Documentation ¶
Overview ¶
Package tao is a generated protocol buffer package.
It is generated from these files:
acl_guard.proto attestation.proto ca.proto datalog_guard.proto domain.proto keys.proto linux_host_admin_rpc.proto linux_host.proto rpc.proto tpm_tao.proto
It has these top-level messages:
ACLSet SignedACLSet Attestation CARequest CAResponse DatalogRules SignedDatalogRules DomainDetails X509Details ACLGuardDetails DatalogGuardDetails TPMDetails TPM2Details DomainConfig DomainTemplate CryptoKey CryptoKeyset PBEData ECDSA_SHA_VerifyingKeyV1 ECDSA_SHA_SigningKeyV1 AES_CTR_HMAC_SHA_CryptingKeyV1 HMAC_SHA_DerivingKeyV1 CryptoHeader SignaturePDU SignedData EncryptedData KeyDerivationPDU LinuxHostAdminRPCRequest LinuxHostAdminRPCHostedProgram LinuxHostAdminRPCResponse LinuxHostSealedBundle LinuxHostConfig RPCRequest RPCResponse HybridSealedData
Package tao is a generated protocol buffer package.
It is generated from these files:
attestation.proto
It has these top-level messages:
Attestation
Package tao is a generated protocol buffer package.
It is generated from these files:
domain.proto
It has these top-level messages:
DomainDetails X509Details ACLGuardDetails DatalogGuardDetails TPMDetails TPM2Details DomainConfig DomainTemplate
Package tao is a generated protocol buffer package.
It is generated from these files:
keys.proto
It has these top-level messages:
CryptoHeader CryptoKey CryptoKeyset PBEData ContextualizedData SignaturePDU SignedData EncryptionIntegrityPDU EncryptedData KeyDerivationPDU
Package tao is a generated protocol buffer package.
It is generated from these files:
proto/rollback.proto
It has these top-level messages:
RollbackEntry RollbackCounterTable RollbackSealedData
Package tao is a generated protocol buffer package.
It is generated from these files:
rpc.proto
It has these top-level messages:
RPCRequest RPCResponse
Index ¶
- Constants
- Variables
- func AddEndorsements(guard Guard, a *Attestation, v *Verifier) error
- func CipherTypeFromSuiteName(suiteName string) *string
- func CleanUpTPMTao(tt *TPMTao)
- func CloudConfigFromSSHKeys(keysFile string) (string, error)
- func CombinedKeySizeFromAlgorithmName(keyType string) *int
- func CrypterTypeFromSuiteName(suiteName string) *string
- func DecodeTwoBytes(b []byte) ([]byte, []byte)
- func DeriverTypeFromSuiteName(suiteName string) *string
- func DeserializeEcdsaPrivateComponents(keyBytes []byte) (*ecdsa.PrivateKey, error)
- func DeserializeEcdsaPublicComponents(keyBytes []byte) (crypto.PrivateKey, error)
- func DeserializeRsaPrivateComponents(keyComponents [][]byte, rsaKey *rsa.PrivateKey) error
- func DeserializeRsaPublicComponents(rsaKey *rsa.PublicKey, keyComponents [][]byte) error
- func Dial(network, addr string, guard Guard, v *Verifier, keys *Keys) (net.Conn, error)
- func DialTLS(network, addr string) (net.Conn, error)
- func DialTLSWithKeys(network, addr string, keys *Keys) (net.Conn, error)
- func DialWithNewX509(network, addr string, guard Guard, v *Verifier) (net.Conn, error)
- func EncodeTLSCert(keys *Keys) (*tls.Certificate, error)
- func EncodeTwoBytes(b1 []byte, b2 []byte) []byte
- func FinalizeTPM2Tao(tt *TPM2Tao)
- func FinalizeTPMTao(tt *TPMTao)
- func FormatCoreOSSubprin(id uint, hash []byte) auth.SubPrin
- func FormatCustomVmSubprin(id uint, kernelHash []byte, initramHash []byte) auth.SubPrin
- func FormatDockerSubprin(id uint, hash []byte) auth.SubPrin
- func FormatLinuxHostSubprin(id uint, hash []byte) auth.SubPrin
- func FormatProcessSubprin(id uint, hash []byte) auth.SubPrin
- func HandleCARequest(conn net.Conn, s *Signer, guard Guard)
- func HandleEndorsement(keySize int, ...) error
- func HandlePolicyKey(keySize int, policyKeyFile, policyKeyPassword, policyCertFile string) error
- func HandleQuote(network, addr, pass, path string, details X509Details) error
- func HashTypeFromSuiteName(suiteName string) *string
- func HmacKeySizeFromAlgorithmName(keyType string) *int
- func HmacSizeFromAlgorithmName(keyType string) *int
- func HmacTypeFromSuiteName(suiteName string) *string
- func IdenticalDelegations(s, t auth.Form) bool
- func IsCrypter(keyType string) bool
- func IsDeriver(keyType string) bool
- func IsP256(ecPk *ecdsa.PublicKey) bool
- func IsP384(ecPk *ecdsa.PublicKey) bool
- func IsP521(ecPk *ecdsa.PublicKey) bool
- func IsSinger(keyType string) bool
- func KeyComponentsFromCrypter(c *Crypter) ([][]byte, error)
- func KeyComponentsFromDeriver(d *Deriver) ([][]byte, error)
- func KeyComponentsFromSigner(s *Signer) ([][]byte, error)
- func KeyComponentsFromVerifier(v *Verifier) ([][]byte, error)
- func Listen(network, laddr string, config *tls.Config, g Guard, v *Verifier, ...) (net.Listener, error)
- func ListenAnonymous(network, laddr string, config *tls.Config, g Guard, v *Verifier, ...) (net.Listener, error)
- func ListenTLS(network, addr string) (net.Listener, error)
- func MakeTPM2Prin(verifier *rsa.PublicKey, pcrNums []int, pcrVals [][]byte) (auth.Prin, error)
- func MakeTPMPrin(verifier *rsa.PublicKey, pcrNums []int, pcrVals [][]byte) (auth.Prin, error)
- func MakeUniversalKeyNameFromCanonicalBytes(cn []byte) []byte
- func MarshalCryptoKey(ck CryptoKey) []byte
- func MarshalKeys(k *Keys) ([]byte, error)
- func MarshalKeyset(cks *CryptoKeyset) ([]byte, error)
- func MarshalSignerDER(s *Signer) ([]byte, error)
- func NewAuthenticatedFileSocket(sock *net.UnixListener) error
- func NewX509Name(p *X509Details) *pkix.Name
- func PBEDecrypt(ciphertext, password []byte) ([]byte, error)
- func PBEEncrypt(plaintext, password []byte) ([]byte, error)
- func PrepareX509Template(pkAlg int, sigAlg int, sn int64, subjectName *pkix.Name) *x509.Certificate
- func PrintACLGuardDetails(x *ACLGuardDetails)
- func PrintCryptoKey(cryptoKey *CryptoKey)
- func PrintCryptoKeyHeader(header CryptoHeader)
- func PrintDatalogGuardDetails(x *DatalogGuardDetails)
- func PrintDomain(d *Domain)
- func PrintDomainConfig(cf *DomainConfig)
- func PrintDomainDetails(x *DomainDetails)
- func PrintKeys(keys *Keys)
- func PrintPKIXName(title string, name *pkix.Name)
- func PrintSealedData(d *RollbackSealedData)
- func PrintTPM2Details(x *TPM2Details)
- func PrintTPMDetails(x *TPMDetails)
- func PrintX509Details(x *X509Details)
- func PrivateKeyFromCryptoKey(k CryptoKey) (crypto.PrivateKey, error)
- func Protect(keys []byte, in []byte) ([]byte, error)
- func PublicKeyAlgFromSignerAlg(signerAlg string) int
- func PublicKeyFromCryptoKey(k CryptoKey) (crypto.PublicKey, error)
- func ReadPCRs(tpmfile *os.File, pcrNums []int) ([][]byte, error)
- func ReadTPM2PCRs(rw io.ReadWriter, pcrNums []int) ([][]byte, error)
- func Register(name string, generator func(string) (Tao, error))
- func SaveKeyset(k *Keys, dir string) error
- func SerializeEcdsaPrivateComponents(ecKey *ecdsa.PrivateKey) ([]byte, error)
- func SerializeEcdsaPublicComponents(ecKey *ecdsa.PublicKey) ([]byte, error)
- func SerializeRsaPrivateComponents(rsaKey *rsa.PrivateKey) ([][]byte, error)
- func SerializeRsaPublicComponents(rsaKey *rsa.PublicKey) ([][]byte, error)
- func SignatureAlgFromSignerAlg(signerAlg string) int
- func SignerTypeFromSuiteName(suiteName string) *string
- func SymmetricBlockSizeFromAlgorithmName(keyType string) *int
- func SymmetricKeySizeFromAlgorithmName(keyType string) *int
- func Tpm2ClientDecodeServerResponse(rw io.ReadWriter, protectorHandle tpm2.Handle, quoteHandle tpm2.Handle, ...) ([]byte, error)
- func Tpm2ConstructClientRequest(rw io.ReadWriter, derEkCert []byte, pcrs []int, qh tpm2.Handle, ...) (*tpm2.ProgramCertRequestMessage, error)
- func TruncateAttestation(kprin auth.Prin, a *Attestation) (auth.Says, auth.PrinExt, error)
- func UnmarshalKeyset(buf []byte, cks *CryptoKeyset) error
- func Unprotect(keys []byte, in []byte) ([]byte, error)
- func ValidatePeerAttestation(a *Attestation, cert *x509.Certificate, guard Guard) error
- func VerifierTypeFromSuiteName(suiteName string) *string
- func WriteRollbackTable(rollBackTable *RollbackCounterTable, fileName string, tableKey []byte) bool
- func ZeroBytes(b []byte)
- type ACLGuard
- func (a *ACLGuard) AddRule(rule string) error
- func (a *ACLGuard) Authorize(name auth.Prin, op string, args []string) error
- func (a *ACLGuard) Clear() error
- func (a *ACLGuard) GetRule(i int) string
- func (a *ACLGuard) GetSignedACLSet(signer *Signer) (*SignedACLSet, error)
- func (a *ACLGuard) IsAuthorized(name auth.Prin, op string, args []string) bool
- func (a *ACLGuard) Query(query string) (bool, error)
- func (a *ACLGuard) Retract(name auth.Prin, op string, args []string) error
- func (a *ACLGuard) RetractRule(rule string) error
- func (a *ACLGuard) RuleCount() int
- func (a *ACLGuard) RuleDebugString(i int) string
- func (a *ACLGuard) Save(signer *Signer) error
- func (a *ACLGuard) String() string
- func (a *ACLGuard) Subprincipal() auth.SubPrin
- type ACLGuardDetails
- type ACLSet
- type Attestation
- func (*Attestation) Descriptor() ([]byte, []int)
- func (m *Attestation) GetRootEndorsement() []byte
- func (m *Attestation) GetSerializedDelegation() []byte
- func (m *Attestation) GetSerializedEndorsements() [][]byte
- func (m *Attestation) GetSerializedStatement() []byte
- func (m *Attestation) GetSignature() []byte
- func (m *Attestation) GetSignerKey() []byte
- func (m *Attestation) GetSignerType() string
- func (m *Attestation) GetTpm2QuoteStructure() []byte
- func (*Attestation) ProtoMessage()
- func (m *Attestation) Reset()
- func (m *Attestation) String() string
- func (a *Attestation) ValidSigner() (auth.Prin, error)
- func (a *Attestation) Validate() (auth.Says, error)
- type CARequest
- type CAResponse
- func (*CAResponse) Descriptor() ([]byte, []int)
- func (m *CAResponse) GetAttestation() *Attestation
- func (m *CAResponse) GetSignedAclSet() *SignedACLSet
- func (m *CAResponse) GetSignedDatalogRules() *SignedDatalogRules
- func (m *CAResponse) GetType() CAType
- func (*CAResponse) ProtoMessage()
- func (m *CAResponse) Reset()
- func (m *CAResponse) String() string
- type CAType
- type CachedGuard
- func (cg *CachedGuard) AddRule(rule string) error
- func (cg *CachedGuard) Authorize(name auth.Prin, op string, args []string) error
- func (cg *CachedGuard) Clear() error
- func (cg *CachedGuard) GetRule(i int) string
- func (cg *CachedGuard) IsAuthorized(name auth.Prin, op string, args []string) bool
- func (cg *CachedGuard) IsExpired() bool
- func (cg *CachedGuard) Query(query string) (bool, error)
- func (cg *CachedGuard) Reload() error
- func (cg *CachedGuard) Retract(name auth.Prin, op string, args []string) error
- func (cg *CachedGuard) RetractRule(rule string) error
- func (cg *CachedGuard) RuleCount() int
- func (cg *CachedGuard) RuleDebugString(i int) string
- func (cg *CachedGuard) Save(key *Signer) error
- func (cg *CachedGuard) String() string
- func (cg *CachedGuard) Subprincipal() auth.SubPrin
- type CachedGuardType
- type Config
- type ContextualizedData
- type CoreOSConfig
- type Crypter
- type CryptoHeader
- func (*CryptoHeader) Descriptor() ([]byte, []int)
- func (m *CryptoHeader) GetKeyEpoch() int32
- func (m *CryptoHeader) GetKeyName() string
- func (m *CryptoHeader) GetKeyPurpose() string
- func (m *CryptoHeader) GetKeyStatus() string
- func (m *CryptoHeader) GetKeyType() string
- func (m *CryptoHeader) GetVersion() CryptoVersion
- func (*CryptoHeader) ProtoMessage()
- func (m *CryptoHeader) Reset()
- func (m *CryptoHeader) String() string
- type CryptoKey
- func CryptoKeyFromCrypter(c *Crypter) (*CryptoKey, error)
- func CryptoKeyFromDeriver(d *Deriver) (*CryptoKey, error)
- func CryptoKeyFromSigner(s *Signer) (*CryptoKey, error)
- func CryptoKeyFromVerifier(v *Verifier) (*CryptoKey, error)
- func GenerateCryptoKey(keyType string, keyName *string, keyEpoch *int32, keyPurpose *string, ...) *CryptoKey
- func UnmarshalCryptoKey(bytes []byte) (*CryptoKey, error)
- type CryptoKeyset
- func (*CryptoKeyset) Descriptor() ([]byte, []int)
- func (m *CryptoKeyset) GetCert() []byte
- func (m *CryptoKeyset) GetCertChain() [][]byte
- func (m *CryptoKeyset) GetDelegation() *Attestation
- func (m *CryptoKeyset) GetKeys() [][]byte
- func (*CryptoKeyset) ProtoMessage()
- func (m *CryptoKeyset) Reset()
- func (m *CryptoKeyset) String() string
- type CryptoVersion
- type DatalogGuard
- func (g *DatalogGuard) AddRule(rule string) error
- func (g *DatalogGuard) Authorize(p auth.Prin, op string, args []string) error
- func (g *DatalogGuard) Clear() error
- func (g *DatalogGuard) GetRule(i int) string
- func (g *DatalogGuard) GetSignedDatalogRules(signer *Signer) (*SignedDatalogRules, error)
- func (g *DatalogGuard) IsAuthorized(p auth.Prin, op string, args []string) bool
- func (g *DatalogGuard) Query(query string) (bool, error)
- func (g *DatalogGuard) ReloadIfModified() error
- func (g *DatalogGuard) Retract(p auth.Prin, op string, args []string) error
- func (g *DatalogGuard) RetractRule(rule string) error
- func (g *DatalogGuard) RuleCount() int
- func (g *DatalogGuard) RuleDebugString(i int) string
- func (g *DatalogGuard) Save(signer *Signer) error
- func (g *DatalogGuard) String() string
- func (g *DatalogGuard) Subprincipal() auth.SubPrin
- type DatalogGuardDetails
- type DatalogRules
- type Deriver
- type DockerContainer
- func (p *DockerContainer) Cleanup() error
- func (dc *DockerContainer) ContainerName() (string, error)
- func (dc *DockerContainer) ExitStatus() (int, error)
- func (dc *DockerContainer) Kill() error
- func (dc *DockerContainer) Pid() int
- func (dc *DockerContainer) Spec() HostedProgramSpec
- func (dc *DockerContainer) Start() (channel io.ReadWriteCloser, err error)
- func (dc *DockerContainer) StartDocker() error
- func (dc *DockerContainer) Stop() error
- func (dc *DockerContainer) Subprin() auth.SubPrin
- func (dc *DockerContainer) WaitChan() <-chan bool
- type Domain
- type DomainConfig
- func (*DomainConfig) Descriptor() ([]byte, []int)
- func (m *DomainConfig) GetAclGuardInfo() *ACLGuardDetails
- func (m *DomainConfig) GetDatalogGuardInfo() *DatalogGuardDetails
- func (m *DomainConfig) GetDomainInfo() *DomainDetails
- func (m *DomainConfig) GetTpm2Info() *TPM2Details
- func (m *DomainConfig) GetTpmInfo() *TPMDetails
- func (m *DomainConfig) GetX509Info() *X509Details
- func (*DomainConfig) ProtoMessage()
- func (m *DomainConfig) Reset()
- func (cfg *DomainConfig) SetDefaults()
- func (m *DomainConfig) String() string
- type DomainDetails
- func (*DomainDetails) Descriptor() ([]byte, []int)
- func (m *DomainDetails) GetCipherSuite() string
- func (m *DomainDetails) GetGuardAddress() string
- func (m *DomainDetails) GetGuardNetwork() string
- func (m *DomainDetails) GetGuardTtl() int64
- func (m *DomainDetails) GetGuardType() string
- func (m *DomainDetails) GetName() string
- func (m *DomainDetails) GetPolicyKeysPath() string
- func (*DomainDetails) ProtoMessage()
- func (m *DomainDetails) Reset()
- func (m *DomainDetails) String() string
- type DomainTemplate
- func (*DomainTemplate) Descriptor() ([]byte, []int)
- func (m *DomainTemplate) GetAclRules() []string
- func (m *DomainTemplate) GetConfig() *DomainConfig
- func (m *DomainTemplate) GetContainerPaths() []string
- func (m *DomainTemplate) GetContainerPredicateName() string
- func (m *DomainTemplate) GetDatalogRules() []string
- func (m *DomainTemplate) GetGuardPredicateName() string
- func (m *DomainTemplate) GetHostName() string
- func (m *DomainTemplate) GetHostPredicateName() string
- func (m *DomainTemplate) GetLinuxHostPaths() []string
- func (m *DomainTemplate) GetLinuxHostPredicateName() string
- func (m *DomainTemplate) GetOsPredicateName() string
- func (m *DomainTemplate) GetProgramPaths() []string
- func (m *DomainTemplate) GetProgramPredicateName() string
- func (m *DomainTemplate) GetTpm2PredicateName() string
- func (m *DomainTemplate) GetTpmPredicateName() string
- func (m *DomainTemplate) GetVmPaths() []string
- func (m *DomainTemplate) GetVmPredicateName() string
- func (*DomainTemplate) ProtoMessage()
- func (m *DomainTemplate) Reset()
- func (m *DomainTemplate) String() string
- type EncryptedData
- func (*EncryptedData) Descriptor() ([]byte, []int)
- func (m *EncryptedData) GetCiphertext() []byte
- func (m *EncryptedData) GetHeader() *CryptoHeader
- func (m *EncryptedData) GetIv() []byte
- func (m *EncryptedData) GetMac() []byte
- func (*EncryptedData) ProtoMessage()
- func (m *EncryptedData) Reset()
- func (m *EncryptedData) String() string
- type EncryptionIntegrityPDU
- func (*EncryptionIntegrityPDU) Descriptor() ([]byte, []int)
- func (m *EncryptionIntegrityPDU) GetCiphertext() []byte
- func (m *EncryptionIntegrityPDU) GetHeader() *CryptoHeader
- func (m *EncryptionIntegrityPDU) GetIv() []byte
- func (*EncryptionIntegrityPDU) ProtoMessage()
- func (m *EncryptionIntegrityPDU) Reset()
- func (m *EncryptionIntegrityPDU) String() string
- type Guard
- type Host
- type HostTaoType
- type HostedProcess
- func (p *HostedProcess) Cleanup() error
- func (p *HostedProcess) ExitStatus() (int, error)
- func (p *HostedProcess) Kill() error
- func (p *HostedProcess) Pid() int
- func (p *HostedProcess) Spec() HostedProgramSpec
- func (p *HostedProcess) Start() (channel io.ReadWriteCloser, err error)
- func (p *HostedProcess) Stop() error
- func (p *HostedProcess) Subprin() auth.SubPrin
- func (p *HostedProcess) WaitChan() <-chan bool
- type HostedProgram
- type HostedProgramFactory
- func NewLinuxDockerContainerFactory(sockDir, rulesPath string) HostedProgramFactory
- func NewLinuxKVMCoreOSFactory(sockPath string, cfg *CoreOSConfig) (HostedProgramFactory, error)
- func NewLinuxKVMCustomFactory(cfg *VmConfig) HostedProgramFactory
- func NewLinuxProcessFactory(channelType, socketPath string) HostedProgramFactory
- type HostedProgramSpec
- type HostedProgramType
- type HybridSealedData
- type KeyDerivationPDU
- func (*KeyDerivationPDU) Descriptor() ([]byte, []int)
- func (m *KeyDerivationPDU) GetContext() string
- func (m *KeyDerivationPDU) GetIndex() uint32
- func (m *KeyDerivationPDU) GetPreviousHash() []byte
- func (m *KeyDerivationPDU) GetSize() uint32
- func (*KeyDerivationPDU) ProtoMessage()
- func (m *KeyDerivationPDU) Reset()
- func (m *KeyDerivationPDU) String() string
- type KeyType
- type Keys
- func KeysFromCryptoKeyset(cks *CryptoKeyset) (*Keys, error)
- func LoadKeys(keyTypes KeyType, t Tao, path, policy string) (*Keys, error)
- func NewOnDiskPBEKeys(keyTypes KeyType, password []byte, path string, name *pkix.Name) (*Keys, error)
- func NewOnDiskTaoSealedKeys(keyTypes KeyType, t Tao, path, policy string) (*Keys, error)
- func NewSignedOnDiskPBEKeys(keyTypes KeyType, password []byte, path string, name *pkix.Name, serial int, ...) (*Keys, error)
- func NewTemporaryKeys(keyTypes KeyType) (*Keys, error)
- func NewTemporaryTaoDelegatedKeys(keyTypes KeyType, t Tao) (*Keys, error)
- func UnmarshalKeys(b []byte) (*Keys, error)
- func (k *Keys) NewSecret(file string, length int) ([]byte, error)
- func (k *Keys) PBEKeysetPath() string
- func (k *Keys) PBESignerPath() string
