diff --git a/.gitignore b/.gitignore index 54f3004..d5b0de7 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,5 @@ CMakeFiles/ CMakeCache.txt Makefile cmake_install.cmake +*.bin +*.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index 9216280..504bd21 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -23,8 +23,8 @@ target_include_directories(ecdaa_member_tpm PUBLIC ) target_link_libraries(ecdaa_member_tpm /usr/lib/x86_64-linux-gnu/libecdaa.so) target_link_libraries(ecdaa_member_tpm /usr/lib/x86_64-linux-gnu/libecdaa-tpm.so) -target_link_libraries(ecdaa_member_tpm /usr/lib/x86_64-linux-gnu/libxaptum-tpm.so) -target_link_libraries(ecdaa_member_tpm /usr/lib/x86_64-linux-gnu/libtss2-esys.so) +# target_link_libraries(ecdaa_member_tpm /usr/lib/x86_64-linux-gnu/libxaptum-tpm.so) +# target_link_libraries(ecdaa_member_tpm /usr/lib/x86_64-linux-gnu/libtss2-esys.so) add_executable(ecdaa_verifier verifier.c common.h common.c server.h server.c client.h client.c) target_include_directories(ecdaa_verifier PUBLIC diff --git a/ecdaa_issuer b/ecdaa_issuer new file mode 100755 index 0000000..afb0bd0 Binary files /dev/null and b/ecdaa_issuer differ diff --git a/ecdaa_member b/ecdaa_member index 12d6e6b..381cfc3 100755 Binary files a/ecdaa_member and b/ecdaa_member differ diff --git a/ecdaa_verifier b/ecdaa_verifier index 5db8ce3..b26983b 100755 Binary files a/ecdaa_verifier and b/ecdaa_verifier differ diff --git a/issuer.c b/issuer.c index 3103d9a..ba3ded6 100644 --- a/issuer.c +++ b/issuer.c @@ -26,6 +26,16 @@ int issuer_joinproceed(char *buffer); int issuer_publish(char *buffer); int main() { + issuer.state = ON; + if(ON == issuer.state) { + if (0 == issuer_setup()) { + issuer.state = READY; + } else { + printf("issuer setup failed\n"); + return 1; + } + } + if (2 != server_start(&process_issuer, ISSUERPORT)) { printf("server failed\n"); } @@ -35,15 +45,6 @@ int main() { int process_issuer(char *buffer) { int ret = 0; - if(ON == issuer.state) { - if( (0 == issuer_setup()) { - issuer.state = READY; - } else { - printf("issuer setup failed\n"); - return 2; - } - } - printf("> ISSUER: %s\n", buffer); if (0 == strncasecmp("OK", buffer, 2)) { @@ -71,7 +72,7 @@ int process_issuer(char *buffer) { switch (issuer.state) { case READY: printf("generate new issuer identity\n"); - if( (0 == issuer_setup(buffer)) { + if (0 == issuer_setup(buffer)) { issuer.state = READY; } else { printf("issuer setup failed\n"); @@ -203,8 +204,8 @@ int issuer_reset(char *buffer) { strncpy(buffer, "ERR\n", 4); return -1; } - if(0 != ecdaa_issuer_public_key_FP256BN_serialize_file(issuer_public_key_file, &ipk) || - 0 != ecdaa_issuer_secret_key_FP256BN_serialize_file(issuer_secret_key_file, &isk)) { + if(0 != ecdaa_issuer_public_key_FP256BN_serialize_file(issuer_public_key_file, &issuer.ipk) || + 0 != ecdaa_issuer_secret_key_FP256BN_serialize_file(issuer_secret_key_file, &issuer.isk)) { printf("issuer_reset: Error saving key-pair to disk\n"); strncpy(buffer, "ERR\n", 4); return -1; @@ -218,7 +219,7 @@ int issuer_reset(char *buffer) { int issuer_setup() { printf("setup()\n"); if (0 == ecdaa_issuer_public_key_FP256BN_deserialize_file(&issuer.ipk, issuer_public_key_file)) { - if (0 == ecdaa_issuer_secret_key_FP256BN_deserialize_file(&issuer.isk, issuer_secret_key_file) { + if (0 == ecdaa_issuer_secret_key_FP256BN_deserialize_file(&issuer.isk, issuer_secret_key_file)) { printf("issuer_setup: loaded keys from disk\n"); return 0; } diff --git a/member-tpm.c b/member-tpm.c index 86db99c..d37cf87 100644 --- a/member-tpm.c +++ b/member-tpm.c @@ -44,7 +44,7 @@ int main() { int init_tpm() { TSS2_TCTI_CONTEXT *tctiContext = NULL; - TPML_HANDLE handle = 0; + TPM2_HANDLE handle = 0; const char* passwd = "1234"; uint16_t passwdlen = strlen(passwd); TSS2_RC retval = 0; diff --git a/member.c b/member.c index f85c804..c39db8c 100644 --- a/member.c +++ b/member.c @@ -26,12 +26,10 @@ uint8_t msg[MAX_MSGSIZE]; size_t msg_len; int member_join(char *buffer); -int member_attest(char *buffer); +int member_verifymsg(char *buffer); int member_publish(char *buffer); -/* int member_getpublic(char *buffer); */ - int member_joinappend(char *buffer); int member_joinfinish(char *buffer); @@ -40,8 +38,10 @@ int main(int argc, char **argv) { char buffer[MAX_BUFSIZE]; char *remote_ip = argv[2]; int ret = 0; +// strncpy(member.bsn, "mybasename", 10); +// member.bsn_len = strlen(member.bsn); switch(argc) { - case 2: + case 3: if( 0 == strncasecmp("--join", argv[1], 6) || 0 == strncasecmp("-j", argv[1], 2)) { member.state = ON; ret = client_connect(&member_join, remote_ip, ISSUERPORT); @@ -51,106 +51,43 @@ int main(int argc, char **argv) { } else { printf("Join process was successful\n"); } - } + } else { + printf("2 arguments but not join\n"); + } break; - case 3: + case 4: if( 0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { - char *msgfile = argv[3]; - FILE *fileptr = fopen(msgfile, "rb"); - if (0 == fileptr) { - printf("Could not open message file %s\n", msgfile); - return 1; - } - size_t bytes_read = fread(msg, 1, MAX_MSGSIZE, fileptr); - if (bytes_to_read != bytes_read && !feof(file_ptr)) { - printf("Error reading message file"); - fclose(fileptr); + msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, argv[3]); + if (msg_len < 0) { + printf("Could not open message file %s\n", argv[3]); return 1; - } - if (0 != fclose(fileptr)) { - printf("Error closing message file"); - return 1; - } - if (0 != ecdaa_member_secret_key_FP256BN_deserialize_file(&member.msk, member_secret_key_file) || - 0 != ecdaa_member_public_key_FP256BN_deserialize_file(&member.mpk, member_public_key_file) || + } + if (0 > ecdaa_read_from_file(member.nonce, NONCE_SIZE, member_nonce_file) || + 0 != ecdaa_member_secret_key_FP256BN_deserialize_file(&member.msk, member_secret_key_file) || + 0 != ecdaa_member_public_key_FP256BN_deserialize_file(&member.mpk, member_public_key_file, member.nonce, NONCE_SIZE) || 0 != ecdaa_credential_FP256BN_deserialize_file(&member.cred, member_credential_file)) { - printf("Could not import key files. importing from %s, %s or %s was not successful\n", member_secret_key_file, member_public_key_file, member_credential_file); + printf("Could not import key files. importing from %s, %s, %s or %s was not successful\n", + member_nonce_file, member_secret_key_file, member_public_key_file, member_credential_file); return 1; } - member.state = JOINED - ret = client_connect(&member_attest, remote_ip, VERIFIERPORT); + member.state = JOINED; + ret = client_connect(&member_verifymsg, remote_ip, VERIFIERPORT); if (0 >= ret || JOINED != member.state) { printf("connection to verifier failed\n"); } - } + } else { + printf("3 arguments but not send\n"); + } break; default: printf("Usage: \n Join an issuer's group: %s --join \n", argv[0]); printf("Send a signed message to the verifier: %s --send \n", argv[0]); - printf("Before sending a DAA-signed message, the member must join a DAA group\n", argv[0]); + printf("Before sending a DAA-signed message, the member must join a DAA group\n"); break; + } return 0; } -/* int process_member(char *buffer) { */ -/* int ret = 0; */ -/* char remote_ip[16]; */ - -/* bzero(member.bsn, MAX_BSNSIZE); */ -/* strncpy((char *) member.bsn, "Biometric Sensor", 16); */ -/* member.bsn_len = 16; */ - -/* printf("> MEMBER: %s\n", buffer); */ - -/* if (member.state == JOINED && 0 == strncasecmp("ATTEST", buffer, 6)) { */ -/* bzero(buffer, MAX_BUFSIZE); */ -/* strncpy(buffer, "ATTEST ", 7); */ -/* member_attest(buffer); */ -/* } else if (member.state == ON && 0 == strncasecmp("GETPUBLIC", buffer, 9)) { */ -/* strncpy(remote_ip, buffer[10], 15); */ -/* ret = client_connect(&member_getpublic, remote_ip, ISSUERPORT); */ -/* if (0 >= ret || RCVPUBLIC != member.state) { */ -/* printf("process_member: issuer connection failed\n"); */ -/* bzero(buffer, MAX_BUFSIZE); */ -/* strncpy(buffer, "ERR\n", 4); */ -/* } else { */ -/* bzero(buffer, MAX_BUFSIZE); */ -/* strncpy(buffer, "OK\n", 3); */ -/* } */ -/* ret = 0; */ -/* } else if (0 == strncasecmp("PUBLISH", buffer, 7)) { */ -/* bzero(buffer, MAX_BUFSIZE); */ -/* member_publish(buffer); */ -/* } else if (member.state == RCVPUBLIC && 0 == strncasecmp("JOIN", buffer, 4)) { */ -/* member.state = JOIN; */ -/* ret = client_connect(&member_join, ISSUERIP, ISSUERPORT); */ -/* if (0 >= ret || JOINED != member.state) { */ -/* printf("process_member: issuer connection failed\n"); */ -/* bzero(buffer, MAX_BUFSIZE); */ -/* strncpy(buffer, "ERR\n", 4); */ -/* } else { */ -/* bzero(buffer, MAX_BUFSIZE); */ -/* strncpy(buffer, "OK\n", 3); */ -/* } */ -/* ret = 0; */ -/* } else if (0 == strncasecmp("EXIT", buffer, 4)) { */ -/* bzero(buffer, MAX_BUFSIZE); */ -/* strncpy(buffer, "OK\n", 3); */ -/* ret = 1; */ -/* } else if (0 == strncasecmp("SHUTDOWN", buffer, 8)) { */ -/* bzero(buffer, MAX_BUFSIZE); */ -/* strncpy(buffer, "OK\n", 3); */ -/* ret = 2; */ -/* } else { */ -/* bzero(buffer, MAX_BUFSIZE); */ -/* strncpy(buffer, "ERR\n", 4); */ -/* ret = 0; */ -/* } */ - -/* printf("< MEMBER: %s\n", buffer); */ -/* return ret; */ -/* } */ - int member_join(char *buffer) { int ret = 0; @@ -174,7 +111,10 @@ int member_join(char *buffer) { printf("member_getpublic: signature of issuer public key is invalid\n"); ret = -1; } else { - member.state = JOIN; + bzero(buffer, MAX_BUFSIZE); + strncpy(buffer, "JOIN\n", 5); + member.state = APPEND; + ret = 0; } } else { printf("member_getpublic: did not get public key from issuer\n"); @@ -182,11 +122,6 @@ int member_join(char *buffer) { ret = -1; } break; - case JOIN: - bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "JOIN\n", 5); - member.state = APPEND; - break; case APPEND: if (0 == strncasecmp("JOINSTART", buffer, 9)) { printf("ISSUER > MEMBER: %s", buffer); @@ -219,68 +154,28 @@ int member_join(char *buffer) { return ret; } -/* int member_getpublic(char *buffer) { */ -/* int ret = 0; */ - -/* switch (member.state) { */ -/* case ON: */ -/* bzero(buffer, MAX_BUFSIZE); */ -/* strncpy(buffer, "PUBLISH\n", 8); */ -/* member.state = ISSUERPUB; */ -/* break; */ -/* case ISSUERPUB: */ -/* if (0 == strncasecmp("PUBLISH", buffer, 7)) { */ -/* printf("ISSUER > MEMBER: %s", buffer); */ -/* uint8_t binbuf[MAX_BUFSIZE]; */ -/* char *current = &buffer[8]; */ -/* ecdaa_hextobin(current, binbuf, ECDAA_ISSUER_PUBLIC_KEY_FP256BN_LENGTH); */ -/* ret = ecdaa_issuer_public_key_FP256BN_deserialize(&member.ipk, binbuf); */ -/* if (-1 == ret) { */ -/* printf("member_getpublic: issuer public key is malformed!