diff --git a/CMakeLists.txt b/CMakeLists.txt index 504cd4f..ee10442 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -17,7 +17,7 @@ target_include_directories(ecdaa_member PUBLIC target_link_libraries(ecdaa_member /usr/lib/x86_64-linux-gnu/libecdaa.so) target_link_libraries(ecdaa_member /usr/lib/x86_64-linux-gnu/libecdaa-tpm.so) -add_executable(ecdaa_member_tpm member-tpm.c common.h common.c client.h client.c server.h server.c member-tpm-key.h member-tpm-key.c) +add_executable(ecdaa_member_tpm member-tpm.c common.h common.c client.h client.c server.h server.c member-tpm-key.h member-tpm-key.c tpm_utils.h) target_include_directories(ecdaa_member_tpm PUBLIC ${ECDAA_AMCL} ) diff --git a/issuer.c b/issuer.c index dc98229..eaccf04 100644 --- a/issuer.c +++ b/issuer.c @@ -71,18 +71,18 @@ int process_issuer(char *buffer) { switch (issuer.state) { case READY: case JOINSTART: - printf("Generate new issuer identity.\n"); + printf("process_issuer: Generate new issuer identity.\n"); if (0 == issuer_setup(buffer)) { issuer.state = READY; bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "OK\n", 3); } else { printf("Error: Issuer setup failed.\n"); - return 2; + ret = 2; } break; default: - printf("Reset not possible.\n"); + printf("process_issuer: Reset not possible.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); break; @@ -95,7 +95,7 @@ int process_issuer(char *buffer) { } break; default: - printf("Issuer not ready for join.\n"); + printf("process_issuer: Issuer not ready for join.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); break; @@ -104,11 +104,12 @@ int process_issuer(char *buffer) { switch (issuer.state) { case JOINSTART: if(0 == issuer_joinproceed(buffer)) { - issuer.state = READY; + printf("process_issuer: Successfully added new member.\n"); } + issuer.state = READY; break; default: - printf("Issuer not ready for append.\n"); + printf("process_issuer: Issuer not ready for append.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); break; @@ -120,7 +121,7 @@ int process_issuer(char *buffer) { issuer_publish(buffer); break; default: - printf("There are no keys to publish.\n"); + printf("process_issuer: There are no keys to publish.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); break; diff --git a/member-tpm.c b/member-tpm.c index 611a360..4f1e2e6 100644 --- a/member-tpm.c +++ b/member-tpm.c @@ -20,23 +20,12 @@ typedef struct member { size_t bsn_len; } member_t; -typedef struct tpm_context { - struct ecdaa_tpm_context tpm_ctx; - uint8_t pk_in[ECP_FP256BN_LENGTH]; - unsigned char tcti_buffer[256]; - TSS2_TCTI_CONTEXT *tcti_context; -} tpm_context_t; - member_t member; uint8_t msg[MAX_MSGSIZE]; size_t msg_len; uint8_t chksum[MAX_CHKSUMSIZE]; size_t chksum_len; -static int tpm_initialize(struct tpm_context *ctx, const char *pub_key_filename, const char *handle_filename); -static void tpm_cleanup(struct tpm_context *ctx); -static int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, const char *tpm_key_file, const char *tpm_handle_file); - int member_join(char *buffer); int member_signmsg(char *buffer); @@ -52,8 +41,8 @@ int main(int argc, char *argv[]) { char *remote_ip; int ret = 0; - //strncpy(member.bsn, "mybasename", 10); - //member.bsn_len = strlen(member.bsn); + strncpy(member.bsn, "mybasename", 10); + member.bsn_len = strlen(member.bsn); switch(argc) { case 2: if(0 == strncasecmp("--createkey", argv[1], 11) || 0 == strncasecmp("-c", argv[1], 2)) { @@ -115,57 +104,6 @@ int main(int argc, char *argv[]) { return 0; } -static int tpm_initialize(struct tpm_context *ctx, const char *pub_key_filename, const char *handle_filename) -{ - const char *device_conf = "/dev/tpm0"; - - memset(ctx->tcti_buffer, 0, sizeof(ctx->tcti_buffer)); - int ret = 0; - - TPM2_HANDLE key_handle = 0; - - if (0 != read_public_key_from_files(ctx->pk_in, &key_handle, pub_key_filename, handle_filename)) { - printf("Error reading public key files '%s' and '%s'.