[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 03/06: distinguish blinding and session nonces
From: |
gnunet |
Subject: |
[gnunet] 03/06: distinguish blinding and session nonces |
Date: |
Fri, 27 Oct 2023 20:08:42 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet.
commit d2e4ba93f679d4845c4bca883e53eae053c99e38
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Thu Oct 19 22:06:08 2023 +0200
distinguish blinding and session nonces
---
src/include/gnunet_crypto_lib.h | 36 +++++++++++++++++++++++-------------
src/lib/util/crypto_cs.c | 11 ++++++-----
src/lib/util/test_crypto_cs.c | 18 +++++++++++-------
3 files changed, 40 insertions(+), 25 deletions(-)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 3507a4f4d..11bd680e7 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -669,12 +669,24 @@ struct GNUNET_CRYPTO_CsSignature
/**
- * Nonce
+ * Nonce for the session, picked by client,
+ * shared with the signer.
*/
-struct GNUNET_CRYPTO_CsNonce
+struct GNUNET_CRYPTO_CsSessionNonce
{
/*a nonce*/
- unsigned char nonce[256 / 8];
+ unsigned char snonce[256 / 8];
+};
+
+
+/**
+ * Nonce for computing blinding factors. Not
+ * shared with the signer.
+ */
+struct GNUNET_CRYPTO_CsBlindingNonce
+{
+ /*a nonce*/
+ unsigned char bnonce[256 / 8];
};
@@ -3100,7 +3112,7 @@ GNUNET_CRYPTO_cs_private_key_get_public (
*/
void
GNUNET_CRYPTO_cs_r_derive (
- const struct GNUNET_CRYPTO_CsNonce *nonce,
+ const struct GNUNET_CRYPTO_CsSessionNonce *nonce,
const char *seed,
const struct GNUNET_CRYPTO_CsPrivateKey *lts,
struct GNUNET_CRYPTO_CsRSecret r[2]);
@@ -3121,16 +3133,16 @@ GNUNET_CRYPTO_cs_r_get_public (
/**
* Derives new random blinding factors.
* In original papers blinding factors are generated randomly
- * To provide abort-idempotency, blinding factors need to be derived but still
need to be UNPREDICTABLE
+ * To provide abort-idempotency, blinding factors need to be derived but still
need to be UNPREDICTABLE.
* To ensure unpredictability a new nonce has to be used.
- * Uses HKDF internally
+ * Uses HKDF internally.
*
* @param blind_seed is the blinding seed to derive blinding factors
* @param[out] bs array containing the two derived blinding secrets
*/
void
GNUNET_CRYPTO_cs_blinding_secrets_derive (
- const struct GNUNET_CRYPTO_CsNonce *blind_seed,
+ const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed,
struct GNUNET_CRYPTO_CsBlindingSecret bs[2]);
@@ -3146,9 +3158,9 @@ struct GNUNET_CRYPTO_CsBlindedMessage
struct GNUNET_CRYPTO_CsC c[2];
/**
- * Public nonce.
+ * Public nonce used to generate the R-values.
*/
- struct GNUNET_CRYPTO_CsNonce nonce;
+ struct GNUNET_CRYPTO_CsSessionNonce nonce;
};
@@ -3663,11 +3675,9 @@ GNUNET_CRYPTO_blind_sign_keys_create (
union GNUNET_CRYPTO_BlindingSecretP
{
/**
- * Clause Schnorr nonce. FIXME: probably should have
- * a different type than the nonce we send over the
- * network!!!
+ * Clause Schnorr nonce.
*/
- struct GNUNET_CRYPTO_CsNonce nonce;
+ struct GNUNET_CRYPTO_CsBlindingNonce nonce;
/**
* Variant for RSA for blind signatures.
diff --git a/src/lib/util/crypto_cs.c b/src/lib/util/crypto_cs.c
index 4933b04f4..cf1c43c25 100644
--- a/src/lib/util/crypto_cs.c
+++ b/src/lib/util/crypto_cs.c
@@ -75,7 +75,7 @@ map_to_scalar_subgroup (struct GNUNET_CRYPTO_Cs25519Scalar
*scalar)
void
-GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
+GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsSessionNonce *nonce,
const char *seed,
const struct GNUNET_CRYPTO_CsPrivateKey *lts,
struct GNUNET_CRYPTO_CsRSecret r[2])
@@ -84,7 +84,7 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce
*nonce,
GNUNET_YES ==
GNUNET_CRYPTO_kdf (
r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2,
- seed, strlen (seed),
+ seed, strlen (seed),
lts, sizeof (*lts),
nonce, sizeof (*nonce),
NULL, 0));
@@ -97,14 +97,15 @@ void
GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv,
struct GNUNET_CRYPTO_CsRPublic *r_pub)
{
- GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y,
-
r_priv->scalar.d));
+ GNUNET_assert (0 ==
+ crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y,
+ r_priv->scalar.d));
}
void
GNUNET_CRYPTO_cs_blinding_secrets_derive (
- const struct GNUNET_CRYPTO_CsNonce *blind_seed,
+ const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed,
struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
{
GNUNET_assert (
diff --git a/src/lib/util/test_crypto_cs.c b/src/lib/util/test_crypto_cs.c
index c930ce3ac..5b3aac778 100644
--- a/src/lib/util/test_crypto_cs.c
+++ b/src/lib/util/test_crypto_cs.c
@@ -90,7 +90,7 @@ test_generate_pub (const struct GNUNET_CRYPTO_CsPrivateKey
*priv,
static void
-test_derive_rsecret (const struct GNUNET_CRYPTO_CsNonce *nonce,
+test_derive_rsecret (const struct GNUNET_CRYPTO_CsSessionNonce *nonce,
const struct GNUNET_CRYPTO_CsPrivateKey *priv,
struct GNUNET_CRYPTO_CsRSecret r[2])
{
@@ -169,7 +169,7 @@ test_generate_rpublic (const struct GNUNET_CRYPTO_CsRSecret
*r_priv,
static void
-test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsNonce *blind_seed,
+test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsBlindingNonce
*blind_seed,
struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
{
/* TEST 1
@@ -513,11 +513,11 @@ main (int argc,
test_generate_pub (&priv,
&pub);
- // derive nonce
- struct GNUNET_CRYPTO_CsNonce nonce;
+ // set nonce
+ struct GNUNET_CRYPTO_CsSessionNonce nonce;
GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (nonce.nonce,
- sizeof(nonce.nonce),
+ GNUNET_CRYPTO_kdf (&nonce,
+ sizeof(nonce),
"nonce",
strlen ("nonce"),
"nonce_secret",
@@ -549,11 +549,15 @@ main (int argc,
// generate blinding secrets
struct GNUNET_CRYPTO_CsBlindingSecret blindingsecrets[2];
+ struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
+ memset (&bnonce,
+ 42,
+ sizeof (bnonce));
memset (blindingsecrets,
42,
sizeof (blindingsecrets));
- test_derive_blindingsecrets (&nonce,
+ test_derive_blindingsecrets (&bnonce,
blindingsecrets);
// calculate blinded c's
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnunet] branch master updated (23853f2d7 -> db1ea2c6e), gnunet, 2023/10/27
- [gnunet] 03/06: distinguish blinding and session nonces,
gnunet <=
- [gnunet] 04/06: more work on new blind signature API and implementation, gnunet, 2023/10/27
- [gnunet] 01/06: NEWS: major revision of blind signature API, gnunet, 2023/10/27
- [gnunet] 06/06: -fix memory leak, gnunet, 2023/10/27
- [gnunet] 02/06: new blind signing logic, gnunet, 2023/10/27
- [gnunet] 05/06: more work on new blind signing API, gnunet, 2023/10/27