|
|
@ -59,15 +59,15 @@ int main(int argc, char *argv[]) { |
|
|
if (0 != read_public_key_from_files(member.pk_in, &sk_handle, member_tpm_key_file, member_tpm_handle_file)) { |
|
|
if (0 != read_public_key_from_files(member.pk_in, &sk_handle, member_tpm_key_file, member_tpm_handle_file)) { |
|
|
printf("Could not load TPM key with '%s' and '%s', trying to create a new key...\n", member_tpm_key_file, member_tpm_handle_file); |
|
|
printf("Could not load TPM key with '%s' and '%s', trying to create a new key...\n", member_tpm_key_file, member_tpm_handle_file); |
|
|
if (0 != create_key(member_tpm_key_file, member_tpm_handle_file) || 0 != read_public_key_from_files(member.pk_in, &sk_handle, member_tpm_key_file, member_tpm_handle_file)) { |
|
|
if (0 != create_key(member_tpm_key_file, member_tpm_handle_file) || 0 != read_public_key_from_files(member.pk_in, &sk_handle, member_tpm_key_file, member_tpm_handle_file)) { |
|
|
printf("Error: Creating or Loading TPM key with '%s' and '%s' failed. Exiting\n", member_tpm_key_file, member_tpm_handle_file); |
|
|
printf("Error: Creating or Loading TPM key with '%s' and '%s' failed.\n", member_tpm_key_file, member_tpm_handle_file); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
if (0 != init_tpm()) { |
|
|
if (0 != init_tpm()) { |
|
|
printf("Error: Failed to initialize TPM. Exiting\n"); |
|
|
printf("Error: Failed to initialize TPM.\n"); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
printf("Initialized TPM with pubkey and handle\n"); |
|
|
printf("Initialized TPM with pubkey and handle.\n"); |
|
|
member.state = ON; |
|
|
member.state = ON; |
|
|
remote_ip = argv[2]; |
|
|
remote_ip = argv[2]; |
|
|
ret = client_connect(&member_join, remote_ip, ISSUERPORT); |
|
|
ret = client_connect(&member_join, remote_ip, ISSUERPORT); |
|
|
@ -75,32 +75,32 @@ int main(int argc, char *argv[]) { |
|
|
printf("Join process failed!\n"); |
|
|
printf("Join process failed!\n"); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
printf("Join process was successful\n"); |
|
|
printf("Join process was successful.\n"); |
|
|
} else if (0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { |
|
|
} else if (0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { |
|
|
if (0 != read_public_key_from_files(member.pk_in, &sk_handle, member_tpm_key_file, member_tpm_handle_file)) { |
|
|
if (0 != read_public_key_from_files(member.pk_in, &sk_handle, member_tpm_key_file, member_tpm_handle_file)) { |
|
|
printf("Error: reading in public key files '%s' and '%s' failed\n", member_tpm_key_file, member_tpm_handle_file); |
|
|
printf("Error: reading in public key files '%s' and '%s' failed\n", member_tpm_key_file, member_tpm_handle_file); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
if (0 != init_tpm()) { |
|
|
if (0 != init_tpm()) { |
|
|
printf("Error: Failed to initialize TPM. Exiting\n"); |
|
|
printf("Error: Failed to initialize TPM.\n"); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
printf("Initialized TPM with pubkey and handle\n"); |
|
|
printf("Initialized TPM with pubkey and handle.\n"); |
|
|
msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, MSGFILE); |
|
|
msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, message_file); |
|
|
if (msg_len < 0) { |
|
|
if (msg_len < 0) { |
|
|
printf("Could not open message file %s\n", MSGFILE); |
|
|
printf("Could not open message file %s.\n", message_file); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
chksum_len = ecdaa_read_from_file(chksum, MAX_CHKSUMSIZE, CHKSUMFILE); |
|
|
chksum_len = ecdaa_read_from_file(chksum, MAX_CHKSUMSIZE, checksum_file); |
|
|
if (chksum_len < 0) { |
|
|
if (chksum_len < 0) { |
|
|
printf("Could not open checksum file %s\n", CHKSUMFILE); |
|
|
printf("Could not open checksum file %s.\n", checksum_file); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
printf("Loaded message and checksum\n"); |
|
|
printf("Loaded message and checksum.\n"); |
|
|
if (0 > ecdaa_read_from_file(member.nonce, NONCE_SIZE, member_nonce_file) || |
|
|
if (0 > ecdaa_read_from_file(member.nonce, NONCE_SIZE, member_nonce_file) || |
|
|
0 != ecdaa_member_public_key_FP256BN_deserialize_file(&member.mpk, member_public_key_file, member.nonce, NONCE_SIZE) || |
|
|
0 != ecdaa_member_public_key_FP256BN_deserialize_file(&member.mpk, member_public_key_file, member.nonce, NONCE_SIZE) || |
|
|
0 != ecdaa_credential_FP256BN_deserialize_file(&member.cred, member_credential_file)) { |
|
|
0 != ecdaa_credential_FP256BN_deserialize_file(&member.cred, member_credential_file)) { |
|
|
printf("Could not import key files. importing from either %s, %s or %s was not successful\n", |
|
|
printf("Could not import key files. Importing from either %s, %s or %s was not successful.\n", |
|
|
member_nonce_file, member_public_key_file, member_credential_file); |
|
|
member_nonce_file, member_public_key_file, member_credential_file); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
@ -108,17 +108,17 @@ int main(int argc, char *argv[]) { |
|
|
remote_ip = argv[2]; |
|
|
remote_ip = argv[2]; |
|
|
ret = client_connect(&member_verifymsg, remote_ip, VERIFIERPORT); |
|
|
ret = client_connect(&member_verifymsg, remote_ip, VERIFIERPORT); |
|
|
if (2 != ret) { |
|
|
if (2 != ret) { |
|
|
printf("message transmission to verifier failed\n"); |
|
|
printf("Error: Message transmission to verifier failed.\n"); |
|
|
} |
|
|
} |
|
|
} else { |
|
|
} else { |
|
|
printf("arguments invalid"); |
|
|
printf("Error: Arguments invalid.\n"); |
|
|
} |
|
|
} |
|
|
break; |
|
|
break; |
|
|
default: |
|
|
default: |
|
|
printf("Usage: \n Join an issuer's group: %s --join <issuer's IPv4>\n", argv[0]); |
|
|
printf("Usage: \n Join an issuer's group: %s --join <issuer's IPv4>\n", argv[0]); |
|
|
printf("Send a signed message to the verifier: %s --send <verifier's IPv4>\n", argv[0]); |
|
|
printf("Send a signed message to the verifier: %s --send <verifier's IPv4>\n", argv[0]); |
|
|
printf("Before sending a DAA-signed message, the member must join a DAA group\n"); |
|
|
printf("Before sending a DAA-signed message, the member must join a DAA group\n"); |
|
|
printf("%s must not exceed %d Bytes, %s must be smaller than %d Bytes\n", MSGFILE, MAX_MSGSIZE, CHKSUMFILE, MAX_CHKSUMSIZE); |
|
|
printf("%s must not exceed %d Bytes, %s must be smaller than %d Bytes\n", message_file, MAX_MSGSIZE, checksum_file, MAX_CHKSUMSIZE); |
|
|
break; |
|
|
break; |
|
|
} |
|
|
} |
|
|
return 0; |
|
|
return 0; |
|
|
@ -139,25 +139,27 @@ int init_tpm() |
|
|
size_t size; |
|
|
size_t size; |
|
|
init_ret = Tss2_Tcti_Device_Init(NULL, &size, device_conf); |
|
|
init_ret = Tss2_Tcti_Device_Init(NULL, &size, device_conf); |
|
|
if (TSS2_RC_SUCCESS != init_ret) { |
|
|
if (TSS2_RC_SUCCESS != init_ret) { |
|
|
printf("Failed to get allocation size for tcti context\n"); |
|
|
printf("Error: Failed to get allocation size for tcti context.\n"); |
|
|
return -1; |
|
|
return -1; |
|
|
} |
|
|
} |
|
|
if (size > sizeof(member.tcti_buffer)) { |
|
|
if (size > sizeof(member.tcti_buffer)) { |
|
|
printf("Error: device TCTI context size larger than pre-allocated buffer\n"); |
|
|
printf("Error: device TCTI context size larger than pre-allocated buffer.\n"); |
|
|
return -1; |
|
|
return -1; |
|
|
} |
|
|
} |
|
|
init_ret = Tss2_Tcti_Device_Init(tcti_ctx, &size, device_conf); |
|
|
init_ret = Tss2_Tcti_Device_Init(tcti_ctx, &size, device_conf); |
|
|
if (TSS2_RC_SUCCESS != init_ret) { |
|
|
if (TSS2_RC_SUCCESS != init_ret) { |
|
|
printf("Error: Unable to initialize device TCTI context\n"); |
|
|
printf("Error: Unable to initialize device TCTI context.\n"); |
|
|
return -1; |
|
|
return -1; |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
//initialize ecdaa tpm context
|
|
|
//initialize ecdaa tpm context
|
|
|
if(0 != ecdaa_tpm_context_init(&member.ctx, member.pk_handle, NULL, 0, tcti_ctx)) { |
|
|
if(0 != ecdaa_tpm_context_init(&member.ctx, member.pk_handle, NULL, 0, tcti_ctx)) { |
|
|
printf("\necdaa context failed\n"); |
|
|
printf("Error: ECDAA context failed.\n"); |
|
|
return -1; |
|
|
return -1; |
|
|
} |
|
|
} |
|
|
printf("\necdaa context initialized\n"); |
|
|
#ifdef DEBUG |
|
|
|
|
|
printf("ECDAA context initialized.\n"); |
|
|
|
|
|
#endif |
|
|
return 0; |
|
|
return 0; |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@ -177,7 +179,9 @@ int member_join(char *buffer) { |
|
|
break; |
|
|
break; |
|
|
case ISSUERPUB: |
|
|
case ISSUERPUB: |
|
|
if (0 == strncasecmp("PUBLISH", buffer, 7)) { |
|
|
if (0 == strncasecmp("PUBLISH", buffer, 7)) { |
|
|
|
|
|
#ifdef DEBUG |
|
|
printf("ISSUER > MEMBER: %s\n", buffer); |
|
|
printf("ISSUER > MEMBER: %s\n", buffer); |
|
|
|
|
|
#endif |
|
|
uint8_t binbuf[MAX_BUFSIZE]; |
|
|
uint8_t binbuf[MAX_BUFSIZE]; |
|
|
char *current = &buffer[8]; |
|
|
char *current = &buffer[8]; |
|
|
ecdaa_decode(current, binbuf, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); |
|
|
ecdaa_decode(current, binbuf, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); |
|
|
@ -186,7 +190,7 @@ int member_join(char *buffer) { |
|
|
printf("member_getpublic: issuer public key is malformed!\n"); |
|
|
printf("member_getpublic: issuer public key is malformed!\n"); |
|
|
ret = -1; |
|
|
ret = -1; |
|
|
} else if (-2 == ret) { |
|
|
} else if (-2 == ret) { |
|
|
printf("member_getpublic: signature of issuer public key is invalid\n"); |
|
|
printf("member_getpublic: signature of issuer public key is invalid.\n"); |
|
|
ret = -1; |
|
|
ret = -1; |
|
|
} else { |
|
|
} else { |
|
|
bzero(buffer, MAX_BUFSIZE); |
|
|
bzero(buffer, MAX_BUFSIZE); |
|
|
@ -195,29 +199,33 @@ int member_join(char *buffer) { |
|
|
ret = 0; |
|
|
ret = 0; |
|
|
} |
|
|
} |
|
|
} else { |
|
|
} else { |
|
|
printf("member_getpublic: did not get public key from issuer\n"); |
|
|
printf("member_getpublic: did not get public key from issuer.\n"); |
|
|
member.state = ON; |
|
|
member.state = ON; |
|
|
ret = -1; |
|
|
ret = -1; |
|
|
} |
|
|
} |
|
|
break; |
|
|
break; |
|
|
case APPEND: |
|
|
case APPEND: |
|
|
if (0 == strncasecmp("JOINSTART", buffer, 9)) { |
|
|
if (0 == strncasecmp("JOINSTART", buffer, 9)) { |
|
|
|
|
|
#ifdef DEBUG |
|
|
printf("ISSUER > MEMBER: %s\n", buffer); |
|
|
printf("ISSUER > MEMBER: %s\n", buffer); |
|
|
|
|
|
#endif |
|
|
member_joinappend(buffer); |
|
|
member_joinappend(buffer); |
|
|
member.state = JOINPROCEED; |
|
|
member.state = JOINPROCEED; |
|
|
} else { |
|
|
} else { |
|
|
printf("member_join: did not get nonce from issuer\n"); |
|
|
printf("member_join: did not get nonce from issuer.\n"); |
|
|
member.state = RCVPUBLIC; |
|
|
member.state = RCVPUBLIC; |
|
|
ret = -1; |
|
|
ret = -1; |
|
|
} |
|
|
} |
|
|
break; |
|
|
break; |
|
|
case JOINPROCEED: |
|
|
case JOINPROCEED: |
|
|
if (0 == strncasecmp("JOINPROCEED", buffer, 11)) { |
|
|
if (0 == strncasecmp("JOINPROCEED", buffer, 11)) { |
|
|
|
|
|
#ifdef DEBUG |
|
|
printf("ISSUER > MEMBER: %s\n", buffer); |
|
|
printf("ISSUER > MEMBER: %s\n", buffer); |
|
|
|
|
|
#endif |
|
|
ret = member_joinfinish(buffer); |
|
|
ret = member_joinfinish(buffer); |
|
|
member.state = JOINED; |
|
|
member.state = JOINED; |
|
|
} else { |
|
|
} else { |
|
|
printf("member_getpublic: did not get credentials from issuer\n"); |
|
|
printf("member_getpublic: did not get credentials from issuer.\n"); |
|
|
member.state = RCVPUBLIC; |
|
|
member.state = RCVPUBLIC; |
|
|
ret = -1; |
|
|
ret = -1; |
|
|
} |
|
|
} |
|
|
@ -226,7 +234,9 @@ int member_join(char *buffer) { |
|
|
ret = -1; |
|
|
ret = -1; |
|
|
} |
|
|
} |
|
|
if (0 == ret) { |
|
|
if (0 == ret) { |
|
|
|
|
|
#ifdef DEBUG |
|
|
printf("ISSUER < MEMBER: %s", buffer); |
|
|
printf("ISSUER < MEMBER: %s", buffer); |
|
|
|
|
|
#endif |
|
|
} |
|
|
} |
|
|
return ret; |
|
|
return ret; |
|
|
} |
|
|
} |
|
|
@ -244,7 +254,7 @@ int member_verifymsg(char *buffer) { |
|
|
if (0 == strncasecmp("OK", buffer, 2)) { |
|
|
if (0 == strncasecmp("OK", buffer, 2)) { |
|
|
return 1; |
|
|
return 1; |
|
|
} else if (0 == strncasecmp("ERR", buffer, 3)) { |
|
|
} else if (0 == strncasecmp("ERR", buffer, 3)) { |
|
|
printf("member_verifymsg: Verifier refused signature\n"); |
|
|
printf("member_verifymsg: Verifier refused signature.\n"); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@ -258,7 +268,7 @@ int member_verifymsg(char *buffer) { |
|
|
current = ¤t[bytes]; |
|
|
current = ¤t[bytes]; |
|
|
if(has_nym) { |
|
|
if(has_nym) { |
|
|
if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.cred, ecdaa_rand, &member.ctx)) { |
|
|
if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.cred, ecdaa_rand, &member.ctx)) { |
|
|
printf("member_verifymsg: Signing message failed\n"); |
|
|
printf("member_verifymsg: Signing message failed.\n"); |
|
|
} |
|
|
} |
|
|
current[0] = '1'; |
|
|
current[0] = '1'; |
|
|
current = ¤t[1]; |
|
|
current = ¤t[1]; |
|
|
@ -266,7 +276,7 @@ int member_verifymsg(char *buffer) { |
|
|
current = ¤t[MAX_BSNSIZE]; |
|
|
current = ¤t[MAX_BSNSIZE]; |
|
|
} else { |
|
|
} else { |
|
|
if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.cred, ecdaa_rand, &member.ctx)) { |
|
|
if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.cred, ecdaa_rand, &member.ctx)) { |
|
|
printf("member_verifymsg: Signing message failed\n"); |
|
|
printf("member_verifymsg: Signing message failed.\n"); |
|
|
} |
|
|
} |
|
|
current[0] = '0'; |
|
|
current[0] = '0'; |
|
|
current = ¤t[1]; |
|
|
current = ¤t[1]; |
|
|
@ -275,12 +285,13 @@ int member_verifymsg(char *buffer) { |
|
|
bzero(binbuf, MAX_BUFSIZE); |
|
|
bzero(binbuf, MAX_BUFSIZE); |
|
|
ecdaa_signature_FP256BN_serialize(binbuf, &sig, has_nym); |
|
|
ecdaa_signature_FP256BN_serialize(binbuf, &sig, has_nym); |
|
|
bytes = ecdaa_encode(binbuf, current, sig_len); |
|
|
bytes = ecdaa_encode(binbuf, current, sig_len); |
|
|
|
|
|
#ifdef DEBUG |
|
|
printf("member_verifymsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); |
|
|
printf("member_verifymsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); |
|
|
printf("member_verifymsg: msg: %s, len: %lu\n", msg, msg_len); |
|
|
printf("member_verifymsg: msg: %s, len: %lu\n", msg, msg_len); |
|
|
printf("member_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len); |
|
|
printf("member_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len); |
