anandatul144/DIMA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

modifications modifications modifications

Browse Source 
added free blocks
fixed comments
This commit is contained in:
atul.jha 2021-02-11 12:43:04 +01:00
parent b0f9c787be
commit c54f7e0351
6 changed files with 254 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
trial5/KeyGen.c
View File

@ -134,8 +134,6 @@ DIMASTATUS AsymmKeyGen(KeyDrv_context * KD_ctx)
mbedtls_ctr_drbg_context drbgCtx; mbedtls_ctr_drbg_context drbgCtx;
mbedtls_ctr_drbg_init(&drbgCtx); mbedtls_ctr_drbg_init(&drbgCtx);
if(DEBUG)
printf("PASS 1\n");
mbedtls_pk_context pkey_ctx; mbedtls_pk_context pkey_ctx;
mbedtls_pk_init(&pkey_ctx); mbedtls_pk_init(&pkey_ctx);
@ -193,8 +191,7 @@ if(DEBUG)
exit(DIMAINVALIDSTATE); exit(DIMAINVALIDSTATE);
} }
if(DEBUG) if(DEBUG) printf("Generating ECC asymmetric key pair...\n");
printf("PASS 2\n");
//////ECC implementation //////ECC implementation
@ -222,11 +219,13 @@ if(DEBUG)
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pkey_ctx ); mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pkey_ctx );
if(DEBUG) if(DEBUG)
{ {
printf( "curve: %s\n", mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name ); printf( "key info : \ncurve: %s\n", mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name );
mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL ); mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL );
mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL ); mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL );
mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL ); mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL );
} }
mbedtls_ecp_keypair_free(ecp);
} }
else else
{ {
@ -280,6 +279,7 @@ if(DEBUG)
if(DEBUG) if(DEBUG)
{ {
printf("RSA Key pair info :\n");
mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); mbedtls_mpi_write_file( "N: ", &N, 16, NULL );
mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); mbedtls_mpi_write_file( "E: ", &E, 16, NULL );
mbedtls_mpi_write_file( "D: ", &D, 16, NULL ); mbedtls_mpi_write_file( "D: ", &D, 16, NULL );
@ -291,6 +291,15 @@ if(DEBUG)
} }
} }
mbedtls_mpi_free(&N);
mbedtls_mpi_free(&P);
mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D);
mbedtls_mpi_free(&E);
mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ);
mbedtls_mpi_free(&QP);
} }
else else
{ {
@ -306,6 +315,11 @@ if(DEBUG)
////////////////////////////TODO/////////////////////////// ////////////////////////////TODO///////////////////////////
//free block //free block
mbedtls_entropy_free(&entropyCtx);
mbedtls_ctr_drbg_free(&drbgCtx);
mbedtls_pk_free(&pkey_ctx);
return DIMASUCCESS; return DIMASUCCESS;
} }
@ -383,7 +397,7 @@ DIMASTATUS WritePrivKey(KeyDrv_context * KD_ctx, mbedtls_pk_context * pkey_ctx)
fwrite( outbuf, 1, len, fp ); fwrite( outbuf, 1, len, fp );
fclose( fp ); fclose( fp );
free(outbuf);
return(DIMASUCCESS); return(DIMASUCCESS);
} }
@ -441,7 +455,7 @@ DIMASTATUS WritePubKey(KeyDrv_context * KD_ctx, mbedtls_pk_context * pkey_ctx)
fwrite( outbuf, 1, len, fp ); fwrite( outbuf, 1, len, fp );
fclose( fp ); fclose( fp );
free(outbuf);
return(DIMASUCCESS); return(DIMASUCCESS);
} }

50
trial5/MutualAttestation.c
View File

@ -1,5 +1,5 @@
#include "Stage2.h" #include "Stage2.h"
//test
DIMASTATUS load_nodes(Node_info * nodelist) DIMASTATUS load_nodes(Node_info * nodelist)
{ {
@ -29,8 +29,8 @@ DIMASTATUS challenge_client(Node_info * Client)
{ {
DIMASTATUS ret = 0; DIMASTATUS ret = 0;
//if (DEBUG) if (DEBUG)
printf("challence node %s.... \n", Client->ID); printf("challenge node %s.... \n", Client->ID);
Chall_context Ch; Chall_context Ch;
Ch.siglen = 0; Ch.siglen = 0;
@ -52,14 +52,14 @@ DIMASTATUS challenge_client(Node_info * Client)
memcpy(Client->NONCE, Ch.NONCE, NONCE_SIZE); memcpy(Client->NONCE, Ch.NONCE, NONCE_SIZE);
//if(DEBUG) if(DEBUG)
{ {
for(int i = 0; i < NONCE_SIZE; i++) for(int i = 0; i < NONCE_SIZE; i++)
printf("%hhx",Ch.NONCE[i]); printf("%hhx",Ch.NONCE[i]);
printf(" : NONCE chall\n"); printf(" : NONCE chall\n");
} }
//if(DEBUG) if(DEBUG)
{ {
for(int i = 0; i < NONCE_SIZE; i++) for(int i = 0; i < NONCE_SIZE; i++)
printf("%hhx",Client->NONCE[i]); printf("%hhx",Client->NONCE[i]);
@ -67,7 +67,7 @@ DIMASTATUS challenge_client(Node_info * Client)
} }
//loading private key //loading private key
//if (DEBUG) if (DEBUG)
printf("load private key\n"); printf("load private key\n");
mbedtls_pk_context priv_ctx; mbedtls_pk_context priv_ctx;
@ -81,7 +81,7 @@ DIMASTATUS challenge_client(Node_info * Client)
} }
//measuring NONCe //measuring NONCe
//if(DEBUG) if(DEBUG)
printf("measuring nonce\n"); printf("measuring nonce\n");
uint8_t* dgst = calloc(1, sizeof(uint8_t)*SHA256_DGST_SIZE); uint8_t* dgst = calloc(1, sizeof(uint8_t)*SHA256_DGST_SIZE);
@ -95,7 +95,7 @@ DIMASTATUS challenge_client(Node_info * Client)
printf("DIMASHAFAILURE : could not perfom SHA digest -0x%04x\n", (unsigned int) -ret); printf("DIMASHAFAILURE : could not perfom SHA digest -0x%04x\n", (unsigned int) -ret);
return DIMASHAFAILURE; return DIMASHAFAILURE;
} }
//if(DEBUG) if(DEBUG)
{ {
for(int i = 0; i < SHA256_DGST_SIZE; i++) for(int i = 0; i < SHA256_DGST_SIZE; i++)
printf("%hhx",dgst[i]); printf("%hhx",dgst[i]);
@ -103,7 +103,7 @@ DIMASTATUS challenge_client(Node_info * Client)
} }
//signing NONCE //signing NONCE
//if(DEBUG) if(DEBUG)
printf("SIGNING nonce\n"); printf("SIGNING nonce\n");
ret = mbedtls_pk_sign(&priv_ctx, MBEDTLS_MD_SHA256, dgst, SHA256_DGST_SIZE, Ch.sign, &siglen, NULL, NULL); ret = mbedtls_pk_sign(&priv_ctx, MBEDTLS_MD_SHA256, dgst, SHA256_DGST_SIZE, Ch.sign, &siglen, NULL, NULL);
if(ret < DIMASUCCESS) if(ret < DIMASUCCESS)
@ -113,7 +113,7 @@ DIMASTATUS challenge_client(Node_info * Client)
} }
Ch.siglen = siglen; Ch.siglen = siglen;
//if(DEBUG) if(DEBUG)
{ {
for(int i=0; i< siglen; i++) for(int i=0; i< siglen; i++)
printf("%hhx",Ch.sign[i] ); printf("%hhx",Ch.sign[i] );
@ -121,7 +121,7 @@ DIMASTATUS challenge_client(Node_info * Client)
} }
//sending challenge //sending challenge
//if(DEBUG) if(DEBUG)
printf("sending challenge...\n"); printf("sending challenge...\n");
@ -133,7 +133,7 @@ DIMASTATUS challenge_client(Node_info * Client)
memcpy(netBuff, Ch.NONCE, NONCE_SIZE); memcpy(netBuff, Ch.NONCE, NONCE_SIZE);
memcpy(&netBuff[NONCE_SIZE + PAD], Ch.sign, Ch.siglen); memcpy(&netBuff[NONCE_SIZE + PAD], Ch.sign, Ch.siglen);
sleep(1); //sleep(1);
ret = mbedtls_net_send(Client->fd, netBuff, NONCE_SIZE+Ch.siglen+PAD ); ret = mbedtls_net_send(Client->fd, netBuff, NONCE_SIZE+Ch.siglen+PAD );
if(ret < DIMASUCCESS) if(ret < DIMASUCCESS)
{ {
@ -141,9 +141,15 @@ DIMASTATUS challenge_client(Node_info * Client)
return DIMANETWORKFAILURE; return DIMANETWORKFAILURE;
} }
//if(DEBUG) if(DEBUG)
printf("sent %d bytes\n", ret); printf("sent %d bytes\n", ret);
//////FREE
mbedtls_entropy_free(&entropy);
mbedtls_pk_free(&priv_ctx);
free(dgst);
return ret; return ret;
} }
@ -189,6 +195,12 @@ DIMASTATUS verify_client(Node_info * Client, Resp_context * Rp)
return DIMASIGNFAILURE; return DIMASIGNFAILURE;
} }
*Client->status = (uint8_t) Cl_verfd;
//////////FREEEEEEEE
free(dgst);
mbedtls_pk_free(&Cli_ctx);
return DIMASUCCESS; return DIMASUCCESS;
} }
@ -249,7 +261,7 @@ DIMASTATUS response_master(Node_info * Server, Resp_context * Rp, unsigned char
} }
//measuring NONCe //measuring NONCe
//if(DEBUG) if(DEBUG)
printf("measuring nonce\n"); printf("measuring nonce\n");
uint8_t* dgst = calloc(1, sizeof(uint8_t)*SHA256_DGST_SIZE); uint8_t* dgst = calloc(1, sizeof(uint8_t)*SHA256_DGST_SIZE);
@ -263,7 +275,7 @@ DIMASTATUS response_master(Node_info * Server, Resp_context * Rp, unsigned char
printf("DIMASHAFAILURE : could not perfom SHA digest -0x%04x\n", (unsigned int) -ret); printf("DIMASHAFAILURE : could not perfom SHA digest -0x%04x\n", (unsigned int) -ret);
return DIMASHAFAILURE; return DIMASHAFAILURE;
} }
//if(DEBUG) if(DEBUG)
{ {
for(int i = 0; i < SHA256_DGST_SIZE; i++) for(int i = 0; i < SHA256_DGST_SIZE; i++)
printf("%hhx",dgst[i]); printf("%hhx",dgst[i]);
@ -271,7 +283,7 @@ DIMASTATUS response_master(Node_info * Server, Resp_context * Rp, unsigned char
} }
//signing NONCE //signing NONCE
//if(DEBUG) if(DEBUG)
printf("SIGNING nonce\n"); printf("SIGNING nonce\n");
ret = mbedtls_pk_sign(&priv_ctx, MBEDTLS_MD_SHA256, dgst, SHA256_DGST_SIZE, Rp->sign, &siglen, NULL, NULL); ret = mbedtls_pk_sign(&priv_ctx, MBEDTLS_MD_SHA256, dgst, SHA256_DGST_SIZE, Rp->sign, &siglen, NULL, NULL);
if(ret < DIMASUCCESS) if(ret < DIMASUCCESS)
@ -281,7 +293,7 @@ DIMASTATUS response_master(Node_info * Server, Resp_context * Rp, unsigned char
} }
Rp->siglen = siglen; Rp->siglen = siglen;
//if(DEBUG) if(DEBUG)
{ {
for(int i=0; i< siglen; i++) for(int i=0; i< siglen; i++)
printf("%hhx",Rp->sign[i] ); printf("%hhx",Rp->sign[i] );
@ -289,7 +301,7 @@ DIMASTATUS response_master(Node_info * Server, Resp_context * Rp, unsigned char
} }
//sending challenge //sending challenge
//if(DEBUG) if(DEBUG)
printf("sending response...\n"); printf("sending response...\n");
@ -309,7 +321,7 @@ DIMASTATUS response_master(Node_info * Server, Resp_context * Rp, unsigned char
return DIMANETWORKFAILURE; return DIMANETWORKFAILURE;
} }
//if(DEBUG) if(DEBUG)
for(int i; i < NODE_ID_SIZE + Rp->siglen + PAD; i++) for(int i; i < NODE_ID_SIZE + Rp->siglen + PAD; i++)
printf("%hhx", netBuff[i]); printf("%hhx", netBuff[i]);
printf(" : sent %d bytes\n", ret); printf(" : sent %d bytes\n", ret);

226
trial5/ROMprotocol.c
View File

@ -1,47 +1,86 @@
#include "ROMprotocol.h" #include "ROMprotocol.h"
/*
DIMASTATUS ret = 0;
int len = 0;
if(DEBUG)
{printf("PASS \n");}
if(ret < DIMASUCCESS)
{
perror("\n");
//other cleanup
exit();
}
*/
DIMASTATUS ROMprotocol() DIMASTATUS ROMprotocol()
{ {
printf("PASS 10\n"); printf("Start DICE protocol...\n");
DIMASTATUS ret = 0; DIMASTATUS ret = 0;
int len = 0; int len = 0;
if(DEBUG) if(DEBUG)
{printf("PASS 11\n");} {printf("Calculating device secrets ...\n");}
//Calculate DIMA RTM hash //Calculate DIMA RTM hash
//RTM, i.e this file measures itself
//////////////TODO//////////////// uint8_t* RTM_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
//this should be calculated on the DIMA bin and remain static. FILE *rtm = NULL;
//how to do that? rtm = fopen("ROMprotocol.c", "rb");
//hardcoding junk value for now if(!rtm)
{
perror("DIMAFILENOTFOUND: Unable to find RTM(?)\n");
fclose(rtm);
exit(DIMAFILENOTFOUND);
}
mbedtls_sha256_context RTM_ctx;
mbedtls_sha256_init(&RTM_ctx);
ret = mbedtls_sha256_starts_ret(&RTM_ctx,0);
if(ret < DIMASUCCESS)
{
perror("DIMASHAFAILURE : Failed to create hash context\n");
mbedtls_sha256_free(&RTM_ctx);
exit(DIMASHAFAILURE);
}
uint8_t *RTMbuf = calloc(1, sizeof(uint8_t)*1024);
while( (ret = fread(RTMbuf, 1024, 1, rtm))&& (ret != EOF))
{
ret = mbedtls_sha256_update_ret(&RTM_ctx, RTMbuf, 1024);
if(ret < DIMASUCCESS)
{
perror("DIMASHAFAILURE : Failed to measure RTM\n");
mbedtls_sha256_free(&RTM_ctx);
exit(DIMASHAFAILURE);
}
memset(RTMbuf,0,1024);
}
ret = mbedtls_sha256_update_ret(&RTM_ctx, RTMbuf, ret);
if(ret < DIMASUCCESS)
{
perror("DIMASHAFAILURE : Failed to measure RTM\n");
mbedtls_sha256_free(&RTM_ctx);
exit(DIMASHAFAILURE);
}
ret = mbedtls_sha256_finish_ret(&RTM_ctx,RTM_ID);
if(ret < DIMASUCCESS)
{
perror("DIMASHAFAILURE : Failed to measure RTM\n");
mbedtls_sha256_free(&RTM_ctx);
exit(DIMASHAFAILURE);
}
fclose(rtm);
free(RTMbuf);
mbedtls_sha256_free(&RTM_ctx);
if(DEBUG)
{
for (int i = 0; i < SHA256_DGST_SIZE; i++)
printf("%hhx", RTM_ID[i]);
printf(" : RTM ID\n" );
}
uint8_t RTM_ID[SHA256_DGST_SIZE] = { 0xbe,0x67,0x0a,0xf8,0xf3,0x92,0x0e,0x4f,
