//Verify S3 message
public bool VerifyS3Message(byte[] s3Message)
{
//Convert S3 message from byte array into the compatible structure
object S3MessageObj = new DataStructs.SIGMA_S3_MESSAGE();
Utils.ByteArrayToStructure(s3Message, ref S3MessageObj);
DataStructs.SIGMA_S3_MESSAGE S3Message = (DataStructs.SIGMA_S3_MESSAGE)S3MessageObj;
//Locate the data index in the message
int dataInd = Marshal.SizeOf(typeof(DataStructs.SIGMA_S3_MESSAGE)) - 1 + 32;
//Copy S3 message data from the received message into the S3 strucure data field
S3Message.data = new byte[s3Message.Length - dataInd];
Array.Copy(s3Message, dataInd, S3Message.data, 0, S3Message.data.Length);
//Prepare data for HMAC
byte[] dataForHmac = new byte[s3Message.Length - S3Message.S3Icv.Length];
Array.Copy(s3Message, S3Message.S3Icv.Length, dataForHmac, 0, dataForHmac.Length);
//Verify HMAC
CdgResult retStat = CdgResult.CdgValid;
CdgStatus status;
status = CryptoDataGenWrapper_1_1.VerifyHmac(dataForHmac, dataForHmac.Length, S3Message.S3Icv, DataStructs.SIGMA_MAC_LEN, SMK, DataStructs.SIGMA_SMK_LENGTH, ref retStat);
if (status != CdgStatus.CdgStsOk || retStat != CdgResult.CdgValid)
{
return(false);
}
//Check whether BK exists in the signed message, as a part of the S3 message validation
byte[] GaGbSig = new byte[DataStructs.EPID_SIG_LEN];
if (!DoesBKExist(S3Message, ref GaGbSig))
{
return(false);
}
//groupCert contains the SIGMA1_0 certificate for the specific EPID group ID
byte[] groupCert = Utils.GetSpecificEpidCertificate_SIGMA_1_0((uint)groupID);
//epidParamsCert contains the mathematic parameters
byte[] epidParamsData = File.ReadAllBytes(DataStructs.PRODUCTION_SIGNED_BIN_PARAMS_CERT_FILE);
//Verify message. In case that a revocation list is used - the dll function will also check that the platform was not revoked.
status = CryptoDataGenWrapper_1_1.MessageVerifyPch(groupCert, groupCert.Length, epidParamsData, GaGb, GaGb.Length, null, 0, GaGbSig, GaGbSig.Length, out retStat, null);
if (status != CdgStatus.CdgStsOk || retStat != CdgResult.CdgValid)
{
return(false);
}
return(true);
}
//Check whther BK exists in the signed message, as a p ert of the S3 message validation
bool DoesBKExist(DataStructs.SIGMA_S3_MESSAGE S3Message, ref byte[] GaGbSig)
{
//Process certificate header in order to get cert length
byte[] header = new byte[DataStructs.VLR_HEADER_LEN];
Array.Copy(S3Message.data, header, header.Length);
object certHeader = new DataStructs.VLRHeader();
Utils.ByteArrayToStructure(header, ref certHeader);
int certLen = ((DataStructs.VLRHeader)certHeader).VLRLength;
//Extract GaGb from the signed message data
Array.Copy(S3Message.data, certLen + DataStructs.VLR_HEADER_LEN, GaGbSig, 0, GaGbSig.Length);
BK = Utils.GetBKValuesFromSignedMessage(GaGbSig);
return(BK != null);
}
