From: Rudolf Polzer <divverent@alientrap.org>
Date: Sun, 25 Apr 2010 10:15:12 +0000 (+0200)
Subject: make the signature on the private ID optional
X-Git-Tag: xonotic-v0.1.0preview~48
X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=ee0e9cbc2a456437dd83bb4e39fd38c508089529;p=xonotic%2Fd0_blind_id.git

make the signature on the private ID optional
---

diff --git a/d0_blind_id.c b/d0_blind_id.c
index 0b4d99f..c0352cd 100644
--- a/d0_blind_id.c
+++ b/d0_blind_id.c
@@ -51,7 +51,7 @@ struct d0_blind_id_s
 
 	// public data (player ID public key, this is what the server gets to know)
 	d0_bignum_t *schnorr_4_to_s;
-	d0_bignum_t *schnorr_4_to_s_signature;
+	d0_bignum_t *schnorr_4_to_s_signature; // 0 when signature is invalid
 
 	// temp data
 	d0_bignum_t *rn; // random number blind signature
@@ -314,6 +314,7 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_id_start(d0_blind_id_t *ctx
 	CHECK(d0_dl_get_order(temp0, ctx->schnorr_G));
 	CHECK_ASSIGN(ctx->schnorr_s, d0_bignum_rand_range(ctx->schnorr_s, zero, temp0));
 	CHECK_ASSIGN(ctx->schnorr_4_to_s, d0_bignum_mod_pow(ctx->schnorr_4_to_s, four, ctx->schnorr_s, ctx->schnorr_G));
+	CHECK_ASSIGN(ctx->schnorr_4_to_s_signature, d0_bignum_zero(ctx->schnorr_4_to_s_signature));
 	return 1;
 
 fail:
@@ -509,7 +510,7 @@ fail:
 	return 0;
 }
 
-WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen)
+WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status)
 //   first run: get 4^s, 4^s signature
 //   1. check sig
 //   2. save HASH(4^r)
@@ -541,15 +542,14 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_bl
 		CHECK_ASSIGN(ctx->schnorr_4_to_s_signature, d0_iobuf_read_bignum(in, ctx->schnorr_4_to_s_signature));
 		CHECK(d0_bignum_cmp(ctx->schnorr_4_to_s_signature, zero) >= 0);
 		CHECK(d0_bignum_cmp(ctx->schnorr_4_to_s_signature, ctx->rsa_n) < 0);
-	}
 
-	// check signature of key (t = k^d, so, t^e = k)
-	CHECK(d0_bignum_mod_pow(temp0, ctx->schnorr_4_to_s_signature, ctx->rsa_e, ctx->rsa_n));
-	if(d0_bignum_cmp(temp0, ctx->schnorr_4_to_s))
-	{
-		// FAIL (not signed by Xonotic)
-		goto fail;
-		// TODO: accept the key anyway, but mark as failed signature!
+		// check signature of key (t = k^d, so, t^e = k)
+		CHECK(d0_bignum_mod_pow(temp0, ctx->schnorr_4_to_s_signature, ctx->rsa_e, ctx->rsa_n));
+		if(d0_bignum_cmp(temp0, ctx->schnorr_4_to_s))
+		{
+			// accept the key anyway, but mark as failed signature! will later return 0 in status
+			CHECK(d0_bignum_zero(ctx->schnorr_4_to_s_signature));
+		}
 	}
 
 	CHECK(d0_iobuf_read_raw(in, ctx->xnbh, SCHNORR_HASHSIZE));
@@ -561,6 +561,9 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_bl
 
 	CHECK(d0_iobuf_write_bignum(out, ctx->e));
 
+	if(status)
+		*status = !!d0_bignum_cmp(ctx->schnorr_4_to_s_signature, zero);
+
 	d0_iobuf_close(in, NULL);
 	return d0_iobuf_close(out, outbuflen);
 
@@ -604,7 +607,7 @@ fail:
 	return 0;
 }
 
-WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen)
+WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen, BOOL *status)
 //   1. read y = r + s * e mod order
 //   2. verify: g^y (g^s)^-e = g^(r+s*e-s*e) = g^r
 //      (check using H(g^r) which we know)
@@ -646,6 +649,9 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind
 		goto fail;
 	}
 
+	if(status)
+		*status = !!d0_bignum_cmp(ctx->schnorr_4_to_s_signature, zero);
+
 	if(ctx->msglen <= (size_t) *msglen)
 		memcpy(msg, ctx->msg, ctx->msglen);
 	else
diff --git a/d0_blind_id.h b/d0_blind_id.h
index 4877c93..a7ae46e 100644
--- a/d0_blind_id.h
+++ b/d0_blind_id.h
@@ -23,9 +23,9 @@ EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_read_public_id(d0_blind_id_t *ctx, co
 EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_private_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen);
 EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_public_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen);
 EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_start(d0_blind_id_t *ctx, int is_first, char *message, size_t msglen, char *outbuf, size_t *outbuflen);
-EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen);
+EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status);
 EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_response(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen);
-EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen);
+EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen, BOOL *status);
 EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_fingerprint64_public_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen);
 
 EXPORT void d0_blind_id_INITIALIZE(void);
diff --git a/main.c b/main.c
index eaaa9e3..50197e6 100644
--- a/main.c
+++ b/main.c
@@ -96,22 +96,25 @@ int main(int argc, char **argv)
 
 	n = 0;
 	double bench_auth = 0, bench_chall = 0, bench_resp = 0, bench_verify = 0;
+	BOOL status;
 	while(!quit)
 	{
 		bench(&bench_auth);
 		bufsize = sizeof(buf); if(!d0_blind_id_authenticate_with_private_id_start(ctx_other, 1, "hello world", 11, buf, &bufsize))
 			errx(9, "start fail");
 		bench(&bench_chall);
-		buf2size = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_challenge(ctx_self, 1, buf, bufsize, buf2, &buf2size))
+		buf2size = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_challenge(ctx_self, 1, buf, bufsize, buf2, &buf2size, NULL))
 			errx(10, "challenge fail");
 		bench(&bench_resp);
 		bufsize = sizeof(buf); if(!d0_blind_id_authenticate_with_private_id_response(ctx_other, buf2, buf2size, buf, &bufsize))
 			errx(11, "response fail");
 		bench(&bench_verify);
-		buf2ssize = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_verify(ctx_self, buf, bufsize, buf2, &buf2ssize))
+		buf2ssize = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_verify(ctx_self, buf, bufsize, buf2, &buf2ssize, &status))
 			errx(12, "verify fail");
 		if(buf2ssize != 11 || memcmp(buf2, "hello world", 11))
 			errx(13, "hello fail");
+		if(!status)
+			errx(14, "signature fail");
 		bench(&bench_stop);
 		++n;
 		if(n % 1024 == 0)