diff --git a/common.h b/common.h index 36e54a5..28f58d1 100644 --- a/common.h +++ b/common.h @@ -7,18 +7,20 @@ #include #include -#define ISSUERIP "192.168.10.11" #define ISSUERPORT 6590 -#define MEMBERIP "192.168.10.12" #define MEMBERPORT 6591 -#define VERIFIERIP "192.168.10.10" #define VERIFIERPORT 6592 #define MAX_CLIENTS 10 -#define MAX_BUFSIZE 40960 -#define MAX_MSGSIZE ((MAX_BUFSIZE - 1536) / 2) +#define MAX_MSGSIZE 15360 +#define MAX_CHKSUMSIZE 1024 +#define MAX_BUFSIZE (((MAX_MSGSIZE + 2) / 3) * 4) + (((MAX_CHKSUMSIZE + 2) / 3) * 4) + 1536 +/* #define MAX_MSGSIZE ((MAX_BUFSIZE - 1536) / 2) - MAX_CHKSUMSIZE //for bin to hex*/ +/* #define MAX_MSGSIZE ((MAX_BUFSIZE - 1536) / 4 * 3) - MAX_CHKSUMSIZE //for base64 */ #define MAX_BSNSIZE 128 #define NONCE_SIZE 384 +#define MSGFILE "msg.txt" +#define CHKSUMFILE "chksum.txt" typedef int (*conn_handler)(char *buffer); diff --git a/issuer.c b/issuer.c index 0d56a45..eca81c5 100644 --- a/issuer.c +++ b/issuer.c @@ -238,7 +238,7 @@ int issuer_reset(char *buffer) { return -1; } bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "RESETDONE\n", 10); + strncpy(buffer, "OK\n", 3); return 0; } diff --git a/member.c b/member.c index 1adfae3..1c57b25 100644 --- a/member.c +++ b/member.c @@ -24,6 +24,9 @@ typedef struct member { member_t member; uint8_t msg[MAX_MSGSIZE]; size_t msg_len; +uint8_t chksum[MAX_CHKSUMSIZE]; +size_t chksum_len; + int member_join(char *buffer); int member_verifymsg(char *buffer); @@ -36,7 +39,7 @@ int member_joinfinish(char *buffer); int main(int argc, char **argv) { char buffer[MAX_BUFSIZE]; - char *remote_ip = argv[2]; + char *remote_ip; int ret = 0; //strncpy(member.bsn, "mybasename", 10); //member.bsn_len = strlen(member.bsn); @@ -44,6 +47,7 @@ int main(int argc, char **argv) { case 3: if( 0 == strncasecmp("--join", argv[1], 6) || 0 == strncasecmp("-j", argv[1], 2)) { member.state = ON; + remote_ip = argv[2]; ret = client_connect(&member_join, remote_ip, ISSUERPORT); if (0 >= ret || JOINED != member.state) { printf("Join process failed!\n"); @@ -51,15 +55,16 @@ int main(int argc, char **argv) { } else { printf("Join process was successful\n"); } - } else { - printf("2 arguments but not join\n"); - } - break; - case 4: - if( 0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { - msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, argv[3]); + } + else if( 0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) { + msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, MSGFILE); if (msg_len < 0) { - printf("Could not open message file %s\n", argv[3]); + printf("Could not open message file %s\n", MSGFILE); + return 1; + } + chksum_len = ecdaa_read_from_file(chksum, MAX_CHKSUMSIZE, CHKSUMFILE); + if (chksum_len < 0) { + printf("Could not open checksum file %s\n", CHKSUMFILE); return 1; } if (0 > ecdaa_read_from_file(member.nonce, NONCE_SIZE, member_nonce_file) || @@ -71,18 +76,20 @@ int main(int argc, char **argv) { return 1; } member.state = JOINED; + remote_ip = argv[2]; ret = client_connect(&member_verifymsg, remote_ip, VERIFIERPORT); if (0 >= ret || JOINED != member.state) { printf("connection to verifier failed\n"); } } else { - printf("3 arguments but not