taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

messing with CS/RSA fixes

Browse Source
This commit is contained in:
Christian Grothoff 2022-02-04 19:29:52 +01:00
parent 7d2a1a596a
commit 03fd154a69
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
9 changed files with 34 additions and 342 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/include/taler_crypto_lib.h
View File

@ -987,6 +987,17 @@ struct TALER_ExchangeWithdrawValues
void
TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
/**
* Create private key for a Taler coin.
*
* @param[out] coin_priv private key to initialize
*/
void
TALER_planchet_setup_coin_priv (
struct TALER_CoinSpendPrivateKeyP *coin_priv);
/**
* @brief Method to derive withdraw nonce
*
@ -1472,9 +1483,9 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
* @oaram alg_values WitdrawValues containing cipher
*/
void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
const struct
TALER_ExchangeWithdrawValues *alg_values);
TALER_planchet_setup_random (
struct TALER_PlanchetSecretsP *ps,
const struct TALER_ExchangeWithdrawValues *alg_values);
/**
* Create a blinding secret @a bs for @a cipher.

1
src/include/taler_exchange_service.h
View File

@ -1461,7 +1461,6 @@ TALER_EXCHANGE_withdraw (
const struct TALER_EXCHANGE_DenomPublicKey *pk,
const struct TALER_ReservePrivateKeyP *reserve_priv,
struct TALER_PlanchetSecretsP *ps,
struct TALER_ExchangeWithdrawValues *alg_values,
TALER_EXCHANGE_WithdrawCallback res_cb,
void *res_cb_cls);

46
src/include/taler_testing_lib.h
View File

@ -66,13 +66,11 @@ TALER_TESTING_make_wire_details (const char *payto);
*
* @param keys array of keys to search
* @param amount coin value to look for
* @param cipher denomination cipher
* @return NULL if no matching key was found
*/
const struct TALER_EXCHANGE_DenomPublicKey *
TALER_TESTING_find_pk (const struct TALER_EXCHANGE_Keys *keys,
const struct TALER_Amount *amount,
const enum TALER_DenominationCipher cipher);
const struct TALER_Amount *amount);
/**
@ -1290,24 +1288,6 @@ TALER_TESTING_cmd_withdraw_amount (const char *label,
unsigned int expected_response_code);
/**
* Create a withdraw command using a CS denomination, letting the caller specify
* the desired amount as string.
*
* @param label command label.
* @param reserve_reference command providing us with a reserve to withdraw from
* @param amount how much we withdraw.
* @param expected_response_code which HTTP response code
* we expect from the exchange.
* @return the withdraw command to be executed by the interpreter.
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_withdraw_cs_amount (const char *label,
const char *reserve_reference,
const char *amount,
unsigned int expected_response_code);
/**
* Create a withdraw command, letting the caller specify
* the desired amount as string and also re-using an existing
@ -1332,30 +1312,6 @@ TALER_TESTING_cmd_withdraw_amount_reuse_key (
unsigned int expected_response_code);
/**
* Create a CS withdraw command, letting the caller specify
* the desired amount as string and also re-using an existing
* coin private key in the process (violating the specification,
* which will result in an error when spending the coin!).
*
* @param label command label.
* @param reserve_reference command providing us with a reserve to withdraw from
* @param amount how much we withdraw.
* @param coin_ref reference to (withdraw/reveal) command of a coin
* from which we should re-use the private key
* @param expected_response_code which HTTP response code
* we expect from the exchange.
* @return the withdraw command to be executed by the interpreter.
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_withdraw_cs_amount_reuse_key (
const char *label,
const char *reserve_reference,
const char *amount,
const char *coin_ref,
unsigned int expected_response_code);
/**
* Create withdraw command, letting the caller specify the
* amount by a denomination key.

