cryptohome

package
v0.0.0-...-9474aff Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 28, 2022 License: BSD-3-Clause Imports: 14 Imported by: 0

Documentation

Overview

Package cryptohome operates on encrypted home directories.

Package cryptohome operates on encrypted home directories.

Index

Constants

View Source
const (
	// WaitForUserTimeout is the maximum time until a user mount is available.
	WaitForUserTimeout = hwsec.WaitForUserTimeout

	// GuestUser is the name representing a guest user account.
	// Defined in libbrillo/brillo/cryptohome.cc.
	GuestUser = hwsec.GuestUser

	// KioskUser is the name representing a kiosk user account.
	KioskUser = hwsec.KioskUser
)
View Source
const (
	// Ephemeral is used to specify that the expected user mount type is ephemeral.
	Ephemeral = hwsec.Ephemeral
	// Permanent is used to specify that the expected user mount type is permanent.
	Permanent = hwsec.Permanent
)

Variables

This section is empty.

Functions

func AuthSessionMountFlow

func AuthSessionMountFlow(ctx context.Context, isKioskUser bool, username, password string, createUser bool) error

AuthSessionMountFlow mounts a user with AuthSession.

func AuthenticateWithAuthSession

func AuthenticateWithAuthSession(ctx context.Context, username, password string, isEphemeral, isKioskUser bool) (string, error)

AuthenticateWithAuthSession authenticates an existing user via auth session API.

func CheckDeps

func CheckDeps(ctx context.Context) error

CheckDeps performs high-level verification of cryptohome related daemons.

func CheckMountNamespace

func CheckMountNamespace(ctx context.Context) error

CheckMountNamespace checks whether the user session mount namespace has been created.

func CheckService

func CheckService(ctx context.Context) error

CheckService performs high-level verification of cryptohome.

func CreateAndMountUserWithAuthSession

func CreateAndMountUserWithAuthSession(ctx context.Context, username, password string, isKioskUser bool) error

CreateAndMountUserWithAuthSession creates a persistent user via auth session API.

func CreateUserWithAuthSession

func CreateUserWithAuthSession(ctx context.Context, username, password string, isKioskUser bool) error

CreateUserWithAuthSession creates a persistent user via auth session API.

func CreateVault

func CreateVault(ctx context.Context, user, password string) error

CreateVault creates the vault for the user with given password.

func IsMounted

func IsMounted(ctx context.Context, user string) (bool, error)

IsMounted checks if the vault for the user is mounted.

func MountGuest

func MountGuest(ctx context.Context) error

MountGuest sends a request to cryptohome to create a mount point for a guest user.

func MountKiosk

func MountKiosk(ctx context.Context) error

MountKiosk sends a request to cryptohome to create a mount point for a kiosk user.

func MountedVaultPath

func MountedVaultPath(ctx context.Context, user string) (string, error)

MountedVaultPath returns the path where the decrypted data for the user is located.

func PrepareEphemeralUserWithAuthSession

func PrepareEphemeralUserWithAuthSession(ctx context.Context, username string) (string, error)

PrepareEphemeralUserWithAuthSession creates an ephemeral user via auth session API.

func RemoveUserDir

func RemoveUserDir(ctx context.Context, user string) error

RemoveUserDir removes a user's encrypted home directory. Success is reported if the user directory doesn't exist, but an error will be returned if the user is currently logged in.

func RemoveVault

func RemoveVault(ctx context.Context, user string) error

RemoveVault removes the vault for the user.

func SystemPath

func SystemPath(ctx context.Context, user string) (string, error)

SystemPath returns the path to user's encrypted system directory.

func UnmountAll

func UnmountAll(ctx context.Context) error

UnmountAll unmounts all user vaults.

func UnmountVault

func UnmountVault(ctx context.Context, user string) error

UnmountVault unmounts the vault for the user.

