# ETSI TS103457 "Trusted Cross-Domain Interface: Interface to offload sensitive functions to a trusted domain" Example implementation and demonstrator This software is made of a library providing connection and session with trust management, message encoding and related functionnal examples done at server side (MTD). ## Dependencies installation This description is for debian linux distribution. Build tool packages : - g++ - cmake For botan library - libboost-all-dev - lzma-dev - liblzma-dev - libbz2-dev - libssl-dev - xv-utils For documentation : - doxygen - graphviz For client GUI : - python3 - python3-pip - python3-tk Libraries from github are required: - botan (crypto library): https://github.com/randombit/botan (version 2.17.3) - spdlog (logging library): https://github.com/gabime/spdlog - google catch2 (unit testing framework): https://github.com/catchorg/Catch2 (version v2.13.4) ### botan build - from source project root - `./configure.py --with-boost --with-openssl --with-bzip2 --with-lzma --with-zlib` - `make` ### spdlog build - `mkdir build && cd buid && cmake ..` - `make` The location of the dependency libraries is defined in main CMakeLists.txt Default locations are ../botan-git, ../spdlog-git and ../Catch2-git ## Project build The library is C++ coded and uses cmake toolchain for building The build generates libetsi103457 library, example MTD server, doxygen documentation and unit testing binaries. These build options can be used with cmake: - `-DETSI103457_BUILD_TESTS=1` to enable unit testing - `-DETSI103457_BUILD_EXAMPLE=1` to build the server ## Code description Every function from the TS has a corresponding class derived from a TDS_Commands base class. The concept elements defined in TS are directly mapped into classes in the library : - TD_Message is the TTLV encoded command/response content - TD_Object is the generic object handled by the MTD - TD_Container is a MTD container TD_TLLVTools is a static class used for coding/decoding all the types defined in the standard TD_Connection is in charge of the protocol connection handling over and except the transport layer. TD_Session_Manager is for the lifecycle management of the objects inside the sessions. ## Demonstrator description The project goal is to illustrate the interactions and processings for the two domains, MTD, the more trusted domain and LTD, the lesser one. It exhibits a client/server architecture where the client in LTD offload some sensible processings to an MTD server. A TLS transport layer is used as recommended in standard. Demo keys and certificates are given in pki directory. The client is a pure python implementation with a portable Tk GUI. ## Demonstrator Usage From example directory - The client can be run with `python3 etsi103457-gui.py` - The server can be run with `./tls_server.sh` wrapper script ## Demonstrator limitations - The Demonstrator server is synchronous and will only accept a single client connection at a time - DB access has not been implemented in this Demonstrator, therefore (key/value) base type are not supported - TD_OpenConnection : - parameters are not used - TD_TrustRenewal : - Trust is automatically checked every 240 seconds from the client. In order to demonstrate the loss of trust, BAD_CN is passed to the server as CN value when the Trusted Value checkbox is unticked in the client - TD_Object : - Allthough Objects are stored as RAW data (bytestrings), Object values should be entered as string for logging purpose - TD_GetRandom : - SizeInBytes shall be lower than XX due to libbotan implementation - Archive and Storage are stored as files by default in /tmp and are prefixed by ARC and STO for demonstration purposes - Files content is stored as human readable content. The Storage name is stored as a string when applying, Object_Id are stored as human readable uuid, and values are Base64 encoded