Member functionality. More...

Modules
	tpm2
	Internal interface that models TPM 2.0 interfaces.

Data Structures
struct	MemberParams
	Software only specific member parameters. More...

Functions
EpidStatus	EpidMemberCreate (MemberParams const params, MemberCtx *ctx)
	Allocates and initializes a new member context. More...

EpidStatus	EpidMemberGetSize (MemberParams const params, size_t context_size)
	Computes the size in bytes required for a member context. More...

EpidStatus	EpidMemberInit (MemberParams const params, MemberCtx ctx)
	Initializes a new member context. More...

EpidStatus	EpidCreateJoinRequest (MemberCtx ctx, GroupPubKey const pub_key, IssuerNonce const ni, JoinRequest join_request)
	Creates a request to join a group. More...

EpidStatus	EpidProvisionCredential (MemberCtx ctx, GroupPubKey const pub_key, MembershipCredential const credential, MemberPrecomp const precomp_str)
	Provisions a member context from a membership credential. More...

EpidStatus	EpidProvisionCompressed (MemberCtx ctx, GroupPubKey const pub_key, CompressedPrivKey const compressed_privkey, MemberPrecomp const precomp_str)
	Provisions a member context from a compressed private key. More...

EpidStatus	EpidProvisionKey (MemberCtx ctx, GroupPubKey const pub_key, PrivKey const priv_key, MemberPrecomp const precomp_str)
	Provisions a member context from a private key. More...

EpidStatus	EpidMemberStartup (MemberCtx *ctx)
	Change member from setup state to normal operation. More...

void	EpidMemberDeinit (MemberCtx *ctx)
	De-initializes an existing member context buffer. More...

void	EpidMemberDelete (MemberCtx **ctx)
	Deletes an existing member context. More...

EpidStatus	EpidMemberSetHashAlg (MemberCtx *ctx, HashAlg hash_alg)
	Sets the hash algorithm to be used by a member. More...

EpidStatus	EpidMemberSetSigRl (MemberCtx ctx, SigRl const sig_rl, size_t sig_rl_size)
	Sets the signature based revocation list to be used by a member. More...

size_t	EpidGetSigSize (SigRl const *sig_rl)
	Computes the size in bytes required for an Intel(R) EPID signature. More...

EpidStatus	EpidSign (MemberCtx const ctx, void const msg, size_t msg_len, void const basename, size_t basename_len, EpidSignature sig, size_t sig_len)
	Writes an Intel(R) EPID signature. More...

EpidStatus	EpidRegisterBasename (MemberCtx ctx, void const basename, size_t basename_len)
	Registers a basename with a member. More...

EpidStatus	EpidClearRegisteredBasenames (MemberCtx *ctx)
	Clears registered basenames. More...

EpidStatus	EpidAddPreSigs (MemberCtx *ctx, size_t number_presigs)
	Extends the member's pool of pre-computed signatures. More...

size_t	EpidGetNumPreSigs (MemberCtx const *ctx)
	Gets the number of pre-computed signatures in the member's pool. More...

EpidStatus	EpidDecompressPrivKey (GroupPubKey const pub_key, CompressedPrivKey const compressed_privkey, PrivKey *priv_key)
	Decompresses compressed member private key. More...

Detailed Description

Member functionality.

Defines the APIs needed by Intel(R) EPID members. Each member context (MemberCtx) represents membership in a single group.

To use this module, include the header epid/member/api.h.

Function Documentation

◆ EpidAddPreSigs()

EpidStatus EpidAddPreSigs	(	MemberCtx *	ctx,
		size_t	number_presigs
	)

Extends the member's pool of pre-computed signatures.

Generate new pre-computed signatures and add them to the internal pool.

Parameters

[in]	ctx	The member context.
[in]	number_presigs	The number of pre-computed signatures to add to the internal pool.

Returns: EpidStatus

See also: EpidMemberInit

◆ EpidClearRegisteredBasenames()

EpidStatus EpidClearRegisteredBasenames ( MemberCtx * ctx )

Clears registered basenames.

Allows clearing registered basenames without recreating member.

Parameters

[in,out] ctx The member context.

Returns: EpidStatus

See also: EpidRegisterBasename

◆ EpidCreateJoinRequest()

EpidStatus EpidCreateJoinRequest	(	MemberCtx *	ctx,
		GroupPubKey const *	pub_key,
		IssuerNonce const *	ni,
		JoinRequest *	join_request
	)

Creates a request to join a group.

The created request is part of the interaction with an issuer needed to join a group. This interaction with the issuer is outside the scope of this API.

Parameters

[in,out]	ctx	The member context.
[in]	pub_key	The group certificate of group to join.
[in]	ni	The nonce chosen by issuer as part of join protocol.
[out]	join_request	The join request.

Returns: EpidStatus

◆ EpidDecompressPrivKey()

EpidStatus EpidDecompressPrivKey	(	GroupPubKey const *	pub_key,
		CompressedPrivKey const *	compressed_privkey,
		PrivKey *	priv_key
	)

Decompresses compressed member private key.

Converts a compressed member private key into a member private key for use by other member APIs.

Parameters

[in]	pub_key	The public key of the group.
[in]	compressed_privkey	The compressed member private key to be decompressed.
[out]	priv_key	The member private key.

Returns: EpidStatus

Example

Generating an Intel® EPID Signature

◆ EpidGetNumPreSigs()

size_t EpidGetNumPreSigs ( MemberCtx const * ctx )

Gets the number of pre-computed signatures in the member's pool.

Parameters

[in] ctx The member context.

Returns: Number of remaining pre-computed signatures. Returns 0 if ctx is NULL.

See also: EpidMemberInit

◆ EpidGetSigSize()

size_t EpidGetSigSize ( SigRl const * sig_rl )

Computes the size in bytes required for an Intel(R) EPID signature.

Parameters

[in] sig_rl The signature based revocation list that is used. NULL is treated as a zero length list.

Returns: Size in bytes of an Intel(R) EPID signature including proofs for each entry in the signature based revocation list.

See also: SigRl

Example

Generating an Intel® EPID Signature

◆ EpidMemberCreate()

EpidStatus EpidMemberCreate	(	MemberParams const *	params,
		MemberCtx **	ctx
	)

Allocates and initializes a new member context.

Parameters

[in]	params	Implementation specific configuration parameters.
[out]	ctx	Newly constructed member context.

Warning: buffers allocated using this function should not be initialized with EpidMemberInit.

Deprecated:: This API has been superseded by EpidMemberGetSize and EpidMemberInit.

Returns: EpidStatus

◆ EpidMemberDeinit()

void EpidMemberDeinit ( MemberCtx * ctx )

De-initializes an existing member context buffer.

Must be called to safely release a member context initialized using EpidMemberInit.

De-initializes the context.

Parameters

[in,out] ctx The member context. Can be NULL.

Warning: This function should not be used on buffers allocated with EpidMemberCreate. Those buffers should be released using EpidMemberDelete

See also: EpidMemberInit

◆ EpidMemberDelete()

void EpidMemberDelete ( MemberCtx ** ctx )

Deletes an existing member context.

Must be called to safely release a member context created using EpidMemberCreate.

De-initializes the context, frees memory used by the context, and sets the context pointer to NULL.

Parameters

[in,out] ctx The member context. Can be NULL.

Deprecated:: This API has been superseded by EpidMemberDeinit.

See also: EpidMemberCreate

Example

Generating an Intel® EPID Signature

◆ EpidMemberGetSize()

EpidStatus EpidMemberGetSize	(	MemberParams const *	params,
		size_t *	context_size
	)

Computes the size in bytes required for a member context.

Parameters

[in]	params	Implementation specific configuration parameters.
[out]	context_size	Number of bytes required for a MemberCtx buffer

Returns: EpidStatus

See also: EpidMemberInit

◆ EpidMemberInit()

EpidStatus EpidMemberInit	(	MemberParams const *	params,
		MemberCtx *	ctx
	)

Initializes a new member context.

Parameters

[in]	params	Implementation specific configuration parameters.
[in,out]	ctx	An existing buffer that will be used as a MemberCtx.

Warning: ctx must be a buffer of at least the size reported by EpidMemberGetSize for the same parameters.

Returns: EpidStatus

See also: EpidMemberGetSize

◆ EpidMemberSetHashAlg()

EpidStatus EpidMemberSetHashAlg	(	MemberCtx *	ctx,
		HashAlg	hash_alg
	)

Sets the hash algorithm to be used by a member.

Parameters

[in]	ctx	The member context.
[in]	hash_alg	The hash algorithm to use.

Returns: EpidStatus

Note: If the result is not kEpidNoErr, the hash algorithm used by the member is undefined.

See also: EpidMemberInit; HashAlg

Example

Generating an Intel® EPID Signature

◆ EpidMemberSetSigRl()

EpidStatus EpidMemberSetSigRl	(	MemberCtx *	ctx,
		SigRl const *	sig_rl,
		size_t	sig_rl_size
	)

Sets the signature based revocation list to be used by a member.

The caller is responsible for ensuring the revocation list is authorized, e.g. signed by the issuer. The caller is also responsible checking the version of the revocation list. The call fails if trying to set an older version of the revocation list than was last set.

Attention: The memory pointed to by sig_rl is accessed directly by the member until a new list is set or the member is destroyed. Do not modify the contents of this memory. The behavior of subsequent operations that rely on the revocation list is undefined if the memory is modified.; It is the responsibility of the caller to free the memory pointed to by sig_rl after the member is no longer using it.

Parameters

[in]	ctx	The member context.
[in]	sig_rl	The signature based revocation list.
[in]	sig_rl_size	The size of the signature based revocation list in bytes.

Returns: EpidStatus

Note: If the result is not kEpidNoErr the signature based revocation list pointed to by the member is not changed.

See also: EpidMemberInit

Example

Generating an Intel® EPID Signature

◆ EpidMemberStartup()

EpidStatus EpidMemberStartup ( MemberCtx * ctx )

Change member from setup state to normal operation.

Parameters

[in,out] ctx The member context.

Returns: EpidStatus

◆ EpidProvisionCompressed()

EpidStatus EpidProvisionCompressed	(	MemberCtx *	ctx,
		GroupPubKey const *	pub_key,
		CompressedPrivKey const *	compressed_privkey,
		MemberPrecomp const *	precomp_str
	)

Provisions a member context from a compressed private key.

Parameters

[in,out]	ctx	The member context.
[in]	pub_key	The group certificate of group to provision.
[in]	compressed_privkey	private key.
[in]	precomp_str	Precomputed state (implementation specific optional)

Returns: EpidStatus

◆ EpidProvisionCredential()

EpidStatus EpidProvisionCredential	(	MemberCtx *	ctx,
		GroupPubKey const *	pub_key,
		MembershipCredential const *	credential,
		MemberPrecomp const *	precomp_str
	)

Provisions a member context from a membership credential.

Parameters

[in,out]	ctx	The member context.
[in]	pub_key	The group certificate of group to provision.
[in]	credential	membership credential.
[in]	precomp_str	Precomputed state (implementation specific optional)

Returns: EpidStatus

◆ EpidProvisionKey()

EpidStatus EpidProvisionKey	(	MemberCtx *	ctx,
		GroupPubKey const *	pub_key,
		PrivKey const *	priv_key,
		MemberPrecomp const *	precomp_str
	)

Provisions a member context from a private key.

Parameters

[in,out]	ctx	The member context.
[in]	pub_key	The group certificate of group to provision.
[in]	priv_key	private key.
[in]	precomp_str	Precomputed state (implementation specific optional)

Returns: EpidStatus

◆ EpidRegisterBasename()

EpidStatus EpidRegisterBasename	(	MemberCtx *	ctx,
		void const *	basename,
		size_t	basename_len
	)

Registers a basename with a member.

To prevent loss of privacy, the member keeps a list of basenames (corresponding to authorized verifiers). The member signs a message with a basename only if the basename is in the member's basename list.

Warning: The use of a name-based signature creates a platform unique pseudonymous identifier. Because it reduces the member's privacy, the user should be notified when it is used and should have control over its use.

Parameters

[in]	ctx	The member context.
[in]	basename	The basename.
[in]	basename_len	Length of the basename.

Returns: EpidStatus

Return values

kEpidDuplicateErr The basename was already registered.

Note: If the result is not kEpidNoErr or kEpidDuplicateErr it is undefined if the basename is registered.

Example

Generating an Intel® EPID Signature

◆ EpidSign()

EpidStatus EpidSign	(	MemberCtx const *	ctx,
		void const *	msg,
		size_t	msg_len,
		void const *	basename,
		size_t	basename_len,
		EpidSignature *	sig,
		size_t	sig_len
	)

Writes an Intel(R) EPID signature.

Parameters

[in]	ctx	The member context.
[in]	msg	The message to sign.
[in]	msg_len	The length in bytes of message.
[in]	basename	Optional basename. If basename is NULL a random basename is used. Signatures generated using random basenames are anonymous. Signatures generated using the same basename are linkable by the verifier. If a basename is provided, it must already be registered, or kEpidBadArgErr is returned.
[in]	basename_len	The size of basename in bytes. Must be 0 if basename is NULL.
[out]	sig	The generated signature
[in]	sig_len	The size of signature in bytes. Must be equal to value returned by EpidGetSigSize().

Returns: EpidStatus

Note: If the result is not kEpidNoErr the content of sig is undefined.

See also: EpidMemberInit; EpidMemberSetHashAlg; EpidMemberSetSigRl; EpidGetSigSize

Example

Generating an Intel® EPID Signature

Modules

Data Structures

Functions

Detailed Description

Function Documentation

◆ EpidAddPreSigs()

◆ EpidClearRegisteredBasenames()

◆ EpidCreateJoinRequest()

◆ EpidDecompressPrivKey()

◆ EpidGetNumPreSigs()

◆ EpidGetSigSize()

◆ EpidMemberCreate()

◆ EpidMemberDeinit()

◆ EpidMemberDelete()

◆ EpidMemberGetSize()

◆ EpidMemberInit()

◆ EpidMemberSetHashAlg()

◆ EpidMemberSetSigRl()

◆ EpidMemberStartup()

◆ EpidProvisionCompressed()

◆ EpidProvisionCredential()

◆ EpidProvisionKey()

◆ EpidRegisterBasename()

◆ EpidSign()