Beispiel #1
0
// NewRouterContext generates new keys, loads a local domain configuration from
// path and binds an anonymous listener socket to addr on network
// network. A delegation is requested from the Tao t which is  nominally
// the parent of this hosted program.
func NewRouterContext(path, network, addr string, batchSize int, timeout time.Duration,
	t tao.Tao) (hp *RouterContext, err error) {

	hp = new(RouterContext)
	hp.network = network
	hp.timeout = timeout

	// Generate keys and get attestation from parent.
	if hp.keys, err = tao.NewTemporaryTaoDelegatedKeys(tao.Signing|tao.Crypting, nil, t); err != nil {
		return nil, err
	}

	// Load domain from local configuration.
	if hp.domain, err = tao.LoadDomain(path, nil); err != nil {
		return nil, err
	}

	// Bind address to socket.
	if hp.proxyListener, err = tao.Listen(network, addr, hp.keys, nil, nil, nil); err != nil {
		return nil, err
	}

	// Instantiate the queues.
	hp.sendQueue = NewQueue(network, batchSize, timeout)
	hp.replyQueue = NewQueue(network, batchSize, timeout)
	hp.killQueue = make(chan bool)
	hp.killQueueErrorHandler = make(chan bool)
	go hp.sendQueue.DoQueue(hp.killQueue)
	go hp.replyQueue.DoQueue(hp.killQueue)
	go hp.sendQueue.DoQueueErrorHandler(hp.replyQueue, hp.killQueueErrorHandler)
	go hp.replyQueue.DoQueueErrorHandlerLog("reply queue", hp.killQueueErrorHandler)

	return hp, nil
}
Beispiel #2
0
func main() {
	flag.Parse()
	domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
	if err != nil {
		glog.Exitf("Couldn't load the config path %s: %s\n", *configPath, err)
		return
	}

	sock, err := net.Listen(*network, *addr)
	if err != nil {
		glog.Exit("Couldn't bind socket to address:", err)
		return
	}

	fmt.Println("tcca: accepting connections")
	for {
		conn, err := sock.Accept()
		if err != nil {
			glog.Exitf("Couldn't accept a connection on %s: %s", *addr, err)
			return
		}

		go tao.HandleCARequest(conn, domain.Keys.SigningKey, domain.Guard)
	}
}
func main() {
	flag.Parse()

	// Check to see if we are running in Docker mode with linked containers.
	// If so, then there will be an environment variable SERVER_PORT that
	// will contain a value of the form tcp://<ip>:<port>
	serverEnvVar := os.Getenv("SERVER_PORT")
	if serverEnvVar == "" {
		serverAddr = net.JoinHostPort(*serverHost, *serverPort)
	} else {
		serverAddr = strings.TrimPrefix(serverEnvVar, "tcp://")
		if serverAddr == serverEnvVar {
			options.Usage("client: invalid SERVER_PORT environment variable value '%s'\n", serverEnvVar)
		}
	}

	switch *demoAuth {
	case "tcp", "tls", "tao":
	default:
		options.Usage("unrecognized authentication mode: %s\n", *demoAuth)
	}

	fmt.Println("Go Tao Demo Client")

	if tao.Parent() == nil {
		options.Fail(nil, "can't continue: No host Tao available")
	}

	domain, err := tao.LoadDomain(configPath(), nil)
	options.FailIf(err, "error: couldn't load the tao domain from %s\n", configPath())

	doClient(domain)
	fmt.Println("Client Done")
}
Beispiel #4
0
func main() {
	network := flag.String("network", "tcp", "The network to use for connections")
	addr := flag.String("addr", "localhost:8124", "The address to listen on")
	domainPass := flag.String("password", "nopassword", "The domain password for the policy key")
	configPath := flag.String("config", "tao.config", "The Tao domain config")

	flag.Parse()
	domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
	if err != nil {
		log.Fatalf("keynegoserver: Couldn't load the config path %s: %s\n", *configPath, err)
	}

	// Set up temporary keys for the connection, since the only thing that
	// matters to the remote client is that they receive a correctly-signed new
	// attestation from the policy key.
	// JLM:  I left this in place but I'm not sure what a TLS connection with a
	//   self signed Cert buys in terms of security.  The security of this protocol should
	//   not depend on the confidentiality or intergity of the channel.  All that said,
	//   if we do ever distribute a signed keynegoserver cert for this TLS channel, it would
	//   be good.
	keys, err := tao.NewTemporaryKeys(tao.Signing)
	if err != nil {
		log.Fatalln("keynegoserver: Couldn't set up temporary keys for the connection:", err)
	}
	keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
		Organization: []string{"Google Tao Demo"}})
	if err != nil {
		log.Fatalln("keynegoserver: Couldn't set up a self-signed cert:", err)
	}
	SerialNumber = int64(time.Now().UnixNano()) / (1000000)
	policyKey, err := tao.NewOnDiskPBEKeys(tao.Signing, []byte(*domainPass), "policy_keys", nil)
	if err != nil {
		log.Fatalln("keynegoserver: Couldn't get policy key:", err)
	}

	tlsc, err := tao.EncodeTLSCert(keys)
	if err != nil {
		log.Fatalln("keynegoserver: Couldn't encode a TLS cert:", err)
	}
	conf := &tls.Config{
		RootCAs:            x509.NewCertPool(),
		Certificates:       []tls.Certificate{*tlsc},
		InsecureSkipVerify: true,
		ClientAuth:         tls.RequireAnyClientCert,
	}
	sock, err := tls.Listen(*network, *addr, conf)
	if err != nil {
		log.Printf("keynegoserver: error: %s", err)
	}
	defer sock.Close()

	for {
		conn, err := sock.Accept()
		if err != nil {
			log.Fatalln("keynegoserver: couldn't accept a connection:", err)
		}

		go handleRequest(conn, policyKey, domain.Guard)
	}
}
Beispiel #5
0
// NewRouterContext generates new keys, loads a local domain configuration from
// path and binds an anonymous listener socket to addr on network
// network. A delegation is requested from the Tao t which is  nominally
// the parent of this hosted program.
func NewRouterContext(path, network, addr string, batchSize int, timeout time.Duration,
	x509Identity *pkix.Name, t tao.Tao) (hp *RouterContext, err error) {

	hp = new(RouterContext)
	hp.network = network
	hp.timeout = timeout

	// Generate keys and get attestation from parent.
	if hp.keys, err = tao.NewTemporaryTaoDelegatedKeys(tao.Signing|tao.Crypting, t); err != nil {
		return nil, err
	}

	// Create a certificate.
	if hp.keys.Cert, err = hp.keys.SigningKey.CreateSelfSignedX509(x509Identity); err != nil {
		return nil, err
	}

	// Load domain from local configuration.
	if hp.domain, err = tao.LoadDomain(path, nil); err != nil {
		return nil, err
	}

	// Encode TLS certificate.
	cert, err := tao.EncodeTLSCert(hp.keys)
	if err != nil {
		return nil, err
	}

	tlsConfig := &tls.Config{
		RootCAs:            x509.NewCertPool(),
		Certificates:       []tls.Certificate{*cert},
		InsecureSkipVerify: true,
		ClientAuth:         tls.NoClientCert,
	}

	// Bind address to socket.
	if hp.proxyListener, err = tao.ListenAnonymous(network, addr, tlsConfig,
		hp.domain.Guard, hp.domain.Keys.VerifyingKey, hp.keys.Delegation); err != nil {
		return nil, err
	}

	// Instantiate the queues.
	hp.sendQueue = NewQueue(network, batchSize, timeout)
	hp.replyQueue = NewQueue(network, batchSize, timeout)
	hp.killQueue = make(chan bool)
	hp.killQueueErrorHandler = make(chan bool)
	go hp.sendQueue.DoQueue(hp.killQueue)
	go hp.replyQueue.DoQueue(hp.killQueue)
	go hp.sendQueue.DoQueueErrorHandler(hp.replyQueue, hp.killQueueErrorHandler)
	go hp.replyQueue.DoQueueErrorHandlerLog("reply queue", hp.killQueueErrorHandler)

	return hp, nil
}
Beispiel #6
0
func queryGuard(query string) {
	domain, err := tao.LoadDomain(configPath(), nil)
	options.FailIf(err, "Can't load domain")

	ok, err := domain.Guard.Query(query)
	options.FailIf(err, "Can't process query")
	if ok {
		fmt.Println("The policy implies the statement.")
	} else {
		fmt.Println("The policy does not imply the statement")
	}
}
Beispiel #7
0
func getTPMConfig() (string, string, []int) {
	domain, err := tao.LoadDomain(configPath(), nil)
	options.FailIf(err, "Can't load domain")
	tpmPath := domain.Config.GetTpmInfo().GetTpmPath()
	aikFile := domain.Config.GetTpmInfo().GetAikPath()
	pcrVals := domain.Config.GetTpmInfo().GetPcrs()
	var pcrNums []int
	for _, s := range strings.Split(pcrVals, ",") {
		v, err := strconv.ParseInt(s, 10, 32)
		options.FailIf(err, "Can't parse TPM PCR spec")

		pcrNums = append(pcrNums, int(v))
	}

	return tpmPath, aikFile, pcrNums
}
Beispiel #8
0
func loadDomain() (*tao.Domain, *x509.CertPool, error) {
	domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
	if domain == nil {
		log.Printf("domainserver: no domain path - %s, pass - %s, err - %s\n",
			*configPath, *domainPass, err)
		return nil, nil, err
	} else if err != nil {
		log.Printf("domainserver: Couldn't load the config path %s: %s\n",
			*configPath, err)
		return nil, nil, err
	}
	log.Printf("domainserver: Loaded domain\n")
	certPool := x509.NewCertPool()
	certPool.AddCert(domain.Keys.Cert)
	return domain, certPool, nil
}
Beispiel #9
0
// NewProxyContext loads a domain from a local configuration.
func NewProxyContext(path, network, addr string, timeout time.Duration) (p *ProxyContext, err error) {
	p = new(ProxyContext)
	p.network = network
	p.timeout = timeout

	// Load domain from a local configuration.
	if p.domain, err = tao.LoadDomain(path, nil); err != nil {
		return nil, err
	}

	// Initialize a SOCKS server.
	if p.listener, err = SocksListen(network, addr); err != nil {
		return nil, err
	}

	return p, nil
}
Beispiel #10
0
func getTPM2Config() (string, []int) {
	domain, err := tao.LoadDomain(configPath(), nil)
	options.FailIf(err, "Can't load domain")
	// TODO(tmroeder): This ignores the info path, since it ignores the cert
	// files.
	tpmPath := domain.Config.GetTpm2Info().GetTpm2Device()
	pcrVals := domain.Config.GetTpm2Info().GetTpm2Pcrs()
	// TODO(tmroeder): This currently ignores the paths to the ek_cert and
	// quote_cert, since it creates its own keys.
	var pcrNums []int
	for _, s := range strings.Split(pcrVals, ",") {
		v, err := strconv.ParseInt(s, 10, 32)
		options.FailIf(err, "Can't parse TPM PCR spec")

		pcrNums = append(pcrNums, int(v))
	}

	return tpmPath, pcrNums
}
Beispiel #11
0
// Main provides the main functionality of linux_host. This is provided as a
// separate function to allow other code to register other Tao implementations
// (with tao.Register) before starting the code.
func Main() {
	flag.Usage = help

