TPM verify entry proof, RSU signs all TPMs
This commit is contained in:
emanuel
parent
2677dd225d
commit
b1dcc015e8
79
src/tpm.c
79
src/tpm.c
|
|
@ -406,6 +406,12 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
|
|||
TollingType_t* type_rx = tpm_rx->tpm->tollingType;
|
||||
|
||||
uint64_t client_id, nonce, info_id;
|
||||
const uint32_t buf_len = 1024;
|
||||
uint8_t buf[buf_len];
|
||||
uint8_t tpm_uper[buf_len];
|
||||
|
||||
SecurityRequest_t* sreq = NULL;
|
||||
SecurityReply_t* srep = NULL;
|
||||
|
||||
switch (type_rx->present) {
|
||||
case TollingType_PR_entry:
|
||||
|
|
@ -417,6 +423,7 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
|
|||
nonce = type_rx->choice.entry.choice.request.transactionNonce;
|
||||
info_id = type_rx->choice.entry.choice.request.infoId;
|
||||
break;
|
||||
|
||||
case TollingType_PR_exit:
|
||||
if (!type_rx->choice.exit ||
|
||||
type_rx->choice.exit->present != TollingExit_PR_request ||
|
||||
|
|
@ -434,7 +441,71 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
|
|||
return;
|
||||
}
|
||||
|
||||
TPM_t* ep = (TPM_t*) type_rx->choice.exit->choice.request->entryProof;
|
||||
|
||||
if (!ep->tpmSignature) {
|
||||
syslog_err("[facilities] [tolling] received TPM.exit.request.entryProof does not contain signature");;
|
||||
return;
|
||||
}
|
||||
|
||||
// Encode TollingPaymentMessage
|
||||
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_TollingPaymentMessage, NULL, ep->tpm, buf, buf_len);
|
||||
if (enc.encoded == -1) {
|
||||
syslog_err("[facilities] [tolling] error encoding TollingPaymentMessage (%s)", enc.failed_type->name);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
// Verify
|
||||
sreq = calloc(1, sizeof(SecurityRequest_t));
|
||||
sreq->present = SecurityRequest_PR_verify;
|
||||
// message
|
||||
sreq->choice.verify.message.size = enc.encoded;
|
||||
sreq->choice.verify.message.buf = malloc(enc.encoded);
|
||||
memcpy(sreq->choice.verify.message.buf, buf, enc.encoded);
|
||||
|
||||
// r
|
||||
sreq->choice.verify.r.size = ep->tpmSignature->r.size;
|
||||
sreq->choice.verify.r.buf = malloc(ep->tpmSignature->r.size);
|
||||
memcpy(sreq->choice.verify.r.buf, ep->tpmSignature->r.buf, ep->tpmSignature->r.size);
|
||||
// s
|
||||
sreq->choice.verify.s.size = ep->tpmSignature->s.size;
|
||||
sreq->choice.verify.s.buf = malloc(ep->tpmSignature->s.size);
|
||||
memcpy(sreq->choice.verify.s.buf, ep->tpmSignature->s.buf, ep->tpmSignature->s.size);
|
||||
// signer
|
||||
sreq->choice.verify.signer.size = ep->tpmSignature->signer.size;
|
||||
sreq->choice.verify.signer.buf = malloc(ep->tpmSignature->signer.size);
|
||||
memcpy(sreq->choice.verify.signer.buf, ep->tpmSignature->signer.buf, ep->tpmSignature->signer.size);
|
||||
// signature type
|
||||
sreq->choice.verify.type = ep->tpmSignature->type;
|
||||
|
||||
buf[0] = 4;
|
||||
enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, buf+1, buf_len-1);
|
||||
syslog_debug("[facilities]->[security] SecurityRequest.verify (%ldB)", enc.encoded+1);
|
||||
zmq_send(security_socket, buf, enc.encoded+1, 0);
|
||||
int32_t rl = zmq_recv(security_socket, buf, buf_len, 0);
|
||||
syslog_debug("[facilities]<-[security] SecurityReply.verify (%dB)", rl);
|
||||
|
||||
if (oer_decode(NULL, &asn_DEF_SecurityReply, (void**) &srep, buf, rl).code) {
|
||||
syslog_err("[facilities] SecurityReply.verify decode failure");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (srep->returnCode == SecurityReplyReturnCode_rejected) {
|
||||
syslog_err("[facilities] SecurityReply.verify rejected");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (srep->data->choice.verify.report != SecurityVerifyConfirmCode_success) {
|
||||
syslog_debug("[facilities] entry proof signature verify failed");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ASN_STRUCT_FREE(asn_DEF_SecurityRequest, sreq);
|
||||
ASN_STRUCT_FREE(asn_DEF_SecurityReply, srep);
|
||||
sreq = NULL;
|
||||
srep = NULL;
|
||||
break;
|
||||
|
||||
case TollingType_PR_single:
|
||||
if (type_rx->choice.single.present != TollingSingle_PR_request) {
|
||||
syslog_err("[facilities] [tolling] received TPM.single is not request");
|
||||
|
|
@ -444,6 +515,7 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
|
|||
nonce = type_rx->choice.single.choice.request.transactionNonce;
|
||||
info_id = type_rx->choice.single.choice.request.infoId;
|
||||
break;
|
||||
|
||||
default:
|
||||
syslog_err("[facilities] [tolling] received TPM has unrecognized type");
|
||||
return;
|
||||
|
|
@ -471,14 +543,9 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
|
|||
break;
|
||||
}
|
||||
|
||||
const size_t buf_len = 2048;
|
||||
uint8_t buf[buf_len];
|
||||
uint8_t tpm_uper[buf_len];
|
||||
|
||||
asn_enc_rval_t enc;
|
||||
TransportRequest_t* tr = NULL;
|
||||
SecurityRequest_t* sreq = NULL;
|
||||
SecurityReply_t* srep = NULL;
|
||||
FacilitiesIndication_t* fi = NULL;
|
||||
TPM_t* tpm = NULL;
|
||||
|
||||
|
|
@ -624,7 +691,6 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
if (tolling->protocol.p == TOLLING_PROTOCOL_SIMPLE) {
|
||||
// Sign
|
||||
sreq = calloc(1, sizeof(SecurityRequest_t));
|
||||
sreq->present = SecurityRequest_PR_sign;
|
||||
|
|
@ -659,7 +725,6 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
|
|||
tpm->tpmSignature->signer.buf = malloc(srep->data->choice.sign.signer.size);
|
||||
memcpy(tpm->tpmSignature->signer.buf, srep->data->choice.sign.signer.buf, srep->data->choice.sign.signer.size);
|
||||
tpm->tpmSignature->type = srep->data->choice.sign.type;
|
||||
}
|
||||
|
||||
// encode TPM
|
||||
enc = uper_encode_to_buffer(&asn_DEF_TPM, NULL, tpm, tpm_uper, buf_len);
|
||||
|
|
|
|||
Loading…
Reference in New Issue