示例#1
0
int build_compute_pcrlib(char * dev,char * compute_desc,int trust_level)
{
	char digest[DIGEST_SIZE];
	struct tcm_pcr_set * pcrs;
	struct tcm_pcr_set * boot_pcrs;
	char desc[512];
	int i;
	int ret;

	// build this image's MBR policy  
	boot_pcrs=build_MBR_pcrpolicy(dev,compute_desc);
	if(boot_pcrs!=NULL)
	{
		boot_pcrs->trust_level=trust_level;
		AddPolicy(boot_pcrs,"PCRP");
	}

	for(i=0;compute_pcr_filelist[i].filelist!=NULL;i++)
	{
		sprintf(desc,"%s %s",compute_desc,compute_pcr_filelist[i].tail_desc);
		pcrs=build_filelist_policy(NULL,compute_pcr_filelist[i].filelist,
			compute_pcr_filelist[i].pcr_index,desc);
		pcrs->trust_level=trust_level;
		AddPolicy(pcrs,"PCRP");
	}

	ExportPolicy("PCRP");
	return 0;
}
示例#2
0
int proc_key_storage(void * sub_proc,void * message)
{
	const char * type;
	int i;
	int ret;
	printf("begin proc key storage \n");
	struct message_box * msg_box=message;

	void * record;
	
	i=0;

	ret=message_get_record(message,&record,i++);
	if(ret<0)
		return ret;
	while(record!=NULL)
	{
		AddPolicy(record,"NKLD");
		ret=message_get_record(message,&record,i++);
		if(ret<0)
			return ret;
	}
	ExportPolicy("NKLD");
	return ret;
}
示例#3
0
int proc_store_vm(void * sub_proc,void * message)
{
	MESSAGE_HEAD * message_head;
	struct vm_info * vm;
	int retval;
	int count=0;
	int i;
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	struct platform_info * host;
	retval=proc_share_data_getvalue("uuid",local_uuid);
	if(retval<0)
		return retval;
	retval=proc_share_data_getvalue("proc_name",proc_name);

	if(retval<0)
		return retval;

		// monitor send a new vm message
//	memset(vm,0,sizeof(struct vm_info));
  	vm = NULL;
	for(i=0;i<MAX_RECORD_NUM;i++)
	{
		retval=message_get_record(message,&vm,i);
		if(retval<0)
			break;
		if(vm==NULL)
			break;
		void * oldvm;
		printf("policy server receive vm  %s's info from monitor!\n",vm->uuid);
		FindPolicy(vm->uuid,"VM_I",&oldvm);
		if(oldvm!=NULL)
		{
			printf("this vm already in the VM_I lib!\n");
			continue;
		}
		GetFirstPolicy(&host,"PLAI");
		while(host!=NULL)
		{
			if(!strncmp(vm->host,host->name,DIGEST_SIZE*2))
			{
		 		memcpy(vm->platform_uuid,host->uuid,DIGEST_SIZE*2);	
				AddPolicy(vm,"VM_I");
				break;
			}
			GetNextPolicy(&host,"PLAI");
		}
		if(host==NULL)
		{
			printf("can't find vm %s's host!\n",vm->uuid);
			continue;
		}
	}
		// send a message to manager_trust
	retval=ExportPolicyToFile("./lib/VM_I.lib","VM_I");
		// send a message to manager_trust
	return count;
}
示例#4
0
//int build_glance_image_policy(char * uuid,void ** boot_pcrs, void ** running_pcrs,int devno,void ** policy)
int build_glance_image_policy(char * uuid,void ** boot_pcrs, void ** running_pcrs,void ** policy)
{

	char cmd[512];
	char desc[512];
	char namebuf[512];
	char digest[DIGEST_SIZE];
	struct policy_file * pfile;
	struct vm_policy * image_policy;
	void * struct_template;
	int ret;
	void * sec_respool;
	void * sec_res;

	struct tcm_pcr_set * image_boot_pcrs;
	struct tcm_pcr_set * image_running_pcrs;


        sprintf(namebuf,"/var/lib/glance/images/%s",uuid);

	char dev[DIGEST_SIZE*2];
	char part_dev[DIGEST_SIZE*2];
	char mountpoint[DIGEST_SIZE*2];

