func TestACLGuardSaveACLs(t *testing.T) {
s, err := GenerateSigner()
if err != nil {
t.Fatal("Couldn't generate a signer")
}
tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
defer os.RemoveAll(tmpdir)
p := auth.NewKeyPrin([]byte(`Fake key`))
if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
t.Fatal("Couldn't authorize a simple operation:", err)
}
if err := tg.Save(s); err != nil {
t.Fatal("Couldn't save the file")
}
config := ACLGuardDetails{SignedAclsPath: proto.String(path.Join(tmpdir, "acls"))}
v := s.GetVerifier()
aclg, err := LoadACLGuard(v, config)
if err != nil {
t.Fatal("Couldn't load the ACLs:", err)
}
if aclg.RuleCount() != tg.RuleCount() {
t.Fatal("Wrong number of rules in loaded ACLGuard")
}
if aclg.String() != tg.String() {
t.Fatal("Wrong string representation of loaded ACLGuard")
}
}
func TestACLGuardDoubleAuthorize(t *testing.T) {
s, err := GenerateSigner()
if err != nil {
t.Fatal("Couldn't generate a signer")
}
tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
defer os.RemoveAll(tmpdir)
p := auth.NewKeyPrin([]byte(`Fake key`))
if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
t.Fatal("Couldn't authorize a simple operation:", err)
}
// So nice, we authorize it twice.
if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
t.Fatal("Couldn't authorize a simple operation:", err)
}
if !tg.IsAuthorized(p, "Write", []string{"filename"}) {
t.Fatal("A rule that was added to the ACL was not present")
}
if err := tg.Retract(p, "Write", []string{"filename"}); err != nil {
t.Fatal("Couldn't retract an existing double-added rule:", err)
}
if tg.IsAuthorized(p, "Write", []string{"filename"}) {
t.Fatal("A rule was still authorized after it was retracted")
}
}
func TestSoftTaoAttest(t *testing.T) {
ft, err := NewSoftTao("", nil)
if err != nil {
t.Fatal("Couldn't initialize a SoftTao in memory:", err)
}
self, err := ft.GetTaoName()
if err != nil {
t.Fatal("Couldn't get own name:", err)
}
stmt := auth.Speaksfor{
Delegate: auth.NewKeyPrin([]byte("BogusKeyBytes1")),
Delegator: self,
}
a, err := ft.Attest(nil, nil, nil, stmt)
if err != nil {
t.Fatal("Couldn't attest to a statement in the SoftTao:", err)
}
// Make sure the attestation passes basic sanity checks.
_, err = a.Validate()
if err != nil {
t.Fatalf("The attestation produced by the SoftTao didn't pass validation: %s", err)
}
}
// ToPrincipal produces a "key" type Prin for this signer. This contains a
// serialized CryptoKey for the public half of this signing key.
func (s *Signer) ToPrincipal() auth.Prin {
ck := MarshalPublicSignerProto(s)
// proto.Marshal won't fail here since we fill all required fields of the
// message. Propagating impossible errors just leads to clutter later.
data, _ := proto.Marshal(ck)
return auth.NewKeyPrin(data)
}
func TestACLGuardSignedSubprincipal(t *testing.T) {
s, err := GenerateSigner()
if err != nil {
t.Fatal("Couldn't generate a signer")
}
tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
defer os.RemoveAll(tmpdir)
p := auth.NewKeyPrin([]byte(`Fake key`))
if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
t.Fatal("Couldn't authorize a simple operation:", err)
}
name := tg.Subprincipal().String()
k := s.ToPrincipal().String()
if name != ".ACLGuard("+k+")" {
t.Fatalf("ACL guard has wrong name: %v", name)
}
}
func TestTPMTaoAttest(t *testing.T) {
aikblob, err := ioutil.ReadFile("./aikblob")
if err != nil {
t.Skip("Skipping tests, since there's no ./aikblob file")
}
tpmtao, err := NewTPMTao("/dev/tpm0", aikblob, []int{17, 18})
if err != nil {
t.Skip("Couldn't create a new TPM Tao:", err)
}
tt, ok := tpmtao.(*TPMTao)
if !ok {
t.Fatal("Failed to create the right kind of Tao object from NewTPMTao")
}
defer CleanUpTPMTao(tt)
// Set up a fake key delegation.
