123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 |
- /*############################################################################
- # Copyright 2017 Intel Corporation
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- ############################################################################*/
- /// Non-sensitive member context implementation
- /*! \file */
- #include "epid/member/src/validatekey.h"
- #include <stddef.h>
- #include "epid/common/math/ecgroup.h"
- #include "epid/common/math/finitefield.h"
- #include "epid/common/math/pairing.h"
- #include "epid/common/src/epid2params.h"
- #include "epid/common/src/memory.h"
- #include "epid/common/types.h" // MemberPrecomp
- #include "epid/member/src/context.h"
- #include "epid/member/src/privateexp.h"
- /// Handle Intel(R) EPID Error with Break
- #define BREAK_ON_EPID_ERROR(ret) \
- if (kEpidNoErr != (ret)) { \
- break; \
- }
- bool EpidMemberIsKeyValid(MemberCtx* ctx, G1ElemStr const* A_str,
- FpElemStr const* x_str, G1ElemStr const* h1_str,
- G2ElemStr const* w_str) {
- bool key_is_valid = false;
- EcPoint* t1 = NULL;
- EcPoint* t2 = NULL;
- FfElement* t3 = NULL;
- FfElement* t4 = NULL;
- EcPoint* A = NULL;
- EcPoint* h1 = NULL;
- EcPoint* w = NULL;
- if (!ctx || !A_str || !x_str || !h1_str || !w_str || !ctx->epid2_params) {
- return false;
- }
- do {
- EpidStatus sts = kEpidErr;
- EcGroup* G1 = ctx->epid2_params->G1;
- EcGroup* G2 = ctx->epid2_params->G2;
- FiniteField* GT = ctx->epid2_params->GT;
- EcPoint* g1 = ctx->epid2_params->g1;
- EcPoint* g2 = ctx->epid2_params->g2;
- PairingState* ps_ctx = ctx->epid2_params->pairing_state;
- if (!ctx->is_provisioned && !ctx->is_initially_provisioned) {
- sts = EpidMemberInitialProvision(ctx);
- BREAK_ON_EPID_ERROR(sts);
- }
- // 2. The member computes t1 = G2.sscmExp(g2, x).
- sts = NewEcPoint(G2, &t1);
- BREAK_ON_EPID_ERROR(sts);
- sts = EcSscmExp(G2, g2, (BigNumStr const*)x_str, t1);
- BREAK_ON_EPID_ERROR(sts);
- // 3. The member computes t1 = G2.mul(t1, w).
- sts = NewEcPoint(G2, &w);
- BREAK_ON_EPID_ERROR(sts);
- sts = ReadEcPoint(G2, w_str, sizeof(*w_str), w);
- BREAK_ON_EPID_ERROR(sts);
- sts = EcMul(G2, t1, w, t1);
- BREAK_ON_EPID_ERROR(sts);
- // 4. The member computes t3 = pairing(A, t1).
- sts = NewFfElement(GT, &t3);
- BREAK_ON_EPID_ERROR(sts);
- sts = NewEcPoint(G1, &A);
- BREAK_ON_EPID_ERROR(sts);
- sts = ReadEcPoint(G1, A_str, sizeof(*A_str), A);
- BREAK_ON_EPID_ERROR(sts);
- sts = Pairing(ps_ctx, A, t1, t3);
- BREAK_ON_EPID_ERROR(sts);
- // 5. The member computes t2 = G1.sscmExp(h1, f).
- sts = NewEcPoint(G1, &t2);
- BREAK_ON_EPID_ERROR(sts);
- sts = NewEcPoint(G1, &h1);
- BREAK_ON_EPID_ERROR(sts);
- sts = ReadEcPoint(G1, h1_str, sizeof(*h1_str), h1);
- BREAK_ON_EPID_ERROR(sts);
- sts = EpidPrivateExp(ctx, h1, t2);
- BREAK_ON_EPID_ERROR(sts);
- // 6. The member computes t2 = G1.mul(t2, g1).
- sts = EcMul(G1, t2, g1, t2);
- BREAK_ON_EPID_ERROR(sts);
- // Step 7. The member computes t4 = pairing(t2, g2).
- sts = NewFfElement(GT, &t4);
- BREAK_ON_EPID_ERROR(sts);
- sts = Pairing(ps_ctx, t2, g2, t4);
- BREAK_ON_EPID_ERROR(sts);
- // 8. If GT.isEqual(t3, t4) = false, reports bad private key.
- sts = FfIsEqual(GT, t3, t4, &key_is_valid);
- if (kEpidNoErr != sts) {
- key_is_valid = false;
- BREAK_ON_EPID_ERROR(sts);
- }
- } while (0);
- DeleteEcPoint(&t1);
- DeleteEcPoint(&t2);
- DeleteFfElement(&t3);
- DeleteFfElement(&t4);
- DeleteEcPoint(&A);
- DeleteEcPoint(&h1);
- DeleteEcPoint(&w);
- return key_is_valid;
- }
|