clean up

src/attester/attester_server_http.c

@@ -116,7 +116,6 @@ int send_challenge_reply(struct mg_connection *c, tpm_challenge_reply *rpl)
     i += rpl->ima_log_size;
     memcpy(byte_buff + i, &rpl->wholeLog, sizeof(uint8_t));
     i += sizeof(uint8_t);
-
   }
 
   //Encode in b64
@@ -230,8 +229,6 @@ int create_request_body(size_t *object_length, char *object){
     return -1;
   }
 
-  //printf("EK cert size: %ld\n", size);
-
   ret = fread(ek_cert, 1, (size_t) size, fd_ek_cert);
   if(ret != size){
     fclose(fd_ek_cert);
@@ -292,7 +289,7 @@ int create_request_body(size_t *object_length, char *object){
     free(b64_buff_ek);
     fclose(fd_ak_pub);
     free(ak_pub);
-    fprintf(stderr, "ERROR: cannot read the whole AK pem. %ld/%ld bytes read\n", ret, size);
+    fprintf(stderr, "ERROR: cannot read the whole AK pem\n");
     return -1;
   }
 
@@ -326,7 +323,7 @@ int create_request_body(size_t *object_length, char *object){
   if(ret != size){
     fclose(fd_ak_name);
     free(ak_name);
-    fprintf(stderr, "ERROR: cannot read the whole AK name. %ld/%ld bytes read\n", ret, size);
+    fprintf(stderr, "ERROR: cannot read the whole AK name\n");
     return -1;
   }
 
@@ -402,11 +399,9 @@ static void request_join(struct mg_connection *c, int ev, void *ev_data) {
       "%s\n",
       object_length,
       object);
-    get_finish_timer(2);
-  get_start_timer();
+
   } else if (ev == MG_EV_HTTP_MSG) {
-      get_finish_timer(3);
-  get_start_timer();
+
     // Response is received. Print it
     struct mg_http_message *hm = (struct mg_http_message *) ev_data;
     struct mkcred_out *mkcred_out = (struct mkcred_out *) c->fn_data;
@@ -548,13 +543,9 @@ static void confirm_credential(struct mg_connection *c, int ev, void *ev_data) {
     "%s\n",
     strlen(object),
     object); 
-    get_finish_timer(4);
-    get_start_timer();
 
   } else if (ev == MG_EV_HTTP_MSG) {
     // Response is received. Print it
-    get_finish_timer(5);
-    get_start_timer();
 #ifdef DEBUG
     struct mg_http_message *hm = (struct mg_http_message *) ev_data;
     printf("%.*s", (int) hm->message.len, hm->message.ptr);
@@ -635,35 +626,25 @@ int main(int argc, char *argv[]) {
   printf("attester_config->ip: %s\n", attester_config.ip);
   printf("attester_config->port: %d\n", attester_config.port);
   #endif
-  get_start_timer();
 
   /* Create TPM keys*/
   if((attester_init(&attester_config)) != 0) return -1;
-  get_finish_timer(1);
-  get_start_timer();
+
   //attester_config.use_ip = 0;
   /**/
   if(attester_config.use_ip == 0){
     while (!get_ipaddr_from_interface("eth1", attester_config.ip))
     {
       sleep(5);
     }
-
   }
 
-
   /* Perform the join procedure */
   if (join_procedure() != 0){
     fprintf(stderr, "ERROR: could not reach the join service\n");
     exit(-1);
   };
-  get_finish_timer(6);
-  save_timer("agent_text.txt");
-
-  //exit(0);
 
-
-
   mg_log_set(MG_LL_INFO);  /* Set log level */
   mg_mgr_init(&mgr);        /* Initialize event manager */
 

src/join_service/join_service.c

@@ -58,7 +58,6 @@ int get_verifier_ip(int id, char *ip);
 pthread_mutex_t mutex;
 pthread_cond_t cond;
 int stop_event = 0;
-//static int stop_polling = 1;
 
 struct queue_entry {
   char uuid[128];
@@ -230,8 +229,6 @@ static struct ak_db_entry *retrieve_ak(char *uuid){
 
 void *queue_manager(void *vargp){
     struct mg_mgr mgr;
-    //struct mg_connection *c;
-    //char s_conn[280];
 
     mg_mgr_init(&mgr);
 
