taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

mint-httpd_db.c now compiles again

Browse Source
This commit is contained in:
Christian Grothoff 2015-01-27 18:49:02 +01:00
parent c3731d0df7
commit 019af0919e
5 changed files with 65 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/include/taler_util.h
View File

@ -284,6 +284,22 @@ struct TALER_RefreshLinkDecrypted
}; };
/**
* Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc
* to obtain the @a secret to decrypt the linkage data.
*
* @param secret_enc encrypted secret (FIXME: use different type!)
* @param trans_sec transfer secret (FIXME: use different type?)
* @param secret shared secret for refresh link decryption
* (FIXME: use different type?)
* @return #GNUNET_OK on success
*/
int
TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc,
const struct GNUNET_HashCode *trans_sec,
struct GNUNET_HashCode *secret);
/** /**
* Decrypt refresh link information. * Decrypt refresh link information.
* *

6
src/mint/mint.h
View File

@ -179,10 +179,10 @@ struct RefreshCommitLink
struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub;
/** /**
* FIXME: this can't be exactly the shared secret, must * FIXME: this is the encrypted shared secret, should use
* be a commitment to it or something. * a different type...
*/ */
struct GNUNET_HashCode shared_secret; struct GNUNET_HashCode shared_secret_enc;
}; };

4
src/mint/mint_db.c
View File

@ -1172,7 +1172,7 @@ TALER_MINT_DB_insert_refresh_commit_link (PGconn *db_conn,
TALER_DB_QUERY_PARAM_PTR(&commit_link->transfer_pub), TALER_DB_QUERY_PARAM_PTR(&commit_link->transfer_pub),
TALER_DB_QUERY_PARAM_PTR(&cnc_index_nbo), TALER_DB_QUERY_PARAM_PTR(&cnc_index_nbo),
TALER_DB_QUERY_PARAM_PTR(&oldcoin_index_nbo), TALER_DB_QUERY_PARAM_PTR(&oldcoin_index_nbo),
TALER_DB_QUERY_PARAM_PTR(&commit_link->shared_secret), TALER_DB_QUERY_PARAM_PTR(&commit_link->shared_secret_enc),
TALER_DB_QUERY_PARAM_END TALER_DB_QUERY_PARAM_END
}; };
@ -1232,7 +1232,7 @@ TALER_MINT_DB_get_refresh_commit_link (PGconn *db_conn,
struct TALER_DB_ResultSpec rs[] = { struct TALER_DB_ResultSpec rs[] = {
TALER_DB_RESULT_SPEC("transfer_pub", &cc->transfer_pub), TALER_DB_RESULT_SPEC("transfer_pub", &cc->transfer_pub),
TALER_DB_RESULT_SPEC("link_secret_enc", &cc->shared_secret), TALER_DB_RESULT_SPEC("link_secret_enc", &cc->shared_secret_enc),
TALER_DB_RESULT_SPEC_END TALER_DB_RESULT_SPEC_END
}; };

