本文整理汇总了Golang中github.com/jlmucb/cloudproxy/go/util.NewMessageStream函数的典型用法代码示例。如果您正苦于以下问题:Golang NewMessageStream函数的具体用法?Golang NewMessageStream怎么用?Golang NewMessageStream使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了NewMessageStream函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: OpenTaoChannel
// Establishes the Tao Channel for a client using the Program Key.
// This program does all the standard client side channel negotiation.
// After negotiation is complete. ms is the bi-directional confidentiality and
// integrity protected channel. OpenTaoChannel returns the stream (ms) for subsequent reads
// and writes as well as the server's Tao Principal Name.
func OpenTaoChannel(programObject *TaoProgramData, serverAddr *string) (
*util.MessageStream, *string, error) {
// Parse policy cert and make it the root of our
// hierarchy for verifying Tao Channel peer.
policyCert, err := x509.ParseCertificate(programObject.PolicyCert)
if err != nil {
return nil, nil, errors.New("OpenTaoChannel: Can't ParseCertificate")
}
pool := x509.NewCertPool()
pool.AddCert(policyCert)
// Open the Tao Channel using the Program key.
tlsc, err := tao.EncodeTLSCert(&programObject.ProgramKey)
if err != nil {
log.Fatalln("OpenTaoChannel, encode error: ", err)
}
// TODO(manferdelli): Replace this with tao.Dial
conn, err := tls.Dial("tcp", *serverAddr, &tls.Config{
RootCAs: pool,
Certificates: []tls.Certificate{*tlsc},
InsecureSkipVerify: false,
})
if err != nil {
fmt.Printf("OpenTaoChannel: Can't establish channel ", err, "\n")
return nil, nil, errors.New("OpenTaoChannel: Can't establish channel")
}
peerName := policyCert.Subject.OrganizationalUnit[0]
// Stream for Tao Channel.
ms := util.NewMessageStream(conn)
return ms, &peerName, nil
}示例2: RequestCrl
// This function sends a DomainServiceRequest of the type GET_CRL to the domain service,
// and deserializes the response into a pkix.CertificateList containing the revoked certificates.
func RequestCrl(network, addr string) (*pkix.CertificateList, error) {
reqType := DomainServiceRequest_GET_CRL
request := &DomainServiceRequest{
Type: &reqType}
conn, err := net.Dial(network, addr)
if err != nil {
return nil, err
}
ms := util.NewMessageStream(conn)
_, err = ms.WriteMessage(request)
if err != nil {
return nil, err
}
log.Printf("Sent crl request to Domain Service using network %s at address %s.",
network, addr)
var response DomainServiceResponse
err = ms.ReadMessage(&response)
if err != nil {
return nil, err
}
log.Println("Got response from Domain Service.")
if errStr := response.GetErrorMessage(); errStr != "" {
return nil, errors.New(errStr)
}
parsedCrl, err := x509.ParseCRL(response.GetCrl())
return parsedCrl, err
}示例3: HandleQuoteDomainRequest
func HandleQuoteDomainRequest(conn net.Conn, policyKey *ecdsa.PrivateKey, derPolicyCert []byte) (bool, error) {
log.Printf("HandleQuoteDomainRequest\n")
// Expect a request with attestation from client.
ms := util.NewMessageStream(conn)
var request AttestCertRequest
err := ms.ReadMessage(&request)
if err != nil {
log.Printf("HandleQuoteDomainRequest: Couldn't read attest request from channel")
return false, err
}
resp, err := ProcessQuoteDomainRequest(request, policyKey, derPolicyCert)
if err != nil {
return false, err
}
_, err = ms.WriteMessage(resp)
if err != nil {
log.Printf("HandleQuoteDomainRequest: Couldn't return the attestation on the channel")
log.Printf("\n")
return false, err
}
return false, nil
}示例4: RequestRevokeCertificate
// This function packages a certificate revoke request into a DomainServiceRequest of type
// REVOKE_CERTIFICATE and sends it to the domain service. It expects att to be an attestation
// signed by the domain policy key with a statement of the form:
// policyKey says revoke certificateSerialNumber
func RequestRevokeCertificate(att *tao.Attestation, network, addr string) error {
serAtt, err := proto.Marshal(att)
if err != nil {
return err
}
reqType := DomainServiceRequest_REVOKE_CERTIFICATE
request := &DomainServiceRequest{
Type: &reqType,
SerializedPolicyAttestation: serAtt}
conn, err := net.Dial(network, addr)
if err != nil {
return err
}
ms := util.NewMessageStream(conn)
_, err = ms.WriteMessage(request)
if err != nil {
return err
}
log.Printf("Sent cert revoke request to Domain Service using network %s at address %s.",
network, addr)
var response DomainServiceResponse
err = ms.ReadMessage(&response)
if err != nil {
return err
}
log.Println("Got response from Domain Service.")
if errStr := response.GetErrorMessage(); errStr != "" {
return errors.New(errStr)
}
return nil
}示例5: NewClientCodec
// NewClientCodec returns a new rpc.ClientCodec using protobuf messages on conn.
func NewClientCodec(conn io.ReadWriteCloser) rpc.ClientCodec {
m, ok := conn.(*util.MessageStream)
if !ok {
// The given conn lacks framing, so add some.
m = util.NewMessageStream(conn)
}
return &clientCodec{m, sync.Mutex{}}
}示例6: serve
func serve(addr, fp string, cert []byte, signingKey *tao.Keys, policy *fileproxy.ProgramPolicy) error {
m := fileproxy.NewResourceMaster(fp)
policyCert, err := x509.ParseCertificate(cert)
if err != nil {
return err
}
conf, err := signingKey.TLSServerConfig(policyCert)
if err != nil {
return err
}
log.Println("fileserver listening")
sock, err := tls.Listen("tcp", addr, conf)
if err != nil {
return err
}
for {
// Accept and handle client connections one at a time.
conn, err := sock.Accept()
if err != nil {
return err
}
var clientName string
if err = conn.(*tls.Conn).Handshake(); err != nil {
log.Printf("fileserver: couldn't perform handshake: %s\n", err)
continue
}
peerCerts := conn.(*tls.Conn).ConnectionState().PeerCertificates
if peerCerts == nil {
log.Println("fileserver: couldn't get peer list")
continue
}
peerCert := conn.(*tls.Conn).ConnectionState().PeerCertificates[0]
if peerCert.Raw == nil {
log.Println("fileserver: couldn't get peer name")
continue
}
if peerCert.Subject.OrganizationalUnit != nil {
clientName = peerCert.Subject.OrganizationalUnit[0]
}
log.Printf("fileserver: peer name: '%s'\n", clientName)
ms := util.NewMessageStream(conn)
// TODO(tmroeder): support multiple simultaneous clients. This
// requires, e.g., adding locking to the ResourceMaster.
if err := m.RunMessageLoop(ms, policy); err != nil {
log.Printf("fileserver: failed to run message loop: %s\n", err)
continue
}
log.Println("Finished handling the client messages")
}
}示例7: serve
func serve(serverAddr string, prin string, policyCert []byte, signingKey *tao.Keys, policy *fileproxy.ProgramPolicy, m *fileproxy.RollbackMaster) error {
pc, err := x509.ParseCertificate(policyCert)
if err != nil {
return err
}
conf, err := signingKey.TLSServerConfig(pc)
if err != nil {
return err
}
log.Println("Rollback server listening")
sock, err := tls.Listen("tcp", serverAddr, conf)
if err != nil {
return err
}
for {
conn, err := sock.Accept()
if err != nil {
return err
}
var clientName string
if err = conn.(*tls.Conn).Handshake(); err != nil {
log.Println("TLS handshake failed")
continue
}
peerCerts := conn.(*tls.Conn).ConnectionState().PeerCertificates
if peerCerts == nil {
log.Println("rollbackserver: can't get peer list")
continue
}
peerCert := conn.(*tls.Conn).ConnectionState().PeerCertificates[0]
if peerCert.Raw == nil {
log.Println("rollbackserver: can't get peer name")
continue
}
if peerCert.Subject.OrganizationalUnit == nil {
log.Println("No OrganizationalUnit name in the peer certificate. Refusing the connection")
continue
}
clientName = peerCert.Subject.OrganizationalUnit[0]
ms := util.NewMessageStream(conn)
// TODO(tmroeder): support multiple simultaneous clients.
// Add this program as a rollback program.
log.Printf("Adding a program with name '%s'\n", clientName)
_ = m.AddRollbackProgram(clientName)
if err := m.RunMessageLoop(ms, policy, clientName); err != nil {
log.Printf("rollbackserver: failed to run message loop: %s\n", err)
}
}
}示例8: Dial
// Dial connects to a Tao TLS server, performs a TLS handshake, and verifies
// the Attestation value of the server, checking that the server is authorized
// to execute. If keys are provided (keys!=nil), then it sends an attestation
// of its identity to the peer.
func Dial(network, addr string, guard Guard, v *Verifier, keys *Keys) (net.Conn, error) {
tlsConfig := &tls.Config{
RootCAs: x509.NewCertPool(),
InsecureSkipVerify: true,
}
// Set up certificate for two-way authentication.
if keys != nil {
if keys.Cert == nil {
return nil, fmt.Errorf("client: can't dial with an empty client certificate\n")
}
tlsCert, err := EncodeTLSCert(keys)
if err != nil {
return nil, err
}
tlsConfig.Certificates = []tls.Certificate{*tlsCert}
}
conn, err := tls.Dial(network, addr, tlsConfig)
if err != nil {
return nil, err
}
ms := util.NewMessageStream(conn)
// Two-way Tao handshake: send client delegation.