func UpdateUserCredentialWithAuthSession

func UpdateUserCredentialWithAuthSession(ctx context.Context, username, oldPassword, newPassword string, isEphemeral, isKioskUser bool) (string, error)

UpdateUserCredentialWithAuthSession authenticates an existing user via auth session API.

func UserHash

func UserHash(ctx context.Context, user string) (string, error)

UserHash returns user's cryptohome hash.

func UserPath

func UserPath(ctx context.Context, user string) (string, error)

UserPath returns the path to user's encrypted home directory.

func WaitForUserMount

func WaitForUserMount(ctx context.Context, user string) error

WaitForUserMount waits for user's encrypted home directory to be mounted and validates that it is of permanent type for all users except guest.

func WaitForUserMountAndValidateType

func WaitForUserMountAndValidateType(ctx context.Context, user string, mountType MountType) error

WaitForUserMountAndValidateType waits for user's encrypted home directory to be mounted and validates that it is of correct type.

Types

type MountType

type MountType = hwsec.MountType

MountType is a type of the user mount.

type RecoveryTestTool

type RecoveryTestTool struct {
	// contains filtered or unexported fields
}

RecoveryTestTool is a command line test tool for cryptohome recovery testing.

func NewRecoveryTestTool

func NewRecoveryTestTool() (*RecoveryTestTool, error)

NewRecoveryTestTool creates a new instance of RecoveryTestTool with generated directory. The instance will not use fake mediation. Use Save* methods to set the real server replies. Call RemoveDir in the end of the test.

func NewRecoveryTestToolWithFakeMediator

func NewRecoveryTestToolWithFakeMediator() (*RecoveryTestTool, error)

NewRecoveryTestToolWithFakeMediator creates a new instance of RecoveryTestTool with generated directory. The instance will use fake (local) mediation. Call RemoveDir in the end of the test.

func (*RecoveryTestTool) CreateHsmPayload

func (c *RecoveryTestTool) CreateHsmPayload(ctx context.Context) error

CreateHsmPayload calls "--action=recovery_crypto_create_hsm_payload" step.

func (*RecoveryTestTool) CreateRecoveryRequest

func (c *RecoveryTestTool) CreateRecoveryRequest(ctx context.Context) error

CreateRecoveryRequest calls "--action=recovery_crypto_create_recovery_request" step.

func (*RecoveryTestTool) Decrypt

func (c *RecoveryTestTool) Decrypt(ctx context.Context) error

Decrypt calls "--action=recovery_crypto_decrypt" step.

func (*RecoveryTestTool) FakeMediate

func (c *RecoveryTestTool) FakeMediate(ctx context.Context) error

FakeMediate calls "--action=recovery_crypto_mediate" step.

func (*RecoveryTestTool) GetRecoveryRequest

func (c *RecoveryTestTool) GetRecoveryRequest() ([]byte, error)

GetRecoveryRequest returns the request generated by CreateRecoveryRequest.

func (*RecoveryTestTool) RemoveDir

func (c *RecoveryTestTool) RemoveDir() error

RemoveDir removes the folder generated by NewRecoveryTestTool.

func (*RecoveryTestTool) SaveCustomEpoch

func (c *RecoveryTestTool) SaveCustomEpoch(epoch []byte) error

SaveCustomEpoch saves the provided epoch to be used in CreateRecoveryRequest and Decrypt.

func (*RecoveryTestTool) SaveCustomRAPT

func (c *RecoveryTestTool) SaveCustomRAPT(rapt []byte) error

SaveCustomRAPT saves the provided reauth proof token to be used in CreateRecoveryRequest.

func (*RecoveryTestTool) SaveCustomResponse

func (c *RecoveryTestTool) SaveCustomResponse(response []byte) error

SaveCustomResponse saves the provided epoch to be used in Decrypt.

func (*RecoveryTestTool) Validate

func (c *RecoveryTestTool) Validate(ctx context.Context) error

Validate compares secret created by CreateHsmPayload with secret derived by Decrypt. They are expected to be the same.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL