tao

package
v0.0.0-...-b5aa0b6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 30, 2017 License: Apache-2.0 Imports: 55 Imported by: 13

Documentation

Overview

Package tao is a generated protocol buffer package.

It is generated from these files: 

acl_guard.proto
attestation.proto
ca.proto
datalog_guard.proto
domain.proto
keys.proto
linux_host_admin_rpc.proto
linux_host.proto
rpc.proto
tpm_tao.proto

It has these top-level messages: 

ACLSet
SignedACLSet
Attestation
CARequest
CAResponse
DatalogRules
SignedDatalogRules
DomainDetails
X509Details
ACLGuardDetails
DatalogGuardDetails
TPMDetails
TPM2Details
DomainConfig
DomainTemplate
CryptoKey
CryptoKeyset
PBEData
ECDSA_SHA_VerifyingKeyV1
ECDSA_SHA_SigningKeyV1
AES_CTR_HMAC_SHA_CryptingKeyV1
HMAC_SHA_DerivingKeyV1
CryptoHeader
SignaturePDU
SignedData
EncryptedData
KeyDerivationPDU
LinuxHostAdminRPCRequest
LinuxHostAdminRPCHostedProgram
LinuxHostAdminRPCResponse
LinuxHostSealedBundle
LinuxHostConfig
RPCRequest
RPCResponse
HybridSealedData

Package tao is a generated protocol buffer package.

It is generated from these files: 

attestation.proto

It has these top-level messages: 

Attestation

Package tao is a generated protocol buffer package.

It is generated from these files: 

domain.proto

It has these top-level messages: 

DomainDetails
X509Details
ACLGuardDetails
DatalogGuardDetails
TPMDetails
TPM2Details
DomainConfig
DomainTemplate

Package tao is a generated protocol buffer package.

It is generated from these files: 

keys.proto

It has these top-level messages: 

CryptoHeader
CryptoKey
CryptoKeyset
PBEData
ContextualizedData
SignaturePDU
SignedData
EncryptionIntegrityPDU
EncryptedData
KeyDerivationPDU

Package tao is a generated protocol buffer package.

It is generated from these files: 

proto/rollback.proto

It has these top-level messages: 

RollbackEntry
RollbackCounterTable
RollbackSealedData

Package tao is a generated protocol buffer package.

It is generated from these files: 

rpc.proto

It has these top-level messages: 

RPCRequest
RPCResponse

Index

Constants

View Source 
const (
	HostTypeEnvVar        = "CLOUDPROXY_TAO_HOST_TYPE"
	HostSpecEnvVar        = "CLOUDPROXY_TAO_HOST_SPEC"
	HostChannelTypeEnvVar = "CLOUDPROXY_TAO_HOST_CHANNEL_TYPE"
	HostedTypeEnvVar      = "CLOUDPROXY_TAO_HOSTED_TYPE"

	TaoTPMPCRsEnvVar   = "CLOUDPROXY_TAO_TPM_PCRS"
	TaoTPMAIKEnvVar    = "CLOUDPROXY_TAO_TPM_AIK"
	TaoTPMDeviceEnvVar = "CLOUDPROXY_TAO_TPM_DEVICE"

	SharedSecretPolicyDefault      = "self"
	SharedSecretPolicyConservative = "few"
	SharedSecretPolicyLiberal      = "any"

	SealPolicyDefault      = "self"
	SealPolicyConservative = "few"
	SealPolicyLiberal      = "any"

	AttestationSigningContext = "Tao Attestation Signing Context V1"
)

Constants used by the Tao implementations for policy, signing contexts, and environment variables.

View Source 
const (
	Basic128BitCipherSuite = "sign:ecdsap256,crypt:aes128-ctr-hmacsha256,derive:hdkf-sha256"
	Basic192BitCipherSuite = "sign:ecdsap384,crypt:aes256-ctr-hmacsha384,derive:hdkf-sha256"
	Basic256BitCipherSuite = "sign:ecdsap521,crypt:aes256-ctr-hmacsha512,derive:hdkf-sha256"
)

Crypto Suite 

Each Library is associated with exactly one cipher suite that describes
seal/unseal, hmac, public key and key derivation algorithms.  The original
default was AES-128-CTR-ECC-P256-SHA-256-HMAC-SHA-256.

Supported crypto suites 

Basic256BitCipherSuite is the USG "Top Secret" suite.  See
https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm.
View Source 
const (
	X509VerifierPath    = "cert"
	PBEKeysetPath       = "keys"
	PBESignerPath       = "signer"
	SealedKeysetPath    = "sealed_keyset"
	PlaintextKeysetPath = "plaintext_keyset"
)

The paths to the filename used by the Keys type.

View Source 
const ACLGuardSigningContext = "tao.ACLGuard Version 1"

ACLGuardSigningContext is the context used for ACL-file signatures.

View Source 
const (
	DatalogRulesSigningContext = "Datalog Rules Signing Context V1"
)

Signing context for signatures on a set of Tao datalog rules.

Variables

View Source 
var CAType_name = map[int32]string{
	0: "ERROR",
	1: "ATTESTATION",
	2: "DATALOG_POLICY",
	3: "ACL_POLICY",
	4: "UNDEFINED",
}
View Source 
var CAType_value = map[string]int32{
	"ERROR":          0,
	"ATTESTATION":    1,
	"DATALOG_POLICY": 2,
	"ACL_POLICY":     3,
	"UNDEFINED":      4,
}
View Source 
var CryptoVersion_name = map[int32]string{
	1: "CRYPTO_VERSION_1",
	2: "CRYPTO_VERSION_2",
}
View Source 
var CryptoVersion_value = map[string]int32{
	"CRYPTO_VERSION_1": 1,
	"CRYPTO_VERSION_2": 2,
}
View Source 
var ErrMalformedResponse = errors.New("taorpc: malformed response")

An ErrMalformedResponse is returned as an error for an invalid response.

View Source 
var HostTaoTypeMap = map[string]HostTaoType{
	"none":    NoHost,
	"root":    Root,
	"stacked": Stacked,
}

HostTaoTypeMap maps strings to the type of a host Tao.

View Source 
var HostedProgramTypeMap = map[string]HostedProgramType{
	"none":       NoHostedPrograms,
	"process":    ProcessPipe,
	"docker":     DockerUnix,
	"kvm_coreos": KVMCoreOSFile,
	"kvm_custom": KVMCustom,
}

HostedProgramTypeMap maps strings to the type of a hosted program.

View Source 
var TaoCryptoSuite = Basic128BitCipherSuite

The following variable selects the cipher suite.

Functions

func AddEndorsements 

func AddEndorsements(guard Guard, a *Attestation, v *Verifier) error

AddEndorsements reads the SerializedEndorsements in an attestation and adds the ones that are predicates signed by a guard's policy key.

func CipherTypeFromSuiteName 

func CipherTypeFromSuiteName(suiteName string) *string

func CleanUpTPMTao 

func CleanUpTPMTao(tt *TPMTao)

CleanUpTPMTao runs the finalizer for TPMTao early then unsets it so it doesn't run later. Normal code will only create one instance of TPMTao, so the finalizer will work correctly. But this test code creates multiple such instances, so it needs to call the finalizer early.

func CloudConfigFromSSHKeys 

func CloudConfigFromSSHKeys(keysFile string) (string, error)

CloudConfigFromSSHKeys converts an ssh authorized-keys file into a format that can be used by CoreOS to authorize incoming SSH connections over the Plan9P-mounted filesystem it uses. This also adds the SSH key used by the factory to configure the virtual machine.

func CombinedKeySizeFromAlgorithmName 

func CombinedKeySizeFromAlgorithmName(keyType string) *int

func CrypterTypeFromSuiteName 

func CrypterTypeFromSuiteName(suiteName string) *string

func DecodeTwoBytes 

func DecodeTwoBytes(b []byte) ([]byte, []byte)

func DeriverTypeFromSuiteName 

func DeriverTypeFromSuiteName(suiteName string) *string

func DeserializeEcdsaPrivateComponents 

func DeserializeEcdsaPrivateComponents(keyBytes []byte) (*ecdsa.PrivateKey, error)

func DeserializeEcdsaPublicComponents 

func DeserializeEcdsaPublicComponents(keyBytes []byte) (crypto.PrivateKey, error)

func DeserializeRsaPrivateComponents 

func DeserializeRsaPrivateComponents(keyComponents [][]byte, rsaKey *rsa.PrivateKey) error

func DeserializeRsaPublicComponents 

func DeserializeRsaPublicComponents(rsaKey *rsa.PublicKey, keyComponents [][]byte) error

func Dial 

func Dial(network, addr string, guard Guard, v *Verifier, keys *Keys) (net.Conn, error)

Dial connects to a Tao TLS server, performs a TLS handshake, and verifies the Attestation value of the server, checking that the server is authorized to execute. If keys are provided (keys!=nil), then it sends an attestation of its identity to the peer.

func DialTLS 

func DialTLS(network, addr string) (net.Conn, error)

DialTLS creates a new X.509 certs from fresh keys and dials a given TLS address.

func DialTLSWithKeys 

func DialTLSWithKeys(network, addr string, keys *Keys) (net.Conn, error)

DialTLSWithKeys connects to a TLS server using an existing set of keys.

func DialWithNewX509 

func DialWithNewX509(network, addr string, guard Guard, v *Verifier) (net.Conn, error)

DialWithNewX509 connects to a Tao TLS server, performs a TLS handshake, and exchanges Attestation values with the server, checking that this is a Tao server that is authorized to Execute. It uses a Tao Guard to perform this check.

func EncodeTLSCert 

func EncodeTLSCert(keys *Keys) (*tls.Certificate, error)

EncodeTLSCert combines a signing key and a certificate in a single tls certificate suitable for a TLS config.

func EncodeTwoBytes 

func EncodeTwoBytes(b1 []byte, b2 []byte) []byte

func FinalizeTPM2Tao 

func FinalizeTPM2Tao(tt *TPM2Tao)

FinalizeTPM2Tao releases the resources for the TPM2Tao.

func FinalizeTPMTao 

func FinalizeTPMTao(tt *TPMTao)

FinalizeTPMTao releases the resources for the TPMTao.

func FormatCoreOSSubprin 

func FormatCoreOSSubprin(id uint, hash []byte) auth.SubPrin

FormatCoreOSSubprin produces a string that represents a subprincipal with the given ID and hash.

func FormatCustomVmSubprin 

func FormatCustomVmSubprin(id uint, kernelHash []byte, initramHash []byte) auth.SubPrin

FormatCustomVmSubprin produces a subprincipal with the given ID and hash.

func FormatDockerSubprin 

func FormatDockerSubprin(id uint, hash []byte) auth.SubPrin

FormatDockerSubprin produces a string that represents a subprincipal with the given ID and hash.

func FormatLinuxHostSubprin 

func FormatLinuxHostSubprin(id uint, hash []byte) auth.SubPrin

FormatLinuxHostSubprin produces a string that represents a subprincipal with the given ID and hash.

func FormatProcessSubprin 

func FormatProcessSubprin(id uint, hash []byte) auth.SubPrin

FormatProcessSubprin produces a string that represents a subprincipal with the given ID and hash.

func HandleCARequest 

func HandleCARequest(conn net.Conn, s *Signer, guard Guard)

HandleCARequest checks a request from a program and responds with a truncated delegation signed by the policy key.

func HandleEndorsement 

func HandleEndorsement(keySize int, keyName, endorsementCertFile, policyCertFile,
	policyKeyFile, policyKeyPassword, policyKeyDir string, policyKeyIsEcdsa bool) error

func HandlePolicyKey 

func HandlePolicyKey(keySize int, policyKeyFile, policyKeyPassword, policyCertFile string) error

func HandleQuote 

func HandleQuote(network, addr, pass, path string, details X509Details) error

TODO: probably receive a kill channel to kill this function..

func HashTypeFromSuiteName 

func HashTypeFromSuiteName(suiteName string) *string

func HmacKeySizeFromAlgorithmName 

func HmacKeySizeFromAlgorithmName(keyType string) *int

func HmacSizeFromAlgorithmName 

func HmacSizeFromAlgorithmName(keyType string) *int

func HmacTypeFromSuiteName 

func HmacTypeFromSuiteName(suiteName string) *string

func IdenticalDelegations 

func IdenticalDelegations(s, t auth.Form) bool

IdenticalDelegations checks to see if two Form values are Says and are identical delegations (i.e., the Message must be an auth.Speaksfor). This function is not in the auth package, since it's specific to a particular pattern.

func IsCrypter 

func IsCrypter(keyType string) bool

func IsDeriver 

func IsDeriver(keyType string) bool

func IsP256 

func IsP256(ecPk *ecdsa.PublicKey) bool

func IsP384 

func IsP384(ecPk *ecdsa.PublicKey) bool

func IsP521 

func IsP521(ecPk *ecdsa.PublicKey) bool

func IsSinger 

func IsSinger(keyType string) bool

func KeyComponentsFromCrypter 

func KeyComponentsFromCrypter(c *Crypter) ([][]byte, error)

func KeyComponentsFromDeriver 

func KeyComponentsFromDeriver(d *Deriver) ([][]byte, error)

func KeyComponentsFromSigner 

func KeyComponentsFromSigner(s *Signer) ([][]byte, error)

func KeyComponentsFromVerifier 

func KeyComponentsFromVerifier(v *Verifier) ([][]byte, error)

func Listen 

func Listen(network, laddr string, config *tls.Config, g Guard, v *Verifier, del *Attestation) (net.Listener, error)

Listen returns a new Tao-based net.Listener that uses the underlying crypto/tls net.Listener and a Guard to check whether or not connections are authorized.

func ListenAnonymous 

func ListenAnonymous(network, laddr string, config *tls.Config, g Guard, v *Verifier, del *Attestation) (net.Listener, error)

ListenAnonymous returns a new Tao-based net.Listener that does not require its peer to attest to its identity.

func ListenTLS 

func ListenTLS(network, addr string) (net.Listener, error)

ListenTLS creates a fresh certificate and listens for TLS connections using it.

func MakeTPM2Prin 

func MakeTPM2Prin(verifier *rsa.PublicKey, pcrNums []int, pcrVals [][]byte) (auth.Prin, error)

func MakeTPMPrin 

func MakeTPMPrin(verifier *rsa.PublicKey, pcrNums []int, pcrVals [][]byte) (auth.Prin, error)

func MakeUniversalKeyNameFromCanonicalBytes 

func MakeUniversalKeyNameFromCanonicalBytes(cn []byte) []byte

func MarshalCryptoKey 

func MarshalCryptoKey(ck CryptoKey) []byte

func MarshalKeys 

func MarshalKeys(k *Keys) ([]byte, error)

func MarshalKeyset 

func MarshalKeyset(cks *CryptoKeyset) ([]byte, error)

func MarshalSignerDER 

func MarshalSignerDER(s *Signer) ([]byte, error)

This code is duplicated in VerifierFromCanonicalBytes MarshalSignerDER serializes the signer to DER.

func NewAuthenticatedFileSocket 

func NewAuthenticatedFileSocket(sock *net.UnixListener) error

func NewX509Name 

func NewX509Name(p *X509Details) *pkix.Name

NewX509Name returns a new pkix.Name.

func PBEDecrypt 

func PBEDecrypt(ciphertext, password []byte) ([]byte, error)

PBEDecrypt decrypts ciphertext using a password to generate a key. Note that since this is for private program data, we don't try for compatibility with the C++ Tao version of the code.

func PBEEncrypt 

func PBEEncrypt(plaintext, password []byte) ([]byte, error)

PBEEncrypt encrypts plaintext using a password to generate a key. Note that since this is for private program data, we don't try for compatibility with the C++ Tao version of the code.

func PrepareX509Template 

func PrepareX509Template(pkAlg int, sigAlg int, sn int64, subjectName *pkix.Name) *x509.Certificate

PrepareX509Template fills out an X.509 template for use in x509.CreateCertificate.

func PrintACLGuardDetails 

func PrintACLGuardDetails(x *ACLGuardDetails)

func PrintCryptoKey 

func PrintCryptoKey(cryptoKey *CryptoKey)

func PrintCryptoKeyHeader 

func PrintCryptoKeyHeader(header CryptoHeader)

func PrintDatalogGuardDetails 

func PrintDatalogGuardDetails(x *DatalogGuardDetails)

func PrintDomain 

func PrintDomain(d *Domain)

func PrintDomainConfig 

func PrintDomainConfig(cf *DomainConfig)

func PrintDomainDetails 

func PrintDomainDetails(x *DomainDetails)

func PrintKeys 

func PrintKeys(keys *Keys)

func PrintPKIXName 

func PrintPKIXName(title string, name *pkix.Name)

func PrintSealedData 

func PrintSealedData(d *RollbackSealedData)

func PrintTPM2Details 

func PrintTPM2Details(x *TPM2Details)

func PrintTPMDetails 

func PrintTPMDetails(x *TPMDetails)

func PrintX509Details 

func PrintX509Details(x *X509Details)

func PrivateKeyFromCryptoKey 

func PrivateKeyFromCryptoKey(k CryptoKey) (crypto.PrivateKey, error)

func Protect 

func Protect(keys []byte, in []byte) ([]byte, error)

func PublicKeyAlgFromSignerAlg 

func PublicKeyAlgFromSignerAlg(signerAlg string) int

func PublicKeyFromCryptoKey 

func PublicKeyFromCryptoKey(k CryptoKey) (crypto.PublicKey, error)

func ReadPCRs 

func ReadPCRs(tpmfile *os.File, pcrNums []int) ([][]byte, error)

func ReadTPM2PCRs 

func ReadTPM2PCRs(rw io.ReadWriter, pcrNums []int) ([][]byte, error)

func Register 

func Register(name string, generator func(string) (Tao, error))

Register adds a Tao-creation function for a given host channel type.

func SaveKeyset 

func SaveKeyset(k *Keys, dir string) error

SaveKeyset serializes and saves a Keys object to disk in plaintext.

func SerializeEcdsaPrivateComponents 

func SerializeEcdsaPrivateComponents(ecKey *ecdsa.PrivateKey) ([]byte, error)

func SerializeEcdsaPublicComponents 

func SerializeEcdsaPublicComponents(ecKey *ecdsa.PublicKey) ([]byte, error)

func SerializeRsaPrivateComponents 

func SerializeRsaPrivateComponents(rsaKey *rsa.PrivateKey) ([][]byte, error)

func SerializeRsaPublicComponents 

func SerializeRsaPublicComponents(rsaKey *rsa.PublicKey) ([][]byte, error)

func SignatureAlgFromSignerAlg 

func SignatureAlgFromSignerAlg(signerAlg string) int

func SignerTypeFromSuiteName 

func SignerTypeFromSuiteName(suiteName string) *string

func SymmetricBlockSizeFromAlgorithmName 

func SymmetricBlockSizeFromAlgorithmName(keyType string) *int

func SymmetricKeySizeFromAlgorithmName 

func SymmetricKeySizeFromAlgorithmName(keyType string) *int

func Tpm2ClientDecodeServerResponse 

func Tpm2ClientDecodeServerResponse(rw io.ReadWriter,
	protectorHandle tpm2.Handle,
	quoteHandle tpm2.Handle, password string,
	response tpm2.ProgramCertResponseMessage) ([]byte, error)

Output is der encoded Program Cert

func Tpm2ConstructClientRequest 

func Tpm2ConstructClientRequest(rw io.ReadWriter, derEkCert []byte, pcrs []int,
	qh tpm2.Handle, parentPassword string, ownerPassword string,
	keyName string) (*tpm2.ProgramCertRequestMessage, error)

Input: Der encoded endorsement cert and handles quote key is certified key unlike in the tpm2.go library Returns ProgramCertRequestMessage

func TruncateAttestation 

func TruncateAttestation(kprin auth.Prin, a *Attestation) (auth.Says, auth.PrinExt, error)

TruncateAttestation cuts off a delegation chain at its "Program" subprincipal extension and replaces its prefix with the given key principal. It also returns the PrinExt that represents exactly the program hash.

func UnmarshalKeyset 

func UnmarshalKeyset(buf []byte, cks *CryptoKeyset) error

func Unprotect 

func Unprotect(keys []byte, in []byte) ([]byte, error)

func ValidatePeerAttestation 

func ValidatePeerAttestation(a *Attestation, cert *x509.Certificate, guard Guard) error

ValidatePeerAttestation checks a Attestation for a given Listener against an X.509 certificate from a TLS channel.

func VerifierTypeFromSuiteName 

func VerifierTypeFromSuiteName(suiteName string) *string

func WriteRollbackTable 

func WriteRollbackTable(rollBackTable *RollbackCounterTable, fileName string, tableKey []byte) bool

Write the counter table.

func ZeroBytes 

func ZeroBytes(b []byte)

ZeroBytes clears the bytes in a slice.

