/**
* @param keys must be allocated
*
* @see pbgp_ibe_keypair_init
*/
void
pbgp_ibe_keypair_gen(setup_params_t *setup, uint32_t signer_id, ibe_keypair_t *keys)
{
assert(keys && setup);
unsigned char hash[EVP_MAX_MD_SIZE + 1];
char id0[BUFSIZ],
id1[BUFSIZ];
_ibe_get_id_pair(signer_id, id0, sizeof (id0), id1, sizeof (id1));
//
// generate public id (key) = identity
// keys->pub0 = hash (id0)
//
memset(hash, 0, sizeof (hash));
element_from_hash(keys->pub0, hash, pbgp_rsa_uhash((unsigned char *) id0, strlen(id0), hash));
//
// generate private key from public id
// priv0 = pub0 * gamma
// with gamma = secret key CA = s
//
element_mul_zn(keys->priv0, keys->pub0, setup->gamma);
//
// same goes for id1
//
memset(hash, 0, sizeof (hash));
element_from_hash(keys->pub1, hash, pbgp_rsa_uhash((unsigned char *) id1, strlen(id1), hash));
//
// generate private key from public id
//
element_mul_zn(keys->priv1, keys->pub1, setup->gamma);
}
int main(int argc,char** argv)
{
/*
arg1 : ID
*/
if(argc < 2)
{
showUsage();
exit(0);
}
pairing_t pairing;
element_t s,Sa,Qa;
pairing_from_file(pairing,"globalParam/pairingParam");
element_init_G1(Sa,pairing);
element_init_G1(Qa,pairing);
element_init_Zr(s,pairing);
element_from_file(s,"masterKey/s");
element_from_hash(Qa,argv[1],strlen(argv[1]));
element_mul_zn(Sa,Qa,s);
char loc[100] = "privateKey/";
strcat(loc,argv[1]);
strcat(loc,".priv");
element_to_file(Sa,loc);
return 0;
}
int main(int argc, char **argv) {
pairing_t pairing;
double time1, time2;
element_t P, a, b, c, Ka, Kb, Kc, t1, t2, t3, t4, t5, t6;
pbc_demo_pairing_init(pairing, argc, argv);
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
element_init_G1(P, pairing);
element_init_G1(t1, pairing);
element_init_G1(t2, pairing);
element_init_G1(t3, pairing);
element_init_Zr(a, pairing);
element_init_Zr(b, pairing);
element_init_Zr(c, pairing);
element_init_GT(t4, pairing);
element_init_GT(t5, pairing);
element_init_GT(t6, pairing);
element_init_GT(Ka, pairing);
element_init_GT(Kb, pairing);
element_init_GT(Kc, pairing);
time1 = pbc_get_time();
printf("Joux key agreement between A, B and C.\n");
element_random(P);
element_random(a);
element_random(b);
element_random(c);
element_mul_zn(t1, P, a);
printf("A sends B and C: aP\n");
element_printf("aP = %B\n", t1);
element_mul_zn(t2, P, b);
printf("B sends A and C: bP\n");
element_printf("bP = %B\n", t2);
element_mul_zn(t3, P, c);
printf("C sends A and B: cP\n");
element_printf("cP = %B\n", t3);
element_pairing(t4, t2, t3);
element_pow_zn(Ka, t4, a);
element_printf("Ka = %B\n", Ka);
element_pairing(t5, t1, t3);
element_pow_zn(Kb, t5, b);
element_printf("Kb = %B\n", Kb);
element_pairing(t6, t1, t2);
element_pow_zn(Kc, t6, c);
element_printf("Kc = %B\n", Kc);
printf("Shared key K = Ka = Kb = Kc\n");
time2 = pbc_get_time();
printf("All time = %fs\n", time2 - time1);
element_clear(P);
element_clear(a);
element_clear(b);
element_clear(c);
element_clear(Ka);
element_clear(Kb);
element_clear(Kc);
element_clear(t1);
element_clear(t2);
element_clear(t3);
element_clear(t4);
element_clear(t5);
element_clear(t6);
pairing_clear(pairing);
return 0;
}
int main(int argc, char **argv) {
pairing_t pairing;
pbc_demo_pairing_init(pairing, argc, argv);
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
double time1, time2;
element_t P, Ppub, x, S, H, t1, t2, t3, t4;
element_init_Zr(x, pairing);
element_init_Zr(H, pairing);
element_init_Zr(t1, pairing);
element_init_G1(S, pairing);
element_init_G1(P, pairing);
element_init_G1(Ppub, pairing);
element_init_G1(t2, pairing);
element_init_GT(t3, pairing);
element_init_GT(t4, pairing);
printf("ZSS short signature schema\n");
printf("KEYGEN\n");
time1 = pbc_get_time();
element_random(x);
element_random(P);
element_mul_zn(Ppub, P, x);
element_printf("P = %B\n", P);
element_printf("x = %B\n", x);
element_printf("Ppub = %B\n", Ppub);
printf("SIGN\n");
element_from_hash(H, "Message", 7);
element_add(t1, H, x);
element_invert(t1, t1);
element_mul_zn(S, P, t1);
printf("Signature of message \"Message\" is:\n");
element_printf("S = %B\n", S);
printf("VERIFY\n");
element_from_hash(H, "Message", 7);
element_mul_zn(t2, P, H);
element_add(t2, t2, Ppub);
element_pairing(t3, t2, S);
element_pairing(t4, P, P);
element_printf("e(H(m)P + Ppub, S) = %B\n", t3);
element_printf("e(P, P) = %B\n", t4);
if (!element_cmp(t3, t4)) printf("Signature is valid\n");
else printf("Signature is invalid\n");
time2 = pbc_get_time();
printf("All time = %fs\n", time2 - time1);
element_clear(P);
element_clear(Ppub);
element_clear(x);
element_clear(S);
element_clear(H);
element_clear(t1);
element_clear(t2);
element_clear(t3);
element_clear(t4);
pairing_clear(pairing);
return 0;
}
/**
* In this scheme every signer can aggregate a signature on a different message.
*
* This __cannot__ verify multiple messages from the same AS.
*
* We have __one__ signer -> __one__ message but as the message could be the same
* for every signer, we can aggregate on it.
*
* @param store here we insert all the messages and all the signers
* (as we __must__ verify every message of every signer)
*
* @return 0 if verify = success.
*
*/
int
pbgp_ibe_verify(setup_params_t *setup, ibe_signature_t *sign, store_t *store)
{
assert(sign && setup && store);
element_t sumID, sumCi, sumTot, Pubi0,
Pubi1, Pm, t1, p1, p2, e1, e2, ci;
pairing_pp_t pp1, pp2, pp3;
element_init_G1(sumID, setup->pairing);
element_init_G1(sumCi, setup->pairing);
element_init_G1(sumTot, setup->pairing);
element_init_G1(Pubi0, setup->pairing);
element_init_G1(Pubi1, setup->pairing);
element_init_G1(Pm, setup->pairing);
element_init_G1(t1, setup->pairing);
element_init_GT(p1, setup->pairing);
element_init_GT(p2, setup->pairing);
element_init_GT(e1, setup->pairing);
element_init_GT(e2, setup->pairing);
element_init_Zr(ci, setup->pairing);
element_set0(sumID);
element_set0(sumCi);
//
// For each ASNUM in the list
//
store_iterator_t *iterator = pbgp_store_iterator_open(store);
store_key_t key = STORE_KEY_INIT;
while (1)
{
uint32_t id = 0;
size_t ksize = 0, dsize = 0;
// This mess is to avoid __any__ malloc call >:/
int ret = pbgp_store_iterator_uget_next_size(iterator, &ksize, &dsize);
if (ret != 0) {
break ;
}
// compute key data size
ksize -= STORE_KEY_METADATA_LENGTH;
if (sizeof(id) != ksize) {
continue ;
}
// key buffer
unsigned char kbuf[ksize];
memset (kbuf, 0, ksize);
key.data = kbuf;
key.dsize = sizeof(kbuf);
// data buffer
unsigned char message[dsize];
memset (message, 0, dsize);
// get asnum + message
ret = pbgp_store_iterator_uget_next(iterator, &key, message, &dsize);
if (ret != 0) {
break ;
}
char id0[BUFSIZ],
id1[BUFSIZ];
memcpy(&id, kbuf, sizeof id);
_ibe_get_id_pair(id, id0, sizeof (id0), id1, sizeof (id1));
//
// Computes public keys for this AS from its identity
//
unsigned char hash[EVP_MAX_MD_SIZE + 1];
// hash(id0)
memset(hash, 0, sizeof (hash));
_element_from_hash(Pubi0, hash, pbgp_rsa_uhash((unsigned char *) id0, strlen(id0), hash));
// hash(id1)
memset(hash, 0, sizeof (hash));
_element_from_hash(Pubi1, hash, pbgp_rsa_uhash((unsigned char *) id1, strlen(id1), hash));
// ci = hash(m)
memset(hash, 0, sizeof (hash));
element_from_hash(ci, hash, pbgp_rsa_uhash(message, dsize, hash));
// Computes sum(Pi_0) sum(ci * Pi_1)
element_mul_zn(t1, Pubi1, ci);
element_add(sumID, sumID, Pubi0);
element_add(sumCi, sumCi, t1);
}
pbgp_store_iterator_close(iterator);
element_add(sumTot, sumID, sumCi);
pairing_pp_init(pp1, sumTot, setup->pairing);
pairing_pp_init(pp2, sign->v, setup->pairing);
pairing_pp_init(pp3, sign->u, setup->pairing);
// e(Q = ibePub, sumTot)
pairing_pp_apply(p1, setup->ibePub, pp1);
// e(Tn = v, Pw)
pairing_pp_apply(p2, sign->w, pp2);
// e(Q = ibePub, sumTot) * e(Tn = v, Pw)
element_mul(e2, p1, p2);
// e(Sn = u, P)
pairing_pp_apply(e1, setup->g, pp3);
int rv = element_cmp(e1, e2);
pairing_pp_clear(pp1);
pairing_pp_clear(pp2);
pairing_pp_clear(pp3);
element_clear(sumID);
element_clear(sumCi);
element_clear(sumTot);
element_clear(t1);
element_clear(ci);
element_clear(Pubi0);
element_clear(Pubi1);
element_clear(Pm);
element_clear(p1);
element_clear(p2);
element_clear(e1);
element_clear(e2);
return rv;
}
/**
* In this scheme every signer can aggregate a signature on a different message.
*
* @param sign the computated signature (param modified)
* @param m the message to sign
* @param mlen message length
*
* The __caller__ SHOULD add id:message to some storage as we need the aggregate signature
* signers id=asnum to vrfy @see pbgp_ibe_vrfy()
*
* ie. pbgp_store_uput(store, STORE_KEY_SET_DATA(key, ASLIST, signer_id), (void *) m, mlen)
*
*/
void
pbgp_ibe_sign(setup_params_t *setup,
ibe_keypair_t *key,
const unsigned char *m,
size_t mlen,
ibe_signature_t *sign)
{
element_t ri, t1, t2, t3, t4, ci;
//
// Check if this is the first signature
// "w must be an unique unseen value"
//
if (element_is0(sign->w)) {
#if HAVE_LIBUUID || HAVE_LIBE2FS_UUID
uuid_t uuid;
uuid_generate(uuid);
element_from_hash(sign->w, uuid, sizeof uuid);
#else
element_random(sign->w);
#endif
if (element_is0(sign->w)) {
pbgp_fatal("pbgp_ibe_sign :: random");
}
}
element_init_G1(t1, setup->pairing);
element_init_G1(t2, setup->pairing);
element_init_G1(t3, setup->pairing);
element_init_G1(t4, setup->pairing);
element_init_Zr(ri, setup->pairing);
element_init_Zr(ci, setup->pairing);
// ci = binary_hash(message)
unsigned char hash[EVP_MAX_MD_SIZE + 1];
memset(hash, 0, sizeof (hash));
unsigned int len = pbgp_rsa_uhash(m, mlen, hash);
element_from_hash(ci, hash, len);
// ri = random element
element_random(ri);
// ri * Pw
element_mul_zn(t1, sign->w, ri);
// Pi,0 = key->priv0
// Pi,1 = key->priv1
// ci * Pi,1
element_mul_zn(t2, key->priv1, ci);
// ri * Pi,0
// element_mul(t5, ri, key->pub0);
// ri * Pw + ci * sP(i,1) + sP(i,0)
element_add(t3, t1, t2);
// Si = ri * Pw + ci * Pi,1 + Pi,0
element_add(t3, t3, key->priv0);
// Ti = ri * P
element_mul_zn(t4, setup->g, ri);
// Sum(sign) for each signature
// w is the same for all signers
// u = sum(Si)
element_add(sign->u, sign->u, t3);
// v = sum(Ti)
element_add(sign->v, sign->v, t4);
element_clear(t1);
element_clear(t2);
element_clear(t3);
element_clear(t4);
element_clear(ri);
element_clear(ci);
}