- func (k *Keys) PlaintextKeysetPath() string
- func (k *Keys) Save(t Tao) error
- func (k *Keys) SealedKeysetPath() string
- func (k *Keys) X509VerifierPath() string
- type KvmCoreOSContainer
- func (kcc *KvmCoreOSContainer) Cleanup() error
- func (kcc *KvmCoreOSContainer) ExitStatus() (int, error)
- func (kcc *KvmCoreOSContainer) Kill() error
- func (kcc *KvmCoreOSContainer) Pid() int
- func (kcc *KvmCoreOSContainer) Spec() HostedProgramSpec
- func (kcc *KvmCoreOSContainer) Start() (channel io.ReadWriteCloser, err error)
- func (kcc *KvmCoreOSContainer) Stop() error
- func (kcc *KvmCoreOSContainer) Subprin() auth.SubPrin
- func (kcc *KvmCoreOSContainer) WaitChan() <-chan bool
- type KvmCustomContainer
- func (kcc *KvmCustomContainer) Cleanup() error
- func (kcc *KvmCustomContainer) ExitStatus() (int, error)
- func (kcc *KvmCustomContainer) Kill() error
- func (kcc *KvmCustomContainer) Pid() int
- func (kcc *KvmCustomContainer) Spec() HostedProgramSpec
- func (kcc *KvmCustomContainer) Start() (channel io.ReadWriteCloser, err error)
- func (kcc *KvmCustomContainer) Stop() error
- func (kcc *KvmCustomContainer) Subprin() auth.SubPrin
- func (kcc *KvmCustomContainer) WaitChan() <-chan bool
- type LinuxDockerContainerFactory
- type LinuxHost
- func (lh *LinuxHost) Attest(child *LinuxHostChild, issuer *auth.Prin, time, expiration *int64, ...) (*Attestation, error)
- func (lh *LinuxHost) ExtendTaoName(child *LinuxHostChild, ext auth.SubPrin) error
- func (lh *LinuxHost) GetCounter(child *LinuxHostChild, label string) (int64, error)
- func (lh *LinuxHost) GetRandomBytes(child *LinuxHostChild, n int) ([]byte, error)
- func (lh *LinuxHost) GetSharedSecret(child *LinuxHostChild, n int, policy string) ([]byte, error)
- func (lh *LinuxHost) GetTaoName(child *LinuxHostChild) auth.Prin
- func (lh *LinuxHost) HostName() auth.Prin
- func (lh *LinuxHost) InitCounter(child *LinuxHostChild, label string, c int64) error
- func (lh *LinuxHost) KillHostedProgram(subprin auth.SubPrin) error
- func (lh *LinuxHost) ListHostedPrograms() ([]auth.SubPrin, []int, error)
- func (lh *LinuxHost) RollbackProtectedSeal(child *LinuxHostChild, label string, data []byte, policy string) ([]byte, error)
- func (lh *LinuxHost) RollbackProtectedUnseal(child *LinuxHostChild, sealed []byte) ([]byte, string, error)
- func (lh *LinuxHost) Seal(child *LinuxHostChild, data []byte, policy string) ([]byte, error)
- func (lh *LinuxHost) Shutdown() error
- func (lh *LinuxHost) StartHostedProgram(spec HostedProgramSpec) (auth.SubPrin, int, error)
- func (lh *LinuxHost) StopHostedProgram(subprin auth.SubPrin) error
- func (lh *LinuxHost) Unseal(child *LinuxHostChild, sealed []byte) ([]byte, string, error)
- func (lh *LinuxHost) WaitHostedProgram(pid int, subprin auth.SubPrin) (int, error)
- type LinuxHostAdminClient
- func (client LinuxHostAdminClient) HostName() (auth.Prin, error)
- func (client LinuxHostAdminClient) KillHostedProgram(subprin auth.SubPrin) error
- func (client LinuxHostAdminClient) ListHostedPrograms() (name []auth.SubPrin, pid []int, err error)
- func (client LinuxHostAdminClient) Shutdown() error
- func (client LinuxHostAdminClient) StartHostedProgram(spec *HostedProgramSpec) (auth.SubPrin, int, error)
- func (client LinuxHostAdminClient) StopHostedProgram(subprin auth.SubPrin) error
- func (client LinuxHostAdminClient) WaitHostedProgram(pid int, subprin auth.SubPrin) (int, error)
- type LinuxHostAdminRPCHostedProgram
- func (*LinuxHostAdminRPCHostedProgram) Descriptor() ([]byte, []int)
- func (m *LinuxHostAdminRPCHostedProgram) GetPid() int32
- func (m *LinuxHostAdminRPCHostedProgram) GetSubprin() []byte
- func (*LinuxHostAdminRPCHostedProgram) ProtoMessage()
- func (m *LinuxHostAdminRPCHostedProgram) Reset()
- func (m *LinuxHostAdminRPCHostedProgram) String() string
- type LinuxHostAdminRPCRequest
- func (*LinuxHostAdminRPCRequest) Descriptor() ([]byte, []int)
- func (m *LinuxHostAdminRPCRequest) GetArgs() []string
- func (m *LinuxHostAdminRPCRequest) GetContainerArgs() []string
- func (m *LinuxHostAdminRPCRequest) GetDir() string
- func (m *LinuxHostAdminRPCRequest) GetPath() string
- func (m *LinuxHostAdminRPCRequest) GetPid() int32
- func (m *LinuxHostAdminRPCRequest) GetStderr() int32
- func (m *LinuxHostAdminRPCRequest) GetStdin() int32
- func (m *LinuxHostAdminRPCRequest) GetStdout() int32
- func (m *LinuxHostAdminRPCRequest) GetSubprin() []byte
- func (*LinuxHostAdminRPCRequest) ProtoMessage()
- func (m *LinuxHostAdminRPCRequest) Reset()
- func (m *LinuxHostAdminRPCRequest) String() string
- type LinuxHostAdminRPCResponse
- func (*LinuxHostAdminRPCResponse) Descriptor() ([]byte, []int)
- func (m *LinuxHostAdminRPCResponse) GetChild() []*LinuxHostAdminRPCHostedProgram
- func (m *LinuxHostAdminRPCResponse) GetPrin() []byte
- func (m *LinuxHostAdminRPCResponse) GetStatus() int32
- func (*LinuxHostAdminRPCResponse) ProtoMessage()
- func (m *LinuxHostAdminRPCResponse) Reset()
- func (m *LinuxHostAdminRPCResponse) String() string
- type LinuxHostAdminServer
- type LinuxHostChild
- type LinuxHostConfig
- func (m *LinuxHostConfig) GetHosting() string
- func (m *LinuxHostConfig) GetKvmCoreosImg() string
- func (m *LinuxHostConfig) GetKvmCoreosSshAuthKeys() string
- func (m *LinuxHostConfig) GetKvmCoreosVmMemory() int32
- func (m *LinuxHostConfig) GetKvmCustomVmMemory() int32
- func (m *LinuxHostConfig) GetParentSpec() string
- func (m *LinuxHostConfig) GetParentType() string
- func (m *LinuxHostConfig) GetSocketDir() string
- func (m *LinuxHostConfig) GetType() string
- func (*LinuxHostConfig) ProtoMessage()
- func (m *LinuxHostConfig) Reset()
- func (m *LinuxHostConfig) String() string
- type LinuxHostSealedBundle
- type LinuxHostTaoServer
- type LinuxKVMCoreOSFactory
- type LinuxKVMCustomFactory
- type LinuxProcessFactory
- type PBEData
- func (*PBEData) Descriptor() ([]byte, []int)
- func (m *PBEData) GetCipher() string
- func (m *PBEData) GetCiphertext() []byte
- func (m *PBEData) GetHmac() string
- func (m *PBEData) GetIterations() int32
- func (m *PBEData) GetIv() []byte
- func (m *PBEData) GetSalt() []byte
- func (m *PBEData) GetVersion() CryptoVersion
- func (*PBEData) ProtoMessage()
- func (m *PBEData) Reset()
- func (m *PBEData) String() string
- type RPC
- func (t *RPC) Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)
- func (t *RPC) ExtendTaoName(subprin auth.SubPrin) error
- func (t *RPC) GetCounter(label string) (c int64, err error)
- func (t *RPC) GetRandomBytes(n int) ([]byte, error)
- func (t *RPC) GetSharedSecret(n int, policy string) ([]byte, error)
- func (t *RPC) GetTaoName() (auth.Prin, error)
- func (t *RPC) InitCounter(label string, c int64) (err error)
- func (t *RPC) Rand() io.Reader
- func (t *RPC) RollbackProtectedSeal(label string, data []byte, policy string) (sealed []byte, err error)
- func (t *RPC) RollbackProtectedUnseal(sealed []byte) (data []byte, policy string, err error)
- func (t *RPC) Seal(data []byte, policy string) (sealed []byte, err error)
- func (t *RPC) Unseal(sealed []byte) (data []byte, policy string, err error)
- type RPCRequest
- func (*RPCRequest) Descriptor() ([]byte, []int)
- func (m *RPCRequest) GetCounter() int64
- func (m *RPCRequest) GetData() []byte
- func (m *RPCRequest) GetExpiration() int64
- func (m *RPCRequest) GetIssuer() []byte
- func (m *RPCRequest) GetLabel() string
- func (m *RPCRequest) GetPolicy() string
- func (m *RPCRequest) GetSize() int32
- func (m *RPCRequest) GetTime() int64
- func (*RPCRequest) ProtoMessage()
- func (m *RPCRequest) Reset()
- func (m *RPCRequest) String() string
- type RPCResponse
- type RollbackCounterTable
- func (*RollbackCounterTable) Descriptor() ([]byte, []int)
- func (m *RollbackCounterTable) GetEntries() []*RollbackEntry
- func (t *RollbackCounterTable) LookupRollbackEntry(programName string, entryName string) *RollbackEntry
- func (t *RollbackCounterTable) PrintRollbackTable()
- func (*RollbackCounterTable) ProtoMessage()
- func (m *RollbackCounterTable) Reset()
- func (t *RollbackCounterTable) SaveHostRollbackTableWithNewKeys(lh *LinuxHost, child *LinuxHostChild, sealedKeyFileName string, ...) bool
- func (m *RollbackCounterTable) String() string
- func (t *RollbackCounterTable) UpdateRollbackEntry(programName string, entryName string, c *int64) *RollbackEntry
- type RollbackEntry
- func (*RollbackEntry) Descriptor() ([]byte, []int)
- func (m *RollbackEntry) GetCounter() int64
- func (m *RollbackEntry) GetEntryLabel() string
- func (m *RollbackEntry) GetHostedProgramName() string
- func (e *RollbackEntry) PrintRollbackEntry()
- func (*RollbackEntry) ProtoMessage()
- func (m *RollbackEntry) Reset()
- func (m *RollbackEntry) String() string
- type RollbackSealedData
- type RootHost
- func (t *RootHost) AddedHostedProgram(childSubprin auth.SubPrin) error
- func (t *RootHost) Attest(childSubprin auth.SubPrin, issuer *auth.Prin, time, expiration *int64, ...) (*Attestation, error)
- func (t *RootHost) Decrypt(encrypted []byte) (data []byte, err error)
- func (t *RootHost) Encrypt(data []byte) (encrypted []byte, err error)
- func (s *RootHost) GetCounter(label string) (int64, error)
- func (t *RootHost) GetRandomBytes(childSubprin auth.SubPrin, n int) (bytes []byte, err error)
- func (t *RootHost) GetSharedSecret(tag string, n int) (bytes []byte, err error)
- func (t *RootHost) GetVerifier() *Verifier
- func (t *RootHost) HostName() auth.Prin
- func (s *RootHost) InitCounter(label string, c int64) error
- func (t *RootHost) LoadCert(cert *x509.Certificate)
- func (t *RootHost) RemovedHostedProgram(childSubprin auth.SubPrin) error
- func (s *RootHost) RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)
- func (s *RootHost) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)
- type SignaturePDU
- type SignedACLSet
- type SignedData
- type SignedDatalogRules
- type Signer
- func (s *Signer) CanonicalKeyBytesFromSigner() ([]byte, error)
- func (s *Signer) Clear()
- func (s *Signer) CreateCRL(cert *x509.Certificate, revokedCerts []pkix.RevokedCertificate, ...) ([]byte, error)
- func (s *Signer) CreateSelfSignedDER(pkAlg int, sigAlg int, sn int64, name *pkix.Name) ([]byte, error)
- func (s *Signer) CreateSelfSignedX509(pkAlg int, sigAlg int, sn int64, name *pkix.Name) (*x509.Certificate, error)
- func (s *Signer) CreateSignedX509(caCert *x509.Certificate, sn int, subjectKey *Verifier, pkAlg int, sigAlg int, ...) (*x509.Certificate, error)
- func (s *Signer) CreateSignedX509FromTemplate(caCert *x509.Certificate, template *x509.Certificate, subjectKey *Verifier, ...) (*x509.Certificate, error)
- func (s *Signer) GetSignerPrivateKey() crypto.PrivateKey
- func (s *Signer) GetVerifierFromSigner() *Verifier
- func (s *Signer) Sign(data []byte, context string) ([]byte, error)
- func (s *Signer) ToPrincipal() auth.Prin
- func (s *Signer) UniversalKeyNameFromSigner() ([]byte, error)
- type SoftTao
- func (s *SoftTao) Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)
- func (s *SoftTao) ExtendTaoName(subprin auth.SubPrin) error
- func (s *SoftTao) GetCounter(label string) (int64, error)
- func (s *SoftTao) GetRandomBytes(n int) ([]byte, error)
- func (s *SoftTao) GetSharedSecret(n int, policy string) ([]byte, error)
- func (s *SoftTao) GetTaoName() (auth.Prin, error)
- func (s *SoftTao) GetVerifier() *Verifier
- func (s *SoftTao) InitCounter(label string, c int64) error
- func (s *SoftTao) Rand() io.Reader
- func (s *SoftTao) Read(p []byte) (int, error)
- func (s *SoftTao) RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)
- func (s *SoftTao) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)
- func (s *SoftTao) Seal(data []byte, policy string) ([]byte, error)
- func (s *SoftTao) Unseal(sealed []byte) (data []byte, policy string, err error)
- type StackedHost
- func (t *StackedHost) AddedHostedProgram(childSubprin auth.SubPrin) error
- func (t *StackedHost) Attest(childSubprin auth.SubPrin, issuer *auth.Prin, time, expiration *int64, ...) (*Attestation, error)
- func (t *StackedHost) Decrypt(encrypted []byte) (data []byte, err error)
- func (t *StackedHost) Encrypt(data []byte) (encrypted []byte, err error)
- func (s *StackedHost) GetCounter(label string) (int64, error)
- func (t *StackedHost) GetRandomBytes(childSubprin auth.SubPrin, n int) (bytes []byte, err error)
- func (t *StackedHost) GetSharedSecret(tag string, n int) (bytes []byte, err error)
- func (t *StackedHost) HostName() auth.Prin
- func (s *StackedHost) InitCounter(label string, c int64) error
- func (t *StackedHost) RemovedHostedProgram(childSubprin auth.SubPrin) error
- func (s *StackedHost) RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)
- func (s *StackedHost) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)
- type TPM2Details
- func (*TPM2Details) Descriptor() ([]byte, []int)
- func (m *TPM2Details) GetTpm2Device() string
- func (m *TPM2Details) GetTpm2EkCert() string
- func (m *TPM2Details) GetTpm2InfoDir() string
- func (m *TPM2Details) GetTpm2Pcrs() string
- func (m *TPM2Details) GetTpm2QuoteCert() string
- func (m *TPM2Details) GetTpm2SealCert() string
- func (*TPM2Details) ProtoMessage()
- func (m *TPM2Details) Reset()
- func (m *TPM2Details) String() string
- type TPM2Tao
- func (tt *TPM2Tao) Attest(issuer *auth.Prin, start, expiration *int64, message auth.Form) (*Attestation, error)
- func (tt *TPM2Tao) ExtendTaoName(subprin auth.SubPrin) error
- func (s *TPM2Tao) GetCounter(label string) (int64, error)
- func (tt *TPM2Tao) GetPcrNums() []int
- func (tt *TPM2Tao) GetRandomBytes(n int) ([]byte, error)
- func (tt *TPM2Tao) GetRsaTPMKey(handle tpm2.Handle) (*rsa.PublicKey, error)
- func (tt *TPM2Tao) GetSharedSecret(n int, policy string) (bytes []byte, err error)
- func (tt *TPM2Tao) GetTaoName() (name auth.Prin, err error)
- func (s *TPM2Tao) InitCounter(label string, c int64) error
- func (tt *TPM2Tao) Rand() io.Reader
- func (tt *TPM2Tao) ReadRandom(p []byte) (int, error)
- func (s *TPM2Tao) RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)
- func (s *TPM2Tao) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)
- func (tt *TPM2Tao) Seal(data []byte, policy string) ([]byte, error)
- func (tt *TPM2Tao) Tpm2Certify(network, addr string, keyName string) ([]byte, error)
- func (tt *TPM2Tao) Unseal(sealed []byte) (data []byte, policy string, err error)
- type TPMDetails
- func (*TPMDetails) Descriptor() ([]byte, []int)
- func (m *TPMDetails) GetAikCertPath() string
- func (m *TPMDetails) GetAikPath() string
- func (m *TPMDetails) GetPcrs() string
- func (m *TPMDetails) GetTpmPath() string
- func (*TPMDetails) ProtoMessage()
- func (m *TPMDetails) Reset()
- func (m *TPMDetails) String() string
- type TPMTao
- func (tt *TPMTao) Attest(issuer *auth.Prin, start, expiration *int64, message auth.Form) (*Attestation, error)
- func (tt *TPMTao) ExtendTaoName(subprin auth.SubPrin) error
- func (s *TPMTao) GetCounter(label string) (int64, error)
- func (tt *TPMTao) GetRandomBytes(n int) ([]byte, error)
- func (tt *TPMTao) GetSharedSecret(n int, policy string) (bytes []byte, err error)
- func (tt *TPMTao) GetTaoName() (name auth.Prin, err error)
- func (s *TPMTao) InitCounter(label string, c int64) error
- func (tt *TPMTao) Rand() io.Reader
- func (tt *TPMTao) Read(p []byte) (int, error)
- func (s *TPMTao) RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)
- func (s *TPMTao) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)
- func (tt *TPMTao) Seal(data []byte, policy string) (sealed []byte, err error)
- func (tt *TPMTao) Unseal(sealed []byte) (data []byte, policy string, err error)
- type Tao
- type TrivialGuard
- func (t TrivialGuard) AddRule(rule string) error
- func (t TrivialGuard) Authorize(name auth.Prin, op string, args []string) error
- func (t TrivialGuard) Clear() error
- func (t TrivialGuard) GetRule(i int) string
- func (t TrivialGuard) IsAuthorized(name auth.Prin, op string, args []string) bool
- func (t TrivialGuard) Query(query string) (bool, error)
- func (t TrivialGuard) Retract(name auth.Prin, op string, args []string) error
- func (t TrivialGuard) RetractRule(rule string) error
- func (t TrivialGuard) RuleCount() int
- func (t TrivialGuard) RuleDebugString(i int) string
- func (t TrivialGuard) Save(key *Signer) error
- func (t TrivialGuard) String() string
- func (t TrivialGuard) Subprincipal() auth.SubPrin
- type Verifier
- func (v *Verifier) CanonicalKeyBytesFromVerifier() ([]byte, error)
- func (v *Verifier) GetVerifierPublicKey() crypto.PublicKey
- func (v *Verifier) KeyEqual(cert *x509.Certificate) bool
- func (v *Verifier) MarshalKey() []byte
- func (v *Verifier) SignsForPrincipal(prin auth.Prin) bool
- func (v *Verifier) ToPrincipal() auth.Prin
- func (v *Verifier) UniversalKeyNameFromVerifier() ([]byte, error)
- func (v *Verifier) Verify(data []byte, context string, sig []byte) (bool, error)
- type VmConfig
- type X509Details
- func (*X509Details) Descriptor() ([]byte, []int)
- func (m *X509Details) GetCommonName() string
- func (m *X509Details) GetCountry() string
- func (m *X509Details) GetOrganization() string
- func (m *X509Details) GetOrganizationalUnit() string
- func (m *X509Details) GetSerialNumber() int32
- func (m *X509Details) GetState() string
- func (*X509Details) ProtoMessage()
- func (m *X509Details) Reset()
- func (m *X509Details) String() string
Constants ¶
const ( HostTypeEnvVar = "CLOUDPROXY_TAO_HOST_TYPE" HostSpecEnvVar = "CLOUDPROXY_TAO_HOST_SPEC" HostChannelTypeEnvVar = "CLOUDPROXY_TAO_HOST_CHANNEL_TYPE" HostedTypeEnvVar = "CLOUDPROXY_TAO_HOSTED_TYPE" TaoTPMPCRsEnvVar = "CLOUDPROXY_TAO_TPM_PCRS" TaoTPMAIKEnvVar = "CLOUDPROXY_TAO_TPM_AIK" TaoTPMDeviceEnvVar = "CLOUDPROXY_TAO_TPM_DEVICE" SealPolicyDefault = "self" SealPolicyConservative = "few" SealPolicyLiberal = "any" AttestationSigningContext = "Tao Attestation Signing Context V1" )
Constants used by the Tao implementations for policy, signing contexts, and environment variables.
const ( Basic128BitCipherSuite = "sign:ecdsap256,crypt:aes128-ctr-hmacsha256,derive:hdkf-sha256" Basic192BitCipherSuite = "sign:ecdsap384,crypt:aes256-ctr-hmacsha384,derive:hdkf-sha256" Basic256BitCipherSuite = "sign:ecdsap521,crypt:aes256-ctr-hmacsha512,derive:hdkf-sha256" )
Crypto Suite
Each Library is associated with exactly one cipher suite that describes seal/unseal, hmac, public key and key derivation algorithms. The original default was AES-128-CTR-ECC-P256-SHA-256-HMAC-SHA-256.
Supported crypto suites
Basic256BitCipherSuite is the USG "Top Secret" suite. See https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm.
const ( X509VerifierPath = "cert" PBEKeysetPath = "keys" PBESignerPath = "signer" SealedKeysetPath = "sealed_keyset" PlaintextKeysetPath = "plaintext_keyset" )
The paths to the filename used by the Keys type.
const ACLGuardSigningContext = "tao.ACLGuard Version 1"
ACLGuardSigningContext is the context used for ACL-file signatures.
const (
DatalogRulesSigningContext = "Datalog Rules Signing Context V1"
)
Signing context for signatures on a set of Tao datalog rules.
