From c77992f397bd4db7d6da72f6a3b063b4842e883a Mon Sep 17 00:00:00 2001 From: Michael Preisach Date: Tue, 8 Sep 2020 23:19:27 +0200 Subject: [PATCH] issuer saves key in file; verifier can receive message directly --- common.h | 4 +- issuer.c | 120 ++++++++++++++++++++++++----------------------------- issuer.h | 2 + tags | 8 ++-- verifier.c | 28 +++++++++---- 5 files changed, 83 insertions(+), 79 deletions(-) diff --git a/common.h b/common.h index ab4407a..d1cc75d 100644 --- a/common.h +++ b/common.h @@ -19,8 +19,8 @@ #define MAX_CLIENTS 10 #define MAX_BUFSIZE 2048 -#define MAX_MSGSIZE (MAX_BUFSIZE / 8) -#define MAX_BSNSIZE (MAX_BUFSIZE / 16) +#define MAX_MSGSIZE ((MAX_BUFSIZE - 1536) / 2) +#define MAX_BSNSIZE 128 #define NONCE_SIZE 384 typedef int (*conn_handler)(char *buffer); diff --git a/issuer.c b/issuer.c index 94002d5..2495013 100644 --- a/issuer.c +++ b/issuer.c @@ -19,7 +19,8 @@ typedef struct issuer { issuer_t issuer; -int issuer_setup(char *buffer); +int issuer_setup(); +int issuer_reset(char *buffer); int issuer_joinstart(char *buffer); int issuer_joinproceed(char *buffer); int issuer_publish(char *buffer); @@ -28,68 +29,21 @@ int main() { if (2 != server_start(&process_issuer, ISSUERPORT)) { printf("server failed\n"); } -/* - uint8_t buffer[1024], result[1024]; - uint8_t *current = buffer; - char send[1024]; - bzero(buffer, 1024); - bzero(result, 1024); - bzero(send,1024); - - buffer[0] = 0x01; - buffer[1] = 0x02; - buffer[2] = 0x04; - buffer[3] = 0x08; - buffer[4] = 0x10; - buffer[5] = 0x20; - buffer[6] = 0x40; - buffer[7] = 0x80; - buffer[8] = 0x11; - buffer[9] = 0x22; - buffer[10] = 0x44; - buffer[11] = 0x88; - buffer[12] = 0x11; - buffer[13] = 0x21; - buffer[14] = 0x41; - buffer[15] = 0x81; - - ecdaa_bintohex(buffer, 16, send); - for(int i = 0; i < 32; i++) { - printf("%c", send[i]); - } - ecdaa_hextobin(send, result, 16); - - for(int i = 0; i < 1024; i++) { - if(buffer[i] != result[i]) { - printf("buffer[%i] = %X, result[%i] = %X\n", i, buffer[i], i, result[i]); - } - } - - struct ecdaa_issuer_public_key_FP256BN key; - - ecdaa_issuer_key_pair_FP256BN_generate(&issuer.ipk, &issuer.isk, ecdaa_rand); - ecdaa_issuer_public_key_FP256BN_serialize(buffer, &issuer.ipk); - int ret = ecdaa_issuer_public_key_FP256BN_deserialize(&key, buffer); - printf("ret = %i\n",ret); - ecdaa_bintohex(current, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH, send); - printf("%s\n", send); - - ecdaa_hextobin(send, result, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); - ret = ecdaa_issuer_public_key_FP256BN_deserialize(&key, result); - printf("ret = %i\n",ret); - - for(int i = 0; i < 1024; i++) { - if(buffer[i] != result[i]) { - printf("buffer[%i] = %X, result[%i] = %X\n", i, buffer[i], i, result[i]); - } - } -*/ return 0; } int process_issuer(char *buffer) { int ret = 0; - + + if(ON == issuer.state) { + if( (0 == issuer_setup()) { + issuer.state = READY; + } else { + printf("issuer setup failed\n"); + return 2; + } + } + printf("> ISSUER: %s\n", buffer); if (0 == strncasecmp("OK", buffer, 2)) { @@ -113,11 +67,18 @@ int process_issuer(char *buffer) { strncpy(buffer, "ERR\n", 4); break; } - } else if (0 == strncasecmp("SETUP", buffer, 5)) { + } else if (0 == strncasecmp("RESET", buffer, 4)) { switch (issuer.state) { - case ON: - if(0 == issuer_setup(buffer)) { + case READY: + printf("generate new issuer identity\n"); + if( (0 == issuer_setup(buffer)) { issuer.state = READY; + } else { + printf("issuer setup failed\n"); + return 2; + } + if(0 == issuer_joinstart(buffer)) { + issuer.state = JOINSTART; } break; default: @@ -234,15 +195,44 @@ int issuer_joinproceed(char *buffer) { return 0; } -// "SETUP > SETUPDONE" -int issuer_setup(char *buffer) { +// "RESET > RESETDONE" +int issuer_reset(char *buffer) { + printf("issuer_reset: generating new keys and save them to disk\n"); + if (0 != ecdaa_issuer_key_pair_FP256BN_generate(&issuer.ipk, &issuer.isk, ecdaa_rand)) { + printf("issuer_reset: Error generating issuer key-pair\n"); + strncpy(buffer, "ERR\n", 4); + return -1; + } + if(0 != ecdaa_issuer_public_key_FP256BN_serialize_file(issuer_public_key_file, &ipk) || + 0 != ecdaa_issuer_secret_key_FP256BN_serialize_file(issuer_secret_key_file, &isk)) { + printf("issuer_reset: Error saving key-pair to disk\n"); + strncpy(buffer, "ERR\n", 4); + return -1; + } + bzero(buffer, MAX_BUFSIZE); + strncpy(buffer, "RESETDONE\n", 10); + return 0; +} + +//Load or generate issuer keypair initially +int issuer_setup() { printf("setup()\n"); + if (0 == ecdaa_issuer_public_key_FP256BN_deserialize_file(&issuer.ipk, issuer_public_key_file)) { + if (0 == ecdaa_issuer_secret_key_FP256BN_deserialize_file(&issuer.isk, issuer_secret_key_file) { + printf("issuer_setup: loaded keys from disk\n"); + return 0; + } + } + printf("issuer_setup: generating new keys and save them to disk\n"); if (0 != ecdaa_issuer_key_pair_FP256BN_generate(&issuer.ipk, &issuer.isk, ecdaa_rand)) { printf("issuer_setup: Error generating issuer key-pair\n"); return -1; } - bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "SETUPDONE\n", 10); + if(0 != ecdaa_issuer_public_key_FP256BN_serialize_file(issuer_public_key_file, &ipk) || + 0 != ecdaa_issuer_secret_key_FP256BN_serialize_file(issuer_secret_key_file, &isk)) { + printf("issuer_setup: Error saving key-pair to disk\n"); + return -1; + } return 0; } diff --git a/issuer.h b/issuer.h index 861f031..451ac4c 100644 --- a/issuer.h +++ b/issuer.h @@ -10,5 +10,7 @@ #include "common.h" int process_issuer(char *buffer); +const char* issuer_public_key_file = "ipk.bin" +const char* issuer_secret_key_file = "isk.bin" #endif //ECDAA_ISSUER_ISSUER_H diff --git a/tags b/tags index 11428cd..5673b01 100644 --- a/tags +++ b/tags @@ -26,6 +26,7 @@ ISSUERIP common.h /^#define ISSUERIP /;" d ISSUERPORT common.h /^#define ISSUERPORT /;" d ISSUERPUB member-tpm.c /^ ISSUERPUB,$/;" e enum:memberstate file: ISSUERPUB member.c /^ ISSUERPUB,$/;" e enum:memberstate file: +Installing README.md /^## Installing$/;" s Installing TPM support for TPM-backed member README.md /^### Installing TPM support for TPM-backed member$/;" S Installing xaptum/ecdaa README.md /^### Installing xaptum\/ecdaa$/;" S JOIN member-tpm.c /^ JOIN,$/;" e enum:memberstate file: @@ -48,9 +49,12 @@ ON member-tpm.c /^ ON,$/;" e enum:memberstate file: ON member.c /^ ON,$/;" e enum:memberstate file: ON verifier.c /^ ON,$/;" e enum:verifierstate file: Prerequisities README.md /^## Prerequisities$/;" s +Protocol README.md /^### Protocol$/;" S RCVPUBLIC member-tpm.c /^ RCVPUBLIC,$/;" e enum:memberstate file: RCVPUBLIC member.c /^ RCVPUBLIC,$/;" e enum:memberstate file: READY issuer.c /^ READY$/;" e enum:issuer_state file: +Setting IP addresses in common.h README.md /^### Setting IP addresses in common.h$/;" S +Usage README.md /^## Usage$/;" s VERIFIERIP common.h /^#define VERIFIERIP /;" d VERIFIERPORT common.h /^#define VERIFIERPORT /;" d bin2hex common.c /^char bin2hex(uint8_t byte) {$/;" f typeref:typename:char @@ -84,10 +88,6 @@ ipk verifier.c /^ struct ecdaa_issuer_public_key_FP256BN ipk;$/;" m struct:ve isk issuer.c /^ struct ecdaa_issuer_secret_key_FP256BN isk;$/;" m struct:issuer typeref:struct:ecdaa_issuer_secret_key_FP256BN file: issuer issuer.c /^issuer_t issuer;$/;" v typeref:typename:issuer_t issuer issuer.c /^typedef struct issuer {$/;" s file: -issuer_joinproceed issuer.c /^int issuer_joinproceed(char *buffer) {$/;" f typeref:typename:int -issuer_joinstart issuer.c /^int issuer_joinstart(char *buffer) {$/;" f typeref:typename:int -issuer_publish issuer.c /^int issuer_publish(char *buffer) {$/;" f typeref:typename:int -issuer_setup issuer.c /^int issuer_setup(char *buffer) {$/;" f typeref:typename:int issuer_state issuer.c /^typedef enum issuer_state {$/;" g file: issuer_t issuer.c /^} issuer_t;$/;" t typeref:struct:issuer file: issuerstate_e issuer.c /^} issuerstate_e;$/;" t typeref:enum:issuer_state file: diff --git a/verifier.c b/verifier.c index 47451d3..916870b 100644 --- a/verifier.c +++ b/verifier.c @@ -37,21 +37,32 @@ int main() { int process_verifier(char *buffer) { int ret = 0; + char remote_ip[16]; printf("> VERIFIER: %s\n", buffer); - if (0 == strncasecmp("VERIFY", buffer, 6)) { + if (0 == strncasecmp("VERIFYMSG", buffer, 9)) { switch (verifier.state) { case GOTISSUER: + ret = verifier_checkattest(buffer[10]); bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "OK\n", 3); + if (-1 == ret) { + printf("verifier_attestmember: member public key is malformed!\n"); + strncpy(buffer, "ERR\n", 4); + } else if (-2 == ret) { + printf("verifier_attestmember: signature of member public key is invalid\n"); + strncpy(buffer, "ERR\n", 4); + } else { + strncpy(buffer, "OK\n", 3); + } break; default: bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); } - } else if (0 == strncasecmp("ATTEST", buffer, 4)) { - ret = client_connect(&verifier_attestmember, MEMBERIP, MEMBERPORT); + } else if (0 == strncasecmp("ATTEST", buffer, 6)) { + strncpy(remote_ip, buffer[7], 15); + ret = client_connect(&verifier_attestmember, remote_ip, MEMBERPORT); if (0 >= ret) { printf("process_verifier: member verification failed\n"); bzero(buffer, MAX_BUFSIZE); @@ -66,7 +77,8 @@ int process_verifier(char *buffer) { verifier_checklink(buffer); } else if (0 == strncasecmp("GETPUBLIC", buffer, 9)) { verifier.state = ON; - ret = client_connect(&verifier_getissuer, ISSUERIP, ISSUERPORT); + strncpy(remote_ip, buffer[10], 15); + ret = client_connect(&verifier_getissuer, remote_ip, ISSUERPORT); if (0 >= ret || GOTISSUER != verifier.state) { printf("process_verifier: issuer connection failed\n"); bzero(buffer, MAX_BUFSIZE); @@ -96,6 +108,7 @@ int process_verifier(char *buffer) { return ret; } +//"GETPUBLIC " > "OK" int verifier_getissuer(char *buffer) { int ret = 0; @@ -138,7 +151,6 @@ int verifier_getissuer(char *buffer) { } -//"ATTEST" > "OK" int verifier_attestmember(char *buffer) { int ret = 0; @@ -151,7 +163,7 @@ int verifier_attestmember(char *buffer) { case ASKATTEST: if (0 == strncasecmp("ATTEST", buffer, 6)) { printf("MEMBER > VERIFIER: %s", buffer); - ret = verifier_checkattest(buffer); + ret = verifier_checkattest(buffer[7]); if (-1 == ret) { printf("verifier_attestmember: member public key is malformed!\n"); ret = -1; @@ -179,7 +191,7 @@ int verifier_attestmember(char *buffer) { //"ATTEST 0" or //"ATTEST 1" int verifier_checkattest(char *buffer) { - char *current = &buffer[7]; //"ATTEST " + char *current = &buffer; char msg[MAX_MSGSIZE]; strncpy(msg, current, MAX_MSGSIZE);