Member functionality. More...
Data Structures | |
struct | MemberPrecomp |
Pre-computed member settings. More... | |
struct | PreComputedSignature |
Pre-computed signature. More... | |
Typedefs | |
typedef struct MemberCtx | MemberCtx |
Internal context of member. | |
Functions | |
EpidStatus | EpidMemberCreate (GroupPubKey const *pub_key, PrivKey const *priv_key, MemberPrecomp const *precomp, BitSupplier rnd_func, void *rnd_param, MemberCtx **ctx) |
Creates a new member context. More... | |
void | EpidMemberDelete (MemberCtx **ctx) |
Deletes an existing member context. More... | |
EpidStatus | EpidMemberWritePrecomp (MemberCtx const *ctx, MemberPrecomp *precomp) |
Serializes the pre-computed member settings. More... | |
EpidStatus | EpidMemberSetHashAlg (MemberCtx *ctx, HashAlg hash_alg) |
Sets the hash algorithm to be used by a member. More... | |
size_t | EpidGetSigSize (SigRl const *sig_rl) |
Computes the size in bytes required for an Intel(R) EPID signature. More... | |
EpidStatus | EpidSign (MemberCtx const *ctx, void const *msg, size_t msg_len, void const *basename, size_t basename_len, SigRl const *sig_rl, size_t sig_rl_size, EpidSignature *sig, size_t sig_len) |
Writes an Intel(R) EPID signature. More... | |
EpidStatus | EpidRegisterBaseName (MemberCtx *ctx, void const *basename, size_t basename_len) |
Registers a basename with a member. More... | |
EpidStatus | EpidAddPreSigs (MemberCtx *ctx, size_t number_presigs, PreComputedSignature *presigs) |
Extends the member's pool of pre-computed signatures. More... | |
size_t | EpidGetNumPreSigs (MemberCtx const *ctx) |
Gets the number of pre-computed signatures in the member's pool. More... | |
EpidStatus | EpidWritePreSigs (MemberCtx *ctx, PreComputedSignature *presigs, size_t number_presigs) |
Serializes pre-computed signatures from the member's pool. More... | |
EpidStatus | EpidRequestJoin (GroupPubKey const *pub_key, IssuerNonce const *ni, FpElemStr const *f, BitSupplier rnd_func, void *rnd_param, HashAlg hash_alg, JoinRequest *join_request) |
Creates a request to join a group. More... | |
EpidStatus | EpidSignBasic (MemberCtx const *ctx, void const *msg, size_t msg_len, void const *basename, size_t basename_len, BasicSignature *sig) |
Creates a basic signature for use in constrained environment. More... | |
EpidStatus | EpidNrProve (MemberCtx const *ctx, void const *msg, size_t msg_len, BasicSignature const *sig, SigRlEntry const *sigrl_entry, NrProof *proof) |
Calculates a non-revoked proof for a single signature based revocation list entry. More... | |
bool | EpidIsPrivKeyInGroup (GroupPubKey const *pub_key, PrivKey const *priv_key) |
Tests if a member private key is valid without checking revocation. More... | |
EpidStatus | EpidDecompressPrivKey (GroupPubKey const *pub_key, CompressedPrivKey const *compressed_privkey, PrivKey *priv_key) |
Decompresses compressed member private key. More... | |
Member functionality.
Defines the APIs needed by Intel(R) EPID members. Each member context (MemberCtx) represents membership in a single group.
EpidStatus EpidAddPreSigs | ( | MemberCtx * | ctx, |
size_t | number_presigs, | ||
PreComputedSignature * | presigs | ||
) |
Extends the member's pool of pre-computed signatures.
Can either generate new pre-computed signatures or import existing ones. EpidWritePreSigs can be used to export pre-computed signatures.