Variables ¶
var CAType_name = map[int32]string{
0: "ERROR",
1: "ATTESTATION",
2: "DATALOG_POLICY",
3: "ACL_POLICY",
4: "UNDEFINED",
}
var CAType_value = map[string]int32{
"ERROR": 0,
"ATTESTATION": 1,
"DATALOG_POLICY": 2,
"ACL_POLICY": 3,
"UNDEFINED": 4,
}
var CryptoVersion_name = map[int32]string{
1: "CRYPTO_VERSION_1",
2: "CRYPTO_VERSION_2",
}
var CryptoVersion_value = map[string]int32{
"CRYPTO_VERSION_1": 1,
"CRYPTO_VERSION_2": 2,
}
var ErrMalformedResponse = errors.New("taorpc: malformed response")
An ErrMalformedResponse is returned as an error for an invalid response.
var HostTaoTypeMap = map[string]HostTaoType{ "none": NoHost, "root": Root, "stacked": Stacked, }
HostTaoTypeMap maps strings to the type of a host Tao.
var HostedProgramTypeMap = map[string]HostedProgramType{ "none": NoHostedPrograms, "process": ProcessPipe, "docker": DockerUnix, "kvm_coreos": KVMCoreOSFile, "kvm_custom": KVMCustom, }
HostedProgramTypeMap maps strings to the type of a hosted program.
var TaoCryptoSuite = Basic128BitCipherSuite
The following variable selects the cipher suite.
Functions ¶
func AddEndorsements ¶
func AddEndorsements(guard Guard, a *Attestation, v *Verifier) error
AddEndorsements reads the SerializedEndorsements in an attestation and adds the ones that are predicates signed by a guard's policy key.
func CipherTypeFromSuiteName ¶
func CleanUpTPMTao ¶
func CleanUpTPMTao(tt *TPMTao)
CleanUpTPMTao runs the finalizer for TPMTao early then unsets it so it doesn't run later. Normal code will only create one instance of TPMTao, so the finalizer will work correctly. But this test code creates multiple such instances, so it needs to call the finalizer early.
func CloudConfigFromSSHKeys ¶
CloudConfigFromSSHKeys converts an ssh authorized-keys file into a format that can be used by CoreOS to authorize incoming SSH connections over the Plan9P-mounted filesystem it uses. This also adds the SSH key used by the factory to configure the virtual machine.
func DecodeTwoBytes ¶
func DeserializeEcdsaPrivateComponents ¶
func DeserializeEcdsaPrivateComponents(keyBytes []byte) (*ecdsa.PrivateKey, error)
func DeserializeEcdsaPublicComponents ¶
func DeserializeEcdsaPublicComponents(keyBytes []byte) (crypto.PrivateKey, error)
func DeserializeRsaPrivateComponents ¶
func DeserializeRsaPrivateComponents(keyComponents [][]byte, rsaKey *rsa.PrivateKey) error
func Dial ¶
Dial connects to a Tao TLS server, performs a TLS handshake, and verifies the Attestation value of the server, checking that the server is authorized to execute. If keys are provided (keys!=nil), then it sends an attestation of its identity to the peer.
func DialTLSWithKeys ¶
DialTLSWithKeys connects to a TLS server using an existing set of keys.
func DialWithNewX509 ¶
DialWithNewX509 connects to a Tao TLS server, performs a TLS handshake, and exchanges Attestation values with the server, checking that this is a Tao server that is authorized to Execute. It uses a Tao Guard to perform this check.
func EncodeTLSCert ¶
func EncodeTLSCert(keys *Keys) (*tls.Certificate, error)
EncodeTLSCert combines a signing key and a certificate in a single tls certificate suitable for a TLS config.
func EncodeTwoBytes ¶
func FinalizeTPM2Tao ¶
func FinalizeTPM2Tao(tt *TPM2Tao)
FinalizeTPM2Tao releases the resources for the TPM2Tao.
func FinalizeTPMTao ¶
func FinalizeTPMTao(tt *TPMTao)
FinalizeTPMTao releases the resources for the TPMTao.
func FormatCoreOSSubprin ¶
FormatCoreOSSubprin produces a string that represents a subprincipal with the given ID and hash.
func FormatCustomVmSubprin ¶
FormatCustomVmSubprin produces a subprincipal with the given ID and hash.
func FormatDockerSubprin ¶
FormatDockerSubprin produces a string that represents a subprincipal with the given ID and hash.
func FormatLinuxHostSubprin ¶
FormatLinuxHostSubprin produces a string that represents a subprincipal with the given ID and hash.
func FormatProcessSubprin ¶
FormatProcessSubprin produces a string that represents a subprincipal with the given ID and hash.
func HandleCARequest ¶
HandleCARequest checks a request from a program and responds with a truncated delegation signed by the policy key.
func HandleEndorsement ¶
func HandlePolicyKey ¶
func HandleQuote ¶
func HandleQuote(network, addr, pass, path string, details X509Details) error
TODO: probably receive a kill channel to kill this function..
func HashTypeFromSuiteName ¶
func HmacTypeFromSuiteName ¶
func IdenticalDelegations ¶
IdenticalDelegations checks to see if two Form values are Says and are identical delegations (i.e., the Message must be an auth.Speaksfor). This function is not in the auth package, since it's specific to a particular pattern.
func KeyComponentsFromSigner ¶
func Listen ¶
func Listen(network, laddr string, config *tls.Config, g Guard, v *Verifier, del *Attestation) (net.Listener, error)
Listen returns a new Tao-based net.Listener that uses the underlying crypto/tls net.Listener and a Guard to check whether or not connections are authorized.
func ListenAnonymous ¶
func ListenAnonymous(network, laddr string, config *tls.Config, g Guard, v *Verifier, del *Attestation) (net.Listener, error)
ListenAnonymous returns a new Tao-based net.Listener that does not require its peer to attest to its identity.
func MakeTPM2Prin ¶
func MakeTPMPrin ¶
func MarshalCryptoKey ¶
func MarshalKeys ¶
func MarshalKeyset ¶
func MarshalKeyset(cks *CryptoKeyset) ([]byte, error)
func MarshalSignerDER ¶
This code is duplicated in VerifierFromCanonicalBytes MarshalSignerDER serializes the signer to DER.
func NewAuthenticatedFileSocket ¶
func NewAuthenticatedFileSocket(sock *net.UnixListener) error
func PBEDecrypt ¶
PBEDecrypt decrypts ciphertext using a password to generate a key. Note that since this is for private program data, we don't try for compatibility with the C++ Tao version of the code.
func PBEEncrypt ¶
PBEEncrypt encrypts plaintext using a password to generate a key. Note that since this is for private program data, we don't try for compatibility with the C++ Tao version of the code.
func PrepareX509Template ¶
PrepareX509Template fills out an X.509 template for use in x509.CreateCertificate.
func PrintACLGuardDetails ¶
func PrintACLGuardDetails(x *ACLGuardDetails)
func PrintCryptoKey ¶
func PrintCryptoKey(cryptoKey *CryptoKey)
func PrintCryptoKeyHeader ¶
func PrintCryptoKeyHeader(header CryptoHeader)
func PrintDatalogGuardDetails ¶
func PrintDatalogGuardDetails(x *DatalogGuardDetails)
func PrintDomain ¶
func PrintDomain(d *Domain)
func PrintDomainConfig ¶
func PrintDomainConfig(cf *DomainConfig)
func PrintDomainDetails ¶
func PrintDomainDetails(x *DomainDetails)
func PrintPKIXName ¶
func PrintSealedData ¶
func PrintSealedData(d *RollbackSealedData)
func PrintTPM2Details ¶
func PrintTPM2Details(x *TPM2Details)
func PrintTPMDetails ¶
func PrintTPMDetails(x *TPMDetails)
func PrintX509Details ¶
func PrintX509Details(x *X509Details)
func PrivateKeyFromCryptoKey ¶
func PrivateKeyFromCryptoKey(k CryptoKey) (crypto.PrivateKey, error)
func ReadTPM2PCRs ¶
func ReadTPM2PCRs(rw io.ReadWriter, pcrNums []int) ([][]byte, error)
func SaveKeyset ¶
SaveKeyset serializes and saves a Keys object to disk in plaintext.
func SerializeEcdsaPrivateComponents ¶
func SerializeEcdsaPrivateComponents(ecKey *ecdsa.PrivateKey) ([]byte, error)
func SerializeRsaPrivateComponents ¶
func SerializeRsaPrivateComponents(rsaKey *rsa.PrivateKey) ([][]byte, error)
func SignerTypeFromSuiteName ¶
func Tpm2ClientDecodeServerResponse ¶
func Tpm2ClientDecodeServerResponse(rw io.ReadWriter, protectorHandle tpm2.Handle, quoteHandle tpm2.Handle, password string, response tpm2.ProgramCertResponseMessage) ([]byte, error)
Output is der encoded Program Cert
func Tpm2ConstructClientRequest ¶
func Tpm2ConstructClientRequest(rw io.ReadWriter, derEkCert []byte, pcrs []int, qh tpm2.Handle, parentPassword string, ownerPassword string, keyName string) (*tpm2.ProgramCertRequestMessage, error)
Input: Der encoded endorsement cert and handles quote key is certified key unlike in the tpm2.go library Returns ProgramCertRequestMessage
func TruncateAttestation ¶
TruncateAttestation cuts off a delegation chain at its "Program" subprincipal extension and replaces its prefix with the given key principal. It also returns the PrinExt that represents exactly the program hash.
func UnmarshalKeyset ¶
func UnmarshalKeyset(buf []byte, cks *CryptoKeyset) error
func ValidatePeerAttestation ¶
func ValidatePeerAttestation(a *Attestation, cert *x509.Certificate, guard Guard) error
ValidatePeerAttestation checks a Attestation for a given Listener against an X.509 certificate from a TLS channel.
func WriteRollbackTable ¶
func WriteRollbackTable(rollBackTable *RollbackCounterTable, fileName string, tableKey []byte) bool
Write the counter table.
Types ¶
type ACLGuard ¶
type ACLGuard struct { Config ACLGuardDetails ACL []string Key *Verifier }
An ACLGuard is an implementation of tao.Guard that uses an ACL to make authorization decisions. All rules are immediately converted to strings when they are added, and they are never converted back to auth.ast form. Any policy that requires more than string comparison should use DatalogGuard.
func (*ACLGuard) AddRule ¶
AddRule adds a policy rule. Subclasses should support at least rules of the form: Authorized(P, op, args...). This is equivalent to calling Authorize(P, op, args...) with each of the arguments converted to either a string or integer.
func (*ACLGuard) Authorize ¶
Authorize adds an authorization for a principal to perform an operation.
func (*ACLGuard) GetSignedACLSet ¶
func (a *ACLGuard) GetSignedACLSet(signer *Signer) (*SignedACLSet, error)
GetSignedACLSet serializes and signs the ACL set and returns a SignedACLSet pointer.
func (*ACLGuard) IsAuthorized ¶
IsAuthorized checks whether a principal is authorized to perform an operation.
func (*ACLGuard) Query ¶
Query the policy. Implementations of this interface should support at least queries of the form: Authorized(P, op, args...).
func (*ACLGuard) Retract ¶
Retract removes an authorization for a principal to perform an operation, essentially reversing the effect of an Authorize() call with identical name, op, and args. Note: this reverses the effect of an Authorize() call with identical parameters of the equivalent AddRule() call. However, particularly when expressive policies are supported (e.g., an "authorize all" rule), other rules may still be in place authorizing the principal to perform the operation.
func (*ACLGuard) RetractRule ¶
RetractRule removes a rule previously added via AddRule() or the equivalent Authorize() call.
func (*ACLGuard) RuleDebugString ¶
RuleDebugString returns a debug string for the ith policy rule, if it exists.
func (*ACLGuard) Subprincipal ¶
Subprincipal returns a unique subprincipal for this policy.
type ACLGuardDetails ¶
type ACLGuardDetails struct { SignedAclsPath *string `protobuf:"bytes,1,opt,name=signed_acls_path,json=signedAclsPath" json:"signed_acls_path,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*ACLGuardDetails) Descriptor ¶
func (*ACLGuardDetails) Descriptor() ([]byte, []int)
func (*ACLGuardDetails) GetSignedAclsPath ¶
func (m *ACLGuardDetails) GetSignedAclsPath() string
func (*ACLGuardDetails) ProtoMessage ¶
func (*ACLGuardDetails) ProtoMessage()
func (*ACLGuardDetails) Reset ¶
func (m *ACLGuardDetails) Reset()
func (*ACLGuardDetails) String ¶
func (m *ACLGuardDetails) String() string
type ACLSet ¶
type ACLSet struct { Entries []string `protobuf:"bytes,1,rep,name=entries" json:"entries,omitempty"` XXX_unrecognized []byte `json:"-"` }
A set of ACL entries.
func RequestACLSet ¶
RequestACLSet requests the policy from a TaoCA running an ACLGuard. Verify the signature with the public policy key `v`.
func (*ACLSet) Descriptor ¶
func (*ACLSet) GetEntries ¶
func (*ACLSet) ProtoMessage ¶
func (*ACLSet) ProtoMessage()
type Attestation ¶
type Attestation struct { // A serialized statement. This is serialized to avoid canonicalization issues // when signing and verifying signatures. In Go, this is obtained using // cloudproxy/tao/auth.Marshal(). SerializedStatement []byte `protobuf:"bytes,1,req,name=serialized_statement,json=serializedStatement" json:"serialized_statement,omitempty"` // The signature type, either "tpm", "tpm2", or "key". This must match // the type of the signer key, and it is also used to determine how to verify // signatures. SignerType *string `protobuf:"bytes,2,req,name=signer_type,json=signerType" json:"signer_type,omitempty"` // The signer's public key, i.e. the un-hashed key material used within // cloudproxy/tao/auth.New*Prin(). SignerKey []byte `protobuf:"bytes,3,req,name=signer_key,json=signerKey" json:"signer_key,omitempty"` // Signature over the serialized statement using TPM or Tao signing. Signature []byte `protobuf:"bytes,4,req,name=signature" json:"signature,omitempty"` // A delegation attestation that conveys (eventually) that signer speaks for // the issuer in the serialized statement. If this is empty, then it must be // self evident that signer speaks for the issuer in the serialized statement. // This can be added, removed, or replaced without changing the attestation // signature, but verification may fail if a required delegation is missing. SerializedDelegation []byte `protobuf:"bytes,5,opt,name=serialized_delegation,json=serializedDelegation" json:"serialized_delegation,omitempty"` // An optional set of further attestations that may pertain, in some way, to // the the issuer or signer of this attestation. These can be added or removed // without changing the attestation signature. This allows attestations to be // piggy-backed, e.g. when an authorization guard requires multiple // attestations to check a policy. SerializedEndorsements [][]byte `protobuf:"bytes,6,rep,name=serialized_endorsements,json=serializedEndorsements" json:"serialized_endorsements,omitempty"` // This is the quote structure actually signed by the tpm 2.0. // TODO(kwalsh) remove this -- as for tpm1.2, the quote structure should be // recoverable from the principal names in the serialized statement. Tpm2QuoteStructure []byte `protobuf:"bytes,7,opt,name=tpm2_quote_structure,json=tpm2QuoteStructure" json:"tpm2_quote_structure,omitempty"` // This is a DER encoded X509 certificate certifying the key signing the // attestation. This is included in attestations signed by a root Tao // i.e. a TPM (1.2 or 2.0) Tao or a soft Tao, and forms the root of the // attestation chain. This certificate is signed by the policy key. RootEndorsement []byte `protobuf:"bytes,8,opt,name=root_endorsement,json=rootEndorsement" json:"root_endorsement,omitempty"` XXX_unrecognized []byte `json:"-"` }
An Attestation is a key, a signature, and a statement, and it conveys:
signer says statement
i.e.
signer says (issuer from time until exp says message)
A valid Attestation encodes a public key, and it carries a signature that anyone can verify to (eventually) conclude:
issuer from time' until exp' says message
Note: Because of time restrictions within attached delegations, restrictions time' and exp' here do not necessarily exactly match the restrictions time and exp on the original serialized statement. If the modified time restriction is met, then we can derive the same conclusion as we would for the included statement, e.g.:
delegate speaksfor issuer (for a delegation statement)
or:
issuer says Pred(arg_1, ..., arg_n) (for a predicate statement)
That is to say, a valid Attestation that meets its time restriction conveys exactly the same meaning as conveyed by the included statement.
There are two categories of valid Attestations:
(1) In cases where issuer is a subprincipal of (or identical to) signer, no delegation will be present. In these cases, signer speaksfor issuer, so from the attestation:
signer says (issuer says ...)
we can derive:
issuer says (issuer says ...)
and further:
issuer says ...
Example of a category (1) attestation:
Attestation = { statement = "H_aik.PCRs(...) says (H_os speaksfor H_aik.PCRs(...))" signer = K_aik signature = ... delegation = nil }
Here, an OS has published a delegation statement establishing that key K_os speaks for the OS, and this statement was signed by the TPM K_aik on behalf of the OS. Note that the OS is a subprincipal of the TPM, so the TPM speaks for the OS.
(2) In all other cases, a delegation will be present that, if valid, conveys:
issuer0 from time0 until exp0 says (delegate speaksfor issuer0)
where issuer is a subprincipal of (or identical to) issuer0 and delegate is a subprincipal of (or identical to) signer. Such a valid delegation can be combined with:
signer says (issuer from time until exp says ...)
to derive:
issuer0 from time0 until exp0 says (issuer from time until exp says ...)
And because issuer0 speaks for issuer, we can further derive:
issuer from time' until exp' says ...
where time' = max(time, time0) and exp = min(exp, exp0).
Example of a category (2) attestation:
Attestation = { statement = "H_aik.PCRs(...).Prog(...) says H_app speaksfor H_aik.PCRs(...).Prog(...)" signer = K_os signature = ... delegation = { statement = H_aik.PCRs(...) says H_os speaksfor H_aik.PCRs(...) signer = K_aik signature = ... delegation = nil } }
Here, the OS identified by H_aik.PCRs(...) has signed, using a seemingly unrelated key K_os, a statement on behalf of one of its hosted programs, H_aik.PCRs(...).Prog(...). The embedded delegation statement, signed by K_aik, binds that seemingly unrelated key K_os to the OS's actual identity, H_aik.PCRs(...).
Verifying an attestation signature requires knowing how the signature was produced. We currently define two signature schemes:
TODO(kwalsh): add tpm2 signature scheme here and in attestation.go
(a) Some signatures are produced by the TPM, so here we are bound by the mechanisms implemented by the TPM. In this case, we encode the signer name as
tpm("..H..") where "..H.." is the hashed, serialized public half
of the TPM's RSA key K. The TPM only ever signs things on behalf of its hosted programs, so the issuer used in the serialized statement will always have the form:
tpm("..H..").PCRs("..i..", "..h..")...
where "..i.." is a sorted, comma-separated list of PCR numbers, and "..h.." is the corresponding, comma-separated list of hex-encoded PCR values. The signature is computed roughly as:
sig = rsa_sign(K, H( H(message) | pcrbuf(i, h) ))
Here, we first hash the statement in a tpm-specific way, then sign the hash with RSA key K. To obtain the statement hash, first hash the serialized statement, including issuer, time, expiration and other information. This intermediate hash is then re-hashed with a tpm-specific encoding of the PCR numbers ("..i..") and values ("..h..") extracted from issuer.
Note: The PCR values are effectively hashed twice, once as part of statement, and separately as part of the pcrbuf datastructure. See optimization note below.
(b) Other signatures are produced in software, and here we have flexibility to use simpler signature schemes. In this case, we encode the signer name as
key("..H..") where "..H.." is the hashed, serialized public half
of a DSA key K. The issuer used in the serialized statement can have any form. The signature is roughly:
sig = dsa_sign(K, H(context|message))
Here, we simply hash the serialized statement, along with some context, then sign it with the private DSA key K. The context used for attestations is defined in Tao.AttestationSigningContext.
Together, this results in four possible combinations:
(1a) No delegation, Tao signature.
Historical note: This is the old "ROOT" attestation type. Typically exaample: signer is the "domain policy" key. The signer is always key("..H..").
(1b) No delegation, TPM signature.
This is produced by tpm_tao. The signer is always tpm("..H..") and the statement issuer is always a tpm("..H..").PCRs("..i..", "..h..")... principal.
(2a) Delegation, Tao signature.
Historical note: This is the old "INTERMEDIATE" attestation type. The signer is always key("..H.."). The delegation is the head of a chain that eventually terminates in a type (1a) or (1b) attestation.
(2b) Delegation, TPM signature.
