int proc_store_vm(void * sub_proc,void * message)
{
	MESSAGE_HEAD * message_head;
	struct vm_info * vm;
	int retval;
	int count=0;
	int i;
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	struct platform_info * host;
	retval=proc_share_data_getvalue("uuid",local_uuid);
	if(retval<0)
		return retval;
	retval=proc_share_data_getvalue("proc_name",proc_name);

	if(retval<0)
		return retval;

		// monitor send a new vm message
//	memset(vm,0,sizeof(struct vm_info));
  	vm = NULL;
	for(i=0;i<MAX_RECORD_NUM;i++)
	{
		retval=message_get_record(message,&vm,i);
		if(retval<0)
			break;
		if(vm==NULL)
			break;
		void * oldvm;
		printf("policy server receive vm  %s's info from monitor!\n",vm->uuid);
		FindPolicy(vm->uuid,"VM_I",&oldvm);
		if(oldvm!=NULL)
		{
			printf("this vm already in the VM_I lib!\n");
			continue;
		}
		GetFirstPolicy(&host,"PLAI");
		while(host!=NULL)
		{
			if(!strncmp(vm->host,host->name,DIGEST_SIZE*2))
			{
		 		memcpy(vm->platform_uuid,host->uuid,DIGEST_SIZE*2);	
				AddPolicy(vm,"VM_I");
				break;
			}
			GetNextPolicy(&host,"PLAI");
		}
		if(host==NULL)
		{
			printf("can't find vm %s's host!\n",vm->uuid);
			continue;
		}
	}
		// send a message to manager_trust
	retval=ExportPolicyToFile("./lib/VM_I.lib","VM_I");
		// send a message to manager_trust
	return count;
}
int proc_send_computepolicy(void * sub_proc,void * message)
{
	MESSAGE_HEAD * message_head;
	struct request_cmd * cmd;
	int retval;
	int count=0;
	int i,j;
	int ret;

	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	char hostname[DIGEST_SIZE*2+1];

	printf("begin to send computepolicy!\n");

	ret=proc_share_data_getvalue("uuid",local_uuid);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("proc_name",proc_name);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("host_name",hostname);
	if(ret<0)
		return ret;

	struct vm_policy * compute_policy;
	struct tcm_pcr_set * compute_boot_pcrs;
	struct tcm_pcr_set * compute_running_pcrs;

	build_compute_boot_pcrs("/dev/sda",hostname,&compute_boot_pcrs);
	build_compute_running_pcrs("/dev/sda",hostname,&compute_running_pcrs);

	ret=build_entity_policy(local_uuid,NULL,compute_boot_pcrs,compute_running_pcrs,hostname,&compute_policy);
	if(compute_policy==NULL)
		return -EINVAL;
	ExportPolicy("PLAP");	

	void * send_pcr_msg;
	void * send_msg;
	// send compute node's pcr policy
	send_pcr_msg=message_create("PCRP",NULL);
	message_add_record(send_pcr_msg,compute_boot_pcrs);
	if(compute_running_pcrs!=NULL)
		message_add_record(send_pcr_msg,compute_running_pcrs);
		
	sec_subject_sendmsg(sub_proc,send_pcr_msg);

	
	usleep(time_val.tv_usec*3);
	// send compute node's  platform policy
	send_msg=message_create("PLAP",message);
	message_add_record(send_msg,compute_policy);
	sec_subject_sendmsg(sub_proc,send_msg);

	return 0;
}
int proc_send_vmpolicy(void * sub_proc,void * message)
{
	MESSAGE_HEAD * message_head;
	struct request_cmd * cmd;
	struct vm_policy * policy;
	int retval;
	int count=0;
	int i,j;
	int ret;

	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];

	printf("begin to send vmpolicy!\n");

	ret=proc_share_data_getvalue("uuid",local_uuid);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("proc_name",proc_name);
	if(ret<0)
		return ret;

	message_head=get_message_head(message);

	// get  vm info from message
	retval=message_get_record(message,&cmd,0);
	if(retval<0)
		return -EINVAL;

	struct tcm_pcr_set * boot_pcrs;
	struct tcm_pcr_set * running_pcrs;
	ret=build_nova_vm_policy(cmd->uuid,&boot_pcrs, &running_pcrs,&policy);
	if(policy==NULL)
		return -EEXIST;
	ExportPolicy("VM_P");	
	
	void * send_pcr_msg;
	void * send_msg;
	// send compute node's pcr policy
	send_pcr_msg=message_create("PCRP",NULL);
	message_add_record(send_pcr_msg,boot_pcrs);
	if(running_pcrs!=NULL)
		message_add_record(send_pcr_msg,running_pcrs);
		
	sec_subject_sendmsg(sub_proc,send_pcr_msg);
	usleep(time_val.tv_usec*3);

	send_msg=message_create("VM_P",message);
	message_add_record(send_msg,policy);
	sec_subject_sendmsg(sub_proc,send_msg);
	return 0;
}
int proc_send_vm_policy(void * sub_proc,void * message)
{
	MESSAGE_HEAD * message_head;
	struct vm_policy * vm;
	struct request_cmd * cmd;
	int retval;
	int ret;
	int count=0;
	int i;
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("proc_name",proc_name);

	if(ret<0)
		return ret;
	printf("begin send vm policy process!\n");

	void * send_msg;
	void * send_pcr_msg;
	
	ret=message_get_record(message,&cmd,0);
	if(ret<0)
		return -EINVAL;

