From 3fbde2e1ccb521a0d380dfd98fdc41565d42dee9 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Nov 2019 18:01:34 +0100 Subject: [PATCH] issuer and member can exchange keys, verifier ist not yet tested. --- client.c | 3 - common.c | 12 ++-- issuer.c | 88 ++++++++++++++++++------- member.c | 187 +++++++++++++++++++++++++++++++++++++---------------- verifier.c | 71 +++++++++++++++----- 5 files changed, 258 insertions(+), 103 deletions(-) diff --git a/client.c b/client.c index c50b621..9fca925 100644 --- a/client.c +++ b/client.c @@ -25,8 +25,6 @@ int client_open(char *servip, int16_t port) { } int client_connect(conn_handler handler, char *servip, int16_t port) { - struct sockaddr_in servaddr; - unsigned int servaddr_len = 0; int connfd = 0; char buffer[MAX_BUFSIZE]; int ret = 0; @@ -60,7 +58,6 @@ int client_connect(conn_handler handler, char *servip, int16_t port) { if (0 != close(connfd)) { printf("client_connect: failed to close server connection properly\n"); - ret = -1; } return ret; diff --git a/common.c b/common.c index ed2b4d2..23ab3ab 100644 --- a/common.c +++ b/common.c @@ -1,14 +1,14 @@ #include "common.h" void ecdaa_rand(void *buffer, size_t buflen) { - getrandom(buffer, buflen, GRND_RANDOM); + getrandom(buffer, buflen, 0); } char bin2hex(uint8_t byte) { - char word = byte & 0x0f; + uint8_t word = byte & 0x0f; char hex = 0; - if (byte >= 0 && byte <= 9) hex = word + '0'; - else if (byte >= 10 && byte <= 15) hex = word - 10 + 'A'; + if (word >= 0 && word <= 9) hex = word + '0'; + else if (word >= 10 && word <= 15) hex = word - 10 + 'A'; return hex; } @@ -30,8 +30,8 @@ void ecdaa_hextobin(const char *in_hex, uint8_t *out_bin, size_t outlen) { void ecdaa_bintohex(const uint8_t *in_bin, size_t inlen, char *out_hex) { for (size_t i = 0, j = 0; i < inlen; i++, j+=2) { - out_hex[j] = bin2hex(in_bin[i] % 0x0f); - out_hex[j+1] = bin2hex((in_bin[i] / 16) % 0x0f); + out_hex[j] = bin2hex(in_bin[i]); + out_hex[j+1] = bin2hex(in_bin[i] >> 4); } } diff --git a/issuer.c b/issuer.c index 815bcfb..94002d5 100644 --- a/issuer.c +++ b/issuer.c @@ -25,32 +25,69 @@ int issuer_joinproceed(char *buffer); int issuer_publish(char *buffer); int main() { - int err = 0; - - //if (2 != server_start(&process_issuer, ISSUERPORT)) { - // printf("server failed\n"); - //} - uint8_t buffer[1024]; + if (2 != server_start(&process_issuer, ISSUERPORT)) { + printf("server failed\n"); + } +/* + uint8_t buffer[1024], result[1024]; uint8_t *current = buffer; char send[1024]; bzero(buffer, 1024); + bzero(result, 1024); bzero(send,1024); + buffer[0] = 0x01; + buffer[1] = 0x02; + buffer[2] = 0x04; + buffer[3] = 0x08; + buffer[4] = 0x10; + buffer[5] = 0x20; + buffer[6] = 0x40; + buffer[7] = 0x80; + buffer[8] = 0x11; + buffer[9] = 0x22; + buffer[10] = 0x44; + buffer[11] = 0x88; + buffer[12] = 0x11; + buffer[13] = 0x21; + buffer[14] = 0x41; + buffer[15] = 0x81; + + ecdaa_bintohex(buffer, 16, send); + for(int i = 0; i < 32; i++) { + printf("%c", send[i]); + } + ecdaa_hextobin(send, result, 16); + + for(int i = 0; i < 