int CA_STEP5_derive_keys(const EAC_CTX *ctx, const BUF_MEM *pub, BUF_MEM **nonce, BUF_MEM **token) { BUF_MEM *r = NULL; BUF_MEM *authentication_token = NULL; check((ctx && ctx->ca_ctx && ctx->ca_ctx->ka_ctx && nonce && token), "Invalid arguments"); /* Generate nonce and derive k_mac and k_enc*/ r = randb(CA_NONCE_SIZE); if (!r || !KA_CTX_derive_keys(ctx->ca_ctx->ka_ctx, r, ctx->md_ctx)) goto err; /* Compute authentication token */ authentication_token = get_authentication_token(ctx->ca_ctx->protocol, ctx->ca_ctx->ka_ctx, ctx->bn_ctx, ctx->tr_version, pub); check(authentication_token, "Failed to compute authentication token"); *nonce = r; *token = authentication_token; return 1; err: BUF_MEM_clear_free(r); return 0; }
int PACE_STEP2_dec_nonce(const EAC_CTX * ctx, const PACE_SEC * pi, const BUF_MEM * enc_nonce) { BUF_MEM *key = NULL; int r = 0; check((ctx && ctx->pace_ctx && ctx->pace_ctx->ka_ctx && ctx->pace_ctx->ka_ctx->cipher), "Invalid arguments"); key = kdf_pi(pi, NULL, ctx->pace_ctx->ka_ctx, ctx->md_ctx); check(key, "Key derivation function failed"); BUF_MEM_clear_free(ctx->pace_ctx->nonce); ctx->pace_ctx->nonce = cipher_no_pad(ctx->pace_ctx->ka_ctx, ctx->cipher_ctx, key, enc_nonce, 0); check(ctx->pace_ctx->nonce, "Failed to decrypt nonce"); r = 1; err: BUF_MEM_clear_free(key); return r; }
BUF_MEM * PACE_STEP1_enc_nonce(const EAC_CTX * ctx, const PACE_SEC * pi) { BUF_MEM * enc_nonce = NULL; BUF_MEM * key = NULL; check((ctx && ctx->pace_ctx && ctx->pace_ctx->ka_ctx && ctx->pace_ctx->ka_ctx->cipher), "Invalid arguments"); key = kdf_pi(pi, NULL, ctx->pace_ctx->ka_ctx, ctx->md_ctx); check(key, "Key derivation function failed"); BUF_MEM_clear_free(ctx->pace_ctx->nonce); ctx->pace_ctx->nonce = randb(EVP_CIPHER_block_size(ctx->pace_ctx->ka_ctx->cipher)); check(ctx->pace_ctx->nonce, "Failed to create nonce"); enc_nonce = cipher_no_pad(ctx->pace_ctx->ka_ctx, ctx->cipher_ctx, key, ctx->pace_ctx->nonce, 1); err: BUF_MEM_clear_free(key); return enc_nonce; }
int EAC_CTX_init_ri(EAC_CTX *ctx, int protocol, int stnd_dp) { BUF_MEM *pubkey = NULL; RI_CTX *ri_ctx = NULL; int r = 0; if (!ctx || !ctx->ri_ctxs) { log_err("Invalid arguments"); goto err; } ri_ctx = RI_CTX_new(); check(ri_ctx, "Could not create RI context"); if (!RI_CTX_set_protocol(ri_ctx, protocol) || !EVP_PKEY_set_std_dp(ri_ctx->static_key, stnd_dp)) goto err; if (!ri_ctx->generate_key) goto err; pubkey = ri_ctx->generate_key(ri_ctx->static_key, ctx->bn_ctx); if (!pubkey) goto err; else /* We do not need the buffered public key and throw it away immediately */ BUF_MEM_clear_free(pubkey); r = 1; err: if (r && sk_push((_STACK *) ctx->ri_ctxs, ri_ctx)) { ctx->ri_ctx = ri_ctx; } else { /* either an error occurred before * or we could not push it onto the stack */ r = 0; RI_CTX_clear_free(ri_ctx); } return r; }
void TA_CTX_clear_free(TA_CTX *ctx) { if (!ctx) return; if (ctx->pk_pcd) BUF_MEM_free(ctx->pk_pcd); if (ctx->priv_key) EVP_PKEY_free(ctx->priv_key); if (ctx->pub_key) EVP_PKEY_free(ctx->pub_key); if (ctx->trust_anchor) CVC_CERT_free(ctx->trust_anchor); if (ctx->current_cert) CVC_CERT_free(ctx->current_cert); if (ctx->new_trust_anchor) CVC_CERT_free(ctx->new_trust_anchor); BUF_MEM_clear_free(ctx->nonce); OPENSSL_free(ctx); return; }