		// monitor send a new vm message
//	memset(vm,0,sizeof(struct vm_policy));
  	vm = NULL;
	FindPolicy(cmd->uuid,"VM_P",&vm);
	if(vm==NULL)
		return 0;
	send_msg=message_create("VM_P",message);
	if(send_msg==NULL)
		return -EINVAL;
	message_add_record(send_msg,vm);
	sec_subject_sendmsg(sub_proc,send_msg);
	
	send_pcr_msg=message_create("PCRP",message);
	struct tcm_pcr_set * pcrpolicy;
	FindPolicy(vm->boot_pcr_uuid,"PCRP",&pcrpolicy);
	if(pcrpolicy!=NULL)
	{
		message_add_record(send_pcr_msg,pcrpolicy);
       		sec_subject_sendmsg(sub_proc,send_pcr_msg);
	}
	return;
}
int proc_send_compute_localinfo(void * sub_proc,void * message)
{
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	char hostname[DIGEST_SIZE*2+1];
	int  ret;
	MESSAGE_HEAD * message_head;
    	struct platform_info * platform;
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	if(ret<0)
		return ret;

	printf("begin send %s localinfo!\n",hostname);

	ret=FindPolicy(local_uuid,"PLAI",&platform);
	if(ret<0)
		return ret;
	if(platform==NULL)
		return -EINVAL;

	void * send_msg;
	send_msg=message_create("PLAI",message);
	message_add_record(send_msg,platform);
        sec_subject_sendmsg(sub_proc,send_msg);
	return 0;
}
Exemple #6
0
int symmkey_gen_start(void * sub_proc,void * para)
{
	int ret;
	int retval;
	void * recv_msg;
	void * send_msg;
	void * context;
	int i;
	int type;
	int subtype;
	void * sock;	
	BYTE uuid[DIGEST_SIZE];

	char local_uuid[DIGEST_SIZE];
	char proc_name[DIGEST_SIZE];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	ret=proc_share_data_getvalue("proc_name",proc_name);

	printf("begin tpm key manage1 start!\n");

	for(i=0;i<300*1000;i++)
	{
		usleep(time_val.tv_usec);
		ret=ex_module_recvmsg(sub_proc,&recv_msg);
		if(ret<0)
			continue;
		if(recv_msg==NULL)
			continue;

 		type=message_get_type(recv_msg);
		subtype=message_get_subtype(recv_msg);
		
		if((type==DTYPE_TESI_KEY_STRUCT)&&(subtype==SUBTYPE_WRAPPED_KEY))
		{
			proc_symmkey_gen(sub_proc,recv_msg);
		}
		else
		{
	//		message_set_activemsg(recv_msg,recv_msg);
			ex_module_sendmsg(sub_proc,recv_msg);
			recv_msg=NULL;
		}
	}

	return 0;
};
int proc_aikclient_start(void * sub_proc,void * para)
{
	int ret;
	int retval;
	void * recv_msg;
	void * send_msg;
	void * context;
	int i;
	const char * type;

	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	ret=proc_share_data_getvalue("proc_name",proc_name);

	printf("begin aik process start!\n");

	for(i=0;i<300*1000;i++)
	{
		usleep(time_val.tv_usec);
		ret=sec_subject_recvmsg(sub_proc,&recv_msg);
		if(ret<0)
			continue;
		if(recv_msg==NULL)
			continue;

 		type=message_get_recordtype(recv_msg);
		if(type==NULL)
		{
			message_free(recv_msg);
			continue;
		}
		if(strncmp(type,"SYNI",4)==0)
		{
			proc_aik_request(sub_proc,recv_msg);
		}
		else if(strncmp(type,"FILD",4)==0)
		{
			proc_aik_activate(sub_proc,recv_msg);
		}
	}

	return 0;
};
int proc_store_vm_policy(void * sub_proc,void * message)
{
	MESSAGE_HEAD * message_head;
	struct vm_policy * vm;
	int retval;
	int ret;
	int count=0;
	int i;
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("proc_name",proc_name);

	if(ret<0)
		return ret;
	printf("begin vm policy process!\n");

		// monitor send a new vm message
//	memset(vm,0,sizeof(struct vm_policy));
  	vm = NULL;
	for(i=0;i<MAX_RECORD_NUM;i++)
	{
		retval=message_get_record(message,&vm,i);
		if(retval<0)
			break;
		if(vm==NULL)
			break;
		void * oldvm;
		printf("policy server receive vm  %s's info from monitor!\n",vm->uuid);
		FindPolicy(vm->uuid,"VM_P",&oldvm);
		if(oldvm!=NULL)
		{
			printf("this vm already in the VM_I lib!\n");
			continue;
		}
		AddPolicy(vm,"VM_P");
	}
		// send a message to manager_trust
	retval=ExportPolicyToFile("./lib/VM_P.lib","VM_P");
		// forward  message to verifier
	return count;
}
int proc_send_vm_info(void * sub_proc,void * message)
{
	MESSAGE_HEAD * message_head;
	struct vm_info * vm;
	int retval;
	int ret;
	int count=0;
	int i;
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("proc_name",proc_name);

	if(ret<0)
		return ret;
	printf("begin vm send image info process!\n");

	void * send_msg;
	

	message_head=get_message_head(message);
	if(message_head==NULL)
		return -EINVAL;

		// monitor send a new vm message
//	memset(vm,0,sizeof(struct vm_policy));
  	vm = NULL;
	send_msg=message_create("VM_I",message);
	if(send_msg==NULL)
		return -EINVAL;
	GetFirstPolicy(&vm,"VM_I");
	while( vm != NULL)
	{
		message_add_record(send_msg,vm);
    		GetNextPolicy(&vm,"VM_I");
	}
	sec_subject_sendmsg(sub_proc,send_msg);
	
	return;
}
int vtpm_memdb_init()  // get the tpm information and init the vtpm database
{
	int retval;
	int ret;
	char * record_package;
	TSS_HKEY 		hSignKey;
	TSS_RESULT result;
	BYTE digest[DIGEST_SIZE];

	struct vTPM_info	*local_tpm;
	struct vTPM_wrappedkey	*local_signkey;
	struct vTPM_publickey   *local_signpubkey;
	char * keypass="******";

	local_tpm=malloc(sizeof(struct vTPM_info));
	if(local_tpm==NULL)
		return -ENOMEM;

	local_signkey=malloc(sizeof(struct vTPM_wrappedkey));
	if(local_signkey==NULL)
		return -ENOMEM;

	local_signpubkey=malloc(sizeof(struct vTPM_publickey));
	if(local_signpubkey==NULL)
		return -ENOMEM;

	// if it is the first time to exec it, we should create a sign key for controller.

	result=TESI_Local_Reload();

	if ( result != TSS_SUCCESS )
	{
		printf("TESI_Local_Load Err!\n");
		return result;
	}
		// create this vtpm's info struct
	
	char local_uuid[DIGEST_SIZE*2+1];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);

	ret=create_physical_tpm_struct(local_tpm,local_uuid,"vtpm_manager","ooo","sss",NULL,NULL);
       	AddPolicy(local_tpm,"VM_T");
       	ExportPolicyToFile("lib/VM_T.lib","VM_T");

	printf("create local tpm info success!\n");
	TESI_Local_Fin();
	return 0;
}
int proc_compute_vmpolicy(void * sub_proc,void * message)
{
	MESSAGE_HEAD * message_head;
	struct vm_policy * policy;
	struct vm_info * vm;
	int retval;
	int count=0;
	int i,j;
	int ret;

	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	ret=proc_share_data_getvalue("uuid",local_uuid);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("proc_name",proc_name);
	if(ret<0)
		return ret;

	for(i=0;i<MAX_RECORD_NUM;i++)
	{
		retval=message_get_record(message,&vm,i);
		if(retval<0)
			break;
		if(vm==NULL)
			break;
		struct tcm_pcr_set * boot_pcrs;
		struct tcm_pcr_set * running_pcrs;
		ret=build_nova_vm_policy(vm->uuid,&boot_pcrs, &running_pcrs,&policy);
		ExportPolicy("PCRP");	
		ExportPolicy("VM_P");	
	}

	return;

}
Exemple #12
0
int proc_tcm_makeidentity(void * sub_proc,void * recv_msg)
{
	int ret=0;
	int fd;

	BYTE local_uuid[DIGEST_SIZE];	
	
	BYTE Buf[DIGEST_SIZE*32];
	BYTE NameBuf[DIGEST_SIZE*4];
	UINT32 result;
	RECORD(TCM_PIK_DESC,USERINFO)  * pik_userinfo;
	RECORD(MESSAGE,SIZED_BINDATA) req_blob;
        RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik;
        RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub;
        RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) tcm_pik_info;
	void * new_msg;
	int key_len;
	void * tcm_key_template;

    	UINT32 smkHandle;
    	UINT32 ownerHandle;
    	UINT32 keyHandle;
    	UINT32 keyAuthHandle;
	char uuid[DIGEST_SIZE*2+1];
	DB_RECORD * db_record;
        

	printf("begin pik makeidentity!\n");

	// get pik_userinfo from message
	
	ret=message_get_record(recv_msg,&pik_userinfo,0);
	if(ret<0)
		return -EINVAL;
	if(pik_userinfo==NULL)
		return -EINVAL;

	// get this node's machine uuid
        ret=proc_share_data_getvalue("uuid",pik_userinfo->node_uuid);
	if(ret<0)
		return ret;

	// get this node's hostname
	
	ret=gethostname(pik_userinfo->node_name,DIGEST_SIZE);
	if(ret!=0)
		Memset(pik_userinfo->node_name,0,DIGEST_SIZE);

	// build tcm session
    	ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle);
    	printf("ownerHandle is : %x\n",ownerHandle);
    	if(ret<0)
    	{
		print_cubeerr("TCM_APCreate failed!\n");
		return -EINVAL;	
    	}	

    	ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle);
    	printf("smkHandle is : %x\n",smkHandle);
    	if(ret<0)
    	{
		printf("TCM_APCreate failed!\n");
		return -EINVAL;	
    	}	

	int userinfolen;
    	BYTE * req;
    	int reqlen;	
	// get userinfo blob 

	tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO));
	if(tcm_key_template==NULL)
		return -EINVAL;
	userinfolen=struct_2_blob(pik_userinfo,Buf,tcm_key_template);
	if(userinfolen<0)
		return userinfolen;

	db_record=memdb_store(pik_userinfo,TYPE_PAIR(TCM_PIK_DESC,USERINFO),NULL);
	if(db_record==NULL)
		return -EINVAL;
	// do makeidentity   
    	ret = TCM_MakeIdentity(ownerHandle, smkHandle,
		userinfolen,Buf,"kkk",
		&tcm_pik, &req, &reqlen);
    	if(ret<0)
    	{
		print_cubeerr("TCM_MakeIdentity failed!\n");
		return -EINVAL;	
    	}

	// build an expand message record for req data
	req_blob.size=reqlen;
	req_blob.bindata=req;	

	// terminate session	
    	ret=TCM_APTerminate(ownerHandle);
    	if(ret<0)
    	{
		print_cubeerr("TCM_APTerminate failed!\n");
		return -EINVAL;	
    	}	

    	ret=TCM_APTerminate(smkHandle);
    	if(ret<0)
    	{
		print_cubeerr("TCM_APTerminate failed!\n");
		return -EINVAL;	
	}
	
	// generate TCM pik info ,left pubkey_uuid for fill
	tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_KEY));
	if(tcm_key_template==NULL)
		return -EINVAL;
	key_len=struct_2_blob(&tcm_pik,Buf,tcm_key_template);
	if(key_len<0)
		return key_len;

	Memset(&tcm_pik_info,0,sizeof(tcm_pik_info));
	calculate_context_sm3(Buf,key_len,tcm_pik_info.uuid);
	Memcpy(tcm_pik_info.vtcm_uuid,local_uuid,DIGEST_SIZE);
	tcm_pik_info.issmkwrapped=1;
	tcm_pik_info.key_usage=TCM_KEY_IDENTITY;
	tcm_pik_info.key_flags=TCM_ISVOLATILE|TCM_PCRIGNOREDONREAD;

	// store pik file
	digest_to_uuid(tcm_pik_info.uuid,uuid);
	uuid[DIGEST_SIZE*2]=0;
	printf("get pik's uuid is %s!\n",uuid);	

	Strcpy(NameBuf,"tcmkey/");
	Strcat(NameBuf,uuid);

        fd=open(NameBuf,O_CREAT|O_WRONLY,0666);
        if(fd<0)
                return fd;
        write(fd,Buf,key_len);
        close(fd);

	// Get pikpub from pik 
	//
	ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik);
	if(ret!=0)
	{
		print_cubeerr("Get Pubpik failed!\n");
		return -EINVAL;
	}

	
	tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY));
	if(tcm_key_template==NULL)
		return -EINVAL;
	key_len=struct_2_blob(&tcm_pikpub,Buf,tcm_key_template);
	if(key_len<0)
		return key_len;
	calculate_context_sm3(Buf,key_len,tcm_pik_info.pubkey_uuid);
	db_record=memdb_store(&tcm_pik_info,TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),NULL);

	// build a message and send it 
	new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,USERINFO),recv_msg);
	if(new_msg==NULL)
		return -EINVAL;
	ret=message_add_record(new_msg,pik_userinfo);
	if(ret<0)
		return ret;
	
	ret=message_add_expand_data(new_msg,TYPE_PAIR(MESSAGE,SIZED_BINDATA),&req_blob);
	if(ret<0)
		return -EINVAL;
	ret=message_add_expand_data(new_msg,TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY),&tcm_pikpub);
	if(ret<0)
		return -EINVAL;

	ret=ex_module_sendmsg(sub_proc,new_msg);
	return ret;
}
Exemple #13
0
int key_manage_start(void * sub_proc,void * para)
{
	int ret;
	void * recv_msg;
	int i;
	const char * type;
	int fd;

	enum key_state_type{
		NO_KEY,
		KEY_GENERATE,
		KEY_SHARED,
		KEY_ERROR
	}; 

	enum key_state_type key_state=NO_KEY;
	struct key_request_cmd * key_req;
	int count;
	
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	ret=proc_share_data_getvalue("proc_name",proc_name);
	void * sendmsg;
	
	ret=local_key_generate(sub_proc);	
	if(ret<0)
		return ret;
	key_state=KEY_GENERATE;
	for(i=0;i<3000*1000;i++)
	{
		usleep(time_val.tv_usec);
		ret=sec_subject_recvmsg(sub_proc,&recv_msg);
		if(ret<0)
			continue;
		if(recv_msg==NULL)
			continue;

 		type=message_get_recordtype(recv_msg);
		if(type==NULL)
		{
			message_free(recv_msg);
			continue;
		}

		switch(key_state){
			case KEY_GENERATE:
				if(strncmp(type,"ACKI",4)==0)
				{
					ret=local_pubkey_share(sub_proc);
					if(ret<0)
						return ret;
					key_state=KEY_SHARED;
				}
				break;
			case KEY_SHARED:
				if(strncmp(type,"LOGI",4)==0)
				{
					struct login_info * user_info;
					int j=0;
					
					ret=message_get_record(recv_msg,&user_info,j++);
					
					while(user_info!=NULL)
					{
						ret=local_pubkey_request(sub_proc,user_info->user);
						if(ret<0)
							break;
						ret=message_get_record(recv_msg,&user_info,j++);
						if(ret<0)
							break;
					}
					sec_subject_sendmsg(sub_proc,recv_msg);
				}
				else if(strncmp(type,"NKLD",4)==0)
				{
					struct node_key_list * pub_keylist;
					int j=0;
					
					ret=message_get_record(recv_msg,&pub_keylist,j++);
					
					if(pub_keylist!=NULL)
					{
						AddPolicy(pub_keylist,"NKLD");
					}
					ExportPolicy("NKLD");
				}
				
				break;
			default:
				break;
		}
	}
	return 0;
}
Exemple #14
0
int local_pubkey_share(void * sub_proc)
{
	struct node_key_list * pub_keylist;
	int ret;
	int count;
	char uuidname[DIGEST_SIZE*2+16];
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	char proc_uuid[DIGEST_SIZE*2+1];
	BYTE digest[DIGEST_SIZE];

	void * sendmsg;
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	ret=proc_share_data_getvalue("proc_name",proc_name);
	comp_proc_uuid(local_uuid,proc_name,proc_uuid);

	ret=FindPolicy(proc_uuid,"NKLD",&pub_keylist);
	if((ret<0) || (pub_keylist==NULL))
		return -EINVAL;
		
	sendmsg=message_create("NKLD",NULL);
	message_add_record(sendmsg,pub_keylist);
	
	sec_subject_sendmsg(sub_proc,sendmsg);
	
	
	void * new_msg;
	struct policyfile_data * reqdata;
	// share AIK
	sprintf(uuidname,"pubkey/%.64s.pem",pub_keylist->nodeAIK);
	ret=build_filedata_struct(&reqdata,uuidname);
	new_msg=message_create("FILD",NULL);
	if(new_msg!=NULL)
	{
		message_add_record(new_msg,reqdata);
		sec_subject_sendmsg(sub_proc,new_msg);
	}
	// share AIKsda
	sprintf(uuidname,"cert/%.64s.sda",pub_keylist->nodeAIKSda);
	ret=build_filedata_struct(&reqdata,uuidname);
	new_msg=message_create("FILD",NULL);
	if(new_msg!=NULL)
	{
		message_add_record(new_msg,reqdata);
		sec_subject_sendmsg(sub_proc,new_msg);
	}
	// share Bindkey
	sprintf(uuidname,"pubkey/%.64s.pem",pub_keylist->nodeBindKey);
	ret=build_filedata_struct(&reqdata,uuidname);
	new_msg=message_create("FILD",NULL);
	if(new_msg!=NULL)
	{
		message_add_record(new_msg,reqdata);
		sec_subject_sendmsg(sub_proc,new_msg);
	}
	// share Bindkeyval
	sprintf(uuidname,"cert/%.64s.val",pub_keylist->nodeBindKeyVal);
	ret=build_filedata_struct(&reqdata,uuidname);
	new_msg=message_create("FILD",NULL);
	if(new_msg!=NULL)
	{
		message_add_record(new_msg,reqdata);
		sec_subject_sendmsg(sub_proc,new_msg);
	}

