func MakeTPMPrin(verifier *rsa.PublicKey, pcrNums []int, pcrVals [][]byte) (auth.Prin, error) {
aik, err := x509.MarshalPKIXPublicKey(verifier)
if err != nil {
return auth.Prin{}, err
}
name := auth.NewTPMPrin(aik)
asp := auth.PrinExt{
Name: "PCRs",
Arg: make([]auth.Term, 2),
}
var pcrNumStrs []string
for _, v := range pcrNums {
pcrNumStrs = append(pcrNumStrs, strconv.Itoa(v))
}
asp.Arg[0] = auth.Str(strings.Join(pcrNumStrs, ","))
var pcrValStrs []string
for _, p := range pcrVals {
pcrValStrs = append(pcrValStrs, hex.EncodeToString(p))
}
asp.Arg[1] = auth.Str(strings.Join(pcrValStrs, ","))
// The PCRs are the first extension of the name.
name.Ext = []auth.PrinExt{asp}
return name, nil
}
func TestVerifyDirectiveWithBadPredicate_badTerms(t *testing.T) {
params := Params{
CanRead: auth.Pred{
Name: ReadPredicate,
Arg: []auth.Term{auth.Int(0), auth.Str(""), auth.Str("a")},
// TODO: Note make([]auth.Term, 3) above causes NPE in auth.Marshal(thisPred)
// Is that a bug?
},
}
expectError(¶ms, t)
}
func createPredicateString(name auth.Prin, op string, args []string) string {
p := auth.Pred{
Name: "Authorized",
Arg: make([]auth.Term, len(args)+2),
}
p.Arg[0] = name
p.Arg[1] = auth.Str(op)
for i, s := range args {
p.Arg[i+2] = auth.Str(s)
}
return p.String()
}
// This function reads in trusted entities from a file at trustedEntitiesPath. In particular,
// this file contains the text representation of a trusted_entities proto message, which contains
// the Tao names of trusted programs and hosts, information about trusted machines and trusted
// machine certificates.
// For each such trusted entity, this function adds ACL rules to the domain guard, and saves
// the changes before returning.
func InitAcls(domain *tao.Domain, trustedEntitiesPath string) error {
text, err := ioutil.ReadFile(trustedEntitiesPath)
if err != nil {
log.Printf("Can't open trusted entities file: %s", trustedEntitiesPath)
return err
}
trustedEntities := TrustedEntities{}
err = proto.UnmarshalText(string(text), &trustedEntities)
if err != nil {
log.Printf("Can't parse trusted entities file: %s", trustedEntitiesPath)
return err
}
for _, programTaoName := range trustedEntities.GetTrustedProgramTaoNames() {
var programPrin auth.Prin
_, err := fmt.Sscanf(programTaoName, "%v", &programPrin)
if err != nil {
log.Printf("Can't create program principal from: %s\nError: %s",
programTaoName, err)
return err
}
err = domain.Guard.Authorize(programPrin, "Execute", []string{})
if err != nil {
log.Printf("Can't authorize principal: %s\nError: %s", programPrin, err)
return err
}
}
for _, hostTaoName := range trustedEntities.GetTrustedHostTaoNames() {
var hostPrin auth.Prin
_, err := fmt.Sscanf(hostTaoName, "%v", &hostPrin)
if err != nil {
log.Printf("Can't create host principal from: %s\nError: %s",
hostTaoName, err)
return err
}
err = domain.Guard.Authorize(hostPrin, "Host", []string{})
if err != nil {
log.Printf("Can't authorize principal: %s\nError: %s", hostPrin, err)
return err
}
}
for _, machineInfo := range trustedEntities.GetTrustedMachineInfos() {
machinePrin := auth.Prin{
Type: "MachineInfo",
KeyHash: auth.Str(machineInfo),
}
err = domain.Guard.Authorize(machinePrin, "Root", []string{})
if err != nil {
log.Printf("Can't authorize principal: %s\nError: %s", machinePrin, err)
return err
}
}
err = domain.Save()
if err != nil {
log.Println("Can't save domain.", err)
}
return err
}
// Subprincipal returns a subprincipal suitable for contextualizing a program.
