1 // Copyright 2023 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #ifndef ANONYMOUS_TOKENS_CPP_CRYPTO_RSA_BLIND_SIGNER_H_ 16 #define ANONYMOUS_TOKENS_CPP_CRYPTO_RSA_BLIND_SIGNER_H_ 17 18 #include <memory> 19 #include <string> 20 21 #include "absl/status/statusor.h" 22 #include "absl/strings/string_view.h" 23 #include "anonymous_tokens/cpp/crypto/blind_signer.h" 24 #include "anonymous_tokens/cpp/crypto/crypto_utils.h" 25 #include "anonymous_tokens/proto/anonymous_tokens.pb.h" 26 27 namespace anonymous_tokens { 28 29 // The RSA SSA (Signature Schemes with Appendix) using PSS (Probabilistic 30 // Signature Scheme) encoding is defined at 31 // https://tools.ietf.org/html/rfc8017#section-8.1). This implementation uses 32 // Boring SSL for the underlying cryptographic operations. 33 class RsaBlindSigner : public BlindSigner { 34 public: 35 ~RsaBlindSigner() override = default; 36 RsaBlindSigner(const RsaBlindSigner&) = delete; 37 RsaBlindSigner& operator=(const RsaBlindSigner&) = delete; 38 39 // Passing of public_metadata is optional. If it is set to any value including 40 // an empty string, RsaBlindSigner will assume that partially blind RSA 41 // signature protocol is being executed. 42 // 43 // If public metadata is passed and the boolean "use_rsa_public_exponent" is 44 // set to false, the public exponent in the signing_key is not used in any 45 // computations in the protocol. 46 // 47 // Setting "use_rsa_public_exponent" to true is deprecated. All new users 48 // should set it to false. 49 static absl::StatusOr<std::unique_ptr<RsaBlindSigner>> New( 50 const RSAPrivateKey& signing_key, bool use_rsa_public_exponent, 51 std::optional<absl::string_view> public_metadata = std::nullopt); 52 53 // Computes the signature for 'blinded_data'. 54 absl::StatusOr<std::string> Sign( 55 absl::string_view blinded_data) const override; 56 57 private: 58 // Use New to construct. 59 RsaBlindSigner(std::optional<absl::string_view> public_metadata, 60 bssl::UniquePtr<RSA> rsa_private_key); 61 62 const std::optional<std::string> public_metadata_; 63 64 // In case public metadata is passed to RsaBlindSigner::New, rsa_private_key_ 65 // will be initialized using RSA_new_private_key_large_e method. 66 const bssl::UniquePtr<RSA> rsa_private_key_; 67 }; 68 69 } // namespace anonymous_tokens 70 71 #endif // ANONYMOUS_TOKENS_CPP_CRYPTO_RSA_BLIND_SIGNER_H_ 72