Historical note: This is the old "TPM_1_2_QUOTE" attestation type. This combination is no longer used. If it were, the signer would be tpm("..H..") and the statement issuer would be something like H_policy.TrustedPlatform. The delegation would be the head of a chain that eventually terminates in a type (1a) or (1b) attestation. The issuer at the head of the chain would always be a tpm("..H..").PCRs("..i..", "..h..") principal.
func GenerateAttestation ¶
GenerateAttestation uses the signing key to generate an attestation for this statement.
func RequestAttestation ¶
func RequestAttestation(network, addr string, keys *Keys, v *Verifier) (*Attestation, error)
RequestAttestation connects to a CA and gets an attestation back from it. This might be a truncated attestation (in which case, the right next step is to verify the truncated attesation, as in RequestTruncatedAttestation), or it might be some other kind of attestation (like a KeyNegoServer attestation, which provides a policy-key-signed X.509 certificate for the auth name of this program).
func RequestTruncatedAttestation ¶
func RequestTruncatedAttestation(network, addr string, keys *Keys, v *Verifier) (*Attestation, error)
RequestTruncatedAttestation connects to a CA instance, sends the attestation for an X.509 certificate, and gets back a truncated attestation with a new principal name based on the policy key.
func (*Attestation) Descriptor ¶
func (*Attestation) Descriptor() ([]byte, []int)
func (*Attestation) GetRootEndorsement ¶
func (m *Attestation) GetRootEndorsement() []byte
func (*Attestation) GetSerializedDelegation ¶
func (m *Attestation) GetSerializedDelegation() []byte
func (*Attestation) GetSerializedEndorsements ¶
func (m *Attestation) GetSerializedEndorsements() [][]byte
func (*Attestation) GetSerializedStatement ¶
func (m *Attestation) GetSerializedStatement() []byte
func (*Attestation) GetSignature ¶
func (m *Attestation) GetSignature() []byte
func (*Attestation) GetSignerKey ¶
func (m *Attestation) GetSignerKey() []byte
func (*Attestation) GetSignerType ¶
func (m *Attestation) GetSignerType() string
func (*Attestation) GetTpm2QuoteStructure ¶
func (m *Attestation) GetTpm2QuoteStructure() []byte
func (*Attestation) ProtoMessage ¶
func (*Attestation) ProtoMessage()
func (*Attestation) Reset ¶
func (m *Attestation) Reset()
func (*Attestation) String ¶
func (m *Attestation) String() string
func (*Attestation) ValidSigner ¶
func (a *Attestation) ValidSigner() (auth.Prin, error)
ValidSigner checks the signature on an attestation and, if so, returns the principal name for the signer.
type CARequest ¶
type CARequest struct { Type *CAType `protobuf:"varint,1,req,name=type,enum=tao.CAType" json:"type,omitempty"` Attestation *Attestation `protobuf:"bytes,2,opt,name=attestation" json:"attestation,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*CARequest) Descriptor ¶
func (*CARequest) GetAttestation ¶
func (m *CARequest) GetAttestation() *Attestation
func (*CARequest) ProtoMessage ¶
func (*CARequest) ProtoMessage()
type CAResponse ¶
type CAResponse struct { Type *CAType `protobuf:"varint,1,req,name=type,enum=tao.CAType" json:"type,omitempty"` Attestation *Attestation `protobuf:"bytes,2,opt,name=attestation" json:"attestation,omitempty"` SignedDatalogRules *SignedDatalogRules `protobuf:"bytes,3,opt,name=signed_datalog_rules" json:"signed_datalog_rules,omitempty"` SignedAclSet *SignedACLSet `protobuf:"bytes,4,opt,name=signed_acl_set" json:"signed_acl_set,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*CAResponse) Descriptor ¶
func (*CAResponse) Descriptor() ([]byte, []int)
func (*CAResponse) GetAttestation ¶
func (m *CAResponse) GetAttestation() *Attestation
func (*CAResponse) GetSignedAclSet ¶
func (m *CAResponse) GetSignedAclSet() *SignedACLSet
func (*CAResponse) GetSignedDatalogRules ¶
func (m *CAResponse) GetSignedDatalogRules() *SignedDatalogRules
func (*CAResponse) GetType ¶
func (m *CAResponse) GetType() CAType
func (*CAResponse) ProtoMessage ¶
func (*CAResponse) ProtoMessage()
func (*CAResponse) Reset ¶
func (m *CAResponse) Reset()
func (*CAResponse) String ¶
func (m *CAResponse) String() string
type CachedGuard ¶
type CachedGuard struct {
// contains filtered or unexported fields
}
CachedGuard implements the Guard interface on behalf of a remote guard. When the interface is queried, the cached guard checks if it has an up-to-date version of the policy. If it doesn't, it creates a connection to a TaoCA, requests the policy rules, and instantiates a new guard.
func NewCachedGuard ¶
func NewCachedGuard(vfy *Verifier, t CachedGuardType, network, addr string, ttl int64) *CachedGuard
NewCachedGuard returns a new CachedGuard.
func (*CachedGuard) AddRule ¶
func (cg *CachedGuard) AddRule(rule string) error
AddRule is not allowed for cached guards.
func (*CachedGuard) Authorize ¶
Authorize is not allowed for cached guards, since it doesn't have the private policy key.
func (*CachedGuard) Clear ¶
func (cg *CachedGuard) Clear() error
Clear deletes the guard. This will cause a Reload() the next time the guard is queried.
func (*CachedGuard) GetRule ¶
func (cg *CachedGuard) GetRule(i int) string
GetRule returns a string representation of the i-th rule in the policy.
func (*CachedGuard) IsAuthorized ¶
IsAuthorized checks if the principal `name` is authorized to perform `op` on `args`.
func (*CachedGuard) IsExpired ¶
func (cg *CachedGuard) IsExpired() bool
IsExpired checks if the cached policy is out of date.
func (*CachedGuard) Query ¶
func (cg *CachedGuard) Query(query string) (bool, error)
Query the policy.
func (*CachedGuard) Reload ¶
func (cg *CachedGuard) Reload() error
Reload requests the policy from the remote TaoCA and instantiates a new guard.
func (*CachedGuard) RetractRule ¶
func (cg *CachedGuard) RetractRule(rule string) error
RetractRule is not allowed for cached guards.
func (*CachedGuard) RuleCount ¶
func (cg *CachedGuard) RuleCount() int
RuleCount returns the number of rules in the policy.
func (*CachedGuard) RuleDebugString ¶
func (cg *CachedGuard) RuleDebugString(i int) string
RuleDebugString returns a verbose string representation of the i-th rule in the policy useful for debugging.
func (*CachedGuard) Save ¶
func (cg *CachedGuard) Save(key *Signer) error
Save stores the cached policy to disk.
func (*CachedGuard) String ¶
func (cg *CachedGuard) String() string
String returns a string representation of the guard.
func (*CachedGuard) Subprincipal ¶
func (cg *CachedGuard) Subprincipal() auth.SubPrin
Subprincipal returns a Subprin for the guard.
type CachedGuardType ¶
type CachedGuardType int
CachedGuardType specifies the type of guard being cached.
const ( Datalog CachedGuardType = 1 << iota ACLs )
There should be a type for all non-trivial gaurds.
type Config ¶
type Config struct { HostType HostTaoType HostChannelType string HostSpec string HostedType HostedProgramType // Variables for the TPM configuration TPMAIKPath string TPMAIKCertPath string TPMPCRs string TPMDevice string TPM2InfoDir string TPM2PCRs string TPM2Device string TPM2EkCert string TPM2QuoteCert string TPM2SealCert string }
A Config stores the information about the Tao, its Host Tao, and the way it creates Hosted Programs.
func NewConfigFromEnv ¶
func NewConfigFromEnv() Config
NewConfigFromEnv creates a Config using values drawn from environment variables.
func NewConfigFromString ¶
NewConfigFromString creates a new Config using strings representing the options.
func (*Config) Merge ¶
Merge combines two Config values into one. The parameter value take precendence over the existing values unless an incoming value is NoHost, NoChannel, or NoHostedPrograms. This is used to merge a config taken from the environment with a config specified explicitly on the command line. The latter takes precedence where it is explicitly given.
type ContextualizedData ¶
type ContextualizedData struct { Context *string `protobuf:"bytes,1,req,name=context" json:"context,omitempty"` Data []byte `protobuf:"bytes,2,req,name=data" json:"data,omitempty"` XXX_unrecognized []byte `json:"-"` }
Contextualized protobuf. SECURITY WARNING: Always choose a unique context for each unique type of message. One easy way to do this is to number the messages in a protocol and make the context "ProtocolName Message Y: ProtobufName Version X" Marshaled representation of this is the data that is signed.
func (*ContextualizedData) Descriptor ¶
func (*ContextualizedData) Descriptor() ([]byte, []int)
func (*ContextualizedData) GetContext ¶
func (m *ContextualizedData) GetContext() string
func (*ContextualizedData) GetData ¶
func (m *ContextualizedData) GetData() []byte
func (*ContextualizedData) ProtoMessage ¶
func (*ContextualizedData) ProtoMessage()
func (*ContextualizedData) Reset ¶
func (m *ContextualizedData) Reset()
func (*ContextualizedData) String ¶
func (m *ContextualizedData) String() string
type CoreOSConfig ¶
type CoreOSConfig struct { Name string ImageFile string Memory int RulesPath string SSHKeysCfg string SocketPath string }
A CoreOSConfig contains the details needed to start a new CoreOS VM.
type Crypter ¶
type Crypter struct { Header *CryptoHeader EncryptingKeyBytes []byte HmacKeyBytes []byte }
A Crypter is used to encrypt and decrypt data.
func CrypterFromCryptoKey ¶
func GenerateAnonymousCrypter ¶
func GenerateAnonymousCrypter() *Crypter
func InitializeCrypter ¶
func InitializeCrypter(marshaledCryptoKey []byte, keyType string, keyName *string, keyEpoch *int32, keyPurpose *string, keyStatus *string) (*Crypter, error)
Generate or restore a crypter. InitializeCrypter uses marshaledCryptoKey to restore a signer from a serialized CryptoKey if it's not nil; otherwise it generates one. If generated, the remainder of the arguments are used as parameters; otherwise they are ignored.
type CryptoHeader ¶
type CryptoHeader struct { Version *CryptoVersion `protobuf:"varint,1,req,name=version,enum=tao.CryptoVersion" json:"version,omitempty"` KeyName *string `protobuf:"bytes,2,opt,name=key_name,json=keyName" json:"key_name,omitempty"` KeyEpoch *int32 `protobuf:"varint,3,opt,name=key_epoch,json=keyEpoch" json:"key_epoch,omitempty"` KeyType *string `protobuf:"bytes,4,opt,name=key_type,json=keyType" json:"key_type,omitempty"` KeyPurpose *string `protobuf:"bytes,5,opt,name=key_purpose,json=keyPurpose" json:"key_purpose,omitempty"` KeyStatus *string `protobuf:"bytes,6,opt,name=key_status,json=keyStatus" json:"key_status,omitempty"` XXX_unrecognized []byte `json:"-"` }
CryptoHeader has been changed to include: key_name, key_epoch, key_type, key_purpose, key_status (all strings). key_epoch is monotonically increasing integer key_status: "primary," "pre-primary", "post-primary," "inactive," "revoked" key_types:
"aes-128-raw", "aes-256-raw", "aes128-ctr", "aes256-ctr", "aes128-ctr-hmacsha256", "aes256-ctr-hmacsha256", "hmacsha256", "hmacsha384", "hmacsha512", "rsa1024", "rsa2048", "rsa3072" "ecdsap256", "ecdsap384", "ecdsap384", "rsa1024-public", "rsa2048-public", "rsa3072-public" "ecdsap256-public", "ecdsap384-public" "hdkf-sha256"
key_purpose: "verifying", "signing", "crypting", "deriving", "sealing"
func (*CryptoHeader) Descriptor ¶
func (*CryptoHeader) Descriptor() ([]byte, []int)
func (*CryptoHeader) GetKeyEpoch ¶
func (m *CryptoHeader) GetKeyEpoch() int32
func (*CryptoHeader) GetKeyName ¶
func (m *CryptoHeader) GetKeyName() string
func (*CryptoHeader) GetKeyPurpose ¶
func (m *CryptoHeader) GetKeyPurpose() string
func (*CryptoHeader) GetKeyStatus ¶
func (m *CryptoHeader) GetKeyStatus() string
func (*CryptoHeader) GetKeyType ¶
func (m *CryptoHeader) GetKeyType() string
func (*CryptoHeader) GetVersion ¶
func (m *CryptoHeader) GetVersion() CryptoVersion
func (*CryptoHeader) ProtoMessage ¶
func (*CryptoHeader) ProtoMessage()
func (*CryptoHeader) Reset ¶
func (m *CryptoHeader) Reset()
func (*CryptoHeader) String ¶
func (m *CryptoHeader) String() string
type CryptoKey ¶
type CryptoKey struct { KeyHeader *CryptoHeader `protobuf:"bytes,1,req,name=key_header,json=keyHeader" json:"key_header,omitempty"` KeyComponents [][]byte `protobuf:"bytes,2,rep,name=key_components,json=keyComponents" json:"key_components,omitempty"` XXX_unrecognized []byte `json:"-"` }
CryptoKey
func CryptoKeyFromCrypter ¶
func CryptoKeyFromDeriver ¶
func CryptoKeyFromSigner ¶
func CryptoKeyFromVerifier ¶
func GenerateCryptoKey ¶
func UnmarshalCryptoKey ¶
func (*CryptoKey) Descriptor ¶
func (*CryptoKey) GetKeyComponents ¶
func (*CryptoKey) GetKeyHeader ¶
func (m *CryptoKey) GetKeyHeader() *CryptoHeader
func (*CryptoKey) ProtoMessage ¶
func (*CryptoKey) ProtoMessage()
type CryptoKeyset ¶
type CryptoKeyset struct { Keys [][]byte `protobuf:"bytes,1,rep,name=keys" json:"keys,omitempty"` // Cert for Signing Key Cert []byte `protobuf:"bytes,2,opt,name=cert" json:"cert,omitempty"` Delegation *Attestation `protobuf:"bytes,3,opt,name=delegation" json:"delegation,omitempty"` // certs supporting cert from cert signer to authority. CertChain [][]byte `protobuf:"bytes,4,rep,name=cert_chain,json=certChain" json:"cert_chain,omitempty"` XXX_unrecognized []byte `json:"-"` }
func CryptoKeysetFromKeys ¶
func CryptoKeysetFromKeys(k *Keys) (*CryptoKeyset, error)
Encodes Keys to Cryptokeyset
func (*CryptoKeyset) Descriptor ¶
func (*CryptoKeyset) Descriptor() ([]byte, []int)
func (*CryptoKeyset) GetCert ¶
func (m *CryptoKeyset) GetCert() []byte
func (*CryptoKeyset) GetCertChain ¶
func (m *CryptoKeyset) GetCertChain() [][]byte
func (*CryptoKeyset) GetDelegation ¶
func (m *CryptoKeyset) GetDelegation() *Attestation
func (*CryptoKeyset) GetKeys ¶
func (m *CryptoKeyset) GetKeys() [][]byte
func (*CryptoKeyset) ProtoMessage ¶
func (*CryptoKeyset) ProtoMessage()
func (*CryptoKeyset) Reset ¶
func (m *CryptoKeyset) Reset()
func (*CryptoKeyset) String ¶
func (m *CryptoKeyset) String() string
type CryptoVersion ¶
type CryptoVersion int32
const ( CryptoVersion_CRYPTO_VERSION_1 CryptoVersion = 1 CryptoVersion_CRYPTO_VERSION_2 CryptoVersion = 2 )
func (CryptoVersion) Enum ¶
func (x CryptoVersion) Enum() *CryptoVersion
func (CryptoVersion) EnumDescriptor ¶
func (CryptoVersion) EnumDescriptor() ([]byte, []int)
func (CryptoVersion) String ¶
func (x CryptoVersion) String() string
func (*CryptoVersion) UnmarshalJSON ¶
func (x *CryptoVersion) UnmarshalJSON(data []byte) error
type DatalogGuard ¶
type DatalogGuard struct { Config DatalogGuardDetails Key *Verifier // contains filtered or unexported fields }
DatalogGuard implements a datalog-based policy engine. Rules in this engine have the form:
(forall X, Y, Z... : F implies G)
where
F is a predicate or a conjunction of predicates G is a predicate
All predicate arguments must be either concrete terms (Int, Str, Prin, etc.) or term-valued variables (TermVar) bound by the quantification. Any variable appearing in G must also appear in F. If there are no variables, the quantification can be omitted. The implication and its antecedent F can be omitted (in which case there can be no variables so the quantification must be omitted as well).
TODO(kwalsh) We could easily support a slightly broader class of formulas, e.g. by allowing G to be a conjunct of predicates, or by allowing a disjunction of conjunctions for F. Anything beyond that seems complicated.
Datalog translation ¶
We assume K speaksfor the guard, where K is the key used to sign the policy file. If there is no signing key, a temporary principal (with a bogus key) is used for K instead. All deduction takes place within the worldview of Guard. Other than this relationship between K and the guard, we don't model the says and speaksfor logic within datalog.
Term objects are usually translated to datalog by just printing them. In this case, a Prin object must not contain any TermVar objects. TermVar objects must be uppercase.
"Term says Pred(...)" is translated to "says(Term, \"Pred\", ...)".
"Pred(...)" alone is translated to "says(K, \"Pred\", ...)".
"forall ... F1 and F2 and ... imp G" is translated to "G :- F1, F2, ...". Not safe for concurrent use by goroutines.
func NewDatalogGuard ¶
func NewDatalogGuard(verifier *Verifier) *DatalogGuard
NewDatalogGuard returns a new datalog guard without configuring a rules file.
func NewDatalogGuardFromConfig ¶
func NewDatalogGuardFromConfig(verifier *Verifier, config DatalogGuardDetails) (*DatalogGuard, error)
NewDatalogGuardFromConfig returns a new datalog guard that uses a signed, persistent rule set. ReloadIfModified() should be called to load the rule set.
func (*DatalogGuard) AddRule ¶
func (g *DatalogGuard) AddRule(rule string) error
AddRule adds a policy rule.
func (*DatalogGuard) GetRule ¶
func (g *DatalogGuard) GetRule(i int) string
GetRule returns the ith policy rule, if it exists.
func (*DatalogGuard) GetSignedDatalogRules ¶
func (g *DatalogGuard) GetSignedDatalogRules(signer *Signer) (*SignedDatalogRules, error)
GetSignedDatalogRules serializes and signs the datalog rules and returns a SignedDatalogRules pointer.
func (*DatalogGuard) IsAuthorized ¶
IsAuthorized checks whether p is authorized to perform op(args).
func (*DatalogGuard) Query ¶
func (g *DatalogGuard) Query(query string) (bool, error)
Query the policy. Implementations of this interface should support at least queries of the form: Authorized(P, op, args...).
func (*DatalogGuard) ReloadIfModified ¶
func (g *DatalogGuard) ReloadIfModified() error
ReloadIfModified reads all persistent policy data from disk if the file timestamp is more recent than the last time it was read.
func (*DatalogGuard) RetractRule ¶
func (g *DatalogGuard) RetractRule(rule string) error
RetractRule removes a rule previously added via AddRule() or the equivalent Authorize() call.
func (*DatalogGuard) RuleCount ¶
func (g *DatalogGuard) RuleCount() int
RuleCount returns a count of the total number of rules.
func (*DatalogGuard) RuleDebugString ¶
func (g *DatalogGuard) RuleDebugString(i int) string
RuleDebugString returns a debug string for the ith policy rule, if it exists.
func (*DatalogGuard) Save ¶
func (g *DatalogGuard) Save(signer *Signer) error
Save writes all persistent policy data to disk, signed by key.
func (*DatalogGuard) String ¶
func (g *DatalogGuard) String() string
String returns a string suitable for showing users authorization info.
func (*DatalogGuard) Subprincipal ¶
func (g *DatalogGuard) Subprincipal() auth.SubPrin
Subprincipal returns subprincipal DatalogGuard, for temporary guards, or DatalogGuard(<key>) for persistent guards.
type DatalogGuardDetails ¶
type DatalogGuardDetails struct { SignedRulesPath *string `protobuf:"bytes,2,opt,name=signed_rules_path,json=signedRulesPath" json:"signed_rules_path,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*DatalogGuardDetails) Descriptor ¶
func (*DatalogGuardDetails) Descriptor() ([]byte, []int)
func (*DatalogGuardDetails) GetSignedRulesPath ¶
func (m *DatalogGuardDetails) GetSignedRulesPath() string
func (*DatalogGuardDetails) ProtoMessage ¶
func (*DatalogGuardDetails) ProtoMessage()
func (*DatalogGuardDetails) Reset ¶
func (m *DatalogGuardDetails) Reset()
func (*DatalogGuardDetails) String ¶
func (m *DatalogGuardDetails) String() string
type DatalogRules ¶
type DatalogRules struct { Rules [][]byte `protobuf:"bytes,1,rep,name=rules" json:"rules,omitempty"` XXX_unrecognized []byte `json:"-"` }
A set of rules.
func RequestDatalogRules ¶
func RequestDatalogRules(network, addr string, v *Verifier) (*DatalogRules, error)
RequestDatalogRules requests the policy from a TaoCA running a DatalogGuard. Verify the signature with the public policy key `v`.
func (*DatalogRules) Descriptor ¶
func (*DatalogRules) Descriptor() ([]byte, []int)
func (*DatalogRules) GetRules ¶
func (m *DatalogRules) GetRules() [][]byte
func (*DatalogRules) ProtoMessage ¶
func (*DatalogRules) ProtoMessage()
func (*DatalogRules) Reset ¶
func (m *DatalogRules) Reset()
func (*DatalogRules) String ¶
func (m *DatalogRules) String() string
type Deriver ¶
type Deriver struct { Header *CryptoHeader Secret []byte }
A Deriver is used to derive key material from a context using HKDF.
func DeriverFromCryptoKey ¶
func GenerateAnonymousDeriver ¶
func GenerateAnonymousDeriver() *Deriver
func InitializeDeriver ¶
func InitializeDeriver(marshaledCryptoKey []byte, keyType string, keyName *string, keyEpoch *int32, keyPurpose *string, keyStatus *string) (*Deriver, error)
Generate or restore a deriver. InitializeDeriver uses marshaledCryptoKey to restore a signer from a serialized CryptoKey if it's not nil; otherwise it generates one. If generated, the remainder of the arguments are used as parameters; otherwise they are ignored.
type DockerContainer ¶
type DockerContainer struct { // Hash of the docker image. Hash []byte // The factory responsible for the hosted process. Factory *LinuxDockerContainerFactory ImageName string SocketPath string CidfilePath string RulesPath string // The underlying docker process. Cmd *exec.Cmd // A channel to be signaled when the vm is done. Done chan bool // contains filtered or unexported fields }
A DockerContainer represents a hosted program running as a Docker container. It uses os/exec.Cmd and the `docker` program to send commands to the Docker daemon rather than using the docker client API directly. This is so that this code doesn't depend on the docker code for now.
func (*DockerContainer) Cleanup ¶
func (p *DockerContainer) Cleanup() error
func (*DockerContainer) ContainerName ¶
func (dc *DockerContainer) ContainerName() (string, error)
func (*DockerContainer) ExitStatus ¶
func (dc *DockerContainer) ExitStatus() (int, error)
ExitStatus returns an exit code for the container.
func (*DockerContainer) Kill ¶
func (dc *DockerContainer) Kill() error
Kill sends a SIGKILL signal to a docker container.
func (*DockerContainer) Pid ¶
func (dc *DockerContainer) Pid() int
Pid returns a numeric ID for this docker container.
func (*DockerContainer) Spec ¶
func (dc *DockerContainer) Spec() HostedProgramSpec
Spec returns the specification used to start the hosted docker container.
func (*DockerContainer) Start ¶
func (dc *DockerContainer) Start() (channel io.ReadWriteCloser, err error)
Start builds the docker container from the tar file and launches it.
func (*DockerContainer) StartDocker ¶
func (dc *DockerContainer) StartDocker() error
StartDocker starts a docker container using the docker run subcommand.
func (*DockerContainer) Stop ¶
func (dc *DockerContainer) Stop() error
Stop sends a SIGSTOP signal to a docker container.
func (*DockerContainer) Subprin ¶
func (dc *DockerContainer) Subprin() auth.SubPrin
Subprin returns the subprincipal representing the hosted docker container..
func (*DockerContainer) WaitChan ¶
func (dc *DockerContainer) WaitChan() <-chan bool
WaitChan returns a chan that will be signaled when the hosted vm is done.
type Domain ¶
type Domain struct { Config DomainConfig ConfigPath string Keys *Keys Guard Guard }
Domain manages domain-wide authorization policies and configuration for a single Tao administrative domain. Configuration includes a name, domain guard type, ACLs or other guard-specific policy data, and a key pair for signing policy data.
