In the anonymous token RSA blind signature client, stop using RSA public exponent in key derivation to adhere to the latest version of the protocol. Startblock: cl-status Boq PrivateMembershipServer contains cl/553200683 cl-status Boq PrivateMembershipServer contains cl/552898843 PiperOrigin-RevId: 555993058
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc index 3738654..cbc7fb0 100644 --- a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc +++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.cc
@@ -137,6 +137,7 @@ // Empty public metadata is a valid value. public_metadata = input.public_metadata(); } + const bool use_rsa_public_exponent = false; // Owned by BoringSSL. ANON_TOKENS_ASSIGN_OR_RETURN( const EVP_MD* sig_hash, @@ -150,7 +151,7 @@ auto rsa_bssa_blinder, RsaBlinder::New(rsa_public_key_proto.n(), rsa_public_key_proto.e(), sig_hash, mgf1_hash, public_key_.salt_length(), - /*use_rsa_public_exponent=*/true, public_metadata)); + use_rsa_public_exponent, public_metadata)); ANON_TOKENS_ASSIGN_OR_RETURN(const std::string blinded_message, rsa_bssa_blinder->Blind(masked_message)); @@ -168,6 +169,7 @@ blinded_token->set_key_version(public_key_.key_version()); blinded_token->set_serialized_token(blinded_message); blinded_token->set_public_metadata(input.public_metadata()); + blinded_token->set_do_not_use_rsa_public_exponent(!use_rsa_public_exponent); blinding_info_map_[blinded_message] = std::move(blinding_info); } @@ -235,6 +237,12 @@ anonymous_token.public_metadata()) { return absl::InvalidArgumentError( "Response public metadata does not match input."); + } else if (public_key_.public_metadata_support() && + !anonymous_token.do_not_use_rsa_public_exponent()) { + // Bool do_not_use_rsa_public_exponent does not matter for the non-public + // metadata version. + return absl::InvalidArgumentError( + "Setting do_not_use_rsa_public_exponent to false is deprecated."); } // Unblind the blinded anonymous token to obtain the final anonymous token
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc index 5602cba..55fbbf3 100644 --- a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc +++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc
@@ -94,6 +94,7 @@ const AnonymousTokensSignRequest& request, const RSAPrivateKey& private_key, bool enable_public_metadata = false) { AnonymousTokensSignResponse response; + const bool use_rsa_public_exponent = false; for (const auto& request_token : request.blinded_tokens()) { auto* response_token = response.add_anonymous_tokens(); response_token->set_use_case(request_token.use_case()); @@ -101,13 +102,15 @@ response_token->set_public_metadata(request_token.public_metadata()); response_token->set_serialized_blinded_message( request_token.serialized_token()); + response_token->set_do_not_use_rsa_public_exponent( + !use_rsa_public_exponent); std::optional<std::string> public_metadata = std::nullopt; if (enable_public_metadata) { public_metadata = request_token.public_metadata(); } ANON_TOKENS_ASSIGN_OR_RETURN( std::unique_ptr<RsaBlindSigner> blind_signer, - RsaBlindSigner::New(private_key, /*use_rsa_public_exponent=*/true, + RsaBlindSigner::New(private_key, use_rsa_public_exponent, public_metadata)); ANON_TOKENS_ASSIGN_OR_RETURN( *response_token->mutable_serialized_token(),