github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/host.go

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/host.go (about)

     1  // Copyright (c) 2014, Google Inc.  All rights reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package tao
    16  
    17  import (
    18  	"github.com/jlmucb/cloudproxy/go/tao/auth"
    19  )
    20  
    21  // Host is a generic interface for a Tao host that can be configured and driven
    22  // by a variety of host environments. Generally, the host environment is
    23  // responsible for enforcing and managing policy, managing hosted programs (e.g.
    24  // measuring, naming, starting, stopping), communication with hosted programs
    25  // (e.g. channel creation, RPC reception), and other host-specific details.
    26  //
    27  // Because the environment calls Host in response to requests from hosted
    28  // processes invoking the Tao interface, several Host methods resemble methods
    29  // in Tao. Semantics and method signatures differ slightly, however, since the
    30  // environment can add context (e.g., the subprincipal name of the requesting
    31  // child) or do part of the implementation (e.g., manage policy on seal/unseal).
    32  type Host interface {
    33  	// GetRandomBytes returns a slice of n random bytes.
    34  	GetRandomBytes(childSubprin auth.SubPrin, n int) (bytes []byte, err error)
    35  
    36  	// GetSharedSecret returns a slice of n secret bytes.
    37  	GetSharedSecret(tag string, n int) (bytes []byte, err error)
    38  
    39  	// Attest requests the Tao host sign a statement on behalf of the caller.
    40  	Attest(childSubprin auth.SubPrin, issuer *auth.Prin,
    41  		time, expiration *int64, message auth.Form) (*Attestation, error)
    42  
    43  	// Encrypt data so that only this host can access it.
    44  	Encrypt(data []byte) (encrypted []byte, err error)
    45  
    46  	// Decrypt data that only this host can access.
    47  	Decrypt(encrypted []byte) (data []byte, err error)
    48  
    49  	// Notify this Host that a new hosted program has been created.
    50  	AddedHostedProgram(childSubprin auth.SubPrin) error
    51  
    52  	// Notify this Host that a hosted program has been killed.
    53  	RemovedHostedProgram(childSubprin auth.SubPrin) error
    54  
    55  	// Get the Tao principal name assigned to this hosted Tao host. The
    56  	// name encodes the full path from the root Tao, through all
    57  	// intermediary Tao hosts, to this hosted Tao host.
    58  	HostName() auth.Prin
    59  
    60  	// InitCounter initializes a counter with given label.
    61  	InitCounter(label string, c int64) error
    62  
    63  	// GetCounter retrieves a counter with given label.
    64  	GetCounter(label string) (int64, error)
    65  
    66  	// RollbackProtectedSeal encrypts data under rollback protection
    67  	// so only certain hosted programs can unseal it.
    68  	RollbackProtectedSeal(label string, data []byte, policy string) ([]byte, error)
    69  
    70  	// RollbackProtectedUnseal decrypts data under rollback protection.
    71  	RollbackProtectedUnseal(sealed []byte) ([]byte, string, error)
    72  }