blindrsa

package
v1.3.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: BSD-3-Clause Imports: 7 Imported by: 4

Documentation

Overview

Package blindrsa implements the RSA Blind Signature Protocol as defined in [RFC9474].

The RSA Blind Signature protocol, and its variant RSABSSA (RSA Blind Signature Scheme with Appendix) is a two-party protocol between a Client and Server where they interact to compute 

sig = Sign(sk, input_msg),

where `input_msg = Prepare(msg)` is a prepared version of a private message `msg` provided by the Client, and `sk` is the private signing key provided by the server.

Supported Variants

This package is compliant with the RFC-9474 document and supports the following variants:

  • RSABSSA-SHA384-PSS-Deterministic
  • RSABSSA-SHA384-PSSZERO-Deterministic
  • RSABSSA-SHA384-PSS-Randomized
  • RSABSSA-SHA384-PSSZERO-Randomized
Example (Blindrsa) 
// Setup (offline)

// Server: generate an RSA keypair.
sk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
	fmt.Printf("failed to generate RSA key: %v", err)
	return
}
pk := &sk.PublicKey
server := NewSigner(sk)

// Client: stores Server's public key.
client, err := NewClient(SHA384PSSRandomized, pk)
if err != nil {
	fmt.Printf("failed to invoke a client: %v", err)
	return
}

// Protocol (online)

// Client prepares the message to be signed.
msg := []byte("alice and bob")
preparedMessage, err := client.Prepare(rand.Reader, msg)
if err != nil {
	fmt.Printf("client failed to prepare the message: %v", err)
	return
}

// Client blinds a message.
blindedMsg, state, err := client.Blind(rand.Reader, preparedMessage)
if err != nil {
	fmt.Printf("client failed to generate blinded message: %v", err)
	return
}

// Server signs a blinded message, and produces a blinded signature.
blindedSignature, err := server.BlindSign(blindedMsg)
if err != nil {
	fmt.Printf("server failed to sign: %v", err)
	return
}

// Client build a signature from the previous state and blinded signature.
signature, err := client.Finalize(state, blindedSignature)
if err != nil {
	fmt.Printf("client failed to obtain signature: %v", err)
	return
}

// Client build a signature from the previous state and blinded signature.
ok := client.Verify(preparedMessage, signature)

fmt.Printf("Valid signature: %v", ok == nil)

Output:

Valid signature: true

Index

Examples

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidVariant          = common.ErrInvalidVariant
	ErrUnexpectedSize          = common.ErrUnexpectedSize
	ErrInvalidMessageLength    = common.ErrInvalidMessageLength
	ErrInvalidBlind            = common.ErrInvalidBlind
	ErrInvalidRandomness       = common.ErrInvalidRandomness
	ErrUnsupportedHashFunction = common.ErrUnsupportedHashFunction
)

Functions

This section is empty.

Types

type Client added in v1.3.8 

type Client struct {
	// contains filtered or unexported fields
}

Client is a type that implements the client side of the blind RSA protocol, described in https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants

func NewClient added in v1.3.8 

func NewClient(v Variant, pk *rsa.PublicKey) (Client, error)

func (Client) Blind added in v1.3.8 

func (c Client) Blind(random io.Reader, preparedMessage []byte) (blindedMsg []byte, state State, err error)

Blind initializes the blind RSA protocol using an input message and source of randomness. This function fails if randomness was not provided.

func (Client) Finalize added in v1.3.8 

func (c Client) Finalize(state State, blindedSig []byte) ([]byte, error)

func (Client) Prepare added in v1.3.8 

func (c Client) Prepare(random io.Reader, message []byte) ([]byte, error)

Prepare is the process by which the message to be signed and verified is prepared for input to the blind signing protocol.

func (Client) Verify added in v1.3.8 

func (c Client) Verify(message, signature []byte) error

Verify verifies the input (message, signature) pair and produces an error upon failure.

type Signer added in v1.3.4 

type Signer struct {
	// contains filtered or unexported fields
}

Signer structure represents the signing server in the blind RSA protocol. It carries the raw RSA private key used for signing blinded messages.

func NewSigner added in v1.3.4 

func NewSigner(sk *rsa.PrivateKey) Signer

NewSigner creates a new Signer for the blind RSA protocol using an RSA private key.

func (Signer) BlindSign added in v1.3.4 

func (signer Signer) BlindSign(data []byte) ([]byte, error)

BlindSign blindly computes the RSA operation using the Signer's private key on the blinded message input, if it's of valid length, and returns an error should the function fail.

See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-blindsign

type State added in v1.3.8 

type State struct {
	// contains filtered or unexported fields
}

type Variant added in v1.3.8 

type Variant int
const (
	SHA384PSSRandomized        Variant = iota // RSABSSA-SHA384_PSS_Randomized
	SHA384PSSZeroRandomized                   // RSABSSA-SHA384_PSSZero_Randomized
	SHA384PSSDeterministic                    // RSABSSA-SHA384_PSS_Deterministic
	SHA384PSSZeroDeterministic                // RSABSSA-SHA384_PSSZero_Deterministic
)

func (Variant) String added in v1.3.8 

func (v Variant) String() string

type Verifier added in v1.3.4 

type Verifier struct {
	rsa.PSSOptions
	// contains filtered or unexported fields
}

func NewVerifier added in v1.3.4 

func NewVerifier(v Variant, pk *rsa.PublicKey) (Verifier, error)

func (Verifier) Verify added in v1.3.4 

func (v Verifier) Verify(message, signature []byte) error

Verify verifies the input (message, signature) pair and produces an error upon failure.

Source Files

View all Source files

Directories

Path Synopsis
internal
common
keys
Package partiallyblindrsa implements a partially blind RSA protocol.
 Package partiallyblindrsa implements a partially blind RSA protocol.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.