1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2004
8  *
9  */
10 
11 
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <malloc.h>
16 
17 #include "trousers/tss.h"
18 #include "trousers/trousers.h"
19 #include "trousers_types.h"
20 //#include "trousers_types.h"
21 #include "spi_utils.h"
22 //#include "capabilities.h"
23 #include "tsplog.h"
24 //#include "tcs_tsp.h"
25 //#include "tspps.h"
26 //#include "hosttable.h"
27 //#include "tcsd_wrap.h"
28 //#include "tcsd.h"
29 #include "obj.h"
30 #include "daa/issuer.h"
31 #include "daa/platform.h"
32 #include "daa/verifier.h"
33 #include "daa/anonymity_revocation.h"
34 
35 #include "daa/key_correct.h"
36 #include "daa/issuer.h"
37 
38 // static TSS_HCONTEXT _hContext;
39 
tss_alloc(size_t size,TSS_HOBJECT hContext)40 static void *tss_alloc( size_t size, TSS_HOBJECT hContext) {
41           void *ret = calloc_tspi( hContext, size);
42 
43           LogDebug("[intern_alloc (%d)] -> %d", (int)size, (int)ret);
44           return ret;
45 }
46 
47 /*
48 static void *normal_malloc( size_t size, TSS_HOBJECT object) {
49           void *ret = malloc( size);
50           return ret;
51 }
52 */
53 
54 /**
55 This is the first out of 3 functions to execute in order to receive a DAA Credential.
56 It verifies the keys of the DAA Issuer and computes the TPM DAA public key.
57 
58 Parameters
59           - hDAA:             Handle of the DAA object
60           - hTPM:             Handle of the TPM object
61           - daaCounter:       DAA counter
62           - issuerPk:         Handle of the DAA Issuer public key
63           - issuerAuthPKsLength:        Length of the array of issuerAuthPKs
64           - issuerAuthPKs:Handle of an array of RSA public keys (key chain) of the DAA Issuer used
65                                         to authenticate the DAA Issuer public key. The size of the modulus
66                                         must be TPM_DAA_SIZE_issuerModulus (256)
67           - issuerAuthPKSignaturesLength:Length of the array of issuerAuthPKSignatures. It is equal
68                                         to issuerAuthPKsLength . The length of an element of the array is
69                                         TPM_DAA_SIZE_issuerModulus (256)
70           - issuerAuthPKSignatures: An array of byte arrays representing signatures on the modulus
71                                         of the above key chain (issuerAuthPKs) in more details, the array has the
72                                         following content (S(K[1],K[0]),S(K[2],N[1]),..S(K[ k ],K[n-1]),
73                                         S(TPM_DAA_ISSUER,K[ k ])), where S(msg,privateKey) denotes
74                                         the signature function with msg being signed by the privateKey.
75           - capitalUprimeLength: Length of capitalUprime which is ln/8. ln is defined as the size of the RSA modulus (2048).
76           - capitalUprime: U?
77           - identityProof: This structure contains the endorsement, platform and conformance credential.
78           - joinSession: This structure contains DAA Join session information.
79 */
80 #if 0
81 TSPICALL
82 Tspi_TPM_DAA_JoinInit(TSS_HDAA                 hDAA,                                      // in
83                           TSS_HTPM                 hTPM,                                  // in
84                           UINT32                   daaCounter,                            // in
85                           TSS_HDAA_DATA            issuerPk,                              // in
86                           UINT32                   issuerAuthPKsLength,                   // in
87                           TSS_HKEY*                issuerAuthPKs,                         // in
88                           UINT32                   issuerAuthPKSignaturesLength,          // in
89                           BYTE**                   issuerAuthPKSignatures,                // in
90                           UINT32*                  capitalUprimeLength,                   // out
91                           BYTE**                   capitalUprime,                         // out
92                           TSS_DAA_IDENTITY_PROOF** identityProof,                         // out
93                           TSS_DAA_JOIN_SESSION**   joinSession)                           // out
94 {
95           TSS_RESULT result;
96 #ifdef TSS_DEBUG
97           int before = mallinfo().uordblks;
98 #endif
99 
100           LogDebug("-> TSPI_TPM_DAA_joinInit hDAA=%x hTPM=%x daaCounter=%x issuerPk=%x",
101                     (int)hDAA, (int)hTPM, daaCounter, (int)issuerPk);
102           result = Tspi_TPM_DAA_JoinInit_internal(
103                     hDAA,
104                     hTPM,
105                     daaCounter,
