1 /*############################################################################
2   # Copyright 2017 Intel Corporation
3   #
4   # Licensed under the Apache License, Version 2.0 (the "License");
5   # you may not use this file except in compliance with the License.
6   # You may obtain a copy of the License at
7   #
8   #     http://www.apache.org/licenses/LICENSE-2.0
9   #
10   # Unless required by applicable law or agreed to in writing, software
11   # distributed under the License is distributed on an "AS IS" BASIS,
12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   # See the License for the specific language governing permissions and
14   # limitations under the License.
15   ############################################################################*/
16 /// Tiny member sign implementation.
17 /*! \file */
18 
19 #define EXPORT_EPID_APIS
20 #include <epid/member/api.h>
21 #include "epid/member/tiny/src/context.h"
22 #include "epid/member/tiny/src/native_types.h"
23 #include "epid/member/tiny/src/nrprove.h"
24 #include "epid/member/tiny/src/serialize.h"
25 #include "epid/member/tiny/src/signbasic.h"
26 #include "epid/member/tiny/stdlib/endian.h"
27 #include "epid/member/tiny/stdlib/tiny_stdlib.h"
28 
29 // SIZE_MAX is not guaranteed in C89/90
30 #define SIZE_T_MAX ((size_t)(-1))
31 
EpidGetSigSize(SigRl const * sig_rl)32 size_t EPID_API EpidGetSigSize(SigRl const* sig_rl) {
33   const size_t kMinSigSize = sizeof(EpidSignature) - sizeof(NrProof);
34   if (!sig_rl) {
35     return kMinSigSize;
36   } else {
37     uint32_t n2 = be32toh(sig_rl->n2);
38     if (n2 > (SIZE_T_MAX - kMinSigSize) / sizeof(NrProof)) {
39       return kMinSigSize;
40     } else {
41       return kMinSigSize + n2 * sizeof(NrProof);
42     }
43   }
44 }
45 
EpidSign(MemberCtx const * ctx,void const * msg,size_t msg_len,void const * basename,size_t basename_len,EpidSignature * sig,size_t sig_len)46 EpidStatus EPID_API EpidSign(MemberCtx const* ctx, void const* msg,
47                              size_t msg_len, void const* basename,
48                              size_t basename_len, EpidSignature* sig,
49                              size_t sig_len) {
50   EpidStatus sts = kEpidErr;
51   OctStr32 octstr32_0 = {{0x00, 0x00, 0x00, 0x00}};
52   NativeBasicSignature sigma0;
53   if (!ctx || !sig) {
54     return kEpidBadArgErr;
55   }
56   if (!msg && (0 != msg_len)) {
57     // if message is non-empty it must have both length and content
58     return kEpidBadArgErr;
59   }
60   if (!ctx->is_provisioned) {
61     return kEpidOutOfSequenceError;
62   }
63   if (!basename && (0 != basename_len)) {
64     // if basename is non-empty it must have both length and content
65     return kEpidBadArgErr;
66   }
67   if (EpidGetSigSize(ctx->sig_rl) > sig_len) {
68     return kEpidBadArgErr;
69   }
70 
71   // 11. The member sets sigma0 = (B, K, T, c, sx, sf, sa, sb).
72   sts = EpidSignBasic(ctx, msg, msg_len, basename, basename_len, &sigma0);
73   if (kEpidNoErr != sts) {
74     return sts;
75   }
76   BasicSignatureSerialize(&sig->sigma0, &sigma0);
77   if (ctx->sig_rl) {
78     uint32_t i = 0;
79     uint32_t num_sig_rl = 0;
80     EpidStatus nr_prove_status = kEpidNoErr;
81     // 13. If SigRL is provided as input, the member proceeds with
82     //     the following steps:
83     //   a. The member verifies that gid in public key and in SigRL
84     //      match.
85     //      This was done under EpidMemberSetSigRl function.
86     //   b. The member copies RLver and n2 values in SigRL to the
87     //      signature.
88     sig->rl_ver = ctx->sig_rl->version;
89     sig->n2 = ctx->sig_rl->n2;
90     //   c. For i = 0, ..., n2-1, the member computes sigma[i] =
91     //      nrProve(f, B, K, B[i], K[i]). The details of nrProve()
92     //      will be given in the next subsection.
93     num_sig_rl = be32toh(ctx->sig_rl->n2);
94     for (i = 0; i < num_sig_rl; i++) {
95       sts = EpidNrProve(ctx, msg, msg_len, &sigma0, &ctx->sig_rl->bk[i],
96                         &sig->sigma[i]);
97       if (kEpidNoErr != sts) {
98         nr_prove_status = sts;
99       }
100     }
101     if (kEpidNoErr != nr_prove_status) {
102       memset(&sig->sigma[0], 0, num_sig_rl * sizeof(sig->sigma[0]));
103       return nr_prove_status;
104     }
105   } else {
106     // 12. If SigRL is not provided as input,
107     //   a. The member sets RLver = 0 and n2 = 0.
108     //   b. The member outputs (sigma0, RLver, n2) and returns "succeeded".
109     sig->rl_ver = octstr32_0;
110     sig->n2 = octstr32_0;
111   }
112   //   d. The member outputs (sigma0, RLver, n2, sigma[0], ...,
113   //      sigma[n2-1]).
114   //   e. If any of the nrProve() functions outputs "failed", the
115   //      member returns "revoked", otherwise returns "succeeded".
116   return kEpidNoErr;
117 }
118