if keys != nil {
if _, err = ms.WriteMessage(keys.Delegation); err != nil {
conn.Close()
return nil, err
}
}
// Tao handshake: read server delegation.
var a Attestation
if err := ms.ReadMessage(&a); err != nil {
conn.Close()
return nil, err
}
if err := AddEndorsements(guard, &a, v); err != nil {
conn.Close()
return nil, err
}
// Validate the peer certificate according to the guard.
peerCert := conn.ConnectionState().PeerCertificates[0]
if err := ValidatePeerAttestation(&a, peerCert, guard); err != nil {
conn.Close()
return nil, err
}
return conn, nil
}示例9: RequestDomainServiceCert
// RequestDomainServiceCert requests the signed Program
// Certificate from simpledomainservice.
// TODO: This needs to change in a way that is tao supplier dependent.
// For tpm2 we need the ekCert and the tao and we need the data
// for ActivateCredential.
// For tpm1.2, we need the aikCert.
func RequestDomainServiceCert(network, addr string, requesting_key *tao.Keys,
v *tao.Verifier) (*domain_policy.DomainCertResponse, error) {
// Note requesting program key contains a self-signed cert to open channel.
if requesting_key.Cert == nil {
return nil, errors.New("RequestDomainServiceCert: Can't dial with an empty client certificate")
}
tlsCert, err := tao.EncodeTLSCert(requesting_key)
if err != nil {
return nil, err
}
conn, err := tls.Dial(network, addr, &tls.Config{
RootCAs: x509.NewCertPool(),
Certificates: []tls.Certificate{*tlsCert},
InsecureSkipVerify: true,
})
if err != nil {
return nil, err
}
defer conn.Close()
var request domain_policy.DomainCertRequest
request.Attestation, err = proto.Marshal(requesting_key.Delegation)
signer := requesting_key.SigningKey.GetSigner()
if signer == nil {
return nil, err
}
key_type := "ECDSA"
request.KeyType = &key_type
request.SubjectPublicKey, err = domain_policy.GetPublicDerFromEcdsaKey(&signer.PublicKey)
if err != nil {
return nil, err
}
// Tao handshake: send client delegation.
ms := util.NewMessageStream(conn)
_, err = ms.WriteMessage(&request)
if err != nil {
return nil, err
}
// Read the new cert
var response domain_policy.DomainCertResponse
err = ms.ReadMessage(&response)
if err != nil {
return nil, err
}
return &response, nil
}示例10: Handshake
// Handshake performs a Tao (and TLS) handshake. This occurs only once, before
// the first read or write. Users don't usually need to call this directly,
// since other functions call this as necessary.
func (conn *Conn) Handshake() error {
// Tao handshake protocol:
// 0. TLS handshake (executed automatically on first message)
// 1. Client -> Server: "delgation", Tao delegation for X.509 certificate.
// 2. Server: checks for a Tao-authorized program.
// 3. Server -> Client: "delgation", Tao delegation for X.509 certificate.
// 4. Client: checks for a Tao-authorized program.
//
// Alternate steps 1 and 2 if client authentication is not needed:
// 1'. Client -> Server: "anonymous"
// 2'. Server: checks if policy allows anonymous connections
//
// Alternate steps 3 and 4 if server authentication is not needed:
// 3'. Server -> Client: "anonymous"
// 4'. Client: checks if policy allows anonymous connections
if !conn.handshakeComplete {
if conn.T != nil {
conn.T.Start()
}
// Use a new framing stream on the underlying tls to avoid recursing.
ms := util.NewMessageStream(conn.Conn)
if conn.isServer {
conn.sendCredentials(ms)
if conn.T != nil {
conn.T.Sample("sent tao creds")
}
conn.recvCredentials(ms)
} else {
conn.sendCredentials(ms)
if conn.T != nil {
conn.T.Sample("sent tao creds")
}
conn.recvCredentials(ms)
}
conn.handshakeComplete = true
conn.handshakeErr = ms.Err()
if conn.handshakeErr != nil {
conn.Close()
conn.SetErr(conn.handshakeErr)
}
if conn.T != nil {
conn.T.Sample("done tao handshake")
}
}
return conn.handshakeErr
}示例11: RequestACLSet
// RequestACLSet requests the policy from a TaoCA running an ACLGuard. Verify
// the signature with the public policy key `v`.
func RequestACLSet(network, addr string, v *Verifier) (*ACLSet, error) {
// Establish connection wtih the CA.
conn, err := net.Dial(network, addr)
if err != nil {
return nil, err
}
defer conn.Close()
// Create a CArequest.
req := &CARequest{
Type: CAType_ACL_POLICY.Enum(),
}
// Send request.
