[gnunet] 03/06: distinguish blinding and session nonces

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnunet] 03/06: distinguish blinding and session nonces

From:	gnunet
Subject:	[gnunet] 03/06: distinguish blinding and session nonces
Date:	Fri, 27 Oct 2023 20:08:42 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository gnunet.

commit d2e4ba93f679d4845c4bca883e53eae053c99e38
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Thu Oct 19 22:06:08 2023 +0200

    distinguish blinding and session nonces
---
 src/include/gnunet_crypto_lib.h | 36 +++++++++++++++++++++++-------------
 src/lib/util/crypto_cs.c        | 11 ++++++-----
 src/lib/util/test_crypto_cs.c   | 18 +++++++++++-------
 3 files changed, 40 insertions(+), 25 deletions(-)

diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 3507a4f4d..11bd680e7 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -669,12 +669,24 @@ struct GNUNET_CRYPTO_CsSignature
 
 
 /**
- * Nonce
+ * Nonce for the session, picked by client,
+ * shared with the signer.
  */
-struct GNUNET_CRYPTO_CsNonce
+struct GNUNET_CRYPTO_CsSessionNonce
 {
   /*a nonce*/
-  unsigned char nonce[256 / 8];
+  unsigned char snonce[256 / 8];
+};
+
+
+/**
+ * Nonce for computing blinding factors. Not
+ * shared with the signer.
+ */
+struct GNUNET_CRYPTO_CsBlindingNonce
+{
+  /*a nonce*/
+  unsigned char bnonce[256 / 8];
 };
 
 
@@ -3100,7 +3112,7 @@ GNUNET_CRYPTO_cs_private_key_get_public (
  */
 void
 GNUNET_CRYPTO_cs_r_derive (
-  const struct GNUNET_CRYPTO_CsNonce *nonce,
+  const struct GNUNET_CRYPTO_CsSessionNonce *nonce,
   const char *seed,
   const struct GNUNET_CRYPTO_CsPrivateKey *lts,
   struct GNUNET_CRYPTO_CsRSecret r[2]);
@@ -3121,16 +3133,16 @@ GNUNET_CRYPTO_cs_r_get_public (
 /**
  * Derives new random blinding factors.
  * In original papers blinding factors are generated randomly
- * To provide abort-idempotency, blinding factors need to be derived but still 
need to be UNPREDICTABLE
+ * To provide abort-idempotency, blinding factors need to be derived but still 
need to be UNPREDICTABLE.
  * To ensure unpredictability a new nonce has to be used.
- * Uses HKDF internally
+ * Uses HKDF internally.
  *
  * @param blind_seed is the blinding seed to derive blinding factors
  * @param[out] bs array containing the two derived blinding secrets
  */
 void
 GNUNET_CRYPTO_cs_blinding_secrets_derive (
-  const struct GNUNET_CRYPTO_CsNonce *blind_seed,
+  const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed,
   struct GNUNET_CRYPTO_CsBlindingSecret bs[2]);
 
 
@@ -3146,9 +3158,9 @@ struct GNUNET_CRYPTO_CsBlindedMessage
   struct GNUNET_CRYPTO_CsC c[2];
 
   /**
-   * Public nonce.
+   * Public nonce used to generate the R-values.
    */
-  struct GNUNET_CRYPTO_CsNonce nonce;
+  struct GNUNET_CRYPTO_CsSessionNonce nonce;
 };
 
 
@@ -3663,11 +3675,9 @@ GNUNET_CRYPTO_blind_sign_keys_create (
 union GNUNET_CRYPTO_BlindingSecretP
 {
   /**
-   * Clause Schnorr nonce. FIXME: probably should have
-   * a different type than the nonce we send over the
-   * network!!!
+   * Clause Schnorr nonce. 
    */
-  struct GNUNET_CRYPTO_CsNonce nonce;
+  struct GNUNET_CRYPTO_CsBlindingNonce nonce;
 
