fixed KDF

trial1/layer1.c

@@ -148,15 +148,15 @@ int calcCDID(uint8_t * UDS_M, uint8_t * FW_M, uint8_t * CDID)
 
  	//print block
 
- 	BIO_printf(out,"UDID_M : ");
+ // 	BIO_printf(out,"UDID_M : ");
-	for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	 	BIO_printf(out,"%x",UDS_M[i]);
+	//  	BIO_printf(out,"%x",UDS_M[i]);
-	BIO_printf(out, "\n");
+	// BIO_printf(out, "\n");
 
-	BIO_printf(out,"FWID_M : ");
+	// BIO_printf(out,"FWID_M : ");
-	for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	 	BIO_printf(out,"%x",FW_M[i]);
+	//  	BIO_printf(out,"%x",FW_M[i]);
-	BIO_printf(out, "\n");
+	// BIO_printf(out, "\n");
 
 	BIO_printf(out,"CDI : ");
 	for(int i = 0; i < SHA256_DGST_SIZE; i++)
@@ -190,36 +190,43 @@ int _calcCDID(uint8_t * _CDID)
 	uint8_t* FW_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
 	readFWID(FW_ID);
 
-	//step3 : call calcCDID
+	////step3 : call calcCDID
 	calcCDID(UDS_ID,FW_ID,_CDID);
-
+	BIO_printf(out,"_CDI : ");
-	// BIO_printf(out,"_UDID : ");
+	for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	 	BIO_printf(out,"%x",_CDID[i]);
-	//  	BIO_printf(out,"%x",UDS_ID[i]);
+	BIO_printf(out, " : wrap \n\n\n");
-	// BIO_printf(out, "\n");
-
-	// BIO_printf(out,"_FWID : ");
-	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	//  	BIO_printf(out,"%x",FW_ID[i]);
-	// BIO_printf(out, "\n");
 
 
-	// BIO_printf(out,"_CDI : ");
+	//attempt 2 : use SHA256 here
-	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	BIO_printf(out,"_UDID : ");
-	//  	BIO_printf(out,"%x",_CDID[i]);
+	for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	// BIO_printf(out, "\n");
+	 	BIO_printf(out,"%x",UDS_ID[i]);
+	BIO_printf(out, "\n");
 
-	// SHA256_CTX *ctx;
+	BIO_printf(out,"_FWID : ");
-	// if(!SHA256_Init(ctx))
+	for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	// 	perror("SHA init failed\n");
+	 	BIO_printf(out,"%x",FW_ID[i]);
+	BIO_printf(out, "\n");
 
-	// if(!SHA256_Update(ctx, UDS_ID, UDSsize))
+	memset(_CDID, 0, SHA256_DGST_SIZE);
-	// 	perror("SHA update failed\n");
-	// if(!SHA256_Update(ctx, FW_ID, FW_size))
-	// 	perror("SHA update2 failed\n");
 
- // 	if(!SHA256_Final(_CDID, ctx))
+	BIO_printf(out,"_CDI 0 : ");
- // 		perror("SHA close failed\n");
+	for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	 	BIO_printf(out,"%x",_CDID[i]);
+	BIO_printf(out, "\n");
+
+	SHA256_CTX *ctx;
+	if(!SHA256_Init(ctx))
+		perror("SHA init failed\n");
+
+	if(!SHA256_Update(ctx, UDS_ID, UDSsize))
+		perror("SHA update failed\n");
+	if(!SHA256_Update(ctx, FW_ID, FW_size))
+		perror("SHA update2 failed\n");
+
+ 	if(!SHA256_Final(_CDID, ctx))
+  		perror("SHA close failed\n");
 
 
 	

trial1/layer1.h

@@ -1,5 +1,6 @@
 #include <stdio.h>
 #include <stdint.h>
+#include <string.h>
 
 #include <openssl/rand.h>
 #include <openssl/bio.h>

trial1/layer2.c

@@ -11,7 +11,7 @@ void startCDIProtocol()
 
 	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
 	//  	printf("%x",UDS_ID[i]);
-	//  printf("\n");
+	//  printf(" : UDS_ID, main\n");
 
 	//step 2 : Derive Firmware ID
 	uint8_t* FW_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
@@ -19,7 +19,7 @@ void startCDIProtocol()
 
 	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
 	//  	printf("%x",FW_ID[i]);
-	//  printf("\n");
+	//  printf(" : FW_ID, main\n");
 
 
 	//setp 3 : Derive Composite Device ID
@@ -28,28 +28,24 @@ void startCDIProtocol()
 	free(UDS_ID);
 	free(FW_ID);
 
+
+	// //wrapper funciton to avoid exposing UDS and FW measurements
+
 	// uint8_t* _CD_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
 	// _calcCDID(_CD_ID);
-	
+	// printf( "CDID wrap : ");
-	for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	 	printf("%x",CD_ID[i]);
+	//  	printf("%x",_CD_ID[i]);
-	printf( "\n");
+	// printf( "\n\n\n");
 
 	uint8_t* KEY_OUT = calloc(1,sizeof(uint8_t)*KDF_KEY_SIZE);
 	size_t KEY_LEN = KDF_KEY_SIZE;			//need to pass pointer to the out key size, not the value
 
 
 	if(deriveKDF(KEY_OUT, &KEY_LEN, CD_ID, SHA256_DGST_SIZE, PASSPHRASE, lenofstr(PASSPHRASE)))
-		printf("KDF call success\n");;
+		printf("\n\nKDF call success\n");;
 
 
-	//return value iz not correct.
-	//first 6 bytes are random, inconsistent, followed by two 0s then the next bytes are correct
-	//very suspicious behaviour
-	//is this similar to _cacl_CDID fun issue?
-	//should i use memset memcp isntead of passing pointers?
-	//learn pointers more thoroughly
-
 	for(int i = 0; i <= KDF_KEY_SIZE; i++)
 	 	printf("%x,",KEY_OUT[i]);
 	printf( "  :  KEY_OUT\n");
@@ -58,7 +54,7 @@ void startCDIProtocol()
 	//End block
 	
 	free(CD_ID);
-	//free(_CD_ID);
+	//free(_CD_ID);			//for wrapper function
 }
 
 
@@ -67,16 +63,16 @@ int deriveKDF(uint8_t * out, size_t * out_len, uint8_t * secret, int secret_len,
 	//create comtext
 	//ctx set params
 		//passphrase
-		//secret
+		//secret 		//CDI
 		//alg			//not taken as input. fixed to sha256
 		//salt 			//meh, hardcode salt too
 		//out
 
 	//hkdf derive key
 	
-	for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	 	printf("%x",secret[i]);
+	//  	printf("%x",secret[i]);
-	printf( " : secret\n");
+	// printf( " : secret\n");
 
 
 	//sample kdf prog
@@ -105,12 +101,11 @@ int deriveKDF(uint8_t * out, size_t * out_len, uint8_t * secret, int secret_len,
 	if (EVP_PKEY_derive(pctx, out, out_len) <= 0)
     	perror("pkey derivation failed:");
 
-    for(int i = 0; i <= KDF_KEY_SIZE; i++)
+ //    for(int i = 0; i <= KDF_KEY_SIZE; i++)
-	 	printf("%x,",out[i]);
+	//  	printf("%x,",out[i]);
-	printf( ": OUT\n");
+	// printf( ": OUT\n");
 
 	EVP_PKEY_CTX_free(pctx);
-	free(out);
 	
 	return 1; 
 }