int proc_store_vm(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_info * vm;
int retval;
int count=0;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
struct platform_info * host;
retval=proc_share_data_getvalue("uuid",local_uuid);
if(retval<0)
return retval;
retval=proc_share_data_getvalue("proc_name",proc_name);
if(retval<0)
return retval;
// monitor send a new vm message
// memset(vm,0,sizeof(struct vm_info));
vm = NULL;
for(i=0;i<MAX_RECORD_NUM;i++)
{
retval=message_get_record(message,&vm,i);
if(retval<0)
break;
if(vm==NULL)
break;
void * oldvm;
printf("policy server receive vm %s's info from monitor!\n",vm->uuid);
FindPolicy(vm->uuid,"VM_I",&oldvm);
if(oldvm!=NULL)
{
printf("this vm already in the VM_I lib!\n");
continue;
}
GetFirstPolicy(&host,"PLAI");
while(host!=NULL)
{
if(!strncmp(vm->host,host->name,DIGEST_SIZE*2))
{
memcpy(vm->platform_uuid,host->uuid,DIGEST_SIZE*2);
AddPolicy(vm,"VM_I");
break;
}
GetNextPolicy(&host,"PLAI");
}
if(host==NULL)
{
printf("can't find vm %s's host!\n",vm->uuid);
continue;
}
}
// send a message to manager_trust
retval=ExportPolicyToFile("./lib/VM_I.lib","VM_I");
// send a message to manager_trust
return count;
}
int proc_send_computepolicy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct request_cmd * cmd;
int retval;
int count=0;
int i,j;
int ret;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char hostname[DIGEST_SIZE*2+1];
printf("begin to send computepolicy!\n");
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("host_name",hostname);
if(ret<0)
return ret;
struct vm_policy * compute_policy;
struct tcm_pcr_set * compute_boot_pcrs;
struct tcm_pcr_set * compute_running_pcrs;
build_compute_boot_pcrs("/dev/sda",hostname,&compute_boot_pcrs);
build_compute_running_pcrs("/dev/sda",hostname,&compute_running_pcrs);
ret=build_entity_policy(local_uuid,NULL,compute_boot_pcrs,compute_running_pcrs,hostname,&compute_policy);
if(compute_policy==NULL)
return -EINVAL;
ExportPolicy("PLAP");
void * send_pcr_msg;
void * send_msg;
// send compute node's pcr policy
send_pcr_msg=message_create("PCRP",NULL);
message_add_record(send_pcr_msg,compute_boot_pcrs);
if(compute_running_pcrs!=NULL)
message_add_record(send_pcr_msg,compute_running_pcrs);
sec_subject_sendmsg(sub_proc,send_pcr_msg);
usleep(time_val.tv_usec*3);
// send compute node's platform policy
send_msg=message_create("PLAP",message);
message_add_record(send_msg,compute_policy);
sec_subject_sendmsg(sub_proc,send_msg);
return 0;
}
int proc_send_vmpolicy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct request_cmd * cmd;
struct vm_policy * policy;
int retval;
int count=0;
int i,j;
int ret;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
printf("begin to send vmpolicy!\n");
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
message_head=get_message_head(message);
// get vm info from message
retval=message_get_record(message,&cmd,0);
if(retval<0)
return -EINVAL;
struct tcm_pcr_set * boot_pcrs;
struct tcm_pcr_set * running_pcrs;
ret=build_nova_vm_policy(cmd->uuid,&boot_pcrs, &running_pcrs,&policy);
if(policy==NULL)
return -EEXIST;
ExportPolicy("VM_P");
void * send_pcr_msg;
void * send_msg;
// send compute node's pcr policy
send_pcr_msg=message_create("PCRP",NULL);
message_add_record(send_pcr_msg,boot_pcrs);
if(running_pcrs!=NULL)
message_add_record(send_pcr_msg,running_pcrs);
sec_subject_sendmsg(sub_proc,send_pcr_msg);
usleep(time_val.tv_usec*3);
send_msg=message_create("VM_P",message);
message_add_record(send_msg,policy);
sec_subject_sendmsg(sub_proc,send_msg);
return 0;
}
int proc_send_vm_policy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_policy * vm;
struct request_cmd * cmd;
int retval;
int ret;
int count=0;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
printf("begin send vm policy process!\n");
void * send_msg;
void * send_pcr_msg;
ret=message_get_record(message,&cmd,0);
if(ret<0)
return -EINVAL;
// monitor send a new vm message
// memset(vm,0,sizeof(struct vm_policy));
vm = NULL;
FindPolicy(cmd->uuid,"VM_P",&vm);
if(vm==NULL)
return 0;
send_msg=message_create("VM_P",message);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,vm);
sec_subject_sendmsg(sub_proc,send_msg);
send_pcr_msg=message_create("PCRP",message);
struct tcm_pcr_set * pcrpolicy;
