diff options
Diffstat (limited to 'src/lib/util/crypto_blind_sign.c')
-rw-r--r-- | src/lib/util/crypto_blind_sign.c | 713 |
1 files changed, 713 insertions, 0 deletions
diff --git a/src/lib/util/crypto_blind_sign.c b/src/lib/util/crypto_blind_sign.c new file mode 100644 index 000000000..ac611cf4f --- /dev/null +++ b/src/lib/util/crypto_blind_sign.c | |||
@@ -0,0 +1,713 @@ | |||
1 | /* | ||
2 | This file is part of GNUNET | ||
3 | Copyright (C) 2021, 2022, 2023 GNUnet e.V. | ||
4 | |||
5 | GNUNET is free software; you can redistribute it and/or modify it under the | ||
6 | terms of the GNU General Public License as published by the Free Software | ||
7 | Foundation; either version 3, or (at your option) any later version. | ||
8 | |||
9 | GNUNET is distributed in the hope that it will be useful, but WITHOUT ANY | ||
10 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | ||
11 | A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||
12 | |||
13 | You should have received a copy of the GNU General Public License along with | ||
14 | GNUNET; see the file COPYING. If not, see <http://www.gnu.org/licenses/> | ||
15 | */ | ||
16 | /** | ||
17 | * @file crypto_blind_sign.c | ||
18 | * @brief blind signatures (abstraction over RSA or CS) | ||
19 | * @author Christian Grothoff | ||
20 | */ | ||
21 | #include "platform.h" | ||
22 | #include "gnunet_util_lib.h" | ||
23 | |||
24 | |||
25 | void | ||
26 | GNUNET_CRYPTO_blinding_input_values_decref ( | ||
27 | struct GNUNET_CRYPTO_BlindingInputValues *bm) | ||
28 | { | ||
29 | GNUNET_assert (bm->rc > 0); | ||
30 | bm->rc--; | ||
31 | if (0 != bm->rc) | ||
32 | return; | ||
33 | switch (bm->cipher) | ||
34 | { | ||
35 | case GNUNET_CRYPTO_BSA_INVALID: | ||
36 | GNUNET_break (0); | ||
37 | break; | ||
38 | case GNUNET_CRYPTO_BSA_RSA: | ||
39 | bm->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
40 | break; | ||
41 | case GNUNET_CRYPTO_BSA_CS: | ||
42 | bm->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
43 | break; | ||
44 | } | ||
45 | GNUNET_free (bm); | ||
46 | } | ||
47 | |||
48 | |||
49 | void | ||
50 | GNUNET_CRYPTO_blind_sign_priv_decref (struct | ||
51 | GNUNET_CRYPTO_BlindSignPrivateKey * | ||
52 | bsign_priv) | ||
53 | { | ||
54 | GNUNET_assert (bsign_priv->rc > 0); | ||
55 | bsign_priv->rc--; | ||
56 | if (0 != bsign_priv->rc) | ||
57 | return; | ||
58 | switch (bsign_priv->cipher) | ||
59 | { | ||
60 | case GNUNET_CRYPTO_BSA_INVALID: | ||
61 | GNUNET_break (0); | ||
62 | break; | ||
63 | case GNUNET_CRYPTO_BSA_RSA: | ||
64 | if (NULL != bsign_priv->details.rsa_private_key) | ||
65 | { | ||
66 | GNUNET_CRYPTO_rsa_private_key_free (bsign_priv->details.rsa_private_key); | ||
67 | bsign_priv->details.rsa_private_key = NULL; | ||
68 | } | ||
69 | bsign_priv->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
70 | break; | ||
71 | case GNUNET_CRYPTO_BSA_CS: | ||
72 | bsign_priv->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
73 | break; | ||
74 | } | ||
75 | GNUNET_free (bsign_priv); | ||
