int trustfile_to_uuidname(char * filename, char * uuid)
{
int ret;
char uuidname[DIGEST_SIZE*2+16];
char digest[DIGEST_SIZE];
char tail[6];
ret=calculate_sm3(filename,digest);
if(ret<0)
return ret;
digest_to_uuid(digest,uuid);
strcpy(tail,filename+strlen(filename)-4);
if(strncmp(tail,".pem",4)==0)
{
sprintf(uuidname,"pubkey/%.64s.pem",uuid);
}
else if(strncmp(tail,".key",4)==0)
{
sprintf(uuidname,"privkey/%.64s.key",uuid);
}
else if(strncmp(tail,".sda",4)==0)
{
sprintf(uuidname,"cert/%.64s.sda",uuid);
}
else if(strncmp(tail,".val",4)==0)
{
sprintf(uuidname,"cert/%.64s.val",uuid);
}
else if(strncmp(tail,".val",4)==0)
{
sprintf(uuidname,"cert/%.64s.crt",uuid);
}
else
return -EINVAL;
ret=rename(filename,uuidname);
return ret;
}
int route_push_site_str(void * message,char * name)
{
int len;
int ret;
BYTE buffer[DIGEST_SIZE];
Memset(buffer,0,DIGEST_SIZE);
len=Strnlen(name,DIGEST_SIZE*2);
if(len==DIGEST_SIZE*2)
{
ret=digest_to_uuid(name,buffer);
if(ret<0)
return ret;
}
else
{
if(len>DIGEST_SIZE/4*3)
return -EINVAL;
Strncpy(buffer,name,DIGEST_SIZE/4*3);
}
return route_push_site(message,buffer);
}
int proc_tcm_makeidentity(void * sub_proc,void * recv_msg)
{
int ret=0;
int fd;
BYTE local_uuid[DIGEST_SIZE];
BYTE Buf[DIGEST_SIZE*32];
BYTE NameBuf[DIGEST_SIZE*4];
UINT32 result;
RECORD(TCM_PIK_DESC,USERINFO) * pik_userinfo;
RECORD(MESSAGE,SIZED_BINDATA) req_blob;
RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik;
RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub;
RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) tcm_pik_info;
void * new_msg;
int key_len;
void * tcm_key_template;
UINT32 smkHandle;
UINT32 ownerHandle;
UINT32 keyHandle;
UINT32 keyAuthHandle;
char uuid[DIGEST_SIZE*2+1];
DB_RECORD * db_record;
printf("begin pik makeidentity!\n");
// get pik_userinfo from message
ret=message_get_record(recv_msg,&pik_userinfo,0);
if(ret<0)
return -EINVAL;
if(pik_userinfo==NULL)
return -EINVAL;
// get this node's machine uuid
ret=proc_share_data_getvalue("uuid",pik_userinfo->node_uuid);
if(ret<0)
return ret;
// get this node's hostname
ret=gethostname(pik_userinfo->node_name,DIGEST_SIZE);
if(ret!=0)
Memset(pik_userinfo->node_name,0,DIGEST_SIZE);
// build tcm session
ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle);
printf("ownerHandle is : %x\n",ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle);
printf("smkHandle is : %x\n",smkHandle);
if(ret<0)
{
printf("TCM_APCreate failed!\n");
return -EINVAL;
}
int userinfolen;
BYTE * req;
int reqlen;
// get userinfo blob
tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO));
if(tcm_key_template==NULL)
return -EINVAL;
userinfolen=struct_2_blob(pik_userinfo,Buf,tcm_key_template);
if(userinfolen<0)
return userinfolen;
db_record=memdb_store(pik_userinfo,TYPE_PAIR(TCM_PIK_DESC,USERINFO),NULL);
if(db_record==NULL)
return -EINVAL;
// do makeidentity
ret = TCM_MakeIdentity(ownerHandle, smkHandle,
userinfolen,Buf,"kkk",
&tcm_pik, &req, &reqlen);
if(ret<0)
{
print_cubeerr("TCM_MakeIdentity failed!\n");
return -EINVAL;
}
// build an expand message record for req data
req_blob.size=reqlen;
req_blob.bindata=req;
// terminate session
ret=TCM_APTerminate(ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APTerminate failed!\n");
return -EINVAL;
}
ret=TCM_APTerminate(smkHandle);
if(ret<0)
{
print_cubeerr("TCM_APTerminate failed!\n");
return -EINVAL;
}
// generate TCM pik info ,left pubkey_uuid for fill
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_KEY));
if(tcm_key_template==NULL)
return -EINVAL;
key_len=struct_2_blob(&tcm_pik,Buf,tcm_key_template);
if(key_len<0)
return key_len;
Memset(&tcm_pik_info,0,sizeof(tcm_pik_info));
calculate_context_sm3(Buf,key_len,tcm_pik_info.uuid);
Memcpy(tcm_pik_info.vtcm_uuid,local_uuid,DIGEST_SIZE);
tcm_pik_info.issmkwrapped=1;
tcm_pik_info.key_usage=TCM_KEY_IDENTITY;
tcm_pik_info.key_flags=TCM_ISVOLATILE|TCM_PCRIGNOREDONREAD;
// store pik file
digest_to_uuid(tcm_pik_info.uuid,uuid);
uuid[DIGEST_SIZE*2]=0;
printf("get pik's uuid is %s!\n",uuid);
Strcpy(NameBuf,"tcmkey/");
Strcat(NameBuf,uuid);
fd=open(NameBuf,O_CREAT|O_WRONLY,0666);
if(fd<0)
return fd;
write(fd,Buf,key_len);
close(fd);
// Get pikpub from pik
//
ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik);
if(ret!=0)
{
print_cubeerr("Get Pubpik failed!\n");
return -EINVAL;
}
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY));
if(tcm_key_template==NULL)
return -EINVAL;
key_len=struct_2_blob(&tcm_pikpub,Buf,tcm_key_template);
if(key_len<0)
return key_len;
calculate_context_sm3(Buf,key_len,tcm_pik_info.pubkey_uuid);
db_record=memdb_store(&tcm_pik_info,TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),NULL);
// build a message and send it
new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,USERINFO),recv_msg);
if(new_msg==NULL)
return -EINVAL;
ret=message_add_record(new_msg,pik_userinfo);
if(ret<0)
return ret;
ret=message_add_expand_data(new_msg,TYPE_PAIR(MESSAGE,SIZED_BINDATA),&req_blob);
if(ret<0)
return -EINVAL;
ret=message_add_expand_data(new_msg,TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY),&tcm_pikpub);
if(ret<0)
return -EINVAL;
ret=ex_module_sendmsg(sub_proc,new_msg);
return ret;
}
int proc_tcm_activateidentity(void * sub_proc,void * recv_msg)
{
int ret=0;
int fd;
BYTE Buf[DIGEST_SIZE*32];
BYTE NameBuf[DIGEST_SIZE*4];
BYTE KeyBuf[DIGEST_SIZE*4];
BYTE digest[DIGEST_SIZE];
UINT32 result;
DB_RECORD * db_record;
RECORD(TCM_PIK_DESC,USERINFO) * pik_userinfo;
RECORD(TCM_PIK_DESC,CADATA) * pik_cadata;
RECORD(TCM_PIK_DESC,PIKCERT) * pik_cert;
RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik;
RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub;
RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) * tcm_pik_info;
TCM_SYMMETRIC_KEY symmkey;
void * new_msg;
int key_len;
void * tcm_key_template;
UINT32 smkHandle;
UINT32 ownerHandle;
UINT32 keyHandle;
UINT32 keyAuthHandle;
char uuid[DIGEST_SIZE*2+1];
printf("begin pik activateidentity!\n");
// get pik cadata from message
ret=message_get_record(recv_msg,&pik_cadata,0);
if(ret<0)
return -EINVAL;
if(pik_cadata==NULL)
return -EINVAL;
// find pikinfo record
db_record=memdb_find_first(TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),"pubkey_uuid",pik_cadata->pikpub_uuid);
if(db_record==NULL)
{
print_cubeerr("can't find pik record!\n");
return -EINVAL;
}
tcm_pik_info=db_record->record;
// get pik file name
digest_to_uuid(tcm_pik_info->uuid,uuid);
uuid[DIGEST_SIZE*2]=0;
printf("get pik's uuid is %s!\n",uuid);
Strcpy(NameBuf,"tcmkey/");
Strcat(NameBuf,uuid);
ret=TCM_ExLoadTcmKey(&tcm_pik,NameBuf);
if(ret!=0)
{
print_cubeerr("Load TCMKey from file failed!\n");
return ret;
}
// Load pik to TCM
ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle);
printf("smkHandle is : %x\n",smkHandle);
if(ret<0)
{
printf("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_LoadKey(smkHandle,NameBuf,&keyHandle);
if(ret!=0)
{
print_cubeerr("TCM_LoadKey failed!\n");
return ret;
}
ret=TCM_APTerminate(smkHandle);
if(ret!=0)
{
printf("TCM_APTerminate failed!\n");
return ret;
}
// do the activateidentity
ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle);
printf("ownerHandle is : %x\n",ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_APCreate(TCM_ET_KEYHANDLE,keyHandle, "kkk", &keyAuthHandle);
printf("pikHandle is : %x\n",keyAuthHandle);
if(ret!=0)
{
printf("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_ActivateIdentity(keyHandle,keyAuthHandle,ownerHandle,
pik_cadata->symmkey_len,pik_cadata->symmkey,&symmkey,"ooo","kkk");
if(ret!=0)
{
printf("TCM_ActivateIdentity failed!\n");
return -EINVAL;
}
ret=TCM_APTerminate(ownerHandle);
if(ret<0)
{
printf("TCM_APTerminate failed!\n");
return -EINVAL;
}
ret=TCM_APTerminate(keyAuthHandle);
if(ret<0)
{
printf("TCM_APTerminate failed!\n");
return -EINVAL;
}
ret=TCM_EvictKey(keyHandle);
if(ret<0)
{
printf("TCM_APTerminate failed!\n");
return -EINVAL;
}
// decrypt cert blob
int blobsize;
BYTE * cert;
int certsize;
ret=TCM_ExSymmkeyDecrypt(&symmkey,pik_cadata->cert,pik_cadata->certlen,&cert,&certsize);
if(ret!=0)
{
printf("decrypt cert blob file error!\n");
return -EINVAL;
}
int offset;
for(offset=0;cert[offset]==0;offset++)
{
if((offset>=16)|| (offset>=certsize))
{
print_cubeerr("cert data failed!\n");
return -EINVAL;
}
}
// build pik cert, it is organized by userinfo, pubkey and ca_conts
//
pik_cert=Talloc0(sizeof(*pik_cert));
if(pik_cert==NULL)
return -ENOMEM;
tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,VERIFYDATA));
if(tcm_key_template==NULL)
return -EINVAL;
ret=blob_2_struct(cert+offset,&pik_cert->verifydata,tcm_key_template);
if(ret<0)
return -EINVAL;
db_record=memdb_find(pik_cadata->userinfo_uuid,TYPE_PAIR(TCM_PIK_DESC,USERINFO));
if(db_record==NULL)
{
print_cubeerr("can't find user info data!\n");
return -EINVAL;
}
pik_userinfo=db_record->record;
tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO));
if(tcm_key_template==NULL)
return -EINVAL;
ret=struct_clone(pik_userinfo,&pik_cert->userinfo,tcm_key_template);
if(ret<0)
return -EINVAL;
ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik);
if(ret!=0)
{
print_cubeerr("Get Pubpik failed!\n");
return -EINVAL;
}
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY));
if(tcm_key_template==NULL)
return -EINVAL;
ret=struct_clone(&tcm_pikpub,&pik_cert->pikpub,tcm_key_template);
if(ret<0)
return -EINVAL;
// build a message and send it
new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,PIKCERT),recv_msg);
if(new_msg==NULL)
return -EINVAL;
ret=message_add_record(new_msg,pik_cert);
if(ret<0)
return ret;
ret=ex_module_sendmsg(sub_proc,new_msg);
return ret;
}
int local_key_generate(void * sub_proc)
{
struct node_key_list * local_keylist;
struct node_key_list * pub_keylist;
struct key_request_cmd * key_req;
int ret;
int fd;
int i;
int count;
char uuidname[DIGEST_SIZE*2+16];
enum local_key_state{
NO_AIKEY,
AIK_REQUEST,
AIK_GENERATE,
AIK_VERIFY,
BINDKEY_GENERATE,
BINDKEY_VERIFY,
SIGNKEY_GENERATE,
SIGNKEY_VERIFY,
LOCAL_KEY_ERROR=0xffff
};
enum local_key_state key_state=NO_AIKEY;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char proc_uuid[DIGEST_SIZE*2+1];
BYTE digest[DIGEST_SIZE];
char temp_uuid[DIGEST_SIZE*2];
void * sendmsg;
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
comp_proc_uuid(local_uuid,proc_name,proc_uuid);
ret=FindPolicy(proc_uuid,"LKLD",&local_keylist);
if((ret<0) || (local_keylist==NULL))
{
key_state=NO_AIKEY;
local_keylist=malloc(sizeof(struct node_key_list));
if(local_keylist==NULL)
return -ENOMEM;
memset(local_keylist,0,sizeof(struct node_key_list));
memcpy(local_keylist->nodeuuid,proc_uuid,DIGEST_SIZE*2);
memcpy(local_keylist->localuuid,local_uuid,DIGEST_SIZE*2);
memcpy(local_keylist->nodename,proc_name,DIGEST_SIZE*2);
local_keylist->isnodelocal=1;
ret=AddPolicy(local_keylist,"LKLD");
if(ret<0)
return -EINVAL;
pub_keylist=malloc(sizeof(struct node_key_list));
if(pub_keylist==NULL)
return -ENOMEM;
memset(pub_keylist,0,sizeof(struct node_key_list));
memcpy(pub_keylist->nodeuuid,proc_uuid,DIGEST_SIZE*2);
memcpy(pub_keylist->localuuid,local_uuid,DIGEST_SIZE*2);
memcpy(pub_keylist->nodename,proc_name,DIGEST_SIZE*2);
pub_keylist->isnodelocal=1;
ret=AddPolicy(local_keylist,"NKLD");
if(ret<0)
return -EINVAL;
}
else
{
ret=FindPolicy(proc_uuid,"NKLD",&pub_keylist);
if(ret<0)
return -EINVAL;
if(local_keylist->nodeAIK[0]==0)
key_state=AIK_REQUEST;
else if(pub_keylist->nodeAIKSda[0]==0)
key_state=AIK_GENERATE;
else if(local_keylist->nodeBindKey[0]==0)
key_state=AIK_VERIFY;
else if(pub_keylist->nodeBindKeyVal[0]==0)
key_state=BINDKEY_GENERATE;
else if(local_keylist->nodeSignKey[0]==0)
key_state=BINDKEY_VERIFY;
else if(pub_keylist->nodeSignKeyVal[0]==0)
key_state=SIGNKEY_GENERATE;
else
{
key_state=SIGNKEY_VERIFY;
return 0;
}
}
for(i=0;i<30*1000;i++)
{
usleep(time_val.tv_usec);
switch(key_state){
case NO_AIKEY:
key_req=malloc(sizeof(struct key_request_cmd));
if(key_req==NULL)
return -EINVAL;
memcpy(key_req->machine_uuid,local_uuid,DIGEST_SIZE*2);
memcpy(key_req->proc_name,"local",5);
key_req->keyusage=TPM_KEY_IDENTITY;
key_req->keyflags=0;
count=0;
key_state=AIK_REQUEST;
sendmsg=message_create("KREC",NULL);
if(sendmsg==NULL)
return -EINVAL;
message_add_record(sendmsg,key_req);
sec_subject_sendmsg(sub_proc,sendmsg);
break;
case AIK_REQUEST:
fd=open("pubkey/AIK.pem",O_RDONLY);
if(fd>0)
{
close(fd);
key_state=AIK_GENERATE;
count=0;
fd=open("privkey/AIK.key",O_RDONLY);
if(fd<0)
return -EINVAL;
close(fd);
ret=calculate_sm3("privkey/AIK.key",digest);
if(ret<0)
return ret;
digest_to_uuid(digest,local_keylist->nodeAIK);
ret=calculate_sm3("pubkey/AIK.pem",digest);
if(ret<0)
return ret;
digest_to_uuid(digest,pub_keylist->nodeAIK);
}
else
{
close(fd);
count++;
if(count>1000)
{
printf("do not get AIK");
key_state=NO_AIKEY;
remove("privkey/AIK.key");
remove("pubkey/AIK.pem");
}
}
break;
case AIK_GENERATE:
fd=open("cert/AIK.sda",O_RDONLY);
if(fd<0)
{
count++;
if(count>1000)
{
remove("cert/AIK.sda");
remove("pubkey/AIK.pem");
remove("privkey/AIK.key");
key_state=NO_AIKEY;
}
break;
}
else
{
close(fd);
ret=aik_verify(local_keylist->username);
if(ret<0)
{
remove("cert/AIK.sda");
remove("pubkey/AIK.pem");
remove("privkey/AIK.key");
key_state=NO_AIKEY;
break;
}
memcpy(pub_keylist->username,local_keylist->username,DIGEST_SIZE);
ret=trustfile_to_uuidname("privkey/AIK.key",local_keylist->nodeAIK);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("pubkey/AIK.pem",pub_keylist->nodeAIK);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("cert/AIK.sda",pub_keylist->nodeAIKSda);
if(ret<0)
{
return ret;
}
memcpy(local_keylist->nodeAIKSda,pub_keylist->nodeAIKSda,DIGEST_SIZE*2);
ret=DelPolicy(local_keylist,"LKLD");
ret=AddPolicy(local_keylist,"LKLD");
ret=ExportPolicy("LKLD");
ret=DelPolicy(pub_keylist,"NKLD");
ret=AddPolicy(pub_keylist,"NKLD");
ret=ExportPolicy("NKLD");
remove("cert/bindkey.val");
remove("pubkey/bindpubkey.pem");
count=0;
key_state=AIK_VERIFY;
}
break;
case AIK_VERIFY:
fd=open("pubkey/bindpubkey.pem",O_RDONLY);
if(fd>0)
key_state=BINDKEY_GENERATE;
else
{
close(fd);
ret=bind_key_generate(local_keylist->nodeAIK);
if(ret<0)
return ret;
}
break;
case BINDKEY_GENERATE:
fd=open("cert/bindkey.val",O_RDONLY);
if(fd<0)
{
count++;
if(count>5000)
{
printf("do not get Bind key valdata");
key_state=AIK_GENERATE;
}
break;
}
else
{
close(fd);
ret=trustfile_to_uuidname("cert/bindkey.val",pub_keylist->nodeBindKeyVal);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("privkey/bindkey.key",local_keylist->nodeBindKey);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("pubkey/bindpubkey.pem",pub_keylist->nodeBindKey);
if(ret<0)
{
remove("pubkey/bindpubkey.pem");
return ret;
}
if(bindkey_verify(pub_keylist->nodeAIK,pub_keylist->nodeBindKeyVal,pub_keylist->nodeBindKey)!=0)
{
printf("bindkey verify failed!\n");
return -EINVAL;
}
else
{
ret=DelPolicy(local_keylist,"LKLD");
ret=AddPolicy(local_keylist,"LKLD");
ret=ExportPolicy("LKLD");
ret=DelPolicy(pub_keylist,"NKLD");
ret=AddPolicy(pub_keylist,"NKLD");
ret=ExportPolicy("NKLD");
}
key_state=BINDKEY_VERIFY;
}
break;
case BINDKEY_VERIFY:
// ret=bind_pubkey_memdb_init();
// if(ret<0)
// {
// printf("load bindpubkey error %d!\n",ret);
// }
return 0;
default:
return -EINVAL;
}
}
return 0;
}
int aik_verify(char * user)
{
int ret;
BYTE buf[128];
TESI_SIGN_DATA signdata;
TSS_RESULT result;
void * struct_template;
struct aik_cert_info server_info;
struct node_key_list * key_list;
BYTE digest[DIGEST_SIZE];
BYTE filename[DIGEST_SIZE*2+DIGEST_SIZE];
ret=ReadSignDataFromFile(&signdata,"cert/AIK");
if(ret<0)
return -EIO;
result=TESI_AIK_VerifySignData(&signdata,"cert/CA");
if (result != TSS_SUCCESS) {
printf("verify AIK data error!\n");
return -EINVAL;
}
struct_template=create_struct_template(&aik_cert_info_desc);
if(struct_template==NULL)
return -EINVAL;
ret=blob_2_struct(signdata.data,&server_info,struct_template);
if(ret<0)
return -EINVAL;
/*
if(strcmp(server_info.user_info.user_name,"bind_server")!=0)
{
printf("Wrong Server! Server is %s\n",server_info.user_info.user_name);
return -EINVAL;
}
*/
calculate_sm3("pubkey/AIK.pem",&digest);
digest_to_uuid(digest,buf);
if(strncmp(buf,server_info.pubkey_uuid,DIGEST_SIZE*2)!=0)
{
printf("Wrong Key!\n" );
return -EINVAL;
}
key_list=malloc(sizeof(struct node_key_list));
if(key_list==NULL)
return -ENOMEM;
if(user!=NULL)
{
strncpy(user,server_info.user_info.user_name,DIGEST_SIZE);
}
return 0;
}
int proc_aik_request(void * sub_proc,void * message)
{
TSS_RESULT result;
TSS_HKEY hSignKey;
TSS_HKEY hAIKey, hCAKey;
struct aik_request_info reqinfo;
struct policyfile_data * reqdata;
int ret;
BYTE *labelString = "UserA";
UINT32 labelLen = strlen(labelString) + 1;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
printf("begin aik request!\n");
char buffer[1024];
char digest[DIGEST_SIZE];
int blobsize=0;
int fd;
// create a signkey and write its key in localsignkey.key, write its pubkey in localsignkey.pem
result=TESI_Local_ReloadWithAuth("ooo","sss");
result=TESI_Local_CreateSignKey(&hSignKey,(TSS_HKEY)NULL,"sss","kkk");
if(result == TSS_SUCCESS)
printf("Create SignKey SUCCEED!\n");
TESI_Local_WriteKeyBlob(hSignKey,"privkey/localsignkey");
TESI_Local_WritePubKey(hSignKey,"pubkey/localsignkey");
// fill the reqinfo struct
calculate_sm3("pubkey/localsignkey.pem",digest);
digest_to_uuid(digest,reqinfo.signpubkey_uuid);
calculate_sm3("pubkey/pubek.pem",digest);
digest_to_uuid(digest,reqinfo.pubek_uuid);
reqinfo.user_name=labelString;
get_local_uuid(reqinfo.user_uuid);
// create info blob
void * struct_template=create_struct_template(req_info_desc);
if(struct_template==NULL)
return -EINVAL;
blobsize=struct_2_blob(&reqinfo,buffer,struct_template);
// Load the CA Key
result=TESI_Local_GetPubKeyFromCA(&hCAKey,"cert/CA");
if (result != TSS_SUCCESS) {
printf("Get pubkey error %s!\n", tss_err_string(result));
exit(result);
}
TESI_AIK_CreateIdentKey(&hAIKey,NULL,"sss","kkk");
if (result != TSS_SUCCESS) {
printf("Create AIK error %s!\n", tss_err_string(result));
exit(result);
}
labelLen=strlen(labelString);
result = TESI_AIK_GenerateReq(hCAKey,blobsize,buffer,hAIKey,"cert/aik");
if (result != TSS_SUCCESS){
printf("Generate aik failed%s!\n",tss_err_string(result));
exit(result);
}
TESI_Local_WriteKeyBlob(hAIKey,"privkey/AIK");
ret=build_filedata_struct(&reqdata,"cert/aik.req");
void * send_msg;
send_msg=message_create("FILD",message);
if(send_msg!=NULL)
{
message_add_record(send_msg,reqdata);
sec_subject_sendmsg(sub_proc,send_msg);
}
return 0;
}
int main(int argc,char **argv)
{
struct tcloud_connector_hub * hub;
struct tcloud_connector * temp_conn;
int ret;
int retval;
void * message_box;
int i,j;
int argv_offset;
char namebuffer[DIGEST_SIZE*4];
char * sys_plugin;
char * app_plugin;
char * base_define;
char * cube_output;
char json_buffer[4096];
char print_buffer[4096];
int readlen;
int json_offset;
void * memdb_template ;
BYTE uuid[DIGEST_SIZE];
void * main_proc; // point to the main proc's subject struct
void * conn_proc; // point to the conn proc's subject struct
void * router_proc; // point to the conn proc's subject struct
char local_uuid[DIGEST_SIZE*2];
FILE * fp;
char audit_text[4096];
char buffer[4096];
void * root_node;
void * temp_node;
PROC_INIT plugin_proc;
char * baseconfig[] =
{
"namelist.json",
"dispatchnamelist.json",
"typelist.json",
"subtypelist.json",
"baseflag.json",
"memdb.json",
"msghead.json",
"msgrecord.json",
"expandrecord.json",
"base_msg.json",
"dispatchrecord.json",
"exmoduledefine.json",
"sys_conn.json",
NULL
};
struct start_para start_para;
start_para.argc=argc;
start_para.argv=argv;
int fd =open(msgaudit_file,O_CREAT|O_RDWR|O_TRUNC,0666);
close(fd);
audit_file_init();
sys_plugin=getenv("CUBE_SYS_PLUGIN");
// alloc_init(alloc_buffer);
struct_deal_init();
memdb_init();
base_define=getenv("CUBE_BASE_DEFINE");
for(i=0;baseconfig[i]!=NULL;i++)
{
Strcpy(namebuffer,base_define);
Strcat(namebuffer,"/");
Strcat(namebuffer,baseconfig[i]);
ret=read_json_file(namebuffer);
if(ret<0)
return ret;
print_cubeaudit("read %d elem from file %s!\n",ret,namebuffer);
}
msgfunc_init();
dispatch_init();
channel_init();
ex_module_list_init();
// init system
system("mkdir lib");
// init the main proc struct
struct lib_para_struct * lib_para=NULL;
fd=open(sys_config_file,O_RDONLY);
if(fd>0)
{
ret=read_json_node(fd,&root_node);
if(ret<0)
return ret;
close(fd);
ret=read_sys_cfg(&lib_para,root_node,NULL);
if(ret<0)
return ret;
}
fd=open(main_config_file,O_RDONLY);
if(fd<0)
return -EINVAL;
ret=read_json_node(fd,&root_node);
if(ret<0)
return ret;
close(fd);
ret=read_main_cfg(lib_para,root_node);
if(ret<0)
return ret;
ret=get_local_uuid(local_uuid);
digest_to_uuid(local_uuid,buffer);
buffer[64]=0;
print_cubeaudit("this machine's local uuid is %s\n",buffer);
proc_share_data_setvalue("uuid",local_uuid);
// init all the proc database
usleep(time_val.tv_usec);
// init the connect proc
Strcpy(namebuffer,sys_plugin);
Strcat(namebuffer,"/");
Strcat(namebuffer,connector_plugin_file);
plugin_proc.init =main_read_func(namebuffer,"proc_conn_init");
if(plugin_proc.init==NULL)
return -EINVAL;
plugin_proc.start =main_read_func(namebuffer,"proc_conn_start");
if(plugin_proc.start==NULL)
return -EINVAL;
plugin_proc.name=dup_str("connector_proc",0);
plugin_proc.type=MOD_TYPE_CONN;
ret=ex_module_create("connector_proc",MOD_TYPE_CONN,NULL,&conn_proc);
if(ret<0)
return ret;
ex_module_setinitfunc(conn_proc,plugin_proc.init);
ex_module_setstartfunc(conn_proc,plugin_proc.start);
ex_module_init(conn_proc,connector_config_file);
add_ex_module(conn_proc);
// init the router proc
Strcpy(namebuffer,sys_plugin);
Strcat(namebuffer,"/");
Strcat(namebuffer,router_plugin_file);
plugin_proc.init =main_read_func(namebuffer,"proc_router_init");
if(plugin_proc.init==NULL)
