diff options
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/crypto.c | 142 | ||||
-rw-r--r-- | src/util/denom.c | 175 | ||||
-rw-r--r-- | src/util/taler-exchange-secmod-cs.c | 6 | ||||
-rw-r--r-- | src/util/test_crypto.c | 34 | ||||
-rw-r--r-- | src/util/wallet_signatures.c | 48 |
5 files changed, 225 insertions, 180 deletions
diff --git a/src/util/crypto.c b/src/util/crypto.c index 1b486d404..13b9188c5 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -246,90 +246,6 @@ TALER_cs_refresh_nonce_derive ( } -void -TALER_planchet_blinding_secret_create ( - const struct TALER_PlanchetMasterSecretP *ps, - const struct TALER_ExchangeWithdrawValues *alg_values, - union TALER_DenominationBlindingKeyP *bks) -{ - switch (alg_values->cipher) - { - case TALER_DENOMINATION_INVALID: - GNUNET_break (0); - return; - case TALER_DENOMINATION_RSA: - GNUNET_assert (GNUNET_YES == - GNUNET_CRYPTO_kdf (&bks->rsa_bks, - sizeof (bks->rsa_bks), - "bks", - strlen ("bks"), - ps, - sizeof(*ps), - NULL, - 0)); - return; - case TALER_DENOMINATION_CS: - GNUNET_assert (GNUNET_YES == - GNUNET_CRYPTO_kdf (&bks->nonce, - sizeof (bks->nonce), - "bseed", - strlen ("bseed"), - ps, - sizeof(*ps), - &alg_values->details.cs_values, - sizeof(alg_values->details.cs_values), - NULL, - 0)); - return; - default: - GNUNET_break (0); - } -} - - -// FIXME: move to denom.c? -void -TALER_planchet_setup_coin_priv ( - const struct TALER_PlanchetMasterSecretP *ps, - const struct TALER_ExchangeWithdrawValues *alg_values, - struct TALER_CoinSpendPrivateKeyP *coin_priv) -{ - switch (alg_values->cipher) - { - case TALER_DENOMINATION_RSA: - GNUNET_assert (GNUNET_YES == - GNUNET_CRYPTO_kdf (coin_priv, - sizeof (*coin_priv), - "coin", - strlen ("coin"), - ps, - sizeof(*ps), - NULL, - 0)); - break; - case TALER_DENOMINATION_CS: - GNUNET_assert (GNUNET_YES == - GNUNET_CRYPTO_kdf (coin_priv, - sizeof (*coin_priv), - "coin", - strlen ("coin"), - ps, - sizeof(*ps), - &alg_values->details.cs_values, - sizeof(alg_values->details.cs_values), - NULL, - 0)); - break; - default: - GNUNET_break (0); - return; - } - coin_priv->eddsa_priv.d[0] &= 248; - coin_priv->eddsa_priv.d[31] &= 127; - coin_priv->eddsa_priv.d[31] |= 64; -} - - enum GNUNET_GenericReturnValue TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, const struct TALER_ExchangeWithdrawValues *alg_values, @@ -369,26 +285,6 @@ TALER_planchet_detail_free (struct TALER_PlanchetDetail *pd) } -void -TALER_blinded_planchet_free (struct TALER_BlindedPlanchet *blinded_planchet) -{ - switch (blinded_planchet->cipher) - { - case TALER_DENOMINATION_RSA: - GNUNET_free (blinded_planchet->details.rsa_blinded_planchet.blinded_msg); - break; - case TALER_DENOMINATION_CS: - memset (blinded_planchet, - 0, - sizeof (*blinded_planchet)); - /* nothing to do for CS */ - break; - default: - GNUNET_break (0); - } -} - - enum GNUNET_GenericReturnValue TALER_planchet_to_coin ( const struct TALER_DenominationPublicKey *dk, @@ -498,44 +394,6 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc, } -enum GNUNET_GenericReturnValue -TALER_coin_ev_hash (const struct TALER_BlindedPlanchet *blinded_planchet, - const struct TALER_DenominationHash *denom_hash, - struct TALER_BlindedCoinHash *bch) -{ - struct GNUNET_HashContext *hash_context; - - hash_context = GNUNET_CRYPTO_hash_context_start (); - GNUNET_CRYPTO_hash_context_read (hash_context, - denom_hash, - sizeof(*denom_hash)); - switch (blinded_planchet->cipher) - { - case TALER_DENOMINATION_RSA: - GNUNET_CRYPTO_hash_context_read ( - hash_context, - blinded_planchet->details.rsa_blinded_planchet.blinded_msg, - blinded_planchet->details.rsa_blinded_planchet.blinded_msg_size); - break; - case TALER_DENOMINATION_CS: - // FIXME: simplifies once 'nonce' is removed - // from TALER_BlindedCsPlanchet! - GNUNET_CRYPTO_hash_context_read ( - hash_context, - &blinded_planchet->details.cs_blinded_planchet.c[0], - sizeof (struct GNUNET_CRYPTO_CsC) * 2); - break; - default: - GNUNET_break (0); - GNUNET_CRYPTO_hash_context_abort (hash_context); - return GNUNET_SYSERR; - } - GNUNET_CRYPTO_hash_context_finish (hash_context, - &bch->hash); - return GNUNET_OK; -} - - void TALER_coin_pub_hash (const struct TALER_CoinSpendPublicKeyP *coin_pub, const struct TALER_AgeHash *age_commitment_hash, diff --git a/src/util/denom.c b/src/util/denom.c index 68ad04f39..ee488192b 100644 --- a/src/util/denom.c +++ b/src/util/denom.c @@ -83,28 +83,6 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, enum GNUNET_GenericReturnValue -TALER_denom_cs_derive_r_public (const struct TALER_CsNonce *nonce, - const struct - TALER_DenominationPrivateKey *denom_priv, - struct TALER_DenominationCSPublicRPairP *r_pub) -{ - if (denom_priv->cipher != TALER_DENOMINATION_CS) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - - struct GNUNET_CRYPTO_CsRSecret r[2]; - GNUNET_CRYPTO_cs_r_derive (&nonce->nonce, - &denom_priv->details.cs_private_key, - r); - GNUNET_CRYPTO_cs_r_get_public (&r[0], &r_pub->r_pub[0]); - GNUNET_CRYPTO_cs_r_get_public (&r[1], &r_pub->r_pub[1]); - return GNUNET_OK; -} - - -enum GNUNET_GenericReturnValue TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, const struct TALER_DenominationPrivateKey *denom_priv, const struct TALER_BlindedPlanchet *blinded_planchet) @@ -112,13 +90,11 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, memset (denom_sig, 0, sizeof (*denom_sig)); - if (blinded_planchet->cipher != denom_priv->cipher) { GNUNET_break (0); return GNUNET_SYSERR; } - switch (denom_priv->cipher) { case TALER_DENOMINATION_INVALID: @@ -140,11 +116,11 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, case TALER_DENOMINATION_CS: { struct GNUNET_CRYPTO_CsRSecret r[2]; + GNUNET_CRYPTO_cs_r_derive ( &blinded_planchet->details.cs_blinded_planchet.nonce.nonce, &denom_priv->details.cs_private_key, r); - denom_sig->details.blinded_cs_answer.b = GNUNET_CRYPTO_cs_sign_derive (&denom_priv->details.cs_private_key, r, @@ -154,7 +130,6 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, cs_blinded_planchet.nonce.nonce, &denom_sig->details.blinded_cs_answer. s_scalar); - denom_sig->cipher = TALER_DENOMINATION_CS; } return GNUNET_OK; @@ -268,8 +243,8 @@ TALER_denom_pub_hash (const struct TALER_DenominationPublicKey *denom_pub, htonl (denom_pub->age_mask.mask), htonl ((uint32_t) denom_pub->cipher) }; - struct GNUNET_HashContext *hc; + hc = GNUNET_CRYPTO_hash_context_start (); GNUNET_CRYPTO_hash_context_read (hc, opt, @@ -444,7 +419,6 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub) denom_pub->cipher = TALER_DENOMINATION_INVALID; return; case TALER_DENOMINATION_CS: - // ATM nothing needs to be freed, but check again after implementation. return; default: GNUNET_assert (0); @@ -468,7 +442,6 @@ TALER_denom_priv_free (struct TALER_DenominationPrivateKey *denom_priv) denom_priv->cipher = TALER_DENOMINATION_INVALID; return; case TALER_DENOMINATION_CS: - // ATM nothing needs to be freed, but check again after implementation. return; default: GNUNET_assert (0); @@ -492,7 +465,6 @@ TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig) denom_sig->cipher = TALER_DENOMINATION_INVALID; return; case TALER_DENOMINATION_CS: - // ATM nothing needs to be freed, but check again after implementation. return; default: GNUNET_assert (0); @@ -518,7 +490,6 @@ TALER_blinded_denom_sig_free ( denom_sig->cipher = TALER_DENOMINATION_INVALID; return; case TALER_DENOMINATION_CS: - // ATM nothing needs to be freed, but check again after implementation. return; default: GNUNET_assert (0); @@ -546,7 +517,6 @@ TALER_denom_pub_deep_copy (struct TALER_DenominationPublicKey *denom_dst, denom_src->details.rsa_public_key); return; case TALER_DENOMINATION_CS: - // In Case of CS, the above is already a deep copy *denom_dst = *denom_src; return; default: GNUNET_assert (0); @@ -569,7 +539,6 @@ TALER_denom_sig_deep_copy (struct TALER_DenominationSignature *denom_dst, denom_src->details.rsa_signature); return; case TALER_DENOMINATION_CS: - // In Case of CS, the above is already a deep copy *denom_dst = *denom_src; return; default: GNUNET_assert (0); @@ -593,7 +562,6 @@ TALER_blinded_denom_sig_deep_copy ( denom_src->details.blinded_rsa_signature); return; case TALER_DENOMINATION_CS: - // In Case of CS, the above is already a deep copy *denom_dst = *denom_src; return; default: GNUNET_assert (0); @@ -734,4 +702,143 @@ TALER_blinded_planchet_hash (const struct TALER_BlindedPlanchet *bp, } +void +TALER_planchet_blinding_secret_create ( + const struct TALER_PlanchetMasterSecretP *ps, + const struct TALER_ExchangeWithdrawValues *alg_values, + union TALER_DenominationBlindingKeyP *bks) +{ + switch (alg_values->cipher) + { + case TALER_DENOMINATION_INVALID: + GNUNET_break (0); + return; + case TALER_DENOMINATION_RSA: + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (&bks->rsa_bks, + sizeof (bks->rsa_bks), + "bks", + strlen ("bks"), + ps, + sizeof(*ps), + NULL, + 0)); + return; + case TALER_DENOMINATION_CS: + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (&bks->nonce, + sizeof (bks->nonce), + "bseed", + strlen ("bseed"), + ps, + sizeof(*ps), + &alg_values->details.cs_values, + sizeof(alg_values->details.cs_values), + NULL, + 0)); + return; + default: + GNUNET_break (0); + } +} + + +void +TALER_planchet_setup_coin_priv ( + const struct TALER_PlanchetMasterSecretP *ps, + const struct TALER_ExchangeWithdrawValues *alg_values, + struct TALER_CoinSpendPrivateKeyP *coin_priv) +{ + switch (alg_values->cipher) + { + case TALER_DENOMINATION_RSA: + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (coin_priv, + sizeof (*coin_priv), + "coin", + strlen ("coin"), + ps, + sizeof(*ps), + NULL, + 0)); + break; + case TALER_DENOMINATION_CS: + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (coin_priv, + sizeof (*coin_priv), + "coin", + strlen ("coin"), + ps, + sizeof(*ps), + &alg_values->details.cs_values, + sizeof(alg_values->details.cs_values), + NULL, + 0)); + break; + default: + GNUNET_break (0); + return; + } + coin_priv->eddsa_priv.d[0] &= 248; + coin_priv->eddsa_priv.d[31] &= 127; + coin_priv->eddsa_priv.d[31] |= 64; +} + + +void +TALER_blinded_planchet_free (struct TALER_BlindedPlanchet *blinded_planchet) +{ + switch (blinded_planchet->cipher) + { + case TALER_DENOMINATION_RSA: + GNUNET_free (blinded_planchet->details.rsa_blinded_planchet.blinded_msg); + break; + case TALER_DENOMINATION_CS: + memset (blinded_planchet, + 0, + sizeof (*blinded_planchet)); + /* nothing to do for CS */ + break; + default: + GNUNET_break (0); + } +} + + +enum GNUNET_GenericReturnValue +TALER_coin_ev_hash (const struct TALER_BlindedPlanchet *blinded_planchet, + const struct TALER_DenominationHash *denom_hash, + struct TALER_BlindedCoinHash *bch) +{ + struct GNUNET_HashContext *hash_context; + + hash_context = GNUNET_CRYPTO_hash_context_start (); + GNUNET_CRYPTO_hash_context_read (hash_context, + denom_hash, + sizeof(*denom_hash)); + switch (blinded_planchet->cipher) + { + case TALER_DENOMINATION_RSA: + GNUNET_CRYPTO_hash_context_read ( + hash_context, + blinded_planchet->details.rsa_blinded_planchet.blinded_msg, + blinded_planchet->details.rsa_blinded_planchet.blinded_msg_size); + break; + case TALER_DENOMINATION_CS: + GNUNET_CRYPTO_hash_context_read ( + hash_context, + &blinded_planchet->details.cs_blinded_planchet.c[0], + sizeof (struct GNUNET_CRYPTO_CsC) * 2); + break; + default: + GNUNET_break (0); + GNUNET_CRYPTO_hash_context_abort (hash_context); + return GNUNET_SYSERR; + } + GNUNET_CRYPTO_hash_context_finish (hash_context, + &bch->hash); + return GNUNET_OK; +} + + /* end of denom.c */ diff --git a/src/util/taler-exchange-secmod-cs.c b/src/util/taler-exchange-secmod-cs.c index 17fb23b3d..ab3a86fa8 100644 --- a/src/util/taler-exchange-secmod-cs.c +++ b/src/util/taler-exchange-secmod-cs.c @@ -281,7 +281,6 @@ handle_sign_request (struct TES_Client *client, { struct DenominationKey *dk; struct GNUNET_CRYPTO_CsRSecret r[2]; - struct TALER_BlindedDenominationCsSignAnswer cs_answer; struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get (); @@ -326,8 +325,9 @@ handle_sign_request (struct TES_Client *client, GNUNET_assert (dk->rc < UINT_MAX); dk->rc++; GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock)); - - GNUNET_CRYPTO_cs_r_derive (&sr->planchet.nonce.nonce, &dk->denom_priv, r); + GNUNET_CRYPTO_cs_r_derive (&sr->planchet.nonce.nonce, + &dk->denom_priv, + r); cs_answer.b = GNUNET_CRYPTO_cs_sign_derive (&dk->denom_priv, r, sr->planchet.c, diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c index 94d3167e3..fbf30e3a4 100644 --- a/src/util/test_crypto.c +++ b/src/util/test_crypto.c @@ -176,6 +176,38 @@ test_planchets_rsa (void) /** + * @brief Function for CS signatures to derive public R_0 and R_1 + * + * @param nonce withdraw nonce from a client + * @param denom_priv denomination privkey as long-term secret + * @param r_pub the resulting R_0 and R_1 + * @return enum GNUNET_GenericReturnValue + */ +static enum GNUNET_GenericReturnValue +derive_r_public ( + const struct TALER_CsNonce *nonce, + const struct TALER_DenominationPrivateKey *denom_priv, + struct TALER_DenominationCSPublicRPairP *r_pub) +{ + struct GNUNET_CRYPTO_CsRSecret r[2]; + + if (denom_priv->cipher != TALER_DENOMINATION_CS) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + GNUNET_CRYPTO_cs_r_derive (&nonce->nonce, + &denom_priv->details.cs_private_key, + r); + GNUNET_CRYPTO_cs_r_get_public (&r[0], + &r_pub->r_pub[0]); + GNUNET_CRYPTO_cs_r_get_public (&r[1], + &r_pub->r_pub[1]); + return GNUNET_OK; +} + + +/** * Test the basic planchet functionality of creating a fresh planchet with CS denomination * and extracting the respective signature. * @@ -207,7 +239,7 @@ test_planchets_cs (void) &ps, &pd.blinded_planchet.details.cs_blinded_planchet.nonce); GNUNET_assert (GNUNET_OK == - TALER_denom_cs_derive_r_public ( + derive_r_public ( &pd.blinded_planchet.details.cs_blinded_planchet.nonce, &dk_priv, &alg_values.details.cs_values)); diff --git a/src/util/wallet_signatures.c b/src/util/wallet_signatures.c index 669ea6dd5..1dd2302b4 100644 --- a/src/util/wallet_signatures.c +++ b/src/util/wallet_signatures.c @@ -285,4 +285,52 @@ TALER_wallet_melt_verify ( } +void +TALER_wallet_withdraw_sign ( + const struct TALER_DenominationHash *h_denom_pub, + const struct TALER_Amount *amount_with_fee, + const struct TALER_BlindedCoinHash *bch, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig) +{ + struct TALER_WithdrawRequestPS req = { + .purpose.size = htonl (sizeof (req)), + .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW), + .h_denomination_pub = *h_denom_pub, + .h_coin_envelope = *bch + }; + + TALER_amount_hton (&req.amount_with_fee, + amount_with_fee); + GNUNET_CRYPTO_eddsa_sign (&reserve_priv->eddsa_priv, + &req, + &reserve_sig->eddsa_signature); +} + + +enum GNUNET_GenericReturnValue +TALER_wallet_withdraw_verify ( + const struct TALER_DenominationHash *h_denom_pub, + const struct TALER_Amount *amount_with_fee, + const struct TALER_BlindedCoinHash *bch, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig) +{ + struct TALER_WithdrawRequestPS wsrd = { + .purpose.size = htonl (sizeof (wsrd)), + .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW), + .h_denomination_pub = *h_denom_pub, + .h_coin_envelope = *bch + }; + + TALER_amount_hton (&wsrd.amount_with_fee, + amount_with_fee); + return GNUNET_CRYPTO_eddsa_verify ( + TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW, + &wsrd, + &reserve_sig->eddsa_signature, + &reserve_pub->eddsa_pub); +} + + /* end of wallet_signatures.c */ |