1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
/*
* Licensed Materials - Property of IBM
*
* trousers - An open source TCG Software Stack
*
* (C) Copyright International Business Machines Corp. 2006
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
// for message digest
#include <openssl/evp.h>
#include <stdlib.h>
#include "daa_structs.h"
#include "daa_parameter.h"
#include "trousers/tss.h"
#include "spi_internal_types.h"
#include "spi_utils.h"
#include <trousers/trousers.h>
#include <spi_utils.h>
#include <obj.h>
#include "tsplog.h"
#include "tss/tcs.h"
/*
Verifies if the key is a valid endorsement key of a TPM. (TPM is good)
return 0 if correct
*/
int verify_ek_and_daaCounter(
UINT32 endorsementLength,
BYTE *endorsementCredential,
UINT32 daaCounter
) {
// TODO
return 0;
}
TSS_RESULT Tspi_DAA_IssueInit_internal(
TSS_HDAA hDAA, // in
TSS_HKEY issuerAuthPK, // in
TSS_HKEY issuerKeyPair, // in (TSS_DAA_KEY_PAIR *)
TSS_DAA_IDENTITY_PROOF identityProof, // in
UINT32 capitalUprimeLength, // in
BYTE* capitalUprime, // in
UINT32 daaCounter, // in
UINT32* nonceIssuerLength, // out
BYTE** nonceIssuer, // out
UINT32* authenticationChallengeLength, // out
BYTE** authenticationChallenge, // out
TSS_DAA_JOIN_ISSUER_SESSION* joinSession // out
) {
TCS_CONTEXT_HANDLE tcsContext;
TSS_RESULT result;
BYTE *ne, *buffer;
bi_t random;
int length_ne;
if( (result = obj_daa_get_tsp_context( hDAA, &tcsContext)) != TSS_SUCCESS)
return result;
// 1 & 2 : verify EK (and associated credentials) of the platform
if( verify_ek_and_daaCounter( identityProof.endorsementLength,
identityProof.endorsementCredential, daaCounter) != 0) {
LogError("EK verification failed");
return TSS_E_INTERNAL_ERROR;
}
// 3 : choose a random nonce for the platform (ni)
bi_new( random);
bi_urandom( random, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8);
buffer = bi_2_nbin( nonceIssuerLength, random);
if( buffer == NULL) {
LogError("malloc of %d bytes failed", *nonceIssuerLength);
return TSPERR(TSS_E_OUTOFMEMORY);
}
*nonceIssuer = convert_alloc( tcsContext, *nonceIssuerLength, buffer);
if (*nonceIssuer == NULL) {
LogError("malloc of %d bytes failed", *nonceIssuerLength);
free( buffer);
return TSPERR(TSS_E_OUTOFMEMORY);
}
LogDebug("nonce Issuer[%d:%d]:%s", DAA_PARAM_LENGTH_MESSAGE_DIGEST,
*nonceIssuerLength,
dump_byte_array( *nonceIssuerLength , *nonceIssuer));
// 4 : choose a random nonce ne and encrypt it under EK
bi_urandom( random, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8);
ne = convert_alloc( tcsContext, length_ne, bi_2_nbin( &length_ne, random));
if (ne == NULL) {
LogError("malloc of %d bytes failed", length_ne);
free( buffer);
free( nonceIssuer);
return TSPERR(TSS_E_OUTOFMEMORY);
}
bi_free( random);
*authenticationChallenge = (BYTE *)calloc_tspi( tcsContext, 256); // 256: RSA size
if (*authenticationChallenge == NULL) {
LogError("malloc of %d bytes failed", 256);
free( buffer);
free( nonceIssuer);
free( ne);
return TSPERR(TSS_E_OUTOFMEMORY);
}
result = Trspi_RSA_Encrypt(
ne, // message to encrypt
length_ne, // length message to encrypt
*authenticationChallenge, // destination
authenticationChallengeLength, // length destination
identityProof.endorsementCredential, // public key
identityProof.endorsementLength); // public key size
if( result != TSS_SUCCESS) {
LogError("Can not encrypt the Authentication Challenge");
free( buffer);
free( nonceIssuer);
free( ne);
return TSS_E_INTERNAL_ERROR;
}
LogDebug("authenticationChallenge[%d:%d]:%s", DAA_PARAM_LENGTH_MESSAGE_DIGEST,
*authenticationChallengeLength,
dump_byte_array( *authenticationChallengeLength , *authenticationChallenge));
// 5 : save PK, PKDAA, (p', q'), U', daaCounter, ni, ne in joinSession
// EK is not a member of joinSession but is already saved in identityProof
joinSession->issuerAuthPK = issuerAuthPK;
joinSession->issuerKeyPair = issuerKeyPair;
memcpy( &(joinSession->identityProof), &identityProof, sizeof(TSS_DAA_IDENTITY_PROOF));
joinSession->capitalUprimeLength = capitalUprimeLength;
joinSession->capitalUprime = capitalUprime;
joinSession->daaCounter = daaCounter;
joinSession->nonceIssuerLength = *nonceIssuerLength;
joinSession->nonceIssuer = *nonceIssuer;
joinSession->nonceEncryptedLength = length_ne;
joinSession->nonceEncrypted = ne;
return result;
}
|