	// Get options before the command verb
	flag.Parse()
	// Get command verb
	cmd := "help"
	if flag.NArg() > 0 {
		cmd = flag.Arg(0)
	}
	// Get options after the command verb
	if flag.NArg() > 1 {
		flag.CommandLine.Parse(flag.Args()[1:])
	}

	if !*options.Bool["quiet"] {
		noise = os.Stdout
	}

	// Load the domain.
	domain, err := tao.LoadDomain(domainConfigPath(), nil)
	options.FailIf(err, "Can't load domain")

	// Set $TAO_DOMAIN so it will be inherited by hosted programs
	os.Unsetenv("TAO_DOMAIN")
	err = os.Setenv("TAO_DOMAIN", domainPath())
	options.FailIf(err, "Can't set $TAO_DOMAIN")

	switch cmd {
	case "help":
		help()
	case "init":
		initHost(domain)
	case "show":
		showHost(domain)
	case "start":
		startHost(domain)
	case "stop", "shutdown":
		stopHost(domain)
	default:
		options.Usage("Unrecognized command: %s", cmd)
	}
}
Beispiel #12
0
func Main() {
	flag.Usage = help
	verbose.Set(true)

	// Get options before the command verb
	flag.Parse()
	// Get command verb
	cmd := "help"
	if flag.NArg() > 0 {
		cmd = flag.Arg(0)
	}
	// Get options after the command verb
	if flag.NArg() > 1 {
		flag.CommandLine.Parse(flag.Args()[1:])
	}

	// Load the domain.
	cpath := path.Join(apps.TaoDomainPath(), "tao.config")
	domain, err := tao.LoadDomain(cpath, nil)
	options.FailIf(err, "Can't load domain")

	// Set $TAO_DOMAIN so it will be inherited by hosted programs
	os.Unsetenv("TAO_DOMAIN")
	err = os.Setenv("TAO_DOMAIN", apps.TaoDomainPath())
	options.FailIf(err, "Can't set $TAO_DOMAIN")

	switch cmd {
	case "help":
		help()
	case "init":
		initHost(domain)
	case "show":
		showHost(domain)
	case "start":
		startHost(domain)
	case "stop", "shutdown":
		stopHost(domain)
	default:
		options.Usage("Unrecognized command: %s", cmd)
	}
}
Beispiel #13
0
func createUserKeys() {
	// Read the X509Details for this user from a text protobuf file.
	userKeyDetails := *options.String["user_key_details"]
	xdb, err := ioutil.ReadFile(userKeyDetails)
	options.FailIf(err, "Can't read user details")
	var xd tao.X509Details
	err = proto.UnmarshalText(string(xdb), &xd)
	options.FailIf(err, "Can't parse user details: %s", userKeyDetails)

	upwd := getKey("user password", "user_pass")
	pwd := getKey("domain policy key password", "pass")

	domain, err := tao.LoadDomain(configPath(), pwd)
	options.FailIf(err, "Can't load domain")
	policyKey := domain.Keys

	subjectName := tao.NewX509Name(&xd)
	userKeyPath := *options.String["user_key_path"]
	_, err = tao.NewSignedOnDiskPBEKeys(tao.Signing, upwd, userKeyPath, subjectName, int(xd.GetSerialNumber()), policyKey)
	options.FailIf(err, "Can't create user signing key")
}
Beispiel #14
0
func main() {
	flag.Parse()
	domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
	if err != nil {
		glog.Exitf("Couldn't load the config path %s: %s\n", *configPath, err)
		return
	}

	// Set up temporary keys for the connection, since the only thing that
	// matters to the remote client is that they receive a correctly-signed new
	// attestation from the policy key.
	keys, err := tao.NewTemporaryKeys(tao.Signing)
	if err != nil {
		glog.Exit("Couldn't set up temporary keys for the connection:", err)
		return
	}
	keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
		Organization: []string{"Google Tao Demo"}})
	if err != nil {
		glog.Exit("Couldn't set up a self-signed cert:", err)
		return
	}

	sock, err := net.Listen(*network, *addr)
	if err != nil {
		glog.Exit("Couldn't bind socket to address:", err)
		return
	}

	fmt.Println("tcca: accepting connections")
	for {
		conn, err := sock.Accept()
		if err != nil {
			glog.Exitf("Couldn't accept a connection on %s: %s", *addr, err)
			return
		}

		go tao.HandleCARequest(conn, domain.Keys.SigningKey, domain.Guard)
	}
}
Beispiel #15
0
func managePolicy() {

	// Handle queries first
	if query := *options.String["query"]; query != "" {
		queryGuard(query)
		return
	}

	// Load domain
	pwd := getKey("domain policy key password", "pass")
	domain, err := tao.LoadDomain(configPath(), pwd)
	options.FailIf(err, "Can't load domain")

	// Clear all the policy stored by the Guard.
	if *options.Bool["clear"] {
		domain.Guard.Clear()
		err := domain.Save()
		options.FailIf(err, "Can't save domain")
	}

	// Add permissions
	if canExecute := *options.String["canexecute"]; canExecute != "" {
		host := template().GetHostName()
		addExecute(canExecute, host, domain)
	}
	if add := *options.String["add"]; add != "" {
		fmt.Fprintf(noise, "Adding policy rule: %s\n", add)
		err := domain.Guard.AddRule(add)
		options.FailIf(err, "Can't add rule to domain")
		err = domain.Save()
		options.FailIf(err, "Can't save domain")
	}
	if *options.Bool["add_programs"] {
		host := template().GetHostName()
		addProgramRules(host, domain)
	}
	if *options.Bool["add_containers"] {
		host := template().GetHostName()
		addContainerRules(host, domain)
	}
	if domain.Config.DomainInfo.GetGuardType() == "Datalog" {
		if *options.Bool["add_vms"] {
			addVMRules(domain)
		}
		if *options.Bool["add_linux_host"] {
			addLinuxHostRules(domain)
		}
		if *options.Bool["add_host"] {
			host := template().GetHostName()
			addHostRules(host, domain)
		}
		if *options.Bool["add_guard"] {
			addGuardRules(domain)
		}
		if *options.Bool["add_tpm"] {
			addTPMRules(domain)
		}
		if *options.Bool["add_tpm2"] {
			addTPM2Rules(domain)
		}
	}

