challenge response self

ch-resp-self/KeyGen.c

@@ -49,6 +49,8 @@ void cleanup()
 DIMASTATUS use_dev_random(void *data, unsigned char *output,
                              size_t len, size_t *olen )
 {
+	//initiate HW TRNG 
+
     FILE *file;
     size_t ret, left = len;
     unsigned char *p = output;

ch-resp-self/KeyGen.h

@@ -1,3 +1,8 @@
+#ifndef KEYGEN_HEADERS_SEEN
+//check header file for re-def conflicts
+
+#define KEYGEN_HEADERS_SEEN
+
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -47,3 +52,6 @@ DIMASTATUS AsymmKeyGen(KeyDrv_context * KD_ctx);
 DIMASTATUS WritePrivKey(KeyDrv_context * KD_ctx, mbedtls_pk_context * key_ctx);
 DIMASTATUS WritePubKey(KeyDrv_context * KD_ctx, mbedtls_pk_context * key_ctx);
 
+
+
+#endif //KEYGEN_HEADERS_SEEN

ch-resp-self/ROMprotocol.c

@@ -0,0 +1,273 @@
+#include "ROMprotocol.h"
+
+
+/*
+	DIMASTATUS ret = 0;
+	int len = 0;
+
+
+if(DEBUG)
+{printf("PASS \n");}
+
+if(ret < DIMASUCCESS)
+	{
+		perror("\n");
+		
+		//other cleanup
+		exit();
+	}
+
+*/
+
+DIMASTATUS ROMprotocol()
+{
+
+	printf("PASS 10\n");
+
+	DIMASTATUS ret = 0;
+	int len = 0;
+
+	if(DEBUG)
+	{printf("PASS 11\n");}
+
+
+	//Calculate DIMA RTM hash
+	
+	//////////////TODO////////////////
+	//this should be calculated on the DIMA bin and remain static. 
+	//how to do that?
+	//hardcoding junk value for now
+
+	uint8_t RTM_ID[SHA256_DGST_SIZE] = {	0xbe,0x67,0x0a,0xf8,0xf3,0x92,0x0e,0x4f,
+											0xba,0x68,0xd1,0x56,0xea,0x34,0x3f,0xbc,
+    										0xf1,0xd9,0x30,0xe2,0x33,0xcc,0x28,0xc5,
+    										0x7b,0xbb,0x38,0x7d,0xe6,0x66,0xbb,0x1e		};
+
+	//Calculating UDS hash
+
+	FILE *fp = NULL;
+	fp = fopen("SecureStorage/RANDFILE", "rb");
+	if(!fp)
+	{
+		perror("DIMAFILENOTFOUND: Unable to access UDS\n");
+		
+		fclose(fp);
+		exit(DIMAFILENOTFOUND);
+	}
+
+	if(DEBUG)
+{printf("PASS 12\n");}
+
+	uint8_t *UDSbuf = calloc(1, sizeof(uint8_t)*SHA256_DGST_SIZE);
+	fread(UDSbuf,UDS_SIZE,1,fp);
+	fclose(fp);
+
+if(DEBUG)
+{printf("PASS 13\n");}
+
+
+	uint8_t* UDS_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
+	ret = mbedtls_sha256_ret( UDSbuf,UDS_SIZE,UDS_ID,0 );
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMASHAFAILUE:\n");
+		
+		free(UDSbuf);
+		free(UDS_ID);
+		exit(DIMAFAILUREUNKWN);
+	}
+
+	free(UDSbuf);
+	//UDS_ID contains the UDS hash
+	//Printer
+if(DEBUG)
+{
+		for (int i = 0; i < UDS_SIZE; i++)
+  			printf("%hhx", UDSbuf[i]);
+		printf(" :	fuse secret\n" );  	
+
+  		for (int i = 0; i < SHA256_DGST_SIZE; i++)
+  			printf("%hhx", UDS_ID[i]);
+		printf(" :  UDS ID\n" );
+}
+
+	//Calculating CDI SHA256
+
+	uint8_t* CDI = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
+	mbedtls_sha256_context CDI_ctx;
+	mbedtls_sha256_init(&CDI_ctx);
+
+	ret = mbedtls_sha256_starts_ret(&CDI_ctx,0);
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMASHAFAILURE\n");
+		mbedtls_sha256_free(&CDI_ctx);
+		exit(DIMASHAFAILURE);
+	}
+
+	ret = mbedtls_sha256_update_ret(&CDI_ctx, UDS_ID, SHA256_DGST_SIZE);
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMASHAFAILURE\n");
+		mbedtls_sha256_free(&CDI_ctx);
+		exit(DIMASHAFAILURE);
+	}
+
+	ret = mbedtls_sha256_update_ret(&CDI_ctx, RTM_ID, SHA256_DGST_SIZE);
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMASHAFAILURE\n");
+		mbedtls_sha256_free(&CDI_ctx);
+		exit(DIMASHAFAILURE);
+	}
+
+	ret = mbedtls_sha256_finish_ret(&CDI_ctx,CDI);
