int proc_key_storage(void * sub_proc,void * message)
{
const char * type;
int i;
int ret;
printf("begin proc key storage \n");
struct message_box * msg_box=message;
void * record;
i=0;
ret=message_get_record(message,&record,i++);
if(ret<0)
return ret;
while(record!=NULL)
{
AddPolicy(record,"NKLD");
ret=message_get_record(message,&record,i++);
if(ret<0)
return ret;
}
ExportPolicy("NKLD");
return ret;
}
int proc_store_vm(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_info * vm;
int retval;
int count=0;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
struct platform_info * host;
retval=proc_share_data_getvalue("uuid",local_uuid);
if(retval<0)
return retval;
retval=proc_share_data_getvalue("proc_name",proc_name);
if(retval<0)
return retval;
// monitor send a new vm message
// memset(vm,0,sizeof(struct vm_info));
vm = NULL;
for(i=0;i<MAX_RECORD_NUM;i++)
{
retval=message_get_record(message,&vm,i);
if(retval<0)
break;
if(vm==NULL)
break;
void * oldvm;
printf("policy server receive vm %s's info from monitor!\n",vm->uuid);
FindPolicy(vm->uuid,"VM_I",&oldvm);
if(oldvm!=NULL)
{
printf("this vm already in the VM_I lib!\n");
continue;
}
GetFirstPolicy(&host,"PLAI");
while(host!=NULL)
{
if(!strncmp(vm->host,host->name,DIGEST_SIZE*2))
{
memcpy(vm->platform_uuid,host->uuid,DIGEST_SIZE*2);
AddPolicy(vm,"VM_I");
break;
}
GetNextPolicy(&host,"PLAI");
}
if(host==NULL)
{
printf("can't find vm %s's host!\n",vm->uuid);
continue;
}
}
// send a message to manager_trust
retval=ExportPolicyToFile("./lib/VM_I.lib","VM_I");
// send a message to manager_trust
return count;
}
int proc_send_vmpolicy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct request_cmd * cmd;
struct vm_policy * policy;
int retval;
int count=0;
int i,j;
int ret;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
printf("begin to send vmpolicy!\n");
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
message_head=get_message_head(message);
// get vm info from message
retval=message_get_record(message,&cmd,0);
if(retval<0)
return -EINVAL;
struct tcm_pcr_set * boot_pcrs;
struct tcm_pcr_set * running_pcrs;
ret=build_nova_vm_policy(cmd->uuid,&boot_pcrs, &running_pcrs,&policy);
if(policy==NULL)
return -EEXIST;
ExportPolicy("VM_P");
void * send_pcr_msg;
void * send_msg;
// send compute node's pcr policy
send_pcr_msg=message_create("PCRP",NULL);
message_add_record(send_pcr_msg,boot_pcrs);
if(running_pcrs!=NULL)
message_add_record(send_pcr_msg,running_pcrs);
sec_subject_sendmsg(sub_proc,send_pcr_msg);
usleep(time_val.tv_usec*3);
send_msg=message_create("VM_P",message);
message_add_record(send_msg,policy);
sec_subject_sendmsg(sub_proc,send_msg);
return 0;
}
int proc_send_vm_policy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_policy * vm;
struct request_cmd * cmd;
int retval;
int ret;
int count=0;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
printf("begin send vm policy process!\n");
void * send_msg;
void * send_pcr_msg;
ret=message_get_record(message,&cmd,0);
if(ret<0)
return -EINVAL;
// monitor send a new vm message
// memset(vm,0,sizeof(struct vm_policy));
vm = NULL;
FindPolicy(cmd->uuid,"VM_P",&vm);
if(vm==NULL)
return 0;
send_msg=message_create("VM_P",message);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,vm);
sec_subject_sendmsg(sub_proc,send_msg);
send_pcr_msg=message_create("PCRP",message);
struct tcm_pcr_set * pcrpolicy;
FindPolicy(vm->boot_pcr_uuid,"PCRP",&pcrpolicy);
if(pcrpolicy!=NULL)
{
message_add_record(send_pcr_msg,pcrpolicy);
sec_subject_sendmsg(sub_proc,send_pcr_msg);
}
return;
}
int proc_store_vm_policy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_policy * vm;
int retval;
int ret;
int count=0;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
printf("begin vm policy process!\n");
// monitor send a new vm message
// memset(vm,0,sizeof(struct vm_policy));
vm = NULL;
for(i=0;i<MAX_RECORD_NUM;i++)
{
retval=message_get_record(message,&vm,i);
if(retval<0)
break;
if(vm==NULL)
break;
void * oldvm;
printf("policy server receive vm %s's info from monitor!\n",vm->uuid);
FindPolicy(vm->uuid,"VM_P",&oldvm);
if(oldvm!=NULL)
{
printf("this vm already in the VM_I lib!\n");
continue;
}
AddPolicy(vm,"VM_P");
}
// send a message to manager_trust
retval=ExportPolicyToFile("./lib/VM_P.lib","VM_P");
// forward message to verifier
return count;
}
int dispatch_match_message(void * policy,void * message)
{
int ret;
DISPATCH_POLICY * dispatch_policy=(DISPATCH_POLICY *)policy;
MATCH_RULE * match_rule;
MSG_HEAD * msg_head;
void * msg_record;
void * record_template;
msg_head=message_get_head(message);
if(msg_head==NULL)
return -EINVAL;
ret=dispatch_policy_getfirstmatchrule(policy,&match_rule);
if(ret<0)
return ret;
while(match_rule!=NULL)
{
if(match_rule->area==MATCH_AREA_RECORD)
{
if(match_rule->type==0)
return 1;
if((match_rule->type!=msg_head->record_type)||
(match_rule->subtype!=msg_head->record_subtype))
return 0;
if(match_rule->match_template==NULL)
return 1;
ret=message_get_record(message,&msg_record,0);
if(ret<0)
return ret;
if(msg_record==NULL)
return 0;
return struct_part_compare(match_rule->value,msg_record,match_rule->match_template,match_flag);
}
else
{
return 0;
}
}
}
int user_addr_store(void * sub_proc,void * message)
{
int ret;
struct user_address * user_addr;
MSG_EXPAND * expand;
struct expand_flow_trace * flow_trace;
struct login_info * login_data;
DB_RECORD * db_record;
int trace_offset;
ret=message_get_record(message,&login_data,0);
if(ret<0)
return ret;
ret=message_get_define_expand(message,&expand,DTYPE_MSG_EXPAND,SUBTYPE_FLOW_TRACE);
if(ret<0)
return ret;
if(expand==NULL)
return -EINVAL;
flow_trace=expand->expand;
if(flow_trace->record_num<=0)
return -EINVAL;
trace_offset=DIGEST_SIZE*(flow_trace->record_num-1);
db_record=memdb_find_byname(login_data->user,DTYPE_CRYPTO_DEMO,SUBTYPE_USER_ADDR);
if(db_record!=NULL)
{
user_addr=(struct user_address *)db_record->record;
if(Memcmp(user_addr->addr,flow_trace->trace_record+trace_offset,DIGEST_SIZE)==0)
return 0;
memdb_remove_record(db_record);
}
user_addr=Talloc0(sizeof(struct user_address));
if(user_addr==NULL)
return -ENOMEM;
Strncpy(user_addr->user,login_data->user,DIGEST_SIZE);
Memcpy(user_addr->addr,flow_trace->trace_record+trace_offset,DIGEST_SIZE);
memdb_store(user_addr,DTYPE_CRYPTO_DEMO,SUBTYPE_USER_ADDR,login_data->user);
return 1;
}
int proc_compute_vmpolicy(void * sub_proc,void * message)
{
MESSAGE_HEAD * message_head;
struct vm_policy * policy;
struct vm_info * vm;
int retval;
int count=0;
int i,j;
int ret;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
for(i=0;i<MAX_RECORD_NUM;i++)
{
retval=message_get_record(message,&vm,i);
if(retval<0)
break;
if(vm==NULL)
break;
struct tcm_pcr_set * boot_pcrs;
struct tcm_pcr_set * running_pcrs;
ret=build_nova_vm_policy(vm->uuid,&boot_pcrs, &running_pcrs,&policy);
ExportPolicy("PCRP");
ExportPolicy("VM_P");
}
return;
}
int dispatch_match_message(void * policy,void * message)
{
int ret;
int result=0;
int prev_result=0;
int match_rule_num=0;
DISPATCH_POLICY * dispatch_policy=(DISPATCH_POLICY *)policy;
MATCH_RULE * match_rule;
MSG_HEAD * msg_head;
void * msg_record;
void * record_template;
msg_head=message_get_head(message);
if(msg_head==NULL)
return -EINVAL;
if(dispatch_policy->name!=NULL)
{
if(msg_head->route[0]!=0)
if(Strncmp(dispatch_policy->name,msg_head->route,DIGEST_SIZE)!=0)
return 0;
}
ret=dispatch_policy_getfirstmatchrule(policy,&match_rule);
if(ret<0)
return ret;
while(match_rule!=NULL)
{
if((match_rule->area==0)||(match_rule->area==MATCH_AREA_HEAD))
{
if(match_rule->type==0)
result=1;
else if(match_rule->type ==msg_head->record_type)
{
if(match_rule->subtype==0)
result= 1;
else if(match_rule->subtype==msg_head->record_subtype)
result = 1;
}
else
{
result = 0;
}
}
else if(match_rule->area==MATCH_AREA_RECORD)
{
if(match_rule->type==0)
result = 1;
else if((match_rule->type!=msg_head->record_type)||
(match_rule->subtype!=msg_head->record_subtype))
result = 0;
else if(match_rule->match_template==NULL)
result = 1;
else
{
ret=message_get_record(message,&msg_record,0);
if(ret<0)
result =ret;
else if(msg_record==NULL)
result = 0;
else if(!struct_part_compare(match_rule->value,msg_record,match_rule->match_template,match_flag))
result = 1;
else
result = 0;
}
}
else if(match_rule->area==MATCH_AREA_EXPAND)
{
MSG_EXPAND * msg_expand;
void * expand_template;
ret=message_get_define_expand(message,&msg_expand,match_rule->type,match_rule->subtype);
if(msg_expand==NULL)
result=0;
else if(match_rule->value==NULL)
result=1;
else
{
// expand_template=memdb_get_template(match_rule->type,match_rule->subtype);
if(match_rule->match_template==NULL)
result=0;
else
{
if(!struct_part_compare(match_rule->value,msg_expand->expand,
match_rule->match_template,match_flag))
result = 1;
else
result = 0;
}
}
}
else
{
result = 0;
}
if(result<0)
return result;
switch(match_rule->op)
{
case DISPATCH_MATCH_AND:
if(result==0)
return result;
prev_result=1;
break;
case DISPATCH_MATCH_OR:
if(result>0)
return result;
break;
case DISPATCH_MATCH_NOT:
if(result>0)
return 0;
prev_result=1;
break;
case DISPATCH_MATCH_ORNOT:
if(result==0)
return 1;
break;
default:
return -EINVAL;
}
match_rule_num++;
ret=dispatch_policy_getnextmatchrule(policy,&match_rule);
if(ret<0)
return ret;
}
if(match_rule_num==0)
return 0;
return prev_result;
}
int proc_tcm_activateidentity(void * sub_proc,void * recv_msg)
{
int ret=0;
int fd;
BYTE Buf[DIGEST_SIZE*32];
BYTE NameBuf[DIGEST_SIZE*4];
BYTE KeyBuf[DIGEST_SIZE*4];
BYTE digest[DIGEST_SIZE];
UINT32 result;
DB_RECORD * db_record;
RECORD(TCM_PIK_DESC,USERINFO) * pik_userinfo;
RECORD(TCM_PIK_DESC,CADATA) * pik_cadata;
RECORD(TCM_PIK_DESC,PIKCERT) * pik_cert;
RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik;
RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub;
RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) * tcm_pik_info;
TCM_SYMMETRIC_KEY symmkey;
void * new_msg;
int key_len;
void * tcm_key_template;
UINT32 smkHandle;
UINT32 ownerHandle;
UINT32 keyHandle;
UINT32 keyAuthHandle;
char uuid[DIGEST_SIZE*2+1];
printf("begin pik activateidentity!\n");
// get pik cadata from message
ret=message_get_record(recv_msg,&pik_cadata,0);
if(ret<0)
return -EINVAL;
if(pik_cadata==NULL)
return -EINVAL;
// find pikinfo record
db_record=memdb_find_first(TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),"pubkey_uuid",pik_cadata->pikpub_uuid);
if(db_record==NULL)
{
print_cubeerr("can't find pik record!\n");
return -EINVAL;
}
tcm_pik_info=db_record->record;
// get pik file name
digest_to_uuid(tcm_pik_info->uuid,uuid);
uuid[DIGEST_SIZE*2]=0;
printf("get pik's uuid is %s!\n",uuid);
Strcpy(NameBuf,"tcmkey/");
Strcat(NameBuf,uuid);
ret=TCM_ExLoadTcmKey(&tcm_pik,NameBuf);
if(ret!=0)
{
print_cubeerr("Load TCMKey from file failed!\n");
return ret;
}
// Load pik to TCM
ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle);
printf("smkHandle is : %x\n",smkHandle);
if(ret<0)
{
printf("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_LoadKey(smkHandle,NameBuf,&keyHandle);
if(ret!=0)
{
print_cubeerr("TCM_LoadKey failed!\n");
return ret;
}
ret=TCM_APTerminate(smkHandle);
if(ret!=0)
{
printf("TCM_APTerminate failed!\n");
return ret;
}
// do the activateidentity
ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle);
printf("ownerHandle is : %x\n",ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_APCreate(TCM_ET_KEYHANDLE,keyHandle, "kkk", &keyAuthHandle);
printf("pikHandle is : %x\n",keyAuthHandle);
if(ret!=0)
{
printf("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_ActivateIdentity(keyHandle,keyAuthHandle,ownerHandle,
pik_cadata->symmkey_len,pik_cadata->symmkey,&symmkey,"ooo","kkk");
if(ret!=0)
{
printf("TCM_ActivateIdentity failed!\n");
return -EINVAL;
}
ret=TCM_APTerminate(ownerHandle);
if(ret<0)
{
printf("TCM_APTerminate failed!\n");
return -EINVAL;
}
ret=TCM_APTerminate(keyAuthHandle);
if(ret<0)
{
printf("TCM_APTerminate failed!\n");
return -EINVAL;
}
ret=TCM_EvictKey(keyHandle);
if(ret<0)
{
printf("TCM_APTerminate failed!\n");
return -EINVAL;
}
// decrypt cert blob
int blobsize;
BYTE * cert;
int certsize;
ret=TCM_ExSymmkeyDecrypt(&symmkey,pik_cadata->cert,pik_cadata->certlen,&cert,&certsize);
