1 /*############################################################################
2   # Copyright 2016-2017 Intel Corporation
3   #
4   # Licensed under the Apache License, Version 2.0 (the "License");
5   # you may not use this file except in compliance with the License.
6   # You may obtain a copy of the License at
7   #
8   #     http://www.apache.org/licenses/LICENSE-2.0
9   #
10   # Unless required by applicable law or agreed to in writing, software
11   # distributed under the License is distributed on an "AS IS" BASIS,
12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   # See the License for the specific language governing permissions and
14   # limitations under the License.
15   ############################################################################*/
16 
17 /*!
18  * \file
19  * \brief Commitment hash implementation.
20  */
21 #include "epid/common/1.1/src/commitment.h"
22 #include <limits.h>
23 #include <stdio.h>
24 #include "epid/common/math/bignum.h"
25 #include "epid/common/math/src/bignum-internal.h"
26 #include "epid/common/src/endian_convert.h"
27 #include "epid/common/src/memory.h"
28 
SetKeySpecificEpid11CommitValues(Epid11GroupPubKey const * pub_key,Epid11CommitValues * values)29 EpidStatus SetKeySpecificEpid11CommitValues(Epid11GroupPubKey const* pub_key,
30                                             Epid11CommitValues* values) {
31   static const Epid11Params params = {
32 #include "epid/common/1.1/src/epid11params_tate.inc"
33   };
34 
35   if (!pub_key || !values) return kEpidBadArgErr;
36 
37   values->p = params.p;
38   values->g1 = params.g1;
39   values->g2 = params.g2;
40   values->g3 = params.g3;
41   values->h1 = pub_key->h1;
42   values->h2 = pub_key->h2;
43   values->w = pub_key->w;
44 
45   return kEpidNoErr;
46 }
47 
SetCalculatedEpid11CommitValues(Epid11G3ElemStr const * B,Epid11G3ElemStr const * K,Epid11G1ElemStr const * T1,Epid11G1ElemStr const * T2,EcPoint const * R1,EcPoint const * R2,EcPoint const * R3,FfElement const * R4,EcGroup * G1,EcGroup * G3,FiniteField * GT,Epid11CommitValues * values)48 EpidStatus SetCalculatedEpid11CommitValues(
49     Epid11G3ElemStr const* B, Epid11G3ElemStr const* K,
50     Epid11G1ElemStr const* T1, Epid11G1ElemStr const* T2, EcPoint const* R1,
51     EcPoint const* R2, EcPoint const* R3, FfElement const* R4, EcGroup* G1,
52     EcGroup* G3, FiniteField* GT, Epid11CommitValues* values) {
53   EpidStatus result;
54   if (!B || !K || !T1 || !T2 || !R1 || !R2 || !R3 || !R4 || !G1 || !G3 || !GT ||
55       !values) {
56     return kEpidBadArgErr;
57   }
58 
59   values->B = *B;
60   values->K = *K;
61   values->T1 = *T1;
62   values->T2 = *T2;
63 
64   result = WriteEcPoint(G1, R1, &values->R1, sizeof(values->R1));
65   if (kEpidNoErr != result) return result;
66   result = WriteEcPoint(G1, R2, &values->R2, sizeof(values->R2));
67   if (kEpidNoErr != result) return result;
68   result = WriteEcPoint(G3, R3, &values->R3, sizeof(values->R3));
69   if (kEpidNoErr != result) return result;
70   result = WriteFfElement(GT, R4, &values->R4, sizeof(values->R4));
71   if (kEpidNoErr != result) return result;
72 
73   return kEpidNoErr;
74 }
75 
CalculateEpid11CommitmentHash(Epid11CommitValues const * values,void const * msg,uint32_t msg_len,OctStr80 const * nd,Sha256Digest * c)76 EpidStatus CalculateEpid11CommitmentHash(Epid11CommitValues const* values,
77                                          void const* msg, uint32_t msg_len,
78                                          OctStr80 const* nd, Sha256Digest* c) {
79   EpidStatus result;
80 
81 #pragma pack(1)
82   struct {
83     Sha256Digest t4;
84     OctStr80 nd;
85     uint32_t msg_len;
86     uint8_t msg[1];
87   }* t4mconcat_buf = NULL;
88 #pragma pack()
89   size_t max_msg_len =
90       SIZE_MAX - (sizeof(*t4mconcat_buf) - sizeof(t4mconcat_buf->msg));
91   size_t t4mconcat_size =
92       sizeof(*t4mconcat_buf) - sizeof(t4mconcat_buf->msg) + msg_len;
93 
94   if (!values || !nd || !c) return kEpidBadArgErr;
95   if (!msg && (0 != msg_len)) {
96     // if message is non-empty it must have both length and content
97     return kEpidBadArgErr;
98   }
99   if (max_msg_len < (size_t)msg_len) {
100     return kEpidBadArgErr;
101   }
102 
103   do {
104     // compute c = H(t4 || nd || msg_len || msg).
105     t4mconcat_buf = SAFE_ALLOC(t4mconcat_size);
106     if (!t4mconcat_buf) {
107       result = kEpidMemAllocErr;
108       break;
109     }
110     // Calculate c = Hash(t4 || nd || mSize || m) where t4 is Hash(p || g1 || g2
111     //    || g3 || h1 || h2 || w || B || K || T1 || T2 || R1 || R2 || R3 || R4).
112     result = Sha256MessageDigest(values, sizeof(*values), &t4mconcat_buf->t4);
113     if (kEpidNoErr != result) break;
114     t4mconcat_buf->nd = *nd;
115     t4mconcat_buf->msg_len = ntohl(msg_len);
116     // place variable length msg into t4mconcat_buf
117     if (msg) {
118       if (0 != memcpy_S(&t4mconcat_buf->msg[0],
119                         t4mconcat_size - sizeof(*t4mconcat_buf) +
120                             sizeof(t4mconcat_buf->msg),
121                         msg, msg_len)) {
122         result = kEpidBadArgErr;
123         break;
124       }
125     }
126     result = Sha256MessageDigest(t4mconcat_buf, t4mconcat_size, c);
127     if (kEpidNoErr != result) break;
128 
129     result = kEpidNoErr;
130   } while (0);
131 
132   SAFE_FREE(t4mconcat_buf);
133 
134   return result;
135 }
136