diff options
| author | Özgür Kesim <oec-taler@kesim.org> | 2022-02-17 12:23:06 +0100 |
|---|---|---|
| committer | Özgür Kesim <oec-taler@kesim.org> | 2022-02-18 00:30:19 +0100 |
| commit | a78b3345fbf017b1cddfd09afb4b2c29287b0bba (patch) | |
| tree | 45752022adc8b1661fb1662df40af4d58ab7d5f4 /src/lib | |
| parent | 8bdf6ab19df70c16d335ecf82f2c3b2117eeb70e (diff) | |
[age restriction] progress 15/n - melt/refresh/reveal and recoup
Added age restriction support for
- melt/refresh/reveal
- recoup
However, tests are not yet implemented for those flows.
Also: minor fixes and refactoring.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/exchange_api_deposit.c | 4 | ||||
| -rw-r--r-- | src/lib/exchange_api_link.c | 45 | ||||
| -rw-r--r-- | src/lib/exchange_api_management_get_keys.c | 2 | ||||
| -rw-r--r-- | src/lib/exchange_api_refresh_common.c | 42 | ||||
| -rw-r--r-- | src/lib/exchange_api_refresh_common.h | 5 | ||||
| -rw-r--r-- | src/lib/exchange_api_refreshes_reveal.c | 19 |
6 files changed, 94 insertions, 23 deletions
diff --git a/src/lib/exchange_api_deposit.c b/src/lib/exchange_api_deposit.c index 2bfaaf6c..2cd40556 100644 --- a/src/lib/exchange_api_deposit.c +++ b/src/lib/exchange_api_deposit.c @@ -518,11 +518,11 @@ verify_signatures (const struct TALER_EXCHANGE_DenomPublicKey *dki, .coin_pub = *coin_pub, .denom_pub_hash = *denom_pub_hash, .denom_sig = *denom_sig, - .age_commitment_hash = {{{0}}} + .h_age_commitment = {{{0}}} }; if (NULL != h_age_commitment) { - coin_info.age_commitment_hash = *h_age_commitment; + coin_info.h_age_commitment = *h_age_commitment; } if (GNUNET_YES != diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c index 10ddd471..0702ba4e 100644 --- a/src/lib/exchange_api_link.c +++ b/src/lib/exchange_api_link.c @@ -66,6 +66,11 @@ struct TALER_EXCHANGE_LinkHandle */ struct TALER_CoinSpendPrivateKeyP coin_priv; + /** + * Age commitment of the coin, might be NULL, required to re-generate age commitments + */ + const struct TALER_AgeCommitment *age_commitment; + }; @@ -113,7 +118,7 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, struct TALER_TransferSecretP secret; struct TALER_PlanchetDetail pd; struct TALER_CoinPubHash c_hash; - struct TALER_AgeCommitmentHash h_age_commitment = {0}; // TODO, see below. + struct TALER_AgeCommitmentHash *hac = NULL; /* parse reply */ memset (&nonce, @@ -139,12 +144,37 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, TALER_planchet_blinding_secret_create (&lci->ps, &alg_values, &bks); + + /* Derive the age commitment and calculate the hash */ + if (NULL != lh->age_commitment) + { + struct TALER_AgeCommitment nac = {0}; + struct TALER_AgeCommitmentHash h = {0}; + uint32_t seed = secret.key.bits[0]; + + if (GNUNET_OK != + TALER_age_commitment_derive ( + lh->age_commitment, + seed, + &nac)) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + + TALER_age_commitment_hash ( + &nac, + &h); + + hac = &h; + } + if (GNUNET_OK != TALER_planchet_prepare (&rpub, &alg_values, &bks, &lci->coin_priv, - NULL, /* FIXME-oec. struct TALER_AgeCommitmentHash */ + hac, &c_hash, &pd)) { @@ -181,14 +211,6 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, GNUNET_CRYPTO_eddsa_key_get_public (&lh->coin_priv.eddsa_priv, &old_coin_pub.eddsa_pub); - /* - * TODO-oec: Derive the age commitment vector and hash it into - * h_age_commitment. - * Questions: - * - Where do we get the information about the support for age - * restriction of the denomination? - * - Where do we get the information bout the previous coin's age groups? - */ TALER_coin_ev_hash (&pd.blinded_planchet, &pd.denom_pub_hash, @@ -198,7 +220,6 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, trans_pub, &coin_envelope_hash, &old_coin_pub, - &h_age_commitment, &link_sig)) { GNUNET_break_op (0); @@ -455,6 +476,7 @@ handle_link_finished (void *cls, struct TALER_EXCHANGE_LinkHandle * TALER_EXCHANGE_link (struct TALER_EXCHANGE_Handle *exchange, const struct TALER_CoinSpendPrivateKeyP *coin_priv, + const struct TALER_AgeCommitment *age_commitment, TALER_EXCHANGE_LinkCallback link_cb, void *link_cb_cls) { @@ -493,6 +515,7 @@ TALER_EXCHANGE_link (struct TALER_EXCHANGE_Handle *exchange, lh->link_cb = link_cb; lh->link_cb_cls = link_cb_cls; lh->coin_priv = *coin_priv; + lh->age_commitment = age_commitment; lh->url = TEAH_path_to_url (exchange, arg_str); if (NULL == lh->url) diff --git a/src/lib/exchange_api_management_get_keys.c b/src/lib/exchange_api_management_get_keys.c index ac419388..4d686633 100644 --- a/src/lib/exchange_api_management_get_keys.c +++ b/src/lib/exchange_api_management_get_keys.c @@ -32,7 +32,7 @@ /** * Set to 1 for extra debug logging. */ -#define DEBUG 1 /* FIXME-oec */ +#define DEBUG 0 /** diff --git a/src/lib/exchange_api_refresh_common.c b/src/lib/exchange_api_refresh_common.c index 89ee1e17..30711d78 100644 --- a/src/lib/exchange_api_refresh_common.c +++ b/src/lib/exchange_api_refresh_common.c @@ -77,6 +77,8 @@ TALER_EXCHANGE_get_melt_data_ ( md->melted_coin.fee_melt = rd->melt_pk.fee_refresh; md->melted_coin.original_value = rd->melt_pk.value; md->melted_coin.expire_deposit = rd->melt_pk.expire_deposit; + md->melted_coin.age_commitment = rd->age_commitment; + GNUNET_assert (GNUNET_OK == TALER_amount_set_zero (rd->melt_amount.currency, &total)); @@ -141,14 +143,18 @@ TALER_EXCHANGE_get_melt_data_ ( rms, i, &md->transfer_priv[i]); + GNUNET_CRYPTO_ecdhe_key_get_public ( &md->transfer_priv[i].ecdhe_priv, &md->transfer_pub[i].ecdhe_pub); + TALER_link_derive_transfer_secret (&rd->melt_priv, &md->transfer_priv[i], &trans_sec); + md->rcd[i] = GNUNET_new_array (rd->fresh_pks_len, struct TALER_RefreshCoinData); + for (unsigned int j = 0; j<rd->fresh_pks_len; j++) { struct FreshCoinData *fcd = &md->fcds[j]; @@ -158,24 +164,57 @@ TALER_EXCHANGE_get_melt_data_ ( union TALER_DenominationBlindingKeyP *bks = &fcd->bks[i]; struct TALER_PlanchetDetail pd; struct TALER_CoinPubHash c_hash; + struct TALER_AgeCommitmentHash *ach = NULL; TALER_transfer_secret_to_planchet_secret (&trans_sec, j, ps); + TALER_planchet_setup_coin_priv (ps, &alg_values[j], coin_priv); + TALER_planchet_blinding_secret_create (ps, &alg_values[j], bks); + + /* Handle age commitment, if present */ + if (NULL != md->melted_coin.age_commitment) + { + struct TALER_AgeCommitment new_ac; + struct TALER_AgeCommitmentHash hac; + + /* We use the first 4 bytes of the trans_sec to generate a new age + * commitment */ + uint32_t age_seed = trans_sec.key.bits[0]; + + if (GNUNET_OK != + TALER_age_commitment_derive ( + md->melted_coin.age_commitment, + age_seed + j, + &new_ac)) + { + GNUNET_break_op (0); + TALER_EXCHANGE_free_melt_data_ (md); + return GNUNET_SYSERR; + } + + TALER_age_commitment_hash ( + &new_ac, + &hac); + + ach = &hac; + } + if (TALER_DENOMINATION_CS == alg_values[j].cipher) pd.blinded_planchet.details.cs_blinded_planchet.nonce = nonces[j]; + if (GNUNET_OK != TALER_planchet_prepare (&fcd->fresh_pk, &alg_values[j], bks, coin_priv, - NULL, /* FIXME-oec: This needs to be setup !*/ + ach, &c_hash, &pd)) { @@ -183,6 +222,7 @@ TALER_EXCHANGE_get_melt_data_ ( TALER_EXCHANGE_free_melt_data_ (md); return GNUNET_SYSERR; } + rcd->blinded_planchet = pd.blinded_planchet; rcd->dk = &fcd->fresh_pk; } diff --git a/src/lib/exchange_api_refresh_common.h b/src/lib/exchange_api_refresh_common.h index b6926b51..a3c3e2c0 100644 --- a/src/lib/exchange_api_refresh_common.h +++ b/src/lib/exchange_api_refresh_common.h @@ -53,10 +53,11 @@ struct MeltedCoin struct TALER_Amount original_value; /** - * The original age commitment hash. MUST be all zeroes, if no age + * The original age commitment and its hash. MUST be NULL if no age * commitment was set. */ - struct TALER_AgeCommitmentHash h_age_commitment; + struct TALER_AgeCommitment *age_commitment; + struct TALER_AgeCommitmentHash *h_age_commitment; /** * Timestamp indicating when coins of this denomination become invalid. diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c index 8d04c279..d5f2265c 100644 --- a/src/lib/exchange_api_refreshes_reveal.c +++ b/src/lib/exchange_api_refreshes_reveal.c @@ -142,7 +142,6 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshesRevealHandle *rrh, &rcis[i]; const struct FreshCoinData *fcd = &rrh->md.fcds[i]; const struct TALER_DenominationPublicKey *pk; - struct TALER_AgeCommitmentHash *ach = NULL; json_t *jsonai; struct TALER_BlindedDenominationSignature blind_sig; struct TALER_CoinSpendPublicKeyP coin_pub; @@ -157,14 +156,22 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshesRevealHandle *rrh, rci->ps = fcd->ps[rrh->noreveal_index]; rci->bks = fcd->bks[rrh->noreveal_index]; + rci->age_commitment = fcd->age_commitment[rrh->noreveal_index]; + rci->h_age_commitment = NULL; pk = &fcd->fresh_pk; jsonai = json_array_get (jsona, i); + GNUNET_assert (NULL != jsonai); + GNUNET_assert ( + (NULL != rrh->md.melted_coin.age_commitment) == + (NULL != rci->age_commitment)); - if (! TALER_AgeCommitmentHash_isNullOrZero ( - &rrh->md.melted_coin.h_age_commitment)) + if (NULL != rci->age_commitment) { - /* FIXME-oec: need to pull fresh_ach from somewhere */ + rci->h_age_commitment = GNUNET_new (struct TALER_AgeCommitmentHash); + TALER_age_commitment_hash ( + rci->age_commitment, + rci->h_age_commitment); } if (GNUNET_OK != @@ -188,14 +195,14 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshesRevealHandle *rrh, GNUNET_CRYPTO_eddsa_key_get_public (&rci->coin_priv.eddsa_priv, &coin_pub.eddsa_pub); TALER_coin_pub_hash (&coin_pub, - ach, + rci->h_age_commitment, &coin_hash); if (GNUNET_OK != TALER_planchet_to_coin (pk, &blind_sig, &bks, &rci->coin_priv, - ach, + rci->h_age_commitment, &coin_hash, &rrh->alg_values[i], &coin)) |