src/tspi/daa/daa_issuer/issuer_init.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142


/*
 * Licensed Materials - Property of IBM
 *
 * trousers - An open source TCG Software Stack
 *
 * (C) Copyright International Business Machines Corp. 2006
 *
 */

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

// for message digest
#include <openssl/evp.h>

#include <stdlib.h>
#include "daa_structs.h"
#include "daa_parameter.h"
#include "trousers/tss.h"
#include "spi_internal_types.h"
#include "spi_utils.h"
#include <trousers/trousers.h>
#include <spi_utils.h>
#include <obj.h>
#include "tsplog.h"
#include "tss/tcs.h"

/*
Verifies if the key is a valid endorsement key of a TPM. (TPM is good)
return 0 if correct
 */
int verify_ek_and_daaCounter(
	UINT32 endorsementLength,
	BYTE *endorsementCredential,
	UINT32 daaCounter
) {
	// TODO
	return 0;
}


TSS_RESULT Tspi_DAA_IssueInit_internal(
	TSS_HDAA	hDAA,	// in
	TSS_HKEY	issuerAuthPK,	// in
	TSS_HKEY	issuerKeyPair,	// in (TSS_DAA_KEY_PAIR *)
	TSS_DAA_IDENTITY_PROOF	identityProof,	// in
	UINT32	capitalUprimeLength,	// in
	BYTE*	capitalUprime,	// in
	UINT32	daaCounter,	// in
	UINT32*	nonceIssuerLength,	// out
	BYTE**	nonceIssuer,	// out
	UINT32*	authenticationChallengeLength,	// out
	BYTE**	authenticationChallenge,	// out
	TSS_DAA_JOIN_ISSUER_SESSION*	joinSession	// out
) {
	TCS_CONTEXT_HANDLE tcsContext;
	TSS_RESULT result;
	BYTE *ne, *buffer;
	bi_t random;
	int length_ne;

	if( (result = obj_daa_get_tsp_context( hDAA, &tcsContext)) != TSS_SUCCESS)
		return result;
	// 1 & 2 : verify EK (and associated credentials) of the platform
	if( verify_ek_and_daaCounter( identityProof.endorsementLength,
				identityProof.endorsementCredential, daaCounter) != 0) {
		LogError("EK verification failed");
		return TSS_E_INTERNAL_ERROR;
	}

	// 3 : choose a random nonce for the platform (ni)
	bi_new( random);
	bi_urandom( random, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8);
	buffer = bi_2_nbin( nonceIssuerLength, random);
	if( buffer == NULL) {
		LogError("malloc of %d bytes failed", *nonceIssuerLength);
		return TSPERR(TSS_E_OUTOFMEMORY);
	}
	*nonceIssuer =  convert_alloc( tcsContext, *nonceIssuerLength, buffer);
	if (*nonceIssuer == NULL) {
		LogError("malloc of %d bytes failed", *nonceIssuerLength);
		free( buffer);
		return TSPERR(TSS_E_OUTOFMEMORY);
	}

	LogDebug("nonce Issuer[%d:%d]:%s", DAA_PARAM_LENGTH_MESSAGE_DIGEST,
		*nonceIssuerLength,
		dump_byte_array( *nonceIssuerLength , *nonceIssuer));

	// 4 : choose a random nonce ne and encrypt it under EK
	bi_urandom( random, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8);
	ne = convert_alloc( tcsContext, length_ne, bi_2_nbin( &length_ne, random));
	if (ne == NULL) {
		LogError("malloc of %d bytes failed", length_ne);
		free( buffer);
		free( nonceIssuer);
		return TSPERR(TSS_E_OUTOFMEMORY);
	}

	bi_free( random);
	*authenticationChallenge = (BYTE *)calloc_tspi( tcsContext, 256); // 256: RSA size
	if (*authenticationChallenge == NULL) {
		LogError("malloc of %d bytes failed", 256);
		free( buffer);
		free( nonceIssuer);
		free( ne);
		return TSPERR(TSS_E_OUTOFMEMORY);
	}
	result = Trspi_RSA_Encrypt(
		ne,	// message to encrypt
		length_ne,	// length message to encrypt
		*authenticationChallenge,	// destination
		authenticationChallengeLength, // length destination
		identityProof.endorsementCredential, // public key
		identityProof.endorsementLength); // public key size
	if( result != TSS_SUCCESS) {
		LogError("Can not encrypt the Authentication Challenge");
		free( buffer);
		free( nonceIssuer);
		free( ne);
		return TSS_E_INTERNAL_ERROR;
	}
	LogDebug("authenticationChallenge[%d:%d]:%s", DAA_PARAM_LENGTH_MESSAGE_DIGEST,
		*authenticationChallengeLength,
		dump_byte_array( *authenticationChallengeLength , *authenticationChallenge));

	// 5 : save PK, PKDAA, (p', q'), U', daaCounter, ni, ne in joinSession
	// EK is not a member of joinSession but is already saved in identityProof
	joinSession->issuerAuthPK = issuerAuthPK;
	joinSession->issuerKeyPair = issuerKeyPair;
	memcpy( &(joinSession->identityProof), &identityProof, sizeof(TSS_DAA_IDENTITY_PROOF));
	joinSession->capitalUprimeLength = capitalUprimeLength;
	joinSession->capitalUprime = capitalUprime;
	joinSession->daaCounter = daaCounter;
	joinSession->nonceIssuerLength = *nonceIssuerLength;
	joinSession->nonceIssuer = *nonceIssuer;
	joinSession->nonceEncryptedLength = length_ne;
	joinSession->nonceEncrypted = ne;
	return result;
}