crypto_blind_sign.c (18802B)
1 /* 2 This file is part of GNUNET 3 Copyright (C) 2021, 2022, 2023 GNUnet e.V. 4 5 GNUNET is free software; you can redistribute it and/or modify it under the 6 terms of the GNU General Public License as published by the Free Software 7 Foundation; either version 3, or (at your option) any later version. 8 9 GNUNET is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License along with 14 GNUNET; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 */ 16 /** 17 * @file crypto_blind_sign.c 18 * @brief blind signatures (abstraction over RSA or CS) 19 * @author Christian Grothoff 20 */ 21 #include "platform.h" 22 #include "gnunet_util_lib.h" 23 24 25 void 26 GNUNET_CRYPTO_blinding_input_values_decref ( 27 struct GNUNET_CRYPTO_BlindingInputValues *bm) 28 { 29 GNUNET_assert (bm->rc > 0); 30 bm->rc--; 31 if (0 != bm->rc) 32 return; 33 switch (bm->cipher) 34 { 35 case GNUNET_CRYPTO_BSA_INVALID: 36 GNUNET_break (0); 37 break; 38 case GNUNET_CRYPTO_BSA_RSA: 39 bm->cipher = GNUNET_CRYPTO_BSA_INVALID; 40 break; 41 case GNUNET_CRYPTO_BSA_CS: 42 bm->cipher = GNUNET_CRYPTO_BSA_INVALID; 43 break; 44 } 45 GNUNET_free (bm); 46 } 47 48 49 void 50 GNUNET_CRYPTO_blind_sign_priv_decref ( 51 struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv) 52 { 53 GNUNET_assert (bsign_priv->rc > 0); 54 bsign_priv->rc--; 55 if (0 != bsign_priv->rc) 56 return; 57 switch (bsign_priv->cipher) 58 { 59 case GNUNET_CRYPTO_BSA_INVALID: 60 GNUNET_break (0); 61 break; 62 case GNUNET_CRYPTO_BSA_RSA: 63 if (NULL != bsign_priv->details.rsa_private_key) 64 { 65 GNUNET_CRYPTO_rsa_private_key_free (bsign_priv->details.rsa_private_key); 66 bsign_priv->details.rsa_private_key = NULL; 67 } 68 bsign_priv->cipher = GNUNET_CRYPTO_BSA_INVALID; 69 break; 70 case GNUNET_CRYPTO_BSA_CS: 71 bsign_priv->cipher = GNUNET_CRYPTO_BSA_INVALID; 72 break; 73 } 74 GNUNET_free (bsign_priv); 75 } 76 77 78 void 79 GNUNET_CRYPTO_blind_sign_pub_decref ( 80 struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) 81 { 82 GNUNET_assert (bsign_pub->rc > 0); 83 bsign_pub->rc--; 84 if (0 != bsign_pub->rc) 85 return; 86 switch (bsign_pub->cipher) 87 { 88 case GNUNET_CRYPTO_BSA_INVALID: 89 GNUNET_break (0); 90 break; 91 case GNUNET_CRYPTO_BSA_RSA: 92 if (NULL != bsign_pub->details.rsa_public_key) 93 { 94 GNUNET_CRYPTO_rsa_public_key_free (bsign_pub->details.rsa_public_key); 95 bsign_pub->details.rsa_public_key = NULL; 96 } 97 bsign_pub->cipher = GNUNET_CRYPTO_BSA_INVALID; 98 break; 99 case GNUNET_CRYPTO_BSA_CS: 100 break; 101 } 102 GNUNET_free (bsign_pub); 103 } 104 105 106 void 107 GNUNET_CRYPTO_unblinded_sig_decref ( 108 struct GNUNET_CRYPTO_UnblindedSignature *ub_sig) 109 { 110 GNUNET_assert (ub_sig->rc > 0); 111 ub_sig->rc--; 112 if (0 != ub_sig->rc) 113 return; 114 switch (ub_sig->cipher) 115 { 116 case GNUNET_CRYPTO_BSA_INVALID: 117 GNUNET_break (0); 118 break; 119 case GNUNET_CRYPTO_BSA_RSA: 120 if (NULL != ub_sig->details.rsa_signature) 121 { 122 GNUNET_CRYPTO_rsa_signature_free (ub_sig->details.rsa_signature); 123 ub_sig->details.rsa_signature = NULL; 124 } 125 ub_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; 126 break; 127 case GNUNET_CRYPTO_BSA_CS: 128 ub_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; 129 break; 130 } 131 GNUNET_free (ub_sig); 132 } 133 134 135 void 136 GNUNET_CRYPTO_blinded_sig_decref ( 137 struct GNUNET_CRYPTO_BlindedSignature *blind_sig) 138 { 139 GNUNET_assert (blind_sig->rc > 0); 140 blind_sig->rc--; 141 if (0 != blind_sig->rc) 142 return; 143 switch (blind_sig->cipher) 144 { 145 case GNUNET_CRYPTO_BSA_INVALID: 146 GNUNET_break (0); 147 break; 148 case GNUNET_CRYPTO_BSA_RSA: 149 if (NULL != blind_sig->details.blinded_rsa_signature) 150 { 151 GNUNET_CRYPTO_rsa_signature_free ( 152 blind_sig->details.blinded_rsa_signature); 153 blind_sig->details.blinded_rsa_signature = NULL; 154 } 155 blind_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; 156 break; 157 case GNUNET_CRYPTO_BSA_CS: 158 blind_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; 159 break; 160 } 161 GNUNET_free (blind_sig); 162 } 163 164 165 void 166 GNUNET_CRYPTO_blinded_message_decref ( 167 struct GNUNET_CRYPTO_BlindedMessage *bm) 168 { 169 GNUNET_assert (bm->rc > 0); 170 bm->rc--; 171 if (0 != bm->rc) 172 return; 173 switch (bm->cipher) 174 { 175 case GNUNET_CRYPTO_BSA_INVALID: 176 GNUNET_break (0); 177 break; 178 case GNUNET_CRYPTO_BSA_RSA: 179 GNUNET_free (bm->details.rsa_blinded_message.blinded_msg); 180 break; 181 case GNUNET_CRYPTO_BSA_CS: 182 break; 183 } 184 GNUNET_free (bm); 185 } 186 187 188 struct GNUNET_CRYPTO_BlindedMessage * 189 GNUNET_CRYPTO_blinded_message_incref ( 190 struct GNUNET_CRYPTO_BlindedMessage *bm) 191 { 192 bm->rc++; 193 return bm; 194 } 195 196 197 struct GNUNET_CRYPTO_BlindingInputValues * 198 GNUNET_CRYPTO_blinding_input_values_incref ( 199 struct GNUNET_CRYPTO_BlindingInputValues *bm) 200 { 201 bm->rc++; 202 return bm; 203 } 204 205 206 struct GNUNET_CRYPTO_BlindSignPublicKey * 207 GNUNET_CRYPTO_bsign_pub_incref ( 208 struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) 209 { 210 bsign_pub->rc++; 211 return bsign_pub; 212 } 213 214 215 struct GNUNET_CRYPTO_BlindSignPrivateKey * 216 GNUNET_CRYPTO_bsign_priv_incref ( 217 struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv) 218 { 219 bsign_priv->rc++; 220 return bsign_priv; 221 } 222 223 224 struct GNUNET_CRYPTO_UnblindedSignature * 225 GNUNET_CRYPTO_ub_sig_incref (struct GNUNET_CRYPTO_UnblindedSignature *ub_sig) 226 { 227 ub_sig->rc++; 228 return ub_sig; 229 } 230 231 232 struct GNUNET_CRYPTO_BlindedSignature * 233 GNUNET_CRYPTO_blind_sig_incref ( 234 struct GNUNET_CRYPTO_BlindedSignature *blind_sig) 235 { 236 blind_sig->rc++; 237 return blind_sig; 238 } 239 240 241 int 242 GNUNET_CRYPTO_bsign_pub_cmp ( 243 const struct GNUNET_CRYPTO_BlindSignPublicKey *bp1, 244 const struct GNUNET_CRYPTO_BlindSignPublicKey *bp2) 245 { 246 if (bp1->cipher != bp2->cipher) 247 return (bp1->cipher > bp2->cipher) ? 