1.1/src/context.c

/*############################################################################
# Copyright 2016-2017 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
############################################################################*/

/*!
* \file
* \brief Intel Intel(R) EPID 1.1 Verifier context implementation.
*/

#include "epid/verifier/1.1/src/context.h"
#include "epid/common/src/endian_convert.h"
#include "epid/common/src/memory.h"
#include "epid/verifier/1.1/api.h"

/// Handle SDK Error with Break
#define BREAK_ON_EPID_ERROR(ret) \
                                 \
  if (kEpidNoErr != (ret)) {     \
    break;                       \
  }

/// create Verifier precomp of the Epid11VerifierCtx
static EpidStatus DoPrecomputation(Epid11VerifierCtx* ctx);

/// Read Verifier precomp
static EpidStatus ReadPrecomputation(Epid11VerifierPrecomp const* precomp_str,
                                     Epid11VerifierCtx* ctx);

/// Internal function to prove if group based revocation list is valid
static bool Epid11IsGroupRlValid(Epid11GroupRl const* group_rl,
                                 size_t grp_rl_size) {
  const size_t kMinGroupRlSize = sizeof(Epid11GroupRl) - sizeof(Epid11GroupId);
  size_t input_grp_rl_size = 0;

  if (!group_rl) {
    return false;
  }
  if (grp_rl_size < kMinGroupRlSize) {
    return false;
  }
  if (ntohl(group_rl->n3) >
      (SIZE_MAX - kMinGroupRlSize) / sizeof(Epid11GroupId)) {
    return false;
  }
  input_grp_rl_size =
      kMinGroupRlSize + (ntohl(group_rl->n3) * sizeof(Epid11GroupId));
  if (input_grp_rl_size != grp_rl_size) {
    return false;
  }
  return true;
}
/// Internal function to prove if signature based revocation list is valid
bool Epid11IsSigRlValid(Epid11GroupId const* gid, Epid11SigRl const* sig_rl,
                        size_t sig_rl_size) {
  const size_t kMinSigRlSize = sizeof(Epid11SigRl) - sizeof(Epid11SigRlEntry);
  size_t input_sig_rl_size = 0;
  if (!gid || !sig_rl || kMinSigRlSize > sig_rl_size) {
    return false;
  }
  if (ntohl(sig_rl->n2) > (SIZE_MAX - kMinSigRlSize) / sizeof(sig_rl->bk[0])) {
    return false;
  }
  // sanity check of intput SigRl size
  input_sig_rl_size = kMinSigRlSize + ntohl(sig_rl->n2) * sizeof(sig_rl->bk[0]);
  if (input_sig_rl_size != sig_rl_size) {
    return false;
  }
  // verify that gid given and gid in SigRl match
  if (0 != memcmp(gid, &sig_rl->gid, sizeof(*gid))) {
    return false;
  }
  return true;
}
/// Internal function to verify if Intel(R) EPID 1.1 private key based
/// revocation list is valid
static bool IsEpid11PrivRlValid(Epid11GroupId const* gid,
                                Epid11PrivRl const* priv_rl,
                                size_t priv_rl_size) {
  const size_t kMinPrivRlSize = sizeof(Epid11PrivRl) - sizeof(FpElemStr);
  size_t input_priv_rl_size = 0;

  if (!gid || !priv_rl || kMinPrivRlSize > priv_rl_size) {
    return false;
  }
  if (ntohl(priv_rl->n1) >
      (SIZE_MAX - kMinPrivRlSize) / sizeof(priv_rl->f[0])) {
    return false;
  }
  // sanity check of input Epid11PrivRl size
  input_priv_rl_size =
      kMinPrivRlSize + ntohl(priv_rl->n1) * sizeof(priv_rl->f[0]);
  if (input_priv_rl_size != priv_rl_size) {
    return false;
  }
  // verify that gid given and gid in Epid11PrivRl match
  if (0 != memcmp(gid, &priv_rl->gid, sizeof(*gid))) {
    return false;
  }
  return true;
}

