diff --git a/trial4/ROMprotocol.c b/trial4/ROMprotocol.c index eb31ad4..0a9a8e4 100644 --- a/trial4/ROMprotocol.c +++ b/trial4/ROMprotocol.c @@ -156,9 +156,9 @@ if(DEBUG) 0xbe,0x67,0x0a,0xf8,0xf3,0x92,0x0e,0xba, 0x68,0xd1,0x56,0xea,0x34,0x3f,0xbc,0x4f }; - uint8_t * CDIKEY = calloc(1, sizeof(uint8_t)*CDI_KEY_SIZE); + uint8_t * CDIKEY = calloc(1, sizeof(uint8_t)*HKDF_KEY_SIZE); ret = mbedtls_hkdf(md_info, salt, sizeof(salt), CDI, SHA256_DGST_SIZE, - IDENTITY, sizeof(IDENTITY), CDIKEY, CDI_KEY_SIZE); + IDENTITY, sizeof(IDENTITY), CDIKEY, HKDF_KEY_SIZE); if(ret < DIMASUCCESS) { @@ -172,7 +172,7 @@ if(DEBUG) if(DEBUG) { - for(int i = 0; i < CDI_KEY_SIZE; i++) + for(int i = 0; i < HKDF_KEY_SIZE; i++) printf("%hhx",CDIKEY[i]); printf(" : CDIKEY\n"); } diff --git a/trial4/defines.h b/trial4/defines.h index f100963..f4b1ada 100644 --- a/trial4/defines.h +++ b/trial4/defines.h @@ -26,7 +26,7 @@ /* CONSTANTS TO BE USED IN DIMA */ #define SHA256_DGST_SIZE 32 //bytes #define UDS_SIZE 8 -#define CDI_KEY_SIZE 32 +#define HKDF_KEY_SIZE 32 #define HKDF_ALG MBEDTLS_MD_SHA256 #define ECC_CURVE MBEDTLS_ECP_DP_SECP256R1 //mbedtls_ecp_group_id #define RSA_HASH_ID MBEDTLS_MD_SHA256 diff --git a/trial4/main.c b/trial4/main.c index 4c1e1c0..f6e78c4 100644 --- a/trial4/main.c +++ b/trial4/main.c @@ -10,7 +10,84 @@ void main() ret = ROMprotocol(); /*release resources*/ - //alias and session keys, firmware execution + //ALIAS and session keys, firmware execution + + //measure firmware.bin + //measure firmware.conf + //measure .... + //calculate FW_ID - composite hash of all above measurements + //create ALIAS KD_ctx + //keygen + //publish keys + + + //placeholder FW_ID + uint8_t FW_ID[SHA256_DGST_SIZE] = { 0xf3,0x92,0x0e,0x4f,0xbe,0x67,0x0a,0xf8, + 0xf1,0xd9,0x30,0xe2,0x33,0xcc,0x28,0xc5, + 0xba,0x68,0xd1,0x56,0xea,0x34,0x3f,0xbc, + 0xe6,0x66,0xbb,0x1e,0x7b,0xbb,0x38,0x7d }; + + const mbedtls_md_info_t * md_info; + if(!(md_info = mbedtls_md_info_from_type(HKDF_ALG))) + { + perror("DIMAHKDFFAILURE: MD alg type def failed\n"); + exit(DIMAHKDFFAILURE); + } + + uint8_t salt[32] = { 0x68, 0x5e, 0x4e, 0xbe, 0xf2, 0xbe, 0xb9, 0xd5, 0x13, + 0x7c, 0x14, 0x71, 0x20, 0xfb, 0x42, 0x32, 0x54, 0x12, + 0x3e, 0x31, 0xa6, 0x89, 0x4c, 0xe0, 0x58, 0x51, 0x0e, + 0x26, 0xb0, 0xdd, 0x78, 0x55 }; + + uint8_t * FWKEY = calloc(1, sizeof(uint8_t)*HKDF_KEY_SIZE); + ret = mbedtls_hkdf(md_info, salt, sizeof(salt), FW_ID, SHA256_DGST_SIZE, + ALIAS, sizeof(ALIAS), FWKEY, HKDF_KEY_SIZE); + + if(ret < DIMASUCCESS) + { + perror("DIMAHKDFFAILURE\n"); + exit(DIMAHKDFFAILURE); + } + + KeyDrv_context ALIAS_ctx; + ALIAS_ctx.ENT_MODE = DFL_ENT; + ALIAS_ctx.PKC_MODE = DFL_PKC; + ALIAS_ctx.seed = FWKEY; + ALIAS_ctx.phrase = ALIAS; + ALIAS_ctx.KEY_FORM = DFL_FORM; + + printf("Generating Alias keys\n"); + + ret = AsymmKeyGen(&ALIAS_ctx); + if(ret < DIMASUCCESS) + { + perror("DIMAFAILURE : ALIAS key gen failed\n"); + exit(DIMAFAILURE); + } + + + + //Session key creation + //receive session nonce from verifier? + //placeholder + char * nonce = "session1"; + + KeyDrv_context SSN_ctx; + SSN_ctx.ENT_MODE = SW_PRNG; + SSN_ctx.PKC_MODE = DFL_PKC; + SSN_ctx.seed = FWKEY; + SSN_ctx.phrase = nonce; + SSN_ctx.KEY_FORM = DFL_FORM; + + printf("Generating Session keys\n"); + + ret = AsymmKeyGen(&SSN_ctx); + if(ret < DIMASUCCESS) + { + perror("DIMAFAILURE : SESSION key gen failed\n"); + exit(DIMAFAILURE); + } + printf("Successful exit\n"); return; diff --git a/trial4/out/main b/trial4/out/main index 1212411..e73f4e2 100755 Binary files a/trial4/out/main and b/trial4/out/main differ