tao

package
v0.0.0-...-9db400c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 10, 2015 License: Apache-2.0 Imports: 49 Imported by: 0

Documentation

Overview

Package tao is a generated protocol buffer package.

It is generated from these files: 

acl_guard.proto
attestation.proto
ca.proto
datalog_guard.proto
domain.proto
keys.proto
linux_host_admin_rpc.proto
linux_host.proto
rpc.proto
tpm_tao.proto

It has these top-level messages: 

ACLSet
SignedACLSet

Index

Constants

View Source 
const (
	X509Path            = "cert"
	PBEKeysetPath       = "keys"
	PBESignerPath       = "signer"
	SealedKeysetPath    = "sealed_keyset"
	PlaintextKeysetPath = "plaintext_keyset"
)

The paths to the filename used by the Keys type.

View Source 
const (
	HostTypeEnvVar        = "CLOUDPROXY_TAO_HOST_TYPE"
	HostSpecEnvVar        = "CLOUDPROXY_TAO_HOST_SPEC"
	HostChannelTypeEnvVar = "CLOUDPROXY_TAO_HOST_CHANNEL_TYPE"
	HostedTypeEnvVar      = "CLOUDPROXY_TAO_HOSTED_TYPE"

	TaoTPMPCRsEnvVar   = "CLOUDPROXY_TAO_TPM_PCRS"
	TaoTPMAIKEnvVar    = "CLOUDPROXY_TAO_TPM_AIK"
	TaoTPMDeviceEnvVar = "CLOUDPROXY_TAO_TPM_DEVICE"

	SharedSecretPolicyDefault      = "self"
	SharedSecretPolicyConservative = "few"
	SharedSecretPolicyLiberal      = "any"

	SealPolicyDefault      = "self"
	SealPolicyConservative = "few"
	SealPolicyLiberal      = "any"

	AttestationSigningContext = "Tao Attestation Signing Context V1"
)

Constants used by the Tao implementations for policy, signing contexts, and environment variables.

View Source 
const ACLGuardSigningContext = "tao.ACLGuard Version 1"

ACLGuardSigningContext is the context used for ACL-file signatures.

View Source 
const (
	DatalogRulesSigningContext = "Datalog Rules Signing Context V1"
)

Signing context for signatures on a set of Tao datalog rules.

Variables

View Source 
var CAType_name = map[int32]string{
	0: "ERROR",
	1: "ATTESTATION",
	2: "DATALOG_POLICY",
	3: "ACL_POLICY",
	4: "UNDEFINED",
}
View Source 
var CAType_value = map[string]int32{
	"ERROR":          0,
	"ATTESTATION":    1,
	"DATALOG_POLICY": 2,
	"ACL_POLICY":     3,
	"UNDEFINED":      4,
}
View Source 
var CryptoCipherMode_name = map[int32]string{
	1: "CIPHER_MODE_CTR",
}
View Source 
var CryptoCipherMode_value = map[string]int32{
	"CIPHER_MODE_CTR": 1,
}
View Source 
var CryptoDerivingMode_name = map[int32]string{
	1: "DERIVING_MODE_HKDF",
}
View Source 
var CryptoDerivingMode_value = map[string]int32{
	"DERIVING_MODE_HKDF": 1,
}
View Source 
var CryptoKey_CryptoAlgorithm_name = map[int32]string{
	1: "ECDSA_SHA",
	2: "AES_CTR_HMAC_SHA",
	3: "HMAC_SHA",
}
View Source 
var CryptoKey_CryptoAlgorithm_value = map[string]int32{
	"ECDSA_SHA":        1,
	"AES_CTR_HMAC_SHA": 2,
	"HMAC_SHA":         3,
}
View Source 
var CryptoKey_CryptoPurpose_name = map[int32]string{
	1: "VERIFYING",
	2: "SIGNING",
	3: "CRYPTING",
	4: "DERIVING",
}
View Source 
var CryptoKey_CryptoPurpose_value = map[string]int32{
	"VERIFYING": 1,
	"SIGNING":   2,
	"CRYPTING":  3,
	"DERIVING":  4,
}
View Source 
var CryptoVersion_name = map[int32]string{
	1: "CRYPTO_VERSION_1",
}
View Source 
var CryptoVersion_value = map[string]int32{
	"CRYPTO_VERSION_1": 1,
}
View Source 
var ErrMalformedResponse = errors.New("taorpc: malformed response")

An ErrMalformedResponse is returned as an error for an invalid response.

View Source 
var HostTaoTypeMap = map[string]HostTaoType{
	"none":    NoHost,
	"root":    Root,
	"stacked": Stacked,
}

HostTaoTypeMap maps strings to the type of a host Tao.

View Source 
var HostedProgramTypeMap = map[string]HostedProgramType{
	"none":       NoHostedPrograms,
	"process":    ProcessPipe,
	"docker":     DockerUnix,
	"kvm_coreos": KVMCoreOSFile,
}

HostedProgramTypeMap maps strings to the type of a hosted program.

View Source 
var NamedEllipticCurve_name = map[int32]string{
	1: "PRIME256_V1",
}
View Source 
var NamedEllipticCurve_value = map[string]int32{
	"PRIME256_V1": 1,
}

Functions

func AddEndorsements 

func AddEndorsements(guard Guard, a *Attestation, v *Verifier) error

AddEndorsements reads the SerializedEndorsements in an attestation and adds the ones that are predicates signed by the policy key.

func CloudConfigFromSSHKeys 

func CloudConfigFromSSHKeys(keysFile string) (string, error)

CloudConfigFromSSHKeys converts an ssh authorized-keys file into a format that can be used by CoreOS to authorize incoming SSH connections over the Plan9P-mounted filesystem it uses. This also adds the SSH key used by the factory to configure the virtual machine.

func Dial 

func Dial(network, addr string, guard Guard, v *Verifier, keys *Keys) (net.Conn, error)

Dial connects to a Tao TLS server, performs a TLS handshake, and verifies the Attestation value of the server, checking that the server is authorized to execute. If keys are provided (keys!=nil), then it sends an attestation of its identity to the peer.

func DialTLS 

func DialTLS(network, addr string) (net.Conn, error)

DialTLS creates a new X.509 certs from fresh keys and dials a given TLS address.

func DialTLSWithKeys 

func DialTLSWithKeys(network, addr string, keys *Keys) (net.Conn, error)

DialTLSWithKeys connects to a TLS server using an existing set of keys.

func DialWithNewX509 

func DialWithNewX509(network, addr string, guard Guard, v *Verifier) (net.Conn, error)

DialWithNewX509 connects to a Tao TLS server, performs a TLS handshake, and exchanges Attestation values with the server, checking that this is a Tao server that is authorized to Execute. It uses a Tao Guard to perform this check.

func EncodeTLSCert 

func EncodeTLSCert(keys *Keys) (*tls.Certificate, error)

EncodeTLSCert combines a signing key and a certificate in a single tls certificate suitable for a TLS config.

func FinalizeTPMTao 

func FinalizeTPMTao(tt *TPMTao)

FinalizeTPMTao releases the resources for the TPMTao.

func FormatCoreOSSubprin 

func FormatCoreOSSubprin(id uint, hash []byte) auth.SubPrin

FormatCoreOSSubprin produces a string that represents a subprincipal with the given ID and hash.

func FormatDockerSubprin 

func FormatDockerSubprin(id uint, hash []byte) auth.SubPrin

FormatDockerSubprin produces a string that represents a subprincipal with the given ID and hash.

func FormatLinuxHostSubprin 

func FormatLinuxHostSubprin(id uint, hash []byte) auth.SubPrin

FormatLinuxHostSubprin produces a string that represents a subprincipal with the given ID and hash.

func FormatProcessSubprin 

func FormatProcessSubprin(id uint, hash []byte) auth.SubPrin

FormatProcessSubprin produces a string that represents a subprincipal with the given ID and hash.

func HandleCARequest 

func HandleCARequest(conn net.Conn, s *Signer, guard Guard)

HandleCARequest checks a request from a program and responds with a truncated delegation signed by the policy key.

func IdenticalDelegations 

func IdenticalDelegations(s, t auth.Form) bool

IdenticalDelegations checks to see if two Form values are Says and are identical delegations (i.e., the Message must be an auth.Speaksfor). This function is not in the auth package, since it's specific to a particular pattern.

func Listen 

func Listen(network, laddr string, config *tls.Config, g Guard, v *Verifier, del *Attestation) (net.Listener, error)

Listen returns a new Tao-based net.Listener that uses the underlying crypto/tls net.Listener and a Guard to check whether or not connections are authorized.

func ListenAnonymous 

func ListenAnonymous(network, laddr string, config *tls.Config, g Guard, v *Verifier, del *Attestation) (net.Listener, error)

ListenAnonymous returns a new Tao-based net.Listener that does not require its peer to attest to its identity.

func ListenTLS 

func ListenTLS(network, addr string) (net.Listener, error)

ListenTLS creates a fresh certificate and listens for TLS connections using it.

func MakeTPMPrin 

func MakeTPMPrin(verifier *rsa.PublicKey, pcrNums []int, pcrVals [][]byte) (auth.Prin, error)

func MarshalSignerDER 

func MarshalSignerDER(s *Signer) ([]byte, error)

MarshalSignerDER serializes the signer to DER.

func NewX509Name 

func NewX509Name(p *X509Details) *pkix.Name

NewX509Name returns a new pkix.Name.

func PBEDecrypt 

func PBEDecrypt(ciphertext, password []byte) ([]byte, error)

PBEDecrypt decrypts ciphertext using a password to generate a key. Note that since this is for private program data, we don't try for compatibility with the C++ Tao version of the code.

func PBEEncrypt 

func PBEEncrypt(plaintext, password []byte) ([]byte, error)

PBEEncrypt encrypts plaintext using a password to generate a key. Note that since this is for private program data, we don't try for compatibility with the C++ Tao version of the code.

func ReadPCRs 

func ReadPCRs(tpmfile *os.File, pcrNums []int) ([][]byte, error)

func Register 

func Register(name string, generator func(string) (Tao, error))

Register adds a Tao-creation function for a given host channel type.

func SaveKeyset 

func SaveKeyset(k *Keys, dir string) error

SaveKeyset serializes and saves a Keys object to disk in plaintext.

func TruncateAttestation 

func TruncateAttestation(kprin auth.Prin, a *Attestation) (auth.Says, auth.PrinExt, error)

TruncateAttestation cuts off a delegation chain at its "Program" subprincipal extension and replaces its prefix with the given key principal. It also returns the PrinExt that represents exactly the program hash.

func ValidatePeerAttestation 

func ValidatePeerAttestation(a *Attestation, cert *x509.Certificate, guard Guard) error

ValidatePeerAttestation checks a Attestation for a given Listener against an X.509 certificate from a TLS channel.

func ZeroBytes 

func ZeroBytes(b []byte)

ZeroBytes clears the bytes in a slice.

Types

type ACLGuard 

type ACLGuard struct {
	Config ACLGuardDetails
	ACL    []string
	Key    *Verifier
}

An ACLGuard is an implementation of tao.Guard that uses an ACL to make authorization decisions. All rules are immediately converted to strings when they are added, and they are never converted back to auth.ast form. Any policy that requires more than string comparison should use DatalogGuard.

func (*ACLGuard) AddRule 

func (a *ACLGuard) AddRule(rule string) error

AddRule adds a policy rule. Subclasses should support at least rules of the form: Authorized(P, op, args...). This is equivalent to calling Authorize(P, op, args...) with each of the arguments converted to either a string or integer.

func (*ACLGuard) Authorize 

func (a *ACLGuard) Authorize(name auth.Prin, op string, args []string) error

Authorize adds an authorization for a principal to perform an operation.

func (*ACLGuard) Clear 

func (a *ACLGuard) Clear() error

Clear removes all rules.

func (*ACLGuard) GetRule 

func (a *ACLGuard) GetRule(i int) string

GetRule returns the ith policy rule, if it exists.

func (*ACLGuard) GetSignedACLSet 

func (a *ACLGuard) GetSignedACLSet(signer *Signer) (*SignedACLSet, error)

GetSignedACLSet serializes and signs the ACL set and returns a SignedACLSet pointer.

func (*ACLGuard) IsAuthorized 

func (a *ACLGuard) IsAuthorized(name auth.Prin, op string, args []string) bool

IsAuthorized checks whether a principal is authorized to perform an operation.

func (*ACLGuard) Query 

func (a *ACLGuard) Query(query string) (bool, error)

Query the policy. Implementations of this interface should support at least queries of the form: Authorized(P, op, args...).

func (*ACLGuard) Retract 

func (a *ACLGuard) Retract(name auth.Prin, op string, args []string) error

Retract removes an authorization for a principal to perform an operation, essentially reversing the effect of an Authorize() call with identical name, op, and args. Note: this reverses the effect of an Authorize() call with identical parameters of the equivalent AddRule() call. However, particularly when expressive policies are supported (e.g., an "authorize all" rule), other rules may still be in place authorizing the principal to perform the operation.

func (*ACLGuard) RetractRule 

func (a *ACLGuard) RetractRule(rule string) error

RetractRule removes a rule previously added via AddRule() or the equivalent Authorize() call.

func (*ACLGuard) RuleCount 

func (a *ACLGuard) RuleCount() int

RuleCount returns a count of the total number of rules.

func (*ACLGuard) RuleDebugString 

func (a *ACLGuard) RuleDebugString(i int) string

RuleDebugString returns a debug string for the ith policy rule, if it exists.

func (*ACLGuard) Save 

func (a *ACLGuard) Save(signer *Signer) error

Save writes all persistent policy data to disk, signed by key.

func (*ACLGuard) String 

func (a *ACLGuard) String() string

String returns a string suitable for showing users authorization info.

func (*ACLGuard) Subprincipal 

func (a *ACLGuard) Subprincipal() auth.SubPrin

Subprincipal returns a unique subprincipal for this policy.

type ACLGuardDetails 

type ACLGuardDetails struct {
	SignedAclsPath   *string `protobuf:"bytes,1,opt,name=signed_acls_path" json:"signed_acls_path,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*ACLGuardDetails) GetSignedAclsPath 

func (m *ACLGuardDetails) GetSignedAclsPath() string

func (*ACLGuardDetails) ProtoMessage 

func (*ACLGuardDetails) ProtoMessage()

func (*ACLGuardDetails) Reset 

func (m *ACLGuardDetails) Reset()

func (*ACLGuardDetails) String 

func (m *ACLGuardDetails) String() string

type ACLSet 

type ACLSet struct {
	Entries          []string `protobuf:"bytes,1,rep,name=entries" json:"entries,omitempty"`
	XXX_unrecognized []byte   `json:"-"`
}

A set of ACL entries.

func RequestACLSet 

func RequestACLSet(network, addr string, v *Verifier) (*ACLSet, error)

RequestACLSet requests the policy from a TaoCA running an ACLGuard. Verify the signature with the public policy key `v`.

