github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/config.go

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/config.go (about)

     1  // Copyright (c) 2015, Google, Inc.  All rights reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package tao
    16  
    17  import (
    18  	"os"
    19  )
    20  
    21  // The HostTaoType is the type of Tao (either a Root of trust, or Stacked on
    22  // another Tao)
    23  type HostTaoType int
    24  
    25  // These constants represent the different types of configurations for the Tao.
    26  const (
    27  	NoHost HostTaoType = iota
    28  	Root
    29  	Stacked
    30  )
    31  
    32  // HostTaoTypeMap maps strings to the type of a host Tao.
    33  var HostTaoTypeMap = map[string]HostTaoType{
    34  	"none":    NoHost,
    35  	"root":    Root,
    36  	"stacked": Stacked,
    37  }
    38  
    39  // The HostedProgramType represents the type of hosted programs and the channel
    40  // type used for communication between the Host and the Hosted Program.
    41  type HostedProgramType int
    42  
    43  // These constants represent the different configurations of hosted programs and
    44  // communication channels.
    45  const (
    46  	NoHostedPrograms HostedProgramType = iota
    47  	ProcessPipe
    48  	DockerUnix
    49  	KVMCoreOSFile
    50  	KVMCustom
    51  )
    52  
    53  // HostedProgramTypeMap maps strings to the type of a hosted program.
    54  var HostedProgramTypeMap = map[string]HostedProgramType{
    55  	"none":       NoHostedPrograms,
    56  	"process":    ProcessPipe,
    57  	"docker":     DockerUnix,
    58  	"kvm_coreos": KVMCoreOSFile,
    59  	"kvm_custom": KVMCustom,
    60  }
    61  
    62  // A Config stores the information about the Tao, its Host Tao, and the way
    63  // it creates Hosted Programs.
    64  type Config struct {
    65  	HostType        HostTaoType
    66  	HostChannelType string
    67  	HostSpec        string
    68  	HostedType      HostedProgramType
    69  
    70  	// Variables for the TPM configuration
    71  	TPMAIKPath     string
    72  	TPMAIKCertPath string
    73  	TPMPCRs        string
    74  	TPMDevice      string
    75  
    76  	TPM2InfoDir   string
    77  	TPM2PCRs      string
    78  	TPM2Device    string
    79  	TPM2EkCert    string
    80  	TPM2QuoteCert string
    81  	TPM2SealCert  string
    82  }
    83  
    84  // IsValid checks a Config for validity.
    85  func (tc Config) IsValid() bool {
    86  	// All valid Tao configs support creating hosted programs.
    87  	if tc.HostedType == NoHostedPrograms {
    88  		return false
    89  	}
    90  
    91  	switch tc.HostType {
    92  	case NoHost:
    93  		return false
    94  	case Root:
    95  		if tc.HostChannelType != "" || tc.HostType != NoHost {
    96  			return false
    97  		}
    98  
    99  		// There are no constraints on the hosted-program types for a
   100  		// root Tao.
   101  	case Stacked:
   102  		if tc.HostChannelType == "" || tc.HostSpec == "" {
   103  			return false
   104  		}
   105  	default:
   106  		return false
   107  	}
   108  
   109  	return true
   110  }
   111  
   112  // NewConfigFromString creates a new Config using strings representing the
   113  // options.
   114  func NewConfigFromString(htt, htct, f, hpt, tpmaik, tpmpcrs, tpmdev string) Config {
   115  	tc := Config{}
   116  	switch htt {
   117  	case "none", "":
   118  		tc.HostType = NoHost
   119  	case "root":
   120  		tc.HostType = Root
   121  	case "stacked":
   122  		tc.HostType = Stacked
   123  	default:
   124  		tc.HostType = NoHost
   125  	}
   126  
   127  	tc.HostChannelType = htct
   128  	if htct == "tpm" {
   129  		// TODO(tmroeder): check the TPM variables here and add them to
   130  		// the config in some way.