	/*

	sprintf(dev,"/dev/nbd%d",devno);
	sprintf(mountpoint,"./mnt%d",devno);
	*/
	sec_respool=find_sec_respool("image_mntpoint");
	ret=sec_respool_getres(sec_respool,&sec_res);
	sec_resource_getvalue(sec_res,"dev_name",dev);
	sec_resource_getvalue(sec_res,"mount_path",mountpoint);

	sprintf(cmd,"mkdir %s",mountpoint);
	system(cmd);  

	mount_image(namebuf,dev,mountpoint);
	
	ret=build_image_boot_pcrs(dev,mountpoint,uuid,&image_boot_pcrs);
	ret=build_image_running_pcrs(dev,mountpoint,uuid,&image_running_pcrs);

	ret=build_entity_policy(uuid,NULL,image_boot_pcrs,image_running_pcrs,uuid,&image_policy);

	if(image_policy!=NULL)
	AddPolicy(image_policy,"IMGP");
	umount_image(dev,mountpoint);
	sprintf(cmd,"rmdir %s",mountpoint);
	system(cmd);  
	ExportPolicy("IMGP");
	*boot_pcrs=image_boot_pcrs;
	*running_pcrs=image_running_pcrs;
	*policy=image_policy;
	return 0;
}
示例#5
0
 /** \brief adds new element to queue.
  *  \param e element to be added.
  */
 void push(const value_type &e)
 {
   {
     const AddPolicy ap=AddPolicy();
     const Lock      lock(mutex_);
     if( !ap(q_, e) )      // element should not be added?
       return;
     q_.push_back(e);      // add element to queue
   }
   cond_.notify_one();     // signal presence of new entry
 }
示例#6
0
int vtpm_memdb_init()  // get the tpm information and init the vtpm database
{
	int retval;
	int ret;
	char * record_package;
	TSS_HKEY 		hSignKey;
	TSS_RESULT result;
	BYTE digest[DIGEST_SIZE];

	struct vTPM_info	*local_tpm;
	struct vTPM_wrappedkey	*local_signkey;
	struct vTPM_publickey   *local_signpubkey;
	char * keypass="******";

	local_tpm=malloc(sizeof(struct vTPM_info));
	if(local_tpm==NULL)
		return -ENOMEM;

	local_signkey=malloc(sizeof(struct vTPM_wrappedkey));
	if(local_signkey==NULL)
		return -ENOMEM;

	local_signpubkey=malloc(sizeof(struct vTPM_publickey));
	if(local_signpubkey==NULL)
		return -ENOMEM;

	// if it is the first time to exec it, we should create a sign key for controller.

	result=TESI_Local_Reload();

	if ( result != TSS_SUCCESS )
	{
		printf("TESI_Local_Load Err!\n");
		return result;
	}
		// create this vtpm's info struct
	
	char local_uuid[DIGEST_SIZE*2+1];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);

	ret=create_physical_tpm_struct(local_tpm,local_uuid,"vtpm_manager","ooo","sss",NULL,NULL);
       	AddPolicy(local_tpm,"VM_T");
       	ExportPolicyToFile("lib/VM_T.lib","VM_T");

	printf("create local tpm info success!\n");
	TESI_Local_Fin();
	return 0;
}
示例#7
0
int build_image_pcrlib(char * dev,char *mountpoint,char * image_desc,int trust_level)
{
	char digest[DIGEST_SIZE];
	struct tcm_pcr_set * pcrs;
	struct tcm_pcr_set * boot_pcrs;
	char desc[512];
	int i;
	int ret;