func (*ACLSet) GetEntries 

func (m *ACLSet) GetEntries() []string

func (*ACLSet) ProtoMessage 

func (*ACLSet) ProtoMessage()

func (*ACLSet) Reset 

func (m *ACLSet) Reset()

func (*ACLSet) String 

func (m *ACLSet) String() string

type AES_CTR_HMAC_SHA_CryptingKeyV1 

type AES_CTR_HMAC_SHA_CryptingKeyV1 struct {
	Mode             *CryptoCipherMode `protobuf:"varint,1,req,name=mode,enum=tao.CryptoCipherMode" json:"mode,omitempty"`
	AesPrivate       []byte            `protobuf:"bytes,2,req,name=aes_private" json:"aes_private,omitempty"`
	HmacPrivate      []byte            `protobuf:"bytes,3,req,name=hmac_private" json:"hmac_private,omitempty"`
	XXX_unrecognized []byte            `json:"-"`
}

func (*AES_CTR_HMAC_SHA_CryptingKeyV1) GetAesPrivate 

func (m *AES_CTR_HMAC_SHA_CryptingKeyV1) GetAesPrivate() []byte

func (*AES_CTR_HMAC_SHA_CryptingKeyV1) GetHmacPrivate 

func (m *AES_CTR_HMAC_SHA_CryptingKeyV1) GetHmacPrivate() []byte

func (*AES_CTR_HMAC_SHA_CryptingKeyV1) GetMode 

func (m *AES_CTR_HMAC_SHA_CryptingKeyV1) GetMode() CryptoCipherMode

func (*AES_CTR_HMAC_SHA_CryptingKeyV1) ProtoMessage 

func (*AES_CTR_HMAC_SHA_CryptingKeyV1) ProtoMessage()

func (*AES_CTR_HMAC_SHA_CryptingKeyV1) Reset 

func (m *AES_CTR_HMAC_SHA_CryptingKeyV1) Reset()

func (*AES_CTR_HMAC_SHA_CryptingKeyV1) String 

func (m *AES_CTR_HMAC_SHA_CryptingKeyV1) String() string

type Attestation 

type Attestation struct {
	// A serialized statement. This is serialized to avoid canonicalization issues
	// when signing and verifying signatures. In Go, this is obtained using
	// cloudproxy/tao/auth.Marshal().
	SerializedStatement []byte `protobuf:"bytes,1,req,name=serialized_statement" json:"serialized_statement,omitempty"`
	// The signer's public key, encoded using clouddproxy/tao/auth.Marshal()
	Signer []byte `protobuf:"bytes,2,req,name=signer" json:"signer,omitempty"`
	// Signature over the serialized statement using TPM or Tao signing.
	Signature []byte `protobuf:"bytes,3,req,name=signature" json:"signature,omitempty"`
	// A delegation attestation that conveys (eventually) that signer speaks for
	// the issuer in the serialized statement. If this is empty, then it must be
	// self evident that signer speaks for the issuer in the serialized statement.
	// This can be added, removed, or replaced without changing the attestation
	// signature, but verification may fail if a required delegation is missing.
	SerializedDelegation []byte `protobuf:"bytes,4,opt,name=serialized_delegation" json:"serialized_delegation,omitempty"`
	// An optional set of further attestations that may pertain, in some way, to
	// the the issuer or signer of this attestation. These can be added or removed
	// without changing the attestation signature. This allows attestations to be
	// piggy-backed, e.g. when an authorization guard requires multiple
	// attestations to check a policy.
	SerializedEndorsements [][]byte `protobuf:"bytes,5,rep,name=serialized_endorsements" json:"serialized_endorsements,omitempty"`
	XXX_unrecognized       []byte   `json:"-"`
}

An Attestation is a signature and a statement together, and it conveys: 

signer says statement

i.e. 

signer says (issuer from time until exp says message)

A valid Attestation encodes a public key within the signer name, and it carries a signature that anyone can verify to (eventually) conclude: 

issuer from time' until exp' says message

Note: Because of time restrictions within attached delegations, restrictions time' and exp' here do not necessarily exactly match the restrictions time and exp on the original serialized statement. If the modified time restriction is met, then we can derive the same conclusion as we would for the included statement, e.g.: 

delegate speaksfor issuer               (for a delegation statement)

or: 

issuer says Pred(arg_1, ..., arg_n)     (for a predicate statement)

That is to say, a valid Attestation that meets its time restriction conveys exactly the same meaning as conveyed by the included statement.

There are two categories of valid Attestations:

(1) In cases where issuer is a subprincipal of (or identical to) signer, no delegation will be present. In these cases, signer speaksfor issuer, so from the attestation: 

signer says (issuer says ...)

we can derive: 

issuer says (issuer says ...)

and further: 

issuer says ...

Example of a category (1) attestation: 

Attestation = {
  statement = "K_aik.PCRs(...) says (K_os speaksfor K_aik.PCRs(...))"
  signer = K_aik
  signature = ...
  delegation = nil
}

Here, an OS has published a delegation statement establishing that key K_os speaks for the OS, and this statement was signed by the TPM K_aik on behalf of the OS. Note that the OS is a subprincipal of the TPM, so the TPM speaks for the OS.

(2) In all other cases, a delegation will be present that, if valid, conveys: 

issuer0 from time0 until exp0 says (delegate speaksfor issuer0)

where issuer is a subprincipal of (or identical to) issuer0 and delegate is a subprincipal of (or identical to) signer. Such a valid delegation can be combined with: 

signer says (issuer from time until exp says ...)

to derive: 

issuer0 from time0 until exp0 says (issuer from time until exp says ...)

And because issuer0 speaks for issuer, we can further derive: 

issuer from time' until exp' says ...

where time' = max(time, time0) and exp = min(exp, exp0).

Example of a category (2) attestation: 

Attestation = {
  statement = "K_aik.PCRs(...).Prog(...) says K_app speaksfor K_aik.PCRs(...).Prog(...)"
  signer = K_os
  signature = ...
  delegation = {
    statement = K_aik.PCRs(...) says K_os speaksfor K_aik.PCRs(...)
    signer = K_aik
    signature = ...
    delegation = nil
  }
}

Here, the OS identified by K_aik.PCRs(...) has signed, using a seemingly unrelated key K_os, a statement on behalf of one of its hosted programs, K_aik.PCRs(...).Prog(...). The embedded delegation statement, signed by K_aik, binds that seemingly unrelated key K_os to the OS's actual identity, K_aik.PCRs(...).

Verifying an attestation signature requires knowing how the signature was produced. We currently define two signature schemes:

(a) Some signatures are produced by the TPM, so here we are bound by the mechanisms implemented by the TPM. In this case, we encode the signer name as 

tpm("..K..") where "..K.." is the serialized, base64w-encoded public half

of the TPM's RSA key K. The TPM only ever signs things on behalf of its hosted programs, so the issuer used in the serialized statement will always have the form: 

tpm("..K..").PCRs("..i..", "..h..")...

where "..i.." is a sorted, comma-separated list of PCR numbers, and "..h.." is the corresponding, comma-separated list of hex-encoded PCR values. The signature is computed roughly as: 

sig = rsa_sign(K, H( H(message) | pcrbuf(i, h) ))

Here, we first hash the statement in a tpm-specific way, then sign the hash with RSA key K. To obtain the statement hash, first hash the serialized statement, including issuer, time, expiration and other information. This intermediate hash is then re-hashed with a tpm-specific encoding of the PCR numbers ("..i..") and values ("..h..") extracted from issuer.

Note: The PCR values are effectively hashed twice, once as part of statement, and separately as part of the pcrbuf datastructure. See optimization note below.

(b) Other signatures are produced in software, and here we have flexibility to use simpler signature schemes. In this case, we encode the signer name as 

key("..K..") where "..K.." is the serialized, base64w-encoded public half

of a DSA key K. The issuer used in the serialized statement can have any form. The signature is roughly: 

sig = dsa_sign(K, H(context|message))

Here, we simply hash the serialized statement, along with some context, then sign it with the private DSA key K. The context used for attestations is defined in Tao.AttestationSigningContext.

Together, this results in four possible combinations:

(1a) No delegation, Tao signature. 

Historical note: This is the old "ROOT" attestation type.
Typically (or maybe always?), signer is the policy key.
The signer is always key("..K..").

(1b) No delegation, TPM signature. 

This is produced by TPMTaoChildChannel.
The signer is always tpm("..K..") and the statement issuer is
always a tpm("..K..").PCRs("..i..", "..h..")...

(2a) Delegation, Tao signature. 

Historical note: This is the old "INTERMEDIATE" attestation type.
The signer is always key("..K..").
The delegation is the head of a chain that eventually terminates in a
type (1a) or (1b) attestation.

(2b) Delegation, TPM signature. 

Historical note: This is the old "TPM_1_2_QUOTE" attestation type.
This combination is no longer used. If it were, the signer would be
tpm("..K..") and the statement issuer would be something like
K_policy.TrustedPlatform. The delegation would be the head of a chain
that eventually terminates in a type (1a) or (1b) attestation. The
issuer at the head of the chain would always be
tpm("..K..").PCRs("..i..", "..h..")

func GenerateAttestation 

func GenerateAttestation(s *Signer, delegation []byte, stmt auth.Says) (*Attestation, error)

GenerateAttestation uses the signing key to generate an attestation for this statement.

func RequestAttestation 

func RequestAttestation(network, addr string, keys *Keys, v *Verifier) (*Attestation, error)

RequestAttestation connects to a CA and gets an attestation back from it. This might be a truncated attestation (in which case, the right next step is to verify the truncated attesation, as in RequestTruncatedAttestation), or it might be some other kind of attestation (like a KeyNegoServer attestation, which provides a policy-key-signed X.509 certificate for the auth name of this program).

func RequestTruncatedAttestation 

func RequestTruncatedAttestation(network, addr string, keys *Keys, v *Verifier) (*Attestation, error)

RequestTruncatedAttestation connects to a CA instance, sends the attestation for an X.509 certificate, and gets back a truncated attestation with a new principal name based on the policy key.

func (*Attestation) GetSerializedDelegation 

func (m *Attestation) GetSerializedDelegation() []byte

func (*Attestation) GetSerializedEndorsements 

func (m *Attestation) GetSerializedEndorsements() [][]byte

func (*Attestation) GetSerializedStatement 

func (m *Attestation) GetSerializedStatement() []byte

func (*Attestation) GetSignature 

func (m *Attestation) GetSignature() []byte

func (*Attestation) GetSigner 

func (m *Attestation) GetSigner() []byte

func (*Attestation) ProtoMessage 

func (*Attestation) ProtoMessage()

func (*Attestation) Reset 

func (m *Attestation) Reset()

func (*Attestation) String 

func (m *Attestation) String() string

func (*Attestation) ValidSigner 

func (a *Attestation) ValidSigner() (auth.Prin, error)

ValidSigner checks the signature on an attestation and, if so, returns the signer.

func (*Attestation) Validate 

func (a *Attestation) Validate() (auth.Says, error)

Validate checks whether an attestation is valid and, if so, it returns the statement conveyed by the attestation.

type CARequest 

type CARequest struct {
	Type             *CAType      `protobuf:"varint,1,req,name=type,enum=tao.CAType" json:"type,omitempty"`
	Attestation      *Attestation `protobuf:"bytes,2,opt,name=attestation" json:"attestation,omitempty"`
	XXX_unrecognized []byte       `json:"-"`
}

func (*CARequest) GetAttestation 

func (m *CARequest) GetAttestation() *Attestation

func (*CARequest) GetType 

func (m *CARequest) GetType() CAType

func (*CARequest) ProtoMessage 

func (*CARequest) ProtoMessage()

func (*CARequest) Reset 

func (m *CARequest) Reset()

func (*CARequest) String 

func (m *CARequest) String() string

type CAResponse 

type CAResponse struct {
	Type               *CAType             `protobuf:"varint,1,req,name=type,enum=tao.CAType" json:"type,omitempty"`
	Attestation        *Attestation        `protobuf:"bytes,2,opt,name=attestation" json:"attestation,omitempty"`
	SignedDatalogRules *SignedDatalogRules `protobuf:"bytes,3,opt,name=signed_datalog_rules" json:"signed_datalog_rules,omitempty"`
	SignedAclSet       *SignedACLSet       `protobuf:"bytes,4,opt,name=signed_acl_set" json:"signed_acl_set,omitempty"`
	XXX_unrecognized   []byte              `json:"-"`
}

func (*CAResponse) GetAttestation 

func (m *CAResponse) GetAttestation() *Attestation

func (*CAResponse) GetSignedAclSet 

func (m *CAResponse) GetSignedAclSet() *SignedACLSet

func (*CAResponse) GetSignedDatalogRules 

func (m *CAResponse) GetSignedDatalogRules() *SignedDatalogRules

func (*CAResponse) GetType 

func (m *CAResponse) GetType() CAType

func (*CAResponse) ProtoMessage 

func (*CAResponse) ProtoMessage()

func (*CAResponse) Reset 

func (m *CAResponse) Reset()

func (*CAResponse) String 

func (m *CAResponse) String() string

type CAType 

type CAType int32
const (
	CAType_ERROR          CAType = 0
	CAType_ATTESTATION    CAType = 1
	CAType_DATALOG_POLICY CAType = 2
	CAType_ACL_POLICY     CAType = 3
	CAType_UNDEFINED      CAType = 4
)

func (CAType) Enum 

func (x CAType) Enum() *CAType

func (CAType) String 

func (x CAType) String() string

func (*CAType) UnmarshalJSON 

func (x *CAType) UnmarshalJSON(data []byte) error

type CachedGuard 

type CachedGuard struct {
	// contains filtered or unexported fields
}

CachedGuard implements the Guard interface on behalf of a remote guard. When the interface is queried, the cached guard checks if it has an up-to-date version of the policy. If it doesn't, it creates a connection to a TaoCA, requests the policy rules, and instantiates a new guard.

func NewCachedGuard 

func NewCachedGuard(vfy *Verifier, t CachedGuardType, network, addr string, ttl int64) *CachedGuard

NewCachedGuard returns a new CachedGuard.

func (*CachedGuard) AddRule 

func (cg *CachedGuard) AddRule(rule string) error

AddRule is not allowed for cached guards.

func (*CachedGuard) Authorize 

func (cg *CachedGuard) Authorize(name auth.Prin, op string, args []string) error

Authorize is not allowed for cached guards, since it doesn't have the private policy key.

func (*CachedGuard) Clear 

func (cg *CachedGuard) Clear() error

Clear deletes the guard. This will cause a Reload() the next time the guard is queried.

func (*CachedGuard) GetRule 

func (cg *CachedGuard) GetRule(i int) string

GetRule returns a string representation of the i-th rule in the policy.

func (*CachedGuard) IsAuthorized 

func (cg *CachedGuard) IsAuthorized(name auth.Prin, op string, args []string) bool

IsAuthorized checks if the principal `name` is authorized to perform `op` on `args`.

func (*CachedGuard) IsExpired 

func (cg *CachedGuard) IsExpired() bool

IsExpired checks if the cached policy is out of date.

func (*CachedGuard) Query 

func (cg *CachedGuard) Query(query string) (bool, error)

Query the policy.

func (*CachedGuard) Reload 

func (cg *CachedGuard) Reload() error

Reload requests the policy from the remote TaoCA and instantiates a new guard.

func (*CachedGuard) Retract 

func (cg *CachedGuard) Retract(name auth.Prin, op string, args []string) error

Retract is not allowed for cached guards.

func (*CachedGuard) RetractRule 

func (cg *CachedGuard) RetractRule(rule string) error

RetractRule is not allowed for cached guards.

func (*CachedGuard) RuleCount 

func (cg *CachedGuard) RuleCount() int

RuleCount returns the number of rules in the policy.

func (*CachedGuard) RuleDebugString 

func (cg *CachedGuard) RuleDebugString(i int) string

RuleDebugString returns a verbose string representation of the i-th rule in the policy useful for debugging.

func (*CachedGuard) Save 

func (cg *CachedGuard) Save(key *Signer) error

Save stores the cached policy to disk.

func (*CachedGuard) String 

func (cg *CachedGuard) String() string

String returns a string representation of the guard.

func (*CachedGuard) Subprincipal 

func (cg *CachedGuard) Subprincipal() auth.SubPrin

Subprincipal returns a Subprin for the guard.

type CachedGuardType 

type CachedGuardType int

CachedGuardType specifies the type of guard being cached. 

const (
	Datalog CachedGuardType = 1 << iota
	ACLs
)

There should be a type for all non-trivial gaurds.

type Config 

type Config struct {
	HostType        HostTaoType
	HostChannelType string
	HostSpec        string
	HostedType      HostedProgramType

	// Variables for the TPM configuration
	TPMAIKPath string
	TPMPCRs    string
	TPMDevice  string
}

A Config stores the information about the Tao, its Host Tao, and the way it creates Hosted Programs.

func NewConfigFromEnv 

func NewConfigFromEnv() Config

NewConfigFromEnv creates a Config using values drawn from environment variables.

func NewConfigFromString 

func NewConfigFromString(htt, htct, f, hpt, tpmaik, tpmpcrs, tpmdev string) Config

NewConfigFromString creates a new Config using strings representing the options.

func (Config) IsValid 

func (tc Config) IsValid() bool

IsValid checks a Config for validity.

func (*Config) Merge 

func (tc *Config) Merge(c Config)

Merge combines two Config values into one. The parameter value take precendence over the existing values unless an incoming value is NoHost, NoChannel, or NoHostedPrograms. This is used to merge a config taken from the environment with a config specified explicitly on the command line. The latter takes precedence where it is explicitly given.

type CoreOSConfig 

type CoreOSConfig struct {
	Name       string
	ImageFile  string
	Memory     int
	RulesPath  string
	SSHKeysCfg string
	SocketPath string
}

A CoreOSConfig contains the details needed to start a new CoreOS VM.

type Crypter 

type Crypter struct {
	// contains filtered or unexported fields
}

A Crypter is used to encrypt and decrypt data.

