Automated g4 rollback of changelist 555993058.
*** Reason for rollback ***
Temporarily rolling this back so that Phosphor/Krypton can make appropriate changes in the meanwhile to pass correct boolean value of the newly introduced proto field, from their request creation space to their servers that call AT sign server, so that those servers can forward the correct value to AT sign server.
*** Original change description ***
In the anonymous token RSA blind signature client, stop using RSA public exponent in key derivation to adhere to the latest version of the protocol.
Startblock:
cl-status Boq PrivateMembershipServer contains cl/553200683
cl-status Boq PrivateMembershipServer contains cl/552898843
***
PiperOrigin-RevId: 556874100
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc
index cbc7fb0..3738654 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc
@@ -137,7 +137,6 @@
// Empty public metadata is a valid value.
public_metadata = input.public_metadata();
}
- const bool use_rsa_public_exponent = false;
// Owned by BoringSSL.
ANON_TOKENS_ASSIGN_OR_RETURN(
const EVP_MD* sig_hash,
@@ -151,7 +150,7 @@
auto rsa_bssa_blinder,
RsaBlinder::New(rsa_public_key_proto.n(), rsa_public_key_proto.e(),
sig_hash, mgf1_hash, public_key_.salt_length(),
- use_rsa_public_exponent, public_metadata));
+ /*use_rsa_public_exponent=*/true, public_metadata));
ANON_TOKENS_ASSIGN_OR_RETURN(const std::string blinded_message,
rsa_bssa_blinder->Blind(masked_message));
@@ -169,7 +168,6 @@
blinded_token->set_key_version(public_key_.key_version());
blinded_token->set_serialized_token(blinded_message);
blinded_token->set_public_metadata(input.public_metadata());
- blinded_token->set_do_not_use_rsa_public_exponent(!use_rsa_public_exponent);
blinding_info_map_[blinded_message] = std::move(blinding_info);
}
@@ -237,12 +235,6 @@
anonymous_token.public_metadata()) {
return absl::InvalidArgumentError(
"Response public metadata does not match input.");
- } else if (public_key_.public_metadata_support() &&
- !anonymous_token.do_not_use_rsa_public_exponent()) {
- // Bool do_not_use_rsa_public_exponent does not matter for the non-public
- // metadata version.
- return absl::InvalidArgumentError(
- "Setting do_not_use_rsa_public_exponent to false is deprecated.");
}
// Unblind the blinded anonymous token to obtain the final anonymous token
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc
index 55fbbf3..5602cba 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc
@@ -94,7 +94,6 @@
const AnonymousTokensSignRequest& request, const RSAPrivateKey& private_key,
bool enable_public_metadata = false) {
AnonymousTokensSignResponse response;
- const bool use_rsa_public_exponent = false;
for (const auto& request_token : request.blinded_tokens()) {
auto* response_token = response.add_anonymous_tokens();
response_token->set_use_case(request_token.use_case());
@@ -102,15 +101,13 @@
response_token->set_public_metadata(request_token.public_metadata());
response_token->set_serialized_blinded_message(
request_token.serialized_token());
- response_token->set_do_not_use_rsa_public_exponent(
- !use_rsa_public_exponent);
std::optional<std::string> public_metadata = std::nullopt;
if (enable_public_metadata) {
public_metadata = request_token.public_metadata();
}
ANON_TOKENS_ASSIGN_OR_RETURN(
std::unique_ptr<RsaBlindSigner> blind_signer,
- RsaBlindSigner::New(private_key, use_rsa_public_exponent,
+ RsaBlindSigner::New(private_key, /*use_rsa_public_exponent=*/true,
public_metadata));
ANON_TOKENS_ASSIGN_OR_RETURN(
*response_token->mutable_serialized_token(),
