void HandshakeResponder::responderParseHalfKeyAndResponderIntegrity(){ //R:2 parse
m_timeout.stop();
QByteArray encryptedSymKey;
m_socketStream >> encryptedSymKey;
if(isError(encryptedSymKey)) return;
QByteArray clearSymKey = rsaDecrypt(encryptedSymKey);
if(clearSymKey.size()<32){
processError(BadSymmetricKey);
return;
}
m_gcmKey.append(clearSymKey.left(16)); //second half key
m_gcmBaseIV.append(clearSymKey.right(16)); //second half IV
QByteArray encryptedRespIntegrity, responderIntegrity;
m_socketStream >> encryptedRespIntegrity;
responderIntegrity = gcmDecrypt(encryptedRespIntegrity);
if(responderIntegrity != m_responderIntegrityHash){
processError(DataCorrupted);
return;
}
updateIntegrityHash(&m_starterIntegrityHash, clearSymKey+responderIntegrity);
responderSendStarterIntegrity();
}
static void getContract(TrustedContractArgs *args){
int rsaErr = 0, aesErr = 0;
//hello(REP_TRUSTED_NAME);
printf("In trusted mode getContract()");
//X1XXuseDMA(); //DMA the encrypted data into trusted space
rsaErr = rsaDecrypt(encryptedAESKey,g_d,g_modulus,decryptedAESKey);
if(rsaErr != 0){
printf("RSA encryption failed.\n");
//*args->success = 0;
}
else{
aesErr = aesDecrypt(decryptedAESKey,encrypted,decrypted,nbytes);
}
if(aesErr != 0){
printf("AES encryption failed.\n");
//*args->success = 0;
}
else if(aesErr == 0 && rsaErr == 0){
//*(args)->success = 1;
memcpy(contract,decrypted,nbytes);
}
/*Clear decrypted aeskey*/
memset(decryptedAESKey,0, 128);
}
void HandshakeResponder::responderParseStarterHello(){ //R:1 parse
QByteArray packet;
m_socketStream >> packet;
QDataStream packetStream(&packet, QIODevice::ReadOnly);
if(isError(packet)) return;
quint8 secLevel;
packetStream >> secLevel;
if(static_cast<SecurityLevel>(secLevel) != PreSharedIdentity){
processError(BadSecurityLevel);
return;
}
QByteArray rsaCypherText;
packetStream >> rsaCypherText;
QByteArray clearText = rsaDecrypt(rsaCypherText);
if(clearText.isEmpty()){
processError(DataCorrupted);
return;
}
QDataStream clearTextStream(&clearText, QIODevice::ReadOnly);
QByteArray key;
clearTextStream >> key;
m_contact = m_contactDB->findByKey(key);
if(m_contact == NULL){
processError(IdentityCheckFailed);
return;
}
try{
m_rsaEncryptor.AccessKey().Load(ArraySource((byte*)m_contact->getKey().data(),
m_contact->getKey().size(),
true));
}catch(CryptoPP::BERDecodeErr&){
processError(BadContactKey);
}
quint8 version;
clearTextStream >> version;
if((version & 0xF0) != (SUPPORTED_PROTOCOL_VERSION & 0xF0)){
processError(IncompatibleProtocolVersions);
return;
}
updateIntegrityHash(&m_starterIntegrityHash, (char)secLevel+clearText);
responderRespondHello();
}
int main(int argc, char* argv[])
{
char hostName[200] = DEFAULT_HOSTNAME;
int port = DEFAULT_RESMGR_TPM_PORT;
TPMI_DH_OBJECT keyHandle;
TPM2B_PUBLIC_KEY_RSA cipherText;
char outFilePath[PATH_MAX] = {0};
char *contextKeyFile = NULL;
setbuf(stdout, NULL);
setvbuf (stdout, NULL, _IONBF, BUFSIZ);
int opt = -1;
const char *optstring = "hvk:P:I:o:p:d:c:";
static struct option long_options[] = {
{"help",0,NULL,'h'},
{"version",0,NULL,'v'},
{"keyHandle",1,NULL,'k'},
{"pwdk",1,NULL,'P'},
{"inFile",1,NULL,'I'},
{"outFile",1,NULL,'o'},
{"port",1,NULL,'p'},
{"debugLevel",1,NULL,'d'},
{"keyContext",1,NULL,'c'},
{0,0,0,0}
};
int returnVal = 0;
int flagCnt = 0;
int h_flag = 0,
v_flag = 0,
k_flag = 0,
P_flag = 0,
I_flag = 0,
c_flag = 0,
o_flag = 0;
if(argc == 1)
{
showHelp(argv[0]);
return 0;
}
while((opt = getopt_long(argc,argv,optstring,long_options,NULL)) != -1)
{
switch(opt)
{
case 'h':
h_flag = 1;
break;
case 'v':
v_flag = 1;
break;
case 'k':
if(getSizeUint32Hex(optarg,&keyHandle) != 0)
{
returnVal = -1;
break;
}
k_flag = 1;
break;
case 'P':
sessionData.hmac.t.size = sizeof(sessionData.hmac.t) - 2;
if(str2ByteStructure(optarg,&sessionData.hmac.t.size,sessionData.hmac.t.buffer) != 0)
{
returnVal = -2;
break;
}
P_flag = 1;
break;
case 'I':
cipherText.t.size = sizeof(cipherText) - 2;
if(loadDataFromFile(optarg, cipherText.t.buffer, &cipherText.t.size) != 0)
{
returnVal = -3;
break;
}
I_flag = 1;
break;
case 'o':
safeStrNCpy(outFilePath, optarg, sizeof(outFilePath));
if(checkOutFile(outFilePath) != 0)
{
returnVal = -4;
break;
}
o_flag = 1;
break;
case 'p':
if( getPort(optarg, &port) )
{
printf("Incorrect port number.\n");
returnVal = -5;
}
break;
case 'd':
if( getDebugLevel(optarg, &debugLevel) )
{
printf("Incorrect debug level.\n");
returnVal = -6;
}
break;
case 'c':
contextKeyFile = optarg;
if(contextKeyFile == NULL || contextKeyFile[0] == '\0')
{
returnVal = -7;
break;
}
printf("contextKeyFile = %s\n", contextKeyFile);
c_flag = 1;
break;
case ':':
// printf("Argument %c needs a value!\n",optopt);
returnVal = -8;
break;
case '?':
// printf("Unknown Argument: %c\n",optopt);
returnVal = -9;
break;
//default:
// break;
}
if(returnVal)
break;
};
if(returnVal != 0)
return returnVal;
if(P_flag == 0)
sessionData.hmac.t.size = 0;
flagCnt = h_flag + v_flag + k_flag + I_flag + o_flag + c_flag;
if(flagCnt == 1)
{
if(h_flag == 1)
showHelp(argv[0]);
else if(v_flag == 1)
showVersion(argv[0]);
else
{
showArgMismatch(argv[0]);
return -10;
}
}
else if((flagCnt == 3) && (k_flag == 1 || c_flag == 1) && (I_flag == 1) && (o_flag == 1))
{
prepareTest(hostName, port, debugLevel);
if(c_flag)
returnVal = loadTpmContextFromFile(sysContext, &keyHandle, contextKeyFile);
if(returnVal == 0)
returnVal = rsaDecrypt(keyHandle, &cipherText, outFilePath);
finishTest();
if(returnVal)
return -11;
}
else
{
showArgMismatch(argv[0]);
return -12;
}
return 0;
}
