Editorial pass over all header files in AT codebase to fix typos and descriptions in comments.
PiperOrigin-RevId: 518078498
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.h b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.h
index 3af0bf7..b2eec59 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.h
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.h
@@ -26,17 +26,17 @@
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blinder.h"
#include "quiche/blind_sign_auth/anonymous_tokens/proto/anonymous_tokens.pb.h"
#include "openssl/rsa.h"
-#include "quiche/common/platform/api/quiche_export.h"
+// #include "quiche/common/platform/api/quiche_export.h"
namespace private_membership {
namespace anonymous_tokens {
-// This class generates AnonymousTokens RSA BSSA
+// This class generates AnonymousTokens RSA blind signatures,
// (https://datatracker.ietf.org/doc/draft-irtf-cfrg-rsa-blind-signatures/)
// blind message signing request and processes the response.
//
-// Each execution of the Anonymous Tokens RSA BSSA protocol requires a new
-// instance of the AnonymousTokensRsaBssaClient.
+// Each execution of the Anonymous Tokens RSA blind signatures protocol requires
+// a new instance of the AnonymousTokensRsaBssaClient.
//
// This class is not thread-safe.
class QUICHE_EXPORT AnonymousTokensRsaBssaClient {
@@ -50,7 +50,8 @@
// sign request and process a response.
//
// This method is to be used to create a client as its constructor is private.
- // It takes as input a public key and relevant parameters.
+ // It takes as input RSABlindSignaturePublicKey which contains the public key
+ // and relevant parameters.
static absl::StatusOr<std::unique_ptr<AnonymousTokensRsaBssaClient>> Create(
const RSABlindSignaturePublicKey& public_key);
@@ -68,8 +69,8 @@
//
// It outputs a vector of a protos where each element contains an input
// plaintext message and associated public metadata (if it exists) along with
- // its final (unblinded) anonymous token resulting from the blind signature
- // protocol.
+ // its final (unblinded) anonymous token resulting from the RSA blind
+ // signatures protocol.
absl::StatusOr<std::vector<RSABlindSignatureTokenWithInput>> ProcessResponse(
const AnonymousTokensSignResponse& response);
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/constants.h b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/constants.h
index 58ea190..4f73afd 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/constants.h
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/constants.h
@@ -27,7 +27,7 @@
// RSA modulus size, 4096 bits
//
-// Recommended size.
+// Our recommended size.
constexpr int kRsaModulusSizeInBits4096 = 4096;
// RSA modulus size, 512 bytes
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/crypto_utils.h b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/crypto_utils.h
index ce96354..c0d8625 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/crypto_utils.h
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/crypto_utils.h
@@ -82,8 +82,8 @@
absl::StatusOr<bssl::UniquePtr<BIGNUM>> QUICHE_EXPORT ComputePowerOfTwo(
int x);
-// ComputeHash sub-routine used druing blindness and verification of RSA PSS
-// AnonymousTokens.
+// ComputeHash sub-routine used during blindness and verification of RSA blind
+// signatures protocol with or without public metadata.
absl::StatusOr<std::string> QUICHE_EXPORT ComputeHash(
absl::string_view input, const EVP_MD& hasher);
@@ -92,7 +92,8 @@
absl::StatusOr<bssl::UniquePtr<BIGNUM>> QUICHE_EXPORT
ComputeCarmichaelLcm(const BIGNUM& phi_p, const BIGNUM& phi_q, BN_CTX& bn_ctx);
-// Converts AnonymousTokens::RSAPrivateKey To bssl::UniquePtr<RSA>
+// Converts AnonymousTokens::RSAPrivateKey to bssl::UniquePtr<RSA> without
+// public metadata augmentation.
absl::StatusOr<bssl::UniquePtr<RSA>> QUICHE_EXPORT
AnonymousTokensRSAPrivateKeyToRSA(const RSAPrivateKey& private_key);
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/proto_utils.h b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/proto_utils.h
index b16bf97..067bf5f 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/proto_utils.h
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/proto_utils.h
@@ -20,22 +20,28 @@
#include "absl/strings/string_view.h"
#include "absl/time/time.h"
#include "quiche/blind_sign_auth/anonymous_tokens/proto/anonymous_tokens.pb.h"
-#include "quiche/common/platform/api/quiche_export.h"
+// #include "quiche/common/platform/api/quiche_export.h"
namespace private_membership {
namespace anonymous_tokens {
+// Returns AnonymousTokensUseCase parsed from a string_view.
absl::StatusOr<AnonymousTokensUseCase> QUICHE_EXPORT ParseUseCase(
absl::string_view use_case);
+// Takes in quiche::protobuf::Timestamp and converts it to absl::Time.
+//
// Timestamp is defined here:
// https://developers.google.com/protocol-buffers/docs/reference/quiche.protobuf#timestamp
absl::StatusOr<absl::Time> QUICHE_EXPORT TimeFromProto(
const quiche::protobuf::Timestamp& proto);
+// Takes in absl::Time and converts it to quiche::protobuf::Timestamp.
+//
// Timestamp is defined here:
// https://developers.google.com/protocol-buffers/docs/reference/quiche.protobuf#timestamp
-absl::StatusOr<quiche::protobuf::Timestamp> QUICHE_EXPORT TimeToProto(absl::Time time);
+absl::StatusOr<quiche::protobuf::Timestamp> QUICHE_EXPORT TimeToProto(
+ absl::Time time);
} // namespace anonymous_tokens
} // namespace private_membership
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/public_metadata_crypto_utils.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/public_metadata_crypto_utils.cc
index ff31e23..8a11dbd 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/public_metadata_crypto_utils.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/public_metadata_crypto_utils.cc
@@ -32,11 +32,12 @@
namespace public_metadata_crypto_utils_internal {
absl::StatusOr<bssl::UniquePtr<BIGNUM>> PublicMetadataHashWithHKDF(
- absl::string_view input, absl::string_view rsa_modulus_str,
+ absl::string_view public_metadata, absl::string_view rsa_modulus_str,
size_t out_len_bytes) {
const EVP_MD* evp_md_sha_384 = EVP_sha384();
// append 0x00 to input
- std::vector<uint8_t> input_buffer(input.begin(), input.end());
+ std::vector<uint8_t> input_buffer(public_metadata.begin(),
+ public_metadata.end());
input_buffer.push_back(0x00);
std::string out_e;
// We set the out_e size beyond out_len_bytes so that out_e bytes are
@@ -146,8 +147,8 @@
if (!rsa_public_key.get()) {
return absl::InternalError(
absl::StrCat("RSA_new failed: ", GetSslErrors()));
- } else if (RSA_set0_key(rsa_public_key.get(), rsa_modulus.get(),
- new_e.get(), nullptr) != kBsslSuccess) {
+ } else if (RSA_set0_key(rsa_public_key.get(), rsa_modulus.get(), new_e.get(),
+ nullptr) != kBsslSuccess) {
return absl::InternalError(
absl::StrCat("RSA_set0_key failed: ", GetSslErrors()));
}
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/public_metadata_crypto_utils.h b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/public_metadata_crypto_utils.h
index 8f3575a..0d00646 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/public_metadata_crypto_utils.h
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/public_metadata_crypto_utils.h
@@ -21,7 +21,7 @@
#include "absl/strings/string_view.h"
#include "quiche/blind_sign_auth/anonymous_tokens/proto/anonymous_tokens.pb.h"
#include "openssl/base.h"
-#include "quiche/common/platform/api/quiche_export.h"
+// #include "quiche/common/platform/api/quiche_export.h"
namespace private_membership {
namespace anonymous_tokens {
@@ -29,23 +29,33 @@
// Internal functions only exposed for testing.
namespace public_metadata_crypto_utils_internal {
-absl::StatusOr<bssl::UniquePtr<BIGNUM>> QUICHE_EXPORT PublicMetadataHashWithHKDF(
- absl::string_view input, absl::string_view rsa_modulus_str,
- size_t out_len_bytes);
+// Outputs a public metadata `hash` using HKDF with the public metadata as
+// input and the rsa modulus as salt. The expected output hash size is passed as
+// out_len_bytes.