Types

type ACLGuard 

type ACLGuard struct {
	Config ACLGuardDetails
	ACL    []string
	Key    *Verifier
}

An ACLGuard is an implementation of tao.Guard that uses an ACL to make authorization decisions. All rules are immediately converted to strings when they are added, and they are never converted back to auth.ast form. Any policy that requires more than string comparison should use DatalogGuard.

func (*ACLGuard) AddRule 

func (a *ACLGuard) AddRule(rule string) error

AddRule adds a policy rule. Subclasses should support at least rules of the form: Authorized(P, op, args...). This is equivalent to calling Authorize(P, op, args...) with each of the arguments converted to either a string or integer.

func (*ACLGuard) Authorize 

func (a *ACLGuard) Authorize(name auth.Prin, op string, args []string) error

Authorize adds an authorization for a principal to perform an operation.

func (*ACLGuard) Clear 

func (a *ACLGuard) Clear() error

Clear removes all rules.

func (*ACLGuard) GetRule 

func (a *ACLGuard) GetRule(i int) string

GetRule returns the ith policy rule, if it exists.

func (*ACLGuard) GetSignedACLSet 

func (a *ACLGuard) GetSignedACLSet(signer *Signer) (*SignedACLSet, error)

GetSignedACLSet serializes and signs the ACL set and returns a SignedACLSet pointer.

func (*ACLGuard) IsAuthorized 

func (a *ACLGuard) IsAuthorized(name auth.Prin, op string, args []string) bool

IsAuthorized checks whether a principal is authorized to perform an operation.

func (*ACLGuard) Query 

func (a *ACLGuard) Query(query string) (bool, error)

Query the policy. Implementations of this interface should support at least queries of the form: Authorized(P, op, args...).

func (*ACLGuard) Retract 

func (a *ACLGuard) Retract(name auth.Prin, op string, args []string) error

Retract removes an authorization for a principal to perform an operation, essentially reversing the effect of an Authorize() call with identical name, op, and args. Note: this reverses the effect of an Authorize() call with identical parameters of the equivalent AddRule() call. However, particularly when expressive policies are supported (e.g., an "authorize all" rule), other rules may still be in place authorizing the principal to perform the operation.

func (*ACLGuard) RetractRule 

func (a *ACLGuard) RetractRule(rule string) error

RetractRule removes a rule previously added via AddRule() or the equivalent Authorize() call.

func (*ACLGuard) RuleCount 

func (a *ACLGuard) RuleCount() int

RuleCount returns a count of the total number of rules.

func (*ACLGuard) RuleDebugString 

func (a *ACLGuard) RuleDebugString(i int) string

RuleDebugString returns a debug string for the ith policy rule, if it exists.

func (*ACLGuard) Save 

func (a *ACLGuard) Save(signer *Signer) error

Save writes all persistent policy data to disk, signed by key.

func (*ACLGuard) String 

func (a *ACLGuard) String() string

String returns a string suitable for showing users authorization info.

func (*ACLGuard) Subprincipal 

func (a *ACLGuard) Subprincipal() auth.SubPrin

Subprincipal returns a unique subprincipal for this policy.

type ACLGuardDetails 

type ACLGuardDetails struct {
	SignedAclsPath   *string `protobuf:"bytes,1,opt,name=signed_acls_path,json=signedAclsPath" json:"signed_acls_path,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*ACLGuardDetails) Descriptor 

func (*ACLGuardDetails) Descriptor() ([]byte, []int)

func (*ACLGuardDetails) GetSignedAclsPath 

func (m *ACLGuardDetails) GetSignedAclsPath() string

func (*ACLGuardDetails) ProtoMessage 

func (*ACLGuardDetails) ProtoMessage()

func (*ACLGuardDetails) Reset 

func (m *ACLGuardDetails) Reset()

func (*ACLGuardDetails) String 

func (m *ACLGuardDetails) String() string

type ACLSet 

type ACLSet struct {
	Entries          []string `protobuf:"bytes,1,rep,name=entries" json:"entries,omitempty"`
	XXX_unrecognized []byte   `json:"-"`
}

A set of ACL entries.

func RequestACLSet 

func RequestACLSet(network, addr string, v *Verifier) (*ACLSet, error)

RequestACLSet requests the policy from a TaoCA running an ACLGuard. Verify the signature with the public policy key `v`.

func (*ACLSet) Descriptor 

func (*ACLSet) Descriptor() ([]byte, []int)

func (*ACLSet) GetEntries 

func (m *ACLSet) GetEntries() []string

func (*ACLSet) ProtoMessage 

func (*ACLSet) ProtoMessage()

func (*ACLSet) Reset 

func (m *ACLSet) Reset()

func (*ACLSet) String 

func (m *ACLSet) String() string

type Attestation 

type Attestation struct {
	// A serialized statement. This is serialized to avoid canonicalization issues
	// when signing and verifying signatures. In Go, this is obtained using
	// cloudproxy/tao/auth.Marshal().
	SerializedStatement []byte `protobuf:"bytes,1,req,name=serialized_statement,json=serializedStatement" json:"serialized_statement,omitempty"`
	// The signature type, either "tpm", "tpm2", or "key". This must match
	// the type of the signer key, and it is also used to determine how to verify
	// signatures.
	SignerType *string `protobuf:"bytes,2,req,name=signer_type,json=signerType" json:"signer_type,omitempty"`
	// The signer's public key, i.e. the un-hashed key material used within
	// cloudproxy/tao/auth.New*Prin().
	SignerKey []byte `protobuf:"bytes,3,req,name=signer_key,json=signerKey" json:"signer_key,omitempty"`
	// Signature over the serialized statement using TPM or Tao signing.
	Signature []byte `protobuf:"bytes,4,req,name=signature" json:"signature,omitempty"`
	// A delegation attestation that conveys (eventually) that signer speaks for
	// the issuer in the serialized statement. If this is empty, then it must be
	// self evident that signer speaks for the issuer in the serialized statement.
	// This can be added, removed, or replaced without changing the attestation
	// signature, but verification may fail if a required delegation is missing.
	SerializedDelegation []byte `protobuf:"bytes,5,opt,name=serialized_delegation,json=serializedDelegation" json:"serialized_delegation,omitempty"`
	// An optional set of further attestations that may pertain, in some way, to
	// the the issuer or signer of this attestation. These can be added or removed
	// without changing the attestation signature. This allows attestations to be
	// piggy-backed, e.g. when an authorization guard requires multiple
	// attestations to check a policy.
	SerializedEndorsements [][]byte `protobuf:"bytes,6,rep,name=serialized_endorsements,json=serializedEndorsements" json:"serialized_endorsements,omitempty"`
	// This is the quote structure actually signed by the tpm 2.0.
	// TODO(kwalsh) remove this -- as for tpm1.2, the quote structure should be
	// recoverable from the principal names in the serialized statement.
	Tpm2QuoteStructure []byte `protobuf:"bytes,7,opt,name=tpm2_quote_structure,json=tpm2QuoteStructure" json:"tpm2_quote_structure,omitempty"`
	// This is a DER encoded X509 certificate certifying the key signing the
	// attestation. This is included in attestations signed by a root Tao
	// i.e. a TPM (1.2 or 2.0) Tao or a soft Tao, and forms the root of the
	// attestation chain. This certificate is signed by the policy key.
	RootEndorsement  []byte `protobuf:"bytes,8,opt,name=root_endorsement,json=rootEndorsement" json:"root_endorsement,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

An Attestation is a key, a signature, and a statement, and it conveys: 

signer says statement

i.e. 

signer says (issuer from time until exp says message)

A valid Attestation encodes a public key, and it carries a signature that anyone can verify to (eventually) conclude: 

issuer from time' until exp' says message

Note: Because of time restrictions within attached delegations, restrictions time' and exp' here do not necessarily exactly match the restrictions time and exp on the original serialized statement. If the modified time restriction is met, then we can derive the same conclusion as we would for the included statement, e.g.: 

delegate speaksfor issuer               (for a delegation statement)

or: 

issuer says Pred(arg_1, ..., arg_n)     (for a predicate statement)

That is to say, a valid Attestation that meets its time restriction conveys exactly the same meaning as conveyed by the included statement.

There are two categories of valid Attestations:

(1) In cases where issuer is a subprincipal of (or identical to) signer, no delegation will be present. In these cases, signer speaksfor issuer, so from the attestation: 

signer says (issuer says ...)

we can derive: 

issuer says (issuer says ...)

and further: 

issuer says ...

Example of a category (1) attestation: 

Attestation = {
  statement = "H_aik.PCRs(...) says (H_os speaksfor H_aik.PCRs(...))"
  signer = K_aik
  signature = ...
  delegation = nil
}

Here, an OS has published a delegation statement establishing that key K_os speaks for the OS, and this statement was signed by the TPM K_aik on behalf of the OS. Note that the OS is a subprincipal of the TPM, so the TPM speaks for the OS.

(2) In all other cases, a delegation will be present that, if valid, conveys: 

issuer0 from time0 until exp0 says (delegate speaksfor issuer0)

where issuer is a subprincipal of (or identical to) issuer0 and delegate is a subprincipal of (or identical to) signer. Such a valid delegation can be combined with: 

signer says (issuer from time until exp says ...)

to derive: 

issuer0 from time0 until exp0 says (issuer from time until exp says ...)

And because issuer0 speaks for issuer, we can further derive: 

issuer from time' until exp' says ...

where time' = max(time, time0) and exp = min(exp, exp0).

Example of a category (2) attestation: 

Attestation = {
  statement = "H_aik.PCRs(...).Prog(...) says H_app speaksfor H_aik.PCRs(...).Prog(...)"
  signer = K_os
  signature = ...
  delegation = {
    statement = H_aik.PCRs(...) says H_os speaksfor H_aik.PCRs(...)
    signer = K_aik
    signature = ...
    delegation = nil
  }
}

Here, the OS identified by H_aik.PCRs(...) has signed, using a seemingly unrelated key K_os, a statement on behalf of one of its hosted programs, H_aik.PCRs(...).Prog(...). The embedded delegation statement, signed by K_aik, binds that seemingly unrelated key K_os to the OS's actual identity, H_aik.PCRs(...).

Verifying an attestation signature requires knowing how the signature was produced. We currently define two signature schemes:

TODO(kwalsh): add tpm2 signature scheme here and in attestation.go

(a) Some signatures are produced by the TPM, so here we are bound by the mechanisms implemented by the TPM. In this case, we encode the signer name as 

tpm("..H..") where "..H.." is the hashed, serialized public half

of the TPM's RSA key K. The TPM only ever signs things on behalf of its hosted programs, so the issuer used in the serialized statement will always have the form: 

tpm("..H..").PCRs("..i..", "..h..")...

where "..i.." is a sorted, comma-separated list of PCR numbers, and "..h.." is the corresponding, comma-separated list of hex-encoded PCR values. The signature is computed roughly as: 

sig = rsa_sign(K, H( H(message) | pcrbuf(i, h) ))

Here, we first hash the statement in a tpm-specific way, then sign the hash with RSA key K. To obtain the statement hash, first hash the serialized statement, including issuer, time, expiration and other information. This intermediate hash is then re-hashed with a tpm-specific encoding of the PCR numbers ("..i..") and values ("..h..") extracted from issuer.

Note: The PCR values are effectively hashed twice, once as part of statement, and separately as part of the pcrbuf datastructure. See optimization note below.

(b) Other signatures are produced in software, and here we have flexibility to use simpler signature schemes. In this case, we encode the signer name as 

key("..H..") where "..H.." is the hashed, serialized public half

of a DSA key K. The issuer used in the serialized statement can have any form. The signature is roughly: 

sig = dsa_sign(K, H(context|message))

Here, we simply hash the serialized statement, along with some context, then sign it with the private DSA key K. The context used for attestations is defined in Tao.AttestationSigningContext.

Together, this results in four possible combinations:

(1a) No delegation, Tao signature. 

Historical note: This is the old "ROOT" attestation type.
Typically exaample: signer is the "domain policy" key.
The signer is always key("..H..").

(1b) No delegation, TPM signature. 

This is produced by tpm_tao.
The signer is always tpm("..H..") and the statement issuer is
always a tpm("..H..").PCRs("..i..", "..h..")... principal.

(2a) Delegation, Tao signature. 

Historical note: This is the old "INTERMEDIATE" attestation type.
The signer is always key("..H..").
The delegation is the head of a chain that eventually terminates in a
type (1a) or (1b) attestation.

(2b) Delegation, TPM signature. 

Historical note: This is the old "TPM_1_2_QUOTE" attestation type.
This combination is no longer used. If it were, the signer would be
tpm("..H..") and the statement issuer would be something like
H_policy.TrustedPlatform. The delegation would be the head of a chain
that eventually terminates in a type (1a) or (1b) attestation. The
issuer at the head of the chain would always be a
tpm("..H..").PCRs("..i..", "..h..") principal.

func GenerateAttestation 

func GenerateAttestation(s *Signer, delegation []byte, stmt auth.Says) (*Attestation, error)

GenerateAttestation uses the signing key to generate an attestation for this statement.

func RequestAttestation 

func RequestAttestation(network, addr string, keys *Keys, v *Verifier) (*Attestation, error)

RequestAttestation connects to a CA and gets an attestation back from it. This might be a truncated attestation (in which case, the right next step is to verify the truncated attesation, as in RequestTruncatedAttestation), or it might be some other kind of attestation (like a KeyNegoServer attestation, which provides a policy-key-signed X.509 certificate for the auth name of this program).

func RequestTruncatedAttestation 

func RequestTruncatedAttestation(network, addr string, keys *Keys, v *Verifier) (*Attestation, error)

RequestTruncatedAttestation connects to a CA instance, sends the attestation for an X.509 certificate, and gets back a truncated attestation with a new principal name based on the policy key.

func (*Attestation) Descriptor 

func (*Attestation) Descriptor() ([]byte, []int)

func (*Attestation) GetRootEndorsement 

func (m *Attestation) GetRootEndorsement() []byte

func (*Attestation) GetSerializedDelegation 

func (m *Attestation) GetSerializedDelegation() []byte

func (*Attestation) GetSerializedEndorsements 

func (m *Attestation) GetSerializedEndorsements() [][]byte

func (*Attestation) GetSerializedStatement 

func (m *Attestation) GetSerializedStatement() []byte

func (*Attestation) GetSignature 

func (m *Attestation) GetSignature() []byte

func (*Attestation) GetSignerKey 

func (m *Attestation) GetSignerKey() []byte

func (*Attestation) GetSignerType 

func (m *Attestation) GetSignerType() string

func (*Attestation) GetTpm2QuoteStructure 

func (m *Attestation) GetTpm2QuoteStructure() []byte

func (*Attestation) ProtoMessage 

func (*Attestation) ProtoMessage()

func (*Attestation) Reset 

func (m *Attestation) Reset()

func (*Attestation) String 

func (m *Attestation) String() string

func (*Attestation) ValidSigner 

func (a *Attestation) ValidSigner() (auth.Prin, error)

ValidSigner checks the signature on an attestation and, if so, returns the principal name for the signer.

func (*Attestation) Validate 

func (a *Attestation) Validate() (auth.Says, error)

Validate checks whether an attestation is valid and, if so, it returns the statement conveyed by the attestation.

type CARequest 

type CARequest struct {
	Type             *CAType      `protobuf:"varint,1,req,name=type,enum=tao.CAType" json:"type,omitempty"`
	Attestation      *Attestation `protobuf:"bytes,2,opt,name=attestation" json:"attestation,omitempty"`
	XXX_unrecognized []byte       `json:"-"`
}

func (*CARequest) Descriptor 

func (*CARequest) Descriptor() ([]byte, []int)

func (*CARequest) GetAttestation 

func (m *CARequest) GetAttestation() *Attestation

func (*CARequest) GetType 

func (m *CARequest) GetType() CAType

func (*CARequest) ProtoMessage 

func (*CARequest) ProtoMessage()

func (*CARequest) Reset 

func (m *CARequest) Reset()

func (*CARequest) String 

func (m *CARequest) String() string

type CAResponse 

type CAResponse struct {
	Type               *CAType             `protobuf:"varint,1,req,name=type,enum=tao.CAType" json:"type,omitempty"`
	Attestation        *Attestation        `protobuf:"bytes,2,opt,name=attestation" json:"attestation,omitempty"`
	SignedDatalogRules *SignedDatalogRules `protobuf:"bytes,3,opt,name=signed_datalog_rules" json:"signed_datalog_rules,omitempty"`
	SignedAclSet       *SignedACLSet       `protobuf:"bytes,4,opt,name=signed_acl_set" json:"signed_acl_set,omitempty"`
	XXX_unrecognized   []byte              `json:"-"`
}

func (*CAResponse) Descriptor 

func (*CAResponse) Descriptor() ([]byte, []int)

func (*CAResponse) GetAttestation 

func (m *CAResponse) GetAttestation() *Attestation

func (*CAResponse) GetSignedAclSet 

func (m *CAResponse) GetSignedAclSet() *SignedACLSet

func (*CAResponse) GetSignedDatalogRules 

func (m *CAResponse) GetSignedDatalogRules() *SignedDatalogRules

func (*CAResponse) GetType 

func (m *CAResponse) GetType() CAType

func (*CAResponse) ProtoMessage 

func (*CAResponse) ProtoMessage()

func (*CAResponse) Reset 

func (m *CAResponse) Reset()

func (*CAResponse) String 

func (m *CAResponse) String() string

type CAType 

type CAType int32
const (
	CAType_ERROR          CAType = 0
	CAType_ATTESTATION    CAType = 1
	CAType_DATALOG_POLICY CAType = 2
	CAType_ACL_POLICY     CAType = 3
	CAType_UNDEFINED      CAType = 4
)

func (CAType) Enum 

func (x CAType) Enum() *CAType

func (CAType) EnumDescriptor 

func (CAType) EnumDescriptor() ([]byte, []int)

func (CAType) String 

func (x CAType) String() string

func (*CAType) UnmarshalJSON 

func (x *CAType) UnmarshalJSON(data []byte) error

type CachedGuard 

type CachedGuard struct {
	// contains filtered or unexported fields
}

CachedGuard implements the Guard interface on behalf of a remote guard. When the interface is queried, the cached guard checks if it has an up-to-date version of the policy. If it doesn't, it creates a connection to a TaoCA, requests the policy rules, and instantiates a new guard.

func NewCachedGuard 

func NewCachedGuard(vfy *Verifier, t CachedGuardType, network, addr string, ttl int64) *CachedGuard

NewCachedGuard returns a new CachedGuard.

func (*CachedGuard) AddRule 

func (cg *CachedGuard) AddRule(rule string) error

AddRule is not allowed for cached guards.

func (*CachedGuard) Authorize 

func (cg *CachedGuard) Authorize(name auth.Prin, op string, args []string) error

Authorize is not allowed for cached guards, since it doesn't have the private policy key.

func (*CachedGuard) Clear 

func (cg *CachedGuard) Clear() error

Clear deletes the guard. This will cause a Reload() the next time the guard is queried.

func (*CachedGuard) GetRule 

func (cg *CachedGuard) GetRule(i int) string

GetRule returns a string representation of the i-th rule in the policy.

func (*CachedGuard) IsAuthorized 

func (cg *CachedGuard) IsAuthorized(name auth.Prin, op string, args []string) bool

IsAuthorized checks if the principal `name` is authorized to perform `op` on `args`.

func (*CachedGuard) IsExpired 

func (cg *CachedGuard) IsExpired() bool

IsExpired checks if the cached policy is out of date.

func (*CachedGuard) Query 

func (cg *CachedGuard) Query(query string) (bool, error)

Query the policy.

func (*CachedGuard) Reload 

func (cg *CachedGuard) Reload() error

Reload requests the policy from the remote TaoCA and instantiates a new guard.

func (*CachedGuard) Retract 

func (cg *CachedGuard) Retract(name auth.Prin, op string, args []string) error

Retract is not allowed for cached guards.

func (*CachedGuard) RetractRule 

func (cg *CachedGuard) RetractRule(rule string) error

RetractRule is not allowed for cached guards.

func (*CachedGuard) RuleCount 

func (cg *CachedGuard) RuleCount() int

RuleCount returns the number of rules in the policy.

func (*CachedGuard) RuleDebugString 

func (cg *CachedGuard) RuleDebugString(i int) string

RuleDebugString returns a verbose string representation of the i-th rule in the policy useful for debugging.

func (*CachedGuard) Save 

func (cg *CachedGuard) Save(key *Signer) error

Save stores the cached policy to disk.

