diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/include/taler_crypto_lib.h | 2 | ||||
-rw-r--r-- | src/util/crypto.c | 62 | ||||
-rw-r--r-- | src/util/test_crypto.c | 58 | ||||
-rw-r--r-- | src/util/test_helper_cs.c | 65 | ||||
-rw-r--r-- | src/util/test_helper_rsa.c | 30 |
5 files changed, 156 insertions, 61 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 0783b1e85..4abb985a6 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1028,7 +1028,7 @@ TALER_planchet_setup_coin_priv ( */ void TALER_cs_withdraw_nonce_derive ( - const struct TALER_CoinSpendPrivateKeyP *coin_priv, + const struct TALER_PlanchetSecretsP *ps, struct TALER_CsNonce *nonce); diff --git a/src/util/crypto.c b/src/util/crypto.c index 4363c5616..a142859aa 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -198,7 +198,7 @@ cs_blinding_seed_derive (const struct void TALER_cs_withdraw_nonce_derive (const struct - TALER_CoinSpendPrivateKeyP *coin_priv, + TALER_PlanchetSecretsP *ps, struct TALER_CsNonce *nonce) { GNUNET_assert (GNUNET_YES == @@ -208,8 +208,8 @@ TALER_cs_withdraw_nonce_derive (const struct GCRY_MD_SHA256, "n", strlen ("n"), - coin_priv, - sizeof(*coin_priv), + ps, + sizeof(*ps), NULL, 0)); } @@ -239,16 +239,13 @@ TALER_planchet_blinding_secret_create (const struct TALER_PlanchetSecretsP *ps, case TALER_DENOMINATION_RSA: GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_hkdf (&bks->rsa_bks, - sizeof (struct - GNUNET_CRYPTO_RsaBlindingKeySecret), + sizeof (bks->rsa_bks), GCRY_MD_SHA512, GCRY_MD_SHA256, "bks", strlen ("bks"), ps, sizeof(*ps), - &alg_values->details, /* Could be null on RSA case*/ - sizeof(alg_values->details), NULL, 0)); return; @@ -271,19 +268,44 @@ TALER_planchet_setup_coin_priv ( const struct TALER_ExchangeWithdrawValues *alg_values, struct TALER_CoinSpendPrivateKeyP *coin_priv) { - GNUNET_assert (GNUNET_YES == - GNUNET_CRYPTO_hkdf (coin_priv, - sizeof (*coin_priv), - GCRY_MD_SHA512, - GCRY_MD_SHA256, - "coin", - strlen ("coin"), - ps, - sizeof(*ps), - &alg_values->details, /* Could be null on RSA case*/ - sizeof(alg_values->details), - NULL, - 0)); + switch (alg_values->cipher) + { + case TALER_DENOMINATION_RSA: + { + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_hkdf (coin_priv, + sizeof (*coin_priv), + GCRY_MD_SHA512, + GCRY_MD_SHA256, + "coin", + strlen ("coin"), + ps, + sizeof(*ps), + NULL, + 0)); + break; + } + case TALER_DENOMINATION_CS: + { + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_hkdf (coin_priv, + sizeof (*coin_priv), + GCRY_MD_SHA512, + GCRY_MD_SHA256, + "coin", + strlen ("coin"), + ps, + sizeof(*ps), + &alg_values->details, /* Could be null on RSA case*/ + sizeof(alg_values->details), + NULL, + 0)); + break; + } + default: + GNUNET_break (0); + return; + } coin_priv->eddsa_priv.d[0] &= 248; coin_priv->eddsa_priv.d[31] &= 127; coin_priv->eddsa_priv.d[31] |= 64; diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c index 9f01b74c7..218b593a5 100644 --- a/src/util/test_crypto.c +++ b/src/util/test_crypto.c @@ -38,8 +38,10 @@ test_high_level (void) struct TALER_TransferPublicKeyP trans_pub; struct TALER_TransferSecretP secret; struct TALER_TransferSecretP secret2; - struct TALER_PlanchetSecretsP fc1; - struct TALER_PlanchetSecretsP fc2; + union TALER_DenominationBlindingKeyP bks1; + union TALER_DenominationBlindingKeyP bks2; + struct TALER_CoinSpendPrivateKeyP