// This program creates a key hierarchy consisting of a // primary key, and quoting key for cloudproxy and saves the context. func main() { keySize := flag.Int("modulusSize", 2048, "Modulus size for keys") rootContextFileName := flag.String("rootContextFile", "rootContext.bin", "Root context file") quoteContextFileName := flag.String("quoteContextFile", "quoteContext.bin", "Quote context file") storeContextFileName := flag.String("storeContextFile", "storeContext.bin", "Store context file") pcrList := flag.String("pcrList", "7", "Pcr list") flag.Parse() fmt.Printf("Pcr list: %s\n", *pcrList) // Open tpm rw, err := tpm2.OpenTPM("/dev/tpm0") if err != nil { fmt.Printf("OpenTPM failed %s\n", err) return } defer rw.Close() // Flushall err = tpm2.Flushall(rw) if err != nil { fmt.Printf("Flushall failed\n") return } pcrs, err := tpm2.StringToIntList(*pcrList) if err != nil { fmt.Printf("Can't format pcr list\n") return } err = tpm2.InitTpm2Keys(rw, pcrs, uint16(*keySize), uint16(tpm2.AlgTPM_ALG_SHA1), "", *rootContextFileName, *quoteContextFileName, *storeContextFileName) if err == nil { fmt.Printf("Key creation succeeded\n") } else { fmt.Printf("Key creation failed\n") } return }
// NewTPM2Tao creates a new TPM2Tao and returns it under the Tao interface. func NewTPM2Tao(tpmPath string, statePath string, pcrNums []int) (Tao, error) { var err error tt := &TPM2Tao{pcrCount: 24, password: ""} tt.rw, err = tpm2.OpenTPM(tpmPath) if err != nil { return nil, err } // Make sure the TPM2Tao releases all its resources runtime.SetFinalizer(tt, FinalizeTPM2Tao) tt.pcrs = pcrNums tt.path = statePath // Create the root key. keySize := uint16(2048) quotePassword := "" //var empty []byte rootSaveContext := path.Join(tt.path, "root_context") _, rootErr := os.Stat(rootSaveContext) quoteSaveContext := path.Join(tt.path, "quote_context") _, quoteErr := os.Stat(quoteSaveContext) sealSaveContext := path.Join(tt.path, "seal_context") _, sealErr := os.Stat(sealSaveContext) if rootErr != nil || quoteErr != nil || sealErr != nil { if err := tpm2.InitTpm2Keys(tt.rw, tt.pcrs, keySize, uint16(tpm2.AlgTPM_ALG_SHA1), quotePassword, rootSaveContext, quoteSaveContext, sealSaveContext); err != nil { return nil, err } } // Read the contexts and public info and use them to load the handles. if tt.rootContext, err = ioutil.ReadFile(rootSaveContext); err != nil { return nil, fmt.Errorf("Could not read the root context from %s: %v", rootSaveContext, err) } if tt.quoteContext, err = ioutil.ReadFile(quoteSaveContext); err != nil { return nil, fmt.Errorf("Could not read the quote context from %s: %v", quoteSaveContext, err) } if tt.sealContext, err = ioutil.ReadFile(sealSaveContext); err != nil { return nil, fmt.Errorf("Could not read the seal context from %s: %v", sealSaveContext, err) } if tt.quoteHandle, err = tt.loadQuote(); err != nil { return nil, err } defer tpm2.FlushContext(tt.rw, tt.quoteHandle) if tt.verifier, err = tpm2.GetRsaKeyFromHandle(tt.rw, tt.quoteHandle); err != nil { return nil, err } fmt.Fprintf(os.Stderr, "Loaded the handles and the verifier\n") // Get the pcr values for the PCR nums. tt.pcrNums = make([]int, len(pcrNums)) for i, v := range pcrNums { tt.pcrNums[i] = v } tt.pcrVals, err = ReadTPM2PCRs(tt.rw, pcrNums) if err != nil { return nil, err } // Create principal. tt.name, err = MakeTPM2Prin(tt.verifier, tt.pcrNums, tt.pcrVals) if err != nil { return nil, err } quoteCertPath := path.Join(tt.path, "quote_cert") if _, quoteCertErr := os.Stat(quoteCertPath); quoteCertErr != nil { tt.quoteCert, err = getQuoteCert(tt.rw, tt.path, tt.quoteHandle, quotePassword, tt.name, tt.verifier) if err != nil { return nil, err } if err := ioutil.WriteFile(quoteCertPath, tt.quoteCert, 0644); err != nil { return nil, err } } else { if tt.quoteCert, err = ioutil.ReadFile(quoteCertPath); err != nil { return nil, err } } fmt.Fprintf(os.Stderr, "Got TPM 2.0 principal name %q\n", tt.name) return tt, nil }