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMASHAFAILURE\n");
+		mbedtls_sha256_free(&CDI_ctx);
+		exit(DIMASHAFAILURE);
+	}
+
+	free(UDS_ID);
+	//free(RTM_ID);
+	mbedtls_sha256_free(&CDI_ctx);
+
+if(DEBUG)
+{
+	for(int i = 0; i < SHA256_DGST_SIZE; i++)
+    	printf("%hhx",CDI[i]);
+    printf(" :  CDI\n");
+}
+
+if(DEBUG)
+{printf("PASS 14\n");}
+	//Calculating CDI key, HKDF
+
+	const mbedtls_md_info_t * md_info;
+	if(!(md_info = mbedtls_md_info_from_type(HKDF_ALG)))
+	{
+		perror("DIMAHKDFFAILURE: MD alg type def failed\n");
+		exit(DIMAHKDFFAILURE);
+	}
+
+	uint8_t salt[32] = {	0x30,0xe2,0x3e,0xcc,0x28,0xc5,0x7b,0xbb,
+							0x38,0x7d,0xe6,0x66,0xbb,0xf1,0xd9,0x1e,
+    						0xbe,0x67,0x0a,0xf8,0xf3,0x92,0x0e,0xba,
+    						0x68,0xd1,0x56,0xea,0x34,0x3f,0xbc,0x4f		};
+
+    uint8_t * CDIKEY = calloc(1, sizeof(uint8_t)*HKDF_KEY_SIZE);
+	ret = mbedtls_hkdf(md_info, salt, sizeof(salt), CDI, SHA256_DGST_SIZE,
+              IDENTITY, sizeof(IDENTITY), CDIKEY, HKDF_KEY_SIZE);
+
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMAHKDFFAILURE\n");
+		free(CDI);
+		free(CDIKEY);
+		exit(DIMAHKDFFAILURE);
+	}
+
+	//free(CDI);				
+
+if(DEBUG)
+{
+	for(int i = 0; i < HKDF_KEY_SIZE; i++)
+      printf("%hhx",CDIKEY[i]);
+	printf(" :  CDIKEY\n");
+}
+	
+if(DEBUG)
+{printf("PASS 15\n");}
+
+
+
+	//Every key derivation should start with a new KD contxt
+	//setting context for DID
+
+	KeyDrv_context DID_ctx;
+	DID_ctx.ENT_MODE = DETERM;
+	DID_ctx.PKC_MODE = DFL_PKC;
+	DID_ctx.seed = CDIKEY;
+	DID_ctx.phrase = IDENTITY;
+	DID_ctx.KEY_FORM = DFL_FORM;
+	//DID_ctx.pub_file = DFL_PUB;
+	//DID_ctx.priv_file = DFL_PRIV;			//Dont save DID priv outside SS
+
+if(DEBUG)
+{printf("PASS 16\n");}
+
+	//Deriving and storing DID
+	ret = AsymmKeyGen(&DID_ctx);
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMAFAILURE : DID key gen failed\n");
+		free(CDIKEY);
+		exit(DIMAFAILURE);
+	}
+
+	free(CDIKEY);			//But CDIKey is needed to gen AliasKP 
+	//delete DID_ctx??
+
+	//setting context for Alias keys
+
+//////////////////////////deriving alisa keys
+
+
+	//placeholder FW_ID
+	uint8_t FW_ID[SHA256_DGST_SIZE] = {	0xf3,0x92,0x0e,0x4f,0xbe,0x67,0x0a,0xf8,
+											0xf1,0xd9,0x30,0xe2,0x33,0xcc,0x28,0xc5,
+    										0xba,0x68,0xd1,0x56,0xea,0x34,0x3f,0xbc,
+    										0xe6,0x66,0xbb,0x1e,0x7b,0xbb,0x38,0x7d	}; 
+
+    uint8_t * FWKEY = calloc(1, sizeof(uint8_t)*HKDF_KEY_SIZE);
+
+    //create Alias key derivation material using CDI and seed and FW_ID as salt
+    //Alternatively do composite hash of CDI and FW_ID to create Alias key der material
+    ret = mbedtls_hkdf(md_info, FW_ID, sizeof(FW_ID), CDI, SHA256_DGST_SIZE,
+              ALIAS, sizeof(ALIAS), FWKEY, HKDF_KEY_SIZE);
+
+    if(ret < DIMASUCCESS)
+	{
+		perror("DIMAHKDFFAILURE\n");
+		exit(DIMAHKDFFAILURE);
+	}
+
+	KeyDrv_context ALIAS_ctx;
+	ALIAS_ctx.ENT_MODE = DETERM;
+	ALIAS_ctx.PKC_MODE = DFL_PKC;
+	ALIAS_ctx.seed = FWKEY;
+	ALIAS_ctx.phrase = ALIAS;
+	ALIAS_ctx.KEY_FORM = DFL_FORM;
+
+	printf("Generating Alias keys\n");
+
+	ret = AsymmKeyGen(&ALIAS_ctx);
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMAFAILURE : ALIAS key gen failed\n");
+		exit(DIMAFAILURE);
+	}
+
+
+	//session keys?
+
+	free(CDI);
+	free(FWKEY);
+
+
+if(DEBUG)
+{printf("PASS 17\n");}
+
+
+
+
+if(DEBUG)
+{printf("PASS 100\n");}
+	return DIMASUCCESS;
+
+}
+
+
+
+/////////////////////////

