xref: /netbsd-src/crypto/external/cpl/trousers/dist/src/tspi/daa/daa_issuer/issuer_init.c (revision 2d5f7628c5531eb583b9313ac2fd1cf8582b4479) 
1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2006
8  *
9  */
10 
11 #include <stdlib.h>
12 #include <stdio.h>
13 #include <string.h>
14 
15 // for message digest
16 #include <openssl/evp.h>
17 
18 #include <stdlib.h>
19 #include "daa_structs.h"
20 #include "daa_parameter.h"
21 #include "trousers/tss.h"
22 #include "spi_internal_types.h"
23 #include "spi_utils.h"
24 #include <trousers/trousers.h>
25 #include <spi_utils.h>
26 #include <obj.h>
27 #include "tsplog.h"
28 #include "tss/tcs.h"
29 
30 /*
31 Verifies if the key is a valid endorsement key of a TPM. (TPM is good)
32 return 0 if correct
33  */
verify_ek_and_daaCounter(UINT32 endorsementLength,BYTE * endorsementCredential,UINT32 daaCounter)34 int verify_ek_and_daaCounter(
35 	UINT32 endorsementLength,
36 	BYTE *endorsementCredential,
37 	UINT32 daaCounter
38 ) {
39 	// TODO
40 	return 0;
41 }
42 
43 
Tspi_DAA_IssueInit_internal(TSS_HDAA hDAA,TSS_HKEY issuerAuthPK,TSS_HKEY issuerKeyPair,TSS_DAA_IDENTITY_PROOF identityProof,UINT32 capitalUprimeLength,BYTE * capitalUprime,UINT32 daaCounter,UINT32 * nonceIssuerLength,BYTE ** nonceIssuer,UINT32 * authenticationChallengeLength,BYTE ** authenticationChallenge,TSS_DAA_JOIN_ISSUER_SESSION * joinSession)44 TSS_RESULT Tspi_DAA_IssueInit_internal(
45 	TSS_HDAA	hDAA,	// in
46 	TSS_HKEY	issuerAuthPK,	// in
47 	TSS_HKEY	issuerKeyPair,	// in (TSS_DAA_KEY_PAIR *)
48 	TSS_DAA_IDENTITY_PROOF	identityProof,	// in
49 	UINT32	capitalUprimeLength,	// in
50 	BYTE*	capitalUprime,	// in
51 	UINT32	daaCounter,	// in
52 	UINT32*	nonceIssuerLength,	// out
53 	BYTE**	nonceIssuer,	// out
54 	UINT32*	authenticationChallengeLength,	// out
55 	BYTE**	authenticationChallenge,	// out
56 	TSS_DAA_JOIN_ISSUER_SESSION*	joinSession	// out
57 ) {
58 	TCS_CONTEXT_HANDLE tcsContext;
59 	TSS_RESULT result;
60 	BYTE *ne, *buffer;
61 	bi_t random;
62 	int length_ne;
63 
64 	if( (result = obj_daa_get_tsp_context( hDAA, &tcsContext)) != TSS_SUCCESS)
65 		return result;
66 	// 1 & 2 : verify EK (and associated credentials) of the platform
67 	if( verify_ek_and_daaCounter( identityProof.endorsementLength,
68 				identityProof.endorsementCredential, daaCounter) != 0) {
69 		LogError("EK verification failed");
70 		return TSS_E_INTERNAL_ERROR;
71 	}
72 
73 	// 3 : choose a random nonce for the platform (ni)
74 	bi_new( random);
75 	bi_urandom( random, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8);
76 	buffer = bi_2_nbin( nonceIssuerLength, random);
77 	if( buffer == NULL) {
78 		LogError("malloc of %d bytes failed", *nonceIssuerLength);
79 		return TSPERR(TSS_E_OUTOFMEMORY);
80 	}
81 	*nonceIssuer =  convert_alloc( tcsContext, *nonceIssuerLength, buffer);
82 	if (*nonceIssuer == NULL) {
83 		LogError("malloc of %d bytes failed", *nonceIssuerLength);
84 		free( buffer);
85 		return TSPERR(TSS_E_OUTOFMEMORY);
86 	}
87 
88 	LogDebug("nonce Issuer[%d:%d]:%s", DAA_PARAM_LENGTH_MESSAGE_DIGEST,
89 		*nonceIssuerLength,
90 		dump_byte_array( *nonceIssuerLength , *nonceIssuer));
91 
92 	// 4 : choose a random nonce ne and encrypt it under EK
93 	bi_urandom( random, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8);
94 	ne = convert_alloc( tcsContext, length_ne, bi_2_nbin( &length_ne, random));
95 	if (ne == NULL) {
96 		LogError("malloc of %d bytes failed", length_ne);
97 		free( buffer);
98 		free( nonceIssuer);
99 		return TSPERR(TSS_E_OUTOFMEMORY);
100 	}
101 
102 	bi_free( random);
103 	*authenticationChallenge = (BYTE *)calloc_tspi( tcsContext, 256); // 256: RSA size
104 	if (*authenticationChallenge == NULL) {
105 		LogError("malloc of %d bytes failed", 256);
106 		free( buffer);
107 		free( nonceIssuer);
108 		free( ne);
109 		return TSPERR(TSS_E_OUTOFMEMORY);
110 	}
111 	result = Trspi_RSA_Encrypt(
112 		ne,	// message to encrypt
113 		length_ne,	// length message to encrypt
114 		*authenticationChallenge,	// destination
115 		authenticationChallengeLength, // length destination
116 		identityProof.endorsementCredential, // public key
117 		identityProof.endorsementLength); // public key size
118 	if( result != TSS_SUCCESS) {
119 		LogError("Can not encrypt the Authentication Challenge");
120 		free( buffer);
121 		free( nonceIssuer);
122 		free( ne);
123 		return TSS_E_INTERNAL_ERROR;
124 	}
125 	LogDebug("authenticationChallenge[%d:%d]:%s", DAA_PARAM_LENGTH_MESSAGE_DIGEST,
126 		*authenticationChallengeLength,
127 		dump_byte_array( *authenticationChallengeLength , *authenticationChallenge));
128 
129 	// 5 : save PK, PKDAA, (p', q'), U', daaCounter, ni, ne in joinSession
130 	// EK is not a member of joinSession but is already saved in identityProof
131 	joinSession->issuerAuthPK = issuerAuthPK;
132 	joinSession->issuerKeyPair = issuerKeyPair;
133 	memcpy( &(joinSession->identityProof), &identityProof, sizeof(TSS_DAA_IDENTITY_PROOF));
134 	joinSession->capitalUprimeLength = capitalUprimeLength;
135 	joinSession->capitalUprime = capitalUprime;
136 	joinSession->daaCounter = daaCounter;
137 	joinSession->nonceIssuerLength = *nonceIssuerLength;
138 	joinSession->nonceIssuer = *nonceIssuer;
139 	joinSession->nonceEncryptedLength = length_ne;
140 	joinSession->nonceEncrypted = ne;
141 	return result;
142 }
143