1024; i++) { + if(buffer[i] != result[i]) { + printf("buffer[%i] = %X, result[%i] = %X\n", i, buffer[i], i, result[i]); + } + } + struct ecdaa_issuer_public_key_FP256BN key; ecdaa_issuer_key_pair_FP256BN_generate(&issuer.ipk, &issuer.isk, ecdaa_rand); - ecdaa_issuer_public_key_FP256BN_serialize(current, &issuer.ipk); - ecdaa_bintohex((char*)current, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH, send); + ecdaa_issuer_public_key_FP256BN_serialize(buffer, &issuer.ipk); + int ret = ecdaa_issuer_public_key_FP256BN_deserialize(&key, buffer); + printf("ret = %i\n",ret); + ecdaa_bintohex(current, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH, send); printf("%s\n", send); - bzero(current, 1024); - ecdaa_hextobin(send, (char*)current, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); - int ret = ecdaa_issuer_public_key_FP256BN_deserialize(&key, current); - printf("%i\n",ret); + + ecdaa_hextobin(send, result, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); + ret = ecdaa_issuer_public_key_FP256BN_deserialize(&key, result); + printf("ret = %i\n",ret); + + for(int i = 0; i < 1024; i++) { + if(buffer[i] != result[i]) { + printf("buffer[%i] = %X, result[%i] = %X\n", i, buffer[i], i, result[i]); + } + } +*/ return 0; } int process_issuer(char *buffer) { - ssize_t len = 0; int ret = 0; printf("> ISSUER: %s\n", buffer); @@ -145,12 +182,12 @@ int process_issuer(char *buffer) { // "JOIN" > "JOINSTART " int issuer_joinstart(char *buffer) { - getrandom(issuer.nonce, NONCE_SIZE, GRND_RANDOM); + ecdaa_rand(issuer.nonce, NONCE_SIZE); char* current; bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "JOINSTART ", 10); current = &buffer[10]; - ecdaa_bintohex(issuer.nonce, NONCE_SIZE, buffer); + ecdaa_bintohex(issuer.nonce, NONCE_SIZE, current); buffer[2 * NONCE_SIZE + 10] = '\n'; return 0; } @@ -160,17 +197,23 @@ int issuer_joinproceed(char *buffer) { char *current = &buffer[7]; uint8_t binbuf[MAX_BUFSIZE]; bzero(binbuf, MAX_BUFSIZE); + int ret = 0; ecdaa_hextobin(current, binbuf, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH); - int ret = ecdaa_member_public_key_FP256BN_deserialize(&issuer.mpk, binbuf, issuer.nonce, NONCE_SIZE); + bzero(buffer, MAX_BUFSIZE); + ret = ecdaa_member_public_key_FP256BN_deserialize(&issuer.mpk, binbuf, issuer.nonce, NONCE_SIZE); if(-1 == ret) { - printf("issuer_joinproceed: member public key is malformed!"); + strncpy(buffer, "ERR\n", 4); + printf("issuer_joinproceed: member public key is malformed!\n"); return -1; } else if (-2 == ret) { - printf("issuer_joinproceed: signature of member public key is invalid"); + strncpy(buffer, "ERR\n", 4); + printf("issuer_joinproceed: signature of member public key is invalid\n"); + return -1; } if (0 != ecdaa_credential_FP256BN_generate(&issuer.cred, &issuer.cred_sig, &issuer.isk, &issuer.mpk, ecdaa_rand)) { + strncpy(buffer, "ERR\n", 4); printf("issuer_joinproceed: error generating credential\n"); return -1; } @@ -178,16 +221,16 @@ int issuer_joinproceed(char *buffer) { strncpy(buffer, "JOINPROCEED ", 12); current = &buffer[12]; - ecdaa_credential_FP256BN_serialize(binbuf, &issuer.cred); bzero(binbuf, MAX_BUFSIZE); + ecdaa_credential_FP256BN_serialize(binbuf, &issuer.cred); ecdaa_bintohex(binbuf, ECDAA_CREDENTIAL_FP256BN_LENGTH, current); - current = &buffer[12 + 2 * ECDAA_CREDENTIAL_FP256BN_LENGTH]; - ecdaa_credential_FP256BN_signature_serialize(binbuf, &issuer.cred_sig); + current = &buffer[12 + 2 * ECDAA_CREDENTIAL_FP256BN_LENGTH + 1]; bzero(binbuf, MAX_BUFSIZE); + ecdaa_credential_FP256BN_signature_serialize(binbuf, &issuer.cred_sig); ecdaa_bintohex(binbuf, ECDAA_CREDENTIAL_FP256BN_SIGNATURE_LENGTH, current); - buffer[2 * ECDAA_CREDENTIAL_FP256BN_LENGTH + 2 * ECDAA_CREDENTIAL_FP256BN_SIGNATURE_LENGTH + 12] = '\n'; + buffer[2 * ECDAA_CREDENTIAL_FP256BN_LENGTH + 1 + 2 * ECDAA_CREDENTIAL_FP256BN_SIGNATURE_LENGTH + 12] = '\n'; return 0; } @@ -205,7 +248,6 @@ int issuer_setup(char *buffer) { // "PUBLISH" > "PUBLISH " int issuer_publish(char *buffer) { - printf("publish()\n"); char *current; uint8_t binbuf[MAX_BUFSIZE]; bzero(buffer, MAX_BUFSIZE); diff --git a/member.c b/member.c index 8c9157a..75a971e 100644 --- a/member.c +++ b/member.c @@ -2,6 +2,8 @@ typedef enum memberstate { ON, + ISSUERPUB, + RCVPUBLIC, JOIN, APPEND, JOINPROCEED, @@ -17,18 +19,24 @@ typedef struct member { uint8_t nonce[NONCE_SIZE]; struct ecdaa_credential_FP256BN cred; struct ecdaa_credential_FP256BN_signature cred_sig; + struct ecdaa_issuer_public_key_FP256BN ipk; } member_t; member_t member; -int member_join(char* buffer); -int member_attest(char* buffer); -int member_publish(char* buffer); -int member_joinappend(char* buffer); -int member_joinfinish(char* buffer); +int member_join(char *buffer); + +int member_attest(char *buffer); + +int member_publish(char *buffer); + +int member_getpublic(char *buffer); + +int member_joinappend(char *buffer); + +int member_joinfinish(char *buffer); int main() { - int err = 0; if (2 != server_start(&process_member, MEMBERPORT)) { printf("server failed\n"); @@ -39,55 +47,60 @@ int main() { int process_member(char *buffer) { int ret = 0; - printf("> MEMBER: %s\n", buffer); - - if (0 == strncasecmp("ATTEST", buffer, 6)) { - printf("attest()\n"); + printf("> MEMBER: %s\n", buffer); + + if (member.state == JOINED && 0 == strncasecmp("ATTEST", buffer, 6)) { + bzero(buffer, MAX_BUFSIZE); + strncpy(buffer, "ATTEST ", 7); + member_attest(buffer); + } else if (member.state == ON && 0 == strncasecmp("GETPUBLIC", buffer, 9)) { + bzero(buffer, MAX_BUFSIZE); + ret = client_connect(&member_getpublic, ISSUERIP, ISSUERPORT); + if (0 >= ret || RCVPUBLIC != member.state) { + printf("process_member: issuer connection failed\n"); bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "ATTEST ", 7); - member_attest(buffer); - } else if (0 == strncasecmp("PUBLISH", buffer, 7)) { - printf("publish()\n"); - bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "PUBLISH ", 8); - member_publish(buffer); - } else if (member.state != JOINED && 0 == strncasecmp("JOIN", buffer, 4)) { - printf("join()\n"); - member.state = JOIN; - ret = client_connect(&member_join, ISSUERIP, ISSUERPORT); - if (0 >= ret || JOINED != member.state) { - printf("process_member: issuer connection