EpidStatus Epid11VerifierCreate(Epid11GroupPubKey const* pub_key,
                                Epid11VerifierPrecomp const* precomp,
                                Epid11VerifierCtx** ctx) {
  EpidStatus result = kEpidErr;
  Epid11VerifierCtx* verifier_ctx = NULL;
  if (!pub_key || !ctx) {
    return kEpidBadArgErr;
  }
  do {
    // Allocate memory for VerifierCtx
    verifier_ctx = SAFE_ALLOC(sizeof(Epid11VerifierCtx));
    if (!verifier_ctx) {
      result = kEpidMemAllocErr;
      break;
    }

    // Internal representation of Epid11Params
    result = CreateEpid11Params(&verifier_ctx->epid11_params);
    BREAK_ON_EPID_ERROR(result);
    // Internal representation of Group Pub Key
    result = CreateEpid11GroupPubKey(pub_key, verifier_ctx->epid11_params->G1,
                                     verifier_ctx->epid11_params->G2,
                                     &verifier_ctx->pub_key);
    BREAK_ON_EPID_ERROR(result);
    // Store group public key strings for later use
    result =
        SetKeySpecificEpid11CommitValues(pub_key, &verifier_ctx->commit_values);
    if (kEpidNoErr != result) {
      break;
    }
    // Allocate verifier_ctx->e12
    result = NewFfElement(verifier_ctx->epid11_params->GT, &verifier_ctx->e12);
    BREAK_ON_EPID_ERROR(result);
    // Allocate verifier_ctx->e22
    result = NewFfElement(verifier_ctx->epid11_params->GT, &verifier_ctx->e22);
    BREAK_ON_EPID_ERROR(result);
    // Allocate verifier_ctx->e2w
    result = NewFfElement(verifier_ctx->epid11_params->GT, &verifier_ctx->e2w);
    BREAK_ON_EPID_ERROR(result);
    // precomputation
    if (precomp != NULL) {
      result = ReadPrecomputation(precomp, verifier_ctx);
    } else {
      result = DoPrecomputation(verifier_ctx);
    }
    BREAK_ON_EPID_ERROR(result);
    verifier_ctx->sig_rl = NULL;
    verifier_ctx->group_rl = NULL;
    verifier_ctx->priv_rl = NULL;
    *ctx = verifier_ctx;
    result = kEpidNoErr;
  } while (0);

  if (kEpidNoErr != result && verifier_ctx) {
    DeleteFfElement(&verifier_ctx->e2w);
    DeleteFfElement(&verifier_ctx->e22);
    DeleteFfElement(&verifier_ctx->e12);
    DeleteEpid11GroupPubKey(&verifier_ctx->pub_key);
    DeleteEpid11Params(&verifier_ctx->epid11_params);
    SAFE_FREE(verifier_ctx);
  }
  return result;
}

void Epid11VerifierDelete(Epid11VerifierCtx** ctx) {
  if (ctx && *ctx) {
    DeleteFfElement(&(*ctx)->e2w);
    DeleteFfElement(&(*ctx)->e22);
    DeleteFfElement(&(*ctx)->e12);
    DeleteEpid11GroupPubKey(&(*ctx)->pub_key);
    DeleteEpid11Params(&(*ctx)->epid11_params);
    (*ctx)->priv_rl = NULL;
    (*ctx)->sig_rl = NULL;
    (*ctx)->group_rl = NULL;
    DeleteEcPoint(&(*ctx)->basename_hash);
    SAFE_FREE((*ctx)->basename);
    (*ctx)->basename_len = 0;
    SAFE_FREE(*ctx);
  }
}

EpidStatus Epid11VerifierWritePrecomp(Epid11VerifierCtx const* ctx,
                                      Epid11VerifierPrecomp* precomp) {
  EpidStatus result = kEpidErr;
  FfElement* e12 = NULL;   // an element in GT
  FfElement* e22 = NULL;   // an element in GT
  FfElement* e2w = NULL;   // an element in GT
  FiniteField* GT = NULL;  // Finite field GT(Fq6)
  if (!ctx || !ctx->e12 || !ctx->e22 || !ctx->e2w || !ctx->epid11_params ||
      !(ctx->epid11_params->GT) || !ctx->pub_key || !precomp) {
    return kEpidBadArgErr;
  }
  e12 = ctx->e12;
  e22 = ctx->e22;
  e2w = ctx->e2w;
  GT = ctx->epid11_params->GT;

  precomp->gid = ctx->pub_key->gid;
  result = WriteFfElement(GT, e12, &(precomp->e12), sizeof(precomp->e12));
  if (kEpidNoErr != result) {
    return result;
  }
  result = WriteFfElement(GT, e22, &(precomp->e22), sizeof(precomp->e22));
  if (kEpidNoErr != result) {
    return result;
  }
  result = WriteFfElement(GT, e2w, &(precomp->e2w), sizeof(precomp->e2w));
  if (kEpidNoErr != result) {
    return result;
  }
  return result;
}