func (d *Domain) Subprincipal() auth.SubPrin {
e := auth.PrinExt{
Name: "Domain",
Arg: []auth.Term{
d.Keys.VerifyingKey.ToPrincipal(),
auth.Str(d.Config.DomainInfo.GetGuardType()),
},
}
return auth.SubPrin{e}
}
func TestInitAcls(t *testing.T) {
if _, err := os.Stat("./tmpdir"); os.IsNotExist(err) {
err = os.Mkdir("./tmpdir", 0777)
if err != nil {
t.Fatal(err)
}
}
trustedEntities := TrustedEntities{
TrustedProgramTaoNames: []string{fmt.Sprintf("%v", programName)},
TrustedHostTaoNames: []string{fmt.Sprintf("%v", hostName)},
TrustedMachineInfos: []string{machineName}}
f, err := os.Create("./tmpdir/TrustedEntities")
if err != nil {
t.Fatal(err)
}
err = proto.MarshalText(f, &trustedEntities)
if err != nil {
t.Fatal(err)
}
err = f.Close()
if err != nil {
t.Fatal(err)
}
aclGuardType := "ACLs"
aclGuardPath := "acls"
cfg := tao.DomainConfig{
DomainInfo: &tao.DomainDetails{
GuardType: &aclGuardType},
AclGuardInfo: &tao.ACLGuardDetails{
SignedAclsPath: &aclGuardPath}}
domain, err := tao.CreateDomain(cfg, "./tmpdir/domain", []byte("xxx"))
if err != nil {
t.Fatal(err)
}
err = InitAcls(domain, "./tmpdir/TrustedEntities")
if err != nil {
t.Fatal(err)
}
machinePrin := auth.Prin{
Type: "MachineInfo",
KeyHash: auth.Str(machineName),
}
if !domain.Guard.IsAuthorized(*programName, "Execute", []string{}) ||
!domain.Guard.IsAuthorized(*hostName, "Host", []string{}) ||
!domain.Guard.IsAuthorized(machinePrin, "Root", []string{}) {
t.Fatal("Authorization checks fail")
}
err = os.RemoveAll("./tmpdir")
if err != nil {
t.Fatal(err)
}
}
// Subprincipal returns subprincipal TrivialGuard(<policy>).
func (t TrivialGuard) Subprincipal() auth.SubPrin {
var policy string
switch t {
case ConservativeGuard:
policy = "Conservative"
case LiberalGuard:
policy = "Liberal"
default:
policy = "Unspecified"
}
e := auth.PrinExt{Name: "TrivialGuard", Arg: []auth.Term{auth.Str(policy)}}
return auth.SubPrin{e}
}
// Subprincipal returns a Subprin for the guard.
func (cg *CachedGuard) Subprincipal() auth.SubPrin {
// TODO(cjpatton) should be "CachedGuard(Datalog).DatalogGuard(...)"
var guardType string
switch cg.guardType {
case Datalog:
guardType = "Datalog"
case ACLs:
guardType = "ACLs"
}
e := auth.PrinExt{Name: "CachedGuard",
Arg: []auth.Term{auth.Str(guardType)}}
return auth.SubPrin{e}
}
func generateGuard(t *testing.T) *tao.Guard {
guard := tao.NewACLGuard(nil, tao.ACLGuardDetails{})
err := guard.Authorize(*hostName, "Host", []string{})
if err != nil {
t.Fatal("Error adding a rule to the guard", err)
}
err = guard.Authorize(*programName, "Execute", []string{})
if err != nil {
t.Fatal("Error adding a rule to the guard", err)
}
machinePrin := auth.Prin{Type: "MachineInfo", KeyHash: auth.Str(machineName)}
err = guard.Authorize(machinePrin, "Root", []string{})
if err != nil {
t.Fatal("Error adding a rule to the guard", err)
}
return &guard
}
// Checks the following:
// (1) cert is valid according to one of the rootCerts.
// (2) the subject key of cert corresponds to kPrin.
// (3) the subject CommonName of cert is allowed by guard.
func validateEndorsementCertificate(cert *x509.Certificate, guard tao.Guard,
kPrin *auth.Prin, rootCerts *x509.CertPool) error {
verifyOptions := x509.VerifyOptions{Roots: rootCerts}
_, err := cert.Verify(verifyOptions)
if err != nil {
return err
}
var hwPublicKey *rsa.PublicKey
hwPublicKey, ok := cert.PublicKey.(*rsa.PublicKey)
if !ok {
key, ok := cert.PublicKey.(rsa.PublicKey)
if !ok {
return errors.New("endorsement cert does not contain a valid RSA public key")
}
hwPublicKey = &key
}
ek, err := x509.MarshalPKIXPublicKey(hwPublicKey)
if err != nil {
return err
}
hashedCertKey := sha256.Sum256(ek)
if kPrin.Type != "tpm" && kPrin.Type != "tpm2" {
return errors.New("key principal to be endorsed is not a TPM key, but it's expected to be")
}
hashedBytes, ok := kPrin.KeyHash.(auth.Bytes)
if !ok {
return errors.New("key principal to be endorsed does not have bytes as its auth.Term")
}
if !bytes.Equal(hashedBytes, hashedCertKey[:]) {
return errors.New(fmt.Sprintf(
"endorsement cert endorses %v but needs to endorse %v", hashedCertKey, hashedBytes))
}
machinePrin := auth.Prin{
Type: "MachineInfo",
KeyHash: auth.Str(cert.Subject.CommonName),
}
if !guard.IsAuthorized(machinePrin, "Root", []string{}) {
return errors.New(
"machine endorsed by certificate is not authorized by policy")
}
return nil
}
func TestVerifyDirectiveWithBadProtectedObjectId_invalidType(t *testing.T) {
params := Params{
SerializedObjectId: auth.Str(""),
}
expectError(¶ms, t)
}
func TestVerifyDirectiveWithBadDelegate(t *testing.T) {
params := Params{
Delegate: auth.Str(""),
}
expectError(¶ms, t)
}
import (
"crypto/x509"
"flag"
"log"
"github.com/golang/protobuf/proto"
"github.com/jlmucb/cloudproxy/go/tao"
"github.com/jlmucb/cloudproxy/go/tao/auth"
"github.com/jlmucb/cloudproxy/go/support_infrastructure/domain_service"
)
var hostName = &auth.Prin{
Type: "program",
KeyHash: auth.Str("hostHash")}
var programName = &auth.Prin{
Type: "program",
KeyHash: auth.Str("programHash")}
var network = flag.String("network", "tcp", "The network to use for connections")
var addr = flag.String("addr", "localhost:8124", "The address to listen on")
var domainPass = flag.String("password", "xxx", "The domain password")
var configPath = flag.String("config", "../server/tao.config", "The Tao domain config")
func main() {
domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
if domain == nil {
log.Printf("domainserver: no domain path - %s, pass - %s, err - %s\n",
var epoch = int32(1)
var rootName = "RootName"
var rootKey []byte
var rootId *protected_objects.ObjectIdMessage
var name = "KeyName"
var secretType = "key"
var value = []byte("I am a key.")
var domain *tao.Domain
var encKey *tao.Keys
var authorizedPrin = &auth.Prin{
Type: "program",
Key: auth.Str("AuthorizedProgram"),
Ext: []auth.PrinExt{}}
var unAuthorizedPrin = &auth.Prin{
Type: "program",
Key: auth.Str("UnAuthorizedProgram"),
Ext: []auth.PrinExt{}}
func TestReadObject(t *testing.T) {
setUpDomain(t)
l := list.New()
l.PushFront(createRootKey(t))
obj := createObject(name, epoch, value, secretType)
pObj, err := protected_objects.MakeProtectedObject(*obj, rootName, epoch, rootKey)
failOnError(t, err)
l.PushFront(*pObj)
// FormatCoreOSCommandSubprin produces a string that represents a subprincipal
// with the given ID and hash.
func FormatCoreOSCommandSubprin(cmd string) auth.SubPrin {
args := []auth.Term{auth.Str(cmd)}
return auth.SubPrin{auth.PrinExt{Name: "Command", Arg: args}}
}