123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687 |
- /*############################################################################
- # Copyright 2016-2017 Intel Corporation
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- ############################################################################*/
- /*!
- * \file
- * \brief Verifier context implementation.
- */
- #include "epid/verifier/src/context.h"
- #include <string.h>
- #include "epid/common/math/pairing.h"
- #include "epid/common/src/endian_convert.h"
- #include "epid/common/src/epid2params.h"
- #include "epid/common/src/memory.h"
- #include "epid/common/src/sigrlvalid.h"
- #include "epid/verifier/api.h"
- /// Handle SDK Error with Break
- #define BREAK_ON_EPID_ERROR(ret) \
- if (kEpidNoErr != (ret)) { \
- break; \
- }
- /// create Verifier precomp of the VerifierCtx
- static EpidStatus DoPrecomputation(VerifierCtx* ctx);
- /// Read Verifier precomp
- static EpidStatus ReadPrecomputation(VerifierPrecomp const* precomp_str,
- VerifierCtx* ctx);
- /// Internal function to prove if group based revocation list is valid
- static bool IsGroupRlValid(GroupRl const* group_rl, size_t grp_rl_size) {
- const size_t kMinGroupRlSize = sizeof(GroupRl) - sizeof(GroupId);
- size_t input_grp_rl_size = 0;
- if (!group_rl || grp_rl_size < kMinGroupRlSize) {
- return false;
- }
- if (ntohl(group_rl->n3) > (SIZE_MAX - kMinGroupRlSize) / sizeof(GroupId)) {
- return false;
- }
- input_grp_rl_size = kMinGroupRlSize + (ntohl(group_rl->n3) * sizeof(GroupId));
- if (input_grp_rl_size != grp_rl_size) {
- return false;
- }
- return true;
- }
- /// Internal function to verify if private key based revocation list is valid
- static bool IsPrivRlValid(GroupId const* gid, PrivRl const* priv_rl,
- size_t priv_rl_size) {
- const size_t kMinPrivRlSize = sizeof(PrivRl) - sizeof(FpElemStr);
- size_t input_priv_rl_size = 0;
- if (!gid || !priv_rl || kMinPrivRlSize > priv_rl_size) {
- return false;
- }
- if (ntohl(priv_rl->n1) >
- (SIZE_MAX - kMinPrivRlSize) / sizeof(priv_rl->f[0])) {
- return false;
- }
- // sanity check of input PrivRl size
- input_priv_rl_size =
- kMinPrivRlSize + ntohl(priv_rl->n1) * sizeof(priv_rl->f[0]);
- if (input_priv_rl_size != priv_rl_size) {
- return false;
- }
- // verify that gid given and gid in PrivRl match
- if (0 != memcmp(gid, &priv_rl->gid, sizeof(*gid))) {
- return false;
- }
- return true;
- }
- /// Internal function to verify if verifier revocation list is valid
- static bool IsVerifierRlValid(GroupId const* gid, VerifierRl const* ver_rl,
- size_t ver_rl_size) {
- const size_t kMinVerifierRlSize = sizeof(VerifierRl) - sizeof(G1ElemStr);
- size_t expected_verifier_rl_size = 0;
- if (!gid || !ver_rl || kMinVerifierRlSize > ver_rl_size) {
- return false;
- }
- if (ntohl(ver_rl->n4) >
- (SIZE_MAX - kMinVerifierRlSize) / sizeof(ver_rl->K[0])) {
- return false;
- }
- // sanity check of input VerifierRl size
- expected_verifier_rl_size =
- kMinVerifierRlSize + ntohl(ver_rl->n4) * sizeof(ver_rl->K[0]);
- if (expected_verifier_rl_size != ver_rl_size) {
- return false;
- }
- // verify that gid in public key and gid in SigRl match