@@ -276,16 +273,7 @@ void *queue_manager(void *vargp){
 
         mqtt_publish(c_mqtt, topic, object);
 
-        /* snprintf(s_conn, 280, "http://%s", ip);
-
-        c = mg_http_connect(&mgr, s_conn, single_attestation, (void *) ak_entry);
-        if (c == NULL) {
-            MG_ERROR(("CLIENT cant' open a connection"));
-            continue;
-        }
-        while (stop_polling) mg_mgr_poll(&mgr, 10); //10ms */
     }
-    //pthread_mutex_unlock(&mutex);
 
     printf("INFO: queue manager ended\n");
     fflush(stdout);
@@ -671,10 +659,7 @@ static int insert_ek(struct ek_db_entry *ek_entry){
 static void join_service_manager(struct mg_connection *c, int ev, void *ev_data) {
     if (ev == MG_EV_HTTP_MSG) {
         struct mg_http_message *hm = (struct mg_http_message *) ev_data;
-        if (mg_http_match_uri(hm, API_JOIN) && !strncmp(hm->method.ptr, POST, hm->method.len)) {
-
-            get_start_timer();
-
+        if (mg_http_match_uri(hm, API_JOIN) && !strncmp(hm->method.ptr, POST, hm->method.len)) {               
         #ifdef DEBUG
             printf("%.*s\n", (int) hm->message.len, hm->message.ptr);
         #endif
@@ -704,7 +689,6 @@ static void join_service_manager(struct mg_connection *c, int ev, void *ev_data)
             printf("AK_PUB: %s\n", ak_pub_b64);
         #endif
 
-            //ek_entry = retrieve_ek();
             if(!check_ek_presence((char *) uuid)) {
                 //Malloc buffer
                 if(ek_cert_buff == NULL) {
@@ -874,8 +858,6 @@ static void join_service_manager(struct mg_connection *c, int ev, void *ev_data)
             mg_http_reply(c, CREATED, APPLICATION_JSON,
                 "{\"mkcred_out\":\"%s\"}\n", mkcred_out_b64);
             MG_INFO(("%s %s %d", POST, API_JOIN, CREATED));
-            get_finish_timer(1);
-            get_start_timer();
 
             free(ak_name_buff);
             free(ek_cert_buff);
@@ -885,9 +867,6 @@ static void join_service_manager(struct mg_connection *c, int ev, void *ev_data)
             free(ip_addr);
         }
         else if (mg_http_match_uri(hm, API_CONFIRM_CREDENTIAL) && !strncmp(hm->method.ptr, POST, hm->method.len)) {
-
-                get_finish_timer(2);
-                get_start_timer();
             /* receive and verify the value calculated by the attester with tpm_activatecredential */
             unsigned char* secret_b64 = (unsigned char *) mg_json_get_str(hm->body, "$.secret_b64");
             unsigned char* uuid = (unsigned char *) mg_json_get_str(hm->body, "$.uuid");
@@ -941,9 +920,6 @@ static void join_service_manager(struct mg_connection *c, int ev, void *ev_data)
                         "OK\n");
             MG_INFO(("%s %s %d", POST, API_CONFIRM_CREDENTIAL, OK));
             c->is_draining = 1;
-
-            get_finish_timer(3);
-            save_timer("js_test.txt");
 
             pthread_mutex_lock(&mutex);
             push_uuid((char *) uuid);
@@ -1112,10 +1088,8 @@ int verifier_is_alive(char * ip){
 
