Google Git
Sign in
quiche/quiche.git/7d201495d8a5ef115787765fb12af0d5575281c1^!/.
commit
7d201495d8a5ef115787765fb12af0d5575281c1
[log]
author
elburrito <elburrito@google.com>
Fri Sep 01 14:30:32 2023 -0700
committer
Copybara-Service <copybara-worker@google.com>
Fri Sep 01 14:33:07 2023 -0700
tree
2a731e48b310982ea4da5a265f9af1720f7f1d56
parent
546e3962d2fb0d9c5b8484604db7e6d880b50517 [diff]
Set do_not_use_rsa_public_exponent to true in AnonymousTokensRsaBssaClient, and set its value correctly in BlindSignAuth and PPN Krypton.

Tested in Windows, Linux, and BlindSignAuth E2E.

PiperOrigin-RevId: 562049773

diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc
index e40c669..d1f7de1 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc

@@ -150,6 +150,7 @@
       // Empty public metadata is a valid value.
       public_metadata = input.public_metadata();
     }
+    const bool use_rsa_public_exponent = false;
     // Owned by BoringSSL.
     ANON_TOKENS_ASSIGN_OR_RETURN(
         const EVP_MD* sig_hash,
@@ -163,7 +164,7 @@
         auto rsa_bssa_blinder,
         RsaBlinder::New(rsa_public_key_proto.n(), rsa_public_key_proto.e(),
                         sig_hash, mgf1_hash, public_key_.salt_length(),
-                        /*use_rsa_public_exponent=*/true, public_metadata));
+                        use_rsa_public_exponent, public_metadata));
     ANON_TOKENS_ASSIGN_OR_RETURN(const std::string blinded_message,
                                  rsa_bssa_blinder->Blind(masked_message));
 
@@ -181,6 +182,7 @@
     blinded_token->set_key_version(public_key_.key_version());
     blinded_token->set_serialized_token(blinded_message);
     blinded_token->set_public_metadata(input.public_metadata());
+    blinded_token->set_do_not_use_rsa_public_exponent(!use_rsa_public_exponent);
     blinding_info_map_[blinded_message] = std::move(blinding_info);
   }
 
@@ -248,6 +250,13 @@
         anonymous_token.public_metadata()) {
       return absl::InvalidArgumentError(
           "Response public metadata does not match input.");
+    } else if (public_key_.public_metadata_support() &&
+               !anonymous_token.do_not_use_rsa_public_exponent()) {
+      // Bool do_not_use_rsa_public_exponent does not matter for the non-public
+      // metadata version.
+      return absl::InvalidArgumentError(
+          "Setting do_not_use_rsa_public_exponent to false is no longer "
+          "supported.");
     }
 
     // Unblind the blinded anonymous token to obtain the final anonymous token

diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc
index ecf3be7..95caa30 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc

@@ -97,6 +97,7 @@
     const AnonymousTokensSignRequest& request, const RSAPrivateKey& private_key,
     bool enable_public_metadata = false) {
   AnonymousTokensSignResponse response;
+  const bool use_rsa_public_exponent = false;
   for (const auto& request_token : request.blinded_tokens()) {
     auto* response_token = response.add_anonymous_tokens();
     response_token->set_use_case(request_token.use_case());
@@ -104,13 +105,15 @@
     response_token->set_public_metadata(request_token.public_metadata());
     response_token->set_serialized_blinded_message(
         request_token.serialized_token());
+    response_token->set_do_not_use_rsa_public_exponent(
+        !use_rsa_public_exponent);
     std::optional<std::string> public_metadata = std::nullopt;
     if (enable_public_metadata) {
       public_metadata = request_token.public_metadata();
     }
     ANON_TOKENS_ASSIGN_OR_RETURN(
         std::unique_ptr<RsaBlindSigner> blind_signer,
-        RsaBlindSigner::New(private_key, /*use_rsa_public_exponent=*/true,
+        RsaBlindSigner::New(private_key, use_rsa_public_exponent,
                             public_metadata));
     ANON_TOKENS_ASSIGN_OR_RETURN(
         *response_token->mutable_serialized_token(),

diff --git a/quiche/blind_sign_auth/blind_sign_auth.cc b/quiche/blind_sign_auth/blind_sign_auth.cc
index 2965ff1..f44df72 100644
--- a/quiche/blind_sign_auth/blind_sign_auth.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth.cc

@@ -152,6 +152,8 @@
     sign_request.add_blinded_token(absl::Base64Escape(
         at_sign_request->blinded_tokens().at(i).serialized_token()));
   }
+  // TODO(b/295924807): deprecate this option after AT server defaults to it
+  sign_request.set_do_not_use_rsa_public_exponent(true);
 
   privacy::ppn::PublicMetadataInfo public_metadata_info =
       initial_data_response.public_metadata_info();
@@ -231,6 +233,7 @@
     *anon_token_proto.mutable_serialized_blinded_message() =
         at_sign_request.blinded_tokens(i).serialized_token();
     *anon_token_proto.mutable_serialized_token() = blinded_token;
+    anon_token_proto.set_do_not_use_rsa_public_exponent(true);
     at_sign_response.add_anonymous_tokens()->Swap(&anon_token_proto);
   }
 

diff --git a/quiche/blind_sign_auth/blind_sign_auth_test.cc b/quiche/blind_sign_auth/blind_sign_auth_test.cc
index 56d028c..6330d35 100644
--- a/quiche/blind_sign_auth/blind_sign_auth_test.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth_test.cc

@@ -100,6 +100,7 @@
     EXPECT_EQ(request.public_metadata_info().SerializeAsString(),
               public_metadata_info_.SerializeAsString());
     EXPECT_EQ(request.key_version(), keypair_.second.key_version());
+    EXPECT_EQ(request.do_not_use_rsa_public_exponent(), true);
 
     // Construct AuthAndSignResponse.
     privacy::ppn::AuthAndSignResponse response;