From ee0e9cbc2a456437dd83bb4e39fd38c508089529 Mon Sep 17 00:00:00 2001 From: Rudolf Polzer Date: Sun, 25 Apr 2010 12:15:12 +0200 Subject: [PATCH] make the signature on the private ID optional --- d0_blind_id.c | 28 +++++++++++++++++----------- d0_blind_id.h | 4 ++-- main.c | 7 +++++-- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/d0_blind_id.c b/d0_blind_id.c index 0b4d99f..c0352cd 100644 --- a/d0_blind_id.c +++ b/d0_blind_id.c @@ -51,7 +51,7 @@ struct d0_blind_id_s // public data (player ID public key, this is what the server gets to know) d0_bignum_t *schnorr_4_to_s; - d0_bignum_t *schnorr_4_to_s_signature; + d0_bignum_t *schnorr_4_to_s_signature; // 0 when signature is invalid // temp data d0_bignum_t *rn; // random number blind signature @@ -314,6 +314,7 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_generate_private_id_start(d0_blind_id_t *ctx CHECK(d0_dl_get_order(temp0, ctx->schnorr_G)); CHECK_ASSIGN(ctx->schnorr_s, d0_bignum_rand_range(ctx->schnorr_s, zero, temp0)); CHECK_ASSIGN(ctx->schnorr_4_to_s, d0_bignum_mod_pow(ctx->schnorr_4_to_s, four, ctx->schnorr_s, ctx->schnorr_G)); + CHECK_ASSIGN(ctx->schnorr_4_to_s_signature, d0_bignum_zero(ctx->schnorr_4_to_s_signature)); return 1; fail: @@ -509,7 +510,7 @@ fail: return 0; } -WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen) +WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status) // first run: get 4^s, 4^s signature // 1. check sig // 2. save HASH(4^r) @@ -541,15 +542,14 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_bl CHECK_ASSIGN(ctx->schnorr_4_to_s_signature, d0_iobuf_read_bignum(in, ctx->schnorr_4_to_s_signature)); CHECK(d0_bignum_cmp(ctx->schnorr_4_to_s_signature, zero) >= 0); CHECK(d0_bignum_cmp(ctx->schnorr_4_to_s_signature, ctx->rsa_n) < 0); - } - // check signature of key (t = k^d, so, t^e = k) - CHECK(d0_bignum_mod_pow(temp0, ctx->schnorr_4_to_s_signature, ctx->rsa_e, ctx->rsa_n)); - if(d0_bignum_cmp(temp0, ctx->schnorr_4_to_s)) - { - // FAIL (not signed by Xonotic) - goto fail; - // TODO: accept the key anyway, but mark as failed signature! + // check signature of key (t = k^d, so, t^e = k) + CHECK(d0_bignum_mod_pow(temp0, ctx->schnorr_4_to_s_signature, ctx->rsa_e, ctx->rsa_n)); + if(d0_bignum_cmp(temp0, ctx->schnorr_4_to_s)) + { + // accept the key anyway, but mark as failed signature! will later return 0 in status + CHECK(d0_bignum_zero(ctx->schnorr_4_to_s_signature)); + } } CHECK(d0_iobuf_read_raw(in, ctx->xnbh, SCHNORR_HASHSIZE)); @@ -561,6 +561,9 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_bl CHECK(d0_iobuf_write_bignum(out, ctx->e)); + if(status) + *status = !!d0_bignum_cmp(ctx->schnorr_4_to_s_signature, zero); + d0_iobuf_close(in, NULL); return d0_iobuf_close(out, outbuflen); @@ -604,7 +607,7 @@ fail: return 0; } -WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen) +WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen, BOOL *status) // 1. read y = r + s * e mod order // 2. verify: g^y (g^s)^-e = g^(r+s*e-s*e) = g^r // (check using H(g^r) which we know) @@ -646,6 +649,9 @@ WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind goto fail; } + if(status) + *status = !!d0_bignum_cmp(ctx->schnorr_4_to_s_signature, zero); + if(ctx->msglen <= (size_t) *msglen) memcpy(msg, ctx->msg, ctx->msglen); else diff --git a/d0_blind_id.h b/d0_blind_id.h index 4877c93..a7ae46e 100644 --- a/d0_blind_id.h +++ b/d0_blind_id.h @@ -23,9 +23,9 @@ EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_read_public_id(d0_blind_id_t *ctx, co EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_private_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_write_public_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_start(d0_blind_id_t *ctx, int is_first, char *message, size_t msglen, char *outbuf, size_t *outbuflen); -EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_challenge(d0_blind_id_t *ctx, int is_first, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen, BOOL *status); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_response(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *outbuf, size_t *outbuflen); -EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen); +EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_authenticate_with_private_id_verify(d0_blind_id_t *ctx, const char *inbuf, size_t inbuflen, char *msg, ssize_t *msglen, BOOL *status); EXPORT WARN_UNUSED_RESULT BOOL d0_blind_id_fingerprint64_public_id(d0_blind_id_t *ctx, char *outbuf, size_t *outbuflen); EXPORT void d0_blind_id_INITIALIZE(void); diff --git a/main.c b/main.c index eaaa9e3..50197e6 100644 --- a/main.c +++ b/main.c @@ -96,22 +96,25 @@ int main(int argc, char **argv) n = 0; double bench_auth = 0, bench_chall = 0, bench_resp = 0, bench_verify = 0; + BOOL status; while(!quit) { bench(&bench_auth); bufsize = sizeof(buf); if(!d0_blind_id_authenticate_with_private_id_start(ctx_other, 1, "hello world", 11, buf, &bufsize)) errx(9, "start fail"); bench(&bench_chall); - buf2size = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_challenge(ctx_self, 1, buf, bufsize, buf2, &buf2size)) + buf2size = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_challenge(ctx_self, 1, buf, bufsize, buf2, &buf2size, NULL)) errx(10, "challenge fail"); bench(&bench_resp); bufsize = sizeof(buf); if(!d0_blind_id_authenticate_with_private_id_response(ctx_other, buf2, buf2size, buf, &bufsize)) errx(11, "response fail"); bench(&bench_verify); - buf2ssize = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_verify(ctx_self, buf, bufsize, buf2, &buf2ssize)) + buf2ssize = sizeof(buf2); if(!d0_blind_id_authenticate_with_private_id_verify(ctx_self, buf, bufsize, buf2, &buf2ssize, &status)) errx(12, "verify fail"); if(buf2ssize != 11 || memcmp(buf2, "hello world", 11)) errx(13, "hello fail"); + if(!status) + errx(14, "signature fail"); bench(&bench_stop); ++n; if(n % 1024 == 0) -- 2.39.2