#include <openssl/trust_token.h>
#include <openssl/bn.h>
#include <openssl/bytestring.h>
#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/nid.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
#include "../ec_extra/internal.h"
#include "../fipsmodule/bn/internal.h"
#include "../fipsmodule/ec/internal.h"
#include "internal.h"
hash_t_func_t;
hash_s_func_t;
hash_c_func_t;
hash_to_scalar_func_t;
PMBTOKEN_METHOD;
static const uint8_t kDefaultAdditionalData[32] = …;
static int pmbtoken_init_method(PMBTOKEN_METHOD *method, const EC_GROUP *group,
const uint8_t *h_bytes, size_t h_len,
hash_t_func_t hash_t, hash_s_func_t hash_s,
hash_c_func_t hash_c,
hash_to_scalar_func_t hash_to_scalar,
int prefix_point) { … }
static int derive_scalar_from_secret(const PMBTOKEN_METHOD *method,
EC_SCALAR *out, const uint8_t *secret,
size_t secret_len, uint8_t scalar_id) { … }
static int point_to_cbb(CBB *out, const EC_GROUP *group,
const EC_AFFINE *point) { … }
static int cbb_add_prefixed_point(CBB *out, const EC_GROUP *group,
const EC_AFFINE *point, int prefix_point) { … }
static int cbs_get_prefixed_point(CBS *cbs, const EC_GROUP *group,
EC_AFFINE *out, int prefix_point) { … }
static int mul_public_3(const EC_GROUP *group, EC_JACOBIAN *out,
const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
const EC_JACOBIAN *p1, const EC_SCALAR *scalar1,
const EC_JACOBIAN *p2, const EC_SCALAR *scalar2) { … }
static int pmbtoken_compute_keys(const PMBTOKEN_METHOD *method,
CBB *out_private, CBB *out_public,
const EC_SCALAR *x0, const EC_SCALAR *y0,
const EC_SCALAR *x1, const EC_SCALAR *y1,
const EC_SCALAR *xs, const EC_SCALAR *ys) { … }
static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method,
CBB *out_private, CBB *out_public) { … }
static int pmbtoken_derive_key_from_secret(const PMBTOKEN_METHOD *method,
CBB *out_private, CBB *out_public,
const uint8_t *secret,
size_t secret_len) { … }
static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method,
TRUST_TOKEN_CLIENT_KEY *key,
const uint8_t *in, size_t len) { … }
static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method,
TRUST_TOKEN_ISSUER_KEY *key,
const uint8_t *in, size_t len) { … }
static STACK_OF(TRUST_TOKEN_PRETOKEN) *pmbtoken_blind(
const PMBTOKEN_METHOD *method, CBB *cbb, size_t count, int include_message,
const uint8_t *msg, size_t msg_len) { … }
static int scalar_to_cbb(CBB *out, const EC_GROUP *group,
const EC_SCALAR *scalar) { … }
static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) { … }
static int hash_c_dleq(const PMBTOKEN_METHOD *method, EC_SCALAR *out,
const EC_AFFINE *X, const EC_AFFINE *T,
const EC_AFFINE *S, const EC_AFFINE *W,
const EC_AFFINE *K0, const EC_AFFINE *K1) { … }
static int hash_c_dleqor(const PMBTOKEN_METHOD *method, EC_SCALAR *out,
const EC_AFFINE *X0, const EC_AFFINE *X1,
const EC_AFFINE *T, const EC_AFFINE *S,
const EC_AFFINE *W, const EC_AFFINE *K00,
const EC_AFFINE *K01, const EC_AFFINE *K10,
const EC_AFFINE *K11) { … }
static int hash_c_batch(const PMBTOKEN_METHOD *method, EC_SCALAR *out,
const CBB *points, size_t index) { … }
static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb,
const TRUST_TOKEN_ISSUER_KEY *priv,
const EC_JACOBIAN *T, const EC_JACOBIAN *S,
const EC_JACOBIAN *W, const EC_JACOBIAN *Ws,
uint8_t private_metadata) { … }
static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs,
const TRUST_TOKEN_CLIENT_KEY *pub, const EC_JACOBIAN *T,
const EC_JACOBIAN *S, const EC_JACOBIAN *W,
const EC_JACOBIAN *Ws) { … }
static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
size_t num_requested, size_t num_to_issue,
uint8_t private_metadata) { … }
static STACK_OF(TRUST_TOKEN) *pmbtoken_unblind(
const PMBTOKEN_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key,
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
uint32_t key_id) { … }
static int pmbtoken_read(const PMBTOKEN_METHOD *method,
const TRUST_TOKEN_ISSUER_KEY *key,
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
uint8_t *out_private_metadata, const uint8_t *token,
size_t token_len, int include_message,
const uint8_t *msg, size_t msg_len) { … }
static int pmbtoken_exp1_hash_t(const EC_GROUP *group, EC_JACOBIAN *out,
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) { … }
static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_JACOBIAN *out,
const EC_AFFINE *t,
const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) { … }
static int pmbtoken_exp1_hash_c(const EC_GROUP *group, EC_SCALAR *out,
uint8_t *buf, size_t len) { … }
static int pmbtoken_exp1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
uint8_t *buf, size_t len) { … }
static int pmbtoken_exp1_ok = …;
static PMBTOKEN_METHOD pmbtoken_exp1_method;
static CRYPTO_once_t pmbtoken_exp1_method_once = …;
static void pmbtoken_exp1_init_method_impl(void) { … }
static int pmbtoken_exp1_init_method(void) { … }
int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public) { … }
int pmbtoken_exp1_derive_key_from_secret(CBB *out_private, CBB *out_public,
const uint8_t *secret,
size_t secret_len) { … }
int pmbtoken_exp1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
const uint8_t *in, size_t len) { … }
int pmbtoken_exp1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
const uint8_t *in, size_t len) { … }
STACK_OF(TRUST_TOKEN_PRETOKEN) *pmbtoken_exp1_blind(CBB *cbb, size_t count,
int include_message,
const uint8_t *msg,
size_t msg_len) { … }
int pmbtoken_exp1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
size_t num_requested, size_t num_to_issue,
uint8_t private_metadata) { … }
STACK_OF(TRUST_TOKEN) *pmbtoken_exp1_unblind(
const TRUST_TOKEN_CLIENT_KEY *key,
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
uint32_t key_id) { … }
int pmbtoken_exp1_read(const TRUST_TOKEN_ISSUER_KEY *key,
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
uint8_t *out_private_metadata, const uint8_t *token,
size_t token_len, int include_message,
const uint8_t *msg, size_t msg_len) { … }
int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) { … }
static int pmbtoken_exp2_hash_t(const EC_GROUP *group, EC_JACOBIAN *out,
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) { … }
static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_JACOBIAN *out,
const EC_AFFINE *t,
const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) { … }
static int pmbtoken_exp2_hash_c(const EC_GROUP *group, EC_SCALAR *out,
uint8_t *buf, size_t len) { … }
static int pmbtoken_exp2_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
uint8_t *buf, size_t len) { … }
static int pmbtoken_exp2_ok = …;
static PMBTOKEN_METHOD pmbtoken_exp2_method;
static CRYPTO_once_t pmbtoken_exp2_method_once = …;
static void pmbtoken_exp2_init_method_impl(void) { … }
static int pmbtoken_exp2_init_method(void) { … }
int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public) { … }
int pmbtoken_exp2_derive_key_from_secret(CBB *out_private, CBB *out_public,
const uint8_t *secret,
size_t secret_len) { … }
int pmbtoken_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
const uint8_t *in, size_t len) { … }
int pmbtoken_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
const uint8_t *in, size_t len) { … }
STACK_OF(TRUST_TOKEN_PRETOKEN) *pmbtoken_exp2_blind(CBB *cbb, size_t count,
int include_message,
const uint8_t *msg,
size_t msg_len) { … }
int pmbtoken_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
size_t num_requested, size_t num_to_issue,
uint8_t private_metadata) { … }
STACK_OF(TRUST_TOKEN) *pmbtoken_exp2_unblind(
const TRUST_TOKEN_CLIENT_KEY *key,
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
uint32_t key_id) { … }
int pmbtoken_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
uint8_t *out_private_metadata, const uint8_t *token,
size_t token_len, int include_message,
const uint8_t *msg, size_t msg_len) { … }
int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]) { … }
static int pmbtoken_pst1_hash_t(const EC_GROUP *group, EC_JACOBIAN *out,
const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) { … }
static int pmbtoken_pst1_hash_s(const EC_GROUP *group, EC_JACOBIAN *out,
const EC_AFFINE *t,
const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) { … }
static int pmbtoken_pst1_hash_c(const EC_GROUP *group, EC_SCALAR *out,
uint8_t *buf, size_t len) { … }
static int pmbtoken_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
uint8_t *buf, size_t len) { … }
static int pmbtoken_pst1_ok = …;
static PMBTOKEN_METHOD pmbtoken_pst1_method;
static CRYPTO_once_t pmbtoken_pst1_method_once = …;
static void pmbtoken_pst1_init_method_impl(void) { … }
static int pmbtoken_pst1_init_method(void) { … }
int pmbtoken_pst1_generate_key(CBB *out_private, CBB *out_public) { … }
int pmbtoken_pst1_derive_key_from_secret(CBB *out_private, CBB *out_public,
const uint8_t *secret,
size_t secret_len) { … }
int pmbtoken_pst1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
const uint8_t *in, size_t len) { … }
int pmbtoken_pst1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
const uint8_t *in, size_t len) { … }
STACK_OF(TRUST_TOKEN_PRETOKEN) *pmbtoken_pst1_blind(CBB *cbb, size_t count,
int include_message,
const uint8_t *msg,
size_t msg_len) { … }
int pmbtoken_pst1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
size_t num_requested, size_t num_to_issue,
uint8_t private_metadata) { … }
STACK_OF(TRUST_TOKEN) *pmbtoken_pst1_unblind(
const TRUST_TOKEN_CLIENT_KEY *key,
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
uint32_t key_id) { … }
int pmbtoken_pst1_read(const TRUST_TOKEN_ISSUER_KEY *key,
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
uint8_t *out_private_metadata, const uint8_t *token,
size_t token_len, int include_message,
const uint8_t *msg, size_t msg_len) { … }
int pmbtoken_pst1_get_h_for_testing(uint8_t out[97]) { … }