Browse Source

Linux 2.1.3 Open Source Gold Release

Security updates to Linux SDK and PSW
Support for Intel SGX Protected Code Loader

Signed-off-by: Li, Xun <xun.li@intel.com>
Li, Xun 5 years ago
parent
commit
75dd558bda
100 changed files with 3526 additions and 5484 deletions
  1. 9 9
      Linux_SGXEclipsePlugin/build_directory/features/com.intel.sgx.feature/feature.xml
  2. BIN
      Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Resources/Images/Enclave_Configuration_Settings.png
  3. 1 1
      Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/content.html
  4. 1 1
      Linux_SGXEclipsePlugin/clean.sh
  5. 2 2
      Linux_SGXEclipsePlugin/readme.txt
  6. 367 0
      SampleCode/SampleEnclavePCL/App/App.cpp
  7. 77 0
      SampleCode/SampleEnclavePCL/App/App.h
  8. 92 0
      SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Arrays.cpp
  9. 72 0
      SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Functions.cpp
  10. 141 0
      SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Pointers.cpp
  11. 77 0
      SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Types.cpp
  12. 51 0
      SampleCode/SampleEnclavePCL/App/TrustedLibrary/Libc.cpp
  13. 51 0
      SampleCode/SampleEnclavePCL/App/TrustedLibrary/Libcxx.cpp
  14. 98 0
      SampleCode/SampleEnclavePCL/App/TrustedLibrary/Thread.cpp
  15. 102 0
      SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Arrays.cpp
  16. 98 0
      SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Arrays.edl
  17. 84 0
      SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Functions.cpp
  18. 88 0
      SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Functions.edl
  19. 197 0
      SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Pointers.cpp
  20. 180 0
      SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Pointers.edl
  21. 155 0
      SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Types.cpp
  22. 87 0
      SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Types.edl
  23. 12 0
      SampleCode/SampleEnclavePCL/Enclave/Enclave.config.xml
  24. 51 0
      SampleCode/SampleEnclavePCL/Enclave/Enclave.cpp
  25. 62 0
      SampleCode/SampleEnclavePCL/Enclave/Enclave.edl
  26. 49 0
      SampleCode/SampleEnclavePCL/Enclave/Enclave.h
  27. 10 0
      SampleCode/SampleEnclavePCL/Enclave/Enclave.lds
  28. 39 0
      SampleCode/SampleEnclavePCL/Enclave/Enclave_private.pem
  29. 59 0
      SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libc.cpp
  30. 55 0
      SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libc.edl
  31. 89 0
      SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libcxx.cpp
  32. 52 0
      SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libcxx.edl
  33. 104 0
      SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Thread.cpp
  34. 51 0
      SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Thread.edl
  35. 40 0
      SampleCode/SampleEnclavePCL/Include/user_types.h
  36. 330 0
      SampleCode/SampleEnclavePCL/Makefile
  37. 38 0
      SampleCode/SampleEnclavePCL/README.md
  38. 12 0
      SampleCode/SampleEnclavePCL/Seal/Seal.config.xml
  39. 126 0
      SampleCode/SampleEnclavePCL/Seal/Seal.cpp
  40. 51 0
      SampleCode/SampleEnclavePCL/Seal/Seal.edl
  41. 10 0
      SampleCode/SampleEnclavePCL/Seal/Seal.lds
  42. 39 0
      SampleCode/SampleEnclavePCL/Seal/Seal_private.pem
  43. 1 0
      SampleCode/SampleEnclavePCL/debug_mock_key.bin
  44. 4 1
      buildenv.mk
  45. 0 1
      common/inc/internal/ae_ipp.h
  46. 0 17
      common/inc/internal/ipp_wrapper.h
  47. 4 1
      common/inc/internal/metadata.h
  48. 101 0
      common/inc/internal/pcl_common.h
  49. 6 1
      common/inc/internal/rts.h
  50. 1 1
      common/inc/internal/se_version.h
  51. 8 1
      common/inc/sgx_error.h
  52. 0 1
      common/inc/sgx_key_exchange.h
  53. 60 0
      common/inc/sgx_pcl_guid.h
  54. 15 31
      common/inc/sgx_tcrypto.h
  55. 1 2
      common/inc/sgx_tkey_exchange.h
  56. 1 1
      common/inc/sgx_trts.h
  57. 9 0
      common/inc/sgx_urts.h
  58. 0 351
      common/src/ipp_rsa_key.cpp
  59. 1 1
      common/src/linux/xsave_gnu.S
  60. 5 5
      download_prebuilt.sh
  61. 0 87
      external/epid-sdk-3.0.0/CHANGELOG.md
  62. 0 129
      external/epid-sdk-3.0.0/Makefile.in
  63. 0 237
      external/epid-sdk-3.0.0/SConstruct
  64. 0 20
      external/epid-sdk-3.0.0/configure.ac
  65. 0 91
      external/epid-sdk-3.0.0/epid/common-testhelper/common-testhelper.parts
  66. 0 76
      external/epid-sdk-3.0.0/epid/member/Makefile
  67. 0 491
      external/epid-sdk-3.0.0/epid/member/api.h
  68. 0 84
      external/epid-sdk-3.0.0/epid/member/member.parts
  69. 0 423
      external/epid-sdk-3.0.0/epid/member/src/context.c
  70. 0 85
      external/epid-sdk-3.0.0/epid/member/src/context.h
  71. 0 277
      external/epid-sdk-3.0.0/epid/member/src/nr_prove.c
  72. 0 229
      external/epid-sdk-3.0.0/epid/member/src/presig.c
  73. 0 84
      external/epid-sdk-3.0.0/epid/member/src/privkey.c
  74. 0 67
      external/epid-sdk-3.0.0/epid/member/src/privkey.h
  75. 0 418
      external/epid-sdk-3.0.0/epid/member/src/request_join.c
  76. 0 272
      external/epid-sdk-3.0.0/epid/member/src/signbasic.c
  77. 0 93
      external/epid-sdk-3.0.0/epid/member/unittests/compute_presig-test.cc
  78. 0 264
      external/epid-sdk-3.0.0/epid/member/unittests/context-test.cc
  79. 0 522
      external/epid-sdk-3.0.0/epid/member/unittests/member-testhelper.cc
  80. 0 290
      external/epid-sdk-3.0.0/epid/member/unittests/nr_prove-test.cc
  81. 0 246
      external/epid-sdk-3.0.0/epid/member/unittests/presig-test.cc
  82. 0 320
      external/epid-sdk-3.0.0/epid/member/unittests/request_join-test.cc
  83. BIN
      external/epid-sdk-3.0.0/example/compressed_data/groupb/member0/mprivkey.dat
  84. BIN
      external/epid-sdk-3.0.0/example/compressed_data/groupb/privrevokedmember0/mprivkey.dat
  85. BIN
      external/epid-sdk-3.0.0/example/compressed_data/groupb/privrl_empty.bin
  86. BIN
      external/epid-sdk-3.0.0/example/compressed_data/groupb/pubkey.bin
  87. BIN
      external/epid-sdk-3.0.0/example/compressed_data/groupb/sigrevokedmember0/mprivkey.dat
  88. BIN
      external/epid-sdk-3.0.0/example/compressed_data/groupb/sigrl.bin
  89. BIN
      external/epid-sdk-3.0.0/example/compressed_data/groupb/sigrl_empty.bin
  90. 0 179
      external/epid-sdk-3.0.0/example/data/README.md
  91. BIN
      external/epid-sdk-3.0.0/example/data/cacert.bin
  92. 0 72
      external/epid-sdk-3.0.0/example/data/data.parts
  93. BIN
      external/epid-sdk-3.0.0/example/data/groupa/member0/mprivkey.dat
  94. BIN
      external/epid-sdk-3.0.0/example/data/groupa/member1/mprivkey.dat
  95. BIN
      external/epid-sdk-3.0.0/example/data/groupa/privrevokedmember0/mprivkey.dat
  96. BIN
      external/epid-sdk-3.0.0/example/data/groupa/privrevokedmember1/mprivkey.dat
  97. BIN
      external/epid-sdk-3.0.0/example/data/groupa/privrevokedmember2/mprivkey.dat
  98. BIN
      external/epid-sdk-3.0.0/example/data/groupa/privrl.bin
  99. BIN
      external/epid-sdk-3.0.0/example/data/groupa/privrl_empty.bin
  100. BIN
      external/epid-sdk-3.0.0/example/data/groupa/pubkey.bin

+ 9 - 9
Linux_SGXEclipsePlugin/build_directory/features/com.intel.sgx.feature/feature.xml

@@ -114,15 +114,15 @@ This Agreement is governed by the laws of the State of New York and the intellec
    </url>
    </url>
 
 
    <requires>
    <requires>
-      <import plugin="org.eclipse.cdt.ui" version="5.11.0" match="compatible"/>
-      <import plugin="org.eclipse.core.expressions" version="3.5.0" match="compatible"/>
-      <import plugin="org.eclipse.ui.ide" version="3.11.0" match="compatible"/>
-      <import plugin="org.eclipse.cdt.core" version="5.11.0" match="compatible"/>
-      <import plugin="org.eclipse.core.runtime" version="3.11.1" match="compatible"/>
-      <import plugin="org.eclipse.ui" version="3.107.0" match="compatible"/>
-      <import plugin="org.eclipse.cdt.managedbuilder.ui" version="8.2.2" match="compatible"/>
-      <import plugin="org.eclipse.cdt.managedbuilder.core" version="8.3.0" match="compatible"/>
-      <import plugin="org.eclipse.core.resources" version="3.10.1" match="compatible"/>
+      <import plugin="org.eclipse.cdt.ui" version="5.11.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.core.expressions" version="3.5.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.ui.ide" version="3.11.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.cdt.core" version="5.11.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.core.runtime" version="3.11.1" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.ui" version="3.107.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.cdt.managedbuilder.ui" version="8.2.2" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.cdt.managedbuilder.core" version="8.3.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.core.resources" version="3.10.1" match="greaterOrEqual"/>
    </requires>
    </requires>
 
 
    <plugin
    <plugin

BIN
Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Resources/Images/Enclave_Configuration_Settings.png


+ 1 - 1
Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/content.html

@@ -123,7 +123,7 @@ developers by the Intel(R) SGX SDK.</p>
         <h2>Pre-requisites</h2>
         <h2>Pre-requisites</h2>
         <p>To use Intel(R) Software Guard Extensions Eclipse Plug-in, install the following softwares:</p>
         <p>To use Intel(R) Software Guard Extensions Eclipse Plug-in, install the following softwares:</p>
         <ul>
         <ul>
-            <li>Eclipse* Mars 1 with CDT IDE for C/C++ Developers (version 4.5.1).   To use this version, install Java* Development Kit (JDK) or Java* Runtime Environment (JRE)  version 1.8 or above.</li>
+            <li>Eclipse* Oxygen 3 with CDT IDE for C/C++ Developers (version 4.7.3).   To use this version, install Java* Development Kit (JDK) or Java* Runtime Environment (JRE)  version 1.8 or above.</li>
             <li>gcc/g++ tools</li>
             <li>gcc/g++ tools</li>
             <li>Openssl*</li>
             <li>Openssl*</li>
             <li>Intel(R) SGX SDK for Linux* OS</li>
             <li>Intel(R) SGX SDK for Linux* OS</li>

+ 1 - 1
Linux_SGXEclipsePlugin/clean.sh

@@ -13,7 +13,7 @@ rm -fv build_directory/features/com.intel.sgx.feature/build.xml
 rm -fv build_directory/features/com.intel.sgx.feature/*.zip
 rm -fv build_directory/features/com.intel.sgx.feature/*.zip
 rm -rfv build_directory/nestedJars
 rm -rfv build_directory/nestedJars
 rm -rfv build_directory/updatesite/sgx-eclipse-plugin
 rm -rfv build_directory/updatesite/sgx-eclipse-plugin
-find . -name "*.zip" ! -name  "eclipse_mars.v4.5.1_x64.zip" | xargs rm -rfv
+find . -name "*.zip" ! -name  "eclipse_oxygen.v4.7.3_x64.zip" | xargs rm -rfv
 find . -name "javaCompiler*" | xargs rm -rfv
 find . -name "javaCompiler*" | xargs rm -rfv
 find . -name "@*" | xargs rm -rfv
 find . -name "@*" | xargs rm -rfv
 find build_directory -maxdepth 1 -mindepth 1 | grep -v "features" | grep -v "plugins" | grep -v "sites" | grep -v "updatesite" | xargs rm -frv
 find build_directory -maxdepth 1 -mindepth 1 | grep -v "features" | grep -v "plugins" | grep -v "sites" | grep -v "updatesite" | xargs rm -frv

+ 2 - 2
Linux_SGXEclipsePlugin/readme.txt

@@ -6,8 +6,8 @@ $DELETE_CURRENT_ECLIPSE - Delete current eclipse or not. Generally this variable
 
 
 The following plugins are pre-requisites to be installed in Eclipse before trying to build the plugin.
 The following plugins are pre-requisites to be installed in Eclipse before trying to build the plugin.
 
 
-1. Eclipse IDE for C/C++ Developers  4.5.1.20150917-1200 (tested_version)
-2. Eclipse PDE Plug-in Developer Resources   3.11.1.v20150904-0345 (tested_version)
+1. Eclipse IDE for C/C++ Developers  4.7.3.20180308-1800 (tested_version)
+2. Eclipse PDE Plug-in Developer Resources   3.13.3.v20180301-11 (tested_version)
 
 
 run ./build.sh from command line under current directory.
 run ./build.sh from command line under current directory.
 Once the build script is run, the folder build_directory/updatesite/sgx-eclipse-plugin contains the update site. This is the path that needs to be provided to the eclipse while doing installation.
 Once the build script is run, the folder build_directory/updatesite/sgx-eclipse-plugin contains the update site. This is the path that needs to be provided to the eclipse while doing installation.

+ 367 - 0
SampleCode/SampleEnclavePCL/App/App.cpp

@@ -0,0 +1,367 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+# include <unistd.h>
+# include <pwd.h>
+# define MAX_PATH FILENAME_MAX
+
+#include "sgx_urts.h"
+#include "App.h"
+#include "Enclave_u.h"
+#include "Seal_u.h"
+
+#define SEAL_FILENAME             "Seal.signed.so"
+#define SEALED_KEY_FILE_NAME     "sealed_key.bin"
+#define TOKEN_FILENAME            "enclave.token"
+
+/* Global EID shared by multiple threads */
+sgx_enclave_id_t global_eid = 0;
+
+typedef struct _sgx_errlist_t {
+    sgx_status_t err;
+    const char *msg;
+    const char *sug; /* Suggestion */
+} sgx_errlist_t;
+
+/* Error code returned by sgx_create_enclave */
+static sgx_errlist_t sgx_errlist[] = {
+    {
+        SGX_ERROR_UNEXPECTED,
+        "Unexpected error occurred.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_PARAMETER,
+        "Invalid parameter.",
+        NULL
+    },
+    {
+        SGX_ERROR_OUT_OF_MEMORY,
+        "Out of memory.",
+        NULL
+    },
+    {
+        SGX_ERROR_ENCLAVE_LOST,
+        "Power transition occurred.",
+        "Please refer to the sample \"PowerTransition\" for details."
+    },
+    {
+        SGX_ERROR_INVALID_ENCLAVE,
+        "Invalid enclave image.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_ENCLAVE_ID,
+        "Invalid enclave identification.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_SIGNATURE,
+        "Invalid enclave signature.",
+        NULL
+    },
+    {
+        SGX_ERROR_OUT_OF_EPC,
+        "Out of EPC memory.",
+        NULL
+    },
+    {
+        SGX_ERROR_NO_DEVICE,
+        "Invalid Intel(R) SGX device.",
+        "Please make sure Intel(R) SGX module is enabled in the BIOS, and install Intel(R) SGX driver afterwards."
+    },
+    {
+        SGX_ERROR_MEMORY_MAP_CONFLICT,
+        "Memory map conflicted.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_METADATA,
+        "Invalid enclave metadata.",
+        NULL
+    },
+    {
+        SGX_ERROR_DEVICE_BUSY,
+        "Intel(R) SGX device was busy.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_VERSION,
+        "Enclave version was invalid.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_ATTRIBUTE,
+        "Enclave was not authorized.",
+        NULL
+    },
+    {
+        SGX_ERROR_ENCLAVE_FILE_ACCESS,
+        "Can't open enclave file.",
+        NULL
+    },
+    {
+        SGX_ERROR_PCL_ENCRYPTED,
+        "sgx_create_enclave can't open encrypted enclave.",
+        NULL
+    },
+    {
+        SGX_ERROR_PCL_NOT_ENCRYPTED,
+        "sgx_create_encrypted_enclave can't open not-encrypted enclave.",
+        NULL
+    },
+    {
+        SGX_ERROR_PCL_MAC_MISMATCH,
+        "PCL detected invalid section in encrypted enclave.",
+        NULL
+    },
+    {
+        SGX_ERROR_PCL_SHA_MISMATCH,
+        "PCL sealed key SHA mismatch.",
+        NULL
+    },
+    {
+        SGX_ERROR_PCL_GUID_MISMATCH,
+        "PCL sealed key GUID mismatch.",
+        NULL
+    },
+};
+
+/* Check error conditions for loading enclave */
+void print_error_message(sgx_status_t ret)
+{
+    size_t idx = 0;
+    size_t ttl = sizeof sgx_errlist/sizeof sgx_errlist[0];
+
+    for (idx = 0; idx < ttl; idx++) {
+        if(ret == sgx_errlist[idx].err) {
+            if(NULL != sgx_errlist[idx].sug)
+                printf("Info: %s\n", sgx_errlist[idx].sug);
+            printf("Error: %s\n", sgx_errlist[idx].msg);
+            break;
+        }
+    }
+    
+    if (idx == ttl)
+        printf("Error: Unexpected error occurred.\n");
+}
+
+/* Initialize the enclave:
+ *   Step 1: try to retrieve the launch token saved by last transaction
+ *   Step 2: call sgx_create_enclave to initialize an enclave instance
+ *   Step 3: save the launch token if it is updated
+ */
+sgx_status_t  initialize_enclave ( const char *file_name, sgx_enclave_id_t* eid )
+{
+    char token_path[MAX_PATH] = {'\0'};
+    sgx_launch_token_t token = {0};
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+    int updated = 0;
+    size_t read_num = 0;
+    
+    /* Step 1: try to retrieve the launch token saved by last transaction 
+     *         if there is no token, then create a new one.
+     */
+    /* try to get the token saved in $HOME */
+    const char *home_dir = getpwuid(getuid())->pw_dir;
+    
+    if (home_dir != NULL && 
+        (strlen(home_dir)+strlen("/")+sizeof(TOKEN_FILENAME)+1) <= MAX_PATH) {
+        /* compose the token path */
+        strncpy(token_path, home_dir, strlen(home_dir));
+        strncat(token_path, "/", strlen("/"));
+        strncat(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME)+1);
+    } else {
+        /* if token path is too long or $HOME is NULL */
+        strncpy(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME));
+    }
+
+    FILE *fp = fopen(token_path, "rb");
+    if (fp == NULL && (fp = fopen(token_path, "wb")) == NULL) {
+        printf("Warning: Failed to create/open the launch token file \"%s\".\n", token_path);
+    }
+
+    if (fp != NULL) {
+        /* read the token from saved file */
+        read_num = fread(token, 1, sizeof(sgx_launch_token_t), fp);
+        if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) {
+            /* if token is invalid, clear the buffer */
+            memset(&token, 0x0, sizeof(sgx_launch_token_t));
+            printf("Warning: Invalid launch token read from \"%s\".\n", token_path);
+        }
+    }
+    /* Step 2: call sgx_create_enclave to initialize an enclave instance */
+    /* Debug Support: set 2nd parameter to 1 */
+#ifdef SGX_USE_PCL        
+    bool open_seal_enclave = true;
+    uint8_t* sealed_blob = NULL;
+    FILE *fsealp = fopen(SEALED_KEY_FILE_NAME, "rb");
+    size_t sealed_blob_size = 0;
+    if(NULL != fsealp)
+    {   
+        // Read file size:
+        fseek(fsealp, 0L, SEEK_END);
+        sealed_blob_size = ftell(fsealp);
+        fseek(fsealp, 0L, SEEK_SET);
+        // Read file into buffer:
+        sealed_blob = new uint8_t[sealed_blob_size];
+        read_num = fread(sealed_blob, 1, sealed_blob_size, fsealp);
+        if ( read_num != sealed_blob_size )
+        {
+            printf ( "Warning: Failed to read sealed blob.\n" );
+        }
+        else
+        {
+            open_seal_enclave = false;
+        }
+        fclose(fsealp);
+    }
+    if (true == open_seal_enclave)
+    {
+        printf ("Open Seal Enclave: %s\n", SEAL_FILENAME );
+        sgx_enclave_id_t seal_eid = 0;
+        ret = sgx_create_enclave(
+            SEAL_FILENAME, 
+            SGX_DEBUG_FLAG, 
+            &token, 
+            &updated, 
+            &seal_eid, 
+            NULL);
+        if (SGX_SUCCESS != ret) 
+        {
+            print_error_message(ret);
+            if(NULL != fp)
+            {
+               fclose(fp);
+            }
+            return ret;
+        }        
+        ret = ecall_get_sealed_blob_size(seal_eid, &sealed_blob_size);
+        if (ret != SGX_SUCCESS || UINT32_MAX == sealed_blob_size)
+        {
+            printf("ecall_get_sealed_blob_size: ret = %d, sealed_blob_size = %ld\n", ret, sealed_blob_size);
+            sgx_destroy_enclave(seal_eid);
+            return ret;
+        }
+        //printf("ecall_get_sealed_blob_size: ret = %d, sealed_blob_size = %ld\n", ret, sealed_blob_size);
+        sealed_blob = new uint8_t[sealed_blob_size];
+        sgx_status_t gret = SGX_ERROR_UNEXPECTED;
+        ret = ecall_generate_sealed_blob(seal_eid, &gret, sealed_blob, sealed_blob_size);
+        if ((SGX_SUCCESS != ret) || (SGX_SUCCESS != gret)) 
+        {
+            printf("ecall_generate_sealed_blob: ret = %d, gret = 0x%x\n", ret, gret);
+            sgx_destroy_enclave(seal_eid);
+            delete sealed_blob;
+            return ret;
+        }
+        sgx_destroy_enclave(seal_eid);
+        fsealp = fopen(SEALED_KEY_FILE_NAME, "wb");
+        if(NULL != fsealp)
+        {
+            fwrite(sealed_blob, 1, sealed_blob_size, fsealp);
+            fclose(fsealp);
+        }
+    }
+    // Load the PCL protected Enclave:
+    ret = sgx_create_encrypted_enclave(file_name, SGX_DEBUG_FLAG, &token, &updated, eid, NULL, sealed_blob);
+    delete sealed_blob;
+#else  // SGX_USE_PCL
+    ret = sgx_create_enclave(file_name, SGX_DEBUG_FLAG, &token, &updated, eid, NULL);
+#endif // SGX_USE_PCL
+    if (ret != SGX_SUCCESS) {
+        print_error_message(ret);
+        if (fp != NULL) fclose(fp);
+        return ret;
+    }
+
+    /* Step 3: save the launch token if it is updated */
+    if (updated == FALSE || fp == NULL) {
+        /* if the token is not updated, or file handler is invalid, do not perform saving */
+        if (fp != NULL) fclose(fp);
+        return SGX_SUCCESS;
+    }
+
+    /* reopen the file with write capablity */
+    fp = freopen(token_path, "wb", fp);
+    if (fp == NULL) return SGX_SUCCESS;
+    size_t write_num = fwrite(token, 1, sizeof(sgx_launch_token_t), fp);
+    if (write_num != sizeof(sgx_launch_token_t))
+        printf("Warning: Failed to save launch token to \"%s\".\n", token_path);
+    fclose(fp);
+    return SGX_SUCCESS;
+}
+
+/* OCall functions */
+void ocall_print_string(const char *str)
+{
+    /* Proxy/Bridge will check the length and null-terminate 
+     * the input string to prevent buffer overflow. 
+     */
+    printf("%s", str);
+}
+
+
+/* Application entry */
+int SGX_CDECL main(int argc, char *argv[])
+{
+    (void)(argc);
+    (void)(argv);
+
+
+    /* Initialize the enclave */
+    if ( initialize_enclave ( ENCLAVE_FILENAME, &global_eid ) < 0 ){
+        return -1; 
+    }
+ 
+    /* Utilize edger8r attributes */
+    edger8r_array_attributes();
+    edger8r_pointer_attributes();
+    edger8r_type_attributes();
+    edger8r_function_attributes();
+    
+    /* Utilize trusted libraries */
+    ecall_libc_functions();
+    ecall_libcxx_functions();
+    ecall_thread_functions();
+
+    /* Destroy the enclave */
+    sgx_destroy_enclave(global_eid);
+    
+    printf("Info: SampleEnclave successfully returned.\n");
+
+    return 0;
+}
+

+ 77 - 0
SampleCode/SampleEnclavePCL/App/App.h

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#ifndef _APP_H_
+#define _APP_H_
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include "sgx_error.h"       /* sgx_status_t */
+#include "sgx_eid.h"     /* sgx_enclave_id_t */
+
+#ifndef TRUE
+# define TRUE 1
+#endif
+
+#ifndef FALSE
+# define FALSE 0
+#endif
+
+#define TOKEN_FILENAME   "enclave.token"
+#define ENCLAVE_FILENAME "enclave.signed.so"
+#define SEAL_TOKEN_FILENAME   "seal.token"
+#define SEAL_FILENAME "Seal.signed.so"
+#define SEALED_KEY_FILE_NAME "sealed_key.bin"
+
+extern sgx_enclave_id_t global_eid;    /* global enclave id */
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+void edger8r_array_attributes(void);
+void edger8r_type_attributes(void);
+void edger8r_pointer_attributes(void);
+void edger8r_function_attributes(void);
+
+void ecall_libc_functions(void);
+void ecall_libcxx_functions(void);
+void ecall_thread_functions(void);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_APP_H_ */

+ 92 - 0
SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Arrays.cpp

@@ -0,0 +1,92 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* edger8r_array_attributes:
+ *   Invokes ECALLs declared with array attributes.
+ */
+void edger8r_array_attributes(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    /* user_check */
+    int arr1[4] = {0, 1, 2, 3};
+    ret = ecall_array_user_check(global_eid, arr1);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    /* make sure arr1 is changed */
+    for (int i = 0; i < 4; i++)
+        assert(arr1[i] == (3 - i));
+
+    /* in */
+    int arr2[4] = {0, 1, 2, 3};
+    ret = ecall_array_in(global_eid, arr2);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    /* arr2 is not changed */
+    for (int i = 0; i < 4; i++)
+        assert(arr2[i] == i);
+    
+    /* out */
+    int arr3[4] = {0, 1, 2, 3};
+    ret = ecall_array_out(global_eid, arr3);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    /* arr3 is changed */
+    for (int i = 0; i < 4; i++)
+        assert(arr3[i] == (3 - i));
+    
+    /* in, out */
+    int arr4[4] = {0, 1, 2, 3};
+    ret = ecall_array_in_out(global_eid, arr4);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    /* arr4 is changed */
+    for (int i = 0; i < 4; i++)
+        assert(arr4[i] == (3 - i));
+    
+    /* isary */
+    array_t arr5 = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9};
+    ret = ecall_array_isary(global_eid, arr5);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    /* arr5 is changed */
+    for (int i = 0; i < 10; i++)
+        assert(arr5[i] == (9 - i));
+}

+ 72 - 0
SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Functions.cpp

@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* No need to implement memccpy here! */
+
+/* edger8r_function_attributes:
+ *   Invokes ECALL declared with calling convention attributes.
+ *   Invokes ECALL declared with [public].
+ */
+void edger8r_function_attributes(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    ret = ecall_function_calling_convs(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    ret = ecall_function_public(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    /* user shall not invoke private function here */
+    int runned = 0;
+    ret = ecall_function_private(global_eid, &runned);
+    if (ret != SGX_ERROR_ECALL_NOT_ALLOWED || runned != 0)
+        abort();
+}
+
+/* ocall_function_allow:
+ *   The OCALL invokes the [allow]ed ECALL 'edger8r_private'.
+ */
+void ocall_function_allow(void)
+{
+    int runned = 0;
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+    
+    ret = ecall_function_private(global_eid, &runned);
+    if (ret != SGX_SUCCESS || runned != 1)
+        abort();
+}

+ 141 - 0
SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Pointers.cpp

@@ -0,0 +1,141 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* edger8r_pointer_attributes:
+ *   Invokes the ECALLs declared with pointer attributes.
+ */
+void edger8r_pointer_attributes(void)
+{
+    int val = 0;
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    char c[128] = {0};
+    size_t len = 0;
+    memset(c, 0xe, 128);
+    ret = ecall_pointer_user_check(global_eid, &len, &c, 128);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(strcmp(c, "SGX_SUCCESS") == 0);
+
+
+    val = 0;
+    ret = ecall_pointer_in(global_eid, &val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 0);
+    
+    val = 0;
+    ret = ecall_pointer_out(global_eid, &val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 1234);
+    
+    val = 0;
+    ret = ecall_pointer_in_out(global_eid, &val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 1234);
+    
+    ret = ocall_pointer_attr(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    char str1[] = "1234567890";
+    ret = ecall_pointer_string(global_eid, str1);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(memcmp(str1, "0987654321", strlen(str1)) == 0);
+
+    const char str2[] = "1234567890";
+    ret = ecall_pointer_string_const(global_eid, str2);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(memcmp(str2, "1234567890", strlen(str2)) == 0);
+
+    char str3[] = "1234567890";
+    ret = ecall_pointer_size(global_eid, (void*)str3, strlen(str3));
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(memcmp(str3, "0987654321", strlen(str3)) == 0);
+
+    char str4[] = "1234567890";
+    ret = ecall_pointer_isptr_readonly(global_eid, (buffer_t)str4, strlen(str4));
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(memcmp(str4, "1234567890", strlen(str4)) == 0);
+
+    int arr[10] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9};
+    ret = ecall_pointer_count(global_eid, arr, 10);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    for (int i = 0; i < 10; i++)
+        assert(arr[i] == (9 - i));
+    
+    return;
+}
+
+/* ocall_pointer_user_check:
+ *   The OCALL declared with [user_check].
+ */
+void ocall_pointer_user_check(int* val)
+{
+    (void)val;
+    assert(val != NULL);
+}
+
+/* ocall_pointer_in:
+ *   The OCALL declared with [in].
+ */
+void ocall_pointer_in(int* val)
+{
+    *val = 1234;
+}
+
+/* ocall_pointer_out:
+ *   The OCALL declared with [out].
+ */
+void ocall_pointer_out(int* val)
+{
+    *val = 1234;
+}
+
+/* ocall_pointer_in_out:
+ *   The OCALL declared with [in, out].
+ */
+void ocall_pointer_in_out(int* val)
+{
+    *val = 1234;
+}

+ 77 - 0
SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Types.cpp

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* edger8r_type_attributes:
+ *   Invokes ECALLs declared with basic types.
+ */
+void edger8r_type_attributes(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    ret = ecall_type_char(global_eid, (char)0x12);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_type_int(global_eid, (int)1234);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_type_float(global_eid, (float)1234.0);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_type_double(global_eid, (double)1234.5678);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_type_size_t(global_eid, (size_t)12345678);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_type_wchar_t(global_eid, (wchar_t)0x1234);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    struct struct_foo_t g = {1234, 5678};
+    ret = ecall_type_struct(global_eid, g);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    union union_foo_t val = {0};
+    ret = ecall_type_enum_union(global_eid, ENUM_FOO_0, &val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val.union_foo_0 == 2);
+}

+ 51 - 0
SampleCode/SampleEnclavePCL/App/TrustedLibrary/Libc.cpp

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* ecall_libc_functions:
+ *   Invokes standard C functions.
+ */
+void ecall_libc_functions(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    ret = ecall_malloc_free(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    int cpuid[4] = {0x1, 0x0, 0x0, 0x0};
+    ret = ecall_sgx_cpuid(global_eid, cpuid, 0x0);
+    if (ret != SGX_SUCCESS)
+        abort();
+}

+ 51 - 0
SampleCode/SampleEnclavePCL/App/TrustedLibrary/Libcxx.cpp

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* ecall_libcxx_functions:
+ *   Invokes standard C++ functions.
+ */
+void ecall_libcxx_functions(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    ret = ecall_exception(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_map(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+}

+ 98 - 0
SampleCode/SampleEnclavePCL/App/TrustedLibrary/Thread.cpp

@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include <stdio.h>
+#include <thread>
+using namespace std;
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+static size_t counter = 0;
+
+void increase_counter(void)
+{
+    size_t cnr = 0;
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+    ret = ecall_increase_counter(global_eid, &cnr);
+    if (cnr != 0) counter = cnr; 
+    if (ret != SGX_SUCCESS)
+        abort();
+}
+
+void data_producer(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+    ret = ecall_producer(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+}
+
+void data_consumer(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+    ret = ecall_consumer(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+}
+
+/* ecall_thread_functions:
+ *   Invokes thread functions including mutex, condition variable, etc.
+ */
+void ecall_thread_functions(void)
+{
+    thread adder1(increase_counter);
+    thread adder2(increase_counter);
+    thread adder3(increase_counter);
+    thread adder4(increase_counter);
+
+    adder1.join();
+    adder2.join();
+    adder3.join();
+    adder4.join();
+
+    assert(counter == 4*LOOPS_PER_THREAD);
+
+    printf("Info: executing thread synchronization, please wait...  \n");
+    /* condition variable */
+    thread consumer1(data_consumer);
+    thread producer0(data_producer);
+    thread consumer2(data_consumer);
+    thread consumer3(data_consumer);
+    thread consumer4(data_consumer);
+    
+    consumer1.join();
+    consumer2.join();
+    consumer3.join();
+    consumer4.join();
+    producer0.join();
+}

+ 102 - 0
SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Arrays.cpp

@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Test Array Attributes */
+
+#include "sgx_trts.h"
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+/* ecall_array_user_check:
+ *   [user_check] parameter does not perfrom copy operations.
+ */
+void ecall_array_user_check(int arr[4])
+{
+    if (sgx_is_outside_enclave(arr, 4 * sizeof(int)) != 1)
+        abort();
+    
+    for (int i = 0; i < 4; i++) {
+        assert(arr[i] == i);
+        arr[i] = 3 - i;
+    }
+}
+
+/* ecall_array_in:
+ *   arr[] is copied to trusted domain, but modified 
+ *   results will not be reflected to the untrusted side.
+ */
+void ecall_array_in(int arr[4])
+{
+    for (int i = 0; i < 4; i++) {
+        assert(arr[i] == i);
+        arr[i] = (3 - i);
+    }
+}
+
+/* ecall_array_out:
+ *   arr[] is allocated inside the enclave, and it will be copied
+ *   to the untrusted side
+ */
+void ecall_array_out(int arr[4])
+{
+    for (int i = 0; i < 4; i++) {
+        /* arr is not copied from App */
+        assert(arr[i] == 0);
+        arr[i] = (3 - i);
+    }
+}
+
+/* ecall_array_in_out:
+ *   arr[] will be allocated inside the enclave, content of arr[] will be copied either.
+ *   After ECALL returns, the results will be copied to the outside.
+ */
+void ecall_array_in_out(int arr[4])
+{
+    for (int i = 0; i < 4; i++) {
+        assert(arr[i] == i);
+        arr[i] = (3 - i);
+    }
+}
+
+/* ecall_array_isary:
+ *   [isary] tells Edger8r that user defined 'array_t' is an array type.
+ */
+void ecall_array_isary(array_t arr)
+{
+    if (sgx_is_outside_enclave(arr, sizeof(array_t)) != 1)
+        abort();
+
+    int n = sizeof(array_t)/sizeof(arr[0]);
+    for (int i = 0; i < n; i++) {
+        assert(arr[i] == i);
+        arr[i] = (n - 1 - i);
+    }
+}

+ 98 - 0
SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Arrays.edl

@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Arrays.edl - Samples for array attributes. */
+
+enclave {
+    
+    /* 
+     *  Only for fixed-size array (size is explicitly specified).
+     */
+    
+    trusted {
+        
+        /*
+         * []:  can be used to declare an array.
+         * [user_check]:
+         *      pointer of the array won't be valified, and the buffer pointed by 'arr' 
+         *      is not copied into the enclave either. But enclave can modify the memory outside.
+         */
+        
+        public void ecall_array_user_check([user_check] int arr[4]);
+        
+        /*
+         * [in]:
+         *      buffer for the array will be allocated inside the enclave, 
+         *      content of the array will be copied into the new allocated memory inside. 
+         *      Any changes performed inside the enclave will not affect the array outside.
+         */
+        
+        public void ecall_array_in([in] int arr[4]);
+        
+        /*
+         * [out]:
+         *      buffer for the array will be allocated inside the enclave,
+         *      but the content of the array won't be copied. After ECALL returns, 
+         *      the buffer inside the enclave will copied into outside array.
+         */
+        
+        public void ecall_array_out([out] int arr[4]);
+        
+        /*
+         * [in, out]:
+         *      buffer for the array will be allocated inside the enclave,
+         *      the content of the array will be copied either. After ECALL returns, 
+         *      the buffer inside the enclave will by copied into outside array again.
+         */
+        
+        public void ecall_array_in_out([in, out] int arr[4]);
+        
+        /*
+         * [isary]:
+         *      tells Edger8r the user defined 'array_t' is an array type, 'arr' will be 
+         *      treated as a pointer, no memory copied either due to [user_check].
+         *      For OCALLs, 'arr' shall point to the memory outside the enclave. 
+         */
+        
+        public void ecall_array_isary([user_check, isary] array_t arr);
+    
+    };
+
+    untrusted {
+    
+        /*
+         * [user_check|in|out|in,out|isary] can also be used in OCALLs, refer to the "User Guide" for details.
+         */
+
+    };
+
+};

+ 84 - 0
SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Functions.cpp

@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Test Calling Conventions */
+
+#include <string.h>
+#include <stdio.h>
+
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+/* ecall_function_calling_convs:
+ *   memccpy is defined in system C library.
+ */
+void ecall_function_calling_convs(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    char s1[] = "1234567890";
+    char s2[] = "0987654321";
+
+    char buf[BUFSIZ] = {'\0'};
+    memcpy(buf, s1, strlen(s1));
+
+    ret = memccpy(NULL, s1, s2, '\0', strlen(s1));
+    
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(memcmp(s1, s2, strlen(s1)) == 0);
+
+    return;
+}
+
+/* ecall_function_public:
+ *   The public ECALL that invokes the OCALL 'ocall_function_allow'.
+ */
+void ecall_function_public(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    ret = ocall_function_allow();
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    return;
+}
+
+/* ecall_function_private:
+ *   The private ECALL that only can be invoked in the OCALL 'ocall_function_allow'.
+ */
+int ecall_function_private(void)
+{
+    return 1;
+}
+

+ 88 - 0
SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Functions.edl

@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Functions.edl - Samples for function attributes. */
+
+enclave {
+    
+    /* 
+     * Following keywords/attributes are supported for untrusted functions: 
+     *      cdecl, stdcall, fastcall, dllimport (only for Windows).
+     *      [public] is only supported for the trusted functions.
+     * Trusted function will be treated as [private] w/o the [public].
+     */
+
+    trusted {
+
+        public void ecall_function_calling_convs(void);
+        
+        /*
+         * [public]:
+         *      public ECALL can be called directly in App.
+         */
+        
+        public void ecall_function_public(void);
+
+        /*
+         * [private]:
+         *      private ECALL cannot be called directly in App.
+         */
+        
+        int ecall_function_private(void);
+    
+    };
+
+    untrusted {
+        
+        /*
+         * [cdecl]:
+         *      tells edger8r the calling convention of the OCALLs is 'cdecl'.
+         * [dllimport]:
+         *      indicats the OCALL is provided in DLLs.
+         *
+         * Note: memccpy() is provided by MS system DLL, we don't need to implement it in App side.
+         */
+        
+        [cdecl, dllimport] void *memccpy([in, out, size=len] void *dest, [in, size=len] const void *src, int val, size_t len);
+        
+        /*
+         * [allow]:
+         *      OCALL 'ocall_function_allow' can invoke ECALL 'ecall_function_private' in App side. 
+         *
+         * Note: No ECALL can be called in OCALL w/o [allow].
+         */
+        
+        void ocall_function_allow(void) allow(ecall_function_private);
+    
+    };
+
+};

+ 197 - 0
SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Pointers.cpp

@@ -0,0 +1,197 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Test Pointer Auttributes */
+
+#include <sys/types.h>
+#include <string.h>
+
+#include "sgx_trts.h"
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+/* checksum_internal:
+ *   get simple checksum of input buffer and length
+ */
+int32_t checksum_internal(char *buf, size_t count)
+{
+    register int32_t sum = 0;
+    int16_t *ptr = (int16_t *)buf;
+
+    /* Main summing loop */
+    while(count > 1) {
+        sum = sum + *ptr++;
+        count = count - 2;
+    }
+
+    /* Add left-over byte, if any */
+    if (count > 0)
+        sum = sum + *((char *)ptr);
+
+	return ~sum;
+}
+
+/* ecall_pointer_user_check, ecall_pointer_in, ecall_pointer_out, ecall_pointer_in_out:
+ *   The root ECALLs to test [in], [out], [user_check] attributes.
+ */
+size_t ecall_pointer_user_check(void *val, size_t sz)
+{
+    /* check if the buffer is allocated outside */
+    if (sgx_is_outside_enclave(val, sz) != 1)
+        abort();
+
+    char tmp[100] = {0};
+    size_t len = sz>100?100:sz;
+    
+    /* copy the memory into the enclave to make sure 'val' 
+     * is not being changed in checksum_internal() */
+    memcpy(tmp, val, len);
+    
+    int32_t sum = checksum_internal((char *)tmp, len);
+    printf("Checksum(0x%p, %zu) = 0x%x\n", 
+            val, len, (unsigned int)sum);
+    
+    /* modify outside memory directly */
+    memcpy(val, "SGX_SUCCESS", len>12?12:len);
+
+	return len;
+}
+
+/* ecall_pointer_in:
+ *   the buffer of val is copied to the enclave.
+ */
+
+void ecall_pointer_in(int *val)
+{
+    if (sgx_is_within_enclave(val, sizeof(int)) != 1)
+        abort();
+    *val = 1234;
+}
+
+/* ecall_pointer_out:
+ *   the buffer of val is copied to the untrusted side.
+ */
+void ecall_pointer_out(int *val)
+{
+    if (sgx_is_within_enclave(val, sizeof(int)) != 1)
+        abort();
+    assert(*val == 0);
+    *val = 1234;
+}
+
+/* ecall_pointer_in_out:
+ * the buffer of val is double-copied.
+ */
+void ecall_pointer_in_out(int *val)
+{
+    if (sgx_is_within_enclave(val, sizeof(int)) != 1)
+        abort();
+    *val = 1234;
+}
+
+/* ocall_pointer_attr:
+ *   The root ECALL that test OCALL [in], [out], [user_check].
+ */
+void ocall_pointer_attr(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    int val = 0;
+    ret = ocall_pointer_user_check(&val);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    val = 0;
+    ret = ocall_pointer_in(&val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 0);
+
+    val = 0;
+    ret = ocall_pointer_out(&val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 1234);
+
+    val = 0;
+    ret = ocall_pointer_in_out(&val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 1234);
+
+    return;
+}
+
+/* ecall_pointer_string:
+ *   [string] defines a string.
+ */
+void ecall_pointer_string(char *str)
+{
+    strncpy(str, "0987654321", strlen(str));
+}
+
+/* ecall_pointer_string_const:
+ *   const [string] defines a string that cannot be modified.
+ */
+void ecall_pointer_string_const(const char *str)
+{
+    char* temp = new char[strlen(str)];
+    strncpy(temp, str, strlen(str));
+    delete []temp;
+}
+
+/* ecall_pointer_size:
+ *   'len' needs to be specified to tell Edger8r the length of 'str'.
+ */
+void ecall_pointer_size(void *ptr, size_t len)
+{
+    strncpy((char*)ptr, "0987654321", len);
+}
+
+/* ecall_pointer_count:
+ *   'cnt' needs to be specified to tell Edger8r the number of elements in 'arr'.
+ */
+void ecall_pointer_count(int *arr, int cnt)
+{
+    for (int i = (cnt - 1); i >= 0; i--)
+        arr[i] = (cnt - 1 - i);
+}
+
+/* ecall_pointer_isptr_readonly:
+ *   'buf' is user defined type, shall be tagged with [isptr].
+ *   if it's not writable, [readonly] shall be specified. 
+ */
+void ecall_pointer_isptr_readonly(buffer_t buf, size_t len)
+{
+    strncpy((char*)buf, "0987654321", len);
+}
+

