preisacm
/
masterthesis-ecdaa-network-wrapper
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

reworked message layout, minor protocol fixes

master
Michael Preisach 4 years ago
parent
60d1c56c54
commit
edc8390e84
5 changed files with 103 additions and 175 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      common.h
  2. 2
      issuer.c
  3. 95
      member.c
  4. 168
      verifier.c
  5. 1
      verifier.h

12
common.h
View File

@ -7,18 +7,20 @@
#include <string.h>
#include <stdint.h>
#define ISSUERIP "192.168.10.11"
#define ISSUERPORT 6590
#define MEMBERIP "192.168.10.12"
#define MEMBERPORT 6591
#define VERIFIERIP "192.168.10.10"
#define VERIFIERPORT 6592
#define MAX_CLIENTS 10
#define MAX_BUFSIZE 40960
#define MAX_MSGSIZE ((MAX_BUFSIZE - 1536) / 2)
#define MAX_MSGSIZE 15360
#define MAX_CHKSUMSIZE 1024
#define MAX_BUFSIZE (((MAX_MSGSIZE + 2) / 3) * 4) + (((MAX_CHKSUMSIZE + 2) / 3) * 4) + 1536
/* #define MAX_MSGSIZE ((MAX_BUFSIZE - 1536) / 2) - MAX_CHKSUMSIZE //for bin to hex*/
/* #define MAX_MSGSIZE ((MAX_BUFSIZE - 1536) / 4 * 3) - MAX_CHKSUMSIZE //for base64 */
#define MAX_BSNSIZE 128
#define NONCE_SIZE 384
#define MSGFILE "msg.txt"
#define CHKSUMFILE "chksum.txt"
typedef int (*conn_handler)(char *buffer);

2
issuer.c
View File

@ -238,7 +238,7 @@ int issuer_reset(char *buffer) {
return -1;
}
bzero(buffer, MAX_BUFSIZE);
strncpy(buffer, "RESETDONE\n", 10);
strncpy(buffer, "OK\n", 3);
return 0;
}

