void V::main(int argc, char** argv) {
int ch;
bool interactive = true;
VFrame_ frame = new (collect) VFrame();
while((ch = getopt(argc, argv, "vhl:")) != -1) {
switch(ch) {
case 'v':
version();
case 'h':
usage();
case 'l':
_libpath = optarg;
break;
}
}
argc -= optind;
argv += optind;
interactive = !argc;
for(int j=0; j<argc; ++j)
frame->stack()->push(new (collect) Term(TString, dup_str(argv[j])));
// setup the world quote
Prologue::init(frame);
// do we have any args?
CharStream_ cs = 0;
if (!interactive) {
cs = new (collect) FileCharStream(dup_str(argv[0]));
} else {
banner();
cs = new (collect) ConsoleCharStream();
}
PQuote_ program = new (collect) PQuote(new (collect) LexStream(cs), interactive);
program->eval(frame->child());
}
void * build_filelist_policy(char * mountpoint,char ** filelist,
int pcr_index,char * describe_info)
{
struct tcm_pcr_set * pcrs;
char namebuf[512];
char digest[DIGEST_SIZE];
int ret;
int i;
pcrs=build_empty_pcr_set();
if(pcrs==NULL)
return NULL;
if((pcr_index<0) || (pcr_index>24))
return NULL;
for(i=0;filelist[i]!=NULL;i++)
{
if(mountpoint!=NULL)
{
sprintf(namebuf,"%s/%s",mountpoint,filelist[i]);
ret=calculate_sm3(namebuf,digest);
}
else
{
ret=calculate_sm3(filelist[i],digest);
}
if(ret<0)
return NULL;
usleep(10);
add_pcr_to_set(pcrs,pcr_index,digest);
}
pcrs->policy_describe=dup_str(describe_info,0);
return pcrs;
}
static int
time_it(cfuhash_function_t hf, double *elapsed_time, u_int32_t num_tests) {
cfuhash_table_t *hash = cfuhash_new_with_initial_size(30);
u_int32_t flags = 0;
char key[32];
char value[32];
size_t i;
size_t used;
size_t num_buckets;
size_t num_entries;
cfutime_t *time = cfutime_new();
/* freeze the hash so that it won't shrink while we put in all the data */
flags = cfuhash_set_flag(hash, CFUHASH_FROZEN_UNTIL_GROWS);
cfuhash_set_hash_function(hash, hf);
cfutime_begin(time);
for (i = 0; i < num_tests; i++) {
sprintf(key, "%u", 15000000 - i);
sprintf(value, "value%d", i);
cfuhash_put(hash, key, dup_str(value));
}
cfutime_end(time);
*elapsed_time = cfutime_elapsed(time);
used = cfuhash_num_buckets_used(hash);
num_buckets = cfuhash_num_buckets(hash);
num_entries = cfuhash_num_entries(hash);
printf("%d entries, %d/%d buckets (%.2f%%), %.2f%% threshold check\n", num_entries, used, num_buckets, 100.0 * (float)used/(float)num_buckets, 100.0 * (float)num_entries/(float)num_buckets);
cfuhash_destroy_with_free_fn(hash, free_data);
return 0;
}
static void ascii(char key)
{
t_line *l;
if (data()->cur == NONE)
data()->current = init_line(key);
else if (data()->cur == CURRENT)
{
l = data()->current;
if (l == NULL)
l = init_line(key);
else
l->tmp = add_char(key, l->tmp, l->edit);
set_edit(l);
data()->current = l;
}
else
{
l = data()->history;
while (l->id != data()->cur)
l = l->next;
if (l->tmp == NULL && l->edit)
l->tmp = dup_str(l->line);
l->tmp = add_char(key, l->tmp, l->edit);
set_edit(l);
}
}
int create_vtpm_struct(struct vTPM_info * vtpm,struct vm_info * vm, char * ownerpass,char * srkpass,
char * signkey_uuid,char * pubkey_uuid)
{
memset(vtpm,0,sizeof(struct vTPM_info));
memcpy(vtpm->uuid,vm->uuid,DIGEST_SIZE*2);
vtpm->ownername=dup_str(vm->owner,0);
vtpm->tpm_type=VIRTUAL_TPM;
vtpm->ownerpass=dup_str(ownerpass,0);
vtpm->srkpass=dup_str(srkpass,0);
vtpm->wrappedkeynum=1;
vtpm->pubkeynum=1;
vtpm->wrapkey_uuid=kmalloc(sizeof(char *)*vtpm->wrappedkeynum,GFP_KERNEL);
vtpm->wrapkey_uuid[0]=dup_str(signkey_uuid,DIGEST_SIZE*2);
vtpm->pubkey_uuid=malloc(sizeof(char *)*vtpm->pubkeynum);
vtpm->pubkey_uuid[0]=dup_str(pubkey_uuid,DIGEST_SIZE*2);
return 0;
}
char* Sym::lookup(char* key) {
SymbolTable::iterator i = __symbols.find(key);
if (i != __symbols.end()) {
return i->second;
} else {
char* w = dup_str(key);
__symbols[w] = w;
return w;
}
}
int main(void)
{
const char * config_filename= "./router_policy.cfg";
int i,recordnum;
int ret;
void * record;
void * message;
void * recv_message;
void * msg_head;
int retval;
struct connect_login * login_info;
logic_baselib_init();
register_record_type("LOGC",&connect_login_desc,NULL);
message=message_create("LOGC",NULL);
for(i=0;i<3;i++)
{
login_info=malloc(sizeof(struct connect_login));
login_info->user=dup_str(name[i],0);
login_info->passwd=dup_str(passwd[i],0);
memset(login_info->nonce,'0',DIGEST_SIZE);
message_add_record(message,login_info);
}
router_policy_init();
ret=router_read_cfg(config_filename);
if(ret<0)
return -EINVAL;
void * msg_policy;
ret=router_policy_getfirst(&msg_policy);
if(ret<0)
{
printf("get msg policy failed!\n");
return -EINVAL;
}
printf("get msg policy succeed!\n");
ret=router_policy_match_message(msg_policy,message,NULL);
return 0;
}
int build_empty_physical_tpm(struct vTPM_info * local_tpm,char * local_uuid,char * ownername)
{
int copylen;
memset(local_tpm,0,sizeof(struct vTPM_info));
copylen=strlen(local_uuid)+1;
if(copylen>DIGEST_SIZE*2)
copylen=DIGEST_SIZE*2;
strncpy(local_tpm->uuid,local_uuid,copylen);
local_tpm->ownername=dup_str(ownername,0);
local_tpm->tpm_type=PHYSICAL_TPM;
return 0;
}
int create_physical_tpm_struct(struct vTPM_info * local_tpm,char * local_uuid,char * ownername,char * ownerpass,char * srkpass,
char * signkey_uuid,char * pubkey_uuid)
{
memset(local_tpm,0,sizeof(struct vTPM_info));
memcpy(local_tpm->uuid,local_uuid,strlen(local_uuid));
local_tpm->ownername=dup_str(ownername,0);
local_tpm->tpm_type=PHYSICAL_TPM;
local_tpm->ownerpass=dup_str(ownerpass,0);
local_tpm->srkpass=dup_str(srkpass,0);
if(signkey_uuid != NULL)
{
local_tpm->wrappedkeynum=1;
local_tpm->wrapkey_uuid=kmalloc(sizeof(char *)*local_tpm->wrappedkeynum,GFP_KERNEL);
local_tpm->wrapkey_uuid[0]=dup_str(signkey_uuid,DIGEST_SIZE*2);
}
if(pubkey_uuid !=NULL)
{
local_tpm->pubkeynum=1;
