2 changed files with 227 additions and 0 deletions
@ -0,0 +1,81 @@ |
|||
# ECDAA |
|||
|
|||
This project is a wrapper for the xaptum ecdaa protocol which introduces network functionality to it. |
|||
|
|||
## Prerequisities |
|||
Tested system: Ubuntu 20.04 LTS |
|||
|
|||
Only the ECDAA member can have TPM-backed cryptography. |
|||
There exist however a member instance where all crypto is done without using a TPM |
|||
|
|||
The following guideline is adapred from the Xaptum ECDAA project page at https://github.com/xaptum/ecdaa/blob/master/doc/BUILDING.md |
|||
|
|||
### Building prerequisities from source |
|||
``` |
|||
# Install required packages for the following build from source |
|||
apt install gcc cmake build-essential doxygen doxygen-latex parallel |
|||
git clone https://github.com/xaptum/ecdaa.git #tested with commit d9b1ef7 |
|||
|
|||
# Create subdirectory for build |
|||
mkdir -p ecdaa/build && cd ecdaa/build |
|||
|
|||
# Build Dependencing from source |
|||
export CMAKE_PREFIX_PATH=/usr |
|||
../.travis/install-amcl.sh ./amcl /usr FP256BN |
|||
``` |
|||
|
|||
### Installing TPM support for TPM-backed member |
|||
There is a tpm2-tss version required (2.3.3) which is not available in Ubuntu 20.04 (has 2.3.2). |
|||
From Ubuntu 20.10 and later, installing `libtss2-dev` should work. |
|||
|
|||
For Ubuntu 20.04, this should be built from source: |
|||
``` |
|||
# Build the tpm2-tss lib from source |
|||
../.travis/install-tpm2-tss.sh ./tpm2-tss /usr |
|||
``` |
|||
|
|||
### Installing xaptum/ecdaa |
|||
When the TPM should be available for use on this host, set `TEST_USE_TCP_TPM` accordingly |
|||
``` |
|||
# Build the project from source with TPM support |
|||
cmake .. -DCMAKE_BUILD_TYPE=Release -DECDAA_CURVES=FP256BN -DCMAKE_INSTALL_PREFIX=/usr -DECDAA_TPM_SUPPORT=ON |
|||
cmake --build . --target install |
|||
``` |
|||
|
|||
## Installing |
|||
1. Create the CMake files |
|||
``` |
|||
cmake . |
|||
``` |
|||
2. Compile the preferred targets |
|||
- ecdaa_issuer |
|||
- ecdaa_member (without TPM support) |
|||
- ecdaa_verifier |
|||
- ecdaa_member_tpm (with TPM support) |
|||
- all (all of the above) |
|||
``` |
|||
cmake --build . --target ecdaa_issuer -- -j 2 |
|||
``` |
|||
|
|||
## Usage |
|||
At this point this project just demonstrates the functionality of ECDAA over the network interface. |
|||
All session data about memberships are only held in RAM and never persisted. |
|||
Restarting the Issuer introduces a fresh ECDAA group. |
|||
|
|||
### Setting IP addresses in common.h |
|||
The IP addresses are defined statically in `common.h`. There is no assumed service discovery. |
|||
|
|||
### Protocol |
|||
For full function of the protocol, all three parties need to be active. |
|||
|
|||
1. The issuer setups its group |
|||
2. A member candidate contact the issuer to become member of his group |
|||
3. If the issuer accepts the request, he generates a personalized private key in cooperation with the member. |
|||
This key may be saved in the TPM. |
|||
4. The member can now sign messages in the name of the issuer's group. |
|||
5. Given a message signed by a member, the verifier can proof the signature with only the provided issuer's public key. |
|||
The issuer can not detect which member was the signer of this message |
|||
|
|||
A detailed theoretical description can be found at [Camenisch et al., 2016](https://doi.org/10.1007/978-3-662-49387-8_10). |
|||
Xaptum decided to slightly differ from the protocol specified in the paper: https://github.com/xaptum/ecdaa/blob/master/doc/IMPLEMENTATION.md |
|||
|
|||
@ -0,0 +1,146 @@ |
|||
!_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/ |
|||
!_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/ |
|||
!_TAG_OUTPUT_FILESEP slash /slash or backslash/ |
|||
!_TAG_OUTPUT_MODE u-ctags /u-ctags or e-ctags/ |
|||
!_TAG_PROGRAM_AUTHOR Universal Ctags Team // |
|||
!_TAG_PROGRAM_NAME Universal Ctags /Derived from Exuberant Ctags/ |
|||
!_TAG_PROGRAM_URL https://ctags.io/ /official site/ |
|||
!_TAG_PROGRAM_VERSION 0.0.0 /a3c87ab5/ |
|||
APPEND member-tpm.c /^ APPEND,$/;" e enum:memberstate file: |
|||
APPEND member.c /^ APPEND,$/;" e enum:memberstate file: |
|||
ASKATTEST verifier.c /^ ASKATTEST,$/;" e enum:verifierstate file: |
|||
ASKISSUER verifier.c /^ ASKISSUER,$/;" e enum:verifierstate file: |
|||
Building prerequisities from source README.md /^### Building prerequisities from source$/;" S |
|||
CMAKE_C_STANDARD CMakeLists.txt /^set(CMAKE_C_STANDARD 11)$/;" v |
|||
ECDAA README.md /^# ECDAA$/;" c |
|||
ECDAA_AMCL CMakeLists.txt /^set(ECDAA_AMCL "\/opt\/amcl")$/;" v |
|||
ECDAA_ISSUER_CLIENT_H client.h /^#define ECDAA_ISSUER_CLIENT_H$/;" d |
|||
ECDAA_ISSUER_COMMON_H common.h /^#define ECDAA_ISSUER_COMMON_H$/;" d |
|||
ECDAA_ISSUER_ISSUER_H issuer.h /^#define ECDAA_ISSUER_ISSUER_H$/;" d |
|||
ECDAA_ISSUER_MEMBER_H member-tpm.h /^#define ECDAA_ISSUER_MEMBER_H$/;" d |
|||
ECDAA_ISSUER_MEMBER_H member.h /^#define ECDAA_ISSUER_MEMBER_H$/;" d |
|||
ECDAA_ISSUER_MEMBER_H verifier.h /^#define ECDAA_ISSUER_MEMBER_H$/;" d |
|||
ECDAA_ISSUER_SERVER_H server.h /^#define ECDAA_ISSUER_SERVER_H$/;" d |
|||
GOTISSUER verifier.c /^ GOTISSUER,$/;" e enum:verifierstate file: |
|||
ISSUERIP common.h /^#define ISSUERIP /;" d |
|||
ISSUERPORT common.h /^#define ISSUERPORT /;" d |
|||
ISSUERPUB member-tpm.c /^ ISSUERPUB,$/;" e enum:memberstate file: |
|||
ISSUERPUB member.c /^ ISSUERPUB,$/;" e enum:memberstate file: |
|||
Installing TPM support for TPM-backed member README.md /^### Installing TPM support for TPM-backed member$/;" S |
|||
Installing xaptum/ecdaa README.md /^### Installing xaptum\/ecdaa$/;" S |
|||
JOIN member-tpm.c /^ JOIN,$/;" e enum:memberstate file: |
|||
JOIN member.c /^ JOIN,$/;" e enum:memberstate file: |
|||
JOINED member-tpm.c /^ JOINED,$/;" e enum:memberstate file: |
|||
JOINED member.c /^ JOINED,$/;" e enum:memberstate file: |
|||
JOINPROCEED issuer.c /^ JOINPROCEED,$/;" e enum:issuer_state file: |
|||
JOINPROCEED member-tpm.c /^ JOINPROCEED,$/;" e enum:memberstate file: |
|||
JOINPROCEED member.c /^ JOINPROCEED,$/;" e enum:memberstate file: |
|||
JOINSTART issuer.c /^ JOINSTART,$/;" e enum:issuer_state file: |
|||
MAX_BSNSIZE common.h /^#define MAX_BSNSIZE /;" d |
|||
MAX_BUFSIZE common.h /^#define MAX_BUFSIZE /;" d |
|||
MAX_CLIENTS common.h /^#define MAX_CLIENTS /;" d |
|||
MAX_MSGSIZE common.h /^#define MAX_MSGSIZE /;" d |
|||
MEMBERIP common.h /^#define MEMBERIP /;" d |
|||
MEMBERPORT common.h /^#define MEMBERPORT /;" d |
|||
NONCE_SIZE common.h /^#define NONCE_SIZE /;" d |
|||
ON issuer.c /^ ON,$/;" e enum:issuer_state file: |
|||
ON member-tpm.c /^ ON,$/;" e enum:memberstate file: |
|||
ON member.c /^ ON,$/;" e enum:memberstate file: |
|||
ON verifier.c /^ ON,$/;" e enum:verifierstate file: |
|||
Prerequisities README.md /^## Prerequisities$/;" s |
|||
RCVPUBLIC member-tpm.c /^ RCVPUBLIC,$/;" e enum:memberstate file: |
|||
RCVPUBLIC member.c /^ RCVPUBLIC,$/;" e enum:memberstate file: |
|||
READY issuer.c /^ READY$/;" e enum:issuer_state file: |
|||
VERIFIERIP common.h /^#define VERIFIERIP /;" d |
|||
VERIFIERPORT common.h /^#define VERIFIERPORT /;" d |
|||
bin2hex common.c /^char bin2hex(uint8_t byte) {$/;" f typeref:typename:char |
|||
bsn member-tpm.c /^ uint8_t bsn[MAX_BSNSIZE];$/;" m struct:member typeref:typename:uint8_t[] file: |
|||
bsn member.c /^ uint8_t bsn[MAX_BSNSIZE];$/;" m struct:member typeref:typename:uint8_t[] file: |
|||
bsn_len member-tpm.c /^ size_t bsn_len;$/;" m struct:member typeref:typename:size_t file: |
|||
bsn_len member.c /^ size_t bsn_len;$/;" m struct:member typeref:typename:size_t file: |
|||
client_connect client.c /^int client_connect(conn_handler handler, char *servip, int16_t port) {$/;" f typeref:typename:int |
|||
client_open client.c /^int client_open(char *servip, int16_t port) {$/;" f typeref:typename:int |
|||
conn_handler common.h /^typedef int (*conn_handler)(char *buffer);$/;" t typeref:typename:int (*)(char * buffer) |
|||
cred issuer.c /^ struct ecdaa_credential_FP256BN cred;$/;" m struct:issuer typeref:struct:ecdaa_credential_FP256BN file: |
|||
cred member-tpm.c /^ struct ecdaa_credential_FP256BN cred;$/;" m struct:member typeref:struct:ecdaa_credential_FP256BN file: |
|||
cred member.c /^ struct ecdaa_credential_FP256BN cred;$/;" m struct:member typeref:struct:ecdaa_credential_FP256BN file: |
|||
cred_sig issuer.c /^ struct ecdaa_credential_FP256BN_signature cred_sig;$/;" m struct:issuer typeref:struct:ecdaa_credential_FP256BN_signature file: |
|||
ctx member-tpm.c /^ struct ecdaa_tpm_context ctx;$/;" m struct:member typeref:struct:ecdaa_tpm_context file: |
|||
ecdaa_bintohex common.c /^void ecdaa_bintohex(const uint8_t *in_bin, size_t inlen, char *out_hex) {$/;" f typeref:typename:void |
|||
ecdaa_hextobin common.c /^void ecdaa_hextobin(const char *in_hex, uint8_t *out_bin, size_t outlen) {$/;" f typeref:typename:void |
|||
ecdaa_issuer CMakeLists.txt /^add_executable(ecdaa_issuer issuer.c common.h common.c server.h server.c)$/;" t |
|||
ecdaa_issuer CMakeLists.txt /^project(ecdaa_issuer C)$/;" p |
|||
ecdaa_member CMakeLists.txt /^add_executable(ecdaa_member member.c common.h common.c client.h client.c server.h server.c)$/;" t |
|||
ecdaa_member_tpm CMakeLists.txt /^add_executable(ecdaa_member_tpm member-tpm.c common.h common.c client.h client.c server.h server/;" t |
|||
ecdaa_rand common.c /^void ecdaa_rand(void *buffer, size_t buflen) {$/;" f typeref:typename:void |
|||
ecdaa_verifier CMakeLists.txt /^add_executable(ecdaa_verifier verifier.c common.h common.c server.h server.c client.h client.c)$/;" t |
|||
free_tpm member-tpm.c /^int free_tpm() {$/;" f typeref:typename:int |
|||
hex2bin common.c /^uint8_t hex2bin(char hex) {$/;" f typeref:typename:uint8_t |
|||
