xaptum / ecdaa

A C implementation of elliptic-curve-based Direct Anonymous Attestation (DAA) signatures. Created to support the Xaptum Edge Network Fabric, an IoT Network Solution.
https://www.xaptum.com
Apache License 2.0
45 stars 8 forks source link
daa direct-anonymous-attestation elliptic-curve-cryptography iot iot-client-library pairing-based-cryptography tpm2

ecdaa

Release Build Status Coverage Status Coverity Scan Build Status

A C implementation of elliptic-curve-based Direct Anonymous Attestation signatures, using the LRSW-DAA scheme.

The project provides all DAA functionality for Issuers, Members, and Verifiers. Pseudonym linking ("basename signatures") is optional, and secret-key revocation lists can be used.

The algorithm used is compatible with Version 1.1 Release Draft of the FIDO ECDAA specification. Further implementation details can be found in doc/IMPLEMENTATION.md.

Installation

See doc/BUILDING.md for more information on building from source.

Packages are also available for the following distributions.

Debian (Stretch, Buster) or Ubuntu (Bionic)

DIST=$(lsb_release -cs)

# Install the Xaptum APT repo GPG signing key
sudo apt-get install dirmngr
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys c615bfaa7fe1b4ca

# Add the repository to your APT sources
echo "deb https://xaptum.jfrog.io/artifactory/debian ${DIST} main" | sudo tee /etc/apt/sources.list.d/xaptum.list
sudo apt-get update

# Install the CLI tool and shared library
sudo apt-get install ecdaa

# For developers, header files and shared libraries can also be installed
sudo apt-get install libecdaa-dev

# For using a TPM 2.0, install the ecdaa-tpm library (and, optionally, development package)
sudo apt-get install libecdaa-tpm0
sudo apt-get install libecdaa-tpm-dev

Homebrew (MacOS)

# Tap the Xaptum Homebrew repository.
brew tap xaptum/xaptum

# Install the library.
brew install xaptum

Usage

Information on using the library can be found in the doc/USAGE.md document.

The ecdaa command-line tool provides a simple, file-based interface for all DAA functionality. If building from source, it's available in the tool directory.

A basic Join-Sign-Verify flow is shown below.

Create Group

# Issuer creates a new keypair
ecdaa issuer genkeys -p issuer_public.bin -s issuer_private.bin

...Issuer distributes issuer_public.bin to any Verifiers...

# Verifier extracts group public key from Issuer's public key
ecdaa extractgpk -p issuer_public.bin -g group_public.bin

...Verifier saves group_public.bin...

Join

# Member creates a keypair
ecdaa member genkeys -p member_public.bin -s member_private.bin

...Member sends member_public.bin to Issuer...

# Issuer creates a credential on that public key
ecdaa issuer issuecredential -p member_public.bin -s issuer_private.bin -c member_credential.bin

...Issuer sends member_credential.bin to Member...

...Member saves the member_credential.bin and its member_private.bin...

Sign

...Member creates a message to be signed in the file message.bin...

# Member creates signature over the message
ecdaa member sign -s member_private.bin -c member_credential.bin -m message.bin -g signature.bin

...Member sends message.bin and signature.bin to Verifier...

Verify

# Verifier checks signature
ecdaa verify -g group_public.bin -m message.bin -s signature.bin

License

Copyright 2017-2019 Xaptum, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this work except in compliance with the License. You may obtain a copy of the License from the LICENSE.txt file or at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.