diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/taler_signatures.h | 11 | ||||
| -rw-r--r-- | src/mint/plugin_mintdb_postgres.c | 4 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd.h | 6 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_db.c | 26 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_db.h | 8 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_refresh.c | 78 | ||||
| -rw-r--r-- | src/mint/taler_mintdb_plugin.h | 15 | 
7 files changed, 69 insertions, 79 deletions
| diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index b8fe8a7b..3ad97a57 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -31,6 +31,17 @@  #include "taler_util.h"  /** + * Cut-and-choose size for refreshing.  Client looses the gamble (of + * unaccountable transfers) with probability 1/KAPPA.  Refresh cost + * increases linearly with KAPPA, and 3 is sufficient up to a + * income/sales tax of 66% of total transaction value.  As there is + * no good reason to change this security parameter, we declare it + * fixed and part of the protocol. + */ +#define KAPPA 3 + + +/**   * Purpose for signing public keys signed   * by the mint master key.   */ diff --git a/src/mint/plugin_mintdb_postgres.c b/src/mint/plugin_mintdb_postgres.c index 1c6851d8..5a1ff8c0 100644 --- a/src/mint/plugin_mintdb_postgres.c +++ b/src/mint/plugin_mintdb_postgres.c @@ -247,7 +247,7 @@ postgres_create_tables (void *cls,            // index of the old coin in the customer's request            ",oldcoin_index INT2 NOT NULL"            // index for cut and choose, -          // ranges from 0 to kappa-1 +          // ranges from 0 to #KAPPA-1            ",cnc_index INT2 NOT NULL"            ")");    SQLEXEC("CREATE TABLE IF NOT EXISTS refresh_commit_coin" @@ -1486,7 +1486,6 @@ postgres_get_refresh_session (void *cls,    struct TALER_DB_ResultSpec rs[] = {      TALER_DB_RESULT_SPEC("num_oldcoins", &refresh_session->num_oldcoins),      TALER_DB_RESULT_SPEC("num_newcoins", &refresh_session->num_newcoins), -    TALER_DB_RESULT_SPEC("kappa", &refresh_session->kappa),      TALER_DB_RESULT_SPEC("noreveal_index", &refresh_session->noreveal_index),      TALER_DB_RESULT_SPEC_END    }; @@ -1502,7 +1501,6 @@ postgres_get_refresh_session (void *cls,    refresh_session->num_oldcoins = ntohs (refresh_session->num_oldcoins);    refresh_session->num_newcoins = ntohs (refresh_session->num_newcoins); -  refresh_session->kappa = ntohs (refresh_session->kappa);    refresh_session->noreveal_index = ntohs (refresh_session->noreveal_index);    PQclear (result); diff --git a/src/mint/taler-mint-httpd.h b/src/mint/taler-mint-httpd.h index 36d150bb..50b74570 100644 --- a/src/mint/taler-mint-httpd.h +++ b/src/mint/taler-mint-httpd.h @@ -26,12 +26,6 @@  #include <microhttpd.h>  /** - * Cut-and-choose size for refreshing. - * FIXME: maybe make it a config option? - */ -#define KAPPA 3 - -/**   * For now, we just do EUR.  Should become configurable   * in the future!   */ diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c index c18936e1..17f44c9c 100644 --- a/src/mint/taler-mint-httpd_db.c +++ b/src/mint/taler-mint-httpd_db.c @@ -591,12 +591,13 @@ refresh_accept_melts (struct MHD_Connection *connection,   * @param coin_count number of entries in @a coin_public_infos and @a coin_melt_details, size of y-dimension of @commit_link array   * @param coin_public_infos information about the coins to melt   * @param coin_melt_details signatures and (residual) value of the respective coin should be melted - * @param kappa size of x-dimension of @commit_coin and @commit_link arrays   * @param commit_coin 2d array of coin commitments (what the mint is to sign - *                    once the "/refres/reveal" of cut and choose is done) + *                    once the "/refres/reveal" of cut and choose is done), + *                    x-dimension must be #KAPPA   * @param commit_link 2d array of coin link commitments (what the mint is   *                    to return via "/refresh/link" to enable linkage in the   *                    future) + *                    x-dimension must be #KAPPA   * @return MHD result code   */  int @@ -607,7 +608,6 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,                                      unsigned int coin_count,                                      const struct TALER_CoinPublicInfo *coin_public_infos,                                      const struct MeltDetails *coin_melt_details, -                                    unsigned int kappa,                                      struct RefreshCommitCoin *const* commit_coin,                                      struct RefreshCommitLink *const* commit_link)  { @@ -684,7 +684,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,      return TALER_MINT_reply_internal_db_error (connection);    } -  for (i = 0; i < kappa; i++) +  for (i = 0; i < KAPPA; i++)    {      if (GNUNET_OK !