	// Retract permissions
	if retract := *options.String["retract"]; retract != "" {
		fmt.Fprintf(noise, "Retracting policy rule: %s\n", retract)
		err := domain.Guard.RetractRule(retract)
		options.FailIf(err, "Can't retract rule from domain")
		err = domain.Save()
		options.FailIf(err, "Can't save domain")
	}
	if retractCanExecute := *options.String["retractcanexecute"]; retractCanExecute != "" {
		host := template().GetHostName()
		retractExecute(retractCanExecute, host, domain)
	}

	// Print the policy after all commands are executed.
	if *options.Bool["show"] {
		fmt.Print(domain.Guard.String())
	}
}
Beispiel #16
0
func main() {
	caAddr := flag.String("caAddr", "localhost:8124", "The address of the CA for setting up a certificate signed by the policy key")
	hostcfg := flag.String("hostconfig", "tao.config", "path to host tao configuration")
	serverHost := flag.String("host", "localhost", "address for client/server")
	serverPort := flag.String("port", "8123", "port for client/server")
	fileServerPath := flag.String("fileserver_files", "fileserver_files/", "fileserver directory")
	fileServerFilePath := flag.String("stored_files", "fileserver_files/stored_files/", "fileserver directory")
	country := flag.String("country", "US", "The country for the fileclient certificate")
	org := flag.String("organization", "Google", "The organization for the fileclient certificate")

	flag.Parse()

	serverAddr := net.JoinHostPort(*serverHost, *serverPort)
	hostDomain, err := tao.LoadDomain(*hostcfg, nil)
	if err != nil {
		log.Fatalln("fileserver: can't LoadDomain")
	}

	var policyCert []byte
	if hostDomain.Keys.Cert != nil {
		policyCert = hostDomain.Keys.Cert.Raw
	}
	if policyCert == nil {
		log.Fatalln("fileserver: can't retrieve policy cert")
	}

	parentTao := tao.Parent()
	if err := hostDomain.ExtendTaoName(parentTao); err != nil {
		log.Fatalln("fileserver: can't extend the Tao with the policy key")
	}
	e := auth.PrinExt{Name: "fileserver_version_1"}
	if err = parentTao.ExtendTaoName(auth.SubPrin{e}); err != nil {
		log.Fatalln("fileserver: couldn't extend the Tao name")
	}

	taoName, err := parentTao.GetTaoName()
	if err != nil {
		log.Fatalln("fileserver: couldn't get tao name")
	}

	// Create or read the keys for fileclient.
	fsKeys, err := tao.NewOnDiskTaoSealedKeys(tao.Signing|tao.Crypting, parentTao, *fileServerPath, tao.SealPolicyDefault)
	if err != nil {
		log.Fatalln("fileserver: couldn't set up the Tao-sealed keys:", err)
	}

	// Set up a temporary cert for communication with keyNegoServer.
	fsKeys.Cert, err = fsKeys.SigningKey.CreateSelfSignedX509(tao.NewX509Name(&tao.X509Details{
		Country:      proto.String(*country),
		Organization: proto.String(*org),
		CommonName:   proto.String(taoName.String()),
	}))
	if err != nil {
		log.Fatalln("fileserver: couldn't create a self-signed cert for fileclient keys:", err)
	}

	// Contact keyNegoServer for the certificate.
	if err := fileproxy.EstablishCert("tcp", *caAddr, fsKeys, hostDomain.Keys.VerifyingKey); err != nil {
		log.Fatalf("fileserver: couldn't establish a cert signed by the policy key: %s", err)
	}

	symKeysPath := path.Join(*fileServerPath, "sealedEncKeys")
	symKeys, err := fsKeys.NewSecret(symKeysPath, fileproxy.SymmetricKeySize)
	if err != nil {
		log.Fatalln("fileserver: couldn't get the file encryption keys")
	}
	tao.ZeroBytes(symKeys)

	progPolicy := fileproxy.NewProgramPolicy(policyCert, taoName.String(), fsKeys, symKeys, fsKeys.Cert.Raw)

	// Set up the file storage path if it doesn't exist.
	if _, err := os.Stat(*fileServerFilePath); err != nil {
		if err := os.MkdirAll(*fileServerFilePath, 0700); err != nil {
			log.Fatalln("fileserver: couldn't create a file storage directory:", err)
		}
	}

	if err := serve(serverAddr, *fileServerFilePath, policyCert, fsKeys, progPolicy); err != nil {
		log.Fatalln("fileserver: couldn't serve connections:", err)
	}

	log.Printf("fileserver: done\n")
}
Beispiel #17
0
// Load domain info for the domain and establish Clouproxy keys and properties.
// This handles reading in existing (sealed) Cloudproxy keys and properties, or,
// if this is the first call (or a call after state has been erased), this also
// handles initialization of keys and certificates including interaction with the
// domain signing service and storage of new sealed keys and certificates.
// If TaoParadigm completes without error, programObject contains all the
// Cloudproxy information needed throughout the calling program execution
// ensures that this information is sealed and stored for subsequent invocations.
func TaoParadigm(cfg *string, filePath *string,
	programObject *TaoProgramData) error {