func GenerateCrypter 

func GenerateCrypter() (*Crypter, error)

GenerateCrypter instantiates a new Crypter with fresh keys.

func UnmarshalCrypterProto 

func UnmarshalCrypterProto(ck *CryptoKey) (*Crypter, error)

UnmarshalCrypterProto decodes a crypting key from a CryptoKey protobuf message.

func (*Crypter) CreateHeader 

func (c *Crypter) CreateHeader() (*CryptoHeader, error)

CreateHeader instantiates and fills in a header for this crypting key.

func (*Crypter) Decrypt 

func (c *Crypter) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt checks the MAC then decrypts ciphertext into plaintext.

func (*Crypter) Encrypt 

func (c *Crypter) Encrypt(data []byte) ([]byte, error)

Encrypt encrypts plaintext into ciphertext and protects ciphertext integrity with a MAC.

type CryptoCipherMode 

type CryptoCipherMode int32
const (
	CryptoCipherMode_CIPHER_MODE_CTR CryptoCipherMode = 1
)

func (CryptoCipherMode) Enum 

func (x CryptoCipherMode) Enum() *CryptoCipherMode

func (CryptoCipherMode) String 

func (x CryptoCipherMode) String() string

func (*CryptoCipherMode) UnmarshalJSON 

func (x *CryptoCipherMode) UnmarshalJSON(data []byte) error

type CryptoDerivingMode 

type CryptoDerivingMode int32
const (
	CryptoDerivingMode_DERIVING_MODE_HKDF CryptoDerivingMode = 1
)

func (CryptoDerivingMode) Enum 

func (x CryptoDerivingMode) Enum() *CryptoDerivingMode

func (CryptoDerivingMode) String 

func (x CryptoDerivingMode) String() string

func (*CryptoDerivingMode) UnmarshalJSON 

func (x *CryptoDerivingMode) UnmarshalJSON(data []byte) error

type CryptoHeader 

type CryptoHeader struct {
	Version          *CryptoVersion `protobuf:"varint,1,req,name=version,enum=tao.CryptoVersion" json:"version,omitempty"`
	KeyHint          []byte         `protobuf:"bytes,2,req,name=key_hint" json:"key_hint,omitempty"`
	XXX_unrecognized []byte         `json:"-"`
}

func (*CryptoHeader) GetKeyHint 

func (m *CryptoHeader) GetKeyHint() []byte

func (*CryptoHeader) GetVersion 

func (m *CryptoHeader) GetVersion() CryptoVersion

func (*CryptoHeader) ProtoMessage 

func (*CryptoHeader) ProtoMessage()

func (*CryptoHeader) Reset 

func (m *CryptoHeader) Reset()

func (*CryptoHeader) String 

func (m *CryptoHeader) String() string

type CryptoKey 

type CryptoKey struct {
	Version          *CryptoVersion             `protobuf:"varint,1,req,name=version,enum=tao.CryptoVersion" json:"version,omitempty"`
	Purpose          *CryptoKey_CryptoPurpose   `protobuf:"varint,2,req,name=purpose,enum=tao.CryptoKey_CryptoPurpose" json:"purpose,omitempty"`
	Algorithm        *CryptoKey_CryptoAlgorithm `protobuf:"varint,3,req,name=algorithm,enum=tao.CryptoKey_CryptoAlgorithm" json:"algorithm,omitempty"`
	Key              []byte                     `protobuf:"bytes,4,req,name=key" json:"key,omitempty"`
	XXX_unrecognized []byte                     `json:"-"`
}

func MarshalCrypterProto 

func MarshalCrypterProto(c *Crypter) (*CryptoKey, error)

MarshalCrypterProto encodes a Crypter as a CryptoKey protobuf message.

func MarshalDeriverProto 

func MarshalDeriverProto(d *Deriver) (*CryptoKey, error)

MarshalDeriverProto encodes a Deriver as a CryptoKey protobuf message.

func MarshalPublicSignerProto 

func MarshalPublicSignerProto(s *Signer) *CryptoKey

MarshalPublicSignerProto encodes the public half of a signing key as a CryptoKey protobuf message.

func MarshalSignerProto 

func MarshalSignerProto(s *Signer) (*CryptoKey, error)

MarshalSignerProto encodes a signing key as a CryptoKey protobuf message.

func MarshalVerifierProto 

func MarshalVerifierProto(v *Verifier) *CryptoKey

MarshalVerifierProto encodes the public verifier key as a CryptoKey protobuf message.

func (*CryptoKey) GetAlgorithm 

func (m *CryptoKey) GetAlgorithm() CryptoKey_CryptoAlgorithm

func (*CryptoKey) GetKey 

func (m *CryptoKey) GetKey() []byte

func (*CryptoKey) GetPurpose 

func (m *CryptoKey) GetPurpose() CryptoKey_CryptoPurpose

func (*CryptoKey) GetVersion 

func (m *CryptoKey) GetVersion() CryptoVersion

func (*CryptoKey) ProtoMessage 

func (*CryptoKey) ProtoMessage()

func (*CryptoKey) Reset 

func (m *CryptoKey) Reset()

func (*CryptoKey) String 

func (m *CryptoKey) String() string

type CryptoKey_CryptoAlgorithm 

type CryptoKey_CryptoAlgorithm int32
const (
	CryptoKey_ECDSA_SHA        CryptoKey_CryptoAlgorithm = 1
	CryptoKey_AES_CTR_HMAC_SHA CryptoKey_CryptoAlgorithm = 2
	CryptoKey_HMAC_SHA         CryptoKey_CryptoAlgorithm = 3
)

func (CryptoKey_CryptoAlgorithm) Enum 

func (x CryptoKey_CryptoAlgorithm) Enum() *CryptoKey_CryptoAlgorithm

func (CryptoKey_CryptoAlgorithm) String 

func (x CryptoKey_CryptoAlgorithm) String() string

func (*CryptoKey_CryptoAlgorithm) UnmarshalJSON 

func (x *CryptoKey_CryptoAlgorithm) UnmarshalJSON(data []byte) error

type CryptoKey_CryptoPurpose 

type CryptoKey_CryptoPurpose int32
const (
	CryptoKey_VERIFYING CryptoKey_CryptoPurpose = 1
	CryptoKey_SIGNING   CryptoKey_CryptoPurpose = 2
	CryptoKey_CRYPTING  CryptoKey_CryptoPurpose = 3
	CryptoKey_DERIVING  CryptoKey_CryptoPurpose = 4
)

func (CryptoKey_CryptoPurpose) Enum 

func (x CryptoKey_CryptoPurpose) Enum() *CryptoKey_CryptoPurpose

func (CryptoKey_CryptoPurpose) String 

func (x CryptoKey_CryptoPurpose) String() string

func (*CryptoKey_CryptoPurpose) UnmarshalJSON 

func (x *CryptoKey_CryptoPurpose) UnmarshalJSON(data []byte) error

type CryptoKeyset 

type CryptoKeyset struct {
	Keys             []*CryptoKey `protobuf:"bytes,1,rep,name=keys" json:"keys,omitempty"`
	Delegation       *Attestation `protobuf:"bytes,2,opt,name=delegation" json:"delegation,omitempty"`
	XXX_unrecognized []byte       `json:"-"`
}

func MarshalKeyset 

func MarshalKeyset(k *Keys) (*CryptoKeyset, error)

MarshalKeyset encodes the keys into a protobuf message.

func (*CryptoKeyset) GetDelegation 

func (m *CryptoKeyset) GetDelegation() *Attestation

func (*CryptoKeyset) GetKeys 

func (m *CryptoKeyset) GetKeys() []*CryptoKey

func (*CryptoKeyset) ProtoMessage 

func (*CryptoKeyset) ProtoMessage()

func (*CryptoKeyset) Reset 

func (m *CryptoKeyset) Reset()

func (*CryptoKeyset) String 

func (m *CryptoKeyset) String() string

type CryptoVersion 

type CryptoVersion int32
const (
	CryptoVersion_CRYPTO_VERSION_1 CryptoVersion = 1
)

func (CryptoVersion) Enum 

func (x CryptoVersion) Enum() *CryptoVersion

func (CryptoVersion) String 

func (x CryptoVersion) String() string

func (*CryptoVersion) UnmarshalJSON 

func (x *CryptoVersion) UnmarshalJSON(data []byte) error

type DatalogGuard 

type DatalogGuard struct {
	Config DatalogGuardDetails
	Key    *Verifier
	// contains filtered or unexported fields
}

DatalogGuard implements a datalog-based policy engine. Rules in this engine have the form: 

(forall X, Y, Z... : F implies G)

where 

F is a predicate or a conjunction of predicates
G is a predicate

All predicate arguments must be either concrete terms (Int, Str, Prin, etc.) or term-valued variables (TermVar) bound by the quantification. Any variable appearing in G must also appear in F. If there are no variables, the quantification can be omitted. The implication and its antecedent F can be omitted (in which case there can be no variables so the quantification must be omitted as well).

TODO(kwalsh) We could easily support a slightly broader class of formulas, e.g. by allowing G to be a conjunct of predicates, or by allowing a disjunction of conjunctions for F. Anything beyond that seems complicated.

Datalog translation

We assume K speaksfor the guard, where K is the key used to sign the policy file. If there is no signing key, a temporary principal (with a bogus key) is used for K instead. All deduction takes place within the worldview of Guard. Other than this relationship between K and the guard, we don't model the says and speaksfor logic within datalog.

Term objects are usually translated to datalog by just printing them. In this case, a Prin object must not contain any TermVar objects. TermVar objects must be uppercase.

"Term says Pred(...)" is translated to "says(Term, \"Pred\", ...)".

"Pred(...)" alone is translated to "says(K, \"Pred\", ...)".

"forall ... F1 and F2 and ... imp G" is translated to "G :- F1, F2, ...". Not safe for concurrent use by goroutines.

func NewDatalogGuard 

func NewDatalogGuard(verifier *Verifier) *DatalogGuard

NewDatalogGuard returns a new datalog guard without configuring a rules file.

func NewDatalogGuardFromConfig 

func NewDatalogGuardFromConfig(verifier *Verifier, config DatalogGuardDetails) (*DatalogGuard, error)

NewDatalogGuardFromConfig returns a new datalog guard that uses a signed, persistent rule set. ReloadIfModified() should be called to load the rule set.

func (*DatalogGuard) AddRule 

func (g *DatalogGuard) AddRule(rule string) error

AddRule adds a policy rule.

func (*DatalogGuard) Authorize 

func (g *DatalogGuard) Authorize(p auth.Prin, op string, args []string) error

Authorize adds an authorization for p to perform op(args).

func (*DatalogGuard) Clear 

func (g *DatalogGuard) Clear() error

Clear removes all rules.

func (*DatalogGuard) GetRule 

func (g *DatalogGuard) GetRule(i int) string

GetRule returns the ith policy rule, if it exists.

func (*DatalogGuard) GetSignedDatalogRules 

func (g *DatalogGuard) GetSignedDatalogRules(signer *Signer) (*SignedDatalogRules, error)

GetSignedDatalogRules serializes and signs the datalog rules and returns a SignedDatalogRules pointer.

func (*DatalogGuard) IsAuthorized 

func (g *DatalogGuard) IsAuthorized(p auth.Prin, op string, args []string) bool

IsAuthorized checks whether p is authorized to perform op(args).

func (*DatalogGuard) Query 

func (g *DatalogGuard) Query(query string) (bool, error)

Query the policy. Implementations of this interface should support at least queries of the form: Authorized(P, op, args...).

func (*DatalogGuard) ReloadIfModified 

func (g *DatalogGuard) ReloadIfModified() error

ReloadIfModified reads all persistent policy data from disk if the file timestamp is more recent than the last time it was read.

func (*DatalogGuard) Retract 

func (g *DatalogGuard) Retract(p auth.Prin, op string, args []string) error

Retract removes an authorization for p to perform op(args).

func (*DatalogGuard) RetractRule 

func (g *DatalogGuard) RetractRule(rule string) error

RetractRule removes a rule previously added via AddRule() or the equivalent Authorize() call.

func (*DatalogGuard) RuleCount 

func (g *DatalogGuard) RuleCount() int

RuleCount returns a count of the total number of rules.

func (*DatalogGuard) RuleDebugString 

func (g *DatalogGuard) RuleDebugString(i int) string

RuleDebugString returns a debug string for the ith policy rule, if it exists.

func (*DatalogGuard) Save 

func (g *DatalogGuard) Save(signer *Signer) error

Save writes all persistent policy data to disk, signed by key.

func (*DatalogGuard) String 

func (g *DatalogGuard) String() string

String returns a string suitable for showing users authorization info.

func (*DatalogGuard) Subprincipal 

func (g *DatalogGuard) Subprincipal() auth.SubPrin

Subprincipal returns subprincipal DatalogGuard, for temporary guards, or DatalogGuard(<key>) for persistent guards.

type DatalogGuardDetails 

type DatalogGuardDetails struct {
	SignedRulesPath  *string `protobuf:"bytes,2,opt,name=signed_rules_path" json:"signed_rules_path,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*DatalogGuardDetails) GetSignedRulesPath 

func (m *DatalogGuardDetails) GetSignedRulesPath() string

func (*DatalogGuardDetails) ProtoMessage 

func (*DatalogGuardDetails) ProtoMessage()

func (*DatalogGuardDetails) Reset 

func (m *DatalogGuardDetails) Reset()

func (*DatalogGuardDetails) String 

func (m *DatalogGuardDetails) String() string

type DatalogRules 

type DatalogRules struct {
	Rules            [][]byte `protobuf:"bytes,1,rep,name=rules" json:"rules,omitempty"`
	XXX_unrecognized []byte   `json:"-"`
}

A set of rules.

func RequestDatalogRules 

func RequestDatalogRules(network, addr string, v *Verifier) (*DatalogRules, error)

RequestDatalogRules requests the policy from a TaoCA running a DatalogGuard. Verify the signature with the public policy key `v`.

func (*DatalogRules) GetRules 

func (m *DatalogRules) GetRules() [][]byte

func (*DatalogRules) ProtoMessage 

func (*DatalogRules) ProtoMessage()

func (*DatalogRules) Reset 

func (m *DatalogRules) Reset()

func (*DatalogRules) String 

func (m *DatalogRules) String() string

type Deriver 

type Deriver struct {
	// contains filtered or unexported fields
}

A Deriver is used to derive key material from a context using HKDF.

func GenerateDeriver 

func GenerateDeriver() (*Deriver, error)

GenerateDeriver generates a deriver with a fresh secret.

func UnmarshalDeriverProto 

func UnmarshalDeriverProto(ck *CryptoKey) (*Deriver, error)

UnmarshalDeriverProto decodes a deriving key from a CryptoKey protobuf message.

func (*Deriver) Derive 

func (d *Deriver) Derive(salt, context, material []byte) error

Derive uses HKDF with HMAC-SHA256 to derive key bytes in its material parameter.

type DockerContainer 

type DockerContainer struct {

	// Hash of the docker image.
	Hash []byte

	// The factory responsible for the hosted process.
	Factory *LinuxDockerContainerFactory

	ImageName   string
	SocketPath  string
	CidfilePath string
	RulesPath   string

	// The underlying docker process.
	Cmd *exec.Cmd

	// A channel to be signaled when the vm is done.
	Done chan bool
	// contains filtered or unexported fields
}

A DockerContainer represents a hosted program running as a Docker container. It uses os/exec.Cmd and the `docker` program to send commands to the Docker daemon rather than using the docker client API directly. This is so that this code doesn't depend on the docker code for now.

func (*DockerContainer) Cleanup 

func (p *DockerContainer) Cleanup() error

func (*DockerContainer) ContainerName 

func (dc *DockerContainer) ContainerName() (string, error)

func (*DockerContainer) ExitStatus 

func (dc *DockerContainer) ExitStatus() (int, error)

ExitStatus returns an exit code for the container.

func (*DockerContainer) Kill 

func (dc *DockerContainer) Kill() error

Kill sends a SIGKILL signal to a docker container.

func (*DockerContainer) Pid 

func (dc *DockerContainer) Pid() int

Pid returns a numeric ID for this docker container.

func (*DockerContainer) Spec 

func (dc *DockerContainer) Spec() HostedProgramSpec

Spec returns the specification used to start the hosted docker container.

func (*DockerContainer) Start 

func (dc *DockerContainer) Start() (channel io.ReadWriteCloser, err error)

Start builds the docker container from the tar file and launches it.

func (*DockerContainer) StartDocker 

func (dc *DockerContainer) StartDocker() error

StartDocker starts a docker container using the docker run subcommand.

func (*DockerContainer) Stop 

func (dc *DockerContainer) Stop() error

Stop sends a SIGSTOP signal to a docker container.

func (*DockerContainer) Subprin 

func (dc *DockerContainer) Subprin() auth.SubPrin

Subprin returns the subprincipal representing the hosted docker container..

func (*DockerContainer) WaitChan 

func (dc *DockerContainer) WaitChan() <-chan bool

WaitChan returns a chan that will be signaled when the hosted vm is done.

type Domain 

type Domain struct {
	Config     DomainConfig
	ConfigPath string
	Keys       *Keys
	Guard      Guard
}

Domain manages domain-wide authorization policies and configuration for a single Tao administrative domain. Configuration includes a name, domain guard type, ACLs or other guard-specific policy data, and a key pair for signing policy data.

