Closed djordjeglbvc closed 4 years ago
bernardoaraujor
commented
4 years ago @djordjeglbvc we need to replace the cURL approach.
There's no Token Store SQlite3 service for bc_daemon anymore.
User info needs to be managed locally. If needed, take the same Plugin approach done by @strahinjagolic for Embedded Policy Storage.
There must be one user ID per IOTA seed, which is the identificator for wallet context:
@vlad-ns please tell us what you think.
bernardoaraujor
commented
4 years ago @djordjeglbvc + @vlad-ns:
Here's a way to generate RSA keys starting from IOTA Seed: https://github.com/bernardoaraujor/dopenssl
check this testing example for a better idea: https://github.com/bernardoaraujor/dopenssl/blob/d3a5c67b2a2787d09823d50cb6b02f8b438b7561/tests/dopenssl/rsa.c#L164
also, the main example takes in the seed as CLI arg: https://github.com/bernardoaraujor/dopenssl/blob/master/src/sample.c
This is a way to glue together the IOTA Wallet with ASN for User Management.
djordjeglbvc
commented
4 years ago @djordjeglbvc we need to replace the cURL approach. There's no Token Store SQlite3 service for
bc_daemonanymore.User info needs to be managed locally. If needed, take the same Plugin approach done by @strahinjagolic for Embedded Policy Storage.
User info is already managed locally, sqlite3 is used as a local storage engine for user, nothing to do with token store. Calls to sqlite api can be moved to a plugin, that makes sense.
Regarding curl calls, they were only used to get wallet info from blockchain, I will replace them with IOTA wallet logic as soon as I look into its workings in more detail.
There must be one user ID per IOTA seed, which is the identificator for wallet context:
bernardoaraujor
commented
4 years ago @djordjeglbvc let me know your thoughts on the deterministic generation of RSA keys with dOpenSSL.
this can be a really clever solution to bind IOTA token ownership to ASN authentication layout.
possible challenge is that dOpenSSL depends on OpenSSL v1.0.2 which is slightly outdated.
bernardoaraujor
commented
4 years ago With dOpenSSL, we can do the following scheme:
these keys are then used for ASN Auth.
bernardoaraujor
commented
4 years ago for example... assume you have OpenSSL v1.0.2 and dOpenSSL installed into Ubuntu 18.04 and successfully built sample.c.
Creating IOTA Seed:
$ cat /dev/urandom |tr -dc A-Z9|head -c${1:-81}
YCRXMDWAHCJZFGNOCEGMBRHIQLXLZADOIWMNVK9AXAPTLYCNQXFTHPBHZMOFWRDVIUIFHGCPOHNU9LXKKDeterministically generate 2048 bit RSA private key from Seed:
$ ./sample "YCRXMDWAHCJZFGNOCEGMBRHIQLXLZADOIWMNVK9AXAPTLYCNQXFTHPBHZMOFWRDVIUIFHGCPOHNU9LXKK"
Private-Key: (2048 bit)
modulus:
00:a8:72:af:3d:ea:28:82:9d:71:ca:71:47:e8:ba:
c5:75:9d:8d:c2:c7:c1:a8:bf:ba:a6:98:b6:c4:d4:
b9:14:a4:a9:14:ac:f5:f0:78:18:dc:0c:3c:ee:a6:
94:93:af:23:de:d4:a8:14:53:26:7d:e7:11:f5:23:
d4:2e:b4:04:60:58:d6:f3:78:9d:14:09:27:ba:2c:
04:7b:f1:aa:51:d8:09:17:2c:ca:5c:a1:00:bd:b0:
db:44:6a:31:0a:1b:ee:7a:44:d2:da:0f:57:06:30:
b6:e5:bc:ad:7d:a0:28:ec:56:4f:37:ca:2a:f5:d5:
b0:a6:47:8c:4d:6c:61:4e:e4:a0:a4:8e:dc:9d:84:
63:c3:d7:c2:18:16:94:53:a1:59:8c:ce:39:c1:31:
6a:14:5c:8a:fb:91:4d:0e:8f:36:5a:50:5a:df:bc:
b1:a0:b8:22:4e:73:76:cb:0b:22:ff:d2:28:35:53:
a4:40:17:f1:55:c4:41:1b:ee:76:48:e2:f7:01:8d:
89:e5:10:4a:89:cd:94:96:c7:43:f0:ec:69:81:67:
85:b7:de:59:a2:37:2c:a3:1f:4f:1d:67:bf:ca:f6:
21:50:8a:ec:f5:d9:56:fd:a4:44:7f:bd:2b:d4:9e:
fb:5b:5d:1a:5f:3e:51:65:a3:6d:3f:23:27:1e:67:
9a:67
publicExponent:
01:f2:3c:c2:2e:26:bf:c5:bd:3f:4b:ec:88:b7:14:
b3:67:68:2d:d4:47:95:ab:5c:b2:33:4c:97:43:f9:
4c:63:6f:82:48:a1:35:0d:a1:a0:69:03:f4:c6:2e:
04:a5:77:1e:53:07:76:62:a0:b3:40:e9:76:0e:e3:
8b:71:88:a8:2f:c7:3e:0a:4d:ed:31:3d:be:f7:9e:
bc:20:c2:11:8f:d5:22:7d:b3:5f:69:5c:8d:bc:f8:
ba:8f:77:9d:4a:5c:7b:26:ac:f8:fb:39:ac:19:9f:
bc:70:f3:82:c2:d5:2e:cb:e8:2e:a5:65:f5:0e:90:
c3:b8:c4:17:82:fa:ed:64:4b
privateExponent:
00:81:f2:91:f3:59:af:f9:47:cb:27:2f:78:32:78:
c1:f9:12:8b:a7:44:99:02:68:53:9c:73:20:9c:8c:
bb:50:0a:c6:74:03:c6:26:2d:6d:fe:fe:8d:00:8e:
8e:70:e1:3e:b8:e2:cc:ce:eb:b5:98:53:82:6d:b7:
68:83:09:7f:e9:fb:6f:ab:65:fc:5b:8a:17:f3:39:
ac:d6:f0:8f:b3:9d:2d:e6:8b:eb:ca:06:db:8a:63:
05:f5:15:b8:d9:88:15:56:1e:05:c6:4b:03:a9:22:
94:c5:07:d1:16:74:dc:cc:a7:75:e7:c4:d9:4b:72:
ab:c7:2d:c2:59:cf:29:8f:c9:3d:bd:dd:eb:b0:d4:
94:d3:6f:e8:21:68:ab:72:49:85:51:92:71:03:ee:
49:3d:6f:a1:0a:15:45:54:f3:e7:ed:78:c8:28:c7:
fc:05:15:b1:f5:32:32:87:05:60:21:fc:c8:1b:4a:
fc:3b:a3:1d:cd:44:99:c9:bb:23:44:27:58:84:74:
ac:71:71:d9:4f:d5:de:0b:62:67:1d:71:e2:fd:53:
d9:d8:4f:53:35:70:3c:8e:00:f1:0e:01:c8:5a:8a:
1c:4d:77:43:b4:11:74:e1:b3:b8:a8:b9:b2:ed:10:
44:cf:44:a9:fe:2a:e5:3f:16:d6:ed:99:49:ff:43:
c2:cb
prime1:
00:dd:58:06:37:ff:b9:71:f8:0a:25:fa:6b:1b:38:
9f:26:6b:d1:8e:ef:ee:86:a2:89:86:4e:43:62:03:
aa:d1:61:9f:ef:21:2b:40:48:a5:22:7c:30:20:b8:
fa:db:fc:3d:62:a7:c9:b7:ae:1e:ab:17:9c:56:4e:
32:0e:22:8a:e8:13:2a:bb:e4:a7:5f:c7:0d:35:da:
59:df:70:a7:89:1e:92:59:9f:83:7b:4c:52:99:0a:
fe:f9:c6:0f:ec:fc:ef:e1:28:87:04:96:7a:1e:83:
11:ce:a9:94:6e:ce:16:7c:b8:37:5f:fb:34:b9:40:
42:7b:5b:f4:f4:a0:4e:c3:43
prime2:
00:c2:d2:78:a7:d6:12:de:73:42:9b:c1:eb:1c:8f:
6e:d7:38:13:78:cf:1e:14:99:bb:8a:ba:a7:ce:30:
6e:54:d1:a3:43:7f:44:7a:f8:a2:28:33:b2:c4:bf:
d7:3c:4d:df:ad:7f:5b:b0:6b:0c:cc:71:51:e5:15:
b9:93:5f:e9:39:a0:52:63:81:0a:2a:5f:53:30:93:
aa:45:bc:fc:83:bb:02:44:83:cf:46:09:fb:84:f9:
f7:2c:7e:a9:47:ee:c2:f1:44:44:08:44:03:b5:42:
4a:db:cb:04:25:3b:a7:f7:c8:43:c4:dd:8e:58:09:
68:7e:61:05:95:73:06:90:0d
exponent1:
00:91:2a:37:89:41:e5:5e:50:26:11:38:9e:f2:e4:
32:6e:be:3a:e0:3c:08:e5:9b:e0:19:fd:f8:b1:49:
ed:4a:8f:60:85:40:c1:88:9d:9d:8d:a3:f3:21:14:
af:18:40:32:26:95:97:a9:a3:9a:24:f4:fe:95:26:
9b:ae:66:fe:c1:a5:fc:34:ef:1d:e0:f6:c8:4f:c3:
b3:4d:aa:db:56:62:0c:32:f6:fd:0a:a0:34:3c:f3:
7f:70:19:83:86:83:d3:05:52:f6:ae:71:ab:cc:fd:
db:49:7c:1e:6d:2d:c8:d9:4d:b8:c0:7e:5b:f4:91:
2c:2e:92:b7:af:aa:1a:b1:4d
exponent2:
2f:fb:1f:5a:41:52:8b:db:a2:b3:49:a4:bd:0e:3b:
d6:79:0f:c0:7b:41:d8:7e:e0:2e:f6:59:28:23:d6:
fe:6f:7d:11:ed:82:eb:b5:18:ce:f8:b6:d3:6d:80:
2e:17:e3:de:4a:92:d9:58:59:54:b1:8c:ee:a6:80:
e0:a2:5b:44:4e:ba:6e:16:51:9c:53:eb:ab:e6:93:
71:bb:07:d7:85:57:db:41:2a:d8:b8:66:f9:be:e2:
69:87:cf:2d:2b:e5:d1:88:f5:cd:fc:c9:e9:21:59:
2e:c0:3c:e9:96:2c:c9:17:e3:fa:a4:60:8b:b7:0f:
0e:d9:d0:1f:88:f6:b3:77
coefficient:
00:bb:12:33:6f:a7:44:97:11:6a:58:06:94:17:8d:
71:34:e8:72:cf:70:42:d3:b4:68:70:a3:16:99:2e:
2b:f5:87:46:58:1e:fa:e9:91:c7:09:95:30:cb:ef:
05:53:e2:32:10:ac:e9:a3:50:6e:ab:08:3b:86:34:
8d:c9:e0:de:ab:31:2c:f3:18:b1:b0:7a:52:d0:58:
27:4f:4c:a9:f3:67:6f:ea:03:b9:2a:24:ba:61:af:
0c:f9:37:be:e5:e9:38:b2:3d:22:5f:83:b1:0d:37:
18:7c:68:16:23:62:e3:f3:cb:b9:78:bd:b6:4e:0f:
db:63:47:74:14:2b:34:7e:58@bernardoaraujor I don't understand why is deterministic openssl variant better for our case?
bernardoaraujor
commented
4 years ago @djordjeglbvc I'm brainstorming about a unified ASN Authentication Framework that also encompasses the IOTA Protocol.
but @oopsmonk raised some good points:
Hardware information as ID, like MAC address, is commonly used in IoT system. dopenssl is dependent on openssl, for embedded it's big and has compatibility issues.
djordjeglbvc
commented
4 years ago @bernardoaraujor regarding user wallet id references which are present at current user management module implementation - it is legacy logic, we won't store users wallet id's on embedded device, so I will remove all code related to it from the module, including curl calls to blockchain. User management module shouldn't need to access any external service, anyway, as it is just user database interface. I've discussed this with @vlad-ns
vlad-ns
commented
4 years ago Since scope of IOTA Access solution does not include user management, we should implement user module as set of callbacks that will be populated by the developer integrating IOTA Access. Initial example will have hardcoded users. This will be beneficial as an example on how the users are introduced to the device as well for quick start guide. User wallet is legacy implementation and should be removed.
bernardoaraujor
commented
4 years ago @djordjeglbvc + @vlad-ns thanks for the clarification.
dOpenSSL was a fun exercise for last night, but we can ignore it for the moment.
please proceed with the User Module Plugin.
djordjeglbvc
commented
4 years ago done
Issue #47