1 /*############################################################################
2 # Copyright 2016-2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16
17 /*!
18 * \file
19 * \brief Commitment hash implementation.
20 */
21 #include "epid/common/src/commitment.h"
22
23 #include <limits.h>
24 #include "epid/common/math/ecgroup.h"
25 #include "epid/common/src/memory.h"
26
SetKeySpecificCommitValues(GroupPubKey const * pub_key,CommitValues * values)27 EpidStatus SetKeySpecificCommitValues(GroupPubKey const* pub_key,
28 CommitValues* values) {
29 static const Epid2Params params = {
30 #include "epid/common/src/epid2params_ate.inc"
31 };
32
33 if (!pub_key || !values) return kEpidBadArgErr;
34
35 values->p = params.p;
36 values->g1 = params.g1;
37 values->g2 = params.g2;
38 values->h1 = pub_key->h1;
39 values->h2 = pub_key->h2;
40 values->w = pub_key->w;
41
42 return kEpidNoErr;
43 }
44
SetCalculatedCommitValues(G1ElemStr const * B,G1ElemStr const * K,G1ElemStr const * T,EcPoint const * R1,EcGroup * G1,FfElement const * R2,FiniteField * GT,CommitValues * values)45 EpidStatus SetCalculatedCommitValues(G1ElemStr const* B, G1ElemStr const* K,
46 G1ElemStr const* T, EcPoint const* R1,
47 EcGroup* G1, FfElement const* R2,
48 FiniteField* GT, CommitValues* values) {
49 EpidStatus sts;
50
51 if (!B || !K || !T || !R1 || !G1 || !R2 || !GT || !values) {
52 return kEpidBadArgErr;
53 }
54
55 values->B = *B;
56 values->K = *K;
57 values->T = *T;
58
59 sts = WriteEcPoint(G1, R1, &values->R1, sizeof(values->R1));
60 if (kEpidNoErr != sts) return sts;
61 sts = WriteFfElement(GT, R2, &values->R2, sizeof(values->R2));
62 if (kEpidNoErr != sts) return sts;
63
64 return kEpidNoErr;
65 }
66
CalculateCommitmentHash(CommitValues const * values,FiniteField * Fp,HashAlg hash_alg,void const * msg,size_t msg_len,FfElement * c)67 EpidStatus CalculateCommitmentHash(CommitValues const* values, FiniteField* Fp,
68 HashAlg hash_alg, void const* msg,
69 size_t msg_len, FfElement* c) {
70 EpidStatus sts;
71
72 FfElement* t3 = NULL;
73 size_t t3mconcat_size = sizeof(FpElemStr) + msg_len;
74 uint8_t* t3mconcat_buf = NULL;
75
76 if (!values || !Fp || !c) return kEpidBadArgErr;
77 if (!msg && (0 != msg_len)) {
78 // if message is non-empty it must have both length and content
79 return kEpidBadArgErr;
80 }
81 if (SIZE_MAX - sizeof(FpElemStr) < msg_len) {
82 return kEpidBadArgErr;
83 }
84
85 do {
86 sts = NewFfElement(Fp, &t3);
87 if (kEpidNoErr != sts) break;
88
89 // compute t3 = Fp.hash(p || g1 || g2 || h1 ||
90 // h2 || w || B || K || T || R1 || R2).
91 sts = FfHash(Fp, values, sizeof(*values), hash_alg, t3);
92 if (kEpidNoErr != sts) break;
93
94 // compute c = Fp.hash(t3 || m).
95 t3mconcat_buf = SAFE_ALLOC(t3mconcat_size);
96 if (!t3mconcat_buf) {
97 sts = kEpidMemAllocErr;
98 break;
99 }
100
101 // get t3 into buffer
102 sts = WriteFfElement(Fp, t3, t3mconcat_buf, sizeof(FpElemStr));
103 if (kEpidNoErr != sts) break;
104 // get m into buffer
105 if (msg) {
106 // Memory copy is used to copy a message of variable length
107 if (0 != memcpy_S(t3mconcat_buf + sizeof(FpElemStr),
108 t3mconcat_size - sizeof(FpElemStr), msg, msg_len)) {
109 sts = kEpidBadArgErr;
110 break;
111 }
112 }
113
114 sts = FfHash(Fp, t3mconcat_buf, t3mconcat_size, hash_alg, c);
115 if (kEpidNoErr != sts) break;
116
117 sts = kEpidNoErr;
118 } while (0);
119
120 SAFE_FREE(t3mconcat_buf);
121 DeleteFfElement(&t3);
122
123 return sts;
124 }
125