int proc_key_storage(void * sub_proc,void * message) { const char * type; int i; int ret; printf("begin proc key storage \n"); struct message_box * msg_box=message; void * record; i=0; ret=message_get_record(message,&record,i++); if(ret<0) return ret; while(record!=NULL) { AddPolicy(record,"NKLD"); ret=message_get_record(message,&record,i++); if(ret<0) return ret; } ExportPolicy("NKLD"); return ret; }
int proc_store_vm(void * sub_proc,void * message) { MESSAGE_HEAD * message_head; struct vm_info * vm; int retval; int count=0; int i; char local_uuid[DIGEST_SIZE*2+1]; char proc_name[DIGEST_SIZE*2+1]; struct platform_info * host; retval=proc_share_data_getvalue("uuid",local_uuid); if(retval<0) return retval; retval=proc_share_data_getvalue("proc_name",proc_name); if(retval<0) return retval; // monitor send a new vm message // memset(vm,0,sizeof(struct vm_info)); vm = NULL; for(i=0;i<MAX_RECORD_NUM;i++) { retval=message_get_record(message,&vm,i); if(retval<0) break; if(vm==NULL) break; void * oldvm; printf("policy server receive vm %s's info from monitor!\n",vm->uuid); FindPolicy(vm->uuid,"VM_I",&oldvm); if(oldvm!=NULL) { printf("this vm already in the VM_I lib!\n"); continue; } GetFirstPolicy(&host,"PLAI"); while(host!=NULL) { if(!strncmp(vm->host,host->name,DIGEST_SIZE*2)) { memcpy(vm->platform_uuid,host->uuid,DIGEST_SIZE*2); AddPolicy(vm,"VM_I"); break; } GetNextPolicy(&host,"PLAI"); } if(host==NULL) { printf("can't find vm %s's host!\n",vm->uuid); continue; } } // send a message to manager_trust retval=ExportPolicyToFile("./lib/VM_I.lib","VM_I"); // send a message to manager_trust return count; }
int proc_send_vmpolicy(void * sub_proc,void * message) { MESSAGE_HEAD * message_head; struct request_cmd * cmd; struct vm_policy * policy; int retval; int count=0; int i,j; int ret; char local_uuid[DIGEST_SIZE*2+1]; char proc_name[DIGEST_SIZE*2+1]; printf("begin to send vmpolicy!\n"); ret=proc_share_data_getvalue("uuid",local_uuid); if(ret<0) return ret; ret=proc_share_data_getvalue("proc_name",proc_name); if(ret<0) return ret; message_head=get_message_head(message); // get vm info from message retval=message_get_record(message,&cmd,0); if(retval<0) return -EINVAL; struct tcm_pcr_set * boot_pcrs; struct tcm_pcr_set * running_pcrs; ret=build_nova_vm_policy(cmd->uuid,&boot_pcrs, &running_pcrs,&policy); if(policy==NULL) return -EEXIST; ExportPolicy("VM_P"); void * send_pcr_msg; void * send_msg; // send compute node's pcr policy send_pcr_msg=message_create("PCRP",NULL); message_add_record(send_pcr_msg,boot_pcrs); if(running_pcrs!=NULL) message_add_record(send_pcr_msg,running_pcrs); sec_subject_sendmsg(sub_proc,send_pcr_msg); usleep(time_val.tv_usec*3); send_msg=message_create("VM_P",message); message_add_record(send_msg,policy); sec_subject_sendmsg(sub_proc,send_msg); return 0; }
int proc_send_vm_policy(void * sub_proc,void * message) { MESSAGE_HEAD * message_head; struct vm_policy * vm; struct request_cmd * cmd; int retval; int ret; int count=0; int i; char local_uuid[DIGEST_SIZE*2+1]; char proc_name[DIGEST_SIZE*2+1]; ret=proc_share_data_getvalue("uuid",local_uuid); if(ret<0) return ret; ret=proc_share_data_getvalue("proc_name",proc_name); if(ret<0) return ret; printf("begin send vm policy process!\n"); void * send_msg; void * send_pcr_msg; ret=message_get_record(message,&cmd,0); if(ret<0) return -EINVAL; // monitor send a new vm message // memset(vm,0,sizeof(struct vm_policy)); vm = NULL; FindPolicy(cmd->uuid,"VM_P",&vm); if(vm==NULL) return 0; send_msg=message_create("VM_P",message); if(send_msg==NULL) return -EINVAL; message_add_record(send_msg,vm); sec_subject_sendmsg(sub_proc,send_msg); send_pcr_msg=message_create("PCRP",message); struct tcm_pcr_set * pcrpolicy; FindPolicy(vm->boot_pcr_uuid,"PCRP",&pcrpolicy); if(pcrpolicy!=NULL) { message_add_record(send_pcr_msg,pcrpolicy); sec_subject_sendmsg(sub_proc,send_pcr_msg); } return; }
int proc_store_vm_policy(void * sub_proc,void * message) { MESSAGE_HEAD * message_head; struct vm_policy * vm; int retval; int ret; int count=0; int i; char local_uuid[DIGEST_SIZE*2+1]; char proc_name[DIGEST_SIZE*2+1]; ret=proc_share_data_getvalue("uuid",local_uuid); if(ret<0) return ret; ret=proc_share_data_getvalue("proc_name",proc_name); if(ret<0) return ret; printf("begin vm policy process!\n"); // monitor send a new vm message // memset(vm,0,sizeof(struct vm_policy)); vm = NULL; for(i=0;i<MAX_RECORD_NUM;i++) { retval=message_get_record(message,&vm,i); if(retval<0) break; if(vm==NULL) break; void * oldvm; printf("policy server receive vm %s's info from monitor!\n",vm->uuid); FindPolicy(vm->uuid,"VM_P",&oldvm); if(oldvm!=NULL) { printf("this vm already in the VM_I lib!\n"); continue; } AddPolicy(vm,"VM_P"); } // send a message to manager_trust retval=ExportPolicyToFile("./lib/VM_P.lib","VM_P"); // forward message to verifier return count; }
int dispatch_match_message(void * policy,void * message) { int ret; DISPATCH_POLICY * dispatch_policy=(DISPATCH_POLICY *)policy; MATCH_RULE * match_rule; MSG_HEAD * msg_head; void * msg_record; void * record_template; msg_head=message_get_head(message); if(msg_head==NULL) return -EINVAL; ret=dispatch_policy_getfirstmatchrule(policy,&match_rule); if(ret<0) return ret; while(match_rule!=NULL) { if(match_rule->area==MATCH_AREA_RECORD) { if(match_rule->type==0) return 1; if((match_rule->type!=msg_head->record_type)|| (match_rule->subtype!=msg_head->record_subtype)) return 0; if(match_rule->match_template==NULL) return 1; ret=message_get_record(message,&msg_record,0); if(ret<0) return ret; if(msg_record==NULL) return 0; return struct_part_compare(match_rule->value,msg_record,match_rule->match_template,match_flag); } else { return 0; } } }
int user_addr_store(void * sub_proc,void * message) { int ret; struct user_address * user_addr; MSG_EXPAND * expand; struct expand_flow_trace * flow_trace; struct login_info * login_data; DB_RECORD * db_record; int trace_offset; ret=message_get_record(message,&login_data,0); if(ret<0) return ret; ret=message_get_define_expand(message,&expand,DTYPE_MSG_EXPAND,SUBTYPE_FLOW_TRACE); if(ret<0) return ret; if(expand==NULL) return -EINVAL; flow_trace=expand->expand; if(flow_trace->record_num<=0) return -EINVAL; trace_offset=DIGEST_SIZE*(flow_trace->record_num-1); db_record=memdb_find_byname(login_data->user,DTYPE_CRYPTO_DEMO,SUBTYPE_USER_ADDR); if(db_record!=NULL) { user_addr=(struct user_address *)db_record->record; if(Memcmp(user_addr->addr,flow_trace->trace_record+trace_offset,DIGEST_SIZE)==0) return 0; memdb_remove_record(db_record); } user_addr=Talloc0(sizeof(struct user_address)); if(user_addr==NULL) return -ENOMEM; Strncpy(user_addr->user,login_data->user,DIGEST_SIZE); Memcpy(user_addr->addr,flow_trace->trace_record+trace_offset,DIGEST_SIZE); memdb_store(user_addr,DTYPE_CRYPTO_DEMO,SUBTYPE_USER_ADDR,login_data->user); return 1; }
int proc_compute_vmpolicy(void * sub_proc,void * message) { MESSAGE_HEAD * message_head; struct vm_policy * policy; struct vm_info * vm; int retval; int count=0; int i,j; int ret; char local_uuid[DIGEST_SIZE*2+1]; char proc_name[DIGEST_SIZE*2+1]; ret=proc_share_data_getvalue("uuid",local_uuid); if(ret<0) return ret; ret=proc_share_data_getvalue("proc_name",proc_name); if(ret<0) return ret; for(i=0;i<MAX_RECORD_NUM;i++) { retval=message_get_record(message,&vm,i); if(retval<0) break; if(vm==NULL) break; struct tcm_pcr_set * boot_pcrs; struct tcm_pcr_set * running_pcrs; ret=build_nova_vm_policy(vm->uuid,&boot_pcrs, &running_pcrs,&policy); ExportPolicy("PCRP"); ExportPolicy("VM_P"); } return; }
int dispatch_match_message(void * policy,void * message) { int ret; int result=0; int prev_result=0; int match_rule_num=0; DISPATCH_POLICY * dispatch_policy=(DISPATCH_POLICY *)policy; MATCH_RULE * match_rule; MSG_HEAD * msg_head; void * msg_record; void * record_template; msg_head=message_get_head(message); if(msg_head==NULL) return -EINVAL; if(dispatch_policy->name!=NULL) { if(msg_head->route[0]!=0) if(Strncmp(dispatch_policy->name,msg_head->route,DIGEST_SIZE)!=0) return 0; } ret=dispatch_policy_getfirstmatchrule(policy,&match_rule); if(ret<0) return ret; while(match_rule!=NULL) { if((match_rule->area==0)||(match_rule->area==MATCH_AREA_HEAD)) { if(match_rule->type==0) result=1; else if(match_rule->type ==msg_head->record_type) { if(match_rule->subtype==0) result= 1; else if(match_rule->subtype==msg_head->record_subtype) result = 1; } else { result = 0; } } else if(match_rule->area==MATCH_AREA_RECORD) { if(match_rule->type==0) result = 1; else if((match_rule->type!=msg_head->record_type)|| (match_rule->subtype!=msg_head->record_subtype)) result = 0; else if(match_rule->match_template==NULL) result = 1; else { ret=message_get_record(message,&msg_record,0); if(ret<0) result =ret; else if(msg_record==NULL) result = 0; else if(!struct_part_compare(match_rule->value,msg_record,match_rule->match_template,match_flag)) result = 1; else result = 0; } } else if(match_rule->area==MATCH_AREA_EXPAND) { MSG_EXPAND * msg_expand; void * expand_template; ret=message_get_define_expand(message,&msg_expand,match_rule->type,match_rule->subtype); if(msg_expand==NULL) result=0; else if(match_rule->value==NULL) result=1; else { // expand_template=memdb_get_template(match_rule->type,match_rule->subtype); if(match_rule->match_template==NULL) result=0; else { if(!struct_part_compare(match_rule->value,msg_expand->expand, match_rule->match_template,match_flag)) result = 1; else result = 0; } } } else { result = 0; } if(result<0) return result; switch(match_rule->op) { case DISPATCH_MATCH_AND: if(result==0) return result; prev_result=1; break; case DISPATCH_MATCH_OR: if(result>0) return result; break; case DISPATCH_MATCH_NOT: if(result>0) return 0; prev_result=1; break; case DISPATCH_MATCH_ORNOT: if(result==0) return 1; break; default: return -EINVAL; } match_rule_num++; ret=dispatch_policy_getnextmatchrule(policy,&match_rule); if(ret<0) return ret; } if(match_rule_num==0) return 0; return prev_result; }
int proc_tcm_activateidentity(void * sub_proc,void * recv_msg) { int ret=0; int fd; BYTE Buf[DIGEST_SIZE*32]; BYTE NameBuf[DIGEST_SIZE*4]; BYTE KeyBuf[DIGEST_SIZE*4]; BYTE digest[DIGEST_SIZE]; UINT32 result; DB_RECORD * db_record; RECORD(TCM_PIK_DESC,USERINFO) * pik_userinfo; RECORD(TCM_PIK_DESC,CADATA) * pik_cadata; RECORD(TCM_PIK_DESC,PIKCERT) * pik_cert; RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik; RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub; RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) * tcm_pik_info; TCM_SYMMETRIC_KEY symmkey; void * new_msg; int key_len; void * tcm_key_template; UINT32 smkHandle; UINT32 ownerHandle; UINT32 keyHandle; UINT32 keyAuthHandle; char uuid[DIGEST_SIZE*2+1]; printf("begin pik activateidentity!\n"); // get pik cadata from message ret=message_get_record(recv_msg,&pik_cadata,0); if(ret<0) return -EINVAL; if(pik_cadata==NULL) return -EINVAL; // find pikinfo record db_record=memdb_find_first(TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),"pubkey_uuid",pik_cadata->pikpub_uuid); if(db_record==NULL) { print_cubeerr("can't find pik record!\n"); return -EINVAL; } tcm_pik_info=db_record->record; // get pik file name digest_to_uuid(tcm_pik_info->uuid,uuid); uuid[DIGEST_SIZE*2]=0; printf("get pik's uuid is %s!\n",uuid); Strcpy(NameBuf,"tcmkey/"); Strcat(NameBuf,uuid); ret=TCM_ExLoadTcmKey(&tcm_pik,NameBuf); if(ret!=0) { print_cubeerr("Load TCMKey from file failed!\n"); return ret; } // Load pik to TCM ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle); printf("smkHandle is : %x\n",smkHandle); if(ret<0) { printf("TCM_APCreate failed!\n"); return -EINVAL; } ret=TCM_LoadKey(smkHandle,NameBuf,&keyHandle); if(ret!=0) { print_cubeerr("TCM_LoadKey failed!\n"); return ret; } ret=TCM_APTerminate(smkHandle); if(ret!=0) { printf("TCM_APTerminate failed!\n"); return ret; } // do the activateidentity ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle); printf("ownerHandle is : %x\n",ownerHandle); if(ret<0) { print_cubeerr("TCM_APCreate failed!\n"); return -EINVAL; } ret=TCM_APCreate(TCM_ET_KEYHANDLE,keyHandle, "kkk", &keyAuthHandle); printf("pikHandle is : %x\n",keyAuthHandle); if(ret!=0) { printf("TCM_APCreate failed!\n"); return -EINVAL; } ret=TCM_ActivateIdentity(keyHandle,keyAuthHandle,ownerHandle, pik_cadata->symmkey_len,pik_cadata->symmkey,&symmkey,"ooo","kkk"); if(ret!=0) { printf("TCM_ActivateIdentity failed!\n"); return -EINVAL; } ret=TCM_APTerminate(ownerHandle); if(ret<0) { printf("TCM_APTerminate failed!\n"); return -EINVAL; } ret=TCM_APTerminate(keyAuthHandle); if(ret<0) { printf("TCM_APTerminate failed!\n"); return -EINVAL; } ret=TCM_EvictKey(keyHandle); if(ret<0) { printf("TCM_APTerminate failed!\n"); return -EINVAL; } // decrypt cert blob int blobsize; BYTE * cert; int certsize; ret=TCM_ExSymmkeyDecrypt(&symmkey,pik_cadata->cert,pik_cadata->certlen,&cert,&certsize); if(ret!=0) { printf("decrypt cert blob file error!\n"); return -EINVAL; } int offset; for(offset=0;cert[offset]==0;offset++) { if((offset>=16)|| (offset>=certsize)) { print_cubeerr("cert data failed!\n"); return -EINVAL; } } // build pik cert, it is organized by userinfo, pubkey and ca_conts // pik_cert=Talloc0(sizeof(*pik_cert)); if(pik_cert==NULL) return -ENOMEM; tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,VERIFYDATA)); if(tcm_key_template==NULL) return -EINVAL; ret=blob_2_struct(cert+offset,&pik_cert->verifydata,tcm_key_template); if(ret<0) return -EINVAL; db_record=memdb_find(pik_cadata->userinfo_uuid,TYPE_PAIR(TCM_PIK_DESC,USERINFO)); if(db_record==NULL) { print_cubeerr("can't find user info data!\n"); return -EINVAL; } pik_userinfo=db_record->record; tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO)); if(tcm_key_template==NULL) return -EINVAL; ret=struct_clone(pik_userinfo,&pik_cert->userinfo,tcm_key_template); if(ret<0) return -EINVAL; ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik); if(ret!=0) { print_cubeerr("Get Pubpik failed!\n"); return -EINVAL; } tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY)); if(tcm_key_template==NULL) return -EINVAL; ret=struct_clone(&tcm_pikpub,&pik_cert->pikpub,tcm_key_template); if(ret<0) return -EINVAL; // build a message and send it new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,PIKCERT),recv_msg); if(new_msg==NULL) return -EINVAL; ret=message_add_record(new_msg,pik_cert); if(ret<0) return ret; ret=ex_module_sendmsg(sub_proc,new_msg); return ret; }
int proc_tcm_makeidentity(void * sub_proc,void * recv_msg) { int ret=0; int fd; BYTE local_uuid[DIGEST_SIZE]; BYTE Buf[DIGEST_SIZE*32]; BYTE NameBuf[DIGEST_SIZE*4]; UINT32 result; RECORD(TCM_PIK_DESC,USERINFO) * pik_userinfo; RECORD(MESSAGE,SIZED_BINDATA) req_blob; RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik; RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub; RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) tcm_pik_info; void * new_msg; int key_len; void * tcm_key_template; UINT32 smkHandle; UINT32 ownerHandle; UINT32 keyHandle; UINT32 keyAuthHandle; char uuid[DIGEST_SIZE*2+1]; DB_RECORD * db_record; printf("begin pik makeidentity!\n"); // get pik_userinfo from message ret=message_get_record(recv_msg,&pik_userinfo,0); if(ret<0) return -EINVAL; if(pik_userinfo==NULL) return -EINVAL; // get this node's machine uuid ret=proc_share_data_getvalue("uuid",pik_userinfo->node_uuid); if(ret<0) return ret; // get this node's hostname ret=gethostname(pik_userinfo->node_name,DIGEST_SIZE); if(ret!=0) Memset(pik_userinfo->node_name,0,DIGEST_SIZE); // build tcm session ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle); printf("ownerHandle is : %x\n",ownerHandle); if(ret<0) { print_cubeerr("TCM_APCreate failed!\n"); return -EINVAL; } ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle); printf("smkHandle is : %x\n",smkHandle); if(ret<0) { printf("TCM_APCreate failed!\n"); return -EINVAL; } int userinfolen; BYTE * req; int reqlen; // get userinfo blob tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO)); if(tcm_key_template==NULL) return -EINVAL; userinfolen=struct_2_blob(pik_userinfo,Buf,tcm_key_template); if(userinfolen<0) return userinfolen; db_record=memdb_store(pik_userinfo,TYPE_PAIR(TCM_PIK_DESC,USERINFO),NULL); if(db_record==NULL) return -EINVAL; // do makeidentity ret = TCM_MakeIdentity(ownerHandle, smkHandle, userinfolen,Buf,"kkk", &tcm_pik, &req, &reqlen); if(ret<0) { print_cubeerr("TCM_MakeIdentity failed!\n"); return -EINVAL; } // build an expand message record for req data req_blob.size=reqlen; req_blob.bindata=req; // terminate session ret=TCM_APTerminate(ownerHandle); if(ret<0) { print_cubeerr("TCM_APTerminate failed!\n"); return -EINVAL; } ret=TCM_APTerminate(smkHandle); if(ret<0) { print_cubeerr("TCM_APTerminate failed!