diff options
author | Gian Demarmels <gian@demarmels.org> | 2021-12-17 14:35:10 +0100 |
---|---|---|
committer | Gian Demarmels <gian@demarmels.org> | 2022-02-04 15:31:45 +0100 |
commit | f3fb7c29e69d38ee77d6214cf001f8e18fa00f2b (patch) | |
tree | fc24c4e9d6159f37601d2e6758e581ff56e29521 /src/include/taler_crypto_lib.h | |
parent | 0a459aeb13a733659266509e011ec4631a95a60f (diff) | |
download | exchange-f3fb7c29e69d38ee77d6214cf001f8e18fa00f2b.tar.xz |
added CS data structures, implemented CS keypair
Diffstat (limited to 'src/include/taler_crypto_lib.h')
-rw-r--r-- | src/include/taler_crypto_lib.h | 206 |
1 files changed, 190 insertions, 16 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 6a805b645..2e0674fb1 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -353,10 +353,16 @@ struct TALER_CoinSpendSignatureP /** * @brief Type of blinding keys for Taler. + * must be 32 bytes */ union TALER_DenominationBlindingKeyP { /** + * Clause Schnorr Signatures have 2 blinding secrets, each containing two unpredictable values. + */ + struct GNUNET_CRYPTO_CsNonce nonce; + + /** * Taler uses RSA for blind signatures. */ struct GNUNET_CRYPTO_RsaBlindingKeySecret rsa_bks; @@ -575,9 +581,9 @@ enum TALER_DenominationCipher TALER_DENOMINATION_RSA = 1, /** - * Clause-Schnorr blind signature. + * Clause Blind Schnorr signature. */ - // TALER_DENOMINATION_CS = 2 + TALER_DENOMINATION_CS = 2 }; @@ -597,6 +603,10 @@ struct TALER_DenominationSignature */ union { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + */ + struct GNUNET_CRYPTO_CsSignature cs_signature; /** * If we use #TALER_DENOMINATION_RSA in @a cipher. @@ -607,6 +617,24 @@ struct TALER_DenominationSignature }; +/** + * The Sign Answer for Clause B lind Schnorr signature. + * The sign operation returns a parameter @param b and the signature + * scalar @param s_scalar. + * The function does not return the whole signature, due to that is only the blinded s_scalar. + */ +struct TALER_BlindedDenominationCsSignAnswer +{ + /** + * To make ROS problem harder, the signer chooses an unpredictable b and only calculates signature of c_b + */ + unsigned int b; + + /** + * The blinded s scalar calculated from c_b + */ + struct GNUNET_CRYPTO_CsBlindS s_scalar; +}; /** * @brief Type for *blinded* denomination signatures for Taler. @@ -625,6 +653,12 @@ struct TALER_BlindedDenominationSignature */ union { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + * At this point only the blinded s scalar is used. + * The final signature consisting of r,s is built after unblinding. + */ + struct TALER_BlindedDenominationCsSignAnswer blinded_cs_answer; /** * If we use #TALER_DENOMINATION_RSA in @a cipher. @@ -657,6 +691,10 @@ struct TALER_DenominationPublicKey */ union { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + */ + struct GNUNET_CRYPTO_CsPublicKey cs_public_key; /** * If we use #TALER_DENOMINATION_RSA in @a cipher. @@ -683,6 +721,10 @@ struct TALER_DenominationPrivateKey */ union { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + */ + struct GNUNET_CRYPTO_CsPrivateKey cs_private_key; /** * If we use #TALER_DENOMINATION_RSA in @a cipher. @@ -692,6 +734,141 @@ struct TALER_DenominationPrivateKey } details; }; +/** + * @brief RSA Parameters to create blinded signature + * + */ +struct TALER_BlindedRsaPlanchet +{ + /** + * blinded message to be signed + * Note: is malloc()'ed! + */ + void *blinded_msg; + + /** + * size of the blinded message to be signed + */ + size_t blinded_msg_size; +}; + + +/** + * @brief CS Parameters to create blinded signature + * + */ +struct TALER_BlindedCsPlanchet +{ + /** + * Withdraw or refresh nonce used for derivation + */ + struct GNUNET_CRYPTO_CsNonce nonce; + + /** + * The Clause Schnorr c_0 and c_1 containing the blinded message + */ + struct GNUNET_CRYPTO_CsC c[2]; +}; + + +/** + * @brief Type including Parameters to create blinded signature + * + */ +struct TALER_BlindedPlanchet +{ + /** + * Type of the sign blinded message + */ + enum TALER_DenominationCipher cipher; + + /** + * Details, depending on @e cipher. + */ + union + { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + */ + struct TALER_BlindedCsPlanchet cs_blinded_planchet; + + /** + * If we use #TALER_DENOMINATION_RSA in @a cipher. + */ + struct TALER_BlindedRsaPlanchet rsa_blinded_planchet; + + } details; +}; + + +/** + * @brief RSA Parameters to create blinded messages + * + */ +struct TALER_DenominationBlindMessageRsaParams +{ + /** + * blinded message to be signed + * Note: is malloc()'ed! + */ + void **coin_ev; + + /** + * size of the blinded message to be signed + */ + size_t *coin_ev_size; +}; + + +/** + * @brief CS Parameters to create blinded messages + * + */ +struct TALER_DenominationBlindMessageCsParams +{ + +}; + +/** + * @brief Type including Parameters to create blinded message + * + */ +struct TALER_DenominationBlindMessageParams +{ + /** + * Details, depending on @e cipher. + */ + union + { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + */ + struct TALER_DenominationBlindMessageCsParams cs_blind_msg_params; + + /** + * If we use #TALER_DENOMINATION_RSA in @a cipher. + */ + struct TALER_DenominationBlindMessageRsaParams rsa_blind_msg_params; + + } details; +}; + +/** + * @brief CS Blinding Secret parameters to derive blinding secrets + * + */ +struct TALER_PlanchetDeriveCsBlindingSecrets +{ + /** + * Secret to derive blinding secrets from + */ + void *secret; + + /** + * size of the secret to derive blinding secrets from + */ + size_t secret_len; +}; /** * @brief Public information about a coin (including the public key @@ -768,7 +945,9 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); * @param[out] bs blinding secret to initialize */ void -TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs); +TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs, + enum TALER_DenominationCipher cipher, + ...); /** @@ -827,8 +1006,7 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk, const struct TALER_AgeHash *age_commitment_hash, const struct TALER_CoinSpendPublicKeyP *coin_pub, struct TALER_CoinPubHash *c_hash, - void **coin_ev, - size_t *coin_ev_size); + struct TALER_BlindedPlanchet *blinded_planchet); /** @@ -843,8 +1021,7 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk, enum GNUNET_GenericReturnValue TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, const struct TALER_DenominationPrivateKey *denom_priv, - void *blinded_msg, - size_t blinded_msg_size); + const struct TALER_BlindedPlanchet *blinded_planchet); /** @@ -1056,7 +1233,7 @@ struct TALER_PlanchetSecretsP struct TALER_CoinSpendPrivateKeyP coin_priv; /** - * The blinding key. + * The blinding key. must be 32 byte */ union TALER_DenominationBlindingKeyP blinding_key; @@ -1080,14 +1257,9 @@ struct TALER_PlanchetDetail struct TALER_DenominationHash denom_pub_hash; /** - * Blinded coin (see GNUNET_CRYPTO_rsa_blind()). Note: is malloc()'ed! + * The blinded planchet */ - void *coin_ev; - - /** - * Number of bytes in @a coin_ev. - */ - size_t coin_ev_size; + struct TALER_BlindedPlanchet blinded_planchet; }; @@ -1224,7 +1396,9 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed, * @param[out] ps value to initialize */ void -TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps); +TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps, + enum TALER_DenominationCipher cipher, + ...); /** |