bool ProductEvidence_Serialize(const_ProductEvidence ev, FILE* fp) { if(!WriteOneBignum(str_c, sizeof(str_c), fp, ev->c)) return false; if(!WriteOneBignum(str_z, sizeof(str_z), fp, ev->z)) return false; if(!WriteOneBignum(str_w1, sizeof(str_w1), fp, ev->w1)) return false; if(!WriteOneBignum(str_w2, sizeof(str_w2), fp, ev->w2)) return false; return true; }
void RunEaSession(SSL* ssl, void* data) { int rfd, wfd; FILE* rfp; FILE* wfp; SetupFileDescriptors(ssl, &rfd, &rfp, &wfd, &wfp); RsaDevice device = (RsaDevice)data; // Device makes entropy request BIGNUM* v1 = BN_new(); BIGNUM* v2 = BN_new(); BIGNUM* v3 = BN_new(); BIGNUM* v4 = BN_new(); CHECK_CALL(v1); CHECK_CALL(v2); CHECK_CALL(RsaDevice_GenEntropyRequest(device, v1, v2)); PrintTime("Sending commits to EA"); // Send mode flag CHECK_CALL(fprintf(wfp, "%d\n", RSA_CLIENT)); CHECK_CALL(!fflush(wfp)); CHECK_CALL(WriteOneBignum(STRING_COMMIT_X, sizeof(STRING_COMMIT_X), wfp, v1)); CHECK_CALL(WriteOneBignum(STRING_COMMIT_Y, sizeof(STRING_COMMIT_Y), wfp, v2)); CHECK_CALL(!fflush(wfp)); PrintTime("...done"); // Read x', y' from EA PrintTime("Reading entropy from EA"); CHECK_CALL(ReadOneBignum(&v1, rfp, STRING_X_PRIME)); CHECK_CALL(ReadOneBignum(&v2, rfp, STRING_Y_PRIME)); PrintTime("...done"); CHECK_CALL(RsaDevice_SetEntropyResponse(device, v1, v2)); // Send proof to EA ProductEvidence ev; CHECK_CALL(ev); X509_REQ* req = X509_REQ_new(); CHECK_CALL(req); CHECK_CALL(RsaDevice_GenEaSigningRequest(device, req, v1, v2, v3, &ev)); PrintTime("Sending cert to EA"); CHECK_CALL(i2d_X509_REQ_fp(wfp, req)); //fprintf(wfp, "\n"); CHECK_CALL(!fflush(wfp)); CHECK_CALL(WriteOneBignum(STRING_DELTA_X, sizeof(STRING_DELTA_X), wfp, v1)); CHECK_CALL(WriteOneBignum(STRING_DELTA_Y, sizeof(STRING_DELTA_Y), wfp, v2)); CHECK_CALL(WriteOneBignum(STRING_MODULUS_RAND, sizeof(STRING_MODULUS_RAND), wfp, v3)); CHECK_CALL(ProductEvidence_Serialize(ev, wfp)); CHECK_CALL(!fflush(wfp)); PrintTime("...done"); X509_REQ_free(req); ProductEvidence_Free(ev); X509* cert = NULL; PrintTime("Reading cert from EA"); if(!(cert = d2i_X509_fp(rfp, NULL))) { fatal("Could not read X509 response"); } PrintTime("...done"); fclose(rfp); fclose(wfp); BN_clear_free(v1); BN_clear_free(v2); BN_clear_free(v3); BN_clear_free(v4); // Give EA signature back to device CHECK_CALL(RsaDevice_SetEaCertResponse(device, cert)); X509_free(cert); return; }