal = nativeBinding.seal
|
|
602
609
|
module.exports.signKeyBlob = nativeBinding.signKeyBlob
|
|
610
|
+
module.exports.unseal = nativeBinding.unseal
|