local_tpm->pubkey_uuid=malloc(sizeof(char *)*local_tpm->pubkeynum);
local_tpm->pubkey_uuid[0]=dup_str(pubkey_uuid,DIGEST_SIZE*2);
}
return 0;
}
int add_wrapkey_to_tpm(struct vTPM_info * tpm, char * key_uuid)
{
BYTE * buffer;
if((tpm==NULL)||IS_ERR(tpm))
return -EINVAL;
if((key_uuid==NULL)||IS_ERR(key_uuid))
return -EINVAL;
tpm->wrappedkeynum++;
if(tpm->wrappedkeynum==1)
{
tpm->wrapkey_uuid=kmalloc(sizeof(char *)*tpm->wrappedkeynum,GFP_KERNEL);
tpm->wrapkey_uuid[0]=dup_str(key_uuid,DIGEST_SIZE*2);
}
else
{
buffer=kmalloc(sizeof(char *)*tpm->wrappedkeynum,GFP_KERNEL);
memcpy(buffer,tpm->wrapkey_uuid,sizeof(char *)*(tpm->wrappedkeynum-1));
kfree(tpm->wrapkey_uuid);
tpm->wrapkey_uuid=buffer;
tpm->wrapkey_uuid[tpm->wrappedkeynum-1]=dup_str(key_uuid,DIGEST_SIZE*2);
}
return 0;
}
static void
xprint_parsetree(D_ParserTables pt, D_ParseNode *pn, int depth, print_node_fn_t fn, void *client_data) {
int nch = d_get_number_of_children(pn), i;
char *name = pt.symbols[pn->symbol].name;
// int len = pn->end_skip - pn->start_loc.s;
// char *value = malloc(len+2);
// memcpy(value, pn->start_loc.s, len);
// value[len] = 0;
char *value = dup_str(pn->start_loc.s, pn->end);
fn(depth, name, value, client_data);
free(value);
depth++;
if (nch != 0) {
for (i = 0; i < nch; i++) {
D_ParseNode *xpn = d_get_child(pn,i);
xprint_parsetree(pt, xpn, depth, fn, client_data);
}
}
}
void Lexer::string() {
char start = _stream->current();
// look for unescaped end same as start.
char c;
while (true) {
c = _stream->read();
if (c == '\\') { // escaped.
// read next char and continue.
_word[_wi++] = charconv(_stream->read());
continue;
} else if (c == 0)
break;
if (start == c)
break;
_word[_wi++] = c;
}
_word[_wi++] = '\0';
add(new (collect) Term(TString, dup_str(_word)));
_wi = 0;
}
void * build_MBR_pcrpolicy(char *dev,char * describe_info)
{
struct tcm_pcr_set * pcrs;
char namebuf[512];
char cmd[512];
char digest[DIGEST_SIZE];
int ret;
int i;
pcrs=build_empty_pcr_set();
if(pcrs==NULL)
return NULL;
// sprintf(cmd,"dd if=%s of=temp.txt count=61 bs=512 skip=3",dev);
sprintf(cmd,"dd if=%s of=temp.txt count=64 bs=512",dev);
system(cmd);
calculate_sm3("temp.txt",digest);
system("rm temp.txt");
add_pcr_to_set(pcrs,MBR_PCR_INDEX,digest);
sprintf(namebuf,"%s : MBR digest",describe_info);
pcrs->policy_describe=dup_str(namebuf,0);
return pcrs;
}
int build_entity_policy(char * uuid,void * platform_pcrs,void * boot_pcrs,void * runtime_pcrs,char * policy_describe, void ** entity_policy)
{
struct tcm_pcr_set * pcrs;
struct vm_policy * policy;
policy=malloc(sizeof(struct vm_policy));
if(policy==NULL)
return -ENOMEM;
memset(policy,0,sizeof(struct vm_policy));
strncpy(policy->uuid,uuid,DIGEST_SIZE*2);
*entity_policy=NULL;
int i;
for(i=0;i<3;i++)
{
switch(i){
case 0:
pcrs=platform_pcrs;
if(pcrs!=NULL)
strncpy(policy->platform_pcr_uuid,pcrs->uuid,DIGEST_SIZE*2);
break;
case 1:
pcrs=boot_pcrs;
if(pcrs!=NULL)
strncpy(policy->boot_pcr_uuid,pcrs->uuid,DIGEST_SIZE*2);
break;
case 2:
pcrs=runtime_pcrs;
if(pcrs!=NULL)
strncpy(policy->runtime_pcr_uuid,pcrs->uuid,DIGEST_SIZE*2);
break;
default:
break;
}
}
policy->policy_describe=dup_str(policy_describe,0);
*entity_policy=policy;
return 0;
}
char *makeuuid(void) {
char uuid[UUID_LEN] = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", *p=uuid;
short r;
srand((unsigned)time(NULL));
while (*p) {
r = rand()%16|0;
switch (*p) {
case 'x':
*p = hexDigit(r);
break;
case 'y':
*p = hexDigit((r &0x3) |0x8);
break;
}
p++;
}
return dup_str(uuid);
}
int main(int argc,char **argv)
{
struct tcloud_connector_hub * hub;
struct tcloud_connector * temp_conn;
int ret;
int retval;
void * message_box;
int i,j;
int argv_offset;
char namebuffer[DIGEST_SIZE*4];
char * sys_plugin;
char * app_plugin;
char * base_define;
char * cube_output;
char json_buffer[4096];
char print_buffer[4096];
int readlen;
int json_offset;
void * memdb_template ;
BYTE uuid[DIGEST_SIZE];
void * main_proc; // point to the main proc's subject struct
void * conn_proc; // point to the conn proc's subject struct
void * router_proc; // point to the conn proc's subject struct
char local_uuid[DIGEST_SIZE*2];
FILE * fp;
char audit_text[4096];
char buffer[4096];
void * root_node;
void * temp_node;
PROC_INIT plugin_proc;
char * baseconfig[] =
{
"namelist.json",
"dispatchnamelist.json",
"typelist.json",
"subtypelist.json",
"baseflag.json",
"memdb.json",
"msghead.json",
"msgrecord.json",
"expandrecord.json",
"base_msg.json",
"dispatchrecord.json",
"exmoduledefine.json",
"sys_conn.json",
NULL
};
struct start_para start_para;
start_para.argc=argc;
start_para.argv=argv;
int fd =open(msgaudit_file,O_CREAT|O_RDWR|O_TRUNC,0666);
close(fd);
audit_file_init();
sys_plugin=getenv("CUBE_SYS_PLUGIN");
// alloc_init(alloc_buffer);
struct_deal_init();
memdb_init();
base_define=getenv("CUBE_BASE_DEFINE");
for(i=0;baseconfig[i]!=NULL;i++)
{
Strcpy(namebuffer,base_define);
Strcat(namebuffer,"/");
Strcat(namebuffer,baseconfig[i]);
ret=read_json_file(namebuffer);
if(ret<0)
return ret;
print_cubeaudit("read %d elem from file %s!\n",ret,namebuffer);
}
msgfunc_init();
dispatch_init();
channel_init();
ex_module_list_init();
// init system
system("mkdir lib");
// init the main proc struct
struct lib_para_struct * lib_para=NULL;
fd=open(sys_config_file,O_RDONLY);
if(fd>0)
{
ret=read_json_node(fd,&root_node);
if(ret<0)
return ret;
close(fd);
ret=read_sys_cfg(&lib_para,root_node,NULL);
if(ret<0)
return ret;
}
fd=open(main_config_file,O_RDONLY);
if(fd<0)
return -EINVAL;
ret=read_json_node(fd,&root_node);
if(ret<0)
return ret;
close(fd);
ret=read_main_cfg(lib_para,root_node);
if(ret<0)
return ret;
ret=get_local_uuid(local_uuid);
digest_to_uuid(local_uuid,buffer);
buffer[64]=0;
print_cubeaudit("this machine's local uuid is %s\n",buffer);
proc_share_data_setvalue("uuid",local_uuid);
// init all the proc database
usleep(time_val.tv_usec);
// init the connect proc
Strcpy(namebuffer,sys_plugin);
Strcat(namebuffer,"/");
Strcat(namebuffer,connector_plugin_file);
plugin_proc.init =main_read_func(namebuffer,"proc_conn_init");
if(plugin_proc.init==NULL)
return -EINVAL;
plugin_proc.start =main_read_func(namebuffer,"proc_conn_start");
if(plugin_proc.start==NULL)
return -EINVAL;
plugin_proc.name=dup_str("connector_proc",0);
plugin_proc.type=MOD_TYPE_CONN;
ret=ex_module_create("connector_proc",MOD_TYPE_CONN,NULL,&conn_proc);
if(ret<0)
return ret;
ex_module_setinitfunc(conn_proc,plugin_proc.init);
ex_module_setstartfunc(conn_proc,plugin_proc.start);
ex_module_init(conn_proc,connector_config_file);
add_ex_module(conn_proc);
// init the router proc
Strcpy(namebuffer,sys_plugin);
Strcat(namebuffer,"/");
Strcat(namebuffer,router_plugin_file);
plugin_proc.init =main_read_func(namebuffer,"proc_router_init");
if(plugin_proc.init==NULL)
return -EINVAL;
plugin_proc.start =main_read_func(namebuffer,"proc_router_start");
if(plugin_proc.start==NULL)
return -EINVAL;
plugin_proc.name=dup_str("router_proc",0);
plugin_proc.type=MOD_TYPE_ROUTER;
ret=ex_module_create("router_proc",MOD_TYPE_MONITOR,NULL,&router_proc);
if(ret<0)
return ret;
ex_module_setinitfunc(router_proc,plugin_proc.init);
ex_module_setstartfunc(router_proc,plugin_proc.start);
struct router_init_para
{
char * router_file;
char * aspect_file;
} router_init;
router_init.router_file=router_config_file;
router_init.aspect_file=aspect_config_file;
ex_module_init(router_proc,&router_init);
print_cubeaudit("prepare the router proc\n");
ret=add_ex_module(router_proc);
if(ret<0)
return ret;
// loop to init all the plugin's
void * ex_module;
fd=open(plugin_config_file,O_RDONLY);
if(fd>0)
{
while(read_json_node(fd,&root_node)>0)
{
ret=read_plugin_cfg(&ex_module,root_node);
if(ret>=0)
add_ex_module(ex_module);
}
}
/*
}
*/
usleep(time_val.tv_usec);
print_cubeaudit("prepare the conn proc\n");
ret=ex_module_start(conn_proc,NULL);
if(ret<0)
return ret;
// second loop: start all the monitor process
ret=get_first_ex_module(&ex_module);
if(ret<0)
return ret;
int active_module_no=0;
while(ex_module!=NULL)
{
if((ex_module_gettype(ex_module) == MOD_TYPE_MONITOR)
||(ex_module_gettype(ex_module) == MOD_TYPE_PORT))
{
ret=ex_module_start(ex_module,NULL);
if(ret<0)
return ret;
print_cubeaudit("monitor ex_modulec %s started successfully!\n",ex_module_getname(ex_module));
}
else if(ex_module_gettype(ex_module) == MOD_TYPE_START)
{
ret=ex_module_start(ex_module,&start_para);
if(ret<0)
return ret;
print_cubeaudit("start ex_module %s started successfully!\n",ex_module_getname(ex_module));
}
ret= get_next_ex_module(&ex_module);
active_module_no++;
if(ret<0)
return ret;
}
if(active_module_no==0)
return 0;
proc_share_data_setstate(PROC_LOCAL_START);
// third loop: test if any module exit
int * thread_retval;
thread_retval=malloc(sizeof(int)*active_module_no);
if(thread_retval==NULL)
return NULL;
/*
i=0;
while(1)
{
usleep(time_val.tv_usec);
ret=get_first_ex_module(&ex_module);
if(ret<0)
return ret;
while(ex_module!=NULL)
{
if(ex_module_tryjoin(ex_module,&thread_retval[i++])==0)
{
print_cubeaudit("monitor ex_modulec %s exited successfully!\n",ex_module_getname(ex_module));
return thread_retval[i-1];
}
ret= get_next_ex_module(&ex_module);
}
i=0;
}
*/
// third loop: join all the non_system module
ret=get_first_ex_module(&ex_module);
if(ret<0)
return ret;
i=0;
while(ex_module!=NULL)
{
if((ex_module_gettype(ex_module) == MOD_TYPE_MONITOR)
||(ex_module_gettype(ex_module) == MOD_TYPE_PORT)
||(ex_module_gettype(ex_module) == MOD_TYPE_START))
{
if(Strcmp(ex_module_getname(ex_module),"router_proc")!=0)
{
ret=ex_module_join(ex_module,&thread_retval[i++]);
if(ret<0)
{
print_cubeerr("%s module exit!\n",ex_module_getname(ex_module));
return ret;
}
print_cubeaudit("%s module exit!\n",ex_module_getname(ex_module));
}
}
ret= get_next_ex_module(&ex_module);
if(ret<0)
return ret;
}
printf("thread return value %d!\n",thread_retval[0]);
return ret;
}
int proc_key_check(void * sub_proc,void * recv_msg)
{
int ret=0;
int i=0;
struct trust_demo_keyinfo * keyinfo;
struct trust_demo_keyinfo * comp_keyinfo;
struct vTPM_wrappedkey * key_struct;
void * send_msg;
BYTE uuid[DIGEST_SIZE];
DB_RECORD * keyinfo_record;
DB_RECORD * key_record;
// build a slot_port
void * slot_port=ex_module_findport(sub_proc,"key_request");
if(slot_port==NULL)
return -EINVAL;
ret=message_get_uuid(recv_msg,uuid);
if(ret<0)
return ret;
// build a sock
void * sock=slot_create_sock(slot_port,uuid);
// get message
ret=message_get_record(recv_msg,&keyinfo,0);
if(keyinfo!=NULL)
{
keyinfo_record=find_key_info(keyinfo);
if(keyinfo_record!=NULL)
{
comp_keyinfo=keyinfo_record->record;
key_record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",comp_keyinfo->uuid);
if(key_record!=NULL)
key_struct=key_record->record;
ret=slot_sock_addrecorddata(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,comp_keyinfo);
if(ret<0)
return ret;
ex_module_addsock(sub_proc,sock);
}
else
{
// build a slot sock to store the (DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO) keyinfo record and wait for the
// (DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY) message
// build (DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY) message and send it
key_struct=Talloc0(sizeof(*key_struct));
if(key_struct==NULL)
return -ENOMEM;
Memcpy(key_struct->vtpm_uuid,keyinfo->vtpm_uuid,DIGEST_SIZE);
key_struct->key_type=keyinfo->key_type;
key_struct->key_size=1024;
key_struct->keypass=dup_str(keyinfo->passwd,DIGEST_SIZE);
