diff options
author | Christian Grothoff <christian@grothoff.org> | 2015-03-24 17:13:17 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2015-03-24 17:13:17 +0100 |
commit | f052af1e6bc9532c7a924ca3e8edba2e990b3b83 (patch) | |
tree | 7440e5d69953e657e8cd62a9ee2ba3c9864cdf13 | |
parent | 55959bd01d636d324077d4201df0beca676e8d58 (diff) |
address #3731: no need for session public key or signature
-rw-r--r-- | src/include/taler_crypto_lib.h | 39 | ||||
-rw-r--r-- | src/include/taler_signatures.h | 70 | ||||
-rw-r--r-- | src/mint/taler-mint-httpd_db.c | 9 | ||||
-rw-r--r-- | src/mint/taler-mint-httpd_db.h | 4 | ||||
-rw-r--r-- | src/mint/taler-mint-httpd_refresh.c | 65 | ||||
-rw-r--r-- | src/mint/taler_mintdb_plugin.h | 15 |
6 files changed, 9 insertions, 193 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index a7e902777..3156e63ed 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -94,32 +94,6 @@ struct TALER_MerchantPrivateKey /** - * Type of public keys used by clients to sign - * messages during a melting session. - */ -struct TALER_SessionPublicKey -{ - /** - * Taler uses EdDSA for melting session keys. - */ - struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; -}; - - -/** - * Type of public keys used by clients to sign - * messages during a melting session. - */ -struct TALER_SessionPrivateKey -{ - /** - * Taler uses EdDSA for melting session keys. - */ - struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; -}; - - -/** * Type of transfer public keys used during refresh * operations. */ @@ -148,19 +122,6 @@ struct TALER_TransferPrivateKey /** - * Type of signatures used by clients to sign - * messages during a melting session. - */ -struct TALER_SessionSignature -{ - /** - * Taler uses EdDSA for melting session keys. - */ - struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; -}; - - -/** * Type of online public keys used by the mint to sign * messages. */ diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index fa713dc42..b8fe8a7b7 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -61,28 +61,16 @@ #define TALER_SIGNATURE_REFRESH_MELT_COIN 5 /** - * Signature where the refresh session confirms - * the commits. - */ -#define TALER_SIGNATURE_REFRESH_MELT_SESSION 6 - -/** * Signature where the mint (current signing key) * confirms the no-reveal index for cut-and-choose and * the validity of the melted coins. */ -#define TALER_SIGNATURE_REFRESH_MELT_RESPONSE 7 - -/** - * Signature where coins confirm that they want - * to be melted into a certain session. - */ -#define TALER_SIGNATURE_REFRESH_MELT_CONFIRM 9 +#define TALER_SIGNATURE_REFRESH_MELT_RESPONSE 6 /** * Signature where the Mint confirms a deposit request. */ -#define TALER_SIGNATURE_MINT_DEPOSIT 10 +#define TALER_SIGNATURE_MINT_DEPOSIT 7 /***********************/ @@ -278,40 +266,6 @@ struct RefreshMeltCoinSignature /** - * Message signed by a coin to indicate that the coin should - * be melted. - */ -struct RefreshMeltSessionSignature -{ - /** - * Purpose is #TALER_SIGNATURE_REFRESH_MELT_SESSION - */ - struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - - /** - * Which melting operation should the coin become a part of. - */ - struct GNUNET_HashCode melt_hash; - - /** - * Public key of the refresh session for which - * @e melt_client_signature must be a valid signature. - */ - struct TALER_SessionPublicKey session_key; - - /** - * What is the total value of the coins created during the - * refresh, including melting fee! - */ - struct TALER_AmountNBO amount_with_fee; - - /* FIXME: we should probably also include the value of - the melting fee here as well! */ - -}; - - -/** * Format of the block signed by the Mint in response to a successful * "/refresh/melt" request. Hereby the mint affirms that all of the * coins were successfully melted. This also commits the mint to a @@ -337,26 +291,6 @@ struct RefreshMeltResponseSignatureBody /** - * Message signed by the client requesting the final - * result of the melting operation. - */ -struct RefreshMeltConfirmSignRequestBody -{ - /** - * Purpose is #TALER_SIGNATURE_REFRESH_MELT_CONFIRM. - */ - struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - - // FIXME: We probably need more info in here... - - /** - * Public key the client uses for this session. - */ - struct TALER_SessionPublicKey session_pub; -}; - - -/** * Information about a signing key of the mint. Signing keys are used * to sign mint messages other than coins, i.e. to confirm that a * deposit was successful or that a refresh was accepted. diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c index 7592403da..c18936e1f 100644 --- a/src/mint/taler-mint-httpd_db.c +++ b/src/mint/taler-mint-httpd_db.c @@ -494,7 +494,6 @@ refresh_accept_melts (struct MHD_Connection *connection, struct TALER_MINTDB_Session *session, const struct MintKeyState *key_state, const struct GNUNET_HashCode *session_hash, - const struct TALER_SessionPublicKey *session_pub, const