func (*CachedGuard) String 

func (cg *CachedGuard) String() string

String returns a string representation of the guard.

func (*CachedGuard) Subprincipal 

func (cg *CachedGuard) Subprincipal() auth.SubPrin

Subprincipal returns a Subprin for the guard.

type CachedGuardType 

type CachedGuardType int

CachedGuardType specifies the type of guard being cached. 

const (
	Datalog CachedGuardType = 1 << iota
	ACLs
)

There should be a type for all non-trivial gaurds.

type Config 

type Config struct {
	HostType        HostTaoType
	HostChannelType string
	HostSpec        string
	HostedType      HostedProgramType

	// Variables for the TPM configuration
	TPMAIKPath     string
	TPMAIKCertPath string
	TPMPCRs        string
	TPMDevice      string

	TPM2InfoDir   string
	TPM2PCRs      string
	TPM2Device    string
	TPM2EkCert    string
	TPM2QuoteCert string
	TPM2SealCert  string
}

A Config stores the information about the Tao, its Host Tao, and the way it creates Hosted Programs.

func NewConfigFromEnv 

func NewConfigFromEnv() Config

NewConfigFromEnv creates a Config using values drawn from environment variables.

func NewConfigFromString 

func NewConfigFromString(htt, htct, f, hpt, tpmaik, tpmpcrs, tpmdev string) Config

NewConfigFromString creates a new Config using strings representing the options.

func (Config) IsValid 

func (tc Config) IsValid() bool

IsValid checks a Config for validity.

func (*Config) Merge 

func (tc *Config) Merge(c Config)

Merge combines two Config values into one. The parameter value take precendence over the existing values unless an incoming value is NoHost, NoChannel, or NoHostedPrograms. This is used to merge a config taken from the environment with a config specified explicitly on the command line. The latter takes precedence where it is explicitly given.

type ContextualizedData 

type ContextualizedData struct {
	Context          *string `protobuf:"bytes,1,req,name=context" json:"context,omitempty"`
	Data             []byte  `protobuf:"bytes,2,req,name=data" json:"data,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

Contextualized protobuf. SECURITY WARNING: Always choose a unique context for each unique type of message. One easy way to do this is to number the messages in a protocol and make the context "ProtocolName Message Y: ProtobufName Version X" Marshaled representation of this is the data that is signed.

func (*ContextualizedData) Descriptor 

func (*ContextualizedData) Descriptor() ([]byte, []int)

func (*ContextualizedData) GetContext 

func (m *ContextualizedData) GetContext() string

func (*ContextualizedData) GetData 

func (m *ContextualizedData) GetData() []byte

func (*ContextualizedData) ProtoMessage 

func (*ContextualizedData) ProtoMessage()

func (*ContextualizedData) Reset 

func (m *ContextualizedData) Reset()

func (*ContextualizedData) String 

func (m *ContextualizedData) String() string

type CoreOSConfig 

type CoreOSConfig struct {
	Name       string
	ImageFile  string
	Memory     int
	RulesPath  string
	SSHKeysCfg string
	SocketPath string
}

A CoreOSConfig contains the details needed to start a new CoreOS VM.

type Crypter 

type Crypter struct {
	Header *CryptoHeader

	EncryptingKeyBytes []byte
	HmacKeyBytes       []byte
}

A Crypter is used to encrypt and decrypt data.

func CrypterFromCryptoKey 

func CrypterFromCryptoKey(k CryptoKey) *Crypter

func GenerateAnonymousCrypter 

func GenerateAnonymousCrypter() *Crypter

func InitializeCrypter 

func InitializeCrypter(marshaledCryptoKey []byte, keyType string, keyName *string, keyEpoch *int32, keyPurpose *string, keyStatus *string) (*Crypter, error)

Generate or restore a crypter. InitializeCrypter uses marshaledCryptoKey to restore a signer from a serialized CryptoKey if it's not nil; otherwise it generates one. If generated, the remainder of the arguments are used as parameters; otherwise they are ignored.

func (*Crypter) Clear 

func (c *Crypter) Clear()

func (*Crypter) Decrypt 

func (c *Crypter) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt checks the MAC then decrypts ciphertext into plaintext.

func (*Crypter) Encrypt 

func (c *Crypter) Encrypt(plain []byte) ([]byte, error)

Encrypt encrypts plaintext into ciphertext with integrity with a MAC.

type CryptoHeader 

type CryptoHeader struct {
	Version          *CryptoVersion `protobuf:"varint,1,req,name=version,enum=tao.CryptoVersion" json:"version,omitempty"`
	KeyName          *string        `protobuf:"bytes,2,opt,name=key_name,json=keyName" json:"key_name,omitempty"`
	KeyEpoch         *int32         `protobuf:"varint,3,opt,name=key_epoch,json=keyEpoch" json:"key_epoch,omitempty"`
	KeyType          *string        `protobuf:"bytes,4,opt,name=key_type,json=keyType" json:"key_type,omitempty"`
	KeyPurpose       *string        `protobuf:"bytes,5,opt,name=key_purpose,json=keyPurpose" json:"key_purpose,omitempty"`
	KeyStatus        *string        `protobuf:"bytes,6,opt,name=key_status,json=keyStatus" json:"key_status,omitempty"`
	XXX_unrecognized []byte         `json:"-"`
}

CryptoHeader has been changed to include: key_name, key_epoch, key_type, key_purpose, key_status (all strings). key_epoch is monotonically increasing integer key_status: "primary," "pre-primary", "post-primary," "inactive," "revoked" key_types: 

"aes-128-raw", "aes-256-raw",
"aes128-ctr", "aes256-ctr",
"aes128-ctr-hmacsha256", "aes256-ctr-hmacsha256",
"hmacsha256", "hmacsha384", "hmacsha512",
"rsa1024", "rsa2048", "rsa3072"
"ecdsap256", "ecdsap384", "ecdsap384",
"rsa1024-public", "rsa2048-public", "rsa3072-public"
"ecdsap256-public", "ecdsap384-public"
"hdkf-sha256"

key_purpose: "verifying", "signing", "crypting", "deriving", "sealing"

func (*CryptoHeader) Descriptor 

func (*CryptoHeader) Descriptor() ([]byte, []int)

func (*CryptoHeader) GetKeyEpoch 

func (m *CryptoHeader) GetKeyEpoch() int32

func (*CryptoHeader) GetKeyName 

func (m *CryptoHeader) GetKeyName() string

func (*CryptoHeader) GetKeyPurpose 

func (m *CryptoHeader) GetKeyPurpose() string

func (*CryptoHeader) GetKeyStatus 

func (m *CryptoHeader) GetKeyStatus() string

func (*CryptoHeader) GetKeyType 

func (m *CryptoHeader) GetKeyType() string

func (*CryptoHeader) GetVersion 

func (m *CryptoHeader) GetVersion() CryptoVersion

func (*CryptoHeader) ProtoMessage 

func (*CryptoHeader) ProtoMessage()

func (*CryptoHeader) Reset 

func (m *CryptoHeader) Reset()

func (*CryptoHeader) String 

func (m *CryptoHeader) String() string

type CryptoKey 

type CryptoKey struct {
	KeyHeader        *CryptoHeader `protobuf:"bytes,1,req,name=key_header,json=keyHeader" json:"key_header,omitempty"`
	KeyComponents    [][]byte      `protobuf:"bytes,2,rep,name=key_components,json=keyComponents" json:"key_components,omitempty"`
	XXX_unrecognized []byte        `json:"-"`
}

CryptoKey

func CryptoKeyFromCrypter 

func CryptoKeyFromCrypter(c *Crypter) (*CryptoKey, error)

func CryptoKeyFromDeriver 

func CryptoKeyFromDeriver(d *Deriver) (*CryptoKey, error)

func CryptoKeyFromSigner 

func CryptoKeyFromSigner(s *Signer) (*CryptoKey, error)

func CryptoKeyFromVerifier 

func CryptoKeyFromVerifier(v *Verifier) (*CryptoKey, error)

func GenerateCryptoKey 

func GenerateCryptoKey(keyType string, keyName *string, keyEpoch *int32, keyPurpose *string, keyStatus *string) *CryptoKey

func UnmarshalCryptoKey 

func UnmarshalCryptoKey(bytes []byte) (*CryptoKey, error)

func (*CryptoKey) Clear 

func (k *CryptoKey) Clear()

func (*CryptoKey) Descriptor 

func (*CryptoKey) Descriptor() ([]byte, []int)

func (*CryptoKey) GetKeyComponents 

func (m *CryptoKey) GetKeyComponents() [][]byte

func (*CryptoKey) GetKeyHeader 

func (m *CryptoKey) GetKeyHeader() *CryptoHeader

func (*CryptoKey) ProtoMessage 

func (*CryptoKey) ProtoMessage()

func (*CryptoKey) Reset 

func (m *CryptoKey) Reset()

func (*CryptoKey) String 

func (m *CryptoKey) String() string

type CryptoKeyset 

type CryptoKeyset struct {
	Keys [][]byte `protobuf:"bytes,1,rep,name=keys" json:"keys,omitempty"`
	// Cert for Signing Key
	Cert       []byte       `protobuf:"bytes,2,opt,name=cert" json:"cert,omitempty"`
	Delegation *Attestation `protobuf:"bytes,3,opt,name=delegation" json:"delegation,omitempty"`
	// certs supporting cert from cert signer to authority.
	CertChain        [][]byte `protobuf:"bytes,4,rep,name=cert_chain,json=certChain" json:"cert_chain,omitempty"`
	XXX_unrecognized []byte   `json:"-"`
}

func CryptoKeysetFromKeys 

func CryptoKeysetFromKeys(k *Keys) (*CryptoKeyset, error)

Encodes Keys to Cryptokeyset

func (*CryptoKeyset) Descriptor 

func (*CryptoKeyset) Descriptor() ([]byte, []int)

func (*CryptoKeyset) GetCert 

func (m *CryptoKeyset) GetCert() []byte

func (*CryptoKeyset) GetCertChain 

func (m *CryptoKeyset) GetCertChain() [][]byte

func (*CryptoKeyset) GetDelegation 

func (m *CryptoKeyset) GetDelegation() *Attestation

func (*CryptoKeyset) GetKeys 

func (m *CryptoKeyset) GetKeys() [][]byte

func (*CryptoKeyset) ProtoMessage 

func (*CryptoKeyset) ProtoMessage()

func (*CryptoKeyset) Reset 

func (m *CryptoKeyset) Reset()

func (*CryptoKeyset) String 

func (m *CryptoKeyset) String() string

type CryptoVersion 

type CryptoVersion int32
const (
	CryptoVersion_CRYPTO_VERSION_1 CryptoVersion = 1
	CryptoVersion_CRYPTO_VERSION_2 CryptoVersion = 2
)

func (CryptoVersion) Enum 

func (x CryptoVersion) Enum() *CryptoVersion

func (CryptoVersion) EnumDescriptor 

func (CryptoVersion) EnumDescriptor() ([]byte, []int)

func (CryptoVersion) String 

func (x CryptoVersion) String() string

func (*CryptoVersion) UnmarshalJSON 

func (x *CryptoVersion) UnmarshalJSON(data []byte) error

type DatalogGuard 

type DatalogGuard struct {
	Config DatalogGuardDetails
	Key    *Verifier
	// contains filtered or unexported fields
}

DatalogGuard implements a datalog-based policy engine. Rules in this engine have the form: 

(forall X, Y, Z... : F implies G)

where 

F is a predicate or a conjunction of predicates
G is a predicate

All predicate arguments must be either concrete terms (Int, Str, Prin, etc.) or term-valued variables (TermVar) bound by the quantification. Any variable appearing in G must also appear in F. If there are no variables, the quantification can be omitted. The implication and its antecedent F can be omitted (in which case there can be no variables so the quantification must be omitted as well).

TODO(kwalsh) We could easily support a slightly broader class of formulas, e.g. by allowing G to be a conjunct of predicates, or by allowing a disjunction of conjunctions for F. Anything beyond that seems complicated.

Datalog translation

We assume K speaksfor the guard, where K is the key used to sign the policy file. If there is no signing key, a temporary principal (with a bogus key) is used for K instead. All deduction takes place within the worldview of Guard. Other than this relationship between K and the guard, we don't model the says and speaksfor logic within datalog.

Term objects are usually translated to datalog by just printing them. In this case, a Prin object must not contain any TermVar objects. TermVar objects must be uppercase.

"Term says Pred(...)" is translated to "says(Term, \"Pred\", ...)".

"Pred(...)" alone is translated to "says(K, \"Pred\", ...)".

"forall ... F1 and F2 and ... imp G" is translated to "G :- F1, F2, ...". Not safe for concurrent use by goroutines.

func NewDatalogGuard 

func NewDatalogGuard(verifier *Verifier) *DatalogGuard

NewDatalogGuard returns a new datalog guard without configuring a rules file.

func NewDatalogGuardFromConfig 

func NewDatalogGuardFromConfig(verifier *Verifier, config DatalogGuardDetails) (*DatalogGuard, error)

NewDatalogGuardFromConfig returns a new datalog guard that uses a signed, persistent rule set. ReloadIfModified() should be called to load the rule set.

func (*DatalogGuard) AddRule 

func (g *DatalogGuard) AddRule(rule string) error

AddRule adds a policy rule.

func (*DatalogGuard) Authorize 

func (g *DatalogGuard) Authorize(p auth.Prin, op string, args []string) error

Authorize adds an authorization for p to perform op(args).

func (*DatalogGuard) Clear 

func (g *DatalogGuard) Clear() error

Clear removes all rules.

func (*DatalogGuard) GetRule 

func (g *DatalogGuard) GetRule(i int) string

GetRule returns the ith policy rule, if it exists.

func (*DatalogGuard) GetSignedDatalogRules 

func (g *DatalogGuard) GetSignedDatalogRules(signer *Signer) (*SignedDatalogRules, error)

GetSignedDatalogRules serializes and signs the datalog rules and returns a SignedDatalogRules pointer.

func (*DatalogGuard) IsAuthorized 

func (g *DatalogGuard) IsAuthorized(p auth.Prin, op string, args []string) bool

IsAuthorized checks whether p is authorized to perform op(args).

func (*DatalogGuard) Query 

func (g *DatalogGuard) Query(query string) (bool, error)

Query the policy. Implementations of this interface should support at least queries of the form: Authorized(P, op, args...).

func (*DatalogGuard) ReloadIfModified 

func (g *DatalogGuard) ReloadIfModified() error

ReloadIfModified reads all persistent policy data from disk if the file timestamp is more recent than the last time it was read.

func (*DatalogGuard) Retract 

func (g *DatalogGuard) Retract(p auth.Prin, op string, args []string) error

Retract removes an authorization for p to perform op(args).

func (*DatalogGuard) RetractRule 

func (g *DatalogGuard) RetractRule(rule string) error

RetractRule removes a rule previously added via AddRule() or the equivalent Authorize() call.

func (*DatalogGuard) RuleCount 

func (g *DatalogGuard) RuleCount() int

RuleCount returns a count of the total number of rules.

func (*DatalogGuard) RuleDebugString 

func (g *DatalogGuard) RuleDebugString(i int) string

RuleDebugString returns a debug string for the ith policy rule, if it exists.

func (*DatalogGuard) Save 

func (g *DatalogGuard) Save(signer *Signer) error

Save writes all persistent policy data to disk, signed by key.

func (*DatalogGuard) String 

func (g *DatalogGuard) String() string

String returns a string suitable for showing users authorization info.

func (*DatalogGuard) Subprincipal 

func (g *DatalogGuard) Subprincipal() auth.SubPrin

Subprincipal returns subprincipal DatalogGuard, for temporary guards, or DatalogGuard(<key>) for persistent guards.

type DatalogGuardDetails 

type DatalogGuardDetails struct {
	SignedRulesPath  *string `protobuf:"bytes,2,opt,name=signed_rules_path,json=signedRulesPath" json:"signed_rules_path,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*DatalogGuardDetails) Descriptor 

func (*DatalogGuardDetails) Descriptor() ([]byte, []int)

func (*DatalogGuardDetails) GetSignedRulesPath 

func (m *DatalogGuardDetails) GetSignedRulesPath() string

func (*DatalogGuardDetails) ProtoMessage 

func (*DatalogGuardDetails) ProtoMessage()

func (*DatalogGuardDetails) Reset 

func (m *DatalogGuardDetails) Reset()

func (*DatalogGuardDetails) String 

func (m *DatalogGuardDetails) String() string

type DatalogRules 

type DatalogRules struct {
	Rules            [][]byte `protobuf:"bytes,1,rep,name=rules" json:"rules,omitempty"`
	XXX_unrecognized []byte   `json:"-"`
}

A set of rules.

func RequestDatalogRules 

func RequestDatalogRules(network, addr string, v *Verifier) (*DatalogRules, error)

RequestDatalogRules requests the policy from a TaoCA running a DatalogGuard. Verify the signature with the public policy key `v`.

func (*DatalogRules) Descriptor 

func (*DatalogRules) Descriptor() ([]byte, []int)

func (*DatalogRules) GetRules 

func (m *DatalogRules) GetRules() [][]byte

func (*DatalogRules) ProtoMessage 

func (*DatalogRules) ProtoMessage()

func (*DatalogRules) Reset 

func (m *DatalogRules) Reset()

func (*DatalogRules) String 

func (m *DatalogRules) String() string

type Deriver 

type Deriver struct {
	Header *CryptoHeader

	Secret []byte
}

A Deriver is used to derive key material from a context using HKDF.

func DeriverFromCryptoKey 

func DeriverFromCryptoKey(k CryptoKey) *Deriver

func GenerateAnonymousDeriver 

func GenerateAnonymousDeriver() *Deriver

func InitializeDeriver 

func InitializeDeriver(marshaledCryptoKey []byte, keyType string, keyName *string, keyEpoch *int32, keyPurpose *string, keyStatus *string) (*Deriver, error)

Generate or restore a deriver. InitializeDeriver uses marshaledCryptoKey to restore a signer from a serialized CryptoKey if it's not nil; otherwise it generates one. If generated, the remainder of the arguments are used as parameters; otherwise they are ignored.

func (*Deriver) Clear 

func (d *Deriver) Clear()

func (*Deriver) Derive 

func (d *Deriver) Derive(salt, context, material []byte) error

Derive uses HKDF with HMAC-SHA256 to derive key bytes in its material parameter.

type DockerContainer 

type DockerContainer struct {

	// Hash of the docker image.
	Hash []byte

	// The factory responsible for the hosted process.
	Factory *LinuxDockerContainerFactory

	ImageName   string
	SocketPath  string
	CidfilePath string
	RulesPath   string

	// The underlying docker process.
	Cmd *exec.Cmd

	// A channel to be signaled when the vm is done.
	Done chan bool
	// contains filtered or unexported fields
}

A DockerContainer represents a hosted program running as a Docker container. It uses os/exec.Cmd and the `docker` program to send commands to the Docker daemon rather than using the docker client API directly. This is so that this code doesn't depend on the docker code for now.

func (*DockerContainer) Cleanup 

func (p *DockerContainer) Cleanup() error

func (*DockerContainer) ContainerName 

func (dc *DockerContainer) ContainerName() (string, error)

func (*DockerContainer) ExitStatus 

func (dc *DockerContainer) ExitStatus() (int, error)

ExitStatus returns an exit code for the container.

func (*DockerContainer) Kill 

func (dc *DockerContainer) Kill() error

Kill sends a SIGKILL signal to a docker container.

func (*DockerContainer) Pid 

func (dc *DockerContainer) Pid() int

Pid returns a numeric ID for this docker container.

func (*DockerContainer) Spec 

func (dc *DockerContainer) Spec() HostedProgramSpec

Spec returns the specification used to start the hosted docker container.

func (*DockerContainer) Start 

func (dc *DockerContainer) Start() (channel io.ReadWriteCloser, err error)

Start builds the docker container from the tar file and launches it.

func (*DockerContainer) StartDocker 

func (dc *DockerContainer) StartDocker() error

StartDocker starts a docker container using the docker run subcommand.

func (*DockerContainer) Stop 

func (dc *DockerContainer) Stop() error

Stop sends a SIGSTOP signal to a docker container.

func (*DockerContainer) Subprin 

func (dc *DockerContainer) Subprin() auth.SubPrin

Subprin returns the subprincipal representing the hosted docker container..

func (*DockerContainer) WaitChan 

func (dc *DockerContainer) WaitChan() <-chan bool

WaitChan returns a chan that will be signaled when the hosted vm is done.

type Domain 

type Domain struct {
	Config     DomainConfig
	ConfigPath string
	Keys       *Keys
	Guard      Guard
}

Domain manages domain-wide authorization policies and configuration for a single Tao administrative domain. Configuration includes a name, domain guard type, ACLs or other guard-specific policy data, and a key pair for signing policy data.

