Documentation ¶
Overview ¶
Package native implements OS-specific methods required by Device Trust. Callers outside the devicetrust package should prefer one of the specialized subpackages, such as enroll or authn, instead of using this package.
Index ¶
- func CollectDeviceData(mode CollectDataMode) (*devicepb.DeviceCollectedData, error)
- func EnrollDeviceInit() (*devicepb.EnrollDeviceInit, error)
- func GetDeviceCredential() (*devicepb.DeviceCredential, error)
- func GetDeviceOSType() devicepb.OSType
- func HandleTPMActivateCredential(encryptedCredential, encryptedCredentialSecret string) error
- func SignChallenge(chal []byte) (sig []byte, err error)
- func SolveTPMAuthnDeviceChallenge(challenge *devicepb.TPMAuthenticateDeviceChallenge) (*devicepb.TPMAuthenticateDeviceChallengeResponse, error)
- func SolveTPMEnrollChallenge(challenge *devicepb.TPMEnrollChallenge, debug bool) (*devicepb.TPMEnrollChallengeResponse, error)
- type CollectDataMode
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CollectDeviceData ¶
func CollectDeviceData(mode CollectDataMode) (*devicepb.DeviceCollectedData, error)
CollectDeviceData collects OS-specific device data for device enrollment or device authentication ceremonies.
func EnrollDeviceInit ¶
func EnrollDeviceInit() (*devicepb.EnrollDeviceInit, error)
EnrollDeviceInit creates the initial enrollment data for the device. This includes fetching or creating a device credential, collecting device data and filling in any OS-specific fields.
func GetDeviceCredential ¶
func GetDeviceCredential() (*devicepb.DeviceCredential, error)
GetDeviceCredential returns the current device credential, if it exists.
func GetDeviceOSType ¶
GetDeviceOSType returns the devicepb.OSType for the current OS
func HandleTPMActivateCredential ¶
HandleTPMActivateCredential completes the credential activation part of an enrollment challenge. This is usually called in an elevated process that's created by SolveTPMEnrollChallenge.
func SignChallenge ¶
SignChallenge signs a device challenge for device enrollment or device authentication ceremonies.
func SolveTPMAuthnDeviceChallenge ¶
func SolveTPMAuthnDeviceChallenge(challenge *devicepb.TPMAuthenticateDeviceChallenge) (*devicepb.TPMAuthenticateDeviceChallengeResponse, error)
SolveTPMAuthnDeviceChallenge completes a TPM device authetication challenge.
func SolveTPMEnrollChallenge ¶
func SolveTPMEnrollChallenge(challenge *devicepb.TPMEnrollChallenge, debug bool) (*devicepb.TPMEnrollChallengeResponse, error)
SolveTPMEnrollChallenge completes a TPM enrollment challenge.
Types ¶
type CollectDataMode ¶
type CollectDataMode int
CollectDataMode is the mode of collection used by CollectDeviceData.
const ( // CollectedDataNeverEscalate will never escalate privileges, even in the // absence of cached data. CollectedDataNeverEscalate CollectDataMode = iota // CollectedDataMaybeEscalate will attempt to use cached DMI data before // privilege escalation, but it may choose to escalate if no cached data is // available. // // Used by `tsh login` and similar operations (ie, device authn). CollectedDataMaybeEscalate // CollectedDataAlwaysEscalate avoids using cached DMI data and instead will // always escalate privileges if necessary. // // Used by `tsh device enroll`, `tsh device collect` and // `tsh device asset-tag`. CollectedDataAlwaysEscalate )