failed\n"); - bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "ERR\n", 4); - } else { - bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "OK\n", 3); - } - ret = 0; - } else if (0 == strncasecmp("EXIT", buffer, 4)) { - printf("exit()\n"); + strncpy(buffer, "ERR\n", 4); + } else { bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "OK\n", 3); - ret = 1; - } else if (0 == strncasecmp("SHUTDOWN", buffer, 8)) { + } + ret = 0; + } else if (0 == strncasecmp("PUBLISH", buffer, 7)) { + bzero(buffer, MAX_BUFSIZE); + member_publish(buffer); + } else if (member.state == RCVPUBLIC && 0 == strncasecmp("JOIN", buffer, 4)) { + member.state = JOIN; + ret = client_connect(&member_join, ISSUERIP, ISSUERPORT); + if (0 >= ret || JOINED != member.state) { + printf("process_member: issuer connection failed\n"); bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "OK\n", 3); - ret = 2; + strncpy(buffer, "ERR\n", 4); } else { - printf("error()\n"); bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "ERR\n", 4); - ret = 0; + strncpy(buffer, "OK\n", 3); } + ret = 0; + } else if (0 == strncasecmp("EXIT", buffer, 4)) { + bzero(buffer, MAX_BUFSIZE); + strncpy(buffer, "OK\n", 3); + ret = 1; + } else if (0 == strncasecmp("SHUTDOWN", buffer, 8)) { + bzero(buffer, MAX_BUFSIZE); + strncpy(buffer, "OK\n", 3); + ret = 2; + } else { + bzero(buffer, MAX_BUFSIZE); + strncpy(buffer, "ERR\n", 4); + ret = 0; + } - printf("< MEMBER: %s\n", buffer); + printf("< MEMBER: %s\n", buffer); return ret; } int member_join(char *buffer) { int ret = 0; - printf("ISSUER > MEMBER: %s", buffer); switch (member.state) { case JOIN: bzero(buffer, MAX_BUFSIZE); @@ -96,46 +109,99 @@ int member_join(char *buffer) { break; case APPEND: if (0 == strncasecmp("JOINSTART", buffer, 9)) { + printf("ISSUER > MEMBER: %s", buffer); member_joinappend(buffer); member.state = JOINPROCEED; } break; case JOINPROCEED: if (0 == strncasecmp("JOINPROCEED", buffer, 11)) { + printf("ISSUER > MEMBER: %s", buffer); member_joinfinish(buffer); member.state = JOINED; ret = 1; } break; default: - ret -1; + ret - 1; } - if(0 == ret) { + if (0 == ret) { printf("ISSUER < MEMBER: %s", buffer); } return ret; } -int member_attest(char* buffer) { +int member_getpublic(char *buffer) { + int ret = 0; + + switch (member.state) { + case ON: + bzero(buffer, MAX_BUFSIZE); + strncpy(buffer, "PUBLISH\n", 8); + member.state = ISSUERPUB; + break; + case ISSUERPUB: + if (0 == strncasecmp("PUBLISH", buffer, 7)) { + printf("ISSUER > MEMBER: %s", buffer); + uint8_t binbuf[MAX_BUFSIZE]; + char *current = &buffer[8]; + ecdaa_hextobin(current, binbuf, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); + ret = ecdaa_issuer_public_key_FP256BN_deserialize(&member.ipk, binbuf); + if (-1 == ret) { + printf("member_getpublic: issuer public key is malformed!