	// Load domain info for this domain.
	simpleDomain, err := tao.LoadDomain(*cfg, nil)
	if err != nil {
		return errors.New("TaoParadigm: Can't load domain")
	}

	// Get policy cert.
	if simpleDomain.Keys.Cert == nil {
		return errors.New("TaoParadigm: Can't retrieve policy cert")
	}
	derPolicyCert := simpleDomain.Keys.Cert.Raw
	if derPolicyCert == nil {
		return errors.New("TaoParadigm: Can't retrieve der encoded policy cert")
	}

	// Extend tao name with policy key
	simpleDomain.ExtendTaoName(tao.Parent())

	// Retrieve extended name.
	taoName, err := tao.Parent().GetTaoName()
	if err != nil {
		return errors.New("TaoParadigm: Can't extend Tao Principal name")
	}
	log.Printf("TaoParadigm: my name is %s\n", taoName)

	// Get my keys and certificates.
	sealedSymmetricKey, sealedProgramKey, programCert, certChain, err :=
		LoadProgramKeys(*filePath)
	if err != nil {
		return errors.New("TaoParadigm: Can't retrieve existing key material")
	}
	// Unseal my symmetric keys, or initialize them.
	var symKeys []byte
	var policy string
	if sealedSymmetricKey != nil {
		symKeys, policy, err = tao.Parent().Unseal(sealedSymmetricKey)
		if err != nil || policy != tao.SealPolicyDefault {
			return errors.New("TaoParadigm: can't unseal symmetric keys")
		}
	} else {
		symKeys, err = InitializeSealedSymmetricKeys(*filePath, tao.Parent(),
			SizeofSymmetricKeys)
		if err != nil {
			return errors.New("TaoParadigm: InitializeSealedSymmetricKeys error")
		}
	}
	log.Printf("Unsealed symmetric keys\n")

	// Get my Program private key if present or initialize it.
	var programKey *tao.Keys
	if sealedProgramKey != nil {
		programKey, err = SigningKeyFromBlob(tao.Parent(), sealedProgramKey, programCert)
		if err != nil {
			return errors.New("TaoParadigm: SigningKeyFromBlob error")
		}
	} else {
		// Get Program key.
		programKey, programCert, certChain, err = InitializeSealedProgramKey(
			*filePath, tao.Parent(), *simpleDomain)
		if err != nil || programKey == nil {
			return errors.New("TaoParadigm: InitializeSealedSigningKey error")
		}
	}
	log.Printf("TaoParadigm: Retrieved Signing key\n")

	// Initialize Program policy object.
	ok := programObject.FillTaoProgramData(derPolicyCert, taoName.String(),
		*programKey, symKeys, programCert, certChain, filePath)
	if !ok {
		return errors.New("TaoParadigm: Can't initialize TaoProgramData")
	}

	return nil
}
func main() {
	flag.Parse()
	domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
	if domain == nil {
		log.Printf("simpledomainservice: no domain path - %s, pass - %s, err - %s\n",
			*configPath, *domainPass, err)
		return
	} else if err != nil {
		log.Printf("simpledomainservice: Couldn't load the config path %s: %s\n",
			*configPath, err)
		return
	}
	log.Printf("simpledomainservice: Loaded domain\n")

	// Set up temporary keys for the connection, since the only thing that
	// matters to the remote client is that they receive a correctly-signed new
	// attestation from the policy key.
	// JLM:  I left this in place but I'm not sure what a TLS connection with a
	//   self signed Cert buys in terms of security.
	//   The security of this protocol should not depend on the
	//   confidentiality or intergity of the channel.  All that said, if we
	//   do ever distribute a signed simpledomainservice cert
	// for this TLS channel, it would be good.
	keys, err := tao.NewTemporaryKeys(tao.Signing)
	if keys == nil || err != nil {
		log.Fatalln("simpledomainservice: Couldn't set up temporary keys for connection:", err)
		return
	}
	keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
		Organization: []string{"Google Tao Demo"}})
	if err != nil {
		log.Fatalln("simpledomainservice: Couldn't set up a self-signed cert:", err)
		return
	}
	SerialNumber = int64(time.Now().UnixNano()) / (1000000)
	policyKey := domain.Keys
	fmt.Printf("\nSimpleDomainService: policyKey: %x\n", policyKey)

	tlsc, err := tao.EncodeTLSCert(keys)
	if err != nil {
		log.Fatalln("simpledomainservice: Couldn't encode a TLS cert:", err)
	}
	conf := &tls.Config{
		RootCAs:            x509.NewCertPool(),
		Certificates:       []tls.Certificate{*tlsc},
		InsecureSkipVerify: true,
		ClientAuth:         tls.RequireAnyClientCert,
	}
	sock, err := tls.Listen(*network, *addr, conf)
	if err != nil {
		log.Printf("simpledomainservice: error: %s\n", err)
	}
	if sock == nil {
		log.Printf("simpledomainservice: Empty socket, terminating\n")
		return
	}
	defer sock.Close()

	log.Printf("simpledomainservice: accepting connections\n")
	fmt.Printf("\n\nsimpledomainservice: accepting connections\n")
	for {
		conn, err := sock.Accept()
		if conn == nil {
			fmt.Printf("simpledomainservice: Empty connection\n")
			log.Printf("simpledomainservice: Empty connection\n")
			return
		} else if err != nil {
			fmt.Printf("simpledomainservice: Couldn't accept a connection on %s: %s\n", *addr, err)
			log.Printf("simpledomainservice: Couldn't accept a connection on %s: %s\n", *addr, err)
			return
		}
		go DomainRequest(conn, policyKey, domain.Guard)
	}
	log.Printf("simpledomainservice: finishing\n")
}
func doServer() {
	var sock net.Listener
	var err error
	var keys *tao.Keys
	network := "tcp"
	domain, err := tao.LoadDomain(configPath(), nil)
	options.FailIf(err, "error: couldn't load the tao domain from %s\n", configPath())

	switch *demoAuth {
	case "tcp":
		sock, err = net.Listen(network, serverAddr)
		options.FailIf(err, "server: couldn't listen to the network")

	case "tls", "tao":
		// Generate a private/public key for this hosted program (hp) and
		// request attestation from the host of the statement "hp speaksFor
		// host". The resulting certificate, keys.Delegation, is a chain of
		// "says" statements extending to the policy key. The policy is
		// checked by the host before this program is executed.
		keys, err = tao.NewTemporaryTaoDelegatedKeys(tao.Signing, tao.Parent())
		options.FailIf(err, "server: failed to generate delegated keys")

