1
2 /*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2004
8 *
9 */
10
11
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <malloc.h>
16
17 #include "trousers/tss.h"
18 #include "trousers/trousers.h"
19 #include "trousers_types.h"
20 //#include "trousers_types.h"
21 #include "spi_utils.h"
22 //#include "capabilities.h"
23 #include "tsplog.h"
24 //#include "tcs_tsp.h"
25 //#include "tspps.h"
26 //#include "hosttable.h"
27 //#include "tcsd_wrap.h"
28 //#include "tcsd.h"
29 #include "obj.h"
30 #include "daa/issuer.h"
31 #include "daa/platform.h"
32 #include "daa/verifier.h"
33 #include "daa/anonymity_revocation.h"
34
35 #include "daa/key_correct.h"
36 #include "daa/issuer.h"
37
38 // static TSS_HCONTEXT _hContext;
39
tss_alloc(size_t size,TSS_HOBJECT hContext)40 static void *tss_alloc( size_t size, TSS_HOBJECT hContext) {
41 void *ret = calloc_tspi( hContext, size);
42
43 LogDebug("[intern_alloc (%d)] -> %d", (int)size, (int)ret);
44 return ret;
45 }
46
47 /*
48 static void *normal_malloc( size_t size, TSS_HOBJECT object) {
49 void *ret = malloc( size);
50 return ret;
51 }
52 */
53
54 /**
55 This is the first out of 3 functions to execute in order to receive a DAA Credential.
56 It verifies the keys of the DAA Issuer and computes the TPM DAA public key.
57
58 Parameters
59 - hDAA: Handle of the DAA object
60 - hTPM: Handle of the TPM object
61 - daaCounter: DAA counter
62 - issuerPk: Handle of the DAA Issuer public key
63 - issuerAuthPKsLength: Length of the array of issuerAuthPKs
64 - issuerAuthPKs:Handle of an array of RSA public keys (key chain) of the DAA Issuer used
65 to authenticate the DAA Issuer public key. The size of the modulus
66 must be TPM_DAA_SIZE_issuerModulus (256)
67 - issuerAuthPKSignaturesLength:Length of the array of issuerAuthPKSignatures. It is equal
68 to issuerAuthPKsLength . The length of an element of the array is
69 TPM_DAA_SIZE_issuerModulus (256)
70 - issuerAuthPKSignatures: An array of byte arrays representing signatures on the modulus
71 of the above key chain (issuerAuthPKs) in more details, the array has the
72 following content (S(K[1],K[0]),S(K[2],N[1]),..S(K[ k ],K[n-1]),
73 S(TPM_DAA_ISSUER,K[ k ])), where S(msg,privateKey) denotes
74 the signature function with msg being signed by the privateKey.
75 - capitalUprimeLength: Length of capitalUprime which is ln/8. ln is defined as the size of the RSA modulus (2048).
76 - capitalUprime: U?
77 - identityProof: This structure contains the endorsement, platform and conformance credential.
78 - joinSession: This structure contains DAA Join session information.
79 */
80 #if 0
81 TSPICALL
82 Tspi_TPM_DAA_JoinInit(TSS_HDAA hDAA, // in
83 TSS_HTPM hTPM, // in
84 UINT32 daaCounter, // in
85 TSS_HDAA_DATA issuerPk, // in
86 UINT32 issuerAuthPKsLength, // in
87 TSS_HKEY* issuerAuthPKs, // in
88 UINT32 issuerAuthPKSignaturesLength, // in
89 BYTE** issuerAuthPKSignatures, // in
90 UINT32* capitalUprimeLength, // out
91 BYTE** capitalUprime, // out
92 TSS_DAA_IDENTITY_PROOF** identityProof, // out
93 TSS_DAA_JOIN_SESSION** joinSession) // out
94 {
95 TSS_RESULT result;
96 #ifdef TSS_DEBUG
97 int before = mallinfo().uordblks;
98 #endif
99
100 LogDebug("-> TSPI_TPM_DAA_joinInit hDAA=%x hTPM=%x daaCounter=%x issuerPk=%x",
101 (int)hDAA, (int)hTPM, daaCounter, (int)issuerPk);
102 result = Tspi_TPM_DAA_JoinInit_internal(
