state

Documentation

Index

• Constants
• Variables
• func DefaultStateDir() string
• func DefaultTPMDevice() string
• type DeviceKey
• type DeviceKeyV3
• type RootKeyV3
• type State
  • func LoadState(keysPath string) (*State, bool, error)
  • func NewState() *State
  • func (s *State) EnsureFresh(cl *api.Client) (bool, error)
  • func (s *State) IsEnrolled() bool
  • func (st *State) Store(keysPath string) error
• type StateTpmKey
• type StateV2
• type StateV3
  • func (s *StateV3) IsEnrolled() bool
• type StubState

Constants

const (
	ClientStateTypeV2 = "client-state/2"
	ClientStateTypeV3 = "client-state/3"
	ClientStateType   = ClientStateTypeV3

	// DefaultVendorSubdir is the name of the subdirectory we create in various common locations (f.e. /var, /etc) to store our data
	// note: if you change this name, you also have to modify the reference in the windows installer wix main xml file
	DefaultVendorSubdir string = "immune-guard"

	DummyTPMIdentifier string = "dummy"
)

Variables

var (
	ErrNotExist = errors.New("non existent")
	ErrInvalid  = errors.New("invalid data")
	ErrNoPerm   = errors.New("no permissions")
)

Functions

func DefaultStateDir

func DefaultStateDir() string

func DefaultTPMDevice

func DefaultTPMDevice() string

Types

type DeviceKey

type DeviceKey DeviceKeyV3

type DeviceKeyV3

type DeviceKeyV3 struct {
	Public     api.PublicKey `json:"public"`
	Private    api.Buffer    `json:"private"`
	Auth       string        `json:"auth"`
	Credential string        `json:"credential"`
}

type RootKeyV3

type RootKeyV3 struct {
	Auth string   `json:"auth"`
	Name api.Name `json:"name"`
}

type State

type State StateV3

Current "head" state struct definition

func LoadState

func LoadState(keysPath string) (*State, bool, error)

LoadState returns a loaded state and a bool if it has been updated or error

func NewState

func NewState() *State

func (*State) EnsureFresh

func (s *State) EnsureFresh(cl *api.Client) (bool, error)

returns true if a new config was fetched this is not really a responsibility of the state at all, however it'll remain here for the time being. just don't make this depend on specific state versions, as the config structure is from the public API and thus has its own versioning and there should be separate code handling different API versions.

func (*State) IsEnrolled

func (s *State) IsEnrolled() bool

func (*State) Store

func (st *State) Store(keysPath string) error

type StateTpmKey

type StateTpmKey struct {
	Public      api.PublicKey `json:"public"`
	Private     api.Buffer    `json:"private"`
	Auth        string        `json:"auth"`
	Certificate string        `json:"certificate"`
}

type StateV2

type StateV2 struct {
	Ty                     string           `json:"type"`
	EndorsementKey         api.PublicKey    `json:"ek"`
	EndorsementCertificate *api.Certificate `json:"ek-certificate"`
	RootKeyAuth            string           `json:"root-key-auth"`
	QuoteKey               StateTpmKey      `json:"quote-key"`
}

Mutable run time data.

type StateV3

type StateV3 struct {
	Ty string `json:"type"`

	// stub TPM
	StubSeed  api.Buffer `json:"stub-seed,omitempty"`  // v3.1 (deprecated)
	StubState *StubState `json:"stub-state,omitempty"` // v3.2

	// /v2/enroll
	Keys                   map[string]DeviceKeyV3 `json:"keys"`
	Root                   RootKeyV3              `json:"root"`
	EndorsementKey         api.PublicKey          `json:"ek"`
	EndorsementCertificate *api.Certificate       `json:"ek-certificate"`
	TPM                    string                 `json:"tpm,omitempty"`       // v3.3
	ServerURL              *url.URL               `json:"serverurl,omitempty"` // v3.4

	// /v2/configuration
	LastUpdate time.Time         `json:"last_update,string"`
	Config     api.Configuration `json:"config"`
}

func (*StateV3) IsEnrolled

func (s *StateV3) IsEnrolled() bool

type StubState

type StubState struct {
	Type           string
	RootKey        api.Buffer `json:"root"`
	EndorsementKey api.Buffer `json:"ek"`
}