	// build this image's MBR policy  
	boot_pcrs=build_MBR_pcrpolicy(dev,image_desc);
	if(boot_pcrs!=NULL)
	{
		boot_pcrs->trust_level=trust_level;
		AddPolicy(boot_pcrs,"PCRP");
		ExportPolicy("PCRP");
	}
	build_image_kernelpcr(mountpoint,image_desc,trust_level);

	for(i=0;vm_pcr_filelist[i].filelist!=NULL;i++)
	{
		if(vm_pcr_filelist[i].trust_level!=trust_level)
			continue;
		sprintf(desc,"%s %s",image_desc,vm_pcr_filelist[i].tail_desc);
		pcrs=build_filelist_policy(mountpoint,vm_pcr_filelist[i].filelist,
			vm_pcr_filelist[i].pcr_index,desc);
		if(pcrs!=NULL)
		{
			pcrs->trust_level=trust_level;
			AddPolicy(pcrs,"PCRP");
		}
	}

	ExportPolicy("PCRP");
	return 0;
}
示例#8
0
int proc_store_vm_policy(void * sub_proc,void * message)
{
	MESSAGE_HEAD * message_head;
	struct vm_policy * vm;
	int retval;
	int ret;
	int count=0;
	int i;
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	if(ret<0)
		return ret;
	ret=proc_share_data_getvalue("proc_name",proc_name);

	if(ret<0)
		return ret;
	printf("begin vm policy process!\n");

		// monitor send a new vm message
//	memset(vm,0,sizeof(struct vm_policy));
  	vm = NULL;
	for(i=0;i<MAX_RECORD_NUM;i++)
	{
		retval=message_get_record(message,&vm,i);
		if(retval<0)
			break;
		if(vm==NULL)
			break;
		void * oldvm;
		printf("policy server receive vm  %s's info from monitor!\n",vm->uuid);
		FindPolicy(vm->uuid,"VM_P",&oldvm);
		if(oldvm!=NULL)
		{
			printf("this vm already in the VM_I lib!\n");
			continue;
		}
		AddPolicy(vm,"VM_P");
	}
		// send a message to manager_trust
	retval=ExportPolicyToFile("./lib/VM_P.lib","VM_P");
		// forward  message to verifier
	return count;
}
示例#9
0
int build_image_kernelpcr(char * mountpoint,char * image_desc,int trust_level)
{
	char *boot_file_list[]={
		"/boot/grub/grub.conf",
		"/boot/grub/menu.lst",
		NULL
	};
	FILE * fp;
	char *file_arg[MAX_ARG_NUM];
	char filename[512];
	char kernelname[256];
	char initrdname[256];
	int  retval;
	int i;
	struct tcm_pcr_set * pcrs;
	char digest[DIGEST_SIZE];
	char desc[512];

	for(i=0;boot_file_list[i]!=NULL;i++)
	{
		sprintf(filename,"%s/%s",mountpoint,boot_file_list[i]);
		fp=fopen(filename,"r");
		if(fp!=NULL)
			break;
	}
	if(boot_file_list[i]==NULL)
	{
		printf("can't find image %s's boot file\n ",image_desc);
		return -EINVAL;
	}

	file_arg[0]=malloc(MAX_LINE_LEN);
	if(file_arg[0]==NULL)
		return -ENOMEM;
	
	do {
		retval=read_arg(fp,file_arg);
		if(retval<0)
			break;
		if(retval==0)
			continue;
		if(strcmp(file_arg[0],"kernel")!=0)
			continue;
		strncpy(kernelname,file_arg[1],256);
		retval=read_arg(fp,file_arg);
		if(retval<0)
			break;
		if(retval==0)
			continue;
		if(strcmp(file_arg[0],"initrd")!=0)
			continue;
		strncpy(initrdname,file_arg[1],256);
		pcrs=build_empty_pcr_set();
		sprintf(desc,"image %s 's kernel digest",image_desc);
		pcrs->policy_describe=dup_str(desc,0);
		sprintf(filename,"%s/%s",mountpoint,kernelname);
		calculate_sm3(filename,digest);
		add_pcr_to_set(pcrs,KERNEL_PCR_INDEX,digest);
		sprintf(filename,"%s/%s",mountpoint,initrdname);
		calculate_sm3(filename,digest);
		add_pcr_to_set(pcrs,KERNEL_PCR_INDEX,digest);
		pcrs->trust_level=trust_level;
		AddPolicy(pcrs,"PCRP");
//		break;
	}while(1);
	ExportPolicy("PCRP");

	return 0;
}
示例#10
0
int main(int argc,char *argv[])
{
	int i,j,num;
	
	int retval;
	int recordsize,certsize;
	
	int templen;
	void *p;
	unsigned char *temp;
	struct stat statbuf;
	BYTE * buffer, *databuffer;
	int fd;

	retval=0;

