ProductEvidence ProductEvidence_Unserialize(FILE* fp) { ProductEvidence ev = safe_malloc(sizeof(*ev)); ev->c = BN_new(); ev->z = BN_new(); ev->w1 = BN_new(); ev->w2 = BN_new(); CHECK_CALL(ev->c); CHECK_CALL(ev->z); CHECK_CALL(ev->w1); CHECK_CALL(ev->w2); if(!(ReadOneBignum(&(ev->c), fp, str_c) && ReadOneBignum(&(ev->z), fp, str_z) && ReadOneBignum(&(ev->w1), fp, str_w1) && ReadOneBignum(&(ev->w2), fp, str_w2))) { BN_clear_free(ev->c); BN_clear_free(ev->z); BN_clear_free(ev->w1); BN_clear_free(ev->w2); free(ev); return NULL; } return ev; }
void RunEaSession(SSL* ssl, void* data) { int rfd, wfd; FILE* rfp; FILE* wfp; SetupFileDescriptors(ssl, &rfd, &rfp, &wfd, &wfp); RsaDevice device = (RsaDevice)data; // Device makes entropy request BIGNUM* v1 = BN_new(); BIGNUM* v2 = BN_new(); BIGNUM* v3 = BN_new(); BIGNUM* v4 = BN_new(); CHECK_CALL(v1); CHECK_CALL(v2); CHECK_CALL(RsaDevice_GenEntropyRequest(device, v1, v2)); PrintTime("Sending commits to EA"); // Send mode flag CHECK_CALL(fprintf(wfp, "%d\n", RSA_CLIENT)); CHECK_CALL(!fflush(wfp)); CHECK_CALL(WriteOneBignum(STRING_COMMIT_X, sizeof(STRING_COMMIT_X), wfp, v1)); CHECK_CALL(WriteOneBignum(STRING_COMMIT_Y, sizeof(STRING_COMMIT_Y), wfp, v2)); CHECK_CALL(!fflush(wfp)); PrintTime("...done"); // Read x', y' from EA PrintTime("Reading entropy from EA"); CHECK_CALL(ReadOneBignum(&v1, rfp, STRING_X_PRIME)); CHECK_CALL(ReadOneBignum(&v2, rfp, STRING_Y_PRIME)); PrintTime("...done"); CHECK_CALL(RsaDevice_SetEntropyResponse(device, v1, v2)); // Send proof to EA ProductEvidence ev; CHECK_CALL(ev); X509_REQ* req = X509_REQ_new(); CHECK_CALL(req); CHECK_CALL(RsaDevice_GenEaSigningRequest(device, req, v1, v2, v3, &ev)); PrintTime("Sending cert to EA"); CHECK_CALL(i2d_X509_REQ_fp(wfp, req)); //fprintf(wfp, "\n"); CHECK_CALL(!fflush(wfp)); CHECK_CALL(WriteOneBignum(STRING_DELTA_X, sizeof(STRING_DELTA_X), wfp, v1)); CHECK_CALL(WriteOneBignum(STRING_DELTA_Y, sizeof(STRING_DELTA_Y), wfp, v2)); CHECK_CALL(WriteOneBignum(STRING_MODULUS_RAND, sizeof(STRING_MODULUS_RAND), wfp, v3)); CHECK_CALL(ProductEvidence_Serialize(ev, wfp)); CHECK_CALL(!fflush(wfp)); PrintTime("...done"); X509_REQ_free(req); ProductEvidence_Free(ev); X509* cert = NULL; PrintTime("Reading cert from EA"); if(!(cert = d2i_X509_fp(rfp, NULL))) { fatal("Could not read X509 response"); } PrintTime("...done"); fclose(rfp); fclose(wfp); BN_clear_free(v1); BN_clear_free(v2); BN_clear_free(v3); BN_clear_free(v4); // Give EA signature back to device CHECK_CALL(RsaDevice_SetEaCertResponse(device, cert)); X509_free(cert); return; }