	return 0;
}
Exemple #15
0
int local_key_generate(void * sub_proc)
{
	struct node_key_list * local_keylist;
	struct node_key_list * pub_keylist;
	struct key_request_cmd * key_req;
	int ret;
	int fd;
	int i;
	int count;
	char uuidname[DIGEST_SIZE*2+16];
	enum local_key_state{
		NO_AIKEY,
		AIK_REQUEST,
		AIK_GENERATE,
		AIK_VERIFY,
		BINDKEY_GENERATE,
		BINDKEY_VERIFY,
		SIGNKEY_GENERATE,
		SIGNKEY_VERIFY,
		LOCAL_KEY_ERROR=0xffff
	}; 

	enum local_key_state key_state=NO_AIKEY;

	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	char proc_uuid[DIGEST_SIZE*2+1];
	BYTE digest[DIGEST_SIZE];
	char temp_uuid[DIGEST_SIZE*2];
	void * sendmsg;
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	ret=proc_share_data_getvalue("proc_name",proc_name);
	comp_proc_uuid(local_uuid,proc_name,proc_uuid);

	ret=FindPolicy(proc_uuid,"LKLD",&local_keylist);
	if((ret<0) || (local_keylist==NULL))
	{
		key_state=NO_AIKEY;
		local_keylist=malloc(sizeof(struct node_key_list));
		if(local_keylist==NULL)
			return -ENOMEM;
		memset(local_keylist,0,sizeof(struct node_key_list));
		memcpy(local_keylist->nodeuuid,proc_uuid,DIGEST_SIZE*2);
		memcpy(local_keylist->localuuid,local_uuid,DIGEST_SIZE*2);
		memcpy(local_keylist->nodename,proc_name,DIGEST_SIZE*2);
		local_keylist->isnodelocal=1;
		ret=AddPolicy(local_keylist,"LKLD");
		if(ret<0)
			return -EINVAL;		
		pub_keylist=malloc(sizeof(struct node_key_list));
		if(pub_keylist==NULL)
			return -ENOMEM;
		memset(pub_keylist,0,sizeof(struct node_key_list));
		memcpy(pub_keylist->nodeuuid,proc_uuid,DIGEST_SIZE*2);
		memcpy(pub_keylist->localuuid,local_uuid,DIGEST_SIZE*2);
		memcpy(pub_keylist->nodename,proc_name,DIGEST_SIZE*2);
		pub_keylist->isnodelocal=1;
		ret=AddPolicy(local_keylist,"NKLD");
		if(ret<0)
			return -EINVAL;		

	}
	else
	{
		ret=FindPolicy(proc_uuid,"NKLD",&pub_keylist);
		if(ret<0)
			return -EINVAL;
		
		if(local_keylist->nodeAIK[0]==0)
			key_state=AIK_REQUEST;
		else if(pub_keylist->nodeAIKSda[0]==0)
			key_state=AIK_GENERATE;
		else if(local_keylist->nodeBindKey[0]==0)
			key_state=AIK_VERIFY;
		else if(pub_keylist->nodeBindKeyVal[0]==0)
			key_state=BINDKEY_GENERATE;
		else if(local_keylist->nodeSignKey[0]==0)
			key_state=BINDKEY_VERIFY;
		else if(pub_keylist->nodeSignKeyVal[0]==0)
			key_state=SIGNKEY_GENERATE;
		else
		{
			key_state=SIGNKEY_VERIFY;
			return 0; 
		}
			
	}

	for(i=0;i<30*1000;i++)
	{

		usleep(time_val.tv_usec);
		switch(key_state){
			case NO_AIKEY:

				key_req=malloc(sizeof(struct key_request_cmd));
				if(key_req==NULL)
					return -EINVAL;		
				memcpy(key_req->machine_uuid,local_uuid,DIGEST_SIZE*2);
				memcpy(key_req->proc_name,"local",5);
				key_req->keyusage=TPM_KEY_IDENTITY;
				key_req->keyflags=0;
				count=0;
				key_state=AIK_REQUEST;
				sendmsg=message_create("KREC",NULL);
				if(sendmsg==NULL)
					return -EINVAL;
				message_add_record(sendmsg,key_req);
				sec_subject_sendmsg(sub_proc,sendmsg);	
				break;
			case AIK_REQUEST:
				fd=open("pubkey/AIK.pem",O_RDONLY);
				if(fd>0)
				{
					close(fd);
					key_state=AIK_GENERATE;
					count=0;
					fd=open("privkey/AIK.key",O_RDONLY);
					if(fd<0)
						return -EINVAL;
					close(fd);
					ret=calculate_sm3("privkey/AIK.key",digest);
					if(ret<0)
						return ret;
					digest_to_uuid(digest,local_keylist->nodeAIK);
					ret=calculate_sm3("pubkey/AIK.pem",digest);
					if(ret<0)
						return ret;
					digest_to_uuid(digest,pub_keylist->nodeAIK);
					
				}
				else
				{
					close(fd);
					count++;
					if(count>1000)
					{
						printf("do not get AIK");
						key_state=NO_AIKEY;
						remove("privkey/AIK.key");
						remove("pubkey/AIK.pem");
					}	
				}
				break;

			case AIK_GENERATE:

				fd=open("cert/AIK.sda",O_RDONLY);
				if(fd<0)
				{
					count++;
					if(count>1000)
					{
						remove("cert/AIK.sda");
						remove("pubkey/AIK.pem");
						remove("privkey/AIK.key");
						key_state=NO_AIKEY;
					}
					break;
				}
				else
				{
					close(fd);
					ret=aik_verify(local_keylist->username);
					if(ret<0)
					{
						remove("cert/AIK.sda");
						remove("pubkey/AIK.pem");
						remove("privkey/AIK.key");
						key_state=NO_AIKEY;
						break;
					}
					memcpy(pub_keylist->username,local_keylist->username,DIGEST_SIZE);
					ret=trustfile_to_uuidname("privkey/AIK.key",local_keylist->nodeAIK);
					if(ret<0)
						return ret;
					ret=trustfile_to_uuidname("pubkey/AIK.pem",pub_keylist->nodeAIK);
					if(ret<0)
						return ret;
					ret=trustfile_to_uuidname("cert/AIK.sda",pub_keylist->nodeAIKSda);
					if(ret<0)
					{
						return ret;
					}
					memcpy(local_keylist->nodeAIKSda,pub_keylist->nodeAIKSda,DIGEST_SIZE*2);
					
					ret=DelPolicy(local_keylist,"LKLD");	
					ret=AddPolicy(local_keylist,"LKLD");
					ret=ExportPolicy("LKLD");

					ret=DelPolicy(pub_keylist,"NKLD");	
					ret=AddPolicy(pub_keylist,"NKLD");
					ret=ExportPolicy("NKLD");
					remove("cert/bindkey.val");
					remove("pubkey/bindpubkey.pem");
					count=0;
					
					key_state=AIK_VERIFY;
					
				}
				break;

			case AIK_VERIFY:
				fd=open("pubkey/bindpubkey.pem",O_RDONLY);
				if(fd>0)
					key_state=BINDKEY_GENERATE;
				else
				{
					close(fd);
					ret=bind_key_generate(local_keylist->nodeAIK);
					if(ret<0)
						return ret;
				}
				break;
			case BINDKEY_GENERATE:
				fd=open("cert/bindkey.val",O_RDONLY);
				if(fd<0)
				{
					count++;
					if(count>5000)
					{
						printf("do not get Bind key valdata");
						key_state=AIK_GENERATE;
					}	
					break;
				}
				else
				{
					close(fd);
					ret=trustfile_to_uuidname("cert/bindkey.val",pub_keylist->nodeBindKeyVal);
					if(ret<0)
						return ret;
					ret=trustfile_to_uuidname("privkey/bindkey.key",local_keylist->nodeBindKey);
					if(ret<0)
						return ret;
					ret=trustfile_to_uuidname("pubkey/bindpubkey.pem",pub_keylist->nodeBindKey);
					if(ret<0)
					{
						remove("pubkey/bindpubkey.pem");
						return ret;
					}

					if(bindkey_verify(pub_keylist->nodeAIK,pub_keylist->nodeBindKeyVal,pub_keylist->nodeBindKey)!=0)
					{
						printf("bindkey verify failed!\n");
						return -EINVAL;
					}
					else
					{

						ret=DelPolicy(local_keylist,"LKLD");	
						ret=AddPolicy(local_keylist,"LKLD");
						ret=ExportPolicy("LKLD");

						ret=DelPolicy(pub_keylist,"NKLD");	
						ret=AddPolicy(pub_keylist,"NKLD");
						ret=ExportPolicy("NKLD");
					}
					
					key_state=BINDKEY_VERIFY;
				}

				break;
			
			case BINDKEY_VERIFY:
//				ret=bind_pubkey_memdb_init();
//				if(ret<0)
//				{
//					printf("load bindpubkey error %d!\n",ret);
//				}
				
				return 0;

			default:
				return -EINVAL;	
		
		}
	}
	return 0;

}
int monitor_process_start(void * sub_proc,void * para)
{
	int ret;
	int retval;
	void * message_box;
	void * context;
	void * recv_msg;
	struct tcloud_connector * temp_conn;
	int i;

	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	char hostname[DIGEST_SIZE*2+1];
	ret=proc_share_data_getvalue("uuid",local_uuid);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("proc_name",proc_name);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("host_name",hostname);
	if(ret<0)
		return ret;

	printf("begin compute monitor process!\n");
	sleep(2);
	proc_send_compute_localinfo(sub_proc,NULL);

	for(i=0;i<3000*1000;i++)
	{
		usleep(time_val.tv_usec);
		ret=sec_subject_recvmsg(sub_proc,&recv_msg);
		if(ret<0)
			continue;
		if(recv_msg==NULL)
			continue;
		MESSAGE_HEAD * msg_head;
		msg_head=get_message_head(recv_msg);
		if(msg_head==NULL)
			continue;
		if(strncmp(msg_head->record_type,"PLAI",4)==0)
		{
			proc_send_compute_localinfo(sub_proc,recv_msg);
		}
		if(strncmp(msg_head->record_type,"VM_I",4)==0)
		{
			proc_compute_vmpolicy(sub_proc,recv_msg,NULL);
		}
		if(strncmp(msg_head->record_type,"REQC",4)==0)
		{

			struct request_cmd * cmd;
			ret=message_get_record(recv_msg,&cmd,0);
			if(strncmp(cmd->tag,"VM_P",4)==0)
			{
				proc_send_vmpolicy(sub_proc,recv_msg);
			}
			else if(strncmp(cmd->tag,"PLAP",4)==0)
			{
				proc_send_computepolicy(sub_proc,recv_msg);
			}
			else
				continue;
				
		}
	}

	return 0;
}
int manager_vm_start(void * sub_proc,void * para)
{
	int ret;
	int retval;
	void * context;
	int i;
	void * recv_msg;

	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	const char * type;
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("proc_name",proc_name);

	if(ret<0)
		return ret;
	printf("begin vm manager process!\n");

	for(i=0;i<500*1000;i++)
	{
		usleep(time_val.tv_usec);
		ret=sec_subject_recvmsg(sub_proc,&recv_msg);
		if(ret<0)
			continue;
		if(recv_msg==NULL)
			continue;
		type=message_get_recordtype(recv_msg);
		if(type==NULL)
			continue;
		if(strncmp(type,"VM_I",4)==0)
		{
			proc_store_vm(sub_proc,recv_msg);
		}
		if(strncmp(type,"VM_P",4)==0)
		{
			proc_store_vm_policy(sub_proc,recv_msg);
		}
		if(strncmp(type,"REQC",4)==0)
		{
			struct request_cmd * req;
			ret=message_get_record(recv_msg,&req,0);
			if(ret<0)
			{
				printf("error request command!\n");
				continue;
			}
			if(strncmp(req->tag,"VM_I",4)==0)
			{
				proc_send_vm_info(sub_proc,recv_msg);
			}
			else if(strncmp(req->tag,"VM_P",4)==0)
			{
				proc_send_vm_policy(sub_proc,recv_msg);
			}
		}
	}

	return 0;
}
Exemple #18
0
int key_manage2_start(void * sub_proc,void * para)
{
	int ret;
	int retval;
	void * recv_msg;
	void * send_msg;
	void * context;
	int i;
	int type;
	int subtype;
	void * sock;	
	BYTE uuid[DIGEST_SIZE];

	char local_uuid[DIGEST_SIZE];
	char proc_name[DIGEST_SIZE];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	ret=proc_share_data_getvalue("proc_name",proc_name);

	// build a  slot for key request info
	void * slot_port=slot_port_init("key_request",2);
	slot_port_addrecordpin(slot_port,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO);
	slot_port_addmessagepin(slot_port,DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY);
	slot_port_addmessagepin(slot_port,DTYPE_TESI_KEY_STRUCT,SUBTYPE_PUBLIC_KEY);
	ex_module_addslot(sub_proc,slot_port);


	printf("begin tpm key manage1 start!\n");

	for(i=0;i<300*1000;i++)
	{
		usleep(time_val.tv_usec);
		ret=ex_module_recvmsg(sub_proc,&recv_msg);
		if(ret<0)
			continue;
		if(recv_msg==NULL)
			continue;

 		type=message_get_type(recv_msg);
		subtype=message_get_subtype(recv_msg);
		
		if((type==DTYPE_TRUST_DEMO)&&(subtype==SUBTYPE_KEY_INFO))
		{
			proc_key_check(sub_proc,recv_msg);
		}
		else if(((type==DTYPE_TESI_KEY_STRUCT)&&(subtype==SUBTYPE_WRAPPED_KEY))
			||((type==DTYPE_TESI_KEY_STRUCT)&&(subtype==SUBTYPE_PUBLIC_KEY)))
		{
			ret=message_get_uuid(recv_msg,uuid);						
			if(ret<0)
				continue;
			sock=ex_module_findsock(sub_proc,uuid);
			if(sock==NULL)
				continue;	
			ret=slot_sock_addmsg(sock,recv_msg);
	
			if(ret>0)	
				proc_key_store(sub_proc,sock);
		}
		else if((type==DTYPE_TRUST_DEMO)&&(subtype==SUBTYPE_FILECRYPT_INFO))
		{
			proc_key_recover(sub_proc,recv_msg);	
		}
	}

	return 0;
};
int proc_aik_request(void * sub_proc,void * message)
{
	TSS_RESULT result;
	TSS_HKEY 	hSignKey;
	TSS_HKEY	hAIKey, hCAKey;
	struct aik_request_info reqinfo;
	struct policyfile_data * reqdata;
	int ret;

	BYTE		*labelString = "UserA";
	UINT32		labelLen = strlen(labelString) + 1;
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	ret=proc_share_data_getvalue("proc_name",proc_name);

	printf("begin aik request!\n");
	char buffer[1024];
	char digest[DIGEST_SIZE];
	int blobsize=0;
	int fd;
	// create a signkey and write its key in localsignkey.key, write its pubkey in localsignkey.pem
	result=TESI_Local_ReloadWithAuth("ooo","sss");
	result=TESI_Local_CreateSignKey(&hSignKey,(TSS_HKEY)NULL,"sss","kkk");
	if(result == TSS_SUCCESS)
		printf("Create SignKey SUCCEED!\n");

	TESI_Local_WriteKeyBlob(hSignKey,"privkey/localsignkey");
	TESI_Local_WritePubKey(hSignKey,"pubkey/localsignkey");
	
	// fill the reqinfo struct
	calculate_sm3("pubkey/localsignkey.pem",digest);
	digest_to_uuid(digest,reqinfo.signpubkey_uuid);
	calculate_sm3("pubkey/pubek.pem",digest);
	digest_to_uuid(digest,reqinfo.pubek_uuid);
	reqinfo.user_name=labelString;
	get_local_uuid(reqinfo.user_uuid);
	
	// create info blob
	void * struct_template=create_struct_template(req_info_desc);
	if(struct_template==NULL)
		return -EINVAL;
	blobsize=struct_2_blob(&reqinfo,buffer,struct_template);


	// Load the CA Key
	result=TESI_Local_GetPubKeyFromCA(&hCAKey,"cert/CA");
	if (result != TSS_SUCCESS) {
		printf("Get pubkey error %s!\n", tss_err_string(result));
		exit(result);
	}
	
	TESI_AIK_CreateIdentKey(&hAIKey,NULL,"sss","kkk"); 
	if (result != TSS_SUCCESS) {
		printf("Create AIK error %s!\n", tss_err_string(result));
		exit(result);
	}

	labelLen=strlen(labelString);

	result = TESI_AIK_GenerateReq(hCAKey,blobsize,buffer,hAIKey,"cert/aik");
	if (result != TSS_SUCCESS){
		printf("Generate aik failed%s!\n",tss_err_string(result));
		exit(result);
	}
	TESI_Local_WriteKeyBlob(hAIKey,"privkey/AIK");

	ret=build_filedata_struct(&reqdata,"cert/aik.req");

	void * send_msg;
	send_msg=message_create("FILD",message);
	if(send_msg!=NULL)
	{
		message_add_record(send_msg,reqdata);
		sec_subject_sendmsg(sub_proc,send_msg);
	}
	return 0;
}
int json_port_init(void * sub_proc,void * para)
{
	int ret;
    struct json_server_context * sub_context;
    struct message_box * msg_box;
    struct message_box * new_msg;
    struct tcloud_connector_hub * port_hub;