if(ret!=0)
{
printf("decrypt cert blob file error!\n");
return -EINVAL;
}
int offset;
for(offset=0;cert[offset]==0;offset++)
{
if((offset>=16)|| (offset>=certsize))
{
print_cubeerr("cert data failed!\n");
return -EINVAL;
}
}
// build pik cert, it is organized by userinfo, pubkey and ca_conts
//
pik_cert=Talloc0(sizeof(*pik_cert));
if(pik_cert==NULL)
return -ENOMEM;
tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,VERIFYDATA));
if(tcm_key_template==NULL)
return -EINVAL;
ret=blob_2_struct(cert+offset,&pik_cert->verifydata,tcm_key_template);
if(ret<0)
return -EINVAL;
db_record=memdb_find(pik_cadata->userinfo_uuid,TYPE_PAIR(TCM_PIK_DESC,USERINFO));
if(db_record==NULL)
{
print_cubeerr("can't find user info data!\n");
return -EINVAL;
}
pik_userinfo=db_record->record;
tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO));
if(tcm_key_template==NULL)
return -EINVAL;
ret=struct_clone(pik_userinfo,&pik_cert->userinfo,tcm_key_template);
if(ret<0)
return -EINVAL;
ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik);
if(ret!=0)
{
print_cubeerr("Get Pubpik failed!\n");
return -EINVAL;
}
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY));
if(tcm_key_template==NULL)
return -EINVAL;
ret=struct_clone(&tcm_pikpub,&pik_cert->pikpub,tcm_key_template);
if(ret<0)
return -EINVAL;
// build a message and send it
new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,PIKCERT),recv_msg);
if(new_msg==NULL)
return -EINVAL;
ret=message_add_record(new_msg,pik_cert);
if(ret<0)
return ret;
ret=ex_module_sendmsg(sub_proc,new_msg);
return ret;
}
int proc_tcm_makeidentity(void * sub_proc,void * recv_msg)
{
int ret=0;
int fd;
BYTE local_uuid[DIGEST_SIZE];
BYTE Buf[DIGEST_SIZE*32];
BYTE NameBuf[DIGEST_SIZE*4];
UINT32 result;
RECORD(TCM_PIK_DESC,USERINFO) * pik_userinfo;
RECORD(MESSAGE,SIZED_BINDATA) req_blob;
RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik;
RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub;
RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) tcm_pik_info;
void * new_msg;
int key_len;
void * tcm_key_template;
UINT32 smkHandle;
UINT32 ownerHandle;
UINT32 keyHandle;
UINT32 keyAuthHandle;
char uuid[DIGEST_SIZE*2+1];
DB_RECORD * db_record;
printf("begin pik makeidentity!\n");
// get pik_userinfo from message
ret=message_get_record(recv_msg,&pik_userinfo,0);
if(ret<0)
return -EINVAL;
if(pik_userinfo==NULL)
return -EINVAL;
// get this node's machine uuid
ret=proc_share_data_getvalue("uuid",pik_userinfo->node_uuid);
if(ret<0)
return ret;
// get this node's hostname
ret=gethostname(pik_userinfo->node_name,DIGEST_SIZE);
if(ret!=0)
Memset(pik_userinfo->node_name,0,DIGEST_SIZE);
// build tcm session
ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle);
printf("ownerHandle is : %x\n",ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APCreate failed!\n");
return -EINVAL;
}
ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle);
printf("smkHandle is : %x\n",smkHandle);
if(ret<0)
{
printf("TCM_APCreate failed!\n");
return -EINVAL;
}
int userinfolen;
BYTE * req;
int reqlen;
// get userinfo blob
tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO));
if(tcm_key_template==NULL)
return -EINVAL;
userinfolen=struct_2_blob(pik_userinfo,Buf,tcm_key_template);
if(userinfolen<0)
return userinfolen;
db_record=memdb_store(pik_userinfo,TYPE_PAIR(TCM_PIK_DESC,USERINFO),NULL);
if(db_record==NULL)
return -EINVAL;
// do makeidentity
ret = TCM_MakeIdentity(ownerHandle, smkHandle,
userinfolen,Buf,"kkk",
&tcm_pik, &req, &reqlen);
if(ret<0)
{
print_cubeerr("TCM_MakeIdentity failed!\n");
return -EINVAL;
}
// build an expand message record for req data
req_blob.size=reqlen;
req_blob.bindata=req;
// terminate session
ret=TCM_APTerminate(ownerHandle);
if(ret<0)
{
print_cubeerr("TCM_APTerminate failed!\n");
return -EINVAL;
}
ret=TCM_APTerminate(smkHandle);
if(ret<0)
{
print_cubeerr("TCM_APTerminate failed!\n");
return -EINVAL;
}
// generate TCM pik info ,left pubkey_uuid for fill
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_KEY));