Except for a password used to encrypt the policy private key, top-level configuration data for Domain is stored in a text file, typically named "tao.config". This configuration file contains the locations of all other files and directories, e.g. configuration files for the domain guard. File and directory paths within the tao.config file are relative to the location of the tao.config file itself.

func CreateDomain 

func CreateDomain(cfg DomainConfig, configPath string, password []byte) (*Domain, error)

CreateDomain initializes a new Domain, writing its configuration files to a directory. This creates the directory if needed, creates a policy key pair (encrypted with the given password when stored on disk), and initializes a default guard of the appropriate type if needed. Any parameters left empty in cfg will be set to reasonable default values.

func LoadDomain 

func LoadDomain(configPath string, password []byte) (*Domain, error)

LoadDomain initializes a Domain from an existing configuration file. If password is nil, the object will be "locked", meaning that the policy private signing key will not be available, new ACL entries or attestations can not be signed, etc. Otherwise, password will be used to unlock the policy private signing key.

func (*Domain) CreatePublicCachedDomain 

func (d *Domain) CreatePublicCachedDomain(network, addr string, ttl int64) (*Domain, error)

Create a public domain with a CachedGuard. TODO(cjpatton) create a net.Conn here. defer Close() somehow. Add new constructor from a net.Conn that doesn't save the domain to disk. Refactor Request's in ca.go to use already existing connection.

func (*Domain) ExtendTaoName 

func (d *Domain) ExtendTaoName(tao Tao) error

ExtendTaoName uses a Domain's Verifying key to extend the Tao with a subprincipal PolicyKey([...]).

func (*Domain) RulesPath 

func (d *Domain) RulesPath() string

RulesPath returns the path that should be used for the rules/acls for a given domain. If the guard is not Datalog or ACLs, then it returns the empty string.

func (*Domain) Save 

func (d *Domain) Save() error

Save writes all domain configuration and policy data.

func (*Domain) String 

func (d *Domain) String() string

String returns the name of the domain.

func (*Domain) Subprincipal 

func (d *Domain) Subprincipal() auth.SubPrin

Subprincipal returns a subprincipal suitable for contextualizing a program.

type DomainConfig 

type DomainConfig struct {
	DomainInfo       *DomainDetails       `protobuf:"bytes,1,opt,name=domain_info,json=domainInfo" json:"domain_info,omitempty"`
	X509Info         *X509Details         `protobuf:"bytes,2,opt,name=x509_info,json=x509Info" json:"x509_info,omitempty"`
	AclGuardInfo     *ACLGuardDetails     `protobuf:"bytes,3,opt,name=acl_guard_info,json=aclGuardInfo" json:"acl_guard_info,omitempty"`
	DatalogGuardInfo *DatalogGuardDetails `protobuf:"bytes,4,opt,name=datalog_guard_info,json=datalogGuardInfo" json:"datalog_guard_info,omitempty"`
	TpmInfo          *TPMDetails          `protobuf:"bytes,5,opt,name=tpm_info,json=tpmInfo" json:"tpm_info,omitempty"`
	Tpm2Info         *TPM2Details         `protobuf:"bytes,6,opt,name=tpm2_info,json=tpm2Info" json:"tpm2_info,omitempty"`
	XXX_unrecognized []byte               `json:"-"`
}

func (*DomainConfig) Descriptor 

func (*DomainConfig) Descriptor() ([]byte, []int)

func (*DomainConfig) GetAclGuardInfo 

func (m *DomainConfig) GetAclGuardInfo() *ACLGuardDetails

func (*DomainConfig) GetDatalogGuardInfo 

func (m *DomainConfig) GetDatalogGuardInfo() *DatalogGuardDetails

func (*DomainConfig) GetDomainInfo 

func (m *DomainConfig) GetDomainInfo() *DomainDetails

func (*DomainConfig) GetTpm2Info 

func (m *DomainConfig) GetTpm2Info() *TPM2Details

func (*DomainConfig) GetTpmInfo 

func (m *DomainConfig) GetTpmInfo() *TPMDetails

func (*DomainConfig) GetX509Info 

func (m *DomainConfig) GetX509Info() *X509Details

func (*DomainConfig) ProtoMessage 

func (*DomainConfig) ProtoMessage()

func (*DomainConfig) Reset 

func (m *DomainConfig) Reset()

func (*DomainConfig) SetDefaults 

func (cfg *DomainConfig) SetDefaults()

SetDefaults sets each blank field of cfg to a reasonable default value.

func (*DomainConfig) String 

func (m *DomainConfig) String() string

type DomainDetails 

type DomainDetails struct {
	// name of domain
	Name           *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
	PolicyKeysPath *string `protobuf:"bytes,2,opt,name=policy_keys_path,json=policyKeysPath" json:"policy_keys_path,omitempty"`
	GuardType      *string `protobuf:"bytes,3,opt,name=guard_type,json=guardType" json:"guard_type,omitempty"`
	// ??
	GuardNetwork     *string `protobuf:"bytes,4,opt,name=guard_network,json=guardNetwork" json:"guard_network,omitempty"`
	GuardAddress     *string `protobuf:"bytes,5,opt,name=guard_address,json=guardAddress" json:"guard_address,omitempty"`
	GuardTtl         *int64  `protobuf:"varint,6,opt,name=guard_ttl,json=guardTtl" json:"guard_ttl,omitempty"`
	CipherSuite      *string `protobuf:"bytes,7,opt,name=cipher_suite,json=cipherSuite" json:"cipher_suite,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

TODO(jlm): Comments for arguments. Policy key should be compatible with library cipher suite.

func (*DomainDetails) Descriptor 

func (*DomainDetails) Descriptor() ([]byte, []int)

func (*DomainDetails) GetCipherSuite 

func (m *DomainDetails) GetCipherSuite() string

func (*DomainDetails) GetGuardAddress 

func (m *DomainDetails) GetGuardAddress() string

func (*DomainDetails) GetGuardNetwork 

func (m *DomainDetails) GetGuardNetwork() string

func (*DomainDetails) GetGuardTtl 

func (m *DomainDetails) GetGuardTtl() int64

func (*DomainDetails) GetGuardType 

func (m *DomainDetails) GetGuardType() string

func (*DomainDetails) GetName 

func (m *DomainDetails) GetName() string

func (*DomainDetails) GetPolicyKeysPath 

func (m *DomainDetails) GetPolicyKeysPath() string

func (*DomainDetails) ProtoMessage 

func (*DomainDetails) ProtoMessage()

func (*DomainDetails) Reset 

func (m *DomainDetails) Reset()

func (*DomainDetails) String 

func (m *DomainDetails) String() string

type DomainTemplate 

type DomainTemplate struct {
	Config       *DomainConfig `protobuf:"bytes,1,opt,name=config" json:"config,omitempty"`
	DatalogRules []string      `protobuf:"bytes,2,rep,name=datalog_rules,json=datalogRules" json:"datalog_rules,omitempty"`
	AclRules     []string      `protobuf:"bytes,3,rep,name=acl_rules,json=aclRules" json:"acl_rules,omitempty"`
	// The name of the host (used for policy statements)
	HostName          *string `protobuf:"bytes,4,opt,name=host_name,json=hostName" json:"host_name,omitempty"`
	HostPredicateName *string `protobuf:"bytes,5,opt,name=host_predicate_name,json=hostPredicateName" json:"host_predicate_name,omitempty"`
	// Program names (as paths to binaries)
	ProgramPaths         []string `protobuf:"bytes,6,rep,name=program_paths,json=programPaths" json:"program_paths,omitempty"`
	ProgramPredicateName *string  `protobuf:"bytes,7,opt,name=program_predicate_name,json=programPredicateName" json:"program_predicate_name,omitempty"`
	// Container names (as paths to images)
	ContainerPaths         []string `protobuf:"bytes,8,rep,name=container_paths,json=containerPaths" json:"container_paths,omitempty"`
	ContainerPredicateName *string  `protobuf:"bytes,9,opt,name=container_predicate_name,json=containerPredicateName" json:"container_predicate_name,omitempty"`
	// VM names (as paths to images)
	VmPaths         []string `protobuf:"bytes,10,rep,name=vm_paths,json=vmPaths" json:"vm_paths,omitempty"`
	VmPredicateName *string  `protobuf:"bytes,11,opt,name=vm_predicate_name,json=vmPredicateName" json:"vm_predicate_name,omitempty"`
	// LinuxHost names (as paths to images)
	LinuxHostPaths         []string `protobuf:"bytes,12,rep,name=linux_host_paths,json=linuxHostPaths" json:"linux_host_paths,omitempty"`
	LinuxHostPredicateName *string  `protobuf:"bytes,13,opt,name=linux_host_predicate_name,json=linuxHostPredicateName" json:"linux_host_predicate_name,omitempty"`
	// The name of the predicate to use for trusted guards.
	GuardPredicateName *string `protobuf:"bytes,14,opt,name=guard_predicate_name,json=guardPredicateName" json:"guard_predicate_name,omitempty"`
	// The name of the predicate to use for trusted TPMs.
	TpmPredicateName *string `protobuf:"bytes,15,opt,name=tpm_predicate_name,json=tpmPredicateName" json:"tpm_predicate_name,omitempty"`
	// The name of the predicate to use for trusted OSs.
	OsPredicateName *string `protobuf:"bytes,16,opt,name=os_predicate_name,json=osPredicateName" json:"os_predicate_name,omitempty"`
	// The name of the predicate to use for trusted TPM2s.
	Tpm2PredicateName *string `protobuf:"bytes,17,opt,name=tpm2_predicate_name,json=tpm2PredicateName" json:"tpm2_predicate_name,omitempty"`
	XXX_unrecognized  []byte  `json:"-"`
}

func (*DomainTemplate) Descriptor 

func (*DomainTemplate) Descriptor() ([]byte, []int)

func (*DomainTemplate) GetAclRules 

func (m *DomainTemplate) GetAclRules() []string

func (*DomainTemplate) GetConfig 

func (m *DomainTemplate) GetConfig() *DomainConfig

func (*DomainTemplate) GetContainerPaths 

func (m *DomainTemplate) GetContainerPaths() []string

func (*DomainTemplate) GetContainerPredicateName 

func (m *DomainTemplate) GetContainerPredicateName() string

func (*DomainTemplate) GetDatalogRules 

func (m *DomainTemplate) GetDatalogRules() []string

func (*DomainTemplate) GetGuardPredicateName 

func (m *DomainTemplate) GetGuardPredicateName() string

func (*DomainTemplate) GetHostName 

func (m *DomainTemplate) GetHostName() string

func (*DomainTemplate) GetHostPredicateName 

func (m *DomainTemplate) GetHostPredicateName() string

func (*DomainTemplate) GetLinuxHostPaths 

func (m *DomainTemplate) GetLinuxHostPaths() []string

func (*DomainTemplate) GetLinuxHostPredicateName 

func (m *DomainTemplate) GetLinuxHostPredicateName() string

func (*DomainTemplate) GetOsPredicateName 

func (m *DomainTemplate) GetOsPredicateName() string

func (*DomainTemplate) GetProgramPaths 

func (m *DomainTemplate) GetProgramPaths() []string

func (*DomainTemplate) GetProgramPredicateName 

func (m *DomainTemplate) GetProgramPredicateName() string

func (*DomainTemplate) GetTpm2PredicateName 

func (m *DomainTemplate) GetTpm2PredicateName() string

func (*DomainTemplate) GetTpmPredicateName 

func (m *DomainTemplate) GetTpmPredicateName() string

func (*DomainTemplate) GetVmPaths 

func (m *DomainTemplate) GetVmPaths() []string

func (*DomainTemplate) GetVmPredicateName 

func (m *DomainTemplate) GetVmPredicateName() string

func (*DomainTemplate) ProtoMessage 

func (*DomainTemplate) ProtoMessage()

func (*DomainTemplate) Reset 

func (m *DomainTemplate) Reset()

func (*DomainTemplate) String 

func (m *DomainTemplate) String() string

type EncryptedData 

type EncryptedData struct {
	Header           *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"`
	Iv               []byte        `protobuf:"bytes,2,req,name=iv" json:"iv,omitempty"`
	Ciphertext       []byte        `protobuf:"bytes,3,req,name=ciphertext" json:"ciphertext,omitempty"`
	Mac              []byte        `protobuf:"bytes,4,opt,name=mac" json:"mac,omitempty"`
	XXX_unrecognized []byte        `json:"-"`
}

The result of encrypting.

func (*EncryptedData) Descriptor 

func (*EncryptedData) Descriptor() ([]byte, []int)

func (*EncryptedData) GetCiphertext 

func (m *EncryptedData) GetCiphertext() []byte

func (*EncryptedData) GetHeader 

func (m *EncryptedData) GetHeader() *CryptoHeader

func (*EncryptedData) GetIv 

func (m *EncryptedData) GetIv() []byte

func (*EncryptedData) GetMac 

func (m *EncryptedData) GetMac() []byte

func (*EncryptedData) ProtoMessage 

func (*EncryptedData) ProtoMessage()

func (*EncryptedData) Reset 

func (m *EncryptedData) Reset()

func (*EncryptedData) String 

func (m *EncryptedData) String() string

type EncryptionIntegrityPDU 

type EncryptionIntegrityPDU struct {
	Header           *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"`
	Iv               []byte        `protobuf:"bytes,2,req,name=iv" json:"iv,omitempty"`
	Ciphertext       []byte        `protobuf:"bytes,3,req,name=ciphertext" json:"ciphertext,omitempty"`
	XXX_unrecognized []byte        `json:"-"`
}

A PDU to be serialized and signed for integrity-protection when using encryption modes (like AES CTR with HMAC-SHA) that require a separate MAC. Note: We actually just hmac the partially serialized EncryptedData message with all fields complete except the mac field.

func (*EncryptionIntegrityPDU) Descriptor 

func (*EncryptionIntegrityPDU) Descriptor() ([]byte, []int)

func (*EncryptionIntegrityPDU) GetCiphertext 

func (m *EncryptionIntegrityPDU) GetCiphertext() []byte

func (*EncryptionIntegrityPDU) GetHeader 

func (m *EncryptionIntegrityPDU) GetHeader() *CryptoHeader

func (*EncryptionIntegrityPDU) GetIv 

func (m *EncryptionIntegrityPDU) GetIv() []byte

func (*EncryptionIntegrityPDU) ProtoMessage 

func (*EncryptionIntegrityPDU) ProtoMessage()

func (*EncryptionIntegrityPDU) Reset 

func (m *EncryptionIntegrityPDU) Reset()

func (*EncryptionIntegrityPDU) String 

func (m *EncryptionIntegrityPDU) String() string

type Guard 

type Guard interface {
	// Subprincipal returns a unique subprincipal for this policy.
	Subprincipal() auth.SubPrin

	// Save writes all presistent policy data to disk, signed by key.
	Save(key *Signer) error

	// Authorize adds an authorization for a principal to perform an
	// operation.
	Authorize(name auth.Prin, op string, args []string) error

	// Retract removes an authorization for a principal to perform an
	// operation, essentially reversing the effect of an Authorize() call
	// with identical name, op, and args. Note: this reverses the effect of
	// an Authorize() call with identical parameters of the equivalent
	// AddRule() call. However, particularly when expressive policies are
	// supported (e.g., an "authorize all" rule), other rules may still be
	// in place authorizing the principal to perform the operation.
	Retract(name auth.Prin, op string, args []string) error

	// IsAuthorized checks whether a principal is authorized to perform an
	// operation.
	IsAuthorized(name auth.Prin, op string, args []string) bool

	// AddRule adds a policy rule. Subclasses should support at least rules
	// of the form: Authorized(P, op, args...). This is equivalent to
	// calling Authorize(P, op, args...) with each of the arguments
	// converted to either a string or integer.
	AddRule(rule string) error

	// RetractRule removes a rule previously added via AddRule() or the
	// equivalent Authorize() call.
	RetractRule(rule string) error

	// Clear removes all rules.
	Clear() error

	// Query the policy. Implementations of this interface should support
	// at least queries of the form: Authorized(P, op, args...).
	Query(query string) (bool, error)

	// RuleCount returns a count of the total number of rules.
	RuleCount() int

	// GetRule returns the ith policy rule, if it exists.
	GetRule(i int) string

	// RuleDebugString returns a debug string for the ith policy rule, if
	// it exists.
	RuleDebugString(i int) string

	// String returns a string suitable for showing users authorization
	// info.
	String() string
}

Guard is an interface for evaluating policy decisions.

func LoadACLGuard 

func LoadACLGuard(key *Verifier, config ACLGuardDetails) (Guard, error)

LoadACLGuard restores a set of rules saved with Save. It replaces any rules in the ACLGuard with the rules it loaded. In the process, it also checks the signature created during the Save process.

func NewACLGuard 

func NewACLGuard(key *Verifier, config ACLGuardDetails) Guard

NewACLGuard produces a Guard implementation that implements ACLGuard.

func NewTemporaryDatalogGuard 

func NewTemporaryDatalogGuard() Guard

NewTemporaryDatalogGuard returns a new datalog guard with a fresh, unsigned, non-persistent rule set. It adds a custom predicate subprin(P, O, E) to check if a principal P is a subprincipal O.E.

type Host 

type Host interface {
	// GetRandomBytes returns a slice of n random bytes.
	GetRandomBytes(childSubprin auth.SubPrin, n int) (bytes []byte, err error)

	// GetSharedSecret returns a slice of n secret bytes.
	GetSharedSecret(tag string, n int) (bytes []byte, err error)

	// Attest requests the Tao host sign a statement on behalf of the caller.
	Attest(childSubprin auth.SubPrin, issuer *auth.Prin,
		time, expiration *int64, message auth.Form) (*Attestation, error)

	// Encrypt data so that only this host can access it.
	Encrypt(data []byte) (encrypted []byte, err error)

	// Decrypt data that only this host can access.
	Decrypt(encrypted []byte) (data []byte, err error)

	// Notify this Host that a new hosted program has been created.
	AddedHostedProgram(childSubprin auth.SubPrin) error

	// Notify this Host that a hosted program has been killed.
	RemovedHostedProgram(childSubprin auth.SubPrin) error

	// Get the Tao principal name assigned to this hosted Tao host. The
	// name encodes the full path from the root Tao, through all
	// intermediary Tao hosts, to this hosted Tao host.
	HostName() auth.Prin

	// InitCounter initializes a counter with given label.
	InitCounter(label string, c int64) error

	// GetCounter retrieves a counter with given label.
	GetCounter(label string) (int64, error)

	// RollbackProtectedSeal encrypts data under rollback protection
	// so only certain hosted programs can unseal it.
	RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)

	// RollbackProtectedUnseal decrypts data under rollback protection.
	RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)
}

Host is a generic interface for a Tao host that can be configured and driven by a variety of host environments. Generally, the host environment is responsible for enforcing and managing policy, managing hosted programs (e.g. measuring, naming, starting, stopping), communication with hosted programs (e.g. channel creation, RPC reception), and other host-specific details.

