123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170 |
- <!-- HTML header for doxygen 1.8.10-->
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
- <meta http-equiv="X-UA-Compatible" content="IE=9"/>
- <meta name="generator" content="Doxygen 1.8.11"/>
- <title>Intel® Enhanced Privacy ID SDK: Generating an Intel® EPID Signature</title>
- <link href="tabs.css" rel="stylesheet" type="text/css"/>
- <script type="text/javascript" src="jquery.js"></script>
- <script type="text/javascript" src="dynsections.js"></script>
- <link href="navtree.css" rel="stylesheet" type="text/css"/>
- <script type="text/javascript" src="resize.js"></script>
- <script type="text/javascript" src="navtreedata.js"></script>
- <script type="text/javascript" src="navtree.js"></script>
- <script type="text/javascript">
- $(document).ready(initResizable);
- $(window).load(resizeHeight);
- </script>
- <link href="doxygen.css" rel="stylesheet" type="text/css" />
- <link href="epidstyle.css" rel="stylesheet" type="text/css"/>
- </head>
- <body>
- <div id="top"><!-- do not remove this div, it is closed by doxygen! -->
- <div id="titlearea">
- <table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
- <td id="projectalign" style="padding-left: 0.5em;">
- <div id="projectname"><a
- onclick="storeLink('index.html')"
- id="projectlink"
- class="index.html"
- href="index.html">Intel® Enhanced Privacy ID SDK</a>
-  <span id="projectnumber">3.0.0</span>
- </div>
- </td>
- </tr>
- </tbody>
- </table>
- </div>
- <!-- end header part -->
- <!-- Generated by Doxygen 1.8.11 -->
- </div><!-- top -->
- <div id="side-nav" class="ui-resizable side-nav-resizable">
- <div id="nav-tree">
- <div id="nav-tree-contents">
- <div id="nav-sync" class="sync"></div>
- </div>
- </div>
- <div id="splitbar" style="-moz-user-select:none;"
- class="ui-resizable-handle">
- </div>
- </div>
- <script type="text/javascript">
- $(document).ready(function(){initNavTree('SignmsgWalkthru.html','');});
- </script>
- <div id="doc-content">
- <div class="header">
- <div class="headertitle">
- <div class="title">Generating an Intel® EPID Signature </div> </div>
- </div><!--header-->
- <div class="contents">
- <div class="textblock"><p>This walkthrough of the signmsg example shows you how to use SDK APIs to generate an Intel® EPID signature. Signmsg is built during the <a class="el" href="BuildingSdk.html">SDK build</a>.</p>
- <p><br />
- </p>
- <p>First, we include headers so we have access to needed declarations.</p>
- <p><div class="fragment"><div class="line"><span class="preprocessor">#include <stdlib.h></span></div><div class="line"><span class="preprocessor">#include <string.h></span></div><div class="line"><span class="preprocessor">#include "src/signmsg.h"</span></div><div class="line"><span class="preprocessor">#include "src/prng.h"</span></div><div class="line"><span class="preprocessor">#include "util/envutil.h"</span></div><div class="line"><span class="preprocessor">#include "util/stdtypes.h"</span></div><div class="line"><span class="preprocessor">#include "util/buffutil.h"</span></div><div class="line"><span class="preprocessor">#include "<a class="code" href="member_2api_8h.html">epid/member/api.h</a>"</span></div><div class="line"><span class="preprocessor">#include "<a class="code" href="file__parser_8h.html">epid/common/file_parser.h</a>"</span></div></div><!-- fragment --></p>
- <p>The <code>prng.h</code> header provides access to a pseudo-random number generator needed for signing, while the utility headers are used by <code>signmsg</code> for logging and buffer management. The <code><a class="el" href="member_2api_8h.html" title="Intel(R) EPID SDK member API. ">epid/member/api.h</a></code> header provides access to the core member APIs. The <code><a class="el" href="file__parser_8h.html" title="Epid issuer material parsing utilities. ">epid/common/file_parser.h</a></code> header provides an API for parsing buffers formatted according to the various IoT Intel® EPID binary file formats.</p>
- <p><br />
- </p>
- <p>We define a stub function responsible for checking that the CA certificate is authorized by the root CA.</p>
- <p><div class="fragment"><div class="line"><span class="keywordtype">bool</span> IsCaCertAuthorizedByRootCa(<span class="keywordtype">void</span> <span class="keyword">const</span>* data, <span class="keywordtype">size_t</span> size) {</div><div class="line"> (void)data;</div><div class="line"> (void)size;</div><div class="line"> <span class="keywordflow">return</span> <span class="keyword">true</span>;</div><div class="line">}</div></div><!-- fragment --></p>