+ 180 - 0
SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Pointers.edl

@@ -0,0 +1,180 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Pointers.edl - Samples for pointer attributes. */
+
+enclave {
+    
+    /* 
+     * Following keywords/attributes are supported for pointers in Edger8r: 
+     *      in, out, user_check, 
+     *      string, wstring,
+     *      const, size, count, isptr, readonly
+     */
+
+    trusted {
+        
+        /*
+         * [user_check]:
+         *      the pointer won't be validated, and the buffer pointed by
+         *      'val' is not copied into the enclave either. But Enclave 
+         *      can modify the memory pointed by 'val'.
+         */
+        
+        public size_t ecall_pointer_user_check([user_check] void *val, size_t sz);
+        
+        /*
+         * [in]:
+         *      buffer with the same size will be allocated inside the enclave,
+         *      content pointed by 'val' will be copied into the new allocated
+         *      memory inside. Any changes performed inside the enclave will not 
+         *      affect the buffer outside.
+         */
+        
+        public void ecall_pointer_in([in] int *val);
+        
+        /*
+         * [out]:
+         *      buffer with the same size will be allocated inside the enclave,
+         *      but the content pointed by 'val' won't be copied. But after return, 
+         *      the buffer inside the enclave will copied into outside 'val'.
+         */
+        
+        public void ecall_pointer_out([out] int *val);
+
+        /*
+         * [in, out]:
+         *      buffer with the same size will be allocated inside the enclave,
+         *      the content pointed by 'val' will be copied either. After return, 
+         *      the buffer inside the enclave will by copied into outside 'val' again.
+         */
+        
+        public void ecall_pointer_in_out([in, out] int *val);
+        
+        /*
+         * [string]:
+         *      the attribute tells Edger8r 'str' is NULL terminated string, so strlen 
+         *      will be used to count the length of buffer pointed by 'str'.
+         */
+        
+        public void ecall_pointer_string([in, out, string] char *str);
+
+        /*
+         * [const]:
+         *      the attribute tells Edger8r the buffer pointed by 'str' cannot be modified,
+         *      so users cannot decorate 'str' with [out] attribute anymore.
+         */
+        
+        public void ecall_pointer_string_const([in, string] const char *str);
+
+        /*
+         * [size]:
+         *      the attribute tells Edger8r the length of buffer in byte pointed by 'ptr' 
+         *      (shall be copied or not). 
+         * Note: Users shall not specify [size] on [string] parameters.
+         */
+        
+        public void ecall_pointer_size([in, out, size=len] void *ptr, size_t len);
+
+        /*
+         * [count]:
+         *      the attribute tells Edger8r the number of integers to be copied from 'arr'.
+         */
+        
+        public void ecall_pointer_count([in, out, count=cnt] int *arr, int cnt);
+
+        /*
+         * [isptr]:
+         *      tells Edger8r the user defined type is a pointer; 
+         * [readonly]:
+         *      forbids the buffer allocated inside the enclave to be copied back to App
+         *      (cannot use with [out]).
+         */
+        
+        public void ecall_pointer_isptr_readonly([in, isptr, readonly, size=len] buffer_t buf, size_t len);
+        
+    };
+
+    /*
+     * Users can define multiple trusted/untrusted blocks, 
+     * edger8r will merged them into one trusted/untrusted block.
+     */
+    trusted {
+        /*
+         * Test pointer attributes in OCALLs
+         */
+        
+        public void ocall_pointer_attr(void);
+    
+    };
+
+    untrusted {
+    
+        /*
+         * [user_check]:
+         *      the pointer won't be valified, and the buffer pointed by 'val' is not 
+         *      copied to outside buffer either. Besides 'App' cannot modify the memory 
+         *      pointer by 'val'.
+         */
+        
+        void ocall_pointer_user_check([user_check] int *val);
+        
+        /*
+         * [in]:
+         *      buffer with the same size will be allocated in 'App' side, the content 
+         *      pointed by 'val' will be copied into the new allocated memory outside. 
+         *      Any changes performed by 'App' will not affect the buffer pointed by 'val'.
+         */
+        
+        void ocall_pointer_in([in] int *val);
+        
+        /*
+         * [out]:
+         *      buffer with the same size will be allocated in 'App' side, the content
+         *      pointed by 'val' won't be copied. But after return, the buffer outside
+         *      will be copied into the enclave.
+         */
+        
+        void ocall_pointer_out([out] int *val);
+
+        /*
+         * [in, out]:
+         *      buffer with the same size will be allocated in 'App' side, the content
+         *      pointed by 'val' will be copied either. After return, the buffer outside 
+         *      will copied into the enclave.
+         */
+        
+        void ocall_pointer_in_out([in, out] int *val);
+    
+    };
+
+};

+ 155 - 0
SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Types.cpp

@@ -0,0 +1,155 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Test Basic Types */
+
+#include "sgx_trts.h"
+#include "../Enclave.h"
+#include "Enclave_t.h"
+#include <limits>
+#include <cmath>
+
+/* used to eliminate `unused variable' warning */
+#define UNUSED(val) (void)(val)
+
+#define ULP 2
+
+/* used to compare double variables in order to avoid compile warnings */
+bool  almost_equal(double x, double y)
+{
+    /* the machine epsilon has to be scaled to the magnitude of the larger value
+       and multiplied by the desired precision in ULPs (units in the last place) */
+    return std::abs(x-y) <= std::numeric_limits<double>::epsilon() * std::abs(x+y) * ULP;
+}
+
+/* used to compare double variables in order to avoid compile warnings */
+bool  almost_equal(float x, float y)
+{
+    /* the machine epsilon has to be scaled to the magnitude of the larger value
+       and multiplied by the desired precision in ULPs (units in the last place) */
+    return std::abs(x-y) <= std::numeric_limits<float>::epsilon() * std::abs(x+y) * ULP;
+}
+
+/* ecall_type_char:
+ *   [char] value passed by App.
+ */
+void ecall_type_char(char val)
+{
+    assert(val == 0x12);
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_int:
+ *   [int] value passed by App.
+ */
+void ecall_type_int(int val)
+{
+    assert(val == 1234);
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_float:
+ *   [float] value passed by App.
+ */
+void ecall_type_float(float val)
+{
+    assert(almost_equal(val, (float)1234.0));
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_double:
+ *   [double] value passed by App.
+ */
+void ecall_type_double(double val)
+{
+    assert(almost_equal(val, (double)1234.5678));
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_size_t:
+ *   [size_t] value passed by App.
+ */
+void ecall_type_size_t(size_t val)
+{
+    assert(val == (size_t)12345678);
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_wchar_t:
+ *   [wchar_t] value passed by App.
+ */
+void ecall_type_wchar_t(wchar_t val)
+{
+    assert(val == (wchar_t)0x1234);
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_struct:
+ *   struct_foo_t is defined in EDL and can be used in ECALL.
+ */
+void ecall_type_struct(struct struct_foo_t val)
+{
+    assert(val.struct_foo_0 == 1234);
+    assert(val.struct_foo_1 == 5678);
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/*
+ * ecall_type_enum_union:
+ *   enum_foo_t/union_foo_t is defined in EDL 
+ *   and can be used in ECALL.
+ */
+void ecall_type_enum_union(enum enum_foo_t val1, union union_foo_t *val2)
+{
+    if (sgx_is_outside_enclave(val2, sizeof(union union_foo_t)) != 1)
+        abort();
+    val2->union_foo_0 = 1;
+    val2->union_foo_1 = 2; /* overwrite union_foo_0 */
+    assert(val1 == ENUM_FOO_0);
+#ifndef DEBUG
+    UNUSED(val1);
+#endif
+}

+ 87 - 0
SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Types.edl

@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Types.edl - Samples for basic types. */
+
+enclave {
+
+    /* 
+     * Following types can be supported in Edger8r: 
+     *      char, short, int, float, double, void, 
+     *      int8_t, int16_t, int32_t, int64_t,
+     *      size_t, wchar_t, 
+     *      uint8_t, uint16_t, uint32_t, uint64_t, 
+     *      unsigned, struct, enum, union.
+     */
+
+    /*
+     * We will demo few types in ECALL functions, data 
+     * types in OCALL functions can be handled either.
+     */
+
+     /* structure definition */
+    struct struct_foo_t {
+        /* Basic types can be used in structure. */
+        uint32_t struct_foo_0;
+        uint64_t struct_foo_1;
+    };
+
+    /* enum definition */
+    enum enum_foo_t {
+        ENUM_FOO_0 = 0,
+        ENUM_FOO_1 = 1
+    };
+
+    /* union definition */
+    union union_foo_t {
+        uint32_t union_foo_0;
+        uint32_t union_foo_1;
+        uint64_t union_foo_3;
+    };
+
+    trusted {
+
+        public void ecall_type_char(char val);
+        public void ecall_type_int(int val);
+
+        public void ecall_type_float(float val);
+        public void ecall_type_double(double val);
+
+        public void ecall_type_size_t(size_t val);
+        public void ecall_type_wchar_t(wchar_t val);
+
+        public void ecall_type_struct(struct struct_foo_t val);
+        public void ecall_type_enum_union(enum enum_foo_t val1, [user_check] union union_foo_t *val2);
+        
+        /* for using user defined types, please refer to Pointers.edl, Arrays.edl. */
+    };
+
+};

+ 12 - 0
SampleCode/SampleEnclavePCL/Enclave/Enclave.config.xml

@@ -0,0 +1,12 @@
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>10</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

+ 51 - 0
SampleCode/SampleEnclavePCL/Enclave/Enclave.cpp

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include <stdarg.h>
+#include <stdio.h>      /* vsnprintf */
+
+#include "Enclave.h"
+#include "Enclave_t.h"  /* print_string */
+
+/* 
+ * printf: 
+ *   Invokes OCALL to display the enclave buffer to the terminal.
+ */
+void printf(const char *fmt, ...)
+{
+    char buf[BUFSIZ] = {'\0'};
+    va_list ap;
+    va_start(ap, fmt);
+    vsnprintf(buf, BUFSIZ, fmt, ap);
+    va_end(ap);
+    ocall_print_string(buf);
+}

+ 62 - 0
SampleCode/SampleEnclavePCL/Enclave/Enclave.edl

@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Enclave.edl - Top EDL file. */
+
+enclave {
+    
+    include "user_types.h" /* buffer_t */
+
+    /* Import ECALL/OCALL from sub-directory EDLs.
+     *  [from]: specifies the location of EDL file. 
+     *  [import]: specifies the functions to import, 
+     *  [*]: implies to import all functions.
+     */
+    
+    from "Edger8rSyntax/Types.edl" import *;
+    from "Edger8rSyntax/Pointers.edl" import *;
+    from "Edger8rSyntax/Arrays.edl" import *;
+    from "Edger8rSyntax/Functions.edl" import *;
+
+    from "TrustedLibrary/Libc.edl" import *;
+    from "TrustedLibrary/Libcxx.edl" import ecall_exception, ecall_map;
+    from "TrustedLibrary/Thread.edl" import *;
+
+    /* 
+     * ocall_print_string - invokes OCALL to display string buffer inside the enclave.
+     *  [in]: copy the string buffer to App outside.
+     *  [string]: specifies 'str' is a NULL terminated buffer.
+     */
+    untrusted {
+        void ocall_print_string([in, string] const char *str);
+    };
+
+};

+ 49 - 0
SampleCode/SampleEnclavePCL/Enclave/Enclave.h

@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#ifndef _ENCLAVE_H_
+#define _ENCLAVE_H_
+
+#include <stdlib.h>
+#include <assert.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+void printf(const char *fmt, ...);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_ENCLAVE_H_ */

+ 10 - 0
SampleCode/SampleEnclavePCL/Enclave/Enclave.lds

@@ -0,0 +1,10 @@
+enclave.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};

+ 39 - 0
SampleCode/SampleEnclavePCL/Enclave/Enclave_private.pem

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
+AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
+ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
+nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
+3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
+ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
+5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
+KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
+1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
+K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
+AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
+ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
+JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
+5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
+wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
+osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
+WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
+Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
+xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
+vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
+Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
+cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
+0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
+gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
+gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
+k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
+Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
+O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
+afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
+e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
+BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
+fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
+t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
+yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
+6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
+WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
+NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
+-----END RSA PRIVATE KEY-----

+ 59 - 0
SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libc.cpp

@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include <string.h>
+#include "sgx_cpuid.h"
+
+#include "sgx_trts.h"
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+/* ecall_malloc_free:
+ *   Uses malloc/free to allocate/free trusted memory.
+ */
+void ecall_malloc_free(void)
+{
+    void *ptr = malloc(100);
+    assert(ptr != NULL);
+    memset(ptr, 0x0, 100);
+    free(ptr);
+}
+
+/* ecall_sgx_cpuid:
+ *   Uses sgx_cpuid to get CPU features and types.
+ */
+void ecall_sgx_cpuid(int cpuinfo[4], int leaf)
+{
+    sgx_status_t ret = sgx_cpuid(cpuinfo, leaf);
+    if (ret != SGX_SUCCESS)
+        abort();
+}

+ 55 - 0
SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libc.edl

@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Libc.edl - EDL sample for trusted C library. */
+
+enclave {
+    
+    from "sgx_tstdc.edl" import sgx_oc_cpuidex;
+
+    /* 
+     * A subset of the C99 standard is supported as well as SGX customized functions: 
+     *  sgx_cpuid, etc.
+     */
+
+    trusted {
+        /*
+         * Utilize malloc/free in enclave.
+         */
+        public void ecall_malloc_free(void);
+
+        /*
+         * Utilize SGX version __cpuid() in enclave.
+         */
+        public void ecall_sgx_cpuid([in, out] int cpuinfo[4], int leaf);
+    };
+};

+ 89 - 0
SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libcxx.cpp

@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include <cstdlib>
+#include <string>
+
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+/*
+ * ecall_exception:
+ *   throw/catch C++ exception inside the enclave.
+ */
+
+void ecall_exception(void)
+{
+    std::string foo = "foo";
+    try {
+        throw std::runtime_error(foo);
+    }
+    catch (std::runtime_error const& e) {
+        assert( foo == e.what() );
+        std::runtime_error clone("");
+        clone = e;
+        assert(foo == clone.what() );
+    }
+    catch (...) {
+        assert( false );
+    }
+}
+
+#include <map>
+#include <algorithm>
+
+using namespace std;
+
+/*
+ * ecall_map:
+ *   Utilize STL <map> in the enclave.
+ */
+void ecall_map(void)
+{
+    typedef map<char, int, less<char> > map_t;
+    typedef map_t::value_type map_value;
+    map_t m;
+
+    m.insert(map_value('a', 1));
+    m.insert(map_value('b', 2));
+    m.insert(map_value('c', 3));
+    m.insert(map_value('d', 4));
+
+    assert(m['a'] == 1);
+    assert(m['b'] == 2);
+    assert(m['c'] == 3);
+    assert(m['d'] == 4);
+
+    assert(m.find('e') == m.end());
+    
+    return;
+}

+ 52 - 0
SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libcxx.edl

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Libcxx.edl - EDL sample for trusted C++ library. */
+
+enclave {
+    
+    /* 
+     * A subset of the C++03 standard is supported.
+     */
+
+    trusted {
+        /*
+         * Throw/catch exception inside the enclave.
+         */
+        public void ecall_exception(void);
+
+        /*
+         * Utilize <map> inside the enclave.
+         */
+        public void ecall_map(void);
+    };
+};

+ 104 - 0
SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Thread.cpp

@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+#include "sgx_thread.h"
+
+static size_t global_counter = 0;
+static sgx_thread_mutex_t global_mutex = SGX_THREAD_MUTEX_INITIALIZER;
+
+#define BUFFER_SIZE 50
+
+typedef struct {
+    int buf[BUFFER_SIZE];
+    int occupied;
+    int nextin;
+    int nextout;
+    sgx_thread_mutex_t mutex;
+    sgx_thread_cond_t more;
+    sgx_thread_cond_t less;
+} cond_buffer_t;
+
+static cond_buffer_t buffer = {{0, 0, 0, 0, 0, 0}, 0, 0, 0,
+    SGX_THREAD_MUTEX_INITIALIZER, SGX_THREAD_COND_INITIALIZER, SGX_THREAD_COND_INITIALIZER};
+
+/*
+ * ecall_increase_counter:
+ *   Utilize thread APIs inside the enclave.
+ */
+size_t ecall_increase_counter(void)
+{
+    size_t ret = 0;
+    for (int i = 0; i < LOOPS_PER_THREAD; i++) {
+        sgx_thread_mutex_lock(&global_mutex);
+        /* mutually exclusive adding */
+        size_t tmp = global_counter;
+        global_counter = ++tmp;
+        if (4*LOOPS_PER_THREAD == global_counter)
+            ret = global_counter;
+        sgx_thread_mutex_unlock(&global_mutex);
+    }
+    return ret;
+}
+
+void ecall_producer(void)
+{
+    for (int i = 0; i < 4*LOOPS_PER_THREAD; i++) {
+        cond_buffer_t *b = &buffer;
+        sgx_thread_mutex_lock(&b->mutex);
+        while (b->occupied >= BUFFER_SIZE)
+            sgx_thread_cond_wait(&b->less, &b->mutex);
+        b->buf[b->nextin] = b->nextin;
+        b->nextin++;
+        b->nextin %= BUFFER_SIZE;
+        b->occupied++;
+        sgx_thread_cond_signal(&b->more);
+        sgx_thread_mutex_unlock(&b->mutex);
+    }
+}
+
+void ecall_consumer(void)
+{
+    for (int i = 0; i < LOOPS_PER_THREAD; i++) {
+        cond_buffer_t *b = &buffer;
+        sgx_thread_mutex_lock(&b->mutex);
+        while(b->occupied <= 0)
+            sgx_thread_cond_wait(&b->more, &b->mutex);
+        b->buf[b->nextout++] = 0;
+        b->nextout %= BUFFER_SIZE;
+        b->occupied--;
+        sgx_thread_cond_signal(&b->less);
+        sgx_thread_mutex_unlock(&b->mutex);
+    }
+}

+ 51 - 0
SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Thread.edl

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Thread.edl - EDL sample for trusted thread library. */
+
+enclave {
+
+    from "sgx_tstdc.edl" import sgx_thread_wait_untrusted_event_ocall, sgx_thread_set_untrusted_event_ocall, sgx_thread_setwait_untrusted_events_ocall, sgx_thread_set_multiple_untrusted_events_ocall;
+
+    trusted {
+        /*
+         * Use SGX mutex.
+         */
+        public size_t ecall_increase_counter();
+
+        /*
+         * Use SGX condition variables.
+         */
+        public void ecall_producer();
+        public void ecall_consumer();
+
+    };
+};

+ 40 - 0
SampleCode/SampleEnclavePCL/Include/user_types.h

@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* User defined types */
+
+
+#define LOOPS_PER_THREAD 500
+
+typedef void *buffer_t;
+typedef int array_t[10];
+

+ 330 - 0
SampleCode/SampleEnclavePCL/Makefile

@@ -0,0 +1,330 @@
+#
+# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#   * Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in
+#     the documentation and/or other materials provided with the
+#     distribution.
+#   * Neither the name of Intel Corporation nor the names of its
+#     contributors may be used to endorse or promote products derived
+#     from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+
+######## SGX SDK Settings ########
+
+SGX_SDK ?= /opt/intel/sgxsdk
+SGX_MODE ?= HW
+SGX_ARCH ?= x64
+SGX_DEBUG ?= 1
+SGX_PCL ?= 1
+
+ifeq ($(shell getconf LONG_BIT), 32)
+	SGX_ARCH := x86
+else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
+	SGX_ARCH := x86
+endif
+
+
+ifeq ($(SGX_ARCH), x86)
+ifneq ($(SGX_PCL), 0)
+$(error SGX PCL feature is not supported for 32bit mode!)
+else
+	SGX_COMMON_CFLAGS := -m32
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
+	SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
+endif
+else
+	SGX_COMMON_CFLAGS := -m64
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
+	SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+ifeq ($(SGX_PRERELEASE), 1)
+$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
+endif
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+        SGX_COMMON_CFLAGS += -O0 -g
+        Encryption_Tool_Flags := -d
+else
+        SGX_COMMON_CFLAGS += -O2
+endif
+
+######## App Settings ########
+
+ifneq ($(SGX_MODE), HW)
+	Urts_Library_Name := sgx_urts_sim
+else
+	Urts_Library_Name := sgx_urts
+endif
+
+App_Cpp_Files := App/App.cpp $(wildcard App/Edger8rSyntax/*.cpp) $(wildcard App/TrustedLibrary/*.cpp)
+App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include
+
+App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
+
+# Three configuration modes - Debug, prerelease, release
+#   Debug - Macro DEBUG enabled.
+#   Prerelease - Macro NDEBUG and EDEBUG enabled.
+#   Release - Macro NDEBUG enabled.
+ifeq ($(SGX_DEBUG), 1)
+        App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
+else ifeq ($(SGX_PRERELEASE), 1)
+        App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
+else
+        App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
+endif
+
+ifneq ($(SGX_PCL), 0)
+App_C_Flags += -DSGX_USE_PCL -I../Seal
+endif
+
+App_Cpp_Flags := $(App_C_Flags) -std=c++11
+App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread 
+
+ifneq ($(SGX_MODE), HW)
+	App_Link_Flags += -lsgx_uae_service_sim
+else
+	App_Link_Flags += -lsgx_uae_service
+endif
+
+App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
+
+App_Name := app
+
+######## Enclave Settings ########
+
+ifneq ($(SGX_MODE), HW)
+	Trts_Library_Name := sgx_trts_sim
+	Service_Library_Name := sgx_tservice_sim
+else
+	Trts_Library_Name := sgx_trts
+	Service_Library_Name := sgx_tservice
+endif
+Crypto_Library_Name := sgx_tcrypto
+
+Enclave_Cpp_Files := Enclave/Enclave.cpp $(wildcard Enclave/Edger8rSyntax/*.cpp) $(wildcard Enclave/TrustedLibrary/*.cpp)
+Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx
+
+CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
+ifeq ($(CC_BELOW_4_9), 1)
+	Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector
+else
+	Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong
+endif
+
+Enclave_C_Flags += $(Enclave_Include_Paths)
+Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++
+
+# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
+#    1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
+#       so that the whole content of trts is included in the enclave.
+#    2. For other libraries, you just need to pull the required symbols.
+#       Use `--start-group' and `--end-group' to link these libraries.
+# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
+# Otherwise, you may get some undesirable errors.
+Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
+	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+	-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
+	-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
+	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
+	-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections   \
+	-Wl,--version-script=Enclave/Enclave.lds
+
+Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
+
+Enclave_Name := enclave.so
+Signed_Enclave_Name := enclave.signed.so
+Enclave_Config_File := Enclave/Enclave.config.xml
+
+Unsigned_Enclave_Name   := $(Enclave_Name)
+Encrypted_Enclave_Name 	:= $(Enclave_Name).enc
+
+Seal_Enclave_Name := Seal.so
+Signed_Seal_Enclave_Name := Seal.signed.so
+Seal_Enclave_Cpp_Files := Seal/Seal.cpp
+Seal_Enclave_Cpp_Objects := $(Seal_Enclave_Cpp_Files:.cpp=.o)
+Seal_Enclave_Config_File := Seal/Seal.config.xml
+
+PCL_LINK_FLAGS :=
+
+ifneq ($(SGX_PCL),0)
+
+Pcl_Encryption_Tool := $(SGX_SDK)/bin/x64/sgx_encrypt
+PCL_KEY := ./debug_mock_key.bin
+
+ifneq ($(SGX_MODE), HW)
+PCL_LIB_NAME := sgx_pclsim
+else  # ifneq ($(SGX_MODE), HW)
+PCL_LIB_NAME := sgx_pcl
+endif # ifneq ($(SGX_MODE), HW)
+
+PCL_LINK_FLAGS = -Wl,--whole-archive -l$(PCL_LIB_NAME) -Wl,--no-whole-archive
+endif # ifneq ($(SGX_PCL),0)
+
+
+ifeq ($(SGX_MODE), HW)
+ifeq ($(SGX_DEBUG), 1)
+	Build_Mode = HW_DEBUG
+else ifeq ($(SGX_PRERELEASE), 1)
+	Build_Mode = HW_PRERELEASE
+else
+	Build_Mode = HW_RELEASE
+endif
+else
+ifeq ($(SGX_DEBUG), 1)
+	Build_Mode = SIM_DEBUG
+else ifeq ($(SGX_PRERELEASE), 1)
+	Build_Mode = SIM_PRERELEASE
+else
+	Build_Mode = SIM_RELEASE
+endif
+endif
+
+
+.PHONY: all run
+
+ifeq ($(Build_Mode), HW_RELEASE)
+all: .config_$(Build_Mode)_$(SGX_ARCH)$(SGX_PCL) $(App_Name) $(Enclave_Name) $(Seal_Enclave_Name)
+	@echo "The project has been built in release hardware mode."
+	@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
+	@echo "To sign the enclave use the command:"
+	@echo "   $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
+	@echo "You can also sign the enclave using an external signing tool."
+	@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
+else
+all: .config_$(Build_Mode)_$(SGX_ARCH)$(SGX_PCL) $(Signed_Seal_Enclave_Name) $(App_Name) $(Signed_Enclave_Name)
+ifeq ($(Build_Mode), HW_DEBUG)
+	@echo "The project has been built in debug hardware mode."
+else ifeq ($(Build_Mode), SIM_DEBUG)
+	@echo "The project has been built in debug simulation mode."
+else ifeq ($(Build_Mode), HW_PRERELEASE)
+	@echo "The project has been built in pre-release hardware mode."
+else ifeq ($(Build_Mode), SIM_PRERELEASE)
+	@echo "The project has been built in pre-release simulation mode."
+else
+	@echo "The project has been built in release simulation mode."
+endif
+endif
+
+run: all
+ifneq ($(Build_Mode), HW_RELEASE)
+	@$(CURDIR)/$(App_Name)
+	@echo "RUN  =>  $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
+endif
+
+######## App Objects ########
+
+App/Enclave_u.c: $(SGX_EDGER8R) Enclave/Enclave.edl
+	@cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include
+	@echo "GEN  =>  $@"
+
+App/Enclave_u.o: App/Enclave_u.c
+	@$(CC) $(App_C_Flags) -c $< -o $@
+	@echo "CC   <=  $<"
+
+App/Seal_u.c: $(SGX_EDGER8R) Seal/Seal.edl
+	@cd App && $(SGX_EDGER8R) --untrusted ../Seal/Seal.edl --search-path ../Seal --search-path $(SGX_SDK)/include
+	@echo "GEN  =>  $@"
+
+App/Seal_u.o: App/Seal_u.c
+	@$(CC) $(App_C_Flags) -c $< -o $@
+	@echo "CC   <=  $<"
+
+App/%.o: App/%.cpp
+	@$(CXX) $(App_Cpp_Flags) -c $< -o $@
+	@echo "CXX  <=  $<"
+
+$(App_Name): App/Seal_u.o App/Enclave_u.o $(App_Cpp_Objects)
+	@$(CXX) $^ -o $@ $(App_Link_Flags)
+	@echo "LINK =>  $@"
+
+.config_$(Build_Mode)_$(SGX_ARCH)$(SGX_PCL):
+	@rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* $(Encrypted_Enclave_Name) $(Seal_Enclave_Name) $(Signed_Seal_Enclave_Name) App/Seal_u.* $(Seal_Enclave_Cpp_Objects) Seal/Seal_t.* sealed_key.bin
+	@touch .config_$(Build_Mode)_$(SGX_ARCH)$(SGX_PCL)
+
+######## Sealing enclave Objects ########
+
+Seal/Seal_t.c: $(SGX_EDGER8R) Seal/Seal.edl
+	@cd Seal && $(SGX_EDGER8R) --trusted ../Seal/Seal.edl --search-path ../Seal --search-path $(SGX_SDK)/include
+	@echo "GEN  =>  $@"
+
+Seal/Seal_t.o: Seal/Seal_t.c
+	@$(CC) $(Enclave_C_Flags) -c $< -o $@
+	@echo "CC   <=  $<"
+
+Seal/%.o: Seal/%.cpp
+	@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
+	@echo "CXX  <=  $<"
+
+$(Seal_Enclave_Name): Seal/Seal_t.o $(Seal_Enclave_Cpp_Objects)
+	@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
+	@echo "LINK =>  $@"
+
+$(Signed_Seal_Enclave_Name): $(Seal_Enclave_Name)
+	@$(SGX_ENCLAVE_SIGNER) sign -key Seal/Seal_private.pem -enclave $(Seal_Enclave_Name) -out $@ -config $(Seal_Enclave_Config_File)
+	@echo "SIGN =>  $@"
+
+######## Enclave Objects ########
+
+Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave/Enclave.edl
+	@cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include
+	@echo "GEN  =>  $@"
+
+Enclave/Enclave_t.o: Enclave/Enclave_t.c
+	@$(CC) $(Enclave_C_Flags) -c $< -o $@
+	@echo "CC   <=  $<"
+
+Enclave/%.o: Enclave/%.cpp
+	@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
+	@echo "CXX  <=  $<"
+
+$(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects)
+	@$(CXX) $^ -o $@ $(Enclave_Link_Flags) $(PCL_LINK_FLAGS)
+	@echo "LINK =>  $@"
+
+# encrypted enclave required only for PCL build
+ifneq ($(SGX_PCL),0)
+
+$(Encrypted_Enclave_Name): $(Enclave_Name) $(Pcl_Encryption_Tool)
+	@$(Pcl_Encryption_Tool) -i $< -o $@ -k $(PCL_KEY) $(Encryption_Tool_Flags)
+	@echo "Encrypted => $@"
+
+endif # ifneq ($(SGX_PCL),0)
+
+ifneq ($(SGX_PCL), 0)
+$(Signed_Enclave_Name): $(Encrypted_Enclave_Name)
+else
+$(Signed_Enclave_Name): $(Enclave_Name)
+endif
+	@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $< -out $@ -config $(Enclave_Config_File)
+	@echo "SIGN =>  $@"
+
+.PHONY: clean
+
+clean:
+	@rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* $(Encrypted_Enclave_Name) $(Seal_Enclave_Name) $(Signed_Seal_Enclave_Name) App/Seal_u.* $(Seal_Enclave_Cpp_Objects) Seal/Seal_t.* sealed_key.bin
+

+ 38 - 0
SampleCode/SampleEnclavePCL/README.md

@@ -0,0 +1,38 @@
+Intel(R) Software Guard Extensions Protected Code Loader (Intel(R) SGX PCL) for Linux\* OS
+================================================
+Introduction
+------------
+Intel(R) SGX PCL is intended to protect Intellectual Property (IP) within the code for Intel(R) SGX enclave applications running on the Linux* OS.
+
+**Problem:** Intel(R) SGX provides integrity of code and confidentiality and integrity of data at run-time. However, it does NOT provide confidentiality of code offline as a binary file on disk. Adversaries can reverse engineer the binary enclave shared object.
+
+**Solution:** The enclave shared object (.so) is encrypted at build time. It is decrypted at enclave load time. 
+
+Intel(R) SGX PCL provides: 
+1. **sgx_encrypt:** A tool to encrypt the shared object at build time. 
+
+   See sources at sdk\encrypt_enclave.
+   
+2. **libsgx_pcl.a:** A library that is statically linked to the enclave and enables the decryption of the enclave at load time.
+
+   See sources at sdk\protected_code_loader.
+
+3. **SampleEnclavePCL:** Sample code which demonstrates how the tool and lib need to be integrated into an existing enclave project. 
+
+Pupose of this code sample:
+--------------------------
+Enclave writers should compare SampleEnclave and SampleEnclavePCL. This demonstrates how the Intel(R) SGX PCL is to be integrated into the project of the enclave writer.  
+
+Documentation
+-------------
+See more elaborate documentation at [Intel(R) SGX Protected Code Loader for Linux User Guide](https://github.com/intel/linux-sgx-pcl/blob/master/Intel(R)%20SGX%20Protected%20Code%20Loader%20for%20Linux%20User%20Guide.pdf).
+
+Build and test the Intel(R) SGX PCL with the sample code
+--------------------------------------------------------
+
+- To compile and run the sample
+```
+  $ cd SampleEnclavePCL
+  $ make
+  $ ./app
+```

+ 12 - 0
SampleCode/SampleEnclavePCL/Seal/Seal.config.xml

@@ -0,0 +1,12 @@
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>10</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

+ 126 - 0
SampleCode/SampleEnclavePCL/Seal/Seal.cpp

@@ -0,0 +1,126 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <sgx_tseal.h>
+#include "Seal_t.h"
+#include <memory>
+#include <sgx_pcl_guid.h>
+
+/**
+ * @func provision_key_mock assigns the decryption key
+ * @param uint8_t* key_ptr: pointer to a key buffer allocated by caller.
+ * @param uint32_t key_len: key buffer size.
+ * @return sgx_status_t 
+ * SGX_ERROR_INVALID_PARAMETER if key size is not SGX_AESGCM_KEY_SIZE or if key_ptr is NULL
+ * SGX_SUCCESS if success
+ * Notice: Function returns a hardcoded key. Never use in release code!!!
+ * ISV must replace with secured key provisioning scheme, e.g. using remote attestation & TLS.
+ */
+sgx_status_t provision_key_mock (uint8_t* key_ptr, uint32_t key_len )
+{
+    if ( (NULL == key_ptr) || (SGX_AESGCM_KEY_SIZE != key_len))
+    {
+        return SGX_ERROR_INVALID_PARAMETER;
+    }
+    const uint8_t key[SGX_AESGCM_KEY_SIZE] = 
+        { 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x55, 0x55, 0x66, 0x66, 0x77, 0x77, 0x88, 0x88, 0x99, 0x99 };
+    memcpy (key_ptr, key, key_len);
+    return SGX_SUCCESS;
+}
+
+/*
+ * @func provision_key provisions the key to the ISVs platform
+ * @param uint8_t* key_ptr is the resulting decryption key
+ * @param uint32_t key_len is key size in bytes
+ * @return sgx_status_t, SGX_SUCCESS if function passes
+ * @warning ISV must replace content of this function with ISVs scheme to provision
+ * the decryption key to the platform 
+ */
+sgx_status_t provision_key( uint8_t* key_ptr, uint32_t key_len )
+{
+    /* 
+     * ISV must replace call to provision_key_mock with an alternative ISV's secured key provisioning scheme, e.g. using remote attestation & TLS.
+     * For more details, see 'Intel(R) SGX PCL Linux User Guide.pdf', chapter 'Integration with PCL', sub chapter 'Sealing Enclave'.
+     */
+    return provision_key_mock(key_ptr, key_len);
+}
+
+extern "C" 
+{
+
+/*
+ * @func ecall_get_sealed_blob_size returns the PCL sealed blob size
+ * @return size_t, size of PCL sealed blob size in bytes
+ */
+size_t ecall_get_sealed_blob_size()
+{
+    return (size_t)sgx_calc_sealed_data_size ( SGX_PCL_GUID_SIZE, SGX_AESGCM_KEY_SIZE );
+}
+
+/*
+ * @func ecall_generate_sealed_blob generates the sealed blob
+ * @param uint8_t* sealed_blob is the resulting sealed blob
+ * @param uint32_t sealed_blob_size is sealed blob size in bytes
+ * @return sgx_status_t
+ * SGX_ERROR_INVALID_PARAMETER if sealed_blob is NULL or if sealed_blob_size does not match PCL sealed blob size
+ * The respective error in case provision_key  or sgx_seal_data fail
+ * SGX_SUCCESS if function passes
+ */
+sgx_status_t ecall_generate_sealed_blob(uint8_t* sealed_blob, size_t sealed_blob_size)
+{
+    if ((NULL == sealed_blob) || (ecall_get_sealed_blob_size() != sealed_blob_size))
+    {
+        return SGX_ERROR_INVALID_PARAMETER;
+    }
+    
+    sgx_status_t retstatus = SGX_ERROR_UNEXPECTED;
+    uint8_t key[SGX_AESGCM_KEY_SIZE] = { 0 };
+    
+    retstatus = provision_key(key, SGX_AESGCM_KEY_SIZE);
+    if (retstatus != SGX_SUCCESS )
+    {
+        return retstatus;
+    }
+    
+    retstatus = sgx_seal_data (
+        SGX_PCL_GUID_SIZE,                 // AAD size
+        g_pcl_guid,                        // AAD
+        SGX_AESGCM_KEY_SIZE,               // Key len
+        key,                               // Key
+        sealed_blob_size,                  // Resulting blob size
+        (sgx_sealed_data_t*)sealed_blob ); // Resulting blob
+
+    memset(key, 0,SGX_AESGCM_KEY_SIZE); 
+    return retstatus;
+}
+
+};    // extern "C"
+

+ 51 - 0
SampleCode/SampleEnclavePCL/Seal/Seal.edl

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Enclave.edl - Top EDL file. */
+
+enclave {
+
+/* Import ECALL/OCALL from sub-directory EDLs.
+ *  [from]: specifies the location of EDL file. 
+ *  [import]: specifies the functions to import, 
+ *  [*]: implies to import all functions.
+ */
+		
+
+	trusted {
+		public size_t ecall_get_sealed_blob_size ();
+		public sgx_status_t ecall_generate_sealed_blob (
+			[out, count=sealed_blob_size]uint8_t* sealed_blob,
+			size_t sealed_blob_size );
+
+	};
+
+};

+ 10 - 0
SampleCode/SampleEnclavePCL/Seal/Seal.lds

@@ -0,0 +1,10 @@
+enclave.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};

+ 39 - 0
SampleCode/SampleEnclavePCL/Seal/Seal_private.pem

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
+AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
+ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
+nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
+3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
+ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
+5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
+KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
+1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
+K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
+AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
+ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
+JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
+5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
+wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
+osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
+WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
+Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
+xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
+vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
+Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
+cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
+0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
+gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
+gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
+k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
+Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
+O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
+afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
+e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
+BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
+fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
+t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
+yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
+6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
+WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
+NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
+-----END RSA PRIVATE KEY-----

+ 1 - 0
SampleCode/SampleEnclavePCL/debug_mock_key.bin

@@ -0,0 +1 @@
+""33DDUUffww�劔

+ 4 - 1
buildenv.mk

@@ -57,6 +57,9 @@ CP    := /bin/cp -f
 MKDIR := mkdir -p
 MKDIR := mkdir -p
 STRIP := strip
 STRIP := strip
 OBJCOPY := objcopy
 OBJCOPY := objcopy
+NIPX := .nipx
+NIPD := .nipd
+NIPRODT := .niprod
 
 
 # clean the content of 'INCLUDE' - this variable will be set by vcvars32.bat
 # clean the content of 'INCLUDE' - this variable will be set by vcvars32.bat
 # thus it will cause build error when this variable is used by our Makefile,
 # thus it will cause build error when this variable is used by our Makefile,
@@ -188,5 +191,5 @@ endif
 SGX_IPP_DIR     := $(ROOT_DIR)/external/ippcp_internal
 SGX_IPP_DIR     := $(ROOT_DIR)/external/ippcp_internal
 SGX_IPP_INC     := $(SGX_IPP_DIR)/inc
 SGX_IPP_INC     := $(SGX_IPP_DIR)/inc
 IPP_LIBS_DIR    := $(SGX_IPP_DIR)/lib/linux/$(IPP_SUBDIR)
 IPP_LIBS_DIR    := $(SGX_IPP_DIR)/lib/linux/$(IPP_SUBDIR)
-LD_IPP          := -lippcp -lippcore
+LD_IPP          := -lippcp
 
 

+ 0 - 1
common/inc/internal/ae_ipp.h

@@ -33,7 +33,6 @@
 #ifndef _AE_IPP_H
 #ifndef _AE_IPP_H
 #define _AE_IPP_H
 #define _AE_IPP_H
 
 
-#include "ippcore.h"
 #include "ippcp.h"
 #include "ippcp.h"
 
 
 #endif
 #endif

+ 0 - 17
common/inc/internal/ipp_wrapper.h

@@ -34,17 +34,6 @@
 
 
 #include "ippcp.h"
 #include "ippcp.h"
 
 
-#ifndef CLEAR_FREE_MEM
-#define CLEAR_FREE_MEM(address, size) {            \
-	if (address != NULL) {                          \
-		if (size > 0) {                             \
-			(void)memset_s(address, size, 0, size); \
-		}                                           \
-		free(address);                              \
-	}				                                \
-}
-#endif
-
 #ifndef SAFE_FREE_MM
 #ifndef SAFE_FREE_MM
 #define SAFE_FREE_MM(ptr) {\
 #define SAFE_FREE_MM(ptr) {\
     if(ptr != NULL)     \
     if(ptr != NULL)     \
@@ -76,12 +65,6 @@ IppStatus create_rsa_priv2_key(int p_byte_size, const Ipp32u *p, const Ipp32u *q
 
 
 IppStatus create_rsa_pub_key(int n_byte_size, int e_byte_size, const Ipp32u *n, const Ipp32u *e, IppsRSAPublicKeyState **new_pub_key);
 IppStatus create_rsa_pub_key(int n_byte_size, int e_byte_size, const Ipp32u *n, const Ipp32u *e, IppsRSAPublicKeyState **new_pub_key);
 
 
-IppStatus create_validate_rsa_key_pair(int n_byte_size, int e_byte_size, const Ipp32u *n, const Ipp32u *d, const Ipp32u *e, const Ipp32u *p, const Ipp32u *q, 
-                                                     const Ipp32u *dmp1, const Ipp32u *dmq1, const Ipp32u *iqmp,
-                                                     IppsRSAPrivateKeyState **new_pri_key, IppsRSAPublicKeyState **new_pub_key, int *validate_result);
-
-IppStatus get_pub_key(const IppsRSAPublicKeyState *pub_key, int *e_byte_size, Ipp32u *e, int *n_byte_size, Ipp32u *n);
-
 void secure_free_BN(IppsBigNumState *pBN, int size_in_bytes);
 void secure_free_BN(IppsBigNumState *pBN, int size_in_bytes);
 
 
 void secure_free_rsa_pri1_key(int n_byte_size, int d_byte_size, IppsRSAPrivateKeyState *pri_key1);
 void secure_free_rsa_pri1_key(int n_byte_size, int d_byte_size, IppsRSAPrivateKeyState *pri_key1);

+ 4 - 1
common/inc/internal/metadata.h

@@ -38,7 +38,10 @@
 
 
  /* version of metadata */
  /* version of metadata */
 #define MAJOR_VERSION 2                 //MAJOR_VERSION should not larger than 0ffffffff
 #define MAJOR_VERSION 2                 //MAJOR_VERSION should not larger than 0ffffffff
-#define MINOR_VERSION 2                 //MINOR_VERSION should not larger than 0ffffffff
+#define MINOR_VERSION 3                 //MINOR_VERSION should not larger than 0ffffffff
+
+#define SGX_2_1_MAJOR_VERSION 2         //MAJOR_VERSION should not larger than 0ffffffff
+#define SGX_2_1_MINOR_VERSION 2         //MINOR_VERSION should not larger than 0ffffffff
 
 
 #define SGX_2_0_MAJOR_VERSION 2         //MAJOR_VERSION should not larger than 0ffffffff
 #define SGX_2_0_MAJOR_VERSION 2         //MAJOR_VERSION should not larger than 0ffffffff
 #define SGX_2_0_MINOR_VERSION 1         //MINOR_VERSION should not larger than 0ffffffff
 #define SGX_2_0_MINOR_VERSION 1         //MINOR_VERSION should not larger than 0ffffffff

