api.h 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555
  1. /*############################################################################
  2. # Copyright 2016 Intel Corporation
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License");
  5. # you may not use this file except in compliance with the License.
  6. # You may obtain a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS,
  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. # See the License for the specific language governing permissions and
  14. # limitations under the License.
  15. ############################################################################*/
  16. #ifndef EPID_VERIFIER_API_H_
  17. #define EPID_VERIFIER_API_H_
  18. #include <stddef.h>
  19. #include "epid/common/stdtypes.h"
  20. #include "epid/common/types.h"
  21. #include "epid/common/errors.h"
  22. #ifdef __cplusplus
  23. extern "C"{
  24. #endif
  25. /*!
  26. * \file
  27. * \brief Intel(R) EPID SDK verifier API.
  28. */
  29. /// Verifier functionality
  30. /*!
  31. \defgroup EpidVerifierModule verifier
  32. Defines the APIs needed by Intel(R) EPID verifiers. Each verifier
  33. context (::VerifierCtx) represents a verifier for a single group.
  34. \ingroup EpidModule
  35. @{
  36. */
  37. /// Internal context of verifier.
  38. typedef struct VerifierCtx VerifierCtx;
  39. /// Pre-computed verifier settings.
  40. /*!
  41. Serialized form of the information about a verifier that remains stable for
  42. a given set of keys.
  43. \note e12 = 0 implies that this data is not valid
  44. */
  45. #pragma pack(1)
  46. typedef struct VerifierPrecomp {
  47. GroupId gid; ///< group ID
  48. GtElemStr e12; ///< an element in GT
  49. GtElemStr e22; ///< an element in GT
  50. GtElemStr e2w; ///< an element in GT
  51. GtElemStr eg12; ///< an element in GT
  52. } VerifierPrecomp;
  53. #pragma pack()
  54. /// Creates a new verifier context.
  55. /*!
  56. Must be called to create the verifier context that is used by
  57. other "Verifier" APIs.
  58. Allocates memory for the context, then initializes it.
  59. EpidVerifierDelete() must be called to safely release the member context.
  60. \param[in] pub_key
  61. The group certificate.
  62. \param[in] precomp
  63. Optional pre-computed data. If NULL the value is computed internally and is
  64. readable using EpidVerifierWritePrecomp().
  65. \param[out] ctx
  66. Newly constructed verifier context.
  67. \returns ::EpidStatus
  68. \note
  69. If the result is not ::kEpidNoErr the content of ctx is undefined.
  70. \see EpidVerifierDelete
  71. \see EpidVerifierWritePrecomp
  72. */
  73. EpidStatus EpidVerifierCreate(GroupPubKey const* pub_key,
  74. VerifierPrecomp const* precomp,
  75. VerifierCtx** ctx);
  76. /// Deletes an existing verifier context.
  77. /*!
  78. Must be called to safely release a verifier context created using
  79. EpidVerifierCreate().
  80. De-initializes the context, frees memory used by the context, and sets the
  81. context pointer to NULL.
  82. \param[in,out] ctx
  83. The verifier context. Can be NULL.
  84. \see EpidVerifierCreate
  85. */
  86. void EpidVerifierDelete(VerifierCtx** ctx);
  87. /// Serializes the pre-computed verifier settings.
  88. /*!
  89. \param[in] ctx
  90. The verifier context.
  91. \param[out] precomp
  92. The Serialized pre-computed verifier settings.
  93. \returns ::EpidStatus
  94. \note
  95. If the result is not ::kEpidNoErr the content of precomp is undefined.
  96. */
  97. EpidStatus EpidVerifierWritePrecomp(VerifierCtx const* ctx,
  98. VerifierPrecomp* precomp);
  99. /// Sets the private key based revocation list.
  100. /*!
  101. The caller is responsible for ensuring the revocation list is authorized,
  102. e.g signed by the issuer. The caller is also responsible checking the version
  103. of the revocation list. The call fails if trying to set an older version
  104. of the revocation list than was last set.
  105. \attention
  106. The memory pointed to by priv_rl is accessed directly by the verifier
  107. until a new list is set or the verifier is destroyed. Do not modify the
  108. contents of this memory. The behavior of subsequent operations that rely on
  109. the revocation list is undefined if the memory is modified.
  110. \attention
  111. It is the responsibility of the caller to free the memory pointed to by priv_rl
  112. after the verifier is no longer using it.
