file_parser.h 8.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274
  1. /*############################################################################
  2. # Copyright 2016 Intel Corporation
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License");
  5. # you may not use this file except in compliance with the License.
  6. # You may obtain a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS,
  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. # See the License for the specific language governing permissions and
  14. # limitations under the License.
  15. ############################################################################*/
  16. /*!
  17. * \file
  18. * \brief Epid issuer material parsing utilities.
  19. */
  20. #ifndef EPID_COMMON_FILE_PARSER_H_
  21. #define EPID_COMMON_FILE_PARSER_H_
  22. #include <stddef.h>
  23. #include "epid/common/types.h"
  24. #include "epid/common/errors.h"
  25. /// Parser for issuer material
  26. /*!
  27. \defgroup FileParser fileparser
  28. Provides an API for parsing buffers formatted according to the
  29. various IoT Intel(R) EPID binary file formats.
  30. \ingroup EpidCommon
  31. @{
  32. */
  33. /// Recognized Intel(R) EPID versions
  34. typedef enum EpidVersion {
  35. kEpid1x, ///< Intel(R) EPID version 1.x
  36. kEpid2x, ///< Intel(R) EPID version 2.x
  37. kNumEpidVersions, ///< Maximum number of EPID versions
  38. } EpidVersion;
  39. /// Encoding of issuer material Intel(R) EPID versions
  40. extern const OctStr16 kEpidVersionCode[kNumEpidVersions];
  41. /// Recognized Intel(R) EPID file types
  42. typedef enum EpidFileType {
  43. kIssuingCaPubKeyFile, ///< IoT Issuing CA public key file
  44. kGroupPubKeyFile, ///< Group Public Key Output File Format
  45. kPrivRlFile, ///< Binary Private Key Revocation List
  46. kSigRlFile, ///< Binary Signature Revocation List
  47. kGroupRlFile, ///< Binary Group Revocation List
  48. kPrivRlRequestFile, ///< Binary Private Key Revocation Request
  49. kSigRlRequestFile, ///< Binary Signature Revocation Request
  50. kGroupRlRequestFile, ///< Binary Group Revocation Request
  51. kNumFileTypes, ///< Maximum number of file types
  52. } EpidFileType;
  53. /// Encoding of issuer material file types
  54. extern const OctStr16 kEpidFileTypeCode[kNumFileTypes];
  55. #pragma pack(1)
  56. /// Intel(R) EPID binary file header
  57. typedef struct EpidFileHeader {
  58. OctStr16 epid_version; ///< Intel(R) EPID Version
  59. OctStr16 file_type; ///< File Type
  60. } EpidFileHeader;
  61. /// IoT CA Certificate binary format
  62. typedef struct EpidCaCertificate {
  63. EpidFileHeader header; ///< Intel(R) EPID binary file header
  64. OctStr512 pubkey; ///< Public Key (Qx, Qy)
  65. OctStr256 prime; ///< Prime of GF(p)
  66. OctStr256 a; ///< Coefficient of E Curve
  67. OctStr256 b; ///< Coefficient of E Curve
  68. OctStr256 x; ///< X coordinate of Base point G
  69. OctStr256 y; ///< Y coordinate of Base point G
  70. OctStr256 r; ///< Order of base point
  71. EcdsaSignature signature; ///< ECDSA Signature on SHA-256 of above values
  72. } EpidCaCertificate;
  73. #pragma pack()
  74. /// Extracts Intel(R) EPID Binary Output File header information
  75. /*!
  76. \param[in] buf
  77. Pointer to buffer containing Intel(R) EPID Binary Output File to parse.
  78. \param[in] len
  79. The size of buf in bytes.
  80. \param[out] epid_version
  81. The extracted EPID version or kNumEpidVersions if EPID version is unknown.
  82. Pass NULL to not extract.
  83. \param[out] file_type
  84. The extracted EPID file type or kNumFileTypes if file type is unknown.
  85. Pass NULL to not extract.
  86. \returns ::EpidStatus
  87. */
  88. EpidStatus EpidParseFileHeader(void const* buf, size_t len,
  89. EpidVersion* epid_version,
  90. EpidFileType* file_type);
  91. /// Extracts group public key from buffer in issuer binary format
  92. /*!
  93. Extracts the first group public key from a buffer with format of
  94. Intel(R) EPID 2.0 Group Public Key Certificate Binary File. The
  95. function validates that the first public key was signed by the
  96. private key corresponding to the provided CA certificate and the
  97. size of the input buffer is correct.
  98. \warning
  99. It is the responsibility of the caller to authenticate the
  100. EpidCaCertificate.
  101. \param[in] buf
  102. Pointer to buffer containing public key to extract.
  103. \param[in] len
  104. The size of buf in bytes.
  105. \param[in] cert
  106. The issuing CA public key certificate.
  107. \param[out] pubkey
  108. The extracted group public key.
  109. \returns ::EpidStatus
  110. \retval ::kEpidSigInvalid
  111. Parsing failed due to data authentication failure.
  112. */
  113. EpidStatus EpidParseGroupPubKeyFile(void const* buf, size_t len,
  114. EpidCaCertificate const* cert,
  115. GroupPubKey* pubkey);
  116. /// Extracts private key revocation list from buffer in issuer binary format
  117. /*!
  118. Extracts the private key revocation list from a buffer with format of
  119. Binary Private Key Revocation List File. The function
  120. validates that the revocation list was signed by the private
  121. key corresponding to the provided CA certificate and the size of the
  122. input buffer is correct.
  123. To determine the required size of the revocation list output buffer,
  124. provide a null pointer for the output buffer.
  125. \warning
  126. It is the responsibility of the caller to authenticate the
  127. EpidCaCertificate.
  128. \param[in] buf
  129. Pointer to buffer containing the revocation list to extract.
  130. \param[in] len
  131. The size of buf in bytes.
  132. \param[in] cert
  133. The issuing CA public key certificate.
  134. \param[out] rl
  135. The extracted revocation list. If Null, rl_len is filled with
  136. the required output buffer size.
  137. \param[in,out] rl_len
  138. The size of rl in bytes.
  139. \returns ::EpidStatus
  140. \retval ::kEpidSigInvalid
  141. Parsing failed due to data authentication failure.
  142. */
  143. EpidStatus EpidParsePrivRlFile(void const* buf, size_t len,
  144. EpidCaCertificate const* cert, PrivRl* rl,
  145. size_t* rl_len);
  146. /// Extracts signature revocation list from buffer in issuer binary format
  147. /*!
  148. Extracts the signature based revocation list from a buffer with
  149. format of Binary Signature Revocation List File. The function
  150. validates that the revocation list was signed by the private key
  151. corresponding to the provided CA certificate and the size of the
  152. input buffer is correct.
  153. To determine the required size of the revocation list output buffer,
  154. provide a null pointer for the output buffer.
  155. \warning
  156. It is the responsibility of the caller to authenticate the
  157. EpidCaCertificate.
  158. \param[in] buf
  159. Pointer to buffer containing the revocation list to extract.
  160. \param[in] len
  161. The size of buf in bytes.
  162. \param[in] cert
  163. The issuing CA public key certificate.
  164. \param[out] rl
  165. The extracted revocation list. If Null, rl_len is filled with
  166. the required output buffer size.
  167. \param[in,out] rl_len
  168. The size of rl in bytes.
  169. \returns ::EpidStatus
  170. \retval ::kEpidSigInvalid
  171. Parsing failed due to data authentication failure.
  172. */
  173. EpidStatus EpidParseSigRlFile(void const* buf, size_t len,
  174. EpidCaCertificate const* cert, SigRl* rl,
  175. size_t* rl_len);
  176. /// Extracts group revocation list from buffer in issuer binary format
  177. /*!
  178. Extracts the group revocation list from a buffer with format of
  179. Binary Group Certificate Revocation List File. The function
  180. validates that the revocation list was signed by the private key
  181. corresponding to the provided CA certificate and the size of the
  182. input buffer is correct.
  183. To determine the required size of the revocation list output buffer,
  184. provide a null pointer for the output buffer.
  185. \warning
  186. It is the responsibility of the caller to authenticate the
  187. EpidCaCertificate.
  188. \param[in] buf
  189. Pointer to buffer containing the revocation list to extract.
  190. \param[in] len
  191. The size of buf in bytes.
  192. \param[in] cert
  193. The issuing CA public key certificate.
  194. \param[out] rl
  195. The extracted revocation list. If Null, rl_len is filled with
  196. the required output buffer size.
  197. \param[in,out] rl_len
  198. The size of rl in bytes.
  199. \returns ::EpidStatus
  200. \retval ::kEpidSigInvalid
  201. Parsing failed due to data authentication failure.
  202. */
  203. EpidStatus EpidParseGroupRlFile(void const* buf, size_t len,
  204. EpidCaCertificate const* cert, GroupRl* rl,
  205. size_t* rl_len);
  206. /*!
  207. @}
  208. */
  209. #endif // EPID_COMMON_FILE_PARSER_H_