Except for a password used to encrypt the policy private key, top-level configuration data for Domain is stored in a text file, typically named "tao.config". This configuration file contains the locations of all other files and directories, e.g. configuration files for the domain guard. File and directory paths within the tao.config file are relative to the location of the tao.config file itself.
func CreateDomain ¶
func CreateDomain(cfg DomainConfig, configPath string, password []byte) (*Domain, error)
CreateDomain initializes a new Domain, writing its configuration files to a directory. This creates the directory if needed, creates a policy key pair (encrypted with the given password when stored on disk), and initializes a default guard of the appropriate type if needed. Any parameters left empty in cfg will be set to reasonable default values.
func LoadDomain ¶
LoadDomain initializes a Domain from an existing configuration file. If password is nil, the object will be "locked", meaning that the policy private signing key will not be available, new ACL entries or attestations can not be signed, etc. Otherwise, password will be used to unlock the policy private signing key.
func (*Domain) CreatePublicCachedDomain ¶
Create a public domain with a CachedGuard. TODO(cjpatton) create a net.Conn here. defer Close() somehow. Add new constructor from a net.Conn that doesn't save the domain to disk. Refactor Request's in ca.go to use already existing connection.
func (*Domain) ExtendTaoName ¶
ExtendTaoName uses a Domain's Verifying key to extend the Tao with a subprincipal PolicyKey([...]).
func (*Domain) RulesPath ¶
RulesPath returns the path that should be used for the rules/acls for a given domain. If the guard is not Datalog or ACLs, then it returns the empty string.
func (*Domain) Subprincipal ¶
Subprincipal returns a subprincipal suitable for contextualizing a program.
type DomainConfig ¶
type DomainConfig struct { DomainInfo *DomainDetails `protobuf:"bytes,1,opt,name=domain_info,json=domainInfo" json:"domain_info,omitempty"` X509Info *X509Details `protobuf:"bytes,2,opt,name=x509_info,json=x509Info" json:"x509_info,omitempty"` AclGuardInfo *ACLGuardDetails `protobuf:"bytes,3,opt,name=acl_guard_info,json=aclGuardInfo" json:"acl_guard_info,omitempty"` DatalogGuardInfo *DatalogGuardDetails `protobuf:"bytes,4,opt,name=datalog_guard_info,json=datalogGuardInfo" json:"datalog_guard_info,omitempty"` TpmInfo *TPMDetails `protobuf:"bytes,5,opt,name=tpm_info,json=tpmInfo" json:"tpm_info,omitempty"` Tpm2Info *TPM2Details `protobuf:"bytes,6,opt,name=tpm2_info,json=tpm2Info" json:"tpm2_info,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*DomainConfig) Descriptor ¶
func (*DomainConfig) Descriptor() ([]byte, []int)
func (*DomainConfig) GetAclGuardInfo ¶
func (m *DomainConfig) GetAclGuardInfo() *ACLGuardDetails
func (*DomainConfig) GetDatalogGuardInfo ¶
func (m *DomainConfig) GetDatalogGuardInfo() *DatalogGuardDetails
func (*DomainConfig) GetDomainInfo ¶
func (m *DomainConfig) GetDomainInfo() *DomainDetails
func (*DomainConfig) GetTpm2Info ¶
func (m *DomainConfig) GetTpm2Info() *TPM2Details
func (*DomainConfig) GetTpmInfo ¶
func (m *DomainConfig) GetTpmInfo() *TPMDetails
func (*DomainConfig) GetX509Info ¶
func (m *DomainConfig) GetX509Info() *X509Details
func (*DomainConfig) ProtoMessage ¶
func (*DomainConfig) ProtoMessage()
func (*DomainConfig) Reset ¶
func (m *DomainConfig) Reset()
func (*DomainConfig) SetDefaults ¶
func (cfg *DomainConfig) SetDefaults()
SetDefaults sets each blank field of cfg to a reasonable default value.
func (*DomainConfig) String ¶
func (m *DomainConfig) String() string
type DomainDetails ¶
type DomainDetails struct { // name of domain Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` PolicyKeysPath *string `protobuf:"bytes,2,opt,name=policy_keys_path,json=policyKeysPath" json:"policy_keys_path,omitempty"` GuardType *string `protobuf:"bytes,3,opt,name=guard_type,json=guardType" json:"guard_type,omitempty"` // ?? GuardNetwork *string `protobuf:"bytes,4,opt,name=guard_network,json=guardNetwork" json:"guard_network,omitempty"` GuardAddress *string `protobuf:"bytes,5,opt,name=guard_address,json=guardAddress" json:"guard_address,omitempty"` GuardTtl *int64 `protobuf:"varint,6,opt,name=guard_ttl,json=guardTtl" json:"guard_ttl,omitempty"` CipherSuite *string `protobuf:"bytes,7,opt,name=cipher_suite,json=cipherSuite" json:"cipher_suite,omitempty"` XXX_unrecognized []byte `json:"-"` }
TODO(jlm): Comments for arguments. Policy key should be compatible with library cipher suite.
func (*DomainDetails) Descriptor ¶
func (*DomainDetails) Descriptor() ([]byte, []int)
func (*DomainDetails) GetCipherSuite ¶
func (m *DomainDetails) GetCipherSuite() string
func (*DomainDetails) GetGuardAddress ¶
func (m *DomainDetails) GetGuardAddress() string
func (*DomainDetails) GetGuardNetwork ¶
func (m *DomainDetails) GetGuardNetwork() string
func (*DomainDetails) GetGuardTtl ¶
func (m *DomainDetails) GetGuardTtl() int64
func (*DomainDetails) GetGuardType ¶
func (m *DomainDetails) GetGuardType() string
func (*DomainDetails) GetName ¶
func (m *DomainDetails) GetName() string
func (*DomainDetails) GetPolicyKeysPath ¶
func (m *DomainDetails) GetPolicyKeysPath() string
func (*DomainDetails) ProtoMessage ¶
func (*DomainDetails) ProtoMessage()
func (*DomainDetails) Reset ¶
func (m *DomainDetails) Reset()
func (*DomainDetails) String ¶
func (m *DomainDetails) String() string
type DomainTemplate ¶
type DomainTemplate struct { Config *DomainConfig `protobuf:"bytes,1,opt,name=config" json:"config,omitempty"` DatalogRules []string `protobuf:"bytes,2,rep,name=datalog_rules,json=datalogRules" json:"datalog_rules,omitempty"` AclRules []string `protobuf:"bytes,3,rep,name=acl_rules,json=aclRules" json:"acl_rules,omitempty"` // The name of the host (used for policy statements) HostName *string `protobuf:"bytes,4,opt,name=host_name,json=hostName" json:"host_name,omitempty"` HostPredicateName *string `protobuf:"bytes,5,opt,name=host_predicate_name,json=hostPredicateName" json:"host_predicate_name,omitempty"` // Program names (as paths to binaries) ProgramPaths []string `protobuf:"bytes,6,rep,name=program_paths,json=programPaths" json:"program_paths,omitempty"` ProgramPredicateName *string `protobuf:"bytes,7,opt,name=program_predicate_name,json=programPredicateName" json:"program_predicate_name,omitempty"` // Container names (as paths to images) ContainerPaths []string `protobuf:"bytes,8,rep,name=container_paths,json=containerPaths" json:"container_paths,omitempty"` ContainerPredicateName *string `protobuf:"bytes,9,opt,name=container_predicate_name,json=containerPredicateName" json:"container_predicate_name,omitempty"` // VM names (as paths to images) VmPaths []string `protobuf:"bytes,10,rep,name=vm_paths,json=vmPaths" json:"vm_paths,omitempty"` VmPredicateName *string `protobuf:"bytes,11,opt,name=vm_predicate_name,json=vmPredicateName" json:"vm_predicate_name,omitempty"` // LinuxHost names (as paths to images) LinuxHostPaths []string `protobuf:"bytes,12,rep,name=linux_host_paths,json=linuxHostPaths" json:"linux_host_paths,omitempty"` LinuxHostPredicateName *string `protobuf:"bytes,13,opt,name=linux_host_predicate_name,json=linuxHostPredicateName" json:"linux_host_predicate_name,omitempty"` // The name of the predicate to use for trusted guards. GuardPredicateName *string `protobuf:"bytes,14,opt,name=guard_predicate_name,json=guardPredicateName" json:"guard_predicate_name,omitempty"` // The name of the predicate to use for trusted TPMs. TpmPredicateName *string `protobuf:"bytes,15,opt,name=tpm_predicate_name,json=tpmPredicateName" json:"tpm_predicate_name,omitempty"` // The name of the predicate to use for trusted OSs. OsPredicateName *string `protobuf:"bytes,16,opt,name=os_predicate_name,json=osPredicateName" json:"os_predicate_name,omitempty"` // The name of the predicate to use for trusted TPM2s. Tpm2PredicateName *string `protobuf:"bytes,17,opt,name=tpm2_predicate_name,json=tpm2PredicateName" json:"tpm2_predicate_name,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*DomainTemplate) Descriptor ¶
func (*DomainTemplate) Descriptor() ([]byte, []int)
func (*DomainTemplate) GetAclRules ¶
func (m *DomainTemplate) GetAclRules() []string
func (*DomainTemplate) GetConfig ¶
func (m *DomainTemplate) GetConfig() *DomainConfig
func (*DomainTemplate) GetContainerPaths ¶
func (m *DomainTemplate) GetContainerPaths() []string
func (*DomainTemplate) GetContainerPredicateName ¶
func (m *DomainTemplate) GetContainerPredicateName() string
func (*DomainTemplate) GetDatalogRules ¶
func (m *DomainTemplate) GetDatalogRules() []string
func (*DomainTemplate) GetGuardPredicateName ¶
func (m *DomainTemplate) GetGuardPredicateName() string
func (*DomainTemplate) GetHostName ¶
func (m *DomainTemplate) GetHostName() string
func (*DomainTemplate) GetHostPredicateName ¶
func (m *DomainTemplate) GetHostPredicateName() string
func (*DomainTemplate) GetLinuxHostPaths ¶
func (m *DomainTemplate) GetLinuxHostPaths() []string
func (*DomainTemplate) GetLinuxHostPredicateName ¶
func (m *DomainTemplate) GetLinuxHostPredicateName() string
func (*DomainTemplate) GetOsPredicateName ¶
func (m *DomainTemplate) GetOsPredicateName() string
func (*DomainTemplate) GetProgramPaths ¶
func (m *DomainTemplate) GetProgramPaths() []string
func (*DomainTemplate) GetProgramPredicateName ¶
func (m *DomainTemplate) GetProgramPredicateName() string
func (*DomainTemplate) GetTpm2PredicateName ¶
func (m *DomainTemplate) GetTpm2PredicateName() string
func (*DomainTemplate) GetTpmPredicateName ¶
func (m *DomainTemplate) GetTpmPredicateName() string
func (*DomainTemplate) GetVmPaths ¶
func (m *DomainTemplate) GetVmPaths() []string
func (*DomainTemplate) GetVmPredicateName ¶
func (m *DomainTemplate) GetVmPredicateName() string
func (*DomainTemplate) ProtoMessage ¶
func (*DomainTemplate) ProtoMessage()
func (*DomainTemplate) Reset ¶
func (m *DomainTemplate) Reset()
func (*DomainTemplate) String ¶
func (m *DomainTemplate) String() string
type EncryptedData ¶
type EncryptedData struct { Header *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"` Iv []byte `protobuf:"bytes,2,req,name=iv" json:"iv,omitempty"` Ciphertext []byte `protobuf:"bytes,3,req,name=ciphertext" json:"ciphertext,omitempty"` Mac []byte `protobuf:"bytes,4,opt,name=mac" json:"mac,omitempty"` XXX_unrecognized []byte `json:"-"` }
The result of encrypting.
func (*EncryptedData) Descriptor ¶
func (*EncryptedData) Descriptor() ([]byte, []int)
func (*EncryptedData) GetCiphertext ¶
func (m *EncryptedData) GetCiphertext() []byte
func (*EncryptedData) GetHeader ¶
func (m *EncryptedData) GetHeader() *CryptoHeader
func (*EncryptedData) GetIv ¶
func (m *EncryptedData) GetIv() []byte
func (*EncryptedData) GetMac ¶
func (m *EncryptedData) GetMac() []byte
func (*EncryptedData) ProtoMessage ¶
func (*EncryptedData) ProtoMessage()
func (*EncryptedData) Reset ¶
func (m *EncryptedData) Reset()
func (*EncryptedData) String ¶
func (m *EncryptedData) String() string
type EncryptionIntegrityPDU ¶
type EncryptionIntegrityPDU struct { Header *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"` Iv []byte `protobuf:"bytes,2,req,name=iv" json:"iv,omitempty"` Ciphertext []byte `protobuf:"bytes,3,req,name=ciphertext" json:"ciphertext,omitempty"` XXX_unrecognized []byte `json:"-"` }
A PDU to be serialized and signed for integrity-protection when using encryption modes (like AES CTR with HMAC-SHA) that require a separate MAC. Note: We actually just hmac the partially serialized EncryptedData message with all fields complete except the mac field.
func (*EncryptionIntegrityPDU) Descriptor ¶
func (*EncryptionIntegrityPDU) Descriptor() ([]byte, []int)
func (*EncryptionIntegrityPDU) GetCiphertext ¶
func (m *EncryptionIntegrityPDU) GetCiphertext() []byte
func (*EncryptionIntegrityPDU) GetHeader ¶
func (m *EncryptionIntegrityPDU) GetHeader() *CryptoHeader
func (*EncryptionIntegrityPDU) GetIv ¶
func (m *EncryptionIntegrityPDU) GetIv() []byte
func (*EncryptionIntegrityPDU) ProtoMessage ¶
func (*EncryptionIntegrityPDU) ProtoMessage()
func (*EncryptionIntegrityPDU) Reset ¶
func (m *EncryptionIntegrityPDU) Reset()
func (*EncryptionIntegrityPDU) String ¶
func (m *EncryptionIntegrityPDU) String() string
type Guard ¶
type Guard interface { // Subprincipal returns a unique subprincipal for this policy. Subprincipal() auth.SubPrin // Save writes all presistent policy data to disk, signed by key. Save(key *Signer) error // Authorize adds an authorization for a principal to perform an // operation. Authorize(name auth.Prin, op string, args []string) error // Retract removes an authorization for a principal to perform an // operation, essentially reversing the effect of an Authorize() call // with identical name, op, and args. Note: this reverses the effect of // an Authorize() call with identical parameters of the equivalent // AddRule() call. However, particularly when expressive policies are // supported (e.g., an "authorize all" rule), other rules may still be // in place authorizing the principal to perform the operation. Retract(name auth.Prin, op string, args []string) error // IsAuthorized checks whether a principal is authorized to perform an // operation. IsAuthorized(name auth.Prin, op string, args []string) bool // AddRule adds a policy rule. Subclasses should support at least rules // of the form: Authorized(P, op, args...). This is equivalent to // calling Authorize(P, op, args...) with each of the arguments // converted to either a string or integer. AddRule(rule string) error // RetractRule removes a rule previously added via AddRule() or the // equivalent Authorize() call. RetractRule(rule string) error // Clear removes all rules. Clear() error // Query the policy. Implementations of this interface should support // at least queries of the form: Authorized(P, op, args...). Query(query string) (bool, error) // RuleCount returns a count of the total number of rules. RuleCount() int // GetRule returns the ith policy rule, if it exists. GetRule(i int) string // RuleDebugString returns a debug string for the ith policy rule, if // it exists. RuleDebugString(i int) string // String returns a string suitable for showing users authorization // info. String() string }
Guard is an interface for evaluating policy decisions.
func LoadACLGuard ¶
func LoadACLGuard(key *Verifier, config ACLGuardDetails) (Guard, error)
LoadACLGuard restores a set of rules saved with Save. It replaces any rules in the ACLGuard with the rules it loaded. In the process, it also checks the signature created during the Save process.
func NewACLGuard ¶
func NewACLGuard(key *Verifier, config ACLGuardDetails) Guard
NewACLGuard produces a Guard implementation that implements ACLGuard.
func NewTemporaryDatalogGuard ¶
func NewTemporaryDatalogGuard() Guard
NewTemporaryDatalogGuard returns a new datalog guard with a fresh, unsigned, non-persistent rule set. It adds a custom predicate subprin(P, O, E) to check if a principal P is a subprincipal O.E.
type Host ¶
type Host interface { // GetRandomBytes returns a slice of n random bytes. GetRandomBytes(childSubprin auth.SubPrin, n int) (bytes []byte, err error) GetSharedSecret(tag string, n int) (bytes []byte, err error) // Attest requests the Tao host sign a statement on behalf of the caller. Attest(childSubprin auth.SubPrin, issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error) // Encrypt data so that only this host can access it. Encrypt(data []byte) (encrypted []byte, err error) // Decrypt data that only this host can access. Decrypt(encrypted []byte) (data []byte, err error) // Notify this Host that a new hosted program has been created. AddedHostedProgram(childSubprin auth.SubPrin) error // Notify this Host that a hosted program has been killed. RemovedHostedProgram(childSubprin auth.SubPrin) error // Get the Tao principal name assigned to this hosted Tao host. The // name encodes the full path from the root Tao, through all // intermediary Tao hosts, to this hosted Tao host. HostName() auth.Prin // InitCounter initializes a counter with given label. InitCounter(label string, c int64) error // GetCounter retrieves a counter with given label. GetCounter(label string) (int64, error) // RollbackProtectedSeal encrypts data under rollback protection // so only certain hosted programs can unseal it. RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error) // RollbackProtectedUnseal decrypts data under rollback protection. RollbackProtectedUnseal(sealed []byte) ([]byte, string, error) }
Host is a generic interface for a Tao host that can be configured and driven by a variety of host environments. Generally, the host environment is responsible for enforcing and managing policy, managing hosted programs (e.g. measuring, naming, starting, stopping), communication with hosted programs (e.g. channel creation, RPC reception), and other host-specific details.
Because the environment calls Host in response to requests from hosted processes invoking the Tao interface, several Host methods resemble methods in Tao. Semantics and method signatures differ slightly, however, since the environment can add context (e.g., the subprincipal name of the requesting child) or do part of the implementation (e.g., manage policy on seal/unseal).
func NewTaoStackedHost ¶
NewTaoStackedHost generates a new StackedHost with a fresh set of temporary keys.
type HostTaoType ¶
type HostTaoType int
The HostTaoType is the type of Tao (either a Root of trust, or Stacked on another Tao)
const ( NoHost HostTaoType = iota Root Stacked )
These constants represent the different types of configurations for the Tao.
type HostedProcess ¶
type HostedProcess struct { // The value to be used as argv[0] Argv0 string // A secured, private copy of the executable. Temppath string // A temporary directory for storing the temporary executable. Tempdir string // Hash of the executable. Hash []byte // The underlying process. Cmd exec.Cmd // The factory responsible for the hosted process. Factory *LinuxProcessFactory // A channel to be signaled when the process is done. Done chan bool // contains filtered or unexported fields }
A LinuxProcess represents a hosted program that executes as a linux process.
func (*HostedProcess) Cleanup ¶
func (p *HostedProcess) Cleanup() error
func (*HostedProcess) ExitStatus ¶
func (p *HostedProcess) ExitStatus() (int, error)
ExitStatus returns an exit code for the process.
func (*HostedProcess) Kill ¶
func (p *HostedProcess) Kill() error
Kill kills an os/exec.Cmd process.
func (*HostedProcess) Pid ¶
func (p *HostedProcess) Pid() int
Pid returns the pid of the underlying os/exec.Cmd instance.
func (*HostedProcess) Spec ¶
func (p *HostedProcess) Spec() HostedProgramSpec
Spec returns the specification used to start the hosted process.
func (*HostedProcess) Start ¶
func (p *HostedProcess) Start() (channel io.ReadWriteCloser, err error)
Start starts the the hosted process and returns a tao channel to it.
func (*HostedProcess) Stop ¶
func (p *HostedProcess) Stop() error
Stop tries to send SIGTERM to a process.
func (*HostedProcess) Subprin ¶
func (p *HostedProcess) Subprin() auth.SubPrin
Subprin returns the subprincipal representing the hosted process.
func (*HostedProcess) WaitChan ¶
func (p *HostedProcess) WaitChan() <-chan bool
WaitChan returns a chan that will be signaled when the hosted process is done.
type HostedProgram ¶
type HostedProgram interface { // Spec returns the specification used to start the hosted program. Spec() HostedProgramSpec // Subprin returns the subprincipal representing the hosted program. Subprin() auth.SubPrin // Start starts the the hosted program and returns a tao channel to it. Start() (io.ReadWriteCloser, error) // Kill kills the hosted program and cleans up resources. Kill() error // Stop stops the hosted program and cleans up resources. Stop() error WaitChan() <-chan bool // Cleanup cleans up resources, such as temporary files. Cleanup() error // Pid returns a factory-specific numeric identifier. Pid() int // ExitStatus returns a factory-specific exit status code if // the hosted program has exited. ExitStatus() (int, error) }
A HostedProgram is an abstraction of a process. It is closely related to os/exec.Cmd and github.com/docker/docker/daemon.Container.
type HostedProgramFactory ¶
type HostedProgramFactory interface { // NewHostedProgram initializes, but does not start, a hosted program. NewHostedProgram(spec HostedProgramSpec) (HostedProgram, error) }
A HostedProgramFactory manages the creation of hosted programs. For example, on Linux, it might create processes using fork, or it might create processes running on docker containers. It might also start a virtual machine containing a new instance of an operating system.
func NewLinuxDockerContainerFactory ¶
func NewLinuxDockerContainerFactory(sockDir, rulesPath string) HostedProgramFactory
NewLinuxDockerContainerFactory returns a new HostedProgramFactory that can create docker containers to wrap programs.
func NewLinuxKVMCoreOSFactory ¶
func NewLinuxKVMCoreOSFactory(sockPath string, cfg *CoreOSConfig) (HostedProgramFactory, error)
NewLinuxKVMCoreOSFactory returns a new HostedProgramFactory that can create docker containers to wrap programs. TODO(kwalsh) fix comment.
func NewLinuxKVMCustomFactory ¶
func NewLinuxKVMCustomFactory(cfg *VmConfig) HostedProgramFactory
NewLinuxKVMCustomFactory returns a new HostedProgramFactory that can create docker containers to wrap programs.
func NewLinuxProcessFactory ¶
func NewLinuxProcessFactory(channelType, socketPath string) HostedProgramFactory
NewLinuxProcessFactory returns a new HostedProgramFactory that can create linux processes.
type HostedProgramSpec ¶
type HostedProgramSpec struct { // Id is an optional number to be included in the subprincipal name. If // zero, it will be omitted. Id uint // Path specifies a file, e.g. an executable or a vm image, to be // executed in some factory-specific way. Path string // Args are passed to the hosted program in some factory-specific way, // e.g. as command line arguments. Args []string // ContainerArgs are used to configure the factory-specific container in // which the hosted program is executed, e.g. by being passed as parameters // to `docker run`. ContainerArgs []string // Uid is a the linux uid under which the hosted program is to be executed. // Zero is not a legal value unless Superuser is set. Uid int // Gid is a the linux uid under which the hosted program is to be executed. // Zero is not a legal value unless Superuser is set. Gid int // Superuser enables running the hosted program with Uid or Gid 0. This // field is meant to prevent an accidentally omitted Uid from being // interpreted as a request to run the hosted program as superuser. Instead, // superuser must explicitly be set. Superuser bool // Stdin, Stdout, and Stderr are open file descriptors to be shared with the // hosted program in a factory-specific way. If nil, factory-specific // default values are used, e.g. perhaps /dev/null or inheriting from the // tao host server. If not nil, these must have a File.Fd(). Stdin, Stdout, Stderr *os.File // Dir is the directory in which to start the program. If empty, a // factory-specific default will be used, e.g. perhaps the tao host server's // directory, or perhaps dirname(Path). Dir string // Env specifies the environment of the hosted program. If Env is nil, a // factory-specific default environment will be used. Some factories may // modify the environment, e.g. to pass certain parameters across a fork. Env []string }
A HostedProgramSpec contains all of the information that might be needed to start a hosted program. Some factories may not use all of this information, and the semantics of each field vary by factory.
type HostedProgramType ¶
type HostedProgramType int
The HostedProgramType represents the type of hosted programs and the channel type used for communication between the Host and the Hosted Program.
const ( NoHostedPrograms HostedProgramType = iota ProcessPipe DockerUnix KVMCoreOSFile KVMCustom )
These constants represent the different configurations of hosted programs and communication channels.
type HybridSealedData ¶
type HybridSealedData struct { SealedKey []byte `protobuf:"bytes,1,req,name=SealedKey" json:"SealedKey,omitempty"` EncryptedData []byte `protobuf:"bytes,2,req,name=EncryptedData" json:"EncryptedData,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*HybridSealedData) Descriptor ¶
func (*HybridSealedData) Descriptor() ([]byte, []int)
func (*HybridSealedData) GetEncryptedData ¶
func (m *HybridSealedData) GetEncryptedData() []byte
func (*HybridSealedData) GetSealedKey ¶
func (m *HybridSealedData) GetSealedKey() []byte
func (*HybridSealedData) ProtoMessage ¶
func (*HybridSealedData) ProtoMessage()
func (*HybridSealedData) Reset ¶
func (m *HybridSealedData) Reset()
func (*HybridSealedData) String ¶
func (m *HybridSealedData) String() string
type KeyDerivationPDU ¶
type KeyDerivationPDU struct { PreviousHash []byte `protobuf:"bytes,1,req,name=previous_hash,json=previousHash" json:"previous_hash,omitempty"` Size *uint32 `protobuf:"fixed32,2,req,name=size" json:"size,omitempty"` Context *string `protobuf:"bytes,3,req,name=context" json:"context,omitempty"` Index *uint32 `protobuf:"fixed32,4,req,name=index" json:"index,omitempty"` XXX_unrecognized []byte `json:"-"` }
A PDU to be serialized and fed to HKDF for derivation.
func (*KeyDerivationPDU) Descriptor ¶
func (*KeyDerivationPDU) Descriptor() ([]byte, []int)
func (*KeyDerivationPDU) GetContext ¶
func (m *KeyDerivationPDU) GetContext() string
func (*KeyDerivationPDU) GetIndex ¶
func (m *KeyDerivationPDU) GetIndex() uint32
func (*KeyDerivationPDU) GetPreviousHash ¶
func (m *KeyDerivationPDU) GetPreviousHash() []byte
func (*KeyDerivationPDU) GetSize ¶
func (m *KeyDerivationPDU) GetSize() uint32
func (*KeyDerivationPDU) ProtoMessage ¶
func (*KeyDerivationPDU) ProtoMessage()
func (*KeyDerivationPDU) Reset ¶
func (m *KeyDerivationPDU) Reset()
func (*KeyDerivationPDU) String ¶
func (m *KeyDerivationPDU) String() string
type Keys ¶
type Keys struct { // This represents the private key used to sign statements. SigningKey *Signer // This represents the keys for the symmetric suite used to encrypt and // integrity protect data. CryptingKey *Crypter // This is the deriving key used to obtain keys from a master secret // like passwords in the case of domain keys. DerivingKey *Deriver // This represents the public key of the SigningKey. VerifyingKey *Verifier // This is an attestation by my host appointing the public key of // the Signing key. This can be nil. Delegation *Attestation // This is the certificate for the signing key. // For a Root Tao, this cert is signed by the policy key or // other authority. It can be nil. Cert *x509.Certificate // This is the certificate chain from the signer of Cert to the // policy key (or other authority). CertChain []*x509.Certificate // contains filtered or unexported fields }
The Keys structure manages a set of signing, verifying, encrypting, and key-deriving // keys for many uses. To some extent, the field meanings will differ between uses. The comments below are focused on the use of the Keys structure for domains, including the policy domain, and Tao's (Root and Stacked).
func KeysFromCryptoKeyset ¶
func KeysFromCryptoKeyset(cks *CryptoKeyset) (*Keys, error)
KeysFromCryptoKeyset decodes a CryptoKeyset into a Keys structure.
func LoadKeys ¶
LoadKeys reads a key set from file. If there is a parent tao (t!=nil), then expect the keys are sealed and call t.Unseal(); otherwise, expect the key set to be plaintext.
func NewOnDiskPBEKeys ¶
func NewOnDiskPBEKeys(keyTypes KeyType, password []byte, path string, name *pkix.Name) (*Keys, error)
NewOnDiskPBEKeys creates a new Keys structure with the specified key types store under PBE on disk. If keys are generated and name is not nil, then a self-signed x509 certificate will be generated and saved as well.
func NewOnDiskTaoSealedKeys ¶
NewOnDiskTaoSealedKeys sets up the keys sealed under a host Tao or reads sealed keys.
func NewSignedOnDiskPBEKeys ¶
func NewSignedOnDiskPBEKeys(keyTypes KeyType, password []byte, path string, name *pkix.Name, serial int, signer *Keys) (*Keys, error)
NewSignedOnDiskPBEKeys creates the same type of keys as NewOnDiskPBEKeys but signs a certificate for the signer with the provided Keys, which must have both a SigningKey and a Certificate.
func NewTemporaryKeys ¶
NewTemporaryKeys creates a new Keys structure with the specified keys.
func NewTemporaryTaoDelegatedKeys ¶
NewTemporaryTaoDelegatedKeys initializes a set of temporary keys under a host Tao, using the Tao to generate a delegation for the signing key. Since these keys are never stored on disk, they are not sealed to the Tao.
func UnmarshalKeys ¶
func (*Keys) NewSecret ¶
NewSecret creates and encrypts a new secret value of the given length, or it reads and decrypts the value and checks that it's the right length. It creates the file and its parent directories if these directories do not exist.
func (*Keys) PBEKeysetPath ¶
PBEKeysetPath returns the path for stored keys.
func (*Keys) PBESignerPath ¶
PBESignerPath returns the path for a stored signing key.
func (*Keys) PlaintextKeysetPath ¶
PlaintextKeysetPath returns the path for a key stored in plaintext (this is not normally the case).
func (*Keys) SealedKeysetPath ¶
SealedKeysetPath returns the path for a stored signing key.
func (*Keys) X509VerifierPath ¶
X509VerifierPath returns the path to the verifier key, stored as an X.509 certificate.
type KvmCoreOSContainer ¶
type KvmCoreOSContainer struct { // TODO(kwalsh) A temporary directory for the config drive. Tempdir string // Hash of the CoreOS image. Hash []byte // Hash of the factory's KVM image. // TODO(kwalsh) Move this to LinuxKVMCoreOSFactory. and don't recompute? FactoryHash []byte // The factory responsible for the vm. Factory *LinuxKVMCoreOSFactory // Configuration details for CoreOS, mostly obtained from the factory. // TODO(kwalsh) what is a good description for this? Cfg *CoreOSConfig // The underlying vm process. QCmd *exec.Cmd // Path to linux host. // TODO(kwalsh) is this description correct? LHPath string // A channel to be signaled when the vm is done. Done chan bool // contains filtered or unexported fields }
A KvmCoreOSContainer represents a hosted program running as a CoreOS image on KVM. It uses os/exec.Cmd to send commands to QEMU/KVM to start CoreOS then uses SSH to connect to CoreOS to start the LinuxHost there with a virtio-serial connection for its communication with the Tao running on Linux in the guest. This use of os/exec is to avoid having to rewrite or hook into libvirt for now.
func (*KvmCoreOSContainer) Cleanup ¶
func (kcc *KvmCoreOSContainer) Cleanup() error
func (*KvmCoreOSContainer) ExitStatus ¶
func (kcc *KvmCoreOSContainer) ExitStatus() (int, error)
ExitStatus returns an exit code for the container.
func (*KvmCoreOSContainer) Kill ¶
func (kcc *KvmCoreOSContainer) Kill() error
Kill sends a SIGKILL signal to a QEMU instance.
func (*KvmCoreOSContainer) Pid ¶
func (kcc *KvmCoreOSContainer) Pid() int
Pid returns a numeric ID for this container.
func (*KvmCoreOSContainer) Spec ¶
func (kcc *KvmCoreOSContainer) Spec() HostedProgramSpec
Spec returns the specification used to start the hosted vm.
func (*KvmCoreOSContainer) Start ¶
func (kcc *KvmCoreOSContainer) Start() (channel io.ReadWriteCloser, err error)
Start launches a QEMU/KVM CoreOS instance, connects to it with SSH to start the LinuxHost on it, and returns the socket connection to that host.
func (*KvmCoreOSContainer) Stop ¶
func (kcc *KvmCoreOSContainer) Stop() error
Stop sends a SIGSTOP signal to a docker container.
func (*KvmCoreOSContainer) Subprin ¶
func (kcc *KvmCoreOSContainer) Subprin() auth.SubPrin
Subprin returns the subprincipal representing the hosted vm.
func (*KvmCoreOSContainer) WaitChan ¶
func (kcc *KvmCoreOSContainer) WaitChan() <-chan bool
WaitChan returns a chan that will be signaled when the hosted vm is done.
type KvmCustomContainer ¶
type KvmCustomContainer struct { // Hash of the kernel image. KernelHash []byte // Hash fo the InitRam image. InitRamHash []byte // The factory responsible for the vm. Factory *LinuxKVMCustomFactory // Configuration details for VM, mostly obtained from the factory. // TODO(kwalsh) what is a good description for this? Cfg *VmConfig // The underlying vm process. QCmd *exec.Cmd // A channel to be signaled when the vm is done. Done chan bool // contains filtered or unexported fields }
A KvmCustomContainer represents a hosted program running as a VM on KVM. It uses os/exec.Cmd to send commands to QEMU/KVM to start the VM. This use of os/exec is to avoid having to rewrite or hook into libvirt for now.
func (*KvmCustomContainer) Cleanup ¶
func (kcc *KvmCustomContainer) Cleanup() error
func (*KvmCustomContainer) ExitStatus ¶
func (kcc *KvmCustomContainer) ExitStatus() (int, error)
ExitStatus returns an exit code for the container.
func (*KvmCustomContainer) Kill ¶
func (kcc *KvmCustomContainer) Kill() error
Kill sends a SIGKILL signal to a QEMU instance.
func (*KvmCustomContainer) Pid ¶
func (kcc *KvmCustomContainer) Pid() int
Pid returns a numeric ID for this container.
func (*KvmCustomContainer) Spec ¶
func (kcc *KvmCustomContainer) Spec() HostedProgramSpec
Spec returns the specification used to start the hosted vm.
func (*KvmCustomContainer) Start ¶
func (kcc *KvmCustomContainer) Start() (channel io.ReadWriteCloser, err error)
Start launches a QEMU/KVM CoreOS instance, connects to it with SSH to start the LinuxHost on it, and returns the socket connection to that host.
func (*KvmCustomContainer) Stop ¶
func (kcc *KvmCustomContainer) Stop() error
Stop sends a SIGSTOP signal to a docker container.
func (*KvmCustomContainer) Subprin ¶
func (kcc *KvmCustomContainer) Subprin() auth.SubPrin
Subprin returns the subprincipal representing the hosted vm.
func (*KvmCustomContainer) WaitChan ¶
func (kcc *KvmCustomContainer) WaitChan() <-chan bool
WaitChan returns a chan that will be signaled when the hosted vm is done.
type LinuxDockerContainerFactory ¶
A LinuxDockerContainerFactory manages hosted programs started as docker containers over a given docker image.
func (*LinuxDockerContainerFactory) NewHostedProgram ¶
func (ldcf *LinuxDockerContainerFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)
NewHostedProgram initializes, but does not start, a hosted docker container.
type LinuxHost ¶
type LinuxHost struct { Host Host // contains filtered or unexported fields }
A LinuxHost is a Tao host environment in which hosted programs are Linux processes. A Unix domain socket accepts administrative commands for controlling the host, e.g., for starting hosted processes, stopping hosted processes, or shutting down the host. A LinuxTao can be run in stacked mode (on top of a host Tao) or in root mode (without an underlying host Tao).
func NewRootLinuxHost ¶
func NewRootLinuxHost(path string, guard Guard, password []byte, childFactory HostedProgramFactory) (*LinuxHost, error)
NewRootLinuxHost creates a new LinuxHost as a standalone Host that can provide the Tao to hosted Linux processes.
func NewStackedLinuxHost ¶
func NewStackedLinuxHost(path string, guard Guard, hostTao Tao, childFactory HostedProgramFactory) (*LinuxHost, error)
NewStackedLinuxHost creates a new LinuxHost as a hosted program of an existing host Tao.
func (*LinuxHost) Attest ¶
func (lh *LinuxHost) Attest(child *LinuxHostChild, issuer *auth.Prin, time, expiration *int64, stmt auth.Form) (*Attestation, error)
Attest signs a statement on behalf of the child.
func (*LinuxHost) ExtendTaoName ¶
func (lh *LinuxHost) ExtendTaoName(child *LinuxHostChild, ext auth.SubPrin) error
ExtendTaoName irreversibly extends the Tao principal name of the child.
func (*LinuxHost) GetCounter ¶
func (lh *LinuxHost) GetCounter(child *LinuxHostChild, label string) (int64, error)
GetCounter gets the child's counter for the given label.
func (*LinuxHost) GetRandomBytes ¶
func (lh *LinuxHost) GetRandomBytes(child *LinuxHostChild, n int) ([]byte, error)
GetRandomBytes returns a slice of n random bytes for the child.
func (*LinuxHost) GetSharedSecret ¶
GetSharedSecret returns a slice of n secret bytes for the child.
func (*LinuxHost) GetTaoName ¶
func (lh *LinuxHost) GetTaoName(child *LinuxHostChild) auth.Prin
GetTaoName returns the Tao name for the child.
func (*LinuxHost) InitCounter ¶
func (lh *LinuxHost) InitCounter(child *LinuxHostChild, label string, c int64) error
InitCounter initializes the child's counter for the given label. If label is empty string, just read in the table
func (*LinuxHost) KillHostedProgram ¶
KillHostedProgram kills a running hosted program.
func (*LinuxHost) ListHostedPrograms ¶
ListHostedPrograms returns a list of running hosted programs.
func (*LinuxHost) RollbackProtectedSeal ¶
func (lh *LinuxHost) RollbackProtectedSeal(child *LinuxHostChild, label string, data []byte, policy string) ([]byte, error)
RollbackProtectedSeal seals the data associated with the given label with rollback protection.
func (*LinuxHost) RollbackProtectedUnseal ¶
func (lh *LinuxHost) RollbackProtectedUnseal(child *LinuxHostChild, sealed []byte) ([]byte, string, error)
RollbackProtectedUnseal unseals the data associated with the given label with rollback protection.
func (*LinuxHost) Seal ¶
Seal encrypts data for the child. This call also zeroes the data parameter.
func (*LinuxHost) Shutdown ¶
Shutdown stops all hosted programs. If any remain after 10 seconds, they are killed.
func (*LinuxHost) StartHostedProgram ¶
StartHostedProgram starts a new hosted program.
func (*LinuxHost) StopHostedProgram ¶
StopHostedProgram stops a running hosted program.
type LinuxHostAdminClient ¶
LinuxHostAdminClient is a client stub for LinuxHost's admin RPC interface.
func NewLinuxHostAdminClient ¶
func NewLinuxHostAdminClient(conn *net.UnixConn) LinuxHostAdminClient
NewLinuxHostAdminClient returns a new client stub for LinuxHost's admin RPC interface.
func (LinuxHostAdminClient) HostName ¶
func (client LinuxHostAdminClient) HostName() (auth.Prin, error)
HostName is the client stub for LinuxHost.HostName.
func (LinuxHostAdminClient) KillHostedProgram ¶
func (client LinuxHostAdminClient) KillHostedProgram(subprin auth.SubPrin) error
KillHostedProgram is the client stub for LinuxHost.KillHostedProgram.
func (LinuxHostAdminClient) ListHostedPrograms ¶
func (client LinuxHostAdminClient) ListHostedPrograms() (name []auth.SubPrin, pid []int, err error)
ListHostedPrograms is the client stub for LinuxHost.ListHostedPrograms.
func (LinuxHostAdminClient) Shutdown ¶
func (client LinuxHostAdminClient) Shutdown() error
Shutdown is the client stub for LinuxHost.Shutdown.
func (LinuxHostAdminClient) StartHostedProgram ¶
func (client LinuxHostAdminClient) StartHostedProgram(spec *HostedProgramSpec) (auth.SubPrin, int, error)
StartHostedProgram is the client stub for LinuxHost.StartHostedProgram.
func (LinuxHostAdminClient) StopHostedProgram ¶
func (client LinuxHostAdminClient) StopHostedProgram(subprin auth.SubPrin) error
StopHostedProgram is the client stub for LinuxHost.StopHostedProgram.
func (LinuxHostAdminClient) WaitHostedProgram ¶
WaitHostedProgram is the client stub for LinuxHost.WaitHostedProgram.
type LinuxHostAdminRPCHostedProgram ¶
type LinuxHostAdminRPCHostedProgram struct { Subprin []byte `protobuf:"bytes,1,req,name=subprin" json:"subprin,omitempty"` Pid *int32 `protobuf:"varint,2,req,name=pid" json:"pid,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*LinuxHostAdminRPCHostedProgram) Descriptor ¶
func (*LinuxHostAdminRPCHostedProgram) Descriptor() ([]byte, []int)
func (*LinuxHostAdminRPCHostedProgram) GetPid ¶
func (m *LinuxHostAdminRPCHostedProgram) GetPid() int32
func (*LinuxHostAdminRPCHostedProgram) GetSubprin ¶
func (m *LinuxHostAdminRPCHostedProgram) GetSubprin() []byte
func (*LinuxHostAdminRPCHostedProgram) ProtoMessage ¶
func (*LinuxHostAdminRPCHostedProgram) ProtoMessage()
func (*LinuxHostAdminRPCHostedProgram) Reset ¶
func (m *LinuxHostAdminRPCHostedProgram) Reset()
func (*LinuxHostAdminRPCHostedProgram) String ¶
func (m *LinuxHostAdminRPCHostedProgram) String() string
type LinuxHostAdminRPCRequest ¶
type LinuxHostAdminRPCRequest struct { Subprin []byte `protobuf:"bytes,1,opt,name=subprin" json:"subprin,omitempty"` Path *string `protobuf:"bytes,2,opt,name=path" json:"path,omitempty"` Args []string `protobuf:"bytes,3,rep,name=args" json:"args,omitempty"` Pid *int32 `protobuf:"varint,4,opt,name=pid" json:"pid,omitempty"` Dir *string `protobuf:"bytes,5,opt,name=dir" json:"dir,omitempty"` ContainerArgs []string `protobuf:"bytes,6,rep,name=container_args" json:"container_args,omitempty"` Stdin *int32 `protobuf:"varint,7,opt,name=stdin" json:"stdin,omitempty"` Stdout *int32 `protobuf:"varint,8,opt,name=stdout" json:"stdout,omitempty"` Stderr *int32 `protobuf:"varint,9,opt,name=stderr" json:"stderr,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*LinuxHostAdminRPCRequest) Descriptor ¶
func (*LinuxHostAdminRPCRequest) Descriptor() ([]byte, []int)
func (*LinuxHostAdminRPCRequest) GetArgs ¶
func (m *LinuxHostAdminRPCRequest) GetArgs() []string
func (*LinuxHostAdminRPCRequest) GetContainerArgs ¶
func (m *LinuxHostAdminRPCRequest) GetContainerArgs() []string
func (*LinuxHostAdminRPCRequest) GetDir ¶
func (m *LinuxHostAdminRPCRequest) GetDir() string
func (*LinuxHostAdminRPCRequest) GetPath ¶
func (m *LinuxHostAdminRPCRequest) GetPath() string
func (*LinuxHostAdminRPCRequest) GetPid ¶
func (m *LinuxHostAdminRPCRequest) GetPid() int32
func (*LinuxHostAdminRPCRequest) GetStderr ¶
func (m *LinuxHostAdminRPCRequest) GetStderr() int32
func (*LinuxHostAdminRPCRequest) GetStdin ¶
func (m *LinuxHostAdminRPCRequest) GetStdin() int32
func (*LinuxHostAdminRPCRequest) GetStdout ¶
func (m *LinuxHostAdminRPCRequest) GetStdout() int32
func (*LinuxHostAdminRPCRequest) GetSubprin ¶
func (m *LinuxHostAdminRPCRequest) GetSubprin() []byte
func (*LinuxHostAdminRPCRequest) ProtoMessage ¶
func (*LinuxHostAdminRPCRequest) ProtoMessage()
func (*LinuxHostAdminRPCRequest) Reset ¶
func (m *LinuxHostAdminRPCRequest) Reset()
func (*LinuxHostAdminRPCRequest) String ¶
func (m *LinuxHostAdminRPCRequest) String() string
type LinuxHostAdminRPCResponse ¶
type LinuxHostAdminRPCResponse struct { Child []*LinuxHostAdminRPCHostedProgram `protobuf:"bytes,1,rep,name=child" json:"child,omitempty"` Prin []byte `protobuf:"bytes,2,opt,name=prin" json:"prin,omitempty"` Status *int32 `protobuf:"varint,3,opt,name=status" json:"status,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*LinuxHostAdminRPCResponse) Descriptor ¶
func (*LinuxHostAdminRPCResponse) Descriptor() ([]byte, []int)
func (*LinuxHostAdminRPCResponse) GetChild ¶
func (m *LinuxHostAdminRPCResponse) GetChild() []*LinuxHostAdminRPCHostedProgram
func (*LinuxHostAdminRPCResponse) GetPrin ¶
func (m *LinuxHostAdminRPCResponse) GetPrin() []byte
func (*LinuxHostAdminRPCResponse) GetStatus ¶
func (m *LinuxHostAdminRPCResponse) GetStatus() int32
func (*LinuxHostAdminRPCResponse) ProtoMessage ¶
func (*LinuxHostAdminRPCResponse) ProtoMessage()
func (*LinuxHostAdminRPCResponse) Reset ¶
func (m *LinuxHostAdminRPCResponse) Reset()
func (*LinuxHostAdminRPCResponse) String ¶
func (m *LinuxHostAdminRPCResponse) String() string
type LinuxHostAdminServer ¶
type LinuxHostAdminServer struct { Done chan bool // contains filtered or unexported fields }
LinuxHostAdminServer is a server stub for LinuxHost's admin RPC interface.
