1*723e4046Schristos
2*723e4046Schristos /*
3*723e4046Schristos * Licensed Materials - Property of IBM
4*723e4046Schristos *
5*723e4046Schristos * trousers - An open source TCG Software Stack
6*723e4046Schristos *
7*723e4046Schristos * (C) Copyright International Business Machines Corp. 2006
8*723e4046Schristos *
9*723e4046Schristos */
10*723e4046Schristos
11*723e4046Schristos #include <stdlib.h>
12*723e4046Schristos #include <stdio.h>
13*723e4046Schristos #include <string.h>
14*723e4046Schristos
15*723e4046Schristos // for message digest
16*723e4046Schristos #include <openssl/evp.h>
17*723e4046Schristos
18*723e4046Schristos #include <stdlib.h>
19*723e4046Schristos #include "daa_structs.h"
20*723e4046Schristos #include "daa_parameter.h"
21*723e4046Schristos #include "trousers/tss.h"
22*723e4046Schristos #include "spi_internal_types.h"
23*723e4046Schristos #include "spi_utils.h"
24*723e4046Schristos #include <trousers/trousers.h>
25*723e4046Schristos #include <spi_utils.h>
26*723e4046Schristos #include <obj.h>
27*723e4046Schristos #include "tsplog.h"
28*723e4046Schristos #include "tss/tcs.h"
29*723e4046Schristos
30*723e4046Schristos /*
31*723e4046Schristos Verifies if the key is a valid endorsement key of a TPM. (TPM is good)
32*723e4046Schristos return 0 if correct
33*723e4046Schristos */
verify_ek_and_daaCounter(UINT32 endorsementLength,BYTE * endorsementCredential,UINT32 daaCounter)34*723e4046Schristos int verify_ek_and_daaCounter(
35*723e4046Schristos UINT32 endorsementLength,
36*723e4046Schristos BYTE *endorsementCredential,
37*723e4046Schristos UINT32 daaCounter
38*723e4046Schristos ) {
39*723e4046Schristos // TODO
40*723e4046Schristos return 0;
41*723e4046Schristos }
42*723e4046Schristos
43*723e4046Schristos
Tspi_DAA_IssueInit_internal(TSS_HDAA hDAA,TSS_HKEY issuerAuthPK,TSS_HKEY issuerKeyPair,TSS_DAA_IDENTITY_PROOF identityProof,UINT32 capitalUprimeLength,BYTE * capitalUprime,UINT32 daaCounter,UINT32 * nonceIssuerLength,BYTE ** nonceIssuer,UINT32 * authenticationChallengeLength,BYTE ** authenticationChallenge,TSS_DAA_JOIN_ISSUER_SESSION * joinSession)44*723e4046Schristos TSS_RESULT Tspi_DAA_IssueInit_internal(
45*723e4046Schristos TSS_HDAA hDAA, // in
46*723e4046Schristos TSS_HKEY issuerAuthPK, // in
47*723e4046Schristos TSS_HKEY issuerKeyPair, // in (TSS_DAA_KEY_PAIR *)
48*723e4046Schristos TSS_DAA_IDENTITY_PROOF identityProof, // in
49*723e4046Schristos UINT32 capitalUprimeLength, // in
50*723e4046Schristos BYTE* capitalUprime, // in
51*723e4046Schristos UINT32 daaCounter, // in
52*723e4046Schristos UINT32* nonceIssuerLength, // out
53*723e4046Schristos BYTE** nonceIssuer, // out
54*723e4046Schristos UINT32* authenticationChallengeLength, // out
55*723e4046Schristos BYTE** authenticationChallenge, // out
56*723e4046Schristos TSS_DAA_JOIN_ISSUER_SESSION* joinSession // out
57*723e4046Schristos ) {
58*723e4046Schristos TCS_CONTEXT_HANDLE tcsContext;
59*723e4046Schristos TSS_RESULT result;
60*723e4046Schristos BYTE *ne, *buffer;
61*723e4046Schristos bi_t random;
62*723e4046Schristos int length_ne;
63*723e4046Schristos
64*723e4046Schristos if( (result = obj_daa_get_tsp_context( hDAA, &tcsContext)) != TSS_SUCCESS)
65*723e4046Schristos return result;
66*723e4046Schristos // 1 & 2 : verify EK (and associated credentials) of the platform
67*723e4046Schristos if( verify_ek_and_daaCounter( identityProof.endorsementLength,
68*723e4046Schristos identityProof.endorsementCredential, daaCounter) != 0) {
69*723e4046Schristos LogError("EK verification failed");
70*723e4046Schristos return TSS_E_INTERNAL_ERROR;
71*723e4046Schristos }
72*723e4046Schristos
73*723e4046Schristos // 3 : choose a random nonce for the platform (ni)
74*723e4046Schristos bi_new( random);
75*723e4046Schristos bi_urandom( random, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8);
76*723e4046Schristos buffer = bi_2_nbin( nonceIssuerLength, random);
77*723e4046Schristos if( buffer == NULL) {
78*723e4046Schristos LogError("malloc of %d bytes failed", *nonceIssuerLength);
79*723e4046Schristos return TSPERR(TSS_E_OUTOFMEMORY);
80*723e4046Schristos }
81*723e4046Schristos *nonceIssuer = convert_alloc( tcsContext, *nonceIssuerLength, buffer);
82*723e4046Schristos if (*nonceIssuer == NULL) {
83*723e4046Schristos LogError("malloc of %d bytes failed", *nonceIssuerLength);
84*723e4046Schristos free( buffer);
85*723e4046Schristos return TSPERR(TSS_E_OUTOFMEMORY);
86*723e4046Schristos }
87*723e4046Schristos
88*723e4046Schristos LogDebug("nonce Issuer[%d:%d]:%s", DAA_PARAM_LENGTH_MESSAGE_DIGEST,
89*723e4046Schristos *nonceIssuerLength,
90*723e4046Schristos dump_byte_array( *nonceIssuerLength , *nonceIssuer));
91*723e4046Schristos
92*723e4046Schristos // 4 : choose a random nonce ne and encrypt it under EK
93*723e4046Schristos bi_urandom( random, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8);
94*723e4046Schristos ne = convert_alloc( tcsContext, length_ne, bi_2_nbin( &length_ne, random));
95*723e4046Schristos if (ne == NULL) {
96*723e4046Schristos LogError("malloc of %d bytes failed", length_ne);
97*723e4046Schristos free( buffer);
98*723e4046Schristos free( nonceIssuer);
99*723e4046Schristos return TSPERR(TSS_E_OUTOFMEMORY);
100*723e4046Schristos }
101*723e4046Schristos
102*723e4046Schristos bi_free( random);
103*723e4046Schristos *authenticationChallenge = (BYTE *)calloc_tspi( tcsContext, 256); // 256: RSA size
104*723e4046Schristos if (*authenticationChallenge == NULL) {
105*723e4046Schristos LogError("malloc of %d bytes failed", 256);
106*723e4046Schristos free( buffer);
107*723e4046Schristos free( nonceIssuer);
108*723e4046Schristos free( ne);
109*723e4046Schristos return TSPERR(TSS_E_OUTOFMEMORY);
110*723e4046Schristos }
111*723e4046Schristos result = Trspi_RSA_Encrypt(
112*723e4046Schristos ne, // message to encrypt
113*723e4046Schristos length_ne, // length message to encrypt
114*723e4046Schristos *authenticationChallenge, // destination
115*723e4046Schristos authenticationChallengeLength, // length destination
116*723e4046Schristos identityProof.endorsementCredential, // public key
117*723e4046Schristos identityProof.endorsementLength); // public key size
118*723e4046Schristos if( result != TSS_SUCCESS) {
119*723e4046Schristos LogError("Can not encrypt the Authentication Challenge");
120*723e4046Schristos free( buffer);
121*723e4046Schristos free( nonceIssuer);
122*723e4046Schristos free( ne);
123*723e4046Schristos return TSS_E_INTERNAL_ERROR;
124*723e4046Schristos }
125*723e4046Schristos LogDebug("authenticationChallenge[%d:%d]:%s", DAA_PARAM_LENGTH_MESSAGE_DIGEST,
126*723e4046Schristos *authenticationChallengeLength,
127*723e4046Schristos dump_byte_array( *authenticationChallengeLength , *authenticationChallenge));
128*723e4046Schristos
129*723e4046Schristos // 5 : save PK, PKDAA, (p', q'), U', daaCounter, ni, ne in joinSession
130*723e4046Schristos // EK is not a member of joinSession but is already saved in identityProof
131*723e4046Schristos joinSession->issuerAuthPK = issuerAuthPK;
132*723e4046Schristos joinSession->issuerKeyPair = issuerKeyPair;
133*723e4046Schristos memcpy( &(joinSession->identityProof), &identityProof, sizeof(TSS_DAA_IDENTITY_PROOF));
134*723e4046Schristos joinSession->capitalUprimeLength = capitalUprimeLength;
135*723e4046Schristos joinSession->capitalUprime = capitalUprime;
136*723e4046Schristos joinSession->daaCounter = daaCounter;
137*723e4046Schristos joinSession->nonceIssuerLength = *nonceIssuerLength;
138*723e4046Schristos joinSession->nonceIssuer = *nonceIssuer;
139*723e4046Schristos joinSession->nonceEncryptedLength = length_ne;
140*723e4046Schristos joinSession->nonceEncrypted = ne;
141*723e4046Schristos return result;
142*723e4046Schristos }
143