rancher/kcrypt-challenger
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt-challenger.git synced 2025-04-28 03:11:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Simplify challenge

Browse Source 
Signed-off-by: mudler <mudler@c3os.io>
This commit is contained in:
mudler 2023-01-18 16:09:47 +01:00
parent df0fb4a341
commit 2603757f2c
3 changed files with 10 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -6,7 +6,7 @@ require (
github.com/gorilla/websocket v1.5.0
github.com/jaypipes/ghw v0.9.0
github.com/kairos-io/kcrypt v0.4.5-0.20230118125949-27183fbce7ea
github.com/kairos-io/tpm-helpers v0.0.0-20230118144616-3f28d1857da9
github.com/kairos-io/tpm-helpers v0.0.0-20230118150816-18d63f3a8c83
github.com/mudler/go-pluggable v0.0.0-20220716112424-189d463e3ff3
github.com/onsi/ginkgo v1.16.5
github.com/onsi/ginkgo/v2 v2.7.0

2
go.sum
View File

@ -506,6 +506,8 @@ github.com/kairos-io/kcrypt v0.4.5-0.20230118125949-27183fbce7ea h1:1gnZW0HJt1Ye
github.com/kairos-io/kcrypt v0.4.5-0.20230118125949-27183fbce7ea/go.mod h1:w8k7pDYjFVvt/qsEDNN/nt9qw4URg70cEKLPHGhnNgU=
github.com/kairos-io/tpm-helpers v0.0.0-20230118144616-3f28d1857da9 h1:tFaUS+aflMccC47F7njJBGzi9epZvUjwj+026qGE4Es=
github.com/kairos-io/tpm-helpers v0.0.0-20230118144616-3f28d1857da9/go.mod h1:6YGebKVrPoJGBd9QE+x4zyuo3vPw1y33iQkNChjlBo8=
github.com/kairos-io/tpm-helpers v0.0.0-20230118150816-18d63f3a8c83 h1:iMkcVgFwK943ssSyuHK2/iPzOqNnz496TMbdPx/WP6A=
github.com/kairos-io/tpm-helpers v0.0.0-20230118150816-18d63f3a8c83/go.mod h1:6YGebKVrPoJGBd9QE+x4zyuo3vPw1y33iQkNChjlBo8=
github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=

23
pkg/challenger/challenger.go
View File

@ -88,7 +88,13 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
label := r.Header.Get("label")
name := r.Header.Get("name")
uuid := r.Header.Get("uuid")
ek, at, err := tpm.GetAttestationData(token)
if err := tpm.AuthRequest(r, conn); err != nil {
fmt.Println("error validating challenge", err.Error())
return
}
ek, _, err := tpm.GetAttestationData(token)
if err != nil {
fmt.Println("Failed getting tpm token")
@ -115,22 +121,7 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
return
}
secret, challenge, err := tpm.GenerateChallenge(ek, at)
if err != nil {
fmt.Println("error", err.Error())
return
}
resp, _ := writeRead(conn, challenge)
if err := tpm.ValidateChallenge(secret, resp); err != nil {
fmt.Println("error validating challenge", err.Error(), string(resp))
return
}
fmt.Println("challenge done")
writer, _ := conn.NextWriter(websocket.BinaryMessage)
if !sealedVolumeData.Quarantined {
secret, err := kclient.CoreV1().Secrets(namespace).Get(ctx, sealedVolumeData.SecretName, v1.GetOptions{})
if err == nil {