Because the environment calls Host in response to requests from hosted processes invoking the Tao interface, several Host methods resemble methods in Tao. Semantics and method signatures differ slightly, however, since the environment can add context (e.g., the subprincipal name of the requesting child) or do part of the implementation (e.g., manage policy on seal/unseal).

func NewTaoStackedHost 

func NewTaoStackedHost(t Tao) (Host, error)

NewTaoStackedHost generates a new StackedHost with a fresh set of temporary keys.

func NewTaoStackedHostFromKeys 

func NewTaoStackedHostFromKeys(k *Keys, t Tao) (Host, error)

NewTaoStackedHostFromKeys takes ownership of an existing set of keys and returns a StackedHost that uses these keys over an existing host Tao.

type HostTaoType 

type HostTaoType int

The HostTaoType is the type of Tao (either a Root of trust, or Stacked on another Tao) 

const (
	NoHost HostTaoType = iota
	Root
	Stacked
)

These constants represent the different types of configurations for the Tao.

type HostedProcess 

type HostedProcess struct {

	// The value to be used as argv[0]
	Argv0 string

	// A secured, private copy of the executable.
	Temppath string

	// A temporary directory for storing the temporary executable.
	Tempdir string

	// Hash of the executable.
	Hash []byte

	// The underlying process.
	Cmd exec.Cmd

	// The factory responsible for the hosted process.
	Factory *LinuxProcessFactory

	// A channel to be signaled when the process is done.
	Done chan bool
	// contains filtered or unexported fields
}

A LinuxProcess represents a hosted program that executes as a linux process.

func (*HostedProcess) Cleanup 

func (p *HostedProcess) Cleanup() error

func (*HostedProcess) ExitStatus 

func (p *HostedProcess) ExitStatus() (int, error)

ExitStatus returns an exit code for the process.

func (*HostedProcess) Kill 

func (p *HostedProcess) Kill() error

Kill kills an os/exec.Cmd process.

func (*HostedProcess) Pid 

func (p *HostedProcess) Pid() int

Pid returns the pid of the underlying os/exec.Cmd instance.

func (*HostedProcess) Spec 

func (p *HostedProcess) Spec() HostedProgramSpec

Spec returns the specification used to start the hosted process.

func (*HostedProcess) Start 

func (p *HostedProcess) Start() (channel io.ReadWriteCloser, err error)

Start starts the the hosted process and returns a tao channel to it.

func (*HostedProcess) Stop 

func (p *HostedProcess) Stop() error

Stop tries to send SIGTERM to a process.

func (*HostedProcess) Subprin 

func (p *HostedProcess) Subprin() auth.SubPrin

Subprin returns the subprincipal representing the hosted process.

func (*HostedProcess) WaitChan 

func (p *HostedProcess) WaitChan() <-chan bool

WaitChan returns a chan that will be signaled when the hosted process is done.

type HostedProgram 

type HostedProgram interface {

	// Spec returns the specification used to start the hosted program.
	Spec() HostedProgramSpec

	// Subprin returns the subprincipal representing the hosted program.
	Subprin() auth.SubPrin

	// Start starts the the hosted program and returns a tao channel to it.
	Start() (io.ReadWriteCloser, error)

	// Kill kills the hosted program and cleans up resources.
	Kill() error

	// Stop stops the hosted program and cleans up resources.
	Stop() error

	WaitChan() <-chan bool

	// Cleanup cleans up resources, such as temporary files.
	Cleanup() error

	// Pid returns a factory-specific numeric identifier.
	Pid() int

	// ExitStatus returns a factory-specific exit status code if
	// the hosted program has exited.
	ExitStatus() (int, error)
}

A HostedProgram is an abstraction of a process. It is closely related to os/exec.Cmd and github.com/docker/docker/daemon.Container.

type HostedProgramFactory 

type HostedProgramFactory interface {

	// NewHostedProgram initializes, but does not start, a hosted program.
	NewHostedProgram(spec HostedProgramSpec) (HostedProgram, error)
}

A HostedProgramFactory manages the creation of hosted programs. For example, on Linux, it might create processes using fork, or it might create processes running on docker containers. It might also start a virtual machine containing a new instance of an operating system.

func NewLinuxDockerContainerFactory 

func NewLinuxDockerContainerFactory(sockDir, rulesPath string) HostedProgramFactory

NewLinuxDockerContainerFactory returns a new HostedProgramFactory that can create docker containers to wrap programs.

func NewLinuxKVMCoreOSFactory 

func NewLinuxKVMCoreOSFactory(sockPath string, cfg *CoreOSConfig) (HostedProgramFactory, error)

NewLinuxKVMCoreOSFactory returns a new HostedProgramFactory that can create docker containers to wrap programs. TODO(kwalsh) fix comment.

func NewLinuxKVMCustomFactory 

func NewLinuxKVMCustomFactory(cfg *VmConfig) HostedProgramFactory

NewLinuxKVMCustomFactory returns a new HostedProgramFactory that can create docker containers to wrap programs.

func NewLinuxProcessFactory 

func NewLinuxProcessFactory(channelType, socketPath string) HostedProgramFactory

NewLinuxProcessFactory returns a new HostedProgramFactory that can create linux processes.

type HostedProgramSpec 

type HostedProgramSpec struct {

	// Id is an optional number to be included in the subprincipal name. If
	// zero, it will be omitted.
	Id uint

	// Path specifies a file, e.g. an executable or a vm image, to be
	// executed in some factory-specific way.
	Path string

	// Args are passed to the hosted program in some factory-specific way,
	// e.g. as command line arguments.
	Args []string

	// ContainerArgs are used to configure the factory-specific container in
	// which the hosted program is executed, e.g. by being passed as parameters
	// to `docker run`.
	ContainerArgs []string

	// Uid is a the linux uid under which the hosted program is to be executed.
	// Zero is not a legal value unless Superuser is set.
	Uid int

	// Gid is a the linux uid under which the hosted program is to be executed.
	// Zero is not a legal value unless Superuser is set.
	Gid int

	// Superuser enables running the hosted program with Uid or Gid 0. This
	// field is meant to prevent an accidentally omitted Uid from being
	// interpreted as a request to run the hosted program as superuser. Instead,
	// superuser must explicitly be set.
	Superuser bool

	// Stdin, Stdout, and Stderr are open file descriptors to be shared with the
	// hosted program in a factory-specific way. If nil, factory-specific
	// default values are used, e.g. perhaps /dev/null or inheriting from the
	// tao host server. If not nil, these must have a File.Fd().
	Stdin, Stdout, Stderr *os.File

	// Dir is the directory in which to start the program. If empty, a
	// factory-specific default will be used, e.g. perhaps the tao host server's
	// directory, or perhaps dirname(Path).
	Dir string

	// Env specifies the environment of the hosted program. If Env is nil, a
	// factory-specific default environment will be used. Some factories may
	// modify the environment, e.g. to pass certain parameters across a fork.
	Env []string
}

A HostedProgramSpec contains all of the information that might be needed to start a hosted program. Some factories may not use all of this information, and the semantics of each field vary by factory.

type HostedProgramType 

type HostedProgramType int

The HostedProgramType represents the type of hosted programs and the channel type used for communication between the Host and the Hosted Program. 

const (
	NoHostedPrograms HostedProgramType = iota
	ProcessPipe
	DockerUnix
	KVMCoreOSFile
	KVMCustom
)

These constants represent the different configurations of hosted programs and communication channels.

type HybridSealedData 

type HybridSealedData struct {
	SealedKey        []byte `protobuf:"bytes,1,req,name=SealedKey" json:"SealedKey,omitempty"`
	EncryptedData    []byte `protobuf:"bytes,2,req,name=EncryptedData" json:"EncryptedData,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

func (*HybridSealedData) Descriptor 

func (*HybridSealedData) Descriptor() ([]byte, []int)

func (*HybridSealedData) GetEncryptedData 

func (m *HybridSealedData) GetEncryptedData() []byte

func (*HybridSealedData) GetSealedKey 

func (m *HybridSealedData) GetSealedKey() []byte

func (*HybridSealedData) ProtoMessage 

func (*HybridSealedData) ProtoMessage()

func (*HybridSealedData) Reset 

func (m *HybridSealedData) Reset()

func (*HybridSealedData) String 

func (m *HybridSealedData) String() string

type KeyDerivationPDU 

type KeyDerivationPDU struct {
	PreviousHash     []byte  `protobuf:"bytes,1,req,name=previous_hash,json=previousHash" json:"previous_hash,omitempty"`
	Size             *uint32 `protobuf:"fixed32,2,req,name=size" json:"size,omitempty"`
	Context          *string `protobuf:"bytes,3,req,name=context" json:"context,omitempty"`
	Index            *uint32 `protobuf:"fixed32,4,req,name=index" json:"index,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

A PDU to be serialized and fed to HKDF for derivation.

func (*KeyDerivationPDU) Descriptor 

func (*KeyDerivationPDU) Descriptor() ([]byte, []int)

func (*KeyDerivationPDU) GetContext 

func (m *KeyDerivationPDU) GetContext() string

func (*KeyDerivationPDU) GetIndex 

func (m *KeyDerivationPDU) GetIndex() uint32

func (*KeyDerivationPDU) GetPreviousHash 

func (m *KeyDerivationPDU) GetPreviousHash() []byte

func (*KeyDerivationPDU) GetSize 

func (m *KeyDerivationPDU) GetSize() uint32

func (*KeyDerivationPDU) ProtoMessage 

func (*KeyDerivationPDU) ProtoMessage()

func (*KeyDerivationPDU) Reset 

func (m *KeyDerivationPDU) Reset()

func (*KeyDerivationPDU) String 

func (m *KeyDerivationPDU) String() string

type KeyType 

type KeyType int

A KeyType represent the type(s) of keys held by a Keys struct. 

const (
	Signing KeyType = 1 << iota
	Crypting
	Deriving
)

These are the types of supported keys.

type Keys 

type Keys struct {

	// This represents the private key used to sign statements.
	SigningKey *Signer

	// This represents the keys for the symmetric suite used to encrypt and
	// integrity protect data.
	CryptingKey *Crypter

	// This is the deriving key used to obtain keys from a master secret
	// like passwords in the case of domain keys.
	DerivingKey *Deriver

	// This represents the public key of the SigningKey.
	VerifyingKey *Verifier

	// This is an attestation by my host appointing the public key of
	// the Signing key.  This can be nil.
	Delegation *Attestation

	// This is the certificate for the signing key.
	// For a Root Tao, this cert is signed by the policy key or
	// other authority.  It can be nil.
	Cert *x509.Certificate

	// This is the certificate chain from the signer of Cert to the
	// policy key (or other authority).
	CertChain []*x509.Certificate
	// contains filtered or unexported fields
}

The Keys structure manages a set of signing, verifying, encrypting, and key-deriving // keys for many uses. To some extent, the field meanings will differ between uses. The comments below are focused on the use of the Keys structure for domains, including the policy domain, and Tao's (Root and Stacked).

func KeysFromCryptoKeyset 

func KeysFromCryptoKeyset(cks *CryptoKeyset) (*Keys, error)

KeysFromCryptoKeyset decodes a CryptoKeyset into a Keys structure.

func LoadKeys 

func LoadKeys(keyTypes KeyType, t Tao, path, policy string) (*Keys, error)

LoadKeys reads a key set from file. If there is a parent tao (t!=nil), then expect the keys are sealed and call t.Unseal(); otherwise, expect the key set to be plaintext.

func NewOnDiskPBEKeys 

func NewOnDiskPBEKeys(keyTypes KeyType, password []byte, path string, name *pkix.Name) (*Keys, error)

NewOnDiskPBEKeys creates a new Keys structure with the specified key types store under PBE on disk. If keys are generated and name is not nil, then a self-signed x509 certificate will be generated and saved as well.

func NewOnDiskTaoSealedKeys 

func NewOnDiskTaoSealedKeys(keyTypes KeyType, t Tao, path, policy string) (*Keys, error)

NewOnDiskTaoSealedKeys sets up the keys sealed under a host Tao or reads sealed keys.

func NewSignedOnDiskPBEKeys 

func NewSignedOnDiskPBEKeys(keyTypes KeyType, password []byte, path string, name *pkix.Name, serial int, signer *Keys) (*Keys, error)

NewSignedOnDiskPBEKeys creates the same type of keys as NewOnDiskPBEKeys but signs a certificate for the signer with the provided Keys, which must have both a SigningKey and a Certificate.

func NewTemporaryKeys 

func NewTemporaryKeys(keyTypes KeyType) (*Keys, error)

NewTemporaryKeys creates a new Keys structure with the specified keys.

func NewTemporaryTaoDelegatedKeys 

func NewTemporaryTaoDelegatedKeys(keyTypes KeyType, t Tao) (*Keys, error)

NewTemporaryTaoDelegatedKeys initializes a set of temporary keys under a host Tao, using the Tao to generate a delegation for the signing key. Since these keys are never stored on disk, they are not sealed to the Tao.

func UnmarshalKeys 

func UnmarshalKeys(b []byte) (*Keys, error)

func (*Keys) NewSecret 

func (k *Keys) NewSecret(file string, length int) ([]byte, error)

NewSecret creates and encrypts a new secret value of the given length, or it reads and decrypts the value and checks that it's the right length. It creates the file and its parent directories if these directories do not exist.

func (*Keys) PBEKeysetPath 

func (k *Keys) PBEKeysetPath() string

PBEKeysetPath returns the path for stored keys.

func (*Keys) PBESignerPath 

func (k *Keys) PBESignerPath() string

PBESignerPath returns the path for a stored signing key.

func (*Keys) PlaintextKeysetPath 

func (k *Keys) PlaintextKeysetPath() string

PlaintextKeysetPath returns the path for a key stored in plaintext (this is not normally the case).

func (*Keys) Save 

func (k *Keys) Save(t Tao) error

Save serializes, seals, and writes a key set to disk. It calls t.Seal().

func (*Keys) SealedKeysetPath 

func (k *Keys) SealedKeysetPath() string

SealedKeysetPath returns the path for a stored signing key.

func (*Keys) X509VerifierPath 

func (k *Keys) X509VerifierPath() string

X509VerifierPath returns the path to the verifier key, stored as an X.509 certificate.

type KvmCoreOSContainer 

type KvmCoreOSContainer struct {

	// TODO(kwalsh) A temporary directory for the config drive.
	Tempdir string

	// Hash of the CoreOS image.
	Hash []byte

	// Hash of the factory's KVM image.
	// TODO(kwalsh) Move this to LinuxKVMCoreOSFactory. and don't recompute?
	FactoryHash []byte

	// The factory responsible for the vm.
	Factory *LinuxKVMCoreOSFactory

	// Configuration details for CoreOS, mostly obtained from the factory.
	// TODO(kwalsh) what is a good description for this?
	Cfg *CoreOSConfig

	// The underlying vm process.
	QCmd *exec.Cmd

	// Path to linux host.
	// TODO(kwalsh) is this description correct?
	LHPath string

	// A channel to be signaled when the vm is done.
	Done chan bool
	// contains filtered or unexported fields
}

A KvmCoreOSContainer represents a hosted program running as a CoreOS image on KVM. It uses os/exec.Cmd to send commands to QEMU/KVM to start CoreOS then uses SSH to connect to CoreOS to start the LinuxHost there with a virtio-serial connection for its communication with the Tao running on Linux in the guest. This use of os/exec is to avoid having to rewrite or hook into libvirt for now.

func (*KvmCoreOSContainer) Cleanup 

func (kcc *KvmCoreOSContainer) Cleanup() error

func (*KvmCoreOSContainer) ExitStatus 

func (kcc *KvmCoreOSContainer) ExitStatus() (int, error)

ExitStatus returns an exit code for the container.

func (*KvmCoreOSContainer) Kill 

func (kcc *KvmCoreOSContainer) Kill() error

Kill sends a SIGKILL signal to a QEMU instance.

func (*KvmCoreOSContainer) Pid 

func (kcc *KvmCoreOSContainer) Pid() int

Pid returns a numeric ID for this container.

func (*KvmCoreOSContainer) Spec 

func (kcc *KvmCoreOSContainer) Spec() HostedProgramSpec

Spec returns the specification used to start the hosted vm.

func (*KvmCoreOSContainer) Start 

func (kcc *KvmCoreOSContainer) Start() (channel io.ReadWriteCloser, err error)

Start launches a QEMU/KVM CoreOS instance, connects to it with SSH to start the LinuxHost on it, and returns the socket connection to that host.

func (*KvmCoreOSContainer) Stop 

func (kcc *KvmCoreOSContainer) Stop() error

Stop sends a SIGSTOP signal to a docker container.

func (*KvmCoreOSContainer) Subprin 

func (kcc *KvmCoreOSContainer) Subprin() auth.SubPrin

Subprin returns the subprincipal representing the hosted vm.

func (*KvmCoreOSContainer) WaitChan 

func (kcc *KvmCoreOSContainer) WaitChan() <-chan bool

WaitChan returns a chan that will be signaled when the hosted vm is done.

type KvmCustomContainer 

type KvmCustomContainer struct {

	// Hash of the kernel image.
	KernelHash []byte

	// Hash fo the InitRam image.
	InitRamHash []byte

	// The factory responsible for the vm.
	Factory *LinuxKVMCustomFactory

	// Configuration details for VM, mostly obtained from the factory.
	// TODO(kwalsh) what is a good description for this?
	Cfg *VmConfig

	// The underlying vm process.
	QCmd *exec.Cmd

	// A channel to be signaled when the vm is done.
	Done chan bool
	// contains filtered or unexported fields
}

A KvmCustomContainer represents a hosted program running as a VM on KVM. It uses os/exec.Cmd to send commands to QEMU/KVM to start the VM. This use of os/exec is to avoid having to rewrite or hook into libvirt for now.

func (*KvmCustomContainer) Cleanup 

func (kcc *KvmCustomContainer) Cleanup() error

func (*KvmCustomContainer) ExitStatus 

func (kcc *KvmCustomContainer) ExitStatus() (int, error)

ExitStatus returns an exit code for the container.

func (*KvmCustomContainer) Kill 

func (kcc *KvmCustomContainer) Kill() error

Kill sends a SIGKILL signal to a QEMU instance.

func (*KvmCustomContainer) Pid 

func (kcc *KvmCustomContainer) Pid() int

Pid returns a numeric ID for this container.

func (*KvmCustomContainer) Spec 

func (kcc *KvmCustomContainer) Spec() HostedProgramSpec

Spec returns the specification used to start the hosted vm.

func (*KvmCustomContainer) Start 

func (kcc *KvmCustomContainer) Start() (channel io.ReadWriteCloser, err error)

Start launches a QEMU/KVM CoreOS instance, connects to it with SSH to start the LinuxHost on it, and returns the socket connection to that host.

func (*KvmCustomContainer) Stop 

func (kcc *KvmCustomContainer) Stop() error

Stop sends a SIGSTOP signal to a docker container.

func (*KvmCustomContainer) Subprin 

func (kcc *KvmCustomContainer) Subprin() auth.SubPrin

Subprin returns the subprincipal representing the hosted vm.

func (*KvmCustomContainer) WaitChan 

func (kcc *KvmCustomContainer) WaitChan() <-chan bool

WaitChan returns a chan that will be signaled when the hosted vm is done.

type LinuxDockerContainerFactory 

type LinuxDockerContainerFactory struct {
	SocketDir string
	RulesPath string
}

A LinuxDockerContainerFactory manages hosted programs started as docker containers over a given docker image.

func (*LinuxDockerContainerFactory) NewHostedProgram 

func (ldcf *LinuxDockerContainerFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)

NewHostedProgram initializes, but does not start, a hosted docker container.

type LinuxHost 

type LinuxHost struct {
	Host Host
	// contains filtered or unexported fields
}

A LinuxHost is a Tao host environment in which hosted programs are Linux processes. A Unix domain socket accepts administrative commands for controlling the host, e.g., for starting hosted processes, stopping hosted processes, or shutting down the host. A LinuxTao can be run in stacked mode (on top of a host Tao) or in root mode (without an underlying host Tao).

func NewRootLinuxHost 

func NewRootLinuxHost(path string, guard Guard, password []byte, childFactory HostedProgramFactory) (*LinuxHost, error)

NewRootLinuxHost creates a new LinuxHost as a standalone Host that can provide the Tao to hosted Linux processes.

func NewStackedLinuxHost 

func NewStackedLinuxHost(path string, guard Guard, hostTao Tao, childFactory HostedProgramFactory) (*LinuxHost, error)

NewStackedLinuxHost creates a new LinuxHost as a hosted program of an existing host Tao.

func (*LinuxHost) Attest 

func (lh *LinuxHost) Attest(child *LinuxHostChild, issuer *auth.Prin, time, expiration *int64, stmt auth.Form) (*Attestation, error)

Attest signs a statement on behalf of the child.

func (*LinuxHost) ExtendTaoName 

func (lh *LinuxHost) ExtendTaoName(child *LinuxHostChild, ext auth.SubPrin) error

ExtendTaoName irreversibly extends the Tao principal name of the child.

func (*LinuxHost) GetCounter 

func (lh *LinuxHost) GetCounter(child *LinuxHostChild, label string) (int64, error)

GetCounter gets the child's counter for the given label.

func (*LinuxHost) GetRandomBytes 

func (lh *LinuxHost) GetRandomBytes(child *LinuxHostChild, n int) ([]byte, error)

GetRandomBytes returns a slice of n random bytes for the child.

func (*LinuxHost) GetSharedSecret 

func (lh *LinuxHost) GetSharedSecret(child *LinuxHostChild, n int, policy string) ([]byte, error)

GetSharedSecret returns a slice of n secret bytes for the child.

func (*LinuxHost) GetTaoName 

func (lh *LinuxHost) GetTaoName(child *LinuxHostChild) auth.Prin

GetTaoName returns the Tao name for the child.

func (*LinuxHost) HostName 

func (lh *LinuxHost) HostName() auth.Prin

HostName returns the name of the Host used by the LinuxHost.

func (*LinuxHost) InitCounter 

func (lh *LinuxHost) InitCounter(child *LinuxHostChild, label string, c int64) error

