Middleware ---------- The middleware related to handling account databases covers three areas:
- the actual cryptographic primitives, - the code that reads or writes account records, and - base32 encoding/decoding for when a human-readable representation of a key is needed. There are two implementations of Anelok's cryptography, one in the firmware and another for host tools. The firmware can only read the account database so far, but not edit it. The host tools can read and write. The bits in the firmware: - cryptographic primitives: TweetNaCl: https://gitlab.com/anelok/anelok/blob/master/crypter/tweetnacl.h https://gitlab.com/anelok/anelok/blob/master/crypter/tweetnacl.c from https://tweetnacl.cr.yp.to/ included via https://gitlab.com/anelok/anelok/blob/master/fw/db/crypto/tweetnacl.c uNaCl (optimized elliptic curve multiplication): https://gitlab.com/anelok/anelok/tree/master/fw/db/crypto/unacl from http://munacl.cryptojedi.org/curve25519-cortexm0.shtml included via https://gitlab.com/anelok/anelok/blob/master/fw/db/crypto/unacl-scalarmult.c - database framework: https://gitlab.com/anelok/anelok/blob/master/fw/db/crypto/account.c - base32 encoding (for displaying the public key): https://gitlab.com/anelok/anelok/blob/master/fw/base/base32.h https://gitlab.com/anelok/anelok/blob/master/fw/base/base32.c The host middleware used to be an intricate mixture of C, Perl, and shell scripts, but I've replaced all this since with Python. - cryptographic primitives: - PyNaCl: https://pynacl.readthedocs.io/ - a bit of TweetNaCl for crypto_stream_xsalsa20_tweet_xor, which isn't available through PyNaCl. The code is included there: https://gitlab.com/anelok/anelok/blob/master/crypter/csx.py - database framework: https://gitlab.com/anelok/anelok/blob/master/crypter/account_db.py - base32 encoding and decoding: https://gitlab.com/anelok/anelok/blob/master/crypter/base32.py Host tools ---------- The command-line tool crypter.py is used to compose and examine account databases: https://gitlab.com/anelok/anelok/blob/master/crypter/crypter.py https://gitlab.com/anelok/anelok/blob/master/crypter/dump.py I've also started working on a GUI, but that's still not quite usable (besides looking awful): https://gitlab.com/anelok/anelok/tree/master/gui Missing features ---------------- The firmware should be fully ready for multiple readers now. One change that may be necessary is to grow the ShK cache from one entry to multiple entries. This cache holds the result of the computationally expensive key agreement (i.e., the Curve25519 multiplication), and should be large enough to hold one ShK for each writer that has participated in the creation of the account database. The host-side middleware now implements all the low-level bits for multiple readers but still lacks some API changes and more elaborate key handling before it will actually be able to create databases with multiple readers. Another major item that is still left to do is to define an "on-disk" format for the account database. For now, I just concatenate all the records, but it would be very difficult to edit a database in such a format (short of recreating it each time, which is what the host tools do at the moment). - Werner _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
