Beispiel #1
0
// This program creates a key hierarchy consisting of a
// primary key, and quoting key for cloudproxy and saves the context.
func main() {
	keySize := flag.Int("modulusSize", 2048, "Modulus size for keys")
	rootContextFileName := flag.String("rootContextFile", "rootContext.bin",
		"Root context file")
	quoteContextFileName := flag.String("quoteContextFile",
		"quoteContext.bin", "Quote context file")
	storeContextFileName := flag.String("storeContextFile",
		"storeContext.bin", "Store context file")
	pcrList := flag.String("pcrList", "7", "Pcr list")
	flag.Parse()

	fmt.Printf("Pcr list: %s\n", *pcrList)

	// Open tpm
	rw, err := tpm2.OpenTPM("/dev/tpm0")
	if err != nil {
		fmt.Printf("OpenTPM failed %s\n", err)
		return
	}
	defer rw.Close()

	// Flushall
	err = tpm2.Flushall(rw)
	if err != nil {
		fmt.Printf("Flushall failed\n")
		return
	}

	pcrs, err := tpm2.StringToIntList(*pcrList)
	if err != nil {
		fmt.Printf("Can't format pcr list\n")
		return
	}

	err = tpm2.InitTpm2Keys(rw, pcrs, uint16(*keySize),
		uint16(tpm2.AlgTPM_ALG_SHA1), "", *rootContextFileName,
		*quoteContextFileName, *storeContextFileName)
	if err == nil {
		fmt.Printf("Key creation succeeded\n")
	} else {
		fmt.Printf("Key creation failed\n")
	}
	return
}
Beispiel #2
0
// NewTPM2Tao creates a new TPM2Tao and returns it under the Tao interface.
func NewTPM2Tao(tpmPath string, statePath string, pcrNums []int) (Tao, error) {
	var err error
	tt := &TPM2Tao{pcrCount: 24,
		password: ""}

	tt.rw, err = tpm2.OpenTPM(tpmPath)
	if err != nil {
		return nil, err
	}

	// Make sure the TPM2Tao releases all its resources
	runtime.SetFinalizer(tt, FinalizeTPM2Tao)

	tt.pcrs = pcrNums
	tt.path = statePath

	// Create the root key.
	keySize := uint16(2048)
	quotePassword := ""
	//var empty []byte

	rootSaveContext := path.Join(tt.path, "root_context")
	_, rootErr := os.Stat(rootSaveContext)

	quoteSaveContext := path.Join(tt.path, "quote_context")
	_, quoteErr := os.Stat(quoteSaveContext)

	sealSaveContext := path.Join(tt.path, "seal_context")
	_, sealErr := os.Stat(sealSaveContext)

	if rootErr != nil || quoteErr != nil || sealErr != nil {
		if err := tpm2.InitTpm2Keys(tt.rw, tt.pcrs, keySize, uint16(tpm2.AlgTPM_ALG_SHA1), quotePassword, rootSaveContext, quoteSaveContext, sealSaveContext); err != nil {
			return nil, err
		}
	}

	// Read the contexts and public info and use them to load the handles.
	if tt.rootContext, err = ioutil.ReadFile(rootSaveContext); err != nil {
		return nil, fmt.Errorf("Could not read the root context from %s: %v", rootSaveContext, err)
	}

	if tt.quoteContext, err = ioutil.ReadFile(quoteSaveContext); err != nil {
		return nil, fmt.Errorf("Could not read the quote context from %s: %v", quoteSaveContext, err)
	}

	if tt.sealContext, err = ioutil.ReadFile(sealSaveContext); err != nil {
		return nil, fmt.Errorf("Could not read the seal context from %s: %v", sealSaveContext, err)
	}

	if tt.quoteHandle, err = tt.loadQuote(); err != nil {
		return nil, err
	}
	defer tpm2.FlushContext(tt.rw, tt.quoteHandle)

	if tt.verifier, err = tpm2.GetRsaKeyFromHandle(tt.rw, tt.quoteHandle); err != nil {
		return nil, err
	}

	fmt.Fprintf(os.Stderr, "Loaded the handles and the verifier\n")

	// Get the pcr values for the PCR nums.
	tt.pcrNums = make([]int, len(pcrNums))
	for i, v := range pcrNums {
		tt.pcrNums[i] = v
	}

	tt.pcrVals, err = ReadTPM2PCRs(tt.rw, pcrNums)
	if err != nil {
		return nil, err
	}

	// Create principal.
	tt.name, err = MakeTPM2Prin(tt.verifier, tt.pcrNums, tt.pcrVals)
	if err != nil {
		return nil, err
	}

	quoteCertPath := path.Join(tt.path, "quote_cert")
	if _, quoteCertErr := os.Stat(quoteCertPath); quoteCertErr != nil {
		tt.quoteCert, err = getQuoteCert(tt.rw, tt.path, tt.quoteHandle,
			quotePassword, tt.name, tt.verifier)
		if err != nil {
			return nil, err
		}

		if err := ioutil.WriteFile(quoteCertPath, tt.quoteCert, 0644); err != nil {
			return nil, err
		}
	} else {
		if tt.quoteCert, err = ioutil.ReadFile(quoteCertPath); err != nil {
			return nil, err
		}
	}
	fmt.Fprintf(os.Stderr, "Got TPM 2.0 principal name %q\n", tt.name)

	return tt, nil
}