Example #1
0
kaa_error_t kaa_init_rsa_keypair(void)
{
#ifdef KAA_RUNTIME_KEY_GENERATION
    /* Initialization should be performed only once */
    static bool initialized = false;
    if (!initialized) {
        if (mbedtls_pk_parse_keyfile(&kaa_pk_context_, KAA_PRIVATE_KEY_STORAGE, NULL)) {
            if (rsa_genkey(&kaa_pk_context_)) {
                mbedtls_pk_free(&kaa_pk_context_);
                return KAA_ERR_BADDATA;
            }
            if (write_rsa_key(&kaa_pk_context_, KAA_PRIVATE_KEY_STORAGE, PRIVATE_KEY)) {
                mbedtls_pk_free(&kaa_pk_context_);
                return KAA_ERR_BADDATA;
            }
            if (write_rsa_key(&kaa_pk_context_, KAA_PUBLIC_KEY_STORAGE, PUBLIC_KEY)) {
                mbedtls_pk_free(&kaa_pk_context_);
                return KAA_ERR_BADDATA;
            }
        }
        if (mbedtls_pk_parse_public_keyfile(&pk_pub_context, KAA_PUBLIC_KEY_STORAGE)) {
            pk_pub_context = kaa_pk_context_;
        }
        initialized = true;
    }
#else
    if (mbedtls_pk_parse_key(&kaa_pk_context_, KAA_RSA_PRIVATE_KEY,
            KAA_RSA_PRIVATE_KEY_LENGTH, NULL, 0)) {
        return KAA_ERR_BADDATA;
    }
#endif /* KAA_RUNTIME_KEY_GENERATION */
    return KAA_ERR_NONE;
}
Example #2
0
void tpm_init_data(void) {
    int i;
    BYTE rngState[16];
    TPM_DAA_TPM_SEED tpmDAASeed;
    TPM_NONCE ekReset;
    RSA_PRIVATE_KEY prikey;
    TPM_PCR_ATTRIBUTES pcrAttribs[TPM_NUM_PCR];
    TPM_VERSION version;
    version.major = 0x01;
    version.minor = 0x02;
    version.revMajor = 0x00;
    version.revMinor = 0x01;



    /* set permannet data tag */
    write_TPM_PERMANENT_DATA_tag(TPM_TAG_PERMANENT_DATA);

    /* set TPM version */
    write_TPM_PERMANENT_DATA_version(&version);

    /* seed PRNG */
    get_random(rngState, sizeof(rngState));
    write_TPM_PERMANENT_DATA_rngState(rngState);

    /* setup PCR attributes */
    for (i = 0; i < TPM_NUM_PCR && i < 16; i++) {
      init_pcr_attr(pcrAttribs+i, FALSE, 0x00, 0x1f);
    }
    if (TPM_NUM_PCR >= 24) {
      init_pcr_attr(pcrAttribs+16, TRUE, 0x1f, 0x1f);
      init_pcr_attr(pcrAttribs+17, TRUE, 0x10, 0x1c);
      init_pcr_attr(pcrAttribs+18, TRUE, 0x10, 0x1c);
      init_pcr_attr(pcrAttribs+19, TRUE, 0x10, 0x0c);
      init_pcr_attr(pcrAttribs+20, TRUE, 0x14, 0x0e);
      init_pcr_attr(pcrAttribs+21, TRUE, 0x04, 0x04);
      init_pcr_attr(pcrAttribs+22, TRUE, 0x04, 0x04);
      init_pcr_attr(pcrAttribs+23, TRUE, 0x1f, 0x1f);
    }
    for (i = 24; i < TPM_NUM_PCR; i++) {
      init_pcr_attr(pcrAttribs+i, TRUE, 0x00, 0x00);
    }
    write_TPM_PERMANENT_DATA_pcrAttribs(pcrAttribs);
    /* set endoresement key */
    write_TPM_PERMANENT_DATA_ekFileid(FILEID_EK);
    rsa_genkey(FILEID_EK, &prikey);
    /* we only need the public part of the prikey */
    write_file(FILE_DATA, FILEID_EK_PUB, 0, sizeof(RSA_PUBLIC_KEY), (BYTE *)&prikey);

    /* set DAA seed */
    get_random(tpmDAASeed.nonce, sizeof(TPM_NONCE));
    write_TPM_PERMANENT_DATA_tpmDAASeed(&tpmDAASeed);

    /* set ekReset */
    memset(ekReset.nonce, 0, sizeof(TPM_NONCE));
    memcpy(ekReset.nonce, "\xde\xad\xbe\xef", 4);
    write_TPM_PERMANENT_DATA_ekReset(&ekReset);

    /* set fileid of public and private portion of keys */
    for (i = 0; i < TPM_MAX_KEYS; i++)  {
        write_TPM_PERMANENT_DATA_keys_zero(i);
        write_TPM_PERMANENT_DATA_keys_keyFileid(i, FILEID_RSA_OFFSET + i);
        write_TPM_PERMANENT_DATA_keys_pubkeyFileid(i, FILEID_RSA_PUB_OFFSET + i);
    }


    /* initialize predefined non-volatile storage */
    init_nv_storage();
    /* set the timeout and duration values */
    init_timeouts();
}