int proc_send_computepolicy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct request_cmd * cmd;
int retval;
int count=0;
int i,j;
int ret;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char hostname[DIGEST_SIZE*2+1];
printf("begin to send computepolicy!\n");
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("host_name",hostname);
if(ret<0)
return ret;
struct vm_policy * compute_policy;
struct tcm_pcr_set * compute_boot_pcrs;
struct tcm_pcr_set * compute_running_pcrs;
build_compute_boot_pcrs("/dev/sda",hostname,&compute_boot_pcrs);
build_compute_running_pcrs("/dev/sda",hostname,&compute_running_pcrs);
ret=build_entity_policy(local_uuid,NULL,compute_boot_pcrs,compute_running_pcrs,hostname,&compute_policy);
if(compute_policy==NULL)
return -EINVAL;
ExportPolicy("PLAP");
void * send_pcr_msg;
void * send_msg;
// send compute node's pcr policy
send_pcr_msg=message_create("PCRP",NULL);
message_add_record(send_pcr_msg,compute_boot_pcrs);
if(compute_running_pcrs!=NULL)
message_add_record(send_pcr_msg,compute_running_pcrs);
sec_subject_sendmsg(sub_proc,send_pcr_msg);
usleep(time_val.tv_usec*3);
// send compute node's platform policy
send_msg=message_create("PLAP",message);
message_add_record(send_msg,compute_policy);
sec_subject_sendmsg(sub_proc,send_msg);
return 0;
}
int proc_send_vmpolicy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct request_cmd * cmd;
struct vm_policy * policy;
int retval;
int count=0;
int i,j;
int ret;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
printf("begin to send vmpolicy!\n");
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
message_head=get_message_head(message);
// get vm info from message
retval=message_get_record(message,&cmd,0);
if(retval<0)
return -EINVAL;
struct tcm_pcr_set * boot_pcrs;
struct tcm_pcr_set * running_pcrs;
ret=build_nova_vm_policy(cmd->uuid,&boot_pcrs, &running_pcrs,&policy);
if(policy==NULL)
return -EEXIST;
ExportPolicy("VM_P");
void * send_pcr_msg;
void * send_msg;
// send compute node's pcr policy
send_pcr_msg=message_create("PCRP",NULL);
message_add_record(send_pcr_msg,boot_pcrs);
if(running_pcrs!=NULL)
message_add_record(send_pcr_msg,running_pcrs);
sec_subject_sendmsg(sub_proc,send_pcr_msg);
usleep(time_val.tv_usec*3);
send_msg=message_create("VM_P",message);
message_add_record(send_msg,policy);
sec_subject_sendmsg(sub_proc,send_msg);
return 0;
}
int proc_send_vm_policy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_policy * vm;
struct request_cmd * cmd;
int retval;
int ret;
int count=0;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
printf("begin send vm policy process!\n");
void * send_msg;
void * send_pcr_msg;
ret=message_get_record(message,&cmd,0);
if(ret<0)
return -EINVAL;
// monitor send a new vm message
// memset(vm,0,sizeof(struct vm_policy));
vm = NULL;
FindPolicy(cmd->uuid,"VM_P",&vm);
if(vm==NULL)
return 0;
send_msg=message_create("VM_P",message);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,vm);
sec_subject_sendmsg(sub_proc,send_msg);
send_pcr_msg=message_create("PCRP",message);
struct tcm_pcr_set * pcrpolicy;
FindPolicy(vm->boot_pcr_uuid,"PCRP",&pcrpolicy);
if(pcrpolicy!=NULL)
{
message_add_record(send_pcr_msg,pcrpolicy);
sec_subject_sendmsg(sub_proc,send_pcr_msg);
}
return;
}
int proc_send_compute_localinfo(void * sub_proc,void * message)
{
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char hostname[DIGEST_SIZE*2+1];
int ret;
MESSAGE_HEAD * message_head;
struct platform_info * platform;
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
printf("begin send %s localinfo!\n",hostname);
ret=FindPolicy(local_uuid,"PLAI",&platform);
if(ret<0)
return ret;
if(platform==NULL)
return -EINVAL;
void * send_msg;
send_msg=message_create("PLAI",message);
message_add_record(send_msg,platform);
sec_subject_sendmsg(sub_proc,send_msg);
return 0;
}
int proc_send_vm_info(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_info * vm;
int retval;
int ret;
int count=0;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
printf("begin vm send image info process!\n");
void * send_msg;
message_head=get_message_head(message);
if(message_head==NULL)
return -EINVAL;
// monitor send a new vm message
// memset(vm,0,sizeof(struct vm_policy));
vm = NULL;
send_msg=message_create("VM_I",message);
if(send_msg==NULL)
return -EINVAL;
GetFirstPolicy(&vm,"VM_I");
while( vm != NULL)
{
message_add_record(send_msg,vm);
GetNextPolicy(&vm,"VM_I");
}
sec_subject_sendmsg(sub_proc,send_msg);
return;
}
int main(void)
{
const char * config_filename= "./router_policy.cfg";
int i,recordnum;
int ret;
void * record;
void * message;
void * recv_message;
void * msg_head;
int retval;
struct connect_login * login_info;
logic_baselib_init();
register_record_type("LOGC",&connect_login_desc,NULL);
message=message_create("LOGC",NULL);
for(i=0;i<3;i++)
{
login_info=malloc(sizeof(struct connect_login));
login_info->user=dup_str(name[i],0);
login_info->passwd=dup_str(passwd[i],0);
memset(login_info->nonce,'0',DIGEST_SIZE);
message_add_record(message,login_info);
}
router_policy_init();
ret=router_read_cfg(config_filename);
if(ret<0)
return -EINVAL;
void * msg_policy;
ret=router_policy_getfirst(&msg_policy);
if(ret<0)
{
printf("get msg policy failed!\n");
return -EINVAL;
}
printf("get msg policy succeed!\n");
ret=router_policy_match_message(msg_policy,message,NULL);
return 0;
}
int local_pubkey_request(void * sub_proc,char * user)
{
struct node_key_list * pub_keylist;
int ret;
int count;
char uuidname[DIGEST_SIZE*2+16];
char proc_uuid[DIGEST_SIZE*2+1];
BYTE digest[DIGEST_SIZE];
void * sendmsg;
ret=GetFirstPolicy(&pub_keylist,"NKLD");
if(ret<0)
return -EINVAL;
while(pub_keylist!=NULL)
{
if(strncmp(pub_keylist->username,user,DIGEST_SIZE)==0)
{
printf("user %s's pubkey is already getten!\n",user);
return 0;
}
ret=GetNextPolicy(&pub_keylist,"NKLD");
if(ret<0)
return -EINVAL;
}
struct key_request_cmd * key_req;
key_req=malloc(sizeof(struct key_request_cmd));
if(key_req==NULL)
return -ENOMEM;
memset(key_req,0,sizeof(struct key_request_cmd));
strncpy(key_req->user_name,user,DIGEST_SIZE);
sendmsg=message_create("KREC",NULL);
message_add_record(sendmsg,key_req);
sec_subject_sendmsg(sub_proc,sendmsg);
}
int proc_verify(void * sub_proc,void * message)
{
int type;
int subtype;
int ret;
printf("begin proc login_verify \n");
type=message_get_type(message);
if(type!=DTYPE_CRYPTO_DEMO)
return -EINVAL;
subtype=message_get_subtype(message);
if(subtype!=SUBTYPE_LOGIN_INFO)
return -EINVAL;
void * new_msg;
void * record;
struct login_info * login_data;
struct login_info * lib_data;
struct verify_return * return_data;
new_msg=message_create(DTYPE_CRYPTO_DEMO,SUBTYPE_VERIFY_RETURN,message);
return_data=Talloc0(sizeof(*return_data));
ret=message_get_record(message,&login_data,0);
if(ret<0)
return ret;
lib_data=memdb_get_first_record(type,subtype);
while(lib_data!=NULL)
{
if(Strncmp(lib_data->user,login_data->user,DIGEST_SIZE)==0)
break;
lib_data=memdb_get_next_record(type,subtype);
}
if(lib_data==NULL)
{
return_data->ret_data=dup_str("no such user!",0);
return_data->retval=-1;
}
else
{
if (Strncmp(lib_data->passwd,login_data->passwd,DIGEST_SIZE)!=0)
{
return_data->ret_data=dup_str("error passwd!",0);
return_data->retval=0;
}
else
{
return_data->ret_data=dup_str("login_succeed!",0);
return_data->retval=1;
ret=user_addr_store(sub_proc,message);
if(ret<0)
return ret;
}
}
return_data->ret_data_size=Strlen(return_data->ret_data)+1;
message_add_record(new_msg,return_data);
ex_module_sendmsg(sub_proc,new_msg);
return ret;
}
int proc_symmkey_gen(void * sub_proc,void * recv_msg)
{
int ret=0;
int i=0;
struct trust_encdata_info * encdatainfo;
struct vTPM_wrappedkey * key_struct;
void * send_msg;
TSS_HKEY hEnckey;
BYTE uuid[DIGEST_SIZE];
DB_RECORD * keyinfo_record;
DB_RECORD * key_record;
BYTE EncData[DIGEST_SIZE];
BYTE uuidstr[DIGEST_SIZE*2];
char filename[DIGEST_SIZE*4];
char buffer[DIGEST_SIZE*8];
// get message
ret=message_get_record(recv_msg,&key_struct,0);
if(key_struct==NULL)
return -EINVAL;
encdatainfo=Calloc(sizeof(*encdatainfo));
if(encdatainfo==NULL)
return -ENOMEM;
key_record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",key_struct->uuid);
if(key_record==NULL)
return -EINVAL;
hEnckey=key_record->tail;
TESI_Local_GetRandom(EncData,DIGEST_SIZE);
int fd=open("encdata/tempkey.dat",O_RDWR|O_CREAT|O_TRUNC,0666);
if(fd<0)
return -EINVAL;
write(fd,EncData,DIGEST_SIZE);
close(fd);
TESI_Local_Bind("encdata/tempkey.dat",hEnckey,"encdata/symmkey.dat");
convert_uuidname("encdata/symmkey",".dat",encdatainfo->uuid,filename);
Memcpy(encdatainfo->vtpm_uuid,key_struct->vtpm_uuid,DIGEST_SIZE);
Memcpy(encdatainfo->enckey_uuid,key_struct->uuid,DIGEST_SIZE);
getcwd(buffer,DIGEST_SIZE*5-6);
Strcat(buffer,"/");
Strcat(buffer,filename);
encdatainfo->filename=dup_str(buffer,DIGEST_SIZE*7);
send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,encdatainfo);
memdb_store(encdatainfo,DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,NULL);
ex_module_sendmsg(sub_proc,send_msg);
ex_module_sendmsg(sub_proc,recv_msg);
return ret;
}
int main() {
static unsigned char alloc_buffer[4096*(1+1+4+1+16+1+256)];
char json_buffer[4096];
char print_buffer[4096];
BYTE bin_buffer[4096];
int ret;
int readlen;
int json_offset;
void * root_node;
void * findlist;
void * memdb_template ;
BYTE uuid[DIGEST_SIZE];
int i;
MSG_HEAD * msg_head;
char * baseconfig[] =
{
"namelist.json",
"typelist.json",
"subtypelist.json",
"msghead.json",
"base_msg.json",
"expandrecord.json",
NULL
};
// alloc_init(alloc_buffer);
struct_deal_init();
memdb_init();
// test namelist reading start
for(i=0;baseconfig[i]!=NULL;i++)
{
ret=read_json_file(baseconfig[i]);
if(ret<0)
return ret;
printf("read %d elem from file %s!\n",ret,baseconfig[i]);
}
void * record;
// test struct desc reading start
int msg_type = memdb_get_typeno("MESSAGE");
if(msg_type<=0)
return -EINVAL;
int subtype=memdb_get_subtypeno(msg_type,"HEAD");
if(subtype<=0)
return -EINVAL;
record=memdb_get_first(msg_type,subtype);
while(record!=NULL)
{
ret=memdb_print(record,print_buffer);
if(ret<0)
return -EINVAL;
printf("%s\n",print_buffer);
record=memdb_get_next(msg_type,subtype);
}
msgfunc_init();
void * message;
struct basic_message base_msg;
struct expand_flow_trace flow_trace;
message=message_create(DTYPE_MESSAGE,SUBTYPE_BASE_MSG,NULL);
base_msg.message=dup_str("Hello,World!",0);
flow_trace.record_num=1;
flow_trace.trace_record=Talloc0(DIGEST_SIZE*flow_trace.record_num);
Strncpy(flow_trace.trace_record,"test_port",DIGEST_SIZE/4*3);
ret=message_add_record(message,&base_msg);
if(ret<0)
{
printf("add message record failed!\n");
return ret;
}
ret=message_add_expand_data(message,DTYPE_MSG_EXPAND,SUBTYPE_FLOW_TRACE,&flow_trace);
if(ret<0)
{
printf("add message expand failed!\n");
return ret;
}
ret=message_record_struct2blob(message);
if(ret<0)
{
printf("message struct2blob failed!\n");
return ret;
}
BYTE * blob;
ret=message_output_json(message,json_buffer);
if(ret<0)
{
printf("message output json failed!\n");
return ret;
}
printf("%s\n",json_buffer);
ret=message_output_blob(message,&blob);
if(ret<0)
return ret;
printf ("output %d data to bin_buffer\n",ret);
void * new_msg;
ret=message_read_from_blob(&new_msg,blob,ret);
