exchange/src/util/test_crypto.c

508 lines
17 KiB
C
Raw Normal View History

2015-04-13 17:20:46 +02:00
/*
This file is part of TALER
2022-02-09 10:38:02 +01:00
(C) 2015, 2020-2022 Taler Systems SA
2015-04-13 17:20:46 +02:00
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
2016-07-07 17:55:25 +02:00
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
2015-04-13 17:20:46 +02:00
*/
/**
* @file util/test_crypto.c
* @brief Tests for Taler-specific crypto logic
* @author Christian Grothoff <christian@grothoff.org>
*/
#include "platform.h"
#include "taler_util.h"
#include "taler_crypto_lib.h"
/**
* Test high-level link encryption/decryption API.
*
* @return 0 on success
*/
2015-04-15 18:34:14 +02:00
static int
2020-03-27 17:28:33 +01:00
test_high_level (void)
2015-04-15 18:34:14 +02:00
{
struct TALER_CoinSpendPrivateKeyP coin_priv;
struct TALER_CoinSpendPublicKeyP coin_pub;
2015-04-15 18:34:14 +02:00
struct TALER_TransferPrivateKeyP trans_priv;
struct TALER_TransferPublicKeyP trans_pub;
struct TALER_TransferSecretP secret;
struct TALER_TransferSecretP secret2;
2022-02-05 23:12:21 +01:00
union TALER_DenominationBlindingKeyP bks1;
union TALER_DenominationBlindingKeyP bks2;
struct TALER_CoinSpendPrivateKeyP coin_priv1;
struct TALER_CoinSpendPrivateKeyP coin_priv2;
2022-02-11 09:36:01 +01:00
struct TALER_PlanchetMasterSecretP ps1;
struct TALER_PlanchetMasterSecretP ps2;
2022-02-07 10:58:23 +01:00
struct TALER_ExchangeWithdrawValues alg1;
struct TALER_ExchangeWithdrawValues alg2;
2015-04-15 18:34:14 +02:00
2020-04-11 21:06:30 +02:00
GNUNET_CRYPTO_eddsa_key_create (&coin_priv.eddsa_priv);
GNUNET_CRYPTO_eddsa_key_get_public (&coin_priv.eddsa_priv,
2019-08-25 16:18:24 +02:00
&coin_pub.eddsa_pub);
2020-04-11 21:06:30 +02:00
GNUNET_CRYPTO_ecdhe_key_create (&trans_priv.ecdhe_priv);
GNUNET_CRYPTO_ecdhe_key_get_public (&trans_priv.ecdhe_priv,
2019-08-25 16:18:24 +02:00
&trans_pub.ecdhe_pub);
TALER_link_derive_transfer_secret (&coin_priv,
&trans_priv,
&secret);
TALER_link_reveal_transfer_secret (&trans_priv,
&coin_pub,
&secret2);
2015-04-15 18:34:14 +02:00
GNUNET_assert (0 ==
GNUNET_memcmp (&secret,
&secret2));
TALER_link_recover_transfer_secret (&trans_pub,
&coin_priv,
&secret2);
2015-04-15 18:34:14 +02:00
GNUNET_assert (0 ==
GNUNET_memcmp (&secret,
&secret2));
2022-02-07 12:33:35 +01:00
TALER_transfer_secret_to_planchet_secret (&secret,
0,
&ps1);
2022-02-07 10:58:23 +01:00
alg1.cipher = TALER_DENOMINATION_RSA;
TALER_planchet_setup_coin_priv (&ps1,
&alg1,
&coin_priv1);
TALER_planchet_blinding_secret_create (&ps1,
&alg1,
&bks1);
alg2.cipher = TALER_DENOMINATION_RSA;
2022-02-07 12:33:35 +01:00
TALER_transfer_secret_to_planchet_secret (&secret,
1,
&ps2);
2022-02-07 11:23:53 +01:00
TALER_planchet_setup_coin_priv (&ps2,
2022-02-07 10:58:23 +01:00
&alg2,
&coin_priv2);
TALER_planchet_blinding_secret_create (&ps2,
&alg2,
&bks2);
2022-02-07 11:23:53 +01:00
GNUNET_assert (0 !=
GNUNET_memcmp (&ps1,
&ps2));
GNUNET_assert (0 !=
2022-02-05 23:12:21 +01:00
GNUNET_memcmp (&coin_priv1,
&coin_priv2));
GNUNET_assert (0 !=
GNUNET_memcmp (&bks1,
&bks2));
2015-04-15 18:34:14 +02:00
return 0;
}
2022-03-02 11:59:21 +01:00
static struct TALER_AgeMask age_mask = {
.bits = 1 | 1 << 8 | 1 << 10 | 1 << 12
| 1 << 14 | 1 << 16 | 1 << 18 | 1 << 21
};
/**
* Test the basic planchet functionality of creating a fresh planchet
* and extracting the respective signature.
*
* @return 0 on success
*/
static int
2022-03-02 11:59:21 +01:00
test_planchets_rsa (uint8_t age)
{
2022-02-11 09:36:01 +01:00
struct TALER_PlanchetMasterSecretP ps;
2022-02-05 23:12:21 +01:00
struct TALER_CoinSpendPrivateKeyP coin_priv;
union TALER_DenominationBlindingKeyP bks;
struct TALER_DenominationPrivateKey dk_priv;
struct TALER_DenominationPublicKey dk_pub;
2022-01-16 17:02:15 +01:00
struct TALER_ExchangeWithdrawValues alg_values;
struct TALER_PlanchetDetail pd;
2021-10-31 18:01:19 +01:00
struct TALER_BlindedDenominationSignature blind_sig;
struct TALER_FreshCoin coin;
struct TALER_CoinPubHashP c_hash;
2022-03-02 11:59:21 +01:00
struct TALER_AgeCommitmentHash *ach = NULL;
if (0 < age)
{
2022-03-28 11:17:49 +02:00
struct TALER_AgeCommitmentProof acp;
2022-03-02 11:59:21 +01:00
struct TALER_AgeCommitmentHash ah = {0};
struct GNUNET_HashCode seed;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&seed,
sizeof(seed));
2022-03-02 11:59:21 +01:00
GNUNET_assert (GNUNET_OK ==
TALER_age_restriction_commit (&age_mask,
age,
&seed,
2022-03-27 05:02:21 +02:00
&acp));
TALER_age_commitment_hash (&acp.commitment,
2022-03-02 11:59:21 +01:00
&ah);
ach = &ah;
2022-03-28 11:17:49 +02:00
TALER_age_commitment_proof_free (&acp);
2022-03-02 11:59:21 +01:00
}
2022-02-05 23:12:21 +01:00
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&ps,
sizeof (ps));
GNUNET_assert (GNUNET_SYSERR ==
TALER_denom_priv_create (&dk_priv,
&dk_pub,
TALER_DENOMINATION_INVALID));
GNUNET_assert (GNUNET_SYSERR ==
TALER_denom_priv_create (&dk_priv,
&dk_pub,
42));
2021-11-05 14:00:10 +01:00
GNUNET_assert (GNUNET_OK ==
TALER_denom_priv_create (&dk_priv,
&dk_pub,
TALER_DENOMINATION_RSA,
1024));
2022-01-16 17:02:15 +01:00
alg_values.cipher = TALER_DENOMINATION_RSA;
2022-02-07 11:23:53 +01:00
TALER_planchet_setup_coin_priv (&ps,
&alg_values,
&coin_priv);
TALER_planchet_blinding_secret_create (&ps,
&alg_values,
&bks);
GNUNET_assert (GNUNET_OK ==
TALER_planchet_prepare (&dk_pub,
2022-01-16 17:02:15 +01:00
&alg_values,
2022-02-05 23:12:21 +01:00
&bks,
&coin_priv,
2022-03-02 11:59:21 +01:00
ach,
2020-04-17 14:19:12 +02:00
&c_hash,
&pd));
2021-11-05 17:19:47 +01:00
GNUNET_assert (GNUNET_OK ==
TALER_denom_sign_blinded (&blind_sig,
&dk_priv,
false,
&pd.blinded_planchet));
2022-02-07 11:23:53 +01:00
TALER_planchet_detail_free (&pd);
GNUNET_assert (GNUNET_OK ==
TALER_planchet_to_coin (&dk_pub,
2021-10-31 18:01:19 +01:00
&blind_sig,
2022-02-05 23:12:21 +01:00
&bks,
&coin_priv,
2022-03-02 11:59:21 +01:00
ach,
2020-04-17 14:19:12 +02:00
&c_hash,
2022-01-16 17:02:15 +01:00
&alg_values,
&coin));
2021-10-31 18:01:19 +01:00
TALER_blinded_denom_sig_free (&blind_sig);
TALER_denom_sig_free (&coin.sig);
TALER_denom_priv_free (&dk_priv);
TALER_denom_pub_free (&dk_pub);
return 0;
}
2022-02-12 00:52:19 +01:00
/**
* @brief Function for CS signatures to derive public R_0 and R_1
*
* @param nonce withdraw nonce from a client
* @param denom_priv denomination privkey as long-term secret
* @param r_pub the resulting R_0 and R_1
* @return enum GNUNET_GenericReturnValue
*/
static enum GNUNET_GenericReturnValue
derive_r_public (
const struct TALER_CsNonce *nonce,
const struct TALER_DenominationPrivateKey *denom_priv,
struct TALER_DenominationCSPublicRPairP *r_pub)
{
struct GNUNET_CRYPTO_CsRSecret r[2];
if (denom_priv->cipher != TALER_DENOMINATION_CS)
{
GNUNET_break (0);
return GNUNET_SYSERR;
}
GNUNET_CRYPTO_cs_r_derive (&nonce->nonce,
"rw",
2022-02-12 00:52:19 +01:00
&denom_priv->details.cs_private_key,
r);
GNUNET_CRYPTO_cs_r_get_public (&r[0],
&r_pub->r_pub[0]);
GNUNET_CRYPTO_cs_r_get_public (&r[1],
&r_pub->r_pub[1]);
return GNUNET_OK;
}
/**
* Test the basic planchet functionality of creating a fresh planchet with CS denomination
* and extracting the respective signature.