0xba,0x68,0xd1,0x56,0xea,0x34,0x3f,0xbc,
0xf1,0xd9,0x30,0xe2,0x33,0xcc,0x28,0xc5,
0x7b,0xbb,0x38,0x7d,0xe6,0x66,0xbb,0x1e };
//Calculating UDS hash //Calculating UDS hash
@ -50,22 +89,18 @@ DIMASTATUS ROMprotocol()
if(!fp) if(!fp)
{ {
perror("DIMAFILENOTFOUND: Unable to access UDS\n"); perror("DIMAFILENOTFOUND: Unable to access UDS\n");
printf("For the same of testing, please run >> \
\n dd if=/dev/urandom of=SecureStorage/RANDFILE bs=256 count=1 \n and retry ..\n");
fclose(fp); fclose(fp);
exit(DIMAFILENOTFOUND); exit(DIMAFILENOTFOUND);
} }
if(DEBUG)
{printf("PASS 12\n");}
uint8_t *UDSbuf = calloc(1, sizeof(uint8_t)*SHA256_DGST_SIZE); uint8_t *UDSbuf = calloc(1, sizeof(uint8_t)*SHA256_DGST_SIZE);
fread(UDSbuf,UDS_SIZE,1,fp); fread(UDSbuf,UDS_SIZE,1,fp);
fclose(fp); fclose(fp);
if(DEBUG)
{printf("PASS 13\n");}
uint8_t* UDS_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE); uint8_t* UDS_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
ret = mbedtls_sha256_ret( UDSbuf,UDS_SIZE,UDS_ID,0 ); ret = mbedtls_sha256_ret( UDSbuf,UDS_SIZE,UDS_ID,0 );
if(ret < DIMASUCCESS) if(ret < DIMASUCCESS)
@ -130,7 +165,7 @@ if(DEBUG)
} }
free(UDS_ID); free(UDS_ID);
//free(RTM_ID); free(RTM_ID);
mbedtls_sha256_free(&CDI_ctx); mbedtls_sha256_free(&CDI_ctx);
if(DEBUG) if(DEBUG)
@ -140,8 +175,6 @@ if(DEBUG)
printf(" : CDI\n"); printf(" : CDI\n");
} }
if(DEBUG)
{printf("PASS 14\n");}
//Calculating CDI key, HKDF //Calculating CDI key, HKDF
const mbedtls_md_info_t * md_info; const mbedtls_md_info_t * md_info;
@ -168,8 +201,6 @@ if(DEBUG)
exit(DIMAHKDFFAILURE); exit(DIMAHKDFFAILURE);
} }
//free(CDI);
if(DEBUG) if(DEBUG)
{ {
for(int i = 0; i < HKDF_KEY_SIZE; i++) for(int i = 0; i < HKDF_KEY_SIZE; i++)
@ -177,14 +208,12 @@ if(DEBUG)
printf(" : CDIKEY\n"); printf(" : CDIKEY\n");
} }
if(DEBUG)
{printf("PASS 15\n");}
//Every key derivation should start with a new KD contxt //Every key derivation should start with a new KD contxt
//setting context for DID //setting context for DID
//creating scope to reduce access to key derivation context
//is there a better way to do this?
{
KeyDrv_context DID_ctx; KeyDrv_context DID_ctx;
DID_ctx.ENT_MODE = DETERM; DID_ctx.ENT_MODE = DETERM;
DID_ctx.PKC_MODE = DFL_PKC; DID_ctx.PKC_MODE = DFL_PKC;
@ -194,9 +223,6 @@ if(DEBUG)
//DID_ctx.pub_file = DFL_PUB; //DID_ctx.pub_file = DFL_PUB;
//DID_ctx.priv_file = DFL_PRIV; //Dont save DID priv outside SS //DID_ctx.priv_file = DFL_PRIV; //Dont save DID priv outside SS
if(DEBUG)
{printf("PASS 16\n");}
//Deriving and storing DID //Deriving and storing DID
ret = AsymmKeyGen(&DID_ctx); ret = AsymmKeyGen(&DID_ctx);
if(ret < DIMASUCCESS) if(ret < DIMASUCCESS)
@ -205,6 +231,7 @@ if(DEBUG)
free(CDIKEY); free(CDIKEY);
exit(DIMAFAILURE); exit(DIMAFAILURE);
} }
}
free(CDIKEY); //But CDIKey is needed to gen AliasKP free(CDIKEY); //But CDIKey is needed to gen AliasKP
//delete DID_ctx?? //delete DID_ctx??
