// This program creates a key hierarchy consisting of a // primary key, and quoting key for cloudproxy and saves the context. func main() { keySize := flag.Int("modulusSize", 2048, "Modulus size for keys") rootContextFileName := flag.String("rootContextFile", "rootContext.bin", "Root context file") quoteContextFileName := flag.String("quoteContextFile", "quoteContext.bin", "Quote context file") storeContextFileName := flag.String("storeContextFile", "storeContext.bin", "Store context file") pcrList := flag.String("pcrList", "7", "Pcr list") flag.Parse() fmt.Printf("Pcr list: %s\n", *pcrList) // Open tpm rw, err := tpm2.OpenTPM("/dev/tpm0") if err != nil { fmt.Printf("OpenTPM failed %s\n", err) return } defer rw.Close() // Flushall err = tpm2.Flushall(rw) if err != nil { fmt.Printf("Flushall failed\n") return } pcrs, err := tpm2.StringToIntList(*pcrList) if err != nil { fmt.Printf("Can't format pcr list\n") return } err = tpm2.InitTpm2Keys(rw, pcrs, uint16(*keySize), uint16(tpm2.AlgTPM_ALG_SHA1), "", *rootContextFileName, *quoteContextFileName, *storeContextFileName) if err == nil { fmt.Printf("Key creation succeeded\n") } else { fmt.Printf("Key creation failed\n") } return }
// This program creates a key hierarchy consisting of a // primary key, and quoting key for cloudproxy // and makes their handles permanent. func main() { keySize := flag.Int("modulus size", 2048, "Modulus size for keys") policyKeyFile := flag.String("Policy save file", "policy.go.bin", "policy save file") policyKeyPassword := flag.String("Policy key password", "xxzzy", "policy key password") policyCertFile := flag.String("Policy cert save file", "policy.cert.go.der", "policy cert save file") flag.Parse() // Open tpm rw, err := tpm2.OpenTPM("/dev/tpm0") if err != nil { fmt.Printf("OpenTPM failed %s\n", err) return } defer rw.Close() // Flushall err = tpm2.Flushall(rw) if err != nil { fmt.Printf("Flushall failed\n") return } var notBefore time.Time notBefore = time.Now() validFor := 365 * 24 * time.Hour notAfter := notBefore.Add(validFor) policyKey, err := rsa.GenerateKey(rand.Reader, *keySize) if err != nil { fmt.Printf("Can't generate policy key\n") return } fmt.Printf("policyKey: %x\n", policyKey) derPolicyCert, err := tpm2.GenerateSelfSignedCertFromKey(policyKey, "Cloudproxy Authority", "Application Policy Key", tpm2.GetSerialNumber(), notBefore, notAfter) fmt.Printf("policyKey: %x\n", policyKey) ioutil.WriteFile(*policyCertFile, derPolicyCert, 0644) if err != nil { fmt.Printf("Can't write policy cert\n") return } // Marshal policy key serializedPolicyKey, err := tpm2.SerializeRsaPrivateKey(policyKey) if err != nil { fmt.Printf("Cant serialize rsa key\n") return } ioutil.WriteFile(*policyKeyFile, serializedPolicyKey, 0644) if err == nil { fmt.Printf("Policy Key generation succeeded, password: %s\n", *policyKeyPassword) } else { fmt.Printf("Policy Key generation failed\n") } }
// This program makes the endorsement certificate given the Policy key. func main() { keySize := flag.Int("modulus size", 2048, "Modulus size for keys") keyName := flag.String("Endorsement key name", "JohnsHw", "endorsement key name") endorsementCertFile := flag.String("Endorsement save file", "endorsement.cert.der", "endorsement save file") policyCertFile := flag.String("Policy cert file", "policy.cert.go.der", "cert file") policyKeyFile := flag.String("Policy key file", "policy.go.bin", "policy save file") policyKeyPassword := flag.String("Policy key password", "xxzzy", "policy key password") flag.Parse() fmt.Printf("Policy key password: %s\n", *policyKeyPassword) // TODO pcrs := []int{7} // Open tpm rw, err := tpm2.OpenTPM("/dev/tpm0") if err != nil { fmt.Printf("OpenTPM failed %s\n", err) return } defer rw.Close() // Flushall err = tpm2.Flushall(rw) if err != nil { fmt.Printf("Flushall failed\n") return } var notBefore time.Time notBefore = time.Now() validFor := 365 * 24 * time.Hour notAfter := notBefore.Add(validFor) serializePolicyKey, err := ioutil.ReadFile(*policyKeyFile) if err != nil { fmt.Printf("Can't get serialized policy key\n") return } derPolicyCert, err := ioutil.ReadFile(*policyCertFile) if err != nil { fmt.Printf("Can't get policy cert %s\n", *policyCertFile) return } policyKey, err := tpm2.DeserializeRsaKey(serializePolicyKey) if err != nil { fmt.Printf("Can't get deserialize policy key\n") return } ekHandle, _, err := tpm2.CreateEndorsement(rw, uint16(*keySize), pcrs) if err != nil { fmt.Printf("Can't CreateEndorsement\n") return } defer tpm2.FlushContext(rw, ekHandle) endorsementCert, err := tpm2.GenerateHWCert(rw, ekHandle, *keyName, notBefore, notAfter, tpm2.GetSerialNumber(), derPolicyCert, policyKey) if err != nil { fmt.Printf("Can't create endorsement cert\n") } fmt.Printf("Endorsement cert: %x\n", endorsementCert) ioutil.WriteFile(*endorsementCertFile, endorsementCert, 0644) fmt.Printf("Endorsement cert created") }