\n"); return -EINVAL; } // generate TCM pik info ,left pubkey_uuid for fill tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_KEY)); if(tcm_key_template==NULL) return -EINVAL; key_len=struct_2_blob(&tcm_pik,Buf,tcm_key_template); if(key_len<0) return key_len; Memset(&tcm_pik_info,0,sizeof(tcm_pik_info)); calculate_context_sm3(Buf,key_len,tcm_pik_info.uuid); Memcpy(tcm_pik_info.vtcm_uuid,local_uuid,DIGEST_SIZE); tcm_pik_info.issmkwrapped=1; tcm_pik_info.key_usage=TCM_KEY_IDENTITY; tcm_pik_info.key_flags=TCM_ISVOLATILE|TCM_PCRIGNOREDONREAD; // store pik file digest_to_uuid(tcm_pik_info.uuid,uuid); uuid[DIGEST_SIZE*2]=0; printf("get pik's uuid is %s!\n",uuid); Strcpy(NameBuf,"tcmkey/"); Strcat(NameBuf,uuid); fd=open(NameBuf,O_CREAT|O_WRONLY,0666); if(fd<0) return fd; write(fd,Buf,key_len); close(fd); // Get pikpub from pik // ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik); if(ret!=0) { print_cubeerr("Get Pubpik failed!\n"); return -EINVAL; } tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY)); if(tcm_key_template==NULL) return -EINVAL; key_len=struct_2_blob(&tcm_pikpub,Buf,tcm_key_template); if(key_len<0) return key_len; calculate_context_sm3(Buf,key_len,tcm_pik_info.pubkey_uuid); db_record=memdb_store(&tcm_pik_info,TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),NULL); // build a message and send it new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,USERINFO),recv_msg); if(new_msg==NULL) return -EINVAL; ret=message_add_record(new_msg,pik_userinfo); if(ret<0) return ret; ret=message_add_expand_data(new_msg,TYPE_PAIR(MESSAGE,SIZED_BINDATA),&req_blob); if(ret<0) return -EINVAL; ret=message_add_expand_data(new_msg,TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY),&tcm_pikpub); if(ret<0) return -EINVAL; ret=ex_module_sendmsg(sub_proc,new_msg); return ret; }
int manager_vm_start(void * sub_proc,void * para) { int ret; int retval; void * context; int i; void * recv_msg; char local_uuid[DIGEST_SIZE*2+1]; char proc_name[DIGEST_SIZE*2+1]; const char * type; ret=proc_share_data_getvalue("uuid",local_uuid); if(ret<0) return ret; ret=proc_share_data_getvalue("proc_name",proc_name); if(ret<0) return ret; printf("begin vm manager process!\n"); for(i=0;i<500*1000;i++) { usleep(time_val.tv_usec); ret=sec_subject_recvmsg(sub_proc,&recv_msg); if(ret<0) continue; if(recv_msg==NULL) continue; type=message_get_recordtype(recv_msg); if(type==NULL) continue; if(strncmp(type,"VM_I",4)==0) { proc_store_vm(sub_proc,recv_msg); } if(strncmp(type,"VM_P",4)==0) { proc_store_vm_policy(sub_proc,recv_msg); } if(strncmp(type,"REQC",4)==0) { struct request_cmd * req; ret=message_get_record(recv_msg,&req,0); if(ret<0) { printf("error request command!\n"); continue; } if(strncmp(req->tag,"VM_I",4)==0) { proc_send_vm_info(sub_proc,recv_msg); } else if(strncmp(req->tag,"VM_P",4)==0) { proc_send_vm_policy(sub_proc,recv_msg); } } } return 0; }
int proc_verify(void * sub_proc,void * message) { int type; int subtype; int ret; printf("begin proc login_verify \n"); type=message_get_type(message); if(type!=DTYPE_CRYPTO_DEMO) return -EINVAL; subtype=message_get_subtype(message); if(subtype!=SUBTYPE_LOGIN_INFO) return -EINVAL; void * new_msg; void * record; struct login_info * login_data; struct login_info * lib_data; struct verify_return * return_data; new_msg=message_create(DTYPE_CRYPTO_DEMO,SUBTYPE_VERIFY_RETURN,message); return_data=Talloc0(sizeof(*return_data)); ret=message_get_record(message,&login_data,0); if(ret<0) return ret; lib_data=memdb_get_first_record(type,subtype); while(lib_data!=NULL) { if(Strncmp(lib_data->user,login_data->user,DIGEST_SIZE)==0) break; lib_data=memdb_get_next_record(type,subtype); } if(lib_data==NULL) { return_data->ret_data=dup_str("no such user!",0); return_data->retval=-1; } else { if (Strncmp(lib_data->passwd,login_data->passwd,DIGEST_SIZE)!=0) { return_data->ret_data=dup_str("error passwd!",0); return_data->retval=0; } else { return_data->ret_data=dup_str("login_succeed!",0); return_data->retval=1; ret=user_addr_store(sub_proc,message); if(ret<0) return ret; } } return_data->ret_data_size=Strlen(return_data->ret_data)+1; message_add_record(new_msg,return_data); ex_module_sendmsg(sub_proc,new_msg); return ret; }