    MESSAGE_HEAD * msg_head;

    char local_uuid[DIGEST_SIZE*2+1];
    char proc_name[DIGEST_SIZE*2+1];
 	
    ret=proc_share_data_getvalue("uuid",local_uuid);
    if(ret<0)
	    return ret;
    ret=proc_share_data_getvalue("proc_name",proc_name);
    register_record_type("SYNI",connect_syn_desc);

    // process init
    sub_context=malloc(sizeof(struct json_server_context));
    if(sub_context==NULL)
        return -ENOMEM;
    memset(sub_context,0,sizeof(struct json_server_context));

    void * context;
    ret=sec_subject_getcontext(sub_proc,&context);
    if(ret<0)
         return ret;
    sec_object_setpointer(context,sub_context);

    // parameter deal with
    char * server_name="json_server";
    char * server_uuid=local_uuid;
    char * service=sec_subject_getname(sub_proc);
    char * server_addr=local_jsonserver_addr;
    char * nonce="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";

    struct connect_syn * syn_info;
    syn_info=malloc(sizeof(struct connect_syn));
    if(syn_info==NULL)
        return -ENOMEM;
    memset(syn_info,0,sizeof(struct connect_syn));

    char buffer[1024];
    memset(buffer,0,1024);

    int stroffset=0;

    msg_box=build_server_syn_message(service,local_uuid,proc_name);  
    stroffset=message_2_json(msg_box,buffer);
    printf("json message size is %d\n",stroffset);
    printf("json message:%s\n",buffer);

    ret=json_2_message(buffer,&new_msg);
    if(ret<0)
        return -EINVAL;

    sub_context->json_message=dup_str(buffer,0);
    sub_context->message_len=strlen(buffer);

    port_hub=get_connector_hub();

    sub_context->json_port_hub=port_hub;
    struct tcloud_connector * temp_conn;

    temp_conn=get_connector(CONN_SERVER,AF_INET);
    if((temp_conn ==NULL) || IS_ERR(temp_conn))
    {
            printf("get json server conn failed!\n");
            return -EINVAL;
    }

    ret=temp_conn->conn_ops->init(temp_conn,server_name,server_addr);
    if(ret<0)
    {
           printf("init conn json_server failed!\n");
           return -EINVAL;
    }
    port_hub->hub_ops->add_connector(port_hub,temp_conn,NULL);
    ret=temp_conn->conn_ops->listen(temp_conn);
    if(ret<0)
         return -EINVAL;

	return 0;
}
int json_port_start(void * sub_proc,void * para)
{
    int ret;
    int retval;
    void * message_box;
    void * context;
    struct tcloud_connector_hub * port_hub;
    struct tcloud_connector * port_conn;
    struct tcloud_connector * recv_conn;
    struct tcloud_connector * channel_conn;
    int i;
    struct timeval conn_val;
    conn_val.tv_usec=time_val.tv_usec;

    char local_uuid[DIGEST_SIZE*2+1];
    char proc_name[DIGEST_SIZE*2+1];
    char buffer[4096];
    memset(buffer,0,4096);
    int stroffset;
	
    printf("begin json server process!\n");
    ret=proc_share_data_getvalue("uuid",local_uuid);
    if(ret<0)
        return ret;
    ret=proc_share_data_getvalue("proc_name",proc_name);

    if(ret<0)
	return ret;
    struct json_server_context * server_context;

    ret=sec_subject_getcontext(sub_proc,&context);
    server_context=sec_object_getpointer(context);

    port_hub=server_context->json_port_hub;

    port_conn=hub_get_connector(server_context->json_port_hub,"json_server");
    if(port_conn==NULL)
        return -EINVAL;

    channel_conn=NULL;
    for(i=0;i<500*1000;i++)
    {
        ret=port_hub->hub_ops->select(port_hub,&conn_val);
        usleep(conn_val.tv_usec);
	conn_val.tv_usec=time_val.tv_usec;
        if(ret>0)
        {

        	do{

           	 	recv_conn=port_hub->hub_ops->getactiveread(port_hub);
        		if(recv_conn==NULL)
                		break;
          		if(connector_get_type(recv_conn)==CONN_SERVER)
            		{

           		     channel_conn=recv_conn->conn_ops->accept(recv_conn);
         		     if(channel_conn==NULL)
                	     {
              			      printf("error: json_server connector accept error %x!\n",channel_conn);
               			      continue;
               		     }
              		     printf("create a new channel %x!\n",channel_conn);

           		     // build a server syn message with service name,uuid and proc_name
           		     channel_conn->conn_ops->write(channel_conn,
                             	  server_context->json_message,
                              	  server_context->message_len);

               		    port_hub->hub_ops->add_connector(port_hub,channel_conn,NULL);
            		}
	  		else if(connector_get_type(recv_conn)==CONN_CHANNEL)
	    		{
				char * buffer=malloc(65535);
		 		int offset=0;
		  		do {
		 			ret=recv_conn->conn_ops->read(recv_conn,buffer+offset,4096);
		   	 		if(ret<0)
				 		break;
			  		offset+=ret;
		    		}while(ret==4096);
	    	 		void * message;
	    	  		ret=json_2_message(buffer,&message);
		   		if(ret>=0)
		    		{
					if(message_get_state(message)==0)
						message_set_state(message,MSG_FLOW_INIT);
					set_message_head(message,"sender_uuid",local_uuid);
	    	    			sec_subject_sendmsg(sub_proc,message);	
		    		}
	    		}
		}while(1);
	}
	// send message to the remote
	while(sec_subject_recvmsg(sub_proc,&message_box)>=0)
	{
		if(message_box==NULL)
			break;
    		stroffset=message_2_json(message_box,buffer);
		if(channel_conn!=NULL)
		{
                	channel_conn->conn_ops->write(channel_conn,
                               buffer,stroffset);
			printf("json port send %d data !",stroffset);
		}	
	}

    }
    return 0;
}