240 lines
5.0 KiB
C
240 lines
5.0 KiB
C
#include "ROMprotocol.h"
|
|
#include "Stage2.h"
|
|
|
|
int main()
|
|
{
|
|
printf("Hello World!\n");
|
|
|
|
DIMASTATUS ret = 0;
|
|
|
|
/*lock all resources, no interruptons*/
|
|
/*unlock Secure Storage to read UDS and write DID Priv key*/
|
|
|
|
ret = ROMprotocol();
|
|
|
|
/*lock Secure Storage*/
|
|
|
|
|
|
//ALIAS and session keys, firmware execution
|
|
|
|
//measure firmware.bin
|
|
//measure firmware.conf
|
|
//measure ....
|
|
//calculate FW_ID - composite hash of all above measurements
|
|
//create ALIAS KD_ctx
|
|
//keygen
|
|
//publish keys
|
|
|
|
|
|
|
|
//Session key creation
|
|
//receive session nonce from verifier?
|
|
//placeholder
|
|
char * PERS = "session1";
|
|
|
|
KeyDrv_context SSN1_ctx;
|
|
SSN1_ctx.ENT_MODE = SW_PRNG; //non determ, gen new key for every session
|
|
SSN1_ctx.PKC_MODE = DFL_PKC;
|
|
SSN1_ctx.seed = NULL;
|
|
SSN1_ctx.phrase = PERS;
|
|
SSN1_ctx.KEY_FORM = DFL_FORM;
|
|
|
|
printf("Generating Session keys\n");
|
|
|
|
ret = AsymmKeyGen(&SSN1_ctx);
|
|
if(ret < DIMASUCCESS)
|
|
{
|
|
perror("DIMAFAILURE : SESSION key gen failed\n");
|
|
exit(DIMAFAILURE);
|
|
}
|
|
|
|
|
|
/////////////////KEY gen protocol ends here
|
|
/////////////////DID Priv key is purged/secure, other keys are available for use
|
|
|
|
/////////////////////DICE END//////////////////////////
|
|
|
|
|
|
//////////////////////Now STAGE 2 protocols///////////////////
|
|
//read verifier signing key
|
|
//load connected nodes information
|
|
//wait for connection init
|
|
//recv prover info
|
|
//load prover Pubkey
|
|
//challenge NONCE N
|
|
//sign N with Aik
|
|
//Encrypt N with Pub-Prv
|
|
//sendNonce()
|
|
//wait
|
|
//recv Resp R
|
|
//Decrypt R with Aik
|
|
//Verify signature with Pub-prv
|
|
//verify N
|
|
//issue ACK
|
|
//close conn.
|
|
|
|
|
|
mbedtls_pk_context pk_ctx;
|
|
mbedtls_pk_init(&pk_ctx);
|
|
|
|
//mbedtls_entropy_context entropyCtx;
|
|
//mbedtls_entropy_init(&entropyCtx);
|
|
|
|
//mbedtls_ctr_drbg_context drbgCtx;
|
|
//mbedtls_ctr_drbg_init(&drbgCtx);
|
|
|
|
//ret = mbedtls_ctr_drbg_seed(&drbgCtx, mbedtls_entropy_func, &entropyCtx, NULL, 0);
|
|
if(ret < DIMASUCCESS)
|
|
{
|
|
perror("DIMAFAILURE : CRT DRBG failed\n");
|
|
exit(DIMAFAILURE);
|
|
}
|
|
|
|
if(DEBUG) {printf("Loading signing key\n");}
|
|
ret = mbedtls_pk_parse_keyfile( &pk_ctx, "keys/Alias_priv.pem", "" );
|
|
if(ret < DIMASUCCESS)
|
|
{
|
|
perror("DIMAPKFAILURE : Failed to load signing key\n");
|
|
exit(DIMAPKFAILURE);
|
|
}
|
|
|
|
////////////// Key capability check ///////////
|
|
ret = mbedtls_pk_can_do(&pk_ctx, MBEDTLS_PK_ECKEY); //1 - can; 0 - cannot
|
|
if(!ret)
|
|
{
|
|
perror("DIMAPKFAILURE : This key cannot perform EC Key operations\n");
|
|
|
|
}
|
|
if (DEBUG) {printf("successful load signing key\n");}
|
|
ret = mbedtls_pk_can_do(&pk_ctx, MBEDTLS_PK_ECDSA);
|
|
if(!ret)
|
|
{
|
|
