Google Drive
Gist
Clipboard
We have put together a couple of projects. Please, read through and see which works for you.
We want a device (D) to provide attested sensor readings to a relying party (RP).
A prerequisite is that D and RP share a Mixing function:
M(s, ch) = SHA-256(str(s) || ch)
See below for the implementation details.
At an abstract level the "attested sensor reading" protocol flow is as follows:
RP -> RP : ch := RND()
RP -> D : ch
D -> D : s := read_sensor()
D -> D : n := M(s, ch)
D -> D : T := attest(n)
D -> RP : s, T
RP -> RP : verify(T)
RP -> RP : assert(T.nonce == M(s, ch))
In practice, LPC55S69 will expose a LwM2M object called "sensor" providing an "attested reading" resource.
This read-only resource yields the most recent sensor reading together with the bound attestation token in a CBOR map:
attested-reading = {
s : uint,
T : bstr
}
where s is the sensor reading, and T is the marshalled PSA attestation token.
M():import hashlib
def M(s, ch):
m = hashlib.sha256()
m.update(str(s).encode("utf-8"))
m.update(ch)
return m.digest()
# example:
s = 1234
ch = b"\xde\xad\xbe\xef"
print(M(s, ch))
static bool M(unsigned int s, const uint8_t *ch, size_t ch_sz,
uint8_t out[32]) {
char sbuf[64] = {0};
mbedtls_sha256_context c;
bool status = true;
if (snprintf(sbuf, sizeof sbuf, "%u", s) <= 0) {
return false;
}
mbedtls_sha256_init(&c);
if (mbedtls_sha256_starts_ret(&c, 0) ||
mbedtls_sha256_update_ret(&c, (uint8_t *)sbuf, strlen(sbuf)) ||
mbedtls_sha256_update_ret(&c, ch, ch_sz) ||
mbedtls_sha256_finish_ret(&c, out)) {
status = false;
goto end;
}
end:
mbedtls_sha256_free(&c);
return status;
}
// example:
uint8_t out[32], ch[4] = {0xde, 0xad, 0xbe, 0xef};
unsigned int s = 1234;
(void) M(s, ch, sizeof ch, out);
7-2018-q2-update but if you feel bold enough you could try a more recent version.Generic Setup (To be done only once when you get new NXP LPC55S69-EVK + Espressif ESP8266 Wifi chip)
Setup, Bring-up and Demo examples Guide: https://www.nxp.com/document/guide/get-started-with-the-lpc55s69-evk:GS-LPC55S69-EVK
Update the CMSIS-DAP firmware first before trying out any demo examples (using the link below)
mbed on LPC55S69 (First time use ONLY)
On first run, update the device bootloader and firmware to enable drag and drop binary programming on the device
https://os.mbed.com/teams/NXP/wiki/Updating-LPCXpresso-firmware
Device bringup and mbed demo examples
https://os.mbed.com/platforms/LPCXpresso55S69/#getting-started-with-mbed
We want to extend the IAT verifier, i.e., the tooling around the PSA attestation token, to understand the EAT format. For that to happen, we need to:
TBD create issues in github to work on.
or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe