Bumps CIRCL with RFC9474-compatible version of blindrsa.

go.mod

@@ -4,13 +4,13 @@ go 1.18
 
 require (
 	github.com/cisco/go-hpke v0.0.0-20210524174249-dd22b38cf960
-	github.com/cloudflare/circl v1.3.2
+	github.com/cloudflare/circl v1.3.6
 	golang.org/x/crypto v0.17.0
 )
 
 require (
 	git.schwanenlied.me/yawning/x448.git v0.0.0-20170617130356-01b048fb03d6 // indirect
-	github.com/bwesterb/go-ristretto v1.2.2 // indirect
+	github.com/bwesterb/go-ristretto v1.2.3 // indirect
 	github.com/cisco/go-tls-syntax v0.0.0-20200617162716-46b0cfb76b9b // indirect
 	golang.org/x/sys v0.15.0 // indirect
 )

go.sum

@@ -1,14 +1,14 @@
 git.schwanenlied.me/yawning/x448.git v0.0.0-20170617130356-01b048fb03d6 h1:w8IZgCntCe0RuBJp+dENSMwEBl/k8saTgJ5hPca5IWw=
 git.schwanenlied.me/yawning/x448.git v0.0.0-20170617130356-01b048fb03d6/go.mod h1:wQaGCqEu44ykB17jZHCevrgSVl3KJnwQBObUtrKU4uU=
-github.com/bwesterb/go-ristretto v1.2.2 h1:S2C0mmSjCLS3H9+zfXoIoKzl+cOncvBvt6pE+zTm5Ms=
-github.com/bwesterb/go-ristretto v1.2.2/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/bwesterb/go-ristretto v1.2.3 h1:1w53tCkGhCQ5djbat3+MH0BAQ5Kfgbt56UZQ/JMzngw=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cisco/go-hpke v0.0.0-20210524174249-dd22b38cf960 h1:eh0zzzreqmFagQ5lzYQmVUrPqJ9moWAn7zz4NiEqsGA=
 github.com/cisco/go-hpke v0.0.0-20210524174249-dd22b38cf960/go.mod h1:RSsoIHRMBe69FbF/fIbmWYa3rrC6vuPyC0MbNUpel3Q=
 github.com/cisco/go-tls-syntax v0.0.0-20200617162716-46b0cfb76b9b h1:Ves2turKTX7zruivAcUOQg155xggcbv3suVdbKCBQNM=
 github.com/cisco/go-tls-syntax v0.0.0-20200617162716-46b0cfb76b9b/go.mod h1:0AZAV7lYvynZQ5ErHlGMKH+4QYMyNCFd+AiL9MlrCYA=
 github.com/cloudflare/circl v1.0.0/go.mod h1:MhjB3NEEhJbTOdLLq964NIUisXDxaE1WkQPUxtgZXiY=
-github.com/cloudflare/circl v1.3.2 h1:VWp8dY3yH69fdM7lM6A1+NhhVoDu9vqK0jOgmkQHFWk=
-github.com/cloudflare/circl v1.3.2/go.mod h1:+CauBF6R70Jqcyl8N2hC8pAXYbWkGIezuSbuGLtRhnw=
+github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg=
+github.com/cloudflare/circl v1.3.6/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

tokens/type2/client.go

@@ -7,7 +7,6 @@ import (
 	"crypto/sha256"
 	"crypto/sha512"
 
-	"github.com/cloudflare/circl/blindsign"
 	"github.com/cloudflare/circl/blindsign/blindrsa"
 	"github.com/cloudflare/pat-go/tokens"
 )
@@ -23,7 +22,7 @@ type BasicPublicTokenRequestState struct {
 	tokenInput      []byte
 	request         *BasicPublicTokenRequest
 	verificationKey *rsa.PublicKey
-	verifier        blindsign.VerifierState
+	verifier        blindrsa.VerifierState
 }
 
 func (s BasicPublicTokenRequestState) Request() *BasicPublicTokenRequest {
@@ -63,7 +62,7 @@ func (s BasicPublicTokenRequestState) FinalizeToken(blindSignature []byte) (toke
 
 // https://ietf-wg-privacypass.github.io/base-drafts/caw/pp-issuance/draft-ietf-privacypass-protocol.html#name-issuance-protocol-for-publi
 func (c BasicPublicClient) CreateTokenRequest(challenge, nonce []byte, tokenKeyID []byte, tokenKey *rsa.PublicKey) (BasicPublicTokenRequestState, error) {
-	verifier := blindrsa.NewRSAVerifier(tokenKey, crypto.SHA384)
+	verifier := blindrsa.NewVerifier(tokenKey, crypto.SHA384)
 
 	context := sha256.Sum256(challenge)
 	token := tokens.Token{
@@ -96,7 +95,7 @@ func (c BasicPublicClient) CreateTokenRequest(challenge, nonce []byte, tokenKeyI
 }
 
 func (c BasicPublicClient) CreateTokenRequestWithBlind(challenge, nonce []byte, tokenKeyID []byte, tokenKey *rsa.PublicKey, blind, salt []byte) (BasicPublicTokenRequestState, error) {
-	verifier := blindrsa.NewRSAVerifier(tokenKey, crypto.SHA384)
+	verifier := blindrsa.NewVerifier(tokenKey, crypto.SHA384)
 
 	context := sha256.Sum256(challenge)
 	token := tokens.Token{

tokens/type2/issuer.go

@@ -32,7 +32,7 @@ func (i *BasicPublicIssuer) TokenKeyID() []byte {
 }
 
 func (i BasicPublicIssuer) Evaluate(req *BasicPublicTokenRequest) ([]byte, error) {
-	signer := blindrsa.NewRSASigner(i.tokenKey)
+	signer := blindrsa.NewSigner(i.tokenKey)
 	blindSignature, err := signer.BlindSign(req.BlindedReq)
 	if err != nil {
 		return nil, err

tokens/type3/client.go

@@ -9,7 +9,6 @@ import (
 	"crypto/sha512"
 
 	hpke "github.com/cisco/go-hpke"
-	"github.com/cloudflare/circl/blindsign"
 	"github.com/cloudflare/circl/blindsign/blindrsa"
 	"github.com/cloudflare/pat-go/ecdsa"
 	"github.com/cloudflare/pat-go/tokens"
@@ -99,7 +98,7 @@ type RateLimitedTokenRequestState struct {
 	encapEnc          []byte
 	nameKey           EncapKey
 	verificationKey   *rsa.PublicKey
-	verifier          blindsign.VerifierState
+	verifier          blindrsa.VerifierState
 }
 
 func (s RateLimitedTokenRequestState) Request() *RateLimitedTokenRequest {
@@ -191,7 +190,7 @@ func (c RateLimitedClient) CreateTokenRequest(challenge, nonce, blindKeyEnc []by
 	}
 	blindedPublicKeyEnc := elliptic.MarshalCompressed(c.curve, blindedPublicKey.X, blindedPublicKey.Y)
 
-	verifier := blindrsa.NewRSAVerifier(tokenKey, crypto.SHA384)
+	verifier := blindrsa.NewVerifier(tokenKey, crypto.SHA384)
 
 	context := sha256.Sum256(challenge)
 	token := tokens.Token{

tokens/type3/issuer.go

@@ -198,7 +198,7 @@ func (i RateLimitedIssuer) Evaluate(encodedRequest []byte) ([]byte, []byte, erro
 	blindedRequestKeyEnc := elliptic.MarshalCompressed(i.curve, blindedRequestKey.X, blindedRequestKey.Y)
 
 	// Compute the blinded signature
-	signer := blindrsa.NewRSASigner(i.tokenKey)
+	signer := blindrsa.NewSigner(i.tokenKey)
 	blindSignature, err := signer.BlindSign(originTokenRequest.blindedMsg)
 	if err != nil {
 		return nil, nil, err