taoname, err := tpmtao.GetTaoName()
if err != nil {
t.Fatal("Couldn't get the name of the tao:", err)
}
stmt := auth.Speaksfor{
Delegate: auth.NewKeyPrin([]byte(`FakeKeyBytes`)),
Delegator: taoname,
}
// Let the TPMTao set up the issuer and time and expiration.
a, err := tpmtao.Attest(nil, nil, nil, stmt)
if err != nil {
t.Fatal("Couldn't attest to a key delegation:", err)
}
says, err := a.Validate()
if err != nil {
t.Fatal("The attestation didn't pass validation:", err)
}
t.Logf("Got valid statement %s\n", says)
}
func TestACLGuardAuthorize(t *testing.T) {
s, err := GenerateSigner()
if err != nil {
t.Fatal("Couldn't generate a signer")
}
tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
defer os.RemoveAll(tmpdir)
p := auth.NewKeyPrin([]byte(`Fake key`))
if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
t.Fatal("Couldn't authorize a simple operation:", err)
}
if !tg.IsAuthorized(p, "Write", []string{"filename"}) {
t.Fatal("A rule that was added to the ACL was not present")
}
if tg.IsAuthorized(p, "Write", []string{"file"}) {
t.Fatal("A rule was authorized even though it has the wrong file name")
}
if tg.IsAuthorized(p, "Read", []string{"filename"}) {
t.Fatal("A rule was authorized even though it has the wrong op")
}
if tg.IsAuthorized(auth.Prin{}, "Write", []string{"filename"}) {
t.Fatal("A rule was authorized even though it has the wrong principal")
}
if err := tg.Retract(p, "Write", []string{"filename"}); err != nil {
t.Fatal("Couldn't retract an existing rule:", err)
}
if tg.IsAuthorized(p, "Write", []string{"filename"}) {
t.Fatal("A rule was still authorized after it was retracted")
}
}
func main() {
ecpK, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
}
ecPK := ecpK.Public()
if ecPK == nil {
}
eckp := ecPK.(*ecdsa.PublicKey)
fmt.Printf("eckp: %x\n", eckp)
fmt.Printf("Curve: %x, X: %x, Y: %x\n",
eckp.Curve, eckp.X, eckp.Y)
ck := marshalPublicKeyProto(eckp)
if ecPK == nil {
}
fmt.Printf("ck: %x\n", ck)
data, _ := proto.Marshal(ck)
fmt.Printf("data: %x\n", data)
kprin := auth.NewKeyPrin(data)
fmt.Printf("kprin: %x\n", kprin)
c_gen_prin, err := ioutil.ReadFile("/Domains/keyprin")
fmt.Printf("From c: %x\n", c_gen_prin)
}
func makeACLGuard() (*ACLGuard, *Keys, string, error) {
tmpDir, err := ioutil.TempDir("", "acl_guard_test")
if err != nil {
return nil, nil, "",
fmt.Errorf("Couldn't get a temp directory for the ACL guard test")
}
keys, err := NewTemporaryKeys(Signing)
if err != nil {
return nil, nil, "", err
}
config := ACLGuardDetails{
SignedAclsPath: proto.String(path.Join(tmpDir, "acls")),
}
tg := NewACLGuard(keys.VerifyingKey, config)
// Add a bogus rule.
p := auth.NewKeyPrin([]byte(`Fake key`))
if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
return nil, nil, "", err
}
return tg.(*ACLGuard), keys, tmpDir, err
}
if err != nil {
return nil, nil, "", err
}
// Add a bogus rule.
