fixed KDF

2020-05-27 15:58:52 +02:00 · 2020-05-27 15:58:52 +02:00 · ceb7014e9d
commit ceb7014e9d
parent f72659738d
4 changed files with 61 additions and 58 deletions
--- a/trial1/layer1.c
+++ b/trial1/layer1.c
@ -148,15 +148,15 @@ int calcCDID(uint8_t * UDS_M, uint8_t * FW_M, uint8_t * CDID)

 	//print block

- 	BIO_printf(out,"UDID_M : ");
-	for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	 	BIO_printf(out,"%x",UDS_M[i]);
-	BIO_printf(out, "\n");
+ // 	BIO_printf(out,"UDID_M : ");
+	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	//  	BIO_printf(out,"%x",UDS_M[i]);
+	// BIO_printf(out, "\n");

-	BIO_printf(out,"FWID_M : ");
-	for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	 	BIO_printf(out,"%x",FW_M[i]);
-	BIO_printf(out, "\n");
+	// BIO_printf(out,"FWID_M : ");
+	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	//  	BIO_printf(out,"%x",FW_M[i]);
+	// BIO_printf(out, "\n");

 	BIO_printf(out,"CDI : ");
 	for(int i = 0; i < SHA256_DGST_SIZE; i++)
@ -190,36 +190,43 @@ int _calcCDID(uint8_t * _CDID)
 	uint8_t* FW_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
 	readFWID(FW_ID);

-	//step3 : call calcCDID
+	////step3 : call calcCDID
 	calcCDID(UDS_ID,FW_ID,_CDID);
-
-	// BIO_printf(out,"_UDID : ");
-	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	//  	BIO_printf(out,"%x",UDS_ID[i]);
-	// BIO_printf(out, "\n");
-
-	// BIO_printf(out,"_FWID : ");
-	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	//  	BIO_printf(out,"%x",FW_ID[i]);
-	// BIO_printf(out, "\n");
+	BIO_printf(out,"_CDI : ");
+	for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	 	BIO_printf(out,"%x",_CDID[i]);
+	BIO_printf(out, " : wrap \n\n\n");


-	// BIO_printf(out,"_CDI : ");
-	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	//  	BIO_printf(out,"%x",_CDID[i]);
-	// BIO_printf(out, "\n");
+	//attempt 2 : use SHA256 here
+	BIO_printf(out,"_UDID : ");
+	for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	 	BIO_printf(out,"%x",UDS_ID[i]);
+	BIO_printf(out, "\n");

-	// SHA256_CTX *ctx;
-	// if(!SHA256_Init(ctx))
-	// 	perror("SHA init failed\n");
+	BIO_printf(out,"_FWID : ");
+	for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	 	BIO_printf(out,"%x",FW_ID[i]);
+	BIO_printf(out, "\n");

-	// if(!SHA256_Update(ctx, UDS_ID, UDSsize))
-	// 	perror("SHA update failed\n");
-	// if(!SHA256_Update(ctx, FW_ID, FW_size))
-	// 	perror("SHA update2 failed\n");
+	memset(_CDID, 0, SHA256_DGST_SIZE);

- // 	if(!SHA256_Final(_CDID, ctx))
- // 		perror("SHA close failed\n");
+	BIO_printf(out,"_CDI 0 : ");
+	for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	 	BIO_printf(out,"%x",_CDID[i]);
+	BIO_printf(out, "\n");
+
+	SHA256_CTX *ctx;
+	if(!SHA256_Init(ctx))
+		perror("SHA init failed\n");
+
+	if(!SHA256_Update(ctx, UDS_ID, UDSsize))
+		perror("SHA update failed\n");
+	if(!SHA256_Update(ctx, FW_ID, FW_size))
+		perror("SHA update2 failed\n");
+
+ 	if(!SHA256_Final(_CDID, ctx))
+  		perror("SHA close failed\n");


 	
--- a/trial1/layer1.h
+++ b/trial1/layer1.h
@ -1,5 +1,6 @@
 #include <stdio.h>
 #include <stdint.h>
+#include <string.h>

 #include <openssl/rand.h>
 #include <openssl/bio.h>
--- a/trial1/layer2.c
+++ b/trial1/layer2.c
@ -11,7 +11,7 @@ void startCDIProtocol()

 	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
 	//  	printf("%x",UDS_ID[i]);
-	//  printf("\n");
+	//  printf(" : UDS_ID, main\n");

 	//step 2 : Derive Firmware ID
 	uint8_t* FW_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
@ -19,7 +19,7 @@ void startCDIProtocol()

 	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
 	//  	printf("%x",FW_ID[i]);
-	//  printf("\n");
+	//  printf(" : FW_ID, main\n");


 	//setp 3 : Derive Composite Device ID
@ -28,37 +28,33 @@ void startCDIProtocol()
 	free(UDS_ID);
 	free(FW_ID);

-	//uint8_t* _CD_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
+
+	// //wrapper funciton to avoid exposing UDS and FW measurements
+
+	// uint8_t* _CD_ID = calloc(1,sizeof(uint8_t)*SHA256_DGST_SIZE);
 	// _calcCDID(_CD_ID);
-	
-	for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	 	printf("%x",CD_ID[i]);
-	printf( "\n");
+	// printf( "CDID wrap : ");
+	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	//  	printf("%x",_CD_ID[i]);
+	// printf( "\n\n\n");

 	uint8_t* KEY_OUT = calloc(1,sizeof(uint8_t)*KDF_KEY_SIZE);
 	size_t KEY_LEN = KDF_KEY_SIZE;			//need to pass pointer to the out key size, not the value


 	if(deriveKDF(KEY_OUT, &KEY_LEN, CD_ID, SHA256_DGST_SIZE, PASSPHRASE, lenofstr(PASSPHRASE)))
-		printf("KDF call success\n");;
+		printf("\n\nKDF call success\n");;


-	//return value iz not correct.
-	//first 6 bytes are random, inconsistent, followed by two 0s then the next bytes are correct
-	//very suspicious behaviour
-	//is this similar to _cacl_CDID fun issue?
-	//should i use memset memcp isntead of passing pointers?
-	//learn pointers more thoroughly
-
 	for(int i = 0; i <= KDF_KEY_SIZE; i++)
 	 	printf("%x,",KEY_OUT[i]);
-	printf( ":KEY_OUT\n");
+	printf( "  :  KEY_OUT\n");


 	//End block
 	
 	free(CD_ID);
-	//free(_CD_ID);
+	//free(_CD_ID);			//for wrapper function
 }


@ -67,16 +63,16 @@ int deriveKDF(uint8_t * out, size_t * out_len, uint8_t * secret, int secret_len,
 	//create comtext
 	//ctx set params
 		//passphrase
-		//secret
+		//secret 		//CDI
 		//alg			//not taken as input. fixed to sha256
 		//salt 			//meh, hardcode salt too
 		//out

 	//hkdf derive key
 	
-	for(int i = 0; i < SHA256_DGST_SIZE; i++)
-	 	printf("%x",secret[i]);
-	printf( " : secret\n");
+	// for(int i = 0; i < SHA256_DGST_SIZE; i++)
+	//  	printf("%x",secret[i]);
+	// printf( " : secret\n");


 	//sample kdf prog
@ -105,12 +101,11 @@ int deriveKDF(uint8_t * out, size_t * out_len, uint8_t * secret, int secret_len,
 	if (EVP_PKEY_derive(pctx, out, out_len) <= 0)
    	perror("pkey derivation failed:");

-    for(int i = 0; i <= KDF_KEY_SIZE; i++)
-	 	printf("%x,",out[i]);
-	printf( ": OUT\n");
+ //    for(int i = 0; i <= KDF_KEY_SIZE; i++)
+	//  	printf("%x,",out[i]);
+	// printf( ": OUT\n");

 	EVP_PKEY_CTX_free(pctx);
-	free(out);
-
+	
 	return 1; 
 }
--- a/trial1/out/main2
+++ b/trial1/out/main2