20
src/lib/exchange_api_withdraw.c
View File

@ -220,31 +220,12 @@ withdraw_cs_stage_two_callback (void *cls,
}
/**
* Withdraw a coin from the exchange using a /reserve/withdraw request. Note
* that to ensure that no money is lost in case of hardware failures,
* the caller must have committed (most of) the arguments to disk
* before calling, and be ready to repeat the request with the same
* arguments in case of failures.
*
* @param exchange the exchange handle; the exchange must be ready to operate
* @param pk kind of coin to create
* @param reserve_priv private key of the reserve to withdraw from
* @param ps secrets of the planchet
* caller must have committed this value to disk before the call (with @a pk)
* @param res_cb the callback to call when the final result for this request is available
* @param res_cb_cls closure for the above callback
* @return handle for the operation on success, NULL on error, i.e.
* if the inputs are invalid (i.e. denomination key not with this exchange).
* In this case, the callback is not called.
*/
struct TALER_EXCHANGE_WithdrawHandle *
TALER_EXCHANGE_withdraw (
struct TALER_EXCHANGE_Handle *exchange,
const struct TALER_EXCHANGE_DenomPublicKey *pk,
const struct TALER_ReservePrivateKeyP *reserve_priv,
struct TALER_PlanchetSecretsP *ps,
struct TALER_ExchangeWithdrawValues *alg_values,
TALER_EXCHANGE_WithdrawCallback res_cb,
void *res_cb_cls)
{
@ -256,7 +237,6 @@ TALER_EXCHANGE_withdraw (
wh->cb_cls = res_cb_cls;
wh->reserve_priv = reserve_priv;
wh->ps = *ps;
wh->alg_values = *alg_values,
wh->pk = *pk;
wh->csrh = NULL;