ms := util.NewMessageStream(conn)
if _, err = ms.WriteMessage(req); err != nil {
return nil, err
}
// Receive response.
var resp CAResponse
if err := ms.ReadMessage(&resp); err != nil {
return nil, err
}
// Verify signature.
ok, err := v.Verify(resp.SignedAclSet.SerializedAclset,
ACLGuardSigningContext, resp.SignedAclSet.Signature)
if !ok {
return nil, errVerifyFailed
} else if err != nil {
return nil, err
}
if *resp.Type != CAType_ACL_POLICY {
return nil, errInvalidResponse
}
var db ACLSet
if err := proto.Unmarshal(resp.SignedAclSet.SerializedAclset, &db); err != nil {
return nil, err
}
return &db, nil
}示例12: HandleCARequest
// HandleCARequest checks a request from a program and responds with a truncated
// delegation signed by the policy key.
func HandleCARequest(conn net.Conn, s *Signer, guard Guard) {
defer conn.Close() // TODO(cjpatton) This should be managed by calling function.
// Get request.
ms := util.NewMessageStream(conn)
var req CARequest
if err := ms.ReadMessage(&req); err != nil {
fmt.Fprintln(os.Stderr, "Couldn't read from channel:", err)
return
}
resp := respond(&req, s, guard)
if _, err := ms.WriteMessage(resp); err != nil {
fmt.Fprintln(os.Stderr, "Couldn't write to the channel:", err)
}
}示例13: RequestDomainQuoteCert
// RequestDomainQuoteCert requests the Quote Cert
func RequestDomainQuoteCert(network, addr string, endorsementCert []byte, tpmDevice io.ReadWriter,
quoteHandle Handle, endorsementHandle Handle, taoName string,
ownerPw string) ([]byte, error) {
requestingKey, derChannelCert, err := CreateTemporaryChannelKey()
if err != nil || requestingKey == nil {
return nil, err
}
channelCert, err := x509.ParseCertificate(derChannelCert)
if err != nil || channelCert == nil {
return nil, err
}
// Contact domain service.
conn, err := tls.Dial(network, addr, &tls.Config{
RootCAs: x509.NewCertPool(),
// Certificates: []tls.Certificate{tls.Certificate(*channelCert)},
InsecureSkipVerify: true,
})
if err != nil {
return nil, err
}
defer conn.Close()
// Build request.
request, err := BuildAttestCertRequest(tpmDevice, quoteHandle, endorsementHandle, endorsementCert, taoName, ownerPw)
if err != nil {
return nil, err
}
// Send request
ms := util.NewMessageStream(conn)
_, err = ms.WriteMessage(request)
if err != nil {
return nil, err
}
// Read the new cert
var response AttestCertResponse
err = ms.ReadMessage(&response)
if err != nil {
return nil, err
}
return GetCertFromAttestResponse(tpmDevice, quoteHandle, endorsementHandle, ownerPw, response)
}示例14: Accept
// Accept waits for a connect, accepts it using the underlying Conn and checks
// the attestations and the statement.
func (l *anonymousListener) Accept() (net.Conn, error) {
c, err := l.gl.Accept()
if err != nil {
return nil, err
}
// One-way Tao handshake Protocol:
// 0. TLS handshake (executed automatically on first message)
// 1. Server -> Client: Tao delegation for X.509 certificate.
// 2. Client: checks for a Tao-authorized program.
ms := util.NewMessageStream(c)
if _, err := ms.WriteMessage(l.delegation); err != nil {
c.Close()
return nil, err
}
return c, nil
}示例15: TestInvalidRequest
func TestInvalidRequest(t *testing.T) {
cal, err := net.Listen("tcp", "127.0.0.1:0")
caAddr := cal.Addr()
guard, keys, tmpDir, err := makeDatalogGuard()
if err != nil {
os.RemoveAll(tmpDir)
t.Fatal(err)
}
defer os.RemoveAll(tmpDir)
ch := make(chan bool)
// Test an invalid request.
go runTCCA(t, cal, keys, guard, ch)
conn, err := net.Dial("tcp", caAddr.String())
if err != nil {
t.Fatal("Failed to connect to TaoCA.")
}
defer conn.Close()
// Bad CArequest, no value for bad_req.Attesation
badReq := new(CARequest)
badReq.Type = CAType_ATTESTATION.Enum()
ms := util.NewMessageStream(conn)
if _, err = ms.WriteMessage(badReq); err != nil {
t.Logf("Failed to write to message stream: %s", err)
}
// Receive response.
var resp CAResponse
if err := ms.ReadMessage(&resp); err != nil {
t.Fatalf("Failed to read from message stream: %s", err)
}
if *resp.Type != CAType_UNDEFINED {
t.Fatalf("Response should have been UNDEFINED, got %s", resp.Type.String())
}
<-ch
}