/* Copyright (c) 2020, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include <openssl/trust_token.h> #include <openssl/bn.h> #include <openssl/bytestring.h> #include <openssl/ec.h> #include <openssl/err.h> #include <openssl/mem.h> #include <openssl/nid.h> #include <openssl/rand.h> #include <openssl/sha.h> #include "../ec_extra/internal.h" #include "../fipsmodule/ec/internal.h" #include "internal.h" hash_to_group_func_t; hash_to_scalar_func_t; VOPRF_METHOD; static const uint8_t kDefaultAdditionalData[32] = …; static int cbb_add_point(CBB *out, const EC_GROUP *group, const EC_AFFINE *point) { … } static int cbb_serialize_point(CBB *out, const EC_GROUP *group, const EC_AFFINE *point) { … } static int cbs_get_point(CBS *cbs, const EC_GROUP *group, EC_AFFINE *out) { … } static int scalar_to_cbb(CBB *out, const EC_GROUP *group, const EC_SCALAR *scalar) { … } static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) { … } static int voprf_calculate_key(const VOPRF_METHOD *method, CBB *out_private, CBB *out_public, const EC_SCALAR *priv) { … } static int voprf_generate_key(const VOPRF_METHOD *method, CBB *out_private, CBB *out_public) { … } static int voprf_derive_key_from_secret(const VOPRF_METHOD *method, CBB *out_private, CBB *out_public, const uint8_t *secret, size_t secret_len) { … } static int voprf_client_key_from_bytes(const VOPRF_METHOD *method, TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in, size_t len) { … } static int voprf_issuer_key_from_bytes(const VOPRF_METHOD *method, TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in, size_t len) { … } static STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_blind(const VOPRF_METHOD *method, CBB *cbb, size_t count, int include_message, const uint8_t *msg, size_t msg_len) { … } static int hash_to_scalar_dleq(const VOPRF_METHOD *method, EC_SCALAR *out, const EC_AFFINE *X, const EC_AFFINE *T, const EC_AFFINE *W, const EC_AFFINE *K0, const EC_AFFINE *K1) { … } static int hash_to_scalar_challenge(const VOPRF_METHOD *method, EC_SCALAR *out, const EC_AFFINE *Bm, const EC_AFFINE *a0, const EC_AFFINE *a1, const EC_AFFINE *a2, const EC_AFFINE *a3) { … } static int hash_to_scalar_batch(const VOPRF_METHOD *method, EC_SCALAR *out, const CBB *points, size_t index) { … } static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb, const TRUST_TOKEN_ISSUER_KEY *priv, const EC_JACOBIAN *T, const EC_JACOBIAN *W) { … } static int mul_public_2(const EC_GROUP *group, EC_JACOBIAN *out, const EC_JACOBIAN *p0, const EC_SCALAR *scalar0, const EC_JACOBIAN *p1, const EC_SCALAR *scalar1) { … } static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs, const TRUST_TOKEN_CLIENT_KEY *pub, const EC_JACOBIAN *T, const EC_JACOBIAN *W) { … } static int voprf_sign_tt(const VOPRF_METHOD *method, const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue) { … } static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt( const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key, const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count, uint32_t key_id) { … } static void sha384_update_u16(SHA512_CTX *ctx, uint16_t v) { … } static void sha384_update_point_with_length( SHA512_CTX *ctx, const EC_GROUP *group, const EC_AFFINE *point) { … } static int compute_composite_seed(const VOPRF_METHOD *method, uint8_t out[SHA384_DIGEST_LENGTH], const EC_AFFINE *pub) { … } static int compute_composite_element(const VOPRF_METHOD *method, uint8_t seed[SHA384_DIGEST_LENGTH], EC_SCALAR *di, size_t index, const EC_AFFINE *C, const EC_AFFINE *D) { … } static int generate_proof(const VOPRF_METHOD *method, CBB *cbb, const TRUST_TOKEN_ISSUER_KEY *priv, const EC_SCALAR *r, const EC_JACOBIAN *M, const EC_JACOBIAN *Z) { … } static int verify_proof(const VOPRF_METHOD *method, CBS *cbs, const TRUST_TOKEN_CLIENT_KEY *pub, const EC_JACOBIAN *M, const EC_JACOBIAN *Z) { … } static int voprf_sign_impl(const VOPRF_METHOD *method, const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, const EC_SCALAR *proof_scalar) { … } static int voprf_sign(const VOPRF_METHOD *method, const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue) { … } static int voprf_sign_with_proof_scalar_for_testing( const VOPRF_METHOD *method, const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, const uint8_t *proof_scalar_buf, size_t proof_scalar_len) { … } static STACK_OF(TRUST_TOKEN) *voprf_unblind( const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key, const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count, uint32_t key_id) { … } static int voprf_read(const VOPRF_METHOD *method, const TRUST_TOKEN_ISSUER_KEY *key, uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], const uint8_t *token, size_t token_len, int include_message, const uint8_t *msg, size_t msg_len) { … } // VOPRF experiment v2. static int voprf_exp2_hash_to_group(const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) { … } static int voprf_exp2_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out, uint8_t *buf, size_t len) { … } static VOPRF_METHOD voprf_exp2_method = …; int voprf_exp2_generate_key(CBB *out_private, CBB *out_public) { … } int voprf_exp2_derive_key_from_secret(CBB *out_private, CBB *out_public, const uint8_t *secret, size_t secret_len) { … } int voprf_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in, size_t len) { … } int voprf_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in, size_t len) { … } STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_exp2_blind(CBB *cbb, size_t count, int include_message, const uint8_t *msg, size_t msg_len) { … } int voprf_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, uint8_t private_metadata) { … } STACK_OF(TRUST_TOKEN) *voprf_exp2_unblind( const TRUST_TOKEN_CLIENT_KEY *key, const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count, uint32_t key_id) { … } int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key, uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], uint8_t *out_private_metadata, const uint8_t *token, size_t token_len, int include_message, const uint8_t *msg, size_t msg_len) { … } // VOPRF PST v1. static int voprf_pst1_hash_to_group(const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) { … } static int voprf_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out, uint8_t *buf, size_t len) { … } static VOPRF_METHOD voprf_pst1_method = …; int voprf_pst1_generate_key(CBB *out_private, CBB *out_public) { … } int voprf_pst1_derive_key_from_secret(CBB *out_private, CBB *out_public, const uint8_t *secret, size_t secret_len) { … } int voprf_pst1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in, size_t len) { … } int voprf_pst1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in, size_t len) { … } STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_pst1_blind(CBB *cbb, size_t count, int include_message, const uint8_t *msg, size_t msg_len) { … } int voprf_pst1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, uint8_t private_metadata) { … } int voprf_pst1_sign_with_proof_scalar_for_testing( const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, uint8_t private_metadata, const uint8_t *proof_scalar_buf, size_t proof_scalar_len) { … } STACK_OF(TRUST_TOKEN) *voprf_pst1_unblind( const TRUST_TOKEN_CLIENT_KEY *key, const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count, uint32_t key_id) { … } int voprf_pst1_read(const TRUST_TOKEN_ISSUER_KEY *key, uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], uint8_t *out_private_metadata, const uint8_t *token, size_t token_len, int include_message, const uint8_t *msg, size_t msg_len) { … }
Codebase Browser
chromium