bogusOSString := `ext.PCRs("17, 18", "000, 000")`
var prin auth.PrinTail
fmt.Sscanf(bogusOSString, "%s", &prin)
pred := auth.MakePredicate("BogusTPM", prin)
if err = g.AddRule(fmt.Sprint(pred)); err != nil {
return nil, nil, "", err
}
return g, keys, tmpdir, nil
}
var subj = auth.NewKeyPrin([]byte("test1")) // key([1b4f0e9851971998e732078544c96b36c3d01cedf7caa332359d6f1d83567014])
var subj2 = auth.NewKeyPrin([]byte("test2")) // key([60303ae22b998861bce3b28f33eec1be758a213c86c93c076dbe9f558c11c752])
func TestDatalogSaveReload(t *testing.T) {
g, keys, tmpdir, err := makeDatalogGuard()
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpdir)
err = g.Save(keys.SigningKey)
if err != nil {
t.Fatal(err)
}
err = g.ReloadIfModified()
if err != nil {
t.Fatal(err)
// ToPrincipal produces a "key" type Prin for this verifier. This contains a
// hash of a serialized CryptoKey for this key.
func (v *Verifier) ToPrincipal() auth.Prin {
return auth.NewKeyPrin(v.MarshalKey())
}
func TestTPM2TaoAttest(t *testing.T) {
// Fix
hash_alg_id := uint16(tpm2.AlgTPM_ALG_SHA1)
tpmtao, err := NewTPM2Tao("/dev/tpm0", "../tpm2/tmptest", []int{17, 18})
if err != nil {
t.Skip("Couldn't create a new TPM Tao:", err)
}
tt, ok := tpmtao.(*TPM2Tao)
if !ok {
t.Fatal("Failed to create the right kind of Tao object from NewTPM2Tao")
}
defer cleanUpTPM2Tao(tt)
// Set up a fake key delegation.
taoname, err := tpmtao.GetTaoName()
if err != nil {
t.Fatal("Couldn't get the name of the tao:", err)
}
stmt := auth.Speaksfor{
Delegate: auth.NewKeyPrin([]byte(`FakeKeyBytes`)),
Delegator: taoname,
}
// Let the TPMTao set up the issuer and time and expiration.
a, err := tpmtao.Attest(nil, nil, nil, stmt)
if err != nil {
t.Fatal("Couldn't attest to a key delegation:", err)
}
digests, err := tt.ReadPcrs([]int{17, 18}) // tt.pcrs
if err != nil {
t.Fatal("ReadPcrs failed\n")
}
var allDigests []byte
for i := 0; i < len(digests); i++ {
allDigests = append(allDigests, digests[i]...)
}
computedDigest, err := tpm2.ComputeHashValue(hash_alg_id, allDigests)
if err != nil {
t.Fatal("Can't compute combined quote digest")
}
fmt.Printf("Pcr combined digest: %x\n", computedDigest)
pms, err := tpm2.UnmarshalCertifyInfo(a.Tpm2QuoteStructure)
if err != nil {
fmt.Printf("a.Tpm2QuoteStructure: %x\n", a.Tpm2QuoteStructure)
t.Fatal("Can't unmarshal quote structure\n")
}
tpm2.PrintAttestData(pms)
key, _ := tt.GetRsaQuoteKey()
ok, err = tpm2.VerifyTpm2Quote(a.SerializedStatement, tt.GetPcrNums(),
computedDigest, a.Tpm2QuoteStructure, a.Signature, key)
if err != nil {
t.Fatal("VerifyQuote error")
}
if !ok {
t.Fatal("VerifyQuote succeeds")
}
}
if err != nil {
return nil, nil, "", err
}
// Add a bogus rule.
