diff --git a/issuer.c b/issuer.c index 086fdc7..dc98229 100644 --- a/issuer.c +++ b/issuer.c @@ -58,7 +58,8 @@ int process_issuer(char *buffer) { printf("Aborting join.\n"); issuer.state = READY; bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "OK\n", 3); + printf("Closing client session.\n"); + return 1; break; default: printf("Nothing to abort.\n"); diff --git a/member-tpm-key.c b/member-tpm-key.c index bed5113..f98c25d 100644 --- a/member-tpm-key.c +++ b/member-tpm-key.c @@ -2,11 +2,6 @@ static TPMA_SESSION empty_session_attributes = {0}; // attributes for password either can't be set or don't make sense -struct command_line_args { - char *pub_key_filename; - char *handle_filename; -}; - struct test_context { TSS2_SYS_CONTEXT *sapi_ctx; TPM2_HANDLE primary_key_handle; @@ -19,17 +14,6 @@ struct test_context { }; -void parse_cmd_args(struct command_line_args *args_out, int argc, char *argv[]) { - if (3 != argc) { - printf("usage: %s pub_key_filename = argv[1]; - args_out->handle_filename = argv[2]; - printf("Saving public key to %s and handle to %s\n", args_out->pub_key_filename, args_out->handle_filename); -} - static void initialize(struct test_context *ctx); static void cleanup(struct test_context *ctx); @@ -40,15 +24,7 @@ static int load(struct test_context *ctx); static int save_public_key_info(const struct test_context* ctx, const char* pub_key_filename, const char* handle_filename); static int evict_control(struct test_context *ctx); -// int main(int argc, char *argv[]) -// { -// struct command_line_args args; -// parse_cmd_args(&args, argc, argv); -// -// create_key(args.pub_key_filename, args.handle_filename); -// } - -void initialize(struct test_context *ctx) +static void initialize(struct test_context *ctx) { const char *device_conf = "/dev/tpm0"; size_t size; @@ -86,7 +62,7 @@ void initialize(struct test_context *ctx) ctx->out_private.size = 0; } -void cleanup(struct test_context *ctx) +static void cleanup(struct test_context *ctx) { TSS2_TCTI_CONTEXT *tcti_context = NULL; TSS2_RC rc; @@ -141,7 +117,7 @@ int create_key(const char* pub_key_filename, const char* handle_filename) return ret; } -int save_public_key_info(const struct test_context *ctx, const char* pub_key_filename, const char* handle_filename) +static int save_public_key_info(const struct test_context *ctx, const char* pub_key_filename, const char* handle_filename) { int write_ret = 0; @@ -193,7 +169,7 @@ int save_public_key_info(const struct test_context *ctx, const char* pub_key_fil return write_ret; } -int clear(struct test_context *ctx) +static int clear(struct test_context *ctx) { TPMI_RH_CLEAR auth_handle = TPM2_RH_LOCKOUT; @@ -215,7 +191,7 @@ int clear(struct test_context *ctx) return ret; } -int create_primary(struct test_context *ctx) +static int create_primary(struct test_context *ctx) { TPMI_RH_HIERARCHY hierarchy = TPM2_RH_ENDORSEMENT; @@ -277,7 +253,7 @@ int create_primary(struct test_context *ctx) return ret; } -int create(struct test_context *ctx) +static int create(struct test_context *ctx) { TSS2L_SYS_AUTH_COMMAND sessionsData = {}; sessionsData.auths[0].sessionHandle = TPM2_RS_PW; @@ -331,7 +307,7 @@ int create(struct test_context *ctx) return ret; } -int load(struct test_context *ctx) +static int load(struct test_context *ctx) { TSS2L_SYS_AUTH_COMMAND sessionsData = {}; sessionsData.auths[0].sessionHandle = TPM2_RS_PW; @@ -357,7 +333,7 @@ int load(struct test_context *ctx) return ret; } -int evict_control(struct test_context *ctx) +static int evict_control(struct test_context *ctx) { TSS2L_SYS_AUTH_COMMAND