2015-01-27 16:18:33 +01:00
|
|
|
/*
|
|
|
|
This file is part of TALER
|
2016-01-19 14:39:00 +01:00
|
|
|
Copyright (C) 2014, 2015 GNUnet e.V.
|
2015-01-27 16:18:33 +01:00
|
|
|
|
|
|
|
TALER is free software; you can redistribute it and/or modify it under the
|
|
|
|
terms of the GNU General Public License as published by the Free Software
|
|
|
|
Foundation; either version 3, or (at your option) any later version.
|
|
|
|
|
|
|
|
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
|
|
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License along with
|
|
|
|
TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/>
|
|
|
|
*/
|
|
|
|
/**
|
2015-01-28 20:53:21 +01:00
|
|
|
* @file util/crypto.c
|
2015-01-27 16:18:33 +01:00
|
|
|
* @brief Cryptographic utility functions
|
|
|
|
* @author Sree Harsha Totakura <sreeharsha@totakura.in>
|
|
|
|
* @author Florian Dold
|
|
|
|
* @author Benedikt Mueller
|
2015-01-28 20:53:21 +01:00
|
|
|
* @author Christian Grothoff
|
2015-01-27 16:18:33 +01:00
|
|
|
*/
|
|
|
|
#include "platform.h"
|
2015-06-02 12:52:05 +02:00
|
|
|
|
|
|
|
#if HAVE_GNUNET_GNUNET_UTIL_TALER_WALLET_LIB_H
|
2015-07-15 11:40:51 +02:00
|
|
|
#include "taler_util_wallet.h"
|
2015-06-02 12:52:05 +02:00
|
|
|
#endif
|
|
|
|
#if HAVE_GNUNET_GNUNET_UTIL_LIB_H
|
2015-07-15 11:40:51 +02:00
|
|
|
#include "taler_util.h"
|
2015-06-02 12:52:05 +02:00
|
|
|
#endif
|
2015-01-27 16:18:33 +01:00
|
|
|
#include <gcrypt.h>
|
|
|
|
|
|
|
|
|
2015-01-27 22:01:08 +01:00
|
|
|
/**
|
|
|
|
* Function called by libgcrypt on serious errors.
|
|
|
|
* Prints an error message and aborts the process.
|
|
|
|
*
|
|
|
|
* @param cls NULL
|
|
|
|
* @param wtf unknown
|
|
|
|
* @param msg error message
|
|
|
|
*/
|
2015-01-27 16:18:33 +01:00
|
|
|
static void
|
2015-01-27 22:01:08 +01:00
|
|
|
fatal_error_handler (void *cls,
|
|
|
|
int wtf,
|
|
|
|
const char *msg)
|
2015-01-27 16:18:33 +01:00
|
|
|
{
|
2015-05-18 18:52:52 +02:00
|
|
|
fprintf (stderr,
|
|
|
|
"Fatal error in libgcrypt: %s\n",
|
|
|
|
msg);
|
2015-01-27 16:18:33 +01:00
|
|
|
abort();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2015-01-27 22:01:08 +01:00
|
|
|
* Initialize libgcrypt.
|
2015-01-27 16:18:33 +01:00
|
|
|
*/
|
2015-05-17 16:46:16 +02:00
|
|
|
void __attribute__ ((constructor))
|
2015-01-27 22:01:08 +01:00
|
|
|
TALER_gcrypt_init ()
|
2015-01-27 16:18:33 +01:00
|
|
|
{
|
2015-03-22 22:14:30 +01:00
|
|
|
gcry_set_fatalerror_handler (&fatal_error_handler,
|
|
|
|
NULL);
|
2015-05-18 18:52:52 +02:00
|
|
|
if (! gcry_check_version (NEED_LIBGCRYPT_VERSION))
|
|
|
|
{
|
|
|
|
fprintf (stderr,
|
|
|
|
"libgcrypt version mismatch\n");
|
|
|
|
abort ();
|
|
|
|
}
|
2015-01-27 16:18:33 +01:00
|
|
|
/* Disable secure memory. */
|
|
|
|
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
|
|
|
|
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Derive symmetric key material for refresh operations from
|
2015-01-27 22:01:08 +01:00
|
|
|
* a given shared secret for link decryption.
