Пример #1
0
func TestACLGuardSaveACLs(t *testing.T) {
	s, err := GenerateSigner()
	if err != nil {
		t.Fatal("Couldn't generate a signer")
	}

	tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
	defer os.RemoveAll(tmpdir)

	p := auth.NewKeyPrin([]byte(`Fake key`))
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't authorize a simple operation:", err)
	}

	if err := tg.Save(s); err != nil {
		t.Fatal("Couldn't save the file")
	}

	config := ACLGuardDetails{SignedAclsPath: proto.String(path.Join(tmpdir, "acls"))}
	v := s.GetVerifier()
	aclg, err := LoadACLGuard(v, config)
	if err != nil {
		t.Fatal("Couldn't load the ACLs:", err)
	}

	if aclg.RuleCount() != tg.RuleCount() {
		t.Fatal("Wrong number of rules in loaded ACLGuard")
	}

	if aclg.String() != tg.String() {
		t.Fatal("Wrong string representation of loaded ACLGuard")
	}
}
Пример #2
0
func TestACLGuardDoubleAuthorize(t *testing.T) {
	s, err := GenerateSigner()
	if err != nil {
		t.Fatal("Couldn't generate a signer")
	}

	tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
	defer os.RemoveAll(tmpdir)

	p := auth.NewKeyPrin([]byte(`Fake key`))
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't authorize a simple operation:", err)
	}

	// So nice, we authorize it twice.
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't authorize a simple operation:", err)
	}

	if !tg.IsAuthorized(p, "Write", []string{"filename"}) {
		t.Fatal("A rule that was added to the ACL was not present")
	}

	if err := tg.Retract(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't retract an existing double-added rule:", err)
	}

	if tg.IsAuthorized(p, "Write", []string{"filename"}) {
		t.Fatal("A rule was still authorized after it was retracted")
	}
}
Пример #3
0
func TestSoftTaoAttest(t *testing.T) {
	ft, err := NewSoftTao("", nil)
	if err != nil {
		t.Fatal("Couldn't initialize a SoftTao in memory:", err)
	}

	self, err := ft.GetTaoName()
	if err != nil {
		t.Fatal("Couldn't get own name:", err)
	}

	stmt := auth.Speaksfor{
		Delegate:  auth.NewKeyPrin([]byte("BogusKeyBytes1")),
		Delegator: self,
	}

	a, err := ft.Attest(nil, nil, nil, stmt)
	if err != nil {
		t.Fatal("Couldn't attest to a statement in the SoftTao:", err)
	}

	// Make sure the attestation passes basic sanity checks.
	_, err = a.Validate()
	if err != nil {
		t.Fatalf("The attestation produced by the SoftTao didn't pass validation: %s", err)
	}
}
Пример #4
0
// ToPrincipal produces a "key" type Prin for this signer. This contains a
// serialized CryptoKey for the public half of this signing key.
func (s *Signer) ToPrincipal() auth.Prin {
	ck := MarshalPublicSignerProto(s)

	// proto.Marshal won't fail here since we fill all required fields of the
	// message. Propagating impossible errors just leads to clutter later.
	data, _ := proto.Marshal(ck)

	return auth.NewKeyPrin(data)
}
Пример #5
0
func TestACLGuardSignedSubprincipal(t *testing.T) {
	s, err := GenerateSigner()
	if err != nil {
		t.Fatal("Couldn't generate a signer")
	}

	tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
	defer os.RemoveAll(tmpdir)

	p := auth.NewKeyPrin([]byte(`Fake key`))
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't authorize a simple operation:", err)
	}
	name := tg.Subprincipal().String()
	k := s.ToPrincipal().String()
	if name != ".ACLGuard("+k+")" {
		t.Fatalf("ACL guard has wrong name: %v", name)
	}
}
Пример #6
0
func TestTPMTaoAttest(t *testing.T) {
	aikblob, err := ioutil.ReadFile("./aikblob")
	if err != nil {
		t.Skip("Skipping tests, since there's no ./aikblob file")
	}

	tpmtao, err := NewTPMTao("/dev/tpm0", aikblob, []int{17, 18})
	if err != nil {
		t.Skip("Couldn't create a new TPM Tao:", err)
	}
	tt, ok := tpmtao.(*TPMTao)
	if !ok {
		t.Fatal("Failed to create the right kind of Tao object from NewTPMTao")
	}
	defer CleanUpTPMTao(tt)

