aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/taler_crypto_lib.h2
-rw-r--r--src/util/crypto.c62
-rw-r--r--src/util/test_crypto.c58
-rw-r--r--src/util/test_helper_cs.c65
-rw-r--r--src/util/test_helper_rsa.c30
5 files changed, 156 insertions, 61 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 0783b1e85..4abb985a6 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -1028,7 +1028,7 @@ TALER_planchet_setup_coin_priv (
*/
void
TALER_cs_withdraw_nonce_derive (
- const struct TALER_CoinSpendPrivateKeyP *coin_priv,
+ const struct TALER_PlanchetSecretsP *ps,
struct TALER_CsNonce *nonce);
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 4363c5616..a142859aa 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -198,7 +198,7 @@ cs_blinding_seed_derive (const struct
void
TALER_cs_withdraw_nonce_derive (const struct
- TALER_CoinSpendPrivateKeyP *coin_priv,
+ TALER_PlanchetSecretsP *ps,
struct TALER_CsNonce *nonce)
{
GNUNET_assert (GNUNET_YES ==
@@ -208,8 +208,8 @@ TALER_cs_withdraw_nonce_derive (const struct
GCRY_MD_SHA256,
"n",
strlen ("n"),
- coin_priv,
- sizeof(*coin_priv),
+ ps,
+ sizeof(*ps),
NULL,
0));
}
@@ -239,16 +239,13 @@ TALER_planchet_blinding_secret_create (const struct TALER_PlanchetSecretsP *ps,
case TALER_DENOMINATION_RSA:
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_hkdf (&bks->rsa_bks,
- sizeof (struct
- GNUNET_CRYPTO_RsaBlindingKeySecret),
+ sizeof (bks->rsa_bks),
GCRY_MD_SHA512,
GCRY_MD_SHA256,
"bks",
strlen ("bks"),
ps,
sizeof(*ps),
- &alg_values->details, /* Could be null on RSA case*/
- sizeof(alg_values->details),
NULL,
0));
return;
@@ -271,19 +268,44 @@ TALER_planchet_setup_coin_priv (
const struct TALER_ExchangeWithdrawValues *alg_values,
struct TALER_CoinSpendPrivateKeyP *coin_priv)
{
- GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_hkdf (coin_priv,
- sizeof (*coin_priv),
- GCRY_MD_SHA512,
- GCRY_MD_SHA256,
- "coin",
- strlen ("coin"),
- ps,
- sizeof(*ps),
- &alg_values->details, /* Could be null on RSA case*/
- sizeof(alg_values->details),
- NULL,
- 0));
+ switch (alg_values->cipher)
+ {
+ case TALER_DENOMINATION_RSA:
+ {
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_hkdf (coin_priv,
+ sizeof (*coin_priv),
+ GCRY_MD_SHA512,
+ GCRY_MD_SHA256,
+ "coin",
+ strlen ("coin"),
+ ps,
+ sizeof(*ps),
+ NULL,
+ 0));
+ break;
+ }
+ case TALER_DENOMINATION_CS:
+ {
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_hkdf (coin_priv,
+ sizeof (*coin_priv),
+ GCRY_MD_SHA512,
+ GCRY_MD_SHA256,
+ "coin",
+ strlen ("coin"),
+ ps,
+ sizeof(*ps),
+ &alg_values->details, /* Could be null on RSA case*/
+ sizeof(alg_values->details),
+ NULL,
+ 0));
+ break;
+ }
+ default:
+ GNUNET_break (0);
+ return;
+ }
coin_priv->eddsa_priv.d[0] &= 248;
coin_priv->eddsa_priv.d[31] &= 127;
coin_priv->eddsa_priv.d[31] |= 64;
diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c
index 9f01b74c7..218b593a5 100644
--- a/src/util/test_crypto.c
+++ b/src/util/test_crypto.c
@@ -38,8 +38,10 @@ test_high_level (void)
struct TALER_TransferPublicKeyP trans_pub;
struct TALER_TransferSecretP secret;
struct TALER_TransferSecretP secret2;
- struct TALER_PlanchetSecretsP fc1;
- struct TALER_PlanchetSecretsP fc2;
+ union TALER_DenominationBlindingKeyP bks1;
+ union TALER_DenominationBlindingKeyP bks2;
+ struct TALER_CoinSpendPrivateKeyP coin_priv1;
+ struct TALER_CoinSpendPrivateKeyP coin_priv2;
GNUNET_CRYPTO_eddsa_key_create (&coin_priv.eddsa_priv);
GNUNET_CRYPTO_eddsa_key_get_public (&coin_priv.eddsa_priv,
@@ -64,13 +66,18 @@ test_high_level (void)
&secret2));
TALER_planchet_setup_refresh (&secret,
0,
- &fc1);
+ &coin_priv1,
+ &bks1);
TALER_planchet_setup_refresh (&secret,
1,
- &fc2);
+ &coin_priv2,
+ &bks2);
GNUNET_assert (0 !=
- GNUNET_memcmp (&fc1,
- &fc2));
+ GNUNET_memcmp (&coin_priv1,
+ &coin_priv2));
+ GNUNET_assert (0 !=
+ GNUNET_memcmp (&bks1,
+ &bks2));
