Esempio n. 1
0
func MakeTPMPrin(verifier *rsa.PublicKey, pcrNums []int, pcrVals [][]byte) (auth.Prin, error) {
	aik, err := x509.MarshalPKIXPublicKey(verifier)
	if err != nil {
		return auth.Prin{}, err
	}

	name := auth.NewTPMPrin(aik)

	asp := auth.PrinExt{
		Name: "PCRs",
		Arg:  make([]auth.Term, 2),
	}
	var pcrNumStrs []string
	for _, v := range pcrNums {
		pcrNumStrs = append(pcrNumStrs, strconv.Itoa(v))
	}
	asp.Arg[0] = auth.Str(strings.Join(pcrNumStrs, ","))

	var pcrValStrs []string
	for _, p := range pcrVals {
		pcrValStrs = append(pcrValStrs, hex.EncodeToString(p))
	}
	asp.Arg[1] = auth.Str(strings.Join(pcrValStrs, ","))

	// The PCRs are the first extension of the name.
	name.Ext = []auth.PrinExt{asp}

	return name, nil
}
func TestVerifyDirectiveWithBadPredicate_badTerms(t *testing.T) {
	params := Params{
		CanRead: auth.Pred{
			Name: ReadPredicate,
			Arg:  []auth.Term{auth.Int(0), auth.Str(""), auth.Str("a")},
			// TODO: Note make([]auth.Term, 3) above causes NPE in auth.Marshal(thisPred)
			// Is that a bug?
		},
	}
	expectError(&params, t)
}
Esempio n. 3
0
func createPredicateString(name auth.Prin, op string, args []string) string {
	p := auth.Pred{
		Name: "Authorized",
		Arg:  make([]auth.Term, len(args)+2),
	}
	p.Arg[0] = name
	p.Arg[1] = auth.Str(op)
	for i, s := range args {
		p.Arg[i+2] = auth.Str(s)
	}

	return p.String()
}
Esempio n. 4
0
// This function reads in trusted entities from a file at trustedEntitiesPath. In particular,
// this file contains the text representation of a trusted_entities proto message, which contains
// the Tao names of trusted programs and hosts, information about trusted machines and trusted
// machine certificates.
// For each such trusted entity, this function adds ACL rules to the domain guard, and saves
// the changes before returning.
func InitAcls(domain *tao.Domain, trustedEntitiesPath string) error {
	text, err := ioutil.ReadFile(trustedEntitiesPath)
	if err != nil {
		log.Printf("Can't open trusted entities file: %s", trustedEntitiesPath)
		return err
	}
	trustedEntities := TrustedEntities{}
	err = proto.UnmarshalText(string(text), &trustedEntities)
	if err != nil {
		log.Printf("Can't parse trusted entities file: %s", trustedEntitiesPath)
		return err
	}
	for _, programTaoName := range trustedEntities.GetTrustedProgramTaoNames() {
		var programPrin auth.Prin
		_, err := fmt.Sscanf(programTaoName, "%v", &programPrin)
		if err != nil {
			log.Printf("Can't create program principal from: %s\nError: %s",
				programTaoName, err)
			return err
		}
		err = domain.Guard.Authorize(programPrin, "Execute", []string{})
		if err != nil {
			log.Printf("Can't authorize principal: %s\nError: %s", programPrin, err)
			return err
		}
	}
	for _, hostTaoName := range trustedEntities.GetTrustedHostTaoNames() {
		var hostPrin auth.Prin
		_, err := fmt.Sscanf(hostTaoName, "%v", &hostPrin)
		if err != nil {
			log.Printf("Can't create host principal from: %s\nError: %s",
				hostTaoName, err)
			return err
		}
		err = domain.Guard.Authorize(hostPrin, "Host", []string{})
		if err != nil {
			log.Printf("Can't authorize principal: %s\nError: %s", hostPrin, err)
			return err
		}
	}
	for _, machineInfo := range trustedEntities.GetTrustedMachineInfos() {
		machinePrin := auth.Prin{
			Type:    "MachineInfo",
			KeyHash: auth.Str(machineInfo),
		}
		err = domain.Guard.Authorize(machinePrin, "Root", []string{})
		if err != nil {
			log.Printf("Can't authorize principal: %s\nError: %s", machinePrin, err)
			return err
		}
	}
	err = domain.Save()
	if err != nil {
		log.Println("Can't save domain.", err)
	}
	return err
}
Esempio n. 5
0
// Subprincipal returns a subprincipal suitable for contextualizing a program.
func (d *Domain) Subprincipal() auth.SubPrin {
	e := auth.PrinExt{
		Name: "Domain",
		Arg: []auth.Term{
			d.Keys.VerifyingKey.ToPrincipal(),
			auth.Str(d.Config.DomainInfo.GetGuardType()),
		},
	}
	return auth.SubPrin{e}
}
Esempio n. 6
0
func TestInitAcls(t *testing.T) {
	if _, err := os.Stat("./tmpdir"); os.IsNotExist(err) {
		err = os.Mkdir("./tmpdir", 0777)
		if err != nil {
			t.Fatal(err)
		}
	}
	trustedEntities := TrustedEntities{
		TrustedProgramTaoNames: []string{fmt.Sprintf("%v", programName)},
		TrustedHostTaoNames:    []string{fmt.Sprintf("%v", hostName)},
		TrustedMachineInfos:    []string{machineName}}
	f, err := os.Create("./tmpdir/TrustedEntities")
	if err != nil {
		t.Fatal(err)
	}
	err = proto.MarshalText(f, &trustedEntities)
	if err != nil {
		t.Fatal(err)
	}
	err = f.Close()
	if err != nil {
		t.Fatal(err)
	}
	aclGuardType := "ACLs"
	aclGuardPath := "acls"
	cfg := tao.DomainConfig{
		DomainInfo: &tao.DomainDetails{
			GuardType: &aclGuardType},
		AclGuardInfo: &tao.ACLGuardDetails{
			SignedAclsPath: &aclGuardPath}}
	domain, err := tao.CreateDomain(cfg, "./tmpdir/domain", []byte("xxx"))
	if err != nil {
		t.Fatal(err)
	}
	err = InitAcls(domain, "./tmpdir/TrustedEntities")
	if err != nil {
		t.Fatal(err)
	}
	machinePrin := auth.Prin{
		Type:    "MachineInfo",
		KeyHash: auth.Str(machineName),
	}
	if !domain.Guard.IsAuthorized(*programName, "Execute", []string{}) ||
		!domain.Guard.IsAuthorized(*hostName, "Host", []string{}) ||
		!domain.Guard.IsAuthorized(machinePrin, "Root", []string{}) {
		t.Fatal("Authorization checks fail")
	}
	err = os.RemoveAll("./tmpdir")
	if err != nil {
		t.Fatal(err)
	}
}
Esempio n. 7
0
// Subprincipal returns subprincipal TrivialGuard(<policy>).
func (t TrivialGuard) Subprincipal() auth.SubPrin {
	var policy string
	switch t {
	case ConservativeGuard:
		policy = "Conservative"
	case LiberalGuard:
		policy = "Liberal"
	default:
		policy = "Unspecified"
	}
	e := auth.PrinExt{Name: "TrivialGuard", Arg: []auth.Term{auth.Str(policy)}}
	return auth.SubPrin{e}
}
Esempio n. 8
0
// Subprincipal returns a Subprin for the guard.
func (cg *CachedGuard) Subprincipal() auth.SubPrin {
	// TODO(cjpatton) should be "CachedGuard(Datalog).DatalogGuard(...)"
	var guardType string
	switch cg.guardType {
	case Datalog:
		guardType = "Datalog"
	case ACLs:
		guardType = "ACLs"
	}
	e := auth.PrinExt{Name: "CachedGuard",
		Arg: []auth.Term{auth.Str(guardType)}}
	return auth.SubPrin{e}
}
Esempio n. 9
0
func generateGuard(t *testing.T) *tao.Guard {
	guard := tao.NewACLGuard(nil, tao.ACLGuardDetails{})
	err := guard.Authorize(*hostName, "Host", []string{})
	if err != nil {
		t.Fatal("Error adding a rule to the guard", err)
	}
	err = guard.Authorize(*programName, "Execute", []string{})
	if err != nil {
		t.Fatal("Error adding a rule to the guard", err)
	}
	machinePrin := auth.Prin{Type: "MachineInfo", KeyHash: auth.Str(machineName)}
	err = guard.Authorize(machinePrin, "Root", []string{})
	if err != nil {
		t.Fatal("Error adding a rule to the guard", err)
	}
	return &guard
}
Esempio n. 10
0
// Checks the following:
// (1) cert is valid according to one of the rootCerts.
// (2) the subject key of cert corresponds to kPrin.
// (3) the subject CommonName of cert is allowed by guard.
func validateEndorsementCertificate(cert *x509.Certificate, guard tao.Guard,
	kPrin *auth.Prin, rootCerts *x509.CertPool) error {
	verifyOptions := x509.VerifyOptions{Roots: rootCerts}
	_, err := cert.Verify(verifyOptions)
	if err != nil {
		return err
	}
	var hwPublicKey *rsa.PublicKey
	hwPublicKey, ok := cert.PublicKey.(*rsa.PublicKey)
	if !ok {
		key, ok := cert.PublicKey.(rsa.PublicKey)
		if !ok {
			return errors.New("endorsement cert does not contain a valid RSA public key")
		}
		hwPublicKey = &key
	}
	ek, err := x509.MarshalPKIXPublicKey(hwPublicKey)
	if err != nil {
		return err
	}
	hashedCertKey := sha256.Sum256(ek)
	if kPrin.Type != "tpm" && kPrin.Type != "tpm2" {
		return errors.New("key principal to be endorsed is not a TPM key, but it's expected to be")
	}
	hashedBytes, ok := kPrin.KeyHash.(auth.Bytes)
	if !ok {
		return errors.New("key principal to be endorsed does not have bytes as its auth.Term")
	}
	if !bytes.Equal(hashedBytes, hashedCertKey[:]) {
		return errors.New(fmt.Sprintf(
			"endorsement cert endorses %v but needs to endorse %v", hashedCertKey, hashedBytes))
	}
	machinePrin := auth.Prin{
		Type:    "MachineInfo",
		KeyHash: auth.Str(cert.Subject.CommonName),
	}
	if !guard.IsAuthorized(machinePrin, "Root", []string{}) {
		return errors.New(
			"machine endorsed by certificate is not authorized by policy")
	}
	return nil
}
func TestVerifyDirectiveWithBadProtectedObjectId_invalidType(t *testing.T) {
	params := Params{
		SerializedObjectId: auth.Str(""),
	}
	expectError(&params, t)
}
func TestVerifyDirectiveWithBadDelegate(t *testing.T) {
	params := Params{
		Delegate: auth.Str(""),
	}
	expectError(&params, t)
}
Esempio n. 13
0
import (
	"crypto/x509"
	"flag"
	"log"