   131  		tc.TPMAIKPath = tpmaik
   132  		tc.TPMPCRs = tpmpcrs
   133  		tc.TPMDevice = tpmdev
   134  	}
   135  	if htct == "tpm2" {
   136  		// tc.TPM2InfoDir string
   137  		tc.TPM2PCRs = tpmpcrs
   138  		tc.TPM2Device = tpmdev
   139  		// tc.TPM2EkCert string
   140  		// tc.TPM2QuoteCert string
   141  	}
   142  
   143  	if f != "" {
   144  		tc.HostSpec = f
   145  	}
   146  
   147  	switch hpt {
   148  	case "process":
   149  		tc.HostedType = ProcessPipe
   150  	case "docker":
   151  		tc.HostedType = DockerUnix
   152  	case "kvm_coreos":
   153  		tc.HostedType = KVMCoreOSFile
   154  	case "kvm_custom":
   155  		tc.HostedType = KVMCustom
   156  	default:
   157  		tc.HostedType = NoHostedPrograms
   158  	}
   159  
   160  	return tc
   161  }
   162  
   163  // NewConfigFromEnv creates a Config using values drawn from environment
   164  // variables.
   165  func NewConfigFromEnv() Config {
   166  	htt := os.Getenv(HostTypeEnvVar)
   167  	htct := os.Getenv(HostChannelTypeEnvVar)
   168  	f := os.Getenv(HostSpecEnvVar)
   169  	hpt := os.Getenv(HostedTypeEnvVar)
   170  	tpmaik := os.Getenv(TaoTPMAIKEnvVar)
   171  	tpmpcrs := os.Getenv(TaoTPMPCRsEnvVar)
   172  	tpmdev := os.Getenv(TaoTPMDeviceEnvVar)
   173  
   174  	return NewConfigFromString(htt, htct, f, hpt, tpmaik, tpmpcrs, tpmdev)
   175  }
   176  
   177  // Merge combines two Config values into one. The parameter value take
   178  // precendence over the existing values unless an incoming value is NoHost,
   179  // NoChannel, or NoHostedPrograms. This is used to merge a config taken from the
   180  // environment with a config specified explicitly on the command line. The
   181  // latter takes precedence where it is explicitly given.
   182  func (tc *Config) Merge(c Config) {
   183  	if tc.HostType == NoHost || c.HostType != NoHost {
   184  		tc.HostType = c.HostType
   185  	}
   186  
   187  	if tc.HostChannelType == "" || c.HostChannelType != "" {
   188  		tc.HostChannelType = c.HostChannelType
   189  	}
   190  
   191  	if tc.HostSpec == "" || c.HostSpec != "" {
   192  		tc.HostSpec = c.HostSpec
   193  	}
   194  
   195  	if tc.HostedType == NoHostedPrograms || c.HostedType != NoHostedPrograms {
   196  		tc.HostedType = c.HostedType
   197  	}
   198  
   199  	if tc.TPMAIKPath == "" || c.TPMAIKPath != "" {
   200  		tc.TPMAIKPath = c.TPMAIKPath
   201  	}
   202  
   203  	if tc.TPMPCRs == "" || c.TPMPCRs != "" {
   204  		tc.TPMPCRs = c.TPMPCRs
   205  	}
   206  
   207  	if tc.TPMDevice == "" || c.TPMDevice != "" {
   208  		tc.TPMDevice = c.TPMDevice
   209  	}
   210  
   211  	if tc.TPMAIKCertPath == "" || c.TPMAIKCertPath != "" {
   212  		tc.TPMAIKCertPath = c.TPMAIKCertPath
   213  	}
   214  
   215  	if tc.TPM2InfoDir == "" || c.TPM2InfoDir != "" {
   216  		tc.TPM2InfoDir = c.TPM2InfoDir
   217  	}
   218  
   219  	if tc.TPM2PCRs == "" || c.TPM2PCRs != "" {
   220  		tc.TPM2PCRs = c.TPM2PCRs
   221  	}
   222  
   223  	if tc.TPM2Device == "" || c.TPM2Device != "" {
   224  		tc.TPM2Device = c.TPM2Device
   225  	}
   226  
   227  	if tc.TPM2EkCert == "" || c.TPM2EkCert != "" {
   228  		tc.TPM2EkCert = c.TPM2EkCert
   229  	}
   230  
   231  	if tc.TPM2QuoteCert == "" || c.TPM2QuoteCert != "" {
   232  		tc.TPM2QuoteCert = c.TPM2QuoteCert
   233  	}
   234  }