func TestRevokeCertificate(t *testing.T) {
	k, err := tao.NewTemporaryKeys(tao.Signing)
	if k == nil || err != nil {
		t.Fatal("Can't generate signing key")
	}
	serialNumber := big.NewInt(5)
	says := auth.Says{
		Speaker: k.SigningKey.ToPrincipal(),
		Message: auth.Pred{
			Name: "revoke",
			Arg:  []auth.Term{auth.Bytes(serialNumber.Bytes())}}}

	att, err := tao.GenerateAttestation(k.SigningKey, nil, says)
	if err != nil {
		t.Fatal("Error generating attestation.")
	}
	serAtt, err := proto.Marshal(att)
	if err != nil {
		t.Fatal("Error serializing attestation.")
	}
	revokedCerts := []pkix.RevokedCertificate{}
	revokedCerts, err = RevokeCertificate(serAtt, revokedCerts, &tao.Domain{Keys: k})
	if err != nil {
		t.Fatal(err)
	}
	if num := revokedCerts[0].SerialNumber.Int64(); num != 5 {
		t.Fatal(fmt.Sprintf("Serial number %v doesnt match expected value 5", num))
	}
}
func TestProcessDirectiveAndUpdateGuard(t *testing.T) {
	domain := setUpDomain(t)
	err := domain.Guard.Authorize(Delegator, OwnPredicate,
		[]string{ProtectedObjectId.String()})
	failOnError(t, err)

	programKey, err := tao.NewTemporaryKeys(tao.Signing)
	failOnError(t, err)
	info := x509Info
	speakerStr := Delegator.String()
	info.CommonName = &speakerStr
	subject := tao.NewX509Name(&info)
	programKey.Cert, err = domain.Keys.SigningKey.CreateSignedX509(
		domain.Keys.Cert, 1, programKey.SigningKey.GetVerifier(), subject)
	failOnError(t, err)
	directive, err := CreateSecretDisclosureDirective(programKey, &Delegator,
		&Delegate, ReadPredicate, &ProtectedObjectId)
	failOnError(t, err)
	directive.Cert = programKey.Cert.Raw

	err = ProcessDirectiveAndUpdateGuard(domain, directive)
	failOnError(t, err)

	if !domain.Guard.IsAuthorized(Delegate, ReadPredicate,
		[]string{ProtectedObjectId.String()}) {
		t.Fatal("Domain guard not updated as expected.")
	}

	tearDown(t)
}
func TestCreateAndVerifyDirectiveSignedByProgram(t *testing.T) {
	policyKey, _, err := generatePolicyKeyAndSignedDirective(Params{})
	programKey, err := tao.NewTemporaryKeys(tao.Signing)
	failOnError(t, err)
	info := x509Info
	speakerStr := Delegator.String()
	info.CommonName = &speakerStr
	subject := tao.NewX509Name(&info)
	programKey.Cert, err = policyKey.SigningKey.CreateSignedX509(
		policyKey.Cert, 1, programKey.SigningKey.GetVerifier(), subject)
	failOnError(t, err)
	directive, err := CreateSecretDisclosureDirective(programKey, &Delegator,
		&Delegate, ReadPredicate, &ProtectedObjectId)
	failOnError(t, err)
	directive.Cert = programKey.Cert.Raw

	speaker, prog, pred, pobj, err := VerifySecretDisclosureDirective(policyKey, directive)
	failOnError(t, err)
	if !speaker.Identical(Delegator) {
		t.Fatal(fmt.Sprintf("verify returns Speaker %v different from expected value %v",
			speaker, Delegator))
	}
	if !prog.Identical(Delegate) {
		t.Fatal(fmt.Sprintf("verify returns program  %v different from expected value %v",
			prog, Delegate))
	}
	if *pred != ReadPredicate {
		t.Fatal(fmt.Sprintf("verify returns predicate  %v different from expected value %v",
			pred, ReadPredicate))
	}
	if *pobj.ObjName != *ProtectedObjectId.ObjName ||
		*pobj.ObjEpoch != *ProtectedObjectId.ObjEpoch {
		t.Fatal("Verify returns different protectedObjectId from expected value.")
	}
}
func generateTpmAttestation(t *testing.T, tpmtao *tao.TPMTao, delegator *auth.Prin) (*tao.Keys,
	*tao.Attestation) {
	k, err := tao.NewTemporaryKeys(tao.Signing)
	if k == nil || err != nil {
		t.Fatal("Can't generate signing key")
	}
	speaksFor := &auth.Speaksfor{
		Delegate:  k.SigningKey.ToPrincipal(),
		Delegator: delegator,
	}
	taoname, err := tpmtao.GetTaoName()
	if err != nil {
		t.Fatal("Couldn't get the name of the tao:", err)
	}
	says := &auth.Says{
		Speaker:    taoname,
		Time:       nil,
		Expiration: nil,
		Message:    speaksFor,
	}