1 : -1; 248 switch (bp1->cipher) 249 { 250 case GNUNET_CRYPTO_BSA_INVALID: 251 GNUNET_break (0); 252 return 0; 253 case GNUNET_CRYPTO_BSA_RSA: 254 return GNUNET_memcmp (&bp1->pub_key_hash, 255 &bp2->pub_key_hash); 256 case GNUNET_CRYPTO_BSA_CS: 257 return GNUNET_memcmp (&bp1->pub_key_hash, 258 &bp2->pub_key_hash); 259 } 260 GNUNET_assert (0); 261 return -2; 262 } 263 264 265 int 266 GNUNET_CRYPTO_ub_sig_cmp ( 267 const struct GNUNET_CRYPTO_UnblindedSignature *sig1, 268 const struct GNUNET_CRYPTO_UnblindedSignature *sig2) 269 { 270 if (sig1->cipher != sig2->cipher) 271 return (sig1->cipher > sig2->cipher) ? 1 : -1; 272 switch (sig1->cipher) 273 { 274 case GNUNET_CRYPTO_BSA_INVALID: 275 GNUNET_break (0); 276 return 0; 277 case GNUNET_CRYPTO_BSA_RSA: 278 return GNUNET_CRYPTO_rsa_signature_cmp (sig1->details.rsa_signature, 279 sig2->details.rsa_signature); 280 case GNUNET_CRYPTO_BSA_CS: 281 return GNUNET_memcmp (&sig1->details.cs_signature, 282 &sig2->details.cs_signature); 283 } 284 GNUNET_assert (0); 285 return -2; 286 } 287 288 289 int 290 GNUNET_CRYPTO_blind_sig_cmp ( 291 const struct GNUNET_CRYPTO_BlindedSignature *sig1, 292 const struct GNUNET_CRYPTO_BlindedSignature *sig2) 293 { 294 if (sig1->cipher != sig2->cipher) 295 return (sig1->cipher > sig2->cipher) ? 1 : -1; 296 switch (sig1->cipher) 297 { 298 case GNUNET_CRYPTO_BSA_INVALID: 299 GNUNET_break (0); 300 return 0; 301 case GNUNET_CRYPTO_BSA_RSA: 302 return GNUNET_CRYPTO_rsa_signature_cmp ( 303 sig1->details.blinded_rsa_signature, 304 sig2->details.blinded_rsa_signature); 305 case GNUNET_CRYPTO_BSA_CS: 306 return GNUNET_memcmp (&sig1->details.blinded_cs_answer, 307 &sig2->details.blinded_cs_answer); 308 } 309 GNUNET_assert (0); 310 return -2; 311 } 312 313 314 int 315 GNUNET_CRYPTO_blinded_message_cmp ( 316 const struct GNUNET_CRYPTO_BlindedMessage *bp1, 317 const struct GNUNET_CRYPTO_BlindedMessage *bp2) 318 { 319 if (bp1->cipher != bp2->cipher) 320 return (bp1->cipher > bp2->cipher) ? 1 : -1; 321 switch (bp1->cipher) 322 { 323 case GNUNET_CRYPTO_BSA_INVALID: 324 GNUNET_break (0); 325 return 0; 326 case GNUNET_CRYPTO_BSA_RSA: 327 if (bp1->details.rsa_blinded_message.blinded_msg_size != 328 bp2->details.rsa_blinded_message.blinded_msg_size) 329 return (bp1->details.rsa_blinded_message.blinded_msg_size > 330 bp2->details.rsa_blinded_message.blinded_msg_size) ? 1 : -1; 331 return memcmp (bp1->details.rsa_blinded_message.blinded_msg, 332 bp2->details.rsa_blinded_message.blinded_msg, 333 bp1->details.rsa_blinded_message.blinded_msg_size); 334 case GNUNET_CRYPTO_BSA_CS: 335 return GNUNET_memcmp (&bp1->details.cs_blinded_message, 336 &bp2->details.cs_blinded_message); 337 } 338 GNUNET_assert (0); 339 return -2; 340 } 341 342 343 enum GNUNET_GenericReturnValue 344 GNUNET_CRYPTO_blind_sign_keys_create ( 345 struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, 346 struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, 347 enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, 348 ...) 