Alias and session keys
This commit is contained in:
parent
5102767b36
commit
f92dcf0f5b
@ -156,9 +156,9 @@ if(DEBUG)
|
|||||||
0xbe,0x67,0x0a,0xf8,0xf3,0x92,0x0e,0xba,
|
0xbe,0x67,0x0a,0xf8,0xf3,0x92,0x0e,0xba,
|
||||||
0x68,0xd1,0x56,0xea,0x34,0x3f,0xbc,0x4f };
|
0x68,0xd1,0x56,0xea,0x34,0x3f,0xbc,0x4f };
|
||||||
|
|
||||||
uint8_t * CDIKEY = calloc(1, sizeof(uint8_t)*CDI_KEY_SIZE);
|
uint8_t * CDIKEY = calloc(1, sizeof(uint8_t)*HKDF_KEY_SIZE);
|
||||||
ret = mbedtls_hkdf(md_info, salt, sizeof(salt), CDI, SHA256_DGST_SIZE,
|
ret = mbedtls_hkdf(md_info, salt, sizeof(salt), CDI, SHA256_DGST_SIZE,
|
||||||
IDENTITY, sizeof(IDENTITY), CDIKEY, CDI_KEY_SIZE);
|
IDENTITY, sizeof(IDENTITY), CDIKEY, HKDF_KEY_SIZE);
|
||||||
|
|
||||||
if(ret < DIMASUCCESS)
|
if(ret < DIMASUCCESS)
|
||||||
{
|
{
|
||||||
@ -172,7 +172,7 @@ if(DEBUG)
|
|||||||
|
|
||||||
if(DEBUG)
|
if(DEBUG)
|
||||||
{
|
{
|
||||||
for(int i = 0; i < CDI_KEY_SIZE; i++)
|
for(int i = 0; i < HKDF_KEY_SIZE; i++)
|
||||||
printf("%hhx",CDIKEY[i]);
|
printf("%hhx",CDIKEY[i]);
|
||||||
printf(" : CDIKEY\n");
|
printf(" : CDIKEY\n");
|
||||||
}
|
}
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
/* CONSTANTS TO BE USED IN DIMA */
|
/* CONSTANTS TO BE USED IN DIMA */
|
||||||
#define SHA256_DGST_SIZE 32 //bytes
|
#define SHA256_DGST_SIZE 32 //bytes
|
||||||
#define UDS_SIZE 8
|
#define UDS_SIZE 8
|
||||||
#define CDI_KEY_SIZE 32
|
#define HKDF_KEY_SIZE 32
|
||||||
#define HKDF_ALG MBEDTLS_MD_SHA256
|
#define HKDF_ALG MBEDTLS_MD_SHA256
|
||||||
#define ECC_CURVE MBEDTLS_ECP_DP_SECP256R1 //mbedtls_ecp_group_id
|
#define ECC_CURVE MBEDTLS_ECP_DP_SECP256R1 //mbedtls_ecp_group_id
|
||||||
#define RSA_HASH_ID MBEDTLS_MD_SHA256
|
#define RSA_HASH_ID MBEDTLS_MD_SHA256
|
||||||
|
@ -10,7 +10,84 @@ void main()
|
|||||||
ret = ROMprotocol();
|
ret = ROMprotocol();
|
||||||
/*release resources*/
|
/*release resources*/
|
||||||
|
|
||||||
//alias and session keys, firmware execution
|
//ALIAS and session keys, firmware execution
|
||||||
|
|
||||||
|
//measure firmware.bin
|
||||||
|
//measure firmware.conf
|
||||||
|
//measure ....