sessionsData = {}; sessionsData.auths[0].sessionHandle = TPM2_RS_PW; diff --git a/member-tpm.c b/member-tpm.c index 9bc31c2..ae6993a 100644 --- a/member-tpm.c +++ b/member-tpm.c @@ -18,26 +18,28 @@ typedef struct member { struct ecdaa_issuer_public_key_FP256BN ipk; uint8_t bsn[MAX_BSNSIZE]; size_t bsn_len; - struct ecdaa_tpm_context ctx; - TPM2_HANDLE pk_handle; - unsigned char pk_in[ECP_FP256BN_LENGTH]; - unsigned char tcti_buffer[256]; } member_t; +typedef struct tpm_context { + struct ecdaa_tpm_context tpm_ctx; + uint8_t pk_in[ECP_FP256BN_LENGTH]; + unsigned char tcti_buffer[256]; + TSS2_TCTI_CONTEXT *tcti_context; +} tpm_context_t; + member_t member; uint8_t msg[MAX_MSGSIZE]; size_t msg_len; uint8_t chksum[MAX_CHKSUMSIZE]; size_t chksum_len; -int init_tpm(); -int free_tpm(); - +static int tpm_initialize(struct tpm_context *ctx, const char *pub_key_filename, const char *handle_filename); +static void tpm_cleanup(struct tpm_context *ctx); static int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, const char *tpm_key_file, const char *tpm_handle_file); int member_join(char *buffer); -int member_verifymsg(char *buffer); +int member_signmsg(char *buffer); int member_publish(char *buffer); @@ -49,43 +51,31 @@ int main(int argc, char *argv[]) { char buffer[MAX_BUFSIZE]; char *remote_ip; int ret = 0; - TPM2_HANDLE sk_handle = 0; //strncpy(member.bsn, "mybasename", 10); //member.bsn_len = strlen(member.bsn); switch(argc) { + case 2: + if(0 == strncasecmp("--createkey", argv[1], 11) || 0 == strncasecmp("-c", argv[1], 2)) { + if (0 != create_key(MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { + printf("TPM key generation failed.\n"); + return 1; + } + printf("TPM key saved to %s and %s.\n",MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE); + } + break; case 3: if(0 == strncasecmp("--join", argv[1], 6) || 0 == strncasecmp("-j", argv[1], 2)) { - if (0 != read_public_key_from_files(member.pk_in, &sk_handle, MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { - printf("Could not load TPM key with '%s' and '%s', trying to create a new key...\n", MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE); - if (0 != create_key(MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE) || 0 != read_public_key_from_files(member.pk_in, &sk_handle, MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { - printf("Error: Creating or Loading TPM key with '%s' and '%s' failed.\n", MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE); - return 1; - } - } - if (0 != init_tpm()) { - printf("Error: Failed to initialize TPM.\n"); - return 1; - } - printf("Initialized TPM with pubkey and handle.\n"); member.state = ON; remote_ip = argv[2]; ret = client_connect(&member_join, remote_ip, ISSUERPORT); if (0 >= ret || JOINED != member.state) { printf("Join process failed!\n"); return 1; - } - printf("Join process was successful.\n"); - } else if (0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { - if (0 != read_public_key_from_files(member.pk_in, &sk_handle, MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { - printf("Error: reading in public key files '%s' and '%s' failed\n", MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE); - return 1; + } else { + printf("Join process was successful.\n"); } - if (0 != init_tpm()) { - printf("Error: Failed to initialize TPM.\n"); - return 1; - } - printf("Initialized TPM with pubkey and handle.\n"); + } else if (0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, MESSAGE_FILE); if (msg_len < 0) { printf("Could not open message file %s.