123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165 |
- /*
- * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Intel Corporation nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
- #ifndef _CERTIFICATE_PROVISIONING_INTERFACE_H_
- #define _CERTIFICATE_PROVISIONING_INTERFACE_H_
- #include <stdint.h>
- #include <list>
- #include <string>
- #include "Buffer.h"
- #include "aeerror.h"
- #include "epid/common/types.h"
- #include "tlv_common.h"
- #include "platform_info_blob.h"
- struct _cpRSA_public_key;
- struct _provision_request_header_t;
- struct _provision_response_header_t;
- class TLVsMsg;
- typedef struct _public_key
- {
- uint8_t n[RSA_3072_KEY_BYTES];
- uint32_t e;
- } public_key_t;
- class CertificateProvisioningProtocol
- {
- public:
- CertificateProvisioningProtocol(void);
- ~CertificateProvisioningProtocol(void);
- ae_error_t init(const char* szURL, const signed_pek_t& pek);
- ae_error_t SendM1_ReceiveM2
- ( /*in */ uint32_t gid,
- /*out*/ upse::Buffer& nonce,
- /*out*/ upse::Buffer& sigRLBuffer
- );
- ae_error_t SendM3_ReceiveM4
- ( /*in */ const upse::Buffer& csrBuffer,
- /*in */ const upse::Buffer& quoteBuffer,
- /*out*/ std::list< upse::Buffer >& certificateChainList,
- /*out*/ platform_info_blob_wrapper_t& piBlobWrapper
- );
- general_response_status_t GetGeneralResponseStatus() { return generalResponseStatus; }
- pse_protocol_response_status_t GetProtocolResponseStatus() { return protocolResponseStatus; }
- private:
- typedef enum
- {
- msg_next_state_init = 0,
- msg_next_state_M1 = 1,
- msg_next_state_M2 = 2,
- msg_next_state_M3 = 3,
- msg_next_state_M4 = 4
- } msg_state_t;
- bool m_is_initialized;
- std::string m_url;
- msg_state_t m_nextState;
- public_key_t m_publicKey;
- general_response_status_t generalResponseStatus;
- pse_protocol_response_status_t protocolResponseStatus;
- upse::Buffer M1SK;
- upse::Buffer M1IV;
- upse::Buffer M3IV;
- upse::Buffer TransactionID;
- upse::Buffer EK2;
- upse::Buffer Nonce;
- const public_key_t& get_intel_pek();
- int get_intel_pek_cipher_text_size();
- void free_intel_ipp_rsa_pub_key(_cpRSA_public_key* rsa_pub_key);
- ae_error_t get_random_value(uint32_t size, upse::Buffer& randomValue);
- ae_error_t check_response_header(const _provision_response_header_t& header, uint8_t msg_type, uint32_t msg_size);
- ae_error_t check_response_status(const _provision_response_header_t& msg2_header);
- ae_error_t sendReceive(const upse::Buffer& sendSerialized, upse::Buffer& recvSerialized);
- ae_error_t msg1_generate(const GroupId gid, upse::Buffer& serializedMsg1);
- ae_error_t msg1_create_header(uint32_t cipherTextSize, uint32_t epidGidSize, const upse::Buffer& transactionID, _provision_request_header_t& header);
- ae_error_t msg1_create_seq2_0(const TLVsMsg& seq2_1_tlv_block_cipher_info, TLVsMsg& seq2_0_tlv_cipher_text);
- ae_error_t msg1_create_seq2_1(TLVsMsg& seq2_1_tlv_block_cipher_info);
- ae_error_t msg1_create_seq3_0(const TLVsMsg& seq3_1_tlv_epid_gid, const _provision_request_header_t& serializedHeader,
- const upse::Buffer& ek1, TLVsMsg& seq3_0_tlv_block_cipher_text, upse::Buffer& mac);
- ae_error_t msg2_process(const upse::Buffer& serializedMsg2, upse::Buffer& nonce, upse::Buffer& sigRLBuffer);
- ae_error_t msg2_check_integrity(const TLVsMsg& tlvs);
- ae_error_t msg2_derive_ek2_and_retrieve_nonce(const TLVsMsg& tlvs, upse::Buffer& ek2, upse::Buffer& nonce);
- ae_error_t msg2_verify_mac_and_retrieve_sigrl(const provision_response_header_t& header, const TLVsMsg& tlvs, const upse::Buffer& ek2, upse::Buffer& sigRL);
- ae_error_t msg3_generate(const upse::Buffer& csrBuffer, const upse::Buffer& quoteBuffer, upse::Buffer& serializedMsg3);
- ae_error_t msg3_create_header(const upse::Buffer& transactionID, uint32_t nonceSize, uint32_t quoteSize, uint32_t epidSigSize, uint32_t csrSize, _provision_request_header_t& header);
- ae_error_t msg3_seq3_0_create_block_cipher_text_tlv(const TLVsMsg& quote, const TLVsMsg& epidSigTLV, const TLVsMsg& csrTLV, const TLVsMsg& nonceTLV,
- const _provision_request_header_t& requestHeader, const upse::Buffer& ek2,
- TLVsMsg& blockCipherTextTLV, upse::Buffer& mac);
- ae_error_t msg3_seq3_1_create_quote_tlv(const upse::Buffer& quoteBuffer, TLVsMsg& quoteTLV);
- ae_error_t msg3_seq3_2_create_quote_signature_tlv(const upse::Buffer& quote, TLVsMsg& seq3_2_tlv_quote_signature);
- ae_error_t msg4_process(const upse::Buffer& serializedMsg4, std::list< upse::Buffer >& certificateChainList, platform_info_blob_wrapper_t& piBlobWrapper);
- ae_error_t msg4_validate_tlvs(const TLVsMsg& tlvs);
- ae_error_t msg4_verify_mac(const _provision_response_header_t& header, const TLVsMsg& tlvs);
- ae_error_t msg4_get_certificates(const TLVsMsg& tlvs, std::list< upse::Buffer >& certificateChainList, platform_info_blob_wrapper_t& piBlobWrapper);
- ae_error_t aesGCMEncrypt(const upse::Buffer& iv, const upse::Buffer& keyReader, const upse::Buffer& plainText,
- const upse::Buffer& aad, upse::Buffer& encryptedText, upse::Buffer& mac);
- ae_error_t aesGCMDecrypt(const upse::Buffer& iv, const upse::Buffer& key, const upse::Buffer& cipherText,
- const upse::Buffer& aad, const upse::Buffer& mac, upse::Buffer& plainText);
- ae_error_t aesCMAC(const upse::Buffer& key, const upse::Buffer& message, upse::Buffer& cmac);
- ae_error_t encryptRSA_OAEP_SHA256(const public_key_t& publicKey, upse::BufferReader& plainTextReader, upse::Buffer& encryptedText);
- private:
- // Disable class operations (default constructor, copy constructor, assignment operator, and address-of operator)
- //CertificateProvisioningProtocol(); // default constructor
- CertificateProvisioningProtocol(const CertificateProvisioningProtocol& rhs); // copy constructor
- CertificateProvisioningProtocol& operator=(const CertificateProvisioningProtocol& rhs); // address-of operator
- const CertificateProvisioningProtocol* operator&() const; // address-of operator
- };
- #endif
|