EpidStatus Epid11VerifierSetPrivRl(Epid11VerifierCtx* ctx,
                                   Epid11PrivRl const* priv_rl,
                                   size_t priv_rl_size) {
  if (!ctx || !priv_rl || !ctx->pub_key) {
    return kEpidBadArgErr;
  }
  if (!IsEpid11PrivRlValid(&ctx->pub_key->gid, priv_rl, priv_rl_size)) {
    return kEpidBadArgErr;
  }
  // Do not set an older version of Epid11PrivRl
  if (ctx->priv_rl) {
    unsigned int current_ver = 0;
    unsigned int incoming_ver = 0;
    current_ver = ntohl(ctx->priv_rl->version);
    incoming_ver = ntohl(priv_rl->version);
    if (current_ver >= incoming_ver) {
      return kEpidBadArgErr;
    }
  }
  ctx->priv_rl = priv_rl;
  return kEpidNoErr;
}

EpidStatus Epid11VerifierSetSigRl(Epid11VerifierCtx* ctx,
                                  Epid11SigRl const* sig_rl,
                                  size_t sig_rl_size) {
  if (!ctx || !sig_rl || !ctx->pub_key) {
    return kEpidBadArgErr;
  }
  // Do not set an older version of sig rl
  if (ctx->sig_rl) {
    unsigned int current_ver = 0;
    unsigned int incoming_ver = 0;
    current_ver = ntohl(ctx->sig_rl->version);
    incoming_ver = ntohl(sig_rl->version);
    if (current_ver >= incoming_ver) {
      return kEpidBadArgErr;
    }
  }
  if (!Epid11IsSigRlValid(&ctx->pub_key->gid, sig_rl, sig_rl_size)) {
    return kEpidBadArgErr;
  }
  ctx->sig_rl = sig_rl;

  return kEpidNoErr;
}

EpidStatus Epid11VerifierSetGroupRl(Epid11VerifierCtx* ctx,
                                    Epid11GroupRl const* grp_rl,
                                    size_t grp_rl_size) {
  if (!ctx || !grp_rl || !ctx->pub_key) {
    return kEpidBadArgErr;
  }
  if (!Epid11IsGroupRlValid(grp_rl, grp_rl_size)) {
    return kEpidBadArgErr;
  }
  // Do not set an older version of group rl
  if (ctx->group_rl) {
    unsigned int current_ver = 0;
    unsigned int incoming_ver = 0;
    current_ver = ntohl(ctx->group_rl->version);
    incoming_ver = ntohl(grp_rl->version);
    if (current_ver >= incoming_ver) {
      return kEpidBadArgErr;
    }
  }
  ctx->group_rl = grp_rl;

  return kEpidNoErr;
}

EpidStatus Epid11VerifierSetBasename(Epid11VerifierCtx* ctx,
                                     void const* basename,
                                     size_t basename_len) {
  EpidStatus result = kEpidErr;
  EcPoint* basename_hash = NULL;
  uint8_t* basename_buffer = NULL;

  if (!ctx || !ctx->epid11_params || !ctx->epid11_params->G3) {
    return kEpidBadArgErr;
  }
  if (!basename && basename_len > 0) {
    return kEpidBadArgErr;
  }

  if (!basename) {
    ctx->basename_len = 0;
    DeleteEcPoint(&ctx->basename_hash);
    SAFE_FREE(ctx->basename);
    return kEpidNoErr;
  }

  do {
    EcGroup* G3 = ctx->epid11_params->G3;
    result = NewEcPoint(G3, &basename_hash);
    if (kEpidNoErr != result) {
      break;
    }

    result = Epid11EcHash(G3, basename, basename_len, basename_hash);
    if (kEpidNoErr != result) {
      break;
    }

    if (basename_len > 0) {
      basename_buffer = SAFE_ALLOC(basename_len);
      if (!basename_buffer) {
        result = kEpidMemAllocErr;
        break;
      }
    }

    ctx->basename_len = basename_len;

    if (basename_len > 0) {
      // memcpy is used to copy variable length basename
      if (0 != memcpy_S(basename_buffer, ctx->basename_len, basename,
                        basename_len)) {
        result = kEpidErr;
        break;
      }
    }
    DeleteEcPoint(&ctx->basename_hash);
    SAFE_FREE(ctx->basename);
    ctx->basename = basename_buffer;
    ctx->basename_hash = basename_hash;

    result = kEpidNoErr;
  } while (0);

  if (kEpidNoErr != result) {
    DeleteEcPoint(&basename_hash);
    SAFE_FREE(basename_buffer);
  }
  return result;
}

static EpidStatus DoPrecomputation(Epid11VerifierCtx* ctx) {
  EpidStatus result = kEpidErr;
  FfElement* e12 = NULL;
  FfElement* e22 = NULL;
  FfElement* e2w = NULL;
  Epid11Params_* params = NULL;
  Epid11GroupPubKey_* pub_key = NULL;
  Epid11PairingState* ps_ctx = NULL;
  if (!ctx) {
    return kEpidBadArgErr;
  }
  if (!ctx->epid11_params || !ctx->epid11_params->GT ||
      !ctx->epid11_params->pairing_state || !ctx->pub_key || !ctx->e12 ||
      !ctx->e22 || !ctx->e2w) {
    return kEpidBadArgErr;
  }
  pub_key = ctx->pub_key;
  params = ctx->epid11_params;
  e12 = ctx->e12;
  e22 = ctx->e22;
  e2w = ctx->e2w;
  ps_ctx = params->pairing_state;
  // do precomputation
  // 1. The verifier computes e12 = pairing(h1, g2).
  result = Epid11Pairing(ps_ctx, pub_key->h1, params->g2, e12);
  if (kEpidNoErr != result) {
    return result;
  }
  // 2. The verifier computes e22 = pairing(h2, g2).
  result = Epid11Pairing(ps_ctx, pub_key->h2, params->g2, e22);
  if (kEpidNoErr != result) {
    return result;
  }
  // 3. The verifier computes e2w = pairing(h2, w).
  result = Epid11Pairing(ps_ctx, pub_key->h2, pub_key->w, e2w);
  if (kEpidNoErr != result) {
    return result;
  }
  return kEpidNoErr;
}
static EpidStatus ReadPrecomputation(Epid11VerifierPrecomp const* precomp_str,
                                     Epid11VerifierCtx* ctx) {
  EpidStatus result = kEpidErr;
  FfElement* e12 = NULL;
  FfElement* e22 = NULL;
  FfElement* e2w = NULL;
  FiniteField* GT = NULL;
  Epid11Params_* params = NULL;
  unsigned int current_gid = 0;
  unsigned int incoming_gid = 0;
  if (!ctx) {
    return kEpidBadArgErr;
  }
  if (!ctx->epid11_params || !ctx->epid11_params->GT || !ctx->e12 ||
      !ctx->e22 || !ctx->e2w) {
    return kEpidBadArgErr;
  }

  if (!ctx->pub_key || !precomp_str) return kEpidBadArgErr;

  current_gid = ntohl(ctx->pub_key->gid);
  incoming_gid = ntohl(precomp_str->gid);

  if (current_gid != incoming_gid) {
    return kEpidBadArgErr;
  }

  params = ctx->epid11_params;
  GT = params->GT;
  e12 = ctx->e12;
  e22 = ctx->e22;
  e2w = ctx->e2w;

  result = ReadFfElement(GT, &precomp_str->e12, sizeof(precomp_str->e12), e12);
  if (kEpidNoErr != result) {
    return result;
  }
  result = ReadFfElement(GT, &precomp_str->e22, sizeof(precomp_str->e22), e22);
  if (kEpidNoErr != result) {
    return result;
  }
  result = ReadFfElement(GT, &precomp_str->e2w, sizeof(precomp_str->e2w), e2w);
  if (kEpidNoErr != result) {
    return result;
  }
  return kEpidNoErr;
}