Except for a password used to encrypt the policy private key, top-level configuration data for Domain is stored in a text file, typically named "tao.config". This configuration file contains the locations of all other files and directories, e.g. configuration files for the domain guard. File and directory paths within the tao.config file are relative to the location of the tao.config file itself.

func CreateDomain 

func CreateDomain(cfg DomainConfig, configPath string, password []byte) (*Domain, error)

CreateDomain initializes a new Domain, writing its configuration files to a directory. This creates the directory if needed, creates a policy key pair (encrypted with the given password when stored on disk), and initializes a default guard of the appropriate type if needed. Any parameters left empty in cfg will be set to reasonable default values.

func LoadDomain 

func LoadDomain(configPath string, password []byte) (*Domain, error)

LoadDomain initialize a Domain from an existing configuration file. If password is nil, the object will be "locked", meaning that the policy private signing key will not be available, new ACL entries or attestations can not be signed, etc. Otherwise, password will be used to unlock the policy private signing key.

func (*Domain) CreatePublicCachedDomain 

func (d *Domain) CreatePublicCachedDomain(network, addr string, ttl int64) (*Domain, error)

Create a public domain with a CachedGuard. TODO(cjpatton) create a net.Conn here. defer Close() somehow. Add new constructor from a net.Conn that doesn't save the domain to disk. Refactor Request's in ca.go to use already existing connection.

func (*Domain) ExtendTaoName 

func (d *Domain) ExtendTaoName(tao Tao) error

ExtendTaoName uses a Domain's Verifying key to extend the Tao with a subprincipal PolicyKey([...]).

func (*Domain) RulesPath 

func (d *Domain) RulesPath() string

RulesPath returns the path that should be used for the rules/acls for a given domain. If the guard is not Datalog or ACLs, then it returns the empty string.

func (*Domain) Save 

func (d *Domain) Save() error

Save writes all domain configuration and policy data.

func (*Domain) String 

func (d *Domain) String() string

String returns the name of the domain.

func (*Domain) Subprincipal 

func (d *Domain) Subprincipal() auth.SubPrin

Subprincipal returns a subprincipal suitable for contextualizing a program.

type DomainConfig 

type DomainConfig struct {
	DomainInfo       *DomainDetails       `protobuf:"bytes,1,opt,name=domain_info" json:"domain_info,omitempty"`
	X509Info         *X509Details         `protobuf:"bytes,2,opt,name=x509_info" json:"x509_info,omitempty"`
	AclGuardInfo     *ACLGuardDetails     `protobuf:"bytes,3,opt,name=acl_guard_info" json:"acl_guard_info,omitempty"`
	DatalogGuardInfo *DatalogGuardDetails `protobuf:"bytes,4,opt,name=datalog_guard_info" json:"datalog_guard_info,omitempty"`
	TpmInfo          *TPMDetails          `protobuf:"bytes,5,opt,name=tpm_info" json:"tpm_info,omitempty"`
	XXX_unrecognized []byte               `json:"-"`
}

func (*DomainConfig) GetAclGuardInfo 

func (m *DomainConfig) GetAclGuardInfo() *ACLGuardDetails

func (*DomainConfig) GetDatalogGuardInfo 

func (m *DomainConfig) GetDatalogGuardInfo() *DatalogGuardDetails

func (*DomainConfig) GetDomainInfo 

func (m *DomainConfig) GetDomainInfo() *DomainDetails

func (*DomainConfig) GetTpmInfo 

func (m *DomainConfig) GetTpmInfo() *TPMDetails

func (*DomainConfig) GetX509Info 

func (m *DomainConfig) GetX509Info() *X509Details

func (*DomainConfig) ProtoMessage 

func (*DomainConfig) ProtoMessage()

func (*DomainConfig) Reset 

func (m *DomainConfig) Reset()

func (*DomainConfig) SetDefaults 

func (cfg *DomainConfig) SetDefaults()

SetDefaults sets each blank field of cfg to a reasonable default value.

func (*DomainConfig) String 

func (m *DomainConfig) String() string

type DomainDetails 

type DomainDetails struct {
	Name             *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
	PolicyKeysPath   *string `protobuf:"bytes,2,opt,name=policy_keys_path" json:"policy_keys_path,omitempty"`
	GuardType        *string `protobuf:"bytes,3,opt,name=guard_type" json:"guard_type,omitempty"`
	GuardNetwork     *string `protobuf:"bytes,4,opt,name=guard_network" json:"guard_network,omitempty"`
	GuardAddress     *string `protobuf:"bytes,5,opt,name=guard_address" json:"guard_address,omitempty"`
	GuardTtl         *int64  `protobuf:"varint,6,opt,name=guard_ttl" json:"guard_ttl,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*DomainDetails) GetGuardAddress 

func (m *DomainDetails) GetGuardAddress() string

func (*DomainDetails) GetGuardNetwork 

func (m *DomainDetails) GetGuardNetwork() string

func (*DomainDetails) GetGuardTtl 

func (m *DomainDetails) GetGuardTtl() int64

func (*DomainDetails) GetGuardType 

func (m *DomainDetails) GetGuardType() string

func (*DomainDetails) GetName 

func (m *DomainDetails) GetName() string

func (*DomainDetails) GetPolicyKeysPath 

func (m *DomainDetails) GetPolicyKeysPath() string

func (*DomainDetails) ProtoMessage 

func (*DomainDetails) ProtoMessage()

func (*DomainDetails) Reset 

func (m *DomainDetails) Reset()

func (*DomainDetails) String 

func (m *DomainDetails) String() string

type DomainTemplate 

type DomainTemplate struct {
	Config       *DomainConfig `protobuf:"bytes,1,opt,name=config" json:"config,omitempty"`
	DatalogRules []string      `protobuf:"bytes,2,rep,name=datalog_rules" json:"datalog_rules,omitempty"`
	AclRules     []string      `protobuf:"bytes,3,rep,name=acl_rules" json:"acl_rules,omitempty"`
	// The name of the host (used for policy statements)
	HostName          *string `protobuf:"bytes,4,opt,name=host_name" json:"host_name,omitempty"`
	HostPredicateName *string `protobuf:"bytes,5,opt,name=host_predicate_name" json:"host_predicate_name,omitempty"`
	// Program names (as paths to binaries)
	ProgramPaths         []string `protobuf:"bytes,6,rep,name=program_paths" json:"program_paths,omitempty"`
	ProgramPredicateName *string  `protobuf:"bytes,7,opt,name=program_predicate_name" json:"program_predicate_name,omitempty"`
	// Container names (as paths to images)
	ContainerPaths         []string `protobuf:"bytes,8,rep,name=container_paths" json:"container_paths,omitempty"`
	ContainerPredicateName *string  `protobuf:"bytes,9,opt,name=container_predicate_name" json:"container_predicate_name,omitempty"`
	// VM names (as paths to images)
	VmPaths         []string `protobuf:"bytes,10,rep,name=vm_paths" json:"vm_paths,omitempty"`
	VmPredicateName *string  `protobuf:"bytes,11,opt,name=vm_predicate_name" json:"vm_predicate_name,omitempty"`
	// LinuxHost names (as paths to images)
	LinuxHostPaths         []string `protobuf:"bytes,12,rep,name=linux_host_paths" json:"linux_host_paths,omitempty"`
	LinuxHostPredicateName *string  `protobuf:"bytes,13,opt,name=linux_host_predicate_name" json:"linux_host_predicate_name,omitempty"`
	// The name of the predicate to use for trusted guards.
	GuardPredicateName *string `protobuf:"bytes,14,opt,name=guard_predicate_name" json:"guard_predicate_name,omitempty"`
	// The name of the predicate to use for trusted TPMs.
	TpmPredicateName *string `protobuf:"bytes,15,opt,name=tpm_predicate_name" json:"tpm_predicate_name,omitempty"`
	// The name of the predicate to use for trusted OSs.
	OsPredicateName  *string `protobuf:"bytes,16,opt,name=os_predicate_name" json:"os_predicate_name,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*DomainTemplate) GetAclRules 

func (m *DomainTemplate) GetAclRules() []string

func (*DomainTemplate) GetConfig 

func (m *DomainTemplate) GetConfig() *DomainConfig

func (*DomainTemplate) GetContainerPaths 

func (m *DomainTemplate) GetContainerPaths() []string

func (*DomainTemplate) GetContainerPredicateName 

func (m *DomainTemplate) GetContainerPredicateName() string

func (*DomainTemplate) GetDatalogRules 

func (m *DomainTemplate) GetDatalogRules() []string

func (*DomainTemplate) GetGuardPredicateName 

func (m *DomainTemplate) GetGuardPredicateName() string

func (*DomainTemplate) GetHostName 

func (m *DomainTemplate) GetHostName() string

func (*DomainTemplate) GetHostPredicateName 

func (m *DomainTemplate) GetHostPredicateName() string

func (*DomainTemplate) GetLinuxHostPaths 

func (m *DomainTemplate) GetLinuxHostPaths() []string

func (*DomainTemplate) GetLinuxHostPredicateName 

func (m *DomainTemplate) GetLinuxHostPredicateName() string

func (*DomainTemplate) GetOsPredicateName 

func (m *DomainTemplate) GetOsPredicateName() string

func (*DomainTemplate) GetProgramPaths 

func (m *DomainTemplate) GetProgramPaths() []string

func (*DomainTemplate) GetProgramPredicateName 

func (m *DomainTemplate) GetProgramPredicateName() string

func (*DomainTemplate) GetTpmPredicateName 

func (m *DomainTemplate) GetTpmPredicateName() string

func (*DomainTemplate) GetVmPaths 

func (m *DomainTemplate) GetVmPaths() []string

func (*DomainTemplate) GetVmPredicateName 

func (m *DomainTemplate) GetVmPredicateName() string

func (*DomainTemplate) ProtoMessage 

func (*DomainTemplate) ProtoMessage()

func (*DomainTemplate) Reset 

func (m *DomainTemplate) Reset()

func (*DomainTemplate) String 

func (m *DomainTemplate) String() string

type ECDSA_SHA_SigningKeyV1 

type ECDSA_SHA_SigningKeyV1 struct {
	Curve            *NamedEllipticCurve `protobuf:"varint,1,req,name=curve,enum=tao.NamedEllipticCurve" json:"curve,omitempty"`
	EcPrivate        []byte              `protobuf:"bytes,2,req,name=ec_private" json:"ec_private,omitempty"`
	EcPublic         []byte              `protobuf:"bytes,3,req,name=ec_public" json:"ec_public,omitempty"`
	XXX_unrecognized []byte              `json:"-"`
}

func (*ECDSA_SHA_SigningKeyV1) GetCurve 

func (m *ECDSA_SHA_SigningKeyV1) GetCurve() NamedEllipticCurve

func (*ECDSA_SHA_SigningKeyV1) GetEcPrivate 

func (m *ECDSA_SHA_SigningKeyV1) GetEcPrivate() []byte

func (*ECDSA_SHA_SigningKeyV1) GetEcPublic 

func (m *ECDSA_SHA_SigningKeyV1) GetEcPublic() []byte

func (*ECDSA_SHA_SigningKeyV1) ProtoMessage 

func (*ECDSA_SHA_SigningKeyV1) ProtoMessage()

func (*ECDSA_SHA_SigningKeyV1) Reset 

func (m *ECDSA_SHA_SigningKeyV1) Reset()

func (*ECDSA_SHA_SigningKeyV1) String 

func (m *ECDSA_SHA_SigningKeyV1) String() string

type ECDSA_SHA_VerifyingKeyV1 

type ECDSA_SHA_VerifyingKeyV1 struct {
	Curve            *NamedEllipticCurve `protobuf:"varint,1,req,name=curve,enum=tao.NamedEllipticCurve" json:"curve,omitempty"`
	EcPublic         []byte              `protobuf:"bytes,2,req,name=ec_public" json:"ec_public,omitempty"`
	XXX_unrecognized []byte              `json:"-"`
}

func (*ECDSA_SHA_VerifyingKeyV1) GetCurve 

func (m *ECDSA_SHA_VerifyingKeyV1) GetCurve() NamedEllipticCurve

func (*ECDSA_SHA_VerifyingKeyV1) GetEcPublic 

func (m *ECDSA_SHA_VerifyingKeyV1) GetEcPublic() []byte

func (*ECDSA_SHA_VerifyingKeyV1) ProtoMessage 

func (*ECDSA_SHA_VerifyingKeyV1) ProtoMessage()

func (*ECDSA_SHA_VerifyingKeyV1) Reset 

func (m *ECDSA_SHA_VerifyingKeyV1) Reset()

func (*ECDSA_SHA_VerifyingKeyV1) String 

func (m *ECDSA_SHA_VerifyingKeyV1) String() string

type EncryptedData 

type EncryptedData struct {
	Header           *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"`
	Iv               []byte        `protobuf:"bytes,2,req,name=iv" json:"iv,omitempty"`
	Ciphertext       []byte        `protobuf:"bytes,3,req,name=ciphertext" json:"ciphertext,omitempty"`
	Mac              []byte        `protobuf:"bytes,4,opt,name=mac" json:"mac,omitempty"`
	XXX_unrecognized []byte        `json:"-"`
}

The result of encrypting.

func (*EncryptedData) GetCiphertext 

func (m *EncryptedData) GetCiphertext() []byte

func (*EncryptedData) GetHeader 

func (m *EncryptedData) GetHeader() *CryptoHeader

func (*EncryptedData) GetIv 

func (m *EncryptedData) GetIv() []byte

func (*EncryptedData) GetMac 

func (m *EncryptedData) GetMac() []byte

func (*EncryptedData) ProtoMessage 

func (*EncryptedData) ProtoMessage()

func (*EncryptedData) Reset 

func (m *EncryptedData) Reset()

func (*EncryptedData) String 

func (m *EncryptedData) String() string

type Guard 

type Guard interface {
	// Subprincipal returns a unique subprincipal for this policy.
	Subprincipal() auth.SubPrin

	// Save writes all presistent policy data to disk, signed by key.
	Save(key *Signer) error

	// Authorize adds an authorization for a principal to perform an
	// operation.
	Authorize(name auth.Prin, op string, args []string) error

	// Retract removes an authorization for a principal to perform an
	// operation, essentially reversing the effect of an Authorize() call
	// with identical name, op, and args. Note: this reverses the effect of
	// an Authorize() call with identical parameters of the equivalent
	// AddRule() call. However, particularly when expressive policies are
	// supported (e.g., an "authorize all" rule), other rules may still be
	// in place authorizing the principal to perform the operation.
	Retract(name auth.Prin, op string, args []string) error

	// IsAuthorized checks whether a principal is authorized to perform an
	// operation.
	IsAuthorized(name auth.Prin, op string, args []string) bool

	// AddRule adds a policy rule. Subclasses should support at least rules
	// of the form: Authorized(P, op, args...). This is equivalent to
	// calling Authorize(P, op, args...) with each of the arguments
	// converted to either a string or integer.
	AddRule(rule string) error

	// RetractRule removes a rule previously added via AddRule() or the
	// equivalent Authorize() call.
	RetractRule(rule string) error

	// Clear removes all rules.
	Clear() error

	// Query the policy. Implementations of this interface should support
	// at least queries of the form: Authorized(P, op, args...).
	Query(query string) (bool, error)

	// RuleCount returns a count of the total number of rules.
	RuleCount() int

	// GetRule returns the ith policy rule, if it exists.
	GetRule(i int) string

	// RuleDebugString returns a debug string for the ith policy rule, if
	// it exists.
	RuleDebugString(i int) string

