Modifying the rsa verifier in AT crypto library to take in a boolean that indicates whether RSA public exponent should be used for computations during the execution of the blind RSA signature with public metadata protocol. The rest of the files only change their calls to the New method of the verifier class to build correctly.
PiperOrigin-RevId: 550054124
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blind_signer_test.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blind_signer_test.cc
index f70bf13..4294467 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blind_signer_test.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blind_signer_test.cc
@@ -84,7 +84,8 @@
signer->Sign(encoded_message));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
const auto verifier,
- RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_));
+ RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
+ /*use_rsa_public_exponent=*/true));
EXPECT_TRUE(verifier->Verify(potentially_insecure_signature, message).ok());
}
@@ -105,7 +106,8 @@
signer->Sign(message2));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
const auto verifier,
- RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_));
+ RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
+ /*use_rsa_public_exponent=*/true));
absl::Status verification_result = verifier->Verify(insecure_sig, message2);
EXPECT_EQ(verification_result.code(), absl::StatusCode::kInvalidArgument);
EXPECT_THAT(verification_result.message(),
@@ -118,11 +120,16 @@
&GetStrongRsaKeys3072,
&GetStrongRsaKeys4096));
+using RsaBlindSignerPublicMetadataTestParams =
+ std::tuple<absl::StatusOr<std::pair<RSAPublicKey, RSAPrivateKey>>,
+ /*use_rsa_public_exponent*/ bool>;
+
class RsaBlindSignerTestWithPublicMetadata
- : public ::testing::TestWithParam<CreateTestKeyPairFunction *> {
+ : public ::testing::TestWithParam<RsaBlindSignerPublicMetadataTestParams> {
protected:
void SetUp() override {
- ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto keys_pair, (*GetParam())());
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto keys_pair, std::get<0>(GetParam()));
+ use_rsa_public_exponent_ = std::get<1>(GetParam());
public_key_ = std::move(keys_pair.first);
private_key_ = std::move(keys_pair.second);
// NOTE: using recommended RsaSsaPssParams
@@ -136,6 +143,7 @@
const EVP_MD *sig_hash_; // Owned by BoringSSL.
const EVP_MD *mgf1_hash_; // Owned by BoringSSL.
int salt_length_;
+ bool use_rsa_public_exponent_;
};
// This test only tests whether the implemented signer 'signs' properly under
@@ -153,13 +161,14 @@
mgf1_hash_, salt_length_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<RsaBlindSigner> signer,
- RsaBlindSigner::New(private_key_, /*use_rsa_public_exponent=*/true,
+ RsaBlindSigner::New(private_key_, use_rsa_public_exponent_,
public_metadata));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string potentially_insecure_signature,
signer->Sign(encoded_message));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- auto verifier, RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_,
- public_key_, public_metadata));
+ auto verifier,
+ RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
+ use_rsa_public_exponent_, public_metadata));
EXPECT_TRUE(verifier->Verify(potentially_insecure_signature, message).ok());
}
@@ -175,14 +184,14 @@
mgf1_hash_, salt_length_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<RsaBlindSigner> signer,
- RsaBlindSigner::New(private_key_, /*use_rsa_public_exponent=*/true,
+ RsaBlindSigner::New(private_key_, use_rsa_public_exponent_,
empty_public_metadata));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string potentially_insecure_signature,
signer->Sign(encoded_message));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto verifier,
RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
- empty_public_metadata));
+ use_rsa_public_exponent_, empty_public_metadata));
EXPECT_TRUE(verifier->Verify(potentially_insecure_signature, message).ok());
}
@@ -199,13 +208,14 @@