@ -214,16 +241,91 @@ if(DEBUG)
//////////////////////////deriving alisa keys //////////////////////////deriving alisa keys
//placeholder FW_ID //FW_ID = #(MututalAuthentication.c)
uint8_t FW_ID[SHA256_DGST_SIZE] = { 0xf3,0x92,0x0e,0x4f,0xbe,0x67,0x0a,0xf8, //conf_ID = #(define.h)
0xf1,0xd9,0x30,0xe2,0x33,0xcc,0x28,0xc5, if(DEBUG) printf("Measuring Firmware and config files ...\n");
0xba,0x68,0xd1,0x56,0xea,0x34,0x3f,0xbc, uint8_t * FW_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
0xe6,0x66,0xbb,0x1e,0x7b,0xbb,0x38,0x7d };
mbedtls_sha256_context FW_ctx;
mbedtls_sha256_init(&FW_ctx);
FILE *fw = NULL;
fw = fopen("MutualAttestation.c", "rb");
if(!fw)
{
perror("DIMAFILENOTFOUND: Unable to find stage 2 files(?)\n");
fclose(fw);
exit(DIMAFILENOTFOUND);
}
ret = mbedtls_sha256_starts_ret(&FW_ctx,0);
if(ret < DIMASUCCESS)
{
perror("DIMASHAFAILURE : Failed to create hash context\n");
mbedtls_sha256_free(&FW_ctx);
exit(DIMASHAFAILURE);
}
uint8_t *FWbuf = calloc(1, sizeof(uint8_t)*1024);
while( (ret = fread(FWbuf, 1024, 1, fw))&& (ret != EOF))
{
ret = mbedtls_sha256_update_ret(&FW_ctx, FWbuf, 1024);
if(ret < DIMASUCCESS)
{
perror("DIMASHAFAILURE : Failed to measure Stage2 files\n");
mbedtls_sha256_free(&FW_ctx);
exit(DIMASHAFAILURE);
}
memset(FWbuf,0,1024);
}
ret = mbedtls_sha256_update_ret(&FW_ctx, FWbuf, ret);
if(ret < DIMASUCCESS)
{
perror("DIMASHAFAILURE : Failed to measure RTM\n");
mbedtls_sha256_free(&FW_ctx);
exit(DIMASHAFAILURE);
}
ret = mbedtls_sha256_finish_ret(&FW_ctx,FW_ID);
if(ret < DIMASUCCESS)
{
perror("DIMASHAFAILURE : Failed to measure RTM\n");
mbedtls_sha256_free(&FW_ctx);
exit(DIMASHAFAILURE);
}
fclose(fw);
free(FWbuf);
mbedtls_sha256_free(&FW_ctx);
if(DEBUG)
{
for (int i = 0; i < SHA256_DGST_SIZE; i++)
printf("%hhx", FW_ID[i]);
printf(" : FW ID\n" );
}
//defines.h is volatile right now!
//changing define, hence alias key adds 3-4 steps to per round of testing
//include conf measurement only after everything else is fixed
//should be performed exactly as line 242, above
//calc conf_ID
//calc composite hash CDI2 with CDI, conf_ID nad fw_ID
//derive FWKEY from CDI2
uint8_t * FWKEY = calloc(1, sizeof(uint8_t)*HKDF_KEY_SIZE); uint8_t * FWKEY = calloc(1, sizeof(uint8_t)*HKDF_KEY_SIZE);
//create Alias key derivation material using CDI and seed and FW_ID as salt //LAZY METHOD - create Alias key derivation material using CDI and seed and FW_ID as salt
//Alternatively do composite hash of CDI and FW_ID to create Alias key der material
ret = mbedtls_hkdf(md_info, FW_ID, sizeof(FW_ID), CDI, SHA256_DGST_SIZE, ret = mbedtls_hkdf(md_info, FW_ID, sizeof(FW_ID), CDI, SHA256_DGST_SIZE,
ALIAS, sizeof(ALIAS), FWKEY, HKDF_KEY_SIZE); ALIAS, sizeof(ALIAS), FWKEY, HKDF_KEY_SIZE);
@ -233,6 +335,9 @@ if(DEBUG)
exit(DIMAHKDFFAILURE); exit(DIMAHKDFFAILURE);
} }
//creating scope to reduce access to key derivation context
//is there a better way to do this?