\n",pub_key_filename, handle_filename); - return -1; - } - TSS2_TCTI_CONTEXT *tcti_ctx = (TSS2_TCTI_CONTEXT*)ctx->tcti_buffer; - - size_t size; - ret = Tss2_Tcti_Device_Init(NULL, &size, device_conf); - if (TSS2_RC_SUCCESS != ret) { - printf("Error: Failed to get allocation size for tcti context.\n"); - return -1; - } - if (size > sizeof(ctx->tcti_buffer)) { - printf("Error: device TCTI context size larger than pre-allocated buffer.\n"); - return -1; - } - ret = Tss2_Tcti_Device_Init(ctx->tcti_context, &size, device_conf); - if (TSS2_RC_SUCCESS != ret) { - printf("Error: Unable to initialize device TCTI context.\n"); - return -1; - } - - //initialize ecdaa tpm context - ret = ecdaa_tpm_context_init(&ctx->tpm_ctx, key_handle, NULL, 0, ctx->tcti_context); - if ( 0 != ret) { - printf("Error: ECDAA context failed: ret = 0x%x\n", ret); - return -1; - } -#ifdef DEBUG - printf("ECDAA context initialized.\n"); -#endif - return 0; -} - -static void tpm_cleanup(struct tpm_context *ctx) { - ecdaa_tpm_context_free(&ctx->tpm_ctx); - - if (NULL != ctx->tcti_context) { - Tss2_Tcti_Finalize(ctx->tcti_context); - } -} - int member_join(char *buffer) { int ret = 0; @@ -264,7 +202,7 @@ int member_signmsg(char *buffer) { bytes = ecdaa_encode(chksum, current, MAX_CHKSUMSIZE); current = ¤t[bytes]; if(has_nym) { - if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.cred, ecdaa_rand, &ctx.tpm_ctx)) { + if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.cred, ecdaa_rand, &(ctx.tpm_ctx))) { printf("member_signmsg: Signing message failed.\n"); } current[0] = '1'; @@ -272,7 +210,7 @@ int member_signmsg(char *buffer) { strncpy(current, (char *)member.bsn, MAX_BSNSIZE); current = ¤t[MAX_BSNSIZE]; } else { - if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.cred, ecdaa_rand, &ctx.tpm_ctx)) { + if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.cred, ecdaa_rand, &(ctx.tpm_ctx))) { printf("member_signmsg: Signing message failed.\n"); } current[0] = '0'; @@ -310,7 +248,7 @@ int member_joinappend(char *buffer) { strncpy(buffer, "ABORT\n", 6); return -1; } - if (0 != (ret = ecdaa_member_key_pair_TPM_FP256BN_generate(&member.mpk, ctx.pk_in, member.nonce, NONCE_SIZE, &ctx.tpm_ctx))) { + if (0 != (ret = ecdaa_member_key_pair_TPM_FP256BN_generate(&member.mpk, ctx.serialized_public_key, member.nonce, NONCE_SIZE, &(ctx.tpm_ctx)))) { fprintf(stderr, "Error generating member key-pair: ret = %d\n", ret); strncpy(buffer, "ABORT\n", 6); return -1; @@ -359,47 +297,3 @@ int member_joinfinish(char *buffer) { return ret; } -static int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, const char *pub_key_filename, const char *handle_filename) -{ - int ret = 0; - - FILE *pub_key_file_ptr = fopen(pub_key_filename, "r"); - if (NULL == pub_key_file_ptr) { - printf("read_public_key: Failed to open tpm public key.\n"); - return -1; - } - do { - for (unsigned i=0; i < ECP_FP256BN_LENGTH; i++) { - unsigned byt; - if (ret = fscanf(pub_key_file_ptr, "%02X", &byt) != 1) { - ret = -1; - break; - } - public_key[i] = (uint8_t)byt; - } - } while(0); - (void)fclose(pub_key_file_ptr); - - FILE *handle_file_ptr = fopen(handle_filename, "r"); - if (NULL == handle_file_ptr) { - printf("read_public_key: Error opening handle.\n"); - return -1; - } - - do { - for (int i=(sizeof(TPM2_HANDLE)-1); i >= 0; i--) { - unsigned byt; - if (fscanf(handle_file_ptr, "%02X", &byt) != 1) { - ret = -1; - break; - } - *key_handle += byt<<(i*8); - } - if (0 != ret) - break; - } while(0); - (void)fclose(handle_file_ptr); - - return ret; -} - diff --git a/member-tpm.h b/member-tpm.h index 16d64a8..f4db9b6 100644 --- a/member-tpm.h +++ b/member-tpm.h @@ -9,8 +9,8 @@ #include "client.h" #include "common.h" #include "member-tpm-key.h" +#include "tpm_utils.h" -#define ECP_FP256BN_LENGTH 65 int process_member(char *buffer); #endif //ECDAA_MEMBER_TPM_H diff --git a/tpm_utils.h b/tpm_utils.h new file mode 100644 index 0000000..7c174eb --- /dev/null +++ b/tpm_utils.h @@ -0,0 +1,118 @@ +#include +#include +#include +#include +#include + +#define ECP_FP256BN_LENGTH 65 + +const char *pub_key_filename = "pub_key.txt"; +const char *handle_filename = "handle.txt"; + +struct tpm_context { + struct ecdaa_tpm_context tpm_ctx; + uint8_t serialized_public_key[ECP_FP256BN_LENGTH]; + ECP_FP256BN public_key; + unsigned char tcti_buffer[256]; + TSS2_TCTI_CONTEXT *tcti_context; +}; + +static void tpm_cleanup(struct tpm_context *ctx); +static int tpm_initialize(struct tpm_context *ctx, const char *pub_key_filename, const char *handle_filename); + +int read_public_key_from_files(uint8_t *public_key, + TPM2_HANDLE *key_handle, + const char *pub_key_filename, + const char *handle_filename) +{ + int ret = 0; + + FILE *pub_key_file_ptr = fopen(pub_key_filename, "r"); + printf("Reading: %s\n",pub_key_filename); + if (NULL == pub_key_file_ptr) + return -1; + do { + for (unsigned i=0; i < ECP_FP256BN_LENGTH; i++) { + unsigned byt; + if (fscanf(pub_key_file_ptr, "%02X", &byt) != 1) { + ret = -1; + printf("i=%d, fscanf did not read a byte\n",i); + break; + } + public_key[i] = (uint8_t)byt; + } + } while(0); + (void)fclose(pub_key_file_ptr); + if (0 != ret) + return -1; + + FILE *handle_file_ptr = fopen(handle_filename, "r"); + printf("Reading: %s\n",handle_filename); + if (NULL == handle_file_ptr) + return -1; + do { + for (int i=(sizeof(TPM2_HANDLE)-1); i >= 0; i--) { + unsigned byt; + if (fscanf(handle_file_ptr, "%02X", &byt) != 1) { + ret = -1; + break; + } + *key_handle += byt<<(i*8); + } + if (0 != ret) + break; + } while(0); + (void)fclose(handle_file_ptr); + + return ret; +} + +static int tpm_initialize(struct tpm_context *ctx, const char *pub_key_filename, const char *handle_filename) +{ + const char *device_conf = "/dev/tpm0"; + + memset(ctx->tcti_buffer, 0, sizeof(ctx->tcti_buffer)); + + int ret = 0; + + TPM2_HANDLE key_handle = 0; + + if (0 != read_public_key_from_files(ctx->serialized_public_key, &key_handle, pub_key_filename, handle_filename)) { + printf("Error: error reading in public key files '%s' and '%s'\n", pub_key_filename, handle_filename); + return -1; + } + + ctx->tcti_context = (TSS2_TCTI_CONTEXT*)ctx->tcti_buffer; + size_t size; + ret = Tss2_Tcti_Device_Init(NULL, &size, device_conf); + if (TSS2_RC_SUCCESS != ret) { + printf("Failed to get allocation size for tcti context\n"); + return -1; + } + if (size > sizeof(ctx->tcti_buffer)) { + printf("Error: device TCTI context size larger than pre-allocated buffer\n"); + return -1; + } + ret = Tss2_Tcti_Device_Init(ctx->tcti_context, &size, device_conf); + if (TSS2_RC_SUCCESS != ret) { + printf("Error: Unable to initialize device TCTI context\n"); + return -1; + } + + ret = ecdaa_tpm_context_init(&ctx->tpm_ctx, key_handle, NULL, 0, ctx->tcti_context); + if (0 != ret) { + printf("Error: ecdaa_tpm_context_init failed: 0x%x\n", ret); + return -1; + } + + return 0; +} + +static void tpm_cleanup(struct tpm_context *ctx) +{ + ecdaa_tpm_context_free(&ctx->tpm_ctx); + + if (NULL != ctx->tcti_context) { + Tss2_Tcti_Finalize(ctx->tcti_context); + } +} diff --git a/verifier.c b/verifier.c index 5f1af7c..461be53 100644 --- a/verifier.c +++ b/verifier.c @@ -80,15 +80,14 @@ int process_verifier(char *buffer) { ret = verifier_verifymsg(&buffer[10]); bzero(buffer, MAX_BUFSIZE); if (-1 == ret) { - printf("process_verifier: member public key is malformed!\n"); - strncpy(buffer, "ERR\n", 4); + printf("process_verifier: Member public key is malformed!\n"); } else if (-2 == ret) { - printf("process_verifier: signature of member public key is invalid.\n"); - strncpy(buffer, "ERR\n", 4); + printf("process_verifier: Signature of member public key is invalid.\n"); } else { - strncpy(buffer, "OK\n", 3); + printf("process_verifier: Received message with valid DAA signature.\n"); } - ret = 0; + printf("closing client session.\n"); + ret = 1; } else if (0 == strncasecmp("EXIT", buffer, 4)) { printf("closing client session.\n"); bzero(buffer, MAX_BUFSIZE);