send\n"); + printf("arguments invalid\n"); } break; default: printf("Usage: \n Join an issuer's group: %s --join \n", argv[0]); - printf("Send a signed message to the verifier: %s --send \n", argv[0]); + printf("Send a signed message to the verifier: %s --send \n", argv[0]); printf("Before sending a DAA-signed message, the member must join a DAA group\n"); + printf("%s must not exceed %d Bytes, %s must be smaller than %d Bytes\n", MSGFILE, MAX_MSGSIZE, CHKSUMFILE, MAX_CHKSUMSIZE); break; } return 0; @@ -125,7 +132,7 @@ int member_join(char *buffer) { case APPEND: if (0 == strncasecmp("JOINSTART", buffer, 9)) { printf("ISSUER > MEMBER: %s\n", buffer); - member_joinappend(buffer); + member_joinappend(&buffer[10]); member.state = JOINPROCEED; } else { printf("member_join: did not get nonce from issuer\n"); @@ -136,7 +143,7 @@ int member_join(char *buffer) { case JOINPROCEED: if (0 == strncasecmp("JOINPROCEED", buffer, 11)) { printf("ISSUER > MEMBER: %s\n", buffer); - member_joinfinish(buffer); + member_joinfinish(&buffer[12]); member.state = JOINED; ret = 1; } else { @@ -154,28 +161,24 @@ int member_join(char *buffer) { return ret; } -//"VERIFYMSG" > "VERIFYMSG " +//"VERIFYMSG 0" or +//"VERIFYMSG 1" int member_verifymsg(char *buffer) { char *current = buffer; uint8_t binbuf[MAX_BUFSIZE]; uint8_t has_nym = member.bsn_len > 0 ? 1 : 0; struct ecdaa_signature_FP256BN sig; size_t sig_len = has_nym ? ecdaa_signature_FP256BN_with_nym_length() : ecdaa_signature_FP256BN_length(); - int ret = 0; - - if (0 == strncasecmp("OK", buffer, 2)) { - return 1; - } else if (0 == strncasecmp("ERR", buffer, 3)) { - printf("member_verifymsg: Verifier refused signature\n"); - return 1; - } + int bytes = 0; bzero(buffer, MAX_BUFSIZE); strncpy(current, "VERIFYMSG ", 10); current = ¤t[10]; - ret = ecdaa_encode(msg, current, msg_len); - current = ¤t[2 * MAX_MSGSIZE]; + bytes = ecdaa_encode(msg, current, MAX_MSGSIZE); + current = ¤t[bytes]; + bytes = ecdaa_encode(chksum, current, MAX_CHKSUMSIZE); + current = ¤t[bytes]; if(has_nym) { if (0 != ecdaa_signature_FP256BN_sign(&sig, msg, msg_len, member.bsn, member.bsn_len, &member.msk, &member.cred, ecdaa_rand)) { printf("member_verifymsg: Signing message failed\n"); @@ -194,40 +197,22 @@ int member_verifymsg(char *buffer) { bzero(binbuf, MAX_BUFSIZE); ecdaa_signature_FP256BN_serialize(binbuf, &sig, has_nym); - ret = ecdaa_encode(binbuf, current, sig_len); + bytes = ecdaa_encode(binbuf, current, sig_len); printf("member_verifymsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len); - printf("member_verifymsg: msg: %s, len: %lu\n",msg, msg_len); - printf("member_verifymsg: bsn: %s, len: %lu\n",(char *)member.bsn, strlen((char *)member.bsn)); + printf("member_verifymsg: msg: %s, len: %lu\n", msg, msg_len); + printf("member_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len); + printf("member_verifymsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn)); printf("member_verifymsg: sig: %s, len: %lu\n", current, sig_len); - current[ret] = '\n'; - return 0; + current[bytes] = '\n'; + return 1; } -//"PUBLISH" > "PUBLISH " -/* int member_publish(char *buffer) { */ -/* char *current; */ -/* int ret = 0; */ -/* uint8_t binbuf[MAX_BUFSIZE]; */ -/* bzero(buffer, MAX_BUFSIZE); */ - -/* strncpy(buffer, "PUBLISH ", 8); */ - -/* current = &buffer[8]; */ -/* bzero(binbuf, MAX_BUFSIZE); */ -/* ecdaa_member_public_key_FP256BN_serialize(binbuf, &member.mpk); */ -/* ret = ecdaa_encode(binbuf, current, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH); */ - -/* current[ret] = '\n'; */ - -/* return 0; */ -/* } */ - //"JOINSTART " > "APPEND " int member_joinappend(char *buffer) { - char *current = &buffer[10]; + char *current = buffer; uint8_t binbuf[MAX_BUFSIZE]; - int ret = ecdaa_decode(current, member.nonce, NONCE_SIZE); + int bytes = ecdaa_decode(current, member.nonce, NONCE_SIZE); ecdaa_write_buffer_to_file(member_nonce_file, member.nonce, NONCE_SIZE); // if (0 != ecdaa_member_key_pair_TPM_FP256BN_generate(&member.mpk, member.nonce, NONCE_SIZE)) { if (0 != ecdaa_member_key_pair_FP256BN_generate(&member.mpk, &member.msk, member.nonce, NONCE_SIZE, ecdaa_rand)) { @@ -240,14 +225,14 @@ int member_joinappend(char *buffer) { current = &buffer[7]; bzero(binbuf, MAX_BUFSIZE); ecdaa_member_public_key_FP256BN_serialize(binbuf, &member.mpk); - ret = ecdaa_encode(binbuf, current, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH); - current[ret] = '\n'; + bytes = ecdaa_encode(binbuf, current, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH); + current[bytes] = '\n'; return 0; } //"JOINPROCEED " > "" int member_joinfinish(char *buffer) { - char *current = &buffer[12]; + char *current = buffer; uint8_t *bincur; uint8_t binbuf[MAX_BUFSIZE]; int ret = 0; @@ -273,11 +258,7 @@ int member_joinfinish(char *buffer) { 0 != ecdaa_member_secret_key_FP256BN_serialize_file(member_secret_key_file, &member.msk) || 0 != ecdaa_credential_FP256BN_serialize_file(member_credential_file, &member.cred)) { printf("issuer_setup: Error saving key-pair or credential to disk\n"); - strncpy(buffer, "ERR", 3); ret = -1; - } else { - strncpy(buffer, "OK", 2); } return ret; } - diff --git a/verifier.c b/verifier.c index 6d27bc3..6f92e2f 100644 --- a/verifier.c +++ b/verifier.c @@ -1,10 +1,8 @@ #include "verifier.h" typedef enum verifierstate { - ON, ASKISSUER, GOTISSUER, - ASKATTEST, } verifierstate_e; typedef struct verifier { @@ -15,21 +13,50 @@ typedef struct verifier { } verifier_t; verifier_t verifier; +uint8_t msg[MAX_MSGSIZE]; +size_t msg_len; +uint8_t chksum[MAX_CHKSUMSIZE]; +size_t chksum_len; int verifier_getissuer(char *buffer); -//int verifier_getmember(char *buffer); int verifier_attestmember(char *buffer); int verifier_checklink(char *buffer); -int verifier_checkattest(char *buffer); +int verifier_verifymsg(char *buffer); int main() { verifier.revocations.sk_list = NULL; verifier.revocations.bsn_list = NULL; + char *remote_ip; - if (2 != server_start(&process_verifier, VERIFIERPORT)) { + switch(argc) { + case 1: + if (0 != ecdaa_issuer_public_key_FP256BN_deserialize_file(&verifier.ipk, verifier_ipk_file)) { + printf("Could not import key file. Importing from %s was not successful",verifier_ipk_file); + return 1; + } + verifier.state = GOTISSUER; + break; + case 3: + if( 0 == strncasecmp("--public", argv[1], 6) || 0 == strncasecmp("-p", argv[1], 2)) { + verifier.state = ON; + remote_ip = argv[2]; + ret = client_connect(&verifier_getissuer, remote_ip, VERIFIERPORT); + if (0 >= ret || GOTISSUER != verifier.state) { + printf("connection to issuer failed\n"); + } + } else { + printf("arguments invalid\n"); + } + break; + default: + printf("Usage: \n Get issuer's public key: %s --public \n", argv[0]); + printf("If the public key is already saved, no arguments are needed\n"); + break; + } + if (GOTISSUER == verifier.state && 2 != server_start(&process_verifier, VERIFIERPORT)) { printf("server failed\n"); } return 0; @@ -42,60 +69,20 @@ int process_verifier(char *buffer) { printf("> VERIFIER: %s\n", buffer); if (0 == strncasecmp("VERIFYMSG", buffer, 9)) { - switch (verifier.state) { - case GOTISSUER: - ret = verifier_checkattest(&buffer[10]); - bzero(buffer, MAX_BUFSIZE); - if (-1 == ret) { - printf("process_verifier: member public key is malformed!\n"); - strncpy(buffer, "ERR\n", 4); - } else if (-2 == ret) { - printf("process_verifier: signature of member public key is invalid\n"); - strncpy(buffer, "ERR\n", 4); - } else { - strncpy(buffer, "OK\n", 3); - } - break; - default: - bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "ERR\n", 4); - } - ret = 0; - } else if (0 == strncasecmp("ATTEST", buffer, 6)) { - strncpy(remote_ip, &buffer[7], 15); - ret = client_connect(&verifier_attestmember, remote_ip, MEMBERPORT); - if (0 >= ret) { - printf("process_verifier: member verification failed\n"); + ret = verifier_verifymsg(&buffer[10]); bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "ERR\n", 4); - } else { - bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "OK\n", 3); - } - ret = 0; - } else if (0 == strncasecmp("LINK", buffer, 4)) { - bzero(buffer, MAX_BUFSIZE); - verifier_checklink(buffer); - } else if (0 == strncasecmp("GETPUBLIC", buffer, 9)) { - verifier.state = ON; - int iplen = strlen(&buffer[10]); - if (iplen >= 7 && iplen <= 15) { - strncpy(remote_ip, &buffer[10], 15); - ret = client_connect(&verifier_getissuer, remote_ip, ISSUERPORT); - if (0 >= ret || GOTISSUER != verifier.state) { - printf("process_verifier: issuer connection failed\n"); - bzero(buffer, MAX_BUFSIZE); + if (-1 == ret) { + printf("process_verifier: member public key is malformed!\n"); + strncpy(buffer, "ERR\n", 4); + } else if (-2 == ret) { + printf("process_verifier: signature of member public key is invalid\n"); strncpy(buffer, "ERR\n", 4); } else { - bzero(buffer, MAX_BUFSIZE); strncpy(buffer, "OK\n", 3); } - } else { - printf("process_verifier: no valid ip\n"); - bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "ERR\n", 4); - } - ret = 0; + break; + } + ret = 0; } else if (0 == strncasecmp("EXIT", buffer, 4)) { printf("closing client session\n"); bzero(buffer, MAX_BUFSIZE); @@ -116,7 +103,6 @@ int process_verifier(char *buffer) { return ret; } -//"GETPUBLIC " > "OK" int verifier_getissuer(char *buffer) { int ret = 0; @@ -158,50 +144,10 @@ int verifier_getissuer(char *buffer) { return ret; } - -int verifier_attestmember(char *buffer) { - int ret = 0; - - switch (verifier.state) { - case GOTISSUER: - bzero(buffer, MAX_BUFSIZE); - strncpy(buffer, "ATTEST\n", 7); - verifier.state = ASKATTEST; - break; - case ASKATTEST: - if (0 == strncasecmp("ATTEST", buffer, 6)) { - printf("MEMBER > VERIFIER: %s", buffer); - ret = verifier_checkattest(&buffer[7]); - if (-1 == ret) { - printf("verifier_attestmember: group public key is malformed!