349 { 350 enum GNUNET_GenericReturnValue ret; 351 va_list ap; 352 353 va_start (ap, 354 cipher); 355 ret = GNUNET_CRYPTO_blind_sign_keys_create_va (bsign_priv, 356 bsign_pub, 357 cipher, 358 ap); 359 va_end (ap); 360 return ret; 361 } 362 363 364 enum GNUNET_GenericReturnValue 365 GNUNET_CRYPTO_blind_sign_keys_create_va ( 366 struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, 367 struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, 368 enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, 369 va_list ap) 370 { 371 struct GNUNET_CRYPTO_BlindSignPrivateKey *priv; 372 struct GNUNET_CRYPTO_BlindSignPublicKey *pub; 373 374 priv = GNUNET_new (struct GNUNET_CRYPTO_BlindSignPrivateKey); 375 priv->rc = 1; 376 priv->cipher = cipher; 377 *bsign_priv = priv; 378 pub = GNUNET_new (struct GNUNET_CRYPTO_BlindSignPublicKey); 379 pub->rc = 1; 380 pub->cipher = cipher; 381 *bsign_pub = pub; 382 switch (cipher) 383 { 384 case GNUNET_CRYPTO_BSA_INVALID: 385 GNUNET_break (0); 386 break; 387 case GNUNET_CRYPTO_BSA_RSA: 388 { 389 unsigned int bits; 390 391 bits = va_arg (ap, 392 unsigned int); 393 if (bits < 512) 394 { 395 GNUNET_break (0); 396 break; 397 } 398 priv->details.rsa_private_key 399 = GNUNET_CRYPTO_rsa_private_key_create (bits); 400 } 401 if (NULL == priv->details.rsa_private_key) 402 { 403 GNUNET_break (0); 404 break; 405 } 406 pub->details.rsa_public_key 407 = GNUNET_CRYPTO_rsa_private_key_get_public ( 408 priv->details.rsa_private_key); 409 GNUNET_CRYPTO_rsa_public_key_hash (pub->details.rsa_public_key, 410 &pub->pub_key_hash); 411 return GNUNET_OK; 412 case GNUNET_CRYPTO_BSA_CS: 413 GNUNET_CRYPTO_cs_private_key_generate (&priv->details.cs_private_key); 414 GNUNET_CRYPTO_cs_private_key_get_public ( 415 &priv->details.cs_private_key, 416 &pub->details.cs_public_key); 417 GNUNET_CRYPTO_hash (&pub->details.cs_public_key, 418 sizeof(pub->details.cs_public_key), 419 &pub->pub_key_hash); 420 return GNUNET_OK; 421 } 422 GNUNET_free (priv); 423 GNUNET_free (pub); 424 *bsign_priv = NULL; 425 *bsign_pub = NULL; 426 return GNUNET_SYSERR; 427 } 428 429 430 struct GNUNET_CRYPTO_BlindingInputValues * 431 GNUNET_CRYPTO_get_blinding_input_values ( 432 const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, 433 const union GNUNET_CRYPTO_BlindSessionNonce *nonce, 434 const char *salt) 435 { 436 struct GNUNET_CRYPTO_BlindingInputValues *biv; 437 438 biv = GNUNET_new (struct GNUNET_CRYPTO_BlindingInputValues); 439 biv->cipher = bsign_priv->cipher; 440 biv->rc = 1; 441 switch (bsign_priv->cipher) 442 { 443 case GNUNET_CRYPTO_BSA_INVALID: 444 GNUNET_break (0); 445 GNUNET_free (biv); 446 return NULL; 447 case GNUNET_CRYPTO_BSA_RSA: 448 return biv; 449 case GNUNET_CRYPTO_BSA_CS: 450 { 451 struct GNUNET_CRYPTO_CsRSecret cspriv[2]; 452 453 GNUNET_CRYPTO_cs_r_derive (&nonce->cs_nonce, 454 salt, 455 &bsign_priv->details.cs_private_key, 456 cspriv); 457 GNUNET_CRYPTO_cs_r_get_public (&cspriv[0], 458 &biv->details.cs_values.r_pub[0]); 459 GNUNET_CRYPTO_cs_r_get_public (&cspriv[1], 460 &biv->details.cs_values.r_pub[1]); 461 return biv; 462 } 463 } 464 GNUNET_break (0); 465 GNUNET_free (biv); 466 return NULL; 467 } 468 469 470 struct GNUNET_CRYPTO_BlindedMessage * 471 GNUNET_CRYPTO_message_blind_to_sign ( 472 const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, 473 const union GNUNET_CRYPTO_BlindingSecretP *bks, 474 const union GNUNET_CRYPTO_BlindSessionNonce *nonce, 475 const void *message, 476 size_t message_size, 477 const struct GNUNET_CRYPTO_BlindingInputValues *alg_values) 478 { 479 struct GNUNET_CRYPTO_BlindedMessage *bm; 480 481 bm = GNUNET_new (struct GNUNET_CRYPTO_BlindedMessage); 482 bm->cipher = bsign_pub->cipher; 483 bm->rc = 1; 484 switch (bsign_pub->cipher) 485 { 486 case GNUNET_CRYPTO_BSA_INVALID: 487 GNUNET_break (0); 488 GNUNET_free (bm); 489 return NULL; 490 case GNUNET_CRYPTO_BSA_RSA: 491 if (GNUNET_YES != 492 GNUNET_CRYPTO_rsa_blind ( 493 message, 494 message_size, 495 &bks->rsa_bks, 496 bsign_pub->details.rsa_public_key, 497 &bm->details.rsa_blinded_message)) 498 { 499 GNUNET_break (0); 500 GNUNET_free (bm); 501 return NULL; 502 } 503 return bm; 504 case GNUNET_CRYPTO_BSA_CS: 505 { 506 struct GNUNET_CRYPTO_CSPublicRPairP blinded_r_pub; 507 struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; 508 509 if (NULL == nonce) 510 { 511 GNUNET_break_op (0); 512 GNUNET_free (bm); 513 return NULL; 514 } 515 GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, 516 bs); 517 GNUNET_CRYPTO_cs_calc_blinded_c ( 518 bs, 519 alg_values->details.cs_values.r_pub, 520 &bsign_pub->details.cs_public_key, 521 message, 522 message_size, 523 bm->details.cs_blinded_message.c, 524 &blinded_r_pub); 525 bm->details.cs_blinded_message.nonce = nonce->cs_nonce; 526 (void) blinded_r_pub; 527 return bm; 528 } 529 } 530 GNUNET_break (0); 531 return NULL; 532 } 533 534 535 struct GNUNET_CRYPTO_BlindedSignature * 536 GNUNET_CRYPTO_blind_sign ( 537 const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, 538 const char *salt, 539 const struct GNUNET_CRYPTO_BlindedMessage *blinded_message) 540 { 541 struct GNUNET_CRYPTO_BlindedSignature *blind_sig; 542 543 if (blinded_message->cipher != bsign_priv->cipher) 544 { 545 GNUNET_break (0); 546 return NULL; 547 } 548 549 blind_sig = GNUNET_new (struct GNUNET_CRYPTO_BlindedSignature); 550 blind_sig->cipher = bsign_priv->cipher; 551 blind_sig->rc = 1; 552 switch (bsign_priv->cipher) 553 { 554 case GNUNET_CRYPTO_BSA_INVALID: 555 GNUNET_break (0); 556 GNUNET_free (blind_sig); 557 return NULL; 558 case GNUNET_CRYPTO_BSA_RSA: 559 blind_sig->details.blinded_rsa_signature 560 = GNUNET_CRYPTO_rsa_sign_blinded ( 561 bsign_priv->details.rsa_private_key, 562 &blinded_message->details.rsa_blinded_message); 563 if (NULL == blind_sig->details.blinded_rsa_signature) 564 { 565 GNUNET_break (0); 566 GNUNET_free (blind_sig); 567 return NULL; 568 } 569 return blind_sig; 570 case GNUNET_CRYPTO_BSA_CS: 571 { 572 struct GNUNET_CRYPTO_CsRSecret r[2]; 573 574 GNUNET_CRYPTO_cs_r_derive ( 575 &blinded_message->details.cs_blinded_message.nonce, 576 salt, 577 &bsign_priv->details.cs_private_key, 578 r); 579 GNUNET_CRYPTO_cs_sign_derive ( 580 &bsign_priv->details.cs_private_key, 581 r, 582 &blinded_message->details.cs_blinded_message, 583 &blind_sig->details.blinded_cs_answer); 584 } 585 return blind_sig; 586 } 587 GNUNET_break (0); 588 return NULL; 589 } 590 591 592 struct GNUNET_CRYPTO_UnblindedSignature * 593 GNUNET_CRYPTO_blind_sig_unblind ( 594 const struct GNUNET_CRYPTO_BlindedSignature *blinded_sig, 595 const union GNUNET_CRYPTO_BlindingSecretP *bks, 596 const void *message, 597 size_t message_size, 598 const struct GNUNET_CRYPTO_BlindingInputValues *alg_values, 599 const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) 600 { 601 struct GNUNET_CRYPTO_UnblindedSignature *ub_sig; 602 603 if (blinded_sig->cipher != bsign_pub->cipher) 604 { 605 GNUNET_break (0); 606 return NULL; 607 } 608 if (blinded_sig->cipher != alg_values->cipher) 609 { 610 GNUNET_break (0); 611 return NULL; 612 } 613 ub_sig = GNUNET_new (struct GNUNET_CRYPTO_UnblindedSignature); 614 ub_sig->cipher = blinded_sig->cipher; 615 ub_sig->rc = 1; 616 switch (bsign_pub->cipher) 617 { 618 case GNUNET_CRYPTO_BSA_INVALID: 619 GNUNET_break (0); 620 GNUNET_free (ub_sig); 621 return NULL; 622 case GNUNET_CRYPTO_BSA_RSA: 623 ub_sig->details.rsa_signature 624 = GNUNET_CRYPTO_rsa_unblind ( 625 blinded_sig->details.blinded_rsa_signature, 626 &bks->rsa_bks, 627 bsign_pub->details.rsa_public_key); 628 if (NULL == ub_sig->details.rsa_signature) 629 { 630 GNUNET_break (0); 631 GNUNET_free (ub_sig); 632 return NULL; 633 } 634 return ub_sig; 635 case GNUNET_CRYPTO_BSA_CS: 636 { 637 struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; 638 struct GNUNET_CRYPTO_CsC c[2]; 639 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind; 640 unsigned int b; 641 642 GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, 643 bs); 644 GNUNET_CRYPTO_cs_calc_blinded_c ( 645 bs, 646 alg_values->details.cs_values.r_pub, 647 &bsign_pub->details.cs_public_key, 648 message, 649 message_size, 650 c, 651 &r_pub_blind); 652 b = blinded_sig->details.blinded_cs_answer.b; 653 ub_sig->details.cs_signature.r_point 654 = r_pub_blind.r_pub[b]; 655 GNUNET_CRYPTO_cs_unblind ( 656 &blinded_sig->details.blinded_cs_answer.s_scalar, 657 &bs[b], 658 &ub_sig->details.cs_signature.s_scalar); 659 return ub_sig; 660 } 661 } 662 GNUNET_break (0); 663 GNUNET_free (ub_sig); 664 return NULL; 665 } 666 667 668 enum GNUNET_GenericReturnValue 669 GNUNET_CRYPTO_blind_sig_verify ( 670 const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, 671 const struct GNUNET_CRYPTO_UnblindedSignature *ub_sig, 672 const void *message, 673 size_t message_size) 674 { 675 if (bsign_pub->cipher != ub_sig->cipher) 676 { 677 GNUNET_break (0); 678 return GNUNET_SYSERR; 679 } 680 switch (bsign_pub->cipher) 681 { 682 case GNUNET_CRYPTO_BSA_INVALID: 683 GNUNET_break (0); 684 return GNUNET_NO; 685 case GNUNET_CRYPTO_BSA_RSA: 686 if (GNUNET_OK != 687 GNUNET_CRYPTO_rsa_verify (message, 688 message_size, 689 ub_sig->details.rsa_signature, 690 bsign_pub->details.rsa_public_key)) 691 { 692 GNUNET_break_op (0); 693 return GNUNET_NO; 694 } 695 return GNUNET_YES; 696 case GNUNET_CRYPTO_BSA_CS: 697 if (GNUNET_OK != 698 GNUNET_CRYPTO_cs_verify (&ub_sig->details.cs_signature, 699 &bsign_pub->details.cs_public_key, 700 message, 701 message_size)) 702 { 703 GNUNET_break_op (0); 704 return GNUNET_NO; 705 } 706 return GNUNET_YES; 707 } 708 GNUNET_break (0); 709 return GNUNET_NO; 710 } 711 712 713 /* end of crypto_blind_sign.c */