ch-resp-self/ROMprotocol.h

@@ -1,3 +1,9 @@
+#ifndef ROMprot_HEADERS_SEEN
+//check header file for re-def conflicts
+
+#define ROMprot_HEADERS_SEEN
+
+
 #include "KeyGen.h"
 
 #include <stdio.h>
@@ -21,4 +27,9 @@
 
 
 
-DIMASTATUS ROMprotocol(void);
+DIMASTATUS ROMprotocol(void);
+
+
+
+
+#endif

ch-resp-self/SecureStorage/Identity_priv.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA1FomNTVE/DdCHc0JAOZW6BC6zwcZOklne1FFni0EXJYNL4mY
+XyDvigv6zOQObjYtgKIwj01WSxAA1/4EcjfcVt6sR+I0ufEjoSDF/WX+5jFc/k5l
+dnWwZzBBEfZVSuZu8LAhqpj7woY95x9QzvNGKq0neEIonihRSnQTfwingDsKd6+c
+i0H85Pi7lJ9bGpVTGlE9AMQBQvHRlnl3Ig+L7UDeNN4CDAXYvIqXTq0RQ+OvdvMY
+g1AfZ4rGoa91Cw208zb3FCnGIpCQWGUSDypdQgo0ptQU8UiaTmF0hW0q3TeG8763
+uMKQA3QVZIASA6hp2oMVcDjeWo8+pd7Ig2iqsQIDAQABAoIBACquowrjVeYfIkA0
+r9hZNAMpp67Ipbq4Od9IzuYz9LI6a9SQAssuJs+XyFWqCjd/VsaJ8xo+qHdmdFD1
+ywV9MmHYmIbLUh9Et41htcIQ3/r7VY59CfpVPfuDsLSQT4UCS66/rEiqvsHS8zrT
+Kc4rCkG2M56Bp8HgZzSAn9GTFv3YImFzqb7fnJA84vAmWqneet6+uZK6iYjznJ3p
+jlyyUhMtnqI55nRlArlwb9stcwVRqtgTB+ztUFVCuAtYRWUBWmWdXhllzF2AO22Z
+tq03kC0y2QT178Smgkn7AT9/DLG7TnqS5xbCPwg5wK48IPh7okwYritJaSKlLPQu
+Xbha9TUCgYEA8W/Pw2I1yALKyNEzkPp2jFczUjcuxT8zPYEq9tLAItw3V3AIJbbI
+tE3UFqnFcCszcsJnHmsnxkbfRQlnq0gGiopGs5KjqUDae4QiL/s03U2Voo937ghG
++BtWn2uf6CV7GBe0W7XqLwltWurUZQj0Y9Q+nPY19Libnm/1CGdWSJ0CgYEA4Sk4
+714u5IqK5eH69ETMmYZoapE41vykr6Pn0iWF/tNPlIV/x2MU1+5n9rfqQ3ty2zlk
+Bn5+In89a8Jqw8kMOG1nOaIWb0uz5Xs3bRxOXTdfB1S4ENdTYlbag9FcRG1kHGI6
+5wyIDVy3dC/4fB10QoIt8P4h3OW6DO1xLvZLHCUCgYEA616HewB5Ub13F4Lq9IFX
+pMU14Qau79gHCgSsb+dRLCrnQLSVHL8utqfRBS8IratQAqaGhN8N7XwWGWVrzUzw
+I4teFZ31MwFofVV5RrFs/fmu0MVws3saRLHSJqRzRYuUjw4849Nas/RKyYF5Ae5S
+4id9yuM0ApkeDL00cbbcJPkCgYAWWGj2GHq+46D1P4AQTeOgON6T9OWXMGuHotSW
+3nJ137K+IqGTwBmJdHeM3KO7Hr0/VGrA2jzaX5ZQ43KFC6bS0sizx4pCcVjhJWFS
+ysRcK+qaZ6X8xeHYmJYHDvgBMnoE9xqxY2T9Ln5mYXxflOy8zP6SNCZYLdRRBB9/
+caHyoQKBgQDhJqhzsNBiNp8ViVh9hGNfC991M2BeXojSuTwOY07uaepMgk5qcvaR
+H0HQULeflblkRuf2BxslmRMmNp/1P8uCFVnd1t+XIjz7r6RFxTsgnSTd/ee6V7Nl
+vgMTOj11Kz7cWjH+4LCfc/CtIZKvkQnM/1uAQMzjr2K6+fNQAZFBKw==
+-----END RSA PRIVATE KEY-----