\n"); - ret = -1; - } else if (-2 == ret) { - printf("verifier_attestmember: signature of group public key is invalid\n"); - ret = -1; - } else { - verifier.state = GOTISSUER; - ret = 1; - } - } else { - printf("verifier_attestmember: did not get correct message from member\n"); - ret = -1; - } - break; - default: - ret = -1; - } - if (0 == ret) { - printf("MEMBER < VERIFIER: %s", buffer); - } - return ret; -} - //"ATTEST 0" or //"ATTEST 1" -int verifier_checkattest(char *buffer) { +int verifier_verifymsg(char *buffer) { char *current = buffer; - char msg[MAX_MSGSIZE]; - size_t msg_len = 0; int has_nym = 0; char bsn[MAX_BSNSIZE]; size_t bsn_len = 0; @@ -213,7 +159,11 @@ int verifier_checkattest(char *buffer) { bzero(msg, MAX_MSGSIZE); ret = ecdaa_decode(current, msg, MAX_MSGSIZE); msg_len = strlen(msg); - current = ¤t[2 * MAX_MSGSIZE]; + current = ¤t[ret]; + bzero(chksum, MAX_CHKSUMSIZE); + ret = ecdaa_decode(current, chksum, MAX_CHKSUMSIZE); + chksum_len = strlen(chksum); + current = ¤t[ret]; has_nym = current[0] - '0'; current = ¤t[1]; @@ -224,36 +174,32 @@ int verifier_checkattest(char *buffer) { current = ¤t[MAX_BSNSIZE]; sig_len = ecdaa_signature_FP256BN_with_nym_length(); } else { - sig_len = ecdaa_signature_FP256BN_length(); - } + bzero(binbuf, MAX_BUFSIZE); ecdaa_decode(current, binbuf, sig_len); ret = ecdaa_signature_FP256BN_deserialize(&sig, binbuf, has_nym); if (0 != ret) { - printf("verifier_checkattest: error reading signature\n"); + printf("verifier_verifymsg: error reading signature\n"); return -1; } - printf("verifier_checkattest: msg: %s, len: %lu\n",msg, msg_len); - printf("verifier_checkattest: bsn: %s, len: %lu\n",bsn, bsn_len); - printf("verifier_checkattest: sig: %s, len: %lu\n", current, sig_len); + printf("verifier_verifymsg: has_nym: %u, sig_len: %lu\n", has_nym, sig_len); + printf("verifier_verifymsg: msg: %s, len: %lu\n", msg, msg_len); + printf("verifier_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len); + printf("verifier_verifymsg: bsn: %s, len: %lu\n", bsn, bsn_len); + printf("verifier_verifymsg: sig: %s, len: %lu\n", current, sig_len); ret = ecdaa_signature_FP256BN_verify(&sig, &verifier.ipk.gpk, &verifier.revocations, (uint8_t *) msg, msg_len, (uint8_t *) bsn, bsn_len); if (0 != ret) { - printf("verifier_checkattest: signature not valid, ret = %i\n", ret); + printf("verifier_verifymsg: signature not valid, ret = %i\n", ret); return -1; } printf("writing message to %s\n", verifier_message_file); - ecdaa_write_buffer_to_file(verifier_message_file, msg, msg_len); - return 0; -} - -//"LINK" > "NOT IMPLEMENTED" -int verifier_checklink(char *buffer) { - strncat(buffer, "NOT_IMPLEMENTED\n", 17); + ecdaa_write_buffer_to_file(MSGFILE, msg, msg_len); + ecdaa_write_buffer_to_file(CHKSUMFILE, chksum, chksum_len); return 0; } diff --git a/verifier.h b/verifier.h index aec1ac1..5bf25f5 100644 --- a/verifier.h +++ b/verifier.h @@ -8,6 +8,5 @@ #include "common.h" int process_verifier(char *buffer); -const char* verifier_message_file = "vmsg.txt"; #endif //ECDAA_VERIFIER_H