|
|
|
@ -18,26 +18,28 @@ typedef struct member { |
|
|
|
struct ecdaa_issuer_public_key_FP256BN ipk; |
|
|
|
uint8_t bsn[MAX_BSNSIZE]; |
|
|
|
size_t bsn_len; |
|
|
|
struct ecdaa_tpm_context ctx; |
|
|
|
TPM2_HANDLE pk_handle; |
|
|
|
unsigned char pk_in[ECP_FP256BN_LENGTH]; |
|
|
|
unsigned char tcti_buffer[256]; |
|
|
|
} member_t; |
|
|
|
|
|
|
|
typedef struct tpm_context { |
|
|
|
struct ecdaa_tpm_context tpm_ctx; |
|
|
|
uint8_t pk_in[ECP_FP256BN_LENGTH]; |
|
|
|
unsigned char tcti_buffer[256]; |
|
|
|
TSS2_TCTI_CONTEXT *tcti_context; |
|
|
|
} tpm_context_t; |
|
|
|
|
|
|
|
member_t member; |
|
|
|
uint8_t msg[MAX_MSGSIZE]; |
|
|
|
size_t msg_len; |
|
|
|
uint8_t chksum[MAX_CHKSUMSIZE]; |
|
|
|
size_t chksum_len; |
|
|
|
|
|
|
|
int init_tpm(); |
|
|
|
int free_tpm(); |
|
|
|
|
|
|
|
static int tpm_initialize(struct tpm_context *ctx, const char *pub_key_filename, const char *handle_filename); |
|
|
|
static void tpm_cleanup(struct tpm_context *ctx); |
|
|
|
static int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, const char *tpm_key_file, const char *tpm_handle_file); |
|
|
|
|
|
|
|
int member_join(char *buffer); |
|
|
|
|
|
|
|
int member_verifymsg(char *buffer); |
|
|
|
int member_signmsg(char *buffer); |
|
|
|
|
|
|
|
int member_publish(char *buffer); |
|
|
|
|
|
|
|
@ -49,43 +51,31 @@ int main(int argc, char *argv[]) { |
|
|
|
char buffer[MAX_BUFSIZE]; |
|
|
|
char *remote_ip; |
|
|
|
int ret = 0; |
|
|
|
TPM2_HANDLE sk_handle = 0; |
|
|
|
|
|
|
|
//strncpy(member.bsn, "mybasename", 10);
|
|
|
|
//member.bsn_len = strlen(member.bsn);
|
|
|
|
switch(argc) { |
|
|
|
case 3: |
|
|
|
if(0 == strncasecmp("--join", argv[1], 6) || 0 == strncasecmp("-j", argv[1], 2)) { |
|
|
|
if (0 != read_public_key_from_files(member.pk_in, &sk_handle, MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { |
|
|
|
printf("Could not load TPM key with '%s' and '%s', trying to create a new key...\n", MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE); |
|
|
|
if (0 != create_key(MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE) || 0 != read_public_key_from_files(member.pk_in, &sk_handle, MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { |
|
|
|
printf("Error: Creating or Loading TPM key with '%s' and '%s' failed.\n", MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE); |
|
|
|
case 2: |
|
|
|
if(0 == strncasecmp("--createkey", argv[1], 11) || 0 == strncasecmp("-c", argv[1], 2)) { |
|
|
|
if (0 != create_key(MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { |
|
|
|
printf("TPM key generation failed.\n"); |
|
|
|
return 1; |
|
|
|
} |
|
|
|
printf("TPM key saved to %s and %s.\n",MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE); |
|
|
|
} |
|
|
|
if (0 != init_tpm()) { |
|
|
|
printf("Error: Failed to initialize TPM.\n"); |
|
|
|
return 1; |
|
|
|
} |
|
|
|
printf("Initialized TPM with pubkey and handle.\n"); |
|
|
|
break; |
|
|
|
case 3: |
|
|
|
if(0 == strncasecmp("--join", argv[1], 6) || 0 == strncasecmp("-j", argv[1], 2)) { |
|
|
|
member.state = ON; |
|
|
|
remote_ip = argv[2]; |
|
|
|
ret = client_connect(&member_join, remote_ip, ISSUERPORT); |
|
|
|
if (0 >= ret || JOINED != member.state) { |
|
|
|
printf("Join process failed!\n"); |
|
|
|
return 1; |
|
|
|
} |
|
|
|
} else { |
|
|
|
printf("Join process was successful.\n"); |
|
|
|
} else if (0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { |
|
|
|
if (0 != read_public_key_from_files(member.pk_in, &sk_handle, MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { |
|
|
|
printf("Error: reading in public key files '%s' and '%s' failed\n", MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE); |
|
|
|
return 1; |
|
|
|
} |
|
|
|
if (0 != init_tpm()) { |
|
|
|
printf("Error: Failed to initialize TPM.\n"); |
|
|
|
return 1; |
|
|
|
} |
|
|
|
printf("Initialized TPM with pubkey and handle.\n"); |
|
|
|
} else if (0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { |
|
|
|
msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, MESSAGE_FILE); |
|
|
|
if (msg_len < 0) { |
|
|
|
printf("Could not open message file %s.\n", MESSAGE_FILE); |
|
|
|
@ -106,7 +96,7 @@ int main(int argc, char *argv[]) { |
|
|
|
} |
|
|
|
member.state = JOINED; |
|
|
|
remote_ip = argv[2]; |
|
|
|
ret = client_connect(&member_verifymsg, remote_ip, VERIFIERPORT); |
|
|
|
ret = client_connect(&member_signmsg, remote_ip, VERIFIERPORT); |
|
|
|
if (2 != ret) { |
|
|
|
printf("Error: Message transmission to verifier failed.\n"); |
|
|
|
} |
|
|
|
@ -115,7 +105,8 @@ int main(int argc, char *argv[]) { |
|
|
|
} |
|
|
|
break; |
|
|
|
default: |
|
|
|
printf("Usage: \n Join an issuer's group: %s --join <issuer's IPv4>\n", argv[0]); |
|
|
|
printf("Usage: Create a TPM key: %s --createkey\n", argv[0]); |
|
|
|
printf("Join an issuer's group: %s --join <issuer's IPv4>\n", argv[0]); |
|
|
|
printf("Send a signed message to the verifier: %s --send <verifier's IPv4>\n", argv[0]); |
|
|
|
printf("Before sending a DAA-signed message, the member must join a DAA group\n"); |
|
|
|
printf("%s must not exceed %d Bytes, %s must be smaller than %d Bytes\n", MESSAGE_FILE, MAX_MSGSIZE, CHECKSUM_FILE, MAX_CHKSUMSIZE); |
|
|
|
@ -124,17 +115,20 @@ int main(int argc, char *argv[]) { |
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
int init_tpm() |
|
|
|
static int tpm_initialize(struct tpm_context *ctx, const char *pub_key_filename, const char *handle_filename) |
|
|
|
{ |
|
|
|
const char *device_conf = "/dev/tpm0"; |
|
|
|
|
|
|
|
memset(ctx->tcti_buffer, 0, sizeof(ctx->tcti_buffer)); |
|
|
|
int ret = 0; |
|
|
|
|
|
|
|
memset(member.tcti_buffer, 0, sizeof(member.tcti_buffer)); |
|
|
|
|
|
|
|
TPM2_HANDLE key_handle = 0; |
|
|
|
|
|
|
|
TSS2_TCTI_CONTEXT *tcti_ctx = (TSS2_TCTI_CONTEXT*)member.tcti_buffer; |
|
|
|
if (0 != read_public_key_from_files(ctx->pk_in, &key_handle, pub_key_filename, handle_filename)) { |
|
|
|
printf("Error reading public key files '%s' and '%s'.\n",pub_key_filename, handle_filename); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
TSS2_TCTI_CONTEXT *tcti_ctx = (TSS2_TCTI_CONTEXT*)ctx->tcti_buffer; |
|
|
|
|
|
|
|
size_t size; |
|
|
|
ret = Tss2_Tcti_Device_Init(NULL, &size, device_conf); |
|
|
|
@ -142,18 +136,18 @@ int init_tpm() |
|
|
|
printf("Error: Failed to get allocation size for tcti context.\n"); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
if (size > sizeof(member.tcti_buffer)) { |
|
|
|
if (size > sizeof(ctx->tcti_buffer)) { |
|
|
|
printf("Error: device TCTI context size larger than pre-allocated buffer.\n"); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
ret = Tss2_Tcti_Device_Init(tcti_ctx, &size, device_conf); |
|
|
|
ret = Tss2_Tcti_Device_Init(ctx->tcti_context, &size, device_conf); |
|
|
|
if (TSS2_RC_SUCCESS != ret) { |
|
|
|
printf("Error: Unable to initialize device TCTI context.\n"); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
//initialize ecdaa tpm context
|
|
|
|
if(0 != ecdaa_tpm_context_init(&member.ctx, member.pk_handle, NULL, 0, tcti_ctx)) { |
|
|
|
