func TestRevokeCertificate(t *testing.T) { k, err := tao.NewTemporaryKeys(tao.Signing) if k == nil || err != nil { t.Fatal("Can't generate signing key") } serialNumber := big.NewInt(5) says := auth.Says{ Speaker: k.SigningKey.ToPrincipal(), Message: auth.Pred{ Name: "revoke", Arg: []auth.Term{auth.Bytes(serialNumber.Bytes())}}} att, err := tao.GenerateAttestation(k.SigningKey, nil, says) if err != nil { t.Fatal("Error generating attestation.") } serAtt, err := proto.Marshal(att) if err != nil { t.Fatal("Error serializing attestation.") } revokedCerts := []pkix.RevokedCertificate{} revokedCerts, err = RevokeCertificate(serAtt, revokedCerts, &tao.Domain{Keys: k}) if err != nil { t.Fatal(err) } if num := revokedCerts[0].SerialNumber.Int64(); num != 5 { t.Fatal(fmt.Sprintf("Serial number %v doesnt match expected value 5", num)) } }
func TestProcessDirectiveAndUpdateGuard(t *testing.T) { domain := setUpDomain(t) err := domain.Guard.Authorize(Delegator, OwnPredicate, []string{ProtectedObjectId.String()}) failOnError(t, err) programKey, err := tao.NewTemporaryKeys(tao.Signing) failOnError(t, err) info := x509Info speakerStr := Delegator.String() info.CommonName = &speakerStr subject := tao.NewX509Name(&info) programKey.Cert, err = domain.Keys.SigningKey.CreateSignedX509( domain.Keys.Cert, 1, programKey.SigningKey.GetVerifier(), subject) failOnError(t, err) directive, err := CreateSecretDisclosureDirective(programKey, &Delegator, &Delegate, ReadPredicate, &ProtectedObjectId) failOnError(t, err) directive.Cert = programKey.Cert.Raw err = ProcessDirectiveAndUpdateGuard(domain, directive) failOnError(t, err) if !domain.Guard.IsAuthorized(Delegate, ReadPredicate, []string{ProtectedObjectId.String()}) { t.Fatal("Domain guard not updated as expected.") } tearDown(t) }
func TestCreateAndVerifyDirectiveSignedByProgram(t *testing.T) { policyKey, _, err := generatePolicyKeyAndSignedDirective(Params{}) programKey, err := tao.NewTemporaryKeys(tao.Signing) failOnError(t, err) info := x509Info speakerStr := Delegator.String() info.CommonName = &speakerStr subject := tao.NewX509Name(&info) programKey.Cert, err = policyKey.SigningKey.CreateSignedX509( policyKey.Cert, 1, programKey.SigningKey.GetVerifier(), subject) failOnError(t, err) directive, err := CreateSecretDisclosureDirective(programKey, &Delegator, &Delegate, ReadPredicate, &ProtectedObjectId) failOnError(t, err) directive.Cert = programKey.Cert.Raw speaker, prog, pred, pobj, err := VerifySecretDisclosureDirective(policyKey, directive) failOnError(t, err) if !speaker.Identical(Delegator) { t.Fatal(fmt.Sprintf("verify returns Speaker %v different from expected value %v", speaker, Delegator)) } if !prog.Identical(Delegate) { t.Fatal(fmt.Sprintf("verify returns program %v different from expected value %v", prog, Delegate)) } if *pred != ReadPredicate { t.Fatal(fmt.Sprintf("verify returns predicate %v different from expected value %v", pred, ReadPredicate)) } if *pobj.ObjName != *ProtectedObjectId.ObjName || *pobj.ObjEpoch != *ProtectedObjectId.ObjEpoch { t.Fatal("Verify returns different protectedObjectId from expected value.") } }
func generateTpmAttestation(t *testing.T, tpmtao *tao.TPMTao, delegator *auth.Prin) (*tao.Keys, *tao.Attestation) { k, err := tao.NewTemporaryKeys(tao.Signing) if k == nil || err != nil { t.Fatal("Can't generate signing key") } speaksFor := &auth.Speaksfor{ Delegate: k.SigningKey.ToPrincipal(), Delegator: delegator, } taoname, err := tpmtao.GetTaoName() if err != nil { t.Fatal("Couldn't get the name of the tao:", err) } says := &auth.Says{ Speaker: taoname, Time: nil, Expiration: nil, Message: speaksFor, } att, err := tpmtao.Attest(&taoname, nil, nil, says) if err != nil { t.Fatal("TPM couldn't attest:", err) } return k, att }
func main() { network := flag.String("network", "tcp", "The network to use for connections") addr := flag.String("addr", "localhost:8124", "The address to listen on") domainPass := flag.String("password", "nopassword", "The domain password for the policy key") configPath := flag.String("config", "tao.config", "The Tao domain config") flag.Parse() domain, err := tao.LoadDomain(*configPath, []byte(*domainPass)) if err != nil { log.Fatalf("keynegoserver: Couldn't load the config path %s: %s\n", *configPath, err) } // Set up temporary keys for the connection, since the only thing that // matters to the remote client is that they receive a correctly-signed new // attestation from the policy key. // JLM: I left this in place but I'm not sure what a TLS connection with a // self signed Cert buys in terms of security. The security of this protocol should // not depend on the confidentiality or intergity of the channel. All that said, // if we do ever distribute a signed keynegoserver cert for this TLS channel, it would // be good. keys, err := tao.NewTemporaryKeys(tao.Signing) if err != nil { log.Fatalln("keynegoserver: Couldn't set up temporary keys for the connection:", err) } keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{ Organization: []string{"Google Tao Demo"}}) if err != nil { log.Fatalln("keynegoserver: Couldn't set up a self-signed cert:", err) } SerialNumber = int64(time.Now().UnixNano()) / (1000000) policyKey, err := tao.NewOnDiskPBEKeys(tao.Signing, []byte(*domainPass), "policy_keys", nil) if err != nil { log.Fatalln("keynegoserver: Couldn't get policy key:", err) } tlsc, err := tao.EncodeTLSCert(keys) if err != nil { log.Fatalln("keynegoserver: Couldn't encode a TLS cert:", err) } conf := &tls.Config{ RootCAs: x509.NewCertPool(), Certificates: []tls.Certificate{*tlsc}, InsecureSkipVerify: true, ClientAuth: tls.RequireAnyClientCert, } sock, err := tls.Listen(*network, *addr, conf) if err != nil { log.Printf("keynegoserver: error: %s", err) } defer sock.Close() for { conn, err := sock.Accept() if err != nil { log.Fatalln("keynegoserver: couldn't accept a connection:", err) } go handleRequest(conn, policyKey, domain.Guard) } }
func TestGenerateProgramCert(t *testing.T) { domain := generateDomain(t) programKey, err := tao.NewTemporaryKeys(tao.Signing) if err != nil { t.Fatal("Error generating keys.", err) } cert, err := GenerateProgramCert(domain, 0, programName, programKey.VerifyingKey, time.Now(), time.Now().AddDate(1, 0, 0)) rootCerts := x509.NewCertPool() rootCerts.AddCert(domain.Keys.Cert) options := x509.VerifyOptions{Roots: rootCerts} _, err = cert.Verify(options) if err != nil { t.Fatal("Program cert fails verification check.", err) } }
// Create a Program Public/Private key. func CreateSigningKey(t tao.Tao) (*tao.Keys, []byte, error) { self, err := t.GetTaoName() k, err := tao.NewTemporaryKeys(tao.Signing) if k == nil || err != nil { return nil, nil, errors.New("Can't generate signing key") } publicString := strings.Replace(self.String(), "(", "", -1) publicString = strings.Replace(publicString, ")", "", -1) // publicString is now a canonicalized Tao Principal name us := "US" google := "Google" details := tao.X509Details{ Country: &us, Organization: &google, CommonName: &publicString} subjectname := tao.NewX509Name(&details) derCert, err := k.SigningKey.CreateSelfSignedDER(subjectname) if err != nil { return nil, nil, errors.New("Can't self sign cert\n") } cert, err := x509.ParseCertificate(derCert) if err != nil { return nil, nil, err } // Construct statement: "ProgramKey (new key) speaksfor Principal Name" // ToPrincipal retrieves key's Tao Principal Name. k.Cert = cert s := &auth.Speaksfor{ Delegate: k.SigningKey.ToPrincipal(), Delegator: self} if s == nil { return nil, nil, errors.New("Can't produce speaksfor") } // Sign attestation statement k.Delegation, err = t.Attest(&self, nil, nil, s) if err != nil { return nil, nil, err } _, _ = auth.UnmarshalForm(k.Delegation.SerializedStatement) return k, derCert, nil }