	// Set up a fake key delegation.
	taoname, err := tpmtao.GetTaoName()
	if err != nil {
		t.Fatal("Couldn't get the name of the tao:", err)
	}
	stmt := auth.Speaksfor{
		Delegate:  auth.NewKeyPrin([]byte(`FakeKeyBytes`)),
		Delegator: taoname,
	}

	// Let the TPMTao set up the issuer and time and expiration.
	a, err := tpmtao.Attest(nil, nil, nil, stmt)
	if err != nil {
		t.Fatal("Couldn't attest to a key delegation:", err)
	}

	says, err := a.Validate()
	if err != nil {
		t.Fatal("The attestation didn't pass validation:", err)
	}

	t.Logf("Got valid statement %s\n", says)
}
Пример #7
0
func TestACLGuardAuthorize(t *testing.T) {
	s, err := GenerateSigner()
	if err != nil {
		t.Fatal("Couldn't generate a signer")
	}

	tg, tmpdir := testNewACLGuard(t, s.GetVerifier())
	defer os.RemoveAll(tmpdir)

	p := auth.NewKeyPrin([]byte(`Fake key`))
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't authorize a simple operation:", err)
	}

	if !tg.IsAuthorized(p, "Write", []string{"filename"}) {
		t.Fatal("A rule that was added to the ACL was not present")
	}

	if tg.IsAuthorized(p, "Write", []string{"file"}) {
		t.Fatal("A rule was authorized even though it has the wrong file name")
	}

	if tg.IsAuthorized(p, "Read", []string{"filename"}) {
		t.Fatal("A rule was authorized even though it has the wrong op")
	}

	if tg.IsAuthorized(auth.Prin{}, "Write", []string{"filename"}) {
		t.Fatal("A rule was authorized even though it has the wrong principal")
	}

	if err := tg.Retract(p, "Write", []string{"filename"}); err != nil {
		t.Fatal("Couldn't retract an existing rule:", err)
	}

	if tg.IsAuthorized(p, "Write", []string{"filename"}) {
		t.Fatal("A rule was still authorized after it was retracted")
	}
}
Пример #8
0
func main() {
	ecpK, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	if err != nil {
	}
	ecPK := ecpK.Public()
	if ecPK == nil {
	}
	eckp := ecPK.(*ecdsa.PublicKey)
	fmt.Printf("eckp: %x\n", eckp)
	fmt.Printf("Curve: %x, X: %x, Y: %x\n",
		eckp.Curve, eckp.X, eckp.Y)
	ck := marshalPublicKeyProto(eckp)
	if ecPK == nil {
	}
	fmt.Printf("ck: %x\n", ck)
	data, _ := proto.Marshal(ck)
	fmt.Printf("data: %x\n", data)
	kprin := auth.NewKeyPrin(data)
	fmt.Printf("kprin: %x\n", kprin)

	c_gen_prin, err := ioutil.ReadFile("/Domains/keyprin")
	fmt.Printf("From c: %x\n", c_gen_prin)
}
Пример #9
0
func makeACLGuard() (*ACLGuard, *Keys, string, error) {
	tmpDir, err := ioutil.TempDir("", "acl_guard_test")
	if err != nil {
		return nil, nil, "",
			fmt.Errorf("Couldn't get a temp directory for the ACL guard test")
	}
	keys, err := NewTemporaryKeys(Signing)
	if err != nil {
		return nil, nil, "", err
	}

	config := ACLGuardDetails{
		SignedAclsPath: proto.String(path.Join(tmpDir, "acls")),
	}
	tg := NewACLGuard(keys.VerifyingKey, config)

	// Add a bogus rule.
	p := auth.NewKeyPrin([]byte(`Fake key`))
	if err := tg.Authorize(p, "Write", []string{"filename"}); err != nil {
		return nil, nil, "", err
	}

	return tg.(*ACLGuard), keys, tmpDir, err
}
Пример #10
0
	if err != nil {
		return nil, nil, "", err
	}

