• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //    https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef ANONYMOUS_TOKENS_CPP_PRIVACY_PASS_RSA_BSSA_PUBLIC_METADATA_CLIENT_H_
16 #define ANONYMOUS_TOKENS_CPP_PRIVACY_PASS_RSA_BSSA_PUBLIC_METADATA_CLIENT_H_
17 
18 #include <memory>
19 #include <string>
20 
21 #include "absl/status/status.h"
22 #include "absl/status/statusor.h"
23 #include "absl/strings/string_view.h"
24 #include "anonymous_tokens/cpp/crypto/rsa_blinder.h"
25 #include "anonymous_tokens/cpp/privacy_pass/token_encodings.h"
26 #include <openssl/base.h>
27 
28 
29 namespace anonymous_tokens {
30 
31 class PrivacyPassRsaBssaPublicMetadataClient {
32  public:
33   #ifndef SWIG
34   // PrivacyPassRsaBssaPublicMetadataClient is neither copyable nor copy
35   // assignable.
36   PrivacyPassRsaBssaPublicMetadataClient(
37       const PrivacyPassRsaBssaPublicMetadataClient&) = delete;
38   PrivacyPassRsaBssaPublicMetadataClient& operator=(
39       const PrivacyPassRsaBssaPublicMetadataClient&) = delete;
40   #endif
41   // This method is to be used to create a client as its constructor is private.
42   // It takes as input RSA public key.
43   static absl::StatusOr<
44       std::unique_ptr<PrivacyPassRsaBssaPublicMetadataClient> >
45   Create(const RSA& rsa_public_key);
46 
47   // Method used to create the ExtendedTokenRequest. It takes in the input
48   // "challenge" as an encoded string, "nonce" must a 32 byte random string,
49   // "token_key_id" is the SHA256 digest of the DER encoding of RSA BSSA public
50   // key containing the correct hash functions and salt size and "extensions" is
51   // the structure carrying the public metadata / info.
52   //
53   // https://www.ietf.org/archive/id/draft-hendrickson-privacypass-public-metadata-01.html#name-client-to-issuer-request-2
54   //
55   // CreateTokenRequest must be called before FinalizeToken.
56   absl::StatusOr<ExtendedTokenRequest> CreateTokenRequest(
57       absl::string_view challenge, absl::string_view nonce,
58       absl::string_view token_key_id, const Extensions& extensions);
59 
60   // Method that uses the client state and outputs the final token by unblinding
61   // the "blinded_signature".
62   //
63   // https://www.ietf.org/archive/id/draft-hendrickson-privacypass-public-metadata-01.html#name-finalization-2
64   //
65   // CreateTokenRequest must be called before FinalizeToken.
66   absl::StatusOr<Token> FinalizeToken(absl::string_view blinded_signature);
67 
68   // Method that takes in a token, extensions encoded as a string and the RSA
69   // public key to run the token verification algorithm. It returns an ok status
70   // on success and errs on verification failure.
71   //
72   // https://datatracker.ietf.org/doc/draft-hendrickson-privacypass-public-metadata/
73   static absl::Status Verify(Token token_to_verify,
74                              absl::string_view encoded_extensions,
75                              RSA& rsa_public_key);
76 
77   static constexpr uint16_t kTokenType = 0xDA7A;
78 
79  private:
80   PrivacyPassRsaBssaPublicMetadataClient(int salt_length,
81                                          std::string rsa_modulus,
82                                          std::string rsa_e,
83                                          const EVP_MD* signature_hash_function,
84                                          const EVP_MD* mgf1_hash_function);
85 
86   const int salt_length_;
87   const std::string rsa_modulus_;
88   const std::string rsa_e_;
89   const EVP_MD* const signature_hash_function_;  // Owned by BoringSSL.
90   const EVP_MD* const mgf1_hash_function_;       // Owned by BoringSSL.
91 
92   // RsaBlinder object to generate the token request and finalize the token.
93   // Once CreateTokenRequest is called, this value is initialized and is no
94   // longer a nullptr.
95   std::unique_ptr<RsaBlinder> rsa_blinder_ = nullptr;
96   // This Token object will be finalized and returned when FinalizeToken is
97   // called.
98   Token token_;
99   // String used as input for (1) creating the token and (2) verifying the final
100   // token against, under some fixed input extensions.
101   std::string authenticator_input_;
102 };
103 
104 }  // namespace anonymous_tokens
105 
106 
107 #endif  // ANONYMOUS_TOKENS_CPP_PRIVACY_PASS_RSA_BSSA_PUBLIC_METADATA_CLIENT_H_
108