return -EINVAL;
plugin_proc.start =main_read_func(namebuffer,"proc_router_start");
if(plugin_proc.start==NULL)
return -EINVAL;
plugin_proc.name=dup_str("router_proc",0);
plugin_proc.type=MOD_TYPE_ROUTER;
ret=ex_module_create("router_proc",MOD_TYPE_MONITOR,NULL,&router_proc);
if(ret<0)
return ret;
ex_module_setinitfunc(router_proc,plugin_proc.init);
ex_module_setstartfunc(router_proc,plugin_proc.start);
struct router_init_para
{
char * router_file;
char * aspect_file;
} router_init;
router_init.router_file=router_config_file;
router_init.aspect_file=aspect_config_file;
ex_module_init(router_proc,&router_init);
print_cubeaudit("prepare the router proc\n");
ret=add_ex_module(router_proc);
if(ret<0)
return ret;
// loop to init all the plugin's
void * ex_module;
fd=open(plugin_config_file,O_RDONLY);
if(fd>0)
{
while(read_json_node(fd,&root_node)>0)
{
ret=read_plugin_cfg(&ex_module,root_node);
if(ret>=0)
add_ex_module(ex_module);
}
}
/*
}
*/
usleep(time_val.tv_usec);
print_cubeaudit("prepare the conn proc\n");
ret=ex_module_start(conn_proc,NULL);
if(ret<0)
return ret;
// second loop: start all the monitor process
ret=get_first_ex_module(&ex_module);
if(ret<0)
return ret;
int active_module_no=0;
while(ex_module!=NULL)
{
if((ex_module_gettype(ex_module) == MOD_TYPE_MONITOR)
||(ex_module_gettype(ex_module) == MOD_TYPE_PORT))
{
ret=ex_module_start(ex_module,NULL);
if(ret<0)
return ret;
print_cubeaudit("monitor ex_modulec %s started successfully!\n",ex_module_getname(ex_module));
}
else if(ex_module_gettype(ex_module) == MOD_TYPE_START)
{
ret=ex_module_start(ex_module,&start_para);
if(ret<0)
return ret;
print_cubeaudit("start ex_module %s started successfully!\n",ex_module_getname(ex_module));
}
ret= get_next_ex_module(&ex_module);
active_module_no++;
if(ret<0)
return ret;
}
if(active_module_no==0)
return 0;
proc_share_data_setstate(PROC_LOCAL_START);
// third loop: test if any module exit
int * thread_retval;
thread_retval=malloc(sizeof(int)*active_module_no);
if(thread_retval==NULL)
return NULL;
/*
i=0;
while(1)
{
usleep(time_val.tv_usec);
ret=get_first_ex_module(&ex_module);
if(ret<0)
return ret;
while(ex_module!=NULL)
{
if(ex_module_tryjoin(ex_module,&thread_retval[i++])==0)
{
print_cubeaudit("monitor ex_modulec %s exited successfully!\n",ex_module_getname(ex_module));
return thread_retval[i-1];
}
ret= get_next_ex_module(&ex_module);
}
i=0;
}
*/
// third loop: join all the non_system module
ret=get_first_ex_module(&ex_module);
if(ret<0)
return ret;
i=0;
while(ex_module!=NULL)
{
if((ex_module_gettype(ex_module) == MOD_TYPE_MONITOR)
||(ex_module_gettype(ex_module) == MOD_TYPE_PORT)
||(ex_module_gettype(ex_module) == MOD_TYPE_START))
{
if(Strcmp(ex_module_getname(ex_module),"router_proc")!=0)
{
ret=ex_module_join(ex_module,&thread_retval[i++]);
if(ret<0)
{
print_cubeerr("%s module exit!\n",ex_module_getname(ex_module));
return ret;
}
print_cubeaudit("%s module exit!\n",ex_module_getname(ex_module));
}
}
ret= get_next_ex_module(&ex_module);
if(ret<0)
return ret;
}
printf("thread return value %d!\n",thread_retval[0]);
return ret;
}