func NewLinuxHostAdminServer ¶
func NewLinuxHostAdminServer(host *LinuxHost) LinuxHostAdminServer
NewLinuxHostAdminServer returns a new server stub for LinuxHost's admin RPC interface.
func (LinuxHostAdminServer) Serve ¶
func (server LinuxHostAdminServer) Serve(sock *net.UnixListener) error
Serve listens on sock for new connections and services them.
type LinuxHostChild ¶
type LinuxHostChild struct { ChildSubprin auth.SubPrin Cmd HostedProgram // contains filtered or unexported fields }
LinuxHostChild holds state associated with a running child program. TODO(kwalsh) Nothing in this is linux specific. Move channel and ChildSubprin into (getter methods of) interface HostedProgram and eliminate this struct? Also merge channel cleanup into HostedProgram.Cleanup()
type LinuxHostConfig ¶
type LinuxHostConfig struct { // Either "root" or "stacked" Type *string `protobuf:"bytes,1,req,name=type" json:"type,omitempty"` // Either "TPM", "TPM2", "pipe", "file", or "unix" ParentType *string `protobuf:"bytes,2,opt,name=parent_type" json:"parent_type,omitempty"` // For non-tpm parent types, the parent connection spec ParentSpec *string `protobuf:"bytes,3,opt,name=parent_spec" json:"parent_spec,omitempty"` // Socket directory, relative to host configuration directory. SocketDir *string `protobuf:"bytes,4,opt,name=socket_dir" json:"socket_dir,omitempty"` // Either "process", "docker", or "kvm_coreos" Hosting *string `protobuf:"bytes,5,req,name=hosting" json:"hosting,omitempty"` // Path to CoreOS image for hosted KVM, absolute or relative to domain. KvmCoreosImg *string `protobuf:"bytes,6,opt,name=kvm_coreos_img" json:"kvm_coreos_img,omitempty"` // KB of memory to allocate for each VM KvmCoreosVmMemory *int32 `protobuf:"varint,7,opt,name=kvm_coreos_vm_memory" json:"kvm_coreos_vm_memory,omitempty"` // Path to CoreOS authorized_keys for hosted KVM, absolute or relative to domain. KvmCoreosSshAuthKeys *string `protobuf:"bytes,8,opt,name=kvm_coreos_ssh_auth_keys" json:"kvm_coreos_ssh_auth_keys,omitempty"` // KB of memory to allocate for each VM with custom kernel and initram. KvmCustomVmMemory *int32 `protobuf:"varint,9,opt,name=kvm_custom_vm_memory" json:"kvm_custom_vm_memory,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*LinuxHostConfig) GetHosting ¶
func (m *LinuxHostConfig) GetHosting() string
func (*LinuxHostConfig) GetKvmCoreosImg ¶
func (m *LinuxHostConfig) GetKvmCoreosImg() string
func (*LinuxHostConfig) GetKvmCoreosSshAuthKeys ¶
func (m *LinuxHostConfig) GetKvmCoreosSshAuthKeys() string
func (*LinuxHostConfig) GetKvmCoreosVmMemory ¶
func (m *LinuxHostConfig) GetKvmCoreosVmMemory() int32
func (*LinuxHostConfig) GetKvmCustomVmMemory ¶
func (m *LinuxHostConfig) GetKvmCustomVmMemory() int32
func (*LinuxHostConfig) GetParentSpec ¶
func (m *LinuxHostConfig) GetParentSpec() string
func (*LinuxHostConfig) GetParentType ¶
func (m *LinuxHostConfig) GetParentType() string
func (*LinuxHostConfig) GetSocketDir ¶
func (m *LinuxHostConfig) GetSocketDir() string
func (*LinuxHostConfig) GetType ¶
func (m *LinuxHostConfig) GetType() string
func (*LinuxHostConfig) ProtoMessage ¶
func (*LinuxHostConfig) ProtoMessage()
func (*LinuxHostConfig) Reset ¶
func (m *LinuxHostConfig) Reset()
func (*LinuxHostConfig) String ¶
func (m *LinuxHostConfig) String() string
type LinuxHostSealedBundle ¶
type LinuxHostSealedBundle struct { Policy *string `protobuf:"bytes,1,req,name=policy" json:"policy,omitempty"` PolicyInfo *string `protobuf:"bytes,2,opt,name=policy_info" json:"policy_info,omitempty"` Data []byte `protobuf:"bytes,3,req,name=data" json:"data,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*LinuxHostSealedBundle) GetData ¶
func (m *LinuxHostSealedBundle) GetData() []byte
func (*LinuxHostSealedBundle) GetPolicy ¶
func (m *LinuxHostSealedBundle) GetPolicy() string
func (*LinuxHostSealedBundle) GetPolicyInfo ¶
func (m *LinuxHostSealedBundle) GetPolicyInfo() string
func (*LinuxHostSealedBundle) ProtoMessage ¶
func (*LinuxHostSealedBundle) ProtoMessage()
func (*LinuxHostSealedBundle) Reset ¶
func (m *LinuxHostSealedBundle) Reset()
func (*LinuxHostSealedBundle) String ¶
func (m *LinuxHostSealedBundle) String() string
type LinuxHostTaoServer ¶
type LinuxHostTaoServer struct {
// contains filtered or unexported fields
}
LinuxHostTaoServer is a server stub for LinuxHost's Tao RPC interface.
func NewLinuxHostTaoServer ¶
func NewLinuxHostTaoServer(host *LinuxHost, child *LinuxHostChild) LinuxHostTaoServer
NewLinuxHostTaoServer returns a new server stub for LinuxHost's Tao RPC interface.
func (LinuxHostTaoServer) Serve ¶
func (server LinuxHostTaoServer) Serve(conn io.ReadWriteCloser) error
Serve listens on sock for new connections and services them.
type LinuxKVMCoreOSFactory ¶
type LinuxKVMCoreOSFactory struct { Cfg *CoreOSConfig SocketPath string PublicKey string PrivateKey ssh.Signer }
A LinuxKVMCoreOSFactory manages hosted programs started as QEMU/KVM instances over a given CoreOS image.
func (*LinuxKVMCoreOSFactory) NewHostedProgram ¶
func (lkcf *LinuxKVMCoreOSFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)
MakeSubprin computes the hash of a QEMU/KVM CoreOS image to get a subprincipal for authorization purposes.
type LinuxKVMCustomFactory ¶
type LinuxKVMCustomFactory struct {
Cfg *VmConfig
}
A LinuxKVMCustomFactory manages hosted programs started as QEMU/KVM instances.
func (*LinuxKVMCustomFactory) NewHostedProgram ¶
func (lkcf *LinuxKVMCustomFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)
MakeSubprin computes the hash of a QEMU/KVM CoreOS image to get a subprincipal for authorization purposes.
type LinuxProcessFactory ¶
type LinuxProcessFactory struct {
// contains filtered or unexported fields
}
A LinuxProcessFactory supports methods for creating Linux processes as hosted programs. LinuxProcessFactory implements HostedProgramFactory.
func (*LinuxProcessFactory) NewHostedProgram ¶
func (lpf *LinuxProcessFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)
NewHostedProgram initializes, but does not start, a hosted process.
type PBEData ¶
type PBEData struct { Version *CryptoVersion `protobuf:"varint,1,req,name=version,enum=tao.CryptoVersion" json:"version,omitempty"` Cipher *string `protobuf:"bytes,2,req,name=cipher" json:"cipher,omitempty"` Hmac *string `protobuf:"bytes,3,req,name=hmac" json:"hmac,omitempty"` Iterations *int32 `protobuf:"varint,4,req,name=iterations" json:"iterations,omitempty"` Iv []byte `protobuf:"bytes,5,req,name=iv" json:"iv,omitempty"` Ciphertext []byte `protobuf:"bytes,6,req,name=ciphertext" json:"ciphertext,omitempty"` // TODO(kwalsh) Should this not use a mac as well for integrity protection? Salt []byte `protobuf:"bytes,7,req,name=salt" json:"salt,omitempty"` XXX_unrecognized []byte `json:"-"` }
TODO(jlm): Should cipher/hmac be replaced by CryptoHeader?
func (*PBEData) Descriptor ¶
func (*PBEData) GetCiphertext ¶
func (*PBEData) GetIterations ¶
func (*PBEData) GetVersion ¶
func (m *PBEData) GetVersion() CryptoVersion
func (*PBEData) ProtoMessage ¶
func (*PBEData) ProtoMessage()
type RPC ¶
type RPC struct {
// contains filtered or unexported fields
}
RPC sends requests between this hosted program and the host Tao.
func DeserializeFileRPC ¶
DeserializeFileRPC produces a RPC from a string representing a file.
func DeserializeRPC ¶
DeserializeRPC produces a RPC from a string.
func DeserializeUnixSocketRPC ¶
DeserializeUnixSocketRPC produces a RPC from a path string.
func NewRPC ¶
func NewRPC(rwc io.ReadWriteCloser, serviceName string) (*RPC, error)
NewRPC constructs a RPC for the default gob encoding rpc client using an io.ReadWriteCloser.
func (*RPC) Attest ¶
func (t *RPC) Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)
Attest implements part of the Tao interface.
func (*RPC) ExtendTaoName ¶
ExtendTaoName implements part of the Tao interface.
func (*RPC) GetRandomBytes ¶
GetRandomBytes implements part of the Tao interface.
func (*RPC) GetSharedSecret ¶
GetSharedSecret implements part of the Tao interface.
func (*RPC) GetTaoName ¶
GetTaoName implements part of the Tao interface.
func (*RPC) RollbackProtectedSeal ¶
func (*RPC) RollbackProtectedUnseal ¶
type RPCRequest ¶
type RPCRequest struct { Data []byte `protobuf:"bytes,1,opt,name=data" json:"data,omitempty"` Size *int32 `protobuf:"varint,2,opt,name=size" json:"size,omitempty"` Policy *string `protobuf:"bytes,3,opt,name=policy" json:"policy,omitempty"` Time *int64 `protobuf:"varint,4,opt,name=time" json:"time,omitempty"` Expiration *int64 `protobuf:"varint,5,opt,name=expiration" json:"expiration,omitempty"` Issuer []byte `protobuf:"bytes,6,opt,name=issuer" json:"issuer,omitempty"` Label *string `protobuf:"bytes,7,opt,name=label" json:"label,omitempty"` Counter *int64 `protobuf:"varint,8,opt,name=counter" json:"counter,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*RPCRequest) Descriptor ¶
func (*RPCRequest) Descriptor() ([]byte, []int)
func (*RPCRequest) GetCounter ¶
func (m *RPCRequest) GetCounter() int64
func (*RPCRequest) GetData ¶
func (m *RPCRequest) GetData() []byte
func (*RPCRequest) GetExpiration ¶
func (m *RPCRequest) GetExpiration() int64
func (*RPCRequest) GetIssuer ¶
func (m *RPCRequest) GetIssuer() []byte
func (*RPCRequest) GetLabel ¶
func (m *RPCRequest) GetLabel() string
func (*RPCRequest) GetPolicy ¶
func (m *RPCRequest) GetPolicy() string
func (*RPCRequest) GetSize ¶
func (m *RPCRequest) GetSize() int32
func (*RPCRequest) GetTime ¶
func (m *RPCRequest) GetTime() int64
func (*RPCRequest) ProtoMessage ¶
func (*RPCRequest) ProtoMessage()
func (*RPCRequest) Reset ¶
func (m *RPCRequest) Reset()
func (*RPCRequest) String ¶
func (m *RPCRequest) String() string
type RPCResponse ¶
type RPCResponse struct { Data []byte `protobuf:"bytes,1,opt,name=data" json:"data,omitempty"` Policy *string `protobuf:"bytes,2,opt,name=policy" json:"policy,omitempty"` Counter *int64 `protobuf:"varint,3,opt,name=counter" json:"counter,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*RPCResponse) Descriptor ¶
func (*RPCResponse) Descriptor() ([]byte, []int)
func (*RPCResponse) GetCounter ¶
func (m *RPCResponse) GetCounter() int64
func (*RPCResponse) GetData ¶
func (m *RPCResponse) GetData() []byte
func (*RPCResponse) GetPolicy ¶
func (m *RPCResponse) GetPolicy() string
func (*RPCResponse) ProtoMessage ¶
func (*RPCResponse) ProtoMessage()
func (*RPCResponse) Reset ¶
func (m *RPCResponse) Reset()
func (*RPCResponse) String ¶
func (m *RPCResponse) String() string
type RollbackCounterTable ¶
type RollbackCounterTable struct { Entries []*RollbackEntry `protobuf:"bytes,1,rep,name=entries" json:"entries,omitempty"` XXX_unrecognized []byte `json:"-"` }
Table of entries.
func ReadRollbackTable ¶
func ReadRollbackTable(fileName string, tableKey []byte) *RollbackCounterTable
Read the counter table.
func (*RollbackCounterTable) Descriptor ¶
func (*RollbackCounterTable) Descriptor() ([]byte, []int)
func (*RollbackCounterTable) GetEntries ¶
func (m *RollbackCounterTable) GetEntries() []*RollbackEntry
func (*RollbackCounterTable) LookupRollbackEntry ¶
func (t *RollbackCounterTable) LookupRollbackEntry(programName string, entryName string) *RollbackEntry
Lookup Rollback entry for programName, entryName).
func (*RollbackCounterTable) PrintRollbackTable ¶
func (t *RollbackCounterTable) PrintRollbackTable()
func (*RollbackCounterTable) ProtoMessage ¶
func (*RollbackCounterTable) ProtoMessage()
func (*RollbackCounterTable) Reset ¶
func (m *RollbackCounterTable) Reset()
func (*RollbackCounterTable) SaveHostRollbackTableWithNewKeys ¶
func (t *RollbackCounterTable) SaveHostRollbackTableWithNewKeys(lh *LinuxHost, child *LinuxHostChild, sealedKeyFileName string, tableFileName string) bool
func (*RollbackCounterTable) String ¶
func (m *RollbackCounterTable) String() string
func (*RollbackCounterTable) UpdateRollbackEntry ¶
func (t *RollbackCounterTable) UpdateRollbackEntry(programName string, entryName string, c *int64) *RollbackEntry
Update Rollback entry for programName, entryName).
type RollbackEntry ¶
type RollbackEntry struct { HostedProgramName *string `protobuf:"bytes,1,req,name=hosted_program_name" json:"hosted_program_name,omitempty"` EntryLabel *string `protobuf:"bytes,2,req,name=entry_label" json:"entry_label,omitempty"` Counter *int64 `protobuf:"varint,3,opt,name=counter" json:"counter,omitempty"` XXX_unrecognized []byte `json:"-"` }
This is the entry used by the host to track the stored counter value.
func (*RollbackEntry) Descriptor ¶
func (*RollbackEntry) Descriptor() ([]byte, []int)
func (*RollbackEntry) GetCounter ¶
func (m *RollbackEntry) GetCounter() int64
func (*RollbackEntry) GetEntryLabel ¶
func (m *RollbackEntry) GetEntryLabel() string
func (*RollbackEntry) GetHostedProgramName ¶
func (m *RollbackEntry) GetHostedProgramName() string
func (*RollbackEntry) PrintRollbackEntry ¶
func (e *RollbackEntry) PrintRollbackEntry()
func (*RollbackEntry) ProtoMessage ¶
func (*RollbackEntry) ProtoMessage()
func (*RollbackEntry) Reset ¶
func (m *RollbackEntry) Reset()
func (*RollbackEntry) String ¶
func (m *RollbackEntry) String() string
type RollbackSealedData ¶
type RollbackSealedData struct { Entry *RollbackEntry `protobuf:"bytes,1,opt,name=entry" json:"entry,omitempty"` ProtectedData []byte `protobuf:"bytes,2,opt,name=protected_data" json:"protected_data,omitempty"` XXX_unrecognized []byte `json:"-"` }
This is the data structure sealed by the host.
func (*RollbackSealedData) Descriptor ¶
func (*RollbackSealedData) Descriptor() ([]byte, []int)
func (*RollbackSealedData) GetEntry ¶
func (m *RollbackSealedData) GetEntry() *RollbackEntry
func (*RollbackSealedData) GetProtectedData ¶
func (m *RollbackSealedData) GetProtectedData() []byte
func (*RollbackSealedData) ProtoMessage ¶
func (*RollbackSealedData) ProtoMessage()
func (*RollbackSealedData) Reset ¶
func (m *RollbackSealedData) Reset()
func (*RollbackSealedData) String ¶
func (m *RollbackSealedData) String() string
type RootHost ¶
type RootHost struct {
// contains filtered or unexported fields
}
A RootHost is a standalone implementation of Host.
func NewTaoRootHost ¶
NewTaoRootHost generates a new RootHost with a fresh set of temporary keys.
func NewTaoRootHostFromKeys ¶
NewTaoRootHostFromKeys returns a RootHost that uses these keys.
func (*RootHost) AddedHostedProgram ¶
AddedHostedProgram notifies this Host that a new hosted program has been created.
func (*RootHost) Attest ¶
func (t *RootHost) Attest(childSubprin auth.SubPrin, issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)
Attest requests the Tao host sign a statement on behalf of the caller.
func (*RootHost) GetRandomBytes ¶
GetRandomBytes returns a slice of n random bytes.
func (*RootHost) GetSharedSecret ¶
GetSharedSecret returns a slice of n secret bytes.
func (*RootHost) GetVerifier ¶
func (*RootHost) HostName ¶
HostName gets the Tao principal name assigned to this hosted Tao host. The name encodes the full path from the root Tao, through all intermediary Tao hosts, to this hosted Tao host.
func (*RootHost) LoadCert ¶
func (t *RootHost) LoadCert(cert *x509.Certificate)
LoadCert loads a given cert into the root host key.
func (*RootHost) RemovedHostedProgram ¶
RemovedHostedProgram notifies this Host that a hosted program has been killed.
func (*RootHost) RollbackProtectedSeal ¶
type SignaturePDU ¶
type SignaturePDU struct { Header *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"` Context *string `protobuf:"bytes,2,req,name=context" json:"context,omitempty"` // The serialized ContextualizedData that is to be signed. Data []byte `protobuf:"bytes,3,req,name=data" json:"data,omitempty"` XXX_unrecognized []byte `json:"-"` }
A PDU including metadata for representing data to be signed. The data is a serialized ContextualizedData message providing unique deserialization.
func (*SignaturePDU) Descriptor ¶
func (*SignaturePDU) Descriptor() ([]byte, []int)
func (*SignaturePDU) GetContext ¶
func (m *SignaturePDU) GetContext() string
func (*SignaturePDU) GetData ¶
func (m *SignaturePDU) GetData() []byte
func (*SignaturePDU) GetHeader ¶
func (m *SignaturePDU) GetHeader() *CryptoHeader
func (*SignaturePDU) ProtoMessage ¶
func (*SignaturePDU) ProtoMessage()
func (*SignaturePDU) Reset ¶
func (m *SignaturePDU) Reset()
func (*SignaturePDU) String ¶
func (m *SignaturePDU) String() string
type SignedACLSet ¶
type SignedACLSet struct { SerializedAclset []byte `protobuf:"bytes,1,req,name=serialized_aclset" json:"serialized_aclset,omitempty"` Signature []byte `protobuf:"bytes,2,req,name=signature" json:"signature,omitempty"` XXX_unrecognized []byte `json:"-"` }
A set of ACL entries signed by a key.
func (*SignedACLSet) Descriptor ¶
func (*SignedACLSet) Descriptor() ([]byte, []int)
func (*SignedACLSet) GetSerializedAclset ¶
func (m *SignedACLSet) GetSerializedAclset() []byte
func (*SignedACLSet) GetSignature ¶
func (m *SignedACLSet) GetSignature() []byte
func (*SignedACLSet) ProtoMessage ¶
func (*SignedACLSet) ProtoMessage()
func (*SignedACLSet) Reset ¶
func (m *SignedACLSet) Reset()
func (*SignedACLSet) String ¶
func (m *SignedACLSet) String() string
type SignedData ¶
type SignedData struct { Header *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"` Signature []byte `protobuf:"bytes,2,req,name=signature" json:"signature,omitempty"` XXX_unrecognized []byte `json:"-"` }
The result of signing.
func (*SignedData) Descriptor ¶
func (*SignedData) Descriptor() ([]byte, []int)
func (*SignedData) GetHeader ¶
func (m *SignedData) GetHeader() *CryptoHeader
func (*SignedData) GetSignature ¶
func (m *SignedData) GetSignature() []byte
func (*SignedData) ProtoMessage ¶
func (*SignedData) ProtoMessage()
func (*SignedData) Reset ¶
func (m *SignedData) Reset()
func (*SignedData) String ¶
func (m *SignedData) String() string
type SignedDatalogRules ¶
type SignedDatalogRules struct { SerializedRules []byte `protobuf:"bytes,1,req,name=serialized_rules" json:"serialized_rules,omitempty"` Signature []byte `protobuf:"bytes,2,req,name=signature" json:"signature,omitempty"` XXX_unrecognized []byte `json:"-"` }
A set of rules signed by a key.
