1
2 /*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2006
8 *
9 */
10
11
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15
16 // for message digest
17 #include <openssl/evp.h>
18 #include <openssl/hmac.h>
19 #include <openssl/err.h>
20 #include <openssl/rsa.h>
21 #include <openssl/sha.h>
22
23 #include <stdlib.h>
24
25 #include "daa_structs.h"
26 #include "daa_parameter.h"
27 #include "trousers/tss.h"
28 #include "spi_internal_types.h"
29 #include "spi_utils.h"
30 #include <trousers/trousers.h>
31 #include <spi_utils.h>
32 #include <obj.h>
33 #include "tsplog.h"
34 #include "tss/tcs.h"
35 #include "platform.h"
36 #include "issuer.h"
37 #include "verifier.h"
38
39 #define EVP_SUCCESS 1
40
41 TSS_RESULT
Tcsip_TPM_DAA_Join(TCS_CONTEXT_HANDLE tcsContext,TSS_HDAA hDAA,BYTE stage,UINT32 inputSize0,BYTE * inputData0,UINT32 inputSize1,BYTE * inputData1,TPM_AUTH * ownerAuth,UINT32 * outputSize,BYTE ** outputData)42 Tcsip_TPM_DAA_Join(TCS_CONTEXT_HANDLE tcsContext, // in
43 TSS_HDAA hDAA, // in
44 BYTE stage, // in
45 UINT32 inputSize0, // in
46 BYTE* inputData0, // in
47 UINT32 inputSize1, // in
48 BYTE* inputData1, // in
49 TPM_AUTH* ownerAuth, // in/out
50 UINT32* outputSize, // out
51 BYTE** outputData // out
52 ) {
53 TSS_RESULT result;
54 TSS_HPOLICY hPolicy;
55 TCPA_DIGEST digest;
56 UINT16 offset = 0;
57 BYTE hashblob[10000];
58 TPM_HANDLE hTPM;
59 TPM_HANDLE join_session;
60 // TPM_HANDLE hTPM;
61
62 if( (result = obj_daa_get_handle_tpm( hDAA, &hTPM)) != TSS_SUCCESS)
63 return result;
64 if( (result = obj_daa_get_session_handle( hDAA, &join_session)) != TSS_SUCCESS)
65 return result;
66 LogDebug("Tcsip_TPM_DAA_Join(tcsContext=%x,hDAA=%x,join_session=%x, hTPM=%x stage=%d)",
67 tcsContext,
68 hDAA,
69 join_session,
70 hTPM,
71 stage);
72
73 LogDebug("obj_tpm_get_policy(hTPM=%X)", hTPM);
74 if( (result = obj_tpm_get_policy( hTPM, &hPolicy)) != TSS_SUCCESS)
75 return result;
76 LogDebug("Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Join, hashblob)");
77 // hash TPM_COMMAND_CODE
78 Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Join, hashblob);
79 LogDebug("Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest)");
80 // hash stage
81 Trspi_LoadBlob_BYTE(&offset, stage, hashblob);
82 LogDebug("Trspi_LoadBlob_UINT32(&offset, 0, hashblob)");
83 // hash inputSize0
84 Trspi_LoadBlob_UINT32(&offset, inputSize0, hashblob);
85 LogDebug("Trspi_LoadBlob_UINT32(&offset, inputSize0:%d", inputSize0);
86 // hash inputData0
87 Trspi_LoadBlob( &offset, inputSize0, hashblob, inputData0);
88 // hash inputSize1
89 Trspi_LoadBlob_UINT32(&offset, inputSize1, hashblob);
90 LogDebug("Trspi_LoadBlob_UINT32(&offset, inputSize1:%d", inputSize1);
91 // hash inputData1
92 Trspi_LoadBlob( &offset, inputSize1, hashblob, inputData1);
93 Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest);
94
95 if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Join,
96 hPolicy, &digest,
97 ownerAuth)) != TSS_SUCCESS) return result;
98 LogDebug("secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Join ret=%d", result);
99 LogDebug("TCSP_DAAJoin(%x,%x,stage=%x,%x,%x,%x,%x,%x)\n",
100 tcsContext,
101 hTPM,
102 stage,
103 inputSize0,
104 (int)inputData0,
105 inputSize1,
106 (int)inputData1,
107 (int)&ownerAuth);
108 /* step of the following call:
109 TCSP_DAAJoin tcsd_api/calltcsapi.c (define in spi_utils.h)
110 TCSP_DAAJoin_TP tcsd_api/tcstp.c (define in trctp.h)
111 */
112 result = TCSP_DaaJoin( tcsContext,
113 join_session,
114 stage,
115 inputSize0, inputData0,
116 inputSize1, inputData1,
117 ownerAuth,
118 outputSize, outputData);
119 if( result != TSS_SUCCESS) return result;
120
121 offset = 0;
122 Trspi_LoadBlob_UINT32(&offset, result, hashblob);
123 Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Join, hashblob);
124 Trspi_LoadBlob_UINT32(&offset, *outputSize, hashblob);
125 Trspi_LoadBlob(&offset, *outputSize, hashblob, *outputData);
126 LogDebug("TCSP_DAAJoin stage=%d outputSize=%d outputData=%x RESULT=%d",
127 (int)stage, (int)*outputSize, (int)outputData, (int)result);
128 Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest);
129 if( (result = obj_policy_validate_auth_oiap( hPolicy, &digest, ownerAuth))) {
130 LogError("obj_policy_validate_auth=%d", result);
131 }
132 return result;
133 }
134
Tcsip_TPM_DAA_Sign(TCS_CONTEXT_HANDLE hContext,TPM_HANDLE handle,BYTE stage,UINT32 inputSize0,BYTE * inputData0,UINT32 inputSize1,BYTE * inputData1,TPM_AUTH * ownerAuth,UINT32 * outputSize,BYTE ** outputData)135 TSS_RESULT Tcsip_TPM_DAA_Sign( TCS_CONTEXT_HANDLE hContext, // in
136 TPM_HANDLE handle, // in
137 BYTE stage, // in
138 UINT32 inputSize0, // in
139 BYTE* inputData0, // in
140 UINT32 inputSize1, // in
141 BYTE* inputData1, // in
142 TPM_AUTH* ownerAuth, // in, out
143 UINT32* outputSize, // out
144 BYTE** outputData // out
145 ) {
146 TSS_RESULT result;
147 TSS_HPOLICY hPolicy;
148 TCPA_DIGEST digest;
149 UINT16 offset = 0;
150 BYTE hashblob[1000];
151 TPM_HANDLE hTPM;
152 TPM_HANDLE session_handle;
153 TSS_HDAA hDAA = (TSS_HDAA)handle;
154 // TPM_HANDLE hTPM;
155
156 if( (result = obj_daa_get_handle_tpm( hDAA, &hTPM)) != TSS_SUCCESS)
157 return result;
158 if( (result = obj_daa_get_session_handle( hDAA, &session_handle)) != TSS_SUCCESS)
159 return result;
160 LogDebug("Tcsip_TPM_DAA_Sign(tcsContext=%x,hDAA=%x,sign_session=%x, hTPM=%x stage=%d)",
161 hContext,
162 hDAA,
163 session_handle,
164 hTPM,
165 stage);
166
167 LogDebug("obj_tpm_get_policy(hTPM=%X)", hTPM);
168 if( (result = obj_tpm_get_policy( hTPM, &hPolicy)) != TSS_SUCCESS)
169 return result;
170 LogDebug("Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Sign, hashblob)");
171 // hash TPM_COMMAND_CODE
172 Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Sign, hashblob);
173 LogDebug("Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest)");
174 // hash stage
175 Trspi_LoadBlob_BYTE(&offset, stage, hashblob);
176 LogDebug("Trspi_LoadBlob_UINT32(&offset, 0, hashblob)");
177 // hash inputSize0
178 Trspi_LoadBlob_UINT32(&offset, inputSize0, hashblob);
179 LogDebug("Trspi_LoadBlob_UINT32(&offset, inputSize0:%d", inputSize0);
180 // hash inputData0
181 Trspi_LoadBlob( &offset, inputSize0, hashblob, inputData0);
182 // hash inputSize1
183 Trspi_LoadBlob_UINT32(&offset, inputSize1, hashblob);
184 LogDebug("Trspi_LoadBlob_UINT32(&offset, inputSize1:%d", inputSize1);
185 // hash inputData1
186 Trspi_LoadBlob( &offset, inputSize1, hashblob, inputData1);
187 Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest);
188
189 if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Join,
190 hPolicy, &digest,
191 ownerAuth)) != TSS_SUCCESS) return result;
192 LogDebug("secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Join ret=%d", result);
193 LogDebug("TCSP_DAASign(%x,%x,stage=%x,%x,%x,%x,%x,%x)",
194 hContext,
195 hTPM,
196 stage,
197 inputSize0,(int)inputData0,
198 inputSize1,(int)inputData1,
199 (int)&ownerAuth);
200 /* step of the following call:
201 TCSP_DAASign tcsd_api/calltcsapi.c (define in spi_utils.h)
202 TCSP_DAASign_TP tcsd_api/tcstp.c (define in trctp.h)
203 */
204 result = TCSP_DaaSign( hContext,
205 session_handle,
206 stage,
207 inputSize0, inputData0,
208 inputSize1, inputData1,
209 ownerAuth,
210 outputSize, outputData);
211 if( result != TSS_SUCCESS) return result;
212
213 offset = 0;
214 Trspi_LoadBlob_UINT32(&offset, result, hashblob);
215 Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Sign, hashblob);
216 Trspi_LoadBlob_UINT32(&offset, *outputSize, hashblob);
217 Trspi_LoadBlob(&offset, *outputSize, hashblob, *outputData);
218 LogDebug("TCSP_DAASign stage=%d outputSize=%d outputData=%x RESULT=%d",
219 (int)stage, (int)*outputSize, (int)outputData, (int)result);
220 Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest);
221 if( (result = obj_policy_validate_auth_oiap( hPolicy, &digest, ownerAuth)))
222 {
223 LogError("obj_policy_validate_auth=%d", result);
224 }
225 return result;
226 }
227
228 /**
229 Only used for the logging
230 */
231 static TSS_RESULT
Tcsip_TPM_DAA_Join_encapsulate(TCS_CONTEXT_HANDLE tcsContext,TSS_HDAA hDAA,BYTE stage,UINT32 inputSize0,BYTE * inputData0,UINT32 inputSize1,BYTE * inputData1,TPM_AUTH * ownerAuth,UINT32 * outputSize,BYTE ** outputData)232 Tcsip_TPM_DAA_Join_encapsulate(TCS_CONTEXT_HANDLE tcsContext, // in
233 TSS_HDAA hDAA, // in
234 BYTE stage, // in
235 UINT32 inputSize0, // in
236 BYTE* inputData0, // in
237 UINT32 inputSize1, // in
238 BYTE* inputData1, // in
239 TPM_AUTH* ownerAuth, // in/out
240 UINT32* outputSize, // out
241 BYTE** outputData // out
242 ) {
243 TSS_RESULT result;
244
245 LogDebug("Tcsip_DAA_Join(TCS_CONTEXT=%X,TSS_HDAA=%X,stage=%d,\
246 inputSize0=%u,inputData0=%s\ninputSize1=%u,inputData1=%s,ownerAuth=%X)",
247 tcsContext, hDAA, stage,
248 inputSize0, dump_byte_array(inputSize0, inputData0),
249 inputSize1,dump_byte_array(inputSize1, inputData1),
250 (int)ownerAuth);
251 result = Tcsip_TPM_DAA_Join(
252 tcsContext, // in
253 hDAA, // in
254 stage, // in
255 inputSize0, // in
256 inputData0, // in
257 inputSize1, // in
258 inputData1, // in
259 ownerAuth, // in/out
260 outputSize, // out
261 outputData // out
262 );
263 LogDebug("Tcsip_DAA_Join(stage=%d,outputSize=%u outputData=%s ownerAuth=%X) result=%d",
264 (int)stage, *outputSize, dump_byte_array( *outputSize, *outputData), (int)ownerAuth, result);
265 return result;
266 }
267
268 #if 0
269 /* from TSS.java */
270 /* openssl RSA (struct rsa_st) could manage RSA Key */
271 TSS_RESULT
272 Tspi_TPM_DAA_JoinInit_internal( TSS_HDAA hDAA,
273 TSS_HTPM hTPM,
274 int daa_counter,
275 TSS_DAA_PK *issuer_pk,
276 int issuer_authentication_PKLengh,
277 RSA **issuer_authentication_PK,
278 int issuer_authentication_PK_signaturesLength,
279 BYTE **issuer_authentication_PK_signatures,
280 int *capital_UprimeLength,
281 BYTE **capital_Uprime,
282 TSS_DAA_IDENTITY_PROOF *identity_proof,
283 TSS_DAA_JOIN_SESSION *join_session)
284 {
285 // Optional: verification of the PKDAA and issuer settings (authen. by the RSA Public Key chain)
286 TSS_RESULT result;
287 TCS_CONTEXT_HANDLE tcsContext;
288 TPM_AUTH ownerAuth;
289 int i, modulus_length, outputSize, length, length1;
290 UINT32 return_join_session;
291 BYTE *outputData, *issuer_settings_bytes;
292 BYTE *buffer_modulus;
293 TPM_DAA_ISSUER *issuer_settings;
294 char buffer[1000], buffer1[1000];
295 TSS_DAA_PK_internal *pk_internal = e_2_i_TSS_DAA_PK( issuer_pk);
296 bi_ptr issuer_authentication_PK_i = NULL;
297
298 if( (result = obj_tpm_is_connected( hTPM, &tcsContext)) != TSS_SUCCESS)
299 return result;
300 obj_daa_set_handle_tpm( hDAA, hTPM);
301
302 // stages 0-2 explained in the diagram "Keys of DAA Issuer"
303 // issuer_authentication_PKLengh should be converted to Network Based integer
304 i = htonl(issuer_authentication_PKLengh);
305 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
306 0,
307 sizeof(int), (BYTE *)(&i),
308 0, NULL,
309 &ownerAuth, &outputSize, &outputData);
310 if( result != TSS_SUCCESS) { goto close;}
311 // set the sessionHandle to the returned value
312 return_join_session = ntohl( *((UINT32 *)outputData));
313 free( outputData);
314 obj_daa_set_session_handle( hDAA, return_join_session);
315
316 LogDebug("done join 0 settings join_session:%x\n", return_join_session);
317 modulus_length = DAA_PARAM_SIZE_RSA_MODULUS / 8;
318 buffer_modulus = malloc(modulus_length);
319 if (buffer_modulus == NULL) {
320 LogError("malloc of %d bytes failed", modulus_length);
321 result = TSPERR(TSS_E_OUTOFMEMORY);
322 goto close;
323 }
324 issuer_authentication_PK_i = bi_new_ptr();
325 for(i =0; i< issuer_authentication_PKLengh; i++) {
326 bi_set_as_BIGNUM( issuer_authentication_PK_i, issuer_authentication_PK[i]->n);
327 bi_2_byte_array( buffer_modulus,
328 modulus_length,
329 issuer_authentication_PK_i);
330 if ( i==0) {
331 result = Tcsip_TPM_DAA_Join_encapsulate(
332 tcsContext, hDAA,
333 1,
334 modulus_length, buffer_modulus,
335 0, NULL,
336 &ownerAuth, &outputSize, &outputData);
337 if( result != TSS_SUCCESS) {
338 free( buffer_modulus);
339 goto close;
340 }
341 } else {
342 result = Tcsip_TPM_DAA_Join_encapsulate(
343 tcsContext, hDAA,
344 1,
345 modulus_length, buffer_modulus,
346 DAA_PARAM_KEY_SIZE / 8, issuer_authentication_PK_signatures[i -1],
347 &ownerAuth, &outputSize, &outputData);
348 if( result != TSS_SUCCESS) {
349 free( buffer_modulus);
350 goto close;
351 }
352 }
353 }
354 free( buffer_modulus);
355 LogDebug("done join 1-%d\n", issuer_authentication_PKLengh);
356 // define issuer_settings
357 issuer_settings = convert2issuer_settings( pk_internal);
358 issuer_settings_bytes = issuer_2_byte_array( issuer_settings, &length);
359 result = Tcsip_TPM_DAA_Join_encapsulate(
360 tcsContext, hDAA,
361 2,
362 length, issuer_settings_bytes,
363 modulus_length,
364 issuer_authentication_PK_signatures[issuer_authentication_PKLengh-1],
365 &ownerAuth, &outputSize, &outputData);
366 if( result != TSS_SUCCESS) { goto close;}
367 LogDebug("done join 2\n");
368 i = htonl( daa_counter);
369 result = Tcsip_TPM_DAA_Join_encapsulate(
370 tcsContext, hDAA,
371 3,
372 sizeof(UINT32), (BYTE *)(&i),
373 0, NULL,
374 &ownerAuth, &outputSize, &outputData);
375 if( result != TSS_SUCCESS) { goto close;}
376 LogDebug("done join 3\n");
377 // reserved another buffer for storing Big Integer
378 bi_2_nbin1( &length, buffer, pk_internal->capitalR0);
379 bi_2_nbin1( &length1, buffer1, pk_internal->modulus);
380 result = Tcsip_TPM_DAA_Join_encapsulate(
381 tcsContext, hDAA,
382 4,
383 length, buffer,
384 length1, buffer1,
385 &ownerAuth, &outputSize, &outputData);
386 if( result != TSS_SUCCESS) { goto close;}
387 LogDebug("done join 4\n");
388 bi_2_nbin1( &length, buffer, pk_internal->capitalR1);
389 result = Tcsip_TPM_DAA_Join_encapsulate(
390 tcsContext, hDAA,
391 5,
392 length, buffer,
393 length1, buffer1,
394 &ownerAuth, &outputSize, &outputData);
395 if( result != TSS_SUCCESS) { goto close;}
396 LogDebug("done join 5\n");
397 bi_2_nbin1( &length, buffer, pk_internal->capitalS);
398 result = Tcsip_TPM_DAA_Join_encapsulate(
399 tcsContext, hDAA,
400 6,
401 length, buffer,
402 length1, buffer1,
403 &ownerAuth, &outputSize, &outputData);
404 if( result != TSS_SUCCESS) { goto close;}
405 LogDebug("done join 6\n");
406 bi_2_nbin1( &length, buffer, pk_internal->capitalSprime);
407 // define Uprime
408 result = Tcsip_TPM_DAA_Join_encapsulate(
409 tcsContext, hDAA,
410 7,
411 length, buffer,
412 length1, buffer1,
413 &ownerAuth, &outputSize, &outputData);
414 // 5 : save PKDAA, U, daaCount and sessionHandle in joinSession
415 join_session->issuerPk = (TSS_HKEY)issuer_pk;
416 if( result == TSS_SUCCESS) {
417 *capital_UprimeLength = outputSize;
418 *capital_Uprime = convert_alloc( tcsContext, outputSize, outputData);
419 if (*capital_Uprime == NULL) {
420 LogError("malloc of %d bytes failed", outputSize);
421 result = TSPERR(TSS_E_OUTOFMEMORY);
422 goto close;
423 }
424 join_session->capitalUPrime = copy_alloc( tcsContext,
425 *capital_UprimeLength,
426 *capital_Uprime);
427 if (join_session->capitalUPrime == NULL) {
428 LogError("malloc of %d bytes failed", *capital_UprimeLength);
429 result = TSPERR(TSS_E_OUTOFMEMORY);
430 goto close;
431 }
432 join_session->capitalUPrimeLength = *capital_UprimeLength;
433 }
434 join_session->sessionHandle = return_join_session;
435 // get the endorsement Key (public part)
436 result = get_public_EK(
437 hTPM, // in
438 &( identity_proof->endorsementLength),
439 &( identity_proof->endorsementCredential)
440 );
441
442 close:
443 FREE_BI( issuer_authentication_PK_i);
444 LogDebug("result = %d", result);
445 LogDebug("outputSize=%d", outputSize);
446 LogDebug("outputData=%s", dump_byte_array( outputSize, outputData));
447 return result;
448 }
449 #else
450 TSS_RESULT
Tspi_TPM_DAA_JoinInit_internal(TSS_HTPM hTPM,TSS_HDAA_ISSUER_KEY hIssuerKey UINT32 daa_counter,UINT32 issuerAuthPKsLength,TSS_HKEY * issuerAuthPKs,UINT32 issuerAuthPKSignaturesLength,UINT32 issuerAuthPKSignaturesLength2,BYTE ** issuerAuthPKSignatures,UINT32 * capitalUprimeLength,BYTE ** capitalUprime,TSS_DAA_IDENTITY_PROOF ** identity_proof,UINT32 * joinSessionLength,BYTE ** joinSession)451 Tspi_TPM_DAA_JoinInit_internal(TSS_HTPM hTPM,
452 TSS_HDAA_ISSUER_KEY hIssuerKey
453 UINT32 daa_counter,
454 UINT32 issuerAuthPKsLength,
455 TSS_HKEY* issuerAuthPKs,
456 UINT32 issuerAuthPKSignaturesLength,
457 UINT32 issuerAuthPKSignaturesLength2,
458 BYTE** issuerAuthPKSignatures,
459 UINT32* capitalUprimeLength,
460 BYTE** capitalUprime,
461 TSS_DAA_IDENTITY_PROOF** identity_proof,
462 UINT32* joinSessionLength,
463 BYTE** joinSession)
464 {
465 // Optional: verification of the PKDAA and issuer settings (authen. by the RSA Public Key chain)
466 TSS_RESULT result;
467 TSS_HCONTEXT tspContext;
468 TPM_AUTH ownerAuth;
469 int length, length1;
470 UINT32 i, modulus_length, outputSize, buf_len;
471 BYTE *outputData, *issuer_settings_bytes;
472 BYTE *modulus, stage, *buf;
473 //TPM_DAA_ISSUER *issuer_settings;
474 //char buffer[1000], buffer1[1000];
475 //TSS_DAA_PK_internal *pk_internal = e_2_i_TSS_DAA_PK(issuer_pk);
476 bi_ptr issuerAuthPK = NULL;
477 TPM_HANDLE daaHandle;
478 Trspi_HashCtx hashCtx;
479 TPM_DIGEST digest;
480 TSS_DAA_IDENTITY_PROOF daaIdentityProof;
481
482 if ((result = obj_tpm_is_connected(hTPM, &tspContext)))
483 return result;
484
485 if ((result = obj_daaissuerkey_get_daa_handle(hIssuerKey, &daaHandle)))
486 return result;
487
488 stage = 0;
489 inputSize0 = (UINT32)sizeof(UINT32);
490 inputData0 = issuerAuthPKsLength;
491 inputSize1 = 0;
492 inputData1 = NULL;
493
494 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
495 result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DAA_Join);
496 result |= Trspi_Hash_BYTE(&hashCtx, stage);
497 result |= Trspi_Hash_UINT32(&hashCtx, inputSize0);
498 result |= Trspi_HashUpdate(&hashCtx, inputSize0, inputData0);
499 result |= Trspi_Hash_UINT32(&hashCtx, inputSize1);
500 result |= Trspi_HashUpdate(&hashCtx, inputSize1, inputData1);
501 if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
502 return result;
503
504 // stages 0-2 explained in the diagram "Keys of DAA Issuer"
505 if ((result = TCS_API(tspContext)->DaaJoin(tspContext, daaHandle, stage, inputSize1,
506 inputData0, inputSize1, inputData1, &ownerAuth,
507 &outputSize, &outputData)))
508 goto close;
509
510 if (outputSize != sizeof(UINT32)) {
511 result = TSPERR(TSS_E_INTERNAL_ERROR);
512 goto close;
513 }
514
515 // set the sessionHandle to the returned value
516 Trspi_UnloadBlob_UINT32(&offset, &daaHandle, outputData);
517 free(outputData);
518 if ((result = obj_daaissuerkey_set_daa_handle(hIssuerKey, daaHandle)))
519 goto close;
520
521 LogDebug("done join 0 settings join_session:%x", daaHandle);
522
523 modulus_length = DAA_PARAM_SIZE_RSA_MODULUS / 8;
524 if ((buffer_modulus = malloc(modulus_length)) == NULL) {
525 LogError("malloc of %d bytes failed", modulus_length);
526 result = TSPERR(TSS_E_OUTOFMEMORY);
527 goto close;
528 }
529
530 stage = 1;
531 for (i = 0; i < issuerAuthPKsLength; i++) {
532 if ((result = obj_rsakey_get_modulus(issuerAuthPKs[i], &modulus_length, &modulus)))
533 goto close;
534
535 outputData = NULL;
536 if (i==0) {
537 result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage,
538 modulus_length, modulus, 0, NULL,
539 &ownerAuth, &outputSize,
540 &outputData);
541 } else {
542 result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage,
543 modulus_length, modulus,
544 issuerAuthPKSignaturesLength2,
545 issuerAuthPKSignatures[i - 1],
546 &ownerAuth, &outputSize,
547 &outputData);
548 }
549
550 free(outputData);
551 free_tspi(tspContext, modulus);
552 if (result != TSS_SUCCESS) {
553 LogDebugFn("Stage 1 iteration %u failed", i);
554 goto close;
555 }
556 }
557
558 LogDebug("done join 1-%d\n", issuer_authentication_PKLengh);
559
560 stage = 2;
561 // define issuer_settings
562 #if 0
563 issuer_settings = convert2issuer_settings(pk_internal);
564 issuer_settings_bytes = issuer_2_byte_array(issuer_settings, &length);
565 #else
566 if ((result = obj_daaissuerkey_get_daa_issuer(hIssuerKey, &issuer_length, &issuer)))
567 goto close;
568
569 if ((result = obj_daaissuerkey_get_modulus(hIssuerKey, &modulus_length, &modulus))) {
570 free_tspi(tspContext, issuer);
571 goto close;
572 }
573 #endif
574 if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, issuer_length,
575 issuer, issuerAuthPKSignaturesLength2,
576 issuerAuthPKSignatures[i - 1], &ownerAuth,
577 &outputSize, &outputData))) {
578 free_tspi(tspContext, issuer);
579 free_tspi(tspContext, modulus);
580 goto close;
581 }
582 free_tspi(tspContext, issuer);
583
584 LogDebug("done join 2\n");
585
586 stage = 3;
587 if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, sizeof(UINT32),
588 (BYTE *)(&daa_counter), 0, NULL, &ownerAuth,
589 &outputSize, &outputData)))
590 goto close;
591
592 LogDebug("done join 3\n");
593
594 stage = 4;
595 #if 0
596 // reserved another buffer for storing Big Integer
597 bi_2_nbin1( &length, buffer, pk_internal->capitalR0);
598 bi_2_nbin1( &length1, buffer1, pk_internal->modulus);
599 #else
600 if ((result = obj_daaissuerkey_get_capitalR0(hIssuerKey, &buf_len, &buf)))
601 return result;
602 #endif
603 if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, buf_len, buf,
604 modulus_length, modulus, &ownerAuth,
605 &outputSize, &outputData))) {
606 free_tspi(tspContext, buf);
607 free_tspi(tspContext, modulus);
608 goto close;
609 }
610 free_tspi(tspContext, buf);
611
612 LogDebug("done join 4\n");
613
614 stage = 5;
615 #if 0
616 bi_2_nbin1( &length, buffer, pk_internal->capitalR1);
617 #else
618 if ((result = obj_daaissuerkey_get_capitalR1(hIssuerKey, &buf_len, &buf)))
619 return result;
620 #endif
621 if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, buf_len,
622 buf, modulus_length, modulus, &ownerAuth,
623 &outputSize, &outputData))) {
624 free_tspi(tspContext, buf);
625 free_tspi(tspContext, modulus);
626 goto close;
627 }
628 free_tspi(tspContext, buf);
629
630 LogDebug("done join 5\n");
631
632 stage = 6;
633 #if 0
634 bi_2_nbin1( &length, buffer, pk_internal->capitalS);
635 #else
636 if ((result = obj_daaissuerkey_get_capitalS(hIssuerKey, &buf_len, &buf)))
637 return result;
638 #endif
639 if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, buf_len, buf,
640 modulus_length, modulus, &ownerAuth,
641 &outputSize, &outputData))) {
642 free_tspi(tspContext, buf);
643 free_tspi(tspContext, modulus);
644 goto close;
645 }
646 free_tspi(tspContext, buf);
647
648 LogDebug("done join 6\n");
649
650 stage = 7;
651 #if 0
652 bi_2_nbin1( &length, buffer, pk_internal->capitalSprime);
653 #else
654 if ((result = obj_daaissuerkey_get_capitalSprime(hIssuerKey, &buf_len, &buf)))
655 return result;
656 #endif
657 // define Uprime
658 if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, buf_len, buf,
659 modulus_length, modulus, &ownerAuth,
660 &outputSize, &outputData))) {
661 free_tspi(tspContext, buf);
662 free_tspi(tspContext, modulus);
663 goto close;
664 }
665 free_tspi(tspContext, buf);
666
667 #if 0
668 // 5 : save PKDAA, U, daaCount and sessionHandle in joinSession
669 join_session->issuerPk = (TSS_HKEY)issuer_pk;
670 if( result == TSS_SUCCESS) {
671 *capital_UprimeLength = outputSize;
672 *capital_Uprime = convert_alloc( tspContext, outputSize, outputData);
673 if (*capital_Uprime == NULL) {
674 LogError("malloc of %d bytes failed", outputSize);
675 result = TSPERR(TSS_E_OUTOFMEMORY);
676 goto close;
677 }
678 join_session->capitalUPrime = copy_alloc( tspContext,
679 *capital_UprimeLength,
680 *capital_Uprime);
681 if (join_session->capitalUPrime == NULL) {
682 LogError("malloc of %d bytes failed", *capital_UprimeLength);
683 result = TSPERR(TSS_E_OUTOFMEMORY);
684 goto close;
685 }
686 join_session->capitalUPrimeLength = *capital_UprimeLength;
687 }
688 join_session->sessionHandle = return_join_session;
689 // get the endorsement Key (public part)
690 result = get_public_EK(
691 hTPM, // in
692 &( identity_proof->endorsementLength),
693 &( identity_proof->endorsementCredential)
694 );
695 #else
696 /* fill out the identity proof struct */
697 if ((result = TCS_API(obj->tspContext)->GetTPMCapability(obj->tspContext, TPM_CAP_VERSION,
698 0, NULL, &buf_len, &buf)))
699 goto close;
700
701 offset = 0;
702 Trspi_UnloadBlob_VERSION(&offset, buf, &daaIdentityProof.versionInfo);
703 free_tspi(tspContext, buf);
704
705 #error set all 3 credentials in the daaIdentityProof struct here
706
707 /* set the U data */
708 if ((result = __tspi_add_mem_entry(tspContext, outputData)))
709 goto close;
710 *capitalUPrime = outputData;
711 *capitalUPrimeLength = outputSize;
712
713 /* return the TSS specific stuff */
714 #endif
715
716 close:
717 FREE_BI( issuer_authentication_PK_i);
718 LogDebug("result = %d", result);
719 LogDebug("outputSize=%d", outputSize);
720 LogDebug("outputData=%s", dump_byte_array( outputSize, outputData));
721 return result;
722 }
723 #endif
724
725
726 /* allocation:
727 endorsementKey as BYTE *
728 */
729 TSS_RESULT
get_public_EK(TSS_HTPM hTPM,UINT32 * endorsementKeyLength,BYTE ** endorsementKey)730 get_public_EK(TSS_HTPM hTPM,
731 UINT32 *endorsementKeyLength,
732 BYTE **endorsementKey
733
734 ) {
735 TSS_RESULT result;
736 TSS_HKEY hEk;
737 TSS_HPOLICY hTpmPolicy;
738 UINT32 uiAttrSize;
739 BYTE *pAttr;
740
741 if( (result = obj_tpm_get_policy( hTPM, &hTpmPolicy)) != TSS_SUCCESS) {
742 LogError("can not retrieve policy from the TPM handler");
743 goto out_close;
744 }
745
746 if( (result = Tspi_TPM_GetPubEndorsementKey(hTPM, TRUE, NULL, &hEk)) != TSS_SUCCESS) {
747 LogError("can not retrieve the Public endorsed Key");
748 goto out_close;
749 }
750
751 result = Tspi_GetAttribData(
752 hEk,
753 TSS_TSPATTRIB_KEY_INFO,
754 TSS_TSPATTRIB_KEYINFO_VERSION,
755 &uiAttrSize,
756 &pAttr);
757
758 if (result != TSS_SUCCESS) goto out_close;
759 LogDebug("keyinfo:%s", dump_byte_array( uiAttrSize, pAttr));
760
761 result = Tspi_GetAttribData(
762 hEk,
763 TSS_TSPATTRIB_KEY_BLOB,
764 TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
765 endorsementKeyLength,
766 endorsementKey);
767
768 LogDebug("Public Endorsement Key:%s",
769 dump_byte_array( *endorsementKeyLength, *endorsementKey));
770 out_close:
771 return result;
772 }
773
774 // from TSS.java (479)
775 TSS_RESULT
compute_join_challenge_host(TSS_HDAA hDAA,TSS_DAA_PK_internal * pk_internal,bi_ptr capitalU,bi_ptr capital_Uprime,bi_ptr capital_utilde,bi_ptr capital_utilde_prime,bi_ptr capital_ni,bi_ptr capital_ni_tilde,UINT32 commitments_proofLength,TSS_DAA_ATTRIB_COMMIT_internal * commitments_proof,UINT32 nonceIssuerLength,BYTE * nonceIssuer,UINT32 * resultLength,BYTE ** result)776 compute_join_challenge_host(TSS_HDAA hDAA,
777 TSS_DAA_PK_internal *pk_internal,
778 bi_ptr capitalU,
779 bi_ptr capital_Uprime,
780 bi_ptr capital_utilde,
781 bi_ptr capital_utilde_prime,
782 bi_ptr capital_ni,
783 bi_ptr capital_ni_tilde,
784 UINT32 commitments_proofLength,
785 TSS_DAA_ATTRIB_COMMIT_internal *
786 commitments_proof,
787 UINT32 nonceIssuerLength,
788 BYTE* nonceIssuer,
789 UINT32 *resultLength,
790 BYTE **result) {
791 EVP_MD_CTX *mdctx;
792 BYTE *encoded_pk = NULL, *buffer;
793 UINT32 encoded_pkLength;
794 int rv, length;
795
796 buffer = (BYTE *)malloc( 10000); // to be sure, and it will be free quickly
797 if (buffer == NULL) {
798 LogError("malloc of %d bytes failed", 10000);
799 return TSPERR(TSS_E_OUTOFMEMORY);
800 }
801
802 mdctx = EVP_MD_CTX_create();
803 rv = EVP_DigestInit(mdctx, DAA_PARAM_get_message_digest());
804 if (rv != EVP_SUCCESS) goto err;
805 // allocation
806 encoded_pk = encoded_DAA_PK_internal( &encoded_pkLength, pk_internal);
807 LogDebug("encoded issuerPk[%d]: %s",
808 encoded_pkLength,
809 dump_byte_array( encoded_pkLength, encoded_pk));
810 rv = EVP_DigestUpdate(mdctx, encoded_pk, encoded_pkLength);
811 if (rv != EVP_SUCCESS) goto err;
812 // capitalU
813 length = DAA_PARAM_SIZE_RSA_MODULUS / 8;
814 bi_2_byte_array( buffer, length, capitalU);
815 LogDebug("capitalU[%ld]: %s",
816 bi_nbin_size(capitalU) ,
817 dump_byte_array( length, buffer));
818 rv = EVP_DigestUpdate(mdctx, buffer, length);
819 if (rv != EVP_SUCCESS) goto err;
820 // capital UPrime
821 bi_2_byte_array( buffer, length, capital_Uprime);
822 LogDebug("capitalUPrime[%d]: %s",
823 length,
824 dump_byte_array( length, buffer));
825 rv = EVP_DigestUpdate(mdctx, buffer, length);
826 if (rv != EVP_SUCCESS) goto err;
827 // capital Utilde
828 bi_2_byte_array( buffer, length, capital_utilde);
829 LogDebug("capitalUTilde[%d]: %s",
830 length,
831 dump_byte_array( length, buffer));
832 rv = EVP_DigestUpdate(mdctx, buffer, length);
833 if (rv != EVP_SUCCESS) goto err;
834 // capital UtildePrime
835 bi_2_byte_array( buffer, length, capital_utilde_prime);
836 LogDebug("capital_utilde_prime[%d]: %s",
837 length,
838 dump_byte_array( length, buffer));
839 rv = EVP_DigestUpdate(mdctx, buffer, length);
840 if (rv != EVP_SUCCESS) goto err;
841 //capital_ni
842 length = DAA_PARAM_SIZE_MODULUS_GAMMA / 8;
843 bi_2_byte_array( buffer, length, capital_ni);
844 LogDebug("capital_ni[%d]: %s",
845 length,
846 dump_byte_array( length, buffer));
847 rv = EVP_DigestUpdate(mdctx, buffer, length);
848 if (rv != EVP_SUCCESS) goto err;
849 //capital_ni_tilde
850 bi_2_byte_array( buffer, length, capital_ni_tilde);
851 LogDebug("capital_ni_tilde[%d]: %s",
852 length,
853 dump_byte_array( length, buffer));
854 rv = EVP_DigestUpdate(mdctx, buffer, length);
855 if (rv != EVP_SUCCESS) goto err;
856 // TODO: commitments
857 LogDebug("nonceIssuer[%d]: %s",
858 nonceIssuerLength,
859 dump_byte_array( nonceIssuerLength, nonceIssuer));
860 rv = EVP_DigestUpdate(mdctx, nonceIssuer, nonceIssuerLength);
861 if (rv != EVP_SUCCESS) goto err;
862 *resultLength = EVP_MD_CTX_size(mdctx);
863 *result = (BYTE *)malloc( *resultLength);
864 if (*result == NULL) {
865 LogError("malloc of %d bytes failed", *resultLength);
866 free( buffer);
867 free( encoded_pk);
868 return TSPERR(TSS_E_OUTOFMEMORY);
869 }
870 rv = EVP_DigestFinal(mdctx, *result, NULL);
871 if (rv != EVP_SUCCESS) goto err;
872 EVP_MD_CTX_destroy(mdctx);
873 free( buffer);
874 free( encoded_pk);
875 return TSS_SUCCESS;
876 err:
877 EVP_MD_CTX_destroy(mdctx);
878 free( buffer);
879 free( encoded_pk);
880 DEBUG_print_openssl_errors();
881 return TSPERR(TSS_E_INTERNAL_ERROR);
882 }
883
884 /*
885 This is the second out of 3 functions to execute in order to receive a DAA Credential. It
886 computes the credential request for the DAA Issuer, which also includes the Platforms & DAA
887 public key and the attributes that were chosen by the Platform, and which are not visible to \
888 the DAA Issuer. The Platform can commit to the attribute values it has chosen.
889 Code influenced by TSS.java (TssDaaCredentialRequest)
890 */
891 TSPICALL
Tspi_TPM_DAA_JoinCreateDaaPubKey_internal(TSS_HDAA hDAA,TSS_HTPM hTPM,UINT32 authenticationChallengeLength,BYTE * authenticationChallenge,UINT32 nonceIssuerLength,BYTE * nonceIssuer,UINT32 attributesPlatformLength,BYTE ** attributesPlatform,TSS_DAA_JOIN_SESSION * joinSession,TSS_DAA_CREDENTIAL_REQUEST * credentialRequest)892 Tspi_TPM_DAA_JoinCreateDaaPubKey_internal(
893 TSS_HDAA hDAA, // in
894 TSS_HTPM hTPM, // in
895 UINT32 authenticationChallengeLength, // in
896 BYTE* authenticationChallenge, // in
897 UINT32 nonceIssuerLength, // in
898 BYTE* nonceIssuer, // in
899 UINT32 attributesPlatformLength, // in
900 BYTE** attributesPlatform, // in
901 TSS_DAA_JOIN_SESSION* joinSession, // in, out
902 TSS_DAA_CREDENTIAL_REQUEST* credentialRequest // out
903 ) {
904 TSS_RESULT result;
905 TCS_CONTEXT_HANDLE tcsContext;
906 TPM_AUTH ownerAuth;
907 bi_ptr tmp1 = bi_new_ptr();
908 bi_ptr tmp2 = bi_new_ptr();
909 bi_ptr capital_utilde = bi_new_ptr();
910 bi_ptr v_tilde_prime = bi_new_ptr();
911 bi_ptr rv_tilde_prime = bi_new_ptr();
912 bi_ptr capitalU = bi_new_ptr();
913 bi_ptr product_attributes = bi_new_ptr();
914 bi_ptr capital_ni = NULL;
915 bi_ptr capital_utilde_prime = NULL;
916 bi_ptr capital_ni_tilde = NULL;
917 bi_ptr n = NULL;
918 bi_ptr attributePlatform = NULL;
919 bi_ptr c = NULL;
920 bi_ptr zeta = NULL;
921 bi_ptr capital_Uprime = NULL;
922 bi_ptr sv_tilde_prime = NULL;
923 bi_ptr s_f0 = NULL;
924 bi_ptr s_f1 = NULL;
925 bi_ptr sv_prime = NULL;
926 bi_ptr sv_prime1 = NULL;
927 bi_ptr sv_prime2 = NULL;
928 bi_array_ptr ra = NULL;
929 bi_array_ptr sa = NULL;
930 TSS_DAA_PK* pk_extern = (TSS_DAA_PK *)joinSession->issuerPk;
931 TSS_DAA_PK_internal* pk_internal = e_2_i_TSS_DAA_PK( pk_extern);
932 UINT32 i, outputSize, authentication_proofLength, nonce_tpmLength;
933 UINT32 capitalSprime_byte_arrayLength, size_bits, length, chLength, c_byteLength;
934 UINT32 internal_cbyteLength, noncePlatformLength;
935 BYTE *outputData, *authentication_proof, *capitalSprime_byte_array = NULL, *buffer;
936 BYTE *ch = NULL;
937 BYTE *c_byte, *noncePlatform, *nonce_tpm;
938 BYTE *internal_cbyte = NULL;
939 EVP_MD_CTX *mdctx;
940
941 if( tmp1 == NULL || tmp2 == NULL || capital_utilde == NULL ||
942 v_tilde_prime == NULL || rv_tilde_prime == NULL ||
943 capitalU == NULL || product_attributes == NULL) {
944 LogError("malloc of bi(s) failed");
945 result = TSPERR(TSS_E_OUTOFMEMORY);
946 goto close;
947 }
948 if( pk_internal == NULL) {
949 LogError("malloc of pk_internal failed");
950 result = TSPERR(TSS_E_OUTOFMEMORY);
951 goto close;
952 }
953 if( (result = obj_tpm_is_connected( hTPM, &tcsContext)) != TSS_SUCCESS) {
954 goto close;
955 }
956 obj_daa_set_handle_tpm( hDAA, hTPM);
957 // allocation
958 n = bi_set_as_nbin( pk_extern->modulusLength, pk_extern->modulus);
959 if( n == NULL) {
960 LogError("malloc of %d bytes failed", pk_extern->modulusLength);
961 result = TSPERR(TSS_E_OUTOFMEMORY);
962 goto close;
963 }
964 // allocation
965 capitalSprime_byte_array = bi_2_nbin( &capitalSprime_byte_arrayLength,
966 pk_internal->capitalSprime);
967 if( capitalSprime_byte_array == NULL) {
968 LogError("malloc of %d bytes failed", capitalSprime_byte_arrayLength);
969 result = TSPERR(TSS_E_OUTOFMEMORY);
970 goto close;
971 }
972 // compute second part of the credential request
973 // encode plateform attributes (the one visible only by the receiver)
974 bi_set( product_attributes, bi_1);
975 for( i=0; i<attributesPlatformLength; i++) {
976 attributePlatform = bi_set_as_nbin( DAA_PARAM_SIZE_F_I / 8,
977 attributesPlatform[i]); // allocation
978 if( attributePlatform == NULL) {
979 LogError("malloc of bi <%s> failed", "attributePlatform");
980 result = TSPERR(TSS_E_OUTOFMEMORY);
981 goto close;
982 }
983 // bi_tmp1 = ( capitalRReceiver[i] ^ attributesPlatform ) % n
984 bi_mod_exp( tmp1, pk_internal->capitalRReceiver->array[i], attributePlatform, n);
985 // bi_tmp1 = bi_tmp1 * product_attributes
986 bi_mul( tmp1, tmp1, product_attributes);
987 // product_attributes = bi_tmp1 % n
988 bi_mod( product_attributes, tmp1, n);
989 bi_free_ptr( attributePlatform);
990 }
991 bi_urandom( v_tilde_prime, DAA_PARAM_SIZE_RSA_MODULUS +
992 DAA_PARAM_SAFETY_MARGIN);
993 // tmp1 = capitalUPrime * capitalS
994 bi_free_ptr( tmp1);
995 tmp1 = bi_set_as_nbin( joinSession->capitalUPrimeLength,
996 joinSession->capitalUPrime); // allocation
997 if( tmp1 == NULL) {
998 LogError("malloc of %d bytes failed", joinSession->capitalUPrimeLength);
999 result = TSPERR(TSS_E_OUTOFMEMORY);
1000 goto close;
1001 }
1002 // U = ( U' * ( ( pk->S ^ v~' ) % n) ) % n
1003 // tmp2 = ( pk->S ^ v~') % n
1004 bi_mod_exp( tmp2, pk_internal->capitalS, v_tilde_prime, n);
1005 // U = tmp1( U') * tmp2
1006 bi_mul( capitalU, tmp1, tmp2);
1007 bi_mod( capitalU, capitalU, n);
1008 // U = ( U * product_attributes ) % n
1009 bi_mul( capitalU, capitalU, product_attributes);
1010 bi_mod( capitalU, capitalU, n);
1011 // 2 : call the TPM to compute authentication proof with U'
1012 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1013 8,
1014 authenticationChallengeLength, authenticationChallenge,
1015 0, NULL,
1016 &ownerAuth, &outputSize, &outputData);
1017 if( result != TSS_SUCCESS) goto close;
1018 LogDebug("Done Join 8");
1019 authentication_proof = calloc_tspi( tcsContext, outputSize);
1020 if( authentication_proof == NULL) {
1021 LogError("malloc of %d bytes failed", outputSize);
1022 result = TSPERR(TSS_E_OUTOFMEMORY);
1023 goto close;
1024 }
1025 memcpy( authentication_proof, outputData, outputSize);
1026 free( outputData);
1027 authentication_proofLength = outputSize;
1028
1029 // 3 : call the TPM to compute U' (first part of correctness proof of the credential
1030 // request
1031 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1032 9,
1033 pk_extern->capitalR0Length, pk_extern->capitalR0,
1034 pk_extern->modulusLength, pk_extern->modulus,
1035 &ownerAuth, &outputSize, &outputData);
1036 if( result != TSS_SUCCESS) goto close;
1037 LogDebug("Done Join 9: capitalR0");
1038 free( outputData);
1039
1040 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1041 10,
1042 pk_extern->capitalR1Length, pk_extern->capitalR1,
1043 pk_extern->modulusLength, pk_extern->modulus,
1044 &ownerAuth, &outputSize, &outputData);
1045 if( result != TSS_SUCCESS) goto close;
1046 LogDebug("Done Join 10: capitalR1");
1047 free( outputData);
1048
1049 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1050 11,
1051 pk_extern->capitalSLength, pk_extern->capitalS,
1052 pk_extern->modulusLength, pk_extern->modulus,
1053 &ownerAuth, &outputSize, &outputData);
1054 if( result != TSS_SUCCESS) goto close;
1055 LogDebug("Done Join 11: capitalS");
1056 free( outputData);
1057
1058 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1059 12,
1060 capitalSprime_byte_arrayLength, capitalSprime_byte_array,
1061 pk_extern->modulusLength, pk_extern->modulus,
1062 &ownerAuth, &outputSize, &outputData);
1063 if( result != TSS_SUCCESS) goto close;
1064 LogDebug("Done Join 12: capitalUTildePrime");
1065 capital_utilde_prime = bi_set_as_nbin( outputSize, outputData); // allocation
1066 if( capital_utilde_prime == NULL) {
1067 LogError("malloc of %d bytes failed", outputSize);
1068 result = TSPERR(TSS_E_OUTOFMEMORY);
1069 goto close;
1070 }
1071 free( outputData);
1072 // 4 compute pseudonym with respect to the DAA Issuer
1073 // allocation
1074 zeta = compute_zeta( pk_internal->issuerBaseNameLength,
1075 pk_internal->issuerBaseName,
1076 pk_internal);
1077 if( zeta == NULL) {
1078 LogError("malloc of bi <%s> failed", "zeta");
1079 result = TSPERR(TSS_E_OUTOFMEMORY);
1080 goto close;
1081 }
1082 buffer = (BYTE *)malloc( TPM_DAA_SIZE_w);
1083 if( buffer == NULL) {
1084 LogError("malloc of %d bytes failed", TPM_DAA_SIZE_w);
1085 result = TSPERR(TSS_E_OUTOFMEMORY);
1086 goto close;
1087 }
1088 LogDebug("zeta[%ld] = %s", bi_nbin_size( zeta), bi_2_hex_char( zeta));
1089 bi_2_byte_array( buffer, TPM_DAA_SIZE_w, zeta);
1090 LogDebug("zeta[%d] = %s", TPM_DAA_SIZE_w, dump_byte_array( TPM_DAA_SIZE_w, buffer));
1091
1092 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1093 13,
1094 pk_extern->capitalGammaLength, pk_extern->capitalGamma,
1095 TPM_DAA_SIZE_w, buffer, // zeta
1096 &ownerAuth, &outputSize, &outputData);
1097 free( buffer);
1098 if( result != TSS_SUCCESS) goto close;
1099 LogDebug("Done Join 13: capitalGamma / zeta");
1100 free( outputData);
1101
1102 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1103 14,
1104 pk_extern->capitalGammaLength, pk_extern->capitalGamma,
1105 0, NULL,
1106 &ownerAuth, &outputSize, &outputData);
1107 if( result != TSS_SUCCESS) goto close;
1108 LogDebug("Done Join 14: capitalGamma");
1109 capital_ni = bi_set_as_nbin( outputSize, outputData); // allocation
1110 if( capital_ni == NULL) {
1111 LogError("malloc of bi <%s> failed", "capital_ni");
1112 result = TSPERR(TSS_E_OUTOFMEMORY);
1113 goto close;
1114 }
1115 free( outputData);
1116
1117 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1118 15,
1119 pk_extern->capitalGammaLength, pk_extern->capitalGamma,
1120 0, NULL,
1121 &ownerAuth, &outputSize, &outputData);
1122 if( result != TSS_SUCCESS) goto close;
1123 LogDebug("Done Join 15: capitalGamma");
1124 capital_ni_tilde = bi_set_as_nbin( outputSize, outputData); // allocation
1125 if( capital_ni_tilde == NULL) {
1126 LogError("malloc of bi <%s> failed", "capital_ni_tilde");
1127 result = TSPERR(TSS_E_OUTOFMEMORY);
1128 goto close;
1129 }
1130 free( outputData);
1131
1132 // 5 : compute the second part of the correctness proof of the credential request
1133 // (with attributes not visible to issuer)
1134 // randomize/blind attributesReceiver
1135 size_bits = DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES;
1136 bi_set( product_attributes, bi_1);
1137 ra = (bi_array_ptr)malloc( sizeof( struct _bi_array));
1138 if( ra == NULL) {
1139 LogError("malloc of %d bytes failed", sizeof( struct _bi_array));
1140 result = TSPERR(TSS_E_OUTOFMEMORY);
1141 goto close;
1142 }
1143 bi_new_array( ra, attributesPlatformLength);
1144 if( ra->array == NULL) {
1145 LogError("malloc of bi_array <%s> failed", "ra");
1146 result = TSPERR(TSS_E_OUTOFMEMORY);
1147 goto close;
1148 }
1149 for( i=0; i < attributesPlatformLength; i++) {
1150 bi_urandom( ra->array[i], size_bits);
1151 LogDebug("ra[i]=%s size=%d", bi_2_hex_char( ra->array[i]), size_bits);
1152 // product_attributes=(((capitalYplatform ^ ra[i]) % n)*<product_attributes-1>)%n
1153 bi_mod_exp( tmp1, pk_internal->capitalRReceiver->array[i], ra->array[i], n);
1154 bi_mul( tmp1, tmp1, product_attributes);
1155 bi_mod( product_attributes, tmp1, n);
1156 }
1157 size_bits = DAA_PARAM_SIZE_F_I+2*DAA_PARAM_SAFETY_MARGIN+DAA_PARAM_SIZE_MESSAGE_DIGEST;
1158 bi_urandom( rv_tilde_prime, size_bits);
1159 // capital_utilde = ( capitalS ^ rv_tilde_prime) % n
1160 bi_mod_exp( capital_utilde, pk_internal->capitalS, rv_tilde_prime, n);
1161 // capital_utilde = capital_utilde * product_attributes
1162 bi_mul( capital_utilde, capital_utilde, product_attributes);
1163 // capital_utilde = capital_utilde % n
1164 bi_mod( capital_utilde, capital_utilde, n);
1165 // 5e
1166 capital_Uprime = bi_set_as_nbin( joinSession->capitalUPrimeLength,
1167 joinSession->capitalUPrime); // allocation
1168 if( capital_Uprime == NULL) {
1169 LogError("malloc of bi <%s> failed", "capital_Uprime");
1170 result = TSPERR(TSS_E_OUTOFMEMORY);
1171 goto close;
1172 }
1173 LogDebug("calculation UTilde: capitalS:%s\n", bi_2_hex_char( pk_internal->capitalS));
1174 LogDebug("calculation UTilde: rv_tilde_prime:%s\n", bi_2_hex_char( rv_tilde_prime));
1175 LogDebug("calculation UTilde: n:%s\n", bi_2_hex_char( n));
1176 LogDebug("calculation UTilde: product_attributes:%s\n", bi_2_hex_char( product_attributes));
1177 LogDebug("calculation NItilde: ntilde:%s\n", bi_2_hex_char( capital_ni_tilde));
1178
1179 result = compute_join_challenge_host(
1180 hDAA,
1181 pk_internal,
1182 capitalU,
1183 capital_Uprime,
1184 capital_utilde,
1185 capital_utilde_prime,
1186 capital_ni,
1187 capital_ni_tilde,
1188 0, // TODO commitmentProofLength
1189 NULL, // TODO commitment
1190 nonceIssuerLength,
1191 nonceIssuer,
1192 &chLength, // out
1193 &ch // out allocation
1194 );
1195 if( result != TSS_SUCCESS) goto close;
1196
1197 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1198 16,
1199 chLength, ch,
1200 0, NULL,
1201 &ownerAuth, &outputSize, &outputData);
1202 if( result != TSS_SUCCESS) goto close;
1203 nonce_tpm = outputData;
1204 nonce_tpmLength = outputSize;
1205 LogDebug("Done Join 16: compute_join_challenge_host return nonce_tpm:%s",
1206 dump_byte_array(nonce_tpmLength, nonce_tpm));
1207
1208 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1209 17,
1210 0, NULL,
1211 0, NULL,
1212 &ownerAuth, &outputSize, &outputData);
1213 if( result != TSS_SUCCESS) goto close;
1214 s_f0 = bi_set_as_nbin( outputSize, outputData); // allocation
1215 if( s_f0 == NULL) {
1216 LogError("malloc of <bi> %s failed", "s_f0");
1217 result = TSPERR(TSS_E_OUTOFMEMORY);
1218 goto close;
1219 }
1220 LogDebug("Done Join 17: return sF0:%s", dump_byte_array(outputSize, outputData) );
1221 free( outputData);
1222
1223 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1224 18,
1225 0, NULL,
1226 0, NULL,
1227 &ownerAuth, &outputSize, &outputData);
1228 if( result != TSS_SUCCESS) goto close;
1229 s_f1 = bi_set_as_nbin( outputSize, outputData); // allocation
1230 if( s_f1 == NULL) {
1231 LogError("malloc of <bi> %s failed", "s_f1");
1232 result = TSPERR(TSS_E_OUTOFMEMORY);
1233 goto close;
1234 }
1235 LogDebug("Done Join 18: return sF1:%s", dump_byte_array(outputSize, outputData) );
1236 free( outputData);
1237
1238 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1239 19,
1240 0, NULL,
1241 0, NULL,
1242 &ownerAuth, &outputSize, &outputData);
1243 if( result != TSS_SUCCESS) goto close;
1244 LogDebug("Done Join 19: return sv_prime1");
1245 sv_prime1 = bi_set_as_nbin( outputSize, outputData); // allocation
1246 if( sv_prime1 == NULL) {
1247 LogError("malloc of <bi> %s failed", "sv_prime1");
1248 result = TSPERR(TSS_E_OUTOFMEMORY);
1249 goto close;
1250 }
1251 free( outputData);
1252
1253 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1254 20,
1255 0, NULL,
1256 0, NULL,
1257 &ownerAuth, &outputSize, &outputData);
1258 if( result != TSS_SUCCESS) goto close;
1259 LogDebug("Done Join 20: return cByte");
1260 c_byte = (BYTE *)calloc_tspi( tcsContext, outputSize);
1261 if( c_byte == NULL) {
1262 LogError("malloc of %d bytes failed", outputSize);
1263 result = TSPERR(TSS_E_OUTOFMEMORY);
1264 goto close;
1265 }
1266 memcpy( c_byte, outputData, outputSize);
1267 free( outputData);
1268 c_byteLength = outputSize;
1269 c = bi_set_as_nbin( c_byteLength, c_byte); // allocation
1270 if( c == NULL) {
1271 LogError("malloc of <bi> %s failed", "c");
1272 result = TSPERR(TSS_E_OUTOFMEMORY);
1273 goto close;
1274 }
1275
1276 // verify computation of c by TPM
1277 mdctx = EVP_MD_CTX_create();
1278 EVP_DigestInit(mdctx, DAA_PARAM_get_message_digest());
1279 EVP_DigestUpdate(mdctx, ch, chLength);
1280 EVP_DigestUpdate(mdctx, nonce_tpm, nonce_tpmLength);
1281 nonce_tpm = convert_alloc( tcsContext, nonce_tpmLength, nonce_tpm); // allocation
1282 if( nonce_tpm == NULL) {
1283 LogError("malloc of %d bytes failed", nonce_tpmLength);
1284 result = TSPERR(TSS_E_OUTOFMEMORY);
1285 goto close;
1286 }
1287 internal_cbyteLength = EVP_MD_CTX_size(mdctx);
1288 internal_cbyte = (BYTE *)malloc( internal_cbyteLength);
1289 if( internal_cbyte == NULL) {
1290 LogError("malloc of %d bytes failed", internal_cbyteLength);
1291 result = TSPERR(TSS_E_OUTOFMEMORY);
1292 goto close;
1293 }
1294 EVP_DigestFinal(mdctx, internal_cbyte, NULL);
1295 if( c_byteLength != internal_cbyteLength ||
1296 memcmp( c_byte, internal_cbyte, c_byteLength) != 0) {
1297 LogError( "Computation of c in TPM DAA Join command is incorrect. Affected stages: 16,20\n");
1298 LogError( "\t c_byte[%d] %s",
1299 c_byteLength,
1300 dump_byte_array( c_byteLength, c_byte));
1301 LogError( "\tc_internal_byte[%d] %s",
1302 internal_cbyteLength,
1303 dump_byte_array( internal_cbyteLength, internal_cbyte));
1304 result = TSS_E_INTERNAL_ERROR;
1305 goto close;
1306 }
1307
1308 // 5m) blind attributesReceiver
1309 sa = (bi_array_ptr)malloc( sizeof( struct _bi_array));
1310 if( sa == NULL) {
1311 LogError("malloc of %d bytes failed", sizeof( struct _bi_array));
1312 result = TSPERR(TSS_E_OUTOFMEMORY);
1313 goto close;
1314 }
1315 bi_new_array( sa, attributesPlatformLength);
1316 for( i=0; i < attributesPlatformLength; i++) {
1317 attributePlatform = bi_set_as_nbin( DAA_PARAM_SIZE_F_I / 8,
1318 attributesPlatform[i]); // allocation
1319 if( attributePlatform == NULL) {
1320 LogError("malloc of <bi> %s failed", "attributePlatform");
1321 result = TSPERR(TSS_E_OUTOFMEMORY);
1322 goto close;
1323 }
1324 LogDebug("calculating sa[%d]: raLength=%ld cLength=%ld attributesPlatformLength=%ld\n",
1325 i, bi_nbin_size( ra->array[i]), bi_nbin_size( c), bi_nbin_size( attributePlatform));
1326 bi_add( sa->array[i], ra->array[i], bi_mul( tmp1, c, attributePlatform));
1327 bi_free_ptr( attributePlatform);
1328 }
1329 attributePlatform = NULL;
1330 // 5o) Commitments
1331 // TODO
1332
1333 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1334 21,
1335 0, NULL,
1336 0, NULL,
1337 &ownerAuth, &outputSize, &outputData);
1338 if( result != TSS_SUCCESS) goto close;
1339 LogDebug("Done Join 21: return sv_prime2");
1340 sv_prime2 = bi_set_as_nbin( outputSize, outputData); // allocation
1341 if( sv_prime2 == NULL) {
1342 LogError("malloc of <bi> %s failed", "sv_prime2");
1343 result = TSPERR(TSS_E_OUTOFMEMORY);
1344 goto close;
1345 }
1346 free( outputData);
1347 sv_prime = bi_new_ptr();
1348 if( sv_prime == NULL) {
1349 LogError("malloc of <bi> %s failed", "sv_prime");
1350 result = TSPERR(TSS_E_OUTOFMEMORY);
1351 goto close;
1352 }
1353 // sv_prime = sv_prime2 << DAA_PARAM_SIZE_SPLIT_EXPONENT
1354 bi_shift_left( sv_prime, sv_prime2, DAA_PARAM_SIZE_SPLIT_EXPONENT);
1355 // sv_prime = sv_prime + sv_prime1
1356 bi_add( sv_prime, sv_prime, sv_prime1);
1357
1358 sv_tilde_prime = bi_new_ptr();
1359 // tmp1 = c * v_tilde_prime
1360 bi_mul( tmp1, c, v_tilde_prime);
1361 // sv_tilde_prime = rv_tilde_prime + tmp1
