diff options
author | Özgür Kesim <oec-taler@kesim.org> | 2022-03-01 17:02:37 +0100 |
---|---|---|
committer | Özgür Kesim <oec-taler@kesim.org> | 2022-03-01 17:02:37 +0100 |
commit | e9eb00e285c80f63cfc08fdd9ea6707d55162e60 (patch) | |
tree | 82868974066e473a7905ae3e91c230e2eb96d5d3 /src/util/crypto.c | |
parent | 3716592addcac5e31d092a83cf02a0fec57d8743 (diff) | |
download | exchange-e9eb00e285c80f63cfc08fdd9ea6707d55162e60.tar.xz |
Refactoring TALER_AgeCommitment
Instead of a single struct TALER_AgeCommitment, we now use
1. TALER_AgeCommitment for the age mask and list public keys for age
restriciton.
2. TALER_AgeProof for list of private keys for age restriction
3. TALER_AgeCommitmentProof for the aggregation of the former two.
Also, we introduce TALER_AgeAttestation as the EDDSA signature to attest
a particular age group, along with the function prototypes
TALER_age_commitment_attest and TALER_age_commitment_verify.
Diffstat (limited to 'src/util/crypto.c')
-rw-r--r-- | src/util/crypto.c | 113 |
1 files changed, 72 insertions, 41 deletions
diff --git a/src/util/crypto.c b/src/util/crypto.c index bf91b6971..8e6c89aa9 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -459,11 +459,11 @@ TALER_age_commitment_hash ( } GNUNET_assert (__builtin_popcount (commitment->mask.mask) - 1 == - commitment->num_pub); + commitment->num); hash_context = GNUNET_CRYPTO_hash_context_start (); - for (size_t i = 0; i < commitment->num_pub; i++) + for (size_t i = 0; i < commitment->num; i++) { GNUNET_CRYPTO_hash_context_read (hash_context, &commitment->pub[i], @@ -507,7 +507,7 @@ TALER_age_restriction_commit ( const struct TALER_AgeMask *mask, const uint8_t age, const uint64_t salt, - struct TALER_AgeCommitment *new) + struct TALER_AgeCommitmentProof *new) { uint8_t num_pub = __builtin_popcount (mask->mask) - 1; uint8_t num_priv = get_age_group (mask, age) - 1; @@ -519,14 +519,14 @@ TALER_age_restriction_commit ( GNUNET_assert (31 > num_priv); GNUNET_assert (num_priv <= num_pub); - new->mask.mask = mask->mask; - new->num_pub = num_pub; - new->num_priv = num_priv; + new->commitment.mask.mask = mask->mask; + new->commitment.num = num_pub; + new->proof.num = num_priv; - new->pub = GNUNET_new_array ( + new->commitment.pub = GNUNET_new_array ( num_pub, struct TALER_AgeCommitmentPublicKeyP); - new->priv = GNUNET_new_array ( + new->proof.priv = GNUNET_new_array ( num_priv, struct TALER_AgeCommitmentPrivateKeyP); @@ -542,7 +542,7 @@ TALER_age_restriction_commit ( /* Only save the private keys for age groups less than num_priv */ if (i < num_priv) - priv = &new->priv[i]; + priv = &new->proof.priv[i]; if (GNUNET_OK != GNUNET_CRYPTO_kdf (priv, @@ -556,23 +556,23 @@ TALER_age_restriction_commit ( goto FAIL; GNUNET_CRYPTO_eddsa_key_get_public (&priv->eddsa_priv, - &new->pub[i].eddsa_pub); + &new->commitment.pub[i].eddsa_pub); } return GNUNET_OK; FAIL: - GNUNET_free (new->pub); - GNUNET_free (new->priv); + GNUNET_free (new->commitment.pub); + GNUNET_free (new->proof.priv); return GNUNET_SYSERR; } enum GNUNET_GenericReturnValue TALER_age_commitment_derive ( - const struct TALER_AgeCommitment *orig, + const struct TALER_AgeCommitmentProof *orig, const uint64_t salt, - struct TALER_AgeCommitment *new) + struct TALER_AgeCommitmentProof *new) { struct GNUNET_CRYPTO_EccScalar scalar; uint64_t saltBT = htonl (salt); @@ -618,27 +618,30 @@ TALER_age_commitment_derive ( * */ GNUNET_assert (NULL != new); - GNUNET_assert (orig->num_pub == __builtin_popcount (orig->mask.mask) - 1); - GNUNET_assert (orig->num_priv <= orig->num_pub); - - new->mask = orig->mask; - new->num_pub = orig->num_pub; - new->num_priv = orig->num_priv; - new->pub = GNUNET_new_array ( - new->num_pub, + GNUNET_assert (orig->commitment.num== __builtin_popcount ( + orig->commitment.mask.mask) - 1); + GNUNET_assert (orig->proof.num <= orig->commitment.num); + + new->commitment.mask = orig->commitment.mask; + new->commitment.num = orig->commitment.num; + new->proof.num = orig->proof.num; + new->commitment.pub = GNUNET_new_array ( + new->commitment.num, struct TALER_AgeCommitmentPublicKeyP); - new->priv = GNUNET_new_array ( - new->num_priv, + new->proof.priv = GNUNET_new_array ( + new->proof.num, struct TALER_AgeCommitmentPrivateKeyP); /* scalar multiply the public keys on the curve */ - for (size_t i = 0; i < orig->num_pub; i++) + for (size_t i = 0; i < orig->commitment.num; i++) { /* We shift all keys by the same scalar */ struct GNUNET_CRYPTO_EccPoint *p = (struct - GNUNET_CRYPTO_EccPoint *) &orig->pub[i]; + GNUNET_CRYPTO_EccPoint *) &orig-> + commitment.pub[i]; struct GNUNET_CRYPTO_EccPoint *np = (struct - GNUNET_CRYPTO_EccPoint *) &new->pub[i]; + GNUNET_CRYPTO_EccPoint *) &new-> + commitment.pub[i]; if (GNUNET_OK != GNUNET_CRYPTO_ecc_pmul_mpi ( p, @@ -651,7 +654,7 @@ TALER_age_commitment_derive ( /* multiply the private keys */ /* we borough ideas from GNUNET_CRYPTO_ecdsa_private_key_derive */ { - for (size_t i = 0; i < orig->num_priv; i++) + for (size_t i = 0; i < orig->proof.num; i++) { uint8_t dc[32]; gcry_mpi_t f, x, d, n; @@ -664,7 +667,7 @@ TALER_age_commitment_derive ( sizeof(factor)); for (size_t j = 0; j < 32; j++) - dc[i] = orig->priv[i].eddsa_priv.d[31 - j]; + dc[i] = orig->proof.priv[i].eddsa_priv.d[31 - j]; GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc)); d = gcry_mpi_new (256); @@ -672,7 +675,7 @@ TALER_age_commitment_derive ( GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d); for (size_t j = 0; j <32; j++) - new->priv[i].eddsa_priv.d[j] = dc[31 - 1]; + new->proof.priv[i].eddsa_priv.d[j] = dc[31 - 1]; sodium_memzero (dc, sizeof(dc)); gcry_mpi_release (d); @@ -690,8 +693,8 @@ TALER_age_commitment_derive ( return GNUNET_OK; FAIL: - GNUNET_free (new->pub); - GNUNET_free (new->priv); + GNUNET_free (new->commitment.pub); + GNUNET_free (new->proof.priv); return GNUNET_SYSERR; } @@ -703,23 +706,51 @@ TALER_age_commitment_free ( if (NULL == commitment) return; - if (NULL != commitment->priv) + if (NULL != commitment->pub) + { + GNUNET_free (commitment->pub); + commitment->pub = NULL; + } + GNUNET_free (commitment); +} + + +void +TALER_age_proof_free ( + struct TALER_AgeProof *proof) +{ + if (NULL != proof->priv) { GNUNET_CRYPTO_zero_keys ( - commitment->priv, - sizeof(*commitment->priv) * commitment->num_priv); + proof->priv, + sizeof(*proof->priv) * proof->num); - GNUNET_free (commitment->priv); - commitment->priv = NULL; + GNUNET_free (proof->priv); + proof->priv = NULL; } + GNUNET_free (proof); +} - if (NULL != commitment->pub) + +void +TALER_age_commitment_proof_free ( + struct TALER_AgeCommitmentProof *cp) +{ + if (NULL != cp->proof.priv) { - GNUNET_free (commitment->pub); - commitment->priv = NULL; + GNUNET_CRYPTO_zero_keys ( + cp->proof.priv, + sizeof(*cp->proof.priv) * cp->proof.num); + + GNUNET_free (cp->proof.priv); + cp->proof.priv = NULL; } - GNUNET_free (commitment); + if (NULL != cp->commitment.pub) + { + GNUNET_free (cp->commitment.pub); + cp->commitment.pub = NULL; + } } |