printf ("read %d from bin_buffer\n",ret);
ret=message_load_record(new_msg);
if(ret<0)
{
printf("load record failed!\n");
return ret;
}
ret=message_load_expand(new_msg);
if(ret<0)
{
printf("load expand failed!\n");
return ret;
}
printf("%s\n",json_buffer);
ret=json_2_message(json_buffer,&new_msg);
if(ret<0)
return ret;
printf ("read %d from json_buffer\n",ret);
ret=message_output_json(new_msg,json_buffer);
if(ret<0)
{
printf("message output json failed!\n");
return ret;
}
printf("%s\n",json_buffer);
ret=message_output_blob(message,bin_buffer);
return 0;
}
int local_pubkey_share(void * sub_proc)
{
struct node_key_list * pub_keylist;
int ret;
int count;
char uuidname[DIGEST_SIZE*2+16];
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char proc_uuid[DIGEST_SIZE*2+1];
BYTE digest[DIGEST_SIZE];
void * sendmsg;
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
comp_proc_uuid(local_uuid,proc_name,proc_uuid);
ret=FindPolicy(proc_uuid,"NKLD",&pub_keylist);
if((ret<0) || (pub_keylist==NULL))
return -EINVAL;
sendmsg=message_create("NKLD",NULL);
message_add_record(sendmsg,pub_keylist);
sec_subject_sendmsg(sub_proc,sendmsg);
void * new_msg;
struct policyfile_data * reqdata;
// share AIK
sprintf(uuidname,"pubkey/%.64s.pem",pub_keylist->nodeAIK);
ret=build_filedata_struct(&reqdata,uuidname);
new_msg=message_create("FILD",NULL);
if(new_msg!=NULL)
{
message_add_record(new_msg,reqdata);
sec_subject_sendmsg(sub_proc,new_msg);
}
// share AIKsda
sprintf(uuidname,"cert/%.64s.sda",pub_keylist->nodeAIKSda);
ret=build_filedata_struct(&reqdata,uuidname);
new_msg=message_create("FILD",NULL);
if(new_msg!=NULL)
{
message_add_record(new_msg,reqdata);
sec_subject_sendmsg(sub_proc,new_msg);
}
// share Bindkey
sprintf(uuidname,"pubkey/%.64s.pem",pub_keylist->nodeBindKey);
ret=build_filedata_struct(&reqdata,uuidname);
new_msg=message_create("FILD",NULL);
if(new_msg!=NULL)
{
message_add_record(new_msg,reqdata);
sec_subject_sendmsg(sub_proc,new_msg);
}
// share Bindkeyval
sprintf(uuidname,"cert/%.64s.val",pub_keylist->nodeBindKeyVal);
ret=build_filedata_struct(&reqdata,uuidname);
new_msg=message_create("FILD",NULL);
if(new_msg!=NULL)
{
message_add_record(new_msg,reqdata);
sec_subject_sendmsg(sub_proc,new_msg);
}
return 0;
}
int json_2_message(char * json_str,void ** message)
{
void * root_node;
void * head_node;
void * tag_node;
void * record_node;
void * curr_record;
void * expand_node;
void * curr_expand;
void * record_value;
void * expand_value;
struct message_box * msg_box;
MSG_HEAD * msg_head;
MSG_EXPAND * msg_expand;
int record_no;
int expand_no;
void * precord;
void * pexpand;
int i;
int ret;
char buffer[DIGEST_SIZE];
int offset;
int type;
int subtype;
offset=json_solve_str(&root_node,json_str);
if(offset<0)
return offset;
// get json node's head
head_node=json_find_elem("HEAD",root_node);
if(head_node==NULL)
head_node=json_find_elem("head",root_node);
if(head_node==NULL)
return -EINVAL;
tag_node=json_find_elem("tag",head_node);
if(tag_node!=NULL) // default tag value is "MESG"
{
ret=json_node_getvalue(tag_node,buffer,10);
if(ret!=4)
return -EINVAL;
if(Memcmp(buffer,"MESG",ret)!=0)
return -EINVAL;
}
msg_box=message_init();
msg_head=message_get_head(msg_box);
json_2_struct(head_node,msg_head,msg_box->head_template);
// get json node's record
// init message box
ret=message_record_init(msg_box);
if(ret<0)
return ret;
record_node=json_find_elem("RECORD",root_node);
if(record_node==NULL)
record_node=json_find_elem("record",root_node);
if(record_node==NULL)
return -EINVAL;
curr_record=json_get_first_child(record_node);
if(curr_record==NULL)
return -EINVAL;
char node_name[DIGEST_SIZE*2];
ret=json_node_getname(curr_record,node_name);
if(!strcmp(node_name,"BIN_FORMAT"))
{
BYTE * radix64_string;
radix64_string=malloc(4096);
if(radix64_string==NULL)
return -ENOMEM;
ret=json_node_getvalue(curr_record,radix64_string,4096);
if(ret<0)
return -EINVAL;
int radix64_len=strnlen(radix64_string,4096);
msg_head->record_size=radix_to_bin_len(radix64_len);
msg_box->blob=malloc(msg_head->record_size);
if(msg_box->blob==NULL)
return -ENOMEM;
ret=radix64_to_bin(msg_box->blob,radix64_len,radix64_string);
}
else
{
for(i=0;i<msg_head->record_num;i++)
{
if(curr_record==NULL)
return -EINVAL;
ret=Galloc0(&precord,struct_size(msg_box->record_template));
if(ret<=0)
return -EINVAL;
json_2_struct(curr_record,precord,msg_box->record_template);
message_add_record(msg_box,precord);
curr_record=json_get_next_child(record_node);
}
}
// get json_node's expand
expand_no=msg_head->expand_num;
msg_head->expand_num=0;
expand_node=json_find_elem("EXPAND",root_node);
if(expand_node==NULL)
expand_node=json_find_elem("expand",root_node);
if(expand_node!=NULL)
{
char buf[20];
void * curr_expand_template;
curr_expand=json_get_first_child(expand_node);
for(i=0;i<expand_no;i++)
{
if(curr_expand==NULL)
return -EINVAL;
ret=Galloc0(&msg_expand,struct_size(message_get_expand_template()));
if(ret<0)
return -ENOMEM;
ret=json_2_struct(curr_expand,&msg_expand,message_get_expand_template());
if(ret<0)
return ret;
void * tempnode;
if((tempnode=json_find_elem(curr_expand,"BIN_DATA"))==NULL)
{
curr_expand_template=memdb_get_template(msg_expand->type,msg_expand->subtype);
if(curr_expand_template==NULL)
return -EINVAL;
struct_free(msg_expand,message_get_expand_template());
ret=Galloc(&msg_expand,struct_size(curr_expand_template));
if(ret<0)
return -ENOMEM;
ret=json_2_struct(curr_expand,msg_expand,curr_expand_template);
if(ret<0)
return ret;
}
message_add_expand(msg_box,msg_expand);
curr_expand=json_get_next_child(expand_node);
}
}
*message=msg_box;
msg_box->box_state = MSG_BOX_RECOVER;
return offset;
}
int proc_key_recover(void * sub_proc,void * recv_msg)
{
int ret;
DB_RECORD * record;
struct trust_filecrypt_info * filecrypt_info;
struct trust_filecrypt_info * decrypt_info;
struct trust_encdata_info * encdata_info;
struct vTPM_wrappedkey * key_struct;
void * send_msg;
struct types_pair * types;
ret=message_get_record(recv_msg,&filecrypt_info,0);
if(filecrypt_info==NULL)
return -EINVAL;
if(!Isemptyuuid(filecrypt_info->encdata_uuid))
{
memdb_store(filecrypt_info,DTYPE_TRUST_DEMO,SUBTYPE_FILECRYPT_INFO,NULL);
send_msg=message_create(DTYPE_MESSAGE,SUBTYPE_TYPES,NULL);
if(send_msg==NULL)
return -EINVAL;
types=Talloc(sizeof(*types));
if(types==NULL)
return -EINVAL;
types->type=DTYPE_TRUST_DEMO;
types->subtype=SUBTYPE_FILECRYPT_INFO;
message_add_record(send_msg,types);
ex_module_sendmsg(sub_proc,send_msg);
}
else if(!Isemptyuuid(filecrypt_info->cipher_uuid))
{
record=memdb_find_first(DTYPE_TRUST_DEMO,SUBTYPE_FILECRYPT_INFO,"cipher_uuid",filecrypt_info->cipher_uuid);
if(record==NULL)
return -EINVAL;
decrypt_info=record->record;
record=memdb_find_first(DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,"uuid",decrypt_info->encdata_uuid);
if(record==NULL)
return -EINVAL;
encdata_info=record->record;
record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",encdata_info->enckey_uuid);
if(record==NULL)
return -EINVAL;
key_struct=record->record;
// send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_FILECRYPT_INFO,recv_msg);
// if(send_msg==NULL)
// return -EINVAL;
// message_add_record(send_msg,decrypt_info);
// ex_module_sendmsg(sub_proc,send_msg);
send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,encdata_info);
ex_module_sendmsg(sub_proc,send_msg);
send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,key_struct);
ex_module_sendmsg(sub_proc,send_msg);
}
return 0;
}
int main() {
static unsigned char alloc_buffer[4096*(1+1+4+1+32+1+256)];
char json_buffer[4096];
char print_buffer[4096];
int ret;
int readlen;
int json_offset;
void * root_node;
void * findlist;
void * memdb_template ;
BYTE uuid[DIGEST_SIZE];
int i;
MSG_HEAD * msg_head;
pthread_t cube_thread;
char * baseconfig[] =
{
"namelist.json",
"dispatchnamelist.json",
"typelist.json",
"subtypelist.json",
"msghead.json",
"msgrecord.json",
"expandrecord.json",
"base_msg.json",
"dispatchrecord.json",
NULL
};
// alloc_init(alloc_buffer);
struct_deal_init();
memdb_init();
// test namelist reading start
for(i=0;baseconfig[i]!=NULL;i++)
{
ret=read_json_file(baseconfig[i]);
if(ret<0)
return ret;
printf("read %d elem from file %s!\n",ret,baseconfig[i]);
}
void * record;
// test struct desc reading start
msgfunc_init();
dispatch_init();
void * message;
void * policy;
ret=read_dispatch_file("dispatch_policy.json");
message=message_create(DTYPE_MESSAGE,SUBTYPE_BASE_MSG,NULL);
struct basic_message * base_msg;
base_msg=Talloc0(sizeof(*base_msg));
if(base_msg==NULL)
return -ENOMEM;
base_msg->message=dup_str("hello",0);
message_add_record(message,base_msg);
ret=message_output_json(message,json_buffer);
if(ret<0)
{
printf("message output json failed!\n");
return ret;
}
printf("%s\n",json_buffer);
ret=dispatch_policy_getfirst(&policy);
while(policy!=NULL)
{
ret=dispatch_match_message(policy,message);
if(ret==0)
{
printf("this message match the policy!\n");
break;
}
ret=dispatch_policy_getnext(&policy);
}
if(policy!=NULL)
{
router_set_local_route(message,policy);
ret=message_output_json(message,json_buffer);
if(ret<0)
{
printf("message output json failed!\n");
return ret;
}
printf("%s\n",json_buffer);
}
// routine_start();
// sleep(100000);
return 0;
}
int main() {
static unsigned char alloc_buffer[4096*(1+1+4+1+16+1+256)];
char json_buffer[4096];
char print_buffer[4096];
int ret;
int readlen;
int json_offset;
void * root_node;
void * findlist;
void * memdb_template ;
BYTE uuid[DIGEST_SIZE];
int i;
MSG_HEAD * msg_head;
char * baseconfig[] =
{
"typelist.json",
"subtypelist.json",
"msghead.json",
"headrecord.json",
NULL
};
alloc_init(alloc_buffer);
struct_deal_init();
memdb_init();
// test namelist reading start
for(i=0;baseconfig[i]!=NULL;i++)
{
ret=read_json_file(baseconfig[i]);
if(ret<0)
return ret;
printf("read %d elem from file %s!\n",ret,baseconfig[i]);
}
void * record;
// test struct desc reading start
int msg_type = memdb_get_typeno("MESSAGE");
if(msg_type<=0)
return -EINVAL;
int subtype=memdb_get_subtypeno(msg_type,"HEAD");
if(subtype<=0)
return -EINVAL;
record=memdb_get_first(msg_type,subtype);
while(record!=NULL)
{
ret=memdb_print(record,print_buffer);
if(ret<0)
return -EINVAL;
printf("%s\n",print_buffer);
record=memdb_get_next(msg_type,subtype);
}
msgfunc_init();
void * message;
message=message_create(512,1,NULL);
ret=Galloc0(&msg_head,sizeof(MSG_HEAD));
if(msg_head==NULL)
return -EINVAL;
Strcpy(msg_head->sender_uuid,"Test sender");
Strcpy(msg_head->receiver_uuid,"Test receiver");
ret=message_add_record(message,msg_head);
if(ret<0)
{
printf("add message head record failed!\n");
return ret;
}
ret=message_record_struct2blob(message);
if(ret<0)
{
printf("message struct2blob failed!\n");
return ret;
}
BYTE * blob;
message_output_blob(message,&blob);
ret=message_output_json(message,json_buffer);
if(ret<0)
{
printf("message output json failed!\n");
return ret;
}
printf("%s\n",json_buffer);
void * new_msg;
ret=json_2_message(json_buffer,&new_msg);
if(ret<0)
return ret;
printf ("read % from json_buffer\n",ret);
ret=message_output_json(message,json_buffer);
if(ret<0)
{
printf("message output json failed!\n");
return ret;
}
printf("%s\n",json_buffer);
return 0;
}
int proc_key_check(void * sub_proc,void * recv_msg)
{
int ret=0;
int i=0;
struct trust_demo_keyinfo * keyinfo;
struct trust_demo_keyinfo * comp_keyinfo;
struct vTPM_wrappedkey * key_struct;
void * send_msg;
BYTE uuid[DIGEST_SIZE];
DB_RECORD * keyinfo_record;
DB_RECORD * key_record;
// build a slot_port
void * slot_port=ex_module_findport(sub_proc,"key_request");
if(slot_port==NULL)
return -EINVAL;
ret=message_get_uuid(recv_msg,uuid);
if(ret<0)
return ret;
// build a sock
void * sock=slot_create_sock(slot_port,uuid);
// get message
ret=message_get_record(recv_msg,&keyinfo,0);
if(keyinfo!=NULL)
{
keyinfo_record=find_key_info(keyinfo);
if(keyinfo_record!=NULL)
{
comp_keyinfo=keyinfo_record->record;
key_record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",comp_keyinfo->uuid);
if(key_record!=NULL)
key_struct=key_record->record;
ret=slot_sock_addrecorddata(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,comp_keyinfo);
if(ret<0)
return ret;
ex_module_addsock(sub_proc,sock);
}
else
{
// build a slot sock to store the (DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO) keyinfo record and wait for the
// (DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY) message
// build (DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY) message and send it
key_struct=Talloc0(sizeof(*key_struct));
if(key_struct==NULL)
return -ENOMEM;
Memcpy(key_struct->vtpm_uuid,keyinfo->vtpm_uuid,DIGEST_SIZE);
key_struct->key_type=keyinfo->key_type;
key_struct->key_size=1024;
key_struct->keypass=dup_str(keyinfo->passwd,DIGEST_SIZE);
ret=slot_sock_addrecorddata(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,keyinfo);
if(ret<0)
return ret;
ex_module_addsock(sub_proc,sock);
}
send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,key_struct);
ex_module_sendmsg(sub_proc,send_msg);
}
return ret;
}
int proc_aik_request(void * sub_proc,void * message)
{
TSS_RESULT result;
TSS_HKEY hSignKey;
TSS_HKEY hAIKey, hCAKey;
struct aik_request_info reqinfo;
struct policyfile_data * reqdata;
int ret;
BYTE *labelString = "UserA";
UINT32 labelLen = strlen(labelString) + 1;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
printf("begin aik request!\n");
char buffer[1024];
char digest[DIGEST_SIZE];
int blobsize=0;
int fd;
// create a signkey and write its key in localsignkey.key, write its pubkey in localsignkey.pem
result=TESI_Local_ReloadWithAuth("ooo","sss");
result=TESI_Local_CreateSignKey(&hSignKey,(TSS_HKEY)NULL,"sss","kkk");
if(result == TSS_SUCCESS)
printf("Create SignKey SUCCEED!\n");
TESI_Local_WriteKeyBlob(hSignKey,"privkey/localsignkey");
TESI_Local_WritePubKey(hSignKey,"pubkey/localsignkey");
// fill the reqinfo struct
calculate_sm3("pubkey/localsignkey.pem",digest);
digest_to_uuid(digest,reqinfo.signpubkey_uuid);
calculate_sm3("pubkey/pubek.pem",digest);
digest_to_uuid(digest,reqinfo.pubek_uuid);
reqinfo.user_name=labelString;
get_local_uuid(reqinfo.user_uuid);
// create info blob
void * struct_template=create_struct_template(req_info_desc);
if(struct_template==NULL)
return -EINVAL;
blobsize=struct_2_blob(&reqinfo,buffer,struct_template);
// Load the CA Key
result=TESI_Local_GetPubKeyFromCA(&hCAKey,"cert/CA");
if (result != TSS_SUCCESS) {
printf("Get pubkey error %s!\n", tss_err_string(result));
exit(result);
}
TESI_AIK_CreateIdentKey(&hAIKey,NULL,"sss","kkk");
if (result != TSS_SUCCESS) {
printf("Create AIK error %s!\n", tss_err_string(result));
exit(result);
}
labelLen=strlen(labelString);
result = TESI_AIK_GenerateReq(hCAKey,blobsize,buffer,hAIKey,"cert/aik");
if (result != TSS_SUCCESS){
printf("Generate aik failed%s!\n",tss_err_string(result));
exit(result);
}
TESI_Local_WriteKeyBlob(hAIKey,"privkey/AIK");
ret=build_filedata_struct(&reqdata,"cert/aik.req");
void * send_msg;
send_msg=message_create("FILD",message);
if(send_msg!=NULL)
{
message_add_record(send_msg,reqdata);
sec_subject_sendmsg(sub_proc,send_msg);
}
return 0;
}
int proc_key_response(void * sub_proc,void * message)
{
struct policyfile_data * response_data;
struct policyfile_data * response_cert;
int ret;
TSS_RESULT result;
BYTE buf[2048];
void * send_msg;
void * send_msg2;
struct key_request_cmd * key_req;
printf("begin key response!\n");
int blobsize=0;
ret=message_get_record(message,&key_req,0);
if(ret<0)
return -EINVAL;
if(key_req->keyusage == TPM_KEY_IDENTITY)
{
// bind_client request AIK
// send aik file
ret=build_filedata_struct(&response_data,"pubkey/AIK.pem");
if(ret<0)
return -EINVAL;
send_msg=message_create("FILD",message);
if(send_msg!=NULL)
{
message_add_record(send_msg,response_data);
sec_subject_sendmsg(sub_proc,send_msg);
}
// send aik cert file
ret=build_filedata_struct(&response_cert,"cert/AIK.sda");
if(ret<0)
return -EINVAL;
send_msg2=message_create("FILD",message);
if(send_msg2!=NULL)
{
message_add_record(send_msg2,response_cert);
sec_subject_sendmsg(sub_proc,send_msg2);
}
}
else if(key_req->keyusage == TPM_KEY_BIND)
{
// bind_client request bindkey
// generate bindkey and bindkey cert
result=bind_key_generate();
if(result!=TSS_SUCCESS)
{
return -EINVAL;
}
// send bindkey file
ret=build_filedata_struct(&response_data,"pubkey/bindpubkey.pem");
if(ret<0)
return -EINVAL;
send_msg=message_create("FILD",message);
if(send_msg!=NULL)
{
message_add_record(send_msg,response_data);
sec_subject_sendmsg(sub_proc,send_msg);
}
// send bindkey cert file
ret=build_filedata_struct(&response_cert,"cert/bindkey.val");
if(ret<0)
return -EINVAL;
send_msg2=message_create("FILD",message);
if(send_msg2!=NULL)
{
message_add_record(send_msg2,response_cert);
sec_subject_sendmsg(sub_proc,send_msg2);
}
ret=bind_key_memdb_init();
if(ret<0)
{
printf("load bindkey error %d!\n",ret);
}
return ret;
}
else
return -EINVAL;
return 0;
}
int proc_tcm_activateidentity(void * sub_proc,void * recv_msg)
{
int ret=0;
int fd;
BYTE Buf[DIGEST_SIZE*32];
BYTE NameBuf[DIGEST_SIZE*4];
BYTE KeyBuf[DIGEST_SIZE*4];
BYTE digest[DIGEST_SIZE];
UINT32 result;
DB_RECORD * db_record;
RECORD(TCM_PIK_DESC,USERINFO) * pik_userinfo;
RECORD(TCM_PIK_DESC,CADATA) * pik_cadata;
RECORD(TCM_PIK_DESC,PIKCERT) * pik_cert;
RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik;
RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub;
RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) * tcm_pik_info;
TCM_SYMMETRIC_KEY symmkey;
void * new_msg;
int key_len;
void * tcm_key_template;
UINT32 smkHandle;
UINT32 ownerHandle;
UINT32 keyHandle;
UINT32 keyAuthHandle;
char uuid[DIGEST_SIZE*2+1];
printf("begin pik activateidentity!\n");
// get pik cadata from message
ret=message_get_record(recv_msg,&pik_cadata,0);
if(ret<0)
return -EINVAL;
if(pik_cadata==NULL)
return -EINVAL;
// find pikinfo record
db_record=memdb_find_first(TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),"pubkey_uuid",pik_cadata->pikpub_uuid);
if(db_record==NULL)
{
print_cubeerr("can't find pik record!\n");
return -EINVAL;
}
tcm_pik_info=db_record->record;
// get pik file name
digest_to_uuid(tcm_pik_info->uuid,uuid);
uuid[DIGEST_SIZE*2]=0;
printf("get pik's uuid is %s!\n",uuid);
Strcpy(NameBuf,"tcmkey/");
Strcat(NameBuf,uuid);
ret=TCM_ExLoadTcmKey(&tcm_pik,NameBuf);
if(ret!=0)
{
print_cubeerr("Load TCMKey from file failed!\n");
return ret;
}
// Load pik to TCM
ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle);
printf("smkHandle is : %x\n",smkHandle);
if(ret<0)
{
printf("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_LoadKey(smkHandle,NameBuf,&keyHandle);
if(ret!=0)
{
print_cubeerr("TCM_LoadKey failed!\n");
return ret;
}
ret=TCM_APTerminate(smkHandle);
if(ret!=0)
{
printf("TCM_APTerminate failed!\n");
return ret;
}
// do the activateidentity
ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle);
printf("ownerHandle is : %x\n",ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_APCreate(TCM_ET_KEYHANDLE,keyHandle, "kkk", &keyAuthHandle);
printf("pikHandle is : %x\n",keyAuthHandle);
if(ret!=0)
{
printf("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_ActivateIdentity(keyHandle,keyAuthHandle,ownerHandle,
pik_cadata->symmkey_len,pik_cadata->symmkey,&symmkey,"ooo","kkk");
if(ret!=0)
{
printf("TCM_ActivateIdentity failed!\n");
return -EINVAL;
}
ret=TCM_APTerminate(ownerHandle);
if(ret<0)
{
printf("TCM_APTerminate failed!\n");
return -EINVAL;
}
ret=TCM_APTerminate(keyAuthHandle);
if(ret<0)
{
printf("TCM_APTerminate failed!\n");
return -EINVAL;
}
ret=TCM_EvictKey(keyHandle);
if(ret<0)
{
printf("TCM_APTerminate failed!\n");
return -EINVAL;
}
// decrypt cert blob
int blobsize;
BYTE * cert;
int certsize;
ret=TCM_ExSymmkeyDecrypt(&symmkey,pik_cadata->cert,pik_cadata->certlen,&cert,&certsize);
if(ret!=0)
{
printf("decrypt cert blob file error!\n");
return -EINVAL;
}
int offset;
for(offset=0;cert[offset]==0;offset++)
{
if((offset>=16)|| (offset>=certsize))
{
print_cubeerr("cert data failed!\n");
return -EINVAL;
}
}
// build pik cert, it is organized by userinfo, pubkey and ca_conts
//
pik_cert=Talloc0(sizeof(*pik_cert));
if(pik_cert==NULL)
return -ENOMEM;
tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,VERIFYDATA));
if(tcm_key_template==NULL)
return -EINVAL;
ret=blob_2_struct(cert+offset,&pik_cert->verifydata,tcm_key_template);
if(ret<0)
return -EINVAL;
db_record=memdb_find(pik_cadata->userinfo_uuid,TYPE_PAIR(TCM_PIK_DESC,USERINFO));
if(db_record==NULL)
{
print_cubeerr("can't find user info data!\n");
return -EINVAL;
}
pik_userinfo=db_record->record;
tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO));
if(tcm_key_template==NULL)
return -EINVAL;
ret=struct_clone(pik_userinfo,&pik_cert->userinfo,tcm_key_template);
if(ret<0)
return -EINVAL;
ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik);
if(ret!=0)
{
print_cubeerr("Get Pubpik failed!\n");
return -EINVAL;
}
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY));
if(tcm_key_template==NULL)
return -EINVAL;
ret=struct_clone(&tcm_pikpub,&pik_cert->pikpub,tcm_key_template);
if(ret<0)
return -EINVAL;
// build a message and send it
new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,PIKCERT),recv_msg);
if(new_msg==NULL)
return -EINVAL;
ret=message_add_record(new_msg,pik_cert);
if(ret<0)
return ret;
ret=ex_module_sendmsg(sub_proc,new_msg);
return ret;
}
int local_key_generate(void * sub_proc)
{
struct node_key_list * local_keylist;
struct node_key_list * pub_keylist;
struct key_request_cmd * key_req;
int ret;
int fd;
int i;
int count;
char uuidname[DIGEST_SIZE*2+16];
enum local_key_state{
NO_AIKEY,
AIK_REQUEST,
AIK_GENERATE,
AIK_VERIFY,
BINDKEY_GENERATE,
BINDKEY_VERIFY,
SIGNKEY_GENERATE,
SIGNKEY_VERIFY,
LOCAL_KEY_ERROR=0xffff
};
enum local_key_state key_state=NO_AIKEY;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char proc_uuid[DIGEST_SIZE*2+1];
BYTE digest[DIGEST_SIZE];
char temp_uuid[DIGEST_SIZE*2];
void * sendmsg;
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
comp_proc_uuid(local_uuid,proc_name,proc_uuid);
ret=FindPolicy(proc_uuid,"LKLD",&local_keylist);
if((ret<0) || (local_keylist==NULL))
{
key_state=NO_AIKEY;
local_keylist=malloc(sizeof(struct node_key_list));
if(local_keylist==NULL)
return -ENOMEM;
memset(local_keylist,0,sizeof(struct node_key_list));
memcpy(local_keylist->nodeuuid,proc_uuid,DIGEST_SIZE*2);
memcpy(local_keylist->localuuid,local_uuid,DIGEST_SIZE*2);
memcpy(local_keylist->nodename,proc_name,DIGEST_SIZE*2);
local_keylist->isnodelocal=1;
ret=AddPolicy(local_keylist,"LKLD");
if(ret<0)
return -EINVAL;
pub_keylist=malloc(sizeof(struct node_key_list));
if(pub_keylist==NULL)
return -ENOMEM;
memset(pub_keylist,0,sizeof(struct node_key_list));
memcpy(pub_keylist->nodeuuid,proc_uuid,DIGEST_SIZE*2);
memcpy(pub_keylist->localuuid,local_uuid,DIGEST_SIZE*2);
memcpy(pub_keylist->nodename,proc_name,DIGEST_SIZE*2);
pub_keylist->isnodelocal=1;
ret=AddPolicy(local_keylist,"NKLD");
if(ret<0)
return -EINVAL;
}
else
{
ret=FindPolicy(proc_uuid,"NKLD",&pub_keylist);
if(ret<0)
return -EINVAL;
if(local_keylist->nodeAIK[0]==0)
key_state=AIK_REQUEST;
else if(pub_keylist->nodeAIKSda[0]==0)
key_state=AIK_GENERATE;
else if(local_keylist->nodeBindKey[0]==0)
key_state=AIK_VERIFY;
else if(pub_keylist->nodeBindKeyVal[0]==0)
key_state=BINDKEY_GENERATE;
else if(local_keylist->nodeSignKey[0]==0)
key_state=BINDKEY_VERIFY;
else if(pub_keylist->nodeSignKeyVal[0]==0)
key_state=SIGNKEY_GENERATE;
else
{
key_state=SIGNKEY_VERIFY;
return 0;
}
}
for(i=0;i<30*1000;i++)
{
usleep(time_val.tv_usec);
switch(key_state){
case NO_AIKEY:
key_req=malloc(sizeof(struct key_request_cmd));
if(key_req==NULL)
return -EINVAL;
memcpy(key_req->machine_uuid,local_uuid,DIGEST_SIZE*2);
memcpy(key_req->proc_name,"local",5);
key_req->keyusage=TPM_KEY_IDENTITY;
key_req->keyflags=0;
count=0;
key_state=AIK_REQUEST;
sendmsg=message_create("KREC",NULL);
if(sendmsg==NULL)
return -EINVAL;
message_add_record(sendmsg,key_req);
sec_subject_sendmsg(sub_proc,sendmsg);
break;
case AIK_REQUEST:
fd=open("pubkey/AIK.pem",O_RDONLY);
if(fd>0)
{
close(fd);
key_state=AIK_GENERATE;
count=0;
fd=open("privkey/AIK.key",O_RDONLY);
if(fd<0)
return -EINVAL;
close(fd);
ret=calculate_sm3("privkey/AIK.key",digest);
if(ret<0)
return ret;
digest_to_uuid(digest,local_keylist->nodeAIK);
ret=calculate_sm3("pubkey/AIK.pem",digest);
if(ret<0)
return ret;
digest_to_uuid(digest,pub_keylist->nodeAIK);
}
else
{
close(fd);
count++;
if(count>1000)
{
printf("do not get AIK");
key_state=NO_AIKEY;
remove("privkey/AIK.key");
remove("pubkey/AIK.pem");
}
}
break;
case AIK_GENERATE:
fd=open("cert/AIK.sda",O_RDONLY);
if(fd<0)
{
count++;
if(count>1000)
{
remove("cert/AIK.sda");
remove("pubkey/AIK.pem");
remove("privkey/AIK.key");
key_state=NO_AIKEY;
}
break;
}
else
{
close(fd);
ret=aik_verify(local_keylist->username);
if(ret<0)
{
remove("cert/AIK.sda");
remove("pubkey/AIK.pem");
remove("privkey/AIK.key");
key_state=NO_AIKEY;
break;
}
memcpy(pub_keylist->username,local_keylist->username,DIGEST_SIZE);
ret=trustfile_to_uuidname("privkey/AIK.key",local_keylist->nodeAIK);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("pubkey/AIK.pem",pub_keylist->nodeAIK);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("cert/AIK.sda",pub_keylist->nodeAIKSda);
if(ret<0)
{
return ret;
}
memcpy(local_keylist->nodeAIKSda,pub_keylist->nodeAIKSda,DIGEST_SIZE*2);
ret=DelPolicy(local_keylist,"LKLD");
ret=AddPolicy(local_keylist,"LKLD");
ret=ExportPolicy("LKLD");
ret=DelPolicy(pub_keylist,"NKLD");
ret=AddPolicy(pub_keylist,"NKLD");
ret=ExportPolicy("NKLD");
remove("cert/bindkey.val");
remove("pubkey/bindpubkey.pem");
count=0;
key_state=AIK_VERIFY;
}
break;
case AIK_VERIFY:
fd=open("pubkey/bindpubkey.pem",O_RDONLY);
if(fd>0)
key_state=BINDKEY_GENERATE;
else
{
close(fd);
ret=bind_key_generate(local_keylist->nodeAIK);
if(ret<0)
return ret;
}
break;
case BINDKEY_GENERATE:
fd=open("cert/bindkey.val",O_RDONLY);
if(fd<0)
{
count++;
if(count>5000)
{
printf("do not get Bind key valdata");
key_state=AIK_GENERATE;
}
break;
}
else
{
close(fd);
ret=trustfile_to_uuidname("cert/bindkey.val",pub_keylist->nodeBindKeyVal);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("privkey/bindkey.key",local_keylist->nodeBindKey);
if(ret<0)
return ret;
ret=trustfile_to_uuidname("pubkey/bindpubkey.pem",pub_keylist->nodeBindKey);
if(ret<0)
{
remove("pubkey/bindpubkey.pem");
return ret;
}
if(bindkey_verify(pub_keylist->nodeAIK,pub_keylist->nodeBindKeyVal,pub_keylist->nodeBindKey)!=0)
{
printf("bindkey verify failed!\n");
return -EINVAL;
}
else
{
ret=DelPolicy(local_keylist,"LKLD");
ret=AddPolicy(local_keylist,"LKLD");
ret=ExportPolicy("LKLD");
ret=DelPolicy(pub_keylist,"NKLD");
ret=AddPolicy(pub_keylist,"NKLD");
ret=ExportPolicy("NKLD");
}
key_state=BINDKEY_VERIFY;
}
break;
case BINDKEY_VERIFY:
// ret=bind_pubkey_memdb_init();
// if(ret<0)
// {
// printf("load bindpubkey error %d!\n",ret);
// }
return 0;
default:
return -EINVAL;
}
}
return 0;
}
int proc_tcm_makeidentity(void * sub_proc,void * recv_msg)
{
int ret=0;
int fd;
BYTE local_uuid[DIGEST_SIZE];
BYTE Buf[DIGEST_SIZE*32];
BYTE NameBuf[DIGEST_SIZE*4];
UINT32 result;
RECORD(TCM_PIK_DESC,USERINFO) * pik_userinfo;
RECORD(MESSAGE,SIZED_BINDATA) req_blob;
RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik;
RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub;
RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) tcm_pik_info;
void * new_msg;
int key_len;
void * tcm_key_template;
UINT32 smkHandle;
UINT32 ownerHandle;
UINT32 keyHandle;
UINT32 keyAuthHandle;
char uuid[DIGEST_SIZE*2+1];
DB_RECORD * db_record;
printf("begin pik makeidentity!\n");
// get pik_userinfo from message
ret=message_get_record(recv_msg,&pik_userinfo,0);
if(ret<0)
return -EINVAL;
if(pik_userinfo==NULL)
return -EINVAL;
// get this node's machine uuid
ret=proc_share_data_getvalue("uuid",pik_userinfo->node_uuid);
if(ret<0)
return ret;
// get this node's hostname
ret=gethostname(pik_userinfo->node_name,DIGEST_SIZE);
if(ret!=0)
Memset(pik_userinfo->node_name,0,DIGEST_SIZE);
// build tcm session
ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle);
printf("ownerHandle is : %x\n",ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle);
printf("smkHandle is : %x\n",smkHandle);
if(ret<0)
{
printf("TCM_APCreate failed!\n");
return -EINVAL;
}
int userinfolen;
BYTE * req;
int reqlen;
// get userinfo blob
tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO));
if(tcm_key_template==NULL)
return -EINVAL;
userinfolen=struct_2_blob(pik_userinfo,Buf,tcm_key_template);
if(userinfolen<0)
return userinfolen;
db_record=memdb_store(pik_userinfo,TYPE_PAIR(TCM_PIK_DESC,USERINFO),NULL);
if(db_record==NULL)
return -EINVAL;
// do makeidentity
ret = TCM_MakeIdentity(ownerHandle, smkHandle,
userinfolen,Buf,"kkk",
&tcm_pik, &req, &reqlen);
if(ret<0)
{
print_cubeerr("TCM_MakeIdentity failed!\n");
return -EINVAL;
}
// build an expand message record for req data
req_blob.size=reqlen;
req_blob.bindata=req;
// terminate session
ret=TCM_APTerminate(ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APTerminate failed!\n");
return -EINVAL;
}
ret=TCM_APTerminate(smkHandle);
if(ret<0)
{
print_cubeerr("TCM_APTerminate failed!\n");
return -EINVAL;
}
// generate TCM pik info ,left pubkey_uuid for fill
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_KEY));
if(tcm_key_template==NULL)
return -EINVAL;
key_len=struct_2_blob(&tcm_pik,Buf,tcm_key_template);
if(key_len<0)
return key_len;
Memset(&tcm_pik_info,0,sizeof(tcm_pik_info));
calculate_context_sm3(Buf,key_len,tcm_pik_info.uuid);
Memcpy(tcm_pik_info.vtcm_uuid,local_uuid,DIGEST_SIZE);
tcm_pik_info.issmkwrapped=1;
tcm_pik_info.key_usage=TCM_KEY_IDENTITY;
tcm_pik_info.key_flags=TCM_ISVOLATILE|TCM_PCRIGNOREDONREAD;
// store pik file
digest_to_uuid(tcm_pik_info.uuid,uuid);
uuid[DIGEST_SIZE*2]=0;
printf("get pik's uuid is %s!\n",uuid);
Strcpy(NameBuf,"tcmkey/");
Strcat(NameBuf,uuid);
fd=open(NameBuf,O_CREAT|O_WRONLY,0666);
if(fd<0)
return fd;
write(fd,Buf,key_len);
close(fd);
// Get pikpub from pik
//
ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik);
if(ret!=0)
{
print_cubeerr("Get Pubpik failed!\n");
return -EINVAL;
}
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY));
if(tcm_key_template==NULL)
return -EINVAL;
key_len=struct_2_blob(&tcm_pikpub,Buf,tcm_key_template);
if(key_len<0)
return key_len;
calculate_context_sm3(Buf,key_len,tcm_pik_info.pubkey_uuid);
db_record=memdb_store(&tcm_pik_info,TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),NULL);
// build a message and send it
new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,USERINFO),recv_msg);
if(new_msg==NULL)
return -EINVAL;
ret=message_add_record(new_msg,pik_userinfo);
if(ret<0)
return ret;
ret=message_add_expand_data(new_msg,TYPE_PAIR(MESSAGE,SIZED_BINDATA),&req_blob);
if(ret<0)
return -EINVAL;
ret=message_add_expand_data(new_msg,TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY),&tcm_pikpub);
if(ret<0)
return -EINVAL;
ret=ex_module_sendmsg(sub_proc,new_msg);
return ret;
}
int proc_key_store(void * sub_proc,void * sock)
{
int ret=0;
BYTE uuid[DIGEST_SIZE];
struct vTPM_wrappedkey * key_record;
struct vTPM_wrappedkey * pubkey_record;
struct trust_demo_keyinfo * keyinfo;
struct trust_demo_keyinfo * pubkeyinfo;
void * send_msg;
void * recv_msg;
struct types_pair * types;
// get keyinfo record
keyinfo= slot_sock_removerecord(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO);
if(keyinfo==NULL)
return -EINVAL;
// get WEAPPED_KEY message
recv_msg=slot_sock_removemessage(sock,DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY);
if(recv_msg==NULL)
return -EINVAL;
ret=message_get_record(recv_msg,&key_record,0);
if(key_record==NULL)
return -EINVAL;
Memcpy(keyinfo->uuid,key_record->uuid,DIGEST_SIZE);
memdb_store(keyinfo,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,NULL);
//memdb_store(key_record,DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,NULL);
send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,key_record);
ex_module_sendmsg(sub_proc,send_msg);
// get PUBLIC_KEY message
recv_msg=slot_sock_removemessage(sock,DTYPE_TESI_KEY_STRUCT,SUBTYPE_PUBLIC_KEY);
if(recv_msg==NULL)
return -EINVAL;
ret=message_get_record(recv_msg,&pubkey_record,0);
if(pubkey_record==NULL)
return -EINVAL;
send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_PUBLIC_KEY,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,pubkey_record);
ex_module_sendmsg(sub_proc,send_msg);
// build a public key_info struct
/*
Memcpy(pubkeyinfo,keyinfo,sizeof(*pubkey_info));
Memcpy(pubkeyinfo->uuid,pubkey_record->uuid,DIGEST_SIZE);
keyinfo->ispubkey=1;
send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,NULL);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,keyinfo);
ex_module_sendmsg(sub_proc,send_msg);
*/
send_msg=message_create(DTYPE_MESSAGE,SUBTYPE_TYPES,NULL);
if(send_msg==NULL)
return -EINVAL;
types=Talloc(sizeof(*types));
if(types==NULL)
return -EINVAL;
types->type=DTYPE_TRUST_DEMO;
types->subtype=SUBTYPE_KEY_INFO;
message_add_record(send_msg,types);
types=Talloc(sizeof(*types));
if(types==NULL)
return -EINVAL;
types->type=DTYPE_TESI_KEY_STRUCT;
types->subtype=SUBTYPE_WRAPPED_KEY;
message_add_record(send_msg,types);
types=Talloc(sizeof(*types));
if(types==NULL)
return -EINVAL;
types->type=DTYPE_TESI_KEY_STRUCT;
types->subtype=SUBTYPE_PUBLIC_KEY;
message_add_record(send_msg,types);
types=Talloc(sizeof(*types));
if(types==NULL)
return -EINVAL;
types->type=DTYPE_TRUST_DEMO;
types->subtype=SUBTYPE_ENCDATA_INFO;
message_add_record(send_msg,types);
ex_module_sendmsg(sub_proc,send_msg);
return 0;
}