예제 #1
0
// This program creates a key hierarchy consisting of a
// primary key, and quoting key for cloudproxy and saves the context.
func main() {
	keySize := flag.Int("modulusSize", 2048, "Modulus size for keys")
	rootContextFileName := flag.String("rootContextFile", "rootContext.bin",
		"Root context file")
	quoteContextFileName := flag.String("quoteContextFile",
		"quoteContext.bin", "Quote context file")
	storeContextFileName := flag.String("storeContextFile",
		"storeContext.bin", "Store context file")
	pcrList := flag.String("pcrList", "7", "Pcr list")
	flag.Parse()

	fmt.Printf("Pcr list: %s\n", *pcrList)

	// Open tpm
	rw, err := tpm2.OpenTPM("/dev/tpm0")
	if err != nil {
		fmt.Printf("OpenTPM failed %s\n", err)
		return
	}
	defer rw.Close()

	// Flushall
	err = tpm2.Flushall(rw)
	if err != nil {
		fmt.Printf("Flushall failed\n")
		return
	}

	pcrs, err := tpm2.StringToIntList(*pcrList)
	if err != nil {
		fmt.Printf("Can't format pcr list\n")
		return
	}

	err = tpm2.InitTpm2Keys(rw, pcrs, uint16(*keySize),
		uint16(tpm2.AlgTPM_ALG_SHA1), "", *rootContextFileName,
		*quoteContextFileName, *storeContextFileName)
	if err == nil {
		fmt.Printf("Key creation succeeded\n")
	} else {
		fmt.Printf("Key creation failed\n")
	}
	return
}
예제 #2
0
// This program creates a key hierarchy consisting of a
// primary key, and quoting key for cloudproxy
// and makes their handles permanent.
func main() {
	keySize := flag.Int("modulus size", 2048, "Modulus size for keys")
	policyKeyFile := flag.String("Policy save file", "policy.go.bin",
		"policy save file")
	policyKeyPassword := flag.String("Policy key password", "xxzzy",
		"policy key password")
	policyCertFile := flag.String("Policy cert save file", "policy.cert.go.der",
		"policy cert save file")
	flag.Parse()

	// Open tpm
	rw, err := tpm2.OpenTPM("/dev/tpm0")
	if err != nil {
		fmt.Printf("OpenTPM failed %s\n", err)
		return
	}
	defer rw.Close()

	// Flushall
	err = tpm2.Flushall(rw)
	if err != nil {
		fmt.Printf("Flushall failed\n")
		return
	}
	var notBefore time.Time
	notBefore = time.Now()
	validFor := 365 * 24 * time.Hour
	notAfter := notBefore.Add(validFor)

	policyKey, err := rsa.GenerateKey(rand.Reader, *keySize)
	if err != nil {
		fmt.Printf("Can't generate policy key\n")
		return
	}
	fmt.Printf("policyKey: %x\n", policyKey)

	derPolicyCert, err := tpm2.GenerateSelfSignedCertFromKey(policyKey,
		"Cloudproxy Authority", "Application Policy Key",
		tpm2.GetSerialNumber(), notBefore, notAfter)
	fmt.Printf("policyKey: %x\n", policyKey)
	ioutil.WriteFile(*policyCertFile, derPolicyCert, 0644)
	if err != nil {
		fmt.Printf("Can't write policy cert\n")
		return
	}

	// Marshal policy key
	serializedPolicyKey, err := tpm2.SerializeRsaPrivateKey(policyKey)
	if err != nil {
		fmt.Printf("Cant serialize rsa key\n")
		return
	}

	ioutil.WriteFile(*policyKeyFile, serializedPolicyKey, 0644)
	if err == nil {
		fmt.Printf("Policy Key generation succeeded, password: %s\n",
			*policyKeyPassword)
	} else {
		fmt.Printf("Policy Key generation failed\n")
	}
}
예제 #3
0
// NewTPM2Tao creates a new TPM2Tao and returns it under the Tao interface.
func NewTPM2Tao(tpmPath string, statePath string, pcrNums []int) (Tao, error) {
	var err error
	tt := &TPM2Tao{pcrCount: 24,
		password: ""}

	tt.rw, err = tpm2.OpenTPM(tpmPath)
	if err != nil {
		return nil, err
	}

	// Make sure the TPM2Tao releases all its resources
	runtime.SetFinalizer(tt, FinalizeTPM2Tao)

	tt.pcrs = pcrNums
	tt.path = statePath

	// Create the root key.
	keySize := uint16(2048)
	quotePassword := ""
	//var empty []byte

	rootSaveContext := path.Join(tt.path, "root_context")
	_, rootErr := os.Stat(rootSaveContext)

	quoteSaveContext := path.Join(tt.path, "quote_context")
	_, quoteErr := os.Stat(quoteSaveContext)

	sealSaveContext := path.Join(tt.path, "seal_context")
	_, sealErr := os.Stat(sealSaveContext)

	if rootErr != nil || quoteErr != nil || sealErr != nil {
		if err := tpm2.InitTpm2Keys(tt.rw, tt.pcrs, keySize, uint16(tpm2.AlgTPM_ALG_SHA1), quotePassword, rootSaveContext, quoteSaveContext, sealSaveContext); err != nil {
			return nil, err
		}
	}