- if (0 != memcmp(gid, &ver_rl->gid, sizeof(*gid))) {
- return false;
- }
- return true;
- }
- EpidStatus EpidVerifierCreate(GroupPubKey const* pubkey,
- VerifierPrecomp const* precomp,
- VerifierCtx** ctx) {
- EpidStatus result = kEpidErr;
- VerifierCtx* verifier_ctx = NULL;
- if (!pubkey || !ctx) {
- return kEpidBadArgErr;
- }
- do {
- // Allocate memory for VerifierCtx
- verifier_ctx = SAFE_ALLOC(sizeof(VerifierCtx));
- if (!verifier_ctx) {
- result = kEpidMemAllocErr;
- break;
- }
- // set the default hash algorithm
- verifier_ctx->hash_alg = kSha512;
- #ifdef TPM_TSS // if build for TSS, make Sha256 default
- verifier_ctx->hash_alg = kSha256;
- #endif
- // Internal representation of Epid2Params
- result = CreateEpid2Params(&verifier_ctx->epid2_params);
- if (kEpidNoErr != result) {
- break;
- }
- // Internal representation of Group Pub Key
- result = CreateGroupPubKey(pubkey, verifier_ctx->epid2_params->G1,
- verifier_ctx->epid2_params->G2,
- &verifier_ctx->pub_key);
- if (kEpidNoErr != result) {
- break;
- }
- // Store group public key strings for later use
- result = SetKeySpecificCommitValues(pubkey, &verifier_ctx->commit_values);
- if (kEpidNoErr != result) {
- break;
- }
- // Allocate verifier_ctx->e12
- result = NewFfElement(verifier_ctx->epid2_params->GT, &verifier_ctx->e12);
- if (kEpidNoErr != result) {
- break;
- }
- // Allocate verifier_ctx->e22
- result = NewFfElement(verifier_ctx->epid2_params->GT, &verifier_ctx->e22);
- if (kEpidNoErr != result) {
- break;
- }
- // Allocate verifier_ctx->e2w
- result = NewFfElement(verifier_ctx->epid2_params->GT, &verifier_ctx->e2w);
- if (kEpidNoErr != result) {
- break;
- }
- // Allocate verifier_ctx->eg12
- result = NewFfElement(verifier_ctx->epid2_params->GT, &verifier_ctx->eg12);
- if (kEpidNoErr != result) {
- break;
- }
- // precomputation
- if (precomp != NULL) {
- result = ReadPrecomputation(precomp, verifier_ctx);
- } else {
- result = DoPrecomputation(verifier_ctx);
- }
- if (kEpidNoErr != result) {
- break;
- }
- verifier_ctx->sig_rl = NULL;
- verifier_ctx->group_rl = NULL;
- verifier_ctx->priv_rl = NULL;
- verifier_ctx->verifier_rl = NULL;
- verifier_ctx->was_verifier_rl_updated = false;
- verifier_ctx->basename_hash = NULL;
- verifier_ctx->basename = NULL;
- verifier_ctx->basename_len = 0;
- *ctx = verifier_ctx;
- result = kEpidNoErr;
- } while (0);
- if (kEpidNoErr != result && verifier_ctx) {
- DeleteFfElement(&verifier_ctx->eg12);
- DeleteFfElement(&verifier_ctx->e2w);
- DeleteFfElement(&verifier_ctx->e22);
- DeleteFfElement(&verifier_ctx->e12);
- DeleteEpid2Params(&verifier_ctx->epid2_params);
- DeleteGroupPubKey(&verifier_ctx->pub_key);
- SAFE_FREE(verifier_ctx);
- }
- return result;
- }
- void EpidVerifierDelete(VerifierCtx** ctx) {
- if (ctx && *ctx) {
- DeleteFfElement(&(*ctx)->eg12);
- DeleteFfElement(&(*ctx)->e2w);
- DeleteFfElement(&(*ctx)->e22);
- DeleteFfElement(&(*ctx)->e12);
- DeleteGroupPubKey(&(*ctx)->pub_key);
- DeleteEpid2Params(&(*ctx)->epid2_params);
- (*ctx)->priv_rl = NULL;
- (*ctx)->sig_rl = NULL;
- (*ctx)->group_rl = NULL;
- SAFE_FREE((*ctx)->verifier_rl);
- DeleteEcPoint(&(*ctx)->basename_hash);