FindPolicy(vm->boot_pcr_uuid,"PCRP",&pcrpolicy);
if(pcrpolicy!=NULL)
{
message_add_record(send_pcr_msg,pcrpolicy);
sec_subject_sendmsg(sub_proc,send_pcr_msg);
}
return;
}
int proc_send_compute_localinfo(void * sub_proc,void * message)
{
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char hostname[DIGEST_SIZE*2+1];
int ret;
MESSAGE_HEAD * message_head;
struct platform_info * platform;
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
printf("begin send %s localinfo!\n",hostname);
ret=FindPolicy(local_uuid,"PLAI",&platform);
if(ret<0)
return ret;
if(platform==NULL)
return -EINVAL;
void * send_msg;
send_msg=message_create("PLAI",message);
message_add_record(send_msg,platform);
sec_subject_sendmsg(sub_proc,send_msg);
return 0;
}
int symmkey_gen_start(void * sub_proc,void * para)
{
int ret;
int retval;
void * recv_msg;
void * send_msg;
void * context;
int i;
int type;
int subtype;
void * sock;
BYTE uuid[DIGEST_SIZE];
char local_uuid[DIGEST_SIZE];
char proc_name[DIGEST_SIZE];
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
printf("begin tpm key manage1 start!\n");
for(i=0;i<300*1000;i++)
{
usleep(time_val.tv_usec);
ret=ex_module_recvmsg(sub_proc,&recv_msg);
if(ret<0)
continue;
if(recv_msg==NULL)
continue;
type=message_get_type(recv_msg);
subtype=message_get_subtype(recv_msg);
if((type==DTYPE_TESI_KEY_STRUCT)&&(subtype==SUBTYPE_WRAPPED_KEY))
{
proc_symmkey_gen(sub_proc,recv_msg);
}
else
{
// message_set_activemsg(recv_msg,recv_msg);
ex_module_sendmsg(sub_proc,recv_msg);
recv_msg=NULL;
}
}
return 0;
};
int proc_aikclient_start(void * sub_proc,void * para)
{
int ret;
int retval;
void * recv_msg;
void * send_msg;
void * context;
int i;
const char * type;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
printf("begin aik process start!\n");
for(i=0;i<300*1000;i++)
{
usleep(time_val.tv_usec);
ret=sec_subject_recvmsg(sub_proc,&recv_msg);
if(ret<0)
continue;
if(recv_msg==NULL)
continue;
type=message_get_recordtype(recv_msg);
if(type==NULL)
{
message_free(recv_msg);
continue;
}
if(strncmp(type,"SYNI",4)==0)
{
proc_aik_request(sub_proc,recv_msg);
}
else if(strncmp(type,"FILD",4)==0)
{
proc_aik_activate(sub_proc,recv_msg);
}
}
return 0;
};
int proc_store_vm_policy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_policy * vm;
int retval;
int ret;
int count=0;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
printf("begin vm policy process!\n");
// monitor send a new vm message
// memset(vm,0,sizeof(struct vm_policy));
vm = NULL;
for(i=0;i<MAX_RECORD_NUM;i++)
{
retval=message_get_record(message,&vm,i);
if(retval<0)
break;
if(vm==NULL)
break;
void * oldvm;
printf("policy server receive vm %s's info from monitor!\n",vm->uuid);
FindPolicy(vm->uuid,"VM_P",&oldvm);
if(oldvm!=NULL)
{
printf("this vm already in the VM_I lib!\n");
continue;
}
AddPolicy(vm,"VM_P");
}
// send a message to manager_trust
retval=ExportPolicyToFile("./lib/VM_P.lib","VM_P");
// forward message to verifier
return count;
}
int proc_send_vm_info(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_info * vm;
int retval;
int ret;
int count=0;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
printf("begin vm send image info process!\n");
void * send_msg;
message_head=get_message_head(message);
if(message_head==NULL)
return -EINVAL;
// monitor send a new vm message
// memset(vm,0,sizeof(struct vm_policy));
vm = NULL;
send_msg=message_create("VM_I",message);
if(send_msg==NULL)
return -EINVAL;
GetFirstPolicy(&vm,"VM_I");
while( vm != NULL)
{
message_add_record(send_msg,vm);
GetNextPolicy(&vm,"VM_I");
}
sec_subject_sendmsg(sub_proc,send_msg);
return;
}
int vtpm_memdb_init() // get the tpm information and init the vtpm database
{
int retval;
int ret;
char * record_package;
TSS_HKEY hSignKey;
TSS_RESULT result;
BYTE digest[DIGEST_SIZE];
struct vTPM_info *local_tpm;
struct vTPM_wrappedkey *local_signkey;
struct vTPM_publickey *local_signpubkey;
char * keypass="******";
local_tpm=malloc(sizeof(struct vTPM_info));
if(local_tpm==NULL)
return -ENOMEM;
local_signkey=malloc(sizeof(struct vTPM_wrappedkey));
if(local_signkey==NULL)
return -ENOMEM;
local_signpubkey=malloc(sizeof(struct vTPM_publickey));
if(local_signpubkey==NULL)
return -ENOMEM;
// if it is the first time to exec it, we should create a sign key for controller.
