func TestRevokeCertificate(t *testing.T) {
k, err := tao.NewTemporaryKeys(tao.Signing)
if k == nil || err != nil {
t.Fatal("Can't generate signing key")
}
serialNumber := big.NewInt(5)
says := auth.Says{
Speaker: k.SigningKey.ToPrincipal(),
Message: auth.Pred{
Name: "revoke",
Arg: []auth.Term{auth.Bytes(serialNumber.Bytes())}}}
att, err := tao.GenerateAttestation(k.SigningKey, nil, says)
if err != nil {
t.Fatal("Error generating attestation.")
}
serAtt, err := proto.Marshal(att)
if err != nil {
t.Fatal("Error serializing attestation.")
}
revokedCerts := []pkix.RevokedCertificate{}
revokedCerts, err = RevokeCertificate(serAtt, revokedCerts, &tao.Domain{Keys: k})
if err != nil {
t.Fatal(err)
}
if num := revokedCerts[0].SerialNumber.Int64(); num != 5 {
t.Fatal(fmt.Sprintf("Serial number %v doesnt match expected value 5", num))
}
}
func TestProcessDirectiveAndUpdateGuard(t *testing.T) {
domain := setUpDomain(t)
err := domain.Guard.Authorize(Delegator, OwnPredicate,
[]string{ProtectedObjectId.String()})
failOnError(t, err)
programKey, err := tao.NewTemporaryKeys(tao.Signing)
failOnError(t, err)
info := x509Info
speakerStr := Delegator.String()
info.CommonName = &speakerStr
subject := tao.NewX509Name(&info)
programKey.Cert, err = domain.Keys.SigningKey.CreateSignedX509(
domain.Keys.Cert, 1, programKey.SigningKey.GetVerifier(), subject)
failOnError(t, err)
directive, err := CreateSecretDisclosureDirective(programKey, &Delegator,
&Delegate, ReadPredicate, &ProtectedObjectId)
failOnError(t, err)
directive.Cert = programKey.Cert.Raw
err = ProcessDirectiveAndUpdateGuard(domain, directive)
failOnError(t, err)
if !domain.Guard.IsAuthorized(Delegate, ReadPredicate,
[]string{ProtectedObjectId.String()}) {
t.Fatal("Domain guard not updated as expected.")
}
tearDown(t)
}
func TestCreateAndVerifyDirectiveSignedByProgram(t *testing.T) {
policyKey, _, err := generatePolicyKeyAndSignedDirective(Params{})
programKey, err := tao.NewTemporaryKeys(tao.Signing)
failOnError(t, err)
info := x509Info
speakerStr := Delegator.String()
info.CommonName = &speakerStr
subject := tao.NewX509Name(&info)
programKey.Cert, err = policyKey.SigningKey.CreateSignedX509(
policyKey.Cert, 1, programKey.SigningKey.GetVerifier(), subject)
failOnError(t, err)
directive, err := CreateSecretDisclosureDirective(programKey, &Delegator,
&Delegate, ReadPredicate, &ProtectedObjectId)
failOnError(t, err)
directive.Cert = programKey.Cert.Raw
speaker, prog, pred, pobj, err := VerifySecretDisclosureDirective(policyKey, directive)
failOnError(t, err)
if !speaker.Identical(Delegator) {
t.Fatal(fmt.Sprintf("verify returns Speaker %v different from expected value %v",
speaker, Delegator))
}
if !prog.Identical(Delegate) {
t.Fatal(fmt.Sprintf("verify returns program %v different from expected value %v",
prog, Delegate))
}
if *pred != ReadPredicate {
t.Fatal(fmt.Sprintf("verify returns predicate %v different from expected value %v",
pred, ReadPredicate))
}
if *pobj.ObjName != *ProtectedObjectId.ObjName ||
*pobj.ObjEpoch != *ProtectedObjectId.ObjEpoch {
t.Fatal("Verify returns different protectedObjectId from expected value.")
