blindrsa

package
v1.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2023 License: BSD-3-Clause Imports: 8 Imported by: 0

Documentation

Overview

Package blindrsa implements the RSA Blind Signature Protocol as defined in [RFC9474].

The RSA Blind Signature protocol, and its variant RSABSSA (RSA Blind Signature with Appendix) is a two-party protocol between a Client and Server where they interact to compute 

sig = Sign(sk, input_msg),

where `input_msg = Prepare(msg)` is a prepared version of a private message `msg` provided by the Client, and `sk` is the private signing key provided by the server.

Supported Variants

This package is compliant with the RFC-9474 document and supports the following variants:

while these variants are not supported yet:

  • RSABSSA-SHA384-PSS-Randomized
  • RSABSSA-SHA384-PSSZERO-Randomized
Example (Blindrsa) 
// Setup (offline)

// Server: generate an RSA keypair.
sk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
	fmt.Fprintf(os.Stderr, "failed to generate RSA key: %v", err)
	return
}
pk := &sk.PublicKey
server := NewSigner(sk)

// Client: stores Server's public key.
verifier := NewVerifier(pk, crypto.SHA384)

// Protocol (online)

// Client blinds a message.
msg := []byte("alice and bob")
blindedMsg, state, err := verifier.Blind(rand.Reader, msg)
if err != nil {
	fmt.Fprintf(os.Stderr, "client failed to generate blinded message: %v", err)
	return
}

// Server signs a blinded message, and produces a blinded signature.
blindedSignature, err := server.BlindSign(blindedMsg)
if err != nil {
	fmt.Fprintf(os.Stderr, "server failed to sign: %v", err)
	return
}

// Client builds a signature from the previous state and the blinded signature.
signature, err := state.Finalize(blindedSignature)
if err != nil {
	fmt.Fprintf(os.Stderr, "client failed to obtain signature: %v", err)
	return
}

// Client verifies the signature is valid.
ok := verifier.Verify(msg, signature)
fmt.Printf("Valid signature: %v", ok == nil)

Output:

Valid signature: true

Index

Examples

Constants

This section is empty.

Variables

View Source 
var (
	ErrUnexpectedSize          = common.ErrUnexpectedSize
	ErrInvalidMessageLength    = common.ErrInvalidMessageLength
	ErrInvalidBlind            = common.ErrInvalidBlind
	ErrInvalidRandomness       = common.ErrInvalidRandomness
	ErrUnsupportedHashFunction = common.ErrUnsupportedHashFunction
)

Functions

This section is empty.

Types

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

An Signer represents the Signer in the blind RSA protocol. It carries the raw RSA private key used for signing blinded messages.

func NewSigner 

func NewSigner(sk *rsa.PrivateKey) Signer

NewSigner creates a new Signer for the blind RSA protocol using an RSA private key.

func (Signer) BlindSign 

func (signer Signer) BlindSign(data []byte) ([]byte, error)

BlindSign blindly computes the RSA operation using the Signer's private key on the blinded message input, if it's of valid length, and returns an error should the function fail.

See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-blindsign

type Verifier 

type Verifier interface {
	// Blind initializes the blind RSA protocol using an input message and source of randomness. The
	// signature is deterministic. This function fails if randomness was not provided.
	Blind(random io.Reader, message []byte) ([]byte, VerifierState, error)

	// FixedBlind runs the Blind function with fixed blind and salt inputs.
	FixedBlind(message, blind, salt []byte) ([]byte, VerifierState, error)

	// Verify verifies the input (message, signature) pair and produces an error upon failure.
	Verify(message, signature []byte) error

	// Hash returns the hash function associated with the Verifier.
	Hash() hash.Hash
}

Verifier is a type that implements the client side of the blind RSA protocol, described in https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants

func NewDeterministicVerifier 

func NewDeterministicVerifier(pk *rsa.PublicKey, hash crypto.Hash) Verifier

NewDeterministicVerifier creates a new DeterministicBRSAVerifier using the corresponding Signer parameters. This corresponds to the RSABSSA-SHA384-PSSZERO-Deterministic variant. See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants

func NewVerifier 

func NewVerifier(pk *rsa.PublicKey, hash crypto.Hash) Verifier

NewVerifier creates a new BRSAVerifier using the corresponding Signer parameters. This corresponds to the RSABSSA-SHA384-PSS-Deterministic variant. See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants

type VerifierState 

type VerifierState struct {
	// contains filtered or unexported fields
}

An VerifierState carries state needed to complete the blind signature protocol as a verifier.

func (VerifierState) CopyBlind 

func (state VerifierState) CopyBlind() []byte

CopyBlind returns an encoding of the blind value used in the protocol.

func (VerifierState) CopySalt 

func (state VerifierState) CopySalt() []byte

CopySalt returns an encoding of the per-message salt used in the protocol.

func (VerifierState) Finalize 

func (state VerifierState) Finalize(data []byte) ([]byte, error)

Finalize computes and outputs the final signature, if it's valid. Otherwise, it returns an error.

See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-finalize

Source Files

View all Source files

Directories

Path Synopsis
internal
common
keys
Package partiallyblindrsa implements a partially blind RSA protocol.
 Package partiallyblindrsa implements a partially blind RSA protocol.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.