*
* @return 0 on success
*/
static int
2022-03-02 11:59:21 +01:00
test_planchets_cs (uint8_t age)
{
2022-02-11 09:36:01 +01:00
struct TALER_PlanchetMasterSecretP ps;
2022-02-05 23:12:21 +01:00
struct TALER_CoinSpendPrivateKeyP coin_priv;
union TALER_DenominationBlindingKeyP bks;
struct TALER_DenominationPrivateKey dk_priv;
struct TALER_DenominationPublicKey dk_pub;
2021-12-22 11:45:22 +01:00
struct TALER_PlanchetDetail pd;
struct TALER_CoinPubHashP c_hash;
2021-12-23 10:58:03 +01:00
struct TALER_BlindedDenominationSignature blind_sig;
struct TALER_FreshCoin coin;
2022-01-11 21:21:18 +01:00
struct TALER_ExchangeWithdrawValues alg_values;
2022-03-02 11:59:21 +01:00
struct TALER_AgeCommitmentHash *ach = NULL;
if (0 < age)
{
struct TALER_AgeCommitmentHash ah = {0};
2022-03-27 05:02:21 +02:00
struct TALER_AgeCommitmentProof acp;
struct GNUNET_HashCode seed;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&seed,
sizeof(seed));
2022-03-02 11:59:21 +01:00
GNUNET_assert (GNUNET_OK ==
TALER_age_restriction_commit (&age_mask,
age,
&seed,
2022-03-27 05:02:21 +02:00
&acp));
TALER_age_commitment_hash (&acp.commitment,
2022-03-02 11:59:21 +01:00
&ah);
ach = &ah;
2022-03-28 11:17:49 +02:00
TALER_age_commitment_proof_free (&acp);
2022-03-02 11:59:21 +01:00
}
2022-02-05 23:12:21 +01:00
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&ps,
sizeof (ps));
GNUNET_assert (GNUNET_OK ==
TALER_denom_priv_create (&dk_priv,
&dk_pub,
TALER_DENOMINATION_CS));
2022-01-16 17:02:15 +01:00
alg_values.cipher = TALER_DENOMINATION_CS;
2022-02-07 11:23:53 +01:00
TALER_cs_withdraw_nonce_derive (
&ps,
&pd.blinded_planchet.details.cs_blinded_planchet.nonce);
GNUNET_assert (GNUNET_OK ==
2022-02-12 00:52:19 +01:00
derive_r_public (
&pd.blinded_planchet.details.cs_blinded_planchet.nonce,
&dk_priv,
2022-02-11 11:55:59 +01:00
&alg_values.details.cs_values));
2022-02-07 11:23:53 +01:00
TALER_planchet_setup_coin_priv (&ps,
&alg_values,
&coin_priv);
2022-01-09 16:49:27 +01:00
TALER_planchet_blinding_secret_create (&ps,
2022-02-05 23:12:21 +01:00
&alg_values,
&bks);
2021-12-22 16:55:34 +01:00
GNUNET_assert (GNUNET_OK ==
TALER_planchet_prepare (&dk_pub,
2022-01-11 21:21:18 +01:00
&alg_values,
2022-02-05 23:12:21 +01:00
&bks,
&coin_priv,
2022-03-02 11:59:21 +01:00
ach,
2021-12-22 16:55:34 +01:00
&c_hash,
&pd));
2021-12-23 10:58:03 +01:00
GNUNET_assert (GNUNET_OK ==
TALER_denom_sign_blinded (&blind_sig,
&dk_priv,
false,
&pd.blinded_planchet));
2022-02-07 11:23:53 +01:00
TALER_planchet_detail_free (&pd);
GNUNET_assert (GNUNET_OK ==
TALER_planchet_to_coin (&dk_pub,
&blind_sig,
2022-02-05 23:12:21 +01:00
&bks,
&coin_priv,
2022-03-02 11:59:21 +01:00
ach,
&c_hash,
2022-01-11 21:21:18 +01:00
&alg_values,
&coin));
2021-12-23 10:58:03 +01:00
TALER_blinded_denom_sig_free (&blind_sig);
TALER_denom_sig_free (&coin.sig);
TALER_denom_priv_free (&dk_priv);
TALER_denom_pub_free (&dk_pub);
return 0;
}
/**
* Test the basic planchet functionality of creating a fresh planchet
* and extracting the respective signature.
