[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 01/06: NEWS: major revision of blind signature API
From: |
gnunet |
Subject: |
[gnunet] 01/06: NEWS: major revision of blind signature API |
Date: |
Fri, 27 Oct 2023 20:08:40 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet.
commit 198cc94844665c2ffbe3fcb5ea848e6d1e8334d4
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Wed Oct 18 23:34:03 2023 +0200
NEWS: major revision of blind signature API
---
src/include/gnunet_crypto_lib.h | 662 +++++++++++++++++++++++++++++++++++++---
1 file changed, 618 insertions(+), 44 deletions(-)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index f3ea3ed25..5286bb418 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -660,6 +660,10 @@ struct GNUNET_CRYPTO_CsSignature
* Schnorr signatures are composed of a scalar s and a curve point
*/
struct GNUNET_CRYPTO_CsS s_scalar;
+
+ /**
+ * Curve point of the Schnorr signature.
+ */
struct GNUNET_CRYPTO_CsRPublic r_point;
};
@@ -2801,8 +2805,9 @@ GNUNET_CRYPTO_rsa_private_key_get_public (
* @param hc where to store the hash code
*/
void
-GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey
*key,
- struct GNUNET_HashCode *hc);
+GNUNET_CRYPTO_rsa_public_key_hash (
+ const struct GNUNET_CRYPTO_RsaPublicKey *key,
+ struct GNUNET_HashCode *hc);
/**
@@ -2906,36 +2911,52 @@ GNUNET_CRYPTO_rsa_public_key_cmp (const struct
GNUNET_CRYPTO_RsaPublicKey *p1,
const struct GNUNET_CRYPTO_RsaPublicKey *p2);
+/**
+ * @brief RSA Parameters to create blinded signature
+ */
+struct GNUNET_CRYPTO_RsaBlindedMessage
+{
+ /**
+ * Blinded message to be signed
+ * Note: is malloc()'ed!
+ */
+ void *blinded_msg;
+
+ /**
+ * Size of the @e blinded_msg to be signed.
+ */
+ size_t blinded_msg_size;
+};
+
+
/**
* Blinds the given message with the given blinding key
*
- * @param hash hash of the message to sign
+ * @param message the message to sign
+ * @param message_size number of bytes in @a message
* @param bks the blinding key
* @param pkey the public key of the signer
- * @param[out] buf set to a buffer with the blinded message to be signed
- * @param[out] buf_size number of bytes stored in @a buf
+ * @param[out] bm set to the blinded message
* @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
*/
enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
+GNUNET_CRYPTO_rsa_blind (const void *message,
+ size_t message_size,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey,
- void **buf,
- size_t *buf_size);
+ struct GNUNET_CRYPTO_RsaBlindedMessage *bm);
/**
* Sign a blinded value, which must be a full domain hash of a message.
*
* @param key private key to use for the signing
- * @param msg the (blinded) message to sign
- * @param msg_len number of bytes in @a msg to sign
+ * @param bm the (blinded) message to sign
* @return NULL on error, signature on success
*/
struct GNUNET_CRYPTO_RsaSignature *
GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
- const void *msg,
- size_t msg_len);
+ const struct GNUNET_CRYPTO_RsaBlindedMessage
*bm);
/**
@@ -2950,10 +2971,21 @@ GNUNET_CRYPTO_rsa_sign_fdh (const struct
GNUNET_CRYPTO_RsaPrivateKey *key,
const struct GNUNET_HashCode *hash);
+/**
+ * Free memory occupied by blinded message. Only frees contents, not
+ * @a bm itself.
+ *
+ * @param[in] bm memory to free
+ */
+void
+GNUNET_CRYPTO_rsa_blinded_message_free (
+ struct GNUNET_CRYPTO_RsaBlindedMessage *bm);
+
+
/**
* Free memory occupied by signature.
*
- * @param sig memory to free
+ * @param[in] sig memory to free
*/
void
GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig);
@@ -2981,8 +3013,9 @@ GNUNET_CRYPTO_rsa_signature_encode (
* @return NULL on error
*/
struct GNUNET_CRYPTO_RsaSignature *
-GNUNET_CRYPTO_rsa_signature_decode (const void *buf,
- size_t buf_size);
+GNUNET_CRYPTO_rsa_signature_decode (
+ const void *buf,
+ size_t buf_size);
/**
@@ -2992,7 +3025,8 @@ GNUNET_CRYPTO_rsa_signature_decode (const void *buf,
* @return the duplicate key; NULL upon error
*/
struct GNUNET_CRYPTO_RsaSignature *
-GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig);
+GNUNET_CRYPTO_rsa_signature_dup (
+ const struct GNUNET_CRYPTO_RsaSignature *sig);
/**
@@ -3015,13 +3049,15 @@ GNUNET_CRYPTO_rsa_unblind (const struct
GNUNET_CRYPTO_RsaSignature *sig,
* Verify whether the given hash corresponds to the given signature and the
* signature is valid with respect to the given public key.
*
- * @param hash the message to verify to match the @a sig
+ * @param message the message to sign
+ * @param message_size number of bytes in @a message
* @param sig signature that is being validated
* @param public_key public key of the signer
* @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious,
#GNUNET_SYSERR if signature
*/
enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
+GNUNET_CRYPTO_rsa_verify (const void *message,
+ size_t message_size,
const struct GNUNET_CRYPTO_RsaSignature *sig,
const struct GNUNET_CRYPTO_RsaPublicKey *public_key);
@@ -3061,10 +3097,11 @@ GNUNET_CRYPTO_cs_private_key_get_public (
* @param[out] r array containing derived secrets r0 and r1
*/
void
-GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
- const char *seed,
- const struct GNUNET_CRYPTO_CsPrivateKey *lts,
- struct GNUNET_CRYPTO_CsRSecret r[2]);
+GNUNET_CRYPTO_cs_r_derive (
+ const struct GNUNET_CRYPTO_CsNonce *nonce,
+ const char *seed,
+ const struct GNUNET_CRYPTO_CsPrivateKey *lts,
+ struct GNUNET_CRYPTO_CsRSecret r[2]);
/**
@@ -3074,8 +3111,10 @@ GNUNET_CRYPTO_cs_r_derive (const struct
GNUNET_CRYPTO_CsNonce *nonce,
* @param[out] r_pub where to write the public key
*/
void
-GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv,
- struct GNUNET_CRYPTO_CsRPublic *r_pub);
+GNUNET_CRYPTO_cs_r_get_public (
+ const struct GNUNET_CRYPTO_CsRSecret *r_priv,
+ struct GNUNET_CRYPTO_CsRPublic *r_pub);
+
/**
* Derives new random blinding factors.
@@ -3094,7 +3133,25 @@ GNUNET_CRYPTO_cs_blinding_secrets_derive (
/**
- * Calculate two blinded c's
+ * @brief CS Parameters derived from the message
+ * during blinding to create blinded signature
+ */
+struct GNUNET_CRYPTO_CsBlindedMessage
+{
+ /**
+ * The Clause Schnorr c_0 and c_1 containing the blinded message
+ */
+ struct GNUNET_CRYPTO_CsC c[2];
+
+ /**
+ * Public nonce.
+ */
+ struct GNUNET_CRYPTO_CsNonce nonce;
+};
+
+
+/**
+ * Calculate two blinded c's.
* Comment: One would be insecure due to Wagner's algorithm solving ROS
*
* @param bs array of the two blinding factor structs each containing alpha
and beta
@@ -3105,6 +3162,7 @@ GNUNET_CRYPTO_cs_blinding_secrets_derive (
* @param[out] blinded_c array of the two blinded c's
* @param[out] blinded_r_pub array of the two blinded R
*/
+// FIXME: function signature can probably be improved...
void
GNUNET_CRYPTO_cs_calc_blinded_c (
const struct GNUNET_CRYPTO_CsBlindingSecret bs[2],
@@ -3117,28 +3175,45 @@ GNUNET_CRYPTO_cs_calc_blinded_c (
/**
- * Sign a blinded c
- * This function derives b from a nonce and a longterm secret
- * In original papers b is generated randomly
+ * The Sign Answer for Clause Blind Schnorr signature.
+ * The sign operation returns a parameter @param b and the signature
+ * scalar @param s_scalar.
+ */
+struct GNUNET_CRYPTO_CsBlindSignature
+{
+ /**
+ * To make ROS problem harder, the signer chooses an unpredictable b and
+ * only calculates signature of c_b
+ */
+ unsigned int b;
+
+ /**
+ * The blinded s scalar calculated from c_b
+ */
+ struct GNUNET_CRYPTO_CsBlindS s_scalar;
+};
+
+
+/**
+ * Sign a blinded @a c.
+ * This function derives b from a nonce and a longterm secret.
+ * In the original papers b is generated randomly.
* To provide abort-idempotency, b needs to be derived but still need to be
UNPREDICTABLE.
- * To ensure unpredictability a new nonce has to be used for every signature
- * HKDF is used internally for derivation
- * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive
+ * To ensure unpredictability a new nonce has to be used for every signature.
+ * HKDF is used internally for derivation.
+ * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive.
*
* @param priv private key to use for the signing and as LTS in HKDF
- * @param r array of the two secret nonce from the signer
- * @param c array of the two blinded c to sign c_b
- * @param nonce is a random nonce
- * @param[out] blinded_signature_scalar where to write the signature
- * @return 0 or 1 for b (see Clause Blind Signature Scheme)
+ * @param r array of the two secret inputs from the signer
+ * @param bm blinded message, including array of the two blinded c to sign c_b
and the random nonce
+ * @param[out] cs_blind_sig where to write the blind signature
*/
-unsigned int
+void
GNUNET_CRYPTO_cs_sign_derive (
const struct GNUNET_CRYPTO_CsPrivateKey *priv,
const struct GNUNET_CRYPTO_CsRSecret r[2],
- const struct GNUNET_CRYPTO_CsC c[2],
- const struct GNUNET_CRYPTO_CsNonce *nonce,
- struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar);
+ const struct GNUNET_CRYPTO_CsBlindedMessage *bm,
+ struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig);
/**
@@ -3166,10 +3241,509 @@ GNUNET_CRYPTO_cs_unblind (
* @returns #GNUNET_YES on success, #GNUNET_SYSERR if signature invalid
*/
enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig,
- const struct GNUNET_CRYPTO_CsPublicKey *pub,
- const void *msg,
- size_t msg_len);
+GNUNET_CRYPTO_cs_verify (
+ const struct GNUNET_CRYPTO_CsSignature *sig,
+ const struct GNUNET_CRYPTO_CsPublicKey *pub,
+ const void *msg,
+ size_t msg_len);
+
+
+
+/**
+ * Types of public keys used for blind signatures.
+ */
+enum GNUNET_CRYPTO_BlindSignatureAlgorithm
+{
+
+ /**
+ * Invalid type of signature.
+ */
+ GNUNET_CRYPTO_BSA_INVALID = 0,
+
+ /**
+ * RSA blind signature.
+ */
+ GNUNET_CRYPTO_BSA_RSA = 1,
+
+ /**
+ * Clause Blind Schnorr signature.
+ */
+ GNUNET_CRYPTO_BSA_CS = 2
+};
+
+
+/**
+ * @brief Type of (unblinded) signatures.
+ */
+struct GNUNET_CRYPTO_UnblindedSignature
+{
+
+ /**
+ * Type of the signature.
+ */
+ enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+
+ /**
+ * Reference counter.
+ */
+ unsigned int rc;
+
+ /**
+ * Details, depending on @e cipher.
+ */
+ union
+ {
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+ */
+ struct GNUNET_CRYPTO_CsSignature cs_signature;
+
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher.
+ */
+ struct GNUNET_CRYPTO_RsaSignature *rsa_signature;
+
+ } details;
+
+};
+
+
+/**
+ * @brief Type for *blinded* signatures.
+ * Must be unblinded before it becomes valid.
+ */
+struct GNUNET_CRYPTO_BlindedSignature
+{
+
+ /**
+ * Type of the signature.
+ */
+ enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+
+ /**
+ * Reference counter.
+ */
+ unsigned int rc;
+
+ /**
+ * Details, depending on @e cipher.
+ */
+ union
+ {
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+ * At this point only the blinded s scalar is used.
+ * The final signature consisting of r,s is built after unblinding.
+ */
+ struct GNUNET_CRYPTO_CsBlindSignature blinded_cs_answer;
+
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher.
+ */
+ struct GNUNET_CRYPTO_RsaSignature *blinded_rsa_signature;
+
+ } details;
+
+};
+
+
+/**
+ * @brief Type of public signing keys for blind signatures.
+ */
+struct GNUNET_CRYPTO_BlindSignPublicKey
+{
+
+ /**
+ * Type of the public key.
+ */
+ enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+
+ /**
+ * Reference counter.
+ */
+ unsigned int rc;
+
+ /**
+ * Hash of the public key.
+ */
+ struct GNUNET_HashCode pub_key_hash;
+
+ /**
+ * Details, depending on @e cipher.
+ */
+ union
+ {
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+ */
+ struct GNUNET_CRYPTO_CsPublicKey cs_public_key;
+
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher.
+ */
+ struct GNUNET_CRYPTO_RsaPublicKey *rsa_public_key;
+
+ } details;
+};
+
+
+/**
+ * @brief Type of private signing keys for blind signing.
+ */
+struct GNUNET_CRYPTO_BlindSignPrivateKey
+{
+
+ /**
+ * Type of the public key.
+ */
+ enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+
+ /**
+ * Reference counter.
+ */
+ unsigned int rc;
+
+ /**
+ * Details, depending on @e cipher.
+ */
+ union
+ {
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+ */
+ struct GNUNET_CRYPTO_CsPrivateKey cs_private_key;
+
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher.
+ */
+ struct GNUNET_CRYPTO_RsaPrivateKey *rsa_private_key;
+
+ } details;
+};
+
+
+/**
+ * @brief Blinded message ready for blind signing.
+ */
+struct GNUNET_CRYPTO_BlindedMessage
+{
+ /**
+ * Type of the sign blinded message
+ */
+ enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+
+ /**
+ * Reference counter.
+ */
+ unsigned int rc;
+
+ /**
+ * Details, depending on @e cipher.
+ */
+ union
+ {
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+ */
+ struct GNUNET_CRYPTO_CsBlindedMessage cs_blinded_message;
+
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher.
+ */
+ struct GNUNET_CRYPTO_RsaBlindedMessage rsa_blinded_message;
+
+ } details;
+};
+
+
+/**
+ * Pair of Public R values for Cs denominations
+ */
+struct GNUNET_CRYPTO_CSPublicRPairP
+{
+ struct GNUNET_CRYPTO_CsRPublic r_pub[2];
+};
+
+
+/**
+ * Secret r for Cs denominations
+ */
+struct GNUNET_CRYPTO_CSPrivateRPairP
+{
+ struct GNUNET_CRYPTO_CsRSecret r[2];
+};
+
+
+/**
+ * @brief Input needed for blinding a message.
+ */
+struct GNUNET_CRYPTO_BlindingInputValues
+{
+
+ /**
+ * Type of the signature.
+ */
+ enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+
+ /**
+ * Reference counter.
+ */
+ unsigned int rc;
+
+ /**
+ * Details, depending on @e cipher.
+ */
+ union
+ {
+ /**
+ * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+ */
+ struct GNUNET_CRYPTO_CSPublicRPairP cs_values;
+
+ } details;
+
+};
+
+
+/**
+ * Decrement reference counter of a @a bsign_pub, and free it if it reaches
zero.
+ *
+ * @param[in] bsign_pub key to free
+ */
+void
+GNUNET_CRYPTO_blind_sign_pub_decref (struct GNUNET_CRYPTO_BlindSignPublicKey
*bsign_pub);
+
+
+/**
+ * Decrement reference counter of a @a bsign_priv, and free it if it reaches
zero.
+ *
+ * @param[in] bsign_priv key to free
+ */
+void
+GNUNET_CRYPTO_blind_sign_priv_decref (struct GNUNET_CRYPTO_BlindSignPrivateKey
*bsign_priv);
+
+
+/**
+ * Decrement reference counter of a @a ub_sig, and free it if it reaches zero.
+ *
+ * @param[in] ub_sig signature to free
+ */
+void
+GNUNET_CRYPTO_unblinded_sig_decref (struct GNUNET_CRYPTO_UnblindedSignature
*ub_sig);
+
+
+/**
+ * Decrement reference counter of a @a blind_sig, and free it if it reaches
zero.
+ *
+ * @param[in] blind_sig signature to free
+ */
+void
+GNUNET_CRYPTO_blinded_sig_decref (
+ struct GNUNET_CRYPTO_BlindedSignature *blind_sig);
+
+
+/**
+ * Increment reference counter of the given @a bsign_pub.
+ *
+ * @param[in,out] bsign_pub public key to increment reference counter for
+ * @return alias of @a bsign_pub with RC incremented
+ */
+struct GNUNET_CRYPTO_BlindSignPublicKey *
+GNUNET_CRYPTO_bsign_pub_incref (struct GNUNET_CRYPTO_BlindSignPublicKey
*bsign_pub);
+
+
+/**
+ * Increment reference counter of the given @a bsign_priv.
+ *
+ * @param[in,out] bsign_priv private key to increment reference counter for
+ * @return alias of @a bsign_priv with RC incremented
+ */
+struct GNUNET_CRYPTO_BlindSignPrivateKey *
+GNUNET_CRYPTO_bsign_priv_incref (struct GNUNET_CRYPTO_BlindSignPrivateKey
*bsign_priv);
+
+
+/**
+ * Increment reference counter of the given @a ub_sig.
+ *
+ * @param[in,out] ub_sig signature to increment reference counter for
+ * @return alias of @a ub_sig with RC incremented
+ */
+struct GNUNET_CRYPTO_UnblindedSignature *
+GNUNET_CRYPTO_ub_sig_incref (struct GNUNET_CRYPTO_UnblindedSignature *ub_sig);
+
+
+/**
+ * Increment reference counter of the given @a blind_sig.
+ *
+ * @param[in,out] blind_sig signature to increment reference counter for
+ * @return alias of @a blind_sig with RC incremented
+ */
+struct GNUNET_CRYPTO_BlindedSignature *
+GNUNET_CRYPTO_blind_sig_incref (
+ struct GNUNET_CRYPTO_BlindedSignature *blind_sig);
+
+
+/**
+ * Compare two denomination public keys.
+ *
+ * @param bp1 first key
+ * @param bp2 second key
+ * @return 0 if the keys are equal, otherwise -1 or 1
+ */
+int
+GNUNET_CRYPTO_bsign_pub_cmp (
+ const struct GNUNET_CRYPTO_BlindSignPublicKey *bp1,
+ const struct GNUNET_CRYPTO_BlindSignPublicKey *bp2);
+
+
+/**
+ * Compare two denomination signatures.
+ *
+ * @param sig1 first signature
+ * @param sig2 second signature
+ * @return 0 if the keys are equal, otherwise -1 or 1
+ */
+int
+GNUNET_CRYPTO_ub_sig_cmp (const struct GNUNET_CRYPTO_UnblindedSignature *sig1,
+ const struct GNUNET_CRYPTO_UnblindedSignature *sig2);
+
+
+/**
+ * Compare two blinded denomination signatures.
+ *
+ * @param sig1 first signature
+ * @param sig2 second signature
+ * @return 0 if the keys are equal, otherwise -1 or 1
+ */
+int
+GNUNET_blind_sig_cmp (
+ const struct GNUNET_CRYPTO_BlindedSignature *sig1,
+ const struct GNUNET_CRYPTO_BlindedSignature *sig2);
+
+
+/**
+ * Compare two blinded messages.
+ *
+ * @param bp1 first blinded message
+ * @param bp2 second blinded message
+ * @return 0 if the keys are equal, otherwise -1 or 1
+ */
+int
+GNUNET_CRYPTO_blinded_message_cmp (
+ const struct GNUNET_CRYPTO_BlindedMessage *bp1,
+ const struct GNUNET_CRYPTO_BlindedMessage *bp2);
+
+
+/**
+ * Initialize public-private key pair for blind signatures.
+ *
+ * For #GNUNET_CRYPTO_BSA_RSA, an additional "unsigned int"
+ * argument with the number of bits for 'n' (e.g. 2048) must
+ * be passed.
+ *
+ * @param[out] denom_priv where to write the private key with RC 1
+ * @param[out] denom_pub where to write the public key with RC 1
+ * @param cipher which type of cipher to use
+ * @param ... RSA key size (eg. 2048/3072/4096)
+ * @return #GNUNET_OK on success, #GNUNET_NO if parameters were invalid
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_blind_sign_keys_create (
+ struct GNUNET_CRYPTO_BlindSignPrivateKey **denom_priv,
+ struct GNUNET_CRYPTO_BlindSignPublicKey **denom_pub,
+ enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher,
+ ...);
+
+
+/**
+ * @brief Type of blinding secrets. Must be exactly 32 bytes (DB).
+ */
+union GNUNET_CRYPTO_BlindingSecretP
+{
+ /**
+ * Clause Schnorr nonce. FIXME: probably should have
+ * a different type than the nonce we send over the
+ * network!!!
+ */
+ struct GNUNET_CRYPTO_CsNonce nonce;
+
+ /**
+ * Variant for RSA for blind signatures.
+ */
+ struct GNUNET_CRYPTO_RsaBlindingKeySecret rsa_bks;
+};
+
+
+/**
+ * Blind message for blind signing with @a dk using blinding secret @a
coin_bks.
+ *
+ * @param bsign_pub public key to blind for
+ * @param bks blinding secret to use
+ * @param message message to sign
+ * @param message_size number of bytes in @a message
+ * @param alg_values algorithm specific values to blind the @a message
+ * @return blinded message to give to signer, NULL on error
+ */
+struct GNUNET_CRYPTO_BlindedMessage *
+GNUNET_CRYPTO_message_blind_to_sign (
+ const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub,
+ const union GNUNET_CRYPTO_BlindingSecretP *bks,
+ const void *message,
+ size_t message_size,
+ const struct GNUNET_CRYPTO_BlindingInputValues *alg_values);
+
+
+/**
+ * Create blind signature.
+ *
+ * @param bsign_priv private key to use for signing
+ * @param salt salt value to use for the HKDF
+ * @param blinded_message the already blinded message to sign
+ * @return blind signature with RC=1, NULL on failure
+ */
+struct GNUNET_CRYPTO_BlindedSignature *
+GNUNET_CRYPTO_blind_sign (
+ const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv,
+ const char *salt,
+ const struct GNUNET_CRYPTO_BlindedMessage *blinded_message);
+
+
+/**
+ * Unblind blind signature.
+ *
+ * @param blinded_sig the blind signature
+ * @param bks blinding secret to use
+ * @param message message that was supposedly signed
+ * @param message_size number of bytes in @a message
+ * @param alg_values algorithm specific values
+ * @param bsign_pub public key used for signing
+ * @return unblinded signature with RC=1, NULL on error
+ */
+struct GNUNET_CRYPTO_UnblindedSignature *
+GNUNET_CRYPTO_blind_sig_unblind (
+ const struct GNUNET_CRYPTO_BlindedSignature *blinded_sig,
+ const union GNUNET_CRYPTO_BlindingSecretP *bks,
+ const void *message,
+ size_t message_size,
+ const struct GNUNET_CRYPTO_BlindingInputValues *alg_values,
+ const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub);
+
+
+/**
+ * Verify signature made blindly.
+ *
+ * @param bsign_pub public key
+ * @param ub_sig signature made blindly with the private key
+ * @param message message that was supposedly signed
+ * @param message_size number of bytes in @a message
+ * @return #GNUNET_OK if the signature is valid
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_blind_sig_verify (
+ const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub,
+ const struct GNUNET_CRYPTO_UnblindedSignature *ub_sig,
+ const void *message,
+ size_t message_size);
/**
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnunet] branch master updated (23853f2d7 -> db1ea2c6e), gnunet, 2023/10/27
- [gnunet] 03/06: distinguish blinding and session nonces, gnunet, 2023/10/27
- [gnunet] 04/06: more work on new blind signature API and implementation, gnunet, 2023/10/27
- [gnunet] 01/06: NEWS: major revision of blind signature API,
gnunet <=
- [gnunet] 06/06: -fix memory leak, gnunet, 2023/10/27
- [gnunet] 02/06: new blind signing logic, gnunet, 2023/10/27
- [gnunet] 05/06: more work on new blind signing API, gnunet, 2023/10/27