1 /*############################################################################
2   # Copyright 2017 Intel Corporation
3   #
4   # Licensed under the Apache License, Version 2.0 (the "License");
5   # you may not use this file except in compliance with the License.
6   # You may obtain a copy of the License at
7   #
8   #     http://www.apache.org/licenses/LICENSE-2.0
9   #
10   # Unless required by applicable law or agreed to in writing, software
11   # distributed under the License is distributed on an "AS IS" BASIS,
12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   # See the License for the specific language governing permissions and
14   # limitations under the License.
15   ############################################################################*/
16 /// Non-sensitive member context implementation
17 /*! \file */
18 
19 #include "epid/member/src/validatekey.h"
20 
21 #include <stddef.h>
22 
23 #include "epid/common/math/ecgroup.h"
24 #include "epid/common/math/finitefield.h"
25 #include "epid/common/math/pairing.h"
26 #include "epid/common/src/epid2params.h"
27 #include "epid/common/src/memory.h"
28 #include "epid/common/types.h"  // MemberPrecomp
29 #include "epid/member/src/context.h"
30 #include "epid/member/src/privateexp.h"
31 
32 /// Handle Intel(R) EPID Error with Break
33 #define BREAK_ON_EPID_ERROR(ret) \
34   if (kEpidNoErr != (ret)) {     \
35     break;                       \
36   }
37 
EpidMemberIsKeyValid(MemberCtx * ctx,G1ElemStr const * A_str,FpElemStr const * x_str,G1ElemStr const * h1_str,G2ElemStr const * w_str)38 bool EpidMemberIsKeyValid(MemberCtx* ctx, G1ElemStr const* A_str,
39                           FpElemStr const* x_str, G1ElemStr const* h1_str,
40                           G2ElemStr const* w_str) {
41   bool key_is_valid = false;
42   EcPoint* t1 = NULL;
43   EcPoint* t2 = NULL;
44   FfElement* t3 = NULL;
45   FfElement* t4 = NULL;
46   EcPoint* A = NULL;
47   EcPoint* h1 = NULL;
48   EcPoint* w = NULL;
49 
50   if (!ctx || !A_str || !x_str || !h1_str || !w_str || !ctx->epid2_params) {
51     return false;
52   }
53 
54   do {
55     EpidStatus sts = kEpidErr;
56     EcGroup* G1 = ctx->epid2_params->G1;
57     EcGroup* G2 = ctx->epid2_params->G2;
58     FiniteField* GT = ctx->epid2_params->GT;
59     EcPoint* g1 = ctx->epid2_params->g1;
60     EcPoint* g2 = ctx->epid2_params->g2;
61     PairingState* ps_ctx = ctx->epid2_params->pairing_state;
62 
63     if (!ctx->is_provisioned && !ctx->is_initially_provisioned) {
64       sts = EpidMemberInitialProvision(ctx);
65       BREAK_ON_EPID_ERROR(sts);
66     }
67 
68     // 2. The member computes t1 = G2.sscmExp(g2, x).
69     sts = NewEcPoint(G2, &t1);
70     BREAK_ON_EPID_ERROR(sts);
71 
72     sts = EcSscmExp(G2, g2, (BigNumStr const*)x_str, t1);
73     BREAK_ON_EPID_ERROR(sts);
74 
75     // 3. The member computes t1 = G2.mul(t1, w).
76     sts = NewEcPoint(G2, &w);
77     BREAK_ON_EPID_ERROR(sts);
78     sts = ReadEcPoint(G2, w_str, sizeof(*w_str), w);
79     BREAK_ON_EPID_ERROR(sts);
80     sts = EcMul(G2, t1, w, t1);
81     BREAK_ON_EPID_ERROR(sts);
82 
83     // 4. The member computes t3 = pairing(A, t1).
84     sts = NewFfElement(GT, &t3);
85     BREAK_ON_EPID_ERROR(sts);
86     sts = NewEcPoint(G1, &A);
87     BREAK_ON_EPID_ERROR(sts);
88     sts = ReadEcPoint(G1, A_str, sizeof(*A_str), A);
89     BREAK_ON_EPID_ERROR(sts);
90     sts = Pairing(ps_ctx, A, t1, t3);
91     BREAK_ON_EPID_ERROR(sts);
92 
93     // 5. The member computes t2 = G1.sscmExp(h1, f).
94     sts = NewEcPoint(G1, &t2);
95     BREAK_ON_EPID_ERROR(sts);
96     sts = NewEcPoint(G1, &h1);
97     BREAK_ON_EPID_ERROR(sts);
98     sts = ReadEcPoint(G1, h1_str, sizeof(*h1_str), h1);
99     BREAK_ON_EPID_ERROR(sts);
100     sts = EpidPrivateExp(ctx, h1, t2);
101     BREAK_ON_EPID_ERROR(sts);
102 
103     // 6. The member computes t2 = G1.mul(t2, g1).
104     sts = EcMul(G1, t2, g1, t2);
105     BREAK_ON_EPID_ERROR(sts);
106 
107     // Step 7. The member computes t4 = pairing(t2, g2).
108     sts = NewFfElement(GT, &t4);
109     BREAK_ON_EPID_ERROR(sts);
110     sts = Pairing(ps_ctx, t2, g2, t4);
111     BREAK_ON_EPID_ERROR(sts);
112 
113     // 8. If GT.isEqual(t3, t4) = false, reports bad private key.
114     sts = FfIsEqual(GT, t3, t4, &key_is_valid);
115     if (kEpidNoErr != sts) {
116       key_is_valid = false;
117       BREAK_ON_EPID_ERROR(sts);
118     }
119   } while (0);
120 
121   DeleteEcPoint(&t1);
122   DeleteEcPoint(&t2);
123   DeleteFfElement(&t3);
124   DeleteFfElement(&t4);
125   DeleteEcPoint(&A);
126   DeleteEcPoint(&h1);
127   DeleteEcPoint(&w);
128 
129   return key_is_valid;
130 }
131