	// test the policy function
	InitPolicyLib();

	LoadTxtPolicyFile("../txtpolicy/sublist.txt","SUBL",&buffer);
	LoadPolicyData(buffer);
	free(buffer);

	char * newPolicyString="/etc/rc2.d/s02syslog	syslog	0	16	AAAAAAAAAAA	20 	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
	void * policy;
	policy=BuildPolicy(newPolicyString,"SUBL");
	if(policy==NULL)
	{
		printf("Build Policy Struct Error!");
		return 0;
	}
	OutPutPolicy(policy,"SUBL");
	printf("\n");
	AddPolicy(policy,"SUBL");
	char * newPolicyString1="/etc/rc2.d/s02syslog	device	0	12	AAAAAAAAAAA	0";
	policy=BuildPolicy(newPolicyString1,"SUBL");
	if(policy==NULL)
	{
		printf("Build Policy Struct Error!");
		return 0;
	}
	AddPolicy(policy,"SUBL");

	policy=FindPolicy("$auditd","SUBL");

	UpdatePolicyFile("SUBL");

	LoadPolicy("SUBL");

	policy=GetFirstPolicy("SUBL");
	i=0;
	while(policy!=NULL)
	{
		OutPutPolicy(policy,"SUBL");
		printf("\n");
		policy=GetNextPolicy("SUBL");
		i++;
	}	

	//  update OBJL policy
	LoadTxtPolicyFile("../txtpolicy/objlist.txt","OBJL",&buffer);
	LoadPolicyData(buffer);
	free(buffer);
	policy=GetFirstPolicy("OBJL");
	i=0;
	while(policy!=NULL)
	{
		OutPutPolicy(policy,"OBJL");
		printf("\n");
		policy=GetNextPolicy("OBJL");
		i++;
	}	
	UpdatePolicyFile("OBJL");

	//  update AUUL policy
	LoadTxtPolicyFile("../txtpolicy/uidfile.txt","AUUL",&buffer);
	LoadPolicyData(buffer);
	free(buffer);
	policy=GetFirstPolicy("AUUL");
	i=0;
	while(policy!=NULL)
	{
		OutPutPolicy(policy,"AUUL");
		printf("\n");
		policy=GetNextPolicy("AUUL");
		i++;
	}	
	UpdatePolicyFile("AUUL");

	// update AUDI policy
	LoadTxtPolicyFile("../txtpolicy/auditlist.txt","AUDI",&buffer);
	LoadPolicyData(buffer);
	free(buffer);
	policy=GetFirstPolicy("AUDI");
	i=0;
	while(policy!=NULL)
	{
		OutPutPolicy(policy,"AUDI");
		printf("\n");
		policy=GetNextPolicy("AUDI");
		i++;
	}	
	UpdatePolicyFile("AUDI");

	// test the policy function
/*	
	void * filter1, *filter2;
	void * auditlist;

	filter1=CreateAuditFilter();
	filter2=CreateAuditFilter();
	
	time_t time;
	time=ConvertTimeString("20111117120000");

	SetAuditFilterAttr(filter1,"tm1",&time);
	unsigned short Bret=0xff;
	SetAuditFilterAttr(filter1,"Bret",&Bret);

	auditlist=CreateAuditList();

	SetAuditFilterOp(filter1,AUDIT_PROBE_EXEC_FILE,1);
	SetAuditListFilter(auditlist,filter1);
	SetAuditListType(auditlist,KEY_AUDIT_RECORD);
	retval=ReadAuditList(auditlist);
	printf("read %d audit record!\n",retval);
		
	AUDIT_RECORD audit_record;	
	retval=GetLastAuditRecord(&audit_record,auditlist);
	while(retval>0)
	{
		if(IfAuditRecordHasExpand(&audit_record))
		{
			void * currsite;
			currsite=GetCurrRecordSite(auditlist);
			OutputAuditRecordWithExpand(&audit_record,
				currsite,auditlist);
		}
		else
		{
			OutputAuditRecord(&audit_record);

		}	
		retval=GetPrevAuditRecord(&audit_record,auditlist);
	}
	

	DelAuditList(auditlist);
	DelAuditFilter(filter1);
	DelAuditFilter(filter2);
	*/
	return 0;
}
示例#11
0
int key_manage_start(void * sub_proc,void * para)
{
	int ret;
	void * recv_msg;
	int i;
	const char * type;
	int fd;

	enum key_state_type{
		NO_KEY,
		KEY_GENERATE,
		KEY_SHARED,
		KEY_ERROR
	}; 

	enum key_state_type key_state=NO_KEY;
	struct key_request_cmd * key_req;
	int count;
	
	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	ret=proc_share_data_getvalue("proc_name",proc_name);
	void * sendmsg;
	
	ret=local_key_generate(sub_proc);	
	if(ret<0)
		return ret;
	key_state=KEY_GENERATE;
	for(i=0;i<3000*1000;i++)
	{
		usleep(time_val.tv_usec);
		ret=sec_subject_recvmsg(sub_proc,&recv_msg);
		if(ret<0)
			continue;
		if(recv_msg==NULL)
			continue;

 		type=message_get_recordtype(recv_msg);
		if(type==NULL)
		{
			message_free(recv_msg);
			continue;
		}

		switch(key_state){
			case KEY_GENERATE:
				if(strncmp(type,"ACKI",4)==0)
				{
					ret=local_pubkey_share(sub_proc);
					if(ret<0)
						return ret;
					key_state=KEY_SHARED;
				}
				break;
			case KEY_SHARED:
				if(strncmp(type,"LOGI",4)==0)
				{
					struct login_info * user_info;
					int j=0;
					
					ret=message_get_record(recv_msg,&user_info,j++);
					
					while(user_info!=NULL)
					{
						ret=local_pubkey_request(sub_proc,user_info->user);
						if(ret<0)
							break;
						ret=message_get_record(recv_msg,&user_info,j++);
						if(ret<0)
							break;
					}
					sec_subject_sendmsg(sub_proc,recv_msg);
				}
				else if(strncmp(type,"NKLD",4)==0)
				{
					struct node_key_list * pub_keylist;
					int j=0;
					
					ret=message_get_record(recv_msg,&pub_keylist,j++);
					
					if(pub_keylist!=NULL)
					{
						AddPolicy(pub_keylist,"NKLD");
					}
					ExportPolicy("NKLD");
				}
				
				break;
			default:
				break;
		}
	}
	return 0;
}
示例#12
0
int local_key_generate(void * sub_proc)
{
	struct node_key_list * local_keylist;
	struct node_key_list * pub_keylist;
	struct key_request_cmd * key_req;
	int ret;
	int fd;
	int i;
	int count;
	char uuidname[DIGEST_SIZE*2+16];
	enum local_key_state{
		NO_AIKEY,
		AIK_REQUEST,
		AIK_GENERATE,
		AIK_VERIFY,
		BINDKEY_GENERATE,
		BINDKEY_VERIFY,
		SIGNKEY_GENERATE,
		SIGNKEY_VERIFY,
		LOCAL_KEY_ERROR=0xffff
	}; 

	enum local_key_state key_state=NO_AIKEY;

	char local_uuid[DIGEST_SIZE*2+1];
	char proc_name[DIGEST_SIZE*2+1];
	char proc_uuid[DIGEST_SIZE*2+1];
	BYTE digest[DIGEST_SIZE];
	char temp_uuid[DIGEST_SIZE*2];
	void * sendmsg;
	
	ret=proc_share_data_getvalue("uuid",local_uuid);
	ret=proc_share_data_getvalue("proc_name",proc_name);
	comp_proc_uuid(local_uuid,proc_name,proc_uuid);

