hwsec

package

v0.0.0-...-683b059 Latest Latest Go to latest Published: Apr 23, 2022 License: BSD-3-Clause Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

chromium.googlesource.com/chromiumos/platform/tast-tests

Documentation ¶

Index ¶

func BackupTPMManagerDataIfIntact(ctx context.Context) error
func CheckDAIsZero(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error
func CheckDAIsZeroForTpm1(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error
func IncreaseDAForTpm1(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error
func IncreaseDAWithCheckVault(ctx context.Context, cryptohome *hwsec.CryptohomeClient, ...) error
func RestoreTPMManagerData(ctx context.Context) error
func SetUpVaultAndUserAsOwner(ctx context.Context, certpath, username, password, label string, ...) error
type AttestationDBus
- func NewAttestationDBus(ctx context.Context) (*AttestationDBus, error)
- func (c *AttestationDBus) ActivateAttestationKey(ctx context.Context, req *apb.ActivateAttestationKeyRequest) (*apb.ActivateAttestationKeyReply, error)
- func (c *AttestationDBus) CreateCertifiableKey(ctx context.Context, req *apb.CreateCertifiableKeyRequest) (*apb.CreateCertifiableKeyReply, error)
- func (c *AttestationDBus) CreateCertificateRequest(ctx context.Context, req *apb.CreateCertificateRequestRequest) (*apb.CreateCertificateRequestReply, error)
- func (c *AttestationDBus) CreateEnrollRequest(ctx context.Context, req *apb.CreateEnrollRequestRequest) (*apb.CreateEnrollRequestReply, error)
- func (c *AttestationDBus) Decrypt(ctx context.Context, req *apb.DecryptRequest) (*apb.DecryptReply, error)
- func (c *AttestationDBus) DeleteKeys(ctx context.Context, req *apb.DeleteKeysRequest) (*apb.DeleteKeysReply, error)
- func (c *AttestationDBus) Enroll(ctx context.Context, req *apb.EnrollRequest) (*apb.EnrollReply, error)
- func (c *AttestationDBus) FinishCertificateRequest(ctx context.Context, req *apb.FinishCertificateRequestRequest) (*apb.FinishCertificateRequestReply, error)
- func (c *AttestationDBus) FinishEnroll(ctx context.Context, req *apb.FinishEnrollRequest) (*apb.FinishEnrollReply, error)
- func (c *AttestationDBus) GetAttestationKeyInfo(ctx context.Context, req *apb.GetAttestationKeyInfoRequest) (*apb.GetAttestationKeyInfoReply, error)
- func (c *AttestationDBus) GetCertificate(ctx context.Context, req *apb.GetCertificateRequest) (*apb.GetCertificateReply, error)
- func (c *AttestationDBus) GetCertifiedNvIndex(ctx context.Context, req *apb.GetCertifiedNvIndexRequest) (*apb.GetCertifiedNvIndexReply, error)
- func (c *AttestationDBus) GetEndorsementInfo(ctx context.Context, req *apb.GetEndorsementInfoRequest) (*apb.GetEndorsementInfoReply, error)
- func (c *AttestationDBus) GetEnrollmentID(ctx context.Context, req *apb.GetEnrollmentIdRequest) (*apb.GetEnrollmentIdReply, error)
- func (c *AttestationDBus) GetEnrollmentPreparations(ctx context.Context, req *apb.GetEnrollmentPreparationsRequest) (*apb.GetEnrollmentPreparationsReply, error)
- func (c *AttestationDBus) GetKeyInfo(ctx context.Context, req *apb.GetKeyInfoRequest) (*apb.GetKeyInfoReply, error)
- func (c *AttestationDBus) GetStatus(ctx context.Context, req *apb.GetStatusRequest) (*apb.GetStatusReply, error)
- func (c *AttestationDBus) RegisterKeyWithChapsToken(ctx context.Context, req *apb.RegisterKeyWithChapsTokenRequest) (*apb.RegisterKeyWithChapsTokenReply, error)
- func (c *AttestationDBus) ResetIdentity(ctx context.Context, req *apb.ResetIdentityRequest) (*apb.ResetIdentityReply, error)
- func (c *AttestationDBus) SetKeyPayload(ctx context.Context, req *apb.SetKeyPayloadRequest) (*apb.SetKeyPayloadReply, error)
- func (c *AttestationDBus) Sign(ctx context.Context, req *apb.SignRequest) (*apb.SignReply, error)
- func (c *AttestationDBus) SignEnterpriseChallenge(ctx context.Context, req *apb.SignEnterpriseChallengeRequest) (*apb.SignEnterpriseChallengeReply, error)
- func (c *AttestationDBus) SignSimpleChallenge(ctx context.Context, req *apb.SignSimpleChallengeRequest) (*apb.SignSimpleChallengeReply, error)
- func (c *AttestationDBus) Verify(ctx context.Context, req *apb.VerifyRequest) (*apb.VerifyReply, error)
type AttestationHelperLocal
- func NewAttestationHelper(ctx context.Context) (*AttestationHelperLocal, error)
type AttestationLocalInfra
- func NewAttestationLocalInfra(dc *hwsec.DaemonController) *AttestationLocalInfra
- func (ali *AttestationLocalInfra) Disable(ctx context.Context) error
- func (ali *AttestationLocalInfra) Enable(ctx context.Context) (lastErr error)
type CmdHelperLocal
- func NewHelper(r hwsec.CmdRunner) (*CmdHelperLocal, error)
type CmdHelperLocalImpl
- func (h *CmdHelperLocalImpl) EnsureTPMIsReadyAndBackupSecrets(ctx context.Context, timeout time.Duration) error
type CmdRunnerLocal
- func NewCmdRunner() *CmdRunnerLocal
- func NewLoglessCmdRunner() *CmdRunnerLocal
- func (r *CmdRunnerLocal) Run(ctx context.Context, cmd string, args ...string) ([]byte, error)
- func (r *CmdRunnerLocal) RunWithCombinedOutput(ctx context.Context, cmd string, args ...string) ([]byte, error)
type FakePCAAgent
- func FakePCAAgentContext(ctx context.Context) *FakePCAAgent
- func (f *FakePCAAgent) Start() error
- func (f *FakePCAAgent) Stop() error
type FullHelperLocal
- func NewFullHelper(ctx context.Context, r hwsec.CmdRunner) (*FullHelperLocal, error)
type LocalVA
- func NewLocalVA() *LocalVA
- func (rc *LocalVA) GetDecodedVAChallenge(ctx context.Context) ([]byte, error)
- func (rc *LocalVA) VerifyEncodedVAChallenge(ctx context.Context, signedChallenge string) error
type PCAAgentClient
- func NewPCAAgentClient() *PCAAgentClient
- func (rp *PCAAgentClient) HandleCertificateRequest(ctx context.Context, request string, pcaType hwsec.PCAType) (string, error)
- func (rp *PCAAgentClient) HandleEnrollRequest(ctx context.Context, request string, pcaType hwsec.PCAType) (string, error)
type TPMClearer
- func NewTPMClearer(cmdRunner hwsec.CmdRunner, daemonController *hwsec.DaemonController) *TPMClearer
- func (tc *TPMClearer) ClearTPM(ctx context.Context) error
- func (tc *TPMClearer) PostClearTPM(ctx context.Context) error
- func (tc *TPMClearer) PreClearTPM(ctx context.Context) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BackupTPMManagerDataIfIntact ¶

