var (
// ErrInvalidPrivateKey is the error used if a private key is invalid
ErrInvalidPrivateKey = errors.New("blindsign/blindrsa/partiallyblindrsa: invalid private key")
ErrUnexpectedSize = common.ErrUnexpectedSize
ErrInvalidMessageLength = common.ErrInvalidMessageLength
ErrInvalidRandomness = common.ErrInvalidRandomness
)
An Signer represents the Signer in the blind RSA protocol. It carries the raw RSA private key used for signing blinded messages.
type Signer struct {
// contains filtered or unexported fields
}
func NewSigner(sk *rsa.PrivateKey, h crypto.Hash) (Signer, error)
NewSigner creates a new Signer for the blind RSA protocol using an RSA private key.
func (signer Signer) BlindSign(data, metadata []byte) ([]byte, error)
BlindSign blindly computes the RSA operation using the Signer's private key on the blinded message input, if it's of valid length, and returns an error should the function fail.
See the specification for more details: https://datatracker.ietf.org/doc/html/draft-amjad-cfrg-partially-blind-rsa-00#name-blindsign
Verifier is a type that implements the client side of the partially blind RSA protocol, described in https://datatracker.ietf.org/doc/html/draft-amjad-cfrg-partially-blind-rsa-00
type Verifier interface {
// Blind initializes the partially blind RSA protocol using an input message and source of
// randomness. The signature includes a randomly generated PSS salt whose length equals the
// size of the underlying hash function. This function fails if randomness was not provided.
Blind(random io.Reader, message, metadata []byte) ([]byte, VerifierState, error)
// FixedBlind initializes the partially blind RSA protocol using an input message, metadata, and randomness values.
FixedBlind(message, metadata, salt, blind, blindInv []byte) ([]byte, VerifierState, error)
// Verify verifies the input (message, signature) pair using the augmented public key
// and produces an error upon failure.
Verify(message, signature, metadata []byte) error
// Hash returns the hash function associated with the Verifier.
Hash() hash.Hash
}
func NewVerifier(pk *rsa.PublicKey, hash crypto.Hash) Verifier
NewVerifier creates a new PBRSAVerifier using the corresponding Signer parameters. This corresponds to the RSAPBSSA-SHA384-PSS-Deterministic variant. See the specification for more details: https://datatracker.ietf.org/doc/html/draft-amjad-cfrg-partially-blind-rsa#name-rsapbssa-variants
A VerifierState carries state needed to complete the blind signature protocol as a verifier.
type VerifierState struct {
// contains filtered or unexported fields
}
func (state VerifierState) CopyBlind() []byte
CopyBlind returns an encoding of the blind value used in the protocol.
func (state VerifierState) CopySalt() []byte
CopySalt returns an encoding of the per-message salt used in the protocol.
func (state VerifierState) Finalize(data []byte) ([]byte, error)
Finalize computes and outputs the final signature, if it's valid. Otherwise, it returns an error.
See the specification for more details: https://datatracker.ietf.org/doc/html/draft-amjad-cfrg-partially-blind-rsa-00#name-finalize