	// String returns a string suitable for showing users authorization
	// info.
	String() string
}

Guard is an interface for evaluating policy decisions.

func LoadACLGuard 

func LoadACLGuard(key *Verifier, config ACLGuardDetails) (Guard, error)

LoadACLGuard restores a set of rules saved with Save. It replaces any rules in the ACLGuard with the rules it loaded. In the process, it also checks the signature created during the Save process.

func NewACLGuard 

func NewACLGuard(key *Verifier, config ACLGuardDetails) Guard

NewACLGuard produces a Guard implementation that implements ACLGuard.

func NewTemporaryDatalogGuard 

func NewTemporaryDatalogGuard() Guard

NewTemporaryDatalogGuard returns a new datalog guard with a fresh, unsigned, non-persistent rule set. It adds a custom predicate subprin(P, O, E) to check if a principal P is a subprincipal O.E.

type HMAC_SHA_DerivingKeyV1 

type HMAC_SHA_DerivingKeyV1 struct {
	Mode             *CryptoDerivingMode `protobuf:"varint,1,req,name=mode,enum=tao.CryptoDerivingMode" json:"mode,omitempty"`
	HmacPrivate      []byte              `protobuf:"bytes,2,req,name=hmac_private" json:"hmac_private,omitempty"`
	XXX_unrecognized []byte              `json:"-"`
}

func (*HMAC_SHA_DerivingKeyV1) GetHmacPrivate 

func (m *HMAC_SHA_DerivingKeyV1) GetHmacPrivate() []byte

func (*HMAC_SHA_DerivingKeyV1) GetMode 

func (m *HMAC_SHA_DerivingKeyV1) GetMode() CryptoDerivingMode

func (*HMAC_SHA_DerivingKeyV1) ProtoMessage 

func (*HMAC_SHA_DerivingKeyV1) ProtoMessage()

func (*HMAC_SHA_DerivingKeyV1) Reset 

func (m *HMAC_SHA_DerivingKeyV1) Reset()

func (*HMAC_SHA_DerivingKeyV1) String 

func (m *HMAC_SHA_DerivingKeyV1) String() string

type Host 

type Host interface {
	// GetRandomBytes returns a slice of n random bytes.
	GetRandomBytes(childSubprin auth.SubPrin, n int) (bytes []byte, err error)

	// GetSharedSecret returns a slice of n secret bytes.
	GetSharedSecret(tag string, n int) (bytes []byte, err error)

	// Attest requests the Tao host sign a statement on behalf of the caller.
	Attest(childSubprin auth.SubPrin, issuer *auth.Prin,
		time, expiration *int64, message auth.Form) (*Attestation, error)

	// Encrypt data so that only this host can access it.
	Encrypt(data []byte) (encrypted []byte, err error)

	// Decrypt data that only this host can access.
	Decrypt(encrypted []byte) (data []byte, err error)

	// Notify this Host that a new hosted program has been created.
	AddedHostedProgram(childSubprin auth.SubPrin) error

	// Notify this Host that a hosted program has been killed.
	RemovedHostedProgram(childSubprin auth.SubPrin) error

	// Get the Tao principal name assigned to this hosted Tao host. The
	// name encodes the full path from the root Tao, through all
	// intermediary Tao hosts, to this hosted Tao host.
	HostName() auth.Prin
}

Host is a generic interface for a Tao host that can be configured and driven by a variety of host environments. Generally, the host environment is responsible for enforcing and managing policy, managing hosted programs (e.g. measuring, naming, starting, stopping), communication with hosted programs (e.g. channel creation, RPC reception), and other host-specific details.

Because the environment calls Host in response to requests from hosted processes invoking the Tao interface, several Host methods resemble methods in Tao. Semantics and method signatures differ slightly, however, since the environment can add context (e.g., the subprincipal name of the requesting child) or do part of the implementation (e.g., manage policy on seal/unseal).

func NewTaoRootHost 

func NewTaoRootHost() (Host, error)

NewTaoRootHost generates a new RootHost with a fresh set of temporary keys.

func NewTaoRootHostFromKeys 

func NewTaoRootHostFromKeys(k *Keys) (Host, error)

NewTaoRootHostFromKeys returns a RootHost that uses these keys.

func NewTaoStackedHost 

func NewTaoStackedHost(t Tao) (Host, error)

NewTaoStackedHost generates a new StackedHost with a fresh set of temporary keys.

func NewTaoStackedHostFromKeys 

func NewTaoStackedHostFromKeys(k *Keys, t Tao) (Host, error)

NewTaoStackedHostFromKeys takes ownership of an existing set of keys and returns a StackedHost that uses these keys over an existing host Tao.

type HostTaoType 

type HostTaoType int

The HostTaoType is the type of Tao (either a Root of trust, or Stacked on another Tao) 

const (
	NoHost HostTaoType = iota
	Root
	Stacked
)

These constants represent the different types of configurations for the Tao.

type HostedProcess 

type HostedProcess struct {

	// The value to be used as argv[0]
	Argv0 string

	// A secured, private copy of the executable.
	Temppath string

	// A temporary directory for storing the temporary executable.
	Tempdir string

	// Hash of the executable.
	Hash []byte

	// The underlying process.
	Cmd exec.Cmd

	// The factory responsible for the hosted process.
	Factory *LinuxProcessFactory

	// A channel to be signaled when the process is done.
	Done chan bool
	// contains filtered or unexported fields
}

A LinuxProcess represents a hosted program that executes as a linux process.

func (*HostedProcess) Cleanup 

func (p *HostedProcess) Cleanup() error

func (*HostedProcess) ExitStatus 

func (p *HostedProcess) ExitStatus() (int, error)

ExitStatus returns an exit code for the process.

func (*HostedProcess) Kill 

func (p *HostedProcess) Kill() error

Kill kills an os/exec.Cmd process.

func (*HostedProcess) Pid 

func (p *HostedProcess) Pid() int

Pid returns the pid of the underlying os/exec.Cmd instance.

func (*HostedProcess) Spec 

func (p *HostedProcess) Spec() HostedProgramSpec

Spec returns the specification used to start the hosted process.

func (*HostedProcess) Start 

func (p *HostedProcess) Start() (channel io.ReadWriteCloser, err error)

Start starts the the hosted process and returns a tao channel to it.

func (*HostedProcess) Stop 

func (p *HostedProcess) Stop() error

Stop tries to send SIGTERM to a process.

func (*HostedProcess) Subprin 

func (p *HostedProcess) Subprin() auth.SubPrin

Subprin returns the subprincipal representing the hosted process.

func (*HostedProcess) WaitChan 

func (p *HostedProcess) WaitChan() <-chan bool

WaitChan returns a chan that will be signaled when the hosted process is done.

type HostedProgram 

type HostedProgram interface {

	// Spec returns the specification used to start the hosted program.
	Spec() HostedProgramSpec

	// Subprin returns the subprincipal representing the hosted program.
	Subprin() auth.SubPrin

	// Start starts the the hosted program and returns a tao channel to it.
	Start() (io.ReadWriteCloser, error)

	// Kill kills the hosted program and cleans up resources.
	Kill() error

	// Stop stops the hosted program and cleans up resources.
	Stop() error

	WaitChan() <-chan bool

	// Cleanup cleans up resources, such as temporary files.
	Cleanup() error

	// Pid returns a factory-specific numeric identifier.
	Pid() int

	// ExitStatus returns a factory-specific exit status code if
	// the hosted program has exited.
	ExitStatus() (int, error)
}

A HostedProgram is an abstraction of a process. It is closely related to os/exec.Cmd and github.com/docker/docker/daemon.Container.

type HostedProgramFactory 

type HostedProgramFactory interface {

	// NewHostedProgram initializes, but does not start, a hosted program.
	NewHostedProgram(spec HostedProgramSpec) (HostedProgram, error)
}

A HostedProgramFactory manages the creation of hosted programs. For example, on Linux, it might create processes using fork, or it might create processes running on docker containers. It might also start a virtual machine containing a new instance of an operating system.

func NewLinuxDockerContainerFactory 

func NewLinuxDockerContainerFactory(sockDir, rulesPath string) HostedProgramFactory

NewLinuxDockerContainerFactory returns a new HostedProgramFactory that can create docker containers to wrap programs.

func NewLinuxKVMCoreOSFactory 

func NewLinuxKVMCoreOSFactory(sockPath string, cfg *CoreOSConfig) (HostedProgramFactory, error)

NewLinuxKVMCoreOSFactory returns a new HostedProgramFactory that can create docker containers to wrap programs. TODO(kwalsh) fix comment.

func NewLinuxProcessFactory 

func NewLinuxProcessFactory(channelType, socketPath string) HostedProgramFactory

NewLinuxProcessFactory returns a new HostedProgramFactory that can create linux processes.

type HostedProgramSpec 

type HostedProgramSpec struct {

	// Id is an optional number to be included in the subprincipal name. If
	// zero, it will be omitted.
	Id uint

	// Path specifies a file, e.g. an executable or a vm image, to be
	// executed in some factory-specific way.
	Path string

	// Args are passed to the hosted program in some factory-specific way,
	// e.g. as command line arguments.
	Args []string

	// ContainerArgs are used to configure the factory-specific container in
	// which the hosted program is executed, e.g. by being passed as parameters
	// to `docker run`.
	ContainerArgs []string

	// Uid is a the linux uid under which the hosted program is to be executed.
	// Zero is not a legal value unless Superuser is set.
	Uid int

	// Gid is a the linux uid under which the hosted program is to be executed.
	// Zero is not a legal value unless Superuser is set.
	Gid int

	// Superuser enables running the hosted program with Uid or Gid 0. This
	// field is meant to prevent an accidentally omitted Uid from being
	// interpreted as a request to run the hosted program as superuser. Instead,
	// superuser must explicitly be set.
	Superuser bool

	// Stdin, Stdout, and Stderr are open file descriptors to be shared with the
	// hosted program in a factory-specific way. If nil, factory-specific
	// default values are used, e.g. perhaps /dev/null or inheriting from the
	// tao host server. If not nil, these must have a File.Fd().
	Stdin, Stdout, Stderr *os.File

	// Dir is the directory in which to start the program. If empty, a
	// factory-specific default will be used, e.g. perhaps the tao host server's
	// directory, or perhaps dirname(Path).
	Dir string

	// Env specifies the environment of the hosted program. If Env is nil, a
	// factory-specific default environment will be used. Some factories may
	// modify the environment, e.g. to pass certain parameters across a fork.
	Env []string
}

A HostedProgramSpec contains all of the information that might be needed to start a hosted program. Some factories may not use all of this information, and the semantics of each field vary by factory.

type HostedProgramType 

type HostedProgramType int

The HostedProgramType represents the type of hosted programs and the channel type used for communication between the Host and the Hosted Program. 

const (
	NoHostedPrograms HostedProgramType = iota
	ProcessPipe
	DockerUnix
	KVMCoreOSFile
)

These constants represent the different configurations of hosted programs and communication channels.

type HybridSealedData 

type HybridSealedData struct {
	SealedKey        []byte `protobuf:"bytes,1,req" json:"SealedKey,omitempty"`
	EncryptedData    []byte `protobuf:"bytes,2,req" json:"EncryptedData,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

func (*HybridSealedData) GetEncryptedData 

func (m *HybridSealedData) GetEncryptedData() []byte

func (*HybridSealedData) GetSealedKey 

func (m *HybridSealedData) GetSealedKey() []byte

func (*HybridSealedData) ProtoMessage 

func (*HybridSealedData) ProtoMessage()

func (*HybridSealedData) Reset 

func (m *HybridSealedData) Reset()

func (*HybridSealedData) String 

func (m *HybridSealedData) String() string

type KeyDerivationPDU 

type KeyDerivationPDU struct {
	PreviousHash     []byte  `protobuf:"bytes,1,req,name=previous_hash" json:"previous_hash,omitempty"`
	Size             *uint32 `protobuf:"fixed32,2,req,name=size" json:"size,omitempty"`
	Context          *string `protobuf:"bytes,3,req,name=context" json:"context,omitempty"`
	Index            *uint32 `protobuf:"fixed32,4,req,name=index" json:"index,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

A PDU to be serialized and fed to HKDF for derivation.

func (*KeyDerivationPDU) GetContext 

func (m *KeyDerivationPDU) GetContext() string

func (*KeyDerivationPDU) GetIndex 

func (m *KeyDerivationPDU) GetIndex() uint32

func (*KeyDerivationPDU) GetPreviousHash 

func (m *KeyDerivationPDU) GetPreviousHash() []byte

func (*KeyDerivationPDU) GetSize 

func (m *KeyDerivationPDU) GetSize() uint32

func (*KeyDerivationPDU) ProtoMessage 

func (*KeyDerivationPDU) ProtoMessage()

func (*KeyDerivationPDU) Reset 

func (m *KeyDerivationPDU) Reset()

func (*KeyDerivationPDU) String 

func (m *KeyDerivationPDU) String() string

type KeyType 

type KeyType int

A KeyType represent the type(s) of keys held by a Keys struct. 

const (
	Signing KeyType = 1 << iota
	Crypting
	Deriving
)

These are the types of supported keys.

type Keys 

type Keys struct {
	SigningKey   *Signer
	CryptingKey  *Crypter
	VerifyingKey *Verifier
	DerivingKey  *Deriver
	Delegation   *Attestation
	Cert         *x509.Certificate
	// contains filtered or unexported fields
}

A Keys manages a set of signing, verifying, encrypting, and key-deriving keys.

func LoadKeys 

func LoadKeys(keyTypes KeyType, t Tao, path, policy string) (*Keys, error)

LoadKeys reads a key set from file. If there is a parent tao (t!=nil), then expect the keys are sealed and call t.Unseal(); otherwise, expect the key set to be plaintext.

func NewOnDiskPBEKeys 

func NewOnDiskPBEKeys(keyTypes KeyType, password []byte, path string, name *pkix.Name) (*Keys, error)

NewOnDiskPBEKeys creates a new Keys structure with the specified key types store under PBE on disk. If keys are generated and name is not nil, then a self-signed x509 certificate will be generated and saved as well.

func NewOnDiskTaoSealedKeys 

func NewOnDiskTaoSealedKeys(keyTypes KeyType, t Tao, path, policy string) (*Keys, error)

NewOnDiskTaoSealedKeys sets up the keys sealed under a host Tao or reads sealed keys.

func NewSignedOnDiskPBEKeys 

func NewSignedOnDiskPBEKeys(keyTypes KeyType, password []byte, path string, name *pkix.Name, serial int, signer *Keys) (*Keys, error)

NewSignedOnDiskPBEKeys creates the same type of keys as NewOnDiskPBEKeys but signs a certificate for the signer with the provided Keys, which must have both a SigningKey and a Certificate.

func NewTemporaryKeys 

func NewTemporaryKeys(keyTypes KeyType) (*Keys, error)

NewTemporaryKeys creates a new Keys structure with the specified keys.

func NewTemporaryTaoDelegatedKeys 

func NewTemporaryTaoDelegatedKeys(keyTypes KeyType, t Tao) (*Keys, error)

NewTemporaryTaoDelegatedKeys initializes a set of temporary keys under a host Tao, using the Tao to generate a delegation for the signing key. Since these keys are never stored on disk, they are not sealed to the Tao.

func UnmarshalKeyset 

func UnmarshalKeyset(cks *CryptoKeyset) (*Keys, error)

UnmarshalKeyset decodes a CryptoKeyset into a temporary Keys structure. Note that this Keys structure doesn't have any of its variables set.

func (*Keys) NewSecret 

func (k *Keys) NewSecret(file string, length int) ([]byte, error)

NewSecret creates and encrypts a new secret value of the given length, or it reads and decrypts the value and checks that it's the right length. It creates the file and its parent directories if these directories do not exist.

func (*Keys) PBEKeysetPath 

func (k *Keys) PBEKeysetPath() string

PBEKeysetPath returns the path for stored keys.

func (*Keys) PBESignerPath 

func (k *Keys) PBESignerPath() string

PBESignerPath returns the path for a stored signing key.

func (*Keys) PlaintextKeysetPath 

func (k *Keys) PlaintextKeysetPath() string

PlaintextKeysetPath returns the path for a key stored in plaintext (this is not normally the case).

func (*Keys) Save 

func (k *Keys) Save(t Tao) error

Save serializes, seals, and writes a key set to disk. It calls t.Seal().

