1 2/* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2006 8 * 9 */ 10 11#include "daa_parameter.h" 12#include "daa_structs.h" 13#include "anonymity_revocation.h" 14#include "verifier.h" 15#include "tsplog.h" 16 17CS_ENCRYPTION_RESULT *create_CS_ENCRYPTION_RESULT( 18 bi_ptr c1, 19 bi_ptr c2, 20 bi_ptr c3, 21 bi_ptr c4 22) { 23 CS_ENCRYPTION_RESULT *result = 24 (CS_ENCRYPTION_RESULT *)malloc( sizeof(CS_ENCRYPTION_RESULT)); 25 26 if (result == NULL) { 27 LogError("malloc of %d bytes failed", sizeof(CS_ENCRYPTION_RESULT)); 28 return NULL; 29 } 30 result->c1 = c1; 31 result->c2 = c2; 32 result->c3 = c3; 33 result->c4 = c4; 34 return result; 35} 36 37CS_ENCRYPTION_RESULT_RANDOMNESS *create_CS_ENCRYPTION_RESULT_RANDOMNESS( 38 CS_ENCRYPTION_RESULT *cs_encryption_result, 39 bi_ptr randomness 40) { 41 CS_ENCRYPTION_RESULT_RANDOMNESS *result = 42 (CS_ENCRYPTION_RESULT_RANDOMNESS *) 43 malloc(sizeof(CS_ENCRYPTION_RESULT_RANDOMNESS)); 44 45 if (result == NULL) { 46 LogError("malloc of %d bytes failed", 47 sizeof(CS_ENCRYPTION_RESULT_RANDOMNESS)); 48 return NULL; 49 } 50 result->randomness = randomness; 51 result->result = cs_encryption_result; 52 return result; 53} 54 55bi_ptr compute_u( const EVP_MD *digest, 56 const bi_ptr c1, 57 const bi_ptr c2, 58 const bi_ptr c3, 59 const BYTE *condition, 60 const int conditionLength 61) { 62 BYTE *buffer, *bytes; 63 int c1_size = bi_nbin_size( c1); 64 int c2_size = bi_nbin_size( c2); 65 int c3_size = bi_nbin_size( c3); 66 int index = 0; 67 int length; 68 bi_ptr value; 69 int bufferLength = c1_size + c2_size + c3_size + conditionLength; 70 71 buffer = (BYTE *)malloc( bufferLength); 72 if (buffer == NULL) { 73 LogError("malloc of %d bytes failed", bufferLength); 74 return NULL; 75 } 76 bi_2_byte_array( &buffer[index], c1_size, c1); 77 index += c1_size; 78 bi_2_byte_array( &buffer[index], c2_size, c2); 79 index += c2_size; 80 bi_2_byte_array( &buffer[index], c3_size, c3); 81 index += c3_size; 82 memcpy( &buffer[index], condition, conditionLength); 83 index += conditionLength; 84 length = DAA_PARAM_LENGTH_MFG1_ANONYMITY_REVOCATION / 8; // 25 /8 85 bytes = compute_bytes( bufferLength, buffer, length, digest); 86 if( bytes == NULL) return NULL; 87 value = bi_set_as_nbin( length, bytes); 88 free( bytes); 89 free( buffer); 90 return value; 91} 92 93CS_ENCRYPTION_RESULT_RANDOMNESS* internal_compute_encryption_proof( 94 const bi_ptr msg, 95 const bi_ptr delta1, 96 const bi_ptr delta2, 97 const bi_ptr delta3, 98 const bi_ptr randomness, 99 const CS_PUBLIC_KEY *key, 100 const struct tdTSS_DAA_PK_internal *daa_key, 101 const BYTE *condition, 102 const int conditionLength, 103 const EVP_MD *digest 104) { 105 bi_ptr modulus = daa_key->modulus; 106 bi_ptr gamma = daa_key->gamma; 107 bi_ptr c1 = bi_new_ptr( ); 108 bi_ptr c2 = bi_new_ptr( ); 109 bi_ptr c3 = bi_new_ptr( ); 110 bi_ptr c4; 111 bi_ptr exp; 112 bi_t bi_tmp; 113 bi_t bi_tmp1; 114 115 bi_new( bi_tmp); 116 bi_new( bi_tmp1); 117 if( bi_cmp( msg, modulus) >= 0) { 118 LogError("IllegalArgument: msg to big for key size"); 119 bi_free_ptr( c1); 120 bi_free_ptr( c2); 121 bi_free_ptr( c3); 122 bi_free( bi_tmp); 123 bi_free( bi_tmp1); 124 return NULL; 125 } 126 bi_mod_exp( c1, gamma, randomness, modulus); 127 bi_mod_exp( c2, key->eta, randomness, modulus); 128 // c3=msg * (key->lambda3 ^ randomness) % mopdulus) 129 bi_mul( c3, msg, bi_mod_exp( bi_tmp, key->lambda3, randomness, modulus)); 130 bi_mod( c3, c3, modulus); // c3 = c3 % modulus 131 if( delta1 != NULL) { 132 if( !( delta2!=NULL && delta3!=NULL)) { 133 LogError("Illegal Arguments: delta2==NULL or delta3==NULL"); 134 bi_free_ptr( c1); 135 bi_free_ptr( c2); 136 bi_free_ptr( c3); 137 bi_free( bi_tmp); 138 bi_free( bi_tmp1); 139 return NULL; 140 } 141 exp = compute_u( digest, delta1, delta2, delta3, condition, conditionLength); 142 } else { 143 if( !( delta2==NULL && delta3==NULL)) { 144 LogError("Illegal Arguments: delta2!=NULL or delta3!=NULL"); 145 bi_free_ptr( c1); 146 bi_free_ptr( c2); 147 bi_free_ptr( c3); 148 bi_free( bi_tmp); 149 bi_free( bi_tmp1); 150 return NULL; 151 } 152 exp = compute_u( digest, c1, c2, c3, condition, conditionLength); 153 } 154 // exp = exp * randomness 155 bi_mul( exp, exp, randomness); 156 // exp = exp % daa_key->rho 157 bi_mod( exp, exp, daa_key->rho); 158 // bi_tmp = (key->lambda1 ^ randomness) % modulus 159 bi_mod_exp( bi_tmp, key->lambda1, randomness, modulus); 160 // bi_tmp1 = (key->lambda2 ^ exp) % modulus 161 bi_mod_exp( bi_tmp1, key->lambda2, exp, modulus); 162 c4 = bi_new_ptr(); 163 // c4 = bi_tmp * bi_tmp1 164 bi_mul( c4, bi_tmp, bi_tmp1); 165 // c4 = c4 % modulus 166 bi_mod( c4, c4, modulus); 167 bi_free_ptr( exp); 168 bi_free( bi_tmp1); 169 bi_free( bi_tmp); 170 return create_CS_ENCRYPTION_RESULT_RANDOMNESS( 171 create_CS_ENCRYPTION_RESULT( c1, c2, c3, c4), 172 randomness); 173} 174 175/* 176Cramer-Shoup EncryptionProof 177from com.ibm.zurich.tcg.daa.anonymityrevocation.CSEncryptionProof 178 */ 179CS_ENCRYPTION_RESULT_RANDOMNESS *compute_ecryption_proof( 180 const bi_ptr msg, 181 const bi_ptr delta1, 182 const bi_ptr delta2, 183 const bi_ptr delta3, 184 const bi_ptr randomness, 185 const CS_PUBLIC_KEY *key, 186 const struct tdTSS_DAA_PK_internal *daa_key, 187 const BYTE *condition, 188 const int conditionLength, 189 const EVP_MD *digest 190) { 191 if( delta1 == NULL || delta2 == NULL || delta3 == NULL) { 192 LogError("Illegal Argument: deltas (delta1:%ld delta2:%ld delta3:%ld)", 193 (long)delta1, (long)delta2, (long)delta3); 194 return NULL; 195 } 196 if( bi_cmp( randomness, daa_key->rho) >=0 || bi_cmp_si( randomness, 0) < 0) { 197 LogError("randomness >= rho || randomness < 0 \n\trandomness:%s\n\trho:%s\n", 198 bi_2_dec_char( randomness), bi_2_dec_char( daa_key->rho)); 199 return NULL; 200 } 201 return internal_compute_encryption_proof( msg, 202 delta1, 203 delta2, 204 delta3, 205 randomness, 206 key, 207 daa_key, 208 condition, 209 conditionLength, 210 digest); 211} 212