github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/apps/aiksigner/aiksigner.go (about) 1 // Copyright (c) 2016, Google Inc. All rights reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package main 16 17 import ( 18 "crypto/rand" 19 "crypto/x509" 20 "crypto/x509/pkix" 21 "flag" 22 "github.com/google/go-tpm/tpm" 23 "github.com/jlmucb/cloudproxy/go/tao" 24 "io/ioutil" 25 "log" 26 "math/big" 27 "time" 28 ) 29 30 var configPath = flag.String("configPath", "/Domains/domain.simpleexampletpm1/tao.config", "The Tao domain config") 31 var aikPath = flag.String("aik_path", "./aikblob", "The path to the AIK blob") 32 var policyKeyPath = flag.String("policy_key_path", "./policy_keys", "The path to policy key directory") 33 var pass = flag.String("password", "xxx", "The password protecting the policy keys") 34 var keyName = flag.String("key_name", "tpm1.2", "The Tao name of the key being certified") 35 var certFile = flag.String("output_file", "./aik_cert", "The file where the AIK cert is written to") 36 37 func main() { 38 flag.Parse() 39 aikblob, err := ioutil.ReadFile(*aikPath) 40 if err != nil { 41 log.Fatalln("Error reading AIK blob: ", err) 42 } 43 aik, err := tpm.UnmarshalRSAPublicKey(aikblob) 44 if err != nil { 45 log.Fatalln("Error unmarshalling AIK blob: ", err) 46 } 47 48 // Sign certificate. 49 notBefore := time.Now() 50 validFor := 365 * 24 * time.Hour 51 notAfter := notBefore.Add(validFor) 52 53 us := "US" 54 issuerName := "Google" 55 localhost := "localhost" 56 x509SubjectName := &pkix.Name{ 57 Organization: []string{*keyName}, 58 OrganizationalUnit: []string{*keyName}, 59 CommonName: localhost, 60 Country: []string{us}, 61 } 62 x509IssuerName := &pkix.Name{ 63 Organization: []string{issuerName}, 64 OrganizationalUnit: []string{issuerName}, 65 CommonName: localhost, 66 Country: []string{us}, 67 } 68 69 // issuerName := tao.NewX509Name(&details) 70 var sn big.Int 71 certificateTemplate := x509.Certificate{ 72 SerialNumber: &sn, 73 Issuer: *x509IssuerName, 74 Subject: *x509SubjectName, 75 NotBefore: notBefore, 76 NotAfter: notAfter, 77 KeyUsage: x509.KeyUsageCertSign | 78 x509.KeyUsageKeyAgreement | x509.KeyUsageDigitalSignature, 79 } 80 81 domain, err := tao.LoadDomain(*configPath, []byte(*pass)) 82 if err != nil { 83 log.Fatalln("Error loading policy key: ", err) 84 } 85 if domain.Keys.Cert == nil { 86 log.Fatalln("Missing cert in policy key ") 87 } 88 89 cert, err := x509.CreateCertificate(rand.Reader, &certificateTemplate, 90 domain.Keys.Cert, aik, domain.Keys.SigningKey.GetSignerPrivateKey()) 91 if err != nil { 92 log.Fatalln("Can't create AIK certificate: ", err) 93 } 94 if err := ioutil.WriteFile(*certFile, cert, 0644); err != nil { 95 log.Fatalln("Error writing AIK certificate: ", err) 96 } 97 }