76 | } | ||
77 | |||
78 | |||
79 | void | ||
80 | GNUNET_CRYPTO_blind_sign_pub_decref (struct | ||
81 | GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) | ||
82 | { | ||
83 | GNUNET_assert (bsign_pub->rc > 0); | ||
84 | bsign_pub->rc--; | ||
85 | if (0 != bsign_pub->rc) | ||
86 | return; | ||
87 | switch (bsign_pub->cipher) | ||
88 | { | ||
89 | case GNUNET_CRYPTO_BSA_INVALID: | ||
90 | GNUNET_break (0); | ||
91 | break; | ||
92 | case GNUNET_CRYPTO_BSA_RSA: | ||
93 | if (NULL != bsign_pub->details.rsa_public_key) | ||
94 | { | ||
95 | GNUNET_CRYPTO_rsa_public_key_free (bsign_pub->details.rsa_public_key); | ||
96 | bsign_pub->details.rsa_public_key = NULL; | ||
97 | } | ||
98 | bsign_pub->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
99 | break; | ||
100 | case GNUNET_CRYPTO_BSA_CS: | ||
101 | break; | ||
102 | } | ||
103 | GNUNET_free (bsign_pub); | ||
104 | } | ||
105 | |||
106 | |||
107 | void | ||
108 | GNUNET_CRYPTO_unblinded_sig_decref (struct | ||
109 | GNUNET_CRYPTO_UnblindedSignature *ub_sig) | ||
110 | { | ||
111 | GNUNET_assert (ub_sig->rc > 0); | ||
112 | ub_sig->rc--; | ||
113 | if (0 != ub_sig->rc) | ||
114 | return; | ||
115 | switch (ub_sig->cipher) | ||
116 | { | ||
117 | case GNUNET_CRYPTO_BSA_INVALID: | ||
118 | GNUNET_break (0); | ||
119 | break; | ||
120 | case GNUNET_CRYPTO_BSA_RSA: | ||
121 | if (NULL != ub_sig->details.rsa_signature) | ||
122 | { | ||
123 | GNUNET_CRYPTO_rsa_signature_free (ub_sig->details.rsa_signature); | ||
124 | ub_sig->details.rsa_signature = NULL; | ||
125 | } | ||
126 | ub_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
127 | break; | ||
128 | case GNUNET_CRYPTO_BSA_CS: | ||
129 | ub_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
130 | break; | ||
131 | } | ||
132 | GNUNET_free (ub_sig); | ||
133 | } | ||
134 | |||
135 | |||
136 | void | ||
137 | GNUNET_CRYPTO_blinded_sig_decref ( | ||
138 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig) | ||
139 | { | ||
140 | GNUNET_assert (blind_sig->rc > 0); | ||
141 | blind_sig->rc--; | ||
142 | if (0 != blind_sig->rc) | ||
143 | return; | ||
144 | switch (blind_sig->cipher) | ||
145 | { | ||
146 | case GNUNET_CRYPTO_BSA_INVALID: | ||
147 | GNUNET_break (0); | ||
148 | break; | ||
149 | case GNUNET_CRYPTO_BSA_RSA: | ||
150 | if (NULL != blind_sig->details.blinded_rsa_signature) | ||
151 | { | ||
152 | GNUNET_CRYPTO_rsa_signature_free ( | ||
153 | blind_sig->details.blinded_rsa_signature); | ||
154 | blind_sig->details.blinded_rsa_signature = NULL; | ||
155 | } | ||
156 | blind_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
157 | break; | ||
158 | case GNUNET_CRYPTO_BSA_CS: | ||
159 | blind_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
160 | break; | ||
161 | } | ||
162 | GNUNET_free (blind_sig); | ||
163 | } | ||
164 | |||
165 | |||
166 | void | ||
167 | GNUNET_CRYPTO_blinded_message_decref ( | ||
168 | struct GNUNET_CRYPTO_BlindedMessage *bm) | ||
169 | { | ||
170 | GNUNET_assert (bm->rc > 0); | ||
171 | bm->rc--; | ||
172 | if (0 != bm->rc) | ||
173 | return; | ||
174 | switch (bm->cipher) | ||
175 | { | ||
176 | case GNUNET_CRYPTO_BSA_INVALID: | ||
177 | GNUNET_break (0); | ||
178 | break; | ||
179 | case GNUNET_CRYPTO_BSA_RSA: | ||
180 | GNUNET_free (bm->details.rsa_blinded_message.blinded_msg); | ||
181 | break; | ||
182 | case GNUNET_CRYPTO_BSA_CS: | ||
183 | break; | ||
184 | } | ||
185 | GNUNET_free (bm); | ||
186 | } | ||
187 | |||
188 | |||
189 | struct GNUNET_CRYPTO_BlindedMessage * | ||
190 | GNUNET_CRYPTO_blinded_message_incref ( | ||
191 | struct GNUNET_CRYPTO_BlindedMessage *bm) | ||
192 | { | ||
193 | bm->rc++; | ||
194 | return bm; | ||
195 | } | ||
196 | |||
197 | |||
198 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
199 | GNUNET_CRYPTO_blinding_input_values_incref ( | ||
200 | struct GNUNET_CRYPTO_BlindingInputValues *bm) | ||
201 | { | ||
202 | bm->rc++; | ||
203 | return bm; | ||
204 | } | ||
205 | |||
206 | |||
207 | struct GNUNET_CRYPTO_BlindSignPublicKey * | ||
208 | GNUNET_CRYPTO_bsign_pub_incref ( | ||
209 | struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) | ||
210 | { | ||
211 | bsign_pub->rc++; | ||
212 | return bsign_pub; | ||
213 | } | ||
214 | |||
215 | |||
216 | struct GNUNET_CRYPTO_BlindSignPrivateKey * | ||
217 | GNUNET_CRYPTO_bsign_priv_incref ( | ||
218 | struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv) | ||
219 | { | ||
220 | bsign_priv->rc++; | ||
221 | return bsign_priv; | ||
222 | } | ||
223 | |||
224 | |||
225 | struct GNUNET_CRYPTO_UnblindedSignature * | ||
226 | GNUNET_CRYPTO_ub_sig_incref (struct GNUNET_CRYPTO_UnblindedSignature *ub_sig) | ||
227 | { | ||
228 | ub_sig->rc++; | ||
229 | return ub_sig; | ||
230 | } | ||
231 | |||
232 | |||
233 | struct GNUNET_CRYPTO_BlindedSignature * | ||
234 | GNUNET_CRYPTO_blind_sig_incref ( | ||
235 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig) | ||
236 | { | ||
237 | blind_sig->rc++; | ||
238 | return blind_sig; | ||
239 | } | ||
240 | |||
241 | |||
242 | int | ||
243 | GNUNET_CRYPTO_bsign_pub_cmp ( | ||
244 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bp1, | ||
245 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bp2) | ||
246 | { | ||
247 | if (bp1->cipher != bp2->cipher) | ||
248 | return (bp1->cipher > bp2->cipher) ? 1 : -1; | ||
249 | switch (bp1->cipher) | ||
250 | { | ||
251 | case GNUNET_CRYPTO_BSA_INVALID: | ||
252 | GNUNET_break (0); | ||
253 | return 0; | ||
254 | case GNUNET_CRYPTO_BSA_RSA: | ||
255 | return GNUNET_memcmp (&bp1->pub_key_hash, | ||
256 | &bp2->pub_key_hash); | ||
257 | case GNUNET_CRYPTO_BSA_CS: | ||
258 | return GNUNET_memcmp (&bp1->pub_key_hash, | ||
259 | &bp2->pub_key_hash); | ||
260 | } | ||
261 | GNUNET_assert (0); | ||
262 | return -2; | ||
263 | } | ||
264 | |||
265 | |||
266 | int | ||
267 | GNUNET_CRYPTO_ub_sig_cmp ( | ||
268 | const struct GNUNET_CRYPTO_UnblindedSignature *sig1, | ||
269 | const struct GNUNET_CRYPTO_UnblindedSignature *sig2) | ||
270 | { | ||