- <p><code>IsCaCertAuthorizedByRootCa</code> is called from <code>main.c</code> to validate the CA certificate before calling <code>SignMsg</code>. In an actual implementation, you need to provide an implementation to validate the issuing CA certificate with the CA root certificate before using it in parse functions.</p>
- <p><br />
- </p>
- <p>The core signing functionality is contained in <code>SignMsg</code>.</p>
- <p><div class="fragment"><div class="line"><a class="code" href="group___error_codes.html#gafdb27c77c2c4b32c807e326a8a0da360">EpidStatus</a> SignMsg(<span class="keywordtype">void</span> <span class="keyword">const</span>* msg, <span class="keywordtype">size_t</span> msg_len, <span class="keywordtype">void</span> <span class="keyword">const</span>* basename,</div><div class="line"> <span class="keywordtype">size_t</span> basename_len, <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> <span class="keyword">const</span>* signed_sig_rl,</div><div class="line"> <span class="keywordtype">size_t</span> signed_sig_rl_size,</div><div class="line"> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> <span class="keyword">const</span>* signed_pubkey,</div><div class="line"> <span class="keywordtype">size_t</span> signed_pubkey_size, <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> <span class="keyword">const</span>* priv_key_ptr,</div><div class="line"> <span class="keywordtype">size_t</span> privkey_size, <a class="code" href="group___epid_types.html#ga5e450438f6f9a5eacd0cf5ce354ec890">HashAlg</a> hash_alg,</div><div class="line"> <a class="code" href="struct_member_precomp.html">MemberPrecomp</a>* member_precomp, <span class="keywordtype">bool</span> member_precomp_is_input,</div><div class="line"> <a class="code" href="struct_epid_signature.html">EpidSignature</a>** sig, <span class="keywordtype">size_t</span>* sig_len,</div><div class="line"> <a class="code" href="struct_epid_ca_certificate.html">EpidCaCertificate</a> <span class="keyword">const</span>* cacert) {</div></div><!-- fragment --></p>
- <p>The <code>SignMsg</code> parameters are either received by the member, or they are part of the member's configuration. The exceptions are the <code>sig</code> and <code>sig_len</code> parameters, which are used to output the signature.</p>
- <p>The verifier might send the message to the member or there may be another mechanism to choose the message, but the way the message is communicated is outside the scope of the Intel® EPID scheme.</p>
- <p>We use the parameters <code>member_precomp</code> and <code>member_precomp_is_input</code> to pass in a pre-computation blob if provided. We can use the pre-computation blob to increase performance when verifying signatures repeatedly with the same group public key.</p>
- <p>The member knows the group public key and the member private key.</p>
- <p>The member and the verifier agree on the message, basename, hash algorithm, and SigRL that the member uses for signing.</p>
- <p><br />
- </p>
- <p>Next we do basic variable setup and argument checking.</p>
- <p><div class="fragment"><div class="line"> <a class="code" href="group___error_codes.html#gafdb27c77c2c4b32c807e326a8a0da360">EpidStatus</a> sts = <a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360aa08f0d2e394b37694117a6a32bc71e6e">kEpidErr</a>;</div><div class="line"> <span class="keywordtype">void</span>* prng = NULL;</div><div class="line"> <a class="code" href="group___epid_member_module.html#gadfb10d5dfdadb0694792c7b06718e817">MemberCtx</a>* member = NULL;</div><div class="line"> <a class="code" href="struct_sig_rl.html">SigRl</a>* sig_rl = NULL;</div><div class="line"></div><div class="line"> <span class="keywordflow">do</span> {</div><div class="line"> <a class="code" href="struct_group_pub_key.html">GroupPubKey</a> pub_key = {0};</div><div class="line"> <a class="code" href="struct_priv_key.html">PrivKey</a> priv_key = {0};</div><div class="line"> <span class="keywordtype">size_t</span> sig_rl_size = 0;</div><div class="line"></div><div class="line"> <span class="keywordflow">if</span> (!sig) {</div><div class="line"> sts = <a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360ad134d6cc95a9dcb1b1a9f9c358047cbf">kEpidBadArgErr</a>;</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div></div><!-- fragment --></p>
- <p>We create pointers to resources to be allocated and use the <code>do {} while(0)</code> idiom so that we can reliably free resources on return from <code>SignMsg</code>.</p>
- <p>We create variables on the stack to hold the group public key and member private key.</p>
- <p>Finally we check to make sure that <code>sig</code> is a vaild pointer.</p>
- <p><br />
- </p>
- <p>Next, we authenticate and extract the group public key using <a class="el" href="group___file_parser.html#ga43fdbc1bf2edd3695d21cb457365afbb" title="Extracts group public key from buffer in issuer binary format. ">EpidParseGroupPubKeyFile</a>.</p>