|
2015-01-27 16:18:33 +01:00
|
|
|
*
|
|
|
|
* @param secret the shared secret
|
|
|
|
* @param[out] iv set to initialization vector
|
|
|
|
* @param[out] skey set to session key
|
|
|
|
*/
|
|
|
|
static void
|
2015-03-27 19:58:40 +01:00
|
|
|
derive_refresh_key (const struct TALER_LinkSecretP *secret,
|
2015-01-27 16:18:33 +01:00
|
|
|
struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
|
|
|
|
struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
|
|
|
|
{
|
2015-01-27 22:01:08 +01:00
|
|
|
static const char ctx_key[] = "taler-link-skey";
|
|
|
|
static const char ctx_iv[] = "taler-link-iv";
|
|
|
|
|
|
|
|
GNUNET_assert (GNUNET_YES ==
|
|
|
|
GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
|
|
|
|
ctx_key, strlen (ctx_key),
|
2015-03-27 19:58:40 +01:00
|
|
|
secret, sizeof (struct TALER_LinkSecretP),
|
2015-01-27 22:01:08 +01:00
|
|
|
NULL, 0));
|
|
|
|
GNUNET_assert (GNUNET_YES ==
|
|
|
|
GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
|
|
|
|
ctx_iv, strlen (ctx_iv),
|
2015-03-27 19:58:40 +01:00
|
|
|
secret, sizeof (struct TALER_LinkSecretP),
|
2015-01-27 22:01:08 +01:00
|
|
|
NULL, 0));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Derive symmetric key material for refresh operations from
|
|
|
|
* a given shared secret for key decryption.
|
|
|
|
*
|
|
|
|
* @param secret the shared secret
|
|
|
|
* @param[out] iv set to initialization vector
|
|
|
|
* @param[out] skey set to session key
|
|
|
|
*/
|
|
|
|
static void
|
2015-03-27 19:58:40 +01:00
|
|
|
derive_transfer_key (const struct TALER_TransferSecretP *secret,
|
2015-01-27 22:01:08 +01:00
|
|
|
struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
|
|
|
|
struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
|
|
|
|
{
|
|
|
|
static const char ctx_key[] = "taler-transfer-skey";
|
|
|
|
static const char ctx_iv[] = "taler-transfer-iv";
|
2015-01-27 16:18:33 +01:00
|
|
|
|
|
|
|
GNUNET_assert (GNUNET_YES ==
|
|
|
|
GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
|
|
|
|
ctx_key, strlen (ctx_key),
|
2015-03-27 19:58:40 +01:00
|
|
|
secret, sizeof (struct TALER_TransferSecretP),
|
2015-01-27 16:18:33 +01:00
|
|
|
NULL, 0));
|
|
|
|
GNUNET_assert (GNUNET_YES ==
|
|
|
|
GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
|
|
|
|
ctx_iv, strlen (ctx_iv),
|
2015-03-27 19:58:40 +01:00
|
|
|
secret, sizeof (struct TALER_TransferSecretP),
|
2015-01-27 16:18:33 +01:00
|
|
|
NULL, 0));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-27 18:49:02 +01:00
|
|
|
/**
|
|
|
|
* Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc
|
|
|
|
* to obtain the @a secret to decrypt the linkage data.
|
|
|
|
*
|
2015-01-27 22:01:08 +01:00
|
|
|
* @param secret_enc encrypted secret
|
2015-01-27 22:05:31 +01:00
|
|
|
* @param trans_sec transfer secret
|
2015-01-27 18:49:02 +01:00
|
|
|
* @param secret shared secret for refresh link decryption
|
|
|
|
* @return #GNUNET_OK on success
|
|
|
|
*/
|
|
|
|
int
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecretP *secret_enc,
|
|
|
|
const struct TALER_TransferSecretP *trans_sec,
|
|
|
|
struct TALER_LinkSecretP *secret)
|
2015-01-27 18:49:02 +01:00
|
|
|
{
|
|
|
|
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
|
|
|
|
struct GNUNET_CRYPTO_SymmetricSessionKey skey;
|
2015-04-13 18:57:37 +02:00
|
|
|
ssize_t s;
|
2015-01-27 18:49:02 +01:00
|
|
|
|
2015-03-27 19:58:40 +01:00
|
|
|
GNUNET_assert (sizeof (struct TALER_EncryptedLinkSecretP) ==
|
|
|
|
sizeof (struct TALER_LinkSecretP));
|
2015-01-27 22:01:08 +01:00
|
|
|
derive_transfer_key (trans_sec, &iv, &skey);
|
2015-04-13 18:57:37 +02:00
|
|
|
s = GNUNET_CRYPTO_symmetric_decrypt (secret_enc,
|
|
|
|
sizeof (struct TALER_LinkSecretP),
|
|
|
|
&skey,
|
|
|
|
&iv,
|
|
|
|
secret);
|
|
|
|
if (sizeof (struct TALER_LinkSecretP) != s)
|
|
|
|
return GNUNET_SYSERR;
|
|
|
|
return GNUNET_OK;
|
2015-01-27 18:49:02 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-08-08 19:52:05 +02:00
|
|
|
/**
|
|
|
|
* Given the coin and the transfer private keys, compute the
|
|
|
|
* transfer secret. (Technically, we only need one of the two
|
|
|
|
* private keys, but the caller currently trivially only has
|
|
|
|
* the two private keys, so we derive one of the public keys
|
|
|
|
* internally to this function.)
|
|
|
|
*
|
|
|
|
* @param coin_priv coin key
|
|
|
|
* @param trans_priv transfer private key
|
2015-08-09 15:40:16 +02:00
|
|
|
* @param[out] ts computed transfer secret
|
2015-08-08 19:52:05 +02:00
|
|
|
*/
|
|
|
|
void
|
|
|
|
TALER_link_derive_transfer_secret (const struct TALER_CoinSpendPrivateKeyP *coin_priv,
|
|
|
|
const struct TALER_TransferPrivateKeyP *trans_priv,
|
|
|
|
struct TALER_TransferSecretP *ts)
|
|
|
|
{
|
|
|
|
struct TALER_CoinSpendPublicKeyP coin_pub;
|
|
|
|
|
|
|
|
GNUNET_CRYPTO_eddsa_key_get_public (&coin_priv->eddsa_priv,
|
|
|
|
&coin_pub.eddsa_pub);
|
|
|
|
GNUNET_assert (GNUNET_OK ==
|
|
|
|
GNUNET_CRYPTO_ecdh_eddsa (&trans_priv->ecdhe_priv,
|
|
|
|
&coin_pub.eddsa_pub,
|
|
|
|
&ts->key));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-27 22:01:08 +01:00
|
|
|
/**
|
|
|
|
* Use the @a trans_sec (from ECDHE) to encrypt the @a secret
|
|
|
|
* to obtain the @a secret_enc.
|
|
|
|
*
|
|
|
|
* @param secret shared secret for refresh link decryption
|
2015-01-27 22:05:31 +01:00
|
|
|
* @param trans_sec transfer secret
|
2015-03-28 15:42:07 +01:00
|
|
|
* @param[out] secret_enc encrypted secret
|
2015-01-27 22:01:08 +01:00
|
|
|
* @return #GNUNET_OK on success
|
|
|
|
*/
|
|
|
|
int
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_transfer_encrypt (const struct TALER_LinkSecretP *secret,
|
|
|
|
const struct TALER_TransferSecretP *trans_sec,
|
|
|
|
struct TALER_EncryptedLinkSecretP *secret_enc)
|
2015-01-27 22:01:08 +01:00
|
|
|
{
|
|
|
|
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
|
|
|
|
struct GNUNET_CRYPTO_SymmetricSessionKey skey;
|
2015-04-13 18:57:37 +02:00
|
|
|
ssize_t s;
|
2015-01-27 22:01:08 +01:00
|
|
|
|
2015-03-27 19:58:40 +01:00
|
|
|
GNUNET_assert (sizeof (struct TALER_EncryptedLinkSecretP) ==
|
|
|
|
sizeof (struct TALER_LinkSecretP));
|
2015-01-27 22:01:08 +01:00
|
|
|
derive_transfer_key (trans_sec, &iv, &skey);
|
2015-04-13 18:57:37 +02:00
|
|
|
s = GNUNET_CRYPTO_symmetric_encrypt (secret,
|
|
|
|
sizeof (struct TALER_LinkSecretP),
|
|
|
|
&skey,
|
|
|
|
&iv,
|
|
|
|
secret_enc);
|
|
|
|
if (sizeof (struct TALER_LinkSecretP) != s)
|
|
|
|
return GNUNET_SYSERR;
|
|
|
|
return GNUNET_OK;
|
2015-01-27 22:01:08 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-27 16:31:18 +01:00
|
|
|
/**
|
|
|
|
* Decrypt refresh link information.
|
|
|
|
*
|
|
|
|
* @param input encrypted refresh link data
|
|
|
|
* @param secret shared secret to use for decryption
|
|
|
|
* @return NULL on error
|
|
|
|
*/
|
2015-04-13 18:42:39 +02:00
|
|
|
struct TALER_RefreshLinkDecrypted *
|
2015-01-27 16:31:18 +01:00
|
|
|
TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input,
|
2015-03-27 19:58:40 +01:00
|
|
|
const struct TALER_LinkSecretP *secret)
|
2015-01-27 16:18:33 +01:00
|
|
|
{
|
2015-04-13 18:42:39 +02:00
|
|
|
struct TALER_RefreshLinkDecrypted *ret;
|
2015-01-27 16:18:33 +01:00
|
|
|
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
|
|
|
|
struct GNUNET_CRYPTO_SymmetricSessionKey skey;
|
2015-01-27 16:31:18 +01:00
|
|
|
size_t buf_size = input->blinding_key_enc_size
|
|
|
|
+ sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
|
|
|
|
char buf[buf_size];
|
2015-01-27 16:18:33 +01:00
|
|
|
|
2015-01-27 16:31:18 +01:00
|
|
|
GNUNET_assert (input->blinding_key_enc == (const char *) &input[1]);
|
2015-01-27 16:18:33 +01:00
|
|
|
derive_refresh_key (secret, &iv, &skey);
|
2015-04-13 18:57:37 +02:00
|
|
|
if (buf_size !=
|
2015-01-27 16:31:18 +01:00
|
|
|
GNUNET_CRYPTO_symmetric_decrypt (input->coin_priv_enc,
|
|
|
|
buf_size,
|
|
|
|
&skey,
|
|
|
|
&iv,
|
|
|
|
buf))
|
|
|
|
return NULL;
|
2015-04-13 18:42:39 +02:00
|
|
|
ret = GNUNET_new (struct TALER_RefreshLinkDecrypted);
|
2015-01-27 16:31:18 +01:00
|
|
|
memcpy (&ret->coin_priv,
|
|
|
|
buf,
|
2015-05-16 14:15:34 +02:00
|
|
|
sizeof (struct TALER_CoinSpendPrivateKeyP));
|
2015-03-22 22:14:30 +01:00
|
|
|
ret->blinding_key.rsa_blinding_key
|
2015-01-27 16:31:18 +01:00
|
|
|
= GNUNET_CRYPTO_rsa_blinding_key_decode (&buf[sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)],
|
|
|
|
input->blinding_key_enc_size);
|
2015-03-22 22:14:30 +01:00
|
|
|
if (NULL == ret->blinding_key.rsa_blinding_key)
|
2015-01-27 16:31:18 +01:00
|
|
|
{
|
|
|
|
GNUNET_free (ret);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return ret;
|
2015-01-27 16:18:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-27 16:31:18 +01:00
|
|
|
/**
|
|
|
|
* Encrypt refresh link information.
