static ae_error_t msg4_field1_msg_checking(const TLVsMsg& tlvs_field1)
{
uint32_t tlv_count = tlvs_field1.get_tlv_count();
if(tlv_count!=MSG4_FIELD1_COUNT) {
return PVE_MSG_ERROR;
}
uint32_t i;
for(i=0; i<tlv_count; ++i)
if(tlvs_field1[i].version != TLV_VERSION_1)
return PVE_MSG_ERROR;
if(MSG4_FIELD1_Nonce2.type != TLV_NONCE ||
MSG4_FIELD1_Nonce2.size != NONCE_2_SIZE ||
MSG4_FIELD1_Nonce2.header_size != SMALL_TLV_HEADER_SIZE)
return PVE_MSG_ERROR;
if(MSG4_FIELD1_ENC_Axf.type != TLV_BLOCK_CIPHER_TEXT||
MSG4_FIELD1_ENC_Axf.size != BLOCK_CIPHER_TEXT_TLV_PAYLOAD_SIZE(HARD_CODED_EPID_MEMBER_WITH_ESCROW_TLV_SIZE))
return PVE_MSG_ERROR;
if(MSG4_FIELD1_MAC_Axf.type != TLV_MESSAGE_AUTHENTICATION_CODE||
MSG4_FIELD1_MAC_Axf.size != MAC_SIZE||
MSG4_FIELD1_MAC_Axf.header_size != SMALL_TLV_HEADER_SIZE)
return PVE_MSG_ERROR;
if(MSG4_FIELD1_GROUP_CERT.type != TLV_EPID_GROUP_CERT||
MSG4_FIELD1_GROUP_CERT.size != sizeof(signed_epid_group_cert_t)||
MSG4_FIELD1_GROUP_CERT.header_size != SMALL_TLV_HEADER_SIZE)
return PVE_MSG_ERROR;
if (MSG4_FIELD1_PLATFORM_INFO.type != TLV_PLATFORM_INFO ||
MSG4_FIELD1_PLATFORM_INFO.size != sizeof(bk_platform_info_t) ||
MSG4_FIELD1_PLATFORM_INFO.header_size != SMALL_TLV_HEADER_SIZE)
return PVE_MSG_ERROR;
return AE_SUCCESS;
}
tlv_status_t TLVsMsg::add_block_cipher_text(const uint8_t iv[IV_SIZE],const uint8_t *text, uint32_t len)
{
tlv_info_t one_info;
one_info.header_size = UNKNOWN_TLV_HEADER_SIZE;
one_info.payload = NULL;
one_info.size = BLOCK_CIPHER_TEXT_TLV_PAYLOAD_SIZE(len);
one_info.type = TLV_BLOCK_CIPHER_TEXT;
one_info.version = TLV_VERSION_1;
uint32_t size = ::calc_one_tlv_size(one_info);
tlv_msg_t new_buf;
tlv_info_t *new_info = NULL;
tlv_status_t ret = alloc_more_buffer(size, new_buf);
if(ret != TLV_SUCCESS)
return ret;
ret = create_new_info(new_info);
if(ret != TLV_SUCCESS)
return ret;
if((ret=::tlv_msg_init_one_tlv(&one_info, new_buf))!=TLV_SUCCESS){
return ret;
}
new_buf = block_cipher_tlv_get_encrypted_text(one_info);
if(len>0&&text!=NULL){
if(memcpy_s(new_buf.msg_buf, new_buf.msg_size, text, len)!=0){
return (TLV_UNKNOWN_ERROR);
}
}
if(memcpy_s(block_cipher_tlv_get_iv(one_info), IV_SIZE, iv, IV_SIZE)!=0){
return (TLV_UNKNOWN_ERROR);
}
if(memcpy_s(new_info, sizeof(*new_info), &one_info, sizeof(one_info))!=0){
return TLV_UNKNOWN_ERROR;
}
ADD_TLV_DBG_INFO
return TLV_SUCCESS;
}
ae_error_t CertificateProvisioningProtocol::msg3_seq3_0_create_block_cipher_text_tlv(const TLVsMsg& quote, const TLVsMsg& epidSigTLV, const TLVsMsg& csrTLV, const TLVsMsg& nonceTLV,
const provision_request_header_t& requestHeader, const upse::Buffer& ek2,
TLVsMsg& blockCipherTextTLV, upse::Buffer& mac)
{
ae_error_t status = AE_FAILURE;
tlv_status_t tlv_status;
upse::Buffer plainText;
upse::Buffer encryptedPayload;
do
{
status = get_random_value(IV_SIZE, M3IV);
if (AE_FAILED(status))
break;
status = plainText.Alloc(quote.get_tlv_msg_size() + epidSigTLV.get_tlv_msg_size() + csrTLV.get_tlv_msg_size());
if (AE_FAILED(status))
break;
upse::BufferWriter plainTextWriter(plainText);
status = plainTextWriter.writeRaw(quote.get_tlv_msg(), quote.get_tlv_msg_size());
if (AE_FAILED(status))
break;
status = plainTextWriter.writeRaw(epidSigTLV.get_tlv_msg(), epidSigTLV.get_tlv_msg_size());
if (AE_FAILED(status))
break;
status = plainTextWriter.writeRaw(csrTLV.get_tlv_msg(), csrTLV.get_tlv_msg_size());
if (AE_FAILED(status))
break;
uint32_t payloadSize = BLOCK_CIPHER_TEXT_TLV_PAYLOAD_SIZE(plainText.getSize());
uint32_t blockCipherTextHeaderSize = get_tlv_total_size(payloadSize) - payloadSize;
// Calculate AAD (concatenation of Request header, Nonce, Block Cipher Text TLV header and IV from Block Cipher Text TLV)
upse::Buffer aad;
status = aad.Alloc(static_cast<uint32_t>(sizeof(requestHeader) + nonceTLV.get_tlv_msg_size() + blockCipherTextHeaderSize + M3IV.getSize()));
if (AE_FAILED(status))
break;
TLVsMsg tmpBlockCipherTextTLV;
tlv_status = tmpBlockCipherTextTLV.add_block_cipher_text(M3IV.getData(), NULL, plainText.getSize());
status = tlv_error_2_pve_error(tlv_status);
if (AE_FAILED(status))
break;
upse::BufferWriter aadWriter(aad);
status = aadWriter.writeRaw((const uint8_t*)&requestHeader, sizeof(requestHeader));
if (AE_FAILED(status))
break;
status = aadWriter.writeRaw(nonceTLV.get_tlv_msg(), nonceTLV.get_tlv_msg_size());
if (AE_FAILED(status))
break;
status = aadWriter.writeRaw(tmpBlockCipherTextTLV.get_tlv_msg(), blockCipherTextHeaderSize);
if (AE_FAILED(status))
break;
status = aadWriter.writeRaw(M3IV.getData(), M3IV.getSize());
if (AE_FAILED(status))
break;
status = aesGCMEncrypt(M3IV, ek2, plainText, aad, encryptedPayload, mac);
if (AE_FAILED(status))
break;
tlv_status = blockCipherTextTLV.add_block_cipher_text(M3IV.getData(), encryptedPayload.getData(), encryptedPayload.getSize());
status = tlv_error_2_pve_error(tlv_status);
if (AE_FAILED(status))
break;
status = AE_SUCCESS;
} while (0);
return status;
}