result=TESI_Local_Reload();
if ( result != TSS_SUCCESS )
{
printf("TESI_Local_Load Err!\n");
return result;
}
// create this vtpm's info struct
char local_uuid[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=create_physical_tpm_struct(local_tpm,local_uuid,"vtpm_manager","ooo","sss",NULL,NULL);
AddPolicy(local_tpm,"VM_T");
ExportPolicyToFile("lib/VM_T.lib","VM_T");
printf("create local tpm info success!\n");
TESI_Local_Fin();
return 0;
}
int proc_compute_vmpolicy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_policy * policy;
struct vm_info * vm;
int retval;
int count=0;
int i,j;
int ret;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
for(i=0;i<MAX_RECORD_NUM;i++)
{
retval=message_get_record(message,&vm,i);
if(retval<0)
break;
if(vm==NULL)
break;
struct tcm_pcr_set * boot_pcrs;
struct tcm_pcr_set * running_pcrs;
ret=build_nova_vm_policy(vm->uuid,&boot_pcrs, &running_pcrs,&policy);
ExportPolicy("PCRP");
ExportPolicy("VM_P");
}
return;
}
int proc_tcm_makeidentity(void * sub_proc,void * recv_msg)
{
int ret=0;
int fd;
BYTE local_uuid[DIGEST_SIZE];
BYTE Buf[DIGEST_SIZE*32];
BYTE NameBuf[DIGEST_SIZE*4];
UINT32 result;
RECORD(TCM_PIK_DESC,USERINFO) * pik_userinfo;
RECORD(MESSAGE,SIZED_BINDATA) req_blob;
RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik;
RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub;
RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) tcm_pik_info;
void * new_msg;
int key_len;
void * tcm_key_template;
UINT32 smkHandle;
UINT32 ownerHandle;
UINT32 keyHandle;
UINT32 keyAuthHandle;
char uuid[DIGEST_SIZE*2+1];
DB_RECORD * db_record;
printf("begin pik makeidentity!\n");
// get pik_userinfo from message
ret=message_get_record(recv_msg,&pik_userinfo,0);
if(ret<0)
return -EINVAL;
if(pik_userinfo==NULL)
return -EINVAL;
// get this node's machine uuid
ret=proc_share_data_getvalue("uuid",pik_userinfo->node_uuid);
if(ret<0)
return ret;
// get this node's hostname
ret=gethostname(pik_userinfo->node_name,DIGEST_SIZE);
if(ret!=0)
Memset(pik_userinfo->node_name,0,DIGEST_SIZE);
// build tcm session
ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle);
printf("ownerHandle is : %x\n",ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle);
printf("smkHandle is : %x\n",smkHandle);
if(ret<0)
{
printf("TCM_APCreate failed!\n");
return -EINVAL;
}
int userinfolen;
BYTE * req;
int reqlen;
// get userinfo blob
tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO));
if(tcm_key_template==NULL)
return -EINVAL;
userinfolen=struct_2_blob(pik_userinfo,Buf,tcm_key_template);
if(userinfolen<0)
return userinfolen;
db_record=memdb_store(pik_userinfo,TYPE_PAIR(TCM_PIK_DESC,USERINFO),NULL);
if(db_record==NULL)
return -EINVAL;
// do makeidentity
ret = TCM_MakeIdentity(ownerHandle, smkHandle,
userinfolen,Buf,"kkk",
&tcm_pik, &req, &reqlen);
if(ret<0)
{
print_cubeerr("TCM_MakeIdentity failed!\n");
return -EINVAL;
}
// build an expand message record for req data
req_blob.size=reqlen;
req_blob.bindata=req;
// terminate session
ret=TCM_APTerminate(ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APTerminate failed!\n");
return -EINVAL;
}
ret=TCM_APTerminate(smkHandle);
if(ret<0)
{
print_cubeerr("TCM_APTerminate failed!\n");
return -EINVAL;
}
// generate TCM pik info ,left pubkey_uuid for fill
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_KEY));
if(tcm_key_template==NULL)
return -EINVAL;
key_len=struct_2_blob(&tcm_pik,Buf,tcm_key_template);
if(key_len<0)
return key_len;
Memset(&tcm_pik_info,0,sizeof(tcm_pik_info));
calculate_context_sm3(Buf,key_len,tcm_pik_info.uuid);
Memcpy(tcm_pik_info.vtcm_uuid,local_uuid,DIGEST_SIZE);
tcm_pik_info.issmkwrapped=1;
tcm_pik_info.key_usage=TCM_KEY_IDENTITY;
tcm_pik_info.key_flags=TCM_ISVOLATILE|TCM_PCRIGNOREDONREAD;
// store pik file
digest_to_uuid(tcm_pik_info.uuid,uuid);
uuid[DIGEST_SIZE*2]=0;
printf("get pik's uuid is %s!\n",uuid);
Strcpy(NameBuf,"tcmkey/");
Strcat(NameBuf,uuid);
fd=open(NameBuf,O_CREAT|O_WRONLY,0666);
if(fd<0)
return fd;
write(fd,Buf,key_len);
close(fd);
// Get pikpub from pik
//
ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik);
if(ret!=0)
{
print_cubeerr("Get Pubpik failed!\n");
return -EINVAL;
}
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY));
if(tcm_key_template==NULL)
return -EINVAL;
key_len=struct_2_blob(&tcm_pikpub,Buf,tcm_key_template);
if(key_len<0)
return key_len;
calculate_context_sm3(Buf,key_len,tcm_pik_info.pubkey_uuid);
db_record=memdb_store(&tcm_pik_info,TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),NULL);
// build a message and send it
new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,USERINFO),recv_msg);
if(new_msg==NULL)
return -EINVAL;
ret=message_add_record(new_msg,pik_userinfo);
if(ret<0)
return ret;
ret=message_add_expand_data(new_msg,TYPE_PAIR(MESSAGE,SIZED_BINDATA),&req_blob);
if(ret<0)
return -EINVAL;
ret=message_add_expand_data(new_msg,TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY),&tcm_pikpub);
if(ret<0)
return -EINVAL;
ret=ex_module_sendmsg(sub_proc,new_msg);
return ret;
}
int key_manage_start(void * sub_proc,void * para)
{
int ret;
void * recv_msg;
int i;
const char * type;
int fd;
enum key_state_type{
NO_KEY,
KEY_GENERATE,
KEY_SHARED,
KEY_ERROR
};
enum key_state_type key_state=NO_KEY;
struct key_request_cmd * key_req;
int count;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
void * sendmsg;
ret=local_key_generate(sub_proc);
if(ret<0)
return ret;
key_state=KEY_GENERATE;
for(i=0;i<3000*1000;i++)
{
usleep(time_val.tv_usec);
ret=sec_subject_recvmsg(sub_proc,&recv_msg);
if(ret<0)
continue;
if(recv_msg==NULL)
continue;
type=message_get_recordtype(recv_msg);
if(type==NULL)
{
message_free(recv_msg);
continue;
}
switch(key_state){
case KEY_GENERATE:
if(strncmp(type,"ACKI",4)==0)
{
ret=local_pubkey_share(sub_proc);
if(ret<0)
return ret;
key_state=KEY_SHARED;
}
break;
case KEY_SHARED:
if(strncmp(type,"LOGI",4)==0)
{
struct login_info * user_info;
int j=0;
ret=message_get_record(recv_msg,&user_info,j++);
while(user_info!=NULL)
{
ret=local_pubkey_request(sub_proc,user_info->user);
if(ret<0)
break;
ret=message_get_record(recv_msg,&user_info,j++);
if(ret<0)
break;
}
sec_subject_sendmsg(sub_proc,recv_msg);
}
else if(strncmp(type,"NKLD",4)==0)
{
struct node_key_list * pub_keylist;
int j=0;
ret=message_get_record(recv_msg,&pub_keylist,j++);
if(pub_keylist!=NULL)
{
AddPolicy(pub_keylist,"NKLD");
}
ExportPolicy("NKLD");
}
break;
default:
break;
}
}
return 0;
}
int local_pubkey_share(void * sub_proc)
{
struct node_key_list * pub_keylist;
int ret;
int count;
char uuidname[DIGEST_SIZE*2+16];
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char proc_uuid[DIGEST_SIZE*2+1];
BYTE digest[DIGEST_SIZE];
void * sendmsg;
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
comp_proc_uuid(local_uuid,proc_name,proc_uuid);
ret=FindPolicy(proc_uuid,"NKLD",&pub_keylist);
if((ret<0) || (pub_keylist==NULL))
return -EINVAL;
sendmsg=message_create("NKLD",NULL);
message_add_record(sendmsg,pub_keylist);
sec_subject_sendmsg(sub_proc,sendmsg);
void * new_msg;
struct policyfile_data * reqdata;
// share AIK
sprintf(uuidname,"pubkey/%.64s.pem",pub_keylist->nodeAIK);
ret=build_filedata_struct(&reqdata,uuidname);
new_msg=message_create("FILD",NULL);
if(new_msg!=NULL)
{
message_add_record(new_msg,reqdata);
sec_subject_sendmsg(sub_proc,new_msg);
}
// share AIKsda
sprintf(uuidname,"cert/%.64s.sda",pub_keylist->nodeAIKSda);
ret=build_filedata_struct(&reqdata,uuidname);
new_msg=message_create("FILD",NULL);
if(new_msg!=NULL)
{
message_add_record(new_msg,reqdata);
sec_subject_sendmsg(sub_proc,new_msg);
}
// share Bindkey
sprintf(uuidname,"pubkey/%.64s.pem",pub_keylist->nodeBindKey);
ret=build_filedata_struct(&reqdata,uuidname);
new_msg=message_create("FILD",NULL);
if(new_msg!=NULL)
{
message_add_record(new_msg,reqdata);
sec_subject_sendmsg(sub_proc,new_msg);
}
// share Bindkeyval
sprintf(uuidname,"cert/%.64s.val",pub_keylist->nodeBindKeyVal);
ret=build_filedata_struct(&reqdata,uuidname);
new_msg=message_create("FILD",NULL);
if(new_msg!=NULL)
{
message_add_record(new_msg,reqdata);
sec_subject_sendmsg(sub_proc,new_msg);
}
return 0;
}
int local_key_generate(void * sub_proc)
{
struct node_key_list * local_keylist;
struct node_key_list * pub_keylist;
struct key_request_cmd * key_req;
int ret;
int fd;
int i;
int count;
char uuidname[DIGEST_SIZE*2+16];
enum local_key_state{
NO_AIKEY,
AIK_REQUEST,
AIK_GENERATE,
AIK_VERIFY,
BINDKEY_GENERATE,
BINDKEY_VERIFY,
SIGNKEY_GENERATE,
SIGNKEY_VERIFY,
LOCAL_KEY_ERROR=0xffff
};
enum local_key_state key_state=NO_AIKEY;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char proc_uuid[DIGEST_SIZE*2+1];
BYTE digest[DIGEST_SIZE];
char temp_uuid[DIGEST_SIZE*2];
void * sendmsg;
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
comp_proc_uuid(local_uuid,proc_name,proc_uuid);
ret=FindPolicy(proc_uuid,"LKLD",&local_keylist);
if((ret<0) || (local_keylist==NULL))
{
key_state=NO_AIKEY;
local_keylist=malloc(sizeof(struct node_key_list));
if(local_keylist==NULL)
return -ENOMEM;
memset(local_keylist,0,sizeof(struct node_key_list));
memcpy(local_keylist->nodeuuid,proc_uuid,DIGEST_SIZE*2);
memcpy(local_keylist->localuuid,local_uuid,DIGEST_SIZE*2);
memcpy(local_keylist->nodename,proc_name,DIGEST_SIZE*2);
local_keylist->isnodelocal=1;
ret=AddPolicy(local_keylist,"LKLD");
if(ret<0)
return -EINVAL;
pub_keylist=malloc(sizeof(struct node_key_list));
if(pub_keylist==NULL)
return -ENOMEM;
memset(pub_keylist,0,sizeof(struct node_key_list));
memcpy(pub_keylist->nodeuuid,proc_uuid,DIGEST_SIZE*2);
memcpy(pub_keylist->localuuid,local_uuid,DIGEST_SIZE*2);
memcpy(pub_keylist->nodename,proc_name,DIGEST_SIZE*2);
pub_keylist->isnodelocal=1;
ret=AddPolicy(local_keylist,"NKLD");
if(ret<0)
return -EINVAL;
}
else
{
ret=FindPolicy(proc_uuid,"NKLD",&pub_keylist);
if(ret<0)
return -EINVAL;
if(local_keylist->nodeAIK[0]==0)
key_state=AIK_REQUEST;
else if(pub_keylist->nodeAIKSda[0]==0)
key_state=AIK_GENERATE;
else if(local_keylist->nodeBindKey[0]==0)
key_state=AIK_VERIFY;
else if(pub_keylist->nodeBindKeyVal[0]==0)
key_state=BINDKEY_GENERATE;
else if(local_keylist->nodeSignKey[0]==0)
key_state=BINDKEY_VERIFY;
else if(pub_keylist->nodeSignKeyVal[0]==0)
key_state=SIGNKEY_GENERATE;
else
{
key_state=SIGNKEY_VERIFY;
return 0;
}
}
for(i=0;i<30*1000;i++)
{
usleep(time_val.tv_usec);
switch(key_state){
case NO_AIKEY:
key_req=malloc(sizeof(struct key_request_cmd));
if(key_req==NULL)
return -EINVAL;
memcpy(key_req->machine_uuid,local_uuid,DIGEST_SIZE*2);
memcpy(key_req->proc_name,"local",5);
key_req->keyusage=TPM_KEY_IDENTITY;
key_req->keyflags=0;
count=0;
key_state=AIK_REQUEST;
sendmsg=message_create("KREC",NULL);
if(sendmsg==NULL)
return -EINVAL;
message_add_record(sendmsg,key_req);
sec_subject_sendmsg(sub_proc,sendmsg);
break;
case AIK_REQUEST:
fd=open("pubkey/AIK.pem",O_RDONLY);
if(fd>0)
{
close(fd);
key_state=AIK_GENERATE;
count=0;
fd=open("privkey/AIK.key",O_RDONLY);
if(fd<0)
return -EINVAL;
close(fd);
ret=calculate_sm3("privkey/AIK.key",digest);
if(ret<0)
return ret;
digest_to_uuid(digest,local_keylist->nodeAIK);
ret=calculate_sm3("pubkey/AIK.pem",digest);
if(ret<0)
return ret;
digest_to_uuid(digest,pub_keylist->nodeAIK);
}
else
{
close(fd);
count++;
if(count>1000)
{
printf("do not get AIK");
key_state=NO_AIKEY;
remove("privkey/AIK.key");
remove("pubkey/AIK.pem");
}
}
break;
case AIK_GENERATE:
fd=open("cert/AIK.sda",O_RDONLY);
if(fd<0)
{
count++;
if(count>1000)
{
remove("cert/AIK.sda");
remove("pubkey/AIK.pem");
remove("privkey/AIK.key");
key_state=NO_AIKEY;
}
break;
}
else
{
close(fd);
ret=aik_verify(local_keylist->username);
if(ret<0)
{
remove("cert/AIK.sda");
remove("pubkey/AIK.pem");
remove("privkey/AIK.key");
key_state=NO_AIKEY;
break;
}
memcpy(pub_keylist->username,local_keylist->username,DIGEST_SIZE);
