/*############################################################################ # Copyright 2016-2017 Intel Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ############################################################################*/ /// Intel(R) EPID SDK member API. /*! \file */ #ifndef EPID_MEMBER_API_H_ #define EPID_MEMBER_API_H_ #ifdef __cplusplus extern "C" { #endif #include #include "epid/common/bitsupplier.h" #include "epid/common/epiddefs.h" #include "epid/common/errors.h" #include "epid/common/types.h" /// Internal context of member. typedef struct MemberCtx MemberCtx; /// Implementation specific configuration parameters. typedef struct MemberParams MemberParams; /// Member functionality /*! \defgroup EpidMemberModule member Defines the APIs needed by Intel(R) EPID members. Each member context (::MemberCtx) represents membership in a single group. To use this module, include the header epid/member/api.h. \ingroup EpidModule @{ */ /// Allocates and initializes a new member context. /*! \param[in] params Implementation specific configuration parameters. \param[out] ctx Newly constructed member context. \warning buffers allocated using this function should not be initialized with ::EpidMemberInit. \deprecated This API has been superseded by ::EpidMemberGetSize and ::EpidMemberInit. \returns ::EpidStatus */ EpidStatus EPID_API EpidMemberCreate(MemberParams const* params, MemberCtx** ctx); /// Computes the size in bytes required for a member context /*! \param[in] params Implementation specific configuration parameters. \param[out] context_size Number of bytes required for a ::MemberCtx buffer \returns ::EpidStatus \see EpidMemberInit */ EpidStatus EPID_API EpidMemberGetSize(MemberParams const* params, size_t* context_size); /// Initializes a new member context. /*! \param[in] params Implementation specific configuration parameters. \param[in,out] ctx An existing buffer that will be used as a ::MemberCtx. \warning ctx must be a buffer of at least the size reported by ::EpidMemberGetSize for the same parameters. \returns ::EpidStatus \see EpidMemberGetSize */ EpidStatus EPID_API EpidMemberInit(MemberParams const* params, MemberCtx* ctx); /// Creates a request to join a group. /*! The created request is part of the interaction with an issuer needed to join a group. This interaction with the issuer is outside the scope of this API. \param[in,out] ctx The member context. \param[in] pub_key The group certificate of group to join. \param[in] ni The nonce chosen by issuer as part of join protocol. \param[out] join_request The join request. \returns ::EpidStatus */ EpidStatus EPID_API EpidCreateJoinRequest(MemberCtx* ctx, GroupPubKey const* pub_key, IssuerNonce const* ni, JoinRequest* join_request); /// Provisions a member context from a membership credential /*! \param[in,out] ctx The member context. \param[in] pub_key The group certificate of group to provision. \param[in] credential membership credential. \param[in] precomp_str Precomputed state (implementation specific optional) \returns ::EpidStatus */ EpidStatus EPID_API EpidProvisionCredential( MemberCtx* ctx, GroupPubKey const* pub_key, MembershipCredential const* credential, MemberPrecomp const* precomp_str); /// Provisions a member context from a compressed private key /*! \param[in,out] ctx The member context. \param[in] pub_key The group certificate of group to provision. \param[in] compressed_privkey private key. \param[in] precomp_str Precomputed state (implementation specific optional) \returns ::EpidStatus */ EpidStatus EPID_API EpidProvisionCompressed(MemberCtx* ctx, GroupPubKey const* pub_key, CompressedPrivKey const* compressed_privkey, MemberPrecomp const* precomp_str); /// Provisions a member context from a private key /*! \param[in,out] ctx The member context. \param[in] pub_key The group certificate of group to provision. \param[in] priv_key private key. \param[in] precomp_str Precomputed state (implementation specific optional) \returns ::EpidStatus */ EpidStatus EPID_API EpidProvisionKey(MemberCtx* ctx, GroupPubKey const* pub_key, PrivKey const* priv_key, MemberPrecomp const* precomp_str); /// Change member from setup state to normal operation /*! \param[in,out] ctx The member context. \returns ::EpidStatus */ EpidStatus EPID_API EpidMemberStartup(MemberCtx* ctx); /// De-initializes an existing member context buffer. /*! Must be called to safely release a member context initialized using ::EpidMemberInit. De-initializes the context. \param[in,out] ctx The member context. Can be NULL. \warning This function should not be used on buffers allocated with ::EpidMemberCreate. Those buffers should be released using ::EpidMemberDelete \see EpidMemberInit */ void EPID_API EpidMemberDeinit(MemberCtx* ctx); /// Deletes an existing member context. /*! Must be called to safely release a member context created using ::EpidMemberCreate. De-initializes the context, frees memory used by the context, and sets the context pointer to NULL. \param[in,out] ctx The member context. Can be NULL. \deprecated This API has been superseded by ::EpidMemberDeinit. \see EpidMemberCreate \b Example \ref UserManual_GeneratingAnIntelEpidSignature */ void EPID_API EpidMemberDelete(MemberCtx** ctx); /// Sets the hash algorithm to be used by a member. /*! \param[in] ctx The member context. \param[in] hash_alg The hash algorithm to use. \returns ::EpidStatus \note If the result is not ::kEpidNoErr, the hash algorithm used by the member is undefined. \see EpidMemberInit \see ::HashAlg \b Example \ref UserManual_GeneratingAnIntelEpidSignature */ EpidStatus EPID_API EpidMemberSetHashAlg(MemberCtx* ctx, HashAlg hash_alg); /// Sets the signature based revocation list to be used by a member. /*! The caller is responsible for ensuring the revocation list is authorized, e.g. signed by the issuer. The caller is also responsible checking the version of the revocation list. The call fails if trying to set an older version of the revocation list than was last set. \attention The memory pointed to by sig_rl is accessed directly by the member until a new list is set or the member is destroyed. Do not modify the contents of this memory. The behavior of subsequent operations that rely on the revocation list is undefined if the memory is modified. \attention It is the responsibility of the caller to free the memory pointed to by sig_rl after the member is no longer using it. \param[in] ctx The member context. \param[in] sig_rl The signature based revocation list. \param[in] sig_rl_size The size of the signature based revocation list in bytes. \returns ::EpidStatus \note If the result is not ::kEpidNoErr the signature based revocation list pointed to by the member is not changed. \see EpidMemberInit \b Example \ref UserManual_GeneratingAnIntelEpidSignature */ EpidStatus EPID_API EpidMemberSetSigRl(MemberCtx* ctx, SigRl const* sig_rl, size_t sig_rl_size); /// Computes the size in bytes required for an Intel(R) EPID signature. /*! \param[in] sig_rl The signature based revocation list that is used. NULL is treated as a zero length list. \returns Size in bytes of an Intel(R) EPID signature including proofs for each entry in the signature based revocation list. \see ::SigRl \b Example \ref UserManual_GeneratingAnIntelEpidSignature */ size_t EPID_API EpidGetSigSize(SigRl const* sig_rl); /// Writes an Intel(R) EPID signature. /*! \param[in] ctx The member context. \param[in] msg The message to sign. \param[in] msg_len The length in bytes of message. \param[in] basename Optional basename. If basename is NULL a random basename is used. Signatures generated using random basenames are anonymous. Signatures generated using the same basename are linkable by the verifier. If a basename is provided, it must already be registered, or ::kEpidBadArgErr is returned. \param[in] basename_len The size of basename in bytes. Must be 0 if basename is NULL. \param[out] sig The generated signature \param[in] sig_len The size of signature in bytes. Must be equal to value returned by EpidGetSigSize(). \returns ::EpidStatus \note If the result is not ::kEpidNoErr the content of sig is undefined. \see EpidMemberInit \see EpidMemberSetHashAlg \see EpidMemberSetSigRl \see EpidGetSigSize \b Example \ref UserManual_GeneratingAnIntelEpidSignature */ EpidStatus EPID_API EpidSign(MemberCtx const* ctx, void const* msg, size_t msg_len, void const* basename, size_t basename_len, EpidSignature* sig, size_t sig_len); /// Registers a basename with a member. /*! To prevent loss of privacy, the member keeps a list of basenames (corresponding to authorized verifiers). The member signs a message with a basename only if the basename is in the member's basename list. \warning The use of a name-based signature creates a platform unique pseudonymous identifier. Because it reduces the member's privacy, the user should be notified when it is used and should have control over its use. \param[in] ctx The member context. \param[in] basename The basename. \param[in] basename_len Length of the basename. \returns ::EpidStatus \retval ::kEpidDuplicateErr The basename was already registered. \note If the result is not ::kEpidNoErr or ::kEpidDuplicateErr it is undefined if the basename is registered. \b Example \ref UserManual_GeneratingAnIntelEpidSignature */ EpidStatus EPID_API EpidRegisterBasename(MemberCtx* ctx, void const* basename, size_t basename_len); /// Clears registered basenames. /*! Allows clearing registered basenames without recreating member. \param[in,out] ctx The member context. \returns ::EpidStatus \see ::EpidRegisterBasename */ EpidStatus EPID_API EpidClearRegisteredBasenames(MemberCtx* ctx); /// Extends the member's pool of pre-computed signatures. /*! Generate new pre-computed signatures and add them to the internal pool. \param[in] ctx The member context. \param[in] number_presigs The number of pre-computed signatures to add to the internal pool. \returns ::EpidStatus \see ::EpidMemberInit */ EpidStatus EPID_API EpidAddPreSigs(MemberCtx* ctx, size_t number_presigs); /// Gets the number of pre-computed signatures in the member's pool. /*! \param[in] ctx The member context. \returns Number of remaining pre-computed signatures. Returns 0 if ctx is NULL. \see ::EpidMemberInit */ size_t EPID_API EpidGetNumPreSigs(MemberCtx const* ctx); /// Decompresses compressed member private key. /*! Converts a compressed member private key into a member private key for use by other member APIs. \param[in] pub_key The public key of the group. \param[in] compressed_privkey The compressed member private key to be decompressed. \param[out] priv_key The member private key. \returns ::EpidStatus \b Example \ref UserManual_GeneratingAnIntelEpidSignature */ EpidStatus EPID_API EpidDecompressPrivKey( GroupPubKey const* pub_key, CompressedPrivKey const* compressed_privkey, PrivKey* priv_key); /*! @} */ #ifdef __cplusplus } #endif #endif // EPID_MEMBER_API_H_