int
CA_STEP6_derive_keys(EAC_CTX *ctx, const BUF_MEM *nonce, const BUF_MEM *token)
{
int rv = -1;
check((ctx && ctx->ca_ctx), "Invalid arguments");
if (!KA_CTX_derive_keys(ctx->ca_ctx->ka_ctx, nonce, ctx->md_ctx))
goto err;
rv = verify_authentication_token(ctx->ca_ctx->protocol,
ctx->ca_ctx->ka_ctx,
ctx->bn_ctx, ctx->tr_version, token);
check(rv >= 0, "Failed to verify authentication token");
/* PACE, TA and CA were successful. Update the trust anchor! */
if (rv) {
if (ctx->ta_ctx->new_trust_anchor) {
CVC_CERT_free(ctx->ta_ctx->trust_anchor);
ctx->ta_ctx->trust_anchor = ctx->ta_ctx->new_trust_anchor;
ctx->ta_ctx->new_trust_anchor = NULL;
}
}
err:
return rv;
}
int
CA_STEP5_derive_keys(const EAC_CTX *ctx, const BUF_MEM *pub,
BUF_MEM **nonce, BUF_MEM **token)
{
BUF_MEM *r = NULL;
BUF_MEM *authentication_token = NULL;
check((ctx && ctx->ca_ctx && ctx->ca_ctx->ka_ctx && nonce && token),
"Invalid arguments");
/* Generate nonce and derive k_mac and k_enc*/
r = randb(CA_NONCE_SIZE);
if (!r || !KA_CTX_derive_keys(ctx->ca_ctx->ka_ctx, r, ctx->md_ctx))
goto err;
/* Compute authentication token */
authentication_token = get_authentication_token(ctx->ca_ctx->protocol,
ctx->ca_ctx->ka_ctx, ctx->bn_ctx, ctx->tr_version,
pub);
check(authentication_token, "Failed to compute authentication token");
*nonce = r;
*token = authentication_token;
return 1;
err:
BUF_MEM_clear_free(r);
return 0;
}
int
PACE_STEP3C_derive_keys(const EAC_CTX *ctx)
{
if (!ctx || !ctx->pace_ctx) {
log_err("Invalid arguments");
return 0;
}
return KA_CTX_derive_keys(ctx->pace_ctx->ka_ctx, NULL, ctx->md_ctx);
}