|
|
|
|
*
|
|
|
|
* @param input plaintext refresh link data
|
|
|
|
* @param secret shared secret to use for encryption
|
|
|
|
* @return NULL on error (should never happen)
|
|
|
|
*/
|
|
|
|
struct TALER_RefreshLinkEncrypted *
|
2015-04-13 18:42:39 +02:00
|
|
|
TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input,
|
2015-03-27 19:58:40 +01:00
|
|
|
const struct TALER_LinkSecretP *secret)
|
2015-01-27 16:18:33 +01:00
|
|
|
{
|
2015-01-27 16:31:18 +01:00
|
|
|
char *b_buf;
|
|
|
|
size_t b_buf_size;
|
2015-01-27 16:18:33 +01:00
|
|
|
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
|
|
|
|
struct GNUNET_CRYPTO_SymmetricSessionKey skey;
|
2015-01-27 16:31:18 +01:00
|
|
|
struct TALER_RefreshLinkEncrypted *ret;
|
2015-01-27 16:18:33 +01:00
|
|
|
|
|
|
|
derive_refresh_key (secret, &iv, &skey);
|
2015-03-22 22:14:30 +01:00
|
|
|
b_buf_size = GNUNET_CRYPTO_rsa_blinding_key_encode (input->blinding_key.rsa_blinding_key,
|
2015-01-27 16:31:18 +01:00
|
|
|
&b_buf);
|
|
|
|
ret = GNUNET_malloc (sizeof (struct TALER_RefreshLinkEncrypted) +
|
|
|
|
b_buf_size);
|
|
|
|
ret->blinding_key_enc = (const char *) &ret[1];
|
|
|
|
ret->blinding_key_enc_size = b_buf_size;
|
|
|
|
{
|
|
|
|
size_t buf_size = b_buf_size + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
|
|
|
|
char buf[buf_size];
|
|
|
|
|
|
|
|
memcpy (buf,
|
|
|
|
&input->coin_priv,
|
|
|
|
sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
|
|
|
|
memcpy (&buf[sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)],
|
|
|
|
b_buf,
|
|
|
|
b_buf_size);
|
|
|
|
|
2015-04-13 18:57:37 +02:00
|
|
|
if (buf_size !=
|
2015-01-27 16:31:18 +01:00
|
|
|
GNUNET_CRYPTO_symmetric_encrypt (buf,
|
|
|
|
buf_size,
|
|
|
|
&skey,
|
|
|
|
&iv,
|
|
|
|
ret->coin_priv_enc))
|
|
|
|
{
|
|
|
|
GNUNET_free (ret);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return ret;
|
2015-01-27 16:18:33 +01:00
|
|
|
}
|
|
|
|
|
2015-01-29 17:34:37 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Decode encrypted refresh link information from buffer.
|
|
|
|
*
|
|
|
|
* @param buf buffer with refresh link data
|
|
|
|
* @param buf_len number of bytes in @a buf
|
|
|
|
* @return NULL on error (@a buf_len too small)
|
|
|
|
*/
|
|
|
|
struct TALER_RefreshLinkEncrypted *
|
|
|
|
TALER_refresh_link_encrypted_decode (const char *buf,
|
|
|
|
size_t buf_len)
|
|
|
|
{
|
|
|
|
struct TALER_RefreshLinkEncrypted *rle;
|
|
|
|
|
2015-05-16 14:15:34 +02:00
|
|
|
if (buf_len < sizeof (struct TALER_CoinSpendPrivateKeyP))
|
2015-01-29 17:34:37 +01:00
|
|
|
return NULL;
|
2015-04-18 13:08:19 +02:00
|
|
|
if (buf_len >= GNUNET_MAX_MALLOC_CHECKED)
|
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
|
|
|
return NULL;
|
|
|
|
}
|
2015-01-29 17:34:37 +01:00
|
|
|
rle = GNUNET_malloc (sizeof (struct TALER_RefreshLinkEncrypted) +
|
2015-05-16 14:15:34 +02:00
|
|
|
buf_len - sizeof (struct TALER_CoinSpendPrivateKeyP));
|
2015-01-29 17:34:37 +01:00
|
|
|
rle->blinding_key_enc = (const char *) &rle[1];
|
2015-05-16 14:15:34 +02:00
|
|
|
rle->blinding_key_enc_size = buf_len - sizeof (struct TALER_CoinSpendPrivateKeyP);
|
2015-01-29 17:34:37 +01:00
|
|
|
memcpy (rle->coin_priv_enc,
|
|
|
|
buf,
|
|
|
|
buf_len);
|
|
|
|
return rle;
|
|
|
|
}
|
|
|
|
|
2015-01-27 16:18:33 +01:00
|
|
|
|
2015-04-18 13:08:19 +02:00
|
|
|
/**
|
|
|
|
* Encode encrypted refresh link information to buffer.