41
src/mint/taler-mint-httpd_db.c
View File

@ -953,8 +953,8 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
return MHD_NO; return MHD_NO;
} }
if (0 >= TALER_refresh_decrypt (commit_link.shared_secret_enc, if (GNUNET_OK !=
TALER_REFRESH_SHARED_SECRET_LENGTH, TALER_transfer_decrypt (&commit_link.shared_secret_enc,
&transfer_secret, &transfer_secret,
&shared_secret)) &shared_secret))
{ {
@ -1001,16 +1001,14 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
for (j = 0; j < refresh_session.num_newcoins; j++) for (j = 0; j < refresh_session.num_newcoins; j++)
{ {
struct RefreshCommitCoin commit_coin; struct RefreshCommitCoin commit_coin;
struct LinkData link_data; struct TALER_RefreshLinkDecrypted *link_data;
// struct BlindedSignaturePurpose *coin_ev_check; // struct BlindedSignaturePurpose *coin_ev_check;
struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub; struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub;
struct GNUNET_CRYPTO_rsa_BlindingKey *bkey;
struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub; struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub;
struct GNUNET_HashCode h_msg; struct GNUNET_HashCode h_msg;
char *buf; char *buf;
size_t buf_len; size_t buf_len;
bkey = NULL;
res = TALER_MINT_DB_get_refresh_commit_coin (db_conn, res = TALER_MINT_DB_get_refresh_commit_coin (db_conn,
refresh_session_pub, refresh_session_pub,
i+off, j, i+off, j,
@ -1022,11 +1020,9 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
return MHD_NO; return MHD_NO;
} }
link_data = TALER_refresh_decrypt (commit_coin.refresh_link,
if (0 >= TALER_refresh_decrypt (commit_coin.link_enc, &last_shared_secret);
sizeof (struct LinkData), if (NULL == link_data)
&last_shared_secret,
&link_data))
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"decryption failed\n"); "decryption failed\n");
@ -1034,16 +1030,8 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
return MHD_NO; return MHD_NO;
} }
GNUNET_CRYPTO_ecdsa_key_get_public (&link_data.coin_priv, GNUNET_CRYPTO_ecdsa_key_get_public (&link_data->coin_priv,
&coin_pub); &coin_pub);
if (NULL == (bkey = GNUNET_CRYPTO_rsa_blinding_key_decode (link_data.bkey_enc,
link_data.bkey_enc_size)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Invalid blinding key\n");
// FIXME: return error code!
return MHD_NO;
}
denom_pub = TALER_MINT_DB_get_refresh_order (db_conn, denom_pub = TALER_MINT_DB_get_refresh_order (db_conn,
j, j,
refresh_session_pub); refresh_session_pub);
@ -1060,7 +1048,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
&h_msg); &h_msg);
if (0 == (buf_len = if (0 == (buf_len =
GNUNET_CRYPTO_rsa_blind (&h_msg, GNUNET_CRYPTO_rsa_blind (&h_msg,
bkey, link_data->blinding_key,
denom_pub, denom_pub,
&buf))) &buf)))
{ {
@ -1133,7 +1121,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
} }
ev_sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv, ev_sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv,
commit_coin.coin_ev, commit_coin.coin_ev,
commit_coin.coin_ev_len); commit_coin.coin_ev_size);
if (NULL == ev_sig) if (NULL == ev_sig)
{ {
GNUNET_break (0); GNUNET_break (0);
@ -1182,7 +1170,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
*/ */
static int static int
link_iter (void *cls, link_iter (void *cls,
const struct LinkDataEnc *link_data_enc, const struct TALER_RefreshLinkEncrypted *link_data_enc,
const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub, const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub,
const struct GNUNET_CRYPTO_rsa_Signature *ev_sig) const struct GNUNET_CRYPTO_rsa_Signature *ev_sig)
{ {
@ -1195,8 +1183,9 @@ link_iter (void *cls,
json_array_append_new (list, obj); json_array_append_new (list, obj);
json_object_set_new (obj, "link_enc", json_object_set_new (obj, "link_enc",
TALER_JSON_from_data (link_data_enc, TALER_JSON_from_data (link_data_enc->coin_priv_enc,
sizeof (struct LinkDataEnc))); sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey) +
link_data_enc->blinding_key_enc_size));
buf_len = GNUNET_CRYPTO_rsa_public_key_encode (denom_pub, buf_len = GNUNET_CRYPTO_rsa_public_key_encode (denom_pub,
&buf); &buf);
@ -1231,7 +1220,7 @@ TALER_MINT_db_execute_refresh_link (struct MHD_Connection *connection,
json_t *list; json_t *list;
PGconn *db_conn; PGconn *db_conn;
struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub;
struct SharedSecretEnc shared_secret_enc; struct GNUNET_HashCode shared_secret_enc;
if (NULL == (db_conn = TALER_MINT_DB_get_connection ())) if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
{ {
@ -1287,7 +1276,7 @@ TALER_MINT_db_execute_refresh_link (struct MHD_Connection *connection,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey))); sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)));
json_object_set_new (root, "secret_enc", json_object_set_new (root, "secret_enc",
TALER_JSON_from_data (&shared_secret_enc, TALER_JSON_from_data (&shared_secret_enc,
sizeof (struct SharedSecretEnc))); sizeof (struct GNUNET_HashCode)));
return TALER_MINT_reply_json (connection, return TALER_MINT_reply_json (connection,
root, root,
MHD_HTTP_OK); MHD_HTTP_OK);

27
src/util/crypto.c
View File

@ -83,6 +83,33 @@ derive_refresh_key (const struct GNUNET_HashCode *secret,
} }
/**
* Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc
* to obtain the @a secret to decrypt the linkage data.
*
* @param secret_enc encrypted secret (FIXME: use different type!)
* @param trans_sec transfer secret (FIXME: use different type?)
* @param secret shared secret for refresh link decryption
* (FIXME: use different type?)
* @return #GNUNET_OK on success
*/
int
TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc,
const struct GNUNET_HashCode *trans_sec,
struct GNUNET_HashCode *secret)
{
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
struct GNUNET_CRYPTO_SymmetricSessionKey skey;
derive_refresh_key (trans_sec, &iv, &skey);
return GNUNET_CRYPTO_symmetric_decrypt (secret_enc,
sizeof (struct GNUNET_HashCode),
&skey,
&iv,
secret);
}
/** /**
* Decrypt refresh link information. * Decrypt refresh link information.
* *