diff --git a/src/cc_helpers.cc b/src/cc_helpers.cc index dcc26acb..c94c80c6 100644 --- a/src/cc_helpers.cc +++ b/src/cc_helpers.cc @@ -3596,7 +3596,8 @@ bool certifier::framework::secure_authenticated_channel::init_client_ssl( if (asn1_to_x509(auth_cert, x509_auth_cert)) { X509_STORE_add_cert(cs, x509_auth_cert); } else { - printf("COULDNT ADD\n"); + printf("%s() error, line %d, asn translate\n", __func__, __LINE__); + return false; } #ifdef DEBUG @@ -3751,8 +3752,11 @@ bool certifier::framework::secure_authenticated_channel::init_client_ssl( __func__, __LINE__); if (asn1_peer_root_cert_.size() == 0) { - printf("root cert empty\n"); + printf("%s() error, line %d, init_client_ssl: root cert empty\n", + __func__, + __LINE__); } else { + printf("peer cert: \n"); print_bytes(asn1_peer_root_cert_.size(), (byte *)asn1_peer_root_cert_.data()); printf("\n"); diff --git a/vm_model_tools/examples/scenario1/test_script.sh b/vm_model_tools/examples/scenario1/test_script.sh index 16b2337c..a414a7ed 100755 --- a/vm_model_tools/examples/scenario1/test_script.sh +++ b/vm_model_tools/examples/scenario1/test_script.sh @@ -67,11 +67,13 @@ echo "running key-server" echo " " echo "$CERTIFIER_ROOT/vm_model_tools/src/cf_key_server.exe --policy_domain_name=dom0 \ --encrypted_cryptstore_filename=cryptstore.dom0 \ + --print_level=5 \ --enclave_type=simulated-enclave --policy_store_filename=policy_store.dom0 \ --policy_key_cert_file=policy_cert_file.dom0 --data_dir=./ &" echo " " $CERTIFIER_ROOT/vm_model_tools/src/cf_key_server.exe --policy_domain_name=dom0 \ --encrypted_cryptstore_filename=cryptstore.dom0 \ + --print_level=5 \ --enclave_type=simulated-enclave --policy_store_filename=policy_store.dom0 \ --policy_key_cert_file=policy_cert_file.dom0 --data_dir=./ & @@ -85,6 +87,7 @@ echo "01234567890123456789012345678901" > client.in echo " " echo "$CERTIFIER_ROOT/vm_model_tools/src/cf_key_client.exe --policy_domain_name=dom0 \ --encrypted_cryptstore_filename=cryptstore.dom0 \ + --print_level=5 \ --enclave_type=simulated-enclave --policy_store_filename=policy_store.dom0 \ --policy_key_cert_file=policy_cert_file.dom0 --data_dir=./ \ --resource_name=key-client-test-key --version=0 \ @@ -93,6 +96,7 @@ echo "$CERTIFIER_ROOT/vm_model_tools/src/cf_key_client.exe --policy_domain_name= echo " " $CERTIFIER_ROOT/vm_model_tools/src/cf_key_client.exe --policy_domain_name=dom0 \ --encrypted_cryptstore_filename=cryptstore.dom0 \ + --print_level=5 \ --enclave_type=simulated-enclave --policy_store_filename=policy_store.dom0 \ --policy_key_cert_file=policy_cert_file.dom0 --data_dir=./ \ --resource_name=key-client-test-key --version=0 \ @@ -104,6 +108,7 @@ echo "key-client: retrieving" echo " " echo "$CERTIFIER_ROOT/vm_model_tools/src/cf_key_client.exe --policy_domain_name=dom0 \ --encrypted_cryptstore_filename=cryptstore.dom0 \ + --print_level=5 \ --enclave_type=simulated-enclave --policy_store_filename=policy_store.dom0 \ --policy_key_cert_file=policy_cert_file.dom0 --data_dir=./ \ --resource_name=key-client-test-key --version=0 \ @@ -112,6 +117,7 @@ echo "$CERTIFIER_ROOT/vm_model_tools/src/cf_key_client.exe --policy_domain_name= echo " " $CERTIFIER_ROOT/vm_model_tools/src/cf_key_client.exe --policy_domain_name=dom0 \ --encrypted_cryptstore_filename=cryptstore.dom0 \ + --print_level=5 \ --enclave_type=simulated-enclave --policy_store_filename=policy_store.dom0 \ --policy_key_cert_file=policy_cert_file.dom0 --data_dir=./ \ --resource_name=key-client-test-key --version=0 \ diff --git a/vm_model_tools/src/cf_key_client.cc b/vm_model_tools/src/cf_key_client.cc index 4c756b4a..838672d0 100644 --- a/vm_model_tools/src/cf_key_client.cc +++ b/vm_model_tools/src/cf_key_client.cc @@ -750,6 +750,17 @@ int main(int an, char **av) { goto done; } + /* Alternative: + * bool certifier::framework::secure_authenticated_channel::init_client_ssl( + * const string &host_name, + * int port, + * const string &asn1_root_cert, + * const string &peer_asn1_root_cert, + * int cert_chain_length, + * string *der_certs, + * key_message &private_key, + * const string &auth_cert) + */ if (!channel.init_client_ssl(FLAGS_policy_domain_name, FLAGS_key_server_url, FLAGS_key_server_port, @@ -759,6 +770,29 @@ int main(int an, char **av) { goto done; } + if (FLAGS_print_level > 3) { + printf("\nClient channel data:\n"); + if (channel.root_cert_ != nullptr) { + printf("\nRoot cert:\n"); + X509_print_fp(stdout, channel.root_cert_); + } else { + printf("%s() error, line %d, no root cert\n", __func__, __LINE__); + } + if (channel.asn1_my_cert_.size() > 0) { + X509 *x = X509_new(); + if (asn1_to_x509(channel.asn1_my_cert_, x)) { + printf("\nAdmissions cert:\n"); + X509_print_fp(stdout, x); + } else { + printf("No admissions cert\n"); + } + X509_free(x); + } + printf("\nPrivate key:\n"); + print_key(channel.private_key_); + printf("\n"); + } + // This is the actual application code. if (!client_application(channel)) { printf("%s() error, line %d, client_application failed\n", diff --git a/vm_model_tools/src/cf_key_server.cc b/vm_model_tools/src/cf_key_server.cc index 535acdcd..a6b91ee4 100644 --- a/vm_model_tools/src/cf_key_server.cc +++ b/vm_model_tools/src/cf_key_server.cc @@ -308,6 +308,29 @@ void server_application(secure_authenticated_channel &channel) { } } + if (FLAGS_print_level > 3) { + printf("\nserver_application channel data:\n"); + if (channel.root_cert_ != nullptr) { + printf("\nRoot cert:\n"); + X509_print_fp(stdout, channel.root_cert_); + } else { + printf("%s() error, line %d, no root cert\n", __func__, __LINE__); + } + if (channel.asn1_my_cert_.size() > 0) { + X509 *x = X509_new(); + if (asn1_to_x509(channel.asn1_my_cert_, x)) { + printf("\nAdmissions cert:\n"); + X509_print_fp(stdout, x); + } else { + printf("No admissions cert\n"); + } + X509_free(x); + } + printf("\nPrivate key:\n"); + print_key(channel.private_key_); + printf("\n"); + } + // Read message from client over authenticated, encrypted channel string out; int n = channel.read(&out); @@ -696,8 +719,7 @@ int main(int an, char **av) { } if (FLAGS_print_level > 2) { - printf("Got all keys and certificates\n"); - printf("Running key-server\n"); + printf("\nRunning key-server\n"); } if (!server_dispatch(FLAGS_key_server_url,