perror("DIMAPKFAILURE : This key cannot perform ECDSA operations\n");
|
|
|
|
}
|
|
ret = mbedtls_pk_can_do(&pk_ctx, MBEDTLS_PK_ECKEY_DH);
|
|
if(!ret)
|
|
{
|
|
perror("DIMAPKFAILURE : This key cannot perform EC DHM operations\n");
|
|
|
|
}
|
|
////////////// Key check end ///////////
|
|
|
|
////////////// load client info ////////
|
|
Client_info * Cl_list = calloc(1, sizeof(Client_info)*CL_NOS);
|
|
|
|
ret = load_nodes(Cl_list);
|
|
|
|
printf("Client list complete, waiting for Client to init..\n");
|
|
|
|
|
|
////////////// wait for conn init //////
|
|
|
|
|
|
/*
|
|
server : bind socket
|
|
Client : load server info
|
|
client : connect
|
|
server : accept
|
|
client : send CLI_ID
|
|
server : recv, add cli_fd into appropriate Cli_info
|
|
server : challengeCl()
|
|
send
|
|
*/
|
|
|
|
////////////// active clients /////////
|
|
printf("client ID : %s\n", Cl_list[1].cli_ID);
|
|
printf("client Pubkey at : %s\n", Cl_list[1].pub_file);
|
|
|
|
|
|
//for each active client
|
|
//sign NONCE
|
|
//send NONCE and sig
|
|
|
|
//cacl hash
|
|
|
|
uint8_t* sign = calloc(1,sizeof(uint8_t)*MBEDTLS_MPI_MAX_SIZE);//MBEDTLS_ECDSA_MAX_LEN);
|
|
size_t signlen = 0;
|
|
|
|
ret = challengeCl( &pk_ctx, &Cl_list[1], sign, &signlen);
|
|
/*
|
|
if(DEBUG)
|
|
{
|
|
for(int i = 0; i < NONCE_SIZE; i++)
|
|
printf("%hhx",Cl_list[1].NONCE[i]);
|
|
printf(" : NONCE main\n");
|
|
}
|
|
|
|
if(DEBUG)
|
|
{
|
|
for (int i = 0; i < signlen; i++)
|
|
printf("%hhx", sign[i]);
|
|
printf(" :signature main\n" );
|
|
|
|
}
|
|
*/
|
|
|
|
/////////////////// client actions ////////////
|
|
/*
|
|
client : recv challenge
|
|
store in chall/resp ctx?
|
|
verf signature
|
|
N = N+1?
|
|
calloc sign
|
|
responSer(priv key ctx, resp ctx, sign, signlen)
|
|
send
|
|
*/
|
|
|
|
//////////////////////////////////////////////////
|
|
|
|
//net recv (response)
|
|
|
|
//verify
|
|
//ret = verify(&Cl_list[1], &response);
|
|
|
|
/* self verification */
|
|
|
|
mbedtls_pk_context pubk_ctx;
|
|
mbedtls_pk_init( &pubk_ctx );
|
|
|
|
|
|
ret = mbedtls_pk_parse_public_keyfile( &pubk_ctx, "keys/Alias_pub.pem" );
|
|
if(ret < DIMASUCCESS)
|
|
{
|
|
perror("DIMAPKFAILURE : Public key failure");
|
|
return DIMAPKFAILURE;
|
|
}
|
|
|
|
/////////////////verification/////////////
|
|
/*
|
|
server : recv resp ctx
|
|
verifycl(cli ctx, resp ctx, sign, siglen)
|
|
send (ack)
|
|
cli_inf set "verified"
|
|
|
|
client : free(), clear server info
|
|
server : free(), clear client info
|
|
*/
|
|
|
|
|
|
ret = verifyCl( &pubk_ctx, &Cl_list[1], sign, signlen);
|
|
if (ret < DIMASUCCESS)
|
|
{
|
|
perror("DIMAVERIFYFAILURE : could not verify client\n");
|
|
return DIMAVERIFYFAILURE;
|
|
}
|
|
|
|
|
|
if(Cl_list[1].Cli_STATUS == Cl_verfd)
|
|
{ printf( "\n . OK (the signature is valid)\n\n" ); }
|
|
|
|
|
|
|
|
|
|
/*release resources, pass control to firmware, etc */
|
|
|
|
printf("Successful exit\n");
|
|
|
|
return 1;
|
|
}
|