func generatePolicyKey(t *testing.T) (*tao.Keys, *x509.Certificate) { k, err := tao.NewTemporaryKeys(tao.Signing) if k == nil || err != nil { t.Fatal("Can't generate signing key") } us := "US" google := "Google" subjectName := "Policy" details := tao.X509Details{ Country: &us, Organization: &google, CommonName: &subjectName} subjectname := tao.NewX509Name(&details) cert, err := k.SigningKey.CreateSelfSignedX509(subjectname) if err != nil { t.Fatal("Can't self sign cert\n") } return k, cert }
func generateAttestation(signingKey *tao.Keys, delegator *auth.Prin) (*tao.Keys, *tao.Attestation) { k, err := tao.NewTemporaryKeys(tao.Signing) if k == nil || err != nil { log.Fatalln("Can't generate signing key") } speaksFor := &auth.Speaksfor{ Delegate: k.SigningKey.ToPrincipal(), Delegator: delegator, } says := &auth.Says{ Speaker: signingKey.SigningKey.ToPrincipal(), Time: nil, Expiration: nil, Message: speaksFor, } att, err := tao.GenerateAttestation(signingKey.SigningKey, nil, *says) if err != nil { log.Fatalln(err) } return k, att }
func generateEndorsementCertficate(policyKey *tao.Keys, policyCert *x509.Certificate) (*tao.Keys, *x509.Certificate) { k, err := tao.NewTemporaryKeys(tao.Signing) if k == nil || err != nil { log.Fatalln("Can't generate signing key") } us := "US" google := "Google" machineName := "Encoded Machine Information" details := tao.X509Details{ Country: &us, Organization: &google, CommonName: &machineName} subject := tao.NewX509Name(&details) cert, err := policyKey.SigningKey.CreateSignedX509( policyCert, 0, k.SigningKey.GetVerifier(), subject) if err != nil { log.Fatalln(err) } return k, cert }
func main() { flag.Parse() domain, err := tao.LoadDomain(*configPath, []byte(*domainPass)) if err != nil { glog.Exitf("Couldn't load the config path %s: %s\n", *configPath, err) return } // Set up temporary keys for the connection, since the only thing that // matters to the remote client is that they receive a correctly-signed new // attestation from the policy key. keys, err := tao.NewTemporaryKeys(tao.Signing) if err != nil { glog.Exit("Couldn't set up temporary keys for the connection:", err) return } keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{ Organization: []string{"Google Tao Demo"}}) if err != nil { glog.Exit("Couldn't set up a self-signed cert:", err) return } sock, err := net.Listen(*network, *addr) if err != nil { glog.Exit("Couldn't bind socket to address:", err) return } fmt.Println("tcca: accepting connections") for { conn, err := sock.Accept() if err != nil { glog.Exitf("Couldn't accept a connection on %s: %s", *addr, err) return } go tao.HandleCARequest(conn, domain.Keys.SigningKey, domain.Guard) } }
func generatePolicyKeyAndSignedDirective(params Params) (*tao.Keys, *DirectiveMessage, error) { var programName auth.Term if params.Delegate != nil { programName = params.Delegate } else { programName = Delegate } var serializedObjectId auth.Term if params.SerializedObjectId != nil { serializedObjectId = params.SerializedObjectId } else { bytes, err := proto.Marshal(&ProtectedObjectId) if err != nil { return nil, nil, err } serializedObjectId = auth.Bytes(bytes) } terms := []auth.Term{programName, serializedObjectId} if params.CanReadTerms != nil { terms = params.CanReadTerms } var canRead auth.Form if params.CanRead != nil { canRead = params.CanRead } else { canRead = auth.Pred{ Name: ReadPredicate, Arg: terms, } } policyKey, err := tao.NewTemporaryKeys(tao.Signing) if