From c849b4544b6a1d92d3127ff74aa7c79fd0deb992 Mon Sep 17 00:00:00 2001 From: Michael Preisach Date: Mon, 13 Sep 2021 09:49:01 +0200 Subject: [PATCH] added debug flag, improved error messages --- common.h | 4 ++- issuer.c | 54 +++++++++++++++++++---------------- member-tpm.c | 81 +++++++++++++++++++++++++++++----------------------- member.c | 51 ++++++++++++++++++++------------- verifier.c | 42 +++++++++++++++------------ 5 files changed, 134 insertions(+), 98 deletions(-) diff --git a/common.h b/common.h index f6584a2..818ad59 100644 --- a/common.h +++ b/common.h @@ -7,6 +7,8 @@ #include #include +#define DEBUG //enable on screen debug information + #define ISSUERPORT 6590 #define MEMBERPORT 6591 #define VERIFIERPORT 6592 @@ -28,7 +30,7 @@ const char* member_secret_key_file = "msk.bin"; //for TPM less members o const char* member_public_key_file = "mpk.bin"; const char* member_credential_file = "mcred.bin"; const char* member_nonce_file = "mnonce.bin"; -const char* verifier_ipk_file = "ipk.bin"; +const char* verifier_group_pk_file = "gpk.bin"; const char* message_file = "msg.txt"; //Checksum of message in chksum.txt const char* checksum_file = "chksum.txt"; //Only this file is signed due to 1024 bytes size limit diff --git a/issuer.c b/issuer.c index 7d4f07d..2883d1c 100644 --- a/issuer.c +++ b/issuer.c @@ -30,13 +30,13 @@ int main() { if (0 == issuer_setup()) { issuer.state = READY; } else { - printf("issuer setup failed\n"); + printf("Error: Issuer setup failed.\n"); return 1; } } if (2 != server_start(&process_issuer, ISSUERPORT)) { - printf("server failed\n"); + printf("Error: Server failed.\n"); } return 0; } @@ -44,22 +44,24 @@ int main() { int process_issuer(char *buffer) { int ret = 0; +#ifdef DEBUG printf("> ISSUER: %s\n", buffer); +#endif if (0 == strncasecmp("OK", buffer, 2)) { - printf("nothing to confirm\n"); + printf("Nothing to confirm.\n"); } else if (0 == strncasecmp("ERR", buffer, 3)) { - printf("ignoring command\n"); + printf("Ignoring command.\n"); } else if (0 == strncasecmp("ABORT", buffer, 5)) { switch (issuer.state) { case JOINSTART: - printf("aborting join\n"); + printf("Aborting join.\n"); issuer.state = READY; bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "OK\n", 3); break; default: - printf("nothing to abort\n"); + printf("Nothing to abort.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); break; @@ -68,18 +70,18 @@ int process_issuer(char *buffer) { switch (issuer.state) { case READY: case JOINSTART: - printf("generate new issuer identity\n"); + printf("Generate new issuer identity.\n"); if (0 == issuer_setup(buffer)) { issuer.state = READY; bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "OK\n", 3); } else { - printf("issuer setup failed\n"); + printf("Error: Issuer setup failed.\n"); return 2; } break; default: - printf("Reset not possible\n"); + printf("Reset not possible.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); break; @@ -92,7 +94,7 @@ int process_issuer(char *buffer) { } break; default: - printf("Issuer not ready for join\n"); + printf("Issuer not ready for join.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); break; @@ -105,7 +107,7 @@ int process_issuer(char *buffer) { } break; default: - printf("Issuer not ready for append\n"); + printf("Issuer not ready for append.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); break; @@ -117,27 +119,29 @@ int process_issuer(char *buffer) { issuer_publish(buffer); break; default: - printf("There are no keys to publish\n"); + printf("There are no keys to publish.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); break; } } else if (0 == strncasecmp("EXIT", buffer, 4)) { - printf("closing client session\n"); + printf("Closing client session.\n"); bzero(buffer, MAX_BUFSIZE); ret = 1; } else if (0 == strncasecmp("SHUTDOWN", buffer, 8)) { bzero(buffer, MAX_BUFSIZE); ret = 2; } else { - printf("unknown command\n"); + printf("Unknown command.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); ret = 0; } if(0 == ret) { +#ifdef DEBUG printf("< ISSUER: %s\n", buffer); +#endif } return ret; } @@ -169,17 +173,17 @@ int issuer_joinproceed(char *buffer) { ret = ecdaa_member_public_key_FP256BN_deserialize(&issuer.mpk, binbuf, issuer.nonce, NONCE_SIZE); if(-1 == ret) { strncpy(buffer, "ERR\n", 4); - printf("issuer_joinproceed: member public key is malformed!\n"); + printf("issuer_joinproceed: Member public key is malformed!\n"); return -1; } else if (-2 == ret) { strncpy(buffer, "ERR\n", 4); - printf("issuer_joinproceed: signature of member public key is invalid\n"); + printf("issuer_joinproceed: Signature of member public key is invalid.\n"); return -1; } if (0 != ecdaa_credential_FP256BN_generate(&issuer.cred, &issuer.cred_sig, &issuer.isk, &issuer.mpk, ecdaa_rand)) { strncpy(buffer, "ERR\n", 4); - printf("issuer_joinproceed: error generating credential\n"); + printf("issuer_joinproceed: Error generating credential.\n"); return -1; } bzero(buffer, MAX_BUFSIZE); @@ -201,15 +205,15 @@ int issuer_joinproceed(char *buffer) { // "RESET > RESETDONE" int issuer_reset(char *buffer) { - printf("issuer_reset: generating new keys and save them to disk\n"); + printf("issuer_reset: Generating new keys and save them to disk.\n"); if (0 != ecdaa_issuer_key_pair_FP256BN_generate(&issuer.ipk, &issuer.isk, ecdaa_rand)) { - printf("issuer_reset: Error generating issuer key-pair\n"); + printf("issuer_reset: Error generating issuer key-pair.\n"); strncpy(buffer, "ERR\n", 4); return -1; } if(0 != ecdaa_issuer_public_key_FP256BN_serialize_file(issuer_public_key_file, &issuer.ipk) || 0 != ecdaa_issuer_secret_key_FP256BN_serialize_file(issuer_secret_key_file, &issuer.isk)) { - printf("issuer_reset: Error saving key-pair to disk\n"); + printf("issuer_reset: Error saving key-pair to disk.\n"); strncpy(buffer, "ERR\n", 4); return -1; } @@ -220,21 +224,23 @@ int issuer_reset(char *buffer) { //Load or generate issuer keypair initially int issuer_setup() { +#ifdef DEBUG printf("setup()\n"); +#endif if (0 == ecdaa_issuer_public_key_FP256BN_deserialize_file(&issuer.ipk, issuer_public_key_file)) { if (0 == ecdaa_issuer_secret_key_FP256BN_deserialize_file(&issuer.isk, issuer_secret_key_file)) { - printf("issuer_setup: loaded keys from disk\n"); + printf("issuer_setup: Loaded keys from disk.\n"); return 0; } } - printf("issuer_setup: generating new keys and save them to disk\n"); + printf("issuer_setup: Generating new keys and save them to disk.\n"); if (0 != ecdaa_issuer_key_pair_FP256BN_generate(&issuer.ipk, &issuer.isk, ecdaa_rand)) { - printf("issuer_setup: Error generating issuer key-pair\n"); + printf("issuer_setup: Error generating issuer key-pair.\n"); return -1; } if(0 != ecdaa_issuer_public_key_FP256BN_serialize_file(issuer_public_key_file, &issuer.ipk) || 0 != ecdaa_issuer_secret_key_FP256BN_serialize_file(issuer_secret_key_file, &issuer.isk)) { - printf("issuer_setup: Error saving key-pair to disk\n"); + printf("issuer_setup: Error saving key-pair to disk.\n"); return -1; } return 0; diff --git a/member-tpm.c b/member-tpm.c index 7fbe224..fa217d2 100644 --- a/member-tpm.c +++ b/member-tpm.c @@ -59,15 +59,15 @@ int main(int argc, char *argv[]) { if (0 != read_public_key_from_files(member.pk_in, &sk_handle, member_tpm_key_file, member_tpm_handle_file)) { printf("Could not load TPM key with '%s' and '%s', trying to create a new key...\n", member_tpm_key_file, member_tpm_handle_file); if (0 != create_key(member_tpm_key_file, member_tpm_handle_file) || 0 != read_public_key_from_files(member.pk_in, &sk_handle, member_tpm_key_file, member_tpm_handle_file)) { - printf("Error: Creating or Loading TPM key with '%s' and '%s' failed. Exiting\n", member_tpm_key_file, member_tpm_handle_file); + printf("Error: Creating or Loading TPM key with '%s' and '%s' failed.\n", member_tpm_key_file, member_tpm_handle_file); return 1; } } if (0 != init_tpm()) { - printf("Error: Failed to initialize TPM. Exiting\n"); + printf("Error: Failed to initialize TPM.\n"); return 1; } - printf("Initialized TPM with pubkey and handle\n"); + printf("Initialized TPM with pubkey and handle.\n"); member.state = ON; remote_ip = argv[2]; ret = client_connect(&member_join, remote_ip, ISSUERPORT); @@ -75,32 +75,32 @@ int main(int argc, char *argv[]) { printf("Join process failed!\n"); return 1; } - printf("Join process was successful\n"); + printf("Join process was successful.\n"); } else if (0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { if (0 != read_public_key_from_files(member.pk_in, &sk_handle, member_tpm_key_file, member_tpm_handle_file)) { printf("Error: reading in public key files '%s' and '%s' failed\n", member_tpm_key_file, member_tpm_handle_file); return 1; } if (0 != init_tpm()) { - printf("Error: Failed to initialize TPM. Exiting\n"); + printf("Error: Failed to initialize TPM.\n"); return 1; } - printf("Initialized TPM with pubkey and handle\n"); - msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, MSGFILE); + printf("Initialized TPM with pubkey and handle.\n"); + msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, message_file); if (msg_len < 0) { - printf("Could not open message file %s\n", MSGFILE); + printf("Could not open message file %s.\n", message_file); return 1; } - chksum_len = ecdaa_read_from_file(chksum, MAX_CHKSUMSIZE, CHKSUMFILE); + chksum_len = ecdaa_read_from_file(chksum, MAX_CHKSUMSIZE, checksum_file); if (chksum_len < 0) { - printf("Could not open checksum file %s\n", CHKSUMFILE); + printf("Could not open checksum file %s.\n", checksum_file); return 1; } - printf("Loaded message and checksum\n"); + printf("Loaded message and checksum.\n"); if (0 > ecdaa_read_from_file(member.nonce, NONCE_SIZE, member_nonce_file) || 0 != ecdaa_member_public_key_FP256BN_deserialize_file(&member.mpk, member_public_key_file, member.nonce, NONCE_SIZE) || 0 != ecdaa_credential_FP256BN_deserialize_file(&member.cred, member_credential_file)) { - printf("Could not import key files. importing from either %s, %s or %s was not successful\n", + printf("Could not import key files. Importing from either %s, %s or %s was not successful.\n", member_nonce_file, member_public_key_file, member_credential_file); return 1; } @@ -108,17 +108,17 @@ int main(int argc, char *argv[]) { remote_ip = argv[2]; ret = client_connect(&member_verifymsg, remote_ip, VERIFIERPORT); if (2 != ret) { - printf("message transmission to verifier failed\n"); + printf("Error: Message transmission to verifier failed.\n"); } } else { - printf("arguments invalid"); + printf("Error: Arguments invalid.\n"); } break; default: printf("Usage: \n Join an issuer's group: %s --join \n", argv[0]); printf("Send a signed message to the verifier: %s --send \n", argv[0]); printf("Before sending a DAA-signed message, the member must join a DAA group\n"); - printf("%s must not exceed %d Bytes, %s must be smaller than %d Bytes\n", MSGFILE, MAX_MSGSIZE, CHKSUMFILE, MAX_CHKSUMSIZE); + printf("%s must not exceed %d Bytes, %s must be smaller than %d Bytes\n", message_file, MAX_MSGSIZE, checksum_file, MAX_CHKSUMSIZE); break; } return 0; @@ -139,25 +139,27 @@ int init_tpm() size_t size; init_ret = Tss2_Tcti_Device_Init(NULL, &size, device_conf); if (TSS2_RC_SUCCESS != init_ret) { - printf("Failed to get allocation size for tcti context\n"); + printf("Error: Failed to get allocation size for tcti context.\n"); return -1; } if (size > sizeof(member.tcti_buffer)) { - printf("Error: device TCTI context size larger than pre-allocated buffer\n"); + printf("Error: device TCTI context size larger than pre-allocated buffer.\n"); return -1; } init_ret = Tss2_Tcti_Device_Init(tcti_ctx, &size, device_conf); if (TSS2_RC_SUCCESS != init_ret) { - printf("Error: Unable to initialize device TCTI context\n"); + printf("Error: Unable to initialize device TCTI context.\n"); return -1; } //initialize ecdaa tpm context if(0 != ecdaa_tpm_context_init(&member.ctx, member.pk_handle, NULL, 0, tcti_ctx)) { - printf("\necdaa context failed\n"); + printf("Error: ECDAA context failed.\n"); return -1; } - printf("\necdaa context initialized\n"); +#ifdef DEBUG + printf("ECDAA context initialized.\n"); +#endif return 0; } @@ -177,7 +179,9 @@ int member_join(char *buffer) { break; case ISSUERPUB: if (0 == strncasecmp("PUBLISH", buffer, 7)) { +#ifdef DEBUG printf("ISSUER > MEMBER: %s\n", buffer); +#endif uint8_t binbuf[MAX_BUFSIZE]; char *current = &buffer[8]; ecdaa_decode(current, binbuf, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); @@ -186,7 +190,7 @@ int member_join(char *buffer) { printf("member_getpublic: issuer public key is malformed!\n"); ret = -1; } else if (-2 == ret) { - printf("member_getpublic: signature of issuer public key is invalid\n"); + printf("member_getpublic: signature of issuer public key is invalid.\n"); ret = -1; } else { bzero(buffer, MAX_BUFSIZE); @@ -195,29 +199,33 @@ int member_join(char *buffer) { ret = 0; } } else { - printf("member_getpublic: did not get public key from issuer\n"); + printf("member_getpublic: did not get public key from issuer.\n"); member.state = ON; ret = -1; } break; case APPEND: if (0 == strncasecmp("JOINSTART", buffer, 9)) { +#ifdef DEBUG printf("ISSUER > MEMBER: %s\n", buffer); +#endif member_joinappend(buffer); member.state = JOINPROCEED; } else { - printf("member_join: did not get nonce from issuer\n"); + printf("member_join: did not get nonce from issuer.\n"); member.state = RCVPUBLIC; ret = -1; } break; case JOINPROCEED: if (0 == strncasecmp("JOINPROCEED", buffer, 11)) { +#ifdef DEBUG printf("ISSUER > MEMBER: %s\n", buffer); +#endif ret = member_joinfinish(buffer); member.state = JOINED; } else { - printf("member_getpublic: did not get credentials from issuer\n"); + printf("member_getpublic: did not get credentials from issuer.\n"); member.state = RCVPUBLIC; ret = -1; } @@ -226,7 +234,9 @@ int member_join(char *buffer) { ret = -1; } if (0 == ret) { +#ifdef DEBUG printf("ISSUER < MEMBER: %s", buffer); +#endif } return ret; } @@ -244,7 +254,7 @@ int member_verifymsg(char *buffer) { if (0 == strncasecmp("OK", buffer, 2)) { return 1; } else if (0 == strncasecmp("ERR", buffer, 3)) { - printf("member_verifymsg: Verifier refused signature\n"); + printf("member_verifymsg: Verifier refused signature.\n"); return 1; } @@ -258,7 +268,7 @@ int member_verifymsg(char *buffer) { current = ¤t[bytes]; if(has_nym) { if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.cred, ecdaa_rand, &member.ctx)) { - printf("member_verifymsg: Signing message failed\n"); + printf("member_verifymsg: Signing message failed.\n"); } current[0] = '1'; current = ¤t[1]; @@ -266,7 +276,7 @@ int member_verifymsg(char *buffer) { current = ¤t[MAX_BSNSIZE]; } else { if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.cred, ecdaa_rand, &member.ctx)) { - printf("member_verifymsg: Signing message failed\n"); + printf("member_verifymsg: Signing message failed.\n"); } current[0] = '0'; current = ¤t[1]; @@ -275,12 +285,13 @@ int member_verifymsg(char *buffer) { bzero(binbuf, MAX_BUFSIZE); ecdaa_signature_FP256BN_serialize(binbuf, &sig, has_nym); bytes = ecdaa_encode(binbuf, current, sig_len); +#ifdef DEBUG printf("member_verifymsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); printf("member_verifymsg: msg: %s, len: %lu\n", msg, msg_len); printf("member_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len); printf("member_verifymsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); printf("member_verifymsg: sig: %s, len: %lu\n", current, sig_len); - +#endif current[bytes] = '\n'; return 2; //send to verifier before closing } @@ -326,13 +337,13 @@ int member_joinfinish(char *buffer) { printf("member_joinfinish: credential is malformed!\n"); ret = -1; } else if(-2 == ret) { - printf("member_joinfinish: siganture of credential is invalid\n"); + printf("member_joinfinish: siganture of credential is invalid.\n"); ret = -1; } - printf("member_joinfinish: writing public key and credential to disk\n"); + printf("member_joinfinish: writing public key and credential to disk.\n"); if(0 != ecdaa_member_public_key_FP256BN_serialize_file(member_public_key_file, &member.mpk) || 0 != ecdaa_credential_FP256BN_serialize_file(member_credential_file, &member.cred)) { - printf("issuer_setup: Error saving key-pair or credential to disk\n"); + printf("issuer_setup: Error saving key-pair or credential to disk.\n"); ret = -1; } else { ret = 1; @@ -347,7 +358,7 @@ int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, con FILE *pub_key_file_ptr = fopen(pub_key_filename, "r"); if (NULL == pub_key_file_ptr) { - printf("read_public_key: error opening public key\n"); + printf("read_public_key: error opening public key.\n"); return -1; } do { @@ -362,13 +373,13 @@ int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, con } while(0); (void)fclose(pub_key_file_ptr); if (0 != ret) { - printf("read_public_key: error reading public key file\n"); + printf("read_public_key: error reading public key file.\n"); return -1; } FILE *handle_file_ptr = fopen(handle_filename, "r"); if (NULL == handle_file_ptr) { - printf("read_public_key: error opening handle\n"); + printf("read_public_key: error opening handle.\n"); return -1; } @@ -387,7 +398,7 @@ int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, con (void)fclose(handle_file_ptr); if (0 != ret) { - printf("read_public_key: error closing public key\n"); + printf("read_public_key: error closing public key.\n"); return -1; } return ret; diff --git a/member.c b/member.c index a300f7e..107264b 100644 --- a/member.c +++ b/member.c @@ -50,27 +50,28 @@ int main(int argc, char **argv) { remote_ip = argv[2]; ret = client_connect(&member_join, remote_ip, ISSUERPORT); if (0 >= ret || JOINED != member.state) { - printf("Join process failed!\n"); + printf("Error: Join process failed!\n"); return 1; } else { - printf("Join process was successful\n"); + printf("Join process was successful.\n"); } } else if (0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { - msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, MSGFILE); + msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, message_file); if (msg_len < 0) { - printf("Could not open message file %s\n", MSGFILE); + printf("Error: Could not open message file %s.\n", message_file); return 1; } - chksum_len = ecdaa_read_from_file(chksum, MAX_CHKSUMSIZE, CHKSUMFILE); + chksum_len = ecdaa_read_from_file(chksum, MAX_CHKSUMSIZE, checksum_file); if (chksum_len < 0) { - printf("Could not open checksum file %s\n", CHKSUMFILE); + printf("Error: Could not open checksum file %s.\n", checksum_file); return 1; } + printf("Loaded message and checksum.\n"); if (0 > ecdaa_read_from_file(member.nonce, NONCE_SIZE, member_nonce_file) || 0 != ecdaa_member_secret_key_FP256BN_deserialize_file(&member.msk, member_secret_key_file) || 0 != ecdaa_member_public_key_FP256BN_deserialize_file(&member.mpk, member_public_key_file, member.nonce, NONCE_SIZE) || 0 != ecdaa_credential_FP256BN_deserialize_file(&member.cred, member_credential_file)) { - printf("Could not import key files. importing from either %s, %s, %s or %s was not successful\n", + printf("Could not import key files. Importing from either %s, %s, %s or %s was not successful.\n", member_nonce_file, member_secret_key_file, member_public_key_file, member_credential_file); return 1; } @@ -78,17 +79,17 @@ int main(int argc, char **argv) { remote_ip = argv[2]; ret = client_connect(&member_verifymsg, remote_ip, VERIFIERPORT); if (2 != ret) { - printf("message transmission to verifier failed\n"); + printf("Error: Message transmission to verifier failed.\n"); } } else { - printf("arguments invalid\n"); + printf("Error: Arguments invalid.\n"); } break; default: printf("Usage: \n Join an issuer's group: %s --join \n", argv[0]); printf("Send a signed message to the verifier: %s --send \n", argv[0]); printf("Before sending a DAA-signed message, the member must join a DAA group\n"); - printf("%s must not exceed %d Bytes, %s must be smaller than %d Bytes\n", MSGFILE, MAX_MSGSIZE, CHKSUMFILE, MAX_CHKSUMSIZE); + printf("%s must not exceed %d Bytes, %s must be smaller than %d Bytes\n", message_file, MAX_MSGSIZE, checksum_file, MAX_CHKSUMSIZE); break; } return 0; @@ -105,7 +106,9 @@ int member_join(char *buffer) { break; case ISSUERPUB: if (0 == strncasecmp("PUBLISH", buffer, 7)) { +#ifdef DEBUG printf("ISSUER > MEMBER: %s\n", buffer); +#endif uint8_t binbuf[MAX_BUFSIZE]; char *current = &buffer[8]; ecdaa_decode(current, binbuf, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); @@ -114,7 +117,7 @@ int member_join(char *buffer) { printf("member_getpublic: issuer public key is malformed!\n"); ret = -1; } else if (-2 == ret) { - printf("member_getpublic: signature of issuer public key is invalid\n"); + printf("member_getpublic: signature of issuer public key is invalid.\n"); ret = -1; } else { bzero(buffer, MAX_BUFSIZE); @@ -123,29 +126,33 @@ int member_join(char *buffer) { ret = 0; } } else { - printf("member_getpublic: did not get public key from issuer\n"); + printf("member_getpublic: did not get public key from issuer.\n"); member.state = ON; ret = -1; } break; case APPEND: if (0 == strncasecmp("JOINSTART", buffer, 9)) { +#ifdef DEBUG printf("ISSUER > MEMBER: %s\n", buffer); +#endif member_joinappend(buffer); member.state = JOINPROCEED; } else { - printf("member_join: did not get nonce from issuer\n"); + printf("member_join: did not get nonce from issuer.\n"); member.state = RCVPUBLIC; ret = -1; } break; case JOINPROCEED: if (0 == strncasecmp("JOINPROCEED", buffer, 11)) { +#ifdef DEBUG printf("ISSUER > MEMBER: %s\n", buffer); +#endif ret = member_joinfinish(buffer); member.state = JOINED; } else { - printf("member_getpublic: did not get credentials from issuer\n"); + printf("member_getpublic: did not get credentials from issuer.\n"); member.state = RCVPUBLIC; ret = -1; } @@ -154,7 +161,9 @@ int member_join(char *buffer) { ret = -1; } if (0 == ret) { +#ifdef DEBUG printf("ISSUER < MEMBER: %s\n", buffer); +#endif } return ret; } @@ -179,7 +188,7 @@ int member_verifymsg(char *buffer) { current = ¤t[bytes]; if(has_nym) { if (0 != ecdaa_signature_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.msk, &member.cred, ecdaa_rand)) { - printf("member_verifymsg: Signing message failed\n"); + printf("member_verifymsg: Signing message failed.\n"); } current[0] = '1'; current = ¤t[1]; @@ -187,7 +196,7 @@ int member_verifymsg(char *buffer) { current = ¤t[MAX_BSNSIZE]; } else { if (0 != ecdaa_signature_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.msk, &member.cred, ecdaa_rand)) { - printf("member_verifymsg: Signing message failed\n"); + printf("member_verifymsg: Signing message failed.\n"); } current[0] = '0'; current = ¤t[1]; @@ -196,11 +205,13 @@ int member_verifymsg(char *buffer) { bzero(binbuf, MAX_BUFSIZE); ecdaa_signature_FP256BN_serialize(binbuf, &sig, has_nym); bytes = ecdaa_encode(binbuf, current, sig_len); +#ifdef DEBUG printf("member_verifymsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); printf("member_verifymsg: msg: %s, len: %lu\n", msg, msg_len); printf("member_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len); printf("member_verifymsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); printf("member_verifymsg: sig: %s, len: %lu\n", current, sig_len); +#endif current[bytes] = '\n'; return 2; //send to verifier before closing @@ -214,7 +225,7 @@ int member_joinappend(char *buffer) { ecdaa_write_buffer_to_file(member_nonce_file, member.nonce, NONCE_SIZE); // if (0 != ecdaa_member_key_pair_TPM_FP256BN_generate(&member.mpk, member.nonce, NONCE_SIZE)) { if (0 != ecdaa_member_key_pair_FP256BN_generate(&member.mpk, &member.msk, member.nonce, NONCE_SIZE, ecdaa_rand)) { - fprintf(stderr, "Error generating member key-pair\n"); + fprintf(stderr, "Error generating member key-pair.\n"); return -1; } bzero(buffer, MAX_BUFSIZE); @@ -246,14 +257,14 @@ int member_joinfinish(char *buffer) { printf("member_joinfinish: credential is malformed!\n"); ret = -1; } else if(-2 == ret) { - printf("member_joinfinish: siganture of credential is invalid\n"); + printf("member_joinfinish: siganture of credential is invalid.\n"); ret = -1; } - printf("member_joinfinish: writing key-pair and credential to disk\n"); + printf("member_joinfinish: writing key-pair and credential to disk.\n"); if(0 != ecdaa_member_public_key_FP256BN_serialize_file(member_public_key_file, &member.mpk) || 0 != ecdaa_member_secret_key_FP256BN_serialize_file(member_secret_key_file, &member.msk) || 0 != ecdaa_credential_FP256BN_serialize_file(member_credential_file, &member.cred)) { - printf("issuer_joinfinish: Error saving key-pair or credential to disk\n"); + printf("issuer_joinfinish: Error saving key-pair or credential to disk.\n"); ret = -1; } else { ret = 1; diff --git a/verifier.c b/verifier.c index c6b4a7d..0751279 100644 --- a/verifier.c +++ b/verifier.c @@ -36,10 +36,10 @@ int main(int argc, char **argv) { switch(argc) { case 1: if (0 != ecdaa_issuer_public_key_FP256BN_deserialize_file(&verifier.ipk, verifier_ipk_file)) { - printf("Could not import key file. Importing from %s was not successful",verifier_ipk_file); + printf("Could not import key file. Importing from %s was not successful.\n",verifier_ipk_file); return 1; } - printf("verifier_setup: loaded keys from disk\n"); + printf("verifier_setup: loaded keys from disk.\n"); verifier.state = GOTISSUER; break; case 3: @@ -48,24 +48,24 @@ int main(int argc, char **argv) { remote_ip = argv[2]; ret = client_connect(&verifier_getissuer, remote_ip, ISSUERPORT); if (0 >= ret || GOTISSUER != verifier.state) { - printf("connection to issuer failed\n"); + printf("Error: connection to issuer failed.\n"); } if(0 != ecdaa_issuer_public_key_FP256BN_serialize_file(verifier_ipk_file, &verifier.ipk)) { - printf("issuer_setup: Error saving key-pair to disk\n"); + printf("Error saving key-pair to disk.\n"); return -1; } - printf("verifier_setup: wrote new issuer's public key to %s\n", verifier_ipk_file); + printf("verifier_setup: wrote new issuer's public key to %s.\n", verifier_ipk_file); } else { - printf("arguments invalid\n"); + printf("Error: Arguments invalid.\n"); } break; default: printf("Usage: \n Get issuer's public key: %s --public \n", argv[0]); - printf("If the public key is already saved, no arguments are needed\n"); + printf("If the public key is already saved, no arguments are needed.\n"); break; } if (GOTISSUER == verifier.state && 2 != server_start(&process_verifier, VERIFIERPORT)) { - printf("server failed\n"); + printf("Error: Server failed.\n"); } return 0; } @@ -83,21 +83,21 @@ int process_verifier(char *buffer) { printf("process_verifier: member public key is malformed!\n"); strncpy(buffer, "ERR\n", 4); } else if (-2 == ret) { - printf("process_verifier: signature of member public key is invalid\n"); + printf("process_verifier: signature of member public key is invalid.\n"); strncpy(buffer, "ERR\n", 4); } else { strncpy(buffer, "OK\n", 3); } ret = 0; } else if (0 == strncasecmp("EXIT", buffer, 4)) { - printf("closing client session\n"); + printf("closing client session.\n"); bzero(buffer, MAX_BUFSIZE); ret = 1; } else if (0 == strncasecmp("SHUTDOWN", buffer, 8)) { bzero(buffer, MAX_BUFSIZE); ret = 2; } else { - printf("unknown command\n"); + printf("unknown command.\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); ret = 0; @@ -120,7 +120,9 @@ int verifier_getissuer(char *buffer) { break; case ASKISSUER: if (0 == strncasecmp("PUBLISH", buffer, 7)) { +#ifdef DEBUG printf("ISSUER > VERIFIER: %s", buffer); +#endif uint8_t binbuf[MAX_BUFSIZE]; char *current = &buffer[8]; ecdaa_decode(current, binbuf, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); @@ -129,14 +131,14 @@ int verifier_getissuer(char *buffer) { printf("verifier_getpublic: issuer public key is malformed!\n"); ret = -1; } else if (-2 == ret) { - printf("verifier_getpublic: signature of issuer public key is invalid\n"); + printf("verifier_getpublic: signature of issuer public key is invalid.\n"); ret = -1; } else { verifier.state = GOTISSUER; ret = 1; } } else { - printf("verifier_getpublic: did not get public key from issuer\n"); + printf("verifier_getpublic: did not get public key from issuer.\n"); verifier.state = ON; ret = -1; } @@ -145,7 +147,9 @@ int verifier_getissuer(char *buffer) { ret = -1; } if (0 == ret) { +#ifdef DEBUG printf("ISSUER < VERIFIER: %s", buffer); +#endif } return ret; } @@ -188,15 +192,17 @@ int verifier_verifymsg(char *buffer) { ret = ecdaa_signature_FP256BN_deserialize(&sig, binbuf, has_nym); if (0 != ret) { - printf("verifier_verifymsg: error reading signature\n"); + printf("verifier_verifymsg: error reading signature.\n"); return -1; } +#ifdef DEBUG printf("verifier_verifymsg: has_nym: %u, sig_len: %lu\n", has_nym, sig_len); printf("verifier_verifymsg: msg: %s, len: %lu\n", msg, msg_len); printf("verifier_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len); printf("verifier_verifymsg: bsn: %s, len: %lu\n", bsn, bsn_len); printf("verifier_verifymsg: sig: %s, len: %lu\n", current, sig_len); +#endif ret = ecdaa_signature_FP256BN_verify(&sig, &verifier.ipk.gpk, &verifier.revocations, (uint8_t *) chksum, chksum_len, (uint8_t *) bsn, bsn_len); if (0 != ret) { @@ -204,9 +210,9 @@ int verifier_verifymsg(char *buffer) { return -1; } - printf("writing message to %s\n", MSGFILE); - ecdaa_write_buffer_to_file(MSGFILE, msg, msg_len); - printf("writing checksum to %s\n", CHKSUMFILE); - ecdaa_write_buffer_to_file(CHKSUMFILE, chksum, chksum_len); + printf("writing message to %s\n", message_file); + ecdaa_write_buffer_to_file(message_file, msg, msg_len); + printf("writing checksum to %s\n", checksum_file); + ecdaa_write_buffer_to_file(checksum_file, chksum, chksum_len); return 0; }