func (*SignedDatalogRules) Descriptor ¶
func (*SignedDatalogRules) Descriptor() ([]byte, []int)
func (*SignedDatalogRules) GetSerializedRules ¶
func (m *SignedDatalogRules) GetSerializedRules() []byte
func (*SignedDatalogRules) GetSignature ¶
func (m *SignedDatalogRules) GetSignature() []byte
func (*SignedDatalogRules) ProtoMessage ¶
func (*SignedDatalogRules) ProtoMessage()
func (*SignedDatalogRules) Reset ¶
func (m *SignedDatalogRules) Reset()
func (*SignedDatalogRules) String ¶
func (m *SignedDatalogRules) String() string
type Signer ¶
type Signer struct { Header *CryptoHeader PrivKey crypto.PrivateKey }
A Signer is used to sign and verify signatures
func GenerateAnonymousSigner ¶
func GenerateAnonymousSigner() *Signer
func InitializeSigner ¶
func InitializeSigner(marshaledCryptoKey []byte, keyType string, keyName *string, keyEpoch *int32, keyPurpose *string, keyStatus *string) (*Signer, error)
Generate or restore a signer. InitializeSigner uses marshaledCryptoKey to restore a signer from a serialized CryptoKey if it's not nil; otherwise it generates one. If generated, the remainder of the arguments are used as parameters; otherwise they are ignored.
func SignerFromCryptoKey ¶
func UnmarshalSignerDER ¶
UnmarshalSignerDER deserializes a Signer from DER.
func (*Signer) CanonicalKeyBytesFromSigner ¶
func (*Signer) CreateCRL ¶
func (s *Signer) CreateCRL(cert *x509.Certificate, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) ([]byte, error)
CreateCRL creates a signed X.509 certificate list for revoked certificates.
func (*Signer) CreateSelfSignedDER ¶
func (s *Signer) CreateSelfSignedDER(pkAlg int, sigAlg int, sn int64, name *pkix.Name) ([]byte, error)
CreateSelfSignedDER creates a DER representation of a new self-signed certificate for the given name.
func (*Signer) CreateSelfSignedX509 ¶
func (s *Signer) CreateSelfSignedX509(pkAlg int, sigAlg int, sn int64, name *pkix.Name) (*x509.Certificate, error)
CreateSelfSignedX509 creates a self-signed X.509 certificate for the public key of this Signer.
func (*Signer) CreateSignedX509 ¶
func (s *Signer) CreateSignedX509(caCert *x509.Certificate, sn int, subjectKey *Verifier, pkAlg int, sigAlg int, subjectName *pkix.Name) (*x509.Certificate, error)
CreateSignedX509 creates a signed X.509 certificate for some other subject's key. Should take template as argument.
func (*Signer) CreateSignedX509FromTemplate ¶
func (s *Signer) CreateSignedX509FromTemplate(caCert *x509.Certificate, template *x509.Certificate, subjectKey *Verifier, pkAlg int, sigAlg int) (*x509.Certificate, error)
CreateSignedX509FromTemplate creates a signed X.509 certificate for some other subject's key.
func (*Signer) GetSignerPrivateKey ¶
func (s *Signer) GetSignerPrivateKey() crypto.PrivateKey
func (*Signer) GetVerifierFromSigner ¶
func (*Signer) Sign ¶
Sign computes a sigature over the contextualized data, using the private key of the signer.
func (*Signer) ToPrincipal ¶
ToPrincipal produces a "key" type Prin for this signer. This contains a serialized CryptoKey for the public portion of the signing key.
func (*Signer) UniversalKeyNameFromSigner ¶
type SoftTao ¶
type SoftTao struct {
// contains filtered or unexported fields
}
A SoftTao is an implementation of the Tao that isn't backed by any hardware mechanisms. It's used for testing components that rely on the Tao.
func (*SoftTao) Attest ¶
func (s *SoftTao) Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)
Attest requests that the Tao host sign a statement on behalf of the caller.
func (*SoftTao) ExtendTaoName ¶
ExtendTaoName irreversibly extends the Tao principal name of the caller.
func (*SoftTao) GetRandomBytes ¶
GetRandomBytes fills the slice with random bytes.
func (*SoftTao) GetSharedSecret ¶
GetSharedSecret returns a slice of n secret bytes.
func (*SoftTao) GetTaoName ¶
GetTaoName returns the Tao principal name assigned to the caller.
func (*SoftTao) GetVerifier ¶
GetVerifier returns the verifying key for this Tao.
func (*SoftTao) RollbackProtectedSeal ¶
func (*SoftTao) RollbackProtectedUnseal ¶
type StackedHost ¶
type StackedHost struct {
// contains filtered or unexported fields
}
A StackedHost implements Host over an existing host Tao.
func (*StackedHost) AddedHostedProgram ¶
func (t *StackedHost) AddedHostedProgram(childSubprin auth.SubPrin) error
AddedHostedProgram notifies this Host that a new hosted program has been created.
func (*StackedHost) Attest ¶
func (t *StackedHost) Attest(childSubprin auth.SubPrin, issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)
Attest requests the Tao host sign a statement on behalf of the caller.
func (*StackedHost) Decrypt ¶
func (t *StackedHost) Decrypt(encrypted []byte) (data []byte, err error)
Decrypt data that only this host can access.
func (*StackedHost) Encrypt ¶
func (t *StackedHost) Encrypt(data []byte) (encrypted []byte, err error)
Encrypt data so that only this host can access it.
func (*StackedHost) GetCounter ¶
func (s *StackedHost) GetCounter(label string) (int64, error)
func (*StackedHost) GetRandomBytes ¶
GetRandomBytes returns a slice of n random bytes.
func (*StackedHost) GetSharedSecret ¶
func (t *StackedHost) GetSharedSecret(tag string, n int) (bytes []byte, err error)
GetSharedSecret returns a slice of n secret bytes.
func (*StackedHost) HostName ¶
func (t *StackedHost) HostName() auth.Prin
HostName gets the Tao principal name assigned to this hosted Tao host. The name encodes the full path from the root Tao, through all intermediary Tao hosts, to this hosted Tao host.
func (*StackedHost) InitCounter ¶
func (s *StackedHost) InitCounter(label string, c int64) error
func (*StackedHost) RemovedHostedProgram ¶
func (t *StackedHost) RemovedHostedProgram(childSubprin auth.SubPrin) error
RemovedHostedProgram notifies this Host that a hosted program has been killed.
func (*StackedHost) RollbackProtectedSeal ¶
func (*StackedHost) RollbackProtectedUnseal ¶
func (s *StackedHost) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)
type TPM2Details ¶
type TPM2Details struct { Tpm2InfoDir *string `protobuf:"bytes,1,opt,name=tpm2_info_dir,json=tpm2InfoDir" json:"tpm2_info_dir,omitempty"` Tpm2Device *string `protobuf:"bytes,2,opt,name=tpm2_device,json=tpm2Device" json:"tpm2_device,omitempty"` Tpm2Pcrs *string `protobuf:"bytes,3,opt,name=tpm2_pcrs,json=tpm2Pcrs" json:"tpm2_pcrs,omitempty"` Tpm2EkCert *string `protobuf:"bytes,4,opt,name=tpm2_ek_cert,json=tpm2EkCert" json:"tpm2_ek_cert,omitempty"` Tpm2QuoteCert *string `protobuf:"bytes,5,opt,name=tpm2_quote_cert,json=tpm2QuoteCert" json:"tpm2_quote_cert,omitempty"` Tpm2SealCert *string `protobuf:"bytes,6,opt,name=tpm2_seal_cert,json=tpm2SealCert" json:"tpm2_seal_cert,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*TPM2Details) Descriptor ¶
func (*TPM2Details) Descriptor() ([]byte, []int)
func (*TPM2Details) GetTpm2Device ¶
func (m *TPM2Details) GetTpm2Device() string
func (*TPM2Details) GetTpm2EkCert ¶
func (m *TPM2Details) GetTpm2EkCert() string
func (*TPM2Details) GetTpm2InfoDir ¶
func (m *TPM2Details) GetTpm2InfoDir() string
func (*TPM2Details) GetTpm2Pcrs ¶
func (m *TPM2Details) GetTpm2Pcrs() string
func (*TPM2Details) GetTpm2QuoteCert ¶
func (m *TPM2Details) GetTpm2QuoteCert() string
func (*TPM2Details) GetTpm2SealCert ¶
func (m *TPM2Details) GetTpm2SealCert() string
func (*TPM2Details) ProtoMessage ¶
func (*TPM2Details) ProtoMessage()
func (*TPM2Details) Reset ¶
func (m *TPM2Details) Reset()
func (*TPM2Details) String ¶
func (m *TPM2Details) String() string
type TPM2Tao ¶
type TPM2Tao struct {
// contains filtered or unexported fields
}
A TPM2Tao implements the Tao using a hardware TPM device.
func (*TPM2Tao) Attest ¶
func (tt *TPM2Tao) Attest(issuer *auth.Prin, start, expiration *int64, message auth.Form) (*Attestation, error)
Attest requests the Tao host seal a statement on behalf of the caller. The optional issuer, time and expiration will be given default values if nil.
func (*TPM2Tao) ExtendTaoName ¶
ExtendTaoName irreversibly extends the Tao principal name of the caller.
func (*TPM2Tao) GetPcrNums ¶
func (*TPM2Tao) GetRandomBytes ¶
GetRandomBytes returns a slice of n random bytes.
func (*TPM2Tao) GetRsaTPMKey ¶
TODO(jlm): Fix this to provide quoteHandle quoteHandle in structure should no longer be used.
func (*TPM2Tao) GetSharedSecret ¶
GetSharedSecret returns a slice of n secret bytes.
func (*TPM2Tao) GetTaoName ¶
GetTaoName returns the Tao principal name assigned to the caller.
func (*TPM2Tao) ReadRandom ¶
ReadRandom implements io.Reader to read random bytes from the TPM2Tao.
func (*TPM2Tao) RollbackProtectedSeal ¶
func (*TPM2Tao) RollbackProtectedUnseal ¶
func (*TPM2Tao) Seal ¶
Seal encrypts data so only certain hosted programs can unseal it. Note that at least some TPMs can only seal up to 149 bytes of data. So, we employ a hybrid encryption scheme that seals a key and uses the key to encrypt the data separately. We use the keys infrastructure to perform secure and flexible encryption.
func (*TPM2Tao) Tpm2Certify ¶
Return attest certificate
type TPMDetails ¶
type TPMDetails struct { TpmPath *string `protobuf:"bytes,1,opt,name=tpm_path,json=tpmPath" json:"tpm_path,omitempty"` AikPath *string `protobuf:"bytes,2,opt,name=aik_path,json=aikPath" json:"aik_path,omitempty"` // A string representing the IDs of PCRs, like "17,18". Pcrs *string `protobuf:"bytes,3,opt,name=pcrs" json:"pcrs,omitempty"` // Path for AIK cert. AikCertPath *string `protobuf:"bytes,4,opt,name=aik_cert_path,json=aikCertPath" json:"aik_cert_path,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*TPMDetails) Descriptor ¶
func (*TPMDetails) Descriptor() ([]byte, []int)
func (*TPMDetails) GetAikCertPath ¶
func (m *TPMDetails) GetAikCertPath() string
func (*TPMDetails) GetAikPath ¶
func (m *TPMDetails) GetAikPath() string
func (*TPMDetails) GetPcrs ¶
func (m *TPMDetails) GetPcrs() string
func (*TPMDetails) GetTpmPath ¶
func (m *TPMDetails) GetTpmPath() string
func (*TPMDetails) ProtoMessage ¶
func (*TPMDetails) ProtoMessage()
func (*TPMDetails) Reset ¶
func (m *TPMDetails) Reset()
func (*TPMDetails) String ¶
func (m *TPMDetails) String() string
type TPMTao ¶
type TPMTao struct {
// contains filtered or unexported fields
}
A TPMTao implements the Tao using a hardware TPM device.
func (*TPMTao) Attest ¶
func (tt *TPMTao) Attest(issuer *auth.Prin, start, expiration *int64, message auth.Form) (*Attestation, error)
Attest requests the Tao host sign a statement on behalf of the caller. The optional issuer, time and expiration will be given default values if nil.
func (*TPMTao) ExtendTaoName ¶
ExtendTaoName irreversibly extends the Tao principal name of the caller.
func (*TPMTao) GetRandomBytes ¶
GetRandomBytes returns a slice of n random bytes.
func (*TPMTao) GetSharedSecret ¶
GetSharedSecret returns a slice of n secret bytes.
func (*TPMTao) GetTaoName ¶
GetTaoName returns the Tao principal name assigned to the caller.
func (*TPMTao) RollbackProtectedSeal ¶
func (*TPMTao) RollbackProtectedUnseal ¶
func (*TPMTao) Seal ¶
Seal encrypts data so only certain hosted programs can unseal it. Note that at least some TPMs can only seal up to 149 bytes of data. So, we employ a hybrid encryption scheme that seals a key and uses the key to encrypt the data separately. We use the keys infrastructure to perform secure and flexible encryption.
type Tao ¶
type Tao interface { // GetTaoName returns the Tao principal name assigned to the caller. GetTaoName() (name auth.Prin, err error) // ExtendTaoName irreversibly extends the Tao principal name of the caller. ExtendTaoName(subprin auth.SubPrin) error // GetRandomBytes returns a slice of n random bytes. GetRandomBytes(n int) (bytes []byte, err error) // Rand produces an io.Reader for random bytes from this Tao. Rand() io.Reader GetSharedSecret(n int, policy string) (bytes []byte, err error) // Attest requests the Tao host sign a statement on behalf of the caller. The // optional issuer, time and expiration will be given default values if nil. // TODO(kwalsh) Maybe create a struct for these optional params? Or use // auth.Says instead (in which time and expiration are optional) with a // bogus Speaker field like key([]) or nil([]) or self, etc. Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error) // Seal encrypts data so only certain hosted programs can unseal it. Seal(data []byte, policy string) (sealed []byte, err error) // Unseal decrypts data that has been sealed by the Seal() operation, but only // if the policy specified during the Seal() operation is satisfied. Unseal(sealed []byte) (data []byte, policy string, err error) // InitCounter initializes a counter with given label. InitCounter(label string, c int64) error // GetCounter retrieves a counter with given label. GetCounter(label string) (int64, error) // RollbackProtectedSeal encrypts data under rollback protection // so only certain hosted programs can unseal it. RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error) // RollbackProtectedUnseal decrypts data under rollback protection. RollbackProtectedUnseal(sealed []byte) ([]byte, string, error) }
Tao is the fundamental Trustworthy Computing interface provided by a host to its hosted programs. Each level of a system can act as a host by exporting the Tao interface and providing Tao services to higher-level hosted programs.
In most cases, a hosted program will use a stub Tao that performs RPC over a channel to its host. The details of such RPC depend on the specific implementation of the host: some hosted programs may use pipes to communicate with their host, others may use sockets, etc.
func NewSoftTao ¶
NewSoftTao initializes the SoftTao with a crypter and a signer.
func NewTPM2Tao ¶
NewTPM2Tao creates a new TPM2Tao and returns it under the Tao interface.
func Parent ¶
func Parent() Tao
Parent returns the interface to the underlying host Tao. It depends on a specific environment variable being set. On success it memoizes the result before returning it because there should only ever be a single channel to the host. On failure, it logs a message using glog and returns nil. Note: errors are not returned so that, once it is confirmed that Parent returns a non-nil value, callers can use the function result in an expression, e.g.:
name, err := tao.Parent().GetTaoName()
func ParentFromConfig ¶
ParentFromConfig gets a parent Tao given a Config that specifies the Tao type.
type TrivialGuard ¶
type TrivialGuard int
A TrivialGuard implements a constant policy: either ConservativeGuard ("deny all") or LiberalGuard ("allow all"). TODO(kwalsh) make this a bool
const ( ConservativeGuard TrivialGuard = 1 << iota LiberalGuard )
The types of TrivialGuard
func (TrivialGuard) AddRule ¶
func (t TrivialGuard) AddRule(rule string) error
AddRule adds a policy rule. Subclasses should support at least rules of the form: Authorized(P, op, args...). This is equivalent to calling Authorize(P, op, args...) with each of the arguments converted to either a string or integer.
func (TrivialGuard) Authorize ¶
Authorize adds an authorization for a principal to perform an operation.
func (TrivialGuard) GetRule ¶
func (t TrivialGuard) GetRule(i int) string
GetRule returns the ith policy rule, if it exists.
func (TrivialGuard) IsAuthorized ¶
IsAuthorized checks whether a principal is authorized to perform an operation.
func (TrivialGuard) Query ¶
func (t TrivialGuard) Query(query string) (bool, error)
Query the policy. Implementations of this interface should support at least queries of the form: Authorized(P, op, args...).
func (TrivialGuard) Retract ¶
Retract removes an authorization for a principal to perform an operation, essentially reversing the effect of an Authorize() call with identical name, op, and args. Note: this reverses the effect of an Authorize() call with identical parameters of the equivalent AddRule() call. However, particularly when expressive policies are supported (e.g., an "authorize all" rule), other rules may still be in place authorizing the principal to perform the operation.
func (TrivialGuard) RetractRule ¶
func (t TrivialGuard) RetractRule(rule string) error
RetractRule removes a rule previously added via AddRule() or the equivalent Authorize() call.
func (TrivialGuard) RuleCount ¶
func (t TrivialGuard) RuleCount() int
RuleCount returns a count of the total number of rules.
func (TrivialGuard) RuleDebugString ¶
func (t TrivialGuard) RuleDebugString(i int) string
RuleDebugString returns a debug string for the ith policy rule, if it exists. TODO(kwalsh): build this into the auth library.
func (TrivialGuard) Save ¶
func (t TrivialGuard) Save(key *Signer) error
Save writes all persistent policy data to disk, signed by key.
func (TrivialGuard) String ¶
func (t TrivialGuard) String() string
String returns a string suitable for showing users authorization info.
func (TrivialGuard) Subprincipal ¶
func (t TrivialGuard) Subprincipal() auth.SubPrin
Subprincipal returns subprincipal TrivialGuard(<policy>).
type Verifier ¶
type Verifier struct { Header *CryptoHeader PubKey crypto.PublicKey }
A Verifier is used to verify signatures.
func UnmarshalKey ¶
UnmarshalKey deserializes a Verifier.
func VerifierFromCryptoKey ¶
func VerifierFromX509 ¶
func VerifierFromX509(cert *x509.Certificate) (*Verifier, error)
VerifierFromX509 creates a Verifier from an X509 certificate.
func (*Verifier) CanonicalKeyBytesFromVerifier ¶
func (*Verifier) GetVerifierPublicKey ¶
func (*Verifier) KeyEqual ¶
func (v *Verifier) KeyEqual(cert *x509.Certificate) bool
Equals checks to see if the public key in the X.509 certificate matches the public key in the verifier.
func (*Verifier) MarshalKey ¶
MarshalKey serializes a Verifier.
func (*Verifier) SignsForPrincipal ¶
SignsForPrincipal returns true when prin is (or is a subprincipal of) this verifier key.
func (*Verifier) ToPrincipal ¶
ToPrincipal produces a "key" type Prin for this verifier. This contains a hash of a serialized CryptoKey for this key.
func (*Verifier) UniversalKeyNameFromVerifier ¶
type VmConfig ¶
type VmConfig struct { Name string KernelPath string InitRamPath string DiskPath string Memory int // The socket on the host that will be connected to virtio-serial on the guest. // This is used for stacked CP hosts on the VM to connect to the host CP. SocketPath string // The port on the host that will be forwarded to port 22 on the guest for SSH. Port string }
A VmConfig contains the details needed to start a new custom VM.
type X509Details ¶
type X509Details struct { CommonName *string `protobuf:"bytes,1,opt,name=common_name,json=commonName" json:"common_name,omitempty"` Country *string `protobuf:"bytes,2,opt,name=country" json:"country,omitempty"` State *string `protobuf:"bytes,3,opt,name=state" json:"state,omitempty"` Organization *string `protobuf:"bytes,4,opt,name=organization" json:"organization,omitempty"` OrganizationalUnit *string `protobuf:"bytes,5,opt,name=organizational_unit,json=organizationalUnit" json:"organizational_unit,omitempty"` SerialNumber *int32 `protobuf:"varint,6,opt,name=serial_number,json=serialNumber" json:"serial_number,omitempty"` XXX_unrecognized []byte `json:"-"` }
func (*X509Details) Descriptor ¶
func (*X509Details) Descriptor() ([]byte, []int)
func (*X509Details) GetCommonName ¶
func (m *X509Details) GetCommonName() string
func (*X509Details) GetCountry ¶
func (m *X509Details) GetCountry() string
func (*X509Details) GetOrganization ¶
func (m *X509Details) GetOrganization() string
func (*X509Details) GetOrganizationalUnit ¶
func (m *X509Details) GetOrganizationalUnit() string
func (*X509Details) GetSerialNumber ¶
func (m *X509Details) GetSerialNumber() int32
func (*X509Details) GetState ¶
func (m *X509Details) GetState() string
func (*X509Details) ProtoMessage ¶
func (*X509Details) ProtoMessage()
func (*X509Details) Reset ¶
func (m *X509Details) Reset()
func (*X509Details) String ¶
func (m *X509Details) String() string
Source Files ¶
- acl_guard.go
- acl_guard.pb.go
- attestation.go
- attestation.pb.go
- ca.go
- ca.pb.go
- cached_guard.go
- client.go
- config.go
- datalog_guard.go
- datalog_guard.pb.go
- domain.go
- domain.pb.go
- errors.go
- guard.go
- host.go
- hosted_program_factory.go
- key_decoding.go
- keys.go
- keys.pb.go
- kvm_coreos_factory.go
- kvm_custom_factory.go
- linux_docker_container_factory.go
- linux_host.go
- linux_host.pb.go
- linux_host_admin_rpc.go
- linux_host_admin_rpc.pb.go
- linux_host_admin_rpc_linux.go
- linux_host_tao_rpc.go
- linux_process_factory.go
- listener.go
- rollback.go
- rollback.pb.go
- root_host.go
- rpc.go
- rpc.pb.go
- soft_tao.go
- stacked_host.go
- tao.go
- tao_cipher_suite.go
- tao_key_management.go
- tpm2_tao.go
- tpm2_tao_app_helper.go
- tpm_tao.go
- tpm_tao.pb.go
Directories ¶
Path | Synopsis |
---|---|
Package auth supports Tao authorization and authentication, primarily by defining and implementing a logic for describing principals, their trust relationships, and their beliefs.
|
Package auth supports Tao authorization and authentication, primarily by defining and implementing a logic for describing principals, their trust relationships, and their beliefs. |