Drop internal PrepareRandom function and rename the type

cloudflare · Jun 14, 2023 · 8d0cc8c · 8d0cc8c
1 parent 8b4d397
commit 8d0cc8c
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 36 deletions.
diff --git a/blindsign/blindrsa/pbrsa.go b/blindsign/blindrsa/pbrsa.go
@@ -46,7 +46,7 @@ type BigPrivateKey struct {
 // A PBRSAVerifier represents a Verifier in the RSA blind signature protocol.
 // It carries state needed to produce and validate an RSA signature produced
 // using the blind RSA protocol.
-type PBRSAVerifier struct {
+type RandomizedPBRSAVerifier struct {
 	// Public key of the Signer
 	pk *BigPublicKey
 
@@ -64,10 +64,10 @@ func newCustomPublicKey(pk *rsa.PublicKey) *BigPublicKey {
 	}
 }
 
-// NewPBRSAVerifier creates a new PBRSAVerifier using the corresponding Signer parameters.
-func NewPBRSAVerifier(pk *rsa.PublicKey, hash crypto.Hash) PBRSAVerifier {
+// RandomizedPBRSAVerifier creates a new PBRSAVerifier using the corresponding Signer parameters.
+func NewRandomizedPBRSAVerifier(pk *rsa.PublicKey, hash crypto.Hash) PBRSAVerifier {
 	h := convertHashFunction(hash)
-	return PBRSAVerifier{
+	return RandomizedPBRSAVerifier{
 		pk:         newCustomPublicKey(pk),
 		cryptoHash: hash,
 		hash:       h,
@@ -181,17 +181,23 @@ func fixedPartiallyBlind(message, rand, salt []byte, r, rInv *big.Int, pk *BigPu
 		hash:       hash,
 		salt:       salt,
 		rInv:       rInv,
-		rand:       rand,
+		// rand:       rand,
 	}, nil
 }
 
+type PBRSAVerifier interface {
+	Blind(random io.Reader, message, metadata []byte) ([]byte, PBRSAVerifierState, error)
+	Verify(message, signature, metadata []byte) error
+	Hash() hash.Hash
+}
+
 // Blind initializes the blind RSA protocol using an input message and source of randomness. The
 // signature includes a randomly generated PSS salt whose length equals the size of the underlying
 // hash function. This function fails if randomness was not provided.
 //
 // See the specification for more details:
 // https://datatracker.ietf.org/doc/html/draft-amjad-cfrg-partially-blind-rsa-00#name-blind
-func (v PBRSAVerifier) Blind(random io.Reader, message, metadata []byte) ([]byte, PBRSAVerifierState, error) {
+func (v RandomizedPBRSAVerifier) Blind(random io.Reader, message, metadata []byte) ([]byte, PBRSAVerifierState, error) {
 	if random == nil {
 		return nil, PBRSAVerifierState{}, ErrInvalidRandomness
 	}
@@ -207,36 +213,30 @@ func (v PBRSAVerifier) Blind(random io.Reader, message, metadata []byte) ([]byte
 		return nil, PBRSAVerifierState{}, err
 	}
 
-	// Pick a random string rand of length 32 bytes
-	rand := make([]byte, 32)
-	_, err = random.Read(rand)
-	if err != nil {
-		return nil, PBRSAVerifierState{}, err
-	}
-
-	// M' = M || rand
-	msgPrime := append(rand, message...)
-
 	// Compute e_MD = e * H_MD(D)
 	metadataKey := augmentPublicKey(v.cryptoHash, v.pk, metadata)
 
 	// Do the rest with (M', D) as the message being signed
-	inputMsg := encodeMessageMetadata(msgPrime, metadata)
+	inputMsg := encodeMessageMetadata(message, metadata)
 
-	return fixedPartiallyBlind(inputMsg, rand, salt, r, rInv, metadataKey, v.hash)
+	return fixedPartiallyBlind(inputMsg, nil, salt, r, rInv, metadataKey, v.hash)
 }
 
 // Verify verifies the input (message, signature) pair and produces an error upon failure.
 //
 // See the specification for more details:
 // https://datatracker.ietf.org/doc/html/draft-amjad-cfrg-partially-blind-rsa-00#name-verification-2
-func (v PBRSAVerifier) Verify(message, metadata, rand, signature []byte) error {
-	msgPrime := append(rand, message...)
+func (v RandomizedPBRSAVerifier) Verify(message, metadata, signature []byte) error {
 	metadataKey := augmentPublicKey(v.cryptoHash, v.pk, metadata)
-	inputMsg := encodeMessageMetadata(msgPrime, metadata)
+	inputMsg := encodeMessageMetadata(message, metadata)
 	return verifyMessageSignature(inputMsg, signature, v.hash.Size(), metadataKey, v.cryptoHash)
 }
 
+// Hash returns the hash function associated with the PBRSAVerifier.
+func (v RandomizedPBRSAVerifier) Hash() hash.Hash {
+	return v.hash
+}
+
 // A PBRSAVerifierState carries state needed to complete the blind signature protocol
 // as a verifier.
 type PBRSAVerifierState struct {
@@ -253,7 +253,7 @@ type PBRSAVerifierState struct {
 	salt []byte
 
 	// The random component attached to each message
-	rand []byte
+	// rand []byte
 
 	// Inverse of the blinding factor produced by the Verifier
 	rInv *big.Int
@@ -298,13 +298,6 @@ func (state PBRSAVerifierState) CopySalt() []byte {
 	return salt
 }
 
-// CopyRand returns the random component of the per-message randomness.
-func (state PBRSAVerifierState) CopyRand() []byte {
-	rand := make([]byte, len(state.rand))
-	copy(rand, state.rand)
-	return rand
-}
-
 // An PBRSASigner represents the Signer in the blind RSA protocol.
 // It carries the raw RSA private key used for signing blinded messages.
 type PBRSASigner struct {

diff --git a/blindsign/blindrsa/pbrsa_test.go b/blindsign/blindrsa/pbrsa_test.go
@@ -73,7 +73,7 @@ func runPBRSA(signer PBRSASigner, verifier PBRSAVerifier, message, metadata []by
 		return nil, err
 	}
 
-	err = verifier.Verify(message, metadata, state.CopyRand(), sig)
+	err = verifier.Verify(message, metadata, sig)
 	if err != nil {
 		return nil, err
 	}
@@ -98,7 +98,7 @@ func TestPBRSARoundTrip(t *testing.T) {
 	}
 
 	hash := crypto.SHA384
-	verifier := NewPBRSAVerifier(&key.PublicKey, hash)
+	verifier := NewRandomizedPBRSAVerifier(&key.PublicKey, hash)
 	signer := NewPBRSASigner(key, hash)
 
 	sig, err := runPBRSA(signer, verifier, message, metadata, rand.Reader)
@@ -177,7 +177,7 @@ func generatePBRSATestVector(t *testing.T, msg, metadata []byte) rawPBRSATestVec
 	}
 
 	hash := crypto.SHA384
-	verifier := NewPBRSAVerifier(&key.PublicKey, hash)
+	verifier := NewRandomizedPBRSAVerifier(&key.PublicKey, hash)
 	signer := NewPBRSASigner(key, hash)
 
 	publicKey := newCustomPublicKey(&key.PublicKey)
@@ -198,7 +198,7 @@ func generatePBRSATestVector(t *testing.T, msg, metadata []byte) rawPBRSATestVec
 		t.Fatal(err)
 	}
 
-	err = verifier.Verify(msg, metadata, state.CopyRand(), sig)
+	err = verifier.Verify(msg, metadata, sig)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -208,7 +208,6 @@ func generatePBRSATestVector(t *testing.T, msg, metadata []byte) rawPBRSATestVec
 		metadata:    metadata,
 		privateKey:  key,
 		metadataKey: metadataKey.Marshal(),
-		rand:        state.CopyRand(),
 		salt:        state.CopySalt(),
 		blind:       state.CopyBlind(),
 		request:     blindedMsg,
@@ -272,7 +271,7 @@ func BenchmarkPBRSA(b *testing.B) {
 	}
 
 	hash := crypto.SHA384
-	verifier := NewPBRSAVerifier(&key.PublicKey, hash)
+	verifier := NewRandomizedPBRSAVerifier(&key.PublicKey, hash)
 	signer := NewPBRSASigner(key, hash)
 
 	var blindedMsg []byte
@@ -306,7 +305,7 @@ func BenchmarkPBRSA(b *testing.B) {
 		}
 	})
 
-	err = verifier.Verify(message, metadata, state.rand, sig)
+	err = verifier.Verify(message, metadata, sig)
 	if err != nil {
 		b.Fatal(err)
 	}