err != nil { return nil, nil, err } info := x509Info name := policyKey.SigningKey.ToPrincipal().String() info.CommonName = &name subject := tao.NewX509Name(&info) policyKey.Cert, err = policyKey.SigningKey.CreateSelfSignedX509(subject) if err != nil { return nil, nil, err } var says auth.Form if params.Says != nil { says = params.Says } else { says = auth.Says{ Speaker: policyKey.SigningKey.ToPrincipal(), Time: nil, Expiration: nil, Message: canRead, } } serializedSays := auth.Marshal(says) var directiveType *DirectiveMessageDirectiveType if params.DirectiveType != nil { directiveType = params.DirectiveType } else { directiveType = DirectiveMessage_SECRET_DISCLOSURE.Enum() } var signature []byte if params.Signature != nil { signature = params.Signature } else { signature, err = policyKey.SigningKey.Sign(serializedSays, SigningContext) if err != nil { return nil, nil, err } } var signer []byte if params.Signer != nil { signer = params.Signer } else { signer = auth.Marshal(policyKey.SigningKey.ToPrincipal()) } directive := &DirectiveMessage{ Type: directiveType, SerializedStatement: serializedSays, Signature: signature, Signer: signer, } return policyKey, directive, nil }
func main() { flag.Parse() domain, err := tao.LoadDomain(*configPath, []byte(*domainPass)) if domain == nil { log.Printf("simpledomainservice: no domain path - %s, pass - %s, err - %s\n", *configPath, *domainPass, err) return } else if err != nil { log.Printf("simpledomainservice: Couldn't load the config path %s: %s\n", *configPath, err) return } log.Printf("simpledomainservice: Loaded domain\n") // Set up temporary keys for the connection, since the only thing that // matters to the remote client is that they receive a correctly-signed new // attestation from the policy key. // JLM: I left this in place but I'm not sure what a TLS connection with a // self signed Cert buys in terms of security. // The security of this protocol should not depend on the // confidentiality or intergity of the channel. All that said, if we // do ever distribute a signed simpledomainservice cert // for this TLS channel, it would be good. keys, err := tao.NewTemporaryKeys(tao.Signing) if keys == nil || err != nil { log.Fatalln("simpledomainservice: Couldn't set up temporary keys for connection:", err) return } keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{ Organization: []string{"Google Tao Demo"}}) if err != nil { log.Fatalln("simpledomainservice: Couldn't set up a self-signed cert:", err) return } SerialNumber = int64(time.Now().UnixNano()) / (1000000) policyKey := domain.Keys fmt.Printf("\nSimpleDomainService: policyKey: %x\n", policyKey) tlsc, err := tao.EncodeTLSCert(keys) if err != nil { log.Fatalln("simpledomainservice: Couldn't encode a TLS cert:", err) } conf := &tls.Config{ RootCAs: x509.NewCertPool(), Certificates: []tls.Certificate{*tlsc}, InsecureSkipVerify: true, ClientAuth: tls.RequireAnyClientCert, } sock, err := tls.Listen(*network, *addr, conf) if err != nil { log.Printf("simpledomainservice: error: %s\n", err) } if sock == nil { log.Printf("simpledomainservice: Empty socket, terminating\n") return } defer sock.Close() log.Printf("simpledomainservice: accepting connections\n") fmt.Printf("\n\nsimpledomainservice: accepting connections\n") for { conn, err := sock.Accept() if conn == nil { fmt.Printf("simpledomainservice: Empty connection\n") log.Printf("simpledomainservice: Empty connection\n") return } else if err != nil { fmt.Printf("simpledomainservice: Couldn't accept a connection on %s: %s\n", *addr, err) log.Printf("simpledomainservice: Couldn't accept a connection on %s: %s\n", *addr, err) return } go DomainRequest(conn, policyKey, domain.Guard) } log.Printf("simpledomainservice: finishing\n") }