	att, err := tpmtao.Attest(&taoname, nil, nil, says)
	if err != nil {
		t.Fatal("TPM couldn't attest:", err)
	}
	return k, att
}
Exemple #5
0
func main() {
	network := flag.String("network", "tcp", "The network to use for connections")
	addr := flag.String("addr", "localhost:8124", "The address to listen on")
	domainPass := flag.String("password", "nopassword", "The domain password for the policy key")
	configPath := flag.String("config", "tao.config", "The Tao domain config")

	flag.Parse()
	domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
	if err != nil {
		log.Fatalf("keynegoserver: Couldn't load the config path %s: %s\n", *configPath, err)
	}

	// Set up temporary keys for the connection, since the only thing that
	// matters to the remote client is that they receive a correctly-signed new
	// attestation from the policy key.
	// JLM:  I left this in place but I'm not sure what a TLS connection with a
	//   self signed Cert buys in terms of security.  The security of this protocol should
	//   not depend on the confidentiality or intergity of the channel.  All that said,
	//   if we do ever distribute a signed keynegoserver cert for this TLS channel, it would
	//   be good.
	keys, err := tao.NewTemporaryKeys(tao.Signing)
	if err != nil {
		log.Fatalln("keynegoserver: Couldn't set up temporary keys for the connection:", err)
	}
	keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
		Organization: []string{"Google Tao Demo"}})
	if err != nil {
		log.Fatalln("keynegoserver: Couldn't set up a self-signed cert:", err)
	}
	SerialNumber = int64(time.Now().UnixNano()) / (1000000)
	policyKey, err := tao.NewOnDiskPBEKeys(tao.Signing, []byte(*domainPass), "policy_keys", nil)
	if err != nil {
		log.Fatalln("keynegoserver: Couldn't get policy key:", err)
	}

	tlsc, err := tao.EncodeTLSCert(keys)
	if err != nil {
		log.Fatalln("keynegoserver: Couldn't encode a TLS cert:", err)
	}
	conf := &tls.Config{
		RootCAs:            x509.NewCertPool(),
		Certificates:       []tls.Certificate{*tlsc},
		InsecureSkipVerify: true,
		ClientAuth:         tls.RequireAnyClientCert,
	}
	sock, err := tls.Listen(*network, *addr, conf)
	if err != nil {
		log.Printf("keynegoserver: error: %s", err)
	}
	defer sock.Close()

	for {
		conn, err := sock.Accept()
		if err != nil {
			log.Fatalln("keynegoserver: couldn't accept a connection:", err)
		}

		go handleRequest(conn, policyKey, domain.Guard)
	}
}
func TestGenerateProgramCert(t *testing.T) {
	domain := generateDomain(t)
	programKey, err := tao.NewTemporaryKeys(tao.Signing)
	if err != nil {
		t.Fatal("Error generating keys.", err)
	}
	cert, err := GenerateProgramCert(domain, 0, programName, programKey.VerifyingKey,
		time.Now(), time.Now().AddDate(1, 0, 0))
	rootCerts := x509.NewCertPool()
	rootCerts.AddCert(domain.Keys.Cert)
	options := x509.VerifyOptions{Roots: rootCerts}
	_, err = cert.Verify(options)
	if err != nil {
		t.Fatal("Program cert fails verification check.", err)
	}
}
Exemple #7
0
// Create a Program Public/Private key.
func CreateSigningKey(t tao.Tao) (*tao.Keys, []byte, error) {

	self, err := t.GetTaoName()
	k, err := tao.NewTemporaryKeys(tao.Signing)
	if k == nil || err != nil {
		return nil, nil, errors.New("Can't generate signing key")
	}

	publicString := strings.Replace(self.String(), "(", "", -1)
	publicString = strings.Replace(publicString, ")", "", -1)

	// publicString is now a canonicalized Tao Principal name
	us := "US"
	google := "Google"
	details := tao.X509Details{
		Country:      &us,
		Organization: &google,
		CommonName:   &publicString}
	subjectname := tao.NewX509Name(&details)

	derCert, err := k.SigningKey.CreateSelfSignedDER(subjectname)
	if err != nil {
		return nil, nil, errors.New("Can't self sign cert\n")
	}
	cert, err := x509.ParseCertificate(derCert)
	if err != nil {
		return nil, nil, err
	}

	// Construct statement: "ProgramKey (new key) speaksfor Principal Name"
	// ToPrincipal retrieves key's Tao Principal Name.
	k.Cert = cert
	s := &auth.Speaksfor{
		Delegate:  k.SigningKey.ToPrincipal(),
		Delegator: self}
	if s == nil {
		return nil, nil, errors.New("Can't produce speaksfor")
	}

	// Sign attestation statement
	k.Delegation, err = t.Attest(&self, nil, nil, s)
	if err != nil {
		return nil, nil, err
	}
	_, _ = auth.UnmarshalForm(k.Delegation.SerializedStatement)
	return k, derCert, nil
}
func generatePolicyKey(t *testing.T) (*tao.Keys, *x509.Certificate) {
	k, err := tao.NewTemporaryKeys(tao.Signing)
	if k == nil || err != nil {
		t.Fatal("Can't generate signing key")
	}
	us := "US"
	google := "Google"
	subjectName := "Policy"
	details := tao.X509Details{
		Country:      &us,
		Organization: &google,
		CommonName:   &subjectName}
	subjectname := tao.NewX509Name(&details)
	cert, err := k.SigningKey.CreateSelfSignedX509(subjectname)
	if err != nil {
		t.Fatal("Can't self sign cert\n")
	}
	return k, cert
}
Exemple #9
0
func generateAttestation(signingKey *tao.Keys, delegator *auth.Prin) (*tao.Keys, *tao.Attestation) {
	k, err := tao.NewTemporaryKeys(tao.Signing)
	if k == nil || err != nil {
		log.Fatalln("Can't generate signing key")
	}
	speaksFor := &auth.Speaksfor{
		Delegate:  k.SigningKey.ToPrincipal(),
		Delegator: delegator,
	}
	says := &auth.Says{
		Speaker:    signingKey.SigningKey.ToPrincipal(),
		Time:       nil,
		Expiration: nil,
		Message:    speaksFor,
	}
	att, err := tao.GenerateAttestation(signingKey.SigningKey, nil, *says)
	if err != nil {
		log.Fatalln(err)
	}
	return k, att
}
Exemple #10
0
func generateEndorsementCertficate(policyKey *tao.Keys, policyCert *x509.Certificate) (*tao.Keys,
	*x509.Certificate) {
	k, err := tao.NewTemporaryKeys(tao.Signing)
	if k == nil || err != nil {
		log.Fatalln("Can't generate signing key")
	}
	us := "US"
	google := "Google"
	machineName := "Encoded Machine Information"
	details := tao.X509Details{
		Country:      &us,
		Organization: &google,
		CommonName:   &machineName}
	subject := tao.NewX509Name(&details)
	cert, err := policyKey.SigningKey.CreateSignedX509(
		policyCert, 0, k.SigningKey.GetVerifier(), subject)
	if err != nil {
		log.Fatalln(err)
	}
	return k, cert
}
Exemple #11
0
func main() {
	flag.Parse()
	domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
	if err != nil {
		glog.Exitf("Couldn't load the config path %s: %s\n", *configPath, err)
		return
	}

	// Set up temporary keys for the connection, since the only thing that
	// matters to the remote client is that they receive a correctly-signed new
	// attestation from the policy key.
	keys, err := tao.NewTemporaryKeys(tao.Signing)
	if err != nil {
		glog.Exit("Couldn't set up temporary keys for the connection:", err)
		return
	}
	keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
		Organization: []string{"Google Tao Demo"}})
	if err != nil {
		glog.Exit("Couldn't set up a self-signed cert:", err)
		return
	}

	sock, err := net.Listen(*network, *addr)
	if err != nil {
		glog.Exit("Couldn't bind socket to address:", err)
		return
	}

	fmt.Println("tcca: accepting connections")
	for {
		conn, err := sock.Accept()
		if err != nil {
			glog.Exitf("Couldn't accept a connection on %s: %s", *addr, err)
			return
		}