func BackupTPMManagerDataIfIntact(ctx context.Context) error

BackupTPMManagerDataIfIntact backs up a the tpm manager data if the important secrets is not cleared.

func CheckDAIsZero ¶

func CheckDAIsZero(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error

CheckDAIsZero uses tpm_manager_client to check if the dictionary attack counter is zero.

func CheckDAIsZeroForTpm1 ¶

func CheckDAIsZeroForTpm1(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error

CheckDAIsZeroForTpm1 uses tpm_manager_client to check if the dictionary attack counter is zero on TPMv1.2 devices. Since there is a delay for resetting DA counter on TPMv1.2 devices, so we need to poll for DA to be reset.

func IncreaseDAForTpm1 ¶

func IncreaseDAForTpm1(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error

IncreaseDAForTpm1 uses tpm_manager_client to increase the dictionary attack counter, and should be only used on TPMv1.2 devices.

func IncreaseDAWithCheckVault ¶

func IncreaseDAWithCheckVault(ctx context.Context, cryptohome *hwsec.CryptohomeClient, mountInfo *hwsec.CryptohomeMountInfo) error

IncreaseDAWithCheckVault uses cryptohome_client to increase the dictionary attack counter, and should be only used on TPMv1.2 devices. This is currently used for generating a well-known auth failure.

func RestoreTPMManagerData ¶

func RestoreTPMManagerData(ctx context.Context) error

RestoreTPMManagerData copies the backup file back to the location of tpm manager local data.

func SetUpVaultAndUserAsOwner ¶

func SetUpVaultAndUserAsOwner(ctx context.Context, certpath, username, password, label string, utility *hwsec.CryptohomeClient) error

SetUpVaultAndUserAsOwner will setup a user and its vault, and setup the policy to make the user the owner of the device. Caller of this assumes the responsibility of umounting/cleaning up the vault regardless of whether the function returned an error.

Types ¶

type AttestationDBus ¶

type AttestationDBus struct {
	// contains filtered or unexported fields
}

AttestationDBus talks to attestation service via D-Bus APIs.

func NewAttestationDBus ¶

func NewAttestationDBus(ctx context.Context) (*AttestationDBus, error)

NewAttestationDBus connects to the D-Bus and use the result object to construct AttestationDBus.

func (*AttestationDBus) ActivateAttestationKey ¶

func (c *AttestationDBus) ActivateAttestationKey(ctx context.Context, req *apb.ActivateAttestationKeyRequest) (*apb.ActivateAttestationKeyReply, error)

ActivateAttestationKey calls "ActivateAttestationKey" D-Bus Interface.

func (*AttestationDBus) CreateCertifiableKey ¶

func (c *AttestationDBus) CreateCertifiableKey(ctx context.Context, req *apb.CreateCertifiableKeyRequest) (*apb.CreateCertifiableKeyReply, error)

CreateCertifiableKey calls "CreateCertifiableKey" D-Bus Interface.

func (*AttestationDBus) CreateCertificateRequest ¶

func (c *AttestationDBus) CreateCertificateRequest(ctx context.Context, req *apb.CreateCertificateRequestRequest) (*apb.CreateCertificateRequestReply, error)

CreateCertificateRequest calls "CreateCertificateRequest" D-Bus Interface.

func (*AttestationDBus) CreateEnrollRequest ¶

func (c *AttestationDBus) CreateEnrollRequest(ctx context.Context, req *apb.CreateEnrollRequestRequest) (*apb.CreateEnrollRequestReply, error)

CreateEnrollRequest calls "CreateEnrollRequest" D-Bus Interface.

func (*AttestationDBus) Decrypt ¶

func (c *AttestationDBus) Decrypt(ctx context.Context, req *apb.DecryptRequest) (*apb.DecryptReply, error)

Decrypt calls "Decrypt" D-Bus Interface.

func (*AttestationDBus) DeleteKeys ¶

func (c *AttestationDBus) DeleteKeys(ctx context.Context, req *apb.DeleteKeysRequest) (*apb.DeleteKeysReply, error)

DeleteKeys calls "DeleteKeys" D-Bus Interface.

func (*AttestationDBus) Enroll ¶

func (c *AttestationDBus) Enroll(ctx context.Context, req *apb.EnrollRequest) (*apb.EnrollReply, error)

Enroll calls "Enroll" D-Bus Interface.

func (*AttestationDBus) FinishCertificateRequest ¶

func (c *AttestationDBus) FinishCertificateRequest(ctx context.Context, req *apb.FinishCertificateRequestRequest) (*apb.FinishCertificateRequestReply, error)