}
}
func generateTpmAttestation(t *testing.T, tpmtao *tao.TPMTao, delegator *auth.Prin) (*tao.Keys,
*tao.Attestation) {
k, err := tao.NewTemporaryKeys(tao.Signing)
if k == nil || err != nil {
t.Fatal("Can't generate signing key")
}
speaksFor := &auth.Speaksfor{
Delegate: k.SigningKey.ToPrincipal(),
Delegator: delegator,
}
taoname, err := tpmtao.GetTaoName()
if err != nil {
t.Fatal("Couldn't get the name of the tao:", err)
}
says := &auth.Says{
Speaker: taoname,
Time: nil,
Expiration: nil,
Message: speaksFor,
}
att, err := tpmtao.Attest(&taoname, nil, nil, says)
if err != nil {
t.Fatal("TPM couldn't attest:", err)
}
return k, att
}
func main() {
network := flag.String("network", "tcp", "The network to use for connections")
addr := flag.String("addr", "localhost:8124", "The address to listen on")
domainPass := flag.String("password", "nopassword", "The domain password for the policy key")
configPath := flag.String("config", "tao.config", "The Tao domain config")
flag.Parse()
domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
if err != nil {
log.Fatalf("keynegoserver: Couldn't load the config path %s: %s\n", *configPath, err)
}
// Set up temporary keys for the connection, since the only thing that
// matters to the remote client is that they receive a correctly-signed new
// attestation from the policy key.
// JLM: I left this in place but I'm not sure what a TLS connection with a
// self signed Cert buys in terms of security. The security of this protocol should
// not depend on the confidentiality or intergity of the channel. All that said,
// if we do ever distribute a signed keynegoserver cert for this TLS channel, it would
// be good.
keys, err := tao.NewTemporaryKeys(tao.Signing)
if err != nil {
log.Fatalln("keynegoserver: Couldn't set up temporary keys for the connection:", err)
}
keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
Organization: []string{"Google Tao Demo"}})
if err != nil {
log.Fatalln("keynegoserver: Couldn't set up a self-signed cert:", err)
}
SerialNumber = int64(time.Now().UnixNano()) / (1000000)
policyKey, err := tao.NewOnDiskPBEKeys(tao.Signing, []byte(*domainPass), "policy_keys", nil)
if err != nil {
log.Fatalln("keynegoserver: Couldn't get policy key:", err)
}
tlsc, err := tao.EncodeTLSCert(keys)
if err != nil {
log.Fatalln("keynegoserver: Couldn't encode a TLS cert:", err)
}
conf := &tls.Config{
RootCAs: x509.NewCertPool(),
Certificates: []tls.Certificate{*tlsc},
InsecureSkipVerify: true,
ClientAuth: tls.RequireAnyClientCert,
}
sock, err := tls.Listen(*network, *addr, conf)
if err != nil {
log.Printf("keynegoserver: error: %s", err)
}
defer sock.Close()
for {
conn, err := sock.Accept()
if err != nil {
log.Fatalln("keynegoserver: couldn't accept a connection:", err)
}
go handleRequest(conn, policyKey, domain.Guard)
}
}
func TestGenerateProgramCert(t *testing.T) {
domain := generateDomain(t)
programKey, err := tao.NewTemporaryKeys(tao.Signing)
if err != nil {
t.Fatal("Error generating keys.", err)
}
cert, err := GenerateProgramCert(domain, 0, programName, programKey.VerifyingKey,
time.Now(), time.Now().AddDate(1, 0, 0))
rootCerts := x509.NewCertPool()
rootCerts.AddCert(domain.Keys.Cert)
options := x509.VerifyOptions{Roots: rootCerts}
_, err = cert.Verify(options)
if err != nil {
t.Fatal("Program cert fails verification check.", err)
}
}
// Create a Program Public/Private key.
func CreateSigningKey(t tao.Tao) (*tao.Keys, []byte, error) {
self, err := t.GetTaoName()
k, err := tao.NewTemporaryKeys(tao.Signing)
if k == nil || err != nil {
return nil, nil, errors.New("Can't generate signing key")
}
publicString := strings.Replace(self.String(), "(", "", -1)
publicString = strings.Replace(publicString, ")", "", -1)
// publicString is now a canonicalized Tao Principal name
us := "US"
google := "Google"
details := tao.X509Details{
Country: &us,
Organization: &google,
CommonName: &publicString}
subjectname := tao.NewX509Name(&details)
derCert, err := k.SigningKey.CreateSelfSignedDER(subjectname)
if err != nil {
return nil, nil, errors.New("Can't self sign cert\n")
}
cert, err := x509.ParseCertificate(derCert)
if err != nil {
return nil, nil, err
}
// Construct statement: "ProgramKey (new key) speaksfor Principal Name"
// ToPrincipal retrieves key's Tao Principal Name.
k.Cert = cert
s := &auth.Speaksfor{
Delegate: k.SigningKey.ToPrincipal(),
Delegator: self}
if s == nil {
return nil, nil, errors.New("Can't produce speaksfor")
}
// Sign attestation statement
k.Delegation, err = t.Attest(&self, nil, nil, s)
if err != nil {
return nil, nil, err
}
_, _ = auth.UnmarshalForm(k.Delegation.SerializedStatement)
return k, derCert, nil
}
func generatePolicyKey(t *testing.T) (*tao.Keys, *x509.Certificate) {
k, err := tao.NewTemporaryKeys(tao.Signing)
if k == nil || err != nil {
t.Fatal("Can't generate signing key")
}
us := "US"
google := "Google"
subjectName := "Policy"
details := tao.X509Details{
Country: &us,
Organization: &google,
CommonName: &subjectName}
subjectname := tao.NewX509Name(&details)
cert, err := k.SigningKey.CreateSelfSignedX509(subjectname)
if err != nil {
t.Fatal("Can't self sign cert\n")
}
return k, cert
}
func generateAttestation(signingKey *tao.Keys, delegator *auth.Prin) (*tao.Keys, *tao.Attestation) {
k, err := tao.NewTemporaryKeys(tao.Signing)
if k == nil || err != nil {
log.Fatalln("Can't generate signing key")
}
speaksFor := &auth.Speaksfor{
Delegate: k.SigningKey.ToPrincipal(),
Delegator: delegator,
}
says := &auth.Says{
Speaker: signingKey.SigningKey.ToPrincipal(),
Time: nil,
Expiration: nil,
Message: speaksFor,
}
att, err := tao.GenerateAttestation(signingKey.SigningKey, nil, *says)
if err != nil {
log.Fatalln(err)
}
return k, att
}
func generateEndorsementCertficate(policyKey *tao.Keys, policyCert *x509.Certificate) (*tao.Keys,
*x509.Certificate) {
k, err := tao.NewTemporaryKeys(tao.Signing)
if k == nil || err != nil {
log.Fatalln("Can't generate signing key")
}
us := "US"
google := "Google"
machineName := "Encoded Machine Information"
details := tao.X509Details{
Country: &us,
Organization: &google,
CommonName: &machineName}
subject := tao.NewX509Name(&details)
cert, err := policyKey.SigningKey.CreateSignedX509(
policyCert, 0, k.SigningKey.GetVerifier(), subject)
if err != nil {
log.Fatalln(err)
}
return k, cert
}
func main() {
flag.Parse()
domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
if err != nil {
glog.Exitf("Couldn't load the config path %s: %s\n", *configPath, err)
return
}
// Set up temporary keys for the connection, since the only thing that
// matters to the remote client is that they receive a correctly-signed new
// attestation from the policy key.
keys, err := tao.NewTemporaryKeys(tao.Signing)
if err != nil {
glog.Exit("Couldn't set up temporary keys for the connection:", err)
return
}
keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
Organization: []string{"Google Tao Demo"}})
if err != nil {
glog.Exit("Couldn't set up a self-signed cert:", err)
return
}
sock, err := net.Listen(*network, *addr)
if err != nil {
glog.Exit("Couldn't bind socket to address:", err)
return
}
fmt.Println("tcca: accepting connections")
for {
conn, err := sock.Accept()
if err != nil {
glog.Exitf("Couldn't accept a connection on %s: %s", *addr, err)
return
}
go tao.HandleCARequest(conn, domain.Keys.SigningKey, domain.Guard)
}
}
func generatePolicyKeyAndSignedDirective(params Params) (*tao.Keys, *DirectiveMessage, error) {
var programName auth.Term
if params.Delegate != nil {
programName = params.Delegate
} else {
programName = Delegate
}
var serializedObjectId auth.Term
if params.SerializedObjectId != nil {
serializedObjectId = params.SerializedObjectId
} else {
bytes, err := proto.Marshal(&ProtectedObjectId)
if err != nil {
return nil, nil, err
}
serializedObjectId = auth.Bytes(bytes)
}
terms := []auth.Term{programName, serializedObjectId}
if params.CanReadTerms != nil {
terms = params.CanReadTerms
}
var canRead auth.Form
if params.CanRead != nil {
canRead = params.CanRead
} else {
canRead = auth.Pred{
Name: ReadPredicate,
Arg: terms,
}
}
policyKey, err := tao.NewTemporaryKeys(tao.Signing)
if err != nil {
return nil, nil, err
}
info := x509Info
name := policyKey.SigningKey.ToPrincipal().String()
info.CommonName = &name
subject := tao.NewX509Name(&info)
policyKey.Cert, err = policyKey.SigningKey.CreateSelfSignedX509(subject)
if err != nil {
return nil, nil, err
}
var says auth.Form
if params.Says != nil {
says = params.Says
} else {
says = auth.Says{
Speaker: policyKey.SigningKey.ToPrincipal(),
Time: nil,
Expiration: nil,
Message: canRead,
}
}
serializedSays := auth.Marshal(says)
var directiveType *DirectiveMessageDirectiveType
if params.DirectiveType != nil {
directiveType = params.DirectiveType
} else {
directiveType = DirectiveMessage_SECRET_DISCLOSURE.Enum()
}
var signature []byte
if params.Signature != nil {
signature = params.Signature
} else {
signature, err = policyKey.SigningKey.Sign(serializedSays, SigningContext)
if err != nil {
return nil, nil, err
}
}
var signer []byte
if params.Signer != nil {
signer = params.Signer
} else {
signer = auth.Marshal(policyKey.SigningKey.ToPrincipal())
}
directive := &DirectiveMessage{
Type: directiveType,
SerializedStatement: serializedSays,
Signature: signature,
Signer: signer,
}
return policyKey, directive, nil
}
func main() {
flag.Parse()
domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
if domain == nil {
log.Printf("simpledomainservice: no domain path - %s, pass - %s, err - %s\n",
*configPath, *domainPass, err)
return
} else if err != nil {
log.Printf("simpledomainservice: Couldn't load the config path %s: %s\n",
*configPath, err)
return
}
log.Printf("simpledomainservice: Loaded domain\n")
// Set up temporary keys for the connection, since the only thing that
// matters to the remote client is that they receive a correctly-signed new
// attestation from the policy key.
// JLM: I left this in place but I'm not sure what a TLS connection with a
// self signed Cert buys in terms of security.
// The security of this protocol should not depend on the
// confidentiality or intergity of the channel. All that said, if we
// do ever distribute a signed simpledomainservice cert
// for this TLS channel, it would be good.
keys, err := tao.NewTemporaryKeys(tao.Signing)
if keys == nil || err != nil {
log.Fatalln("simpledomainservice: Couldn't set up temporary keys for connection:", err)
return
}
keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
Organization: []string{"Google Tao Demo"}})
if err != nil {
log.Fatalln("simpledomainservice: Couldn't set up a self-signed cert:", err)
return
}
SerialNumber = int64(time.Now().UnixNano()) / (1000000)
policyKey := domain.Keys
fmt.Printf("\nSimpleDomainService: policyKey: %x\n", policyKey)
tlsc, err := tao.EncodeTLSCert(keys)
if err != nil {
log.Fatalln("simpledomainservice: Couldn't encode a TLS cert:", err)
}
conf := &tls.Config{
RootCAs: x509.NewCertPool(),
Certificates: []tls.Certificate{*tlsc},
InsecureSkipVerify: true,
ClientAuth: tls.RequireAnyClientCert,
}
sock, err := tls.Listen(*network, *addr, conf)
if err != nil {
log.Printf("simpledomainservice: error: %s\n", err)
}
if sock == nil {
log.Printf("simpledomainservice: Empty socket, terminating\n")
return
}
defer sock.Close()
log.Printf("simpledomainservice: accepting connections\n")
fmt.Printf("\n\nsimpledomainservice: accepting connections\n")
for {
conn, err := sock.Accept()
if conn == nil {
fmt.Printf("simpledomainservice: Empty connection\n")
log.Printf("simpledomainservice: Empty connection\n")
return
} else if err != nil {
fmt.Printf("simpledomainservice: Couldn't accept a connection on %s: %s\n", *addr, err)
log.Printf("simpledomainservice: Couldn't accept a connection on %s: %s\n", *addr, err)
return
}
go DomainRequest(conn, policyKey, domain.Guard)
}
log.Printf("simpledomainservice: finishing\n")
}