InitCounter initializes the child's counter for the given label. If label is empty string, just read in the table

func (*LinuxHost) KillHostedProgram 

func (lh *LinuxHost) KillHostedProgram(subprin auth.SubPrin) error

KillHostedProgram kills a running hosted program.

func (*LinuxHost) ListHostedPrograms 

func (lh *LinuxHost) ListHostedPrograms() ([]auth.SubPrin, []int, error)

ListHostedPrograms returns a list of running hosted programs.

func (*LinuxHost) RollbackProtectedSeal 

func (lh *LinuxHost) RollbackProtectedSeal(child *LinuxHostChild, label string, data []byte, policy string) ([]byte, error)

RollbackProtectedSeal seals the data associated with the given label with rollback protection.

func (*LinuxHost) RollbackProtectedUnseal 

func (lh *LinuxHost) RollbackProtectedUnseal(child *LinuxHostChild, sealed []byte) ([]byte, string, error)

RollbackProtectedUnseal unseals the data associated with the given label with rollback protection.

func (*LinuxHost) Seal 

func (lh *LinuxHost) Seal(child *LinuxHostChild, data []byte, policy string) ([]byte, error)

Seal encrypts data for the child. This call also zeroes the data parameter.

func (*LinuxHost) Shutdown 

func (lh *LinuxHost) Shutdown() error

Shutdown stops all hosted programs. If any remain after 10 seconds, they are killed.

func (*LinuxHost) StartHostedProgram 

func (lh *LinuxHost) StartHostedProgram(spec HostedProgramSpec) (auth.SubPrin, int, error)

StartHostedProgram starts a new hosted program.

func (*LinuxHost) StopHostedProgram 

func (lh *LinuxHost) StopHostedProgram(subprin auth.SubPrin) error

StopHostedProgram stops a running hosted program.

func (*LinuxHost) Unseal 

func (lh *LinuxHost) Unseal(child *LinuxHostChild, sealed []byte) ([]byte, string, error)

Unseal decrypts data for the child, but only if the policy is satisfied.

func (*LinuxHost) WaitHostedProgram 

func (lh *LinuxHost) WaitHostedProgram(pid int, subprin auth.SubPrin) (int, error)

WaitHostedProgram waits for a running hosted program to exit.

type LinuxHostAdminClient 

type LinuxHostAdminClient struct {
	*rpc.Client
	// contains filtered or unexported fields
}

LinuxHostAdminClient is a client stub for LinuxHost's admin RPC interface.

func NewLinuxHostAdminClient 

func NewLinuxHostAdminClient(conn *net.UnixConn) LinuxHostAdminClient

NewLinuxHostAdminClient returns a new client stub for LinuxHost's admin RPC interface.

func (LinuxHostAdminClient) HostName 

func (client LinuxHostAdminClient) HostName() (auth.Prin, error)

HostName is the client stub for LinuxHost.HostName.

func (LinuxHostAdminClient) KillHostedProgram 

func (client LinuxHostAdminClient) KillHostedProgram(subprin auth.SubPrin) error

KillHostedProgram is the client stub for LinuxHost.KillHostedProgram.

func (LinuxHostAdminClient) ListHostedPrograms 

func (client LinuxHostAdminClient) ListHostedPrograms() (name []auth.SubPrin, pid []int, err error)

ListHostedPrograms is the client stub for LinuxHost.ListHostedPrograms.

func (LinuxHostAdminClient) Shutdown 

func (client LinuxHostAdminClient) Shutdown() error

Shutdown is the client stub for LinuxHost.Shutdown.

func (LinuxHostAdminClient) StartHostedProgram 

func (client LinuxHostAdminClient) StartHostedProgram(spec *HostedProgramSpec) (auth.SubPrin, int, error)

StartHostedProgram is the client stub for LinuxHost.StartHostedProgram.

func (LinuxHostAdminClient) StopHostedProgram 

func (client LinuxHostAdminClient) StopHostedProgram(subprin auth.SubPrin) error

StopHostedProgram is the client stub for LinuxHost.StopHostedProgram.

func (LinuxHostAdminClient) WaitHostedProgram 

func (client LinuxHostAdminClient) WaitHostedProgram(pid int, subprin auth.SubPrin) (int, error)

WaitHostedProgram is the client stub for LinuxHost.WaitHostedProgram.

type LinuxHostAdminRPCHostedProgram 

type LinuxHostAdminRPCHostedProgram struct {
	Subprin          []byte `protobuf:"bytes,1,req,name=subprin" json:"subprin,omitempty"`
	Pid              *int32 `protobuf:"varint,2,req,name=pid" json:"pid,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

func (*LinuxHostAdminRPCHostedProgram) Descriptor 

func (*LinuxHostAdminRPCHostedProgram) Descriptor() ([]byte, []int)

func (*LinuxHostAdminRPCHostedProgram) GetPid 

func (m *LinuxHostAdminRPCHostedProgram) GetPid() int32

func (*LinuxHostAdminRPCHostedProgram) GetSubprin 

func (m *LinuxHostAdminRPCHostedProgram) GetSubprin() []byte

func (*LinuxHostAdminRPCHostedProgram) ProtoMessage 

func (*LinuxHostAdminRPCHostedProgram) ProtoMessage()

func (*LinuxHostAdminRPCHostedProgram) Reset 

func (m *LinuxHostAdminRPCHostedProgram) Reset()

func (*LinuxHostAdminRPCHostedProgram) String 

func (m *LinuxHostAdminRPCHostedProgram) String() string

type LinuxHostAdminRPCRequest 

type LinuxHostAdminRPCRequest struct {
	Subprin          []byte   `protobuf:"bytes,1,opt,name=subprin" json:"subprin,omitempty"`
	Path             *string  `protobuf:"bytes,2,opt,name=path" json:"path,omitempty"`
	Args             []string `protobuf:"bytes,3,rep,name=args" json:"args,omitempty"`
	Pid              *int32   `protobuf:"varint,4,opt,name=pid" json:"pid,omitempty"`
	Dir              *string  `protobuf:"bytes,5,opt,name=dir" json:"dir,omitempty"`
	ContainerArgs    []string `protobuf:"bytes,6,rep,name=container_args" json:"container_args,omitempty"`
	Stdin            *int32   `protobuf:"varint,7,opt,name=stdin" json:"stdin,omitempty"`
	Stdout           *int32   `protobuf:"varint,8,opt,name=stdout" json:"stdout,omitempty"`
	Stderr           *int32   `protobuf:"varint,9,opt,name=stderr" json:"stderr,omitempty"`
	XXX_unrecognized []byte   `json:"-"`
}

func (*LinuxHostAdminRPCRequest) Descriptor 

func (*LinuxHostAdminRPCRequest) Descriptor() ([]byte, []int)

func (*LinuxHostAdminRPCRequest) GetArgs 

func (m *LinuxHostAdminRPCRequest) GetArgs() []string

func (*LinuxHostAdminRPCRequest) GetContainerArgs 

func (m *LinuxHostAdminRPCRequest) GetContainerArgs() []string

func (*LinuxHostAdminRPCRequest) GetDir 

func (m *LinuxHostAdminRPCRequest) GetDir() string

func (*LinuxHostAdminRPCRequest) GetPath 

func (m *LinuxHostAdminRPCRequest) GetPath() string

func (*LinuxHostAdminRPCRequest) GetPid 

func (m *LinuxHostAdminRPCRequest) GetPid() int32

func (*LinuxHostAdminRPCRequest) GetStderr 

func (m *LinuxHostAdminRPCRequest) GetStderr() int32

func (*LinuxHostAdminRPCRequest) GetStdin 

func (m *LinuxHostAdminRPCRequest) GetStdin() int32

func (*LinuxHostAdminRPCRequest) GetStdout 

func (m *LinuxHostAdminRPCRequest) GetStdout() int32

func (*LinuxHostAdminRPCRequest) GetSubprin 

func (m *LinuxHostAdminRPCRequest) GetSubprin() []byte

func (*LinuxHostAdminRPCRequest) ProtoMessage 

func (*LinuxHostAdminRPCRequest) ProtoMessage()

func (*LinuxHostAdminRPCRequest) Reset 

func (m *LinuxHostAdminRPCRequest) Reset()

func (*LinuxHostAdminRPCRequest) String 

func (m *LinuxHostAdminRPCRequest) String() string

type LinuxHostAdminRPCResponse 

type LinuxHostAdminRPCResponse struct {
	Child            []*LinuxHostAdminRPCHostedProgram `protobuf:"bytes,1,rep,name=child" json:"child,omitempty"`
	Prin             []byte                            `protobuf:"bytes,2,opt,name=prin" json:"prin,omitempty"`
	Status           *int32                            `protobuf:"varint,3,opt,name=status" json:"status,omitempty"`
	XXX_unrecognized []byte                            `json:"-"`
}

func (*LinuxHostAdminRPCResponse) Descriptor 

func (*LinuxHostAdminRPCResponse) Descriptor() ([]byte, []int)

func (*LinuxHostAdminRPCResponse) GetChild 

func (m *LinuxHostAdminRPCResponse) GetChild() []*LinuxHostAdminRPCHostedProgram

func (*LinuxHostAdminRPCResponse) GetPrin 

func (m *LinuxHostAdminRPCResponse) GetPrin() []byte

func (*LinuxHostAdminRPCResponse) GetStatus 

func (m *LinuxHostAdminRPCResponse) GetStatus() int32

func (*LinuxHostAdminRPCResponse) ProtoMessage 

func (*LinuxHostAdminRPCResponse) ProtoMessage()

func (*LinuxHostAdminRPCResponse) Reset 

func (m *LinuxHostAdminRPCResponse) Reset()

func (*LinuxHostAdminRPCResponse) String 

func (m *LinuxHostAdminRPCResponse) String() string

type LinuxHostAdminServer 

type LinuxHostAdminServer struct {
	Done chan bool
	// contains filtered or unexported fields
}

LinuxHostAdminServer is a server stub for LinuxHost's admin RPC interface.

func NewLinuxHostAdminServer 

func NewLinuxHostAdminServer(host *LinuxHost) LinuxHostAdminServer

NewLinuxHostAdminServer returns a new server stub for LinuxHost's admin RPC interface.

func (LinuxHostAdminServer) Serve 

func (server LinuxHostAdminServer) Serve(sock *net.UnixListener) error

Serve listens on sock for new connections and services them.

type LinuxHostChild 

type LinuxHostChild struct {
	ChildSubprin auth.SubPrin
	Cmd          HostedProgram
	// contains filtered or unexported fields
}

LinuxHostChild holds state associated with a running child program. TODO(kwalsh) Nothing in this is linux specific. Move channel and ChildSubprin into (getter methods of) interface HostedProgram and eliminate this struct? Also merge channel cleanup into HostedProgram.Cleanup()

type LinuxHostConfig 

type LinuxHostConfig struct {
	// Either "root" or "stacked"
	Type *string `protobuf:"bytes,1,req,name=type" json:"type,omitempty"`
	// Either "TPM", "TPM2", "pipe", "file", or "unix"
	ParentType *string `protobuf:"bytes,2,opt,name=parent_type" json:"parent_type,omitempty"`
	// For non-tpm parent types, the parent connection spec
	ParentSpec *string `protobuf:"bytes,3,opt,name=parent_spec" json:"parent_spec,omitempty"`
	// Socket directory, relative to host configuration directory.
	SocketDir *string `protobuf:"bytes,4,opt,name=socket_dir" json:"socket_dir,omitempty"`
	// Either "process", "docker", or "kvm_coreos"
	Hosting *string `protobuf:"bytes,5,req,name=hosting" json:"hosting,omitempty"`
	// Path to CoreOS image for hosted KVM, absolute or relative to domain.
	KvmCoreosImg *string `protobuf:"bytes,6,opt,name=kvm_coreos_img" json:"kvm_coreos_img,omitempty"`
	// KB of memory to allocate for each VM
	KvmCoreosVmMemory *int32 `protobuf:"varint,7,opt,name=kvm_coreos_vm_memory" json:"kvm_coreos_vm_memory,omitempty"`
	// Path to CoreOS authorized_keys for hosted KVM, absolute or relative to domain.
	KvmCoreosSshAuthKeys *string `protobuf:"bytes,8,opt,name=kvm_coreos_ssh_auth_keys" json:"kvm_coreos_ssh_auth_keys,omitempty"`
	// KB of memory to allocate for each VM with custom kernel and initram.
	KvmCustomVmMemory *int32 `protobuf:"varint,9,opt,name=kvm_custom_vm_memory" json:"kvm_custom_vm_memory,omitempty"`
	XXX_unrecognized  []byte `json:"-"`
}

func (*LinuxHostConfig) GetHosting 

func (m *LinuxHostConfig) GetHosting() string

func (*LinuxHostConfig) GetKvmCoreosImg 

func (m *LinuxHostConfig) GetKvmCoreosImg() string

func (*LinuxHostConfig) GetKvmCoreosSshAuthKeys 

func (m *LinuxHostConfig) GetKvmCoreosSshAuthKeys() string

func (*LinuxHostConfig) GetKvmCoreosVmMemory 

func (m *LinuxHostConfig) GetKvmCoreosVmMemory() int32

func (*LinuxHostConfig) GetKvmCustomVmMemory 

func (m *LinuxHostConfig) GetKvmCustomVmMemory() int32

func (*LinuxHostConfig) GetParentSpec 

func (m *LinuxHostConfig) GetParentSpec() string

func (*LinuxHostConfig) GetParentType 

func (m *LinuxHostConfig) GetParentType() string

func (*LinuxHostConfig) GetSocketDir 

func (m *LinuxHostConfig) GetSocketDir() string

func (*LinuxHostConfig) GetType 

func (m *LinuxHostConfig) GetType() string

func (*LinuxHostConfig) ProtoMessage 

func (*LinuxHostConfig) ProtoMessage()

func (*LinuxHostConfig) Reset 

func (m *LinuxHostConfig) Reset()

func (*LinuxHostConfig) String 

func (m *LinuxHostConfig) String() string

type LinuxHostSealedBundle 

type LinuxHostSealedBundle struct {
	Policy           *string `protobuf:"bytes,1,req,name=policy" json:"policy,omitempty"`
	PolicyInfo       *string `protobuf:"bytes,2,opt,name=policy_info" json:"policy_info,omitempty"`
	Data             []byte  `protobuf:"bytes,3,req,name=data" json:"data,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*LinuxHostSealedBundle) GetData 

func (m *LinuxHostSealedBundle) GetData() []byte

func (*LinuxHostSealedBundle) GetPolicy 

func (m *LinuxHostSealedBundle) GetPolicy() string

func (*LinuxHostSealedBundle) GetPolicyInfo 

func (m *LinuxHostSealedBundle) GetPolicyInfo() string

func (*LinuxHostSealedBundle) ProtoMessage 

func (*LinuxHostSealedBundle) ProtoMessage()

func (*LinuxHostSealedBundle) Reset 

func (m *LinuxHostSealedBundle) Reset()

func (*LinuxHostSealedBundle) String 

func (m *LinuxHostSealedBundle) String() string

type LinuxHostTaoServer 

type LinuxHostTaoServer struct {
	// contains filtered or unexported fields
}

LinuxHostTaoServer is a server stub for LinuxHost's Tao RPC interface.

func NewLinuxHostTaoServer 

func NewLinuxHostTaoServer(host *LinuxHost, child *LinuxHostChild) LinuxHostTaoServer

NewLinuxHostTaoServer returns a new server stub for LinuxHost's Tao RPC interface.

func (LinuxHostTaoServer) Serve 

func (server LinuxHostTaoServer) Serve(conn io.ReadWriteCloser) error

Serve listens on sock for new connections and services them.

type LinuxKVMCoreOSFactory 

type LinuxKVMCoreOSFactory struct {
	Cfg        *CoreOSConfig
	SocketPath string
	PublicKey  string
	PrivateKey ssh.Signer
}

A LinuxKVMCoreOSFactory manages hosted programs started as QEMU/KVM instances over a given CoreOS image.

func (*LinuxKVMCoreOSFactory) NewHostedProgram 

func (lkcf *LinuxKVMCoreOSFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)

MakeSubprin computes the hash of a QEMU/KVM CoreOS image to get a subprincipal for authorization purposes.

type LinuxKVMCustomFactory 

type LinuxKVMCustomFactory struct {
	Cfg *VmConfig
}

A LinuxKVMCustomFactory manages hosted programs started as QEMU/KVM instances.

func (*LinuxKVMCustomFactory) NewHostedProgram 

func (lkcf *LinuxKVMCustomFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)

MakeSubprin computes the hash of a QEMU/KVM CoreOS image to get a subprincipal for authorization purposes.

type LinuxProcessFactory 

type LinuxProcessFactory struct {
	// contains filtered or unexported fields
}

A LinuxProcessFactory supports methods for creating Linux processes as hosted programs. LinuxProcessFactory implements HostedProgramFactory.

func (*LinuxProcessFactory) NewHostedProgram 

func (lpf *LinuxProcessFactory) NewHostedProgram(spec HostedProgramSpec) (child HostedProgram, err error)

NewHostedProgram initializes, but does not start, a hosted process.

type PBEData 

type PBEData struct {
	Version    *CryptoVersion `protobuf:"varint,1,req,name=version,enum=tao.CryptoVersion" json:"version,omitempty"`
	Cipher     *string        `protobuf:"bytes,2,req,name=cipher" json:"cipher,omitempty"`
	Hmac       *string        `protobuf:"bytes,3,req,name=hmac" json:"hmac,omitempty"`
	Iterations *int32         `protobuf:"varint,4,req,name=iterations" json:"iterations,omitempty"`
	Iv         []byte         `protobuf:"bytes,5,req,name=iv" json:"iv,omitempty"`
	Ciphertext []byte         `protobuf:"bytes,6,req,name=ciphertext" json:"ciphertext,omitempty"`
	// TODO(kwalsh) Should this not use a mac as well for integrity protection?
	Salt             []byte `protobuf:"bytes,7,req,name=salt" json:"salt,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

TODO(jlm): Should cipher/hmac be replaced by CryptoHeader?

func (*PBEData) Descriptor 

func (*PBEData) Descriptor() ([]byte, []int)

func (*PBEData) GetCipher 

func (m *PBEData) GetCipher() string

func (*PBEData) GetCiphertext 

func (m *PBEData) GetCiphertext() []byte

func (*PBEData) GetHmac 

func (m *PBEData) GetHmac() string

func (*PBEData) GetIterations 

func (m *PBEData) GetIterations() int32

func (*PBEData) GetIv 

func (m *PBEData) GetIv() []byte

func (*PBEData) GetSalt 

func (m *PBEData) GetSalt() []byte

func (*PBEData) GetVersion 

func (m *PBEData) GetVersion() CryptoVersion

func (*PBEData) ProtoMessage 

func (*PBEData) ProtoMessage()

func (*PBEData) Reset 

func (m *PBEData) Reset()

func (*PBEData) String 

func (m *PBEData) String() string

type RPC 

type RPC struct {
	// contains filtered or unexported fields
}

RPC sends requests between this hosted program and the host Tao.

func DeserializeFileRPC 

func DeserializeFileRPC(s string) (*RPC, error)

DeserializeFileRPC produces a RPC from a string representing a file.

func DeserializeRPC 

func DeserializeRPC(s string) (*RPC, error)

DeserializeRPC produces a RPC from a string.

func DeserializeUnixSocketRPC 

func DeserializeUnixSocketRPC(p string) (*RPC, error)

DeserializeUnixSocketRPC produces a RPC from a path string.

func NewRPC 

func NewRPC(rwc io.ReadWriteCloser, serviceName string) (*RPC, error)

NewRPC constructs a RPC for the default gob encoding rpc client using an io.ReadWriteCloser.

func (*RPC) Attest 

func (t *RPC) Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)

Attest implements part of the Tao interface.

func (*RPC) ExtendTaoName 

func (t *RPC) ExtendTaoName(subprin auth.SubPrin) error

ExtendTaoName implements part of the Tao interface.

func (*RPC) GetCounter 

func (t *RPC) GetCounter(label string) (c int64, err error)

func (*RPC) GetRandomBytes 

func (t *RPC) GetRandomBytes(n int) ([]byte, error)

GetRandomBytes implements part of the Tao interface.

func (*RPC) GetSharedSecret 

func (t *RPC) GetSharedSecret(n int, policy string) ([]byte, error)

GetSharedSecret implements part of the Tao interface.

func (*RPC) GetTaoName 

func (t *RPC) GetTaoName() (auth.Prin, error)

GetTaoName implements part of the Tao interface.