\n"); + ret = -1; + } else if (-2 == ret) { + printf("member_getpublic: signature of issuer public key is invalid\n"); + ret = -1; + } else { + member.state = RCVPUBLIC; + ret = 1; + } + } + break; + default: + ret = -1; + break; + } + if (0 == ret) { + printf("ISSUER < MEMBER: %s", buffer); + } + return ret; +} + +//"ATTEST" > "ATTEST " +int member_attest(char *buffer) { strncat(buffer, "\n", 13); return 0; } //"PUBLISH" > "PUBLISH " -int member_publish(char* buffer) { - strncat(buffer, "\n", 12); +int member_publish(char *buffer) { + char *current; + uint8_t binbuf[MAX_BUFSIZE]; + bzero(buffer, MAX_BUFSIZE); + + strncpy(buffer, "PUBLISH ", 8); + + current = &buffer[8]; + bzero(binbuf, MAX_BUFSIZE); + ecdaa_member_public_key_FP256BN_serialize(binbuf, &member.mpk); + ecdaa_bintohex(binbuf, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH, current); + + buffer[2 * ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH + 8] = '\n'; + return 0; } //"JOINSTART " > "APPEND " -int member_joinappend(char* buffer) { +int member_joinappend(char *buffer) { char *current = &buffer[10]; uint8_t binbuf[MAX_BUFSIZE]; ecdaa_hextobin(current, member.nonce, NONCE_SIZE); if (0 != ecdaa_member_key_pair_FP256BN_generate(&member.mpk, &member.msk, member.nonce, NONCE_SIZE, ecdaa_rand)) { fprintf(stderr, "Error generating member key-pair\n"); - return 1; + return -1; } bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "APPEND ", 7); @@ -148,12 +214,25 @@ int member_joinappend(char* buffer) { } //"JOINPROCEED " > "" -int member_joinfinish(char* buffer) { +int member_joinfinish(char *buffer) { char *current = &buffer[12]; + uint8_t *bincur; uint8_t binbuf[MAX_BUFSIZE]; - ecdaa_credential_FP256BN_deserialize(binbuf, &member.cred); - current = &buffer[12 + 2 * ECDAA_CREDENTIAL_FP256BN_LENGTH]; - //ecdaa_credential_FP256BN_signature_deserialize(current, &member.cred_sig); - bzero(buffer, MAX_BUFSIZE); - return 0; + int ret = 0; + bzero(binbuf, MAX_BUFSIZE); + ecdaa_hextobin(current, binbuf, ECDAA_CREDENTIAL_FP256BN_LENGTH); + + current = &buffer[12 + 2 * ECDAA_CREDENTIAL_FP256BN_LENGTH + 1]; + bincur = &binbuf[ECDAA_CREDENTIAL_FP256BN_LENGTH]; + ecdaa_hextobin(current, bincur, ECDAA_CREDENTIAL_FP256BN_SIGNATURE_LENGTH); + ret = ecdaa_credential_FP256BN_deserialize_with_signature(&member.cred, &member.mpk, &member.ipk.gpk, binbuf, bincur); + if(-1 == ret) { + printf("member_joinfinish: credential is malformed!\n"); + ret = -1; + } else if(-2 == ret) { + printf("member_joinfinish: siganture of credential is invalid"); + ret = -1; + } + + return ret; } \ No newline at end of file diff --git a/verifier.c b/verifier.c index 4086a7b..b8fc5d1 100644 --- a/verifier.c +++ b/verifier.c @@ -9,8 +9,9 @@ typedef enum verifierstate { } verifierstate_e; typedef struct verifier { - struct ecdaa_issuer_public_key_FP256BN mpk; - struct ecdaa_member_public_key_FP256BN ipk; + struct ecdaa_issuer_public_key_FP256BN ipk; + struct ecdaa_member_public_key_FP256BN mpk; + struct ecdaa_revocations_FP256BN revocations; verifierstate_e state; } verifier_t; @@ -19,9 +20,12 @@ verifier_t verifier; int verifier_getissuer(char *buffer); int verifier_getmember(char *buffer); +int verifier_attestmember(char *buffer); +int verifier_checklink(char *buffer); int main() { - int err = 0; + verifier.revocations.sk_list = NULL; + verifier.revocations.bsn_list = NULL; if (2 != server_start(&process_verifier, VERIFIERPORT)) { printf("server failed\n"); @@ -37,7 +41,6 @@ int process_verifier(char *buffer) { if (0 == strncasecmp("VERIFY", buffer, 6)) { switch (verifier.state) { case GOTMEMBER: - printf("verify()\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "OK\n", 3); break; @@ -46,9 +49,8 @@ int process_verifier(char *buffer) { strncpy(buffer, "ERR\n", 4); } } else if (0 == strncasecmp("LINk", buffer, 4)) { - printf("getpublished()\n"); bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "OK\n", 3); + verifier_checklink(buffer); } else if (0 == strncasecmp("GETPUBLISHED", buffer, 12)) { printf("link()\n"); verifier.state = ON; @@ -92,7 +94,6 @@ int process_verifier(char *buffer) { int verifier_getissuer(char *buffer) { int ret = 0; - printf("ISSUER > VERIFIER: %s", buffer); switch (verifier.state) { case ON: bzero(buffer, MAX_BUFSIZE); @@ -101,13 +102,25 @@ int verifier_getissuer(char *buffer) { break; case ASKISSUER: if (0 == strncasecmp("PUBLISH", buffer, 7)) { - bzero(buffer, MAX_BUFSIZE); - verifier.state = GOTISSUER; - ret = 1; + printf("ISSUER > VERIFIER: %s", buffer); + uint8_t binbuf[MAX_BUFSIZE]; + char *current = &buffer[8]; + ecdaa_hextobin(current, binbuf, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); + ret = ecdaa_issuer_public_key_FP256BN_deserialize(&verifier.ipk, binbuf); + if (-1 == ret) { + printf("verifier_getpublic: member public key is malformed!\n"); + ret = -1; + } else if (-2 == ret) { + printf("verifier_getpublic: signature of member public key is invalid\n"); + ret = -1; + } else { + verifier.state = GOTISSUER; + ret = 1; + } } break; default: - ret - 1; + ret = -1; } if (0 == ret) { printf("ISSUER < VERIFIER: %s", buffer); @@ -118,7 +131,6 @@ int verifier_getissuer(char *buffer) { int verifier_getmember(char *buffer) { int ret = 0; - printf("ISSUER > VERIFIER: %s", buffer); switch (verifier.state) { case ON: bzero(buffer, MAX_BUFSIZE); @@ -127,16 +139,41 @@ int verifier_getmember(char *buffer) { break; case ASKMEMBER: if (0 == strncasecmp("PUBLISH", buffer, 7)) { - bzero(buffer, MAX_BUFSIZE); - verifier.state = GOTMEMBER; - ret = 1; + printf("MEMBER > VERIFIER: %s", buffer); + uint8_t binbuf[MAX_BUFSIZE]; + char *current = &buffer[8]; + ecdaa_hextobin(current, binbuf, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH); + ret = ecdaa_member_public_key_FP256BN_deserialize_no_check(&verifier.mpk, binbuf); + if (-1 == ret) { + printf("verifier_getmember: member public key is malformed!\n"); + ret = -1; + } else if (-2 == ret) { + printf("verifier_getmember: signature of member public key is invalid\n"); + ret = -1; + } else { + verifier.state = GOTMEMBER; + ret = 1; + } } break; default: - ret - 1; + ret = -1; } if (0 == ret) { - printf("ISSUER < VERIFIER: %s", buffer); + printf("MEMBER < VERIFIER: %s", buffer); } return ret; } + +//"ATTEST" > "OK" +int verifier_attestmember(char *buffer) { + bzero(buffer, MAX_BUFSIZE); + strncat(buffer, "OK\n", 16); + return 0; +} + +//"LINK" > "NOT IMPLEMENTED" +int verifier_checklink(char *buffer) { + strncat(buffer, "NOT_IMPLEMENTED\n", 16); + return 0; +}