* Calls test_planchets_rsa and test_planchets_cs
*
* @return 0 on success
*/
static int
2022-03-02 11:59:21 +01:00
test_planchets (uint8_t age)
{
2022-03-02 11:59:21 +01:00
if (0 != test_planchets_rsa (age))
return -1;
2022-03-02 11:59:21 +01:00
return test_planchets_cs (age);
}
2020-07-11 17:26:02 +02:00
static int
test_exchange_sigs (void)
2020-07-11 17:26:02 +02:00
{
const char *pt = "payto://x-taler-bank/localhost/Account";
struct TALER_MasterPrivateKeyP priv;
struct TALER_MasterPublicKeyP pub;
struct TALER_MasterSignatureP sig;
GNUNET_CRYPTO_eddsa_key_create (&priv.eddsa_priv);
TALER_exchange_wire_signature_make (pt,
&priv,
&sig);
GNUNET_CRYPTO_eddsa_key_get_public (&priv.eddsa_priv,
&pub.eddsa_pub);
if (GNUNET_OK !=
TALER_exchange_wire_signature_check (pt,
&pub,
&sig))
{
GNUNET_break (0);
return 1;
}
if (GNUNET_OK ==
TALER_exchange_wire_signature_check (
"payto://x-taler-bank/localhost/Other",
&pub,
&sig))
{
GNUNET_break (0);
return 1;
}
return 0;
}
static int
test_merchant_sigs (void)
2020-07-11 17:26:02 +02:00
{
const char *pt = "payto://x-taler-bank/localhost/Account";
2022-02-07 12:33:35 +01:00
struct TALER_WireSaltP salt;
2020-07-11 17:26:02 +02:00
struct TALER_MerchantPrivateKeyP priv;
struct TALER_MerchantPublicKeyP pub;
struct TALER_MerchantSignatureP sig;
GNUNET_CRYPTO_eddsa_key_create (&priv.eddsa_priv);
memset (&salt,
42,
sizeof (salt));
2020-07-11 17:26:02 +02:00
TALER_merchant_wire_signature_make (pt,
&salt,
2020-07-11 17:26:02 +02:00
&priv,
&sig);
GNUNET_CRYPTO_eddsa_key_get_public (&priv.eddsa_priv,
&pub.eddsa_pub);
if (GNUNET_OK !=
TALER_merchant_wire_signature_check (pt,
&salt,
2020-07-11 17:26:02 +02:00
&pub,
&sig))
{
GNUNET_break (0);
return 1;
}
if (GNUNET_OK ==
TALER_merchant_wire_signature_check (
"payto://x-taler-bank/localhost/Other",
&salt,
2020-07-11 17:26:02 +02:00
&pub,
&sig))
{
GNUNET_break (0);
return 1;
}
memset (&salt,
43,
sizeof (salt));
2020-07-11 17:26:02 +02:00
if (GNUNET_OK ==
TALER_merchant_wire_signature_check (pt,
&salt,
2020-07-11 17:26:02 +02:00
&pub,
&sig))
{
GNUNET_break (0);
return 1;
}
return 0;
}
2022-04-27 13:09:41 +02:00
static int
test_contracts (void)
{
struct TALER_ContractDiffiePrivateP cpriv;
struct TALER_PurseContractPublicKeyP purse_pub;
struct TALER_PurseContractPrivateKeyP purse_priv;
void *econtract;
size_t econtract_size;
struct TALER_PurseMergePrivateKeyP mpriv_in;
struct TALER_PurseMergePrivateKeyP mpriv_out;
json_t *c;
GNUNET_CRYPTO_ecdhe_key_create (&cpriv.ecdhe_priv);
GNUNET_CRYPTO_eddsa_key_create (&purse_priv.eddsa_priv);
GNUNET_CRYPTO_eddsa_key_get_public (&purse_priv.eddsa_priv,
&purse_pub.eddsa_pub);
memset (&mpriv_in,
42,
sizeof (mpriv_in));
c = json_pack ("{s:s}", "test", "value");
GNUNET_assert (NULL != c);
TALER_CRYPTO_contract_encrypt_for_merge (&purse_pub,
&cpriv,
&mpriv_in,
c,
&econtract,
&econtract_size);
json_decref (c);
c = TALER_CRYPTO_contract_decrypt_for_merge (&cpriv,
&purse_pub,
econtract,
econtract_size,
&mpriv_out);
GNUNET_free (econtract);
if (NULL == c)
return 1;
json_decref (c);
if (0 != GNUNET_memcmp (&mpriv_in,
&mpriv_out))
return 1;
return 0;
}
2015-04-15 18:34:14 +02:00
int
2019-08-25 16:18:24 +02:00
main (int argc,
const char *const argv[])
2015-04-15 18:34:14 +02:00
{
2020-03-27 17:28:33 +01:00
(void) argc;
(void) argv;
2015-04-15 18:34:14 +02:00
if (0 != test_high_level ())
return 1;
2022-03-02 11:59:21 +01:00
if (0 != test_planchets (0))
2020-07-11 17:26:02 +02:00
return 2;
2022-03-02 11:59:21 +01:00
if (0 != test_planchets (13))
2020-07-11 17:26:02 +02:00
return 3;
[age restriction] progress 14/n - withdraw and deposit Age restriction support for - withdraw is done and tested - deposit is done and tested TODOs: - melt/refresh/reveal - link ------ Added functions - TALER_age_restriction_commit - TALER_age_commitment_derive - TALER_age_commitment_hash - TALER_age_restriction_commitment_free_inside - Hash of age commitment passed around API boundaries Exchangedb adjustments for denominations - all prepared statements re: denominations now handle age_mask - signature parameters adjusted Hash and signature verification of /keys adjusted - Hashes of (normal) denominations and age-restricted denominations are calculated seperately - The hash of the age-restricted ones will then be added to the other hash - The total hash is signed/verified Tests for withdraw with age restriction added - TALER_EXCHANGE_DenomPublickey now carries age_mask - TALER_TESTING_cmd_withdraw_amount* takes age parameter - TALER_TESTING_find_pk takes boolean age_restricted - WithdrawState carries age_commitment and its hash - withdraw_run derives new age commitment, if applicable - Added age parameter to testing (13 as example) Various Fixes and changes - Fixes of post handler for /management/extensions - Fixes for offline tool extensions signing - Slight refactoring of extensions - Age restriction extension simplified - config is now global to extension - added global TEH_age_restriction_enabled and TEH_age_mask in taler-exchange-httpd - helper functions and macros introduced
2022-02-16 22:01:05 +01:00
if (0 != test_exchange_sigs ())
2020-07-11 17:26:02 +02:00
return 4;
[age restriction] progress 14/n - withdraw and deposit Age restriction support for - withdraw is done and tested - deposit is done and tested TODOs: - melt/refresh/reveal - link ------ Added functions - TALER_age_restriction_commit - TALER_age_commitment_derive - TALER_age_commitment_hash - TALER_age_restriction_commitment_free_inside - Hash of age commitment passed around API boundaries Exchangedb adjustments for denominations - all prepared statements re: denominations now handle age_mask - signature parameters adjusted Hash and signature verification of /keys adjusted - Hashes of (normal) denominations and age-restricted denominations are calculated seperately - The hash of the age-restricted ones will then be added to the other hash - The total hash is signed/verified Tests for withdraw with age restriction added - TALER_EXCHANGE_DenomPublickey now carries age_mask - TALER_TESTING_cmd_withdraw_amount* takes age parameter - TALER_TESTING_find_pk takes boolean age_restricted - WithdrawState carries age_commitment and its hash - withdraw_run derives new age commitment, if applicable - Added age parameter to testing (13 as example) Various Fixes and changes - Fixes of post handler for /management/extensions - Fixes for offline tool extensions signing - Slight refactoring of extensions - Age restriction extension simplified - config is now global to extension - added global TEH_age_restriction_enabled and TEH_age_mask in taler-exchange-httpd - helper functions and macros introduced
2022-02-16 22:01:05 +01:00
if (0 != test_merchant_sigs ())
return 5;
2022-04-27 13:09:41 +02:00
if (0 != test_contracts ())
return 6;
return 0;
2015-04-15 18:34:14 +02:00
}
2019-10-31 12:59:50 +01:00
2015-04-13 17:20:46 +02:00
/* end of test_crypto.c */