func (*RPC) InitCounter 

func (t *RPC) InitCounter(label string, c int64) (err error)

func (*RPC) Rand 

func (t *RPC) Rand() io.Reader

Rand implements part of the Tao interface.

func (*RPC) RollbackProtectedSeal 

func (t *RPC) RollbackProtectedSeal(label string, data []byte, policy string) (sealed []byte, err error)

func (*RPC) RollbackProtectedUnseal 

func (t *RPC) RollbackProtectedUnseal(sealed []byte) (data []byte, policy string, err error)

func (*RPC) Seal 

func (t *RPC) Seal(data []byte, policy string) (sealed []byte, err error)

Seal implements part of the Tao interface.

func (*RPC) Unseal 

func (t *RPC) Unseal(sealed []byte) (data []byte, policy string, err error)

Unseal implements part of the Tao interface.

type RPCRequest 

type RPCRequest struct {
	Data             []byte  `protobuf:"bytes,1,opt,name=data" json:"data,omitempty"`
	Size             *int32  `protobuf:"varint,2,opt,name=size" json:"size,omitempty"`
	Policy           *string `protobuf:"bytes,3,opt,name=policy" json:"policy,omitempty"`
	Time             *int64  `protobuf:"varint,4,opt,name=time" json:"time,omitempty"`
	Expiration       *int64  `protobuf:"varint,5,opt,name=expiration" json:"expiration,omitempty"`
	Issuer           []byte  `protobuf:"bytes,6,opt,name=issuer" json:"issuer,omitempty"`
	Label            *string `protobuf:"bytes,7,opt,name=label" json:"label,omitempty"`
	Counter          *int64  `protobuf:"varint,8,opt,name=counter" json:"counter,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*RPCRequest) Descriptor 

func (*RPCRequest) Descriptor() ([]byte, []int)

func (*RPCRequest) GetCounter 

func (m *RPCRequest) GetCounter() int64

func (*RPCRequest) GetData 

func (m *RPCRequest) GetData() []byte

func (*RPCRequest) GetExpiration 

func (m *RPCRequest) GetExpiration() int64

func (*RPCRequest) GetIssuer 

func (m *RPCRequest) GetIssuer() []byte

func (*RPCRequest) GetLabel 

func (m *RPCRequest) GetLabel() string

func (*RPCRequest) GetPolicy 

func (m *RPCRequest) GetPolicy() string

func (*RPCRequest) GetSize 

func (m *RPCRequest) GetSize() int32

func (*RPCRequest) GetTime 

func (m *RPCRequest) GetTime() int64

func (*RPCRequest) ProtoMessage 

func (*RPCRequest) ProtoMessage()

func (*RPCRequest) Reset 

func (m *RPCRequest) Reset()

func (*RPCRequest) String 

func (m *RPCRequest) String() string

type RPCResponse 

type RPCResponse struct {
	Data             []byte  `protobuf:"bytes,1,opt,name=data" json:"data,omitempty"`
	Policy           *string `protobuf:"bytes,2,opt,name=policy" json:"policy,omitempty"`
	Counter          *int64  `protobuf:"varint,3,opt,name=counter" json:"counter,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*RPCResponse) Descriptor 

func (*RPCResponse) Descriptor() ([]byte, []int)

func (*RPCResponse) GetCounter 

func (m *RPCResponse) GetCounter() int64

func (*RPCResponse) GetData 

func (m *RPCResponse) GetData() []byte

func (*RPCResponse) GetPolicy 

func (m *RPCResponse) GetPolicy() string

func (*RPCResponse) ProtoMessage 

func (*RPCResponse) ProtoMessage()

func (*RPCResponse) Reset 

func (m *RPCResponse) Reset()

func (*RPCResponse) String 

func (m *RPCResponse) String() string

type RollbackCounterTable 

type RollbackCounterTable struct {
	Entries          []*RollbackEntry `protobuf:"bytes,1,rep,name=entries" json:"entries,omitempty"`
	XXX_unrecognized []byte           `json:"-"`
}

Table of entries.

func ReadRollbackTable 

func ReadRollbackTable(fileName string, tableKey []byte) *RollbackCounterTable

Read the counter table.

func (*RollbackCounterTable) Descriptor 

func (*RollbackCounterTable) Descriptor() ([]byte, []int)

func (*RollbackCounterTable) GetEntries 

func (m *RollbackCounterTable) GetEntries() []*RollbackEntry

func (*RollbackCounterTable) LookupRollbackEntry 

func (t *RollbackCounterTable) LookupRollbackEntry(programName string, entryName string) *RollbackEntry

Lookup Rollback entry for programName, entryName).

func (*RollbackCounterTable) PrintRollbackTable 

func (t *RollbackCounterTable) PrintRollbackTable()

func (*RollbackCounterTable) ProtoMessage 

func (*RollbackCounterTable) ProtoMessage()

func (*RollbackCounterTable) Reset 

func (m *RollbackCounterTable) Reset()

func (*RollbackCounterTable) SaveHostRollbackTableWithNewKeys 

func (t *RollbackCounterTable) SaveHostRollbackTableWithNewKeys(lh *LinuxHost, child *LinuxHostChild,
	sealedKeyFileName string, tableFileName string) bool

func (*RollbackCounterTable) String 

func (m *RollbackCounterTable) String() string

func (*RollbackCounterTable) UpdateRollbackEntry 

func (t *RollbackCounterTable) UpdateRollbackEntry(programName string, entryName string,
	c *int64) *RollbackEntry

Update Rollback entry for programName, entryName).

type RollbackEntry 

type RollbackEntry struct {
	HostedProgramName *string `protobuf:"bytes,1,req,name=hosted_program_name" json:"hosted_program_name,omitempty"`
	EntryLabel        *string `protobuf:"bytes,2,req,name=entry_label" json:"entry_label,omitempty"`
	Counter           *int64  `protobuf:"varint,3,opt,name=counter" json:"counter,omitempty"`
	XXX_unrecognized  []byte  `json:"-"`
}

This is the entry used by the host to track the stored counter value.

func (*RollbackEntry) Descriptor 

func (*RollbackEntry) Descriptor() ([]byte, []int)

func (*RollbackEntry) GetCounter 

func (m *RollbackEntry) GetCounter() int64

func (*RollbackEntry) GetEntryLabel 

func (m *RollbackEntry) GetEntryLabel() string

func (*RollbackEntry) GetHostedProgramName 

func (m *RollbackEntry) GetHostedProgramName() string

func (*RollbackEntry) PrintRollbackEntry 

func (e *RollbackEntry) PrintRollbackEntry()

func (*RollbackEntry) ProtoMessage 

func (*RollbackEntry) ProtoMessage()

func (*RollbackEntry) Reset 

func (m *RollbackEntry) Reset()

func (*RollbackEntry) String 

func (m *RollbackEntry) String() string

type RollbackSealedData 

type RollbackSealedData struct {
	Entry            *RollbackEntry `protobuf:"bytes,1,opt,name=entry" json:"entry,omitempty"`
	ProtectedData    []byte         `protobuf:"bytes,2,opt,name=protected_data" json:"protected_data,omitempty"`
	XXX_unrecognized []byte         `json:"-"`
}

This is the data structure sealed by the host.

func (*RollbackSealedData) Descriptor 

func (*RollbackSealedData) Descriptor() ([]byte, []int)

func (*RollbackSealedData) GetEntry 

func (m *RollbackSealedData) GetEntry() *RollbackEntry

func (*RollbackSealedData) GetProtectedData 

func (m *RollbackSealedData) GetProtectedData() []byte

func (*RollbackSealedData) ProtoMessage 

func (*RollbackSealedData) ProtoMessage()

func (*RollbackSealedData) Reset 

func (m *RollbackSealedData) Reset()

func (*RollbackSealedData) String 

func (m *RollbackSealedData) String() string

type RootHost 

type RootHost struct {
	// contains filtered or unexported fields
}

A RootHost is a standalone implementation of Host.

func NewTaoRootHost 

func NewTaoRootHost() (*RootHost, error)

NewTaoRootHost generates a new RootHost with a fresh set of temporary keys.

func NewTaoRootHostFromKeys 

func NewTaoRootHostFromKeys(k *Keys) (*RootHost, error)

NewTaoRootHostFromKeys returns a RootHost that uses these keys.

func (*RootHost) AddedHostedProgram 

func (t *RootHost) AddedHostedProgram(childSubprin auth.SubPrin) error

AddedHostedProgram notifies this Host that a new hosted program has been created.

func (*RootHost) Attest 

func (t *RootHost) Attest(childSubprin auth.SubPrin, issuer *auth.Prin,
	time, expiration *int64, message auth.Form) (*Attestation, error)

Attest requests the Tao host sign a statement on behalf of the caller.

func (*RootHost) Decrypt 

func (t *RootHost) Decrypt(encrypted []byte) (data []byte, err error)

Decrypt data that only this host can access.

func (*RootHost) Encrypt 

func (t *RootHost) Encrypt(data []byte) (encrypted []byte, err error)

Encrypt data so that only this host can access it.

func (*RootHost) GetCounter 

func (s *RootHost) GetCounter(label string) (int64, error)

func (*RootHost) GetRandomBytes 

func (t *RootHost) GetRandomBytes(childSubprin auth.SubPrin, n int) (bytes []byte, err error)

GetRandomBytes returns a slice of n random bytes.

func (*RootHost) GetSharedSecret 

func (t *RootHost) GetSharedSecret(tag string, n int) (bytes []byte, err error)

GetSharedSecret returns a slice of n secret bytes.

func (*RootHost) GetVerifier 

func (t *RootHost) GetVerifier() *Verifier

func (*RootHost) HostName 

func (t *RootHost) HostName() auth.Prin

HostName gets the Tao principal name assigned to this hosted Tao host. The name encodes the full path from the root Tao, through all intermediary Tao hosts, to this hosted Tao host.

func (*RootHost) InitCounter 

func (s *RootHost) InitCounter(label string, c int64) error

func (*RootHost) LoadCert 

func (t *RootHost) LoadCert(cert *x509.Certificate)

LoadCert loads a given cert into the root host key.

func (*RootHost) RemovedHostedProgram 

func (t *RootHost) RemovedHostedProgram(childSubprin auth.SubPrin) error

RemovedHostedProgram notifies this Host that a hosted program has been killed.

func (*RootHost) RollbackProtectedSeal 

func (s *RootHost) RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)

func (*RootHost) RollbackProtectedUnseal 

func (s *RootHost) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)

type SignaturePDU 

type SignaturePDU struct {
	Header  *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"`
	Context *string       `protobuf:"bytes,2,req,name=context" json:"context,omitempty"`
	// The serialized ContextualizedData that is to be signed.
	Data             []byte `protobuf:"bytes,3,req,name=data" json:"data,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

A PDU including metadata for representing data to be signed. The data is a serialized ContextualizedData message providing unique deserialization.

func (*SignaturePDU) Descriptor 

func (*SignaturePDU) Descriptor() ([]byte, []int)

func (*SignaturePDU) GetContext 

func (m *SignaturePDU) GetContext() string

func (*SignaturePDU) GetData 

func (m *SignaturePDU) GetData() []byte

func (*SignaturePDU) GetHeader 

func (m *SignaturePDU) GetHeader() *CryptoHeader

func (*SignaturePDU) ProtoMessage 

func (*SignaturePDU) ProtoMessage()

func (*SignaturePDU) Reset 

func (m *SignaturePDU) Reset()

func (*SignaturePDU) String 

func (m *SignaturePDU) String() string

type SignedACLSet 

type SignedACLSet struct {
	SerializedAclset []byte `protobuf:"bytes,1,req,name=serialized_aclset" json:"serialized_aclset,omitempty"`
	Signature        []byte `protobuf:"bytes,2,req,name=signature" json:"signature,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

A set of ACL entries signed by a key.

func (*SignedACLSet) Descriptor 

func (*SignedACLSet) Descriptor() ([]byte, []int)

func (*SignedACLSet) GetSerializedAclset 

func (m *SignedACLSet) GetSerializedAclset() []byte

func (*SignedACLSet) GetSignature 

func (m *SignedACLSet) GetSignature() []byte

func (*SignedACLSet) ProtoMessage 

func (*SignedACLSet) ProtoMessage()

func (*SignedACLSet) Reset 

func (m *SignedACLSet) Reset()

func (*SignedACLSet) String 

func (m *SignedACLSet) String() string

type SignedData 

type SignedData struct {
	Header           *CryptoHeader `protobuf:"bytes,1,req,name=header" json:"header,omitempty"`
	Signature        []byte        `protobuf:"bytes,2,req,name=signature" json:"signature,omitempty"`
	XXX_unrecognized []byte        `json:"-"`
}

The result of signing.

func (*SignedData) Descriptor 

func (*SignedData) Descriptor() ([]byte, []int)

func (*SignedData) GetHeader 

func (m *SignedData) GetHeader() *CryptoHeader

func (*SignedData) GetSignature 

func (m *SignedData) GetSignature() []byte

func (*SignedData) ProtoMessage 

func (*SignedData) ProtoMessage()

func (*SignedData) Reset 

func (m *SignedData) Reset()

func (*SignedData) String 

func (m *SignedData) String() string

type SignedDatalogRules 

type SignedDatalogRules struct {
	SerializedRules  []byte `protobuf:"bytes,1,req,name=serialized_rules" json:"serialized_rules,omitempty"`
	Signature        []byte `protobuf:"bytes,2,req,name=signature" json:"signature,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

A set of rules signed by a key.

func (*SignedDatalogRules) Descriptor 

func (*SignedDatalogRules) Descriptor() ([]byte, []int)

func (*SignedDatalogRules) GetSerializedRules 

func (m *SignedDatalogRules) GetSerializedRules() []byte

func (*SignedDatalogRules) GetSignature 

func (m *SignedDatalogRules) GetSignature() []byte

func (*SignedDatalogRules) ProtoMessage 

func (*SignedDatalogRules) ProtoMessage()

func (*SignedDatalogRules) Reset 

func (m *SignedDatalogRules) Reset()

func (*SignedDatalogRules) String 

func (m *SignedDatalogRules) String() string

type Signer 

type Signer struct {
	Header *CryptoHeader

	PrivKey crypto.PrivateKey
}

A Signer is used to sign and verify signatures

func GenerateAnonymousSigner 

func GenerateAnonymousSigner() *Signer

func InitializeSigner 

func InitializeSigner(marshaledCryptoKey []byte, keyType string, keyName *string, keyEpoch *int32, keyPurpose *string, keyStatus *string) (*Signer, error)

Generate or restore a signer. InitializeSigner uses marshaledCryptoKey to restore a signer from a serialized CryptoKey if it's not nil; otherwise it generates one. If generated, the remainder of the arguments are used as parameters; otherwise they are ignored.

func SignerFromCryptoKey 

func SignerFromCryptoKey(k CryptoKey) *Signer

func UnmarshalSignerDER 

func UnmarshalSignerDER(signer []byte) (*Signer, error)

UnmarshalSignerDER deserializes a Signer from DER.

func (*Signer) CanonicalKeyBytesFromSigner 

func (s *Signer) CanonicalKeyBytesFromSigner() ([]byte, error)

func (*Signer) Clear 

func (s *Signer) Clear()

func (*Signer) CreateCRL 

func (s *Signer) CreateCRL(cert *x509.Certificate, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) ([]byte, error)

CreateCRL creates a signed X.509 certificate list for revoked certificates.

func (*Signer) CreateSelfSignedDER 

func (s *Signer) CreateSelfSignedDER(pkAlg int, sigAlg int, sn int64, name *pkix.Name) ([]byte, error)

CreateSelfSignedDER creates a DER representation of a new self-signed certificate for the given name.

func (*Signer) CreateSelfSignedX509 

func (s *Signer) CreateSelfSignedX509(pkAlg int, sigAlg int, sn int64, name *pkix.Name) (*x509.Certificate, error)

CreateSelfSignedX509 creates a self-signed X.509 certificate for the public key of this Signer.

func (*Signer) CreateSignedX509 

func (s *Signer) CreateSignedX509(caCert *x509.Certificate, sn int, subjectKey *Verifier,
	pkAlg int, sigAlg int, subjectName *pkix.Name) (*x509.Certificate, error)

CreateSignedX509 creates a signed X.509 certificate for some other subject's key. Should take template as argument.

func (*Signer) CreateSignedX509FromTemplate 

func (s *Signer) CreateSignedX509FromTemplate(caCert *x509.Certificate, template *x509.Certificate,
	subjectKey *Verifier, pkAlg int, sigAlg int) (*x509.Certificate, error)

CreateSignedX509FromTemplate creates a signed X.509 certificate for some other subject's key.

func (*Signer) GetSignerPrivateKey 

func (s *Signer) GetSignerPrivateKey() crypto.PrivateKey

func (*Signer) GetVerifierFromSigner 

func (s *Signer) GetVerifierFromSigner() *Verifier

func (*Signer) Sign 

func (s *Signer) Sign(data []byte, context string) ([]byte, error)

Sign computes a sigature over the contextualized data, using the private key of the signer.

func (*Signer) ToPrincipal 

func (s *Signer) ToPrincipal() auth.Prin

ToPrincipal produces a "key" type Prin for this signer. This contains a serialized CryptoKey for the public portion of the signing key.

func (*Signer) UniversalKeyNameFromSigner 

func (s *Signer) UniversalKeyNameFromSigner() ([]byte, error)

type SoftTao 

type SoftTao struct {
	// contains filtered or unexported fields
}

A SoftTao is an implementation of the Tao that isn't backed by any hardware mechanisms. It's used for testing components that rely on the Tao.

func (*SoftTao) Attest 

func (s *SoftTao) Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)

Attest requests that the Tao host sign a statement on behalf of the caller.

func (*SoftTao) ExtendTaoName 

func (s *SoftTao) ExtendTaoName(subprin auth.SubPrin) error

ExtendTaoName irreversibly extends the Tao principal name of the caller.

func (*SoftTao) GetCounter 

func (s *SoftTao) GetCounter(label string) (int64, error)

func (*SoftTao) GetRandomBytes 

func (s *SoftTao) GetRandomBytes(n int) ([]byte, error)

GetRandomBytes fills the slice with random bytes.

func (*SoftTao) GetSharedSecret 

func (s *SoftTao) GetSharedSecret(n int, policy string) ([]byte, error)

GetSharedSecret returns a slice of n secret bytes.

func (*SoftTao) GetTaoName 

func (s *SoftTao) GetTaoName() (auth.Prin, error)

GetTaoName returns the Tao principal name assigned to the caller.

func (*SoftTao) GetVerifier 

func (s *SoftTao) GetVerifier() *Verifier

GetVerifier returns the verifying key for this Tao.

func (*SoftTao) InitCounter 

func (s *SoftTao) InitCounter(label string, c int64) error

func (*SoftTao) Rand 

func (s *SoftTao) Rand() io.Reader

Rand returns an io.Reader for the SoftTao's source of randomness.

func (*SoftTao) Read 

func (s *SoftTao) Read(p []byte) (int, error)

Read implements io.Reader to read random bytes from the Tao.

func (*SoftTao) RollbackProtectedSeal 

func (s *SoftTao) RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)

func (*SoftTao) RollbackProtectedUnseal 

func (s *SoftTao) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)

func (*SoftTao) Seal 

func (s *SoftTao) Seal(data []byte, policy string) ([]byte, error)

Seal encrypts the data in a way that can only be opened by the Tao for the program that sealed it. In the case of the SoftTao, this policy is implicit.

func (*SoftTao) Unseal 

func (s *SoftTao) Unseal(sealed []byte) (data []byte, policy string, err error)

Unseal decrypts data that has been sealed by the Seal operation, but only if the policy specified during the Seal operation is satisfied.

type StackedHost 

type StackedHost struct {
	// contains filtered or unexported fields
}

A StackedHost implements Host over an existing host Tao.

func (*StackedHost) AddedHostedProgram 

func (t *StackedHost) AddedHostedProgram(childSubprin auth.SubPrin) error

AddedHostedProgram notifies this Host that a new hosted program has been created.

func (*StackedHost) Attest 

func (t *StackedHost) Attest(childSubprin auth.SubPrin, issuer *auth.Prin,
	time, expiration *int64, message auth.Form) (*Attestation, error)

Attest requests the Tao host sign a statement on behalf of the caller.

func (*StackedHost) Decrypt 

func (t *StackedHost) Decrypt(encrypted []byte) (data []byte, err error)

Decrypt data that only this host can access.

func (*StackedHost) Encrypt 

func (t *StackedHost) Encrypt(data []byte) (encrypted []byte, err error)

Encrypt data so that only this host can access it.

func (*StackedHost) GetCounter 

func (s *StackedHost) GetCounter(label string) (int64, error)

func (*StackedHost) GetRandomBytes 

func (t *StackedHost) GetRandomBytes(childSubprin auth.SubPrin, n int) (bytes []byte, err error)

GetRandomBytes returns a slice of n random bytes.

func (*StackedHost) GetSharedSecret 

func (t *StackedHost) GetSharedSecret(tag string, n int) (bytes []byte, err error)

GetSharedSecret returns a slice of n secret bytes.

func (*StackedHost) HostName 

func (t *StackedHost) HostName() auth.Prin

HostName gets the Tao principal name assigned to this hosted Tao host. The name encodes the full path from the root Tao, through all intermediary Tao hosts, to this hosted Tao host.

func (*StackedHost) InitCounter 

func (s *StackedHost) InitCounter(label string, c int64) error

func (*StackedHost) RemovedHostedProgram 

func (t *StackedHost) RemovedHostedProgram(childSubprin auth.SubPrin) error

RemovedHostedProgram notifies this Host that a hosted program has been killed.

func (*StackedHost) RollbackProtectedSeal 

func (s *StackedHost) RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)

func (*StackedHost) RollbackProtectedUnseal 

func (s *StackedHost) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)

type TPM2Details 

type TPM2Details struct {
	Tpm2InfoDir      *string `protobuf:"bytes,1,opt,name=tpm2_info_dir,json=tpm2InfoDir" json:"tpm2_info_dir,omitempty"`
	Tpm2Device       *string `protobuf:"bytes,2,opt,name=tpm2_device,json=tpm2Device" json:"tpm2_device,omitempty"`
	Tpm2Pcrs         *string `protobuf:"bytes,3,opt,name=tpm2_pcrs,json=tpm2Pcrs" json:"tpm2_pcrs,omitempty"`
	Tpm2EkCert       *string `protobuf:"bytes,4,opt,name=tpm2_ek_cert,json=tpm2EkCert" json:"tpm2_ek_cert,omitempty"`
	Tpm2QuoteCert    *string `protobuf:"bytes,5,opt,name=tpm2_quote_cert,json=tpm2QuoteCert" json:"tpm2_quote_cert,omitempty"`
	Tpm2SealCert     *string `protobuf:"bytes,6,opt,name=tpm2_seal_cert,json=tpm2SealCert" json:"tpm2_seal_cert,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*TPM2Details) Descriptor 

func (*TPM2Details) Descriptor() ([]byte, []int)

func (*TPM2Details) GetTpm2Device 

func (m *TPM2Details) GetTpm2Device() string

func (*TPM2Details) GetTpm2EkCert 

func (m *TPM2Details) GetTpm2EkCert() string

func (*TPM2Details) GetTpm2InfoDir 

func (m *TPM2Details) GetTpm2InfoDir() string

func (*TPM2Details) GetTpm2Pcrs 

func (m *TPM2Details) GetTpm2Pcrs() string

func (*TPM2Details) GetTpm2QuoteCert 

func (m *TPM2Details) GetTpm2QuoteCert() string

func (*TPM2Details) GetTpm2SealCert 

func (m *TPM2Details) GetTpm2SealCert() string

func (*TPM2Details) ProtoMessage 

func (*TPM2Details) ProtoMessage()

func (*TPM2Details) Reset 

func (m *TPM2Details) Reset()

func (*TPM2Details) String 

func (m *TPM2Details) String() string

type TPM2Tao 

type TPM2Tao struct {
	// contains filtered or unexported fields
}

A TPM2Tao implements the Tao using a hardware TPM device.

func (*TPM2Tao) Attest 

func (tt *TPM2Tao) Attest(issuer *auth.Prin, start, expiration *int64,
	message auth.Form) (*Attestation, error)

Attest requests the Tao host seal a statement on behalf of the caller. The optional issuer, time and expiration will be given default values if nil.

func (*TPM2Tao) ExtendTaoName 

func (tt *TPM2Tao) ExtendTaoName(subprin auth.SubPrin) error

ExtendTaoName irreversibly extends the Tao principal name of the caller.

func (*TPM2Tao) GetCounter 

func (s *TPM2Tao) GetCounter(label string) (int64, error)

func (*TPM2Tao) GetPcrNums 

func (tt *TPM2Tao) GetPcrNums() []int

func (*TPM2Tao) GetRandomBytes 

func (tt *TPM2Tao) GetRandomBytes(n int) ([]byte, error)

GetRandomBytes returns a slice of n random bytes.

func (*TPM2Tao) GetRsaTPMKey 

func (tt *TPM2Tao) GetRsaTPMKey(handle tpm2.Handle) (*rsa.PublicKey, error)

TODO(jlm): Fix this to provide quoteHandle quoteHandle in structure should no longer be used.

func (*TPM2Tao) GetSharedSecret 

func (tt *TPM2Tao) GetSharedSecret(n int, policy string) (bytes []byte, err error)

GetSharedSecret returns a slice of n secret bytes.

func (*TPM2Tao) GetTaoName 

func (tt *TPM2Tao) GetTaoName() (name auth.Prin, err error)

GetTaoName returns the Tao principal name assigned to the caller.

func (*TPM2Tao) InitCounter 

func (s *TPM2Tao) InitCounter(label string, c int64) error

func (*TPM2Tao) Rand 

func (tt *TPM2Tao) Rand() io.Reader

func (*TPM2Tao) ReadRandom 

func (tt *TPM2Tao) ReadRandom(p []byte) (int, error)

ReadRandom implements io.Reader to read random bytes from the TPM2Tao.

func (*TPM2Tao) RollbackProtectedSeal 

func (s *TPM2Tao) RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)

func (*TPM2Tao) RollbackProtectedUnseal 

func (s *TPM2Tao) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)

func (*TPM2Tao) Seal 

func (tt *TPM2Tao) Seal(data []byte, policy string) ([]byte, error)

Seal encrypts data so only certain hosted programs can unseal it. Note that at least some TPMs can only seal up to 149 bytes of data. So, we employ a hybrid encryption scheme that seals a key and uses the key to encrypt the data separately. We use the keys infrastructure to perform secure and flexible encryption.

func (*TPM2Tao) Tpm2Certify 

func (tt *TPM2Tao) Tpm2Certify(network, addr string, keyName string) ([]byte, error)

Return attest certificate

func (*TPM2Tao) Unseal 

func (tt *TPM2Tao) Unseal(sealed []byte) (data []byte, policy string, err error)

Unseal decrypts data that has been sealed by the Seal() operation, but only if the policy specified during the Seal() operation is satisfied.

type TPMDetails 

type TPMDetails struct {
	TpmPath *string `protobuf:"bytes,1,opt,name=tpm_path,json=tpmPath" json:"tpm_path,omitempty"`
	AikPath *string `protobuf:"bytes,2,opt,name=aik_path,json=aikPath" json:"aik_path,omitempty"`
	// A string representing the IDs of PCRs, like "17,18".
	Pcrs *string `protobuf:"bytes,3,opt,name=pcrs" json:"pcrs,omitempty"`
	// Path for AIK cert.
	AikCertPath      *string `protobuf:"bytes,4,opt,name=aik_cert_path,json=aikCertPath" json:"aik_cert_path,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

func (*TPMDetails) Descriptor 

func (*TPMDetails) Descriptor() ([]byte, []int)

func (*TPMDetails) GetAikCertPath 

func (m *TPMDetails) GetAikCertPath() string

func (*TPMDetails) GetAikPath 

func (m *TPMDetails) GetAikPath() string

func (*TPMDetails) GetPcrs 

func (m *TPMDetails) GetPcrs() string

func (*TPMDetails) GetTpmPath 

func (m *TPMDetails) GetTpmPath() string

func (*TPMDetails) ProtoMessage 

func (*TPMDetails) ProtoMessage()

func (*TPMDetails) Reset 

func (m *TPMDetails) Reset()

func (*TPMDetails) String 

func (m *TPMDetails) String() string

type TPMTao 

type TPMTao struct {
	// contains filtered or unexported fields
}

A TPMTao implements the Tao using a hardware TPM device.

func (*TPMTao) Attest 

func (tt *TPMTao) Attest(issuer *auth.Prin, start, expiration *int64, message auth.Form) (*Attestation, error)

Attest requests the Tao host sign a statement on behalf of the caller. The optional issuer, time and expiration will be given default values if nil.

func (*TPMTao) ExtendTaoName 

func (tt *TPMTao) ExtendTaoName(subprin auth.SubPrin) error

ExtendTaoName irreversibly extends the Tao principal name of the caller.

func (*TPMTao) GetCounter 

func (s *TPMTao) GetCounter(label string) (int64, error)

func (*TPMTao) GetRandomBytes 

func (tt *TPMTao) GetRandomBytes(n int) ([]byte, error)

GetRandomBytes returns a slice of n random bytes.

func (*TPMTao) GetSharedSecret 

func (tt *TPMTao) GetSharedSecret(n int, policy string) (bytes []byte, err error)

GetSharedSecret returns a slice of n secret bytes.

func (*TPMTao) GetTaoName 

func (tt *TPMTao) GetTaoName() (name auth.Prin, err error)

GetTaoName returns the Tao principal name assigned to the caller.

func (*TPMTao) InitCounter 

func (s *TPMTao) InitCounter(label string, c int64) error

func (*TPMTao) Rand 

func (tt *TPMTao) Rand() io.Reader

Rand produces an io.Reader for random bytes from this Tao.

func (*TPMTao) Read 

func (tt *TPMTao) Read(p []byte) (int, error)

Read implements io.Reader to read random bytes from the TPMTao.

func (*TPMTao) RollbackProtectedSeal 

func (s *TPMTao) RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)

func (*TPMTao) RollbackProtectedUnseal 

func (s *TPMTao) RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)

func (*TPMTao) Seal 

func (tt *TPMTao) Seal(data []byte, policy string) (sealed []byte, err error)

Seal encrypts data so only certain hosted programs can unseal it. Note that at least some TPMs can only seal up to 149 bytes of data. So, we employ a hybrid encryption scheme that seals a key and uses the key to encrypt the data separately. We use the keys infrastructure to perform secure and flexible encryption.

func (*TPMTao) Unseal 

func (tt *TPMTao) Unseal(sealed []byte) (data []byte, policy string, err error)

Unseal decrypts data that has been sealed by the Seal() operation, but only if the policy specified during the Seal() operation is satisfied.

type Tao 

type Tao interface {
	// GetTaoName returns the Tao principal name assigned to the caller.
	GetTaoName() (name auth.Prin, err error)

	// ExtendTaoName irreversibly extends the Tao principal name of the caller.
	ExtendTaoName(subprin auth.SubPrin) error

	// GetRandomBytes returns a slice of n random bytes.
	GetRandomBytes(n int) (bytes []byte, err error)

	// Rand produces an io.Reader for random bytes from this Tao.
	Rand() io.Reader

	// GetSharedSecret returns a slice of n secret bytes.
	GetSharedSecret(n int, policy string) (bytes []byte, err error)

	// Attest requests the Tao host sign a statement on behalf of the caller. The
	// optional issuer, time and expiration will be given default values if nil.
	// TODO(kwalsh) Maybe create a struct for these optional params? Or use
	// auth.Says instead (in which time and expiration are optional) with a
	// bogus Speaker field like key([]) or nil([]) or self, etc.
	Attest(issuer *auth.Prin, time, expiration *int64, message auth.Form) (*Attestation, error)

	// Seal encrypts data so only certain hosted programs can unseal it.
	Seal(data []byte, policy string) (sealed []byte, err error)

	// Unseal decrypts data that has been sealed by the Seal() operation, but only
	// if the policy specified during the Seal() operation is satisfied.
	Unseal(sealed []byte) (data []byte, policy string, err error)

	// InitCounter initializes a counter with given label.
	InitCounter(label string, c int64) error

	// GetCounter retrieves a counter with given label.
	GetCounter(label string) (int64, error)

	// RollbackProtectedSeal encrypts data under rollback protection
	// so only certain hosted programs can unseal it.
	RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)

	// RollbackProtectedUnseal decrypts data under rollback protection.
	RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)
}

Tao is the fundamental Trustworthy Computing interface provided by a host to its hosted programs. Each level of a system can act as a host by exporting the Tao interface and providing Tao services to higher-level hosted programs.

In most cases, a hosted program will use a stub Tao that performs RPC over a channel to its host. The details of such RPC depend on the specific implementation of the host: some hosted programs may use pipes to communicate with their host, others may use sockets, etc.

func NewSoftTao 

func NewSoftTao(path string, password []byte) (Tao, error)

NewSoftTao initializes the SoftTao with a crypter and a signer.

func NewTPM2Tao 

func NewTPM2Tao(tpmPath string, statePath string, pcrNums []int) (Tao, error)

NewTPM2Tao creates a new TPM2Tao and returns it under the Tao interface.

func NewTPMTao 

func NewTPMTao(tpmPath string, aikblob []byte, pcrNums []int, aikCert []byte) (Tao, error)

NewTPMTao creates a new TPMTao and returns it under the Tao interface.

func Parent 

func Parent() Tao

Parent returns the interface to the underlying host Tao. It depends on a specific environment variable being set. On success it memoizes the result before returning it because there should only ever be a single channel to the host. On failure, it logs a message using glog and returns nil. Note: errors are not returned so that, once it is confirmed that Parent returns a non-nil value, callers can use the function result in an expression, e.g.: 

name, err := tao.Parent().GetTaoName()

func ParentFromConfig 

func ParentFromConfig(tc Config) Tao

ParentFromConfig gets a parent Tao given a Config that specifies the Tao type.

type TrivialGuard 

type TrivialGuard int

A TrivialGuard implements a constant policy: either ConservativeGuard ("deny all") or LiberalGuard ("allow all"). TODO(kwalsh) make this a bool 

const (
	ConservativeGuard TrivialGuard = 1 << iota
	LiberalGuard
)

The types of TrivialGuard

func (TrivialGuard) AddRule 

func (t TrivialGuard) AddRule(rule string) error

AddRule adds a policy rule. Subclasses should support at least rules of the form: Authorized(P, op, args...). This is equivalent to calling Authorize(P, op, args...) with each of the arguments converted to either a string or integer.

func (TrivialGuard) Authorize 

func (t TrivialGuard) Authorize(name auth.Prin, op string, args []string) error

Authorize adds an authorization for a principal to perform an operation.

func (TrivialGuard) Clear 

func (t TrivialGuard) Clear() error

Clear removes all rules.

func (TrivialGuard) GetRule 

func (t TrivialGuard) GetRule(i int) string

GetRule returns the ith policy rule, if it exists.

func (TrivialGuard) IsAuthorized 

func (t TrivialGuard) IsAuthorized(name auth.Prin, op string, args []string) bool

IsAuthorized checks whether a principal is authorized to perform an operation.

func (TrivialGuard) Query 

func (t TrivialGuard) Query(query string) (bool, error)

Query the policy. Implementations of this interface should support at least queries of the form: Authorized(P, op, args...).

func (TrivialGuard) Retract 

func (t TrivialGuard) Retract(name auth.Prin, op string, args []string) error

Retract removes an authorization for a principal to perform an operation, essentially reversing the effect of an Authorize() call with identical name, op, and args. Note: this reverses the effect of an Authorize() call with identical parameters of the equivalent AddRule() call. However, particularly when expressive policies are supported (e.g., an "authorize all" rule), other rules may still be in place authorizing the principal to perform the operation.

func (TrivialGuard) RetractRule 

func (t TrivialGuard) RetractRule(rule string) error

RetractRule removes a rule previously added via AddRule() or the equivalent Authorize() call.

func (TrivialGuard) RuleCount 

func (t TrivialGuard) RuleCount() int

RuleCount returns a count of the total number of rules.

func (TrivialGuard) RuleDebugString 

func (t TrivialGuard) RuleDebugString(i int) string

RuleDebugString returns a debug string for the ith policy rule, if it exists. TODO(kwalsh): build this into the auth library.

func (TrivialGuard) Save 

func (t TrivialGuard) Save(key *Signer) error

Save writes all persistent policy data to disk, signed by key.

func (TrivialGuard) String 

func (t TrivialGuard) String() string

String returns a string suitable for showing users authorization info.

func (TrivialGuard) Subprincipal 

func (t TrivialGuard) Subprincipal() auth.SubPrin

Subprincipal returns subprincipal TrivialGuard(<policy>).

type Verifier 

type Verifier struct {
	Header *CryptoHeader

	PubKey crypto.PublicKey
}

A Verifier is used to verify signatures.

func UnmarshalKey 

func UnmarshalKey(material []byte) (*Verifier, error)

UnmarshalKey deserializes a Verifier.

func VerifierFromCryptoKey 

func VerifierFromCryptoKey(k CryptoKey) *Verifier

func VerifierFromX509 

func VerifierFromX509(cert *x509.Certificate) (*Verifier, error)

VerifierFromX509 creates a Verifier from an X509 certificate.

func VerifierKeyFromCanonicalKeyBytes 

func VerifierKeyFromCanonicalKeyBytes(vb []byte) (*Verifier, error)

func (*Verifier) CanonicalKeyBytesFromVerifier 

func (v *Verifier) CanonicalKeyBytesFromVerifier() ([]byte, error)

func (*Verifier) GetVerifierPublicKey 

func (v *Verifier) GetVerifierPublicKey() crypto.PublicKey

func (*Verifier) KeyEqual 

func (v *Verifier) KeyEqual(cert *x509.Certificate) bool

Equals checks to see if the public key in the X.509 certificate matches the public key in the verifier.

func (*Verifier) MarshalKey 

func (v *Verifier) MarshalKey() []byte

MarshalKey serializes a Verifier.

func (*Verifier) SignsForPrincipal 

func (v *Verifier) SignsForPrincipal(prin auth.Prin) bool

SignsForPrincipal returns true when prin is (or is a subprincipal of) this verifier key.

func (*Verifier) ToPrincipal 

func (v *Verifier) ToPrincipal() auth.Prin

ToPrincipal produces a "key" type Prin for this verifier. This contains a hash of a serialized CryptoKey for this key.

func (*Verifier) UniversalKeyNameFromVerifier 

func (v *Verifier) UniversalKeyNameFromVerifier() ([]byte, error)

func (*Verifier) Verify 

func (v *Verifier) Verify(data []byte, context string, sig []byte) (bool, error)

Verify checks a signature over the contextualized data, using the public key of the verifier.

type VmConfig 

type VmConfig struct {
	Name        string
	KernelPath  string
	InitRamPath string
	DiskPath    string
	Memory      int
	// The socket on the host that will be connected to virtio-serial on the guest.
	// This is used for stacked CP hosts on the VM to connect to the host CP.
	SocketPath string
	// The port on the host that will be forwarded to port 22 on the guest for SSH.
	Port string
}

A VmConfig contains the details needed to start a new custom VM.

type X509Details 

type X509Details struct {
	CommonName         *string `protobuf:"bytes,1,opt,name=common_name,json=commonName" json:"common_name,omitempty"`
	Country            *string `protobuf:"bytes,2,opt,name=country" json:"country,omitempty"`
	State              *string `protobuf:"bytes,3,opt,name=state" json:"state,omitempty"`
	Organization       *string `protobuf:"bytes,4,opt,name=organization" json:"organization,omitempty"`
	OrganizationalUnit *string `protobuf:"bytes,5,opt,name=organizational_unit,json=organizationalUnit" json:"organizational_unit,omitempty"`
	SerialNumber       *int32  `protobuf:"varint,6,opt,name=serial_number,json=serialNumber" json:"serial_number,omitempty"`
	XXX_unrecognized   []byte  `json:"-"`
}

func (*X509Details) Descriptor 

func (*X509Details) Descriptor() ([]byte, []int)

func (*X509Details) GetCommonName 

func (m *X509Details) GetCommonName() string

func (*X509Details) GetCountry 

func (m *X509Details) GetCountry() string

func (*X509Details) GetOrganization 

func (m *X509Details) GetOrganization() string

func (*X509Details) GetOrganizationalUnit 

func (m *X509Details) GetOrganizationalUnit() string

func (*X509Details) GetSerialNumber 

func (m *X509Details) GetSerialNumber() int32

func (*X509Details) GetState 

func (m *X509Details) GetState() string

func (*X509Details) ProtoMessage 

func (*X509Details) ProtoMessage()

func (*X509Details) Reset 

func (m *X509Details) Reset()

func (*X509Details) String 

func (m *X509Details) String() string

Source Files

View all Source files

Directories

Path Synopsis
Package auth supports Tao authorization and authentication, primarily by defining and implementing a logic for describing principals, their trust relationships, and their beliefs.
 Package auth supports Tao authorization and authentication, primarily by defining and implementing a logic for describing principals, their trust relationships, and their beliefs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.