int key_manage_start(void * sub_proc,void * para) { int ret; void * recv_msg; int i; const char * type; int fd; enum key_state_type{ NO_KEY, KEY_GENERATE, KEY_SHARED, KEY_ERROR }; enum key_state_type key_state=NO_KEY; struct key_request_cmd * key_req; int count; char local_uuid[DIGEST_SIZE*2+1]; char proc_name[DIGEST_SIZE*2+1]; ret=proc_share_data_getvalue("uuid",local_uuid); ret=proc_share_data_getvalue("proc_name",proc_name); void * sendmsg; ret=local_key_generate(sub_proc); if(ret<0) return ret; key_state=KEY_GENERATE; for(i=0;i<3000*1000;i++) { usleep(time_val.tv_usec); ret=sec_subject_recvmsg(sub_proc,&recv_msg); if(ret<0) continue; if(recv_msg==NULL) continue; type=message_get_recordtype(recv_msg); if(type==NULL) { message_free(recv_msg); continue; } switch(key_state){ case KEY_GENERATE: if(strncmp(type,"ACKI",4)==0) { ret=local_pubkey_share(sub_proc); if(ret<0) return ret; key_state=KEY_SHARED; } break; case KEY_SHARED: if(strncmp(type,"LOGI",4)==0) { struct login_info * user_info; int j=0; ret=message_get_record(recv_msg,&user_info,j++); while(user_info!=NULL) { ret=local_pubkey_request(sub_proc,user_info->user); if(ret<0) break; ret=message_get_record(recv_msg,&user_info,j++); if(ret<0) break; } sec_subject_sendmsg(sub_proc,recv_msg); } else if(strncmp(type,"NKLD",4)==0) { struct node_key_list * pub_keylist; int j=0; ret=message_get_record(recv_msg,&pub_keylist,j++); if(pub_keylist!=NULL) { AddPolicy(pub_keylist,"NKLD"); } ExportPolicy("NKLD"); } break; default: break; } } return 0; }
int proc_symmkey_gen(void * sub_proc,void * recv_msg) { int ret=0; int i=0; struct trust_encdata_info * encdatainfo; struct vTPM_wrappedkey * key_struct; void * send_msg; TSS_HKEY hEnckey; BYTE uuid[DIGEST_SIZE]; DB_RECORD * keyinfo_record; DB_RECORD * key_record; BYTE EncData[DIGEST_SIZE]; BYTE uuidstr[DIGEST_SIZE*2]; char filename[DIGEST_SIZE*4]; char buffer[DIGEST_SIZE*8]; // get message ret=message_get_record(recv_msg,&key_struct,0); if(key_struct==NULL) return -EINVAL; encdatainfo=Calloc(sizeof(*encdatainfo)); if(encdatainfo==NULL) return -ENOMEM; key_record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",key_struct->uuid); if(key_record==NULL) return -EINVAL; hEnckey=key_record->tail; TESI_Local_GetRandom(EncData,DIGEST_SIZE); int fd=open("encdata/tempkey.dat",O_RDWR|O_CREAT|O_TRUNC,0666); if(fd<0) return -EINVAL; write(fd,EncData,DIGEST_SIZE); close(fd); TESI_Local_Bind("encdata/tempkey.dat",hEnckey,"encdata/symmkey.dat"); convert_uuidname("encdata/symmkey",".dat",encdatainfo->uuid,filename); Memcpy(encdatainfo->vtpm_uuid,key_struct->vtpm_uuid,DIGEST_SIZE); Memcpy(encdatainfo->enckey_uuid,key_struct->uuid,DIGEST_SIZE); getcwd(buffer,DIGEST_SIZE*5-6); Strcat(buffer,"/"); Strcat(buffer,filename); encdatainfo->filename=dup_str(buffer,DIGEST_SIZE*7); send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,recv_msg); if(send_msg==NULL) return -EINVAL; message_add_record(send_msg,encdatainfo); memdb_store(encdatainfo,DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,NULL); ex_module_sendmsg(sub_proc,send_msg); ex_module_sendmsg(sub_proc,recv_msg); return ret; }
int monitor_process_start(void * sub_proc,void * para) { int ret; int retval; void * message_box; void * context; void * recv_msg; struct tcloud_connector * temp_conn; int i; char local_uuid[DIGEST_SIZE*2+1]; char proc_name[DIGEST_SIZE*2+1]; char hostname[DIGEST_SIZE*2+1]; ret=proc_share_data_getvalue("uuid",local_uuid); if(ret<0) return ret; ret=proc_share_data_getvalue("proc_name",proc_name); if(ret<0) return ret; ret=proc_share_data_getvalue("host_name",hostname); if(ret<0) return ret; printf("begin compute monitor process!\n"); sleep(2); proc_send_compute_localinfo(sub_proc,NULL); for(i=0;i<3000*1000;i++) { usleep(time_val.tv_usec); ret=sec_subject_recvmsg(sub_proc,&recv_msg); if(ret<0) continue; if(recv_msg==NULL) continue; MESSAGE_HEAD * msg_head; msg_head=get_message_head(recv_msg); if(msg_head==NULL) continue; if(strncmp(msg_head->record_type,"PLAI",4)==0) { proc_send_compute_localinfo(sub_proc,recv_msg); } if(strncmp(msg_head->record_type,"VM_I",4)==0) { proc_compute_vmpolicy(sub_proc,recv_msg,NULL); } if(strncmp(msg_head->record_type,"REQC",4)==0) { struct request_cmd * cmd; ret=message_get_record(recv_msg,&cmd,0); if(strncmp(cmd->tag,"VM_P",4)==0) { proc_send_vmpolicy(sub_proc,recv_msg); } else if(strncmp(cmd->tag,"PLAP",4)==0) { proc_send_computepolicy(sub_proc,recv_msg); } else continue; } } return 0; }
