From 38d3fa099c901965a5cbf086f31a67c2db928f24 Mon Sep 17 00:00:00 2001 From: Michael Preisach Date: Fri, 14 Aug 2020 22:07:44 +0200 Subject: [PATCH] added short project description --- README.md | 81 ++++++++++++++++++++++++++++++ tags | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 227 insertions(+) create mode 100644 README.md create mode 100644 tags diff --git a/README.md b/README.md new file mode 100644 index 0000000..5543e6d --- /dev/null +++ b/README.md @@ -0,0 +1,81 @@ +# ECDAA + +This project is a wrapper for the xaptum ecdaa protocol which introduces network functionality to it. + +## Prerequisities +Tested system: Ubuntu 20.04 LTS + +Only the ECDAA member can have TPM-backed cryptography. +There exist however a member instance where all crypto is done without using a TPM + +The following guideline is adapred from the Xaptum ECDAA project page at https://github.com/xaptum/ecdaa/blob/master/doc/BUILDING.md + +### Building prerequisities from source +``` +# Install required packages for the following build from source +apt install gcc cmake build-essential doxygen doxygen-latex parallel +git clone https://github.com/xaptum/ecdaa.git #tested with commit d9b1ef7 + +# Create subdirectory for build +mkdir -p ecdaa/build && cd ecdaa/build + +# Build Dependencing from source +export CMAKE_PREFIX_PATH=/usr +../.travis/install-amcl.sh ./amcl /usr FP256BN +``` + +### Installing TPM support for TPM-backed member +There is a tpm2-tss version required (2.3.3) which is not available in Ubuntu 20.04 (has 2.3.2). +From Ubuntu 20.10 and later, installing `libtss2-dev` should work. + +For Ubuntu 20.04, this should be built from source: +``` +# Build the tpm2-tss lib from source +../.travis/install-tpm2-tss.sh ./tpm2-tss /usr +``` + +### Installing xaptum/ecdaa +When the TPM should be available for use on this host, set `TEST_USE_TCP_TPM` accordingly +``` +# Build the project from source with TPM support +cmake .. -DCMAKE_BUILD_TYPE=Release -DECDAA_CURVES=FP256BN -DCMAKE_INSTALL_PREFIX=/usr -DECDAA_TPM_SUPPORT=ON +cmake --build . --target install +``` + +## Installing +1. Create the CMake files +``` +cmake . +``` +2. Compile the preferred targets + - ecdaa_issuer + - ecdaa_member (without TPM support) + - ecdaa_verifier + - ecdaa_member_tpm (with TPM support) + - all (all of the above) +``` +cmake --build . --target ecdaa_issuer -- -j 2 +``` + +## Usage +At this point this project just demonstrates the functionality of ECDAA over the network interface. +All session data about memberships are only held in RAM and never persisted. +Restarting the Issuer introduces a fresh ECDAA group. + +### Setting IP addresses in common.h +The IP addresses are defined statically in `common.h`. There is no assumed service discovery. + +### Protocol +For full function of the protocol, all three parties need to be active. + +1. The issuer setups its group +2. A member candidate contact the issuer to become member of his group +3. If the issuer accepts the request, he generates a personalized private key in cooperation with the member. +This key may be saved in the TPM. +4. The member can now sign messages in the name of the issuer's group. +5. Given a message signed by a member, the verifier can proof the signature with only the provided issuer's public key. +The issuer can not detect which member was the signer of this message + +A detailed theoretical description can be found at [Camenisch et al., 2016](https://doi.org/10.1007/978-3-662-49387-8_10). +Xaptum decided to slightly differ from the protocol specified in the paper: https://github.com/xaptum/ecdaa/blob/master/doc/IMPLEMENTATION.md + diff --git a/tags b/tags new file mode 100644 index 0000000..11428cd --- /dev/null +++ b/tags @@ -0,0 +1,146 @@ +!_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/ +!_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/ +!_TAG_OUTPUT_FILESEP slash /slash or backslash/ +!_TAG_OUTPUT_MODE u-ctags /u-ctags or e-ctags/ +!_TAG_PROGRAM_AUTHOR Universal Ctags Team // +!_TAG_PROGRAM_NAME Universal Ctags /Derived from Exuberant Ctags/ +!_TAG_PROGRAM_URL https://ctags.io/ /official site/ +!_TAG_PROGRAM_VERSION 0.0.0 /a3c87ab5/ +APPEND member-tpm.c /^ APPEND,$/;" e enum:memberstate file: +APPEND member.c /^ APPEND,$/;" e enum:memberstate file: +ASKATTEST verifier.c /^ ASKATTEST,$/;" e enum:verifierstate file: +ASKISSUER verifier.c /^ ASKISSUER,$/;" e enum:verifierstate file: +Building prerequisities from source README.md /^### Building prerequisities from source$/;" S +CMAKE_C_STANDARD CMakeLists.txt /^set(CMAKE_C_STANDARD 11)$/;" v +ECDAA README.md /^# ECDAA$/;" c +ECDAA_AMCL CMakeLists.txt /^set(ECDAA_AMCL "\/opt\/amcl")$/;" v +ECDAA_ISSUER_CLIENT_H client.h /^#define ECDAA_ISSUER_CLIENT_H$/;" d +ECDAA_ISSUER_COMMON_H common.h /^#define ECDAA_ISSUER_COMMON_H$/;" d +ECDAA_ISSUER_ISSUER_H issuer.h /^#define ECDAA_ISSUER_ISSUER_H$/;" d +ECDAA_ISSUER_MEMBER_H member-tpm.h /^#define ECDAA_ISSUER_MEMBER_H$/;" d +ECDAA_ISSUER_MEMBER_H member.h /^#define ECDAA_ISSUER_MEMBER_H$/;" d +ECDAA_ISSUER_MEMBER_H verifier.h /^#define ECDAA_ISSUER_MEMBER_H$/;" d +ECDAA_ISSUER_SERVER_H server.h /^#define ECDAA_ISSUER_SERVER_H$/;" d +GOTISSUER verifier.c /^ GOTISSUER,$/;" e enum:verifierstate file: +ISSUERIP common.h /^#define ISSUERIP /;" d +ISSUERPORT common.h /^#define ISSUERPORT /;" d +ISSUERPUB member-tpm.c /^ ISSUERPUB,$/;" e enum:memberstate file: +ISSUERPUB member.c /^ ISSUERPUB,$/;" e enum:memberstate file: +Installing TPM support for TPM-backed member README.md /^### Installing TPM support for TPM-backed member$/;" S +Installing xaptum/ecdaa README.md /^### Installing xaptum\/ecdaa$/;" S +JOIN member-tpm.c /^ JOIN,$/;" e enum:memberstate file: +JOIN member.c /^ JOIN,$/;" e enum:memberstate file: +JOINED member-tpm.c /^ JOINED,$/;" e enum:memberstate file: +JOINED member.c /^ JOINED,$/;" e enum:memberstate file: +JOINPROCEED issuer.c /^ JOINPROCEED,$/;" e enum:issuer_state file: +JOINPROCEED member-tpm.c /^ JOINPROCEED,$/;" e enum:memberstate file: +JOINPROCEED member.c /^ JOINPROCEED,$/;" e enum:memberstate file: +JOINSTART issuer.c /^ JOINSTART,$/;" e enum:issuer_state file: +MAX_BSNSIZE common.h /^#define MAX_BSNSIZE /;" d +MAX_BUFSIZE common.h /^#define MAX_BUFSIZE /;" d +MAX_CLIENTS common.h /^#define MAX_CLIENTS /;" d +MAX_MSGSIZE common.h /^#define MAX_MSGSIZE /;" d +MEMBERIP common.h /^#define MEMBERIP /;" d +MEMBERPORT common.h /^#define MEMBERPORT /;" d +NONCE_SIZE common.h /^#define NONCE_SIZE /;" d +ON issuer.c /^ ON,$/;" e enum:issuer_state file: +ON member-tpm.c /^ ON,$/;" e enum:memberstate file: +ON member.c /^ ON,$/;" e enum:memberstate file: +ON verifier.c /^ ON,$/;" e enum:verifierstate file: +Prerequisities README.md /^## Prerequisities$/;" s +RCVPUBLIC member-tpm.c /^ RCVPUBLIC,$/;" e enum:memberstate file: +RCVPUBLIC member.c /^ RCVPUBLIC,$/;" e enum:memberstate file: +READY issuer.c /^ READY$/;" e enum:issuer_state file: +VERIFIERIP common.h /^#define VERIFIERIP /;" d +VERIFIERPORT common.h /^#define VERIFIERPORT /;" d +bin2hex common.c /^char bin2hex(uint8_t byte) {$/;" f typeref:typename:char +bsn member-tpm.c /^ uint8_t bsn[MAX_BSNSIZE];$/;" m struct:member typeref:typename:uint8_t[] file: +bsn member.c /^ uint8_t bsn[MAX_BSNSIZE];$/;" m struct:member typeref:typename:uint8_t[] file: +bsn_len member-tpm.c /^ size_t bsn_len;$/;" m struct:member typeref:typename:size_t file: +bsn_len member.c /^ size_t bsn_len;$/;" m struct:member typeref:typename:size_t file: +client_connect client.c /^int client_connect(conn_handler handler, char *servip, int16_t port) {$/;" f typeref:typename:int +client_open client.c /^int client_open(char *servip, int16_t port) {$/;" f typeref:typename:int +conn_handler common.h /^typedef int (*conn_handler)(char *buffer);$/;" t typeref:typename:int (*)(char * buffer) +cred issuer.c /^ struct ecdaa_credential_FP256BN