diff options
Diffstat (limited to 'src/lib/util/crypto_blind_sign.c')
-rw-r--r-- | src/lib/util/crypto_blind_sign.c | 712 |
1 files changed, 712 insertions, 0 deletions
diff --git a/src/lib/util/crypto_blind_sign.c b/src/lib/util/crypto_blind_sign.c new file mode 100644 index 000000000..33a587acd --- /dev/null +++ b/src/lib/util/crypto_blind_sign.c | |||
@@ -0,0 +1,712 @@ | |||
1 | /* | ||
2 | This file is part of GNUNET | ||
3 | Copyright (C) 2021, 2022, 2023 GNUnet e.V. | ||
4 | |||
5 | GNUNET is free software; you can redistribute it and/or modify it under the | ||
6 | terms of the GNU General Public License as published by the Free Software | ||
7 | Foundation; either version 3, or (at your option) any later version. | ||
8 | |||
9 | GNUNET is distributed in the hope that it will be useful, but WITHOUT ANY | ||
10 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | ||
11 | A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||
12 | |||
13 | You should have received a copy of the GNU General Public License along with | ||
14 | GNUNET; see the file COPYING. If not, see <http://www.gnu.org/licenses/> | ||
15 | */ | ||
16 | /** | ||
17 | * @file crypto_blind_sign.c | ||
18 | * @brief blind signatures (abstraction over RSA or CS) | ||
19 | * @author Christian Grothoff | ||
20 | */ | ||
21 | #include "platform.h" | ||
22 | #include "gnunet_util_lib.h" | ||
23 | |||
24 | |||
25 | void | ||
26 | GNUNET_CRYPTO_blinding_input_values_decref ( | ||
27 | struct GNUNET_CRYPTO_BlindingInputValues *bm) | ||
28 | { | ||
29 | GNUNET_assert (bm->rc > 0); | ||
30 | bm->rc--; | ||
31 | if (0 != bm->rc) | ||
32 | return; | ||
33 | switch (bm->cipher) | ||
34 | { | ||
35 | case GNUNET_CRYPTO_BSA_INVALID: | ||
36 | GNUNET_break (0); | ||
37 | break; | ||
38 | case GNUNET_CRYPTO_BSA_RSA: | ||
39 | bm->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
40 | break; | ||
41 | case GNUNET_CRYPTO_BSA_CS: | ||
42 | bm->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
43 | break; | ||
44 | } | ||
45 | GNUNET_free (bm); | ||
46 | } | ||
47 | |||
48 | |||
49 | void | ||
50 | GNUNET_CRYPTO_blind_sign_priv_decref ( | ||
51 | struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv) | ||
52 | { | ||
53 | GNUNET_assert (bsign_priv->rc > 0); | ||
54 | bsign_priv->rc--; | ||
55 | if (0 != bsign_priv->rc) | ||
56 | return; | ||
57 | switch (bsign_priv->cipher) | ||
58 | { | ||
59 | case GNUNET_CRYPTO_BSA_INVALID: | ||
60 | GNUNET_break (0); | ||
61 | break; | ||
62 | case GNUNET_CRYPTO_BSA_RSA: | ||
63 | if (NULL != bsign_priv->details.rsa_private_key) | ||
64 | { | ||
65 | GNUNET_CRYPTO_rsa_private_key_free (bsign_priv->details.rsa_private_key); | ||
66 | bsign_priv->details.rsa_private_key = NULL; | ||
67 | } | ||
68 | bsign_priv->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
69 | break; | ||
70 | case GNUNET_CRYPTO_BSA_CS: | ||
71 | bsign_priv->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
72 | break; | ||
73 | } | ||
74 | GNUNET_free (bsign_priv); | ||