	// Add a bogus rule.
	bogusOSString := `ext.PCRs("17, 18", "000, 000")`
	var prin auth.PrinTail
	fmt.Sscanf(bogusOSString, "%s", &prin)
	pred := auth.MakePredicate("BogusTPM", prin)
	if err = g.AddRule(fmt.Sprint(pred)); err != nil {
		return nil, nil, "", err
	}
	return g, keys, tmpdir, nil
}

var subj = auth.NewKeyPrin([]byte("test1"))  // key([1b4f0e9851971998e732078544c96b36c3d01cedf7caa332359d6f1d83567014])
var subj2 = auth.NewKeyPrin([]byte("test2")) // key([60303ae22b998861bce3b28f33eec1be758a213c86c93c076dbe9f558c11c752])

func TestDatalogSaveReload(t *testing.T) {
	g, keys, tmpdir, err := makeDatalogGuard()
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)
	err = g.Save(keys.SigningKey)
	if err != nil {
		t.Fatal(err)
	}
	err = g.ReloadIfModified()
	if err != nil {
		t.Fatal(err)
Пример #11
0
// ToPrincipal produces a "key" type Prin for this verifier. This contains a
// hash of a serialized CryptoKey for this key.
func (v *Verifier) ToPrincipal() auth.Prin {
	return auth.NewKeyPrin(v.MarshalKey())
}
Пример #12
0
func TestTPM2TaoAttest(t *testing.T) {

	// Fix
	hash_alg_id := uint16(tpm2.AlgTPM_ALG_SHA1)

	tpmtao, err := NewTPM2Tao("/dev/tpm0", "../tpm2/tmptest", []int{17, 18})
	if err != nil {
		t.Skip("Couldn't create a new TPM Tao:", err)
	}
	tt, ok := tpmtao.(*TPM2Tao)
	if !ok {
		t.Fatal("Failed to create the right kind of Tao object from NewTPM2Tao")
	}
	defer cleanUpTPM2Tao(tt)

	// Set up a fake key delegation.
	taoname, err := tpmtao.GetTaoName()
	if err != nil {
		t.Fatal("Couldn't get the name of the tao:", err)
	}
	stmt := auth.Speaksfor{
		Delegate:  auth.NewKeyPrin([]byte(`FakeKeyBytes`)),
		Delegator: taoname,
	}

	// Let the TPMTao set up the issuer and time and expiration.
	a, err := tpmtao.Attest(nil, nil, nil, stmt)
	if err != nil {
		t.Fatal("Couldn't attest to a key delegation:", err)
	}

	digests, err := tt.ReadPcrs([]int{17, 18}) // tt.pcrs
	if err != nil {
		t.Fatal("ReadPcrs failed\n")
	}
	var allDigests []byte
	for i := 0; i < len(digests); i++ {
		allDigests = append(allDigests, digests[i]...)
	}
	computedDigest, err := tpm2.ComputeHashValue(hash_alg_id, allDigests)
	if err != nil {
		t.Fatal("Can't compute combined quote digest")
	}
	fmt.Printf("Pcr combined digest: %x\n", computedDigest)

	pms, err := tpm2.UnmarshalCertifyInfo(a.Tpm2QuoteStructure)
	if err != nil {
		fmt.Printf("a.Tpm2QuoteStructure: %x\n", a.Tpm2QuoteStructure)
		t.Fatal("Can't unmarshal quote structure\n")
	}
	tpm2.PrintAttestData(pms)
	key, _ := tt.GetRsaQuoteKey()
	ok, err = tpm2.VerifyTpm2Quote(a.SerializedStatement, tt.GetPcrNums(),
		computedDigest, a.Tpm2QuoteStructure, a.Signature, key)
	if err != nil {
		t.Fatal("VerifyQuote error")
	}
	if !ok {
		t.Fatal("VerifyQuote succeeds")
	}
}
Пример #13
0
	if err != nil {
		return nil, nil, "", err
	}

	// Add a bogus rule.
	bogusOSString := `ext.PCRs("17, 18", "000, 000")`
	var prin auth.PrinTail
	fmt.Sscanf(bogusOSString, "%s", &prin)
	pred := auth.MakePredicate("BogusTPM", prin)
	if err = g.AddRule(fmt.Sprint(pred)); err != nil {
		return nil, nil, "", err
	}
	return g, keys, tmpdir, nil
}

var subj = auth.NewKeyPrin([]byte("test1"))
var subj2 = auth.NewKeyPrin([]byte("test2"))

func TestDatalogSaveReload(t *testing.T) {
	g, keys, tmpdir, err := makeDatalogGuard()
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)
	err = g.Save(keys.SigningKey)
	if err != nil {
		t.Fatal(err)
	}
	err = g.ReloadIfModified()
	if err != nil {
		t.Fatal(err)
Пример #14
0
// Test that a client can correctly verify that the server is allowed to
// execute according to the policy. The policy is set up and the policy
// key is used to attest to the identity of the server. The attestation
// includes an endorsement of the service itself. The client verifies the
// endorsement and adds the predicate to the policy before checking it.
func TestCachingDatalogValidatePeerAttestation(t *testing.T) {
	network := "tcp"
	addr := "localhost:0"
	ttl := int64(1)
	tmpDir := "/tmp/domain_test"

	// Set up the TaoCA.
	ch := make(chan bool)
	cal, err := net.Listen(network, addr)
	if err != nil {
		t.Fatal(err)
	}
	defer cal.Close()
	addr = cal.Addr().String()

	// Set up the policy domain and a public, cached version.
	policy, pub, err := makeTestDomains(tmpDir, network, addr, ttl)
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpDir)
	defer os.RemoveAll(tmpDir + ".pub")

	// Set up policy. A key being authorized to execute is of course nonsense;
	// this is only meant to test that ValidatePeerAttestation() properly adds
	// the endoresement to the policy.
	rule := "(forall K: TrustedKey(K) implies Authorized(K, \"Execute\"))"
	if err := policy.Guard.AddRule(rule); err != nil {
		t.Errorf("could not add rule : %s", err)
		return
	}

	// Generate a set of keys for the Tao-delegated server.
	k, err := NewTemporaryTaoDelegatedKeys(Signing|Crypting|Deriving, nil)
	if err != nil {
		t.Error("failed to generate keys:", err)
		return
	}
	k.dir = tmpDir

	// Generate an attesation of the statements: "k.VerifyingKey speaks for
	// key(K)" and "TrustedKey(key(K))" signed by the policy key and set to
	// k.Delegation.
	prin := auth.NewKeyPrin([]byte("This is a terrible key."))

	pred := auth.Pred{
		Name: "TrustedKey",
		Arg:  []auth.Term{prin},
	}

	sf := auth.Speaksfor{
		Delegate:  k.SigningKey.ToPrincipal(),
		Delegator: prin,
	}

	stmt := auth.Says{
		Speaker:    policy.Keys.SigningKey.ToPrincipal(),
		Time:       nil,
		Expiration: nil,
		Message:    sf,
	}

	if k.Delegation, err = GenerateAttestation(policy.Keys.SigningKey, nil, stmt); err != nil {
		t.Error("failed to attest to speaksfor:", err)
		return
	}

	e := auth.Says{
		Speaker: policy.Keys.SigningKey.ToPrincipal(),
		Message: pred,
	}

	ea, err := GenerateAttestation(policy.Keys.SigningKey, nil, e)
	if err != nil {
		t.Error("failed to attest to endorsement:", err)
		return
	}

	eab, err := proto.Marshal(ea)
	if err != nil {
		t.Error("failed to marshal attested endorsement:", err)
		return
	}
	k.Delegation.SerializedEndorsements = [][]byte{eab}

	// Generate an x509 certificate for the Tao-delegated server.
	k.Cert, err = k.SigningKey.CreateSelfSignedX509(&pkix.Name{
		Organization: []string{"Identity of some Tao service"}})
	if err != nil {
		t.Error("failed to generate x509 certificate:", err)
		return
	}

	// Run the TaoCA. This handles one request and then exits.
	go runTCCA(t, cal, policy.Keys, policy.Guard, ch)

	// Add any verified predicates to the policy. This will cause a
	// policy query to the TaoCA.
	if err = AddEndorsements(pub.Guard, k.Delegation, pub.Keys.VerifyingKey); err != nil {
		t.Error("failed to add endorsements:", err)
		t.Errorf("pub verifier key is %v\n", pub.Keys.VerifyingKey.ToPrincipal())
		t.Errorf("policy ssigning key  is %v\n", policy.Keys.SigningKey.ToPrincipal())
		t.Errorf("k signing key is %v\n", k.SigningKey.ToPrincipal())
		return
	}

	<-ch

	// Finally, the client verifies the Tao-delegated server is allowed to
	// execute.
	if err = ValidatePeerAttestation(k.Delegation, k.Cert, pub.Guard); err != nil {
		t.Error("failed to verity attestation:", err)
	}
}
Пример #15
0
	"github.com/golang/protobuf/proto"
	"github.com/jlmucb/cloudproxy/go/tao/auth"
)

// TODO(cjpatton) Add a test case to show it fails properly when the rules
// can't be loaded, e.g. when there is no network config.
// TODO(cjaptton) Use t.Error() to log errors instead of t.Fatal() in the case
// that a recoverable error occured.
// TODO(cjpatton) Write request to poll every few seconds until a connection is
// established,
// TODO(cjpatton) Modify CreatePublicCachedDomain() to accept either (network,addr) or a
// net.Conn. Modify this test to use net.Pipe instead of the loopback interface here.

var password = make([]byte, 32)
var prin = auth.NewKeyPrin([]byte("Alice"))

func makeTestDomains(configDir, network, addr string, ttl int64) (policy *Domain, public *Domain, err error) {

	// Create a domain with a Datalog guard and policy keys.
	var policyDomainConfig DomainConfig
	policyDomainConfig.SetDefaults()
	policyDomainConfig.DomainInfo.GuardType = proto.String("Datalog")
	policyDomainConfig.DatalogGuardInfo = &DatalogGuardDetails{
		SignedRulesPath: proto.String("rules"),
	}
	configPath := path.Join(configDir, "tao.config")

	policy, err = CreateDomain(policyDomainConfig, configPath, password)
	if err != nil {
		return nil, nil, err
Пример #16
0
// limitations under the License.

package tao

import (
	"io/ioutil"
	"os"
	"path"
	"testing"

	"github.com/golang/protobuf/proto"
	"github.com/jlmucb/cloudproxy/go/tao/auth"
)

var testDomainPassword = []byte(`insecure dummy password`)
var authPrin = auth.NewKeyPrin([]byte(`fake key`))

func testNewACLDomain(t *testing.T) (*Domain, string) {
	tmpdir, err := ioutil.TempDir("/tmp", "acl_domain_test")
	if err != nil {
		t.Fatal("Couldn't get a temp directory for the new ACL guard:", err)
	}

	var dcfg DomainConfig
	dcfg.DomainInfo = &DomainDetails{
		Name:           proto.String("Test"),
		PolicyKeysPath: proto.String("keys"),
		GuardType:      proto.String("ACLs"),
	}
	dcfg.SetDefaults()
	dcfg.AclGuardInfo = &ACLGuardDetails{SignedAclsPath: proto.String("acls")}
Пример #17
0
		t.Fatal("Wrong subprincipal name for trivial liberal guard")
	}

	return tg
}

func testNewTrivialConservativeGuard(t *testing.T) Guard {
	tg := ConservativeGuard
	if tg.Subprincipal().String() != `.TrivialGuard("Conservative")` {
		t.Fatal("Wrong subprincipal name for trivial conservative guard")
	}

	return tg
}

var testPrin = auth.NewKeyPrin([]byte("testkey"))

func testTrivialGuardAuthorize(t *testing.T, tg Guard, expect bool) {
	if err := tg.Authorize(testPrin, "testop", []string{}); (err == nil) != expect {
		t.Fatal("Authorize command unexpected result on trivial guard")
	}
}

func testTrivialGuardRetract(t *testing.T, tg Guard, expect bool) {
	if err := tg.Retract(testPrin, "testop", []string{}); (err == nil) != expect {
		t.Fatal("Retract command unexpected result on trivial guard")
	}
}

func testTrivialGuardIsAuthorized(t *testing.T, tg Guard, expect bool) {
	b := tg.IsAuthorized(testPrin, "testop", []string{})