rancher/kcrypt-challenger
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt-challenger.git synced 2025-08-31 14:20:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Attempt to get also from part name

Browse Source
This commit is contained in:
Ettore Di Giacinto
2022-10-17 19:08:45 +00:00
parent 673bfcbd56
commit 770814996b
2 changed files with 32 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
cmd/discovery/main.go
View File

@@ -31,6 +31,23 @@ func checkErr(err error) {
os.Exit(0) os.Exit(0)
} }
func getPass(server, label string) (string, error) {
msg, err := tpm.Get(server, tpm.WithAdditionalHeader("label", label))
if err != nil {
return "", err
}
result := map[string]interface{}{}
err = json.Unmarshal(msg, &result)
if err != nil {
return "", err
}
p, ok := result["passphrase"]
if ok {
return fmt.Sprint(p), nil
}
return "", fmt.Errorf("pass for label not found")
}
// echo '{ "data": "{ \\"label\\": \\"LABEL\\" }"}' | sudo -E WSS_SERVER="http://localhost:8082/challenge" ./challenger "discovery.password" // echo '{ "data": "{ \\"label\\": \\"LABEL\\" }"}' | sudo -E WSS_SERVER="http://localhost:8082/challenge" ./challenger "discovery.password"
func start() error { func start() error {
factory := pluggable.NewPluginFactory() factory := pluggable.NewPluginFactory()
@@ -52,7 +69,6 @@ func start() error {
// Input: bus.EventInstallPayload // Input: bus.EventInstallPayload
// Expected output: map[string]string{} // Expected output: map[string]string{}
factory.Add(bus.EventDiscoveryPassword, func(e *pluggable.Event) pluggable.EventResponse { factory.Add(bus.EventDiscoveryPassword, func(e *pluggable.Event) pluggable.EventResponse {
if server == "" { if server == "" {
return pluggable.EventResponse{ return pluggable.EventResponse{
Error: "no server configured", Error: "no server configured",
@@ -67,28 +83,18 @@ func start() error {
} }
} }
msg, err := tpm.Get(server, tpm.WithAdditionalHeader("label", b.Label)) pass, err := getPass(server, b.Label)
if err != nil {
pass, err = getPass(server, b.Name)
if err != nil { if err != nil {
return pluggable.EventResponse{ return pluggable.EventResponse{
Error: fmt.Sprintf("failed contacting from wss server: %s", err.Error()), Error: fmt.Sprintf("failed getting pass: %s", err.Error()),
} }
} }
result := map[string]interface{}{}
err = json.Unmarshal(msg, &result)
if err != nil {
return pluggable.EventResponse{
Error: fmt.Sprintf("failed reading from wss server: %s", err.Error()),
}
}
p, ok := result["passphrase"]
if !ok {
return pluggable.EventResponse{
Error: "not found",
}
} }
return pluggable.EventResponse{ return pluggable.EventResponse{
Data: fmt.Sprint(p), Data: pass,
} }
}) })

6
config/crd/bases/keyserver.kairos.io_sealedvolumes.yaml
View File

@@ -37,15 +37,15 @@ spec:
properties: properties:
TPMHash: TPMHash:
type: string type: string
label: partitionSecrets:
type: string additionalProperties:
passphraseRef:
properties: properties:
name: name:
type: string type: string
path: path:
type: string type: string
type: object type: object
type: object
quarantined: quarantined:
type: boolean type: boolean
type: object type: object