	"github.com/golang/protobuf/proto"
	"github.com/jlmucb/cloudproxy/go/tao"
	"github.com/jlmucb/cloudproxy/go/tao/auth"

	"github.com/jlmucb/cloudproxy/go/support_infrastructure/domain_service"
)

var hostName = &auth.Prin{
	Type:    "program",
	KeyHash: auth.Str("hostHash")}

var programName = &auth.Prin{
	Type:    "program",
	KeyHash: auth.Str("programHash")}

var network = flag.String("network", "tcp", "The network to use for connections")
var addr = flag.String("addr", "localhost:8124", "The address to listen on")

var domainPass = flag.String("password", "xxx", "The domain password")
var configPath = flag.String("config", "../server/tao.config", "The Tao domain config")

func main() {
	domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
	if domain == nil {
		log.Printf("domainserver: no domain path - %s, pass - %s, err - %s\n",
Esempio n. 14
0
var epoch = int32(1)

var rootName = "RootName"
var rootKey []byte
var rootId *protected_objects.ObjectIdMessage

var name = "KeyName"
var secretType = "key"
var value = []byte("I am a key.")

var domain *tao.Domain
var encKey *tao.Keys

var authorizedPrin = &auth.Prin{
	Type: "program",
	Key:  auth.Str("AuthorizedProgram"),
	Ext:  []auth.PrinExt{}}

var unAuthorizedPrin = &auth.Prin{
	Type: "program",
	Key:  auth.Str("UnAuthorizedProgram"),
	Ext:  []auth.PrinExt{}}

func TestReadObject(t *testing.T) {
	setUpDomain(t)
	l := list.New()
	l.PushFront(createRootKey(t))
	obj := createObject(name, epoch, value, secretType)
	pObj, err := protected_objects.MakeProtectedObject(*obj, rootName, epoch, rootKey)
	failOnError(t, err)
	l.PushFront(*pObj)
Esempio n. 15
0
// FormatCoreOSCommandSubprin produces a string that represents a subprincipal
// with the given ID and hash.
func FormatCoreOSCommandSubprin(cmd string) auth.SubPrin {
	args := []auth.Term{auth.Str(cmd)}
	return auth.SubPrin{auth.PrinExt{Name: "Command", Arg: args}}
}