ret=trustfile_to_uuidname("privkey/AIK.key",local_keylist->nodeAIK);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("pubkey/AIK.pem",pub_keylist->nodeAIK);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("cert/AIK.sda",pub_keylist->nodeAIKSda);
if(ret<0)
{
return ret;
}
memcpy(local_keylist->nodeAIKSda,pub_keylist->nodeAIKSda,DIGEST_SIZE*2);
ret=DelPolicy(local_keylist,"LKLD");
ret=AddPolicy(local_keylist,"LKLD");
ret=ExportPolicy("LKLD");
ret=DelPolicy(pub_keylist,"NKLD");
ret=AddPolicy(pub_keylist,"NKLD");
ret=ExportPolicy("NKLD");
remove("cert/bindkey.val");
remove("pubkey/bindpubkey.pem");
count=0;
key_state=AIK_VERIFY;
}
break;
case AIK_VERIFY:
fd=open("pubkey/bindpubkey.pem",O_RDONLY);
if(fd>0)
key_state=BINDKEY_GENERATE;
else
{
close(fd);
ret=bind_key_generate(local_keylist->nodeAIK);
if(ret<0)
return ret;
}
break;
case BINDKEY_GENERATE:
fd=open("cert/bindkey.val",O_RDONLY);
if(fd<0)
{
count++;
if(count>5000)
{
printf("do not get Bind key valdata");
key_state=AIK_GENERATE;
}
break;
}
else
{
close(fd);
ret=trustfile_to_uuidname("cert/bindkey.val",pub_keylist->nodeBindKeyVal);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("privkey/bindkey.key",local_keylist->nodeBindKey);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("pubkey/bindpubkey.pem",pub_keylist->nodeBindKey);
if(ret<0)
{
remove("pubkey/bindpubkey.pem");
return ret;
}
if(bindkey_verify(pub_keylist->nodeAIK,pub_keylist->nodeBindKeyVal,pub_keylist->nodeBindKey)!=0)
{
printf("bindkey verify failed!\n");
return -EINVAL;
}
else
{
ret=DelPolicy(local_keylist,"LKLD");
ret=AddPolicy(local_keylist,"LKLD");
ret=ExportPolicy("LKLD");
ret=DelPolicy(pub_keylist,"NKLD");
ret=AddPolicy(pub_keylist,"NKLD");
ret=ExportPolicy("NKLD");
}
key_state=BINDKEY_VERIFY;
}
break;
case BINDKEY_VERIFY:
// ret=bind_pubkey_memdb_init();
// if(ret<0)
// {
// printf("load bindpubkey error %d!\n",ret);
// }
return 0;
default:
return -EINVAL;
}
}
return 0;
}
int monitor_process_start(void * sub_proc,void * para)
{
int ret;
int retval;
void * message_box;
void * context;
void * recv_msg;
struct tcloud_connector * temp_conn;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char hostname[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("host_name",hostname);
if(ret<0)
return ret;
printf("begin compute monitor process!\n");
sleep(2);
proc_send_compute_localinfo(sub_proc,NULL);
for(i=0;i<3000*1000;i++)
{
usleep(time_val.tv_usec);
ret=sec_subject_recvmsg(sub_proc,&recv_msg);
if(ret<0)
continue;
if(recv_msg==NULL)
continue;
MESSAGE_HEAD * msg_head;
msg_head=get_message_head(recv_msg);
if(msg_head==NULL)
continue;
if(strncmp(msg_head->record_type,"PLAI",4)==0)
{
proc_send_compute_localinfo(sub_proc,recv_msg);
}
if(strncmp(msg_head->record_type,"VM_I",4)==0)
{
proc_compute_vmpolicy(sub_proc,recv_msg,NULL);
}
if(strncmp(msg_head->record_type,"REQC",4)==0)
{
struct request_cmd * cmd;
ret=message_get_record(recv_msg,&cmd,0);
if(strncmp(cmd->tag,"VM_P",4)==0)
{
proc_send_vmpolicy(sub_proc,recv_msg);
}
else if(strncmp(cmd->tag,"PLAP",4)==0)
{
proc_send_computepolicy(sub_proc,recv_msg);
}
else
continue;
}
}
return 0;
}
int manager_vm_start(void * sub_proc,void * para)
{
int ret;
int retval;
void * context;
int i;
void * recv_msg;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
const char * type;
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
printf("begin vm manager process!\n");
for(i=0;i<500*1000;i++)
{
usleep(time_val.tv_usec);
ret=sec_subject_recvmsg(sub_proc,&recv_msg);
if(ret<0)
continue;
if(recv_msg==NULL)
continue;
type=message_get_recordtype(recv_msg);
if(type==NULL)
continue;
if(strncmp(type,"VM_I",4)==0)
{
proc_store_vm(sub_proc,recv_msg);
}
if(strncmp(type,"VM_P",4)==0)
{
proc_store_vm_policy(sub_proc,recv_msg);
}
if(strncmp(type,"REQC",4)==0)
{
struct request_cmd * req;
ret=message_get_record(recv_msg,&req,0);
if(ret<0)
{
printf("error request command!\n");
continue;
}
if(strncmp(req->tag,"VM_I",4)==0)
{
proc_send_vm_info(sub_proc,recv_msg);
}
else if(strncmp(req->tag,"VM_P",4)==0)
{
proc_send_vm_policy(sub_proc,recv_msg);
}
}
}
