1 /*############################################################################
2   # Copyright 2016-2017 Intel Corporation
3   #
4   # Licensed under the Apache License, Version 2.0 (the "License");
5   # you may not use this file except in compliance with the License.
6   # You may obtain a copy of the License at
7   #
8   #     http://www.apache.org/licenses/LICENSE-2.0
9   #
10   # Unless required by applicable law or agreed to in writing, software
11   # distributed under the License is distributed on an "AS IS" BASIS,
12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   # See the License for the specific language governing permissions and
14   # limitations under the License.
15   ############################################################################*/
16 #ifndef EPID_COMMON_TYPES_H_
17 #define EPID_COMMON_TYPES_H_
18 
19 #include <limits.h>  // for CHAR_BIT
20 
21 /*!
22  * \file
23  * \brief SDK data types.
24 */
25 
26 /// SDK data types.
27 /*!
28   \defgroup EpidTypes types
29   Defines serialized data types used by the SDK.
30 
31   Most of the types defined here are fixed size binary buffers of various sizes
32   that are semantically mapped to the types of various inputs to the
33   Intel(R) EPID APIs.
34 
35   For example ::GtElemStr is a 384 byte buffer that represents a serialized
36   value that is compatible with a ::FfElement belonging to the ::FiniteField
37   GT.
38 
39   \ingroup EpidCommon
40   @{
41 */
42 
43 /// Generic Octet String Style Number
44 typedef void* OctStr;
45 
46 /// Generic Const Octet String Style Number
47 typedef void const* ConstOctStr;
48 
49 /// Recognized hash algorithms
50 typedef enum {
51   /// Invalid
52   kInvalidHashAlg = -1,
53   /// SHA-256
54   kSha256 = 0,
55   /// SHA-384
56   kSha384 = 1,
57   /// SHA-512
58   kSha512 = 2,
59   /// SHA-512/256
60   kSha512_256 = 3,
61   /// Reserved for SHA3/256
62   kSha3_256 = 4,
63   /// Reserved for SHA3/384
64   kSha3_384 = 5,
65   /// Reserved for SHA3/512
66   kSha3_512 = 6,
67 } HashAlg;
68 
69 #pragma pack(1)
70 /// 8 bit octet string
71 typedef struct OctStr8 {
72   unsigned char data[8 / CHAR_BIT];  ///< 8 bit data
73 } OctStr8;
74 /// 16 bit octet string
75 typedef struct OctStr16 {
76   unsigned char data[16 / CHAR_BIT];  ///< 16 bit data
77 } OctStr16;
78 /// 32 bit octet string
79 typedef struct OctStr32 {
80   unsigned char data[32 / CHAR_BIT];  ///< 32 bit data
81 } OctStr32;
82 /// 64 bit octet string
83 typedef struct OctStr64 {
84   unsigned char data[64 / CHAR_BIT];  ///< 64 bit data
85 } OctStr64;
86 /// 128 bit octet string
87 typedef struct OctStr128 {
88   unsigned char data[128 / CHAR_BIT];  ///< 128 bit data
89 } OctStr128;
90 /// 256 bit octet string
91 typedef struct OctStr256 {
92   unsigned char data[256 / CHAR_BIT];  ///< 256 bit data
93 } OctStr256;
94 /// 512 bit octet string
95 typedef struct OctStr512 {
96   unsigned char data[512 / CHAR_BIT];  ///< 512 bit data
97 } OctStr512;
98 
99 /// Serialized BigNum
100 typedef struct BigNumStr {
101   OctStr256 data;  ///< 256 bit octet string
102 } BigNumStr;
103 /// a number in [0, p-1]
104 typedef struct FpElemStr {
105   OctStr256 data;  ///< 256 bit octet string
106 } FpElemStr;
107 /// a number in [0, q-1]
108 typedef struct FqElemStr {
109   OctStr256 data;  ///< 256 bit octet string
110 } FqElemStr;
111 
112 /// Serialized G1 element
113 typedef struct G1ElemStr {
114   FqElemStr x;  ///< an integer between [0, q-1]
115   FqElemStr y;  ///< an integer between [0, q-1]
116 } G1ElemStr;
117 
118 /// Serialized G2 element
119 typedef struct G2ElemStr {
120   FqElemStr x[2];  ///< an integer between [0, q-1]
121   FqElemStr y[2];  ///< an integer between [0, q-1]
122 } G2ElemStr;
123 
124 /// Serialized GT element
125 typedef struct GtElemStr {
126   FqElemStr x[12];  ///< an integer between [0, q-1]
127 } GtElemStr;
128 
129 /// Intel(R) EPID 2.0 Parameters.
130 /*!
131  * Intel(R) EPID 2.0 parameters: (p, q, b, t, neg, beta, xi0, xi1,
132  * g1, g2)
133  */
134 typedef struct Epid2Params {
135   BigNumStr p;      ///< a prime
136   BigNumStr q;      ///< a prime
137   FqElemStr b;      ///< an integer between [0, q-1]
138   OctStr64 t;       ///< an integer
139   OctStr8 neg;      ///< a boolean
140   FqElemStr beta;   ///< an integer between [0, q-1]
141   FqElemStr xi[2];  ///< array of integers between [0, q-1]
142   G1ElemStr g1;     ///<  a generator (an element) of G1
143   G2ElemStr g2;     ///<  a generator (an element) of G2
144 } Epid2Params;
145 
146 /// group ID
147 typedef OctStr128 GroupId;
148 
149 /// Intel(R) EPID 2.0 group public key
150 /*!
151  * Group public key: (gid, h1, h2, w)
152  */
153 typedef struct GroupPubKey {
154   GroupId gid;   ///< group ID
155   G1ElemStr h1;  ///< an element in G1
156   G1ElemStr h2;  ///< an element in G1
157   G2ElemStr w;   ///< an element in G2
158 } GroupPubKey;
159 
160 /// Intel(R) EPID 2.0 issuing private key
161 /*!
162  * Issuing private key: (gid, gamma)
163  */
164 typedef struct IPrivKey {
165   GroupId gid;      ///< group ID
166   FpElemStr gamma;  ///< an integer between [0, p-1]
167 } IPrivKey;
168 
169 /// Intel(R) EPID 2.0 private key
170 /*!
171  * Private key: (gid, A, x, f)
172  */
173 typedef struct PrivKey {
174   GroupId gid;  ///< group ID
175   G1ElemStr A;  ///< an element in G1
176   FpElemStr x;  ///< an integer between [0, p-1]
177   FpElemStr f;  ///< an integer between [0, p-1]
178 } PrivKey;
179 
180 /// 256 bit seed derived from fuse key
181 typedef OctStr256 Seed;
182 
183 /// Compressed private key
184 /*!
185  * Compressed Private key: (gid, A.x, seed)
186  */
187 typedef struct CompressedPrivKey {
188   GroupId gid;   ///< group ID
189   FqElemStr ax;  ///< an integer between [0, p-1]
190   Seed seed;     ///< 256 bit rekey seed
191 } CompressedPrivKey;
192 
193 /// Membership credential
194 /*!
195  * Membership credential: (gid, A, x)
196  */
197 typedef struct MembershipCredential {
198   GroupId gid;  ///< group ID
199   G1ElemStr A;  ///< an element in G1
200   FpElemStr x;  ///< an integer between [0, p-1]
201 } MembershipCredential;
202 
203 /// 256 bit nonce chosen by issuer
204 typedef OctStr256 IssuerNonce;
205 
206 /// Join request
207 /*!
208  * Join request: (F, c, s)
209  */
210 typedef struct JoinRequest {
211   G1ElemStr F;  ///< an element in G1
212   FpElemStr c;  ///< an integer between [0, p-1]
213   FpElemStr s;  ///< an integer between [0, p-1]
214 } JoinRequest;
215 
216 ////////////////////////
217 
218 /// Intel(R) EPID 2.0 basic signature.
219 /*!
220  * Basic signature: (B, K, T, c, sx, sf, sa, sb)
221  */
222 typedef struct BasicSignature {
223   G1ElemStr B;   ///< an element in G1
224   G1ElemStr K;   ///< an element in G1
225   G1ElemStr T;   ///< an element in G1
226   FpElemStr c;   ///< an integer between [0, p-1]
227   FpElemStr sx;  ///< an integer between [0, p-1]
228   FpElemStr sf;  ///< an integer between [0, p-1]
229   FpElemStr sa;  ///< an integer between [0, p-1]
230   FpElemStr sb;  ///< an integer between [0, p-1]
231 } BasicSignature;
232 
233 ///
234 /*!
235  * \brief
236  * non-revoked Proof.
237  *
238  * Non-revoked Proof: (T, c, smu, snu)
239  */
240 typedef struct NrProof {
241   G1ElemStr T;    ///< an element in G1
242   FpElemStr c;    ///< an integer between [0, p-1]
243   FpElemStr smu;  ///< an integer between [0, p-1]
244   FpElemStr snu;  ///< an integer between [0, p-1]
245 } NrProof;
246 
247 /// Intel(R) EPID 2.0 Signature
248 /*!
249  * Signature: (sigma0, RLver, n2, sigma[0], ..., sigma[n2-1])
250  */
251 typedef struct EpidSignature {
252   BasicSignature sigma0;  ///< basic signature
253   OctStr32 rl_ver;        ///< revocation list version number
254   OctStr32 n2;            ///< number of entries in SigRL
255   NrProof sigma[1];       ///< array of non-revoked proofs (flexible array)
256 } EpidSignature;
257 
258 /// private-key based revocation list.
259 /*!
260  * Private-key based revocation list PrivRL: (gid, RLver, n1, f[0],
261  * ..., f[n1-1])
262  */
263 typedef struct PrivRl {
264   GroupId gid;       ///< group ID
265   OctStr32 version;  ///< revocation list version number
266   OctStr32 n1;       ///< number of entries in PrivRL
267   FpElemStr f[1];    ///< integers between [1, p-1]  (flexible array)
268 } PrivRl;
269 
270 /// entry in SigRL (B,K)
271 typedef struct SigRlEntry {
272   G1ElemStr b;  ///< an element of G1
273   G1ElemStr k;  ///< an element of G1
274 } SigRlEntry;
275 
276 /// signature based revocation list
277 /*!
278  * Signature based revocation list SigRL: (gid, RLver, n2, B[0],
279  * K[0], ..., B[n2-1], K[n2-1])
280  */
281 typedef struct SigRl {
282   GroupId gid;       ///< group ID
283   OctStr32 version;  ///< revocation list version number
284   OctStr32 n2;       ///< number of entries in SigRL
285   SigRlEntry bk[1];  ///< revoked  Bs and Ks (flexible array)
286 } SigRl;
287 
288 /// group revocation list
289 /*!
290  * Group revocation list GroupRL: (RLver, n3, gid[0], ...,
291  * gid[n3-1])
292  */
293 typedef struct GroupRl {
294   OctStr32 version;  ///< revocation list version number
295   OctStr32 n3;       ///< number of entries in GroupRL
296   GroupId gid[1];    ///< revoked group IDs (flexible array)
297 } GroupRl;
298 
299 /*! verifier revocation list
300  * Verifier revocation list VerifierRL: (gid, B, RLver, n4, K[0],
301  * ..., K[n4-1])
302  */
303 typedef struct VerifierRl {
304   GroupId gid;       ///< group ID
305   G1ElemStr B;       ///< an element in G1
306   OctStr32 version;  ///< revocation list version number
307   OctStr32 n4;       ///< number of entries in VerifierRL
308   G1ElemStr K[1];    ///< elements in G1 (flexible array)
309 } VerifierRl;
310 
311 /// Pre-computed member settings.
312 /*!
313  * Serialized form of the information about a member that remains
314  * stable for a given set of keys.
315  *
316  * \note e12 = 0 implies that this data is not valid
317  */
318 typedef struct MemberPrecomp {
319   GtElemStr e12;  ///< an element in GT
320   GtElemStr e22;  ///< an element in GT
321   GtElemStr e2w;  ///< an element in GT
322   GtElemStr ea2;  ///< an element in GT
323 } MemberPrecomp;
324 
325 /// element to store seed values for later rekey
326 typedef G1ElemStr ReKeySeed;
327 
328 /// Serialized Fq2 element
329 typedef struct Fq2ElemStr {
330   FqElemStr a[2];  ///< polynomial coefficient
331 } Fq2ElemStr;
332 
333 /// Serialized Fq2^3 element
334 typedef struct Fq6ElemStr {
335   Fq2ElemStr a[3];  ///< polynomial coefficient
336 } Fq6ElemStr;
337 
338 /// Serialized Fq2^3^2 element
339 typedef struct Fq12ElemStr {
340   Fq6ElemStr a[2];  ///< polynomial coefficient
341 } Fq12ElemStr;
342 
343 /// ECDSA Signature using NIST 256-bit curve secp256r1
344 typedef struct EcdsaSignature {
345   OctStr256 x;  ///< 256-bit integer
346   OctStr256 y;  ///< 256-bit integer
347 } EcdsaSignature;
348 
349 /// ECDSA Public Key
350 typedef struct EcdsaPublicKey {
351   OctStr256 x;  ///< 256-bit integer
352   OctStr256 y;  ///< 256-bit integer
353 } EcdsaPublicKey;
354 
355 /// ECDSA Private Key
356 typedef struct EcdsaPrivateKey {
357   OctStr256 data;  ///< 256-bit integer
358 } EcdsaPrivateKey;
359 #pragma pack()
360 
361 /*! @} */
362 
363 #endif  // EPID_COMMON_TYPES_H_
364