int proc_key_check(void * sub_proc,void * recv_msg) { int ret=0; int i=0; struct trust_demo_keyinfo * keyinfo; struct trust_demo_keyinfo * comp_keyinfo; struct vTPM_wrappedkey * key_struct; void * send_msg; BYTE uuid[DIGEST_SIZE]; DB_RECORD * keyinfo_record; DB_RECORD * key_record; // build a slot_port void * slot_port=ex_module_findport(sub_proc,"key_request"); if(slot_port==NULL) return -EINVAL; ret=message_get_uuid(recv_msg,uuid); if(ret<0) return ret; // build a sock void * sock=slot_create_sock(slot_port,uuid); // get message ret=message_get_record(recv_msg,&keyinfo,0); if(keyinfo!=NULL) { keyinfo_record=find_key_info(keyinfo); if(keyinfo_record!=NULL) { comp_keyinfo=keyinfo_record->record; key_record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",comp_keyinfo->uuid); if(key_record!=NULL) key_struct=key_record->record; ret=slot_sock_addrecorddata(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,comp_keyinfo); if(ret<0) return ret; ex_module_addsock(sub_proc,sock); } else { // build a slot sock to store the (DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO) keyinfo record and wait for the // (DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY) message // build (DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY) message and send it key_struct=Talloc0(sizeof(*key_struct)); if(key_struct==NULL) return -ENOMEM; Memcpy(key_struct->vtpm_uuid,keyinfo->vtpm_uuid,DIGEST_SIZE); key_struct->key_type=keyinfo->key_type; key_struct->key_size=1024; key_struct->keypass=dup_str(keyinfo->passwd,DIGEST_SIZE); ret=slot_sock_addrecorddata(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,keyinfo); if(ret<0) return ret; ex_module_addsock(sub_proc,sock); } send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,recv_msg); if(send_msg==NULL) return -EINVAL; message_add_record(send_msg,key_struct); ex_module_sendmsg(sub_proc,send_msg); } return ret; }
int proc_key_store(void * sub_proc,void * sock) { int ret=0; BYTE uuid[DIGEST_SIZE]; struct vTPM_wrappedkey * key_record; struct vTPM_wrappedkey * pubkey_record; struct trust_demo_keyinfo * keyinfo; struct trust_demo_keyinfo * pubkeyinfo; void * send_msg; void * recv_msg; struct types_pair * types; // get keyinfo record keyinfo= slot_sock_removerecord(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO); if(keyinfo==NULL) return -EINVAL; // get WEAPPED_KEY message recv_msg=slot_sock_removemessage(sock,DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY); if(recv_msg==NULL) return -EINVAL; ret=message_get_record(recv_msg,&key_record,0); if(key_record==NULL) return -EINVAL; Memcpy(keyinfo->uuid,key_record->uuid,DIGEST_SIZE); memdb_store(keyinfo,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,NULL); //memdb_store(key_record,DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,NULL); send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,recv_msg); if(send_msg==NULL) return -EINVAL; message_add_record(send_msg,key_record); ex_module_sendmsg(sub_proc,send_msg); // get PUBLIC_KEY message recv_msg=slot_sock_removemessage(sock,DTYPE_TESI_KEY_STRUCT,SUBTYPE_PUBLIC_KEY); if(recv_msg==NULL) return -EINVAL; ret=message_get_record(recv_msg,&pubkey_record,0); if(pubkey_record==NULL) return -EINVAL; send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_PUBLIC_KEY,recv_msg); if(send_msg==NULL) return -EINVAL; message_add_record(send_msg,pubkey_record); ex_module_sendmsg(sub_proc,send_msg); // build a public key_info struct /* Memcpy(pubkeyinfo,keyinfo,sizeof(*pubkey_info)); Memcpy(pubkeyinfo->uuid,pubkey_record->uuid,DIGEST_SIZE); keyinfo->ispubkey=1; send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,NULL); if(send_msg==NULL) return -EINVAL; message_add_record(send_msg,keyinfo); ex_module_sendmsg(sub_proc,send_msg); */ send_msg=message_create(DTYPE_MESSAGE,SUBTYPE_TYPES,NULL); if(send_msg==NULL) return -EINVAL; types=Talloc(sizeof(*types)); if(types==NULL) return -EINVAL; types->type=DTYPE_TRUST_DEMO; types->subtype=SUBTYPE_KEY_INFO; message_add_record(send_msg,types); types=Talloc(sizeof(*types)); if(types==NULL) return -EINVAL; types->type=DTYPE_TESI_KEY_STRUCT; types->subtype=SUBTYPE_WRAPPED_KEY; message_add_record(send_msg,types); types=Talloc(sizeof(*types)); if(types==NULL) return -EINVAL; types->type=DTYPE_TESI_KEY_STRUCT; types->subtype=SUBTYPE_PUBLIC_KEY; message_add_record(send_msg,types); types=Talloc(sizeof(*types)); if(types==NULL) return -EINVAL; types->type=DTYPE_TRUST_DEMO; types->subtype=SUBTYPE_ENCDATA_INFO; message_add_record(send_msg,types); ex_module_sendmsg(sub_proc,send_msg); return 0; }
