fileparser

Parser for issuer material. More...

Modules

 Intel(R) EPID 1.1 support
 Parser for 1.1 issuer material.
 

Data Structures

struct  EpidFileHeader
 Intel(R) EPID binary file header. More...
 
struct  EpidCaCertificate
 IoT CA Certificate binary format. More...
 

Enumerations

enum  EpidVersion { kEpid1x, kEpid2x, kNumEpidVersions }
 Recognized Intel(R) EPID versions. More...
 
enum  EpidFileType {
  kIssuingCaPubKeyFile, kGroupPubKeyFile, kPrivRlFile, kSigRlFile,
  kGroupRlFile, kPrivRlRequestFile, kSigRlRequestFile, kGroupRlRequestFile,
  kNumFileTypes
}
 Recognized Intel(R) EPID file types. More...
 

Functions

EpidStatus EpidParseFileHeader (void const *buf, size_t len, EpidVersion *epid_version, EpidFileType *file_type)
 Extracts Intel(R) EPID Binary Output File header information. More...
 
EpidStatus EpidParseGroupPubKeyFile (void const *buf, size_t len, EpidCaCertificate const *cert, GroupPubKey *pubkey)
 Extracts group public key from buffer in issuer binary format. More...
 
EpidStatus EpidParsePrivRlFile (void const *buf, size_t len, EpidCaCertificate const *cert, PrivRl *rl, size_t *rl_len)
 Extracts private key revocation list from buffer in issuer binary format. More...
 
EpidStatus EpidParseSigRlFile (void const *buf, size_t len, EpidCaCertificate const *cert, SigRl *rl, size_t *rl_len)
 Extracts signature revocation list from buffer in issuer binary format. More...
 
EpidStatus EpidParseGroupRlFile (void const *buf, size_t len, EpidCaCertificate const *cert, GroupRl *rl, size_t *rl_len)
 Extracts group revocation list from buffer in issuer binary format. More...
 

Variables

const OctStr16 kEpidVersionCode [kNumEpidVersions]
 Encoding of issuer material Intel(R) EPID versions.
 
const OctStr16 kEpidFileTypeCode [kNumFileTypes]
 Encoding of issuer material file types.
 

Detailed Description

Parser for issuer material.

Provides an API for parsing buffers formatted according to the various IoT Intel(R) EPID binary file formats.

To use this module, include the header epid/common/file_parser.h.

Enumeration Type Documentation

◆ EpidFileType

Recognized Intel(R) EPID file types.

Enumerator
kIssuingCaPubKeyFile 

IoT Issuing CA public key file.

kGroupPubKeyFile 

Group Public Key Output File Format.

kPrivRlFile 

Binary Private Key Revocation List.

kSigRlFile 

Binary Signature Revocation List.

kGroupRlFile 

Binary Group Revocation List.

kPrivRlRequestFile 

Binary Private Key Revocation Request.

kSigRlRequestFile 

Binary Signature Revocation Request.

kGroupRlRequestFile 

Binary Group Revocation Request.

kNumFileTypes 

Maximum number of file types.

◆ EpidVersion

Recognized Intel(R) EPID versions.

Enumerator
kEpid1x 

Intel(R) EPID version 1.x.

kEpid2x 

Intel(R) EPID version 2.x.

kNumEpidVersions 

Maximum number of versions.

Function Documentation

◆ EpidParseFileHeader()

EpidStatus EpidParseFileHeader ( void const *  buf,
size_t  len,
EpidVersion epid_version,
EpidFileType file_type 
)

Extracts Intel(R) EPID Binary Output File header information.

Parameters
[in]bufPointer to buffer containing Intel(R) EPID Binary Output File to parse.
[in]lenThe size of buf in bytes.
[out]epid_versionThe extracted Intel(R) EPID version or kNumEpidVersions if Intel(R) EPID version is unknown. Pass NULL to not extract.
[out]file_typeThe extracted Intel(R) EPID file type or kNumFileTypes if file type is unknown. Pass NULL to not extract.
Returns
EpidStatus

◆ EpidParseGroupPubKeyFile()

EpidStatus EpidParseGroupPubKeyFile ( void const *  buf,
size_t  len,
EpidCaCertificate const *  cert,
GroupPubKey pubkey 
)

Extracts group public key from buffer in issuer binary format.

Extracts the first group public key from a buffer with format of Intel(R) EPID 2.0 Group Public Key Certificate Binary File. The function validates that the first public key was signed by the private key corresponding to the provided CA certificate and the size of the input buffer is correct.

Warning
It is the responsibility of the caller to authenticate the EpidCaCertificate.
Parameters
[in]bufPointer to buffer containing public key to extract.
[in]lenThe size of buf in bytes.
[in]certThe issuing CA public key certificate.
[out]pubkeyThe extracted group public key.
Returns
EpidStatus
Return values
kEpidSigInvalidParsing failed due to data authentication failure.

Examples

Generating an Intel® EPID Signature

◆ EpidParseGroupRlFile()

EpidStatus EpidParseGroupRlFile ( void const *  buf,
size_t  len,
EpidCaCertificate const *  cert,
GroupRl rl,
size_t *  rl_len 
)

Extracts group revocation list from buffer in issuer binary format.

Extracts the group revocation list from a buffer with format of Binary Group Certificate Revocation List File. The function validates that the revocation list was signed by the private key corresponding to the provided CA certificate and the size of the input buffer is correct.

To determine the required size of the revocation list output buffer, provide a null pointer for the output buffer.

Warning
It is the responsibility of the caller to authenticate the EpidCaCertificate.
Parameters
[in]bufPointer to buffer containing the revocation list to extract.
[in]lenThe size of buf in bytes.
[in]certThe issuing CA public key certificate.
[out]rlThe extracted revocation list. If Null, rl_len is filled with the required output buffer size.
[in,out]rl_lenThe size of rl in bytes.
Returns
EpidStatus
Return values
kEpidSigInvalidParsing failed due to data authentication failure.

Example

Verifying an Intel® EPID Signature

◆ EpidParsePrivRlFile()

EpidStatus EpidParsePrivRlFile ( void const *  buf,
size_t  len,
EpidCaCertificate const *  cert,
PrivRl rl,
size_t *  rl_len 
)

Extracts private key revocation list from buffer in issuer binary format.

Extracts the private key revocation list from a buffer with format of Binary Private Key Revocation List File. The function validates that the revocation list was signed by the private key corresponding to the provided CA certificate and the size of the input buffer is correct.

To determine the required size of the revocation list output buffer, provide a null pointer for the output buffer.

Warning
It is the responsibility of the caller to authenticate the EpidCaCertificate.
Parameters
[in]bufPointer to buffer containing the revocation list to extract.
[in]lenThe size of buf in bytes.
[in]certThe issuing CA public key certificate.
[out]rlThe extracted revocation list. If Null, rl_len is filled with the required output buffer size.
[in,out]rl_lenThe size of rl in bytes.
Returns
EpidStatus
Return values
kEpidSigInvalidParsing failed due to data authentication failure.

Example

Verifying an Intel® EPID Signature

◆ EpidParseSigRlFile()

EpidStatus EpidParseSigRlFile ( void const *  buf,
size_t  len,
EpidCaCertificate const *  cert,
SigRl rl,
size_t *  rl_len 
)

Extracts signature revocation list from buffer in issuer binary format.

Extracts the signature based revocation list from a buffer with format of Binary Signature Revocation List File. The function validates that the revocation list was signed by the private key corresponding to the provided CA certificate and the size of the input buffer is correct.

To determine the required size of the revocation list output buffer, provide a null pointer for the output buffer.

Warning
It is the responsibility of the caller to authenticate the EpidCaCertificate.
Parameters
[in]bufPointer to buffer containing the revocation list to extract.
[in]lenThe size of buf in bytes.
[in]certThe issuing CA public key certificate.
[out]rlThe extracted revocation list. If Null, rl_len is filled with the required output buffer size.
[in,out]rl_lenThe size of rl in bytes.
Returns
EpidStatus
Return values
kEpidSigInvalidParsing failed due to data authentication failure.

Examples

Generating an Intel® EPID Signature