1 /*############################################################################
2   # Copyright 2016-2017 Intel Corporation
3   #
4   # Licensed under the Apache License, Version 2.0 (the "License");
5   # you may not use this file except in compliance with the License.
6   # You may obtain a copy of the License at
7   #
8   #     http://www.apache.org/licenses/LICENSE-2.0
9   #
10   # Unless required by applicable law or agreed to in writing, software
11   # distributed under the License is distributed on an "AS IS" BASIS,
12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   # See the License for the specific language governing permissions and
14   # limitations under the License.
15   ############################################################################*/
16 
17 /*!
18  * \file
19  * \brief Intel(R) EPID 1.1 signature verification implementation.
20  */
21 
22 #include "src/verifysig11.h"
23 
24 #include <stdlib.h>
25 
26 #include "epid/common/1.1/file_parser.h"
27 #include "epid/verifier/1.1/api.h"
28 
Verify11(Epid11Signature const * sig,size_t sig_len,void const * msg,size_t msg_len,void const * basename,size_t basename_len,void const * signed_priv_rl,size_t signed_priv_rl_size,void const * signed_sig_rl,size_t signed_sig_rl_size,void const * signed_grp_rl,size_t signed_grp_rl_size,void const * signed_pub_key,size_t signed_pub_key_size,EpidCaCertificate const * cacert,void ** verifier_precomp,size_t * verifier_precomp_size)29 EpidStatus Verify11(Epid11Signature const* sig, size_t sig_len, void const* msg,
30                     size_t msg_len, void const* basename, size_t basename_len,
31                     void const* signed_priv_rl, size_t signed_priv_rl_size,
32                     void const* signed_sig_rl, size_t signed_sig_rl_size,
33                     void const* signed_grp_rl, size_t signed_grp_rl_size,
34                     void const* signed_pub_key, size_t signed_pub_key_size,
35                     EpidCaCertificate const* cacert, void** verifier_precomp,
36                     size_t* verifier_precomp_size) {
37   EpidStatus result = kEpidErr;
38   Epid11VerifierCtx* ctx = NULL;
39   Epid11PrivRl* priv_rl = NULL;
40   Epid11SigRl* sig_rl = NULL;
41   Epid11GroupRl* grp_rl = NULL;
42 
43   do {
44     Epid11GroupPubKey pub_key = {0};
45     // authenticate and extract group public key
46     result = Epid11ParseGroupPubKeyFile(signed_pub_key, signed_pub_key_size,
47                                         cacert, &pub_key);
48     if (kEpidNoErr != result) {
49       break;
50     }
51 
52     if (*verifier_precomp &&
53         *verifier_precomp_size != sizeof(Epid11VerifierPrecomp)) {
54       result = kEpidBadArgErr;
55       break;
56     }
57     *verifier_precomp_size = sizeof(Epid11VerifierPrecomp);
58 
59     // create verifier
60     result = Epid11VerifierCreate(&pub_key, *verifier_precomp, &ctx);
61     if (kEpidNoErr != result) {
62       break;
63     }
64 
65     // serialize verifier pre-computation blob
66     if (!*verifier_precomp) {
67       *verifier_precomp = calloc(1, *verifier_precomp_size);
68     }
69     result = Epid11VerifierWritePrecomp(ctx, *verifier_precomp);
70     if (kEpidNoErr != result) {
71       break;
72     }
73 
74     // set the basename used for signing
75     result = Epid11VerifierSetBasename(ctx, basename, basename_len);
76     if (kEpidNoErr != result) {
77       break;
78     }
79 
80     if (signed_priv_rl) {
81       // authenticate and determine space needed for RL
82       size_t priv_rl_size = 0;
83       result = Epid11ParsePrivRlFile(signed_priv_rl, signed_priv_rl_size,
84                                      cacert, NULL, &priv_rl_size);
85       if (kEpidNoErr != result) {
86         break;
87       }
88 
89       priv_rl = calloc(1, priv_rl_size);
90       if (!priv_rl) {
91         result = kEpidMemAllocErr;
92         break;
93       }
94 
95       // fill the rl
96       result = Epid11ParsePrivRlFile(signed_priv_rl, signed_priv_rl_size,
97                                      cacert, priv_rl, &priv_rl_size);
98       if (kEpidNoErr != result) {
99         break;
100       }
101 
102       // set private key based revocation list
103       result = Epid11VerifierSetPrivRl(ctx, priv_rl, priv_rl_size);
104       if (kEpidNoErr != result) {
105         break;
106       }
107     }  // if (signed_priv_rl)
108 
109     if (signed_sig_rl) {
110       // authenticate and determine space needed for RL
111       size_t sig_rl_size = 0;
112       result = Epid11ParseSigRlFile(signed_sig_rl, signed_sig_rl_size, cacert,
113                                     NULL, &sig_rl_size);
114       if (kEpidNoErr != result) {
115         break;
116       }
117 
118       sig_rl = calloc(1, sig_rl_size);
119       if (!sig_rl) {
120         result = kEpidMemAllocErr;
121         break;
122       }
123 
124       // fill the rl
125       result = Epid11ParseSigRlFile(signed_sig_rl, signed_sig_rl_size, cacert,
126                                     sig_rl, &sig_rl_size);
127       if (kEpidNoErr != result) {
128         break;
129       }
130 
131       // set signature based revocation list
132       result = Epid11VerifierSetSigRl(ctx, sig_rl, sig_rl_size);
133       if (kEpidNoErr != result) {
134         break;
135       }
136     }  // if (signed_sig_rl)
137 
138     if (signed_grp_rl) {
139       // authenticate and determine space needed for RL
140       size_t grp_rl_size = 0;
141       result = Epid11ParseGroupRlFile(signed_grp_rl, signed_grp_rl_size, cacert,
142                                       NULL, &grp_rl_size);
143       if (kEpidNoErr != result) {
144         break;
145       }
146 
147       grp_rl = calloc(1, grp_rl_size);
148       if (!grp_rl) {
149         result = kEpidMemAllocErr;
150         break;
151       }
152 
153       // fill the rl
154       result = Epid11ParseGroupRlFile(signed_grp_rl, signed_grp_rl_size, cacert,
155                                       grp_rl, &grp_rl_size);
156       if (kEpidNoErr != result) {
157         break;
158       }
159       // set group revocation list
160       result = Epid11VerifierSetGroupRl(ctx, grp_rl, grp_rl_size);
161       if (kEpidNoErr != result) {
162         break;
163       }
164     }  // if (signed_grp_rl)
165 
166     // verify signature
167     result = Epid11Verify(ctx, sig, sig_len, msg, msg_len);
168     if (kEpidNoErr != result) {
169       break;
170     }
171   } while (0);
172 
173   // delete verifier
174   Epid11VerifierDelete(&ctx);
175 
176   if (priv_rl) free(priv_rl);
177   if (sig_rl) free(sig_rl);
178   if (grp_rl) free(grp_rl);
179 
180   return result;
181 }
182