ch-resp-self/Stage2.c

@@ -0,0 +1,218 @@
+#include "Stage2.h"
+
+/*
+	Client_info
+		const char *			cli_ID;
+		const char *			pub_file;
+		mbedtls_ecp_point *		pub_key;
+		int 					Cli_STATUS;
+		int 					Cli_CAP;
+*/
+
+
+DIMASTATUS load_nodes(Client_info * Cl_list)
+{
+
+	printf("PASS 20\n");
+	DIMASTATUS ret = 0;
+	int len = 0;
+
+	mbedtls_entropy_context entropy;
+	mbedtls_entropy_init(&entropy);
+
+	uint8_t * RAND = calloc(1, sizeof(uint8_t)*NONCE_SIZE);
+
+	if(DEBUG)
+	{printf("PASS 21\n");}
+
+	//load from access list? 
+	//////////////////////////TODO////////////////////////////
+	//Protected accesslist must be unlocked with Alias key
+	//Allow access to client list only after successful DICE
+
+
+	//itrate over client list : perclient
+	Client_info		Cl1_ctx;
+	Cl1_ctx.cli_ID 		= "Node1";
+	Cl1_ctx.pub_file 	= "clientkeys/Client1_pub.pem";
+	Cl1_ctx.Cli_STATUS 	= Cl_unverf;
+	Cl1_ctx.Cli_CAP 	= DFL_CAP;
+	
+	//mbedtls_entropy_gather(&entropy);
+	ret = mbedtls_entropy_func(&entropy, RAND, sizeof(RAND));
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMADRBGFAILURE : Failed to gen NONCE\n");
+		exit(DIMADRBGFAILURE);
+	}
+
+	Cl1_ctx.NONCE 		= RAND;
+	
+	/*
+	if(DEBUG)
+	{
+		for(int i = 0; i < NONCE_SIZE; i++)
+	    	printf("%hhx",Cl1_ctx.NONCE[i]);
+	    printf(" :  NONCE inter\n");
+	}
+	*/
+
+	//add to the client list
+	Cl_list[1] 			= Cl1_ctx;
+
+	//end perclient itetration
+
+	mbedtls_entropy_free(&entropy);
+	return DIMASUCCESS;
+}
+
+/* NOT USING  THIS
+
+DIMASTATUS genNONCE(Client_info * Cl_ctx)
+{
+
+//
+//1. create new genNONCe session n entropy per client
+//2. pass client list iterate over active clients genNONCE for all 
+//
+
+	mbedtls_entropy_context entropy;
+	mbedtls_entropy_init(&entropy);
+
+	DIMASTATUS ret = 0;
+
+	uint8_t * RAND = calloc(1, sizeof(uint8_t)*NONCE_SIZE);
+if(DEBUG)printf("Pass1\n");
+
+	//mbedtls_entropy_gather(&entropy);
+	ret = mbedtls_entropy_func(&entropy, RAND, sizeof(RAND));
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMADRBGFAILURE : Failed to gen NONCE\n");
+		exit(DIMADRBGFAILURE);
+	}
+
+if(DEBUG)printf("Pass2\n");
+	Cl_ctx -> NONCE = RAND;
+
+	if(DEBUG)
+	{
+		for(int i = 0; i < NONCE_SIZE; i++)
+	    	printf("%hhx",RAND[i]);
+	    printf(" :  RAND\n");
+	}
+	if(DEBUG)
+	{
+		for(int i = 0; i < NONCE_SIZE; i++)
+	    	printf("%hhx",Cl_ctx -> NONCE[i]);
+	    printf(" :  NONCE\n");
+	}
+
+	mbedtls_entropy_free(&entropy);
+
+	return DIMASUCCESS;
+}
+
+
+*/
+
+DIMASTATUS challenge( mbedtls_pk_context * pk_ctx, Client_info * Cl_ctx, uint8_t *sign, size_t *signlen)
+{
+
+	DIMASTATUS ret = 0;
+	uint8_t* dgst = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
+	
+	ret = mbedtls_sha256_ret( Cl_ctx->NONCE,NONCE_SIZE,dgst,0 );
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMASHAFAILURE : could not perfom SHA digest\n");
+		return DIMASHAFAILURE;
+	}
+
+//	ret = mbedtls_md(mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
+//					Cl_list[1].NONCE, NONCE_SIZE, hash );
+
+	if(DEBUG)
+	{
+		for (int i = 0; i < SHA256_DGST_SIZE; i++)
+  			printf("%hhx", dgst[i]);
+		printf(" :	sha dgst\n" );  	
+
+	}
+
+	//ret = mbedtls_pk_sign( &pk_ctx, MBEDTLS_MD_SHA256, dgst, SHA256_DGST_SIZE, sign, &signlen,
+    //                     mbedtls_ctr_drbg_random, &drbgCtx );
+	ret = mbedtls_pk_sign( pk_ctx, MBEDTLS_MD_SHA256, dgst, SHA256_DGST_SIZE, sign, signlen,
+                         NULL,NULL );
+
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMASIGNFAILURE : could not perfom private key signature\n");
+		return DIMASIGNFAILURE;
+	}
+
+	if(DEBUG)
+	{
+		for (int i = 0; i < *signlen; i++)
+  			printf("%hhx", sign[i]);
+		printf(" :signature intr\n" );  	
+
+	}
+	return DIMASUCCESS;
+
+}
+
+
+DIMASTATUS response( mbedtls_pk_context * pk_ctx, Client_info * Cl_ctx, uint8_t *sign, size_t signlen)
+{
+
+	//Paramer checks
+	if(Cl_ctx->Cli_STATUS != Cl_unverf)
+	{
+		printf("DIMAINFOMISMATCH :Client %s verification already performed. skipping to next client..", Cl_ctx->cli_ID);
+		return DIMAINFOMISMATCH;
+	}
+
+	//////
+
+	DIMASTATUS ret = 0;
+	uint8_t* dgst = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
+	
+	ret = mbedtls_sha256_ret( Cl_ctx->NONCE,NONCE_SIZE,dgst,0 );
+	if(ret < DIMASUCCESS)
+	{
+		perror("DIMASHAFAILURE : could not perfom SHA digest\n");
+		return DIMASHAFAILURE;
+	}
+
+	/*
+	if(DEBUG)
+	{
+		for(int i = 0; i < NONCE_SIZE; i++)
+	    	printf("%hhx",Cl_ctx.NONCE[i]);
+	    printf(" :  NONCE verf\n");
+	}
+
+	if(DEBUG)
+	{
+		for (int i = 0; i < signlen; i++)
+  			printf("%hhx", sign[i]);
+		printf(" :signature verf\n" );  	
+
+	}
+	*/
+
+	ret = mbedtls_pk_verify( pk_ctx, MBEDTLS_MD_SHA256, dgst, 0, sign, signlen );
+	if (ret < DIMASUCCESS)
+	{
+		perror("DIMAVERIFYFAILURE : could not verify signature\n");
+		Cl_ctx->Cli_STATUS = Cl_fault;
+		return DIMAVERIFYFAILURE;
+	}
+
+	Cl_ctx->Cli_STATUS = Cl_verfd;
+
+
+	return DIMASUCCESS;
+
+}