146
src/testing/test_exchange_api.c
View File

@ -890,145 +890,6 @@ run (void *cls,
TALER_TESTING_cmd_end ()
};
/**
* Test CS withdrawal plus spending.
*/
struct TALER_TESTING_Command withdraw_cs[] = {
/**
* Move money to the exchange's bank account.
*/
CMD_TRANSFER_TO_EXCHANGE ("create-reserve-cs-1",
"EUR:6.02"),
TALER_TESTING_cmd_check_bank_admin_transfer ("check-create-reserve-cs-1",
"EUR:6.02",
bc.user42_payto,
bc.exchange_payto,
"create-reserve-cs-1"),
/**
* Make a reserve exist, according to the previous
* transfer.
*/
CMD_EXEC_WIREWATCH ("wirewatch-cs-1"),
/**
* Withdraw EUR:5.
*/
TALER_TESTING_cmd_withdraw_cs_amount ("withdraw-cs-coin-1",
"create-reserve-cs-1",
"EUR:5",
MHD_HTTP_OK),
/**
* Withdraw EUR:1 using the SAME private coin key as for the previous coin
* (in violation of the specification, to be detected on spending!).
*/
TALER_TESTING_cmd_withdraw_cs_amount_reuse_key ("withdraw-cs-coin-1x",
"create-reserve-cs-1",
"EUR:1",
"withdraw-cs-coin-1",
MHD_HTTP_OK),
/**
* Check the reserve is depleted.
*/
TALER_TESTING_cmd_status ("status-cs-1",
"create-reserve-cs-1",
"EUR:0",
MHD_HTTP_OK),
/*
* Try to overdraw.
*/
TALER_TESTING_cmd_withdraw_cs_amount ("withdraw-cs-coin-2",
"create-reserve-cs-1",
"EUR:5",
MHD_HTTP_CONFLICT),
// TODO: add test for nonce reuse
TALER_TESTING_cmd_end ()
};
struct TALER_TESTING_Command spend_cs[] = {
/**
* Spend the coin.
*/
TALER_TESTING_cmd_deposit ("deposit-cs-simple",
"withdraw-cs-coin-1",
0,
bc.user42_payto,
"{\"items\":[{\"name\":\"ice cream\",\"value\":1}]}",
GNUNET_TIME_UNIT_ZERO,
"EUR:5",
MHD_HTTP_OK),
TALER_TESTING_cmd_deposit_replay ("deposit-cs-simple-replay",
"deposit-cs-simple",
MHD_HTTP_OK),
TALER_TESTING_cmd_deposit ("deposit-cs-reused-coin-key-failure",
"withdraw-cs-coin-1x",
0,
bc.user42_payto,
"{\"items\":[{\"name\":\"ice cream\",\"value\":1}]}",
GNUNET_TIME_UNIT_ZERO,
"EUR:1",
MHD_HTTP_CONFLICT),
/**
* Try to double spend using different wire details.
*/
TALER_TESTING_cmd_deposit ("deposit-cs-double-1",
"withdraw-cs-coin-1",
0,
bc.user43_payto,
"{\"items\":[{\"name\":\"ice cream\",\"value\":1}]}",
GNUNET_TIME_UNIT_ZERO,
"EUR:5",
MHD_HTTP_CONFLICT),
/* Try to double spend using a different transaction id.
* The test needs the contract terms to differ. This
* is currently the case because of the "timestamp" field,
* which is set automatically by #TALER_TESTING_cmd_deposit().
* This could theoretically fail if at some point a deposit
* command executes in less than 1 ms. *///
TALER_TESTING_cmd_deposit ("deposit-cs-double-1",
"withdraw-cs-coin-1",
0,
bc.user43_payto,
"{\"items\":[{\"name\":\"ice cream\",\"value\":1}]}",
GNUNET_TIME_UNIT_ZERO,
"EUR:5",
MHD_HTTP_CONFLICT),
/**
* Try to double spend with different proposal.
*/
TALER_TESTING_cmd_deposit ("deposit-cs-double-2",
"withdraw-cs-coin-1",
0,
bc.user43_payto,
"{\"items\":[{\"name\":\"ice cream\",\"value\":2}]}",
GNUNET_TIME_UNIT_ZERO,
"EUR:5",
MHD_HTTP_CONFLICT),
TALER_TESTING_cmd_end ()
};
// TODO: CS refresh
struct TALER_TESTING_Command track_cs[] = {
/* Try resolving a deposit's WTID, as we never triggered
* execution of transactions, the answer should be that
* the exchange knows about the deposit, but has no WTID yet.
*///
TALER_TESTING_cmd_track_transaction ("deposit-cs-wtid-found",
"deposit-cs-simple",
0,
MHD_HTTP_ACCEPTED,
NULL),
/* Try resolving a deposit's WTID for a failed deposit.
* As the deposit failed, the answer should be that the
* exchange does NOT know about the deposit.
*/
TALER_TESTING_cmd_track_transaction ("deposit-cs-wtid-failing",
"deposit-cs-double-2",
0,
MHD_HTTP_NOT_FOUND,
NULL),
TALER_TESTING_cmd_end ()
};
#define RESERVE_OPEN_CLOSE_CHUNK 4
#define RESERVE_OPEN_CLOSE_ITERATIONS 3
@ -1098,13 +959,6 @@ run (void *cls,
refund),
TALER_TESTING_cmd_batch ("recoup",
recoup),
TALER_TESTING_cmd_batch ("withdraw-cs",
withdraw_cs),
TALER_TESTING_cmd_batch ("spend-cs",
spend_cs),
// TODO: Clause Schnorr refresh
TALER_TESTING_cmd_batch ("track-cs",
track_cs),
TALER_TESTING_cmd_batch ("reserve-open-close",
reserve_open_close),
/* End the suite. */

4
src/testing/testing_api_cmd_refresh.c
View File

@ -1049,9 +1049,7 @@ melt_run (void *cls,
return;
}
fresh_pk = TALER_TESTING_find_pk (TALER_EXCHANGE_get_keys (is->exchange),
&fresh_amount,
// FIXME: replace hardcoded value
TALER_DENOMINATION_RSA);
&fresh_amount);
if (NULL == fresh_pk)
{
GNUNET_break (0);

