int proc_tcm_makeidentity(void * sub_proc,void * recv_msg) { int ret=0; int fd; BYTE local_uuid[DIGEST_SIZE]; BYTE Buf[DIGEST_SIZE*32]; BYTE NameBuf[DIGEST_SIZE*4]; UINT32 result; RECORD(TCM_PIK_DESC,USERINFO) * pik_userinfo; RECORD(MESSAGE,SIZED_BINDATA) req_blob; RECORD(VTCM_IN_KEY,TCM_BIN_KEY) tcm_pik; RECORD(VTCM_IN_KEY,TCM_BIN_PUBKEY) tcm_pikpub; RECORD(TCM_KEY_MANAGE,PRIVATE_KEY) tcm_pik_info; void * new_msg; int key_len; void * tcm_key_template; UINT32 smkHandle; UINT32 ownerHandle; UINT32 keyHandle; UINT32 keyAuthHandle; char uuid[DIGEST_SIZE*2+1]; DB_RECORD * db_record; printf("begin pik makeidentity!\n"); // get pik_userinfo from message ret=message_get_record(recv_msg,&pik_userinfo,0); if(ret<0) return -EINVAL; if(pik_userinfo==NULL) return -EINVAL; // get this node's machine uuid ret=proc_share_data_getvalue("uuid",pik_userinfo->node_uuid); if(ret<0) return ret; // get this node's hostname ret=gethostname(pik_userinfo->node_name,DIGEST_SIZE); if(ret!=0) Memset(pik_userinfo->node_name,0,DIGEST_SIZE); // build tcm session ret=TCM_APCreate(TCM_ET_OWNER, NULL, "ooo", &ownerHandle); printf("ownerHandle is : %x\n",ownerHandle); if(ret<0) { print_cubeerr("TCM_APCreate failed!\n"); return -EINVAL; } ret=TCM_APCreate(TCM_ET_SMK, NULL, "sss", &smkHandle); printf("smkHandle is : %x\n",smkHandle); if(ret<0) { printf("TCM_APCreate failed!\n"); return -EINVAL; } int userinfolen; BYTE * req; int reqlen; // get userinfo blob tcm_key_template=memdb_get_template(TYPE_PAIR(TCM_PIK_DESC,USERINFO)); if(tcm_key_template==NULL) return -EINVAL; userinfolen=struct_2_blob(pik_userinfo,Buf,tcm_key_template); if(userinfolen<0) return userinfolen; db_record=memdb_store(pik_userinfo,TYPE_PAIR(TCM_PIK_DESC,USERINFO),NULL); if(db_record==NULL) return -EINVAL; // do makeidentity ret = TCM_MakeIdentity(ownerHandle, smkHandle, userinfolen,Buf,"kkk", &tcm_pik, &req, &reqlen); if(ret<0) { print_cubeerr("TCM_MakeIdentity failed!\n"); return -EINVAL; } // build an expand message record for req data req_blob.size=reqlen; req_blob.bindata=req; // terminate session ret=TCM_APTerminate(ownerHandle); if(ret<0) { print_cubeerr("TCM_APTerminate failed!\n"); return -EINVAL; } ret=TCM_APTerminate(smkHandle); if(ret<0) { print_cubeerr("TCM_APTerminate failed!\n"); return -EINVAL; } // generate TCM pik info ,left pubkey_uuid for fill tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_KEY)); if(tcm_key_template==NULL) return -EINVAL; key_len=struct_2_blob(&tcm_pik,Buf,tcm_key_template); if(key_len<0) return key_len; Memset(&tcm_pik_info,0,sizeof(tcm_pik_info)); calculate_context_sm3(Buf,key_len,tcm_pik_info.uuid); Memcpy(tcm_pik_info.vtcm_uuid,local_uuid,DIGEST_SIZE); tcm_pik_info.issmkwrapped=1; tcm_pik_info.key_usage=TCM_KEY_IDENTITY; tcm_pik_info.key_flags=TCM_ISVOLATILE|TCM_PCRIGNOREDONREAD; // store pik file digest_to_uuid(tcm_pik_info.uuid,uuid); uuid[DIGEST_SIZE*2]=0; printf("get pik's uuid is %s!\n",uuid); Strcpy(NameBuf,"tcmkey/"); Strcat(NameBuf,uuid); fd=open(NameBuf,O_CREAT|O_WRONLY,0666); if(fd<0) return fd; write(fd,Buf,key_len); close(fd); // Get pikpub from pik // ret=TCM_ExGetPubkeyFromTcmkey(&tcm_pikpub,&tcm_pik); if(ret!=0) { print_cubeerr("Get Pubpik failed!\n"); return -EINVAL; } tcm_key_template=memdb_get_template(TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY)); if(tcm_key_template==NULL) return -EINVAL; key_len=struct_2_blob(&tcm_pikpub,Buf,tcm_key_template); if(key_len<0) return key_len; calculate_context_sm3(Buf,key_len,tcm_pik_info.pubkey_uuid); db_record=memdb_store(&tcm_pik_info,TYPE_PAIR(TCM_KEY_MANAGE,PRIVATE_KEY),NULL); // build a message and send it new_msg=message_create(TYPE_PAIR(TCM_PIK_DESC,USERINFO),recv_msg); if(new_msg==NULL) return -EINVAL; ret=message_add_record(new_msg,pik_userinfo); if(ret<0) return ret; ret=message_add_expand_data(new_msg,TYPE_PAIR(MESSAGE,SIZED_BINDATA),&req_blob); if(ret<0) return -EINVAL; ret=message_add_expand_data(new_msg,TYPE_PAIR(VTCM_IN_KEY,TCM_BIN_PUBKEY),&tcm_pikpub); if(ret<0) return -EINVAL; ret=ex_module_sendmsg(sub_proc,new_msg); return ret; }
int proc_aik_request(void * sub_proc,void * message) { TSS_RESULT result; TSS_HKEY hSignKey; TSS_HKEY hAIKey, hCAKey; struct aik_request_info reqinfo; struct policyfile_data * reqdata; int ret; BYTE *labelString = "UserA"; UINT32 labelLen = strlen(labelString) + 1; char local_uuid[DIGEST_SIZE*2+1]; char proc_name[DIGEST_SIZE*2+1]; ret=proc_share_data_getvalue("uuid",local_uuid); ret=proc_share_data_getvalue("proc_name",proc_name); printf("begin aik request!\n"); char buffer[1024]; char digest[DIGEST_SIZE]; int blobsize=0; int fd; // create a signkey and write its key in localsignkey.key, write its pubkey in localsignkey.pem result=TESI_Local_ReloadWithAuth("ooo","sss"); result=TESI_Local_CreateSignKey(&hSignKey,(TSS_HKEY)NULL,"sss","kkk"); if(result == TSS_SUCCESS) printf("Create SignKey SUCCEED!\n"); TESI_Local_WriteKeyBlob(hSignKey,"privkey/localsignkey"); TESI_Local_WritePubKey(hSignKey,"pubkey/localsignkey"); // fill the reqinfo struct calculate_sm3("pubkey/localsignkey.pem",digest); digest_to_uuid(digest,reqinfo.signpubkey_uuid); calculate_sm3("pubkey/pubek.pem",digest); digest_to_uuid(digest,reqinfo.pubek_uuid); reqinfo.user_name=labelString; get_local_uuid(reqinfo.user_uuid); // create info blob void * struct_template=create_struct_template(req_info_desc); if(struct_template==NULL) return -EINVAL; blobsize=struct_2_blob(&reqinfo,buffer,struct_template); // Load the CA Key result=TESI_Local_GetPubKeyFromCA(&hCAKey,"cert/CA"); if (result != TSS_SUCCESS) { printf("Get pubkey error %s!\n", tss_err_string(result)); exit(result); } TESI_AIK_CreateIdentKey(&hAIKey,NULL,"sss","kkk"); if (result != TSS_SUCCESS) { printf("Create AIK error %s!\n", tss_err_string(result)); exit(result); } labelLen=strlen(labelString); result = TESI_AIK_GenerateReq(hCAKey,blobsize,buffer,hAIKey,"cert/aik"); if (result != TSS_SUCCESS){ printf("Generate aik failed%s!\n",tss_err_string(result)); exit(result); } TESI_Local_WriteKeyBlob(hAIKey,"privkey/AIK"); ret=build_filedata_struct(&reqdata,"cert/aik.req"); void * send_msg; send_msg=message_create("FILD",message); if(send_msg!=NULL) { message_add_record(send_msg,reqdata); sec_subject_sendmsg(sub_proc,send_msg); } return 0; }