ret=slot_sock_addrecorddata(sock,DTYPE_TRUST_DEMO,SUBTYPE_KEY_INFO,keyinfo);
if(ret<0)
return ret;
ex_module_addsock(sub_proc,sock);
}
send_msg=message_create(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,key_struct);
ex_module_sendmsg(sub_proc,send_msg);
}
return ret;
}
static HANDSHAKE_RESULT *do_handshake_internal(
SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
const SSL_TEST_CTX *test_ctx, SSL_SESSION *session_in,
SSL_SESSION **session_out)
{
SSL *server, *client;
BIO *client_to_server, *server_to_client;
HANDSHAKE_EX_DATA server_ex_data, client_ex_data;
CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data;
HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new();
int client_turn = 1, shutdown = 0;
peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY;
handshake_status_t status = HANDSHAKE_RETRY;
unsigned char* tick = NULL;
size_t tick_len = 0;
SSL_SESSION* sess = NULL;
const unsigned char *proto = NULL;
/* API dictates unsigned int rather than size_t. */
unsigned int proto_len = 0;
memset(&server_ctx_data, 0, sizeof(server_ctx_data));
memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
memset(&client_ctx_data, 0, sizeof(client_ctx_data));
configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx,
&server_ctx_data, &server2_ctx_data, &client_ctx_data);
server = SSL_new(server_ctx);
client = SSL_new(client_ctx);
OPENSSL_assert(server != NULL && client != NULL);
configure_handshake_ssl(server, client, test_ctx);
if (session_in != NULL) {
/* In case we're testing resumption without tickets. */
OPENSSL_assert(SSL_CTX_add_session(server_ctx, session_in));
OPENSSL_assert(SSL_set_session(client, session_in));
}
memset(&server_ex_data, 0, sizeof(server_ex_data));
memset(&client_ex_data, 0, sizeof(client_ex_data));
ret->result = SSL_TEST_INTERNAL_ERROR;
client_to_server = BIO_new(BIO_s_mem());
server_to_client = BIO_new(BIO_s_mem());
OPENSSL_assert(client_to_server != NULL && server_to_client != NULL);
/* Non-blocking bio. */
BIO_set_nbio(client_to_server, 1);
BIO_set_nbio(server_to_client, 1);
SSL_set_connect_state(client);
SSL_set_accept_state(server);
/* The bios are now owned by the SSL object. */
SSL_set_bio(client, server_to_client, client_to_server);
OPENSSL_assert(BIO_up_ref(server_to_client) > 0);
OPENSSL_assert(BIO_up_ref(client_to_server) > 0);
SSL_set_bio(server, client_to_server, server_to_client);
ex_data_idx = SSL_get_ex_new_index(0, "ex data", NULL, NULL, NULL);
OPENSSL_assert(ex_data_idx >= 0);
OPENSSL_assert(SSL_set_ex_data(server, ex_data_idx,
&server_ex_data) == 1);
OPENSSL_assert(SSL_set_ex_data(client, ex_data_idx,
&client_ex_data) == 1);
SSL_set_info_callback(server, &info_cb);
SSL_set_info_callback(client, &info_cb);
/*
* Half-duplex handshake loop.
* Client and server speak to each other synchronously in the same process.
* We use non-blocking BIOs, so whenever one peer blocks for read, it
* returns PEER_RETRY to indicate that it's the other peer's turn to write.
* The handshake succeeds once both peers have succeeded. If one peer
* errors out, we also let the other peer retry (and presumably fail).
*/
for(;;) {
if (client_turn) {
client_status = do_handshake_step(client, shutdown);
status = handshake_status(client_status, server_status,
1 /* client went last */);
} else {
server_status = do_handshake_step(server, shutdown);
status = handshake_status(server_status, client_status,
0 /* server went last */);
}
switch (status) {
case HANDSHAKE_SUCCESS:
if (shutdown) {
ret->result = SSL_TEST_SUCCESS;
goto err;
} else {
client_status = server_status = PEER_RETRY;
shutdown = 1;
client_turn = 1;
break;
}
case CLIENT_ERROR:
ret->result = SSL_TEST_CLIENT_FAIL;
goto err;
case SERVER_ERROR:
ret->result = SSL_TEST_SERVER_FAIL;
goto err;
case INTERNAL_ERROR:
ret->result = SSL_TEST_INTERNAL_ERROR;
goto err;
case HANDSHAKE_RETRY:
/* Continue. */
client_turn ^= 1;
break;
}
}
err:
ret->server_alert_sent = server_ex_data.alert_sent;
ret->server_alert_received = client_ex_data.alert_received;
ret->client_alert_sent = client_ex_data.alert_sent;
ret->client_alert_received = server_ex_data.alert_received;
ret->server_protocol = SSL_version(server);
ret->client_protocol = SSL_version(client);
ret->servername = server_ex_data.servername;
if ((sess = SSL_get0_session(client)) != NULL)
SSL_SESSION_get0_ticket(sess, &tick, &tick_len);
if (tick == NULL || tick_len == 0)
ret->session_ticket = SSL_TEST_SESSION_TICKET_NO;
else
ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
SSL_get0_next_proto_negotiated(client, &proto, &proto_len);
ret->client_npn_negotiated = dup_str(proto, proto_len);
SSL_get0_next_proto_negotiated(server, &proto, &proto_len);
ret->server_npn_negotiated = dup_str(proto, proto_len);
SSL_get0_alpn_selected(client, &proto, &proto_len);
ret->client_alpn_negotiated = dup_str(proto, proto_len);
SSL_get0_alpn_selected(server, &proto, &proto_len);
ret->server_alpn_negotiated = dup_str(proto, proto_len);
ret->client_resumed = SSL_session_reused(client);
ret->server_resumed = SSL_session_reused(server);
if (session_out != NULL)
*session_out = SSL_get1_session(client);
ctx_data_free_data(&server_ctx_data);
ctx_data_free_data(&server2_ctx_data);
ctx_data_free_data(&client_ctx_data);
SSL_free(server);
SSL_free(client);
return ret;
}
char *
tac_get_msg(struct tac_handle *h)
{
return dup_str(h, &h->srvr_msg, NULL);
}
void *
tac_get_data(struct tac_handle *h, size_t *len)
{
return dup_str(h, &h->srvr_data, len);
}
/*
* Note that |extra| points to the correct client/server configuration
* within |test_ctx|. When configuring the handshake, general mode settings
* are taken from |test_ctx|, and client/server-specific settings should be
* taken from |extra|.
*
* The configuration code should never reach into |test_ctx->extra| or
* |test_ctx->resume_extra| directly.
*
* (We could refactor test mode settings into a substructure. This would result
* in cleaner argument passing but would complicate the test configuration
* parsing.)
*/
static HANDSHAKE_RESULT *do_handshake_internal(
SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
const SSL_TEST_CTX *test_ctx, const SSL_TEST_EXTRA_CONF *extra,
SSL_SESSION *session_in, SSL_SESSION **session_out)
{
PEER server, client;
BIO *client_to_server, *server_to_client;
HANDSHAKE_EX_DATA server_ex_data, client_ex_data;
CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data;
HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new();
int client_turn = 1;
connect_phase_t phase = HANDSHAKE;
handshake_status_t status = HANDSHAKE_RETRY;
const unsigned char* tick = NULL;
size_t tick_len = 0;
SSL_SESSION* sess = NULL;
const unsigned char *proto = NULL;
/* API dictates unsigned int rather than size_t. */
unsigned int proto_len = 0;
memset(&server_ctx_data, 0, sizeof(server_ctx_data));
memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
memset(&client_ctx_data, 0, sizeof(client_ctx_data));
memset(&server, 0, sizeof(server));
memset(&client, 0, sizeof(client));
configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx, extra,
&server_ctx_data, &server2_ctx_data, &client_ctx_data);
/* Setup SSL and buffers; additional configuration happens below. */
create_peer(&server, server_ctx);
create_peer(&client, client_ctx);
server.bytes_to_write = client.bytes_to_read = test_ctx->app_data_size;
client.bytes_to_write = server.bytes_to_read = test_ctx->app_data_size;
configure_handshake_ssl(server.ssl, client.ssl, extra);
if (session_in != NULL) {
/* In case we're testing resumption without tickets. */
TEST_check(SSL_CTX_add_session(server_ctx, session_in));
TEST_check(SSL_set_session(client.ssl, session_in));
}
memset(&server_ex_data, 0, sizeof(server_ex_data));
memset(&client_ex_data, 0, sizeof(client_ex_data));
ret->result = SSL_TEST_INTERNAL_ERROR;
client_to_server = BIO_new(BIO_s_mem());
server_to_client = BIO_new(BIO_s_mem());
TEST_check(client_to_server != NULL);
TEST_check(server_to_client != NULL);
/* Non-blocking bio. */
BIO_set_nbio(client_to_server, 1);
BIO_set_nbio(server_to_client, 1);
SSL_set_connect_state(client.ssl);
SSL_set_accept_state(server.ssl);
/* The bios are now owned by the SSL object. */
SSL_set_bio(client.ssl, server_to_client, client_to_server);
TEST_check(BIO_up_ref(server_to_client) > 0);
TEST_check(BIO_up_ref(client_to_server) > 0);
SSL_set_bio(server.ssl, client_to_server, server_to_client);
ex_data_idx = SSL_get_ex_new_index(0, "ex data", NULL, NULL, NULL);
TEST_check(ex_data_idx >= 0);
TEST_check(SSL_set_ex_data(server.ssl, ex_data_idx, &server_ex_data) == 1);
TEST_check(SSL_set_ex_data(client.ssl, ex_data_idx, &client_ex_data) == 1);
SSL_set_info_callback(server.ssl, &info_cb);
SSL_set_info_callback(client.ssl, &info_cb);
client.status = server.status = PEER_RETRY;
/*
* Half-duplex handshake loop.
* Client and server speak to each other synchronously in the same process.
* We use non-blocking BIOs, so whenever one peer blocks for read, it
* returns PEER_RETRY to indicate that it's the other peer's turn to write.
* The handshake succeeds once both peers have succeeded. If one peer
* errors out, we also let the other peer retry (and presumably fail).
*/
for(;;) {
if (client_turn) {
do_connect_step(&client, phase);
status = handshake_status(client.status, server.status,
1 /* client went last */);
} else {
do_connect_step(&server, phase);
status = handshake_status(server.status, client.status,
0 /* server went last */);
}
switch (status) {
case HANDSHAKE_SUCCESS:
phase = next_phase(phase);
if (phase == CONNECTION_DONE) {
ret->result = SSL_TEST_SUCCESS;
goto err;
} else {
client.status = server.status = PEER_RETRY;
/*
* For now, client starts each phase. Since each phase is
* started separately, we can later control this more
* precisely, for example, to test client-initiated and
* server-initiated shutdown.