|
|
printf("member_verifymsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); |
|
|
printf("member_verifymsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); |
|
|
printf("member_verifymsg: sig: %s, len: %lu\n", current, sig_len); |
|
|
printf("member_verifymsg: sig: %s, len: %lu\n", current, sig_len); |
|
|
|
|
|
#endif |
|
|
current[bytes] = '\n'; |
|
|
current[bytes] = '\n'; |
|
|
return 2; //send to verifier before closing
|
|
|
return 2; //send to verifier before closing
|
|
|
} |
|
|
} |
|
|
@ -326,13 +337,13 @@ int member_joinfinish(char *buffer) { |
|
|
printf("member_joinfinish: credential is malformed!\n"); |
|
|
printf("member_joinfinish: credential is malformed!\n"); |
|
|
ret = -1; |
|
|
ret = -1; |
|
|
} else if(-2 == ret) { |
|
|
} else if(-2 == ret) { |
|
|
printf("member_joinfinish: siganture of credential is invalid\n"); |
|
|
printf("member_joinfinish: siganture of credential is invalid.\n"); |
|
|
ret = -1; |
|
|
ret = -1; |
|
|
} |
|
|
} |
|
|
printf("member_joinfinish: writing public key and credential to disk\n"); |
|
|
printf("member_joinfinish: writing public key and credential to disk.\n"); |
|
|
if(0 != ecdaa_member_public_key_FP256BN_serialize_file(member_public_key_file, &member.mpk) || |
|
|
if(0 != ecdaa_member_public_key_FP256BN_serialize_file(member_public_key_file, &member.mpk) || |
|
|
0 != ecdaa_credential_FP256BN_serialize_file(member_credential_file, &member.cred)) { |
|
|
0 != ecdaa_credential_FP256BN_serialize_file(member_credential_file, &member.cred)) { |
|
|
printf("issuer_setup: Error saving key-pair or credential to disk\n"); |
|
|
printf("issuer_setup: Error saving key-pair or credential to disk.\n"); |
|
|
ret = -1; |
|
|
ret = -1; |
|
|
} else { |
|
|
} else { |
|
|
ret = 1; |
|
|
ret = 1; |
|
|
@ -347,7 +358,7 @@ int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, con |
|
|
|
|
|
|
|
|
FILE *pub_key_file_ptr = fopen(pub_key_filename, "r"); |
|
|
FILE *pub_key_file_ptr = fopen(pub_key_filename, "r"); |
|
|
if (NULL == pub_key_file_ptr) { |
|
|
if (NULL == pub_key_file_ptr) { |
|
|
printf("read_public_key: error opening public key\n"); |
|
|
printf("read_public_key: error opening public key.\n"); |
|
|
return -1; |
|
|
return -1; |
|
|
} |
|
|
} |
|
|
do { |
|
|
do { |
|
|
@ -362,13 +373,13 @@ int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, con |
|
|
} while(0); |
|
|
} while(0); |
|
|
(void)fclose(pub_key_file_ptr); |
|
|
(void)fclose(pub_key_file_ptr); |
|
|
if (0 != ret) { |
|
|
if (0 != ret) { |
|
|
printf("read_public_key: error reading public key file\n"); |
|
|
printf("read_public_key: error reading public key file.\n"); |
|
|
return -1; |
|
|
return -1; |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
FILE *handle_file_ptr = fopen(handle_filename, "r"); |
|
|
FILE *handle_file_ptr = fopen(handle_filename, "r"); |
|
|
if (NULL == handle_file_ptr) { |
|
|
if (NULL == handle_file_ptr) { |
|
|
printf("read_public_key: error opening handle\n"); |
|
|
printf("read_public_key: error opening handle.\n"); |
|
|
return -1; |
|
|
return -1; |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@ -387,7 +398,7 @@ int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, con |
|
|
(void)fclose(handle_file_ptr); |
|
|
(void)fclose(handle_file_ptr); |
|
|
|
|
|
|
|
|
if (0 != ret) { |
|
|
if (0 != ret) { |
|
|
printf("read_public_key: error closing public key\n"); |
|
|
printf("read_public_key: error closing public key.\n"); |
|
|
return -1; |
|
|
return -1; |
|
|
} |
|
|
} |
|
|
return ret; |
|
|
return ret; |
|
|
|