\n", MESSAGE_FILE); @@ -106,7 +96,7 @@ int main(int argc, char *argv[]) { } member.state = JOINED; remote_ip = argv[2]; - ret = client_connect(&member_verifymsg, remote_ip, VERIFIERPORT); + ret = client_connect(&member_signmsg, remote_ip, VERIFIERPORT); if (2 != ret) { printf("Error: Message transmission to verifier failed.\n"); } @@ -115,7 +105,8 @@ int main(int argc, char *argv[]) { } break; default: - printf("Usage: \n Join an issuer's group: %s --join \n", argv[0]); + printf("Usage: Create a TPM key: %s --createkey\n", argv[0]); + printf("Join an issuer's group: %s --join \n", argv[0]); printf("Send a signed message to the verifier: %s --send \n", argv[0]); printf("Before sending a DAA-signed message, the member must join a DAA group\n"); printf("%s must not exceed %d Bytes, %s must be smaller than %d Bytes\n", MESSAGE_FILE, MAX_MSGSIZE, CHECKSUM_FILE, MAX_CHKSUMSIZE); @@ -124,17 +115,20 @@ int main(int argc, char *argv[]) { return 0; } -int init_tpm() +static int tpm_initialize(struct tpm_context *ctx, const char *pub_key_filename, const char *handle_filename) { const char *device_conf = "/dev/tpm0"; + memset(ctx->tcti_buffer, 0, sizeof(ctx->tcti_buffer)); int ret = 0; - memset(member.tcti_buffer, 0, sizeof(member.tcti_buffer)); - TPM2_HANDLE key_handle = 0; - TSS2_TCTI_CONTEXT *tcti_ctx = (TSS2_TCTI_CONTEXT*)member.tcti_buffer; + if (0 != read_public_key_from_files(ctx->pk_in, &key_handle, pub_key_filename, handle_filename)) { + printf("Error reading public key files '%s' and '%s'.\n",pub_key_filename, handle_filename); + return -1; + } + TSS2_TCTI_CONTEXT *tcti_ctx = (TSS2_TCTI_CONTEXT*)ctx->tcti_buffer; size_t size; ret = Tss2_Tcti_Device_Init(NULL, &size, device_conf); @@ -142,18 +136,18 @@ int init_tpm() printf("Error: Failed to get allocation size for tcti context.\n"); return -1; } - if (size > sizeof(member.tcti_buffer)) { + if (size > sizeof(ctx->tcti_buffer)) { printf("Error: device TCTI context size larger than pre-allocated buffer.\n"); return -1; } - ret = Tss2_Tcti_Device_Init(tcti_ctx, &size, device_conf); + ret = Tss2_Tcti_Device_Init(ctx->tcti_context, &size, device_conf); if (TSS2_RC_SUCCESS != ret) { printf("Error: Unable to initialize device TCTI context.\n"); return -1; } //initialize ecdaa tpm context - if(0 != ecdaa_tpm_context_init(&member.ctx, member.pk_handle, NULL, 0, tcti_ctx)) { + if(0 != ecdaa_tpm_context_init(&ctx->tpm_ctx, key_handle, NULL, 0, ctx->tcti_context)) { printf("Error: ECDAA context failed.\n"); return -1; } @@ -163,9 +157,12 @@ int init_tpm() return 0; } -int free_tpm() { - ecdaa_tpm_context_free(&member.ctx); - return 0; +static void tpm_cleanup(struct tpm_context *ctx) { + ecdaa_tpm_context_free(&ctx->tpm_ctx); + + if (NULL != ctx->tcti_context) { + Tss2_Tcti_Finalize(ctx->tcti_context); + } } int member_join(char *buffer) { @@ -243,19 +240,18 @@ int member_join(char *buffer) { //"VERIFYMSG 0" or //"VERIFYMSG 1" -int member_verifymsg(char *buffer) { +int member_signmsg(char *buffer) { char *current = buffer; uint8_t binbuf[MAX_BUFSIZE]; uint8_t has_nym = member.bsn_len > 0 ? 1 : 0; struct ecdaa_signature_FP256BN sig; size_t sig_len = has_nym ? ecdaa_signature_FP256BN_with_nym_length() : ecdaa_signature_FP256BN_length(); + struct tpm_context ctx; int bytes = 0; - if (0 == strncasecmp("OK", buffer, 2)) { - return 1; - } else if (0 == strncasecmp("ERR", buffer, 3)) { - printf("member_verifymsg: Verifier refused signature.