int proc_key_response(void * sub_proc,void * message) { struct policyfile_data * response_data; struct policyfile_data * response_cert; int ret; TSS_RESULT result; BYTE buf[2048]; void * send_msg; void * send_msg2; struct key_request_cmd * key_req; printf("begin key response!\n"); int blobsize=0; ret=message_get_record(message,&key_req,0); if(ret<0) return -EINVAL; if(key_req->keyusage == TPM_KEY_IDENTITY) { // bind_client request AIK // send aik file ret=build_filedata_struct(&response_data,"pubkey/AIK.pem"); if(ret<0) return -EINVAL; send_msg=message_create("FILD",message); if(send_msg!=NULL) { message_add_record(send_msg,response_data); sec_subject_sendmsg(sub_proc,send_msg); } // send aik cert file ret=build_filedata_struct(&response_cert,"cert/AIK.sda"); if(ret<0) return -EINVAL; send_msg2=message_create("FILD",message); if(send_msg2!=NULL) { message_add_record(send_msg2,response_cert); sec_subject_sendmsg(sub_proc,send_msg2); } } else if(key_req->keyusage == TPM_KEY_BIND) { // bind_client request bindkey // generate bindkey and bindkey cert result=bind_key_generate(); if(result!=TSS_SUCCESS) { return -EINVAL; } // send bindkey file ret=build_filedata_struct(&response_data,"pubkey/bindpubkey.pem"); if(ret<0) return -EINVAL; send_msg=message_create("FILD",message); if(send_msg!=NULL) { message_add_record(send_msg,response_data); sec_subject_sendmsg(sub_proc,send_msg); } // send bindkey cert file ret=build_filedata_struct(&response_cert,"cert/bindkey.val"); if(ret<0) return -EINVAL; send_msg2=message_create("FILD",message); if(send_msg2!=NULL) { message_add_record(send_msg2,response_cert); sec_subject_sendmsg(sub_proc,send_msg2); } ret=bind_key_memdb_init(); if(ret<0) { printf("load bindkey error %d!\n",ret); } return ret; } else return -EINVAL; return 0; }
int proc_key_recover(void * sub_proc,void * recv_msg) { int ret; DB_RECORD * record; struct trust_filecrypt_info * filecrypt_info; struct trust_filecrypt_info * decrypt_info; struct trust_encdata_info * encdata_info; struct vTPM_wrappedkey * key_struct; void * send_msg; struct types_pair * types; ret=message_get_record(recv_msg,&filecrypt_info,0); if(filecrypt_info==NULL) return -EINVAL; if(!Isemptyuuid(filecrypt_info->encdata_uuid)) { memdb_store(filecrypt_info,DTYPE_TRUST_DEMO,SUBTYPE_FILECRYPT_INFO,NULL); send_msg=message_create(DTYPE_MESSAGE,SUBTYPE_TYPES,NULL); if(send_msg==NULL) return -EINVAL; types=Talloc(sizeof(*types)); if(types==NULL) return -EINVAL; types->type=DTYPE_TRUST_DEMO; types->subtype=SUBTYPE_FILECRYPT_INFO; message_add_record(send_msg,types); ex_module_sendmsg(sub_proc,send_msg); } else if(!Isemptyuuid(filecrypt_info->cipher_uuid)) { record=memdb_find_first(DTYPE_TRUST_DEMO,SUBTYPE_FILECRYPT_INFO,"cipher_uuid",filecrypt_info->cipher_uuid); if(record==NULL) return -EINVAL; decrypt_info=record->record; record=memdb_find_first(DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,"uuid",decrypt_info->encdata_uuid); if(record==NULL) return -EINVAL; encdata_info=record->record; record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",encdata_info->enckey_uuid); if(record==NULL) return -EINVAL; key_struct=record->record; // send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_FILECRYPT_INFO,recv_msg); // if(send_msg==NULL) // return -EINVAL; // message_add_record(send_msg,decrypt_info); // ex_module_sendmsg(sub_proc,send_msg); send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,recv_msg); if(send_msg==NULL) return -EINVAL; message_add_record(send_msg,encdata_info); ex_module_sendmsg(sub_proc,send_msg); send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,recv_msg); if(send_msg==NULL) return -EINVAL; message_add_record(send_msg,key_struct); ex_module_sendmsg(sub_proc,send_msg); } return 0; }