ch-resp-self/Stage2.h

@@ -0,0 +1,45 @@
+#ifndef STAGE2_HEADERS_SEEN
+//check header file for re-def conflicts
+
+#define STAGE2_HEADERS_SEEN
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "mbedtls/config.h"
+
+#include "mbedtls/aes.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/hkdf.h"
+#include "mbedtls/md.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+
+
+#include "defines.h"
+
+
+DIMASTATUS load_nodes(Client_info * Cl_list);
+
+DIMASTATUS genNONCE( Client_info * Cl_ctx);
+
+DIMASTATUS challenge( mbedtls_pk_context * pk_ctx, Client_info * Cl_ctx, uint8_t *sign, size_t *signlen);
+//DIMASTATUS challengeCTX( mbedtls_pk_context * pk_ctx, Client_info * Cl_ctx, Chall_context * ch_ctx);
+
+
+DIMASTATUS response( mbedtls_pk_context * pk_ctx, Client_info * Cl_ctx, uint8_t *sign, size_t signlen);
+//DIMASTATUS responseCTX( mbedtls_pk_context * pk_ctx, Client_info * Cl_ctx, Resp_context * resp_ctx);
+
+
+
+#endif	

ch-resp-self/clientkeys/Client1_pub.pem

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3oUdlMtMjJjf6Co58GJZEV2bvqrQ
+KUOu4cC822amlPgucZnX7gI4VbqqJ/Tjk5IieiNBFbh0/2vsyRo3Lis58A==
+-----END PUBLIC KEY-----

ch-resp-self/defines.h

@@ -1,4 +1,9 @@
 
+#ifndef DEFINE_HEADERS_SEEN
+//check header file for re-def conflicts
+
+#define DEFINE_HEADERS_SEEN
+
 /* ERROR CODES TO BE USED IN DIMA */
 
