Affected by GO-2024-2468 and 4 other vulnerabilities

GO-2024-2468: snapd Race Condition vulnerability in github.com/snapcore/snapd

GO-2024-2906: CVE-2024-5138 in github.com/snapcore/snapd

GO-2024-3007: snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd

GO-2024-3008: snapd failed to properly check the file type when extracting a snap in github.com/snapcore/snapd

GO-2024-3009: snapd failed to properly check the destination of symbolic links when extracting a snap in github.com/snapcore/snapd

keymgr

package

v0.0.0-...-f890545 Latest Latest Go to latest Published: Nov 21, 2024 License: GPL-3.0 Imports: 7 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/snapcore/snapd

Documentation ¶

Index ¶

func AddRecoveryKeyToLUKSDevice(recoveryKey keys.RecoveryKey, dev string) error
func AddRecoveryKeyToLUKSDeviceUsingKey(recoveryKey keys.RecoveryKey, currKey keys.EncryptionKey, dev string) error
func IsKeyslotAlreadyUsed(err error) bool
func RemoveRecoveryKeyFromLUKSDevice(dev string) error
func RemoveRecoveryKeyFromLUKSDeviceUsingKey(currKey keys.EncryptionKey, dev string) error
func StageLUKSDeviceEncryptionKeyChange(newKey keys.EncryptionKey, dev string) error
func TransitionLUKSDeviceEncryptionKeyChange(newKey keys.EncryptionKey, dev string) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddRecoveryKeyToLUKSDevice ¶

func AddRecoveryKeyToLUKSDevice(recoveryKey keys.RecoveryKey, dev string) error

AddRecoveryKeyToLUKSDevice adds a recovery key to a LUKS2 device. It the devuce unlock key from the user keyring to authorize the change. The recoveyry key is added to keyslot 1.

func AddRecoveryKeyToLUKSDeviceUsingKey ¶

func AddRecoveryKeyToLUKSDeviceUsingKey(recoveryKey keys.RecoveryKey, currKey keys.EncryptionKey, dev string) error

AddRecoveryKeyToLUKSDeviceUsingKey adds a recovery key rkey to the existing LUKS encrypted volume on the block device given by node. The existing key to the encrypted volume is provided in the key argument and used to authorize the operation.

A heuristic memory cost is used.

func IsKeyslotAlreadyUsed ¶

func IsKeyslotAlreadyUsed(err error) bool

IsKeyslotAlreadyUsed returns true if the error indicates that the keyslot attempted for a given key is already used

func RemoveRecoveryKeyFromLUKSDevice ¶

func RemoveRecoveryKeyFromLUKSDevice(dev string) error

RemoveRecoveryKeyFromLUKSDevice removes an existing recovery key a LUKS2 device.

func RemoveRecoveryKeyFromLUKSDeviceUsingKey ¶

func RemoveRecoveryKeyFromLUKSDeviceUsingKey(currKey keys.EncryptionKey, dev string) error

RemoveRecoveryKeyFromLUKSDeviceUsingKey removes an existing recovery key a LUKS2 using the provided key to authorize the operation.

func StageLUKSDeviceEncryptionKeyChange ¶

func StageLUKSDeviceEncryptionKeyChange(newKey keys.EncryptionKey, dev string) error

StageLUKSDeviceEncryptionKeyChange stages a new encryption key with the goal of changing the main encryption key referenced in keyslot 0. The operation is authorized using the key that unlocked the device and is stored in the keyring (as it happens during factory reset).

func TransitionLUKSDeviceEncryptionKeyChange ¶

func TransitionLUKSDeviceEncryptionKeyChange(newKey keys.EncryptionKey, dev string) error

TransitionLUKSDeviceEncryptionKeyChange completes the main encryption key change to the new key provided in the parameters. The new key must have been staged before, thus it can authorize LUKS operations. Lastly, the unlock key in the keyring is updated to the new key.

Types ¶

This section is empty.

Source Files ¶

View all Source files

keymgr_luks2.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL