1 /*############################################################################
2 # Copyright 2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16 /// Non-sensitive member context implementation
17 /*! \file */
18
19 #include "epid/member/src/validatekey.h"
20
21 #include <stddef.h>
22
23 #include "epid/common/math/ecgroup.h"
24 #include "epid/common/math/finitefield.h"
25 #include "epid/common/math/pairing.h"
26 #include "epid/common/src/epid2params.h"
27 #include "epid/common/src/memory.h"
28 #include "epid/common/types.h" // MemberPrecomp
29 #include "epid/member/src/context.h"
30 #include "epid/member/src/privateexp.h"
31
32 /// Handle Intel(R) EPID Error with Break
33 #define BREAK_ON_EPID_ERROR(ret) \
34 if (kEpidNoErr != (ret)) { \
35 break; \
36 }
37
EpidMemberIsKeyValid(MemberCtx * ctx,G1ElemStr const * A_str,FpElemStr const * x_str,G1ElemStr const * h1_str,G2ElemStr const * w_str)38 bool EpidMemberIsKeyValid(MemberCtx* ctx, G1ElemStr const* A_str,
39 FpElemStr const* x_str, G1ElemStr const* h1_str,
40 G2ElemStr const* w_str) {
41 bool key_is_valid = false;
42 EcPoint* t1 = NULL;
43 EcPoint* t2 = NULL;
44 FfElement* t3 = NULL;
45 FfElement* t4 = NULL;
46 EcPoint* A = NULL;
47 EcPoint* h1 = NULL;
48 EcPoint* w = NULL;
49
50 if (!ctx || !A_str || !x_str || !h1_str || !w_str || !ctx->epid2_params) {
51 return false;
52 }
53
54 do {
55 EpidStatus sts = kEpidErr;
56 EcGroup* G1 = ctx->epid2_params->G1;
57 EcGroup* G2 = ctx->epid2_params->G2;
58 FiniteField* GT = ctx->epid2_params->GT;
59 EcPoint* g1 = ctx->epid2_params->g1;
60 EcPoint* g2 = ctx->epid2_params->g2;
61 PairingState* ps_ctx = ctx->epid2_params->pairing_state;
62
63 if (!ctx->is_provisioned && !ctx->is_initially_provisioned) {
64 sts = EpidMemberInitialProvision(ctx);
65 BREAK_ON_EPID_ERROR(sts);
66 }
67
68 // 2. The member computes t1 = G2.sscmExp(g2, x).
69 sts = NewEcPoint(G2, &t1);
70 BREAK_ON_EPID_ERROR(sts);
71
72 sts = EcSscmExp(G2, g2, (BigNumStr const*)x_str, t1);
73 BREAK_ON_EPID_ERROR(sts);
74
75 // 3. The member computes t1 = G2.mul(t1, w).
76 sts = NewEcPoint(G2, &w);
77 BREAK_ON_EPID_ERROR(sts);
78 sts = ReadEcPoint(G2, w_str, sizeof(*w_str), w);
79 BREAK_ON_EPID_ERROR(sts);
80 sts = EcMul(G2, t1, w, t1);
81 BREAK_ON_EPID_ERROR(sts);
82
83 // 4. The member computes t3 = pairing(A, t1).
84 sts = NewFfElement(GT, &t3);
85 BREAK_ON_EPID_ERROR(sts);
86 sts = NewEcPoint(G1, &A);
87 BREAK_ON_EPID_ERROR(sts);
88 sts = ReadEcPoint(G1, A_str, sizeof(*A_str), A);
89 BREAK_ON_EPID_ERROR(sts);
90 sts = Pairing(ps_ctx, A, t1, t3);
91 BREAK_ON_EPID_ERROR(sts);
92
93 // 5. The member computes t2 = G1.sscmExp(h1, f).
94 sts = NewEcPoint(G1, &t2);
95 BREAK_ON_EPID_ERROR(sts);
96 sts = NewEcPoint(G1, &h1);
97 BREAK_ON_EPID_ERROR(sts);
98 sts = ReadEcPoint(G1, h1_str, sizeof(*h1_str), h1);
99 BREAK_ON_EPID_ERROR(sts);
100 sts = EpidPrivateExp(ctx, h1, t2);
101 BREAK_ON_EPID_ERROR(sts);
102
103 // 6. The member computes t2 = G1.mul(t2, g1).
104 sts = EcMul(G1, t2, g1, t2);
105 BREAK_ON_EPID_ERROR(sts);
106
107 // Step 7. The member computes t4 = pairing(t2, g2).
108 sts = NewFfElement(GT, &t4);
109 BREAK_ON_EPID_ERROR(sts);
110 sts = Pairing(ps_ctx, t2, g2, t4);
111 BREAK_ON_EPID_ERROR(sts);
112
113 // 8. If GT.isEqual(t3, t4) = false, reports bad private key.
114 sts = FfIsEqual(GT, t3, t4, &key_is_valid);
115 if (kEpidNoErr != sts) {
116 key_is_valid = false;
117 BREAK_ON_EPID_ERROR(sts);
118 }
119 } while (0);
120
121 DeleteEcPoint(&t1);
122 DeleteEcPoint(&t2);
123 DeleteFfElement(&t3);
124 DeleteFfElement(&t4);
125 DeleteEcPoint(&A);
126 DeleteEcPoint(&h1);
127 DeleteEcPoint(&w);
128
129 return key_is_valid;
130 }
131