1 /*############################################################################
2 # Copyright 2016-2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16
17 /*!
18 * \file
19 * \brief Intel(R) EPID 1.1 signature verification implementation.
20 */
21
22 #include "src/verifysig11.h"
23
24 #include <stdlib.h>
25
26 #include "epid/common/1.1/file_parser.h"
27 #include "epid/verifier/1.1/api.h"
28
Verify11(Epid11Signature const * sig,size_t sig_len,void const * msg,size_t msg_len,void const * basename,size_t basename_len,void const * signed_priv_rl,size_t signed_priv_rl_size,void const * signed_sig_rl,size_t signed_sig_rl_size,void const * signed_grp_rl,size_t signed_grp_rl_size,void const * signed_pub_key,size_t signed_pub_key_size,EpidCaCertificate const * cacert,void ** verifier_precomp,size_t * verifier_precomp_size)29 EpidStatus Verify11(Epid11Signature const* sig, size_t sig_len, void const* msg,
30 size_t msg_len, void const* basename, size_t basename_len,
31 void const* signed_priv_rl, size_t signed_priv_rl_size,
32 void const* signed_sig_rl, size_t signed_sig_rl_size,
33 void const* signed_grp_rl, size_t signed_grp_rl_size,
34 void const* signed_pub_key, size_t signed_pub_key_size,
35 EpidCaCertificate const* cacert, void** verifier_precomp,
36 size_t* verifier_precomp_size) {
37 EpidStatus result = kEpidErr;
38 Epid11VerifierCtx* ctx = NULL;
39 Epid11PrivRl* priv_rl = NULL;
40 Epid11SigRl* sig_rl = NULL;
41 Epid11GroupRl* grp_rl = NULL;
42
43 do {
44 Epid11GroupPubKey pub_key = {0};
45 // authenticate and extract group public key
46 result = Epid11ParseGroupPubKeyFile(signed_pub_key, signed_pub_key_size,
47 cacert, &pub_key);
48 if (kEpidNoErr != result) {
49 break;
50 }
51
52 if (*verifier_precomp &&
53 *verifier_precomp_size != sizeof(Epid11VerifierPrecomp)) {
54 result = kEpidBadArgErr;
55 break;
56 }
57 *verifier_precomp_size = sizeof(Epid11VerifierPrecomp);
58
59 // create verifier
60 result = Epid11VerifierCreate(&pub_key, *verifier_precomp, &ctx);
61 if (kEpidNoErr != result) {
62 break;
63 }
64
65 // serialize verifier pre-computation blob
66 if (!*verifier_precomp) {
67 *verifier_precomp = calloc(1, *verifier_precomp_size);
68 }
69 result = Epid11VerifierWritePrecomp(ctx, *verifier_precomp);
70 if (kEpidNoErr != result) {
71 break;
72 }
73
74 // set the basename used for signing
75 result = Epid11VerifierSetBasename(ctx, basename, basename_len);
76 if (kEpidNoErr != result) {
77 break;
78 }
79
80 if (signed_priv_rl) {
81 // authenticate and determine space needed for RL
82 size_t priv_rl_size = 0;
83 result = Epid11ParsePrivRlFile(signed_priv_rl, signed_priv_rl_size,
84 cacert, NULL, &priv_rl_size);
85 if (kEpidNoErr != result) {
86 break;
87 }
88
89 priv_rl = calloc(1, priv_rl_size);
90 if (!priv_rl) {
91 result = kEpidMemAllocErr;
92 break;
93 }
94
95 // fill the rl
96 result = Epid11ParsePrivRlFile(signed_priv_rl, signed_priv_rl_size,
97 cacert, priv_rl, &priv_rl_size);
98 if (kEpidNoErr != result) {
99 break;
100 }
101
102 // set private key based revocation list
103 result = Epid11VerifierSetPrivRl(ctx, priv_rl, priv_rl_size);
104 if (kEpidNoErr != result) {
105 break;
106 }
107 } // if (signed_priv_rl)
108
109 if (signed_sig_rl) {
110 // authenticate and determine space needed for RL
111 size_t sig_rl_size = 0;
112 result = Epid11ParseSigRlFile(signed_sig_rl, signed_sig_rl_size, cacert,
113 NULL, &sig_rl_size);
114 if (kEpidNoErr != result) {
115 break;
116 }
117
118 sig_rl = calloc(1, sig_rl_size);
119 if (!sig_rl) {
120 result = kEpidMemAllocErr;
121 break;
122 }
123
124 // fill the rl
125 result = Epid11ParseSigRlFile(signed_sig_rl, signed_sig_rl_size, cacert,
126 sig_rl, &sig_rl_size);
127 if (kEpidNoErr != result) {
128 break;
129 }
130
131 // set signature based revocation list
132 result = Epid11VerifierSetSigRl(ctx, sig_rl, sig_rl_size);
133 if (kEpidNoErr != result) {
134 break;
135 }
136 } // if (signed_sig_rl)
137
138 if (signed_grp_rl) {
139 // authenticate and determine space needed for RL
140 size_t grp_rl_size = 0;
141 result = Epid11ParseGroupRlFile(signed_grp_rl, signed_grp_rl_size, cacert,
142 NULL, &grp_rl_size);
143 if (kEpidNoErr != result) {
144 break;
145 }
146
147 grp_rl = calloc(1, grp_rl_size);
148 if (!grp_rl) {
149 result = kEpidMemAllocErr;
150 break;
151 }
152
153 // fill the rl
154 result = Epid11ParseGroupRlFile(signed_grp_rl, signed_grp_rl_size, cacert,
155 grp_rl, &grp_rl_size);
156 if (kEpidNoErr != result) {
157 break;
158 }
159 // set group revocation list
160 result = Epid11VerifierSetGroupRl(ctx, grp_rl, grp_rl_size);
161 if (kEpidNoErr != result) {
162 break;
163 }
164 } // if (signed_grp_rl)
165
166 // verify signature
167 result = Epid11Verify(ctx, sig, sig_len, msg, msg_len);
168 if (kEpidNoErr != result) {
169 break;
170 }
171 } while (0);
172
173 // delete verifier
174 Epid11VerifierDelete(&ctx);
175
176 if (priv_rl) free(priv_rl);
177 if (sig_rl) free(sig_rl);
178 if (grp_rl) free(grp_rl);
179
180 return result;
181 }
182