VERIFIER: add path for whitelist dbs

Cybersecurity-LINKS · May 2, 2024 · d35ddac · d35ddac
1 parent a656a8c
commit d35ddac
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 14 deletions.
diff --git a/embrave.conf.example b/embrave.conf.example
@@ -50,8 +50,10 @@ join_service_ip = localhost
 # Port where it runs the http Join Service server
 join_service_port = 8000
 
-# URI where download the whitelist
-whitelist_uri = https://location.where.whitelist/is/stored
+# URI whitelist
+# Format file://whitelistname.db or
+# https://location.where.whitelist/is/stored
+whitelist_uri = file://raspberrypi4b.db
 
 ##################################
 # Verifier configuration section #
@@ -79,6 +81,9 @@ tls_key = /var/embrave/verifier/tls/key.pem
 # Path of the verfier database (sqlite)
 db = file:/var/embrave/verifier/db.sqlite
 
+# Path where to store all whitelists databases (sqlite)
+whitelist_path = /var/embrave/verifier/whitelist/
+
 # Join Service IP address
 join_service_ip = localhost
 

diff --git a/include/config_parse.h b/include/config_parse.h
@@ -21,7 +21,7 @@
 #define MAX_BUF 255
 #define MAX_LINE_LENGTH 1023
 #define ATTESTER_NUM_CONFIG_PARAMS 12
-#define VERIFIER_NUM_CONFIG_PARAMS 11
+#define VERIFIER_NUM_CONFIG_PARAMS 12
 #define JOIN_SERVICE_NUM_CONFIG_PARAMS 11
 
 enum attester_keys_config{
@@ -46,6 +46,7 @@ enum verifier_keys_config{
     VERIFIER_TLS_KEY,
     VERIFIER_TLS_CERT_CA,
     VERIFIER_DB,
+    VERIFIER_WHITELIST_PATH,
     VERIFIER_JOIN_SERVICE_IP,
     VERIFIER_JOIN_SERVICE_PORT,
     VERIFIER_MQTT_BROKER_IP,
@@ -83,12 +84,13 @@ struct attester_conf {
 };
 
 struct verifier_conf {
-    char db[MAX_LINE_LENGTH];
     uint32_t topic_id;
     uint32_t port;
     uint32_t tls_port;
     uint32_t join_service_port;
     uint32_t mqtt_broker_port;
+    char db[MAX_LINE_LENGTH];
+    char whitelist_path[MAX_LINE_LENGTH];
     char ip[MAX_BUF];
     char tls_cert_ca[MAX_LINE_LENGTH];
     char tls_cert[MAX_LINE_LENGTH];

diff --git a/src/config_parse.c b/src/config_parse.c
@@ -18,7 +18,7 @@
 char* attester_params[ATTESTER_NUM_CONFIG_PARAMS] = {"uuid", "ip", "port","ek_rsa_cert",
             "ek_ecc_cert", "ak_pub", "ak_name", "ak_ctx", "ak_cert", "join_service_ip", "join_service_port", "whitelist_uri"};
 char* verifier_params[VERIFIER_NUM_CONFIG_PARAMS] = {"ip", "port", "tls_port", "tls_cert", "tls_key",
-            "tls_cert_ca", "db", "join_service_ip", "join_service_port", "mqtt_broker_ip", "mqtt_broker_port"};
+            "tls_cert_ca", "db", "whitelist_path", "join_service_ip", "join_service_port", "mqtt_broker_ip", "mqtt_broker_port"};
 char* join_service_params[JOIN_SERVICE_NUM_CONFIG_PARAMS] = {"ip", "port", "tls_port", "tls_cert",
             "tls_key", "tls_cert_ca", "db", "ca_x509_path", "mqtt_broker_ip", "mqtt_broker_port", "log_path"};
 
@@ -185,11 +185,11 @@ uint16_t read_config(char user, void* config_struct){
 
                         case ATTESTER_JOIN_SERVICE_PORT:
                             attester_config->join_service_port = (uint32_t) atoi(value);
-                        break;
+                            break;
 
                         case ATTESTER_WHITELIST_URI:
                             strcpy(attester_config->whitelist_uri, value);
-                        break;
+                            break;
 
                         case ATTESTER_NUM_CONFIG_PARAMS:
                             //unknown param
@@ -245,21 +245,25 @@ uint16_t read_config(char user, void* config_struct){
                             strcpy(verifier_config->db, value);
                             break;
 
+                        case VERIFIER_WHITELIST_PATH:
+                            strcpy(verifier_config->whitelist_path, value);
+                            break;
+
                         case VERIFIER_JOIN_SERVICE_IP:
                             strcpy(verifier_config->join_service_ip, value);
                             break;
 
                         case VERIFIER_JOIN_SERVICE_PORT:
                             verifier_config->join_service_port = (uint32_t) atoi(value);
-                        break;
+                            break;
 
                         case VERIFIER_MQTT_BROKER_IP:
                             strcpy(verifier_config->mqtt_broker_ip, value);
-                        break;
+                            break;
 
                         case VERIFIER_MQTT_BROKER_PORT:
                             verifier_config->mqtt_broker_port = (uint32_t) atoi(value);
-                        break;
+                            break;
 
                         case VERIFIER_NUM_CONFIG_PARAMS:
                             //unknown param
@@ -317,19 +321,19 @@ uint16_t read_config(char user, void* config_struct){
 
                         case JOIN_SERVICE_CA_X509:
                             strcpy(join_service_config->ca_x509_path, value);
-                        break;
+                            break;
 
                         case JOIN_SERVICE_BROKER_IP:
                             strcpy(join_service_config->mqtt_broker_ip, value);
-                        break;
+                            break;
 
                         case JOIN_SERVICE_BROKER_PORT:
                             join_service_config->mqtt_broker_port = (uint32_t) atoi(value);
-                        break;
+                            break;
 
                         case JOIN_SERVICE_LOG:
                             strcpy(join_service_config->log_path, value);
-                        break;
+                            break;
 
                         case JOIN_SERVICE_NUM_CONFIG_PARAMS:
                             //unknown param