1362 bi_add( sv_tilde_prime, rv_tilde_prime, tmp1);
1363
1364 // step 6) - choose nonce
1365 bi_urandom( tmp1, DAA_PARAM_SAFETY_MARGIN * 8);
1366 noncePlatform = (BYTE *)calloc_tspi( tcsContext, DAA_PARAM_SAFETY_MARGIN);
1367 if( noncePlatform == NULL) {
1368 LogError("malloc of <bi> %s failed", "noncePlatform");
1369 result = TSPERR(TSS_E_OUTOFMEMORY);
1370 goto close;
1371 }
1372 bi_2_nbin1( &noncePlatformLength, noncePlatform, tmp1);
1373
1374 LogDebug("challenge:%s", dump_byte_array( c_byteLength, c_byte));
1375 LogDebug("sF0 [%ld]:%s", bi_length( s_f0), bi_2_hex_char( s_f0));
1376 LogDebug("sF1 [%ld]:%s", bi_length( s_f1), bi_2_hex_char( s_f1));
1377 LogDebug("sv_prime [%ld]:%s", bi_length( sv_prime), bi_2_hex_char( sv_prime));
1378 LogDebug("sv_tilde_prime [%ld]:%s", bi_length( sv_tilde_prime), bi_2_hex_char( sv_tilde_prime));
1379 // update joinSession
1380 joinSession->capitalU = calloc_tspi( tcsContext, bi_nbin_size( capitalU));
1381 if( joinSession->capitalU == NULL) {
1382 LogError("malloc of %ld bytes failed", bi_nbin_size( capitalU));
1383 result = TSPERR(TSS_E_OUTOFMEMORY);
1384 goto close;
1385 }
1386 bi_2_nbin1( &(joinSession->capitalULength),
1387 joinSession->capitalU,
1388 capitalU);
1389 joinSession->attributesPlatformLength = attributesPlatformLength;
1390 joinSession->attributesPlatform = calloc_tspi( tcsContext, sizeof(BYTE *));
1391 for( i=0; i<joinSession->attributesPlatformLength; i++) {
1392 joinSession->attributesPlatform[i] =
1393 calloc_tspi( tcsContext,DAA_PARAM_SIZE_F_I / 8);
1394 memcpy( joinSession->attributesPlatform[i],
1395 attributesPlatform[i],
1396 DAA_PARAM_SIZE_F_I / 8);
1397 }
1398 joinSession->noncePlatform = noncePlatform;
1399 joinSession->noncePlatformLength = noncePlatformLength;
1400 joinSession->vTildePrime = calloc_tspi( tcsContext, bi_nbin_size( v_tilde_prime));
1401 if( joinSession->vTildePrime == NULL) {
1402 LogError("malloc of %ld bytes failed", bi_nbin_size( v_tilde_prime));
1403 result = TSPERR(TSS_E_OUTOFMEMORY);
1404 goto close;
1405 }
1406 bi_2_nbin1( &(joinSession->vTildePrimeLength),
1407 joinSession->vTildePrime,
1408 v_tilde_prime);
1409 // update credentialRequest
1410 credentialRequest->capitalU = calloc_tspi( tcsContext, bi_nbin_size( capitalU));
1411 if( credentialRequest->capitalU == NULL) {
1412 LogError("malloc of %ld bytes failed", bi_nbin_size( capitalU));
1413 result = TSPERR(TSS_E_OUTOFMEMORY);
1414 goto close;
1415 }
1416 bi_2_nbin1( &(credentialRequest->capitalULength),
1417 credentialRequest->capitalU,
1418 capitalU);
1419 credentialRequest->capitalNi = calloc_tspi( tcsContext, bi_nbin_size( capital_ni));
1420 if( credentialRequest->capitalNi == NULL) {
1421 LogError("malloc of %ld bytes failed", bi_nbin_size( capital_ni));
1422 result = TSPERR(TSS_E_OUTOFMEMORY);
1423 goto close;
1424 }
1425 bi_2_nbin1( &(credentialRequest->capitalNiLength),
1426 credentialRequest->capitalNi,
1427 capital_ni);
1428 credentialRequest->authenticationProofLength = authentication_proofLength;
1429 credentialRequest->authenticationProof = authentication_proof;
1430 credentialRequest->challenge = c_byte;
1431 credentialRequest->challengeLength = c_byteLength;
1432 credentialRequest->nonceTpm = nonce_tpm;
1433 credentialRequest->nonceTpmLength = nonce_tpmLength;
1434 credentialRequest->noncePlatform = noncePlatform;
1435 credentialRequest->noncePlatformLength = DAA_PARAM_SAFETY_MARGIN;
1436 credentialRequest->sF0 = calloc_tspi( tcsContext, bi_nbin_size( s_f0));
1437 if( credentialRequest->sF0 == NULL) {
1438 LogError("malloc of %ld bytes failed", bi_nbin_size( s_f0));
1439 result = TSPERR(TSS_E_OUTOFMEMORY);
1440 goto close;
1441 }
1442 bi_2_nbin1( &(credentialRequest->sF0Length), credentialRequest->sF0, s_f0);
1443 credentialRequest->sF1 = calloc_tspi( tcsContext, bi_nbin_size( s_f1));
1444 if( credentialRequest->sF1 == NULL) {
1445 LogError("malloc of %ld bytes failed", bi_nbin_size( s_f1));
1446 result = TSPERR(TSS_E_OUTOFMEMORY);
1447 goto close;
1448 }
1449 bi_2_nbin1( &(credentialRequest->sF1Length), credentialRequest->sF1, s_f1);
1450 credentialRequest->sVprime = calloc_tspi( tcsContext, bi_nbin_size( sv_prime));
1451 if( credentialRequest->sVprime == NULL) {
1452 LogError("malloc of %ld bytes failed", bi_nbin_size( sv_prime));
1453 result = TSPERR(TSS_E_OUTOFMEMORY);
1454 goto close;
1455 }
1456 bi_2_nbin1( &(credentialRequest->sVprimeLength),
1457 credentialRequest->sVprime,
1458 sv_prime);
1459 credentialRequest->sVtildePrime = calloc_tspi( tcsContext, bi_nbin_size( sv_tilde_prime));
1460 if( credentialRequest->sVtildePrime == NULL) {
1461 LogError("malloc of %ld bytes failed", bi_nbin_size( sv_tilde_prime));
1462 result = TSPERR(TSS_E_OUTOFMEMORY);
1463 goto close;
1464 }
1465 bi_2_nbin1( &(credentialRequest->sVtildePrimeLength),
1466 credentialRequest->sVtildePrime,
1467 sv_tilde_prime);
1468 length = (DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES + 7) / 8;
1469 LogDebug("SA length=%d", sa->length);
1470 credentialRequest->sA = calloc_tspi( tcsContext, sizeof( BYTE *) * sa->length);
1471 if( credentialRequest->sA == NULL) {
1472 LogError("malloc of %d bytes failed", sizeof( BYTE *) * sa->length);
1473 result = TSPERR(TSS_E_OUTOFMEMORY);
1474 goto close;
1475 }
1476
1477 for( i=0; i<(UINT32)sa->length; i++) {
1478 LogDebug("sa[%d].size=%d", i, (int)bi_nbin_size( sa->array[i]));
1479 credentialRequest->sA[i] = calloc_tspi( tcsContext, length);
1480 if( credentialRequest->sA[i] == NULL) {
1481 LogError("malloc of %d bytes failed", length);
1482 result = TSPERR(TSS_E_OUTOFMEMORY);
1483 goto close;
1484 }
1485 // size used only as repository
1486 bi_2_byte_array( credentialRequest->sA[i], length, sa->array[i]);
1487 }
1488 credentialRequest->sALength = sa->length;
1489 close:
1490 EVP_MD_CTX_destroy(mdctx);
1491 if( capitalSprime_byte_array!=NULL) free( capitalSprime_byte_array);
1492 if( ch!=NULL) free( ch);
1493 if( internal_cbyte != NULL) free( internal_cbyte);
1494 bi_free_ptr( rv_tilde_prime);
1495 bi_free_ptr( v_tilde_prime);
1496 bi_free_ptr( capital_utilde);
1497 bi_free_ptr( tmp1);
1498 bi_free_ptr( tmp2);
1499 bi_free_ptr( capitalU);
1500 if( ra != NULL) {
1501 bi_free_array( ra);
1502 free( ra);
1503 }
1504 if( sa != NULL) {
1505 bi_free_array( sa);
1506 free( sa);
1507 }
1508 FREE_BI( capital_ni);
1509 FREE_BI( capital_utilde_prime);
1510 FREE_BI( capital_ni_tilde);
1511 FREE_BI( n);
1512 FREE_BI( attributePlatform);
1513 FREE_BI( c);
1514 FREE_BI( zeta);
1515 FREE_BI( capital_Uprime);
1516 FREE_BI( sv_tilde_prime);
1517 FREE_BI( s_f0);
1518 FREE_BI( s_f1);
1519 FREE_BI( sv_prime);
1520 FREE_BI( sv_prime1);
1521 FREE_BI( sv_prime2);
1522 FREE_BI( product_attributes);
1523 free_TSS_DAA_PK_internal( pk_internal);
1524 return result;
1525 }
1526
1527 /*
1528 Code influenced by TSS.java (joinStoreCredential)
1529 */
Tspi_TPM_DAA_JoinStoreCredential_internal(TSS_HDAA hDAA,TSS_HTPM hTPM,TSS_DAA_CRED_ISSUER credIssuer,TSS_DAA_JOIN_SESSION joinSession,TSS_HKEY * hDaaCredential)1530 TSPICALL Tspi_TPM_DAA_JoinStoreCredential_internal
1531 (
1532 TSS_HDAA hDAA, // in
1533 TSS_HTPM hTPM, // in
1534 TSS_DAA_CRED_ISSUER credIssuer, // in
1535 TSS_DAA_JOIN_SESSION joinSession, // in
1536 TSS_HKEY* hDaaCredential // out
1537 ) {
1538 TCS_CONTEXT_HANDLE tcsContext;
1539 TPM_AUTH ownerAuth;
1540 bi_ptr tmp1 = bi_new_ptr();
1541 bi_ptr tmp2 = bi_new_ptr();
1542 bi_ptr n = NULL;
1543 bi_ptr e = NULL;
1544 bi_ptr fraction_A = NULL;
1545 bi_ptr v_prime_prime = NULL;
1546 bi_ptr capital_U = NULL;
1547 bi_ptr product_attributes = NULL;
1548 bi_ptr capital_Atilde = NULL;
1549 bi_ptr s_e = NULL;
1550 bi_ptr c_prime = NULL;
1551 bi_ptr capital_A = NULL;
1552 bi_ptr product = NULL;
1553 bi_ptr v_tilde_prime = NULL;
1554 bi_ptr v_prime_prime0 = NULL;
1555 bi_ptr v_prime_prime1 = NULL;
1556 TSS_DAA_PK *daa_pk_extern;
1557 TSS_DAA_PK_internal *pk_intern = NULL;
1558 TSS_DAA_CREDENTIAL *daaCredential;
1559 bi_array_ptr attributes_issuer;
1560 TSS_RESULT result = TSS_SUCCESS;
1561 UINT32 i;
1562 UINT32 c_byteLength, v0Length, v1Length, tpm_specificLength;
1563 BYTE *c_byte = NULL;
1564 BYTE *v0 = NULL;
1565 BYTE *v1 = NULL;
1566 BYTE *tpm_specific = NULL;
1567
1568 if( tmp1 == NULL || tmp2 == NULL) {
1569 LogError("malloc of bi(s) failed");
1570 result = TSPERR(TSS_E_OUTOFMEMORY);
1571 goto close;
1572 }
1573 if( (result = obj_tpm_is_connected( hTPM, &tcsContext)) != TSS_SUCCESS) return result;
1574 obj_daa_set_handle_tpm( hDAA, hTPM);
1575
1576 LogDebug("Converting issuer public");
1577 daa_pk_extern = (TSS_DAA_PK *)joinSession.issuerPk;
1578 pk_intern = e_2_i_TSS_DAA_PK( daa_pk_extern);
1579 if( pk_intern == NULL) {
1580 LogError("malloc of pk_intern failed");
1581 result = TSPERR(TSS_E_OUTOFMEMORY);
1582 goto close;
1583 }
1584 n = bi_new_ptr();
1585 if( n == NULL) {
1586 LogError("malloc of bi <%s> failed", "n");
1587 result = TSPERR(TSS_E_OUTOFMEMORY);
1588 goto close;
1589 }
1590 bi_set( n, pk_intern->modulus);
1591 attributes_issuer = (bi_array_ptr)malloc( sizeof( struct _bi_array));
1592 if( attributes_issuer == NULL) {
1593 LogError("malloc of %d bytes failed", sizeof( struct _bi_array));
1594 result = TSPERR(TSS_E_OUTOFMEMORY);
1595 goto close;
1596 }
1597 bi_new_array( attributes_issuer, credIssuer.attributesIssuerLength);
1598 if( attributes_issuer->array == NULL) {
1599 LogError("malloc of bi_array <%s> failed", "attributes_issuer->array");
1600 result = TSPERR(TSS_E_OUTOFMEMORY);
1601 goto close;
1602 }
1603 for( i=0; i < credIssuer.attributesIssuerLength; i++) {
1604 // allocation
1605 attributes_issuer->array[i] = bi_set_as_nbin( DAA_PARAM_SIZE_F_I / 8,
1606 credIssuer.attributesIssuer[i]);
1607 if( attributes_issuer->array[i] == NULL) {
1608 LogError("malloc of bi <attributes_issuer->array[%d]> failed", i);
1609 result = TSPERR(TSS_E_OUTOFMEMORY);
1610 goto close;
1611 }
1612 }
1613 LogDebug("verify credential of issuer ( part 1)");
1614 e = bi_set_as_nbin( credIssuer.eLength, credIssuer.e); // allocation
1615 if( e == NULL) {
1616 LogError("malloc of bi <%s> failed", "e");
1617 result = TSPERR(TSS_E_OUTOFMEMORY);
1618 goto close;
1619 }
1620 bi_set( tmp1, bi_0);
1621 bi_setbit( tmp1, DAA_PARAM_SIZE_EXPONENT_CERTIFICATE - 1);
1622 bi_set( tmp2, bi_0);
1623 bi_setbit( tmp1, DAA_PARAM_SIZE_INTERVAL_EXPONENT_CERTIFICATE - 1);
1624 bi_add( tmp1, tmp1, tmp2);
1625 if( bi_is_probable_prime( e) == 0 ||
1626 bi_length(e) < DAA_PARAM_SIZE_EXPONENT_CERTIFICATE ||
1627 bi_cmp( e, tmp1) > 0) {
1628 LogError("Verification e failed - Step 1.a");
1629 LogError("\tPrime(e):%d", bi_is_probable_prime( e));
1630 LogError("\tbit_length(e):%ld", bi_length(e));
1631 LogError("\te > (2^(l_e) + 2^(l_prime_e)):%d", bi_cmp( e, tmp1));
1632 result = TSS_E_DAA_CREDENTIAL_PROOF_ERROR;
1633 goto close;
1634 }
1635 LogDebug("verify credential of issuer (part 2) with proof");
1636 fraction_A = bi_new_ptr();
1637 if( fraction_A == NULL) {
1638 LogError("malloc of bi <%s> failed", "fraction_A");
1639 result = TSPERR(TSS_E_OUTOFMEMORY);
1640 goto close;
1641 }
1642 v_prime_prime = bi_set_as_nbin( credIssuer.vPrimePrimeLength,
1643 credIssuer.vPrimePrime); // allocation
1644 if( v_prime_prime == NULL) {
1645 LogError("malloc of bi <%s> failed", "v_prime_prime");
1646 result = TSPERR(TSS_E_OUTOFMEMORY);
1647 goto close;
1648 }
1649 capital_U = bi_set_as_nbin( joinSession.capitalULength,
1650 joinSession.capitalU); // allocation
1651 if( capital_U == NULL) {
1652 LogError("malloc of bi <%s> failed", "capital_U");
1653 result = TSPERR(TSS_E_OUTOFMEMORY);
1654 goto close;
1655 }
1656 bi_mod_exp( fraction_A, pk_intern->capitalS, v_prime_prime, n);
1657 bi_mul( fraction_A, fraction_A, capital_U);
1658 bi_mod( fraction_A, fraction_A, n);
1659 LogDebug("encode attributes");
1660 product_attributes = bi_new_ptr();
1661 bi_set( product_attributes, bi_1);
1662 for( i=0; i<(UINT32)attributes_issuer->length; i++) {
1663 bi_mod_exp( tmp1, pk_intern->capitalRIssuer->array[i],
1664 attributes_issuer->array[i], n);
1665 bi_mul( product_attributes, tmp1, product_attributes);
1666 bi_mod( product_attributes, product_attributes, n);
1667 }
1668 bi_mul( fraction_A, fraction_A, product_attributes);
1669 bi_mod( fraction_A, fraction_A, n);
1670 capital_Atilde = bi_new_ptr();
1671 if( capital_Atilde == NULL) {
1672 LogError("malloc of bi <%s> failed", "capital_Atilde");
1673 result = TSPERR(TSS_E_OUTOFMEMORY);
1674 goto close;
1675 }
1676 bi_invert_mod( capital_Atilde, fraction_A, n);
1677 bi_mul( capital_Atilde, capital_Atilde, pk_intern->capitalZ);
1678 bi_mod( capital_Atilde, capital_Atilde, n);
1679 s_e = bi_set_as_nbin( credIssuer.sELength, credIssuer.sE); // allocation
1680 if( s_e == NULL) {
1681 LogError("malloc of bi <%s> failed", "s_e");
1682 result = TSPERR(TSS_E_OUTOFMEMORY);
1683 goto close;
1684 }
1685 bi_mod_exp( capital_Atilde, capital_Atilde, s_e, n);
1686 c_prime = bi_set_as_nbin( credIssuer.cPrimeLength, credIssuer.cPrime); // allocation
1687 if( c_prime == NULL) {
1688 LogError("malloc of bi <%s> failed", "c_prime");
1689 result = TSPERR(TSS_E_OUTOFMEMORY);
1690 goto close;
1691 }
1692 capital_A = bi_set_as_nbin( credIssuer.capitalALength, credIssuer.capitalA); // allocation
1693 if( capital_A == NULL) {
1694 LogError("malloc of bi <%s> failed", "capital_A");
1695 result = TSPERR(TSS_E_OUTOFMEMORY);
1696 goto close;
1697 }
1698 bi_mod_exp( tmp1, capital_A, c_prime, n);
1699 bi_mul( capital_Atilde, capital_Atilde, tmp1);
1700 bi_mod( capital_Atilde, capital_Atilde, n);
1701
1702 result = compute_join_challenge_issuer( pk_intern,
1703 v_prime_prime,
1704 capital_A,
1705 capital_Atilde,
1706 joinSession.noncePlatformLength,
1707 joinSession.noncePlatform,
1708 &c_byteLength,
1709 &c_byte); // out allocation
1710 if( result != TSS_SUCCESS) goto close;
1711 if( credIssuer.cPrimeLength != c_byteLength ||
1712 memcmp( credIssuer.cPrime, c_byte, c_byteLength)!=0) {
1713 LogError("Verification of c failed - Step 1.c.i");
1714 LogError("credentialRequest.cPrime[%d]=%s",
1715 credIssuer.cPrimeLength,
1716 dump_byte_array( credIssuer.cPrimeLength, credIssuer.cPrime) );
1717 LogError("challenge[%d]=%s",
1718 c_byteLength,
1719 dump_byte_array( c_byteLength, c_byte) );
1720 result = TSS_E_DAA_CREDENTIAL_PROOF_ERROR;
1721 goto close;
1722 }
1723 product = bi_new_ptr();
1724 if( product == NULL) {
1725 LogError("malloc of bi <%s> failed", "product");
1726 result = TSPERR(TSS_E_OUTOFMEMORY);
1727 goto close;
1728 }
1729 bi_mod_exp( product, capital_A, e, n);
1730 bi_mul( product, product, fraction_A);
1731 bi_mod( product, product, n);
1732 if( bi_equals( pk_intern->capitalZ, product) == 0) {
1733 LogError("Verification of A failed - Step 1.c.ii");
1734 LogError("\tcapitalZ=%s", bi_2_hex_char( pk_intern->capitalZ));
1735 LogError("\tproduct=%s", bi_2_hex_char( product));
1736 result = TSS_E_DAA_CREDENTIAL_PROOF_ERROR;
1737 goto close;
1738 }
1739 v_tilde_prime = bi_set_as_nbin( joinSession.vTildePrimeLength,
1740 joinSession.vTildePrime); // allocation
1741 bi_add( v_prime_prime, v_prime_prime, v_tilde_prime);
1742 bi_shift_left( tmp1, bi_1, DAA_PARAM_SIZE_SPLIT_EXPONENT);
1743 v_prime_prime0 = bi_new_ptr();
1744 if( v_prime_prime0 == NULL) {
1745 LogError("malloc of bi <%s> failed", "v_prime_prime0");
1746 result = TSPERR(TSS_E_OUTOFMEMORY);
1747 goto close;
1748 }
1749 bi_mod( v_prime_prime0, v_prime_prime, tmp1);
1750 v_prime_prime1 = bi_new_ptr();
1751 if( v_prime_prime1 == NULL) {
1752 LogError("malloc of bi <%s> failed", "v_prime_prime1");
1753 result = TSPERR(TSS_E_OUTOFMEMORY);
1754 goto close;
1755 }
1756 bi_shift_right( v_prime_prime1, v_prime_prime, DAA_PARAM_SIZE_SPLIT_EXPONENT);
1757 free( c_byte);
1758 c_byte = (BYTE *)malloc( TPM_DAA_SIZE_v0);
1759 if( c_byte == NULL) {
1760 LogError("malloc of %d bytes failed", TPM_DAA_SIZE_v0);
1761 result = TSPERR(TSS_E_OUTOFMEMORY);
1762 goto close;
1763 }
1764 bi_2_byte_array( c_byte, TPM_DAA_SIZE_v0, v_prime_prime0);
1765 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1766 22,
1767 TPM_DAA_SIZE_v0, c_byte,
1768 0, NULL,
1769 &ownerAuth, &v0Length, &v0);
1770 if( result != TSS_SUCCESS) goto close;
1771 LogDebug("Done Join 22: return v0");
1772 free( c_byte);
1773 c_byte = (BYTE *)malloc( TPM_DAA_SIZE_v1);
1774 if( c_byte == NULL) {
1775 LogError("malloc of %d bytes failed", TPM_DAA_SIZE_v1);
1776 result = TSPERR(TSS_E_OUTOFMEMORY);
1777 goto close;
1778 }
1779 bi_2_byte_array( c_byte, TPM_DAA_SIZE_v1, v_prime_prime1);
1780 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1781 23,
1782 TPM_DAA_SIZE_v1, c_byte,
1783 0, NULL,
1784 &ownerAuth, &v1Length, &v1);
1785 if( result != TSS_SUCCESS) goto close;
1786 LogDebug("Done Join 23: return v1");
1787 result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA,
1788 24,
1789 0, NULL,
1790 0, NULL,
1791 &ownerAuth, &tpm_specificLength, &tpm_specific);
1792 if( result != TSS_SUCCESS) goto close;
1793
1794 daaCredential = (TSS_DAA_CREDENTIAL *)hDaaCredential;
1795 daaCredential->capitalA = calloc_tspi( tcsContext, bi_nbin_size( capital_A));
1796 if( daaCredential->capitalA == NULL) {
1797 LogError("malloc of %ld bytes failed", bi_nbin_size( capital_A));
1798 result = TSPERR(TSS_E_OUTOFMEMORY);
1799 goto close;
1800 }
1801 bi_2_nbin1( &(daaCredential->capitalALength), daaCredential->capitalA, capital_A);
1802 daaCredential->exponent = calloc_tspi( tcsContext, bi_nbin_size( e));
1803 if( daaCredential->exponent == NULL) {
1804 LogError("malloc of %ld bytes failed", bi_nbin_size( e));
1805 result = TSPERR(TSS_E_OUTOFMEMORY);
1806 goto close;
1807 }
1808 bi_2_nbin1( &(daaCredential->exponentLength), daaCredential->exponent, e);
1809 daaCredential->vBar0 = calloc_tspi( tcsContext, v0Length);
1810 if( daaCredential->vBar0 == NULL) {
1811 LogError("malloc of %d bytes failed", v0Length);
1812 result = TSPERR(TSS_E_OUTOFMEMORY);
1813 goto close;
1814 }
1815 daaCredential->vBar0Length = v0Length;
1816 memcpy( daaCredential->vBar0, v0, v0Length);
1817 LogDebug("vBar0[%d]=%s",
1818 daaCredential->vBar0Length,
1819 dump_byte_array( daaCredential->vBar0Length, daaCredential->vBar0));
1820 daaCredential->vBar1 = calloc_tspi( tcsContext, v1Length);
1821 if( daaCredential->vBar1 == NULL) {
1822 LogError("malloc of %d bytes failed", v1Length);
1823 result = TSPERR(TSS_E_OUTOFMEMORY);
1824 goto close;
1825 }
1826 daaCredential->vBar1Length = v1Length;
1827 memcpy( daaCredential->vBar1, v1, v1Length);
1828 LogDebug("vBar1[%d]=%s",
1829 daaCredential->vBar1Length,
1830 dump_byte_array( daaCredential->vBar1Length, daaCredential->vBar1));
1831 //TODO remove
1832 LogDebug("[BUSS] joinSession.attributesPlatformLength=%d",
1833 joinSession.attributesPlatformLength);
1834 LogDebug("[BUSS] credIssuer.attributesIssuerLength=%d",
1835 credIssuer.attributesIssuerLength);
1836 daaCredential->attributesLength = joinSession.attributesPlatformLength +
1837 credIssuer.attributesIssuerLength;
1838 daaCredential->attributes = (BYTE **)calloc_tspi( tcsContext,
1839 sizeof(BYTE *) * daaCredential->attributesLength);
1840 if( daaCredential->attributes == NULL) {
1841 LogError("malloc of %d bytes failed",
1842 sizeof(BYTE *) * daaCredential->attributesLength);
1843 result = TSPERR(TSS_E_OUTOFMEMORY);
1844 goto close;
1845 }
1846 for( i=0; i < joinSession.attributesPlatformLength; i++) {
1847 daaCredential->attributes[i] = calloc_tspi( tcsContext, DAA_PARAM_SIZE_F_I / 8);
1848 if( daaCredential->attributes[i] == NULL) {
1849 LogError("malloc of %d bytes failed", DAA_PARAM_SIZE_F_I / 8);
1850 result = TSPERR(TSS_E_OUTOFMEMORY);
1851 goto close;
1852 }
1853 LogDebug("allocation attributes[%d]=%lx", i, (long)daaCredential->attributes[i]);
1854 memcpy( daaCredential->attributes[i],
1855 joinSession.attributesPlatform[i],
1856 DAA_PARAM_SIZE_F_I / 8);
1857 }
1858 for( i=0; i < credIssuer.attributesIssuerLength; i++) {
1859 daaCredential->attributes[i+joinSession.attributesPlatformLength] =
1860 calloc_tspi( tcsContext, DAA_PARAM_SIZE_F_I / 8);
1861 if( daaCredential->attributes[i+joinSession.attributesPlatformLength] == NULL) {
1862 LogError("malloc of %d bytes failed", DAA_PARAM_SIZE_F_I / 8);
1863 result = TSPERR(TSS_E_OUTOFMEMORY);
1864 goto close;
1865 }
1866 memcpy( daaCredential->attributes[i+joinSession.attributesPlatformLength],
1867 credIssuer.attributesIssuer[i], DAA_PARAM_SIZE_F_I / 8);
1868 }
1869 memcpy( &(daaCredential->issuerPK), daa_pk_extern, sizeof( TSS_DAA_PK));
1870 daaCredential->tpmSpecificEnc = calloc_tspi( tcsContext, tpm_specificLength);
1871 if( daaCredential->tpmSpecificEnc == NULL) {
1872 LogError("malloc of %d bytes failed", tpm_specificLength);
1873 result = TSPERR(TSS_E_OUTOFMEMORY);
1874 goto close;
1875 }
1876 daaCredential->tpmSpecificEncLength = tpm_specificLength;
1877 memcpy( daaCredential->tpmSpecificEnc, tpm_specific, tpm_specificLength);
1878 // TODO store in TSS this TSS_DAA_CREDENTIAL_REQUEST
1879 *hDaaCredential = (TSS_HKEY)daaCredential;
1880 close:
1881 if( v0 != NULL) free( v0);
1882 if( v1 != NULL) free( v1);
1883 if( tpm_specific != NULL) free( tpm_specific);
1884 if( c_byte != NULL) free( c_byte);
1885 bi_free_ptr( tmp2);
1886 bi_free_ptr( tmp1);
1887 if( attributes_issuer != NULL) {
1888 bi_free_array( attributes_issuer);
1889 free( attributes_issuer);
1890 }
1891 FREE_BI( v_prime_prime1);
1892 FREE_BI( v_prime_prime0);
1893 FREE_BI( v_tilde_prime);
1894 FREE_BI( product);
1895 FREE_BI( capital_A);
1896 FREE_BI( c_prime);
1897 FREE_BI( s_e);
1898 FREE_BI( capital_Atilde);
1899 FREE_BI( product_attributes);
1900 FREE_BI( capital_U);
1901 FREE_BI( v_prime_prime);
1902 FREE_BI( fraction_A);
1903 FREE_BI( e);
1904 FREE_BI( n);
1905 if( pk_intern!=NULL) free_TSS_DAA_PK_internal( pk_intern);
1906 return result;
1907 }
1908
add_splitet(bi_ptr result,bi_ptr a,bi_ptr b)1909 static void add_splitet( bi_ptr result, bi_ptr a, bi_ptr b) {
1910 bi_shift_left( result, bi_1, DAA_PARAM_SIZE_SPLIT_EXPONENT);
1911 bi_mul( result, result, b);
1912 bi_add( result, result, a);
1913 }
1914
1915 /* code influenced by TSS.java (signStep) */
Tspi_TPM_DAA_Sign_internal(TSS_HDAA hDAA,TSS_HTPM hTPM,TSS_HKEY hDaaCredential,TSS_DAA_SELECTED_ATTRIB revealAttributes,UINT32 verifierBaseNameLength,BYTE * verifierBaseName,UINT32 verifierNonceLength,BYTE * verifierNonce,TSS_DAA_SIGN_DATA signData,TSS_DAA_SIGNATURE * daaSignature)1916 TSS_RESULT Tspi_TPM_DAA_Sign_internal
1917 (
1918 TSS_HDAA hDAA, // in
1919 TSS_HTPM hTPM, // in
1920 TSS_HKEY hDaaCredential, // in
1921 TSS_DAA_SELECTED_ATTRIB revealAttributes, // in
1922 UINT32 verifierBaseNameLength, // in
1923 BYTE* verifierBaseName, // in
1924 UINT32 verifierNonceLength, // in
1925 BYTE* verifierNonce, // in
1926 TSS_DAA_SIGN_DATA signData, // in
1927 TSS_DAA_SIGNATURE* daaSignature // out
1928 )
1929 {
1930 TCS_CONTEXT_HANDLE tcsContext;
1931 TSS_DAA_CREDENTIAL *daaCredential;
1932 TPM_DAA_ISSUER *tpm_daa_issuer;
1933 TPM_AUTH ownerAuth;
1934 TSS_RESULT result = TSS_SUCCESS;
1935 TSS_DAA_PK *pk;
1936 TSS_DAA_PK_internal *pk_intern;
1937 int i;
1938 bi_ptr tmp1 = bi_new_ptr(), tmp2;
1939 bi_ptr n = NULL;
1940 bi_ptr capital_gamma = NULL;
1941 bi_ptr gamma = NULL;
1942 bi_ptr zeta = NULL;
1943 bi_ptr r = NULL;
1944 bi_ptr t_tilde_T = NULL;
1945 bi_ptr capital_Nv = NULL;
1946 bi_ptr capital_N_tilde_v = NULL;
1947 bi_ptr w = NULL;
1948 bi_ptr capital_T = NULL;
1949 bi_ptr r_E = NULL;
1950 bi_ptr r_V = NULL;
1951 bi_ptr capital_T_tilde = NULL;
1952 bi_ptr capital_A = NULL;
1953 bi_array_ptr capital_R;
1954 bi_ptr product_R = NULL;
1955 bi_array_ptr r_A = NULL;
1956 bi_array_ptr s_A = NULL;
1957 bi_ptr c = NULL;
1958 bi_ptr sF0 = NULL;
1959 bi_ptr sF1 = NULL;
1960 bi_ptr sV1 = NULL;
1961 bi_ptr sV2 = NULL;
1962 bi_ptr e = NULL;
1963 bi_ptr s_E = NULL;
1964 bi_ptr s_V = NULL;
1965 CS_ENCRYPTION_RESULT_RANDOMNESS *encryption_result_rand = NULL;
1966 BYTE *issuer_settings = NULL, *outputData, byte;
1967 BYTE *buffer = NULL, *ch = NULL, *nonce_tpm = NULL, *c_bytes = NULL;
1968 UINT32 issuer_settingsLength, outputSize, length, size_bits, chLength;
1969 UINT32 nonce_tpmLength;
1970 UINT32 c_bytesLength, return_sign_session;
1971 // for anonymity revocation
1972 CS_ENCRYPTION_RESULT *encryption_result = NULL;
1973 CS_ENCRYPTION_RESULT *encryption_result_tilde = NULL;
1974 TSS_DAA_PSEUDONYM *signature_pseudonym;
1975 TSS_DAA_PSEUDONYM_PLAIN *pseudonym_plain = NULL;
1976 TSS_DAA_PSEUDONYM_PLAIN *pseudonym_plain_tilde = NULL;
1977 TSS_DAA_ATTRIB_COMMIT *signed_commitments;
1978
1979 if( (result = obj_tpm_is_connected( hTPM, &tcsContext)) != TSS_SUCCESS)
1980 return result;
1981 if( tmp1 == NULL) {
1982 LogError("malloc of bi <%s> failed", "tmp1");
1983 result = TSPERR(TSS_E_OUTOFMEMORY);
1984 goto close;
1985 }
1986 obj_daa_set_handle_tpm( hDAA, hTPM);
1987 // TODO retrieve the daaCredential from the persistence storage
1988 daaCredential = (TSS_DAA_CREDENTIAL *)hDaaCredential;
1989 pk = (TSS_DAA_PK *)&(daaCredential->issuerPK);
1990 pk_intern = e_2_i_TSS_DAA_PK( pk);
1991 if( pk_intern == NULL) {
1992 LogError("malloc of <%s> failed", "pk_intern");
1993 result = TSPERR(TSS_E_OUTOFMEMORY);
1994 goto close;
1995 }
1996 tpm_daa_issuer = convert2issuer_settings( pk_intern);
1997 if( daaCredential->attributesLength == 0 ||
1998 daaCredential->attributesLength != revealAttributes.indicesListLength) {
1999 LogDebug("Problem with the reveal attribs: attributes length:%d reveal length:%d",
2000 daaCredential->attributesLength, revealAttributes.indicesListLength);
2001 result = TSS_E_BAD_PARAMETER;
2002 goto close;
2003 }
2004 if( verifierNonce == NULL ||
2005 verifierNonceLength != DAA_PARAM_LENGTH_MESSAGE_DIGEST) {
2006 LogDebug("Problem with the nonce verifier: nonce verifier length:%d",
2007 verifierNonceLength);
2008 result = TSS_E_BAD_PARAMETER;
2009 goto close;
2010 }
2011 n = bi_new_ptr();
2012 if( n == NULL) {
2013 LogError("malloc of bi <%s> failed", "n");
2014 result = TSPERR(TSS_E_OUTOFMEMORY);
2015 goto close;
2016 }
2017 bi_set( n, pk_intern->modulus);
2018 capital_gamma = bi_new_ptr();
2019 if( capital_gamma == NULL) {
2020 LogError("malloc of bi <%s> failed", "capital_gamma");
2021 result = TSPERR(TSS_E_OUTOFMEMORY);
2022 goto close;
2023 }
2024 bi_set( capital_gamma, pk_intern->capitalGamma);
2025 gamma = bi_new_ptr();
2026 if( gamma == NULL) {
2027 LogError("malloc of bi <%s> failed", "gamma");
2028 result = TSPERR(TSS_E_OUTOFMEMORY);
2029 goto close;
2030 }
2031 bi_set( gamma, pk_intern->gamma);
2032 if( verifierBaseNameLength == 0 || verifierBaseName == NULL) {
2033 r = bi_new_ptr();
2034 compute_random_number( r, capital_gamma);
2035 zeta = project_into_group_gamma( r, pk_intern); // allocation
2036 if( zeta == NULL) {
2037 LogError("malloc of bi <%s> failed", "zeta");
2038 result = TSPERR(TSS_E_OUTOFMEMORY);
2039 goto close;
2040 }
2041 } else {
2042 zeta = compute_zeta( verifierBaseNameLength, verifierBaseName, pk_intern);
2043 if( zeta == NULL) {
2044 LogError("malloc of bi <%s> failed", "zeta");
2045 result = TSPERR(TSS_E_OUTOFMEMORY);
2046 goto close;
2047 }
2048 }
2049 issuer_settings = issuer_2_byte_array( tpm_daa_issuer,
2050 &issuer_settingsLength); // allocation
2051 if( issuer_settings == NULL) {
2052 LogError("malloc of %d bytes failed", issuer_settingsLength);
2053 result = TSPERR(TSS_E_OUTOFMEMORY);
2054 goto close;
2055 }
2056 LogDebug( "Issuer Settings:[%s]",
2057 dump_byte_array(issuer_settingsLength, issuer_settings) );
2058 result = Tcsip_TPM_DAA_Sign(
2059 tcsContext, hDAA,
2060 0,
2061 issuer_settingsLength, issuer_settings,
2062 0, NULL,
2063 &ownerAuth, &outputSize, &outputData);
2064 if( result != TSS_SUCCESS) goto close;
2065 // set the sessionHandle to the returned value
2066 return_sign_session = ntohl( *((UINT32 *)outputData));
2067 obj_daa_set_session_handle( hDAA, return_sign_session);
2068 free( outputData);
2069 result = Tcsip_TPM_DAA_Sign(
2070 tcsContext, hDAA,
2071 1,
2072 daaCredential->tpmSpecificEncLength, daaCredential->tpmSpecificEnc,
2073 0, NULL,
2074 &ownerAuth, &outputSize, &outputData);
2075 if( result != TSS_SUCCESS) goto close;
2076 free( outputData);
2077 LogDebug( "done Sign 1 - TPM specific");
2078 result = Tcsip_TPM_DAA_Sign(
2079 tcsContext, hDAA,
2080 2,
2081 pk->capitalR0Length, pk->capitalR0,
2082 pk->modulusLength, pk->modulus,
2083 &ownerAuth, &outputSize, &outputData);
2084 if( result != TSS_SUCCESS) goto close;
2085 free( outputData);
2086 LogDebug( "done Sign 2 - capitalR0");
2087 result = Tcsip_TPM_DAA_Sign(
2088 tcsContext, hDAA,
2089 3,
2090 pk->capitalR1Length, pk->capitalR1,
2091 pk->modulusLength, pk->modulus,
2092 &ownerAuth, &outputSize, &outputData);
2093 if( result != TSS_SUCCESS) goto close;
2094 free( outputData);
2095 LogDebug( "done Sign 3 - capitalR1");
2096 result = Tcsip_TPM_DAA_Sign(
2097 tcsContext, hDAA,
2098 4,
2099 pk->capitalSLength, pk->capitalS,
2100 pk->modulusLength, pk->modulus,
2101 &ownerAuth, &outputSize, &outputData);
2102 if( outputSize > 0 && outputData != NULL) free( outputData);
2103 if( result != TSS_SUCCESS) goto close;
2104 LogDebug( "done Sign 4 - capitalS");
2105 buffer = bi_2_nbin( &length, pk_intern->capitalSprime); // allocation
2106 if( buffer == NULL) {
2107 LogError("malloc of %d bytes failed", length);
2108 result = TSPERR(TSS_E_OUTOFMEMORY);
2109 goto close;
2110 }
2111 result = Tcsip_TPM_DAA_Sign(
2112 tcsContext, hDAA,
2113 5,
2114 length, buffer,
2115 pk->modulusLength, pk->modulus,
2116 &ownerAuth, &outputSize, &outputData);
2117 free( buffer);
2118 if( result != TSS_SUCCESS) goto close;
2119 LogDebug( "done Sign 5 - capitalSPrime. Return t_tilde_T");
2120 t_tilde_T = bi_set_as_nbin( outputSize, outputData); // allocation
2121 if( t_tilde_T == NULL) {
2122 LogError("malloc of bi <%s> failed", "t_tilde_T");
2123 result = TSPERR(TSS_E_OUTOFMEMORY);
2124 goto close;
2125 }
2126 free( outputData);
2127 // first precomputation until here possible (verifier independent)
2128 length = TPM_DAA_SIZE_w;
2129 buffer = (BYTE *)malloc( length);
2130 if( buffer == NULL) {
2131 LogError("malloc of %d bytes failed", length);
2132 result = TSPERR(TSS_E_OUTOFMEMORY);
2133 goto close;
2134 }
2135 bi_2_byte_array( buffer, length, zeta);
2136 result = Tcsip_TPM_DAA_Sign(
2137 tcsContext, hDAA,
2138 6,
2139 pk->capitalGammaLength, pk->capitalGamma,
2140 length, buffer,
2141 &ownerAuth, &outputSize, &outputData);
2142 free( buffer);
2143 if( result != TSS_SUCCESS) goto close;
2144 LogDebug( "done Sign 6 - capitalGamma & zeta");
2145 result = Tcsip_TPM_DAA_Sign(
2146 tcsContext, hDAA,
2147 7,
2148 pk->capitalGammaLength, pk->capitalGamma,
2149 0, NULL,
2150 &ownerAuth, &outputSize, &outputData);
2151 if( result != TSS_SUCCESS) goto close;
2152 LogDebug( "done Sign 7 - capitalGamma. Return capital_Nv");
2153 capital_Nv = bi_set_as_nbin( outputSize, outputData); // allocation
2154 if( capital_Nv == NULL) {
2155 LogError("malloc of bi <%s> failed", "capital_Nv");
2156 result = TSPERR(TSS_E_OUTOFMEMORY);
2157 goto close;
2158 }
2159 free( outputData);
2160 // TODO Step 6 a.b - anonymity revocation
2161
2162 result = Tcsip_TPM_DAA_Sign(
2163 tcsContext, hDAA,
2164 8,
2165 pk->capitalGammaLength, pk->capitalGamma,
2166 0, NULL,
2167 &ownerAuth, &outputSize, &outputData);
2168 if( result != TSS_SUCCESS) goto close;
2169 LogDebug( "done Sign 8 - capitalGamma. Return capital_N_tilde_v");
2170 capital_N_tilde_v = bi_set_as_nbin( outputSize, outputData); // allocation
2171 if( capital_N_tilde_v == NULL) {
2172 LogError("malloc of bi <%s> failed", "capital_N_tilde_v");
2173 result = TSPERR(TSS_E_OUTOFMEMORY);
2174 goto close;
2175 }
2176 free( outputData);
2177 // TODO Step 6 c,d - anonymity revocation
2178
2179 // Second precomputation until here possible (verifier dependent)
2180 size_bits = DAA_PARAM_SIZE_RSA_MODULUS + DAA_PARAM_SAFETY_MARGIN;
2181 w = bi_new_ptr();
2182 if( w == NULL) {
2183 LogError("malloc of bi <%s> failed", "w");
2184 result = TSPERR(TSS_E_OUTOFMEMORY);
2185 goto close;
2186 }
2187 bi_urandom( w, size_bits);
2188 capital_A = bi_set_as_nbin( daaCredential->capitalALength,
2189 daaCredential->capitalA); // allocation
2190 if( capital_A == NULL) {
2191 LogError("malloc of bi <%s> failed", "capital_A");
2192 result = TSPERR(TSS_E_OUTOFMEMORY);
2193 goto close;
2194 }
2195 capital_T = bi_new_ptr();
2196 if( capital_T == NULL) {
2197 LogError("malloc of bi <%s> failed", "capital_T");
2198 result = TSPERR(TSS_E_OUTOFMEMORY);
2199 goto close;
2200 }
2201 bi_mod_exp( tmp1, pk_intern->capitalS, w, n);
2202 bi_mul( capital_T, capital_A, tmp1);
2203 bi_mod( capital_T, capital_T, n);
2204 size_bits = DAA_PARAM_SIZE_INTERVAL_EXPONENT_CERTIFICATE +
2205 DAA_PARAM_SAFETY_MARGIN + DAA_PARAM_SIZE_MESSAGE_DIGEST;
2206 r_E = bi_new_ptr();
2207 if( r_E == NULL) {
2208 LogError("malloc of bi <%s> failed", "r_E");
2209 result = TSPERR(TSS_E_OUTOFMEMORY);
2210 goto close;
2211 }
2212 bi_urandom( r_E, size_bits);
2213 size_bits = DAA_PARAM_SIZE_EXPONENT_CERTIFICATE + DAA_PARAM_SIZE_RSA_MODULUS +
2214 2 * DAA_PARAM_SAFETY_MARGIN + DAA_PARAM_SIZE_MESSAGE_DIGEST + 1;
2215 r_V = bi_new_ptr();
2216 if( r_V == NULL) {
2217 LogError("malloc of bi <%s> failed", "r_V");
2218 result = TSPERR(TSS_E_OUTOFMEMORY);
2219 goto close;
2220 }
2221 bi_urandom( r_V, size_bits);
2222 capital_T_tilde = bi_new_ptr();
2223 if( capital_T_tilde == NULL) {
2224 LogError("malloc of bi <%s> failed", "capital_T_tilde");
2225 result = TSPERR(TSS_E_OUTOFMEMORY);
2226 goto close;
2227 }
2228 bi_mod_exp( tmp1, capital_T, r_E, n);
2229 bi_mul( capital_T_tilde, t_tilde_T, tmp1);
2230 bi_mod( capital_T_tilde, capital_T_tilde, n);
2231
2232 bi_mod_exp( tmp1, pk_intern->capitalS, r_V, n);
2233 bi_mul( capital_T_tilde, capital_T_tilde, tmp1);
2234 bi_mod( capital_T_tilde, capital_T_tilde, n);
2235
2236 // attributes extension
2237 size_bits = DAA_PARAM_SIZE_F_I +
2238 DAA_PARAM_SAFETY_MARGIN +
2239 DAA_PARAM_SIZE_MESSAGE_DIGEST;
2240 capital_R = pk_intern->capitalY;
2241 r_A = (bi_array_ptr)malloc( sizeof( struct _bi_array));
2242 if( r_A == NULL) {
2243 LogError("malloc of %d bytes failed", sizeof( struct _bi_array));
2244 result = TSPERR(TSS_E_OUTOFMEMORY);
2245 goto close;
2246 }
2247 bi_new_array2( r_A, revealAttributes.indicesListLength);
2248 product_R = bi_new_ptr();
2249 if( product_R == NULL) {
2250 LogError("malloc of bi <%s> failed", "product_R");
2251 result = TSPERR(TSS_E_OUTOFMEMORY);
2252 goto close;
2253 }
2254 bi_set( product_R, bi_1);
2255 for( i=0; i<(int)revealAttributes.indicesListLength; i++) {
2256 if( revealAttributes.indicesList[i] == 0) {
2257 // only non selected
2258 r_A->array[i] = bi_new_ptr();
2259 if( r_A->array[i] == NULL) {
2260 LogError("malloc of bi <%s> failed", "r_A->array[i]");
2261 result = TSPERR(TSS_E_OUTOFMEMORY);
2262 goto close;
2263 }
2264 bi_urandom( r_A->array[i] , size_bits);
2265 bi_mod_exp( tmp1, capital_R->array[i], r_A->array[i], n);
2266 bi_mul( product_R, product_R, tmp1);
2267 bi_mod( product_R, product_R, n);
2268 } else r_A->array[i] = NULL;
2269 }
2270 bi_mul( capital_T_tilde, capital_T_tilde, product_R);
2271 bi_mod( capital_T_tilde, capital_T_tilde, n);
2272 //TODO Step 8 - Commitments
2273 // compute commitment to attributes not revealed to the verifier
2274
2275 //TODO Step 9 - callback functions
2276
2277 // only when revocation not enabled
2278 pseudonym_plain = (TSS_DAA_PSEUDONYM_PLAIN *)calloc_tspi( tcsContext,
2279 sizeof(TSS_DAA_PSEUDONYM_PLAIN));
2280 if( pseudonym_plain == NULL) {
2281 LogError("malloc of %d bytes failed", sizeof(TSS_DAA_PSEUDONYM_PLAIN));
2282 result = TSPERR(TSS_E_OUTOFMEMORY);
2283 goto close;
2284 }
2285 init_tss_version( pseudonym_plain);
2286 pseudonym_plain->capitalNv = calloc_tspi( tcsContext,
2287 bi_nbin_size( capital_Nv));
2288 if( pseudonym_plain->capitalNv == NULL) {
2289 LogError("malloc of bi <%s> failed", "pseudonym_plain->capitalNv");
2290 result = TSPERR(TSS_E_OUTOFMEMORY);
2291 goto close;
2292 }
2293 bi_2_nbin1( &(pseudonym_plain->capitalNvLength),
2294 pseudonym_plain->capitalNv,
2295 capital_Nv);
2296 pseudonym_plain_tilde = (TSS_DAA_PSEUDONYM_PLAIN *)
2297 calloc_tspi( tcsContext,sizeof(TSS_DAA_PSEUDONYM_PLAIN));
2298 if( pseudonym_plain_tilde == NULL) {
2299 LogError("malloc of %d bytes failed", sizeof(TSS_DAA_PSEUDONYM_PLAIN));
2300 result = TSPERR(TSS_E_OUTOFMEMORY);
2301 goto close;
2302 }
2303 init_tss_version( pseudonym_plain_tilde);
2304 pseudonym_plain_tilde->capitalNv = calloc_tspi( tcsContext,
2305 bi_nbin_size( capital_N_tilde_v));
2306 if( pseudonym_plain_tilde->capitalNv == NULL) {
2307 LogError("malloc of bi <%s> failed", "pseudonym_plain_tilde->capitalNv");
2308 result = TSPERR(TSS_E_OUTOFMEMORY);
2309 goto close;
2310 }
2311 bi_2_nbin1( &(pseudonym_plain_tilde->capitalNvLength),
2312 pseudonym_plain_tilde->capitalNv,
2313 capital_N_tilde_v);
2314
2315 // Step 10 - compute challenge
2316 ch = compute_sign_challenge_host(
2317 &chLength,
2318 DAA_PARAM_get_message_digest(),
2319 pk_intern,
2320 verifierNonceLength,
2321 verifierNonce,
2322 0, // int selected_attributes2commitLength,
2323 NULL, // TSS_DAA_SELECTED_ATTRIB **selected_attributes2commit,
2324 0, // int is_anonymity_revocation_enabled,
2325 zeta,
2326 capital_T,
2327 capital_T_tilde,
2328 0, // int attribute_commitmentsLength,
2329 NULL, // TSS_DAA_ATTRIB_COMMIT_internal **attribute_commitments,
2330 NULL, // TSS_DAA_ATTRIB_COMMIT_internal **attribute_commitment_proofs,
2331 capital_Nv,
2332 capital_N_tilde_v,
2333 NULL, // CS_PUBLIC_KEY *anonymity_revocator_pk,
2334 NULL, // CS_ENCRYPTION_RESULT *encryption_result_rand,
2335 NULL //CS_ENCRYPTION_RESULT *encryption_result_proof)
2336 );
2337 if( ch == NULL) {
2338 LogError("malloc in compute_sign_challenge_host failed");
2339 result = TSPERR(TSS_E_OUTOFMEMORY);
2340 goto close;
2341 }
2342 result = Tcsip_TPM_DAA_Sign( tcsContext, hDAA,
2343 9,
2344 chLength, ch,
2345 0, NULL,
2346 &ownerAuth, &nonce_tpmLength, &nonce_tpm);
2347 if( result != TSS_SUCCESS) goto close;
2348 LogDebug( "done Sign 9 - compute sign challenge host. Return nonce_tpm");
2349 byte = (BYTE)signData.payloadFlag; // 0 -> payload contains a handle to an AIK
2350 // 1 -> payload contains a hashed message
2351 result = Tcsip_TPM_DAA_Sign( tcsContext, hDAA,
2352 10,
2353 sizeof(BYTE), &byte,
2354 signData.payloadLength, signData.payload,
2355 &ownerAuth, &c_bytesLength, &c_bytes);
2356 LogDebug("calculation of c: ch[%d]%s", chLength, dump_byte_array( chLength, ch));
2357 LogDebug("calculation of c: nonce_tpm[%d]%s",
2358 nonce_tpmLength,
2359 dump_byte_array( nonce_tpmLength, nonce_tpm));
2360 LogDebug("calculation of c: sign_data.payloadFlag[%d]%x",
2361 1,
2362 (int)signData.payloadFlag);
2363 LogDebug("calculation of c: signdata.payload[%d]%s",
2364 signData.payloadLength,
2365 dump_byte_array( signData.payloadLength, signData.payload));
2366
2367 if( result != TSS_SUCCESS) goto close;
2368 LogDebug( "done Sign 10 - compute signData.payload.");
2369 LogDebug(" Return c_bytes[%d]%s",
2370 c_bytesLength,
2371 dump_byte_array( c_bytesLength, c_bytes));
2372 c = bi_set_as_nbin( c_bytesLength, c_bytes); // allocation
2373 if( c == NULL) {
2374 LogError("malloc of bi <%s> failed", "c");
2375 result = TSPERR(TSS_E_OUTOFMEMORY);
2376 goto close;
2377 }
2378 result = Tcsip_TPM_DAA_Sign(
2379 tcsContext, hDAA,
2380 11,
2381 0, NULL,
2382 0, NULL,
2383 &ownerAuth, &outputSize, &outputData);
2384 if( result != TSS_SUCCESS)goto close;
2385 LogDebug( "done Sign 11. Return sF0");
2386 sF0 = bi_set_as_nbin( outputSize, outputData); // allocation
2387 if( sF0 == NULL) {
2388 LogError("malloc of bi <%s> failed", "sF0");
2389 result = TSPERR(TSS_E_OUTOFMEMORY);
2390 goto close;
2391 }
2392 free( outputData);
2393 result = Tcsip_TPM_DAA_Sign(
2394 tcsContext, hDAA,
2395 12,
2396 0, NULL,
2397 0, NULL,
2398 &ownerAuth, &outputSize, &outputData);
2399 if( result != TSS_SUCCESS) goto close;
2400 LogDebug( "done Sign 12. Return sF1");
2401 sF1 = bi_set_as_nbin( outputSize, outputData); // allocation
2402 if( sF1 == NULL) {
2403 LogError("malloc of bi <%s> failed", "sF1");
2404 result = TSPERR(TSS_E_OUTOFMEMORY);
2405 goto close;
2406 }
2407 free( outputData);
2408 result = Tcsip_TPM_DAA_Sign(
2409 tcsContext, hDAA,
2410 13,
2411 daaCredential->vBar0Length, daaCredential->vBar0,
2412 0, NULL,
2413 &ownerAuth, &outputSize, &outputData);
2414 if( result != TSS_SUCCESS) goto close;
2415 LogDebug( "done Sign 13. Return sV1");
2416 sV1 = bi_set_as_nbin( outputSize, outputData); // allocation
2417 if( sV1 == NULL) {
2418 LogError("malloc of bi <%s> failed", "sV1");
2419 result = TSPERR(TSS_E_OUTOFMEMORY);
2420 goto close;
2421 }
2422 free( outputData);
2423 result = Tcsip_TPM_DAA_Sign(
2424 tcsContext, hDAA,
2425 14,
2426 daaCredential->vBar0Length, daaCredential->vBar0,
2427 0, NULL,
2428 &ownerAuth, &outputSize, &outputData);
2429 if( result != TSS_SUCCESS) goto close;
2430 free( outputData);
2431 LogDebug( "done Sign 14.");
2432 result = Tcsip_TPM_DAA_Sign(
2433 tcsContext, hDAA,
2434 15,
2435 daaCredential->vBar1Length, daaCredential->vBar1,
2436 0, NULL,
2437 &ownerAuth, &outputSize, &outputData);
2438 if( result != TSS_SUCCESS) goto close;
2439 LogDebug( "done Sign 15. Return sV2");
2440 sV2 = bi_set_as_nbin( outputSize, outputData); // allocation
2441 if( sV2 == NULL) {
2442 LogError("malloc of bi <%s> failed", "sV2");
2443 result = TSPERR(TSS_E_OUTOFMEMORY);
2444 goto close;
2445 }
2446 free( outputData);
2447 // allocation
2448 e = bi_set_as_nbin( daaCredential->exponentLength, daaCredential->exponent);
2449 if( e == NULL) {
2450 LogError("malloc of bi <%s> failed", "e");
2451 result = TSPERR(TSS_E_OUTOFMEMORY);
2452 goto close;
2453 }
2454 // s_e = r_E + ( c * ( e - ( 1 << (sizeExponentCertificate -1))))
2455 s_E = bi_new_ptr();
2456 if( s_E == NULL) {
2457 LogError("malloc of bi <%s> failed", "s_E");
2458 result = TSPERR(TSS_E_OUTOFMEMORY);
2459 goto close;
2460 }
2461 bi_shift_left( tmp1, bi_1, DAA_PARAM_SIZE_EXPONENT_CERTIFICATE - 1);
2462 bi_sub( tmp1, e, tmp1);
2463 bi_mul( tmp1, c, tmp1);
2464 bi_add( s_E, r_E, tmp1);
2465 s_V = bi_new_ptr();
2466 if( s_V == NULL) {
2467 LogError("malloc of bi <%s> failed", "s_V");
2468 result = TSPERR(TSS_E_OUTOFMEMORY);
2469 goto close;
2470 }
2471 add_splitet( s_V, sV1, sV2);
2472 bi_add( s_V, s_V, r_V);
2473 bi_mul( tmp1, c, w);
2474 bi_mul( tmp1, tmp1, e);
2475 bi_sub( s_V, s_V, tmp1);
2476 // attributes extension
2477 // TODO verify the size of each selected attributes
2478 s_A = (bi_array_ptr)malloc( sizeof( struct _bi_array));
2479 if( s_A == NULL) {
2480 LogError("malloc of bi_array <%s> failed", "s_A");
2481 result = TSPERR(TSS_E_OUTOFMEMORY);
2482 goto close;
2483 }
2484 bi_new_array2( s_A, revealAttributes.indicesListLength);
2485 if( s_A->array == NULL) {
2486 LogError("malloc of bi_array <%s> failed", "s_A");
2487 result = TSPERR(TSS_E_OUTOFMEMORY);
2488 goto close;
2489 }
2490 for( i=0; i<(int)revealAttributes.indicesListLength; i++) {
2491 if( revealAttributes.indicesList[i] == 0) {
2492 s_A->array[i] = bi_new_ptr();
2493 if( s_A->array[i] == NULL) {
2494 LogError("malloc of bi <%s> failed", "s_A->array[i]");
2495 result = TSPERR(TSS_E_OUTOFMEMORY);
2496 goto close;
2497 }
2498 tmp2 = bi_set_as_nbin( DAA_PARAM_SIZE_F_I / 8,
2499 daaCredential->attributes[i]); // allocation
2500 if( tmp2 == NULL) {
2501 LogError("malloc of %d bytes failed", DAA_PARAM_SIZE_F_I / 8);
2502 result = TSPERR(TSS_E_OUTOFMEMORY);
2503 goto close;
2504 }
2505 bi_mul( tmp1, c, tmp2);
2506 // TODEL
2507 LogDebug("daaCredential->attributes[i]=%ld", bi_nbin_size( tmp2));
2508 LogDebug("r_A:%ld", bi_nbin_size( r_A->array[i]));
2509 LogDebug("c:%ld", bi_nbin_size( c));
2510 LogDebug("c*daaCredential->attributes[i]=%ld", bi_nbin_size( tmp1));
2511 // END TODEL
2512 bi_add( s_A->array[i], r_A->array[i], tmp1);
2513 bi_free_ptr( tmp2);
2514 } else s_A->array[i] = NULL;
2515 }
2516
2517 // Compose result structure
2518
2519 // DAASignaturePseudonym TODO: implement anonymity revocation
2520 // if ( !revocation_enabled)
2521 signature_pseudonym = pseudonym_plain;
2522
2523 // populate the signature (TSS_DAA_SIGNATURE)
2524 daaSignature->zeta = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( zeta));
2525 if (daaSignature->zeta == NULL) {
2526 LogError("malloc of %ld bytes failed", bi_nbin_size( zeta));
2527 result = TSPERR(TSS_E_OUTOFMEMORY);
2528 goto close;
2529 }
2530 bi_2_nbin1( &(daaSignature->zetaLength), daaSignature->zeta, zeta);
2531 daaSignature->capitalT = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( capital_T));
2532 if (daaSignature->capitalT == NULL) {
2533 LogError("malloc of %ld bytes failed", bi_nbin_size( capital_T));
2534 result = TSPERR(TSS_E_OUTOFMEMORY);
2535 goto close;
2536 }
2537 bi_2_nbin1( &(daaSignature->capitalTLength), daaSignature->capitalT, capital_T);
2538 daaSignature->challenge = (BYTE *)calloc_tspi( tcsContext, c_bytesLength);
2539 if (daaSignature->challenge == NULL) {
2540 LogError("malloc of %d bytes failed", c_bytesLength);
2541 result = TSPERR(TSS_E_OUTOFMEMORY);
2542 goto close;
2543 }
2544 daaSignature->challengeLength = c_bytesLength;
2545 memcpy( daaSignature->challenge, c_bytes, c_bytesLength);
2546 daaSignature->nonceTpm = (BYTE *)calloc_tspi( tcsContext, nonce_tpmLength);
2547 if (daaSignature->nonceTpm == NULL) {
2548 LogError("malloc of %d bytes failed", nonce_tpmLength);
2549 result = TSPERR(TSS_E_OUTOFMEMORY);
2550 goto close;
2551 }
2552 daaSignature->nonceTpmLength = nonce_tpmLength;
2553 memcpy( daaSignature->nonceTpm, nonce_tpm, nonce_tpmLength);
2554 daaSignature->sV = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( s_V));
2555 if (daaSignature->sV == NULL) {
2556 LogError("malloc of %ld bytes failed", bi_nbin_size( s_V));
2557 result = TSPERR(TSS_E_OUTOFMEMORY);
2558 goto close;
2559 }
2560 bi_2_nbin1( &(daaSignature->sVLength), daaSignature->sV, s_V);
2561 daaSignature->sF0 = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( sF0));
2562 if (daaSignature->sF0 == NULL) {
2563 LogError("malloc of %ld bytes failed", bi_nbin_size( sF0));
2564 result = TSPERR(TSS_E_OUTOFMEMORY);
2565 goto close;
2566 }
2567 bi_2_nbin1( &(daaSignature->sF0Length), daaSignature->sF0, sF0);
2568 daaSignature->sF1 = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( sF1));
2569 if (daaSignature->sF1 == NULL) {
2570 LogError("malloc of %ld bytes failed", bi_nbin_size( sF1));
2571 result = TSPERR(TSS_E_OUTOFMEMORY);
2572 goto close;
2573 }
2574 bi_2_nbin1( &(daaSignature->sF1Length), daaSignature->sF1, sF1);
2575 daaSignature->sE = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( s_E));
2576 if (daaSignature->sE == NULL) {
2577 LogError("malloc of %ld bytes failed", bi_nbin_size( s_E));
2578 result = TSPERR(TSS_E_OUTOFMEMORY);
2579 goto close;
2580 }
2581 bi_2_nbin1( &(daaSignature->sELength), daaSignature->sE, s_E);
2582 daaSignature->sALength = revealAttributes.indicesListLength;
2583 daaSignature->sA = (BYTE **)calloc_tspi(
2584 tcsContext,
2585 sizeof(BYTE *)*revealAttributes.indicesListLength);
2586 if (daaSignature->sA == NULL) {
2587 LogError("malloc of %d bytes failed",
2588 sizeof(BYTE *)*revealAttributes.indicesListLength);
2589 result = TSPERR(TSS_E_OUTOFMEMORY);
2590 goto close;
2591 }
2592 length = (DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES + 7) / 8;
2593 for( i=0; i<(int)revealAttributes.indicesListLength; i++) {
2594 daaSignature->sA[i] = calloc_tspi( tcsContext, length);
2595 if (daaSignature->sA[i] == NULL) {
2596 LogError("malloc of %d bytes failed", length);
2597 result = TSPERR(TSS_E_OUTOFMEMORY);
2598 goto close;
2599 }
2600 if( s_A->array[i] == NULL)
2601 bi_2_byte_array( daaSignature->sA[i], length, bi_0);
2602 else {
2603 bi_2_byte_array( daaSignature->sA[i], length, s_A->array[i]);
2604 LogDebug("size big_integer s_A[i] = %ld size daaSignature->sA[i]=%d",
2605 bi_nbin_size( s_A->array[i]), length);
2606 }
2607 }
2608 daaSignature->attributeCommitmentsLength = 0;
2609 daaSignature->signedPseudonym = signature_pseudonym;
2610 close:
2611 bi_free_ptr( tmp1);
2612 if( c_bytes != NULL) free( c_bytes);
2613 if( ch != NULL) free( ch);
2614 if( nonce_tpm != NULL) free( nonce_tpm);
2615 if( encryption_result !=NULL) free( encryption_result);
2616 if( encryption_result_tilde !=NULL) free( encryption_result_tilde);
2617 if( issuer_settings != NULL) free( issuer_settings);
2618 if( r_A != NULL) {
2619 for( i=0; i<(int)revealAttributes.indicesListLength; i++)
2620 if( r_A->array[i] != NULL) bi_free_ptr( r_A->array[i]);
2621 free( r_A);
2622 }
2623 FREE_BI( s_V);
2624 FREE_BI( s_E);
2625 FREE_BI( e);
2626 FREE_BI( sV2);
2627 FREE_BI( sV1);
2628 FREE_BI( sF1);
2629 FREE_BI( sF0);
2630 FREE_BI( c);
2631 FREE_BI( product_R);
2632 FREE_BI( capital_A);
2633 FREE_BI( capital_T_tilde);
2634 FREE_BI( r_V);
2635 FREE_BI( r_E);
2636 FREE_BI( capital_T);
2637 FREE_BI( w);
2638 FREE_BI( capital_N_tilde_v);
2639 FREE_BI( capital_Nv);
2640 FREE_BI( t_tilde_T);
2641 FREE_BI( n);
2642 FREE_BI( capital_gamma);
2643 FREE_BI( gamma);
2644 FREE_BI( zeta);
2645 FREE_BI( r);
2646 free_TSS_DAA_PK_internal( pk_intern);
2647 free_TPM_DAA_ISSUER( tpm_daa_issuer);
2648 return result;
2649 }
2650