 /* return the DB id of a verifier based on a round-robin selection*/
 int get_verifier_id(void){
-    //last_requested_verifier++;
     int ret, id = -1;
     char ip[25];
-   // printf("verifier_num %d\n", verifier_num);
 
     do{
         if(verifier_num == 0){
@@ -1260,7 +1234,6 @@ static int init_database(void){
         return 0;
     }
 
-
     //verifiers table
     rc = sqlite3_prepare_v2(db, sql3, -1, &res, 0);
     if (rc != SQLITE_OK) {

src/join_service/tpm_makecredential.c

@@ -215,8 +215,6 @@ static bool load_public_ECC_from_key(EVP_PKEY *key, TPM2B_PUBLIC *pub) {
     return result;
 }
 
-
-
 static bool load_public_RSA_from_key(EVP_PKEY *key, TPM2B_PUBLIC *pub) {
 
     bool result = false;
@@ -403,14 +401,15 @@ static int read_der_key_from_buf(unsigned char* ek_cert, int cert_len){
     return 0;
 }
 
-//input
-//-u EK PEM
-//-s The secret which will be protected by the key derived from the random seed. It can be specified as a file or passed from stdin
-//-n The name of the key for which certificate is to be created
-//output
-//TPM2B_ID_OBJECT *cred, TPM2B_ENCRYPTED_SECRET *secret
-
-/* it is resposability of the caller to free out_buf */
+/*  
+    Tt is resposability of the caller to free out_buf 
+    Input:
+        ek_cert_der EK der
+        secret The secret which will be protected by the key derived from the random seed. It can be specified as a file or passed from stdin
+        name The name of the key for which certificate is to be created
+    Output:
+        -TPM2B_ID_OBJECT *cred, TPM2B_ENCRYPTED_SECRET *secret
+*/
 int tpm_makecredential (unsigned char* ek_cert_der, int ek_cert_len, unsigned char* secret, unsigned char* name, size_t name_size, unsigned char **out_buff, size_t *out_buff_size){
 
     /* 

src/verifier/verifier.c

@@ -34,28 +34,27 @@ int ra_challenge_verify(tpm_challenge_reply *rpl, agent_list *agent_data)
   //verify quote
   ret = verify_quote(rpl, agent_data->ak_pub,  agent_data);
   if (ret != 0){
-    printf("Untrusted agent: %s\n", get_error(ret));
+    fprintf(stderr, "ERROR: Untrusted agent. Reason: %s\n", get_error(ret));
     return ret;
   } else {
-    printf("Quote signature verification OK\n");
+    fprintf(stdout, "INFO: Successful verification of TPM quote\n");
   }
 
   //Open the goldenvalues DB
   int rc = sqlite3_open_v2((const char *) agent_data->gv_path, &db, SQLITE_OPEN_READONLY | SQLITE_OPEN_URI, NULL);
   if ( rc != SQLITE_OK) {
-    printf("Cannot open the golden values database, error %s\n", sqlite3_errmsg(db));
+    fprintf(stderr, "ERROR: Cannot open the golden values database. Reason: %s\n", sqlite3_errmsg(db));
     sqlite3_close(db);
-    //printf("Untrusted agent\n");
     ret = VERIFIER_INTERNAL_ERROR;
     goto end;
   }
 
   //verify IMA log
   ret = verify_ima_log(rpl, db, agent_data);
   if (ret != 0){
-    printf("Untrusted agent: %s\n", get_error(ret));
+    fprintf(stderr, "ERROR: Untrusted agent. Reason: %s\n", get_error(ret));
   } else {
-    printf("Trusted agent\n");
+    fprintf(stdout, "INFO: Successful verification of IMA log and PCR10. Trust status: trusted \n");
   }
 
 end:

src/verifier/verifier_http.c

@@ -100,7 +100,6 @@ static void mqtt_handler(struct mg_connection *c, int ev, void *ev_data) {
 
   } else if (ev == MG_EV_CLOSE) {
     MG_INFO(("%lu CLOSED", c->id));
-
   }
   (void) c->fn_data;
 }