diff options
author | Gian Demarmels <gian@demarmels.org> | 2021-12-27 16:21:26 +0100 |
---|---|---|
committer | Gian Demarmels <gian@demarmels.org> | 2022-02-04 15:33:09 +0100 |
commit | ca247f6f5821415b8c3437916e473785d6fd6403 (patch) | |
tree | 68327412c22cfe2a6ec387d45b8d0e2d5f841b88 /src/util | |
parent | 3225566c93eceb52078fbe13fc301722f349b2c0 (diff) | |
download | exchange-ca247f6f5821415b8c3437916e473785d6fd6403.tar.xz |
fixed CS signatures and cleanup/refactoring
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/crypto.c | 12 | ||||
-rw-r--r-- | src/util/denom.c | 49 | ||||
-rw-r--r-- | src/util/test_crypto.c | 24 |
3 files changed, 25 insertions, 60 deletions
diff --git a/src/util/crypto.c b/src/util/crypto.c index 03a438d25..1e5033a0c 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -247,7 +247,7 @@ TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs, /** * @brief setup a random planchet * In Case of RSA planchet, the bks gets set - * In Case of Schnorr this will be set in future + * In Case of Clause Schnorr this will be set in future */ void TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps, @@ -307,11 +307,9 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, { va_list ap; va_start (ap, pd); - struct TALER_WithdrawNonce *nonce; struct TALER_DenominationCsPublicR *r_pub; struct TALER_DenominationCsPublicR *blinded_r_pub; - nonce = va_arg (ap, struct TALER_WithdrawNonce *); r_pub = va_arg (ap, struct TALER_DenominationCsPublicR *); blinded_r_pub = va_arg (ap, struct TALER_DenominationCsPublicR *); @@ -322,7 +320,6 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, &coin_pub, c_hash, &pd->blinded_planchet, - nonce, r_pub, blinded_r_pub)) { @@ -373,14 +370,14 @@ TALER_planchet_to_coin ( va_list ap; va_start (ap, coin); - struct TALER_DenominationCsPublicR *r_pub_dash; - r_pub_dash = va_arg (ap, struct TALER_DenominationCsPublicR *); + struct TALER_DenominationCsPublicR *r_pub_blind; + r_pub_blind = va_arg (ap, struct TALER_DenominationCsPublicR *); if (GNUNET_OK != TALER_denom_sig_unblind (&sig, blind_sig, &ps->blinding_key, dk, - r_pub_dash)) + r_pub_blind)) { GNUNET_break_op (0); va_end (ap); @@ -403,6 +400,7 @@ TALER_planchet_to_coin ( TALER_denom_sig_free (&sig); return GNUNET_SYSERR; } + coin->sig = sig; coin->coin_priv = ps->coin_priv; return GNUNET_OK; diff --git a/src/util/denom.c b/src/util/denom.c index ada2289ce..12b499aa0 100644 --- a/src/util/denom.c +++ b/src/util/denom.c @@ -82,25 +82,6 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, enum GNUNET_GenericReturnValue -TALER_denom_cs_derive_r_secret (const struct TALER_WithdrawNonce *nonce, - const struct - TALER_DenominationPrivateKey *denom_priv, - struct TALER_DenominationCsPrivateR *r) -{ - if (denom_priv->cipher != TALER_DENOMINATION_CS) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - - GNUNET_CRYPTO_cs_r_derive (&nonce->nonce, - &denom_priv->details.cs_private_key, - r->r); - return GNUNET_OK; -} - - -enum GNUNET_GenericReturnValue TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce, const struct TALER_DenominationPrivateKey *denom_priv, @@ -216,26 +197,19 @@ TALER_denom_sig_unblind ( { va_list ap; va_start (ap, denom_pub); - struct TALER_DenominationCsPublicR *r_pub_dash; - r_pub_dash = va_arg (ap, struct TALER_DenominationCsPublicR *); + struct TALER_DenominationCsPublicR *r_pub_blind; + r_pub_blind = va_arg (ap, struct TALER_DenominationCsPublicR *); struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, bs); - struct GNUNET_CRYPTO_CsS s_scalar; - GNUNET_CRYPTO_cs_unblind (&bdenom_sig->details.blinded_cs_answer.s_scalar, &bs[bdenom_sig->details.blinded_cs_answer.b], - &s_scalar); - - // TODO: This seems to work, but is this a good idea? - // Not working: - // denom_sig->details.cs_signature.r_point = r_pub_dash->r_pub[bdenom_sig->details.blinded_cs_answer.b]; - GNUNET_memcpy (&denom_sig->details.cs_signature, &s_scalar, sizeof(struct - GNUNET_CRYPTO_CsS)); - GNUNET_memcpy (&denom_sig->details.cs_signature + sizeof(struct - GNUNET_CRYPTO_CsS), - &r_pub_dash->r_pub[bdenom_sig->details.blinded_cs_answer.b], + &denom_sig->details.cs_signature.s_scalar); + + GNUNET_memcpy (&denom_sig->details.cs_signature.r_point, + &r_pub_blind->r_pub[bdenom_sig->details.blinded_cs_answer.b + ], sizeof(struct GNUNET_CRYPTO_CsRPublic)); denom_sig->cipher = TALER_DENOMINATION_CS; @@ -362,16 +336,14 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk, { va_list ap; va_start (ap, blinded_planchet); - struct TALER_WithdrawNonce *nonce; struct TALER_DenominationCsPublicR *r_pub; struct TALER_DenominationCsPublicR *blinded_r_pub; - nonce = va_arg (ap, struct TALER_WithdrawNonce *); r_pub = va_arg (ap, struct TALER_DenominationCsPublicR *); blinded_r_pub = va_arg (ap, struct TALER_DenominationCsPublicR *); struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; - GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce->nonce, bs); + GNUNET_CRYPTO_cs_blinding_secrets_derive (&coin_bks->nonce, bs); GNUNET_CRYPTO_cs_calc_blinded_c (bs, r_pub->r_pub, @@ -422,11 +394,12 @@ TALER_denom_pub_verify (const struct TALER_DenominationPublicKey *denom_pub, if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&denom_sig->details.cs_signature, &denom_pub->details.cs_public_key, - c_hash, - sizeof(*c_hash))) + &c_hash->hash, + sizeof(struct GNUNET_HashCode))) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Coin signature is invalid\n"); + // return GNUNET_YES; return GNUNET_NO; } return GNUNET_YES; diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c index 64958cfc1..760ec0fa3 100644 --- a/src/util/test_crypto.c +++ b/src/util/test_crypto.c @@ -149,7 +149,6 @@ test_planchets_cs (void) struct TALER_WithdrawNonce nonce; struct TALER_DenominationCsPublicR r_pub; struct TALER_DenominationCsPublicR r_pub_blind; - struct TALER_DenominationCsPrivateR priv_r; struct TALER_BlindedDenominationSignature blind_sig; struct TALER_FreshCoin coin; @@ -174,30 +173,25 @@ test_planchets_cs (void) &ps, &c_hash, &pd, - &nonce, &r_pub, &r_pub_blind)); - // TODO: Remove r_secret if not needed - GNUNET_assert (GNUNET_OK == - TALER_denom_cs_derive_r_secret (&nonce, - &dk_priv, - &priv_r)); + GNUNET_assert (GNUNET_OK == TALER_denom_sign_blinded (&blind_sig, &dk_priv, &pd.blinded_planchet, &nonce)); - // GNUNET_assert (GNUNET_OK == - // TALER_planchet_to_coin (&dk_pub, - // &blind_sig, - // &ps, - // &c_hash, - // &coin, - // &r_pub_blind)); + GNUNET_assert (GNUNET_OK == + TALER_planchet_to_coin (&dk_pub, + &blind_sig, + &ps, + &c_hash, + &coin, + &r_pub_blind)); TALER_blinded_denom_sig_free (&blind_sig); - // TALER_denom_sig_free (&coin.sig); + TALER_denom_sig_free (&coin.sig); TALER_denom_priv_free (&dk_priv); TALER_denom_pub_free (&dk_pub); return 0; |