FinishCertificateRequest calls "FinishCertificateRequest" D-Bus Interface.

func (*AttestationDBus) FinishEnroll ¶

func (c *AttestationDBus) FinishEnroll(ctx context.Context, req *apb.FinishEnrollRequest) (*apb.FinishEnrollReply, error)

FinishEnroll calls "FinishEnroll" D-Bus Interface.

func (*AttestationDBus) GetAttestationKeyInfo ¶

func (c *AttestationDBus) GetAttestationKeyInfo(ctx context.Context, req *apb.GetAttestationKeyInfoRequest) (*apb.GetAttestationKeyInfoReply, error)

GetAttestationKeyInfo calls "GetAttestationKeyInfo" D-Bus Interface.

func (*AttestationDBus) GetCertificate ¶

func (c *AttestationDBus) GetCertificate(ctx context.Context, req *apb.GetCertificateRequest) (*apb.GetCertificateReply, error)

GetCertificate calls "GetCertificate" D-Bus Interface.

func (*AttestationDBus) GetCertifiedNvIndex ¶

func (c *AttestationDBus) GetCertifiedNvIndex(ctx context.Context, req *apb.GetCertifiedNvIndexRequest) (*apb.GetCertifiedNvIndexReply, error)

GetCertifiedNvIndex calls "GetCertifiedNvIndex" D-Bus Interface.

func (*AttestationDBus) GetEndorsementInfo ¶

func (c *AttestationDBus) GetEndorsementInfo(ctx context.Context, req *apb.GetEndorsementInfoRequest) (*apb.GetEndorsementInfoReply, error)

GetEndorsementInfo calls "GetEndorsementInfo" D-Bus Interface.

func (*AttestationDBus) GetEnrollmentID ¶

func (c *AttestationDBus) GetEnrollmentID(ctx context.Context, req *apb.GetEnrollmentIdRequest) (*apb.GetEnrollmentIdReply, error)

GetEnrollmentID calls "GetEnrollmentID" D-Bus Interface.

func (*AttestationDBus) GetEnrollmentPreparations ¶

func (c *AttestationDBus) GetEnrollmentPreparations(ctx context.Context, req *apb.GetEnrollmentPreparationsRequest) (*apb.GetEnrollmentPreparationsReply, error)

GetEnrollmentPreparations calls "GetEnrollmentPreparations" D-Bus Interface.

func (*AttestationDBus) GetKeyInfo ¶

func (c *AttestationDBus) GetKeyInfo(ctx context.Context, req *apb.GetKeyInfoRequest) (*apb.GetKeyInfoReply, error)

GetKeyInfo calls "GetKeyInfo" D-Bus Interface.

func (*AttestationDBus) GetStatus ¶

func (c *AttestationDBus) GetStatus(ctx context.Context, req *apb.GetStatusRequest) (*apb.GetStatusReply, error)

GetStatus calls "GetStatus" D-Bus Interface.

func (*AttestationDBus) RegisterKeyWithChapsToken ¶

func (c *AttestationDBus) RegisterKeyWithChapsToken(ctx context.Context, req *apb.RegisterKeyWithChapsTokenRequest) (*apb.RegisterKeyWithChapsTokenReply, error)

RegisterKeyWithChapsToken calls "RegisterKeyWithChapsToken" D-Bus Interface.

func (*AttestationDBus) ResetIdentity ¶

func (c *AttestationDBus) ResetIdentity(ctx context.Context, req *apb.ResetIdentityRequest) (*apb.ResetIdentityReply, error)

ResetIdentity calls "ResetIdentity" D-Bus Interface.

func (*AttestationDBus) SetKeyPayload ¶

func (c *AttestationDBus) SetKeyPayload(ctx context.Context, req *apb.SetKeyPayloadRequest) (*apb.SetKeyPayloadReply, error)

SetKeyPayload calls "SetKeyPayload" D-Bus Interface.

func (*AttestationDBus) Sign ¶

func (c *AttestationDBus) Sign(ctx context.Context, req *apb.SignRequest) (*apb.SignReply, error)

Sign calls "Sign" D-Bus Interface.

func (*AttestationDBus) SignEnterpriseChallenge ¶

func (c *AttestationDBus) SignEnterpriseChallenge(ctx context.Context, req *apb.SignEnterpriseChallengeRequest) (*apb.SignEnterpriseChallengeReply, error)

SignEnterpriseChallenge calls "SignEnterpriseChallenge" D-Bus Interface.

func (*AttestationDBus) SignSimpleChallenge ¶

func (c *AttestationDBus) SignSimpleChallenge(ctx context.Context, req *apb.SignSimpleChallengeRequest) (*apb.SignSimpleChallengeReply, error)

SignSimpleChallenge calls "SignSimpleChallenge" D-Bus Interface.

func (*AttestationDBus) Verify ¶

func (c *AttestationDBus) Verify(ctx context.Context, req *apb.VerifyRequest) (*apb.VerifyReply, error)

Verify calls "Verify" D-Bus Interface.

type AttestationHelperLocal ¶

type AttestationHelperLocal struct {
	hwsec.AttestationHelper
}

AttestationHelperLocal extends the function set of hwsec.AttestationHelper

func NewAttestationHelper ¶

func NewAttestationHelper(ctx context.Context) (*AttestationHelperLocal, error)

NewAttestationHelper creates a new hwsec.AttestationHelper instance that make use of the functions implemented by AttestationHelperLocal.

type AttestationLocalInfra ¶

type AttestationLocalInfra struct {
	// contains filtered or unexported fields
}

AttestationLocalInfra enables/disables the local server implementation on DUT.

func NewAttestationLocalInfra ¶

func NewAttestationLocalInfra(dc *hwsec.DaemonController) *AttestationLocalInfra

NewAttestationLocalInfra creates a new AttestationLocalInfra instance, with dc used to control the D-Bus service daemons.

func (*AttestationLocalInfra) Disable ¶

func (ali *AttestationLocalInfra) Disable(ctx context.Context) error

Disable disables the local test infra for attestation flow testing.

func (*AttestationLocalInfra) Enable ¶

func (ali *AttestationLocalInfra) Enable(ctx context.Context) (lastErr error)

Enable enables the local test infra for attestation flow testing.

type CmdHelperLocal ¶

type CmdHelperLocal struct {
	hwsec.CmdTPMClearHelper
	CmdHelperLocalImpl
}

CmdHelperLocal extends the function set of hwsec.CmdHelper

func NewHelper ¶

func NewHelper(r hwsec.CmdRunner) (*CmdHelperLocal, error)

NewHelper creates a new hwsec.CmdTPMClearHelper instance that make use of the functions implemented by CmdRunnerLocal.

type CmdHelperLocalImpl ¶

type CmdHelperLocalImpl struct {
	// contains filtered or unexported fields
}

CmdHelperLocalImpl implements the helper functions for CmdHelperLocal

func (*CmdHelperLocalImpl) EnsureTPMIsReadyAndBackupSecrets ¶

func (h *CmdHelperLocalImpl) EnsureTPMIsReadyAndBackupSecrets(ctx context.Context, timeout time.Duration) error

EnsureTPMIsReadyAndBackupSecrets ensures TPM readiness and then backs up tpm manager local data so we can restore important secrets if needed.

type CmdRunnerLocal ¶

type CmdRunnerLocal struct {
	// contains filtered or unexported fields
}

CmdRunnerLocal implements CmdRunner for local test.

func NewCmdRunner ¶

func NewCmdRunner() *CmdRunnerLocal

NewCmdRunner creates a new command runner for local test.

func NewLoglessCmdRunner ¶

func NewLoglessCmdRunner() *CmdRunnerLocal

NewLoglessCmdRunner creates a new command runner for local test, which wouldn't print logs.

func (*CmdRunnerLocal) Run ¶

func (r *CmdRunnerLocal) Run(ctx context.Context, cmd string, args ...string) ([]byte, error)

