From 47985bb2d8733b7647f4b8ebe431634239993a13 Mon Sep 17 00:00:00 2001 From: Csaba Kiraly Date: Wed, 24 Nov 2021 10:47:23 +0100 Subject: [PATCH] remove code of slow RSA based version Removed RSA-based version to ease maintenance, as it is highly unlikely we would use it. Signed-off-by: Csaba Kiraly --- dagger/storageproofs/bigint/bigints2.nim | 46 ------ dagger/storageproofs/bigint/stint2.nim | 22 --- dagger/storageproofs/rsa.nim | 195 ----------------------- dagger/storageproofs/testrsa.nim | 34 ---- 4 files changed, 297 deletions(-) delete mode 100644 dagger/storageproofs/bigint/bigints2.nim delete mode 100644 dagger/storageproofs/bigint/stint2.nim delete mode 100644 dagger/storageproofs/rsa.nim delete mode 100644 dagger/storageproofs/testrsa.nim diff --git a/dagger/storageproofs/bigint/bigints2.nim b/dagger/storageproofs/bigint/bigints2.nim deleted file mode 100644 index 102bfcbd..00000000 --- a/dagger/storageproofs/bigint/bigints2.nim +++ /dev/null @@ -1,46 +0,0 @@ -## Nim-POS -## Copyright (c) 2021 Status Research & Development GmbH -## Licensed under either of -## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE)) -## * MIT license ([LICENSE-MIT](LICENSE-MIT)) -## at your option. -## This file may not be copied, modified, or distributed except according to -## those terms. - -import bigints -export bigints - -func zero*(T: typedesc): T {.inline.} = - bigints.zero - -func one*(T: typedesc): T {.inline.} = - bigints.one - -func mulmod*(a, b, m: BigInt): BigInt = - (a * b) mod m - -proc powmod*(b, e, m: BigInt): BigInt = - assert e >= 0 - var e = e - var b = b - result = bigints.one - while e > 0: - if e mod 2 == 1: - result = (result * b) mod m - e = e div 2 - b = (b.pow 2) mod m - -proc fromBytesBE*(nptr: openArray[byte], nlen: int): BigInt = - result = bigints.zero - for i in 0 ..< nlen: - result = result * 256 + cast[int32](nptr[i]) - -proc to256BytesBE*(n: BigInt): array[256, byte] = - var nn = n - - let nlen = 256 - for i in 0 ..< nlen: - result[nlen - 1 - i] = cast[uint8](nn.limbs[0] mod 256) - nn = nn div 256 - # if nn == 0: - # break diff --git a/dagger/storageproofs/bigint/stint2.nim b/dagger/storageproofs/bigint/stint2.nim deleted file mode 100644 index 700f66a7..00000000 --- a/dagger/storageproofs/bigint/stint2.nim +++ /dev/null @@ -1,22 +0,0 @@ -## Nim-POS -## Copyright (c) 2021 Status Research & Development GmbH -## Licensed under either of -## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE)) -## * MIT license ([LICENSE-MIT](LICENSE-MIT)) -## at your option. -## This file may not be copied, modified, or distributed except according to -## those terms. - -import stint -export stint - -type BigInt* = StUInt[4096] #TODO: check why 2048 is not enough - -proc fromBytesBE*(x: openArray[byte], l: int): BigInt = - result = BigInt.fromBytesBE(x[0..l-1]) - -proc to256BytesBE*(msg: BigInt): array[256, byte] = - stuint(msg, 2048).toBytesBE() - -proc initBigInt*(n: SomeInteger): (BigInt) = - result = stuint(n, BigInt.bits) diff --git a/dagger/storageproofs/rsa.nim b/dagger/storageproofs/rsa.nim deleted file mode 100644 index 3d8f9637..00000000 --- a/dagger/storageproofs/rsa.nim +++ /dev/null @@ -1,195 +0,0 @@ -## Nim-POS -## Copyright (c) 2021 Status Research & Development GmbH -## Licensed under either of -## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE)) -## * MIT