From 45e4bc1701370aa0576e3f693c08dbf078fab028 Mon Sep 17 00:00:00 2001 From: Rudolf Polzer Date: Wed, 25 Aug 2010 17:17:34 +0200 Subject: [PATCH] add a helper function d0_blind_id_authenticate_with_private_id_generate_missing_signature to generate NON-blind signatures: Server shall: - load private key Both shall: - perform authentication as usual Server shall: - notice that the status is false - call d0_blind_id_authenticate_with_private_id_generate_missing_signature - write public ID - send that data to client Client shall: - read own private ID - get fingerprint - read received public ID (leaves the private part alone) - verify fingerprint - possibly verify ID - write own private ID again --- Makefile.am | 2 +- d0_blind_id.c | 25 +++++++++++++++++++++++++ d0_blind_id.h | 1 + 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 89a0886..31a92be 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,7 +12,7 @@ lib_LTLIBRARIES = libd0_blind_id.la libd0_blind_id_la_SOURCES = d0_bignum-gmp.c d0_blind_id.c d0.c d0_iobuf.c sha2.c \ d0_bignum-gmp.h d0_blind_id.h d0.h d0_iobuf.h sha2.h -libd0_blind_id_la_LDFLAGS = -versioninfo 2:0:2 +libd0_blind_id_la_LDFLAGS = -versioninfo 3:0:3 libd0_blind_id_la_CFLAGS = -fvisibility=hidden -Wold-style-definition -Wstrict-prototypes -Wsign-compare -Wdeclaration-after-statement library_includedir = $(includedir)/d0_blind_id library_include_HEADERS = d0_blind_id.h d0.h diff --git a/d0_blind_id.c b/d0_blind_id.c index cc85624..4989e9e 100644 --- a/d0_blind_id.c +++ b/d0_blind_id.c @@ -979,6 +979,31 @@ fail: return 0; } +WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_generate_missing_signature(d0_blind_id_t *ctx) +{ + size_t sz; + static unsigned char shabuf[2048]; + + REPLACING(schnorr_H_g_to_s_signature); + USING(schnorr_g_to_s); USING(rsa_d); USING(rsa_n); + + // we will actually sign SHA(4^s) to prevent a malleability attack! + CHECK(d0_bignum_mov(temp2, ctx->schnorr_g_to_s)); + sz = (d0_bignum_size(ctx->rsa_n) + 7) / 8; // this is too long, so we have to take the value % rsa_n when "decrypting" + if(sz > sizeof(shabuf)) + sz = sizeof(shabuf); + CHECK(d0_longhash_destructive(temp2, shabuf, sz)); + CHECK(d0_bignum_import_unsigned(temp2, shabuf, sz)); + + // + 7 / 8 is too large, so let's mod it + CHECK(d0_bignum_divmod(NULL, temp1, temp2, ctx->rsa_n)); + CHECK(d0_bignum_mod_pow(ctx->schnorr_H_g_to_s_signature, temp1, ctx->rsa_d, ctx->rsa_n)); + return 1; + +fail: + return 0; +} + WARN_UNUSED_RESULT BOOL d0_blind_id_fingerprint64_public_id(const d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen) { d0_iobuf_t *out = NULL; diff --git a/d0_blind_id.h b/d0_blind_id.h index cc5afba..15768a6 100644 --- a/d0_blind_id.h +++ b/d0_blind_id.h @@ -34,6 +34,7 @@ EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_start(d0 EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, BOOL is_first, BOOL recv_modulus, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_response(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, size_t *msglen, BOOL *status); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_generate_missing_signature(d0_blind_id_t *ctx); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_fingerprint64_public_id(const d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_sessionkey_public_id(const d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); // can only be done after successful key exchange, this performs a modpow; key length is limited by SHA_DIGESTSIZE for now; also ONLY valid after successful d0_blind_id_authenticate_with_private_id_verify/d0_blind_id_fingerprint64_public_id -- 2.39.2