[aaf/sshsm.git] / tpm-util / duplicate / crypto_aux.c

/*
 * Copyright 2018 Intel Corporation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *     Unless required by applicable law or agreed to in writing, software
 *     distributed under the License is distributed on an "AS IS" BASIS,
 *     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *     See the License for the specific language governing permissions and
 *     limitations under the License.
 */
// Author: Arun Kumar Sekar

#include "crypto_aux.h"
#include "util.h"

UINT32 (*HmacFunctionPtr)( TPMI_ALG_HASH hashAlg, TPM2B *key,TPM2B **bufferList, TPM2B_DIGEST *result ) = OpenSslHmac;


int RSA_OAEP_Enc(TPM2B_PUBLIC_KEY_RSA *plain, // plain text to encrypt
                                                                                        //Size of plain (0 <= pl <= kl - (2 * hashLen + 2)
                                TPM2B_PUBLIC_KEY_RSA *cipher,           // must be same size as key in bytes
                                TPM2B_PUBLIC_KEY_RSA *key,                      // Key in big endian byte array
                                TPM2B_DATA *encoding_params // Null terminated string like
                                                                                                // ((unsigned char*)"DUPLICATE")
                                                                                                // length of encoding parameter includes \0
                                                                                                // (10 in DUPLICATE case..)
                                )
{
        RSA *rsa = NULL;
        unsigned char   encoded[256];
        int     RC;
        BIGNUM* bne;
        BIGNUM* n;

        //Encoding
        RC = RSA_padding_add_PKCS1_OAEP_mgf1(encoded, key->b.size, plain->b.buffer, plain->b.size,
                        encoding_params->b.buffer, encoding_params->b.size, EVP_sha256(), NULL);

        if(RC!=1)goto cleanup;

        // Creating OpenSSL structure with the supplied TPM public:
        bne = BN_new();
        RC = BN_set_word(bne,RSA_F4); // the TPM's public exponent (2^16 + 1)
        if(RC!=1)goto cleanup;

        rsa = RSA_new();
        RC = RSA_generate_key_ex(rsa, 2048, bne, NULL); // could be done in better way i guess... just for filling up fields..
        if(RC!=1)goto cleanup;

        // Over-writing the public N:
        //rsa->n = BN_bin2bn(key->b.buffer, key->b.size, rsa->n);
        n = BN_bin2bn(key->b.buffer, key->b.size, NULL);
        RSA_set0_key(rsa,n,NULL, NULL);

        //if(rsa->n == NULL) goto cleanup;
        if(n == NULL) goto cleanup;

        // Encrypting
        RC = RSA_public_encrypt(key->b.size, encoded, cipher->b.buffer, rsa, RSA_NO_PADDING);

        //if(RC<0)goto cleanup;
        cipher->b.size = key->b.size;

cleanup:
        RSA_free(rsa);
        BN_free(bne);
        return RC;
}



void AES_128_CFB_enc_dec(
                TPM2B *in,
                TPM2B *out,
                const TPM2B *const key,
                const TPM2B *const ivIn,
                TPM2B *ivOut,
                const TPMI_YES_NO enc)
{
        TPM2B_SYM_KEY ivTemp = {{0}};
        ivTemp.b.size = 16;

        if(ivOut == NULL)
                ivOut = &(ivTemp.b);

        memccpy(ivOut->buffer, ivIn->buffer, 0, ivIn->size);
        AES_KEY aes;
        AES_set_encrypt_key(key->buffer, 128, &aes);
        int block, j;
        for(block=0; block < (in->size) ;block+=16)
        {
                unsigned char encIV[16];
                AES_encrypt(ivOut->buffer, encIV, &aes);

                for(j=0;j<16;j++)
                {
                        if(j+block >= (in->size))
                                ivOut->buffer[j]=0;
                        else if(enc)
                                ivOut->buffer[j] = out->buffer[block+j] = encIV[j]^(in->buffer[block+j]);
                        else
                        {
                                ivOut->buffer[j] = in->buffer[block+j];
                                out->buffer[block+j] = encIV[j]^(in->buffer[block+j]);
                        }
                }
        }
        out->size = in->size;

}


UINT32 ChangeEndianDword( UINT32 p )
{
    return( ((const UINT32)(((p)& 0xFF) << 24))    | \
          ((const UINT32)(((p)& 0xFF00) << 8))   | \
          ((const UINT32)(((p)& 0xFF0000) >> 8)) | \
          ((const UINT32)(((p)& 0xFF000000) >> 24)));
}


TPM_RC KDFa( TPMI_ALG_HASH hashAlg, TPM2B *key, char *label,
    TPM2B *contextU, TPM2B *contextV, UINT16 bits, TPM2B_MAX_BUFFER  *resultKey )
{

        TPM2B_DIGEST tmpResult;
    TPM2B_DIGEST tpm2bLabel, tpm2bBits, tpm2b_i_2;
    UINT8 *tpm2bBitsPtr = &tpm2bBits.t.buffer[0];
    UINT8 *tpm2b_i_2Ptr = &tpm2b_i_2.t.buffer[0];
    TPM2B_DIGEST *bufferList[8];
    UINT32 bitsSwizzled, i_Swizzled;
    TPM_RC rval;
    int i, j;
    UINT16 bytes = bits / 8;

#ifdef DEBUG
    DebugPrintf( 0, "KDFA, hashAlg = %4.4x\n", hashAlg );
    DebugPrintf( 0, "\n\nKDFA, key = \n" );
    PrintSizedBuffer( key );
#endif

    resultKey->t .size = 0;

    tpm2b_i_2.t.size = 4;

    tpm2bBits.t.size = 4;
    bitsSwizzled = ChangeEndianDword( bits );
    *(UINT32 *)tpm2bBitsPtr = bitsSwizzled;

    for(i = 0; label[i] != 0 ;i++ );

    tpm2bLabel.t.size = i+1;
    for( i = 0; i < tpm2bLabel.t.size; i++ )
    {
        tpm2bLabel.t.buffer[i] = label[i];
    }

#ifdef DEBUG
    DebugPrintf( 0, "\n\nKDFA, tpm2bLabel = \n" );
    PrintSizedBuffer( (TPM2B *)&tpm2bLabel );

    DebugPrintf( 0, "\n\nKDFA, contextU = \n" );
    PrintSizedBuffer( contextU );

    DebugPrintf( 0, "\n\nKDFA, contextV = \n" );
    PrintSizedBuffer( contextV );
#endif

    resultKey->t.size = 0;

    i = 1;

    while( resultKey->t.size < bytes )
    {
        // Inner loop

        i_Swizzled = ChangeEndianDword( i );
        *(UINT32 *)tpm2b_i_2Ptr = i_Swizzled;

        j = 0;
        bufferList[j++] = (TPM2B_DIGEST *)&(tpm2b_i_2.b);
        bufferList[j++] = (TPM2B_DIGEST *)&(tpm2bLabel.b);
        bufferList[j++] = (TPM2B_DIGEST *)contextU;
        bufferList[j++] = (TPM2B_DIGEST *)contextV;
        bufferList[j++] = (TPM2B_DIGEST *)&(tpm2bBits.b);
        bufferList[j++] = (TPM2B_DIGEST *)0;
#ifdef DEBUG
        for( j = 0; bufferList[j] != 0; j++ )
        {
            DebugPrintf( 0, "\n\nbufferlist[%d]:\n", j );
            PrintSizedBuffer( &( bufferList[j]->b ) );
        }
#endif
        rval = (*HmacFunctionPtr )( hashAlg, key, (TPM2B **)&( bufferList[0] ), &tmpResult );
        if( rval != TPM_RC_SUCCESS )
        {
            return( rval );
        }

        ConcatSizedByteBuffer( resultKey, &(tmpResult.b) );
    }

    // Truncate the result to the desired size.
    resultKey->t.size = bytes;

#ifdef DEBUG
    DebugPrintf( 0, "\n\nKDFA, resultKey = \n" );
    PrintSizedBuffer( &( resultKey->b ) );
#endif

    return TPM_RC_SUCCESS;
}


UINT32 OpenSslHmac( TPMI_ALG_HASH hashAlg, TPM2B *key,TPM2B **bufferList, TPM2B_DIGEST *result )
{
        if(hashAlg != TPM_ALG_SHA256)return -1;

        UINT32 RC = 0;
        HMAC_CTX *hmac = HMAC_CTX_new();
        UINT32 resLen=0;

        int i=0;

        HMAC_Init_ex(hmac, key->buffer, key->size, EVP_sha256(), NULL);

        for(i=0;bufferList[i];i++) 
        {
                HMAC_Update(hmac, bufferList[i]->buffer, bufferList[i]->size);
        }

        HMAC_Final(hmac, result->b.buffer, &resLen);
        result->b.size = resLen;

        HMAC_CTX_free(hmac);

        return RC;
}

void print_buff(char * data, int len, const PBYTE buff)
{
    printf("%s \n",data);
    int i = 0;
    for(;i<len;i++)
        printf("0x%02X, ", buff[i]);
    printf("\n");

}