init_tpm member-tpm.c /^int init_tpm() {$/;" f typeref:typename:int |
|||
ipk issuer.c /^ struct ecdaa_issuer_public_key_FP256BN ipk;$/;" m struct:issuer typeref:struct:ecdaa_issuer_public_key_FP256BN file: |
|||
ipk member-tpm.c /^ struct ecdaa_issuer_public_key_FP256BN ipk;$/;" m struct:member typeref:struct:ecdaa_issuer_public_key_FP256BN file: |
|||
ipk member.c /^ struct ecdaa_issuer_public_key_FP256BN ipk;$/;" m struct:member typeref:struct:ecdaa_issuer_public_key_FP256BN file: |
|||
ipk verifier.c /^ struct ecdaa_issuer_public_key_FP256BN ipk;$/;" m struct:verifier typeref:struct:ecdaa_issuer_public_key_FP256BN file: |
|||
isk issuer.c /^ struct ecdaa_issuer_secret_key_FP256BN isk;$/;" m struct:issuer typeref:struct:ecdaa_issuer_secret_key_FP256BN file: |
|||
issuer issuer.c /^issuer_t issuer;$/;" v typeref:typename:issuer_t |
|||
issuer issuer.c /^typedef struct issuer {$/;" s file: |
|||
issuer_joinproceed issuer.c /^int issuer_joinproceed(char *buffer) {$/;" f typeref:typename:int |
|||
issuer_joinstart issuer.c /^int issuer_joinstart(char *buffer) {$/;" f typeref:typename:int |
|||
issuer_publish issuer.c /^int issuer_publish(char *buffer) {$/;" f typeref:typename:int |
|||
issuer_setup issuer.c /^int issuer_setup(char *buffer) {$/;" f typeref:typename:int |
|||
issuer_state issuer.c /^typedef enum issuer_state {$/;" g file: |
|||
issuer_t issuer.c /^} issuer_t;$/;" t typeref:struct:issuer file: |
|||
issuerstate_e issuer.c /^} issuerstate_e;$/;" t typeref:enum:issuer_state file: |
|||
main issuer.c /^int main() {$/;" f typeref:typename:int |
|||
main member-tpm.c /^int main() {$/;" f typeref:typename:int |
|||
main member.c /^int main() {$/;" f typeref:typename:int |
|||
main verifier.c /^int main() {$/;" f typeref:typename:int |
|||
member member-tpm.c /^member_t member;$/;" v typeref:typename:member_t |
|||
member member-tpm.c /^typedef struct member {$/;" s file: |
|||
member member.c /^member_t member;$/;" v typeref:typename:member_t |
|||
member member.c /^typedef struct member {$/;" s file: |
|||
member_attest member-tpm.c /^int member_attest(char *buffer) {$/;" f typeref:typename:int |
|||
member_attest member.c /^int member_attest(char *buffer) {$/;" f typeref:typename:int |
|||
member_getpublic member-tpm.c /^int member_getpublic(char *buffer) {$/;" f typeref:typename:int |
|||
member_getpublic member.c /^int member_getpublic(char *buffer) {$/;" f typeref:typename:int |
|||
member_join member-tpm.c /^int member_join(char *buffer) {$/;" f typeref:typename:int |
|||
member_join member.c /^int member_join(char *buffer) {$/;" f typeref:typename:int |
|||
member_joinappend member-tpm.c /^int member_joinappend(char *buffer) {$/;" f typeref:typename:int |
|||
member_joinappend member.c /^int member_joinappend(char *buffer) {$/;" f typeref:typename:int |
|||
member_joinfinish member-tpm.c /^int member_joinfinish(char *buffer) {$/;" f typeref:typename:int |
|||
member_joinfinish member.c /^int member_joinfinish(char *buffer) {$/;" f typeref:typename:int |
|||
member_publish member-tpm.c /^int member_publish(char *buffer) {$/;" f typeref:typename:int |
|||
member_publish member.c /^int member_publish(char *buffer) {$/;" f typeref:typename:int |
|||
member_t member-tpm.c /^} member_t;$/;" t typeref:struct:member file: |