if(tcm_key_template==NULL)
return -EINVAL;
key_len=struct_2_blob(&tcm_pik,Buf,tcm_key_template);
if(key_len<0)
return key_len;
Memset(&tcm_pik_info,0,sizeof(tcm_pik_info));
calculate_context_sm3(Buf,key_len,tcm_pik_info.uuid);
Memcpy(tcm_pik_info.vtcm_uuid,local_uuid,DIGEST_SIZE);
tcm_pik_info.issmkwrapped=1;
tcm_pik_info.key_usage=TCM_KEY_IDENTITY;
tcm_pik_info.key_flags=TCM_ISVOLATILE|TCM_PCRIGNOREDONREAD;
// store pik file
digest_to_uuid(tcm_pik_info.uuid,uuid);
uuid[DIGEST_SIZE*2]=0;
printf("get pik's uuid is %s!\n",uuid);
Strcpy(NameBuf,"tcmkey/");
Strcat(NameBuf,uuid);
fd=open(NameBuf,O_CREAT|O_WRONLY,0666);
if(fd<0)
return fd;
write(fd,Buf,key_len);
close(fd);
// Get pikpub from pik
//
ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik);
if(ret!=0)
{
print_cubeerr("Get Pubpik failed!\n");
return -EINVAL;
}
tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY));
if(tcm_key_template==NULL)
return -EINVAL;
key_len=struct_2_blob(&tcm_pikpub,Buf,tcm_key_template);
if(key_len<0)
return key_len;
calculate_context_sm3(Buf,key_len,tcm_pik_info.pubkey_uuid);
db_record=memdb_store(&tcm_pik_info,TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),NULL);
// build a message and send it
new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,USERINFO),recv_msg);
if(new_msg==NULL)
return -EINVAL;
ret=message_add_record(new_msg,pik_userinfo);
if(ret<0)
return ret;
ret=message_add_expand_data(new_msg,TYPE_PAIR(MESSAGE,SIZED_BINDATA),&req_blob);
if(ret<0)
return -EINVAL;
ret=message_add_expand_data(new_msg,TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY),&tcm_pikpub);
if(ret<0)
return -EINVAL;
ret=ex_module_sendmsg(sub_proc,new_msg);
return ret;
}
int manager_vm_start(void * sub_proc,void * para)
{
int ret;
int retval;
void * context;
int i;
void * recv_msg;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
const char * type;
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
printf("begin vm manager process!\n");
for(i=0;i<500*1000;i++)
{
usleep(time_val.tv_usec);
ret=sec_subject_recvmsg(sub_proc,&recv_msg);
if(ret<0)
continue;
if(recv_msg==NULL)
continue;
type=message_get_recordtype(recv_msg);
if(type==NULL)
continue;
if(strncmp(type,"VM_I",4)==0)
{
proc_store_vm(sub_proc,recv_msg);
}
if(strncmp(type,"VM_P",4)==0)
{
proc_store_vm_policy(sub_proc,recv_msg);
}
if(strncmp(type,"REQC",4)==0)
{
struct request_cmd * req;
ret=message_get_record(recv_msg,&req,0);
if(ret<0)
{
printf("error request command!\n");
continue;
}
if(strncmp(req->tag,"VM_I",4)==0)
{
proc_send_vm_info(sub_proc,recv_msg);
}
else if(strncmp(req->tag,"VM_P",4)==0)
{
proc_send_vm_policy(sub_proc,recv_msg);
}
}
}
return 0;
}
int proc_verify(void * sub_proc,void * message)
{
int type;
int subtype;
int ret;
printf("begin proc login_verify \n");
type=message_get_type(message);
if(type!=DTYPE_CRYPTO_DEMO)
return -EINVAL;
subtype=message_get_subtype(message);
if(subtype!=SUBTYPE_LOGIN_INFO)
return -EINVAL;
void * new_msg;
void * record;
struct login_info * login_data;
struct login_info * lib_data;
struct verify_return * return_data;
new_msg=message_create(DTYPE_CRYPTO_DEMO,SUBTYPE_VERIFY_RETURN,message);
return_data=Talloc0(sizeof(*return_data));
ret=message_get_record(message,&login_data,0);
if(ret<0)
return ret;
lib_data=memdb_get_first_record(type,subtype);
while(lib_data!=NULL)
{
if(Strncmp(lib_data->user,login_data->user,DIGEST_SIZE)==0)
break;
lib_data=memdb_get_next_record(type,subtype);
}
if(lib_data==NULL)
{
return_data->ret_data=dup_str("no such user!",0);
return_data->retval=-1;
}
else
{
if (Strncmp(lib_data->passwd,login_data->passwd,DIGEST_SIZE)!=0)
{
return_data->ret_data=dup_str("error passwd!",0);
return_data->retval=0;
}
else
{
return_data->ret_data=dup_str("login_succeed!",0);
return_data->retval=1;
ret=user_addr_store(sub_proc,message);
if(ret<0)
return ret;
}
}
return_data->ret_data_size=Strlen(return_data->ret_data)+1;
message_add_record(new_msg,return_data);
ex_module_sendmsg(sub_proc,new_msg);
return ret;
}
int key_manage_start(void * sub_proc,void * para)
{
int ret;