{
KeyDrv_context ALIAS_ctx; KeyDrv_context ALIAS_ctx;
ALIAS_ctx.ENT_MODE = DETERM; ALIAS_ctx.ENT_MODE = DETERM;
ALIAS_ctx.PKC_MODE = DFL_PKC; ALIAS_ctx.PKC_MODE = DFL_PKC;
@ -248,22 +353,13 @@ if(DEBUG)
perror("DIMAFAILURE : ALIAS key gen failed\n"); perror("DIMAFAILURE : ALIAS key gen failed\n");
exit(DIMAFAILURE); exit(DIMAFAILURE);
} }
}
//session keys? //session keys?
free(CDI); free(CDI);
free(FWKEY); free(FWKEY);
if(DEBUG)
{printf("PASS 17\n");}
if(DEBUG)
{printf("PASS 100\n");}
return DIMASUCCESS; return DIMASUCCESS;
} }

0
trial5/keys/a
View File

41
trial5/main.c
View File

@ -14,7 +14,6 @@ int main()
/*lock Secure Storage*/ /*lock Secure Storage*/
//ALIAS and session keys, firmware execution //ALIAS and session keys, firmware execution
//measure firmware.bin //measure firmware.bin
@ -48,7 +47,6 @@ int main()
exit(DIMAFAILURE); exit(DIMAFAILURE);
} }
/////////////////KEY gen protocol ends here /////////////////KEY gen protocol ends here
/////////////////DID Priv key is purged/secure, other keys are available for use /////////////////DID Priv key is purged/secure, other keys are available for use
@ -65,7 +63,7 @@ int main()
Self.ID = DFL_ID; Self.ID = DFL_ID;
Self.status = DFL_CL_STAT; Self.status = DFL_CL_STAT;
printf("size of ID %ld\n", NODE_ID_SIZE ); //if(DEBUG) printf("size of ID %ld\n", NODE_ID_SIZE );
//Verifier Node code //Verifier Node code
if(Self.ID == MASTER_ID) if(Self.ID == MASTER_ID)
@ -110,7 +108,9 @@ int main()
return DIMANETWORKFAILURE; return DIMANETWORKFAILURE;
} }
//loop till all clients verified: //multiple clients to be veirfied!
//loop on nodelist till all clients verified
mbedtls_net_context fd_client; mbedtls_net_context fd_client;
mbedtls_net_init(&fd_client); mbedtls_net_init(&fd_client);
@ -131,7 +131,7 @@ int main()
printf("DIMANETWORKFAILURE : Failed to recv ID -0x%04x\n", (unsigned int) -ret); printf("DIMANETWORKFAILURE : Failed to recv ID -0x%04x\n", (unsigned int) -ret);
return DIMANETWORKFAILURE; return DIMANETWORKFAILURE;
} }
//if(DEBUG) if(DEBUG)
printf("recvd %d bytes ID %s \n", ret, netBuff); printf("recvd %d bytes ID %s \n", ret, netBuff);
if(strcmp(netBuff, nodelist[1].ID) == DIMASUCCESS) if(strcmp(netBuff, nodelist[1].ID) == DIMASUCCESS)
@ -160,14 +160,14 @@ int main()
//response from client //response from client
memset(netBuff,0,NETBUFSIZE); memset(netBuff,0,NETBUFSIZE);
ret = mbedtls_net_recv(nodelist[1].fd, netBuff, 100); ret = mbedtls_net_recv(nodelist[1].fd, netBuff, NETBUFSIZE);
if(ret <= DIMASUCCESS) if(ret <= DIMASUCCESS)
{ {
printf("DIMANETWORKFAILURE : Failed to recv response -0x%04x\n", (unsigned int) -ret); printf("DIMANETWORKFAILURE : Failed to recv response -0x%04x\n", (unsigned int) -ret);
return DIMANETWORKFAILURE; return DIMANETWORKFAILURE;
} }
for(int i; i < 100; i++) for(int i; i < ret; i++)
printf("%hhx",netBuff[i] ); printf("%hhx",netBuff[i] );
printf("Received data of len... %d\n Unpacking...\n", ret ); printf("Received data of len... %d\n Unpacking...\n", ret );
@ -178,7 +178,7 @@ int main()
memcpy(Rp.sign, &netBuff[NODE_ID_SIZE + PAD], Rp.siglen); memcpy(Rp.sign, &netBuff[NODE_ID_SIZE + PAD], Rp.siglen);
//if(DEBUG) if(DEBUG)
{ {
for(int i=0; i< Rp.siglen; i++) for(int i=0; i< Rp.siglen; i++)
printf("%hhx",Rp.sign[i] ); printf("%hhx",Rp.sign[i] );
@ -194,7 +194,18 @@ int main()
return DIMASIGNFAILURE; return DIMASIGNFAILURE;
} }
printf("Signature verified \n"); printf("Client signature verified \n");
mbedtls_net_free(&fd_client);
//finish loop, wait for next client
//FREE BLOCK
free(nodelist);
mbedtls_net_free(&fd_bind);
} }
@ -217,7 +228,7 @@ int main()
printf("Running as Slave node....\n"); printf("Running as Slave node....\n");
Node_info Server; Node_info Server;
Server.ID = MASTER_ID; Server.ID = MASTER_ID;
Server.pubKey_file = "clientkeys/Server_pub.pem"; Server.pubKey_file = "clientkeys/Server_pub.pemh";
mbedtls_net_context fd_server; mbedtls_net_context fd_server;
@ -248,7 +259,7 @@ int main()
//recv, unpack challenge contxt //recv, unpack challenge contxt
ret = mbedtls_net_recv(Server.fd, netBuff, 100); ret = mbedtls_net_recv(Server.fd, netBuff, NETBUFSIZE);
if(ret <= DIMASUCCESS) if(ret <= DIMASUCCESS)
{ {
printf("DIMANETWORKFAILURE : Failed to recv challenge -0x%04x\n", (unsigned int) -ret); printf("DIMANETWORKFAILURE : Failed to recv challenge -0x%04x\n", (unsigned int) -ret);
@ -257,7 +268,7 @@ int main()
return DIMANETWORKFAILURE; return DIMANETWORKFAILURE;
} }
for(int i; i < 100; i++) for(int i; i < ret; i++)
printf("%hhx",netBuff[i] ); printf("%hhx",netBuff[i] );
printf("Received data of len... %d\n Unpacking...\n", ret ); printf("Received data of len... %d\n Unpacking...\n", ret );
@ -266,14 +277,14 @@ int main()
memcpy(Ch.NONCE, netBuff, NONCE_SIZE); memcpy(Ch.NONCE, netBuff, NONCE_SIZE);
memcpy(Ch.sign, &netBuff[NONCE_SIZE + PAD], Ch.siglen); memcpy(Ch.sign, &netBuff[NONCE_SIZE + PAD], Ch.siglen);
//if(DEBUG) if(DEBUG)
{ {
for(int i = 0; i < NONCE_SIZE; i++) for(int i = 0; i < NONCE_SIZE; i++)
printf("%hhx",Ch.NONCE[i]); printf("%hhx",Ch.NONCE[i]);
printf(" : NONCE chall\n"); printf(" : NONCE chall\n");
} }
//if(DEBUG) if(DEBUG)
{ {
for(int i=0; i< Ch.siglen; i++) for(int i=0; i< Ch.siglen; i++)
printf("%hhx",Ch.sign[i] ); printf("%hhx",Ch.sign[i] );
@ -298,6 +309,8 @@ int main()
ret = response_master(&Server, &Rp, Ch.NONCE); ret = response_master(&Server, &Rp, Ch.NONCE);
//FREE BLOCK
mbedtls_net_free(&fd_server);
} }

0
trial5/out/a
View File