示例#1
0
// This program creates a key hierarchy consisting of a
// primary key, and quoting key for cloudproxy
// and makes their handles permanent.
func main() {
	keySize := flag.Int("modulus size", 2048, "Modulus size for keys")
	policyKeyFile := flag.String("Policy save file", "policy.go.bin",
		"policy save file")
	policyKeyPassword := flag.String("Policy key password", "xxzzy",
		"policy key password")
	policyCertFile := flag.String("Policy cert save file", "policy.cert.go.der",
		"policy cert save file")
	flag.Parse()

	// Open tpm
	rw, err := tpm2.OpenTPM("/dev/tpm0")
	if err != nil {
		fmt.Printf("OpenTPM failed %s\n", err)
		return
	}
	defer rw.Close()

	// Flushall
	err = tpm2.Flushall(rw)
	if err != nil {
		fmt.Printf("Flushall failed\n")
		return
	}
	var notBefore time.Time
	notBefore = time.Now()
	validFor := 365 * 24 * time.Hour
	notAfter := notBefore.Add(validFor)

	policyKey, err := rsa.GenerateKey(rand.Reader, *keySize)
	if err != nil {
		fmt.Printf("Can't generate policy key\n")
		return
	}
	fmt.Printf("policyKey: %x\n", policyKey)

	derPolicyCert, err := tpm2.GenerateSelfSignedCertFromKey(policyKey,
		"Cloudproxy Authority", "Application Policy Key",
		tpm2.GetSerialNumber(), notBefore, notAfter)
	fmt.Printf("policyKey: %x\n", policyKey)
	ioutil.WriteFile(*policyCertFile, derPolicyCert, 0644)
	if err != nil {
		fmt.Printf("Can't write policy cert\n")
		return
	}

	// Marshal policy key
	serializedPolicyKey, err := tpm2.SerializeRsaPrivateKey(policyKey)
	if err != nil {
		fmt.Printf("Cant serialize rsa key\n")
		return
	}

	ioutil.WriteFile(*policyKeyFile, serializedPolicyKey, 0644)
	if err == nil {
		fmt.Printf("Policy Key generation succeeded, password: %s\n",
			*policyKeyPassword)
	} else {
		fmt.Printf("Policy Key generation failed\n")
	}
}
// This program makes the endorsement certificate given the Policy key.
func main() {
	keySize := flag.Int("modulus size", 2048, "Modulus size for keys")
	keyName := flag.String("Endorsement key name",
		"JohnsHw", "endorsement key name")
	endorsementCertFile := flag.String("Endorsement save file",
		"endorsement.cert.der", "endorsement save file")
	policyCertFile := flag.String("Policy cert file",
		"policy.cert.go.der", "cert file")
	policyKeyFile := flag.String("Policy key file", "policy.go.bin",
		"policy save file")
	policyKeyPassword := flag.String("Policy key password", "xxzzy",
		"policy key password")
	flag.Parse()
	fmt.Printf("Policy key password: %s\n", *policyKeyPassword)

	// TODO
	pcrs := []int{7}

	// Open tpm
	rw, err := tpm2.OpenTPM("/dev/tpm0")
	if err != nil {
		fmt.Printf("OpenTPM failed %s\n", err)
		return
	}
	defer rw.Close()

	// Flushall
	err = tpm2.Flushall(rw)
	if err != nil {
		fmt.Printf("Flushall failed\n")
		return
	}

	var notBefore time.Time
	notBefore = time.Now()
	validFor := 365 * 24 * time.Hour
	notAfter := notBefore.Add(validFor)

	serializePolicyKey, err := ioutil.ReadFile(*policyKeyFile)
	if err != nil {
		fmt.Printf("Can't get serialized policy key\n")
		return
	}
	derPolicyCert, err := ioutil.ReadFile(*policyCertFile)
	if err != nil {
		fmt.Printf("Can't get policy cert %s\n", *policyCertFile)
		return
	}

	policyKey, err := tpm2.DeserializeRsaKey(serializePolicyKey)
	if err != nil {
		fmt.Printf("Can't get deserialize policy key\n")
		return
	}

	ekHandle, _, err := tpm2.CreateEndorsement(rw, uint16(*keySize), pcrs)
	if err != nil {
		fmt.Printf("Can't CreateEndorsement\n")
		return
	}
	defer tpm2.FlushContext(rw, ekHandle)
	endorsementCert, err := tpm2.GenerateHWCert(rw, ekHandle,
		*keyName, notBefore, notAfter, tpm2.GetSerialNumber(),
		derPolicyCert, policyKey)
	if err != nil {
		fmt.Printf("Can't create endorsement cert\n")
	}
	fmt.Printf("Endorsement cert: %x\n", endorsementCert)
	ioutil.WriteFile(*endorsementCertFile, endorsementCert, 0644)
	fmt.Printf("Endorsement cert created")
}