mgf1_hash_, salt_length_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<RsaBlindSigner> signer,
- RsaBlindSigner::New(private_key_, /*use_rsa_public_exponent=*/true,
+ RsaBlindSigner::New(private_key_, use_rsa_public_exponent_,
public_metadata));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string potentially_insecure_signature,
signer->Sign(encoded_message));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- auto verifier, RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_,
- public_key_, public_metadata_2));
+ auto verifier,
+ RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
+ use_rsa_public_exponent_, public_metadata_2));
absl::Status verification_result =
verifier->Verify(potentially_insecure_signature, message);
EXPECT_EQ(verification_result.code(), absl::StatusCode::kInvalidArgument);
@@ -226,13 +236,14 @@
mgf1_hash_, salt_length_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<RsaBlindSigner> signer,
- RsaBlindSigner::New(private_key_, /*use_rsa_public_exponent=*/true,
+ RsaBlindSigner::New(private_key_, use_rsa_public_exponent_,
public_metadata));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string potentially_insecure_signature,
signer->Sign(encoded_message));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- auto verifier, RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_,
- public_key_, public_metadata_2));
+ auto verifier,
+ RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
+ use_rsa_public_exponent_, public_metadata_2));
absl::Status verification_result =
verifier->Verify(potentially_insecure_signature, message);
EXPECT_EQ(verification_result.code(), absl::StatusCode::kInvalidArgument);
@@ -242,8 +253,10 @@
INSTANTIATE_TEST_SUITE_P(
RsaBlindSignerTestWithPublicMetadata, RsaBlindSignerTestWithPublicMetadata,
- ::testing::Values(&GetStrongRsaKeys2048, &GetAnotherStrongRsaKeys2048,
- &GetStrongRsaKeys3072, &GetStrongRsaKeys4096));
+ ::testing::Combine(
+ ::testing::Values(GetStrongRsaKeys2048(), GetAnotherStrongRsaKeys2048(),
+ GetStrongRsaKeys3072(), GetStrongRsaKeys4096()),
+ /*use_rsa_public_exponent*/ ::testing::Values(true, false)));
// TODO(b/275956922): Consolidate all tests that use IETF test vectors into one
// E2E test.
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.cc
index c942662..5a890cc 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.cc
@@ -38,7 +38,7 @@
absl::StatusOr<std::unique_ptr<RsaSsaPssVerifier>> RsaSsaPssVerifier::New(
const int salt_length, const EVP_MD* sig_hash, const EVP_MD* mgf1_hash,
- const RSAPublicKey& public_key,
+ const RSAPublicKey& public_key, const bool use_rsa_public_exponent,
std::optional<absl::string_view> public_metadata) {
bssl::UniquePtr<RSA> rsa_public_key;
@@ -53,7 +53,7 @@
ANON_TOKENS_ASSIGN_OR_RETURN(
rsa_public_key, CreatePublicKeyRSAWithPublicMetadata(
public_key.n(), public_key.e(), *public_metadata,
- /*use_rsa_public_exponent=*/true));
+ use_rsa_public_exponent));
}
return absl::WrapUnique(new RsaSsaPssVerifier(salt_length, public_metadata,
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.h b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.h
index 304b6a1..9026ba0 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.h
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.h
@@ -42,9 +42,16 @@
// Passing of public_metadata is optional. If it is set to any value including
// an empty string, RsaSsaPssVerifier will assume that partially blind RSA
// signature protocol is being executed.
+ //
+ // If public metadata is passed and the boolean "use_rsa_public_exponent" is
+ // set to false, the public exponent in the public_key is not used in any
+ // computations in the protocol.
+ //
+ // Setting "use_rsa_public_exponent" to true is deprecated. All new users
+ // should set it to false.
static absl::StatusOr<std::unique_ptr<RsaSsaPssVerifier>> New(
int salt_length, const EVP_MD* sig_hash, const EVP_MD* mgf1_hash,
- const RSAPublicKey& public_key,
+ const RSAPublicKey& public_key, bool use_rsa_public_exponent,
std::optional<absl::string_view> public_metadata = std::nullopt);
// Verifies the signature.
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier_test.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier_test.cc
index 32fe85e..3542627 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier_test.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier_test.cc
@@ -47,8 +47,9 @@
const EVP_MD *mgf1_hash = EVP_sha384(); // Owned by BoringSSL
const int salt_length = kSaltLengthInBytes48;
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- const auto verifier, RsaSsaPssVerifier::New(salt_length, sig_hash,
- mgf1_hash, test_keys.first));
+ const auto verifier,
+ RsaSsaPssVerifier::New(salt_length, sig_hash, mgf1_hash, test_keys.first,
+ /*use_rsa_public_exponent=*/true));
EXPECT_TRUE(verifier->Verify(test_vec.signature, test_vec.message).ok());
}
@@ -61,8 +62,9 @@
const EVP_MD *mgf1_hash = EVP_sha384(); // Owned by BoringSSL
const int salt_length = kSaltLengthInBytes48;
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- const auto verifier, RsaSsaPssVerifier::New(salt_length, sig_hash,
- mgf1_hash, test_keys.first));
+ const auto verifier,
+ RsaSsaPssVerifier::New(salt_length, sig_hash, mgf1_hash, test_keys.first,
+ /*use_rsa_public_exponent=*/true));
// corrupt signature
std::string wrong_sig = test_vec.signature;
wrong_sig.replace(10, 1, "x");
@@ -85,7 +87,8 @@
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
const auto verifier,
RsaSsaPssVerifier::New(salt_length, sig_hash, mgf1_hash,
- new_keys_pair.first));
+ new_keys_pair.first,
+ /*use_rsa_public_exponent=*/true));
absl::Status verification_result =
verifier->Verify(test_vec.signature, test_vec.message);
@@ -113,7 +116,8 @@
TestSign(encoded_message, private_key.get()));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto verifier,
- RsaSsaPssVerifier::New(salt_length, sig_hash, mgf1_hash, test_key.first));
+ RsaSsaPssVerifier::New(salt_length, sig_hash, mgf1_hash, test_key.first,
+ /*use_rsa_public_exponent=*/true));
EXPECT_TRUE(verifier->Verify(potentially_insecure_signature, message).ok());
}
@@ -132,6 +136,7 @@
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto verifier,
RsaSsaPssVerifier::New(salt_length, sig_hash, mgf1_hash, test_key.first,
+ /*use_rsa_public_exponent=*/true,
test_vector.public_metadata));
EXPECT_TRUE(verifier
->Verify(test_vector.signature,
@@ -141,14 +146,38 @@
}
}
-using CreateTestKeyPairFunction =
- absl::StatusOr<std::pair<RSAPublicKey, RSAPrivateKey>>();
+TEST(RsaSsaPssVerifierTestWithPublicMetadata,
+ IetfRsaBlindSignaturesWithPublicMetadataNoPublicExponentSuccess) {
+ auto test_vectors =
+ GetIetfPartiallyBlindRSASignatureNoPublicExponentTestVectors();
+ const EVP_MD *sig_hash = EVP_sha384(); // Owned by BoringSSL
+ const EVP_MD *mgf1_hash = EVP_sha384(); // Owned by BoringSSL
+ const int salt_length = kSaltLengthInBytes48;
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
+ const auto test_key,
+ GetIetfRsaBlindSignatureWithPublicMetadataTestKeys());
+ for (const auto &test_vector : test_vectors) {
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
+ auto verifier,
+ RsaSsaPssVerifier::New(salt_length, sig_hash, mgf1_hash, test_key.first,
+ /*use_rsa_public_exponent=*/false,
+ test_vector.public_metadata));
+ EXPECT_TRUE(
+ verifier->Verify(test_vector.signature, test_vector.message).ok());
+ }
+}
+
+using RsaSsaPssVerifierPublicMetadataTestParams =
+ std::tuple<absl::StatusOr<std::pair<RSAPublicKey, RSAPrivateKey>>,
+ /*use_rsa_public_exponent*/ bool>;
class RsaSsaPssVerifierTestWithPublicMetadata
- : public ::testing::TestWithParam<CreateTestKeyPairFunction *> {
+ : public ::testing::TestWithParam<
+ RsaSsaPssVerifierPublicMetadataTestParams> {
protected:
void SetUp() override {
- ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto keys_pair, (*GetParam())());
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto keys_pair, std::get<0>(GetParam()));
+ use_rsa_public_exponent_ = std::get<1>(GetParam());
public_key_ = std::move(keys_pair.first);
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
private_key_, AnonymousTokensRSAPrivateKeyToRSA(keys_pair.second));
@@ -163,6 +192,7 @@
const EVP_MD *sig_hash_; // Owned by BoringSSL.
const EVP_MD *mgf1_hash_; // Owned by BoringSSL.
int salt_length_;
+ bool use_rsa_public_exponent_;
};
// This test only tests whether the implemented verfier 'verifies' properly
@@ -182,11 +212,11 @@
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::string potentially_insecure_signature,
TestSignWithPublicMetadata(encoded_message, public_metadata,
- *private_key_,
- /*use_rsa_public_exponent=*/true));
+ *private_key_, use_rsa_public_exponent_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- auto verifier, RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_,
- public_key_, public_metadata));
+ auto verifier,
+ RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
+ use_rsa_public_exponent_, public_metadata));
EXPECT_TRUE(verifier->Verify(potentially_insecure_signature, message).ok());
}
@@ -204,11 +234,11 @@
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::string potentially_insecure_signature,
TestSignWithPublicMetadata(encoded_message, public_metadata,
- *private_key_,
- /*use_rsa_public_exponent=*/true));
+ *private_key_, use_rsa_public_exponent_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- auto verifier, RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_,
- public_key_, public_metadata_2));
+ auto verifier,
+ RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
+ use_rsa_public_exponent_, public_metadata_2));
absl::Status verification_result =
verifier->Verify(potentially_insecure_signature, message);
EXPECT_EQ(verification_result.code(), absl::StatusCode::kInvalidArgument);
@@ -230,12 +260,11 @@
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::string potentially_insecure_signature,
TestSignWithPublicMetadata(encoded_message, public_metadata,
- *private_key_,
- /*use_rsa_public_exponent=*/true));
+ *private_key_, use_rsa_public_exponent_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto verifier,
RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
- empty_public_metadata));
+ use_rsa_public_exponent_, empty_public_metadata));
absl::Status verification_result =
verifier->Verify(potentially_insecure_signature, message);
EXPECT_EQ(verification_result.code(), absl::StatusCode::kInvalidArgument);
@@ -256,11 +285,11 @@
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::string potentially_insecure_signature,
TestSignWithPublicMetadata(encoded_message, public_metadata,
- *private_key_,
- /*use_rsa_public_exponent=*/true));
+ *private_key_, use_rsa_public_exponent_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto verifier,
- RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_));
+ RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
+ use_rsa_public_exponent_));
absl::Status verification_result =
verifier->Verify(potentially_insecure_signature, message);
EXPECT_EQ(verification_result.code(), absl::StatusCode::kInvalidArgument);
@@ -282,19 +311,21 @@
std::string potentially_insecure_signature,
TestSignWithPublicMetadata(encoded_message, public_metadata,
*private_key_.get(),
- /*use_rsa_public_exponent=*/true));
+ use_rsa_public_exponent_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- auto verifier, RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_,
- public_key_, public_metadata));
+ auto verifier,
+ RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
+ use_rsa_public_exponent_, public_metadata));
EXPECT_TRUE(verifier->Verify(potentially_insecure_signature, message).ok());
}
-INSTANTIATE_TEST_SUITE_P(RsaSsaPssVerifierTestWithPublicMetadata,
- RsaSsaPssVerifierTestWithPublicMetadata,
- ::testing::Values(&GetStrongRsaKeys2048,
- &GetAnotherStrongRsaKeys2048,
- &GetStrongRsaKeys3072,
- &GetStrongRsaKeys4096));
+INSTANTIATE_TEST_SUITE_P(
+ RsaSsaPssVerifierTestWithPublicMetadata,
+ RsaSsaPssVerifierTestWithPublicMetadata,
+ ::testing::Combine(
+ ::testing::Values(GetStrongRsaKeys2048(), GetAnotherStrongRsaKeys2048(),
+ GetStrongRsaKeys3072(), GetStrongRsaKeys4096()),
+ /*use_rsa_public_exponent*/ ::testing::Values(true, false)));
} // namespace
} // namespace anonymous_tokens