	ret=FindPolicy(proc_uuid,"LKLD",&local_keylist);
	if((ret<0) || (local_keylist==NULL))
	{
		key_state=NO_AIKEY;
		local_keylist=malloc(sizeof(struct node_key_list));
		if(local_keylist==NULL)
			return -ENOMEM;
		memset(local_keylist,0,sizeof(struct node_key_list));
		memcpy(local_keylist->nodeuuid,proc_uuid,DIGEST_SIZE*2);
		memcpy(local_keylist->localuuid,local_uuid,DIGEST_SIZE*2);
		memcpy(local_keylist->nodename,proc_name,DIGEST_SIZE*2);
		local_keylist->isnodelocal=1;
		ret=AddPolicy(local_keylist,"LKLD");
		if(ret<0)
			return -EINVAL;		
		pub_keylist=malloc(sizeof(struct node_key_list));
		if(pub_keylist==NULL)
			return -ENOMEM;
		memset(pub_keylist,0,sizeof(struct node_key_list));
		memcpy(pub_keylist->nodeuuid,proc_uuid,DIGEST_SIZE*2);
		memcpy(pub_keylist->localuuid,local_uuid,DIGEST_SIZE*2);
		memcpy(pub_keylist->nodename,proc_name,DIGEST_SIZE*2);
		pub_keylist->isnodelocal=1;
		ret=AddPolicy(local_keylist,"NKLD");
		if(ret<0)
			return -EINVAL;		

	}
	else
	{
		ret=FindPolicy(proc_uuid,"NKLD",&pub_keylist);
		if(ret<0)
			return -EINVAL;
		
		if(local_keylist->nodeAIK[0]==0)
			key_state=AIK_REQUEST;
		else if(pub_keylist->nodeAIKSda[0]==0)
			key_state=AIK_GENERATE;
		else if(local_keylist->nodeBindKey[0]==0)
			key_state=AIK_VERIFY;
		else if(pub_keylist->nodeBindKeyVal[0]==0)
			key_state=BINDKEY_GENERATE;
		else if(local_keylist->nodeSignKey[0]==0)
			key_state=BINDKEY_VERIFY;
		else if(pub_keylist->nodeSignKeyVal[0]==0)
			key_state=SIGNKEY_GENERATE;
		else
		{
			key_state=SIGNKEY_VERIFY;
			return 0; 
		}
			
	}

	for(i=0;i<30*1000;i++)
	{

		usleep(time_val.tv_usec);
		switch(key_state){
			case NO_AIKEY:

				key_req=malloc(sizeof(struct key_request_cmd));
				if(key_req==NULL)
					return -EINVAL;		
				memcpy(key_req->machine_uuid,local_uuid,DIGEST_SIZE*2);
				memcpy(key_req->proc_name,"local",5);
				key_req->keyusage=TPM_KEY_IDENTITY;
				key_req->keyflags=0;
				count=0;
				key_state=AIK_REQUEST;
				sendmsg=message_create("KREC",NULL);
				if(sendmsg==NULL)
					return -EINVAL;
				message_add_record(sendmsg,key_req);
				sec_subject_sendmsg(sub_proc,sendmsg);	
				break;
			case AIK_REQUEST:
				fd=open("pubkey/AIK.pem",O_RDONLY);
				if(fd>0)
				{
					close(fd);
					key_state=AIK_GENERATE;
					count=0;
					fd=open("privkey/AIK.key",O_RDONLY);
					if(fd<0)
						return -EINVAL;
					close(fd);
					ret=calculate_sm3("privkey/AIK.key",digest);
					if(ret<0)
						return ret;
					digest_to_uuid(digest,local_keylist->nodeAIK);
					ret=calculate_sm3("pubkey/AIK.pem",digest);
					if(ret<0)
						return ret;
					digest_to_uuid(digest,pub_keylist->nodeAIK);
					
				}
				else
				{
					close(fd);
					count++;
					if(count>1000)
					{
						printf("do not get AIK");
						key_state=NO_AIKEY;
						remove("privkey/AIK.key");
						remove("pubkey/AIK.pem");
					}	
				}
				break;

			case AIK_GENERATE:

				fd=open("cert/AIK.sda",O_RDONLY);
				if(fd<0)
				{
					count++;
					if(count>1000)
					{
						remove("cert/AIK.sda");
						remove("pubkey/AIK.pem");
						remove("privkey/AIK.key");
						key_state=NO_AIKEY;
					}
					break;
				}
				else
				{
					close(fd);
					ret=aik_verify(local_keylist->username);
					if(ret<0)
					{
						remove("cert/AIK.sda");
						remove("pubkey/AIK.pem");
						remove("privkey/AIK.key");
						key_state=NO_AIKEY;
						break;
					}
					memcpy(pub_keylist->username,local_keylist->username,DIGEST_SIZE);
					ret=trustfile_to_uuidname("privkey/AIK.key",local_keylist->nodeAIK);
					if(ret<0)
						return ret;
					ret=trustfile_to_uuidname("pubkey/AIK.pem",pub_keylist->nodeAIK);
					if(ret<0)
						return ret;
					ret=trustfile_to_uuidname("cert/AIK.sda",pub_keylist->nodeAIKSda);
					if(ret<0)
					{
						return ret;
					}
					memcpy(local_keylist->nodeAIKSda,pub_keylist->nodeAIKSda,DIGEST_SIZE*2);
					
					ret=DelPolicy(local_keylist,"LKLD");	
					ret=AddPolicy(local_keylist,"LKLD");
					ret=ExportPolicy("LKLD");

					ret=DelPolicy(pub_keylist,"NKLD");	
					ret=AddPolicy(pub_keylist,"NKLD");
					ret=ExportPolicy("NKLD");
					remove("cert/bindkey.val");
					remove("pubkey/bindpubkey.pem");
					count=0;
					
					key_state=AIK_VERIFY;
					
				}
				break;

			case AIK_VERIFY:
				fd=open("pubkey/bindpubkey.pem",O_RDONLY);
				if(fd>0)
					key_state=BINDKEY_GENERATE;
				else
				{
					close(fd);
					ret=bind_key_generate(local_keylist->nodeAIK);
					if(ret<0)
						return ret;
				}
				break;
			case BINDKEY_GENERATE:
				fd=open("cert/bindkey.val",O_RDONLY);
				if(fd<0)
				{
					count++;
					if(count>5000)
					{
						printf("do not get Bind key valdata");
						key_state=AIK_GENERATE;
					}	
					break;
				}
				else
				{
					close(fd);
					ret=trustfile_to_uuidname("cert/bindkey.val",pub_keylist->nodeBindKeyVal);
					if(ret<0)
						return ret;
					ret=trustfile_to_uuidname("privkey/bindkey.key",local_keylist->nodeBindKey);
					if(ret<0)
						return ret;
					ret=trustfile_to_uuidname("pubkey/bindpubkey.pem",pub_keylist->nodeBindKey);
					if(ret<0)
					{
						remove("pubkey/bindpubkey.pem");
						return ret;
					}

					if(bindkey_verify(pub_keylist->nodeAIK,pub_keylist->nodeBindKeyVal,pub_keylist->nodeBindKey)!=0)
					{
						printf("bindkey verify failed!\n");
						return -EINVAL;
					}
					else
					{

						ret=DelPolicy(local_keylist,"LKLD");	
						ret=AddPolicy(local_keylist,"LKLD");
						ret=ExportPolicy("LKLD");

						ret=DelPolicy(pub_keylist,"NKLD");	
						ret=AddPolicy(pub_keylist,"NKLD");
						ret=ExportPolicy("NKLD");
					}
					
					key_state=BINDKEY_VERIFY;
				}

				break;
			
			case BINDKEY_VERIFY:
//				ret=bind_pubkey_memdb_init();
//				if(ret<0)
//				{
//					printf("load bindpubkey error %d!\n",ret);
//				}
				
				return 0;

			default:
				return -EINVAL;	
		
		}
	}
	return 0;

}
示例#13
0
int main()
{
	char                    *function = "Tspi_TESI_Init";
/*	
        TSS_RESULT              result;
        TSS_HKEY                hCAKey;
        TSS_HKEY                hSignKey;
        TSS_HKEY                hReloadKey;
        TSS_HKEY                hReloadPubKey;
	*/
	int retval;
/*
        result=TESI_Local_Reload();

        if ( result != TSS_SUCCESS )
        {
                if( !(checkNonAPI(result)) )
                {
                        print_error( function, result );
                }
                else
                {
                        print_error_nonapi( function, result );
                }
        }
        else
        {
                print_success( function, result );
        }
        result=TESI_Local_GetPubKeyFromCA(&hCAKey,"CA");
        result=TESI_Local_CreateSignKey(&hSignKey,(TSS_HKEY)NULL,"sss","kkk");
        if(result == TSS_SUCCESS)
                printf("Create SignKey SUCCEED!\n");

        TESI_Local_WriteKeyBlob(hSignKey,"testsignkey");
        TESI_Local_WritePubKey(hSignKey,"testsignkey");	
	*/
	static struct vTPM_wrappedkey wrap_key;
//	wrap_key=malloc(sizeof(struct vTPM_wrappedkey));
	strcpy(wrap_key.uuid,"7a867c66eeab4287f221bc8a1477a1015e149695");
	strcpy(wrap_key.vtpm_uuid,"a02c5416-37cb-4266-9e17-2e45a3db6e79");
	
	wrap_key.issrkwrapped=1;
	wrap_key.key_type=1;//hSignKey   --ask if it needs which number corresbonds the key
	wrap_key.key_alg=1;//algorithm
	wrap_key.key_size=1024;
	strcpy(wrap_key.key_binding_policy_uuid,"fcbb2ddddd918fd0e0b9c5bc34263a0a070179392");
	strcpy(wrap_key.wrapkey_uuid,"048b0ae0a32529ad0b69c539d4cb6282d3d4f86a3");
	wrap_key.keypass=(char *)malloc(sizeof(char)*4);
	strcpy(wrap_key.keypass,"kkk");
	wrap_key.key_filename=(char *)malloc(sizeof(char)*16);
	strcpy(wrap_key.key_filename,"testsignkey.key");


	printf("test 1!\n");
	int k;

	void *policy;
	int i;
	logic_baselib_init();

        register_record_type("BLBK",wrappedkey_desc);
        register_policy_lib("BLBK",&wrappedkey_lib_ops);

	
	retval=LoadPolicyFromFile("wrap_key.lib","BLBK");
	printf("test load!\n");
	k=AddPolicy(wrap_key,"BLBK");
	printf("test add %x!\n",&wrap_key);
	policy=GetFirstPolicy("BLBK");
	printf("test getfirst outside addr %x!\n",policy);
        i=0;
        while(policy!=NULL)
        {
		printf("test output addr %x!\n",policy);
                OutPutPolicy(policy,"BLBK");
                printf("\n");
                policy=GetNextPolicy("BLBK");
                i++;
        }       
        
	//char *buff;
	//buff=(char *)malloc(sizeof(wrap_key));
	//memcpy(buff,&wrap_key,sizeof(wrap_key));
	//printf("%s",buff);
	//void *policy;
	//policy=BuildPolicy(buff,"BLBK");
	//AddPolicy(policy,"BLBK");
	
	
//	struct struct_elem_attr * test_desc;
//	void * struct_template;
//	POLICY_PROTOCOL  Protocol;

//	char * string;
//	int bloboffset;
//	int stroffset;
/*	int i;
	int retval;
	char * policy_package;


//	void * obj_policy_lib;
	void * policy;
	logic_baselib_init();

	register_policy_lib("BLBK",wrappedkey_desc,&wrappedkey_lib_ops);
	retval=LoadTxtPolicyFile("blbklist.txt","BLBK",&policy_package);
	retval=LoadPolicyData(policy_package);
	free(policy_package);

	policy=GetFirstPolicy("BLBK");
	i=0;
	while(policy!=NULL)
	{
		OutPutPolicy(policy,"BLBK");
		printf("\n");
		policy=GetNextPolicy("BLBK");
		i++;
	}	
	
	ExportPolicyToFile("wrappedkey.lib","BLBK");
*/
   //   ExportPolicyToFile("wrap_key.lib","BLBK");
	return 0;
}