struct TALER_CoinPublicInfo *coin_public_info, const struct MeltDetails *coin_details, uint16_t oldcoin_index) @@ -587,9 +586,6 @@ refresh_accept_melts (struct MHD_Connection *connection, * * @param connection the MHD connection to handle * @param session_hash hash code of the session the coins are melted into - * @param refresh_session_pub public key of the refresh session - * @param client_signature signature of the client (matching @a refresh_session_pub) - * over the melting request * @param num_new_denoms number of entries in @a denom_pubs, size of y-dimension of @commit_coin array * @param denum_pubs public keys of the coins we want to withdraw in the end * @param coin_count number of entries in @a coin_public_infos and @a coin_melt_details, size of y-dimension of @commit_link array @@ -606,8 +602,6 @@ refresh_accept_melts (struct MHD_Connection *connection, int TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, const struct GNUNET_HashCode *session_hash, - const struct TALER_SessionPublicKey *refresh_session_pub, - const struct TALER_SessionSignature *client_signature, unsigned int num_new_denoms, const struct TALER_DenominationPublicKey *denom_pubs, unsigned int coin_count, @@ -665,7 +659,6 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, session, key_state, session_hash, - refresh_session_pub, &coin_public_infos[i], &coin_melt_details[i], i))) @@ -724,8 +717,6 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, /* store 'global' session data */ - refresh_session.melt_sig = *client_signature; - refresh_session.refresh_session_pub = *refresh_session_pub; refresh_session.num_oldcoins = coin_count; refresh_session.num_newcoins = num_new_denoms; refresh_session.kappa = KAPPA; // FIXME... (#3711) diff --git a/src/mint/taler-mint-httpd_db.h b/src/mint/taler-mint-httpd_db.h index edf8248c7..ed96bbd4b 100644 --- a/src/mint/taler-mint-httpd_db.h +++ b/src/mint/taler-mint-httpd_db.h @@ -108,8 +108,6 @@ struct MeltDetails * * @param connection the MHD connection to handle * @param session_hash hash code of the session the coins are melted into - * @param client_signature signature of the client (matching @a refresh_session_pub) - * over the melting request * @param num_new_denoms number of entries in @a denom_pubs, size of y-dimension of @commit_coin array * @param denum_pubs array of public denomination keys for the refresh (?) * @param coin_count number of entries in @a coin_public_infos and @ a coin_melt_details, size of y-dimension of @commit_link array @@ -126,8 +124,6 @@ struct MeltDetails int TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, const struct GNUNET_HashCode *session_hash, - const struct TALER_SessionPublicKey *refresh_session_pub, - const struct TALER_SessionSignature *client_signature, unsigned int num_new_denoms, const struct TALER_DenominationPublicKey *denom_pubs, unsigned int coin_count, diff --git a/src/mint/taler-mint-httpd_refresh.c b/src/mint/taler-mint-httpd_refresh.c index 775ffd4ce..6575f02c9 100644 --- a/src/mint/taler-mint-httpd_refresh.c +++ b/src/mint/taler-mint-httpd_refresh.c @@ -40,13 +40,12 @@ * and then hand things of to execute the melt operation. * * @param connection the MHD connection to handle - * @param refresh_session_pub public key of the melt operation * @param num_new_denoms number of coins to be created, size of y-dimension of @commit_link array * @param denom_pubs array of @a num_new_denoms keys * @param coin_count number of coins to be melted, size of y-dimension of @commit_coin array * @param coin_public_infos array with @a coin_count entries about the coins * @param coin_melt_details array with @a coin_count entries with melting details - * @param commit_hash hash over the data that the client commits to + * @param session_hash hash over the data that the client commits to * @param commit_client_sig signature of the client over this commitment * @param kappa size of x-dimension of @commit_coin and @commit_link arrays * @param commit_coin 2d array of coin commitments (what the mint is to sign @@ -58,21 +57,18 @@ */ static int handle_refresh_melt_binary (struct MHD_Connection *connection, - const struct TALER_SessionPublicKey *refresh_session_pub, unsigned int num_new_denoms, const struct TALER_DenominationPublicKey *denom_pubs, unsigned int coin_count, struct TALER_CoinPublicInfo *coin_public_infos, const struct MeltDetails *coin_melt_details, - const struct GNUNET_HashCode *commit_hash, - const struct TALER_SessionSignature *commit_client_sig, + const struct GNUNET_HashCode *session_hash, unsigned int kappa, struct RefreshCommitCoin *const* commit_coin, struct RefreshCommitLink *const* commit_link) { unsigned int i; - struct RefreshMeltSessionSignature body; struct MintKeyState *key_state; struct TALER_MINT_DenomKeyIssue *dki; struct TALER_Amount cost; @@ -83,27 +79,6 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, struct TALER_Amount fee_melt; struct TALER_Amount total_melt; - /* check that signature from the session public key is ok */ - body.purpose.purpose = htonl (TALER_SIGNATURE_REFRESH_MELT_SESSION); - body.purpose.size = htonl (sizeof (struct RefreshMeltSessionSignature)); - body.melt_hash = *commit_hash; - TALER_amount_hton (&body.amount_with_fee, - &coin_melt_details->melt_amount_with_fee); - - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_REFRESH_MELT_SESSION, - &body.purpose, - &commit_client_sig->eddsa_signature, - &refresh_session_pub->eddsa_pub)) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "signature invalid (did not verify)\n"); - return TALER_MINT_reply_json_pack (connection, - MHD_HTTP_UNAUTHORIZED, - "{s:s}", - "error", - "invalid signature (verification)"); - } GNUNET_assert (GNUNET_OK == TALER_amount_get_zero (MINT_CURRENCY, &total_cost)); @@ -174,9 +149,7 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, "error", "value mismatch"); } return TALER_MINT_db_execute_refresh_melt (connection, - commit_hash, - refresh_session_pub, - commit_client_sig, + session_hash, num_new_denoms, denom_pubs, coin_count, @@ -382,7 +355,6 @@ free_commit_links (struct RefreshCommitLink **commit_link, * #handle_refresh_melt_binary(). * * @param connection the MHD connection to handle - * @param refresh_session_pub public key of the melt operation * @param new_denoms array of denomination keys * @param melt_coins array of coins to melt * @param melt_sig_json signature affirming the melt operation @@ -398,7 +370,6 @@ free_commit_links (struct RefreshCommitLink **commit_link, */ static int handle_refresh_melt_json (struct MHD_Connection *connection, - const struct TALER_SessionPublicKey *refresh_session_pub, const json_t *new_denoms, const json_t *melt_coins, const json_t *melt_sig_json, @@ -420,19 +391,14 @@ handle_refresh_melt_json (struct MHD_Connection *connection, struct TALER_CoinPublicInfo *coin_public_infos; struct MeltDetails *coin_melt_details; unsigned int coin_count; - struct GNUNET_HashCode commit_hash; + struct GNUNET_HashCode session_hash; struct GNUNET_HashContext *hash_context; struct RefreshCommitCoin *commit_coin[kappa]; struct RefreshCommitLink *commit_link[kappa]; - const struct TALER_SessionSignature commit_client_sig; /* For the signature check, we hash most of the inputs together (except for the signatures on the coins). */ hash_context = GNUNET_CRYPTO_hash_context_start (); - GNUNET_CRYPTO_hash_context_read (hash_context, - refresh_session_pub, - sizeof (struct TALER_SessionPublicKey)); - num_new_denoms = json_array_size (new_denoms); denom_pubs = GNUNET_malloc (num_new_denoms * sizeof (struct TALER_DenominationPublicKey)); @@ -625,25 +591,13 @@ handle_refresh_melt_json (struct MHD_Connection *connection, } GNUNET_CRYPTO_hash_context_finish (hash_context, - &commit_hash); - - res = GNUNET_MINT_parse_navigate_json (connection, - commit_signature, - JNAV_FIELD, - "sig", - JNAV_RET_DATA, - &commit_client_sig, - sizeof (struct TALER_SessionSignature)); - - if (GNUNET_OK != res) - return (GNUNET_NO == res) ? MHD_YES : MHD_NO; - + &session_hash); for (i=0;i<coin_count;i++) { /* verify signatures on coins to melt */ res = verify_coin_public_info (connection, - &commit_hash, + &session_hash, &coin_public_infos[i], &coin_melt_details[i]); if (GNUNET_OK != res) @@ -655,14 +609,12 @@ handle_refresh_melt_json (struct MHD_Connection *connection, /* execute commit */ res = handle_refresh_melt_binary (connection, - refresh_session_pub, num_new_denoms, denom_pubs, coin_count, coin_public_infos, coin_melt_details, - &commit_hash, - &commit_client_sig, + &session_hash, kappa, commit_coin, commit_link); @@ -716,10 +668,8 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, unsigned int num_oldcoins; unsigned int num_newcoins; json_t *coin_detail; - struct TALER_SessionPublicKey refresh_session_pub; int res; struct GNUNET_MINT_ParseFieldSpec spec[] = { - TALER_MINT_PARSE_FIXED ("session_pub", &refresh_session_pub), TALER_MINT_PARSE_ARRAY ("new_denoms", &new_denoms), TALER_MINT_PARSE_ARRAY ("melt_coins", &melt_coins), TALER_MINT_PARSE_ARRAY ("melt_signature", &melt_sig_json), @@ -787,7 +737,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, num_oldcoins = json_array_size (coin_detail); res = handle_refresh_melt_json (connection, - &refresh_session_pub, new_denoms, melt_coins, melt_sig_json, diff --git a/src/mint/taler_mintdb_plugin.h b/src/mint/taler_mintdb_plugin.h index 326737e61..d461413f1 100644 --- a/src/mint/taler_mintdb_plugin.h +++ b/src/mint/taler_mintdb_plugin.h @@ -235,21 +235,6 @@ struct Deposit */ struct RefreshSession { - /** - * Signature over the commitments by the client. - */ - struct TALER_SessionSignature commit_sig; - - /** - * Public key the client uses to sign messages in - * this exchange. - */ - struct TALER_SessionPublicKey refresh_session_pub; - - /** - * Signature over the melt by the client. - */ - struct TALER_SessionSignature melt_sig; /** * Number of coins we are melting. |