Merge 7bad751 into 1d4de99

README.md

@@ -132,6 +132,22 @@ docker rm -f ${CONTAINER_ID} || true
 ## Python
 
 There is a Python wrapper in ./python.
+You can to specify the RSA levels to build in the wrappers using
+the cmake flag `PYTHON_RSA_LEVELS`. Supported levels are 2048 and 4096.
+E.g.
+
+```
+cmake -DPYTHON_RSA_LEVELS="2048,4096" ..
+```
+
+In order for the RSA wrappers to work, the appropriate dynamic
+libraries need to be generated and installed for AMCL. For instance, to
+install the dynamic libraries for RSA 2048 and 4069, modify the AMCL cmake
+build as follows.
+
+```
+cmake -D CMAKE_BUILD_TYPE=Release -D BUILD_SHARED_LIBS=ON -D AMCL_CHUNK=64 -D AMCL_CURVE="BLS381,SECP256K1" -D AMCL_RSA="2048,4096" -D BUILD_PAILLIER=ON -D BUILD_PYTHON=ON -D BUILD_BLS=ON -D BUILD_WCC=OFF -D BUILD_MPIN=ON -D BUILD_X509=OFF -D CMAKE_INSTALL_PREFIX=/usr/local ..
+```
 
 ## Virtual machine
 

cmake/PythonParameters.cmake

@@ -0,0 +1,45 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set(PYTHON_RSA_FIELDS TB   TFF  BASE ML HML)
+set(PYTHON_RSA_2048   1024 2048 58   2  1  )
+set(PYTHON_RSA_4096   512  4096 60   8  4  )
+
+# Load RSA parameter in parent scope
+function(load_rsa_fields level)
+  if (NOT PYTHON_RSA_${level})
+    message(FATAL_ERROR "Invalid RSA level: ${level}")
+  endif()
+
+  foreach(field ${PYTHON_RSA_FIELDS})
+    list(FIND PYTHON_RSA_FIELDS "${field}" index)
+    list(GET  PYTHON_RSA_${level} ${index} ${field})
+    set("${field}" "${${field}}" PARENT_SCOPE)
+  endforeach()
+
+  set(BD "${TB}_${BASE}" PARENT_SCOPE)
+endfunction()
+
+# Configure file
+macro(configure_rsa_file source target)
+  configure_file("${source}" "${target}" @ONLY)
+  file(READ "${target}" temp)
+  string(REPLACE WWW "${TFF}" temp "${temp}")
+  string(REPLACE XXX "${BD}"  temp "${temp}")
+
+  file(WRITE "${target}" "${temp}")
+endmacro()

examples/example_ecdsa.c

@@ -136,28 +136,14 @@ int test(csprng *RNG)
     char hm[32];
     octet HM = {0,sizeof(hm),hm};
 
-    char nc_ecp[2 * EFS_SECP256K1 + 1];
-    octet NC_ECP = {0, sizeof(nc_ecp), nc_ecp};
-
-    ECP_SECP256K1 P;
-
     printf("Generating Paillier key pair one\n");
     PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB1, &PRIV1);
 
     printf("Generating Paillier key pair two\n");
     PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB2, &PRIV2);
 
     printf("Generating ECDSA key pair one\n");
-    ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W1,&NC_ECP);
-    rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
-    if (!rc)
-    {
-        fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK1 rc\n");
-        exit(EXIT_FAILURE);
-    }
-
-    ECP_SECP256K1_toOctet(&PK1, &P, true);
-
+    MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W1, &PK1);
     rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK1);
     if (rc!=0)
     {
@@ -166,64 +152,37 @@ int test(csprng *RNG)
     }
 
     printf("Generating ECDSA key pair two\n");
-    ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W2,&NC_ECP);
-    rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
-    if (!rc)
-    {
-        fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK2 rc");
-        exit(EXIT_FAILURE);
-    }
-
-    ECP_SECP256K1_toOctet(&PK2, &P, true);
-
-    rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2);
-    if (rc!=0)
+    MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W2, &PK2);
+    rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2);
+    if (rc != 0)
     {
         fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
         exit(EXIT_FAILURE);
     }
 
     printf("Generating GAMMA pair one\n");
-    ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA1,&NC_ECP);
-    rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
-    if (!rc)
-    {
-        fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT1\n");
-        exit(EXIT_FAILURE);
-    }
-
-    ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true);
-
-    rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1);
-    if (rc!=0)
+    MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &GAMMAPT1);
+    rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1);
+    if (rc != 0)
     {
         fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
         exit(EXIT_FAILURE);
     }
 
     printf("Generating GAMMA pair two\n");
-    ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA2,&NC_ECP);
-    rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
-    if (!rc)
-    {
-        fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT2\n");
-        exit(EXIT_FAILURE);
-    }
-
-    ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true);
-
-    rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2);
-    if (rc!=0)
+    MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &GAMMAPT2);
+    rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2);
+    if (rc != 0)
     {
         fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
         exit(EXIT_FAILURE);
     }
 
     printf("Generating K1\n");
-    ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K1,&NC_ECP);
+    MPC_K_GENERATE(RNG, &K1);
 
     printf("Generating K2\n");
-    ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K2,&NC_ECP);
+    MPC_K_GENERATE(RNG, &K2);
 
     OCT_jstring(&M,"test message");
     printf("M: ");

examples/example_ecdsa_mpc.c

@@ -30,7 +30,7 @@ int main()
     char sk[EGS_SECP256K1];
     octet SK = {0,sizeof(sk),sk};
 
-    char pk[2*EFS_SECP256K1+1];
+    char pk[EFS_SECP256K1+1];
     octet PK = {0,sizeof(pk),pk};
 
     char k[EGS_SECP256K1];
@@ -49,8 +49,7 @@ int main()
     char* sk_hex = "2f7b34cc0194179865128b63dc8af0c4062067291693e8043eda653d32a2b2d2";
     OCT_fromHex(&SK,sk_hex);
 
-    // ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&SK,&PK);
-    ECP_SECP256K1_KEY_PAIR_GENERATE(NULL,&SK,&PK);
+    MPC_ECDSA_KEY_PAIR_GENERATE(NULL,&SK,&PK);
     rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK);
     if (rc!=0)
     {

examples/example_full.c

@@ -53,7 +53,7 @@ int generate_key_material(csprng *RNG, key_material *km, octet *P, octet *Q)
 {
     int rc;
 
-    char pk[2 * EFS_SECP256K1 + 1];
+    char pk[EFS_SECP256K1 + 1];
     octet PK = {0, sizeof(pk), pk};
 
     char out[2][FS_2048];
@@ -65,12 +65,7 @@ int generate_key_material(csprng *RNG, key_material *km, octet *P, octet *Q)
     // ECDSA Key Pair
     printf("\n\tGenerate ECDSA key pair\n");
 
-    rc = ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, km->SK, &PK);
-    if (rc != 0)
-    {
-        return rc;
-    }
-
+    MPC_ECDSA_KEY_PAIR_GENERATE(RNG, km->SK, &PK);
     rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK);
     if (rc != 0)
     {
@@ -1297,7 +1292,7 @@ void signature(csprng *RNG, octet *M, key_material *alice_km, key_material *bob_
     BIG_256_56_toBytes(K1.val, k1);
     K1.len = EGS_SECP256K1;
 
-    ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, &GAMMA1, &NCP);
+    MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &NCP);
     ECP_SECP256K1_fromOctet(&P, &NCP);
     ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true);
 
@@ -1327,7 +1322,7 @@ void signature(csprng *RNG, octet *M, key_material *alice_km, key_material *bob_
     BIG_256_56_toBytes(K2.val, k2);
     K2.len = EGS_SECP256K1;
 
-    ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, &GAMMA2, &NCP);
+    MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &NCP);
     ECP_SECP256K1_fromOctet(&P, &NCP);
     ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true);
 

include/amcl/commitments.h

@@ -34,8 +34,8 @@ extern "C"
 {
 #endif
 
-#define COMMITMENTS_OK   0   /** < Success */
-#define COMMITMENTS_FAIL 81  /** < Invalid Commitment */
+#define COMMITMENTS_OK   0   /**< Success */
+#define COMMITMENTS_FAIL 81  /**< Invalid Commitment */
 
 /* NM Commitment Scheme API */
 

include/amcl/factoring_zk.h

@@ -45,8 +45,8 @@ extern "C"
 
 #define FACTORING_ZK_B 16 /**< Security parameter, length in bytes */
 
-#define FACTORING_ZK_OK   0  /** < Proof successfully verified */
-#define FACTORING_ZK_FAIL 91 /** < Invalid proof */
+#define FACTORING_ZK_OK   0  /**< Proof successfully verified */
+#define FACTORING_ZK_FAIL 91 /**< Invalid proof */
 
 /** \brief Prove knowledge of the modulus m in ZK
  *

include/amcl/mpc.h

@@ -37,6 +37,17 @@ extern "C" {
 #define MPC_FAIL        71   /**< Failure */
 #define MPC_INVALID_ECP 72   /**< Input is not a valid point on the curve */
 
+/**	@brief Generate an ECC public/private key pair
+ *
+ *  Generat an ECC public/private key pair W = s.G, where
+ *  G is a fixed public generator
+ *
+ *  @param RNG is a pointer to a cryptographically secure random number generator
+ *  @param S the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
+ *  @param W the output public key, which is s.G, where G is a fixed generator
+ */
+void MPC_ECDSA_KEY_PAIR_GENERATE(csprng *RNG, octet* S, octet *W);
+
 /** \brief ECDSA Sign message
  *
  *  Generate the ECDSA signature on message, M, with outputs (R,S)
@@ -70,6 +81,15 @@ int MPC_ECDSA_SIGN(int sha, const octet *K, const octet *SK, octet *M, octet *R,
  */
 int MPC_ECDSA_VERIFY(const octet *HM,octet *PK, octet *R,octet *S);
 
+/** \brief Generate a random K for and ECDSA signature
+ *
+ *  Generate a random K modulo the curve order
+ *
+ *  @param RNG               Pointer to a cryptographically secure PRNG
+ *  @param K                 Destination octet for the randomly generated value
+ */
+void MPC_K_GENERATE(csprng *RNG, octet *K);
+
 /** \brief Calculate the inverse of the sum of kgamma values
  *
  *  Calculate the inverse of the sum of kgamma values

include/amcl/mta.h

@@ -120,7 +120,7 @@ void MPC_SUM_MTA(const octet *A, const octet *B, const octet *ALPHA, const octet
  *
  *  <ol>
  *  <li> \f$ e \in_R [0, \ldots, q] \f$
- *  <ol>
+ *  </ol>
  *
  *  @param RNG               csprng for random generation
  *  @param E                 Destination octet for the challenge.
@@ -481,7 +481,7 @@ typedef MTA_ZK_proof MTA_ZKWC_proof;
  *  <li> \f$ t  = h_1^{y}h_2^{\sigma}            \text{ }\mathrm{mod}\text{ }\tilde{N} \f$
  *  <li> \f$ w  = h_1^{\gamma}h_2^{\tau}         \text{ }\mathrm{mod}\text{ }\tilde{N} \f$
  *  <li> \f$ v  = c1^{\alpha}g^{\gamma}\beta^{N} \text{ }\mathrm{mod}\text{ }N^2 \f$
- *  <li> \f$ U  = \alpha.G
+ *  <li> \f$ U  = \alpha.G \f$
  *  </ol>
  *
  *  @param RNG         csprng for random generation
@@ -507,6 +507,7 @@ extern void MTA_ZKWC_commit(csprng *RNG, PAILLIER_public_key *key, COMMITMENTS_B
  *  @param mod         Public BC modulus of the verifier
  *  @param C1          Base Paillier Ciphertext
  *  @param C2          New Paillier Ciphertext to prove knowledge and range
+ *  @param X           Public exponent of the associated DLOG to prove knowledge
  *  @param c           Commitment of the prover
  *  @param E           Destination challenge
  */

python/CMakeLists.txt

@@ -16,6 +16,13 @@
 cmake_minimum_required(VERSION 3.1 FATAL_ERROR)
 
 include(PythonSiteDirs)
+include(PythonParameters)
+
+if(NOT DEFINED PYTHON_RSA_LEVELS)
+  set(PYTHON_RSA_LEVELS "")
+endif()
+
+string(REPLACE "," ";" PYTHON_RSA_LEVELS "${PYTHON_RSA_LEVELS}")
 
 add_subdirectory(amcl)
 add_subdirectory(test)

python/amcl/CMakeLists.txt

@@ -16,12 +16,17 @@
 file(GLOB SRCS *.py)
 file(COPY ${SRCS} DESTINATION "${PROJECT_BINARY_DIR}/python/amcl")
 
+foreach(level ${PYTHON_RSA_LEVELS})
+  load_rsa_fields(${level})
+  configure_rsa_file("rsa.py.in" "${PROJECT_BINARY_DIR}/python/amcl/rsa_${TFF}.py")
+endforeach()
+
 install(DIRECTORY DESTINATION ${PYTHON_SITE_PACKAGES}/amcl DIRECTORY_PERMISSIONS
         OWNER_WRITE OWNER_READ OWNER_EXECUTE
         GROUP_READ GROUP_EXECUTE
         WORLD_READ WORLD_EXECUTE)
-      
+
 install(FILES ${SRCS} DESTINATION ${PYTHON_SITE_PACKAGES}/amcl PERMISSIONS
   OWNER_WRITE OWNER_READ OWNER_EXECUTE
-  GROUP_READ 
+  GROUP_READ
   WORLD_READ)