		// Create a certificate for the hp.
		keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
			Organization: []string{"Google Tao Demo"}})
		options.FailIf(err, "server: couldn't create certificate")

		g := domain.Guard
		if *ca != "" {
			// Replace keys.Delegation with a "says" statement directly from
			// the policy key.
			na, err := tao.RequestTruncatedAttestation(network, *ca, keys, domain.Keys.VerifyingKey)
			options.FailIf(err, "server: truncated attestation request failed")
			keys.Delegation = na

			g, err = newTempCAGuard(domain.Keys.VerifyingKey)
			options.FailIf(err, "server: couldn't set up a new guard")
		}

		tlsc, err := tao.EncodeTLSCert(keys)
		options.FailIf(err, "server: couldn't encode TLS certificate")

		conf := &tls.Config{
			RootCAs:            x509.NewCertPool(),
			Certificates:       []tls.Certificate{*tlsc},
			InsecureSkipVerify: true,
			ClientAuth:         tls.RequireAnyClientCert,
		}

		if *demoAuth == "tao" {
			sock, err = tao.Listen(network, serverAddr, conf, g, domain.Keys.VerifyingKey, keys.Delegation)
			options.FailIf(err, "sever: couldn't create a taonet listener")
		} else {
			sock, err = tls.Listen(network, serverAddr, conf)
			options.FailIf(err, "server: couldn't create a tls listener")
		}
	}

	fmt.Printf("server: listening at %s using %s authentication.\n", serverAddr, *demoAuth)
	defer sock.Close()

	pings := make(chan bool, 5)
	connCount := 0

	go func() {
		for connCount = 0; connCount < *pingCount || *pingCount < 0; connCount++ { // negative means forever
			conn, err := sock.Accept()
			options.FailIf(err, "server: can't accept connection")
			go doResponse(conn, pings)
		}
	}()

	pingGood := 0
	pingFail := 0

	for {
		select {
		case ok := <-pings:
			if ok {
				pingGood++
			} else {
				pingFail++
			}
		}
	}
}
Beispiel #20
0
func main() {
	caAddr := flag.String("caAddr", "localhost:8124", "The address of the CA for setting up a certificate signed by the policy key")
	hostcfg := flag.String("hostconfig", "tao.config", "path to host tao configuration")
	serverHost := flag.String("host", "localhost", "address for client/server")
	serverPort := flag.String("port", "8123", "port for client/server")
	rollbackServerHost := flag.String("rollbackhost", "localhost", "address for rollback client/server")
	rollbackServerPort := flag.String("rollbackport", "8129", "port for client/server")
	fileClientPassword := flag.String("password", "BogusPass", "A password for unlocking the user certificates")
	fileClientPath := flag.String("fileclient_files", "fileclient_files", "fileclient directory")
	fileClientFilePath := flag.String("stored_files", "fileclient_files/stored_files", "fileclient file directory")
	testFile := flag.String("test_file", "originalTestFile", "test file")
	fileClientKeyPath := flag.String("usercreds", "usercreds", "user keys and certs")
	country := flag.String("country", "US", "The country for the fileclient certificate")
	org := flag.String("organization", "Google", "The organization for the fileclient certificate")

	flag.Parse()

	serverAddr := net.JoinHostPort(*serverHost, *serverPort)
	hostDomain, err := tao.LoadDomain(*hostcfg, nil)
	if err != nil {
		log.Fatalln("fileclient: Can't load domain")
	}
	var derPolicyCert []byte
	if hostDomain.Keys.Cert["default"] != nil {
		derPolicyCert = hostDomain.Keys.Cert["default"].Raw
	}
	if derPolicyCert == nil {
		log.Fatalln("fileclient: Can't retrieve policy cert")
	}

	parentTao := tao.Parent()
	if err := hostDomain.ExtendTaoName(parentTao); err != nil {
		log.Fatalln("fileclient: can't extend the Tao with the policy key")
	}
	e := auth.PrinExt{Name: "fileclient_version_1"}
	if err = parentTao.ExtendTaoName(auth.SubPrin{e}); err != nil {
		log.Fatalln("fileclient: couldn't extend the tao name with the policy key")
	}

	taoName, err := parentTao.GetTaoName()
	if err != nil {
		log.Fatalln("fileclient: Can't get tao name")
	}

	// Create or read the keys for fileclient.
	// Set up a temporary cert for communication with keyNegoServer.
	// TODO(kwalsh) This may no longer be needed. Is there a significance to
	// this cert?
	name := tao.NewX509Name(&tao.X509Details{
		Country:      proto.String(*country),
		Organization: proto.String(*org),
		CommonName:   proto.String(taoName.String()),
	})
	fcKeys, err := tao.NewOnDiskTaoSealedKeys(tao.Signing|tao.Crypting, name, parentTao, *fileClientPath, tao.SealPolicyDefault)
	if err != nil {
		log.Fatalln("fileclient: couldn't set up the Tao-sealed keys:", err)
	}

	if err != nil {
		log.Fatalln("fileclient: couldn't create a self-signed cert for fileclient keys:", err)
	}

