miti
/
linux-sgx-trts-modified


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
							/*
 * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 
 
#ifndef _LONG_TERM_PAIRING_H_
#define _LONG_TERM_PAIRING_H_

#include "pse_pr_inc.h"
#include "pse_pr_types.h"
#include "sigma_crypto_layer.h"
#include "epid/common/types.h"
#include "Epid11_rl.h"
#include "pairing_blob.h"

class TEpidSigma11Verifier
{

public:
    TEpidSigma11Verifier();
    ~TEpidSigma11Verifier(void);

    enum State
    {
        STATE_GENM7,
        STATE_VERIFYM8,
        STATE_DONE,
        STATE_ERROR
    };

    static bool get_sigRL_info(const EPID11_SIG_RL* pSigRL, uint32_t& sigRL_entries, uint32_t& sigRL_size);
    static bool get_privRL_info(const EPID11_PRIV_RL* pPrivRL, uint32_t& privRL_entries, uint32_t& privRL_size);

    ae_error_t GenM7
    (
        /*in */ const SIGMA_S1_MESSAGE*      pS1,
        /*in */ const EPID11_SIG_RL*         pSigRL, 
        /*in */ const uint8_t*               pOcspResp, 
        /*in */ uint32_t  nLen_OcspResp, 
        /*in */ const uint8_t*               pVerifierCert,
        /*in */ uint32_t  nLen_VerifierCert,
        /*in */ const pairing_blob_t* pPairingBlob,
        /*in */ uint32_t  nMax_S2,
        /*out*/ SIGMA_S2_MESSAGE*  pS2, 
        /*out*/ uint32_t* pnLen_S2
    );

    ae_error_t VerifyM8
    (
        /*in */ const SIGMA_S3_MESSAGE*      pS3, 
        /*in */ uint32_t  nLen_S3,
        /*in */ const EPID11_PRIV_RL*        pPrivRL,
        /*i/o*/ pairing_blob_t* pPairingBlob,
        /*out*/ bool*     pbNewPairing
    );

private:
    SigmaCryptoLayer m_sigmaAlg;
    State       m_nextState;

    EcDsaPrivKey m_verifierPrivateKey;

    uint8_t*    m_pSigRL;
    size_t      m_nSigRL;

    uint32_t    m_nSigRLVersion;
    uint32_t    m_nPrivRLVersion;
    uint32_t    m_nDalAppletVersion;

    SAFEID_GID  m_gid;

    SIGMA_SECRET_KEY m_pairingID;  // sk used for repairing check
    Nonce128_t  m_pairingNonce;

    bool TaskInfoIsValid(const ME_TASK_INFO& taskInfo);

    ae_error_t ValidateS3DataBlock(const SIGMA_S3_MESSAGE* pS3, uint32_t nLen_S3, X509_GROUP_CERTIFICATE_VLR** X509GroupCertVlr, EPID_SIGNATURE_VLR** EpidSigVlr);

    ae_error_t AddCertificateChain(SIGMA_S2_MESSAGE* pS2, size_t& index, 
            size_t nMaxS2, const UINT8* pCertChain, size_t nCertChain);
    ae_error_t AddRevocationList(SIGMA_S2_MESSAGE* pS2, size_t& index, 
            size_t nMaxS2, const EPID11_SIG_RL* pRL, uint32_t nSigRL);
    ae_error_t AddOcspResponses(SIGMA_S2_MESSAGE* pS2, size_t& index, 
            size_t nMaxS2, const uint8_t* pOcspResp, size_t nOcspResp);

    ae_error_t ValidateSigRL(const EPID11_SIG_RL* pSigRL, uint32_t sigRL_entries, uint32_t sigRL_size, uint32_t* pVersion);

	ae_error_t ValidatePrivRL(const EPID11_PRIV_RL* pPrivRL, uint32_t privRL_entries, uint32_t privRL_size, uint32_t* pVersion);

private:

    // Disable class operations (default constructor, copy constructor, assignment operator, and address-of operator)
    //TEpidSigma11Verifier(void);                                         // default constructor
    TEpidSigma11Verifier(const TEpidSigma11Verifier& rhs);              // copy constructor
    TEpidSigma11Verifier& operator=(const TEpidSigma11Verifier& rhs);   // assignment operator
    TEpidSigma11Verifier* operator&();                                  // address-of operator
    const TEpidSigma11Verifier* operator&() const;                      // address-of operator

};

#endif