95
member.c
View File

@ -24,6 +24,9 @@ typedef struct member {
member_t member;
uint8_t msg[MAX_MSGSIZE];
size_t msg_len;
uint8_t chksum[MAX_CHKSUMSIZE];
size_t chksum_len;
int member_join(char *buffer);
int member_verifymsg(char *buffer);
@ -36,7 +39,7 @@ int member_joinfinish(char *buffer);
int main(int argc, char **argv) {
char buffer[MAX_BUFSIZE];
char *remote_ip = argv[2];
char *remote_ip;
int ret = 0;
//strncpy(member.bsn, "mybasename", 10);
//member.bsn_len = strlen(member.bsn);
@ -44,6 +47,7 @@ int main(int argc, char **argv) {
case 3:
if( 0 == strncasecmp("--join", argv[1], 6) || 0 == strncasecmp("-j", argv[1], 2)) {
member.state = ON;
remote_ip = argv[2];
ret = client_connect(&member_join, remote_ip, ISSUERPORT);
if (0 >= ret || JOINED != member.state) {
printf("Join process failed!\n");
@ -51,15 +55,16 @@ int main(int argc, char **argv) {
} else {
printf("Join process was successful\n");
}
} else {
printf("2 arguments but not join\n");
}
break;
case 4:
if( 0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) {
msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, argv[3]);
}
else if( 0 == strncasecmp("--send", argv[1], 6) || 0 == strncasecmp("-s", argv[1], 2)) {
msg_len = ecdaa_read_from_file(msg, MAX_MSGSIZE, MSGFILE);
if (msg_len < 0) {
printf("Could not open message file %s\n", argv[3]);
printf("Could not open message file %s\n", MSGFILE);
return 1;
}
chksum_len = ecdaa_read_from_file(chksum, MAX_CHKSUMSIZE, CHKSUMFILE);
if (chksum_len < 0) {
printf("Could not open checksum file %s\n", CHKSUMFILE);
return 1;
}
if (0 > ecdaa_read_from_file(member.nonce, NONCE_SIZE, member_nonce_file) ||
@ -71,18 +76,20 @@ int main(int argc, char **argv) {
return 1;
}
member.state = JOINED;
remote_ip = argv[2];
ret = client_connect(&member_verifymsg, remote_ip, VERIFIERPORT);
if (0 >= ret || JOINED != member.state) {
printf("connection to verifier failed\n");
}
} else {
printf("3 arguments but not send\n");
printf("arguments invalid\n");
}
break;
default:
printf("Usage: \n Join an issuer's group: %s --join <issuer's IPv4>\n", argv[0]);
printf("Send a signed message to the verifier: %s --send <verifier's IPv4> <msgfile>\n", argv[0]);
printf("Send a signed message to the verifier: %s --send <verifier's IPv4>\n", argv[0]);
printf("Before sending a DAA-signed message, the member must join a DAA group\n");
printf("%s must not exceed %d Bytes, %s must be smaller than %d Bytes\n", MSGFILE, MAX_MSGSIZE, CHKSUMFILE, MAX_CHKSUMSIZE);
break;
}
return 0;
@ -125,7 +132,7 @@ int member_join(char *buffer) {
case APPEND:
if (0 == strncasecmp("JOINSTART", buffer, 9)) {
printf("ISSUER > MEMBER: %s\n", buffer);
member_joinappend(buffer);
member_joinappend(&buffer[10]);
member.state = JOINPROCEED;
} else {
printf("member_join: did not get nonce from issuer\n");
@ -136,7 +143,7 @@ int member_join(char *buffer) {
case JOINPROCEED:
if (0 == strncasecmp("JOINPROCEED", buffer, 11)) {
printf("ISSUER > MEMBER: %s\n", buffer);
member_joinfinish(buffer);
member_joinfinish(&buffer[12]);
member.state = JOINED;
ret = 1;
} else {
@ -154,28 +161,24 @@ int member_join(char *buffer) {
return ret;
}
//"VERIFYMSG" > "VERIFYMSG <attestval>"
//"VERIFYMSG <msg><checksum>0<signature>" or
//"VERIFYMSG <msg><checksum>1<signature with bsn>"
int member_verifymsg(char *buffer) {
char *current = buffer;
uint8_t binbuf[MAX_BUFSIZE];
uint8_t has_nym = member.bsn_len > 0 ? 1 : 0;
struct ecdaa_signature_FP256BN sig;
size_t sig_len = has_nym ? ecdaa_signature_FP256BN_with_nym_length() : ecdaa_signature_FP256BN_length();
int ret = 0;
if (0 == strncasecmp("OK", buffer, 2)) {