if(0 != ecdaa_tpm_context_init(&ctx->tpm_ctx, key_handle, NULL, 0, ctx->tcti_context)) { |
|
|
|
printf("Error: ECDAA context failed.\n"); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
@ -163,9 +157,12 @@ int init_tpm() |
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
int free_tpm() { |
|
|
|
ecdaa_tpm_context_free(&member.ctx); |
|
|
|
return 0; |
|
|
|
static void tpm_cleanup(struct tpm_context *ctx) { |
|
|
|
ecdaa_tpm_context_free(&ctx->tpm_ctx); |
|
|
|
|
|
|
|
if (NULL != ctx->tcti_context) { |
|
|
|
Tss2_Tcti_Finalize(ctx->tcti_context); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
int member_join(char *buffer) { |
|
|
|
@ -243,19 +240,18 @@ int member_join(char *buffer) { |
|
|
|
|
|
|
|
//"VERIFYMSG <msg><checksum>0<signature>" or
|
|
|
|
//"VERIFYMSG <msg><checksum>1<signature with bsn>"
|
|
|
|
int member_verifymsg(char *buffer) { |
|
|
|
int member_signmsg(char *buffer) { |
|
|
|
char *current = buffer; |
|
|
|
uint8_t binbuf[MAX_BUFSIZE]; |
|
|
|
uint8_t has_nym = member.bsn_len > 0 ? 1 : 0; |
|
|
|
struct ecdaa_signature_FP256BN sig; |
|
|
|
size_t sig_len = has_nym ? ecdaa_signature_FP256BN_with_nym_length() : ecdaa_signature_FP256BN_length(); |
|
|
|
struct tpm_context ctx; |
|
|
|
int bytes = 0; |
|
|
|
|
|
|
|
if (0 == strncasecmp("OK", buffer, 2)) { |
|
|
|
return 1; |
|
|
|
} else if (0 == strncasecmp("ERR", buffer, 3)) { |
|
|
|
printf("member_verifymsg: Verifier refused signature.\n"); |
|
|
|
return 1; |
|
|
|
if (0 != tpm_initialize(&ctx, MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { |
|
|
|
printf("member_signmsg: Failed to initialize TPM."); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
bzero(buffer, MAX_BUFSIZE); |
|
|
|
@ -267,16 +263,16 @@ int member_verifymsg(char *buffer) { |
|
|
|
bytes = ecdaa_encode(chksum, current, MAX_CHKSUMSIZE); |
|
|
|
current = ¤t[bytes]; |
|
|
|
if(has_nym) { |
|
|
|
if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.cred, ecdaa_rand, &member.ctx)) { |
|
|
|
printf("member_verifymsg: Signing message failed.\n"); |
|
|
|
if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, member.bsn, member.bsn_len, &member.cred, ecdaa_rand, &ctx.tpm_ctx)) { |
|
|
|
printf("member_signmsg: Signing message failed.\n"); |
|
|
|
} |
|
|
|
current[0] = '1'; |
|
|
|
current = ¤t[1]; |
|
|
|
strncpy(current, (char *)member.bsn, MAX_BSNSIZE); |
|
|
|
current = ¤t[MAX_BSNSIZE]; |
|
|
|
} else { |
|
|
|
if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.cred, ecdaa_rand, &member.ctx)) { |
|
|
|
printf("member_verifymsg: Signing message failed.\n"); |
|
|
|
if (0 != ecdaa_signature_TPM_FP256BN_sign(&sig, chksum, chksum_len, NULL, 0, &member.cred, ecdaa_rand, &ctx.tpm_ctx)) { |
|
|
|
printf("member_signmsg: Signing message failed.\n"); |
|
|
|
} |
|
|
|
current[0] = '0'; |
|
|
|
current = ¤t[1]; |
|
|
|
@ -286,13 +282,14 @@ int member_verifymsg(char *buffer) { |
|
|
|
ecdaa_signature_FP256BN_serialize(binbuf, &sig, has_nym); |
|
|
|
bytes = ecdaa_encode(binbuf, current, sig_len); |
|
|
|
#ifdef DEBUG |
|
|
|
printf("member_verifymsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); |
|
|
|
printf("member_verifymsg: msg: %s, len: %lu\n", msg, msg_len); |
|
|
|
printf("member_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len); |
|
|
|
printf("member_verifymsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); |
|
|
|
printf("member_verifymsg: sig: %s, len: %lu\n", current, sig_len); |
|
|
|
printf("member_signmsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); |
|
|