void * recv_msg;
int i;
const char * type;
int fd;
enum key_state_type{
NO_KEY,
KEY_GENERATE,
KEY_SHARED,
KEY_ERROR
};
enum key_state_type key_state=NO_KEY;
struct key_request_cmd * key_req;
int count;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
ret=proc_share_data_getvalue("proc_name",proc_name);
void * sendmsg;
ret=local_key_generate(sub_proc);
if(ret<0)
return ret;
key_state=KEY_GENERATE;
for(i=0;i<3000*1000;i++)
{
usleep(time_val.tv_usec);
ret=sec_subject_recvmsg(sub_proc,&recv_msg);
if(ret<0)
continue;
if(recv_msg==NULL)
continue;
type=message_get_recordtype(recv_msg);
if(type==NULL)
{
message_free(recv_msg);
continue;
}
switch(key_state){
case KEY_GENERATE:
if(strncmp(type,"ACKI",4)==0)
{
ret=local_pubkey_share(sub_proc);
if(ret<0)
return ret;
key_state=KEY_SHARED;
}
break;
case KEY_SHARED:
if(strncmp(type,"LOGI",4)==0)
{
struct login_info * user_info;
int j=0;
ret=message_get_record(recv_msg,&user_info,j++);
while(user_info!=NULL)
{
ret=local_pubkey_request(sub_proc,user_info->user);
if(ret<0)
break;
ret=message_get_record(recv_msg,&user_info,j++);
if(ret<0)
break;
}
sec_subject_sendmsg(sub_proc,recv_msg);
}
else if(strncmp(type,"NKLD",4)==0)
{
struct node_key_list * pub_keylist;
int j=0;
ret=message_get_record(recv_msg,&pub_keylist,j++);
if(pub_keylist!=NULL)
{
AddPolicy(pub_keylist,"NKLD");
}
ExportPolicy("NKLD");
}
break;
default:
break;
}
}
return 0;
}
int proc_symmkey_gen(void * sub_proc,void * recv_msg)
{
int ret=0;
int i=0;
struct trust_encdata_info * encdatainfo;
struct vTPM_wrappedkey * key_struct;
void * send_msg;
TSS_HKEY hEnckey;
BYTE uuid[DIGEST_SIZE];
DB_RECORD * keyinfo_record;
DB_RECORD * key_record;
BYTE EncData[DIGEST_SIZE];
BYTE uuidstr[DIGEST_SIZE*2];
char filename[DIGEST_SIZE*4];
char buffer[DIGEST_SIZE*8];
// get message
ret=message_get_record(recv_msg,&key_struct,0);
if(key_struct==NULL)
return -EINVAL;
encdatainfo=Calloc(sizeof(*encdatainfo));
if(encdatainfo==NULL)
return -ENOMEM;
key_record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",key_struct->uuid);
if(key_record==NULL)
return -EINVAL;
hEnckey=key_record->tail;
TESI_Local_GetRandom(EncData,DIGEST_SIZE);
int fd=open("encdata/tempkey.dat",O_RDWR|O_CREAT|O_TRUNC,0666);
if(fd<0)
return -EINVAL;
write(fd,EncData,DIGEST_SIZE);
close(fd);
TESI_Local_Bind("encdata/tempkey.dat",hEnckey,"encdata/symmkey.dat");
convert_uuidname("encdata/symmkey",".dat",encdatainfo->uuid,filename);
Memcpy(encdatainfo->vtpm_uuid,key_struct->vtpm_uuid,DIGEST_SIZE);
Memcpy(encdatainfo->enckey_uuid,key_struct->uuid,DIGEST_SIZE);
getcwd(buffer,DIGEST_SIZE*5-6);
Strcat(buffer,"/");
Strcat(buffer,filename);
encdatainfo->filename=dup_str(buffer,DIGEST_SIZE*7);
send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,encdatainfo);
memdb_store(encdatainfo,DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,NULL);
ex_module_sendmsg(sub_proc,send_msg);
ex_module_sendmsg(sub_proc,recv_msg);
return ret;
}
int monitor_process_start(void * sub_proc,void * para)
{
int ret;
int retval;
void * message_box;
void * context;
void * recv_msg;
struct tcloud_connector * temp_conn;
int i;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
char hostname[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("host_name",hostname);
if(ret<0)
return ret;
printf("begin compute monitor process!\n");
sleep(2);
proc_send_compute_localinfo(sub_proc,NULL);
for(i=0;i<3000*1000;i++)
{
usleep(time_val.tv_usec);
ret=sec_subject_recvmsg(sub_proc,&recv_msg);
if(ret<0)
continue;
if(recv_msg==NULL)
continue;
MESSAGE_HEAD * msg_head;
msg_head=get_message_head(recv_msg);
if(msg_head==NULL)
continue;
if(strncmp(msg_head->record_type,"PLAI",4)==0)
{
proc_send_compute_localinfo(sub_proc,recv_msg);
}
if(strncmp(msg_head->record_type,"VM_I",4)==0)
{
proc_compute_vmpolicy(sub_proc,recv_msg,NULL);
}
if(strncmp(msg_head->record_type,"REQC",4)==0)
{
struct request_cmd * cmd;
ret=message_get_record(recv_msg,&cmd,0);
if(strncmp(cmd->tag,"VM_P",4)==0)
{
proc_send_vmpolicy(sub_proc,recv_msg);
}
else if(strncmp(cmd->tag,"PLAP",4)==0)
{