return 1;
} else if (0 == strncasecmp("ERR", buffer, 3)) {
printf("member_verifymsg: Verifier refused signature\n");
return 1;
}
int bytes = 0;
bzero(buffer, MAX_BUFSIZE);
strncpy(current, "VERIFYMSG ", 10);
current = &current[10];
ret = ecdaa_encode(msg, current, msg_len);
current = &current[2 * MAX_MSGSIZE];
bytes = ecdaa_encode(msg, current, MAX_MSGSIZE);
current = &current[bytes];
bytes = ecdaa_encode(chksum, current, MAX_CHKSUMSIZE);
current = &current[bytes];
if(has_nym) {
if (0 != ecdaa_signature_FP256BN_sign(&sig, msg, msg_len, member.bsn, member.bsn_len, &member.msk, &member.cred, ecdaa_rand)) {
printf("member_verifymsg: Signing message failed\n");
@ -194,40 +197,22 @@ int member_verifymsg(char *buffer) {
bzero(binbuf, MAX_BUFSIZE);
ecdaa_signature_FP256BN_serialize(binbuf, &sig, has_nym);
ret = ecdaa_encode(binbuf, current, sig_len);
bytes = ecdaa_encode(binbuf, current, sig_len);
printf("member_verifymsg: has_nym: %u, sig_len: %lu\n",has_nym, sig_len);
printf("member_verifymsg: msg: %s, len: %lu\n",msg, msg_len);
printf("member_verifymsg: bsn: %s, len: %lu\n",(char *)member.bsn, strlen((char *)member.bsn));
printf("member_verifymsg: msg: %s, len: %lu\n", msg, msg_len);
printf("member_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len);
printf("member_verifymsg: bsn: %s, len: %lu\n", (char *)member.bsn, strlen((char *)member.bsn));
printf("member_verifymsg: sig: %s, len: %lu\n", current, sig_len);
current[ret] = '\n';
return 0;
current[bytes] = '\n';
return 1;
}
//"PUBLISH" > "PUBLISH <member.mpk>"
/* int member_publish(char *buffer) { */
/* char *current; */
/* int ret = 0; */
/* uint8_t binbuf[MAX_BUFSIZE]; */
/* bzero(buffer, MAX_BUFSIZE); */
/* strncpy(buffer, "PUBLISH ", 8); */
/* current = &buffer[8]; */
/* bzero(binbuf, MAX_BUFSIZE); */
/* ecdaa_member_public_key_FP256BN_serialize(binbuf, &member.mpk); */
/* ret = ecdaa_encode(binbuf, current, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH); */
/* current[ret] = '\n'; */
/* return 0; */
/* } */
//"JOINSTART <issuer.nonce>" > "APPEND <member.mpk>"
int member_joinappend(char *buffer) {
char *current = &buffer[10];
char *current = buffer;
uint8_t binbuf[MAX_BUFSIZE];
int ret = ecdaa_decode(current, member.nonce, NONCE_SIZE);
int bytes = ecdaa_decode(current, member.nonce, NONCE_SIZE);
ecdaa_write_buffer_to_file(member_nonce_file, member.nonce, NONCE_SIZE);
// if (0 != ecdaa_member_key_pair_TPM_FP256BN_generate(&member.mpk, member.nonce, NONCE_SIZE)) {
if (0 != ecdaa_member_key_pair_FP256BN_generate(&member.mpk, &member.msk, member.nonce, NONCE_SIZE, ecdaa_rand)) {
@ -240,14 +225,14 @@ int member_joinappend(char *buffer) {
current = &buffer[7];
bzero(binbuf, MAX_BUFSIZE);
ecdaa_member_public_key_FP256BN_serialize(binbuf, &member.mpk);
ret = ecdaa_encode(binbuf, current, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH);
current[ret] = '\n';
bytes = ecdaa_encode(binbuf, current, ECDAA_MEMBER_PUBLIC_KEY_FP256BN_LENGTH);
current[bytes] = '\n';
return 0;
}
//"JOINPROCEED <member.cred><member.cred_sig>" > ""
int member_joinfinish(char *buffer) {
char *current = &buffer[12];
char *current = buffer;
uint8_t *bincur;
uint8_t binbuf[MAX_BUFSIZE];
int ret = 0;
@ -273,11 +258,7 @@ int member_joinfinish(char *buffer) {
0 != ecdaa_member_secret_key_FP256BN_serialize_file(member_secret_key_file, &member.msk) ||
0 != ecdaa_credential_FP256BN_serialize_file(member_credential_file, &member.cred)) {
printf("issuer_setup: Error saving key-pair or credential to disk\n");
strncpy(buffer, "ERR", 3);
ret = -1;
} else {
strncpy(buffer, "OK", 2);
}
return ret;
}

