Esempio n. 1
0
        private bool VerifyS3Message(byte[] s3Message)
        {
            // Convert S3 message from byte array into the compatible structure
            object S3MessageObj = new SigmaDataStructs.SigmaS3Message();

            GeneralUtils.ByteArrayToStructure(s3Message, ref S3MessageObj);
            SigmaDataStructs.SigmaS3Message S3Message = (SigmaDataStructs.SigmaS3Message)S3MessageObj;

            // Locate the data index in the message
            int dataInd = Marshal.SizeOf(typeof(SigmaDataStructs.SigmaS3Message)) - 1 + 32;

            // Copy S3 message data from the received message into the S3 strucure data field
            S3Message.data = new byte[s3Message.Length - dataInd];
            Array.Copy(s3Message, dataInd, S3Message.data, 0, S3Message.data.Length);

            // Prepare data for HMAC
            byte[] dataForHmac = new byte[s3Message.Length - S3Message.S3Icv.Length];
            Array.Copy(s3Message, S3Message.S3Icv.Length, dataForHmac, 0, dataForHmac.Length);

            // Verify HMAC
            CdgResult retStat = CdgResult.CdgValid;
            CdgStatus status;

            status = CryptoDataGenWrapper.VerifyHmac(dataForHmac, dataForHmac.Length, S3Message.S3Icv, SigmaDataStructs.SIGMA_MAC_LEN, SMK, SigmaDataStructs.SIGMA_SMK_LENGTH, ref retStat);
            if (status != CdgStatus.CdgStsOk || retStat != CdgResult.CdgValid)
            {
                return(false);
            }

            // Check whether BK exists in the signed message, as a part of the S3 message validation
            byte[] GaGbSig = new byte[SigmaDataStructs.EPID_SIG_LEN];
            if (!SigmaUtils.DoesBKExist(S3Message, ref GaGbSig))
            {
                return(false);
            }

            // groupCert contains the SIGMA 1.0 certificate for the specific EPID group ID
            byte[] groupCert = SigmaUtils.GetSpecificEpidCertificate_SIGMA_1_0(epidGroupID);
            // epidParamsCert contains the mathematic parameters
            byte[] epidParamsData = File.ReadAllBytes(EPIDDataStructs.PRODUCTION_SIGNED_BIN_PARAMS_CERT_FILE);

            // Verify message. If a revocation list is used - the dll function will also check that the platform was not revoked.
            status = CryptoDataGenWrapper.MessageVerifyPch(groupCert, groupCert.Length, epidParamsData, GaGb, GaGb.Length, null, 0, GaGbSig, GaGbSig.Length, out retStat, null);

            if (status != CdgStatus.CdgStsOk || retStat != CdgResult.CdgValid)
            {
                return(false);
            }

            return(true);
        }
Esempio n. 2
0
        private CdgStatus ProcessS1Message(byte[] s1Msg)
        {
            // Convert S1 message from byte array into the compatible structure
            object s1Message = new SigmaDataStructs.SigmaS1Message();

            GeneralUtils.ByteArrayToStructure(s1Msg, ref s1Message);

            // Extract S1 message
            SigmaDataStructs.SigmaS1Message message = (SigmaDataStructs.SigmaS1Message)s1Message;
            Ga          = message.Ga;      // Prover's ephemeral DH public key
            OCSPReq     = message.OcspReq; // An (optional) OCSP Request from the prover
            epidGroupID = message.Gid;     // Platform EPID group ID

            // Derive SK (Session Confidentiality Key: 128 bit derived from SMK), MK(Session Integrity Key: 128bit derived from SMK) and SMK(Session Message Key)
            byte[]    Sk     = new byte[SigmaDataStructs.SIGMA_SESSION_KEY_LEN];
            byte[]    Mk     = new byte[SigmaDataStructs.SIGMA_MAC_KEY_LEN];
            CdgStatus status = CryptoDataGenWrapper.DeriveSigmaKeys(Ga, Ga.Length, Gb, Gb.Length, Sk, Sk.Length, Mk, Mk.Length, SMK, SMK.Length);

            return(status);
        }