   /**
    * Variant for RSA for blind signatures.
diff --git a/src/lib/util/crypto_cs.c b/src/lib/util/crypto_cs.c
index 4933b04f4..cf1c43c25 100644
--- a/src/lib/util/crypto_cs.c
+++ b/src/lib/util/crypto_cs.c
@@ -75,7 +75,7 @@ map_to_scalar_subgroup (struct GNUNET_CRYPTO_Cs25519Scalar 
*scalar)
 
 
 void
-GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
+GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsSessionNonce *nonce,
                            const char *seed,
                            const struct GNUNET_CRYPTO_CsPrivateKey *lts,
                            struct GNUNET_CRYPTO_CsRSecret r[2])
@@ -84,7 +84,7 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce 
*nonce,
     GNUNET_YES ==
     GNUNET_CRYPTO_kdf (
       r,     sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2,
-      seed,   strlen (seed),
+      seed,  strlen (seed),
       lts,   sizeof (*lts),
       nonce, sizeof (*nonce),
       NULL,  0));
@@ -97,14 +97,15 @@ void
 GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv,
                                struct GNUNET_CRYPTO_CsRPublic *r_pub)
 {
-  GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y,
-                                                              
r_priv->scalar.d));
+  GNUNET_assert (0 ==
+                 crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y,
+                                                         r_priv->scalar.d));
 }
 
 
 void
 GNUNET_CRYPTO_cs_blinding_secrets_derive (
-  const struct GNUNET_CRYPTO_CsNonce *blind_seed,
+  const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed,
   struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
 {
   GNUNET_assert (
diff --git a/src/lib/util/test_crypto_cs.c b/src/lib/util/test_crypto_cs.c
index c930ce3ac..5b3aac778 100644
--- a/src/lib/util/test_crypto_cs.c
+++ b/src/lib/util/test_crypto_cs.c
@@ -90,7 +90,7 @@ test_generate_pub (const struct GNUNET_CRYPTO_CsPrivateKey 
*priv,
 
 
 static void
-test_derive_rsecret (const struct GNUNET_CRYPTO_CsNonce *nonce,
+test_derive_rsecret (const struct GNUNET_CRYPTO_CsSessionNonce *nonce,
                      const struct GNUNET_CRYPTO_CsPrivateKey *priv,
                      struct GNUNET_CRYPTO_CsRSecret r[2])
 {
@@ -169,7 +169,7 @@ test_generate_rpublic (const struct GNUNET_CRYPTO_CsRSecret 
*r_priv,
 
 
 static void
-test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsNonce *blind_seed,
+test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsBlindingNonce 
*blind_seed,
                              struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
 {
   /* TEST 1
@@ -513,11 +513,11 @@ main (int argc,
   test_generate_pub (&priv,
                      &pub);
 
-  // derive nonce
-  struct GNUNET_CRYPTO_CsNonce nonce;
+  // set nonce
+  struct GNUNET_CRYPTO_CsSessionNonce nonce;
   GNUNET_assert (GNUNET_YES ==
-                 GNUNET_CRYPTO_kdf (nonce.nonce,
-                                    sizeof(nonce.nonce),
+                 GNUNET_CRYPTO_kdf (&nonce,
+                                    sizeof(nonce),
                                     "nonce",
                                     strlen ("nonce"),
                                     "nonce_secret",
@@ -549,11 +549,15 @@ main (int argc,
 
   // generate blinding secrets
   struct GNUNET_CRYPTO_CsBlindingSecret blindingsecrets[2];
+  struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
 
+  memset (&bnonce,
+          42,
+          sizeof (bnonce));
   memset (blindingsecrets,
           42,
           sizeof (blindingsecrets));
-  test_derive_blindingsecrets (&nonce,
+  test_derive_blindingsecrets (&bnonce,
                                blindingsecrets);
 
   // calculate blinded c's

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnunet] branch master updated (23853f2d7 -> db1ea2c6e), gnunet, 2023/10/27
- [gnunet] 03/06: distinguish blinding and session nonces, gnunet <=
- [gnunet] 04/06: more work on new blind signature API and implementation, gnunet, 2023/10/27
- [gnunet] 01/06: NEWS: major revision of blind signature API, gnunet, 2023/10/27
- [gnunet] 06/06: -fix memory leak, gnunet, 2023/10/27
- [gnunet] 02/06: new blind signing logic, gnunet, 2023/10/27
- [gnunet] 05/06: more work on new blind signing API, gnunet, 2023/10/27

Prev by Date: [gnunet] tag last-gnunet-0.20-compatible created (now 23853f2d7)
Next by Date: [gnunet] 04/06: more work on new blind signature API and implementation
Previous by thread: [gnunet] branch master updated (23853f2d7 -> db1ea2c6e)
Next by thread: [gnunet] 04/06: more work on new blind signature API and implementation
Index(es):
- Date
- Thread