168
verifier.c
View File

@ -1,10 +1,8 @@
#include "verifier.h"
typedef enum verifierstate {
ON,
ASKISSUER,
GOTISSUER,
ASKATTEST,
} verifierstate_e;
typedef struct verifier {
@ -15,21 +13,50 @@ typedef struct verifier {
} verifier_t;
verifier_t verifier;
uint8_t msg[MAX_MSGSIZE];
size_t msg_len;
uint8_t chksum[MAX_CHKSUMSIZE];
size_t chksum_len;
int verifier_getissuer(char *buffer);
//int verifier_getmember(char *buffer);
int verifier_attestmember(char *buffer);
int verifier_checklink(char *buffer);
int verifier_checkattest(char *buffer);
int verifier_verifymsg(char *buffer);
int main() {
verifier.revocations.sk_list = NULL;
verifier.revocations.bsn_list = NULL;
char *remote_ip;
if (2 != server_start(&process_verifier, VERIFIERPORT)) {
switch(argc) {
case 1:
if (0 != ecdaa_issuer_public_key_FP256BN_deserialize_file(&verifier.ipk, verifier_ipk_file)) {
printf("Could not import key file. Importing from %s was not successful",verifier_ipk_file);
return 1;
}
verifier.state = GOTISSUER;
break;
case 3:
if( 0 == strncasecmp("--public", argv[1], 6) || 0 == strncasecmp("-p", argv[1], 2)) {
verifier.state = ON;
remote_ip = argv[2];
ret = client_connect(&verifier_getissuer, remote_ip, VERIFIERPORT);
if (0 >= ret || GOTISSUER != verifier.state) {
printf("connection to issuer failed\n");
}
} else {
printf("arguments invalid\n");
}
break;
default:
printf("Usage: \n Get issuer's public key: %s --public <issuer's IPv4>\n", argv[0]);
printf("If the public key is already saved, no arguments are needed\n");
break;
}
if (GOTISSUER == verifier.state && 2 != server_start(&process_verifier, VERIFIERPORT)) {
printf("server failed\n");
}
return 0;
@ -42,60 +69,20 @@ int process_verifier(char *buffer) {
printf("> VERIFIER: %s\n", buffer);
if (0 == strncasecmp("VERIFYMSG", buffer, 9)) {
switch (verifier.state) {
case GOTISSUER:
ret = verifier_checkattest(&buffer[10]);
bzero(buffer, MAX_BUFSIZE);
if (-1 == ret) {
printf("process_verifier: member public key is malformed!\n");
strncpy(buffer, "ERR\n", 4);
} else if (-2 == ret) {
printf("process_verifier: signature of member public key is invalid\n");
strncpy(buffer, "ERR\n", 4);
} else {
strncpy(buffer, "OK\n", 3);
}
break;
default:
bzero(buffer, MAX_BUFSIZE);
strncpy(buffer, "ERR\n", 4);
}
ret = 0;
} else if (0 == strncasecmp("ATTEST", buffer, 6)) {
strncpy(remote_ip, &buffer[7], 15);
ret = client_connect(&verifier_attestmember, remote_ip, MEMBERPORT);
if (0 >= ret) {
printf("process_verifier: member verification failed\n");
ret = verifier_verifymsg(&buffer[10]);
bzero(buffer, MAX_BUFSIZE);
strncpy(buffer, "ERR\n", 4);
} else {
bzero(buffer, MAX_BUFSIZE);
strncpy(buffer, "OK\n", 3);
}
ret = 0;
} else if (0 == strncasecmp("LINK", buffer, 4)) {
bzero(buffer, MAX_BUFSIZE);
verifier_checklink(buffer);
} else if (0 == strncasecmp("GETPUBLIC", buffer, 9)) {
verifier.state = ON;
int iplen = strlen(&buffer[10]);
if (iplen >= 7 && iplen <= 15) {
strncpy(remote_ip, &buffer[10], 15);
ret = client_connect(&verifier_getissuer, remote_ip, ISSUERPORT);
if (0 >= ret || GOTISSUER != verifier.state) {
printf("process_verifier: issuer connection failed\n");
bzero(buffer, MAX_BUFSIZE);
if (-1 == ret) {
printf("process_verifier: member public key is malformed!\n");
strncpy(buffer, "ERR\n", 4);
} else if (-2 == ret) {
printf("process_verifier: signature of member public key is invalid\n");
strncpy(buffer, "ERR\n", 4);
} else {
bzero(buffer, MAX_BUFSIZE);
strncpy(buffer, "OK\n", 3);
}
} else {
printf("process_verifier: no valid ip\n");
bzero(buffer, MAX_BUFSIZE);
strncpy(buffer, "ERR\n", 4);
}
ret = 0;
break;
}
ret = 0;
} else if (0 == strncasecmp("EXIT", buffer, 4)) {
printf("closing client session\n");