 #define DIMASTATUS			int
@@ -16,6 +21,11 @@
 #define DIMADRBGFAILURE		-1008
 #define DIMAHKDFFAILURE		-1009
 #define DIMAPKFAILURE		-1010
+#define DIMASIGNFAILURE		-1011
+#define DIMAVERIFYFAILURE	-1012
+
+
+#define DIMAINFOMISMATCH	-1100
 
 
 #define DIMAFAILUREUNKWN	-1111
@@ -33,6 +43,10 @@
 #define RSA_SIZE			2048	//4096
 #define RSA_EXP				65537
 #define KEY_BUF_SIZE		16000
+#define NONCE_SIZE			2
+
+
+
 
 /* SPECIFIC AND SPECIAL VALUES */
 /* DO NOT CHANGE THIS BLOCK */
@@ -51,7 +65,7 @@
 
 #define isRSA			0
 #define isECC 			1
-#define DFL_PKC			isECC		// isECC, 1 = ECC, 0= RSA
+#define DFL_PKC			isRSA		// isECC, 1 = ECC, 0= RSA
 
 //#define BIN 			2
 #define PEM 			0
@@ -72,6 +86,24 @@
 
 //////////////////////////////////////////////////
 
+///Stage 2 configs
+
+#define CL_NOS	2		//No of clients to be verified by THIS node
+
+
+//Clinet verification status
+#define Cl_unverf		0
+#define Cl_verfd		1
+#define Cl_fault		-1
+#define DFL_CL_STAT		Cl_unverf
+
+//Client capabilities	master, node, leaf
+//evita full, med, small
+#define CAP_FULL		1
+
+#define DFL_CAP		CAP_FULL
+
+///////////////////////////////////////////////////
 
 /* typedefs */
 
@@ -88,6 +120,9 @@ typedef struct
     int 					KEY_FORM;		//BIN,PEM,DER
     char * 					pub_file;
     char *					priv_file;
+    //placeholder, not implemented
+    mbedtls_ecp_point *			pub_key;		//used to store keys in mem, if needed
+    mbedtls_mpi *				priv_key;
 
 } KeyDrv_context;
 
@@ -99,6 +134,49 @@ typedef struct
 	const char *			filename;		//in file
 	size_t					inLen;
 	uint8_t * 				outbuf;			//out buf			
-} Hash_contxt;
+} Hash_context;
 
 //useless structure ^ this one
+
+
+typedef struct 
+{
+	/*
+	Use this struct to load, store and update client info on server side
+	or both ways if mutual attestation is possible
+	*/
+	const char *			cli_ID;
+	const char *			pub_file;
+	mbedtls_ecp_point *		pub_key;
+	int 					Cli_STATUS;
+	int 					Cli_CAP;
+	const uint8_t	*		NONCE;
+
+} Client_info;
+
+typedef struct 
+{
+	//Use this struct to maintain uniformity between client and sever
+
+	const char *			cli_ID;
+	const uint8_t *			NONCE;
+	const uint8_t *			sign;
+	const size_t 			sig_len;
+
+} Chall_context;
+
+
+typedef struct 
+{
+	//Use this struct to maintain uniformity between client and sever
+
+	const char *			cli_ID;
+	const uint8_t *			NONCE;
+	const uint8_t *			sign;
+	const size_t 			sig_len;
+} Resp_context;
+
+
+
+#endif	//DEFINE_HEADERS_SEEN
+//End of file