// This program creates a key hierarchy consisting of a
// primary key, and quoting key for cloudproxy and saves the context.
func main() {
keySize := flag.Int("modulusSize", 2048, "Modulus size for keys")
rootContextFileName := flag.String("rootContextFile", "rootContext.bin",
"Root context file")
quoteContextFileName := flag.String("quoteContextFile",
"quoteContext.bin", "Quote context file")
storeContextFileName := flag.String("storeContextFile",
"storeContext.bin", "Store context file")
pcrList := flag.String("pcrList", "7", "Pcr list")
flag.Parse()
fmt.Printf("Pcr list: %s\n", *pcrList)
// Open tpm
rw, err := tpm2.OpenTPM("/dev/tpm0")
if err != nil {
fmt.Printf("OpenTPM failed %s\n", err)
return
}
defer rw.Close()
// Flushall
err = tpm2.Flushall(rw)
if err != nil {
fmt.Printf("Flushall failed\n")
return
}
pcrs, err := tpm2.StringToIntList(*pcrList)
if err != nil {
fmt.Printf("Can't format pcr list\n")
return
}
err = tpm2.InitTpm2Keys(rw, pcrs, uint16(*keySize),
uint16(tpm2.AlgTPM_ALG_SHA1), "", *rootContextFileName,
*quoteContextFileName, *storeContextFileName)
if err == nil {
fmt.Printf("Key creation succeeded\n")
} else {
fmt.Printf("Key creation failed\n")
}
return
}
// NewTPM2Tao creates a new TPM2Tao and returns it under the Tao interface.
func NewTPM2Tao(tpmPath string, statePath string, pcrNums []int) (Tao, error) {
var err error
tt := &TPM2Tao{pcrCount: 24,
password: ""}
tt.rw, err = tpm2.OpenTPM(tpmPath)
if err != nil {
return nil, err
}
// Make sure the TPM2Tao releases all its resources
runtime.SetFinalizer(tt, FinalizeTPM2Tao)
tt.pcrs = pcrNums
tt.path = statePath
// Create the root key.
keySize := uint16(2048)
quotePassword := ""
//var empty []byte
rootSaveContext := path.Join(tt.path, "root_context")
_, rootErr := os.Stat(rootSaveContext)
quoteSaveContext := path.Join(tt.path, "quote_context")
_, quoteErr := os.Stat(quoteSaveContext)
sealSaveContext := path.Join(tt.path, "seal_context")
_, sealErr := os.Stat(sealSaveContext)
if rootErr != nil || quoteErr != nil || sealErr != nil {
if err := tpm2.InitTpm2Keys(tt.rw, tt.pcrs, keySize, uint16(tpm2.AlgTPM_ALG_SHA1), quotePassword, rootSaveContext, quoteSaveContext, sealSaveContext); err != nil {
return nil, err
}
}
// Read the contexts and public info and use them to load the handles.
if tt.rootContext, err = ioutil.ReadFile(rootSaveContext); err != nil {
return nil, fmt.Errorf("Could not read the root context from %s: %v", rootSaveContext, err)
}
if tt.quoteContext, err = ioutil.ReadFile(quoteSaveContext); err != nil {
return nil, fmt.Errorf("Could not read the quote context from %s: %v", quoteSaveContext, err)
}
if tt.sealContext, err = ioutil.ReadFile(sealSaveContext); err != nil {
return nil, fmt.Errorf("Could not read the seal context from %s: %v", sealSaveContext, err)
}
if tt.quoteHandle, err = tt.loadQuote(); err != nil {
return nil, err
}
defer tpm2.FlushContext(tt.rw, tt.quoteHandle)
if tt.verifier, err = tpm2.GetRsaKeyFromHandle(tt.rw, tt.quoteHandle); err != nil {
return nil, err
}
fmt.Fprintf(os.Stderr, "Loaded the handles and the verifier\n")
// Get the pcr values for the PCR nums.
tt.pcrNums = make([]int, len(pcrNums))
for i, v := range pcrNums {
tt.pcrNums[i] = v
}
tt.pcrVals, err = ReadTPM2PCRs(tt.rw, pcrNums)
if err != nil {
return nil, err
}
// Create principal.
tt.name, err = MakeTPM2Prin(tt.verifier, tt.pcrNums, tt.pcrVals)
if err != nil {
return nil, err
}
quoteCertPath := path.Join(tt.path, "quote_cert")
if _, quoteCertErr := os.Stat(quoteCertPath); quoteCertErr != nil {
tt.quoteCert, err = getQuoteCert(tt.rw, tt.path, tt.quoteHandle,
quotePassword, tt.name, tt.verifier)
if err != nil {
return nil, err
}
if err := ioutil.WriteFile(quoteCertPath, tt.quoteCert, 0644); err != nil {
return nil, err
}
} else {
if tt.quoteCert, err = ioutil.ReadFile(quoteCertPath); err != nil {
return nil, err
}
}
fmt.Fprintf(os.Stderr, "Got TPM 2.0 principal name %q\n", tt.name)
return tt, nil
}
