Michael Preisach
c77992f397
|
5 years ago | |
|---|---|---|
| .idea | 6 years ago | |
| .gitignore | 5 years ago | |
| CMakeLists.txt | 5 years ago | |
| README.md | 5 years ago | |
| client.c | 6 years ago | |
| client.h | 6 years ago | |
| common.c | 6 years ago | |
| common.h | 5 years ago | |
| ecdaa_member | 5 years ago | |
| ecdaa_verifier | 5 years ago | |
| issuer.c | 5 years ago | |
| issuer.h | 5 years ago | |
| member-tpm.c | 5 years ago | |
| member-tpm.h | 6 years ago | |
| member.c | 5 years ago | |
| member.h | 6 years ago | |
| server.c | 6 years ago | |
| server.h | 6 years ago | |
| tags | 5 years ago | |
| verifier.c | 5 years ago | |
| verifier.h | 5 years ago | |
README.md
ECDAA
This project is a wrapper for the xaptum ecdaa protocol which introduces network functionality to it.
Prerequisities
Tested system: Ubuntu 20.04 LTS
Only the ECDAA member can have TPM-backed cryptography. There exist however a member instance where all crypto is done without using a TPM
The following guideline is adapred from the Xaptum ECDAA project page at https://github.com/xaptum/ecdaa/blob/master/doc/BUILDING.md
Building prerequisities from source
# Install required packages for the following build from source
apt install gcc cmake build-essential doxygen doxygen-latex parallel
git clone https://github.com/xaptum/ecdaa.git #tested with commit d9b1ef7
# Create subdirectory for build
mkdir -p ecdaa/build && cd ecdaa/build
# Build Dependencing from source
export CMAKE_PREFIX_PATH=/usr
../.travis/install-amcl.sh ./amcl /usr FP256BN
Installing TPM support for TPM-backed member
There is a tpm2-tss version required (2.3.3) which is not available in Ubuntu 20.04 (has 2.3.2).
From Ubuntu 20.10 and later, installing libtss2-dev should work.
For Ubuntu 20.04, this should be built from source:
# Install further required packages for building this lib
apt install autoconf autoconf-archive libcmocka0 libcmocka-dev procps iproute2 \
pkg-config libtool libssl-dev uthash-dev libjson-c-dev libini-config-dev
# Build the tpm2-tss lib from source
../.travis/install-tpm2-tss.sh ./tpm2-tss /usr
Installing xaptum/ecdaa
When the TPM should be available for use on this host, set ECDAA_TPM_SUPPORT accordingly
# Build the project from source with TPM support
cmake .. -DCMAKE_BUILD_TYPE=Release -DECDAA_CURVES=FP256BN -DCMAKE_INSTALL_PREFIX=/usr -DECDAA_TPM_SUPPORT=ON
cmake --build . --target install
Installing
- Create the CMake files
cmake .
- Compile the preferred targets
- ecdaa_issuer
- ecdaa_member (without TPM support)
- ecdaa_verifier
- ecdaa_member_tpm (with TPM support)
- all (all of the above)
cmake --build . --target ecdaa_issuer -- -j 2
Usage
At this point this project just demonstrates the functionality of ECDAA over the network interface. All session data about memberships are only held in RAM and never persisted. Restarting the Issuer introduces a fresh ECDAA group.
Setting IP addresses in common.h
The IP addresses are defined statically in common.h. There is no assumed service discovery.
Protocol
For full function of the protocol, all three parties need to be active.
- The issuer setups its group
- A member candidate contact the issuer to become member of his group
- If the issuer accepts the request, he generates a personalized private key in cooperation with the member. This key may be saved in the TPM.
- The member can now sign messages in the name of the issuer's group.
- Given a message signed by a member, the verifier can proof the signature with only the provided issuer's public key. The issuer can not detect which member was the signer of this message
A detailed theoretical description can be found at Camenisch et al., 2016. Xaptum decided to slightly differ from the protocol specified in the paper: https://github.com/xaptum/ecdaa/blob/master/doc/IMPLEMENTATION.md