271 | if (sig1->cipher != sig2->cipher) | ||
272 | return (sig1->cipher > sig2->cipher) ? 1 : -1; | ||
273 | switch (sig1->cipher) | ||
274 | { | ||
275 | case GNUNET_CRYPTO_BSA_INVALID: | ||
276 | GNUNET_break (0); | ||
277 | return 0; | ||
278 | case GNUNET_CRYPTO_BSA_RSA: | ||
279 | return GNUNET_CRYPTO_rsa_signature_cmp (sig1->details.rsa_signature, | ||
280 | sig2->details.rsa_signature); | ||
281 | case GNUNET_CRYPTO_BSA_CS: | ||
282 | return GNUNET_memcmp (&sig1->details.cs_signature, | ||
283 | &sig2->details.cs_signature); | ||
284 | } | ||
285 | GNUNET_assert (0); | ||
286 | return -2; | ||
287 | } | ||
288 | |||
289 | |||
290 | int | ||
291 | GNUNET_CRYPTO_blind_sig_cmp ( | ||
292 | const struct GNUNET_CRYPTO_BlindedSignature *sig1, | ||
293 | const struct GNUNET_CRYPTO_BlindedSignature *sig2) | ||
294 | { | ||
295 | if (sig1->cipher != sig2->cipher) | ||
296 | return (sig1->cipher > sig2->cipher) ? 1 : -1; | ||
297 | switch (sig1->cipher) | ||
298 | { | ||
299 | case GNUNET_CRYPTO_BSA_INVALID: | ||
300 | GNUNET_break (0); | ||
301 | return 0; | ||
302 | case GNUNET_CRYPTO_BSA_RSA: | ||
303 | return GNUNET_CRYPTO_rsa_signature_cmp (sig1->details.blinded_rsa_signature, | ||
304 | sig2->details.blinded_rsa_signature); | ||
305 | case GNUNET_CRYPTO_BSA_CS: | ||
306 | return GNUNET_memcmp (&sig1->details.blinded_cs_answer, | ||
307 | &sig2->details.blinded_cs_answer); | ||
308 | } | ||
309 | GNUNET_assert (0); | ||
310 | return -2; | ||
311 | } | ||
312 | |||
313 | |||
314 | int | ||
315 | GNUNET_CRYPTO_blinded_message_cmp ( | ||
316 | const struct GNUNET_CRYPTO_BlindedMessage *bp1, | ||
317 | const struct GNUNET_CRYPTO_BlindedMessage *bp2) | ||
318 | { | ||
319 | if (bp1->cipher != bp2->cipher) | ||
320 | return (bp1->cipher > bp2->cipher) ? 1 : -1; | ||
321 | switch (bp1->cipher) | ||
322 | { | ||
323 | case GNUNET_CRYPTO_BSA_INVALID: | ||
324 | GNUNET_break (0); | ||
325 | return 0; | ||
326 | case GNUNET_CRYPTO_BSA_RSA: | ||
327 | if (bp1->details.rsa_blinded_message.blinded_msg_size != | ||
328 | bp2->details.rsa_blinded_message.blinded_msg_size) | ||
329 | return (bp1->details.rsa_blinded_message.blinded_msg_size > | ||
330 | bp2->details.rsa_blinded_message.blinded_msg_size) ? 1 : -1; | ||
331 | return memcmp (bp1->details.rsa_blinded_message.blinded_msg, | ||
332 | bp2->details.rsa_blinded_message.blinded_msg, | ||
333 | bp1->details.rsa_blinded_message.blinded_msg_size); | ||
334 | case GNUNET_CRYPTO_BSA_CS: | ||
335 | return GNUNET_memcmp (&bp1->details.cs_blinded_message, | ||
336 | &bp2->details.cs_blinded_message); | ||
337 | } | ||
338 | GNUNET_assert (0); | ||
339 | return -2; | ||
340 | } | ||
341 | |||
342 | |||
343 | enum GNUNET_GenericReturnValue | ||
344 | GNUNET_CRYPTO_blind_sign_keys_create ( | ||
345 | struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, | ||
346 | struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, | ||
347 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, | ||
348 | ...) | ||
349 | { | ||
350 | enum GNUNET_GenericReturnValue ret; | ||
351 | va_list ap; | ||
352 | |||
353 | va_start (ap, | ||
354 | cipher); | ||
355 | ret = GNUNET_CRYPTO_blind_sign_keys_create_va (bsign_priv, | ||
356 | bsign_pub, | ||
357 | cipher, | ||
358 | ap); | ||
359 | va_end (ap); | ||
360 | return ret; | ||
361 | } | ||
362 | |||
363 | |||
364 | enum GNUNET_GenericReturnValue | ||
365 | GNUNET_CRYPTO_blind_sign_keys_create_va ( | ||
366 | struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, | ||
367 | struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, | ||
368 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, | ||
369 | va_list ap) | ||
370 | { | ||
371 | struct GNUNET_CRYPTO_BlindSignPrivateKey *priv; | ||
372 | struct GNUNET_CRYPTO_BlindSignPublicKey *pub; | ||
373 | |||
374 | priv = GNUNET_new (struct GNUNET_CRYPTO_BlindSignPrivateKey); | ||
375 | priv->rc = 1; | ||
376 | priv->cipher = cipher; | ||
377 | *bsign_priv = priv; | ||
378 | pub = GNUNET_new (struct GNUNET_CRYPTO_BlindSignPublicKey); | ||
379 | pub->rc = 1; | ||
380 | pub->cipher = cipher; | ||
381 | *bsign_pub = pub; | ||
382 | switch (cipher) | ||
383 | { | ||
384 | case GNUNET_CRYPTO_BSA_INVALID: | ||
385 | GNUNET_break (0); | ||
386 | break; | ||
387 | case GNUNET_CRYPTO_BSA_RSA: | ||
388 | { | ||
389 | unsigned int bits; | ||
390 | |||
391 | bits = va_arg (ap, | ||
392 | unsigned int); | ||
393 | if (bits < 512) | ||
394 | { | ||
395 | GNUNET_break (0); | ||
396 | break; | ||
397 | } | ||
398 | priv->details.rsa_private_key | ||
399 | = GNUNET_CRYPTO_rsa_private_key_create (bits); | ||
400 | } | ||
401 | if (NULL == priv->details.rsa_private_key) | ||
402 | { | ||
403 | GNUNET_break (0); | ||
404 | break; | ||
405 | } | ||
406 | pub->details.rsa_public_key | ||
407 | = GNUNET_CRYPTO_rsa_private_key_get_public ( | ||
408 | priv->details.rsa_private_key); | ||
409 | GNUNET_CRYPTO_rsa_public_key_hash (pub->details.rsa_public_key, | ||
410 | &pub->pub_key_hash); | ||
411 | return GNUNET_OK; | ||
412 | case GNUNET_CRYPTO_BSA_CS: | ||
413 | GNUNET_CRYPTO_cs_private_key_generate (&priv->details.cs_private_key); | ||
414 | GNUNET_CRYPTO_cs_private_key_get_public ( | ||
415 | &priv->details.cs_private_key, | ||
416 | &pub->details.cs_public_key); | ||
417 | GNUNET_CRYPTO_hash (&pub->details.cs_public_key, | ||
418 | sizeof(pub->details.cs_public_key), | ||
419 | &pub->pub_key_hash); | ||
420 | return GNUNET_OK; | ||
421 | } | ||
422 | GNUNET_free (priv); | ||
423 | GNUNET_free (pub); | ||
424 | *bsign_priv = NULL; | ||
425 | *bsign_pub = NULL; | ||
426 | return GNUNET_SYSERR; | ||
427 | } | ||
428 | |||
429 | |||
430 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
431 | GNUNET_CRYPTO_get_blinding_input_values ( | ||
432 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
433 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
434 | const char *salt) | ||
435 | { | ||
436 | struct GNUNET_CRYPTO_BlindingInputValues *biv; | ||
437 | |||
438 | biv = GNUNET_new (struct GNUNET_CRYPTO_BlindingInputValues); | ||
439 | biv->cipher = bsign_priv->cipher; | ||
440 | biv->rc = 1; | ||
441 | switch (bsign_priv->cipher) | ||
442 | { | ||
443 | case GNUNET_CRYPTO_BSA_INVALID: | ||
444 | GNUNET_break (0); | ||
445 | GNUNET_free (biv); | ||
446 | return NULL; | ||
447 | case GNUNET_CRYPTO_BSA_RSA: | ||
448 | return biv; | ||
449 | case GNUNET_CRYPTO_BSA_CS: | ||
450 | { | ||
451 | struct GNUNET_CRYPTO_CsRSecret cspriv[2]; | ||
452 | |||
453 | GNUNET_CRYPTO_cs_r_derive (&nonce->cs_nonce, | ||
454 | salt, | ||
455 | &bsign_priv->details.cs_private_key, | ||
456 | cspriv); | ||
457 | GNUNET_CRYPTO_cs_r_get_public (&cspriv[0], | ||
458 | &biv->details.cs_values.r_pub[0]); | ||
459 | GNUNET_CRYPTO_cs_r_get_public (&cspriv[1], | ||
460 | &biv->details.cs_values.r_pub[1]); | ||
461 | return biv; | ||
462 | } | ||
463 | } | ||
464 | GNUNET_break (0); | ||
465 | GNUNET_free (biv); | ||
466 | return NULL; | ||
467 | } | ||
468 | |||
469 | |||
470 | struct GNUNET_CRYPTO_BlindedMessage * | ||
471 | GNUNET_CRYPTO_message_blind_to_sign ( | ||
472 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | ||
473 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | ||
474 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
475 | const void *message, | ||
476 | size_t message_size, | ||
477 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values) | ||
478 | { | ||
479 | struct GNUNET_CRYPTO_BlindedMessage *bm; | ||
480 | |||
481 | bm = GNUNET_new (struct GNUNET_CRYPTO_BlindedMessage); | ||
482 | bm->cipher = bsign_pub->cipher; | ||
483 | bm->rc = 1; | ||
484 | switch (bsign_pub->cipher) | ||
485 | { | ||
486 | case GNUNET_CRYPTO_BSA_INVALID: | ||
487 | GNUNET_break (0); | ||
488 | GNUNET_free (bm); | ||
489 | return NULL; | ||
490 | case GNUNET_CRYPTO_BSA_RSA: | ||
491 | if (GNUNET_YES != | ||
492 | GNUNET_CRYPTO_rsa_blind ( | ||
493 | message, | ||
494 | message_size, | ||
495 | &bks->rsa_bks, | ||
496 | bsign_pub->details.rsa_public_key, | ||
497 | &bm->details.rsa_blinded_message)) | ||
498 | { | ||
499 | GNUNET_break (0); | ||
500 | GNUNET_free (bm); | ||
501 | return NULL; | ||
502 | } | ||
503 | return bm; | ||
504 | case GNUNET_CRYPTO_BSA_CS: | ||
505 | { | ||
506 | struct GNUNET_CRYPTO_CSPublicRPairP blinded_r_pub; | ||
507 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
508 | |||
509 | if (NULL == nonce) | ||
510 | { | ||
511 | GNUNET_break_op (0); | ||
512 | GNUNET_free (bm); | ||
513 | return NULL; | ||
514 | } | ||
515 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, | ||
516 | bs); | ||
517 | GNUNET_CRYPTO_cs_calc_blinded_c ( | ||
518 | bs, | ||
519 | alg_values->details.cs_values.r_pub, | ||
520 | &bsign_pub->details.cs_public_key, | ||
521 | message, | ||
522 | message_size, | ||
523 | bm->details.cs_blinded_message.c, | ||
524 | &blinded_r_pub); | ||
525 | bm->details.cs_blinded_message.nonce = nonce->cs_nonce; | ||
526 | (void) blinded_r_pub; | ||
527 | return bm; | ||
528 | } | ||
529 | } | ||
530 | GNUNET_break (0); | ||
531 | return NULL; | ||
532 | } | ||
533 | |||
534 | |||
535 | struct GNUNET_CRYPTO_BlindedSignature * | ||
536 | GNUNET_CRYPTO_blind_sign ( | ||
537 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
538 | const char *salt, | ||
539 | const struct GNUNET_CRYPTO_BlindedMessage *blinded_message) | ||
540 | { | ||
541 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig; | ||
542 | |||
543 | if (blinded_message->cipher != bsign_priv->cipher) | ||
544 | { | ||
545 | GNUNET_break (0); | ||
546 | return NULL; | ||
547 | } | ||
548 | |||
549 | blind_sig = GNUNET_new (struct GNUNET_CRYPTO_BlindedSignature); | ||
550 | blind_sig->cipher = bsign_priv->cipher; | ||
551 | blind_sig->rc = 1; | ||
552 | switch (bsign_priv->cipher) | ||
553 | { | ||
554 | case GNUNET_CRYPTO_BSA_INVALID: | ||
555 | GNUNET_break (0); | ||
556 | GNUNET_free (blind_sig); | ||
557 | return NULL; | ||
558 | case GNUNET_CRYPTO_BSA_RSA: | ||
559 | blind_sig->details.blinded_rsa_signature | ||
560 | = GNUNET_CRYPTO_rsa_sign_blinded ( | ||
561 | bsign_priv->details.rsa_private_key, | ||
562 | &blinded_message->details.rsa_blinded_message); | ||
563 | if (NULL == blind_sig->details.blinded_rsa_signature) | ||
564 | { | ||
565 | GNUNET_break (0); | ||
566 | GNUNET_free (blind_sig); | ||
567 | return NULL; | ||
568 | } | ||
569 | return blind_sig; | ||
570 | case GNUNET_CRYPTO_BSA_CS: | ||
571 | { | ||
572 | struct GNUNET_CRYPTO_CsRSecret r[2]; | ||
573 | |||
574 | GNUNET_CRYPTO_cs_r_derive ( | ||
575 | &blinded_message->details.cs_blinded_message.nonce, | ||
576 | salt, | ||
577 | &bsign_priv->details.cs_private_key, | ||
578 | r); | ||
579 | GNUNET_CRYPTO_cs_sign_derive ( | ||
580 | &bsign_priv->details.cs_private_key, | ||
581 | r, | ||
582 | &blinded_message->details.cs_blinded_message, | ||
583 | &blind_sig->details.blinded_cs_answer); | ||
584 | } | ||
585 | return blind_sig; | ||
586 | } | ||
587 | GNUNET_break (0); | ||
588 | return NULL; | ||
589 | } | ||
590 | |||
591 | |||
592 | struct GNUNET_CRYPTO_UnblindedSignature * | ||
593 | GNUNET_CRYPTO_blind_sig_unblind ( | ||
594 | const struct GNUNET_CRYPTO_BlindedSignature *blinded_sig, | ||
595 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | ||
596 | const void *message, | ||
597 | size_t message_size, | ||
598 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values, | ||
599 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) | ||
600 | { | ||
601 | struct GNUNET_CRYPTO_UnblindedSignature *ub_sig; | ||
602 | |||
603 | if (blinded_sig->cipher != bsign_pub->cipher) | ||
604 | { | ||
605 | GNUNET_break (0); | ||
606 | return NULL; | ||
607 | } | ||
608 | if (blinded_sig->cipher != alg_values->cipher) | ||
609 | { | ||
610 | GNUNET_break (0); | ||
611 | return NULL; | ||
612 | } | ||
613 | ub_sig = GNUNET_new (struct GNUNET_CRYPTO_UnblindedSignature); | ||
614 | ub_sig->cipher = blinded_sig->cipher; | ||
615 | ub_sig->rc = 1; | ||
616 | switch (bsign_pub->cipher) | ||
617 | { | ||
618 | case GNUNET_CRYPTO_BSA_INVALID: | ||
619 | GNUNET_break (0); | ||
620 | GNUNET_free (ub_sig); | ||
621 | return NULL; | ||
622 | case GNUNET_CRYPTO_BSA_RSA: | ||
623 | ub_sig->details.rsa_signature | ||
624 | = GNUNET_CRYPTO_rsa_unblind ( | ||
625 | blinded_sig->details.blinded_rsa_signature, | ||
626 | &bks->rsa_bks, | ||
627 | bsign_pub->details.rsa_public_key); | ||
628 | if (NULL == ub_sig->details.rsa_signature) | ||
629 | { | ||
630 | GNUNET_break (0); | ||
631 | GNUNET_free (ub_sig); | ||
632 | return NULL; | ||
633 | } | ||
634 | return ub_sig; | ||
635 | case GNUNET_CRYPTO_BSA_CS: | ||
636 | { | ||
637 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
638 | struct GNUNET_CRYPTO_CsC c[2]; | ||
639 | struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind; | ||
640 | unsigned int b; | ||
641 | |||
642 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, | ||
643 | bs); | ||
644 | GNUNET_CRYPTO_cs_calc_blinded_c ( | ||
645 | bs, | ||
646 | alg_values->details.cs_values.r_pub, | ||
647 | &bsign_pub->details.cs_public_key, | ||
648 | message, | ||
649 | message_size, | ||
650 | c, | ||
651 | &r_pub_blind); | ||
652 | b = blinded_sig->details.blinded_cs_answer.b; | ||
653 | ub_sig->details.cs_signature.r_point | ||
654 | = r_pub_blind.r_pub[b]; | ||
655 | GNUNET_CRYPTO_cs_unblind ( | ||
656 | &blinded_sig->details.blinded_cs_answer.s_scalar, | ||
657 | &bs[b], | ||
658 | &ub_sig->details.cs_signature.s_scalar); | ||
659 | return ub_sig; | ||
660 | } | ||
661 | } | ||
662 | GNUNET_break (0); | ||
663 | GNUNET_free (ub_sig); | ||
664 | return NULL; | ||
665 | } | ||
666 | |||
667 | |||
668 | enum GNUNET_GenericReturnValue | ||
669 | GNUNET_CRYPTO_blind_sig_verify ( | ||
670 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | ||
671 | const struct GNUNET_CRYPTO_UnblindedSignature *ub_sig, | ||
672 | const void *message, | ||
673 | size_t message_size) | ||
674 | { | ||
675 | if (bsign_pub->cipher != ub_sig->cipher) | ||
676 | { | ||
677 | GNUNET_break (0); | ||
678 | return GNUNET_SYSERR; | ||
679 | } | ||
680 | switch (bsign_pub->cipher) | ||
681 | { | ||
682 | case GNUNET_CRYPTO_BSA_INVALID: | ||
683 | GNUNET_break (0); | ||
684 | return GNUNET_NO; | ||
685 | case GNUNET_CRYPTO_BSA_RSA: | ||
686 | if (GNUNET_OK != | ||
687 | GNUNET_CRYPTO_rsa_verify (message, | ||
688 | message_size, | ||
689 | ub_sig->details.rsa_signature, | ||
690 | bsign_pub->details.rsa_public_key)) | ||
691 | { | ||
692 | GNUNET_break_op (0); | ||
693 | return GNUNET_NO; | ||
694 | } | ||
695 | return GNUNET_YES; | ||
696 | case GNUNET_CRYPTO_BSA_CS: | ||
697 | if (GNUNET_OK != | ||
698 | GNUNET_CRYPTO_cs_verify (&ub_sig->details.cs_signature, | ||
699 | &bsign_pub->details.cs_public_key, | ||
700 | message, | ||
701 | message_size)) | ||
702 | { | ||
703 | GNUNET_break_op (0); | ||
704 | return GNUNET_NO; | ||
705 | } | ||
706 | return GNUNET_YES; | ||
707 | } | ||
708 | GNUNET_break (0); | ||
709 | return GNUNET_NO; | ||
710 | } | ||
711 | |||
712 | |||
713 | /* end of crypto_blind_sign.c */ | ||