75 | } | ||
76 | |||
77 | |||
78 | void | ||
79 | GNUNET_CRYPTO_blind_sign_pub_decref (struct | ||
80 | GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) | ||
81 | { | ||
82 | GNUNET_assert (bsign_pub->rc > 0); | ||
83 | bsign_pub->rc--; | ||
84 | if (0 != bsign_pub->rc) | ||
85 | return; | ||
86 | switch (bsign_pub->cipher) | ||
87 | { | ||
88 | case GNUNET_CRYPTO_BSA_INVALID: | ||
89 | GNUNET_break (0); | ||
90 | break; | ||
91 | case GNUNET_CRYPTO_BSA_RSA: | ||
92 | if (NULL != bsign_pub->details.rsa_public_key) | ||
93 | { | ||
94 | GNUNET_CRYPTO_rsa_public_key_free (bsign_pub->details.rsa_public_key); | ||
95 | bsign_pub->details.rsa_public_key = NULL; | ||
96 | } | ||
97 | bsign_pub->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
98 | break; | ||
99 | case GNUNET_CRYPTO_BSA_CS: | ||
100 | break; | ||
101 | } | ||
102 | GNUNET_free (bsign_pub); | ||
103 | } | ||
104 | |||
105 | |||
106 | void | ||
107 | GNUNET_CRYPTO_unblinded_sig_decref (struct | ||
108 | GNUNET_CRYPTO_UnblindedSignature *ub_sig) | ||
109 | { | ||
110 | GNUNET_assert (ub_sig->rc > 0); | ||
111 | ub_sig->rc--; | ||
112 | if (0 != ub_sig->rc) | ||
113 | return; | ||
114 | switch (ub_sig->cipher) | ||
115 | { | ||
116 | case GNUNET_CRYPTO_BSA_INVALID: | ||
117 | GNUNET_break (0); | ||
118 | break; | ||
119 | case GNUNET_CRYPTO_BSA_RSA: | ||
120 | if (NULL != ub_sig->details.rsa_signature) | ||
121 | { | ||
122 | GNUNET_CRYPTO_rsa_signature_free (ub_sig->details.rsa_signature); | ||
123 | ub_sig->details.rsa_signature = NULL; | ||
124 | } | ||
125 | ub_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
126 | break; | ||
127 | case GNUNET_CRYPTO_BSA_CS: | ||
128 | ub_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
129 | break; | ||
130 | } | ||
131 | GNUNET_free (ub_sig); | ||
132 | } | ||
133 | |||
134 | |||
135 | void | ||
136 | GNUNET_CRYPTO_blinded_sig_decref ( | ||
137 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig) | ||
138 | { | ||
139 | GNUNET_assert (blind_sig->rc > 0); | ||
140 | blind_sig->rc--; | ||
141 | if (0 != blind_sig->rc) | ||
142 | return; | ||
143 | switch (blind_sig->cipher) | ||
144 | { | ||
145 | case GNUNET_CRYPTO_BSA_INVALID: | ||
146 | GNUNET_break (0); | ||
147 | break; | ||
148 | case GNUNET_CRYPTO_BSA_RSA: | ||
149 | if (NULL != blind_sig->details.blinded_rsa_signature) | ||
150 | { | ||
151 | GNUNET_CRYPTO_rsa_signature_free ( | ||
152 | blind_sig->details.blinded_rsa_signature); | ||
153 | blind_sig->details.blinded_rsa_signature = NULL; | ||
154 | } | ||
155 | blind_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
156 | break; | ||
157 | case GNUNET_CRYPTO_BSA_CS: | ||
158 | blind_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
159 | break; | ||
160 | } | ||
161 | GNUNET_free (blind_sig); | ||
162 | } | ||
163 | |||
164 | |||
165 | void | ||
166 | GNUNET_CRYPTO_blinded_message_decref ( | ||
167 | struct GNUNET_CRYPTO_BlindedMessage *bm) | ||
168 | { | ||
169 | GNUNET_assert (bm->rc > 0); | ||
170 | bm->rc--; | ||
171 | if (0 != bm->rc) | ||
172 | return; | ||
173 | switch (bm->cipher) | ||
174 | { | ||
175 | case GNUNET_CRYPTO_BSA_INVALID: | ||
176 | GNUNET_break (0); | ||
177 | break; | ||
178 | case GNUNET_CRYPTO_BSA_RSA: | ||
179 | GNUNET_free (bm->details.rsa_blinded_message.blinded_msg); | ||
180 | break; | ||
181 | case GNUNET_CRYPTO_BSA_CS: | ||
182 | break; | ||
183 | } | ||
184 | GNUNET_free (bm); | ||
185 | } | ||
186 | |||
187 | |||
188 | struct GNUNET_CRYPTO_BlindedMessage * | ||
189 | GNUNET_CRYPTO_blinded_message_incref ( | ||
190 | struct GNUNET_CRYPTO_BlindedMessage *bm) | ||
191 | { | ||
192 | bm->rc++; | ||
193 | return bm; | ||
194 | } | ||
195 | |||
196 | |||
197 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
198 | GNUNET_CRYPTO_blinding_input_values_incref ( | ||
199 | struct GNUNET_CRYPTO_BlindingInputValues *bm) | ||
200 | { | ||
201 | bm->rc++; | ||
202 | return bm; | ||
203 | } | ||
204 | |||
205 | |||
206 | struct GNUNET_CRYPTO_BlindSignPublicKey * | ||
207 | GNUNET_CRYPTO_bsign_pub_incref ( | ||
208 | struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) | ||
209 | { | ||
210 | bsign_pub->rc++; | ||
211 | return bsign_pub; | ||
212 | } | ||
213 | |||
214 | |||
215 | struct GNUNET_CRYPTO_BlindSignPrivateKey * | ||
216 | GNUNET_CRYPTO_bsign_priv_incref ( | ||
217 | struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv) | ||
218 | { | ||
219 | bsign_priv->rc++; | ||
220 | return bsign_priv; | ||
221 | } | ||
222 | |||
223 | |||
224 | struct GNUNET_CRYPTO_UnblindedSignature * | ||
225 | GNUNET_CRYPTO_ub_sig_incref (struct GNUNET_CRYPTO_UnblindedSignature *ub_sig) | ||
226 | { | ||
227 | ub_sig->rc++; | ||
228 | return ub_sig; | ||
229 | } | ||
230 | |||
231 | |||
232 | struct GNUNET_CRYPTO_BlindedSignature * | ||
233 | GNUNET_CRYPTO_blind_sig_incref ( | ||
234 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig) | ||
235 | { | ||
236 | blind_sig->rc++; | ||
237 | return blind_sig; | ||
238 | } | ||
239 | |||
240 | |||
241 | int | ||
242 | GNUNET_CRYPTO_bsign_pub_cmp ( | ||
243 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bp1, | ||
244 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bp2) | ||
245 | { | ||
246 | if (bp1->cipher != bp2->cipher) | ||
247 | return (bp1->cipher > bp2->cipher) ? 1 : -1; | ||
248 | switch (bp1->cipher) | ||
249 | { | ||
250 | case GNUNET_CRYPTO_BSA_INVALID: | ||
251 | GNUNET_break (0); | ||
252 | return 0; | ||
253 | case GNUNET_CRYPTO_BSA_RSA: | ||
254 | return GNUNET_memcmp (&bp1->pub_key_hash, | ||
255 | &bp2->pub_key_hash); | ||
256 | case GNUNET_CRYPTO_BSA_CS: | ||
257 | return GNUNET_memcmp (&bp1->pub_key_hash, | ||
258 | &bp2->pub_key_hash); | ||
259 | } | ||
260 | GNUNET_assert (0); | ||
261 | return -2; | ||
262 | } | ||
263 | |||
264 | |||
265 | int | ||
266 | GNUNET_CRYPTO_ub_sig_cmp ( | ||
267 | const struct GNUNET_CRYPTO_UnblindedSignature *sig1, | ||
268 | const struct GNUNET_CRYPTO_UnblindedSignature *sig2) | ||
269 | { | ||
270 | if (sig1->cipher != sig2->cipher) | ||