84
src/testing/testing_api_cmd_withdraw.c
View File

@ -72,11 +72,6 @@ struct WithdrawState
*/
struct TALER_Amount amount;
/**
* Type of denomination that we should withdraw
*/
enum TALER_DenominationCipher cipher;
/**
* If @e amount is NULL, this specifies the denomination key to
* use. Otherwise, this will be set (by the interpreter) to the
@ -120,11 +115,6 @@ struct WithdrawState
*/
struct TALER_PlanchetSecretsP ps;
/**
* Withdraw Values used for planchet creation
*/
struct TALER_ExchangeWithdrawValues alg_values;
/**
* Reserve history entry that corresponds to this operation.
* Will be of type #TALER_EXCHANGE_RTT_WITHDRAWAL.
@ -396,10 +386,9 @@ withdraw_run (void *cls,
ws->reserve_payto_uri
= TALER_payto_from_reserve (ws->exchange_url,
&ws->reserve_pub);
ws->alg_values.cipher = ws->cipher;
if (NULL == ws->reuse_coin_key_ref)
{
TALER_planchet_setup_random (&ws->ps, &ws->alg_values);
TALER_planchet_setup_coin_priv (&ws->ps.coin_priv);
}
else
{
@ -420,14 +409,13 @@ withdraw_run (void *cls,
TALER_TESTING_get_trait_coin_priv (cref,
index,
&coin_priv));
TALER_planchet_setup_random (&ws->ps, &ws->alg_values);
TALER_planchet_setup_coin_priv (&ws->ps.coin_priv);
ws->ps.coin_priv = *coin_priv;
}
if (NULL == ws->pk)
{
dpk = TALER_TESTING_find_pk (TALER_EXCHANGE_get_keys (is->exchange),
&ws->amount,
ws->cipher);
&ws->amount);
if (NULL == dpk)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@ -455,7 +443,6 @@ withdraw_run (void *cls,
ws->pk,
rp,
&ws->ps,
&ws->alg_values,
&reserve_withdraw_cb,
ws);
if (NULL == ws->wsh)
@ -570,8 +557,6 @@ TALER_TESTING_cmd_withdraw_amount (const char *label,
const char *amount,
unsigned int expected_response_code)
{
// TODO: ATM this is hardcoded to RSA denominations
// (use TALER_TESTING_cmd_withdraw_cs_amount for Clause Schnorr)
struct WithdrawState *ws;
ws = GNUNET_new (struct WithdrawState);
@ -587,43 +572,6 @@ TALER_TESTING_cmd_withdraw_amount (const char *label,
GNUNET_assert (0);
}
ws->expected_response_code = expected_response_code;
ws->cipher = TALER_DENOMINATION_RSA;
{
struct TALER_TESTING_Command cmd = {
.cls = ws,
.label = label,
.run = &withdraw_run,
.cleanup = &withdraw_cleanup,
.traits = &withdraw_traits
};
return cmd;
}
}
struct TALER_TESTING_Command
TALER_TESTING_cmd_withdraw_cs_amount (const char *label,
const char *reserve_reference,
const char *amount,
unsigned int expected_response_code)
{
struct WithdrawState *ws;
ws = GNUNET_new (struct WithdrawState);
ws->reserve_reference = reserve_reference;
if (GNUNET_OK !=
TALER_string_to_amount (amount,
&ws->amount))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Failed to parse amount `%s' at %s\n",
amount,
label);
GNUNET_assert (0);
}
ws->expected_response_code = expected_response_code;
ws->cipher = TALER_DENOMINATION_CS;
{
struct TALER_TESTING_Command cmd = {
.cls = ws,
@ -661,8 +609,6 @@ TALER_TESTING_cmd_withdraw_amount_reuse_key (
const char *coin_ref,
unsigned int expected_response_code)
{
// TODO: ATM this is hardcoded to RSA denominations
// (use TALER_TESTING_cmd_withdraw_cs_amount for Clause Schnorr)
struct TALER_TESTING_Command cmd;
cmd = TALER_TESTING_cmd_withdraw_amount (label,
@ -678,29 +624,6 @@ TALER_TESTING_cmd_withdraw_amount_reuse_key (
}
struct TALER_TESTING_Command
TALER_TESTING_cmd_withdraw_cs_amount_reuse_key (
const char *label,
const char *reserve_reference,
const char *amount,
const char *coin_ref,
unsigned int expected_response_code)
{
struct TALER_TESTING_Command cmd;
cmd = TALER_TESTING_cmd_withdraw_cs_amount (label,
reserve_reference,
amount,
expected_response_code);
{
struct WithdrawState *ws = cmd.cls;
ws->reuse_coin_key_ref = coin_ref;
}
return cmd;
}
/**
* Create withdraw command, letting the caller specify the
* amount by a denomination key.
@ -733,7 +656,6 @@ TALER_TESTING_cmd_withdraw_denomination (
ws->reserve_reference = reserve_reference;
ws->pk = TALER_EXCHANGE_copy_denomination_key (dk);
ws->expected_response_code = expected_response_code;
ws->cipher = dk->key.cipher;
{
struct TALER_TESTING_Command cmd = {
.cls = ws,

