kaa_error_t kaa_init_rsa_keypair(void)
{
#ifdef KAA_RUNTIME_KEY_GENERATION
/* Initialization should be performed only once */
static bool initialized = false;
if (!initialized) {
if (mbedtls_pk_parse_keyfile(&kaa_pk_context_, KAA_PRIVATE_KEY_STORAGE, NULL)) {
if (rsa_genkey(&kaa_pk_context_)) {
mbedtls_pk_free(&kaa_pk_context_);
return KAA_ERR_BADDATA;
}
if (write_rsa_key(&kaa_pk_context_, KAA_PRIVATE_KEY_STORAGE, PRIVATE_KEY)) {
mbedtls_pk_free(&kaa_pk_context_);
return KAA_ERR_BADDATA;
}
if (write_rsa_key(&kaa_pk_context_, KAA_PUBLIC_KEY_STORAGE, PUBLIC_KEY)) {
mbedtls_pk_free(&kaa_pk_context_);
return KAA_ERR_BADDATA;
}
}
if (mbedtls_pk_parse_public_keyfile(&pk_pub_context, KAA_PUBLIC_KEY_STORAGE)) {
pk_pub_context = kaa_pk_context_;
}
initialized = true;
}
#else
if (mbedtls_pk_parse_key(&kaa_pk_context_, KAA_RSA_PRIVATE_KEY,
KAA_RSA_PRIVATE_KEY_LENGTH, NULL, 0)) {
return KAA_ERR_BADDATA;
}
#endif /* KAA_RUNTIME_KEY_GENERATION */
return KAA_ERR_NONE;
}
void tpm_init_data(void) {
int i;
BYTE rngState[16];
TPM_DAA_TPM_SEED tpmDAASeed;
TPM_NONCE ekReset;
RSA_PRIVATE_KEY prikey;
TPM_PCR_ATTRIBUTES pcrAttribs[TPM_NUM_PCR];
TPM_VERSION version;
version.major = 0x01;
version.minor = 0x02;
version.revMajor = 0x00;
version.revMinor = 0x01;
/* set permannet data tag */
write_TPM_PERMANENT_DATA_tag(TPM_TAG_PERMANENT_DATA);
/* set TPM version */
write_TPM_PERMANENT_DATA_version(&version);
/* seed PRNG */
get_random(rngState, sizeof(rngState));
write_TPM_PERMANENT_DATA_rngState(rngState);
/* setup PCR attributes */
for (i = 0; i < TPM_NUM_PCR && i < 16; i++) {
init_pcr_attr(pcrAttribs+i, FALSE, 0x00, 0x1f);
}
if (TPM_NUM_PCR >= 24) {
init_pcr_attr(pcrAttribs+16, TRUE, 0x1f, 0x1f);
init_pcr_attr(pcrAttribs+17, TRUE, 0x10, 0x1c);
init_pcr_attr(pcrAttribs+18, TRUE, 0x10, 0x1c);
init_pcr_attr(pcrAttribs+19, TRUE, 0x10, 0x0c);
init_pcr_attr(pcrAttribs+20, TRUE, 0x14, 0x0e);
init_pcr_attr(pcrAttribs+21, TRUE, 0x04, 0x04);
init_pcr_attr(pcrAttribs+22, TRUE, 0x04, 0x04);
init_pcr_attr(pcrAttribs+23, TRUE, 0x1f, 0x1f);
}
for (i = 24; i < TPM_NUM_PCR; i++) {
init_pcr_attr(pcrAttribs+i, TRUE, 0x00, 0x00);
}
write_TPM_PERMANENT_DATA_pcrAttribs(pcrAttribs);
/* set endoresement key */
write_TPM_PERMANENT_DATA_ekFileid(FILEID_EK);
rsa_genkey(FILEID_EK, &prikey);
/* we only need the public part of the prikey */
write_file(FILE_DATA, FILEID_EK_PUB, 0, sizeof(RSA_PUBLIC_KEY), (BYTE *)&prikey);
/* set DAA seed */
get_random(tpmDAASeed.nonce, sizeof(TPM_NONCE));
write_TPM_PERMANENT_DATA_tpmDAASeed(&tpmDAASeed);
/* set ekReset */
memset(ekReset.nonce, 0, sizeof(TPM_NONCE));
memcpy(ekReset.nonce, "\xde\xad\xbe\xef", 4);
write_TPM_PERMANENT_DATA_ekReset(&ekReset);
/* set fileid of public and private portion of keys */
for (i = 0; i < TPM_MAX_KEYS; i++) {
write_TPM_PERMANENT_DATA_keys_zero(i);
write_TPM_PERMANENT_DATA_keys_keyFileid(i, FILEID_RSA_OFFSET + i);
write_TPM_PERMANENT_DATA_keys_pubkeyFileid(i, FILEID_RSA_PUB_OFFSET + i);
}
/* initialize predefined non-volatile storage */
init_nv_storage();
/* set the timeout and duration values */
init_timeouts();
}
