1 /*############################################################################ 2 # Copyright 2016-2017 Intel Corporation 3 # 4 # Licensed under the Apache License, Version 2.0 (the "License"); 5 # you may not use this file except in compliance with the License. 6 # You may obtain a copy of the License at 7 # 8 # http://www.apache.org/licenses/LICENSE-2.0 9 # 10 # Unless required by applicable law or agreed to in writing, software 11 # distributed under the License is distributed on an "AS IS" BASIS, 12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 # See the License for the specific language governing permissions and 14 # limitations under the License. 15 ############################################################################*/ 16 #ifndef EPID_VERIFIER_API_H_ 17 #define EPID_VERIFIER_API_H_ 18 19 #include <stddef.h> 20 #include "epid/common/errors.h" 21 #include "epid/common/stdtypes.h" 22 #include "epid/common/types.h" 23 24 /*! 25 * \file 26 * \brief Intel(R) EPID SDK verifier API. 27 */ 28 29 /// Verifier functionality 30 /*! 31 \defgroup EpidVerifierModule verifier 32 33 Defines the APIs needed by Intel(R) EPID verifiers. Each verifier 34 context (::VerifierCtx) represents a verifier for a single group. 35 36 To use this module, include the header epid/verifier/api.h. 37 38 \ingroup EpidModule 39 @{ 40 */ 41 42 /// Internal context of verifier. 43 typedef struct VerifierCtx VerifierCtx; 44 45 /// Pre-computed verifier settings. 46 /*! 47 Serialized form of the information about a verifier that remains stable for 48 a given set of keys. 49 50 \note e12 = 0 implies that this data is not valid 51 */ 52 #pragma pack(1) 53 typedef struct VerifierPrecomp { 54 GroupId gid; ///< group ID 55 GtElemStr e12; ///< an element in GT 56 GtElemStr e22; ///< an element in GT 57 GtElemStr e2w; ///< an element in GT 58 GtElemStr eg12; ///< an element in GT 59 } VerifierPrecomp; 60 #pragma pack() 61 62 /// Creates a new verifier context. 63 /*! 64 Must be called to create the verifier context that is used by 65 other "Verifier" APIs. 66 67 Allocates memory for the context, then initializes it. 68 69 EpidVerifierDelete() must be called to safely release the member context. 70 71 72 \param[in] pub_key 73 The group certificate. 74 \param[in] precomp 75 Optional pre-computed data. If NULL the value is computed internally and is 76 readable using EpidVerifierWritePrecomp(). 77 \param[out] ctx 78 Newly constructed verifier context. 79 80 \returns ::EpidStatus 81 82 \note 83 If the result is not ::kEpidNoErr the content of ctx is undefined. 84 85 \see EpidVerifierDelete 86 \see EpidVerifierWritePrecomp 87 88 \b Example 89 90 \ref UserManual_VerifyingAnIntelEpidSignature 91 */ 92 EpidStatus EpidVerifierCreate(GroupPubKey const* pub_key, 93 VerifierPrecomp const* precomp, 94 VerifierCtx** ctx); 95 96 /// Deletes an existing verifier context. 97 /*! 98 Must be called to safely release a verifier context created using 99 EpidVerifierCreate(). 100 101 De-initializes the context, frees memory used by the context, and sets the 102 context pointer to NULL. 103 104 \param[in,out] ctx 105 The verifier context. Can be NULL. 106 107 \see EpidVerifierCreate 108 109 \b Example 110 111 \ref UserManual_VerifyingAnIntelEpidSignature 112 */ 113 void EpidVerifierDelete(VerifierCtx** ctx); 114 115 /// Serializes the pre-computed verifier settings. 116 /*! 117 \param[in] ctx 118 The verifier context. 119 \param[out] precomp 120 The Serialized pre-computed verifier settings. 121 \returns ::EpidStatus 122 123 \note 124 If the result is not ::kEpidNoErr the content of precomp is undefined. 125 126 \b Example 127 128 \ref UserManual_VerifyingAnIntelEpidSignature 129 */ 130 EpidStatus EpidVerifierWritePrecomp(VerifierCtx const* ctx, 131 VerifierPrecomp* precomp); 132 133 /// Sets the private key based revocation list. 134 /*! 135 The caller is responsible for ensuring the revocation list is authorized, 136 e.g signed by the issuer. The caller is also responsible checking the version 137 of the revocation list. The call fails if trying to set an older version 138 of the revocation list than was last set. 139 140 \attention 141 The memory pointed to by priv_rl is accessed directly by the verifier 142 until a new list is set or the verifier is destroyed. Do not modify the 143 contents of this memory. The behavior of subsequent operations that rely on 144 the revocation list is undefined if the memory is modified. 