func (*Keys) SealedKeysetPath 

func (k *Keys) SealedKeysetPath() string

SealedKeysetPath returns the path for a stored signing key.

func (*Keys) X509Path 

func (k *Keys) X509Path() string

X509Path returns the path to the verifier key, stored as an X.509 certificate.

type KvmCoreOSContainer 

type KvmCoreOSContainer struct {

	// TODO(kwalsh) A temporary directory for the config drive.
	Tempdir string

	// Hash of the CoreOS image.
	Hash []byte

	// Hash of the factory's KVM image.
	// TODO(kwalsh) Move this to LinuxKVMCoreOSFactory. and don't recompute?
	FactoryHash []byte

	// The factory responsible for the vm.
	Factory *LinuxKVMCoreOSFactory

	// Configuration details for CoreOS, mostly obtained from the factory.
	// TODO(kwalsh) what is a good description for this?
	Cfg *CoreOSConfig

	// The underlying vm process.
	QCmd *exec.Cmd

	// Path to linux host.
	// TODO(kwalsh) is this description correct?
	LHPath string

	// A channel to be signaled when the vm is done.
	Done chan bool
	// contains filtered or unexported fields
}

A KvmCoreOSContainer represents a hosted program running as a CoreOS image on KVM. It uses os/exec.Cmd to send commands to QEMU/KVM to start CoreOS then uses SSH to connect to CoreOS to start the LinuxHost there with a virtio-serial connection for its communication with the Tao running on Linux in the guest. This use of os/exec is to avoid having to rewrite or hook into libvirt for now.

func (*KvmCoreOSContainer) Cleanup 

func (kcc *KvmCoreOSContainer) Cleanup() error

func (*KvmCoreOSContainer) ExitStatus 

func (kcc *KvmCoreOSContainer) ExitStatus() (int, error)

ExitStatus returns an exit code for the container.

func (*KvmCoreOSContainer) Kill 

func (kcc *KvmCoreOSContainer) Kill() error

Kill sends a SIGKILL signal to a QEMU instance.

func (*KvmCoreOSContainer) Pid 

func (kcc *KvmCoreOSContainer) Pid() int

Pid returns a numeric ID for this container.

func (*KvmCoreOSContainer) Spec 

func (kcc *KvmCoreOSContainer) Spec() HostedProgramSpec

Spec returns the specification used to start the hosted vm.

func (*KvmCoreOSContainer) Start 

func (kcc *KvmCoreOSContainer) Start() (channel io.ReadWriteCloser, err error)

Start launches a QEMU/KVM CoreOS instance, connects to it with SSH to start the LinuxHost on it, and returns the socket connection to that host.

func (*KvmCoreOSContainer) Stop 

func (kcc *KvmCoreOSContainer) Stop() error

Stop sends a SIGSTOP signal to a docker container.

func (*KvmCoreOSContainer) Subprin 

func (kcc *KvmCoreOSContainer) Subprin() auth.SubPrin

Subprin returns the subprincipal representing the hosted vm.

func (*KvmCoreOSContainer) WaitChan 

func (kcc *KvmCoreOSContainer) WaitChan() <-chan bool

WaitChan returns a chan that will be signaled when the hosted vm is done.

type LinuxDockerContainerFactory 

type LinuxDockerContainerFactory struct {
	SocketDir string
	RulesPath string
}

A LinuxDockerContainerFactory manages hosted programs started as docker containers over a given docker image.

func (*LinuxDockerContainerFactory) NewHostedProgram 

func (ldcf *LinuxDockerContainerFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)

NewHostedProgram initializes, but does not start, a hosted docker container.

type LinuxHost 

type LinuxHost struct {
	Host Host
	// contains filtered or unexported fields
}

A LinuxHost is a Tao host environment in which hosted programs are Linux processes. A Unix domain socket accepts administrative commands for controlling the host, e.g., for starting hosted processes, stopping hosted processes, or shutting down the host. A LinuxTao can be run in stacked mode (on top of a host Tao) or in root mode (without an underlying host Tao).

func NewRootLinuxHost 

func NewRootLinuxHost(path string, guard Guard, password []byte, childFactory HostedProgramFactory) (*LinuxHost, error)

NewRootLinuxHost creates a new LinuxHost as a standalone Host that can provide the Tao to hosted Linux processes.

func NewStackedLinuxHost 

func NewStackedLinuxHost(path string, guard Guard, hostTao Tao, childFactory HostedProgramFactory) (*LinuxHost, error)

NewStackedLinuxHost creates a new LinuxHost as a hosted program of an existing host Tao.

func (*LinuxHost) Attest 

func (lh *LinuxHost) Attest(child *LinuxHostChild, issuer *auth.Prin, time, expiration *int64, stmt auth.Form) (*Attestation, error)

Attest signs a statement on behalf of the child.

func (*LinuxHost) ExtendTaoName 

func (lh *LinuxHost) ExtendTaoName(child *LinuxHostChild, ext auth.SubPrin) error

ExtendTaoName irreversibly extends the Tao principal name of the child.

func (*LinuxHost) GetRandomBytes 

func (lh *LinuxHost) GetRandomBytes(child *LinuxHostChild, n int) ([]byte, error)

GetRandomBytes returns a slice of n random bytes for the child.

func (*LinuxHost) GetSharedSecret 

func (lh *LinuxHost) GetSharedSecret(child *LinuxHostChild, n int, policy string) ([]byte, error)

GetSharedSecret returns a slice of n secret bytes for the child.

func (*LinuxHost) GetTaoName 

func (lh *LinuxHost) GetTaoName(child *LinuxHostChild) auth.Prin

GetTaoName returns the Tao name for the child.

func (*LinuxHost) HostName 

func (lh *LinuxHost) HostName() auth.Prin

HostName returns the name of the Host used by the LinuxHost.

func (*LinuxHost) KillHostedProgram 

func (lh *LinuxHost) KillHostedProgram(subprin auth.SubPrin) error

KillHostedProgram kills a running hosted program.

func (*LinuxHost) ListHostedPrograms 

func (lh *LinuxHost) ListHostedPrograms() ([]auth.SubPrin, []int, error)

ListHostedPrograms returns a list of running hosted programs.

func (*LinuxHost) Seal 

func (lh *LinuxHost) Seal(child *LinuxHostChild, data []byte, policy string) ([]byte, error)

Seal encrypts data for the child. This call also zeroes the data parameter.

func (*LinuxHost) Shutdown 

func (lh *LinuxHost) Shutdown() error

Shutdown stops all hosted programs. If any remain after 10 seconds, they are killed.

func (*LinuxHost) StartHostedProgram 

func (lh *LinuxHost) StartHostedProgram(spec HostedProgramSpec) (auth.SubPrin, int, error)

StartHostedProgram starts a new hosted program.

func (*LinuxHost) StopHostedProgram 

func (lh *LinuxHost) StopHostedProgram(subprin auth.SubPrin) error

StopHostedProgram stops a running hosted program.

func (*LinuxHost) Unseal 

func (lh *LinuxHost) Unseal(child *LinuxHostChild, sealed []byte) ([]byte, string, error)

Unseal decrypts data for the child, but only if the policy is satisfied.

func (*LinuxHost) WaitHostedProgram 

func (lh *LinuxHost) WaitHostedProgram(pid int, subprin auth.SubPrin) (int, error)

WaitHostedProgram waits for a running hosted program to exit.

type LinuxHostAdminClient 

type LinuxHostAdminClient struct {
	*rpc.Client
	// contains filtered or unexported fields
}

LinuxHostAdminClient is a client stub for LinuxHost's admin RPC interface.

func NewLinuxHostAdminClient 

func NewLinuxHostAdminClient(conn *net.UnixConn) LinuxHostAdminClient

NewLinuxHostAdminClient returns a new client stub for LinuxHost's admin RPC interface.

func (LinuxHostAdminClient) HostName 

func (client LinuxHostAdminClient) HostName() (auth.Prin, error)

HostName is the client stub for LinuxHost.HostName.

func (LinuxHostAdminClient) KillHostedProgram 

func (client LinuxHostAdminClient) KillHostedProgram(subprin auth.SubPrin) error

KillHostedProgram is the client stub for LinuxHost.KillHostedProgram.

func (LinuxHostAdminClient) ListHostedPrograms 

func (client LinuxHostAdminClient) ListHostedPrograms() (name []auth.SubPrin, pid []int, err error)

ListHostedPrograms is the client stub for LinuxHost.ListHostedPrograms.

func (LinuxHostAdminClient) Shutdown 

func (client LinuxHostAdminClient) Shutdown() error

Shutdown is the client stub for LinuxHost.Shutdown.

func (LinuxHostAdminClient) StartHostedProgram 

func (client LinuxHostAdminClient) StartHostedProgram(spec *HostedProgramSpec) (auth.SubPrin, int, error)

StartHostedProgram is the client stub for LinuxHost.StartHostedProgram.

func (LinuxHostAdminClient) StopHostedProgram 

func (client LinuxHostAdminClient) StopHostedProgram(subprin auth.SubPrin) error

StopHostedProgram is the client stub for LinuxHost.StopHostedProgram.

func (LinuxHostAdminClient) WaitHostedProgram 

func (client LinuxHostAdminClient) WaitHostedProgram(pid int, subprin auth.SubPrin) (int, error)

WaitHostedProgram is the client stub for LinuxHost.WaitHostedProgram.

type LinuxHostAdminRPCHostedProgram 

type LinuxHostAdminRPCHostedProgram struct {
	Subprin          []byte `protobuf:"bytes,1,req,name=subprin" json:"subprin,omitempty"`
	Pid              *int32 `protobuf:"varint,2,req,name=pid" json:"pid,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

func (*LinuxHostAdminRPCHostedProgram) GetPid 

func (m *LinuxHostAdminRPCHostedProgram) GetPid() int32

func (*LinuxHostAdminRPCHostedProgram) GetSubprin 

func (m *LinuxHostAdminRPCHostedProgram) GetSubprin() []byte

func (*LinuxHostAdminRPCHostedProgram) ProtoMessage 

func (*LinuxHostAdminRPCHostedProgram) ProtoMessage()

func (*LinuxHostAdminRPCHostedProgram) Reset 

func (m *LinuxHostAdminRPCHostedProgram) Reset()

func (*LinuxHostAdminRPCHostedProgram) String 

func (m *LinuxHostAdminRPCHostedProgram) String() string

type LinuxHostAdminRPCRequest 

type LinuxHostAdminRPCRequest struct {
	Subprin          []byte   `protobuf:"bytes,1,opt,name=subprin" json:"subprin,omitempty"`
	Path             *string  `protobuf:"bytes,2,opt,name=path" json:"path,omitempty"`
	Args             []string `protobuf:"bytes,3,rep,name=args" json:"args,omitempty"`
	Pid              *int32   `protobuf:"varint,4,opt,name=pid" json:"pid,omitempty"`
	Dir              *string  `protobuf:"bytes,5,opt,name=dir" json:"dir,omitempty"`
	ContainerArgs    []string `protobuf:"bytes,6,rep,name=container_args" json:"container_args,omitempty"`
	Stdin            *int32   `protobuf:"varint,7,opt,name=stdin" json:"stdin,omitempty"`
	Stdout           *int32   `protobuf:"varint,8,opt,name=stdout" json:"stdout,omitempty"`
	Stderr           *int32   `protobuf:"varint,9,opt,name=stderr" json:"stderr,omitempty"`
	XXX_unrecognized []byte   `json:"-"`
}

func (*LinuxHostAdminRPCRequest) GetArgs 

func (m *LinuxHostAdminRPCRequest) GetArgs() []string

func (*LinuxHostAdminRPCRequest) GetContainerArgs 

func (m *LinuxHostAdminRPCRequest) GetContainerArgs() []string

func (*LinuxHostAdminRPCRequest) GetDir 

func (m *LinuxHostAdminRPCRequest) GetDir() string

func (*LinuxHostAdminRPCRequest) GetPath 

func (m *LinuxHostAdminRPCRequest) GetPath() string

func (*LinuxHostAdminRPCRequest) GetPid 

func (m *LinuxHostAdminRPCRequest) GetPid() int32

func (*LinuxHostAdminRPCRequest) GetStderr 

func (m *LinuxHostAdminRPCRequest) GetStderr() int32

func (*LinuxHostAdminRPCRequest) GetStdin 

func (m *LinuxHostAdminRPCRequest) GetStdin() int32

func (*LinuxHostAdminRPCRequest) GetStdout 

func (m *LinuxHostAdminRPCRequest) GetStdout() int32

func (*LinuxHostAdminRPCRequest) GetSubprin 

func (m *LinuxHostAdminRPCRequest) GetSubprin() []byte

func (*LinuxHostAdminRPCRequest) ProtoMessage 

func (*LinuxHostAdminRPCRequest) ProtoMessage()

func (*LinuxHostAdminRPCRequest) Reset 

func (m *LinuxHostAdminRPCRequest) Reset()

func (*LinuxHostAdminRPCRequest) String 

func (m *LinuxHostAdminRPCRequest) String() string

type LinuxHostAdminRPCResponse 

type LinuxHostAdminRPCResponse struct {
	Child            []*LinuxHostAdminRPCHostedProgram `protobuf:"bytes,1,rep,name=child" json:"child,omitempty"`
	Prin             []byte                            `protobuf:"bytes,2,opt,name=prin" json:"prin,omitempty"`
	Status           *int32                            `protobuf:"varint,3,opt,name=status" json:"status,omitempty"`
	XXX_unrecognized []byte                            `json:"-"`
}

func (*LinuxHostAdminRPCResponse) GetChild 

func (m *LinuxHostAdminRPCResponse) GetChild() []*LinuxHostAdminRPCHostedProgram

func (*LinuxHostAdminRPCResponse) GetPrin 

func (m *LinuxHostAdminRPCResponse) GetPrin() []byte

func (*LinuxHostAdminRPCResponse) GetStatus 

func (m *LinuxHostAdminRPCResponse) GetStatus() int32

func (*LinuxHostAdminRPCResponse) ProtoMessage 

func (*LinuxHostAdminRPCResponse) ProtoMessage()

func (*LinuxHostAdminRPCResponse) Reset 

func (m *LinuxHostAdminRPCResponse) Reset()

func (*LinuxHostAdminRPCResponse) String 

func (m *LinuxHostAdminRPCResponse) String() string

type LinuxHostAdminServer 

type LinuxHostAdminServer struct {
	Done chan bool
	// contains filtered or unexported fields
}

LinuxHostAdminServer is a server stub for LinuxHost's admin RPC interface.

func NewLinuxHostAdminServer 

func NewLinuxHostAdminServer(host *LinuxHost) LinuxHostAdminServer

NewLinuxHostAdminServer returns a new server stub for LinuxHost's admin RPC interface.

func (LinuxHostAdminServer) Serve 

func (server LinuxHostAdminServer) Serve(sock *net.UnixListener) error

Serve listens on sock for new connections and services them.

type LinuxHostChild 

type LinuxHostChild struct {
	ChildSubprin auth.SubPrin
	Cmd          HostedProgram
	// contains filtered or unexported fields
}

