Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-18 03:30:18 -04:00
Code Issues Projects Releases Packages Wiki Activity

adjusted client side key derivation

Browse source
This commit is contained in:
miampf 2025-01-07 15:56:45 +01:00
parent a8ace9cd23
commit 53a9af82e0
No known key found for this signature in database
GPG key ID: EF039364B5B6886C
3 changed files with 18 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cli/internal/cmd/BUILD.bazel
View file

@ -37,6 +37,7 @@ go_library(
"miniup_linux_amd64.go", "miniup_linux_amd64.go",
"recover.go", "recover.go",
"spinner.go", "spinner.go",
"ssh.go",
"status.go", "status.go",
"terminate.go", "terminate.go",
"upgrade.go", "upgrade.go",
@ -46,7 +47,6 @@ go_library(
"validargs.go", "validargs.go",
"verify.go", "verify.go",
"version.go", "version.go",
"ssh.go",
], ],
importpath = "github.com/edgelesssys/constellation/v2/cli/internal/cmd", importpath = "github.com/edgelesssys/constellation/v2/cli/internal/cmd",
visibility = ["//cli:__subpackages__"], visibility = ["//cli:__subpackages__"],
@ -117,8 +117,8 @@ go_library(
"//internal/attestation/azure/tdx", "//internal/attestation/azure/tdx",
"@com_github_google_go_sev_guest//proto/sevsnp", "@com_github_google_go_sev_guest//proto/sevsnp",
"@com_github_google_go_tpm_tools//proto/attest", "@com_github_google_go_tpm_tools//proto/attest",
"@org_golang_x_crypto//hkdf",
"@org_golang_x_crypto//ssh", "@org_golang_x_crypto//ssh",
"//internal/kms/setup",
] + select({ ] + select({
"@io_bazel_rules_go//go/platform:android_amd64": [ "@io_bazel_rules_go//go/platform:android_amd64": [
"@org_golang_x_sys//unix", "@org_golang_x_sys//unix",

19
cli/internal/cmd/ssh.go
View file

@ -7,18 +7,20 @@ SPDX-License-Identifier: AGPL-3.0-only
package cmd package cmd
import ( import (
"bytes"
"crypto/ed25519" "crypto/ed25519"
"crypto/rand" "crypto/rand"
"crypto/sha256"
"fmt" "fmt"
"time" "time"
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/crypto"
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/kms/setup"
"github.com/edgelesssys/constellation/v2/internal/kms/uri"
"github.com/spf13/afero" "github.com/spf13/afero"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"golang.org/x/crypto/hkdf"
"golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh"
) )
@ -60,8 +62,17 @@ func runSSH(cmd *cobra.Command, _ []string) error {
return err return err
} }
hkdf := hkdf.New(sha256.New, mastersecret.Key, mastersecret.Salt, []byte("ssh-ca")) mastersecret_uri := uri.MasterSecret{Key: mastersecret.Key, Salt: mastersecret.Salt}
_, priv, err := ed25519.GenerateKey(hkdf) kms, err := setup.KMS(cmd.Context(), uri.NoStoreURI, mastersecret_uri.EncodeToURI())
if err != nil {
return err
}
key, err := kms.GetDEK(cmd.Context(), crypto.DEKPrefix, 256)
if err != nil {
return err
}
_, priv, err := ed25519.GenerateKey(bytes.NewReader(key))
if err != nil { if err != nil {
return err return err
} }

1
keyservice/internal/server/BUILD.bazel
View file

@ -15,6 +15,7 @@ go_library(
"@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//:grpc",
"@org_golang_google_grpc//codes", "@org_golang_google_grpc//codes",
"@org_golang_google_grpc//status", "@org_golang_google_grpc//status",
"@org_golang_x_crypto//ssh",
], ],
) )