github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tpm2/apps/PolicyKey/MakePolicyKey.go

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tpm2/apps/PolicyKey/MakePolicyKey.go (about)

     1  // Copyright (c) 2014, Google, Inc. All rights reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  //
    15  
    16  package main
    17  
    18  import (
    19  	"crypto/rand"
    20  	"crypto/rsa"
    21  	"flag"
    22  	"fmt"
    23  	"io/ioutil"
    24  	"time"
    25  
    26  	// "github.com/golang/protobuf/proto"
    27  	"github.com/jlmucb/cloudproxy/go/tpm2"
    28  )
    29  
    30  // This program creates a key hierarchy consisting of a
    31  // primary key, and quoting key for cloudproxy
    32  // and makes their handles permanent.
    33  func main() {
    34  	// TODO(jlm): Policy key is always ECDSA for now but the key type should be
    35  	// specified and we should support other types.
    36  	keySize := flag.Int("modulus size",  2048, "Modulus size for keys")
    37  	// TODO(jlm): The default value here is probably wrong.
    38  	policyKeyFile := flag.String("Policy save file", "policy.go.bin",
    39  		"policy save file")
    40  	// TODO(jlm): Should this be "xxx" to be consistent with other examples?
    41  	policyKeyPassword := flag.String("Policy key password", "xxx",
    42  		"policy key password")
    43  	// TODO(jlm): The default value here is probably wrong.
    44  	policyCertFile := flag.String("Policy cert save file", "policy.cert.go.der",
    45  		"policy cert save file")
    46  	flag.Parse()
    47  
    48  	// Open tpm
    49  	rw, err := tpm2.OpenTPM("/dev/tpm0")
    50  	if err != nil {
    51  		fmt.Printf("OpenTPM failed %s\n", err)
    52  		return
    53  	}
    54  	defer rw.Close()
    55  
    56  	// Flushall
    57  	err =  tpm2.Flushall(rw)
    58  	if err != nil {
    59  		fmt.Printf("Flushall failed\n")
    60  		return
    61  	}
    62  	var notBefore time.Time
    63  	notBefore = time.Now()
    64  	validFor := 365*24*time.Hour
    65  	notAfter := notBefore.Add(validFor)
    66  
    67  	policyKey, err := rsa.GenerateKey(rand.Reader, *keySize)
    68  	if err != nil {
    69  		fmt.Printf("Can't generate policy key\n")
    70  		return
    71  	}
    72  	fmt.Printf("policyKey: %x\n", policyKey)
    73  
    74  	derPolicyCert, err := tpm2.GenerateSelfSignedCertFromKey(policyKey,
    75  		"Cloudproxy Authority", "Application Policy Key",
    76  		tpm2.GetSerialNumber(), notBefore, notAfter)
    77  	fmt.Printf("policyKey: %x\n", policyKey)
    78  	ioutil.WriteFile(*policyCertFile, derPolicyCert, 0644)
    79  	if err != nil {
    80  		fmt.Printf("Can't write policy cert\n")
    81  		return
    82  	}
    83  
    84  	// Marshal policy key
    85  	serializedPolicyKey, err := tpm2.SerializeRsaPrivateKey(policyKey)
    86          if err != nil {
    87                  fmt.Printf("Cant serialize rsa key\n")
    88  		return
    89          }
    90  
    91  	ioutil.WriteFile(*policyKeyFile, serializedPolicyKey, 0644)
    92  	if err == nil {
    93  		fmt.Printf("Policy Key generation succeeded, password: %s\n",
    94  			*policyKeyPassword)
    95  	} else {
    96  		fmt.Printf("Policy Key generation failed\n")
    97  	}
    98  }