cryptohome

package
v0.0.0-...-9474aff Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2022 License: BSD-3-Clause Imports: 14 Imported by: 0

Documentation

Overview

Package cryptohome operates on encrypted home directories.

Package cryptohome operates on encrypted home directories.

Index

Constants

View Source 
const (
	// WaitForUserTimeout is the maximum time until a user mount is available.
	WaitForUserTimeout = hwsec.WaitForUserTimeout

	// GuestUser is the name representing a guest user account.
	// Defined in libbrillo/brillo/cryptohome.cc.
	GuestUser = hwsec.GuestUser

	// KioskUser is the name representing a kiosk user account.
	KioskUser = hwsec.KioskUser
)
View Source 
const (
	// Ephemeral is used to specify that the expected user mount type is ephemeral.
	Ephemeral = hwsec.Ephemeral
	// Permanent is used to specify that the expected user mount type is permanent.
	Permanent = hwsec.Permanent
)

Variables

This section is empty.

Functions

func AuthSessionMountFlow 

func AuthSessionMountFlow(ctx context.Context, isKioskUser bool, username, password string, createUser bool) error

AuthSessionMountFlow mounts a user with AuthSession.

func AuthenticateWithAuthSession 

func AuthenticateWithAuthSession(ctx context.Context, username, password string, isEphemeral, isKioskUser bool) (string, error)

AuthenticateWithAuthSession authenticates an existing user via auth session API.

func CheckDeps 

func CheckDeps(ctx context.Context) error

CheckDeps performs high-level verification of cryptohome related daemons.

func CheckMountNamespace 

func CheckMountNamespace(ctx context.Context) error

CheckMountNamespace checks whether the user session mount namespace has been created.

func CheckService 

func CheckService(ctx context.Context) error

CheckService performs high-level verification of cryptohome.

func CreateAndMountUserWithAuthSession 

func CreateAndMountUserWithAuthSession(ctx context.Context, username, password string, isKioskUser bool) error

CreateAndMountUserWithAuthSession creates a persistent user via auth session API.

func CreateUserWithAuthSession 

func CreateUserWithAuthSession(ctx context.Context, username, password string, isKioskUser bool) error

CreateUserWithAuthSession creates a persistent user via auth session API.

func CreateVault 

func CreateVault(ctx context.Context, user, password string) error

CreateVault creates the vault for the user with given password.

func IsMounted 

func IsMounted(ctx context.Context, user string) (bool, error)

IsMounted checks if the vault for the user is mounted.

func MountGuest 

func MountGuest(ctx context.Context) error

MountGuest sends a request to cryptohome to create a mount point for a guest user.

func MountKiosk 

func MountKiosk(ctx context.Context) error

MountKiosk sends a request to cryptohome to create a mount point for a kiosk user.

func MountedVaultPath 

func MountedVaultPath(ctx context.Context, user string) (string, error)

MountedVaultPath returns the path where the decrypted data for the user is located.

func PrepareEphemeralUserWithAuthSession 

func PrepareEphemeralUserWithAuthSession(ctx context.Context, username string) (string, error)

PrepareEphemeralUserWithAuthSession creates an ephemeral user via auth session API.

func RemoveUserDir 

func RemoveUserDir(ctx context.Context, user string) error

RemoveUserDir removes a user's encrypted home directory. Success is reported if the user directory doesn't exist, but an error will be returned if the user is currently logged in.

func RemoveVault 

func RemoveVault(ctx context.Context, user string) error

RemoveVault removes the vault for the user.

func SystemPath 

func SystemPath(ctx context.Context, user string) (string, error)

SystemPath returns the path to user's encrypted system directory.

func UnmountAll 

func UnmountAll(ctx context.Context) error

UnmountAll unmounts all user vaults.

func UnmountVault 

func UnmountVault(ctx context.Context, user string) error

UnmountVault unmounts the vault for the user.

func UpdateUserCredentialWithAuthSession 

func UpdateUserCredentialWithAuthSession(ctx context.Context, username, oldPassword, newPassword string, isEphemeral, isKioskUser bool) (string, error)

UpdateUserCredentialWithAuthSession authenticates an existing user via auth session API.

func UserHash 

func UserHash(ctx context.Context, user string) (string, error)

UserHash returns user's cryptohome hash.

func UserPath 

func UserPath(ctx context.Context, user string) (string, error)

UserPath returns the path to user's encrypted home directory.

func WaitForUserMount 

func WaitForUserMount(ctx context.Context, user string) error

WaitForUserMount waits for user's encrypted home directory to be mounted and validates that it is of permanent type for all users except guest.

func WaitForUserMountAndValidateType 

func WaitForUserMountAndValidateType(ctx context.Context, user string, mountType MountType) error

WaitForUserMountAndValidateType waits for user's encrypted home directory to be mounted and validates that it is of correct type.

Types

type MountType 

type MountType = hwsec.MountType

MountType is a type of the user mount.

type RecoveryTestTool 

type RecoveryTestTool struct {
	// contains filtered or unexported fields
}

RecoveryTestTool is a command line test tool for cryptohome recovery testing.

func NewRecoveryTestTool 

func NewRecoveryTestTool() (*RecoveryTestTool, error)

NewRecoveryTestTool creates a new instance of RecoveryTestTool with generated directory. The instance will not use fake mediation. Use Save* methods to set the real server replies. Call RemoveDir in the end of the test.

func NewRecoveryTestToolWithFakeMediator 

func NewRecoveryTestToolWithFakeMediator() (*RecoveryTestTool, error)

NewRecoveryTestToolWithFakeMediator creates a new instance of RecoveryTestTool with generated directory. The instance will use fake (local) mediation. Call RemoveDir in the end of the test.

func (*RecoveryTestTool) CreateHsmPayload 

func (c *RecoveryTestTool) CreateHsmPayload(ctx context.Context) error

CreateHsmPayload calls "--action=recovery_crypto_create_hsm_payload" step.

func (*RecoveryTestTool) CreateRecoveryRequest 

func (c *RecoveryTestTool) CreateRecoveryRequest(ctx context.Context) error

CreateRecoveryRequest calls "--action=recovery_crypto_create_recovery_request" step.

func (*RecoveryTestTool) Decrypt 

func (c *RecoveryTestTool) Decrypt(ctx context.Context) error

Decrypt calls "--action=recovery_crypto_decrypt" step.

func (*RecoveryTestTool) FakeMediate 

func (c *RecoveryTestTool) FakeMediate(ctx context.Context) error

FakeMediate calls "--action=recovery_crypto_mediate" step.

func (*RecoveryTestTool) GetRecoveryRequest 

func (c *RecoveryTestTool) GetRecoveryRequest() ([]byte, error)

GetRecoveryRequest returns the request generated by CreateRecoveryRequest.

func (*RecoveryTestTool) RemoveDir 

func (c *RecoveryTestTool) RemoveDir() error

RemoveDir removes the folder generated by NewRecoveryTestTool.

func (*RecoveryTestTool) SaveCustomEpoch 

func (c *RecoveryTestTool) SaveCustomEpoch(epoch []byte) error

SaveCustomEpoch saves the provided epoch to be used in CreateRecoveryRequest and Decrypt.

func (*RecoveryTestTool) SaveCustomRAPT 

func (c *RecoveryTestTool) SaveCustomRAPT(rapt []byte) error

SaveCustomRAPT saves the provided reauth proof token to be used in CreateRecoveryRequest.

func (*RecoveryTestTool) SaveCustomResponse 

func (c *RecoveryTestTool) SaveCustomResponse(response []byte) error

SaveCustomResponse saves the provided epoch to be used in Decrypt.

func (*RecoveryTestTool) Validate 

func (c *RecoveryTestTool) Validate(ctx context.Context) error

Validate compares secret created by CreateHsmPayload with secret derived by Decrypt. They are expected to be the same.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.