1 /*############################################################################
2   # Copyright 2017 Intel Corporation
3   #
4   # Licensed under the Apache License, Version 2.0 (the "License");
5   # you may not use this file except in compliance with the License.
6   # You may obtain a copy of the License at
7   #
8   #     http://www.apache.org/licenses/LICENSE-2.0
9   #
10   # Unless required by applicable law or agreed to in writing, software
11   # distributed under the License is distributed on an "AS IS" BASIS,
12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   # See the License for the specific language governing permissions and
14   # limitations under the License.
15   ############################################################################*/
16 /// EpidProvisionCredential implementation.
17 /*!
18  * \file
19  */
20 
21 #include <epid/member/api.h>
22 
23 #include <string.h>
24 #include "epid/common/src/memory.h"
25 #include "epid/common/types.h"
26 #include "epid/member/src/context.h"
27 #include "epid/member/src/storage.h"
28 #include "epid/member/src/validatekey.h"
29 #include "epid/member/tpm2/context.h"
30 #include "epid/member/tpm2/createprimary.h"
31 
EpidProvisionCredential(MemberCtx * ctx,GroupPubKey const * pub_key,MembershipCredential const * credential,MemberPrecomp const * precomp_str)32 EpidStatus EpidProvisionCredential(MemberCtx* ctx, GroupPubKey const* pub_key,
33                                    MembershipCredential const* credential,
34                                    MemberPrecomp const* precomp_str) {
35   EpidStatus sts = kEpidErr;
36   uint32_t const nv_index = 0x01c10100;
37   G1ElemStr f_str;
38 
39   if (!pub_key || !credential || !ctx) {
40     return kEpidBadArgErr;
41   }
42 
43   if (memcmp(&pub_key->gid, &credential->gid, sizeof(GroupId))) {
44     return kEpidBadArgErr;
45   }
46 
47   if (!ctx->is_provisioned && !ctx->is_initially_provisioned) {
48     sts = EpidMemberInitialProvision(ctx);
49     if (kEpidNoErr != sts) return sts;
50   }
51 
52   if (!EpidMemberIsKeyValid(ctx, &credential->A, &credential->x, &pub_key->h1,
53                             &pub_key->w)) {
54     return kEpidBadArgErr;
55   }
56 
57   sts = EpidNvWriteMembershipCredential(ctx->tpm2_ctx, pub_key, credential,
58                                         nv_index);
59 
60   if (ctx->primary_key_set) {
61     Tpm2ResetContext(&ctx->tpm2_ctx);
62     ctx->primary_key_set = false;
63   }
64   sts = Tpm2CreatePrimary(ctx->tpm2_ctx, &f_str);
65   if (kEpidNoErr != sts) {
66     return sts;
67   }
68   ctx->primary_key_set = true;
69   if (kEpidNoErr == sts) {
70     if (precomp_str) {
71       ctx->precomp = *precomp_str;
72       ctx->precomp_ready = true;
73     } else {
74       EpidZeroMemory(&ctx->precomp, sizeof(ctx->precomp));
75       ctx->precomp_ready = false;
76     }
77 
78     ctx->credential.A = credential->A;
79     ctx->credential.x = credential->x;
80     ctx->credential.gid = credential->gid;
81     ctx->pub_key = *pub_key;
82     ctx->is_provisioned = true;
83   }
84   return sts;
85 }
86