Message for validating KFrag is now bytes of constituents instead of a BigNum. Fixes #148.

2018-05-25 14:41:13 -07:00 · 2018-05-25 14:41:13 -07:00 · 8394cf6e44
parent 90240be847
commit 8394cf6e44
3 changed files with 19 additions and 30 deletions
--- a/umbral/_pre.py
+++ b/umbral/_pre.py
@ -73,21 +73,14 @@ def assess_cfrag_correctness(cfrag,
    if cfrag.proof.metadata is not None:
        hash_input += (cfrag.proof.metadata,)
    h = CurveBN.hash(*hash_input, params=params)
-
-    kfrag_signature = cfrag.proof.kfrag_signature
    ########

    ni = cfrag._point_noninteractive
    xcoord = cfrag._point_xcoord
    kfrag_id = cfrag._kfrag_id

-    g = params.g
-
-    signature_input = (kfrag_id, pubkey_a_deleg_point, pubkey_b_point, u1, ni, xcoord)
-    kfrag_signed_message = CurveBN.hash(*signature_input, params=params)
-
-    valid_kfrag_signature = cfrag.proof.kfrag_signature.verify(kfrag_signed_message.to_bytes(),
-                                                               pubkey_a_sig)
+    kfrag_validity_message = bytes().join(bytes(material) for material in (kfrag_id, pubkey_a_deleg_point, pubkey_b_point, u1, ni, xcoord))
+    valid_kfrag_signature = cfrag.proof.kfrag_signature.verify(kfrag_validity_message, pubkey_a_sig)

    z3 = cfrag.proof.bn_sig
    correct_reencryption_of_e = z3 * e == e2 + (h * e1)
@ -121,8 +114,7 @@ def verify_kfrag(kfrag,
    #  We check that the commitment u1 is well-formed
    correct_commitment = u1 == key * u

-    signature_input = (id, pubkey_a_deleg_point, pubkey_b_point, u1, ni, xcoord)
-    message = CurveBN.hash(*signature_input, params=params)
-    valid_kfrag_signature = kfrag.signature.verify(message.to_bytes(), pubkey_a_sig)
+    kfrag_validity_message = bytes().join(bytes(material) for material in (kfrag_id, pubkey_a_deleg_point, pubkey_b_point, u1, ni, xcoord))
+    valid_kfrag_signature = kfrag.signature.verify(kfrag_validity_message, pubkey_a_sig)

    return correct_commitment & valid_kfrag_signature
--- a/umbral/point.py
+++ b/umbral/point.py
@ -224,6 +224,9 @@ class Point(object):
            backend.openssl_assert(res == 1)
        return Point(inv, self.curve_nid, self.group)

+    def __bytes__(self):
+        return self.to_bytes()
+

 def unsafe_hash_to_point(data, params, label=None):
    """
--- a/umbral/pre.py
+++ b/umbral/pre.py
@ -14,10 +14,7 @@ from umbral.keys import UmbralPrivateKey, UmbralPublicKey
 from umbral.params import UmbralParameters
 from umbral.point import Point
 from umbral.signing import Signer
-from umbral.utils import poly_eval, lambda_coeff, kdf, get_curve_keysize_bytes
-
-from io import BytesIO
-
+from umbral.utils import poly_eval, lambda_coeff, kdf
 import os

 CHACHA20_KEY_SIZE = 32
@ -64,7 +61,7 @@ class Capsule(object):
        self._attached_cfrags = list()

    @classmethod
-    def get_size(cls, curve: ec.EllipticCurve=None, activated=False):
+    def get_size(cls, curve: ec.EllipticCurve = None, activated=False):
        """
        Returns the size (in bytes) of a Capsule given the curve.
        If no curve is provided, it will use the default curve.
@ -94,24 +91,23 @@ class Capsule(object):

        if len(capsule_bytes) == cls.get_size(curve, activated=True):
            splitter = BytestringSplitter(
-                (Point, point_size), # point_e
-                (Point, point_size), # point_v
+                (Point, point_size),  # point_e
+                (Point, point_size),  # point_v
                (CurveBN, bn_size),  # bn_sig
-                (Point, point_size), # point_e_prime
-                (Point, point_size), # point_v_prime
+                (Point, point_size),  # point_e_prime
+                (Point, point_size),  # point_v_prime
                (Point, point_size)  # point_noninteractive
            )
        else:
            splitter = BytestringSplitter(
-                (Point, point_size), # point_e
-                (Point, point_size), # point_v
-                (CurveBN, bn_size)   # bn_sig
+                (Point, point_size),  # point_e
+                (Point, point_size),  # point_v
+                (CurveBN, bn_size)  # bn_sig
            )

        components = splitter(capsule_bytes)
        return cls(*components)

-
    def _original_to_bytes(self) -> bytes:
        return bytes().join(c.to_bytes() for c in self.original_components())

@ -291,11 +287,9 @@ def split_rekey(privkey_a_bn: Union[UmbralPrivateKey, CurveBN],

        u1 = rk * u

-        # TODO: change this Schnorr signature for Ed25519 or ECDSA (#97)
-
-        signature_input = (id, pubkey_a_point, pubkey_b_point, u1, ni, xcoord)
-        z1 = CurveBN.hash(*signature_input, params=params)
-        signature = signer_a(z1.to_bytes())
+        kfrag_validity_message = bytes().join(
+            bytes(material) for material in (id, pubkey_a_point, pubkey_b_point, u1, ni, xcoord))
+        signature = signer_a(kfrag_validity_message)

        kfrag = KFrag(id=id, bn_key=rk,
                      point_noninteractive=ni, point_commitment=u1,