|
|
|
|
*
|
|
|
|
* @param rle refresh link to encode
|
|
|
|
* @param[out] buf_len set number of bytes returned
|
|
|
|
* @return NULL on error, otherwise buffer with encoded @a rle
|
|
|
|
*/
|
|
|
|
char *
|
|
|
|
TALER_refresh_link_encrypted_encode (const struct TALER_RefreshLinkEncrypted *rle,
|
|
|
|
size_t *buf_len)
|
|
|
|
{
|
|
|
|
char *buf;
|
|
|
|
|
2015-05-16 14:15:34 +02:00
|
|
|
if (rle->blinding_key_enc_size >= GNUNET_MAX_MALLOC_CHECKED - sizeof (struct TALER_CoinSpendPrivateKeyP))
|
2015-04-18 13:08:19 +02:00
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
|
|
|
return NULL;
|
|
|
|
}
|
2015-05-16 14:15:34 +02:00
|
|
|
*buf_len = sizeof (struct TALER_CoinSpendPrivateKeyP) + rle->blinding_key_enc_size;
|
2015-04-18 13:08:19 +02:00
|
|
|
buf = GNUNET_malloc (*buf_len);
|
|
|
|
memcpy (buf,
|
|
|
|
rle->coin_priv_enc,
|
|
|
|
*buf_len);
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-28 20:23:19 +01:00
|
|
|
/**
|
|
|
|
* Check if a coin is valid; that is, whether the denomination key exists,
|
|
|
|
* is not expired, and the signature is correct.
|
|
|
|
*
|
|
|
|
* @param coin_public_info the coin public info to check for validity
|
|
|
|
* @return #GNUNET_YES if the coin is valid,
|
|
|
|
* #GNUNET_NO if it is invalid
|
|
|
|
* #GNUNET_SYSERROR if an internal error occured
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info)
|
|
|
|
{
|
|
|
|
struct GNUNET_HashCode c_hash;
|
|
|
|
|
|
|
|
GNUNET_CRYPTO_hash (&coin_public_info->coin_pub,
|
|
|
|
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
|
|
|
|
&c_hash);
|
|
|
|
if (GNUNET_OK !=
|
|
|
|
GNUNET_CRYPTO_rsa_verify (&c_hash,
|
2015-03-22 22:14:30 +01:00
|
|
|
coin_public_info->denom_sig.rsa_signature,
|
|
|
|
coin_public_info->denom_pub.rsa_public_key))
|
2015-01-28 20:23:19 +01:00
|
|
|
{
|
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
|
|
|
|
"coin signature is invalid\n");
|
|
|
|
return GNUNET_NO;
|
|
|
|
}
|
|
|
|
return GNUNET_YES;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-04-15 18:12:21 +02:00
|
|
|
/**
|
|
|
|
* Decrypt the shared @a secret from the information in the
|
|
|
|
* encrypted link secret @e secret_enc using the transfer
|
|
|
|
* private key and the coin's public key.
|
2015-05-01 09:59:18 +02:00
|
|
|
*
|
2015-04-15 18:12:21 +02:00
|
|
|
* @param secret_enc encrypted link secret
|
2015-05-16 18:26:34 +02:00
|
|
|
* @param trans_priv transfer private key
|
2015-04-15 18:12:21 +02:00
|
|
|
* @param coin_pub coin public key
|
|
|
|
* @param[out] secret set to the shared secret
|
|
|
|
* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
TALER_link_decrypt_secret (const struct TALER_EncryptedLinkSecretP *secret_enc,
|
|
|
|
const struct TALER_TransferPrivateKeyP *trans_priv,
|
2015-05-16 14:15:34 +02:00
|
|
|
const struct TALER_CoinSpendPublicKeyP *coin_pub,
|
2015-04-15 18:12:21 +02:00
|
|
|
struct TALER_LinkSecretP *secret)
|
|
|
|
{
|
|
|
|
struct TALER_TransferSecretP transfer_secret;
|
|
|
|
|
|
|
|
if (GNUNET_OK !=
|
2015-05-16 14:15:34 +02:00
|
|
|
GNUNET_CRYPTO_ecdh_eddsa (&trans_priv->ecdhe_priv,
|
|
|
|
&coin_pub->eddsa_pub,
|
|
|
|
&transfer_secret.key))
|
2015-04-15 18:12:21 +02:00
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
|
|
|
return GNUNET_SYSERR;
|
|
|
|
}
|
|
|
|
if (GNUNET_OK !=
|
|
|
|
TALER_transfer_decrypt (secret_enc,
|
|
|
|
&transfer_secret,
|
|
|
|
secret))
|
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
|
|
|
return GNUNET_SYSERR;
|
|
|
|
}
|
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-04-15 18:34:14 +02:00
|
|
|
/**
|
|
|
|
* Decrypt the shared @a secret from the information in the
|
|
|
|
* encrypted link secret @e secret_enc using the transfer
|
|
|
|
* public key and the coin's private key.
|
2015-05-01 09:59:18 +02:00
|
|
|
*
|
2015-04-15 18:34:14 +02:00
|
|
|
* @param secret_enc encrypted link secret
|
2015-05-16 18:26:34 +02:00
|
|
|
* @param trans_pub transfer public key
|
2015-04-15 18:34:14 +02:00
|
|
|
* @param coin_priv coin private key
|
|
|
|
* @param[out] secret set to the shared secret
|
|
|
|
* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
TALER_link_decrypt_secret2 (const struct TALER_EncryptedLinkSecretP *secret_enc,
|
|
|
|
const struct TALER_TransferPublicKeyP *trans_pub,
|
2015-05-16 14:15:34 +02:00
|
|
|
const struct TALER_CoinSpendPrivateKeyP *coin_priv,
|
2015-04-15 18:34:14 +02:00
|
|
|
struct TALER_LinkSecretP *secret)
|
|
|
|
{
|
|
|
|
struct TALER_TransferSecretP transfer_secret;
|
|
|
|
|
|
|
|
if (GNUNET_OK !=
|
2015-05-16 14:15:34 +02:00
|
|
|
GNUNET_CRYPTO_eddsa_ecdh (&coin_priv->eddsa_priv,
|
|
|
|
&trans_pub->ecdhe_pub,
|
|
|
|
&transfer_secret.key))
|
2015-04-15 18:34:14 +02:00
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
|
|
|
return GNUNET_SYSERR;
|
|
|
|
}
|
|
|
|
if (GNUNET_OK !=
|
|
|
|
TALER_transfer_decrypt (secret_enc,
|
|
|
|
&transfer_secret,
|
|
|
|
secret))
|
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
|
|
|
return GNUNET_SYSERR;
|
|
|
|
}
|
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-04-15 18:12:21 +02:00
|
|
|
/**
|
|
|
|
* Encrypt the shared @a secret to generate the encrypted link secret.
|
|
|
|
* Also creates the transfer key.
|
2015-05-01 09:59:18 +02:00
|
|
|
*
|
|
|
|
* @param secret link secret to encrypt
|
2015-04-15 18:12:21 +02:00
|
|
|
* @param coin_pub coin public key
|
2015-05-16 18:26:34 +02:00
|
|
|
* @param[out] trans_priv set to transfer private key
|
|
|
|
* @param[out] trans_pub set to transfer public key
|
2015-04-15 18:12:21 +02:00
|
|
|
* @param[out] secret_enc set to the encryptd @a secret
|
|
|
|
* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
TALER_link_encrypt_secret (const struct TALER_LinkSecretP *secret,
|
2015-05-16 14:15:34 +02:00
|
|
|
const struct TALER_CoinSpendPublicKeyP *coin_pub,
|
2015-04-15 18:12:21 +02:00
|
|
|
struct TALER_TransferPrivateKeyP *trans_priv,
|
|
|
|
struct TALER_TransferPublicKeyP *trans_pub,
|
|
|
|
struct TALER_EncryptedLinkSecretP *secret_enc)
|
|
|
|
{
|
|
|
|
struct TALER_TransferSecretP transfer_secret;
|
|
|
|
struct GNUNET_CRYPTO_EcdhePrivateKey *pk;
|
|
|
|
|
|
|
|
pk = GNUNET_CRYPTO_ecdhe_key_create ();
|
|
|
|
if (GNUNET_OK !=
|
2015-05-16 14:15:34 +02:00
|
|
|
GNUNET_CRYPTO_ecdh_eddsa (pk,
|
|
|
|
&coin_pub->eddsa_pub,
|
|
|
|
&transfer_secret.key))
|
2015-04-15 18:12:21 +02:00
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
|
|
|
GNUNET_free (pk);
|
|
|
|
return GNUNET_SYSERR;
|
|
|
|
}
|
|
|
|
if (GNUNET_OK !=
|
|
|
|
TALER_transfer_encrypt (secret,
|
|
|
|
&transfer_secret,
|
|
|
|
secret_enc))
|
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
|
|
|
return GNUNET_SYSERR;
|
|
|
|
}
|
|
|
|
trans_priv->ecdhe_priv = *pk;
|
|
|
|
GNUNET_CRYPTO_ecdhe_key_get_public (pk,
|
|
|
|
&trans_pub->ecdhe_pub);
|
|
|
|
GNUNET_free (pk);
|
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-27 16:18:33 +01:00
|
|
|
/* end of crypto.c */
|