| Jiri Simsa | 756772c | 2015-03-25 15:40:54 -0700 | [diff] [blame] | 1 | // Copyright 2015 The Vanadium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style |
| 3 | // license that can be found in the LICENSE file. |
| 4 | |
| Todd Wang | 8850968 | 2015-04-10 10:28:24 -0700 | [diff] [blame] | 5 | // Package agent defines an interface to keep a private key in memory, and for |
| 6 | // clients to have access to the private key. |
| Ryan Brown | 8178944 | 2014-10-30 13:23:53 -0700 | [diff] [blame] | 7 | // |
| Todd Wang | 8850968 | 2015-04-10 10:28:24 -0700 | [diff] [blame] | 8 | // Protocol |
| Ryan Brown | 8178944 | 2014-10-30 13:23:53 -0700 | [diff] [blame] | 9 | // |
| 10 | // The agent starts processes with the VEYRON_AGENT_FD set to one end of a |
| 11 | // unix domain socket. To connect to the agent, a client should create |
| 12 | // a unix domain socket pair. Then send one end of the socket to the agent |
| 13 | // with 1 byte of data. The agent will then serve the Agent service on |
| Suharsh Sivakumar | 2c5d810 | 2015-03-23 08:49:12 -0700 | [diff] [blame] | 14 | // the received socket, using SecurityNone. |
| Ryan Brown | 8178944 | 2014-10-30 13:23:53 -0700 | [diff] [blame] | 15 | // |
| 16 | // The agent also supports an optional mode where it can manage multiple principals. |
| Bogdan Caprita | 2b21936 | 2014-12-09 17:03:33 -0800 | [diff] [blame] | 17 | // Typically this is only used by Device Manager. In this mode, VEYRON_AGENT_FD |
| Ryan Brown | 8178944 | 2014-10-30 13:23:53 -0700 | [diff] [blame] | 18 | // will be 3, and there will be another socket at fd 4. |
| 19 | // Creating a new principal is similar to connecting to to agent: create a socket |
| 20 | // pair and send one end on fd 4 with 1 byte of data. |
| 21 | // Set the data to 1 to request the principal only be stored in memory. |
| 22 | // The agent will create a new principal and respond with a principal handle on fd 4. |
| 23 | // To connect using a previously created principal, create a socket pair and send |
| Ryan Brown | 81bcb3a | 2015-02-11 10:58:01 -0800 | [diff] [blame] | 24 | // one end with the principal handle as data on fd 4. The agent will not send a |
| Ryan Brown | 8178944 | 2014-10-30 13:23:53 -0700 | [diff] [blame] | 25 | // response on fd 4. |
| 26 | // In either, you can use the normal process to connect to an agent over the |
| 27 | // other end of the pair. Typically you would pass the other end to a child |
| 28 | // process and set VEYRON_AGENT_FD so it knows to connect. |
| Ryan Brown | 81bcb3a | 2015-02-11 10:58:01 -0800 | [diff] [blame] | 29 | // |
| 30 | // The protocol also has limited support for caching: A client can |
| 31 | // request notification when any other client modifies the principal so it |
| 32 | // can flush the cache. See NotifyWhenChanged for details. |
| Todd Wang | 8850968 | 2015-04-10 10:28:24 -0700 | [diff] [blame] | 33 | package agent |
| Ryan Brown | fed691e | 2014-09-15 13:09:40 -0700 | [diff] [blame] | 34 | |
| 35 | import ( |
| Jiri Simsa | 6ac9522 | 2015-02-23 16:11:49 -0800 | [diff] [blame] | 36 | "v.io/v23/security" |
| Ryan Brown | fed691e | 2014-09-15 13:09:40 -0700 | [diff] [blame] | 37 | ) |
| 38 | |
| 39 | type Agent interface { |
| Todd Wang | 383e88c | 2014-12-18 01:52:34 -0800 | [diff] [blame] | 40 | Bless(key []byte, wit security.WireBlessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat) (security.WireBlessings | error) |
| 41 | BlessSelf(name string, caveats []security.Caveat) (security.WireBlessings | error) |
