anandatul144/DIMA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Deterministic ECC rom Seed working

Browse Source
This commit is contained in:
atul.jha 2020-08-03 18:06:57 +02:00
parent 2585a82694
commit e9c4580013
7 changed files with 192 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
trial3/defines.h
View File

@ -31,4 +31,39 @@
/* CONFIGURATIONS */
#define USE_ECC 1
#define USE_ECC 1
#define USE_HW_TRNG 0
#define SW_PRNG 0
#define HW_TRNG 1
#define DETERM 2
/* SPECIFIC AND SPECIAL VALUES */
/* DO NOT CHANGE THIS BLOCK */
#define ACCUM_BUFF_OFFSET 2
#define ENTROPY_LEN 32
/* typedes */
typedef struct
{
/*
Use this typedef to define settings and vlaues to be passed to deriveECCKeyPair()
To be used or exchanging data between ROM and FW
*/
mbedtls_mpi secret; //Private key holder
mbedtls_ecp_point Public; //Public key holder
int ENT_MODE; //0 - SW_PRNG, 1 - HW_TRNG, 2 - DETERM,
int PKC_MODE; // isECC, 1 = ECC, 0= RSA
const uint8_t * seed; //To seed
const char * phrase; //Session string
} KeyDrv_context;

130
trial3/layer1.c
View File

@ -196,8 +196,85 @@ int _calcCDIKEY(uint8_t * CDIKEY)
//gen keypair
/* To use HW TRNG /dev/random as the source of entropy add source to entropy contxt -
*/
int deriveECCKeyPair(mbedtls_mpi * SK, mbedtls_ecp_point * PK)
int use_dev_random(void *data, unsigned char *output,
size_t len, size_t *olen )
{
FILE *file;
size_t ret, left = len;
unsigned char *p = output;
((void) data);
*olen = 0;
file = fopen( "/dev/random", "rb" );
if( file == NULL )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
while( left > 0 )
{
/* /dev/random can return much less than requested. If so, try again */
ret = fread( p, 1, left, file );
if( ret == 0 && ferror( file ) )
{
fclose( file );
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
}
p += ret;
left -= ret;
sleep( 1 );
}
fclose( file );
*olen = len;
return( 0 );
}
int seedRNGSource(void *data, unsigned char *output, size_t len)
{
//srand(); lib fun call //https://stackoverflow.com/questions/55927662/generate-every-time-same-rsa-key-with-c
//ctr_drbg //programs/test/benchmark.c:705
//hmac_drbg
//Fill entropy accum with CDI and pass to DRBG
mbedtls_entropy_context * p_ent = data;
printf("manual update entropy with CDI\n");
printf("%d : len of buffer\n", (int)sizeof(p_ent -> accumulator.buffer) );
if(memcpy(output, p_ent -> accumulator.buffer + ACCUM_BUFF_OFFSET , ENTROPY_LEN) < 0)
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
for(int i = 0; i < ENTROPY_LEN; i++)
printf("0x%hhx,",output[i]);
printf(" : CDIKEY\n");
len = ENTROPY_LEN;
printf("%d\n", (int)len );
return 0;
// ((void) data);
// printf("Direct return CDI to drbg\n");
// len = sizeof(CDI);
// memcpy(output, CDI, len);
// for(int i = 0; i < len; i++)
// printf("0x%hhx,",output[i]);
// printf(" : CDIKEY\n");
// printf("%d\n", (int)len);
// return 0;
}
int deriveECCKeyPair(KeyDrv_context * KD_ctx)
{
printf("inside deriveECCKeyPair layer1\n\n");
@ -229,15 +306,48 @@ int deriveECCKeyPair(mbedtls_mpi * SK, mbedtls_ecp_point * PK)
mbedtls_ctr_drbg_context drbgCtx;
mbedtls_ctr_drbg_init(&drbgCtx);
//Seed drbg with secret data now?
//move "private" string to n param
if(mbedtls_ctr_drbg_seed(&drbgCtx, mbedtls_entropy_func, &entropyCtx,
(const unsigned char *) "Private", sizeof("Private")) < 0)
if (KD_ctx->ENT_MODE == HW_TRNG) //HW RNG
{
perror("drbg seed failed\v");
return RIOTFAILURE;
printf("using /dev/random.... this may take a moment\n");
mbedtls_entropy_add_source( &entropyCtx, use_dev_random,
NULL, ENTROPY_LEN, MBEDTLS_ENTROPY_SOURCE_STRONG );
mbedtls_ctr_drbg_seed(&drbgCtx, mbedtls_entropy_func,
&entropyCtx,
(const unsigned char *) KD_ctx->phrase ,
strlen(KD_ctx->phrase)
);
}
else if (KD_ctx->ENT_MODE == DETERM) // Deterministic derviation with seed
{
printf("Seeding entropy accumulator....\n");
if(mbedtls_entropy_update_manual(&entropyCtx, KD_ctx->seed, ENTROPY_LEN) < 0)
{
perror("Accumulator seed failed\n");
return RIOTFAILURE;
}
if(mbedtls_ctr_drbg_seed(&drbgCtx, seedRNGSource, &entropyCtx,
(const unsigned char *) KD_ctx->phrase, sizeof(&KD_ctx->phrase)) < 0)
{
perror("drbg seed failed\v");
return RIOTFAILURE;
}
}
else //regular key derivation
{
printf("Accumulating entropy ...\n");
mbedtls_entropy_update_manual(&entropyCtx, KD_ctx->seed, ENTROPY_LEN);
mbedtls_ctr_drbg_seed(&drbgCtx, mbedtls_entropy_func,
&entropyCtx,
(const unsigned char *) KD_ctx->phrase ,
strlen(KD_ctx->phrase)
);
}
if(mbedtls_ecp_gen_keypair(&ecpGrp, &secret, &Public,
mbedtls_ctr_drbg_random, &drbgCtx) <0)
{
@ -270,8 +380,10 @@ int deriveECCKeyPair(mbedtls_mpi * SK, mbedtls_ecp_point * PK)
printf("%s : PrivKey\n",privkeybuf);
//copy keys to parent function
mbedtls_ecp_copy(PK, &Public);
mbedtls_mpi_copy(SK, &secret);
mbedtls_ecp_copy(&KD_ctx->Public, &Public);
mbedtls_mpi_copy(&KD_ctx->secret, &secret); /* Make SK NULL for Identitiy key generation */
//what now? how to obtain the keys in PEM/DER/bin format?

7
trial3/layer1.h
View File

@ -1,6 +1,8 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <mbedtls/bignum.h>
#include <mbedtls/entropy.h>
@ -30,7 +32,10 @@ int _calcCDID(uint8_t * CDID);
int _calcCDIKEY(uint8_t * CDIKEY);
int deriveECCKeyPair(mbedtls_mpi * SK, mbedtls_ecp_point * PK);
int seedRNGSource(void *data, unsigned char *output, size_t len);
int deriveECCKeyPair(KeyDrv_context * KD_ctx);
int deriveRSAKeyPair(void);

42
trial3/layer2.c
View File

@ -16,8 +16,10 @@ void ROMprotocol(void)
printf(" : CDIKEY main\n");
printf("USE_ECC %d\n", USE_ECC);
deriveDeviceIDKeyPair(CDIKEY, USE_ECC);
deriveDeviceIDKeyPair(CDIKEY, USE_ECC);
deriveDeviceIDKeyPair(CDIKEY, !USE_ECC);
printf("pass 100\n");
@ -25,23 +27,6 @@ printf("pass 100\n");
return;
}
void seedRNGSource(uint8_t * CDIKEY)
{
//srand(); lib fun call //https://stackoverflow.com/questions/55927662/generate-every-time-same-rsa-key-with-c
//ctr_drbg //programs/test/benchmark.c:705
//hmac_drbg
//seed rng with CDIKEY
//init
//drbg seed
return;
}
void deriveDeviceIDKeyPair(uint8_t * CDIKEY, int isECC)
{
@ -61,22 +46,31 @@ void deriveDeviceIDKeyPair(uint8_t * CDIKEY, int isECC)
//return pubkey and privkey both to L2?
if(isECC)
KeyDrv_context DID_ctx;
DID_ctx.ENT_MODE = DETERM; //deterministec
DID_ctx.PKC_MODE = isECC;
DID_ctx.seed = CDIKEY;
DID_ctx.phrase = IDENTITY;
if(DID_ctx.PKC_MODE == isECC)
{
mbedtls_mpi secret;
mbedtls_mpi_init(&secret);
//mbedtls_mpi secret;
mbedtls_mpi_init(&DID_ctx.secret);
mbedtls_ecp_point Public;
mbedtls_ecp_point_init(&Public);
//mbedtls_ecp_point Public;
mbedtls_ecp_point_init(&DID_ctx.Public);
//return pubkey and privkey both to L2?
deriveECCKeyPair(&secret, &Public);
deriveECCKeyPair(&DID_ctx);
//secret and Public contain raw key inormation of generated keys
//Public also needs group and context to handle ECP
//Converting raw info to PEM is not easible like this
//free(DID_ctx);
return;
}

6
trial3/layer2.h
View File

@ -16,15 +16,15 @@
#include <mbedtls/sha256.h>
#include "defines.h"
//#include "defines.h"
#define IDENTITY "Identity"
#define ALIAS "ALIAS"
void ROMprotocol(void);
void seedRNGSource(uint8_t * CDIKEY);
void deriveDeviceIDKeyPair(uint8_t * CDIKEY, int isECC);
void deriveAliasKeyPair(uint8_t * ALIKEY, int isECC);

11
trial3/links.txt
View File

@ -8,14 +8,19 @@ https://www.cryptopp.com/wiki/
https://forums.mbed.com/t/ecc-raw-byte-stream-to-pem/4540/3
https://github.com/ARMmbed/mbedtls/issues/2560
ENTROPY
gen_key.c
adding /dev/random to entropy -
mbedtls_entropy_add_source( &entropy, dev_random_entropy_poll,
NULL, DEV_RANDOM_THRESHOLD,
MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 )
https://forums.mbed.com/t/mbedtls-porting-into-new-environment-help-with-networking-and-entropy/4969
https://os.mbed.com/docs/mbed-os/v6.2/porting/entropy-sources.html
https://tls.mbed.org/discussions/crypto-and-ssl/deterministic-random-bit-generator-help

BIN
trial3/out/main
View File

Binary file not shown.