TPM Direct Anonymous Attestation (DAA) Library

A C library and reference implementation of Direct Anonymous Attestation (DAA) targeting TPM 2.0–equipped platforms and the IBM TPM 2.0 simulator. The project focuses on practical, standards-aligned primitives and utilities to enable privacy-preserving attestation.

Overview

This repository provides building blocks and sample flows for DAA, using:

• Mbed TLS for big integers, ECC, and DRBG
• MIRACL Core for advanced ECC functionality
• IBM TPM 2.0 Simulator for local development and testing
• IBM TSS (ibmtss) for TPM interactions when needed

The implementation is written in C and tested on Linux.

Features

• Core cryptographic utilities and helpers for DAA
• Example flows demonstrating Issuer/Member operations
• Secure random generation via CTR_DRBG seeded from system entropy
• Custom EC group construction example (BNP256)
• CMake-based build with scripted convenience targets
• Works with the IBM TPM 2.0 simulator and can be adapted to hardware TPMs

Requirements

• Linux
• C toolchain (e.g., gcc/clang) with C11 support
• CMake ≥ 3.16
• Git (for fetching dependencies if needed)

Dependencies for MbedTLS, MIRACL Core, and IBM TSS are handled by the provided build scripts and CMake configuration.

Build

Quick build (recommended):

./build.sh

Manual build:

mkdir -p build
cd build
cmake ..
make -j

Run

A minimal example application is built as daa in the build/ directory (name may vary depending on your build system). This example runs the protocol using a software TPM emulator and requires as an argument the port where the TPM simulator is listening:

./build/daa <tpm_port>

If you intend to test against the IBM TPM 2.0 simulator, ensure it is running before invoking flows that require TPM access.

Test

./test.sh

This script runs basic checks or example scenarios where available.

Project Structure

• main.c – Example entry point demonstrating basic usage
• daa.c, daa.h – DAA-related logic and interfaces
• issuer.c, issuer.h – Issuer-side helpers/interfaces
• templates.c, templates.h – Data templates and helpers
• cryptoutils.c, cryptoutils.h – RNG, EC helpers, and big integer utilities
• tpm_funcs.c, tpm_funcs.h – TPM-related helpers and integration
• cmake/ – CMake configuration for third-party dependencies
• ibmtpm1682/, tpmvstudio/ – IBM TPM simulator sources and related material

Refer to the public headers (e.g., daa.h, issuer.h, cryptoutils.h) for the API surface.

Usage Notes

• This codebase is intended as a foundation or reference for research and prototyping. Review and adapt for production.
• Custom elliptic curves: see get_ec_group_bnp256 in cryptoutils.c for an example of programmatic group construction.
• Randomness: random_bytes and random_bytes_mod use Mbed TLS CTR_DRBG and system entropy.

Security Considerations

• Keys, secrets, and credentials should be protected according to your threat model.
• Ensure a high-quality entropy source on your target platform.
• Run static analysis and fuzzing where appropriate. Validate constant-time behavior for security-critical paths.
• Carefully evaluate curve parameters and cryptographic assumptions for your deployment.

License

This project is released under the MIT License. See LICENSE for details.

Acknowledgements

• IBM for the TPM 2.0 Simulator and TSS
• Mbed TLS and MIRACL Core projects

Contributors

• Lead Software Engineer: Stefanos Vasileiadis ([email protected])
• Scientific Lead: Thanassis Giannetsos ([email protected])
• Technical Coordination: Panagiotis Gouvas ([email protected])

How to Contribute

Contributions are welcome via pull requests. Please:

• Discuss significant changes in an issue first
• Keep changes focused and well-documented
• Follow consistent code style and add tests where applicable

References

• Trusted Computing Group (TCG) specifications for TPM 2.0 and DAA
• IBM TPM 2.0 Simulator documentation