Run implements hwsec.CmdRunner.Run.

func (*CmdRunnerLocal) RunWithCombinedOutput ¶

func (r *CmdRunnerLocal) RunWithCombinedOutput(ctx context.Context, cmd string, args ...string) ([]byte, error)

RunWithCombinedOutput implements hwsec.CmdRunner.RunWithCombinedOutput.

type FakePCAAgent ¶

type FakePCAAgent struct {
	// contains filtered or unexported fields
}

FakePCAAgent performs the execution and terminiation of the fake pca agent.

func FakePCAAgentContext ¶

func FakePCAAgentContext(ctx context.Context) *FakePCAAgent

FakePCAAgentContext creates a new FakePCAAgent where context is used when calling the commands.

func (*FakePCAAgent) Start ¶

func (f *FakePCAAgent) Start() error

Start starts running the fake pca agent.

func (*FakePCAAgent) Stop ¶

func (f *FakePCAAgent) Stop() error

Stop signals the fake pca agent with SIGTERM as upstart does to daemons, and waits for its termination.

type FullHelperLocal ¶

type FullHelperLocal struct {
	hwsec.FullHelper
	CmdHelperLocalImpl
}

FullHelperLocal extends the function set of hwsec.FullHelper

func NewFullHelper ¶

func NewFullHelper(ctx context.Context, r hwsec.CmdRunner) (*FullHelperLocal, error)

NewFullHelper creates a new hwsec.FullHelper with a local AttestationClient.

type LocalVA ¶

type LocalVA struct{}

LocalVA implements the VA functionality by hwsec-test-va binary.

func NewLocalVA ¶

func NewLocalVA() *LocalVA

NewLocalVA creates a new instance of LocalVA.

func (*LocalVA) GetDecodedVAChallenge ¶

func (rc *LocalVA) GetDecodedVAChallenge(ctx context.Context) ([]byte, error)

GetDecodedVAChallenge get the VA challenge generated by hwsec-test-va.

func (*LocalVA) VerifyEncodedVAChallenge ¶

func (rc *LocalVA) VerifyEncodedVAChallenge(ctx context.Context, signedChallenge string) error

VerifyEncodedVAChallenge asks hwsec-test-va to verify the challenge response.

type PCAAgentClient ¶

type PCAAgentClient struct{}

PCAAgentClient delegates the request handling to the pca_agent_client command line tool.

func NewPCAAgentClient ¶

func NewPCAAgentClient() *PCAAgentClient

NewPCAAgentClient creates a new instance of RealVA.

func (*PCAAgentClient) HandleCertificateRequest ¶

func (rp *PCAAgentClient) HandleCertificateRequest(ctx context.Context, request string, pcaType hwsec.PCAType) (string, error)

HandleCertificateRequest calls pca_agent_client to process the certificate request.

func (*PCAAgentClient) HandleEnrollRequest ¶

func (rp *PCAAgentClient) HandleEnrollRequest(ctx context.Context, request string, pcaType hwsec.PCAType) (string, error)

HandleEnrollRequest calls pca_agent_client to process the enroll request.

type TPMClearer ¶

type TPMClearer struct {
	// contains filtered or unexported fields
}

TPMClearer clear the TPM via crossystem, this would only work on TPM2.0.

func NewTPMClearer ¶

func NewTPMClearer(cmdRunner hwsec.CmdRunner, daemonController *hwsec.DaemonController) *TPMClearer

NewTPMClearer creates a new TPMClearer object, where r is used to run the command internally.

func (*TPMClearer) ClearTPM ¶

func (tc *TPMClearer) ClearTPM(ctx context.Context) error

ClearTPM soft clears the TPM.

func (*TPMClearer) PostClearTPM ¶

func (tc *TPMClearer) PostClearTPM(ctx context.Context) error

PostClearTPM restores the system key and ensures TPM daemon is up.

func (*TPMClearer) PreClearTPM ¶

func (tc *TPMClearer) PreClearTPM(ctx context.Context) error

PreClearTPM backups the system key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL