Documentation ¶
Index ¶
- func BackupTPMManagerDataIfIntact(ctx context.Context) error
- func CheckDAIsZero(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error
- func CheckDAIsZeroForTpm1(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error
- func IncreaseDAForTpm1(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error
- func IncreaseDAWithCheckVault(ctx context.Context, cryptohome *hwsec.CryptohomeClient, ...) error
- func RestoreTPMManagerData(ctx context.Context) error
- func SetUpVaultAndUserAsOwner(ctx context.Context, certpath, username, password, label string, ...) error
- type AttestationDBus
- func (c *AttestationDBus) ActivateAttestationKey(ctx context.Context, req *apb.ActivateAttestationKeyRequest) (*apb.ActivateAttestationKeyReply, error)
- func (c *AttestationDBus) CreateCertifiableKey(ctx context.Context, req *apb.CreateCertifiableKeyRequest) (*apb.CreateCertifiableKeyReply, error)
- func (c *AttestationDBus) CreateCertificateRequest(ctx context.Context, req *apb.CreateCertificateRequestRequest) (*apb.CreateCertificateRequestReply, error)
- func (c *AttestationDBus) CreateEnrollRequest(ctx context.Context, req *apb.CreateEnrollRequestRequest) (*apb.CreateEnrollRequestReply, error)
- func (c *AttestationDBus) Decrypt(ctx context.Context, req *apb.DecryptRequest) (*apb.DecryptReply, error)
- func (c *AttestationDBus) DeleteKeys(ctx context.Context, req *apb.DeleteKeysRequest) (*apb.DeleteKeysReply, error)
- func (c *AttestationDBus) Enroll(ctx context.Context, req *apb.EnrollRequest) (*apb.EnrollReply, error)
- func (c *AttestationDBus) FinishCertificateRequest(ctx context.Context, req *apb.FinishCertificateRequestRequest) (*apb.FinishCertificateRequestReply, error)
- func (c *AttestationDBus) FinishEnroll(ctx context.Context, req *apb.FinishEnrollRequest) (*apb.FinishEnrollReply, error)
- func (c *AttestationDBus) GetAttestationKeyInfo(ctx context.Context, req *apb.GetAttestationKeyInfoRequest) (*apb.GetAttestationKeyInfoReply, error)
- func (c *AttestationDBus) GetCertificate(ctx context.Context, req *apb.GetCertificateRequest) (*apb.GetCertificateReply, error)
- func (c *AttestationDBus) GetCertifiedNvIndex(ctx context.Context, req *apb.GetCertifiedNvIndexRequest) (*apb.GetCertifiedNvIndexReply, error)
- func (c *AttestationDBus) GetEndorsementInfo(ctx context.Context, req *apb.GetEndorsementInfoRequest) (*apb.GetEndorsementInfoReply, error)
- func (c *AttestationDBus) GetEnrollmentID(ctx context.Context, req *apb.GetEnrollmentIdRequest) (*apb.GetEnrollmentIdReply, error)
- func (c *AttestationDBus) GetEnrollmentPreparations(ctx context.Context, req *apb.GetEnrollmentPreparationsRequest) (*apb.GetEnrollmentPreparationsReply, error)
- func (c *AttestationDBus) GetKeyInfo(ctx context.Context, req *apb.GetKeyInfoRequest) (*apb.GetKeyInfoReply, error)
- func (c *AttestationDBus) GetStatus(ctx context.Context, req *apb.GetStatusRequest) (*apb.GetStatusReply, error)
- func (c *AttestationDBus) RegisterKeyWithChapsToken(ctx context.Context, req *apb.RegisterKeyWithChapsTokenRequest) (*apb.RegisterKeyWithChapsTokenReply, error)
- func (c *AttestationDBus) ResetIdentity(ctx context.Context, req *apb.ResetIdentityRequest) (*apb.ResetIdentityReply, error)
- func (c *AttestationDBus) SetKeyPayload(ctx context.Context, req *apb.SetKeyPayloadRequest) (*apb.SetKeyPayloadReply, error)
- func (c *AttestationDBus) Sign(ctx context.Context, req *apb.SignRequest) (*apb.SignReply, error)
- func (c *AttestationDBus) SignEnterpriseChallenge(ctx context.Context, req *apb.SignEnterpriseChallengeRequest) (*apb.SignEnterpriseChallengeReply, error)
- func (c *AttestationDBus) SignSimpleChallenge(ctx context.Context, req *apb.SignSimpleChallengeRequest) (*apb.SignSimpleChallengeReply, error)
- func (c *AttestationDBus) Verify(ctx context.Context, req *apb.VerifyRequest) (*apb.VerifyReply, error)
- type AttestationHelperLocal
- type AttestationLocalInfra
- type CmdHelperLocal
- type CmdHelperLocalImpl
- type CmdRunnerLocal
- type FakePCAAgent
- type FullHelperLocal
- type LocalVA
- type PCAAgentClient
- type TPMClearer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BackupTPMManagerDataIfIntact ¶
BackupTPMManagerDataIfIntact backs up a the tpm manager data if the important secrets is not cleared.
func CheckDAIsZero ¶
func CheckDAIsZero(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error
CheckDAIsZero uses tpm_manager_client to check if the dictionary attack counter is zero.
func CheckDAIsZeroForTpm1 ¶
func CheckDAIsZeroForTpm1(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error
CheckDAIsZeroForTpm1 uses tpm_manager_client to check if the dictionary attack counter is zero on TPMv1.2 devices. Since there is a delay for resetting DA counter on TPMv1.2 devices, so we need to poll for DA to be reset.
func IncreaseDAForTpm1 ¶
func IncreaseDAForTpm1(ctx context.Context, tpmManager *hwsec.TPMManagerClient) error
IncreaseDAForTpm1 uses tpm_manager_client to increase the dictionary attack counter, and should be only used on TPMv1.2 devices.
func IncreaseDAWithCheckVault ¶
func IncreaseDAWithCheckVault(ctx context.Context, cryptohome *hwsec.CryptohomeClient, mountInfo *hwsec.CryptohomeMountInfo) error
IncreaseDAWithCheckVault uses cryptohome_client to increase the dictionary attack counter, and should be only used on TPMv1.2 devices. This is currently used for generating a well-known auth failure.
func RestoreTPMManagerData ¶
RestoreTPMManagerData copies the backup file back to the location of tpm manager local data.
func SetUpVaultAndUserAsOwner ¶
func SetUpVaultAndUserAsOwner(ctx context.Context, certpath, username, password, label string, utility *hwsec.CryptohomeClient) error
SetUpVaultAndUserAsOwner will setup a user and its vault, and setup the policy to make the user the owner of the device. Caller of this assumes the responsibility of umounting/cleaning up the vault regardless of whether the function returned an error.
Types ¶
type AttestationDBus ¶
type AttestationDBus struct {
// contains filtered or unexported fields
}
AttestationDBus talks to attestation service via D-Bus APIs.
func NewAttestationDBus ¶
func NewAttestationDBus(ctx context.Context) (*AttestationDBus, error)
NewAttestationDBus connects to the D-Bus and use the result object to construct AttestationDBus.
func (*AttestationDBus) ActivateAttestationKey ¶
func (c *AttestationDBus) ActivateAttestationKey(ctx context.Context, req *apb.ActivateAttestationKeyRequest) (*apb.ActivateAttestationKeyReply, error)
ActivateAttestationKey calls "ActivateAttestationKey" D-Bus Interface.
func (*AttestationDBus) CreateCertifiableKey ¶
func (c *AttestationDBus) CreateCertifiableKey(ctx context.Context, req *apb.CreateCertifiableKeyRequest) (*apb.CreateCertifiableKeyReply, error)
CreateCertifiableKey calls "CreateCertifiableKey" D-Bus Interface.
func (*AttestationDBus) CreateCertificateRequest ¶
func (c *AttestationDBus) CreateCertificateRequest(ctx context.Context, req *apb.CreateCertificateRequestRequest) (*apb.CreateCertificateRequestReply, error)
CreateCertificateRequest calls "CreateCertificateRequest" D-Bus Interface.
func (*AttestationDBus) CreateEnrollRequest ¶
func (c *AttestationDBus) CreateEnrollRequest(ctx context.Context, req *apb.CreateEnrollRequestRequest) (*apb.CreateEnrollRequestReply, error)
CreateEnrollRequest calls "CreateEnrollRequest" D-Bus Interface.
func (*AttestationDBus) Decrypt ¶
func (c *AttestationDBus) Decrypt(ctx context.Context, req *apb.DecryptRequest) (*apb.DecryptReply, error)
Decrypt calls "Decrypt" D-Bus Interface.
func (*AttestationDBus) DeleteKeys ¶
func (c *AttestationDBus) DeleteKeys(ctx context.Context, req *apb.DeleteKeysRequest) (*apb.DeleteKeysReply, error)
DeleteKeys calls "DeleteKeys" D-Bus Interface.
func (*AttestationDBus) Enroll ¶
func (c *AttestationDBus) Enroll(ctx context.Context, req *apb.EnrollRequest) (*apb.EnrollReply, error)
Enroll calls "Enroll" D-Bus Interface.
func (*AttestationDBus) FinishCertificateRequest ¶
func (c *AttestationDBus) FinishCertificateRequest(ctx context.Context, req *apb.FinishCertificateRequestRequest) (*apb.FinishCertificateRequestReply, error)
FinishCertificateRequest calls "FinishCertificateRequest" D-Bus Interface.
func (*AttestationDBus) FinishEnroll ¶
func (c *AttestationDBus) FinishEnroll(ctx context.Context, req *apb.FinishEnrollRequest) (*apb.FinishEnrollReply, error)
FinishEnroll calls "FinishEnroll" D-Bus Interface.
func (*AttestationDBus) GetAttestationKeyInfo ¶
func (c *AttestationDBus) GetAttestationKeyInfo(ctx context.Context, req *apb.GetAttestationKeyInfoRequest) (*apb.GetAttestationKeyInfoReply, error)
GetAttestationKeyInfo calls "GetAttestationKeyInfo" D-Bus Interface.
func (*AttestationDBus) GetCertificate ¶
func (c *AttestationDBus) GetCertificate(ctx context.Context, req *apb.GetCertificateRequest) (*apb.GetCertificateReply, error)
GetCertificate calls "GetCertificate" D-Bus Interface.
func (*AttestationDBus) GetCertifiedNvIndex ¶
func (c *AttestationDBus) GetCertifiedNvIndex(ctx context.Context, req *apb.GetCertifiedNvIndexRequest) (*apb.GetCertifiedNvIndexReply, error)
GetCertifiedNvIndex calls "GetCertifiedNvIndex" D-Bus Interface.
func (*AttestationDBus) GetEndorsementInfo ¶
func (c *AttestationDBus) GetEndorsementInfo(ctx context.Context, req *apb.GetEndorsementInfoRequest) (*apb.GetEndorsementInfoReply, error)
GetEndorsementInfo calls "GetEndorsementInfo" D-Bus Interface.
func (*AttestationDBus) GetEnrollmentID ¶
func (c *AttestationDBus) GetEnrollmentID(ctx context.Context, req *apb.GetEnrollmentIdRequest) (*apb.GetEnrollmentIdReply, error)
GetEnrollmentID calls "GetEnrollmentID" D-Bus Interface.
func (*AttestationDBus) GetEnrollmentPreparations ¶
func (c *AttestationDBus) GetEnrollmentPreparations(ctx context.Context, req *apb.GetEnrollmentPreparationsRequest) (*apb.GetEnrollmentPreparationsReply, error)
GetEnrollmentPreparations calls "GetEnrollmentPreparations" D-Bus Interface.
func (*AttestationDBus) GetKeyInfo ¶
func (c *AttestationDBus) GetKeyInfo(ctx context.Context, req *apb.GetKeyInfoRequest) (*apb.GetKeyInfoReply, error)
GetKeyInfo calls "GetKeyInfo" D-Bus Interface.
func (*AttestationDBus) GetStatus ¶
func (c *AttestationDBus) GetStatus(ctx context.Context, req *apb.GetStatusRequest) (*apb.GetStatusReply, error)
GetStatus calls "GetStatus" D-Bus Interface.
func (*AttestationDBus) RegisterKeyWithChapsToken ¶
func (c *AttestationDBus) RegisterKeyWithChapsToken(ctx context.Context, req *apb.RegisterKeyWithChapsTokenRequest) (*apb.RegisterKeyWithChapsTokenReply, error)
RegisterKeyWithChapsToken calls "RegisterKeyWithChapsToken" D-Bus Interface.
func (*AttestationDBus) ResetIdentity ¶
func (c *AttestationDBus) ResetIdentity(ctx context.Context, req *apb.ResetIdentityRequest) (*apb.ResetIdentityReply, error)
ResetIdentity calls "ResetIdentity" D-Bus Interface.
func (*AttestationDBus) SetKeyPayload ¶
func (c *AttestationDBus) SetKeyPayload(ctx context.Context, req *apb.SetKeyPayloadRequest) (*apb.SetKeyPayloadReply, error)
SetKeyPayload calls "SetKeyPayload" D-Bus Interface.
func (*AttestationDBus) Sign ¶
func (c *AttestationDBus) Sign(ctx context.Context, req *apb.SignRequest) (*apb.SignReply, error)
Sign calls "Sign" D-Bus Interface.
func (*AttestationDBus) SignEnterpriseChallenge ¶
func (c *AttestationDBus) SignEnterpriseChallenge(ctx context.Context, req *apb.SignEnterpriseChallengeRequest) (*apb.SignEnterpriseChallengeReply, error)
SignEnterpriseChallenge calls "SignEnterpriseChallenge" D-Bus Interface.
func (*AttestationDBus) SignSimpleChallenge ¶
func (c *AttestationDBus) SignSimpleChallenge(ctx context.Context, req *apb.SignSimpleChallengeRequest) (*apb.SignSimpleChallengeReply, error)
SignSimpleChallenge calls "SignSimpleChallenge" D-Bus Interface.
func (*AttestationDBus) Verify ¶
func (c *AttestationDBus) Verify(ctx context.Context, req *apb.VerifyRequest) (*apb.VerifyReply, error)
Verify calls "Verify" D-Bus Interface.
type AttestationHelperLocal ¶
type AttestationHelperLocal struct {
hwsec.AttestationHelper
}
AttestationHelperLocal extends the function set of hwsec.AttestationHelper
func NewAttestationHelper ¶
func NewAttestationHelper(ctx context.Context) (*AttestationHelperLocal, error)
NewAttestationHelper creates a new hwsec.AttestationHelper instance that make use of the functions implemented by AttestationHelperLocal.
type AttestationLocalInfra ¶
type AttestationLocalInfra struct {
// contains filtered or unexported fields
}
AttestationLocalInfra enables/disables the local server implementation on DUT.
func NewAttestationLocalInfra ¶
func NewAttestationLocalInfra(dc *hwsec.DaemonController) *AttestationLocalInfra
NewAttestationLocalInfra creates a new AttestationLocalInfra instance, with dc used to control the D-Bus service daemons.
type CmdHelperLocal ¶
type CmdHelperLocal struct { hwsec.CmdTPMClearHelper CmdHelperLocalImpl }
CmdHelperLocal extends the function set of hwsec.CmdHelper
type CmdHelperLocalImpl ¶
type CmdHelperLocalImpl struct {
// contains filtered or unexported fields
}
CmdHelperLocalImpl implements the helper functions for CmdHelperLocal
func (*CmdHelperLocalImpl) EnsureTPMIsReadyAndBackupSecrets ¶
func (h *CmdHelperLocalImpl) EnsureTPMIsReadyAndBackupSecrets(ctx context.Context, timeout time.Duration) error
EnsureTPMIsReadyAndBackupSecrets ensures TPM readiness and then backs up tpm manager local data so we can restore important secrets if needed.