license ([LICENSE-MIT](LICENSE-MIT)) -## at your option. -## This file may not be copied, modified, or distributed except according to -## those terms. - -import libp2p/crypto/crypto # for RSA -import bearssl -import nimcrypto # for SHA512 -import random - -import ./bigint/stint2 -#import ./bigint/bigints2 - -const keysize = 2048 -const sectorsperblock = 4.int64 -const bytespersector = 128 -const querylen = 22 -assert bytespersector < keysize div 8 # TODO: not strict - -type ZChar = array[bytespersector, byte] - -proc fromBytesBE(nptr: ptr cuchar, nlen: int): BigInt = - let nptra = cast[ptr array[0xffffffff,byte]](nptr) - result = fromBytesBE(nptra[], nlen) - -proc getSector(f: File, blockid: int64, sectorid: int64, spb: int64): ZChar = - f.setFilePos(blockid * spb + sectorid) - let r = f.readBytes(result, 0, sizeof(result)) - -proc fromBytesBE(sector: ZChar): BigInt = - result = fromBytesBE(sector, sizeof(ZChar)) - -proc getModulus(pubkey: PublicKey): BigInt = - result = fromBytesBE(pubkey.rsakey.key.n, pubkey.rsakey.key.nlen) - -proc getModulus(seckey: PrivateKey): BigInt = - result = fromBytesBE(seckey.rsakey.pubk.n, seckey.rsakey.pubk.nlen) - -proc getPubex(pubkey: PublicKey): BigInt = - ## get RSA E exponent - result = fromBytesBE(pubkey.rsakey.key.e, pubkey.rsakey.key.elen) - -proc getPrivex(seckey: PrivateKey): BigInt = - ## get RSA D exponent - result = fromBytesBE(seckey.rsakey.pexp, seckey.rsakey.pexplen) - -proc rsaDecode(msg: var array[256,byte], ssk: PrivateKey): array[256,byte] = - let RsaPrivate = rsaPrivateGetDefault() - let r = RsaPrivate(cast[ptr cuchar](addr(msg)), addr(ssk.rsakey.seck)) - result = msg - -proc rsaDecode(msg: BigInt, ssk: PrivateKey): BigInt = - assert msg < ssk.getModulus() - var msgarray = msg.to256BytesBE() - let enc = rsaDecode(msgarray, ssk) - result = fromBytesBE(enc, 256) - assert result < ssk.getModulus() - -proc rsaEncode(msg: var array[256,byte], spk: PublicKey): array[256,byte] = - let RsaPublic = rsaPublicGetDefault() - let r = RsaPublic(cast[ptr cuchar](addr(msg)), 256, addr(spk.rsakey.key)) - result = msg - -proc rsaEncode(msg: BigInt, spk: PublicKey): BigInt = - assert msg < spk.getModulus() - var msgarray = msg.to256BytesBE() - let enc = rsaEncode(msgarray, spk) - result = fromBytesBE(enc, 256) - assert result < spk.getModulus() - -type TauZero = object - name: array[512,byte] - n: int64 - u: seq[BigInt] - -type Tau = object - t: TauZero - signature: array[512, byte] - -proc rsaKeygen*(): (PublicKey, PrivateKey) = - let rng = newRng() - var seckey = PrivateKey.random(RSA, rng[], keysize).get() - var pubkey = seckey.getPublicKey().get() - return (pubkey, seckey) - -proc split(f: File): (int64, int64) = - let size = f.getFileSize() - let n = ((size - 1) div (sectorsperblock * sizeof(ZChar))) + 1 - - return (sectorsperblock, n) - -proc hashNameI(name: openArray[byte], i: int64): BigInt = - let hashString = $sha512.digest($name & $i) - return fromBytesBE(cast[seq[byte]](hashString), hashString.len()) # TODO: use better way to convert - -proc generateAuthenticator(i: int64, s: int64, t: TauZero, f: File, ssk: PrivateKey): BigInt = - let N = ssk.getModulus() - - var productory = BigInt.one - for j in 0 ..< s: - productory = mulmod(productory, - powmod(t.u[j], fromBytesBE(getSector(f, i, j, s)), N), - N) - - # result = (hashNameI(t.name, i) * productory).powmod(getPrivex(ssk), N) - result = rsaDecode((hashNameI(t.name, i) * productory) mod N, ssk) - -proc st*(ssk: PrivateKey, filename: string): (Tau, seq[BigInt]) = - let file = open(filename) - let (s, n) = split(file) - var t = TauZero(n: n) - - # generate a random name - for i in 0 ..< 512 : - t.name[i] = rand(byte) - - # generate the coefficient vector for combining sectors of a block: U - for i in 0 ..< s : - t.u.add(initBigInt(rand(uint32))) #TODO: fix limit - - #TODO: sign for tau - let tau = Tau(t: t) - - #generate sigmas - var sigmas: seq[BigInt] - for i in 0 ..< n : - sigmas.add(generateAuthenticator(i, s, t, file, ssk)) #TODO: int64 sizes? - - file.close() - result = (tau, sigmas) - -type QElement = object - I: int64 - V: BigInt - -proc generateQuery*( - tau: Tau, - spk: PublicKey, - l: int = querylen # query elements - ): seq[QElement] = - # verify signature on Tau - - let n = tau.t.n # number of blocks - - for i in 0 ..< l : - var q: QElement - q.I = rand((int)n-1) #TODO: dedup - q.V = initBigInt(rand(uint64)) #TODO: fix range - result.add(q) - -proc generateProof*(q: openArray[QElement], authenticators: openArray[BigInt], spk: PublicKey, filename: string): (seq[BigInt], BigInt) = - let file = open(filename) - let N = spk.getModulus() - let s = sectorsperblock - - var mu: seq[BigInt] - for j in 0 ..< s : - var muj = BigInt.zero - for qelem in q : - let sector = fromBytesBE(getSector(file, qelem.I, j, s)) - muj += qelem.V * sector - #muj = addmod(muj, mulmod(qelem.V, sector, N), N) - mu.add(muj) - - var sigma = BigInt.one - for qelem in q: - sigma = mulmod(sigma, - powmod(authenticators[qelem.I], qelem.V, N), - N) - - file.close() - return (mu, sigma) - -proc verifyProof*(tau: Tau, q: openArray[QElement], mus: openArray[BigInt], sigma: BigInt, spk: PublicKey): bool = - # TODO: check that values are in range - let N = spk.getModulus() - - var first = BigInt.one - for qelem in q : - first = mulmod(first, - powmod(hashNameI(tau.t.name, qelem.I), qelem.V, N), - N) - - let us = tau.t.u - var second = BigInt.one - for j in 0 ..< len(us) : - second = mulmod(second, - powmod(us[j], mus[j], N), - N) - - return mulmod(first, second, N) == rsaEncode(sigma, spk) diff --git a/dagger/storageproofs/testrsa.nim b/dagger/storageproofs/testrsa.nim deleted file mode 100644 index aec82dca..00000000 --- a/dagger/storageproofs/testrsa.nim +++ /dev/null @@ -1,34 +0,0 @@ -## Nim-POS -## Copyright (c) 2021 Status Research & Development GmbH -## Licensed under either of -## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE)) -## * MIT license ([LICENSE-MIT](LICENSE-MIT)) -## at your option. -## This file may not be copied, modified, or distributed except according to -## those terms. - -import rsa -import random - -proc testrsa() : bool = - let (spk, ssk) = rsa.rsaKeygen() - echo "Key generated!" - - let (tau, authenticators) = rsa.st(ssk, "example.txt") - echo "Signed!" - echo "Auth: ", authenticators - - echo "Generating challenge..." - let q = rsa.generateQuery(tau, spk) - echo "Generated!", " q:", q - - echo "Issuing proof..." - let (mu, sigma) = rsa.generateProof(q, authenticators, spk, "example.txt") - echo "Issued!", " mu:", mu, " sigma:", sigma - - echo "Verifying proof..." - result = rsa.verifyProof(tau, q, mu, sigma, spk) - echo "Result: ", result - -randomize() -let r = testrsa()