Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-04-20 07:25:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

adjusted client side key derivation

Browse Source
This commit is contained in:
miampf 2025-01-07 15:56:45 +01:00
parent a8ace9cd23
commit 53a9af82e0
No known key found for this signature in database
GPG Key ID: EF039364B5B6886C
3 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cli/internal/cmd/BUILD.bazel
View File

@ -37,6 +37,7 @@ go_library(
"miniup_linux_amd64.go",
"recover.go",
"spinner.go",
"ssh.go",
"status.go",
"terminate.go",
"upgrade.go",
@ -46,7 +47,6 @@ go_library(
"validargs.go",
"verify.go",
"version.go",
"ssh.go",
],
importpath = "github.com/edgelesssys/constellation/v2/cli/internal/cmd",
visibility = ["//cli:__subpackages__"],
@ -117,8 +117,8 @@ go_library(
"//internal/attestation/azure/tdx",
"@com_github_google_go_sev_guest//proto/sevsnp",
"@com_github_google_go_tpm_tools//proto/attest",
"@org_golang_x_crypto//hkdf",
"@org_golang_x_crypto//ssh",
"//internal/kms/setup",
] + select({
"@io_bazel_rules_go//go/platform:android_amd64": [
"@org_golang_x_sys//unix",

19
cli/internal/cmd/ssh.go
View File

@ -7,18 +7,20 @@ SPDX-License-Identifier: AGPL-3.0-only
package cmd
import (
"bytes"
"crypto/ed25519"
"crypto/rand"
"crypto/sha256"
"fmt"
"time"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/crypto"
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/kms/setup"
"github.com/edgelesssys/constellation/v2/internal/kms/uri"
"github.com/spf13/afero"
"github.com/spf13/cobra"
"golang.org/x/crypto/hkdf"
"golang.org/x/crypto/ssh"
)
@ -60,8 +62,17 @@ func runSSH(cmd *cobra.Command, _ []string) error {
return err
}
hkdf := hkdf.New(sha256.New, mastersecret.Key, mastersecret.Salt, []byte("ssh-ca"))
_, priv, err := ed25519.GenerateKey(hkdf)
mastersecret_uri := uri.MasterSecret{Key: mastersecret.Key, Salt: mastersecret.Salt}
kms, err := setup.KMS(cmd.Context(), uri.NoStoreURI, mastersecret_uri.EncodeToURI())
if err != nil {
return err
}
key, err := kms.GetDEK(cmd.Context(), crypto.DEKPrefix, 256)
if err != nil {
return err
}
_, priv, err := ed25519.GenerateKey(bytes.NewReader(key))
if err != nil {
return err
}

1
keyservice/internal/server/BUILD.bazel
View File

@ -15,6 +15,7 @@ go_library(
"@org_golang_google_grpc//:grpc",
"@org_golang_google_grpc//codes",
"@org_golang_google_grpc//status",
"@org_golang_x_crypto//ssh",
],
)