cred;$/;" m struct:issuer typeref:struct:ecdaa_credential_FP256BN file: +cred member-tpm.c /^ struct ecdaa_credential_FP256BN cred;$/;" m struct:member typeref:struct:ecdaa_credential_FP256BN file: +cred member.c /^ struct ecdaa_credential_FP256BN cred;$/;" m struct:member typeref:struct:ecdaa_credential_FP256BN file: +cred_sig issuer.c /^ struct ecdaa_credential_FP256BN_signature cred_sig;$/;" m struct:issuer typeref:struct:ecdaa_credential_FP256BN_signature file: +ctx member-tpm.c /^ struct ecdaa_tpm_context ctx;$/;" m struct:member typeref:struct:ecdaa_tpm_context file: +ecdaa_bintohex common.c /^void ecdaa_bintohex(const uint8_t *in_bin, size_t inlen, char *out_hex) {$/;" f typeref:typename:void +ecdaa_hextobin common.c /^void ecdaa_hextobin(const char *in_hex, uint8_t *out_bin, size_t outlen) {$/;" f typeref:typename:void +ecdaa_issuer CMakeLists.txt /^add_executable(ecdaa_issuer issuer.c common.h common.c server.h server.c)$/;" t +ecdaa_issuer CMakeLists.txt /^project(ecdaa_issuer C)$/;" p +ecdaa_member CMakeLists.txt /^add_executable(ecdaa_member member.c common.h common.c client.h client.c server.h server.c)$/;" t +ecdaa_member_tpm CMakeLists.txt /^add_executable(ecdaa_member_tpm member-tpm.c common.h common.c client.h client.c server.h server/;" t +ecdaa_rand common.c /^void ecdaa_rand(void *buffer, size_t buflen) {$/;" f typeref:typename:void +ecdaa_verifier CMakeLists.txt /^add_executable(ecdaa_verifier verifier.c common.h common.c server.h server.c client.h client.c)$/;" t +free_tpm member-tpm.c /^int free_tpm() {$/;" f typeref:typename:int +hex2bin common.c /^uint8_t hex2bin(char hex) {$/;" f typeref:typename:uint8_t +init_tpm member-tpm.c /^int init_tpm() {$/;" f typeref:typename:int +ipk issuer.c /^ struct ecdaa_issuer_public_key_FP256BN ipk;$/;" m struct:issuer typeref:struct:ecdaa_issuer_public_key_FP256BN file: +ipk member-tpm.c /^ struct ecdaa_issuer_public_key_FP256BN ipk;$/;" m struct:member typeref:struct:ecdaa_issuer_public_key_FP256BN file: +ipk member.c /^ struct ecdaa_issuer_public_key_FP256BN ipk;$/;" m struct:member typeref:struct:ecdaa_issuer_public_key_FP256BN file: +ipk verifier.c /^ struct ecdaa_issuer_public_key_FP256BN ipk;$/;" m struct:verifier typeref:struct:ecdaa_issuer_public_key_FP256BN file: +isk issuer.c /^ struct ecdaa_issuer_secret_key_FP256BN isk;$/;" m struct:issuer typeref:struct:ecdaa_issuer_secret_key_FP256BN file: +issuer issuer.c /^issuer_t issuer;$/;" v typeref:typename:issuer_t +issuer issuer.c /^typedef struct issuer {$/;" s file: +issuer_joinproceed issuer.c /^int issuer_joinproceed(char *buffer) {$/;" f typeref:typename:int +issuer_joinstart issuer.c /^int issuer_joinstart(char *buffer) {$/;" f typeref:typename:int +issuer_publish issuer.c /^int issuer_publish(char *buffer) {$/;" f typeref:typename:int +issuer_setup issuer.c /^int issuer_setup(char *buffer) {$/;" f typeref:typename:int +issuer_state issuer.c /^typedef enum issuer_state {$/;" g file: +issuer_t issuer.c /^} issuer_t;$/;" t typeref:struct:issuer file: +issuerstate_e issuer.c /^} issuerstate_e;$/;" t typeref:enum:issuer_state file: +main issuer.c /^int main() {$/;" f typeref:typename:int +main member-tpm.c /^int main() {$/;" f typeref:typename:int +main member.c /^int main() {$/;" f typeref:typename:int +main verifier.c /^int main() {$/;" f typeref:typename:int +member member-tpm.c /^member_t member;$/;" v typeref:typename:member_t +member member-tpm.c /^typedef struct member {$/;" s file: +member member.c /^member_t member;$/;" v typeref:typename:member_t +member member.c /^typedef struct member {$/;" s file: +member_attest member-tpm.c /^int member_attest(char *buffer) {$/;" f typeref:typename:int +member_attest member.c /^int member_attest(char *buffer) {$/;" f typeref:typename:int +member_getpublic member-tpm.c /^int member_getpublic(char *buffer) {$/;" f typeref:typename:int +member_getpublic member.c /^int member_getpublic(char *buffer) {$/;" f typeref:typename:int +member_join member-tpm.c /^int member_join(char *buffer) {$/;" f typeref:typename:int +member_join member.c /^int member_join(char *buffer) {$/;" f typeref:typename:int +member_joinappend member-tpm.c /^int member_joinappend(char *buffer) {$/;" f typeref:typename:int +member_joinappend member.c /^int member_joinappend(char *buffer) {$/;" f typeref:typename:int +member_joinfinish member-tpm.c /^int member_joinfinish(char *buffer) {$/;" f typeref:typename:int +member_joinfinish member.c /^int member_joinfinish(char *buffer) {$/;" f typeref:typename:int +member_publish member-tpm.c /^int member_publish(char *buffer) {$/;" f typeref:typename:int +member_publish member.c /^int member_publish(char *buffer) {$/;" f typeref:typename:int +member_t member-tpm.c /^} member_t;$/;" t typeref:struct:member file: +member_t member.c /^} member_t;$/;" t typeref:struct:member file: +memberstate member-tpm.c /^typedef enum memberstate {$/;" g file: +memberstate member.c /^typedef enum memberstate {$/;" g file: +memberstate_e member-tpm.c /^} memberstate_e;$/;" t typeref:enum:memberstate file: +memberstate_e member.c /^} memberstate_e;$/;" t typeref:enum:memberstate file: +mpk issuer.c /^ struct ecdaa_member_public_key_FP256BN mpk;$/;" m struct:issuer typeref:struct:ecdaa_member_public_key_FP256BN file: +mpk member-tpm.c /^ struct ecdaa_member_public_key_FP256BN mpk;$/;" m struct:member typeref:struct:ecdaa_member_public_key_FP256BN file: +mpk member.c /^ struct ecdaa_member_public_key_FP256BN mpk;$/;" m struct:member typeref:struct:ecdaa_member_public_key_FP256BN file: +msk member.c /^ struct ecdaa_member_secret_key_FP256BN msk;$/;" m struct:member typeref:struct:ecdaa_member_secret_key_FP256BN file: +nonce issuer.c /^ uint8_t nonce[NONCE_SIZE];$/;" m struct:issuer typeref:typename:uint8_t[] file: +nonce member-tpm.c /^ uint8_t nonce[NONCE_SIZE];$/;" m struct:member typeref:typename:uint8_t[] file: +nonce member.c /^ uint8_t nonce[NONCE_SIZE];$/;" m struct:member typeref:typename:uint8_t[] file: +process_issuer issuer.c /^int process_issuer(char *buffer) {$/;" f typeref:typename:int +process_member member-tpm.c /^int process_member(char *buffer) {$/;" f typeref:typename:int +process_member member.c /^int process_member(char *buffer) {$/;" f typeref:typename:int +process_verifier verifier.c /^int process_verifier(char *buffer) {$/;" f typeref:typename:int +revocations verifier.c /^ struct ecdaa_revocations_FP256BN revocations;$/;" m struct:verifier typeref:struct:ecdaa_revocations_FP256BN file: +server_open server.c /^int server_open(int16_t port) {$/;" f typeref:typename:int +server_start server.c /^int server_start(conn_handler handler, int16_t port) {$/;" f typeref:typename:int +state issuer.c /^ issuerstate_e state;$/;" m struct:issuer typeref:typename:issuerstate_e file: +state member-tpm.c /^ memberstate_e state;$/;" m struct:member typeref:typename:memberstate_e file: +state member.c /^ memberstate_e state;$/;" m struct:member typeref:typename:memberstate_e file: +state verifier.c /^ verifierstate_e state;$/;" m struct:verifier typeref:typename:verifierstate_e file: +verifier verifier.c /^typedef struct verifier {$/;" s file: +verifier verifier.c /^verifier_t verifier;$/;" v typeref:typename:verifier_t +verifier_attestmember verifier.c /^int verifier_attestmember(char *buffer) {$/;" f typeref:typename:int +verifier_checkattest verifier.c /^int verifier_checkattest(char *buffer) {$/;" f typeref:typename:int +verifier_checklink verifier.c /^int verifier_checklink(char *buffer) {$/;" f typeref:typename:int +verifier_getissuer verifier.c /^int verifier_getissuer(char *buffer) {$/;" f typeref:typename:int +verifier_t verifier.c /^} verifier_t;$/;" t typeref:struct:verifier file: +verifierstate verifier.c /^typedef enum verifierstate {$/;" g file: +verifierstate_e verifier.c /^} verifierstate_e;$/;" t typeref:enum:verifierstate file: