diff options
author | Christian Grothoff <grothoff@gnunet.org> | 2023-10-25 22:55:05 +0200 |
---|---|---|
committer | Christian Grothoff <grothoff@gnunet.org> | 2023-10-27 20:08:36 +0200 |
commit | 32af9c7dbb76672a86520b1b3aa8f7e6c48c58e4 (patch) | |
tree | aa2558c4c48b5a5e93a280f26c5e53b2bcb68092 | |
parent | 7278ae87e0d5de5fa31e076581a69d62f3d1fe65 (diff) | |
download | gnunet-32af9c7dbb76672a86520b1b3aa8f7e6c48c58e4.tar.gz gnunet-32af9c7dbb76672a86520b1b3aa8f7e6c48c58e4.zip |
more work on new blind signing API
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 63 | ||||
-rw-r--r-- | src/lib/util/crypto_blind_sign.c | 54 | ||||
-rw-r--r-- | src/lib/util/crypto_cs.c | 57 | ||||
-rw-r--r-- | src/lib/util/test_crypto_blind.c | 23 | ||||
-rw-r--r-- | src/lib/util/test_crypto_cs.c | 45 |
5 files changed, 165 insertions, 77 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 31472f7a1..44db5f466 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -3158,9 +3158,19 @@ struct GNUNET_CRYPTO_CsBlindedMessage | |||
3158 | struct GNUNET_CRYPTO_CsC c[2]; | 3158 | struct GNUNET_CRYPTO_CsC c[2]; |
3159 | 3159 | ||
3160 | /** | 3160 | /** |
3161 | * Public nonce used to generate the R-values. | 3161 | * Nonce used in initial request. |
3162 | */ | 3162 | */ |
3163 | struct GNUNET_CRYPTO_CsSessionNonce nonce; | 3163 | struct GNUNET_CRYPTO_CsSessionNonce nonce; |
3164 | |||
3165 | }; | ||
3166 | |||
3167 | |||
3168 | /** | ||
3169 | * Pair of Public R values for Cs denominations | ||
3170 | */ | ||
3171 | struct GNUNET_CRYPTO_CSPublicRPairP | ||
3172 | { | ||
3173 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
3164 | }; | 3174 | }; |
3165 | 3175 | ||
3166 | 3176 | ||
@@ -3174,9 +3184,8 @@ struct GNUNET_CRYPTO_CsBlindedMessage | |||
3174 | * @param msg the message to blind in preparation for signing | 3184 | * @param msg the message to blind in preparation for signing |
3175 | * @param msg_len length of message msg | 3185 | * @param msg_len length of message msg |
3176 | * @param[out] blinded_c array of the two blinded c's | 3186 | * @param[out] blinded_c array of the two blinded c's |
3177 | * @param[out] blinded_r_pub array of the two blinded R | 3187 | * @param[out] r_pub_blind array of the two blinded R |
3178 | */ | 3188 | */ |
3179 | // FIXME: function signature can probably be improved... | ||
3180 | void | 3189 | void |
3181 | GNUNET_CRYPTO_cs_calc_blinded_c ( | 3190 | GNUNET_CRYPTO_cs_calc_blinded_c ( |
3182 | const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | 3191 | const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], |
@@ -3185,7 +3194,7 @@ GNUNET_CRYPTO_cs_calc_blinded_c ( | |||
3185 | const void *msg, | 3194 | const void *msg, |
3186 | size_t msg_len, | 3195 | size_t msg_len, |
3187 | struct GNUNET_CRYPTO_CsC blinded_c[2], | 3196 | struct GNUNET_CRYPTO_CsC blinded_c[2], |
3188 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]); | 3197 | struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind); |
3189 | 3198 | ||
3190 | 3199 | ||
3191 | /** | 3200 | /** |
@@ -3471,15 +3480,6 @@ struct GNUNET_CRYPTO_BlindedMessage | |||
3471 | 3480 | ||
3472 | 3481 | ||
3473 | /** | 3482 | /** |
3474 | * Pair of Public R values for Cs denominations | ||
3475 | */ | ||
3476 | struct GNUNET_CRYPTO_CSPublicRPairP | ||
3477 | { | ||
3478 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
3479 | }; | ||
3480 | |||
3481 | |||
3482 | /** | ||
3483 | * Secret r for Cs denominations | 3483 | * Secret r for Cs denominations |
3484 | */ | 3484 | */ |
3485 | struct GNUNET_CRYPTO_CSPrivateRPairP | 3485 | struct GNUNET_CRYPTO_CSPrivateRPairP |
@@ -3520,6 +3520,35 @@ struct GNUNET_CRYPTO_BlindingInputValues | |||
3520 | 3520 | ||
3521 | 3521 | ||
3522 | /** | 3522 | /** |
3523 | * Nonce used to deterministiacally derive input values | ||
3524 | * used in multi-round blind signature protocols. | ||
3525 | */ | ||
3526 | union GNUNET_CRYPTO_BlindSessionNonce | ||
3527 | { | ||
3528 | /** | ||
3529 | * Nonce used when signing with CS. | ||
3530 | */ | ||
3531 | struct GNUNET_CRYPTO_CsSessionNonce cs_nonce; | ||
3532 | }; | ||
3533 | |||
3534 | |||
3535 | /** | ||
3536 | * Compute blinding input values for a given @a nonce and | ||
3537 | * @a salt. | ||
3538 | * | ||
3539 | * @param bsign_priv private key to compute input values for | ||
3540 | * @param nonce session nonce to derive input values from | ||
3541 | * @param salt salt to include in derivation logic | ||
3542 | * @return blinding input values | ||
3543 | */ | ||
3544 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
3545 | GNUNET_CRYPTO_get_blinding_input_values ( | ||
3546 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
3547 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
3548 | const char *salt); | ||
3549 | |||
3550 | |||
3551 | /** | ||
3523 | * Decrement reference counter of a @a bsign_pub, and free it if it reaches zero. | 3552 | * Decrement reference counter of a @a bsign_pub, and free it if it reaches zero. |
3524 | * | 3553 | * |
3525 | * @param[in] bsign_pub key to free | 3554 | * @param[in] bsign_pub key to free |
@@ -3585,8 +3614,6 @@ GNUNET_CRYPTO_blinded_message_incref ( | |||
3585 | */ | 3614 | */ |
3586 | struct GNUNET_CRYPTO_BlindSignPublicKey * | 3615 | struct GNUNET_CRYPTO_BlindSignPublicKey * |
3587 | GNUNET_CRYPTO_bsign_pub_incref (struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub); | 3616 | GNUNET_CRYPTO_bsign_pub_incref (struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub); |
3588 | |||
3589 | |||
3590 | /** | 3617 | /** |
3591 | * Increment reference counter of the given @a bsign_priv. | 3618 | * Increment reference counter of the given @a bsign_priv. |
3592 | * | 3619 | * |
@@ -3733,6 +3760,8 @@ union GNUNET_CRYPTO_BlindingSecretP | |||
3733 | * | 3760 | * |
3734 | * @param bsign_pub public key to blind for | 3761 | * @param bsign_pub public key to blind for |
3735 | * @param bks blinding secret to use | 3762 | * @param bks blinding secret to use |
3763 | * @param nonce nonce used to obtain @a alg_values | ||
3764 | * can be NULL if input values are not used for the cipher | ||
3736 | * @param message message to sign | 3765 | * @param message message to sign |
3737 | * @param message_size number of bytes in @a message | 3766 | * @param message_size number of bytes in @a message |
3738 | * @param alg_values algorithm specific values to blind the @a message | 3767 | * @param alg_values algorithm specific values to blind the @a message |
@@ -3742,6 +3771,7 @@ struct GNUNET_CRYPTO_BlindedMessage * | |||
3742 | GNUNET_CRYPTO_message_blind_to_sign ( | 3771 | GNUNET_CRYPTO_message_blind_to_sign ( |
3743 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | 3772 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, |
3744 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | 3773 | const union GNUNET_CRYPTO_BlindingSecretP *bks, |
3774 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
3745 | const void *message, | 3775 | const void *message, |
3746 | size_t message_size, | 3776 | size_t message_size, |
3747 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values); | 3777 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values); |
@@ -3751,7 +3781,8 @@ GNUNET_CRYPTO_message_blind_to_sign ( | |||
3751 | * Create blind signature. | 3781 | * Create blind signature. |
3752 | * | 3782 | * |
3753 | * @param bsign_priv private key to use for signing | 3783 | * @param bsign_priv private key to use for signing |
3754 | * @param salt salt value to use for the HKDF | 3784 | * @param salt salt value to use for the HKDF, |
3785 | * can be NULL if input values are not used for the cipher | ||
3755 | * @param blinded_message the already blinded message to sign | 3786 | * @param blinded_message the already blinded message to sign |
3756 | * @return blind signature with RC=1, NULL on failure | 3787 | * @return blind signature with RC=1, NULL on failure |
3757 | */ | 3788 | */ |
diff --git a/src/lib/util/crypto_blind_sign.c b/src/lib/util/crypto_blind_sign.c index bf6fbc119..469f6f5b8 100644 --- a/src/lib/util/crypto_blind_sign.c +++ b/src/lib/util/crypto_blind_sign.c | |||
@@ -388,10 +388,51 @@ GNUNET_CRYPTO_blind_sign_keys_create_va ( | |||
388 | } | 388 | } |
389 | 389 | ||
390 | 390 | ||
391 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
392 | GNUNET_CRYPTO_get_blinding_input_values ( | ||
393 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
394 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
395 | const char *salt) | ||
396 | { | ||
397 | struct GNUNET_CRYPTO_BlindingInputValues *biv; | ||
398 | |||
399 | biv = GNUNET_new (struct GNUNET_CRYPTO_BlindingInputValues); | ||
400 | biv->cipher = bsign_priv->cipher; | ||
401 | biv->rc = 1; | ||
402 | switch (bsign_priv->cipher) | ||
403 | { | ||
404 | case GNUNET_CRYPTO_BSA_INVALID: | ||
405 | GNUNET_break (0); | ||
406 | GNUNET_free (biv); | ||
407 | return NULL; | ||
408 | case GNUNET_CRYPTO_BSA_RSA: | ||
409 | return biv; | ||
410 | case GNUNET_CRYPTO_BSA_CS: | ||
411 | { | ||
412 | struct GNUNET_CRYPTO_CsRSecret cspriv[2]; | ||
413 | |||
414 | GNUNET_CRYPTO_cs_r_derive (&nonce->cs_nonce, | ||
415 | salt, | ||
416 | &bsign_priv->details.cs_private_key, | ||
417 | cspriv); | ||
418 | GNUNET_CRYPTO_cs_r_get_public (&cspriv[0], | ||
419 | &biv->details.cs_values.r_pub[0]); | ||
420 | GNUNET_CRYPTO_cs_r_get_public (&cspriv[1], | ||
421 | &biv->details.cs_values.r_pub[1]); | ||
422 | return biv; | ||
423 | } | ||
424 | } | ||
425 | GNUNET_break (0); | ||
426 | GNUNET_free (biv); | ||
427 | return NULL; | ||
428 | } | ||
429 | |||
430 | |||
391 | struct GNUNET_CRYPTO_BlindedMessage * | 431 | struct GNUNET_CRYPTO_BlindedMessage * |
392 | GNUNET_CRYPTO_message_blind_to_sign ( | 432 | GNUNET_CRYPTO_message_blind_to_sign ( |
393 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | 433 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, |
394 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | 434 | const union GNUNET_CRYPTO_BlindingSecretP *bks, |
435 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
395 | const void *message, | 436 | const void *message, |
396 | size_t message_size, | 437 | size_t message_size, |
397 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values) | 438 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values) |
@@ -426,6 +467,12 @@ GNUNET_CRYPTO_message_blind_to_sign ( | |||
426 | struct GNUNET_CRYPTO_CSPublicRPairP blinded_r_pub; | 467 | struct GNUNET_CRYPTO_CSPublicRPairP blinded_r_pub; |
427 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | 468 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; |
428 | 469 | ||
470 | if (NULL == nonce) | ||
471 | { | ||
472 | GNUNET_break_op (0); | ||
473 | GNUNET_free (bm); | ||
474 | return NULL; | ||
475 | } | ||
429 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, | 476 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, |
430 | bs); | 477 | bs); |
431 | GNUNET_CRYPTO_cs_calc_blinded_c ( | 478 | GNUNET_CRYPTO_cs_calc_blinded_c ( |
@@ -435,10 +482,9 @@ GNUNET_CRYPTO_message_blind_to_sign ( | |||
435 | message, | 482 | message, |
436 | message_size, | 483 | message_size, |
437 | bm->details.cs_blinded_message.c, | 484 | bm->details.cs_blinded_message.c, |
438 | blinded_r_pub.r_pub); | 485 | &blinded_r_pub); |
486 | bm->details.cs_blinded_message.nonce = nonce->cs_nonce; | ||
439 | (void) blinded_r_pub; | 487 | (void) blinded_r_pub; |
440 | // FIXME: bs->details.cs_blinded_message.nonce | ||
441 | // is NOT initialized here. Not elegant! | ||
442 | return bm; | 488 | return bm; |
443 | } | 489 | } |
444 | } | 490 | } |
@@ -562,7 +608,7 @@ GNUNET_CRYPTO_blind_sig_unblind ( | |||
562 | message, | 608 | message, |
563 | message_size, | 609 | message_size, |
564 | c, | 610 | c, |
565 | r_pub_blind.r_pub); | 611 | &r_pub_blind); |
566 | b = blinded_sig->details.blinded_cs_answer.b; | 612 | b = blinded_sig->details.blinded_cs_answer.b; |
567 | ub_sig->details.cs_signature.r_point | 613 | ub_sig->details.cs_signature.r_point |
568 | = r_pub_blind.r_pub[b]; | 614 | = r_pub_blind.r_pub[b]; |
diff --git a/src/lib/util/crypto_cs.c b/src/lib/util/crypto_cs.c index 2ff7c70ce..049f63062 100644 --- a/src/lib/util/crypto_cs.c +++ b/src/lib/util/crypto_cs.c | |||
@@ -158,8 +158,12 @@ cs_full_domain_hash (const struct GNUNET_CRYPTO_CsRPublic *r_dash, | |||
158 | // SHA-512 hash of R' and message | 158 | // SHA-512 hash of R' and message |
159 | size_t r_m_concat_len = sizeof(struct GNUNET_CRYPTO_CsRPublic) + msg_len; | 159 | size_t r_m_concat_len = sizeof(struct GNUNET_CRYPTO_CsRPublic) + msg_len; |
160 | char r_m_concat[r_m_concat_len]; | 160 | char r_m_concat[r_m_concat_len]; |
161 | memcpy (r_m_concat, r_dash, sizeof(struct GNUNET_CRYPTO_CsRPublic)); | 161 | memcpy (r_m_concat, |
162 | memcpy (r_m_concat + sizeof(struct GNUNET_CRYPTO_CsRPublic), msg, msg_len); | 162 | r_dash, |
163 | sizeof(struct GNUNET_CRYPTO_CsRPublic)); | ||
164 | memcpy (r_m_concat + sizeof(struct GNUNET_CRYPTO_CsRPublic), | ||
165 | msg, | ||
166 | msg_len); | ||
163 | struct GNUNET_HashCode prehash; | 167 | struct GNUNET_HashCode prehash; |
164 | 168 | ||
165 | GNUNET_CRYPTO_hash (r_m_concat, | 169 | GNUNET_CRYPTO_hash (r_m_concat, |
@@ -215,18 +219,21 @@ calc_r_dash (const struct GNUNET_CRYPTO_CsBlindingSecret *bs, | |||
215 | alpha_mul_base.y, | 219 | alpha_mul_base.y, |
216 | bs->alpha.d)); | 220 | bs->alpha.d)); |
217 | struct GNUNET_CRYPTO_Cs25519Point beta_mul_pub; | 221 | struct GNUNET_CRYPTO_Cs25519Point beta_mul_pub; |
218 | GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (beta_mul_pub.y, | 222 | GNUNET_assert (0 == |
219 | bs->beta.d, | 223 | crypto_scalarmult_ed25519_noclamp ( |
220 | pub->point.y)); | 224 | beta_mul_pub.y, |
225 | bs->beta.d, | ||
226 | pub->point.y)); | ||
221 | struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base_plus_beta_mul_pub; | 227 | struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base_plus_beta_mul_pub; |
222 | GNUNET_assert (0 == crypto_core_ed25519_add ( | 228 | GNUNET_assert (0 == crypto_core_ed25519_add ( |
223 | alpha_mul_base_plus_beta_mul_pub.y, | 229 | alpha_mul_base_plus_beta_mul_pub.y, |
224 | alpha_mul_base.y, | 230 | alpha_mul_base.y, |
225 | beta_mul_pub.y)); | 231 | beta_mul_pub.y)); |
226 | GNUNET_assert (0 == crypto_core_ed25519_add (blinded_r_pub->point.y, | 232 | GNUNET_assert (0 == |
227 | r_pub->point.y, | 233 | crypto_core_ed25519_add ( |
228 | alpha_mul_base_plus_beta_mul_pub. | 234 | blinded_r_pub->point.y, |
229 | y)); | 235 | r_pub->point.y, |
236 | alpha_mul_base_plus_beta_mul_pub.y)); | ||
230 | } | 237 | } |
231 | 238 | ||
232 | 239 | ||
@@ -238,19 +245,33 @@ GNUNET_CRYPTO_cs_calc_blinded_c ( | |||
238 | const void *msg, | 245 | const void *msg, |
239 | size_t msg_len, | 246 | size_t msg_len, |
240 | struct GNUNET_CRYPTO_CsC blinded_c[2], | 247 | struct GNUNET_CRYPTO_CsC blinded_c[2], |
241 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]) | 248 | struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind) |
242 | { | 249 | { |
243 | // for i 0/1: R'i = Ri + alpha i*G + beta i*pub | 250 | /* for i 0/1: R'i = Ri + alpha i*G + beta i*pub */ |
244 | calc_r_dash (&bs[0], &r_pub[0], pub, &blinded_r_pub[0]); | 251 | calc_r_dash (&bs[0], |
245 | calc_r_dash (&bs[1], &r_pub[1], pub, &blinded_r_pub[1]); | 252 | &r_pub[0], |
246 | 253 | pub, | |
247 | // for i 0/1: c'i = H(R'i, msg) | 254 | &r_pub_blind->r_pub[0]); |
255 | calc_r_dash (&bs[1], | ||
256 | &r_pub[1], | ||
257 | pub, | ||
258 | &r_pub_blind->r_pub[1]); | ||
259 | |||
260 | /* for i 0/1: c'i = H(R'i, msg) */ | ||
248 | struct GNUNET_CRYPTO_CsC c_dash_0; | 261 | struct GNUNET_CRYPTO_CsC c_dash_0; |
249 | struct GNUNET_CRYPTO_CsC c_dash_1; | 262 | struct GNUNET_CRYPTO_CsC c_dash_1; |
250 | cs_full_domain_hash (&blinded_r_pub[0], msg, msg_len, pub, &c_dash_0); | 263 | cs_full_domain_hash (&r_pub_blind->r_pub[0], |
251 | cs_full_domain_hash (&blinded_r_pub[1], msg, msg_len, pub, &c_dash_1); | 264 | msg, |
265 | msg_len, | ||
266 | pub, | ||
267 | &c_dash_0); | ||
268 | cs_full_domain_hash (&r_pub_blind->r_pub[1], | ||
269 | msg, | ||
270 | msg_len, | ||
271 | pub, | ||
272 | &c_dash_1); | ||
252 | 273 | ||
253 | // for i 0/1: ci = c'i + beta i mod p | 274 | /* for i 0/1: ci = c'i + beta i mod p */ |
254 | crypto_core_ed25519_scalar_add (blinded_c[0].scalar.d, | 275 | crypto_core_ed25519_scalar_add (blinded_c[0].scalar.d, |
255 | c_dash_0.scalar.d, | 276 | c_dash_0.scalar.d, |
256 | bs[0].beta.d); | 277 | bs[0].beta.d); |
diff --git a/src/lib/util/test_crypto_blind.c b/src/lib/util/test_crypto_blind.c index 726516bc2..d7efd79ea 100644 --- a/src/lib/util/test_crypto_blind.c +++ b/src/lib/util/test_crypto_blind.c | |||
@@ -34,13 +34,12 @@ main (int argc, | |||
34 | { | 34 | { |
35 | struct GNUNET_CRYPTO_BlindSignPrivateKey *priv; | 35 | struct GNUNET_CRYPTO_BlindSignPrivateKey *priv; |
36 | struct GNUNET_CRYPTO_BlindSignPublicKey *pub; | 36 | struct GNUNET_CRYPTO_BlindSignPublicKey *pub; |
37 | struct GNUNET_CRYPTO_BlindingInputValues biv; | 37 | struct GNUNET_CRYPTO_BlindingInputValues *biv; |
38 | struct GNUNET_CRYPTO_BlindedMessage *bm; | 38 | struct GNUNET_CRYPTO_BlindedMessage *bm; |
39 | struct GNUNET_CRYPTO_BlindedSignature *bsig; | 39 | struct GNUNET_CRYPTO_BlindedSignature *bsig; |
40 | struct GNUNET_CRYPTO_UnblindedSignature *sig; | 40 | struct GNUNET_CRYPTO_UnblindedSignature *sig; |
41 | union GNUNET_CRYPTO_BlindingSecretP bsec; | 41 | union GNUNET_CRYPTO_BlindingSecretP bsec; |
42 | struct GNUNET_CRYPTO_CsSessionNonce nonce; | 42 | union GNUNET_CRYPTO_BlindSessionNonce nonce; |
43 | struct GNUNET_CRYPTO_CsRSecret cspriv[2]; | ||
44 | 43 | ||
45 | GNUNET_log_setup ("test-crypto-blind", | 44 | GNUNET_log_setup ("test-crypto-blind", |
46 | "WARNING", | 45 | "WARNING", |
@@ -55,21 +54,15 @@ main (int argc, | |||
55 | GNUNET_CRYPTO_blind_sign_keys_create (&priv, | 54 | GNUNET_CRYPTO_blind_sign_keys_create (&priv, |
56 | &pub, | 55 | &pub, |
57 | GNUNET_CRYPTO_BSA_CS)); | 56 | GNUNET_CRYPTO_BSA_CS)); |
58 | biv.cipher = GNUNET_CRYPTO_BSA_CS; | 57 | biv = GNUNET_CRYPTO_get_blinding_input_values (priv, |
59 | GNUNET_CRYPTO_cs_r_derive (&nonce, | 58 | &nonce, |
60 | "salt", | 59 | "salt"); |
61 | &priv->details.cs_private_key, | ||
62 | cspriv); | ||
63 | GNUNET_CRYPTO_cs_r_get_public (&cspriv[0], | ||
64 | &biv.details.cs_values.r_pub[0]); | ||
65 | GNUNET_CRYPTO_cs_r_get_public (&cspriv[1], | ||
66 | &biv.details.cs_values.r_pub[1]); | ||
67 | bm = GNUNET_CRYPTO_message_blind_to_sign (pub, | 60 | bm = GNUNET_CRYPTO_message_blind_to_sign (pub, |
68 | &bsec, | 61 | &bsec, |
62 | &nonce, | ||
69 | "hello", | 63 | "hello", |
70 | 5, | 64 | 5, |
71 | &biv); | 65 | biv); |
72 | bm->details.cs_blinded_message.nonce = nonce; // FIXME: ugly! | ||
73 | bsig = GNUNET_CRYPTO_blind_sign (priv, | 66 | bsig = GNUNET_CRYPTO_blind_sign (priv, |
74 | "salt", | 67 | "salt", |
75 | bm); | 68 | bm); |
@@ -77,7 +70,7 @@ main (int argc, | |||
77 | &bsec, | 70 | &bsec, |
78 | "hello", | 71 | "hello", |
79 | 5, | 72 | 5, |
80 | &biv, | 73 | biv, |
81 | pub); | 74 | pub); |
82 | GNUNET_assert (GNUNET_OK == | 75 | GNUNET_assert (GNUNET_OK == |
83 | GNUNET_CRYPTO_blind_sig_verify (pub, | 76 | GNUNET_CRYPTO_blind_sig_verify (pub, |
diff --git a/src/lib/util/test_crypto_cs.c b/src/lib/util/test_crypto_cs.c index 5b3aac778..ee68db72f 100644 --- a/src/lib/util/test_crypto_cs.c +++ b/src/lib/util/test_crypto_cs.c | |||