bogusOSString := `ext.PCRs("17, 18", "000, 000")`
var prin auth.PrinTail
fmt.Sscanf(bogusOSString, "%s", &prin)
pred := auth.MakePredicate("BogusTPM", prin)
if err = g.AddRule(fmt.Sprint(pred)); err != nil {
return nil, nil, "", err
}
return g, keys, tmpdir, nil
}
var subj = auth.NewKeyPrin([]byte("test1"))
var subj2 = auth.NewKeyPrin([]byte("test2"))
func TestDatalogSaveReload(t *testing.T) {
g, keys, tmpdir, err := makeDatalogGuard()
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpdir)
err = g.Save(keys.SigningKey)
if err != nil {
t.Fatal(err)
}
err = g.ReloadIfModified()
if err != nil {
t.Fatal(err)
// Test that a client can correctly verify that the server is allowed to
// execute according to the policy. The policy is set up and the policy
// key is used to attest to the identity of the server. The attestation
// includes an endorsement of the service itself. The client verifies the
// endorsement and adds the predicate to the policy before checking it.
func TestCachingDatalogValidatePeerAttestation(t *testing.T) {
network := "tcp"
addr := "localhost:0"
ttl := int64(1)
tmpDir := "/tmp/domain_test"
// Set up the TaoCA.
ch := make(chan bool)
cal, err := net.Listen(network, addr)
if err != nil {
t.Fatal(err)
}
defer cal.Close()
addr = cal.Addr().String()
// Set up the policy domain and a public, cached version.
policy, pub, err := makeTestDomains(tmpDir, network, addr, ttl)
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpDir)
defer os.RemoveAll(tmpDir + ".pub")
// Set up policy. A key being authorized to execute is of course nonsense;
// this is only meant to test that ValidatePeerAttestation() properly adds
// the endoresement to the policy.
rule := "(forall K: TrustedKey(K) implies Authorized(K, \"Execute\"))"
if err := policy.Guard.AddRule(rule); err != nil {
t.Errorf("could not add rule : %s", err)
return
}
// Generate a set of keys for the Tao-delegated server.
k, err := NewTemporaryTaoDelegatedKeys(Signing|Crypting|Deriving, nil)
if err != nil {
t.Error("failed to generate keys:", err)
return
}
k.dir = tmpDir
// Generate an attesation of the statements: "k.VerifyingKey speaks for
// key(K)" and "TrustedKey(key(K))" signed by the policy key and set to
// k.Delegation.
prin := auth.NewKeyPrin([]byte("This is a terrible key."))
pred := auth.Pred{
Name: "TrustedKey",
Arg: []auth.Term{prin},
}
sf := auth.Speaksfor{
Delegate: k.SigningKey.ToPrincipal(),
Delegator: prin,
}
stmt := auth.Says{
Speaker: policy.Keys.SigningKey.ToPrincipal(),
Time: nil,
Expiration: nil,
Message: sf,
}
if k.Delegation, err = GenerateAttestation(policy.Keys.SigningKey, nil, stmt); err != nil {
t.Error("failed to attest to speaksfor:", err)
return
}
e := auth.Says{
Speaker: policy.Keys.SigningKey.ToPrincipal(),
Message: pred,
}
ea, err := GenerateAttestation(policy.Keys.SigningKey, nil, e)
if err != nil {
t.Error("failed to attest to endorsement:", err)
return
}
eab, err := proto.Marshal(ea)
if err != nil {
t.Error("failed to marshal attested endorsement:", err)
return
}
k.Delegation.SerializedEndorsements = [][]byte{eab}
// Generate an x509 certificate for the Tao-delegated server.
k.Cert, err = k.SigningKey.CreateSelfSignedX509(&pkix.Name{
Organization: []string{"Identity of some Tao service"}})
if err != nil {
t.Error("failed to generate x509 certificate:", err)
return
}
// Run the TaoCA. This handles one request and then exits.
go runTCCA(t, cal, policy.Keys, policy.Guard, ch)
// Add any verified predicates to the policy. This will cause a
// policy query to the TaoCA.