106                     (TSS_DAA_PK *)issuerPk,
107                     issuerAuthPKsLength,
108                     (RSA **)issuerAuthPKs,
109                     issuerAuthPKSignaturesLength,
110                     issuerAuthPKSignatures,
111                     capitalUprimeLength,
112                     capitalUprime,
113                     identityProof,
114                     joinSession);
115           bi_flush_memory();
116 
117           LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d",mallinfo().uordblks-before);
118           LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result);
119           return result;
120 }
121 #else
122 TSS_RESULT
Tspi_TPM_DAA_JoinInit(TSS_HTPM hTPM,TSS_HDAA_ISSUER_KEY hIssuerKey,UINT32 daaCounter,UINT32 issuerAuthPKsLength,TSS_HKEY * issuerAuthPKs,UINT32 issuerAuthPKSignaturesLength,UINT32 issuerAuthPKSignaturesLength2,BYTE ** issuerAuthPKSignatures,UINT32 * capitalUprimeLength,BYTE ** capitalUprime,TSS_DAA_IDENTITY_PROOF ** identityProof,UINT32 * joinSessionLength,BYTE ** joinSession)123 Tspi_TPM_DAA_JoinInit(TSS_HTPM                 hTPM,                          /* in */
124                           TSS_HDAA_ISSUER_KEY      hIssuerKey,                    /* in */
125                           UINT32                   daaCounter,                    /* in */
126                           UINT32                   issuerAuthPKsLength,           /* in */
127                           TSS_HKEY*                issuerAuthPKs,                 /* in */
128                           UINT32                   issuerAuthPKSignaturesLength,  /* in */
129                           UINT32                   issuerAuthPKSignaturesLength2, /* in */
130                           BYTE**                   issuerAuthPKSignatures,        /* in */
131                           UINT32*                  capitalUprimeLength,           /* out */
132                           BYTE**                   capitalUprime,                 /* out */
133                           TSS_DAA_IDENTITY_PROOF** identityProof,                 /* out */
134                           UINT32*                  joinSessionLength,             /* out */
135                           BYTE**                   joinSession)                   /* out */
136 {
137           TSS_RESULT result;
138 #ifdef TSS_DEBUG
139           int before = mallinfo().uordblks;
140 #endif
141 
142           if (!capitalUprimeLength || !capitalUprime || !identityProof || !joinSessionLength ||
143               !joinSession)
144                     return TSPERR(TSS_E_BAD_PARAMETER);
145 
146           result = Tspi_TPM_DAA_JoinInit_internal(hTPM, hIssuerKey, daaCounter, issuerAuthPKsLength,
147                                                             issuerAuthPKs, issuerAuthPKSignaturesLength,
148                                                             issuerAuthPKSignaturesLength2,
149                                                             issuerAuthPKSignatures, capitalUprimeLength,
150                                                             capitalUprime, identityProof, joinSessionLength,
151                                                             joinSession);
152 
153           bi_flush_memory();
154 
155           LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d",mallinfo().uordblks-before);
156           LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result);
157 
158           return result;
159 }
160 #endif
161 /**
162 This function is part of the DAA Issuer component. It defines the generation of a DAA Issuer
163 public and secret key. Further it defines the generation of a non-interactive proof (using
164 the Fiat-Shamir heuristic) that the public keys were chosen correctly. The latter will guarantee
165 the security requirements of the platform (respectively, its user), i.e., that the privacy and
166 anonymity of signatures will hold.
167 The generation of the authentication keys of the DAA Issuer, which are used to authenticate
168 (main) DAA Issuer keys, is not defined by this function.
169 This is an optional function and does not require a TPM or a TCS.
170 
171 Parameters
172           - hDAA:   Handle of the DAA object
173           - issuerBaseNameLength: Length of issuerBaseName
174           - issuerBaseName:   Unique name of the DAA Issuer
175           - numberPlatformAttributes: Number of attributes that the Platform can choose and which
176                                                             will not be visible to the Issuer.
177           - numberIssuerAttributes:Number of attributes that the Issuer can choose and which will
178                                                             be visible to both the Platform and the Issuer.
179           - keyPair:          Handle of the main DAA Issuer key pair (private and public portion)
180           - publicKeyProof:Handle of the proof of the main DAA Issuer public key
181 */
182 #if 0
183 TSPICALL
184 Tspi_DAA_IssueSetup(TSS_HDAA       hDAA,                              // in
185                         UINT32         issuerBaseNameLength,          // in
186                         BYTE*          issuerBaseName,                // in
187                         UINT32         numberPlatformAttributes,      // in
188                         UINT32         numberIssuerAttributes,        // in
189                         TSS_HDAA_DATA* keyPair,                       // out (TSS_KEY_PAIR)
190                         TSS_HDAA_DATA* publicKeyProof)                // out (TSS_DAA_PK_PROOF)
191 {
192           TSS_RESULT result;
193           KEY_PAIR_WITH_PROOF_internal *key_proof;
194           TSS_DAA_KEY_PAIR *tss_daa_key_pair;
195           TSS_HCONTEXT hContext;
196 #ifdef TSS_DEBUG
197           int before = mallinfo().uordblks;
198 #endif
199 
200           LogDebug( "TSPI_DAA_IssueSetup hDAA=%d  ",hDAA);
201           // TODO: lock access to _hContext
202           if ((result = obj_daa_get_tsp_context(hDAA, &hContext)))
203                     return result;
204           result = generate_key_pair(numberIssuerAttributes,
205                                                             numberPlatformAttributes,
206                                                             issuerBaseNameLength,
207                                                             issuerBaseName,
208                                                             &key_proof);
209           if (result != TSS_SUCCESS)
210                     return result;
211           LogDebug("TSPI_DAA_IssueSetup convert internal structure to public allocated using tspi_alloc");
212           LogDebug("key_proof->proof->length_challenge=%d  key_proof->proof->length_response=%d",
213                               key_proof->proof->length_challenge, key_proof->proof->length_response);
214           // prepare out parameters
215           *publicKeyProof = i_2_e_TSS_DAA_PK_PROOF( key_proof->proof, &tss_alloc, hContext);
216 
217           tss_daa_key_pair = (TSS_DAA_KEY_PAIR *)tss_alloc( sizeof(TSS_DAA_KEY_PAIR), hContext);
218           if (tss_daa_key_pair == NULL) {
219                     LogError("malloc of %d bytes failed", sizeof(TSS_DAA_KEY_PAIR));
220                     result = TSPERR(TSS_E_OUTOFMEMORY);
221                     goto close;
222           }
223           tss_daa_key_pair->private_key = i_2_e_TSS_DAA_PRIVATE_KEY( key_proof->private_key,
224                                                                                 &tss_alloc,
225                                                                                 hContext);
226           tss_daa_key_pair->public_key = i_2_e_TSS_DAA_PK( key_proof->pk,
227                                                                       &tss_alloc,
228                                                                       hContext);
229           *keyPair = (TSS_HKEY)tss_daa_key_pair;
230 close:
231           bi_flush_memory();
232 
233           LogDebug("TSPI_DAA_IssueSetup ALLOC DELTA:%d", mallinfo().uordblks-before);
234           LogDebug( "TSPI_DAA_IssueSetup end return=%d ",result);
235           return result;
236 }
237 #else
238 TSS_RESULT
Tspi_DAA_Issuer_GenerateKey(TSS_HDAA_ISSUER_KEY hIssuerKey,UINT32 issuerBaseNameLength,BYTE * issuerBaseName)239 Tspi_DAA_Issuer_GenerateKey(TSS_HDAA_ISSUER_KEY hIssuerKey,           // in
240                                   UINT32              issuerBaseNameLength, // in
241                                   BYTE*               issuerBaseName)       // in
242 {
243           TSS_RESULT result;
244           KEY_PAIR_WITH_PROOF_internal *key_proof;
245           TSS_DAA_KEY_PAIR *tss_daa_key_pair;
246           TSS_HCONTEXT tspContext;
247           UINT32 numberPlatformAttributes, numberIssuerAttributes;
248 #ifdef TSS_DEBUG
249           int before = mallinfo().uordblks;
250 #endif
251 
252           if ((result = obj_daaissuerkey_get_tsp_context(hIssuerKey, &tspContext)))
253                     return result;
254 
255           if ((result = obj_daaissuerkey_get_attribs(hIssuerKey, &numberIssuerAttributes,
256                                                                &numberPlatformAttributes)))
257                     return result;
258 
259           if ((result = generate_key_pair(numberIssuerAttributes, numberPlatformAttributes,
260                                                   issuerBaseNameLength, issuerBaseName, &key_proof)))
261                     return result;
262 
263           LogDebugFn("convert internal structure to public allocated using tspi_alloc");
264           LogDebug("key_proof->proof->length_challenge=%d  key_proof->proof->length_response=%d",
265                      key_proof->proof->length_challenge, key_proof->proof->length_response);
266 
267           // prepare out parameters
268           *publicKeyProof = i_2_e_TSS_DAA_PK_PROOF( key_proof->proof, &tss_alloc, tspContext);
269 
270           tss_daa_key_pair = (TSS_DAA_KEY_PAIR *)tss_alloc( sizeof(TSS_DAA_KEY_PAIR), tspContext);
271           if (tss_daa_key_pair == NULL) {
272                     LogError("malloc of %d bytes failed", sizeof(TSS_DAA_KEY_PAIR));
273                     result = TSPERR(TSS_E_OUTOFMEMORY);
274                     goto close;
275           }
276           tss_daa_key_pair->private_key = i_2_e_TSS_DAA_PRIVATE_KEY( key_proof->private_key,
277                                                                                 &tss_alloc,
278                                                                                 tspContext);
279           tss_daa_key_pair->public_key = i_2_e_TSS_DAA_PK( key_proof->pk,
280                                                                       &tss_alloc,
281                                                                       tspContext);
282           *keyPair = (TSS_HKEY)tss_daa_key_pair;
283 close:
284           bi_flush_memory();
285 
286           LogDebug("TSPI_DAA_IssueSetup ALLOC DELTA:%d", mallinfo().uordblks-before);
287           LogDebug( "TSPI_DAA_IssueSetup end return=%d ",result);
288           return result;
289 }
290 #endif
291 /**
292 This function is part of the DAA Issuer component. It's the first function out of 2 in order to
293 issue a DAA Credential for a TCG Platform. It assumes that the endorsement key and its
294 associated credentials are from a genuine and valid TPM. (Verification of the credentials is
295  a process defined by the TCG Infrastructure WG.)
296 This is an optional function and does not require a TPM or a TCS.
297 */
298 TSPICALL
Tspi_DAA_IssueInit(TSS_HDAA hDAA,TSS_HKEY issuerAuthPK,TSS_HDAA_DATA issuerKeyPair,TSS_DAA_IDENTITY_PROOF * identityProof,UINT32 capitalUprimeLength,BYTE * capitalUprime,UINT32 daaCounter,UINT32 * nonceIssuerLength,BYTE ** nonceIssuer,UINT32 * authenticationChallengeLength,BYTE ** authenticationChallenge,TSS_DAA_JOIN_ISSUER_SESSION ** joinSession)299 Tspi_DAA_IssueInit(TSS_HDAA                      hDAA,                          // in
300                        TSS_HKEY                      issuerAuthPK,                  // in
301                        TSS_HDAA_DATA                 issuerKeyPair,                 // in (TSS_DAA_KEY_PAIR)
302                        TSS_DAA_IDENTITY_PROOF*       identityProof,                 // in
303                        UINT32                        capitalUprimeLength,           // in
304                        BYTE*                         capitalUprime,                 // in
305                        UINT32                        daaCounter,                    // in
306                        UINT32*                       nonceIssuerLength,             // out
307                        BYTE**                        nonceIssuer,                   // out
308                        UINT32*                       authenticationChallengeLength, // out
309                        BYTE**                        authenticationChallenge,       // out
310                        TSS_DAA_JOIN_ISSUER_SESSION** joinSession)                   // out
311 {
312           TSS_RESULT result;
313 #ifdef TSS_DEBUG
314           int before = mallinfo().uordblks;
315 #endif
316 
317           LogDebug("Tspi_DAA_IssueInit_internal hDAA=%d daaCounter=%d", (int)hDAA, (int)daaCounter);
318           result = Tspi_DAA_IssueInit_internal(
319                     hDAA,                         // in
320                     issuerAuthPK,                 // in
321                     issuerKeyPair,                // in
322                     identityProof,                // in
323                     capitalUprimeLength,          // in
324                     capitalUprime,                // in
325                     daaCounter,         // in
326                     nonceIssuerLength,  // out
327                     nonceIssuer,        // out
328                     authenticationChallengeLength,          // out
329                     authenticationChallenge,      // out
330                     joinSession         // out
331           );
332           bi_flush_memory();
333 
334           LogDebug("Tspi_DAA_IssueInit_internal ALLOC DELTA:%d", mallinfo().uordblks-before);
335 
336           return result;