\n"); */ -/* ret = -1; */ -/* } else if (-2 == ret) { */ -/* printf("member_getpublic: signature of issuer public key is invalid\n"); */ -/* ret = -1; */ -/* } else { */ -/* member.state = RCVPUBLIC; */ -/* ret = 1; */ -/* } */ -/* } else { */ -/* printf("member_getpublic: did not get public key from issuer\n"); */ -/* member.state = ON; */ -/* ret = -1; */ -/* } */ -/* break; */ -/* default: */ -/* printf("member_getpublic: did not get public key from issuer\n"); */ -/* member.state = ON; */ -/* ret = -1; */ -/* break; */ -/* } */ -/* if (0 == ret) { */ -/* printf("ISSUER < MEMBER: %s", buffer); */ -/* } */ -/* return ret; */ -/* } */ - -//"ATTEST" > "ATTEST " -int member_attest(char *buffer) { +//"VERIFYMSG" > "VERIFYMSG " +int member_verifymsg(char *buffer) { char *current = buffer; uint8_t binbuf[MAX_BUFSIZE]; - /* uint8_t msg[MAX_MSGSIZE] = "I am the real host"; */ - /* size_t msg_len = strlen((char*)msg); */ - uint8_t has_nym = member.bsn_len != 0 ? 1 : 0; + uint8_t has_nym = member.bsn_len > 0 ? 1 : 0; struct ecdaa_signature_FP256BN sig; - size_t sig_len = has_nym ? ECDAA_SIGNATURE_FP256BN_WITH_NYM_LENGTH : ECDAA_SIGNATURE_FP256BN_LENGTH; + size_t sig_len = has_nym ? ecdaa_signature_FP256BN_with_nym_length() : ecdaa_signature_FP256BN_length(); + if (0 == strncasecmp("OK", buffer, 2)) { + return 1; + } else if (0 == strncasecmp("ERR", buffer, 3)) { + printf("member_verifymsg: Verifier refused signature\n"); + return 1; + } ecdaa_signature_FP256BN_sign(&sig, msg, msg_len, member.bsn, member.bsn_len, &member.msk, &member.cred, ecdaa_rand); bzero(buffer, MAX_BUFSIZE); bzero(binbuf, MAX_BUFSIZE); - strncpy(current, "ATTEST ", 7); - current = ¤t[7]; + strncpy(current, "VERIFYMSG ", 10); + current = ¤t[10]; - strncpy(current, (char*) msg, MAX_MSGSIZE); + strncpy(current, (char*) msg, msg_len); current[MAX_MSGSIZE] = has_nym == 1 ? '1' : '0'; current = ¤t[MAX_MSGSIZE + 1]; if(has_nym) { @@ -290,9 +185,10 @@ int member_attest(char *buffer) { ecdaa_signature_FP256BN_serialize(binbuf, &sig, has_nym); ecdaa_bintohex(binbuf, sig_len, current); - printf("member_attest: msg: %s, len: %lu\n",msg, msg_len); - printf("member_attest: bsn: %s, len: %lu\n",(char *)member.bsn, strlen((char *)member.bsn)); - printf("member_attest: sig: %s\n",current); + printf("member_verifymsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); + printf("member_verifymsg: msg: %s, len: %lu\n",msg, msg_len); + printf("member_verifymsg: bsn: %s, len: %lu\n",(char *)member.bsn, strlen((char *)member.bsn)); + printf("member_verifymsg: sig: %s\n",current); current[2 * sig_len] = '\n'; return 0; } @@ -320,7 +216,7 @@ int member_joinappend(char *buffer) { char *current = &buffer[10]; uint8_t binbuf[MAX_BUFSIZE]; ecdaa_hextobin(current, member.nonce, NONCE_SIZE); - + ecdaa_write_buffer_to_file(member_nonce_file, member.nonce, NONCE_SIZE); // if (0 != ecdaa_member_key_pair_TPM_FP256BN_generate(&member.mpk, member.nonce, NONCE_SIZE)) { if (0 != ecdaa_member_key_pair_FP256BN_generate(&member.mpk, &member.msk, member.nonce, NONCE_SIZE, ecdaa_rand)) { fprintf(stderr, "Error generating member key-pair\n"); @@ -354,10 +250,10 @@ int member_joinfinish(char *buffer) { printf("member_joinfinish: credential is malformed!\n"); ret = -1; } else if(-2 == ret) { - printf("member_joinfinish: siganture of credential is invalid"); + printf("member_joinfinish: siganture of credential is invalid\n"); ret = -1; } - printf("member_joinfinish: writing key-pair and credential to disk"); + printf("member_joinfinish: writing key-pair and credential to disk\n"); if(0 != ecdaa_member_public_key_FP256BN_serialize_file(member_public_key_file, &member.mpk) || 0 != ecdaa_member_secret_key_FP256BN_serialize_file(member_secret_key_file, &member.msk) || 0 != ecdaa_credential_FP256BN_serialize_file(member_credential_file, &member.cred)) { @@ -367,3 +263,4 @@ int member_joinfinish(char *buffer) { return ret; } + diff --git a/member.h b/member.h index db9c7d4..d55c583 100644 --- a/member.h +++ b/member.h @@ -15,5 +15,6 @@ const char* member_public_key_file = "mpk.bin"; const char* member_secret_key_file = "msk.bin"; const char* member_credential_file = "mcred.bin"; +const char* member_nonce_file = "mnonce.bin"; #endif //ECDAA_ISSUER_ISSUER_H diff --git a/verifier.c b/verifier.c index 916870b..8bdb3a8 100644 --- a/verifier.c +++ b/verifier.c @@ -44,7 +44,7 @@ int process_verifier(char *buffer) { if (0 == strncasecmp("VERIFYMSG", buffer, 9)) { switch (verifier.state) { case GOTISSUER: - ret = verifier_checkattest(buffer[10]); + ret = verifier_checkattest(&buffer[10]); bzero(buffer, MAX_BUFSIZE); if (-1 == ret) { printf("verifier_attestmember: member public key is malformed!\n"); @@ -60,8 +60,9 @@ int process_verifier(char *buffer) { bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); } + ret = 0; } else if (0 == strncasecmp("ATTEST", buffer, 6)) { - strncpy(remote_ip, buffer[7], 15); + strncpy(remote_ip, &buffer[7], 15); ret = client_connect(&verifier_attestmember, remote_ip, MEMBERPORT); if (0 >= ret) { printf("process_verifier: member verification failed\n"); @@ -77,16 +78,23 @@ int process_verifier(char *buffer) { verifier_checklink(buffer); } else if (0 == strncasecmp("GETPUBLIC", buffer, 9)) { verifier.state = ON; - strncpy(remote_ip, buffer[10], 15); - ret = client_connect(&verifier_getissuer, remote_ip, ISSUERPORT); - if (0 >= ret || GOTISSUER != verifier.state) { - printf("process_verifier: issuer connection failed\n"); + int iplen = strlen(&buffer[10]); + if (iplen >= 7 && iplen <= 15) { + strncpy(remote_ip, &buffer[10], 15); + ret = client_connect(&verifier_getissuer, remote_ip, ISSUERPORT); + if (0 >= ret || GOTISSUER != verifier.state) { + printf("process_verifier: issuer connection failed\n"); + bzero(buffer, MAX_BUFSIZE); + strncpy(buffer, "ERR\n", 4); + } else { + bzero(buffer, MAX_BUFSIZE); + strncpy(buffer, "OK\n", 3); + } + } else { + printf("process_verifier: no valid ip\n"); bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "ERR\n", 4); - } else { - bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "OK\n", 3); - } + } ret = 0; } else if (0 == strncasecmp("EXIT", buffer, 4)) { printf("exit()\n"); @@ -163,12 +171,12 @@ int verifier_attestmember(char *buffer) { case ASKATTEST: if (0 == strncasecmp("ATTEST", buffer, 6)) { printf("MEMBER > VERIFIER: %s", buffer); - ret = verifier_checkattest(buffer[7]); + ret = verifier_checkattest(&buffer[7]); if (-1 == ret) { - printf("verifier_attestmember: member public key is malformed!\n"); + printf("verifier_attestmember: group public key is malformed!\n"); ret = -1; } else if (-2 == ret) { - printf("verifier_attestmember: signature of member public key is invalid\n"); + printf("verifier_attestmember: signature of group public key is invalid\n"); ret = -1; } else { verifier.state = GOTISSUER; @@ -191,7 +199,7 @@ int verifier_attestmember(char *buffer) { //"ATTEST 0" or //"ATTEST 1" int verifier_checkattest(char *buffer) { - char *current = &buffer; + char *current = buffer; char msg[MAX_MSGSIZE]; strncpy(msg, current, MAX_MSGSIZE); @@ -229,7 +237,7 @@ int verifier_checkattest(char *buffer) { ret = ecdaa_signature_FP256BN_verify(&sig, &verifier.ipk.gpk, &verifier.revocations, (uint8_t *) msg, msg_len, (uint8_t *) bsn, bsn_len); if (0 != ret) { - printf("verifier_checkattest: signature not valid\n"); + printf("verifier_checkattest: signature not valid, ret = %i\n", ret); return -1; }