LinuxHostChild holds state associated with a running child program. TODO(kwalsh) Nothing in this is linux specific. Move channel and ChildSubprin into (getter methods of) interface HostedProgram and eliminate this struct? Also merge channel cleanup into HostedProgram.Cleanup()

type LinuxHostConfig 

type LinuxHostConfig struct {
	// Either "root" or "stacked"
	Type *string `protobuf:"bytes,1,req,name=type" json:"type,omitempty"`
	// Either "TPM", "pipe", "file", or "unix"
	ParentType *string `protobuf:"bytes,2,opt,name=parent_type" json:"parent_type,omitempty"`
	// For non-tpm parent types, the parent connection spec
	ParentSpec *string `protobuf:"bytes,3,opt,name=parent_spec" json:"parent_spec,omitempty"`
	// Socket directory, relative to host configuration directory.
	SocketDir *string `protobuf:"bytes,4,opt,name=socket_dir" json:"socket_dir,omitempty"`
	// Either "process", "docker", or "kvm_coreos"
	Hosting *string `protobuf:"bytes,5,req,name=hosting" json:"hosting,omitempty"`
	// Path to CoreOS image for hosted KVM, absolute or relative to domain.
	KvmCoreosImg *string `protobuf:"bytes,6,opt,name=kvm_coreos_img" json:"kvm_coreos_img,omitempty"`
	// KB of memory to allocate for each VM
	KvmCoreosVmMemory *int32 `protobuf:"varint,7,opt,name=kvm_coreos_vm_memory" json:"kvm_coreos_vm_memory,omitempty"`
	// Path to CoreOS authorized_keys for hosted KVM, absolute or relative to domain.
	KvmCoreosSshAuthKeys *string `protobuf:"bytes,8,opt,name=kvm_coreos_ssh_auth_keys" json:"kvm_coreos_ssh_auth_keys,omitempty"`
	XXX_unrecognized     []byte  `json:"-"`
}

func (*LinuxHostConfig) GetHosting 

func (m *LinuxHostConfig) GetHosting() string

func (*LinuxHostConfig) GetKvmCoreosImg 

func (m *LinuxHostConfig) GetKvmCoreosImg() string

func (*LinuxHostConfig) GetKvmCoreosSshAuthKeys 

func (m *LinuxHostConfig) GetKvmCoreosSshAuthKeys() string

func (*LinuxHostConfig) GetKvmCoreosVmMemory 

func (m *LinuxHostConfig) GetKvmCoreosVmMemory() int32

func (*LinuxHostConfig) GetParentSpec 

func (m *LinuxHostConfig) GetParentSpec() string

func (*LinuxHostConfig) GetParentType 

func (m *LinuxHostConfig) GetParentType() string

func (*LinuxHostConfig) GetSocketDir 

func (m *LinuxHostConfig) GetSocketDir() string

func (*LinuxHostConfig) GetType 

func (m *LinuxHostConfig) GetType() string

func (*LinuxHostConfig) ProtoMessage 

func (*LinuxHostConfig) ProtoMessage()

func (*LinuxHostConfig) Reset 

func (m *LinuxHostConfig) Reset()

func (*LinuxHostConfig) String 

func (m *LinuxHostConfig) String() string

type LinuxHostSealedBundle 

type LinuxHostSealedBundle struct {
	Policy           *string `protobuf:"bytes,1,req,name=policy" json:"policy,omitempty"`
	PolicyInfo       *string `protobuf:"bytes,2,opt,name=policy_info" json:"policy_info,omitempty"`
	Data             []byte  `protobuf:"bytes,3,req,name=data" json:"data,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*LinuxHostSealedBundle) GetData 

func (m *LinuxHostSealedBundle) GetData() []byte

func (*LinuxHostSealedBundle) GetPolicy 

func (m *LinuxHostSealedBundle) GetPolicy() string

func (*LinuxHostSealedBundle) GetPolicyInfo 

func (m *LinuxHostSealedBundle) GetPolicyInfo() string

func (*LinuxHostSealedBundle) ProtoMessage 

func (*LinuxHostSealedBundle) ProtoMessage()

func (*LinuxHostSealedBundle) Reset 

func (m *LinuxHostSealedBundle) Reset()

func (*LinuxHostSealedBundle) String 

func (m *LinuxHostSealedBundle) String() string

type LinuxHostTaoServer 

type LinuxHostTaoServer struct {
	// contains filtered or unexported fields
}

LinuxHostTaoServer is a server stub for LinuxHost's Tao RPC interface.

func NewLinuxHostTaoServer 

func NewLinuxHostTaoServer(host *LinuxHost, child *LinuxHostChild) LinuxHostTaoServer

NewLinuxHostTaoServer returns a new server stub for LinuxHost's Tao RPC interface.

func (LinuxHostTaoServer) Serve 

func (server LinuxHostTaoServer) Serve(conn io.ReadWriteCloser) error

Serve listens on sock for new connections and services them.

type LinuxKVMCoreOSFactory 

type LinuxKVMCoreOSFactory struct {
	Cfg        *CoreOSConfig
	SocketPath string
	PublicKey  string
	PrivateKey ssh.Signer
}

A LinuxKVMCoreOSFactory manages hosted programs started as QEMU/KVM instances over a given CoreOS image.

func (*LinuxKVMCoreOSFactory) NewHostedProgram 

func (lkcf *LinuxKVMCoreOSFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)

MakeSubprin computes the hash of a QEMU/KVM CoreOS image to get a subprincipal for authorization purposes.

type LinuxProcessFactory 

type LinuxProcessFactory struct {
	// contains filtered or unexported fields
}

A LinuxProcessFactory supports methods for creating Linux processes as hosted programs. LinuxProcessFactory implements HostedProgramFactory.

func (*LinuxProcessFactory) NewHostedProgram 

func (lpf *LinuxProcessFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)

NewHostedProgram initializes, but does not start, a hosted process.

type NamedEllipticCurve 

type NamedEllipticCurve int32
const (
	NamedEllipticCurve_PRIME256_V1 NamedEllipticCurve = 1
)

func (NamedEllipticCurve) Enum 

func (x NamedEllipticCurve) Enum() *NamedEllipticCurve

func (NamedEllipticCurve) String 

func (x NamedEllipticCurve) String() string

func (*NamedEllipticCurve) UnmarshalJSON 

func (x *NamedEllipticCurve) UnmarshalJSON(data []byte) error

type PBEData 

type PBEData struct {
	Version    *CryptoVersion `protobuf:"varint,1,req,name=version,enum=tao.CryptoVersion" json:"version,omitempty"`
	Cipher     *string        `protobuf:"bytes,2,req,name=cipher" json:"cipher,omitempty"`
	Hmac       *string        `protobuf:"bytes,3,req,name=hmac" json:"hmac,omitempty"`
	Iterations *int32         `protobuf:"varint,4,req,name=iterations" json:"iterations,omitempty"`
	Iv         []byte         `protobuf:"bytes,5,req,name=iv" json:"iv,omitempty"`
	Ciphertext []byte         `protobuf:"bytes,6,req,name=ciphertext" json:"ciphertext,omitempty"`
	// TODO(kwalsh) Should this not use a mac as well for integrity protection?
	Salt             []byte `protobuf:"bytes,7,req,name=salt" json:"salt,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

func (*PBEData) GetCipher 

func (m *PBEData) GetCipher() string

func (*PBEData) GetCiphertext 

func (m *PBEData) GetCiphertext() []byte

func (*PBEData) GetHmac 

func (m *PBEData) GetHmac() string

func (*PBEData) GetIterations 

func (m *PBEData) GetIterations() int32

func (*PBEData) GetIv 

func (m *PBEData) GetIv() []byte

func (*PBEData) GetSalt 

func (m *PBEData) GetSalt() []byte

func (*PBEData) GetVersion 

func (m *PBEData) GetVersion() CryptoVersion

func (*PBEData) ProtoMessage 

func (*PBEData) ProtoMessage()

func (*PBEData) Reset 

func (m *PBEData) Reset()

func (*PBEData) String 

func (m *PBEData) String() string

type RPC 

type RPC struct {
	// contains filtered or unexported fields
}

RPC sends requests between this hosted program and the host Tao.

func DeserializeFileRPC 

func DeserializeFileRPC(s string) (*RPC, error)

DeserializeFileRPC produces a RPC from a string representing a file.

func DeserializeRPC 

func DeserializeRPC(s string) (*RPC, error)

DeserializeRPC produces a RPC from a string.

func DeserializeUnixSocketRPC 

func DeserializeUnixSocketRPC(p string) (*RPC, error)

DeserializeUnixSocketRPC produces a RPC from a path string.

func NewRPC 

func NewRPC(rwc io.ReadWriteCloser, serviceName string) (*RPC, error)

NewRPC constructs a RPC for the default gob encoding rpc client using an io.ReadWriteCloser.

func (*RPC) Attest 

func (t *RPC) Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)

Attest implements part of the Tao interface.

func (*RPC) ExtendTaoName 

func (t *RPC) ExtendTaoName(subprin auth.SubPrin) error

ExtendTaoName implements part of the Tao interface.

func (*RPC) GetRandomBytes 

func (t *RPC) GetRandomBytes(n int) ([]byte, error)

GetRandomBytes implements part of the Tao interface.

func (*RPC) GetSharedSecret 

func (t *RPC) GetSharedSecret(n int, policy string) ([]byte, error)

GetSharedSecret implements part of the Tao interface.

func (*RPC) GetTaoName 

func (t *RPC) GetTaoName() (auth.Prin, error)

GetTaoName implements part of the Tao interface.

func (*RPC) Rand 

func (t *RPC) Rand() io.Reader

Rand implements part of the Tao interface.

func (*RPC) Seal 

func (t *RPC) Seal(data []byte, policy string) (sealed []byte, err error)

Seal implements part of the Tao interface.

func (*RPC) Unseal 

func (t *RPC) Unseal(sealed []byte) (data []byte, policy string, err error)

Unseal implements part of the Tao interface.

type RPCRequest 

type RPCRequest struct {
	Data             []byte  `protobuf:"bytes,1,opt,name=data" json:"data,omitempty"`
	Size             *int32  `protobuf:"varint,2,opt,name=size" json:"size,omitempty"`
	Policy           *string `protobuf:"bytes,3,opt,name=policy" json:"policy,omitempty"`
	Time             *int64  `protobuf:"varint,4,opt,name=time" json:"time,omitempty"`
	Expiration       *int64  `protobuf:"varint,5,opt,name=expiration" json:"expiration,omitempty"`
	Issuer           []byte  `protobuf:"bytes,6,opt,name=issuer" json:"issuer,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*RPCRequest) GetData 

func (m *RPCRequest) GetData() []byte

func (*RPCRequest) GetExpiration 

func (m *RPCRequest) GetExpiration() int64

func (*RPCRequest) GetIssuer 

func (m *RPCRequest) GetIssuer() []byte

func (*RPCRequest) GetPolicy 

func (m *RPCRequest) GetPolicy() string

func (*RPCRequest) GetSize 

func (m *RPCRequest) GetSize() int32

func (*RPCRequest) GetTime 

func (m *RPCRequest) GetTime() int64

func (*RPCRequest) ProtoMessage 

func (*RPCRequest) ProtoMessage()

func (*RPCRequest) Reset 

func (m *RPCRequest) Reset()

func (*RPCRequest) String 

func (m *RPCRequest) String() string

type RPCResponse 

type RPCResponse struct {
	Data             []byte  `protobuf:"bytes,1,opt,name=data" json:"data,omitempty"`
	Policy           *string `protobuf:"bytes,2,opt,name=policy" json:"policy,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*RPCResponse) GetData 

func (m *RPCResponse) GetData() []byte

func (*RPCResponse) GetPolicy 

func (m *RPCResponse) GetPolicy() string

func (*RPCResponse) ProtoMessage 

func (*RPCResponse) ProtoMessage()

func (*RPCResponse) Reset 

func (m *RPCResponse) Reset()

func (*RPCResponse) String 

func (m *RPCResponse) String() string

type RootHost 

type RootHost struct {
	// contains filtered or unexported fields
}

A RootHost is a standalone implementation of Host.

func (*RootHost) AddedHostedProgram 

func (t *RootHost) AddedHostedProgram(childSubprin auth.SubPrin) error

AddedHostedProgram notifies this Host that a new hosted program has been created.

func (*RootHost) Attest 

func (t *RootHost) Attest(childSubprin auth.SubPrin, issuer *auth.Prin,
	time, expiration *int64, message auth.Form) (*Attestation, error)

Attest requests the Tao host sign a statement on behalf of the caller.

func (*RootHost) Decrypt 

func (t *RootHost) Decrypt(encrypted []byte) (data []byte, err error)

Decrypt data that only this host can access.

func (*RootHost) Encrypt 

func (t *RootHost) Encrypt(data []byte) (encrypted []byte, err error)

Encrypt data so that only this host can access it.

func (*RootHost) GetRandomBytes 

func (t *RootHost) GetRandomBytes(childSubprin auth.SubPrin, n int) (bytes []byte, err error)

GetRandomBytes returns a slice of n random bytes.

func (*RootHost) GetSharedSecret 

func (t *RootHost) GetSharedSecret(tag string, n int) (bytes []byte, err error)

GetSharedSecret returns a slice of n secret bytes.

func (*RootHost) HostName 

func (t *RootHost) HostName() auth.Prin

HostName gets the Tao principal name assigned to this hosted Tao host. The name encodes the full path from the root Tao, through all intermediary Tao hosts, to this hosted Tao host.

func (*RootHost) RemovedHostedProgram 

func (t *RootHost) RemovedHostedProgram(childSubprin auth.SubPrin) error

RemovedHostedProgram notifies this Host that a hosted program has been killed.

type SignaturePDU 

type SignaturePDU struct {
	Header *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"`
	// SECURITY WARNING: Always choose a unique context for each unique type of
	// message. One easy way to do this is to number the messages in a protocol
	// and make the context "ProtocolName Message Y: ProtobufName Version X"
	Context *string `protobuf:"bytes,2,req,name=context" json:"context,omitempty"`
	// The serialized protobuf representing this message.
	Data             []byte `protobuf:"bytes,3,req,name=data" json:"data,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

A PDU to be serialized and signed, including a required context to ensure unique deserialization.

func (*SignaturePDU) GetContext 

func (m *SignaturePDU) GetContext() string

func (*SignaturePDU) GetData 

func (m *SignaturePDU) GetData() []byte

func (*SignaturePDU) GetHeader 

func (m *SignaturePDU) GetHeader() *CryptoHeader

func (*SignaturePDU) ProtoMessage 

func (*SignaturePDU) ProtoMessage()

func (*SignaturePDU) Reset 

func (m *SignaturePDU) Reset()

func (*SignaturePDU) String 

func (m *SignaturePDU) String() string

type SignedACLSet 

type SignedACLSet struct {
	SerializedAclset []byte `protobuf:"bytes,1,req,name=serialized_aclset" json:"serialized_aclset,omitempty"`
	Signature        []byte `protobuf:"bytes,2,req,name=signature" json:"signature,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

A set of ACL entries signed by a key.

func (*SignedACLSet) GetSerializedAclset 

func (m *SignedACLSet) GetSerializedAclset() []byte

func (*SignedACLSet) GetSignature 

func (m *SignedACLSet) GetSignature() []byte

func (*SignedACLSet) ProtoMessage 

func (*SignedACLSet) ProtoMessage()

func (*SignedACLSet) Reset 

func (m *SignedACLSet) Reset()

func (*SignedACLSet) String 

func (m *SignedACLSet) String() string

type SignedData 

type SignedData struct {
	Header           *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"`
	Signature        []byte        `protobuf:"bytes,2,req,name=signature" json:"signature,omitempty"`
	XXX_unrecognized []byte        `json:"-"`
}

The result of signing.

func (*SignedData) GetHeader 

func (m *SignedData) GetHeader() *CryptoHeader

func (*SignedData) GetSignature 

func (m *SignedData) GetSignature() []byte

func (*SignedData) ProtoMessage 

func (*SignedData) ProtoMessage()

func (*SignedData) Reset 

func (m *SignedData) Reset()

func (*SignedData) String 

func (m *SignedData) String() string

type SignedDatalogRules 

type SignedDatalogRules struct {
	SerializedRules  []byte `protobuf:"bytes,1,req,name=serialized_rules" json:"serialized_rules,omitempty"`
	Signature        []byte `protobuf:"bytes,2,req,name=signature" json:"signature,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

A set of rules signed by a key.

func (*SignedDatalogRules) GetSerializedRules 

func (m *SignedDatalogRules) GetSerializedRules() []byte

func (*SignedDatalogRules) GetSignature 

func (m *SignedDatalogRules) GetSignature() []byte

func (*SignedDatalogRules) ProtoMessage 

func (*SignedDatalogRules) ProtoMessage()

func (*SignedDatalogRules) Reset 

func (m *SignedDatalogRules) Reset()

func (*SignedDatalogRules) String 

func (m *SignedDatalogRules) String() string

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

A Signer is used to sign and verify signatures

func GenerateSigner 

func GenerateSigner() (*Signer, error)

GenerateSigner creates a new Signer with a fresh key.

func UnmarshalSignerDER 

func UnmarshalSignerDER(signer []byte) (*Signer, error)

UnmarshalSignerDER deserializes a Signer from DER.

func UnmarshalSignerProto 

func UnmarshalSignerProto(ck *CryptoKey) (*Signer, error)

UnmarshalSignerProto decodes a signing key from a CryptoKey protobuf message.

func (*Signer) CreateHeader 

func (s *Signer) CreateHeader() (*CryptoHeader, error)

CreateHeader encodes the version and a key hint into a CryptoHeader.

func (*Signer) CreateSelfSignedDER 

func (s *Signer) CreateSelfSignedDER(name *pkix.Name) ([]byte, error)