- <p><div class="fragment"><div class="line"> sts = <a class="code" href="group___file_parser.html#ga43fdbc1bf2edd3695d21cb457365afbb">EpidParseGroupPubKeyFile</a>(signed_pubkey, signed_pubkey_size, cacert,</div><div class="line"> &pub_key);</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a> != sts) {</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div></div><!-- fragment --></p>
- <p><a class="el" href="group___file_parser.html#ga43fdbc1bf2edd3695d21cb457365afbb" title="Extracts group public key from buffer in issuer binary format. ">EpidParseGroupPubKeyFile</a> takes a buffer containing a group public key in issuer binary format and validates that the public key is signed by the private key that corresponds to the provided CA certificate, extracting the key in the process.</p>
- <p><br />
- </p>
- <p>We authenticate and extract the signed SigRL using <a class="el" href="group___file_parser.html#ga237ef5a43076aa6fc6eb18829a93da3f" title="Extracts signature revocation list from buffer in issuer binary format. ">EpidParseSigRlFile</a>.</p>
- <p><div class="fragment"><div class="line"> <span class="keywordflow">if</span> (signed_sig_rl) {</div><div class="line"> <span class="comment">// authenticate and determine space needed for SigRl</span></div><div class="line"> sts = <a class="code" href="group___file_parser.html#ga237ef5a43076aa6fc6eb18829a93da3f">EpidParseSigRlFile</a>(signed_sig_rl, signed_sig_rl_size, cacert, NULL,</div><div class="line"> &sig_rl_size);</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360aeedd19b8a1cbdecf963f90b4860e02b8">kEpidSigInvalid</a> == sts) {</div><div class="line"> <span class="comment">// authentication failure</span></div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a> != sts) {</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div><div class="line"> sig_rl = AllocBuffer(sig_rl_size);</div><div class="line"> <span class="keywordflow">if</span> (!sig_rl) {</div><div class="line"> sts = <a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a11a4d2f1c37064eb663de08dc57bcda8">kEpidMemAllocErr</a>;</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div><div class="line"></div><div class="line"> <span class="comment">// fill the SigRl</span></div><div class="line"> sts = <a class="code" href="group___file_parser.html#ga237ef5a43076aa6fc6eb18829a93da3f">EpidParseSigRlFile</a>(signed_sig_rl, signed_sig_rl_size, cacert,</div><div class="line"> sig_rl, &sig_rl_size);</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360aeedd19b8a1cbdecf963f90b4860e02b8">kEpidSigInvalid</a> == sts) {</div><div class="line"> <span class="comment">// authentication failure</span></div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a> != sts) {</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div><div class="line"> } <span class="comment">// if (signed_sig_rl)</span></div></div><!-- fragment --></p>
- <p>We use <a class="el" href="group___file_parser.html#ga237ef5a43076aa6fc6eb18829a93da3f" title="Extracts signature revocation list from buffer in issuer binary format. ">EpidParseSigRlFile</a> to:</p>
- <ul>
- <li>extract the signature based revocation list</li>
- <li>validate that the revocation list was signed by the private key corresponding to the provided CA certificate</li>
- <li>validate that the size of the input buffer is correct</li>
- <li>determine the required size of the revocation list output buffer</li>
- </ul>
- <p>To determine the required <code>sig_rl</code> output buffer size, we provide a null pointer for the output buffer when calling <a class="el" href="group___file_parser.html#ga237ef5a43076aa6fc6eb18829a93da3f" title="Extracts signature revocation list from buffer in issuer binary format. ">EpidParseSigRlFile</a>. This updates <code>sig_rl_size</code> with the required size of the output buffer.</p>
- <p>After we find out the required size of the <code>sig_rl</code>, we allocate a buffer for the <code>sig_rl</code>. Then we fill the buffer using <a class="el" href="group___file_parser.html#ga237ef5a43076aa6fc6eb18829a93da3f" title="Extracts signature revocation list from buffer in issuer binary format. ">EpidParseSigRlFile</a>.</p>
- <p><br />
- </p>
- <p>Next, we fill the member private key.</p>
- <p><div class="fragment"><div class="line"> <span class="keywordflow">if</span> (privkey_size == <span class="keyword">sizeof</span>(<a class="code" href="struct_priv_key.html">PrivKey</a>)) {</div><div class="line"> priv_key = *(<a class="code" href="struct_priv_key.html">PrivKey</a>*)priv_key_ptr;</div><div class="line"> } <span class="keywordflow">else</span> <span class="keywordflow">if</span> (privkey_size == <span class="keyword">sizeof</span>(<a class="code" href="struct_compressed_priv_key.html">CompressedPrivKey</a>)) {</div><div class="line"> sts = <a class="code" href="group___epid_member_module.html#gaf8cd05388f017486f14da2ee48d067ef">EpidDecompressPrivKey</a>(&pub_key, (<a class="code" href="struct_compressed_priv_key.html">CompressedPrivKey</a>*)priv_key_ptr,</div><div class="line"> &priv_key);</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a> != sts) {</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div><div class="line"> } <span class="keywordflow">else</span> {</div><div class="line"> sts = <a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360aa08f0d2e394b37694117a6a32bc71e6e">kEpidErr</a>;</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> } <span class="comment">// if (privkey_size == sizeof(PrivKey))</span></div></div><!-- fragment --></p>
- <p>If the member private key is compressed, then we decompress it using <a class="el" href="group___epid_member_module.html#gaf8cd05388f017486f14da2ee48d067ef" title="Decompresses compressed member private key. ">EpidDecompressPrivKey</a> before it can be passed to the member APIs. To determine if the member private key is compressed, we check if it is the known size of a compressed key.</p>
- <p>If the key size is not the size of a known format, we return an error.</p>
- <p><br />
- </p>
- <p>Next, we create a pseudo-random number generator.</p>
- <p><div class="fragment"><div class="line"> sts = PrngCreate(&prng);</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a> != sts) {</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div></div><!-- fragment --></p>
- <dl class="section warning"><dt>Warning</dt><dd>This pseudo-random number generator is included only for demonstration, and should not be used in production code as a source of secure random data. For security, <code>prng</code> should be a cryptographically secure random number generator.</dd></dl>
- <p><br />
- </p>
- <p>Now that the inputs have been prepared, we create a member context using <a class="el" href="group___epid_member_module.html#ga561c4d544a78ee1bf59c3f4f919aa7bb" title="Creates a new member context. ">EpidMemberCreate</a>.</p>
- <p><div class="fragment"><div class="line"> sts = <a class="code" href="group___epid_member_module.html#ga561c4d544a78ee1bf59c3f4f919aa7bb">EpidMemberCreate</a>(&pub_key, &priv_key,</div><div class="line"> member_precomp_is_input ? member_precomp : NULL,</div><div class="line"> PrngGen, prng, &member);</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a> != sts) {</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div></div><!-- fragment --></p>
- <p>If a pre-computation blob is provided to the top level application, we use it. Otherwise, we pass in <code>NULL</code>.</p>
- <p><br />
- </p>
- <p>We serialize pre-computed member data using <a class="el" href="group___epid_member_module.html#ga5c35798d62cf81c4ca62b22c38809721" title="Serializes the pre-computed member settings. ">EpidMemberWritePrecomp</a>.</p>
- <p><div class="fragment"><div class="line"> sts = <a class="code" href="group___epid_member_module.html#ga5c35798d62cf81c4ca62b22c38809721">EpidMemberWritePrecomp</a>(member, member_precomp);</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a> != sts) {</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div></div><!-- fragment --></p>
- <p>The serialized member pre-computation blob can be used to greatly increase performance of <a class="el" href="group___epid_member_module.html#ga561c4d544a78ee1bf59c3f4f919aa7bb" title="Creates a new member context. ">EpidMemberCreate</a> in future sessions if the same member private key is used.</p>
- <p><br />
- </p>
- <p>Next, if a basename is specified, we register it with <a class="el" href="group___epid_member_module.html#gad92d3c3266ae1833ffb1dba9ad76035d" title="Registers a basename with a member. ">EpidRegisterBaseName</a> so that the member can use it.</p>
- <p><div class="fragment"><div class="line"> <span class="keywordflow">if</span> (0 != basename_len) {</div><div class="line"> sts = <a class="code" href="group___epid_member_module.html#gad92d3c3266ae1833ffb1dba9ad76035d">EpidRegisterBaseName</a>(member, basename, basename_len);</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a> != sts) {</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div><div class="line"> }</div></div><!-- fragment --></p>
- <p>In a typical use case, to prevent loss of privacy, the member keeps a list of basenames that correspond to authorized verifiers. The member signs a message with a basename only if the basename is in the member's basename list.</p>
- <dl class="section warning"><dt>Warning</dt><dd>The use of a name-based signature creates a platform unique pseudonymous identifier. Because it reduces the member's privacy, the user should be notified when it is used and should have control over its use.</dd></dl>
- <p><br />
- </p>
- <p>Then we set the hash algorithm to be used by the member using <a class="el" href="group___epid_member_module.html#ga9998eb454838ff5d232ff22ecbab31bf" title="Sets the hash algorithm to be used by a member. ">EpidMemberSetHashAlg</a>.</p>
- <p><div class="fragment"><div class="line"> sts = <a class="code" href="group___epid_member_module.html#ga9998eb454838ff5d232ff22ecbab31bf">EpidMemberSetHashAlg</a>(member, hash_alg);</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a> != sts) {</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div></div><!-- fragment --></p>
- <p>After the hash algorithm is set, future calls to <code>EpidSign</code> will use the same algorithm.</p>
- <p><br />
- </p>
- <p>Next, we sign the message, generating an Intel® EPID signature.</p>
- <p><div class="fragment"><div class="line"> *sig_len = <a class="code" href="group___epid_member_module.html#ga76e535722467af7c16809b5b521e0000">EpidGetSigSize</a>(sig_rl);</div><div class="line"></div><div class="line"> *sig = AllocBuffer(*sig_len);</div><div class="line"> <span class="keywordflow">if</span> (!*sig) {</div><div class="line"> sts = <a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a11a4d2f1c37064eb663de08dc57bcda8">kEpidMemAllocErr</a>;</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div><div class="line"></div><div class="line"> <span class="comment">// sign message</span></div><div class="line"> sts = <a class="code" href="group___epid_member_module.html#ga759155a719254f734157722716dac640">EpidSign</a>(member, msg, msg_len, basename, basename_len, sig_rl,</div><div class="line"> sig_rl_size, *sig, *sig_len);</div><div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a> != sts) {</div><div class="line"> <span class="keywordflow">break</span>;</div><div class="line"> }</div></div><!-- fragment --></p>
- <p>To create a signature, first we find out the required size of the signature using <a class="el" href="group___epid_member_module.html#ga76e535722467af7c16809b5b521e0000" title="Computes the size in bytes required for an Intel(R) EPID signature. ">EpidGetSigSize</a>. Then we allocate a buffer for the signature and fill the buffer using <a class="el" href="group___epid_member_module.html#ga759155a719254f734157722716dac640" title="Writes an Intel(R) EPID signature. ">EpidSign</a>.</p>
- <p>It is important to compute signature size after loading <code>sig_rl</code> because the signature size varies with the size of the SigRL.</p>
- <p><br />
- </p>
- <p>Finally, we clean up and exit.</p>
- <p><div class="fragment"><div class="line"> sts = <a class="code" href="group___error_codes.html#ggafdb27c77c2c4b32c807e326a8a0da360a8a6861e14322ca9193498ffc955537f9">kEpidNoErr</a>;</div><div class="line"> } <span class="keywordflow">while</span> (0);</div><div class="line"></div><div class="line"> PrngDelete(&prng);</div><div class="line"> <a class="code" href="group___epid_member_module.html#ga3824589c683c5e0e59d483462fce65d6">EpidMemberDelete</a>(&member);</div><div class="line"></div><div class="line"> <span class="keywordflow">if</span> (sig_rl) free(sig_rl);</div><div class="line"></div><div class="line"> <span class="keywordflow">return</span> sts;</div><div class="line">}</div></div><!-- fragment --></p>
- <p>If we made it past signing without an error, we set the return code appropriately and fall out of the do-while loop. If there was an error earlier, all breaks in the do-while loop bring us to this point with an error status.</p>
- <p>Next, we free the allocated resources. <a class="el" href="group___epid_member_module.html#ga3824589c683c5e0e59d483462fce65d6" title="Deletes an existing member context. ">EpidMemberDelete</a> deletes an existing member context.</p>
- <p>We return from SignMsg with the success or error status.</p>
- <p><br />
- </p>
- <p>This concludes the <code>signmsg</code> walkthrough. Now you should be able to generate an Intel® EPID signature that proves a member's group membership to a verifier without revealing the member's identity.</p>
- <p>To learn more about the SDK APIs see the <a href="modules.html"><b>API Reference</b></a>. To learn more about the Intel® EPID scheme see <a class="el" href="EpidOverview.html">Introduction to the Intel® EPID Scheme</a> in the documentation. </p>
- </div></div><!-- contents -->
- </div><!-- doc-content -->
- <!-- HTML footer for doxygen 1.8.10-->
- <!-- start footer part -->
- <div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
- <ul>
- <li class="footer">
- © 2016 Intel Corporation
- </li>
- </ul>
- </div>
- </body>
- </html>
|