1 /*############################################################################
2   # Copyright 2016-2017 Intel Corporation
3   #
4   # Licensed under the Apache License, Version 2.0 (the "License");
5   # you may not use this file except in compliance with the License.
6   # You may obtain a copy of the License at
7   #
8   #     http://www.apache.org/licenses/LICENSE-2.0
9   #
10   # Unless required by applicable law or agreed to in writing, software
11   # distributed under the License is distributed on an "AS IS" BASIS,
12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   # See the License for the specific language governing permissions and
14   # limitations under the License.
15   ############################################################################*/
16 /// Intel(R) EPID 1.1 issuer material parsing utilities.
17 /*!
18  * \file
19  */
20 #ifndef EPID_COMMON_1_1_FILE_PARSER_H_
21 #define EPID_COMMON_1_1_FILE_PARSER_H_
22 
23 #include <stddef.h>
24 
25 #include "epid/common/1.1/types.h"
26 #include "epid/common/errors.h"
27 #include "epid/common/file_parser.h"
28 
29 /// Parser for 1.1 issuer material
30 /*!
31  \defgroup Epid11FileParserModule Intel(R) EPID 1.1 support
32 
33  Defines the APIs needed to parse Intel(R) EPID 1.1 issuer material.
34 
35  \ingroup FileParser
36  \see <a href="group___epid11_verifier_module.html#details"><b>Intel(R)
37  EPID 1.1 support</b></a>
38   @{
39 */
40 
41 /// Extracts group public key from buffer in issuer binary format
42 /*!
43 
44   Extracts the first group public key from a buffer with format of
45   Intel(R) EPID 1.1 Group Public Key Certificate Binary File. The
46   function validates that the first public key was signed by the
47   private key corresponding to the provided CA certificate and the
48   size of the input buffer is correct.
49 
50   \warning
51   It is the responsibility of the caller to authenticate the
52   EpidCaCertificate.
53 
54   \param[in] buf
55   Pointer to buffer containing public key to extract.
56 
57   \param[in] len
58   The size of buf in bytes.
59 
60   \param[in] cert
61   The issuing CA public key certificate.
62 
63   \param[out] pubkey
64   The extracted group public key.
65 
66   \returns ::EpidStatus
67 
68   \retval ::kEpidSigInvalid
69   Parsing failed due to data authentication failure.
70 
71   \see <a href="group___epid11_verifier_module.html#details"><b>Intel(R)
72   EPID 1.1
73  support</b></a>
74 
75  */
76 EpidStatus Epid11ParseGroupPubKeyFile(void const* buf, size_t len,
77                                       EpidCaCertificate const* cert,
78                                       Epid11GroupPubKey* pubkey);
79 
80 /// Extracts private key revocation list from buffer in issuer binary format
81 /*!
82 
83   Extracts the private key revocation list from a buffer with format of
84   Intel(R) EPID 1.1 Binary Private Key Revocation List File.  The function
85   validates that the revocation list was signed by the private
86   key corresponding to the provided CA certificate and the size of the
87   input buffer is correct.
88 
89   To determine the required size of the revocation list output buffer,
90   provide a null pointer for the output buffer.
91 
92   \warning
93   It is the responsibility of the caller to authenticate the
94   EpidCaCertificate.
95 
96   \param[in] buf
97   Pointer to buffer containing the revocation list to extract.
98 
99   \param[in] len
100   The size of buf in bytes.
101 
102   \param[in] cert
103   The issuing CA public key certificate.
104 
105   \param[out] rl
106   The extracted revocation list.  If Null, rl_len is filled with
107   the required output buffer size.
108 
109   \param[in,out] rl_len
110   The size of rl in bytes.
111 
112   \returns ::EpidStatus
113 
114   \retval ::kEpidSigInvalid
115   Parsing failed due to data authentication failure.
116 
117   \see <a href="group___epid11_verifier_module.html#details"><b>Intel(R)
118   EPID 1.1 support</b></a>
119 
120  */
121 EpidStatus Epid11ParsePrivRlFile(void const* buf, size_t len,
122                                  EpidCaCertificate const* cert,
123                                  Epid11PrivRl* rl, size_t* rl_len);
124 
125 /// Extracts signature revocation list from buffer in issuer binary format
126 /*!
127 
128   Extracts the signature based revocation list from a buffer with
129   format of Intel(R) EPID 1.1 Binary Signature Revocation List File.  The
130   function
131   validates that the revocation list was signed by the private key
132   corresponding to the provided CA certificate and the size of the
133   input buffer is correct.
134 
135   To determine the required size of the revocation list output buffer,
136   provide a null pointer for the output buffer.
137 
138   \warning
139   It is the responsibility of the caller to authenticate the
140   EpidCaCertificate.
141 
142   \param[in] buf
143   Pointer to buffer containing the revocation list to extract.
144 
145   \param[in] len
146   The size of buf in bytes.
147 
148   \param[in] cert
149   The issuing CA public key certificate.
150 
151   \param[out] rl
152   The extracted revocation list.  If Null, rl_len is filled with
153   the required output buffer size.
154 
155   \param[in,out] rl_len
156   The size of rl in bytes.
157 
158   \returns ::EpidStatus
159 
160   \retval ::kEpidSigInvalid
161   Parsing failed due to data authentication failure.
162 
163   \see <a href="group___epid11_verifier_module.html#details"><b>Intel(R)
164   EPID 1.1 support</b></a>
165 
166  */
167 EpidStatus Epid11ParseSigRlFile(void const* buf, size_t len,
168                                 EpidCaCertificate const* cert, Epid11SigRl* rl,
169                                 size_t* rl_len);
170 
171 /// Extracts group revocation list from buffer in issuer binary format
172 /*!
173 
174   Extracts the group revocation list from a buffer with format of
175   Intel(R) EPID 1.1 Binary Group Certificate Revocation List File.  The function
176   validates that the revocation list was signed by the private key
177   corresponding to the provided CA certificate and the size of the
178   input buffer is correct.
179 
180   To determine the required size of the revocation list output buffer,
181   provide a null pointer for the output buffer.
182 
183   \warning
184   It is the responsibility of the caller to authenticate the
185   EpidCaCertificate.
186 
187   \param[in] buf
188   Pointer to buffer containing the revocation list to extract.
189 
190   \param[in] len
191   The size of buf in bytes.
192 
193   \param[in] cert
194   The issuing CA public key certificate.
195 
196   \param[out] rl
197   The extracted revocation list.  If Null, rl_len is filled with
198   the required output buffer size.
199 
200   \param[in,out] rl_len
201   The size of rl in bytes.
202 
203   \returns ::EpidStatus
204 
205   \retval ::kEpidSigInvalid
206   Parsing failed due to data authentication failure.
207 
208   \see <a href="group___epid11_verifier_module.html#details"><b>Intel(R)
209   EPID 1.1 support</b></a>
210 
211  */
212 EpidStatus Epid11ParseGroupRlFile(void const* buf, size_t len,
213                                   EpidCaCertificate const* cert,
214                                   Epid11GroupRl* rl, size_t* rl_len);
215 
216 /*!
217   @}
218 */
219 
220 #endif  // EPID_COMMON_1_1_FILE_PARSER_H_
221