Trusted disk loading support, merged from tpm-tmcd branch.

Add mechanism to verify TPM generated quotes, require them for the
"securestate" TMCD command, and add some testcases/helper programs in
tools/tspitests.  Add additional SECURE* state machines to stated for
tracking nodes through the secure load and secure boot processes.

See http://www.cs.utah.edu/flux/papers/tdls-cset10-base.html for details.

os/frisbee.redux/client.c

@@ -1493,7 +1493,7 @@ PlayFrisbee(void)
 			if (!nodecompress) {
 				subtype = p->hdr.subtype = PKTSUBTYPE_JOIN;
 				p->hdr.datalen = sizeof(p->msg.join);
-				p->msg.join2.clientid = myid;
+				p->msg.join.clientid = myid;
 			} else {
 				subtype = p->hdr.subtype = PKTSUBTYPE_JOIN2;
 				p->hdr.datalen = sizeof(p->msg.join2);
@@ -1514,6 +1514,12 @@ PlayFrisbee(void)
 		if (PacketReceive(p) == 0 &&
 		    p->hdr.subtype == subtype &&
 		    p->hdr.type == PKTTYPE_REPLY) {
+			if (subtype == PKTSUBTYPE_JOIN) {
+				p->msg.join2.chunksize = MAXCHUNKSIZE;
+				p->msg.join2.blocksize = MAXBLOCKSIZE;
+				p->msg.join2.bytecount =
+					p->msg.join.blockcount * MAXBLOCKSIZE;
+			}
 			CLEVENT(1, EV_CLIJOINREP,
 				CHUNKSIZE, BLOCKSIZE,
 				(p->msg.join2.bytecount >> 32),

protogeni/etc/protogeni.sql

@@ -36,7 +36,7 @@ CREATE TABLE `geni_authorities` (
   `uuid_prefix` varchar(12) NOT NULL default '',
   `created` datetime default NULL,
   `expires` datetime default NULL,
-  `type` enum('sa','ma','ch','cm','ses') NOT NULL default 'sa',
+  `type` enum('sa','ma','ch','cm','ses','am') NOT NULL default 'sa',
   `disabled` tinyint(1) NOT NULL default '0',
   `url` tinytext,
   `urn` tinytext,

protogeni/lib/GeniCH.pm.in

@@ -208,7 +208,8 @@ sub Resolve($)
     elsif (defined($hrn) && !($hrn =~ /^[-\w\.]*$/)) {
 	return GeniResponse->MalformedArgsResponse();
     }
-    if (! (defined($type) && ($type =~ /^(SA|CM|MA|Component|Slice|User)$/i))){
+    if (! (defined($type) &&
+	   ($type =~ /^(SA|AM|CM|MA|Component|Slice|User)$/i))){
 	return GeniResponse->MalformedArgsResponse();
     }
     $type = lc($type);
@@ -281,7 +282,7 @@ sub Resolve($)
 		 };
 	return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
     }
-    if ($type eq "cm") {
+    if ($type eq "cm" || $type eq "am") {
 	my $manager = GeniAuthority->Lookup($lookup_token);
 	if (!defined($manager)) {
 	    return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef,
@@ -339,7 +340,7 @@ sub Register($)
     my $type  = $argref->{'type'};
 
     if (! (defined($type) &&
-	   ($type =~ /^(SA|MA|CM|SES|Component|Slice|User)$/i))){
+	   ($type =~ /^(SA|MA|AM|CM|SES|Component|Slice|User)$/i))){
 	return GeniResponse->MalformedArgsResponse();
     }
     $type = lc($type);
@@ -614,7 +615,7 @@ sub Register($)
 	}
 	return GeniResponse->Create(GENIRESPONSE_SUCCESS);
     }
-    if ($type eq "cm" || $type eq "sa" || $type eq "ses") {
+    if ($type eq "cm" || $type eq "sa" || $type eq "ses" || $type eq "am") {
 	my ($auth, $which, $type) = GeniHRN::Parse($certificate->urn());
 	
 	my $url = $certificate->URL();
@@ -661,7 +662,7 @@ sub Remove($)
     my $type  = $argref->{'type'};
     my $token = $uuid || $urn;
 
-    if (! (defined($type) && ($type =~ /^(SA|MA|CM|Component|Slice|User)$/))) {
+    if (! (defined($type) && ($type =~ /^(Slice|User)$/))) {
 	return GeniResponse->MalformedArgsResponse();
     }
     if (! ((defined($uuid) || defined($urn)) && defined($cred))) {
@@ -815,7 +816,7 @@ sub ListComponents($)
     #
     my @results = ();
     my $query_result = DBQueryWarn("select uuid from geni_authorities ".
-				   "where type='cm'");
+				   "where type='cm' or type='am'");
     return GeniResponse->Create(GENIRESPONSE_DBERROR)
 	if (!defined($query_result));
 

protogeni/updates/16

@@ -10,8 +10,17 @@ sub DoUpdate($$$)
 
     DBSetDefault($dbhandle);
 
+    #
+    # This is a fixup.
+    #
+    if (DBKeyExists("geni_authorities", "urn")) {
+	DBQueryFatal("ALTER TABLE `geni_authorities` drop key `urn`");
+    }
+    DBQueryFatal("ALTER TABLE `geni_authorities` " .
+		 "add unique key `urn` (`urn`(255))");
+
     DBQueryFatal( "ALTER TABLE `geni_authorities` " .
-		  "MODIFY `type` enum( 'sa', 'ma', 'ch', 'cm', 'ses', 'am' ) " .
+		  "MODIFY `type` enum( 'sa', 'ma', 'ch', 'cm', 'ses', 'am' ) ".
 		  "NOT NULL DEFAULT 'sa'" );
     
     return 0;