|
printf("member_signmsg: msg: %s, len: %lu\n", msg, msg_len); |
|
|
|
printf("member_signmsg: chksum: %s, len: %lu\n", chksum, chksum_len); |
|
|
|
printf("member_signmsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); |
|
|
|
printf("member_signmsg: sig: %s, len: %lu\n", current, sig_len); |
|
|
|
#endif |
|
|
|
current[bytes] = '\n'; |
|
|
|
tpm_cleanup(&ctx); |
|
|
|
return 2; //send to verifier before closing
|
|
|
|
} |
|
|
|
|
|
|
|
@ -300,11 +297,19 @@ int member_verifymsg(char *buffer) { |
|
|
|
int member_joinappend(char *buffer) { |
|
|
|
char *current = &buffer[10]; |
|
|
|
uint8_t binbuf[MAX_BUFSIZE]; |
|
|
|
struct tpm_context ctx; |
|
|
|
int ret = 0; |
|
|
|
int bytes = ecdaa_decode(current, member.nonce, NONCE_SIZE); |
|
|
|
|
|
|
|
ecdaa_write_buffer_to_file(MEMBER_NONCE_FILE, member.nonce, NONCE_SIZE); |
|
|
|
|
|
|
|
bzero(buffer, MAX_BUFSIZE); |
|
|
|
if (0 != (ret = ecdaa_member_key_pair_TPM_FP256BN_generate(&member.mpk, member.pk_in, member.nonce, NONCE_SIZE, &member.ctx))) { |
|
|
|
if (0 != tpm_initialize(&ctx, MEMBER_TPM_KEY_FILE, MEMBER_TPM_HANDLE_FILE)) { |
|
|
|
printf("member_joinappend: Failed to initialize TPM.\n"); |
|
|
|
strncpy(buffer, "ABORT\n", 6); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
if (0 != (ret = ecdaa_member_key_pair_TPM_FP256BN_generate(&member.mpk, ctx.pk_in, member.nonce, NONCE_SIZE, &ctx.tpm_ctx))) { |
|
|
|
fprintf(stderr, "Error generating member key-pair: ret = %d\n", ret); |
|
|
|
strncpy(buffer, "ABORT\n", 6); |
|
|
|
return -1; |
|
|
|
@ -316,6 +321,7 @@ int member_joinappend(char *buffer) { |
|
|
|
ecdaa_member_public_key_FP256BN_serialize(binbuf, &member.mpk); |
|
|
|
bytes = ecdaa_encode(binbuf, current, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH); |
|
|
|
current[bytes] = '\n'; |
|
|
|
tpm_cleanup(&ctx); |
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
@ -352,13 +358,13 @@ int member_joinfinish(char *buffer) { |
|
|
|
return ret; |
|
|
|
} |
|
|
|
|
|
|
|
int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, const char *pub_key_filename, const char *handle_filename) |
|
|
|
static int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, const char *pub_key_filename, const char *handle_filename) |
|
|
|
{ |
|
|
|
int ret = 0; |
|
|
|
|
|
|
|
FILE *pub_key_file_ptr = fopen(pub_key_filename, "r"); |
|
|
|
if (NULL == pub_key_file_ptr) { |
|
|
|
printf("read_public_key: error opening public key.\n"); |
|
|
|
printf("read_public_key: Failed to open tpm public key.\n"); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
do { |
|
|
|
@ -372,14 +378,10 @@ int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, con |
|
|
|
} |
|
|
|
} while(0); |
|
|
|
(void)fclose(pub_key_file_ptr); |
|
|
|
if (0 != ret) { |
|
|
|
printf("read_public_key: error reading public key file.\n"); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
FILE *handle_file_ptr = fopen(handle_filename, "r"); |
|
|
|
if (NULL == handle_file_ptr) { |
|
|
|
printf("read_public_key: error opening handle.\n"); |
|
|
|
printf("read_public_key: Error opening handle.\n"); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
@ -397,10 +399,6 @@ int read_public_key_from_files(uint8_t *public_key, TPM2_HANDLE *key_handle, con |
|
|
|
} while(0); |
|
|
|
(void)fclose(handle_file_ptr); |
|
|
|
|
|
|
|
if (0 != ret) { |
|
|
|
printf("read_public_key: error closing public key.\n"); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
return ret; |
|
|
|
} |
|
|
|
|
|
|
|
|
Michael Preisach
4 years ago