*/
client_turn = 1;
break;
}
case CLIENT_ERROR:
ret->result = SSL_TEST_CLIENT_FAIL;
goto err;
case SERVER_ERROR:
ret->result = SSL_TEST_SERVER_FAIL;
goto err;
case INTERNAL_ERROR:
ret->result = SSL_TEST_INTERNAL_ERROR;
goto err;
case HANDSHAKE_RETRY:
/* Continue. */
client_turn ^= 1;
break;
}
}
err:
ret->server_alert_sent = server_ex_data.alert_sent;
ret->server_num_fatal_alerts_sent = server_ex_data.num_fatal_alerts_sent;
ret->server_alert_received = client_ex_data.alert_received;
ret->client_alert_sent = client_ex_data.alert_sent;
ret->client_num_fatal_alerts_sent = client_ex_data.num_fatal_alerts_sent;
ret->client_alert_received = server_ex_data.alert_received;
ret->server_protocol = SSL_version(server.ssl);
ret->client_protocol = SSL_version(client.ssl);
ret->servername = server_ex_data.servername;
if ((sess = SSL_get0_session(client.ssl)) != NULL)
SSL_SESSION_get0_ticket(sess, &tick, &tick_len);
if (tick == NULL || tick_len == 0)
ret->session_ticket = SSL_TEST_SESSION_TICKET_NO;
else
ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(client.ssl, &proto, &proto_len);
ret->client_npn_negotiated = dup_str(proto, proto_len);
SSL_get0_next_proto_negotiated(server.ssl, &proto, &proto_len);
ret->server_npn_negotiated = dup_str(proto, proto_len);
#endif
SSL_get0_alpn_selected(client.ssl, &proto, &proto_len);
ret->client_alpn_negotiated = dup_str(proto, proto_len);
SSL_get0_alpn_selected(server.ssl, &proto, &proto_len);
ret->server_alpn_negotiated = dup_str(proto, proto_len);
ret->client_resumed = SSL_session_reused(client.ssl);
ret->server_resumed = SSL_session_reused(server.ssl);
if (session_out != NULL)
*session_out = SSL_get1_session(client.ssl);
ctx_data_free_data(&server_ctx_data);
ctx_data_free_data(&server2_ctx_data);
ctx_data_free_data(&client_ctx_data);
peer_free_data(&server);
peer_free_data(&client);
return ret;
}
int json_port_init(void * sub_proc,void * para)
{
int ret;
struct json_server_context * sub_context;
struct message_box * msg_box;
struct message_box * new_msg;
struct tcloud_connector_hub * port_hub;
MESSAGE_HEAD * msg_head;
char local_uuid[DIGEST_SIZE*2+1];
char proc_name[DIGEST_SIZE*2+1];
ret=proc_share_data_getvalue("uuid",local_uuid);
if(ret<0)
return ret;
ret=proc_share_data_getvalue("proc_name",proc_name);
register_record_type("SYNI",connect_syn_desc);
// process init
sub_context=malloc(sizeof(struct json_server_context));
if(sub_context==NULL)
return -ENOMEM;
memset(sub_context,0,sizeof(struct json_server_context));
void * context;
ret=sec_subject_getcontext(sub_proc,&context);
if(ret<0)
return ret;
sec_object_setpointer(context,sub_context);
// parameter deal with
char * server_name="json_server";
char * server_uuid=local_uuid;
char * service=sec_subject_getname(sub_proc);
char * server_addr=local_jsonserver_addr;
char * nonce="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
struct connect_syn * syn_info;
syn_info=malloc(sizeof(struct connect_syn));
if(syn_info==NULL)
return -ENOMEM;
memset(syn_info,0,sizeof(struct connect_syn));
char buffer[1024];
memset(buffer,0,1024);
int stroffset=0;
msg_box=build_server_syn_message(service,local_uuid,proc_name);
stroffset=message_2_json(msg_box,buffer);
printf("json message size is %d\n",stroffset);
printf("json message:%s\n",buffer);
ret=json_2_message(buffer,&new_msg);
if(ret<0)
return -EINVAL;
sub_context->json_message=dup_str(buffer,0);
sub_context->message_len=strlen(buffer);
port_hub=get_connector_hub();
sub_context->json_port_hub=port_hub;
struct tcloud_connector * temp_conn;
temp_conn=get_connector(CONN_SERVER,AF_INET);
if((temp_conn ==NULL) || IS_ERR(temp_conn))
{
printf("get json server conn failed!\n");
return -EINVAL;
}
ret=temp_conn->conn_ops->init(temp_conn,server_name,server_addr);
if(ret<0)
{
printf("init conn json_server failed!\n");
return -EINVAL;
}
port_hub->hub_ops->add_connector(port_hub,temp_conn,NULL);
ret=temp_conn->conn_ops->listen(temp_conn);
if(ret<0)
return -EINVAL;
return 0;
}
int json_solve_str(void ** root, char *str)
{
JSON_NODE * root_node;
JSON_NODE * father_node;
JSON_NODE * curr_node;
JSON_VALUE * curr_value;
int value_type;
char value_buffer[1024];
char * tempstr;
int i;
int offset=0;
int state=0;
int ret;
// give the root node value
root_node=get_json_node(NULL);
if(root_node==NULL)
return -ENOMEM;
father_node=NULL;
curr_node=root_node;
curr_node->layer=0;
root_node->elem_type=JSON_ELEM_INIT;
curr_node->solve_state=SOLVE_INIT;
while(str[offset]!='\0')
{
switch(curr_node->solve_state)
{
case SOLVE_INIT:
while(str[offset]!=0)
{
if(!IsSplitChar(str[offset]))
break;
offset++;
}
if(str[offset]!='{')
return -EINVAL;
// get an object node,then switch to the SOLVE_OBJECT
father_node=curr_node;
curr_node=get_json_node(father_node);
curr_node->elem_type=JSON_ELEM_MAP;
curr_node->solve_state=SOLVE_MAP;
offset++;
break;
case SOLVE_MAP:
while(str[offset]!=0)
{
if(!IsSplitChar(str[offset]))
break;
offset++;
}
if(str[offset]!='\"'){
// if this map is empty,then finish this MAP
if(str[offset]=='}')
{
offset++;
curr_node->solve_state=SOLVE_UPGRADE;
break;
}
// if we should to find another elem
if(str[offset]==',')
{
offset++;
break;
}
else
return -EINVAL;
}
// we should build a name:value json node
father_node=curr_node;
curr_node=get_json_node(father_node);
curr_node->elem_str=str+offset;
offset++;
curr_node->solve_state=SOLVE_NAME;
break;
case SOLVE_NAME:
ret=get_json_strvalue(value_buffer,str+offset);
if(ret<0)
return ret;
if(ret>=DIGEST_SIZE*2)
return ret;
offset+=ret;
{
int len=strlen(value_buffer);
if(len<=DIGEST_SIZE*2)
memcpy(curr_node->name,value_buffer,len+1);
else
memcpy(curr_node->name,value_buffer,DIGEST_SIZE*2);
offset++;
}
while(str[offset]!=0)
{
if(!IsSplitChar(str[offset]))
break;
offset++;
}
if(str[offset]!=':')
return -EINVAL;
offset++;
curr_node->solve_state=SOLVE_VALUE;
break;
case SOLVE_VALUE:
while(str[offset]!=0)
{
if(!IsSplitChar(str[offset]))
break;
offset++;
}
if(str[offset]=='{')
{
// get an object node,then switch to the SOLVE_MAP
curr_node->elem_type=JSON_ELEM_MAP;
offset++;
curr_node->solve_state=SOLVE_MAP;
break;
}
if(str[offset]=='[')
{
// get an array node,then switch to the SOLVE_ARRAY
curr_node->elem_type=JSON_ELEM_ARRAY;
offset++;
curr_node->solve_state=SOLVE_ARRAY;
break;
}
if(str[offset]=='\"') // value is JSON_STRING
{
offset++;
i=get_json_strvalue(value_buffer,str+offset);
if(i>=0)
{
offset+=i+1;
curr_node->elem_type=JSON_ELEM_STRING;
}
else
return -EINVAL;
}
else
{
i=get_json_numvalue(value_buffer,str+offset);
if(i>0)
{
offset+=i;
curr_node->elem_type=JSON_ELEM_NUM;
}
else
{
i=get_json_boolvalue(value_buffer,str+offset);
if(i>0)
{
offset+=i;
curr_node->elem_type=JSON_ELEM_BOOL;
}
else
{
i=get_json_nullvalue(value_buffer,str+offset);
if(i>0)
{
offset+=i;
curr_node->elem_type=JSON_ELEM_NULL;
}
else
return -EINVAL;
}
}
}
curr_node->value_str=dup_str(value_buffer,0);
curr_node->solve_state=SOLVE_UPGRADE;
break;
case SOLVE_ARRAY:
while(str[offset]!=0)
{
if(!IsSplitChar(str[offset]))
break;
offset++;
}
if(str[offset]==']')
{
offset++;
curr_node->solve_state=SOLVE_UPGRADE;
break;
}
// if we should to find another elem
if(str[offset]==',')
{
offset++;
break;
}
// we should build a name:value json node
father_node=curr_node;
curr_node=get_json_node(father_node);
curr_node->elem_str=str+offset;
// offset++;
curr_node->solve_state=SOLVE_VALUE;
break;
case SOLVE_UPGRADE: // get value process
curr_node->solve_state=SOLVE_FINISH;
if(father_node->elem_type==JSON_ELEM_INIT)
break;
curr_node=father_node;
father_node=curr_node->father;
break;
default:
return -EINVAL;
}
if(curr_node->solve_state==SOLVE_FINISH)
break;
}
*root=curr_node;
return offset;
}
int main() {
static unsigned char alloc_buffer[4096*(1+1+4+1+16+1+256)];
char json_buffer[4096];
char print_buffer[4096];
BYTE bin_buffer[4096];
int ret;
int readlen;
int json_offset;
void * root_node;
void * findlist;
void * memdb_template ;
BYTE uuid[DIGEST_SIZE];
int i;
MSG_HEAD * msg_head;
char * baseconfig[] =
{
"namelist.json",
"typelist.json",
"subtypelist.json",
"msghead.json",
"base_msg.json",
"expandrecord.json",
NULL
};
// alloc_init(alloc_buffer);
struct_deal_init();
memdb_init();
// test namelist reading start
for(i=0;baseconfig[i]!=NULL;i++)
{
ret=read_json_file(baseconfig[i]);
if(ret<0)
return ret;
printf("read %d elem from file %s!\n",ret,baseconfig[i]);
}
void * record;
// test struct desc reading start
int msg_type = memdb_get_typeno("MESSAGE");
if(msg_type<=0)
return -EINVAL;
int subtype=memdb_get_subtypeno(msg_type,"HEAD");
if(subtype<=0)
return -EINVAL;
record=memdb_get_first(msg_type,subtype);
while(record!=NULL)
{
ret=memdb_print(record,print_buffer);
if(ret<0)
return -EINVAL;
printf("%s\n",print_buffer);
record=memdb_get_next(msg_type,subtype);
}
msgfunc_init();
void * message;
struct basic_message base_msg;
struct expand_flow_trace flow_trace;
message=message_create(DTYPE_MESSAGE,SUBTYPE_BASE_MSG,NULL);
base_msg.message=dup_str("Hello,World!",0);
flow_trace.record_num=1;
flow_trace.trace_record=Talloc0(DIGEST_SIZE*flow_trace.record_num);
Strncpy(flow_trace.trace_record,"test_port",DIGEST_SIZE/4*3);
ret=message_add_record(message,&base_msg);
if(ret<0)
{
printf("add message record failed!\n");
return ret;
}
ret=message_add_expand_data(message,DTYPE_MSG_EXPAND,SUBTYPE_FLOW_TRACE,&flow_trace);
if(ret<0)
{
printf("add message expand failed!\n");
return ret;
}
ret=message_record_struct2blob(message);
if(ret<0)
{
printf("message struct2blob failed!\n");
return ret;
}
BYTE * blob;
ret=message_output_json(message,json_buffer);
if(ret<0)
{
printf("message output json failed!\n");
return ret;
}
printf("%s\n",json_buffer);
ret=message_output_blob(message,&blob);
if(ret<0)
return ret;
printf ("output %d data to bin_buffer\n",ret);
void * new_msg;
ret=message_read_from_blob(&new_msg,blob,ret);
printf ("read %d from bin_buffer\n",ret);
ret=message_load_record(new_msg);
if(ret<0)
{
printf("load record failed!\n");
return ret;
}
ret=message_load_expand(new_msg);
if(ret<0)
{
printf("load expand failed!\n");
return ret;
}
printf("%s\n",json_buffer);
ret=json_2_message(json_buffer,&new_msg);
if(ret<0)
return ret;
printf ("read %d from json_buffer\n",ret);
ret=message_output_json(new_msg,json_buffer);
if(ret<0)
{
printf("message output json failed!\n");
return ret;
}
printf("%s\n",json_buffer);
ret=message_output_blob(message,bin_buffer);
return 0;
}
int verify_pcrs_set(void * v_pcrs,void * v_list)
{
struct verify_info ** verify_list=(struct verify_info **)v_list;
struct tcm_pcr_set * pcrs=(struct tcm_pcr_set *)v_pcrs;
struct tcm_pcr_set * verify_pcrs;
struct tcm_pcr_set * comp_pcrs;
char digest[DIGEST_SIZE];
char uuid[DIGEST_SIZE*2+1];
int i,j;
int offset;
int maxno;
int trust_level;
if(v_pcrs==NULL)
return 0;
trust_level=verify_list[0]->trust_level;
for(i=0;verify_list[i]!=NULL;i++);
maxno=i;
for(i=0;i<maxno;i++)
{
if(verify_list[i]->verify_data_uuid[0]==0)
break;
}
for(j=0;j<24;j++)
{
if(i>=maxno)
{
trust_level=0;
break;
}
verify_pcrs=get_single_pcr_from_set(pcrs,j);
if(verify_pcrs==NULL)
continue;
memcpy( verify_list[i]->verify_data_uuid,verify_pcrs->uuid,DIGEST_SIZE*2);
FindPolicy(verify_pcrs,"PCRP",&comp_pcrs);
if(comp_pcrs==NULL)
{
verify_list[i]->trust_level=-1;
verify_list[i]->info=dup_str("Verify Failed!",0);
verify_list[i]->info_len=strlen(verify_list[i]->info)+1;
trust_level=-1;
}
else
{
verify_list[i]->trust_level=comp_pcrs->trust_level;
if(trust_level==0)
trust_level=comp_pcrs->trust_level;
else if(trust_level>0)
{
if(comp_pcrs->trust_level>trust_level)
trust_level=comp_pcrs->trust_level;
}
verify_list[i]->info=dup_str(comp_pcrs->policy_describe,0);
verify_list[i]->info_len=strlen(verify_list[i]->info)+1;
}
i++;
}
verify_list[0]->trust_level=trust_level;
return trust_level;
}
int proc_symmkey_gen(void * sub_proc,void * recv_msg)
{
int ret=0;
int i=0;
struct trust_encdata_info * encdatainfo;
struct vTPM_wrappedkey * key_struct;