103 hDAA,
104 hTPM,
105 daaCounter,
106 (TSS_DAA_PK *)issuerPk,
107 issuerAuthPKsLength,
108 (RSA **)issuerAuthPKs,
109 issuerAuthPKSignaturesLength,
110 issuerAuthPKSignatures,
111 capitalUprimeLength,
112 capitalUprime,
113 identityProof,
114 joinSession);
115 bi_flush_memory();
116
117 LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d",mallinfo().uordblks-before);
118 LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result);
119 return result;
120 }
121 #else
122 TSS_RESULT
Tspi_TPM_DAA_JoinInit(TSS_HTPM hTPM,TSS_HDAA_ISSUER_KEY hIssuerKey,UINT32 daaCounter,UINT32 issuerAuthPKsLength,TSS_HKEY * issuerAuthPKs,UINT32 issuerAuthPKSignaturesLength,UINT32 issuerAuthPKSignaturesLength2,BYTE ** issuerAuthPKSignatures,UINT32 * capitalUprimeLength,BYTE ** capitalUprime,TSS_DAA_IDENTITY_PROOF ** identityProof,UINT32 * joinSessionLength,BYTE ** joinSession)123 Tspi_TPM_DAA_JoinInit(TSS_HTPM hTPM, /* in */
124 TSS_HDAA_ISSUER_KEY hIssuerKey, /* in */
125 UINT32 daaCounter, /* in */
126 UINT32 issuerAuthPKsLength, /* in */
127 TSS_HKEY* issuerAuthPKs, /* in */
128 UINT32 issuerAuthPKSignaturesLength, /* in */
129 UINT32 issuerAuthPKSignaturesLength2, /* in */
130 BYTE** issuerAuthPKSignatures, /* in */
131 UINT32* capitalUprimeLength, /* out */
132 BYTE** capitalUprime, /* out */
133 TSS_DAA_IDENTITY_PROOF** identityProof, /* out */
134 UINT32* joinSessionLength, /* out */
135 BYTE** joinSession) /* out */
136 {
137 TSS_RESULT result;
138 #ifdef TSS_DEBUG
139 int before = mallinfo().uordblks;
140 #endif
141
142 if (!capitalUprimeLength || !capitalUprime || !identityProof || !joinSessionLength ||
143 !joinSession)
144 return TSPERR(TSS_E_BAD_PARAMETER);
145
146 result = Tspi_TPM_DAA_JoinInit_internal(hTPM, hIssuerKey, daaCounter, issuerAuthPKsLength,
147 issuerAuthPKs, issuerAuthPKSignaturesLength,
148 issuerAuthPKSignaturesLength2,
149 issuerAuthPKSignatures, capitalUprimeLength,
150 capitalUprime, identityProof, joinSessionLength,
151 joinSession);
152
153 bi_flush_memory();
154
155 LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d",mallinfo().uordblks-before);
156 LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result);
157
158 return result;
159 }
160 #endif
161 /**
162 This function is part of the DAA Issuer component. It defines the generation of a DAA Issuer
163 public and secret key. Further it defines the generation of a non-interactive proof (using
164 the Fiat-Shamir heuristic) that the public keys were chosen correctly. The latter will guarantee
165 the security requirements of the platform (respectively, its user), i.e., that the privacy and
166 anonymity of signatures will hold.
167 The generation of the authentication keys of the DAA Issuer, which are used to authenticate
168 (main) DAA Issuer keys, is not defined by this function.
169 This is an optional function and does not require a TPM or a TCS.
170
171 Parameters
172 - hDAA: Handle of the DAA object
173 - issuerBaseNameLength: Length of issuerBaseName
174 - issuerBaseName: Unique name of the DAA Issuer
175 - numberPlatformAttributes: Number of attributes that the Platform can choose and which
176 will not be visible to the Issuer.
177 - numberIssuerAttributes:Number of attributes that the Issuer can choose and which will
178 be visible to both the Platform and the Issuer.
179 - keyPair: Handle of the main DAA Issuer key pair (private and public portion)
180 - publicKeyProof:Handle of the proof of the main DAA Issuer public key
181 */
182 #if 0
183 TSPICALL
184 Tspi_DAA_IssueSetup(TSS_HDAA hDAA, // in
185 UINT32 issuerBaseNameLength, // in
186 BYTE* issuerBaseName, // in
187 UINT32 numberPlatformAttributes, // in
188 UINT32 numberIssuerAttributes, // in
189 TSS_HDAA_DATA* keyPair, // out (TSS_KEY_PAIR)
190 TSS_HDAA_DATA* publicKeyProof) // out (TSS_DAA_PK_PROOF)
191 {
192 TSS_RESULT result;
193 KEY_PAIR_WITH_PROOF_internal *key_proof;
194 TSS_DAA_KEY_PAIR *tss_daa_key_pair;
195 TSS_HCONTEXT hContext;
196 #ifdef TSS_DEBUG
197 int before = mallinfo().uordblks;
198 #endif
199
200 LogDebug( "TSPI_DAA_IssueSetup hDAA=%d ",hDAA);
201 // TODO: lock access to _hContext
202 if ((result = obj_daa_get_tsp_context(hDAA, &hContext)))
203 return result;
204 result = generate_key_pair(numberIssuerAttributes,
205 numberPlatformAttributes,
206 issuerBaseNameLength,
207 issuerBaseName,
208 &key_proof);
209 if (result != TSS_SUCCESS)
210 return result;
211 LogDebug("TSPI_DAA_IssueSetup convert internal structure to public allocated using tspi_alloc");
212 LogDebug("key_proof->proof->length_challenge=%d key_proof->proof->length_response=%d",
213 key_proof->proof->length_challenge, key_proof->proof->length_response);
214 // prepare out parameters
215 *publicKeyProof = i_2_e_TSS_DAA_PK_PROOF( key_proof->proof, &tss_alloc, hContext);
216
217 tss_daa_key_pair = (TSS_DAA_KEY_PAIR *)tss_alloc( sizeof(TSS_DAA_KEY_PAIR), hContext);
218 if (tss_daa_key_pair == NULL) {
219 LogError("malloc of %d bytes failed", sizeof(TSS_DAA_KEY_PAIR));
220 result = TSPERR(TSS_E_OUTOFMEMORY);
221 goto close;
222 }
223 tss_daa_key_pair->private_key = i_2_e_TSS_DAA_PRIVATE_KEY( key_proof->private_key,
224 &tss_alloc,
225 hContext);
226 tss_daa_key_pair->public_key = i_2_e_TSS_DAA_PK( key_proof->pk,
227 &tss_alloc,
228 hContext);
229 *keyPair = (TSS_HKEY)tss_daa_key_pair;
230 close:
231 bi_flush_memory();
232
233 LogDebug("TSPI_DAA_IssueSetup ALLOC DELTA:%d", mallinfo().uordblks-before);
234 LogDebug( "TSPI_DAA_IssueSetup end return=%d ",result);
235 return result;
236 }
237 #else
238 TSS_RESULT
Tspi_DAA_Issuer_GenerateKey(TSS_HDAA_ISSUER_KEY hIssuerKey,UINT32 issuerBaseNameLength,BYTE * issuerBaseName)239 Tspi_DAA_Issuer_GenerateKey(TSS_HDAA_ISSUER_KEY hIssuerKey, // in
240 UINT32 issuerBaseNameLength, // in
241 BYTE* issuerBaseName) // in
242 {
243 TSS_RESULT result;
244 KEY_PAIR_WITH_PROOF_internal *key_proof;
245 TSS_DAA_KEY_PAIR *tss_daa_key_pair;
246 TSS_HCONTEXT tspContext;
247 UINT32 numberPlatformAttributes, numberIssuerAttributes;
248 #ifdef TSS_DEBUG
249 int before = mallinfo().uordblks;
250 #endif
251
252 if ((result = obj_daaissuerkey_get_tsp_context(hIssuerKey, &tspContext)))
253 return result;
254
255 if ((result = obj_daaissuerkey_get_attribs(hIssuerKey, &numberIssuerAttributes,
256 &numberPlatformAttributes)))
257 return result;
258
259 if ((result = generate_key_pair(numberIssuerAttributes, numberPlatformAttributes,
260 issuerBaseNameLength, issuerBaseName, &key_proof)))
261 return result;
262
263 LogDebugFn("convert internal structure to public allocated using tspi_alloc");
264 LogDebug("key_proof->proof->length_challenge=%d key_proof->proof->length_response=%d",
265 key_proof->proof->length_challenge, key_proof->proof->length_response);
266
267 // prepare out parameters
268 *publicKeyProof = i_2_e_TSS_DAA_PK_PROOF( key_proof->proof, &tss_alloc, tspContext);
269
270 tss_daa_key_pair = (TSS_DAA_KEY_PAIR *)tss_alloc( sizeof(TSS_DAA_KEY_PAIR), tspContext);
271 if (tss_daa_key_pair == NULL) {
272 LogError("malloc of %d bytes failed", sizeof(TSS_DAA_KEY_PAIR));
273 result = TSPERR(TSS_E_OUTOFMEMORY);
274 goto close;
275 }
276 tss_daa_key_pair->private_key = i_2_e_TSS_DAA_PRIVATE_KEY( key_proof->private_key,
277 &tss_alloc,
278 tspContext);
279 tss_daa_key_pair->public_key = i_2_e_TSS_DAA_PK( key_proof->pk,
280 &tss_alloc,
281 tspContext);
282 *keyPair = (TSS_HKEY)tss_daa_key_pair;
283 close:
284 bi_flush_memory();
285
286 LogDebug("TSPI_DAA_IssueSetup ALLOC DELTA:%d", mallinfo().uordblks-before);
287 LogDebug( "TSPI_DAA_IssueSetup end return=%d ",result);
288 return result;
289 }
290 #endif
291 /**
292 This function is part of the DAA Issuer component. It's the first function out of 2 in order to
293 issue a DAA Credential for a TCG Platform. It assumes that the endorsement key and its
294 associated credentials are from a genuine and valid TPM. (Verification of the credentials is
295 a process defined by the TCG Infrastructure WG.)
296 This is an optional function and does not require a TPM or a TCS.
297 */
298 TSPICALL
Tspi_DAA_IssueInit(TSS_HDAA hDAA,TSS_HKEY issuerAuthPK,TSS_HDAA_DATA issuerKeyPair,TSS_DAA_IDENTITY_PROOF * identityProof,UINT32 capitalUprimeLength,BYTE * capitalUprime,UINT32 daaCounter,UINT32 * nonceIssuerLength,BYTE ** nonceIssuer,UINT32 * authenticationChallengeLength,BYTE ** authenticationChallenge,TSS_DAA_JOIN_ISSUER_SESSION ** joinSession)299 Tspi_DAA_IssueInit(TSS_HDAA hDAA, // in
300 TSS_HKEY issuerAuthPK, // in
301 TSS_HDAA_DATA issuerKeyPair, // in (TSS_DAA_KEY_PAIR)
302 TSS_DAA_IDENTITY_PROOF* identityProof, // in
303 UINT32 capitalUprimeLength, // in
304 BYTE* capitalUprime, // in
305 UINT32 daaCounter, // in
306 UINT32* nonceIssuerLength, // out
307 BYTE** nonceIssuer, // out
308 UINT32* authenticationChallengeLength, // out
309 BYTE** authenticationChallenge, // out
310 TSS_DAA_JOIN_ISSUER_SESSION** joinSession) // out
311 {
312 TSS_RESULT result;
313 #ifdef TSS_DEBUG
314 int before = mallinfo().uordblks;
315 #endif
316
317 LogDebug("Tspi_DAA_IssueInit_internal hDAA=%d daaCounter=%d", (int)hDAA, (int)daaCounter);
318 result = Tspi_DAA_IssueInit_internal(
319 hDAA, // in
320 issuerAuthPK, // in
321 issuerKeyPair, // in
322 identityProof, // in
323 capitalUprimeLength, // in
324 capitalUprime, // in
325 daaCounter, // in
326 nonceIssuerLength, // out
327 nonceIssuer, // out
328 authenticationChallengeLength, // out
329 authenticationChallenge, // out
330 joinSession // out
331 );
332 bi_flush_memory();
333
334 LogDebug("Tspi_DAA_IssueInit_internal ALLOC DELTA:%d", mallinfo().uordblks-before);
335
336 return result;
337 }
338
339 /**
340 This function verifies the DAA public key of a DAA Issuer with respect to its associated proof.
341 This is a resource consuming task. It can be done by trusted third party (certification).
342 This is an optional function and does not require a TPM or a TCS.
343 Parameters:
344 - hDAA: Handle of the DAA object
345 - issuerPk: DAA Issuer public key
346 - issuerPkProof: Proofs the correctness of the DAA Issuer public key
347 - isCorrect: Proofs the correctness of the DAA Issuer public key
348 */
349 TSPICALL
Tspi_DAA_IssuerKeyVerification(TSS_HDAA hDAA,TSS_HDAA_DATA issuerPk,TSS_HDAA_DATA issuerPkProof,TSS_BOOL * isCorrect)350 Tspi_DAA_IssuerKeyVerification(TSS_HDAA hDAA, // in
351 TSS_HDAA_DATA issuerPk, // in (TSS_DAA_PK)
352 TSS_HDAA_DATA issuerPkProof, // in (TSS_DAA_PK_PROOF)
353 TSS_BOOL* isCorrect) // out
354 {
355 TSS_RESULT result;
356 int is_correct;
357 #ifdef TSS_DEBUG
358 int before = mallinfo().uordblks;
359 #endif
360
361 LogDebug("TSPI_DAA_IssuerKeyVerification hDAA=%ld issuerPk=%ld issuerPkProof=%ld",
362 (long)hDAA, (long)issuerPk, (long)issuerPkProof);
363 TSS_DAA_PK_internal *pk_internal = e_2_i_TSS_DAA_PK( (TSS_DAA_PK *)issuerPk);
364 TSS_DAA_PK_PROOF_internal *proof_internal = e_2_i_TSS_DAA_PK_PROOF( issuerPkProof);
365 LogDebug( "challenge=[%s]", dump_byte_array( proof_internal->length_challenge,
366 proof_internal->challenge));
367 result = is_pk_correct( pk_internal, proof_internal, &is_correct );
368 if( is_correct) *isCorrect = TRUE;
369 else *isCorrect = FALSE;
370 bi_flush_memory();
371 #ifdef TSS_DEBUG
372 LogDebug("TSPI_DAA_IssuerKeyVerification ALLOC DELTA:%d", mallinfo().uordblks-before);
373 #endif
374 return result;
375 }
376
377 /**
378 This function is part of the DAA Issuer component. It?s the last function out of 2 in order to
379 issue DAA Credential for a TCG Platform. It detects rogue TPM according to published rogue
380 TPM DAA keys.
381 This is an optional function and does not require a TPM or a TCS.
382 */
383 TSPICALL
Tspi_DAA_IssueCredential(TSS_HDAA hDAA,UINT32 attributesIssuerLength,BYTE ** attributesIssuer,TSS_DAA_CREDENTIAL_REQUEST * credentialRequest,TSS_DAA_JOIN_ISSUER_SESSION * joinSession,TSS_DAA_CRED_ISSUER ** credIssuer)384 Tspi_DAA_IssueCredential(TSS_HDAA hDAA, // in
385 UINT32 attributesIssuerLength, // in
386 BYTE** attributesIssuer, // in
387 TSS_DAA_CREDENTIAL_REQUEST* credentialRequest, // in
388 TSS_DAA_JOIN_ISSUER_SESSION* joinSession, // in
389 TSS_DAA_CRED_ISSUER** credIssuer) // out
390 {
391 TSS_RESULT result;
392 #ifdef TSS_DEBUG
393 int before = mallinfo().uordblks;
394 #endif
395
396 LogDebug("Tspi_DAA_IssueCredential hDAA=%d attributesIssuerLength=%d",
397 (int)hDAA,
398 (int)attributesIssuerLength);
399 result = Tspi_DAA_IssueCredential_internal(
400 hDAA,
401 attributesIssuerLength,
402 attributesIssuer,
403 credentialRequest,
404 joinSession,
405 credIssuer
406 );
407 bi_flush_memory();
408 #ifdef TSS_DEBUG
409 LogDebug("Tspi_DAA_IssueCredential ALLOC DELTA:%d", mallinfo().uordblks-before);
410 #endif
411 return result;
412 }
413
414
415 /**
416 This function is part of the DAA Verifier component. It is the first function out of 2 in order
417 to verify a DAA credential of a TCG platform. It creates a challenge for the TCG platform.last
418 function out of 2 in order to issue a This is an optional function and does not require a
419 TPM or a TCS.
420 */
421 TSPICALL
Tspi_DAA_VerifyInit(TSS_HDAA hDAA,UINT32 * nonceVerifierLength,BYTE ** nonceVerifier,UINT32 * baseNameLength,BYTE ** baseName)422 Tspi_DAA_VerifyInit(TSS_HDAA hDAA, // in
423 UINT32* nonceVerifierLength, // out
424 BYTE** nonceVerifier, // out
425 UINT32* baseNameLength, // out
426 BYTE** baseName) // out
427 {
428 TSS_RESULT result;
429 #ifdef TSS_DEBUG
430 int before = mallinfo().uordblks;
431 #endif
432
433 // TODO which interface to use ? with or without baseName ?
434 LogDebug("Tspi_DAA_VerifyInit hDAA=%d", (int)hDAA);
435 result = Tspi_DAA_VerifyInit_internal( hDAA,
436 nonceVerifierLength,
437 nonceVerifier,
438 baseNameLength,
439 baseName);
440 bi_flush_memory();
441 #ifdef TSS_DEBUG
442 LogDebug("Tspi_DAA_VerifyInit ALLOC DELTA:%d", mallinfo().uordblks-before);
443 #endif
444 return result;
445 }
446
447
448 /**
449 This function is part of the DAA Verifier component. It is the last function out of 2 in
450 order to verify a DAA Credential of a TCG Platform. It verifies the DAA credential and
451 detects public rogue TPMs. This is an optional function and does not require a TPM
452 or a TCS.
453 */
454 TSPICALL
Tspi_DAA_VerifySignature(TSS_HDAA hDAA,TSS_DAA_SIGNATURE * daaSignature,TSS_HDAA_DATA hPubKeyIssuer,TSS_DAA_SIGN_DATA * signData,UINT32 attributesLength,BYTE ** attributes,UINT32 nonceVerifierLength,BYTE * nonceVerifier,UINT32 baseNameLength,BYTE * baseName,TSS_BOOL * isCorrect)455 Tspi_DAA_VerifySignature(TSS_HDAA hDAA, // in
456 TSS_DAA_SIGNATURE* daaSignature, // in
457 TSS_HDAA_DATA hPubKeyIssuer, // in (TSS_DAA_PK)
458 TSS_DAA_SIGN_DATA* signData, // in
459 UINT32 attributesLength, // in
460 BYTE** attributes, // in
461 UINT32 nonceVerifierLength,// in
462 BYTE* nonceVerifier, // in
463 UINT32 baseNameLength, // in
464 BYTE* baseName, // in
465 TSS_BOOL* isCorrect) // out
466 {
467 TSS_RESULT result;
468 #ifdef TSS_DEBUG
469 int before = mallinfo().uordblks;
470 #endif
471
472 LogDebug("Tspi_DAA_VerifySignature hDAA=%d", (int)hDAA);
473 result = Tspi_DAA_VerifySignature_internal( hDAA,
474 daaSignature,
475 hPubKeyIssuer,
476 signData,
477 attributesLength,
478 attributes,
479 nonceVerifierLength,
480 nonceVerifier,
481 baseNameLength,
482 baseName,
483 isCorrect);
484 bi_flush_memory();
485 #ifdef TSS_DEBUG
486 LogDebug("Tspi_DAA_VerifySignature ALLOC DELTA:%d", mallinfo().uordblks-before);
487 #endif
488 return result;
489 }
490
491
492 /**
493 This function is part of the DAA Issuer component. It is the last function out of 2 in
494 order to issue a DAA Credential for a TCG Platform. It detects rogue TPM according
495 to published rogue TPM DAA keys.
496 This is an optional function and does not require a TPM or a TCS.
497
498 Parameters
499 - hDAA: Handle of the DAA object
500 - daaPublicKey: daaPublickKey
501 - keyPair: Public and private key of the DAA Anonymity Revocation Authority to encrypt
502 the pseudonym of a DAA Signature
503 */
504 TSPICALL
Tspi_DAA_RevokeSetup(TSS_HDAA hDAA,TSS_HDAA_DATA daaPublicKey,TSS_HDAA_DATA * arPublicKey,TSS_HDAA_DATA * arPrivateKey)505 Tspi_DAA_RevokeSetup(TSS_HDAA hDAA, // in
506 TSS_HDAA_DATA daaPublicKey, // in
507 TSS_HDAA_DATA* arPublicKey, // out (TSS_DAA_AR_PK)
508 TSS_HDAA_DATA* arPrivateKey) // out (TSS_DAA_AR_SK)
509 {
510 TSS_RESULT result;
511 #ifdef TSS_DEBUG
512 int before = mallinfo().uordblks;
513 #endif
514
515 result = Tspi_DAA_RevokeSetup_internal(
516 hDAA, // in
517 //TODO: remove cast when the above interface is changed
518 daaPublicKey, // in
519 keyPair // out
520 );
521 bi_flush_memory();
522 #ifdef TSS_DEBUG
523 LogDebug("Tspi_DAA_RevokeSetup ALLOC DELTA:%d", mallinfo().uordblks-before);
524 #endif
525 return TSS_SUCCESS;
526 }
527
528
529 /**
530 This function is part of the DAA Anonymity Revocation Authority component. It defines the
531 Cramer-Shoup decryption algorithm to revoke the anonymity of a DAA Signature. The pseudonym,
532 with respect to either the DAA Verifier?s base name, the DAA Issuer?s base name or (just for
533 completeness) a random base name, can be revealed.
534 The pseudonym with respect to a DAA Signature and the used base name is V N . An encryption of
535 V N is the tuple (d1,d 2 ,d 3,d 4 ) and is decrypted using the secret key ( 0 5 x ,?, x ), the
536 decryption condition and the DAA public key.
537 This is an optional function and does not require a TPM or a TCS.
538
539 Parameters:
540 - hDAA: Handle of the DAA object
541 - encryptedPseudonym: encryptedPseudonym
542 - decryptCondition: Condition for the decryption of the pseudonym.
543 - arPrivateKey: arPrivateKey
544 - daaPublicKey: daaPublicKey
545 - pseudonym: pseudonym
546 */
547 TSPICALL
Tspi_DAA_ARDecrypt(TSS_HDAA hDAA,TSS_DAA_PSEUDONYM_ENCRYPTED * encryptedPseudonym,TSS_HHASH decryptCondition,TSS_HDAA_DATA arPrivateKey,TSS_HDAA_DATA daaPublicKey,TSS_DAA_PSEUDONYM_PLAIN ** pseudonym)548 Tspi_DAA_ARDecrypt(TSS_HDAA hDAA, // in
549 TSS_DAA_PSEUDONYM_ENCRYPTED* encryptedPseudonym, // in
550 TSS_HHASH decryptCondition, // in
551 TSS_HDAA_DATA arPrivateKey, // in (TSS_DAA_AR_SK)
552 TSS_HDAA_DATA daaPublicKey, // in (TSS_DAA_PK)
553 TSS_DAA_PSEUDONYM_PLAIN** pseudonym) // out
554 {
555 TSS_RESULT result;
556 #ifdef TSS_DEBUG
557 int before = mallinfo().uordblks;
558 #endif
559
560 result = Tspi_DAA_ARDecrypt_internal(
561 hDAA, // in
562 encryptedPseudonym, // in
563 decryptCondition, // in
564 //TODO: remove cast when the above interface is changed
565 (void *)arPrivateKey, // in
566 (void *)daaPublicKey, // in
567 pseudonym // out
568 );
569 bi_flush_memory();
570 #ifdef TSS_DEBUG
571 LogDebug("Tspi_DAA_ARDecrypt ALLOC DELTA:%d", mallinfo().uordblks-before);
572 #endif
573 return result;
574 }
575
576 /**
577 This is the second out of 3 functions to execute in order to receive a DAA Credential. It
578 computes the credential request for the DAA Issuer, which also includes the Platform
579 DAA public key and the attributes that were chosen by the Platform, and which are not
580 visible to the DAA Issuer. The Platform can commit to the attribute values it has chosen.
581 */
582 TSPICALL
Tspi_TPM_DAA_JoinCreateDaaPubKey(TSS_HDAA hDAA,TSS_HTPM hTPM,UINT32 authenticationChallengeLength,BYTE * authenticationChallenge,UINT32 nonceIssuerLength,BYTE * nonceIssuer,UINT32 attributesPlatformLength,BYTE ** attributesPlatform,TSS_DAA_JOIN_SESSION * joinSession,TSS_DAA_CREDENTIAL_REQUEST ** credentialRequest)583 Tspi_TPM_DAA_JoinCreateDaaPubKey(TSS_HDAA hDAA, // in
584 TSS_HTPM hTPM, // in
585 UINT32 authenticationChallengeLength,// in
586 BYTE* authenticationChallenge, // in
587 UINT32 nonceIssuerLength, // in
588 BYTE* nonceIssuer, // in
589 UINT32 attributesPlatformLength, // in
590 BYTE** attributesPlatform, // in
591 TSS_DAA_JOIN_SESSION* joinSession, // in, out
592 TSS_DAA_CREDENTIAL_REQUEST** credentialRequest) // out
593 {
594 TSS_RESULT result;
595 #ifdef TSS_DEBUG
596 int before = mallinfo().uordblks;
597 #endif
598
599 LogDebug("Tspi_TPM_DAA_JoinCreateDaaPubKey hDAA=%d joinSession=%d",
600 (int)hDAA, (int)joinSession);
601 result = Tspi_TPM_DAA_JoinCreateDaaPubKey_internal(
602 hDAA, // in
603 hTPM, // in
604 authenticationChallengeLength, // in
605 authenticationChallenge, // in
606 nonceIssuerLength, // in
607 nonceIssuer, // in
608 attributesPlatformLength, // in
609 attributesPlatform, // in
610 joinSession, // in, out
611 credentialRequest // out
612 );
613 bi_flush_memory();
614 #ifdef TSS_DEBUG
615 LogDebug("Tspi_TPM_DAA_JoinCreateDaaPubKey ALLOC DELTA:%d", mallinfo().uordblks-before);
616 #endif
617 return result;
618 }
619
620
621 /**
622 This is the last out of 3 functions to execute in order to receive a DAA Credential.
623 It verifies the issued credential from the DAA Issuer and computes the final DAA Credential.
624 */
625 TSPICALL
Tspi_TPM_DAA_JoinStoreCredential(TSS_HDAA hDAA,TSS_HTPM hTPM,TSS_DAA_CRED_ISSUER * credIssuer,TSS_DAA_JOIN_SESSION * joinSession,TSS_HDAA_DATA * phDaaCredential)626 Tspi_TPM_DAA_JoinStoreCredential(TSS_HDAA hDAA, // in
627 TSS_HTPM hTPM, // in
628 TSS_DAA_CRED_ISSUER* credIssuer, // in
629 TSS_DAA_JOIN_SESSION* joinSession, // in
630 TSS_HDAA_DATA* phDaaCredential) // out (TSS_DAA_CREDENTIAL)
631 {
632 TSS_RESULT result;
633 #ifdef TSS_DEBUG
634 int before = mallinfo().uordblks;
635 #endif
636
637 LogDebug("Tspi_TPM_DAA_JoinStoreCredential hDAA=%d credIssuer=%d joinSession=%d",
638 (int)hDAA, (int)&credIssuer, (int)&joinSession);
639 result = Tspi_TPM_DAA_JoinStoreCredential_internal(hDAA,
640 hTPM,
641 credIssuer,
642 joinSession,
643 phDaaCredential);
644 bi_flush_memory();
645 #ifdef TSS_DEBUG
646 LogDebug("Tspi_TPM_DAA_JoinStoreCredential ALLOC DELTA:%d", mallinfo().uordblks-before);
647 #endif
648 return result;
649 }
650
651
652 /**
653 This function creates a DAA Signature that proofs ownership of the DAA Credential and
654 includes a signature on either a public AIK or a message.
655 If anonymity revocation is enabled, the value Nv is not provided in the clear anymore but
656 encrypted under the public key of anonymity revocation authority, a trusted third party (TTP).
657 Thus the DAA Verifier cannot check for revocation or link a transaction/signature to prior ones.
658 Depending on how z is chosen, the protocol either allows to implementing anonymity revocation
659 (i.e., using the DAA Issuer long-term base name bsn I as the DAA Verifier base name bsnV ), or
660 having the TTP doing the linking of different signatures for the same DAA Verifier (i.e.,
661 using the DAA Verifier base name ).
662 */
663 TSPICALL
Tspi_TPM_DAA_Sign(TSS_HDAA hDAA,TSS_HTPM hTPM,TSS_HDAA_DATA hDaaCredential,TSS_DAA_SELECTED_ATTRIB * revealAttributes,UINT32 verifierBaseNameLength,BYTE * verifierBaseName,UINT32 verifierNonceLength,BYTE * verifierNonce,TSS_DAA_SIGN_DATA * signData,TSS_DAA_SIGNATURE ** daaSignature)664 Tspi_TPM_DAA_Sign(TSS_HDAA hDAA, // in
665 TSS_HTPM hTPM, // in
666 TSS_HDAA_DATA hDaaCredential, // in (TSS_DAA_CREDENTIAL)
667 TSS_DAA_SELECTED_ATTRIB* revealAttributes, // in
668 UINT32 verifierBaseNameLength, // in
669 BYTE* verifierBaseName, // in
670 UINT32 verifierNonceLength, // in
671 BYTE* verifierNonce, // in
672 TSS_DAA_SIGN_DATA* signData, // in
673 TSS_DAA_SIGNATURE** daaSignature) // out
674 {
675 TSS_RESULT result;
676 #ifdef TSS_DEBUG
677 int before = mallinfo().uordblks;
678 #endif
679
680 LogDebug("-> TSPI_TPM_DAA_Sign hDAA=%ld hTPM=%ld ", (long)hDAA, (long)hTPM);
681
682 result = Tspi_TPM_DAA_Sign_internal(hDAA,
683 hTPM,
684 hDaaCredential,
685 revealAttributes,
686 verifierBaseNameLength,
687 verifierBaseName,
688 verifierNonceLength,
689 verifierNonce,
690 signData,
691 daaSignature);
692 bi_flush_memory();
693 #ifdef TSS_DEBUG
694 LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d", mallinfo().uordblks-before);
695 #endif
696 LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result);
697 return result;
698 }
699