+ 101 - 0
common/inc/internal/pcl_common.h

@@ -0,0 +1,101 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef PCL_COMMON_H
+#define PCL_COMMON_H
+
+/*
+ * This file includes definition used by PCL library and encryption tool
+ */
+
+#define IN
+#define OUT
+#define INOUT
+
+// Define both ASSERT_CONCAT and ASSERT_CONCAT_ so that __COUNTER__ receives a value
+#define ASSERT_CONCAT_(a, b) a##b
+#ifndef ASSERT_CONCAT
+#define ASSERT_CONCAT(a, b) ASSERT_CONCAT_(a, b)
+#endif // #ifndef ASSERT_CONCAT
+#define PCL_COMPILE_TIME_ASSERT(exp) \
+enum { ASSERT_CONCAT(static_assert_, __COUNTER__) = 1/(!!(exp)) }
+    
+// PCL uses AES with 16 Bytes block size
+#define PCL_AES_BLOCK_LEN (16)
+#define PCL_COUNTER_SIZE  (16)
+#define PCL_AES_BLOCK_LEN_BITS (128)
+
+#define PCLTBL_SECTION_NAME                ".pcltbl"
+
+typedef struct iv_t_
+{
+    uint8_t val[SGX_AESGCM_IV_SIZE];
+    uint8_t reserved[4];
+}iv_t;
+
+typedef struct rva_size_tag_iv_t_
+{
+    size_t rva;
+    size_t size;
+    sgx_cmac_128bit_tag_t tag;
+    iv_t     iv;
+}rva_size_tag_iv_t;
+
+// Hardcoded maximal size of sealed bolb. ISV can modify if requried
+#define PCL_SEALED_BLOB_SIZE       (0x250)
+#define SGX_PCL_GUID_SIZE              (16)
+// Hardcoded maximal number of encrypted sections. ISV can modify if requried
+#define PCL_MAX_NUM_ENCRYPTED_SECTIONS (0x80)
+
+typedef enum pcl_status_e_
+{
+    PCL_PLAIN   = 0xABABABAB,
+    PCL_CIPHER  = 0xBCBCBCBC,
+    PCL_RUNNING = 0xDEDEDEDE,
+    PCL_DONE    = 0xFAFAFAFA,        
+}pcl_status_e;
+
+typedef struct pcl_table_t_
+{
+    pcl_status_e pcl_state;                   // Current state of PCL
+    uint32_t     reserved1[3];                // Must be 0
+    uint8_t      pcl_guid[SGX_PCL_GUID_SIZE]; // GUID must match GUID in Sealed blob
+    size_t       sealed_blob_size;            // Size of selaed blob
+    uint32_t     reserved2[2];                // Must be 0
+    uint8_t      sealed_blob[PCL_SEALED_BLOB_SIZE]; // For security, sealed blob is copied into enclave
+    uint8_t      decryption_key_hash[SGX_SHA256_HASH_SIZE]; // SHA256 digest of decryption key
+    uint32_t     num_rvas;                    // Number of RVAs
+    uint32_t     reserved3[3];                // Must be 0
+    rva_size_tag_iv_t rvas_sizes_tags_ivs[PCL_MAX_NUM_ENCRYPTED_SECTIONS]; // Array of rva_size_tag_iv_t
+}pcl_table_t;
+
+#endif // #ifndef PCL_COMMON_H
+

+ 6 - 1
common/inc/internal/rts.h

@@ -35,6 +35,8 @@
 #include "se_types.h"
 #include "se_types.h"
 #include "rts_cmd.h"
 #include "rts_cmd.h"
 
 
+#pragma pack(push, 1)
+
 typedef struct _ocall_context_t
 typedef struct _ocall_context_t
 {
 {
     uintptr_t shadow0;
     uintptr_t shadow0;
@@ -61,7 +63,8 @@ typedef enum
 {
 {
     SDK_VERSION_1_5,
     SDK_VERSION_1_5,
     SDK_VERSION_2_0,
     SDK_VERSION_2_0,
-    SDK_VERSION_2_1
+    SDK_VERSION_2_1,
+    SDK_VERSION_2_2
 } sdk_version_t;
 } sdk_version_t;
 
 
 typedef struct _system_features
 typedef struct _system_features
@@ -74,6 +77,7 @@ typedef struct _system_features
     */
     */
     uint64_t system_feature_set[1];
     uint64_t system_feature_set[1];
     uint32_t cpuinfo_table[8][4];
     uint32_t cpuinfo_table[8][4];
+    uint8_t* sealed_key;
 }system_features_t;
 }system_features_t;
 
 
 // current system_feature_set only contains one element of type uint64_t, the highest
 // current system_feature_set only contains one element of type uint64_t, the highest
@@ -89,5 +93,6 @@ typedef enum
     EDMM_MODPR = -4,
     EDMM_MODPR = -4,
 }edmm_ocall_t;
 }edmm_ocall_t;
 
 
+#pragma pack(pop)
 
 
 #endif
 #endif

+ 1 - 1
common/inc/internal/se_version.h

@@ -28,6 +28,6 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  *
  */
  */
-#define STRFILEVER      "2.1.102.43402"
+#define STRFILEVER      "2.1.3.44322"
 #define COPYRIGHT      "Copyright (C) 2018 Intel Corporation"
 #define COPYRIGHT      "Copyright (C) 2018 Intel Corporation"
 
 

+ 8 - 1
common/inc/sgx_error.h

@@ -91,6 +91,12 @@ typedef enum _status_t
 
 
     SGX_ERROR_NO_PRIVILEGE              = SGX_MK_ERROR(0x5002),   /* Not enough privilege to perform the operation */
     SGX_ERROR_NO_PRIVILEGE              = SGX_MK_ERROR(0x5002),   /* Not enough privilege to perform the operation */
 
 
+    /* SGX Protected Code Loader Error codes*/
+    SGX_ERROR_PCL_ENCRYPTED             = SGX_MK_ERROR(0x6001),   /* trying to encrypt an already encrypted enclave */
+    SGX_ERROR_PCL_NOT_ENCRYPTED         = SGX_MK_ERROR(0x6002),   /* trying to load a plain enclave using sgx_create_encrypted_enclave */
+    SGX_ERROR_PCL_MAC_MISMATCH          = SGX_MK_ERROR(0x6003),   /* section mac result does not match build time mac */
+    SGX_ERROR_PCL_SHA_MISMATCH          = SGX_MK_ERROR(0x6004),   /* Unsealed key MAC does not match MAC of key hardcoded in enclave binary */
+    SGX_ERROR_PCL_GUID_MISMATCH         = SGX_MK_ERROR(0x6005),   /* GUID in sealed blob does not match GUID hardcoded in enclave binary */
     
     
     /* SGX errors are only used in the file API when there is no appropriate EXXX (EINVAL, EIO etc.) error code */
     /* SGX errors are only used in the file API when there is no appropriate EXXX (EINVAL, EIO etc.) error code */
     SGX_ERROR_FILE_BAD_STATUS               = SGX_MK_ERROR(0x7001),	/* The file is in bad status, run sgx_clearerr to try and fix it */
     SGX_ERROR_FILE_BAD_STATUS               = SGX_MK_ERROR(0x7001),	/* The file is in bad status, run sgx_clearerr to try and fix it */
@@ -103,7 +109,8 @@ typedef enum _status_t
     SGX_ERROR_FILE_FLUSH_FAILED             = SGX_MK_ERROR(0x7008),	/* fflush operation (to disk) failed (only used when no EXXX is returned) */
     SGX_ERROR_FILE_FLUSH_FAILED             = SGX_MK_ERROR(0x7008),	/* fflush operation (to disk) failed (only used when no EXXX is returned) */
     SGX_ERROR_FILE_CLOSE_FAILED             = SGX_MK_ERROR(0x7009),	/* fclose operation (to disk) failed (only used when no EXXX is returned) */
     SGX_ERROR_FILE_CLOSE_FAILED             = SGX_MK_ERROR(0x7009),	/* fclose operation (to disk) failed (only used when no EXXX is returned) */
 
 
-    SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED = SGX_MK_ERROR(0xF001), /* The ioctl for enclave_create unexpectedly failed with EINTR. */
+
+    SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED = SGX_MK_ERROR(0xF001), /* The ioctl for enclave_create unexpectedly failed with EINTR. */ 
 
 
 } sgx_status_t;
 } sgx_status_t;
 
 

+ 0 - 1
common/inc/sgx_key_exchange.h

@@ -49,7 +49,6 @@ typedef enum _ra_key_type_t
 {
 {
     SGX_RA_KEY_SK = 1,
     SGX_RA_KEY_SK = 1,
     SGX_RA_KEY_MK,
     SGX_RA_KEY_MK,
-    SGX_RA_KEY_VK,
 } sgx_ra_key_type_t;
 } sgx_ra_key_type_t;
 
 
 typedef struct _ra_msg1_t
 typedef struct _ra_msg1_t

+ 60 - 0
common/inc/sgx_pcl_guid.h

@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef SGX_PCL_GUID_H
+#define SGX_PCL_GUID_H
+/*
+ * GUID enables coupling of PCL lib (e.g. libsgx_pcl.a) and sealed blob
+ * Before the PCL unseals the sealed blob, the PCL must verify the AAD 
+ * portion of the sealed blob equals the GUID embedded in enclave binary. 
+ */
+// SGX_PCL_GUID_SIZE must equal 16 Bytes
+#ifndef SGX_PCL_GUID_SIZE
+
+#define SGX_PCL_GUID_SIZE (16)
+
+#else // SGX_PCL_GUID_SIZE is defined: // #ifndef SGX_PCL_GUID_SIZE
+
+#if (16 != SGX_PCL_GUID_SIZE)
+#error SGX_PCL_GUID_SIZE != 16
+#endif // #if (16 != SGX_PCL_GUID_SIZE) 
+
+#endif // #ifndef SGX_PCL_GUID_SIZE
+
+/* g_pcl_guid is used by: 
+ * 1. Sealing enclave (decryption-key provisioning enclave) 
+ *    as AAD for the sealed key blob.
+ * 2. Encryption tool which embeds the GUID into the PCL enclave binary. 
+ */
+uint8_t g_pcl_guid[SGX_PCL_GUID_SIZE] = 
+{0x95, 0x48, 0x6e, 0x8f, 0x8f, 0x4a, 0x41, 0x4f, 0xb1, 0x27, 0x46, 0x21, 0xa8, 0x59, 0xa8, 0xac};
+
+#endif // #ifndef SGX_PCL_GUID_H

+ 15 - 31
common/inc/sgx_tcrypto.h

@@ -709,7 +709,7 @@ extern "C" {
     *
     *
     * Parameters:
     * Parameters:
     *   Return: sgx_status_t  - SGX_SUCCESS or failure as defined in sgx_error.h
     *   Return: sgx_status_t  - SGX_SUCCESS or failure as defined in sgx_error.h
-    *   Inputs: rsa_key	- Pointer to the EVP_PKEY struct containting RSA private key.
+    *   Inputs: rsa_key	- Pointer to the RSA private key.
     *           pin_data - Pointer to the input ciphertext buffer.
     *           pin_data - Pointer to the input ciphertext buffer.
     *           pin_len - Ciphertext buffer size.
     *           pin_len - Ciphertext buffer size.
     *   Output: pout_data - Pointer to the output buffer.
     *   Output: pout_data - Pointer to the output buffer.
@@ -722,7 +722,7 @@ extern "C" {
     *
     *
     * Parameters:
     * Parameters:
     *   Return: sgx_status_t  - SGX_SUCCESS or failure as defined in sgx_error.h
     *   Return: sgx_status_t  - SGX_SUCCESS or failure as defined in sgx_error.h
-    *   Inputs: rsa_key - Pointer to the EVP_PKEY struct containting RSA public key.
+    *   Inputs: rsa_key - Pointer to the RSA public key.
     *           pin_data - Pointer to the input data buffer.
     *           pin_data - Pointer to the input data buffer.
     *           pin_len - Input buffer size.
     *           pin_len - Input buffer size.
     *   Output: pout_data - Pointer to the output buffer.
     *   Output: pout_data - Pointer to the output buffer.
@@ -735,49 +735,33 @@ extern "C" {
     *
     *
     * Parameters:
     * Parameters:
     *   Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
     *   Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
-    *   Inputs: prime_size - Pointer to the modulus size.
-    *           exp_size - Pointer to the public exponent e size.
-    *           g_rsa_key_e	- Pointer to the public exponent e buffer.
-    *           g_rsa_key_p	- Pointer to the prime number p.
-    *           g_rsa_key_q	- Pointer to the prime number q.
-    *           g_rsa_key_dmp1 - Pointer to dmp1 [d mod (p-1)].
-    *           g_rsa_key_dmq1 - Pointer to dmq1 [d mod (q-1)].
-    *           g_rsa_key_iqmp - Pointer to iqmp [q^-1 mod p].
+    *   Inputs: mod_size - Size in bytes of the key modulus.
+    *           exp_size - Size in bytes of the public exponent e.
+    *           p_rsa_key_e	- Pointer to the public exponent e buffer.
+    *           p_rsa_key_p	- Pointer to the prime number p.
+    *           p_rsa_key_q	- Pointer to the prime number q.
+    *           p_rsa_key_dmp1 - Pointer to dmp1 [d mod (p-1)].
+    *           p_rsa_key_dmq1 - Pointer to dmq1 [d mod (q-1)].
+    *           p_rsa_key_iqmp - Pointer to iqmp [q^-1 mod p].
     *   Output: new_pri_key2 - Pointer to the generated private key.
     *   Output: new_pri_key2 - Pointer to the generated private key.
     *
     *
     */
     */
-    sgx_status_t sgx_create_rsa_priv2_key(int prime_size, int exp_size, const unsigned char *g_rsa_key_e, const unsigned char *g_rsa_key_p, const unsigned char *g_rsa_key_q,
-        const unsigned char *g_rsa_key_dmp1, const unsigned char *g_rsa_key_dmq1, const unsigned char *g_rsa_key_iqmp,
+    sgx_status_t sgx_create_rsa_priv2_key(int mod_size, int exp_size, const unsigned char *p_rsa_key_e, const unsigned char *p_rsa_key_p, const unsigned char *p_rsa_key_q,
+        const unsigned char *p_rsa_key_dmp1, const unsigned char *p_rsa_key_dmq1, const unsigned char *p_rsa_key_iqmp,
         void **new_pri_key2);
         void **new_pri_key2);
 
 
-    /** Create RSA private key using input buffer factors in little endian.
-    *
-    * Parameters:
-    *   Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
-    *   Inputs: n_byte_size	- Pointer to the modulus size.
-    *           e_byte_size	- Pointer to the public exponent e size.
-    *           d_byte_size	- Pointer to the private exponent d size.
-    *           le_e - Pointer to the public exponent e buffer.
-    *           le_n - Pointer to the modulus n.
-    *           le_d - Pointer to the private exponent d.
-    *   Output: new_pri_key1 - Pointer to the generated private key.
-    *
-    */
-    sgx_status_t sgx_create_rsa_priv1_key(int n_byte_size, int e_byte_size, int d_byte_size, const unsigned char *le_n, const unsigned char *le_e,
-        const unsigned char *le_d, void **new_pri_key1);
-
     /** Create RSA public key using input buffer factors in little endian.
     /** Create RSA public key using input buffer factors in little endian.
     *
     *
     * Parameters:
     * Parameters:
     *   Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
     *   Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
-    *   Inputs: prime_size		- Pointer to the modulus size.
-    *           exp_size		- Pointer to the public exponent e size.
+    *   Inputs: mod_size		- Size in bytes of the key modulus.
+    *           exp_size		- Size in bytes of the public exponent e.
     *           le_n			- Pointer to the modulus n buffer.
     *           le_n			- Pointer to the modulus n buffer.
     *           le_e - Pointer to the public exponent e buffer.
     *           le_e - Pointer to the public exponent e buffer.
     *   Output: new_pub_key1 - Pointer to the generated public key.
     *   Output: new_pub_key1 - Pointer to the generated public key.
     *
     *
     */
     */
-    sgx_status_t sgx_create_rsa_pub1_key(int prime_size, int exp_size, const unsigned char *le_n, const unsigned char *le_e, void **new_pub_key1);
+    sgx_status_t sgx_create_rsa_pub1_key(int mod_size, int exp_size, const unsigned char *le_n, const unsigned char *le_e, void **new_pub_key1);
 
 
     /** Clear and free RSA key which was generated by one of the Tcrypto "sgx_create_rsa_*" APIs.
     /** Clear and free RSA key which was generated by one of the Tcrypto "sgx_create_rsa_*" APIs.
     *
     *

+ 1 - 2
common/inc/sgx_tkey_exchange.h

@@ -147,8 +147,7 @@ sgx_status_t SGXAPI sgx_ra_init_ex(
  * protocol message 3 produced by sgx_ra_proc_msg2.
  * protocol message 3 produced by sgx_ra_proc_msg2.
  *
  *
  * @param context   Context returned by sgx_ra_init.
  * @param context   Context returned by sgx_ra_init.
- * @param type      The specifier of keys, can be SGX_RA_KEY_MK, SGX_RA_KEY_SK
- *                  and SGX_RA_VK.
+ * @param type      The specifier of keys, can be SGX_RA_KEY_MK, SGX_RA_KEY_SK.
  * @param p_key     The key returned.
  * @param p_key     The key returned.
  * @return sgx_status_t SGX_SUCCESS                     Indicates success.
  * @return sgx_status_t SGX_SUCCESS                     Indicates success.
  *                      SGX_ERROR_INVALID_PARAMETER     Indicates an error that
  *                      SGX_ERROR_INVALID_PARAMETER     Indicates an error that

+ 1 - 1
common/inc/sgx_trts.h

@@ -68,7 +68,7 @@ int SGXAPI sgx_is_outside_enclave(const void *addr, size_t size);
  *      1 - the enclave state is crashed.
  *      1 - the enclave state is crashed.
  *      0 - the enclave state is not crashed.
  *      0 - the enclave state is not crashed.
  */
  */
-int SGXAPI sgx_is_enclave_crashed(void);
+int SGXAPI sgx_is_enclave_crashed(void) __attribute__((section(".nipx")));
 
 
 
 
 /* sgx_read_rand()
 /* sgx_read_rand()

+ 9 - 0
common/inc/sgx_urts.h

@@ -55,6 +55,15 @@ typedef uint8_t sgx_launch_token_t[1024];
 
 
 sgx_status_t SGXAPI sgx_create_enclave(const char *file_name, const int debug, sgx_launch_token_t *launch_token, int *launch_token_updated, sgx_enclave_id_t *enclave_id, sgx_misc_attribute_t *misc_attr);
 sgx_status_t SGXAPI sgx_create_enclave(const char *file_name, const int debug, sgx_launch_token_t *launch_token, int *launch_token_updated, sgx_enclave_id_t *enclave_id, sgx_misc_attribute_t *misc_attr);
 
 
+sgx_status_t SGXAPI sgx_create_encrypted_enclave(
+                        const char *file_name,
+                        const int debug,
+                        sgx_launch_token_t *launch_token,
+                        int *launch_token_updated,
+                        sgx_enclave_id_t *enclave_id,
+                        sgx_misc_attribute_t *misc_attr,
+                        uint8_t* sealed_key);
+
 sgx_status_t SGXAPI sgx_destroy_enclave(const sgx_enclave_id_t enclave_id);
 sgx_status_t SGXAPI sgx_destroy_enclave(const sgx_enclave_id_t enclave_id);
 
 
 #ifdef __cplusplus
 #ifdef __cplusplus

+ 0 - 351
common/src/ipp_rsa_key.cpp

@@ -1,351 +0,0 @@
-/*
- * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-/** 
-* File: 
-*     ipp_rsa_key.cpp
-*Description: 
-*     Wrapper for rsa key operation functions (public key generation and free excluded)
-* 
-*/
-
-#include "ipp_wrapper.h"
-#include "util.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
-
-extern "C" int memset_s(void *s, size_t smax, int c, size_t n);
-
-static IppStatus newPRNG(IppsPRNGState **pRandGen)
-{
-    if(pRandGen == NULL)
-        return ippStsBadArgErr;
-    int ctxSize = 0;
-    IppStatus error_code = ippsPRNGGetSize(&ctxSize);
-    if(error_code != ippStsNoErr)
-        return error_code;
-    IppsPRNGState* pCtx = (IppsPRNGState *) malloc(ctxSize);
-    if(pCtx == NULL)
-        return ippStsMemAllocErr; 
-
-    error_code = ippsPRNGInit(160, pCtx);
-    if(error_code != ippStsNoErr)
-    {
-        free(pCtx);
-        return error_code;
-    }
-
-    *pRandGen = pCtx;
-    return error_code;
-}
-
-static IppStatus newPrimeGen(int nMaxBits, IppsPrimeState ** pPrimeG)
-{
-    if(pPrimeG == NULL || nMaxBits <= 0 )
-        return ippStsBadArgErr;
-    int ctxSize = 0;
-    IppStatus error_code = ippsPrimeGetSize(nMaxBits, &ctxSize);
-    if(error_code != ippStsNoErr)
-        return error_code;
-    IppsPrimeState* pCtx = (IppsPrimeState *) malloc(ctxSize);
-    if(pCtx == NULL)
-        return ippStsMemAllocErr; 
-
-    error_code = ippsPrimeInit(nMaxBits, pCtx);
-    if(error_code != ippStsNoErr)
-    {
-        free(pCtx);
-        return error_code;
-    }
-
-    *pPrimeG = pCtx;
-    return error_code;
-}
-
-
-extern "C" IppStatus create_rsa_priv2_key(int p_byte_size, const Ipp32u *p, const Ipp32u *q,
-                                          const Ipp32u *dmp1, const Ipp32u *dmq1, const Ipp32u *iqmp,
-                                          IppsRSAPrivateKeyState **new_pri_key2)
-{
-    IppsRSAPrivateKeyState *p_rsa2 = NULL;
-    IppsBigNumState *p_p = NULL, *p_q = NULL, *p_dmp1 = NULL, *p_dmq1 = NULL, *p_iqmp = NULL;
-    int rsa2_size = 0;
-
-    if(p_byte_size <= 0 || p == NULL || q == NULL || dmp1 == NULL || dmq1 == NULL || iqmp == NULL || new_pri_key2 == NULL)
-    {
-        return ippStsBadArgErr;
-    }
-
-    IppStatus error_code = ippStsNoErr;
-    do{
-        error_code = newBN(p, p_byte_size, &p_p);
-        ERROR_BREAK(error_code);
-        error_code = newBN(q, p_byte_size, &p_q);
-        ERROR_BREAK(error_code);
-        error_code = newBN(dmp1, p_byte_size, &p_dmp1);
-        ERROR_BREAK(error_code);
-        error_code = newBN(dmq1, p_byte_size, &p_dmq1);
-        ERROR_BREAK(error_code);
-        error_code = newBN(iqmp, p_byte_size, &p_iqmp);
-        ERROR_BREAK(error_code);
-        error_code = ippsRSA_GetSizePrivateKeyType2(p_byte_size * 8, p_byte_size * 8, &rsa2_size);
-        ERROR_BREAK(error_code);
-        p_rsa2 = (IppsRSAPrivateKeyState *)malloc(rsa2_size);
-        NULL_BREAK(p_rsa2);
-
-        error_code = ippsRSA_InitPrivateKeyType2(p_byte_size * 8, p_byte_size * 8, p_rsa2, rsa2_size);
-        ERROR_BREAK(error_code);
-        error_code = ippsRSA_SetPrivateKeyType2(p_p, p_q, p_dmp1, p_dmq1, p_iqmp, p_rsa2);
-        ERROR_BREAK(error_code);
-    }while(0);
-
-    secure_free_BN(p_p, p_byte_size);
-    secure_free_BN(p_q, p_byte_size);
-    secure_free_BN(p_dmp1, p_byte_size);
-    secure_free_BN(p_dmq1, p_byte_size);
-    secure_free_BN(p_iqmp, p_byte_size);
-
-    if(error_code != ippStsNoErr || p_rsa2 == NULL)
-    {
-        if(error_code == ippStsNoErr )
-            error_code = ippStsMemAllocErr;
-
-        /* Clear sensitive data before free */
-        secure_free_rsa_pri2_key(p_byte_size, p_rsa2);
-        return error_code;
-    }
-
-    *new_pri_key2 = p_rsa2;
-    return error_code;
-}
-
-extern "C" IppStatus create_rsa_priv1_key(int n_byte_size, int d_byte_size, const Ipp32u *n, const Ipp32u *d, IppsRSAPrivateKeyState **new_pri_key1)
-{
-    IppsRSAPrivateKeyState *p_rsa1 = NULL;
-    IppsBigNumState *p_n = NULL, *p_d = NULL;
-    int rsa1_size = 0;
-    if(n_byte_size <= 0 || d_byte_size <= 0 || n == NULL || d == NULL || new_pri_key1 == NULL)
-    {
-        return ippStsBadArgErr;
-    }
-    IppStatus error_code = ippStsNoErr;
-    do{
-        error_code = newBN(n, n_byte_size, &p_n);
-        ERROR_BREAK(error_code);
-        error_code = newBN(d, d_byte_size, &p_d);
-        ERROR_BREAK(error_code);
-
-        error_code = ippsRSA_GetSizePrivateKeyType1(n_byte_size * 8, d_byte_size * 8, &rsa1_size);
-        ERROR_BREAK(error_code);
-        p_rsa1 = (IppsRSAPrivateKeyState *)malloc(rsa1_size);
-        NULL_BREAK(p_rsa1);
-        error_code = ippsRSA_InitPrivateKeyType1(n_byte_size * 8, d_byte_size * 8, p_rsa1, rsa1_size);
-        ERROR_BREAK(error_code);
-        error_code = ippsRSA_SetPrivateKeyType1(p_n, p_d, p_rsa1);
-        ERROR_BREAK(error_code);
-    }while(0);
-    secure_free_BN(p_n, n_byte_size);
-    secure_free_BN(p_d, d_byte_size);
-    if(error_code != ippStsNoErr || p_rsa1 == NULL)
-    {
-        if(error_code == ippStsNoErr )
-            error_code = ippStsMemAllocErr;
-
-        /* Clear sensitive data before free */
-        secure_free_rsa_pri1_key(n_byte_size, d_byte_size, p_rsa1);
-        return error_code;
-    }
-
-    *new_pri_key1 = p_rsa1;
-    return error_code;
-}
-
-
-extern "C" IppStatus create_validate_rsa_key_pair(int n_byte_size, int e_byte_size, const Ipp32u *n, const Ipp32u *d, const Ipp32u *e, const Ipp32u *p, const Ipp32u *q, 
-                                                  const Ipp32u *dmp1, const Ipp32u *dmq1, const Ipp32u *iqmp,
-                                                  IppsRSAPrivateKeyState **new_pri_key, IppsRSAPublicKeyState **new_pub_key, int *validate_result)
-{
-    if(n_byte_size <= 0 || e_byte_size <= 0 || n == NULL || d == NULL ||  e == NULL || 
-        p == NULL ||  q == NULL ||  dmp1 == NULL ||  dmq1 == NULL ||  iqmp == NULL || new_pri_key == NULL || 
-        new_pub_key == NULL || validate_result == NULL)
-    {
-        return ippStsBadArgErr;
-    }
-    IppsRSAPrivateKeyState *p_pri_key1 = NULL, *p_pri_key2 = NULL;
-    IppsRSAPublicKeyState *p_pub_key = NULL;
-    IppStatus error_code = ippStsNoErr;
-    IppsPRNGState *p_rand = NULL;
-    IppsPrimeState *p_prime = NULL;
-    Ipp8u * scratch_buffer = NULL;
-    int result = IPP_IS_VALID;
-    int max_size = 0, pri1_size = 0, pri2_size = 0, pub_size = 0; 
-
-    do
-    {
-        /* Generate the pri_key1, pri_key2 and pub_key */
-        error_code = create_rsa_priv1_key(n_byte_size, n_byte_size, n, d, &p_pri_key1);
-        ERROR_BREAK(error_code);
-        error_code = create_rsa_priv2_key(n_byte_size/2, p, q, dmp1, dmq1, iqmp, &p_pri_key2);
-        ERROR_BREAK(error_code);
-        error_code = create_rsa_pub_key(n_byte_size, e_byte_size, n, e, &p_pub_key);
-        ERROR_BREAK(error_code);
-
-        /* Generate random state and prime state */
-        error_code = newPRNG(&p_rand);
-        ERROR_BREAK(error_code);
-        error_code = newPrimeGen(n_byte_size * 8 / 2, &p_prime);
-        ERROR_BREAK(error_code);
-
-        /* Allocate scratch buffer */
-        error_code = ippsRSA_GetBufferSizePrivateKey(&pri1_size, p_pri_key1);
-        ERROR_BREAK(error_code);
-        error_code = ippsRSA_GetBufferSizePrivateKey(&pri2_size, p_pri_key2);
-        ERROR_BREAK(error_code);
-        max_size = MAX(pri1_size, pri2_size);
-        error_code = ippsRSA_GetBufferSizePublicKey(&pub_size, p_pub_key);
-        ERROR_BREAK(error_code);
-        max_size = MAX(max_size, pub_size);
-        scratch_buffer = (Ipp8u *)malloc(max_size);
-        NULL_BREAK(scratch_buffer);
-        memset(scratch_buffer, 0, max_size);
-
-        /* Validate keys */
-        error_code = ippsRSA_ValidateKeys(&result, p_pub_key, p_pri_key2, p_pri_key1, scratch_buffer, 10, p_prime, ippsPRNGen, p_rand);
-        ERROR_BREAK(error_code);
-    }while(0);
-    SAFE_FREE_MM(p_rand);
-    SAFE_FREE_MM(p_prime);
-    secure_free_rsa_pri2_key(n_byte_size/2, p_pri_key2); 
-
-    if(error_code != ippStsNoErr || scratch_buffer == NULL)
-    {
-        if(error_code == ippStsNoErr)
-            error_code = ippStsMemAllocErr;
-
-        SAFE_FREE_MM(scratch_buffer);
-        secure_free_rsa_pri1_key(n_byte_size, n_byte_size, p_pri_key1);
-        secure_free_rsa_pub_key(n_byte_size, e_byte_size, p_pub_key);
-        return error_code;
-    }
-    SAFE_FREE_MM(scratch_buffer);
-    *new_pri_key = p_pri_key1;
-    *new_pub_key = p_pub_key;
-    *validate_result = result;
-    return error_code;
-}
-
-extern "C" IppStatus get_pub_key(const IppsRSAPublicKeyState *pub_key, int *e_byte_size, Ipp32u *e, int *n_byte_size, Ipp32u *n)
-{
-    IppStatus error_code = ippStsNoErr;
-    IppsBigNumState *p_n=NULL, *p_e=NULL;
-
-    if(!pub_key || !e_byte_size || !e || !n_byte_size || !n)
-    {
-        return ippStsBadArgErr;
-    }
-    do
-    {
-        error_code = newBN(NULL, SE_KEY_SIZE, &p_n);
-        ERROR_BREAK(error_code);
-        error_code = newBN(NULL, sizeof(Ipp32u), &p_e);
-        ERROR_BREAK(error_code);
-
-        error_code = ippsRSA_GetPublicKey(p_n, p_e, pub_key);
-        ERROR_BREAK(error_code);
-
-        IppsBigNumSGN sgn = IppsBigNumPOS;
-        Ipp32u *pdata = NULL;
-        int length_in_bit = 0;
-
-
-        error_code = ippsRef_BN(&sgn, &length_in_bit, &pdata, p_n);
-        ERROR_BREAK(error_code);
-        *n_byte_size = ROUND_TO(length_in_bit, 8)/8;
-        memset(n, 0, *n_byte_size);
-        memcpy(n, pdata, ROUND_TO(length_in_bit, 8)/8);
-
-        error_code = ippsRef_BN(&sgn, &length_in_bit, &pdata, p_e);
-        ERROR_BREAK(error_code);
-        *e_byte_size = ROUND_TO(length_in_bit, 8)/8;
-        memset(e, 0, *e_byte_size);
-        memcpy(e, pdata, ROUND_TO(length_in_bit, 8)/8);
-    } while(0);
-
-    secure_free_BN(p_n, SE_KEY_SIZE);
-    secure_free_BN(p_e, sizeof(Ipp32u));
-    return error_code;
-}
-
-extern "C" void secure_free_rsa_pri1_key(int n_byte_size, int d_byte_size, IppsRSAPrivateKeyState *pri_key1)
-{
-    if(n_byte_size <= 0 || d_byte_size <= 0 || pri_key1 == NULL)
-    {
-        if(pri_key1)
-            free(pri_key1);
-        return;
-    }
-
-    int rsa1_size = 0;
-    if(ippsRSA_GetSizePrivateKeyType1(n_byte_size * 8, d_byte_size * 8, &rsa1_size) != ippStsNoErr)
-    {
-        free(pri_key1);
-        return;
-    }
-    /* Clear the buffer before free. */
-    memset_s(pri_key1, rsa1_size, 0, rsa1_size);
-    free(pri_key1);
-    return;
-}
-
-extern "C" void secure_free_rsa_pri2_key(int p_byte_size, IppsRSAPrivateKeyState *pri_key2)
-{
-    if(p_byte_size <= 0 || pri_key2 == NULL)
-    {
-        if(pri_key2)
-            free(pri_key2);
-        return;
-    }
-
-    int rsa2_size = 0;
-    if(ippsRSA_GetSizePrivateKeyType2(p_byte_size * 8, p_byte_size * 8, &rsa2_size) != ippStsNoErr)
-    {
-        free(pri_key2);
-        return;
-    }
-    /* Clear the buffer before free. */
-    memset_s(pri_key2, rsa2_size, 0, rsa2_size);
-    free(pri_key2);
-    return;
-}

+ 1 - 1
common/src/linux/xsave_gnu.S

@@ -82,7 +82,7 @@
 #endif
 #endif
 .endm
 .endm
 
 
-.text
+.section .nipx,"ax",@progbits
 DECLARE_LOCAL_FUNC restore_xregs
 DECLARE_LOCAL_FUNC restore_xregs
 #if defined(LINUX32)
 #if defined(LINUX32)
     mov     SE_WORDSIZE(%esp), %ecx
     mov     SE_WORDSIZE(%esp), %ecx

+ 5 - 5
download_prebuilt.sh

@@ -33,13 +33,13 @@
 
 
 top_dir=`dirname $0`
 top_dir=`dirname $0`
 out_dir=$top_dir
 out_dir=$top_dir
-optlib_name=optimized_libs-2.1.2.tar
-ae_file_name=prebuilt-ae-2.1.2.tar
-server_url_path=https://download.01.org/intel-sgx/linux-2.1.2/
+optlib_name=optimized_libs-2.1.3.tar
+ae_file_name=prebuilt-ae-2.1.3.tar
+server_url_path=https://download.01.org/intel-sgx/linux-2.1.3/
 server_optlib_url=$server_url_path/$optlib_name
 server_optlib_url=$server_url_path/$optlib_name
 server_ae_url=$server_url_path/$ae_file_name
 server_ae_url=$server_url_path/$ae_file_name
-optlib_sha256=239cae39f87934d56c4eb919a4702c6ac82c19957b9a8d56c02b10eb4e27f573
-ae_sha256=55ebe53b724d66f045c4c05020610d0fc7771d5dc58aaff270ccaee82b5d0d65
+optlib_sha256=b8091d8ad9ea91949610468944b2604c858833f70099c7d369234acd3d62c774
+ae_sha256=022fadd5a72234282176c09695c08b755defcffb82ea47b7dd9337c2f43b8378
 rm -rf $out_dir/$optlib_name
 rm -rf $out_dir/$optlib_name
 wget $server_optlib_url -P $out_dir 
 wget $server_optlib_url -P $out_dir 
 if [ $? -ne 0 ]; then
 if [ $? -ne 0 ]; then

+ 0 - 87
external/epid-sdk-3.0.0/CHANGELOG.md

@@ -1,87 +0,0 @@
-# Intel(R) EPID SDK ChangeLog                                   {#ChangeLog}
-
-## [3.0.0]
-
-### New in This Release
-
-* Support for verification of EPID 1.1 members.
-
-* Make-based build system support.
-
-* Sample material includes compressed keys.
-
-* Enhanced documentation, including step-by-step walkthroughs of
-  example applications.
-
-* Validated on additional IoT platforms.
-
-  - Ostro Linux
-
-  - Snappy Ubuntu Core
-
-
-### Changes
-
-* A new verifier API has been added to set the basename to be used for
-  verification.  Verifier APIs that used to accept basenames now use
-  the basename set via EpidVerifierSetBasename.
-
-* The verifier pre-computation structure has been changed to include
-  the group ID to allow detection of errors that result from providing
-  a pre-computation blob from a different group to EpidVerifierCreate.
-
-
-### Fixes
-
-* The kEpidxxxRevoked enums have been renamed to be consistent with
-  other result return values.
-
-
-### Known Issues
-
-* SHA-512/256 hash algorithm is not supported.
-
-
-## [2.0.0] - 2016-07-20
-
-### New in This Release
-
-* Signed binary issuer material support.
-
-  - Binary issuer material validation APIs.
-
-  - Updated sample issuer material.
-
-  - Updated samples that parse signed binary issuer material.
-
-* Compressed member private key support.
-
-* Validated on additional IoT platforms.
-
-  - Windows 10 IoT Core
-
-  - WindRiver IDP
-
-
-### Changes
-
-* The default hash algorithm has changed. It is now SHA-512.
-
-* Functions that returned `EpidNullPtrErr` now return `EpidBadArgErr`
-  instead.
-
-
-### Fixes
-
-* Updated build flags to work around GCC 4.8.5 defect.
-
-
-## [1.0.0] - 2016-03-03
-
-### New in This Release
-
-* Basic sign and verify functionality
-
-* Dynamic join support for member
-
-* Apache 2.0 License

+ 0 - 129
external/epid-sdk-3.0.0/Makefile.in

@@ -1,129 +0,0 @@
-#!/usr/bin/make -f
-include ../../buildenv.mk
-
-#variables are set by configure
-prefix = @prefix@
-installdir = $(prefix)/
-epidinstalldir = $(installdir)/epid-sdk
-CFLAGS = @CFLAGS@
-
-#g++ flags
-CXX_FLAGS := $(CFLAGS) -O2 -Werror -Wall -Wextra -Wno-missing-braces \
-	-Wno-missing-field-initializers -Wno-unknown-pragmas -Wno-unused-function \
-	-fno-strict-aliasing -Wno-unused-but-set-variable -Wno-comment -DNDEBUG -fPIC
-#gcc flags
-CC_FLAGS := $(CXX_FLAGS)  -D_IPP_v50_ -D_IPP_DEBUG
-
-#intel c++ compiler flags
-ICPC_FLAGS := $(CFLAGS) -O2 -Werror -Wall -Wextra -DNDEBUG
-#intel c compiler flags
-ICC_FLAGS := $(ICPC_FLAGS) -D_IPP_v50_ -D_IPP_DEBUG
-
-#check if architecture was specified
-#or take it by shell command
-ifeq ($(findstring -m32,$(CFLAGS)),-m32)
-	ARCH = x86
-	CXXFLAGS += -m32
-else ifeq ($(findstring -m64,$(CFLAGS)),-m64)
-	ARCH = x86_64
-	CXXFLAGS += -m64
-else
-	ARCH := $(shell uname -m)
-endif
-
-#set tools and flags depending on specified compiler
-ifeq ($(CC),icc)
-	CFLAGS := $(ICC_FLAGS)
-	CXXFLAGS := $(ICPC_FLAGS)
-	AR = xiar
-else ifeq ($(CC),cc)
-	CFLAGS := $(CC_FLAGS)
-ifeq ($(ARCH),x86)
-	CFLAGS += -m32
-endif
-else
-	CFLAGS := $(CC_FLAGS)
-	CXXFLAGS := $(CXX_FLAGS)
-	ARCH = x86
-endif
-
-#set c++11 for all c++ compilers
-CXXFLAGS += -std=c++11
-
-#set flags for unit tests executables
-GTEST_FLAGS = --gtest_color=yes \
-	--gtest_print_time=1 \
-	--gtest_output=xml
-
-export CC AR LDFLAGS ARCH CFLAGS
-export CXX CXXFLAGS
-export epidinstalldir
-export GTEST_FLAGS
-
-#just output
-$(info $$ccompiler is [${CC}])
-$(info $$cxxcompiler is [${CXX}])
-$(info $$architecture is [${ARCH}])
-
-#targets part
-all: ipp common member verifier dropt 
-
-clean:
-	$(MAKE) -C ./ext/ipp/sources/ippcp clean
-	$(MAKE) -C ./ext/ipp/sources/ippcpepid clean
-	$(MAKE) -C ./epid/common/ clean
-	$(MAKE) -C ./epid/member/ clean
-	$(MAKE) -C ./epid/verifier/ clean
-	$(MAKE) -C ./example/util/ clean
-	$(MAKE) -C ./example/ clean
-	$(MAKE) -C ./tools/ clean
-	$(MAKE) -C ./epid/common-testhelper/ clean
-	$(MAKE) -C ./ext/dropt/ clean
-
-install:
-	$(MAKE) -C ./ext/ipp/sources/ippcp install
-	$(MAKE) -C ./ext/ipp/sources/ippcpepid install
-	$(MAKE) -C ./epid/common/ install
-	$(MAKE) -C ./epid/member/ install
-	$(MAKE) -C ./epid/verifier/ install
-	$(MAKE) -C ./example/ install
-	$(MAKE) -C ./tools/ install
-	$(MAKE) -C ./epid/common-testhelper/ install
-
-uninstall:
-	rm -rf  $(epidinstalldir)
-
-ipp:
-	$(MAKE) -C ./ext/ipp/sources/ippcp all
-	$(MAKE) -C ./ext/ipp/sources/ippcpepid all ARCH=$(ARCH)
-
-common:
-	$(MAKE) -C ./epid/common/ all
-
-member:
-	$(MAKE) -C ./epid/member/ all
-
-verifier:
-	$(MAKE) -C ./epid/verifier/ all
-
-dropt:
-	$(MAKE) -C ./ext/dropt/ all
-
-examples_util:
-	$(MAKE) -C ./example/util/ all
-
-check:
-	$(MAKE) -C ./ext/gtest/ all
-	$(MAKE) -C ./epid/common-testhelper/ all
-	$(MAKE) -C ./epid/common-testhelper/ check
-	$(MAKE) -C ./epid/common/ check
-	$(MAKE) -C ./epid/member/ check
-	$(MAKE) -C ./epid/verifier/ check
-
-examples:
-	$(MAKE) -C ./example/ all
-
-epid_tools:
-	$(MAKE) -C ./tools/ all
-
-build: all check install

+ 0 - 237
external/epid-sdk-3.0.0/SConstruct

@@ -1,237 +0,0 @@
-############################################################################
-# Copyright 2016 Intel Corporation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-############################################################################
-
-"""use scons -k to invoke all builds regardless of unit test failures
-"""
-import string
-import sys
-import SCons.Script
-import os.path
-from parts import *
-
-print "**************** TOOLS ****************"
-print '* Python Version:', string.split(sys.version, " ", 1)[0]
-print '* SCons  Version:', SCons.__version__
-print '* Parts  Version:', PartsExtensionVersion()
-print "***************************************"
-
-def PrintCompilerVersion(env):
-    """
-    Function to print version of compilers used for build
-    Args:
-      env: Environment to get compilers version
-    """
-    res = ''
-    if 'INTELC_VERSION' in env:
-        res += 'ICC ' +  env['INTELC_VERSION'] + ';'
-    if 'MSVC_VERSION' in env:
-        res += 'MS ' + env['MSVC_VERSION'] + ';'
-    if 'GXX_VERSION' in env:
-        res += 'GXX ' + env['GXX_VERSION'] + ';'
-    if 'GCC_VERSION' in env:
-        res += 'GCC ' + env['GCC_VERSION'] + ';'
-    print 'Compiler Version: ', res
-
-def include_parts(part_list, **kwargs):
-    for parts_file in part_list:
-        if os.path.isfile(DefaultEnvironment().subst(parts_file)):
-            Part(parts_file=parts_file, **kwargs)
-
-######## Part groups ####################################################
-ipp_parts = ['ext/ipp/ippcp.parts',
-             'ext/ipp/ippcpepid.parts',
-             'ext/ipp/ippcommon.parts']
-utest_parts = ['ext/gtest/gtest.parts',
-               'epid/common-testhelper/common-testhelper.parts']
-common_parts = ['epid/common/common.parts']
-member_parts = ['epid/member/member.parts']
-verifier_parts = ['epid/verifier/verifier.parts']
-util_parts = ['example/util/util.parts']
-example_parts = ['ext/dropt/dropt.parts',
-                 'example/verifysig/verifysig.parts',
-                 'example/signmsg/signmsg.parts',
-                 'example/data/data.parts',
-                 'example/compressed_data/compressed_data.parts']
-tools_parts = ['tools/revokegrp/revokegrp.parts',
-               'tools/revokekey/revokekey.parts',
-               'tools/revokesig/revokesig.parts',
-               'tools/extractkeys/extractkeys.parts',
-               'tools/extractgrps/extractgrps.parts']
-testbot_test_parts = ['test/testbot/testbot.parts',
-                      'test/testbot/signmsg/signmsg_testbot.parts',
-                      'test/testbot/verifysig/verifysig_testbot.parts',
-                      'test/testbot/integration/integration_testbot.parts',
-                      'test/testbot/ssh_remote/ssh_remote_testbot.parts',
-                      'test/testbot/revokegrp/revokegrp_testbot.parts',
-                      'test/testbot/revokekey/revokekey_testbot.parts',
-                      'test/testbot/revokesig/revokesig_testbot.parts',
-                      'test/testbot/extractkeys/extractkeys_testbot.parts',
-                      'test/testbot/extractgrps/extractgrps_testbot.parts']
-package_parts = ['ext/gtest/gtest.parts',
-                 'ext/ipp/ippcommon.parts',
-                 'ext/ipp/ippcp.parts',
-                 'ext/ipp/ippcpepid.parts',
-                 'package.parts']
-internal_tools_parts = ['ext/dropt/dropt.parts',
-                        'tools/ikgfwrapper/ikgfwrapper.parts']
-######## End Part groups ###############################################
-######## Commandline option setup #######################################
-product_variants = [
-    'production',
-    'internal-test',
-    'package-epid-sdk',
-    'internal-tools'
-]
-
-default_variant = 'production'
-
-def is_production():
-    return GetOption("product-variant") == 'production'
-
-def is_internal_test():
-    return GetOption("product-variant") == 'internal-test'
-
-def is_internal_tools():
-    return GetOption("product-variant") == 'internal-tools'
-
-def is_package():
-    return GetOption("product-variant") == 'package-epid-sdk'
-
-def use_commercial_ipp():
-    return GetOption("use-commercial-ipp")
-
-def variant_dirname():
-    s = GetOption("product-variant")
-    if s == 'production':
-        return 'epid-sdk'
-    elif s == 'package-epid-sdk':
-        return 'epid-sdk'
-    else:
-        return s
-
-AddOption("--product-variant", "--prod-var", nargs=1,
-          help=("Select product variant to build. Possible "
-                "options are: {0}. The default is {1} if no option "
-                "is specified").format(", ".join(product_variants),
-                                       default_variant),
-          action='store', dest='product-variant', type='choice',
-          choices=product_variants, default=default_variant)
-
-AddOption("--use-commercial-ipp",
-          help=("Link with commercial IPP. The IPPROOT environment variable "
-                "must be set."),
-          action='store_true', dest='use-commercial-ipp',
-          default=False)
-
-SetOptionDefault("PRODUCT_VARIANT", variant_dirname())
-
-######## End Commandline option setup ###################################
-
-
-# fix for parts 0.10.8 until we get better logic to extract ${CC}
-SetOptionDefault('PARTS_USE_SHORT_TOOL_NAMES', 1)
-
-def set_default_production_options():
-    SetOptionDefault('TARGET_PLATFORM', 'x86_64')
-    SetOptionDefault('CONFIG', 'release')
-
-    SetOptionDefault('TARGET_VARIANT', '${TARGET_OS}-${TARGET_ARCH}')
-
-    SetOptionDefault('INSTALL_ROOT',
-                     '#_install/${PRODUCT_VARIANT}')
-
-    SetOptionDefault('INSTALL_TOOLS_BIN',
-                     '$INSTALL_ROOT/tools')
-
-    SetOptionDefault('INSTALL_SAMPLE_BIN',
-                     '$INSTALL_ROOT/example')
-
-    SetOptionDefault('INSTALL_EPID_INCLUDE',
-                     '$INSTALL_ROOT/include/epid')
-
-    SetOptionDefault('INSTALL_IPP_INCLUDE',
-                     '$INSTALL_ROOT/include/ext/ipp/include')
-
-    SetOptionDefault('INSTALL_TEST_BIN',
-                     '$INSTALL_ROOT/test')
-
-    SetOptionDefault('INSTALL_LIB',
-                     '$INSTALL_ROOT/lib/${TARGET_VARIANT}')
-
-    SetOptionDefault('INSTALL_SAMPLE_DATA',
-                     '$INSTALL_ROOT/example')
-
-    SetOptionDefault('INSTALL_TOOLS_DATA',
-                     '$INSTALL_ROOT/tools')
-
-    SetOptionDefault('PACKAGE_DIR',
-                     '#_package')
-
-    SetOptionDefault('PACKAGE_ROOT',
-                     '#_package/${PRODUCT_VARIANT}')
-
-    SetOptionDefault('ROOT',
-                     '#')
-
-    SetOptionDefault('PACKAGE_NAME',
-                     '{PRODUCT_VARIANT}')
-
-if is_production():
-    set_default_production_options()
-    ipp_mode = ['install_lib']
-    if use_commercial_ipp():
-        ipp_mode.append('use_commercial_ipp')
-    include_parts(ipp_parts, mode=ipp_mode,
-                  INSTALL_INCLUDE='${INSTALL_IPP_INCLUDE}')
-    include_parts(utest_parts + common_parts +
-                  member_parts + verifier_parts,
-                  mode=['install_lib'],
-                  INSTALL_INCLUDE='${INSTALL_EPID_INCLUDE}')
-    include_parts(util_parts + example_parts,
-                  INSTALL_INCLUDE='${INSTALL_EPID_INCLUDE}',
-                  INSTALL_BIN='${INSTALL_SAMPLE_BIN}',
-                  INSTALL_DATA='${INSTALL_SAMPLE_DATA}')
-    include_parts(tools_parts,
-                  INSTALL_BIN='${INSTALL_TOOLS_BIN}',
-                  INSTALL_DATA='${INSTALL_TOOLS_DATA}')
-    PrintCompilerVersion(DefaultEnvironment())
-    Default('all')
-    Default('run_utest::')
-
-if is_internal_test():
-    set_default_production_options()
-    include_parts(ipp_parts)
-    include_parts(utest_parts + common_parts +
-                  member_parts + verifier_parts)
-    include_parts(util_parts + example_parts,
-                  INSTALL_BIN='${INSTALL_SAMPLE_BIN}',
-                  INSTALL_DATA='${INSTALL_SAMPLE_DATA}')
-    include_parts(tools_parts, INSTALL_BIN='${INSTALL_TOOLS_BIN}')
-    include_parts(testbot_test_parts)
-    Default('all')
-
-if is_internal_tools():
-    set_default_production_options()
-    include_parts(ipp_parts + utest_parts + common_parts + util_parts)
-    include_parts(internal_tools_parts, INSTALL_BIN='${INSTALL_TOOLS_BIN}')
-    Default('ikgfwrapper')
-
-if is_package():
-    set_default_production_options()
-    include_parts(package_parts,
-                  mode=['install_package'],
-                  INSTALL_TOP_LEVEL='${PACKAGE_ROOT}')
-    Default('package')

+ 0 - 20
external/epid-sdk-3.0.0/configure.ac

@@ -1,20 +0,0 @@
-AC_INIT([Intel(R) EPID SDK],[ ])
-
-# save flags
-CFLAGS_OLD="$CFLAGS"
-CPPFLAGS_OLD="$CPPFLAGS"
-
-#c compiler priority
-AC_PROG_CC([gcc icc cc])
-#c++ compiler priority
-AC_PROG_CXX([g++ icpc c++])
-
-# restore flags
-CFLAGS="$CFLAGS_OLD"
-CPPFLAGS="$CPPFLAGS_OLD"
-
-# default install path is current directory
-AC_PREFIX_DEFAULT([`pwd`/_install])
-AC_CONFIG_FILES([Makefile])
-AC_OUTPUT
-

+ 0 - 91
external/epid-sdk-3.0.0/epid/common-testhelper/common-testhelper.parts

@@ -1,91 +0,0 @@
-############################################################################
-# Copyright 2016 Intel Corporation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-############################################################################
-Import('*')
-env.PartName('common-testhelper')
-
-src_files = Pattern(src_dir='.',
-                    includes=['*-testhelper.cc'],
-                    excludes=[],
-                    recursive=False).files()
-inc_files = Pattern(src_dir='.',
-                    includes=['*-testhelper.h'],
-                    excludes=[],
-                    recursive=False).files()
-epid11_src_files = Pattern(src_dir='1.1',
-                           includes=['*-testhelper.cc'],
-                           excludes=[],
-                           recursive=False).files()
-epid11_inc_files = Pattern(src_dir='1.1',
-                           includes=['*-testhelper.h'],
-                           excludes=[],
-                           recursive=False).files()
-test_data_files = Pattern(src_dir='testdata',
-                          includes=['*'],
-                          excludes=[],
-                          recursive=True)
-epid11_test_data_files = Pattern(src_dir='1.1/testdata',
-                                 includes=['*'],
-                                 excludes=[],
-                                 recursive=True)
-
-# unit tests
-utest_files = Pattern(src_dir='.',
-                      includes=['*-test.cc'],
-                      excludes=[],
-                      recursive=True).files()
-
-if 'install_package' in env['MODE']:
-    env.InstallTopLevel(src_files, sub_dir='epid/${PART_SHORT_NAME}')
-    env.InstallTopLevel(inc_files, sub_dir='epid/${PART_SHORT_NAME}')
-    env.InstallTopLevel(utest_files,
-                        sub_dir='epid/${PART_SHORT_NAME}/unittests')
-    env.InstallTopLevel(test_data_files,
-                        sub_dir='epid/${PART_SHORT_NAME}/testdata')
-
-    env.InstallTopLevel(epid11_src_files, sub_dir='epid/${PART_SHORT_NAME}/1.1')
-    env.InstallTopLevel(epid11_inc_files, sub_dir='epid/${PART_SHORT_NAME}/1.1')
-    env.InstallTopLevel(epid11_test_data_files,
-                        sub_dir='epid/${PART_SHORT_NAME}/1.1/testdata')
-
-    parts_file = ['common-testhelper.parts']
-    env.InstallTopLevel(parts_file, sub_dir='epid/${PART_SHORT_NAME}')
-    makefile = ['Makefile']
-    env.InstallTopLevel(makefile, sub_dir='epid/${PART_SHORT_NAME}')
-else:
-    env.DependsOn([
-        Component('common'),
-    ])
-
-    env.Append(CPPPATH='#')
-
-    testenv = env.Clone()
-
-    outputs = env.Library('${PART_NAME}', src_files + epid11_src_files)
-    env.Sdk(outputs)
-
-    testenv['UNIT_TEST_TARGET_NAME'] = "${PART_NAME}-${UNIT_TEST_TARGET}"
-    testenv.UnitTest("utest",
-                     utest_files,
-                     command_args=[
-                         '--gtest_color=yes',
-                         '--gtest_print_time=1',
-                         '--gtest_output=xml',
-                         '--gtest_filter=**',
-                     ],
-                     make_pdb=(env.isConfigBasedOn('debug')),
-                     depends=[Component('gtest'),
-                              Component('common-testhelper')],
-                     INSTALL_BIN='${INSTALL_TEST_BIN}')

+ 0 - 76
external/epid-sdk-3.0.0/epid/member/Makefile

@@ -1,76 +0,0 @@
-#!/usr/bin/make -f
-
-#define path variables
-IPP_SRC_INCLUDE_DIR = ../../ext/ipp/sources/ippcp/src/
-IPP_INCLUDE_DIR = ../../ext/ipp/sources/include/
-GTEST_INCLUDE_DIR = ../../ext/
-
-LIB_INSTALL_DIR = $(epidinstalldir)/lib/posix-$(ARCH)/
-TEST_INSTALL_DIR = $(epidinstalldir)/test/
-HEADERS_INSTALL_DIR :=  $(epidinstalldir)/include/epid/member/
-
-API_HEADERS_INSTALL = ./api.h
-
-MEMBER_INCLUDE_DIR = ../../
-
-MEMBER_SRC =  $(wildcard ./src/*.c)
-MEMBER_OBJ = $(sort $(MEMBER_SRC:.c=.o))
-MEMBER_LIB = ./libmember.a
-
-MEMBER_UTEST_EXE = ./member-utest
-MEMBER_UTEST_SRC = $(wildcard ./unittests/*.cc)
-MEMBER_UTEST_OBJ = $(sort $(MEMBER_UTEST_SRC:.cc=.o))
-LIB_MEMBER_DIR = .
-LIB_VERIFIER_DIR = ../verifier
-LIB_COMMON_TESTHELPER_DIR = ../common-testhelper
-LIB_COMMON_DIR = ../common
-LIB_IPPCP_DIR = ../../ext/ipp/sources/ippcp/src
-LIB_IPPCPEPID_DIR = ../../ext/ipp/sources/ippcpepid/src
-
-#set flags for linker
-LDFLAGS += -L$(GTEST_INCLUDE_DIR)/gtest  -L$(LIB_COMMON_TESTHELPER_DIR)  \
-	-L$(LIB_MEMBER_DIR) -L$(LIB_VERIFIER_DIR) -L$(LIB_COMMON_DIR) \
-	-L$(LIB_IPPCPEPID_DIR) -L$(LIB_IPPCP_DIR) -lgtest -lcommon-testhelper \
-	-lmember -lverifier -lcommon -lippcpepid -lippcp
-
-$(MEMBER_OBJ): %.o: %.c
-	$(CC) $(CFLAGS) -I$(IPP_INCLUDE_DIR) -I$(IPP_SRC_INCLUDE_DIR) \
-	-I$(MEMBER_INCLUDE_DIR) -c $^ -o $@
-
-$(MEMBER_LIB): $(MEMBER_OBJ)
-	$(AR) rc $(MEMBER_LIB) $(MEMBER_OBJ)
-	ranlib $(MEMBER_LIB)
-
-$(MEMBER_UTEST_EXE): $(MEMBER_UTEST_OBJ)
-	$(CXX) -o $@ $^ $(CXXFLAGS) $(LDFLAGS)
-
-$(MEMBER_UTEST_OBJ): %.o: %.cc
-	$(CXX) -o $@ $(CXXFLAGS) -I$(MEMBER_INCLUDE_DIR) \
-	-I$(GTEST_INCLUDE_DIR) -c $^
-
-build: all
-
-all: $(MEMBER_LIB)
-
-install:
-	mkdir -p '$(LIB_INSTALL_DIR)'
-	mkdir -p '$(HEADERS_INSTALL_DIR)'
-	cp $(MEMBER_LIB) '$(LIB_INSTALL_DIR)'
-	cp $(API_HEADERS_INSTALL) '$(HEADERS_INSTALL_DIR)'
-#install tests if they exist
-ifneq (,$(wildcard $(MEMBER_UTEST_EXE)))
-	mkdir -p '$(TEST_INSTALL_DIR)'
-	cp $(MEMBER_UTEST_EXE) '$(TEST_INSTALL_DIR)'
-endif
-
-check: $(MEMBER_UTEST_EXE) run
-
-run:
-	$(MEMBER_UTEST_EXE) $(GTEST_FLAGS)
-
-clean:
-	rm -f $(MEMBER_OBJ) \
-		$(MEMBER_LIB) \
-		$(MEMBER_UTEST_OBJ) \
-		$(MEMBER_UTEST_EXE) \
-		*.xml

+ 0 - 491
external/epid-sdk-3.0.0/epid/member/api.h

@@ -1,491 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-#ifndef EPID_MEMBER_API_H_
-#define EPID_MEMBER_API_H_
-
-#include <stddef.h>
-#include "epid/common/stdtypes.h"
-#include "epid/common/types.h"
-#include "epid/common/errors.h"
-#include "epid/common/bitsupplier.h"
-
-#ifdef __cplusplus
-extern "C"{
-#endif
-
-/*!
- * \file
- * \brief Intel(R) EPID SDK member API.
- */
-
-/// Member functionality
-/*!
-  \defgroup EpidMemberModule member
-
-  Defines the APIs needed by Intel(R) EPID members. Each member
-  context (::MemberCtx) represents membership in a single group.
-
-  \ingroup EpidModule
-  @{
-*/
-
-/// Internal context of member.
-typedef struct MemberCtx MemberCtx;
-
-/// Pre-computed member settings.
-/*!
- Serialized form of the information about a member that remains stable for
- a given set of keys.
-
- \note e12 = 0 implies that this data is not valid
- */
-#pragma pack(1)
-typedef struct MemberPrecomp {
-  GtElemStr e12;  ///< an element in GT
-  GtElemStr e22;  ///< an element in GT
-  GtElemStr e2w;  ///< an element in GT
-  GtElemStr ea2;  ///< an element in GT
-} MemberPrecomp;
-
-/// Pre-computed signature.
-/*!
- Serialized form of an intermediate signature that does not depend on
- basename or message. This can be used to time-shift compute time needed to
- sign a message.
- */
-typedef struct PreComputedSignature {
-  G1ElemStr B;   ///< an element in G1
-  G1ElemStr K;   ///< an element in G1
-  G1ElemStr T;   ///< an element in G1
-  G1ElemStr R1;  ///< an element in G1
-  GtElemStr R2;  ///< an element in G1
-  FpElemStr a;   ///< an integer between [0, p-1]
-  FpElemStr b;   ///< an integer between [0, p-1]
-  FpElemStr rx;  ///< an integer between [0, p-1]
-  FpElemStr rf;  ///< an integer between [0, p-1]
-  FpElemStr ra;  ///< an integer between [0, p-1]
-  FpElemStr rb;  ///< an integer between [0, p-1]
-} PreComputedSignature;
-#pragma pack()
-
-/// Creates a new member context.
-/*!
- Must be called to create the member context that is used by
- other "Member" APIs.
-
- Allocates memory for the context, then initializes it.
-
- EpidMemberDelete() must be called to safely release the member context.
-
- \param[in] pub_key
- The group certificate.
- \param[in] priv_key
- The member private key.
- \param[in] precomp
- Optional pre-computed data. If NULL the value is computed internally and is
- readable using EpidMemberWritePrecomp().
- \param[in] rnd_func
- Random number generator.
- \param[in] rnd_param
- Pass through context data for rnd_func.
- \param[out] ctx
- Newly constructed member context.
-
- \returns ::EpidStatus
-
- \warning
- For security rnd_func should be a cryptographically secure random
- number generator.
-
- \note
- If the result is not ::kEpidNoErr the content of ctx is undefined.
-
- \see EpidMemberDelete
- \see EpidMemberWritePrecomp
- */
-EpidStatus EpidMemberCreate(GroupPubKey const* pub_key, PrivKey const* priv_key,
-                            MemberPrecomp const* precomp, BitSupplier rnd_func,
-                            void* rnd_param, MemberCtx** ctx);
-
-/// Deletes an existing member context.
-/*!
- Must be called to safely release a member context created using
- EpidMemberCreate().
-
- De-initializes the context, frees memory used by the context, and sets the
- context pointer to NULL.
-
- \param[in,out] ctx
- The member context. Can be NULL.
-
- \see EpidMemberCreate
- */
-void EpidMemberDelete(MemberCtx** ctx);
-
-/// Serializes the pre-computed member settings.
-/*!
- \param[in] ctx
- The member context.
- \param[out] precomp
- The Serialized pre-computed member settings.
-
- \returns ::EpidStatus
-
- \note
- If the result is not ::kEpidNoErr, the content of precomp is undefined.
- */
-EpidStatus EpidMemberWritePrecomp(MemberCtx const* ctx, MemberPrecomp* precomp);
-
-/// Sets the hash algorithm to be used by a member.
-/*!
- \param[in] ctx
- The member context.
- \param[in] hash_alg
- The hash algorithm to use.
-
- \returns ::EpidStatus
-
- \note
- If the result is not ::kEpidNoErr, the hash algorithm used by the member is
- undefined.
-
- \see EpidMemberCreate
- \see ::HashAlg
- */
-EpidStatus EpidMemberSetHashAlg(MemberCtx* ctx, HashAlg hash_alg);
-
-/// Computes the size in bytes required for an Intel(R) EPID signature.
-/*!
- \param[in] sig_rl
- The signature based revocation list that is used. NULL is treated as
- a zero length list.
-
- \returns
- Size in bytes of an Intel(R) EPID signature including proofs for each entry
- in the signature based revocation list.
-
- \see ::SigRl
-*/
-size_t EpidGetSigSize(SigRl const* sig_rl);
-
-/// Writes an Intel(R) EPID signature.
-/*!
- \param[in] ctx
- The member context.
- \param[in] msg
- The message to sign.
- \param[in] msg_len
- The length in bytes of message.
- \param[in] basename
- Optional basename. If basename is NULL a random basename is used.
- Signatures generated using random basenames are anonymous. Signatures
- generated using the same basename are linkable by the verifier. If a
- basename is provided, it must already be registered, or
- ::kEpidBadArgErr is returned.
- \param[in] basename_len
- The size of basename in bytes. Must be 0 basename is NULL.
- \param[in] sig_rl
- The signature based revocation list.
- \param[in] sig_rl_size
- The size in bytes of the signature based revocation list.
- \param[out] sig
- The generated signature
- \param[in] sig_len
- The size of signature in bytes. Must be equal to value returned by
- EpidGetSigSize().
-
- \returns ::EpidStatus
-
- \note
- If the result is not ::kEpidNoErr the content of sig is undefined.
-
- \see
- EpidMemberCreate
- \see
- EpidMemberSetHashAlg
- \see
- EpidGetSigSize
- */
-EpidStatus EpidSign(MemberCtx const* ctx, void const* msg, size_t msg_len,
-                    void const* basename, size_t basename_len,
-                    SigRl const* sig_rl, size_t sig_rl_size, EpidSignature* sig,
-                    size_t sig_len);
-
-/// Registers a basename with a member.
-/*!
-
- To prevent loss of privacy, the member keeps a list of basenames
- (corresponding to authorized verifiers). The member signs a message
- with a basename only if the basename is in the member's basename
- list.
-
- \warning
- The use of a name-based signature creates a platform unique
- pseudonymous identifier. Because it reduces the member's privacy, the
- user should be notified when it is used and should have control over
- its use.
-
- \param[in] ctx
- The member context.
- \param[in] basename
- The basename.
- \param[in] basename_len
- Length of the basename.
-
- \returns ::EpidStatus
-
- \retval ::kEpidDuplicateErr
- The basename was already registered.
-
- \note
- If the result is not ::kEpidNoErr or ::kEpidDuplicateErr it is undefined if the
- basename is registered.
- */
-EpidStatus EpidRegisterBaseName(MemberCtx* ctx, void const* basename,
-                                size_t basename_len);
-
-/// Extends the member's pool of pre-computed signatures.
-/*!
- Can either generate new pre-computed signatures or import existing ones.
- ::EpidWritePreSigs can be used to export pre-computed signatures.
-
- \param[in] ctx
- The member context.
- \param[in] number_presigs
- The number of pre-computed signatures to add to the internal pool.
- \param[in,out] presigs
- Optional array of valid pre-computed signatures to import. If presigs is not
- NULL it most contain at least number_presigs pre-computed signatures.
-
- \returns ::EpidStatus
-
- \note
- presigs buffer is zeroed out before return to prevent pre-computed
- signatures from being reused.
-
- \note
- If the result is not ::kEpidNoErr the state of the pre-computed signature
- pool, and of presigs, is undefined.
-
- \see ::EpidMemberCreate
- \see ::EpidWritePreSigs
- */
-EpidStatus EpidAddPreSigs(MemberCtx* ctx, size_t number_presigs,
-                          PreComputedSignature* presigs);
-
-/// Gets the number of pre-computed signatures in the member's pool.
-/*!
- \param[in] ctx
- The member context.
-
- \returns
- Number of remaining pre-computed signatures. Returns 0 if ctx is NULL.
-
- \see ::EpidMemberCreate
- \see ::EpidWritePreSigs
-*/
-size_t EpidGetNumPreSigs(MemberCtx const* ctx);
-
-/// Serializes pre-computed signatures from the member's pool.
-/*!
- Removes requested number of pre-computed signatures from member's pool and
- stores them in presigs array. Use ::EpidAddPreSigs to add pre-computed
- signatures to the pool.
-
- \param[in] ctx
- The member context.
- \param[out] presigs
- An existing buffer of pre-computed signatures.
- \param[in] number_presigs
- Number of pre-computed signatures to read. Number_presigs must not be greater
- than the value returned by ::EpidGetNumPreSigs.
-
- \returns ::EpidStatus
-
- \note
- If the result is not ::kEpidNoErr the state of the pre-computed signature
- pool, and of presigs, is undefined.
-
- \see ::EpidMemberCreate
- \see ::EpidGetNumPreSigs
- \see ::EpidAddPreSigs
-*/
-EpidStatus EpidWritePreSigs(MemberCtx* ctx, PreComputedSignature* presigs,
-                            size_t number_presigs);
-
-/// Creates a request to join a group.
-/*!
- The created request is part of the interaction with an issuer needed to join
- a group. This interaction with the issuer is outside the scope of this API.
-
- \param[in] pub_key
- The group certificate of group to join.
- \param[in] ni
- The nonce chosen by issuer as part of join protocol.
- \param[in] f
- A randomly selected integer in [1, p-1].
- \param[in] rnd_func
- Random number generator.
- \param[in] rnd_param
- Pass through context data for rnd_func.
- \param[in] hash_alg
- The hash algorithm to be used.
- \param[out] join_request
- The join request.
-
- \returns ::EpidStatus
-
- \warning
- For security rnd_func should be a cryptographically secure random
- number generator.
-
- \note
- The default hash algorithm in Member is SHA-512. This is the
- recommended option if you do not override the hash algorithm
- elsewhere.
-
- \note
- If the result is not ::kEpidNoErr, the content of join_request is undefined.
-
- \see ::HashAlg
- */
-EpidStatus EpidRequestJoin(GroupPubKey const* pub_key, IssuerNonce const* ni,
-                           FpElemStr const* f, BitSupplier rnd_func,
-                           void* rnd_param, HashAlg hash_alg,
-                           JoinRequest* join_request);
-
-/// Creates a basic signature for use in constrained environment.
-/*!
- Used in constrained environments where, due to limited memory, it may not
- be possible to process through a large and potentially unbounded revocation
- list.
-
- \param[in] ctx
- The member context.
- \param[in] msg
- The message.
- \param[in] msg_len
- The length of message in bytes.
- \param[in] basename
- Optional basename. If basename is NULL a random basename is used.
- Signatures generated using random basenames are anonymous. Signatures
- generated using the same basename are linkable by the verifier. If a
- basename is provided it must already be registered or
- ::kEpidBadArgErr is returned.
- \param[in] basename_len
- The size of basename in bytes. Must be 0 basename is NULL.
- \param[out] sig
- The generated basic signature
-
- \returns ::EpidStatus
-
- \note
- This function should be used in conjunction with EpidNrProve()
-
- \note
- If the result is not ::kEpidNoErr the content of sig, is undefined.
-
- \see EpidMemberCreate
- \see EpidNrProve
- */
-EpidStatus EpidSignBasic(MemberCtx const* ctx, void const* msg, size_t msg_len,
-                         void const* basename, size_t basename_len,
-                         BasicSignature* sig);
-
-/// Calculates a non-revoked proof for a single signature based revocation
-/// list entry.
-/*!
- Used in constrained environments where, due to limited memory, it may not
- be possible to process through a large and potentially unbounded revocation
- list.
-
- \param[in] ctx
- The member context.
- \param[in] msg
- The message.
- \param[in] msg_len
- The length of message in bytes.
- \param[in] sig
- The basic signature.
- \param[in] sigrl_entry
- The signature based revocation list entry.
- \param[out] proof
- The generated non-revoked proof.
-
- \returns ::EpidStatus
-
- \note
- This function should be used in conjunction with EpidSignBasic().
-
- \note
- If the result is not ::kEpidNoErr, the content of proof is undefined.
-
- \see EpidMemberCreate
- \see EpidSignBasic
- */
-EpidStatus EpidNrProve(MemberCtx const* ctx, void const* msg, size_t msg_len,
-                       BasicSignature const* sig, SigRlEntry const* sigrl_entry,
-                       NrProof* proof);
-
-/// Tests if a member private key is valid without checking revocation.
-/*!
- Used to check that a member private key is a valid key for a group. This
- is useful as a cross check when creating a new member private key as part of
- the join process
-
- \param[in] pub_key
- The public key of the group.
- \param[in] priv_key
- The private key to check.
-
- \result bool
-
- \retval true
- if the private key is valid for the group of the public key
- \retval false
- if the private key is not valid for the group of the public key
-
-
- \see EpidRequestJoin
- */
-bool EpidIsPrivKeyInGroup(GroupPubKey const* pub_key, PrivKey const* priv_key);
-
-/// Decompresses compressed member private key.
-/*!
-
-  Converts a compressed member private key into a member
-  private key for use by other member APIs.
-
-  \param[in] pub_key
-  The public key of the group.
-  \param[in] compressed_privkey
-  The compressed member private key to be decompressed.
-  \param[out] priv_key
-  The member private key.
-
-  \returns ::EpidStatus
- */
-EpidStatus EpidDecompressPrivKey(GroupPubKey const* pub_key,
-                                 CompressedPrivKey const* compressed_privkey,
-                                 PrivKey* priv_key);
-
-/*! @} */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif  // EPID_MEMBER_API_H_

+ 0 - 84
external/epid-sdk-3.0.0/epid/member/member.parts

@@ -1,84 +0,0 @@
-############################################################################
-# Copyright 2016 Intel Corporation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-############################################################################
-Import('*')
-env.PartName('member')
-
-api_headers = Pattern(src_dir='.',
-                      includes=['api.h'],
-                      recursive=False).files()
-src_files = Pattern(src_dir='src',
-                    includes=['*.c'],
-                    recursive=False).files()
-internal_headers = Pattern(src_dir='src',
-                           includes=['*.h'],
-                           recursive=False).files()
-
-utest_files = Pattern(src_dir='unittests',
-                      includes=['*-test.cc',
-                                '*-testhelper.cc',],
-                      recursive=False).files()
-utest_headers = Pattern(src_dir='unittests',
-                        includes=['*-testhelper.h',],
-                        recursive=False).files()
-
-build_files = Pattern(src_dir='.',
-                      includes=['*.parts', 'Makefile'],
-                      recursive=False).files()
-
-if 'install_package' in env['MODE']:
-    env.InstallTopLevel(api_headers,
-                        sub_dir='epid/${PART_SHORT_NAME}')
-    env.InstallTopLevel(src_files + internal_headers,
-                        sub_dir='epid/${PART_SHORT_NAME}/src')
-    env.InstallTopLevel(utest_files + utest_headers,
-                        sub_dir='epid/${PART_SHORT_NAME}/unittests')
-
-    env.InstallTopLevel(build_files, sub_dir='epid/${PART_SHORT_NAME}')
-
-else:
-    env.DependsOn([
-        Component('common'),
-    ])
-
-    env.Append(CPPPATH='#')
-
-    testenv = env.Clone()
-
-    outputs = env.Library('${PART_NAME}', src_files)
-    env.Sdk(outputs)
-    env.SdkInclude(api_headers, sub_dir='epid/${PART_SHORT_NAME}')
-
-    if 'install_lib' in env['MODE']:
-        env.InstallLib(outputs)
-        env.InstallInclude(api_headers, sub_dir='${PART_SHORT_NAME}')
-
-    #unit tests
-    testenv['UNIT_TEST_TARGET_NAME'] = "${PART_NAME}-${UNIT_TEST_TARGET}"
-    testenv.UnitTest("utest",
-                     utest_files,
-                     command_args=[
-                         '--gtest_color=yes',
-                         '--gtest_print_time=1',
-                         '--gtest_output=xml',
-                         '--gtest_filter=**',
-                     ],
-                     make_pdb=(env.isConfigBasedOn('debug') or
-                               env.isConfigBasedOn('static_crt_debug')),
-                     depends=[Component('gtest'),
-                              Component('common-testhelper'),
-                              Component('member'),
-                              Component('verifier')],
-                     INSTALL_BIN='${INSTALL_TEST_BIN}')

+ 0 - 423
external/epid-sdk-3.0.0/epid/member/src/context.c

@@ -1,423 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief Member context implementation.
- */
-
-#include <string.h>
-
-#include "epid/member/api.h"
-#include "epid/member/src/context.h"
-#include "epid/member/src/privkey.h"
-#include "epid/common/src/memory.h"
-
-/// Perform pre-computation and store in context
-static EpidStatus DoPrecomputation(MemberCtx* ctx);
-
-/// Read Member precomp
-static EpidStatus ReadPrecomputation(MemberPrecomp const* precomp_str,
-                                     MemberCtx* ctx);
-
-EpidStatus EpidMemberCreate(GroupPubKey const* pub_key, PrivKey const* priv_key,
-                            MemberPrecomp const* precomp, BitSupplier rnd_func,
-                            void* rnd_param, MemberCtx** ctx) {
-  EpidStatus result = kEpidErr;
-  MemberCtx* member_ctx = NULL;
-
-  if (!pub_key || !priv_key || !rnd_func || !ctx) {
-    return kEpidBadArgErr;
-  }
-
-  // The member verifies that gid in public key and in private key
-  // match. If mismatch, abort and return operation failed.
-  if (memcmp(&pub_key->gid, &priv_key->gid, sizeof(GroupId))) {
-    return kEpidBadArgErr;
-  }
-
-  // Allocate memory for VerifierCtx
-  member_ctx = SAFE_ALLOC(sizeof(MemberCtx));
-  if (!member_ctx) {
-    return kEpidMemAllocErr;
-  }
-
-  do {
-    // set the default hash algorithm to sha512
-    member_ctx->hash_alg = kSha512;
-
-    // Internal representation of Epid2Params
-    result = CreateEpid2Params(&member_ctx->epid2_params);
-    if (kEpidNoErr != result) {
-      break;
-    }
-    // Internal representation of Group Pub Key
-    result =
-        CreateGroupPubKey(pub_key, member_ctx->epid2_params->G1,
-                          member_ctx->epid2_params->G2, &member_ctx->pub_key);
-    if (kEpidNoErr != result) {
-      break;
-    }
-    // Internal representation of Member Priv Key
-    result = CreatePrivKey(priv_key, member_ctx->epid2_params->G1,
-                           member_ctx->epid2_params->Fp, &member_ctx->priv_key);
-    if (kEpidNoErr != result) {
-      break;
-    }
-    // Allocate member_ctx->e12
-    result = NewFfElement(member_ctx->epid2_params->GT, &member_ctx->e12);
-    if (kEpidNoErr != result) {
-      break;
-    }
-    // Allocate member_ctx->e22
-    result = NewFfElement(member_ctx->epid2_params->GT, &member_ctx->e22);
-    if (kEpidNoErr != result) {
-      break;
-    }
-    // Allocate member_ctx->e2w
-    result = NewFfElement(member_ctx->epid2_params->GT, &member_ctx->e2w);
-    if (kEpidNoErr != result) {
-      break;
-    }
-    // Allocate member_ctx->ea2
-    result = NewFfElement(member_ctx->epid2_params->GT, &member_ctx->ea2);
-    if (kEpidNoErr != result) {
-      break;
-    }
-    // precomputation
-    if (precomp != NULL) {
-      result = ReadPrecomputation(precomp, member_ctx);
-    } else {
-      result = DoPrecomputation(member_ctx);
-    }
-    if (kEpidNoErr != result) {
-      break;
-    }
-    result = SetKeySpecificCommitValues(pub_key, &member_ctx->commit_values);
-    if (kEpidNoErr != result) {
-      break;
-    }
-
-    member_ctx->rnd_func = rnd_func;
-    member_ctx->rnd_param = rnd_param;
-    member_ctx->allowed_basenames = NULL;
-
-    if (!CreateStack(sizeof(PreComputedSignature), &member_ctx->presigs)) {
-      result = kEpidMemAllocErr;
-      break;
-    }
-
-    *ctx = member_ctx;
-    result = kEpidNoErr;
-  } while (0);
-
-  if (kEpidNoErr != result) {
-    DeleteFfElement(&member_ctx->ea2);
-    DeleteFfElement(&member_ctx->e2w);
-    DeleteFfElement(&member_ctx->e22);
-    DeleteFfElement(&member_ctx->e12);
-    DeleteEpid2Params(&member_ctx->epid2_params);
-    DeleteGroupPubKey(&member_ctx->pub_key);
-    DeletePrivKey(&member_ctx->priv_key);
-    DeleteStack(&member_ctx->presigs);
-    SAFE_FREE(member_ctx);
-  }
-
-  return (result);
-}
-
-void EpidMemberDelete(MemberCtx** ctx) {
-  if (ctx && *ctx) {
-    DeleteGroupPubKey(&(*ctx)->pub_key);
-    DeleteFfElement(&(*ctx)->e12);
-    DeleteFfElement(&(*ctx)->e22);
-    DeleteFfElement(&(*ctx)->e2w);
-    DeleteFfElement(&(*ctx)->ea2);
-    DeleteEpid2Params(&(*ctx)->epid2_params);
-    DeletePrivKey(&(*ctx)->priv_key);
-    DeleteBasenames(&(*ctx)->allowed_basenames);
-    DeleteStack(&(*ctx)->presigs);
-    SAFE_FREE(*ctx);
-  }
-}
-
-EpidStatus EpidMemberWritePrecomp(MemberCtx const* ctx,
-                                  MemberPrecomp* precomp) {
-  EpidStatus result = kEpidErr;
-  FfElement* e12 = NULL;   // an element in GT
-  FfElement* e22 = NULL;   // an element in GT
-  FfElement* e2w = NULL;   // an element in GT
-  FfElement* ea2 = NULL;   // an element in GT
-  FiniteField* GT = NULL;  // Finite field GT(Fq12 )
-  if (!ctx) {
-    return kEpidBadArgErr;
-  }
-  if (!precomp) {
-    return kEpidBadArgErr;
-  }
-  if (!ctx->e12 || !ctx->e22 || !ctx->e2w || !ctx->ea2 || !ctx->epid2_params ||
-      !(ctx->epid2_params->GT)) {
-    return kEpidBadArgErr;
-  }
-  e12 = ctx->e12;
-  e22 = ctx->e22;
-  e2w = ctx->e2w;
-  ea2 = ctx->ea2;
-  GT = ctx->epid2_params->GT;
-  result = WriteFfElement(GT, e12, &(precomp->e12), sizeof(precomp->e12));
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  result = WriteFfElement(GT, e22, &(precomp->e22), sizeof(precomp->e22));
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  result = WriteFfElement(GT, e2w, &(precomp->e2w), sizeof(precomp->e2w));
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  result = WriteFfElement(GT, ea2, &(precomp->ea2), sizeof(precomp->ea2));
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  return result;
-}
-
-EpidStatus EpidMemberSetHashAlg(MemberCtx* ctx, HashAlg hash_alg) {
-  if (!ctx) return kEpidBadArgErr;
-  if (kSha256 != hash_alg && kSha384 != hash_alg && kSha512 != hash_alg)
-    return kEpidBadArgErr;
-  ctx->hash_alg = hash_alg;
-  return kEpidNoErr;
-}
-
-EpidStatus EpidRegisterBaseName(MemberCtx* ctx, void const* basename,
-                                size_t basename_len) {
-  EpidStatus result = kEpidErr;
-  if (basename_len == 0) {
-    return kEpidBadArgErr;
-  }
-  if (!ctx || !basename) {
-    return kEpidBadArgErr;
-  }
-
-  if (ContainsBasename(ctx->allowed_basenames, basename, basename_len)) {
-    return kEpidDuplicateErr;
-  }
-
-  result = AddBasename(&ctx->allowed_basenames, basename, basename_len);
-
-  return result;
-}
-
-void DeleteBasenames(AllowedBasename** rootnode) {
-  if (rootnode && *rootnode) {
-    AllowedBasename* currentnode = *rootnode;
-    while (currentnode) {
-      AllowedBasename* deletenode = currentnode;
-      currentnode = currentnode->next;
-      SAFE_FREE(deletenode);
-    }
-    *rootnode = NULL;
-  }
-}
-
-EpidStatus AddBasename(AllowedBasename** rootnode, void const* basename,
-                       size_t length) {
-  EpidStatus result = kEpidErr;
-  AllowedBasename* newnode = NULL;
-  AllowedBasename* currentnode = NULL;
-  if (length > (SIZE_MAX - sizeof(AllowedBasename)) + 1) {
-    return kEpidBadArgErr;
-  }
-  if (!basename) {
-    return kEpidBadArgErr;
-  }
-
-  newnode = SAFE_ALLOC(sizeof(AllowedBasename) + (length - 1));
-  if (!newnode) {
-    return kEpidMemAllocErr;
-  }
-  newnode->next = NULL;
-  newnode->length = length;
-  // Memory copy is used to copy a flexible array
-  if (0 != memcpy_S(newnode->name, length, basename, length)) {
-    SAFE_FREE(newnode);
-    return kEpidBadArgErr;
-  }
-  if (*rootnode == NULL) {
-    *rootnode = newnode;
-    return kEpidNoErr;
-  }
-  currentnode = *rootnode;
-  while (currentnode->next != NULL) {
-    currentnode = currentnode->next;
-  }
-  currentnode->next = newnode;
-  result = kEpidNoErr;
-
-  return result;
-}
-
-bool ContainsBasename(AllowedBasename const* rootnode, void const* basename,
-                      size_t length) {
-  if (length != 0) {
-    while (rootnode != NULL) {
-      if (rootnode->length == length) {
-        if (!memcmp(rootnode->name, basename, length)) {
-          return true;
-        }
-      }
-      rootnode = rootnode->next;
-    }
-  }
-  return false;
-}
-
-EpidStatus EpidAddPreSigs(MemberCtx* ctx, size_t number_presigs,
-                          PreComputedSignature* presigs) {
-  PreComputedSignature* new_presigs;
-  if (!ctx) return kEpidBadArgErr;
-  if (!ctx->presigs) return kEpidBadArgErr;
-
-  if (0 == number_presigs) return kEpidNoErr;
-  if (number_presigs > SIZE_MAX / sizeof(PreComputedSignature))
-    return kEpidBadArgErr;  // integer overflow
-
-  new_presigs =
-      (PreComputedSignature*)StackPushN(ctx->presigs, number_presigs, presigs);
-  if (!new_presigs) return kEpidMemAllocErr;
-
-  if (presigs) {
-    memset(presigs, 0, number_presigs * sizeof(PreComputedSignature));
-  } else {
-    size_t i;
-    for (i = 0; i < number_presigs; i++) {
-      EpidStatus sts = EpidComputePreSig(ctx, &new_presigs[i]);
-      if (kEpidNoErr != sts) {
-        // roll back pre-computed-signature pool
-        StackPopN(ctx->presigs, number_presigs, 0);
-        return sts;
-      }
-    }
-  }
-  return kEpidNoErr;
-}
-
-size_t EpidGetNumPreSigs(MemberCtx const* ctx) {
-  return (ctx && ctx->presigs) ? StackGetSize(ctx->presigs) : (size_t)0;
-}
-
-EpidStatus EpidWritePreSigs(MemberCtx* ctx, PreComputedSignature* presigs,
-                            size_t number_presigs) {
-  if (!ctx || (!presigs && (0 != number_presigs))) return kEpidBadArgErr;
-  if (!ctx->presigs) return kEpidBadArgErr;
-
-  if (0 == number_presigs) return kEpidNoErr;
-
-  return StackPopN(ctx->presigs, number_presigs, presigs) ? kEpidNoErr
-                                                          : kEpidBadArgErr;
-}
-
-static EpidStatus DoPrecomputation(MemberCtx* ctx) {
-  EpidStatus result = kEpidErr;
-  FfElement* e12 = NULL;
-  FfElement* e22 = NULL;
-  FfElement* e2w = NULL;
-  FfElement* ea2 = NULL;
-  Epid2Params_* params = NULL;
-  GroupPubKey_* pub_key = NULL;
-  PairingState* ps_ctx = NULL;
-  if (!ctx) {
-    return kEpidBadArgErr;
-  }
-  if (!ctx->epid2_params || !ctx->epid2_params->GT ||
-      !ctx->epid2_params->pairing_state || !ctx->pub_key || !ctx->priv_key ||
-      !ctx->e12 || !ctx->e22 || !ctx->e2w || !ctx->ea2) {
-    return kEpidBadArgErr;
-  }
-  pub_key = ctx->pub_key;
-  params = ctx->epid2_params;
-  e12 = ctx->e12;
-  e22 = ctx->e22;
-  e2w = ctx->e2w;
-  ea2 = ctx->ea2;
-  ps_ctx = params->pairing_state;
-  // do precomputation
-  // 1. The member computes e12 = pairing(h1, g2).
-  result = Pairing(ps_ctx, e12, pub_key->h1, params->g2);
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  // 2.  The member computes e22 = pairing(h2, g2).
-  result = Pairing(ps_ctx, e22, pub_key->h2, params->g2);
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  // 3.  The member computes e2w = pairing(h2, w).
-  result = Pairing(ps_ctx, e2w, pub_key->h2, pub_key->w);
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  // 4.  The member computes ea2 = pairing(A, g2).
-  result = Pairing(ps_ctx, ea2, ctx->priv_key->A, params->g2);
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  return kEpidNoErr;
-}
-
-static EpidStatus ReadPrecomputation(MemberPrecomp const* precomp_str,
-                                     MemberCtx* ctx) {
-  EpidStatus result = kEpidErr;
-  FfElement* e12 = NULL;
-  FfElement* e22 = NULL;
-  FfElement* e2w = NULL;
-  FfElement* ea2 = NULL;
-  FiniteField* GT = NULL;
-  Epid2Params_* params = NULL;
-  if (!ctx || !precomp_str) {
-    return kEpidBadArgErr;
-  }
-  if (!ctx->epid2_params || !ctx->epid2_params->GT || !ctx->e12 || !ctx->e22 ||
-      !ctx->e2w || !ctx->ea2) {
-    return kEpidBadArgErr;
-  }
-  params = ctx->epid2_params;
-  GT = params->GT;
-  e12 = ctx->e12;
-  e22 = ctx->e22;
-  e2w = ctx->e2w;
-  ea2 = ctx->ea2;
-
-  result = ReadFfElement(GT, &precomp_str->e12, sizeof(precomp_str->e12), e12);
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  result = ReadFfElement(GT, &precomp_str->e22, sizeof(precomp_str->e22), e22);
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  result = ReadFfElement(GT, &precomp_str->e2w, sizeof(precomp_str->e2w), e2w);
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  result = ReadFfElement(GT, &precomp_str->ea2, sizeof(precomp_str->ea2), ea2);
-  if (kEpidNoErr != result) {
-    return result;
-  }
-  return kEpidNoErr;
-}

+ 0 - 85
external/epid-sdk-3.0.0/epid/member/src/context.h

@@ -1,85 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-#ifndef EPID_MEMBER_SRC_CONTEXT_H_
-#define EPID_MEMBER_SRC_CONTEXT_H_
-/*!
- * \file
- * \brief Member context interface.
- */
-
-#include <stddef.h>
-#include "epid/member/api.h"
-#include "epid/common/errors.h"
-#include "epid/common/src/epid2params.h"
-#include "epid/common/src/grouppubkey.h"
-#include "epid/common/src/stack.h"
-#include "epid/common/src/commitment.h"
-#include "epid/member/src/privkey.h"
-
-/// Internal implementation of base name
-typedef struct AllowedBasename {
-  struct AllowedBasename* next;  ///< pointer to the next base name
-  size_t length;                 ///< size of base name
-  uint8_t name[1];               ///< base name (flexible array)
-} AllowedBasename;
-
-/// Member context definition
-struct MemberCtx {
-  GroupPubKey_* pub_key;       ///< group public key
-  FfElement* e12;              ///< an element in GT
-  FfElement* e22;              ///< an element in GT
-  FfElement* e2w;              ///< an element in GT
-  FfElement* ea2;              ///< an element in GT
-  Epid2Params_* epid2_params;  ///< Intel(R) EPID 2.0 params
-  PrivKey_* priv_key;          ///< Member private key
-
-  BitSupplier rnd_func;  ///< Pseudo random number generation function
-  void* rnd_param;       ///< Pointer to user context for rnd_func
-  HashAlg hash_alg;      ///< Hash algorithm to use
-  AllowedBasename* allowed_basenames;  ///< Base name list
-  Stack* presigs;                      ///< Pre-computed signatures pool
-  CommitValues commit_values;  ///< Values that are hashed to create commitment
-};
-
-/// Delete base name list
-void DeleteBasenames(AllowedBasename** rootnode);
-
-/// Add new base name to list
-EpidStatus AddBasename(AllowedBasename** rootnode, void const* basename,
-                       size_t length);
-
-/// Check if given base name exist in the list
-bool ContainsBasename(AllowedBasename const* rootnode, void const* basename,
-                      size_t length);
-
-/// Performs Pre-computation that can be used to speed up signing
-/*!
- \warning
- Do not re-use the same pre-computed signature to generate more than
- one signature. If a pre-computed signature is used for computing
- two signatures, an attacker could learn the Intel(R) EPID private key.
-
- \param[in] ctx
- The member context.
- \param[out] precompsig
- The pre-computed signature.
-
- \returns ::EpidStatus
- */
-EpidStatus EpidComputePreSig(MemberCtx const* ctx,
-                             PreComputedSignature* precompsig);
-
-#endif  // EPID_MEMBER_SRC_CONTEXT_H_

+ 0 - 277
external/epid-sdk-3.0.0/epid/member/src/nr_prove.c

@@ -1,277 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief EpidNrProve implementation.
- */
-#include "epid/common/src/memory.h"
-#include "epid/member/api.h"
-#include "epid/member/src/context.h"
-
-/// Handle SDK Error with Break
-#define BREAK_ON_EPID_ERROR(ret) \
-  if (kEpidNoErr != (ret)) {     \
-    break;                       \
-  }
-
-/// Count of elements in array
-#define COUNT_OF(A) (sizeof(A) / sizeof((A)[0]))
-
-#pragma pack(1)
-/// Storage for values to create commitment in NrProve algorithm
-typedef struct NrVerifyCommitValues {
-  BigNumStr p;     //!< A large prime (256-bit)
-  G1ElemStr g1;    //!< Generator of G1 (512-bit)
-  G1ElemStr b;     //!< (element of G1): part of basic signature Sigma0
-  G1ElemStr k;     //!< (element of G1): part of basic signature Sigma0
-  G1ElemStr bp;    //!< (element of G1): one entry in SigRL
-  G1ElemStr kp;    //!< (element of G1): one entry in SigRL
-  G1ElemStr t;     //!< element of G1
-  G1ElemStr r1;    //!< element of G1
-  G1ElemStr r2;    //!< element of G1
-  uint8_t msg[1];  //!< message
-} NrVerifyCommitValues;
-#pragma pack()
-
-EpidStatus EpidNrProve(MemberCtx const* ctx, void const* msg, size_t msg_len,
-                       BasicSignature const* sig, SigRlEntry const* sigrl_entry,
-                       NrProof* proof) {
-  EpidStatus res = kEpidErr;
-  NrVerifyCommitValues* commit_values = NULL;
-  size_t const commit_len = sizeof(*commit_values) - 1 + msg_len;
-  EcPoint* T = NULL;
-  EcPoint* R1 = NULL;
-  EcPoint* R2 = NULL;
-  FfElement* mu = NULL;
-  FfElement* nu = NULL;
-  FfElement* rmu = NULL;
-  FfElement* rnu = NULL;
-  FfElement* c = NULL;
-  FfElement* smu = NULL;
-  FfElement* snu = NULL;
-  EcPoint* B = NULL;
-  EcPoint* K = NULL;
-  EcPoint* rlB = NULL;
-  EcPoint* rlK = NULL;
-  FfElement const* f = NULL;
-  if (!ctx || (0 != msg_len && !msg) || !sig || !sigrl_entry || !proof)
-    return kEpidBadArgErr;
-  if (msg_len > ((SIZE_MAX - sizeof(*commit_values)) + 1))
-    return kEpidBadArgErr;
-  if (!ctx->epid2_params || !ctx->priv_key) return kEpidBadArgErr;
-
-  do {
-    bool is_identity = false;
-    BigNumStr mu_str = {0};
-    BigNumStr nu_str = {0};
-    BigNumStr rmu_str = {0};
-    BigNumStr rnu_str = {0};
-    BitSupplier rnd_func = ctx->rnd_func;
-    void* rnd_param = ctx->rnd_param;
-    FiniteField* Fp = ctx->epid2_params->Fp;
-    EcGroup* G1 = ctx->epid2_params->G1;
-    static const BigNumStr one = {
-        {{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}}};
-
-    // Check required parameters
-    if (!ctx->priv_key->f || !rnd_func || !Fp || !G1) return kEpidBadArgErr;
-
-    f = ctx->priv_key->f;
-
-    commit_values = SAFE_ALLOC(commit_len);
-    if (!commit_values) {
-      res = kEpidMemAllocErr;
-      break;
-    }
-
-    // The following variables T, R1, R2 (elements of G1), and mu, nu,
-    // rmu, rnu, c, smu, snu (256-bit integers) are used.
-    res = NewEcPoint(G1, &T);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewEcPoint(G1, &R1);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewEcPoint(G1, &R2);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &mu);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &nu);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &rmu);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &rnu);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &c);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &smu);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &snu);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewEcPoint(G1, &B);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewEcPoint(G1, &K);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewEcPoint(G1, &rlB);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewEcPoint(G1, &rlK);
-    BREAK_ON_EPID_ERROR(res);
-
-    res = ReadEcPoint(G1, (const uint8_t*)&(sig->B), sizeof(sig->B), B);
-    BREAK_ON_EPID_ERROR(res);
-    res = ReadEcPoint(G1, (const uint8_t*)&(sig->K), sizeof(sig->K), K);
-    BREAK_ON_EPID_ERROR(res);
-    res = ReadEcPoint(G1, (const uint8_t*)&(sigrl_entry->b),
-                      sizeof(sigrl_entry->b), rlB);
-    BREAK_ON_EPID_ERROR(res);
-    res = ReadEcPoint(G1, (const uint8_t*)&(sigrl_entry->k),
-                      sizeof(sigrl_entry->k), rlK);
-    BREAK_ON_EPID_ERROR(res);
-
-    // 1.  The member chooses random mu from [1, p-1].
-    res = FfGetRandom(Fp, &one, rnd_func, rnd_param, mu);
-    BREAK_ON_EPID_ERROR(res);
-    // 2.  The member computes nu = (- f * mu) mod p.
-    res = FfMul(Fp, mu, f, nu);
-    BREAK_ON_EPID_ERROR(res);
-    res = FfNeg(Fp, nu, nu);
-    BREAK_ON_EPID_ERROR(res);
-    // 3.  The member computes T = G1.sscmMultiExp(K', mu, B', nu).
-    res = WriteFfElement(Fp, mu, (uint8_t*)&mu_str, sizeof(mu_str));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, nu, (uint8_t*)&nu_str, sizeof(nu_str));
-    BREAK_ON_EPID_ERROR(res);
-    {
-      EcPoint const* points[2];
-      BigNumStr const* exponents[2];
-      points[0] = rlK;
-      points[1] = rlB;
-      exponents[0] = &mu_str;
-      exponents[1] = &nu_str;
-      res = EcSscmMultiExp(G1, points, exponents, COUNT_OF(points), T);
-      BREAK_ON_EPID_ERROR(res);
-    }
-    // 4.  The member chooses rmu, rnu randomly from [1, p-1].
-    res = FfGetRandom(Fp, &one, rnd_func, rnd_param, rmu);
-    BREAK_ON_EPID_ERROR(res);
-    res = FfGetRandom(Fp, &one, rnd_func, rnd_param, rnu);
-    BREAK_ON_EPID_ERROR(res);
-    // 5.  The member computes R1 = G1.sscmMultiExp(K, rmu, B, rnu).
-    res = WriteFfElement(Fp, rmu, (uint8_t*)&rmu_str, sizeof(rmu_str));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, rnu, (uint8_t*)&rnu_str, sizeof(rnu_str));
-    BREAK_ON_EPID_ERROR(res);
-    {
-      EcPoint const* points[2];
-      BigNumStr const* exponents[2];
-      points[0] = K;
-      points[1] = B;
-      exponents[0] = &rmu_str;
-      exponents[1] = &rnu_str;
-      res = EcSscmMultiExp(G1, points, exponents, COUNT_OF(points), R1);
-      BREAK_ON_EPID_ERROR(res);
-    }
-    // 6.  The member computes R2 = G1.sscmMultiExp(K', rmu, B', rnu).
-    {
-      EcPoint const* points[2];
-      BigNumStr const* exponents[2];
-      points[0] = rlK;
-      points[1] = rlB;
-      exponents[0] = &rmu_str;
-      exponents[1] = &rnu_str;
-      res = EcSscmMultiExp(G1, points, exponents, COUNT_OF(points), R2);
-      BREAK_ON_EPID_ERROR(res);
-    }
-    // 7.  The member computes c = Fp.hash(p || g1 || B || K || B' ||
-    //     K' || T || R1 || R2 || m). Refer to Section 7.1 for hash
-    //     operation over a prime field.
-
-    // commit_values is allocated such that there are msg_len bytes available
-    // starting at commit_values->msg
-    if (msg) {
-      // Memory copy is used to copy a message of variable length
-      if (0 != memcpy_S(&commit_values->msg[0], msg_len, msg, msg_len)) {
-        res = kEpidBadArgErr;
-        break;
-      }
-    }
-    commit_values->p = ctx->commit_values.p;
-    commit_values->g1 = ctx->commit_values.g1;
-    commit_values->b = sig->B;
-    commit_values->k = sig->K;
-    commit_values->bp = sigrl_entry->b;
-    commit_values->kp = sigrl_entry->k;
-    res = WriteEcPoint(G1, T, (uint8_t*)&commit_values->t,
-                       sizeof(commit_values->t));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteEcPoint(G1, R1, (uint8_t*)&commit_values->r1,
-                       sizeof(commit_values->r1));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteEcPoint(G1, R2, (uint8_t*)&commit_values->r2,
-                       sizeof(commit_values->r2));
-    BREAK_ON_EPID_ERROR(res);
-    res = FfHash(Fp, (uint8_t*)commit_values, commit_len, ctx->hash_alg, c);
-    BREAK_ON_EPID_ERROR(res);
-
-    // 8.  The member computes smu = (rmu + c * mu) mod p.
-    res = FfMul(Fp, c, mu, smu);
-    BREAK_ON_EPID_ERROR(res);
-    res = FfAdd(Fp, rmu, smu, smu);
-    BREAK_ON_EPID_ERROR(res);
-    // 9.  The member computes snu = (rnu + c * nu) mod p.
-    res = FfMul(Fp, c, nu, snu);
-    BREAK_ON_EPID_ERROR(res);
-    res = FfAdd(Fp, rnu, snu, snu);
-    BREAK_ON_EPID_ERROR(res);
-    // 10. The member outputs sigma = (T, c, smu, snu), a non-revoked
-    //     proof. If G1.is_identity(T) = true, the member also outputs
-    //     "failed".
-
-    proof->T = commit_values->t;
-    res = WriteFfElement(Fp, c, (uint8_t*)&proof->c, sizeof(proof->c));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, smu, (uint8_t*)&proof->smu, sizeof(proof->smu));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, snu, (uint8_t*)&proof->snu, sizeof(proof->snu));
-    BREAK_ON_EPID_ERROR(res);
-
-    res = EcIsIdentity(G1, T, &is_identity);
-    BREAK_ON_EPID_ERROR(res);
-    if (is_identity) {
-      res = kEpidSigRevokedInSigRl;
-      BREAK_ON_EPID_ERROR(res);
-    }
-    res = kEpidNoErr;
-  } while (0);
-
-  f = NULL;
-  SAFE_FREE(commit_values)
-  DeleteEcPoint(&T);
-  DeleteEcPoint(&R1);
-  DeleteEcPoint(&R2);
-  DeleteFfElement(&mu);
-  DeleteFfElement(&nu);
-  DeleteFfElement(&rmu);
-  DeleteFfElement(&rnu);
-  DeleteFfElement(&c);
-  DeleteFfElement(&smu);
-  DeleteFfElement(&snu);
-  DeleteEcPoint(&B);
-  DeleteEcPoint(&K);
-  DeleteEcPoint(&rlB);
-  DeleteEcPoint(&rlK);
-
-  return res;
-}

+ 0 - 229
external/epid-sdk-3.0.0/epid/member/src/presig.c

@@ -1,229 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief EpidComputePreSig implementation.
- */
-
-#include "epid/member/src/context.h"
-
-/// Handle SDK Error with Break
-#define BREAK_ON_EPID_ERROR(ret) \
-  if (kEpidNoErr != (ret)) {     \
-    break;                       \
-  }
-
-/// Count of elements in array
-#define COUNT_OF(A) (sizeof(A) / sizeof((A)[0]))
-
-EpidStatus EpidComputePreSig(MemberCtx const* ctx,
-                             PreComputedSignature* precompsig) {
-  EpidStatus res = kEpidNotImpl;
-
-  EcPoint* B = NULL;
-  EcPoint* K = NULL;
-  EcPoint* T = NULL;
-  EcPoint* R1 = NULL;
-
-  FfElement* R2 = NULL;
-
-  FfElement* a = NULL;
-  FfElement* b = NULL;
-  FfElement* rx = NULL;
-  FfElement* rf = NULL;
-  FfElement* ra = NULL;
-  FfElement* rb = NULL;
-  FfElement* t1 = NULL;
-  FfElement* t2 = NULL;
-  FfElement* f = NULL;
-
-  if (!ctx || !precompsig) return kEpidBadArgErr;
-  if (!ctx->epid2_params || !ctx->pub_key || !ctx->priv_key)
-    return kEpidBadArgErr;
-
-  do {
-    // handy shorthands:
-    EcGroup* G1 = ctx->epid2_params->G1;
-    FiniteField* GT = ctx->epid2_params->GT;
-    FiniteField* Fp = ctx->epid2_params->Fp;
-    EcPoint* h2 = ctx->pub_key->h2;
-    EcPoint* A = ctx->priv_key->A;
-    FfElement* x = ctx->priv_key->x;
-    BigNumStr f_str = {0};
-    BigNumStr a_str = {0};
-    BigNumStr t1_str = {0};
-    BigNumStr rf_str = {0};
-    BigNumStr t2_str = {0};
-    BigNumStr ra_str = {0};
-    static const BigNumStr one = {
-        {{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}}};
-
-    if (!G1 || !GT || !Fp || !h2 || !A || !x || !ctx->priv_key->f ||
-        !ctx->e12 || !ctx->e22 || !ctx->e2w || !ctx->ea2) {
-      res = kEpidBadArgErr;
-      BREAK_ON_EPID_ERROR(res);
-    }
-    f = ctx->priv_key->f;
-    // The following variables B, K, T, R1 (elements of G1), R2
-    // (elements of GT), a, b, rx, rf, ra, rb, t1, t2 (256-bit
-    // integers) are used.
-    res = NewEcPoint(G1, &B);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewEcPoint(G1, &K);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewEcPoint(G1, &T);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewEcPoint(G1, &R1);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(GT, &R2);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &a);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &b);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &rx);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &rf);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &ra);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &rb);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &t1);
-    BREAK_ON_EPID_ERROR(res);
-    res = NewFfElement(Fp, &t2);
-    BREAK_ON_EPID_ERROR(res);
-    // 1. The member expects the pre-computation is done (e12, e22, e2w,
-    //    ea2). Refer to Section 3.5 for the computation of these
-    //    values.
-
-    // 2. The member verifies gid in public key matches gid in private
-    //    key.
-    // 3. The member computes B = G1.getRandom().
-    res = EcGetRandom(G1, ctx->rnd_func, ctx->rnd_param, B);
-    BREAK_ON_EPID_ERROR(res);
-    // 4. The member computes K = G1.sscmExp(B, f).
-    res = WriteFfElement(Fp, f, &f_str, sizeof(f_str));
-    BREAK_ON_EPID_ERROR(res);
-    res = EcExp(G1, B, &f_str, K);
-    BREAK_ON_EPID_ERROR(res);
-    // 5. The member chooses randomly an integers a from [1, p-1].
-    res = FfGetRandom(Fp, &one, ctx->rnd_func, ctx->rnd_param, a);
-    BREAK_ON_EPID_ERROR(res);
-    // 6. The member computes T = G1.sscmExp(h2, a).
-    res = WriteFfElement(Fp, a, &a_str, sizeof(a_str));
-    BREAK_ON_EPID_ERROR(res);
-    res = EcExp(G1, h2, &a_str, T);
-    BREAK_ON_EPID_ERROR(res);
-    // 7. The member computes T = G1.mul(T, A).
-    res = EcMul(G1, T, A, T);
-    BREAK_ON_EPID_ERROR(res);
-    // 8. The member computes b = (a * x) mod p.
-    res = FfMul(Fp, a, x, b);
-    BREAK_ON_EPID_ERROR(res);
-    // 9. The member chooses rx, rf, ra, rb randomly from [1, p-1].
-    res = FfGetRandom(Fp, &one, ctx->rnd_func, ctx->rnd_param, rx);
-    BREAK_ON_EPID_ERROR(res);
-    res = FfGetRandom(Fp, &one, ctx->rnd_func, ctx->rnd_param, rf);
-    BREAK_ON_EPID_ERROR(res);
-    res = FfGetRandom(Fp, &one, ctx->rnd_func, ctx->rnd_param, ra);
-    BREAK_ON_EPID_ERROR(res);
-    res = FfGetRandom(Fp, &one, ctx->rnd_func, ctx->rnd_param, rb);
-    BREAK_ON_EPID_ERROR(res);
-    // 10. The member computes t1 = (- rx) mod p.
-    res = FfNeg(Fp, rx, t1);
-    BREAK_ON_EPID_ERROR(res);
-    // 11. The member computes t2 = (rb - a * rx) mod p.
-    res = FfMul(Fp, a, rx, t2);
-    BREAK_ON_EPID_ERROR(res);
-    res = FfNeg(Fp, t2, t2);
-    BREAK_ON_EPID_ERROR(res);
-    res = FfAdd(Fp, rb, t2, t2);
-    BREAK_ON_EPID_ERROR(res);
-    // 12. The member computes R1 = G1.sscmExp(B, rf).
-    res = WriteFfElement(Fp, rf, &rf_str, sizeof(rf_str));
-    BREAK_ON_EPID_ERROR(res);
-    res = EcExp(G1, B, &rf_str, R1);
-    BREAK_ON_EPID_ERROR(res);
-    // 13. The member computes R2 = GT.sscmMultiExp(ea2, t1, e12, rf,
-    //     e22, t2, e2w, ra).
-    res = WriteFfElement(Fp, t1, &t1_str, sizeof(t1_str));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, t2, &t2_str, sizeof(t2_str));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, ra, &ra_str, sizeof(ra_str));
-    BREAK_ON_EPID_ERROR(res);
-    {
-      FfElement const* points[4];
-      BigNumStr const* exponents[4];
-      points[0] = ctx->ea2;
-      points[1] = ctx->e12;
-      points[2] = ctx->e22;
-      points[3] = ctx->e2w;
-      exponents[0] = &t1_str;
-      exponents[1] = &rf_str;
-      exponents[2] = &t2_str;
-      exponents[3] = &ra_str;
-      res = FfMultiExp(GT, points, exponents, COUNT_OF(points), R2);
-      BREAK_ON_EPID_ERROR(res);
-    }
-    // 14. The member sets and outputs pre-sigma = (B, K, T, a, b, rx,
-    //     rf, ra, rb, R1, R2).
-    res = WriteEcPoint(G1, B, &precompsig->B, sizeof(precompsig->B));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteEcPoint(G1, K, &precompsig->K, sizeof(precompsig->K));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteEcPoint(G1, T, &precompsig->T, sizeof(precompsig->T));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, a, &precompsig->a, sizeof(precompsig->a));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, b, &precompsig->b, sizeof(precompsig->b));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, rx, &precompsig->rx, sizeof(precompsig->rx));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, rf, &precompsig->rf, sizeof(precompsig->rf));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, ra, &precompsig->ra, sizeof(precompsig->ra));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(Fp, rb, &precompsig->rb, sizeof(precompsig->rb));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteEcPoint(G1, R1, &precompsig->R1, sizeof(precompsig->R1));
-    BREAK_ON_EPID_ERROR(res);
-    res = WriteFfElement(GT, R2, &precompsig->R2, sizeof(precompsig->R2));
-    BREAK_ON_EPID_ERROR(res);
-    // 15. The member stores pre-sigma in the secure storage of the
-    //     member.
-    res = kEpidNoErr;
-  } while (0);
-
-  f = NULL;
-  DeleteEcPoint(&B);
-  DeleteEcPoint(&K);
-  DeleteEcPoint(&T);
-  DeleteEcPoint(&R1);
-  DeleteFfElement(&R2);
-  DeleteFfElement(&a);
-  DeleteFfElement(&b);
-  DeleteFfElement(&rx);
-  DeleteFfElement(&rf);
-  DeleteFfElement(&ra);
-  DeleteFfElement(&rb);
-  DeleteFfElement(&t1);
-  DeleteFfElement(&t2);
-
-  return (res);
-}

+ 0 - 84
external/epid-sdk-3.0.0/epid/member/src/privkey.c

@@ -1,84 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief Private key implementation.
- */
-
-#include "epid/common/src/memory.h"
-#include "epid/member/src/privkey.h"
-
-EpidStatus CreatePrivKey(PrivKey const* priv_key_str, EcGroup* G1,
-                         FiniteField* Fp, PrivKey_** priv_key) {
-  EpidStatus result = kEpidErr;
-  PrivKey_* priv_key_ = NULL;
-
-  // check parameters
-  if (!priv_key_str || !G1 || !Fp || !priv_key) return kEpidBadArgErr;
-
-  do {
-    priv_key_ = SAFE_ALLOC(sizeof(*priv_key_));
-
-    if (!priv_key_) {
-      result = kEpidMemAllocErr;
-      break;
-    }
-
-    result = NewEcPoint(G1, &priv_key_->A);
-    if (kEpidNoErr != result) break;
-
-    result = NewFfElement(Fp, &priv_key_->x);
-    if (kEpidNoErr != result) break;
-
-    result = NewFfElement(Fp, &priv_key_->f);
-    if (kEpidNoErr != result) break;
-
-    priv_key_->gid = priv_key_str->gid;
-
-    result = ReadEcPoint(G1, &priv_key_str->A, sizeof(priv_key_str->A),
-                         priv_key_->A);
-    if (kEpidNoErr != result) break;
-
-    result = ReadFfElement(Fp, &priv_key_str->x, sizeof(priv_key_str->x),
-                           priv_key_->x);
-    if (kEpidNoErr != result) break;
-
-    result = ReadFfElement(Fp, &priv_key_str->f, sizeof(priv_key_str->f),
-                           priv_key_->f);
-    if (kEpidNoErr != result) break;
-
-    *priv_key = priv_key_;
-    result = kEpidNoErr;
-  } while (0);
-
-  if (kEpidNoErr != result) {
-    DeletePrivKey(&priv_key_);
-  }
-
-  return (result);
-}
-
-void DeletePrivKey(PrivKey_** priv_key) {
-  if (priv_key) {
-    if (*priv_key) {
-      DeleteEcPoint(&((*priv_key)->A));
-      DeleteFfElement(&((*priv_key)->x));
-      DeleteFfElement(&((*priv_key)->f));
-    }
-    SAFE_FREE(*priv_key);
-  }
-}

+ 0 - 67
external/epid-sdk-3.0.0/epid/member/src/privkey.h

@@ -1,67 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-#ifndef EPID_MEMBER_SRC_PRIVKEY_H_
-#define EPID_MEMBER_SRC_PRIVKEY_H_
-/*!
-* \file
- * \brief Private key private interface.
-* \addtogroup EpidCommon
-* @{
-*/
-#include "epid/common/errors.h"
-#include "epid/common/math/ecgroup.h"
-#include "epid/common/types.h"
-
-/*!
- * \brief
- * Internal implementation of PrivKey
- */
-typedef struct PrivKey_ {
-  GroupId gid;   ///< group ID
-  EcPoint* A;    ///< an element in G1
-  FfElement* x;  ///< an integer between [0, p-1]
-  FfElement* f;  ///< an integer between [0, p-1]
-} PrivKey_;
-
-/// Constructs internal representation of PrivKey
-/*!
-  This function allocates memory and initializes gid, A, x, f parameters.
-
-  \param[in] priv_key_str
-  Serialized representation of private key
-  \param[in] G1
-  EcGroup containing element A
-  \param[in] Fp
-  FiniteField containing elements x and f
-  \param[out] priv_key
-  Newly created private key: (gid, A, x, f)
-
-  \returns ::EpidStatus
-*/
-EpidStatus CreatePrivKey(PrivKey const* priv_key_str, EcGroup* G1,
-                         FiniteField* Fp, PrivKey_** priv_key);
-
-/// Deallocate storage for internal representation of PrivKey
-/*!
-  Frees memory pointed to by Member private key. Nulls the pointer.
-
-  \param[in] priv_key
-  Member private key to be freed
-*/
-void DeletePrivKey(PrivKey_** priv_key);
-
-/*! @} */
-#endif  // EPID_MEMBER_SRC_PRIVKEY_H_

+ 0 - 418
external/epid-sdk-3.0.0/epid/member/src/request_join.c

@@ -1,418 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief EpidRequestJoin implementation.
- */
-
-#include <epid/member/api.h>
-#include <string.h>
-#include "epid/common/src/epid2params.h"
-#include "epid/common/math/finitefield.h"
-#include "epid/common/math/ecgroup.h"
-
-#pragma pack(1)
-/// Storage for values to create commitment in Sign and Verify algorithms
-typedef struct JoinPCommitValues {
-  BigNumStr p;     ///< Intel(R) EPID 2.0 parameter p
-  G1ElemStr g1;    ///< Intel(R) EPID 2.0 parameter g1
-  G2ElemStr g2;    ///< Intel(R) EPID 2.0 parameter g2
-  G1ElemStr h1;    ///< Group public key value h1
-  G1ElemStr h2;    ///< Group public key value h2
-  G2ElemStr w;     ///< Group public key value w
-  G1ElemStr F;     ///< Variable F computed in algorithm
-  G1ElemStr R;     ///< Variable R computed in algorithm
-  IssuerNonce NI;  ///< Nonce
-} JoinPCommitValues;
-#pragma pack()
-
-/// Handle SDK Error with Break
-#define BREAK_ON_EPID_ERROR(ret) \
-  if (kEpidNoErr != (ret)) {     \
-    break;                       \
-  }
-
-EpidStatus EpidRequestJoin(GroupPubKey const* pub_key, IssuerNonce const* ni,
-                           FpElemStr const* f, BitSupplier rnd_func,
-                           void* rnd_param, HashAlg hash_alg,
-                           JoinRequest* join_request) {
-  EpidStatus sts;
-  static const BigNumStr one = {
-      {{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}}};
-  BigNumStr r_str;
-  JoinPCommitValues commit_values;
-  Epid2Params_* params = NULL;
-  FfElement* r_el = NULL;
-  FfElement* f_el = NULL;
-  FfElement* c_el = NULL;
-  FfElement* cf_el = NULL;
-  FfElement* s_el = NULL;
-  EcPoint* f_pt = NULL;
-  EcPoint* r_pt = NULL;
-  EcPoint* h1_pt = NULL;
-
-  if (!pub_key || !ni || !f || !rnd_func || !join_request) {
-    return kEpidBadArgErr;
-  }
-  if (kSha256 != hash_alg && kSha384 != hash_alg && kSha512 != hash_alg) {
-    return kEpidBadArgErr;
-  }
-
-  do {
-    sts = CreateEpid2Params(&params);
-    BREAK_ON_EPID_ERROR(sts);
-    if (!params->Fp || !params->G1) {
-      sts = kEpidBadArgErr;
-      break;
-    }
-    sts = NewFfElement(params->Fp, &r_el);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = NewFfElement(params->Fp, &f_el);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = NewFfElement(params->Fp, &c_el);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = NewFfElement(params->Fp, &cf_el);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = NewFfElement(params->Fp, &s_el);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = NewEcPoint(params->G1, &f_pt);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = NewEcPoint(params->G1, &h1_pt);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = NewEcPoint(params->G1, &r_pt);
-    BREAK_ON_EPID_ERROR(sts);
-
-    sts = ReadFfElement(params->Fp, (uint8_t const*)f, sizeof(*f), f_el);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = ReadEcPoint(params->G1, (uint8_t*)&pub_key->h1, sizeof(pub_key->h1),
-                      h1_pt);
-    BREAK_ON_EPID_ERROR(sts);
-
-    // Step 1. The member chooses a random integer r from [1, p-1].
-    sts = FfGetRandom(params->Fp, &one, rnd_func, rnd_param, r_el);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = WriteFfElement(params->Fp, r_el, (uint8_t*)&r_str, sizeof(r_str));
-
-    // Step 2. The member computes F = G1.sscmExp(h1, f).
-    sts = EcExp(params->G1, h1_pt, (BigNumStr const*)f, f_pt);
-    BREAK_ON_EPID_ERROR(sts);
-
-    // Step 3. The member computes R = G1.sscmExp(h1, r).
-    sts = EcExp(params->G1, h1_pt, (BigNumStr const*)&r_str, r_pt);
-    BREAK_ON_EPID_ERROR(sts);
-
-    // Step 4. The member computes c = Fp.hash(p || g1 || g2 || h1 || h2 || w ||
-    // F || R || NI). Refer to Section 7.1 for hash operation over a prime
-    // field.
-    sts = WriteBigNum(params->p, sizeof(commit_values.p),
-                      (uint8_t*)&commit_values.p);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = WriteEcPoint(params->G1, params->g1, (uint8_t*)&commit_values.g1,
-                       sizeof(commit_values.g1));
-    BREAK_ON_EPID_ERROR(sts);
-    sts = WriteEcPoint(params->G2, params->g2, (uint8_t*)&commit_values.g2,
-                       sizeof(commit_values.g2));
-    BREAK_ON_EPID_ERROR(sts);
-    commit_values.h1 = pub_key->h1;
-    commit_values.h2 = pub_key->h2;
-    commit_values.w = pub_key->w;
-    sts = WriteEcPoint(params->G1, f_pt, (uint8_t*)&commit_values.F,
-                       sizeof(commit_values.F));
-    BREAK_ON_EPID_ERROR(sts);
-    sts = WriteEcPoint(params->G1, r_pt, (uint8_t*)&commit_values.R,
-                       sizeof(commit_values.R));
-    BREAK_ON_EPID_ERROR(sts);
-    commit_values.NI = *ni;
-    sts = FfHash(params->Fp, (uint8_t*)&commit_values, sizeof(commit_values),
-                 hash_alg, c_el);
-    BREAK_ON_EPID_ERROR(sts);
-
-    // Step 5. The member computes s = (r + c * f) mod p.
-    sts = FfMul(params->Fp, c_el, f_el, cf_el);
-    BREAK_ON_EPID_ERROR(sts);
-    sts = FfAdd(params->Fp, r_el, cf_el, s_el);
-    BREAK_ON_EPID_ERROR(sts);
-
-    // Step 6. The output join request is (F, c, s).
-    sts = WriteFfElement(params->Fp, c_el, (uint8_t*)&join_request->c,
-                         sizeof(join_request->c));
-    BREAK_ON_EPID_ERROR(sts);
-    sts = WriteFfElement(params->Fp, s_el, (uint8_t*)&join_request->s,
-                         sizeof(join_request->s));
-    BREAK_ON_EPID_ERROR(sts);
-    sts = WriteEcPoint(params->G1, f_pt, (uint8_t*)&join_request->F,
-                       sizeof(join_request->F));
-    BREAK_ON_EPID_ERROR(sts);
-
-    sts = kEpidNoErr;
-  } while (0);
-  DeleteEcPoint(&h1_pt);
-  DeleteEcPoint(&r_pt);
-  DeleteEcPoint(&f_pt);
-  DeleteFfElement(&s_el);
-  DeleteFfElement(&cf_el);
-  DeleteFfElement(&c_el);
-  DeleteFfElement(&f_el);
-  DeleteFfElement(&r_el);
-  DeleteEpid2Params(&params);
-  return sts;
-}
-
-// implements section 3.2.2 "Validation of Private Key" from
-// Intel(R) EPID 2.0 Spec
-bool EpidIsPrivKeyInGroup(GroupPubKey const* pub_key, PrivKey const* priv_key) {
-  bool result;
-
-  // Intel(R) EPID Parameters
-  Epid2Params_* params = NULL;
-  PairingState* ps = NULL;
-
-  // private key
-  EcPoint* a_pt = NULL;    // an element in G1
-  FfElement* x_el = NULL;  // an integer between [1, p-1]
-  FfElement* f_el = NULL;  // an integer between [1, p-1]
-
-  // public key
-  EcPoint* h1_pt = NULL;  // an element in G1
-  EcPoint* h2_pt = NULL;  // an element in G1
-  EcPoint* w_pt = NULL;   // an element in G2
-
-  // local variables
-  EcPoint* t1_pt = NULL;    // an element in G2
-  EcPoint* t2_pt = NULL;    // an element in G1
-  FfElement* t3_el = NULL;  // an element in GT
-  FfElement* t4_el = NULL;  // an element in GT
-
-  if (!pub_key || !priv_key) {
-    return false;
-  }
-
-  do {
-    EpidStatus sts;
-    EcGroup* G1 = NULL;
-    EcGroup* G2 = NULL;
-    FiniteField* GT = NULL;
-    FiniteField* Fp = NULL;
-    BigNumStr t_str = {0};
-
-    sts = CreateEpid2Params(&params);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    G1 = params->G1;
-    G2 = params->G2;
-    GT = params->GT;
-    Fp = params->Fp;
-
-    sts = WriteBigNum(params->t, sizeof(t_str), &t_str);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = NewPairingState(G1, G2, GT, &t_str, params->neg, &ps);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    // Load private key
-    sts = NewEcPoint(G1, &a_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = ReadEcPoint(G1, &priv_key->A, sizeof(priv_key->A), a_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = NewFfElement(Fp, &x_el);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = ReadFfElement(Fp, &priv_key->x, sizeof(priv_key->x), x_el);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = NewFfElement(Fp, &f_el);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = ReadFfElement(Fp, &priv_key->f, sizeof(priv_key->f), f_el);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    // Load public key
-    sts = NewEcPoint(G1, &h1_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = ReadEcPoint(G1, &pub_key->h1, sizeof(pub_key->h1), h1_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = NewEcPoint(G1, &h2_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = ReadEcPoint(G1, &pub_key->h2, sizeof(pub_key->h2), h2_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = NewEcPoint(G2, &w_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = ReadEcPoint(G2, &pub_key->w, sizeof(pub_key->w), w_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    // local variables
-    sts = NewEcPoint(G2, &t1_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = NewEcPoint(G1, &t2_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = NewFfElement(GT, &t3_el);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = NewFfElement(GT, &t4_el);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    // Step 1. The member verifies that the gid in the public key matches the
-    //         gid in the private key.
-    if (0 != memcmp(&pub_key->gid, &priv_key->gid, sizeof(priv_key->gid))) {
-      result = false;
-      break;
-    }
-
-    // Step 2. The member computes t1 = G2.sscmExp(g2, x).
-    sts = EcSscmExp(G2, params->g2, (BigNumStr const*)&priv_key->x, t1_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    // Step 3. The member computes t1 = G2.mul(t1, w).
-    sts = EcMul(G2, t1_pt, w_pt, t1_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    // Step 4. The member computes t3 = pairing(A, t1).
-    sts = Pairing(ps, t3_el, a_pt, t1_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    // Step 5. The member computes t2 = G1.sscmExp(h1, f).
-    sts = EcSscmExp(G1, h1_pt, (BigNumStr const*)&priv_key->f, t2_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    // Step 6. The member computes t2 = G1.mul(t2, g1).
-    sts = EcMul(G1, t2_pt, params->g1, t2_pt);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    // Step 7. The member computes t4 = pairing(t2, g2).
-    sts = WriteBigNum(params->t, sizeof(t_str), &t_str);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    sts = Pairing(ps, t4_el, t2_pt, params->g2);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-
-    // Step 8. If GT.isEqual(t3, t4) = false, reports bad private key.
-    sts = FfIsEqual(GT, t3_el, t4_el, &result);
-    if (kEpidNoErr != sts) {
-      result = false;
-      break;
-    }
-  } while (0);
-
-  // local variables
-  DeleteFfElement(&t4_el);
-  DeleteFfElement(&t3_el);
-  DeleteEcPoint(&t2_pt);
-  DeleteEcPoint(&t1_pt);
-
-  // public key
-  DeleteEcPoint(&w_pt);
-  DeleteEcPoint(&h2_pt);
-  DeleteEcPoint(&h1_pt);
-
-  // private key
-  DeleteFfElement(&f_el);
-  DeleteFfElement(&x_el);
-  DeleteEcPoint(&a_pt);
-
-  // Intel(R) EPID Parameters
-  DeletePairingState(&ps);
-  DeleteEpid2Params(&params);
-
-  return result;
-}

+ 0 - 272
external/epid-sdk-3.0.0/epid/member/src/signbasic.c

@@ -1,272 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief EpidSignBasic implementation.
- */
-
-#include <string.h>  // memset
-
-#include "epid/common/src/stack.h"
-#include "epid/member/api.h"
-#include "epid/member/src/context.h"
-
-/// Handle SDK Error with Break
-#define BREAK_ON_EPID_ERROR(ret) \
-  if (kEpidNoErr != (ret)) {     \
-    break;                       \
-  }
-
-EpidStatus EpidSignBasic(MemberCtx const* ctx, void const* msg, size_t msg_len,
-                         void const* basename, size_t basename_len,
-                         BasicSignature* sig) {
-  EpidStatus result = kEpidErr;
-  // Values to be affected by basename
-  EcPoint* B = NULL;
-  EcPoint* K = NULL;
-  EcPoint* R1 = NULL;
-  // data from presig
-  EcPoint* T = NULL;
-  FfElement* a = NULL;
-  FfElement* b = NULL;
-  FfElement* rx = NULL;
-  FfElement* rf = NULL;
-  FfElement* ra = NULL;
-  FfElement* rb = NULL;
-  FfElement* R2 = NULL;
-
-  // final calculatoin data
-  FfElement* sx = NULL;
-  FfElement* sf = NULL;
-  FfElement* sa = NULL;
-  FfElement* sb = NULL;
-  FfElement* c_hash = NULL;
-  // priv key data, need to clear after use
-  BigNumStr f_str = {0};
-  if (!ctx || !sig) {
-    return kEpidBadArgErr;
-  }
-  if (!msg && (0 != msg_len)) {
-    // if message is non-empty it must have both length and content
-    return kEpidBadArgErr;
-  }
-  if (!basename && (0 != basename_len)) {
-    // if basename is non-empty it must have both length and content
-    return kEpidBadArgErr;
-  }
-  if (!ctx->epid2_params || !ctx->priv_key || !ctx->epid2_params->G1 ||
-      !ctx->epid2_params->GT || !ctx->epid2_params->Fp || !ctx->priv_key->f) {
-    return kEpidBadArgErr;
-  }
-
-  do {
-    PreComputedSignature curr_presig;
-    G1ElemStr B_str = {0};
-    G1ElemStr K_str = {0};
-    CommitValues commit_values = ctx->commit_values;
-
-    // create all required elemnts
-    result = NewEcPoint(ctx->epid2_params->G1, &B);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewEcPoint(ctx->epid2_params->G1, &K);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewEcPoint(ctx->epid2_params->G1, &R1);
-    BREAK_ON_EPID_ERROR(result);
-
-    result = NewEcPoint(ctx->epid2_params->G1, &T);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->GT, &R2);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->Fp, &sx);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->Fp, &sf);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->Fp, &sa);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->Fp, &sb);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->Fp, &c_hash);
-    BREAK_ON_EPID_ERROR(result);
-
-    result = NewFfElement(ctx->epid2_params->Fp, &a);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->Fp, &b);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->Fp, &rx);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->Fp, &rf);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->Fp, &ra);
-    BREAK_ON_EPID_ERROR(result);
-    result = NewFfElement(ctx->epid2_params->Fp, &rb);
-    BREAK_ON_EPID_ERROR(result);
-
-    if (StackGetSize(ctx->presigs)) {
-      // Use existing pre-computed signature
-      if (!StackPopN(ctx->presigs, 1, &curr_presig)) {
-        result = kEpidErr;
-        break;
-      }
-    } else {
-      // generate a new pre-computed signature
-      result = EpidComputePreSig(ctx, &curr_presig);
-      BREAK_ON_EPID_ERROR(result);
-    }
-    // 3.  If the pre-computed signature pre-sigma exists, the member
-    //     loads (B, K, T, a, b, rx, rf, ra, rb, R1, R2) from
-    //     pre-sigma. Refer to Section 4.4 for the computation of
-    //     these values.
-    result = ReadEcPoint(ctx->epid2_params->G1, &curr_presig.B,
-                         sizeof(curr_presig.B), B);
-    BREAK_ON_EPID_ERROR(result);
-    result = ReadEcPoint(ctx->epid2_params->G1, &curr_presig.K,
-                         sizeof(curr_presig.K), K);
-    BREAK_ON_EPID_ERROR(result);
-    result = ReadEcPoint(ctx->epid2_params->G1, &curr_presig.T,
-                         sizeof(curr_presig.T), T);
-    BREAK_ON_EPID_ERROR(result);
-    result = ReadFfElement(ctx->epid2_params->Fp, &curr_presig.a,
-                           sizeof(curr_presig.a), a);
-    BREAK_ON_EPID_ERROR(result);
-    result = ReadFfElement(ctx->epid2_params->Fp, &curr_presig.b,
-                           sizeof(curr_presig.b), b);
-    BREAK_ON_EPID_ERROR(result);
-    result = ReadFfElement(ctx->epid2_params->Fp, &curr_presig.rx,
-                           sizeof(curr_presig.rx), rx);
-    BREAK_ON_EPID_ERROR(result);
-    result = ReadFfElement(ctx->epid2_params->Fp, &curr_presig.rf,
-                           sizeof(curr_presig.rf), rf);
-    BREAK_ON_EPID_ERROR(result);
-    result = ReadFfElement(ctx->epid2_params->Fp, &curr_presig.ra,
-                           sizeof(curr_presig.ra), ra);
-    BREAK_ON_EPID_ERROR(result);
-    result = ReadFfElement(ctx->epid2_params->Fp, &curr_presig.rb,
-                           sizeof(curr_presig.rb), rb);
-    BREAK_ON_EPID_ERROR(result);
-    result = ReadEcPoint(ctx->epid2_params->G1, &curr_presig.R1,
-                         sizeof(curr_presig.R1), R1);
-    BREAK_ON_EPID_ERROR(result);
-    result = ReadFfElement(ctx->epid2_params->GT, &curr_presig.R2,
-                           sizeof(curr_presig.R2), R2);
-    BREAK_ON_EPID_ERROR(result);
-
-    if (basename) {
-      // If basename is provided, the member does the following:
-      // make sure basename is registered/allowed
-      if (!ContainsBasename(ctx->allowed_basenames, basename, basename_len)) {
-        result = kEpidBadArgErr;
-        break;
-      } else {
-        // basename valid, can modify parameters
-        //   a. The member computes B = G1.hash(bsn).
-        result = EcHash(ctx->epid2_params->G1, basename, basename_len,
-                        ctx->hash_alg, B);
-        BREAK_ON_EPID_ERROR(result);
-        //   b. The member computes K = G1.sscmExp(B, f), where B comes
-        //      from step a.
-        result = WriteFfElement(ctx->epid2_params->Fp, ctx->priv_key->f, &f_str,
-                                sizeof(f_str));
-        BREAK_ON_EPID_ERROR(result);
-        result = EcSscmExp(ctx->epid2_params->G1, B, &f_str, K);
-        BREAK_ON_EPID_ERROR(result);
-        //   c. The member computes R1 = G1.sscmExp(B, rf), where B comes
-        //      from step a.
-        result = EcSscmExp(ctx->epid2_params->G1, B,
-                           (const BigNumStr*)&curr_presig.rf, R1);
-        BREAK_ON_EPID_ERROR(result);
-        //   d. The member over-writes the B, K, and R1 values.
-      }
-    }
-    // 5.  The member computes t3 = Fp.hash(p || g1 || g2 || h1 || h2
-    //     || w || B || K || T || R1 || R2). Refer to Section 7.1 for
-    //     hash operation over a prime field.
-    // 6.  The member computes c = Fp.hash(t3 || m).
-    result = WriteEcPoint(ctx->epid2_params->G1, B, &B_str, sizeof(B_str));
-    BREAK_ON_EPID_ERROR(result);
-    result = WriteEcPoint(ctx->epid2_params->G1, K, &K_str, sizeof(K_str));
-    BREAK_ON_EPID_ERROR(result);
-    result = SetCalculatedCommitValues(&B_str, &K_str, &curr_presig.T, R1,
-                                       ctx->epid2_params->G1, R2,
-                                       ctx->epid2_params->GT, &commit_values);
-    BREAK_ON_EPID_ERROR(result);
-    result = CalculateCommitmentHash(&commit_values, ctx->epid2_params->Fp,
-                                     ctx->hash_alg, msg, msg_len, c_hash);
-    BREAK_ON_EPID_ERROR(result);
-    // 7.  The member computes sx = (rx + c * x) mod p.
-    result = FfMul(ctx->epid2_params->Fp, c_hash, ctx->priv_key->x, sx);
-    BREAK_ON_EPID_ERROR(result);
-    result = FfAdd(ctx->epid2_params->Fp, rx, sx, sx);
-    // 8.  The member computes sf = (rf + c * f) mod p.
-    result = FfMul(ctx->epid2_params->Fp, c_hash, ctx->priv_key->f, sf);
-    BREAK_ON_EPID_ERROR(result);
-    result = FfAdd(ctx->epid2_params->Fp, rf, sf, sf);
-    BREAK_ON_EPID_ERROR(result);
-    // 9.  The member computes sa = (ra + c * a) mod p.
-    result = FfMul(ctx->epid2_params->Fp, c_hash, a, sa);
-    BREAK_ON_EPID_ERROR(result);
-    result = FfAdd(ctx->epid2_params->Fp, ra, sa, sa);
-    BREAK_ON_EPID_ERROR(result);
-    // 10. The member computes sb = (rb + c * b) mod p.
-    result = FfMul(ctx->epid2_params->Fp, c_hash, b, sb);
-    BREAK_ON_EPID_ERROR(result);
-    result = FfAdd(ctx->epid2_params->Fp, rb, sb, sb);
-    BREAK_ON_EPID_ERROR(result);
-    // 11. The member sets sigma0 = (B, K, T, c, sx, sf, sa, sb).
-    result = WriteEcPoint(ctx->epid2_params->G1, B, &sig->B, sizeof(sig->B));
-    BREAK_ON_EPID_ERROR(result);
-    result = WriteEcPoint(ctx->epid2_params->G1, K, &sig->K, sizeof(sig->K));
-    BREAK_ON_EPID_ERROR(result);
-    result = WriteEcPoint(ctx->epid2_params->G1, T, &sig->T, sizeof(sig->T));
-    BREAK_ON_EPID_ERROR(result);
-    result =
-        WriteFfElement(ctx->epid2_params->Fp, c_hash, &sig->c, sizeof(sig->c));
-    BREAK_ON_EPID_ERROR(result);
-    result =
-        WriteFfElement(ctx->epid2_params->Fp, sx, &sig->sx, sizeof(sig->sx));
-    BREAK_ON_EPID_ERROR(result);
-    result =
-        WriteFfElement(ctx->epid2_params->Fp, sf, &sig->sf, sizeof(sig->sf));
-    BREAK_ON_EPID_ERROR(result);
-    result =
-        WriteFfElement(ctx->epid2_params->Fp, sa, &sig->sa, sizeof(sig->sa));
-    BREAK_ON_EPID_ERROR(result);
-    result =
-        WriteFfElement(ctx->epid2_params->Fp, sb, &sig->sb, sizeof(sig->sb));
-    BREAK_ON_EPID_ERROR(result);
-    result = kEpidNoErr;
-  } while (0);
-  // remove all data
-  DeleteEcPoint(&B);
-  DeleteEcPoint(&K);
-  DeleteEcPoint(&R1);
-
-  DeleteEcPoint(&T);
-  DeleteFfElement(&R2);
-  DeleteFfElement(&sx);
-  DeleteFfElement(&sf);
-  DeleteFfElement(&sa);
-  DeleteFfElement(&sb);
-  DeleteFfElement(&c_hash);
-  DeleteFfElement(&a);
-  DeleteFfElement(&b);
-  DeleteFfElement(&rx);
-  DeleteFfElement(&rf);
-  DeleteFfElement(&ra);
-  DeleteFfElement(&rb);
-
-  return result;
-}

+ 0 - 93
external/epid-sdk-3.0.0/epid/member/unittests/compute_presig-test.cc

@@ -1,93 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief ComputePreSig unit tests.
- */
-
-#include "gtest/gtest.h"
-
-extern "C" {
-#include "epid/member/api.h"
-#include "epid/member/src/context.h"
-}
-
-#include "epid/member/unittests/member-testhelper.h"
-#include "epid/common-testhelper/prng-testhelper.h"
-#include "epid/common-testhelper/errors-testhelper.h"
-#include "epid/common-testhelper/finite_field_wrapper-testhelper.h"
-#include "epid/common-testhelper/ffelement_wrapper-testhelper.h"
-#include "epid/common-testhelper/epid_params-testhelper.h"
-
-namespace {
-
-TEST_F(EpidMemberTest, ComputePreSigFailsGivenNullPointer) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  PreComputedSignature presig;
-  EXPECT_EQ(kEpidBadArgErr, EpidComputePreSig(nullptr, &presig));
-  EXPECT_EQ(kEpidBadArgErr, EpidComputePreSig(member, nullptr));
-}
-
-TEST_F(EpidMemberTest,
-       ComputePreSigGeneratedPreComputedSignatureCanBeDeserialized) {
-  const BigNumStr p_str = {
-      {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, 0x46, 0xE5, 0xF2, 0x5E,
-        0xEE, 0x71, 0xA4, 0x9E, 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99, 0x92, 0x1A,
-        0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D}}};
-
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  PreComputedSignature presig;
-  EXPECT_EQ(kEpidNoErr, EpidComputePreSig(member, &presig));
-
-  Epid20Params params;
-  FiniteFieldObj Fp(p_str);
-  FfElementObj Fp_element(&Fp);
-
-  FfElementObj GT_element(&params.GT);
-  EcPointObj G1_pt(&params.G1);
-
-  EXPECT_EQ(kEpidNoErr,
-            ReadEcPoint(params.G1, &presig.B, sizeof(presig.B), G1_pt));
-  EXPECT_EQ(kEpidNoErr,
-            ReadEcPoint(params.G1, &presig.K, sizeof(presig.K), G1_pt));
-  EXPECT_EQ(kEpidNoErr,
-            ReadEcPoint(params.G1, &presig.T, sizeof(presig.T), G1_pt));
-  EXPECT_EQ(kEpidNoErr,
-            ReadEcPoint(params.G1, &presig.R1, sizeof(presig.R1), G1_pt));
-  EXPECT_EQ(kEpidNoErr, ReadFfElement(params.GT, &presig.R2, sizeof(presig.R2),
-                                      GT_element));
-  EXPECT_EQ(kEpidNoErr,
-            ReadFfElement(Fp, &presig.a, sizeof(presig.a), Fp_element));
-  EXPECT_EQ(kEpidNoErr,
-            ReadFfElement(Fp, &presig.b, sizeof(presig.b), Fp_element));
-  EXPECT_EQ(kEpidNoErr,
-            ReadFfElement(Fp, &presig.rx, sizeof(presig.rx), Fp_element));
-  EXPECT_EQ(kEpidNoErr,
-            ReadFfElement(Fp, &presig.rf, sizeof(presig.rf), Fp_element));
-  EXPECT_EQ(kEpidNoErr,
-            ReadFfElement(Fp, &presig.ra, sizeof(presig.ra), Fp_element));
-  EXPECT_EQ(kEpidNoErr,
-            ReadFfElement(Fp, &presig.rb, sizeof(presig.rb), Fp_element));
-}
-
-}  // namespace

+ 0 - 264
external/epid-sdk-3.0.0/epid/member/unittests/context-test.cc

@@ -1,264 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief Member unit tests.
- */
-#include <cstring>
-#include <vector>
-#include "gtest/gtest.h"
-
-#include "epid/common-testhelper/prng-testhelper.h"
-#include "epid/member/unittests/member-testhelper.h"
-
-extern "C" {
-#include "epid/member/api.h"
-#include "epid/member/src/context.h"
-}
-bool operator==(MemberPrecomp const& lhs, MemberPrecomp const& rhs) {
-  return 0 == std::memcmp(&lhs, &rhs, sizeof(lhs));
-}
-namespace {
-//////////////////////////////////////////////////////////////////////////
-// EpidMemberDelete Tests
-TEST_F(EpidMemberTest, DeleteWorksGivenNullMemberCtx) {
-  EpidMemberDelete(nullptr);
-  MemberCtx* member_ctx = nullptr;
-  EpidMemberDelete(&member_ctx);
-}
-TEST_F(EpidMemberTest, DeleteNullsMemberCtx) {
-  MemberCtx* ctx = nullptr;
-  Prng my_prng;
-  EpidMemberCreate(nullptr, &this->kMemberPrivateKey, &this->kMemberPrecomp,
-                   &Prng::Generate, &my_prng, &ctx);
-  EpidMemberDelete(&ctx);
-  EXPECT_EQ(nullptr, ctx);
-}
-//////////////////////////////////////////////////////////////////////////
-// EpidMemberCreate Tests
-// test that create fails if any mandatory parameters are NULL
-TEST_F(EpidMemberTest, CreateFailsGivenNullParameters) {
-  MemberCtx* member_ctx = nullptr;
-  Prng my_prng;
-  EXPECT_EQ(
-      kEpidBadArgErr,
-      EpidMemberCreate(nullptr, &this->kMemberPrivateKey, &this->kMemberPrecomp,
-                       &Prng::Generate, &my_prng, &member_ctx));
-  EpidMemberDelete(&member_ctx);
-
-  EXPECT_EQ(
-      kEpidBadArgErr,
-      EpidMemberCreate(&this->kGroupPublicKey, nullptr, &this->kMemberPrecomp,
-                       &Prng::Generate, &my_prng, &member_ctx));
-  EpidMemberDelete(&member_ctx);
-
-  EXPECT_EQ(
-      kEpidBadArgErr,
-      EpidMemberCreate(&this->kGroupPublicKey, &this->kMemberPrivateKey,
-                       &this->kMemberPrecomp, nullptr, &my_prng, &member_ctx));
-  EpidMemberDelete(&member_ctx);
-
-  EXPECT_EQ(kEpidBadArgErr,
-            EpidMemberCreate(&this->kGroupPublicKey, &this->kMemberPrivateKey,
-                             &this->kMemberPrecomp, &Prng::Generate, &my_prng,
-                             nullptr));
-  EpidMemberDelete(nullptr);
-}
-
-// test that create succeeds with valid parameters
-TEST_F(EpidMemberTest, CreateSucceedsGivenValidParameters) {
-  MemberCtx* member_ctx = nullptr;
-  Prng my_prng;
-
-  // pass the whole list of parameters
-  EXPECT_EQ(kEpidNoErr,
-            EpidMemberCreate(&this->kGroupPublicKey, &this->kMemberPrivateKey,
-                             &this->kMemberPrecomp, &Prng::Generate, &my_prng,
-                             &member_ctx));
-  EpidMemberDelete(&member_ctx);
-
-  // pass the whole list of parameters but member_precomp
-  EXPECT_EQ(kEpidNoErr,
-            EpidMemberCreate(&this->kGroupPublicKey, &this->kMemberPrivateKey,
-                             nullptr, &Prng::Generate, &my_prng, &member_ctx));
-  EpidMemberDelete(&member_ctx);
-}
-// test that create succeeds with valid IKGF given parameters
-TEST_F(EpidMemberTest, CreateSucceedsGivenValidParametersUsingIKGFData) {
-  const GroupPubKey grp_public_key = {
-#include "epid/common-testhelper/testdata/ikgf/groupa/pubkey.inc"
-  };
-  const PrivKey mbr_private_key = {
-#include "epid/common-testhelper/testdata/ikgf/groupa/member0/mprivkey.inc"
-  };
-
-  const MemberPrecomp mbr_precomp = {
-#include "epid/common-testhelper/testdata/ikgf/groupa/member0/mprecomp.inc"
-  };
-
-  MemberCtx* member_ctx = nullptr;
-  Prng my_prng;
-
-  // pass the whole list of parameters
-  EXPECT_EQ(kEpidNoErr,
-            EpidMemberCreate(&grp_public_key, &mbr_private_key, &mbr_precomp,
-                             &Prng::Generate, &my_prng, &member_ctx));
-  EpidMemberDelete(&member_ctx);
-
-  // pass the whole list of parameters but member_precomp
-  EXPECT_EQ(kEpidNoErr,
-            EpidMemberCreate(&grp_public_key, &mbr_private_key, nullptr,
-                             &Prng::Generate, &my_prng, &member_ctx));
-  EpidMemberDelete(&member_ctx);
-}
-
-TEST_F(EpidMemberTest, CreateFailsForInvalidGroupPubKey) {
-  MemberCtx* member_ctx = nullptr;
-  Prng my_prng;
-  GroupPubKey gpk_h1 = this->kGroupPublicKey;
-  gpk_h1.h1.x.data.data[0]++;
-  EXPECT_EQ(
-      kEpidBadArgErr,
-      EpidMemberCreate(&gpk_h1, &this->kMemberPrivateKey, &this->kMemberPrecomp,
-                       &Prng::Generate, &my_prng, &member_ctx));
-  EpidMemberDelete(&member_ctx);
-  GroupPubKey gpk_h2 = this->kGroupPublicKey;
-  gpk_h2.h2.x.data.data[0]++;
-  EXPECT_EQ(
-      kEpidBadArgErr,
-      EpidMemberCreate(&gpk_h2, &this->kMemberPrivateKey, &this->kMemberPrecomp,
-                       &Prng::Generate, &my_prng, &member_ctx));
-  EpidMemberDelete(&member_ctx);
-  GroupPubKey gpk_w = this->kGroupPublicKey;
-  gpk_w.w.x[0].data.data[0]++;
-  EXPECT_EQ(
-      kEpidBadArgErr,
-      EpidMemberCreate(&gpk_w, &this->kMemberPrivateKey, &this->kMemberPrecomp,
-                       &Prng::Generate, &my_prng, &member_ctx));
-  EpidMemberDelete(&member_ctx);
-}
-TEST_F(EpidMemberTest, CreateFailsForInvalidPrivateKey) {
-  MemberCtx* member_ctx = nullptr;
-  Prng my_prng;
-  PrivKey pk_A = this->kMemberPrivateKey;
-  pk_A.A.x.data.data[0]++;
-  EXPECT_EQ(
-      kEpidBadArgErr,
-      EpidMemberCreate(&this->kGroupPublicKey, &pk_A, &this->kMemberPrecomp,
-                       &Prng::Generate, &my_prng, &member_ctx));
-  EpidMemberDelete(&member_ctx);
-}
-
-//////////////////////////////////////////////////////////////////////////
-// EpidMemberSetHashAlg
-TEST_F(EpidMemberTest, SetHashAlgFailsGivenNullPtr) {
-  EXPECT_EQ(kEpidBadArgErr, EpidMemberSetHashAlg(nullptr, kSha256));
-}
-TEST_F(EpidMemberTest, SetHashAlgCanSetValidAlgorithm) {
-  Prng my_prng;
-  MemberCtxObj member_ctx(this->kGroupPublicKey, this->kMemberPrivateKey,
-                          &Prng::Generate, &my_prng);
-  EXPECT_EQ(kEpidNoErr, EpidMemberSetHashAlg(member_ctx, kSha256));
-  EXPECT_EQ(kEpidNoErr, EpidMemberSetHashAlg(member_ctx, kSha384));
-  EXPECT_EQ(kEpidNoErr, EpidMemberSetHashAlg(member_ctx, kSha512));
-}
-TEST_F(EpidMemberTest, SetHashAlgFailsForNonSupportedAlgorithm) {
-  Prng my_prng;
-  MemberCtxObj member_ctx(this->kGroupPublicKey, this->kMemberPrivateKey,
-                          &Prng::Generate, &my_prng);
-  EXPECT_EQ(kEpidBadArgErr, EpidMemberSetHashAlg(member_ctx, kSha512_256));
-  EXPECT_EQ(kEpidBadArgErr, EpidMemberSetHashAlg(member_ctx, kSha3_256));
-  EXPECT_EQ(kEpidBadArgErr, EpidMemberSetHashAlg(member_ctx, kSha3_384));
-  EXPECT_EQ(kEpidBadArgErr, EpidMemberSetHashAlg(member_ctx, kSha3_512));
-  EXPECT_EQ(kEpidBadArgErr, EpidMemberSetHashAlg(member_ctx, (HashAlg)-1));
-}
-//////////////////////////////////////////////////////////////////////////
-// EpidRegisterBaseName
-TEST_F(EpidMemberTest, RegisterBaseNameFailsGivenNullPtr) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-  std::vector<uint8_t> basename = {'_', 'b', 'a', 's', 'e', 'n', 'a', 'm', 'e'};
-  EXPECT_EQ(kEpidBadArgErr,
-            EpidRegisterBaseName(member, nullptr, basename.size()));
-  EXPECT_EQ(kEpidBadArgErr,
-            EpidRegisterBaseName(nullptr, basename.data(), basename.size()));
-}
-TEST_F(EpidMemberTest, RegisterBaseNameFailsGivenDuplicateBaseName) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-  std::vector<uint8_t> basename = {'d', 'b', 'a', 's', 'e', 'n', 'a', 'm', 'e'};
-  EXPECT_EQ(kEpidNoErr,
-            EpidRegisterBaseName(member, basename.data(), basename.size()));
-  EXPECT_EQ(kEpidDuplicateErr,
-            EpidRegisterBaseName(member, basename.data(), basename.size()));
-}
-TEST_F(EpidMemberTest, RegisterBaseNameFailsGivenInvalidBaseName) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-  std::vector<uint8_t> basename = {};
-  std::vector<uint8_t> basename2 = {'b', 's', 'n'};
-  EXPECT_EQ(kEpidBadArgErr,
-            EpidRegisterBaseName(member, basename.data(), basename.size()));
-  EXPECT_EQ(kEpidBadArgErr, EpidRegisterBaseName(member, basename2.data(), 0));
-}
-TEST_F(EpidMemberTest, RegisterBaseNameSucceedsGivenUniqueBaseName) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-  std::vector<uint8_t> basename = {'b', 's', 'n', '0', '1'};
-  EXPECT_EQ(kEpidNoErr,
-            EpidRegisterBaseName(member, basename.data(), basename.size()));
-}
-//////////////////////////////////////////////////////////////////////////
-// EpidMemberWritePrecomp
-TEST_F(EpidMemberTest, MemberWritePrecompFailsGivenNullPointer) {
-  MemberPrecomp precomp;
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-  MemberCtx* ctx = member;
-  EXPECT_EQ(kEpidBadArgErr, EpidMemberWritePrecomp(nullptr, &precomp));
-  EXPECT_EQ(kEpidBadArgErr, EpidMemberWritePrecomp(ctx, nullptr));
-}
-TEST_F(EpidMemberTest, MemberWritePrecompSucceedGivenValidArgument) {
-  MemberPrecomp precomp;
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-  MemberCtx* ctx = member;
-  EXPECT_EQ(kEpidNoErr, EpidMemberWritePrecomp(ctx, &precomp));
-  MemberPrecomp expected_precomp = this->kMemberPrecomp;
-  EXPECT_EQ(expected_precomp, precomp);
-
-  MemberCtxObj member2(this->kGroupPublicKey, this->kMemberPrivateKey,
-                       &Prng::Generate, &my_prng);
-  MemberCtx* ctx2 = member2;
-  EXPECT_EQ(kEpidNoErr, EpidMemberWritePrecomp(ctx2, &precomp));
-  EXPECT_EQ(expected_precomp, precomp);
-}
-TEST_F(EpidMemberTest, DefaultHashAlgIsSha512) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-  MemberCtx* ctx = member;
-  EXPECT_EQ(kSha512, ctx->hash_alg);
-}
-
-}  // namespace

+ 0 - 522
external/epid-sdk-3.0.0/epid/member/unittests/member-testhelper.cc

@@ -1,522 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief Member C++ wrapper implementation.
- */
-
-#include "epid/member/unittests/member-testhelper.h"
-
-#include <cstdio>
-#include <string>
-
-MemberCtxObj::MemberCtxObj(GroupPubKey const& pub_key, PrivKey const& priv_key,
-                           BitSupplier rnd_func, void* rnd_param)
-    : ctx_(nullptr) {
-  auto sts = EpidMemberCreate(&pub_key, &priv_key, nullptr, rnd_func, rnd_param,
-                              &ctx_);
-  if (kEpidNoErr != sts) {
-    printf("%s(%d): %s\n", __FILE__, __LINE__, "test defect:");
-    throw std::logic_error(std::string("Failed to call: ") +
-                           "EpidMemberCreate()");
-  }
-}
-
-MemberCtxObj::MemberCtxObj(GroupPubKey const& pub_key, PrivKey const& priv_key,
-                           MemberPrecomp const& precomp, BitSupplier rnd_func,
-                           void* rnd_param)
-    : ctx_(nullptr) {
-  auto sts = EpidMemberCreate(&pub_key, &priv_key, &precomp, rnd_func,
-                              rnd_param, &ctx_);
-  if (kEpidNoErr != sts) {
-    printf("%s(%d): %s\n", __FILE__, __LINE__, "test defect:");
-    throw std::logic_error(std::string("Failed to call: ") +
-                           "EpidMemberCreate()");
-  }
-}
-
-MemberCtxObj::~MemberCtxObj() { EpidMemberDelete(&ctx_); }
-
-MemberCtx* MemberCtxObj::ctx() const { return ctx_; }
-
-MemberCtxObj::operator MemberCtx*() const { return ctx_; }
-
-MemberCtxObj::operator const MemberCtx*() const { return ctx_; }
-
-/// Arbitrary test data were generated based on Intel(R) EPID 2.0 parameters
-const GroupPubKey EpidMemberTest::kGroupPublicKey = {
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x01},  // group id
-    {{{{0xb3, 0x6f, 0xff, 0x81, 0xe2, 0x1b, 0x17, 0xeb, 0x3d, 0x75, 0x3d, 0x61,
-        0x7e, 0x27, 0xb0, 0xcb, 0xd0, 0x6d, 0x8f, 0x9d, 0x64, 0xce, 0xe3, 0xce,
-        0x43, 0x4c, 0x62, 0xfd, 0xb5, 0x80, 0xe0, 0x99}}},
-     {{{0x3a, 0x07, 0x56, 0x80, 0xe0, 0x88, 0x59, 0xa4, 0xfd, 0xb5, 0xb7, 0x9d,
-        0xe9, 0x4d, 0xae, 0x9c, 0xee, 0x3d, 0x66, 0x42, 0x82, 0x45, 0x7e, 0x7f,
-        0xd8, 0x69, 0x3e, 0xa1, 0x74, 0xf4, 0x59, 0xee}}}},  // h1
-    {{{{0xd2, 0x74, 0x2e, 0x9f, 0x63, 0xc2, 0x51, 0x8e, 0xd5, 0xdb, 0xca, 0x1c,
-        0x54, 0x74, 0x10, 0x7b, 0xdc, 0x99, 0xed, 0x42, 0xd5, 0x5b, 0xa7, 0x04,
-        0x29, 0x66, 0x61, 0x63, 0xbc, 0xdd, 0x7f, 0xe1}}},
-     {{{0x76, 0x5d, 0xc0, 0x6e, 0xe3, 0x14, 0xac, 0x72, 0x48, 0x12, 0x0a, 0xa6,
-        0xe8, 0x5b, 0x08, 0x7b, 0xda, 0x3f, 0x51, 0x7d, 0xde, 0x4c, 0xea, 0xcb,
-        0x93, 0xa5, 0x6e, 0xcc, 0xe7, 0x8e, 0x10, 0x84}}}},  // h2
-    {{{{{0xbd, 0x19, 0x5a, 0x95, 0xe2, 0x0f, 0xca, 0x1c, 0x50, 0x71, 0x94, 0x51,
-         0x40, 0x1b, 0xa5, 0xb6, 0x78, 0x87, 0x53, 0xf6, 0x6a, 0x95, 0xca, 0xc6,
-         0x8d, 0xcd, 0x36, 0x88, 0x7, 0x28, 0xe8, 0x96}}},
-      {{{0xca, 0x78, 0x11, 0x5b, 0xb8, 0x6a, 0xe7, 0xe5, 0xa6, 0x65, 0x7a, 0x68,
-         0x15, 0xd7, 0x75, 0xf8, 0x24, 0x14, 0xcf, 0xd1, 0x0f, 0x6c, 0x56, 0xf5,
-         0x22, 0xd9, 0xfd, 0xe0, 0xe2, 0xf4, 0xb3, 0xa1}}}},
-     {{{{0x90, 0x21, 0xa7, 0xe0, 0xe8, 0xb3, 0xc7, 0x25, 0xbc, 0x07, 0x72, 0x30,
-         0x5d, 0xee, 0xf5, 0x6a, 0x89, 0x88, 0x46, 0xdd, 0x89, 0xc2, 0x39, 0x9c,
-         0x0a, 0x3b, 0x58, 0x96, 0x57, 0xe4, 0xf3, 0x3c}}},
-      {{{0x79, 0x51, 0x69, 0x36, 0x1b, 0xb6, 0xf7, 0x05, 0x5d, 0x0a, 0x88, 0xdb,
-         0x1f, 0x3d, 0xea, 0xa2, 0xba, 0x6b, 0xf0, 0xda, 0x8e, 0x25, 0xc6, 0xad,
-         0x83, 0x7d, 0x3e, 0x31, 0xee, 0x11, 0x40, 0xa9}}}}}  // w
-};
-
-const PrivKey EpidMemberTest::kMemberPrivateKey = {
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x01},  // group id
-    {{{{0x46, 0xc9, 0x69, 0xee, 0xf4, 0x68, 0xe1, 0x5f, 0xac, 0xbf, 0xdd, 0x77,
-        0xeb, 0x4c, 0xaf, 0x8a, 0x87, 0x68, 0x3f, 0x4e, 0xda, 0xf2, 0x96, 0xec,
-        0x57, 0x08, 0x90, 0xe8, 0x19, 0x62, 0x54, 0xdb}}},
-     {{{0x1e, 0x52, 0x23, 0x16, 0x91, 0xe4, 0xa8, 0x1d, 0x9a, 0x1b, 0x8a, 0xad,
-        0x0a, 0xcf, 0x36, 0x4f, 0xae, 0x43, 0xde, 0x62, 0xff, 0xa6, 0x4b, 0xa8,
-        0x16, 0x24, 0x98, 0x80, 0x82, 0x80, 0x37, 0x77}}}},  // A
-    {0x0a, 0x30, 0xae, 0x43, 0xa1, 0xe0, 0xd7, 0xdf, 0x10, 0x5e, 0xaf, 0xd8,
-     0x5a, 0x61, 0x10, 0x86, 0xd0, 0x9d, 0xb9, 0xe4, 0x46, 0xdd, 0xb7, 0x1b,
-     0x00, 0x14, 0x7c, 0x6b, 0x13, 0x72, 0xc3, 0x77},  // x
-    {0x48, 0x40, 0xb5, 0x6c, 0x6d, 0x47, 0x09, 0x0b, 0x05, 0xd6, 0x43, 0x56,
-     0xe0, 0x7c, 0xc6, 0x8e, 0xa1, 0x65, 0x67, 0xfd, 0xa7, 0x07, 0x87, 0x9b,
-     0x36, 0x2d, 0x41, 0x35, 0x63, 0x61, 0x31, 0xc7}  // f
-};
-
-const MemberPrecomp EpidMemberTest::kMemberPrecomp = {
-    {0xd8, 0x14, 0xba, 0x4b, 0x44, 0x03, 0x55, 0x6c, 0xf6, 0x42, 0xe8, 0xf0,
-     0x4c, 0xb5, 0xe7, 0xd4, 0xa2, 0xa3, 0x69, 0x47, 0xf5, 0xd4, 0xc8, 0xe9,
-     0xc5, 0x5a, 0x39, 0xb5, 0x55, 0xa5, 0xd3, 0xfb, 0xf3, 0x85, 0x5a, 0x0d,
-     0xd5, 0xee, 0xde, 0xf4, 0xa8, 0xb1, 0x8b, 0xcf, 0xa9, 0x0d, 0x29, 0xbf,
-     0x86, 0x27, 0x9c, 0x1f, 0x96, 0xed, 0xd8, 0x44, 0x01, 0x35, 0x1a, 0xce,
-     0xfd, 0x4e, 0x6f, 0xa1, 0x66, 0x0d, 0x59, 0x08, 0x6d, 0xa2, 0xe4, 0x99,
-     0x83, 0xdc, 0x39, 0x28, 0xb7, 0x1c, 0x1a, 0x33, 0xad, 0xca, 0x5c, 0x35,
-     0x26, 0x1f, 0xab, 0xba, 0x0d, 0x53, 0xaf, 0xe0, 0x72, 0x14, 0xc5, 0xa7,
-     0x2e, 0x58, 0x26, 0xc9, 0x8e, 0xfa, 0x6f, 0x62, 0xfc, 0xf0, 0x08, 0x3e,
-     0xa3, 0x11, 0x3a, 0xf0, 0xb8, 0x3b, 0x2d, 0x3e, 0xec, 0xd5, 0xbc, 0xf2,
-     0x05, 0x68, 0xf4, 0x40, 0xce, 0x2c, 0x8f, 0xdd, 0xa4, 0xe5, 0xe1, 0xb5,
-     0xbe, 0xbd, 0x3e, 0xd4, 0xf6, 0x9a, 0xb3, 0x37, 0x24, 0x0d, 0xea, 0x13,
-     0xd7, 0x1f, 0xa2, 0x75, 0x68, 0xa1, 0xbe, 0x2c, 0x01, 0x42, 0x2a, 0xae,
-     0x6f, 0xae, 0x7a, 0x72, 0x3a, 0x11, 0x03, 0x58, 0x02, 0x0d, 0xf0, 0xb0,
-     0xd9, 0x6f, 0xb1, 0xe4, 0xf2, 0x70, 0xb8, 0xff, 0x22, 0x56, 0x7c, 0xb3,
-     0x80, 0xfd, 0xdf, 0xe5, 0xab, 0xcc, 0x18, 0x7a, 0xfd, 0x91, 0xd0, 0xb0,
-     0x63, 0x40, 0xd4, 0x71, 0xfa, 0x03, 0xf5, 0xf1, 0x26, 0xe1, 0xa5, 0x5a,
-     0xd9, 0x6d, 0xf5, 0x5a, 0x7b, 0x2a, 0x3a, 0xfe, 0x94, 0x9e, 0x74, 0x41,
-     0x79, 0x49, 0x7e, 0x48, 0x1d, 0x58, 0x5e, 0xf6, 0x98, 0xa3, 0x6e, 0x61,
-     0x8e, 0x9f, 0x1f, 0xcd, 0x15, 0x01, 0x16, 0xa5, 0xe0, 0xab, 0xd6, 0xd6,
-     0x1f, 0x1c, 0xf5, 0x81, 0x76, 0xc1, 0xec, 0x10, 0xc2, 0xcc, 0x68, 0x59,
-     0x4d, 0x47, 0xef, 0x4b, 0x7f, 0xd8, 0x78, 0x9c, 0xfe, 0x9a, 0x86, 0x7e,
-     0x0c, 0xfd, 0x3e, 0x0a, 0x7a, 0x72, 0x8b, 0x14, 0x5f, 0xe6, 0x5f, 0x19,
-     0xa3, 0x0a, 0x1b, 0x71, 0xdc, 0xd2, 0xae, 0x35, 0xc3, 0x11, 0xa5, 0xd3,
-     0xea, 0xe1, 0xa9, 0xe7, 0x70, 0x0c, 0x7a, 0x39, 0x56, 0x3c, 0xe4, 0xe7,
-     0xf9, 0xb6, 0xf1, 0x15, 0x40, 0xab, 0xb6, 0xc4, 0xad, 0xbd, 0xf4, 0xcc,
-     0x13, 0xb7, 0xa8, 0xb6, 0x92, 0x1e, 0x72, 0x27, 0xa7, 0xff, 0xd9, 0xea,
-     0x2f, 0x91, 0x96, 0x22, 0xd2, 0xc4, 0x4d, 0x80, 0xdc, 0x47, 0x66, 0x87,
-     0xcc, 0xcf, 0xc5, 0x64, 0xf7, 0xb2, 0x34, 0xed, 0xd5, 0x44, 0x44, 0xcc,
-     0x57, 0x41, 0xc7, 0x92, 0xb7, 0x5c, 0x12, 0xf7, 0x81, 0xf2, 0x92, 0x35,
-     0x3e, 0x4b, 0xdf, 0xf8, 0xda, 0x68, 0xac, 0x30, 0xe3, 0xdd, 0x9e, 0x22,
-     0xaa, 0x6d, 0x77, 0xdd, 0xac, 0xd9, 0x11, 0x6e, 0xfb, 0x1a, 0x88,
-     0xb3},  // e12
-    {
-        0x07, 0x3f, 0x9d, 0x47, 0x82, 0xb8, 0x3d, 0x6a, 0xe0, 0x36, 0xab, 0xa6,
-        0xfa, 0xe6, 0xd2, 0x1c, 0xc8, 0xb2, 0xd0, 0x01, 0xd4, 0x96, 0xdc, 0x2e,
-        0xf8, 0x19, 0xdc, 0x70, 0x1b, 0xf9, 0x73, 0x0c, 0x2b, 0xc2, 0xe2, 0x1d,
-        0x85, 0x53, 0x81, 0x51, 0xfb, 0xca, 0x16, 0x86, 0xd4, 0x4e, 0xfd, 0x1a,
-        0x59, 0xe3, 0x97, 0xc4, 0x7f, 0x99, 0xd8, 0x66, 0x08, 0xa1, 0xe4, 0x9f,
-        0xbb, 0x3a, 0xce, 0xa5, 0x23, 0x9c, 0x83, 0x13, 0xc5, 0xc8, 0xf2, 0x16,
-        0x1e, 0xe8, 0xe6, 0xc5, 0x36, 0x57, 0x2c, 0xdf, 0x73, 0xb4, 0xe2, 0xb2,
-        0xcb, 0xeb, 0xbb, 0xf7, 0x45, 0xd1, 0x44, 0xbd, 0x6e, 0x92, 0x95, 0x00,
-        0xe5, 0x89, 0xb5, 0x91, 0x78, 0xc7, 0x44, 0xb1, 0x2f, 0x37, 0xdf, 0xfb,
-        0xe7, 0x8a, 0x44, 0x3f, 0x3d, 0x06, 0x5f, 0x5b, 0x1c, 0x5f, 0xce, 0x11,
-        0x05, 0x35, 0x3c, 0xad, 0x92, 0x7e, 0x79, 0xb8, 0xff, 0x28, 0x05, 0xe4,
-        0x04, 0x2c, 0xb6, 0x1d, 0x22, 0xab, 0x36, 0x00, 0x5f, 0x74, 0xf1, 0xe3,
-        0xf6, 0xa6, 0x68, 0xe6, 0x7b, 0x25, 0xb8, 0xcf, 0x19, 0xb0, 0x1a, 0xdd,
-        0x0f, 0xad, 0x63, 0x73, 0x62, 0x1b, 0xe7, 0x94, 0x5d, 0xbf, 0x3d, 0xf1,
-        0xf9, 0x8e, 0xab, 0x59, 0xe5, 0xd1, 0x7c, 0x62, 0xdd, 0xbc, 0x40, 0x07,
-        0x70, 0x5b, 0x13, 0xf6, 0x12, 0x09, 0xb4, 0x0d, 0x3e, 0xab, 0x8b, 0x70,
-        0x60, 0x1d, 0xd4, 0x61, 0x37, 0x28, 0x98, 0x3e, 0x7e, 0xdc, 0xfd, 0xd2,
-        0xc0, 0x2f, 0x4b, 0x71, 0x31, 0x34, 0xd7, 0x69, 0x41, 0x5e, 0xaa, 0x72,
-        0xe4, 0xdf, 0xeb, 0xfe, 0x8d, 0xcd, 0x68, 0xfc, 0x68, 0x55, 0xbe, 0x32,
-        0x7d, 0x24, 0xc5, 0x07, 0x0f, 0xa8, 0xbd, 0x5a, 0xfe, 0xe7, 0xec, 0xdb,
-        0xfd, 0x19, 0xc8, 0xa9, 0x20, 0xa2, 0x7f, 0x6c, 0xa6, 0x62, 0xec, 0xed,
-        0x9b, 0x79, 0xbf, 0x9c, 0x0e, 0x31, 0x0b, 0x25, 0x2f, 0xd3, 0xcc, 0xa0,
-        0xdd, 0xb2, 0xf2, 0x69, 0x26, 0x85, 0x21, 0x06, 0x94, 0x56, 0x5f, 0x59,
-        0x5c, 0xf5, 0xb7, 0x82, 0xce, 0x0f, 0xdd, 0x40, 0xdb, 0x83, 0xac, 0x3c,
-        0x41, 0xa0, 0x1b, 0xb1, 0xaf, 0xda, 0x55, 0xbf, 0x6b, 0x1a, 0xef, 0xe6,
-        0x90, 0xe7, 0xaa, 0x0f, 0x04, 0x3c, 0x9f, 0x5b, 0xb7, 0xcd, 0x98, 0xa8,
-        0x9e, 0xff, 0x54, 0x26, 0xc8, 0xd5, 0x5c, 0x30, 0x5e, 0xa2, 0x99, 0x8e,
-        0x34, 0xd5, 0x98, 0x9f, 0xcd, 0x57, 0xd1, 0x4d, 0x1d, 0xee, 0x01, 0x5d,
-        0x5a, 0x6d, 0xb2, 0xf1, 0xcf, 0x4b, 0xc0, 0x21, 0x23, 0x96, 0x05, 0xf9,
-        0xc9, 0x66, 0xe5, 0x25, 0x9d, 0xa3, 0x8e, 0x78, 0x43, 0x19, 0xc1, 0x7f,
-        0x7b, 0xef, 0xf5, 0xed, 0x00, 0xb7, 0x45, 0x1f, 0x4e, 0xa9, 0xfa, 0xe3,
-        0xff, 0x54, 0xf2, 0x21, 0x73, 0xf8, 0x6b, 0xa1, 0xc7, 0x31, 0x4d, 0x6a,
-    },  // e22
-    {
-        0x49, 0x0d, 0x0f, 0x2a, 0x5c, 0x6a, 0x3b, 0xad, 0x71, 0xc9, 0x22, 0x49,
-        0xe8, 0x08, 0xdd, 0xba, 0x79, 0x57, 0xb7, 0xc7, 0x61, 0xe4, 0xdb, 0x84,
-        0x68, 0x57, 0xb9, 0x30, 0x83, 0xa4, 0xdc, 0xef, 0x70, 0x93, 0x28, 0xe2,
-        0x6f, 0xb9, 0xbc, 0x15, 0x28, 0x3a, 0x30, 0xbd, 0x96, 0x83, 0xdb, 0xf2,
-        0x9d, 0x1e, 0xc7, 0x64, 0x6d, 0x2e, 0x7c, 0xa2, 0xf3, 0xaa, 0x2f, 0x4b,
-        0x6d, 0x86, 0x9e, 0x48, 0x20, 0x29, 0x4b, 0x1f, 0x8d, 0xc2, 0x93, 0xc3,
-        0x55, 0x25, 0x8e, 0xb0, 0x8a, 0x7e, 0x64, 0x45, 0x3f, 0xf4, 0x1d, 0x16,
-        0x4c, 0x88, 0x2d, 0x54, 0xbe, 0xa8, 0x67, 0x70, 0x81, 0xc5, 0xb9, 0x5c,
-        0x16, 0x00, 0xef, 0x78, 0xf6, 0x4d, 0x6a, 0xeb, 0xfd, 0xa2, 0x0d, 0x52,
-        0x86, 0xf3, 0x04, 0x4b, 0xd8, 0xf0, 0x7d, 0x50, 0x8b, 0xad, 0xc0, 0x37,
-        0xdb, 0x38, 0xf2, 0x7d, 0x1f, 0x8b, 0x13, 0x83, 0x7b, 0xcc, 0xe8, 0x25,
-        0xfe, 0xfa, 0x0c, 0x02, 0x05, 0x2e, 0x75, 0x12, 0xa1, 0x0a, 0x89, 0xab,
-        0xf1, 0xb2, 0x08, 0x47, 0x9a, 0xea, 0xef, 0x1d, 0xa4, 0x9f, 0xde, 0x89,
-        0x47, 0x3e, 0x7c, 0x5e, 0x4a, 0x40, 0xdc, 0xec, 0xc5, 0x1b, 0x7e, 0x33,
-        0x0a, 0x19, 0x69, 0x27, 0xa6, 0xcc, 0x25, 0xfc, 0xf9, 0xeb, 0xbd, 0xb7,
-        0x8a, 0xdb, 0x45, 0x5f, 0x9d, 0x9e, 0x01, 0xde, 0x3d, 0x91, 0x10, 0x99,
-        0x13, 0xbf, 0xc0, 0xfa, 0x9d, 0xd4, 0x0f, 0xb3, 0x09, 0xf3, 0xa1, 0xae,
-        0x68, 0xe1, 0x1b, 0x48, 0x85, 0x9f, 0x81, 0x66, 0x91, 0xe2, 0xf0, 0x7b,
-        0x29, 0xdb, 0x8f, 0x5d, 0x99, 0xa9, 0xd3, 0x39, 0x30, 0xd9, 0x1b, 0x94,
-        0x2a, 0x1c, 0x5c, 0xe9, 0xc0, 0x3f, 0x6e, 0xb2, 0x27, 0xbe, 0x74, 0x7a,
-        0xca, 0xe1, 0x0f, 0x6a, 0x43, 0x2e, 0x98, 0x65, 0xaf, 0x7f, 0x6e, 0x5a,
-        0x55, 0x98, 0xc1, 0x58, 0x29, 0xb3, 0x86, 0x54, 0x0f, 0x57, 0x91, 0x89,
-        0x29, 0xb1, 0x98, 0x79, 0xcc, 0x95, 0x39, 0xd0, 0xab, 0xe0, 0x9f, 0xf3,
-        0xda, 0xf9, 0x5e, 0xd9, 0x34, 0xbb, 0x72, 0xda, 0xe5, 0x72, 0xd3, 0xf8,
-        0x9b, 0xf9, 0x14, 0x84, 0x48, 0x81, 0x54, 0x4f, 0xe6, 0x2b, 0x80, 0xc8,
-        0xc1, 0x79, 0xfe, 0x83, 0xff, 0x76, 0xa3, 0x6d, 0xfe, 0x37, 0x78, 0xc5,
-        0x30, 0x7a, 0x50, 0xe2, 0x5d, 0x12, 0xdc, 0x72, 0xe9, 0x58, 0x7c, 0x07,
-        0x4f, 0xff, 0x15, 0x8a, 0x97, 0x3b, 0xcb, 0x60, 0xfa, 0x4e, 0xde, 0x8c,
-        0x80, 0x3a, 0x8b, 0x0b, 0xc6, 0x1d, 0xa3, 0xce, 0x6a, 0xb3, 0x50, 0x69,
-        0x03, 0x96, 0xca, 0xc0, 0xb6, 0x94, 0x6f, 0x8f, 0xab, 0x6f, 0x5b, 0x00,
-        0x2a, 0x1d, 0x90, 0xa7, 0x81, 0xc6, 0x15, 0x77, 0x79, 0xf3, 0x36, 0x23,
-        0xd1, 0x46, 0x25, 0x58, 0x6f, 0x7b, 0x22, 0xac, 0x4c, 0x7a, 0xf3, 0x9f,
-    },  // e2w
-    {
-        0x8d, 0x71, 0xe2, 0xb0, 0x73, 0x2f, 0x4a, 0xba, 0x64, 0xe8, 0x7a, 0x12,
-        0xaf, 0xe4, 0x4f, 0xdb, 0x6b, 0x3e, 0x38, 0x07, 0x0c, 0x79, 0x22, 0x48,
-        0x1b, 0x9d, 0x33, 0x53, 0x5c, 0x75, 0x3b, 0x40, 0x5e, 0x18, 0xd1, 0x92,
-        0x4a, 0xd1, 0x82, 0x1c, 0xc7, 0x3a, 0xf7, 0x7e, 0x32, 0x19, 0x99, 0x5d,
-        0x01, 0x0e, 0xb0, 0xf2, 0x8f, 0x80, 0xc6, 0xb9, 0xeb, 0x1f, 0x9e, 0xae,
-        0x9e, 0xe0, 0x99, 0xfd, 0xe8, 0x93, 0x11, 0x61, 0x7d, 0xc2, 0x49, 0xdb,
-        0xa8, 0x73, 0xa4, 0xa9, 0x33, 0xe2, 0x04, 0xd1, 0x7d, 0x8b, 0xe1, 0xd6,
-        0x2b, 0x10, 0x6c, 0x79, 0x02, 0xbf, 0xfc, 0x53, 0x03, 0xa9, 0xbc, 0x30,
-        0x4d, 0x4d, 0xf4, 0x32, 0xce, 0x9a, 0x4a, 0xfa, 0xd6, 0x7f, 0x26, 0x17,
-        0xc5, 0xf6, 0xed, 0xe4, 0xcc, 0xb9, 0x79, 0xe2, 0xa8, 0x86, 0xbb, 0xd7,
-        0xfb, 0x05, 0xd2, 0x81, 0xbe, 0x07, 0x1c, 0x47, 0x48, 0x4f, 0x6d, 0x6b,
-        0x52, 0x42, 0xe4, 0xc6, 0x20, 0x46, 0xa3, 0xae, 0x5b, 0x55, 0x55, 0xfe,
-        0x4a, 0xad, 0xf2, 0x32, 0x07, 0x0f, 0x91, 0xa9, 0xe5, 0xd3, 0x86, 0x08,
-        0x73, 0x93, 0xc7, 0x1e, 0x6b, 0xcd, 0x69, 0xd0, 0xfb, 0xc1, 0x74, 0xc2,
-        0xb8, 0x90, 0xc8, 0xf8, 0x93, 0xbf, 0x08, 0x0f, 0x15, 0x19, 0x26, 0x71,
-        0x4a, 0x9e, 0xdf, 0xdf, 0xca, 0x6f, 0xca, 0xfd, 0x67, 0xec, 0x4d, 0x21,
-        0x5b, 0x99, 0xbd, 0x4b, 0x79, 0x22, 0x2d, 0xe4, 0x24, 0x72, 0x88, 0x93,
-        0xce, 0xe6, 0x7f, 0xef, 0x35, 0x83, 0x67, 0x39, 0xb9, 0x34, 0x80, 0x64,
-        0x0a, 0xf4, 0xff, 0x42, 0x9d, 0xee, 0xda, 0xb8, 0xd3, 0xdc, 0x1d, 0x0d,
-        0x9f, 0x45, 0xe9, 0xbe, 0xf4, 0x3e, 0xa6, 0x58, 0x8b, 0xf0, 0xfd, 0x01,
-        0x73, 0x63, 0xd0, 0xc6, 0x9d, 0xb9, 0x32, 0xd1, 0x91, 0xfe, 0xb1, 0xf5,
-        0x4b, 0x48, 0xb4, 0x46, 0xae, 0x61, 0xd7, 0x90, 0xfe, 0x86, 0x74, 0x68,
-        0xee, 0x78, 0x86, 0x65, 0x99, 0x6d, 0x7b, 0xf0, 0x17, 0x1a, 0x4c, 0xb0,
-        0x37, 0x73, 0xdc, 0x38, 0x41, 0xfa, 0x02, 0xd2, 0x13, 0x8f, 0x71, 0xb4,
-        0x0a, 0x72, 0x70, 0x0f, 0xe1, 0x2c, 0x9a, 0xa9, 0x51, 0xfa, 0xb2, 0xbf,
-        0x84, 0xf2, 0xa6, 0xfb, 0xc3, 0x83, 0x16, 0x7e, 0x27, 0xec, 0x06, 0x5d,
-        0x64, 0x79, 0xe7, 0x42, 0x30, 0xf8, 0x2d, 0xbc, 0x0f, 0x07, 0x8b, 0xf2,
-        0x99, 0xda, 0x91, 0x4c, 0x65, 0xcf, 0x7f, 0x57, 0x2d, 0x2f, 0x67, 0xe7,
-        0xfb, 0x75, 0xe9, 0xb2, 0xa3, 0x72, 0x60, 0x88, 0x2b, 0x14, 0x31, 0x62,
-        0xbc, 0x45, 0x59, 0x5c, 0x58, 0x39, 0xb3, 0x4a, 0xeb, 0xb9, 0x18, 0x24,
-        0x05, 0xcb, 0xda, 0xd3, 0x5e, 0x54, 0xba, 0xda, 0xfd, 0xfc, 0xa0, 0x02,
-        0xb3, 0xde, 0x52, 0x3e, 0xc0, 0xd0, 0xb8, 0x19, 0x85, 0x1b, 0x7b, 0xe3,
-    }  // ea2
-};
-const PreComputedSignature EpidMemberTest::kPrecomputedSignatures[2] = {
-    {
-        {{{{0x5c, 0x1b, 0x75, 0x1c, 0xc7, 0x2c, 0xf7, 0x4a, 0x97, 0x43, 0xf2,
-            0x1a, 0x70, 0x80, 0x90, 0x61, 0xf5, 0x9e, 0x9b, 0x43, 0x92, 0x2f,
-            0x05, 0x28, 0xcc, 0x4c, 0xb4, 0xb2, 0x80, 0x15, 0x58, 0x14}}},
-         {{{
-             0x3f, 0x7f, 0xd0, 0x95, 0x08, 0x98, 0x0b, 0xae, 0x88, 0xf8, 0x2c,
-             0x18, 0x8b, 0x72, 0x50, 0x95, 0x78, 0x41, 0xae, 0x4e, 0x6e, 0xea,
-             0x3d, 0xa6, 0x23, 0x91, 0x4a, 0x02, 0x5d, 0x3f, 0x97, 0xd9,
-         }}}},  // B
-        {{{{0xb0, 0xdb, 0x88, 0x23, 0x18, 0x95, 0xba, 0x60, 0x72, 0x43, 0xb4,
-            0x57, 0xbd, 0x20, 0xd2, 0x28, 0x97, 0xf7, 0x3a, 0x50, 0x06, 0xc5,
-            0x89, 0xc9, 0x9f, 0x7a, 0x2a, 0x80, 0x91, 0xee, 0x7a, 0xf8}}},
-         {{{0x70, 0xf3, 0x95, 0x12, 0xe4, 0x95, 0xca, 0x19, 0x43, 0x1a, 0x5d,
-            0x47, 0x33, 0x71, 0x69, 0xfb, 0x14, 0x5f, 0xbd, 0x3f, 0xb2, 0x72,
-            0x22, 0x3f, 0x63, 0xc3, 0xe9, 0x7c, 0x18, 0x82, 0x88,
-            0x03}}}},  // K
-        {{{{0x75, 0x39, 0x21, 0x47, 0x04, 0xfd, 0xb7, 0x71, 0xb2, 0xf5, 0xa9,
-            0x83, 0x7f, 0x27, 0x1d, 0x8f, 0xff, 0x07, 0x3c, 0xfb, 0xe9, 0x0d,
-            0x14, 0x9c, 0xa6, 0xee, 0x06, 0x1e, 0x3d, 0xd3, 0xfb, 0x92}}},
-         {{{0x51, 0x64, 0x11, 0x6d, 0x22, 0xc7, 0xed, 0x67, 0x21, 0xfe, 0x76,
-            0x27, 0xf9, 0x43, 0x43, 0x64, 0x11, 0x01, 0x63, 0xc8, 0xda, 0x42,
-            0x4e, 0x02, 0xe7, 0xf2, 0xb8, 0xa4, 0x16, 0x5b, 0x39,
-            0xc2}}}},  // T
-        {{{{0x60, 0x25, 0xeb, 0xe8, 0x51, 0xd5, 0xe0, 0xf3, 0xcc, 0xb2, 0xc2,
-            0xe3, 0xd7, 0x5c, 0x84, 0x41, 0x57, 0x2b, 0x5b, 0x00, 0xac, 0x1d,
-            0x14, 0x89, 0xba, 0xb3, 0x34, 0xf0, 0x8a, 0xd4, 0x72, 0x5e}}},
-         {{{0x93, 0xb7, 0xed, 0x03, 0xdd, 0xc7, 0xc9, 0xfa, 0x2c, 0x32, 0x84,
-            0x40, 0xd4, 0xa2, 0x74, 0x76, 0x02, 0xef, 0x0c, 0xc6, 0xe4, 0xc2,
-            0x9f, 0xd7, 0x18, 0x96, 0xdc, 0x97, 0x22, 0x4e, 0xbf,
-            0xfc}}}},  // R1
-        {
-            0xe4, 0x5f, 0x6c, 0x74, 0x0b, 0xb7, 0x26, 0x59, 0x62, 0x5e, 0x69,
-            0x71, 0x01, 0xa8, 0x32, 0xc1, 0xa7, 0xae, 0x32, 0x9e, 0xc2, 0xaf,
-            0x9a, 0x55, 0x6c, 0x71, 0x37, 0x80, 0xc7, 0xe1, 0x8b, 0x1c, 0xa1,
-            0x0c, 0xce, 0x60, 0x10, 0x18, 0x14, 0xe9, 0x66, 0x84, 0xe0, 0x52,
-            0x9d, 0xee, 0x42, 0x0f, 0x47, 0xba, 0xcc, 0xc1, 0xea, 0xeb, 0x93,
-            0x18, 0x04, 0x39, 0x7e, 0x36, 0x59, 0x73, 0xd3, 0xf8, 0xa4, 0x67,
-            0x64, 0x6a, 0x24, 0x00, 0xd3, 0x4b, 0x0b, 0x17, 0x7f, 0xc6, 0xca,
-            0x1a, 0xe3, 0x29, 0x4a, 0x4d, 0x23, 0x7d, 0x02, 0xa4, 0xd3, 0x26,
-            0xed, 0xe6, 0x4d, 0xb7, 0xc6, 0x2d, 0x70, 0x85, 0xf0, 0xa4, 0x54,
-            0x7f, 0xe9, 0x6e, 0x17, 0xb3, 0x36, 0xa4, 0x30, 0xfc, 0xca, 0x80,
-            0x8c, 0x8b, 0x17, 0x6f, 0xe8, 0x22, 0x76, 0x27, 0xd7, 0x42, 0xd5,
-            0x14, 0x27, 0x9a, 0x8d, 0x0c, 0x9c, 0x43, 0x7e, 0x41, 0x7a, 0x73,
-            0xd9, 0xee, 0xef, 0xc7, 0x42, 0x77, 0xbe, 0x27, 0xa3, 0x8f, 0xa1,
-            0x77, 0xaf, 0xdc, 0xa2, 0xfc, 0xf1, 0x3d, 0xd6, 0x00, 0xf3, 0x9c,
-            0x43, 0xe9, 0xff, 0xc7, 0x9f, 0x5f, 0x6c, 0xa9, 0x16, 0x47, 0x73,
-            0xbb, 0x31, 0x45, 0xb1, 0xcf, 0x7f, 0x39, 0xdd, 0x27, 0x78, 0x03,
-            0x45, 0x24, 0x67, 0x08, 0x04, 0xf1, 0xbf, 0xfa, 0x7f, 0xe2, 0x2f,
-            0x1f, 0x2c, 0x68, 0xfe, 0x4e, 0x0a, 0xcf, 0xd7, 0xf5, 0x0b, 0xd2,
-            0xe2, 0x55, 0x54, 0x15, 0xa6, 0x3d, 0x0c, 0xc3, 0x49, 0xcd, 0x86,
-            0xa7, 0x51, 0x12, 0x08, 0x4c, 0xf6, 0x05, 0xbc, 0xdc, 0xb1, 0x22,
-            0xe4, 0x92, 0x33, 0x92, 0x8f, 0x6b, 0xee, 0x74, 0x96, 0xaf, 0x7c,
-            0x47, 0x65, 0xb6, 0x4d, 0xd8, 0xd4, 0x21, 0xa8, 0xfa, 0xf9, 0x03,
-            0xc7, 0xf4, 0x82, 0xde, 0x0a, 0xd9, 0x4c, 0x92, 0xfc, 0x48, 0x65,
-            0x1a, 0x4c, 0xb9, 0xf9, 0x91, 0x9e, 0xf4, 0x88, 0x9e, 0x83, 0xa9,
-            0x3a, 0x2e, 0x50, 0x94, 0xde, 0xb0, 0x24, 0xf3, 0x9b, 0xa0, 0x9e,
-            0x0c, 0x49, 0xb2, 0xe2, 0x53, 0xfc, 0x52, 0x9b, 0x4b, 0x3b, 0x53,
-            0xdf, 0xfe, 0x76, 0x99, 0x19, 0x90, 0xb8, 0xf2, 0x8c, 0xda, 0x57,
-            0xfc, 0x35, 0xf6, 0xeb, 0xb4, 0x3c, 0xde, 0xff, 0x75, 0xf2, 0x50,
-            0x27, 0x20, 0x42, 0x33, 0xd8, 0x6c, 0x5f, 0xba, 0x3d, 0xed, 0x90,
-            0x77, 0xbc, 0x97, 0x10, 0xe0, 0x37, 0x21, 0x9e, 0x37, 0xf4, 0x89,
-            0x34, 0x7c, 0x4a, 0x27, 0x8b, 0x58, 0x99, 0x83, 0x0a, 0xa7, 0x80,
-            0x11, 0xc4, 0x88, 0xf2, 0xbb, 0xc0, 0x99, 0x9f, 0x6f, 0x60, 0x12,
-            0x2d, 0x52, 0x20, 0x3a, 0xc0, 0x50, 0x75, 0x97, 0xc9, 0xdb, 0x01,
-            0x3d, 0x05, 0x21, 0x3a, 0x16, 0x67, 0x0f, 0x7b, 0x51, 0x4a, 0x33,
-            0x93, 0x53, 0x78, 0xd0, 0xb4, 0x91, 0xfc, 0x32, 0x49, 0x5e,
-        },  // R2
-        {0x02, 0x5c, 0x15, 0x7e, 0x0f, 0x00, 0x82, 0x32, 0x45, 0xcf, 0x91, 0xd3,
-         0x64, 0x5f, 0xf6, 0x0a, 0x83, 0x83, 0xc6, 0x3c, 0x0a, 0x68, 0x2c, 0x1e,
-         0x96, 0x4b, 0xfa, 0xde, 0x06, 0xfe, 0x1a, 0x73},  // a
-        {0xea, 0x9d, 0xe1, 0x57, 0x32, 0x2e, 0x74, 0xd5, 0xbe, 0x49, 0xc4, 0xc8,
-         0x23, 0x7d, 0x93, 0x74, 0x05, 0xee, 0xc2, 0x3d, 0xec, 0xd5, 0xbd, 0x4c,
-         0x2f, 0x1d, 0x77, 0x88, 0x2b, 0x81, 0x5e, 0xc4},  // b
-        {0x98, 0x43, 0xdc, 0x08, 0x7b, 0x99, 0xff, 0x4a, 0x38, 0xbd, 0x5f, 0xe9,
-         0xfc, 0xb9, 0x40, 0x3c, 0x31, 0x9b, 0x57, 0x7e, 0xff, 0x1c, 0x80, 0x92,
-         0x79, 0x97, 0x3d, 0xa9, 0xbb, 0x70, 0xe7, 0x4b},  // rx
-        {0x85, 0x09, 0xac, 0xad, 0xcb, 0x5f, 0x24, 0x36, 0x21, 0x9e, 0xc7, 0x3a,
-         0x2b, 0xf6, 0x63, 0xe7, 0x0d, 0xef, 0x3f, 0x4d, 0x40, 0x94, 0x49, 0x7b,
-         0x2c, 0x89, 0xfe, 0xdc, 0xe7, 0x5b, 0xc5, 0x72},  // rf
-        {0x0d, 0x6b, 0x41, 0x78, 0x87, 0xb7, 0x90, 0x17, 0x5c, 0xe1, 0x9d, 0xcb,
-         0x5d, 0x87, 0x69, 0xe6, 0xdd, 0xc0, 0xef, 0xbb, 0x3f, 0x4d, 0xaf, 0xec,
-         0x3a, 0x66, 0x66, 0xb3, 0x51, 0x49, 0xb8, 0xae},  // ra
-        {0xaa, 0x42, 0x63, 0x36, 0x47, 0xe3, 0x9d, 0x5e, 0x7f, 0xcd, 0x07, 0xee,
-         0x26, 0xdc, 0xaf, 0x88, 0xf1, 0x9b, 0xae, 0xa4, 0x7c, 0xff, 0x2e, 0x4f,
-         0x7b, 0x6d, 0xb1, 0x42, 0x50, 0x9d, 0x89, 0x39}  // rb
-    },
-    {
-        {{{{0x10, 0x11, 0x7a, 0x7a, 0xbd, 0xe9, 0x4f, 0x96, 0xd7, 0x1e, 0x53,
-            0x05, 0x8d, 0x69, 0xb1, 0xdb, 0x3e, 0xf1, 0x3c, 0x24, 0xe2, 0x83,
-            0x06, 0x4b, 0xd6, 0xd9, 0xc6, 0x24, 0xf4, 0x7f, 0x67, 0x2c}}},
-         {{{0x1a, 0xaf, 0x95, 0xfa, 0x7e, 0x59, 0xd2, 0x93, 0x39, 0x09, 0xae,
-            0x0b, 0xc3, 0xe8, 0xe5, 0xf7, 0x36, 0xe7, 0x06, 0xbf, 0xe3, 0xd2,
-            0x20, 0xbf, 0xd2, 0x31, 0x3f, 0xc1, 0x15, 0x61, 0x61,
-            0x03}}}},  // B
-        {{{{0xcc, 0x9e, 0x80, 0x5e, 0x0c, 0x32, 0x44, 0x70, 0xe0, 0x44, 0x27,
-            0x7a, 0x01, 0xee, 0x51, 0x19, 0xa1, 0x4d, 0x0a, 0x24, 0x8b, 0xa2,
-            0xf8, 0xa3, 0x26, 0x56, 0x8c, 0x70, 0xe1, 0xa1, 0x83, 0x70}}},
-         {{{0x4d, 0xf0, 0x73, 0x6f, 0xf4, 0x62, 0xc4, 0x30, 0x3e, 0xde, 0xff,
-            0xc0, 0x93, 0x92, 0xa4, 0x03, 0x6f, 0x84, 0x3a, 0x3c, 0x34, 0x25,
-            0x83, 0xb5, 0x2b, 0x90, 0x95, 0x6b, 0x24, 0x82, 0x6e,
-            0xe6}}}},  // K
-        {{{{0xc6, 0x4c, 0xc8, 0x9d, 0xdc, 0x63, 0x46, 0x5b, 0xab, 0x79, 0xea,
-            0x49, 0x76, 0x47, 0x68, 0xe6, 0x2e, 0x7d, 0x0b, 0x49, 0xc0, 0x29,
-            0xe4, 0xc8, 0x84, 0xb5, 0x04, 0x2d, 0x15, 0xaa, 0x0d, 0xd4}}},
-         {{{0x71, 0x43, 0xd0, 0x24, 0x3e, 0x00, 0xf4, 0x94, 0xad, 0x1e, 0x1e,
-            0x32, 0xea, 0x21, 0x4d, 0x83, 0xae, 0x63, 0x3c, 0x5a, 0xd4, 0xa5,
-            0x79, 0x9b, 0x2c, 0xad, 0x03, 0x50, 0xb6, 0x57, 0x0a,
-            0xbf}}}},  // T
-        {{{{0xdd, 0x13, 0x14, 0x5a, 0x7d, 0x23, 0xc5, 0xf0, 0xcb, 0xa7, 0xd1,
-            0x79, 0x7a, 0x59, 0x91, 0xf3, 0x8f, 0xb3, 0xff, 0x27, 0x52, 0x0e,
-            0xe4, 0xc8, 0xb2, 0xe1, 0xc5, 0x29, 0x16, 0x2e, 0x0f, 0xcf}}},
-         {{{0xcd, 0xb1, 0xed, 0x9a, 0xf3, 0x8a, 0xdd, 0x97, 0xe3, 0x58, 0xd8,
-            0x66, 0xc0, 0xb9, 0xe6, 0x5e, 0x86, 0x6b, 0xfc, 0xde, 0x25, 0x2b,
-            0x3c, 0x97, 0x4e, 0xc9, 0x26, 0x12, 0xf7, 0xde, 0xa6,
-            0x88}}}},  // R1
-        {0x75, 0x5e, 0x75, 0xe8, 0x80, 0xa3, 0x3b, 0x5d, 0xb7, 0xf1, 0x93, 0x4e,
-         0x55, 0x6a, 0x14, 0x24, 0x8c, 0x74, 0xcd, 0x58, 0x25, 0xf8, 0x26, 0x6f,
-         0x21, 0xc1, 0x1f, 0xb1, 0x7a, 0xc5, 0x48, 0x6b, 0x01, 0x4e, 0xa0, 0xa7,
-         0xac, 0x55, 0x5b, 0x68, 0xba, 0x69, 0x17, 0xb0, 0x1e, 0x4a, 0x88, 0x70,
-         0xbc, 0xb8, 0x12, 0xd7, 0x3d, 0x1b, 0xb4, 0xee, 0x79, 0xdb, 0xa1, 0x31,
-         0xfb, 0x09, 0x3e, 0x89, 0xf6, 0x92, 0x0a, 0x81, 0x6a, 0xde, 0xe6, 0xb9,
-         0x26, 0x9e, 0x5f, 0x2a, 0x52, 0xa2, 0x2e, 0x44, 0x0c, 0x15, 0xce, 0xbf,
-         0x1f, 0xcf, 0x95, 0xe5, 0x17, 0x1c, 0xf3, 0xd2, 0x90, 0x04, 0xa4, 0xfa,
-         0x0e, 0x92, 0x8b, 0xa4, 0xcd, 0x2b, 0xdf, 0x78, 0x71, 0x98, 0xd7, 0x9f,
-         0xcd, 0xd1, 0x5e, 0x06, 0xdb, 0x6b, 0xdb, 0xff, 0x8d, 0xb4, 0x10, 0x73,
-         0xc8, 0xf6, 0xb9, 0x42, 0x54, 0xc4, 0x6a, 0xc3, 0xbb, 0xdc, 0xec, 0x6d,
-         0x2f, 0xec, 0xda, 0xb7, 0x74, 0x02, 0x59, 0xb9, 0xe0, 0x4c, 0xc5, 0x41,
-         0x8a, 0x00, 0x2b, 0x10, 0x45, 0x9a, 0xc3, 0x77, 0x98, 0x66, 0xcf, 0xcb,
-         0x44, 0xe7, 0x9a, 0x56, 0x40, 0xde, 0x74, 0x9b, 0x9f, 0x34, 0x9f, 0xc0,
-         0x59, 0x28, 0x27, 0x3f, 0x90, 0xe0, 0xaa, 0xba, 0x0d, 0x13, 0x8a, 0xec,
-         0x97, 0x2a, 0xef, 0xe7, 0xc9, 0x8f, 0xfa, 0xef, 0x14, 0x3a, 0xc2, 0x39,
-         0xf6, 0x54, 0xab, 0x28, 0x15, 0x9f, 0x8d, 0x91, 0x49, 0x94, 0x27, 0x72,
-         0x47, 0x97, 0x2a, 0x88, 0xb4, 0x95, 0xf4, 0xb7, 0xf3, 0x4d, 0xe3, 0xf0,
-         0x53, 0x69, 0x58, 0xaf, 0xb7, 0x22, 0x52, 0x05, 0x9c, 0xac, 0x52, 0xbb,
-         0x39, 0xc6, 0x6b, 0xfd, 0xfd, 0xdb, 0x1c, 0xf8, 0xa6, 0xce, 0xd6, 0xe6,
-         0x4a, 0xd5, 0xb4, 0xcf, 0x68, 0x24, 0x79, 0xf6, 0xb0, 0xb8, 0x62, 0x37,
-         0xc6, 0xa9, 0x14, 0x25, 0x07, 0xec, 0xde, 0x3a, 0x18, 0x13, 0xf9, 0x35,
-         0x8d, 0xd7, 0x40, 0x34, 0x8c, 0xe9, 0x3f, 0x97, 0xe1, 0x6e, 0xcf, 0x9e,
-         0xb0, 0x5d, 0x15, 0x5f, 0xd7, 0xd4, 0x92, 0x26, 0xa4, 0x87, 0x77, 0x47,
-         0x95, 0x53, 0x78, 0x4b, 0x77, 0xd4, 0xb4, 0xd4, 0xad, 0xd2, 0xeb, 0xfb,
-         0x70, 0x7b, 0xea, 0x6d, 0x88, 0x9b, 0xb6, 0xf9, 0x95, 0xa2, 0xae, 0x77,
-         0xd3, 0x29, 0x43, 0xeb, 0x25, 0x09, 0x3c, 0x68, 0xc5, 0xba, 0x6f, 0x6e,
-         0x19, 0x6a, 0x41, 0xb5, 0x02, 0x3f, 0x2e, 0xbe, 0x8e, 0xc4, 0x72, 0x47,
-         0x65, 0x7d, 0x2a, 0xbb, 0x55, 0xea, 0x01, 0x2c, 0x24, 0x28, 0x1d, 0x90,
-         0x63, 0xe5, 0x8e, 0x4f, 0xb7, 0x0e, 0x86, 0x09, 0x18, 0x5f, 0x1d, 0x69,
-         0x72, 0x1a, 0xff, 0x25, 0xb2, 0x82, 0x19, 0x66, 0xbc, 0x68, 0x02, 0x07,
-         0x02, 0x05, 0x07, 0x80, 0x88, 0xc9, 0x85, 0xf7, 0xa9, 0x32, 0x0a,
-         0x48},  // R2
-        {0xb2, 0x9f, 0x28, 0x17, 0xa9, 0x3b, 0x93, 0x5d, 0x84, 0xaa, 0xb9, 0xd2,
-         0x61, 0x4c, 0xe4, 0x64, 0x79, 0x2b, 0xc2, 0x87, 0xe4, 0x7f, 0xe2, 0xd6,
-         0xe7, 0x20, 0x7f, 0x3f, 0x65, 0x3d, 0x03, 0xa5},  // a
-        {0xf2, 0xfa, 0x9f, 0x28, 0x8f, 0x1f, 0xd0, 0x6b, 0xa2, 0xe3, 0x37, 0xce,
-         0x1c, 0x43, 0x82, 0x81, 0x18, 0x01, 0x75, 0x04, 0xf0, 0x2b, 0xb5, 0xb0,
-         0x46, 0x5d, 0x44, 0x7f, 0xaa, 0xb3, 0x8a, 0xd2},  // b
-        {0xf3, 0xe0, 0xab, 0x75, 0x37, 0x41, 0x61, 0x0d, 0xf5, 0x4a, 0x1f, 0xa6,
-         0xee, 0xa5, 0xc6, 0x55, 0xd2, 0xa6, 0xce, 0x1c, 0x08, 0x64, 0x75, 0x22,
-         0x15, 0x81, 0x45, 0x76, 0x21, 0x2c, 0x32, 0xca},  // rx
-        {0x6e, 0xfc, 0x5c, 0x0a, 0x79, 0x3a, 0x5d, 0xca, 0xe6, 0xdc, 0x30, 0x12,
-         0x96, 0x5a, 0x95, 0x3f, 0x8b, 0xa6, 0x86, 0x6d, 0x43, 0xf4, 0x4e, 0xfd,
-         0x4f, 0xf2, 0x7a, 0x80, 0xa5, 0xcc, 0x05, 0x56},  // rf
-        {0xcb, 0x58, 0xde, 0x49, 0xd7, 0x19, 0xfa, 0xbf, 0x5f, 0x82, 0x19, 0x0e,
-         0x60, 0xb5, 0x0d, 0xde, 0xda, 0xb5, 0xf2, 0xb0, 0xcc, 0x2f, 0x65, 0x5e,
-         0x71, 0x08, 0xd6, 0xb5, 0xd5, 0xbc, 0x67, 0xc1},  // ra
-        {0xe0, 0x3a, 0x71, 0xa7, 0x86, 0x56, 0xea, 0xd0, 0x19, 0xce, 0xa9, 0x65,
-         0xe8, 0x26, 0x11, 0x56, 0x5c, 0xcb, 0x04, 0x65, 0x36, 0xfd, 0xd9, 0x39,
-         0x35, 0xfa, 0x78, 0xa5, 0xc2, 0x3c, 0x2e, 0x17}  // rb
-    }};
-const std::vector<uint8_t> EpidMemberTest::kGroupPublicKeyDataIkgf = {
-#include "epid/common-testhelper/testdata/ikgf/groupa/pubkey.inc"
-};
-const std::vector<uint8_t> EpidMemberTest::kMemberPrivateKeyDataIkgf = {
-#include "epid/common-testhelper/testdata/ikgf/groupa/member0/mprivkey.inc"
-};
-
-const std::vector<uint8_t> EpidMemberTest::kGrp01Member0SigTest1Sha256 = {
-#include "epid/common-testhelper/testdata/grp01/member0/sig_test1_sha256.inc"
-};
-const std::vector<uint8_t> EpidMemberTest::kGrp01Member0SigTest1Sha384 = {
-#include "epid/common-testhelper/testdata/grp01/member0/sig_test1_sha384.inc"
-};
-const std::vector<uint8_t> EpidMemberTest::kGrp01Member0SigTest1Sha512 = {
-#include "epid/common-testhelper/testdata/grp01/member0/sig_test1_sha512.inc"
-};
-const std::vector<uint8_t> EpidMemberTest::kTest1Msg = {'t', 'e', 's', 't',
-                                                        '1'};
-std::vector<uint8_t> EpidMemberTest::kSigRlData = {
-#include "epid/common-testhelper/testdata/grp01/sigrl.inc"
-};
-std::vector<uint8_t> EpidMemberTest::kSigRl5EntryData = {
-    // gid
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x01,
-    // version
-    0x00, 0x00, 0x00, 0x00,
-    // n2
-    0x00, 0x00, 0x00, 0x05,
-    // bk's
-    0x9c, 0xa5, 0xe5, 0xae, 0x5f, 0xae, 0x51, 0x59, 0x33, 0x35, 0x27, 0xd, 0x8,
-    0xb1, 0xbe, 0x5d, 0x69, 0x50, 0x84, 0xc5, 0xfe, 0xe2, 0x87, 0xea, 0x2e,
-    0xef, 0xfa, 0xee, 0x67, 0xf2, 0xd8, 0x28, 0x56, 0x43, 0xc6, 0x94, 0x67,
-    0xa6, 0x72, 0xf6, 0x41, 0x15, 0x4, 0x58, 0x42, 0x16, 0x88, 0x57, 0x9d, 0xc7,
-    0x71, 0xd1, 0xc, 0x84, 0x13, 0xa, 0x90, 0x23, 0x18, 0x8, 0xad, 0x7d, 0xfe,
-    0xf5, 0xc8, 0xae, 0xfc, 0x51, 0x40, 0xa7, 0xd1, 0x28, 0xc2, 0x89, 0xb2,
-    0x6b, 0x4e, 0xb4, 0xc1, 0x55, 0x87, 0x98, 0xbd, 0x72, 0xf9, 0xcf, 0xd, 0x40,
-    0x15, 0xee, 0x32, 0xc, 0xf3, 0x56, 0xc5, 0xc, 0x61, 0x9d, 0x4f, 0x7a, 0xb5,
-    0x2b, 0x16, 0xa9, 0xa3, 0x97, 0x38, 0xe2, 0xdd, 0x3a, 0x33, 0xad, 0xf6,
-    0x7b, 0x68, 0x8b, 0x68, 0xcf, 0xa3, 0xd3, 0x98, 0x37, 0xce, 0xec, 0xd1,
-    0xa8, 0xc, 0x8b,
-
-    0x71, 0x8a, 0xb5, 0x1, 0x7f, 0x7c, 0x92, 0x9a, 0xa2, 0xc9, 0x81, 0x10, 0xfe,
-    0xbf, 0xc, 0x53, 0xa4, 0x43, 0xaf, 0x31, 0x74, 0x12, 0x25, 0x60, 0x3e, 0xc0,
-    0x21, 0xe6, 0x63, 0x9a, 0xd2, 0x67, 0x2d, 0xb5, 0xd5, 0x82, 0xc4, 0x49,
-    0x29, 0x51, 0x42, 0x8f, 0xe0, 0xe, 0xd1, 0x73, 0x27, 0xf5, 0x77, 0x16, 0x4,
-    0x40, 0x8a, 0x0, 0xe, 0x3a, 0x5d, 0x37, 0x42, 0xd3, 0x8, 0x40, 0xbd, 0x69,
-    0xf7, 0x5f, 0x74, 0x21, 0x50, 0xf4, 0xce, 0xfe, 0xd9, 0xdd, 0x97, 0x6c,
-    0xa8, 0xa5, 0x60, 0x6b, 0xf8, 0x1b, 0xba, 0x2, 0xb2, 0xca, 0x5, 0x44, 0x9b,
-    0xb1, 0x5e, 0x3a, 0xa4, 0x35, 0x7a, 0x51, 0xfa, 0xcf, 0xa4, 0x4, 0xe9, 0xf3,
-    0xbf, 0x38, 0xd4, 0x24, 0x9, 0x52, 0xf3, 0x58, 0x3d, 0x9d, 0x4b, 0xb3, 0x37,
-    0x4b, 0xec, 0x87, 0xe1, 0x64, 0x60, 0x3c, 0xb6, 0xf7, 0x7b, 0xff, 0x40,
-    0x11,
-
-    0x6e, 0x22, 0xaa, 0x10, 0x84, 0x58, 0x8b, 0xff, 0xd8, 0x37, 0x8, 0xa9, 0xe9,
-    0xdb, 0xf6, 0x1f, 0x69, 0x10, 0x95, 0x6c, 0xbf, 0xd, 0x11, 0x48, 0x6f, 0x1b,
-    0x3c, 0x62, 0x46, 0x13, 0x89, 0x13, 0x5f, 0xa1, 0x3, 0x62, 0xed, 0x62, 0xdf,
-    0x3d, 0xbf, 0xcd, 0xb7, 0x41, 0x48, 0x81, 0x3, 0x9f, 0x54, 0xa, 0xe, 0xb3,
-    0x35, 0xf9, 0xde, 0x24, 0xba, 0x6d, 0x4c, 0x7f, 0xfc, 0xc1, 0xb4, 0xce,
-    0x6d, 0xa1, 0x73, 0x7c, 0xaa, 0xb, 0xad, 0x2, 0xd6, 0x37, 0x85, 0xe, 0xbb,
-    0x48, 0x11, 0x38, 0xc4, 0xaa, 0x1b, 0xf, 0xcf, 0xc1, 0x9c, 0x26, 0xcc, 0x95,
-    0xc2, 0x5b, 0x49, 0x9, 0x3d, 0xe9, 0x7d, 0xce, 0xc7, 0xa6, 0x4, 0x3e, 0x7c,
-    0x9e, 0x28, 0xde, 0x8, 0x11, 0xe, 0x61, 0x3b, 0xc0, 0x9c, 0x6b, 0x58, 0x23,
-    0xe6, 0x40, 0x7b, 0xbd, 0xb8, 0x72, 0xf, 0xe0, 0xee, 0xcf, 0xba, 0xb4,
-
-    0xc4, 0xff, 0xaf, 0x48, 0x15, 0xda, 0x60, 0x40, 0xcc, 0xd7, 0xf2, 0x68,
-    0xf7, 0xe2, 0x70, 0x12, 0x8d, 0x15, 0xa5, 0xb7, 0xe6, 0x4c, 0x23, 0xea,
-    0x4d, 0x8a, 0x51, 0x6, 0x67, 0x3, 0x4c, 0x83, 0x6f, 0x28, 0x67, 0xcf, 0x63,
-    0x46, 0x3e, 0x8a, 0x45, 0x9f, 0xed, 0x1a, 0xde, 0xa7, 0xad, 0xb2, 0x2b, 0xf,
-    0x8b, 0xab, 0x7c, 0x70, 0xff, 0xc3, 0xa8, 0x6e, 0x8c, 0xaa, 0xb1, 0xf6,
-    0x20, 0xe3, 0xb9, 0xf1, 0xc3, 0x3d, 0x5, 0x6a, 0x1e, 0x26, 0x2d, 0xf4, 0xd,
-    0xe4, 0x53, 0x63, 0x67, 0x23, 0x48, 0xa8, 0x1, 0xa8, 0xee, 0xe1, 0x5f, 0x64,
-    0xe3, 0x2c, 0x71, 0xe2, 0x10, 0x82, 0x0, 0x52, 0xd7, 0x74, 0x87, 0xff, 0x1c,
-    0x0, 0x19, 0xe6, 0x4d, 0x15, 0x91, 0x6d, 0xf3, 0x38, 0x3b, 0xee, 0xf3, 0xd5,
-    0xd1, 0xc7, 0x6d, 0xd9, 0x8e, 0x55, 0x70, 0x90, 0xb0, 0xb, 0x3c, 0x4a, 0x67,
-    0x19,
-
-    0x4f, 0x98, 0x92, 0xf9, 0x18, 0x38, 0xf5, 0xb4, 0xf7, 0x2f, 0xa7, 0x21,
-    0x71, 0x52, 0x27, 0xd0, 0x57, 0x4f, 0x9c, 0x30, 0xe, 0xb2, 0x27, 0xce, 0xd7,
-    0xb2, 0x9f, 0xc0, 0xf6, 0xc3, 0xb0, 0x7c, 0x40, 0x18, 0x75, 0x4a, 0xde,
-    0xb0, 0x9f, 0x46, 0x8a, 0x5a, 0xeb, 0x4f, 0xcb, 0x5e, 0x60, 0xf5, 0xca,
-    0xf4, 0x98, 0xaf, 0x62, 0x9b, 0x7e, 0x10, 0xda, 0xba, 0x2f, 0x47, 0x64,
-    0xf2, 0xc0, 0x84, 0x19, 0x75, 0xe0, 0xe4, 0xff, 0x20, 0xda, 0x7d, 0xe5, 0xd,
-    0xc8, 0xf8, 0xe3, 0x83, 0x61, 0x19, 0x17, 0xf1, 0xa9, 0x1b, 0xff, 0x39,
-    0x79, 0x88, 0x1, 0xfb, 0xe7, 0x23, 0xd2, 0xac, 0xe0, 0x49, 0x12, 0x2a, 0x38,
-    0xb4, 0x7c, 0xc2, 0x1b, 0x88, 0x5f, 0x68, 0x32, 0x11, 0xd9, 0xfd, 0xdc,
-    0x65, 0x2, 0xb3, 0x74, 0x2c, 0x13, 0xf2, 0xd8, 0xf1, 0x45, 0xc5, 0xd1, 0xf4,
-    0xa3, 0x38, 0x81, 0x92};
-const std::vector<uint8_t> EpidMemberTest::kMsg0 = {'m', 's', 'g', '0'};
-const std::vector<uint8_t> EpidMemberTest::kBsn0 = {'b', 's', 'n', '0'};
-const std::vector<uint8_t> EpidMemberTest::kMsg1 = {'m', 's', 'g', '1'};
-const std::vector<uint8_t> EpidMemberTest::kBsn1 = {'b', 's', 'n', '1'};
-
-const GroupPubKey EpidMemberTest::kGrpXKey = {
-#include "epid/common-testhelper/testdata/grp_x/pubkey.inc"
-};
-
-const CompressedPrivKey EpidMemberTest::kGrpXMember9CompressedKey = {
-#include "epid/common-testhelper/testdata/grp_x/cmember9/cmpprivkey.inc"
-};
-const PrivKey EpidMemberTest::kGrpXMember9PrivKey = {
-#include "epid/common-testhelper/testdata/grp_x/cmember9/mprivkey.inc"
-};
-
-const GroupPubKey EpidMemberTest::kGrpYKey = {
-#include "epid/common-testhelper/testdata/grp_y/pubkey.inc"
-};
-
-const CompressedPrivKey EpidMemberTest::kGrpYMember9CompressedKey = {
-#include "epid/common-testhelper/testdata/grp_y/cmember9/cmpprivkey.inc"
-};

+ 0 - 290
external/epid-sdk-3.0.0/epid/member/unittests/nr_prove-test.cc

@@ -1,290 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief NrProve unit tests.
- */
-
-#include "gtest/gtest.h"
-
-extern "C" {
-#include "epid/member/api.h"
-#include "epid/verifier/api.h"
-}
-
-#include "epid/member/unittests/member-testhelper.h"
-#include "epid/common-testhelper/prng-testhelper.h"
-#include "epid/common-testhelper/errors-testhelper.h"
-#include "epid/common-testhelper/verifier_wrapper-testhelper.h"
-
-namespace {
-
-TEST_F(EpidMemberTest, NrProveFailsGivenNullParameters) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  BasicSignature const* basic_sig =
-      &reinterpret_cast<EpidSignature const*>(
-           this->kGrp01Member0SigTest1Sha256.data())
-           ->sigma0;
-  auto msg = this->kTest1Msg;
-  SigRl const* sig_rl = reinterpret_cast<const SigRl*>(this->kSigRlData.data());
-
-  NrProof proof;
-
-  EXPECT_EQ(kEpidBadArgErr, EpidNrProve(nullptr, msg.data(), msg.size(),
-                                        basic_sig, &sig_rl->bk[0], &proof));
-  EXPECT_EQ(kEpidBadArgErr, EpidNrProve(member, nullptr, msg.size(), basic_sig,
-                                        &sig_rl->bk[0], &proof));
-  EXPECT_EQ(kEpidBadArgErr, EpidNrProve(member, msg.data(), msg.size(), nullptr,
-                                        &sig_rl->bk[0], &proof));
-  EXPECT_EQ(kEpidBadArgErr, EpidNrProve(member, msg.data(), msg.size(),
-                                        basic_sig, nullptr, &proof));
-  EXPECT_EQ(kEpidBadArgErr, EpidNrProve(member, msg.data(), msg.size(),
-                                        basic_sig, &sig_rl->bk[0], nullptr));
-}
-
-TEST_F(EpidMemberTest, NrProveFailsGivenInvalidSigRlEntry) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  BasicSignature const* basic_sig =
-      &reinterpret_cast<EpidSignature const*>(
-           this->kGrp01Member0SigTest1Sha256.data())
-           ->sigma0;
-  auto msg = this->kTest1Msg;
-  SigRl const* sig_rl = reinterpret_cast<const SigRl*>(this->kSigRlData.data());
-
-  NrProof proof;
-
-  SigRlEntry sig_rl_enty_invalid_k = sig_rl->bk[0];
-  sig_rl_enty_invalid_k.k.x.data.data[31]++;  // make it not in EC group
-  EXPECT_EQ(kEpidBadArgErr,
-            EpidNrProve(member, msg.data(), msg.size(), basic_sig,
-                        &sig_rl_enty_invalid_k, &proof));
-
-  SigRlEntry sig_rl_enty_invalid_b = sig_rl->bk[0];
-  sig_rl_enty_invalid_b.b.x.data.data[31]++;  // make it not in EC group
-  EXPECT_EQ(kEpidBadArgErr,
-            EpidNrProve(member, msg.data(), msg.size(), basic_sig,
-                        &sig_rl_enty_invalid_b, &proof));
-}
-
-TEST_F(EpidMemberTest, NrProveFailsGivenInvalidBasicSig) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  BasicSignature const* basic_sig =
-      &reinterpret_cast<EpidSignature const*>(
-           this->kGrp01Member0SigTest1Sha256.data())
-           ->sigma0;
-  auto msg = this->kTest1Msg;
-  SigRl const* sig_rl = reinterpret_cast<const SigRl*>(this->kSigRlData.data());
-
-  NrProof proof;
-
-  // invalid basic sig in this case is invalid B or K value only!!
-  BasicSignature basic_sig_invalid_B = *basic_sig;
-  basic_sig_invalid_B.B.x.data.data[31]++;  // make it not in EC group;
-  EXPECT_EQ(kEpidBadArgErr,
-            EpidNrProve(member, msg.data(), msg.size(), &basic_sig_invalid_B,
-                        &sig_rl->bk[0], &proof));
-
-  BasicSignature basic_sig_invalid_K = *basic_sig;
-  basic_sig_invalid_K.K.x.data.data[31]++;  // make it not in EC group
-  EXPECT_EQ(kEpidBadArgErr,
-            EpidNrProve(member, msg.data(), msg.size(), &basic_sig_invalid_K,
-                        &sig_rl->bk[0], &proof));
-}
-
-TEST_F(EpidMemberTest, GeneratesNrProofForEmptyMessage) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  BasicSignature basic_sig;
-  SigRl const* sig_rl = reinterpret_cast<const SigRl*>(this->kSigRlData.data());
-
-  NrProof proof;
-
-  THROW_ON_EPIDERR(EpidMemberSetHashAlg(member, kSha256));
-  ASSERT_EQ(kEpidNoErr,
-            EpidSignBasic(member, nullptr, 0, nullptr, 0, &basic_sig));
-  EXPECT_EQ(kEpidNoErr, EpidNrProve(member, nullptr, 0, &basic_sig,
-                                    &sig_rl->bk[0], &proof));
-
-  // Check proof by doing an NrVerify
-  VerifierCtxObj ctx(this->kGroupPublicKey);
-  THROW_ON_EPIDERR(EpidVerifierSetHashAlg(ctx, kSha256));
-  EXPECT_EQ(kEpidNoErr,
-            EpidNrVerify(ctx, &basic_sig, nullptr, 0, &sig_rl->bk[0], &proof));
-}
-
-TEST_F(EpidMemberTest, GeneratesNrProofUsingDefaultHashAlg) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  BasicSignature basic_sig;
-  auto msg = this->kTest1Msg;
-  SigRl const* sig_rl = reinterpret_cast<const SigRl*>(this->kSigRlData.data());
-
-  NrProof proof;
-
-  ASSERT_EQ(kEpidNoErr, EpidSignBasic(member, msg.data(), msg.size(), nullptr,
-                                      0, &basic_sig));
-  EXPECT_EQ(kEpidNoErr, EpidNrProve(member, msg.data(), msg.size(), &basic_sig,
-                                    &sig_rl->bk[0], &proof));
-
-  // Check proof by doing an NrVerify
-  VerifierCtxObj ctx(this->kGroupPublicKey);
-
-  EXPECT_EQ(kEpidNoErr, EpidNrVerify(ctx, &basic_sig, msg.data(), msg.size(),
-                                     &sig_rl->bk[0], &proof));
-}
-
-TEST_F(EpidMemberTest, GeneratesNrProofUsingDefaultHashAlgUsingIKGFData) {
-  Prng my_prng;
-  GroupPubKey grp_public_key = *reinterpret_cast<const GroupPubKey*>(
-      this->kGroupPublicKeyDataIkgf.data());
-  PrivKey mbr_private_key =
-      *reinterpret_cast<const PrivKey*>(this->kMemberPrivateKeyDataIkgf.data());
-  const std::vector<uint8_t> sigrl_bin = {
-#include "epid/common-testhelper/testdata/ikgf/groupa/sigrl.inc"
-  };
-
-  MemberCtxObj member(grp_public_key, mbr_private_key, &Prng::Generate,
-                      &my_prng);
-
-  BasicSignature basic_sig;
-  auto msg = this->kTest1Msg;
-  SigRl const* sig_rl = reinterpret_cast<const SigRl*>(sigrl_bin.data());
-
-  NrProof proof;
-
-  ASSERT_EQ(kEpidNoErr, EpidSignBasic(member, msg.data(), msg.size(), nullptr,
-                                      0, &basic_sig));
-  EXPECT_EQ(kEpidNoErr, EpidNrProve(member, msg.data(), msg.size(), &basic_sig,
-                                    &sig_rl->bk[0], &proof));
-
-  // Check proof by doing an NrVerify
-  VerifierCtxObj ctx(grp_public_key);
-
-  EXPECT_EQ(kEpidNoErr, EpidNrVerify(ctx, &basic_sig, msg.data(), msg.size(),
-                                     &sig_rl->bk[0], &proof));
-}
-
-TEST_F(EpidMemberTest, GeneratesNrProofUsingSha256HashAlg) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  BasicSignature basic_sig;
-  auto msg = this->kTest1Msg;
-  SigRl const* sig_rl = reinterpret_cast<const SigRl*>(this->kSigRlData.data());
-
-  NrProof proof;
-
-  THROW_ON_EPIDERR(EpidMemberSetHashAlg(member, kSha256));
-  ASSERT_EQ(kEpidNoErr, EpidSignBasic(member, msg.data(), msg.size(), nullptr,
-                                      0, &basic_sig));
-  EXPECT_EQ(kEpidNoErr, EpidNrProve(member, msg.data(), msg.size(), &basic_sig,
-                                    &sig_rl->bk[0], &proof));
-
-  // Check proof by doing an NrVerify
-  VerifierCtxObj ctx(this->kGroupPublicKey);
-  THROW_ON_EPIDERR(EpidVerifierSetHashAlg(ctx, kSha256));
-  EXPECT_EQ(kEpidNoErr, EpidNrVerify(ctx, &basic_sig, msg.data(), msg.size(),
-                                     &sig_rl->bk[0], &proof));
-}
-
-TEST_F(EpidMemberTest, GeneratesNrProofUsingSha384HashAlg) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  BasicSignature basic_sig;
-  auto msg = this->kTest1Msg;
-  SigRl const* sig_rl = reinterpret_cast<const SigRl*>(this->kSigRlData.data());
-
-  NrProof proof;
-
-  THROW_ON_EPIDERR(EpidMemberSetHashAlg(member, kSha384));
-  ASSERT_EQ(kEpidNoErr, EpidSignBasic(member, msg.data(), msg.size(), nullptr,
-                                      0, &basic_sig));
-  EXPECT_EQ(kEpidNoErr, EpidNrProve(member, msg.data(), msg.size(), &basic_sig,
-                                    &sig_rl->bk[0], &proof));
-
-  // Check proof by doing an NrVerify
-  VerifierCtxObj ctx(this->kGroupPublicKey);
-  THROW_ON_EPIDERR(EpidVerifierSetHashAlg(ctx, kSha384));
-  EXPECT_EQ(kEpidNoErr, EpidNrVerify(ctx, &basic_sig, msg.data(), msg.size(),
-                                     &sig_rl->bk[0], &proof));
-}
-
-TEST_F(EpidMemberTest, GeneratesNrProofUsingSha512HashAlg) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  BasicSignature basic_sig;
-  auto msg = this->kTest1Msg;
-  SigRl const* sig_rl = reinterpret_cast<const SigRl*>(this->kSigRlData.data());
-
-  NrProof proof;
-
-  THROW_ON_EPIDERR(EpidMemberSetHashAlg(member, kSha512));
-  ASSERT_EQ(kEpidNoErr, EpidSignBasic(member, msg.data(), msg.size(), nullptr,
-                                      0, &basic_sig));
-  EXPECT_EQ(kEpidNoErr, EpidNrProve(member, msg.data(), msg.size(), &basic_sig,
-                                    &sig_rl->bk[0], &proof));
-
-  // Check proof by doing an NrVerify
-  VerifierCtxObj ctx(this->kGroupPublicKey);
-  THROW_ON_EPIDERR(EpidVerifierSetHashAlg(ctx, kSha512));
-  EXPECT_EQ(kEpidNoErr, EpidNrVerify(ctx, &basic_sig, msg.data(), msg.size(),
-                                     &sig_rl->bk[0], &proof));
-}
-
-TEST_F(EpidMemberTest, DISABLED_GeneratesNrProofUsingSha512256HashAlg) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  BasicSignature basic_sig;
-  auto msg = this->kTest1Msg;
-  SigRl const* sig_rl = reinterpret_cast<const SigRl*>(this->kSigRlData.data());
-
-  NrProof proof;
-
-  THROW_ON_EPIDERR(EpidMemberSetHashAlg(member, kSha512_256));
-  ASSERT_EQ(kEpidNoErr, EpidSignBasic(member, msg.data(), msg.size(), nullptr,
-                                      0, &basic_sig));
-  EXPECT_EQ(kEpidNoErr, EpidNrProve(member, msg.data(), msg.size(), &basic_sig,
-                                    &sig_rl->bk[0], &proof));
-
-  // Check proof by doing an NrVerify
-  VerifierCtxObj ctx(this->kGroupPublicKey);
-  THROW_ON_EPIDERR(EpidVerifierSetHashAlg(ctx, kSha512_256));
-  EXPECT_EQ(kEpidNoErr, EpidNrVerify(ctx, &basic_sig, msg.data(), msg.size(),
-                                     &sig_rl->bk[0], &proof));
-}
-
-}  // namespace

+ 0 - 246
external/epid-sdk-3.0.0/epid/member/unittests/presig-test.cc

@@ -1,246 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief ComputePreSig unit tests.
- */
-#include <cstring>
-#include <limits>
-#include <algorithm>
-#include <vector>
-
-#include "gtest/gtest.h"
-
-extern "C" {
-#include "epid/member/api.h"
-}
-
-#include "epid/member/unittests/member-testhelper.h"
-#include "epid/common-testhelper/prng-testhelper.h"
-#include "epid/common-testhelper/errors-testhelper.h"
-
-/// Count of elements in array
-#define COUNT_OF(A) (sizeof(A) / sizeof((A)[0]))
-
-bool operator==(PreComputedSignature const& lhs,
-                PreComputedSignature const& rhs) {
-  return 0 == std::memcmp(&lhs, &rhs, sizeof(lhs));
-}
-
-bool operator!=(PreComputedSignature const& lhs,
-                PreComputedSignature const& rhs) {
-  return !(lhs == rhs);
-}
-
-namespace {
-
-///////////////////////////////////////////////////////////////////////
-// EpidAddPreSigs
-TEST_F(EpidMemberTest, AddPreSigsFailsGivenNullPointer) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  PreComputedSignature presig = this->kPrecomputedSignatures[0];
-
-  EXPECT_EQ(kEpidBadArgErr, EpidAddPreSigs(nullptr, 1, &presig));
-}
-
-TEST_F(EpidMemberTest, AddPreSigsFailsGivenHugeNumberOfPreSigs) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  PreComputedSignature presig = this->kPrecomputedSignatures[0];
-
-  // number_presigs = 0x80..01 of size equal to sizeof(size_t)
-  EXPECT_EQ(kEpidBadArgErr,
-            EpidAddPreSigs(member, (SIZE_MAX >> 1) + 2, &presig));
-}
-
-TEST_F(EpidMemberTest,
-       AddPreSigsComputesSpecifiedNumberOfPresigsIfInputPresigsNull) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  ASSERT_EQ(kEpidNoErr, EpidAddPreSigs(member, 2, nullptr));
-  ASSERT_EQ(kEpidNoErr, EpidAddPreSigs(member, 1, nullptr));
-  // request to generate 0 pre-computed signatures do nothing
-  ASSERT_EQ(kEpidNoErr, EpidAddPreSigs(member, 0, nullptr));
-  EXPECT_EQ((size_t)3, EpidGetNumPreSigs(member));
-}
-
-TEST_F(EpidMemberTest, AddPreSigsClearsInputPresigBuffer) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  // For a test purposes allocate an array of precomputed signatures with
-  // all elements initialized to the same precomputed signature.
-  // Warning: Do not use precomputed signatures twice in production code!
-  std::vector<PreComputedSignature> presigs(2, this->kPrecomputedSignatures[0]);
-
-  ASSERT_EQ(kEpidNoErr, EpidAddPreSigs(member, presigs.size(), presigs.data()));
-  EXPECT_TRUE(std::all_of((uint8_t*)presigs.data(),
-                          (uint8_t*)(presigs.data() + presigs.size()),
-                          [](uint8_t a) { return 0 == a; }));
-}
-
-TEST_F(EpidMemberTest, AddPreSigsAddsCorrectNumberOfPresigsGivenValidInput) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  // For a test purposes allocate an arrays of precomputed signatures with
-  // all elements initialized to the same precomputed signature.
-  // Warning: Do not use precomputed signatures twice in production code!
-  std::vector<PreComputedSignature> presigs1(2,
-                                             this->kPrecomputedSignatures[0]);
-  std::vector<PreComputedSignature> presigs2 = presigs1;
-
-  // add
-  ASSERT_EQ(kEpidNoErr,
-            EpidAddPreSigs(member, presigs1.size(), presigs1.data()));
-  // extend
-  ASSERT_EQ(kEpidNoErr,
-            EpidAddPreSigs(member, presigs2.size(), presigs2.data()));
-  // add empty pre-computed signatures array does not affect internal pool
-  ASSERT_EQ(kEpidNoErr, EpidAddPreSigs(member, 0, presigs2.data()));
-  EXPECT_EQ(presigs1.size() + presigs2.size(), EpidGetNumPreSigs(member));
-}
-
-///////////////////////////////////////////////////////////////////////
-// EpidGetNumPreSigs
-TEST_F(EpidMemberTest, GetNumPreSigsReturnsZeroGivenNullptr) {
-  EXPECT_EQ((size_t)0, EpidGetNumPreSigs(nullptr));
-}
-
-TEST_F(EpidMemberTest, NumPreSigsForNewleyCreatedContextIsZero) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  EXPECT_EQ((size_t)0, EpidGetNumPreSigs(member));
-}
-
-TEST_F(EpidMemberTest, GetNumPreSigsReturnsNumberOfAddedPresigs) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  // For a test purposes allocate an array of precomputed signatures with
-  // all elements initialized to the same precomputed signature.
-  // Warning: Do not use precomputed signatures twice in production code!
-  std::vector<PreComputedSignature> presigs(5, this->kPrecomputedSignatures[0]);
-
-  THROW_ON_EPIDERR(EpidAddPreSigs(member, presigs.size(), presigs.data()));
-  EXPECT_EQ(presigs.size(), EpidGetNumPreSigs(member));
-}
-///////////////////////////////////////////////////////////////////////
-// EpidWritePreSigs
-TEST_F(EpidMemberTest, WritePreSigsFailsGivenNullPointer) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-  PreComputedSignature presig;
-
-  EXPECT_EQ(kEpidBadArgErr, EpidWritePreSigs(nullptr, &presig, 0));
-}
-
-TEST_F(EpidMemberTest, WritePreSigsFailsGivenWrongNumberOfPresigs) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  PreComputedSignature presig = this->kPrecomputedSignatures[0];
-
-  // add one pre-computed signature
-  THROW_ON_EPIDERR(EpidAddPreSigs(member, 1, &presig));
-  // export more pre-computed signatures than available
-  EXPECT_EQ(kEpidBadArgErr, EpidWritePreSigs(member, &presig, 2));
-}
-
-TEST_F(EpidMemberTest, WritePreSigsClearsPresigsOnSuccess) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  std::vector<PreComputedSignature> presigs(
-      COUNT_OF(this->kPrecomputedSignatures));
-  presigs.assign(std::begin(this->kPrecomputedSignatures),
-                 std::end(this->kPrecomputedSignatures));
-
-  THROW_ON_EPIDERR(EpidAddPreSigs(member, presigs.size(), presigs.data()));
-
-  // can export some but not all
-  EXPECT_EQ(kEpidNoErr, EpidWritePreSigs(member, presigs.data(), 1));
-  EXPECT_EQ(presigs.size() - 1, EpidGetNumPreSigs(member));
-  // can export all the rest
-  EXPECT_EQ(kEpidNoErr,
-            EpidWritePreSigs(member, presigs.data() + 1, presigs.size() - 1));
-  // check that all exported
-  EXPECT_EQ((size_t)0, EpidGetNumPreSigs(member));
-  // check that both write operations export (and leave) correct values.
-  EXPECT_EQ(presigs.end(), std::unique(presigs.begin(), presigs.end()));
-}
-
-TEST_F(EpidMemberTest, CanWriteAddedPresigs) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  PreComputedSignature presig0 = this->kPrecomputedSignatures[0];
-  PreComputedSignature presig1 = this->kPrecomputedSignatures[1];
-  PreComputedSignature presigs[2] = {presig0, presig1};
-
-  THROW_ON_EPIDERR(EpidAddPreSigs(member, COUNT_OF(presigs), presigs));
-
-  EXPECT_EQ(kEpidNoErr, EpidWritePreSigs(member, presigs, COUNT_OF(presigs)));
-  // compare ignoring order
-  EXPECT_TRUE((presig0 == presigs[0] && presig1 == presigs[1]) ||
-              (presig0 == presigs[1] && presig1 == presigs[0]));
-}
-
-TEST_F(EpidMemberTest, CanWriteGeneratedPresigs) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  PreComputedSignature zero_buffer;
-  memset(&zero_buffer, 0, sizeof(zero_buffer));
-  PreComputedSignature presigs[2] = {zero_buffer, zero_buffer};
-
-  THROW_ON_EPIDERR(EpidAddPreSigs(member, COUNT_OF(presigs), nullptr));
-
-  EXPECT_EQ(kEpidNoErr, EpidWritePreSigs(member, presigs, COUNT_OF(presigs)));
-  // check pre-computed signature were written
-  EXPECT_NE(zero_buffer, presigs[0]);
-  EXPECT_NE(zero_buffer, presigs[1]);
-}
-
-TEST_F(EpidMemberTest, WritePreSigsCanWriteZeroPresigs) {
-  Prng my_prng;
-  MemberCtxObj member(this->kGroupPublicKey, this->kMemberPrivateKey,
-                      this->kMemberPrecomp, &Prng::Generate, &my_prng);
-
-  PreComputedSignature presig;
-
-  EXPECT_EQ(kEpidNoErr, EpidWritePreSigs(member, &presig, 0));
-}
-
-}  // namespace

+ 0 - 320
external/epid-sdk-3.0.0/epid/member/unittests/request_join-test.cc

@@ -1,320 +0,0 @@
-/*############################################################################
-  # Copyright 2016 Intel Corporation
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  ############################################################################*/
-
-/*!
- * \file
- * \brief RequestJoin unit tests.
- */
-
-#include <memory>
-#include "gtest/gtest.h"
-
-extern "C" {
-#include "epid/member/api.h"
-#include "epid/common/math/ecgroup.h"
-#include "epid/common/math/finitefield.h"
-#include "epid/common/src/epid2params.h"
-}
-
-#include "epid/member/unittests/member-testhelper.h"
-#include "epid/common-testhelper/prng-testhelper.h"
-#include "epid/common-testhelper/finite_field_wrapper-testhelper.h"
-#include "epid/common-testhelper/ffelement_wrapper-testhelper.h"
-#include "epid/common-testhelper/epid_params-testhelper.h"
-#include "epid/common-testhelper/ecgroup_wrapper-testhelper.h"
-#include "epid/common-testhelper/ecpoint_wrapper-testhelper.h"
-
-namespace {
-
-// local constant for RequestJoin tests. This can be hoisted later if needed
-// avoids cpplint warning about multiple includes.
-const GroupPubKey kPubKey = {
-#include "epid/common-testhelper/testdata/grp01/gpubkey.inc"
-};
-
-TEST_F(EpidMemberTest, RequestJoinFailsGivenNullParameters) {
-  GroupPubKey pub_key = kPubKey;
-  IssuerNonce ni;
-  FpElemStr f;
-  Prng prng;
-  BitSupplier rnd_func = Prng::Generate;
-  void* rnd_param = &prng;
-  JoinRequest join_request;
-  EXPECT_EQ(kEpidBadArgErr, EpidRequestJoin(nullptr, &ni, &f, rnd_func,
-                                            rnd_param, kSha256, &join_request));
-  EXPECT_EQ(kEpidBadArgErr, EpidRequestJoin(&pub_key, nullptr, &f, rnd_func,
-                                            rnd_param, kSha256, &join_request));
-  EXPECT_EQ(kEpidBadArgErr, EpidRequestJoin(&pub_key, &ni, nullptr, rnd_func,
-                                            rnd_param, kSha256, &join_request));
-  EXPECT_EQ(kEpidBadArgErr, EpidRequestJoin(&pub_key, &ni, &f, rnd_func,
-                                            rnd_param, kSha256, nullptr));
-  EXPECT_EQ(kEpidBadArgErr, EpidRequestJoin(&pub_key, &ni, &f, nullptr,
-                                            rnd_param, kSha256, &join_request));
-}
-
-TEST_F(EpidMemberTest, RequestJoinFailsGivenInvalidGroupKey) {
-  Prng prng;
-  BitSupplier rnd_func = Prng::Generate;
-  void* rnd_param = &prng;
-  JoinRequest join_request;
-  GroupPubKey pub_key = kPubKey;
-  FpElemStr f = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff,
-  };
-  IssuerNonce ni = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03,
-      0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
-  };
-  pub_key.h1.x.data.data[15] = 0xff;
-  Epid20Params params;
-  EcPointObj pt(&params.G1);
-  ASSERT_NE(kEpidNoErr, ReadEcPoint(params.G1, (uint8_t*)&pub_key.h1,
-                                    sizeof(pub_key.h1), pt));
-  EXPECT_EQ(kEpidBadArgErr, EpidRequestJoin(&pub_key, &ni, &f, rnd_func,
-                                            rnd_param, kSha256, &join_request));
-}
-
-TEST_F(EpidMemberTest, RequestJoinFailsGivenInvalidFValue) {
-  Prng prng;
-  BitSupplier rnd_func = Prng::Generate;
-  void* rnd_param = &prng;
-  JoinRequest join_request;
-  GroupPubKey pub_key = kPubKey;
-  FpElemStr f = {
-      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
-  };
-  IssuerNonce ni = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03,
-      0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
-  };
-
-  const BigNumStr p = {
-      {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, 0x46, 0xE5, 0xF2, 0x5E,
-        0xEE, 0x71, 0xA4, 0x9E, 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99, 0x92, 0x1A,
-        0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D}}};
-  FiniteFieldObj Fp(p);
-  FfElementObj el(&Fp);
-  ASSERT_NE(kEpidNoErr, ReadFfElement(Fp, (uint8_t*)&f, sizeof(f), el));
-  EXPECT_EQ(kEpidBadArgErr, EpidRequestJoin(&pub_key, &ni, &f, rnd_func,
-                                            rnd_param, kSha256, &join_request));
-}
-
-TEST_F(EpidMemberTest,
-       GeneratesValidJoinRequestGivenValidParametersUsingIKGFData) {
-  Prng prng;
-  BitSupplier rnd_func = Prng::Generate;
-  void* rnd_param = &prng;
-  JoinRequest join_request;
-  FpElemStr f = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff,
-  };
-  IssuerNonce ni = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03,
-      0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
-  };
-  const GroupPubKey* grp_public_key = reinterpret_cast<const GroupPubKey*>(
-      this->kGroupPublicKeyDataIkgf.data());
-  EXPECT_EQ(kEpidNoErr, EpidRequestJoin(grp_public_key, &ni, &f, rnd_func,
-                                        rnd_param, kSha256, &join_request));
-}
-
-TEST_F(EpidMemberTest, GeneratesValidJoinRequestGivenValidParameters) {
-  Prng prng;
-  BitSupplier rnd_func = Prng::Generate;
-  void* rnd_param = &prng;
-  JoinRequest join_request;
-  GroupPubKey pub_key = kPubKey;
-  FpElemStr f = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff,
-  };
-  IssuerNonce ni = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03,
-      0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
-  };
-  EXPECT_EQ(kEpidNoErr, EpidRequestJoin(&pub_key, &ni, &f, rnd_func, rnd_param,
-                                        kSha256, &join_request));
-}
-
-TEST_F(EpidMemberTest, GeneratesDiffJoinRequestsOnMultipleCalls) {
-  Prng prng;
-  BitSupplier rnd_func = Prng::Generate;
-  void* rnd_param = &prng;
-  JoinRequest join_request1;
-  JoinRequest join_request2;
-  GroupPubKey pub_key = kPubKey;
-  FpElemStr f = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff,
-  };
-  IssuerNonce ni = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03,
-      0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
-  };
-  prng.set_seed(0x1234);
-  EXPECT_EQ(kEpidNoErr, EpidRequestJoin(&pub_key, &ni, &f, rnd_func, rnd_param,
-                                        kSha256, &join_request1));
-  EXPECT_EQ(kEpidNoErr, EpidRequestJoin(&pub_key, &ni, &f, rnd_func, rnd_param,
-                                        kSha256, &join_request2));
-  EXPECT_NE(0, memcmp(&join_request1, &join_request2, sizeof(join_request1)));
-}
-
-TEST_F(EpidMemberTest, GeneratesDiffJoinRequestsGivenDiffHashAlgs) {
-  Prng prng;
-  BitSupplier rnd_func = Prng::Generate;
-  void* rnd_param = &prng;
-  JoinRequest join_request1;
-  JoinRequest join_request2;
-  GroupPubKey pub_key = kPubKey;
-  FpElemStr f = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff,
-  };
-  IssuerNonce ni = {
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03,
-      0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
-  };
-  prng.set_seed(0x1234);
-  EXPECT_EQ(kEpidNoErr, EpidRequestJoin(&pub_key, &ni, &f, rnd_func, rnd_param,
-                                        kSha256, &join_request1));
-  prng.set_seed(0x1234);
-  EXPECT_EQ(kEpidNoErr, EpidRequestJoin(&pub_key, &ni, &f, rnd_func, rnd_param,
-                                        kSha512, &join_request2));
-  EXPECT_NE(0, memcmp(&join_request1, &join_request2, sizeof(join_request1)));
-}
-
-TEST_F(EpidMemberTest, PrivateKeyValidationFailsGivenNullParameters) {
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&this->kGrpXKey, nullptr));
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(nullptr, &this->kGrpXMember9PrivKey));
-}
-
-TEST_F(EpidMemberTest, PrivateKeyValidationFailsGivenGroupIDMissmatch) {
-  // Check wrong gid for GroupPubKey
-  GroupPubKey group_pub_key = this->kGrpXKey;
-  group_pub_key.gid.data[0] = group_pub_key.gid.data[0] ^ 0xFF;
-  EXPECT_FALSE(
-      EpidIsPrivKeyInGroup(&group_pub_key, &this->kGrpXMember9PrivKey));
-  // Check wrong gid for PrivKey
-  PrivKey priv_key = this->kGrpXMember9PrivKey;
-  priv_key.gid.data[sizeof(priv_key.gid.data) - 1] =
-      priv_key.gid.data[sizeof(priv_key.gid.data) - 1] ^ 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&this->kGrpXKey, &priv_key));
-  // Check wrong gid for both GroupPubKey and PrivKey
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&group_pub_key, &priv_key));
-}
-
-TEST_F(EpidMemberTest, PrivateKeyValidationRejectsInvalidPrivKey) {
-  // test for invalid key components values (eg. out of range, not in EC group)
-  PrivKey priv_key = this->kGrpXMember9PrivKey;
-  priv_key.A.x.data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&this->kGrpXKey, &priv_key));
-
-  priv_key = this->kGrpXMember9PrivKey;
-  priv_key.A.y.data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&this->kGrpXKey, &priv_key));
-
-  priv_key = this->kGrpXMember9PrivKey;
-  FpElemStr inv_f = {
-      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
-  };
-  priv_key.f = inv_f;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&this->kGrpXKey, &priv_key));
-
-  priv_key = this->kGrpXMember9PrivKey;
-  priv_key.x.data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&this->kGrpXKey, &priv_key));
-}
-
-TEST_F(EpidMemberTest, PrivateKeyValidationRejectsInvalidGroupKey) {
-  // test for invalid key components values (eg. out of range, not in EC group)
-  GroupPubKey pub_key = this->kGrpXKey;
-  pub_key.h1.x.data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&pub_key, &this->kGrpXMember9PrivKey));
-
-  pub_key = this->kGrpXKey;
-  pub_key.h1.y.data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&pub_key, &this->kGrpXMember9PrivKey));
-
-  pub_key = this->kGrpXKey;
-  pub_key.h2.x.data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&pub_key, &this->kGrpXMember9PrivKey));
-
-  pub_key = this->kGrpXKey;
-  pub_key.h2.y.data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&pub_key, &this->kGrpXMember9PrivKey));
-
-  pub_key = this->kGrpXKey;
-  pub_key.w.x[0].data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&pub_key, &this->kGrpXMember9PrivKey));
-
-  pub_key = this->kGrpXKey;
-  pub_key.w.x[1].data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&pub_key, &this->kGrpXMember9PrivKey));
-
-  pub_key = this->kGrpXKey;
-  pub_key.w.y[0].data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&pub_key, &this->kGrpXMember9PrivKey));
-
-  pub_key = this->kGrpXKey;
-  pub_key.w.y[1].data.data[0] = 0xFF;
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(&pub_key, &this->kGrpXMember9PrivKey));
-}
-
-TEST_F(EpidMemberTest, PrivateKeyValidationRejectsKeyNotInGroup) {
-  EXPECT_FALSE(
-      EpidIsPrivKeyInGroup(&this->kGrpYKey, &this->kGrpXMember9PrivKey));
-}
-
-TEST_F(EpidMemberTest, PrivateKeyValidationRejectsKeyNotInGroupUsingIKGFData) {
-  const GroupPubKey* grp_public_key = reinterpret_cast<const GroupPubKey*>(
-      this->kGroupPublicKeyDataIkgf.data());
-  const PrivKey mbr_private_key = {
-#include "epid/common-testhelper/testdata/ikgf/groupb/member0/mprivkey.inc"
-  };
-  EXPECT_FALSE(EpidIsPrivKeyInGroup(grp_public_key, &mbr_private_key));
-}
-
-TEST_F(EpidMemberTest, PrivateKeyValidationAcceptsKeyInGroup) {
-  EXPECT_TRUE(
-      EpidIsPrivKeyInGroup(&this->kGrpXKey, &this->kGrpXMember9PrivKey));
-}
-
-TEST_F(EpidMemberTest, PrivateKeyValidationAcceptsKeyInGroupUsingIKGFData) {
-  const GroupPubKey* grp_public_key = reinterpret_cast<const GroupPubKey*>(
-      this->kGroupPublicKeyDataIkgf.data());
-  const PrivKey* mbr_private_key =
-      reinterpret_cast<const PrivKey*>(this->kMemberPrivateKeyDataIkgf.data());
-  EXPECT_TRUE(EpidIsPrivKeyInGroup(grp_public_key, mbr_private_key));
-}
-
-}  // namespace

BIN
external/epid-sdk-3.0.0/example/compressed_data/groupb/member0/mprivkey.dat


BIN
external/epid-sdk-3.0.0/example/compressed_data/groupb/privrevokedmember0/mprivkey.dat


BIN
external/epid-sdk-3.0.0/example/compressed_data/groupb/privrl_empty.bin


BIN
external/epid-sdk-3.0.0/example/compressed_data/groupb/pubkey.bin


BIN
external/epid-sdk-3.0.0/example/compressed_data/groupb/sigrevokedmember0/mprivkey.dat


BIN
external/epid-sdk-3.0.0/example/compressed_data/groupb/sigrl.bin


BIN
external/epid-sdk-3.0.0/example/compressed_data/groupb/sigrl_empty.bin


+ 0 - 179
external/epid-sdk-3.0.0/example/data/README.md

@@ -1,179 +0,0 @@
-# Sample Issuer Material
-
-This folder contains sample issuer material for use with the Intel(R)
-EPID SDK. All data files are in binary format.
-
-## Directory Structure
-
-    data
-    |__ groupa
-    |   |__ member0
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ member1
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ privrevokedmember0
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ privrevokedmember1
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ privrevokedmember2
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ sigrevokedmember0
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ sigrevokedmember1
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ sigrevokedmember2
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ privrl.bin
-    |   |__ privrl_empty.bin
-    |   |__ pubkey.bin
-    |   |__ sigrl.bin
-    |   |__ sigrl_empty.bin
-    |
-    |__ groupb
-    |   |__ member0
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ member1
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ privrevokedmember0
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ sigrevokedmember0
-    |   |   |__ mprivkey.dat
-    |   |
-    |   |__ privrl.bin
-    |   |__ privrl_empty.bin
-    |   |__ pubkey.bin
-    |   |__ sigrl.bin
-    |   |__ sigrl_empty.bin
-    |
-    |__ grprl.bin
-    |__ grprl_empty.bin
-    |__ mprivkey.dat
-    |__ privrl.bin
-    |__ pubkey.bin
-    |__ cacert.bin
-    |__ sigrl.bin
-
-
-## Description
-
-There are 2 groups
-
-- **groupa**
-
-- **groupb**
-
-
-_Note: No compressed key sample material is included in this folder._
-
-### Group A
-
-**groupa** contains 8 members. Each member has a member private key
-`mprivkey.dat`. Here are the members:
-
-- **member0** - a member in good standing
-
-- **member1** - a member in good standing
-
-- **privrevokedmember0** - a member revoked using its private key
-
-- **privrevokedmember1** - a member revoked using its private key
-
-- **privrevokedmember2** - a member revoked using its private key
-
-- **sigrevokedmember0** - a member revoked using a signature
-
-- **sigrevokedmember1** - a member revoked using a signature
-
-- **sigrevokedmember2** - a member revoked using a signature
-
-
-In addition, **groupa** contain the following revocation lists:
-
-- `pubkey.bin` - group public key
-
-- `privrl.bin` - private key based revocation list with 3 entries -
-  **privrevokedmember0**, **privrevokedmember1** and
-  **privrevokedmember2**
-
-- `sigrl.bin` - signature based revocation list with 3 entries -
-  **sigrevokedmember0**, **sigrevokedmember2** and
-  **sigrevokedmember2**
-
-- `privrl_empty.bin` - private key based revocation list with 0 entries
-
-- `sigrl_empty.bin` - signature based revocation list with 0 entries
-
-
-### Group B
-
-**groupb** contains 3 members. Each member has a member private key
-`mprivkey.dat`. Here are the members:
-
-- **member0** - a member in good standing
-
-- **privrevokedmember0** - a member whose private key is revoked
-
-- **sigrevokedmember0** - a member whose signature is revoked
-
-
-In addition, **groupb** contain the following revocation lists:
-
-- `pubkey.bin` - group public key
-
-- `privrl.bin` - private key based revocation list with 1 entry -
-  **privrevokedmember0**
-
-- `sigrl.bin` - signature based revocation list with 1 entries -
-  **sigrevokedmember0**
-
-- `privrl_empty.bin` - private key based revocation list with 0 entries
-
-- `sigrl_empty.bin` - signature based revocation list with 0 entries
-
-
-### Default files
-
-- `/data/cacert.bin` - CA certificate used as default input to signmsg
-  and `verifysig`
-
-- `/data/grprl.bin` - group revocation list with one entry **groupb** used
-  as default input to `verifysig`
-
-- `/data/pubkey.bin` - public key in **groupa** used as default input
-  to signmsg and `verifysig`
-
-- `/data/mprivkey.dat` - private key of a **member0** in the
-  **groupa** used as default input to `signmsg`
-
-- `/data/privrl.bin` - private key based revocation list in the
-  **groupa** with 0 entries used as default input to `verifysig`
-
-- `/data/sigrl.bin` - signature based revocation list in the
-  **groupa** with 0 entries used as default input to `signmsg`
-  and `verifysig`
-
-### Group revocation lists
-
-There are 2 group revocation lists:
-
-- `grprl.bin` - group revocation list with 1 entry - **groupb**
-
-- `grprl_empty.bin` - group revocation list with 0 entries
-
-
-### IoT EPID Issuing CA certificate
-
-- `/data/cacert.bin` - CA certificate used to check that revocation
-  lists and group public keys are authorized by the issuer, e.g.,
-  signed by the issuer

BIN
external/epid-sdk-3.0.0/example/data/cacert.bin


+ 0 - 72
external/epid-sdk-3.0.0/example/data/data.parts

@@ -1,72 +0,0 @@
-############################################################################
-# Copyright 2016 Intel Corporation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-############################################################################
-
-Import('*')
-
-# Normal stuff that all Parts should have
-env.PartName("sample_data")
-
-#files
-data_files = Pattern(src_dir='.',
-                     includes=[
-                         'grprl_empty.bin',
-                         'README.md',
-                         'groupa/privrl.bin',
-                         'groupa/pubkey.bin',
-                         'groupa/sigrl.bin',
-                         'groupa/privrl_empty.bin',
-                         'groupa/sigrl_empty.bin',
-                         'groupa/member0/mprivkey.dat',
-                         'groupa/member1/mprivkey.dat',
-                         'groupa/privrevokedmember0/mprivkey.dat',
-                         'groupa/privrevokedmember1/mprivkey.dat',
-                         'groupa/privrevokedmember2/mprivkey.dat',
-                         'groupa/sigrevokedmember0/mprivkey.dat',
-                         'groupa/sigrevokedmember1/mprivkey.dat',
-                         'groupa/sigrevokedmember2/mprivkey.dat',
-                         'groupb/privrl.bin',
-                         'groupb/pubkey.bin',
-                         'groupb/sigrl.bin',
-                         'groupb/privrl_empty.bin',
-                         'groupb/sigrl_empty.bin',
-                         'groupb/member0/mprivkey.dat',
-                         'groupb/privrevokedmember0/mprivkey.dat',
-                         'groupb/sigrevokedmember0/mprivkey.dat',
-                     ],
-                     recursive=True)
-
-sample_default_files = Pattern(src_dir='.',
-                               includes=[
-                                   'mprivkey.dat',
-                                   'pubkey.bin',
-                                   'cacert.bin',
-                                   'grprl.bin',
-                                   'privrl.bin',
-                                   'sigrl.bin',
-                               ],
-                               recursive=True)
-
-part_file = ['data.parts']
-
-if 'install_package' in env['MODE']:
-    env.InstallTopLevel(data_files, sub_dir='example/data')
-    env.InstallTopLevel(part_file, sub_dir='example/data')
-    env.InstallTopLevel(sample_default_files, sub_dir='example/data')
-else:
-    env.InstallData(data_files,
-                    sub_dir='data',
-                    no_pkg=False)
-    env.InstallTopLevel(sample_default_files, sub_dir='example')

BIN
external/epid-sdk-3.0.0/example/data/groupa/member0/mprivkey.dat


BIN
external/epid-sdk-3.0.0/example/data/groupa/member1/mprivkey.dat


BIN
external/epid-sdk-3.0.0/example/data/groupa/privrevokedmember0/mprivkey.dat


BIN
external/epid-sdk-3.0.0/example/data/groupa/privrevokedmember1/mprivkey.dat


BIN
external/epid-sdk-3.0.0/example/data/groupa/privrevokedmember2/mprivkey.dat


BIN
external/epid-sdk-3.0.0/example/data/groupa/privrl.bin


BIN
external/epid-sdk-3.0.0/example/data/groupa/privrl_empty.bin


BIN
external/epid-sdk-3.0.0/example/data/groupa/pubkey.bin


Some files were not shown because too many files changed in this diff