  113. \param[in,out] ctx
  114. The verifier context.
  115. \param[in] priv_rl
  116. The private key based revocation list.
  117. \param[in] priv_rl_size
  118. The size of the private key based revocation list in bytes.
  119. \returns ::EpidStatus
  120. \note
  121. If the result is not ::kEpidNoErr the private key based revocation list
  122. pointed to by the verifier is undefined.
  123. \see EpidVerifierCreate
  124. */
  125. EpidStatus EpidVerifierSetPrivRl(VerifierCtx* ctx, PrivRl const* priv_rl,
  126. size_t priv_rl_size);
  127. /// Sets the signature based revocation list.
  128. /*!
  129. The caller is responsible for ensuring the revocation list is authorized,
  130. e.g signed by the issuer. The caller is also responsible checking the version
  131. of the revocation list. The call fails if trying to set an older version
  132. of the revocation list than was last set.
  133. \attention
  134. The memory pointed to by sig_rl is accessed directly by the verifier
  135. until a new list is set or the verifier is destroyed. Do not modify the
  136. contents of this memory. The behavior of subsequent operations that rely on
  137. the revocation list is undefined if the memory is modified.
  138. \attention
  139. It is the responsibility of the caller to free the memory pointed to by sig_rl
  140. after the verifier is no longer using it.
  141. \param[in,out] ctx
  142. The verifier context.
  143. \param[in] sig_rl
  144. The signature based revocation list.
  145. \param[in] sig_rl_size
  146. The size of the signature based revocation list in bytes.
  147. \returns ::EpidStatus
  148. \note
  149. If the result is not ::kEpidNoErr the signature based revocation list pointed
  150. to by the verifier is undefined.
  151. \see EpidVerifierCreate
  152. */
  153. EpidStatus EpidVerifierSetSigRl(VerifierCtx* ctx, SigRl const* sig_rl,
  154. size_t sig_rl_size);
  155. /// Sets the group based revocation list.
  156. /*!
  157. The caller is responsible for ensuring the revocation list is authorized,
  158. e.g signed by the issuer. The caller is also responsible checking the version
  159. of the revocation list. The call fails if trying to set an older version
  160. of the revocation list than was last set.
  161. \attention
  162. The memory pointed to by grp_rl is accessed directly by the verifier
  163. until a new list is set or the verifier is destroyed. Do not modify the
  164. contents of this memory. The behavior of subsequent operations that rely on
  165. the revocation list is undefined if the memory is modified.
  166. \attention
  167. It is the responsibility of the caller to free the memory pointed to by grp_rl
  168. after the verifier is no longer using it.
  169. \param[in,out] ctx
  170. The verifier context.
  171. \param[in] grp_rl
  172. The group based revocation list.
  173. \param[in] grp_rl_size
  174. The size of the group based revocation list in bytes.
  175. \returns ::EpidStatus
  176. \note
  177. If the result is not ::kEpidNoErr the group based revocation list pointed
  178. to by the verifier is undefined.
  179. \see EpidVerifierCreate
  180. */
  181. EpidStatus EpidVerifierSetGroupRl(VerifierCtx* ctx, GroupRl const* grp_rl,
  182. size_t grp_rl_size);
  183. /// Sets the verifier revocation list.
  184. /*!
  185. The caller is responsible for ensuring the revocation list is
  186. authorized. The caller is also responsible for checking the version
  187. of the revocation list. The call fails if trying to set an older
  188. version of the same revocation list than was last set.
  189. Once ::EpidVerifierSetVerifierRl returns, callers are free to release
  190. the memory pointed to by ver_rl.
  191. \param[in,out] ctx
  192. The verifier context.
  193. \param[in] ver_rl
  194. The verifier revocation list.
  195. \param[in] ver_rl_size
  196. The size of the verifier revocation list in bytes.
  197. \returns ::EpidStatus
  198. \note
  199. If the result is not ::kEpidNoErr the verifier revocation list pointed
  200. to by the verifier is undefined.
  201. \see EpidVerifierCreate
  202. \see EpidBlacklistSig
  203. \see EpidWriteVerifierRl
  204. */
  205. EpidStatus EpidVerifierSetVerifierRl(VerifierCtx* ctx, VerifierRl const* ver_rl,
  206. size_t ver_rl_size);
  207. /// Sets the hash algorithm to be used by a verifier.
  208. /*!
  209. \param[in] ctx
  210. The verifier context.
  211. \param[in] hash_alg
  212. The hash algorithm to use.
  213. \returns ::EpidStatus
  214. \note
  215. If the result is not ::kEpidNoErr, the hash algorithm used by the
  216. verifier is undefined.
  217. \see EpidVerifierCreate
  218. \see ::HashAlg
  219. */
  220. EpidStatus EpidVerifierSetHashAlg(VerifierCtx* ctx, HashAlg hash_alg);
  221. /// Sets the basename to be used by a verifier.
  222. /*!
  223. \note
  224. A successful call to this function will clear the current verifier
  225. blacklist.
  226. \param[in, out] ctx
  227. The verifier context.
  228. \param[in] basename
  229. The basename. Pass NULL for random base.
  230. \param[in] basename_len
  231. Number of bytes in basename buffer. Must be 0 if basename is NULL.
  232. \returns ::EpidStatus
  233. \see EpidVerifierCreate
  234. */
  235. EpidStatus EpidVerifierSetBasename(VerifierCtx* ctx, void const* basename,
  236. size_t basename_len);
  237. /// Verifies a signature and checks revocation status.
  238. /*!
  239. \param[in] ctx
  240. The verifier context.
  241. \param[in] sig
  242. The signature.
  243. \param[in] sig_len
  244. The size of sig in bytes.
  245. \param[in] msg
  246. The message that was signed.
  247. \param[in] msg_len
  248. The size of msg in bytes.
  249. \returns ::EpidStatus
  250. \retval ::kEpidSigValid
  251. Signature validated successfully
  252. \retval ::kEpidSigInvalid
  253. Signature is invalid
  254. \retval ::kEpidSigRevokedInGroupRl
  255. Signature revoked in GroupRl
  256. \retval ::kEpidSigRevokedInPrivRl
  257. Signature revoked in PrivRl
  258. \retval ::kEpidSigRevokedInSigRl
  259. Signature revoked in SigRl
  260. \retval ::kEpidSigRevokedInVerifierRl
  261. Signature revoked in VerifierRl
  262. \note
  263. If the result is not ::kEpidNoErr or one of the values listed above the
  264. verify should be considered to have failed.
  265. \see EpidVerifierCreate
  266. \see EpidSignBasic
  267. \see EpidSign
  268. */
  269. EpidStatus EpidVerify(VerifierCtx const* ctx, EpidSignature const* sig,
  270. size_t sig_len, void const* msg, size_t msg_len);
  271. /// Determines if two signatures are linked.
  272. /*!
  273. The Intel(R) EPID scheme allows signatures to be linked. If basename
  274. option is specified when signing, signatures with the same basename
  275. are linkable. This linking capability allows the verifier, or
  276. anyone, to know whether two Intel(R) EPID signatures are generated
  277. by the same member.
  278. \param[in] sig1
  279. A basic signature.
  280. \param[in] sig2
  281. A basic signature.
  282. \result bool
  283. \retval true
  284. if the signatures were generated by the same member
  285. \retval false
  286. if it couldn't be determined if the signatures were generated by
  287. the same member
  288. \note
  289. The input signatures should be verified using EpidVerifyBasicSig() before
  290. invocation. Behavior is undefined if either of the signatures cannot be
  291. verified.
  292. \see EpidVerifyBasicSig
  293. \see EpidSignBasic
  294. \see EpidSign
  295. */
  296. bool EpidAreSigsLinked(BasicSignature const* sig1, BasicSignature const* sig2);
  297. /// Verifies a member signature without revocation checks.
  298. /*!
  299. Used in constrained environments where, due to limited memory, it may not
  300. be possible to process through a large and potentially unbounded revocation
  301. list.
  302. \param[in] ctx
  303. The verifier context.
  304. \param[in] sig
  305. The basic signature.
  306. \param[in] msg
  307. The message that was signed.
  308. \param[in] msg_len
  309. The size of msg in bytes.
  310. \returns ::EpidStatus
  311. \note
  312. This function should be used in conjunction with EpidNrVerify() and
  313. EpidCheckPrivRlEntry().
  314. \note
  315. If the result is not ::kEpidNoErr the verify should be considered to have
  316. failed.
  317. \see EpidVerifierCreate
  318. \see EpidSignBasic
  319. \see EpidSign
  320. */
  321. EpidStatus EpidVerifyBasicSig(VerifierCtx const* ctx, BasicSignature const* sig,
  322. void const* msg, size_t msg_len);
  323. /// Verifies the non-revoked proof for a single signature based revocation list
  324. /// entry.
  325. /*!
  326. Used in constrained environments where, due to limited memory, it may not
  327. be possible to process through a large and potentially unbounded revocation
  328. list.
  329. \param[in] ctx
  330. The verifier context.
  331. \param[in] sig
  332. The basic signature.
  333. \param[in] msg
  334. The message that was signed.
  335. \param[in] msg_len
  336. The size of msg in bytes.
  337. \param[in] sigrl_entry
  338. The signature based revocation list entry.
  339. \param[in] proof
  340. The non-revoked proof.
  341. \returns ::EpidStatus
  342. \note
  343. Sig should be verified using EpidVerifyBasicSig() before invocation. Behavior
  344. is undefined if sig cannot be verified.
  345. \note
  346. This function should be used in conjunction with EpidVerifyBasicSig() and
  347. EpidCheckPrivRlEntry().
  348. \note
  349. If the result is not ::kEpidNoErr, the verification should be
  350. considered to have failed.
  351. \see EpidVerifierCreate
  352. \see EpidVerifyBasicSig
  353. \see EpidCheckPrivRlEntry
  354. */
  355. EpidStatus EpidNrVerify(VerifierCtx const* ctx, BasicSignature const* sig,
  356. void const* msg, size_t msg_len,
  357. SigRlEntry const* sigrl_entry, NrProof const* proof);
  358. /// Verifies a signature has not been revoked in the private key based
  359. /// revocation list.
  360. /*!
  361. Used in constrained environments where, due to limited memory, it may not
  362. be possible to process through a large and potentially unbounded revocation
  363. list.
  364. \param[in] ctx
  365. The verifier context.
  366. \param[in] sig
  367. The basic signature.
  368. \param[in] f
  369. The private key based revocation list entry.
  370. \note
  371. Sig should be verified using EpidVerifyBasicSig() before invocation. Behavior
  372. is undefined if sig cannot be verified.
  373. \note
  374. This function should be used in conjunction with EpidNrVerify() and
  375. EpidVerifyBasicSig().
  376. \note
  377. If the result is not ::kEpidNoErr the verify should be considered to have
  378. failed.
  379. \returns ::EpidStatus
  380. \see EpidVerifierCreate
  381. \see EpidNrVerify
  382. \see EpidVerifyBasicSig
  383. */
  384. EpidStatus EpidCheckPrivRlEntry(VerifierCtx const* ctx,
  385. BasicSignature const* sig, FpElemStr const* f);
  386. /// Returns the number of bytes required to serialize the verifier blacklist
  387. /*!
  388. Use this function to determine the buffer size required by
  389. ::EpidWriteVerifierRl.
  390. \param[in] ctx
  391. The verifier context.
  392. \returns
  393. Size in bytes required to serialize the verifier blacklist
  394. \see EpidVerifierCreate
  395. \see EpidVerifierSetVerifierRl
  396. \see EpidBlacklistSig
  397. \see EpidWriteVerifierRl
  398. */
  399. size_t EpidGetVerifierRlSize(VerifierCtx const* ctx);
  400. /// Serializes the verifier blacklist to a buffer.
  401. /*!
  402. If the current blacklist is empty or not set a valid empty verifier
  403. blacklist will be serialized.
  404. Use ::EpidGetVerifierRlSize to determine the buffer size required to
  405. serialize the verifier blacklist.
  406. \param[in] ctx
  407. The verifier context.
  408. \param[out] ver_rl
  409. An existing buffer in which to write the verifier revocation list.
  410. \param[in] ver_rl_size
  411. The size of the caller allocated output buffer in bytes.
  412. \returns ::EpidStatus
  413. \see EpidVerifierCreate
  414. \see EpidVerifierSetVerifierRl
  415. \see EpidBlacklistSig
  416. \see EpidGetVerifierRlSize
  417. */
  418. EpidStatus EpidWriteVerifierRl(VerifierCtx const* ctx, VerifierRl* ver_rl,
  419. size_t ver_rl_size);
  420. /// Adds a valid name-based signature to the verifier blacklist.
  421. /*!
  422. If the signature is not valid it will not be added to the blacklist.
  423. \param[in] ctx
  424. The verifier context.
  425. \param[in] sig
  426. The name-based signature to revoke.
  427. \param[in] sig_len
  428. The size of sig in bytes.
  429. \param[in] msg
  430. The message that was signed.
  431. \param[in] msg_len
  432. The size of msg in bytes.
  433. \returns ::EpidStatus
  434. \see EpidVerifierCreate
  435. \see EpidVerifierSetVerifierRl
  436. \see EpidWriteVerifierRl
  437. */
  438. EpidStatus EpidBlacklistSig(VerifierCtx* ctx, EpidSignature const* sig,
  439. size_t sig_len, void const* msg, size_t msg_len);
  440. /*! @} */
  441. #ifdef __cplusplus
  442. }
  443. #endif
  444. #endif // EPID_VERIFIER_API_H_