|||
member_t member.c /^} member_t;$/;" t typeref:struct:member file: |
|||
memberstate member-tpm.c /^typedef enum memberstate {$/;" g file: |
|||
memberstate member.c /^typedef enum memberstate {$/;" g file: |
|||
memberstate_e member-tpm.c /^} memberstate_e;$/;" t typeref:enum:memberstate file: |
|||
memberstate_e member.c /^} memberstate_e;$/;" t typeref:enum:memberstate file: |
|||
mpk issuer.c /^ struct ecdaa_member_public_key_FP256BN mpk;$/;" m struct:issuer typeref:struct:ecdaa_member_public_key_FP256BN file: |
|||
mpk member-tpm.c /^ struct ecdaa_member_public_key_FP256BN mpk;$/;" m struct:member typeref:struct:ecdaa_member_public_key_FP256BN file: |
|||
mpk member.c /^ struct ecdaa_member_public_key_FP256BN mpk;$/;" m struct:member typeref:struct:ecdaa_member_public_key_FP256BN file: |
|||
msk member.c /^ struct ecdaa_member_secret_key_FP256BN msk;$/;" m struct:member typeref:struct:ecdaa_member_secret_key_FP256BN file: |
|||
nonce issuer.c /^ uint8_t nonce[NONCE_SIZE];$/;" m struct:issuer typeref:typename:uint8_t[] file: |
|||
nonce member-tpm.c /^ uint8_t nonce[NONCE_SIZE];$/;" m struct:member typeref:typename:uint8_t[] file: |
|||
nonce member.c /^ uint8_t nonce[NONCE_SIZE];$/;" m struct:member typeref:typename:uint8_t[] file: |
|||
process_issuer issuer.c /^int process_issuer(char *buffer) {$/;" f typeref:typename:int |
|||
process_member member-tpm.c /^int process_member(char *buffer) {$/;" f typeref:typename:int |
|||
process_member member.c /^int process_member(char *buffer) {$/;" f typeref:typename:int |
|||
process_verifier verifier.c /^int process_verifier(char *buffer) {$/;" f typeref:typename:int |
|||
revocations verifier.c /^ struct ecdaa_revocations_FP256BN revocations;$/;" m struct:verifier typeref:struct:ecdaa_revocations_FP256BN file: |
|||
server_open server.c /^int server_open(int16_t port) {$/;" f typeref:typename:int |
|||
server_start server.c /^int server_start(conn_handler handler, int16_t port) {$/;" f typeref:typename:int |
|||
state issuer.c /^ issuerstate_e state;$/;" m struct:issuer typeref:typename:issuerstate_e file: |
|||
state member-tpm.c /^ memberstate_e state;$/;" m struct:member typeref:typename:memberstate_e file: |
|||
state member.c /^ memberstate_e state;$/;" m struct:member typeref:typename:memberstate_e file: |
|||
state verifier.c /^ verifierstate_e state;$/;" m struct:verifier typeref:typename:verifierstate_e file: |
|||
verifier verifier.c /^typedef struct verifier {$/;" s file: |
|||
verifier verifier.c /^verifier_t verifier;$/;" v typeref:typename:verifier_t |
|||
verifier_attestmember verifier.c /^int verifier_attestmember(char *buffer) {$/;" f typeref:typename:int |
|||
verifier_checkattest verifier.c /^int verifier_checkattest(char *buffer) {$/;" f typeref:typename:int |
|||
verifier_checklink verifier.c /^int verifier_checklink(char *buffer) {$/;" f typeref:typename:int |
|||
verifier_getissuer verifier.c /^int verifier_getissuer(char *buffer) {$/;" f typeref:typename:int |
|||
verifier_t verifier.c /^} verifier_t;$/;" t typeref:struct:verifier file: |
|||
verifierstate verifier.c /^typedef enum verifierstate {$/;" g file: |
|||
verifierstate_e verifier.c /^} verifierstate_e;$/;" t typeref:enum:verifierstate file: |
|||
Loading…
Reference in new issue