return 0;
}
int key_manage2_start(void * sub_proc,void * para)
{
int ret;
int retval;
void * recv_msg;
void * send_msg;
void * context;
int i;
int type;
int subtype;
void * sock;
BYTE uuid[DIGEST_SIZE];
char local_uuid[DIGEST_SIZE];
char proc_name[DIGEST_SIZE];
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
// build a slot for key request info
void * slot_port=slot_port_init("key_request",2);
slot_port_addrecordpin(slot_port,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO);
slot_port_addmessagepin(slot_port,DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY);
slot_port_addmessagepin(slot_port,DTYPE_TESI_KEY_STRUCT,SUBTYPE_PUBLIC_KEY);
ex_module_addslot(sub_proc,slot_port);
printf("begin tpm key manage1 start!\n");
for(i=0;i<300*1000;i++)
{
usleep(time_val.tv_usec);
ret=ex_module_recvmsg(sub_proc,&recv_msg);
if(ret<0)
continue;
if(recv_msg==NULL)
continue;
type=message_get_type(recv_msg);
subtype=message_get_subtype(recv_msg);
if((type==DTYPE_TRUST_DEMO)&&(subtype==SUBTYPE_KEY_INFO))
{
proc_key_check(sub_proc,recv_msg);
}
else if(((type==DTYPE_TESI_KEY_STRUCT)&&(subtype==SUBTYPE_WRAPPED_KEY))
||((type==DTYPE_TESI_KEY_STRUCT)&&(subtype==SUBTYPE_PUBLIC_KEY)))
{
ret=message_get_uuid(recv_msg,uuid);
if(ret<0)
continue;
sock=ex_module_findsock(sub_proc,uuid);
if(sock==NULL)
continue;
ret=slot_sock_addmsg(sock,recv_msg);
if(ret>0)
proc_key_store(sub_proc,sock);
}
else if((type==DTYPE_TRUST_DEMO)&&(subtype==SUBTYPE_FILECRYPT_INFO))
{
proc_key_recover(sub_proc,recv_msg);
}
}
return 0;
};
int proc_aik_request(void * sub_proc,void * message)
{
TSS_RESULT result;
TSS_HKEY hSignKey;
TSS_HKEY hAIKey, hCAKey;
struct aik_request_info reqinfo;
struct policyfile_data * reqdata;
int ret;
BYTE *labelString = "UserA";
UINT32 labelLen = strlen(labelString) + 1;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
printf("begin aik request!\n");
char buffer[1024];
char digest[DIGEST_SIZE];
int blobsize=0;
int fd;
// create a signkey and write its key in localsignkey.key, write its pubkey in localsignkey.pem
result=TESI_Local_ReloadWithAuth("ooo","sss");
result=TESI_Local_CreateSignKey(&hSignKey,(TSS_HKEY)NULL,"sss","kkk");
if(result == TSS_SUCCESS)
printf("Create SignKey SUCCEED!\n");
TESI_Local_WriteKeyBlob(hSignKey,"privkey/localsignkey");
TESI_Local_WritePubKey(hSignKey,"pubkey/localsignkey");
// fill the reqinfo struct
calculate_sm3("pubkey/localsignkey.pem",digest);
digest_to_uuid(digest,reqinfo.signpubkey_uuid);
calculate_sm3("pubkey/pubek.pem",digest);
digest_to_uuid(digest,reqinfo.pubek_uuid);
reqinfo.user_name=labelString;
get_local_uuid(reqinfo.user_uuid);
// create info blob
void * struct_template=create_struct_template(req_info_desc);
if(struct_template==NULL)
return -EINVAL;
blobsize=struct_2_blob(&reqinfo,buffer,struct_template);
// Load the CA Key
result=TESI_Local_GetPubKeyFromCA(&hCAKey,"cert/CA");
if (result != TSS_SUCCESS) {
printf("Get pubkey error %s!\n", tss_err_string(result));
exit(result);
}
TESI_AIK_CreateIdentKey(&hAIKey,NULL,"sss","kkk");
if (result != TSS_SUCCESS) {
printf("Create AIK error %s!\n", tss_err_string(result));
exit(result);
}
labelLen=strlen(labelString);
result = TESI_AIK_GenerateReq(hCAKey,blobsize,buffer,hAIKey,"cert/aik");
if (result != TSS_SUCCESS){
printf("Generate aik failed%s!\n",tss_err_string(result));
exit(result);
}
TESI_Local_WriteKeyBlob(hAIKey,"privkey/AIK");
ret=build_filedata_struct(&reqdata,"cert/aik.req");
void * send_msg;
send_msg=message_create("FILD",message);
if(send_msg!=NULL)
{
message_add_record(send_msg,reqdata);
sec_subject_sendmsg(sub_proc,send_msg);
}
return 0;
}
int json_port_init(void * sub_proc,void * para)
{
int ret;
struct json_server_context * sub_context;
struct message_box * msg_box;
struct message_box * new_msg;
struct tcloud_connector_hub * port_hub;
MESSAGE_HEAD * msg_head;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
register_record_type("SYNI",connect_syn_desc);
// process init
