diff options
author | Franklin Wei <me@fwei.tk> | 2018-06-04 18:04:20 -0400 |
---|---|---|
committer | Franklin Wei <me@fwei.tk> | 2018-06-04 18:04:20 -0400 |
commit | 35d085feee188ef5b6910fe67222fb297c5c6ea6 (patch) | |
tree | abbd39ffb2f3092ead5be2e558df4913ba4cca9f | |
parent | a4bee983312b69bb28bc57f3e7210f0e9b645930 (diff) | |
download | csaa-35d085feee188ef5b6910fe67222fb297c5c6ea6.zip csaa-35d085feee188ef5b6910fe67222fb297c5c6ea6.tar.gz csaa-35d085feee188ef5b6910fe67222fb297c5c6ea6.tar.bz2 csaa-35d085feee188ef5b6910fe67222fb297c5c6ea6.tar.xz |
Implement trusted module secret relaying
-rw-r--r-- | service_provider.c | 10 | ||||
-rw-r--r-- | trusted_module.c | 47 | ||||
-rw-r--r-- | trusted_module.h | 1 |
3 files changed, 52 insertions, 6 deletions
diff --git a/service_provider.c b/service_provider.c index a6c68c2..aaa58a1 100644 --- a/service_provider.c +++ b/service_provider.c @@ -8,9 +8,9 @@ #include "trusted_module.h" struct file_version { - hash_t k; /* h(key, f_idx) */ - hash_t l; /* h(encrypted contents, k) */ - hash_t enc_key; /* XOR'd with h(k, module secret) */ + hash_t kf; /* h(key, file_idx) */ + hash_t l; /* h(h(file contents), kf) */ + hash_t enc_key; /* XOR'd with h(kf, module secret) */ struct tm_cert cert; /* VR certificate */ hash_t cert_hmac; @@ -26,8 +26,8 @@ struct file_record { struct iomt_node *acl; int acl_nodes; - struct tm_cert cert; /* FR cert */ - hash_t cert_hmac; + struct tm_cert fr_cert; /* issued by module */ + hash_t fr_hmac; struct file_version *versions; int n_versions; diff --git a/trusted_module.c b/trusted_module.c index 501267f..78a010e 100644 --- a/trusted_module.c +++ b/trusted_module.c @@ -70,6 +70,13 @@ bool hash_equals(hash_t a, hash_t b) return !memcmp(a.hash, b.hash, 32); } +hash_t hash_xor(hash_t a, hash_t b) +{ + for(int i = 0; i < 32; ++i) + a.hash[i] ^= b.hash[i]; + return a; +} + struct trusted_module *tm_new(const void *key, size_t keylen) { struct trusted_module *tm = calloc(1, sizeof(struct trusted_module)); @@ -168,7 +175,8 @@ struct tm_cert tm_cert_node_update(struct trusted_module *tm, hash_t orig, hash_ return cert; } -static struct tm_cert cert_null = { NONE }; +static const struct tm_cert cert_null = { NONE }; +static const struct hash_t hash_null = { { 0 } }; static const char *tm_error = NULL; static void tm_seterror(const char *error) @@ -666,6 +674,43 @@ struct tm_cert tm_request(struct trusted_module *tm, assert(false); } +/* enc_secret is encrypted by the user by XOR'ing the file encryption + * key with h(f + c_f + K), where + denotes concatenation. The purpose + * of this function is to decrypt the secret passed by the user, + * verify its integrity against kf=HMAC(secret, key=f_idx), and then + * re-encrypt the secret with the module's secret key. This is the + * F_rs() function described by Mohanty et al. */ +hash_t tm_verify_and_encrypt_secret(struct trusted_module *tm, + uint64_t file_idx, uint64_t file_counter, uint64_t user_id, hash_t enc_secret, hash_t kf) +{ + hash_t pad; /* key = enc_secret ^ pad */ + HMAC_CTX *ctx = HMAC_CTX_new(); + HMAC_Init_ex(ctx, tm->user_keys[user_id - 1].key, tm->user_keys[user_id - 1].len, + EVP_sha256(), NULL); + + HMAC_Update(ctx, (const unsigned char*)&file_idx, sizeof(file_idx)); + HMAC_Update(ctx, (const unsigned char*)&file_counter, sizeof(file_counter)); + + HMAC_Final(ctx, pad.hash, NULL); + HMAC_CTX_free(ctx); + + hash_t key = hash_xor(enc_secret, pad); + + if(hash_equals(kf, + hmac_sha256(key.hash, sizeof(key.hash), + &file_idx, sizeof(file_idx)))) + { + /* re-encrypt */ + pad = hmac_sha256(kf.hash, sizeof(kf.hash), + tm->secret, sizeof(tm->secret)); + + return hash_xor(key, pad); + } + + /* failure */ + return hash_null; +} + /* self-test */ void check(int condition) { diff --git a/trusted_module.h b/trusted_module.h index 7796a1a..7ecfa9f 100644 --- a/trusted_module.h +++ b/trusted_module.h @@ -98,6 +98,7 @@ struct tm_cert tm_cert_record_update(struct trusted_module *tm, bool tm_set_equiv_root(struct trusted_module *tm, const struct tm_cert *cert_eq, hash_t hmac); +/* process a user's request to transform the IOMT in some way */ struct tm_cert tm_request(struct trusted_module *tm, const struct user_request *req, hash_t req_hmac, hash_t *hmac_out, |