coin_priv1; + struct TALER_CoinSpendPrivateKeyP coin_priv2; GNUNET_CRYPTO_eddsa_key_create (&coin_priv.eddsa_priv); GNUNET_CRYPTO_eddsa_key_get_public (&coin_priv.eddsa_priv, @@ -64,13 +66,18 @@ test_high_level (void) &secret2)); TALER_planchet_setup_refresh (&secret, 0, - &fc1); + &coin_priv1, + &bks1); TALER_planchet_setup_refresh (&secret, 1, - &fc2); + &coin_priv2, + &bks2); GNUNET_assert (0 != - GNUNET_memcmp (&fc1, - &fc2)); + GNUNET_memcmp (&coin_priv1, + &coin_priv2)); + GNUNET_assert (0 != + GNUNET_memcmp (&bks1, + &bks2)); return 0; } @@ -85,6 +92,8 @@ static int test_planchets_rsa (void) { struct TALER_PlanchetSecretsP ps; + struct TALER_CoinSpendPrivateKeyP coin_priv; + union TALER_DenominationBlindingKeyP bks; struct TALER_DenominationPrivateKey dk_priv; struct TALER_DenominationPublicKey dk_pub; struct TALER_ExchangeWithdrawValues alg_values; @@ -93,6 +102,9 @@ test_planchets_rsa (void) struct TALER_FreshCoin coin; struct TALER_CoinPubHash c_hash; + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps, + sizeof (ps)); GNUNET_assert (GNUNET_SYSERR == TALER_denom_priv_create (&dk_priv, @@ -110,12 +122,15 @@ test_planchets_rsa (void) TALER_DENOMINATION_RSA, 1024)); alg_values.cipher = TALER_DENOMINATION_RSA; - TALER_planchet_setup_random (&ps, - &alg_values); + + TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv); + TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks); + GNUNET_assert (GNUNET_OK == TALER_planchet_prepare (&dk_pub, &alg_values, - &ps, + &bks, + &coin_priv, &c_hash, &pd)); GNUNET_assert (GNUNET_OK == @@ -125,7 +140,8 @@ test_planchets_rsa (void) GNUNET_assert (GNUNET_OK == TALER_planchet_to_coin (&dk_pub, &blind_sig, - &ps, + &bks, + &coin_priv, &c_hash, &alg_values, &coin)); @@ -147,6 +163,8 @@ static int test_planchets_cs (void) { struct TALER_PlanchetSecretsP ps; + struct TALER_CoinSpendPrivateKeyP coin_priv; + union TALER_DenominationBlindingKeyP bks; struct TALER_DenominationPrivateKey dk_priv; struct TALER_DenominationPublicKey dk_pub; struct TALER_PlanchetDetail pd; @@ -155,15 +173,18 @@ test_planchets_cs (void) struct TALER_FreshCoin coin; struct TALER_ExchangeWithdrawValues alg_values; + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps, + sizeof (ps)); + GNUNET_assert (GNUNET_OK == TALER_denom_priv_create (&dk_priv, &dk_pub, TALER_DENOMINATION_CS)); alg_values.cipher = TALER_DENOMINATION_CS; - TALER_planchet_setup_random (&ps, - &alg_values); - TALER_cs_withdraw_nonce_derive (&ps.coin_priv, + + TALER_cs_withdraw_nonce_derive (&ps, &pd.blinded_planchet.details. cs_blinded_planchet.nonce); GNUNET_assert (GNUNET_OK == @@ -171,13 +192,17 @@ test_planchets_cs (void) &pd.blinded_planchet.details.cs_blinded_planchet.nonce, &dk_priv, &alg_values.details.cs_values.r_pub)); + + TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv); TALER_planchet_blinding_secret_create (&ps, - &alg_values); + &alg_values, + &bks); GNUNET_assert (GNUNET_OK == TALER_planchet_prepare (&dk_pub, &alg_values, - &ps, + &bks, + &coin_priv, &c_hash, &pd)); @@ -189,7 +214,8 @@ test_planchets_cs (void) GNUNET_assert (GNUNET_OK == TALER_planchet_to_coin (&dk_pub, &blind_sig, - &ps, + &bks, + &coin_priv, &c_hash, &alg_values, &coin)); diff --git a/src/util/test_helper_cs.c b/src/util/test_helper_cs.c index c4e68376b..4f635d404 100644 --- a/src/util/test_helper_cs.c +++ b/src/util/test_helper_cs.c @@ -267,12 +267,19 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh) enum TALER_ErrorCode ec; bool success = false; struct TALER_PlanchetSecretsP ps; + struct TALER_CoinSpendPrivateKeyP coin_priv; + union TALER_DenominationBlindingKeyP bks; struct TALER_CoinPubHash c_hash; struct TALER_ExchangeWithdrawValues alg_values; + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps, + sizeof (ps)); + alg_values.cipher = TALER_DENOMINATION_CS; - TALER_planchet_setup_random (&ps, - &alg_values); + TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv); + TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks); + for (unsigned int i = 0; i<MAX_KEYS; i++) { struct TALER_PlanchetDetail pd; @@ -283,7 +290,7 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh) { pd.blinded_planchet.cipher = TALER_DENOMINATION_CS; - TALER_cs_withdraw_nonce_derive (&ps.coin_priv, + TALER_cs_withdraw_nonce_derive (&ps, &pd.blinded_planchet.details. cs_blinded_planchet.nonce); GNUNET_log (GNUNET_ERROR_TYPE_INFO, @@ -325,11 +332,13 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh) GNUNET_h2s (&keys[i].h_cs.hash)); TALER_planchet_blinding_secret_create (&ps, - &alg_values); + &alg_values, + &bks); GNUNET_assert (GNUNET_OK == TALER_planchet_prepare (&keys[i].denom_pub, &alg_values, - &ps, + &bks, + &coin_priv, &c_hash, &pd)); GNUNET_log (GNUNET_ERROR_TYPE_INFO, @@ -409,12 +418,19 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh) enum TALER_ErrorCode ec; bool success = false; struct TALER_PlanchetSecretsP ps; + struct TALER_CoinSpendPrivateKeyP coin_priv; + union TALER_DenominationBlindingKeyP bks; struct TALER_CoinPubHash c_hash; struct TALER_ExchangeWithdrawValues alg_values; + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps, + sizeof (ps)); + alg_values.cipher = TALER_DENOMINATION_CS; - TALER_planchet_setup_random (&ps, - &alg_values); + TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv); + TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks); + for (unsigned int i = 0; i<MAX_KEYS; i++) { if (! keys[i].valid) @@ -424,7 +440,7 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh) pd.blinded_planchet.cipher = TALER_DENOMINATION_CS; // keys[i].denom_pub.cipher = TALER_DENOMINATION_CS; - TALER_cs_withdraw_nonce_derive (&ps.coin_priv, + TALER_cs_withdraw_nonce_derive (&ps, &pd.blinded_planchet.details. cs_blinded_planchet.nonce); alg_values.details.cs_values.r_pub @@ -435,12 +451,14 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh) cs_blinded_planchet.nonce, &ec); TALER_planchet_blinding_secret_create (&ps, - &alg_values); + &alg_values, + &bks); GNUNET_assert (GNUNET_YES == TALER_planchet_prepare (&keys[i].denom_pub, &alg_values, - &ps, + &bks, + &coin_priv, &c_hash, &pd)); GNUNET_log (GNUNET_ERROR_TYPE_INFO, @@ -478,7 +496,8 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh) if (GNUNET_OK != TALER_planchet_to_coin (&keys[i].denom_pub, &ds, - &ps, + &bks, + &coin_priv, &c_hash, &alg_values, &coin)) @@ -536,7 +555,8 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh) GNUNET_assert (GNUNET_YES == TALER_planchet_prepare (&keys[0].denom_pub, &alg_values, - &ps, + &bks, + &coin_priv, &c_hash, &pd)); @@ -574,11 +594,20 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh, enum TALER_ErrorCode ec; struct GNUNET_TIME_Relative duration; struct TALER_PlanchetSecretsP ps; + struct TALER_CoinSpendPrivateKeyP coin_priv; + union TALER_DenominationBlindingKeyP bks; struct TALER_ExchangeWithdrawValues alg_values; + + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps, + sizeof (ps)); + alg_values.cipher = TALER_DENOMINATION_CS; - TALER_planchet_setup_random (&ps, - &alg_values); + + TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv); + TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks); + duration = GNUNET_TIME_UNIT_ZERO; TALER_CRYPTO_helper_cs_poll (dh); for (unsigned int j = 0; j<NUM_SIGN_PERFS;) @@ -603,7 +632,7 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh, pd.blinded_planchet.cipher = TALER_DENOMINATION_CS; - TALER_cs_withdraw_nonce_derive (&ps.coin_priv, + TALER_cs_withdraw_nonce_derive (&ps, &pd.blinded_planchet.details. cs_blinded_planchet.nonce); @@ -615,12 +644,14 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh, cs_blinded_planchet.nonce, &ec); TALER_planchet_blinding_secret_create (&ps, - &alg_values); + &alg_values, + &bks); GNUNET_assert (GNUNET_YES == TALER_planchet_prepare (&keys[i].denom_pub, &alg_values, - &ps, + &bks, + &coin_priv, &c_hash, &pd)); /* use this key as long as it works */ diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c index f9f1a860d..f51861d41 100644 --- a/src/util/test_helper_rsa.c +++ b/src/util/test_helper_rsa.c @@ -270,10 +270,17 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh) struct TALER_PlanchetSecretsP ps; struct TALER_ExchangeWithdrawValues alg_values; struct TALER_CoinPubHash c_hash; + struct TALER_CoinSpendPrivateKeyP coin_priv; + union TALER_DenominationBlindingKeyP bks; + + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps, + sizeof (ps)); alg_values.cipher = TALER_DENOMINATION_RSA; - TALER_planchet_setup_random (&ps, - &alg_values); + TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv); + TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks); + for (unsigned int i = 0; i<MAX_KEYS; i++) { if (! keys[i].valid) @@ -287,7 +294,8 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh) GNUNET_assert (GNUNET_YES == TALER_planchet_prepare (&keys[i].denom_pub, &alg_values, - &ps, + &bks, + &coin_priv, &c_hash, &pd)); GNUNET_log (GNUNET_ERROR_TYPE_INFO, @@ -332,7 +340,7 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh) if (GNUNET_OK != TALER_denom_sig_unblind (&rs, &ds, - &ps.blinding_key, + &bks, &keys[i].denom_pub)) { GNUNET_break (0); @@ -429,11 +437,18 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh, enum TALER_ErrorCode ec; struct GNUNET_TIME_Relative duration; struct TALER_PlanchetSecretsP ps; + struct TALER_CoinSpendPrivateKeyP coin_priv; + union TALER_DenominationBlindingKeyP bks; struct TALER_ExchangeWithdrawValues alg_values; + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps, + sizeof (ps)); + alg_values.cipher = TALER_DENOMINATION_RSA; - TALER_planchet_setup_random (&ps, - &alg_values); + TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv); + TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks); + duration = GNUNET_TIME_UNIT_ZERO; TALER_CRYPTO_helper_rsa_poll (dh); for (unsigned int j = 0; j<NUM_SIGN_PERFS;) @@ -461,7 +476,8 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh, GNUNET_assert (GNUNET_YES == TALER_planchet_prepare (&keys[i].denom_pub, &alg_values, - &ps, + &bks, + &coin_priv, &c_hash, &pd)); /* use this key as long as it works */ |