go-attestation/attest/attest-tool/attest-tool.go
Tom D ba4708dfc8
Rename attest-tool to match rules for BUILD targets (#43)
* Implement example cmd-line binary.

* Add ability to generate random nonce

* Rename attest-tool to match rules for BUILD files
2019-06-18 09:09:39 -07:00

142 lines
3.0 KiB
Go

// Binary attest-tool performs attestation operations on the local system.
package main
import (
"crypto/rand"
"encoding/hex"
"flag"
"fmt"
"io/ioutil"
"os"
"github.com/google/go-attestation/attest"
"github.com/google/go-tpm/tpm2"
)
var (
keyPath = flag.String("key", "aik.json", "Path to the key file")
nonceHex = flag.String("nonce", "", "Hex string to use as nonce when quoting")
randomNonce = flag.Bool("random-nonce", false, "Generate a random nonce instead of using one provided")
useSHA256 = flag.Bool("sha256", false, "Use SHA256 for quote operatons")
)
func main() {
flag.Parse()
if *randomNonce {
n := make([]byte, 8)
rand.Read(n)
*nonceHex = hex.EncodeToString(n)
}
tpm, err := attest.OpenTPM(nil)
if err != nil {
fmt.Fprintf(os.Stderr, "Error opening the TPM: %v\n", err)
os.Exit(1)
}
err = runCommand(tpm)
tpm.Close()
if err != nil {
fmt.Fprintf(os.Stderr, "Error: %v\n", err)
os.Exit(1)
}
}
func runCommand(tpm *attest.TPM) error {
switch flag.Arg(0) {
case "info":
info, err := tpm.Info()
if err != nil {
return err
}
fmt.Printf("Version: %d\n", info.Version)
fmt.Printf("Interface: %d\n", info.Interface)
fmt.Printf("VendorInfo: %x\n", info.VendorInfo)
fmt.Printf("Manufactorer: %v\n", info.Manufacturer)
case "make-aik":
k, err := tpm.MintAIK(nil)
if err != nil {
return fmt.Errorf("MintAIK() failed: %v", err)
}
defer k.Close(tpm)
b, err := k.Marshal()
if err != nil {
return err
}
return ioutil.WriteFile(*keyPath, b, 0755)
case "quote":
b, err := ioutil.ReadFile(*keyPath)
if err != nil {
return err
}
k, err := tpm.LoadKey(b)
if err != nil {
return fmt.Errorf("tpm.LoadKey() failed: %v", err)
}
defer k.Close(tpm)
nonce, err := hex.DecodeString(*nonceHex)
if err != nil {
return err
}
alg := tpm2.AlgSHA1
if *useSHA256 {
alg = tpm2.AlgSHA256
}
q, err := k.Quote(tpm, nonce, alg)
if err != nil {
return fmt.Errorf("Quote() failed: %v", err)
}
fmt.Printf("Quote: %x\n", q.Quote)
fmt.Printf("Signature: %x\n", q.Signature)
case "delete-aik":
b, err := ioutil.ReadFile(*keyPath)
if err != nil {
return err
}
k, err := tpm.LoadKey(b)
if err != nil {
return fmt.Errorf("tpm.LoadKey() failed: %v", err)
}
return k.Delete(tpm)
case "list-eks":
eks, err := tpm.EKs()
if err != nil {
return fmt.Errorf("tpm.EKs() failed: %v", err)
}
for _, ek := range eks {
if ek.Cert != nil {
fmt.Printf("EK certificate: %x\n", ek.Cert.Raw)
}
}
case "list-pcrs":
pcrs, alg, err := tpm.PCRs()
if err != nil {
return fmt.Errorf("tpm.PCRs() failed: %v", err)
}
fmt.Printf("PCR digest: %v\n", alg)
for _, pcr := range pcrs {
fmt.Printf("PCR[%d]: %x\n", pcr.Index, pcr.Digest)
}
case "measurement-log":
b, err := tpm.MeasurementLog()
if err != nil {
return fmt.Errorf("tpm.MeasurementLog() failed: %v", err)
}
fmt.Printf("%x\n", b)
default:
return fmt.Errorf("no such command %q", flag.Arg(0))
}
return nil
}