|
||||||
|
//calculate FW_ID - composite hash of all above measurements
|
||||||
|
//create ALIAS KD_ctx
|
||||||
|
//keygen
|
||||||
|
//publish keys
|
||||||
|
|
||||||
|
|
||||||
|
//placeholder FW_ID
|
||||||
|
uint8_t FW_ID[SHA256_DGST_SIZE] = { 0xf3,0x92,0x0e,0x4f,0xbe,0x67,0x0a,0xf8,
|
||||||
|
0xf1,0xd9,0x30,0xe2,0x33,0xcc,0x28,0xc5,
|
||||||
|
0xba,0x68,0xd1,0x56,0xea,0x34,0x3f,0xbc,
|
||||||
|
0xe6,0x66,0xbb,0x1e,0x7b,0xbb,0x38,0x7d };
|
||||||
|
|
||||||
|
const mbedtls_md_info_t * md_info;
|
||||||
|
if(!(md_info = mbedtls_md_info_from_type(HKDF_ALG)))
|
||||||
|
{
|
||||||
|
perror("DIMAHKDFFAILURE: MD alg type def failed\n");
|
||||||
|
exit(DIMAHKDFFAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t salt[32] = { 0x68, 0x5e, 0x4e, 0xbe, 0xf2, 0xbe, 0xb9, 0xd5, 0x13,
|
||||||
|
0x7c, 0x14, 0x71, 0x20, 0xfb, 0x42, 0x32, 0x54, 0x12,
|
||||||
|
0x3e, 0x31, 0xa6, 0x89, 0x4c, 0xe0, 0x58, 0x51, 0x0e,
|
||||||
|
0x26, 0xb0, 0xdd, 0x78, 0x55 };
|
||||||
|
|
||||||
|
uint8_t * FWKEY = calloc(1, sizeof(uint8_t)*HKDF_KEY_SIZE);
|
||||||
|
ret = mbedtls_hkdf(md_info, salt, sizeof(salt), FW_ID, SHA256_DGST_SIZE,
|
||||||
|
ALIAS, sizeof(ALIAS), FWKEY, HKDF_KEY_SIZE);
|
||||||
|
|
||||||
|
if(ret < DIMASUCCESS)
|
||||||
|
{
|
||||||
|
perror("DIMAHKDFFAILURE\n");
|
||||||
|
exit(DIMAHKDFFAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
KeyDrv_context ALIAS_ctx;
|
||||||
|
ALIAS_ctx.ENT_MODE = DFL_ENT;
|
||||||
|
ALIAS_ctx.PKC_MODE = DFL_PKC;
|
||||||
|
ALIAS_ctx.seed = FWKEY;
|
||||||
|
ALIAS_ctx.phrase = ALIAS;
|
||||||
|
ALIAS_ctx.KEY_FORM = DFL_FORM;
|
||||||
|
|
||||||
|
printf("Generating Alias keys\n");
|
||||||
|
|
||||||
|
ret = AsymmKeyGen(&ALIAS_ctx);
|
||||||
|
if(ret < DIMASUCCESS)
|
||||||
|
{
|
||||||
|
perror("DIMAFAILURE : ALIAS key gen failed\n");
|
||||||
|
exit(DIMAFAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
//Session key creation
|
||||||
|
//receive session nonce from verifier?
|
||||||
|
//placeholder
|
||||||
|
char * nonce = "session1";
|
||||||
|
|
||||||
|
KeyDrv_context SSN_ctx;
|
||||||
|
SSN_ctx.ENT_MODE = SW_PRNG;
|
||||||
|
SSN_ctx.PKC_MODE = DFL_PKC;
|
||||||
|
SSN_ctx.seed = FWKEY;
|
||||||
|
SSN_ctx.phrase = nonce;
|
||||||
|
SSN_ctx.KEY_FORM = DFL_FORM;
|
||||||
|
|
||||||
|
printf("Generating Session keys\n");
|
||||||
|
|
||||||
|
ret = AsymmKeyGen(&SSN_ctx);
|
||||||
|
if(ret < DIMASUCCESS)
|
||||||
|
{
|
||||||
|
perror("DIMAFAILURE : SESSION key gen failed\n");
|
||||||
|
exit(DIMAFAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
printf("Successful exit\n");
|
printf("Successful exit\n");
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
BIN
trial4/out/main
BIN
trial4/out/main
Binary file not shown.
Loading…
Reference in New Issue
Block a user