@@ -216,7 +216,7 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
216 | const void *msg, | 216 | const void *msg, |
217 | size_t msg_len, | 217 | size_t msg_len, |
218 | struct GNUNET_CRYPTO_CsC blinded_cs[2], | 218 | struct GNUNET_CRYPTO_CsC blinded_cs[2], |
219 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]) | 219 | struct GNUNET_CRYPTO_CSPublicRPairP *blinded_r_pub) |
220 | { | 220 | { |
221 | /* TEST 1 | 221 | /* TEST 1 |
222 | * Check that the blinded c's and blinded r's | 222 | * Check that the blinded c's and blinded r's |
@@ -227,10 +227,8 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
227 | &blinded_cs[0], | 227 | &blinded_cs[0], |
228 | sizeof(struct GNUNET_CRYPTO_CsC) * 2); | 228 | sizeof(struct GNUNET_CRYPTO_CsC) * 2); |
229 | 229 | ||
230 | struct GNUNET_CRYPTO_CsRPublic other_blinded_r_pub[2]; | 230 | struct GNUNET_CRYPTO_CSPublicRPairP other_blinded_pub; |
231 | memcpy (&other_blinded_r_pub[0], | 231 | other_blinded_pub = *blinded_r_pub; |
232 | &blinded_r_pub[0], | ||
233 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2); | ||
234 | 232 | ||
235 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, | 233 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, |
236 | r_pub, | 234 | r_pub, |
@@ -243,9 +241,9 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
243 | GNUNET_assert (0 != memcmp (&other_blinded_c[0], | 241 | GNUNET_assert (0 != memcmp (&other_blinded_c[0], |
244 | &blinded_cs[0], | 242 | &blinded_cs[0], |
245 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); | 243 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); |
246 | GNUNET_assert (0 != memcmp (&other_blinded_r_pub[0], | 244 | GNUNET_assert (0 != |
247 | &blinded_r_pub[0], | 245 | GNUNET_memcmp (&other_blinded_pub, |
248 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | 246 | blinded_r_pub)); |
249 | 247 | ||
250 | /* TEST 2 | 248 | /* TEST 2 |
251 | * Check if R' - aG -bX = R for b = 0 | 249 | * Check if R' - aG -bX = R for b = 0 |
@@ -270,7 +268,7 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
270 | GNUNET_assert (0 == | 268 | GNUNET_assert (0 == |
271 | crypto_core_ed25519_sub ( | 269 | crypto_core_ed25519_sub ( |
272 | r_min_aG.y, | 270 | r_min_aG.y, |
273 | blinded_r_pub[b].point.y, | 271 | blinded_r_pub->r_pub[b].point.y, |
274 | aG.y)); | 272 | aG.y)); |
275 | GNUNET_assert (0 == crypto_core_ed25519_sub ( | 273 | GNUNET_assert (0 == crypto_core_ed25519_sub ( |
276 | res.point.y, | 274 | res.point.y, |
@@ -289,10 +287,10 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
289 | */ | 287 | */ |
290 | GNUNET_assert (1 == | 288 | GNUNET_assert (1 == |
291 | crypto_core_ed25519_is_valid_point ( | 289 | crypto_core_ed25519_is_valid_point ( |
292 | blinded_r_pub[0].point.y)); | 290 | blinded_r_pub->r_pub[0].point.y)); |
293 | GNUNET_assert (1 == | 291 | GNUNET_assert (1 == |
294 | crypto_core_ed25519_is_valid_point ( | 292 | crypto_core_ed25519_is_valid_point ( |
295 | blinded_r_pub[1].point.y)); | 293 | blinded_r_pub->r_pub[1].point.y)); |
296 | 294 | ||
297 | /* TEST 4 | 295 | /* TEST 4 |
298 | * Check if function gives the same result for the same input. | 296 | * Check if function gives the same result for the same input. |
@@ -300,9 +298,7 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
300 | memcpy (&other_blinded_c[0], | 298 | memcpy (&other_blinded_c[0], |
301 | &blinded_cs[0], | 299 | &blinded_cs[0], |
302 | sizeof(struct GNUNET_CRYPTO_CsC) * 2); | 300 | sizeof(struct GNUNET_CRYPTO_CsC) * 2); |
303 | memcpy (&other_blinded_r_pub[0], | 301 | other_blinded_pub = *blinded_r_pub; |
304 | &blinded_r_pub[0], | ||
305 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2); | ||
306 | 302 | ||
307 | for (unsigned int i = 0; i<ITER; i++) | 303 | for (unsigned int i = 0; i<ITER; i++) |
308 | { | 304 | { |
@@ -313,12 +309,13 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
313 | msg_len, | 309 | msg_len, |
314 | blinded_cs, | 310 | blinded_cs, |
315 | blinded_r_pub); | 311 | blinded_r_pub); |
316 | GNUNET_assert (0 == memcmp (&other_blinded_c[0], | 312 | GNUNET_assert (0 == |
317 | &blinded_cs[0], | 313 | memcmp (&other_blinded_c[0], |
318 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); | 314 | &blinded_cs[0], |
319 | GNUNET_assert (0 == memcmp (&other_blinded_r_pub[0], | 315 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); |
320 | &blinded_r_pub[0], | 316 | GNUNET_assert (0 == |
321 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | 317 | GNUNET_memcmp (&other_blinded_pub, |
318 | blinded_r_pub)); | ||
322 | } | 319 | } |
323 | } | 320 | } |
324 | 321 | ||
@@ -563,12 +560,12 @@ main (int argc, | |||
563 | // calculate blinded c's | 560 | // calculate blinded c's |
564 | struct GNUNET_CRYPTO_CsBlindedMessage bm; | 561 | struct GNUNET_CRYPTO_CsBlindedMessage bm; |
565 | struct GNUNET_CRYPTO_CsC blinded_cs[2]; | 562 | struct GNUNET_CRYPTO_CsC blinded_cs[2]; |
566 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pubs[2]; | 563 | struct GNUNET_CRYPTO_CSPublicRPairP blinded_r_pubs; |
567 | 564 | ||
568 | memset (blinded_cs, | 565 | memset (blinded_cs, |
569 | 42, | 566 | 42, |
570 | sizeof (blinded_cs)); | 567 | sizeof (blinded_cs)); |
571 | memset (blinded_r_pubs, | 568 | memset (&blinded_r_pubs, |
572 | 42, | 569 | 42, |
573 | sizeof (blinded_r_pubs)); | 570 | sizeof (blinded_r_pubs)); |
574 | test_calc_blindedc (blindingsecrets, | 571 | test_calc_blindedc (blindingsecrets, |
@@ -577,7 +574,7 @@ main (int argc, | |||
577 | message, | 574 | message, |
578 | message_len, | 575 | message_len, |
579 | blinded_cs, | 576 | blinded_cs, |
580 | blinded_r_pubs); | 577 | &blinded_r_pubs); |
581 | 578 | ||
582 | // ---------- actions performed by signer | 579 | // ---------- actions performed by signer |
583 | // sign blinded c's and get b and s in return | 580 | // sign blinded c's and get b and s in return |
@@ -614,7 +611,7 @@ main (int argc, | |||
614 | 611 | ||
615 | // verify unblinded signature | 612 | // verify unblinded signature |
616 | struct GNUNET_CRYPTO_CsSignature signature; | 613 | struct GNUNET_CRYPTO_CsSignature signature; |
617 | signature.r_point = blinded_r_pubs[blinded_s.b]; | 614 | signature.r_point = blinded_r_pubs.r_pub[blinded_s.b]; |
618 | signature.s_scalar = sig_scalar; | 615 | signature.s_scalar = sig_scalar; |
619 | test_verify (&signature, | 616 | test_verify (&signature, |
620 | &pub, | 617 | &pub, |