	// Contact keyNegoServer for the certificate.
	if err := fileproxy.EstablishCert("tcp", *caAddr, fcKeys, hostDomain.Keys.VerifyingKey); err != nil {
		log.Fatalf("fileclient: couldn't establish a cert signed by the policy key: %s", err)
	}

	// Get the policy cert and set up TLS.
	conf, err := fcKeys.TLSClientConfig(hostDomain.Keys.Cert["default"])
	if err != nil {
		log.Fatalln("fileclient, encode error: ", err)
	}
	conn, err := tls.Dial("tcp", serverAddr, conf)
	if err != nil {
		log.Fatalln("fileclient: can't establish channel: ", err)
	}
	ms := util.NewMessageStream(conn)

	// Before doing any tests, create a simple file to send to the server.
	testContents := `
This is a simple file to test
It has some new lines
And it doesn't have very much content.
	`

	if _, err := os.Stat(*fileClientFilePath); err != nil {
		if err := os.MkdirAll(*fileClientFilePath, 0700); err != nil {
			log.Fatalf("fileclient: couldn't create the file storage path %s: %s", *fileClientFilePath, err)
		}
	}

	sentFileName := *testFile
	sentFilePath := path.Join(*fileClientFilePath, sentFileName)
	if err := ioutil.WriteFile(sentFilePath, []byte(testContents), 0600); err != nil {
		log.Fatalf("fileclient: couldn't create a test file at %s: %s", sentFilePath, err)
	}

	// Authenticate user principal(s).
	if _, err := os.Stat(*fileClientKeyPath); err != nil {
		log.Fatalf("fileclient: couldn't get user credentials from %s: %s\n", *fileClientKeyPath, err)
	}

	// This method won't generate the right certificate in general for
	// signing, which is why we check first to make sure the right directory
	// already exists. But it will successfully read the signer and the
	// certificate.
	userKeys, err := tao.NewOnDiskPBEKeys(tao.Signing, []byte(*fileClientPassword), *fileClientKeyPath, nil)
	if err != nil {
		log.Fatalf("Couldn't read the keys from %s: %s\n", *fileClientKeyPath, err)
	}
	userCert := userKeys.Cert["default"].Raw

	// Authenticate a key to use for requests to the server.
	if err = fileproxy.AuthenticatePrincipal(ms, userKeys, userCert); err != nil {
		log.Fatalf("fileclient: can't authenticate principal: %s", err)
	}

	// Create a file.
	if err = fileproxy.CreateFile(ms, userCert, sentFileName); err != nil {
		log.Fatalln("fileclient: can't create file:", err)
	}

	// Send File.
	if err = fileproxy.WriteFile(ms, userCert, *fileClientFilePath, sentFileName); err != nil {
		log.Fatalf("fileclient: couldn't write the file %s to the server: %s", sentFileName, err)
	}

	// Get file.
	outputFileName := sentFileName + ".out"
	if err = fileproxy.ReadFile(ms, userCert, *fileClientFilePath, sentFileName, outputFileName); err != nil {
		log.Fatalf("fileclient: couldn't get file %s to output file %s: %s", sentFileName, outputFileName, err)
	}

	// TODO(tmroeder): compare the received file against the sent file.

	// Set up a TLS connection to the rollback server, just like the one to
	// the file server.
	rollbackServerAddr := net.JoinHostPort(*rollbackServerHost, *rollbackServerPort)
	rbconn, err := tls.Dial("tcp", rollbackServerAddr, conf)
	if err != nil {
		log.Fatalf("fileclient: can't establish rollback channel: %s", err)
	}
	newms := util.NewMessageStream(rbconn)

	// Create a fake hash value, and set this value for an item.
	hashLen := 32
	hash := make([]byte, hashLen)
	if _, err := rand.Read(hash); err != nil {
		log.Fatalf("fileclient: failed to read a random value for the hash")
	}

	progName := taoName.String()
	resName := "test_resource"
	if err := fileproxy.SetHash(newms, resName, hash); err != nil {
		log.Fatalf("Couldn't set the hash for program '%s', resource '%s', hash % x on the remote server: %s", progName, resName, hash, err)
	}

	// Set the counter to 10 and check that we get the same value back.
	if err := fileproxy.SetCounter(newms, uint64(10)); err != nil {
		log.Fatalf("fileclient: couldn't set the counter in the file client")
	}

	c, err := fileproxy.GetCounter(newms)
	if err != nil {
		log.Fatalf("fileclient: couldn't get the value of the counter from the rollback server")
	}

	// Get the hash verification value.
	newHash, err := fileproxy.GetHashedVerifier(newms, resName)
	if err != nil {
		log.Fatalf("fileclient: couldn't get the hashed verifier from the rollback server")
	}

	// Try to recompute the hashed verifier directly to see if it matches.
	sh := sha256.New()
	vi := fileproxy.EncodeCounter(c)
	sh.Write(vi)
	sh.Write(hash)
	sh.Write(vi)
	computed := sh.Sum(nil)
	if subtle.ConstantTimeCompare(newHash, computed) != 1 {
		log.Fatalf("fileclient: the hashed verifier % x returned by the server didn't match the value % x computed locally", newHash, computed)
	}

	log.Println("All fileclient tests pass")
}
func main() {
	caAddr := flag.String("caAddr", "localhost:8124", "The address of the CA for setting up a certificate signed by the policy key")
	hostcfg := flag.String("hostconfig", "tao.config", "path to host tao configuration")
	serverHost := flag.String("host", "localhost", "address for client/server")
	serverPort := flag.String("port", "8129", "port for client/server")
	rollbackServerPath := flag.String("rollbackserver_files", "rollbackserver_files", "rollbackserver directory")
	country := flag.String("country", "US", "The country for the fileclient certificate")
	org := flag.String("organization", "Google", "The organization for the fileclient certificate")

	flag.Parse()
	serverAddr := net.JoinHostPort(*serverHost, *serverPort)

	hostDomain, err := tao.LoadDomain(*hostcfg, nil)
	if err != nil {
		log.Fatalln("rollbackserver: can't load domain:", err)
	}
	var policyCert []byte
	if hostDomain.Keys.Cert != nil {
		policyCert = hostDomain.Keys.Cert.Raw
	}
	if policyCert == nil {
		log.Fatalln("rollbackserver: can't retrieve policy cert")
	}

	parentTao := tao.Parent()
	if err := hostDomain.ExtendTaoName(parentTao); err != nil {
		log.Fatalln("fileserver: can't extend the Tao with the policy key")
	}
	e := auth.PrinExt{Name: "rollbackserver_version_1"}
	if err = parentTao.ExtendTaoName(auth.SubPrin{e}); err != nil {
		log.Fatalln("rollbackserver: can't extend name")
	}

	taoName, err := parentTao.GetTaoName()
	if err != nil {
		return
	}

	// Create or read the keys for rollbackserver.
	rbKeys, err := tao.NewOnDiskTaoSealedKeys(tao.Signing|tao.Crypting, parentTao, *rollbackServerPath, tao.SealPolicyDefault)
	if err != nil {
		log.Fatalln("rollbackserver: couldn't set up the Tao-sealed keys:", err)
	}

	// Set up a temporary cert for communication with keyNegoServer.
	rbKeys.Cert, err = rbKeys.SigningKey.CreateSelfSignedX509(tao.NewX509Name(&tao.X509Details{
		Country:      proto.String(*country),
		Organization: proto.String(*org),
		CommonName:   proto.String(taoName.String()),
	}))
	if err != nil {
		log.Fatalln("rollbackserver: couldn't create a self-signed cert for rollbackserver keys:", err)
	}

	// Contact keyNegoServer for the certificate.
	if err := fileproxy.EstablishCert("tcp", *caAddr, rbKeys, hostDomain.Keys.VerifyingKey); err != nil {
		log.Fatalf("rollbackserver: couldn't establish a cert signed by the policy key: %s", err)
	}

	// The symmetric keys aren't used by the rollback server.
	progPolicy := fileproxy.NewProgramPolicy(policyCert, taoName.String(), rbKeys, nil, rbKeys.Cert.Raw)
	m := fileproxy.NewRollbackMaster(taoName.String())

	if err := serve(serverAddr, taoName.String(), policyCert, rbKeys, progPolicy, m); err != nil {
		log.Fatalf("rollbackserver: server error: %s\n", err)
	}
	log.Println("rollbackserver: done")
}
Beispiel #22
0
func main() {
	domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
	if domain == nil {
		log.Printf("domainserver: no domain path - %s, pass - %s, err - %s\n",
			*configPath, *domainPass, err)
	} else if err != nil {
		log.Printf("domainserver: Couldn't load the config path %s: %s\n",
			*configPath, err)
	}
	policyKey, policyCert := domain.Keys, domain.Keys.Cert
	if policyCert == nil {
		log.Fatalln("Policy cert not found")
	}
	hostKey, hostAtt := generateAttestation(policyKey, hostName)
	programKey, programAtt := generateAttestation(hostKey, programName)
	rawEnd1, err := proto.Marshal(hostAtt)
	if err != nil {
		log.Fatalln("Error serializing attestation.")
	}
	programAtt.SerializedEndorsements = [][]byte{rawEnd1}
	cert, err := domain_service.RequestProgramCert(programAtt, programKey.VerifyingKey,
		*network, *addr)
	if err != nil {
		log.Fatalln("Error:", err)
	}
	rootCerts := x509.NewCertPool()
	rootCerts.AddCert(domain.Keys.Cert)
	options := x509.VerifyOptions{Roots: rootCerts}
	_, err = cert.Verify(options)
	if err != nil {
		log.Fatalln("Program cert fails verification check.", err)
	}
	ver, err := tao.FromX509(cert)
	if err != nil {
		log.Fatalln("Error getting verifier from Program cert", err)
	}
	if v := programKey.VerifyingKey; !v.Equals(cert) {
		log.Fatalf("Key in Program cert %v differs from expected value %v.", ver, v)
	}

	// Test Certificate Revocation.
	serialNumber := cert.SerialNumber
	says := auth.Says{
		Speaker: domain.Keys.SigningKey.ToPrincipal(),
		Message: auth.Pred{
			Name: "revoke",
			Arg:  []auth.Term{auth.Bytes(serialNumber.Bytes())}}}

	att, err := tao.GenerateAttestation(domain.Keys.SigningKey, nil, says)
	if err != nil {
		log.Fatalln("Error generating attestation for certificate revocation.")
	}
	err = domain_service.RequestRevokeCertificate(att, *network, *addr)
	if err != nil {
		log.Fatalln("Error revoking certificate: ", err)
	}
	crl, err := domain_service.RequestCrl(*network, *addr)

	if err != nil {
		log.Fatalln("Error getting CRL: ", err)
	}
	revokedCerts := crl.TBSCertList.RevokedCertificates
	if len(revokedCerts) != 1 {
		log.Fatalf("Revoked 1 cert and got back CRL with %v revoked certs", len(revokedCerts))
	}
	if num := revokedCerts[0].SerialNumber.Int64(); num != serialNumber.Int64() {
		log.Fatalf("Serial number %v doesnt match expected value %v", num, serialNumber)
	}
	log.Println("YAY!")
}