271 | return (sig1->cipher > sig2->cipher) ? 1 : -1; | ||
272 | switch (sig1->cipher) | ||
273 | { | ||
274 | case GNUNET_CRYPTO_BSA_INVALID: | ||
275 | GNUNET_break (0); | ||
276 | return 0; | ||
277 | case GNUNET_CRYPTO_BSA_RSA: | ||
278 | return GNUNET_CRYPTO_rsa_signature_cmp (sig1->details.rsa_signature, | ||
279 | sig2->details.rsa_signature); | ||
280 | case GNUNET_CRYPTO_BSA_CS: | ||
281 | return GNUNET_memcmp (&sig1->details.cs_signature, | ||
282 | &sig2->details.cs_signature); | ||
283 | } | ||
284 | GNUNET_assert (0); | ||
285 | return -2; | ||
286 | } | ||
287 | |||
288 | |||
289 | int | ||
290 | GNUNET_CRYPTO_blind_sig_cmp ( | ||
291 | const struct GNUNET_CRYPTO_BlindedSignature *sig1, | ||
292 | const struct GNUNET_CRYPTO_BlindedSignature *sig2) | ||
293 | { | ||
294 | if (sig1->cipher != sig2->cipher) | ||
295 | return (sig1->cipher > sig2->cipher) ? 1 : -1; | ||
296 | switch (sig1->cipher) | ||
297 | { | ||
298 | case GNUNET_CRYPTO_BSA_INVALID: | ||
299 | GNUNET_break (0); | ||
300 | return 0; | ||
301 | case GNUNET_CRYPTO_BSA_RSA: | ||
302 | return GNUNET_CRYPTO_rsa_signature_cmp (sig1->details.blinded_rsa_signature, | ||
303 | sig2->details.blinded_rsa_signature); | ||
304 | case GNUNET_CRYPTO_BSA_CS: | ||
305 | return GNUNET_memcmp (&sig1->details.blinded_cs_answer, | ||
306 | &sig2->details.blinded_cs_answer); | ||
307 | } | ||
308 | GNUNET_assert (0); | ||
309 | return -2; | ||
310 | } | ||
311 | |||
312 | |||
313 | int | ||
314 | GNUNET_CRYPTO_blinded_message_cmp ( | ||
315 | const struct GNUNET_CRYPTO_BlindedMessage *bp1, | ||
316 | const struct GNUNET_CRYPTO_BlindedMessage *bp2) | ||
317 | { | ||
318 | if (bp1->cipher != bp2->cipher) | ||
319 | return (bp1->cipher > bp2->cipher) ? 1 : -1; | ||
320 | switch (bp1->cipher) | ||
321 | { | ||
322 | case GNUNET_CRYPTO_BSA_INVALID: | ||
323 | GNUNET_break (0); | ||
324 | return 0; | ||
325 | case GNUNET_CRYPTO_BSA_RSA: | ||
326 | if (bp1->details.rsa_blinded_message.blinded_msg_size != | ||
327 | bp2->details.rsa_blinded_message.blinded_msg_size) | ||
328 | return (bp1->details.rsa_blinded_message.blinded_msg_size > | ||
329 | bp2->details.rsa_blinded_message.blinded_msg_size) ? 1 : -1; | ||
330 | return memcmp (bp1->details.rsa_blinded_message.blinded_msg, | ||
331 | bp2->details.rsa_blinded_message.blinded_msg, | ||
332 | bp1->details.rsa_blinded_message.blinded_msg_size); | ||
333 | case GNUNET_CRYPTO_BSA_CS: | ||
334 | return GNUNET_memcmp (&bp1->details.cs_blinded_message, | ||
335 | &bp2->details.cs_blinded_message); | ||
336 | } | ||
337 | GNUNET_assert (0); | ||
338 | return -2; | ||
339 | } | ||
340 | |||
341 | |||
342 | enum GNUNET_GenericReturnValue | ||
343 | GNUNET_CRYPTO_blind_sign_keys_create ( | ||
344 | struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, | ||
345 | struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, | ||
346 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, | ||
347 | ...) | ||
348 | { | ||
349 | enum GNUNET_GenericReturnValue ret; | ||
350 | va_list ap; | ||
351 | |||
352 | va_start (ap, | ||
353 | cipher); | ||
354 | ret = GNUNET_CRYPTO_blind_sign_keys_create_va (bsign_priv, | ||
355 | bsign_pub, | ||
356 | cipher, | ||
357 | ap); | ||
358 | va_end (ap); | ||
359 | return ret; | ||
360 | } | ||
361 | |||
362 | |||
363 | enum GNUNET_GenericReturnValue | ||
364 | GNUNET_CRYPTO_blind_sign_keys_create_va ( | ||
365 | struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, | ||
366 | struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, | ||
367 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, | ||
368 | va_list ap) | ||
369 | { | ||
370 | struct GNUNET_CRYPTO_BlindSignPrivateKey *priv; | ||
371 | struct GNUNET_CRYPTO_BlindSignPublicKey *pub; | ||
372 | |||
373 | priv = GNUNET_new (struct GNUNET_CRYPTO_BlindSignPrivateKey); | ||
374 | priv->rc = 1; | ||
375 | priv->cipher = cipher; | ||
376 | *bsign_priv = priv; | ||
377 | pub = GNUNET_new (struct GNUNET_CRYPTO_BlindSignPublicKey); | ||
378 | pub->rc = 1; | ||
379 | pub->cipher = cipher; | ||
380 | *bsign_pub = pub; | ||
381 | switch (cipher) | ||
382 | { | ||
383 | case GNUNET_CRYPTO_BSA_INVALID: | ||
384 | GNUNET_break (0); | ||
385 | break; | ||
386 | case GNUNET_CRYPTO_BSA_RSA: | ||
387 | { | ||
388 | unsigned int bits; | ||
389 | |||
390 | bits = va_arg (ap, | ||
391 | unsigned int); | ||
392 | if (bits < 512) | ||
393 | { | ||
394 | GNUNET_break (0); | ||
395 | break; | ||
396 | } | ||
397 | priv->details.rsa_private_key | ||
398 | = GNUNET_CRYPTO_rsa_private_key_create (bits); | ||
399 | } | ||
400 | if (NULL == priv->details.rsa_private_key) | ||
401 | { | ||
402 | GNUNET_break (0); | ||
403 | break; | ||
404 | } | ||
405 | pub->details.rsa_public_key | ||
406 | = GNUNET_CRYPTO_rsa_private_key_get_public ( | ||
407 | priv->details.rsa_private_key); | ||
408 | GNUNET_CRYPTO_rsa_public_key_hash (pub->details.rsa_public_key, | ||
409 | &pub->pub_key_hash); | ||
410 | return GNUNET_OK; | ||
411 | case GNUNET_CRYPTO_BSA_CS: | ||
412 | GNUNET_CRYPTO_cs_private_key_generate (&priv->details.cs_private_key); | ||
413 | GNUNET_CRYPTO_cs_private_key_get_public ( | ||
414 | &priv->details.cs_private_key, | ||
415 | &pub->details.cs_public_key); | ||
416 | GNUNET_CRYPTO_hash (&pub->details.cs_public_key, | ||
417 | sizeof(pub->details.cs_public_key), | ||
418 | &pub->pub_key_hash); | ||
419 | return GNUNET_OK; | ||
420 | } | ||
421 | GNUNET_free (priv); | ||
422 | GNUNET_free (pub); | ||
423 | *bsign_priv = NULL; | ||
424 | *bsign_pub = NULL; | ||
425 | return GNUNET_SYSERR; | ||
426 | } | ||
427 | |||
428 | |||
429 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
430 | GNUNET_CRYPTO_get_blinding_input_values ( | ||
431 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
432 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
433 | const char *salt) | ||
434 | { | ||
435 | struct GNUNET_CRYPTO_BlindingInputValues *biv; | ||
436 | |||
437 | biv = GNUNET_new (struct GNUNET_CRYPTO_BlindingInputValues); | ||
438 | biv->cipher = bsign_priv->cipher; | ||
439 | biv->rc = 1; | ||
440 | switch (bsign_priv->cipher) | ||
441 | { | ||
442 | case GNUNET_CRYPTO_BSA_INVALID: | ||
443 | GNUNET_break (0); | ||
444 | GNUNET_free (biv); | ||
445 | return NULL; | ||
446 | case GNUNET_CRYPTO_BSA_RSA: | ||
447 | return biv; | ||
448 | case GNUNET_CRYPTO_BSA_CS: | ||
449 | { | ||
450 | struct GNUNET_CRYPTO_CsRSecret cspriv[2]; | ||
451 | |||
452 | GNUNET_CRYPTO_cs_r_derive (&nonce->cs_nonce, | ||
453 | salt, | ||
454 | &bsign_priv->details.cs_private_key, | ||
455 | cspriv); | ||
456 | GNUNET_CRYPTO_cs_r_get_public (&cspriv[0], | ||
457 | &biv->details.cs_values.r_pub[0]); | ||
458 | GNUNET_CRYPTO_cs_r_get_public (&cspriv[1], | ||
459 | &biv->details.cs_values.r_pub[1]); | ||
460 | return biv; | ||
461 | } | ||
462 | } | ||
463 | GNUNET_break (0); | ||
464 | GNUNET_free (biv); | ||
465 | return NULL; | ||
466 | } | ||
467 | |||
468 | |||
469 | struct GNUNET_CRYPTO_BlindedMessage * | ||
470 | GNUNET_CRYPTO_message_blind_to_sign ( | ||
471 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | ||
472 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | ||
473 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
474 | const void *message, | ||
475 | size_t message_size, | ||
476 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values) | ||
477 | { | ||
478 | struct GNUNET_CRYPTO_BlindedMessage *bm; | ||
479 | |||
480 | bm = GNUNET_new (struct GNUNET_CRYPTO_BlindedMessage); | ||
481 | bm->cipher = bsign_pub->cipher; | ||
482 | bm->rc = 1; | ||
483 | switch (bsign_pub->cipher) | ||
484 | { | ||
485 | case GNUNET_CRYPTO_BSA_INVALID: | ||
486 | GNUNET_break (0); | ||
487 | GNUNET_free (bm); | ||
488 | return NULL; | ||
489 | case GNUNET_CRYPTO_BSA_RSA: | ||
490 | if (GNUNET_YES != | ||
491 | GNUNET_CRYPTO_rsa_blind ( | ||
492 | message, | ||
493 | message_size, | ||
494 | &bks->rsa_bks, | ||
495 | bsign_pub->details.rsa_public_key, | ||
496 | &bm->details.rsa_blinded_message)) | ||
497 | { | ||
498 | GNUNET_break (0); | ||
499 | GNUNET_free (bm); | ||
500 | return NULL; | ||
501 | } | ||
502 | return bm; | ||
503 | case GNUNET_CRYPTO_BSA_CS: | ||
504 | { | ||
505 | struct GNUNET_CRYPTO_CSPublicRPairP blinded_r_pub; | ||
506 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
507 | |||
508 | if (NULL == nonce) | ||
509 | { | ||
510 | GNUNET_break_op (0); | ||
511 | GNUNET_free (bm); | ||
512 | return NULL; | ||
513 | } | ||
514 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, | ||
515 | bs); | ||
516 | GNUNET_CRYPTO_cs_calc_blinded_c ( | ||
517 | bs, | ||
518 | alg_values->details.cs_values.r_pub, | ||
519 | &bsign_pub->details.cs_public_key, | ||
520 | message, | ||
521 | message_size, | ||
522 | bm->details.cs_blinded_message.c, | ||
523 | &blinded_r_pub); | ||
524 | bm->details.cs_blinded_message.nonce = nonce->cs_nonce; | ||
525 | (void) blinded_r_pub; | ||
526 | return bm; | ||
527 | } | ||
528 | } | ||
529 | GNUNET_break (0); | ||