- SAFE_FREE((*ctx)->basename);
- (*ctx)->basename_len = 0;
- SAFE_FREE(*ctx);
- }
- }
- EpidStatus EpidVerifierWritePrecomp(VerifierCtx const* ctx,
- VerifierPrecomp* precomp) {
- EpidStatus result = kEpidErr;
- FfElement* e12 = NULL; // an element in GT
- FfElement* e22 = NULL; // an element in GT
- FfElement* e2w = NULL; // an element in GT
- FfElement* eg12 = NULL; // an element in GT
- FiniteField* GT = NULL; // Finite field GT(Fq12 )
- if (!ctx) {
- return kEpidBadArgErr;
- }
- if (!precomp) {
- return kEpidBadArgErr;
- }
- if (!ctx->e12 || !ctx->e22 || !ctx->e2w || !ctx->eg12 || !ctx->epid2_params ||
- !ctx->epid2_params->GT || !ctx->pub_key) {
- return kEpidBadArgErr;
- }
- e12 = ctx->e12;
- e22 = ctx->e22;
- e2w = ctx->e2w;
- eg12 = ctx->eg12;
- GT = ctx->epid2_params->GT;
- precomp->gid = ctx->pub_key->gid;
- result = WriteFfElement(GT, e12, &(precomp->e12), sizeof(precomp->e12));
- if (kEpidNoErr != result) {
- return result;
- }
- result = WriteFfElement(GT, e22, &(precomp->e22), sizeof(precomp->e22));
- if (kEpidNoErr != result) {
- return result;
- }
- result = WriteFfElement(GT, e2w, &(precomp->e2w), sizeof(precomp->e2w));
- if (kEpidNoErr != result) {
- return result;
- }
- result = WriteFfElement(GT, eg12, &(precomp->eg12), sizeof(precomp->eg12));
- if (kEpidNoErr != result) {
- return result;
- }
- return result;
- }
- EpidStatus EpidVerifierSetPrivRl(VerifierCtx* ctx, PrivRl const* priv_rl,
- size_t priv_rl_size) {
- if (!ctx || !priv_rl || !ctx->pub_key) {
- return kEpidBadArgErr;
- }
- if (!IsPrivRlValid(&ctx->pub_key->gid, priv_rl, priv_rl_size)) {
- return kEpidBadArgErr;
- }
- // Do not set an older version of priv rl
- if (ctx->priv_rl) {
- unsigned int current_ver = 0;
- unsigned int incoming_ver = 0;
- current_ver = ntohl(ctx->priv_rl->version);
- incoming_ver = ntohl(priv_rl->version);
- if (current_ver >= incoming_ver) {
- return kEpidBadArgErr;
- }
- }
- ctx->priv_rl = priv_rl;
- return kEpidNoErr;
- }
- EpidStatus EpidVerifierSetSigRl(VerifierCtx* ctx, SigRl const* sig_rl,
- size_t sig_rl_size) {
- if (!ctx || !sig_rl || !ctx->pub_key) {
- return kEpidBadArgErr;
- }
- if (!IsSigRlValid(&ctx->pub_key->gid, sig_rl, sig_rl_size)) {
- return kEpidBadArgErr;
- }
- // Do not set an older version of sig rl
- if (ctx->sig_rl) {
- unsigned int current_ver = 0;
- unsigned int incoming_ver = 0;
- current_ver = ntohl(ctx->sig_rl->version);
- incoming_ver = ntohl(sig_rl->version);
- if (current_ver >= incoming_ver) {
- return kEpidBadArgErr;
- }
- }
- ctx->sig_rl = sig_rl;
- return kEpidNoErr;
- }
- EpidStatus EpidVerifierSetGroupRl(VerifierCtx* ctx, GroupRl const* grp_rl,
- size_t grp_rl_size) {
- if (!ctx || !grp_rl || !ctx->pub_key) {
- return kEpidBadArgErr;
- }
- if (!IsGroupRlValid(grp_rl, grp_rl_size)) {
- return kEpidBadArgErr;
- }
- // Do not set an older version of group rl
- if (ctx->group_rl) {
- unsigned int current_ver = 0;
- unsigned int incoming_ver = 0;
- current_ver = ntohl(ctx->group_rl->version);
- incoming_ver = ntohl(grp_rl->version);
- if (current_ver >= incoming_ver) {
- return kEpidBadArgErr;
- }
- }
- ctx->group_rl = grp_rl;
- return kEpidNoErr;
- }
- EpidStatus EpidVerifierSetVerifierRl(VerifierCtx* ctx, VerifierRl const* ver_rl,
- size_t ver_rl_size) {
- VerifierRl* verifier_rl = NULL;
- EpidStatus res = kEpidErr;
- EcPoint* B = NULL;
- bool cmp_result = false;
- EcGroup* G1 = NULL;
- if (!ctx || !ver_rl || !ctx->pub_key || !ctx->epid2_params ||
- !ctx->epid2_params->G1) {
- return kEpidBadArgErr;
- }
- if (!IsVerifierRlValid(&ctx->pub_key->gid, ver_rl, ver_rl_size)) {
- return kEpidBadArgErr;
- }
- // if random basename
- if (!ctx->basename_hash) {
- return kEpidInconsistentBasenameSetErr;
- }
- // Do not set an older version of verifier rl
- if (ctx->verifier_rl) {
- unsigned int current_ver = 0;
- unsigned int incoming_ver = 0;
- current_ver = ntohl(ctx->verifier_rl->version);
- incoming_ver = ntohl(ver_rl->version);
- if (current_ver >= incoming_ver) {
- return kEpidBadArgErr;
- }
- }
- do {
- G1 = ctx->epid2_params->G1;
- res = NewEcPoint(G1, &B);
- BREAK_ON_EPID_ERROR(res);
- res = ReadEcPoint(G1, &(ver_rl->B), sizeof(ver_rl->B), B);
- BREAK_ON_EPID_ERROR(res);
- // verify B = G1.hash(bsn)
- res = EcIsEqual(G1, ctx->basename_hash, B, &cmp_result);
- BREAK_ON_EPID_ERROR(res);
- if (true != cmp_result) {
- res = kEpidBadArgErr;
- break;
- }
- verifier_rl = SAFE_ALLOC(ver_rl_size);
- if (!verifier_rl) {
- res = kEpidMemAllocErr;
- break;
- }
- if (0 != memcpy_S(verifier_rl, ver_rl_size, ver_rl, ver_rl_size)) {
- res = kEpidBadArgErr;
- break;
- }
- res = kEpidNoErr;
- } while (0);
- DeleteEcPoint(&B);
- SAFE_FREE(ctx->verifier_rl);
- if (kEpidNoErr == res) {
- ctx->verifier_rl = verifier_rl;
- ctx->was_verifier_rl_updated = false;
- }
- return res;
- }
- size_t EpidGetVerifierRlSize(VerifierCtx const* ctx) {
- size_t empty_size = 0;
- if (!ctx || !ctx->basename_hash) return 0;
- empty_size = sizeof(VerifierRl) - sizeof(((VerifierRl*)0)->K[0]);
- if (!ctx->verifier_rl) return empty_size;
- return empty_size +
- ntohl(ctx->verifier_rl->n4) * sizeof(ctx->verifier_rl->K[0]);
- }
- EpidStatus EpidWriteVerifierRl(VerifierCtx const* ctx, VerifierRl* ver_rl,
- size_t ver_rl_size) {
- EpidStatus res = kEpidErr;
- size_t real_ver_rl_size = 0;
- if (!ctx || !ver_rl || !ctx->pub_key || !ctx->epid2_params ||
- !ctx->epid2_params->G1) {
- return kEpidBadArgErr;
- }
- real_ver_rl_size = EpidGetVerifierRlSize(ctx);
- if (real_ver_rl_size == 0) {
- return kEpidErr;
- }
- if (real_ver_rl_size != ver_rl_size) {
- return kEpidBadArgErr;
- }
- if (ctx->verifier_rl) {
- // serialize
- if (0 !=
- memcpy_S(ver_rl, ver_rl_size, ctx->verifier_rl, real_ver_rl_size)) {
- return kEpidBadArgErr;
- }
- // update rl version if it has changed
- if (ctx->was_verifier_rl_updated) {
- uint32_t prior_rl_version = ntohl(ver_rl->version);
- *((uint32_t*)(&ver_rl->version)) = htonl(prior_rl_version + 1);
- ((VerifierCtx*)ctx)->was_verifier_rl_updated = false;
- }
- } else {
- // write empty rl
- res = WriteEcPoint(ctx->epid2_params->G1, ctx->basename_hash, &(ver_rl->B),
- sizeof(ver_rl->B));
- if (kEpidNoErr != res) {
- return res;
- }
- ver_rl->gid = ctx->pub_key->gid;
- memset(&ver_rl->version, 0, sizeof(ver_rl->version));
- memset(&ver_rl->n4, 0, sizeof(ver_rl->n4));
- }
- return kEpidNoErr;
- }
- EpidStatus EpidBlacklistSig(VerifierCtx* ctx, EpidSignature const* sig,
- size_t sig_len, void const* msg, size_t msg_len) {
- EpidStatus result = kEpidErr;
- VerifierRl* ver_rl = NULL;
- if (!ctx || !sig || (!msg && msg_len > 0) || !ctx->epid2_params ||
- !ctx->epid2_params->G1) {
- return kEpidBadArgErr;
- }
- if (sig_len < sizeof(EpidSignature) - sizeof(((EpidSignature*)0)->sigma[0])) {
- return kEpidBadArgErr;
- }
- if (!ctx->basename_hash) {
- return kEpidInconsistentBasenameSetErr;
- }
- do {
- EcGroup* G1 = ctx->epid2_params->G1;
- uint32_t n4 = 0;
- result = EpidVerify(ctx, sig, sig_len, msg, msg_len);
- BREAK_ON_EPID_ERROR(result);
- if (!ctx->verifier_rl) {
- ver_rl = SAFE_ALLOC(sizeof(VerifierRl));
- if (!ver_rl) {
- result = kEpidMemAllocErr;
- break;
- }
- // write empty rl
- ver_rl->gid = ctx->pub_key->gid;
- result =
- WriteEcPoint(G1, ctx->basename_hash, &(ver_rl->B), sizeof(ver_rl->B));
- BREAK_ON_EPID_ERROR(result);
- } else {
- uint32_t prior_rl_version = ntohl(ctx->verifier_rl->version);
- n4 = ntohl(ctx->verifier_rl->n4);
- if (prior_rl_version == UINT32_MAX || n4 == UINT32_MAX) {
- result = kEpidBadArgErr;
- break;
- }
- ver_rl = SAFE_REALLOC(
- ctx->verifier_rl,
- EpidGetVerifierRlSize(ctx) + sizeof(((VerifierRl*)0)->K[0]));
- if (!ver_rl) {
- result = kEpidMemAllocErr;
- break;
- }
- }
- ctx->was_verifier_rl_updated = true;
- ++n4;
- ver_rl->K[n4 - 1] = sig->sigma0.K;
- *((uint32_t*)(&ver_rl->n4)) = htonl(n4);
- ctx->verifier_rl = ver_rl;
- result = kEpidNoErr;
- } while (0);
- if (kEpidNoErr != result) SAFE_FREE(ver_rl);
- return result;
- }
- EpidStatus EpidVerifierSetHashAlg(VerifierCtx* ctx, HashAlg hash_alg) {
- EpidStatus result = kEpidErr;
- if (!ctx) {
- return kEpidBadArgErr;
- }
- if (kSha256 != hash_alg && kSha384 != hash_alg && kSha512 != hash_alg &&
- kSha512_256 != hash_alg)
- return kEpidBadArgErr;
- if (ctx->hash_alg != hash_alg) {
- HashAlg previous_hash_alg = ctx->hash_alg;
- ctx->hash_alg = hash_alg;
- result = EpidVerifierSetBasename(ctx, ctx->basename, ctx->basename_len);
- if (kEpidNoErr != result) {
- ctx->hash_alg = previous_hash_alg;
- return result;
- }
- }
- result = kEpidNoErr;
- return result;
- }
- EpidStatus EpidVerifierSetBasename(VerifierCtx* ctx, void const* basename,
- size_t basename_len) {
- EpidStatus result = kEpidErr;
- EcPoint* basename_hash = NULL;
- uint8_t* basename_buffer = NULL;
- if (!ctx || !ctx->epid2_params || !ctx->epid2_params->G1) {
- return kEpidBadArgErr;
- }
- if (!basename && basename_len > 0) {
- return kEpidBadArgErr;
- }
- if (!basename) {
- DeleteEcPoint(&ctx->basename_hash);
- ctx->basename_hash = NULL;
- ctx->was_verifier_rl_updated = false;
- SAFE_FREE(ctx->basename);
- ctx->basename_len = 0;
- return kEpidNoErr;
- }
- do {
- size_t i = 0;
- EcGroup* G1 = ctx->epid2_params->G1;
- result = NewEcPoint(G1, &basename_hash);
- if (kEpidNoErr != result) {
- break;
- }
- result =
- EcHash(G1, basename, basename_len, ctx->hash_alg, basename_hash, NULL);
- if (kEpidNoErr != result) {
- break;
- }
- if (basename_len > 0) {
- basename_buffer = SAFE_ALLOC(basename_len);
- if (!basename_buffer) {
- result = kEpidMemAllocErr;
- break;
- }
- }
- SAFE_FREE(ctx->verifier_rl);
- DeleteEcPoint(&ctx->basename_hash);
- ctx->basename_hash = basename_hash;
- SAFE_FREE(ctx->basename);
- ctx->basename = basename_buffer;
- ctx->basename_len = basename_len;
- for (i = 0; i < basename_len; i++) {
- ctx->basename[i] = ((uint8_t*)basename)[i];
- }
- result = kEpidNoErr;
- } while (0);
- if (kEpidNoErr != result) {
- DeleteEcPoint(&basename_hash);
- SAFE_FREE(basename_buffer);
- }
- return result;
- }
- static EpidStatus DoPrecomputation(VerifierCtx* ctx) {
- EpidStatus result = kEpidErr;
- FfElement* e12 = NULL;
- FfElement* e22 = NULL;
- FfElement* e2w = NULL;
- FfElement* eg12 = NULL;
- Epid2Params_* params = NULL;
- GroupPubKey_* pub_key = NULL;
- PairingState* ps_ctx = NULL;
- if (!ctx) {
- return kEpidBadArgErr;
- }
- if (!ctx->epid2_params || !ctx->epid2_params->GT ||
- !ctx->epid2_params->pairing_state || !ctx->pub_key || !ctx->e12 ||
- !ctx->e22 || !ctx->e2w || !ctx->eg12) {
- return kEpidBadArgErr;
- }
- pub_key = ctx->pub_key;
- params = ctx->epid2_params;
- e12 = ctx->e12;
- e22 = ctx->e22;
- e2w = ctx->e2w;
- eg12 = ctx->eg12;
- ps_ctx = params->pairing_state;
- // do precomputation
- // 1. The verifier computes e12 = pairing(h1, g2).
- result = Pairing(ps_ctx, pub_key->h1, params->g2, e12);
- if (kEpidNoErr != result) {
- return result;
- }
- // 2. The verifier computes e22 = pairing(h2, g2).
- result = Pairing(ps_ctx, pub_key->h2, params->g2, e22);
- if (kEpidNoErr != result) {
- return result;
- }
- // 3. The verifier computes e2w = pairing(h2, w).
- result = Pairing(ps_ctx, pub_key->h2, pub_key->w, e2w);
- if (kEpidNoErr != result) {
- return result;
- }
- // 4. The verifier computes eg12 = pairing(g1, g2).
- result = Pairing(ps_ctx, params->g1, params->g2, eg12);
- if (kEpidNoErr != result) {
- return result;
- }
- return kEpidNoErr;
- }
- static EpidStatus ReadPrecomputation(VerifierPrecomp const* precomp_str,
- VerifierCtx* ctx) {
- EpidStatus result = kEpidErr;
- FfElement* e12 = NULL;
- FfElement* e22 = NULL;
- FfElement* e2w = NULL;
- FfElement* eg12 = NULL;
- FiniteField* GT = NULL;
- Epid2Params_* params = NULL;
- if (!ctx) {
- return kEpidBadArgErr;
- }
- if (!ctx->epid2_params || !ctx->epid2_params->GT || !ctx->e12 || !ctx->e22 ||
- !ctx->e2w || !ctx->eg12 || !ctx->pub_key) {
- return kEpidBadArgErr;
- }
- if (0 !=
- memcmp(&precomp_str->gid, &ctx->pub_key->gid, sizeof(precomp_str->gid))) {
- return kEpidBadArgErr;
- }
- params = ctx->epid2_params;
- GT = params->GT;
- e12 = ctx->e12;
- e22 = ctx->e22;
- e2w = ctx->e2w;
- eg12 = ctx->eg12;
- result = ReadFfElement(GT, &precomp_str->e12, sizeof(precomp_str->e12), e12);
- if (kEpidNoErr != result) {
- return result;
- }
- result = ReadFfElement(GT, &precomp_str->e22, sizeof(precomp_str->e22), e22);
- if (kEpidNoErr != result) {
- return result;
- }
- result = ReadFfElement(GT, &precomp_str->e2w, sizeof(precomp_str->e2w), e2w);
- if (kEpidNoErr != result) {
- return result;
- }
- result =
- ReadFfElement(GT, &precomp_str->eg12, sizeof(precomp_str->eg12), eg12);
- if (kEpidNoErr != result) {
- return result;
- }
- return kEpidNoErr;
- }
|