diff --git a/attestation/ras/pca/pca.go b/attestation/ras/pca/pca.go index fc072dcd95704615cf32335b2f9264b1954650dc..07edd95cde901f8d6e14d4112805eddad1305d4e 100755 --- a/attestation/ras/pca/pca.go +++ b/attestation/ras/pca/pca.go @@ -11,6 +11,7 @@ import ( "github.com/google/go-tpm/tpm2" "github.com/pkg/errors" "math/big" + "strings" "time" ) @@ -73,9 +74,23 @@ func (pca *PCA) VerifyEkCert(EkCert x509.Certificate)(bool,error){ } return true, nil } +//GenerateKey will take a key and generate a cert by GenerateAkCert +func GenerateKey(KeyLength int,KeyType string)(crypto.PrivateKey,crypto.PublicKey,error){ + if strings.ToLower(KeyType) == "rsa"{ + if KeyLength!=4096{ + KeyLength = 3072 + } + key,err := rsa.GenerateKey(rand.Reader,KeyLength) + if err!=nil{ + return nil, nil, fmt.Errorf("generate the rsa key is failed") + } + return key,&key.PublicKey,nil + } + return nil, nil, fmt.Errorf("Generate the key is failed!") +} //通过pca的私钥作为签名,颁发Ak证书即生成AC -func GenerateAkCert(privacycaKey crypto.PrivateKey,privacycaCert *x509.Certificate,AkPub rsa.PublicKey)([]byte,error) { +func GenerateAkCert(privacycaKey crypto.PrivateKey,privacycaCert *x509.Certificate,AkPub crypto.PublicKey)([]byte,error) { //还未确定明白Templte中应该包含哪些 serialNumber,err := rand.Int(rand.Reader,new(big.Int).Lsh(big.NewInt(1),128)) if err!=nil{ @@ -124,7 +139,6 @@ func EncryptAkcert(AkCert []byte,AkName []byte)(ToACandSymKey,error){ if err!=nil{ errors.New("failed get the simulator") } - iv ,err := CreateRandomByte(16) if err!=nil{ errors.New("failed create the iv of a random byte") @@ -154,7 +168,6 @@ func EncryptAkcert(AkCert []byte,AkName []byte)(ToACandSymKey,error){ TPMSymKeyParams: symKeyParams, } - return toACandsymKey,nil } func Test() { diff --git a/attestation/ras/pca/pca_test.go b/attestation/ras/pca/pca_test.go index c28812e8cad1cb13d10ff8bc9f1d1f492f4ed538..ee9647b77fe030ef43d123378c24c6480be9e7df 100755 --- a/attestation/ras/pca/pca_test.go +++ b/attestation/ras/pca/pca_test.go @@ -1,8 +1,6 @@ package pca import ( - "crypto" - "crypto/rsa" "crypto/x509" "fmt" "github.com/pkg/errors" @@ -16,7 +14,6 @@ var req = Request{ TPMVer: "2.0", } - func TestPCAForUnsupportedTpm(t *testing.T) { //测试TPM的版本 req.TPMVer = "1.0" @@ -31,7 +28,6 @@ func TestVerifyEkCert(t *testing.T){ if err!=nil{ errors.New("Create a new pca Error") } - Bool,_:=pca.VerifyEkCert(ekcert) if !Bool{ fmt.Println("Verify EkCert is failed!") @@ -39,20 +35,31 @@ func TestVerifyEkCert(t *testing.T){ fmt.Println("Verify EkCert is success!") } } +func TestGenerateKey(t *testing.T) { + var keyType ="rsa" + var keyLength = 2048 + fmt.Println("This is a test of GenerateKey") + _,_,err := GenerateKey(keyLength,keyType) + assert.NoError(t, err) +} func TestGenerateAkCert(t *testing.T) { fmt.Println("This is a test of GenerateAkCert") - // - var pcaPriv crypto.PrivateKey - //var pcaPub crypto.PublicKey - var pcaCert *x509.Certificate - var akPub rsa.PublicKey - _,err := GenerateAkCert(pcaPriv,pcaCert,akPub) + certder,err := CreateRandomByte(16) + assert.NoError(t, err) + pcaCert,err:= x509.ParseCertificate(certder) + pcaPriv,_,err := GenerateKey(2048,"rsa") + assert.NoError(t, err) + _,akPub,err := GenerateKey(2048,"rsa") + assert.NoError(t, err) + _,err = GenerateAkCert(pcaPriv,pcaCert,akPub) assert.NoError(t, err) } func TestEncryptAkcert(t *testing.T) { + fmt.Println("This is a test of GenerateAkCert") var akCert,_ = CreateRandomByte(16) akName:=[]byte{0, 11, 63, 66, 56, 152, 253, 128, 164, 49, 231, 162, 169, 14, 118, 72, 248, 151, 117, 166, 215, 235, 210, 181, 92, 167, 94, 113, 24, 131, 10, 5, 12, 85, 252} - _,err := EncryptAkcert(akCert,akName) + cert,err := EncryptAkcert(akCert,akName) + fmt.Println(cert) assert.NoError(t, err) }