bzero(buffer, MAX_BUFSIZE);
@ -116,7 +103,6 @@ int process_verifier(char *buffer) {
return ret;
}
//"GETPUBLIC <IPv4>" > "OK"
int verifier_getissuer(char *buffer) {
int ret = 0;
@ -158,50 +144,10 @@ int verifier_getissuer(char *buffer) {
return ret;
}
int verifier_attestmember(char *buffer) {
int ret = 0;
switch (verifier.state) {
case GOTISSUER:
bzero(buffer, MAX_BUFSIZE);
strncpy(buffer, "ATTEST\n", 7);
verifier.state = ASKATTEST;
break;
case ASKATTEST:
if (0 == strncasecmp("ATTEST", buffer, 6)) {
printf("MEMBER > VERIFIER: %s", buffer);
ret = verifier_checkattest(&buffer[7]);
if (-1 == ret) {
printf("verifier_attestmember: group public key is malformed!\n");
ret = -1;
} else if (-2 == ret) {
printf("verifier_attestmember: signature of group public key is invalid\n");
ret = -1;
} else {
verifier.state = GOTISSUER;
ret = 1;
}
} else {
printf("verifier_attestmember: did not get correct message from member\n");
ret = -1;
}
break;
default:
ret = -1;
}
if (0 == ret) {
printf("MEMBER < VERIFIER: %s", buffer);
}
return ret;
}
//"ATTEST <msg>0<signature w/o bsn>" or
//"ATTEST <msg>1<signature with bsn>"
int verifier_checkattest(char *buffer) {
int verifier_verifymsg(char *buffer) {
char *current = buffer;
char msg[MAX_MSGSIZE];
size_t msg_len = 0;
int has_nym = 0;
char bsn[MAX_BSNSIZE];
size_t bsn_len = 0;
@ -213,7 +159,11 @@ int verifier_checkattest(char *buffer) {
bzero(msg, MAX_MSGSIZE);
ret = ecdaa_decode(current, msg, MAX_MSGSIZE);
msg_len = strlen(msg);
current = &current[2 * MAX_MSGSIZE];
current = &current[ret];
bzero(chksum, MAX_CHKSUMSIZE);
ret = ecdaa_decode(current, chksum, MAX_CHKSUMSIZE);
chksum_len = strlen(chksum);
current = &current[ret];
has_nym = current[0] - '0';
current = &current[1];
@ -224,36 +174,32 @@ int verifier_checkattest(char *buffer) {
current = &current[MAX_BSNSIZE];
sig_len = ecdaa_signature_FP256BN_with_nym_length();
} else {
sig_len = ecdaa_signature_FP256BN_length();
}
bzero(binbuf, MAX_BUFSIZE);
ecdaa_decode(current, binbuf, sig_len);
ret = ecdaa_signature_FP256BN_deserialize(&sig, binbuf, has_nym);
if (0 != ret) {
printf("verifier_checkattest: error reading signature\n");
printf("verifier_verifymsg: error reading signature\n");
return -1;
}
printf("verifier_checkattest: msg: %s, len: %lu\n",msg, msg_len);
printf("verifier_checkattest: bsn: %s, len: %lu\n",bsn, bsn_len);
printf("verifier_checkattest: sig: %s, len: %lu\n", current, sig_len);
printf("verifier_verifymsg: has_nym: %u, sig_len: %lu\n", has_nym, sig_len);
printf("verifier_verifymsg: msg: %s, len: %lu\n", msg, msg_len);
printf("verifier_verifymsg: chksum: %s, len: %lu\n", chksum, chksum_len);
printf("verifier_verifymsg: bsn: %s, len: %lu\n", bsn, bsn_len);
printf("verifier_verifymsg: sig: %s, len: %lu\n", current, sig_len);
ret = ecdaa_signature_FP256BN_verify(&sig, &verifier.ipk.gpk, &verifier.revocations, (uint8_t *) msg, msg_len,
(uint8_t *) bsn, bsn_len);
if (0 != ret) {
printf("verifier_checkattest: signature not valid, ret = %i\n", ret);
printf("verifier_verifymsg: signature not valid, ret = %i\n", ret);
return -1;
}
printf("writing message to %s\n", verifier_message_file);
ecdaa_write_buffer_to_file(verifier_message_file, msg, msg_len);
return 0;
}
//"LINK" > "NOT IMPLEMENTED"
int verifier_checklink(char *buffer) {
strncat(buffer, "NOT_IMPLEMENTED\n", 17);
ecdaa_write_buffer_to_file(MSGFILE, msg, msg_len);
ecdaa_write_buffer_to_file(CHKSUMFILE, chksum, chksum_len);
return 0;
}

1
verifier.h
View File

@ -8,6 +8,5 @@
#include "common.h"
int process_verifier(char *buffer);
const char* verifier_message_file = "vmsg.txt";
#endif //ECDAA_VERIFIER_H

Write Preview
Loading…
Cancel
Save