145 146 \attention 147 It is the responsibility of the caller to free the memory pointed to by priv_rl 148 after the verifier is no longer using it. 149 150 \param[in,out] ctx 151 The verifier context. 152 \param[in] priv_rl 153 The private key based revocation list. 154 \param[in] priv_rl_size 155 The size of the private key based revocation list in bytes. 156 157 \returns ::EpidStatus 158 159 \note 160 If the result is not ::kEpidNoErr the private key based revocation list 161 pointed to by the verifier is undefined. 162 163 \see EpidVerifierCreate 164 165 \b Example 166 167 \ref UserManual_VerifyingAnIntelEpidSignature 168 */ 169 EpidStatus EpidVerifierSetPrivRl(VerifierCtx* ctx, PrivRl const* priv_rl, 170 size_t priv_rl_size); 171 172 /// Sets the signature based revocation list. 173 /*! 174 The caller is responsible for ensuring the revocation list is authorized, 175 e.g signed by the issuer. The caller is also responsible checking the version 176 of the revocation list. The call fails if trying to set an older version 177 of the revocation list than was last set. 178 179 \attention 180 The memory pointed to by sig_rl is accessed directly by the verifier 181 until a new list is set or the verifier is destroyed. Do not modify the 182 contents of this memory. The behavior of subsequent operations that rely on 183 the revocation list is undefined if the memory is modified. 184 185 \attention 186 It is the responsibility of the caller to free the memory pointed to by sig_rl 187 after the verifier is no longer using it. 188 189 \param[in,out] ctx 190 The verifier context. 191 \param[in] sig_rl 192 The signature based revocation list. 193 \param[in] sig_rl_size 194 The size of the signature based revocation list in bytes. 195 196 \returns ::EpidStatus 197 198 \note 199 If the result is not ::kEpidNoErr the signature based revocation list pointed 200 to by the verifier is undefined. 201 202 \see EpidVerifierCreate 203 204 \b Example 205 206 \ref UserManual_VerifyingAnIntelEpidSignature 207 */ 208 EpidStatus EpidVerifierSetSigRl(VerifierCtx* ctx, SigRl const* sig_rl, 209 size_t sig_rl_size); 210 211 /// Sets the group based revocation list. 212 /*! 213 The caller is responsible for ensuring the revocation list is authorized, 214 e.g signed by the issuer. The caller is also responsible checking the version 215 of the revocation list. The call fails if trying to set an older version 216 of the revocation list than was last set. 217 218 \attention 219 The memory pointed to by grp_rl is accessed directly by the verifier 220 until a new list is set or the verifier is destroyed. Do not modify the 221 contents of this memory. The behavior of subsequent operations that rely on 222 the revocation list is undefined if the memory is modified. 223 224 \attention 225 It is the responsibility of the caller to free the memory pointed to by grp_rl 226 after the verifier is no longer using it. 227 228 \param[in,out] ctx 229 The verifier context. 230 \param[in] grp_rl 231 The group based revocation list. 232 \param[in] grp_rl_size 233 The size of the group based revocation list in bytes. 234 235 \returns ::EpidStatus 236 237 \note 238 If the result is not ::kEpidNoErr the group based revocation list pointed 239 to by the verifier is undefined. 240 241 \see EpidVerifierCreate 242 243 \b Example 244 245 \ref UserManual_VerifyingAnIntelEpidSignature 246 */ 247 EpidStatus EpidVerifierSetGroupRl(VerifierCtx* ctx, GroupRl const* grp_rl, 248 size_t grp_rl_size); 249 250 /// Sets the verifier revocation list. 251 /*! 252 253 The caller is responsible for ensuring the revocation list is 254 authorized. The caller is also responsible for checking the version 255 of the revocation list. The call fails if trying to set an older 256 version of the same revocation list than was last set. 257 258 Once ::EpidVerifierSetVerifierRl returns, callers are free to release 259 the memory pointed to by ver_rl. 260 261 \param[in,out] ctx 262 The verifier context. 263 \param[in] ver_rl 264 The verifier revocation list. 265 \param[in] ver_rl_size 266 The size of the verifier revocation list in bytes. 267 268 \returns ::EpidStatus 269 270 \note 271 If the result is not ::kEpidNoErr the verifier revocation list pointed 272 to by the verifier is undefined. 273 274 \see EpidVerifierCreate 275 \see EpidBlacklistSig 276 \see EpidWriteVerifierRl 277 278 \b Example 279 280 \ref UserManual_VerifyingAnIntelEpidSignature 281 */ 282 EpidStatus EpidVerifierSetVerifierRl(VerifierCtx* ctx, VerifierRl const* ver_rl, 283 size_t ver_rl_size); 284 285 /// Sets the hash algorithm to be used by a verifier. 286 /*! 287 \param[in] ctx 288 The verifier context. 289 \param[in] hash_alg 290 The hash algorithm to use. 291 292 \returns ::EpidStatus 293 294 \note 295 If the result is not ::kEpidNoErr, the hash algorithm used by the 296 verifier is undefined. 297 298 \see EpidVerifierCreate 299 \see ::HashAlg 300 301 \b Example 302 303 \ref UserManual_VerifyingAnIntelEpidSignature 304 */ 305 EpidStatus EpidVerifierSetHashAlg(VerifierCtx* ctx, HashAlg hash_alg); 306 307 /// Sets the basename to be used by a verifier. 308 /*! 309 310 \note 311 A successful call to this function will clear the current verifier 312 blacklist. 313 314 \param[in, out] ctx 315 The verifier context. 316 \param[in] basename 317 The basename. Pass NULL for random base. 318 \param[in] basename_len 319 Number of bytes in basename buffer. Must be 0 if basename is NULL. 320 321 \returns ::EpidStatus 322 323 \see EpidVerifierCreate 324 325 \b Example 326 327 \ref UserManual_VerifyingAnIntelEpidSignature 328 */ 329 EpidStatus EpidVerifierSetBasename(VerifierCtx* ctx, void const* basename, 330 size_t basename_len); 331 332 /// Verifies a signature and checks revocation status. 333 /*! 334 \param[in] ctx 335 The verifier context. 336 \param[in] sig 337 The signature. 338 \param[in] sig_len 339 The size of sig in bytes. 340 \param[in] msg 341 The message that was signed. 342 \param[in] msg_len 343 The size of msg in bytes. 344 345 \returns ::EpidStatus 346 347 \retval ::kEpidSigValid 348 Signature validated successfully 349 \retval ::kEpidSigInvalid 350 Signature is invalid 351 \retval ::kEpidSigRevokedInGroupRl 352 Signature revoked in GroupRl 353 \retval ::kEpidSigRevokedInPrivRl 354 Signature revoked in PrivRl 355 \retval ::kEpidSigRevokedInSigRl 356 Signature revoked in SigRl 357 \retval ::kEpidSigRevokedInVerifierRl 358 Signature revoked in VerifierRl 359 360 \note 361 If the result is not ::kEpidNoErr or one of the values listed above the 362 verify should be considered to have failed. 363 364 \see EpidVerifierCreate 365 \see EpidSignBasic 366 \see EpidSign 367 368 \b Example 369 370 \ref UserManual_VerifyingAnIntelEpidSignature 371 */ 372 EpidStatus EpidVerify(VerifierCtx const* ctx, EpidSignature const* sig, 373 size_t sig_len, void const* msg, size_t msg_len); 374 375 /// Determines if two signatures are linked. 376 /*! 377 378 The Intel(R) EPID scheme allows signatures to be linked. If basename 379 option is specified when signing, signatures with the same basename 380 are linkable. This linking capability allows the verifier, or 381 anyone, to know whether two Intel(R) EPID signatures are generated 382 by the same member. 383 384 \param[in] sig1 385 A basic signature. 386 \param[in] sig2 387 A basic signature. 388 389 \result bool 390 391 \retval true 392 if the signatures were generated by the same member 393 \retval false 394 if it couldn't be determined if the signatures were generated by 395 the same member 396 397 \note 398 The input signatures should be verified using EpidVerifyBasicSig() before 399 invocation. Behavior is undefined if either of the signatures cannot be 400 verified. 401 402 \see EpidVerifyBasicSig 403 \see EpidSignBasic 404 \see EpidSign 405 */ 406 bool EpidAreSigsLinked(BasicSignature const* sig1, BasicSignature const* sig2); 407 408 /// Verifies a member signature without revocation checks. 409 /*! 410 Used in constrained environments where, due to limited memory, it may not 411 be possible to process through a large and potentially unbounded revocation 412 list. 413 414 \param[in] ctx 415 The verifier context. 416 \param[in] sig 417 The basic signature. 418 \param[in] msg 419 The message that was signed. 420 \param[in] msg_len 421 The size of msg in bytes. 422 423 \returns ::EpidStatus 424 425 \note 426 This function should be used in conjunction with EpidNrVerify() and 427 EpidCheckPrivRlEntry(). 428 429 \note 430 If the result is not ::kEpidNoErr the verify should be considered to have 431 failed. 432 433 \see EpidVerifierCreate 434 \see EpidSignBasic 435 \see EpidSign 436 */ 437 EpidStatus EpidVerifyBasicSig(VerifierCtx const* ctx, BasicSignature const* sig, 438 void const* msg, size_t msg_len); 439 440 /// Verifies the non-revoked proof for a single signature based revocation list 441 /// entry. 442 /*! 443 Used in constrained environments where, due to limited memory, it may not 444 be possible to process through a large and potentially unbounded revocation 445 list. 446 447 \param[in] ctx 448 The verifier context. 449 \param[in] sig 450 The basic signature. 451 \param[in] msg 452 The message that was signed. 453 \param[in] msg_len 454 The size of msg in bytes. 455 \param[in] sigrl_entry 456 The signature based revocation list entry. 457 \param[in] proof 458 The non-revoked proof. 459 460 \returns ::EpidStatus 461 462 \note 463 Sig should be verified using EpidVerifyBasicSig() before invocation. Behavior 464 is undefined if sig cannot be verified. 465 466 \note 467 This function should be used in conjunction with EpidVerifyBasicSig() and 468 EpidCheckPrivRlEntry(). 469 470 \note 471 If the result is not ::kEpidNoErr, the verification should be 472 considered to have failed. 473 474 \see EpidVerifierCreate 475 \see EpidVerifyBasicSig 476 \see EpidCheckPrivRlEntry 477 */ 478 EpidStatus EpidNrVerify(VerifierCtx const* ctx, BasicSignature const* sig, 479 void const* msg, size_t msg_len, 480 SigRlEntry const* sigrl_entry, NrProof const* proof); 481 482 /// Verifies a signature has not been revoked in the private key based 483 /// revocation list. 484 /*! 485 Used in constrained environments where, due to limited memory, it may not 486 be possible to process through a large and potentially unbounded revocation 487 list. 488 489 \param[in] ctx 490 The verifier context. 491 \param[in] sig 492 The basic signature. 493 \param[in] f 494 The private key based revocation list entry. 495 496 \note 497 Sig should be verified using EpidVerifyBasicSig() before invocation. Behavior 498 is undefined if sig cannot be verified. 499 500 \note 501 This function should be used in conjunction with EpidNrVerify() and 502 EpidVerifyBasicSig(). 503 504 \note 505 If the result is not ::kEpidNoErr the verify should be considered to have 506 failed. 507 508 \returns ::EpidStatus 509 \see EpidVerifierCreate 510 \see EpidNrVerify 511 \see EpidVerifyBasicSig 512 */ 513 EpidStatus EpidCheckPrivRlEntry(VerifierCtx const* ctx, 514 BasicSignature const* sig, FpElemStr const* f); 515 516 /// Returns the number of bytes required to serialize the verifier blacklist 517 /*! 518 519 Use this function to determine the buffer size required by 520 ::EpidWriteVerifierRl. 521 522 \param[in] ctx 523 The verifier context. 524 525 \returns 526 Size in bytes required to serialize the verifier blacklist 527 528 \see EpidVerifierCreate 529 \see EpidVerifierSetVerifierRl 530 \see EpidBlacklistSig 531 \see EpidWriteVerifierRl 532 */ 533 size_t EpidGetVerifierRlSize(VerifierCtx const* ctx); 534 535 /// Serializes the verifier blacklist to a buffer. 536 /*! 537 538 If the current blacklist is empty or not set a valid empty verifier 539 blacklist will be serialized. 540 541 Use ::EpidGetVerifierRlSize to determine the buffer size required to 542 serialize the verifier blacklist. 543 544 \param[in] ctx 545 The verifier context. 546 \param[out] ver_rl 547 An existing buffer in which to write the verifier revocation list. 548 \param[in] ver_rl_size 549 The size of the caller allocated output buffer in bytes. 550 551 \returns ::EpidStatus 552 553 \see EpidVerifierCreate 554 \see EpidVerifierSetVerifierRl 555 \see EpidBlacklistSig 556 \see EpidGetVerifierRlSize 557 */ 558 EpidStatus EpidWriteVerifierRl(VerifierCtx const* ctx, VerifierRl* ver_rl, 559 size_t ver_rl_size); 560 561 /// Adds a valid name-based signature to the verifier blacklist. 562 /*! 563 564 If the signature is not valid it will not be added to the blacklist. 565 566 \param[in] ctx 567 The verifier context. 568 \param[in] sig 569 The name-based signature to revoke. 570 \param[in] sig_len 571 The size of sig in bytes. 572 \param[in] msg 573 The message that was signed. 574 \param[in] msg_len 575 The size of msg in bytes. 576 577 \returns ::EpidStatus 578 579 \see EpidVerifierCreate 580 \see EpidVerifierSetVerifierRl 581 \see EpidWriteVerifierRl 582 */ 583 EpidStatus EpidBlacklistSig(VerifierCtx* ctx, EpidSignature const* sig, 584 size_t sig_len, void const* msg, size_t msg_len); 585 586 /*! @} */ 587 588 #endif // EPID_VERIFIER_API_H_ 589