1 /*############################################################################
2 # Copyright 2016-2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16
17 /*!
18 * \file
19 * \brief Member context implementation.
20 */
21
22 #include <epid/member/api.h>
23
24 #include <string.h>
25 #include "epid/common/src/endian_convert.h"
26 #include "epid/common/src/epid2params.h"
27 #include "epid/common/src/memory.h"
28 #include "epid/common/src/sigrlvalid.h"
29 #include "epid/common/src/stack.h"
30 #include "epid/common/types.h"
31 #include "epid/member/software_member.h"
32 #include "epid/member/src/allowed_basenames.h"
33 #include "epid/member/src/context.h"
34 #include "epid/member/src/precomp.h"
35 #include "epid/member/tpm2/context.h"
36 #include "epid/member/tpm2/createprimary.h"
37 #include "epid/member/tpm2/load_external.h"
38 #include "epid/member/tpm2/sign.h"
39
40 /// Handle SDK Error with Break
41 #define BREAK_ON_EPID_ERROR(ret) \
42 if (kEpidNoErr != (ret)) { \
43 break; \
44 }
45
EpidMemberGetSize(MemberParams const * params,size_t * context_size)46 EpidStatus EpidMemberGetSize(MemberParams const* params, size_t* context_size) {
47 if (!params || !context_size) {
48 return kEpidBadArgErr;
49 }
50 *context_size = sizeof(MemberCtx);
51 return kEpidNoErr;
52 }
53
EpidMemberInit(MemberParams const * params,MemberCtx * ctx)54 EpidStatus EpidMemberInit(MemberParams const* params, MemberCtx* ctx) {
55 EpidStatus sts = kEpidErr;
56
57 if (!params || !ctx) {
58 return kEpidBadArgErr;
59 }
60 memset(ctx, 0, sizeof(*ctx));
61 do {
62 const FpElemStr* f = NULL;
63
64 // set the default hash algorithm to sha512
65 ctx->hash_alg = kSha512;
66 #ifdef TPM_TSS // if build for TSS, make Sha256 default
67 ctx->hash_alg = kSha256;
68 #endif
69 ctx->sig_rl = NULL;
70 ctx->precomp_ready = false;
71 ctx->is_initially_provisioned = false;
72 ctx->is_provisioned = false;
73 ctx->primary_key_set = false;
74
75 sts = CreateBasenames(&ctx->allowed_basenames);
76 BREAK_ON_EPID_ERROR(sts);
77 // Internal representation of Epid2Params
78 sts = CreateEpid2Params(&ctx->epid2_params);
79 BREAK_ON_EPID_ERROR(sts);
80
81 // create TPM2 context
82 sts = Tpm2CreateContext(params, ctx->epid2_params, &ctx->rnd_func,
83 &ctx->rnd_param, &f, &ctx->tpm2_ctx);
84 BREAK_ON_EPID_ERROR(sts);
85
86 if (!CreateStack(sizeof(PreComputedSignature), &ctx->presigs)) {
87 sts = kEpidMemAllocErr;
88 BREAK_ON_EPID_ERROR(sts);
89 }
90
91 ctx->f = f;
92 ctx->join_ctr = 0;
93 ctx->rf_ctr = 0;
94 ctx->rnu_ctr = 0;
95
96 sts = NewEcPoint(ctx->epid2_params->G1, (EcPoint**)&ctx->A);
97 BREAK_ON_EPID_ERROR(sts);
98 sts = NewFfElement(ctx->epid2_params->Fp, (FfElement**)&ctx->x);
99 BREAK_ON_EPID_ERROR(sts);
100
101 sts = NewEcPoint(ctx->epid2_params->G1, (EcPoint**)&ctx->h1);
102 BREAK_ON_EPID_ERROR(sts);
103 sts = NewEcPoint(ctx->epid2_params->G1, (EcPoint**)&ctx->h2);
104 BREAK_ON_EPID_ERROR(sts);
105 sts = NewEcPoint(ctx->epid2_params->G2, (EcPoint**)&ctx->w);
106 BREAK_ON_EPID_ERROR(sts);
107
108 sts = NewFfElement(ctx->epid2_params->GT, (FfElement**)&ctx->e12);
109 BREAK_ON_EPID_ERROR(sts);
110 sts = NewFfElement(ctx->epid2_params->GT, (FfElement**)&ctx->e22);
111 BREAK_ON_EPID_ERROR(sts);
112 sts = NewFfElement(ctx->epid2_params->GT, (FfElement**)&ctx->e2w);
113 BREAK_ON_EPID_ERROR(sts);
114 sts = NewFfElement(ctx->epid2_params->GT, (FfElement**)&ctx->ea2);
115 BREAK_ON_EPID_ERROR(sts);
116
117 sts = Tpm2SetHashAlg(ctx->tpm2_ctx, ctx->hash_alg);
118 BREAK_ON_EPID_ERROR(sts);
119 ctx->primary_key_set = true;
120 sts = kEpidNoErr;
121 } while (0);
122 if (kEpidNoErr != sts) {
123 EpidMemberDeinit(ctx);
124 }
125
126 return (sts);
127 }
128
EpidMemberDeinit(MemberCtx * ctx)129 void EpidMemberDeinit(MemberCtx* ctx) {
130 size_t i = 0;
131 size_t presig_size = 0;
132 PreComputedSignature* buf = NULL;
133 if (!ctx) {
134 return;
135 }
136 presig_size = StackGetSize(ctx->presigs);
137 buf = StackGetBuf(ctx->presigs);
138 for (i = 0; i < presig_size; ++i) {
139 (void)Tpm2ReleaseCounter(ctx->tpm2_ctx, (buf++)->rf_ctr);
140 }
141 (void)Tpm2ReleaseCounter(ctx->tpm2_ctx, ctx->join_ctr);
142 (void)Tpm2ReleaseCounter(ctx->tpm2_ctx, ctx->rf_ctr);
143 (void)Tpm2ReleaseCounter(ctx->tpm2_ctx, ctx->rnu_ctr);
144 DeleteStack(&ctx->presigs);
145 ctx->rnd_param = NULL;
146 DeleteEcPoint((EcPoint**)&(ctx->h1));
147 DeleteEcPoint((EcPoint**)&(ctx->h2));
148 DeleteEcPoint((EcPoint**)&(ctx->A));
149 DeleteFfElement((FfElement**)&ctx->x);
150 DeleteEcPoint((EcPoint**)&(ctx->w));
151 DeleteFfElement((FfElement**)&ctx->e12);
152 DeleteFfElement((FfElement**)&ctx->e22);
153 DeleteFfElement((FfElement**)&ctx->e2w);
154 DeleteFfElement((FfElement**)&ctx->ea2);
155 Tpm2DeleteContext(&ctx->tpm2_ctx);
156 DeleteEpid2Params(&ctx->epid2_params);
157 DeleteBasenames(&ctx->allowed_basenames);
158 }
159
EpidMemberCreate(MemberParams const * params,MemberCtx ** ctx)160 EpidStatus EpidMemberCreate(MemberParams const* params, MemberCtx** ctx) {
161 size_t context_size = 0;
162 EpidStatus sts = kEpidErr;
163 MemberCtx* member_ctx = NULL;
164 if (!params || !ctx) {
165 return kEpidBadArgErr;
166 }
167 do {
168 sts = EpidMemberGetSize(params, &context_size);
169 BREAK_ON_EPID_ERROR(sts);
170 member_ctx = SAFE_ALLOC(context_size);
171 if (!member_ctx) {
172 BREAK_ON_EPID_ERROR(kEpidMemAllocErr);
173 }
174 sts = EpidMemberInit(params, member_ctx);
175 BREAK_ON_EPID_ERROR(sts);
176 } while (0);
177 if (kEpidNoErr != sts) {
178 SAFE_FREE(member_ctx);
179 member_ctx = NULL;
180 }
181 *ctx = member_ctx;
182 return sts;
183 }
184
EpidMemberInitialProvision(MemberCtx * ctx)185 EpidStatus EpidMemberInitialProvision(MemberCtx* ctx) {
186 EpidStatus sts = kEpidErr;
187
188 if (!ctx) {
189 return kEpidBadArgErr;
190 }
191 if (ctx->is_initially_provisioned) {
192 return kEpidOutOfSequenceError;
193 }
194 do {
195 if (ctx->f) {
196 sts = Tpm2LoadExternal(ctx->tpm2_ctx, ctx->f);
197 BREAK_ON_EPID_ERROR(sts);
198 } else {
199 G1ElemStr f;
200 sts = Tpm2CreatePrimary(ctx->tpm2_ctx, &f);
201 BREAK_ON_EPID_ERROR(sts);
202 }
203
204 ctx->is_initially_provisioned = true;
205 // f value was set into TPM
206 ctx->primary_key_set = true;
207 sts = kEpidNoErr;
208 } while (0);
209
210 return (sts);
211 }
212
EpidMemberDelete(MemberCtx ** ctx)213 void EpidMemberDelete(MemberCtx** ctx) {
214 if (!ctx) {
215 return;
216 }
217 EpidMemberDeinit(*ctx);
218 SAFE_FREE(*ctx);
219 *ctx = NULL;
220 }
221
EpidMemberSetHashAlg(MemberCtx * ctx,HashAlg hash_alg)222 EpidStatus EpidMemberSetHashAlg(MemberCtx* ctx, HashAlg hash_alg) {
223 EpidStatus sts = kEpidErr;
224 if (!ctx) return kEpidBadArgErr;
225 if (kSha256 != hash_alg && kSha384 != hash_alg && kSha512 != hash_alg &&
226 kSha512_256 != hash_alg)
227 return kEpidBadArgErr;
228 do {
229 sts = Tpm2SetHashAlg(ctx->tpm2_ctx, hash_alg);
230 BREAK_ON_EPID_ERROR(sts);
231 ctx->hash_alg = hash_alg;
232 } while (0);
233 return sts;
234 }
235
EpidMemberSetSigRl(MemberCtx * ctx,SigRl const * sig_rl,size_t sig_rl_size)236 EpidStatus EpidMemberSetSigRl(MemberCtx* ctx, SigRl const* sig_rl,
237 size_t sig_rl_size) {
238 if (!ctx || !sig_rl) {
239 return kEpidBadArgErr;
240 }
241 if (!ctx->is_provisioned) {
242 return kEpidOutOfSequenceError;
243 }
244 if (!IsSigRlValid(&ctx->pub_key.gid, sig_rl, sig_rl_size)) {
245 return kEpidBadArgErr;
246 }
247 // Do not set an older version of sig rl
248 if (ctx->sig_rl) {
249 unsigned int current_ver = 0;
250 unsigned int incoming_ver = 0;
251 current_ver = ntohl(ctx->sig_rl->version);
252 incoming_ver = ntohl(sig_rl->version);
253 if (current_ver >= incoming_ver) {
254 return kEpidBadArgErr;
255 }
256 }
257 ctx->sig_rl = sig_rl;
258
259 return kEpidNoErr;
260 }
261
EpidRegisterBasename(MemberCtx * ctx,void const * basename,size_t basename_len)262 EpidStatus EpidRegisterBasename(MemberCtx* ctx, void const* basename,
263 size_t basename_len) {
264 EpidStatus sts = kEpidErr;
265 if (basename_len == 0) {
266 return kEpidBadArgErr;
267 }
268 if (!ctx || !basename) {
269 return kEpidBadArgErr;
270 }
271
272 if (IsBasenameAllowed(ctx->allowed_basenames, basename, basename_len)) {
273 return kEpidDuplicateErr;
274 }
275
276 sts = AllowBasename(ctx->allowed_basenames, basename, basename_len);
277
278 return sts;
279 }
280
EpidClearRegisteredBasenames(MemberCtx * ctx)281 EpidStatus EpidClearRegisteredBasenames(MemberCtx* ctx) {
282 EpidStatus sts = kEpidErr;
283 if (!ctx) {
284 return kEpidBadArgErr;
285 }
286 DeleteBasenames(&ctx->allowed_basenames);
287 sts = CreateBasenames(&ctx->allowed_basenames);
288 return sts;
289 }
290