\n"); - return 1; + if (0 != tpm_initialize(&ctx, MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { + printf("member_signmsg: Failed to initialize TPM."); + return -1; } bzero(buffer, MAX_BUFSIZE); @@ -267,16 +263,16 @@ int member_verifymsg(char *buffer) { bytes = ecdaa_encode(chksum, current, MAX_CHKSUMSIZE); current = ¤t[bytes]; if(has_nym) { - if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.cred, ecdaa_rand, &member.ctx)) { - printf("member_verifymsg: Signing message failed.\n"); + if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.cred, ecdaa_rand, &ctx.tpm_ctx)) { + printf("member_signmsg: Signing message failed.\n"); } current[0] = '1'; current = ¤t[1]; strncpy(current, (char *)member.bsn, MAX_BSNSIZE); current = ¤t[MAX_BSNSIZE]; } else { - if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.cred, ecdaa_rand, &member.ctx)) { - printf("member_verifymsg: Signing message failed.\n"); + if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.cred, ecdaa_rand, &ctx.tpm_ctx)) { + printf("member_signmsg: Signing message failed.\n"); } current[0] = '0'; current = ¤t[1]; @@ -286,13 +282,14 @@ int member_verifymsg(char *buffer) { ecdaa_signature_FP256BN_serialize(binbuf, &sig, has_nym); bytes = ecdaa_encode(binbuf, current, sig_len); #ifdef DEBUG - printf("member_verifymsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); - printf("member_verifymsg: msg: %s, len: %lu\n", msg, msg_len); - printf("member_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len); - printf("member_verifymsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); - printf("member_verifymsg: sig: %s, len: %lu\n", current, sig_len); + printf("member_signmsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); + printf("member_signmsg: msg: %s, len: %lu\n", msg, msg_len); + printf("member_signmsg: chksum: %s, len: %lu\n", chksum, chksum_len); + printf("member_signmsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); + printf("member_signmsg: sig: %s, len: %lu\n", current, sig_len); #endif current[bytes] = '\n'; + tpm_cleanup(&ctx); return 2; //send to verifier before closing } @@ -300,11 +297,19 @@ int member_verifymsg(char *buffer) { int member_joinappend(char *buffer) { char *current = &buffer[10]; uint8_t binbuf[MAX_BUFSIZE]; + struct tpm_context ctx; int ret = 0; int bytes = ecdaa_decode(current, member.nonce, NONCE_SIZE); + ecdaa_write_buffer_to_file(MEMBER_NONCE_FILE, member.nonce, NONCE_SIZE); + bzero(buffer, MAX_BUFSIZE); - if (0 != (ret = ecdaa_member_key_pair_TPM_FP256BN_generate(&member.mpk, member.pk_in, member.nonce, NONCE_SIZE, &member.ctx))) { + if (0 != tpm_initialize(&ctx, MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { + printf("member_joinappend: Failed to initialize TPM.\n"); + strncpy(buffer, "ABORT\n", 6); + return -1; + } + if (0 != (ret = ecdaa_member_key_pair_TPM_FP256BN_generate(&member.mpk, ctx.pk_in, member.nonce, NONCE_SIZE, &ctx.tpm_ctx))) { fprintf(stderr, "Error generating member key-pair: ret = %d\n", ret); strncpy(buffer, "ABORT\n", 6); return -1; @@ -316,6 +321,7 @@ int member_joinappend(char *buffer) { ecdaa_member_public_key_FP256BN_serialize(binbuf, &member.mpk); bytes = ecdaa_encode(binbuf, current, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH); current[bytes] = '\n'; + tpm_cleanup(&ctx); return 0; } @@ -352,13 +358,13 @@ int member_joinfinish(char *buffer) { return ret; } -int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, const char *pub_key_filename, const char *handle_filename) +static int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, const char *pub_key_filename, const char *handle_filename) { int ret = 0; FILE *pub_key_file_ptr = fopen(pub_key_filename, "r"); if (NULL == pub_key_file_ptr) { - printf("read_public_key: error opening public key.\n"); + printf("read_public_key: Failed to open tpm public key.\n"); return -1; } do { @@ -372,14 +378,10 @@ int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, con } } while(0); (void)fclose(pub_key_file_ptr); - if (0 != ret) { - printf("read_public_key: error reading public key file.\n"); - return -1; - } FILE *handle_file_ptr = fopen(handle_filename, "r"); if (NULL == handle_file_ptr) { - printf("read_public_key: error opening handle.\n"); + printf("read_public_key: Error opening handle.\n"); return -1; } @@ -397,10 +399,6 @@ int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, con } while(0); (void)fclose(handle_file_ptr); - if (0 != ret) { - printf("read_public_key: error closing public key.\n"); - return -1; - } return ret; } diff --git a/member-tpm.h b/member-tpm.h index 1d52401..16d64a8 100644 --- a/member-tpm.h +++ b/member-tpm.h @@ -5,8 +5,6 @@ #include #include #include -// #include "amcl/big_256_56.h" -// #include "amcl-extensions/ecp_FP256BN.h" #include "server.h" #include "client.h" #include "common.h" diff --git a/member.c b/member.c index 288ae90..f7dfcb1 100644 --- a/member.c +++ b/member.c @@ -29,7 +29,7 @@ size_t chksum_len; int member_join(char *buffer); -int member_verifymsg(char *buffer); +int member_signmsg(char *buffer); int member_publish(char *buffer); @@ -77,7 +77,7 @@ int main(int argc, char **argv) { } member.state = JOINED; remote_ip = argv[2]; - ret = client_connect(&member_verifymsg, remote_ip, VERIFIERPORT); + ret = client_connect(&member_signmsg, remote_ip, VERIFIERPORT); if (2 != ret) { printf("Error: Message transmission to verifier failed.\n"); } @@ -170,7 +170,7 @@ int member_join(char *buffer) { //"VERIFYMSG 0" or //"VERIFYMSG 1" -int member_verifymsg(char *buffer) { +int member_signmsg(char *buffer) { char *current = buffer; uint8_t binbuf[MAX_BUFSIZE]; uint8_t has_nym = member.bsn_len > 0 ? 1 : 0; @@ -188,7 +188,7 @@ int member_verifymsg(char *buffer) { current = ¤t[bytes]; if(has_nym) { if (0 != ecdaa_signature_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.msk, &member.cred, ecdaa_rand)) { - printf("member_verifymsg: Signing message failed.\n"); + printf("member_signmsg: Signing message failed.\n"); } current[0] = '1'; current = ¤t[1]; @@ -196,7 +196,7 @@ int member_verifymsg(char *buffer) { current = ¤t[MAX_BSNSIZE]; } else { if (0 != ecdaa_signature_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.msk, &member.cred, ecdaa_rand)) { - printf("member_verifymsg: Signing message failed.\n"); + printf("member_signmsg: Signing message failed.\n"); } current[0] = '0'; current = ¤t[1]; @@ -206,11 +206,11 @@ int member_verifymsg(char *buffer) { ecdaa_signature_FP256BN_serialize(binbuf, &sig, has_nym); bytes = ecdaa_encode(binbuf, current, sig_len); #ifdef DEBUG - printf("member_verifymsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); - printf("member_verifymsg: msg: %s, len: %lu\n", msg, msg_len); - printf("member_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len); - printf("member_verifymsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); - printf("member_verifymsg: sig: %s, len: %lu\n", current, sig_len); + printf("member_signmsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); + printf("member_signmsg: msg: %s, len: %lu\n", msg, msg_len); + printf("member_signmsg: chksum: %s, len: %lu\n", chksum, chksum_len); + printf("member_signmsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); + printf("member_signmsg: sig: %s, len: %lu\n", current, sig_len); #endif current[bytes] = '\n';