crypto

package
v0.0.0-...-e27b971 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 30, 2025 License: AGPL-3.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KEY_DIR       = "keys"
	PRIVATE_KEY   = KEY_DIR + "/private.key"
	CERT_FILE     = KEY_DIR + "/cert.pem"
	CERT_DER_FILE = KEY_DIR + "/cert.der"
	VALIDITY_DAYS = 365
	KEY_SIZE      = 256
	CERT_SUBJECT  = "DNSObelisk Security Framework"
	CUSTOM_OID    = "1.3.6.1.4.1.2312.19.1"
)
View Source 
const (
	MAX_DATA_SIZE = 1024 * 1024
	DUMP_CA_LSM   = true
)

Variables

This section is empty.

Functions

func AddKernelKeyRing 

func AddKernelKeyRing(config *NodeAgentCryptoConfig) error

func CleanOlderCrypoDir 

func CleanOlderCrypoDir() error

Clean older crypto dir if any exists and ensure the keys are always ephemeral

func CleanupKernelKeyRing 

func CleanupKernelKeyRing() error

func GetEbpFProgSignKeyringId 

func GetEbpFProgSignKeyringId() (uint32, error)

func GetKeyRingSessionId 

func GetKeyRingSessionId() (int, error)

func GetRootKeyRingId 

func GetRootKeyRingId() (uint32, error)

func NewCryptoBpfLsmWithLocalCAConfig 

func NewCryptoBpfLsmWithLocalCAConfig(ctx context.Context, agentCryptoConfig *NodeAgentCryptoConfig) func(*CryptoBpfLsm)

func NewCryptoBpfLsmWithLocalControllerRpcConfig 

func NewCryptoBpfLsmWithLocalControllerRpcConfig(ctx context.Context,
	controllerEnabledZtEnfoce bool, rpcClient *controllerrpc.AgentControllerRpcServices) func(*CryptoBpfLsm)

func SignRawBpf 

func SignRawBpf(progPath string)

func VerifyKeyRinggenerated 

func VerifyKeyRinggenerated() (string, error)

Types

type CompiledProgInfo 

type CompiledProgInfo struct {
	Data    [1024 * 1024]byte
	DataLen uint32
	Sig     [4096]byte
	SigLen  uint32
}

type CryptoBpfLsm 

type CryptoBpfLsm struct {
	PinnedMaps                []string
	LsmProgCollection         *ebpf.Collection
	AgentCryptoConfig         *NodeAgentCryptoConfig
	Program                   *ebpf.Program
	Link                      link.Link
	ControllerEnabledZtEnfoce bool
	AgentRpcClient            *controllerrpc.AgentControllerRpcServices
}

func New 

func New(options ...func(*CryptoBpfLsm)) *CryptoBpfLsm

func (*CryptoBpfLsm) InjectLSMProgsPostSignatureGenerate 

func (lsm *CryptoBpfLsm) InjectLSMProgsPostSignatureGenerate(ebpfProgRaw []byte,
	ebpfProg *ebpf.ProgramInfo, keyringconfigInfo *KernelCryptoKeyRingIds) error

func (*CryptoBpfLsm) InjectLsmProg 

func (lsm *CryptoBpfLsm) InjectLsmProg(ctx context.Context) error

func (*CryptoBpfLsm) RemoveCryptoLSMProgs 

func (lsm *CryptoBpfLsm) RemoveCryptoLSMProgs() error

func (*CryptoBpfLsm) RequestControllerForBpfProgSign 

func (lsm *CryptoBpfLsm) RequestControllerForBpfProgSign(ebpfProgRaw []byte,
	progInfo *ebpf.ProgramInfo) error

this is the global layered bpf prog enforcement for the agent in datapalne request controller to sign the raw bytecode before inject in LSM

type Hash 

type Hash struct {
	SkbHash uint32
}

handle all crypto secruity for node agent hash injected in kernel for random hashes

func (*Hash) GetRandomBootSkbMark 

func (h *Hash) GetRandomBootSkbMark()

type KernelCryptoKeyRingIds 

type KernelCryptoKeyRingIds struct {
	SessionId         uint32
	RootKeyringId     uint32
	EbpfSignKeyringId uint32
}

type ModifiedJitProgInfo 

type ModifiedJitProgInfo struct {
	Data    [MAX_DATA_SIZE]byte
	DataLen uint32
	Sig     [4096]byte
	SigLen  uint32
	Prog    asm.Instruction
}

type ModifiedSig 

type ModifiedSig struct {
	Sig    [4096]byte
	SigLen uint32
}

type NodeAgentCryptoConfig 

type NodeAgentCryptoConfig struct {
	Cert    *x509.Certificate
	Key     *ecdsa.PrivateKey
	KeySize int
}

func GenerateBPFCert 

func GenerateBPFCert() (*NodeAgentCryptoConfig, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.