kaa_error_t kaa_init_rsa_keypair(void) { #ifdef KAA_RUNTIME_KEY_GENERATION /* Initialization should be performed only once */ static bool initialized = false; if (!initialized) { if (mbedtls_pk_parse_keyfile(&kaa_pk_context_, KAA_PRIVATE_KEY_STORAGE, NULL)) { if (rsa_genkey(&kaa_pk_context_)) { mbedtls_pk_free(&kaa_pk_context_); return KAA_ERR_BADDATA; } if (write_rsa_key(&kaa_pk_context_, KAA_PRIVATE_KEY_STORAGE, PRIVATE_KEY)) { mbedtls_pk_free(&kaa_pk_context_); return KAA_ERR_BADDATA; } if (write_rsa_key(&kaa_pk_context_, KAA_PUBLIC_KEY_STORAGE, PUBLIC_KEY)) { mbedtls_pk_free(&kaa_pk_context_); return KAA_ERR_BADDATA; } } if (mbedtls_pk_parse_public_keyfile(&pk_pub_context, KAA_PUBLIC_KEY_STORAGE)) { pk_pub_context = kaa_pk_context_; } initialized = true; } #else if (mbedtls_pk_parse_key(&kaa_pk_context_, KAA_RSA_PRIVATE_KEY, KAA_RSA_PRIVATE_KEY_LENGTH, NULL, 0)) { return KAA_ERR_BADDATA; } #endif /* KAA_RUNTIME_KEY_GENERATION */ return KAA_ERR_NONE; }
void tpm_init_data(void) { int i; BYTE rngState[16]; TPM_DAA_TPM_SEED tpmDAASeed; TPM_NONCE ekReset; RSA_PRIVATE_KEY prikey; TPM_PCR_ATTRIBUTES pcrAttribs[TPM_NUM_PCR]; TPM_VERSION version; version.major = 0x01; version.minor = 0x02; version.revMajor = 0x00; version.revMinor = 0x01; /* set permannet data tag */ write_TPM_PERMANENT_DATA_tag(TPM_TAG_PERMANENT_DATA); /* set TPM version */ write_TPM_PERMANENT_DATA_version(&version); /* seed PRNG */ get_random(rngState, sizeof(rngState)); write_TPM_PERMANENT_DATA_rngState(rngState); /* setup PCR attributes */ for (i = 0; i < TPM_NUM_PCR && i < 16; i++) { init_pcr_attr(pcrAttribs+i, FALSE, 0x00, 0x1f); } if (TPM_NUM_PCR >= 24) { init_pcr_attr(pcrAttribs+16, TRUE, 0x1f, 0x1f); init_pcr_attr(pcrAttribs+17, TRUE, 0x10, 0x1c); init_pcr_attr(pcrAttribs+18, TRUE, 0x10, 0x1c); init_pcr_attr(pcrAttribs+19, TRUE, 0x10, 0x0c); init_pcr_attr(pcrAttribs+20, TRUE, 0x14, 0x0e); init_pcr_attr(pcrAttribs+21, TRUE, 0x04, 0x04); init_pcr_attr(pcrAttribs+22, TRUE, 0x04, 0x04); init_pcr_attr(pcrAttribs+23, TRUE, 0x1f, 0x1f); } for (i = 24; i < TPM_NUM_PCR; i++) { init_pcr_attr(pcrAttribs+i, TRUE, 0x00, 0x00); } write_TPM_PERMANENT_DATA_pcrAttribs(pcrAttribs); /* set endoresement key */ write_TPM_PERMANENT_DATA_ekFileid(FILEID_EK); rsa_genkey(FILEID_EK, &prikey); /* we only need the public part of the prikey */ write_file(FILE_DATA, FILEID_EK_PUB, 0, sizeof(RSA_PUBLIC_KEY), (BYTE *)&prikey); /* set DAA seed */ get_random(tpmDAASeed.nonce, sizeof(TPM_NONCE)); write_TPM_PERMANENT_DATA_tpmDAASeed(&tpmDAASeed); /* set ekReset */ memset(ekReset.nonce, 0, sizeof(TPM_NONCE)); memcpy(ekReset.nonce, "\xde\xad\xbe\xef", 4); write_TPM_PERMANENT_DATA_ekReset(&ekReset); /* set fileid of public and private portion of keys */ for (i = 0; i < TPM_MAX_KEYS; i++) { write_TPM_PERMANENT_DATA_keys_zero(i); write_TPM_PERMANENT_DATA_keys_keyFileid(i, FILEID_RSA_OFFSET + i); write_TPM_PERMANENT_DATA_keys_pubkeyFileid(i, FILEID_RSA_PUB_OFFSET + i); } /* initialize predefined non-volatile storage */ init_nv_storage(); /* set the timeout and duration values */ init_timeouts(); }