void * send_msg;
TSS_HKEY hEnckey;
BYTE uuid[DIGEST_SIZE];
DB_RECORD * keyinfo_record;
DB_RECORD * key_record;
BYTE EncData[DIGEST_SIZE];
BYTE uuidstr[DIGEST_SIZE*2];
char filename[DIGEST_SIZE*4];
char buffer[DIGEST_SIZE*8];
// get message
ret=message_get_record(recv_msg,&key_struct,0);
if(key_struct==NULL)
return -EINVAL;
encdatainfo=Calloc(sizeof(*encdatainfo));
if(encdatainfo==NULL)
return -ENOMEM;
key_record=memdb_find_first(DTYPE_TESI_KEY_STRUCT,SUBTYPE_WRAPPED_KEY,"uuid",key_struct->uuid);
if(key_record==NULL)
return -EINVAL;
hEnckey=key_record->tail;
TESI_Local_GetRandom(EncData,DIGEST_SIZE);
int fd=open("encdata/tempkey.dat",O_RDWR|O_CREAT|O_TRUNC,0666);
if(fd<0)
return -EINVAL;
write(fd,EncData,DIGEST_SIZE);
close(fd);
TESI_Local_Bind("encdata/tempkey.dat",hEnckey,"encdata/symmkey.dat");
convert_uuidname("encdata/symmkey",".dat",encdatainfo->uuid,filename);
Memcpy(encdatainfo->vtpm_uuid,key_struct->vtpm_uuid,DIGEST_SIZE);
Memcpy(encdatainfo->enckey_uuid,key_struct->uuid,DIGEST_SIZE);
getcwd(buffer,DIGEST_SIZE*5-6);
Strcat(buffer,"/");
Strcat(buffer,filename);
encdatainfo->filename=dup_str(buffer,DIGEST_SIZE*7);
send_msg=message_create(DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,recv_msg);
if(send_msg==NULL)
return -EINVAL;
message_add_record(send_msg,encdatainfo);
memdb_store(encdatainfo,DTYPE_TRUST_DEMO,SUBTYPE_ENCDATA_INFO,NULL);
ex_module_sendmsg(sub_proc,send_msg);
ex_module_sendmsg(sub_proc,recv_msg);
return ret;
}
int add_image_kernelpolicy(void * p_pcrs, char * mountpoint,char * image_desc)
{
char *boot_file_list[]={
"/boot/grub/grub.conf",
"/boot/grub/menu.lst",
NULL
};
struct tcm_pcr_set * pcrs=p_pcrs;
FILE * fp;
char *file_arg[MAX_ARG_NUM];
char filename[512];
char kernelname[256];
char initrdname[256];
int retval;
int i;
char digest[DIGEST_SIZE];
char desc[512];
for(i=0;boot_file_list[i]!=NULL;i++)
{
sprintf(filename,"%s/%s",mountpoint,boot_file_list[i]);
fp=fopen(filename,"r");
if(fp!=NULL)
break;
}
if(boot_file_list[i]==NULL)
{
printf("can't find image %s's boot file\n ",image_desc);
return -EINVAL;
}
file_arg[0]=malloc(MAX_LINE_LEN);
if(file_arg[0]==NULL)
return -ENOMEM;
do {
retval=read_arg(fp,file_arg);
if(retval<0)
break;
if(retval==0)
continue;
if(strcmp(file_arg[0],"kernel")!=0)
continue;
strncpy(kernelname,file_arg[1],256);
retval=read_arg(fp,file_arg);
if(retval<0)
break;
if(retval==0)
continue;
if(strcmp(file_arg[0],"initrd")!=0)
continue;
strncpy(initrdname,file_arg[1],256);
sprintf(desc,"image %s 's kernel digest",image_desc);
pcrs->policy_describe=dup_str(desc,0);
sprintf(filename,"%s/%s",mountpoint,kernelname);
calculate_sm3(filename,digest);
add_pcr_to_set(pcrs,KERNEL_PCR_INDEX,digest);
sprintf(filename,"%s/%s",mountpoint,initrdname);
calculate_sm3(filename,digest);
add_pcr_to_set(pcrs,KERNEL_PCR_INDEX,digest);
break;
}while(1);
return 0;
}
int proc_verify(void * sub_proc,void * message)
{
int type;
int subtype;
int ret;
printf("begin proc login_verify \n");
type=message_get_type(message);
if(type!=DTYPE_CRYPTO_DEMO)
return -EINVAL;
subtype=message_get_subtype(message);
if(subtype!=SUBTYPE_LOGIN_INFO)
return -EINVAL;
void * new_msg;
void * record;
struct login_info * login_data;
struct login_info * lib_data;
struct verify_return * return_data;
new_msg=message_create(DTYPE_CRYPTO_DEMO,SUBTYPE_VERIFY_RETURN,message);
return_data=Talloc0(sizeof(*return_data));
ret=message_get_record(message,&login_data,0);
if(ret<0)
return ret;
lib_data=memdb_get_first_record(type,subtype);
while(lib_data!=NULL)
{
if(Strncmp(lib_data->user,login_data->user,DIGEST_SIZE)==0)
break;
lib_data=memdb_get_next_record(type,subtype);
}
if(lib_data==NULL)
{
return_data->ret_data=dup_str("no such user!",0);
return_data->retval=-1;
}
else
{
if (Strncmp(lib_data->passwd,login_data->passwd,DIGEST_SIZE)!=0)
{
return_data->ret_data=dup_str("error passwd!",0);
return_data->retval=0;
}
else
{
return_data->ret_data=dup_str("login_succeed!",0);
return_data->retval=1;
ret=user_addr_store(sub_proc,message);
if(ret<0)
return ret;
}
}
return_data->ret_data_size=Strlen(return_data->ret_data)+1;
message_add_record(new_msg,return_data);
ex_module_sendmsg(sub_proc,new_msg);
return ret;
}
int main() {
static unsigned char alloc_buffer[4096*(1+1+4+1+32+1+256)];
char json_buffer[4096];
char print_buffer[4096];
int ret;
int readlen;
int json_offset;
void * root_node;
void * findlist;
void * memdb_template ;
BYTE uuid[DIGEST_SIZE];
int i;
MSG_HEAD * msg_head;
pthread_t cube_thread;
char * baseconfig[] =
{
"namelist.json",
"dispatchnamelist.json",
"typelist.json",
"subtypelist.json",
"msghead.json",
"msgrecord.json",
"expandrecord.json",
"base_msg.json",
"dispatchrecord.json",
NULL
};
// alloc_init(alloc_buffer);
struct_deal_init();
memdb_init();
// test namelist reading start
for(i=0;baseconfig[i]!=NULL;i++)
{
ret=read_json_file(baseconfig[i]);
if(ret<0)
return ret;
printf("read %d elem from file %s!\n",ret,baseconfig[i]);
}
void * record;
// test struct desc reading start
msgfunc_init();
dispatch_init();
void * message;
void * policy;
ret=read_dispatch_file("dispatch_policy.json");
message=message_create(DTYPE_MESSAGE,SUBTYPE_BASE_MSG,NULL);
struct basic_message * base_msg;
base_msg=Talloc0(sizeof(*base_msg));
if(base_msg==NULL)
return -ENOMEM;
base_msg->message=dup_str("hello",0);
message_add_record(message,base_msg);
ret=message_output_json(message,json_buffer);
if(ret<0)
{
printf("message output json failed!\n");
return ret;
}
printf("%s\n",json_buffer);
ret=dispatch_policy_getfirst(&policy);
while(policy!=NULL)
{
ret=dispatch_match_message(policy,message);
if(ret==0)
{
printf("this message match the policy!\n");
break;
}
ret=dispatch_policy_getnext(&policy);
}
if(policy!=NULL)
{
router_set_local_route(message,policy);
ret=message_output_json(message,json_buffer);
if(ret<0)
{
printf("message output json failed!\n");
return ret;
}
printf("%s\n",json_buffer);
}
// routine_start();
// sleep(100000);
return 0;
}
