int CA_STEP6_derive_keys(EAC_CTX *ctx, const BUF_MEM *nonce, const BUF_MEM *token) { int rv = -1; check((ctx && ctx->ca_ctx), "Invalid arguments"); if (!KA_CTX_derive_keys(ctx->ca_ctx->ka_ctx, nonce, ctx->md_ctx)) goto err; rv = verify_authentication_token(ctx->ca_ctx->protocol, ctx->ca_ctx->ka_ctx, ctx->bn_ctx, ctx->tr_version, token); check(rv >= 0, "Failed to verify authentication token"); /* PACE, TA and CA were successful. Update the trust anchor! */ if (rv) { if (ctx->ta_ctx->new_trust_anchor) { CVC_CERT_free(ctx->ta_ctx->trust_anchor); ctx->ta_ctx->trust_anchor = ctx->ta_ctx->new_trust_anchor; ctx->ta_ctx->new_trust_anchor = NULL; } } err: return rv; }
int CA_STEP5_derive_keys(const EAC_CTX *ctx, const BUF_MEM *pub, BUF_MEM **nonce, BUF_MEM **token) { BUF_MEM *r = NULL; BUF_MEM *authentication_token = NULL; check((ctx && ctx->ca_ctx && ctx->ca_ctx->ka_ctx && nonce && token), "Invalid arguments"); /* Generate nonce and derive k_mac and k_enc*/ r = randb(CA_NONCE_SIZE); if (!r || !KA_CTX_derive_keys(ctx->ca_ctx->ka_ctx, r, ctx->md_ctx)) goto err; /* Compute authentication token */ authentication_token = get_authentication_token(ctx->ca_ctx->protocol, ctx->ca_ctx->ka_ctx, ctx->bn_ctx, ctx->tr_version, pub); check(authentication_token, "Failed to compute authentication token"); *nonce = r; *token = authentication_token; return 1; err: BUF_MEM_clear_free(r); return 0; }
int PACE_STEP3C_derive_keys(const EAC_CTX *ctx) { if (!ctx || !ctx->pace_ctx) { log_err("Invalid arguments"); return 0; } return KA_CTX_derive_keys(ctx->pace_ctx->ka_ctx, NULL, ctx->md_ctx); }