/** * @param keys must be allocated * * @see pbgp_ibe_keypair_init */ void pbgp_ibe_keypair_gen(setup_params_t *setup, uint32_t signer_id, ibe_keypair_t *keys) { assert(keys && setup); unsigned char hash[EVP_MAX_MD_SIZE + 1]; char id0[BUFSIZ], id1[BUFSIZ]; _ibe_get_id_pair(signer_id, id0, sizeof (id0), id1, sizeof (id1)); // // generate public id (key) = identity // keys->pub0 = hash (id0) // memset(hash, 0, sizeof (hash)); element_from_hash(keys->pub0, hash, pbgp_rsa_uhash((unsigned char *) id0, strlen(id0), hash)); // // generate private key from public id // priv0 = pub0 * gamma // with gamma = secret key CA = s // element_mul_zn(keys->priv0, keys->pub0, setup->gamma); // // same goes for id1 // memset(hash, 0, sizeof (hash)); element_from_hash(keys->pub1, hash, pbgp_rsa_uhash((unsigned char *) id1, strlen(id1), hash)); // // generate private key from public id // element_mul_zn(keys->priv1, keys->pub1, setup->gamma); }
int main(int argc,char** argv) { /* arg1 : ID */ if(argc < 2) { showUsage(); exit(0); } pairing_t pairing; element_t s,Sa,Qa; pairing_from_file(pairing,"globalParam/pairingParam"); element_init_G1(Sa,pairing); element_init_G1(Qa,pairing); element_init_Zr(s,pairing); element_from_file(s,"masterKey/s"); element_from_hash(Qa,argv[1],strlen(argv[1])); element_mul_zn(Sa,Qa,s); char loc[100] = "privateKey/"; strcat(loc,argv[1]); strcat(loc,".priv"); element_to_file(Sa,loc); return 0; }
int main(int argc, char **argv) { pairing_t pairing; double time1, time2; element_t P, a, b, c, Ka, Kb, Kc, t1, t2, t3, t4, t5, t6; pbc_demo_pairing_init(pairing, argc, argv); if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric"); element_init_G1(P, pairing); element_init_G1(t1, pairing); element_init_G1(t2, pairing); element_init_G1(t3, pairing); element_init_Zr(a, pairing); element_init_Zr(b, pairing); element_init_Zr(c, pairing); element_init_GT(t4, pairing); element_init_GT(t5, pairing); element_init_GT(t6, pairing); element_init_GT(Ka, pairing); element_init_GT(Kb, pairing); element_init_GT(Kc, pairing); time1 = pbc_get_time(); printf("Joux key agreement between A, B and C.\n"); element_random(P); element_random(a); element_random(b); element_random(c); element_mul_zn(t1, P, a); printf("A sends B and C: aP\n"); element_printf("aP = %B\n", t1); element_mul_zn(t2, P, b); printf("B sends A and C: bP\n"); element_printf("bP = %B\n", t2); element_mul_zn(t3, P, c); printf("C sends A and B: cP\n"); element_printf("cP = %B\n", t3); element_pairing(t4, t2, t3); element_pow_zn(Ka, t4, a); element_printf("Ka = %B\n", Ka); element_pairing(t5, t1, t3); element_pow_zn(Kb, t5, b); element_printf("Kb = %B\n", Kb); element_pairing(t6, t1, t2); element_pow_zn(Kc, t6, c); element_printf("Kc = %B\n", Kc); printf("Shared key K = Ka = Kb = Kc\n"); time2 = pbc_get_time(); printf("All time = %fs\n", time2 - time1); element_clear(P); element_clear(a); element_clear(b); element_clear(c); element_clear(Ka); element_clear(Kb); element_clear(Kc); element_clear(t1); element_clear(t2); element_clear(t3); element_clear(t4); element_clear(t5); element_clear(t6); pairing_clear(pairing); return 0; }
int main(int argc, char **argv) { pairing_t pairing; pbc_demo_pairing_init(pairing, argc, argv); if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric"); double time1, time2; element_t P, Ppub, x, S, H, t1, t2, t3, t4; element_init_Zr(x, pairing); element_init_Zr(H, pairing); element_init_Zr(t1, pairing); element_init_G1(S, pairing); element_init_G1(P, pairing); element_init_G1(Ppub, pairing); element_init_G1(t2, pairing); element_init_GT(t3, pairing); element_init_GT(t4, pairing); printf("ZSS short signature schema\n"); printf("KEYGEN\n"); time1 = pbc_get_time(); element_random(x); element_random(P); element_mul_zn(Ppub, P, x); element_printf("P = %B\n", P); element_printf("x = %B\n", x); element_printf("Ppub = %B\n", Ppub); printf("SIGN\n"); element_from_hash(H, "Message", 7); element_add(t1, H, x); element_invert(t1, t1); element_mul_zn(S, P, t1); printf("Signature of message \"Message\" is:\n"); element_printf("S = %B\n", S); printf("VERIFY\n"); element_from_hash(H, "Message", 7); element_mul_zn(t2, P, H); element_add(t2, t2, Ppub); element_pairing(t3, t2, S); element_pairing(t4, P, P); element_printf("e(H(m)P + Ppub, S) = %B\n", t3); element_printf("e(P, P) = %B\n", t4); if (!element_cmp(t3, t4)) printf("Signature is valid\n"); else printf("Signature is invalid\n"); time2 = pbc_get_time(); printf("All time = %fs\n", time2 - time1); element_clear(P); element_clear(Ppub); element_clear(x); element_clear(S); element_clear(H); element_clear(t1); element_clear(t2); element_clear(t3); element_clear(t4); pairing_clear(pairing); return 0; }
/** * In this scheme every signer can aggregate a signature on a different message. * * This __cannot__ verify multiple messages from the same AS. * * We have __one__ signer -> __one__ message but as the message could be the same * for every signer, we can aggregate on it. * * @param store here we insert all the messages and all the signers * (as we __must__ verify every message of every signer) * * @return 0 if verify = success. * */ int pbgp_ibe_verify(setup_params_t *setup, ibe_signature_t *sign, store_t *store) { assert(sign && setup && store); element_t sumID, sumCi, sumTot, Pubi0, Pubi1, Pm, t1, p1, p2, e1, e2, ci; pairing_pp_t pp1, pp2, pp3; element_init_G1(sumID, setup->pairing); element_init_G1(sumCi, setup->pairing); element_init_G1(sumTot, setup->pairing); element_init_G1(Pubi0, setup->pairing); element_init_G1(Pubi1, setup->pairing); element_init_G1(Pm, setup->pairing); element_init_G1(t1, setup->pairing); element_init_GT(p1, setup->pairing); element_init_GT(p2, setup->pairing); element_init_GT(e1, setup->pairing); element_init_GT(e2, setup->pairing); element_init_Zr(ci, setup->pairing); element_set0(sumID); element_set0(sumCi); // // For each ASNUM in the list // store_iterator_t *iterator = pbgp_store_iterator_open(store); store_key_t key = STORE_KEY_INIT; while (1) { uint32_t id = 0; size_t ksize = 0, dsize = 0; // This mess is to avoid __any__ malloc call >:/ int ret = pbgp_store_iterator_uget_next_size(iterator, &ksize, &dsize); if (ret != 0) { break ; } // compute key data size ksize -= STORE_KEY_METADATA_LENGTH; if (sizeof(id) != ksize) { continue ; } // key buffer unsigned char kbuf[ksize]; memset (kbuf, 0, ksize); key.data = kbuf; key.dsize = sizeof(kbuf); // data buffer unsigned char message[dsize]; memset (message, 0, dsize); // get asnum + message ret = pbgp_store_iterator_uget_next(iterator, &key, message, &dsize); if (ret != 0) { break ; } char id0[BUFSIZ], id1[BUFSIZ]; memcpy(&id, kbuf, sizeof id); _ibe_get_id_pair(id, id0, sizeof (id0), id1, sizeof (id1)); // // Computes public keys for this AS from its identity // unsigned char hash[EVP_MAX_MD_SIZE + 1]; // hash(id0) memset(hash, 0, sizeof (hash)); _element_from_hash(Pubi0, hash, pbgp_rsa_uhash((unsigned char *) id0, strlen(id0), hash)); // hash(id1) memset(hash, 0, sizeof (hash)); _element_from_hash(Pubi1, hash, pbgp_rsa_uhash((unsigned char *) id1, strlen(id1), hash)); // ci = hash(m) memset(hash, 0, sizeof (hash)); element_from_hash(ci, hash, pbgp_rsa_uhash(message, dsize, hash)); // Computes sum(Pi_0) sum(ci * Pi_1) element_mul_zn(t1, Pubi1, ci); element_add(sumID, sumID, Pubi0); element_add(sumCi, sumCi, t1); } pbgp_store_iterator_close(iterator); element_add(sumTot, sumID, sumCi); pairing_pp_init(pp1, sumTot, setup->pairing); pairing_pp_init(pp2, sign->v, setup->pairing); pairing_pp_init(pp3, sign->u, setup->pairing); // e(Q = ibePub, sumTot) pairing_pp_apply(p1, setup->ibePub, pp1); // e(Tn = v, Pw) pairing_pp_apply(p2, sign->w, pp2); // e(Q = ibePub, sumTot) * e(Tn = v, Pw) element_mul(e2, p1, p2); // e(Sn = u, P) pairing_pp_apply(e1, setup->g, pp3); int rv = element_cmp(e1, e2); pairing_pp_clear(pp1); pairing_pp_clear(pp2); pairing_pp_clear(pp3); element_clear(sumID); element_clear(sumCi); element_clear(sumTot); element_clear(t1); element_clear(ci); element_clear(Pubi0); element_clear(Pubi1); element_clear(Pm); element_clear(p1); element_clear(p2); element_clear(e1); element_clear(e2); return rv; }
/** * In this scheme every signer can aggregate a signature on a different message. * * @param sign the computated signature (param modified) * @param m the message to sign * @param mlen message length * * The __caller__ SHOULD add id:message to some storage as we need the aggregate signature * signers id=asnum to vrfy @see pbgp_ibe_vrfy() * * ie. pbgp_store_uput(store, STORE_KEY_SET_DATA(key, ASLIST, signer_id), (void *) m, mlen) * */ void pbgp_ibe_sign(setup_params_t *setup, ibe_keypair_t *key, const unsigned char *m, size_t mlen, ibe_signature_t *sign) { element_t ri, t1, t2, t3, t4, ci; // // Check if this is the first signature // "w must be an unique unseen value" // if (element_is0(sign->w)) { #if HAVE_LIBUUID || HAVE_LIBE2FS_UUID uuid_t uuid; uuid_generate(uuid); element_from_hash(sign->w, uuid, sizeof uuid); #else element_random(sign->w); #endif if (element_is0(sign->w)) { pbgp_fatal("pbgp_ibe_sign :: random"); } } element_init_G1(t1, setup->pairing); element_init_G1(t2, setup->pairing); element_init_G1(t3, setup->pairing); element_init_G1(t4, setup->pairing); element_init_Zr(ri, setup->pairing); element_init_Zr(ci, setup->pairing); // ci = binary_hash(message) unsigned char hash[EVP_MAX_MD_SIZE + 1]; memset(hash, 0, sizeof (hash)); unsigned int len = pbgp_rsa_uhash(m, mlen, hash); element_from_hash(ci, hash, len); // ri = random element element_random(ri); // ri * Pw element_mul_zn(t1, sign->w, ri); // Pi,0 = key->priv0 // Pi,1 = key->priv1 // ci * Pi,1 element_mul_zn(t2, key->priv1, ci); // ri * Pi,0 // element_mul(t5, ri, key->pub0); // ri * Pw + ci * sP(i,1) + sP(i,0) element_add(t3, t1, t2); // Si = ri * Pw + ci * Pi,1 + Pi,0 element_add(t3, t3, key->priv0); // Ti = ri * P element_mul_zn(t4, setup->g, ri); // Sum(sign) for each signature // w is the same for all signers // u = sum(Si) element_add(sign->u, sign->u, t3); // v = sum(Ti) element_add(sign->v, sign->v, t4); element_clear(t1); element_clear(t2); element_clear(t3); element_clear(t4); element_clear(ri); element_clear(ci); }