Beispiel #1
0
// NewTPM2Tao creates a new TPM2Tao and returns it under the Tao interface.
func NewTPM2Tao(tpmPath string, statePath string, pcrNums []int) (Tao, error) {
	var err error
	tt := &TPM2Tao{pcrCount: 24,
		password: ""}

	tt.rw, err = tpm2.OpenTPM(tpmPath)
	if err != nil {
		return nil, err
	}

	// Make sure the TPM2Tao releases all its resources
	runtime.SetFinalizer(tt, FinalizeTPM2Tao)

	tt.pcrs = pcrNums
	tt.path = statePath

	// Create the root key.
	keySize := uint16(2048)
	quotePassword := ""
	//var empty []byte

	rootSaveContext := path.Join(tt.path, "root_context")
	_, rootErr := os.Stat(rootSaveContext)

	quoteSaveContext := path.Join(tt.path, "quote_context")
	_, quoteErr := os.Stat(quoteSaveContext)

	sealSaveContext := path.Join(tt.path, "seal_context")
	_, sealErr := os.Stat(sealSaveContext)

	if rootErr != nil || quoteErr != nil || sealErr != nil {
		if err := tpm2.InitTpm2Keys(tt.rw, tt.pcrs, keySize, uint16(tpm2.AlgTPM_ALG_SHA1), quotePassword, rootSaveContext, quoteSaveContext, sealSaveContext); err != nil {
			return nil, err
		}
	}

	// Read the contexts and public info and use them to load the handles.
	if tt.rootContext, err = ioutil.ReadFile(rootSaveContext); err != nil {
		return nil, fmt.Errorf("Could not read the root context from %s: %v", rootSaveContext, err)
	}

	if tt.quoteContext, err = ioutil.ReadFile(quoteSaveContext); err != nil {
		return nil, fmt.Errorf("Could not read the quote context from %s: %v", quoteSaveContext, err)
	}

	if tt.sealContext, err = ioutil.ReadFile(sealSaveContext); err != nil {
		return nil, fmt.Errorf("Could not read the seal context from %s: %v", sealSaveContext, err)
	}

	if tt.quoteHandle, err = tt.loadQuote(); err != nil {
		return nil, err
	}
	defer tpm2.FlushContext(tt.rw, tt.quoteHandle)

	if tt.verifier, err = tpm2.GetRsaKeyFromHandle(tt.rw, tt.quoteHandle); err != nil {
		return nil, err
	}

	fmt.Fprintf(os.Stderr, "Loaded the handles and the verifier\n")

	// Get the pcr values for the PCR nums.
	tt.pcrNums = make([]int, len(pcrNums))
	for i, v := range pcrNums {
		tt.pcrNums[i] = v
	}

	tt.pcrVals, err = ReadTPM2PCRs(tt.rw, pcrNums)
	if err != nil {
		return nil, err
	}

	// Create principal.
	tt.name, err = MakeTPM2Prin(tt.verifier, tt.pcrNums, tt.pcrVals)
	if err != nil {
		return nil, err
	}

	quoteCertPath := path.Join(tt.path, "quote_cert")
	if _, quoteCertErr := os.Stat(quoteCertPath); quoteCertErr != nil {
		tt.quoteCert, err = getQuoteCert(tt.rw, tt.path, tt.quoteHandle,
			quotePassword, tt.name, tt.verifier)
		if err != nil {
			return nil, err
		}

		if err := ioutil.WriteFile(quoteCertPath, tt.quoteCert, 0644); err != nil {
			return nil, err
		}
	} else {
		if tt.quoteCert, err = ioutil.ReadFile(quoteCertPath); err != nil {
			return nil, err
		}
	}
	fmt.Fprintf(os.Stderr, "Got TPM 2.0 principal name %q\n", tt.name)

	return tt, nil
}
Beispiel #2
0
func (tt *TPM2Tao) GetRsaQuoteKey() (*rsa.PublicKey, error) {
	return tpm2.GetRsaKeyFromHandle(tt.rw, tt.quoteHandle)
}