diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-10-22 22:30:33 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-10-27 09:23:11 +0200 |
| commit | fc371ea18bd891791c02d998447d6db0f403da1f (patch) | |
| tree | eebe92e9ce985c5a98b77c23e42ebacad599f20d /src | |
| parent | 55632b1fbfd5098e3fad6256c0f485cf2a012096 (diff) | |
start to work on transformation
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/taler_crypto_lib.h | 46 | ||||
| -rw-r--r-- | src/util/auditor_signatures.c | 4 | ||||
| -rw-r--r-- | src/util/crypto.c | 81 |
3 files changed, 86 insertions, 45 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index ed6ed36f1..3fe51d79b 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -381,7 +381,7 @@ struct TALER_DenominationHash /** * Actual hash value. */ - struct GNUNET_HashCode data; + struct GNUNET_HashCode hash; }; @@ -394,7 +394,7 @@ struct TALER_PrivateContractHash /** * Actual hash value. */ - struct GNUNET_HashCode data; + struct GNUNET_HashCode hash; }; @@ -407,7 +407,7 @@ struct TALER_ExtensionContractHash /** * Actual hash value. */ - struct GNUNET_HashCode data; + struct GNUNET_HashCode hash; }; @@ -420,7 +420,7 @@ struct TALER_MerchantWireHash /** * Actual hash value. */ - struct GNUNET_HashCode data; + struct GNUNET_HashCode hash; }; @@ -433,7 +433,7 @@ struct TALER_PaytoHash /** * Actual hash value. */ - struct GNUNET_HashCode data; + struct GNUNET_HashCode hash; }; @@ -446,7 +446,20 @@ struct TALER_BlindedCoinHash /** * Actual hash value. */ - struct GNUNET_HashCode data; + struct GNUNET_HashCode hash; +}; + + +/** + * Hash used to represent the hash of the public + * key of a coin (without blinding). + */ +struct TALER_CoinPubHash +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; }; @@ -634,6 +647,21 @@ TALER_denom_priv_to_pub (const struct TALER_DenominationPrivateKey *denom_priv, /** + * Verify signature made with a denomination public key + * over a coin. + * + * @param denom_pub public denomination key + * @param denom_sig signature made with the private key + * @param c_hash hash over the coin + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_denom_pub_verify (const struct TALER_DenominationPublicKey *denom_pub, + const struct TALER_DenominationSignature *denom_sig, + const struct TALER_CoinPubHash *c_hash); + + +/** * Check if a coin is valid; that is, whether the denomination key exists, * is not expired, and the signature is correct. * @@ -846,7 +874,7 @@ TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps); enum GNUNET_GenericReturnValue TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, const struct TALER_PlanchetSecretsP *ps, - struct GNUNET_HashCode *c_hash, + struct TALER_CoinPubHash *c_hash, struct TALER_PlanchetDetail *pd); @@ -865,7 +893,7 @@ enum GNUNET_GenericReturnValue TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk, const struct GNUNET_CRYPTO_RsaSignature *blind_sig, const struct TALER_PlanchetSecretsP *ps, - const struct GNUNET_HashCode *c_hash, + const struct TALER_CoinPubHash *c_hash, struct TALER_FreshCoin *coin); @@ -1886,7 +1914,7 @@ TALER_merchant_wire_signature_make ( * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious */ enum GNUNET_GenericReturnValue -TALER_rsa_blind (const struct GNUNET_HashCode *hash, +TALER_rsa_blind (const struct TALER_CoinPubHash *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, diff --git a/src/util/auditor_signatures.c b/src/util/auditor_signatures.c index b41ce66a8..6ca1b046d 100644 --- a/src/util/auditor_signatures.c +++ b/src/util/auditor_signatures.c @@ -26,7 +26,7 @@ void TALER_auditor_denom_validity_sign ( const char *auditor_url, - const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_DenominationHash *h_denom_pub, const struct TALER_MasterPublicKeyP *master_pub, struct GNUNET_TIME_Absolute stamp_start, struct GNUNET_TIME_Absolute stamp_expire_withdraw, @@ -73,7 +73,7 @@ TALER_auditor_denom_validity_sign ( enum GNUNET_GenericReturnValue TALER_auditor_denom_validity_verify ( const char *auditor_url, - const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_DenominationHash *h_denom_pub, const struct TALER_MasterPublicKeyP *master_pub, struct GNUNET_TIME_Absolute stamp_start, struct GNUNET_TIME_Absolute stamp_expire_withdraw, diff --git a/src/util/crypto.c b/src/util/crypto.c index a7ea4f4c5..5d1f0d08e 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -73,23 +73,26 @@ enum GNUNET_GenericReturnValue TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info, const struct TALER_DenominationPublicKey *denom_pub) { - struct GNUNET_HashCode c_hash; + struct TALER_CoinPubHash c_hash; #if ENABLE_SANITY_CHECKS - struct GNUNET_HashCode d_hash; + struct TALER_DenominationHash d_hash; - GNUNET_CRYPTO_rsa_public_key_hash (denom_pub->rsa_public_key, - &d_hash); + TALER_denom_pub_hash (denom_pub, + &d_hash); GNUNET_assert (0 == GNUNET_memcmp (&d_hash, &coin_public_info->denom_pub_hash)); #endif + // FIXME-Oec: replace with function that + // also hashes the age vector if we have + // one! GNUNET_CRYPTO_hash (&coin_public_info->coin_pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), - &c_hash); + &c_hash.hash); if (GNUNET_OK != - GNUNET_CRYPTO_rsa_verify (&c_hash, - coin_public_info->denom_sig.rsa_signature, - denom_pub->rsa_public_key)) + TALER_denom_pub_verify (denom_pub, + &coin_public_info->denom_sig, + &c_hash)) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "coin signature is invalid\n"); @@ -175,28 +178,35 @@ TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps) enum GNUNET_GenericReturnValue TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, const struct TALER_PlanchetSecretsP *ps, - struct GNUNET_HashCode *c_hash, + struct TALER_CoinPubHash *c_hash, struct TALER_PlanchetDetail *pd) { struct TALER_CoinSpendPublicKeyP coin_pub; GNUNET_CRYPTO_eddsa_key_get_public (&ps->coin_priv.eddsa_priv, &coin_pub.eddsa_pub); + // FIXME-Oec: replace with function that + // also hashes the age vector if we have + // one! GNUNET_CRYPTO_hash (&coin_pub.eddsa_pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), - c_hash); + &c_hash->hash); + // FIXME-Gian/Lucien: this will be the bigger + // change, as you have the extra round trip + // => to be discussed! + GNUNET_assert (TALER_DENOMINATION_RSA == dk->cipher); if (GNUNET_YES != TALER_rsa_blind (c_hash, &ps->blinding_key.bks, - dk->rsa_public_key, + dk->details.rsa_public_key, &pd->coin_ev, &pd->coin_ev_size)) { GNUNET_break_op (0); return GNUNET_SYSERR; } - GNUNET_CRYPTO_rsa_public_key_hash (dk->rsa_public_key, - &pd->denom_pub_hash); + TALER_denom_pub_hash (dk, + &pd->denom_pub_hash); return GNUNET_OK; } @@ -205,24 +215,30 @@ enum GNUNET_GenericReturnValue TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk, const struct GNUNET_CRYPTO_RsaSignature *blind_sig, const struct TALER_PlanchetSecretsP *ps, - const struct GNUNET_HashCode *c_hash, + const struct TALER_CoinPubHash *c_hash, struct TALER_FreshCoin *coin) { - struct GNUNET_CRYPTO_RsaSignature *sig; - - sig = TALER_rsa_unblind (blind_sig, - &ps->blinding_key.bks, - dk->rsa_public_key); + struct TALER_DenominationSignature sig; + + // FIXME-Gian/Lucien: this will be the bigger + // change, as you have the extra round trip + // => to be discussed! + GNUNET_assert (TALER_DENOMINATION_RSA == dk->cipher); + sig.cipher = TALER_DENOMINATION_RSA; + sig.details.rsa_signature + = TALER_rsa_unblind (blind_sig, + &ps->blinding_key.bks, + dk->details.rsa_public_key); if (GNUNET_OK != - GNUNET_CRYPTO_rsa_verify (c_hash, - sig, - dk->rsa_public_key)) + TALER_denom_pub_verify (dk, + &sig, + c_hash)) { GNUNET_break_op (0); - GNUNET_CRYPTO_rsa_signature_free (sig); + GNUNET_CRYPTO_rsa_signature_free (sig.details.rsa_signature); return GNUNET_SYSERR; } - coin->sig.rsa_signature = sig; + coin->sig = sig; coin->coin_priv = ps->coin_priv; return GNUNET_OK; } @@ -250,19 +266,16 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc, hash_context */ for (unsigned int i = 0; i<num_new_coins; i++) { - void *buf; - size_t buf_size; + struct TALER_DenominationHash denom_hash; /* The denomination keys should / must all be identical regardless of what offset we use, so we use [0]. */ GNUNET_assert (kappa > 0); /* sanity check */ - buf_size = GNUNET_CRYPTO_rsa_public_key_encode ( - rcs[0].new_coins[i].dk->rsa_public_key, - &buf); + TALER_denom_pub_hash (rcs[0].new_coins[i].dk, + &denom_hash); GNUNET_CRYPTO_hash_context_read (hash_context, - buf, - buf_size); - GNUNET_free (buf); + &denom_hash, + sizeof (denom_hash)); } /* next, add public key of coin and amount being refreshed */ @@ -301,13 +314,13 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc, enum GNUNET_GenericReturnValue -TALER_rsa_blind (const struct GNUNET_HashCode *hash, +TALER_rsa_blind (const struct TALER_CoinPubHash *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, size_t *buf_size) { - return GNUNET_CRYPTO_rsa_blind (hash, + return GNUNET_CRYPTO_rsa_blind (&hash->hash, bks, pkey, buf, |