1 /*############################################################################
2   # Copyright 2016-2017 Intel Corporation
3   #
4   # Licensed under the Apache License, Version 2.0 (the "License");
5   # you may not use this file except in compliance with the License.
6   # You may obtain a copy of the License at
7   #
8   #     http://www.apache.org/licenses/LICENSE-2.0
9   #
10   # Unless required by applicable law or agreed to in writing, software
11   # distributed under the License is distributed on an "AS IS" BASIS,
12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   # See the License for the specific language governing permissions and
14   # limitations under the License.
15   ############################################################################*/
16 
17 /*!
18  * \file
19  * \brief EpidCheckPrivRlEntry implementation.
20  */
21 
22 #include "epid/verifier/api.h"
23 #include "epid/verifier/src/context.h"
EpidCheckPrivRlEntry(VerifierCtx const * ctx,BasicSignature const * sig,FpElemStr const * f)24 EpidStatus EpidCheckPrivRlEntry(VerifierCtx const* ctx,
25                                 BasicSignature const* sig, FpElemStr const* f) {
26   EpidStatus result = kEpidErr;
27   EcPoint* b = NULL;
28   EcPoint* k = NULL;
29   EcPoint* t4 = NULL;
30   EcGroup* G1 = NULL;
31   FfElement* ff_elem = NULL;
32   if (!ctx || !sig || !f) {
33     return kEpidBadArgErr;
34   }
35   if (!ctx->epid2_params || !ctx->epid2_params->G1) {
36     return kEpidBadArgErr;
37   }
38   do {
39     // Section 4.1.2 Step 4.b For i = 0, ... , n1-1, the verifier computes t4
40     // =G1.exp(B, f[i]) and verifies that G1.isEqual(t4, K) = false.
41     bool compare_result = false;
42     FiniteField* Fp = ctx->epid2_params->Fp;
43     G1 = ctx->epid2_params->G1;
44     result = NewFfElement(Fp, &ff_elem);
45     if (kEpidNoErr != result) {
46       break;
47     }
48     result = NewEcPoint(G1, &b);
49     if (kEpidNoErr != result) {
50       break;
51     }
52     result = NewEcPoint(G1, &k);
53     if (kEpidNoErr != result) {
54       break;
55     }
56     result = NewEcPoint(G1, &t4);
57     if (kEpidNoErr != result) {
58       break;
59     }
60     // ReadFfElement checks that the value f is in the field
61     result = ReadFfElement(Fp, (BigNumStr const*)f, sizeof(BigNumStr), ff_elem);
62     if (kEpidNoErr != result) {
63       break;
64     }
65     result = ReadEcPoint(G1, &sig->B, sizeof(sig->B), b);
66     if (kEpidNoErr != result) {
67       break;
68     }
69     result = ReadEcPoint(G1, &sig->K, sizeof(sig->K), k);
70     if (kEpidNoErr != result) {
71       break;
72     }
73     result = EcExp(G1, b, (BigNumStr const*)f, t4);
74     if (kEpidNoErr != result) {
75       break;
76     }
77     result = EcIsEqual(G1, t4, k, &compare_result);
78     if (kEpidNoErr != result) {
79       break;
80     }
81     // if t4 == k, sig revoked in PrivRl
82     if (compare_result) {
83       result = kEpidSigRevokedInPrivRl;
84     } else {
85       result = kEpidNoErr;
86     }
87   } while (0);
88   DeleteFfElement(&ff_elem);
89   DeleteEcPoint(&t4);
90   DeleteEcPoint(&k);
91   DeleteEcPoint(&b);
92   return result;
93 }
94