From: Rudolf Polzer Date: Sun, 25 Apr 2010 10:33:02 +0000 (+0200) Subject: separate RSA modulus from DL modulus; we still need the RSA modulus to generate the... X-Git-Tag: xonotic-v0.1.0preview~47 X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=96974f716a500bab3fc813644021e706331a94d9;p=xonotic%2Fd0_blind_id.git separate RSA modulus from DL modulus; we still need the RSA modulus to generate the DL modulus, but the user now can decide to generate his own prime --- diff --git a/d0_blind_id.c b/d0_blind_id.c index c0352cd..6732455 100644 --- a/d0_blind_id.c +++ b/d0_blind_id.c @@ -223,28 +223,24 @@ void d0_blind_id_copy(d0_blind_id_t *ctx, const d0_blind_id_t *src) // TODO xnbh, msg, msglen? } -WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_keys(d0_blind_id_t *ctx, int k) +WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_key(d0_blind_id_t *ctx, int k) { d0_blind_id_clear(ctx); - CHECK_ASSIGN(ctx->schnorr_G, d0_bignum_new()); - CHECK(d0_dl_generate_key(k, ctx->schnorr_G)); - CHECK_ASSIGN(ctx->rsa_e, d0_bignum_int(NULL, 65537)); - CHECK_ASSIGN(ctx->rsa_d, d0_bignum_new()); - CHECK_ASSIGN(ctx->rsa_n, d0_bignum_new()); + CHECK_ASSIGN(ctx->rsa_e, d0_bignum_int(ctx->rsa_e, 65537)); + CHECK_ASSIGN(ctx->rsa_d, d0_bignum_zero(ctx->rsa_d)); + CHECK_ASSIGN(ctx->rsa_n, d0_bignum_zero(ctx->rsa_n)); CHECK(d0_rsa_generate_key(k+1, ctx->rsa_e, ctx->rsa_d, ctx->rsa_n)); // must fit G for sure return 1; fail: return 0; } -WARN_UNUSED_RESULT BOOL d0_blind_id_read_private_keys(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen) +WARN_UNUSED_RESULT BOOL d0_blind_id_read_private_key(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen) { d0_iobuf_t *in = d0_iobuf_open_read(inbuf, inbuflen); - d0_blind_id_clear(ctx); - CHECK_ASSIGN(ctx->schnorr_G, d0_iobuf_read_bignum(in, NULL)); - CHECK_ASSIGN(ctx->rsa_n, d0_iobuf_read_bignum(in, NULL)); - CHECK_ASSIGN(ctx->rsa_e, d0_iobuf_read_bignum(in, NULL)); - CHECK_ASSIGN(ctx->rsa_d, d0_iobuf_read_bignum(in, NULL)); + CHECK_ASSIGN(ctx->rsa_n, d0_iobuf_read_bignum(in, ctx->rsa_n)); + CHECK_ASSIGN(ctx->rsa_e, d0_iobuf_read_bignum(in, ctx->rsa_e)); + CHECK_ASSIGN(ctx->rsa_d, d0_iobuf_read_bignum(in, ctx->rsa_d)); return d0_iobuf_close(in, NULL); fail: @@ -252,13 +248,11 @@ fail: return 0; } -WARN_UNUSED_RESULT BOOL d0_blind_id_read_public_keys(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen) +WARN_UNUSED_RESULT BOOL d0_blind_id_read_public_key(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen) { d0_iobuf_t *in = d0_iobuf_open_read(inbuf, inbuflen); - d0_blind_id_clear(ctx); - CHECK_ASSIGN(ctx->schnorr_G, d0_iobuf_read_bignum(in, NULL)); - CHECK_ASSIGN(ctx->rsa_n, d0_iobuf_read_bignum(in, NULL)); - CHECK_ASSIGN(ctx->rsa_e, d0_iobuf_read_bignum(in, NULL)); + CHECK_ASSIGN(ctx->rsa_n, d0_iobuf_read_bignum(in, ctx->rsa_n)); + CHECK_ASSIGN(ctx->rsa_e, d0_iobuf_read_bignum(in, ctx->rsa_e)); return d0_iobuf_close(in, NULL); fail: @@ -269,14 +263,13 @@ fail: #define USING(x) if(!(ctx->x)) return 0 #define REPLACING(x) -WARN_UNUSED_RESULT BOOL d0_blind_id_write_private_keys(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen) +WARN_UNUSED_RESULT BOOL d0_blind_id_write_private_key(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen) { d0_iobuf_t *out; USING(rsa_n); USING(rsa_e); USING(rsa_d); out = d0_iobuf_open_write(outbuf, *outbuflen); - CHECK(d0_iobuf_write_bignum(out, ctx->schnorr_G)); CHECK(d0_iobuf_write_bignum(out, ctx->rsa_n)); CHECK(d0_iobuf_write_bignum(out, ctx->rsa_e)); CHECK(d0_iobuf_write_bignum(out, ctx->rsa_d)); @@ -287,14 +280,13 @@ fail: return 0; } -WARN_UNUSED_RESULT BOOL d0_blind_id_write_public_keys(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen) +WARN_UNUSED_RESULT BOOL d0_blind_id_write_public_key(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen) { d0_iobuf_t *out; - USING(rsa_n); USING(rsa_e); USING(rsa_d); + USING(rsa_n); USING(rsa_e); out = d0_iobuf_open_write(outbuf, *outbuflen); - CHECK(d0_iobuf_write_bignum(out, ctx->schnorr_G)); CHECK(d0_iobuf_write_bignum(out, ctx->rsa_n)); CHECK(d0_iobuf_write_bignum(out, ctx->rsa_e)); return d0_iobuf_close(out, outbuflen); @@ -305,6 +297,44 @@ fail: return 0; } +WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_id_modulus(d0_blind_id_t *ctx) +{ + USING(rsa_n); + REPLACING(schnorr_G); + + CHECK_ASSIGN(ctx->schnorr_G, d0_bignum_zero(ctx->schnorr_G)); + CHECK(d0_dl_generate_key(d0_bignum_size(ctx->rsa_n)-1, ctx->schnorr_G)); + return 1; +fail: + return 0; +} + +WARN_UNUSED_RESULT BOOL d0_blind_id_read_private_id_modulus(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen) +{ + d0_iobuf_t *in = d0_iobuf_open_read(inbuf, inbuflen); + CHECK_ASSIGN(ctx->schnorr_G, d0_iobuf_read_bignum(in, ctx->schnorr_G)); + return d0_iobuf_close(in, NULL); + +fail: + d0_iobuf_close(in, NULL); + return 0; +} + +WARN_UNUSED_RESULT BOOL d0_blind_id_write_private_id_modulus(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen) +{ + d0_iobuf_t *out; + + USING(schnorr_G); + + out = d0_iobuf_open_write(outbuf, *outbuflen); + CHECK(d0_iobuf_write_bignum(out, ctx->schnorr_G)); + return d0_iobuf_close(out, outbuflen); + +fail: + d0_iobuf_close(out, outbuflen); + return 0; +} + WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_id_start(d0_blind_id_t *ctx) { // temps: temp0 order @@ -461,7 +491,7 @@ fail: return 0; } -WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_start(d0_blind_id_t *ctx, int is_first, char *msg, size_t msglen, char *outbuf, size_t *outbuflen) +WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_start(d0_blind_id_t *ctx, BOOL is_first, BOOL send_modulus, char *msg, size_t msglen, char *outbuf, size_t *outbuflen) // start = // first run: send 4^s, 4^s signature // 1. get random r, send HASH(4^r) @@ -483,6 +513,8 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_start(d0_blind_ if(is_first) { // send ID + if(send_modulus) + CHECK(d0_iobuf_write_bignum(out, ctx->schnorr_G)); CHECK(d0_iobuf_write_bignum(out, ctx->schnorr_4_to_s)); CHECK(d0_iobuf_write_bignum(out, ctx->schnorr_4_to_s_signature)); } @@ -510,7 +542,7 @@ fail: return 0; } -WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status) +WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, BOOL is_first, BOOL recv_modulus, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status) // first run: get 4^s, 4^s signature // 1. check sig // 2. save HASH(4^r) @@ -522,11 +554,14 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_bl if(is_first) { REPLACING(schnorr_4_to_s); REPLACING(k); REPLACING(schnorr_4_to_s_signature); - USING(schnorr_G); USING(rsa_n); + USING(rsa_n); + if(!recv_modulus) + USING(schnorr_G); } else { USING(schnorr_4_to_s_signature); USING(schnorr_4_to_s); + USING(schnorr_G); } USING(rsa_e); USING(rsa_n); REPLACING(e); REPLACING(msg); REPLACING(msglen); @@ -536,8 +571,14 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_bl if(is_first) { - CHECK_ASSIGN(ctx->schnorr_4_to_s, d0_iobuf_read_bignum(in, NULL)); - CHECK(d0_bignum_cmp(ctx->schnorr_4_to_s, zero) >= 0); + if(recv_modulus) + { + CHECK_ASSIGN(ctx->schnorr_G, d0_iobuf_read_bignum(in, ctx->schnorr_G)); + CHECK(d0_bignum_cmp(ctx->schnorr_G, zero) > 0); + CHECK(d0_bignum_cmp(ctx->schnorr_G, ctx->rsa_n) < 0); + } + CHECK_ASSIGN(ctx->schnorr_4_to_s, d0_iobuf_read_bignum(in, ctx->schnorr_4_to_s)); + CHECK(d0_bignum_cmp(ctx->schnorr_4_to_s, zero) > 0); CHECK(d0_bignum_cmp(ctx->schnorr_4_to_s, ctx->schnorr_G) < 0); CHECK_ASSIGN(ctx->schnorr_4_to_s_signature, d0_iobuf_read_bignum(in, ctx->schnorr_4_to_s_signature)); CHECK(d0_bignum_cmp(ctx->schnorr_4_to_s_signature, zero) >= 0); diff --git a/d0_blind_id.h b/d0_blind_id.h index a7ae46e..e962a47 100644 --- a/d0_blind_id.h +++ b/d0_blind_id.h @@ -9,12 +9,15 @@ EXPORT WARN_UNUSED_RESULT d0_blind_id_t *d0_blind_id_new(void); EXPORT void d0_blind_id_free(d0_blind_id_t *a); EXPORT void d0_blind_id_clear(d0_blind_id_t *ctx); EXPORT void d0_blind_id_copy(d0_blind_id_t *ctx, const d0_blind_id_t *src); -EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_keys(d0_blind_id_t *ctx, int k); -EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_read_private_keys(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen); -EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_read_public_keys(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen); -EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_private_keys(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); -EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_public_keys(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); -EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_id_start(d0_blind_id_t *ctx); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_key(d0_blind_id_t *ctx, int k); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_read_private_key(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_read_public_key(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_private_key(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_public_key(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_id_modulus(d0_blind_id_t *ctx); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_read_private_id_modulus(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_private_id_modulus(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_id_start(d0_blind_id_t *ctx); // generates a modulus if necessary EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_id_request(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_answer_private_id_request(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_finish_private_id_request(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen); @@ -22,8 +25,8 @@ EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_read_private_id(d0_blind_id_t *ctx, c EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_read_public_id(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_private_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_public_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); -EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_start(d0_blind_id_t *ctx, int is_first, char *message, size_t msglen, char *outbuf, size_t *outbuflen); -EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_start(d0_blind_id_t *ctx, BOOL is_first, BOOL send_modulus, char *message, size_t msglen, char *outbuf, size_t *outbuflen); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, BOOL is_first, BOOL recv_modulus, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_response(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen, BOOL *status); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_fingerprint64_public_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); diff --git a/main.c b/main.c index 50197e6..5da16d0 100644 --- a/main.c +++ b/main.c @@ -53,13 +53,24 @@ int main(int argc, char **argv) ctx_self = d0_blind_id_new(); ctx_other = d0_blind_id_new(); - if(!d0_blind_id_generate_private_keys(ctx_self, 1024)) + printf("keygen RSA...\n"); + if(!d0_blind_id_generate_private_key(ctx_self, 1024)) errx(1, "keygen fail"); - bufsize = sizeof(buf); if(!d0_blind_id_write_public_keys(ctx_self, buf, &bufsize)) + bufsize = sizeof(buf); if(!d0_blind_id_write_public_key(ctx_self, buf, &bufsize)) errx(2, "writepub fail"); - if(!d0_blind_id_read_public_keys(ctx_other, buf, bufsize)) + if(!d0_blind_id_read_public_key(ctx_other, buf, bufsize)) errx(3, "readpub fail"); + printf("keygen modulus...\n"); + if(!d0_blind_id_generate_private_id_modulus(ctx_other)) + errx(1, "keygen fail"); + /* + bufsize = sizeof(buf); if(!d0_blind_id_write_private_id_modulus(ctx_other, buf, &bufsize)) + errx(2, "writepub fail"); + if(!d0_blind_id_read_private_id_modulus(ctx_self, buf, bufsize)) + errx(3, "readpub fail"); + */ + signal(SIGINT, mysignal); int n = 0; @@ -100,10 +111,10 @@ int main(int argc, char **argv) while(!quit) { bench(&bench_auth); - bufsize = sizeof(buf); if(!d0_blind_id_authenticate_with_private_id_start(ctx_other, 1, "hello world", 11, buf, &bufsize)) + bufsize = sizeof(buf); if(!d0_blind_id_authenticate_with_private_id_start(ctx_other, 1, 1, "hello world", 11, buf, &bufsize)) errx(9, "start fail"); bench(&bench_chall); - buf2size = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_challenge(ctx_self, 1, buf, bufsize, buf2, &buf2size, NULL)) + buf2size = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_challenge(ctx_self, 1, 1, buf, bufsize, buf2, &buf2size, NULL)) errx(10, "challenge fail"); bench(&bench_resp); bufsize = sizeof(buf); if(!d0_blind_id_authenticate_with_private_id_response(ctx_other, buf2, buf2size, buf, &bufsize))