Closed djordjeglbvc closed 4 years ago
@djordjeglbvc we need to replace the cURL approach.
There's no Token Store SQlite3 service for bc_daemon
anymore.
User info needs to be managed locally. If needed, take the same Plugin approach done by @strahinjagolic for Embedded Policy Storage.
There must be one user ID per IOTA seed, which is the identificator for wallet context:
@vlad-ns please tell us what you think.
@djordjeglbvc + @vlad-ns:
Here's a way to generate RSA keys starting from IOTA Seed: https://github.com/bernardoaraujor/dopenssl
check this testing example for a better idea: https://github.com/bernardoaraujor/dopenssl/blob/d3a5c67b2a2787d09823d50cb6b02f8b438b7561/tests/dopenssl/rsa.c#L164
also, the main example takes in the seed as CLI arg: https://github.com/bernardoaraujor/dopenssl/blob/master/src/sample.c
This is a way to glue together the IOTA Wallet with ASN for User Management.
@djordjeglbvc we need to replace the cURL approach. There's no Token Store SQlite3 service for
bc_daemon
anymore.User info needs to be managed locally. If needed, take the same Plugin approach done by @strahinjagolic for Embedded Policy Storage.
User info is already managed locally, sqlite3 is used as a local storage engine for user, nothing to do with token store. Calls to sqlite api can be moved to a plugin, that makes sense.
Regarding curl calls, they were only used to get wallet info from blockchain, I will replace them with IOTA wallet logic as soon as I look into its workings in more detail.
There must be one user ID per IOTA seed, which is the identificator for wallet context:
@djordjeglbvc let me know your thoughts on the deterministic generation of RSA keys with dOpenSSL.
this can be a really clever solution to bind IOTA token ownership to ASN authentication layout.
possible challenge is that dOpenSSL depends on OpenSSL v1.0.2 which is slightly outdated.
With dOpenSSL, we can do the following scheme:
these keys are then used for ASN Auth.
for example... assume you have OpenSSL v1.0.2 and dOpenSSL installed into Ubuntu 18.04 and successfully built sample.c
.
Creating IOTA Seed:
$ cat /dev/urandom |tr -dc A-Z9|head -c${1:-81}
YCRXMDWAHCJZFGNOCEGMBRHIQLXLZADOIWMNVK9AXAPTLYCNQXFTHPBHZMOFWRDVIUIFHGCPOHNU9LXKK
Deterministically generate 2048 bit RSA private key from Seed:
$ ./sample "YCRXMDWAHCJZFGNOCEGMBRHIQLXLZADOIWMNVK9AXAPTLYCNQXFTHPBHZMOFWRDVIUIFHGCPOHNU9LXKK"
Private-Key: (2048 bit)
modulus:
00:a8:72:af:3d:ea:28:82:9d:71:ca:71:47:e8:ba:
c5:75:9d:8d:c2:c7:c1:a8:bf:ba:a6:98:b6:c4:d4:
b9:14:a4:a9:14:ac:f5:f0:78:18:dc:0c:3c:ee:a6:
94:93:af:23:de:d4:a8:14:53:26:7d:e7:11:f5:23:
d4:2e:b4:04:60:58:d6:f3:78:9d:14:09:27:ba:2c:
04:7b:f1:aa:51:d8:09:17:2c:ca:5c:a1:00:bd:b0:
db:44:6a:31:0a:1b:ee:7a:44:d2:da:0f:57:06:30:
b6:e5:bc:ad:7d:a0:28:ec:56:4f:37:ca:2a:f5:d5:
b0:a6:47:8c:4d:6c:61:4e:e4:a0:a4:8e:dc:9d:84:
63:c3:d7:c2:18:16:94:53:a1:59:8c:ce:39:c1:31:
6a:14:5c:8a:fb:91:4d:0e:8f:36:5a:50:5a:df:bc:
b1:a0:b8:22:4e:73:76:cb:0b:22:ff:d2:28:35:53:
a4:40:17:f1:55:c4:41:1b:ee:76:48:e2:f7:01:8d:
89:e5:10:4a:89:cd:94:96:c7:43:f0:ec:69:81:67:
85:b7:de:59:a2:37:2c:a3:1f:4f:1d:67:bf:ca:f6:
21:50:8a:ec:f5:d9:56:fd:a4:44:7f:bd:2b:d4:9e:
fb:5b:5d:1a:5f:3e:51:65:a3:6d:3f:23:27:1e:67:
9a:67
publicExponent:
01:f2:3c:c2:2e:26:bf:c5:bd:3f:4b:ec:88:b7:14:
b3:67:68:2d:d4:47:95:ab:5c:b2:33:4c:97:43:f9:
4c:63:6f:82:48:a1:35:0d:a1:a0:69:03:f4:c6:2e:
04:a5:77:1e:53:07:76:62:a0:b3:40:e9:76:0e:e3:
8b:71:88:a8:2f:c7:3e:0a:4d:ed:31:3d:be:f7:9e:
bc:20:c2:11:8f:d5:22:7d:b3:5f:69:5c:8d:bc:f8:
ba:8f:77:9d:4a:5c:7b:26:ac:f8:fb:39:ac:19:9f:
bc:70:f3:82:c2:d5:2e:cb:e8:2e:a5:65:f5:0e:90:
c3:b8:c4:17:82:fa:ed:64:4b
privateExponent:
00:81:f2:91:f3:59:af:f9:47:cb:27:2f:78:32:78:
c1:f9:12:8b:a7:44:99:02:68:53:9c:73:20:9c:8c:
bb:50:0a:c6:74:03:c6:26:2d:6d:fe:fe:8d:00:8e:
8e:70:e1:3e:b8:e2:cc:ce:eb:b5:98:53:82:6d:b7:
68:83:09:7f:e9:fb:6f:ab:65:fc:5b:8a:17:f3:39:
ac:d6:f0:8f:b3:9d:2d:e6:8b:eb:ca:06:db:8a:63:
05:f5:15:b8:d9:88:15:56:1e:05:c6:4b:03:a9:22:
94:c5:07:d1:16:74:dc:cc:a7:75:e7:c4:d9:4b:72:
ab:c7:2d:c2:59:cf:29:8f:c9:3d:bd:dd:eb:b0:d4:
94:d3:6f:e8:21:68:ab:72:49:85:51:92:71:03:ee:
49:3d:6f:a1:0a:15:45:54:f3:e7:ed:78:c8:28:c7:
fc:05:15:b1:f5:32:32:87:05:60:21:fc:c8:1b:4a:
fc:3b:a3:1d:cd:44:99:c9:bb:23:44:27:58:84:74:
ac:71:71:d9:4f:d5:de:0b:62:67:1d:71:e2:fd:53:
d9:d8:4f:53:35:70:3c:8e:00:f1:0e:01:c8:5a:8a:
1c:4d:77:43:b4:11:74:e1:b3:b8:a8:b9:b2:ed:10:
44:cf:44:a9:fe:2a:e5:3f:16:d6:ed:99:49:ff:43:
c2:cb
prime1:
00:dd:58:06:37:ff:b9:71:f8:0a:25:fa:6b:1b:38:
9f:26:6b:d1:8e:ef:ee:86:a2:89:86:4e:43:62:03:
aa:d1:61:9f:ef:21:2b:40:48:a5:22:7c:30:20:b8:
fa:db:fc:3d:62:a7:c9:b7:ae:1e:ab:17:9c:56:4e:
32:0e:22:8a:e8:13:2a:bb:e4:a7:5f:c7:0d:35:da:
59:df:70:a7:89:1e:92:59:9f:83:7b:4c:52:99:0a:
fe:f9:c6:0f:ec:fc:ef:e1:28:87:04:96:7a:1e:83:
11:ce:a9:94:6e:ce:16:7c:b8:37:5f:fb:34:b9:40:
42:7b:5b:f4:f4:a0:4e:c3:43
prime2:
00:c2:d2:78:a7:d6:12:de:73:42:9b:c1:eb:1c:8f:
6e:d7:38:13:78:cf:1e:14:99:bb:8a:ba:a7:ce:30:
6e:54:d1:a3:43:7f:44:7a:f8:a2:28:33:b2:c4:bf:
d7:3c:4d:df:ad:7f:5b:b0:6b:0c:cc:71:51:e5:15:
b9:93:5f:e9:39:a0:52:63:81:0a:2a:5f:53:30:93:
aa:45:bc:fc:83:bb:02:44:83:cf:46:09:fb:84:f9:
f7:2c:7e:a9:47:ee:c2:f1:44:44:08:44:03:b5:42:
4a:db:cb:04:25:3b:a7:f7:c8:43:c4:dd:8e:58:09:
68:7e:61:05:95:73:06:90:0d
exponent1:
00:91:2a:37:89:41:e5:5e:50:26:11:38:9e:f2:e4:
32:6e:be:3a:e0:3c:08:e5:9b:e0:19:fd:f8:b1:49:
ed:4a:8f:60:85:40:c1:88:9d:9d:8d:a3:f3:21:14:
af:18:40:32:26:95:97:a9:a3:9a:24:f4:fe:95:26:
9b:ae:66:fe:c1:a5:fc:34:ef:1d:e0:f6:c8:4f:c3:
b3:4d:aa:db:56:62:0c:32:f6:fd:0a:a0:34:3c:f3:
7f:70:19:83:86:83:d3:05:52:f6:ae:71:ab:cc:fd:
db:49:7c:1e:6d:2d:c8:d9:4d:b8:c0:7e:5b:f4:91:
2c:2e:92:b7:af:aa:1a:b1:4d
exponent2:
2f:fb:1f:5a:41:52:8b:db:a2:b3:49:a4:bd:0e:3b:
d6:79:0f:c0:7b:41:d8:7e:e0:2e:f6:59:28:23:d6:
fe:6f:7d:11:ed:82:eb:b5:18:ce:f8:b6:d3:6d:80:
2e:17:e3:de:4a:92:d9:58:59:54:b1:8c:ee:a6:80:
e0:a2:5b:44:4e:ba:6e:16:51:9c:53:eb:ab:e6:93:
71:bb:07:d7:85:57:db:41:2a:d8:b8:66:f9:be:e2:
69:87:cf:2d:2b:e5:d1:88:f5:cd:fc:c9:e9:21:59:
2e:c0:3c:e9:96:2c:c9:17:e3:fa:a4:60:8b:b7:0f:
0e:d9:d0:1f:88:f6:b3:77
coefficient:
00:bb:12:33:6f:a7:44:97:11:6a:58:06:94:17:8d:
71:34:e8:72:cf:70:42:d3:b4:68:70:a3:16:99:2e:
2b:f5:87:46:58:1e:fa:e9:91:c7:09:95:30:cb:ef:
05:53:e2:32:10:ac:e9:a3:50:6e:ab:08:3b:86:34:
8d:c9:e0:de:ab:31:2c:f3:18:b1:b0:7a:52:d0:58:
27:4f:4c:a9:f3:67:6f:ea:03:b9:2a:24:ba:61:af:
0c:f9:37:be:e5:e9:38:b2:3d:22:5f:83:b1:0d:37:
18:7c:68:16:23:62:e3:f3:cb:b9:78:bd:b6:4e:0f:
db:63:47:74:14:2b:34:7e:58
@bernardoaraujor I don't understand why is deterministic openssl variant better for our case?
@djordjeglbvc I'm brainstorming about a unified ASN Authentication Framework that also encompasses the IOTA Protocol.
but @oopsmonk raised some good points:
Hardware information as ID, like MAC address, is commonly used in IoT system. dopenssl is dependent on openssl, for embedded it's big and has compatibility issues.
@bernardoaraujor regarding user wallet id references which are present at current user management module implementation - it is legacy logic, we won't store users wallet id's on embedded device, so I will remove all code related to it from the module, including curl calls to blockchain. User management module shouldn't need to access any external service, anyway, as it is just user database interface. I've discussed this with @vlad-ns
Since scope of IOTA Access solution does not include user management, we should implement user module as set of callbacks that will be populated by the developer integrating IOTA Access. Initial example will have hardcoded users. This will be beneficial as an example on how the users are introduced to the device as well for quick start guide. User wallet is legacy implementation and should be removed.
@djordjeglbvc + @vlad-ns thanks for the clarification.
dOpenSSL was a fun exercise for last night, but we can ignore it for the moment.
please proceed with the User Module Plugin.
done
Issue #47