CreateSelfSignedDER creates a DER representation of a new self-signed certificate for the given name.

func (*Signer) CreateSelfSignedX509 

func (s *Signer) CreateSelfSignedX509(name *pkix.Name) (*x509.Certificate, error)

CreateSelfSignedX509 creates a self-signed X.509 certificate for the public key of this Signer.

func (*Signer) CreateSignedX509 

func (s *Signer) CreateSignedX509(caCert *x509.Certificate, certSerial int, subjectKey *Verifier, subjectName *pkix.Name) (*x509.Certificate, error)

CreateSignedX509 creates a signed X.509 certificate for some other subject's key.

func (*Signer) GetVerifier 

func (s *Signer) GetVerifier() *Verifier

GetVerifier returns a Verifier from Signer.

func (*Signer) Sign 

func (s *Signer) Sign(data []byte, context string) ([]byte, error)

Sign computes an ECDSA sigature over the contextualized data, using the private key of the signer.

func (*Signer) ToPrincipal 

func (s *Signer) ToPrincipal() auth.Prin

ToPrincipal produces a "key" type Prin for this signer. This contains a serialized CryptoKey for the public half of this signing key.

type SoftTao 

type SoftTao struct {
	// contains filtered or unexported fields
}

A SoftTao is an implementation of the Tao that isn't backed by any hardware mechanisms. It's used for testing components that rely on the Tao.

func (*SoftTao) Attest 

func (s *SoftTao) Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)

Attest requests that the Tao host sign a statement on behalf of the caller.

func (*SoftTao) ExtendTaoName 

func (s *SoftTao) ExtendTaoName(subprin auth.SubPrin) error

ExtendTaoName irreversibly extends the Tao principal name of the caller.

func (*SoftTao) GetRandomBytes 

func (s *SoftTao) GetRandomBytes(n int) ([]byte, error)

GetRandomBytes fills the slice with random bytes.

func (*SoftTao) GetSharedSecret 

func (s *SoftTao) GetSharedSecret(n int, policy string) ([]byte, error)

GetSharedSecret returns a slice of n secret bytes.

func (*SoftTao) GetTaoName 

func (s *SoftTao) GetTaoName() (auth.Prin, error)

GetTaoName returns the Tao principal name assigned to the caller.

func (*SoftTao) GetVerifier 

func (s *SoftTao) GetVerifier() *Verifier

GetVerifier returns the verifying key for this Tao.

func (*SoftTao) Rand 

func (s *SoftTao) Rand() io.Reader

Rand returns an io.Reader for the SoftTao's source of randomness.

func (*SoftTao) Read 

func (s *SoftTao) Read(p []byte) (int, error)

Read implements io.Reader to read random bytes from the Tao.

func (*SoftTao) Seal 

func (s *SoftTao) Seal(data []byte, policy string) ([]byte, error)

Seal encrypts the data in a way that can only be opened by the Tao for the program that sealed it. In the case of the SoftTao, this policy is implicit.

func (*SoftTao) Unseal 

func (s *SoftTao) Unseal(sealed []byte) (data []byte, policy string, err error)

Unseal decrypts data that has been sealed by the Seal operation, but only if the policy specified during the Seal operation is satisfied.

type StackedHost 

type StackedHost struct {
	// contains filtered or unexported fields
}

A StackedHost implements Host over an existing host Tao.

func (*StackedHost) AddedHostedProgram 

func (t *StackedHost) AddedHostedProgram(childSubprin auth.SubPrin) error

AddedHostedProgram notifies this Host that a new hosted program has been created.

func (*StackedHost) Attest 

func (t *StackedHost) Attest(childSubprin auth.SubPrin, issuer *auth.Prin,
	time, expiration *int64, message auth.Form) (*Attestation, error)

Attest requests the Tao host sign a statement on behalf of the caller.

func (*StackedHost) Decrypt 

func (t *StackedHost) Decrypt(encrypted []byte) (data []byte, err error)

Decrypt data that only this host can access.

func (*StackedHost) Encrypt 

func (t *StackedHost) Encrypt(data []byte) (encrypted []byte, err error)

Encrypt data so that only this host can access it.

func (*StackedHost) GetRandomBytes 

func (t *StackedHost) GetRandomBytes(childSubprin auth.SubPrin, n int) (bytes []byte, err error)

GetRandomBytes returns a slice of n random bytes.

func (*StackedHost) GetSharedSecret 

func (t *StackedHost) GetSharedSecret(tag string, n int) (bytes []byte, err error)

GetSharedSecret returns a slice of n secret bytes.

func (*StackedHost) HostName 

func (t *StackedHost) HostName() auth.Prin

HostName gets the Tao principal name assigned to this hosted Tao host. The name encodes the full path from the root Tao, through all intermediary Tao hosts, to this hosted Tao host.

func (*StackedHost) RemovedHostedProgram 

func (t *StackedHost) RemovedHostedProgram(childSubprin auth.SubPrin) error

RemovedHostedProgram notifies this Host that a hosted program has been killed.

type TPMDetails 

type TPMDetails struct {
	TpmPath *string `protobuf:"bytes,1,opt,name=tpm_path" json:"tpm_path,omitempty"`
	AikPath *string `protobuf:"bytes,2,opt,name=aik_path" json:"aik_path,omitempty"`
	// A string representing the IDs of PCRs, like "17,18".
	Pcrs             *string `protobuf:"bytes,3,opt,name=pcrs" json:"pcrs,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*TPMDetails) GetAikPath 

func (m *TPMDetails) GetAikPath() string

func (*TPMDetails) GetPcrs 

func (m *TPMDetails) GetPcrs() string

func (*TPMDetails) GetTpmPath 

func (m *TPMDetails) GetTpmPath() string

func (*TPMDetails) ProtoMessage 

func (*TPMDetails) ProtoMessage()

func (*TPMDetails) Reset 

func (m *TPMDetails) Reset()

func (*TPMDetails) String 

func (m *TPMDetails) String() string

type TPMTao 

type TPMTao struct {
	// contains filtered or unexported fields
}

A TPMTao implements the Tao using a hardware TPM device.

func (*TPMTao) Attest 

func (tt *TPMTao) Attest(issuer *auth.Prin, start, expiration *int64, message auth.Form) (*Attestation, error)

Attest requests the Tao host sign a statement on behalf of the caller. The optional issuer, time and expiration will be given default values if nil.

func (*TPMTao) ExtendTaoName 

func (tt *TPMTao) ExtendTaoName(subprin auth.SubPrin) error

ExtendTaoName irreversibly extends the Tao principal name of the caller.

func (*TPMTao) GetRandomBytes 

func (tt *TPMTao) GetRandomBytes(n int) ([]byte, error)

GetRandomBytes returns a slice of n random bytes.

func (*TPMTao) GetSharedSecret 

func (tt *TPMTao) GetSharedSecret(n int, policy string) (bytes []byte, err error)

GetSharedSecret returns a slice of n secret bytes.

func (*TPMTao) GetTaoName 

func (tt *TPMTao) GetTaoName() (name auth.Prin, err error)

GetTaoName returns the Tao principal name assigned to the caller.

func (*TPMTao) Rand 

func (tt *TPMTao) Rand() io.Reader

Rand produces an io.Reader for random bytes from this Tao.

func (*TPMTao) Read 

func (tt *TPMTao) Read(p []byte) (int, error)

Read implements io.Reader to read random bytes from the TPMTao.

func (*TPMTao) Seal 

func (tt *TPMTao) Seal(data []byte, policy string) (sealed []byte, err error)

Seal encrypts data so only certain hosted programs can unseal it. Note that at least some TPMs can only seal up to 149 bytes of data. So, we employ a hybrid encryption scheme that seals a key and uses the key to encrypt the data separately. We use the keys infrastructure to perform secure and flexible encryption.

func (*TPMTao) Unseal 

func (tt *TPMTao) Unseal(sealed []byte) (data []byte, policy string, err error)

Unseal decrypts data that has been sealed by the Seal() operation, but only if the policy specified during the Seal() operation is satisfied.

type Tao 

type Tao interface {
	// GetTaoName returns the Tao principal name assigned to the caller.
	GetTaoName() (name auth.Prin, err error)

	// ExtendTaoName irreversibly extends the Tao principal name of the caller.
	ExtendTaoName(subprin auth.SubPrin) error

	// GetRandomBytes returns a slice of n random bytes.
	GetRandomBytes(n int) (bytes []byte, err error)

	// Rand produces an io.Reader for random bytes from this Tao.
	Rand() io.Reader

	// GetSharedSecret returns a slice of n secret bytes.
	GetSharedSecret(n int, policy string) (bytes []byte, err error)

	// Attest requests the Tao host sign a statement on behalf of the caller. The
	// optional issuer, time and expiration will be given default values if nil.
	// TODO(kwalsh) Maybe create a struct for these optional params? Or use
	// auth.Says instead (in which time and expiration are optional) with a
	// bogus Speaker field like key("") or nil("") or self, etc.
	Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)

	// Seal encrypts data so only certain hosted programs can unseal it.
	Seal(data []byte, policy string) (sealed []byte, err error)

	// Unseal decrypts data that has been sealed by the Seal() operation, but only
	// if the policy specified during the Seal() operation is satisfied.
	Unseal(sealed []byte) (data []byte, policy string, err error)
}

Tao is the fundamental Trustworthy Computing interface provided by a host to its hosted programs. Each level of a system can act as a host by exporting the Tao interface and providing Tao services to higher-level hosted programs.

In most cases, a hosted program will use a stub Tao that performs RPC over a channel to its host. The details of such RPC depend on the specific implementation of the host: some hosted programs may use pipes to communicate with their host, others may use sockets, etc.

func NewSoftTao 

func NewSoftTao(path string, password []byte) (Tao, error)

NewSoftTao initializes the SoftTao with a crypter and a signer.

func NewTPMTao 

func NewTPMTao(tpmPath string, aikblob []byte, pcrNums []int) (Tao, error)

NewTPMTao creates a new TPMTao and returns it under the Tao interface.

func Parent 

func Parent() Tao

Parent returns the interface to the underlying host Tao. It depends on a specific environment variable being set. On success it memoizes the result before returning it because there should only ever be a single channel to the host. On failure, it logs a message using glog and returns nil. Note: errors are not returned so that, once it is confirmed that Parent returns a non-nil value, callers can use the function result in an expression, e.g.: 

name, err := tao.Parent().GetTaoName()

func ParentFromConfig 

func ParentFromConfig(tc Config) Tao

ParentFromConfig gets a parent Tao given a Config that specifies the Tao type.

type TrivialGuard 

type TrivialGuard int

A TrivialGuard implements a constant policy: either ConservativeGuard ("deny all") or LiberalGuard ("allow all"). TODO(kwalsh) make this a bool 

const (
	ConservativeGuard TrivialGuard = 1 << iota
	LiberalGuard
)

The types of TrivialGuard

func (TrivialGuard) AddRule 

func (t TrivialGuard) AddRule(rule string) error

AddRule adds a policy rule. Subclasses should support at least rules of the form: Authorized(P, op, args...). This is equivalent to calling Authorize(P, op, args...) with each of the arguments converted to either a string or integer.

func (TrivialGuard) Authorize 

func (t TrivialGuard) Authorize(name auth.Prin, op string, args []string) error

Authorize adds an authorization for a principal to perform an operation.

func (TrivialGuard) Clear 

func (t TrivialGuard) Clear() error

Clear removes all rules.

func (TrivialGuard) GetRule 

func (t TrivialGuard) GetRule(i int) string

GetRule returns the ith policy rule, if it exists.

func (TrivialGuard) IsAuthorized 

func (t TrivialGuard) IsAuthorized(name auth.Prin, op string, args []string) bool

IsAuthorized checks whether a principal is authorized to perform an operation.

func (TrivialGuard) Query 

func (t TrivialGuard) Query(query string) (bool, error)

Query the policy. Implementations of this interface should support at least queries of the form: Authorized(P, op, args...).

func (TrivialGuard) Retract 

func (t TrivialGuard) Retract(name auth.Prin, op string, args []string) error

Retract removes an authorization for a principal to perform an operation, essentially reversing the effect of an Authorize() call with identical name, op, and args. Note: this reverses the effect of an Authorize() call with identical parameters of the equivalent AddRule() call. However, particularly when expressive policies are supported (e.g., an "authorize all" rule), other rules may still be in place authorizing the principal to perform the operation.

func (TrivialGuard) RetractRule 

func (t TrivialGuard) RetractRule(rule string) error

RetractRule removes a rule previously added via AddRule() or the equivalent Authorize() call.

func (TrivialGuard) RuleCount 

func (t TrivialGuard) RuleCount() int

RuleCount returns a count of the total number of rules.

func (TrivialGuard) RuleDebugString 

func (t TrivialGuard) RuleDebugString(i int) string

RuleDebugString returns a debug string for the ith policy rule, if it exists. TODO(kwalsh): build this into the auth library.

func (TrivialGuard) Save 

func (t TrivialGuard) Save(key *Signer) error

Save writes all persistent policy data to disk, signed by key.

func (TrivialGuard) String 

func (t TrivialGuard) String() string

String returns a string suitable for showing users authorization info.

func (TrivialGuard) Subprincipal 

func (t TrivialGuard) Subprincipal() auth.SubPrin

Subprincipal returns subprincipal TrivialGuard(<policy>).

type Verifier 

type Verifier struct {
	// contains filtered or unexported fields
}

A Verifier is used to verify signatures.

func FromPrincipal 

func FromPrincipal(prin auth.Prin) (*Verifier, error)

FromPrincipal deserializes a Verifier from a Prin.

func FromX509 

func FromX509(cert *x509.Certificate) (*Verifier, error)

FromX509 creates a Verifier from an X509 certificate.

func UnmarshalVerifierProto 

func UnmarshalVerifierProto(ck *CryptoKey) (*Verifier, error)

UnmarshalVerifierProto decodes a verifying key from a CryptoKey protobuf message.

func (*Verifier) CreateHeader 

func (v *Verifier) CreateHeader() (*CryptoHeader, error)

CreateHeader instantiates and fills in a header for this verifying key.

func (*Verifier) Equals 

func (v *Verifier) Equals(cert *x509.Certificate) bool

Equals checks to see if the public key in the X.509 certificate matches the public key in the verifier.

func (*Verifier) ToPrincipal 

func (v *Verifier) ToPrincipal() auth.Prin

ToPrincipal produces a "key" type Prin for this verifier. This contains a serialized CryptoKey for this key.

func (*Verifier) Verify 

func (v *Verifier) Verify(data []byte, context string, sig []byte) (bool, error)

Verify checks an ECDSA signature over the contextualized data, using the public key of the verifier.

type X509Details 

type X509Details struct {
	CommonName         *string `protobuf:"bytes,1,opt,name=common_name" json:"common_name,omitempty"`
	Country            *string `protobuf:"bytes,2,opt,name=country" json:"country,omitempty"`
	State              *string `protobuf:"bytes,3,opt,name=state" json:"state,omitempty"`
	Organization       *string `protobuf:"bytes,4,opt,name=organization" json:"organization,omitempty"`
	OrganizationalUnit *string `protobuf:"bytes,5,opt,name=organizational_unit" json:"organizational_unit,omitempty"`
	SerialNumber       *int32  `protobuf:"varint,6,opt,name=serial_number" json:"serial_number,omitempty"`
	XXX_unrecognized   []byte  `json:"-"`
}

func (*X509Details) GetCommonName 

func (m *X509Details) GetCommonName() string

func (*X509Details) GetCountry 

func (m *X509Details) GetCountry() string

func (*X509Details) GetOrganization 

func (m *X509Details) GetOrganization() string

func (*X509Details) GetOrganizationalUnit 

func (m *X509Details) GetOrganizationalUnit() string

func (*X509Details) GetSerialNumber 

func (m *X509Details) GetSerialNumber() int32

func (*X509Details) GetState 

func (m *X509Details) GetState() string

func (*X509Details) ProtoMessage 

func (*X509Details) ProtoMessage()

func (*X509Details) Reset 

func (m *X509Details) Reset()

func (*X509Details) String 

func (m *X509Details) String() string

Source Files

View all Source files

Directories

Path Synopsis
Package auth supports Tao authorization and authentication, primarily by defining and implementing a logic for describing principals, their trust relationships, and their beliefs.
 Package auth supports Tao authorization and authentication, primarily by defining and implementing a logic for describing principals, their trust relationships, and their beliefs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.