337 }
338 
339 /**
340 This function verifies the DAA public key of a DAA Issuer with respect to its associated proof.
341 This is a resource consuming task. It can be done by trusted third party (certification).
342 This is an optional function and does not require a TPM or a TCS.
343 Parameters:
344           - hDAA: Handle of the DAA object
345           - issuerPk: DAA Issuer public key
346           - issuerPkProof: Proofs the correctness of the DAA Issuer public key
347           - isCorrect: Proofs the correctness of the DAA Issuer public key
348 */
349 TSPICALL
Tspi_DAA_IssuerKeyVerification(TSS_HDAA hDAA,TSS_HDAA_DATA issuerPk,TSS_HDAA_DATA issuerPkProof,TSS_BOOL * isCorrect)350 Tspi_DAA_IssuerKeyVerification(TSS_HDAA          hDAA,                // in
351                                      TSS_HDAA_DATA     issuerPk,      // in (TSS_DAA_PK)
352                                      TSS_HDAA_DATA     issuerPkProof, // in (TSS_DAA_PK_PROOF)
353                                      TSS_BOOL*         isCorrect)     // out
354 {
355           TSS_RESULT result;
356           int is_correct;
357 #ifdef TSS_DEBUG
358           int before = mallinfo().uordblks;
359 #endif
360 
361           LogDebug("TSPI_DAA_IssuerKeyVerification hDAA=%ld issuerPk=%ld issuerPkProof=%ld",
362                     (long)hDAA, (long)issuerPk, (long)issuerPkProof);
363           TSS_DAA_PK_internal *pk_internal = e_2_i_TSS_DAA_PK( (TSS_DAA_PK *)issuerPk);
364           TSS_DAA_PK_PROOF_internal *proof_internal = e_2_i_TSS_DAA_PK_PROOF( issuerPkProof);
365           LogDebug( "challenge=[%s]", dump_byte_array( proof_internal->length_challenge,
366                                                                       proof_internal->challenge));
367           result = is_pk_correct( pk_internal, proof_internal, &is_correct );
368           if( is_correct) *isCorrect = TRUE;
369           else *isCorrect = FALSE;
370           bi_flush_memory();
371 #ifdef TSS_DEBUG
372           LogDebug("TSPI_DAA_IssuerKeyVerification ALLOC DELTA:%d", mallinfo().uordblks-before);
373 #endif
374           return result;
375 }
376 
377 /**
378 This function is part of the DAA Issuer component. It?s the last function out of 2 in order to
379 issue DAA Credential for a TCG Platform. It detects rogue TPM according to published rogue
380 TPM DAA keys.
381 This is an optional function and does not require a TPM or a TCS.
382 */
383 TSPICALL
Tspi_DAA_IssueCredential(TSS_HDAA hDAA,UINT32 attributesIssuerLength,BYTE ** attributesIssuer,TSS_DAA_CREDENTIAL_REQUEST * credentialRequest,TSS_DAA_JOIN_ISSUER_SESSION * joinSession,TSS_DAA_CRED_ISSUER ** credIssuer)384 Tspi_DAA_IssueCredential(TSS_HDAA                      hDAA,                              // in
385                                UINT32                        attributesIssuerLength,      // in
386                                BYTE**                        attributesIssuer,  // in
387                                TSS_DAA_CREDENTIAL_REQUEST*   credentialRequest, // in
388                                TSS_DAA_JOIN_ISSUER_SESSION*  joinSession,                 // in
389                                TSS_DAA_CRED_ISSUER**         credIssuer)                  // out
390 {
391           TSS_RESULT result;
392 #ifdef TSS_DEBUG
393           int before = mallinfo().uordblks;
394 #endif
395 
396           LogDebug("Tspi_DAA_IssueCredential hDAA=%d attributesIssuerLength=%d",
397                     (int)hDAA,
398                     (int)attributesIssuerLength);
399           result = Tspi_DAA_IssueCredential_internal(
400                     hDAA,
401                     attributesIssuerLength,
402                     attributesIssuer,
403                     credentialRequest,
404                     joinSession,
405                     credIssuer
406           );
407           bi_flush_memory();
408 #ifdef TSS_DEBUG
409           LogDebug("Tspi_DAA_IssueCredential ALLOC DELTA:%d", mallinfo().uordblks-before);
410 #endif
411           return result;
412 }
413 
414 
415 /**
416 This function is part of the DAA Verifier component. It is the first function out of 2 in order
417 to verify a DAA credential of a TCG platform. It creates a challenge for the TCG platform.last
418 function out of 2 in order to issue a This is an optional function and does not require a
419 TPM or a TCS.
420 */
421 TSPICALL
Tspi_DAA_VerifyInit(TSS_HDAA hDAA,UINT32 * nonceVerifierLength,BYTE ** nonceVerifier,UINT32 * baseNameLength,BYTE ** baseName)422 Tspi_DAA_VerifyInit(TSS_HDAA hDAA,                          // in
423                         UINT32*  nonceVerifierLength,       // out
424                         BYTE**   nonceVerifier,             // out
425                         UINT32*  baseNameLength,            // out
426                         BYTE**   baseName)                            // out
427 {
428           TSS_RESULT result;
429 #ifdef TSS_DEBUG
430           int before = mallinfo().uordblks;
431 #endif
432 
433           // TODO which interface to use ? with or without baseName ?
434           LogDebug("Tspi_DAA_VerifyInit hDAA=%d", (int)hDAA);
435           result = Tspi_DAA_VerifyInit_internal( hDAA,
436                                                             nonceVerifierLength,
437                                                             nonceVerifier,
438                                                             baseNameLength,
439                                                             baseName);
440           bi_flush_memory();
441 #ifdef TSS_DEBUG
442           LogDebug("Tspi_DAA_VerifyInit ALLOC DELTA:%d", mallinfo().uordblks-before);
443 #endif
444           return result;
445 }
446 
447 
448 /**
449 This function is part of the DAA Verifier component. It is the last function out of 2 in
450 order to verify a DAA Credential of a TCG Platform. It verifies the DAA credential and
451 detects public rogue TPMs. This is an optional function and does not require a TPM
452 or a TCS.
453 */
454 TSPICALL
Tspi_DAA_VerifySignature(TSS_HDAA hDAA,TSS_DAA_SIGNATURE * daaSignature,TSS_HDAA_DATA hPubKeyIssuer,TSS_DAA_SIGN_DATA * signData,UINT32 attributesLength,BYTE ** attributes,UINT32 nonceVerifierLength,BYTE * nonceVerifier,UINT32 baseNameLength,BYTE * baseName,TSS_BOOL * isCorrect)455 Tspi_DAA_VerifySignature(TSS_HDAA           hDAA,           // in
456                                TSS_DAA_SIGNATURE* daaSignature,       // in
457                                TSS_HDAA_DATA      hPubKeyIssuer,      // in (TSS_DAA_PK)
458                                TSS_DAA_SIGN_DATA* signData,           // in
459                                UINT32             attributesLength,   // in
460                                BYTE**             attributes,                   // in
461                                UINT32             nonceVerifierLength,// in
462                                BYTE*              nonceVerifier,      // in
463                                UINT32             baseNameLength,     // in
464                                BYTE*              baseName,           // in
465                                TSS_BOOL*          isCorrect)                    // out
466 {
467           TSS_RESULT result;
468 #ifdef TSS_DEBUG
469           int before = mallinfo().uordblks;
470 #endif
471 
472           LogDebug("Tspi_DAA_VerifySignature hDAA=%d", (int)hDAA);
473           result = Tspi_DAA_VerifySignature_internal( hDAA,
474                                                             daaSignature,
475                                                             hPubKeyIssuer,
476                                                             signData,
477                                                             attributesLength,
478                                                             attributes,
479                                                             nonceVerifierLength,
480                                                             nonceVerifier,
481                                                             baseNameLength,
482                                                             baseName,
483                                                             isCorrect);
484           bi_flush_memory();
485 #ifdef TSS_DEBUG
486           LogDebug("Tspi_DAA_VerifySignature ALLOC DELTA:%d", mallinfo().uordblks-before);
487 #endif
488           return result;
489 }
490 
491 
492 /**
493 This function is part of the DAA Issuer component. It is the last function out of 2 in
494 order to issue a DAA Credential for a TCG Platform. It detects rogue TPM according
495 to published rogue TPM DAA keys.
496 This is an optional function and does not require a TPM or a TCS.
497 
498 Parameters
499           - hDAA:   Handle of the DAA object
500           - daaPublicKey:     daaPublickKey
501           - keyPair: Public and private key of the DAA Anonymity Revocation Authority to encrypt
502                               the pseudonym of a DAA Signature
503 */
504 TSPICALL
Tspi_DAA_RevokeSetup(TSS_HDAA hDAA,TSS_HDAA_DATA daaPublicKey,TSS_HDAA_DATA * arPublicKey,TSS_HDAA_DATA * arPrivateKey)505 Tspi_DAA_RevokeSetup(TSS_HDAA       hDAA,                   // in
506                          TSS_HDAA_DATA  daaPublicKey,       // in
507                          TSS_HDAA_DATA* arPublicKey,        // out (TSS_DAA_AR_PK)
508                          TSS_HDAA_DATA* arPrivateKey)       // out (TSS_DAA_AR_SK)
509 {
510           TSS_RESULT result;
511 #ifdef TSS_DEBUG
512           int before = mallinfo().uordblks;
513 #endif
514 
515           result = Tspi_DAA_RevokeSetup_internal(
516                     hDAA,                         // in
517 //TODO: remove cast when the above interface is changed
518                     daaPublicKey,       // in
519                     keyPair             // out
520           );
521           bi_flush_memory();
522 #ifdef TSS_DEBUG
523           LogDebug("Tspi_DAA_RevokeSetup ALLOC DELTA:%d", mallinfo().uordblks-before);
524 #endif
525           return TSS_SUCCESS;
526 }
527 
528 
529 /**
530 This function is part of the DAA Anonymity Revocation Authority component. It defines the
531 Cramer-Shoup decryption algorithm to revoke the anonymity of a DAA Signature. The pseudonym,
532 with respect to either the DAA Verifier?s base name, the DAA Issuer?s base name or (just for
533 completeness) a random base name, can be revealed.
534 The pseudonym with respect to a DAA Signature and the used base name is V N . An encryption of
535 V N is the tuple (d1,d 2 ,d 3,d 4 ) and is decrypted using the secret key ( 0 5 x ,?, x ), the
536 decryption condition and the DAA public key.
537 This is an optional function and does not require a TPM or a TCS.
538 
539 Parameters:
540           - hDAA:                                           Handle of the DAA object
541           - encryptedPseudonym:                             encryptedPseudonym
542           - decryptCondition:                               Condition for the decryption of the pseudonym.
543           - arPrivateKey:                                   arPrivateKey
544           - daaPublicKey:                                   daaPublicKey
545           - pseudonym:                                      pseudonym
546 */
547 TSPICALL
Tspi_DAA_ARDecrypt(TSS_HDAA hDAA,TSS_DAA_PSEUDONYM_ENCRYPTED * encryptedPseudonym,TSS_HHASH decryptCondition,TSS_HDAA_DATA arPrivateKey,TSS_HDAA_DATA daaPublicKey,TSS_DAA_PSEUDONYM_PLAIN ** pseudonym)548 Tspi_DAA_ARDecrypt(TSS_HDAA                     hDAA,                           // in
549                        TSS_DAA_PSEUDONYM_ENCRYPTED* encryptedPseudonym,         // in
550                        TSS_HHASH                    decryptCondition, // in
551                        TSS_HDAA_DATA                arPrivateKey,               // in (TSS_DAA_AR_SK)
552                        TSS_HDAA_DATA                daaPublicKey,               // in (TSS_DAA_PK)
553                        TSS_DAA_PSEUDONYM_PLAIN**    pseudonym)                  // out
554 {
555           TSS_RESULT result;
556 #ifdef TSS_DEBUG
557           int before = mallinfo().uordblks;
558 #endif
559 
560           result = Tspi_DAA_ARDecrypt_internal(
561                     hDAA,                         // in
562                     encryptedPseudonym, // in
563                     decryptCondition,   // in
564 //TODO: remove cast when the above interface is changed
565                     (void *)arPrivateKey,                   // in
566                     (void *)daaPublicKey,                   // in
567                     pseudonym           // out
568           );
569           bi_flush_memory();
570 #ifdef TSS_DEBUG
571           LogDebug("Tspi_DAA_ARDecrypt ALLOC DELTA:%d", mallinfo().uordblks-before);
572 #endif
573           return result;
574 }
575 
576 /**
577 This is the second out of 3 functions to execute in order to receive a DAA Credential. It
578 computes the credential request for the DAA Issuer, which also includes the Platform
579 DAA public key and the attributes that were chosen by the Platform, and which are not
580 visible to the DAA Issuer. The Platform can commit to the attribute values it has chosen.
581 */
582 TSPICALL
Tspi_TPM_DAA_JoinCreateDaaPubKey(TSS_HDAA hDAA,TSS_HTPM hTPM,UINT32 authenticationChallengeLength,BYTE * authenticationChallenge,UINT32 nonceIssuerLength,BYTE * nonceIssuer,UINT32 attributesPlatformLength,BYTE ** attributesPlatform,TSS_DAA_JOIN_SESSION * joinSession,TSS_DAA_CREDENTIAL_REQUEST ** credentialRequest)583 Tspi_TPM_DAA_JoinCreateDaaPubKey(TSS_HDAA                     hDAA,                       // in
584                                          TSS_HTPM                     hTPM,                         // in
585                                          UINT32                       authenticationChallengeLength,// in
586                                          BYTE*                        authenticationChallenge,      // in
587                                          UINT32                       nonceIssuerLength,            // in
588                                          BYTE*                        nonceIssuer,                  // in
589                                          UINT32                       attributesPlatformLength,     // in
590                                          BYTE**                       attributesPlatform,           // in
591                                          TSS_DAA_JOIN_SESSION*        joinSession,                // in, out
592                                          TSS_DAA_CREDENTIAL_REQUEST** credentialRequest)            // out
593 {
594           TSS_RESULT result;
595 #ifdef TSS_DEBUG
596           int before = mallinfo().uordblks;
597 #endif
598 
599           LogDebug("Tspi_TPM_DAA_JoinCreateDaaPubKey hDAA=%d joinSession=%d",
600                               (int)hDAA, (int)joinSession);
601           result = Tspi_TPM_DAA_JoinCreateDaaPubKey_internal(
602                     hDAA,     // in
603                     hTPM,     // in
604                     authenticationChallengeLength,          // in
605                     authenticationChallenge,      // in
606                     nonceIssuerLength,  // in
607                     nonceIssuer,        // in
608                     attributesPlatformLength,     // in
609                     attributesPlatform, // in
610                     joinSession,        // in, out
611                     credentialRequest   // out
612           );
613           bi_flush_memory();
614 #ifdef TSS_DEBUG
615           LogDebug("Tspi_TPM_DAA_JoinCreateDaaPubKey ALLOC DELTA:%d", mallinfo().uordblks-before);
616 #endif
617           return result;
618 }
619 
620 
621 /**
622 This is the last out of 3 functions to execute in order to receive a DAA Credential.
623 It verifies the issued credential from the DAA Issuer and computes the final DAA Credential.
624 */
625 TSPICALL
Tspi_TPM_DAA_JoinStoreCredential(TSS_HDAA hDAA,TSS_HTPM hTPM,TSS_DAA_CRED_ISSUER * credIssuer,TSS_DAA_JOIN_SESSION * joinSession,TSS_HDAA_DATA * phDaaCredential)626 Tspi_TPM_DAA_JoinStoreCredential(TSS_HDAA              hDAA,                    // in
627                                          TSS_HTPM              hTPM,            // in
628                                          TSS_DAA_CRED_ISSUER*  credIssuer,      // in
629                                          TSS_DAA_JOIN_SESSION* joinSession,     // in
630                                          TSS_HDAA_DATA*        phDaaCredential) // out (TSS_DAA_CREDENTIAL)
631 {
632           TSS_RESULT result;
633 #ifdef TSS_DEBUG
634           int before = mallinfo().uordblks;
635 #endif
636 
637           LogDebug("Tspi_TPM_DAA_JoinStoreCredential hDAA=%d credIssuer=%d joinSession=%d",
638                     (int)hDAA, (int)&credIssuer, (int)&joinSession);
639           result = Tspi_TPM_DAA_JoinStoreCredential_internal(hDAA,
640                                                                       hTPM,
641                                                                       credIssuer,
642                                                                       joinSession,
643                                                                       phDaaCredential);
644           bi_flush_memory();
645 #ifdef TSS_DEBUG
646           LogDebug("Tspi_TPM_DAA_JoinStoreCredential ALLOC DELTA:%d", mallinfo().uordblks-before);
647 #endif
648           return result;
649 }
650 
651 
652 /**
653 This function creates a DAA Signature that proofs ownership of the DAA Credential and
654 includes a signature on either a public AIK or a message.
655 If anonymity revocation is enabled, the value Nv is not provided in the clear anymore but
656 encrypted under the public key of anonymity revocation authority, a trusted third party (TTP).
657 Thus the DAA Verifier cannot check for revocation or link a transaction/signature to prior ones.
658 Depending on how z is chosen, the protocol either allows to implementing anonymity revocation
659 (i.e., using the DAA Issuer long-term base name bsn I as the DAA Verifier base name bsnV ), or
660 having the TTP doing the linking of different signatures for the same DAA Verifier (i.e.,
661 using the DAA Verifier base name ).
662 */
663 TSPICALL
Tspi_TPM_DAA_Sign(TSS_HDAA hDAA,TSS_HTPM hTPM,TSS_HDAA_DATA hDaaCredential,TSS_DAA_SELECTED_ATTRIB * revealAttributes,UINT32 verifierBaseNameLength,BYTE * verifierBaseName,UINT32 verifierNonceLength,BYTE * verifierNonce,TSS_DAA_SIGN_DATA * signData,TSS_DAA_SIGNATURE ** daaSignature)664 Tspi_TPM_DAA_Sign(TSS_HDAA                 hDAA,                      // in
665                       TSS_HTPM                 hTPM,                            // in
666                       TSS_HDAA_DATA            hDaaCredential,                  // in (TSS_DAA_CREDENTIAL)
667                       TSS_DAA_SELECTED_ATTRIB* revealAttributes,                // in
668                       UINT32                   verifierBaseNameLength,          // in
669                       BYTE*                    verifierBaseName,                // in
670                       UINT32                   verifierNonceLength,             // in
671                       BYTE*                    verifierNonce,                   // in
672                       TSS_DAA_SIGN_DATA*       signData,                        // in
673                       TSS_DAA_SIGNATURE**      daaSignature)                    // out
674 {
675           TSS_RESULT result;
676 #ifdef TSS_DEBUG
677           int before = mallinfo().uordblks;
678 #endif
679 
680           LogDebug("-> TSPI_TPM_DAA_Sign hDAA=%ld hTPM=%ld ", (long)hDAA, (long)hTPM);
681 
682           result = Tspi_TPM_DAA_Sign_internal(hDAA,
683                                                   hTPM,
684                                                   hDaaCredential,
685                                                   revealAttributes,
686                                                   verifierBaseNameLength,
687                                                   verifierBaseName,
688                                                   verifierNonceLength,
689                                                   verifierNonce,
690                                                   signData,
691                                                   daaSignature);
692           bi_flush_memory();
693 #ifdef TSS_DEBUG
694           LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d", mallinfo().uordblks-before);
695 #endif
696           LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result);
697           return result;
698 }
699