		go tao.HandleCARequest(conn, domain.Keys.SigningKey, domain.Guard)
	}
}
func generatePolicyKeyAndSignedDirective(params Params) (*tao.Keys, *DirectiveMessage, error) {
	var programName auth.Term
	if params.Delegate != nil {
		programName = params.Delegate
	} else {
		programName = Delegate
	}
	var serializedObjectId auth.Term
	if params.SerializedObjectId != nil {
		serializedObjectId = params.SerializedObjectId
	} else {
		bytes, err := proto.Marshal(&ProtectedObjectId)
		if err != nil {
			return nil, nil, err
		}
		serializedObjectId = auth.Bytes(bytes)
	}
	terms := []auth.Term{programName, serializedObjectId}
	if params.CanReadTerms != nil {
		terms = params.CanReadTerms
	}
	var canRead auth.Form
	if params.CanRead != nil {
		canRead = params.CanRead
	} else {
		canRead = auth.Pred{
			Name: ReadPredicate,
			Arg:  terms,
		}
	}
	policyKey, err := tao.NewTemporaryKeys(tao.Signing)
	if err != nil {
		return nil, nil, err
	}
	info := x509Info
	name := policyKey.SigningKey.ToPrincipal().String()
	info.CommonName = &name
	subject := tao.NewX509Name(&info)
	policyKey.Cert, err = policyKey.SigningKey.CreateSelfSignedX509(subject)
	if err != nil {
		return nil, nil, err
	}
	var says auth.Form
	if params.Says != nil {
		says = params.Says
	} else {
		says = auth.Says{
			Speaker:    policyKey.SigningKey.ToPrincipal(),
			Time:       nil,
			Expiration: nil,
			Message:    canRead,
		}
	}
	serializedSays := auth.Marshal(says)
	var directiveType *DirectiveMessageDirectiveType
	if params.DirectiveType != nil {
		directiveType = params.DirectiveType
	} else {
		directiveType = DirectiveMessage_SECRET_DISCLOSURE.Enum()
	}
	var signature []byte
	if params.Signature != nil {
		signature = params.Signature
	} else {
		signature, err = policyKey.SigningKey.Sign(serializedSays, SigningContext)
		if err != nil {
			return nil, nil, err
		}
	}
	var signer []byte
	if params.Signer != nil {
		signer = params.Signer
	} else {
		signer = auth.Marshal(policyKey.SigningKey.ToPrincipal())
	}
	directive := &DirectiveMessage{
		Type:                directiveType,
		SerializedStatement: serializedSays,
		Signature:           signature,
		Signer:              signer,
	}
	return policyKey, directive, nil
}
func main() {
	flag.Parse()
	domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
	if domain == nil {
		log.Printf("simpledomainservice: no domain path - %s, pass - %s, err - %s\n",
			*configPath, *domainPass, err)
		return
	} else if err != nil {
		log.Printf("simpledomainservice: Couldn't load the config path %s: %s\n",
			*configPath, err)
		return
	}
	log.Printf("simpledomainservice: Loaded domain\n")

	// Set up temporary keys for the connection, since the only thing that
	// matters to the remote client is that they receive a correctly-signed new
	// attestation from the policy key.
	// JLM:  I left this in place but I'm not sure what a TLS connection with a
	//   self signed Cert buys in terms of security.
	//   The security of this protocol should not depend on the
	//   confidentiality or intergity of the channel.  All that said, if we
	//   do ever distribute a signed simpledomainservice cert
	// for this TLS channel, it would be good.
	keys, err := tao.NewTemporaryKeys(tao.Signing)
	if keys == nil || err != nil {
		log.Fatalln("simpledomainservice: Couldn't set up temporary keys for connection:", err)
		return
	}
	keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
		Organization: []string{"Google Tao Demo"}})
	if err != nil {
		log.Fatalln("simpledomainservice: Couldn't set up a self-signed cert:", err)
		return
	}
	SerialNumber = int64(time.Now().UnixNano()) / (1000000)
	policyKey := domain.Keys
	fmt.Printf("\nSimpleDomainService: policyKey: %x\n", policyKey)

	tlsc, err := tao.EncodeTLSCert(keys)
	if err != nil {
		log.Fatalln("simpledomainservice: Couldn't encode a TLS cert:", err)
	}
	conf := &tls.Config{
		RootCAs:            x509.NewCertPool(),
		Certificates:       []tls.Certificate{*tlsc},
		InsecureSkipVerify: true,
		ClientAuth:         tls.RequireAnyClientCert,
	}
	sock, err := tls.Listen(*network, *addr, conf)
	if err != nil {
		log.Printf("simpledomainservice: error: %s\n", err)
	}
	if sock == nil {
		log.Printf("simpledomainservice: Empty socket, terminating\n")
		return
	}
	defer sock.Close()

	log.Printf("simpledomainservice: accepting connections\n")
	fmt.Printf("\n\nsimpledomainservice: accepting connections\n")
	for {
		conn, err := sock.Accept()
		if conn == nil {
			fmt.Printf("simpledomainservice: Empty connection\n")
			log.Printf("simpledomainservice: Empty connection\n")
			return
		} else if err != nil {
			fmt.Printf("simpledomainservice: Couldn't accept a connection on %s: %s\n", *addr, err)
			log.Printf("simpledomainservice: Couldn't accept a connection on %s: %s\n", *addr, err)
			return
		}
		go DomainRequest(conn, policyKey, domain.Guard)
	}
	log.Printf("simpledomainservice: finishing\n")
}