return 0;
}
@@ -85,6 +92,8 @@ static int
test_planchets_rsa (void)
{
struct TALER_PlanchetSecretsP ps;
+ struct TALER_CoinSpendPrivateKeyP coin_priv;
+ union TALER_DenominationBlindingKeyP bks;
struct TALER_DenominationPrivateKey dk_priv;
struct TALER_DenominationPublicKey dk_pub;
struct TALER_ExchangeWithdrawValues alg_values;
@@ -93,6 +102,9 @@ test_planchets_rsa (void)
struct TALER_FreshCoin coin;
struct TALER_CoinPubHash c_hash;
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+ &ps,
+ sizeof (ps));
GNUNET_assert (GNUNET_SYSERR ==
TALER_denom_priv_create (&dk_priv,
@@ -110,12 +122,15 @@ test_planchets_rsa (void)
TALER_DENOMINATION_RSA,
1024));
alg_values.cipher = TALER_DENOMINATION_RSA;
- TALER_planchet_setup_random (&ps,
- &alg_values);
+
+ TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
+ TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);
+
GNUNET_assert (GNUNET_OK ==
TALER_planchet_prepare (&dk_pub,
&alg_values,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&pd));
GNUNET_assert (GNUNET_OK ==
@@ -125,7 +140,8 @@ test_planchets_rsa (void)
GNUNET_assert (GNUNET_OK ==
TALER_planchet_to_coin (&dk_pub,
&blind_sig,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&alg_values,
&coin));
@@ -147,6 +163,8 @@ static int
test_planchets_cs (void)
{
struct TALER_PlanchetSecretsP ps;
+ struct TALER_CoinSpendPrivateKeyP coin_priv;
+ union TALER_DenominationBlindingKeyP bks;
struct TALER_DenominationPrivateKey dk_priv;
struct TALER_DenominationPublicKey dk_pub;
struct TALER_PlanchetDetail pd;
@@ -155,15 +173,18 @@ test_planchets_cs (void)
struct TALER_FreshCoin coin;
struct TALER_ExchangeWithdrawValues alg_values;
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+ &ps,
+ sizeof (ps));
+
GNUNET_assert (GNUNET_OK ==
TALER_denom_priv_create (&dk_priv,
&dk_pub,
TALER_DENOMINATION_CS));
alg_values.cipher = TALER_DENOMINATION_CS;
- TALER_planchet_setup_random (&ps,
- &alg_values);
- TALER_cs_withdraw_nonce_derive (&ps.coin_priv,
+
+ TALER_cs_withdraw_nonce_derive (&ps,
&pd.blinded_planchet.details.
cs_blinded_planchet.nonce);
GNUNET_assert (GNUNET_OK ==
@@ -171,13 +192,17 @@ test_planchets_cs (void)
&pd.blinded_planchet.details.cs_blinded_planchet.nonce,
&dk_priv,
&alg_values.details.cs_values.r_pub));
+
+ TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
TALER_planchet_blinding_secret_create (&ps,
- &alg_values);
+ &alg_values,
+ &bks);
GNUNET_assert (GNUNET_OK ==
TALER_planchet_prepare (&dk_pub,
&alg_values,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&pd));
@@ -189,7 +214,8 @@ test_planchets_cs (void)
GNUNET_assert (GNUNET_OK ==
TALER_planchet_to_coin (&dk_pub,
&blind_sig,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&alg_values,
&coin));
diff --git a/src/util/test_helper_cs.c b/src/util/test_helper_cs.c
index c4e68376b..4f635d404 100644
--- a/src/util/test_helper_cs.c
+++ b/src/util/test_helper_cs.c
@@ -267,12 +267,19 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh)
enum TALER_ErrorCode ec;
bool success = false;
struct TALER_PlanchetSecretsP ps;
+ struct TALER_CoinSpendPrivateKeyP coin_priv;
+ union TALER_DenominationBlindingKeyP bks;
struct TALER_CoinPubHash c_hash;
struct TALER_ExchangeWithdrawValues alg_values;
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+ &ps,
+ sizeof (ps));
+
alg_values.cipher = TALER_DENOMINATION_CS;
- TALER_planchet_setup_random (&ps,
- &alg_values);
+ TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
+ TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);
+
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
struct TALER_PlanchetDetail pd;
@@ -283,7 +290,7 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh)
{
pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
- TALER_cs_withdraw_nonce_derive (&ps.coin_priv,
+ TALER_cs_withdraw_nonce_derive (&ps,
&pd.blinded_planchet.details.
cs_blinded_planchet.nonce);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -325,11 +332,13 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh)
GNUNET_h2s (&keys[i].h_cs.hash));
TALER_planchet_blinding_secret_create (&ps,
- &alg_values);
+ &alg_values,
+ &bks);
GNUNET_assert (GNUNET_OK ==
TALER_planchet_prepare (&keys[i].denom_pub,
&alg_values,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&pd));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -409,12 +418,19 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
enum TALER_ErrorCode ec;
bool success = false;
struct TALER_PlanchetSecretsP ps;
+ struct TALER_CoinSpendPrivateKeyP coin_priv;
+ union TALER_DenominationBlindingKeyP bks;
struct TALER_CoinPubHash c_hash;
struct TALER_ExchangeWithdrawValues alg_values;
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+ &ps,
+ sizeof (ps));
+
alg_values.cipher = TALER_DENOMINATION_CS;
- TALER_planchet_setup_random (&ps,
- &alg_values);
+ TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
+ TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);
+
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
if (! keys[i].valid)
@@ -424,7 +440,7 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
// keys[i].denom_pub.cipher = TALER_DENOMINATION_CS;
- TALER_cs_withdraw_nonce_derive (&ps.coin_priv,
+ TALER_cs_withdraw_nonce_derive (&ps,
&pd.blinded_planchet.details.
cs_blinded_planchet.nonce);
alg_values.details.cs_values.r_pub
@@ -435,12 +451,14 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
cs_blinded_planchet.nonce,
&ec);
TALER_planchet_blinding_secret_create (&ps,
- &alg_values);
+ &alg_values,
+ &bks);
GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[i].denom_pub,
&alg_values,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&pd));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -478,7 +496,8 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
if (GNUNET_OK !=
TALER_planchet_to_coin (&keys[i].denom_pub,
&ds,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&alg_values,
&coin))
@@ -536,7 +555,8 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[0].denom_pub,
&alg_values,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&pd));
@@ -574,11 +594,20 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh,
enum TALER_ErrorCode ec;
struct GNUNET_TIME_Relative duration;
struct TALER_PlanchetSecretsP ps;
+ struct TALER_CoinSpendPrivateKeyP coin_priv;
+ union TALER_DenominationBlindingKeyP bks;
struct TALER_ExchangeWithdrawValues alg_values;
+
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+ &ps,
+ sizeof (ps));
+
alg_values.cipher = TALER_DENOMINATION_CS;
- TALER_planchet_setup_random (&ps,
- &alg_values);
+
+ TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
+ TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);
+
duration = GNUNET_TIME_UNIT_ZERO;
TALER_CRYPTO_helper_cs_poll (dh);
for (unsigned int j = 0; j<NUM_SIGN_PERFS;)
@@ -603,7 +632,7 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh,
pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
- TALER_cs_withdraw_nonce_derive (&ps.coin_priv,
+ TALER_cs_withdraw_nonce_derive (&ps,
&pd.blinded_planchet.details.
cs_blinded_planchet.nonce);
@@ -615,12 +644,14 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh,
cs_blinded_planchet.nonce,
&ec);
TALER_planchet_blinding_secret_create (&ps,
- &alg_values);
+ &alg_values,
+ &bks);
GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[i].denom_pub,
&alg_values,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&pd));
/* use this key as long as it works */
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index f9f1a860d..f51861d41 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -270,10 +270,17 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh)
struct TALER_PlanchetSecretsP ps;
struct TALER_ExchangeWithdrawValues alg_values;
struct TALER_CoinPubHash c_hash;
+ struct TALER_CoinSpendPrivateKeyP coin_priv;
+ union TALER_DenominationBlindingKeyP bks;
+
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+ &ps,
+ sizeof (ps));
alg_values.cipher = TALER_DENOMINATION_RSA;
- TALER_planchet_setup_random (&ps,
- &alg_values);
+ TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
+ TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);
+
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
if (! keys[i].valid)
@@ -287,7 +294,8 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh)
GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[i].denom_pub,
&alg_values,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&pd));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -332,7 +340,7 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh)
if (GNUNET_OK !=
TALER_denom_sig_unblind (&rs,
&ds,
- &ps.blinding_key,
+ &bks,
&keys[i].denom_pub))
{
GNUNET_break (0);
@@ -429,11 +437,18 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh,
enum TALER_ErrorCode ec;
struct GNUNET_TIME_Relative duration;
struct TALER_PlanchetSecretsP ps;
+ struct TALER_CoinSpendPrivateKeyP coin_priv;
+ union TALER_DenominationBlindingKeyP bks;
struct TALER_ExchangeWithdrawValues alg_values;
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+ &ps,
+ sizeof (ps));
+
alg_values.cipher = TALER_DENOMINATION_RSA;
- TALER_planchet_setup_random (&ps,
- &alg_values);
+ TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
+ TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);
+
duration = GNUNET_TIME_UNIT_ZERO;
TALER_CRYPTO_helper_rsa_poll (dh);
for (unsigned int j = 0; j<NUM_SIGN_PERFS;)
@@ -461,7 +476,8 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh,
GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[i].denom_pub,
&alg_values,
- &ps,
+ &bks,
+ &coin_priv,
&c_hash,
&pd));
/* use this key as long as it works */