| 42 | Sign(message []byte) (security.Signature | error) |
| Todd Wang | b31da59 | 2015-02-20 12:50:39 -0800 | [diff] [blame] | 43 | MintDischarge(forCaveat, caveatOnDischarge security.Caveat, additionalCaveatsOnDischarge []security.Caveat) (security.WireDischarge | error) |
| Todd Wang | 383e88c | 2014-12-18 01:52:34 -0800 | [diff] [blame] | 44 | PublicKey() ([]byte | error) |
| 45 | BlessingsByName(name security.BlessingPattern) ([]security.WireBlessings | error) |
| gauthamt | 8dc9a18 | 2015-01-08 18:03:18 -0800 | [diff] [blame] | 46 | BlessingsInfo(blessings security.WireBlessings) (map[string][]security.Caveat | error) |
| Ryan Brown | 8178944 | 2014-10-30 13:23:53 -0700 | [diff] [blame] | 47 | AddToRoots(blessing security.WireBlessings) error |
| Suharsh Sivakumar | 8a7fba4 | 2014-10-27 12:40:48 -0700 | [diff] [blame] | 48 | |
| Todd Wang | 383e88c | 2014-12-18 01:52:34 -0800 | [diff] [blame] | 49 | BlessingStoreSet(blessings security.WireBlessings, forPeers security.BlessingPattern) (security.WireBlessings | error) |
| 50 | BlessingStoreForPeer(peerBlessings []string) (security.WireBlessings | error) |
| Ryan Brown | 8178944 | 2014-10-30 13:23:53 -0700 | [diff] [blame] | 51 | BlessingStoreSetDefault(blessings security.WireBlessings) error |
| Todd Wang | 383e88c | 2014-12-18 01:52:34 -0800 | [diff] [blame] | 52 | BlessingStoreDefault() (security.WireBlessings | error) |
| 53 | BlessingStorePeerBlessings() (map[security.BlessingPattern]security.WireBlessings | error) |
| 54 | BlessingStoreDebugString() (string | error) |
| Suharsh Sivakumar | d7d4e22 | 2015-06-22 11:10:44 -0700 | [diff] [blame] | 55 | BlessingStoreCacheDischarge(discharge security.WireDischarge, caveat security.Caveat, impetus security.DischargeImpetus) error |
| 56 | BlessingStoreClearDischarges(discharges []security.WireDischarge) error |
| 57 | BlessingStoreDischarge(caveat security.Caveat, impetus security.DischargeImpetus) (wd security.WireDischarge | error) |
| Suharsh Sivakumar | 8a7fba4 | 2014-10-27 12:40:48 -0700 | [diff] [blame] | 58 | |
| Ryan Brown | 8178944 | 2014-10-30 13:23:53 -0700 | [diff] [blame] | 59 | BlessingRootsAdd(root []byte, pattern security.BlessingPattern) error |
| 60 | BlessingRootsRecognized(root []byte, blessing string) error |
| Ankur | 9e5b772 | 2015-04-28 15:00:25 -0700 | [diff] [blame] | 61 | BlessingRootsDump() (map[security.BlessingPattern][][]byte | error) |
| Todd Wang | 383e88c | 2014-12-18 01:52:34 -0800 | [diff] [blame] | 62 | BlessingRootsDebugString() (string | error) |
| Ryan Brown | 81bcb3a | 2015-02-11 10:58:01 -0800 | [diff] [blame] | 63 | |
| 64 | // Clients using caching should call NotifyWhenChanged upon connecting to |
| 65 | // the server. The server will stream back values whenever the client should |
| 66 | // flush the cache. The streamed value is arbitrary, simply flush whenever |
| 67 | // recieving a new item. |
| 68 | NotifyWhenChanged() stream<_, bool> error |
| Ryan Brown | fed691e | 2014-09-15 13:09:40 -0700 | [diff] [blame] | 69 | } |
| Ryan Brown | 6a6768c | 2015-08-04 11:22:33 -0700 | [diff] [blame] | 70 | |
| 71 | type ConnInfo struct { |
| 72 | MinVersion, MaxVersion int32 |
| 73 | } |
| 74 | |
| 75 | type RpcRequest struct { |
| 76 | Id uint64 |
| 77 | Method string |
| 78 | NumArgs uint32 |
| 79 | } |
| 80 | |
| 81 | type RpcResponse struct { |
| 82 | Id uint64 |
| 83 | Err error |
| 84 | NumArgs uint32 |
| 85 | } |
| 86 | |
| 87 | type RpcMessage union { |
| 88 | Req RpcRequest |
| 89 | Resp RpcResponse |
| 90 | } |