[in] | ctx | The member context. |
[in] | number_presigs | The number of pre-computed signatures to add to the internal pool. |
[in,out] | presigs | Optional array of valid pre-computed signatures to import. If presigs is not NULL it most contain at least number_presigs pre-computed signatures. |
EpidStatus EpidDecompressPrivKey | ( | GroupPubKey const * | pub_key, |
CompressedPrivKey const * | compressed_privkey, | ||
PrivKey * | priv_key | ||
) |
Decompresses compressed member private key.
Converts a compressed member private key into a member private key for use by other member APIs.
[in] | pub_key | The public key of the group. |
[in] | compressed_privkey | The compressed member private key to be decompressed. |
[out] | priv_key | The member private key. |
size_t EpidGetNumPreSigs | ( | MemberCtx const * | ctx | ) |
Gets the number of pre-computed signatures in the member's pool.
[in] | ctx | The member context. |
size_t EpidGetSigSize | ( | SigRl const * | sig_rl | ) |
Computes the size in bytes required for an Intel(R) EPID signature.
[in] | sig_rl | The signature based revocation list that is used. NULL is treated as a zero length list. |
bool EpidIsPrivKeyInGroup | ( | GroupPubKey const * | pub_key, |
PrivKey const * | priv_key | ||
) |
Tests if a member private key is valid without checking revocation.
Used to check that a member private key is a valid key for a group. This is useful as a cross check when creating a new member private key as part of the join process
[in] | pub_key | The public key of the group. |
[in] | priv_key | The private key to check. |
true | if the private key is valid for the group of the public key |
false | if the private key is not valid for the group of the public key |
EpidStatus EpidMemberCreate | ( | GroupPubKey const * | pub_key, |
PrivKey const * | priv_key, | ||
MemberPrecomp const * | precomp, | ||
BitSupplier | rnd_func, | ||
void * | rnd_param, | ||
MemberCtx ** | ctx | ||
) |
Creates a new member context.
Must be called to create the member context that is used by other "Member" APIs.
Allocates memory for the context, then initializes it.
EpidMemberDelete() must be called to safely release the member context.
[in] | pub_key | The group certificate. |
[in] | priv_key | The member private key. |
[in] | precomp | Optional pre-computed data. If NULL the value is computed internally and is readable using EpidMemberWritePrecomp(). |
[in] | rnd_func | Random number generator. |
[in] | rnd_param | Pass through context data for rnd_func. |
[out] | ctx | Newly constructed member context. |
void EpidMemberDelete | ( | MemberCtx ** | ctx | ) |
Deletes an existing member context.
Must be called to safely release a member context created using EpidMemberCreate().
De-initializes the context, frees memory used by the context, and sets the context pointer to NULL.
[in,out] | ctx | The member context. Can be NULL. |
EpidStatus EpidMemberSetHashAlg | ( | MemberCtx * | ctx, |
HashAlg | hash_alg | ||
) |
Sets the hash algorithm to be used by a member.
[in] | ctx | The member context. |
[in] | hash_alg | The hash algorithm to use. |
EpidStatus EpidMemberWritePrecomp | ( | MemberCtx const * | ctx, |
MemberPrecomp * | precomp | ||
) |
Serializes the pre-computed member settings.
[in] | ctx | The member context. |
[out] | precomp | The Serialized pre-computed member settings. |
EpidStatus EpidNrProve | ( | MemberCtx const * | ctx, |
void const * | msg, | ||
size_t | msg_len, | ||
BasicSignature const * | sig, | ||
SigRlEntry const * | sigrl_entry, | ||
NrProof * | proof | ||
) |
Calculates a non-revoked proof for a single signature based revocation list entry.
Used in constrained environments where, due to limited memory, it may not be possible to process through a large and potentially unbounded revocation list.
[in] | ctx | The member context. |
[in] | msg | The message. |
[in] | msg_len | The length of message in bytes. |
[in] | sig | The basic signature. |
[in] | sigrl_entry | The signature based revocation list entry. |
[out] | proof | The generated non-revoked proof. |
EpidStatus EpidRegisterBaseName | ( | MemberCtx * | ctx, |
void const * | basename, | ||
size_t | basename_len | ||
) |
Registers a basename with a member.
To prevent loss of privacy, the member keeps a list of basenames (corresponding to authorized verifiers). The member signs a message with a basename only if the basename is in the member's basename list.
[in] | ctx | The member context. |
[in] | basename | The basename. |
[in] | basename_len | Length of the basename. |
kEpidDuplicateErr | The basename was already registered. |
EpidStatus EpidRequestJoin | ( | GroupPubKey const * | pub_key, |
IssuerNonce const * | ni, | ||
FpElemStr const * | f, | ||
BitSupplier | rnd_func, | ||
void * | rnd_param, | ||
HashAlg | hash_alg, | ||
JoinRequest * | join_request | ||
) |
Creates a request to join a group.
The created request is part of the interaction with an issuer needed to join a group. This interaction with the issuer is outside the scope of this API.
[in] | pub_key | The group certificate of group to join. |
[in] | ni | The nonce chosen by issuer as part of join protocol. |
[in] | f | A randomly selected integer in [1, p-1]. |
[in] | rnd_func | Random number generator. |
[in] | rnd_param | Pass through context data for rnd_func. |
[in] | hash_alg | The hash algorithm to be used. |
[out] | join_request | The join request. |
EpidStatus EpidSign | ( | MemberCtx const * | ctx, |
void const * | msg, | ||
size_t | msg_len, | ||
void const * | basename, | ||
size_t | basename_len, | ||
SigRl const * | sig_rl, | ||
size_t | sig_rl_size, | ||
EpidSignature * | sig, | ||
size_t | sig_len | ||
) |
Writes an Intel(R) EPID signature.
[in] | ctx | The member context. |
[in] | msg | The message to sign. |
[in] | msg_len | The length in bytes of message. |
[in] | basename | Optional basename. If basename is NULL a random basename is used. Signatures generated using random basenames are anonymous. Signatures generated using the same basename are linkable by the verifier. If a basename is provided, it must already be registered, or kEpidBadArgErr is returned. |
[in] | basename_len | The size of basename in bytes. Must be 0 basename is NULL. |
[in] | sig_rl | The signature based revocation list. |
[in] | sig_rl_size | The size in bytes of the signature based revocation list. |
[out] | sig | The generated signature |
[in] | sig_len | The size of signature in bytes. Must be equal to value returned by EpidGetSigSize(). |
EpidStatus EpidSignBasic | ( | MemberCtx const * | ctx, |
void const * | msg, | ||
size_t | msg_len, | ||
void const * | basename, | ||
size_t | basename_len, | ||
BasicSignature * | sig | ||
) |
Creates a basic signature for use in constrained environment.
Used in constrained environments where, due to limited memory, it may not be possible to process through a large and potentially unbounded revocation list.
[in] | ctx | The member context. |
[in] | msg | The message. |
[in] | msg_len | The length of message in bytes. |
[in] | basename | Optional basename. If basename is NULL a random basename is used. Signatures generated using random basenames are anonymous. Signatures generated using the same basename are linkable by the verifier. If a basename is provided it must already be registered or kEpidBadArgErr is returned. |
[in] | basename_len | The size of basename in bytes. Must be 0 basename is NULL. |
[out] | sig | The generated basic signature |
EpidStatus EpidWritePreSigs | ( | MemberCtx * | ctx, |
PreComputedSignature * | presigs, | ||
size_t | number_presigs | ||
) |
Serializes pre-computed signatures from the member's pool.
Removes requested number of pre-computed signatures from member's pool and stores them in presigs array. Use EpidAddPreSigs to add pre-computed signatures to the pool.
[in] | ctx | The member context. |
[out] | presigs | An existing buffer of pre-computed signatures. |
[in] | number_presigs | Number of pre-computed signatures to read. Number_presigs must not be greater than the value returned by EpidGetNumPreSigs. |