1 /*############################################################################
2   # Copyright 2016-2017 Intel Corporation
3   #
4   # Licensed under the Apache License, Version 2.0 (the "License");
5   # you may not use this file except in compliance with the License.
6   # You may obtain a copy of the License at
7   #
8   #     http://www.apache.org/licenses/LICENSE-2.0
9   #
10   # Unless required by applicable law or agreed to in writing, software
11   # distributed under the License is distributed on an "AS IS" BASIS,
12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   # See the License for the specific language governing permissions and
14   # limitations under the License.
15   ############################################################################*/
16 
17 /*!
18  * \file
19  * \brief Intel(R) EPID issuer material parsing utilities.
20  */
21 #ifndef EPID_COMMON_FILE_PARSER_H_
22 #define EPID_COMMON_FILE_PARSER_H_
23 
24 #include <stddef.h>
25 
26 #include "epid/common/errors.h"
27 #include "epid/common/types.h"
28 
29 /// Parser for issuer material
30 /*!
31   \defgroup FileParser fileparser
32   Provides an API for parsing buffers formatted according to the
33   various IoT Intel(R) EPID binary file formats.
34 
35   To use this module, include the header epid/common/file_parser.h.
36 
37   \ingroup EpidCommon
38   @{
39 */
40 
41 /// Recognized Intel(R) EPID versions
42 typedef enum EpidVersion {
43   kEpid1x,           ///< Intel(R) EPID version 1.x
44   kEpid2x,           ///< Intel(R) EPID version 2.x
45   kNumEpidVersions,  ///< Maximum number of versions
46 } EpidVersion;
47 
48 /// Encoding of issuer material Intel(R) EPID versions
49 extern const OctStr16 kEpidVersionCode[kNumEpidVersions];
50 
51 /// Recognized Intel(R) EPID file types
52 typedef enum EpidFileType {
53   kIssuingCaPubKeyFile,  ///< IoT Issuing CA public key file
54   kGroupPubKeyFile,      ///< Group Public Key Output File Format
55   kPrivRlFile,           ///< Binary Private Key Revocation List
56   kSigRlFile,            ///< Binary Signature Revocation List
57   kGroupRlFile,          ///< Binary Group Revocation List
58   kPrivRlRequestFile,    ///< Binary Private Key Revocation Request
59   kSigRlRequestFile,     ///< Binary Signature Revocation Request
60   kGroupRlRequestFile,   ///< Binary Group Revocation Request
61   kNumFileTypes,         ///< Maximum number of file types
62 } EpidFileType;
63 
64 /// Encoding of issuer material file types
65 extern const OctStr16 kEpidFileTypeCode[kNumFileTypes];
66 
67 #pragma pack(1)
68 /// Intel(R) EPID binary file header
69 typedef struct EpidFileHeader {
70   OctStr16 epid_version;  ///< Intel(R) EPID Version
71   OctStr16 file_type;     ///< File Type
72 } EpidFileHeader;
73 
74 /// IoT CA Certificate binary format
75 typedef struct EpidCaCertificate {
76   EpidFileHeader header;     ///< Intel(R) EPID binary file header
77   OctStr512 pubkey;          ///< Public Key (Qx, Qy)
78   OctStr256 prime;           ///< Prime of GF(p)
79   OctStr256 a;               ///< Coefficient of E Curve
80   OctStr256 b;               ///< Coefficient of E Curve
81   OctStr256 x;               ///< X coordinate of Base point G
82   OctStr256 y;               ///< Y coordinate of Base point G
83   OctStr256 r;               ///< Order of base point
84   EcdsaSignature signature;  ///< ECDSA Signature on SHA-256 of above values
85 } EpidCaCertificate;
86 #pragma pack()
87 
88 /// Extracts Intel(R) EPID Binary Output File header information
89 /*!
90   \param[in] buf
91   Pointer to buffer containing Intel(R) EPID Binary Output File to parse.
92 
93   \param[in] len
94   The size of buf in bytes.
95 
96   \param[out] epid_version
97   The extracted Intel(R) EPID version or kNumEpidVersions if Intel(R) EPID
98   version is unknown. Pass NULL to not extract.
99 
100   \param[out] file_type
101   The extracted Intel(R) EPID file type or kNumFileTypes if file type is
102   unknown. Pass NULL to not extract.
103 
104   \returns ::EpidStatus
105 
106 */
107 EpidStatus EpidParseFileHeader(void const* buf, size_t len,
108                                EpidVersion* epid_version,
109                                EpidFileType* file_type);
110 
111 /// Extracts group public key from buffer in issuer binary format
112 /*!
113 
114   Extracts the first group public key from a buffer with format of
115   Intel(R) EPID 2.0 Group Public Key Certificate Binary File. The
116   function validates that the first public key was signed by the
117   private key corresponding to the provided CA certificate and the
118   size of the input buffer is correct.
119 
120   \warning
121   It is the responsibility of the caller to authenticate the
122   EpidCaCertificate.
123 
124   \param[in] buf
125   Pointer to buffer containing public key to extract.
126 
127   \param[in] len
128   The size of buf in bytes.
129 
130   \param[in] cert
131   The issuing CA public key certificate.
132 
133   \param[out] pubkey
134   The extracted group public key.
135 
136   \returns ::EpidStatus
137 
138   \retval ::kEpidSigInvalid
139   Parsing failed due to data authentication failure.
140 
141   \b Examples
142 
143   \ref UserManual_GeneratingAnIntelEpidSignature
144  */
145 EpidStatus EpidParseGroupPubKeyFile(void const* buf, size_t len,
146                                     EpidCaCertificate const* cert,
147                                     GroupPubKey* pubkey);
148 
149 /// Extracts private key revocation list from buffer in issuer binary format
150 /*!
151 
152   Extracts the private key revocation list from a buffer with format of
153   Binary Private Key Revocation List File.  The function
154   validates that the revocation list was signed by the private
155   key corresponding to the provided CA certificate and the size of the
156   input buffer is correct.
157 
158   To determine the required size of the revocation list output buffer,
159   provide a null pointer for the output buffer.
160 
161   \warning
162   It is the responsibility of the caller to authenticate the
163   EpidCaCertificate.
164 
165   \param[in] buf
166   Pointer to buffer containing the revocation list to extract.
167 
168   \param[in] len
169   The size of buf in bytes.
170 
171   \param[in] cert
172   The issuing CA public key certificate.
173 
174   \param[out] rl
175   The extracted revocation list.  If Null, rl_len is filled with
176   the required output buffer size.
177 
178   \param[in,out] rl_len
179   The size of rl in bytes.
180 
181   \returns ::EpidStatus
182 
183   \retval ::kEpidSigInvalid
184   Parsing failed due to data authentication failure.
185 
186   \b Example
187 
188   \ref UserManual_VerifyingAnIntelEpidSignature
189  */
190 EpidStatus EpidParsePrivRlFile(void const* buf, size_t len,
191                                EpidCaCertificate const* cert, PrivRl* rl,
192                                size_t* rl_len);
193 
194 /// Extracts signature revocation list from buffer in issuer binary format
195 /*!
196 
197   Extracts the signature based revocation list from a buffer with
198   format of Binary Signature Revocation List File.  The function
199   validates that the revocation list was signed by the private key
200   corresponding to the provided CA certificate and the size of the
201   input buffer is correct.
202 
203   To determine the required size of the revocation list output buffer,
204   provide a null pointer for the output buffer.
205 
206   \warning
207   It is the responsibility of the caller to authenticate the
208   EpidCaCertificate.
209 
210   \param[in] buf
211   Pointer to buffer containing the revocation list to extract.
212 
213   \param[in] len
214   The size of buf in bytes.
215 
216   \param[in] cert
217   The issuing CA public key certificate.
218 
219   \param[out] rl
220   The extracted revocation list.  If Null, rl_len is filled with
221   the required output buffer size.
222 
223   \param[in,out] rl_len
224   The size of rl in bytes.
225 
226   \returns ::EpidStatus
227 
228   \retval ::kEpidSigInvalid
229   Parsing failed due to data authentication failure.
230 
231   \b Examples
232 
233   \ref UserManual_GeneratingAnIntelEpidSignature
234  */
235 EpidStatus EpidParseSigRlFile(void const* buf, size_t len,
236                               EpidCaCertificate const* cert, SigRl* rl,
237                               size_t* rl_len);
238 
239 /// Extracts group revocation list from buffer in issuer binary format
240 /*!
241 
242   Extracts the group revocation list from a buffer with format of
243   Binary Group Certificate Revocation List File.  The function
244   validates that the revocation list was signed by the private key
245   corresponding to the provided CA certificate and the size of the
246   input buffer is correct.
247 
248   To determine the required size of the revocation list output buffer,
249   provide a null pointer for the output buffer.
250 
251   \warning
252   It is the responsibility of the caller to authenticate the
253   EpidCaCertificate.
254 
255   \param[in] buf
256   Pointer to buffer containing the revocation list to extract.
257 
258   \param[in] len
259   The size of buf in bytes.
260 
261   \param[in] cert
262   The issuing CA public key certificate.
263 
264   \param[out] rl
265   The extracted revocation list.  If Null, rl_len is filled with
266   the required output buffer size.
267 
268   \param[in,out] rl_len
269   The size of rl in bytes.
270 
271   \returns ::EpidStatus
272 
273   \retval ::kEpidSigInvalid
274   Parsing failed due to data authentication failure.
275 
276   \b Example
277 
278   \ref UserManual_VerifyingAnIntelEpidSignature
279  */
280 EpidStatus EpidParseGroupRlFile(void const* buf, size_t len,
281                                 EpidCaCertificate const* cert, GroupRl* rl,
282                                 size_t* rl_len);
283 
284 /*!
285   @}
286 */
287 
288 #endif  // EPID_COMMON_FILE_PARSER_H_
289