1 2 /* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004 8 * 9 */ 10 11 12 #include <stdlib.h> 13 #include <stdio.h> 14 #include <string.h> 15 #include <malloc.h> 16 17 #include "trousers/tss.h" 18 #include "trousers/trousers.h" 19 #include "trousers_types.h" 20 //#include "trousers_types.h" 21 #include "spi_utils.h" 22 //#include "capabilities.h" 23 #include "tsplog.h" 24 //#include "tcs_tsp.h" 25 //#include "tspps.h" 26 //#include "hosttable.h" 27 //#include "tcsd_wrap.h" 28 //#include "tcsd.h" 29 #include "obj.h" 30 #include "daa/issuer.h" 31 #include "daa/platform.h" 32 #include "daa/verifier.h" 33 #include "daa/anonymity_revocation.h" 34 35 #include "daa/key_correct.h" 36 #include "daa/issuer.h" 37 38 // static TSS_HCONTEXT _hContext; 39 40 static void *tss_alloc( size_t size, TSS_HOBJECT hContext) { 41 void *ret = calloc_tspi( hContext, size); 42 43 LogDebug("[intern_alloc (%d)] -> %d", (int)size, (int)ret); 44 return ret; 45 } 46 47 /* 48 static void *normal_malloc( size_t size, TSS_HOBJECT object) { 49 void *ret = malloc( size); 50 return ret; 51 } 52 */ 53 54 /** 55 This is the first out of 3 functions to execute in order to receive a DAA Credential. 56 It verifies the keys of the DAA Issuer and computes the TPM DAA public key. 57 58 Parameters 59 - hDAA: Handle of the DAA object 60 - hTPM: Handle of the TPM object 61 - daaCounter: DAA counter 62 - issuerPk: Handle of the DAA Issuer public key 63 - issuerAuthPKsLength: Length of the array of issuerAuthPKs 64 - issuerAuthPKs:Handle of an array of RSA public keys (key chain) of the DAA Issuer used 65 to authenticate the DAA Issuer public key. The size of the modulus 66 must be TPM_DAA_SIZE_issuerModulus (256) 67 - issuerAuthPKSignaturesLength:Length of the array of issuerAuthPKSignatures. It is equal 68 to issuerAuthPKsLength . The length of an element of the array is 69 TPM_DAA_SIZE_issuerModulus (256) 70 - issuerAuthPKSignatures: An array of byte arrays representing signatures on the modulus 71 of the above key chain (issuerAuthPKs) in more details, the array has the 72 following content (S(K[1],K[0]),S(K[2],N[1]),..S(K[ k ],K[n-1]), 73 S(TPM_DAA_ISSUER,K[ k ])), where S(msg,privateKey) denotes 74 the signature function with msg being signed by the privateKey. 75 - capitalUprimeLength: Length of capitalUprime which is ln/8. ln is defined as the size of the RSA modulus (2048). 76 - capitalUprime: U? 77 - identityProof: This structure contains the endorsement, platform and conformance credential. 78 - joinSession: This structure contains DAA Join session information. 79 */ 80 #if 0 81 TSPICALL 82 Tspi_TPM_DAA_JoinInit(TSS_HDAA hDAA, // in 83 TSS_HTPM hTPM, // in 84 UINT32 daaCounter, // in 85 TSS_HDAA_DATA issuerPk, // in 86 UINT32 issuerAuthPKsLength, // in 87 TSS_HKEY* issuerAuthPKs, // in 88 UINT32 issuerAuthPKSignaturesLength, // in 89 BYTE** issuerAuthPKSignatures, // in 90 UINT32* capitalUprimeLength, // out 91 BYTE** capitalUprime, // out 92 TSS_DAA_IDENTITY_PROOF** identityProof, // out 93 TSS_DAA_JOIN_SESSION** joinSession) // out 94 { 95 TSS_RESULT result; 96 #ifdef TSS_DEBUG 97 int before = mallinfo().uordblks; 98 #endif 99 100 LogDebug("-> TSPI_TPM_DAA_joinInit hDAA=%x hTPM=%x daaCounter=%x issuerPk=%x", 101 (int)hDAA, (int)hTPM, daaCounter, (int)issuerPk); 102 result = Tspi_TPM_DAA_JoinInit_internal( 103 hDAA, 104 hTPM, 105 daaCounter, 106 (TSS_DAA_PK *)issuerPk, 107 issuerAuthPKsLength, 108 (RSA **)issuerAuthPKs, 109 issuerAuthPKSignaturesLength, 110 issuerAuthPKSignatures, 111 capitalUprimeLength, 112 capitalUprime, 113 identityProof, 114 joinSession); 115 bi_flush_memory(); 116 117 LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d",mallinfo().uordblks-before); 118 LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result); 119 return result; 120 } 121 #else 122 TSS_RESULT 123 Tspi_TPM_DAA_JoinInit(TSS_HTPM hTPM, /* in */ 124 TSS_HDAA_ISSUER_KEY hIssuerKey, /* in */ 125 UINT32 daaCounter, /* in */ 126 UINT32 issuerAuthPKsLength, /* in */ 127 TSS_HKEY* issuerAuthPKs, /* in */ 128 UINT32 issuerAuthPKSignaturesLength, /* in */ 129 UINT32 issuerAuthPKSignaturesLength2, /* in */ 130 BYTE** issuerAuthPKSignatures, /* in */ 131 UINT32* capitalUprimeLength, /* out */ 132 BYTE** capitalUprime, /* out */ 133 TSS_DAA_IDENTITY_PROOF** identityProof, /* out */ 134 UINT32* joinSessionLength, /* out */ 135 BYTE** joinSession) /* out */ 136 { 137 TSS_RESULT result; 138 #ifdef TSS_DEBUG 139 int before = mallinfo().uordblks; 140 #endif 141 142 if (!capitalUprimeLength || !capitalUprime || !identityProof || !joinSessionLength || 143 !joinSession) 144 return TSPERR(TSS_E_BAD_PARAMETER); 145 146 result = Tspi_TPM_DAA_JoinInit_internal(hTPM, hIssuerKey, daaCounter, issuerAuthPKsLength, 147 issuerAuthPKs, issuerAuthPKSignaturesLength, 148 issuerAuthPKSignaturesLength2, 149 issuerAuthPKSignatures, capitalUprimeLength, 150 capitalUprime, identityProof, joinSessionLength, 151 joinSession); 152 153 bi_flush_memory(); 154 155 LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d",mallinfo().uordblks-before); 156 LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result); 157 158 return result; 159 } 160 #endif 161 /** 162 This function is part of the DAA Issuer component. It defines the generation of a DAA Issuer 163 public and secret key. Further it defines the generation of a non-interactive proof (using 164 the Fiat-Shamir heuristic) that the public keys were chosen correctly. The latter will guarantee 165 the security requirements of the platform (respectively, its user), i.e., that the privacy and 166 anonymity of signatures will hold. 167 The generation of the authentication keys of the DAA Issuer, which are used to authenticate 168 (main) DAA Issuer keys, is not defined by this function. 169 This is an optional function and does not require a TPM or a TCS. 170 171 Parameters 172 - hDAA: Handle of the DAA object 173 - issuerBaseNameLength: Length of issuerBaseName 174 - issuerBaseName: Unique name of the DAA Issuer 175 - numberPlatformAttributes: Number of attributes that the Platform can choose and which 176 will not be visible to the Issuer. 177 - numberIssuerAttributes:Number of attributes that the Issuer can choose and which will 178 be visible to both the Platform and the Issuer. 179 - keyPair: Handle of the main DAA Issuer key pair (private and public portion) 180 - publicKeyProof:Handle of the proof of the main DAA Issuer public key 181 */ 182 #if 0 183 TSPICALL 184 Tspi_DAA_IssueSetup(TSS_HDAA hDAA, // in 185 UINT32 issuerBaseNameLength, // in 186 BYTE* issuerBaseName, // in 187 UINT32 numberPlatformAttributes, // in 188 UINT32 numberIssuerAttributes, // in 189 TSS_HDAA_DATA* keyPair, // out (TSS_KEY_PAIR) 190 TSS_HDAA_DATA* publicKeyProof) // out (TSS_DAA_PK_PROOF) 191 { 192 TSS_RESULT result; 193 KEY_PAIR_WITH_PROOF_internal *key_proof; 194 TSS_DAA_KEY_PAIR *tss_daa_key_pair; 195 TSS_HCONTEXT hContext; 196 #ifdef TSS_DEBUG 197 int before = mallinfo().uordblks; 198 #endif 199 200 LogDebug( "TSPI_DAA_IssueSetup hDAA=%d ",hDAA); 201 // TODO: lock access to _hContext 202 if ((result = obj_daa_get_tsp_context(hDAA, &hContext))) 203 return result; 204 result = generate_key_pair(numberIssuerAttributes, 205 numberPlatformAttributes, 206 issuerBaseNameLength, 207 issuerBaseName, 208 &key_proof); 209 if (result != TSS_SUCCESS) 210 return result; 211 LogDebug("TSPI_DAA_IssueSetup convert internal structure to public allocated using tspi_alloc"); 212 LogDebug("key_proof->proof->length_challenge=%d key_proof->proof->length_response=%d", 213 key_proof->proof->length_challenge, key_proof->proof->length_response); 214 // prepare out parameters 215 *publicKeyProof = i_2_e_TSS_DAA_PK_PROOF( key_proof->proof, &tss_alloc, hContext); 216 217 tss_daa_key_pair = (TSS_DAA_KEY_PAIR *)tss_alloc( sizeof(TSS_DAA_KEY_PAIR), hContext); 218 if (tss_daa_key_pair == NULL) { 219 LogError("malloc of %d bytes failed", sizeof(TSS_DAA_KEY_PAIR)); 220 result = TSPERR(TSS_E_OUTOFMEMORY); 221 goto close; 222 } 223 tss_daa_key_pair->private_key = i_2_e_TSS_DAA_PRIVATE_KEY( key_proof->private_key, 224 &tss_alloc, 225 hContext); 226 tss_daa_key_pair->public_key = i_2_e_TSS_DAA_PK( key_proof->pk, 227 &tss_alloc, 228 hContext); 229 *keyPair = (TSS_HKEY)tss_daa_key_pair; 230 close: 231 bi_flush_memory(); 232 233 LogDebug("TSPI_DAA_IssueSetup ALLOC DELTA:%d", mallinfo().uordblks-before); 234 LogDebug( "TSPI_DAA_IssueSetup end return=%d ",result); 235 return result; 236 } 237 #else 238 TSS_RESULT 239 Tspi_DAA_Issuer_GenerateKey(TSS_HDAA_ISSUER_KEY hIssuerKey, // in 240 UINT32 issuerBaseNameLength, // in 241 BYTE* issuerBaseName) // in 242 { 243 TSS_RESULT result; 244 KEY_PAIR_WITH_PROOF_internal *key_proof; 245 TSS_DAA_KEY_PAIR *tss_daa_key_pair; 246 TSS_HCONTEXT tspContext; 247 UINT32 numberPlatformAttributes, numberIssuerAttributes; 248 #ifdef TSS_DEBUG 249 int before = mallinfo().uordblks; 250 #endif 251 252 if ((result = obj_daaissuerkey_get_tsp_context(hIssuerKey, &tspContext))) 253 return result; 254 255 if ((result = obj_daaissuerkey_get_attribs(hIssuerKey, &numberIssuerAttributes, 256 &numberPlatformAttributes))) 257 return result; 258 259 if ((result = generate_key_pair(numberIssuerAttributes, numberPlatformAttributes, 260 issuerBaseNameLength, issuerBaseName, &key_proof))) 261 return result; 262 263 LogDebugFn("convert internal structure to public allocated using tspi_alloc"); 264 LogDebug("key_proof->proof->length_challenge=%d key_proof->proof->length_response=%d", 265 key_proof->proof->length_challenge, key_proof->proof->length_response); 266 267 // prepare out parameters 268 *publicKeyProof = i_2_e_TSS_DAA_PK_PROOF( key_proof->proof, &tss_alloc, tspContext); 269 270 tss_daa_key_pair = (TSS_DAA_KEY_PAIR *)tss_alloc( sizeof(TSS_DAA_KEY_PAIR), tspContext); 271 if (tss_daa_key_pair == NULL) { 272 LogError("malloc of %d bytes failed", sizeof(TSS_DAA_KEY_PAIR)); 273 result = TSPERR(TSS_E_OUTOFMEMORY); 274 goto close; 275 } 276 tss_daa_key_pair->private_key = i_2_e_TSS_DAA_PRIVATE_KEY( key_proof->private_key, 277 &tss_alloc, 278 tspContext); 279 tss_daa_key_pair->public_key = i_2_e_TSS_DAA_PK( key_proof->pk, 280 &tss_alloc, 281 tspContext); 282 *keyPair = (TSS_HKEY)tss_daa_key_pair; 283 close: 284 bi_flush_memory(); 285 286 LogDebug("TSPI_DAA_IssueSetup ALLOC DELTA:%d", mallinfo().uordblks-before); 287 LogDebug( "TSPI_DAA_IssueSetup end return=%d ",result); 288 return result; 289 } 290 #endif 291 /** 292 This function is part of the DAA Issuer component. It's the first function out of 2 in order to 293 issue a DAA Credential for a TCG Platform. It assumes that the endorsement key and its 294 associated credentials are from a genuine and valid TPM. (Verification of the credentials is 295 a process defined by the TCG Infrastructure WG.) 296 This is an optional function and does not require a TPM or a TCS. 297 */ 298 TSPICALL 299 Tspi_DAA_IssueInit(TSS_HDAA hDAA, // in 300 TSS_HKEY issuerAuthPK, // in 301 TSS_HDAA_DATA issuerKeyPair, // in (TSS_DAA_KEY_PAIR) 302 TSS_DAA_IDENTITY_PROOF* identityProof, // in 303 UINT32 capitalUprimeLength, // in 304 BYTE* capitalUprime, // in 305 UINT32 daaCounter, // in 306 UINT32* nonceIssuerLength, // out 307 BYTE** nonceIssuer, // out 308 UINT32* authenticationChallengeLength, // out 309 BYTE** authenticationChallenge, // out 310 TSS_DAA_JOIN_ISSUER_SESSION** joinSession) // out 311 { 312 TSS_RESULT result; 313 #ifdef TSS_DEBUG 314 int before = mallinfo().uordblks; 315 #endif 316 317 LogDebug("Tspi_DAA_IssueInit_internal hDAA=%d daaCounter=%d", (int)hDAA, (int)daaCounter); 318 result = Tspi_DAA_IssueInit_internal( 319 hDAA, // in 320 issuerAuthPK, // in 321 issuerKeyPair, // in 322 identityProof, // in 323 capitalUprimeLength, // in 324 capitalUprime, // in 325 daaCounter, // in 326 nonceIssuerLength, // out 327 nonceIssuer, // out 328 authenticationChallengeLength, // out 329 authenticationChallenge, // out 330 joinSession // out 331 ); 332 bi_flush_memory(); 333 334 LogDebug("Tspi_DAA_IssueInit_internal ALLOC DELTA:%d", mallinfo().uordblks-before); 335 336 return result; 337 } 338 339 /** 340 This function verifies the DAA public key of a DAA Issuer with respect to its associated proof. 341 This is a resource consuming task. It can be done by trusted third party (certification). 342 This is an optional function and does not require a TPM or a TCS. 343 Parameters: 344 - hDAA: Handle of the DAA object 345 - issuerPk: DAA Issuer public key 346 - issuerPkProof: Proofs the correctness of the DAA Issuer public key 347 - isCorrect: Proofs the correctness of the DAA Issuer public key 348 */ 349 TSPICALL 350 Tspi_DAA_IssuerKeyVerification(TSS_HDAA hDAA, // in 351 TSS_HDAA_DATA issuerPk, // in (TSS_DAA_PK) 352 TSS_HDAA_DATA issuerPkProof, // in (TSS_DAA_PK_PROOF) 353 TSS_BOOL* isCorrect) // out 354 { 355 TSS_RESULT result; 356 int is_correct; 357 #ifdef TSS_DEBUG 358 int before = mallinfo().uordblks; 359 #endif 360 361 LogDebug("TSPI_DAA_IssuerKeyVerification hDAA=%ld issuerPk=%ld issuerPkProof=%ld", 362 (long)hDAA, (long)issuerPk, (long)issuerPkProof); 363 TSS_DAA_PK_internal *pk_internal = e_2_i_TSS_DAA_PK( (TSS_DAA_PK *)issuerPk); 364 TSS_DAA_PK_PROOF_internal *proof_internal = e_2_i_TSS_DAA_PK_PROOF( issuerPkProof); 365 LogDebug( "challenge=[%s]", dump_byte_array( proof_internal->length_challenge, 366 proof_internal->challenge)); 367 result = is_pk_correct( pk_internal, proof_internal, &is_correct ); 368 if( is_correct) *isCorrect = TRUE; 369 else *isCorrect = FALSE; 370 bi_flush_memory(); 371 #ifdef TSS_DEBUG 372 LogDebug("TSPI_DAA_IssuerKeyVerification ALLOC DELTA:%d", mallinfo().uordblks-before); 373 #endif 374 return result; 375 } 376 377 /** 378 This function is part of the DAA Issuer component. It?s the last function out of 2 in order to 379 issue DAA Credential for a TCG Platform. It detects rogue TPM according to published rogue 380 TPM DAA keys. 381 This is an optional function and does not require a TPM or a TCS. 382 */ 383 TSPICALL 384 Tspi_DAA_IssueCredential(TSS_HDAA hDAA, // in 385 UINT32 attributesIssuerLength, // in 386 BYTE** attributesIssuer, // in 387 TSS_DAA_CREDENTIAL_REQUEST* credentialRequest, // in 388 TSS_DAA_JOIN_ISSUER_SESSION* joinSession, // in 389 TSS_DAA_CRED_ISSUER** credIssuer) // out 390 { 391 TSS_RESULT result; 392 #ifdef TSS_DEBUG 393 int before = mallinfo().uordblks; 394 #endif 395 396 LogDebug("Tspi_DAA_IssueCredential hDAA=%d attributesIssuerLength=%d", 397 (int)hDAA, 398 (int)attributesIssuerLength); 399 result = Tspi_DAA_IssueCredential_internal( 400 hDAA, 401 attributesIssuerLength, 402 attributesIssuer, 403 credentialRequest, 404 joinSession, 405 credIssuer 406 ); 407 bi_flush_memory(); 408 #ifdef TSS_DEBUG 409 LogDebug("Tspi_DAA_IssueCredential ALLOC DELTA:%d", mallinfo().uordblks-before); 410 #endif 411 return result; 412 } 413 414 415 /** 416 This function is part of the DAA Verifier component. It is the first function out of 2 in order 417 to verify a DAA credential of a TCG platform. It creates a challenge for the TCG platform.last 418 function out of 2 in order to issue a This is an optional function and does not require a 419 TPM or a TCS. 420 */ 421 TSPICALL 422 Tspi_DAA_VerifyInit(TSS_HDAA hDAA, // in 423 UINT32* nonceVerifierLength, // out 424 BYTE** nonceVerifier, // out 425 UINT32* baseNameLength, // out 426 BYTE** baseName) // out 427 { 428 TSS_RESULT result; 429 #ifdef TSS_DEBUG 430 int before = mallinfo().uordblks; 431 #endif 432 433 // TODO which interface to use ? with or without baseName ? 434 LogDebug("Tspi_DAA_VerifyInit hDAA=%d", (int)hDAA); 435 result = Tspi_DAA_VerifyInit_internal( hDAA, 436 nonceVerifierLength, 437 nonceVerifier, 438 baseNameLength, 439 baseName); 440 bi_flush_memory(); 441 #ifdef TSS_DEBUG 442 LogDebug("Tspi_DAA_VerifyInit ALLOC DELTA:%d", mallinfo().uordblks-before); 443 #endif 444 return result; 445 } 446 447 448 /** 449 This function is part of the DAA Verifier component. It is the last function out of 2 in 450 order to verify a DAA Credential of a TCG Platform. It verifies the DAA credential and 451 detects public rogue TPMs. This is an optional function and does not require a TPM 452 or a TCS. 453 */ 454 TSPICALL 455 Tspi_DAA_VerifySignature(TSS_HDAA hDAA, // in 456 TSS_DAA_SIGNATURE* daaSignature, // in 457 TSS_HDAA_DATA hPubKeyIssuer, // in (TSS_DAA_PK) 458 TSS_DAA_SIGN_DATA* signData, // in 459 UINT32 attributesLength, // in 460 BYTE** attributes, // in 461 UINT32 nonceVerifierLength,// in 462 BYTE* nonceVerifier, // in 463 UINT32 baseNameLength, // in 464 BYTE* baseName, // in 465 TSS_BOOL* isCorrect) // out 466 { 467 TSS_RESULT result; 468 #ifdef TSS_DEBUG 469 int before = mallinfo().uordblks; 470 #endif 471 472 LogDebug("Tspi_DAA_VerifySignature hDAA=%d", (int)hDAA); 473 result = Tspi_DAA_VerifySignature_internal( hDAA, 474 daaSignature, 475 hPubKeyIssuer, 476 signData, 477 attributesLength, 478 attributes, 479 nonceVerifierLength, 480 nonceVerifier, 481 baseNameLength, 482 baseName, 483 isCorrect); 484 bi_flush_memory(); 485 #ifdef TSS_DEBUG 486 LogDebug("Tspi_DAA_VerifySignature ALLOC DELTA:%d", mallinfo().uordblks-before); 487 #endif 488 return result; 489 } 490 491 492 /** 493 This function is part of the DAA Issuer component. It is the last function out of 2 in 494 order to issue a DAA Credential for a TCG Platform. It detects rogue TPM according 495 to published rogue TPM DAA keys. 496 This is an optional function and does not require a TPM or a TCS. 497 498 Parameters 499 - hDAA: Handle of the DAA object 500 - daaPublicKey: daaPublickKey 501 - keyPair: Public and private key of the DAA Anonymity Revocation Authority to encrypt 502 the pseudonym of a DAA Signature 503 */ 504 TSPICALL 505 Tspi_DAA_RevokeSetup(TSS_HDAA hDAA, // in 506 TSS_HDAA_DATA daaPublicKey, // in 507 TSS_HDAA_DATA* arPublicKey, // out (TSS_DAA_AR_PK) 508 TSS_HDAA_DATA* arPrivateKey) // out (TSS_DAA_AR_SK) 509 { 510 TSS_RESULT result; 511 #ifdef TSS_DEBUG 512 int before = mallinfo().uordblks; 513 #endif 514 515 result = Tspi_DAA_RevokeSetup_internal( 516 hDAA, // in 517 //TODO: remove cast when the above interface is changed 518 daaPublicKey, // in 519 keyPair // out 520 ); 521 bi_flush_memory(); 522 #ifdef TSS_DEBUG 523 LogDebug("Tspi_DAA_RevokeSetup ALLOC DELTA:%d", mallinfo().uordblks-before); 524 #endif 525 return TSS_SUCCESS; 526 } 527 528 529 /** 530 This function is part of the DAA Anonymity Revocation Authority component. It defines the 531 Cramer-Shoup decryption algorithm to revoke the anonymity of a DAA Signature. The pseudonym, 532 with respect to either the DAA Verifier?s base name, the DAA Issuer?s base name or (just for 533 completeness) a random base name, can be revealed. 534 The pseudonym with respect to a DAA Signature and the used base name is V N . An encryption of 535 V N is the tuple (d1,d 2 ,d 3,d 4 ) and is decrypted using the secret key ( 0 5 x ,?, x ), the 536 decryption condition and the DAA public key. 537 This is an optional function and does not require a TPM or a TCS. 538 539 Parameters: 540 - hDAA: Handle of the DAA object 541 - encryptedPseudonym: encryptedPseudonym 542 - decryptCondition: Condition for the decryption of the pseudonym. 543 - arPrivateKey: arPrivateKey 544 - daaPublicKey: daaPublicKey 545 - pseudonym: pseudonym 546 */ 547 TSPICALL 548 Tspi_DAA_ARDecrypt(TSS_HDAA hDAA, // in 549 TSS_DAA_PSEUDONYM_ENCRYPTED* encryptedPseudonym, // in 550 TSS_HHASH decryptCondition, // in 551 TSS_HDAA_DATA arPrivateKey, // in (TSS_DAA_AR_SK) 552 TSS_HDAA_DATA daaPublicKey, // in (TSS_DAA_PK) 553 TSS_DAA_PSEUDONYM_PLAIN** pseudonym) // out 554 { 555 TSS_RESULT result; 556 #ifdef TSS_DEBUG 557 int before = mallinfo().uordblks; 558 #endif 559 560 result = Tspi_DAA_ARDecrypt_internal( 561 hDAA, // in 562 encryptedPseudonym, // in 563 decryptCondition, // in 564 //TODO: remove cast when the above interface is changed 565 (void *)arPrivateKey, // in 566 (void *)daaPublicKey, // in 567 pseudonym // out 568 ); 569 bi_flush_memory(); 570 #ifdef TSS_DEBUG 571 LogDebug("Tspi_DAA_ARDecrypt ALLOC DELTA:%d", mallinfo().uordblks-before); 572 #endif 573 return result; 574 } 575 576 /** 577 This is the second out of 3 functions to execute in order to receive a DAA Credential. It 578 computes the credential request for the DAA Issuer, which also includes the Platform 579 DAA public key and the attributes that were chosen by the Platform, and which are not 580 visible to the DAA Issuer. The Platform can commit to the attribute values it has chosen. 581 */ 582 TSPICALL 583 Tspi_TPM_DAA_JoinCreateDaaPubKey(TSS_HDAA hDAA, // in 584 TSS_HTPM hTPM, // in 585 UINT32 authenticationChallengeLength,// in 586 BYTE* authenticationChallenge, // in 587 UINT32 nonceIssuerLength, // in 588 BYTE* nonceIssuer, // in 589 UINT32 attributesPlatformLength, // in 590 BYTE** attributesPlatform, // in 591 TSS_DAA_JOIN_SESSION* joinSession, // in, out 592 TSS_DAA_CREDENTIAL_REQUEST** credentialRequest) // out 593 { 594 TSS_RESULT result; 595 #ifdef TSS_DEBUG 596 int before = mallinfo().uordblks; 597 #endif 598 599 LogDebug("Tspi_TPM_DAA_JoinCreateDaaPubKey hDAA=%d joinSession=%d", 600 (int)hDAA, (int)joinSession); 601 result = Tspi_TPM_DAA_JoinCreateDaaPubKey_internal( 602 hDAA, // in 603 hTPM, // in 604 authenticationChallengeLength, // in 605 authenticationChallenge, // in 606 nonceIssuerLength, // in 607 nonceIssuer, // in 608 attributesPlatformLength, // in 609 attributesPlatform, // in 610 joinSession, // in, out 611 credentialRequest // out 612 ); 613 bi_flush_memory(); 614 #ifdef TSS_DEBUG 615 LogDebug("Tspi_TPM_DAA_JoinCreateDaaPubKey ALLOC DELTA:%d", mallinfo().uordblks-before); 616 #endif 617 return result; 618 } 619 620 621 /** 622 This is the last out of 3 functions to execute in order to receive a DAA Credential. 623 It verifies the issued credential from the DAA Issuer and computes the final DAA Credential. 624 */ 625 TSPICALL 626 Tspi_TPM_DAA_JoinStoreCredential(TSS_HDAA hDAA, // in 627 TSS_HTPM hTPM, // in 628 TSS_DAA_CRED_ISSUER* credIssuer, // in 629 TSS_DAA_JOIN_SESSION* joinSession, // in 630 TSS_HDAA_DATA* phDaaCredential) // out (TSS_DAA_CREDENTIAL) 631 { 632 TSS_RESULT result; 633 #ifdef TSS_DEBUG 634 int before = mallinfo().uordblks; 635 #endif 636 637 LogDebug("Tspi_TPM_DAA_JoinStoreCredential hDAA=%d credIssuer=%d joinSession=%d", 638 (int)hDAA, (int)&credIssuer, (int)&joinSession); 639 result = Tspi_TPM_DAA_JoinStoreCredential_internal(hDAA, 640 hTPM, 641 credIssuer, 642 joinSession, 643 phDaaCredential); 644 bi_flush_memory(); 645 #ifdef TSS_DEBUG 646 LogDebug("Tspi_TPM_DAA_JoinStoreCredential ALLOC DELTA:%d", mallinfo().uordblks-before); 647 #endif 648 return result; 649 } 650 651 652 /** 653 This function creates a DAA Signature that proofs ownership of the DAA Credential and 654 includes a signature on either a public AIK or a message. 655 If anonymity revocation is enabled, the value Nv is not provided in the clear anymore but 656 encrypted under the public key of anonymity revocation authority, a trusted third party (TTP). 657 Thus the DAA Verifier cannot check for revocation or link a transaction/signature to prior ones. 658 Depending on how z is chosen, the protocol either allows to implementing anonymity revocation 659 (i.e., using the DAA Issuer long-term base name bsn I as the DAA Verifier base name bsnV ), or 660 having the TTP doing the linking of different signatures for the same DAA Verifier (i.e., 661 using the DAA Verifier base name ). 662 */ 663 TSPICALL 664 Tspi_TPM_DAA_Sign(TSS_HDAA hDAA, // in 665 TSS_HTPM hTPM, // in 666 TSS_HDAA_DATA hDaaCredential, // in (TSS_DAA_CREDENTIAL) 667 TSS_DAA_SELECTED_ATTRIB* revealAttributes, // in 668 UINT32 verifierBaseNameLength, // in 669 BYTE* verifierBaseName, // in 670 UINT32 verifierNonceLength, // in 671 BYTE* verifierNonce, // in 672 TSS_DAA_SIGN_DATA* signData, // in 673 TSS_DAA_SIGNATURE** daaSignature) // out 674 { 675 TSS_RESULT result; 676 #ifdef TSS_DEBUG 677 int before = mallinfo().uordblks; 678 #endif 679 680 LogDebug("-> TSPI_TPM_DAA_Sign hDAA=%ld hTPM=%ld ", (long)hDAA, (long)hTPM); 681 682 result = Tspi_TPM_DAA_Sign_internal(hDAA, 683 hTPM, 684 hDaaCredential, 685 revealAttributes, 686 verifierBaseNameLength, 687 verifierBaseName, 688 verifierNonceLength, 689 verifierNonce, 690 signData, 691 daaSignature); 692 bi_flush_memory(); 693 #ifdef TSS_DEBUG 694 LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d", mallinfo().uordblks-before); 695 #endif 696 LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result); 697 return result; 698 } 699