+//
+// This method internally calls HKDF with output size of more than
+// out_len_bytes and later truncates the output to out_len_bytes. This is done
+// so that the output is indifferentiable from truly random bytes.
+// https://cfrg.github.io/draft-irtf-cfrg-hash-to-curve/draft-irtf-cfrg-hash-to-curve.html#name-hashing-to-a-finite-field
+absl::StatusOr<bssl::UniquePtr<BIGNUM>> QUICHE_EXPORT
+PublicMetadataHashWithHKDF(absl::string_view public_metadata,
+ absl::string_view rsa_modulus_str,
+ size_t out_len_bytes);
} // namespace public_metadata_crypto_utils_internal
// Compute exponent based only on the public metadata. Assumes that n is a safe
// modulus i.e. it produces a strong RSA key pair. If not, the exponent may be
// invalid.
-absl::StatusOr<bssl::UniquePtr<BIGNUM>> QUICHE_EXPORT PublicMetadataExponent(
- const BIGNUM& n, absl::string_view public_metadata);
+absl::StatusOr<bssl::UniquePtr<BIGNUM>> QUICHE_EXPORT
+PublicMetadataExponent(const BIGNUM& n, absl::string_view public_metadata);
// Computes final exponent by multiplying the public exponent e with the
// exponent derived from public metadata. Assumes that n is a safe modulus i.e.
// it produces a strong RSA key pair. If not, the exponent may be invalid.
-absl::StatusOr<bssl::UniquePtr<BIGNUM>> QUICHE_EXPORT ComputeFinalExponentUnderPublicMetadata(
- const BIGNUM& n, const BIGNUM& e, absl::string_view public_metadata);
+absl::StatusOr<bssl::UniquePtr<BIGNUM>> QUICHE_EXPORT
+ComputeFinalExponentUnderPublicMetadata(const BIGNUM& n, const BIGNUM& e,
+ absl::string_view public_metadata);
// Converts AnonymousTokens RSAPublicKey to RSA under a fixed public_metadata.
//
@@ -54,8 +64,9 @@
//
// TODO(b/271441409): Stop using RSA object from boringssl in
// AnonymousTokensService. Replace with a new internal struct.
-absl::StatusOr<bssl::UniquePtr<RSA>> QUICHE_EXPORT RSAPublicKeyToRSAUnderPublicMetadata(
- const RSAPublicKey& public_key, absl::string_view public_metadata);
+absl::StatusOr<bssl::UniquePtr<RSA>> QUICHE_EXPORT
+RSAPublicKeyToRSAUnderPublicMetadata(const RSAPublicKey& public_key,
+ absl::string_view public_metadata);
} // namespace anonymous_tokens
} // namespace private_membership
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blinder.h b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blinder.h
index e58226f..4ba9c07 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blinder.h
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blinder.h
@@ -26,28 +26,31 @@
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/blinder.h"
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/crypto_utils.h"
#include "quiche/blind_sign_auth/anonymous_tokens/proto/anonymous_tokens.pb.h"
-#include "quiche/common/platform/api/quiche_export.h"
+// #include "quiche/common/platform/api/quiche_export.h"
namespace private_membership {
namespace anonymous_tokens {
-// RsaBlinder is able to blind a token, and unblind it after it has been signed.
+// RsaBlinder `blinds` input messages, and then unblinds them after they are
+// signed.
class QUICHE_EXPORT RsaBlinder : public Blinder {
public:
static absl::StatusOr<std::unique_ptr<RsaBlinder>> New(
const RSABlindSignaturePublicKey& public_key,
absl::string_view public_metadata = "");
- // Blind `message` using n and e derived from an RSA public key.
- // `message` will first be encoded with the EMSA-PSS operation.
- // This encoding operation matches that which is used by RsaVerifier.
+ // Blind `message` using n and e derived from an RSA public key and the public
+ // metadata if applicable.
+ //
+ // Before blinding, the `message` will first be hashed and then encoded with
+ // the EMSA-PSS operation.
absl::StatusOr<std::string> Blind(absl::string_view message) override;
// Unblinds `blind_signature`.
absl::StatusOr<std::string> Unblind(
absl::string_view blind_signature) override;
- // Verifies a signature.
+ // Verifies an `unblinded` signature against the input message.
absl::Status Verify(absl::string_view signature, absl::string_view message);
private:
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/testing_utils.h b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/testing_utils.h
index 933de96..36e5437 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/testing_utils.h
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/testing_utils.h
@@ -25,11 +25,14 @@
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/constants.h"
#include "quiche/blind_sign_auth/anonymous_tokens/proto/anonymous_tokens.pb.h"
#include "openssl/base.h"
-#include "quiche/common/platform/api/quiche_export.h"
+// #include "quiche/common/platform/api/quiche_export.h"
namespace private_membership {
namespace anonymous_tokens {
+// Creates a pair containing a standard RSA Private key and an Anonymous Tokens
+// RSABlindSignaturePublicKey using RSA_F4 (65537) as the public exponent and
+// other input parameters.
absl::StatusOr<std::pair<bssl::UniquePtr<RSA>,
RSABlindSignaturePublicKey>> QUICHE_EXPORT
CreateTestKey(int key_size = 512, HashType sig_hash = AT_HASH_TYPE_SHA384,
@@ -37,6 +40,11 @@
MessageMaskType message_mask_type = AT_MESSAGE_MASK_CONCAT,
int message_mask_size = kRsaMessageMaskSizeInBytes32);
+// Prepares message for signing by computing its hash and then applying the PSS
+// padding to the result by executing RSA_padding_add_PKCS1_PSS_mgf1 from the
+// openssl library, using the input parameters.
+//
+// This is a test function and it skips the message blinding part.
absl::StatusOr<std::string> EncodeMessageForTests(absl::string_view message,
RSAPublicKey public_key,
const EVP_MD* sig_hasher,
diff --git a/quiche/blind_sign_auth/anonymous_tokens/proto/anonymous_tokens.proto b/quiche/blind_sign_auth/anonymous_tokens/proto/anonymous_tokens.proto
index df77b6d..e7a67df 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/proto/anonymous_tokens.proto
+++ b/quiche/blind_sign_auth/anonymous_tokens/proto/anonymous_tokens.proto
@@ -180,7 +180,7 @@
// Version of key used to sign and generate the token.
int64 key_version = 2;
- // Public metadata to be tied to the ciphertext.
+ // Public metadata to be tied to the `blinded message` (serialized_token).
bytes public_metadata = 4;
// Serialization of the token.
@@ -200,13 +200,15 @@
// Version of key used to sign and generate the token.
int64 key_version = 2;
- // Public metadata tied to the ciphertext.
+ // Public metadata tied to the input (serialized_blinded_message) and the
+ // `blinded` signature (serialized_token).
bytes public_metadata = 4;
// The serialized_token in BlindedToken in the AnonymousTokensSignRequest.
bytes serialized_blinded_message = 5;
- // Serialization of the signed token.
+ // Serialization of the signed token. This will have to be `unblinded` by
+ // the user before it can be used / redeemed.
bytes serialized_token = 3;
}
@@ -224,7 +226,8 @@
// redeemed.
int64 key_version = 2;
- // Public metadata to be used for verifying the ciphertext.
+ // Public metadata to be used for redeeming the signature
+ // (serialized_unblinded_token).
bytes public_metadata = 4;
// Serialization of the unblinded anonymous token that needs to be redeemed.
@@ -250,7 +253,8 @@
// Version of key associated with this redeemed anonymous token.
int64 key_version = 4;
- // Public metadata used for verifying the ciphertext.
+ // Public metadata used for verifying the signature
+ // (serialized_unblinded_token).
bytes public_metadata = 5;
// Serialization of this redeemed unblinded anonymous token.