Documentation
¶
Overview ¶
Package blindrsa implements the RSA Blind Signature Protocol as defined in [RFC9474].
The RSA Blind Signature protocol, and its variant RSABSSA (RSA Blind Signature Scheme with Appendix) is a two-party protocol between a Client and Server where they interact to compute
sig = Sign(sk, input_msg),
where `input_msg = Prepare(msg)` is a prepared version of a private message `msg` provided by the Client, and `sk` is the private signing key provided by the server.
Supported Variants ¶
This package is compliant with the RFC-9474 document and supports the following variants:
- RSABSSA-SHA384-PSS-Deterministic
- RSABSSA-SHA384-PSSZERO-Deterministic
- RSABSSA-SHA384-PSS-Randomized
- RSABSSA-SHA384-PSSZERO-Randomized
Index ¶
- Variables
- func ConvertHashFunction(hash crypto.Hash) hash.Hash
- func DecryptAndCheck(random io.Reader, priv *BigPrivateKey, c *big.Int) (m *big.Int, err error)
- func EncodeMessageEMSAPSS(message []byte, N *big.Int, hash hash.Hash, salt []byte) ([]byte, error)
- func GenerateBlindingFactor(random io.Reader, N *big.Int) (*big.Int, *big.Int, error)
- func VerifyBlindSignature(pub *BigPublicKey, hashed, sig []byte) error
- func VerifyMessageSignature(message, signature []byte, saltLength int, pk *BigPublicKey, hash crypto.Hash) error
- type BigPrivateKey
- type BigPublicKey
- type Client
- func (c Client) Blind(random io.Reader, preparedMessage []byte) (blindedMsg []byte, state State, err error)
- func (c Client) Finalize(state State, blindedSig []byte) ([]byte, error)
- func (c Client) FixedBlind(message, salt []byte, r, rInv *big.Int) (blindedMsg []byte, state State, err error)
- func (c Client) Prepare(random io.Reader, message []byte) ([]byte, error)
- func (c Client) Verify(message, signature []byte) error
- type Signer
- type State
- type Variant
- type Verifier
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidVariant is the error used if the variant request does not exist. ErrInvalidVariant = errors.New("blindsign/blindrsa: invalid variant requested") // ErrUnexpectedSize is the error used if the size of a parameter does not match its expected value. ErrUnexpectedSize = errors.New("blindsign/blindrsa: unexpected input size") // ErrInvalidMessageLength is the error used if the size of a protocol message does not match its expected value. ErrInvalidMessageLength = errors.New("blindsign/blindrsa: invalid message length") // ErrInvalidBlind is the error used if the blind generated by the Verifier fails. ErrInvalidBlind = errors.New("blindsign/blindrsa: invalid blind") // ErrInvalidRandomness is the error used if caller did not provide randomness to the Blind() function. ErrInvalidRandomness = errors.New("blindsign/blindrsa: invalid random parameter") // ErrUnsupportedHashFunction is the error used if the specified hash is not supported. ErrUnsupportedHashFunction = errors.New("blindsign/blindrsa: unsupported hash function") )
Functions ¶
func ConvertHashFunction ¶
ConvertHashFunction converts a crypto.Hash function to an equivalent hash.Hash type.
func DecryptAndCheck ¶
DecryptAndCheck checks that the private key operation is consistent (fault attack detection).
func EncodeMessageEMSAPSS ¶
EncodeMessageEMSAPSS hashes the input message and then encodes it using PSS encoding.
func GenerateBlindingFactor ¶
GenerateBlindingFactor generates a blinding factor and its multiplicative inverse to use for RSA blinding.
func VerifyBlindSignature ¶
func VerifyBlindSignature(pub *BigPublicKey, hashed, sig []byte) error
VerifyBlindSignature verifies the signature of the hashed and encoded message against the input public key.
func VerifyMessageSignature ¶
func VerifyMessageSignature(message, signature []byte, saltLength int, pk *BigPublicKey, hash crypto.Hash) error
VerifyMessageSignature verifies the input message signature against the expected public key
Types ¶
type BigPrivateKey ¶
CustomPublicKey is similar to rsa.PrivateKey, containing information needed for a private key used in the partially blind signature protocol.
func NewBigPrivateKey ¶
func NewBigPrivateKey(sk *rsa.PrivateKey) *BigPrivateKey
NewBigPrivateKey creates a BigPrivateKey from a rsa.PrivateKey.
type BigPublicKey ¶
BigPublicKey is the same as an rsa.PublicKey struct, except the public key is represented as a big integer as opposed to an int. For the partially blind scheme, this is required since the public key will typically be any value in the RSA group.
func NewBigPublicKey ¶
func NewBigPublicKey(pk *rsa.PublicKey) *BigPublicKey
NewBigPublicKey creates a BigPublicKey from a rsa.PublicKey.
func (*BigPublicKey) Marshal ¶
func (pub *BigPublicKey) Marshal() []byte
Marshal encodes the public key exponent (e).
func (*BigPublicKey) Size ¶
func (pub *BigPublicKey) Size() int
Size returns the size of the public key.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a type that implements the client side of the blind RSA protocol, described in https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants
func (Client) Blind ¶
func (c Client) Blind(random io.Reader, preparedMessage []byte) (blindedMsg []byte, state State, err error)
Blind initializes the blind RSA protocol using an input message and source of randomness. This function fails if randomness was not provided.
func (Client) FixedBlind ¶
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer structure represents the signing server in the blind RSA protocol. It carries the raw RSA private key used for signing blinded messages.
func NewSigner ¶
func NewSigner(sk *rsa.PrivateKey) Signer
NewSigner creates a new Signer for the blind RSA protocol using an RSA private key.
func (Signer) BlindSign ¶
BlindSign blindly computes the RSA operation using the Signer's private key on the blinded message input, if it's of valid length, and returns an error should the function fail.
See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-blindsign
type Verifier ¶
type Verifier struct { rsa.PSSOptions // contains filtered or unexported fields }