if err = AddEndorsements(pub.Guard, k.Delegation, pub.Keys.VerifyingKey); err != nil {
t.Error("failed to add endorsements:", err)
t.Errorf("pub verifier key is %v\n", pub.Keys.VerifyingKey.ToPrincipal())
t.Errorf("policy ssigning key is %v\n", policy.Keys.SigningKey.ToPrincipal())
t.Errorf("k signing key is %v\n", k.SigningKey.ToPrincipal())
return
}
<-ch
// Finally, the client verifies the Tao-delegated server is allowed to
// execute.
if err = ValidatePeerAttestation(k.Delegation, k.Cert, pub.Guard); err != nil {
t.Error("failed to verity attestation:", err)
}
}
"github.com/golang/protobuf/proto"
"github.com/jlmucb/cloudproxy/go/tao/auth"
)
// TODO(cjpatton) Add a test case to show it fails properly when the rules
// can't be loaded, e.g. when there is no network config.
// TODO(cjaptton) Use t.Error() to log errors instead of t.Fatal() in the case
// that a recoverable error occured.
// TODO(cjpatton) Write request to poll every few seconds until a connection is
// established,
// TODO(cjpatton) Modify CreatePublicCachedDomain() to accept either (network,addr) or a
// net.Conn. Modify this test to use net.Pipe instead of the loopback interface here.
var password = make([]byte, 32)
var prin = auth.NewKeyPrin([]byte("Alice"))
func makeTestDomains(configDir, network, addr string, ttl int64) (policy *Domain, public *Domain, err error) {
// Create a domain with a Datalog guard and policy keys.
var policyDomainConfig DomainConfig
policyDomainConfig.SetDefaults()
policyDomainConfig.DomainInfo.GuardType = proto.String("Datalog")
policyDomainConfig.DatalogGuardInfo = &DatalogGuardDetails{
SignedRulesPath: proto.String("rules"),
}
configPath := path.Join(configDir, "tao.config")
policy, err = CreateDomain(policyDomainConfig, configPath, password)
if err != nil {
return nil, nil, err
// limitations under the License.
package tao
import (
"io/ioutil"
"os"
"path"
"testing"
"github.com/golang/protobuf/proto"
"github.com/jlmucb/cloudproxy/go/tao/auth"
)
var testDomainPassword = []byte(`insecure dummy password`)
var authPrin = auth.NewKeyPrin([]byte(`fake key`))
func testNewACLDomain(t *testing.T) (*Domain, string) {
tmpdir, err := ioutil.TempDir("/tmp", "acl_domain_test")
if err != nil {
t.Fatal("Couldn't get a temp directory for the new ACL guard:", err)
}
var dcfg DomainConfig
dcfg.DomainInfo = &DomainDetails{
Name: proto.String("Test"),
PolicyKeysPath: proto.String("keys"),
GuardType: proto.String("ACLs"),
}
dcfg.SetDefaults()
dcfg.AclGuardInfo = &ACLGuardDetails{SignedAclsPath: proto.String("acls")}
t.Fatal("Wrong subprincipal name for trivial liberal guard")
}
return tg
}
func testNewTrivialConservativeGuard(t *testing.T) Guard {
tg := ConservativeGuard
if tg.Subprincipal().String() != `.TrivialGuard("Conservative")` {
t.Fatal("Wrong subprincipal name for trivial conservative guard")
}
return tg
}
var testPrin = auth.NewKeyPrin([]byte("testkey"))
func testTrivialGuardAuthorize(t *testing.T, tg Guard, expect bool) {
if err := tg.Authorize(testPrin, "testop", []string{}); (err == nil) != expect {
t.Fatal("Authorize command unexpected result on trivial guard")
}
}
func testTrivialGuardRetract(t *testing.T, tg Guard, expect bool) {
if err := tg.Retract(testPrin, "testop", []string{}); (err == nil) != expect {
t.Fatal("Retract command unexpected result on trivial guard")
}
}
func testTrivialGuardIsAuthorized(t *testing.T, tg Guard, expect bool) {
b := tg.IsAuthorized(testPrin, "testop", []string{})