34
src/testing/testing_api_helpers_exchange.c
View File

@ -411,18 +411,9 @@ TALER_TESTING_prepare_exchange (const char *config_filename,
}
/**
* Find denomination key matching the given amount.
*
* @param keys array of keys to search
* @param amount coin value to look for
* @param cipher denomination cipher
* @return NULL if no matching key was found
*/
const struct TALER_EXCHANGE_DenomPublicKey *
TALER_TESTING_find_pk (const struct TALER_EXCHANGE_Keys *keys,
const struct TALER_Amount *amount,
const enum TALER_DenominationCipher cipher)
const struct TALER_Amount *amount)
{
struct GNUNET_TIME_Timestamp now;
struct TALER_EXCHANGE_DenomPublicKey *pk;
@ -432,8 +423,6 @@ TALER_TESTING_find_pk (const struct TALER_EXCHANGE_Keys *keys,
for (unsigned int i = 0; i<keys->num_denom_keys; i++)
{
pk = &keys->denom_keys[i];
if (cipher != pk->key.cipher)
continue;
if ( (0 == TALER_amount_cmp (amount,
&pk->value)) &&
(GNUNET_TIME_timestamp_cmp (now,
@ -450,8 +439,6 @@ TALER_TESTING_find_pk (const struct TALER_EXCHANGE_Keys *keys,
for (unsigned int i = 0; i<keys->num_denom_keys; i++)
{
pk = &keys->denom_keys[i];
if (cipher != pk->key.cipher)
continue;
if ( (0 == TALER_amount_cmp (amount,
&pk->value)) &&
(GNUNET_TIME_timestamp_cmp (now,
@ -473,25 +460,6 @@ TALER_TESTING_find_pk (const struct TALER_EXCHANGE_Keys *keys,
return NULL;
}
}
// do 3rd pass to check if cipher type is to blame for failure
for (unsigned int i = 0; i<keys->num_denom_keys; i++)
{
pk = &keys->denom_keys[i];
if ( (0 == TALER_amount_cmp (amount,
&pk->value)) &&
(cipher != pk->key.cipher) )
{
GNUNET_log
(GNUNET_ERROR_TYPE_WARNING,
"Have denomination key for `%s', but with wrong"
" cipher type %d vs %d\n",
str,
cipher,
pk->key.cipher);
GNUNET_free (str);
return NULL;
}
}
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"No denomination key for amount %s found\n",
str);

24
src/util/crypto.c
View File

@ -245,19 +245,23 @@ TALER_planchet_blinding_secret_create (struct TALER_PlanchetSecretsP *ps,
}
/**
* @brief setup a random planchet
* In Case of RSA planchet, the bks gets set
* In Case of Clause Schnorr this will be set in future
*/
void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
const struct
TALER_ExchangeWithdrawValues *alg_values)
TALER_planchet_setup_coin_priv (
struct TALER_CoinSpendPrivateKeyP *coin_priv)
{
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&ps->coin_priv,
sizeof (struct TALER_CoinSpendPrivateKeyP));
coin_priv,
sizeof (*coin_priv));
// FIXME-jeff/dold: Clamping?
}
void
TALER_planchet_setup_random (
struct TALER_PlanchetSecretsP *ps,
const struct TALER_ExchangeWithdrawValues *alg_values)
{
TALER_planchet_setup_coin_priv (&ps->coin_priv);
switch (alg_values->cipher)
{
case TALER_DENOMINATION_INVALID: