// public data (player ID public key, this is what the server gets to know)
d0_bignum_t *schnorr_4_to_s;
- d0_bignum_t *schnorr_4_to_s_signature;
+ d0_bignum_t *schnorr_4_to_s_signature; // 0 when signature is invalid
// temp data
d0_bignum_t *rn; // random number blind signature
CHECK(d0_dl_get_order(temp0, ctx->schnorr_G));
CHECK_ASSIGN(ctx->schnorr_s, d0_bignum_rand_range(ctx->schnorr_s, zero, temp0));
CHECK_ASSIGN(ctx->schnorr_4_to_s, d0_bignum_mod_pow(ctx->schnorr_4_to_s, four, ctx->schnorr_s, ctx->schnorr_G));
+ CHECK_ASSIGN(ctx->schnorr_4_to_s_signature, d0_bignum_zero(ctx->schnorr_4_to_s_signature));
return 1;
fail:
return 0;
}
-WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen)
+WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status)
// first run: get 4^s, 4^s signature
// 1. check sig
// 2. save HASH(4^r)
CHECK_ASSIGN(ctx->schnorr_4_to_s_signature, d0_iobuf_read_bignum(in, ctx->schnorr_4_to_s_signature));
CHECK(d0_bignum_cmp(ctx->schnorr_4_to_s_signature, zero) >= 0);
CHECK(d0_bignum_cmp(ctx->schnorr_4_to_s_signature, ctx->rsa_n) < 0);
- }
- // check signature of key (t = k^d, so, t^e = k)
- CHECK(d0_bignum_mod_pow(temp0, ctx->schnorr_4_to_s_signature, ctx->rsa_e, ctx->rsa_n));
- if(d0_bignum_cmp(temp0, ctx->schnorr_4_to_s))
- {
- // FAIL (not signed by Xonotic)
- goto fail;
- // TODO: accept the key anyway, but mark as failed signature!
+ // check signature of key (t = k^d, so, t^e = k)
+ CHECK(d0_bignum_mod_pow(temp0, ctx->schnorr_4_to_s_signature, ctx->rsa_e, ctx->rsa_n));
+ if(d0_bignum_cmp(temp0, ctx->schnorr_4_to_s))
+ {
+ // accept the key anyway, but mark as failed signature! will later return 0 in status
+ CHECK(d0_bignum_zero(ctx->schnorr_4_to_s_signature));
+ }
}
CHECK(d0_iobuf_read_raw(in, ctx->xnbh, SCHNORR_HASHSIZE));
CHECK(d0_iobuf_write_bignum(out, ctx->e));
+ if(status)
+ *status = !!d0_bignum_cmp(ctx->schnorr_4_to_s_signature, zero);
+
d0_iobuf_close(in, NULL);
return d0_iobuf_close(out, outbuflen);
return 0;
}
-WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen)
+WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen, BOOL *status)
// 1. read y = r + s * e mod order
// 2. verify: g^y (g^s)^-e = g^(r+s*e-s*e) = g^r
// (check using H(g^r) which we know)
goto fail;
}
+ if(status)
+ *status = !!d0_bignum_cmp(ctx->schnorr_4_to_s_signature, zero);
+
if(ctx->msglen <= (size_t) *msglen)
memcpy(msg, ctx->msg, ctx->msglen);
else
EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_private_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen);
EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_public_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen);
EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_start(d0_blind_id_t *ctx, int is_first, char *message, size_t msglen, char *outbuf, size_t *outbuflen);
-EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen);
+EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status);
EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_response(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen);
-EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen);
+EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen, BOOL *status);
EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_fingerprint64_public_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen);
EXPORT void d0_blind_id_INITIALIZE(void);
n = 0;
double bench_auth = 0, bench_chall = 0, bench_resp = 0, bench_verify = 0;
+ BOOL status;
while(!quit)
{
bench(&bench_auth);
bufsize = sizeof(buf); if(!d0_blind_id_authenticate_with_private_id_start(ctx_other, 1, "hello world", 11, buf, &bufsize))
errx(9, "start fail");
bench(&bench_chall);
- buf2size = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_challenge(ctx_self, 1, buf, bufsize, buf2, &buf2size))
+ buf2size = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_challenge(ctx_self, 1, buf, bufsize, buf2, &buf2size, NULL))
errx(10, "challenge fail");
bench(&bench_resp);
bufsize = sizeof(buf); if(!d0_blind_id_authenticate_with_private_id_response(ctx_other, buf2, buf2size, buf, &bufsize))
errx(11, "response fail");
bench(&bench_verify);
- buf2ssize = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_verify(ctx_self, buf, bufsize, buf2, &buf2ssize))
+ buf2ssize = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_verify(ctx_self, buf, bufsize, buf2, &buf2ssize, &status))
errx(12, "verify fail");
if(buf2ssize != 11 || memcmp(buf2, "hello world", 11))
errx(13, "hello fail");
+ if(!status)
+ errx(14, "signature fail");
bench(&bench_stop);
++n;
if(n % 1024 == 0)
projects / xonotic / d0_blind_id.git / commitdiff