type CmdRunnerLocal ¶
type CmdRunnerLocal struct {
// contains filtered or unexported fields
}
CmdRunnerLocal implements CmdRunner for local test.
func NewCmdRunner ¶
func NewCmdRunner() *CmdRunnerLocal
NewCmdRunner creates a new command runner for local test.
func NewLoglessCmdRunner ¶
func NewLoglessCmdRunner() *CmdRunnerLocal
NewLoglessCmdRunner creates a new command runner for local test, which wouldn't print logs.
func (*CmdRunnerLocal) RunWithCombinedOutput ¶
func (r *CmdRunnerLocal) RunWithCombinedOutput(ctx context.Context, cmd string, args ...string) ([]byte, error)
RunWithCombinedOutput implements hwsec.CmdRunner.RunWithCombinedOutput.
type FakePCAAgent ¶
type FakePCAAgent struct {
// contains filtered or unexported fields
}
FakePCAAgent performs the execution and terminiation of the fake pca agent.
func FakePCAAgentContext ¶
func FakePCAAgentContext(ctx context.Context) *FakePCAAgent
FakePCAAgentContext creates a new FakePCAAgent where context is used when calling the commands.
func (*FakePCAAgent) Start ¶
func (f *FakePCAAgent) Start() error
Start starts running the fake pca agent.
func (*FakePCAAgent) Stop ¶
func (f *FakePCAAgent) Stop() error
Stop signals the fake pca agent with SIGTERM as upstart does to daemons, and waits for its termination.
type FullHelperLocal ¶
type FullHelperLocal struct { hwsec.FullHelper CmdHelperLocalImpl }
FullHelperLocal extends the function set of hwsec.FullHelper
func NewFullHelper ¶
NewFullHelper creates a new hwsec.FullHelper with a local AttestationClient.
type LocalVA ¶
type LocalVA struct{}
LocalVA implements the VA functionality by hwsec-test-va binary.
func (*LocalVA) GetDecodedVAChallenge ¶
GetDecodedVAChallenge get the VA challenge generated by hwsec-test-va.
type PCAAgentClient ¶
type PCAAgentClient struct{}
PCAAgentClient delegates the request handling to the pca_agent_client command line tool.
func NewPCAAgentClient ¶
func NewPCAAgentClient() *PCAAgentClient
NewPCAAgentClient creates a new instance of RealVA.
func (*PCAAgentClient) HandleCertificateRequest ¶
func (rp *PCAAgentClient) HandleCertificateRequest(ctx context.Context, request string, pcaType hwsec.PCAType) (string, error)
HandleCertificateRequest calls pca_agent_client to process the certificate request.
func (*PCAAgentClient) HandleEnrollRequest ¶
func (rp *PCAAgentClient) HandleEnrollRequest(ctx context.Context, request string, pcaType hwsec.PCAType) (string, error)
HandleEnrollRequest calls pca_agent_client to process the enroll request.
type TPMClearer ¶
type TPMClearer struct {
// contains filtered or unexported fields
}
TPMClearer clear the TPM via crossystem, this would only work on TPM2.0.
func NewTPMClearer ¶
func NewTPMClearer(cmdRunner hwsec.CmdRunner, daemonController *hwsec.DaemonController) *TPMClearer
NewTPMClearer creates a new TPMClearer object, where r is used to run the command internally.
func (*TPMClearer) ClearTPM ¶
func (tc *TPMClearer) ClearTPM(ctx context.Context) error
ClearTPM soft clears the TPM.
func (*TPMClearer) PostClearTPM ¶
func (tc *TPMClearer) PostClearTPM(ctx context.Context) error
PostClearTPM restores the system key and ensures TPM daemon is up.
func (*TPMClearer) PreClearTPM ¶
func (tc *TPMClearer) PreClearTPM(ctx context.Context) error
PreClearTPM backups the system key.