530 | return NULL; | ||
531 | } | ||
532 | |||
533 | |||
534 | struct GNUNET_CRYPTO_BlindedSignature * | ||
535 | GNUNET_CRYPTO_blind_sign ( | ||
536 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
537 | const char *salt, | ||
538 | const struct GNUNET_CRYPTO_BlindedMessage *blinded_message) | ||
539 | { | ||
540 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig; | ||
541 | |||
542 | if (blinded_message->cipher != bsign_priv->cipher) | ||
543 | { | ||
544 | GNUNET_break (0); | ||
545 | return NULL; | ||
546 | } | ||
547 | |||
548 | blind_sig = GNUNET_new (struct GNUNET_CRYPTO_BlindedSignature); | ||
549 | blind_sig->cipher = bsign_priv->cipher; | ||
550 | blind_sig->rc = 1; | ||
551 | switch (bsign_priv->cipher) | ||
552 | { | ||
553 | case GNUNET_CRYPTO_BSA_INVALID: | ||
554 | GNUNET_break (0); | ||
555 | GNUNET_free (blind_sig); | ||
556 | return NULL; | ||
557 | case GNUNET_CRYPTO_BSA_RSA: | ||
558 | blind_sig->details.blinded_rsa_signature | ||
559 | = GNUNET_CRYPTO_rsa_sign_blinded ( | ||
560 | bsign_priv->details.rsa_private_key, | ||
561 | &blinded_message->details.rsa_blinded_message); | ||
562 | if (NULL == blind_sig->details.blinded_rsa_signature) | ||
563 | { | ||
564 | GNUNET_break (0); | ||
565 | GNUNET_free (blind_sig); | ||
566 | return NULL; | ||
567 | } | ||
568 | return blind_sig; | ||
569 | case GNUNET_CRYPTO_BSA_CS: | ||
570 | { | ||
571 | struct GNUNET_CRYPTO_CsRSecret r[2]; | ||
572 | |||
573 | GNUNET_CRYPTO_cs_r_derive ( | ||
574 | &blinded_message->details.cs_blinded_message.nonce, | ||
575 | salt, | ||
576 | &bsign_priv->details.cs_private_key, | ||
577 | r); | ||
578 | GNUNET_CRYPTO_cs_sign_derive ( | ||
579 | &bsign_priv->details.cs_private_key, | ||
580 | r, | ||
581 | &blinded_message->details.cs_blinded_message, | ||
582 | &blind_sig->details.blinded_cs_answer); | ||
583 | } | ||
584 | return blind_sig; | ||
585 | } | ||
586 | GNUNET_break (0); | ||
587 | return NULL; | ||
588 | } | ||
589 | |||
590 | |||
591 | struct GNUNET_CRYPTO_UnblindedSignature * | ||
592 | GNUNET_CRYPTO_blind_sig_unblind ( | ||
593 | const struct GNUNET_CRYPTO_BlindedSignature *blinded_sig, | ||
594 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | ||
595 | const void *message, | ||
596 | size_t message_size, | ||
597 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values, | ||
598 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) | ||
599 | { | ||
600 | struct GNUNET_CRYPTO_UnblindedSignature *ub_sig; | ||
601 | |||
602 | if (blinded_sig->cipher != bsign_pub->cipher) | ||
603 | { | ||
604 | GNUNET_break (0); | ||
605 | return NULL; | ||
606 | } | ||
607 | if (blinded_sig->cipher != alg_values->cipher) | ||
608 | { | ||
609 | GNUNET_break (0); | ||
610 | return NULL; | ||
611 | } | ||
612 | ub_sig = GNUNET_new (struct GNUNET_CRYPTO_UnblindedSignature); | ||
613 | ub_sig->cipher = blinded_sig->cipher; | ||
614 | ub_sig->rc = 1; | ||
615 | switch (bsign_pub->cipher) | ||
616 | { | ||
617 | case GNUNET_CRYPTO_BSA_INVALID: | ||
618 | GNUNET_break (0); | ||
619 | GNUNET_free (ub_sig); | ||
620 | return NULL; | ||
621 | case GNUNET_CRYPTO_BSA_RSA: | ||
622 | ub_sig->details.rsa_signature | ||
623 | = GNUNET_CRYPTO_rsa_unblind ( | ||
624 | blinded_sig->details.blinded_rsa_signature, | ||
625 | &bks->rsa_bks, | ||
626 | bsign_pub->details.rsa_public_key); | ||
627 | if (NULL == ub_sig->details.rsa_signature) | ||
628 | { | ||
629 | GNUNET_break (0); | ||
630 | GNUNET_free (ub_sig); | ||
631 | return NULL; | ||
632 | } | ||
633 | return ub_sig; | ||
634 | case GNUNET_CRYPTO_BSA_CS: | ||
635 | { | ||
636 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
637 | struct GNUNET_CRYPTO_CsC c[2]; | ||
638 | struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind; | ||
639 | unsigned int b; | ||
640 | |||
641 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, | ||
642 | bs); | ||
643 | GNUNET_CRYPTO_cs_calc_blinded_c ( | ||
644 | bs, | ||
645 | alg_values->details.cs_values.r_pub, | ||
646 | &bsign_pub->details.cs_public_key, | ||
647 | message, | ||
648 | message_size, | ||
649 | c, | ||
650 | &r_pub_blind); | ||
651 | b = blinded_sig->details.blinded_cs_answer.b; | ||
652 | ub_sig->details.cs_signature.r_point | ||
653 | = r_pub_blind.r_pub[b]; | ||
654 | GNUNET_CRYPTO_cs_unblind ( | ||
655 | &blinded_sig->details.blinded_cs_answer.s_scalar, | ||
656 | &bs[b], | ||
657 | &ub_sig->details.cs_signature.s_scalar); | ||
658 | return ub_sig; | ||
659 | } | ||
660 | } | ||
661 | GNUNET_break (0); | ||
662 | GNUNET_free (ub_sig); | ||
663 | return NULL; | ||
664 | } | ||
665 | |||
666 | |||
667 | enum GNUNET_GenericReturnValue | ||
668 | GNUNET_CRYPTO_blind_sig_verify ( | ||
669 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | ||
670 | const struct GNUNET_CRYPTO_UnblindedSignature *ub_sig, | ||
671 | const void *message, | ||
672 | size_t message_size) | ||
673 | { | ||
674 | if (bsign_pub->cipher != ub_sig->cipher) | ||
675 | { | ||
676 | GNUNET_break (0); | ||
677 | return GNUNET_SYSERR; | ||
678 | } | ||
679 | switch (bsign_pub->cipher) | ||
680 | { | ||
681 | case GNUNET_CRYPTO_BSA_INVALID: | ||
682 | GNUNET_break (0); | ||
683 | return GNUNET_NO; | ||
684 | case GNUNET_CRYPTO_BSA_RSA: | ||
685 | if (GNUNET_OK != | ||
686 | GNUNET_CRYPTO_rsa_verify (message, | ||
687 | message_size, | ||
688 | ub_sig->details.rsa_signature, | ||
689 | bsign_pub->details.rsa_public_key)) | ||
690 | { | ||
691 | GNUNET_break_op (0); | ||
692 | return GNUNET_NO; | ||
693 | } | ||
694 | return GNUNET_YES; | ||
695 | case GNUNET_CRYPTO_BSA_CS: | ||
696 | if (GNUNET_OK != | ||
697 | GNUNET_CRYPTO_cs_verify (&ub_sig->details.cs_signature, | ||
698 | &bsign_pub->details.cs_public_key, | ||
699 | message, | ||
700 | message_size)) | ||
701 | { | ||
702 | GNUNET_break_op (0); | ||
703 | return GNUNET_NO; | ||
704 | } | ||
705 | return GNUNET_YES; | ||
706 | } | ||
707 | GNUNET_break (0); | ||
708 | return GNUNET_NO; | ||
709 | } | ||
710 | |||
711 | |||
712 | /* end of crypto_blind_sign.c */ | ||