=          plugin->insert_refresh_commit_coins (plugin->cls, @@ -699,7 +699,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,        return TALER_MINT_reply_internal_db_error (connection);      }    } -  for (i = 0; i < kappa; i++) +  for (i = 0; i < KAPPA; i++)    {      if (GNUNET_OK !=          plugin->insert_refresh_commit_links (plugin->cls, @@ -719,10 +719,9 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,    /* store 'global' session data */    refresh_session.num_oldcoins = coin_count;    refresh_session.num_newcoins = num_new_denoms; -  refresh_session.kappa = KAPPA; // FIXME... (#3711)    refresh_session.noreveal_index      = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_STRONG, -                                refresh_session.kappa); +                                KAPPA);    if (GNUNET_OK !=        (res = plugin->create_refresh_session (plugin->cls,                                               session, @@ -753,7 +752,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,   * Check if the given @a transfer_privs correspond to an honest   * commitment for the given session.   * Checks that the transfer private keys match their commitments. - * Then derives the shared secret for each kappa, and check that they match. + * Then derives the shared secret for each #KAPPA, and check that they match.   *   * @param connection the MHD connection to handle   * @param session database connection to use @@ -946,7 +945,7 @@ check_commitment (struct MHD_Connection *connection,                         buf_len)) )      {        GNUNET_log (GNUNET_ERROR_TYPE_ERROR, -                  "blind envelope does not match for kappa=%u, old=%d\n", +                  "blind envelope does not match for k=%u, old=%d\n",                    off,                    (int) j);        /* FIXME: return more specific error with original signature (#3712) */ @@ -1025,22 +1024,21 @@ refresh_mint_coin (struct MHD_Connection *connection,  /**   * Execute a "/refresh/reveal".  The client is revealing to us the - * transfer keys for @a kappa-1 sets of coins.  Verify that the + * transfer keys for @a #KAPPA-1 sets of coins.  Verify that the   * revealed transfer keys would allow linkage to the blinded coins,   * and if so, return the signed coins for corresponding to the set of   * coins that was not chosen.   *   * @param connection the MHD connection to handle   * @param session_hash hash identifying the refresh session - * @param kappa size of x-dimension of @transfer_privs array plus one (!)   * @param num_oldcoins size of y-dimension of @transfer_privs array - * @param transfer_pubs array with the revealed transfer keys + * @param transfer_pubs array with the revealed transfer keys, + *                      x-dimension must be #KAPPA - 1   * @return MHD result code   */  int  TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,                                        const struct GNUNET_HashCode *session_hash, -                                      unsigned int kappa,                                        unsigned int num_oldcoins,                                        struct TALER_TransferPrivateKey **transfer_privs)  { @@ -1112,7 +1110,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,    off = 0; -  for (i=0;i<refresh_session.kappa - 1;i++) +  for (i=0;i<KAPPA - 1;i++)    {      if (i == refresh_session.noreveal_index)        off = 1; diff --git a/src/mint/taler-mint-httpd_db.h b/src/mint/taler-mint-httpd_db.h index ed96bbd4..b2061850 100644 --- a/src/mint/taler-mint-httpd_db.h +++ b/src/mint/taler-mint-httpd_db.h @@ -113,7 +113,6 @@ struct MeltDetails   * @param coin_count number of entries in @a coin_public_infos and @ a coin_melt_details, size of y-dimension of @commit_link array   * @param coin_public_infos information about the coins to melt   * @param coin_melt_details signatures and (residual) value of the respective coin should be melted - * @param kappa size of x-dimension of @commit_coin and @commit_link arrays   * @param commit_coin 2d array of coin commitments (what the mint is to sign   *                    once the "/refres/reveal" of cut and choose is done)   * @param commit_link 2d array of coin link commitments (what the mint is @@ -129,29 +128,26 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,                                      unsigned int coin_count,                                      const struct TALER_CoinPublicInfo *coin_public_infos,                                      const struct MeltDetails *coin_melt_details, -                                    unsigned int kappa,                                      struct RefreshCommitCoin *const* commit_coin,                                      struct RefreshCommitLink *const* commit_link);  /**   * Execute a "/refresh/reveal".  The client is revealing to us the - * transfer keys for @a kappa-1 sets of coins.  Verify that the + * transfer keys for #KAPPA-1 sets of coins.  Verify that the   * revealed transfer keys would allow linkage to the blinded coins,   * and if so, return the signed coins for corresponding to the set of   * coins that was not chosen.   *   * @param connection the MHD connection to handle   * @param session_hash hash over the refresh session - * @param kappa size of x-dimension of @transfer_privs array plus one (!)   * @param num_oldcoins size of y-dimension of @transfer_privs array - * @param transfer_pubs array with the revealed transfer keys + * @param transfer_pubs array with the revealed transfer keys, #KAPPA is 1st-dimension   * @return MHD result code   */  int  TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,                                        const struct GNUNET_HashCode *session_hash, -                                      unsigned int kappa,                                        unsigned int num_oldcoins,                                        struct TALER_TransferPrivateKey **transfer_privs); diff --git a/src/mint/taler-mint-httpd_refresh.c b/src/mint/taler-mint-httpd_refresh.c index 6575f02c..5fc8fd5b 100644 --- a/src/mint/taler-mint-httpd_refresh.c +++ b/src/mint/taler-mint-httpd_refresh.c @@ -47,7 +47,6 @@   * @param coin_melt_details array with @a coin_count entries with melting details   * @param session_hash hash over the data that the client commits to   * @param commit_client_sig signature of the client over this commitment - * @param kappa size of x-dimension of @commit_coin and @commit_link arrays   * @param commit_coin 2d array of coin commitments (what the mint is to sign   *                    once the "/refres/reveal" of cut and choose is done)   * @param commit_link 2d array of coin link commitments (what the mint is @@ -63,7 +62,6 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,                              struct TALER_CoinPublicInfo *coin_public_infos,                              const struct MeltDetails *coin_melt_details,                              const struct GNUNET_HashCode *session_hash, -                            unsigned int kappa,                              struct RefreshCommitCoin *const* commit_coin,                              struct RefreshCommitLink *const* commit_link) @@ -155,7 +153,6 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,                                               coin_count,                                               coin_public_infos,                                               coin_melt_details, -                                             kappa,                                               commit_coin,                                               commit_link);  } @@ -359,13 +356,12 @@ free_commit_links (struct RefreshCommitLink **commit_link,   * @param melt_coins array of coins to melt   * @param melt_sig_json signature affirming the melt operation   * @param commit_signature signature over the commit - * @param kappa security parameter for cut and choose   * @param num_oldcoins number of coins that are being melted - * @param transfer_pubs @a kappa-dimensional array of @a num_oldcoins transfer keys - * @param secret_encs @a kappa-dimensional array of @a num_oldcoins secrets + * @param transfer_pubs #KAPPA-dimensional array of @a num_oldcoins transfer keys + * @param secret_encs #KAPPA-dimensional array of @a num_oldcoins secrets   * @param num_newcoins number of coins that the refresh will generate - * @param coin_envs @a kappa-dimensional array of @a num_newcoins envelopes to sign - * @param link_encs @a kappa-dimensional array of @a num_newcoins encrypted links + * @param coin_envs #KAPPA-dimensional array of @a num_newcoins envelopes to sign + * @param link_encs #KAPPA-dimensional array of @a num_newcoins encrypted links   * @return MHD result code   */  static int @@ -374,7 +370,6 @@ handle_refresh_melt_json (struct MHD_Connection *connection,                            const json_t *melt_coins,                            const json_t *melt_sig_json,                            const json_t *commit_signature, -                          unsigned int kappa,                            unsigned int num_oldcoins,                            const json_t *transfer_pubs,                            const json_t *secret_encs, @@ -393,8 +388,8 @@ handle_refresh_melt_json (struct MHD_Connection *connection,    unsigned int coin_count;    struct GNUNET_HashCode session_hash;    struct GNUNET_HashContext *hash_context; -  struct RefreshCommitCoin *commit_coin[kappa]; -  struct RefreshCommitLink *commit_link[kappa]; +  struct RefreshCommitCoin *commit_coin[KAPPA]; +  struct RefreshCommitLink *commit_link[KAPPA];    /* For the signature check, we hash most of the inputs together       (except for the signatures on the coins). */ @@ -494,7 +489,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection,       together for the signature check */    memset (commit_coin, 0, sizeof (commit_coin));    memset (commit_link, 0, sizeof (commit_link)); -  for (i = 0; i < kappa; i++) +  for (i = 0; i < KAPPA; i++)    {      commit_coin[i] = GNUNET_malloc (num_newcoins *                                      sizeof (struct RefreshCommitCoin)); @@ -515,7 +510,9 @@ handle_refresh_melt_json (struct MHD_Connection *connection,        if (GNUNET_OK != res)        {          GNUNET_CRYPTO_hash_context_abort (hash_context); -        free_commit_coins (commit_coin, kappa, num_newcoins); +        free_commit_coins (commit_coin, +                           KAPPA, +                           num_newcoins);          return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;        }        GNUNET_CRYPTO_hash_context_read (hash_context, @@ -531,7 +528,9 @@ handle_refresh_melt_json (struct MHD_Connection *connection,        if (GNUNET_OK != res)        {          GNUNET_CRYPTO_hash_context_abort (hash_context); -        free_commit_coins (commit_coin, kappa, num_newcoins); +        free_commit_coins (commit_coin, +                           KAPPA, +                           num_newcoins);          return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;        }        rcc->refresh_link @@ -543,7 +542,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection,      }    } -  for (i = 0; i < kappa; i++) +  for (i = 0; i < KAPPA; i++)    {      commit_link[i] = GNUNET_malloc (num_oldcoins *                                      sizeof (struct RefreshCommitLink)); @@ -563,8 +562,12 @@ handle_refresh_melt_json (struct MHD_Connection *connection,        {          GNUNET_break (GNUNET_SYSERR != res);          GNUNET_CRYPTO_hash_context_abort (hash_context); -        free_commit_coins (commit_coin, kappa, num_newcoins); -        free_commit_links (commit_link, kappa, num_oldcoins); +        free_commit_coins (commit_coin, +                           KAPPA, +                           num_newcoins); +        free_commit_links (commit_link, +                           KAPPA, +                           num_oldcoins);          return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;        }        res = GNUNET_MINT_parse_navigate_json (connection, @@ -579,8 +582,12 @@ handle_refresh_melt_json (struct MHD_Connection *connection,        {          GNUNET_break (GNUNET_SYSERR != res);          GNUNET_CRYPTO_hash_context_abort (hash_context); -        free_commit_coins (commit_coin, kappa, num_newcoins); -        free_commit_links (commit_link, kappa, num_oldcoins); +        free_commit_coins (commit_coin, +                           KAPPA, +                           num_newcoins); +        free_commit_links (commit_link, +                           KAPPA, +                           num_oldcoins);          return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;        } @@ -615,12 +622,15 @@ handle_refresh_melt_json (struct MHD_Connection *connection,                                      coin_public_infos,                                      coin_melt_details,                                      &session_hash, -                                    kappa,                                      commit_coin,                                      commit_link);   cleanup: -  free_commit_coins (commit_coin, kappa, num_newcoins); -  free_commit_links (commit_link, kappa, num_oldcoins); +  free_commit_coins (commit_coin, +                     KAPPA, +                     num_newcoins); +  free_commit_links (commit_link, +                     KAPPA, +                     num_oldcoins);    for (j=0;j<coin_count;j++)    {      GNUNET_CRYPTO_rsa_public_key_free (coin_public_infos[j].denom_pub.rsa_public_key); @@ -664,7 +674,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,    json_t *transfer_pubs;    json_t *secret_encs;    json_t *commit_sig_json; -  unsigned int kappa;    unsigned int num_oldcoins;    unsigned int num_newcoins;    json_t *coin_detail; @@ -699,15 +708,14 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,      return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;    /* Determine dimensionality of the request (kappa, #old and #new coins) */ -  kappa = json_array_size (coin_evs); -  if ( (3 > kappa) || (kappa > 32) ) +  if (KAPPA != json_array_size (coin_evs))    {      GNUNET_break_op (0);      TALER_MINT_release_parsed_data (spec);      return TALER_MINT_reply_arg_invalid (connection,                                           "coin_evs");    } -  if (json_array_size (transfer_pubs) != kappa) +  if (KAPPA != json_array_size (transfer_pubs))    {      GNUNET_break_op (0);      TALER_MINT_release_parsed_data (spec); @@ -741,7 +749,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,                                    melt_coins,                                    melt_sig_json,                                    commit_sig_json, -                                  kappa,                                    num_oldcoins,                                    transfer_pubs,                                    secret_encs, @@ -763,7 +770,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,   *   * @param connection the MHD connection to handle   * @param session_hash hash identifying the melting session - * @param kappa length of the 1st dimension of @a transfer_privs array PLUS ONE   * @param num_oldcoins length of the 2nd dimension of @a transfer_privs array   * @param tp_json private transfer keys in JSON format   * @return MHD result code @@ -771,20 +777,19 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,  static int  handle_refresh_reveal_json (struct MHD_Connection *connection,                              const struct GNUNET_HashCode *session_hash, -                            unsigned int kappa,                              unsigned int num_oldcoins,                              const json_t *tp_json)  { -  struct TALER_TransferPrivateKey *transfer_privs[kappa - 1]; +  struct TALER_TransferPrivateKey *transfer_privs[KAPPA - 1];    unsigned int i;    unsigned int j;    int res; -  for (i = 0; i < kappa - 1; i++) +  for (i = 0; i < KAPPA - 1; i++)      transfer_privs[i] = GNUNET_malloc (num_oldcoins *                                         sizeof (struct TALER_TransferPrivateKey));    res = GNUNET_OK; -  for (i = 0; i < kappa - 1; i++) +  for (i = 0; i < KAPPA - 1; i++)    {      if (GNUNET_OK != res)        break; @@ -806,10 +811,9 @@ handle_refresh_reveal_json (struct MHD_Connection *connection,    else      res = TALER_MINT_db_execute_refresh_reveal (connection,                                                  session_hash, -                                                kappa,                                                  num_oldcoins,                                                  transfer_privs); -  for (i = 0; i < kappa - 1; i++) +  for (i = 0; i < KAPPA - 1; i++)      GNUNET_free (transfer_privs[i]);    return res;  } @@ -840,7 +844,6 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh,  {    struct GNUNET_HashCode session_hash;    int res; -  unsigned int kappa;    unsigned int num_oldcoins;    json_t *reveal_detail;    json_t *root; @@ -869,15 +872,13 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh,      return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;    /* Determine dimensionality of the request (kappa and #old coins) */ -  kappa = json_array_size (transfer_privs) + 1; -  if ( (2 > kappa) || (kappa > 31) ) +  if (KAPPA != json_array_size (transfer_privs) + 1)    {      TALER_MINT_release_parsed_data (spec);      return TALER_MINT_reply_arg_invalid (connection,                                           "transfer_privs");    }    /* Note we do +1 as 1 row (cut-and-choose!) is missing! */ -  kappa++;    res = GNUNET_MINT_parse_navigate_json (connection,                                           transfer_privs,                                           JNAV_INDEX, 0, @@ -892,7 +893,6 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh,    num_oldcoins = json_array_size (reveal_detail);    res = handle_refresh_reveal_json (connection,                                      &session_hash, -                                    kappa,                                      num_oldcoins,                                      transfer_privs);    TALER_MINT_release_parsed_data (spec); diff --git a/src/mint/taler_mintdb_plugin.h b/src/mint/taler_mintdb_plugin.h index d461413f..08a73479 100644 --- a/src/mint/taler_mintdb_plugin.h +++ b/src/mint/taler_mintdb_plugin.h @@ -247,14 +247,7 @@ struct RefreshSession    uint16_t num_newcoins;    /** -   * Number of parallel operations we perform for the cut and choose. -   * (must be greater or equal to three for security).  0 if not yet -   * known. -   */ -  uint16_t kappa; - -  /** -   * Index (smaller @e kappa) which the mint has chosen to not +   * Index (smaller #KAPPA) which the mint has chosen to not     * have revealed during cut and choose.     */    uint16_t noreveal_index; @@ -297,7 +290,7 @@ struct RefreshMelt  /**   * We have as many `struct RefreshCommitCoin` as there are new - * coins being created by the refresh (for each of the kappa + * coins being created by the refresh (for each of the #KAPPA   * sets).  These are the coins we ask the mint to sign if the   * respective set is selected.   */ @@ -816,7 +809,7 @@ struct TALER_MINTDB_Plugin     * @param cls the @e cls of this struct with the plugin-specific state     * @param sesssion database connection to use     * @param session_hash hash to identify refresh session -   * @param i set index (1st dimension), relating to kappa +   * @param i set index (1st dimension), relating to #KAPPA     * @param num_newcoins coin index size of the @a commit_coins array     * @param commit_coin array of coin commitments to store     * @return #GNUNET_OK on success @@ -861,7 +854,7 @@ struct TALER_MINTDB_Plugin     * @param cls the @e cls of this struct with the plugin-specific state     * @param sesssion database connection to use     * @param session_hash hash to identify refresh session -   * @param i set index (1st dimension), relating to kappa +   * @param i set index (1st dimension), relating to #KAPPA     * @param num_links size of the @a commit_link array     * @param commit_links array of link information to store     * @return #GNUNET_SYSERR on internal error, #GNUNET_OK on success | 