	// Read the contexts and public info and use them to load the handles.
	if tt.rootContext, err = ioutil.ReadFile(rootSaveContext); err != nil {
		return nil, fmt.Errorf("Could not read the root context from %s: %v", rootSaveContext, err)
	}

	if tt.quoteContext, err = ioutil.ReadFile(quoteSaveContext); err != nil {
		return nil, fmt.Errorf("Could not read the quote context from %s: %v", quoteSaveContext, err)
	}

	if tt.sealContext, err = ioutil.ReadFile(sealSaveContext); err != nil {
		return nil, fmt.Errorf("Could not read the seal context from %s: %v", sealSaveContext, err)
	}

	if tt.quoteHandle, err = tt.loadQuote(); err != nil {
		return nil, err
	}
	defer tpm2.FlushContext(tt.rw, tt.quoteHandle)

	if tt.verifier, err = tpm2.GetRsaKeyFromHandle(tt.rw, tt.quoteHandle); err != nil {
		return nil, err
	}

	fmt.Fprintf(os.Stderr, "Loaded the handles and the verifier\n")

	// Get the pcr values for the PCR nums.
	tt.pcrNums = make([]int, len(pcrNums))
	for i, v := range pcrNums {
		tt.pcrNums[i] = v
	}

	tt.pcrVals, err = ReadTPM2PCRs(tt.rw, pcrNums)
	if err != nil {
		return nil, err
	}

	// Create principal.
	tt.name, err = MakeTPM2Prin(tt.verifier, tt.pcrNums, tt.pcrVals)
	if err != nil {
		return nil, err
	}

	quoteCertPath := path.Join(tt.path, "quote_cert")
	if _, quoteCertErr := os.Stat(quoteCertPath); quoteCertErr != nil {
		tt.quoteCert, err = getQuoteCert(tt.rw, tt.path, tt.quoteHandle,
			quotePassword, tt.name, tt.verifier)
		if err != nil {
			return nil, err
		}

		if err := ioutil.WriteFile(quoteCertPath, tt.quoteCert, 0644); err != nil {
			return nil, err
		}
	} else {
		if tt.quoteCert, err = ioutil.ReadFile(quoteCertPath); err != nil {
			return nil, err
		}
	}
	fmt.Fprintf(os.Stderr, "Got TPM 2.0 principal name %q\n", tt.name)

	return tt, nil
}
예제 #4
0
// This program makes the endorsement certificate given the Policy key.
func main() {
	keySize := flag.Int("modulus size", 2048, "Modulus size for keys")
	keyName := flag.String("Endorsement key name",
		"JohnsHw", "endorsement key name")
	endorsementCertFile := flag.String("Endorsement save file",
		"endorsement.cert.der", "endorsement save file")
	policyCertFile := flag.String("Policy cert file",
		"policy.cert.go.der", "cert file")
	policyKeyFile := flag.String("Policy key file", "policy.go.bin",
		"policy save file")
	policyKeyPassword := flag.String("Policy key password", "xxzzy",
		"policy key password")
	flag.Parse()
	fmt.Printf("Policy key password: %s\n", *policyKeyPassword)

	// TODO
	pcrs := []int{7}

	// Open tpm
	rw, err := tpm2.OpenTPM("/dev/tpm0")
	if err != nil {
		fmt.Printf("OpenTPM failed %s\n", err)
		return
	}
	defer rw.Close()

	// Flushall
	err = tpm2.Flushall(rw)
	if err != nil {
		fmt.Printf("Flushall failed\n")
		return
	}

	var notBefore time.Time
	notBefore = time.Now()
	validFor := 365 * 24 * time.Hour
	notAfter := notBefore.Add(validFor)

	serializePolicyKey, err := ioutil.ReadFile(*policyKeyFile)
	if err != nil {
		fmt.Printf("Can't get serialized policy key\n")
		return
	}
	derPolicyCert, err := ioutil.ReadFile(*policyCertFile)
	if err != nil {
		fmt.Printf("Can't get policy cert %s\n", *policyCertFile)
		return
	}

	policyKey, err := tpm2.DeserializeRsaKey(serializePolicyKey)
	if err != nil {
		fmt.Printf("Can't get deserialize policy key\n")
		return
	}

	ekHandle, _, err := tpm2.CreateEndorsement(rw, uint16(*keySize), pcrs)
	if err != nil {
		fmt.Printf("Can't CreateEndorsement\n")
		return
	}
	defer tpm2.FlushContext(rw, ekHandle)
	endorsementCert, err := tpm2.GenerateHWCert(rw, ekHandle,
		*keyName, notBefore, notAfter, tpm2.GetSerialNumber(),
		derPolicyCert, policyKey)
	if err != nil {
		fmt.Printf("Can't create endorsement cert\n")
	}
	fmt.Printf("Endorsement cert: %x\n", endorsementCert)
	ioutil.WriteFile(*endorsementCertFile, endorsementCert, 0644)
	fmt.Printf("Endorsement cert created")
}