sub_context=malloc(sizeof(struct json_server_context));
if(sub_context==NULL)
return -ENOMEM;
memset(sub_context,0,sizeof(struct json_server_context));
void * context;
ret=sec_subject_getcontext(sub_proc,&context);
if(ret<0)
return ret;
sec_object_setpointer(context,sub_context);
// parameter deal with
char * server_name="json_server";
char * server_uuid=local_uuid;
char * service=sec_subject_getname(sub_proc);
char * server_addr=local_jsonserver_addr;
char * nonce="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
struct connect_syn * syn_info;
syn_info=malloc(sizeof(struct connect_syn));
if(syn_info==NULL)
return -ENOMEM;
memset(syn_info,0,sizeof(struct connect_syn));
char buffer[1024];
memset(buffer,0,1024);
int stroffset=0;
msg_box=build_server_syn_message(service,local_uuid,proc_name);
stroffset=message_2_json(msg_box,buffer);
printf("json message size is %d\n",stroffset);
printf("json message:%s\n",buffer);
ret=json_2_message(buffer,&new_msg);
if(ret<0)
return -EINVAL;
sub_context->json_message=dup_str(buffer,0);
sub_context->message_len=strlen(buffer);
port_hub=get_connector_hub();
sub_context->json_port_hub=port_hub;
struct tcloud_connector * temp_conn;
temp_conn=get_connector(CONN_SERVER,AF_INET);
if((temp_conn ==NULL) || IS_ERR(temp_conn))
{
printf("get json server conn failed!\n");
return -EINVAL;
}
ret=temp_conn->conn_ops->init(temp_conn,server_name,server_addr);
if(ret<0)
{
printf("init conn json_server failed!\n");
return -EINVAL;
}
port_hub->hub_ops->add_connector(port_hub,temp_conn,NULL);
ret=temp_conn->conn_ops->listen(temp_conn);
if(ret<0)
return -EINVAL;
return 0;
}
int json_port_start(void * sub_proc,void * para)
{
int ret;
int retval;
void * message_box;
void * context;
struct tcloud_connector_hub * port_hub;
struct tcloud_connector * port_conn;
struct tcloud_connector * recv_conn;
struct tcloud_connector * channel_conn;
int i;
struct timeval conn_val;
conn_val.tv_usec=time_val.tv_usec;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char buffer[4096];
memset(buffer,0,4096);
int stroffset;
printf("begin json server process!\n");
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
struct json_server_context * server_context;
ret=sec_subject_getcontext(sub_proc,&context);
server_context=sec_object_getpointer(context);
port_hub=server_context->json_port_hub;
port_conn=hub_get_connector(server_context->json_port_hub,"json_server");
if(port_conn==NULL)
return -EINVAL;
channel_conn=NULL;
for(i=0;i<500*1000;i++)
{
ret=port_hub->hub_ops->select(port_hub,&conn_val);
usleep(conn_val.tv_usec);
conn_val.tv_usec=time_val.tv_usec;
if(ret>0)
{
do{
recv_conn=port_hub->hub_ops->getactiveread(port_hub);
if(recv_conn==NULL)
break;
if(connector_get_type(recv_conn)==CONN_SERVER)
{
channel_conn=recv_conn->conn_ops->accept(recv_conn);
if(channel_conn==NULL)
{
printf("error: json_server connector accept error %x!\n",channel_conn);
continue;
}
printf("create a new channel %x!\n",channel_conn);
// build a server syn message with service name,uuid and proc_name
channel_conn->conn_ops->write(channel_conn,
server_context->json_message,
server_context->message_len);
port_hub->hub_ops->add_connector(port_hub,channel_conn,NULL);
}
else if(connector_get_type(recv_conn)==CONN_CHANNEL)
{
char * buffer=malloc(65535);
int offset=0;
do {
ret=recv_conn->conn_ops->read(recv_conn,buffer+offset,4096);
if(ret<0)
break;
offset+=ret;
}while(ret==4096);
void * message;
ret=json_2_message(buffer,&message);
if(ret>=0)
{
if(message_get_state(message)==0)
message_set_state(message,MSG_FLOW_INIT);
set_message_head(message,"sender_uuid",local_uuid);
sec_subject_sendmsg(sub_proc,message);
}
}
}while(1);
}
// send message to the remote
while(sec_subject_recvmsg(sub_proc,&message_box)>=0)
{
if(message_box==NULL)
break;
stroffset=message_2_json(message_box,buffer);
if(channel_conn!=NULL)
{
channel_conn->conn_ops->write(channel_conn,
buffer,stroffset);
printf("json port send %d data !",stroffset);
}
}
}
return 0;
}