proc_send_computepolicy(sub_proc,recv_msg);
}
else
continue;
}
}
return 0;
}
int proc_key_check(void * sub_proc,void * recv_msg)
{
int ret=0;
int i=0;
struct trust_demo_keyinfo * keyinfo;
struct trust_demo_keyinfo * comp_keyinfo;
struct vTPM_wrappedkey * key_struct;
void * send_msg;
BYTE uuid[DIGEST_SIZE];
DB_RECORD * keyinfo_record;
DB_RECORD * key_record;
// build a slot_port
void * slot_port=ex_module_findport(sub_proc,"key_request");
if(slot_port==NULL)
return -EINVAL;
ret=message_get_uuid(recv_msg,uuid);
if(ret<0)
return ret;
// build a sock
void * sock=slot_create_sock(slot_port,uuid);
// get message
ret=message_get_record(recv_msg,&keyinfo,0);
if(keyinfo!=NULL)
{
keyinfo_record=find_key_info(keyinfo);
if(keyinfo_record!=NULL)
{
comp_keyinfo=keyinfo_record->record;
key_record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",comp_keyinfo->uuid);
if(key_record!=NULL)
key_struct=key_record->record;
ret=slot_sock_addrecorddata(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,comp_keyinfo);
if(ret<0)
return ret;
ex_module_addsock(sub_proc,sock);
}
else
{
// build a slot sock to store the (DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO) keyinfo record and wait for the
// (DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY) message
// build (DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY) message and send it
key_struct=Talloc0(sizeof(*key_struct));
if(key_struct==NULL)
return -ENOMEM;
Memcpy(key_struct->vtpm_uuid,keyinfo->vtpm_uuid,DIGEST_SIZE);
key_struct->key_type=keyinfo->key_type;
key_struct->key_size=1024;
key_struct->keypass=dup_str(keyinfo->passwd,DIGEST_SIZE);
ret=slot_sock_addrecorddata(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,keyinfo);
if(ret<0)
return ret;
ex_module_addsock(sub_proc,sock);
}
send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,key_struct);
ex_module_sendmsg(sub_proc,send_msg);
}
return ret;
}
int proc_key_store(void * sub_proc,void * sock)
{
int ret=0;
BYTE uuid[DIGEST_SIZE];
struct vTPM_wrappedkey * key_record;
struct vTPM_wrappedkey * pubkey_record;
struct trust_demo_keyinfo * keyinfo;
struct trust_demo_keyinfo * pubkeyinfo;
void * send_msg;
void * recv_msg;
struct types_pair * types;
// get keyinfo record
keyinfo= slot_sock_removerecord(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO);
if(keyinfo==NULL)
return -EINVAL;
// get WEAPPED_KEY message
recv_msg=slot_sock_removemessage(sock,DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY);
if(recv_msg==NULL)
return -EINVAL;
ret=message_get_record(recv_msg,&key_record,0);
if(key_record==NULL)
return -EINVAL;
Memcpy(keyinfo->uuid,key_record->uuid,DIGEST_SIZE);
memdb_store(keyinfo,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,NULL);
//memdb_store(key_record,DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,NULL);
send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,key_record);
ex_module_sendmsg(sub_proc,send_msg);
// get PUBLIC_KEY message
recv_msg=slot_sock_removemessage(sock,DTYPE_TESI_KEY_STRUCT,SUBTYPE_PUBLIC_KEY);
if(recv_msg==NULL)
return -EINVAL;
ret=message_get_record(recv_msg,&pubkey_record,0);
if(pubkey_record==NULL)
return -EINVAL;
send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_PUBLIC_KEY,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,pubkey_record);
ex_module_sendmsg(sub_proc,send_msg);
// build a public key_info struct
/*
Memcpy(pubkeyinfo,keyinfo,sizeof(*pubkey_info));
Memcpy(pubkeyinfo->uuid,pubkey_record->uuid,DIGEST_SIZE);
keyinfo->ispubkey=1;
send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,NULL);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,keyinfo);
ex_module_sendmsg(sub_proc,send_msg);
*/
send_msg=message_create(DTYPE_MESSAGE,SUBTYPE_TYPES,NULL);
if(send_msg==NULL)
return -EINVAL;
types=Talloc(sizeof(*types));
if(types==NULL)
return -EINVAL;
types->type=DTYPE_TRUST_DEMO;
types->subtype=SUBTYPE_KEY_INFO;
message_add_record(send_msg,types);
types=Talloc(sizeof(*types));
if(types==NULL)
return -EINVAL;
types->type=DTYPE_TESI_KEY_STRUCT;
types->subtype=SUBTYPE_WRAPPED_KEY;
message_add_record(send_msg,types);
types=Talloc(sizeof(*types));
if(types==NULL)
return -EINVAL;
types->type=DTYPE_TESI_KEY_STRUCT;
types->subtype=SUBTYPE_PUBLIC_KEY;
message_add_record(send_msg,types);
types=Talloc(sizeof(*types));
if(types==NULL)
return -EINVAL;
types->type=DTYPE_TRUST_DEMO;
types->subtype=SUBTYPE_ENCDATA_INFO;
message_add_record(send_msg,types);
ex_module_sendmsg(sub_proc,send_msg);
return 0;
}
int proc_key_response(void * sub_proc,void * message)
{
struct policyfile_data * response_data;
struct policyfile_data * response_cert;
int ret;
TSS_RESULT result;
BYTE buf[2048];
void * send_msg;
void * send_msg2;
struct key_request_cmd * key_req;
printf("begin key response!\n");
int blobsize=0;
ret=message_get_record(message,&key_req,0);
if(ret<0)
return -EINVAL;
if(key_req->keyusage == TPM_KEY_IDENTITY)
{
// bind_client request AIK
// send aik file
ret=build_filedata_struct(&response_data,"pubkey/AIK.pem");
if(ret<0)
return -EINVAL;
send_msg=message_create("FILD",message);
if(send_msg!=NULL)
{
message_add_record(send_msg,response_data);
sec_subject_sendmsg(sub_proc,send_msg);
}
// send aik cert file
ret=build_filedata_struct(&response_cert,"cert/AIK.sda");
if(ret<0)
return -EINVAL;
send_msg2=message_create("FILD",message);
if(send_msg2!=NULL)
{
message_add_record(send_msg2,response_cert);
sec_subject_sendmsg(sub_proc,send_msg2);
}
}
else if(key_req->keyusage == TPM_KEY_BIND)
{
// bind_client request bindkey
// generate bindkey and bindkey cert
result=bind_key_generate();
if(result!=TSS_SUCCESS)
{
return -EINVAL;
}
// send bindkey file
ret=build_filedata_struct(&response_data,"pubkey/bindpubkey.pem");
if(ret<0)
return -EINVAL;
send_msg=message_create("FILD",message);
if(send_msg!=NULL)
{
message_add_record(send_msg,response_data);
sec_subject_sendmsg(sub_proc,send_msg);
}
// send bindkey cert file
ret=build_filedata_struct(&response_cert,"cert/bindkey.val");
if(ret<0)
return -EINVAL;
send_msg2=message_create("FILD",message);
if(send_msg2!=NULL)
{
message_add_record(send_msg2,response_cert);
sec_subject_sendmsg(sub_proc,send_msg2);
}
ret=bind_key_memdb_init();
if(ret<0)
{
printf("load bindkey error %d!\n",ret);
}
return ret;
}
else
return -EINVAL;
return 0;
}
int proc_key_recover(void * sub_proc,void * recv_msg)
{
int ret;
DB_RECORD * record;
struct trust_filecrypt_info * filecrypt_info;
struct trust_filecrypt_info * decrypt_info;
struct trust_encdata_info * encdata_info;
struct vTPM_wrappedkey * key_struct;
void * send_msg;
struct types_pair * types;
ret=message_get_record(recv_msg,&filecrypt_info,0);
if(filecrypt_info==NULL)
return -EINVAL;
if(!Isemptyuuid(filecrypt_info->encdata_uuid))
{
memdb_store(filecrypt_info,DTYPE_TRUST_DEMO,SUBTYPE_FILECRYPT_INFO,NULL);
send_msg=message_create(DTYPE_MESSAGE,SUBTYPE_TYPES,NULL);
if(send_msg==NULL)
return -EINVAL;
types=Talloc(sizeof(*types));
if(types==NULL)
return -EINVAL;
types->type=DTYPE_TRUST_DEMO;
types->subtype=SUBTYPE_FILECRYPT_INFO;
message_add_record(send_msg,types);
ex_module_sendmsg(sub_proc,send_msg);
}
else if(!Isemptyuuid(filecrypt_info->cipher_uuid))
{
record=memdb_find_first(DTYPE_TRUST_DEMO,SUBTYPE_FILECRYPT_INFO,"cipher_uuid",filecrypt_info->cipher_uuid);
if(record==NULL)
return -EINVAL;
decrypt_info=record->record;
record=memdb_find_first(DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,"uuid",decrypt_info->encdata_uuid);
if(record==NULL)
return -EINVAL;
encdata_info=record->record;
record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",encdata_info->enckey_uuid);
if(record==NULL)
return -EINVAL;
key_struct=record->record;
// send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_FILECRYPT_INFO,recv_msg);
// if(send_msg==NULL)
// return -EINVAL;
// message_add_record(send_msg,decrypt_info);
// ex_module_sendmsg(sub_proc,send_msg);
send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,encdata_info);
ex_module_sendmsg(sub_proc,send_msg);
send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,key_struct);
ex_module_sendmsg(sub_proc,send_msg);
}
return 0;
}
